Merge pull request #566 from wultra/develop

Merge develop to master

docs/RESTful-API-for-Spring.md

@@ -231,13 +231,12 @@ Note: Controllers that establish a session must not be on a context that is prot
 <!-- end -->
 
 ```java
-@Controller
-@RequestMapping(value = "session")
+@RestController
+@RequestMapping("session")
 public class AuthenticationController {
 
-    @RequestMapping(value = "login", method = RequestMethod.POST)
+    @PostMapping("login")
     @PowerAuth(resourceId = "/session/login")
-    @ResponseBody
     public MyApiResponse login(PowerAuthApiAuthentication auth) {
         if (auth == null) {
             // handle authentication failure
@@ -265,13 +264,12 @@ In case both `@RequestParam` and `@PathVariable` with the same name exist, the v
 Example of using dynamic resource ID:
 
 ```java
-@Controller
-@RequestMapping(value = "secured")
+@RestController
+@RequestMapping("secured")
 public class AuthenticationController {
 
-    @RequestMapping(value = "account/{id}", method = RequestMethod.POST)
+    @PostMapping("account/{id}")
     @PowerAuth(resourceId = "/secured/account/${id}?filter=${filter}")
-    @ResponseBody
     public MyAccountApiResponse changeAccountSettings(
             @PathVariable("id") String accountId, @RequestParam("filter") String filter,  PowerAuthApiAuthentication auth, PowerAuthActivation activation) {
 
@@ -296,15 +294,14 @@ public class AuthenticationController {
 In case you need a more low-level access to the signature verification, you can verify the signature manually using the `PowerAuthAuthenticationProvider` like this:
 
 ```java
-@Controller
-@RequestMapping(value = "session")
+@RestController
+@RequestMapping("session")
 public class AuthenticationController {
 
     @Autowired
     private PowerAuthAuthenticationProvider authenticationProvider;
 
-    @RequestMapping(value = "login", method = RequestMethod.POST)
-    @ResponseBody
+    @PostMapping("login")
     public ObjectResponse<String> login(
             @RequestHeader(value = PowerAuthSignatureHttpHeader.HEADER_NAME, required = true) String signatureHeader,
             HttpServletRequest servletRequest) throws Exception {
@@ -357,16 +354,16 @@ This sample `@Controller` implementation illustrates how to use `@PowerAuthToken
 Please note that token based authentication should be used only for endpoints with lower sensitivity, such as simplified account information for widgets or smart watch, that are also not prone to replay attack.
 
 ```java
-@Controller
-@RequestMapping(value = "secure/account")
+@RestController
+@RequestMapping("secure/account")
 public class AuthenticationController {
 
     @Autowired
     private CustomService service;
 
-    @RequestMapping(value = "widget/balance", method = RequestMethod.GET)
+    @GetMapping("widget/balance")
     @PowerAuthToken
-    public @ResponseBody ObjectResponse<String> getBalance(PowerAuthApiAuthentication apiAuthentication) throws PowerAuthAuthenticationException {
+    public ObjectResponse<String> getBalance(PowerAuthApiAuthentication apiAuthentication) throws PowerAuthAuthenticationException {
         if (apiAuthentication == null) {
             throw new PowerAuthTokenInvalidException();
         } else {
@@ -391,10 +388,10 @@ You can encrypt data in `application` scope (non-personalized) using following p
 
 ```java
 @RestController
-@RequestMapping(value = "/exchange")
+@RequestMapping("/exchange")
 public class EncryptedDataExchangeController {
 
-    @RequestMapping(value = "application", method = RequestMethod.POST)
+    @PostMapping("application")
     @PowerAuthEncryption(scope = EncryptionScope.APPLICATION_SCOPE)
     public DataExchangeResponse exchangeInApplicationScope(@EncryptedRequestBody DataExchangeRequest request,
                                                            EncryptionContext encryptionContext) throws PowerAuthEncryptionException {
@@ -419,10 +416,10 @@ You can encrypt data in `activation` scope (personalized) using following patter
 
 ```java
 @RestController
-@RequestMapping(value = "/exchange")
+@RequestMapping("/exchange")
 public class EncryptedDataExchangeController {
 
-    @RequestMapping(value = "activation", method = RequestMethod.POST)
+    @PostMapping("activation")
     @PowerAuthEncryption(scope = EncryptionScope.ACTIVATION_SCOPE)
     public DataExchangeResponse exchangeInActivationScope(@EncryptedRequestBody DataExchangeRequest request,
                                                           EncryptionContext encryptionContext) throws PowerAuthEncryptionException {
@@ -447,10 +444,10 @@ You can also sign the data before encryption and perform signature verification
 
 ```java
 @RestController
-@RequestMapping(value = "/exchange")
+@RequestMapping("/exchange")
 public class EncryptedDataExchangeController {
 
-    @RequestMapping(value = "signed", method = RequestMethod.POST)
+    @PostMapping("signed")
     @PowerAuth(resourceId = "/exchange/signed")
     @PowerAuthEncryption(scope = EncryptionScope.ACTIVATION_SCOPE)
     public DataExchangeResponse exchangeSignedAndEncryptedData(@EncryptedRequestBody DataExchangeRequest request,

pom.xml

@@ -28,7 +28,7 @@
 
     <groupId>io.getlime.security</groupId>
     <artifactId>powerauth-restful-integration-parent</artifactId>
-    <version>1.8.0</version>
+    <version>1.9.0</version>
     <packaging>pom</packaging>
 
     <inceptionYear>2017</inceptionYear>
@@ -78,18 +78,18 @@
         <java.version>17</java.version>
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
-        <maven-deploy-plugin.version>3.1.2</maven-deploy-plugin.version>
+        <maven-deploy-plugin.version>3.1.3</maven-deploy-plugin.version>
         <maven-enforcer-plugin.version>3.5.0</maven-enforcer-plugin.version>
         <maven-jar-plugin.version>3.4.2</maven-jar-plugin.version>
-        <maven-javadoc-plugin.version>3.8.0</maven-javadoc-plugin.version>
+        <maven-javadoc-plugin.version>3.10.1</maven-javadoc-plugin.version>
         <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
         <maven-war-plugin.version>3.4.0</maven-war-plugin.version>
-        <spring-boot.version>3.3.2</spring-boot.version>
+        <spring-boot.version>3.3.4</spring-boot.version>
         <commons-text.version>1.12.0</commons-text.version>
 
-        <wultra-core.version>1.10.0</wultra-core.version>
-        <powerauth.version>1.8.0</powerauth.version>
-        <powerauth-crypto.version>1.8.0</powerauth-crypto.version>
+        <wultra-core.version>1.11.0</wultra-core.version>
+        <powerauth.version>1.9.0</powerauth.version>
+        <powerauth-crypto.version>1.9.0</powerauth-crypto.version>
     </properties>
 
     <dependencyManagement>
@@ -131,6 +131,14 @@
             <artifactId>lombok</artifactId>
             <scope>provided</scope>
         </dependency>
+
+        <!-- For run at Apple M1 architecture -->
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-resolver-dns-native-macos</artifactId>
+            <scope>runtime</scope>
+            <classifier>osx-aarch_64</classifier>
+        </dependency>
     </dependencies>
 
     <build>

powerauth-restful-model/pom.xml

@@ -30,7 +30,7 @@
     <parent>
         <groupId>io.getlime.security</groupId>
         <artifactId>powerauth-restful-integration-parent</artifactId>
-        <version>1.8.0</version>
+        <version>1.9.0</version>
     </parent>
 
     <dependencies>

powerauth-restful-model/src/main/java/io/getlime/security/powerauth/rest/api/model/entity/ActivationType.java

@@ -33,9 +33,17 @@ public enum ActivationType {
 
     /**
      * Activation via custom credentials.
+     * @deprecated Use {@link #DIRECT} instead.
      */
+    @Deprecated
     CUSTOM,
 
+    /**
+     * Direct activation, alias for {@link #CUSTOM}.
+     * The method could be specified, for example {@code OIDC}.
+     */
+    DIRECT,
+
     /**
      * Activation via recovery code.
      */

powerauth-restful-model/src/main/java/io/getlime/security/powerauth/rest/api/model/request/EciesEncryptedRequest.java

@@ -30,6 +30,11 @@
 @Data
 public class EciesEncryptedRequest {
 
+    /**
+     * Identifier of the temporary key.
+     */
+    private String temporaryKeyId;
+
     /**
      * Base64 encoded ephemeral public key.
      */

powerauth-restful-model/src/main/java/io/getlime/security/powerauth/rest/api/model/request/TemporaryKeyRequest.java

@@ -0,0 +1,37 @@
+/*
+ * PowerAuth integration libraries for RESTful API applications, examples and
+ * related software components
+ *
+ * Copyright (C) 2024 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package io.getlime.security.powerauth.rest.api.model.request;
+
+import lombok.Data;
+
+/**
+ * Request class with temporary public key.
+ *
+ * @author Petr Dvorak, [email protected]
+ */
+@Data
+public class TemporaryKeyRequest {
+
+    /**
+     * JWT with encoded temporary key request.
+     */
+    private String jwt;
+
+}

powerauth-restful-model/src/main/java/io/getlime/security/powerauth/rest/api/model/response/ServerStatusResponse.java

@@ -25,5 +25,12 @@
  * @param serverTime Server time.
  * @author Roman Strobl, [email protected]
  */
-public record ServerStatusResponse(long serverTime) {
+public record ServerStatusResponse(long serverTime, Application application) {
+    /**
+     * Record for information about the application.
+     * @param name Application name, if present in BuildProperties.
+     * @param version Application version, if present in BuildProperties.
+     */
+    public record Application(String name, String version) {
+    }
 }

powerauth-restful-model/src/main/java/io/getlime/security/powerauth/rest/api/model/response/TemporaryKeyResponse.java

@@ -0,0 +1,37 @@
+/*
+ * PowerAuth integration libraries for RESTful API applications, examples and
+ * related software components
+ *
+ * Copyright (C) 2024 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package io.getlime.security.powerauth.rest.api.model.response;
+
+import lombok.Data;
+
+/**
+ * Response class with temporary key.
+ *
+ * @author Petr Dvorak, [email protected]
+ */
+@Data
+public class TemporaryKeyResponse {
+
+    /**
+     * JWT with encoded temporary key response.
+     */
+    private String jwt;
+
+}

powerauth-restful-security-spring-annotation/pom.xml

@@ -30,7 +30,7 @@
     <parent>
         <groupId>io.getlime.security</groupId>
         <artifactId>powerauth-restful-integration-parent</artifactId>
-        <version>1.8.0</version>
+        <version>1.9.0</version>
     </parent>
 
     <dependencies>

powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/encryption/EncryptionContext.java

@@ -44,6 +44,7 @@ public class EncryptionContext {
      * Protocol version.
      */
     private final String version;
+
     /**
      * PowerAuth HTTP header used for deriving ECIES encryption context.
      */

powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthActivationException.java

@@ -57,6 +57,16 @@ public PowerAuthActivationException(Throwable cause) {
         super(cause);
     }
 
+    /**
+     * Constructor with a message and a cause.
+     *
+     * @param message Error message.
+     * @param cause Error cause.
+     */
+    public PowerAuthActivationException(final String message, final Throwable cause) {
+        super(message, cause);
+    }
+
     /**
      * Get default error code, used for example in the REST response.
      * @return Default error code.

powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/exception/PowerAuthTemporaryKeyException.java

@@ -0,0 +1,55 @@
+/*
+ * PowerAuth integration libraries for RESTful API applications, examples and
+ * related software components
+ *
+ * Copyright (C) 2024 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package io.getlime.security.powerauth.rest.api.spring.exception;
+
+/**
+ * Exception raised in case PowerAuth fails to return temporary keys.
+ *
+ * @author Petr Dvorak, [email protected]
+ */
+public class PowerAuthTemporaryKeyException extends Exception {
+
+    private static final String DEFAULT_CODE = "ERR_TEMPORARY_KEY";
+    private static final String DEFAULT_ERROR = "POWER_AUTH_TEMPORARY_KEY_FAILURE";
+
+    /**
+     * Default constructor.
+     */
+    public PowerAuthTemporaryKeyException() {
+        super(DEFAULT_ERROR);
+    }
+
+    /**
+     * Get the default error code, used for example in REST response.
+     * @return Default error code.
+     */
+    public String getDefaultCode() {
+        return DEFAULT_CODE;
+    }
+
+    /**
+     * Get default error message, used for example in the REST response.
+     * @return Default error message.
+     */
+    public String getDefaultError() {
+        return DEFAULT_ERROR;
+    }
+
+}

powerauth-restful-security-spring-annotation/src/main/java/io/getlime/security/powerauth/rest/api/spring/provider/PowerAuthEncryptionProvider.java

@@ -58,11 +58,12 @@ public PowerAuthEncryptionProvider(PowerAuthClient powerAuthClient, HttpCustomiz
     }
 
     @Override
-    public @Nonnull PowerAuthEncryptorParameters getEciesDecryptorParameters(@Nullable String activationId, @Nonnull String applicationKey, @Nonnull String ephemeralPublicKey, @Nonnull String version, String nonce, Long timestamp) throws PowerAuthEncryptionException {
+    public @Nonnull PowerAuthEncryptorParameters getEciesDecryptorParameters(@Nullable String activationId, @Nonnull String applicationKey, @Nonnull String temporaryKeyId, @Nonnull String ephemeralPublicKey, @Nonnull String version, String nonce, Long timestamp) throws PowerAuthEncryptionException {
         try {
             final GetEciesDecryptorRequest eciesDecryptorRequest = new GetEciesDecryptorRequest();
             eciesDecryptorRequest.setActivationId(activationId);
             eciesDecryptorRequest.setApplicationKey(applicationKey);
+            eciesDecryptorRequest.setTemporaryKeyId(temporaryKeyId);
             eciesDecryptorRequest.setEphemeralPublicKey(ephemeralPublicKey);
             eciesDecryptorRequest.setProtocolVersion(version);
             eciesDecryptorRequest.setNonce(nonce);