From 2dfd1cfc7ed86c8bf44ca0d169c99c4217da2521 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 27 Dec 2021 19:40:13 +0000 Subject: [PATCH 01/17] fix: powerauth-java-cmd-lib/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698 --- powerauth-java-cmd-lib/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index 9e68c9ec..6f203daf 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -19,7 +19,7 @@ com.fasterxml.jackson.core jackson-databind - 2.13.0 + 2.13.1 commons-cli From 93f2c197f821b3ef3a1908c06ebaec019c25e399 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 7 Jan 2022 17:33:32 +0000 Subject: [PATCH 02/17] fix: powerauth-java-cmd-lib/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878 --- powerauth-java-cmd-lib/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index 6f203daf..ecfbecae 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -68,7 +68,7 @@ org.springframework.boot spring-boot-starter - 2.6.1 + 2.6.2 log4j-to-slf4j From ce1361bfdab9f2dbce3a4fbe97e6b045907618ee Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Fri, 21 Jan 2022 15:44:19 +0100 Subject: [PATCH 03/17] Update version to 1.3.0-SNAPSHOT --- pom.xml | 2 +- powerauth-java-cmd-lib/pom.xml | 4 ++-- powerauth-java-cmd/pom.xml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index 85c7efe3..b9d89b82 100644 --- a/pom.xml +++ b/pom.xml @@ -27,7 +27,7 @@ io.getlime.security powerauth-cmd-parent - 1.2.0 + 1.3.0-SNAPSHOT pom 2016 diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index ecfbecae..f958ba25 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -6,12 +6,12 @@ 4.0.0 powerauth-java-cmd-lib PowerAuth Command-line Utility - Java Library - 1.2.0 + 1.3.0-SNAPSHOT powerauth-cmd-parent io.getlime.security - 1.2.0 + 1.3.0-SNAPSHOT ../pom.xml diff --git a/powerauth-java-cmd/pom.xml b/powerauth-java-cmd/pom.xml index 36b40845..dff41045 100644 --- a/powerauth-java-cmd/pom.xml +++ b/powerauth-java-cmd/pom.xml @@ -22,7 +22,7 @@ 4.0.0 powerauth-java-cmd - 1.2.0 + 1.3.0-SNAPSHOT powerauth-java-cmd PowerAuth Reference Client Application connected to PowerAuth Standard RESTful API @@ -31,7 +31,7 @@ io.getlime.security powerauth-cmd-parent - 1.2.0 + 1.3.0-SNAPSHOT ../pom.xml @@ -39,7 +39,7 @@ io.getlime.security powerauth-java-cmd-lib - 1.2.0 + 1.3.0-SNAPSHOT log4j-to-slf4j From e05b2657576a7005916506e8bf9ce78ef41a5269 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Fri, 21 Jan 2022 17:07:50 +0100 Subject: [PATCH 04/17] Fix #231: Update documentation --- docs/Readme.md | 72 +++++++++++++++++++++++++++++++------------------- 1 file changed, 45 insertions(+), 27 deletions(-) diff --git a/docs/Readme.md b/docs/Readme.md index 1d5876b3..1f767acd 100644 --- a/docs/Readme.md +++ b/docs/Readme.md @@ -8,11 +8,23 @@ You can download the latest `powerauth-java-cmd.jar` at the releases page: - [PowerAuth Command-Line Tool Releases](https://github.com/wultra/powerauth-cmd-tool/releases) -## Installing Bouncy Castle +## Supported Java Runtime Versions -Before you can run the utility from the command-line, you need to register [Bouncy Castle](https://www.bouncycastle.org/) JCE provider in your JRE. +The following Java runtime versions are supported: +- Java 8 (LTS release) +- Java 11 (LTS release) -Please follow our [Bouncy Castle installation tutorial](https://github.com/wultra/powerauth-server/blob/develop/docs/Installing-Bouncy-Castle.md). +The command-line tool application may run on other Java versions, however we do not perform extensive testing with non-LTS releases. Java version 17 is not supported yet due to issues with running Bouncy Castle provider from a fat jar. + +## Bouncy Castle Library Usage + +The command-line tool application embeds the Bouncy Castle Java Security library. Configuration of the security provider in `java.security` file should not be required due to dynamic initialization of the provider, however the behaviour may vary per Java distribution. + +## Deploying PowerAuth Backend Components + +See the [Server Side Tutorial](https://developers.wultra.com/products/mobile-security-suite/develop/tutorials/Authentication-in-Mobile-Apps/Server-Side-Tutorial) for information about deploying the backend components, how to initialize an activation and additional topics which provide required context in case you are new to PowerAuth. + +The command-line tool usually communicates with the Enrollment server component, however it can be also used with [PowerAuth Web Flow](https://github.com/wultra/powerauth-webflow) or with your own backends in case you include the [PowerAuth RESTful Integration Libraries](https://github.com/wultra/powerauth-restful-integration). The command-line tool does not communicate with PowerAuth server directly. ## PowerAuth Client Config File @@ -56,13 +68,13 @@ This file is automatically created by the utility after you call the `create` me ## Specifying PowerAuth Protocol Version -Command line tool supports following PowerAuth protocol versions: +Command-line tool supports following PowerAuth protocol versions: - Version `3.1` (default) - Version `3.0` - Version `2.1` - Version `2.0` -You can specify the version of protocol you want to use using parameter `version`. The version affects used cryptography, for example version `2` activations use custom encryption, while version `3` activations use an integrated ECIES scheme. +You can specify the version of protocol you want to use using parameter `version`. Both major and minor version needs to be specified for the command-line tool action, however the server stores only the major version in the database. The version affects used cryptography, for example version `2` activations use custom encryption, while version `3` activations use an integrated ECIES scheme. ## Supported Use-Cases @@ -72,7 +84,7 @@ Use this method to create a new activation using an activation code. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server" \ + --url "http://localhost:8080/enrollment-server" \ --status-file "/tmp/pa_status.json" \ --config-file "/tmp/pamk.json" \ --method "create" \ @@ -80,25 +92,27 @@ java -jar powerauth-java-cmd.jar \ --activation-code "F3CCT-FNOUS-GEVJF-O3HMV" ``` -Uses the `create` method to activate a PowerAuth Reference client by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/activation/create` hosted on root URL `http://localhost:8080/powerauth-restful-server` with an activation code `F3CCT-FNOUS-GEVJF-O3HMV`. Reads and stores the client status from the `/tmp/pa_status.json` file. Uses master public key and application identifiers stored in the `/tmp/pamk.json` file. Stores the knowledge related derived key using a given password `1234`. +Uses the `create` method to activate a PowerAuth Reference client by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/activation/create` hosted on root URL `http://localhost:8080/enrollment-server` with an activation code `F3CCT-FNOUS-GEVJF-O3HMV`. Reads and stores the client status from the `/tmp/pa_status.json` file. Uses master public key and application identifiers stored in the `/tmp/pamk.json` file. Stores the knowledge related derived key using a given password `1234`. For backward compatibility, the tool also supports the `prepare` method as an alias to the `create` method, however this method is already deprecated. Usage of this method prints a deprecation warning. _Note: If a `--password` option is not provided, this method requires interactive console input of the password, in order to encrypt the knowledge related signature key._ +_Note: In case auto-commit mode is not used (default), the activation needs to be committed on the server using [PowerAuth Admin application](https://github.com/wultra/powerauth-admin) or using the [PowerAuth server RESTful API](https://github.com/wultra/powerauth-server/blob/develop/docs/WebServices-Methods.md#method-commitactivation)._ + ### Get Activation Status Use this method to obtain information about existing activation. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server" \ + --url "http://localhost:8080/enrollment-server" \ --status-file "/tmp/pa_status.json" \ --config-file "/tmp/pamk.json" \ --method "status" ``` -Uses the `status` method to get the activation status for the activation ID stored in the status file `/tmp/pa_status.json`, by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/activation/status` hosted on root URL `http://localhost:8080/powerauth-restful-server`. Uses the master public key and application identifiers stored in the `/tmp/pamk.json` file. +Uses the `status` method to get the activation status for the activation ID stored in the status file `/tmp/pa_status.json`, by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/activation/status` hosted on root URL `http://localhost:8080/enrollment-server`. Uses the master public key and application identifiers stored in the `/tmp/pamk.json` file. ### Remove the Activation @@ -106,14 +120,14 @@ Use to remove the activation on the server. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server" \ + --url "http://localhost:8080/enrollment-server" \ --status-file "/tmp/pa_status.json" \ --config-file "/tmp/pamk.json" \ --method "remove" \ --password "1234" ``` -Uses the `remove` method to remove activation with an activation ID stored in the status file `/tmp/pa_status.json`, by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/activation/remove` hosted on root URL `http://localhost:8080/powerauth-restful-server`. Uses the master public key and application identifiers stored in the `/tmp/pamk.json` file. Unlocks the knowledge related signing key using `1234` as a password. +Uses the `remove` method to remove activation with an activation ID stored in the status file `/tmp/pa_status.json`, by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/activation/remove` hosted on root URL `http://localhost:8080/enrollment-server`. Uses the master public key and application identifiers stored in the `/tmp/pamk.json` file. Unlocks the knowledge related signing key using `1234` as a password. _Note: If a `--password` option is not provided, this method requires interactive console input of the password, in order to unlock the knowledge related signature key._ @@ -123,7 +137,7 @@ Use this method to send signed GET or POST requests to given URL with provided d ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server/pa/v3/signature/validate" \ + --url "http://localhost:8080/enrollment-server/pa/v3/signature/validate" \ --status-file "/tmp/pa_status.json" \ --config-file "/tmp/pamk.json" \ --method "sign" \ @@ -134,7 +148,7 @@ java -jar powerauth-java-cmd.jar \ --password "1234" ``` -Uses the `sign` method to compute a signature for given data using an activation record associated with an activation ID stored in the status file `/tmp/pa_status.json`. Calls an authenticated endpoint `http://localhost:8080/powerauth-restful-server/pa/v3/signature/validate` that is identified by an identifier `/pa/signature/validate` (by convention the same as the endpoint name after the main context except the version). The endpoint must be published by the application - see [Verify Signature](https://github.com/wultra/powerauth-restful-integration/blob/develop/docs/RESTful-API-for-Spring.md#verify-signatures). Uses the master public key and application identifiers stored in the `/tmp/pamk.json` file. Uses HTTP method `POST`, `possession_knowledge` signature type and takes the request data from a file `/tmp/request.json`. Unlocks the knowledge related signing key using `1234` as a password. +Uses the `sign` method to compute a signature for given data using an activation record associated with an activation ID stored in the status file `/tmp/pa_status.json`. Calls an authenticated endpoint `http://localhost:8080/enrollment-server/pa/v3/signature/validate` that is identified by an identifier `/pa/signature/validate` (by convention the same as the endpoint name after the main context except the version). The endpoint must be published by the application - see [Verify Signature](https://github.com/wultra/powerauth-restful-integration/blob/develop/docs/RESTful-API-for-Spring.md#verify-signatures). Uses the master public key and application identifiers stored in the `/tmp/pamk.json` file. Uses HTTP method `POST`, `possession_knowledge` signature type and takes the request data from a file `/tmp/request.json`. Unlocks the knowledge related signing key using `1234` as a password. _Note: If a `--password` option is not provided, this method requires interactive console input of the password, in order to unlock the knowledge related signature key._ @@ -144,7 +158,7 @@ You can use the `dry-run` parameter, in this case the step is stopped right afte ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server/pa/v3/signature/validate" \ + --url "http://localhost:8080/enrollment-server/pa/v3/signature/validate" \ --status-file "/tmp/pa_status.json" \ --config-file "/tmp/pamk.json" \ --method "sign" \ @@ -164,7 +178,7 @@ Use this method to test secure vault unlocking. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server" \ + --url "http://localhost:8080/enrollment-server" \ --status-file "/tmp/pa_status.json" \ --config-file "/tmp/pamk.json" \ --method "unlock" \ @@ -173,7 +187,7 @@ java -jar powerauth-java-cmd.jar \ --reason "NOT_SPECIFIED" ``` -Uses the `unlock` method to unlock the secure vault for an activation with activation ID stored in the status file `/tmp/pa_status.json`, by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/vault/unlock` hosted on root URL `http://localhost:8080/powerauth-restful-server`. Uses the master public key and application identifiers stored in the `/tmp/pamk.json` file. Unlocks the knowledge related signing key using `1234` as a password. The reason why vault is being unlocked is `NOT_SPECIFIED`. +Uses the `unlock` method to unlock the secure vault for an activation with activation ID stored in the status file `/tmp/pa_status.json`, by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/vault/unlock` hosted on root URL `http://localhost:8080/enrollment-server`. Uses the master public key and application identifiers stored in the `/tmp/pamk.json` file. Unlocks the knowledge related signing key using `1234` as a password. The reason why vault is being unlocked is `NOT_SPECIFIED`. _Note: If a `--password` option is not provided, this method requires interactive console input of the password, in order to unlock the knowledge related signature key._ @@ -183,7 +197,7 @@ Create a static token which can be used for repeated requests to data resources ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server" \ + --url "http://localhost:8080/enrollment-server" \ --status-file "/tmp/pa_status.json" \ --config-file "/tmp/pamk.json" \ --method "create-token" \ @@ -191,7 +205,7 @@ java -jar powerauth-java-cmd.jar \ --password "1234" ``` -Uses the `create-token` method to create a token for an activation with activation ID stored in the status file `/tmp/pa_status.json`, by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/token/create` hosted on root URL `http://localhost:8080/powerauth-restful-server`. Uses the server public key, transport key and application identifiers stored in the `/tmp/pamk.json` file. Unlocks the knowledge related signing key using `1234` as a password. +Uses the `create-token` method to create a token for an activation with activation ID stored in the status file `/tmp/pa_status.json`, by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/token/create` hosted on root URL `http://localhost:8080/enrollment-server`. Uses the server public key, transport key and application identifiers stored in the `/tmp/pamk.json` file. Unlocks the knowledge related signing key using `1234` as a password. _Note: If a `--password` option is not provided, this method requires interactive console input of the password, in order to unlock the knowledge related signature key._ @@ -201,7 +215,7 @@ Use a previously created token to authorize an operation. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server/api/auth/token" \ + --url "http://localhost:8080/enrollment-server/api/auth/token" \ --status-file "/tmp/pa_status.json" \ --config-file "/tmp/pamk.json" \ --method "validate-token" \ @@ -211,7 +225,7 @@ java -jar powerauth-java-cmd.jar \ --token-secret "xfb1NUXAPbvDZK8qyNVGyw==" ``` -Uses the `validate-token` method for an activation with activation ID stored in the status file `/tmp/pa_status.json`, by calling an endpoint `/api/auth/token` hosted on root URL `http://localhost:8080/powerauth-restful-server`. The endpoint must be published by the application -- see [Token Based Authentication](https://github.com/wultra/powerauth-restful-integration/blob/develop/docs/RESTful-API-for-Spring.md#use-token-based-authentication). Uses the application identifiers stored in the `/tmp/pamk.json` file. The request data is taken from file `/tmp/request.json`. +Uses the `validate-token` method for an activation with activation ID stored in the status file `/tmp/pa_status.json`, by calling an endpoint `/api/auth/token` hosted on root URL `http://localhost:8080/enrollment-server`. The endpoint must be published by the application -- see [Token Based Authentication](https://github.com/wultra/powerauth-restful-integration/blob/develop/docs/RESTful-API-for-Spring.md#use-token-based-authentication). Uses the application identifiers stored in the `/tmp/pamk.json` file. The request data is taken from file `/tmp/request.json`. You can use the `dry-run` parameter, in this case the step is stopped right after signing the request body and preparing appropriate headers. @@ -221,7 +235,7 @@ Remove a previously created token. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server" \ + --url "http://localhost:8080/enrollment-server" \ --status-file "/tmp/pa_status.json" \ --config-file "/tmp/pamk.json" \ --method "remove-token" \ @@ -230,7 +244,7 @@ java -jar powerauth-java-cmd.jar \ --token-id "66b8b981-a89d-4fc2-bd49-1c05f937a6f2" ``` -Uses the `remove-token` method to remove a previously created token for an activation with activation ID stored in the status file `/tmp/pa_status.json`, by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/token/remove` hosted on root URL `http://localhost:8080/powerauth-restful-server`. Uses the application identifiers stored in the `/tmp/pamk.json` file to create the request signature. Unlocks the knowledge related signing key using `1234` as a password. +Uses the `remove-token` method to remove a previously created token for an activation with activation ID stored in the status file `/tmp/pa_status.json`, by calling the PowerAuth Standard RESTful API endpoint `/pa/v3/token/remove` hosted on root URL `http://localhost:8080/enrollment-server`. Uses the application identifiers stored in the `/tmp/pamk.json` file to create the request signature. Unlocks the knowledge related signing key using `1234` as a password. _Note: If a `--password` option is not provided, this method requires interactive console input of the password, in order to unlock the knowledge related signature key._ @@ -240,7 +254,7 @@ Use this method to create an activation using the custom identity attributes. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server" \ + --url "http://localhost:8080/enrollment-server" \ --status-file "/tmp/pa_status.json" \ --config-file "/tmp/pamk.json" \ --method "create-custom" \ @@ -270,7 +284,7 @@ Use this method to send encrypted data to the server. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server-spring/exchange" \ + --url "http://localhost:8080/enrollment-server-spring/exchange" \ --config-file "config.json" \ --method "encrypt" \ --data-file "request.json" \ @@ -286,7 +300,7 @@ Use this method to send signed and encrypted data to the server. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server-spring/exchange/v3/signed" \ + --url "http://localhost:8080/enrollment-server-spring/exchange/v3/signed" \ --status-file "pa_status.json" \ --config-file "config.json" \ --method "sign-encrypt" \ @@ -306,7 +320,7 @@ Use this method to start upgrade of a version `2` activation to version `3`. ``` java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/powerauth-restful-server" \ + --url "http://localhost:8080/enrollment-server" \ --status-file "pa_status.json" \ --config-file "config.json" \ --method "start-upgrade" @@ -389,6 +403,10 @@ usage: java -jar powerauth-java-cmd.jar If you are using HTTPS, make sure you are using valid SSL certificate or that you use "-i" option. +**Error: JCE cannot authenticate the provider BC** + +Please use a supported Java Runtime Version (LTS release of Java 8 or 11). + ## License -All sources are licensed using Apache 2.0 license, you can use them with no restriction. If you are using PowerAuth, please let us know. We will be happy to share and promote your project. +All PowerAuth command-line tool sources are licensed using Apache 2.0 license, you can use them with no restriction. Note that most of the PowerAuth backend components use the AGPL v3.0 license. If you are using PowerAuth, please let us know. We will be happy to share and promote your project. From 6a8d11066581f49b7ce3f36616d658bfe6e6f357 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Thu, 3 Feb 2022 10:46:20 +0100 Subject: [PATCH 05/17] Fix #234: Add token-encrypt step --- docs/Readme.md | 59 ++++-- .../lib/cmd/consts/PowerAuthStep.java | 5 + .../cmd/header/PowerAuthHeaderFactory.java | 11 ++ .../TokenAndEncryptionHeaderProvider.java | 45 +++++ .../lib/cmd/steps/AbstractBaseStep.java | 2 +- .../steps/model/TokenAndEncryptStepModel.java | 96 ++++++++++ .../data/TokenAndEncryptionHeaderData.java | 26 +++ .../lib/cmd/steps/v3/TokenAndEncryptStep.java | 172 ++++++++++++++++++ .../powerauth/app/cmd/Application.java | 30 ++- 9 files changed, 424 insertions(+), 22 deletions(-) create mode 100644 powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/header/TokenAndEncryptionHeaderProvider.java create mode 100644 powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/model/TokenAndEncryptStepModel.java create mode 100644 powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/model/data/TokenAndEncryptionHeaderData.java create mode 100755 powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/TokenAndEncryptStep.java diff --git a/docs/Readme.md b/docs/Readme.md index 1f767acd..916b37f6 100644 --- a/docs/Readme.md +++ b/docs/Readme.md @@ -284,7 +284,7 @@ Use this method to send encrypted data to the server. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/enrollment-server-spring/exchange" \ + --url "http://localhost:8080/enrollment-server/exchange" \ --config-file "config.json" \ --method "encrypt" \ --data-file "request.json" \ @@ -300,7 +300,7 @@ Use this method to send signed and encrypted data to the server. ```bash java -jar powerauth-java-cmd.jar \ - --url "http://localhost:8080/enrollment-server-spring/exchange/v3/signed" \ + --url "http://localhost:8080/enrollment-server/exchange/v3/signed" \ --status-file "pa_status.json" \ --config-file "config.json" \ --method "sign-encrypt" \ @@ -314,6 +314,25 @@ java -jar powerauth-java-cmd.jar \ The data in `request.json` file is signed and encrypted using ECIES encryption. See chapter [Validate the Signature](#validate-the-signature) which describes signature parameters. The encrypted data is sent to specified endpoint URL. The endpoint which receives encrypted data needs to decrypt the data, verify data signature and return encrypted response back to the client. The cmd line tool receives the encrypted response from server, decrypts it and prints it into the command line. +### Send Encrypted Data with Token Validation to Server + +Use this method to send encrypted data with token validation to the server. + +```bash +java -jar powerauth-java-cmd.jar \ + --url "http://localhost:8080/enrollment-server/exchange/v3/token" \ + --status-file "pa_status.json" \ + --config-file "config.json" \ + --method "token-encrypt" \ + --http-method "POST" \ + --data-file "request.json" \ + --token-id "66b8b981-a89d-4fc2-bd49-1c05f937a6f2" \ + --token-secret "xfb1NUXAPbvDZK8qyNVGyw==" +``` + +The data in `request.json` file is encrypted using ECIES encryption and token authentication is computed. +The encrypted data is sent to specified endpoint URL. The endpoint which receives encrypted data needs to decrypt the data, validate the token and return encrypted response back to the client. The cmd line tool receives the encrypted response from server, decrypts it and prints it into the command line. + ### Start Upgrade Use this method to start upgrade of a version `2` activation to version `3`. @@ -348,18 +367,19 @@ PowerAuth Reference Client is called as any Java application that is packaged as ``` usage: java -jar powerauth-java-cmd.jar - -a,--activation-code In case a specified method is 'create', this field contains - the activation key (a concatenation of a short activation ID - and activation OTP). + -a,--activation-code In case a specified method is 'create', this field contains the + activation key (a concatenation of a short activation ID and + activation OTP). -A,--activation-otp In case a specified method is 'create', this field contains additional activation OTP (PA server 0.24+) -c,--config-file Specifies a path to the config file with Base64 encoded server master public key, application ID and application secret. -C,--custom-attributes-file In case a specified method is 'create-custom', this field specifies the path to the file with custom attributes. - -d,--data-file In case a specified method is 'sign', this field specifies a - file with the input data to be signed and verified with the - server, as specified in PowerAuth signature process. + -d,--data-file In case a specified method is 'sign', 'sign-encrypt' or + 'token-encrypt', this field specifies a file with the input + data to be signed and verified with the server, as specified in + PowerAuth signature process or MAC token based authentication. -D,--device-info Information about user device. -e,--endpoint Deprecated option, use the resource-id option instead. -E,--resource-id In case a specified method is 'sign' or 'sign-encrypt', this @@ -367,16 +387,21 @@ usage: java -jar powerauth-java-cmd.jar signature process. -h,--help Print this help manual. -H,--http-header Use provided HTTP header for communication + -hs,--help-steps PowerAuth supported steps and versions. + -hv,--help-versions PowerAuth supported versions and steps. -I,--identity-file In case a specified method is 'create-custom', this field specifies the path to the file with identity attributes. -i,--invalidSsl Client may accept invalid SSL certificate in HTTPS communication. - -l,--signature-type In case a specified method is 'sign', this field specifies a - signature type, as specified in PowerAuth signature process. + -l,--signature-type In case a specified method is 'sign' or 'sign-encrypt', this + field specifies a signature type, as specified in PowerAuth + signature process. -m,--method What API method to call, available names are 'create', 'status', 'remove', 'sign', 'unlock', 'create-custom', 'create-token', 'validate-token', 'remove-token', 'encrypt', - 'sign-encrypt', 'start-upgrade' and 'commit-upgrade'. + 'sign-encrypt', 'token-encrypt', 'start-upgrade', + 'commit-upgrade', 'create-recovery' and + 'confirm-recovery-code'. -o,--scope ECIES encryption scope: 'application' or 'activation'. -p,--password Password used for a knowledge related key encryption. If not specified, an interactive input is required. @@ -387,14 +412,16 @@ usage: java -jar powerauth-java-cmd.jar data persistence. -S,--token-secret Token secret (Base64 encoded bytes), in case of 'token-validate' method. - -t,--http-method In case a specified method is 'sign', this field specifies a - HTTP method, as specified in PowerAuth signature process. + -t,--http-method In case a specified method is 'sign', 'sign-encrypt' or + 'token-encrypt', this field specifies a HTTP method, as + specified in PowerAuth signature process. -T,--token-id Token ID (UUID4), in case of 'token-validate' method. -u,--url Base URL of the PowerAuth Standard RESTful API. -v,--version PowerAuth protocol version. - -y,--dry-run In case a specified method is 'sign' or 'validate-token' and - this attribute is specified, the step is stopped right after - signing the request body and preparing appropriate headers. + -y,--dry-run In case a specified method is 'sign', 'sign-encrypt', + 'validate-token' or 'token-encrypt' and this attribute is + specified, the step is stopped right after signing the request + body and preparing appropriate headers. ``` ## Troubleshooting diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java index 0162d532..f5e83c75 100644 --- a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java @@ -93,6 +93,11 @@ public enum PowerAuthStep { */ TOKEN_VALIDATE("token-validate", "Token Digest Validation", "validate-token"), + /** + * Send an encrypted request with token-based authentication + */ + TOKEN_ENCRYPT("token-encrypt", "Generate Token and Encrypt Request", "token-encrypt"), + /** * Committing upgrade from activation version 2 to version 3 */ diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/header/PowerAuthHeaderFactory.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/header/PowerAuthHeaderFactory.java index f9bf2717..483e6aae 100644 --- a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/header/PowerAuthHeaderFactory.java +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/header/PowerAuthHeaderFactory.java @@ -18,6 +18,7 @@ import io.getlime.security.powerauth.lib.cmd.steps.model.data.EncryptionHeaderData; import io.getlime.security.powerauth.lib.cmd.steps.model.data.SignatureHeaderData; +import io.getlime.security.powerauth.lib.cmd.steps.model.data.TokenAndEncryptionHeaderData; import io.getlime.security.powerauth.lib.cmd.steps.model.data.TokenHeaderData; import org.springframework.stereotype.Component; @@ -59,4 +60,14 @@ public TokenHeaderProvider getHeaderProvider(M model return new TokenHeaderProvider(); } + /** + * Creates a token and encryption header provider instance + * @param model Step model + * @param Model class based on {@link TokenAndEncryptionHeaderData} + * @return New token and encryption header provider instance + */ + public TokenAndEncryptionHeaderProvider getHeaderProvider(M model) { + return new TokenAndEncryptionHeaderProvider(); + } + } diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/header/TokenAndEncryptionHeaderProvider.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/header/TokenAndEncryptionHeaderProvider.java new file mode 100644 index 00000000..ebe5af52 --- /dev/null +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/header/TokenAndEncryptionHeaderProvider.java @@ -0,0 +1,45 @@ +/* + * PowerAuth Command-line utility + * Copyright 2022 Wultra s.r.o. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.getlime.security.powerauth.lib.cmd.header; + +import io.getlime.security.powerauth.lib.cmd.steps.context.StepContext; +import io.getlime.security.powerauth.lib.cmd.steps.model.data.EncryptionHeaderData; +import io.getlime.security.powerauth.lib.cmd.steps.model.data.TokenAndEncryptionHeaderData; +import io.getlime.security.powerauth.lib.cmd.steps.model.data.TokenHeaderData; + +import static io.getlime.security.powerauth.lib.cmd.consts.BackwardCompatibilityConst.POWER_AUTH_HEADER_FACTORY; + +/** + * Token and encryption header provider. + * + * @author Roman Strobl, roman.strob@wultra.com + */ +public class TokenAndEncryptionHeaderProvider implements PowerAuthHeaderProvider { + + /** + * Adds a token and encryption headers to the request context + * @param stepContext Step context + */ + @Override + public void addHeader(StepContext stepContext) throws Exception { + TokenHeaderData tokenHeaderData = stepContext.getModel(); + POWER_AUTH_HEADER_FACTORY.getHeaderProvider(tokenHeaderData).addHeader(stepContext); + EncryptionHeaderData encryptionHeaderData = stepContext.getModel(); + POWER_AUTH_HEADER_FACTORY.getHeaderProvider(encryptionHeaderData).addHeader(stepContext); + } + +} \ No newline at end of file diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/AbstractBaseStep.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/AbstractBaseStep.java index 3437b6de..a4c46f02 100644 --- a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/AbstractBaseStep.java +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/AbstractBaseStep.java @@ -169,7 +169,7 @@ public final JSONObject execute(StepLogger stepLogger, Map conte * @param stepContext Context of this step * @param applicationSecret Application secret * @param eciesSharedInfo Parameter sharedInfo1 - * @param data Request data for the encyption + * @param data Request data for the encryption * @throws Exception when an error during encryption of the request data occurred */ public void addEncryptedRequest(StepContext stepContext, String applicationSecret, EciesSharedInfo1 eciesSharedInfo, byte[] data) throws Exception { diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/model/TokenAndEncryptStepModel.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/model/TokenAndEncryptStepModel.java new file mode 100644 index 00000000..0c9174dc --- /dev/null +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/model/TokenAndEncryptStepModel.java @@ -0,0 +1,96 @@ +/* + * PowerAuth Command-line utility + * Copyright 2022 Wultra s.r.o. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.getlime.security.powerauth.lib.cmd.steps.model; + +import io.getlime.security.powerauth.lib.cmd.steps.model.data.TokenAndEncryptionHeaderData; +import io.getlime.security.powerauth.lib.cmd.steps.model.feature.DryRunCapable; +import lombok.Data; +import lombok.EqualsAndHashCode; + +import java.util.Map; + +/** + * Model representing parameters of the step for verifying token digest. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Data +@EqualsAndHashCode(callSuper = true) +public class TokenAndEncryptStepModel extends BaseStepModel + implements DryRunCapable, TokenAndEncryptionHeaderData { + + /** + * Token ID. + */ + private String tokenId; + + /** + * Token secret. + */ + private String tokenSecret; + + /** + * HTTP method. + */ + private String httpMethod; + + /** + * HTTP request data. + */ + private byte[] data; + + /** + * Application key. + */ + private String applicationKey; + + /** + * Application secret. + */ + private String applicationSecret; + + /** + * Flag indicating that this step should be terminated before the networking call. + */ + private boolean dryRun; + + @Override + public Map toMap() { + Map context = super.toMap(); + context.put("TOKEN_ID", tokenId); + context.put("TOKEN_SECRET", tokenSecret); + context.put("APPLICATION_KEY", applicationKey); + context.put("APPLICATION_SECRET", applicationSecret); + context.put("HTTP_METHOD", httpMethod); + context.put("DATA", data); + context.put("DRY_RUN", dryRun); + return context; + } + + @Override + public void fromMap(Map context) { + super.fromMap(context); + setTokenId((String) context.get("TOKEN_ID")); + setTokenSecret((String) context.get("TOKEN_SECRET")); + setApplicationKey((String) context.get("APPLICATION_KEY")); + setApplicationSecret((String) context.get("APPLICATION_SECRET")); + setHttpMethod((String) context.get("HTTP_METHOD")); + setData((byte[]) context.get("DATA")); + setDryRun((boolean) context.get("DRY_RUN")); + } + +} diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/model/data/TokenAndEncryptionHeaderData.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/model/data/TokenAndEncryptionHeaderData.java new file mode 100644 index 00000000..6b0f2d3f --- /dev/null +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/model/data/TokenAndEncryptionHeaderData.java @@ -0,0 +1,26 @@ +/* + * PowerAuth Command-line utility + * Copyright 2022 Wultra s.r.o. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.getlime.security.powerauth.lib.cmd.steps.model.data; + +/** + * Data used for computing a token and encryption header values. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public interface TokenAndEncryptionHeaderData extends TokenHeaderData, EncryptionHeaderData { + +} diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/TokenAndEncryptStep.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/TokenAndEncryptStep.java new file mode 100755 index 00000000..98d556e1 --- /dev/null +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/TokenAndEncryptStep.java @@ -0,0 +1,172 @@ +/* + * PowerAuth Command-line utility + * Copyright 2022 Wultra s.r.o. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.getlime.security.powerauth.lib.cmd.steps.v3; + +import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesEncryptor; +import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesSharedInfo1; +import io.getlime.security.powerauth.lib.cmd.consts.BackwardCompatibilityConst; +import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthConst; +import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthStep; +import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthVersion; +import io.getlime.security.powerauth.lib.cmd.header.PowerAuthHeaderFactory; +import io.getlime.security.powerauth.lib.cmd.header.TokenAndEncryptionHeaderProvider; +import io.getlime.security.powerauth.lib.cmd.logging.StepLogger; +import io.getlime.security.powerauth.lib.cmd.logging.StepLoggerFactory; +import io.getlime.security.powerauth.lib.cmd.status.ResultStatusService; +import io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep; +import io.getlime.security.powerauth.lib.cmd.steps.context.RequestContext; +import io.getlime.security.powerauth.lib.cmd.steps.context.ResponseContext; +import io.getlime.security.powerauth.lib.cmd.steps.context.StepContext; +import io.getlime.security.powerauth.lib.cmd.steps.context.security.SimpleSecurityContext; +import io.getlime.security.powerauth.lib.cmd.steps.model.TokenAndEncryptStepModel; +import io.getlime.security.powerauth.lib.cmd.steps.model.VerifySignatureStepModel; +import io.getlime.security.powerauth.lib.cmd.steps.model.VerifyTokenStepModel; +import io.getlime.security.powerauth.lib.cmd.util.SecurityUtil; +import io.getlime.security.powerauth.lib.cmd.util.VerifySignatureUtil; +import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.ParameterizedTypeReference; +import org.springframework.http.HttpMethod; +import org.springframework.stereotype.Component; + +import java.nio.charset.StandardCharsets; +import java.util.Map; + +/** + * Token and encrypt step generates token authentication for request data and performs encryption using ECIES encryption in activation scope. + * + *

PowerAuth protocol versions: + *

    + *
  • 3.0
    • + *
  • 3.1
    • + *
+ *

+ * @author Roman Strobl, roman.strobl@wultra.com + */ +@Component +public class TokenAndEncryptStep extends AbstractBaseStep { + + private final PowerAuthHeaderFactory powerAuthHeaderFactory; + + /** + * Constructor. + * @param powerAuthHeaderFactory PowerAuth header factory. + * @param resultStatusService Result status service. + * @param stepLoggerFactory Step logger factory. + */ + @Autowired + public TokenAndEncryptStep( + PowerAuthHeaderFactory powerAuthHeaderFactory, + ResultStatusService resultStatusService, + StepLoggerFactory stepLoggerFactory) { + super(PowerAuthStep.TOKEN_ENCRYPT, PowerAuthVersion.VERSION_3, resultStatusService, stepLoggerFactory); + + this.powerAuthHeaderFactory = powerAuthHeaderFactory; + } + + /** + * Constructor for backward compatibility + */ + public TokenAndEncryptStep() { + this( + BackwardCompatibilityConst.POWER_AUTH_HEADER_FACTORY, + BackwardCompatibilityConst.RESULT_STATUS_SERVICE, + BackwardCompatibilityConst.STEP_LOGGER_FACTORY + ); + } + + @Override + protected ParameterizedTypeReference getResponseTypeReference() { + return PowerAuthConst.RESPONSE_TYPE_REFERENCE_V3; + } + + @Override + public StepContext prepareStepContext(StepLogger stepLogger, Map context) throws Exception { + TokenAndEncryptStepModel model = new TokenAndEncryptStepModel(); + model.fromMap(context); + + RequestContext requestContext = RequestContext.builder() + .signatureHttpMethod(model.getHttpMethod()) + .uri(model.getUriString()) + .build(); + + StepContext stepContext = + buildStepContext(stepLogger, model, requestContext); + + // Verify that HTTP method is set + if (model.getHttpMethod() == null) { + stepLogger.writeError("token-encrypt-error-http-method", "HTTP method not specified", "Specify HTTP method to use for sending request"); + stepLogger.writeDoneFailed("token-encrypt-failed"); + return null; + } + + // Verify HTTP method, GET is not supported + if (HttpMethod.GET.name().equals(model.getHttpMethod().toUpperCase())) { + stepLogger.writeError("token-encrypt-error-http-method-invalid", "Token and Encrypt Request Failed", "Unsupported HTTP method: " + model.getHttpMethod().toUpperCase()); + stepLogger.writeDoneFailed("token-encrypt-failed"); + return null; + } + + // Read data which needs to be encrypted + byte[] requestDataBytes = model.getData(); + if (requestDataBytes == null || requestDataBytes.length == 0) { + requestDataBytes = new byte[0]; + stepLogger.writeItem( + "token-validate-warning-empty-data", + "Empty data", + "Data file was not found, signature will contain no data", + "WARNING", + null + ); + } + + stepLogger.writeItem( + getStep().id() + "-request-prepare", + "Preparing Request Data", + "Following data will be encrypted", + "OK", + requestDataBytes + ); + + requestContext.setRequestObject(requestDataBytes); + powerAuthHeaderFactory.getHeaderProvider(model).addHeader(stepContext); + + // Encrypt the request + addEncryptedRequest(stepContext, model.getApplicationSecret(), EciesSharedInfo1.ACTIVATION_SCOPE_GENERIC, requestDataBytes); + + return stepContext; + } + + @Override + public void processResponse(StepContext stepContext) throws Exception { + ResponseContext responseContext = stepContext.getResponseContext(); + EciesEncryptor encryptor = ((SimpleSecurityContext) stepContext.getSecurityContext()).getEncryptor(); + final byte[] decryptedBytes = SecurityUtil.decryptBytesFromResponse(encryptor, responseContext.getResponseBodyObject()); + + String decryptedMessage = new String(decryptedBytes, StandardCharsets.UTF_8); + stepContext.getModel().getResultStatus().setResponseData(decryptedMessage); + + stepContext.getStepLogger().writeItem( + getStep().id() + "-response-decrypted", + "Decrypted Response", + "Following data were decrypted", + "OK", + decryptedMessage + ); + } + +} diff --git a/powerauth-java-cmd/src/main/java/io/getlime/security/powerauth/app/cmd/Application.java b/powerauth-java-cmd/src/main/java/io/getlime/security/powerauth/app/cmd/Application.java index 6f5258fa..db5af222 100755 --- a/powerauth-java-cmd/src/main/java/io/getlime/security/powerauth/app/cmd/Application.java +++ b/powerauth-java-cmd/src/main/java/io/getlime/security/powerauth/app/cmd/Application.java @@ -64,7 +64,7 @@ public static void main(String[] args) { ConfigurableApplicationContext appContext = new SpringApplicationBuilder(CmdLibApplication.class) .web(WebApplicationType.NONE) - .run(args);; + .run(args); StepExecutionService stepExecutionService = appContext.getBeanFactory().getBean(StepExecutionService.class); StepProvider stepProvider = appContext.getBeanFactory().getBean(StepProvider.class); @@ -82,17 +82,17 @@ public static void main(String[] args) { options.addOption("hs", "help-steps", false, "PowerAuth supported steps and versions."); options.addOption("hv", "help-versions", false, "PowerAuth supported versions and steps."); options.addOption("u", "url", true, "Base URL of the PowerAuth Standard RESTful API."); - options.addOption("m", "method", true, "What API method to call, available names are 'create', 'status', 'remove', 'sign', 'unlock', 'create-custom', 'create-token', 'validate-token', 'remove-token', 'encrypt', 'sign-encrypt', 'start-upgrade', 'commit-upgrade', 'create-recovery' and 'confirm-recovery-code'."); + options.addOption("m", "method", true, "What API method to call, available names are 'create', 'status', 'remove', 'sign', 'unlock', 'create-custom', 'create-token', 'validate-token', 'remove-token', 'encrypt', 'sign-encrypt', 'token-encrypt', 'start-upgrade', 'commit-upgrade', 'create-recovery' and 'confirm-recovery-code'."); options.addOption("c", "config-file", true, "Specifies a path to the config file with Base64 encoded server master public key, application ID and application secret."); options.addOption("s", "status-file", true, "Path to the file with the activation status, serving as the data persistence."); options.addOption("a", "activation-code", true, "In case a specified method is 'create', this field contains the activation key (a concatenation of a short activation ID and activation OTP)."); options.addOption("A", "activation-otp", true, "In case a specified method is 'create', this field contains additional activation OTP (PA server 0.24+)"); - options.addOption("t", "http-method", true, "In case a specified method is 'sign' or 'sign-encrypt', this field specifies a HTTP method, as specified in PowerAuth signature process."); + options.addOption("t", "http-method", true, "In case a specified method is 'sign', 'sign-encrypt' or 'token-encrypt', this field specifies a HTTP method, as specified in PowerAuth signature process."); options.addOption("e", "endpoint", true, "Deprecated option, use the resource-id option instead."); options.addOption("E", "resource-id", true, "In case a specified method is 'sign' or 'sign-encrypt', this field specifies a URI identifier, as specified in PowerAuth signature process."); options.addOption("l", "signature-type", true, "In case a specified method is 'sign' or 'sign-encrypt', this field specifies a signature type, as specified in PowerAuth signature process."); - options.addOption("d", "data-file", true, "In case a specified method is 'sign' or 'sign-encrypt', this field specifies a file with the input data to be signed and verified with the server, as specified in PowerAuth signature process."); - options.addOption("y", "dry-run", false, "In case a specified method is 'sign' or 'validate-token' and this attribute is specified, the step is stopped right after signing the request body and preparing appropriate headers."); + options.addOption("d", "data-file", true, "In case a specified method is 'sign', 'sign-encrypt' or 'token-encrypt', this field specifies a file with the input data to be signed and verified with the server, as specified in PowerAuth signature process or MAC token based authentication."); + options.addOption("y", "dry-run", false, "In case a specified method is 'sign', 'sign-encrypt', 'validate-token' or 'token-encrypt' and this attribute is specified, the step is stopped right after signing the request body and preparing appropriate headers."); options.addOption("p", "password", true, "Password used for a knowledge related key encryption. If not specified, an interactive input is required."); options.addOption("I", "identity-file", true, "In case a specified method is 'create-custom', this field specifies the path to the file with identity attributes."); options.addOption("C", "custom-attributes-file", true, "In case a specified method is 'create-custom', this field specifies the path to the file with custom attributes."); @@ -429,6 +429,26 @@ public static void main(String[] args) { stepExecutionService.execute(powerAuthStep, version, model); break; } + case TOKEN_ENCRYPT: { + TokenAndEncryptStepModel model = new TokenAndEncryptStepModel(); + model.setTokenId(cmd.getOptionValue("T")); + model.setTokenSecret(cmd.getOptionValue("S")); + model.setApplicationKey(ConfigurationUtil.getApplicationKey(clientConfigObject)); + model.setApplicationSecret(ConfigurationUtil.getApplicationSecret(clientConfigObject)); + model.setHttpMethod(cmd.getOptionValue("t")); + model.setDryRun(cmd.hasOption("dry-run")); + model.setHeaders(httpHeaders); + model.setResultStatus(resultStatusObject); + model.setUriString(uriString); + model.setVersion(version); + + // Read the file with request data + String dataFileName = cmd.getOptionValue("d"); + final byte[] dataFileBytes = FileUtil.readFileBytes(stepLogger, dataFileName, "request-data", "Request data file"); + model.setData(dataFileBytes); + + stepExecutionService.execute(powerAuthStep, version, model); + } case UPGRADE_START: { StartUpgradeStepModel model = new StartUpgradeStepModel(); model.setApplicationKey(ConfigurationUtil.getApplicationKey(clientConfigObject)); From 6429b6b6285939c751999a8cf634c30fc37bce5b Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Thu, 3 Feb 2022 11:29:51 +0100 Subject: [PATCH 06/17] Improve step description --- .../security/powerauth/lib/cmd/consts/PowerAuthStep.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java index f5e83c75..2069f07e 100644 --- a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java @@ -96,7 +96,7 @@ public enum PowerAuthStep { /** * Send an encrypted request with token-based authentication */ - TOKEN_ENCRYPT("token-encrypt", "Generate Token and Encrypt Request", "token-encrypt"), + TOKEN_ENCRYPT("token-encrypt", "Encrypt Request and Validate Token Digest", "token-encrypt"), /** * Committing upgrade from activation version 2 to version 3 From 68c1cf8f536950c5dcefcf13cc3dc54e032bce2e Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Fri, 4 Feb 2022 12:11:35 +0100 Subject: [PATCH 07/17] Unify encryption logic --- .../lib/cmd/consts/PowerAuthStep.java | 10 ++-- .../lib/cmd/steps/v3/EncryptStep.java | 25 +------- .../lib/cmd/steps/v3/SignAndEncryptStep.java | 21 +------ .../lib/cmd/steps/v3/TokenAndEncryptStep.java | 31 ++-------- .../lib/cmd/util/EncryptionUtil.java | 57 +++++++++++++++++++ 5 files changed, 71 insertions(+), 73 deletions(-) create mode 100644 powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/util/EncryptionUtil.java diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java index 2069f07e..65d6ef6b 100644 --- a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthStep.java @@ -83,6 +83,11 @@ public enum PowerAuthStep { */ TOKEN_CREATE("token-create", "Token Create", "create-token"), + /** + * Send an encrypted request with token-based authentication + */ + TOKEN_ENCRYPT("token-encrypt", "Encrypt Request and Validate Token Digest", "token-encrypt"), + /** * Removing a previously created token */ @@ -93,11 +98,6 @@ public enum PowerAuthStep { */ TOKEN_VALIDATE("token-validate", "Token Digest Validation", "validate-token"), - /** - * Send an encrypted request with token-based authentication - */ - TOKEN_ENCRYPT("token-encrypt", "Encrypt Request and Validate Token Digest", "token-encrypt"), - /** * Committing upgrade from activation version 2 to version 3 */ diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/EncryptStep.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/EncryptStep.java index 79255d60..e4f4a06a 100755 --- a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/EncryptStep.java +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/EncryptStep.java @@ -16,10 +16,8 @@ */ package io.getlime.security.powerauth.lib.cmd.steps.v3; -import com.google.common.io.BaseEncoding; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesEncryptor; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesFactory; -import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesCryptogram; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesSharedInfo1; import io.getlime.security.powerauth.http.PowerAuthEncryptionHttpHeader; import io.getlime.security.powerauth.lib.cmd.consts.BackwardCompatibilityConst; @@ -35,6 +33,7 @@ import io.getlime.security.powerauth.lib.cmd.steps.context.security.SimpleSecurityContext; import io.getlime.security.powerauth.lib.cmd.steps.model.EncryptStepModel; import io.getlime.security.powerauth.lib.cmd.steps.pojo.ResultStatusObject; +import io.getlime.security.powerauth.lib.cmd.util.EncryptionUtil; import io.getlime.security.powerauth.lib.cmd.util.SecurityUtil; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import org.springframework.beans.factory.annotation.Autowired; @@ -168,27 +167,7 @@ public StepContext prepareStepContext( @Override public void processResponse(StepContext stepContext) throws Exception { - EncryptStepModel model = stepContext.getModel(); - EciesEncryptor encryptor = ((SimpleSecurityContext) stepContext.getSecurityContext()).getEncryptor(); - - EciesEncryptedResponse encryptedResponse = stepContext.getResponseContext().getResponseBodyObject(); - - byte[] macResponse = BaseEncoding.base64().decode(encryptedResponse.getMac()); - byte[] encryptedDataResponse = BaseEncoding.base64().decode(encryptedResponse.getEncryptedData()); - EciesCryptogram eciesCryptogramResponse = new EciesCryptogram(macResponse, encryptedDataResponse); - - final byte[] decryptedBytes = encryptor.decryptResponse(eciesCryptogramResponse); - - String decryptedMessage = new String(decryptedBytes, StandardCharsets.UTF_8); - model.getResultStatus().setResponseData(decryptedMessage); - - stepContext.getStepLogger().writeItem( - getStep().id() + "-response-decrypt", - "Decrypted Response", - "Following data were decrypted", - "OK", - decryptedMessage - ); + EncryptionUtil.processEncryptedResponse(stepContext, getStep().id()); } } diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/SignAndEncryptStep.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/SignAndEncryptStep.java index aae6fb8b..c82d28a3 100755 --- a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/SignAndEncryptStep.java +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/SignAndEncryptStep.java @@ -16,7 +16,6 @@ */ package io.getlime.security.powerauth.lib.cmd.steps.v3; -import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesEncryptor; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesSharedInfo1; import io.getlime.security.powerauth.lib.cmd.consts.BackwardCompatibilityConst; import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthConst; @@ -28,11 +27,9 @@ import io.getlime.security.powerauth.lib.cmd.status.ResultStatusService; import io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep; import io.getlime.security.powerauth.lib.cmd.steps.context.RequestContext; -import io.getlime.security.powerauth.lib.cmd.steps.context.ResponseContext; import io.getlime.security.powerauth.lib.cmd.steps.context.StepContext; -import io.getlime.security.powerauth.lib.cmd.steps.context.security.SimpleSecurityContext; import io.getlime.security.powerauth.lib.cmd.steps.model.VerifySignatureStepModel; -import io.getlime.security.powerauth.lib.cmd.util.SecurityUtil; +import io.getlime.security.powerauth.lib.cmd.util.EncryptionUtil; import io.getlime.security.powerauth.lib.cmd.util.VerifySignatureUtil; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import org.springframework.beans.factory.annotation.Autowired; @@ -40,7 +37,6 @@ import org.springframework.http.HttpMethod; import org.springframework.stereotype.Component; -import java.nio.charset.StandardCharsets; import java.util.Map; /** @@ -151,20 +147,7 @@ public StepContext prepareStep @Override public void processResponse(StepContext stepContext) throws Exception { - ResponseContext responseContext = stepContext.getResponseContext(); - EciesEncryptor encryptor = ((SimpleSecurityContext) stepContext.getSecurityContext()).getEncryptor(); - final byte[] decryptedBytes = SecurityUtil.decryptBytesFromResponse(encryptor, responseContext.getResponseBodyObject()); - - String decryptedMessage = new String(decryptedBytes, StandardCharsets.UTF_8); - stepContext.getModel().getResultStatus().setResponseData(decryptedMessage); - - stepContext.getStepLogger().writeItem( - getStep().id() + "-response-decrypted", - "Decrypted Response", - "Following data were decrypted", - "OK", - decryptedMessage - ); + EncryptionUtil.processEncryptedResponse(stepContext, getStep().id()); } } diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/TokenAndEncryptStep.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/TokenAndEncryptStep.java index 98d556e1..ae75904c 100755 --- a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/TokenAndEncryptStep.java +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/TokenAndEncryptStep.java @@ -16,34 +16,26 @@ */ package io.getlime.security.powerauth.lib.cmd.steps.v3; -import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesEncryptor; import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.model.EciesSharedInfo1; import io.getlime.security.powerauth.lib.cmd.consts.BackwardCompatibilityConst; import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthConst; import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthStep; import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthVersion; import io.getlime.security.powerauth.lib.cmd.header.PowerAuthHeaderFactory; -import io.getlime.security.powerauth.lib.cmd.header.TokenAndEncryptionHeaderProvider; import io.getlime.security.powerauth.lib.cmd.logging.StepLogger; import io.getlime.security.powerauth.lib.cmd.logging.StepLoggerFactory; import io.getlime.security.powerauth.lib.cmd.status.ResultStatusService; import io.getlime.security.powerauth.lib.cmd.steps.AbstractBaseStep; import io.getlime.security.powerauth.lib.cmd.steps.context.RequestContext; -import io.getlime.security.powerauth.lib.cmd.steps.context.ResponseContext; import io.getlime.security.powerauth.lib.cmd.steps.context.StepContext; -import io.getlime.security.powerauth.lib.cmd.steps.context.security.SimpleSecurityContext; import io.getlime.security.powerauth.lib.cmd.steps.model.TokenAndEncryptStepModel; -import io.getlime.security.powerauth.lib.cmd.steps.model.VerifySignatureStepModel; -import io.getlime.security.powerauth.lib.cmd.steps.model.VerifyTokenStepModel; -import io.getlime.security.powerauth.lib.cmd.util.SecurityUtil; -import io.getlime.security.powerauth.lib.cmd.util.VerifySignatureUtil; +import io.getlime.security.powerauth.lib.cmd.util.EncryptionUtil; import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.ParameterizedTypeReference; import org.springframework.http.HttpMethod; import org.springframework.stereotype.Component; -import java.nio.charset.StandardCharsets; import java.util.Map; /** @@ -109,14 +101,14 @@ public StepContext prepareStep // Verify that HTTP method is set if (model.getHttpMethod() == null) { - stepLogger.writeError("token-encrypt-error-http-method", "HTTP method not specified", "Specify HTTP method to use for sending request"); + stepLogger.writeError(getStep().id() + "-error-http-method", "HTTP method not specified", "Specify HTTP method to use for sending request"); stepLogger.writeDoneFailed("token-encrypt-failed"); return null; } // Verify HTTP method, GET is not supported if (HttpMethod.GET.name().equals(model.getHttpMethod().toUpperCase())) { - stepLogger.writeError("token-encrypt-error-http-method-invalid", "Token and Encrypt Request Failed", "Unsupported HTTP method: " + model.getHttpMethod().toUpperCase()); + stepLogger.writeError(getStep().id() + "-error-http-method-invalid", "Token and Encrypt Request Failed", "Unsupported HTTP method: " + model.getHttpMethod().toUpperCase()); stepLogger.writeDoneFailed("token-encrypt-failed"); return null; } @@ -126,7 +118,7 @@ public StepContext prepareStep if (requestDataBytes == null || requestDataBytes.length == 0) { requestDataBytes = new byte[0]; stepLogger.writeItem( - "token-validate-warning-empty-data", + getStep().id() + "-warning-empty-data", "Empty data", "Data file was not found, signature will contain no data", "WARNING", @@ -153,20 +145,7 @@ public StepContext prepareStep @Override public void processResponse(StepContext stepContext) throws Exception { - ResponseContext responseContext = stepContext.getResponseContext(); - EciesEncryptor encryptor = ((SimpleSecurityContext) stepContext.getSecurityContext()).getEncryptor(); - final byte[] decryptedBytes = SecurityUtil.decryptBytesFromResponse(encryptor, responseContext.getResponseBodyObject()); - - String decryptedMessage = new String(decryptedBytes, StandardCharsets.UTF_8); - stepContext.getModel().getResultStatus().setResponseData(decryptedMessage); - - stepContext.getStepLogger().writeItem( - getStep().id() + "-response-decrypted", - "Decrypted Response", - "Following data were decrypted", - "OK", - decryptedMessage - ); + EncryptionUtil.processEncryptedResponse(stepContext, getStep().id()); } } diff --git a/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/util/EncryptionUtil.java b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/util/EncryptionUtil.java new file mode 100644 index 00000000..4373a067 --- /dev/null +++ b/powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/util/EncryptionUtil.java @@ -0,0 +1,57 @@ +/* + * PowerAuth Command-line utility + * Copyright 2021 Wultra s.r.o. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.getlime.security.powerauth.lib.cmd.util; + +import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.EciesEncryptor; +import io.getlime.security.powerauth.lib.cmd.steps.context.ResponseContext; +import io.getlime.security.powerauth.lib.cmd.steps.context.StepContext; +import io.getlime.security.powerauth.lib.cmd.steps.context.security.SimpleSecurityContext; +import io.getlime.security.powerauth.rest.api.model.response.v3.EciesEncryptedResponse; + +import java.nio.charset.StandardCharsets; + +/** + * Utility class for ECIES encryption processing. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public class EncryptionUtil { + + /** + * Process an encrypted response for a step. + * @param stepContext Step context. + * @param stepId Step identifier. + * @throws Exception Thrown in case response decryption fails. + */ + public static void processEncryptedResponse(StepContext stepContext, String stepId) throws Exception { + ResponseContext responseContext = stepContext.getResponseContext(); + EciesEncryptor encryptor = ((SimpleSecurityContext) stepContext.getSecurityContext()).getEncryptor(); + final byte[] decryptedBytes = SecurityUtil.decryptBytesFromResponse(encryptor, responseContext.getResponseBodyObject()); + + String decryptedMessage = new String(decryptedBytes, StandardCharsets.UTF_8); + stepContext.getModel().getResultStatus().setResponseData(decryptedMessage); + + stepContext.getStepLogger().writeItem( + stepId + "-response-decrypt", + "Decrypted Response", + "Following data were decrypted", + "OK", + decryptedMessage + ); + } +} \ No newline at end of file From 253c91ffd327663bf5b6d8f4587787a11942d1f8 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 21 Mar 2022 17:50:11 +0000 Subject: [PATCH 08/17] fix: powerauth-java-cmd-lib/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 --- powerauth-java-cmd-lib/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index f958ba25..c2c694c5 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -19,7 +19,7 @@ com.fasterxml.jackson.core jackson-databind - 2.13.1 + 2.13.2 commons-cli From e2a9d2df84d7790e61a23143d56a49f04342300e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sat, 26 Mar 2022 16:36:44 +0000 Subject: [PATCH 09/17] fix: powerauth-java-cmd-lib/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 --- powerauth-java-cmd-lib/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index c2c694c5..f9852743 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -19,7 +19,7 @@ com.fasterxml.jackson.core jackson-databind - 2.13.2 + 2.13.2.1 commons-cli From 56ab0a32ebe7c08de74d8c876e9774705efe2e18 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 29 Mar 2022 16:31:44 +0000 Subject: [PATCH 10/17] fix: powerauth-java-cmd-lib/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2434828 --- powerauth-java-cmd-lib/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index f9852743..24300e15 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -68,7 +68,7 @@ org.springframework.boot spring-boot-starter - 2.6.2 + 2.6.5 log4j-to-slf4j From 5956fa612d6bd64ca4f6636acf576a7992ebe289 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 1 Apr 2022 12:09:17 +0000 Subject: [PATCH 11/17] fix: powerauth-java-cmd-lib/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 --- powerauth-java-cmd-lib/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index 24300e15..6153fb5c 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -68,7 +68,7 @@ org.springframework.boot spring-boot-starter - 2.6.5 + 2.6.6 log4j-to-slf4j From 3b20b1b89ece15e96162d0061fa5e41113636f48 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Tue, 5 Apr 2022 11:39:27 +0200 Subject: [PATCH 12/17] Update dependencies --- powerauth-java-cmd-lib/pom.xml | 10 +++++----- powerauth-java-cmd/pom.xml | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index 6153fb5c..bda74c94 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -19,7 +19,7 @@ com.fasterxml.jackson.core jackson-databind - 2.13.2.1 + 2.13.2.2 commons-cli @@ -45,7 +45,7 @@ io.getlime.security powerauth-restful-model - 1.2.0 + 1.2.5 io.getlime.security @@ -61,7 +61,7 @@ org.bouncycastle bcprov-jdk15on - 1.69 + 1.70 provided @@ -79,13 +79,13 @@ org.springframework.boot spring-boot-configuration-processor - 2.6.1 + 2.6.6 true io.getlime.core rest-client-base - 1.4.0 + 1.4.1 diff --git a/powerauth-java-cmd/pom.xml b/powerauth-java-cmd/pom.xml index dff41045..3dd38e87 100644 --- a/powerauth-java-cmd/pom.xml +++ b/powerauth-java-cmd/pom.xml @@ -56,7 +56,7 @@ org.bouncycastle bcprov-jdk15on - 1.69 + 1.70 @@ -66,7 +66,7 @@ org.springframework.boot spring-boot-maven-plugin - 2.6.1 + 2.6.6 From ff6272c631282c41f113703838a96fcbd3e73fd1 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 21 Apr 2022 23:44:28 +0000 Subject: [PATCH 13/17] fix: powerauth-java-cmd-lib/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634 --- powerauth-java-cmd-lib/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index bda74c94..9abab64f 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -68,7 +68,7 @@ org.springframework.boot spring-boot-starter - 2.6.6 + 2.6.7 log4j-to-slf4j From 00fe3ac6327b38e1fc441f201602a70ca10b9b9c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 20 May 2022 02:01:09 +0000 Subject: [PATCH 14/17] fix: powerauth-java-cmd-lib/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313 --- powerauth-java-cmd-lib/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index 9abab64f..a1cf324b 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -68,7 +68,7 @@ org.springframework.boot spring-boot-starter - 2.6.7 + 2.6.8 log4j-to-slf4j From b785006bc767d0e638630269ee32a80b5e8bad24 Mon Sep 17 00:00:00 2001 From: Petr Dvorak Date: Wed, 25 May 2022 00:31:44 +0200 Subject: [PATCH 15/17] Fix #243: Update dependencies for 1.3.x release --- powerauth-java-cmd-lib/pom.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index a1cf324b..7905c21c 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -19,7 +19,7 @@ com.fasterxml.jackson.core jackson-databind - 2.13.2.2 + 2.13.3 commons-cli @@ -45,17 +45,17 @@ io.getlime.security powerauth-restful-model - 1.2.5 + 1.3.0-SNAPSHOT io.getlime.security powerauth-java-crypto - 1.2.0 + 1.3.0-SNAPSHOT io.getlime.security powerauth-java-http - 1.2.0 + 1.3.0-SNAPSHOT @@ -79,7 +79,7 @@ org.springframework.boot spring-boot-configuration-processor - 2.6.6 + 2.6.7 true @@ -91,7 +91,7 @@ org.projectlombok lombok - 1.18.22 + 1.18.24 From 300ea0896c0732e93c9038b730c4f320784fe11e Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 14 Jun 2022 04:27:26 +0000 Subject: [PATCH 16/17] fix: powerauth-java-cmd-lib/pom.xml to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-IONETTY-2314893 - https://snyk.io/vuln/SNYK-JAVA-IONETTY-2812456 --- powerauth-java-cmd-lib/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index 7905c21c..86efe9b2 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -85,7 +85,7 @@ io.getlime.core rest-client-base - 1.4.1 + 1.5.0 From 91fffa32862be94bddfd0ba1381fadfa9cc62962 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Thu, 16 Jun 2022 09:48:11 +0200 Subject: [PATCH 17/17] Fix #246: Update dependencies --- pom.xml | 17 ++++++++++++++--- powerauth-java-cmd-lib/pom.xml | 28 ++++++++++++++-------------- powerauth-java-cmd/pom.xml | 14 +++++++------- 3 files changed, 35 insertions(+), 24 deletions(-) diff --git a/pom.xml b/pom.xml index b9d89b82..f74b6a01 100644 --- a/pom.xml +++ b/pom.xml @@ -27,7 +27,7 @@ io.getlime.security powerauth-cmd-parent - 1.3.0-SNAPSHOT + 1.3.0 pom 2016 @@ -76,8 +76,19 @@ 1.8 1.8 3.2.1 - 3.0.0-M1 - 3.2.0 + 3.0.0-M2 + 3.4.0 + 2.6.8 + 1.70 + 2.13.3 + 1.5.0 + 2.11.0 + 1.1.1 + 1.3.0 + 1.5.0 + 1.18.24 + 5.8.2 + 2.22.2 diff --git a/powerauth-java-cmd-lib/pom.xml b/powerauth-java-cmd-lib/pom.xml index 86efe9b2..af00f3e7 100644 --- a/powerauth-java-cmd-lib/pom.xml +++ b/powerauth-java-cmd-lib/pom.xml @@ -6,12 +6,12 @@ 4.0.0 powerauth-java-cmd-lib PowerAuth Command-line Utility - Java Library - 1.3.0-SNAPSHOT + 1.3.0 powerauth-cmd-parent io.getlime.security - 1.3.0-SNAPSHOT + 1.3.0 ../pom.xml @@ -19,22 +19,22 @@ com.fasterxml.jackson.core jackson-databind - 2.13.3 + ${jackson.version} commons-cli commons-cli - 1.5.0 + ${commons-cli.version} commons-io commons-io - 2.11.0 + ${commons-io.version} com.googlecode.json-simple json-simple - 1.1.1 + ${json-simple.version} junit @@ -45,30 +45,30 @@ io.getlime.security powerauth-restful-model - 1.3.0-SNAPSHOT + ${powerauth.version} io.getlime.security powerauth-java-crypto - 1.3.0-SNAPSHOT + ${powerauth.version} io.getlime.security powerauth-java-http - 1.3.0-SNAPSHOT + ${powerauth.version} org.bouncycastle bcprov-jdk15on - 1.70 + ${bc.version} provided org.springframework.boot spring-boot-starter - 2.6.8 + ${spring-boot.version} log4j-to-slf4j @@ -79,19 +79,19 @@ org.springframework.boot spring-boot-configuration-processor - 2.6.7 + ${spring-boot.version} true io.getlime.core rest-client-base - 1.5.0 + ${wultra-java-core.version} org.projectlombok lombok - 1.18.24 + ${lombok.version} diff --git a/powerauth-java-cmd/pom.xml b/powerauth-java-cmd/pom.xml index 3dd38e87..a4f99d1e 100644 --- a/powerauth-java-cmd/pom.xml +++ b/powerauth-java-cmd/pom.xml @@ -22,7 +22,7 @@ 4.0.0 powerauth-java-cmd - 1.3.0-SNAPSHOT + 1.3.0 powerauth-java-cmd PowerAuth Reference Client Application connected to PowerAuth Standard RESTful API @@ -31,7 +31,7 @@ io.getlime.security powerauth-cmd-parent - 1.3.0-SNAPSHOT + 1.3.0 ../pom.xml @@ -39,7 +39,7 @@ io.getlime.security powerauth-java-cmd-lib - 1.3.0-SNAPSHOT + 1.3.0 log4j-to-slf4j @@ -50,13 +50,13 @@ org.junit.jupiter junit-jupiter-engine - 5.8.2 + ${junit.version} test org.bouncycastle bcprov-jdk15on - 1.70 + ${bc.version} @@ -66,7 +66,7 @@ org.springframework.boot spring-boot-maven-plugin - 2.6.6 + ${spring-boot.version} @@ -87,7 +87,7 @@ maven-surefire-plugin - 2.22.2 + ${maven-surefire-plugin.version}