Merge pull request #132 from wultra/develop

Prepare release 0.24.0

powerauth-data-adapter/pom.xml

@@ -5,7 +5,7 @@
 
     <artifactId>powerauth-data-adapter</artifactId>
     <groupId>io.getlime.security</groupId>
-    <version>0.23.0</version>
+    <version>0.24.0</version>
     <packaging>war</packaging>
 
     <name>powerauth-data-adapter</name>
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.2.1.RELEASE</version>
+        <version>2.2.6.RELEASE</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
 
@@ -93,24 +93,24 @@
         <dependency>
             <groupId>io.getlime.security</groupId>
             <artifactId>powerauth-data-adapter-model</artifactId>
-            <version>0.23.0</version>
+            <version>0.24.0</version>
         </dependency>
         <dependency>
             <groupId>io.getlime.security</groupId>
             <artifactId>powerauth-java-crypto</artifactId>
-            <version>0.23.0</version>
+            <version>0.24.0</version>
         </dependency>
 
         <!-- Other Dependencies -->
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>
-            <artifactId>jackson-datatype-joda</artifactId>
-            <version>2.10.0</version>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+            <version>2.10.3</version>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.64</version>
+            <version>1.65</version>
             <scope>provided</scope>
         </dependency>
 
@@ -141,7 +141,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>28.1-jre</version>
+            <version>28.2-jre</version>
         </dependency>
 
     </dependencies>

powerauth-data-adapter/src/main/java/io/getlime/security/powerauth/app/dataadapter/ServletInitializer.java

@@ -15,8 +15,6 @@
  */
 package io.getlime.security.powerauth.app.dataadapter;
 
-import io.getlime.security.powerauth.crypto.lib.config.PowerAuthConfiguration;
-import io.getlime.security.powerauth.provider.CryptoProviderUtilFactory;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
@@ -34,9 +32,6 @@ protected SpringApplicationBuilder configure(SpringApplicationBuilder applicatio
         // Register BC provider
         Security.addProvider(new BouncyCastleProvider());
 
-        // Tell PowerAuth components to use BC provider
-        PowerAuthConfiguration.INSTANCE.setKeyConvertor(CryptoProviderUtilFactory.getCryptoProviderUtils());
-
         return application.sources(DataAdapterApplication.class);
     }
 

powerauth-data-adapter/src/main/java/io/getlime/security/powerauth/app/dataadapter/api/DataAdapter.java

@@ -20,6 +20,7 @@
 import io.getlime.security.powerauth.lib.dataadapter.model.enumeration.AccountStatus;
 import io.getlime.security.powerauth.lib.dataadapter.model.request.AfsRequestParameters;
 import io.getlime.security.powerauth.lib.dataadapter.model.response.*;
+import io.getlime.security.powerauth.lib.nextstep.model.enumeration.AuthMethod;
 
 import java.util.List;
 import java.util.Map;
@@ -35,12 +36,13 @@ public interface DataAdapter {
      * Lookup user account - map username to user ID.
      * @param username Username which user uses for authentication.
      * @param organizationId Organization ID for this request.
+     * @param clientCertificate Client TLS certificate.
      * @param operationContext Operation context.
      * @return Detail about the user.
      * @throws DataAdapterRemoteException Thrown when remote communication fails.
      * @throws UserNotFoundException Thrown when user does not exist.
      */
-    UserDetailResponse lookupUser(String username, String organizationId, OperationContext operationContext) throws DataAdapterRemoteException, UserNotFoundException;
+    UserDetailResponse lookupUser(String username, String organizationId, String clientCertificate, OperationContext operationContext) throws DataAdapterRemoteException, UserNotFoundException;
 
     /**
      * Authenticate user using provided credentials.
@@ -65,16 +67,29 @@ public interface DataAdapter {
      */
     UserDetailResponse fetchUserDetail(String userId, String organizationId, OperationContext operationContext) throws DataAdapterRemoteException, UserNotFoundException;
 
+    /**
+     * Initialize an authentication method by providing the initial configuration.
+     * @param userId User ID.
+     * @param organizationId Organization ID.
+     * @param authMethod Authentication method.
+     * @param operationContext Operation context.
+     * @return Initialize authentication method response.
+     * @throws DataAdapterRemoteException Thrown when remote communication fails.
+     * @throws InvalidOperationContextException Thrown when operation context is invalid.
+     */
+    InitAuthMethodResponse initAuthMethod(String userId, String organizationId, AuthMethod authMethod, OperationContext operationContext) throws DataAdapterRemoteException, InvalidOperationContextException;
+
     /**
      * Decorate operation form data.
      * @param userId User ID.
      * @param organizationId Organization ID.
+     * @param authMethod Authentication method.
      * @param operationContext Operation context.
      * @return Response with decorated operation form data
      * @throws DataAdapterRemoteException Thrown when remote communication fails.
      * @throws UserNotFoundException Thrown when user does not exist.
      */
-    DecorateOperationFormDataResponse decorateFormData(String userId, String organizationId, OperationContext operationContext) throws DataAdapterRemoteException, UserNotFoundException;
+    DecorateOperationFormDataResponse decorateFormData(String userId, String organizationId, AuthMethod authMethod, OperationContext operationContext) throws DataAdapterRemoteException, UserNotFoundException;
 
     /**
      * Receive notification about form data change.
@@ -86,6 +101,17 @@ public interface DataAdapter {
      */
     void formDataChangedNotification(String userId, String organizationId, FormDataChange formDataChange, OperationContext operationContext) throws DataAdapterRemoteException;
 
+    /**
+     * Create a new implicit login operation. This method is used in situations when operation
+     * is not created yet and default login operation needs to be created with a correct
+     * application context.
+     * @param clientId OAuth 2.0 client ID.
+     * @param scopes OAuth 2.0 scopes.
+     * @return Context of the operation that should be created.
+     * @throws DataAdapterRemoteException Thrown when remote communication fails.
+     */
+    CreateImplicitLoginOperationResponse createImplicitLoginOperation(String clientId, String[] scopes) throws DataAdapterRemoteException;
+
     /**
      * Receive notification about operation change.
      * @param userId User ID.
@@ -101,13 +127,14 @@ public interface DataAdapter {
      * @param userId User ID.
      * @param organizationId Organization ID.
      * @param accountStatus User account status.
+     * @param authMethod Authentication method.
      * @param operationContext Operation context.
      * @param lang Language for localization.
      * @return Message ID.
      * @throws InvalidOperationContextException Thrown when operation context is invalid.
      * @throws DataAdapterRemoteException Thrown when remote communication fails or SMS message could not be delivered.
      */
-    CreateSmsAuthorizationResponse createAndSendAuthorizationSms(String userId, String organizationId, AccountStatus accountStatus, OperationContext operationContext, String lang) throws InvalidOperationContextException, DataAdapterRemoteException;
+    CreateSmsAuthorizationResponse createAndSendAuthorizationSms(String userId, String organizationId, AccountStatus accountStatus, AuthMethod authMethod, OperationContext operationContext, String lang) throws InvalidOperationContextException, DataAdapterRemoteException;
 
     /**
      * Verify authorization code from SMS message.
@@ -139,6 +166,20 @@ public interface DataAdapter {
      */
     VerifySmsAndPasswordResponse verifyAuthorizationSmsAndPassword(String userId, String organizationId, AccountStatus accountStatus, String messageId, String authorizationCode, OperationContext operationContext, AuthenticationContext authenticationContext, String password) throws DataAdapterRemoteException, InvalidOperationContextException;
 
+    /**
+     * Verify client TLS certificate.
+     * @param userId User ID.
+     * @param organizationId Organization ID.
+     * @param clientCertificate Client TLS certificate.
+     * @param authMethod Authentication method requesting certificate verification.
+     * @param accountStatus Current user account status.
+     * @param operationContext Operation context.
+     * @return Response for client TLS certificate verification.
+     * @throws DataAdapterRemoteException Thrown when remote communication fails.
+     * @throws InvalidOperationContextException Thrown when operation context is invalid.
+     */
+    VerifyCertificateResponse verifyClientCertificate(String userId, String organizationId, String clientCertificate, AuthMethod authMethod, AccountStatus accountStatus, OperationContext operationContext) throws DataAdapterRemoteException, InvalidOperationContextException;
+
     /**
      * Decide whether OAuth 2.0 consent form should be displayed based on operation context.
      * @param userId User ID.

powerauth-data-adapter/src/main/java/io/getlime/security/powerauth/app/dataadapter/configuration/WebApplicationConfig.java

@@ -17,7 +17,7 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
-import com.fasterxml.jackson.datatype.joda.JodaModule;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.json.Jackson2ObjectMapperFactoryBean;
@@ -45,7 +45,7 @@ private ObjectMapper objectMapper() {
         bean.setIndentOutput(true);
         bean.afterPropertiesSet();
         ObjectMapper objectMapper = bean.getObject();
-        objectMapper.registerModule(new JodaModule());
+        objectMapper.registerModule(new JavaTimeModule());
         // replacement for ISO8601DateFormat which is deprecated
         objectMapper.configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false);
         return objectMapper;

powerauth-data-adapter/src/main/java/io/getlime/security/powerauth/app/dataadapter/controller/AuthMethodController.java

@@ -0,0 +1,90 @@
+/*
+ * Copyright 2020 Wultra s.r.o.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.getlime.security.powerauth.app.dataadapter.controller;
+
+import io.getlime.core.rest.model.base.request.ObjectRequest;
+import io.getlime.core.rest.model.base.response.ObjectResponse;
+import io.getlime.security.powerauth.app.dataadapter.api.DataAdapter;
+import io.getlime.security.powerauth.app.dataadapter.exception.DataAdapterRemoteException;
+import io.getlime.security.powerauth.app.dataadapter.exception.InvalidOperationContextException;
+import io.getlime.security.powerauth.app.dataadapter.impl.validation.AuthMethodRequestValidator;
+import io.getlime.security.powerauth.lib.dataadapter.model.entity.OperationContext;
+import io.getlime.security.powerauth.lib.dataadapter.model.request.InitAuthMethodRequest;
+import io.getlime.security.powerauth.lib.dataadapter.model.response.InitAuthMethodResponse;
+import io.getlime.security.powerauth.lib.nextstep.model.enumeration.AuthMethod;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+
+/**
+ * Controller class which handles authentication method configuration.
+ *
+ * @author Roman Strobl, [email protected]
+ */
+@RestController
+@RequestMapping("/api/auth/method")
+public class AuthMethodController {
+
+    private static final Logger logger = LoggerFactory.getLogger(AuthMethodController.class);
+
+    private final AuthMethodRequestValidator requestValidator;
+    private final DataAdapter dataAdapter;
+
+    /**
+     * Controller constructor.
+     * @param requestValidator Validator for authentication requests.
+     * @param dataAdapter Data adapter.
+     */
+    @Autowired
+    public AuthMethodController(AuthMethodRequestValidator requestValidator, DataAdapter dataAdapter) {
+        this.requestValidator = requestValidator;
+        this.dataAdapter = dataAdapter;
+    }
+
+    /**
+     * Initializes the request validator.
+     * @param binder Data binder.
+     */
+    @InitBinder
+    private void initBinder(WebDataBinder binder) {
+        binder.setValidator(requestValidator);
+    }
+
+    /**
+     * Initialize an authentication method.
+     * @param request Request for authentication method initialization.
+     * @return Response for authentication method initialization.
+     * @throws DataAdapterRemoteException Thrown in case of remote communication errors.
+     * @throws InvalidOperationContextException Thrown when operation context is invalid.
+     */
+    @PostMapping(value = "/init")
+    public ObjectResponse<InitAuthMethodResponse> initAuthMethod(@Valid @RequestBody ObjectRequest<InitAuthMethodRequest> request) throws DataAdapterRemoteException, InvalidOperationContextException {
+        logger.info("Received initAuthMethod request, user ID: {}, authentication method: {}", request.getRequestObject().getUserId(), request.getRequestObject().getAuthMethod());
+        InitAuthMethodRequest initRequest = request.getRequestObject();
+        String userId = initRequest.getUserId();
+        String organizationId = initRequest.getOrganizationId();
+        AuthMethod authMethod = initRequest.getAuthMethod();
+        OperationContext operationContext = initRequest.getOperationContext();
+        InitAuthMethodResponse response = dataAdapter.initAuthMethod(userId, organizationId, authMethod, operationContext);
+        logger.info("The initAuthMethod request succeeded");
+        return new ObjectResponse<>(response);
+    }
+
+}

powerauth-data-adapter/src/main/java/io/getlime/security/powerauth/app/dataadapter/controller/AuthenticationController.java

@@ -86,8 +86,9 @@ public ObjectResponse<UserDetailResponse> lookupUser(@Valid @RequestBody ObjectR
         UserLookupRequest lookupRequest = request.getRequestObject();
         String username = lookupRequest.getUsername();
         String organizationId = lookupRequest.getOrganizationId();
+        String clientCertificate = lookupRequest.getClientCertificate();
         OperationContext operationContext = lookupRequest.getOperationContext();
-        UserDetailResponse response = dataAdapter.lookupUser(username, organizationId, operationContext);
+        UserDetailResponse response = dataAdapter.lookupUser(username, organizationId, clientCertificate, operationContext);
         logger.info("The user lookup request succeeded, user ID: {}, organization ID: {}, operation ID: {}",
                 response.getId(), response.getOrganizationId(), request.getRequestObject().getOperationContext().getId());
         return new ObjectResponse<>(response);