Package io.getlime.security.powerauth.rest.api.spring.provider

Class PowerAuthAuthenticationProviderBase

java.lang.Object
io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProviderBase
Direct Known Subclasses:
PowerAuthAuthenticationProvider
public abstract class PowerAuthAuthenticationProviderBase
extends Object
Abstract class for PowerAuth authentication provider.
Author:
Petr Dvorak, petr@wultra.com

  • Constructor Details

    • PowerAuthAuthenticationProviderBase

      public PowerAuthAuthenticationProviderBase()

  • Method Details

    • validateRequestSignature

      @Nullable public abstract PowerAuthApiAuthentication validateRequestSignature​(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException
      Validate the signature from the PowerAuth HTTP header against the provided HTTP method, request body and URI identifier. Make sure to accept only allowed signatures. Return an instance of PowerAuthApiAuthentication on successful authorization, null value is returned on failed authorization. A check of null return value is used to determine the authorization result.
      Parameters:
      httpMethod - HTTP method (GET, POST, ...)
      httpBody - Body of the HTTP request.
      requestUriIdentifier - Request URI identifier.
      httpAuthorizationHeader - PowerAuth HTTP authorization header.
      allowedSignatureTypes - Allowed types of the signature.
      forcedSignatureVersion - Forced signature version during upgrade.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization, null value on failed authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateRequestSignatureWithActivationDetails

      @Nonnull public abstract PowerAuthApiAuthentication validateRequestSignatureWithActivationDetails​(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException
      Validate the signature from the PowerAuth HTTP header against the provided HTTP method, request body and URI identifier. Make sure to accept only allowed signatures. Return an instance of PowerAuthApiAuthentication on both successful and failed authorization. A check of null return value cannot be used to determine the authorization result, the actual result is available in the authorization context.
      Parameters:
      httpMethod - HTTP method (GET, POST, ...)
      httpBody - Body of the HTTP request.
      requestUriIdentifier - Request URI identifier.
      httpAuthorizationHeader - PowerAuth HTTP authorization header.
      allowedSignatureTypes - Allowed types of the signature.
      forcedSignatureVersion - Forced signature version during upgrade.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateToken

      @Nullable public abstract PowerAuthApiAuthentication validateToken​(@Nonnull String httpAuthorizationHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException
      Validate the token digest from PowerAuth authentication header.
      Parameters:
      httpAuthorizationHeader - HTTP header with token digest.
      allowedSignatureTypes - Allowed types of the signature.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateTokenWithActivationDetails

      @Nonnull public abstract PowerAuthApiAuthentication validateTokenWithActivationDetails​(@Nonnull String httpAuthorizationHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException
      Validate the token digest from PowerAuth authentication header.
      Parameters:
      httpAuthorizationHeader - HTTP header with token digest.
      allowedSignatureTypes - Allowed types of the signature.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateRequestSignature

      @Nullable public PowerAuthApiAuthentication validateRequestSignature​(@Nonnull String httpMethod, @Nullable byte[] httpBody, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader) throws PowerAuthAuthenticationException
      The same as {validateRequestSignature(String, byte[], String, String, List, Integer) but uses default accepted signature type (2FA or 3FA) and does not specify forced signature version.
      Parameters:
      httpMethod - HTTP method (GET, POST, ...)
      httpBody - Request body
      requestUriIdentifier - Request URI identifier.
      httpAuthorizationHeader - PowerAuth HTTP authorization header.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateRequestSignature

      @Nullable public PowerAuthApiAuthentication validateRequestSignature​(@Nonnull javax.servlet.http.HttpServletRequest servletRequest, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException
      Validate a request signature, make sure only supported signature types are used, do not use forced signature version during upgrade.
      Parameters:
      servletRequest - HTTPServletRequest with signed data.
      requestUriIdentifier - Request URI identifier.
      httpAuthorizationHeader - PowerAuth HTTP authorization header.
      allowedSignatureTypes - Allowed types of signatures.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateRequestSignatureWithActivationDetails

      @Nonnull public PowerAuthApiAuthentication validateRequestSignatureWithActivationDetails​(@Nonnull javax.servlet.http.HttpServletRequest servletRequest, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes) throws PowerAuthAuthenticationException
      Validate a request signature, make sure only supported signature types are used, do not use forced signature version during upgrade.
      Parameters:
      servletRequest - HTTPServletRequest with signed data.
      requestUriIdentifier - Request URI identifier.
      httpAuthorizationHeader - PowerAuth HTTP authorization header.
      allowedSignatureTypes - Allowed types of signatures.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateRequestSignature

      @Nullable public PowerAuthApiAuthentication validateRequestSignature​(@Nonnull javax.servlet.http.HttpServletRequest servletRequest, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader, @Nonnull List<io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes> allowedSignatureTypes, @Nullable Integer forcedSignatureVersion) throws PowerAuthAuthenticationException
      Validate a request signature, make sure only supported signature types are used and allow specification of forced signature version.
      Parameters:
      servletRequest - HTTPServletRequest with signed data.
      requestUriIdentifier - Request URI identifier.
      httpAuthorizationHeader - PowerAuth HTTP authorization header.
      allowedSignatureTypes - Allowed types of signatures.
      forcedSignatureVersion - Forced signature version during upgrade.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateRequestSignature

      @Nullable public PowerAuthApiAuthentication validateRequestSignature​(@Nonnull javax.servlet.http.HttpServletRequest servletRequest, @Nonnull String requestUriIdentifier, @Nonnull String httpAuthorizationHeader) throws PowerAuthAuthenticationException
      The same as {validateRequestSignature(HttpServletRequest, String, String, List, Integer) but uses default accepted signature type (2FA or 3FA) and does not specify forced signature version.
      Parameters:
      servletRequest - HTTPServletRequest with signed data.
      requestUriIdentifier - Request URI identifier.
      httpAuthorizationHeader - PowerAuth HTTP authorization header.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • validateToken

      @Nullable public PowerAuthApiAuthentication validateToken​(@Nonnull String tokenHeader) throws PowerAuthAuthenticationException
      Validate the token digest from PowerAuth authentication header.
      Parameters:
      tokenHeader - HTTP header with token digest.
      Returns:
      Instance of a PowerAuthApiAuthentication on successful authorization.
      Throws:
      PowerAuthAuthenticationException - In case authorization fails, exception is raised.

    • extractRequestBodyBytes

      @Nullable public byte[] extractRequestBodyBytes​(@Nonnull javax.servlet.http.HttpServletRequest servletRequest) throws PowerAuthAuthenticationException
      Extract request body bytes from HTTP servlet request. In case the data was transparently decrypted, use the decrypted request data.
      Parameters:
      servletRequest - HTTP servlet request.
      Returns:
      Request body bytes.
      Throws:
      PowerAuthAuthenticationException - In case request body is invalid.