From e323adccf310d6375cc9d6b7954b0eb755bf9f0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 02:56:12 +0000 Subject: [PATCH 1/8] Bump net.logstash.logback:logstash-logback-encoder from 7.4 to 8.0 Bumps [net.logstash.logback:logstash-logback-encoder](https://github.com/logfellow/logstash-logback-encoder) from 7.4 to 8.0. - [Release notes](https://github.com/logfellow/logstash-logback-encoder/releases) - [Commits](https://github.com/logfellow/logstash-logback-encoder/compare/logstash-logback-encoder-7.4...logstash-logback-encoder-8.0) --- updated-dependencies: - dependency-name: net.logstash.logback:logstash-logback-encoder dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index cac31fa6..e3b98dc6 100644 --- a/pom.xml +++ b/pom.xml @@ -101,7 +101,7 @@ 1.9.0-SNAPSHOT 1.9.0-SNAPSHOT - 7.4 + 8.0 From f98ed9f0b16a0d774be45a86313c7057c0ba5886 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 02:46:27 +0000 Subject: [PATCH 2/8] Bump net.javacrumbs.shedlock:shedlock-bom from 5.14.0 to 5.15.0 Bumps [net.javacrumbs.shedlock:shedlock-bom](https://github.com/lukas-krecan/ShedLock) from 5.14.0 to 5.15.0. - [Commits](https://github.com/lukas-krecan/ShedLock/compare/shedlock-parent-5.14.0...shedlock-parent-5.15.0) --- updated-dependencies: - dependency-name: net.javacrumbs.shedlock:shedlock-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 66b87a95..b25fae33 100644 --- a/pom.xml +++ b/pom.xml @@ -90,7 +90,7 @@ 7.7.0 - 5.14.0 + 5.15.0 4.0.0 2.2.22 2.6.0 From ae6854d887027e3cc42560bc45bc183028e8d074 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 02:46:02 +0000 Subject: [PATCH 3/8] Bump org.springframework.boot:spring-boot-starter-parent Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.3.2 to 3.3.3. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.3.2...v3.3.3) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d27fc261..1591c122 100644 --- a/pom.xml +++ b/pom.xml @@ -32,7 +32,7 @@ org.springframework.boot spring-boot-starter-parent - 3.3.2 + 3.3.3 From 3b15a07d9bf2d4383de697eba9138529af967bee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 02:46:25 +0000 Subject: [PATCH 4/8] Bump org.openapitools:openapi-generator-maven-plugin from 7.7.0 to 7.8.0 Bumps org.openapitools:openapi-generator-maven-plugin from 7.7.0 to 7.8.0. --- updated-dependencies: - dependency-name: org.openapitools:openapi-generator-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d27fc261..8bd13d50 100644 --- a/pom.xml +++ b/pom.xml @@ -88,7 +88,7 @@ - 7.7.0 + 7.8.0 5.15.0 4.0.0 From 6dbc86235aa70a4be300dc9bc671f5631d6c2d0f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 02:31:53 +0000 Subject: [PATCH 5/8] Bump net.javacrumbs.shedlock:shedlock-bom from 5.15.0 to 5.15.1 Bumps [net.javacrumbs.shedlock:shedlock-bom](https://github.com/lukas-krecan/ShedLock) from 5.15.0 to 5.15.1. - [Commits](https://github.com/lukas-krecan/ShedLock/compare/shedlock-parent-5.15.0...shedlock-parent-5.15.1) --- updated-dependencies: - dependency-name: net.javacrumbs.shedlock:shedlock-bom dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d27fc261..05fedad8 100644 --- a/pom.xml +++ b/pom.xml @@ -90,7 +90,7 @@ 7.7.0 - 5.15.0 + 5.15.1 4.0.0 2.2.22 2.6.0 From f0378ff2cfbc107e886d8e14caec6ddf46a9cb80 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 02:31:59 +0000 Subject: [PATCH 6/8] Bump io.swagger.core.v3:swagger-annotations-jakarta Bumps io.swagger.core.v3:swagger-annotations-jakarta from 2.2.22 to 2.2.23. --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-annotations-jakarta dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d27fc261..3e9f21ad 100644 --- a/pom.xml +++ b/pom.xml @@ -92,7 +92,7 @@ 5.15.0 4.0.0 - 2.2.22 + 2.2.23 2.6.0 1.4.4 From a2d813270372596a4f0c793351819a3298907988 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 02:23:11 +0000 Subject: [PATCH 7/8] Bump net.javacrumbs.shedlock:shedlock-bom from 5.15.1 to 5.16.0 Bumps [net.javacrumbs.shedlock:shedlock-bom](https://github.com/lukas-krecan/ShedLock) from 5.15.1 to 5.16.0. - [Commits](https://github.com/lukas-krecan/ShedLock/compare/shedlock-parent-5.15.1...shedlock-parent-5.16.0) --- updated-dependencies: - dependency-name: net.javacrumbs.shedlock:shedlock-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8c116035..3cb4b9c6 100644 --- a/pom.xml +++ b/pom.xml @@ -90,7 +90,7 @@ 7.8.0 - 5.15.1 + 5.16.0 4.0.0 2.2.23 2.6.0 From 145e006f905206ef0635a19367f4c6da04c949e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= Date: Tue, 10 Sep 2024 11:02:43 +0200 Subject: [PATCH 8/8] Fix #1106: OIDC: Configuration of mobile application (#1107) * Fix #1106: OIDC: Configuration of mobile application --- .../OidcApplicationConfigurationRequest.java | 33 +++++++ .../OidcApplicationConfigurationResponse.java | 42 ++++++++ .../ApplicationConfigurationController.java | 95 +++++++++++++++++++ .../DefaultExceptionHandler.java | 13 +++ 4 files changed, 183 insertions(+) create mode 100644 enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/request/OidcApplicationConfigurationRequest.java create mode 100644 enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/response/OidcApplicationConfigurationResponse.java create mode 100644 enrollment-server/src/main/java/com/wultra/app/enrollmentserver/controller/api/ApplicationConfigurationController.java diff --git a/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/request/OidcApplicationConfigurationRequest.java b/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/request/OidcApplicationConfigurationRequest.java new file mode 100644 index 00000000..b9a5cb32 --- /dev/null +++ b/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/request/OidcApplicationConfigurationRequest.java @@ -0,0 +1,33 @@ +/* + * PowerAuth Enrollment Server + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package com.wultra.app.enrollmentserver.api.model.enrollment.request; + +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +/** + * Request object for OIDC application configuration. + * + * @author Lubos Racansky, lubos.racansky@wultra.com + */ +@Data +public class OidcApplicationConfigurationRequest { + + @NotBlank + private String providerId; +} diff --git a/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/response/OidcApplicationConfigurationResponse.java b/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/response/OidcApplicationConfigurationResponse.java new file mode 100644 index 00000000..eea61dac --- /dev/null +++ b/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/response/OidcApplicationConfigurationResponse.java @@ -0,0 +1,42 @@ +/* + * PowerAuth Enrollment Server + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package com.wultra.app.enrollmentserver.api.model.enrollment.response; + +import lombok.Data; + +/** + * Response object for OIDC application configuration. + * + * @author Lubos Racansky, lubos.racansky@wultra.com + */ +@Data +public class OidcApplicationConfigurationResponse { + + private String providerId; + private String clientId; + private String scopes; + private String authorizeUri; + private String redirectUri; + + /** + * A hint for the mobile application whether to user PKCE. + * If set to {@code true}, {@code codeVerifier} must be present in identity attributes during create activation step. + */ + private boolean pkceEnabled; + +} diff --git a/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/controller/api/ApplicationConfigurationController.java b/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/controller/api/ApplicationConfigurationController.java new file mode 100644 index 00000000..47f3b686 --- /dev/null +++ b/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/controller/api/ApplicationConfigurationController.java @@ -0,0 +1,95 @@ +/* + * PowerAuth Enrollment Server + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package com.wultra.app.enrollmentserver.controller.api; + +import com.wultra.app.enrollmentserver.api.model.enrollment.request.OidcApplicationConfigurationRequest; +import com.wultra.app.enrollmentserver.api.model.enrollment.response.OidcApplicationConfigurationResponse; +import io.getlime.core.rest.model.base.response.ObjectResponse; +import io.getlime.security.powerauth.rest.api.spring.annotation.EncryptedRequestBody; +import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption; +import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionContext; +import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionScope; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthApplicationConfigurationException; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException; +import io.getlime.security.powerauth.rest.api.spring.service.oidc.OidcApplicationConfiguration; +import io.getlime.security.powerauth.rest.api.spring.service.oidc.OidcApplicationConfigurationService; +import io.getlime.security.powerauth.rest.api.spring.service.oidc.OidcConfigurationQuery; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.Parameter; +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +/** + * Controller that provides application configuration. + * + * @author Lubos Racansky, lubos.racansky@wultra.com + */ +@RestController +@RequestMapping("/api/config") +@Slf4j +@AllArgsConstructor +public class ApplicationConfigurationController { + + private OidcApplicationConfigurationService oidcApplicationConfigurationService; + + /** + * Fetch OIDC application configuration. + * + * @param request Request OIDC application configuration. + * @param encryptionContext PowerAuth ECIES encryption context. + * @return OIDC application configuration. + * @throws PowerAuthApplicationConfigurationException In case there is an error while fetching claims. + * @throws PowerAuthEncryptionException In case of failed encryption. + */ + @PowerAuthEncryption(scope = EncryptionScope.APPLICATION_SCOPE) + @PostMapping("oidc") + @Operation( + summary = "Fetch OIDC application configuration.", + description = "Fetch OIDC application configuration." + ) + public ObjectResponse fetchOidcConfiguration( + @EncryptedRequestBody OidcApplicationConfigurationRequest request, + @Parameter(hidden = true) EncryptionContext encryptionContext) throws PowerAuthEncryptionException, PowerAuthApplicationConfigurationException { + + if (encryptionContext == null) { + logger.error("Encryption failed"); + throw new PowerAuthEncryptionException("Encryption failed"); + } + + final OidcApplicationConfiguration oidcApplicationConfiguration = oidcApplicationConfigurationService.fetchOidcApplicationConfiguration(OidcConfigurationQuery.builder() + .providerId(request.getProviderId()) + .applicationKey(encryptionContext.getApplicationKey()) + .build()); + final OidcApplicationConfigurationResponse result = convert(oidcApplicationConfiguration); + return new ObjectResponse<>(result); + } + + private static OidcApplicationConfigurationResponse convert(final OidcApplicationConfiguration source) { + final OidcApplicationConfigurationResponse target = new OidcApplicationConfigurationResponse(); + target.setClientId(source.getClientId()); + target.setAuthorizeUri(source.getAuthorizeUri()); + target.setScopes(source.getScopes()); + target.setRedirectUri(source.getRedirectUri()); + target.setProviderId(source.getProviderId()); + target.setPkceEnabled(source.isPkceEnabled()); + return target; + } +} diff --git a/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/errorhandling/DefaultExceptionHandler.java b/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/errorhandling/DefaultExceptionHandler.java index e85b9522..0caac97d 100644 --- a/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/errorhandling/DefaultExceptionHandler.java +++ b/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/errorhandling/DefaultExceptionHandler.java @@ -20,6 +20,7 @@ import com.wultra.security.powerauth.lib.mtoken.model.enumeration.ErrorCode; import io.getlime.core.rest.model.base.response.ErrorResponse; +import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthApplicationConfigurationException; import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException; import lombok.extern.slf4j.Slf4j; import org.springframework.http.HttpStatus; @@ -147,6 +148,18 @@ public class DefaultExceptionHandler { return new ErrorResponse("ACTIVATION_CODE_FAILED", "Unable to fetch activation code."); } + /** + * Handling of application configuration exceptions. + * @param ex Exception. + * @return Response with error details. + */ + @ExceptionHandler(PowerAuthApplicationConfigurationException.class) + @ResponseStatus(HttpStatus.BAD_REQUEST) + public @ResponseBody ErrorResponse handleActivationCodeException(PowerAuthApplicationConfigurationException ex) { + logger.warn("Unable to fetch application configuration", ex); + return new ErrorResponse("APPLICATION_CONFIGURATION_ERROR", "Unable to fetch application configuration."); + } + /** * Handling of inbox exceptions. * @param ex Exception.