Merge pull request #397 from wultra/develop

Merge develop to master

pom.xml

@@ -27,7 +27,7 @@
 
     <groupId>io.getlime.security</groupId>
     <artifactId>powerauth-cmd-parent</artifactId>
-    <version>1.5.0</version>
+    <version>1.6.0</version>
     <packaging>pom</packaging>
 
     <inceptionYear>2016</inceptionYear>
@@ -73,21 +73,27 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <maven.compiler.source>17</maven.compiler.source>
-        <maven.compiler.target>17</maven.compiler.target>
+        <java.version>17</java.version>
+        <maven.compiler.release>${java.version}</maven.compiler.release>
+
+        <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
         <maven-source-plugin.version>3.3.0</maven-source-plugin.version>
         <maven-deploy-plugin.version>3.1.1</maven-deploy-plugin.version>
-        <maven-javadoc-plugin.version>3.6.0</maven-javadoc-plugin.version>
+        <maven-javadoc-plugin.version>3.6.3</maven-javadoc-plugin.version>
         <maven-enforcer-plugin.version>3.4.1</maven-enforcer-plugin.version>
-        <spring-boot.version>3.1.3</spring-boot.version>
-        <bc.version>1.76</bc.version>
-        <commons-cli.version>1.5.0</commons-cli.version>
-        <commons-io.version>2.13.0</commons-io.version>
+        <maven-surefire-plugin.version>3.2.3</maven-surefire-plugin.version>
+        <spring-boot.version>3.1.6</spring-boot.version>
+        <bc.version>1.77</bc.version>
+        <commons-cli.version>1.6.0</commons-cli.version>
+        <commons-io.version>2.15.1</commons-io.version>
         <json-simple.version>1.1.1</json-simple.version>
-        <powerauth-restful-integration>1.5.0</powerauth-restful-integration>
-        <powerauth-crypto.version>1.5.1</powerauth-crypto.version>
-        <wultra-core.version>1.7.0</wultra-core.version>
-        <maven-surefire-plugin.version>3.1.2</maven-surefire-plugin.version>
+        <!--  TODO (racansky, 2023-12-08) temporarily override the version 1.4.11 from spring boot version because of CVE  -->
+        <logback.version>1.4.14</logback.version>
+
+        <!-- Wultra Dependencies -->
+        <powerauth-restful-integration>1.6.0</powerauth-restful-integration>
+        <powerauth-crypto.version>1.6.0</powerauth-crypto.version>
+        <wultra-core.version>1.8.0</wultra-core.version>
     </properties>
 
     <dependencyManagement>
@@ -100,6 +106,18 @@
                 <scope>import</scope>
             </dependency>
 
+            <!--  TODO (racansky, 2023-12-08) temporarily override the version 1.4.11 from spring boot version because of CVE  -->
+            <dependency>
+                <groupId>ch.qos.logback</groupId>
+                <artifactId>logback-classic</artifactId>
+                <version>${logback.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>ch.qos.logback</groupId>
+                <artifactId>logback-core</artifactId>
+                <version>${logback.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>io.getlime.security</groupId>
                 <artifactId>powerauth-java-cmd-lib</artifactId>
@@ -123,6 +141,16 @@
     </dependencies>
 
     <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-compiler-plugin</artifactId>
+                    <version>${maven-compiler-plugin.version}</version>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>

powerauth-java-cmd-lib/pom.xml

@@ -10,7 +10,7 @@
     <parent>
         <artifactId>powerauth-cmd-parent</artifactId>
         <groupId>io.getlime.security</groupId>
-        <version>1.5.0</version>
+        <version>1.6.0</version>
     </parent>
 
     <dependencies>

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/ComputeOfflineSignatureStep.java

@@ -37,12 +37,15 @@
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
 import javax.crypto.SecretKey;
 import java.io.Console;
 import java.nio.charset.StandardCharsets;
 import java.security.interfaces.ECPublicKey;
 import java.util.*;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 /**
  * Step for computing offline PowerAuth signature.
@@ -167,8 +170,9 @@ private String calculateOfflineSignature(final String offlineData, final StepLog
         }
         final String operationId = parts[0];
         final String operationData = parts[3];
-        final String nonce = parts[5];
+        final String nonce = parts[parts.length - 2];
         final String signatureLine = parts[parts.length - 1];
+        final String totp = (parts.length > 7 && parts[parts.length - 3].matches("^[0-9]+$")) ? parts[parts.length - 3] : null;
 
         // 1 = KEY_SERVER_PRIVATE was used to sign data (personalized offline signature), otherwise return error
         final String signatureType = signatureLine.substring(0, 1);
@@ -195,7 +199,9 @@ private String calculateOfflineSignature(final String offlineData, final StepLog
             }
 
             // Prepare data for PowerAuth offline signature calculation
-            final String dataForSignature = operationId + "&" + operationData;
+            final String dataForSignature = Stream.of(operationId, operationData, totp)
+                    .filter(StringUtils::hasText)
+                    .collect(Collectors.joining("&"));
             final String signatureBaseString = PowerAuthHttpBody.getSignatureBaseString(
                     "POST",
                     "/operation/authorize/offline",

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/model/PrepareActivationStepModel.java

@@ -24,6 +24,7 @@
 
 import java.security.PublicKey;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.Map;
 
 /**
@@ -46,6 +47,11 @@ public class PrepareActivationStepModel extends BaseStepModel
      */
     private String activationCode;
 
+    /**
+     * Custom attributes.
+     */
+    private Map<String, Object> customAttributes;
+
     /**
      * Additional activation OTP, supported by PowerAuth Server {@code 0.24+}.
      */
@@ -86,9 +92,11 @@ public class PrepareActivationStepModel extends BaseStepModel
      */
     private PublicKey masterPublicKey;
 
-    @Override
-    public Map<String, Object> getCustomAttributes() {
-        return Collections.emptyMap();
+    /**
+     * Constructor
+     */
+    public PrepareActivationStepModel() {
+        customAttributes = new HashMap<>();
     }
 
     @Override
@@ -102,6 +110,7 @@ public Map<String, Object> toMap() {
         context.put("MASTER_PUBLIC_KEY", masterPublicKey);
         context.put("STATUS_FILENAME", statusFileName);
         context.put("ACTIVATION_CODE", activationCode);
+        context.put("CUSTOM_ATTRIBUTES", customAttributes);
         context.put("ADDITIONAL_ACTIVATION_OTP", additionalActivationOtp);
         context.put("PASSWORD", password);
         context.put("ACTIVATION_NAME", activationName);
@@ -113,11 +122,13 @@ public Map<String, Object> toMap() {
     }
 
     @Override
+    @SuppressWarnings("unchecked")
     public void fromMap(Map<String, Object> context) {
         super.fromMap(context);
         setMasterPublicKey((PublicKey) context.get("MASTER_PUBLIC_KEY"));
         setStatusFileName((String) context.get("STATUS_FILENAME"));
         setActivationCode((String) context.get("ACTIVATION_CODE"));
+        setCustomAttributes((Map<String, Object>) context.get("CUSTOM_ATTRIBUTES"));
         setAdditionalActivationOtp((String) context.get("ADDITIONAL_ACTIVATION_OTP"));
         setPassword((String) context.get("PASSWORD"));
         setActivationName((String) context.get("ACTIVATION_NAME"));

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/PrepareActivationStep.java

@@ -132,6 +132,7 @@ protected ActivationLayer1Request prepareLayer1Request(
         Map<String, String> identityAttributes = new HashMap<>();
         identityAttributes.put("code", stepContext.getModel().getActivationCode());
         requestL1.setIdentityAttributes(identityAttributes);
+        requestL1.setCustomAttributes(stepContext.getModel().getCustomAttributes());
         return requestL1;
     }
 

powerauth-java-cmd/pom.xml

@@ -30,7 +30,7 @@
     <parent>
         <groupId>io.getlime.security</groupId>
         <artifactId>powerauth-cmd-parent</artifactId>
-        <version>1.5.0</version>
+        <version>1.6.0</version>
     </parent>
 
     <dependencies>

powerauth-java-cmd/src/main/java/io/getlime/security/powerauth/app/cmd/Application.java

@@ -295,6 +295,10 @@ public static void main(String[] args) {
                         powerAuthStep = PowerAuthStep.ACTIVATION_CREATE;
                     }
 
+                    String customAttributesFileName = cmd.getOptionValue("C");
+                    Map<String, Object> customAttributes =
+                            FileUtil.readDataFromFile(stepLogger, customAttributesFileName, HashMap.class, "custom-attributes", "custom attributes");
+
                     PrepareActivationStepModel model = new PrepareActivationStepModel();
                     model.setActivationCode(cmd.getOptionValue("a"));
                     model.setAdditionalActivationOtp(cmd.getOptionValue("A"));
@@ -303,6 +307,7 @@ public static void main(String[] args) {
                     model.setDeviceInfo(deviceInfo);
                     model.setApplicationKey(applicationKey);
                     model.setApplicationSecret(applicationSecret);
+                    model.setCustomAttributes(customAttributes);
                     model.setHeaders(httpHeaders);
                     model.setMasterPublicKey(masterPublicKey);
                     model.setPassword(cmd.getOptionValue("p"));