Merge develop to master

docs/PowerAuth-2023.12.md

@@ -0,0 +1,75 @@
+# PowerAuth 2023.12
+
+## Migration guides
+
+For updating to 2023.12, please follow these migration guides:
+
+- [PowerAuth Server - Migration from version 1.5.0 to version 1.6.0](https://github.com/wultra/powerauth-server/blob/develop/docs/PowerAuth-Server-1.6.0.md)
+- [PowerAuth Push Server - Migration from version 1.5.0 to version 1.6.0](https://github.com/wultra/powerauth-push-server/blob/develop/docs/PowerAuth-Push-Server-1.6.0.md)
+- [PowerAuth Web Flow - Migration from version 1.5.0 to version 1.6.0](https://github.com/wultra/powerauth-webflow/blob/develop/docs/Web-Flow-1.6.0.md)
+
+## Components for version 2023.12
+
+### Back-End Applications
+
+| Component | Application Name | Version | Description |
+|---|---|---|---|
+| PowerAuth Server | `powerauth-java-server.war` | 1.6.0 | Core back-end component for PowerAuth stack. |
+| PowerAuth Admin | `powerauth-admin.war` | 1.6.0 | Administration console for PowerAuth Server. |
+| PowerAuth Push Server | `powerauth-push-server.war` | 1.6.0 | Simple to deploy push server for APNS and FCM. |
+| Enrollment Server | `enrollment-server.war` | 1.6.0 | Enrollment server for PowerAuth. |
+| PowerAuth Web Flow | `powerauth-webflow.war` | 1.6.0 | Central web authentication page. |
+| PowerAuth Next Step | `powerauth-next-step.war` | 1.6.0 | Authorization server used for PowerAuth Web Flow component. |
+| PowerAuth Data Adapter | `powerauth-data-adapter.war` | 1.6.0 | Customization component for PowerAuth Web Flow. |
+| PowerAuth Tpp Engine | `powerauth-tpp-engine.war` | 1.6.0 | Third party provider registry and consent engine. |
+
+### Utilities
+
+| Component | Application Name | Version | Description |
+|---|---|---|---|
+| PowerAuth Command Line Tool | `powerauth-java-cmd.jar` | 1.6.0 | Command line tool for integration testing. |
+| User Data Store | `user-data-store.war` | 1.1.0 | Server component which stores clients personal data securely. |
+| Mobile Utility Server | `mobile-utility-server.war` | 1.6.0 | Server component for dynamic SSL pinning, text localization, and other utilities. |
+| SSL Pinning Tool | `ssl-pinning-tool.jar` | 1.6.0 | A command line utility used to sign SSL certificates for dynamic SSL pinning. |
+
+### Mobile Libraries
+
+| Platform | Package Name | Version | Description |
+|---|---|---|---|
+| iOS | `PowerAuth2` | 1.8.0 | A client library for iOS. |
+| watchOS | `PowerAuth2ForWatch` | 1.8.0 | A limited library for watchOS. |
+| iOS App Extensions | `PowerAuth2ForExtensions` | 1.8.0 | A limited library for iOS App Extensions. |
+| Android | `com.wultra.android.powerauth:powerauth-sdk` | 1.8.0 | A client library for Android. |
+| React Native | `react-native-powerauth-mobile-sdk` | 2.4.1 | React Native wrapper library for PowerAuth. | 
+| mToken SDK iOS | `WultraMobileTokenSDK` | 1.8.2 | Mobile Token SDK for the iOS platform. |
+| mToken SDK Android | `com.wultra.android.mtokensdk:mtoken-sdk-android` | 1.8.3 | Mobile Token SDK for the Android platform. |
+
+### Back-End Integration Libraries
+
+| Component | Library Name |  Version | Description |
+|---|---|---|---|
+| PowerAuth RESTful Model | `powerauth-restful-model.jar` | 1.6.0 | Model classes for request and response objects used in PowerAuth Standard RESTful API. |
+| PowerAuth RESTful API Security for Spring | `powerauth-restful-security-spring.jar` | 1.6.0 | High-level integration libraries for RESTful API security, build for Spring MVC. |
+| PowerAuth REST Client for Spring | `powerauth-rest-client-spring.jar` | 1.6.0 | REST service client for PowerAuth Server service. |
+| PowerAuth Push Server RESTful Model | `powerauth-push-model.jar` | 1.6.0 | Model classes for request and response objects used in PowerAuth Push Server. |
+| PowerAuth Push Server RESTful Client | `powerauth-push-client.jar` | 1.6.0 | Client implementation that simplifies integration with PowerAuth Push Server service. |
+| PowerAuth Data Adapter RESTful Model | `powerauth-data-adapter-model.jar` | 1.6.0 | Model classes for request and response objects used in PowerAuth Data Adapter component. |
+| PowerAuth Data Adapter Client | `powerauth-data-adapter-client.jar` | 1.6.0 | Client implementation that simplifies integration with PowerAuth Data Adapter custom component. |
+| PowerAuth Next Step RESTful Model | `powerauth-nextstep-model.jar` | 1.6.0 | Model classes for request and response objects used in PowerAuth Next Step service. |
+| PowerAuth Next Step Client | `powerauth-nextstep-client.jar` | 1.6.0 | Client implementation that simplifies integration with PowerAuth Next Step service. |
+| PowerAuth Mobile Token Model | `mtoken-model.jar` | 1.6.0 | Model classes for request and response objects used in PowerAuth Mobile Token. |
+
+### Technical Dependencies
+
+| Component | Library Name | Version | Description |
+|---|---|---|---|
+| PowerAuth Cryptography | `powerauth-java-crypto.jar` | 1.6.0 | Core cryptography implementation of the PowerAuth protocol. |
+| PowerAuth HTTP Utilities | `powerauth-java-http.jar` | 1.6.0 | Utilities used for binding PowerAuth cryptography to HTTP technology. |
+| PowerAuth Command-Line Tool Library | `powerauth-java-cmd-lib.jar` | 1.6.0 | Library used for implementation of the PowerAuth Command-Line Tool app, useful for unit testing. |
+| Wultra Java Networking Objects | `rest-model-base.jar` | 1.8.0 | Base classes for RESTful API networking, shared across all Wultra back-end projects. |
+| Wultra REST Client | `rest-client-base.jar` | 1.8.0 | Base RESTful client implementation, shared across all Wultra back-end projects. |
+| Wultra Auditing Library | `audit-base.jar` | 1.8.0 | Base auditing library, shared across all Wultra back-end projects. |
+
+## Known Issues When Updating From Older Versions
+
+_No known issues so far._

docs/Releases.md

@@ -12,6 +12,8 @@ In order to consolidate the information about the current versions, we have intr
 
 ## List of Releases
 
+- [PowerAuth 2023.12](./PowerAuth-2023.12.md)
+- [PowerAuth 2023.08](./PowerAuth-2023.08.md)
 - [PowerAuth 2022.12](./PowerAuth-2022.12.md)
 - [PowerAuth 2022.05](./PowerAuth-2022.05.md)
 - [PowerAuth 2022.04](./PowerAuth-2022.04.md)

pom.xml

@@ -25,7 +25,7 @@
 
     <groupId>io.getlime.security</groupId>
     <artifactId>powerauth-crypto-parent</artifactId>
-    <version>1.6.0</version>
+    <version>1.7.0-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <inceptionYear>2016</inceptionYear>
@@ -71,26 +71,21 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <maven.compiler.source>17</maven.compiler.source>
-        <maven.compiler.target>17</maven.compiler.target>
+        <java.version>17</java.version>
+        <maven.compiler.release>${java.version}</maven.compiler.release>
+
         <maven-jar-plugin.version>3.3.0</maven-jar-plugin.version>
+        <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
         <maven-deploy-plugin.version>3.1.1</maven-deploy-plugin.version>
         <maven-javadoc-plugin.version>3.6.3</maven-javadoc-plugin.version>
         <maven-source-plugin.version>3.3.0</maven-source-plugin.version>
-        <maven-surefire-plugin.version>3.2.2</maven-surefire-plugin.version>
-        <guava.version>32.1.3-jre</guava.version>
-        <slf4j.version>2.0.9</slf4j.version>
-        <junit.version>5.10.1</junit.version>
+        <maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version>
+        <slf4j.version>2.0.12</slf4j.version>
+        <junit.version>5.10.2</junit.version>
     </properties>
 
     <dependencyManagement>
         <dependencies>
-            <dependency>
-                <groupId>com.google.guava</groupId>
-                <artifactId>guava</artifactId>
-                <version>${guava.version}</version>
-            </dependency>
-
             <dependency>
                 <groupId>org.slf4j</groupId>
                 <artifactId>slf4j-api</artifactId>
@@ -120,6 +115,16 @@
     </dependencyManagement>
 
     <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-compiler-plugin</artifactId>
+                    <version>${maven-compiler-plugin.version}</version>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>

powerauth-java-crypto/pom.xml

@@ -26,14 +26,10 @@
 	<parent>
 		<groupId>io.getlime.security</groupId>
 		<artifactId>powerauth-crypto-parent</artifactId>
-		<version>1.6.0</version>
+		<version>1.7.0-SNAPSHOT</version>
 	</parent>
 
 	<dependencies>
-		<dependency>
-			<groupId>com.google.guava</groupId>
-			<artifactId>guava</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
@@ -51,7 +47,7 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.16.0</version>
+			<version>2.16.1</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/generator/IdentifierGenerator.java

@@ -16,14 +16,14 @@
  */
 package io.getlime.security.powerauth.crypto.lib.generator;
 
-import com.google.common.io.BaseEncoding;
 import io.getlime.security.powerauth.crypto.lib.encryptor.ecies.kdf.KdfX9_63;
 import io.getlime.security.powerauth.crypto.lib.model.RecoveryInfo;
 import io.getlime.security.powerauth.crypto.lib.model.RecoverySeed;
 import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException;
 import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
 import io.getlime.security.powerauth.crypto.lib.util.CRC16;
 import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
+import org.bouncycastle.util.encoders.Base32;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -79,17 +79,6 @@ public String generateActivationId() {
         return UUID.randomUUID().toString();
     }
 
-    /**
-     * Generate a new string of a default length (5) with characters from Base32 encoding.
-     *
-     * @return New string with Base32 characters of a given length.
-     * @throws CryptoProviderException In case key cryptography provider is incorrectly initialized.
-     */
-    private String generateBase32Token() throws CryptoProviderException {
-        byte[] randomBytes = keyGenerator.generateRandomBytes(BASE32_KEY_LENGTH);
-        return BaseEncoding.base32().omitPadding().encode(randomBytes).substring(0, BASE32_KEY_LENGTH);
-    }
-
     /**
      * Generate version 3.0 or higher activation code. The format of activation code is "ABCDE-FGHIJ-KLMNO-PQRST".
      * <p>
@@ -170,8 +159,8 @@ public boolean validateActivationCode(String activationCode) {
             return false;
         }
 
-        // Decode the Base32 value
-        byte[] activationCodeBytes = BaseEncoding.base32().decode(activationCode.replace("-", ""));
+        final String activationCodeBase32 = fetchActivationCodeBase32(activationCode);
+        final byte[] activationCodeBytes = Base32.decode(activationCodeBase32);
 
         // Verify byte array length
         if (activationCodeBytes.length != ACTIVATION_CODE_BYTES_LENGTH) {
@@ -190,6 +179,32 @@ public boolean validateActivationCode(String activationCode) {
         return expectedChecksum == actualChecksum;
     }
 
+    /**
+     * Remove hyphens and calculate padding.
+     * <p>
+     * When {@code ACTIVATION_CODE_BYTES_LENGTH = 12}, the Base32 padding is always {@code ====}, but this method is safe to change the length in the future.
+     *
+     * @param activationCode activation code with hyphens
+     * @return base32 with padding
+     */
+    private static String fetchActivationCodeBase32(final String activationCode) {
+        final String activationCodeWithoutHyphens = activationCode.replace("-", "");
+        // The activation code does not contain the padding, but it must be present in the Base32 value to be valid.
+        final String activationCodePadding = switch (activationCodeWithoutHyphens.length() % 8) {
+            case 2:
+                yield "======";
+            case 4:
+                yield "====";
+            case 5:
+                yield "===";
+            case 7:
+                yield "=";
+            default:
+                yield "";
+        };
+        return activationCodeWithoutHyphens + activationCodePadding;
+    }
+
     /**
      * Generate recovery code and PUK.
      * @return Recovery code and PUK.
@@ -367,9 +382,9 @@ private String generatePuk(SecretKey recoveryPukBaseKey, byte[] indexBytes) thro
      * @param activationCodeBytes Raw activation code bytes.
      * @return Base32 String representation of activation code.
      */
-    private String encodeActivationCode(byte[] activationCodeBytes) {
-        // Generate Base32 representation from 12 activation code bytes, without padding characters.
-        String base32Encoded = BaseEncoding.base32().omitPadding().encode(activationCodeBytes);
+    private String encodeActivationCode(final byte[] activationCodeBytes) {
+        // Padding may be ignored; ACTIVATION_CODE_BYTES_LENGTH is set to 12 and the following substring takes only the first 20 characters.
+        final String base32Encoded = Base32.toBase32String(activationCodeBytes);
 
         // Split Base32 string into 4 groups, each one contains 5 characters. Use "-" as separator.
         return base32Encoded.substring(0, BASE32_KEY_LENGTH)

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/totp/Totp.java

@@ -16,7 +16,6 @@
  */
 package io.getlime.security.powerauth.crypto.lib.totp;
 
-import com.google.common.base.Strings;
 import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException;
 import org.bouncycastle.util.Arrays;
 import org.slf4j.Logger;
@@ -268,7 +267,7 @@ private static long countTimeSteps(final Instant instant, final Duration stepLen
     }
 
     private static String padWithZeros(final String source, final int length) {
-        return Strings.padStart(source, length, '0');
+        return String.format("%1$" + length + "s", source).replace(' ', '0');
     }
 
     /**

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/SignatureUtils.java

@@ -16,7 +16,6 @@
  */
 package io.getlime.security.powerauth.crypto.lib.util;
 
-import com.google.common.base.Joiner;
 import io.getlime.security.powerauth.crypto.lib.config.DecimalSignatureConfiguration;
 import io.getlime.security.powerauth.crypto.lib.config.PowerAuthConfiguration;
 import io.getlime.security.powerauth.crypto.lib.config.SignatureConfiguration;
@@ -164,7 +163,7 @@ private String computePowerAuthDecimalSignature(byte[] data, List<SecretKey> sig
             signatureStringComponents[i] = String.format("%0" + signatureDecimalLength + "d", number);
         }
         // Join components with dash.
-        return Joiner.on("-").join(signatureStringComponents);
+        return String.join("-", signatureStringComponents);
     }
 
     /**

powerauth-java-crypto/src/test/java/io/getlime/security/powerauth/crypto/activation/PowerAuthRecoveryCodeTest.java → powerauth-java-crypto/src/test/java/io/getlime/security/powerauth/crypto/activation/IdentifierGeneratorTest.java

@@ -20,23 +20,25 @@
 import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
 import io.getlime.security.powerauth.crypto.lib.model.RecoveryInfo;
 import io.getlime.security.powerauth.crypto.lib.model.RecoverySeed;
-import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException;
-import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 
 import javax.crypto.SecretKey;
-import java.security.*;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Security;
 import java.util.HashSet;
 
 import static org.junit.jupiter.api.Assertions.*;
 
 /**
+ * Test for {@link IdentifierGenerator}.
  *
  * @author Roman Strobl, [email protected]
  */
-public class PowerAuthRecoveryCodeTest {
+class IdentifierGeneratorTest {
 
     private final IdentifierGenerator identifierGenerator = new IdentifierGenerator();
 
@@ -50,7 +52,7 @@ public static void setUp() {
     }
 
     @Test
-    public void testRecoveryCodeDerivation() throws CryptoProviderException, InvalidKeyException, GenericCryptoException {
+    void testRecoveryCodeDerivation() throws Exception {
         // Number of PUKs to test
         int pukCount = 100;
 
@@ -89,4 +91,12 @@ public void testRecoveryCodeDerivation() throws CryptoProviderException, Invalid
         }
     }
 
+    @Test
+    void testGenerateActivationCode() throws Exception {
+        final String result = identifierGenerator.generateActivationCode(new byte[10]);
+
+        // Base32 is AAAAAAAAAAAAAAAAAAAA====
+        assertEquals("AAAAA-AAAAA-AAAAA-AAAAA", result);
+    }
+
 }

powerauth-java-crypto/src/test/java/io/getlime/security/powerauth/crypto/lib/totp/TotpTest.java

@@ -36,7 +36,6 @@
  * Test for {@link Totp}.
  *
  * @author Lubos Racansky, [email protected]
- *
  */
 class TotpTest {
 

powerauth-java-http/pom.xml

@@ -28,7 +28,7 @@
 	<parent>
 		<groupId>io.getlime.security</groupId>
 		<artifactId>powerauth-crypto-parent</artifactId>
-		<version>1.6.0</version>
+		<version>1.7.0-SNAPSHOT</version>
 	</parent>
 
 	<dependencies>
@@ -37,10 +37,6 @@
 			<artifactId>powerauth-java-crypto</artifactId>
 			<version>${project.version}</version>
 		</dependency>
-		<dependency>
-			<groupId>com.google.guava</groupId>
-			<artifactId>guava</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>