Merge pull request #620 from wultra/develop

Merge develop to master

.github/dependabot.yml

@@ -9,3 +9,8 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+  - package-ecosystem: "github-actions"
+    # Workflow files stored in the default location of `.github/workflows`. (You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.)
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/codeql-analysis.yml

@@ -4,9 +4,6 @@ on:
   workflow_dispatch:
   push:
     branches: [ 'develop', 'master', 'releases/**' ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ 'develop', 'master', 'releases/**' ]
   schedule:
     - cron: '0 2 * * 4'
 
@@ -19,4 +16,5 @@ jobs:
       # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
       # Use only 'java' to analyze code written in Java, Kotlin or both
       # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
-      # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+      # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+      java_version: 21

.github/workflows/maven-deploy.yml

@@ -32,6 +32,7 @@ jobs:
     with:
       environment: internal-publish
       release_type: snapshot
+      java_version: 21
     secrets:
       username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
       password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
@@ -43,6 +44,7 @@ jobs:
     with:
       environment: ${{ inputs.environment }}
       release_type: ${{ inputs.release_type }}
+      java_version: 21
     secrets:
       username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
       password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}

.github/workflows/maven-test.yml

@@ -15,4 +15,6 @@ on:
 jobs:
   maven-tests:
     uses: wultra/wultra-infrastructure/.github/workflows/maven-test.yml@develop
-    secrets: inherit
+    secrets: inherit
+    with:
+      java_version: 21

.gitignore

@@ -18,4 +18,5 @@
 ## Directory-based project format:
 .idea/
 .mvn
+.vscode/
 dist/

docs/.gitignore

@@ -18,4 +18,5 @@
 ## Directory-based project format:
 .idea/
 .mvn
+.vscode/
 dist/

docs/Activation-Status.md

@@ -1,6 +1,6 @@
 # Activation Status
 
-PowerAuth Client may need to check for an activation status, so that it can determine if it should display UI for non-activated state (registration form), blocked state (how to unblock tutorial) or active state (login screen). To facilitate this use-case, PowerAuth Standard RESTful API publishes a [/pa/v3/activation/status](./Standard-RESTful-API#post-pav3activationstatus) endpoint.
+PowerAuth Client may need to check for an activation status, so that it can determine if it should display UI for non-activated state (registration form), blocked state (how to unblock tutorial) or active state (login screen). To facilitate this use-case, PowerAuth Standard RESTful API publishes a [/pa/v3/activation/status](./Standard-RESTful-API#activation-status) endpoint.
 
 Checking for an activation status is simple. Client needs to prepare a HTTP request with an activation ID and random `STATUS_CHALLENGE`. Server processes the request and sends back the response with activation status blob and random `STATUS_NONCE`. Activation status blob is an encrypted binary blob that encodes the activation status. Key `KEY_TRANSPORT` and `STATUS_IV` is used to encrypt the activation blob.
 

docs/Activation-via-Recovery-Code.md

@@ -111,7 +111,7 @@ After this step, PowerAuth Client performs Key Exchange with the PowerAuth Serve
 
 ### Key Exchange
 
-Following diagram shows how public keys are exchanged between PowerAuth Client and PowerAuth Server, and how master shared secret and PowerAuth Standard Keys are derived. The process is very similar to [Key Exchange](Activation.md#key-exchange) from a regular [Activation](Activation.md).
+Following diagram shows how public keys are exchanged between PowerAuth Client and PowerAuth Server, and how master shared secret and PowerAuth Standard Keys are derived. The process is very similar to [Key Derivation](Activation.md#key-derivation) from a regular [Activation](Activation.md).
 
 ![Activation via Recovery Code](resources/images/sequence_activation_recovery.png)
 

docs/Activation.md

@@ -45,7 +45,7 @@ The first layer of encryption protects the data transfer between the mobile app
 
 Detailed documentation of [End-to-End Encryption](./End-To-End-Encryption.md) is available in a dedicated chapter.
 
-A good place to review the exact request and response payload structure is in the [PowerAuth Standard RESTful API documentation](./Standard-RESTful-API.md#post-pav3activationcreate).
+A good place to review the exact request and response payload structure is in the [PowerAuth Standard RESTful API documentation](./Standard-RESTful-API.md#initiate-activation).
 
 ## Key Derivation
 

docs/List-of-used-keys.md

@@ -2,14 +2,24 @@
 
 The following keys are used in the PowerAuth cryptography scheme.
 
+## Application Scoped Keys
+
+| name                        | created as                               | purpose                                                                                                                                                             |
+|-----------------------------|------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `KEY_SERVER_MASTER_PRIVATE` | ECDH - private key                       | Embedded on server, used to assure authenticity of data during the transfer from server to client during application scoped use-cases (i.e., device activation).    |
+| `KEY_SERVER_MASTER_PUBLIC`  | ECDH - public key                        | Embedded in client app, used to verify authenticity of data while transferring from server to client during application scoped use-cases (i.e., device activation). |
+| `APP_KEY`                   | Application version key                  | Shared random ID between the server and client app, used to identify specific application version. The value travels in plain form over HTTPS channel.              |
+| `APP_SECRET`                | Application version secret               | Shared random secret key between the server and client app, used to authenticate specific application version. Used in digest and MAC values.                       |
+
+
+## Activation Scoped Keys
+
 | name                        | created as                               | purpose                                                                                                                                                                                                                              |
 |-----------------------------|------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `KEY_DEVICE_PRIVATE`        | ECDH - private key                       | Generated on client to allow construction of `KEY_MASTER_SECRET`.                                                                                                                                                                    |
 | `KEY_DEVICE_PUBLIC`         | ECDH - public key                        | Generated on client to allow construction of `KEY_MASTER_SECRET`.                                                                                                                                                                    |
 | `KEY_SERVER_PRIVATE`        | ECDH - private key                       | Generated on server to allow construction of `KEY_MASTER_SECRET`.                                                                                                                                                                    |
 | `KEY_SERVER_PUBLIC`         | ECDH - public key                        | Generated on server to allow construction of `KEY_MASTER_SECRET`.                                                                                                                                                                    |
-| `KEY_SERVER_MASTER_PRIVATE` | ECDH - private key                       | Stored on server, used to assure authenticity of `KEY_DEVICE_PUBLIC` while transferring from server to client                                                                                                                        |
-| `KEY_SERVER_MASTER_PUBLIC`  | ECDH - public key                        | Stored on client, used to assure authenticity of `KEY_DEVICE_PUBLIC` while transferring from server to client                                                                                                                        |
 | `KEY_MASTER_SECRET`         | ECDH - pre-shared                        | A key deduced using ECDH derivation, `KEY_MASTER_SECRET = ECDH.phase(KEY_DEVICE_PRIVATE, KEY_SERVER_PUBLIC) = ECDH.phase(KEY_SERVER_PRIVATE, KEY_DEVICE_PUBLIC)` and then reduced with `ByteUtils.convert32Bto16B()`.                |
 | `KEY_SIGNATURE_POSSESSION`  | KDF derived key from `KEY_MASTER_SECRET` | A signing key associated with the possession, factor deduced using KDF derivation with `INDEX = 1`, `KEY_SIGNATURE_POSSESSION = KDF.derive(KEY_MASTER_SECRET, 1)`, used for subsequent request signing.                              |
 | `KEY_SIGNATURE_KNOWLEDGE`   | KDF derived key from `KEY_MASTER_SECRET` | A key associated with the knowledge factor, deduced using KDF derivation with `INDEX = 2`, `KEY_SIGNATURE_KNOWLEDGE = KDF.derive(KEY_MASTER_SECRET, 2)`, used for subsequent request signing.                                        |

docs/PowerAuth-2024.07.md

@@ -0,0 +1,83 @@
+# PowerAuth 2024.07
+
+
+## Migration guides
+
+For updating to 2024.07, please follow these migration guides:
+
+- [PowerAuth Server - Migration from version 1.7.0 to version 1.8.0](https://github.com/wultra/powerauth-server/blob/develop/docs/PowerAuth-Server-1.8.0.md)
+- [PowerAuth Push Server - Migration from version 1.7.0 to version 1.8.0](https://github.com/wultra/powerauth-push-server/blob/develop/docs/PowerAuth-Push-Server-1.8.0.md)
+- [PowerAuth Web Flow - Migration from version 1.7.0 to version 1.8.0](https://github.com/wultra/powerauth-webflow/blob/develop/docs/Web-Flow-1.8.0.md)
+
+
+## Components for version 2024.07
+
+
+### Back-End Applications
+
+| Component              | Application Name             | Version | Description                                                 |
+|------------------------|------------------------------|---------|-------------------------------------------------------------|
+| PowerAuth Server       | `powerauth-java-server.war`  | 1.8.0   | Core back-end component for PowerAuth stack.                |
+| PowerAuth Admin        | `powerauth-admin.war`        | 1.8.0   | Administration console for PowerAuth Server.                |
+| PowerAuth Push Server  | `powerauth-push-server.war`  | 1.8.0   | Simple to deploy push server for APNS and FCM.              |
+| Enrollment Server      | `enrollment-server.war`      | 1.8.0   | Enrollment server for PowerAuth.                            |
+| PowerAuth Web Flow     | `powerauth-webflow.war`      | 1.8.0   | Central web authentication page.                            |
+| PowerAuth Next Step    | `powerauth-next-step.war`    | 1.8.0   | Authorization server used for PowerAuth Web Flow component. |
+| PowerAuth Data Adapter | `powerauth-data-adapter.war` | 1.8.0   | Customization component for PowerAuth Web Flow.             |
+| PowerAuth Tpp Engine   | `powerauth-tpp-engine.war`   | 1.8.0   | Third party provider registry and consent engine.           |
+
+
+### Utilities
+
+| Component                   | Application Name            | Version | Description                                                                       |
+|-----------------------------|-----------------------------|---------|-----------------------------------------------------------------------------------|
+| PowerAuth Command Line Tool | `powerauth-java-cmd.jar`    | 1.8.0   | Command line tool for integration testing.                                        |
+| User Data Store             | `user-data-store.war`       | 1.3.0   | Server component which stores clients personal data securely.                     |
+| Mobile Utility Server       | `mobile-utility-server.war` | 1.8.0   | Server component for dynamic SSL pinning, text localization, and other utilities. |
+| SSL Pinning Tool            | `ssl-pinning-tool.jar`      | 1.8.0   | A command line utility used to sign SSL certificates for dynamic SSL pinning.     |
+
+
+### Mobile Libraries
+
+| Platform           | Package Name                                      | Version | Description                                 |
+|--------------------|---------------------------------------------------|---------|---------------------------------------------|
+| iOS                | `PowerAuth2`                                      | 1.8.1   | A client library for iOS.                   |
+| watchOS            | `PowerAuth2ForWatch`                              | 1.8.0   | A limited library for watchOS.              |
+| iOS App Extensions | `PowerAuth2ForExtensions`                         | 1.8.0   | A limited library for iOS App Extensions.   |
+| Android            | `com.wultra.android.powerauth:powerauth-sdk`      | 1.8.1   | A client library for Android.               |
+| React Native       | `react-native-powerauth-mobile-sdk`               | 2.5.1   | React Native wrapper library for PowerAuth. | 
+| mToken SDK iOS     | `WultraMobileTokenSDK`                            | 1.11.1  | Mobile Token SDK for the iOS platform.      |
+| mToken SDK Android | `com.wultra.android.mtokensdk:mtoken-sdk-android` | 1.11.0  | Mobile Token SDK for the Android platform.  |
+
+
+### Back-End Integration Libraries
+
+| Component                                 | Library Name                            | Version | Description                                                                                     |
+|-------------------------------------------|-----------------------------------------|---------|-------------------------------------------------------------------------------------------------|
+| PowerAuth RESTful Model                   | `powerauth-restful-model.jar`           | 1.8.0   | Model classes for request and response objects used in PowerAuth Standard RESTful API.          |
+| PowerAuth RESTful API Security for Spring | `powerauth-restful-security-spring.jar` | 1.8.0   | High-level integration libraries for RESTful API security, build for Spring MVC.                |
+| PowerAuth REST Client for Spring          | `powerauth-rest-client-spring.jar`      | 1.8.0   | REST service client for PowerAuth Server service.                                               |
+| PowerAuth Push Server RESTful Model       | `powerauth-push-model.jar`              | 1.8.0   | Model classes for request and response objects used in PowerAuth Push Server.                   |
+| PowerAuth Push Server RESTful Client      | `powerauth-push-client.jar`             | 1.8.0   | Client implementation that simplifies integration with PowerAuth Push Server service.           |
+| PowerAuth Data Adapter RESTful Model      | `powerauth-data-adapter-model.jar`      | 1.8.0   | Model classes for request and response objects used in PowerAuth Data Adapter component.        |
+| PowerAuth Data Adapter Client             | `powerauth-data-adapter-client.jar`     | 1.8.0   | Client implementation that simplifies integration with PowerAuth Data Adapter custom component. |
+| PowerAuth Next Step RESTful Model         | `powerauth-nextstep-model.jar`          | 1.8.0   | Model classes for request and response objects used in PowerAuth Next Step service.             |
+| PowerAuth Next Step Client                | `powerauth-nextstep-client.jar`         | 1.8.0   | Client implementation that simplifies integration with PowerAuth Next Step service.             |
+| PowerAuth Mobile Token Model              | `mtoken-model.jar`                      | 1.8.0   | Model classes for request and response objects used in PowerAuth Mobile Token.                  |
+
+
+### Technical Dependencies
+
+| Component                           | Library Name                 | Version | Description                                                                                      |
+|-------------------------------------|------------------------------|---------|--------------------------------------------------------------------------------------------------|
+| PowerAuth Cryptography              | `powerauth-java-crypto.jar`  | 1.8.0   | Core cryptography implementation of the PowerAuth protocol.                                      |
+| PowerAuth HTTP Utilities            | `powerauth-java-http.jar`    | 1.8.0   | Utilities used for binding PowerAuth cryptography to HTTP technology.                            |
+| PowerAuth Command-Line Tool Library | `powerauth-java-cmd-lib.jar` | 1.8.0   | Library used for implementation of the PowerAuth Command-Line Tool app, useful for unit testing. |
+| Wultra Java Networking Objects      | `rest-model-base.jar`        | 1.10.0  | Base classes for RESTful API networking, shared across all Wultra back-end projects.             |
+| Wultra REST Client                  | `rest-client-base.jar`       | 1.10.0  | Base RESTful client implementation, shared across all Wultra back-end projects.                  |
+| Wultra Auditing Library             | `audit-base.jar`             | 1.10.0  | Base auditing library, shared across all Wultra back-end projects.                               |
+
+
+## Known Issues When Updating From Older Versions
+
+_No known issues so far._

docs/Releases.md

@@ -12,6 +12,7 @@ In order to consolidate the information about the current versions, we have intr
 
 ## List of Releases
 
+- [PowerAuth 2024.07](./PowerAuth-2024.07.md)
 - [PowerAuth 2024.03](./PowerAuth-2024.03.md)
 - [PowerAuth 2023.12](./PowerAuth-2023.12.md)
 - [PowerAuth 2023.08](./PowerAuth-2023.08.md)

docs/_Sidebar.md

@@ -30,8 +30,8 @@
 
 **Tutorials**
 
-- [Authentication in Mobile Banking Apps (SCA)](https://developers.wultra.com/products/mobile-security-suite/develop/tutorials/Authentication-in-Mobile-Apps)
-- [Verifying PowerAuth Signatures On The Server](https://developers.wultra.com/products/mobile-security-suite/develop/tutorials/Manual-Signature-Verification)
+- [Authentication in Mobile Banking Apps (SCA)](https://developers.wultra.com/tutorials/posts/Mobile-First-Authentication/)
+- [Verifying PowerAuth Signatures On The Server](https://developers.wultra.com/tutorials/posts/Manual-Signature-Verification/)
 
 **API Reference**
 

pom.xml

@@ -25,7 +25,7 @@
 
     <groupId>io.getlime.security</groupId>
     <artifactId>powerauth-crypto-parent</artifactId>
-    <version>1.7.0</version>
+    <version>1.8.0</version>
     <packaging>pom</packaging>
 
     <inceptionYear>2016</inceptionYear>
@@ -74,14 +74,14 @@
         <java.version>17</java.version>
         <maven.compiler.release>${java.version}</maven.compiler.release>
 
-        <maven-jar-plugin.version>3.3.0</maven-jar-plugin.version>
-        <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
-        <maven-deploy-plugin.version>3.1.1</maven-deploy-plugin.version>
-        <maven-javadoc-plugin.version>3.6.3</maven-javadoc-plugin.version>
-        <maven-source-plugin.version>3.3.0</maven-source-plugin.version>
-        <maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version>
-        <slf4j.version>2.0.12</slf4j.version>
-        <junit.version>5.10.2</junit.version>
+        <maven-jar-plugin.version>3.4.2</maven-jar-plugin.version>
+        <maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
+        <maven-deploy-plugin.version>3.1.2</maven-deploy-plugin.version>
+        <maven-javadoc-plugin.version>3.8.0</maven-javadoc-plugin.version>
+        <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
+        <maven-surefire-plugin.version>3.3.1</maven-surefire-plugin.version>
+        <slf4j.version>2.0.13</slf4j.version>
+        <junit.version>5.10.3</junit.version>
     </properties>
 
     <dependencyManagement>