Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #1813: [Feature]: Add (m)TLS configuration of Callbacks #1814

Merged
merged 14 commits into from
Jan 8, 2025
Merged

Fix #1813: [Feature]: Add (m)TLS configuration of Callbacks #1814

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
ee61f71
Fix #1813: [Feature]: Add (m)TLS configuration of Callbacks
romanstrobl Dec 31, 2024
d4d0b95
Fix typo
romanstrobl Dec 31, 2024
a37e23b
Exclude large data from toString
romanstrobl Dec 31, 2024
57477c8
Exclude large data and sensitive data from toString
romanstrobl Dec 31, 2024
45f8b14
Extract certificate variable
romanstrobl Jan 2, 2025
9f1eab4
Do not return keystore and truststore content in response
romanstrobl Jan 2, 2025
c30b28b
Allow truststore and keystore configuration in PowerAuth Admin
romanstrobl Jan 2, 2025
c456d4b
Simplify validations
romanstrobl Jan 2, 2025
94c4498
Update annotations
romanstrobl Jan 2, 2025
0d1011c
Handle accidental overwrites
romanstrobl Jan 2, 2025
4fcbc86
Allow resetting keystore and truststore content values using empty st…
romanstrobl Jan 3, 2025
d143da0
Add comment about REST API usage
romanstrobl Jan 3, 2025
435413b
Move comment
romanstrobl Jan 3, 2025
1fc9e58
Fix for attributes
romanstrobl Jan 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 17 additions & 11 deletions docs/WebServices-Methods.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,15 +127,15 @@ REST endpoint: `POST /rest/v3/status`

`GetSystemStatusResponse`

| Type | Name | Description |
|------|------|-------------|
| `String` | `status` | A constant value "OK". |
| `String` | `applicationName` | A name of the application, the default value is `powerauth`. The value may be overriden by setting`powerauth.service.applicationName` property.
| `String` | `applicationDisplayName` | A human readable name of the application, default value is "PowerAuth Server". The value may be overriden by setting `powerauth.service.applicationDisplayName` property. |
| `String` | `applicationEnvironment` | An identifier of the environment, by default, the value is empty. The value may be overriden by setting `powerauth.service.applicationEnvironment` property. |
| `String` | `version` | Version of PowerAuth server. |
| `String` | `buildTime` | Timestamp when the powerauth-server.war file was built. |
| `DateTime` | `timestamp` | A current system timestamp. |
| Type | Name | Description |
|------------|--------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `String` | `status` | A constant value "OK". |
| `String` | `applicationName` | A name of the application, the default value is `powerauth`. The value may be overriden by setting`powerauth.service.applicationName` property. |
| `String` | `applicationDisplayName` | A human readable name of the application, default value is "PowerAuth Server". The value may be overriden by setting `powerauth.service.applicationDisplayName` property. |
| `String` | `applicationEnvironment` | An identifier of the environment, by default, the value is empty. The value may be overriden by setting `powerauth.service.applicationEnvironment` property. |
| `String` | `version` | Version of PowerAuth server. |
| `String` | `buildTime` | Timestamp when the powerauth-server.war file was built. |
| `DateTime` | `timestamp` | A current system timestamp. |

### Method 'getErrorCodeList'

Expand Down Expand Up @@ -1450,11 +1450,13 @@ The `authentication` parameter contains a JSON-based configuration for client TL
"enabled": false,
"useCustomKeyStore": false,
"keyStoreLocation": "[keystore resource location]",
"keyStoreContent": "[keystore content encoded in Base64]",
"keyStorePassword": "[keystore password]",
"keyAlias": "[key alias]",
"keyPassword": "[key password]",
"useCustomTrustStore": false,
"trustStoreLocation": "[truststore resource location]",
"trustStoreLocation": "[truststore resource location]",
"trustStoreContent": "[truststore content encoded in Base64]",
"trustStorePassword": "[truststore password]"
},
"httpBasic": {
Expand Down Expand Up @@ -1549,11 +1551,13 @@ The `authentication` parameter contains a JSON-based configuration for client TL
"enabled": false,
"useCustomKeyStore": false,
"keyStoreLocation": "[keystore resource location]",
"keyStoreContent": "[keystore content encoded in Base64]",
"keyStorePassword": "[keystore password]",
"keyAlias": "[key alias]",
"keyPassword": "[key password]",
"useCustomTrustStore": false,
"trustStoreLocation": "[truststore resource location]",
"trustStoreLocation": "[truststore resource location]",
"trustStoreContent": "[truststore content encoded in Base64]",
"trustStorePassword": "[truststore password]"
},
"httpBasic": {
Expand All @@ -1571,6 +1575,8 @@ The `authentication` parameter contains a JSON-based configuration for client TL
}
```

In case you do not want to modify the already set `keyStoreContent` or `trustStoreContent`, send a `null` value in request. For removing the existing `keyStoreContent` or `trustStoreContent` use an empty string.


#### Response

Expand Down
25 changes: 17 additions & 8 deletions ...h-admin/src/main/java/io/getlime/security/app/admin/controller/ApplicationController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,11 +202,13 @@ public String applicationUpdateCallback(@PathVariable("applicationId") String ap
model.put("auth_certificateEnabled", certificateAuth.isEnabled());
model.put("auth_useCustomKeyStore", certificateAuth.isUseCustomKeyStore());
model.put("auth_keyStoreLocation", certificateAuth.getKeyStoreLocation());
model.put("auth_keyStoreContentSet", certificateAuth.isKeyStoreContentSet());
model.put("auth_keyStorePasswordSet", certificateAuth.isKeyStorePasswordSet());
model.put("auth_keyAlias", certificateAuth.getKeyAlias());
model.put("auth_keyPasswordSet", certificateAuth.isKeyPasswordSet());
model.put("auth_useCustomTrustStore", certificateAuth.isUseCustomTrustStore());
model.put("auth_trustStoreLocation", certificateAuth.getTrustStoreLocation());
model.put("auth_trustStoreContentSet", certificateAuth.isTrustStoreContentSet());
model.put("auth_trustStorePasswordSet", certificateAuth.isTrustStorePasswordSet());
}

Expand Down Expand Up @@ -478,10 +480,9 @@ public String applicationUpdateCallbackAction(
private String getErrorForAuthentication(Map<String, String> allParams) {
String error = null;
if ("on".equals(allParams.get("auth_useCustomKeyStore"))) {
if (!StringUtils.hasText(allParams.get("auth_keyStoreLocation"))
|| !StringUtils.hasText(allParams.get("auth_keyAlias"))) {
if (!StringUtils.hasText(allParams.get("auth_keyAlias"))) {
error = "Invalid keystore configuration";
} else {
} else if (StringUtils.hasText(allParams.get("auth_keyStoreLocation"))) {
try {
new URL(allParams.get("auth_keyStoreLocation"));
} catch (MalformedURLException ex) {
Expand All @@ -490,9 +491,7 @@ private String getErrorForAuthentication(Map<String, String> allParams) {
}
}
if ("on".equals(allParams.get("auth_useCustomTrustStore"))) {
if (!StringUtils.hasText(allParams.get("auth_trustStoreLocation"))) {
error = "Invalid truststore configuration";
} else {
if (StringUtils.hasText(allParams.get("auth_trustStoreLocation"))) {
try {
new URL(allParams.get("auth_trustStoreLocation"));
} catch (MalformedURLException ex) {
Expand Down Expand Up @@ -631,7 +630,12 @@ private HttpAuthenticationPrivate prepareHttpAuthentication(Map<String, String>
final HttpAuthenticationPrivate.Certificate certificateAuth = new HttpAuthenticationPrivate.Certificate();
certificateAuth.setEnabled(true);
certificateAuth.setUseCustomKeyStore("on".equals(allParams.get("auth_useCustomKeyStore")));
certificateAuth.setKeyStoreLocation(allParams.get("auth_keyStoreLocation"));
if (!allParams.get("auth_keyStoreLocation").isEmpty()) {
certificateAuth.setKeyStoreLocation(allParams.get("auth_keyStoreLocation"));
}
if (!allParams.get("auth_keyStoreContent").isEmpty()) {
certificateAuth.setKeyStoreContent(allParams.get("auth_keyStoreContent"));
}
if ("true".equals(allParams.get("auth_keyStorePasswordChanged"))) {
certificateAuth.setKeyStorePassword(allParams.get("auth_keyStorePassword"));
}
Expand All @@ -640,10 +644,15 @@ private HttpAuthenticationPrivate prepareHttpAuthentication(Map<String, String>
certificateAuth.setKeyPassword(allParams.get("auth_keyPassword"));
}
certificateAuth.setUseCustomTrustStore("on".equals(allParams.get("auth_useCustomTrustStore")));
certificateAuth.setTrustStoreLocation(allParams.get("auth_trustStoreLocation"));
if (!allParams.get("auth_trustStoreLocation").isEmpty()) {
certificateAuth.setKeyStoreLocation(allParams.get("auth_keyStoreLocation"));
}
if ("true".equals(allParams.get("auth_trustStorePasswordChanged"))) {
certificateAuth.setTrustStorePassword(allParams.get("auth_trustStorePassword"));
}
if (!allParams.get("auth_trustStoreContent").isEmpty()) {
certificateAuth.setTrustStoreContent(allParams.get("auth_trustStoreContent"));
}
httpAuthentication.setCertificate(certificateAuth);
}
if ("on".equals(allParams.get("auth_httpBasicEnabled"))) {
Expand Down
28 changes: 20 additions & 8 deletions powerauth-admin/src/main/webapp/WEB-INF/jsp/callbackCreate.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,12 @@
<input type="text" id="auth_keyStoreLocation" name="auth_keyStoreLocation" class="form-control" value="${auth_keyStoreLocation}"/>
</div>
</div>
<div class="form-group">
<label for="attr_activationId" class="col-sm-4 control-label">Keystore Content</label>
romanstrobl marked this conversation as resolved.
Show resolved Hide resolved
<div class="col-sm-7">
<input type="text" id="auth_keyStoreContent" name="auth_keyStoreContent" class="form-control"/>
</div>
</div>
<div class="form-group">
<label for="attr_activationId" class="col-sm-4 control-label">Keystore Password</label>
<div class="col-sm-4">
Expand Down Expand Up @@ -160,6 +166,12 @@
<input type="text" id="auth_trustStoreLocation" name="auth_trustStoreLocation" class="form-control" value="${auth_trustStoreLocation}"/>
</div>
</div>
<div class="form-group">
<label for="attr_activationId" class="col-sm-4 control-label">Truststore Content</label>
<div class="col-sm-7">
<input type="text" id="auth_trustStoreContent" name="auth_trustStoreContent" class="form-control"/>
</div>
</div>
<div class="form-group">
<label for="attr_activationId" class="col-sm-4 control-label">Truststore Password</label>
<div class="col-sm-4">
Expand All @@ -177,8 +189,8 @@
</div>
<div class="form-group">
<label for="auth_oAuth2ClientId" class="col-sm-4 control-label">Client ID</label>
<div class="col-sm-8" style="margin-top: 6px">
<input type="text" id="auth_oAuth2ClientId" name="auth_oAuth2ClientId"/>
<div class="col-sm-4">
<input type="text" id="auth_oAuth2ClientId" class="form-control" name="auth_oAuth2ClientId"/>
</div>
</div>
<div class="form-group">
Expand All @@ -205,20 +217,20 @@
<h4 class="panel-heading">Retry Policy and Retention</h4>
</div>
<div class="form-group">
<label for="maxAttempts" class="col-sm-3 control-label">Max Attempts</label>
<div class="col-sm-9">
<label for="maxAttempts" class="col-sm-4 control-label">Max Attempts</label>
<div class="col-sm-4">
<input type="number" id="maxAttempts" name="maxAttempts" class="form-control" value="${maxAttempts}" min="1"/>
</div>
</div>
<div class="form-group">
<label for="initialBackoff" class="col-sm-3 control-label">Initial Backoff</label>
<div class="col-sm-9">
<label for="initialBackoff" class="col-sm-4 control-label">Initial Backoff</label>
<div class="col-sm-4">
<input type="text" id="initialBackoff" name="initialBackoff" class="form-control" value="${initialBackoff}"/>
</div>
</div>
<div class="form-group">
<label for="retentionPeriod" class="col-sm-3 control-label">Retention Period</label>
<div class="col-sm-9">
<label for="retentionPeriod" class="col-sm-4 control-label">Retention Period</label>
<div class="col-sm-4">
<input type="text" id="retentionPeriod" name="retentionPeriod" class="form-control" value="${retentionPeriod}"/>
</div>
</div>
Expand Down
34 changes: 24 additions & 10 deletions powerauth-admin/src/main/webapp/WEB-INF/jsp/callbackUpdate.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,10 +126,17 @@
</div>
<div class="form-group">
<label for="attr_activationId" class="col-sm-4 control-label">Keystore Location</label>
<div class="col-sm-7">
<div class="col-sm-4">
<input type="text" id="auth_keyStoreLocation" name="auth_keyStoreLocation" class="form-control" value="${auth_keyStoreLocation}"/>
</div>
</div>
<div class="form-group">
<label for="attr_activationId" class="col-sm-4 control-label">Keystore Content</label>
romanstrobl marked this conversation as resolved.
Show resolved Hide resolved
<div class="col-sm-4">
<input type="text" id="auth_keyStoreContent" name="auth_keyStoreContent" class="form-control"/>
</div>
<c:if test="${true eq auth_keyStoreContentSet}"><div class="col-sm-4" style="margin-top: 8px">Content is set.</div></c:if>
</div>
<div class="form-group">
<label for="attr_activationId" class="col-sm-4 control-label">Keystore Password</label>
<div class="col-sm-4">
Expand Down Expand Up @@ -159,10 +166,17 @@
</div>
<div class="form-group">
<label for="attr_activationId" class="col-sm-4 control-label">Truststore Location</label>
<div class="col-sm-7">
<div class="col-sm-4">
<input type="text" id="auth_trustStoreLocation" name="auth_trustStoreLocation" class="form-control" value="${auth_trustStoreLocation}"/>
</div>
</div>
<div class="form-group">
<label for="attr_activationId" class="col-sm-4 control-label">Truststore Content</label>
<div class="col-sm-4">
<input type="text" id="auth_trustStoreContent" name="auth_trustStoreContent" class="form-control"/>
</div>
<c:if test="${true eq auth_trustStoreContentSet}"><div class="col-sm-4" style="margin-top: 8px">Content is set.</div></c:if>
romanstrobl marked this conversation as resolved.
Show resolved Hide resolved
</div>
<div class="form-group">
<label for="attr_activationId" class="col-sm-4 control-label">Truststore Password</label>
<div class="col-sm-4">
Expand All @@ -181,8 +195,8 @@
</div>
<div class="form-group">
<label for="auth_oAuth2ClientId" class="col-sm-4 control-label">Client ID</label>
<div class="col-sm-8" style="margin-top: 6px">
<input type="text" id="auth_oAuth2ClientId" name="auth_oAuth2ClientId" value="${auth_oAuth2ClientId}"/>
<div class="col-sm-4">
<input type="text" id="auth_oAuth2ClientId" name="auth_oAuth2ClientId" class="form-control" value="${auth_oAuth2ClientId}"/>
</div>
</div>
<div class="form-group">
Expand Down Expand Up @@ -210,20 +224,20 @@
<h4 class="panel-heading">Retry Policy and Retention</h4>
</div>
<div class="form-group">
<label for="maxAttempts" class="col-sm-3 control-label">Max Attempts</label>
<div class="col-sm-9">
<label for="maxAttempts" class="col-sm-4 control-label">Max Attempts</label>
<div class="col-sm-4">
<input type="number" id="maxAttempts" name="maxAttempts" class="form-control" value="${maxAttempts}" min="1"/>
</div>
</div>
<div class="form-group">
<label for="initialBackoff" class="col-sm-3 control-label">Initial Backoff</label>
<div class="col-sm-9">
<label for="initialBackoff" class="col-sm-4 control-label">Initial Backoff</label>
<div class="col-sm-4">
<input type="text" id="initialBackoff" name="initialBackoff" class="form-control" value="${initialBackoff}"/>
</div>
</div>
<div class="form-group">
<label for="retentionPeriod" class="col-sm-3 control-label">Retention Period</label>
<div class="col-sm-9">
<label for="retentionPeriod" class="col-sm-4 control-label">Retention Period</label>
<div class="col-sm-4">
<input type="text" id="retentionPeriod" name="retentionPeriod" class="form-control" value="${retentionPeriod}"/>
</div>
</div>
Expand Down
4 changes: 4 additions & 0 deletions ...ain/java/com/wultra/security/powerauth/client/model/entity/HttpAuthenticationPrivate.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,17 @@ public static class Certificate {
private boolean useCustomKeyStore;
private String keyStoreLocation;
@ToString.Exclude
private String keyStoreContent;
@ToString.Exclude
private String keyStorePassword;
private String keyAlias;
@ToString.Exclude
private String keyPassword;
private boolean useCustomTrustStore;
private String trustStoreLocation;
@ToString.Exclude
private String trustStoreContent;
@ToString.Exclude
private String trustStorePassword;
}

Expand Down
Loading
Loading