Merge develop to master

.github/workflows/codeql-analysis.yml

@@ -19,4 +19,5 @@ jobs:
       # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
       # Use only 'java' to analyze code written in Java, Kotlin or both
       # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
-      # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+      # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+      java_version: 21

.github/workflows/maven-deploy.yml

@@ -34,6 +34,7 @@ jobs:
     with:
       environment: internal-publish
       release_type: snapshot
+      java_version: 21
     secrets:
       username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
       password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
@@ -45,6 +46,7 @@ jobs:
     with:
       environment: ${{ inputs.environment }}
       release_type: ${{ inputs.release_type }}
+      java_version: 21
     secrets:
       username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
       password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}

.github/workflows/maven-test.yml

@@ -17,4 +17,6 @@ on:
 jobs:
   maven-tests:
     uses: wultra/wultra-infrastructure/.github/workflows/maven-test.yml@develop
-    secrets: inherit
+    secrets: inherit
+    with:
+      java_version: 21

pom.xml

@@ -27,7 +27,7 @@
 
     <groupId>io.getlime.security</groupId>
     <artifactId>powerauth-cmd-parent</artifactId>
-    <version>1.6.0</version>
+    <version>1.7.0</version>
     <packaging>pom</packaging>
 
     <inceptionYear>2016</inceptionYear>
@@ -76,24 +76,22 @@
         <java.version>17</java.version>
         <maven.compiler.release>${java.version}</maven.compiler.release>
 
-        <maven-compiler-plugin.version>3.12.1</maven-compiler-plugin.version>
-        <maven-source-plugin.version>3.3.0</maven-source-plugin.version>
+        <maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
+        <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
         <maven-deploy-plugin.version>3.1.1</maven-deploy-plugin.version>
         <maven-javadoc-plugin.version>3.6.3</maven-javadoc-plugin.version>
         <maven-enforcer-plugin.version>3.4.1</maven-enforcer-plugin.version>
-        <maven-surefire-plugin.version>3.2.3</maven-surefire-plugin.version>
-        <spring-boot.version>3.1.6</spring-boot.version>
+        <maven-surefire-plugin.version>3.2.5</maven-surefire-plugin.version>
+        <spring-boot.version>3.2.4</spring-boot.version>
         <bc.version>1.77</bc.version>
         <commons-cli.version>1.6.0</commons-cli.version>
-        <commons-io.version>2.15.1</commons-io.version>
+        <commons-io.version>2.16.1</commons-io.version>
         <json-simple.version>1.1.1</json-simple.version>
-        <!--  TODO (racansky, 2023-12-08) temporarily override the version 1.4.11 from spring boot version because of CVE  -->
-        <logback.version>1.4.14</logback.version>
 
         <!-- Wultra Dependencies -->
-        <powerauth-restful-integration>1.6.0</powerauth-restful-integration>
-        <powerauth-crypto.version>1.6.0</powerauth-crypto.version>
-        <wultra-core.version>1.8.0</wultra-core.version>
+        <powerauth-restful-integration>1.7.0</powerauth-restful-integration>
+        <powerauth-crypto.version>1.7.0</powerauth-crypto.version>
+        <wultra-core.version>1.9.0</wultra-core.version>
     </properties>
 
     <dependencyManagement>
@@ -106,18 +104,6 @@
                 <scope>import</scope>
             </dependency>
 
-            <!--  TODO (racansky, 2023-12-08) temporarily override the version 1.4.11 from spring boot version because of CVE  -->
-            <dependency>
-                <groupId>ch.qos.logback</groupId>
-                <artifactId>logback-classic</artifactId>
-                <version>${logback.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>ch.qos.logback</groupId>
-                <artifactId>logback-core</artifactId>
-                <version>${logback.version}</version>
-            </dependency>
-
             <dependency>
                 <groupId>io.getlime.security</groupId>
                 <artifactId>powerauth-java-cmd-lib</artifactId>
@@ -191,26 +177,19 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
                 <version>${maven-enforcer-plugin.version}</version>
-                <dependencies>
-                    <dependency>
-                        <groupId>de.skuzzle.enforcer</groupId>
-                        <artifactId>restrict-imports-enforcer-rule</artifactId>
-                        <version>2.4.0</version>
-                    </dependency>
-                </dependencies>
                 <executions>
                     <execution>
-                        <id>enforce-banned-java-imports</id>
+                        <id>enforce-banned-dependencies</id>
                         <goals>
                             <goal>enforce</goal>
                         </goals>
                         <configuration>
                             <rules>
-                                <RestrictImports>
-                                    <!--  https://github.com/google/guava/issues/2960  -->
-                                    <reason>Guava depends on jsr305 but we prefer jakarta in our code</reason>
-                                    <bannedImport>javax.annotation.**</bannedImport>
-                                </RestrictImports>
+                                <bannedDependencies>
+                                    <excludes>
+                                        <exclude>com.google.guava:guava*:*:*:compile</exclude>
+                                    </excludes>
+                                </bannedDependencies>
                             </rules>
                         </configuration>
                     </execution>

powerauth-java-cmd-lib/pom.xml

@@ -10,7 +10,7 @@
     <parent>
         <artifactId>powerauth-cmd-parent</artifactId>
         <groupId>io.getlime.security</groupId>
-        <version>1.6.0</version>
+        <version>1.7.0</version>
     </parent>
 
     <dependencies>

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/consts/PowerAuthVersion.java

@@ -16,9 +16,8 @@
  */
 package io.getlime.security.powerauth.lib.cmd.consts;
 
-import com.google.common.collect.ImmutableList;
-
 import java.util.Arrays;
+import java.util.List;
 
 /**
  * PowerAuth protocol version enumeration
@@ -45,7 +44,7 @@ public enum PowerAuthVersion {
     /**
      * All supported versions
      */
-    public static final ImmutableList<PowerAuthVersion> ALL_VERSIONS = ImmutableList.copyOf(values());
+    public static final List<PowerAuthVersion> ALL_VERSIONS = List.of(values());
 
     /**
      * Default version
@@ -55,7 +54,7 @@ public enum PowerAuthVersion {
     /**
      * All versions belonging to major version 3
      */
-    public static final ImmutableList<PowerAuthVersion> VERSION_3 = ImmutableList.of(V3_0, V3_1, V3_2);
+    public static final List<PowerAuthVersion> VERSION_3 = List.of(V3_0, V3_1, V3_2);
 
     /**
      * Major version value

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/service/StepExecutionService.java

@@ -80,9 +80,9 @@ public ResultStatusObject execute(PowerAuthStep stepId, PowerAuthVersion version
             throw new PowerAuthCmdException();
         }
 
-        BaseStep step = stepProvider.getStep(stepId, version);
+        final BaseStep step = stepProvider.getStep(stepId, version);
 
-        ResultStatusObject result = step.execute(model.toMap());
+        final ResultStatusObject result = step.execute(stepLogger, model.toMap());
         if (result == null) {
             throw new PowerAuthCmdException();
         }

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/AbstractBaseStep.java

@@ -17,7 +17,6 @@
 
 package io.getlime.security.powerauth.lib.cmd.steps;
 
-import com.google.common.collect.ImmutableList;
 import com.wultra.core.rest.client.base.RestClient;
 import com.wultra.core.rest.client.base.RestClientException;
 import io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor;
@@ -27,8 +26,6 @@
 import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorId;
 import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorParameters;
 import io.getlime.security.powerauth.crypto.lib.encryptor.model.v3.ClientEncryptorSecrets;
-import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator;
-import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor;
 import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthStep;
 import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthVersion;
 import io.getlime.security.powerauth.lib.cmd.logging.DisabledStepLogger;
@@ -80,7 +77,7 @@ public abstract class AbstractBaseStep<M extends BaseStepData, R> implements Bas
      * Supported versions of PowerAuth by this step
      */
     @Getter
-    private final ImmutableList<PowerAuthVersion> supportedVersions;
+    private final List<PowerAuthVersion> supportedVersions;
 
     /**
      * Result status service
@@ -93,8 +90,6 @@ public abstract class AbstractBaseStep<M extends BaseStepData, R> implements Bas
     protected final StepLoggerFactory stepLoggerFactory;
 
     private static final EncryptorFactory ENCRYPTOR_FACTORY = new EncryptorFactory();
-    private static final KeyGenerator KEY_GENERATOR = new KeyGenerator();
-    private static final KeyConvertor KEY_CONVERTOR = new KeyConvertor();
 
     /**
      * Constructor
@@ -109,7 +104,7 @@ public AbstractBaseStep(PowerAuthStep step,
                             ResultStatusService resultStatusService,
                             StepLoggerFactory stepLoggerFactory) {
         this.step = step;
-        this.supportedVersions = ImmutableList.copyOf(supportedVersions);
+        this.supportedVersions = List.copyOf(supportedVersions);
 
         this.resultStatusService = resultStatusService;
         this.stepLoggerFactory = stepLoggerFactory;
@@ -130,26 +125,6 @@ public AbstractBaseStep(PowerAuthStep step,
      */
     protected abstract ParameterizedTypeReference<R> getResponseTypeReference();
 
-    /**
-     * Executes this step with a given context
-     *
-     * @param context Provided context
-     * @return Result status object, null in case of failure.
-     * @throws Exception In case of any error.
-     */
-    @Override
-    public ResultStatusObject execute(Map<String, Object> context) throws Exception {
-        StepLogger stepLogger = stepLoggerFactory.createStepLogger();
-        stepLogger.start();
-        JSONObject jsonObject = execute(stepLogger, context);
-        stepLogger.close();
-        if (jsonObject == null) {
-            return null;
-        } else {
-            return ResultStatusObject.fromJsonObject(jsonObject);
-        }
-    }
-
     /**
      * Execute this step with given logger and context objects.
      *
@@ -160,7 +135,7 @@ public ResultStatusObject execute(Map<String, Object> context) throws Exception
      * @return Result status object (with current activation status), null in case of failure.
      * @throws Exception In case of a failure.
      */
-    public final JSONObject execute(StepLogger stepLogger, Map<String, Object> context) throws Exception {
+    public final ResultStatusObject execute(StepLogger stepLogger, Map<String, Object> context) throws Exception {
         if (stepLogger == null) {
             stepLogger = DisabledStepLogger.INSTANCE;
         }
@@ -192,7 +167,12 @@ public final JSONObject execute(StepLogger stepLogger, Map<String, Object> conte
             return null;
         }
 
-        return stepContext.getModel().getResultStatusObject();
+        final JSONObject resultStatusObject = stepContext.getModel().getResultStatusObject();
+        if (resultStatusObject == null) {
+            return null;
+        } else {
+            return ResultStatusObject.fromJsonObject(resultStatusObject);
+        }
     }
 
     /**
@@ -236,7 +216,6 @@ public void addEncryptedRequest(StepContext<M, R> stepContext, String applicatio
      * @throws Exception when an error during encryption of the request data occurred
      */
     public void addEncryptedRequest(StepContext<M, R> stepContext, ClientEncryptor encryptor, byte[] data) throws Exception {
-        M model = stepContext.getModel();
         SimpleSecurityContext securityContext = (SimpleSecurityContext) stepContext.getSecurityContext();
         if (securityContext == null) {
             stepContext.setSecurityContext(
@@ -306,8 +285,8 @@ public void processResponse(StepContext<M, R> stepContext) throws Exception { }
      * @throws Exception when an error during response processing occurred
      */
     public final void processResponse(StepContext<M, R> stepContext, byte[] responseBody, Class<R> responseObjectClass) throws Exception {
-        R responseBodyObject = HttpUtil.fromBytes(responseBody, responseObjectClass);
-        ResponseEntity<R> responseEntity = ResponseEntity.of(Optional.of(responseBodyObject));
+        final R responseBodyObject = HttpUtil.fromBytes(responseBody, responseObjectClass);
+        final ResponseEntity<R> responseEntity = ResponseEntity.ofNullable(responseBodyObject);
         addResponseContext(stepContext, responseEntity);
         processResponse(stepContext);
     }

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/BaseStep.java

@@ -18,6 +18,7 @@
 
 import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthStep;
 import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthVersion;
+import io.getlime.security.powerauth.lib.cmd.logging.StepLogger;
 import io.getlime.security.powerauth.lib.cmd.steps.pojo.ResultStatusObject;
 
 import java.util.List;
@@ -34,11 +35,12 @@ public interface BaseStep {
     /**
      * Execute this step with given context objects.
      *
+     * @param stepLogger Step logger.
      * @param context Context objects.
      * @return Result status object (with current activation status), null in case of failure.
      * @throws Exception In case of a failure.
      */
-    ResultStatusObject execute(Map<String, Object> context) throws Exception;
+    ResultStatusObject execute(StepLogger stepLogger, Map<String, Object> context) throws Exception;
 
     /**
      * @return Corresponding PowerAuth step

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/pojo/ResultStatusObject.java

@@ -188,7 +188,10 @@ public void setServerPublicKey(String serverPublicKey) {
      */
     @JsonIgnore
     public SecretKey getSignatureBiometryKeyObject() {
-        String signatureBiometryKey = (String) jsonObject.get("signatureBiometryKey");
+        final String signatureBiometryKey = (String) jsonObject.get("signatureBiometryKey");
+        if (signatureBiometryKey == null) {
+            return null;
+        }
         return KEY_CONVERTOR.convertBytesToSharedSecretKey(Base64.getDecoder().decode(signatureBiometryKey));
     }
 
@@ -290,7 +293,10 @@ public void setSignatureKnowledgeKeySalt(String signatureKnowledgeKeySalt) {
      */
     @JsonIgnore
     public SecretKey getSignaturePossessionKeyObject() {
-        String signaturePossessionKey = (String) jsonObject.get("signaturePossessionKey");
+        final String signaturePossessionKey = (String) jsonObject.get("signaturePossessionKey");
+        if (signaturePossessionKey == null) {
+            return null;
+        }
         return KEY_CONVERTOR.convertBytesToSharedSecretKey(Base64.getDecoder().decode(signaturePossessionKey));
     }
 
@@ -324,7 +330,10 @@ public void setSignaturePossessionKey(String signaturePossessionKey) {
      */
     @JsonIgnore
     public SecretKey getTransportMasterKeyObject() {
-        String transportMasterKey = (String) jsonObject.get("transportMasterKey");
+        final String transportMasterKey = (String) jsonObject.get("transportMasterKey");
+        if (transportMasterKey == null) {
+            return null;
+        }
         return KEY_CONVERTOR.convertBytesToSharedSecretKey(Base64.getDecoder().decode(transportMasterKey));
     }
 

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/ConfirmRecoveryCodeStep.java

@@ -123,7 +123,7 @@ public StepContext<ConfirmRecoveryCodeStepModel, EciesEncryptedResponse> prepare
     public void processResponse(StepContext<ConfirmRecoveryCodeStepModel, EciesEncryptedResponse> stepContext) throws Exception {
         final ConfirmRecoveryResponsePayload confirmResponsePayload = decryptResponse(stepContext, ConfirmRecoveryResponsePayload.class);
         Map<String, Object> objectMap = new HashMap<>();
-        objectMap.put("alreadyConfirmed", confirmResponsePayload.getAlreadyConfirmed());
+        objectMap.put("alreadyConfirmed", confirmResponsePayload.isAlreadyConfirmed());
 
         stepContext.getStepLogger().writeItem(
                 getStep().id() + "-confirmation-done",

powerauth-java-cmd-lib/src/main/java/io/getlime/security/powerauth/lib/cmd/steps/v3/CreateTokenStep.java

@@ -16,7 +16,6 @@
  */
 package io.getlime.security.powerauth.lib.cmd.steps.v3;
 
-import com.google.common.collect.ImmutableMap;
 import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorId;
 import io.getlime.security.powerauth.lib.cmd.consts.BackwardCompatibilityConst;
 import io.getlime.security.powerauth.lib.cmd.consts.PowerAuthConst;
@@ -119,11 +118,8 @@ public void processResponse(StepContext<CreateTokenStepModel, EciesEncryptedResp
                 "Token successfully obtained",
                 "Token was successfully generated and decrypted",
                 "OK",
-                ImmutableMap.<String, Object>builder()
-                        .put("tokenId", tokenResponsePayload.getTokenId())
-                        .put("tokenSecret", tokenResponsePayload.getTokenSecret())
-                        .build()
-
+                Map.of("tokenId", tokenResponsePayload.getTokenId(),
+                        "tokenSecret",tokenResponsePayload.getTokenSecret())
         );
     }