diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 81dcf7078..4452a25aa 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,3 +9,8 @@ updates:
directory: "/"
schedule:
interval: "weekly"
+ - package-ecosystem: "github-actions"
+ # Workflow files stored in the default location of `.github/workflows`. (You don't need to specify `/.github/workflows` for `directory`. You can use `directory: "/"`.)
+ directory: "/"
+ schedule:
+ interval: "weekly"
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index d750a7154..33aef3f53 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -4,9 +4,6 @@ on:
workflow_dispatch:
push:
branches: [ 'develop', 'master', 'releases/**' ]
- pull_request:
- # The branches below must be a subset of the branches above
- branches: [ 'develop', 'master', 'releases/**' ]
schedule:
- cron: '0 2 * * 4'
@@ -19,4 +16,5 @@ jobs:
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Use only 'java' to analyze code written in Java, Kotlin or both
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
- # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
\ No newline at end of file
+ # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+ java_version: 21
\ No newline at end of file
diff --git a/.github/workflows/maven-deploy.yml b/.github/workflows/maven-deploy.yml
index 387d9c6f3..d0da3fc7c 100644
--- a/.github/workflows/maven-deploy.yml
+++ b/.github/workflows/maven-deploy.yml
@@ -32,6 +32,7 @@ jobs:
with:
environment: internal-publish
release_type: snapshot
+ java_version: 21
secrets:
username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
@@ -43,6 +44,7 @@ jobs:
with:
environment: ${{ inputs.environment }}
release_type: ${{ inputs.release_type }}
+ java_version: 21
secrets:
username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
diff --git a/.github/workflows/maven-test.yml b/.github/workflows/maven-test.yml
index 6bdada9fe..33932bf61 100644
--- a/.github/workflows/maven-test.yml
+++ b/.github/workflows/maven-test.yml
@@ -15,4 +15,6 @@ on:
jobs:
maven-tests:
uses: wultra/wultra-infrastructure/.github/workflows/maven-test.yml@develop
- secrets: inherit
\ No newline at end of file
+ secrets: inherit
+ with:
+ java_version: 21
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 29c47e3cc..31dd84ab6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,4 +18,5 @@
## Directory-based project format:
.idea/
.mvn
+.vscode/
dist/
diff --git a/docs/.gitignore b/docs/.gitignore
index 29c47e3cc..31dd84ab6 100644
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -18,4 +18,5 @@
## Directory-based project format:
.idea/
.mvn
+.vscode/
dist/
diff --git a/docs/Activation-Status.md b/docs/Activation-Status.md
index f133a3efc..d4d03955d 100644
--- a/docs/Activation-Status.md
+++ b/docs/Activation-Status.md
@@ -1,6 +1,6 @@
# Activation Status
-PowerAuth Client may need to check for an activation status, so that it can determine if it should display UI for non-activated state (registration form), blocked state (how to unblock tutorial) or active state (login screen). To facilitate this use-case, PowerAuth Standard RESTful API publishes a [/pa/v3/activation/status](./Standard-RESTful-API#post-pav3activationstatus) endpoint.
+PowerAuth Client may need to check for an activation status, so that it can determine if it should display UI for non-activated state (registration form), blocked state (how to unblock tutorial) or active state (login screen). To facilitate this use-case, PowerAuth Standard RESTful API publishes a [/pa/v3/activation/status](./Standard-RESTful-API#activation-status) endpoint.
Checking for an activation status is simple. Client needs to prepare a HTTP request with an activation ID and random `STATUS_CHALLENGE`. Server processes the request and sends back the response with activation status blob and random `STATUS_NONCE`. Activation status blob is an encrypted binary blob that encodes the activation status. Key `KEY_TRANSPORT` and `STATUS_IV` is used to encrypt the activation blob.
diff --git a/docs/Activation-via-Recovery-Code.md b/docs/Activation-via-Recovery-Code.md
index 030a3c3bc..bb67a19c6 100644
--- a/docs/Activation-via-Recovery-Code.md
+++ b/docs/Activation-via-Recovery-Code.md
@@ -111,7 +111,7 @@ After this step, PowerAuth Client performs Key Exchange with the PowerAuth Serve
### Key Exchange
-Following diagram shows how public keys are exchanged between PowerAuth Client and PowerAuth Server, and how master shared secret and PowerAuth Standard Keys are derived. The process is very similar to [Key Exchange](Activation.md#key-exchange) from a regular [Activation](Activation.md).
+Following diagram shows how public keys are exchanged between PowerAuth Client and PowerAuth Server, and how master shared secret and PowerAuth Standard Keys are derived. The process is very similar to [Key Derivation](Activation.md#key-derivation) from a regular [Activation](Activation.md).
diff --git a/docs/Activation.md b/docs/Activation.md
index 33450de1a..873ba5945 100644
--- a/docs/Activation.md
+++ b/docs/Activation.md
@@ -45,7 +45,7 @@ The first layer of encryption protects the data transfer between the mobile app
Detailed documentation of [End-to-End Encryption](./End-To-End-Encryption.md) is available in a dedicated chapter.
-A good place to review the exact request and response payload structure is in the [PowerAuth Standard RESTful API documentation](./Standard-RESTful-API.md#post-pav3activationcreate).
+A good place to review the exact request and response payload structure is in the [PowerAuth Standard RESTful API documentation](./Standard-RESTful-API.md#initiate-activation).
## Key Derivation
diff --git a/docs/List-of-used-keys.md b/docs/List-of-used-keys.md
index 21d63e49c..11b322b2f 100644
--- a/docs/List-of-used-keys.md
+++ b/docs/List-of-used-keys.md
@@ -2,14 +2,24 @@
The following keys are used in the PowerAuth cryptography scheme.
+## Application Scoped Keys
+
+| name | created as | purpose |
+|-----------------------------|------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `KEY_SERVER_MASTER_PRIVATE` | ECDH - private key | Embedded on server, used to assure authenticity of data during the transfer from server to client during application scoped use-cases (i.e., device activation). |
+| `KEY_SERVER_MASTER_PUBLIC` | ECDH - public key | Embedded in client app, used to verify authenticity of data while transferring from server to client during application scoped use-cases (i.e., device activation). |
+| `APP_KEY` | Application version key | Shared random ID between the server and client app, used to identify specific application version. The value travels in plain form over HTTPS channel. |
+| `APP_SECRET` | Application version secret | Shared random secret key between the server and client app, used to authenticate specific application version. Used in digest and MAC values. |
+
+
+## Activation Scoped Keys
+
| name | created as | purpose |
|-----------------------------|------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `KEY_DEVICE_PRIVATE` | ECDH - private key | Generated on client to allow construction of `KEY_MASTER_SECRET`. |
| `KEY_DEVICE_PUBLIC` | ECDH - public key | Generated on client to allow construction of `KEY_MASTER_SECRET`. |
| `KEY_SERVER_PRIVATE` | ECDH - private key | Generated on server to allow construction of `KEY_MASTER_SECRET`. |
| `KEY_SERVER_PUBLIC` | ECDH - public key | Generated on server to allow construction of `KEY_MASTER_SECRET`. |
-| `KEY_SERVER_MASTER_PRIVATE` | ECDH - private key | Stored on server, used to assure authenticity of `KEY_DEVICE_PUBLIC` while transferring from server to client |
-| `KEY_SERVER_MASTER_PUBLIC` | ECDH - public key | Stored on client, used to assure authenticity of `KEY_DEVICE_PUBLIC` while transferring from server to client |
| `KEY_MASTER_SECRET` | ECDH - pre-shared | A key deduced using ECDH derivation, `KEY_MASTER_SECRET = ECDH.phase(KEY_DEVICE_PRIVATE, KEY_SERVER_PUBLIC) = ECDH.phase(KEY_SERVER_PRIVATE, KEY_DEVICE_PUBLIC)` and then reduced with `ByteUtils.convert32Bto16B()`. |
| `KEY_SIGNATURE_POSSESSION` | KDF derived key from `KEY_MASTER_SECRET` | A signing key associated with the possession, factor deduced using KDF derivation with `INDEX = 1`, `KEY_SIGNATURE_POSSESSION = KDF.derive(KEY_MASTER_SECRET, 1)`, used for subsequent request signing. |
| `KEY_SIGNATURE_KNOWLEDGE` | KDF derived key from `KEY_MASTER_SECRET` | A key associated with the knowledge factor, deduced using KDF derivation with `INDEX = 2`, `KEY_SIGNATURE_KNOWLEDGE = KDF.derive(KEY_MASTER_SECRET, 2)`, used for subsequent request signing. |
diff --git a/docs/PowerAuth-2024.07.md b/docs/PowerAuth-2024.07.md
new file mode 100644
index 000000000..de3996fa5
--- /dev/null
+++ b/docs/PowerAuth-2024.07.md
@@ -0,0 +1,83 @@
+# PowerAuth 2024.07
+
+
+## Migration guides
+
+For updating to 2024.07, please follow these migration guides:
+
+- [PowerAuth Server - Migration from version 1.7.0 to version 1.8.0](https://github.com/wultra/powerauth-server/blob/develop/docs/PowerAuth-Server-1.8.0.md)
+- [PowerAuth Push Server - Migration from version 1.7.0 to version 1.8.0](https://github.com/wultra/powerauth-push-server/blob/develop/docs/PowerAuth-Push-Server-1.8.0.md)
+- [PowerAuth Web Flow - Migration from version 1.7.0 to version 1.8.0](https://github.com/wultra/powerauth-webflow/blob/develop/docs/Web-Flow-1.8.0.md)
+
+
+## Components for version 2024.07
+
+
+### Back-End Applications
+
+| Component | Application Name | Version | Description |
+|------------------------|------------------------------|---------|-------------------------------------------------------------|
+| PowerAuth Server | `powerauth-java-server.war` | 1.8.0 | Core back-end component for PowerAuth stack. |
+| PowerAuth Admin | `powerauth-admin.war` | 1.8.0 | Administration console for PowerAuth Server. |
+| PowerAuth Push Server | `powerauth-push-server.war` | 1.8.0 | Simple to deploy push server for APNS and FCM. |
+| Enrollment Server | `enrollment-server.war` | 1.8.0 | Enrollment server for PowerAuth. |
+| PowerAuth Web Flow | `powerauth-webflow.war` | 1.8.0 | Central web authentication page. |
+| PowerAuth Next Step | `powerauth-next-step.war` | 1.8.0 | Authorization server used for PowerAuth Web Flow component. |
+| PowerAuth Data Adapter | `powerauth-data-adapter.war` | 1.8.0 | Customization component for PowerAuth Web Flow. |
+| PowerAuth Tpp Engine | `powerauth-tpp-engine.war` | 1.8.0 | Third party provider registry and consent engine. |
+
+
+### Utilities
+
+| Component | Application Name | Version | Description |
+|-----------------------------|-----------------------------|---------|-----------------------------------------------------------------------------------|
+| PowerAuth Command Line Tool | `powerauth-java-cmd.jar` | 1.8.0 | Command line tool for integration testing. |
+| User Data Store | `user-data-store.war` | 1.3.0 | Server component which stores clients personal data securely. |
+| Mobile Utility Server | `mobile-utility-server.war` | 1.8.0 | Server component for dynamic SSL pinning, text localization, and other utilities. |
+| SSL Pinning Tool | `ssl-pinning-tool.jar` | 1.8.0 | A command line utility used to sign SSL certificates for dynamic SSL pinning. |
+
+
+### Mobile Libraries
+
+| Platform | Package Name | Version | Description |
+|--------------------|---------------------------------------------------|---------|---------------------------------------------|
+| iOS | `PowerAuth2` | 1.8.1 | A client library for iOS. |
+| watchOS | `PowerAuth2ForWatch` | 1.8.0 | A limited library for watchOS. |
+| iOS App Extensions | `PowerAuth2ForExtensions` | 1.8.0 | A limited library for iOS App Extensions. |
+| Android | `com.wultra.android.powerauth:powerauth-sdk` | 1.8.1 | A client library for Android. |
+| React Native | `react-native-powerauth-mobile-sdk` | 2.5.1 | React Native wrapper library for PowerAuth. |
+| mToken SDK iOS | `WultraMobileTokenSDK` | 1.11.1 | Mobile Token SDK for the iOS platform. |
+| mToken SDK Android | `com.wultra.android.mtokensdk:mtoken-sdk-android` | 1.11.0 | Mobile Token SDK for the Android platform. |
+
+
+### Back-End Integration Libraries
+
+| Component | Library Name | Version | Description |
+|-------------------------------------------|-----------------------------------------|---------|-------------------------------------------------------------------------------------------------|
+| PowerAuth RESTful Model | `powerauth-restful-model.jar` | 1.8.0 | Model classes for request and response objects used in PowerAuth Standard RESTful API. |
+| PowerAuth RESTful API Security for Spring | `powerauth-restful-security-spring.jar` | 1.8.0 | High-level integration libraries for RESTful API security, build for Spring MVC. |
+| PowerAuth REST Client for Spring | `powerauth-rest-client-spring.jar` | 1.8.0 | REST service client for PowerAuth Server service. |
+| PowerAuth Push Server RESTful Model | `powerauth-push-model.jar` | 1.8.0 | Model classes for request and response objects used in PowerAuth Push Server. |
+| PowerAuth Push Server RESTful Client | `powerauth-push-client.jar` | 1.8.0 | Client implementation that simplifies integration with PowerAuth Push Server service. |
+| PowerAuth Data Adapter RESTful Model | `powerauth-data-adapter-model.jar` | 1.8.0 | Model classes for request and response objects used in PowerAuth Data Adapter component. |
+| PowerAuth Data Adapter Client | `powerauth-data-adapter-client.jar` | 1.8.0 | Client implementation that simplifies integration with PowerAuth Data Adapter custom component. |
+| PowerAuth Next Step RESTful Model | `powerauth-nextstep-model.jar` | 1.8.0 | Model classes for request and response objects used in PowerAuth Next Step service. |
+| PowerAuth Next Step Client | `powerauth-nextstep-client.jar` | 1.8.0 | Client implementation that simplifies integration with PowerAuth Next Step service. |
+| PowerAuth Mobile Token Model | `mtoken-model.jar` | 1.8.0 | Model classes for request and response objects used in PowerAuth Mobile Token. |
+
+
+### Technical Dependencies
+
+| Component | Library Name | Version | Description |
+|-------------------------------------|------------------------------|---------|--------------------------------------------------------------------------------------------------|
+| PowerAuth Cryptography | `powerauth-java-crypto.jar` | 1.8.0 | Core cryptography implementation of the PowerAuth protocol. |
+| PowerAuth HTTP Utilities | `powerauth-java-http.jar` | 1.8.0 | Utilities used for binding PowerAuth cryptography to HTTP technology. |
+| PowerAuth Command-Line Tool Library | `powerauth-java-cmd-lib.jar` | 1.8.0 | Library used for implementation of the PowerAuth Command-Line Tool app, useful for unit testing. |
+| Wultra Java Networking Objects | `rest-model-base.jar` | 1.10.0 | Base classes for RESTful API networking, shared across all Wultra back-end projects. |
+| Wultra REST Client | `rest-client-base.jar` | 1.10.0 | Base RESTful client implementation, shared across all Wultra back-end projects. |
+| Wultra Auditing Library | `audit-base.jar` | 1.10.0 | Base auditing library, shared across all Wultra back-end projects. |
+
+
+## Known Issues When Updating From Older Versions
+
+_No known issues so far._
diff --git a/docs/Releases.md b/docs/Releases.md
index 7a5662a20..a5d75071a 100644
--- a/docs/Releases.md
+++ b/docs/Releases.md
@@ -12,6 +12,7 @@ In order to consolidate the information about the current versions, we have intr
## List of Releases
+- [PowerAuth 2024.07](./PowerAuth-2024.07.md)
- [PowerAuth 2024.03](./PowerAuth-2024.03.md)
- [PowerAuth 2023.12](./PowerAuth-2023.12.md)
- [PowerAuth 2023.08](./PowerAuth-2023.08.md)
diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md
index 9f33fca23..d4adefdfc 100644
--- a/docs/_Sidebar.md
+++ b/docs/_Sidebar.md
@@ -30,8 +30,8 @@
**Tutorials**
-- [Authentication in Mobile Banking Apps (SCA)](https://developers.wultra.com/products/mobile-security-suite/develop/tutorials/Authentication-in-Mobile-Apps)
-- [Verifying PowerAuth Signatures On The Server](https://developers.wultra.com/products/mobile-security-suite/develop/tutorials/Manual-Signature-Verification)
+- [Authentication in Mobile Banking Apps (SCA)](https://developers.wultra.com/tutorials/posts/Mobile-First-Authentication/)
+- [Verifying PowerAuth Signatures On The Server](https://developers.wultra.com/tutorials/posts/Manual-Signature-Verification/)
**API Reference**
diff --git a/pom.xml b/pom.xml
index 426a352fe..e46976cbf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,7 +25,7 @@
io.getlime.security
powerauth-crypto-parent
- 1.7.0
+ 1.8.0
pom
2016
@@ -74,14 +74,14 @@
17
${java.version}
- 3.3.0
- 3.12.1
- 3.1.1
- 3.6.3
- 3.3.0
- 3.2.5
- 2.0.12
- 5.10.2
+ 3.4.2
+ 3.13.0
+ 3.1.2
+ 3.8.0
+ 3.3.1
+ 3.3.1
+ 2.0.13
+ 5.10.3
diff --git a/powerauth-java-crypto/pom.xml b/powerauth-java-crypto/pom.xml
index 1b5bfcc79..5573e3384 100644
--- a/powerauth-java-crypto/pom.xml
+++ b/powerauth-java-crypto/pom.xml
@@ -26,7 +26,7 @@
io.getlime.security
powerauth-crypto-parent
- 1.7.0
+ 1.8.0
@@ -47,7 +47,7 @@
com.fasterxml.jackson.core
jackson-databind
- 2.16.1
+ 2.17.2
test
@@ -59,13 +59,12 @@
org.bouncycastle
bcprov-jdk18on
- 1.77
- provided
+ 1.78.1
org.projectlombok
lombok
- 1.18.30
+ 1.18.34
provided
diff --git a/powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/EciesUtils.java b/powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/EciesUtils.java
index d1087cca3..b9c15dd1f 100644
--- a/powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/EciesUtils.java
+++ b/powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/EciesUtils.java
@@ -109,8 +109,8 @@ public static byte[] deriveSharedInfo2Base(EncryptorScope scope, String applicat
}
try {
return new HMACHashUtilities().hash(transportKey, applicationSecretBytes);
- } catch (Throwable t) {
- throw new EciesException("HMAC calculation failed", t);
+ } catch (Exception e) {
+ throw new EciesException("HMAC calculation failed", e);
}
}
}
diff --git a/powerauth-java-http/pom.xml b/powerauth-java-http/pom.xml
index df3382081..959baea83 100644
--- a/powerauth-java-http/pom.xml
+++ b/powerauth-java-http/pom.xml
@@ -28,7 +28,7 @@
io.getlime.security
powerauth-crypto-parent
- 1.7.0
+ 1.8.0