Merge pull request #1567 from /issues/1566-VerifyECDSASignature-error…

…-handling Fix #1566: VerifyECDSASignature returns bad request for non existing activation
wultra · Jun 6, 2024 · b15c8d0 · b15c8d0
2 parents 7209058 + ee76ddb
commit b15c8d0
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/...ava/com/wultra/security/powerauth/client/model/response/VerifyECDSASignatureResponse.java b/...ava/com/wultra/security/powerauth/client/model/response/VerifyECDSASignatureResponse.java
@@ -18,13 +18,15 @@
 
 package com.wultra.security.powerauth.client.model.response;
 
+import lombok.Builder;
 import lombok.Data;
 
 /**
  * Model class representing response with ECDSA signature verification results.
  *
  * @author Petr Dvorak, petr@wultra.com
  */
+@Builder
 @Data
 public class VerifyECDSASignatureResponse {
 

diff --git a/...urity/powerauth/app/server/service/behavior/tasks/AsymmetricSignatureServiceBehavior.java b/...urity/powerauth/app/server/service/behavior/tasks/AsymmetricSignatureServiceBehavior.java
@@ -164,17 +164,19 @@ public VerifyECDSASignatureResponse verifyECDSASignature(VerifyECDSASignatureReq
             final ActivationRecordEntity activation = activationRepository.findActivationWithoutLock(activationId);
             if (activation == null) {
                 logger.warn("Activation used when verifying ECDSA signature does not exist, activation ID: {}", activationId);
-                throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND);
+                return VerifyECDSASignatureResponse.builder()
+                        .signatureValid(false)
+                        .build();
             }
             activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider);
 
             final byte[] devicePublicKeyData = Base64.getDecoder().decode(activation.getDevicePublicKeyBase64());
             final PublicKey devicePublicKey = keyConvertor.convertBytesToPublicKey(devicePublicKeyData);
             final boolean matches = signatureUtils.validateECDSASignature(Base64.getDecoder().decode(data), Base64.getDecoder().decode(signature), devicePublicKey);
 
-            final VerifyECDSASignatureResponse response = new VerifyECDSASignatureResponse();
-            response.setSignatureValid(matches);
-            return response;
+            return VerifyECDSASignatureResponse.builder()
+                    .signatureValid(matches)
+                    .build();
         } catch (InvalidKeyException | InvalidKeySpecException ex) {
             logger.error(ex.getMessage(), ex);
             // Rollback is not required, database is not used for writing