From f979d8f1a7b23df4985f71372c66089978f3f9a9 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 23 Jul 2024 15:30:16 -0600 Subject: [PATCH 01/60] initial code --- .../core/service/ClientMetadataProvider.java | 4 +-- .../core/service/IClientMetadataProvider.java | 2 +- .../core/service/IKeyAclMetadataProvider.java | 2 +- .../core/service/IKeyMetadataProvider.java | 2 +- .../service/IKeysetKeyMetadataProvider.java | 2 +- .../core/service/IKeysetMetadataProvider.java | 2 +- .../core/service/KeyAclMetadataProvider.java | 4 +-- .../core/service/KeyMetadataProvider.java | 4 +-- .../service/KeysetKeysMetadataProvider.java | 4 +-- .../core/service/KeysetMetadataProvider.java | 4 +-- .../com/uid2/core/util/MetadataHelper.java | 30 +++++++++++----- .../com/uid2/core/vertx/CoreVerticle.java | 35 ++++++++++++++++--- 12 files changed, 66 insertions(+), 29 deletions(-) diff --git a/src/main/java/com/uid2/core/service/ClientMetadataProvider.java b/src/main/java/com/uid2/core/service/ClientMetadataProvider.java index 1ad85f50..7fe8bb72 100644 --- a/src/main/java/com/uid2/core/service/ClientMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/ClientMetadataProvider.java @@ -22,8 +22,8 @@ public class ClientMetadataProvider implements IClientMetadataProvider { private final ICloudStorage downloadUrlGenerator; @Override - public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(ClientsMetadataPathName)); + public String getMetadata(OperatorInfo info,boolean includeEncrypted) throws Exception { + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(ClientsMetadataPathName),includeEncrypted); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("client_keys"); diff --git a/src/main/java/com/uid2/core/service/IClientMetadataProvider.java b/src/main/java/com/uid2/core/service/IClientMetadataProvider.java index affe57c6..521bfbfc 100644 --- a/src/main/java/com/uid2/core/service/IClientMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/IClientMetadataProvider.java @@ -4,5 +4,5 @@ import com.uid2.shared.auth.OperatorType; public interface IClientMetadataProvider { - String getMetadata(OperatorInfo info) throws Exception; + String getMetadata(OperatorInfo info, boolean includeEncrypted) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/IKeyAclMetadataProvider.java b/src/main/java/com/uid2/core/service/IKeyAclMetadataProvider.java index ac588574..c67c7bb5 100644 --- a/src/main/java/com/uid2/core/service/IKeyAclMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/IKeyAclMetadataProvider.java @@ -4,5 +4,5 @@ import com.uid2.shared.auth.OperatorType; public interface IKeyAclMetadataProvider { - String getMetadata(OperatorInfo info) throws Exception; + String getMetadata(OperatorInfo info, boolean includeEncrypted) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/IKeyMetadataProvider.java b/src/main/java/com/uid2/core/service/IKeyMetadataProvider.java index 20e67214..48ab00f2 100644 --- a/src/main/java/com/uid2/core/service/IKeyMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/IKeyMetadataProvider.java @@ -4,5 +4,5 @@ import com.uid2.shared.auth.OperatorType; public interface IKeyMetadataProvider { - String getMetadata(OperatorInfo info) throws Exception; + String getMetadata(OperatorInfo info, boolean includeEncrypted) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/IKeysetKeyMetadataProvider.java b/src/main/java/com/uid2/core/service/IKeysetKeyMetadataProvider.java index 972019cd..10242bb7 100644 --- a/src/main/java/com/uid2/core/service/IKeysetKeyMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/IKeysetKeyMetadataProvider.java @@ -3,5 +3,5 @@ import com.uid2.core.util.OperatorInfo; public interface IKeysetKeyMetadataProvider { - String getMetadata(OperatorInfo info) throws Exception; + String getMetadata(OperatorInfo info, Boolean includeEncrypted) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/IKeysetMetadataProvider.java b/src/main/java/com/uid2/core/service/IKeysetMetadataProvider.java index a754c42c..ab1ab80f 100644 --- a/src/main/java/com/uid2/core/service/IKeysetMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/IKeysetMetadataProvider.java @@ -3,5 +3,5 @@ import com.uid2.core.util.OperatorInfo; public interface IKeysetMetadataProvider { - String getMetadata(OperatorInfo info) throws Exception; + String getMetadata(OperatorInfo info, Boolean includeEncrypted) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java b/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java index 8e81bbdf..4e48ca45 100644 --- a/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java @@ -20,8 +20,8 @@ public KeyAclMetadataProvider(ICloudStorage cloudStorage) { } @Override - public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysAclMetadataPathProp)); + public String getMetadata(OperatorInfo info, boolean includeEncrypted) throws Exception { + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysAclMetadataPathProp), includeEncrypted); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keys_acl"); diff --git a/src/main/java/com/uid2/core/service/KeyMetadataProvider.java b/src/main/java/com/uid2/core/service/KeyMetadataProvider.java index a68147ca..8d7ed892 100644 --- a/src/main/java/com/uid2/core/service/KeyMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeyMetadataProvider.java @@ -22,8 +22,8 @@ public KeyMetadataProvider(ICloudStorage cloudStorage) { } @Override - public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(KeysMetadataPathName)); + public String getMetadata(OperatorInfo info, boolean includeEncrypted) throws Exception { + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(KeysMetadataPathName),includeEncrypted); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keys"); diff --git a/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java b/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java index 93534fab..d1fe0b44 100644 --- a/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java @@ -20,8 +20,8 @@ public KeysetKeysMetadataProvider(ICloudStorage cloudStorage) { } @Override - public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysetKeysMetadataPathProp)); + public String getMetadata(OperatorInfo info, Boolean includeEncrypted) throws Exception { + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysetKeysMetadataPathProp), includeEncrypted); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keyset_keys"); diff --git a/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java b/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java index 4068730d..48f58453 100644 --- a/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java @@ -19,8 +19,8 @@ public KeysetMetadataProvider(ICloudStorage cloudStorage) { } @Override - public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysetsMetadataPathProp)); + public String getMetadata(OperatorInfo info, Boolean includeEncrypted) throws Exception { + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysetsMetadataPathProp), includeEncrypted); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keysets"); diff --git a/src/main/java/com/uid2/core/util/MetadataHelper.java b/src/main/java/com/uid2/core/util/MetadataHelper.java index 1e519af6..93a6c9f4 100644 --- a/src/main/java/com/uid2/core/util/MetadataHelper.java +++ b/src/main/java/com/uid2/core/util/MetadataHelper.java @@ -4,6 +4,7 @@ import com.uid2.shared.auth.OperatorType; import com.uid2.shared.auth.Role; import com.uid2.shared.store.CloudPath; +import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.GlobalScope; import com.uid2.shared.store.scope.SiteScope; import com.uid2.shared.store.scope.StoreScope; @@ -22,17 +23,28 @@ public static String getSiteSpecificMetadataPathName(int siteId, String metadata return SiteSpecificDataSubDirPath +siteId + metadataPathName; } - public static String getMetadataPathName(OperatorType operatorType, int siteId, String metadataPathName) - { + public static String getMetadataPathName(OperatorType operatorType, int siteId, String metadataPathName) { + return getMetadataPathName(operatorType, siteId, metadataPathName, false); + } + + public static String getMetadataPathName(OperatorType operatorType, int siteId, String metadataPathName, Boolean canDecrypt) { StoreScope store; Boolean providePrivateSiteData = ConfigStore.Global.getBoolean("provide_private_site_data"); - if (operatorType == OperatorType.PUBLIC || (providePrivateSiteData == null || !providePrivateSiteData.booleanValue())) - { - store = new GlobalScope(new CloudPath(metadataPathName)); - } - else //PRIVATE - { - store = new SiteScope(new CloudPath(metadataPathName), siteId); + if (canDecrypt){ + if (operatorType == OperatorType.PUBLIC){ + store = new EncryptedScope(new CloudPath(metadataPathName),siteId, true); + }else{ + store = new EncryptedScope(new CloudPath(metadataPathName),siteId, false); + } + }else{ + if (operatorType == OperatorType.PUBLIC || (providePrivateSiteData == null || !providePrivateSiteData.booleanValue())) + { + store = new GlobalScope(new CloudPath(metadataPathName)); + } + else //PRIVATE + { + store = new SiteScope(new CloudPath(metadataPathName), siteId); + } } return store.getMetadataPath().toString(); } diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index 9e4bb166..02665603 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -78,6 +78,7 @@ public class CoreVerticle extends AbstractVerticle { private final IPartnerMetadataProvider partnerMetadataProvider; private final OperatorJWTTokenProvider operatorJWTTokenProvider; private final JwtService jwtService; + private static final String ENCRYPTION_SUPPORT_VERSION = "2.3"; // Set this to the appropriate version later public CoreVerticle(ICloudStorage cloudStorage, IAuthorizableProvider authProvider, @@ -362,8 +363,9 @@ private void handleSaltRefresh(RoutingContext rc) { private void handleKeyRefresh(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); + boolean includeEncrypted = isEncryptionSupported(rc); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(keyMetadataProvider.getMetadata(info)); + .end(keyMetadataProvider.getMetadata(info, includeEncrypted)); } catch (Exception e) { logger.warn("exception in handleKeyRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing key refresh"); @@ -373,8 +375,9 @@ private void handleKeyRefresh(RoutingContext rc) { private void handleKeyAclRefresh(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); + boolean includeEncrypted = isEncryptionSupported(rc); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(keyAclMetadataProvider.getMetadata(info)); + .end(keyAclMetadataProvider.getMetadata(info, includeEncrypted)); } catch (Exception e) { logger.warn("exception in handleKeyAclRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing key acl refresh"); @@ -384,8 +387,9 @@ private void handleKeyAclRefresh(RoutingContext rc) { private void handleKeysetRefresh(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); + boolean includeEncrypted = isEncryptionSupported(rc); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(keysetMetadataProvider.getMetadata(info)); + .end(keysetMetadataProvider.getMetadata(info, includeEncrypted)); } catch (Exception e) { logger.warn("exception in handleKeysetRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing key refresh"); @@ -395,8 +399,9 @@ private void handleKeysetRefresh(RoutingContext rc) { private void handleKeysetKeyRefresh(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); + boolean includeEncrypted = isEncryptionSupported(rc); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(keysetKeyMetadataProvider.getMetadata(info)); + .end(keysetKeyMetadataProvider.getMetadata(info, includeEncrypted)); } catch (Exception e) { logger.warn("exception in handleKeysetKeyRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing key refresh"); @@ -406,8 +411,9 @@ private void handleKeysetKeyRefresh(RoutingContext rc) { private void handleClientRefresh(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); + boolean includeEncrypted = isEncryptionSupported(rc); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(clientMetadataProvider.getMetadata(info)); + .end(clientMetadataProvider.getMetadata(info, includeEncrypted)); } catch (Exception e) { logger.warn("exception in handleClientRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing client refresh"); @@ -622,4 +628,23 @@ public static void Error(String errorStatus, int statusCode, RoutingContext rc, rc.response().setStatusCode(statusCode).putHeader(HttpHeaders.CONTENT_TYPE, "application/json") .end(json.encode()); } + + private boolean isEncryptionSupported(RoutingContext context) { + String appVersion = context.request().getHeader(Const.Http.AppVersionHeader); + if (appVersion == null) return false; + return compareVersions(appVersion, ENCRYPTION_SUPPORT_VERSION) >= 0; + } + + private int compareVersions(String v1, String v2) { + String[] parts1 = v1.split("\\."); + String[] parts2 = v2.split("\\."); + int length = Math.max(parts1.length, parts2.length); + for (int i = 0; i < length; i++) { + int part1 = i < parts1.length ? Integer.parseInt(parts1[i]) : 0; + int part2 = i < parts2.length ? Integer.parseInt(parts2[i]) : 0; + if (part1 < part2) return -1; + if (part1 > part2) return 1; + } + return 0; + } } From 5dc6553977a2f796bde2b27dfab42dd94446af4b Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 23 Jul 2024 23:39:01 -0600 Subject: [PATCH 02/60] tests --- .../java/com/uid2/core/model/SecretStore.java | 2 + .../com/uid2/core/vertx/CoreVerticle.java | 22 +++- .../com/uid2/core/vertx/TestCoreVerticle.java | 105 +++++++++++++++++- 3 files changed, 120 insertions(+), 9 deletions(-) diff --git a/src/main/java/com/uid2/core/model/SecretStore.java b/src/main/java/com/uid2/core/model/SecretStore.java index 9643305f..ee3750a5 100644 --- a/src/main/java/com/uid2/core/model/SecretStore.java +++ b/src/main/java/com/uid2/core/model/SecretStore.java @@ -8,4 +8,6 @@ public class SecretStore extends ConfigStore { public String getPrintable(String key) { return "{" + key + ":********}"; } + + } diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index ff7353c6..a475d619 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -672,18 +672,30 @@ public static void Error(String errorStatus, int statusCode, RoutingContext rc, private boolean isEncryptionSupported(RoutingContext context) { String appVersion = context.request().getHeader(Const.Http.AppVersionHeader); if (appVersion == null) return false; - return compareVersions(appVersion, ENCRYPTION_SUPPORT_VERSION) >= 0; + String[] versions = appVersion.split(";"); + for (String version : versions) { + if (version.startsWith("uid2-operator=")) { + String operatorVersion = version.substring("uid2-operator=".length()); + return compareVersions(operatorVersion, ENCRYPTION_SUPPORT_VERSION) >= 0; + } + } + return false; } private int compareVersions(String v1, String v2) { + // Remove any non-numeric suffixes (like -SNAPSHOT) + v1 = v1.split("-")[0]; + v2 = v2.split("-")[0]; + String[] parts1 = v1.split("\\."); String[] parts2 = v2.split("\\."); int length = Math.max(parts1.length, parts2.length); for (int i = 0; i < length; i++) { - int part1 = i < parts1.length ? Integer.parseInt(parts1[i]) : 0; - int part2 = i < parts2.length ? Integer.parseInt(parts2[i]) : 0; - if (part1 < part2) return -1; - if (part1 > part2) return 1; + int p1 = i < parts1.length ? Integer.parseInt(parts1[i]) : 0; + int p2 = i < parts2.length ? Integer.parseInt(parts2[i]) : 0; + if (p1 != p2) { + return p1 - p2; + } } return 0; } diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 7d18e172..95d572f5 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -1,9 +1,10 @@ package com.uid2.core.vertx; import com.uid2.core.model.ConfigStore; -import com.uid2.core.service.AttestationService; -import com.uid2.core.service.JWTTokenProvider; -import com.uid2.core.service.OperatorJWTTokenProvider; +import com.uid2.core.model.SecretStore; +import com.uid2.core.service.*; +import com.uid2.core.util.OperatorInfo; +import com.uid2.core.model.SecretStore; import com.uid2.shared.Const; import com.uid2.shared.attest.EncryptedAttestationToken; import com.uid2.shared.attest.IAttestationTokenService; @@ -24,6 +25,7 @@ import io.vertx.junit5.VertxExtension; import io.vertx.junit5.VertxTestContext; +import static com.uid2.core.service.KeyMetadataProvider.KeysMetadataPathName; import static org.junit.jupiter.api.Assertions.*; import org.junit.jupiter.api.BeforeEach; @@ -35,6 +37,10 @@ import org.mockito.MockitoAnnotations; import javax.crypto.Cipher; +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.net.MalformedURLException; +import java.net.URL; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.SecureRandom; @@ -67,11 +73,18 @@ public class TestCoreVerticle { private JwtService jwtService; @Mock private RotatingS3KeyProvider s3KeyProvider; + @Mock + private IKeyMetadataProvider keyMetadataProvider; + @Mock + private ICloudStorage metadataStreamProvider; + @Mock + private ICloudStorage downloadUrlGenerator; private AttestationService attestationService; private static final String attestationProtocol = "test-attestation-protocol"; private static final String attestationProtocolPublic = "trusted"; + private static final String ENCRYPTION_SUPPORT_VERSION = "2.6"; @BeforeEach void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) throws Throwable { @@ -79,6 +92,7 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th config.put(Const.Config.OptOutUrlProp, "test_optout_url"); config.put(Const.Config.CorePublicUrlProp, "test_core_url"); config.put(Const.Config.AwsKmsJwtSigningKeyIdProp, "test_aws_kms_keyId"); + if (info.getTags().contains("dontForceJwt")) { config.put(Const.Config.EnforceJwtProp, false); } else { @@ -86,9 +100,33 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th } ConfigStore.Global.load(config); + JsonObject config2 = new JsonObject(); + config2.put(KeysMetadataPathName, "keys/metadata.json"); + SecretStore.Global.load(config2); + attestationService = new AttestationService(); MockitoAnnotations.initMocks(this); + // Mock download method for different paths + when(cloudStorage.download(anyString())).thenAnswer(invocation -> { + String path = invocation.getArgument(0); + if (path.contains("encrypted")) { + return new ByteArrayInputStream("{ \"keys\": { \"location\": \"encrypted-location\" } }".getBytes()); + } else { + return new ByteArrayInputStream("{ \"keys\": { \"location\": \"default-location\" } }".getBytes()); + } + }); + + // Mock preSignUrl method for different paths + when(cloudStorage.preSignUrl(anyString())).thenAnswer(invocation -> { + String path = invocation.getArgument(0); + if (path.contains("encrypted")) { + return new URL("http://encrypted_url"); + }else { + return new URL("http://default_url"); + } + }); + CoreVerticle verticle = new CoreVerticle(cloudStorage, authProvider, attestationService, attestationTokenService, enclaveIdentifierProvider, operatorJWTTokenProvider, jwtService, s3KeyProvider); vertx.deployVerticle(verticle, testContext.succeeding(id -> testContext.completeNow())); } @@ -134,6 +172,13 @@ private void get(Vertx vertx, String endpoint, Handler>> handler) { + WebClient client = WebClient.create(vertx); + client.getAbs(getUrlForEndpoint(endpoint)) + .putHeaders(headers) + .send(handler); + } + private void addAttestationProvider(String protocol) { attestationService.with(protocol, attestationProvider); } @@ -604,7 +649,6 @@ void s3encryptionKeyRetrieveNoKeysOrError(Vertx vertx, VertxTestContext testCont assertEquals(500, response2.statusCode()); JsonObject json2 = response2.bodyAsJsonObject(); - System.out.println(json2); assertEquals("error", json2.getString("status")); assertEquals("error generating attestation token", json2.getString("message")); @@ -619,5 +663,58 @@ void s3encryptionKeyRetrieveNoKeysOrError(Vertx vertx, VertxTestContext testCont }); } + @Tag("dontForceJwt") + @Test + void keysRefreshSuccessHigherVersion(Vertx vertx, VertxTestContext testContext) throws Exception { + fakeAuth(attestationProtocolPublic, Role.OPERATOR); + addAttestationProvider(attestationProtocolPublic); + onHandleAttestationRequest(() -> { + byte[] resultPublicKey = null; + return Future.succeededFuture(new AttestationResult(resultPublicKey, "test")); + }); + + MultiMap headers = MultiMap.caseInsensitiveMultiMap(); + headers.add(Const.Http.AppVersionHeader, "uid2-operator=2.7.16-SNAPSHOT;uid2-attestation-api=1.1.0;uid2-shared=2.7.0-3e279acefa"); + + getWithVersion(vertx, "key/refresh", headers, ar -> { + if (ar.succeeded()) { + HttpResponse response = ar.result(); + assertEquals(200, response.statusCode()); + String responseBody = response.bodyAsString(); + assertEquals("{\"keys\":{\"location\":\"http://encrypted_url\"}}", responseBody); + testContext.completeNow(); + } else { + testContext.failNow(ar.cause()); + } + }); + } + + @Tag("dontForceJwt") + @Test + void keysRefreshSuccessLowerVersion(Vertx vertx, VertxTestContext testContext) throws Exception { + // Arrange + fakeAuth(attestationProtocolPublic, Role.OPERATOR); + addAttestationProvider(attestationProtocolPublic); + onHandleAttestationRequest(() -> { + byte[] resultPublicKey = null; + return Future.succeededFuture(new AttestationResult(resultPublicKey, "test")); + }); + + MultiMap headers = MultiMap.caseInsensitiveMultiMap(); + headers.add(Const.Http.AppVersionHeader, "uid2-operator=2.1.16-SNAPSHOT;uid2-attestation-api=1.1.0;uid2-shared=2.7.0-3e279acefa"); + + getWithVersion(vertx, "key/refresh", headers, ar -> { + if (ar.succeeded()) { + HttpResponse response = ar.result(); + System.out.println(response.bodyAsString()); + assertEquals(200, response.statusCode()); + String responseBody = response.bodyAsString(); + assertEquals("{\"keys\":{\"location\":\"http://default_url\"}}", responseBody); + testContext.completeNow(); + } else { + testContext.failNow(ar.cause()); + } + }); + } } From cbcf4de34d66e6870f3e1cd6aa64981f79ab70e8 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 23 Jul 2024 23:40:22 -0600 Subject: [PATCH 03/60] clean up --- src/main/java/com/uid2/core/model/SecretStore.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/main/java/com/uid2/core/model/SecretStore.java b/src/main/java/com/uid2/core/model/SecretStore.java index ee3750a5..9643305f 100644 --- a/src/main/java/com/uid2/core/model/SecretStore.java +++ b/src/main/java/com/uid2/core/model/SecretStore.java @@ -8,6 +8,4 @@ public class SecretStore extends ConfigStore { public String getPrintable(String key) { return "{" + key + ":********}"; } - - } From ad72a7d3b6f87eca1f36b2ece97089a2d9a18b44 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Mon, 29 Jul 2024 13:44:07 -0600 Subject: [PATCH 04/60] fix config --- src/test/java/com/uid2/core/vertx/TestCoreVerticle.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 95d572f5..277e42c6 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -92,6 +92,7 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th config.put(Const.Config.OptOutUrlProp, "test_optout_url"); config.put(Const.Config.CorePublicUrlProp, "test_core_url"); config.put(Const.Config.AwsKmsJwtSigningKeyIdProp, "test_aws_kms_keyId"); + config.put(KeysMetadataPathName, "keys/metadata.json"); if (info.getTags().contains("dontForceJwt")) { config.put(Const.Config.EnforceJwtProp, false); @@ -99,10 +100,7 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th config.put(Const.Config.EnforceJwtProp, true); } ConfigStore.Global.load(config); - - JsonObject config2 = new JsonObject(); - config2.put(KeysMetadataPathName, "keys/metadata.json"); - SecretStore.Global.load(config2); + SecretStore.Global.load(config); attestationService = new AttestationService(); MockitoAnnotations.initMocks(this); From 60dcb27dca2f39ccea6bca9a0d0be3823c2c5bb0 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Mon, 29 Jul 2024 13:55:39 -0600 Subject: [PATCH 05/60] update comapre version --- .../com/uid2/core/vertx/CoreVerticle.java | 35 +++++++++++-------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index a475d619..e24d645f 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -50,6 +50,9 @@ import java.security.spec.X509EncodedKeySpec; import java.time.Instant; import java.util.*; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + import com.uid2.shared.store.reader.RotatingS3KeyProvider; import com.uid2.shared.model.S3Key; @@ -676,27 +679,31 @@ private boolean isEncryptionSupported(RoutingContext context) { for (String version : versions) { if (version.startsWith("uid2-operator=")) { String operatorVersion = version.substring("uid2-operator=".length()); - return compareVersions(operatorVersion, ENCRYPTION_SUPPORT_VERSION) >= 0; + return isVersionGreaterOrEqual(operatorVersion, ENCRYPTION_SUPPORT_VERSION); } } return false; } - private int compareVersions(String v1, String v2) { - // Remove any non-numeric suffixes (like -SNAPSHOT) - v1 = v1.split("-")[0]; - v2 = v2.split("-")[0]; + private boolean isVersionGreaterOrEqual(String v1, String v2) { + Pattern pattern = Pattern.compile("(\\d+)\\.(\\d+)\\.(\\d+)"); + Matcher m1 = pattern.matcher(v1); + Matcher m2 = pattern.matcher(v2); + + if (!m1.find() || !m2.find()) { + return false; // Invalid version format + } - String[] parts1 = v1.split("\\."); - String[] parts2 = v2.split("\\."); - int length = Math.max(parts1.length, parts2.length); - for (int i = 0; i < length; i++) { - int p1 = i < parts1.length ? Integer.parseInt(parts1[i]) : 0; - int p2 = i < parts2.length ? Integer.parseInt(parts2[i]) : 0; - if (p1 != p2) { - return p1 - p2; + for (int i = 1; i <= 3; i++) { + int num1 = Integer.parseInt(m1.group(i)); + int num2 = Integer.parseInt(m2.group(i)); + if (num1 > num2) { + return true; + } else if (num1 < num2) { + return false; } } - return 0; + + return true; // Versions are equal } } From a64746d87f6bd7834c4c484217cce584b2dbfcd1 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Mon, 29 Jul 2024 14:03:00 -0600 Subject: [PATCH 06/60] remove snapshot --- .../com/uid2/core/vertx/CoreVerticle.java | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index e24d645f..3aaab3de 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -685,7 +685,15 @@ private boolean isEncryptionSupported(RoutingContext context) { return false; } - private boolean isVersionGreaterOrEqual(String v1, String v2) { + private boolean isVersionGreaterOrEqual(String fullVersionString, String minVersion) { + // Extract uid2-operator version + String v1 = extractOperatorVersion(fullVersionString); + String v2 = minVersion; + + // Remove -SNAPSHOT or any other suffixes + v1 = v1.split("-")[0]; + v2 = v2.split("-")[0]; + Pattern pattern = Pattern.compile("(\\d+)\\.(\\d+)\\.(\\d+)"); Matcher m1 = pattern.matcher(v1); Matcher m2 = pattern.matcher(v2); @@ -706,4 +714,14 @@ private boolean isVersionGreaterOrEqual(String v1, String v2) { return true; // Versions are equal } + + private String extractOperatorVersion(String fullVersionString) { + String[] parts = fullVersionString.split(";"); + for (String part : parts) { + if (part.startsWith("uid2-operator=")) { + return part.substring("uid2-operator=".length()); + } + } + return ""; + } } From 0c81949ccd6b7b652a364ea917bb1d1dac998bec Mon Sep 17 00:00:00 2001 From: lizk886 Date: Mon, 29 Jul 2024 14:15:19 -0600 Subject: [PATCH 07/60] return boolean --- .../com/uid2/core/vertx/CoreVerticle.java | 51 +++++-------------- 1 file changed, 13 insertions(+), 38 deletions(-) diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index 3aaab3de..cba3929c 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -50,9 +50,6 @@ import java.security.spec.X509EncodedKeySpec; import java.time.Instant; import java.util.*; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - import com.uid2.shared.store.reader.RotatingS3KeyProvider; import com.uid2.shared.model.S3Key; @@ -685,43 +682,21 @@ private boolean isEncryptionSupported(RoutingContext context) { return false; } - private boolean isVersionGreaterOrEqual(String fullVersionString, String minVersion) { - // Extract uid2-operator version - String v1 = extractOperatorVersion(fullVersionString); - String v2 = minVersion; - - // Remove -SNAPSHOT or any other suffixes - v1 = v1.split("-")[0]; - v2 = v2.split("-")[0]; - - Pattern pattern = Pattern.compile("(\\d+)\\.(\\d+)\\.(\\d+)"); - Matcher m1 = pattern.matcher(v1); - Matcher m2 = pattern.matcher(v2); - - if (!m1.find() || !m2.find()) { - return false; // Invalid version format - } - - for (int i = 1; i <= 3; i++) { - int num1 = Integer.parseInt(m1.group(i)); - int num2 = Integer.parseInt(m2.group(i)); - if (num1 > num2) { - return true; - } else if (num1 < num2) { - return false; - } - } - - return true; // Versions are equal - } + private boolean isVersionGreaterOrEqual(String v1, String v2) { + // Remove any non-numeric suffixes (like -SNAPSHOT) + v1 = v1.replaceAll("-.*", ""); + v2 = v2.replaceAll("-.*", ""); - private String extractOperatorVersion(String fullVersionString) { - String[] parts = fullVersionString.split(";"); - for (String part : parts) { - if (part.startsWith("uid2-operator=")) { - return part.substring("uid2-operator=".length()); + String[] parts1 = v1.split("\\."); + String[] parts2 = v2.split("\\."); + int length = Math.max(parts1.length, parts2.length); + for (int i = 0; i < length; i++) { + int p1 = i < parts1.length ? Integer.parseInt(parts1[i]) : 0; + int p2 = i < parts2.length ? Integer.parseInt(parts2[i]) : 0; + if (p1 != p2) { + return p1 > p2; } } - return ""; + return true; } } From e18ea803fc43361077e28f9a104b2802bf7716db Mon Sep 17 00:00:00 2001 From: lizk886 Date: Mon, 29 Jul 2024 14:20:04 -0600 Subject: [PATCH 08/60] use regex --- .../com/uid2/core/vertx/CoreVerticle.java | 42 +++++++++++++------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index cba3929c..a3144a55 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -52,6 +52,8 @@ import java.util.*; import com.uid2.shared.store.reader.RotatingS3KeyProvider; import com.uid2.shared.model.S3Key; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import static com.uid2.shared.Const.Config.EnforceJwtProp; @@ -683,20 +685,36 @@ private boolean isEncryptionSupported(RoutingContext context) { } private boolean isVersionGreaterOrEqual(String v1, String v2) { - // Remove any non-numeric suffixes (like -SNAPSHOT) - v1 = v1.replaceAll("-.*", ""); - v2 = v2.replaceAll("-.*", ""); - - String[] parts1 = v1.split("\\."); - String[] parts2 = v2.split("\\."); - int length = Math.max(parts1.length, parts2.length); - for (int i = 0; i < length; i++) { - int p1 = i < parts1.length ? Integer.parseInt(parts1[i]) : 0; - int p2 = i < parts2.length ? Integer.parseInt(parts2[i]) : 0; + // Regex pattern to extract numeric parts of the version + Pattern pattern = Pattern.compile("(\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?"); + + Matcher m1 = pattern.matcher(v1); + Matcher m2 = pattern.matcher(v2); + + int[] parts1 = extractParts(m1); + int[] parts2 = extractParts(m2); + + // Compare each part of the version + for (int i = 0; i < Math.max(parts1.length, parts2.length); i++) { + int p1 = i < parts1.length ? parts1[i] : 0; + int p2 = i < parts2.length ? parts2[i] : 0; if (p1 != p2) { - return p1 > p2; + return p1 > p2; // Return true if v1 > v2, false otherwise + } + } + + return true; // Versions are identical + } + + private int[] extractParts(Matcher matcher) { + // Extract numeric parts from the matcher and return them as an array + int[] parts = new int[3]; + if (matcher.find()) { + for (int i = 1; i <= 3; i++) { + String group = matcher.group(i); + parts[i - 1] = group != null ? Integer.parseInt(group) : 0; } } - return true; + return parts; } } From 395382c38cd7cf20cd9c9e9e7667e1ac180969a0 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Mon, 29 Jul 2024 14:24:01 -0600 Subject: [PATCH 09/60] clean up cpomments --- src/main/java/com/uid2/core/vertx/CoreVerticle.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index a3144a55..a328dc47 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -685,7 +685,6 @@ private boolean isEncryptionSupported(RoutingContext context) { } private boolean isVersionGreaterOrEqual(String v1, String v2) { - // Regex pattern to extract numeric parts of the version Pattern pattern = Pattern.compile("(\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?"); Matcher m1 = pattern.matcher(v1); @@ -694,16 +693,15 @@ private boolean isVersionGreaterOrEqual(String v1, String v2) { int[] parts1 = extractParts(m1); int[] parts2 = extractParts(m2); - // Compare each part of the version for (int i = 0; i < Math.max(parts1.length, parts2.length); i++) { int p1 = i < parts1.length ? parts1[i] : 0; int p2 = i < parts2.length ? parts2[i] : 0; if (p1 != p2) { - return p1 > p2; // Return true if v1 > v2, false otherwise + return p1 > p2; } } - return true; // Versions are identical + return true; } private int[] extractParts(Matcher matcher) { From 85c77e5bb57be408e5f0fe23aa7a8c7197b0923f Mon Sep 17 00:00:00 2001 From: lizk886 Date: Thu, 1 Aug 2024 13:51:56 -0600 Subject: [PATCH 10/60] clean up --- src/main/java/com/uid2/core/vertx/CoreVerticle.java | 2 +- src/test/java/com/uid2/core/vertx/TestCoreVerticle.java | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index a328dc47..dac6ee96 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -83,7 +83,7 @@ public class CoreVerticle extends AbstractVerticle { private final OperatorJWTTokenProvider operatorJWTTokenProvider; private final JwtService jwtService; private final RotatingS3KeyProvider s3KeyProvider; - private static final String ENCRYPTION_SUPPORT_VERSION = "2.3"; // Set this to the appropriate version later + private static final String ENCRYPTION_SUPPORT_VERSION = "3.0"; // Set this to the appropriate version later public CoreVerticle(ICloudStorage cloudStorage, IAuthorizableProvider authProvider, diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 277e42c6..66d7d7dc 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -690,7 +690,6 @@ void keysRefreshSuccessHigherVersion(Vertx vertx, VertxTestContext testContext) @Tag("dontForceJwt") @Test void keysRefreshSuccessLowerVersion(Vertx vertx, VertxTestContext testContext) throws Exception { - // Arrange fakeAuth(attestationProtocolPublic, Role.OPERATOR); addAttestationProvider(attestationProtocolPublic); onHandleAttestationRequest(() -> { From e64e6f8f9f6d2d62c10294d3d3a3e8861e0f244c Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 12:13:00 -0600 Subject: [PATCH 11/60] fix spacing --- .../java/com/uid2/core/util/MetadataHelper.java | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/uid2/core/util/MetadataHelper.java b/src/main/java/com/uid2/core/util/MetadataHelper.java index 93a6c9f4..4250d1c8 100644 --- a/src/main/java/com/uid2/core/util/MetadataHelper.java +++ b/src/main/java/com/uid2/core/util/MetadataHelper.java @@ -30,18 +30,19 @@ public static String getMetadataPathName(OperatorType operatorType, int siteId, public static String getMetadataPathName(OperatorType operatorType, int siteId, String metadataPathName, Boolean canDecrypt) { StoreScope store; Boolean providePrivateSiteData = ConfigStore.Global.getBoolean("provide_private_site_data"); - if (canDecrypt){ - if (operatorType == OperatorType.PUBLIC){ - store = new EncryptedScope(new CloudPath(metadataPathName),siteId, true); - }else{ - store = new EncryptedScope(new CloudPath(metadataPathName),siteId, false); + if (canDecrypt) { // Check if decryption is possible + if (operatorType == OperatorType.PUBLIC ) //siteId_public folder + { + store = new EncryptedScope(new CloudPath(metadataPathName), siteId, true); + } else //siteId_private folder + { + store = new EncryptedScope(new CloudPath(metadataPathName), siteId, false); } - }else{ + } else { if (operatorType == OperatorType.PUBLIC || (providePrivateSiteData == null || !providePrivateSiteData.booleanValue())) { store = new GlobalScope(new CloudPath(metadataPathName)); - } - else //PRIVATE + } else //PRIVATE { store = new SiteScope(new CloudPath(metadataPathName), siteId); } From 15b3719bbb0ef71c36cafad413a0072f17ff4648 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 13:17:58 -0600 Subject: [PATCH 12/60] refactor, put a new parameter in operator info --- conf/default-config.json | 3 +- conf/integ-config.json | 3 +- conf/local-config.json | 3 +- conf/local-e2e-config.json | 3 +- conf/local-e2e-docker-config.json | 3 +- .../core/service/ClientMetadataProvider.java | 4 +- .../core/service/IClientMetadataProvider.java | 2 +- .../core/service/IKeyAclMetadataProvider.java | 2 +- .../core/service/IKeyMetadataProvider.java | 2 +- .../service/IKeysetKeyMetadataProvider.java | 2 +- .../core/service/IKeysetMetadataProvider.java | 2 +- .../core/service/KeyAclMetadataProvider.java | 4 +- .../core/service/KeyMetadataProvider.java | 4 +- .../service/KeysetKeysMetadataProvider.java | 4 +- .../core/service/KeysetMetadataProvider.java | 4 +- .../java/com/uid2/core/util/OperatorInfo.java | 57 +++++++++++++++++- .../com/uid2/core/vertx/CoreVerticle.java | 60 ++----------------- .../com/uid2/core/vertx/TestCoreVerticle.java | 54 ----------------- 18 files changed, 85 insertions(+), 131 deletions(-) diff --git a/conf/default-config.json b/conf/default-config.json index 2ae0c632..7aee6760 100644 --- a/conf/default-config.json +++ b/conf/default-config.json @@ -17,5 +17,6 @@ "att_token_enc_key": null, "att_token_enc_salt": null, "enforceJwt": false, - "s3_keys_metadata_path": null + "s3_keys_metadata_path": null, + "encryption_support_version": "3.0" } diff --git a/conf/integ-config.json b/conf/integ-config.json index 136c60fd..7f06cb3b 100644 --- a/conf/integ-config.json +++ b/conf/integ-config.json @@ -18,5 +18,6 @@ "keyset_keys_metadata_path": "uid2/keyset_keys/metadata.json", "salts_metadata_path": "uid2/salts/metadata.json", "enforceJwt": false, - "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json" + "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json", + "encryption_support_version": "3.0" } \ No newline at end of file diff --git a/conf/local-config.json b/conf/local-config.json index 33d3c2ba..c985dd69 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -19,5 +19,6 @@ "att_token_enc_salt": "", "provide_private_site_data": true, "enforceJwt": false, - "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json" + "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json", + "encryption_support_version": "3.0" } diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json index eca0c84b..21d88df6 100644 --- a/conf/local-e2e-config.json +++ b/conf/local-e2e-config.json @@ -33,5 +33,6 @@ "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB", "core_public_url": "http://localhost:8088", "optout_url": "http://localhost:8081", - "s3_keys_metadata_path": "s3encryption_keys/metadata.json" + "s3_keys_metadata_path": "s3encryption_keys/metadata.json", + "encryption_support_version": "3.0" } diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index d86306ee..b9bd2236 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -32,5 +32,6 @@ "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB", "core_public_url": "http://core:8088", "optout_url": "http://optout:8081", - "s3_keys_metadata_path": "s3encryption_keys/metadata.json" + "s3_keys_metadata_path": "s3encryption_keys/metadata.json", + "encryption_support_version": "3.0" } diff --git a/src/main/java/com/uid2/core/service/ClientMetadataProvider.java b/src/main/java/com/uid2/core/service/ClientMetadataProvider.java index 7fe8bb72..56626c91 100644 --- a/src/main/java/com/uid2/core/service/ClientMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/ClientMetadataProvider.java @@ -22,8 +22,8 @@ public class ClientMetadataProvider implements IClientMetadataProvider { private final ICloudStorage downloadUrlGenerator; @Override - public String getMetadata(OperatorInfo info,boolean includeEncrypted) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(ClientsMetadataPathName),includeEncrypted); + public String getMetadata(OperatorInfo info) throws Exception { + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(ClientsMetadataPathName),info.getSupportsEncryption()); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("client_keys"); diff --git a/src/main/java/com/uid2/core/service/IClientMetadataProvider.java b/src/main/java/com/uid2/core/service/IClientMetadataProvider.java index 521bfbfc..affe57c6 100644 --- a/src/main/java/com/uid2/core/service/IClientMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/IClientMetadataProvider.java @@ -4,5 +4,5 @@ import com.uid2.shared.auth.OperatorType; public interface IClientMetadataProvider { - String getMetadata(OperatorInfo info, boolean includeEncrypted) throws Exception; + String getMetadata(OperatorInfo info) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/IKeyAclMetadataProvider.java b/src/main/java/com/uid2/core/service/IKeyAclMetadataProvider.java index c67c7bb5..ac588574 100644 --- a/src/main/java/com/uid2/core/service/IKeyAclMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/IKeyAclMetadataProvider.java @@ -4,5 +4,5 @@ import com.uid2.shared.auth.OperatorType; public interface IKeyAclMetadataProvider { - String getMetadata(OperatorInfo info, boolean includeEncrypted) throws Exception; + String getMetadata(OperatorInfo info) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/IKeyMetadataProvider.java b/src/main/java/com/uid2/core/service/IKeyMetadataProvider.java index 48ab00f2..20e67214 100644 --- a/src/main/java/com/uid2/core/service/IKeyMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/IKeyMetadataProvider.java @@ -4,5 +4,5 @@ import com.uid2.shared.auth.OperatorType; public interface IKeyMetadataProvider { - String getMetadata(OperatorInfo info, boolean includeEncrypted) throws Exception; + String getMetadata(OperatorInfo info) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/IKeysetKeyMetadataProvider.java b/src/main/java/com/uid2/core/service/IKeysetKeyMetadataProvider.java index 10242bb7..972019cd 100644 --- a/src/main/java/com/uid2/core/service/IKeysetKeyMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/IKeysetKeyMetadataProvider.java @@ -3,5 +3,5 @@ import com.uid2.core.util.OperatorInfo; public interface IKeysetKeyMetadataProvider { - String getMetadata(OperatorInfo info, Boolean includeEncrypted) throws Exception; + String getMetadata(OperatorInfo info) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/IKeysetMetadataProvider.java b/src/main/java/com/uid2/core/service/IKeysetMetadataProvider.java index ab1ab80f..a754c42c 100644 --- a/src/main/java/com/uid2/core/service/IKeysetMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/IKeysetMetadataProvider.java @@ -3,5 +3,5 @@ import com.uid2.core.util.OperatorInfo; public interface IKeysetMetadataProvider { - String getMetadata(OperatorInfo info, Boolean includeEncrypted) throws Exception; + String getMetadata(OperatorInfo info) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java b/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java index 4e48ca45..7b567343 100644 --- a/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java @@ -20,8 +20,8 @@ public KeyAclMetadataProvider(ICloudStorage cloudStorage) { } @Override - public String getMetadata(OperatorInfo info, boolean includeEncrypted) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysAclMetadataPathProp), includeEncrypted); + public String getMetadata(OperatorInfo info) throws Exception { + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysAclMetadataPathProp), info.getSupportsEncryption()); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keys_acl"); diff --git a/src/main/java/com/uid2/core/service/KeyMetadataProvider.java b/src/main/java/com/uid2/core/service/KeyMetadataProvider.java index 8d7ed892..a68147ca 100644 --- a/src/main/java/com/uid2/core/service/KeyMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeyMetadataProvider.java @@ -22,8 +22,8 @@ public KeyMetadataProvider(ICloudStorage cloudStorage) { } @Override - public String getMetadata(OperatorInfo info, boolean includeEncrypted) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(KeysMetadataPathName),includeEncrypted); + public String getMetadata(OperatorInfo info) throws Exception { + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(KeysMetadataPathName)); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keys"); diff --git a/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java b/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java index d1fe0b44..3cdd413b 100644 --- a/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java @@ -20,8 +20,8 @@ public KeysetKeysMetadataProvider(ICloudStorage cloudStorage) { } @Override - public String getMetadata(OperatorInfo info, Boolean includeEncrypted) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysetKeysMetadataPathProp), includeEncrypted); + public String getMetadata(OperatorInfo info) throws Exception { + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysetKeysMetadataPathProp), info.getSupportsEncryption()); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keyset_keys"); diff --git a/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java b/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java index 48f58453..51d66612 100644 --- a/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java @@ -19,8 +19,8 @@ public KeysetMetadataProvider(ICloudStorage cloudStorage) { } @Override - public String getMetadata(OperatorInfo info, Boolean includeEncrypted) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysetsMetadataPathProp), includeEncrypted); + public String getMetadata(OperatorInfo info) throws Exception { + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysetsMetadataPathProp), info.getSupportsEncryption()); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keysets"); diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 2ec97020..29b8c05f 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -4,6 +4,10 @@ import com.uid2.shared.auth.OperatorType; import io.vertx.ext.web.RoutingContext; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import com.uid2.core.model.ConfigStore; + import static com.uid2.shared.middleware.AuthMiddleware.API_CLIENT_PROP; /** @@ -13,6 +17,8 @@ public class OperatorInfo { private final OperatorType operatorType; private final int siteId; + private final boolean supportsEncryption; + private static final String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.get("encryption_support_version"); public OperatorType getOperatorType() { return operatorType; @@ -22,17 +28,64 @@ public int getSiteId() { return siteId; } - public OperatorInfo(OperatorType operatorType, int siteId) { + public boolean getSupportsEncryption() {return supportsEncryption;} + + public OperatorInfo(OperatorType operatorType, int siteId, boolean supportsEncryption) { this.operatorType = operatorType; this.siteId = siteId; + this.supportsEncryption = supportsEncryption; } public static OperatorInfo getOperatorInfo(RoutingContext rc) throws Exception { IAuthorizable profile = (IAuthorizable) rc.data().get(API_CLIENT_PROP); if (profile instanceof OperatorKey) { OperatorKey operatorKey = (OperatorKey) profile; - return new OperatorInfo(operatorKey.getOperatorType(), operatorKey.getSiteId()); + boolean supportsEncryption = supportsEncryption(rc); + return new OperatorInfo(operatorKey.getOperatorType(), operatorKey.getSiteId(), supportsEncryption); } throw new Exception("Cannot determine the operator type and site id from the profile"); } + + private static boolean supportsEncryption(RoutingContext rc) { + String appVersion = rc.request().getHeader("AppVersion"); + if (appVersion == null) return false; + String[] versions = appVersion.split(";"); + for (String version : versions) { + if (version.startsWith("uid2-operator=")) { + String operatorVersion = version.substring("uid2-operator=".length()); + return isVersionGreaterOrEqual(operatorVersion, ENCRYPTION_SUPPORT_VERSION); + } + } + return false; + } + + private static boolean isVersionGreaterOrEqual(String v1, String v2) { + Pattern pattern = Pattern.compile("(\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?"); + Matcher m1 = pattern.matcher(v1); + Matcher m2 = pattern.matcher(v2); + + int[] parts1 = extractParts(m1); + int[] parts2 = extractParts(m2); + + for (int i = 0; i < Math.max(parts1.length, parts2.length); i++) { + int p1 = i < parts1.length ? parts1[i] : 0; + int p2 = i < parts2.length ? parts2[i] : 0; + if (p1 != p2) { + return p1 > p2; + } + } + + return true; + } + + private static int[] extractParts(Matcher matcher) { + int[] parts = new int[3]; + if (matcher.find()) { + for (int i = 1; i <= 3; i++) { + String group = matcher.group(i); + parts[i - 1] = group != null ? Integer.parseInt(group) : 0; + } + } + return parts; + } } \ No newline at end of file diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index bba42cc7..6ea4616d 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -381,9 +381,8 @@ private void handleSaltRefresh(RoutingContext rc) { private void handleKeyRefresh(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); - boolean includeEncrypted = isEncryptionSupported(rc); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(keyMetadataProvider.getMetadata(info, includeEncrypted)); + .end(keyMetadataProvider.getMetadata(info)); } catch (Exception e) { logger.warn("exception in handleKeyRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing key refresh"); @@ -393,9 +392,8 @@ private void handleKeyRefresh(RoutingContext rc) { private void handleKeyAclRefresh(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); - boolean includeEncrypted = isEncryptionSupported(rc); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(keyAclMetadataProvider.getMetadata(info, includeEncrypted)); + .end(keyAclMetadataProvider.getMetadata(info)); } catch (Exception e) { logger.warn("exception in handleKeyAclRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing key acl refresh"); @@ -405,9 +403,8 @@ private void handleKeyAclRefresh(RoutingContext rc) { private void handleKeysetRefresh(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); - boolean includeEncrypted = isEncryptionSupported(rc); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(keysetMetadataProvider.getMetadata(info, includeEncrypted)); + .end(keysetMetadataProvider.getMetadata(info)); } catch (Exception e) { logger.warn("exception in handleKeysetRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing key refresh"); @@ -417,9 +414,8 @@ private void handleKeysetRefresh(RoutingContext rc) { private void handleKeysetKeyRefresh(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); - boolean includeEncrypted = isEncryptionSupported(rc); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(keysetKeyMetadataProvider.getMetadata(info, includeEncrypted)); + .end(keysetKeyMetadataProvider.getMetadata(info)); } catch (Exception e) { logger.warn("exception in handleKeysetKeyRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing key refresh"); @@ -429,9 +425,8 @@ private void handleKeysetKeyRefresh(RoutingContext rc) { private void handleClientRefresh(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); - boolean includeEncrypted = isEncryptionSupported(rc); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(clientMetadataProvider.getMetadata(info, includeEncrypted)); + .end(clientMetadataProvider.getMetadata(info)); } catch (Exception e) { logger.warn("exception in handleClientRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing client refresh"); @@ -668,49 +663,4 @@ public static void Error(String errorStatus, int statusCode, RoutingContext rc, rc.response().setStatusCode(statusCode).putHeader(HttpHeaders.CONTENT_TYPE, "application/json") .end(json.encode()); } - - private boolean isEncryptionSupported(RoutingContext context) { - String appVersion = context.request().getHeader(Const.Http.AppVersionHeader); - if (appVersion == null) return false; - String[] versions = appVersion.split(";"); - for (String version : versions) { - if (version.startsWith("uid2-operator=")) { - String operatorVersion = version.substring("uid2-operator=".length()); - return isVersionGreaterOrEqual(operatorVersion, ENCRYPTION_SUPPORT_VERSION); - } - } - return false; - } - - private boolean isVersionGreaterOrEqual(String v1, String v2) { - Pattern pattern = Pattern.compile("(\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?"); - - Matcher m1 = pattern.matcher(v1); - Matcher m2 = pattern.matcher(v2); - - int[] parts1 = extractParts(m1); - int[] parts2 = extractParts(m2); - - for (int i = 0; i < Math.max(parts1.length, parts2.length); i++) { - int p1 = i < parts1.length ? parts1[i] : 0; - int p2 = i < parts2.length ? parts2[i] : 0; - if (p1 != p2) { - return p1 > p2; - } - } - - return true; - } - - private int[] extractParts(Matcher matcher) { - // Extract numeric parts from the matcher and return them as an array - int[] parts = new int[3]; - if (matcher.find()) { - for (int i = 1; i <= 3; i++) { - String group = matcher.group(i); - parts[i - 1] = group != null ? Integer.parseInt(group) : 0; - } - } - return parts; - } } diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index c79fb80c..668d164d 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -660,58 +660,4 @@ void s3encryptionKeyRetrieveNoKeysOrError(Vertx vertx, VertxTestContext testCont } }); } - - @Tag("dontForceJwt") - @Test - void keysRefreshSuccessHigherVersion(Vertx vertx, VertxTestContext testContext) throws Exception { - fakeAuth(attestationProtocolPublic, Role.OPERATOR); - addAttestationProvider(attestationProtocolPublic); - onHandleAttestationRequest(() -> { - byte[] resultPublicKey = null; - return Future.succeededFuture(new AttestationResult(resultPublicKey, "test")); - }); - - MultiMap headers = MultiMap.caseInsensitiveMultiMap(); - headers.add(Const.Http.AppVersionHeader, "uid2-operator=2.7.16-SNAPSHOT;uid2-attestation-api=1.1.0;uid2-shared=2.7.0-3e279acefa"); - - getWithVersion(vertx, "key/refresh", headers, ar -> { - if (ar.succeeded()) { - HttpResponse response = ar.result(); - assertEquals(200, response.statusCode()); - String responseBody = response.bodyAsString(); - assertEquals("{\"keys\":{\"location\":\"http://encrypted_url\"}}", responseBody); - testContext.completeNow(); - } else { - testContext.failNow(ar.cause()); - } - }); - } - - @Tag("dontForceJwt") - @Test - void keysRefreshSuccessLowerVersion(Vertx vertx, VertxTestContext testContext) throws Exception { - fakeAuth(attestationProtocolPublic, Role.OPERATOR); - addAttestationProvider(attestationProtocolPublic); - onHandleAttestationRequest(() -> { - byte[] resultPublicKey = null; - return Future.succeededFuture(new AttestationResult(resultPublicKey, "test")); - }); - - MultiMap headers = MultiMap.caseInsensitiveMultiMap(); - headers.add(Const.Http.AppVersionHeader, "uid2-operator=2.1.16-SNAPSHOT;uid2-attestation-api=1.1.0;uid2-shared=2.7.0-3e279acefa"); - - getWithVersion(vertx, "key/refresh", headers, ar -> { - if (ar.succeeded()) { - HttpResponse response = ar.result(); - System.out.println(response.bodyAsString()); - assertEquals(200, response.statusCode()); - String responseBody = response.bodyAsString(); - assertEquals("{\"keys\":{\"location\":\"http://default_url\"}}", responseBody); - testContext.completeNow(); - } else { - testContext.failNow(ar.cause()); - } - }); - } - } From c0cabe800c069ab6da6187adfbbaf40bae62811f Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 13:25:14 -0600 Subject: [PATCH 13/60] clean up --- src/main/java/com/uid2/core/vertx/CoreVerticle.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index 6ea4616d..8477293d 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -52,8 +52,6 @@ import java.util.*; import com.uid2.shared.store.reader.RotatingS3KeyProvider; import com.uid2.shared.model.S3Key; -import java.util.regex.Matcher; -import java.util.regex.Pattern; import static com.uid2.shared.Const.Config.EnforceJwtProp; @@ -83,7 +81,6 @@ public class CoreVerticle extends AbstractVerticle { private final OperatorJWTTokenProvider operatorJWTTokenProvider; private final JwtService jwtService; private final RotatingS3KeyProvider s3KeyProvider; - private static final String ENCRYPTION_SUPPORT_VERSION = "3.0"; // Set this to the appropriate version later public CoreVerticle(ICloudStorage cloudStorage, IAuthorizableProvider authProvider, From 0627853116dc7eacec77dbbb08828b54945e51a3 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 14:11:33 -0600 Subject: [PATCH 14/60] operator test info --- .../java/com/uid2/core/util/OperatorInfo.java | 19 +++- .../com/uid2/core/util/TestOperatorInfo.java | 97 +++++++++++++++++++ .../com/uid2/core/vertx/TestCoreVerticle.java | 59 ++++++++++- 3 files changed, 169 insertions(+), 6 deletions(-) create mode 100644 src/test/java/com/uid2/core/util/TestOperatorInfo.java diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 29b8c05f..727a15d3 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -7,6 +7,8 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; import com.uid2.core.model.ConfigStore; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import static com.uid2.shared.middleware.AuthMiddleware.API_CLIENT_PROP; @@ -18,7 +20,10 @@ public class OperatorInfo { private final OperatorType operatorType; private final int siteId; private final boolean supportsEncryption; - private static final String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.get("encryption_support_version"); + static String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.get("encryption_support_version"); + + static Logger logger = LoggerFactory.getLogger(OperatorInfo.class); + public OperatorType getOperatorType() { return operatorType; @@ -46,9 +51,12 @@ public static OperatorInfo getOperatorInfo(RoutingContext rc) throws Exception { throw new Exception("Cannot determine the operator type and site id from the profile"); } - private static boolean supportsEncryption(RoutingContext rc) { + static boolean supportsEncryption(RoutingContext rc) { String appVersion = rc.request().getHeader("AppVersion"); - if (appVersion == null) return false; + if (appVersion == null) { + logger.warn("AppVersion header is missing."); + return false; + } String[] versions = appVersion.split(";"); for (String version : versions) { if (version.startsWith("uid2-operator=")) { @@ -59,7 +67,10 @@ private static boolean supportsEncryption(RoutingContext rc) { return false; } - private static boolean isVersionGreaterOrEqual(String v1, String v2) { + static boolean isVersionGreaterOrEqual(String v1, String v2) { + System.out.println(v1 + "hello"); + System.out.println(v2); + logger.info("info"); Pattern pattern = Pattern.compile("(\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?"); Matcher m1 = pattern.matcher(v1); Matcher m2 = pattern.matcher(v2); diff --git a/src/test/java/com/uid2/core/util/TestOperatorInfo.java b/src/test/java/com/uid2/core/util/TestOperatorInfo.java new file mode 100644 index 00000000..841cc2ef --- /dev/null +++ b/src/test/java/com/uid2/core/util/TestOperatorInfo.java @@ -0,0 +1,97 @@ +package com.uid2.core.util; + +import com.uid2.shared.auth.OperatorKey; +import com.uid2.shared.auth.OperatorType; +import io.vertx.core.http.HttpServerRequest; +import io.vertx.ext.web.RoutingContext; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; + +import java.util.HashMap; +import java.util.Map; + +import static com.uid2.core.util.OperatorInfo.ENCRYPTION_SUPPORT_VERSION; +import static com.uid2.shared.middleware.AuthMiddleware.API_CLIENT_PROP; +import static org.junit.jupiter.api.Assertions.*; +import static org.mockito.Mockito.*; + +class OperatorInfoTest { + + @Mock + private RoutingContext mockRoutingContext; + + @Mock + private HttpServerRequest mockRequest; + + @BeforeEach + void setUp() { + MockitoAnnotations.openMocks(this); + when(mockRoutingContext.request()).thenReturn(mockRequest); + ENCRYPTION_SUPPORT_VERSION = "2.6"; + } + + @Test + void testConstructor() { + OperatorInfo operatorInfo = new OperatorInfo(OperatorType.PRIVATE, 123, true); + assertEquals(OperatorType.PRIVATE, operatorInfo.getOperatorType()); + assertEquals(123, operatorInfo.getSiteId()); + assertTrue(operatorInfo.getSupportsEncryption()); + } + + @Test + void testGetOperatorInfo() throws Exception { + OperatorKey mockOperatorKey = mock(OperatorKey.class); + when(mockOperatorKey.getOperatorType()).thenReturn(OperatorType.PUBLIC); + when(mockOperatorKey.getSiteId()).thenReturn(456); + + Map data = new HashMap<>(); + data.put(API_CLIENT_PROP, mockOperatorKey); + when(mockRoutingContext.data()).thenReturn(data); + when(mockRequest.getHeader("AppVersion")).thenReturn("uid2-operator=3.0.0"); + + OperatorInfo result = OperatorInfo.getOperatorInfo(mockRoutingContext); + + assertNotNull(result); + assertEquals(OperatorType.PUBLIC, result.getOperatorType()); + assertEquals(456, result.getSiteId()); + assertTrue(result.getSupportsEncryption()); + } + + @Test + void testGetOperatorInfoThrowsException() { + Map data = new HashMap<>(); + data.put("api_client", "Invalid Object"); + when(mockRoutingContext.data()).thenReturn(data); + + assertThrows(Exception.class, () -> OperatorInfo.getOperatorInfo(mockRoutingContext)); + } + + @Test + void testSupportsEncryptionTrue() { + when(mockRequest.getHeader("AppVersion")).thenReturn("uid2-operator=3.0.0"); + assertTrue(OperatorInfo.supportsEncryption(mockRoutingContext)); + } + + @Test + void testSupportsEncryptionFalse() { + when(mockRequest.getHeader("AppVersion")).thenReturn("uid2-operator=1.0.0"); + assertFalse(OperatorInfo.supportsEncryption(mockRoutingContext)); + } + + @Test + void testSupportsEncryptionMissingHeader() { + when(mockRequest.getHeader("AppVersion")).thenReturn(null); + assertFalse(OperatorInfo.supportsEncryption(mockRoutingContext)); + } + + @Test + void testIsVersionGreaterOrEqual() { + assertTrue(OperatorInfo.isVersionGreaterOrEqual("2.0.0", "1.0.0")); + assertTrue(OperatorInfo.isVersionGreaterOrEqual("2.0.0", "2.0.0")); + assertFalse(OperatorInfo.isVersionGreaterOrEqual("1.0.0", "2.0.0")); + assertTrue(OperatorInfo.isVersionGreaterOrEqual("2.1.0", "2.0.0")); + assertFalse(OperatorInfo.isVersionGreaterOrEqual("2.0.1", "2.1.0")); + } +} \ No newline at end of file diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 668d164d..1d7379a0 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -4,7 +4,6 @@ import com.uid2.core.model.SecretStore; import com.uid2.core.service.*; import com.uid2.core.util.OperatorInfo; -import com.uid2.core.model.SecretStore; import com.uid2.core.service.JWTTokenProvider; import com.uid2.core.service.OperatorJWTTokenProvider; import com.uid2.shared.Const; @@ -79,12 +78,13 @@ public class TestCoreVerticle { private ICloudStorage metadataStreamProvider; @Mock private ICloudStorage downloadUrlGenerator; + private OperatorInfo operatorInfo; private AttestationService attestationService; private static final String attestationProtocol = "test-attestation-protocol"; private static final String attestationProtocolPublic = "trusted"; - private static final String ENCRYPTION_SUPPORT_VERSION = "2.6"; + private static final String encryption_support_version = "2.6"; @BeforeEach void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) throws Throwable { @@ -660,4 +660,59 @@ void s3encryptionKeyRetrieveNoKeysOrError(Vertx vertx, VertxTestContext testCont } }); } + + @Tag("dontForceJwt") + @Test + void keysRefreshSuccessHigherVersion(Vertx vertx, VertxTestContext testContext) throws Exception { + fakeAuth(attestationProtocolPublic, Role.OPERATOR); + addAttestationProvider(attestationProtocolPublic); + onHandleAttestationRequest(() -> { + byte[] resultPublicKey = null; + return Future.succeededFuture(new AttestationResult(resultPublicKey, "test")); + }); + + MultiMap headers = MultiMap.caseInsensitiveMultiMap(); + headers.add(Const.Http.AppVersionHeader, "uid2-operator=3.7.16-SNAPSHOT;uid2-attestation-api=1.1.0;uid2-shared=2.7.0-3e279acefa"); + + getWithVersion(vertx, "key/refresh", headers, ar -> { + assertTrue(ar.succeeded()); + if (ar.succeeded()) { + HttpResponse response = ar.result(); + assertEquals(200, response.statusCode()); + String responseBody = response.bodyAsString(); + assertEquals("{\"keys\":{\"location\":\"http://encrypted_url\"}}", responseBody); + testContext.completeNow(); + } else { + testContext.failNow(ar.cause()); + } + }); + } + + @Tag("dontForceJwt") + @Test + void keysRefreshSuccessLowerVersion(Vertx vertx, VertxTestContext testContext) throws Exception { + fakeAuth(attestationProtocolPublic, Role.OPERATOR); + addAttestationProvider(attestationProtocolPublic); + onHandleAttestationRequest(() -> { + byte[] resultPublicKey = null; + return Future.succeededFuture(new AttestationResult(resultPublicKey, "test")); + }); + + MultiMap headers = MultiMap.caseInsensitiveMultiMap(); + headers.add(Const.Http.AppVersionHeader, "uid2-operator=2.1.16-SNAPSHOT;uid2-attestation-api=1.1.0;uid2-shared=2.7.0-3e279acefa"); + + getWithVersion(vertx, "key/refresh", headers, ar -> { + if (ar.succeeded()) { + HttpResponse response = ar.result(); + System.out.println(response.bodyAsString()); + assertEquals(200, response.statusCode()); + String responseBody = response.bodyAsString(); + assertEquals("{\"keys\":{\"location\":\"http://default_url\"}}", responseBody); + testContext.completeNow(); + } else { + testContext.failNow(ar.cause()); + } + }); + } + } From 2b9cddfe7d0cc2835989ea41c988463a1b462896 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 14:39:06 -0600 Subject: [PATCH 15/60] update tests --- .../uid2/core/service/KeyMetadataProvider.java | 2 +- .../java/com/uid2/core/util/OperatorInfo.java | 16 +++++++++++++--- .../com/uid2/core/vertx/TestCoreVerticle.java | 5 +++++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/uid2/core/service/KeyMetadataProvider.java b/src/main/java/com/uid2/core/service/KeyMetadataProvider.java index a68147ca..696452d4 100644 --- a/src/main/java/com/uid2/core/service/KeyMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeyMetadataProvider.java @@ -23,7 +23,7 @@ public KeyMetadataProvider(ICloudStorage cloudStorage) { @Override public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(KeysMetadataPathName)); + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(KeysMetadataPathName),info.getSupportsEncryption()); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keys"); diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 727a15d3..65f28bd5 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -2,6 +2,7 @@ import com.uid2.shared.auth.IAuthorizable; import com.uid2.shared.auth.OperatorKey; import com.uid2.shared.auth.OperatorType; +import io.vertx.core.http.HttpServerRequest; import io.vertx.ext.web.RoutingContext; import java.util.regex.Matcher; @@ -10,6 +11,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import static com.uid2.shared.Const.Http.AppVersionHeader; import static com.uid2.shared.middleware.AuthMiddleware.API_CLIENT_PROP; /** @@ -20,7 +22,7 @@ public class OperatorInfo { private final OperatorType operatorType; private final int siteId; private final boolean supportsEncryption; - static String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.get("encryption_support_version"); + public static String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.get("encryption_support_version"); static Logger logger = LoggerFactory.getLogger(OperatorInfo.class); @@ -46,15 +48,23 @@ public static OperatorInfo getOperatorInfo(RoutingContext rc) throws Exception { if (profile instanceof OperatorKey) { OperatorKey operatorKey = (OperatorKey) profile; boolean supportsEncryption = supportsEncryption(rc); + System.out.println(supportsEncryption); return new OperatorInfo(operatorKey.getOperatorType(), operatorKey.getSiteId(), supportsEncryption); } throw new Exception("Cannot determine the operator type and site id from the profile"); } static boolean supportsEncryption(RoutingContext rc) { - String appVersion = rc.request().getHeader("AppVersion"); + + HttpServerRequest request = rc.request(); + + // Log all headers + logger.info("Logging all request headers:"); + request.headers().forEach(header -> logger.info("{}: {}", header.getKey(), header.getValue())); + + String appVersion = rc.request().getHeader(AppVersionHeader); if (appVersion == null) { - logger.warn("AppVersion header is missing."); + logger.warn("AppVersion header is missing:"); return false; } String[] versions = appVersion.split(";"); diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 1d7379a0..56b9848e 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -27,6 +27,7 @@ import io.vertx.junit5.VertxTestContext; import static com.uid2.core.service.KeyMetadataProvider.KeysMetadataPathName; +import static com.uid2.core.util.OperatorInfo.ENCRYPTION_SUPPORT_VERSION; import static org.junit.jupiter.api.Assertions.*; import org.junit.jupiter.api.BeforeEach; @@ -108,6 +109,7 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th // Mock download method for different paths when(cloudStorage.download(anyString())).thenAnswer(invocation -> { String path = invocation.getArgument(0); + System.out.println(path); if (path.contains("encrypted")) { return new ByteArrayInputStream("{ \"keys\": { \"location\": \"encrypted-location\" } }".getBytes()); } else { @@ -127,6 +129,8 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th CoreVerticle verticle = new CoreVerticle(cloudStorage, authProvider, attestationService, attestationTokenService, enclaveIdentifierProvider, operatorJWTTokenProvider, jwtService, s3KeyProvider); vertx.deployVerticle(verticle, testContext.succeeding(id -> testContext.completeNow())); + + ENCRYPTION_SUPPORT_VERSION = "2.6"; } private String getUrlForEndpoint(String endpoint) { @@ -680,6 +684,7 @@ void keysRefreshSuccessHigherVersion(Vertx vertx, VertxTestContext testContext) HttpResponse response = ar.result(); assertEquals(200, response.statusCode()); String responseBody = response.bodyAsString(); + System.out.println(responseBody); assertEquals("{\"keys\":{\"location\":\"http://encrypted_url\"}}", responseBody); testContext.completeNow(); } else { From eb338d2094f430c64ef32544b2f0574dcdaf817c Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 14:44:50 -0600 Subject: [PATCH 16/60] update tests --- src/main/java/com/uid2/core/util/OperatorInfo.java | 13 +------------ .../java/com/uid2/core/util/TestOperatorInfo.java | 9 +++++---- 2 files changed, 6 insertions(+), 16 deletions(-) diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 65f28bd5..b80f48a0 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -48,23 +48,15 @@ public static OperatorInfo getOperatorInfo(RoutingContext rc) throws Exception { if (profile instanceof OperatorKey) { OperatorKey operatorKey = (OperatorKey) profile; boolean supportsEncryption = supportsEncryption(rc); - System.out.println(supportsEncryption); return new OperatorInfo(operatorKey.getOperatorType(), operatorKey.getSiteId(), supportsEncryption); } throw new Exception("Cannot determine the operator type and site id from the profile"); } static boolean supportsEncryption(RoutingContext rc) { - - HttpServerRequest request = rc.request(); - - // Log all headers - logger.info("Logging all request headers:"); - request.headers().forEach(header -> logger.info("{}: {}", header.getKey(), header.getValue())); - String appVersion = rc.request().getHeader(AppVersionHeader); if (appVersion == null) { - logger.warn("AppVersion header is missing:"); + logger.warn("AppVersion header is missing."); return false; } String[] versions = appVersion.split(";"); @@ -78,9 +70,6 @@ static boolean supportsEncryption(RoutingContext rc) { } static boolean isVersionGreaterOrEqual(String v1, String v2) { - System.out.println(v1 + "hello"); - System.out.println(v2); - logger.info("info"); Pattern pattern = Pattern.compile("(\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?"); Matcher m1 = pattern.matcher(v1); Matcher m2 = pattern.matcher(v2); diff --git a/src/test/java/com/uid2/core/util/TestOperatorInfo.java b/src/test/java/com/uid2/core/util/TestOperatorInfo.java index 841cc2ef..05856cb2 100644 --- a/src/test/java/com/uid2/core/util/TestOperatorInfo.java +++ b/src/test/java/com/uid2/core/util/TestOperatorInfo.java @@ -13,6 +13,7 @@ import java.util.Map; import static com.uid2.core.util.OperatorInfo.ENCRYPTION_SUPPORT_VERSION; +import static com.uid2.shared.Const.Http.AppVersionHeader; import static com.uid2.shared.middleware.AuthMiddleware.API_CLIENT_PROP; import static org.junit.jupiter.api.Assertions.*; import static org.mockito.Mockito.*; @@ -49,7 +50,7 @@ void testGetOperatorInfo() throws Exception { Map data = new HashMap<>(); data.put(API_CLIENT_PROP, mockOperatorKey); when(mockRoutingContext.data()).thenReturn(data); - when(mockRequest.getHeader("AppVersion")).thenReturn("uid2-operator=3.0.0"); + when(mockRequest.getHeader(AppVersionHeader)).thenReturn("uid2-operator=3.0.0"); OperatorInfo result = OperatorInfo.getOperatorInfo(mockRoutingContext); @@ -70,19 +71,19 @@ void testGetOperatorInfoThrowsException() { @Test void testSupportsEncryptionTrue() { - when(mockRequest.getHeader("AppVersion")).thenReturn("uid2-operator=3.0.0"); + when(mockRequest.getHeader(AppVersionHeader)).thenReturn("uid2-operator=3.0.0"); assertTrue(OperatorInfo.supportsEncryption(mockRoutingContext)); } @Test void testSupportsEncryptionFalse() { - when(mockRequest.getHeader("AppVersion")).thenReturn("uid2-operator=1.0.0"); + when(mockRequest.getHeader(AppVersionHeader)).thenReturn("uid2-operator=1.0.0"); assertFalse(OperatorInfo.supportsEncryption(mockRoutingContext)); } @Test void testSupportsEncryptionMissingHeader() { - when(mockRequest.getHeader("AppVersion")).thenReturn(null); + when(mockRequest.getHeader(AppVersionHeader)).thenReturn(null); assertFalse(OperatorInfo.supportsEncryption(mockRoutingContext)); } From d4212e74c24e993cef6b712f932ae541847512c6 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 14:48:42 -0600 Subject: [PATCH 17/60] clean ups --- .../java/com/uid2/core/vertx/TestCoreVerticle.java | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 56b9848e..fcf3e376 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -3,7 +3,6 @@ import com.uid2.core.model.ConfigStore; import com.uid2.core.model.SecretStore; import com.uid2.core.service.*; -import com.uid2.core.util.OperatorInfo; import com.uid2.core.service.JWTTokenProvider; import com.uid2.core.service.OperatorJWTTokenProvider; import com.uid2.shared.Const; @@ -40,8 +39,6 @@ import javax.crypto.Cipher; import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.net.MalformedURLException; import java.net.URL; import java.security.KeyPair; import java.security.KeyPairGenerator; @@ -73,13 +70,6 @@ public class TestCoreVerticle { private JwtService jwtService; @Mock private RotatingS3KeyProvider s3KeyProvider; - @Mock - private IKeyMetadataProvider keyMetadataProvider; - @Mock - private ICloudStorage metadataStreamProvider; - @Mock - private ICloudStorage downloadUrlGenerator; - private OperatorInfo operatorInfo; private AttestationService attestationService; From 8e0af72948a3eb63eba52769cfd715afeba48047 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 14:50:05 -0600 Subject: [PATCH 18/60] clean ups --- src/test/java/com/uid2/core/vertx/TestCoreVerticle.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index fcf3e376..55410fc0 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -1,5 +1,4 @@ package com.uid2.core.vertx; - import com.uid2.core.model.ConfigStore; import com.uid2.core.model.SecretStore; import com.uid2.core.service.*; From fd1ef07e65b35e7c86383a1e9dfa32b3b87b520c Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 14:53:32 -0600 Subject: [PATCH 19/60] defualt value if configs haven't updated yet --- src/main/java/com/uid2/core/util/OperatorInfo.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index b80f48a0..fc6c94d7 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -22,7 +22,7 @@ public class OperatorInfo { private final OperatorType operatorType; private final int siteId; private final boolean supportsEncryption; - public static String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.get("encryption_support_version"); + public static String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.getOrDefault("encryption_support_version", "9999"); static Logger logger = LoggerFactory.getLogger(OperatorInfo.class); From b0e2de5f8484c16ff65d59ff42ed423142eec8c8 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 14:55:04 -0600 Subject: [PATCH 20/60] clean up --- src/main/java/com/uid2/core/util/OperatorInfo.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index fc6c94d7..7b9aa49c 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -26,7 +26,6 @@ public class OperatorInfo { static Logger logger = LoggerFactory.getLogger(OperatorInfo.class); - public OperatorType getOperatorType() { return operatorType; } From 53f217357dac5071f41c80fd88cf12577cfcd441 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Fri, 2 Aug 2024 21:04:32 +0000 Subject: [PATCH 21/60] [CI Pipeline] Released Snapshot version: 2.17.1-alpha-35-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e7c468dc..8825e089 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.17.0 + 2.17.1-alpha-35-SNAPSHOT UTF-8 From ea74e382f465c712fd49e12fcfb9788b0c5decef Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Fri, 2 Aug 2024 21:14:56 +0000 Subject: [PATCH 22/60] [CI Pipeline] Released Snapshot version: 2.17.2-alpha-36-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8825e089..dcdebbac 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.17.1-alpha-35-SNAPSHOT + 2.17.2-alpha-36-SNAPSHOT UTF-8 From 0baf8aefbe43dca312af9a3acbf79fc1f6b7d7e1 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Fri, 2 Aug 2024 21:45:19 +0000 Subject: [PATCH 23/60] [CI Pipeline] Released Snapshot version: 2.17.3-alpha-37-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index dcdebbac..10d964b1 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.17.2-alpha-36-SNAPSHOT + 2.17.3-alpha-37-SNAPSHOT UTF-8 From b59c01acab537060ff45df29e9ce602a6d1b1166 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 2 Aug 2024 16:07:21 -0600 Subject: [PATCH 24/60] update configs to extreme big number --- conf/default-config.json | 2 +- conf/integ-config.json | 2 +- conf/local-config.json | 2 +- conf/local-e2e-config.json | 2 +- conf/local-e2e-docker-config.json | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/default-config.json b/conf/default-config.json index 7aee6760..13de1e5c 100644 --- a/conf/default-config.json +++ b/conf/default-config.json @@ -18,5 +18,5 @@ "att_token_enc_salt": null, "enforceJwt": false, "s3_keys_metadata_path": null, - "encryption_support_version": "3.0" + "encryption_support_version": "888" } diff --git a/conf/integ-config.json b/conf/integ-config.json index 7f06cb3b..e432e591 100644 --- a/conf/integ-config.json +++ b/conf/integ-config.json @@ -19,5 +19,5 @@ "salts_metadata_path": "uid2/salts/metadata.json", "enforceJwt": false, "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json", - "encryption_support_version": "3.0" + "encryption_support_version": "888" } \ No newline at end of file diff --git a/conf/local-config.json b/conf/local-config.json index c985dd69..74e6b12a 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -20,5 +20,5 @@ "provide_private_site_data": true, "enforceJwt": false, "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json", - "encryption_support_version": "3.0" + "encryption_support_version": "888" } diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json index 21d88df6..ef2f68ab 100644 --- a/conf/local-e2e-config.json +++ b/conf/local-e2e-config.json @@ -34,5 +34,5 @@ "core_public_url": "http://localhost:8088", "optout_url": "http://localhost:8081", "s3_keys_metadata_path": "s3encryption_keys/metadata.json", - "encryption_support_version": "3.0" + "encryption_support_version": "888" } diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index b9bd2236..290a7527 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -33,5 +33,5 @@ "core_public_url": "http://core:8088", "optout_url": "http://optout:8081", "s3_keys_metadata_path": "s3encryption_keys/metadata.json", - "encryption_support_version": "3.0" + "encryption_support_version": "888" } From deec8bbf4afa88788202c1c6e73c1b4632605b12 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Fri, 2 Aug 2024 22:12:10 +0000 Subject: [PATCH 25/60] [CI Pipeline] Released Snapshot version: 2.17.4-alpha-39-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 10d964b1..e73a27a7 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.17.3-alpha-37-SNAPSHOT + 2.17.4-alpha-39-SNAPSHOT UTF-8 From c580126100ea912605e6863ef1d528c0e9bb0bf3 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Mon, 5 Aug 2024 11:08:32 -0600 Subject: [PATCH 26/60] add logger info to check which version it put --- conf/default-config.json | 3 +-- conf/integ-config.json | 3 +-- conf/local-config.json | 3 +-- conf/local-e2e-config.json | 2 +- conf/local-e2e-docker-config.json | 3 +-- src/main/java/com/uid2/core/util/OperatorInfo.java | 7 +++++++ 6 files changed, 12 insertions(+), 9 deletions(-) diff --git a/conf/default-config.json b/conf/default-config.json index 13de1e5c..2ae0c632 100644 --- a/conf/default-config.json +++ b/conf/default-config.json @@ -17,6 +17,5 @@ "att_token_enc_key": null, "att_token_enc_salt": null, "enforceJwt": false, - "s3_keys_metadata_path": null, - "encryption_support_version": "888" + "s3_keys_metadata_path": null } diff --git a/conf/integ-config.json b/conf/integ-config.json index e432e591..136c60fd 100644 --- a/conf/integ-config.json +++ b/conf/integ-config.json @@ -18,6 +18,5 @@ "keyset_keys_metadata_path": "uid2/keyset_keys/metadata.json", "salts_metadata_path": "uid2/salts/metadata.json", "enforceJwt": false, - "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json", - "encryption_support_version": "888" + "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json" } \ No newline at end of file diff --git a/conf/local-config.json b/conf/local-config.json index 74e6b12a..33d3c2ba 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -19,6 +19,5 @@ "att_token_enc_salt": "", "provide_private_site_data": true, "enforceJwt": false, - "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json", - "encryption_support_version": "888" + "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json" } diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json index ef2f68ab..6cf2ef26 100644 --- a/conf/local-e2e-config.json +++ b/conf/local-e2e-config.json @@ -34,5 +34,5 @@ "core_public_url": "http://localhost:8088", "optout_url": "http://localhost:8081", "s3_keys_metadata_path": "s3encryption_keys/metadata.json", - "encryption_support_version": "888" + "encryption_support_version": "5.0" } diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index 290a7527..d86306ee 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -32,6 +32,5 @@ "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB", "core_public_url": "http://core:8088", "optout_url": "http://optout:8081", - "s3_keys_metadata_path": "s3encryption_keys/metadata.json", - "encryption_support_version": "888" + "s3_keys_metadata_path": "s3encryption_keys/metadata.json" } diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 7b9aa49c..db321af2 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -47,6 +47,8 @@ public static OperatorInfo getOperatorInfo(RoutingContext rc) throws Exception { if (profile instanceof OperatorKey) { OperatorKey operatorKey = (OperatorKey) profile; boolean supportsEncryption = supportsEncryption(rc); + System.out.println(supportsEncryption); + logger.info(supportsEncryption+"supportsEncryption"); return new OperatorInfo(operatorKey.getOperatorType(), operatorKey.getSiteId(), supportsEncryption); } throw new Exception("Cannot determine the operator type and site id from the profile"); @@ -69,6 +71,11 @@ static boolean supportsEncryption(RoutingContext rc) { } static boolean isVersionGreaterOrEqual(String v1, String v2) { + System.out.println(v1+"supportsEncryption"); + System.out.println(v2+ "supportsEncryption"); + logger.info(v1); + logger.info(v2); + Pattern pattern = Pattern.compile("(\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?"); Matcher m1 = pattern.matcher(v1); Matcher m2 = pattern.matcher(v2); From 99e7fe742e1ddf3fb8fd159fcc331c32fae33db3 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Mon, 5 Aug 2024 17:13:25 +0000 Subject: [PATCH 27/60] [CI Pipeline] Released Snapshot version: 2.17.5-alpha-40-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e73a27a7..b5ab4025 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.17.4-alpha-39-SNAPSHOT + 2.17.5-alpha-40-SNAPSHOT UTF-8 From 727e867ca58a65d00233626b9d5f50fa0f089a21 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 11:49:42 -0600 Subject: [PATCH 28/60] make config item private --- conf/default-config.json | 3 ++- conf/integ-config.json | 3 ++- conf/local-config.json | 3 ++- conf/local-e2e-docker-config.json | 3 ++- src/main/java/com/uid2/core/util/OperatorInfo.java | 2 +- src/test/java/com/uid2/core/util/TestOperatorInfo.java | 5 +++-- src/test/java/com/uid2/core/vertx/TestCoreVerticle.java | 6 ++---- 7 files changed, 14 insertions(+), 11 deletions(-) diff --git a/conf/default-config.json b/conf/default-config.json index 2ae0c632..63ca7b4b 100644 --- a/conf/default-config.json +++ b/conf/default-config.json @@ -17,5 +17,6 @@ "att_token_enc_key": null, "att_token_enc_salt": null, "enforceJwt": false, - "s3_keys_metadata_path": null + "s3_keys_metadata_path": null, + "encryption_support_version": "5.0" } diff --git a/conf/integ-config.json b/conf/integ-config.json index 136c60fd..86865815 100644 --- a/conf/integ-config.json +++ b/conf/integ-config.json @@ -18,5 +18,6 @@ "keyset_keys_metadata_path": "uid2/keyset_keys/metadata.json", "salts_metadata_path": "uid2/salts/metadata.json", "enforceJwt": false, - "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json" + "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json", + "encryption_support_version": "5.0" } \ No newline at end of file diff --git a/conf/local-config.json b/conf/local-config.json index 33d3c2ba..2fbcaf42 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -19,5 +19,6 @@ "att_token_enc_salt": "", "provide_private_site_data": true, "enforceJwt": false, - "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json" + "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json", + "encryption_support_version": "5.0" } diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index d86306ee..2e6b1e3d 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -32,5 +32,6 @@ "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB", "core_public_url": "http://core:8088", "optout_url": "http://optout:8081", - "s3_keys_metadata_path": "s3encryption_keys/metadata.json" + "s3_keys_metadata_path": "s3encryption_keys/metadata.json", + "encryption_support_version": "5.0" } diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index db321af2..ad472006 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -22,7 +22,7 @@ public class OperatorInfo { private final OperatorType operatorType; private final int siteId; private final boolean supportsEncryption; - public static String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.getOrDefault("encryption_support_version", "9999"); + private static String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.getOrDefault("encryption_support_version", "9999"); static Logger logger = LoggerFactory.getLogger(OperatorInfo.class); diff --git a/src/test/java/com/uid2/core/util/TestOperatorInfo.java b/src/test/java/com/uid2/core/util/TestOperatorInfo.java index 05856cb2..090a532e 100644 --- a/src/test/java/com/uid2/core/util/TestOperatorInfo.java +++ b/src/test/java/com/uid2/core/util/TestOperatorInfo.java @@ -1,8 +1,10 @@ package com.uid2.core.util; +import com.uid2.core.model.ConfigStore; import com.uid2.shared.auth.OperatorKey; import com.uid2.shared.auth.OperatorType; import io.vertx.core.http.HttpServerRequest; +import io.vertx.core.json.JsonObject; import io.vertx.ext.web.RoutingContext; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -12,7 +14,6 @@ import java.util.HashMap; import java.util.Map; -import static com.uid2.core.util.OperatorInfo.ENCRYPTION_SUPPORT_VERSION; import static com.uid2.shared.Const.Http.AppVersionHeader; import static com.uid2.shared.middleware.AuthMiddleware.API_CLIENT_PROP; import static org.junit.jupiter.api.Assertions.*; @@ -30,7 +31,7 @@ class OperatorInfoTest { void setUp() { MockitoAnnotations.openMocks(this); when(mockRoutingContext.request()).thenReturn(mockRequest); - ENCRYPTION_SUPPORT_VERSION = "2.6"; + ConfigStore.Global.load(new JsonObject().put("encryption_support_version", "2.6")); } @Test diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 55410fc0..8b10fe1d 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -25,7 +25,6 @@ import io.vertx.junit5.VertxTestContext; import static com.uid2.core.service.KeyMetadataProvider.KeysMetadataPathName; -import static com.uid2.core.util.OperatorInfo.ENCRYPTION_SUPPORT_VERSION; import static org.junit.jupiter.api.Assertions.*; import org.junit.jupiter.api.BeforeEach; @@ -74,7 +73,7 @@ public class TestCoreVerticle { private static final String attestationProtocol = "test-attestation-protocol"; private static final String attestationProtocolPublic = "trusted"; - private static final String encryption_support_version = "2.6"; + private static final String encryptionSupportVersion = "encryption_support_version"; @BeforeEach void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) throws Throwable { @@ -83,7 +82,7 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th config.put(Const.Config.CorePublicUrlProp, "test_core_url"); config.put(Const.Config.AwsKmsJwtSigningKeyIdProp, "test_aws_kms_keyId"); config.put(KeysMetadataPathName, "keys/metadata.json"); - + config.put(encryptionSupportVersion, "2.6"); if (info.getTags().contains("dontForceJwt")) { config.put(Const.Config.EnforceJwtProp, false); } else { @@ -119,7 +118,6 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th CoreVerticle verticle = new CoreVerticle(cloudStorage, authProvider, attestationService, attestationTokenService, enclaveIdentifierProvider, operatorJWTTokenProvider, jwtService, s3KeyProvider); vertx.deployVerticle(verticle, testContext.succeeding(id -> testContext.completeNow())); - ENCRYPTION_SUPPORT_VERSION = "2.6"; } private String getUrlForEndpoint(String endpoint) { From 69d510538719fe534d4f546f419e6a1d2b3e5bcf Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 11:59:08 -0600 Subject: [PATCH 29/60] combine sperate printlns into 1 log --- src/main/java/com/uid2/core/util/OperatorInfo.java | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index ad472006..6a904387 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -47,8 +47,7 @@ public static OperatorInfo getOperatorInfo(RoutingContext rc) throws Exception { if (profile instanceof OperatorKey) { OperatorKey operatorKey = (OperatorKey) profile; boolean supportsEncryption = supportsEncryption(rc); - System.out.println(supportsEncryption); - logger.info(supportsEncryption+"supportsEncryption"); + logger.info("Operator supports encryption: {}", supportsEncryption); return new OperatorInfo(operatorKey.getOperatorType(), operatorKey.getSiteId(), supportsEncryption); } throw new Exception("Cannot determine the operator type and site id from the profile"); @@ -64,18 +63,17 @@ static boolean supportsEncryption(RoutingContext rc) { for (String version : versions) { if (version.startsWith("uid2-operator=")) { String operatorVersion = version.substring("uid2-operator=".length()); - return isVersionGreaterOrEqual(operatorVersion, ENCRYPTION_SUPPORT_VERSION); + boolean isSupported = isVersionGreaterOrEqual(operatorVersion, ENCRYPTION_SUPPORT_VERSION); + logger.info("Operator version: {}, Required version for encryption: {}, Result: {}", + operatorVersion, ENCRYPTION_SUPPORT_VERSION, isSupported ? "Supports encryption" : "Does not support encryption"); + return isSupported; } } + logger.warn("No operator version found in AppVersion header."); return false; } static boolean isVersionGreaterOrEqual(String v1, String v2) { - System.out.println(v1+"supportsEncryption"); - System.out.println(v2+ "supportsEncryption"); - logger.info(v1); - logger.info(v2); - Pattern pattern = Pattern.compile("(\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?"); Matcher m1 = pattern.matcher(v1); Matcher m2 = pattern.matcher(v2); From 6963e73ef7fc493f7fe86fccf77fe0f740e20034 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 13:46:32 -0600 Subject: [PATCH 30/60] config issue in tests --- src/test/java/com/uid2/core/util/TestOperatorInfo.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/test/java/com/uid2/core/util/TestOperatorInfo.java b/src/test/java/com/uid2/core/util/TestOperatorInfo.java index 090a532e..1ea4c37a 100644 --- a/src/test/java/com/uid2/core/util/TestOperatorInfo.java +++ b/src/test/java/com/uid2/core/util/TestOperatorInfo.java @@ -26,12 +26,13 @@ class OperatorInfoTest { @Mock private HttpServerRequest mockRequest; + private static final String encryptionSupportVersion = "encryption_support_version"; @BeforeEach void setUp() { MockitoAnnotations.openMocks(this); when(mockRoutingContext.request()).thenReturn(mockRequest); - ConfigStore.Global.load(new JsonObject().put("encryption_support_version", "2.6")); + ConfigStore.Global.load(new JsonObject().put(encryptionSupportVersion, "2.6")); } @Test From 1e805dccf22cf62fc1936277a38a5568e8b9cccd Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 13:50:50 -0600 Subject: [PATCH 31/60] config issue in tests --- src/test/java/com/uid2/core/util/TestOperatorInfo.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/com/uid2/core/util/TestOperatorInfo.java b/src/test/java/com/uid2/core/util/TestOperatorInfo.java index 1ea4c37a..a1fcf6ca 100644 --- a/src/test/java/com/uid2/core/util/TestOperatorInfo.java +++ b/src/test/java/com/uid2/core/util/TestOperatorInfo.java @@ -31,8 +31,8 @@ class OperatorInfoTest { @BeforeEach void setUp() { MockitoAnnotations.openMocks(this); - when(mockRoutingContext.request()).thenReturn(mockRequest); ConfigStore.Global.load(new JsonObject().put(encryptionSupportVersion, "2.6")); + when(mockRoutingContext.request()).thenReturn(mockRequest); } @Test From 305a17da74dae1acdd9ba3c50de039d5c3d52169 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 14:46:12 -0600 Subject: [PATCH 32/60] config issue in tests --- src/main/java/com/uid2/core/util/OperatorInfo.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 6a904387..b07ac34b 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -22,7 +22,7 @@ public class OperatorInfo { private final OperatorType operatorType; private final int siteId; private final boolean supportsEncryption; - private static String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.getOrDefault("encryption_support_version", "9999"); + private static final String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.get("encryption_support_version"); static Logger logger = LoggerFactory.getLogger(OperatorInfo.class); From 92b99f9dbcdb211f5e977d2ba1b28a6d1b17376d Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 14:50:02 -0600 Subject: [PATCH 33/60] config issue in tests --- src/main/java/com/uid2/core/util/OperatorInfo.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index b07ac34b..3cb45c6f 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -22,7 +22,7 @@ public class OperatorInfo { private final OperatorType operatorType; private final int siteId; private final boolean supportsEncryption; - private static final String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.get("encryption_support_version"); + private static final String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.getOrDefault("encryption_support_version", "9999"); static Logger logger = LoggerFactory.getLogger(OperatorInfo.class); From 4771169eefedffd47d205c2dfcda5686018bb1dd Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 17:02:01 -0600 Subject: [PATCH 34/60] revert keyacl and key --- .../java/com/uid2/core/service/KeyAclMetadataProvider.java | 2 +- .../java/com/uid2/core/service/KeyMetadataProvider.java | 2 +- src/main/java/com/uid2/core/util/OperatorInfo.java | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java b/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java index 7b567343..8e81bbdf 100644 --- a/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeyAclMetadataProvider.java @@ -21,7 +21,7 @@ public KeyAclMetadataProvider(ICloudStorage cloudStorage) { @Override public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysAclMetadataPathProp), info.getSupportsEncryption()); + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysAclMetadataPathProp)); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keys_acl"); diff --git a/src/main/java/com/uid2/core/service/KeyMetadataProvider.java b/src/main/java/com/uid2/core/service/KeyMetadataProvider.java index 696452d4..a68147ca 100644 --- a/src/main/java/com/uid2/core/service/KeyMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeyMetadataProvider.java @@ -23,7 +23,7 @@ public KeyMetadataProvider(ICloudStorage cloudStorage) { @Override public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(KeysMetadataPathName),info.getSupportsEncryption()); + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(KeysMetadataPathName)); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keys"); diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 3cb45c6f..253ba393 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -22,7 +22,7 @@ public class OperatorInfo { private final OperatorType operatorType; private final int siteId; private final boolean supportsEncryption; - private static final String ENCRYPTION_SUPPORT_VERSION = ConfigStore.Global.getOrDefault("encryption_support_version", "9999"); + private static final String encryptionSupportVersion = ConfigStore.Global.getOrDefault("encryption_support_version", "9999"); static Logger logger = LoggerFactory.getLogger(OperatorInfo.class); @@ -63,9 +63,9 @@ static boolean supportsEncryption(RoutingContext rc) { for (String version : versions) { if (version.startsWith("uid2-operator=")) { String operatorVersion = version.substring("uid2-operator=".length()); - boolean isSupported = isVersionGreaterOrEqual(operatorVersion, ENCRYPTION_SUPPORT_VERSION); + boolean isSupported = isVersionGreaterOrEqual(operatorVersion, encryptionSupportVersion); logger.info("Operator version: {}, Required version for encryption: {}, Result: {}", - operatorVersion, ENCRYPTION_SUPPORT_VERSION, isSupported ? "Supports encryption" : "Does not support encryption"); + operatorVersion, encryptionSupportVersion, isSupported ? "Supports encryption" : "Does not support encryption"); return isSupported; } } From bde5d9e69814112ef0f951b1f5fb37b66b2f5e24 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 18:31:52 -0600 Subject: [PATCH 35/60] updated testcoreverticle --- .../uid2/core/service/ClientMetadataProvider.java | 2 +- .../java/com/uid2/core/vertx/TestCoreVerticle.java | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/uid2/core/service/ClientMetadataProvider.java b/src/main/java/com/uid2/core/service/ClientMetadataProvider.java index 56626c91..1ad85f50 100644 --- a/src/main/java/com/uid2/core/service/ClientMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/ClientMetadataProvider.java @@ -23,7 +23,7 @@ public class ClientMetadataProvider implements IClientMetadataProvider { @Override public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(ClientsMetadataPathName),info.getSupportsEncryption()); + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(ClientsMetadataPathName)); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("client_keys"); diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 8b10fe1d..4cc02eb9 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -25,6 +25,7 @@ import io.vertx.junit5.VertxTestContext; import static com.uid2.core.service.KeyMetadataProvider.KeysMetadataPathName; +import static com.uid2.shared.Const.Config.KeysetsMetadataPathProp; import static org.junit.jupiter.api.Assertions.*; import org.junit.jupiter.api.BeforeEach; @@ -81,7 +82,7 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th config.put(Const.Config.OptOutUrlProp, "test_optout_url"); config.put(Const.Config.CorePublicUrlProp, "test_core_url"); config.put(Const.Config.AwsKmsJwtSigningKeyIdProp, "test_aws_kms_keyId"); - config.put(KeysMetadataPathName, "keys/metadata.json"); + config.put(Const.Config.KeysetsMetadataPathProp, "keysets/metadata.json"); config.put(encryptionSupportVersion, "2.6"); if (info.getTags().contains("dontForceJwt")) { config.put(Const.Config.EnforceJwtProp, false); @@ -99,9 +100,9 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th String path = invocation.getArgument(0); System.out.println(path); if (path.contains("encrypted")) { - return new ByteArrayInputStream("{ \"keys\": { \"location\": \"encrypted-location\" } }".getBytes()); + return new ByteArrayInputStream("{ \"keysets\": { \"location\": \"encrypted-location\" } }".getBytes()); } else { - return new ByteArrayInputStream("{ \"keys\": { \"location\": \"default-location\" } }".getBytes()); + return new ByteArrayInputStream("{ \"keysets\": { \"location\": \"default-location\" } }".getBytes()); } }); @@ -654,7 +655,7 @@ void s3encryptionKeyRetrieveNoKeysOrError(Vertx vertx, VertxTestContext testCont @Tag("dontForceJwt") @Test - void keysRefreshSuccessHigherVersion(Vertx vertx, VertxTestContext testContext) throws Exception { + void keysetRefreshSuccessHigherVersion(Vertx vertx, VertxTestContext testContext) throws Exception { fakeAuth(attestationProtocolPublic, Role.OPERATOR); addAttestationProvider(attestationProtocolPublic); onHandleAttestationRequest(() -> { @@ -665,14 +666,14 @@ void keysRefreshSuccessHigherVersion(Vertx vertx, VertxTestContext testContext) MultiMap headers = MultiMap.caseInsensitiveMultiMap(); headers.add(Const.Http.AppVersionHeader, "uid2-operator=3.7.16-SNAPSHOT;uid2-attestation-api=1.1.0;uid2-shared=2.7.0-3e279acefa"); - getWithVersion(vertx, "key/refresh", headers, ar -> { + getWithVersion(vertx, "key/keyset/refresh", headers, ar -> { assertTrue(ar.succeeded()); if (ar.succeeded()) { HttpResponse response = ar.result(); assertEquals(200, response.statusCode()); String responseBody = response.bodyAsString(); System.out.println(responseBody); - assertEquals("{\"keys\":{\"location\":\"http://encrypted_url\"}}", responseBody); + assertEquals("{\"keysets\":{\"location\":\"http://encrypted_url\"}}", responseBody); testContext.completeNow(); } else { testContext.failNow(ar.cause()); From 1396829d88b69255e518c9cd22902206854010c2 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 18:45:38 -0600 Subject: [PATCH 36/60] update, if this is not working then I am not sure what to do --- pom.xml | 2 +- src/main/java/com/uid2/core/util/OperatorInfo.java | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index b5ab4025..934a3d8b 100644 --- a/pom.xml +++ b/pom.xml @@ -24,7 +24,7 @@ com.uid2.core.vertx.CoreVerticle io.vertx.core.Launcher - 7.17.0 + 7.17.7-alpha-139-SNAPSHOT ${project.version} diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 253ba393..40356e78 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -1,4 +1,5 @@ package com.uid2.core.util; +import com.uid2.core.Const; import com.uid2.shared.auth.IAuthorizable; import com.uid2.shared.auth.OperatorKey; import com.uid2.shared.auth.OperatorType; @@ -22,7 +23,7 @@ public class OperatorInfo { private final OperatorType operatorType; private final int siteId; private final boolean supportsEncryption; - private static final String encryptionSupportVersion = ConfigStore.Global.getOrDefault("encryption_support_version", "9999"); + private static final String encryptionSupportVersion = ConfigStore.Global.getOrDefault(Const.Config.encryptionSupportVersion, "9999"); static Logger logger = LoggerFactory.getLogger(OperatorInfo.class); From 349b3a3097334d087e6afca881ca4fc0493e8178 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 18:48:33 -0600 Subject: [PATCH 37/60] update, if this is not working then I am not sure what to do --- src/test/java/com/uid2/core/vertx/TestCoreVerticle.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 4cc02eb9..0f416bfb 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -74,7 +74,6 @@ public class TestCoreVerticle { private static final String attestationProtocol = "test-attestation-protocol"; private static final String attestationProtocolPublic = "trusted"; - private static final String encryptionSupportVersion = "encryption_support_version"; @BeforeEach void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) throws Throwable { @@ -83,7 +82,7 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th config.put(Const.Config.CorePublicUrlProp, "test_core_url"); config.put(Const.Config.AwsKmsJwtSigningKeyIdProp, "test_aws_kms_keyId"); config.put(Const.Config.KeysetsMetadataPathProp, "keysets/metadata.json"); - config.put(encryptionSupportVersion, "2.6"); + config.put(Const.Config.encryptionSupportVersion, "2.6"); if (info.getTags().contains("dontForceJwt")) { config.put(Const.Config.EnforceJwtProp, false); } else { @@ -694,13 +693,13 @@ void keysRefreshSuccessLowerVersion(Vertx vertx, VertxTestContext testContext) t MultiMap headers = MultiMap.caseInsensitiveMultiMap(); headers.add(Const.Http.AppVersionHeader, "uid2-operator=2.1.16-SNAPSHOT;uid2-attestation-api=1.1.0;uid2-shared=2.7.0-3e279acefa"); - getWithVersion(vertx, "key/refresh", headers, ar -> { + getWithVersion(vertx, "key/keyset/refresh", headers, ar -> { if (ar.succeeded()) { HttpResponse response = ar.result(); System.out.println(response.bodyAsString()); assertEquals(200, response.statusCode()); String responseBody = response.bodyAsString(); - assertEquals("{\"keys\":{\"location\":\"http://default_url\"}}", responseBody); + assertEquals("{\"keysets\":{\"location\":\"http://default_url\"}}", responseBody); testContext.completeNow(); } else { testContext.failNow(ar.cause()); From 4c7247a9b21cbc0489074bf3e39148c9ef46a0a3 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 20:24:28 -0600 Subject: [PATCH 38/60] test: deplaying the initialization of config number --- src/main/java/com/uid2/core/util/OperatorInfo.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 40356e78..9903a861 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -12,6 +12,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import static com.uid2.shared.Const.Config.encryptionSupportVersion; import static com.uid2.shared.Const.Http.AppVersionHeader; import static com.uid2.shared.middleware.AuthMiddleware.API_CLIENT_PROP; @@ -23,7 +24,6 @@ public class OperatorInfo { private final OperatorType operatorType; private final int siteId; private final boolean supportsEncryption; - private static final String encryptionSupportVersion = ConfigStore.Global.getOrDefault(Const.Config.encryptionSupportVersion, "9999"); static Logger logger = LoggerFactory.getLogger(OperatorInfo.class); @@ -64,7 +64,7 @@ static boolean supportsEncryption(RoutingContext rc) { for (String version : versions) { if (version.startsWith("uid2-operator=")) { String operatorVersion = version.substring("uid2-operator=".length()); - boolean isSupported = isVersionGreaterOrEqual(operatorVersion, encryptionSupportVersion); + boolean isSupported = isVersionGreaterOrEqual(operatorVersion, ConfigStore.Global.getOrDefault(encryptionSupportVersion, "9999")); logger.info("Operator version: {}, Required version for encryption: {}, Result: {}", operatorVersion, encryptionSupportVersion, isSupported ? "Supports encryption" : "Does not support encryption"); return isSupported; From 29c3bb96f45f82be0608fb96050a0acaaceebcb7 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 20:58:22 -0600 Subject: [PATCH 39/60] update shared only for 3574 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 934a3d8b..50aaa81f 100644 --- a/pom.xml +++ b/pom.xml @@ -24,7 +24,7 @@ com.uid2.core.vertx.CoreVerticle io.vertx.core.Launcher - 7.17.7-alpha-139-SNAPSHOT + 7.17.8-alpha-140-SNAPSHOT ${project.version} From d88c3e64a671ba362d92dd6af07c3155f7f9ee96 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 21:15:26 -0600 Subject: [PATCH 40/60] update comments --- src/main/java/com/uid2/core/util/OperatorInfo.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 9903a861..9d8c54c8 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -47,9 +47,7 @@ public static OperatorInfo getOperatorInfo(RoutingContext rc) throws Exception { IAuthorizable profile = (IAuthorizable) rc.data().get(API_CLIENT_PROP); if (profile instanceof OperatorKey) { OperatorKey operatorKey = (OperatorKey) profile; - boolean supportsEncryption = supportsEncryption(rc); - logger.info("Operator supports encryption: {}", supportsEncryption); - return new OperatorInfo(operatorKey.getOperatorType(), operatorKey.getSiteId(), supportsEncryption); + return new OperatorInfo(operatorKey.getOperatorType(), operatorKey.getSiteId(), supportsEncryption(rc)); } throw new Exception("Cannot determine the operator type and site id from the profile"); } @@ -65,8 +63,8 @@ static boolean supportsEncryption(RoutingContext rc) { if (version.startsWith("uid2-operator=")) { String operatorVersion = version.substring("uid2-operator=".length()); boolean isSupported = isVersionGreaterOrEqual(operatorVersion, ConfigStore.Global.getOrDefault(encryptionSupportVersion, "9999")); - logger.info("Operator version: {}, Required version for encryption: {}, Result: {}", - operatorVersion, encryptionSupportVersion, isSupported ? "Supports encryption" : "Does not support encryption"); + logger.info("Operator version: {}, {}", + operatorVersion, isSupported ? "Supports encryption" : "Does not support encryption"); return isSupported; } } From d8df255531feaacf930ee08fd5279fc334975851 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Tue, 6 Aug 2024 21:24:56 -0600 Subject: [PATCH 41/60] update client --- src/main/java/com/uid2/core/service/ClientMetadataProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/core/service/ClientMetadataProvider.java b/src/main/java/com/uid2/core/service/ClientMetadataProvider.java index 1ad85f50..56626c91 100644 --- a/src/main/java/com/uid2/core/service/ClientMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/ClientMetadataProvider.java @@ -23,7 +23,7 @@ public class ClientMetadataProvider implements IClientMetadataProvider { @Override public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(ClientsMetadataPathName)); + String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(ClientsMetadataPathName),info.getSupportsEncryption()); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("client_keys"); From fe7c567a647cacf3d49e3921dc11532cd8e76e4f Mon Sep 17 00:00:00 2001 From: lizk886 Date: Wed, 7 Aug 2024 11:21:26 -0600 Subject: [PATCH 42/60] take in operator info --- .../java/com/uid2/core/service/ClientMetadataProvider.java | 2 +- .../com/uid2/core/service/KeysetKeysMetadataProvider.java | 2 +- .../java/com/uid2/core/service/KeysetMetadataProvider.java | 2 +- src/main/java/com/uid2/core/util/MetadataHelper.java | 5 +++++ 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/uid2/core/service/ClientMetadataProvider.java b/src/main/java/com/uid2/core/service/ClientMetadataProvider.java index 56626c91..36935274 100644 --- a/src/main/java/com/uid2/core/service/ClientMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/ClientMetadataProvider.java @@ -23,7 +23,7 @@ public class ClientMetadataProvider implements IClientMetadataProvider { @Override public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(ClientsMetadataPathName),info.getSupportsEncryption()); + String pathname = getMetadataPathName(info, SecretStore.Global.get(ClientsMetadataPathName)); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("client_keys"); diff --git a/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java b/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java index 3cdd413b..f013ee2d 100644 --- a/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeysetKeysMetadataProvider.java @@ -21,7 +21,7 @@ public KeysetKeysMetadataProvider(ICloudStorage cloudStorage) { @Override public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysetKeysMetadataPathProp), info.getSupportsEncryption()); + String pathname = getMetadataPathName(info, SecretStore.Global.get(Const.Config.KeysetKeysMetadataPathProp)); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keyset_keys"); diff --git a/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java b/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java index 51d66612..208eea85 100644 --- a/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/KeysetMetadataProvider.java @@ -20,7 +20,7 @@ public KeysetMetadataProvider(ICloudStorage cloudStorage) { @Override public String getMetadata(OperatorInfo info) throws Exception { - String pathname = getMetadataPathName(info.getOperatorType(), info.getSiteId(), SecretStore.Global.get(Const.Config.KeysetsMetadataPathProp), info.getSupportsEncryption()); + String pathname = getMetadataPathName(info, SecretStore.Global.get(Const.Config.KeysetsMetadataPathProp)); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("keysets"); diff --git a/src/main/java/com/uid2/core/util/MetadataHelper.java b/src/main/java/com/uid2/core/util/MetadataHelper.java index 4250d1c8..a6e48373 100644 --- a/src/main/java/com/uid2/core/util/MetadataHelper.java +++ b/src/main/java/com/uid2/core/util/MetadataHelper.java @@ -27,6 +27,11 @@ public static String getMetadataPathName(OperatorType operatorType, int siteId, return getMetadataPathName(operatorType, siteId, metadataPathName, false); } + public static String getMetadataPathName(OperatorInfo info, String metadataPathName) { + return getMetadataPathName(info.getOperatorType(), info.getSiteId(), metadataPathName, info.getSupportsEncryption()); + } + + public static String getMetadataPathName(OperatorType operatorType, int siteId, String metadataPathName, Boolean canDecrypt) { StoreScope store; Boolean providePrivateSiteData = ConfigStore.Global.getBoolean("provide_private_site_data"); From 4e5fd45dfd63e67fed663fd89bddf336546187cb Mon Sep 17 00:00:00 2001 From: lizk886 Date: Wed, 7 Aug 2024 11:24:26 -0600 Subject: [PATCH 43/60] huge encryption benchmark --- conf/default-config.json | 2 +- conf/integ-config.json | 2 +- conf/local-config.json | 2 +- conf/local-e2e-config.json | 2 +- conf/local-e2e-docker-config.json | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/default-config.json b/conf/default-config.json index 63ca7b4b..a0ce39dd 100644 --- a/conf/default-config.json +++ b/conf/default-config.json @@ -18,5 +18,5 @@ "att_token_enc_salt": null, "enforceJwt": false, "s3_keys_metadata_path": null, - "encryption_support_version": "5.0" + "encryption_support_version": "8888" } diff --git a/conf/integ-config.json b/conf/integ-config.json index 86865815..70c03aa0 100644 --- a/conf/integ-config.json +++ b/conf/integ-config.json @@ -19,5 +19,5 @@ "salts_metadata_path": "uid2/salts/metadata.json", "enforceJwt": false, "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json", - "encryption_support_version": "5.0" + "encryption_support_version": "8888" } \ No newline at end of file diff --git a/conf/local-config.json b/conf/local-config.json index 2fbcaf42..c44b28d9 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -20,5 +20,5 @@ "provide_private_site_data": true, "enforceJwt": false, "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json", - "encryption_support_version": "5.0" + "encryption_support_version": "8888" } diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json index 6cf2ef26..c3840884 100644 --- a/conf/local-e2e-config.json +++ b/conf/local-e2e-config.json @@ -34,5 +34,5 @@ "core_public_url": "http://localhost:8088", "optout_url": "http://localhost:8081", "s3_keys_metadata_path": "s3encryption_keys/metadata.json", - "encryption_support_version": "5.0" + "encryption_support_version": "8888" } diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index 2e6b1e3d..3ae190dd 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -33,5 +33,5 @@ "core_public_url": "http://core:8088", "optout_url": "http://optout:8081", "s3_keys_metadata_path": "s3encryption_keys/metadata.json", - "encryption_support_version": "5.0" + "encryption_support_version": "8888" } From b73ba5c40c064f568eb0971a735beeeb7a52f167 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Wed, 7 Aug 2024 17:28:37 +0000 Subject: [PATCH 44/60] [CI Pipeline] Released Snapshot version: 2.17.6-alpha-42-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 50aaa81f..2cf53745 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.17.5-alpha-40-SNAPSHOT + 2.17.6-alpha-42-SNAPSHOT UTF-8 From 18324c1b181f3d7ef9a0f238b8a317d92a3a3c1a Mon Sep 17 00:00:00 2001 From: lizk886 Date: Wed, 7 Aug 2024 11:39:36 -0600 Subject: [PATCH 45/60] update site, let it read encrpted/pliantext contents too --- .../java/com/uid2/core/service/ISiteMetadataProvider.java | 4 +++- .../java/com/uid2/core/service/SiteMetadataProvider.java | 7 +++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/uid2/core/service/ISiteMetadataProvider.java b/src/main/java/com/uid2/core/service/ISiteMetadataProvider.java index 6e182296..993f55fd 100644 --- a/src/main/java/com/uid2/core/service/ISiteMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/ISiteMetadataProvider.java @@ -1,5 +1,7 @@ package com.uid2.core.service; +import com.uid2.core.util.OperatorInfo; + public interface ISiteMetadataProvider { - String getMetadata() throws Exception; + String getMetadata(OperatorInfo info) throws Exception; } diff --git a/src/main/java/com/uid2/core/service/SiteMetadataProvider.java b/src/main/java/com/uid2/core/service/SiteMetadataProvider.java index 4d4bae14..4f95ab83 100644 --- a/src/main/java/com/uid2/core/service/SiteMetadataProvider.java +++ b/src/main/java/com/uid2/core/service/SiteMetadataProvider.java @@ -1,6 +1,8 @@ package com.uid2.core.service; import com.uid2.core.model.SecretStore; +import com.uid2.core.util.OperatorInfo; +import com.uid2.shared.Const; import com.uid2.shared.cloud.ICloudStorage; import com.uid2.shared.store.CloudPath; import com.uid2.shared.store.scope.GlobalScope; @@ -11,6 +13,7 @@ import java.io.InputStream; import java.io.InputStreamReader; +import static com.uid2.core.util.MetadataHelper.getMetadataPathName; import static com.uid2.core.util.MetadataHelper.readToEndAsString; public class SiteMetadataProvider implements ISiteMetadataProvider { @@ -22,8 +25,8 @@ public SiteMetadataProvider(ICloudStorage cloudStorage) { this.metadataStreamProvider = this.downloadUrlGenerator = cloudStorage; } @Override - public String getMetadata() throws Exception { - String pathname = new GlobalScope(new CloudPath(SecretStore.Global.get(SiteMetadataPathName))).getMetadataPath().toString(); + public String getMetadata(OperatorInfo info) throws Exception { + String pathname = getMetadataPathName(info, SecretStore.Global.get(SiteMetadataPathName)); String original = readToEndAsString(metadataStreamProvider.download(pathname)); JsonObject main = (JsonObject) Json.decodeValue(original); JsonObject obj = main.getJsonObject("sites"); From 0f985c813404ee94618e76792f3025276755397e Mon Sep 17 00:00:00 2001 From: lizk886 Date: Wed, 7 Aug 2024 11:40:08 -0600 Subject: [PATCH 46/60] update site, let it read encrpted/pliantext contents too --- conf/default-config.json | 2 +- conf/integ-config.json | 2 +- conf/local-config.json | 2 +- conf/local-e2e-config.json | 2 +- conf/local-e2e-docker-config.json | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/default-config.json b/conf/default-config.json index a0ce39dd..08caf738 100644 --- a/conf/default-config.json +++ b/conf/default-config.json @@ -18,5 +18,5 @@ "att_token_enc_salt": null, "enforceJwt": false, "s3_keys_metadata_path": null, - "encryption_support_version": "8888" + "encryption_support_version": "5" } diff --git a/conf/integ-config.json b/conf/integ-config.json index 70c03aa0..a9c09abe 100644 --- a/conf/integ-config.json +++ b/conf/integ-config.json @@ -19,5 +19,5 @@ "salts_metadata_path": "uid2/salts/metadata.json", "enforceJwt": false, "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json", - "encryption_support_version": "8888" + "encryption_support_version": "5" } \ No newline at end of file diff --git a/conf/local-config.json b/conf/local-config.json index c44b28d9..c02cf078 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -20,5 +20,5 @@ "provide_private_site_data": true, "enforceJwt": false, "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json", - "encryption_support_version": "8888" + "encryption_support_version": "5" } diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json index c3840884..6f86d1a4 100644 --- a/conf/local-e2e-config.json +++ b/conf/local-e2e-config.json @@ -34,5 +34,5 @@ "core_public_url": "http://localhost:8088", "optout_url": "http://localhost:8081", "s3_keys_metadata_path": "s3encryption_keys/metadata.json", - "encryption_support_version": "8888" + "encryption_support_version": "5" } diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index 3ae190dd..dcf60e2b 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -33,5 +33,5 @@ "core_public_url": "http://core:8088", "optout_url": "http://optout:8081", "s3_keys_metadata_path": "s3encryption_keys/metadata.json", - "encryption_support_version": "8888" + "encryption_support_version": "5" } From 135867b0212688998f0d9cd51f0c8cbef1a43c22 Mon Sep 17 00:00:00 2001 From: lizk886 Date: Wed, 7 Aug 2024 11:43:14 -0600 Subject: [PATCH 47/60] update site --- src/main/java/com/uid2/core/vertx/CoreVerticle.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index 8477293d..e81e0a61 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -358,7 +358,7 @@ private void handleSiteRefresh(RoutingContext rc) { return; } rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") - .end(siteMetadataProvider.getMetadata()); + .end(siteMetadataProvider.getMetadata(info)); } catch (Exception e) { logger.warn("exception in handleSiteRefresh: " + e.getMessage(), e); Error("error", 500, rc, "error processing sites refresh"); From 60500138ac0535c208810ef0c0b1cc0395a26670 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Wed, 7 Aug 2024 18:05:07 +0000 Subject: [PATCH 48/60] [CI Pipeline] Released Snapshot version: 2.17.7-alpha-43-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2cf53745..a93a700c 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.17.6-alpha-42-SNAPSHOT + 2.17.7-alpha-43-SNAPSHOT UTF-8 From 4aec4264bdc948b1338c51c98d8382ee142d7e43 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Wed, 7 Aug 2024 18:43:59 +0000 Subject: [PATCH 49/60] [CI Pipeline] Released Snapshot version: 2.17.8-alpha-44-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a93a700c..2fe1cba6 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.17.7-alpha-43-SNAPSHOT + 2.17.8-alpha-44-SNAPSHOT UTF-8 From 3a5e1350088ab3e7e821e254c1edf398f7cb627e Mon Sep 17 00:00:00 2001 From: lizk886 Date: Fri, 9 Aug 2024 12:06:39 -0600 Subject: [PATCH 50/60] make logger using debig version --- .../java/com/uid2/core/util/OperatorInfo.java | 2 +- .../com.uid2.core/test/operators/operators.json | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 9d8c54c8..333ae2b6 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -63,7 +63,7 @@ static boolean supportsEncryption(RoutingContext rc) { if (version.startsWith("uid2-operator=")) { String operatorVersion = version.substring("uid2-operator=".length()); boolean isSupported = isVersionGreaterOrEqual(operatorVersion, ConfigStore.Global.getOrDefault(encryptionSupportVersion, "9999")); - logger.info("Operator version: {}, {}", + logger.debug("Operator version: {}, {}", operatorVersion, isSupported ? "Supports encryption" : "Does not support encryption"); return isSupported; } diff --git a/src/main/resources/com.uid2.core/test/operators/operators.json b/src/main/resources/com.uid2.core/test/operators/operators.json index 8da78f31..795783cc 100644 --- a/src/main/resources/com.uid2.core/test/operators/operators.json +++ b/src/main/resources/com.uid2.core/test/operators/operators.json @@ -1,4 +1,21 @@ [ + { + "key": "UID2-O-L-999-dp9Dt0.JVoGpynN4J8nMA7FxmzsavxJa8B9H74y9xdEE=", + "name": "Special", + "contact": "Special", + "protocol": "trusted", + "created": 1701210253, + "disabled": false, + "roles": [ + "OPERATOR", + "OPTOUT" + ], + "site_id": 999, + "operator_type": "PUBLIC", + "key_hash": "rTD7MpJn5/j4G6N+Ph659F4FGtiJy7MLNtfVA7XUdu6cYC9ok6EwGeI2upyDOvxvPkOCUn7HBKay8ubPQmRc0A==", + "key_salt": "ZpqdDFksFeWx/ouPAoWi39TVuGrSGwijfCN4f0pAl2Y=", + "key_id": "UID2-O-L-999-dp9Dt" + }, { "key": "test-partner-key", "name": "partner@uid2.com", From 2b5736df7a45d3f5f18e257bf31dad3edea3250f Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Thu, 7 Nov 2024 20:11:57 -0700 Subject: [PATCH 51/60] Added some more unit tests --- pom.xml | 5 ++ .../java/com/uid2/core/util/OperatorInfo.java | 3 + .../uid2/core/util/TestMetadataHelper.java | 67 +++++++++++++++++++ 3 files changed, 75 insertions(+) create mode 100644 src/test/java/com/uid2/core/util/TestMetadataHelper.java diff --git a/pom.xml b/pom.xml index 2fe1cba6..5374e748 100644 --- a/pom.xml +++ b/pom.xml @@ -109,6 +109,11 @@ 5.2.0 test + + net.bytebuddy + byte-buddy + 1.14.17 + io.vertx vertx-micrometer-metrics diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index 333ae2b6..bf5e5fff 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -72,6 +72,9 @@ static boolean supportsEncryption(RoutingContext rc) { return false; } + /* + Returns if the version of a semvar v1 is greater or equal to v2 + */ static boolean isVersionGreaterOrEqual(String v1, String v2) { Pattern pattern = Pattern.compile("(\\d+)(?:\\.(\\d+))?(?:\\.(\\d+))?"); Matcher m1 = pattern.matcher(v1); diff --git a/src/test/java/com/uid2/core/util/TestMetadataHelper.java b/src/test/java/com/uid2/core/util/TestMetadataHelper.java new file mode 100644 index 00000000..5d5f8071 --- /dev/null +++ b/src/test/java/com/uid2/core/util/TestMetadataHelper.java @@ -0,0 +1,67 @@ +package com.uid2.core.util; + +import com.uid2.core.model.ConfigStore; +import com.uid2.shared.auth.OperatorType; +import io.vertx.core.json.JsonObject; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.Mockito.when; + + +public class TestMetadataHelper { + + @Mock + private OperatorInfo operatorInfo; + + @BeforeEach + void setUp() { + MockitoAnnotations.openMocks(this); + ConfigStore.Global.load(new JsonObject().put("provide_private_site_data", true)); + } + + @Test + void testGetMetadataPathNameDecryptPublic() { + when(operatorInfo.getOperatorType()).thenReturn(OperatorType.PUBLIC); + when(operatorInfo.getSiteId()).thenReturn(42); + when(operatorInfo.getSupportsEncryption()).thenReturn(true); + + String result = MetadataHelper.getMetadataPathName(operatorInfo, "s3://test-bucket/folder/"); + assertEquals("s3://test-bucket/encrypted/42_public/folder", result); + } + + @Test + void testGetMetadataPathNameDecryptPrivate() { + when(operatorInfo.getOperatorType()).thenReturn(OperatorType.PRIVATE); + when(operatorInfo.getSiteId()).thenReturn(42); + when(operatorInfo.getSupportsEncryption()).thenReturn(true); + + String result = MetadataHelper.getMetadataPathName(operatorInfo, "s3://test-bucket/folder/"); + assertEquals("s3://test-bucket/encrypted/42_private/folder", result); + } + + + @Test + void testGetMetadataPathNamePublic() { + when(operatorInfo.getOperatorType()).thenReturn(OperatorType.PUBLIC); + when(operatorInfo.getSiteId()).thenReturn(42); + when(operatorInfo.getSupportsEncryption()).thenReturn(false); + + String result = MetadataHelper.getMetadataPathName(operatorInfo, "s3://test-bucket/folder/"); + assertEquals("s3://test-bucket/folder", result); + } + + + @Test + void testGetMetadataPathNamePrivate() { + when(operatorInfo.getOperatorType()).thenReturn(OperatorType.PRIVATE); + when(operatorInfo.getSiteId()).thenReturn(42); + when(operatorInfo.getSupportsEncryption()).thenReturn(false); + + String result = MetadataHelper.getMetadataPathName(operatorInfo, "s3://test-bucket/folder/"); + assertEquals("s3://test-bucket/site/42/folder", result); + } +} From a06375927f74f24eac80a956393faa6872a027d6 Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Tue, 12 Nov 2024 09:37:39 -0700 Subject: [PATCH 52/60] Small PR comments and upgraded to published shared version --- pom.xml | 2 +- .../com/uid2/core/util/MetadataHelper.java | 4 +-- .../com/uid2/core/util/TestOperatorInfo.java | 5 ++++ .../com/uid2/core/vertx/TestCoreVerticle.java | 25 +++++++++++++++++++ 4 files changed, 33 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 5374e748..288e52d1 100644 --- a/pom.xml +++ b/pom.xml @@ -24,7 +24,7 @@ com.uid2.core.vertx.CoreVerticle io.vertx.core.Launcher - 7.17.8-alpha-140-SNAPSHOT + 7.21.0 ${project.version} diff --git a/src/main/java/com/uid2/core/util/MetadataHelper.java b/src/main/java/com/uid2/core/util/MetadataHelper.java index a6e48373..4110aca6 100644 --- a/src/main/java/com/uid2/core/util/MetadataHelper.java +++ b/src/main/java/com/uid2/core/util/MetadataHelper.java @@ -32,10 +32,10 @@ public static String getMetadataPathName(OperatorInfo info, String metadataPathN } - public static String getMetadataPathName(OperatorType operatorType, int siteId, String metadataPathName, Boolean canDecrypt) { + public static String getMetadataPathName(OperatorType operatorType, int siteId, String metadataPathName, Boolean supportsDecryption) { StoreScope store; Boolean providePrivateSiteData = ConfigStore.Global.getBoolean("provide_private_site_data"); - if (canDecrypt) { // Check if decryption is possible + if (supportsDecryption) { // Check if decryption is possible if (operatorType == OperatorType.PUBLIC ) //siteId_public folder { store = new EncryptedScope(new CloudPath(metadataPathName), siteId, true); diff --git a/src/test/java/com/uid2/core/util/TestOperatorInfo.java b/src/test/java/com/uid2/core/util/TestOperatorInfo.java index a1fcf6ca..9d3b8393 100644 --- a/src/test/java/com/uid2/core/util/TestOperatorInfo.java +++ b/src/test/java/com/uid2/core/util/TestOperatorInfo.java @@ -96,5 +96,10 @@ void testIsVersionGreaterOrEqual() { assertFalse(OperatorInfo.isVersionGreaterOrEqual("1.0.0", "2.0.0")); assertTrue(OperatorInfo.isVersionGreaterOrEqual("2.1.0", "2.0.0")); assertFalse(OperatorInfo.isVersionGreaterOrEqual("2.0.1", "2.1.0")); + assertFalse(OperatorInfo.isVersionGreaterOrEqual("operator.5.26.19-56899dc0d7", "operator.5.27.19-56899dc0d7")); + assertTrue(OperatorInfo.isVersionGreaterOrEqual("operator.5.27.19-56899dc0d7", "operator.5.27.19-56899dc0d7")); + assertTrue(OperatorInfo.isVersionGreaterOrEqual("operator.5.27.19-56899dc0d7", "operator.5.26.19-56899dc0d7")); + + assertTrue(OperatorInfo.isVersionGreaterOrEqual("uid2-operator.5.40.25-alpha-15-SNAPSHOT", "uid2-operator.5.40.25-alpha-15-SNAPSHOT")); } } \ No newline at end of file diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 0f416bfb..786c8ef9 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -707,4 +707,29 @@ void keysRefreshSuccessLowerVersion(Vertx vertx, VertxTestContext testContext) t }); } + @Tag("dontForceJwt") + @Test + void keysRefreshSuccessNoHeaderVersion(Vertx vertx, VertxTestContext testContext) throws Exception { + fakeAuth(attestationProtocolPublic, Role.OPERATOR); + addAttestationProvider(attestationProtocolPublic); + onHandleAttestationRequest(() -> { + byte[] resultPublicKey = null; + return Future.succeededFuture(new AttestationResult(resultPublicKey, "test")); + }); + + MultiMap headers = MultiMap.caseInsensitiveMultiMap(); + + getWithVersion(vertx, "key/keyset/refresh", headers, ar -> { + if (ar.succeeded()) { + HttpResponse response = ar.result(); + System.out.println(response.bodyAsString()); + assertEquals(200, response.statusCode()); + String responseBody = response.bodyAsString(); + assertEquals("{\"keysets\":{\"location\":\"http://default_url\"}}", responseBody); + testContext.completeNow(); + } else { + testContext.failNow(ar.cause()); + } + }); + } } From 557b4f855ae9ca899aa2e5be97984df1f35157ef Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Tue, 12 Nov 2024 09:51:56 -0700 Subject: [PATCH 53/60] Finished merge --- pom.xml | 266 +----------------- .../com/uid2/core/vertx/CoreVerticle.java | 16 +- .../com/uid2/core/vertx/TestCoreVerticle.java | 7 - 3 files changed, 21 insertions(+), 268 deletions(-) diff --git a/pom.xml b/pom.xml index 3b9abd17..bf51de4a 100644 --- a/pom.xml +++ b/pom.xml @@ -24,15 +24,9 @@ com.uid2.core.vertx.CoreVerticle io.vertx.core.Launcher -<<<<<<< HEAD 7.21.0 ${project.version} -======= - 7.20.0 - ${project.version} - ->>>>>>> main @@ -183,121 +177,17 @@ 5.12.0 test - - - -<<<<<<< HEAD - - - com.uid2 - uid2-shared - ${uid2-shared.version} - - - io.vertx - vertx-core - - - io.vertx - vertx-config - ${vertx.version} - - - io.vertx - vertx-web - ${vertx.version} - - - io.vertx - vertx-web-client - ${vertx.version} - - - com.google.auth - google-auth-library-oauth2-http - 1.14.0 - - - io.vertx - vertx-junit5 - test - - - org.junit.jupiter - junit-jupiter-api - ${junit-jupiter.version} - test - - - org.junit.jupiter - junit-jupiter-engine - ${junit-jupiter.version} - test - - - org.mockito - mockito-inline - 5.2.0 - test - - - net.bytebuddy - byte-buddy - 1.14.17 - - - io.vertx - vertx-micrometer-metrics - ${vertx.version} - - - co.nstant.in - cbor - 0.9 - - - com.amazonaws - aws-java-sdk-s3 - 1.12.701 - - - io.micrometer - micrometer-registry-prometheus - ${micrometer.version} - - - ch.qos.logback - logback-core - 1.4.12 - - - ch.qos.logback - logback-classic - 1.4.12 - - - com.github.loki4j - loki-logback-appender - 1.2.0 - - - commons-codec - commons-codec - 1.15 - - - software.amazon.awssdk - secretsmanager - - - software.amazon.awssdk - kms - - - software.amazon.awssdk - sts - - + + org.mockito + mockito-inline + 5.2.0 + test + + + net.bytebuddy + byte-buddy + 1.14.17 + @@ -319,8 +209,8 @@ maven-compiler-plugin 3.11.0 - 11 - 11 + 16 + 16 @@ -422,134 +312,4 @@ -======= - - - - org.jacoco - jacoco-maven-plugin - 0.8.12 - - - - prepare-agent - - - - - - org.apache.maven.plugins - maven-compiler-plugin - 3.12.1 - - 21 - 21 - 21 - - - - org.apache.maven.plugins - maven-source-plugin - 3.2.1 - - - attach-sources - - jar - - - - - - io.reactiverse - vertx-maven-plugin - ${vertx-maven-plugin.version} - - - vmp - - initialize - package - - - - - true - - -Djava.security.egd=file:/dev/./urandom - - - - - org.apache.maven.plugins - maven-assembly-plugin - 3.3.0 - - - - jar-with-dependencies - - - - - com.uid2.core.Main - - - - - - make-assembly - - package - - single - - - - - - org.codehaus.mojo - properties-maven-plugin - 1.0.0 - - - generate-resources - - write-project-properties - - - ${project.build.outputDirectory}/${project.artifactId}.properties - - - - - - org.codehaus.mojo - exec-maven-plugin - ${exec-maven-plugin.version} - - - default-cli - - java - - - com.uid2.core.Main - - - - - - org.apache.maven.plugins - maven-surefire-plugin - ${maven-surefire-plugin.version} - - - com.azure.tools - azure-sdk-build-tool - 1.0.0 - - - ->>>>>>> main diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index c6587d97..f689619d 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -260,17 +260,17 @@ private void handleAttestAsync(RoutingContext rc) { if (!attestationResult.isSuccess()) { AttestationFailure failure = attestationResult.getFailure(); switch (failure) { - case AttestationFailure.BAD_FORMAT: - case AttestationFailure.INVALID_PROTOCOL: - case AttestationFailure.BAD_CERTIFICATE: - case AttestationFailure.BAD_PAYLOAD: - case AttestationFailure.UNKNOWN_ATTESTATION_URL: - case AttestationFailure.FORBIDDEN_ENCLAVE: + case BAD_FORMAT: + case INVALID_PROTOCOL: + case BAD_CERTIFICATE: + case BAD_PAYLOAD: + case UNKNOWN_ATTESTATION_URL: + case FORBIDDEN_ENCLAVE: setAttestationFailureReason(rc, failure, Collections.singletonMap("reason", attestationResult.getReason())); Error(attestationResult.getReason(), 403, rc, failure.explain()); return; - case AttestationFailure.UNKNOWN: - case AttestationFailure.INTERNAL_ERROR: + case UNKNOWN: + case INTERNAL_ERROR: setAttestationFailureReason(rc, failure, Collections.singletonMap("reason", attestationResult.getReason())); Error(attestationResult.getReason(), 500, rc, failure.explain()); return; diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index 30b87592..b29ce3a5 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -778,16 +778,9 @@ void s3encryptionKeyRetrieveNoKeysOrError(Vertx vertx, VertxTestContext testCont HttpResponse response2 = ar2.result(); assertEquals(500, response2.statusCode()); -<<<<<<< HEAD JsonObject json2 = response2.bodyAsJsonObject(); assertEquals("error", json2.getString("status")); assertEquals("error generating attestation token", json2.getString("message")); -======= - JsonObject json2 = response2.bodyAsJsonObject(); - System.out.println(json2); - assertEquals("error", json2.getString("status")); - assertEquals("error generating attestation token", json2.getString("message")); ->>>>>>> main testContext.completeNow(); } else { From 7bfd91515b0f666b4ce323e0ae27538453390033 Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Mon, 18 Nov 2024 12:26:45 -0700 Subject: [PATCH 54/60] Finished rename --- pom.xml | 2 +- src/main/java/com/uid2/core/Main.java | 18 ++-- .../com/uid2/core/vertx/CoreVerticle.java | 24 ++--- .../cloud_encryption_keys.json} | 0 .../test/cloud_encryption_keys/metadata.json | 7 ++ .../test/s3encryption_keys/metadata.json | 7 -- .../com/uid2/core/vertx/TestCoreVerticle.java | 88 +++++++++---------- .../com.uid2.core/model/test-config.json | 2 +- 8 files changed, 73 insertions(+), 75 deletions(-) rename src/main/resources/com.uid2.core/test/{s3encryption_keys/s3encryption_keys.json => cloud_encryption_keys/cloud_encryption_keys.json} (100%) create mode 100644 src/main/resources/com.uid2.core/test/cloud_encryption_keys/metadata.json delete mode 100644 src/main/resources/com.uid2.core/test/s3encryption_keys/metadata.json diff --git a/pom.xml b/pom.xml index bf51de4a..67695172 100644 --- a/pom.xml +++ b/pom.xml @@ -24,7 +24,7 @@ com.uid2.core.vertx.CoreVerticle io.vertx.core.Launcher - 7.21.0 + 7.21.8-alpha-159-SNAPSHOT ${project.version} diff --git a/src/main/java/com/uid2/core/Main.java b/src/main/java/com/uid2/core/Main.java index d7bc275c..f6e46231 100644 --- a/src/main/java/com/uid2/core/Main.java +++ b/src/main/java/com/uid2/core/Main.java @@ -14,8 +14,8 @@ import com.uid2.shared.attest.JwtService; import com.uid2.shared.auth.EnclaveIdentifierProvider; import com.uid2.shared.auth.RotatingOperatorKeyProvider; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; +import com.uid2.shared.model.CloudEncryptionKey; import com.uid2.shared.cloud.CloudUtils; import com.uid2.shared.cloud.EmbeddedResourceStorage; import com.uid2.shared.cloud.ICloudStorage; @@ -106,7 +106,7 @@ public static void main(String[] args) { RotatingStoreVerticle enclaveRotatingVerticle = null; RotatingStoreVerticle operatorRotatingVerticle = null; - RotatingStoreVerticle s3KeyRotatingVerticle = null; + RotatingStoreVerticle cloudEncryptionKeyRotatingVerticle = null; CoreVerticle coreVerticle = null; try { CloudPath operatorMetadataPath = new CloudPath(config.getString(Const.Config.OperatorsMetadataPathProp)); @@ -118,10 +118,10 @@ public static void main(String[] args) { EnclaveIdentifierProvider enclaveIdProvider = new EnclaveIdentifierProvider(cloudStorage, enclaveMetadataPath); enclaveRotatingVerticle = new RotatingStoreVerticle("enclaves", 60000, enclaveIdProvider); - CloudPath s3KeyMetadataPath = new CloudPath(config.getString(Const.Config.S3keysMetadataPathProp)); - GlobalScope s3KeyScope = new GlobalScope(s3KeyMetadataPath); - RotatingS3KeyProvider s3KeyProvider = new RotatingS3KeyProvider(cloudStorage, s3KeyScope); - s3KeyRotatingVerticle = new RotatingStoreVerticle("s3encryption_keys", 60000, s3KeyProvider); + CloudPath cloudEncryptionKeyMetadataPath = new CloudPath(config.getString(Const.Config.CloudEncryptionKeysMetadataPathProp)); + GlobalScope cloudEncryptionKeyScope = new GlobalScope(cloudEncryptionKeyMetadataPath); + RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider = new RotatingCloudEncryptionKeyProvider(cloudStorage, cloudEncryptionKeyScope); + cloudEncryptionKeyRotatingVerticle = new RotatingStoreVerticle("cloud_encryption_keys", 60000, cloudEncryptionKeyProvider); String corePublicUrl = ConfigStore.Global.get(Const.Config.CorePublicUrlProp); AttestationService attestationService = new AttestationService() @@ -157,7 +157,7 @@ public static void main(String[] args) { JwtService jwtService = new JwtService(config); - coreVerticle = new CoreVerticle(cloudStorage, operatorKeyProvider, attestationService, attestationTokenService, enclaveIdProvider, operatorJWTTokenProvider, jwtService, s3KeyProvider); + coreVerticle = new CoreVerticle(cloudStorage, operatorKeyProvider, attestationService, attestationTokenService, enclaveIdProvider, operatorJWTTokenProvider, jwtService, cloudEncryptionKeyProvider); } catch (Exception e) { System.out.println("failed to initialize core verticle: " + e.getMessage()); System.exit(-1); @@ -165,7 +165,7 @@ public static void main(String[] args) { vertx.deployVerticle(enclaveRotatingVerticle); vertx.deployVerticle(operatorRotatingVerticle); - vertx.deployVerticle(s3KeyRotatingVerticle); + vertx.deployVerticle(cloudEncryptionKeyRotatingVerticle); vertx.deployVerticle(coreVerticle); }); } diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java index f689619d..c71ec2b3 100644 --- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java +++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java @@ -50,8 +50,8 @@ import java.time.Instant; import java.util.*; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; +import com.uid2.shared.model.CloudEncryptionKey; import static com.uid2.shared.Const.Config.EnforceJwtProp; @@ -79,7 +79,7 @@ public class CoreVerticle extends AbstractVerticle { private final ISaltMetadataProvider saltMetadataProvider; private final IPartnerMetadataProvider partnerMetadataProvider; private final OperatorJWTTokenProvider operatorJWTTokenProvider; - private final RotatingS3KeyProvider s3KeyProvider; + private final RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider; public CoreVerticle(ICloudStorage cloudStorage, IAuthorizableProvider authProvider, @@ -88,7 +88,7 @@ public CoreVerticle(ICloudStorage cloudStorage, IEnclaveIdentifierProvider enclaveIdentifierProvider, OperatorJWTTokenProvider operatorJWTTokenProvider, JwtService jwtService, - RotatingS3KeyProvider s3KeyProvider) throws Exception { + RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) throws Exception { this.operatorJWTTokenProvider = operatorJWTTokenProvider; this.healthComponent.setHealthStatus(false, "not started"); @@ -98,7 +98,7 @@ public CoreVerticle(ICloudStorage cloudStorage, this.attestationTokenService = attestationTokenService; this.enclaveIdentifierProvider = enclaveIdentifierProvider; this.enclaveIdentifierProvider.addListener(this.attestationService); - this.s3KeyProvider = s3KeyProvider; + this.cloudEncryptionKeyProvider = cloudEncryptionKeyProvider; final String jwtAudience = ConfigStore.Global.get(Const.Config.CorePublicUrlProp); final String jwtIssuer = ConfigStore.Global.get(Const.Config.CorePublicUrlProp); @@ -178,7 +178,7 @@ private Router createRoutesSetup() { router.post("/attest") .handler(new AttestationFailureHandler()) .handler(auth.handle(this::handleAttestAsync, Role.OPERATOR, Role.OPTOUT_SERVICE)); - router.get("/s3encryption_keys/retrieve").handler(auth.handle(attestationMiddleware.handle(this::handleS3EncryptionKeysRetrieval), Role.OPERATOR)); + router.get("/cloud_encryption_keys/retrieve").handler(auth.handle(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), Role.OPERATOR)); router.get("/sites/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleSiteRefresh), Role.OPERATOR)); router.get("/key/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyRefresh), Role.OPERATOR)); router.get("/key/acl/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyAclRefresh), Role.OPERATOR)); @@ -609,24 +609,24 @@ private void handleEnclaveUnregister(RoutingContext rc) { handleEnclaveChange(rc, true); } - void handleS3EncryptionKeysRetrieval(RoutingContext rc) { + void handleCloudEncryptionKeysRetrieval(RoutingContext rc) { try { OperatorInfo info = OperatorInfo.getOperatorInfo(rc); int siteId = info.getSiteId(); - List s3Keys = s3KeyProvider.getKeys(siteId); + List cloudEncryptionKeys = cloudEncryptionKeyProvider.getKeys(siteId); - if (s3Keys == null || s3Keys.isEmpty()) { - Error("No S3 keys found", 500, rc, "No S3 keys found for siteId: " + siteId); + if (cloudEncryptionKeys == null || cloudEncryptionKeys.isEmpty()) { + Error("No Cloud Encryption keys found", 500, rc, "No Cloud Encryption keys found for siteId: " + siteId); return; } JsonObject response = new JsonObject() - .put("s3Keys", new JsonArray(s3Keys)); + .put("cloudEncryptionKeys", new JsonArray(cloudEncryptionKeys)); rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json") .end(response.encode()); } catch (Exception e) { - logger.error("Error in handleRefreshS3Keys: ", e); + logger.error("Error in handleRefreshCloudEncryptionKeys: ", e); Error("error", 500, rc, "error generating attestation token"); } } diff --git a/src/main/resources/com.uid2.core/test/s3encryption_keys/s3encryption_keys.json b/src/main/resources/com.uid2.core/test/cloud_encryption_keys/cloud_encryption_keys.json similarity index 100% rename from src/main/resources/com.uid2.core/test/s3encryption_keys/s3encryption_keys.json rename to src/main/resources/com.uid2.core/test/cloud_encryption_keys/cloud_encryption_keys.json diff --git a/src/main/resources/com.uid2.core/test/cloud_encryption_keys/metadata.json b/src/main/resources/com.uid2.core/test/cloud_encryption_keys/metadata.json new file mode 100644 index 00000000..af9de38c --- /dev/null +++ b/src/main/resources/com.uid2.core/test/cloud_encryption_keys/metadata.json @@ -0,0 +1,7 @@ +{ + "version": 1, + "generated": 1620253519, + "cloud_encryption_keys": { + "location": "/com.uid2.core/test/cloud_encryption_keys/cloud_encryption_keys.json" + } +} \ No newline at end of file diff --git a/src/main/resources/com.uid2.core/test/s3encryption_keys/metadata.json b/src/main/resources/com.uid2.core/test/s3encryption_keys/metadata.json deleted file mode 100644 index 4a667ec4..00000000 --- a/src/main/resources/com.uid2.core/test/s3encryption_keys/metadata.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "version": 1, - "generated": 1620253519, - "s3encryption_keys": { - "location": "/com.uid2.core/test/s3encryption_keys/s3encryption_keys.json" - } -} \ No newline at end of file diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index b29ce3a5..7f35f5a3 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -14,7 +14,7 @@ import com.uid2.shared.secure.AttestationFailure; import com.uid2.shared.secure.AttestationResult; import com.uid2.shared.secure.ICoreAttestationService; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import io.vertx.core.*; import io.vertx.core.buffer.Buffer; import io.vertx.core.json.JsonArray; @@ -24,8 +24,6 @@ import io.vertx.junit5.VertxExtension; import io.vertx.junit5.VertxTestContext; -import static com.uid2.core.service.KeyMetadataProvider.KeysMetadataPathName; -import static com.uid2.shared.Const.Config.KeysetsMetadataPathProp; import static org.junit.jupiter.api.Assertions.*; import org.junit.jupiter.api.BeforeEach; @@ -49,7 +47,7 @@ import java.util.*; import java.util.concurrent.Callable; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.model.CloudEncryptionKey; import java.util.Arrays; import static org.mockito.Mockito.*; @@ -71,7 +69,7 @@ public class TestCoreVerticle { @Mock private JwtService jwtService; @Mock - private RotatingS3KeyProvider s3KeyProvider; + private RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider; private AttestationService attestationService; @@ -118,7 +116,7 @@ void deployVerticle(TestInfo info, Vertx vertx, VertxTestContext testContext) th } }); - CoreVerticle verticle = new CoreVerticle(cloudStorage, authProvider, attestationService, attestationTokenService, enclaveIdentifierProvider, operatorJWTTokenProvider, jwtService, s3KeyProvider); + CoreVerticle verticle = new CoreVerticle(cloudStorage, authProvider, attestationService, attestationTokenService, enclaveIdentifierProvider, operatorJWTTokenProvider, jwtService, cloudEncryptionKeyProvider); vertx.deployVerticle(verticle, testContext.succeeding(id -> testContext.completeNow())); } @@ -641,7 +639,7 @@ void wrongMethodForEndpoint(Vertx vertx, VertxTestContext testContext) { @Test void wrongMethodForEndpointS3(Vertx vertx, VertxTestContext testContext) { - post(vertx, "/s3encryption_keys/retrieve", makeAttestationRequestJson(null, null), ar -> { + post(vertx, "/cloud_encryption_keys/retrieve", makeAttestationRequestJson(null, null), ar -> { try { HttpResponse response = ar.result(); assertEquals(405, response.statusCode()); @@ -655,7 +653,7 @@ void wrongMethodForEndpointS3(Vertx vertx, VertxTestContext testContext) { @Tag("dontForceJwt") @Test - void s3encryptionKeyRetrieveSuccess(Vertx vertx, VertxTestContext testContext) { + void cloudEncryptionKeyRetrieveSuccess(Vertx vertx, VertxTestContext testContext) { fakeAuth(attestationProtocolPublic, Role.OPERATOR); addAttestationProvider(attestationProtocolPublic); onHandleAttestationRequest(() -> { @@ -663,29 +661,29 @@ void s3encryptionKeyRetrieveSuccess(Vertx vertx, VertxTestContext testContext) { return Future.succeededFuture(new AttestationResult(resultPublicKey, "test")); }); - S3Key key = new S3Key(1, 88, 1687635529, 1687808329, "newSecret"); + CloudEncryptionKey key = new CloudEncryptionKey(1, 88, 1687635529, 1687808329, "newSecret"); - List keys = Arrays.asList(key); - when(s3KeyProvider.getKeys(88)).thenReturn(keys); + List keys = Arrays.asList(key); + when(cloudEncryptionKeyProvider.getKeys(88)).thenReturn(keys); - get(vertx, "s3encryption_keys/retrieve", ar -> { + get(vertx, "cloud_encryption_keys/retrieve", ar -> { try { if (ar.succeeded()) { HttpResponse response = ar.result(); assertEquals(200, response.statusCode()); JsonObject json = response.bodyAsJsonObject(); - JsonArray s3KeysArray = json.getJsonArray("s3Keys"); + JsonArray cloudEncryptionKeysArray = json.getJsonArray("cloudEncryptionKeys"); - assertNotNull(s3KeysArray); - assertEquals(1, s3KeysArray.size()); + assertNotNull( cloudEncryptionKeysArray); + assertEquals(1, cloudEncryptionKeysArray.size()); - JsonObject s3KeyJson = s3KeysArray.getJsonObject(0); - assertEquals(1, s3KeyJson.getInteger("id")); - assertEquals(88, s3KeyJson.getInteger("siteId")); - assertEquals(1687635529, s3KeyJson.getLong("activates")); - assertEquals(1687808329, s3KeyJson.getLong("created")); - assertEquals("newSecret", s3KeyJson.getString("secret")); + JsonObject cloudEncryptionKeyJson = cloudEncryptionKeysArray.getJsonObject(0); + assertEquals(1, cloudEncryptionKeyJson.getInteger("id")); + assertEquals(88, cloudEncryptionKeyJson.getInteger("siteId")); + assertEquals(1687635529, cloudEncryptionKeyJson.getLong("activates")); + assertEquals(1687808329, cloudEncryptionKeyJson.getLong("created")); + assertEquals("newSecret", cloudEncryptionKeyJson.getString("secret")); testContext.completeNow(); } else { @@ -700,7 +698,7 @@ void s3encryptionKeyRetrieveSuccess(Vertx vertx, VertxTestContext testContext) { @Tag("dontForceJwt") @Test - void s3encryptionKeyRetrieveSuccessWithThreeKeys(Vertx vertx, VertxTestContext testContext) { + void cloudEncryptionencryptionKeyRetrieveSuccessWithThreeKeys(Vertx vertx, VertxTestContext testContext) { fakeAuth(attestationProtocolPublic, Role.OPERATOR); addAttestationProvider(attestationProtocolPublic); onHandleAttestationRequest(() -> { @@ -708,33 +706,33 @@ void s3encryptionKeyRetrieveSuccessWithThreeKeys(Vertx vertx, VertxTestContext t return Future.succeededFuture(new AttestationResult(resultPublicKey, "test")); }); - // Create 3 S3Key objects - S3Key key1 = new S3Key(1, 88, 1687635529, 1687808329, "secret1"); - S3Key key2 = new S3Key(2, 88, 1687635530, 1687808330, "secret2"); - S3Key key3 = new S3Key(3, 88, 1687635531, 1687808331, "secret3"); + // Create 3 CloudEncryptionKey objects + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 88, 1687635529, 1687808329, "secret1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 88, 1687635530, 1687808330, "secret2"); + CloudEncryptionKey key3 = new CloudEncryptionKey(3, 88, 1687635531, 1687808331, "secret3"); - List keys = Arrays.asList(key1, key2, key3); - when(s3KeyProvider.getKeys(88)).thenReturn(keys); + List keys = Arrays.asList(key1, key2, key3); + when(cloudEncryptionKeyProvider.getKeys(88)).thenReturn(keys); - get(vertx, "s3encryption_keys/retrieve", ar -> { + get(vertx, "cloud_encryption_keys/retrieve", ar -> { try { if (ar.succeeded()) { HttpResponse response = ar.result(); assertEquals(200, response.statusCode()); JsonObject json = response.bodyAsJsonObject(); - JsonArray s3KeysArray = json.getJsonArray("s3Keys"); + JsonArray cloudEncryptionKeysArray = json.getJsonArray("cloudEncryptionKeys"); - assertNotNull(s3KeysArray); - assertEquals(3, s3KeysArray.size()); + assertNotNull(cloudEncryptionKeysArray); + assertEquals(3, cloudEncryptionKeysArray.size()); for (int i = 0; i < 3; i++) { - JsonObject s3KeyJson = s3KeysArray.getJsonObject(i); - assertEquals(i + 1, s3KeyJson.getInteger("id")); - assertEquals(88, s3KeyJson.getInteger("siteId")); - assertEquals(1687635529 + i, s3KeyJson.getLong("activates")); - assertEquals(1687808329 + i, s3KeyJson.getLong("created")); - assertEquals("secret" + (i + 1), s3KeyJson.getString("secret")); + JsonObject cloudEncryptionKeyJson = cloudEncryptionKeysArray.getJsonObject(i); + assertEquals(i + 1, cloudEncryptionKeyJson.getInteger("id")); + assertEquals(88, cloudEncryptionKeyJson.getInteger("siteId")); + assertEquals(1687635529 + i, cloudEncryptionKeyJson.getLong("activates")); + assertEquals(1687808329 + i, cloudEncryptionKeyJson.getLong("created")); + assertEquals("secret" + (i + 1), cloudEncryptionKeyJson.getString("secret")); } testContext.completeNow(); @@ -749,7 +747,7 @@ void s3encryptionKeyRetrieveSuccessWithThreeKeys(Vertx vertx, VertxTestContext t @Tag("dontForceJwt") @Test - void s3encryptionKeyRetrieveNoKeysOrError(Vertx vertx, VertxTestContext testContext) { + void cloudEncryptionKeyRetrieveNoKeysOrError(Vertx vertx, VertxTestContext testContext) { fakeAuth(attestationProtocolPublic, Role.OPERATOR); addAttestationProvider(attestationProtocolPublic); onHandleAttestationRequest(() -> { @@ -758,22 +756,22 @@ void s3encryptionKeyRetrieveNoKeysOrError(Vertx vertx, VertxTestContext testCont }); // Test case 1: No keys found - when(s3KeyProvider.getKeys(anyInt())).thenReturn(Collections.emptyList()); + when(cloudEncryptionKeyProvider.getKeys(anyInt())).thenReturn(Collections.emptyList()); - get(vertx, "s3encryption_keys/retrieve", ar -> { + get(vertx, "cloud_encryption_keys/retrieve", ar -> { try { if (ar.succeeded()) { HttpResponse response = ar.result(); assertEquals(500, response.statusCode()); JsonObject json = response.bodyAsJsonObject(); - assertEquals("No S3 keys found", json.getString("status")); - assertTrue(json.getString("message").contains("No S3 keys found for siteId:")); + assertEquals("No Cloud Encryption keys found", json.getString("status")); + assertTrue(json.getString("message").contains("No Cloud Encryption keys found for siteId:")); // Test case 2: Exception thrown - when(s3KeyProvider.getKeys(anyInt())).thenThrow(new RuntimeException("Test exception")); + when(cloudEncryptionKeyProvider.getKeys(anyInt())).thenThrow(new RuntimeException("Test exception")); - get(vertx, "s3encryption_keys/retrieve", ar2 -> { + get(vertx, "cloud_encryption_keys/retrieve", ar2 -> { if (ar2.succeeded()) { HttpResponse response2 = ar2.result(); assertEquals(500, response2.statusCode()); diff --git a/src/test/resources/com.uid2.core/model/test-config.json b/src/test/resources/com.uid2.core/model/test-config.json index f8d66eef..40d3e07a 100644 --- a/src/test/resources/com.uid2.core/model/test-config.json +++ b/src/test/resources/com.uid2.core/model/test-config.json @@ -23,5 +23,5 @@ "att_token_enc_salt": "", "att_token_lifetime_seconds": 120, "provide_private_site_data": true, - "s3_keys_metadata_path": "s3encryption_keys/metadata.json" + "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json" } From aba597613769d9f71c028a88099cc9af25a75117 Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Fri, 22 Nov 2024 12:12:39 -0700 Subject: [PATCH 55/60] Moving support version to 9999 --- conf/default-config.json | 2 +- conf/integ-config.json | 2 +- conf/local-config.json | 2 +- conf/local-e2e-config.json | 2 +- conf/local-e2e-docker-config.json | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/default-config.json b/conf/default-config.json index 5edf5261..5851e70c 100644 --- a/conf/default-config.json +++ b/conf/default-config.json @@ -18,5 +18,5 @@ "att_token_enc_salt": null, "enforceJwt": false, "cloud_encryption_keys_metadata_path": null, - "encryption_support_version": "5" + "encryption_support_version": "9999" } diff --git a/conf/integ-config.json b/conf/integ-config.json index 459d8ce0..8432bc22 100644 --- a/conf/integ-config.json +++ b/conf/integ-config.json @@ -19,5 +19,5 @@ "salts_metadata_path": "uid2/salts/metadata.json", "enforceJwt": false, "cloud_encryption_keys_metadata_path": "uid2/cloud_encryption_keys/metadata.json", - "encryption_support_version": "5" + "encryption_support_version": "9999" } \ No newline at end of file diff --git a/conf/local-config.json b/conf/local-config.json index b3cd7877..6e119b8a 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -20,5 +20,5 @@ "provide_private_site_data": true, "enforceJwt": false, "cloud_encryption_keys_metadata_path": "/com.uid2.core/test/cloud_encryption_keys/metadata.json", - "encryption_support_version": "5" + "encryption_support_version": "9999" } diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json index 7d630ba8..d34b5946 100644 --- a/conf/local-e2e-config.json +++ b/conf/local-e2e-config.json @@ -35,5 +35,5 @@ "optout_url": "http://localhost:8081", "s3_keys_metadata_path": "s3encryption_keys/metadata.json", "cloud_keys_metadata_path": "cloud_encryption_keys/metadata.json", - "encryption_support_version": "5" + "encryption_support_version": "9999" } diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index 181d5f14..a30ded3a 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -33,5 +33,5 @@ "core_public_url": "http://core:8088", "optout_url": "http://optout:8081", "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json", - "encryption_support_version": "5" + "encryption_support_version": "9999" } From 3d9a2a3e5bf1f204eae85729816ffdc12dd7625d Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Fri, 22 Nov 2024 19:18:50 +0000 Subject: [PATCH 56/60] [CI Pipeline] Released Snapshot version: 2.21.1-alpha-61-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 39d21988..18762abe 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.21.0 + 2.21.1-alpha-61-SNAPSHOT UTF-8 From 1f4801ff80cc4fd831d16475b200b5844e9c209f Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Mon, 25 Nov 2024 17:39:30 +0000 Subject: [PATCH 57/60] [CI Pipeline] Released Snapshot version: 2.21.8-alpha-63-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 93c34c0a..505603a0 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.21.7 + 2.21.8-alpha-63-SNAPSHOT UTF-8 From fec327f43b9b607880df3bf86a0fbe080efe5dfd Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Mon, 25 Nov 2024 13:43:22 -0700 Subject: [PATCH 58/60] removing log message that will appear too much --- src/main/java/com/uid2/core/util/OperatorInfo.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/com/uid2/core/util/OperatorInfo.java b/src/main/java/com/uid2/core/util/OperatorInfo.java index bf5e5fff..091853c2 100644 --- a/src/main/java/com/uid2/core/util/OperatorInfo.java +++ b/src/main/java/com/uid2/core/util/OperatorInfo.java @@ -68,7 +68,6 @@ static boolean supportsEncryption(RoutingContext rc) { return isSupported; } } - logger.warn("No operator version found in AppVersion header."); return false; } From bd1fa80b232093350b776521f9c15c8fcd52859b Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Mon, 25 Nov 2024 16:02:01 -0700 Subject: [PATCH 59/60] updating operator version for workspace --- conf/local-e2e-config.json | 2 +- conf/local-e2e-docker-config.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json index d34b5946..fec4459f 100644 --- a/conf/local-e2e-config.json +++ b/conf/local-e2e-config.json @@ -35,5 +35,5 @@ "optout_url": "http://localhost:8081", "s3_keys_metadata_path": "s3encryption_keys/metadata.json", "cloud_keys_metadata_path": "cloud_encryption_keys/metadata.json", - "encryption_support_version": "9999" + "encryption_support_version": "6.0.0" } diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index a30ded3a..cc9bb3ac 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -33,5 +33,5 @@ "core_public_url": "http://core:8088", "optout_url": "http://optout:8081", "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json", - "encryption_support_version": "9999" + "encryption_support_version": "6.0.0" } From 9f2105ea0bfa0bf7c700ebf26c1cd8c3077497b0 Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Mon, 2 Dec 2024 11:12:19 -0700 Subject: [PATCH 60/60] Fix bad indent --- src/test/java/com/uid2/core/vertx/TestCoreVerticle.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java index df14a5dc..dc271e95 100644 --- a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java +++ b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java @@ -776,9 +776,9 @@ void cloudEncryptionKeyRetrieveNoKeysOrError(Vertx vertx, VertxTestContext testC HttpResponse response2 = ar2.result(); assertEquals(500, response2.statusCode()); - JsonObject json2 = response2.bodyAsJsonObject(); - assertEquals("error", json2.getString("status")); - assertEquals("error generating attestation token", json2.getString("message")); + JsonObject json2 = response2.bodyAsJsonObject(); + assertEquals("error", json2.getString("status")); + assertEquals("error generating attestation token", json2.getString("message")); testContext.completeNow(); } else {