Merge pull request #201 from IABTechLab/jon-UID2-1819-solve-negative-…

…keyset-ids

src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java

@@ -81,7 +81,7 @@ public class UIDOperatorVerticle extends AbstractVerticle {
     public static final byte[] ValidationInputPhoneHash = EncodingUtils.getSha256Bytes(ValidationInputPhone);
 
     public static final long MAX_REQUEST_BODY_SIZE = 1 << 20; // 1MB
-    private static DateTimeFormatter APIDateTimeFormatter = DateTimeFormatter.ISO_LOCAL_DATE_TIME.withZone(ZoneId.of("UTC"));
+    private static final DateTimeFormatter APIDateTimeFormatter = DateTimeFormatter.ISO_LOCAL_DATE_TIME.withZone(ZoneId.of("UTC"));
 
     private static final String REQUEST = "request";
     private static final String LINK_ID = "link_id";
@@ -109,12 +109,14 @@ public class UIDOperatorVerticle extends AbstractVerticle {
     private Handler<RoutingContext> disableHandler = null;
     private final boolean phoneSupport;
     private final int tcfVendorId;
-    private IStatsCollectorQueue _statsCollectorQueue;
+    private final IStatsCollectorQueue _statsCollectorQueue;
     private final KeyManager keyManager;
     private final boolean checkServiceLinkIdForIdentityMap;
     private final String privateLinkId;
 
     private final boolean cstgDoDomainNameCheck;
+    public final static int MASTER_KEYSET_ID_FOR_SDKS = 9999999; //this is because SDKs have an issue where they assume keyset ids are always positive; that will be fixed.
+
 
     public UIDOperatorVerticle(JsonObject config,
                                boolean clientSideTokenGenerate,
@@ -512,7 +514,6 @@ public void handleKeysSharing(RoutingContext rc) {
             final JsonArray keys = new JsonArray();
 
             KeyManagerSnapshot keyManagerSnapshot = this.keyManager.getKeyManagerSnapshot(clientKey.getSiteId());
-            KeysetKey masterKey = keyManagerSnapshot.getMasterKey();
             List<KeysetKey> keysetKeyStore = keyManagerSnapshot.getKeysetKeys();
             Map<Integer, Keyset> keysetMap = keyManagerSnapshot.getAllKeysets();
             KeysetSnapshot keysetSnapshot = keyManagerSnapshot.getKeysetSnapshot();
@@ -528,7 +529,7 @@ public void handleKeysSharing(RoutingContext rc) {
 
             final JsonObject resp = new JsonObject();
             resp.put("caller_site_id", clientKey.getSiteId());
-            resp.put("master_keyset_id", masterKey.getKeysetId());
+            resp.put("master_keyset_id", MASTER_KEYSET_ID_FOR_SDKS);
             if (defaultKeyset != null) {
                 resp.put("default_keyset_id", defaultKeyset.getKeysetId());
             }
@@ -544,8 +545,10 @@ public void handleKeysSharing(RoutingContext rc) {
 
                 if (keyset == null || !keyset.isEnabled()) {
                     continue;
-                } else if (clientKey.getSiteId() == keyset.getSiteId() || key.getKeysetId() == Data.MasterKeysetId) {
+                } else if (clientKey.getSiteId() == keyset.getSiteId()) {
                     keyObj.put("keyset_id", key.getKeysetId());
+                } else if (key.getKeysetId() == Data.MasterKeysetId) {
+                    keyObj.put("keyset_id", MASTER_KEYSET_ID_FOR_SDKS);
                 } else if (!keysetSnapshot.canClientAccessKey(clientKey, key, mode)) {
                     continue;
                 }

src/main/resources/com.uid2.core/test/keysets/keysets.json

@@ -1,92 +1,150 @@
 [
   {
-    "keyset_id": -1,
-    "site_id": -1,
-    "name": "Master keyset",
-    "allowed_sites": [-1, -2, 2, 3, 4, 5, 6, 7, 8],
+    "allowed_sites": [
+      -1,
+      -2,
+      2,
+      3,
+      4,
+      5,
+      6,
+      7,
+      8
+    ],
     "created": 1617149276,
+    "default": true,
     "enabled": true,
-    "default": true
+    "keyset_id": -1,
+    "name": "Master keyset",
+    "site_id": -1
   },
   {
-    "keyset_id": -2,
-    "site_id": -2,
-    "name": "Refresh keyset",
-    "allowed_sites": [-1, -2, 2, 3, 4, 5, 6, 7, 8],
+    "allowed_sites": [
+      -1,
+      -2,
+      2,
+      3,
+      4,
+      5,
+      6,
+      7,
+      8
+    ],
     "created": 1617149276,
+    "default": true,
     "enabled": true,
-    "default": true
+    "keyset_id": -2,
+    "name": "Refresh keyset",
+    "site_id": -2
   },
   {
-    "keyset_id": 2,
-    "site_id": 2,
-    "name": "Publisher keyset",
-    "allowed_sites": [-1, -2, 2, 3, 4, 5, 6, 7, 8],
+    "allowed_sites": [
+      -1,
+      -2,
+      2,
+      3,
+      4,
+      5,
+      6,
+      7,
+      8
+    ],
     "created": 1617149276,
+    "default": true,
     "enabled": true,
-    "default": true
+    "keyset_id": 2,
+    "name": "Publisher keyset",
+    "site_id": 2
   },
   {
-    "keyset_id": 501,
-    "site_id": 5,
-    "name": "My keyset #5-1",
-    "allowed_sites": [2, 3, 4],
+    "allowed_sites": [
+      2,
+      3,
+      4
+    ],
     "created": 1617149276,
+    "default": true,
     "enabled": true,
-    "default": false
+    "keyset_id": 501,
+    "name": "My keyset #123-1",
+    "site_id": 123
   },
   {
-    "keyset_id": 502,
-    "site_id": 5,
-    "name": "My keyset #5-2",
-    "allowed_sites": [2, 3, 4],
+    "allowed_sites": [
+      2,
+      3,
+      4
+    ],
     "created": 1617149276,
+    "default": false,
     "enabled": true,
-    "default": true
+    "keyset_id": 502,
+    "name": "My keyset #123-2",
+    "site_id": 123
   },
   {
-    "keyset_id": 503,
-    "site_id": 5,
-    "name": "My keyset #5-3",
-    "allowed_sites": [2, 3, 4],
+    "allowed_sites": [
+      2,
+      3,
+      4
+    ],
     "created": 1617149276,
+    "default": false,
     "enabled": false,
-    "default": false
+    "keyset_id": 503,
+    "name": "My keyset #5-3",
+    "site_id": 5
   },
   {
-    "keyset_id": 601,
-    "site_id": 6,
-    "name": "My keyset #6-1",
-    "allowed_sites": [2, 3, 4],
+    "allowed_sites": [
+      2,
+      3,
+      4
+    ],
     "created": 1617149276,
+    "default": true,
     "enabled": true,
-    "default": true
+    "keyset_id": 601,
+    "name": "My keyset #6-1",
+    "site_id": 6
   },
   {
-    "keyset_id": 602,
-    "site_id": 6,
-    "name": "My keyset #6-2",
-    "allowed_sites": [2, 3, 4],
+    "allowed_sites": [
+      2,
+      3,
+      4
+    ],
     "created": 1617149276,
+    "default": false,
     "enabled": true,
-    "default": false
+    "keyset_id": 602,
+    "name": "My keyset #6-2",
+    "site_id": 6
   },
   {
-    "keyset_id": 701,
-    "site_id": 7,
-    "name": "My keyset #7",
-    "allowed_sites": [2, 3, 4],
+    "allowed_sites": [
+      2,
+      3,
+      4
+    ],
     "created": 1617149276,
+    "default": true,
     "enabled": true,
-    "default": true
+    "keyset_id": 701,
+    "name": "My keyset #7",
+    "site_id": 7
   },
   {
-    "keyset_id": 801,
-    "site_id": 8,
-    "name": "My keyset #5",
-    "allowed_sites": [2, 3, 4],
+    "allowed_sites": [
+      2,
+      3,
+      4
+    ],
     "created": 1617149276,
+    "default": true,
     "enabled": true,
-    "default": true
+    "keyset_id": 801,
+    "name": "My keyset #5",
+    "site_id": 8
   }
 ]

src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java

@@ -406,7 +406,7 @@ private void checkEncryptionKeysResponse(JsonObject response, KeysetKey... expec
         }
     }
 
-    private void checkEncryptionKeysSharing(JsonObject response, int siteId, KeysetKey... expectedKeys) {
+    private void checkEncryptionKeysSharing(JsonObject response, int callersSiteId, KeysetKey... expectedKeys) {
         assertEquals("success", response.getString("status"));
         final JsonArray responseKeys = response.getJsonObject("body").getJsonArray("keys");
         assertNotNull(responseKeys);
@@ -419,15 +419,19 @@ private void checkEncryptionKeysSharing(JsonObject response, int siteId, KeysetK
             assertEquals(expectedKey.getCreated().truncatedTo(ChronoUnit.SECONDS), Instant.ofEpochSecond(actualKey.getLong("created")));
             assertEquals(expectedKey.getActivates().truncatedTo(ChronoUnit.SECONDS), Instant.ofEpochSecond(actualKey.getLong("activates")));
             assertEquals(expectedKey.getExpires().truncatedTo(ChronoUnit.SECONDS), Instant.ofEpochSecond(actualKey.getLong("expires")));
-            Keyset keyset = this.keysetProvider.getSnapshot().getKeyset(expectedKey.getKeysetId());
-            assertNotNull(keyset);
-            assertTrue(keyset.isEnabled());
-            if (keyset.getSiteId() == siteId) {
-                assertEquals(expectedKey.getKeysetId(), actualKey.getInteger("keyset_id"));
-            } else if (keyset.getSiteId() == MasterKeySiteId) {
-                assertEquals(expectedKey.getKeysetId(), actualKey.getInteger("keyset_id"));
+
+            Keyset expectedKeyset = this.keysetProvider.getSnapshot().getKeyset(expectedKey.getKeysetId());
+            assertNotNull(expectedKeyset);
+            assertTrue(expectedKeyset.isEnabled());
+
+            final var actualKeysetId = actualKey.getInteger("keyset_id");
+            assertTrue(actualKeysetId == null || actualKeysetId > 0); //SDKs currently have an assumption that keyset ids are positive; that will be fixed.
+            if (expectedKeyset.getSiteId() == callersSiteId) {
+                assertEquals(expectedKey.getKeysetId(), actualKeysetId);
+            } else if (expectedKeyset.getSiteId() == MasterKeySiteId) {
+                assertEquals(UIDOperatorVerticle.MASTER_KEYSET_ID_FOR_SDKS, actualKeysetId);
             } else {
-                assertNull(actualKey.getInteger("keyset_id"));
+                assertNull(actualKeysetId); //we only send keyset ids if the caller is allowed to encrypt using that keyset (so only the caller's keysets and the master keyset)
             }
         }
     }
@@ -3473,7 +3477,7 @@ void keySharingKeysets_IDREADER(Vertx vertx, VertxTestContext testContext) {
             System.out.println(respJson);
             assertEquals("success", respJson.getString("status"));
             assertEquals(clientSiteId, respJson.getJsonObject("body").getInteger("caller_site_id"));
-            assertEquals(MasterKeysetId, respJson.getJsonObject("body").getInteger("master_keyset_id"));
+            assertEquals(UIDOperatorVerticle.MASTER_KEYSET_ID_FOR_SDKS, respJson.getJsonObject("body").getInteger("master_keyset_id"));
             assertEquals(4, respJson.getJsonObject("body").getInteger("default_keyset_id"));
             checkEncryptionKeysSharing(respJson, clientSiteId, expectedKeys);
             testContext.completeNow();
@@ -3520,7 +3524,7 @@ void keySharingKeysets_SHARER(Vertx vertx, VertxTestContext testContext) {
             System.out.println(respJson);
             assertEquals("success", respJson.getString("status"));
             assertEquals(clientSiteId, respJson.getJsonObject("body").getInteger("caller_site_id"));
-            assertEquals(MasterKeysetId, respJson.getJsonObject("body").getInteger("master_keyset_id"));
+            assertEquals(UIDOperatorVerticle.MASTER_KEYSET_ID_FOR_SDKS, respJson.getJsonObject("body").getInteger("master_keyset_id"));
             assertEquals(4, respJson.getJsonObject("body").getInteger("default_keyset_id"));
             checkEncryptionKeysSharing(respJson, clientSiteId, expectedKeys);
             testContext.completeNow();
@@ -3597,7 +3601,7 @@ void keySharingKeysets_CorrectIDS(String testRun, Vertx vertx, VertxTestContext
         send(apiVersion, vertx, apiVersion + "/key/sharing", true, null, null, 200, respJson -> {
             System.out.println(respJson);
             assertEquals(clientSiteId, respJson.getJsonObject("body").getInteger("caller_site_id"));
-            assertEquals(MasterKeysetId, respJson.getJsonObject("body").getInteger("master_keyset_id"));
+            assertEquals(UIDOperatorVerticle.MASTER_KEYSET_ID_FOR_SDKS, respJson.getJsonObject("body").getInteger("master_keyset_id"));
 
             switch (testRun) {
                 case "NoKeyset":
@@ -3718,7 +3722,7 @@ void keySharingRotatingKeysets_IDREADER(String testRun, Vertx vertx, VertxTestCo
             System.out.println(respJson);
             assertEquals("success", respJson.getString("status"));
             assertEquals(clientSiteId, respJson.getJsonObject("body").getInteger("caller_site_id"));
-            assertEquals(MasterKeysetId, respJson.getJsonObject("body").getInteger("master_keyset_id"));
+            assertEquals(UIDOperatorVerticle.MASTER_KEYSET_ID_FOR_SDKS, respJson.getJsonObject("body").getInteger("master_keyset_id"));
             assertEquals(4, respJson.getJsonObject("body").getInteger("default_keyset_id"));
             checkEncryptionKeysSharing(respJson, clientSiteId, expectedKeys.toArray(new KeysetKey[0]));
             testContext.completeNow();