From 0ab01b3d17082566d9996d84d3132711727004b6 Mon Sep 17 00:00:00 2001 From: jon8787 <112368577+jon8787@users.noreply.github.com> Date: Wed, 6 Sep 2023 12:10:38 +1000 Subject: [PATCH 1/2] re-map master keyset id to a positive number for /key/sharing so that SDKs can handle it --- .../operator/vertx/UIDOperatorVerticle.java | 13 ++++---- .../operator/UIDOperatorVerticleTest.java | 30 +++++++++++-------- 2 files changed, 25 insertions(+), 18 deletions(-) diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java index 962816f96..53648b710 100644 --- a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java +++ b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java @@ -81,7 +81,7 @@ public class UIDOperatorVerticle extends AbstractVerticle { public static final byte[] ValidationInputPhoneHash = EncodingUtils.getSha256Bytes(ValidationInputPhone); public static final long MAX_REQUEST_BODY_SIZE = 1 << 20; // 1MB - private static DateTimeFormatter APIDateTimeFormatter = DateTimeFormatter.ISO_LOCAL_DATE_TIME.withZone(ZoneId.of("UTC")); + private static final DateTimeFormatter APIDateTimeFormatter = DateTimeFormatter.ISO_LOCAL_DATE_TIME.withZone(ZoneId.of("UTC")); private static final String REQUEST = "request"; private static final String LINK_ID = "link_id"; @@ -109,12 +109,14 @@ public class UIDOperatorVerticle extends AbstractVerticle { private Handler disableHandler = null; private final boolean phoneSupport; private final int tcfVendorId; - private IStatsCollectorQueue _statsCollectorQueue; + private final IStatsCollectorQueue _statsCollectorQueue; private final KeyManager keyManager; private final boolean checkServiceLinkIdForIdentityMap; private final String privateLinkId; private final boolean cstgDoDomainNameCheck; + public final static int MASTER_KEYSET_ID_FOR_SDKS = 9999999; //this is because SDKs have an issue where they assume keyset ids are always positive; that will be fixed. + public UIDOperatorVerticle(JsonObject config, boolean clientSideTokenGenerate, @@ -512,7 +514,6 @@ public void handleKeysSharing(RoutingContext rc) { final JsonArray keys = new JsonArray(); KeyManagerSnapshot keyManagerSnapshot = this.keyManager.getKeyManagerSnapshot(clientKey.getSiteId()); - KeysetKey masterKey = keyManagerSnapshot.getMasterKey(); List keysetKeyStore = keyManagerSnapshot.getKeysetKeys(); Map keysetMap = keyManagerSnapshot.getAllKeysets(); KeysetSnapshot keysetSnapshot = keyManagerSnapshot.getKeysetSnapshot(); @@ -528,7 +529,7 @@ public void handleKeysSharing(RoutingContext rc) { final JsonObject resp = new JsonObject(); resp.put("caller_site_id", clientKey.getSiteId()); - resp.put("master_keyset_id", masterKey.getKeysetId()); + resp.put("master_keyset_id", MASTER_KEYSET_ID_FOR_SDKS); if (defaultKeyset != null) { resp.put("default_keyset_id", defaultKeyset.getKeysetId()); } @@ -544,8 +545,10 @@ public void handleKeysSharing(RoutingContext rc) { if (keyset == null || !keyset.isEnabled()) { continue; - } else if (clientKey.getSiteId() == keyset.getSiteId() || key.getKeysetId() == Data.MasterKeysetId) { + } else if (clientKey.getSiteId() == keyset.getSiteId()) { keyObj.put("keyset_id", key.getKeysetId()); + } else if (key.getKeysetId() == Data.MasterKeysetId) { + keyObj.put("keyset_id", MASTER_KEYSET_ID_FOR_SDKS); } else if (!keysetSnapshot.canClientAccessKey(clientKey, key, mode)) { continue; } diff --git a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java index 2b06ab316..9a567eafd 100644 --- a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java +++ b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java @@ -406,7 +406,7 @@ private void checkEncryptionKeysResponse(JsonObject response, KeysetKey... expec } } - private void checkEncryptionKeysSharing(JsonObject response, int siteId, KeysetKey... expectedKeys) { + private void checkEncryptionKeysSharing(JsonObject response, int callersSiteId, KeysetKey... expectedKeys) { assertEquals("success", response.getString("status")); final JsonArray responseKeys = response.getJsonObject("body").getJsonArray("keys"); assertNotNull(responseKeys); @@ -419,15 +419,19 @@ private void checkEncryptionKeysSharing(JsonObject response, int siteId, KeysetK assertEquals(expectedKey.getCreated().truncatedTo(ChronoUnit.SECONDS), Instant.ofEpochSecond(actualKey.getLong("created"))); assertEquals(expectedKey.getActivates().truncatedTo(ChronoUnit.SECONDS), Instant.ofEpochSecond(actualKey.getLong("activates"))); assertEquals(expectedKey.getExpires().truncatedTo(ChronoUnit.SECONDS), Instant.ofEpochSecond(actualKey.getLong("expires"))); - Keyset keyset = this.keysetProvider.getSnapshot().getKeyset(expectedKey.getKeysetId()); - assertNotNull(keyset); - assertTrue(keyset.isEnabled()); - if (keyset.getSiteId() == siteId) { - assertEquals(expectedKey.getKeysetId(), actualKey.getInteger("keyset_id")); - } else if (keyset.getSiteId() == MasterKeySiteId) { - assertEquals(expectedKey.getKeysetId(), actualKey.getInteger("keyset_id")); + + Keyset expectedKeyset = this.keysetProvider.getSnapshot().getKeyset(expectedKey.getKeysetId()); + assertNotNull(expectedKeyset); + assertTrue(expectedKeyset.isEnabled()); + + final var actualKeysetId = actualKey.getInteger("keyset_id"); + assertTrue(actualKeysetId == null || actualKeysetId > 0); //SDKs currently have an assumption that keyset ids are positive; that will be fixed. + if (expectedKeyset.getSiteId() == callersSiteId) { + assertEquals(expectedKey.getKeysetId(), actualKeysetId); + } else if (expectedKeyset.getSiteId() == MasterKeySiteId) { + assertEquals(UIDOperatorVerticle.MASTER_KEYSET_ID_FOR_SDKS, actualKeysetId); } else { - assertNull(actualKey.getInteger("keyset_id")); + assertNull(actualKeysetId); //we only send keyset ids if the caller is allowed to encrypt using that keyset (so only the caller's keysets and the master keyset) } } } @@ -3473,7 +3477,7 @@ void keySharingKeysets_IDREADER(Vertx vertx, VertxTestContext testContext) { System.out.println(respJson); assertEquals("success", respJson.getString("status")); assertEquals(clientSiteId, respJson.getJsonObject("body").getInteger("caller_site_id")); - assertEquals(MasterKeysetId, respJson.getJsonObject("body").getInteger("master_keyset_id")); + assertEquals(UIDOperatorVerticle.MASTER_KEYSET_ID_FOR_SDKS, respJson.getJsonObject("body").getInteger("master_keyset_id")); assertEquals(4, respJson.getJsonObject("body").getInteger("default_keyset_id")); checkEncryptionKeysSharing(respJson, clientSiteId, expectedKeys); testContext.completeNow(); @@ -3520,7 +3524,7 @@ void keySharingKeysets_SHARER(Vertx vertx, VertxTestContext testContext) { System.out.println(respJson); assertEquals("success", respJson.getString("status")); assertEquals(clientSiteId, respJson.getJsonObject("body").getInteger("caller_site_id")); - assertEquals(MasterKeysetId, respJson.getJsonObject("body").getInteger("master_keyset_id")); + assertEquals(UIDOperatorVerticle.MASTER_KEYSET_ID_FOR_SDKS, respJson.getJsonObject("body").getInteger("master_keyset_id")); assertEquals(4, respJson.getJsonObject("body").getInteger("default_keyset_id")); checkEncryptionKeysSharing(respJson, clientSiteId, expectedKeys); testContext.completeNow(); @@ -3597,7 +3601,7 @@ void keySharingKeysets_CorrectIDS(String testRun, Vertx vertx, VertxTestContext send(apiVersion, vertx, apiVersion + "/key/sharing", true, null, null, 200, respJson -> { System.out.println(respJson); assertEquals(clientSiteId, respJson.getJsonObject("body").getInteger("caller_site_id")); - assertEquals(MasterKeysetId, respJson.getJsonObject("body").getInteger("master_keyset_id")); + assertEquals(UIDOperatorVerticle.MASTER_KEYSET_ID_FOR_SDKS, respJson.getJsonObject("body").getInteger("master_keyset_id")); switch (testRun) { case "NoKeyset": @@ -3718,7 +3722,7 @@ void keySharingRotatingKeysets_IDREADER(String testRun, Vertx vertx, VertxTestCo System.out.println(respJson); assertEquals("success", respJson.getString("status")); assertEquals(clientSiteId, respJson.getJsonObject("body").getInteger("caller_site_id")); - assertEquals(MasterKeysetId, respJson.getJsonObject("body").getInteger("master_keyset_id")); + assertEquals(UIDOperatorVerticle.MASTER_KEYSET_ID_FOR_SDKS, respJson.getJsonObject("body").getInteger("master_keyset_id")); assertEquals(4, respJson.getJsonObject("body").getInteger("default_keyset_id")); checkEncryptionKeysSharing(respJson, clientSiteId, expectedKeys.toArray(new KeysetKey[0])); testContext.completeNow(); From 30c78bbeb9f6a7a337332527f9b560a3661fab8d Mon Sep 17 00:00:00 2001 From: jon8787 <112368577+jon8787@users.noreply.github.com> Date: Wed, 6 Sep 2023 13:09:37 +1000 Subject: [PATCH 2/2] modify keysets so we can actually test encryption/decryption using the client SDKs --- .../com.uid2.core/test/keysets/keysets.json | 158 ++++++++++++------ 1 file changed, 108 insertions(+), 50 deletions(-) diff --git a/src/main/resources/com.uid2.core/test/keysets/keysets.json b/src/main/resources/com.uid2.core/test/keysets/keysets.json index 19cb72ba7..f5e5b29ab 100644 --- a/src/main/resources/com.uid2.core/test/keysets/keysets.json +++ b/src/main/resources/com.uid2.core/test/keysets/keysets.json @@ -1,92 +1,150 @@ [ { - "keyset_id": -1, - "site_id": -1, - "name": "Master keyset", - "allowed_sites": [-1, -2, 2, 3, 4, 5, 6, 7, 8], + "allowed_sites": [ + -1, + -2, + 2, + 3, + 4, + 5, + 6, + 7, + 8 + ], "created": 1617149276, + "default": true, "enabled": true, - "default": true + "keyset_id": -1, + "name": "Master keyset", + "site_id": -1 }, { - "keyset_id": -2, - "site_id": -2, - "name": "Refresh keyset", - "allowed_sites": [-1, -2, 2, 3, 4, 5, 6, 7, 8], + "allowed_sites": [ + -1, + -2, + 2, + 3, + 4, + 5, + 6, + 7, + 8 + ], "created": 1617149276, + "default": true, "enabled": true, - "default": true + "keyset_id": -2, + "name": "Refresh keyset", + "site_id": -2 }, { - "keyset_id": 2, - "site_id": 2, - "name": "Publisher keyset", - "allowed_sites": [-1, -2, 2, 3, 4, 5, 6, 7, 8], + "allowed_sites": [ + -1, + -2, + 2, + 3, + 4, + 5, + 6, + 7, + 8 + ], "created": 1617149276, + "default": true, "enabled": true, - "default": true + "keyset_id": 2, + "name": "Publisher keyset", + "site_id": 2 }, { - "keyset_id": 501, - "site_id": 5, - "name": "My keyset #5-1", - "allowed_sites": [2, 3, 4], + "allowed_sites": [ + 2, + 3, + 4 + ], "created": 1617149276, + "default": true, "enabled": true, - "default": false + "keyset_id": 501, + "name": "My keyset #123-1", + "site_id": 123 }, { - "keyset_id": 502, - "site_id": 5, - "name": "My keyset #5-2", - "allowed_sites": [2, 3, 4], + "allowed_sites": [ + 2, + 3, + 4 + ], "created": 1617149276, + "default": false, "enabled": true, - "default": true + "keyset_id": 502, + "name": "My keyset #123-2", + "site_id": 123 }, { - "keyset_id": 503, - "site_id": 5, - "name": "My keyset #5-3", - "allowed_sites": [2, 3, 4], + "allowed_sites": [ + 2, + 3, + 4 + ], "created": 1617149276, + "default": false, "enabled": false, - "default": false + "keyset_id": 503, + "name": "My keyset #5-3", + "site_id": 5 }, { - "keyset_id": 601, - "site_id": 6, - "name": "My keyset #6-1", - "allowed_sites": [2, 3, 4], + "allowed_sites": [ + 2, + 3, + 4 + ], "created": 1617149276, + "default": true, "enabled": true, - "default": true + "keyset_id": 601, + "name": "My keyset #6-1", + "site_id": 6 }, { - "keyset_id": 602, - "site_id": 6, - "name": "My keyset #6-2", - "allowed_sites": [2, 3, 4], + "allowed_sites": [ + 2, + 3, + 4 + ], "created": 1617149276, + "default": false, "enabled": true, - "default": false + "keyset_id": 602, + "name": "My keyset #6-2", + "site_id": 6 }, { - "keyset_id": 701, - "site_id": 7, - "name": "My keyset #7", - "allowed_sites": [2, 3, 4], + "allowed_sites": [ + 2, + 3, + 4 + ], "created": 1617149276, + "default": true, "enabled": true, - "default": true + "keyset_id": 701, + "name": "My keyset #7", + "site_id": 7 }, { - "keyset_id": 801, - "site_id": 8, - "name": "My keyset #5", - "allowed_sites": [2, 3, 4], + "allowed_sites": [ + 2, + 3, + 4 + ], "created": 1617149276, + "default": true, "enabled": true, - "default": true + "keyset_id": 801, + "name": "My keyset #5", + "site_id": 8 } ]