Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Commit

Permalink
Cherry Pick changed from pocId to tenantId when encrypting (#251)
Browse files Browse the repository at this point in the history 
Co-authored-by: Morphyum <[email protected]>
  • Loading branch information
@f11h @Morphyum
f11h and Morphyum authored Jul 29, 2022
1 parent d8d041f commit df8606b
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 29 deletions.
14 changes: 6 additions & 8 deletions src/main/java/app/coronawarn/quicktest/controller/ArchiveController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
import java.util.List;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.keycloak.representations.idm.GroupRepresentation;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
Expand All @@ -33,6 +33,8 @@ public class ArchiveController {

private final ArchiveService archiveService;

private final UserManagementControllerUtils utils;

/**
* Endpoint for getting quicktests in longterm archive table by tenantId.
*
Expand All @@ -48,14 +50,10 @@ public class ArchiveController {
})
@GetMapping(value = "", produces = MediaType.APPLICATION_JSON_VALUE)
@Secured({ROLE_COUNTER, ROLE_LAB})
public ResponseEntity<List<ArchiveCipherDtoV1>> findLongtermArchive(@RequestParam(required = false) String tenantId,
@RequestParam(required = false) String pocId) {
public ResponseEntity<List<ArchiveCipherDtoV1>> findLongtermArchiveByPocId(@RequestParam String pocId) {
try {
if (StringUtils.isBlank(tenantId)) {
return ResponseEntity.ok(archiveService.getQuicktestsFromLongtermByPocId(pocId));
} else {
return ResponseEntity.ok(archiveService.getQuicktestsFromLongterm(tenantId, pocId));
}
GroupRepresentation groupRepresentation = utils.checkUserRootGroup();
return ResponseEntity.ok(archiveService.getQuicktestsFromLongterm(pocId, groupRepresentation.getName()));
} catch (JsonProcessingException e) {
log.error("Couldn't parse DB entry.");
throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR);
Expand Down
49 changes: 28 additions & 21 deletions src/main/java/app/coronawarn/quicktest/service/ArchiveService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,11 +81,12 @@ public void moveToArchive() {
if (olderThanInSeconds > 0) {
final LocalDateTime beforeDateTime = LocalDateTime.now().minusSeconds(olderThanInSeconds);
quickTestArchiveRepository.findAllByUpdatedAtBefore(beforeDateTime, PageRequest.of(0, chunkSize))
.map(this::convertQuickTest)
.map(this::buildArchive)
.map(repository::save)
.map(Archive::getHashedGuid)
.forEach(quickTestArchiveRepository::deleteByHashedGuid);
.filter(quickTestArchive -> StringUtils.isNotBlank(quickTestArchive.getPocId()))
.map(this::convertQuickTest)
.map(this::buildArchive)
.map(repository::save)
.map(Archive::getHashedGuid)
.forEach(quickTestArchiveRepository::deleteById);
} else {
log.error("Property 'archive.moveToArchiveJob.older-than-in-seconds' not set.");
}
Expand All @@ -95,27 +96,33 @@ public void moveToArchive() {
/**
* Get longterm archives by pocId.
*/
public List<ArchiveCipherDtoV1> getQuicktestsFromLongtermByPocId(final String pocId)
throws JsonProcessingException {
List<Archive> archives = repository.findAllByPocId(createHash(pocId));
return decryptEntries(null, pocId, archives);
public List<ArchiveCipherDtoV1> getQuicktestsFromLongterm(final String pocId, final String tenantId)
throws JsonProcessingException {
List<Archive> allByPocId = repository.findAllByPocId(createHash(pocId));
List<ArchiveCipherDtoV1> dtos = new ArrayList<>(allByPocId.size());
for (Archive archive : allByPocId) {
try {
final String decrypt = keyProvider.decrypt(archive.getSecret(), tenantId);
final String json = cryptionService.getAesCryption().decrypt(decrypt, archive.getCiphertext());
final ArchiveCipherDtoV1 dto = this.mapper.readValue(json, ArchiveCipherDtoV1.class);
dtos.add(dto);
} catch (final Exception e) {
log.warn("Could not decrypt archive {}", archive.getHashedGuid());
log.warn("Cause: {}", e.getLocalizedMessage());
}
}
return dtos;
}

/**
* Get longterm archives by tenantId.
*/
public List<ArchiveCipherDtoV1> getQuicktestsFromLongterm(final String tenantId, final String pocId)
throws JsonProcessingException {
List<Archive> archives = repository.findAllByTenantId(createHash(tenantId));
return decryptEntries(tenantId, pocId, archives);
}

private List<ArchiveCipherDtoV1> decryptEntries(String tenantId, String pocId, List<Archive> allByTenantId) {
List<ArchiveCipherDtoV1> dtos = new ArrayList<>(allByTenantId.size());
for (Archive archive : allByTenantId) {
public List<ArchiveCipherDtoV1> getQuicktestsFromLongtermByTenantId(final String tenantId) {
List<Archive> allByPocId = repository.findAllByTenantId(createHash(tenantId));
List<ArchiveCipherDtoV1> dtos = new ArrayList<>(allByPocId.size());
for (Archive archive : allByPocId) {
try {
final String context = StringUtils.isAnyBlank(pocId, archive.getPocId()) ? tenantId : pocId;
final String decrypt = keyProvider.decrypt(archive.getSecret(), context);
final String decrypt = keyProvider.decrypt(archive.getSecret(), tenantId);
final String json = cryptionService.getAesCryption().decrypt(decrypt, archive.getCiphertext());
final ArchiveCipherDtoV1 dto = this.mapper.readValue(json, ArchiveCipherDtoV1.class);
dtos.add(dto);
Expand Down Expand Up @@ -201,7 +208,7 @@ String buildIdentifier(final String birthday, final String lastname) {
lastnameId.substring(0, 2).toUpperCase());
return createHash(identifier);
}

String createHash(String in) {
if (StringUtils.isBlank(in)) {
return "";
Expand Down

0 comments on commit df8606b

Please sign in to comment.