From df8606b08c435f0d47db5aa28b801bfc505b43ad Mon Sep 17 00:00:00 2001 From: Felix Dittrich <31076102+f11h@users.noreply.github.com> Date: Fri, 29 Jul 2022 15:51:32 +0200 Subject: [PATCH] Cherry Pick changed from pocId to tenantId when encrypting (#251) Co-authored-by: Morphyum --- .../controller/ArchiveController.java | 14 +++--- .../quicktest/service/ArchiveService.java | 49 +++++++++++-------- 2 files changed, 34 insertions(+), 29 deletions(-) diff --git a/src/main/java/app/coronawarn/quicktest/controller/ArchiveController.java b/src/main/java/app/coronawarn/quicktest/controller/ArchiveController.java index 9916e55f..609bde11 100644 --- a/src/main/java/app/coronawarn/quicktest/controller/ArchiveController.java +++ b/src/main/java/app/coronawarn/quicktest/controller/ArchiveController.java @@ -12,7 +12,7 @@ import java.util.List; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; +import org.keycloak.representations.idm.GroupRepresentation; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; @@ -33,6 +33,8 @@ public class ArchiveController { private final ArchiveService archiveService; + private final UserManagementControllerUtils utils; + /** * Endpoint for getting quicktests in longterm archive table by tenantId. * @@ -48,14 +50,10 @@ public class ArchiveController { }) @GetMapping(value = "", produces = MediaType.APPLICATION_JSON_VALUE) @Secured({ROLE_COUNTER, ROLE_LAB}) - public ResponseEntity> findLongtermArchive(@RequestParam(required = false) String tenantId, - @RequestParam(required = false) String pocId) { + public ResponseEntity> findLongtermArchiveByPocId(@RequestParam String pocId) { try { - if (StringUtils.isBlank(tenantId)) { - return ResponseEntity.ok(archiveService.getQuicktestsFromLongtermByPocId(pocId)); - } else { - return ResponseEntity.ok(archiveService.getQuicktestsFromLongterm(tenantId, pocId)); - } + GroupRepresentation groupRepresentation = utils.checkUserRootGroup(); + return ResponseEntity.ok(archiveService.getQuicktestsFromLongterm(pocId, groupRepresentation.getName())); } catch (JsonProcessingException e) { log.error("Couldn't parse DB entry."); throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR); diff --git a/src/main/java/app/coronawarn/quicktest/service/ArchiveService.java b/src/main/java/app/coronawarn/quicktest/service/ArchiveService.java index e28b72a6..aa29ac50 100644 --- a/src/main/java/app/coronawarn/quicktest/service/ArchiveService.java +++ b/src/main/java/app/coronawarn/quicktest/service/ArchiveService.java @@ -81,11 +81,12 @@ public void moveToArchive() { if (olderThanInSeconds > 0) { final LocalDateTime beforeDateTime = LocalDateTime.now().minusSeconds(olderThanInSeconds); quickTestArchiveRepository.findAllByUpdatedAtBefore(beforeDateTime, PageRequest.of(0, chunkSize)) - .map(this::convertQuickTest) - .map(this::buildArchive) - .map(repository::save) - .map(Archive::getHashedGuid) - .forEach(quickTestArchiveRepository::deleteByHashedGuid); + .filter(quickTestArchive -> StringUtils.isNotBlank(quickTestArchive.getPocId())) + .map(this::convertQuickTest) + .map(this::buildArchive) + .map(repository::save) + .map(Archive::getHashedGuid) + .forEach(quickTestArchiveRepository::deleteById); } else { log.error("Property 'archive.moveToArchiveJob.older-than-in-seconds' not set."); } @@ -95,27 +96,33 @@ public void moveToArchive() { /** * Get longterm archives by pocId. */ - public List getQuicktestsFromLongtermByPocId(final String pocId) - throws JsonProcessingException { - List archives = repository.findAllByPocId(createHash(pocId)); - return decryptEntries(null, pocId, archives); + public List getQuicktestsFromLongterm(final String pocId, final String tenantId) + throws JsonProcessingException { + List allByPocId = repository.findAllByPocId(createHash(pocId)); + List dtos = new ArrayList<>(allByPocId.size()); + for (Archive archive : allByPocId) { + try { + final String decrypt = keyProvider.decrypt(archive.getSecret(), tenantId); + final String json = cryptionService.getAesCryption().decrypt(decrypt, archive.getCiphertext()); + final ArchiveCipherDtoV1 dto = this.mapper.readValue(json, ArchiveCipherDtoV1.class); + dtos.add(dto); + } catch (final Exception e) { + log.warn("Could not decrypt archive {}", archive.getHashedGuid()); + log.warn("Cause: {}", e.getLocalizedMessage()); + } + } + return dtos; } /** * Get longterm archives by tenantId. */ - public List getQuicktestsFromLongterm(final String tenantId, final String pocId) - throws JsonProcessingException { - List archives = repository.findAllByTenantId(createHash(tenantId)); - return decryptEntries(tenantId, pocId, archives); - } - - private List decryptEntries(String tenantId, String pocId, List allByTenantId) { - List dtos = new ArrayList<>(allByTenantId.size()); - for (Archive archive : allByTenantId) { + public List getQuicktestsFromLongtermByTenantId(final String tenantId) { + List allByPocId = repository.findAllByTenantId(createHash(tenantId)); + List dtos = new ArrayList<>(allByPocId.size()); + for (Archive archive : allByPocId) { try { - final String context = StringUtils.isAnyBlank(pocId, archive.getPocId()) ? tenantId : pocId; - final String decrypt = keyProvider.decrypt(archive.getSecret(), context); + final String decrypt = keyProvider.decrypt(archive.getSecret(), tenantId); final String json = cryptionService.getAesCryption().decrypt(decrypt, archive.getCiphertext()); final ArchiveCipherDtoV1 dto = this.mapper.readValue(json, ArchiveCipherDtoV1.class); dtos.add(dto); @@ -201,7 +208,7 @@ String buildIdentifier(final String birthday, final String lastname) { lastnameId.substring(0, 2).toUpperCase()); return createHash(identifier); } - + String createHash(String in) { if (StringUtils.isBlank(in)) { return "";