Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: IABTechLab/uid2-shared
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v9.3.0
Choose a base ref
...
head repository: IABTechLab/uid2-shared
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref
17 contributors
Loading
Showing with 1,687 additions and 209 deletions.
  1. +16 −16 pom.xml
  2. +2 −0 src/main/java/com/uid2/shared/Const.java
  3. +10 −4 src/main/java/com/uid2/shared/attest/AttestationResponseHandler.java
  4. +6 −1 src/main/java/com/uid2/shared/attest/JwtService.java
  5. +8 −0 src/main/java/com/uid2/shared/attest/JwtValidationResponse.java
  6. +14 −12 src/main/java/com/uid2/shared/attest/UidCoreClient.java
  7. +7 −4 src/main/java/com/uid2/shared/attest/UidOptOutClient.java
  8. +463 −0 src/main/java/com/uid2/shared/audit/Audit.java
  9. +20 −0 src/main/java/com/uid2/shared/audit/AuditParams.java
  10. +44 −0 src/main/java/com/uid2/shared/audit/UidInstanceIdProvider.java
  11. +2 −2 src/main/java/com/uid2/shared/auth/AuthorizableStore.java
  12. +3 −0 src/main/java/com/uid2/shared/cloud/CloudStorageS3.java
  13. +28 −19 src/main/java/com/uid2/shared/health/HealthManager.java
  14. +7 −1 src/main/java/com/uid2/shared/health/PodTerminationMonitor.java
  15. +14 −4 src/main/java/com/uid2/shared/middleware/AttestationMiddleware.java
  16. +46 −7 src/main/java/com/uid2/shared/middleware/AuthMiddleware.java
  17. +40 −3 src/main/java/com/uid2/shared/model/Service.java
  18. +24 −4 src/main/java/com/uid2/shared/model/ServiceLink.java
  19. +8 −2 src/main/java/com/uid2/shared/optout/OptOutHeap.java
  20. +6 −1 src/main/java/com/uid2/shared/optout/OptOutPartition.java
  21. +0 −25 src/main/java/com/uid2/shared/optout/OptOutUtils.java
  22. +4 −2 src/main/java/com/uid2/shared/secure/nitro/AttestationRequest.java
  23. +3 −1 src/main/java/com/uid2/shared/store/parser/ServiceParser.java
  24. +1 −1 src/main/java/com/uid2/shared/util/CloudEncryptionHelpers.java
  25. +6 −0 src/main/java/com/uid2/shared/util/Mapper.java
  26. +10 −10 src/main/java/com/uid2/shared/vertx/CloudSyncVerticle.java
  27. +2 −2 src/main/java/com/uid2/shared/vertx/RequestCapturingHandler.java
  28. +6 −6 src/main/java/com/uid2/shared/vertx/RotatingStoreVerticle.java
  29. +2 −1 src/test/java/com/uid2/shared/attest/AttestationResponseHandlerTest.java
  30. +4 −2 src/test/java/com/uid2/shared/attest/JwtServiceTest.java
  31. +4 −1 src/test/java/com/uid2/shared/attest/UidCoreClientTest.java
  32. +2 −1 src/test/java/com/uid2/shared/attest/UidOptOutClientTest.java
  33. +610 −0 src/test/java/com/uid2/shared/audit/AuditTest.java
  34. +62 −5 src/test/java/com/uid2/shared/health/HealthManagerTest.java
  35. +48 −4 src/test/java/com/uid2/shared/middleware/AttestationMiddlewareTest.java
  36. +83 −1 src/test/java/com/uid2/shared/middleware/AuthMiddlewareTest.java
  37. +3 −2 src/test/java/com/uid2/shared/optout/OptOutHeapTest.java
  38. +0 −42 src/test/java/com/uid2/shared/optout/OptOutUtilsTest.java
  39. +29 −10 src/test/java/com/uid2/shared/store/RotatingServiceLinkStoreTest.java
  40. +33 −6 src/test/java/com/uid2/shared/store/RotatingServiceStoreTest.java
  41. +6 −6 src/test/java/com/uid2/shared/vertx/RequestCapturingHandlerTest.java
  42. +1 −1 version.json
32 changes: 16 additions & 16 deletions pom.xml
View file
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@

<groupId>com.uid2</groupId>
<artifactId>uid2-shared</artifactId>
<version>9.3.0</version>
<version>10.8.6</version>
<name>${project.groupId}:${project.artifactId}</name>
<description>Library for all the shared uid2 operations</description>
<url>https://github.com/IABTechLab/uid2docs</url>
@@ -34,8 +34,9 @@

<repositories>
<repository>
<id>snapshots-repo</id>
<url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
<name>Central Portal Snapshots</name>
<id>central-portal-snapshots</id>
<url>https://central.sonatype.com/repository/maven-snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
@@ -49,10 +50,11 @@
<url>https://repo.maven.apache.org/maven2/</url>
</repository>
</repositories>

<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
<id>central</id>
<url>https://central.sonatype.com/repository/maven-snapshots/</url>
</snapshotRepository>
</distributionManagement>

@@ -297,17 +299,6 @@
<argLine>-XX:+EnableDynamicAgentLoading</argLine>
</configuration>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.7.0</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>false</autoReleaseAfterClose>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
@@ -376,6 +367,15 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.central</groupId>
<artifactId>central-publishing-maven-plugin</artifactId>
<version>0.7.0</version>
<extensions>true</extensions>
<configuration>
<publishingServerId>central</publishingServerId>
</configuration>
</plugin>
</plugins>
</build>
</project>
2 changes: 2 additions & 0 deletions src/main/java/com/uid2/shared/Const.java
View file
Original file line number Diff line number Diff line change
@@ -30,6 +30,8 @@ public static class Config {
// this file stores integration config values, e.g. it communicates with other uid2 services that runs locally.
public static final String INTEG_CONFIG_PATH = "conf" + File.separator + "integ-config.json";

public static final String UidInstanceIdPrefixProp = "uid_instance_id_prefix";

// GCP
public static final String GoogleCredentialsProp = "google_credentials";
public static final String GcpEnclaveParamsProp = "gcp_enclave_params";
14 changes: 10 additions & 4 deletions src/main/java/com/uid2/shared/attest/AttestationResponseHandler.java
View file
Original file line number Diff line number Diff line change
@@ -2,6 +2,8 @@

import com.uid2.enclave.IAttestationProvider;
import com.uid2.shared.*;
import com.uid2.shared.audit.Audit;
import com.uid2.shared.audit.UidInstanceIdProvider;
import com.uid2.shared.util.URLConnectionHttpClient;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
@@ -41,6 +43,7 @@ public class AttestationResponseHandler {
private final IClock clock;
private final Vertx vertx;
private final URLConnectionHttpClient httpClient;
private final UidInstanceIdProvider uidInstanceIdProvider;
private boolean isExpiryCheckScheduled;
private AtomicBoolean isAttesting;
// Set this to be Instant.MAX so that if it's not set it won't trigger the re-attest
@@ -59,8 +62,9 @@ public AttestationResponseHandler(Vertx vertx,
ApplicationVersion appVersion,
IAttestationProvider attestationProvider,
Handler<Pair<AttestationResponseCode, String>> responseWatcher,
Proxy proxy) {
this(vertx, attestationEndpoint, clientApiToken, operatorType, appVersion, attestationProvider, responseWatcher, proxy, new InstantClock(), null, null, 60000);
Proxy proxy,
UidInstanceIdProvider uidInstanceIdProvider) {
this(vertx, attestationEndpoint, clientApiToken, operatorType, appVersion, attestationProvider, responseWatcher, proxy, new InstantClock(), null, null, 60000, uidInstanceIdProvider);
}

public AttestationResponseHandler(Vertx vertx,
@@ -74,7 +78,8 @@ public AttestationResponseHandler(Vertx vertx,
IClock clock,
URLConnectionHttpClient httpClient,
AttestationTokenDecryptor attestationTokenDecryptor,
int attestCheckMilliseconds) {
int attestCheckMilliseconds,
UidInstanceIdProvider uidInstanceIdProvider) {
this.vertx = vertx;
this.attestationEndpoint = attestationEndpoint;
this.encodedAttestationEndpoint = this.encodeStringUnicodeAttestationEndpoint(attestationEndpoint);
@@ -110,7 +115,7 @@ public AttestationResponseHandler(Vertx vertx,
.append(kv.getValue());
}
this.appVersionHeader = builder.toString();

this.uidInstanceIdProvider = uidInstanceIdProvider;
}

private void attestationExpirationCheck(long timerId) {
@@ -174,6 +179,7 @@ public void attest() throws IOException, AttestationResponseHandlerException {
headers.put("Content-Type", "application/json");
headers.put("Authorization", "Bearer " + this.clientApiToken);
headers.put(Const.Http.AppVersionHeader, this.appVersionHeader);
headers.put(Audit.UID_INSTANCE_ID_HEADER, this.uidInstanceIdProvider.getInstanceId());

HttpResponse<String> response = httpClient.post(attestationEndpoint, requestJson.toString(), headers);

7 changes: 6 additions & 1 deletion src/main/java/com/uid2/shared/attest/JwtService.java
View file
Original file line number Diff line number Diff line change
@@ -73,14 +73,19 @@ public JwtValidationResponse validateJwt(String jwt, String audience, String iss
// verify checks that the token has not expired
JsonWebSignature signature = tokenVerifier.verify(jwt);
JsonWebToken.Payload webToken = signature.getPayload();
String jti = webToken.get("jti").toString();
if (jti == null) {
jti = "unknown";
}
response = new JwtValidationResponse(true)
.withSubject(webToken.get("sub").toString())
.withRoles(webToken.get("roles").toString())
.withEnclaveId(webToken.get("enclaveId").toString())
.withEnclaveType(webToken.get("enclaveType").toString())
.withSiteId(Integer.valueOf(webToken.get("siteId").toString()))
.withOperatorVersion(webToken.get("operatorVersion").toString())
.withAudience(webToken.get("aud").toString());
.withAudience(webToken.get("aud").toString())
.withJti(jti);

// return the first verified response
return response;
8 changes: 8 additions & 0 deletions src/main/java/com/uid2/shared/attest/JwtValidationResponse.java
View file
Original file line number Diff line number Diff line change
@@ -18,6 +18,7 @@ public class JwtValidationResponse {

private String audience;
private String subject;
private String jti;

public JwtValidationResponse(boolean isValid) {
this.isValid = isValid;
@@ -66,6 +67,11 @@ public JwtValidationResponse withSubject(String subject) {
return this;
}

public JwtValidationResponse withJti(String jti) {
this.jti = jti;
return this;
}

public Set<Role> getRoles() {
return this.roles;
}
@@ -103,4 +109,6 @@ public String getAudience() {
public String getSubject() {
return subject;
}

public String getJti() { return jti; }
}
26 changes: 14 additions & 12 deletions src/main/java/com/uid2/shared/attest/UidCoreClient.java
View file
Original file line number Diff line number Diff line change
@@ -2,6 +2,8 @@

import com.uid2.shared.Const;
import com.uid2.shared.Utils;
import com.uid2.shared.audit.Audit;
import com.uid2.shared.audit.UidInstanceIdProvider;
import com.uid2.shared.cloud.*;
import com.uid2.shared.util.URLConnectionHttpClient;
import org.slf4j.Logger;
@@ -18,34 +20,32 @@ public class UidCoreClient implements IUidCoreClient, DownloadCloudStorage {
private final ICloudStorage contentStorage;
private final Proxy proxy;
private final URLConnectionHttpClient httpClient;
private final UidInstanceIdProvider uidInstanceIdProvider;
private String userToken;
private final String appVersionHeader;
private boolean allowContentFromLocalFileSystem = false;
private boolean encryptionEnabled;
private final AttestationResponseHandler attestationResponseHandler;


public static UidCoreClient createNoAttest(String userToken, AttestationResponseHandler attestationResponseHandler) {
return new UidCoreClient(userToken, CloudUtils.defaultProxy, attestationResponseHandler, null, false);
public static UidCoreClient createNoAttest(String userToken, AttestationResponseHandler attestationResponseHandler, UidInstanceIdProvider uidInstanceIdProvider) {
return new UidCoreClient(userToken, CloudUtils.defaultProxy, attestationResponseHandler, null, false, uidInstanceIdProvider);
}

public UidCoreClient(String userToken,
Proxy proxy,
AttestationResponseHandler attestationResponseHandler) {
this(userToken, proxy, attestationResponseHandler, null, false);
}

public UidCoreClient(String userToken,
Proxy proxy,
AttestationResponseHandler attestationResponseHandler, boolean encryptionEnabled) {
this(userToken, proxy, attestationResponseHandler, null, encryptionEnabled);
AttestationResponseHandler attestationResponseHandler,
boolean encryptionEnabled,
UidInstanceIdProvider uidInstanceIdProvider) {
this(userToken, proxy, attestationResponseHandler, null, encryptionEnabled, uidInstanceIdProvider);
}

public UidCoreClient(String userToken,
Proxy proxy,
AttestationResponseHandler attestationResponseHandler,
URLConnectionHttpClient httpClient,
boolean encryptionEnabled) {
URLConnectionHttpClient httpClient,
boolean encryptionEnabled,
UidInstanceIdProvider uidInstanceIdProvider) {
this.encryptionEnabled = encryptionEnabled;
this.proxy = proxy;
this.userToken = userToken;
@@ -62,6 +62,7 @@ public UidCoreClient(String userToken,
}

this.appVersionHeader = attestationResponseHandler.getAppVersionHeader();
this.uidInstanceIdProvider = uidInstanceIdProvider;
}

@Override
@@ -125,6 +126,7 @@ private HttpResponse<String> sendHttpRequest(String path, String attestationToke
if (attestationToken != null && !attestationToken.isBlank()) {
headers.put(Const.Attestation.AttestationTokenHeader, attestationToken);
}
headers.put(Audit.UID_INSTANCE_ID_HEADER, this.uidInstanceIdProvider.getInstanceId());

String jwtToken = this.getJWT();
if (jwtToken != null && !jwtToken.isBlank()) {
11 changes: 7 additions & 4 deletions src/main/java/com/uid2/shared/attest/UidOptOutClient.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package com.uid2.shared.attest;

import com.uid2.shared.audit.UidInstanceIdProvider;
import com.uid2.shared.cloud.CloudStorageException;
import com.uid2.shared.util.URLConnectionHttpClient;
import org.slf4j.Logger;
@@ -16,16 +17,18 @@ public class UidOptOutClient extends UidCoreClient {

public UidOptOutClient(String userToken,
Proxy proxy,
AttestationResponseHandler attestationResponseHandler) {
super(userToken, proxy, attestationResponseHandler, null, false);
AttestationResponseHandler attestationResponseHandler,
UidInstanceIdProvider uidInstanceIdProvider) {
super(userToken, proxy, attestationResponseHandler, null, false, uidInstanceIdProvider);
this.attestationResponseHandler = attestationResponseHandler;
}

public UidOptOutClient(String userToken,
Proxy proxy,
AttestationResponseHandler attestationResponseHandler,
URLConnectionHttpClient httpClient) {
super(userToken, proxy, attestationResponseHandler, httpClient, false);
URLConnectionHttpClient httpClient,
UidInstanceIdProvider uidInstanceIdProvider) {
super(userToken, proxy, attestationResponseHandler, httpClient, false, uidInstanceIdProvider);
this.attestationResponseHandler = attestationResponseHandler;
}

Loading