diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index d4f6652b4..db1c10e95 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -12,4 +12,6 @@ repos:
- /src/target
- --skip-dirs
- /src/.idea
+ - --skip-files
+ - /src/e2e/docker/localstack/kms/seed.yaml
- .
diff --git a/pom.xml b/pom.xml
index a62bb4c42..4f13bce5b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
com.uid2
uid2-operator
- 5.15.0-c27b2a6789
+ 5.15.3-SNAPSHOT
UTF-8
@@ -22,10 +22,22 @@
1.1.0
1.1.0
1.3.4-649b0b4f7f
- 5.6.0-12560c8d0d
+ 5.7.0-b6571a9981
${project.version}
-
+
+
+ maven-snapshots
+ https://s01.oss.sonatype.org/content/repositories/snapshots/
+ default
+
+ false
+
+
+ true
+
+
+
com.google.guava
diff --git a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
index 2c4d5aa65..ef77739b0 100644
--- a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
+++ b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
@@ -19,6 +19,8 @@
import com.uid2.shared.encryption.Random;
import com.uid2.shared.encryption.Uid2Base64UrlCoder;
import com.uid2.shared.model.*;
+import com.uid2.shared.secret.KeyHashResult;
+import com.uid2.shared.secret.KeyHasher;
import com.uid2.shared.store.*;
import com.uid2.shared.store.reader.RotatingKeysetProvider;
import io.micrometer.core.instrument.Metrics;
@@ -59,7 +61,6 @@
import static com.uid2.operator.ClientSideTokenGenerateTestUtil.decrypt;
import static com.uid2.operator.service.EncodingUtils.getSha256;
-import static com.uid2.operator.service.V2RequestUtil.V2_REQUEST_TIMESTAMP_DRIFT_THRESHOLD_IN_MINUTES;
import static com.uid2.operator.vertx.UIDOperatorVerticle.OPT_OUT_CHECK_CUTOFF_DATE;
import static com.uid2.shared.Const.Data.*;
import static org.junit.jupiter.api.Assertions.*;
@@ -76,6 +77,8 @@ public class UIDOperatorVerticleTest {
private static final Duration identityExpiresAfter = Duration.ofMinutes(10);
private static final Duration refreshExpiresAfter = Duration.ofMinutes(15);
private static final Duration refreshIdentityAfter = Duration.ofMinutes(5);
+ private static final KeyHasher keyHasher = new KeyHasher();
+ private static final String clientKey = "UID2-C-L-999-fCXrMM.fsR3mDqAXELtWWMS+xG1s7RdgRTMqdOH2qaAo=";
private static final byte[] clientSecret = Random.getRandomKeyBytes();
private static final String clientSideTokenGenerateSubscriptionId = "4WvryDGbR5";
private static final String clientSideTokenGeneratePublicKey = "UID2-X-L-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsziOqRXZ7II0uJusaMxxCxlxgj8el/MUYLFMtWfB71Q3G1juyrAnzyqruNiPPnIuTETfFOridglP9UQNlwzNQg==";
@@ -154,11 +157,12 @@ private static byte[] makeAesKey(String prefix) {
protected void fakeAuth(int siteId, Role... roles) {
fakeAuth(siteId, legacyClientCreationDateTime, roles);
}
+
protected void fakeAuth(int siteId, Instant created, Role... roles) {
+ KeyHashResult khr = keyHasher.hashKey(clientKey);
ClientKey clientKey = new ClientKey(
- "test-key",
- "UID2-C-L-999-fCXrMM.fsR3mDqAXELtWWMS+xG1s7RdgRTMqdOH2qaAo=",
- "fsSGnDxa/V9eJZ9Tas+dowwyO/X1UsC68RN9qM2xUu9ZOaKEOv9EVd7pkt3As/nE5B6TRu0PzK+IDzSQhD1+rw==",
+ khr.getHash(),
+ khr.getSalt(),
Utils.toBase64String(clientSecret),
"test-contact",
created,
@@ -323,7 +327,7 @@ private void get(Vertx vertx, String endpoint, Handler req = client.getAbs(getUrlForEndpoint(endpoint));
if (ck != null)
- req.putHeader("Authorization", "Bearer " + ck.getKey());
+ req.putHeader("Authorization", "Bearer " + clientKey);
req.send(handler);
}
@@ -332,7 +336,7 @@ private void post(Vertx vertx, String endpoint, JsonObject body, Handler req = client.postAbs(getUrlForEndpoint(endpoint));
if (ck != null)
- req.putHeader("Authorization", "Bearer " + ck.getKey());
+ req.putHeader("Authorization", "Bearer " + clientKey);
req.sendJsonObject(body, handler);
}
@@ -352,7 +356,7 @@ private void postV2(ClientKey ck, Vertx vertx, String endpoint, JsonObject body,
bufBody.appendBytes(AesGcm.encrypt(b.getBytes(), ck.getSecretBytes()));
}
- final String apiKey = ck == null ? "" : ck.getKey();
+ final String apiKey = ck == null ? "" : clientKey;
HttpRequest request = client.postAbs(getUrlForEndpoint(endpoint))
.putHeader("Authorization", "Bearer " + apiKey)
.putHeader("content-type", "text/plain");
@@ -792,10 +796,24 @@ void identityMapNewClientWrongPolicySpecified(Vertx vertx, VertxTestContext test
@Test
void identityMapNewClientNoPolicySpecifiedOlderKeySuccessful(Vertx vertx, VertxTestContext testContext) {
- ClientKey newClientKey = new ClientKey("test-key", null, null, Utils.toBase64String(clientSecret), newClientCreationDateTime)
- .withSiteId(201).withRoles(Set.of(Role.MAPPER)).withContact("test-contact");
- ClientKey oldClientKey = new ClientKey("test-key", null, null, Utils.toBase64String(clientSecret), newClientCreationDateTime.minusSeconds(5))
- .withSiteId(201).withRoles(Set.of(Role.MAPPER)).withContact("test-contact");
+ ClientKey newClientKey = new ClientKey(
+ null,
+ null,
+ Utils.toBase64String(clientSecret),
+ "test-contact",
+ newClientCreationDateTime,
+ Set.of(Role.MAPPER),
+ 201
+ );
+ ClientKey oldClientKey = new ClientKey(
+ null,
+ null,
+ Utils.toBase64String(clientSecret),
+ "test-contact",
+ newClientCreationDateTime.minusSeconds(5),
+ Set.of(Role.MAPPER),
+ 201
+ );
when(clientKeyProvider.get(any())).thenReturn(newClientKey);
when(clientKeyProvider.getClientKey(any())).thenReturn(newClientKey);
when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
@@ -816,10 +834,24 @@ void identityMapNewClientNoPolicySpecifiedOlderKeySuccessful(Vertx vertx, VertxT
@Test
void identityMapNewClientWrongPolicySpecifiedOlderKeySuccessful(Vertx vertx, VertxTestContext testContext) {
- ClientKey newClientKey = new ClientKey("test-key", null, null, Utils.toBase64String(clientSecret), newClientCreationDateTime)
- .withSiteId(201).withRoles(Set.of(Role.MAPPER)).withContact("test-contact");
- ClientKey oldClientKey = new ClientKey("test-key", null, null, Utils.toBase64String(clientSecret), newClientCreationDateTime.minusSeconds(5))
- .withSiteId(201).withRoles(Set.of(Role.MAPPER)).withContact("test-contact");
+ ClientKey newClientKey = new ClientKey(
+ null,
+ null,
+ Utils.toBase64String(clientSecret),
+ "test-contact",
+ newClientCreationDateTime,
+ Set.of(Role.MAPPER),
+ 201
+ );
+ ClientKey oldClientKey = new ClientKey(
+ null,
+ null,
+ Utils.toBase64String(clientSecret),
+ "test-contact",
+ newClientCreationDateTime.minusSeconds(5),
+ Set.of(Role.MAPPER),
+ 201
+ );
when(clientKeyProvider.get(any())).thenReturn(newClientKey);
when(clientKeyProvider.getClientKey(any())).thenReturn(newClientKey);
when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
@@ -883,10 +915,24 @@ void tokenGenerateNewClientWrongPolicySpecified(Vertx vertx, VertxTestContext te
@Test
void tokenGenerateNewClientNoPolicySpecifiedOlderKeySuccessful(Vertx vertx, VertxTestContext testContext) {
- ClientKey newClientKey = new ClientKey("test-key", null, null, Utils.toBase64String(clientSecret), newClientCreationDateTime)
- .withSiteId(201).withRoles(Set.of(Role.GENERATOR)).withContact("test-contact");
- ClientKey oldClientKey = new ClientKey("test-key", null, null, Utils.toBase64String(clientSecret), newClientCreationDateTime.minusSeconds(5))
- .withSiteId(201).withRoles(Set.of(Role.GENERATOR)).withContact("test-contact");
+ ClientKey newClientKey = new ClientKey(
+ null,
+ null,
+ Utils.toBase64String(clientSecret),
+ "test-contact",
+ newClientCreationDateTime,
+ Set.of(Role.GENERATOR),
+ 201
+ );
+ ClientKey oldClientKey = new ClientKey(
+ null,
+ null,
+ Utils.toBase64String(clientSecret),
+ "test-contact",
+ newClientCreationDateTime.minusSeconds(5),
+ Set.of(Role.GENERATOR),
+ 201
+ );
when(clientKeyProvider.get(any())).thenReturn(newClientKey);
when(clientKeyProvider.getClientKey(any())).thenReturn(newClientKey);
when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
@@ -907,10 +953,24 @@ void tokenGenerateNewClientNoPolicySpecifiedOlderKeySuccessful(Vertx vertx, Vert
@Test
void tokenGenerateNewClientWrongPolicySpecifiedOlderKeySuccessful(Vertx vertx, VertxTestContext testContext) {
- ClientKey newClientKey = new ClientKey("test-key", null, null, Utils.toBase64String(clientSecret), newClientCreationDateTime)
- .withSiteId(201).withRoles(Set.of(Role.GENERATOR)).withContact("test-contact");
- ClientKey oldClientKey = new ClientKey("test-key", null, null, Utils.toBase64String(clientSecret), newClientCreationDateTime.minusSeconds(5))
- .withSiteId(201).withRoles(Set.of(Role.GENERATOR)).withContact("test-contact");
+ ClientKey newClientKey = new ClientKey(
+ null,
+ null,
+ Utils.toBase64String(clientSecret),
+ "test-contact",
+ newClientCreationDateTime,
+ Set.of(Role.GENERATOR),
+ 201
+ );
+ ClientKey oldClientKey = new ClientKey(
+ null,
+ null,
+ Utils.toBase64String(clientSecret),
+ "test-contact",
+ newClientCreationDateTime.minusSeconds(5),
+ Set.of(Role.GENERATOR),
+ 201
+ );
when(clientKeyProvider.get(any())).thenReturn(newClientKey);
when(clientKeyProvider.getClientKey(any())).thenReturn(newClientKey);
when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
diff --git a/src/test/java/com/uid2/operator/service/SecureLinkValidatorServiceTest.java b/src/test/java/com/uid2/operator/service/SecureLinkValidatorServiceTest.java
index 10e76e9c7..cab0c095d 100644
--- a/src/test/java/com/uid2/operator/service/SecureLinkValidatorServiceTest.java
+++ b/src/test/java/com/uid2/operator/service/SecureLinkValidatorServiceTest.java
@@ -65,7 +65,7 @@ void validateRequestReturnsFalseWhenLinkIdNotFound() {
private void setClientKey(int serviceId) {
Map data = new HashMap<>();
- ClientKey key = new ClientKey("", "", "", "", "", "", Instant.now().toEpochMilli(), Set.of(Role.MAPPER), 100, false, serviceId);
+ ClientKey key = new ClientKey("", "", "", "", "", Instant.now().toEpochMilli(), Set.of(Role.MAPPER), 100, false, serviceId);
data.put(AuthMiddleware.API_CLIENT_PROP, key);
when(this.routingContext.data()).thenReturn(data);