Merge pull request #164 from IABTechLab/cbc-UID2-4379-rename-s3-encryption-cloud-encryption

cody-constine-ttd · web-flow · commit aeaba3ae53a9 · 2024-11-20T15:02:33.000-07:00
Started the rename of core too
diff --git a/.github/workflows/check-stable-dependency.yaml b/.github/workflows/check-stable-dependency.yaml
@@ -3,5 +3,5 @@ on: [pull_request, workflow_dispatch]
 
 jobs:
   check_dependency:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v2
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v3
     secrets: inherit
diff --git a/conf/default-config.json b/conf/default-config.json
@@ -17,5 +17,5 @@
     "att_token_enc_key": null,
     "att_token_enc_salt": null,
     "enforceJwt": false,
-    "s3_keys_metadata_path": null
+    "cloud_encryption_keys_metadata_path": null
 }
diff --git a/conf/integ-config.json b/conf/integ-config.json
@@ -18,5 +18,5 @@
     "keyset_keys_metadata_path": "uid2/keyset_keys/metadata.json",
     "salts_metadata_path": "uid2/salts/metadata.json",
     "enforceJwt": false,
-    "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json"
+    "cloud_encryption_keys_metadata_path": "uid2/cloud_encryption_keys/metadata.json"
 }
diff --git a/conf/local-config.json b/conf/local-config.json
@@ -19,5 +19,5 @@
     "att_token_enc_salt": "<salt-for-attestation-token>",
     "provide_private_site_data": true,
     "enforceJwt": false,
-    "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json"
+    "cloud_encryption_keys_metadata_path": "/com.uid2.core/test/cloud_encryption_keys/metadata.json"
 }
diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json
@@ -33,5 +33,5 @@
     "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB",
     "core_public_url": "http://localhost:8088",
     "optout_url": "http://localhost:8081",
-    "s3_keys_metadata_path": "s3encryption_keys/metadata.json"
+    "cloud_keys_metadata_path": "cloud_encryption_keys/metadata.json"
 }
diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json
@@ -32,5 +32,5 @@
   "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB",
   "core_public_url": "http://core:8088",
   "optout_url": "http://optout:8081",
-  "s3_keys_metadata_path": "s3encryption_keys/metadata.json"
+  "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json"
 }
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-core</artifactId>
-    <version>2.20.14</version>
+    <version>2.20.19-alpha-58-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -24,7 +24,7 @@
         <vertx.verticle>com.uid2.core.vertx.CoreVerticle</vertx.verticle>
         <launcher.class>io.vertx.core.Launcher</launcher.class>
 
-        <uid2-shared.version>7.21.7</uid2-shared.version>
+        <uid2-shared.version>8.0.0</uid2-shared.version>
         <image.version>${project.version}</image.version>
     </properties>
 
@@ -97,11 +97,6 @@
             <artifactId>vertx-web-client</artifactId>
             <version>${vertx.version}</version>
         </dependency>
-        <dependency>
-            <groupId>com.google.auth</groupId>
-            <artifactId>google-auth-library-oauth2-http</artifactId>
-            <version>1.23.0</version>
-        </dependency>
         <dependency>
             <groupId>io.vertx</groupId>
             <artifactId>vertx-micrometer-metrics</artifactId>
diff --git a/src/main/java/com/uid2/core/Main.java b/src/main/java/com/uid2/core/Main.java
@@ -14,8 +14,8 @@
 import com.uid2.shared.attest.JwtService;
 import com.uid2.shared.auth.EnclaveIdentifierProvider;
 import com.uid2.shared.auth.RotatingOperatorKeyProvider;
-import com.uid2.shared.store.reader.RotatingS3KeyProvider;
-import com.uid2.shared.model.S3Key;
+import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider;
+import com.uid2.shared.model.CloudEncryptionKey;
 import com.uid2.shared.cloud.CloudUtils;
 import com.uid2.shared.cloud.EmbeddedResourceStorage;
 import com.uid2.shared.cloud.ICloudStorage;
@@ -106,7 +106,7 @@ public static void main(String[] args) {
 
             RotatingStoreVerticle enclaveRotatingVerticle = null;
             RotatingStoreVerticle operatorRotatingVerticle = null;
-            RotatingStoreVerticle s3KeyRotatingVerticle = null;
+            RotatingStoreVerticle cloudEncryptionKeyRotatingVerticle = null;
             CoreVerticle coreVerticle = null;
             try {
                 CloudPath operatorMetadataPath = new CloudPath(config.getString(Const.Config.OperatorsMetadataPathProp));
@@ -118,10 +118,10 @@ public static void main(String[] args) {
                 EnclaveIdentifierProvider enclaveIdProvider = new EnclaveIdentifierProvider(cloudStorage, enclaveMetadataPath);
                 enclaveRotatingVerticle = new RotatingStoreVerticle("enclaves", 60000, enclaveIdProvider);
 
-                CloudPath s3KeyMetadataPath = new CloudPath(config.getString(Const.Config.S3keysMetadataPathProp));
-                GlobalScope s3KeyScope = new GlobalScope(s3KeyMetadataPath);
-                RotatingS3KeyProvider s3KeyProvider = new RotatingS3KeyProvider(cloudStorage, s3KeyScope);
-                s3KeyRotatingVerticle = new RotatingStoreVerticle("s3encryption_keys", 60000, s3KeyProvider);
+                CloudPath cloudEncryptionKeyMetadataPath = new CloudPath(config.getString(Const.Config.CloudEncryptionKeysMetadataPathProp));
+                GlobalScope cloudEncryptionKeyScope = new GlobalScope(cloudEncryptionKeyMetadataPath);
+                RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider = new RotatingCloudEncryptionKeyProvider(cloudStorage, cloudEncryptionKeyScope);
+                cloudEncryptionKeyRotatingVerticle = new RotatingStoreVerticle("cloud_encryption_keys", 60000, cloudEncryptionKeyProvider);
 
                 String corePublicUrl = ConfigStore.Global.get(Const.Config.CorePublicUrlProp);
                 AttestationService attestationService = new AttestationService()
@@ -157,15 +157,15 @@ public static void main(String[] args) {
 
                 JwtService jwtService = new JwtService(config);
 
-                coreVerticle = new CoreVerticle(cloudStorage, operatorKeyProvider, attestationService, attestationTokenService, enclaveIdProvider, operatorJWTTokenProvider, jwtService, s3KeyProvider);
+                coreVerticle = new CoreVerticle(cloudStorage, operatorKeyProvider, attestationService, attestationTokenService, enclaveIdProvider, operatorJWTTokenProvider, jwtService, cloudEncryptionKeyProvider);
             } catch (Exception e) {
                 System.out.println("failed to initialize core verticle: " + e.getMessage());
                 System.exit(-1);
             }
 
             vertx.deployVerticle(enclaveRotatingVerticle);
             vertx.deployVerticle(operatorRotatingVerticle);
-            vertx.deployVerticle(s3KeyRotatingVerticle);
+            vertx.deployVerticle(cloudEncryptionKeyRotatingVerticle);
             vertx.deployVerticle(coreVerticle);
         });
     }
diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java
@@ -50,8 +50,9 @@
 import java.time.Instant;
 import java.util.*;
 
-import com.uid2.shared.store.reader.RotatingS3KeyProvider;
-import com.uid2.shared.model.S3Key;
+import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider;
+import com.uid2.shared.model.CloudEncryptionKey;
+
 
 import static com.uid2.shared.Const.Config.EnforceJwtProp;
 
@@ -79,7 +80,7 @@ public class CoreVerticle extends AbstractVerticle {
     private final ISaltMetadataProvider saltMetadataProvider;
     private final IPartnerMetadataProvider partnerMetadataProvider;
     private final OperatorJWTTokenProvider operatorJWTTokenProvider;
-    private final RotatingS3KeyProvider s3KeyProvider;
+    private final RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider;
 
     public CoreVerticle(ICloudStorage cloudStorage,
                         IAuthorizableProvider authProvider,
@@ -88,7 +89,7 @@ public CoreVerticle(ICloudStorage cloudStorage,
                         IEnclaveIdentifierProvider enclaveIdentifierProvider,
                         OperatorJWTTokenProvider operatorJWTTokenProvider,
                         JwtService jwtService,
-                        RotatingS3KeyProvider s3KeyProvider) throws Exception {
+                        RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) throws Exception {
         this.operatorJWTTokenProvider = operatorJWTTokenProvider;
         this.healthComponent.setHealthStatus(false, "not started");
 
@@ -98,7 +99,7 @@ public CoreVerticle(ICloudStorage cloudStorage,
         this.attestationTokenService = attestationTokenService;
         this.enclaveIdentifierProvider = enclaveIdentifierProvider;
         this.enclaveIdentifierProvider.addListener(this.attestationService);
-        this.s3KeyProvider = s3KeyProvider;
+        this.cloudEncryptionKeyProvider = cloudEncryptionKeyProvider;
 
         final String jwtAudience = ConfigStore.Global.get(Const.Config.CorePublicUrlProp);
         final String jwtIssuer = ConfigStore.Global.get(Const.Config.CorePublicUrlProp);
@@ -178,7 +179,7 @@ private Router createRoutesSetup() {
         router.post("/attest")
                 .handler(new AttestationFailureHandler())
                 .handler(auth.handle(this::handleAttestAsync, Role.OPERATOR, Role.OPTOUT_SERVICE));
-        router.get("/s3encryption_keys/retrieve").handler(auth.handle(attestationMiddleware.handle(this::handleS3EncryptionKeysRetrieval), Role.OPERATOR));
+        router.get("/cloud_encryption_keys/retrieve").handler(auth.handle(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), Role.OPERATOR));
         router.get("/sites/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleSiteRefresh), Role.OPERATOR));
         router.get("/key/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyRefresh), Role.OPERATOR));
         router.get("/key/acl/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyAclRefresh), Role.OPERATOR));
@@ -609,24 +610,24 @@ private void handleEnclaveUnregister(RoutingContext rc) {
         handleEnclaveChange(rc, true);
     }
 
-    void handleS3EncryptionKeysRetrieval(RoutingContext rc) {
+    void handleCloudEncryptionKeysRetrieval(RoutingContext rc) {
         try {
             OperatorInfo info = OperatorInfo.getOperatorInfo(rc);
             int siteId = info.getSiteId();
-            List<S3Key> s3Keys = s3KeyProvider.getKeys(siteId);
+            List<CloudEncryptionKey> cloudEncryptionKeys = cloudEncryptionKeyProvider.getKeys(siteId);
 
-            if (s3Keys == null || s3Keys.isEmpty()) {
-                Error("No S3 keys found", 500, rc, "No S3 keys found for siteId: " + siteId);
+            if (cloudEncryptionKeys == null || cloudEncryptionKeys.isEmpty()) {
+                Error("No Cloud Encryption keys found", 500, rc, "No Cloud Encryption keys found for siteId: " + siteId);
                 return;
             }
 
             JsonObject response = new JsonObject()
-                    .put("s3Keys", new JsonArray(s3Keys));
+                    .put("cloudEncryptionKeys", new JsonArray(cloudEncryptionKeys));
 
             rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json")
                     .end(response.encode());
         } catch (Exception e) {
-            logger.error("Error in handleRefreshS3Keys: ", e);
+            logger.error("Error in handleRefreshCloudEncryptionKeys: ", e);
             Error("error", 500, rc, "error generating attestation token");
         }
     }
diff --git a/src/main/resources/com.uid2.core/test/cloud_encryption_keys/cloud_encryption_keys.json b/src/main/resources/com.uid2.core/test/cloud_encryption_keys/cloud_encryption_keys.json
diff --git a/src/main/resources/com.uid2.core/test/cloud_encryption_keys/metadata.json b/src/main/resources/com.uid2.core/test/cloud_encryption_keys/metadata.json
@@ -0,0 +1,7 @@
+{
+  "version": 1,
+  "generated": 1620253519,
+  "cloud_encryption_keys": {
+    "location": "/com.uid2.core/test/cloud_encryption_keys/cloud_encryption_keys.json"
+  }
+}
diff --git a/src/main/resources/com.uid2.core/test/s3encryption_keys/metadata.json b/src/main/resources/com.uid2.core/test/s3encryption_keys/metadata.json
diff --git a/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java b/src/test/java/com/uid2/core/vertx/TestCoreVerticle.java
diff --git a/src/test/resources/com.uid2.core/model/test-config.json b/src/test/resources/com.uid2.core/model/test-config.json

Original file line number	Diff line number	Diff line change
`@@ -17,5 +17,5 @@`
`17`	`17`	`"att_token_enc_key": null,`
`18`	`18`	`"att_token_enc_salt": null,`
`19`	`19`	`"enforceJwt": false,`
`20`		`- "s3_keys_metadata_path": null`
	`20`	`+ "cloud_encryption_keys_metadata_path": null`
`21`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,5 +18,5 @@`
`18`	`18`	`"keyset_keys_metadata_path": "uid2/keyset_keys/metadata.json",`
`19`	`19`	`"salts_metadata_path": "uid2/salts/metadata.json",`
`20`	`20`	`"enforceJwt": false,`
`21`		`- "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json"`
	`21`	`+ "cloud_encryption_keys_metadata_path": "uid2/cloud_encryption_keys/metadata.json"`
`22`	`22`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,5 +19,5 @@`
`19`	`19`	`"att_token_enc_salt": "<salt-for-attestation-token>",`
`20`	`20`	`"provide_private_site_data": true,`
`21`	`21`	`"enforceJwt": false,`
`22`		`- "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json"`
	`22`	`+ "cloud_encryption_keys_metadata_path": "/com.uid2.core/test/cloud_encryption_keys/metadata.json"`
`23`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,5 +33,5 @@`
`33`	`33`	`"aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB",`
`34`	`34`	`"core_public_url": "http://localhost:8088",`
`35`	`35`	`"optout_url": "http://localhost:8081",`
`36`		`- "s3_keys_metadata_path": "s3encryption_keys/metadata.json"`
	`36`	`+ "cloud_keys_metadata_path": "cloud_encryption_keys/metadata.json"`
`37`	`37`	`}`
Original file line number	Diff line number	Diff line change
`@@ -32,5 +32,5 @@`
`32`	`32`	`"aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB",`
`33`	`33`	`"core_public_url": "http://core:8088",`
`34`	`34`	`"optout_url": "http://optout:8081",`
`35`		`- "s3_keys_metadata_path": "s3encryption_keys/metadata.json"`
	`35`	`+ "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json"`
`36`	`36`	`}`