diff --git a/conf/default-config.json b/conf/default-config.json index ec6f0f65..2ae0c632 100644 --- a/conf/default-config.json +++ b/conf/default-config.json @@ -16,5 +16,6 @@ "partners_metadata_path": null, "att_token_enc_key": null, "att_token_enc_salt": null, - "enforceJwt": false + "enforceJwt": false, + "s3_keys_metadata_path": null } diff --git a/conf/integ-config.json b/conf/integ-config.json index 1c7e837a..136c60fd 100644 --- a/conf/integ-config.json +++ b/conf/integ-config.json @@ -17,5 +17,6 @@ "keysets_metadata_path": "uid2/keysets/metadata.json", "keyset_keys_metadata_path": "uid2/keyset_keys/metadata.json", "salts_metadata_path": "uid2/salts/metadata.json", - "enforceJwt": false + "enforceJwt": false, + "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json" } \ No newline at end of file diff --git a/conf/local-config.json b/conf/local-config.json index 07e983c5..33d3c2ba 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -18,5 +18,6 @@ "att_token_enc_key": "", "att_token_enc_salt": "", "provide_private_site_data": true, - "enforceJwt": false + "enforceJwt": false, + "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json" } diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json index 9c3c5441..eca0c84b 100644 --- a/conf/local-e2e-config.json +++ b/conf/local-e2e-config.json @@ -32,5 +32,6 @@ "aws_kms_jwt_signing_key_id": "ff275b92-0def-4dfc-b0f6-87c96b26c6c7", "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB", "core_public_url": "http://localhost:8088", - "optout_url": "http://localhost:8081" + "optout_url": "http://localhost:8081", + "s3_keys_metadata_path": "s3encryption_keys/metadata.json" } diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index 97c66249..d86306ee 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -31,5 +31,6 @@ "aws_kms_jwt_signing_key_id": "ff275b92-0def-4dfc-b0f6-87c96b26c6c7", "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB", "core_public_url": "http://core:8088", - "optout_url": "http://optout:8081" + "optout_url": "http://optout:8081", + "s3_keys_metadata_path": "s3encryption_keys/metadata.json" } diff --git a/pom.xml b/pom.xml index edad2e0c..33219486 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-core - 2.15.78 + 2.15.79-alpha-30-SNAPSHOT UTF-8 @@ -24,7 +24,7 @@ com.uid2.core.vertx.CoreVerticle io.vertx.core.Launcher - 7.10.6 + 7.16.0 ${project.version} diff --git a/src/main/java/com/uid2/core/Main.java b/src/main/java/com/uid2/core/Main.java index 03795a9d..b40e1aed 100644 --- a/src/main/java/com/uid2/core/Main.java +++ b/src/main/java/com/uid2/core/Main.java @@ -14,6 +14,8 @@ import com.uid2.shared.attest.JwtService; import com.uid2.shared.auth.EnclaveIdentifierProvider; import com.uid2.shared.auth.RotatingOperatorKeyProvider; +import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.model.S3Key; import com.uid2.shared.cloud.CloudUtils; import com.uid2.shared.cloud.EmbeddedResourceStorage; import com.uid2.shared.cloud.ICloudStorage; @@ -104,6 +106,7 @@ public static void main(String[] args) { RotatingStoreVerticle enclaveRotatingVerticle = null; RotatingStoreVerticle operatorRotatingVerticle = null; + RotatingStoreVerticle s3KeyRotatingVerticle = null; CoreVerticle coreVerticle = null; try { CloudPath operatorMetadataPath = new CloudPath(config.getString(Const.Config.OperatorsMetadataPathProp)); @@ -115,6 +118,11 @@ public static void main(String[] args) { EnclaveIdentifierProvider enclaveIdProvider = new EnclaveIdentifierProvider(cloudStorage, enclaveMetadataPath); enclaveRotatingVerticle = new RotatingStoreVerticle("enclaves", 60000, enclaveIdProvider); + CloudPath s3KeyMetadataPath = new CloudPath(config.getString(Const.Config.S3keysMetadataPathProp)); + GlobalScope s3KeyScope = new GlobalScope(s3KeyMetadataPath); + RotatingS3KeyProvider s3KeyProvider = new RotatingS3KeyProvider(cloudStorage, s3KeyScope); + s3KeyRotatingVerticle = new RotatingStoreVerticle("s3encryption_keys", 60000, s3KeyProvider); + String corePublicUrl = ConfigStore.Global.get(Const.Config.CorePublicUrlProp); AttestationService attestationService = new AttestationService() .with("trusted", new TrustedCoreAttestationService()) @@ -157,6 +165,7 @@ public static void main(String[] args) { vertx.deployVerticle(enclaveRotatingVerticle); vertx.deployVerticle(operatorRotatingVerticle); + vertx.deployVerticle(s3KeyRotatingVerticle); vertx.deployVerticle(coreVerticle); }); } diff --git a/src/main/resources/com.uid2.core/test/s3encryption_keys/metadata.json b/src/main/resources/com.uid2.core/test/s3encryption_keys/metadata.json new file mode 100644 index 00000000..4a667ec4 --- /dev/null +++ b/src/main/resources/com.uid2.core/test/s3encryption_keys/metadata.json @@ -0,0 +1,7 @@ +{ + "version": 1, + "generated": 1620253519, + "s3encryption_keys": { + "location": "/com.uid2.core/test/s3encryption_keys/s3encryption_keys.json" + } +} \ No newline at end of file diff --git a/src/main/resources/com.uid2.core/test/s3encryption_keys/s3encryption_keys.json b/src/main/resources/com.uid2.core/test/s3encryption_keys/s3encryption_keys.json new file mode 100644 index 00000000..b875d679 --- /dev/null +++ b/src/main/resources/com.uid2.core/test/s3encryption_keys/s3encryption_keys.json @@ -0,0 +1,73 @@ +[ { + "id" : 1, + "siteId" : 999, + "activates" : 1720641670, + "created" : 1720641670, + "secret" : "mydrCudb2PZOm01Qn0SpthltmexHUAA11Hy1m+uxjVw=" +}, { + "id" : 2, + "siteId" : 999, + "activates" : 1720728070, + "created" : 1720641670, + "secret" : "FtdslrFSsvVXOuhOWGwEI+0QTkCvM8SGZAP3k2u3PgY=" +}, { + "id" : 3, + "siteId" : 999, + "activates" : 1720814470, + "created" : 1720641670, + "secret" : "/7zO6QbKrhZKIV36G+cU9UR4hZUVg5bD+KjbczICjHw=" +}, { + "id" : 4, + "siteId" : 123, + "activates" : 1720641671, + "created" : 1720641671, + "secret" : "XjiqRlWQQJGLr7xfV1qbueKwyzt881GVohuUkQt/ht4=" +}, { + "id" : 5, + "siteId" : 123, + "activates" : 1720728071, + "created" : 1720641671, + "secret" : "QmpIf5NzO+UROjl5XjB/BmF6paefM8n6ub9B2plC9aI=" +}, { + "id" : 6, + "siteId" : 123, + "activates" : 1720814471, + "created" : 1720641671, + "secret" : "40w9UMSYxGm+KldOWOXhBGI8QgjvUUQjivtkP4VpKV8=" +}, { + "id" : 7, + "siteId" : 124, + "activates" : 1720641671, + "created" : 1720641671, + "secret" : "QdwD0kQV1BwmLRD0PH1YpqgaOrgpVTfu08o98mSZ6uE=" +}, { + "id" : 8, + "siteId" : 124, + "activates" : 1720728071, + "created" : 1720641671, + "secret" : "yCVCM/HLf9/6k+aUNrx7w17VbyfSzI8JykLQLSR+CW0=" +}, { + "id" : 9, + "siteId" : 124, + "activates" : 1720814471, + "created" : 1720641671, + "secret" : "JqHl8BrTyx9XpR2lYj/5xvUpzgnibGeomETTwF4rn1U=" +}, { + "id" : 10, + "siteId" : 127, + "activates" : 1720641671, + "created" : 1720641671, + "secret" : "JqiG1b34AvrdO3Aj6cCcjOBJMijrDzTmrR+p9ZtP2es=" +}, { + "id" : 11, + "siteId" : 127, + "activates" : 1720728072, + "created" : 1720641672, + "secret" : "lp1CyHdfc7K0aO5JGpA+Ve5Z/V5LImtGEQwCg/YB0kY=" +}, { + "id" : 12, + "siteId" : 127, + "activates" : 1720814472, + "created" : 1720641672, + "secret" : "G99rFYJF+dnSlk/xG6fuC3WNqQxTLJbDIdVyPMbGQ6s=" +} ] \ No newline at end of file