Merge pull request #313 from IABTechLab/wzh-uid2-3575-encrypted-scoped-store-reader-change-without-knowing-siteId

Wzh uid2 3575 encrypted scoped store reader change without knowing site

Author: cody-constine-ttd

src/main/java/com/uid2/shared/Const.java

@@ -75,6 +75,7 @@ public static class Config {
         public static final String EnforceJwtProp = "enforceJwt";
         public static final String MaaServerBaseUrlProp = "maa_server_base_url";
         public static final String SaltsExpiredShutdownHours = "salts_expired_shutdown_hours";
+        public static final String encryptionSupportVersion = "encryption_support_version";
     }
 
     public static class Http {

src/main/java/com/uid2/shared/store/EncryptedScopedStoreReader.java

@@ -23,12 +23,10 @@
 public class EncryptedScopedStoreReader<T> extends ScopedStoreReader<T> {
     private static final Logger LOGGER = LoggerFactory.getLogger(EncryptedScopedStoreReader.class);
 
-    private final int siteId;
     private final RotatingS3KeyProvider s3KeyProvider;
 
-    public EncryptedScopedStoreReader(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, Parser<T> parser, String dataTypeName, RotatingS3KeyProvider s3KeyProvider) {
+    public EncryptedScopedStoreReader(DownloadCloudStorage fileStreamProvider, StoreScope scope, Parser<T> parser, String dataTypeName, RotatingS3KeyProvider s3KeyProvider) {
         super(fileStreamProvider, scope, parser, dataTypeName);
-        this.siteId = scope.getId();
         this.s3KeyProvider = s3KeyProvider;
     }
 
@@ -54,19 +52,17 @@ protected String getDecryptedContent(String encryptedContent) throws Exception {
         JsonObject json = new JsonObject(encryptedContent);
         int keyId = json.getInteger("key_id");
         String encryptedPayload = json.getString("encrypted_payload");
-
         Map<Integer, S3Key> s3Keys = s3KeyProvider.getAll();
         S3Key decryptionKey = null;
-
         for (S3Key key : s3Keys.values()) {
-            if (key.getSiteId() == siteId && key.getId() == keyId) {
+            if (key.getId() == keyId) {
                 decryptionKey = key;
                 break;
             }
         }
 
         if (decryptionKey == null) {
-            throw new IllegalStateException("No matching S3 key found for decryption for site ID: " + siteId + " and key ID: " + keyId);
+            throw new IllegalStateException("No matching S3 key found for decryption for key ID: " + keyId);
         }
 
         byte[] secret = Base64.getDecoder().decode(decryptionKey.getSecret());

src/main/java/com/uid2/shared/store/reader/RotatingClientKeyProvider.java

@@ -5,9 +5,11 @@
 import com.uid2.shared.auth.IAuthorizable;
 import com.uid2.shared.cloud.DownloadCloudStorage;
 import com.uid2.shared.store.CloudPath;
+import com.uid2.shared.store.EncryptedScopedStoreReader;
 import com.uid2.shared.store.IClientKeyProvider;
 import com.uid2.shared.store.ScopedStoreReader;
 import com.uid2.shared.store.parser.ClientParser;
+import com.uid2.shared.store.scope.EncryptedScope;
 import com.uid2.shared.store.scope.StoreScope;
 import io.vertx.core.json.JsonObject;
 
@@ -47,6 +49,11 @@ public RotatingClientKeyProvider(DownloadCloudStorage fileStreamProvider, StoreS
         this.authorizableStore = new AuthorizableStore<>(ClientKey.class);
     }
 
+    public RotatingClientKeyProvider(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingS3KeyProvider s3KeyProvider) {
+        this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new ClientParser(), "auth keys", s3KeyProvider);
+        this.authorizableStore = new AuthorizableStore<>(ClientKey.class);
+    }
+
     @Override
     public JsonObject getMetadata() throws Exception {
         return reader.getMetadata();

src/main/java/com/uid2/shared/store/reader/RotatingKeysetKeyStore.java

@@ -22,7 +22,7 @@ public RotatingKeysetKeyStore(DownloadCloudStorage fileStreamProvider, StoreScop
         this.reader = new ScopedStoreReader<>(fileStreamProvider, scope, new KeysetKeyParser(), "keyset_keys");
     }
 
-    public RotatingKeysetKeyStore(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingS3KeyProvider s3KeyProvider) {
+    public RotatingKeysetKeyStore(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingS3KeyProvider s3KeyProvider) {
         this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new KeysetKeyParser(), "keyset_keys", s3KeyProvider);
     }
 

src/main/java/com/uid2/shared/store/reader/RotatingKeysetProvider.java

@@ -21,7 +21,7 @@ public RotatingKeysetProvider(DownloadCloudStorage fileStreamProvider, StoreScop
         this.reader = new ScopedStoreReader<>(fileStreamProvider, scope, new KeysetParser(), "keysets");
     }
 
-    public RotatingKeysetProvider(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingS3KeyProvider s3KeyProvider) {
+    public RotatingKeysetProvider(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingS3KeyProvider s3KeyProvider) {
         this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider,scope,new KeysetParser(),"keysets",s3KeyProvider);
     }
 

src/main/java/com/uid2/shared/store/reader/RotatingS3KeyProvider.java

@@ -7,6 +7,7 @@
 import com.uid2.shared.store.scope.StoreScope;
 import com.uid2.shared.model.S3Key;
 import io.vertx.core.json.JsonObject;
+
 import java.util.Set;
 import java.util.HashSet;
 import java.util.Map;
@@ -16,8 +17,10 @@
 import java.util.Collection;
 import java.util.Comparator;
 import java.util.stream.Collectors;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+
 import java.time.Instant;
 
 public class RotatingS3KeyProvider implements StoreReader<Map<Integer, S3Key>> {
@@ -62,9 +65,9 @@ public void updateSiteToKeysMapping() {
         Map<Integer, S3Key> allKeys = getAll();
         siteToKeysMap.clear();
         allKeys.values().forEach(key ->
-                        this.siteToKeysMap
-                                .computeIfAbsent(key.getSiteId(), k -> new ArrayList<>())
-                                .add(key)
+                this.siteToKeysMap
+                        .computeIfAbsent(key.getSiteId(), k -> new ArrayList<>())
+                        .add(key)
         );
         LOGGER.info("Updated site-to-keys mapping for {} sites", siteToKeysMap.size());
     }
@@ -90,15 +93,15 @@ public List<S3Key> getKeys(int siteId) {
     public Collection<S3Key> getKeysForSite(Integer siteId) {
         Map<Integer, S3Key> allKeys = getAll();
         return allKeys.values().stream()
-                .filter(key -> key.getSiteId()==(siteId))
+                .filter(key -> key.getSiteId() == (siteId))
                 .collect(Collectors.toList());
     }
 
-     public S3Key getEncryptionKeyForSite(Integer siteId) {
+    public S3Key getEncryptionKeyForSite(Integer siteId) {
         //get the youngest activated key
         Collection<S3Key> keys = getKeysForSite(siteId);
-         long now = Instant.now().getEpochSecond();
-         if (keys.isEmpty()) {
+        long now = Instant.now().getEpochSecond();
+        if (keys.isEmpty()) {
             throw new IllegalStateException("No S3 keys available for encryption for site ID: " + siteId);
         }
         return keys.stream()

src/main/java/com/uid2/shared/store/reader/RotatingSiteStore.java

@@ -23,7 +23,7 @@ public RotatingSiteStore(DownloadCloudStorage fileStreamProvider, StoreScope sco
         this.reader = new ScopedStoreReader<>(fileStreamProvider, scope, new SiteParser(), "sites");
     }
 
-    public RotatingSiteStore(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingS3KeyProvider s3KeyProvider) {
+    public RotatingSiteStore(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingS3KeyProvider s3KeyProvider) {
         this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new SiteParser(), "sites", s3KeyProvider);
     }