From 6b7789996a9aa7a8852cebccf21f1e2ab22bcdb5 Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Tue, 12 Nov 2024 16:05:38 -0700 Subject: [PATCH 1/6] Rename in admin --- conf/local-config.json | 2 +- conf/local-e2e-docker-config.json | 2 +- pom.xml | 2 +- src/main/java/com/uid2/admin/Main.java | 28 +- .../EncryptionJob/ClientKeyEncryptionJob.java | 2 +- .../EncryptionKeyEncryptionJob.java | 2 +- .../EncryptionJob/KeyAclEncryptionJob.java | 2 +- .../EncryptionJob/KeysetKeyEncryptionJob.java | 2 +- .../job/EncryptionJob/SiteEncryptionJob.java | 2 +- .../SiteKeysetEncryptionJob.java | 2 +- .../job/jobsync/EncryptedFilesSyncJob.java | 24 +- .../legacy/LegacyClientKeyStoreWriter.java | 6 +- .../RotatingLegacyClientKeyProvider.java | 6 +- ...er.java => CloudEncryptionKeyManager.java} | 71 ++- .../store/factory/ClientKeyStoreFactory.java | 26 +- .../store/factory/EncryptedStoreFactory.java | 8 +- .../factory/EncryptionKeyStoreFactory.java | 25 +- .../store/factory/KeyAclStoreFactory.java | 17 +- .../store/factory/KeysetKeyStoreFactory.java | 27 +- .../store/factory/KeysetStoreFactory.java | 21 +- .../admin/store/factory/SiteStoreFactory.java | 17 +- .../writer/CloudEncryptionKeyStoreWriter.java | 46 ++ .../writer/EncryptedScopedStoreWriter.java | 20 +- .../writer/EncryptionKeyStoreWriter.java | 6 +- .../admin/store/writer/KeyAclStoreWriter.java | 6 +- .../store/writer/KeysetKeyStoreWriter.java | 6 +- .../admin/store/writer/KeysetStoreWriter.java | 8 +- .../admin/store/writer/S3KeyStoreWriter.java | 45 -- .../admin/store/writer/SiteStoreWriter.java | 6 +- .../service/EncryptedFilesSyncService.java | 14 +- .../vertx/service/OperatorKeyService.java | 20 +- .../PrivateSiteDataRefreshService.java | 13 +- .../s3/core/s3encryption_keys/metadata.json | 4 +- .../job/sitesync/SiteEncryptionJobTest.java | 2 +- .../CloudEncryptionKeyManagerTest.java | 416 +++++++++++++++++ .../uid2/admin/managers/S3KeyManagerTest.java | 418 ------------------ .../store/MultiScopeStoreWriterTest.java | 29 +- ...=> CloudEncryptionKeyStoreWriterTest.java} | 38 +- .../EncryptedScopedStoreWriterTest.java | 36 +- .../admin/vertx/OperatorKeyServiceTest.java | 30 +- 40 files changed, 698 insertions(+), 759 deletions(-) rename src/main/java/com/uid2/admin/managers/{S3KeyManager.java => CloudEncryptionKeyManager.java} (53%) create mode 100644 src/main/java/com/uid2/admin/store/writer/CloudEncryptionKeyStoreWriter.java delete mode 100644 src/main/java/com/uid2/admin/store/writer/S3KeyStoreWriter.java create mode 100644 src/test/java/com/uid2/admin/managers/CloudEncryptionKeyManagerTest.java delete mode 100644 src/test/java/com/uid2/admin/managers/S3KeyManagerTest.java rename src/test/java/com/uid2/admin/store/writer/{S3KeyStoreWriterTest.java => CloudEncryptionKeyStoreWriterTest.java} (52%) diff --git a/conf/local-config.json b/conf/local-config.json index c3864830..749223bb 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -18,7 +18,7 @@ "keysets_metadata_path": "keysets/metadata.json", "admin_keysets_metadata_path": "admin_keysets/metadata.json", "keyset_keys_metadata_path": "keyset_keys/metadata.json", - "s3_keys_metadata_path": "s3encryption_keys/metadata.json", + "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json", "aws_access_key_id": "no access key needed for test", "aws_secret_access_key": "no secret key needed for test", "client_side_keypair_public_prefix": "UID2-X-L-", diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index 685c8887..c0669a96 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -18,7 +18,7 @@ "keysets_metadata_path": "keysets/metadata.json", "admin_keysets_metadata_path": "admin_keysets/metadata.json", "keyset_keys_metadata_path": "keyset_keys/metadata.json", - "s3_keys_metadata_path": "s3encryption_keys/metadata.json", + "cloud_keys_metadata_path": "cloud_encryption_keys/metadata.json", "aws_access_key_id": "no access key needed for test", "aws_secret_access_key": "no secret key needed for test", "client_side_keypair_public_prefix": "UID2-X-L-", diff --git a/pom.xml b/pom.xml index 20a0a49a..7d6c3587 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 1.12.2 5.11.2 - 7.19.0 + 7.21.1-alpha-157-SNAPSHOT 0.5.10 ${project.version} diff --git a/src/main/java/com/uid2/admin/Main.java b/src/main/java/com/uid2/admin/Main.java index 1f5472f0..38fd2639 100644 --- a/src/main/java/com/uid2/admin/Main.java +++ b/src/main/java/com/uid2/admin/Main.java @@ -13,7 +13,7 @@ import com.uid2.admin.legacy.RotatingLegacyClientKeyProvider; import com.uid2.admin.managers.KeysetManager; import com.uid2.admin.monitoring.DataStoreMetrics; -import com.uid2.admin.managers.S3KeyManager; +import com.uid2.admin.managers.CloudEncryptionKeyManager; import com.uid2.admin.secret.*; import com.uid2.admin.store.*; import com.uid2.admin.store.reader.RotatingAdminKeysetStore; @@ -197,18 +197,18 @@ public void run() { operatorKeyProvider.loadContent(operatorKeyProvider.getMetadata()); OperatorKeyStoreWriter operatorKeyStoreWriter = new OperatorKeyStoreWriter(operatorKeyProvider, fileManager, jsonWriter, versionGenerator); - CloudPath s3KeyMetadataPath = new CloudPath(config.getString(Const.Config.S3keysMetadataPathProp)); - GlobalScope s3KeyGlobalScope = new GlobalScope(s3KeyMetadataPath); - RotatingS3KeyProvider s3KeyProvider = new RotatingS3KeyProvider(cloudStorage, s3KeyGlobalScope); - S3KeyStoreWriter s3KeyStoreWriter = new S3KeyStoreWriter(s3KeyProvider, fileManager, jsonWriter, versionGenerator, clock, s3KeyGlobalScope); + CloudPath cloudEncryptionKeyMetadataPath = new CloudPath(config.getString(Const.Config.CloudEncryptionKeysMetadataPathProp)); + GlobalScope cloudEncryptionKeyGlobalScope = new GlobalScope(cloudEncryptionKeyMetadataPath); + RotatingCloudEncryptionKeyProvider RotatingCloudEncryptionKeyProvider = new RotatingCloudEncryptionKeyProvider(cloudStorage, cloudEncryptionKeyGlobalScope); + CloudEncryptionKeyStoreWriter cloudEncryptionKeyStoreWriter = new CloudEncryptionKeyStoreWriter(RotatingCloudEncryptionKeyProvider, fileManager, jsonWriter, versionGenerator, clock, cloudEncryptionKeyGlobalScope); IKeyGenerator keyGenerator = new SecureKeyGenerator(); - S3KeyManager s3KeyManager = new S3KeyManager(s3KeyProvider, s3KeyStoreWriter,keyGenerator); + CloudEncryptionKeyManager cloudEncryptionKeyManager = new CloudEncryptionKeyManager(RotatingCloudEncryptionKeyProvider, cloudEncryptionKeyStoreWriter,keyGenerator); try { - s3KeyProvider.loadContent(); + RotatingCloudEncryptionKeyProvider.loadContent(); } catch (CloudStorageException e) { if (e.getMessage().contains("The specified key does not exist")) { - s3KeyStoreWriter.upload(new HashMap<>(), null); - s3KeyProvider.loadContent(); + cloudEncryptionKeyStoreWriter.upload(new HashMap<>(), null); + RotatingCloudEncryptionKeyProvider.loadContent(); } else { throw e; } @@ -255,11 +255,11 @@ public void run() { clientSideKeypairService, new ServiceService(auth, writeLock, serviceStoreWriter, serviceProvider, siteProvider, serviceLinkProvider), new ServiceLinkService(auth, writeLock, serviceLinkStoreWriter, serviceLinkProvider, serviceProvider, siteProvider), - new OperatorKeyService(config, auth, writeLock, operatorKeyStoreWriter, operatorKeyProvider, siteProvider, keyGenerator, keyHasher, s3KeyManager), + new OperatorKeyService(config, auth, writeLock, operatorKeyStoreWriter, operatorKeyProvider, siteProvider, keyGenerator, keyHasher, cloudEncryptionKeyManager), new SaltService(auth, writeLock, saltStoreWriter, saltProvider, saltRotation), new SiteService(auth, writeLock, siteStoreWriter, siteProvider, clientKeyProvider), new PartnerConfigService(auth, writeLock, partnerStoreWriter, partnerConfigProvider), - new PrivateSiteDataRefreshService(auth, jobDispatcher, writeLock, config, s3KeyProvider), + new PrivateSiteDataRefreshService(auth, jobDispatcher, writeLock, config, RotatingCloudEncryptionKeyProvider), new JobDispatcherService(auth, jobDispatcher), new SearchService(auth, clientKeyProvider, operatorKeyProvider) }; @@ -286,8 +286,8 @@ public void run() { } synchronized (writeLock) { - s3KeyManager.generateKeysForOperators(operatorKeyProvider.getAll(), config.getLong("s3_key_activates_in_seconds"), config.getInteger("s3_key_count_per_site")); - s3KeyProvider.loadContent(); + cloudEncryptionKeyManager.generateKeysForOperators(operatorKeyProvider.getAll(), config.getLong("cloud_encryption_key_activates_in_seconds"), config.getInteger("cloud_encryption_key_count_per_site")); + RotatingCloudEncryptionKeyProvider.loadContent(); } /* @@ -336,7 +336,7 @@ public void run() { CompletableFuture privateSiteDataSyncJobFuture = jobDispatcher.executeNextJob(); privateSiteDataSyncJobFuture.get(); - EncryptedFilesSyncJob encryptedFilesSyncJob = new EncryptedFilesSyncJob(config, writeLock,s3KeyProvider); + EncryptedFilesSyncJob encryptedFilesSyncJob = new EncryptedFilesSyncJob(config, writeLock,RotatingCloudEncryptionKeyProvider); jobDispatcher.enqueue(encryptedFilesSyncJob); CompletableFuture encryptedFilesSyncJobFuture = jobDispatcher.executeNextJob(); encryptedFilesSyncJobFuture.get(); diff --git a/src/main/java/com/uid2/admin/job/EncryptionJob/ClientKeyEncryptionJob.java b/src/main/java/com/uid2/admin/job/EncryptionJob/ClientKeyEncryptionJob.java index 7227acbe..9febe5f7 100644 --- a/src/main/java/com/uid2/admin/job/EncryptionJob/ClientKeyEncryptionJob.java +++ b/src/main/java/com/uid2/admin/job/EncryptionJob/ClientKeyEncryptionJob.java @@ -26,7 +26,7 @@ public ClientKeyEncryptionJob( @Override public String getId() { - return "s3-encryption-sync-clientKeys"; + return "cloud-encryption-sync-clientKeys"; } @Override diff --git a/src/main/java/com/uid2/admin/job/EncryptionJob/EncryptionKeyEncryptionJob.java b/src/main/java/com/uid2/admin/job/EncryptionJob/EncryptionKeyEncryptionJob.java index 4dbc03ca..f86f8dc4 100644 --- a/src/main/java/com/uid2/admin/job/EncryptionJob/EncryptionKeyEncryptionJob.java +++ b/src/main/java/com/uid2/admin/job/EncryptionJob/EncryptionKeyEncryptionJob.java @@ -40,7 +40,7 @@ public EncryptionKeyEncryptionJob( @Override public String getId() { - return "s3-encryption-sync-encryptionKeys"; + return "cloud-encryption-sync-encryptionKeys"; } @Override diff --git a/src/main/java/com/uid2/admin/job/EncryptionJob/KeyAclEncryptionJob.java b/src/main/java/com/uid2/admin/job/EncryptionJob/KeyAclEncryptionJob.java index d6e8b5cc..90b80591 100644 --- a/src/main/java/com/uid2/admin/job/EncryptionJob/KeyAclEncryptionJob.java +++ b/src/main/java/com/uid2/admin/job/EncryptionJob/KeyAclEncryptionJob.java @@ -27,7 +27,7 @@ public KeyAclEncryptionJob( @Override public String getId() { - return "s3-encryption-sync-keyAcls"; + return "cloud-encryption-sync-keyAcls"; } @Override diff --git a/src/main/java/com/uid2/admin/job/EncryptionJob/KeysetKeyEncryptionJob.java b/src/main/java/com/uid2/admin/job/EncryptionJob/KeysetKeyEncryptionJob.java index ec3b3bcc..626efffc 100644 --- a/src/main/java/com/uid2/admin/job/EncryptionJob/KeysetKeyEncryptionJob.java +++ b/src/main/java/com/uid2/admin/job/EncryptionJob/KeysetKeyEncryptionJob.java @@ -35,7 +35,7 @@ public KeysetKeyEncryptionJob(Collection globalOperators, @Override public String getId() { - return "s3-encryption-sync-keysetKeys"; + return "cloud-encryption-sync-keysetKeys"; } @Override diff --git a/src/main/java/com/uid2/admin/job/EncryptionJob/SiteEncryptionJob.java b/src/main/java/com/uid2/admin/job/EncryptionJob/SiteEncryptionJob.java index ff137387..ba5d5a16 100644 --- a/src/main/java/com/uid2/admin/job/EncryptionJob/SiteEncryptionJob.java +++ b/src/main/java/com/uid2/admin/job/EncryptionJob/SiteEncryptionJob.java @@ -25,7 +25,7 @@ public SiteEncryptionJob( @Override public String getId() { - return "s3-encryption-sync-sites"; + return "cloud-encryption-sync-sites"; } @Override diff --git a/src/main/java/com/uid2/admin/job/EncryptionJob/SiteKeysetEncryptionJob.java b/src/main/java/com/uid2/admin/job/EncryptionJob/SiteKeysetEncryptionJob.java index f4dba6fc..5c355fc9 100644 --- a/src/main/java/com/uid2/admin/job/EncryptionJob/SiteKeysetEncryptionJob.java +++ b/src/main/java/com/uid2/admin/job/EncryptionJob/SiteKeysetEncryptionJob.java @@ -28,7 +28,7 @@ public SiteKeysetEncryptionJob( @Override public String getId() { - return "s3-encryption-sync-keysets"; + return "cloud-encryption-sync-keysets"; } @Override diff --git a/src/main/java/com/uid2/admin/job/jobsync/EncryptedFilesSyncJob.java b/src/main/java/com/uid2/admin/job/jobsync/EncryptedFilesSyncJob.java index 09ccb8c9..14077ac3 100644 --- a/src/main/java/com/uid2/admin/job/jobsync/EncryptedFilesSyncJob.java +++ b/src/main/java/com/uid2/admin/job/jobsync/EncryptedFilesSyncJob.java @@ -2,7 +2,6 @@ import com.fasterxml.jackson.databind.ObjectWriter; import com.uid2.admin.job.EncryptionJob.*; -import com.uid2.admin.job.jobsync.acl.KeyAclSyncJob; import com.uid2.admin.job.EncryptionJob.ClientKeyEncryptionJob; import com.uid2.admin.job.model.Job; import com.uid2.admin.store.*; @@ -23,7 +22,8 @@ import com.uid2.shared.model.Site; import com.uid2.shared.store.CloudPath; import com.uid2.admin.legacy.LegacyClientKey; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.scope.GlobalScope; import io.vertx.core.json.JsonObject; @@ -34,12 +34,12 @@ public class EncryptedFilesSyncJob extends Job { private final JsonObject config; private final WriteLock writeLock; - private final RotatingS3KeyProvider s3KeyProvider; + private final RotatingCloudEncryptionKeyProvider RotatingCloudEncryptionKeyProvider; - public EncryptedFilesSyncJob(JsonObject config, WriteLock writeLock,RotatingS3KeyProvider s3KeyProvider) { + public EncryptedFilesSyncJob(JsonObject config, WriteLock writeLock, RotatingCloudEncryptionKeyProvider RotatingCloudEncryptionKeyProvider) { this.config = config; this.writeLock = writeLock; - this.s3KeyProvider = s3KeyProvider; + this.RotatingCloudEncryptionKeyProvider = RotatingCloudEncryptionKeyProvider; } @Override @@ -62,7 +62,7 @@ public void execute() throws Exception { jsonWriter, versionGenerator, clock, - s3KeyProvider, + RotatingCloudEncryptionKeyProvider, fileManager); ClientKeyStoreFactory clientKeyStoreFactory = new ClientKeyStoreFactory( @@ -71,7 +71,7 @@ public void execute() throws Exception { jsonWriter, versionGenerator, clock, - s3KeyProvider, + RotatingCloudEncryptionKeyProvider, fileManager); EncryptionKeyStoreFactory encryptionKeyStoreFactory = new EncryptionKeyStoreFactory( @@ -79,7 +79,7 @@ public void execute() throws Exception { new CloudPath(config.getString(Const.Config.KeysMetadataPathProp)), versionGenerator, clock, - s3KeyProvider, + RotatingCloudEncryptionKeyProvider, fileManager); KeyAclStoreFactory keyAclStoreFactory = new KeyAclStoreFactory( @@ -88,7 +88,7 @@ public void execute() throws Exception { jsonWriter, versionGenerator, clock, - s3KeyProvider, + RotatingCloudEncryptionKeyProvider, fileManager); KeysetStoreFactory keysetStoreFactory = new KeysetStoreFactory( @@ -98,7 +98,7 @@ public void execute() throws Exception { versionGenerator, clock, fileManager, - s3KeyProvider, + RotatingCloudEncryptionKeyProvider, config.getBoolean(enableKeysetConfigProp)); KeysetKeyStoreFactory keysetKeyStoreFactory = new KeysetKeyStoreFactory( @@ -107,7 +107,7 @@ public void execute() throws Exception { versionGenerator, clock, fileManager, - s3KeyProvider, + RotatingCloudEncryptionKeyProvider, config.getBoolean(enableKeysetConfigProp)); CloudPath operatorMetadataPath = new CloudPath(config.getString(Const.Config.OperatorsMetadataPathProp)); @@ -115,7 +115,7 @@ public void execute() throws Exception { RotatingOperatorKeyProvider operatorKeyProvider = new RotatingOperatorKeyProvider(cloudStorage, cloudStorage, operatorScope); synchronized (writeLock) { - s3KeyProvider.loadContent(); + RotatingCloudEncryptionKeyProvider.loadContent(); operatorKeyProvider.loadContent(operatorKeyProvider.getMetadata()); siteStoreFactory.getGlobalReader().loadContent(siteStoreFactory.getGlobalReader().getMetadata()); clientKeyStoreFactory.getGlobalReader().loadContent(); diff --git a/src/main/java/com/uid2/admin/legacy/LegacyClientKeyStoreWriter.java b/src/main/java/com/uid2/admin/legacy/LegacyClientKeyStoreWriter.java index 431841a7..b43f13ad 100644 --- a/src/main/java/com/uid2/admin/legacy/LegacyClientKeyStoreWriter.java +++ b/src/main/java/com/uid2/admin/legacy/LegacyClientKeyStoreWriter.java @@ -10,7 +10,7 @@ import com.uid2.admin.store.writer.EncryptedScopedStoreWriter; import com.uid2.admin.store.writer.ScopedStoreWriter; import com.uid2.admin.store.writer.StoreWriter; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; import io.vertx.core.json.JsonObject; @@ -33,11 +33,11 @@ public LegacyClientKeyStoreWriter(RotatingLegacyClientKeyProvider provider, VersionGenerator versionGenerator, Clock clock, EncryptedScope scope, - RotatingS3KeyProvider s3KeyProvider) { + RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { this.jsonWriter = jsonWriter; FileName dataFile = new FileName("clients", ".json"); String dataType = "client_keys"; - this.writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, s3KeyProvider, scope.getId()); + this.writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, cloudEncryptionKeyProvider, scope.getId()); } @Override diff --git a/src/main/java/com/uid2/admin/legacy/RotatingLegacyClientKeyProvider.java b/src/main/java/com/uid2/admin/legacy/RotatingLegacyClientKeyProvider.java index 72dc3e93..9d04b904 100644 --- a/src/main/java/com/uid2/admin/legacy/RotatingLegacyClientKeyProvider.java +++ b/src/main/java/com/uid2/admin/legacy/RotatingLegacyClientKeyProvider.java @@ -6,7 +6,7 @@ import com.uid2.shared.store.CloudPath; import com.uid2.shared.store.EncryptedScopedStoreReader; import com.uid2.shared.store.ScopedStoreReader; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.reader.StoreReader; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; @@ -48,8 +48,8 @@ public RotatingLegacyClientKeyProvider(DownloadCloudStorage fileStreamProvider, this.authorizableStore = new AuthorizableStore<>(LegacyClientKey.class); } - public RotatingLegacyClientKeyProvider(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingS3KeyProvider s3KeyProvider) { - this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new LegacyClientParser(), "auth keys", s3KeyProvider); + public RotatingLegacyClientKeyProvider(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { + this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new LegacyClientParser(), "auth keys", cloudEncryptionKeyProvider); this.authorizableStore = new AuthorizableStore<>(LegacyClientKey.class); } diff --git a/src/main/java/com/uid2/admin/managers/S3KeyManager.java b/src/main/java/com/uid2/admin/managers/CloudEncryptionKeyManager.java similarity index 53% rename from src/main/java/com/uid2/admin/managers/S3KeyManager.java rename to src/main/java/com/uid2/admin/managers/CloudEncryptionKeyManager.java index aaf911f3..d351f22f 100644 --- a/src/main/java/com/uid2/admin/managers/S3KeyManager.java +++ b/src/main/java/com/uid2/admin/managers/CloudEncryptionKeyManager.java @@ -1,11 +1,10 @@ package com.uid2.admin.managers; -import com.uid2.admin.store.writer.S3KeyStoreWriter; +import com.uid2.admin.store.writer.CloudEncryptionKeyStoreWriter; import com.uid2.shared.auth.OperatorKey; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.model.CloudEncryptionKey; import com.uid2.shared.secret.IKeyGenerator; -import com.uid2.shared.secret.SecureKeyGenerator; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.util.List; @@ -15,24 +14,24 @@ import java.time.Instant; import java.util.*; -public class S3KeyManager { +public class CloudEncryptionKeyManager { - private static final Logger LOGGER = LoggerFactory.getLogger(S3KeyManager.class); + private static final Logger LOGGER = LoggerFactory.getLogger(CloudEncryptionKeyManager.class); - private final RotatingS3KeyProvider s3KeyProvider; - private final S3KeyStoreWriter s3KeyStoreWriter; + private final RotatingCloudEncryptionKeyProvider RotatingCloudEncryptionKeyProvider; + private final CloudEncryptionKeyStoreWriter cloudEncryptionKeyStoreWriter; private final IKeyGenerator keyGenerator; - public S3KeyManager(RotatingS3KeyProvider s3KeyProvider, S3KeyStoreWriter s3KeyStoreWriter, IKeyGenerator keyGenerator) { - this.s3KeyProvider = s3KeyProvider; - this.s3KeyStoreWriter = s3KeyStoreWriter; + public CloudEncryptionKeyManager(RotatingCloudEncryptionKeyProvider RotatingCloudEncryptionKeyProvider, CloudEncryptionKeyStoreWriter cloudEncryptionKeyStoreWriter, IKeyGenerator keyGenerator) { + this.RotatingCloudEncryptionKeyProvider = RotatingCloudEncryptionKeyProvider; + this.cloudEncryptionKeyStoreWriter = cloudEncryptionKeyStoreWriter; this.keyGenerator = keyGenerator; } - S3Key generateS3Key(int siteId, long activates, long created) throws Exception { + CloudEncryptionKey generateCloudEncryptionKey(int siteId, long activates, long created) throws Exception { int newKeyId = getNextKeyId(); String secret = generateSecret(); - return new S3Key(newKeyId, siteId, activates, created, secret); + return new CloudEncryptionKey(newKeyId, siteId, activates, created, secret); } String generateSecret() throws Exception { @@ -40,51 +39,51 @@ String generateSecret() throws Exception { return keyGenerator.generateRandomKeyString(32); } - void addS3Key(S3Key s3Key) throws Exception { - Map s3Keys = new HashMap<>(s3KeyProvider.getAll()); - s3Keys.put(s3Key.getId(), s3Key); - s3KeyStoreWriter.upload(s3Keys, null); + void addCloudEncryptionKey(CloudEncryptionKey cloudEncryptionKey) throws Exception { + Map cloudEncryptionKeys = new HashMap<>(RotatingCloudEncryptionKeyProvider.getAll()); + cloudEncryptionKeys.put(cloudEncryptionKey.getId(), cloudEncryptionKey); + cloudEncryptionKeyStoreWriter.upload(cloudEncryptionKeys, null); } int getNextKeyId() { - Map s3Keys = s3KeyProvider.getAll(); - if (s3Keys == null || s3Keys.isEmpty()) { + Map cloudEncryptionKeys = RotatingCloudEncryptionKeyProvider.getAll(); + if (cloudEncryptionKeys == null || cloudEncryptionKeys.isEmpty()) { return 1; } - return s3Keys.keySet().stream().max(Integer::compareTo).orElse(0) + 1; + return cloudEncryptionKeys.keySet().stream().max(Integer::compareTo).orElse(0) + 1; } // Method to create and upload an S3 key that activates immediately for a specific site, for emergency rotation - public S3Key createAndAddImmediate3Key(int siteId) throws Exception { + public CloudEncryptionKey createAndAddImmediate3Key(int siteId) throws Exception { int newKeyId = getNextKeyId(); long created = Instant.now().getEpochSecond(); - S3Key newKey = new S3Key(newKeyId, siteId, created, created, generateSecret()); - addS3Key(newKey); + CloudEncryptionKey newKey = new CloudEncryptionKey(newKeyId, siteId, created, created, generateSecret()); + addCloudEncryptionKey(newKey); return newKey; } - public S3Key getS3KeyByKeyIdentifier(int keyIdentifier) { - return s3KeyProvider.getAll().get(keyIdentifier); + public CloudEncryptionKey getCloudEncryptionKeyByKeyIdentifier(int keyIdentifier) { + return RotatingCloudEncryptionKeyProvider.getAll().get(keyIdentifier); } - public Optional getS3KeyBySiteId(int siteId) { - return s3KeyProvider.getAll().values().stream() + public Optional getCloudEncryptionKeyBySiteId(int siteId) { + return RotatingCloudEncryptionKeyProvider.getAll().values().stream() .filter(key -> key.getSiteId() == siteId) .findFirst(); } - public List getAllS3KeysBySiteId(int siteId) { - return s3KeyProvider.getAll().values().stream() + public List getAllCloudEncryptionKeysBySiteId(int siteId) { + return RotatingCloudEncryptionKeyProvider.getAll().values().stream() .filter(key -> key.getSiteId() == siteId) .collect(Collectors.toList()); } - public Map getAllS3Keys() { - return s3KeyProvider.getAll(); + public Map getAllCloudEncryptionKeys() { + return RotatingCloudEncryptionKeyProvider.getAll(); } public boolean doesSiteHaveKeys(int siteId) { - Map allKeys = s3KeyProvider.getAll(); + Map allKeys = RotatingCloudEncryptionKeyProvider.getAll(); if (allKeys == null) { return false; } @@ -92,12 +91,12 @@ public boolean doesSiteHaveKeys(int siteId) { } int countKeysForSite(int siteId) { - Map allKeys = s3KeyProvider.getAll(); + Map allKeys = RotatingCloudEncryptionKeyProvider.getAll(); return (int) allKeys.values().stream().filter(key -> key.getSiteId() == siteId).count(); } public void generateKeysForOperators(Collection operatorKeys, long keyActivateInterval, int keyCountPerSite) throws Exception { - this.s3KeyProvider.loadContent(); + this.RotatingCloudEncryptionKeyProvider.loadContent(); if (operatorKeys == null || operatorKeys.isEmpty()) { throw new IllegalArgumentException("Operator keys collection must not be null or empty"); @@ -123,8 +122,8 @@ public void generateKeysForOperators(Collection operatorKeys, long for (int i = 0; i < keysToGenerate; i++) { long created = Instant.now().getEpochSecond(); long activated = created + (i * keyActivateInterval); - S3Key s3Key = generateS3Key(siteId, activated, created); - addS3Key(s3Key); + CloudEncryptionKey cloudEncryptionKey = generateCloudEncryptionKey(siteId, activated, created); + addCloudEncryptionKey(cloudEncryptionKey); } LOGGER.info("Generated " + keysToGenerate + " keys for site ID " + siteId); } else { diff --git a/src/main/java/com/uid2/admin/store/factory/ClientKeyStoreFactory.java b/src/main/java/com/uid2/admin/store/factory/ClientKeyStoreFactory.java index 0f4fd296..186a91ff 100644 --- a/src/main/java/com/uid2/admin/store/factory/ClientKeyStoreFactory.java +++ b/src/main/java/com/uid2/admin/store/factory/ClientKeyStoreFactory.java @@ -6,26 +6,16 @@ import com.uid2.admin.legacy.RotatingLegacyClientKeyProvider; import com.uid2.admin.store.Clock; import com.uid2.admin.store.FileManager; -import com.uid2.admin.store.FileName; import com.uid2.admin.store.version.VersionGenerator; -import com.uid2.admin.store.writer.ClientKeyStoreWriter; -import com.uid2.admin.store.writer.EncryptedScopedStoreWriter; -import com.uid2.admin.store.writer.KeysetStoreWriter; import com.uid2.admin.store.writer.StoreWriter; -import com.uid2.shared.auth.Keyset; import com.uid2.shared.cloud.ICloudStorage; -import com.uid2.shared.model.Site; import com.uid2.shared.store.CloudPath; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; -import com.uid2.shared.store.reader.RotatingSiteStore; -import com.uid2.shared.store.reader.StoreReader; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.GlobalScope; import com.uid2.shared.store.scope.SiteScope; -import com.uid2.shared.store.scope.StoreScope; import java.util.Collection; -import java.util.Map; public class ClientKeyStoreFactory implements EncryptedStoreFactory> { private final ICloudStorage fileStreamProvider; @@ -35,7 +25,7 @@ public class ClientKeyStoreFactory implements EncryptedStoreFactory extends StoreFactory { StoreWriter getEncryptedWriter(Integer siteId, boolean isPublic); StoreReader getEncryptedReader (Integer siteId, boolean isPublic); - RotatingS3KeyProvider getS3Provider(); + RotatingCloudEncryptionKeyProvider getCloudEncryptionProvider(); } \ No newline at end of file diff --git a/src/main/java/com/uid2/admin/store/factory/EncryptionKeyStoreFactory.java b/src/main/java/com/uid2/admin/store/factory/EncryptionKeyStoreFactory.java index 46d7170a..d22c4ae9 100644 --- a/src/main/java/com/uid2/admin/store/factory/EncryptionKeyStoreFactory.java +++ b/src/main/java/com/uid2/admin/store/factory/EncryptionKeyStoreFactory.java @@ -1,28 +1,19 @@ package com.uid2.admin.store.factory; -import com.fasterxml.jackson.databind.ObjectWriter; -import com.uid2.admin.legacy.RotatingLegacyClientKeyProvider; import com.uid2.admin.store.Clock; import com.uid2.admin.store.FileManager; -import com.uid2.admin.store.FileName; import com.uid2.admin.store.version.VersionGenerator; -import com.uid2.admin.store.writer.EncryptedScopedStoreWriter; import com.uid2.admin.store.writer.EncryptionKeyStoreWriter; -import com.uid2.admin.store.writer.KeysetStoreWriter; -import com.uid2.admin.store.writer.StoreWriter; -import com.uid2.shared.auth.Keyset; import com.uid2.shared.cloud.ICloudStorage; import com.uid2.shared.model.EncryptionKey; import com.uid2.shared.store.CloudPath; import com.uid2.shared.store.reader.RotatingKeyStore; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.GlobalScope; import com.uid2.shared.store.scope.SiteScope; -import com.uid2.shared.store.scope.StoreScope; import java.util.Collection; -import java.util.Map; public class EncryptionKeyStoreFactory implements EncryptedStoreFactory> { private final ICloudStorage fileStreamProvider; @@ -31,7 +22,7 @@ public class EncryptionKeyStoreFactory implements EncryptedStoreFactory> getReader(Integer siteId) { } public StoreReader> getEncryptedReader(Integer siteId, boolean isPublic) { - return new RotatingKeyAclProvider(fileStreamProvider, new EncryptedScope(rootMetadataPath, siteId,isPublic),s3KeyProvider); + return new RotatingKeyAclProvider(fileStreamProvider, new EncryptedScope(rootMetadataPath, siteId,isPublic), cloudEncryptionKeyProvider); } public StoreWriter> getWriter(Integer siteId) { return new KeyAclStoreWriter( @@ -83,12 +82,12 @@ public StoreWriter> getEncryptedWriter(Integer si versionGenerator, clock, new EncryptedScope(rootMetadataPath, siteId, isPublic), - s3KeyProvider + cloudEncryptionKeyProvider ); } - public RotatingS3KeyProvider getS3Provider() { - return this.s3KeyProvider; + public RotatingCloudEncryptionKeyProvider getCloudEncryptionProvider() { + return this.cloudEncryptionKeyProvider; } diff --git a/src/main/java/com/uid2/admin/store/factory/KeysetKeyStoreFactory.java b/src/main/java/com/uid2/admin/store/factory/KeysetKeyStoreFactory.java index 131257a1..7ec0e6eb 100644 --- a/src/main/java/com/uid2/admin/store/factory/KeysetKeyStoreFactory.java +++ b/src/main/java/com/uid2/admin/store/factory/KeysetKeyStoreFactory.java @@ -1,32 +1,21 @@ package com.uid2.admin.store.factory; -import com.fasterxml.jackson.databind.ObjectWriter; -import com.uid2.admin.legacy.RotatingLegacyClientKeyProvider; import com.uid2.admin.store.Clock; import com.uid2.admin.store.FileManager; -import com.uid2.admin.store.FileName; import com.uid2.admin.store.version.VersionGenerator; -import com.uid2.admin.store.writer.EncryptedScopedStoreWriter; import com.uid2.admin.store.writer.KeysetKeyStoreWriter; -import com.uid2.admin.store.writer.KeysetStoreWriter; import com.uid2.admin.store.writer.StoreWriter; -import com.uid2.shared.auth.Keyset; import com.uid2.shared.cloud.ICloudStorage; import com.uid2.shared.model.KeysetKey; -import com.uid2.shared.model.Site; import com.uid2.shared.store.CloudPath; import com.uid2.shared.store.reader.RotatingKeysetKeyStore; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; -import com.uid2.shared.store.reader.RotatingSiteStore; -import com.uid2.shared.store.reader.StoreReader; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.GlobalScope; import com.uid2.shared.store.scope.SiteScope; -import com.uid2.shared.store.scope.StoreScope; import java.util.Collection; -import java.util.Map; public class KeysetKeyStoreFactory implements EncryptedStoreFactory> { private final ICloudStorage fileStreamProvider; @@ -35,7 +24,7 @@ public class KeysetKeyStoreFactory implements EncryptedStoreFactory> getEncryptedWriter(Integer siteId, boo versionGenerator, clock, new EncryptedScope(rootMetadataPath, siteId, isPublic), - s3KeyProvider, + cloudEncryptionKeyProvider, enableKeyset ); } - public RotatingS3KeyProvider getS3Provider() { - return this.s3KeyProvider; + public RotatingCloudEncryptionKeyProvider getCloudEncryptionProvider() { + return this.cloudEncryptionKeyProvider; } public RotatingKeysetKeyStore getGlobalReader() { return globalReader; } diff --git a/src/main/java/com/uid2/admin/store/factory/KeysetStoreFactory.java b/src/main/java/com/uid2/admin/store/factory/KeysetStoreFactory.java index fb7e170f..2928b9d0 100644 --- a/src/main/java/com/uid2/admin/store/factory/KeysetStoreFactory.java +++ b/src/main/java/com/uid2/admin/store/factory/KeysetStoreFactory.java @@ -3,25 +3,18 @@ import com.fasterxml.jackson.databind.ObjectWriter; import com.uid2.admin.store.Clock; import com.uid2.admin.store.FileManager; -import com.uid2.admin.store.FileName; import com.uid2.admin.store.version.VersionGenerator; -import com.uid2.admin.store.writer.EncryptedScopedStoreWriter; -import com.uid2.admin.store.writer.KeysetKeyStoreWriter; import com.uid2.admin.store.writer.KeysetStoreWriter; import com.uid2.admin.store.writer.StoreWriter; import com.uid2.shared.auth.Keyset; import com.uid2.shared.cloud.ICloudStorage; -import com.uid2.shared.model.KeysetKey; -import com.uid2.shared.model.S3Key; import com.uid2.shared.store.CloudPath; import com.uid2.shared.store.reader.*; import com.uid2.shared.store.scope.GlobalScope; import com.uid2.shared.store.scope.SiteScope; -import com.uid2.shared.store.scope.StoreScope; import com.uid2.shared.store.scope.EncryptedScope; -import java.util.Collection; import java.util.Map; public class KeysetStoreFactory implements EncryptedStoreFactory> { @@ -33,7 +26,7 @@ public class KeysetStoreFactory implements EncryptedStoreFactory> getReader(Integer siteId) { } public StoreReader> getEncryptedReader(Integer siteId, boolean isPublic) { - return new RotatingKeysetProvider(fileStreamProvider, new EncryptedScope(rootMetadataPath, siteId,isPublic),s3KeyProvider); + return new RotatingKeysetProvider(fileStreamProvider, new EncryptedScope(rootMetadataPath, siteId,isPublic), cloudEncryptionKeyProvider); } @Override @@ -105,13 +98,13 @@ public StoreWriter> getEncryptedWriter(Integer siteId, bool versionGenerator, clock, new EncryptedScope(rootMetadataPath, siteId, isPublic), - s3KeyProvider, + cloudEncryptionKeyProvider, enableKeysets ); } - public RotatingS3KeyProvider getS3Provider() { - return this.s3KeyProvider; + public RotatingCloudEncryptionKeyProvider getCloudEncryptionProvider() { + return this.cloudEncryptionKeyProvider; } public RotatingKeysetProvider getGlobalReader() { return globalReader; } diff --git a/src/main/java/com/uid2/admin/store/factory/SiteStoreFactory.java b/src/main/java/com/uid2/admin/store/factory/SiteStoreFactory.java index c18ae7d9..62f0d786 100644 --- a/src/main/java/com/uid2/admin/store/factory/SiteStoreFactory.java +++ b/src/main/java/com/uid2/admin/store/factory/SiteStoreFactory.java @@ -9,13 +9,12 @@ import com.uid2.shared.cloud.ICloudStorage; import com.uid2.shared.model.Site; import com.uid2.shared.store.CloudPath; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.reader.RotatingSiteStore; import com.uid2.shared.store.reader.StoreReader; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.GlobalScope; import com.uid2.shared.store.scope.SiteScope; -import com.uid2.shared.store.scope.StoreScope; import java.util.Collection; @@ -28,7 +27,7 @@ public class SiteStoreFactory implements EncryptedStoreFactory> private final FileManager fileManager; private final RotatingSiteStore globalReader; private final SiteStoreWriter globalWriter; - private final RotatingS3KeyProvider s3KeyProvider; + private final RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider; public SiteStoreFactory( @@ -47,7 +46,7 @@ public SiteStoreFactory( ObjectWriter objectWriter, VersionGenerator versionGenerator, Clock clock, - RotatingS3KeyProvider s3KeyProvider, + RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider, FileManager fileManager) { this.fileStreamProvider = fileStreamProvider; this.rootMetadataPath = rootMetadataPath; @@ -55,7 +54,7 @@ public SiteStoreFactory( this.versionGenerator = versionGenerator; this.clock = clock; this.fileManager = fileManager; - this.s3KeyProvider = s3KeyProvider; + this.cloudEncryptionKeyProvider = cloudEncryptionKeyProvider; GlobalScope globalScope = new GlobalScope(rootMetadataPath); this.globalReader = new RotatingSiteStore(fileStreamProvider, globalScope); @@ -75,7 +74,7 @@ public StoreReader> getReader(Integer siteId) { } public StoreReader> getEncryptedReader(Integer siteId, boolean isPublic) { - return new RotatingSiteStore(fileStreamProvider, new EncryptedScope(rootMetadataPath, siteId,isPublic), s3KeyProvider); + return new RotatingSiteStore(fileStreamProvider, new EncryptedScope(rootMetadataPath, siteId,isPublic), cloudEncryptionKeyProvider); } @Override @@ -98,13 +97,13 @@ public StoreWriter> getEncryptedWriter(Integer siteId, boolean versionGenerator, clock, new EncryptedScope(rootMetadataPath, siteId, isPublic), - s3KeyProvider + cloudEncryptionKeyProvider ); } - public RotatingS3KeyProvider getS3Provider() { - return this.s3KeyProvider; + public RotatingCloudEncryptionKeyProvider getCloudEncryptionProvider() { + return this.cloudEncryptionKeyProvider; } diff --git a/src/main/java/com/uid2/admin/store/writer/CloudEncryptionKeyStoreWriter.java b/src/main/java/com/uid2/admin/store/writer/CloudEncryptionKeyStoreWriter.java new file mode 100644 index 00000000..3d80a2f3 --- /dev/null +++ b/src/main/java/com/uid2/admin/store/writer/CloudEncryptionKeyStoreWriter.java @@ -0,0 +1,46 @@ +package com.uid2.admin.store.writer; + +import com.fasterxml.jackson.databind.ObjectWriter; +import com.uid2.admin.store.Clock; +import com.uid2.admin.store.FileManager; +import com.uid2.admin.store.FileName; +import com.uid2.admin.store.version.VersionGenerator; +import com.uid2.shared.model.CloudEncryptionKey; +import com.uid2.shared.model.CloudEncryptionKey; +import com.uid2.shared.store.reader.StoreReader; +import com.uid2.shared.store.scope.StoreScope; +import io.vertx.core.json.JsonArray; +import io.vertx.core.json.JsonObject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.Map; + +public class CloudEncryptionKeyStoreWriter implements StoreWriter> { + + private final ScopedStoreWriter writer; + private final ObjectWriter jsonWriter; + private static final Logger LOGGER = LoggerFactory.getLogger(CloudEncryptionKeyStoreWriter.class); + + public CloudEncryptionKeyStoreWriter(StoreReader> provider, FileManager fileManager, + ObjectWriter jsonWriter, VersionGenerator versionGenerator, Clock clock, StoreScope scope) { + this.jsonWriter = jsonWriter; + FileName dataFile = new FileName("cloud_encryption_keys", ".json"); + String dataType = "cloud_encryption_keys"; + writer = new ScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType); + } + + @Override + public void upload(Map data, JsonObject extraMeta) throws Exception { + JsonArray jsonCloudEncryptionKeys = new JsonArray(); + for (Map.Entry cloudEncryptionKeyEntry : data.entrySet()) { + jsonCloudEncryptionKeys.add(cloudEncryptionKeyEntry.getValue()); + } + writer.upload(jsonCloudEncryptionKeys.encodePrettily(), extraMeta); + } + + @Override + public void rewriteMeta() throws Exception { + // Implement if necessary for rewriting metadata + } +} \ No newline at end of file diff --git a/src/main/java/com/uid2/admin/store/writer/EncryptedScopedStoreWriter.java b/src/main/java/com/uid2/admin/store/writer/EncryptedScopedStoreWriter.java index 76251b2e..c2718c1e 100644 --- a/src/main/java/com/uid2/admin/store/writer/EncryptedScopedStoreWriter.java +++ b/src/main/java/com/uid2/admin/store/writer/EncryptedScopedStoreWriter.java @@ -5,11 +5,11 @@ import com.uid2.admin.store.FileName; import com.uid2.admin.store.version.VersionGenerator; import com.uid2.shared.encryption.AesGcm; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.model.CloudEncryptionKey; import com.uid2.shared.store.reader.IMetadataVersionedStore; import com.uid2.shared.store.scope.StoreScope; import io.vertx.core.json.JsonObject; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -18,15 +18,15 @@ public class EncryptedScopedStoreWriter extends ScopedStoreWriter { - private final RotatingS3KeyProvider s3KeyProvider; + private final RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider; private Integer siteId; private static final Logger LOGGER = LoggerFactory.getLogger(EncryptedScopedStoreWriter.class); public EncryptedScopedStoreWriter(IMetadataVersionedStore provider, FileManager fileManager, VersionGenerator versionGenerator, Clock clock, - StoreScope scope, FileName dataFile, String dataType, RotatingS3KeyProvider s3KeyProvider, Integer siteId) { + StoreScope scope, FileName dataFile, String dataType, RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider, Integer siteId) { super(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType); - this.s3KeyProvider = s3KeyProvider; + this.cloudEncryptionKeyProvider = cloudEncryptionKeyProvider; //site id is passed in to look up S3 key to encrypt this.siteId = siteId; } @@ -36,21 +36,21 @@ public void upload(String data, JsonObject extraMeta) throws Exception { throw new IllegalStateException("Site ID is not set."); } - S3Key encryptionKey = null; + CloudEncryptionKey encryptionKey = null; try { - encryptionKey = s3KeyProvider.getEncryptionKeyForSite(siteId); + encryptionKey = cloudEncryptionKeyProvider.getEncryptionKeyForSite(siteId); } catch (IllegalStateException e) { - LOGGER.error("Error: No S3 keys available for encryption for site ID: {}", siteId, e); + LOGGER.error("Error: No Cloud Encryption keys available for encryption for site ID: {}", siteId, e); } if (encryptionKey != null) { uploadWithEncryptionKey(data, extraMeta, encryptionKey); } else { - throw new IllegalStateException("No S3 keys available for encryption for site ID: " + siteId); + throw new IllegalStateException("No Cloud Encryption keys available for encryption for site ID: " + siteId); } } - private void uploadWithEncryptionKey(String data, JsonObject extraMeta, S3Key encryptionKey) throws Exception { + private void uploadWithEncryptionKey(String data, JsonObject extraMeta, CloudEncryptionKey encryptionKey) throws Exception { byte[] secret = Base64.getDecoder().decode(encryptionKey.getSecret()); byte[] encryptedPayload = AesGcm.encrypt(data.getBytes(StandardCharsets.UTF_8), secret); JsonObject encryptedJson = new JsonObject() diff --git a/src/main/java/com/uid2/admin/store/writer/EncryptionKeyStoreWriter.java b/src/main/java/com/uid2/admin/store/writer/EncryptionKeyStoreWriter.java index 1e73a31c..787aa4b8 100644 --- a/src/main/java/com/uid2/admin/store/writer/EncryptionKeyStoreWriter.java +++ b/src/main/java/com/uid2/admin/store/writer/EncryptionKeyStoreWriter.java @@ -7,7 +7,7 @@ import com.uid2.admin.store.version.VersionGenerator; import com.uid2.shared.model.EncryptionKey; import com.uid2.shared.store.reader.RotatingKeyStore; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; import io.vertx.core.json.JsonArray; @@ -31,10 +31,10 @@ public EncryptionKeyStoreWriter(RotatingKeyStore provider, VersionGenerator versionGenerator, Clock clock, EncryptedScope scope, - RotatingS3KeyProvider s3KeyProvider) { + RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { FileName dataFile = new FileName("keys", ".json"); String dataType = "keys"; - this.writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, s3KeyProvider, scope.getId()); + this.writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, cloudEncryptionKeyProvider, scope.getId()); } @Override diff --git a/src/main/java/com/uid2/admin/store/writer/KeyAclStoreWriter.java b/src/main/java/com/uid2/admin/store/writer/KeyAclStoreWriter.java index d58429d1..15110818 100644 --- a/src/main/java/com/uid2/admin/store/writer/KeyAclStoreWriter.java +++ b/src/main/java/com/uid2/admin/store/writer/KeyAclStoreWriter.java @@ -6,7 +6,7 @@ import com.uid2.admin.store.FileName; import com.uid2.admin.store.version.VersionGenerator; import com.uid2.shared.auth.EncryptionKeyAcl; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.reader.StoreReader; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; @@ -32,10 +32,10 @@ public KeyAclStoreWriter(StoreReader> provider, VersionGenerator versionGenerator, Clock clock, EncryptedScope scope, - RotatingS3KeyProvider s3KeyProvider) { + RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { FileName dataFile = new FileName("keys_acl", ".json"); String dataType = "keys_acl"; - this.writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, s3KeyProvider, scope.getId()); + this.writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, cloudEncryptionKeyProvider, scope.getId()); } @Override diff --git a/src/main/java/com/uid2/admin/store/writer/KeysetKeyStoreWriter.java b/src/main/java/com/uid2/admin/store/writer/KeysetKeyStoreWriter.java index 4d967eea..6d4e1de0 100644 --- a/src/main/java/com/uid2/admin/store/writer/KeysetKeyStoreWriter.java +++ b/src/main/java/com/uid2/admin/store/writer/KeysetKeyStoreWriter.java @@ -7,7 +7,7 @@ import com.uid2.admin.store.version.VersionGenerator; import com.uid2.shared.model.KeysetKey; import com.uid2.shared.store.reader.RotatingKeysetKeyStore; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; import io.vertx.core.json.JsonArray; @@ -36,11 +36,11 @@ public KeysetKeyStoreWriter(RotatingKeysetKeyStore provider, VersionGenerator versionGenerator, Clock clock, EncryptedScope scope, - RotatingS3KeyProvider s3KeyProvider, + RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider, boolean enableKeysets) { FileName dataFile = new FileName("keyset_keys", ".json"); String dataType = "keyset_keys"; - this.writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, s3KeyProvider, scope.getId()); + this.writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, cloudEncryptionKeyProvider, scope.getId()); this.enableKeysets = enableKeysets; } diff --git a/src/main/java/com/uid2/admin/store/writer/KeysetStoreWriter.java b/src/main/java/com/uid2/admin/store/writer/KeysetStoreWriter.java index 0274a587..f5169a7b 100644 --- a/src/main/java/com/uid2/admin/store/writer/KeysetStoreWriter.java +++ b/src/main/java/com/uid2/admin/store/writer/KeysetStoreWriter.java @@ -8,8 +8,8 @@ import com.uid2.admin.store.FileName; import com.uid2.admin.store.version.VersionGenerator; import com.uid2.shared.auth.Keyset; -import com.uid2.shared.model.S3Key; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.model.CloudEncryptionKey; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.reader.StoreReader; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; @@ -39,11 +39,11 @@ public KeysetStoreWriter(StoreReader> provider, FileManager } public KeysetStoreWriter(StoreReader> provider, FileManager fileManager, ObjectWriter jsonWriter, VersionGenerator versionGenerator, Clock clock, EncryptedScope scope, - RotatingS3KeyProvider s3KeyProvider, boolean enableKeysets) { + RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider, boolean enableKeysets) { this.jsonWriter = jsonWriter; FileName dataFile = new FileName("keysets", ".json"); String dataType = "keysets"; - writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, s3KeyProvider, scope.getId()); + writer = new EncryptedScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType, cloudEncryptionKeyProvider, scope.getId()); this.enableKeysets = enableKeysets; } diff --git a/src/main/java/com/uid2/admin/store/writer/S3KeyStoreWriter.java b/src/main/java/com/uid2/admin/store/writer/S3KeyStoreWriter.java deleted file mode 100644 index e1f29c86..00000000 --- a/src/main/java/com/uid2/admin/store/writer/S3KeyStoreWriter.java +++ /dev/null @@ -1,45 +0,0 @@ -package com.uid2.admin.store.writer; - -import com.fasterxml.jackson.databind.ObjectWriter; -import com.uid2.admin.store.Clock; -import com.uid2.admin.store.FileManager; -import com.uid2.admin.store.FileName; -import com.uid2.admin.store.version.VersionGenerator; -import com.uid2.shared.model.S3Key; -import com.uid2.shared.store.reader.StoreReader; -import com.uid2.shared.store.scope.StoreScope; -import io.vertx.core.json.JsonArray; -import io.vertx.core.json.JsonObject; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.util.Map; - -public class S3KeyStoreWriter implements StoreWriter> { - - private final ScopedStoreWriter writer; - private final ObjectWriter jsonWriter; - private static final Logger LOGGER = LoggerFactory.getLogger(S3KeyStoreWriter.class); - - public S3KeyStoreWriter(StoreReader> provider, FileManager fileManager, - ObjectWriter jsonWriter, VersionGenerator versionGenerator, Clock clock, StoreScope scope) { - this.jsonWriter = jsonWriter; - FileName dataFile = new FileName("s3encryption_keys", ".json"); - String dataType = "s3encryption_keys"; - writer = new ScopedStoreWriter(provider, fileManager, versionGenerator, clock, scope, dataFile, dataType); - } - - @Override - public void upload(Map data, JsonObject extraMeta) throws Exception { - JsonArray jsonS3Keys = new JsonArray(); - for (Map.Entry s3KeyEntry : data.entrySet()) { - jsonS3Keys.add(s3KeyEntry.getValue()); - } - writer.upload(jsonS3Keys.encodePrettily(), extraMeta); - } - - @Override - public void rewriteMeta() throws Exception { - // Implement if necessary for rewriting metadata - } -} \ No newline at end of file diff --git a/src/main/java/com/uid2/admin/store/writer/SiteStoreWriter.java b/src/main/java/com/uid2/admin/store/writer/SiteStoreWriter.java index 68dd7f61..48b3c1a9 100644 --- a/src/main/java/com/uid2/admin/store/writer/SiteStoreWriter.java +++ b/src/main/java/com/uid2/admin/store/writer/SiteStoreWriter.java @@ -8,7 +8,7 @@ import com.uid2.admin.store.version.VersionGenerator; import com.uid2.shared.model.Site; import com.uid2.shared.store.reader.IMetadataVersionedStore; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; import io.vertx.core.json.JsonObject; @@ -32,11 +32,11 @@ public SiteStoreWriter(IMetadataVersionedStore reader, VersionGenerator versionGenerator, Clock clock, EncryptedScope scope, - RotatingS3KeyProvider s3KeyProvider) { + RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { this.jsonWriter = jsonWriter; FileName dataFile = new FileName("sites", ".json"); String dataType = "sites"; - this.writer = new EncryptedScopedStoreWriter(reader, fileManager, versionGenerator, clock, scope, dataFile, dataType, s3KeyProvider, scope.getId()); + this.writer = new EncryptedScopedStoreWriter(reader, fileManager, versionGenerator, clock, scope, dataFile, dataType, cloudEncryptionKeyProvider, scope.getId()); } public void upload(Collection data, JsonObject extraMeta) throws Exception { diff --git a/src/main/java/com/uid2/admin/vertx/service/EncryptedFilesSyncService.java b/src/main/java/com/uid2/admin/vertx/service/EncryptedFilesSyncService.java index 06ab36b9..e16d091b 100644 --- a/src/main/java/com/uid2/admin/vertx/service/EncryptedFilesSyncService.java +++ b/src/main/java/com/uid2/admin/vertx/service/EncryptedFilesSyncService.java @@ -3,11 +3,9 @@ import com.uid2.admin.auth.AdminAuthMiddleware; import com.uid2.admin.job.JobDispatcher; import com.uid2.admin.job.jobsync.EncryptedFilesSyncJob; -import com.uid2.admin.job.jobsync.PrivateSiteDataSyncJob; -import com.uid2.admin.job.jobsync.keyset.ReplaceSharingTypesWithSitesJob; import com.uid2.admin.vertx.WriteLock; import com.uid2.shared.auth.Role; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import io.vertx.core.json.JsonObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -23,19 +21,19 @@ public class EncryptedFilesSyncService implements IService { private final JobDispatcher jobDispatcher; private final WriteLock writeLock; private final JsonObject config; - private final RotatingS3KeyProvider s3KeyProvider; + private final RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider; public EncryptedFilesSyncService( AdminAuthMiddleware auth, JobDispatcher jobDispatcher, WriteLock writeLock, JsonObject config, - RotatingS3KeyProvider s3KeyProvider) { + RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { this.auth = auth; this.jobDispatcher = jobDispatcher; this.writeLock = writeLock; this.config = config; - this.s3KeyProvider =s3KeyProvider; + this.cloudEncryptionKeyProvider =cloudEncryptionKeyProvider; } @Override @@ -54,7 +52,7 @@ public void setupRoutes(Router router) { private void handleEncryptedFileSync(RoutingContext rc) { try { - EncryptedFilesSyncJob encryptedFileSyncJob = new EncryptedFilesSyncJob(config, writeLock, s3KeyProvider); + EncryptedFilesSyncJob encryptedFileSyncJob = new EncryptedFilesSyncJob(config, writeLock, cloudEncryptionKeyProvider); jobDispatcher.enqueue(encryptedFileSyncJob); rc.response().end("OK"); @@ -64,7 +62,7 @@ private void handleEncryptedFileSync(RoutingContext rc) { } private void handleEncryptedFileSyncNow(RoutingContext rc) { try { - EncryptedFilesSyncJob encryptedFileSyncJob = new EncryptedFilesSyncJob(config, writeLock,s3KeyProvider); + EncryptedFilesSyncJob encryptedFileSyncJob = new EncryptedFilesSyncJob(config, writeLock, cloudEncryptionKeyProvider); jobDispatcher.enqueue(encryptedFileSyncJob); CompletableFuture encryptedFileSyncJobFuture = jobDispatcher.executeNextJob(); encryptedFileSyncJobFuture.get(); diff --git a/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java b/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java index 1d1351b7..4d7e6c75 100644 --- a/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java +++ b/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java @@ -3,7 +3,7 @@ import com.fasterxml.jackson.databind.ObjectWriter; import com.uid2.admin.auth.AdminAuthMiddleware; import com.uid2.admin.auth.RevealedKey; -import com.uid2.admin.managers.S3KeyManager; +import com.uid2.admin.managers.CloudEncryptionKeyManager; import com.uid2.shared.model.Site; import com.uid2.shared.secret.IKeyGenerator; import com.uid2.admin.store.writer.OperatorKeyStoreWriter; @@ -46,9 +46,9 @@ public class OperatorKeyService implements IService { private final IKeyGenerator keyGenerator; private final KeyHasher keyHasher; private final String operatorKeyPrefix; - private final S3KeyManager s3KeyManager; - private final long s3KeyActivatesInSeconds; - private final int s3KeyCountPerSite; + private final CloudEncryptionKeyManager cloudEncryptionKeyManager; + private final long cloudEncryptionKeyActivatesInSeconds; + private final int cloudEncryptionKeyCountPerSite; public OperatorKeyService(JsonObject config, AdminAuthMiddleware auth, @@ -58,7 +58,7 @@ public OperatorKeyService(JsonObject config, RotatingSiteStore siteProvider, IKeyGenerator keyGenerator, KeyHasher keyHasher, - S3KeyManager s3KeyManager) { + CloudEncryptionKeyManager cloudEncryptionKeyManager) { this.auth = auth; this.writeLock = writeLock; this.operatorKeyStoreWriter = operatorKeyStoreWriter; @@ -66,11 +66,11 @@ public OperatorKeyService(JsonObject config, this.siteProvider = siteProvider; this.keyGenerator = keyGenerator; this.keyHasher = keyHasher; - this.s3KeyManager = s3KeyManager; + this.cloudEncryptionKeyManager = cloudEncryptionKeyManager; this.operatorKeyPrefix = config.getString("operator_key_prefix"); - this.s3KeyActivatesInSeconds = config.getLong("s3_key_activates_in_seconds",0L); - this.s3KeyCountPerSite = config.getInteger("s3_key_count_per_site",0); + this.cloudEncryptionKeyActivatesInSeconds = config.getLong("cloud_encryption_key_activates_in_seconds",0L); + this.cloudEncryptionKeyCountPerSite = config.getInteger("cloud_encryption_key_count_per_site",0); } @Override @@ -274,7 +274,7 @@ private void handleOperatorAdd(RoutingContext rc) { // upload to storage operatorKeyStoreWriter.upload(operators); - s3KeyManager.generateKeysForOperators(Collections.singletonList(newOperator), s3KeyActivatesInSeconds, s3KeyCountPerSite); + cloudEncryptionKeyManager.generateKeysForOperators(Collections.singletonList(newOperator), cloudEncryptionKeyActivatesInSeconds, cloudEncryptionKeyCountPerSite); // respond with new key rc.response().end(JSON_WRITER.writeValueAsString(new RevealedKey<>(newOperator, key))); @@ -413,7 +413,7 @@ private void handleOperatorUpdate(RoutingContext rc) { operatorKeyStoreWriter.upload(operators); if (siteIdChanged) { - s3KeyManager.generateKeysForOperators(Collections.singletonList(existingOperator), s3KeyActivatesInSeconds, s3KeyCountPerSite); + cloudEncryptionKeyManager.generateKeysForOperators(Collections.singletonList(existingOperator), cloudEncryptionKeyActivatesInSeconds, cloudEncryptionKeyCountPerSite); } // return the updated client diff --git a/src/main/java/com/uid2/admin/vertx/service/PrivateSiteDataRefreshService.java b/src/main/java/com/uid2/admin/vertx/service/PrivateSiteDataRefreshService.java index a07d2916..d7e17e5a 100644 --- a/src/main/java/com/uid2/admin/vertx/service/PrivateSiteDataRefreshService.java +++ b/src/main/java/com/uid2/admin/vertx/service/PrivateSiteDataRefreshService.java @@ -7,7 +7,8 @@ import com.uid2.admin.job.jobsync.keyset.ReplaceSharingTypesWithSitesJob; import com.uid2.admin.vertx.WriteLock; import com.uid2.shared.auth.Role; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import io.vertx.core.json.JsonObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -23,19 +24,19 @@ public class PrivateSiteDataRefreshService implements IService { private final JobDispatcher jobDispatcher; private final WriteLock writeLock; private final JsonObject config; - private final RotatingS3KeyProvider s3KeyProvider; + private final RotatingCloudEncryptionKeyProvider RotatingCloudEncryptionKeyProvider; public PrivateSiteDataRefreshService( AdminAuthMiddleware auth, JobDispatcher jobDispatcher, WriteLock writeLock, JsonObject config, - RotatingS3KeyProvider s3KeyProvider) { + RotatingCloudEncryptionKeyProvider RotatingCloudEncryptionKeyProvider) { this.auth = auth; this.jobDispatcher = jobDispatcher; this.writeLock = writeLock; this.config = config; - this.s3KeyProvider = s3KeyProvider; + this.RotatingCloudEncryptionKeyProvider = RotatingCloudEncryptionKeyProvider; } @Override @@ -63,7 +64,7 @@ private void handlePrivateSiteDataGenerate(RoutingContext rc) { PrivateSiteDataSyncJob job = new PrivateSiteDataSyncJob(config, writeLock); jobDispatcher.enqueue(job); - EncryptedFilesSyncJob encryptedFileSyncJob = new EncryptedFilesSyncJob(config, writeLock, s3KeyProvider); + EncryptedFilesSyncJob encryptedFileSyncJob = new EncryptedFilesSyncJob(config, writeLock, RotatingCloudEncryptionKeyProvider); jobDispatcher.enqueue(encryptedFileSyncJob); rc.response().end("OK"); @@ -85,7 +86,7 @@ private void handlePrivateSiteDataGenerateNow(RoutingContext rc) { CompletableFuture privateSiteDataSyncJobFuture = jobDispatcher.executeNextJob(); privateSiteDataSyncJobFuture.get(); - EncryptedFilesSyncJob encryptedFileSyncJob = new EncryptedFilesSyncJob(config, writeLock,s3KeyProvider); + EncryptedFilesSyncJob encryptedFileSyncJob = new EncryptedFilesSyncJob(config, writeLock, RotatingCloudEncryptionKeyProvider); jobDispatcher.enqueue(encryptedFileSyncJob); CompletableFuture encryptedFileSyncJobFuture = jobDispatcher.executeNextJob(); encryptedFileSyncJobFuture.get(); diff --git a/src/main/resources/localstack/s3/core/s3encryption_keys/metadata.json b/src/main/resources/localstack/s3/core/s3encryption_keys/metadata.json index 81b6e309..f08145d8 100644 --- a/src/main/resources/localstack/s3/core/s3encryption_keys/metadata.json +++ b/src/main/resources/localstack/s3/core/s3encryption_keys/metadata.json @@ -1,6 +1,6 @@ { - "s3encryption_keys" : { - "location" : "s3encryption_keys/s3encryption_keys.json" + "cloud_encryption_keys" : { + "location" : "cloud_encryption_keys/cloud_encryption_keys.json" }, "version" : 1719254148893, "generated" : 1719254148 diff --git a/src/test/java/com/uid2/admin/job/sitesync/SiteEncryptionJobTest.java b/src/test/java/com/uid2/admin/job/sitesync/SiteEncryptionJobTest.java index e7dd6051..49fbbfd2 100644 --- a/src/test/java/com/uid2/admin/job/sitesync/SiteEncryptionJobTest.java +++ b/src/test/java/com/uid2/admin/job/sitesync/SiteEncryptionJobTest.java @@ -38,7 +38,7 @@ void setUp() { @Test void testGetId() { - assertEquals("s3-encryption-sync-sites", siteEncryptionJob.getId()); + assertEquals("cloud-encryption-sync-sites", siteEncryptionJob.getId()); } @Test diff --git a/src/test/java/com/uid2/admin/managers/CloudEncryptionKeyManagerTest.java b/src/test/java/com/uid2/admin/managers/CloudEncryptionKeyManagerTest.java new file mode 100644 index 00000000..405f5464 --- /dev/null +++ b/src/test/java/com/uid2/admin/managers/CloudEncryptionKeyManagerTest.java @@ -0,0 +1,416 @@ +package com.uid2.admin.managers; + +import com.uid2.admin.store.writer.CloudEncryptionKeyStoreWriter; +import com.uid2.shared.auth.OperatorKey; +import com.uid2.shared.model.CloudEncryptionKey; +import com.uid2.shared.secret.IKeyGenerator; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.ArgumentCaptor; + +import java.util.*; + +import static org.junit.jupiter.api.Assertions.*; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.*; + +class CloudEncryptionKeyManagerTest { + + private RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider; + private CloudEncryptionKeyStoreWriter cloudEncryptionKeyStoreWriter; + private IKeyGenerator keyGenerator; + private CloudEncryptionKeyManager cloudEncryptionKeyManager; + + @BeforeEach + void setUp() { + cloudEncryptionKeyProvider = mock(RotatingCloudEncryptionKeyProvider.class); + cloudEncryptionKeyStoreWriter = mock(CloudEncryptionKeyStoreWriter.class); + keyGenerator = mock(IKeyGenerator.class); + cloudEncryptionKeyManager = new CloudEncryptionKeyManager(cloudEncryptionKeyProvider, cloudEncryptionKeyStoreWriter,keyGenerator); + } + + @Test + void testGenerateCloudEncryptionKey() throws Exception { + when(keyGenerator.generateRandomKeyString(32)).thenReturn("randomKeyString"); + + CloudEncryptionKey cloudEncryptionKey = cloudEncryptionKeyManager.generateCloudEncryptionKey(1, 1000L, 2000L); + + assertNotNull(cloudEncryptionKey); + assertEquals(1, cloudEncryptionKey.getSiteId()); + assertEquals(1000L, cloudEncryptionKey.getActivates()); + assertEquals(2000L, cloudEncryptionKey.getCreated()); + assertEquals("randomKeyString", cloudEncryptionKey.getSecret()); + } + + @Test + void testAddCloudEncryptionKeyToEmpty() throws Exception { + CloudEncryptionKey cloudEncryptionKey = new CloudEncryptionKey(1, 1, 1000L, 2000L, "randomKeyString"); + + Map existingKeys = new HashMap<>(); + when(cloudEncryptionKeyProvider.getAll()).thenReturn(existingKeys); + + cloudEncryptionKeyManager.addCloudEncryptionKey( cloudEncryptionKey); + + ArgumentCaptor captor = ArgumentCaptor.forClass(Map.class); + verify(cloudEncryptionKeyStoreWriter).upload(captor.capture(), isNull()); + + Map capturedKeys = captor.getValue(); + assertEquals(1, capturedKeys.size()); + assertEquals( cloudEncryptionKey, capturedKeys.get(1)); + } + + @Test + void testAddCloudEncryptionKeyToExisting() throws Exception { + CloudEncryptionKey cloudEncryptionKey = new CloudEncryptionKey(3, 1, 1000L, 2000L, "randomKeyString"); + + Map existingKeys = new HashMap<>(); + CloudEncryptionKey existingKey1 = new CloudEncryptionKey(1, 1, 500L, 1500L, "existingSecret1"); + CloudEncryptionKey existingKey2 = new CloudEncryptionKey(2, 1, 600L, 1600L, "existingSecret2"); + existingKeys.put(1, existingKey1); + existingKeys.put(2, existingKey2); + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(existingKeys); + + cloudEncryptionKeyManager.addCloudEncryptionKey(cloudEncryptionKey); + + ArgumentCaptor captor = ArgumentCaptor.forClass(Map.class); + verify(cloudEncryptionKeyStoreWriter).upload(captor.capture(), isNull()); + + Map capturedKeys = captor.getValue(); + + assertEquals(3, capturedKeys.size()); + assertEquals(existingKey1, capturedKeys.get(1)); + assertEquals(existingKey2, capturedKeys.get(2)); + assertEquals(cloudEncryptionKey, capturedKeys.get(3)); + } + + @Test + void testGetNextKeyId() { + Map existingKeys = new HashMap<>(); + existingKeys.put(1, new CloudEncryptionKey(1, 1, 500L, 1500L, "existingSecret1")); + when(cloudEncryptionKeyProvider.getAll()).thenReturn(existingKeys); + + int nextKeyId = cloudEncryptionKeyManager.getNextKeyId(); + + assertEquals(2, nextKeyId); + } + + @Test + void testGetCloudEncryptionKey() { + CloudEncryptionKey cloudEncryptionKey = new CloudEncryptionKey(1, 1, 500L, 1500L, "existingSecret1"); + Map existingKeys = new HashMap<>(); + existingKeys.put(1, cloudEncryptionKey); + when(cloudEncryptionKeyProvider.getAll()).thenReturn(existingKeys); + + CloudEncryptionKey result = cloudEncryptionKeyManager.getCloudEncryptionKeyByKeyIdentifier(1); + + assertEquals(cloudEncryptionKey, result); + } + + @Test + void testGetAllCloudEncryptionKeys() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey existingKey1 = new CloudEncryptionKey(1, 1, 500L, 1500L, "existingSecret1"); + CloudEncryptionKey existingKey2 = new CloudEncryptionKey(2, 1, 600L, 1600L, "existingSecret2"); + existingKeys.put(1, existingKey1); + existingKeys.put(2, existingKey2); + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(existingKeys); + + Map result = cloudEncryptionKeyManager.getAllCloudEncryptionKeys(); + + assertEquals(existingKeys, result); + } + + @Test + void testAddCloudEncryptionKey() throws Exception { + CloudEncryptionKey cloudEncryptionKey = new CloudEncryptionKey(1, 1, 1000L, 2000L, "randomKeyString"); + + Map existingKeys = new HashMap<>(); + when(cloudEncryptionKeyProvider.getAll()).thenReturn(existingKeys); + + cloudEncryptionKeyManager.addCloudEncryptionKey(cloudEncryptionKey); + + ArgumentCaptor captor = ArgumentCaptor.forClass(Map.class); + verify(cloudEncryptionKeyStoreWriter).upload(captor.capture(), isNull()); + + Map capturedKeys = captor.getValue(); + assertEquals(1, capturedKeys.size()); + assertEquals(cloudEncryptionKey, capturedKeys.get(1)); + } + + @Test + void testGetCloudEncryptionKeyBySiteId() { + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 100, 0, 0, "secret1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 200, 0, 0, "secret2"); + Map keys = new HashMap<>(); + keys.put(1, key1); + keys.put(2, key2); + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(keys); + + Optional result = cloudEncryptionKeyManager.getCloudEncryptionKeyBySiteId(100); + assertTrue(result.isPresent()); + assertEquals(key1, result.get()); + } + + @Test + void testGetAllCloudEncryptionKeysBySiteId() { + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 100, 0, 0, "secret1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 100, 0, 0, "secret2"); + CloudEncryptionKey key3 = new CloudEncryptionKey(3, 200, 0, 0, "secret3"); + Map keys = new HashMap<>(); + keys.put(1, key1); + keys.put(2, key2); + keys.put(3, key3); + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(keys); + + List result = cloudEncryptionKeyManager.getAllCloudEncryptionKeysBySiteId(100); + assertEquals(2, result.size()); + assertTrue(result.contains(key1)); + assertTrue(result.contains(key2)); + } + + @Test + void testCreateAndAddImmediateCloudEncryptionKey() throws Exception { + when(cloudEncryptionKeyProvider.getAll()).thenReturn(new HashMap<>()); + when(keyGenerator.generateRandomKeyString(32)).thenReturn("generatedSecret"); + + CloudEncryptionKey newKey = cloudEncryptionKeyManager.createAndAddImmediate3Key(100); + + assertNotNull(newKey); + assertEquals(100, newKey.getSiteId()); + assertEquals("generatedSecret", newKey.getSecret()); + + verify(cloudEncryptionKeyStoreWriter, times(1)).upload(any(Map.class), eq(null)); + } + + @Test + public void testDoesSiteHaveKeys_SiteHasKeys() { + int siteId = 1; + CloudEncryptionKey cloudEncryptionKey = new CloudEncryptionKey(siteId, siteId, 0L, 0L, "key"); + Map allKeys = new HashMap<>(); + allKeys.put(1, cloudEncryptionKey); + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(allKeys); + + boolean result = cloudEncryptionKeyManager.doesSiteHaveKeys(siteId); + assertTrue(result); + } + @Test + public void testDoesSiteHaveKeys_SiteDoesNotHaveKeys() { + int siteId = 1; + Map allKeys = new HashMap<>(); + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(allKeys); + + boolean result = cloudEncryptionKeyManager.doesSiteHaveKeys(siteId); + assertFalse(result); + } + + @Test + public void testDoesSiteHaveKeys_AllKeysNull() { + int siteId = 1; + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(null); + + boolean result = cloudEncryptionKeyManager.doesSiteHaveKeys(siteId); + assertFalse(result); + } + + @Test + public void testDoesSiteHaveKeys_MultipleKeysDifferentSiteIds() { + CloudEncryptionKey cloudEncryptionKey1 = new CloudEncryptionKey(1, 1, 0L, 0L, "key1"); + CloudEncryptionKey cloudEncryptionKey2 = new CloudEncryptionKey(2, 2, 0L, 0L, "key2"); + Map allKeys = new HashMap<>(); + allKeys.put(1, cloudEncryptionKey1); + allKeys.put(2, cloudEncryptionKey2); + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(allKeys); + + assertTrue(cloudEncryptionKeyManager.doesSiteHaveKeys(1)); + assertTrue(cloudEncryptionKeyManager.doesSiteHaveKeys(2)); + assertFalse(cloudEncryptionKeyManager.doesSiteHaveKeys(3)); // Site ID 3 does not exist + } + + @Test + public void testDoesSiteHaveKeys_SameSiteIdMultipleKeys() { + int siteId = 1; + CloudEncryptionKey cloudEncryptionKey1 = new CloudEncryptionKey(siteId, siteId, 0L, 0L, "key1"); + CloudEncryptionKey cloudEncryptionKey2 = new CloudEncryptionKey(siteId, siteId, 0L, 0L, "key2"); + Map allKeys = new HashMap<>(); + allKeys.put(1, cloudEncryptionKey1); + allKeys.put(2, cloudEncryptionKey2); + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(allKeys); + + boolean result = cloudEncryptionKeyManager.doesSiteHaveKeys(siteId); + assertTrue(result); + } + + @Test + public void testDoesSiteHaveKeys_LargeNumberOfKeys() { + Map allKeys = new HashMap<>(); + for (int i = 1; i <= 1000; i++) { + CloudEncryptionKey cloudEncryptionKey = new CloudEncryptionKey(i, i, 0L, 0L, "key" + i); + allKeys.put(i, cloudEncryptionKey); + } + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(allKeys); + + for (int i = 1; i <= 1000; i++) { + assertTrue(cloudEncryptionKeyManager.doesSiteHaveKeys(i)); + } + assertFalse(cloudEncryptionKeyManager.doesSiteHaveKeys(1001)); // Site ID 1001 does not exist + } + + @Test + public void testDoesSiteHaveKeys_EmptyKeys() { + when(cloudEncryptionKeyProvider.getAll()).thenReturn(new HashMap<>()); + + assertFalse(cloudEncryptionKeyManager.doesSiteHaveKeys(1)); + } + + @Test + void testCountKeysForSite() { + Map testKeys = new HashMap<>(); + testKeys.put(1, new CloudEncryptionKey(1, 1, 1000L, 900L, "key1")); + testKeys.put(2, new CloudEncryptionKey(2, 1, 1100L, 1000L, "key2")); + testKeys.put(3, new CloudEncryptionKey(3, 2, 1200L, 1100L, "key3")); + testKeys.put(4, new CloudEncryptionKey(4, 1, 1300L, 1200L, "key4")); + + when(cloudEncryptionKeyProvider.getAll()).thenReturn(testKeys); + + int countForSite1 = cloudEncryptionKeyManager.countKeysForSite(1); + int countForSite2 = cloudEncryptionKeyManager.countKeysForSite(2); + int countForSite3 = cloudEncryptionKeyManager.countKeysForSite(3); + + assertEquals(3, countForSite1); + assertEquals(1, countForSite2); + assertEquals(0, countForSite3); + } + + @Test + void testGenerateKeysForOperators() throws Exception { + Collection operatorKeys = Arrays.asList( + createOperatorKey("hash1", 100), + createOperatorKey("hash2", 100), + createOperatorKey("hash3", 200) + ); + long keyActivateInterval = 3600; // 1 hour + int keyCountPerSite = 3; + + Map existingKeys = new HashMap<>(); + existingKeys.put(1, new CloudEncryptionKey(1, 100, 1000L, 900L, "existingKey1")); + when(cloudEncryptionKeyProvider.getAll()).thenReturn(existingKeys); + + when(keyGenerator.generateRandomKeyString(32)).thenReturn("generatedSecret"); + + cloudEncryptionKeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite); + + verify(cloudEncryptionKeyProvider, times(1)).loadContent(); + + ArgumentCaptor> mapCaptor = ArgumentCaptor.forClass(Map.class); + // 6 keys needed - 1 existed keys = 5 new keys + verify(cloudEncryptionKeyStoreWriter, times(5)).upload(mapCaptor.capture(), isNull()); + } + + @Test + void testGenerateKeysForOperators_NoNewKeysNeeded() throws Exception { + Collection operatorKeys = Collections.singletonList( + createOperatorKey("hash1", 100) + ); + long keyActivateInterval = 3600; + int keyCountPerSite = 3; + + Map existingKeys = new HashMap<>(); + existingKeys.put(1, new CloudEncryptionKey(1, 100, 1000L, 900L, "existingKey1")); + existingKeys.put(2, new CloudEncryptionKey(2, 100, 2000L, 1900L, "existingKey2")); + existingKeys.put(3, new CloudEncryptionKey(3, 100, 3000L, 2900L, "existingKey3")); + when(cloudEncryptionKeyProvider.getAll()).thenReturn(existingKeys); + + cloudEncryptionKeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite); + + verify(cloudEncryptionKeyStoreWriter, never()).upload(any(), any()); + } + + @Test + void testGenerateKeysForOperators_EmptyOperatorKeys() { + Collection operatorKeys = Collections.emptyList(); + long keyActivateInterval = 3600; + int keyCountPerSite = 3; + + assertThrows(IllegalArgumentException.class, () -> + cloudEncryptionKeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite) + ); + } + + @Test + void testGenerateKeysForOperators_InvalidKeyActivateInterval() { + Collection operatorKeys = Collections.singletonList( + createOperatorKey("hash1", 100) + ); + long keyActivateInterval = 0; + int keyCountPerSite = 3; + + assertThrows(IllegalArgumentException.class, () -> + cloudEncryptionKeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite) + ); + } + + @Test + void testGenerateKeysForOperators_InvalidKeyCountPerSite() { + Collection operatorKeys = Collections.singletonList( + createOperatorKey("hash1", 100) + ); + long keyActivateInterval = 3600; + int keyCountPerSite = 0; + + assertThrows(IllegalArgumentException.class, () -> + cloudEncryptionKeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite) + ); + } + + @Test + void testGenerateKeysForOperators_MultipleSitesWithVaryingExistingKeys() throws Exception { + Collection operatorKeys = Arrays.asList( + createOperatorKey("hash1", 100), + createOperatorKey("hash2", 200), + createOperatorKey("hash3", 300) + ); + long keyActivateInterval = 3600; + int keyCountPerSite = 3; + + Map existingKeys = new HashMap<>(); + existingKeys.put(1, new CloudEncryptionKey(1, 100, 1000L, 900L, "existingKey1")); + existingKeys.put(2, new CloudEncryptionKey(2, 200, 2000L, 1900L, "existingKey2")); + existingKeys.put(3, new CloudEncryptionKey(3, 200, 3000L, 2900L, "existingKey3")); + when(cloudEncryptionKeyProvider.getAll()).thenReturn(existingKeys); + + when(keyGenerator.generateRandomKeyString(32)).thenReturn("generatedSecret"); + + cloudEncryptionKeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite); + + ArgumentCaptor> mapCaptor = ArgumentCaptor.forClass(Map.class); + // 9 keys needed - 3 existed keys = 6 new keys + verify(cloudEncryptionKeyStoreWriter, times(6)).upload(mapCaptor.capture(), isNull()); + } + + private OperatorKey createOperatorKey(String keyHash, int siteId) { + return new OperatorKey( + keyHash, + "salt", + "name", + "contact", + "protocol", + System.currentTimeMillis(), + false, + siteId, + Collections.emptySet(), + null, + "keyId" + ); + } +} diff --git a/src/test/java/com/uid2/admin/managers/S3KeyManagerTest.java b/src/test/java/com/uid2/admin/managers/S3KeyManagerTest.java deleted file mode 100644 index 14ec0144..00000000 --- a/src/test/java/com/uid2/admin/managers/S3KeyManagerTest.java +++ /dev/null @@ -1,418 +0,0 @@ -package com.uid2.admin.managers; - -import ch.qos.logback.classic.Logger; -import com.uid2.admin.store.writer.S3KeyStoreWriter; -import com.uid2.shared.auth.OperatorKey; -import com.uid2.shared.model.S3Key; -import com.uid2.shared.secret.IKeyGenerator; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.mockito.ArgumentCaptor; - -import java.util.*; -import java.util.stream.Collectors; - -import static org.junit.jupiter.api.Assertions.*; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.*; - -class S3KeyManagerTest { - - private RotatingS3KeyProvider s3KeyProvider; - private S3KeyStoreWriter s3KeyStoreWriter; - private IKeyGenerator keyGenerator; - private S3KeyManager s3KeyManager; - - @BeforeEach - void setUp() { - s3KeyProvider = mock(RotatingS3KeyProvider.class); - s3KeyStoreWriter = mock(S3KeyStoreWriter.class); - keyGenerator = mock(IKeyGenerator.class); - s3KeyManager = new S3KeyManager(s3KeyProvider, s3KeyStoreWriter,keyGenerator); - } - - @Test - void testGenerateS3Key() throws Exception { - when(keyGenerator.generateRandomKeyString(32)).thenReturn("randomKeyString"); - - S3Key s3Key = s3KeyManager.generateS3Key(1, 1000L, 2000L); - - assertNotNull(s3Key); - assertEquals(1, s3Key.getSiteId()); - assertEquals(1000L, s3Key.getActivates()); - assertEquals(2000L, s3Key.getCreated()); - assertEquals("randomKeyString", s3Key.getSecret()); - } - - @Test - void testAddS3KeyToEmpty() throws Exception { - S3Key s3Key = new S3Key(1, 1, 1000L, 2000L, "randomKeyString"); - - Map existingKeys = new HashMap<>(); - when(s3KeyProvider.getAll()).thenReturn(existingKeys); - - s3KeyManager.addS3Key(s3Key); - - ArgumentCaptor captor = ArgumentCaptor.forClass(Map.class); - verify(s3KeyStoreWriter).upload(captor.capture(), isNull()); - - Map capturedKeys = captor.getValue(); - assertEquals(1, capturedKeys.size()); - assertEquals(s3Key, capturedKeys.get(1)); - } - - @Test - void testAddS3KeyToExisting() throws Exception { - S3Key s3Key = new S3Key(3, 1, 1000L, 2000L, "randomKeyString"); - - Map existingKeys = new HashMap<>(); - S3Key existingKey1 = new S3Key(1, 1, 500L, 1500L, "existingSecret1"); - S3Key existingKey2 = new S3Key(2, 1, 600L, 1600L, "existingSecret2"); - existingKeys.put(1, existingKey1); - existingKeys.put(2, existingKey2); - - when(s3KeyProvider.getAll()).thenReturn(existingKeys); - - s3KeyManager.addS3Key(s3Key); - - ArgumentCaptor captor = ArgumentCaptor.forClass(Map.class); - verify(s3KeyStoreWriter).upload(captor.capture(), isNull()); - - Map capturedKeys = captor.getValue(); - - assertEquals(3, capturedKeys.size()); - assertEquals(existingKey1, capturedKeys.get(1)); - assertEquals(existingKey2, capturedKeys.get(2)); - assertEquals(s3Key, capturedKeys.get(3)); - } - - @Test - void testGetNextKeyId() { - Map existingKeys = new HashMap<>(); - existingKeys.put(1, new S3Key(1, 1, 500L, 1500L, "existingSecret1")); - when(s3KeyProvider.getAll()).thenReturn(existingKeys); - - int nextKeyId = s3KeyManager.getNextKeyId(); - - assertEquals(2, nextKeyId); - } - - @Test - void testGetS3Key() { - S3Key s3Key = new S3Key(1, 1, 500L, 1500L, "existingSecret1"); - Map existingKeys = new HashMap<>(); - existingKeys.put(1, s3Key); - when(s3KeyProvider.getAll()).thenReturn(existingKeys); - - S3Key result = s3KeyManager.getS3KeyByKeyIdentifier(1); - - assertEquals(s3Key, result); - } - - @Test - void testGetAllS3Keys() { - Map existingKeys = new HashMap<>(); - S3Key existingKey1 = new S3Key(1, 1, 500L, 1500L, "existingSecret1"); - S3Key existingKey2 = new S3Key(2, 1, 600L, 1600L, "existingSecret2"); - existingKeys.put(1, existingKey1); - existingKeys.put(2, existingKey2); - - when(s3KeyProvider.getAll()).thenReturn(existingKeys); - - Map result = s3KeyManager.getAllS3Keys(); - - assertEquals(existingKeys, result); - } - - @Test - void testAddS3Key() throws Exception { - S3Key s3Key = new S3Key(1, 1, 1000L, 2000L, "randomKeyString"); - - Map existingKeys = new HashMap<>(); - when(s3KeyProvider.getAll()).thenReturn(existingKeys); - - s3KeyManager.addS3Key(s3Key); - - ArgumentCaptor captor = ArgumentCaptor.forClass(Map.class); - verify(s3KeyStoreWriter).upload(captor.capture(), isNull()); - - Map capturedKeys = captor.getValue(); - assertEquals(1, capturedKeys.size()); - assertEquals(s3Key, capturedKeys.get(1)); - } - - @Test - void testGetS3KeyBySiteId() { - S3Key key1 = new S3Key(1, 100, 0, 0, "secret1"); - S3Key key2 = new S3Key(2, 200, 0, 0, "secret2"); - Map keys = new HashMap<>(); - keys.put(1, key1); - keys.put(2, key2); - - when(s3KeyProvider.getAll()).thenReturn(keys); - - Optional result = s3KeyManager.getS3KeyBySiteId(100); - assertTrue(result.isPresent()); - assertEquals(key1, result.get()); - } - - @Test - void testGetAllS3KeysBySiteId() { - S3Key key1 = new S3Key(1, 100, 0, 0, "secret1"); - S3Key key2 = new S3Key(2, 100, 0, 0, "secret2"); - S3Key key3 = new S3Key(3, 200, 0, 0, "secret3"); - Map keys = new HashMap<>(); - keys.put(1, key1); - keys.put(2, key2); - keys.put(3, key3); - - when(s3KeyProvider.getAll()).thenReturn(keys); - - List result = s3KeyManager.getAllS3KeysBySiteId(100); - assertEquals(2, result.size()); - assertTrue(result.contains(key1)); - assertTrue(result.contains(key2)); - } - - @Test - void testCreateAndAddImmediateS3Key() throws Exception { - when(s3KeyProvider.getAll()).thenReturn(new HashMap<>()); - when(keyGenerator.generateRandomKeyString(32)).thenReturn("generatedSecret"); - - S3Key newKey = s3KeyManager.createAndAddImmediate3Key(100); - - assertNotNull(newKey); - assertEquals(100, newKey.getSiteId()); - assertEquals("generatedSecret", newKey.getSecret()); - - verify(s3KeyStoreWriter, times(1)).upload(any(Map.class), eq(null)); - } - - @Test - public void testDoesSiteHaveKeys_SiteHasKeys() { - int siteId = 1; - S3Key s3Key = new S3Key(siteId, siteId, 0L, 0L, "key"); - Map allKeys = new HashMap<>(); - allKeys.put(1, s3Key); - - when(s3KeyProvider.getAll()).thenReturn(allKeys); - - boolean result = s3KeyManager.doesSiteHaveKeys(siteId); - assertTrue(result); - } - @Test - public void testDoesSiteHaveKeys_SiteDoesNotHaveKeys() { - int siteId = 1; - Map allKeys = new HashMap<>(); - - when(s3KeyProvider.getAll()).thenReturn(allKeys); - - boolean result = s3KeyManager.doesSiteHaveKeys(siteId); - assertFalse(result); - } - - @Test - public void testDoesSiteHaveKeys_AllKeysNull() { - int siteId = 1; - - when(s3KeyProvider.getAll()).thenReturn(null); - - boolean result = s3KeyManager.doesSiteHaveKeys(siteId); - assertFalse(result); - } - - @Test - public void testDoesSiteHaveKeys_MultipleKeysDifferentSiteIds() { - S3Key s3Key1 = new S3Key(1, 1, 0L, 0L, "key1"); - S3Key s3Key2 = new S3Key(2, 2, 0L, 0L, "key2"); - Map allKeys = new HashMap<>(); - allKeys.put(1, s3Key1); - allKeys.put(2, s3Key2); - - when(s3KeyProvider.getAll()).thenReturn(allKeys); - - assertTrue(s3KeyManager.doesSiteHaveKeys(1)); - assertTrue(s3KeyManager.doesSiteHaveKeys(2)); - assertFalse(s3KeyManager.doesSiteHaveKeys(3)); // Site ID 3 does not exist - } - - @Test - public void testDoesSiteHaveKeys_SameSiteIdMultipleKeys() { - int siteId = 1; - S3Key s3Key1 = new S3Key(siteId, siteId, 0L, 0L, "key1"); - S3Key s3Key2 = new S3Key(siteId, siteId, 0L, 0L, "key2"); - Map allKeys = new HashMap<>(); - allKeys.put(1, s3Key1); - allKeys.put(2, s3Key2); - - when(s3KeyProvider.getAll()).thenReturn(allKeys); - - boolean result = s3KeyManager.doesSiteHaveKeys(siteId); - assertTrue(result); - } - - @Test - public void testDoesSiteHaveKeys_LargeNumberOfKeys() { - Map allKeys = new HashMap<>(); - for (int i = 1; i <= 1000; i++) { - S3Key s3Key = new S3Key(i, i, 0L, 0L, "key" + i); - allKeys.put(i, s3Key); - } - - when(s3KeyProvider.getAll()).thenReturn(allKeys); - - for (int i = 1; i <= 1000; i++) { - assertTrue(s3KeyManager.doesSiteHaveKeys(i)); - } - assertFalse(s3KeyManager.doesSiteHaveKeys(1001)); // Site ID 1001 does not exist - } - - @Test - public void testDoesSiteHaveKeys_EmptyKeys() { - when(s3KeyProvider.getAll()).thenReturn(new HashMap<>()); - - assertFalse(s3KeyManager.doesSiteHaveKeys(1)); - } - - @Test - void testCountKeysForSite() { - Map testKeys = new HashMap<>(); - testKeys.put(1, new S3Key(1, 1, 1000L, 900L, "key1")); - testKeys.put(2, new S3Key(2, 1, 1100L, 1000L, "key2")); - testKeys.put(3, new S3Key(3, 2, 1200L, 1100L, "key3")); - testKeys.put(4, new S3Key(4, 1, 1300L, 1200L, "key4")); - - when(s3KeyProvider.getAll()).thenReturn(testKeys); - - int countForSite1 = s3KeyManager.countKeysForSite(1); - int countForSite2 = s3KeyManager.countKeysForSite(2); - int countForSite3 = s3KeyManager.countKeysForSite(3); - - assertEquals(3, countForSite1); - assertEquals(1, countForSite2); - assertEquals(0, countForSite3); - } - - @Test - void testGenerateKeysForOperators() throws Exception { - Collection operatorKeys = Arrays.asList( - createOperatorKey("hash1", 100), - createOperatorKey("hash2", 100), - createOperatorKey("hash3", 200) - ); - long keyActivateInterval = 3600; // 1 hour - int keyCountPerSite = 3; - - Map existingKeys = new HashMap<>(); - existingKeys.put(1, new S3Key(1, 100, 1000L, 900L, "existingKey1")); - when(s3KeyProvider.getAll()).thenReturn(existingKeys); - - when(keyGenerator.generateRandomKeyString(32)).thenReturn("generatedSecret"); - - s3KeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite); - - verify(s3KeyProvider, times(1)).loadContent(); - - ArgumentCaptor> mapCaptor = ArgumentCaptor.forClass(Map.class); - // 6 keys needed - 1 existed keys = 5 new keys - verify(s3KeyStoreWriter, times(5)).upload(mapCaptor.capture(), isNull()); - } - - @Test - void testGenerateKeysForOperators_NoNewKeysNeeded() throws Exception { - Collection operatorKeys = Collections.singletonList( - createOperatorKey("hash1", 100) - ); - long keyActivateInterval = 3600; - int keyCountPerSite = 3; - - Map existingKeys = new HashMap<>(); - existingKeys.put(1, new S3Key(1, 100, 1000L, 900L, "existingKey1")); - existingKeys.put(2, new S3Key(2, 100, 2000L, 1900L, "existingKey2")); - existingKeys.put(3, new S3Key(3, 100, 3000L, 2900L, "existingKey3")); - when(s3KeyProvider.getAll()).thenReturn(existingKeys); - - s3KeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite); - - verify(s3KeyStoreWriter, never()).upload(any(), any()); - } - - @Test - void testGenerateKeysForOperators_EmptyOperatorKeys() { - Collection operatorKeys = Collections.emptyList(); - long keyActivateInterval = 3600; - int keyCountPerSite = 3; - - assertThrows(IllegalArgumentException.class, () -> - s3KeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite) - ); - } - - @Test - void testGenerateKeysForOperators_InvalidKeyActivateInterval() { - Collection operatorKeys = Collections.singletonList( - createOperatorKey("hash1", 100) - ); - long keyActivateInterval = 0; - int keyCountPerSite = 3; - - assertThrows(IllegalArgumentException.class, () -> - s3KeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite) - ); - } - - @Test - void testGenerateKeysForOperators_InvalidKeyCountPerSite() { - Collection operatorKeys = Collections.singletonList( - createOperatorKey("hash1", 100) - ); - long keyActivateInterval = 3600; - int keyCountPerSite = 0; - - assertThrows(IllegalArgumentException.class, () -> - s3KeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite) - ); - } - - @Test - void testGenerateKeysForOperators_MultipleSitesWithVaryingExistingKeys() throws Exception { - Collection operatorKeys = Arrays.asList( - createOperatorKey("hash1", 100), - createOperatorKey("hash2", 200), - createOperatorKey("hash3", 300) - ); - long keyActivateInterval = 3600; - int keyCountPerSite = 3; - - Map existingKeys = new HashMap<>(); - existingKeys.put(1, new S3Key(1, 100, 1000L, 900L, "existingKey1")); - existingKeys.put(2, new S3Key(2, 200, 2000L, 1900L, "existingKey2")); - existingKeys.put(3, new S3Key(3, 200, 3000L, 2900L, "existingKey3")); - when(s3KeyProvider.getAll()).thenReturn(existingKeys); - - when(keyGenerator.generateRandomKeyString(32)).thenReturn("generatedSecret"); - - s3KeyManager.generateKeysForOperators(operatorKeys, keyActivateInterval, keyCountPerSite); - - ArgumentCaptor> mapCaptor = ArgumentCaptor.forClass(Map.class); - // 9 keys needed - 3 existed keys = 6 new keys - verify(s3KeyStoreWriter, times(6)).upload(mapCaptor.capture(), isNull()); - } - - private OperatorKey createOperatorKey(String keyHash, int siteId) { - return new OperatorKey( - keyHash, - "salt", - "name", - "contact", - "protocol", - System.currentTimeMillis(), - false, - siteId, - Collections.emptySet(), - null, - "keyId" - ); - } -} diff --git a/src/test/java/com/uid2/admin/store/MultiScopeStoreWriterTest.java b/src/test/java/com/uid2/admin/store/MultiScopeStoreWriterTest.java index a27864a0..8f6adec9 100644 --- a/src/test/java/com/uid2/admin/store/MultiScopeStoreWriterTest.java +++ b/src/test/java/com/uid2/admin/store/MultiScopeStoreWriterTest.java @@ -11,10 +11,10 @@ import com.uid2.admin.vertx.JsonUtil; import com.uid2.shared.cloud.DownloadCloudStorage; import com.uid2.shared.cloud.InMemoryStorageMock; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.model.CloudEncryptionKey; import com.uid2.shared.model.Site; import com.uid2.shared.store.CloudPath; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.reader.StoreReader; import com.uid2.shared.store.scope.StoreScope; @@ -27,7 +27,6 @@ import java.util.*; import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.ArgumentMatchers.anyInt; import static org.mockito.Mockito.*; class MultiScopeStoreWriterTest { @@ -39,7 +38,7 @@ class MultiScopeStoreWriterTest { Integer scopedSiteId = 10; private SiteStoreFactory siteStoreFactory; @Mock - private RotatingS3KeyProvider s3KeyProvider; + private RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider; Site site = new Site(scopedSiteId, "site 1", true); private FileManager fileManager; @@ -51,7 +50,7 @@ void setUp() { Clock clock = new InstantClock(); VersionGenerator versionGenerator = new EpochVersionGenerator(clock); fileManager = new FileManager(cloudStorage, fileStorage); - s3KeyProvider = mock(RotatingS3KeyProvider.class); + cloudEncryptionKeyProvider = mock(RotatingCloudEncryptionKeyProvider.class); siteStoreFactory = new SiteStoreFactory( cloudStorage, globalSiteMetadataPath, @@ -200,11 +199,11 @@ void whenNotEqualReturnsFalse() { @Test public void uploadPrivateWithEncryption() throws Exception { - S3Key encryptionKey = new S3Key(1, 10, 1, 1, "mydrCudb2PZOm01Qn0SpthltmexHUAA11Hy1m+uxjVw="); - when(s3KeyProvider.getEncryptionKeyForSite(10)).thenReturn(encryptionKey); - Map allKeys = new HashMap<>(); + CloudEncryptionKey encryptionKey = new CloudEncryptionKey(1, 10, 1, 1, "mydrCudb2PZOm01Qn0SpthltmexHUAA11Hy1m+uxjVw="); + when(cloudEncryptionKeyProvider.getEncryptionKeyForSite(10)).thenReturn(encryptionKey); + Map allKeys = new HashMap<>(); allKeys.put(1, encryptionKey); - when(s3KeyProvider.getAll()).thenReturn(allKeys); + when(cloudEncryptionKeyProvider.getAll()).thenReturn(allKeys); SiteStoreFactory siteStoreFactory = new SiteStoreFactory( cloudStorage, @@ -212,7 +211,7 @@ public void uploadPrivateWithEncryption() throws Exception { objectWriter, new EpochVersionGenerator(new InstantClock()), new InstantClock(), - s3KeyProvider, + cloudEncryptionKeyProvider, fileManager ); @@ -237,11 +236,11 @@ public void uploadPrivateWithEncryption() throws Exception { @Test public void uploadPublicWithEncryption() throws Exception { - S3Key encryptionKey = new S3Key(1, 10, 1, 1, "mydrCudb2PZOm01Qn0SpthltmexHUAA11Hy1m+uxjVw="); - when(s3KeyProvider.getEncryptionKeyForSite(10)).thenReturn(encryptionKey); - Map allKeys = new HashMap<>(); + CloudEncryptionKey encryptionKey = new CloudEncryptionKey(1, 10, 1, 1, "mydrCudb2PZOm01Qn0SpthltmexHUAA11Hy1m+uxjVw="); + when(cloudEncryptionKeyProvider.getEncryptionKeyForSite(10)).thenReturn(encryptionKey); + Map allKeys = new HashMap<>(); allKeys.put(1, encryptionKey); - when(s3KeyProvider.getAll()).thenReturn(allKeys); + when(cloudEncryptionKeyProvider.getAll()).thenReturn(allKeys); SiteStoreFactory siteStoreFactory = new SiteStoreFactory( cloudStorage, @@ -249,7 +248,7 @@ public void uploadPublicWithEncryption() throws Exception { objectWriter, new EpochVersionGenerator(new InstantClock()), new InstantClock(), - s3KeyProvider, + cloudEncryptionKeyProvider, fileManager ); diff --git a/src/test/java/com/uid2/admin/store/writer/S3KeyStoreWriterTest.java b/src/test/java/com/uid2/admin/store/writer/CloudEncryptionKeyStoreWriterTest.java similarity index 52% rename from src/test/java/com/uid2/admin/store/writer/S3KeyStoreWriterTest.java rename to src/test/java/com/uid2/admin/store/writer/CloudEncryptionKeyStoreWriterTest.java index 1ff24571..1985b113 100644 --- a/src/test/java/com/uid2/admin/store/writer/S3KeyStoreWriterTest.java +++ b/src/test/java/com/uid2/admin/store/writer/CloudEncryptionKeyStoreWriterTest.java @@ -5,9 +5,9 @@ import com.uid2.admin.store.FileManager; import com.uid2.admin.store.version.VersionGenerator; import com.uid2.admin.store.writer.mocks.FileStorageMock; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.model.CloudEncryptionKey; import com.uid2.shared.cloud.InMemoryStorageMock; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.CloudPath; import com.uid2.shared.store.scope.GlobalScope; import io.vertx.core.json.JsonObject; @@ -20,23 +20,23 @@ import java.util.Map; -public class S3KeyStoreWriterTest { +public class CloudEncryptionKeyStoreWriterTest { private Clock clock; private VersionGenerator versionGenerator; - private RotatingS3KeyProvider globalStore; + private RotatingCloudEncryptionKeyProvider globalStore; private InMemoryStorageMock cloudStorage; private FileManager fileManager; - private S3KeyStoreWriter s3KeyStoreWriter; + private CloudEncryptionKeyStoreWriter cloudEncryptionKeyStoreWriter; - private final Map s3Keys = Map.of( - 1, new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"), - 2, new S3Key(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"), - 3, new S3Key(3, 456, 1687635529, 1687808329, "S3keySecretByteHere3") + private final Map cloudEncryptionKeys = Map.of( + 1, new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"), + 2, new CloudEncryptionKey(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"), + 3, new CloudEncryptionKey(3, 456, 1687635529, 1687808329, "S3keySecretByteHere3") ); - private final Map expected = Map.of( - 1, new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"), - 2, new S3Key(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"), - 3, new S3Key(3, 456, 1687635529, 1687808329, "S3keySecretByteHere3") + private final Map expected = Map.of( + 1, new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"), + 2, new CloudEncryptionKey(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"), + 3, new CloudEncryptionKey(3, 456, 1687635529, 1687808329, "S3keySecretByteHere3") ); private final String rootDir = "this-test-data-type"; @@ -50,20 +50,20 @@ void setUp() { cloudStorage = new InMemoryStorageMock(); FileStorageMock fileStorage = new FileStorageMock(cloudStorage); fileManager = new FileManager(cloudStorage, fileStorage); - globalStore = new RotatingS3KeyProvider(cloudStorage, globalScope); + globalStore = new RotatingCloudEncryptionKeyProvider(cloudStorage, globalScope); versionGenerator = mock(VersionGenerator.class); clock = mock(Clock.class); - s3KeyStoreWriter = new S3KeyStoreWriter(globalStore, fileManager, jsonWriter, versionGenerator, clock, globalScope); + cloudEncryptionKeyStoreWriter = new CloudEncryptionKeyStoreWriter(globalStore, fileManager, jsonWriter, versionGenerator, clock, globalScope); } @Test - void uploadsS3Keys() throws Exception { + void uploadsCloudEncryptionKeys() throws Exception { JsonObject extraMeta = new JsonObject(); - s3KeyStoreWriter.upload(s3Keys, extraMeta); + cloudEncryptionKeyStoreWriter.upload(cloudEncryptionKeys, extraMeta); - Map actualKeys = globalStore.getAll(); - assertThat(actualKeys).hasSize(s3Keys.size()); + Map actualKeys = globalStore.getAll(); + assertThat(actualKeys).hasSize(cloudEncryptionKeys.size()); assertThat(actualKeys).containsAllEntriesOf(expected); } } \ No newline at end of file diff --git a/src/test/java/com/uid2/admin/store/writer/EncryptedScopedStoreWriterTest.java b/src/test/java/com/uid2/admin/store/writer/EncryptedScopedStoreWriterTest.java index 93e10584..fe16d051 100644 --- a/src/test/java/com/uid2/admin/store/writer/EncryptedScopedStoreWriterTest.java +++ b/src/test/java/com/uid2/admin/store/writer/EncryptedScopedStoreWriterTest.java @@ -1,38 +1,24 @@ package com.uid2.admin.store.writer; import com.fasterxml.jackson.databind.ObjectWriter; -import com.google.common.collect.ImmutableList; import com.uid2.admin.store.Clock; import com.uid2.admin.store.FileManager; import com.uid2.admin.store.FileName; import com.uid2.admin.store.version.VersionGenerator; import com.uid2.admin.store.writer.mocks.FileStorageMock; import com.uid2.admin.vertx.JsonUtil; -import com.uid2.shared.cloud.DownloadCloudStorage; import com.uid2.shared.cloud.InMemoryStorageMock; -import com.uid2.shared.encryption.AesGcm; import com.uid2.shared.encryption.Random; -import com.uid2.shared.model.S3Key; -import com.uid2.shared.model.Site; +import com.uid2.shared.model.CloudEncryptionKey; import com.uid2.shared.store.CloudPath; import com.uid2.shared.store.scope.EncryptedScope; -import com.uid2.shared.store.ScopedStoreReader; import com.uid2.shared.store.reader.IMetadataVersionedStore; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; -import com.uid2.shared.store.reader.RotatingSiteStore; -import com.uid2.shared.store.reader.StoreReader; -import com.uid2.shared.store.scope.GlobalScope; -import com.uid2.shared.store.scope.SiteScope; -import com.uid2.shared.store.scope.StoreScope; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import io.vertx.core.json.JsonObject; import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; import org.mockito.ArgumentCaptor; -import org.mockito.Mock; -import org.mockito.MockitoAnnotations; -import java.nio.charset.StandardCharsets; import java.util.*; import static org.assertj.core.api.Assertions.assertThat; @@ -52,9 +38,9 @@ class EncryptedScopedStoreWriterTest { private final String dataType = "sites"; private final FileName dataFile = new FileName("sites", ".json"); private EncryptedScopedStoreWriter encryptedScopedStoreWriter; - private S3Key encryptionKey; + private CloudEncryptionKey encryptionKey; private final int testSiteId = 123; - private RotatingS3KeyProvider s3KeyProvider; + private RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider; private IMetadataVersionedStore provider; @BeforeEach @@ -70,17 +56,17 @@ void setUp() throws Exception { // Generate a valid 32-byte AES key byte[] keyBytes = Random.getRandomKeyBytes(); String base64Key = Base64.getEncoder().encodeToString(keyBytes); - encryptionKey = new S3Key(1, testSiteId, 0, 0, base64Key); + encryptionKey = new CloudEncryptionKey(1, testSiteId, 0, 0, base64Key); EncryptedScope encryptedScope = new EncryptedScope(rootMetadataPath, testSiteId,false); - s3KeyProvider = mock(RotatingS3KeyProvider.class); - Map mockKeyMap = new HashMap<>(); + cloudEncryptionKeyProvider = mock(RotatingCloudEncryptionKeyProvider.class); + Map mockKeyMap = new HashMap<>(); mockKeyMap.put(testSiteId, encryptionKey); - when(s3KeyProvider.getEncryptionKeyForSite(123)).thenReturn(encryptionKey); + when(cloudEncryptionKeyProvider.getEncryptionKeyForSite(123)).thenReturn(encryptionKey); - // Initialize EncryptedScopedStoreWriter with the s3KeyProvider + // Initialize EncryptedScopedStoreWriter with the cloudEncryptionKeyProvider encryptedScopedStoreWriter = new EncryptedScopedStoreWriter( provider, fileManager, @@ -89,7 +75,7 @@ void setUp() throws Exception { encryptedScope, dataFile, dataType, - s3KeyProvider, + cloudEncryptionKeyProvider, testSiteId ); } @@ -143,7 +129,7 @@ void testSuccessfulUploadAndVerifyEncryptedContent() throws Exception { @Test void testHandlingInvalidEncryptionKey() { - when(s3KeyProvider.getEncryptionKeyForSite(123)).thenReturn(null); + when(cloudEncryptionKeyProvider.getEncryptionKeyForSite(123)).thenReturn(null); String testData = "Test data to be encrypted"; JsonObject extraMeta = new JsonObject().put("test", "meta"); diff --git a/src/test/java/com/uid2/admin/vertx/OperatorKeyServiceTest.java b/src/test/java/com/uid2/admin/vertx/OperatorKeyServiceTest.java index a6ae90e1..831f2311 100644 --- a/src/test/java/com/uid2/admin/vertx/OperatorKeyServiceTest.java +++ b/src/test/java/com/uid2/admin/vertx/OperatorKeyServiceTest.java @@ -3,7 +3,7 @@ import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; import com.uid2.admin.auth.RevealedKey; -import com.uid2.admin.managers.S3KeyManager; +import com.uid2.admin.managers.CloudEncryptionKeyManager; import com.uid2.admin.vertx.service.IService; import com.uid2.admin.vertx.service.OperatorKeyService; import com.uid2.admin.vertx.test.ServiceTestBase; @@ -31,15 +31,15 @@ public class OperatorKeyServiceTest extends ServiceTestBase { private static final String KEY_PREFIX = "UID2-O-L-"; private static final String EXPECTED_OPERATOR_KEY_HASH = "abcdefabcdefabcdefabcdef"; private static final String EXPECTED_OPERATOR_KEY_SALT = "ghijklghijklghijklghijkl"; - private S3KeyManager s3KeyManager; + private CloudEncryptionKeyManager cloudEncryptionKeyManager; @Override protected IService createService() { this.config.put("operator_key_prefix", KEY_PREFIX); - this.config.put("s3_key_activates_in_seconds", 3600L); - this.config.put("s3_key_count_per_site", 5); - this.s3KeyManager = Mockito.mock(S3KeyManager.class); - return new OperatorKeyService(config, auth, writeLock, operatorKeyStoreWriter, operatorKeyProvider, siteProvider, keyGenerator, keyHasher, s3KeyManager); + this.config.put("cloud_encryption_key_activates_in_seconds", 3600L); + this.config.put("cloud_encryption_key_count_per_site", 5); + this.cloudEncryptionKeyManager = Mockito.mock(CloudEncryptionKeyManager.class); + return new OperatorKeyService(config, auth, writeLock, operatorKeyStoreWriter, operatorKeyProvider, siteProvider, keyGenerator, keyHasher, cloudEncryptionKeyManager); } @BeforeEach @@ -266,7 +266,7 @@ public void operatorKeySetRoleWithoutRoleParam(Vertx vertx, VertxTestContext tes } @Test - public void operatorAddGeneratesS3Keys(Vertx vertx, VertxTestContext testContext) { + public void operatorAddGeneratesCloudEncryptionKeys(Vertx vertx, VertxTestContext testContext) { fakeAuth(Role.MAINTAINER); post(vertx, testContext, "api/operator/add?name=test_operator&protocol=trusted&site_id=1&roles=optout&operator_type=public", "", response -> { @@ -274,10 +274,10 @@ public void operatorAddGeneratesS3Keys(Vertx vertx, VertxTestContext testContext RevealedKey revealedOperator = OBJECT_MAPPER.readValue(response.bodyAsString(), new TypeReference<>() {}); assertAll( - "operatorAddGeneratesS3Keys", + "operatorAddGeneratesCloudEncryptionKeys", () -> assertEquals(200, response.statusCode()), () -> assertNotNull(revealedOperator.getAuthorizable()), - () -> verify(s3KeyManager).generateKeysForOperators( + () -> verify(cloudEncryptionKeyManager).generateKeysForOperators( argThat(collection -> collection.size() == 1 && collection.iterator().next().getName().equals("test_operator")), eq(3600L), eq(5) @@ -291,7 +291,7 @@ public void operatorAddGeneratesS3Keys(Vertx vertx, VertxTestContext testContext } @Test - public void operatorUpdateSiteIdGeneratesS3Keys(Vertx vertx, VertxTestContext testContext) { + public void operatorUpdateSiteIdGeneratesCloudEncryptionKeys(Vertx vertx, VertxTestContext testContext) { fakeAuth(Role.PRIVILEGED); OperatorKey existingOperator = new OperatorBuilder().withSiteId(1).build(); @@ -302,11 +302,11 @@ public void operatorUpdateSiteIdGeneratesS3Keys(Vertx vertx, VertxTestContext te OperatorKey updatedOperator = OBJECT_MAPPER.readValue(response.bodyAsString(), OperatorKey.class); assertAll( - "operatorUpdateSiteIdGeneratesS3Keys", + "operatorUpdateSiteIdGeneratesCloudEncryptionKeys", () -> assertEquals(200, response.statusCode()), () -> assertEquals(5, updatedOperator.getSiteId()), () -> assertNotEquals(1, updatedOperator.getSiteId()), - () -> verify(s3KeyManager).generateKeysForOperators( + () -> verify(cloudEncryptionKeyManager).generateKeysForOperators( argThat(collection -> collection.size() == 1 && collection.iterator().next().getName().equals("test_operator")), eq(3600L), eq(5) @@ -320,7 +320,7 @@ public void operatorUpdateSiteIdGeneratesS3Keys(Vertx vertx, VertxTestContext te } @Test - public void operatorUpdateWithoutSiteIdChangeDoesNotGenerateS3Keys(Vertx vertx, VertxTestContext testContext) { + public void operatorUpdateWithoutSiteIdChangeDoesNotGenerateCloudEncryptionKeys(Vertx vertx, VertxTestContext testContext) { fakeAuth(Role.PRIVILEGED); OperatorKey existingOperator = new OperatorBuilder().build(); @@ -331,10 +331,10 @@ public void operatorUpdateWithoutSiteIdChangeDoesNotGenerateS3Keys(Vertx vertx, OperatorKey updatedOperator = OBJECT_MAPPER.readValue(response.bodyAsString(), OperatorKey.class); assertAll( - "operatorUpdateWithoutSiteIdChangeDoesNotGenerateS3Keys", + "operatorUpdateWithoutSiteIdChangeDoesNotGenerateCloudEncryptionKeys", () -> assertEquals(200, response.statusCode()), () -> assertEquals(existingOperator.getSiteId(), updatedOperator.getSiteId()), - () -> verify(s3KeyManager, never()).generateKeysForOperators(any(), anyLong(), anyInt()) + () -> verify(cloudEncryptionKeyManager, never()).generateKeysForOperators(any(), anyLong(), anyInt()) ); testContext.completeNow(); } catch (Exception e) { From e895bdaa30ee3d9faf71a494d9456cb25b737f06 Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Thu, 14 Nov 2024 13:39:36 -0700 Subject: [PATCH 2/6] Fixed config --- conf/local-config.json | 4 ++-- conf/local-e2e-docker-config.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/conf/local-config.json b/conf/local-config.json index 749223bb..e3e2bacb 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -44,6 +44,6 @@ "role_okta_group_map_maintainer": "developer", "role_okta_group_map_privileged": "developer", "role_okta_group_map_super_user": "developer", - "s3_key_activates_in_seconds": 86400, - "s3_key_count_per_site": 2 + "cloud_encryption_key_activates_in_seconds": 86400, + "cloud_encryption_key_count_per_site": 2 } diff --git a/conf/local-e2e-docker-config.json b/conf/local-e2e-docker-config.json index c0669a96..50fea242 100644 --- a/conf/local-e2e-docker-config.json +++ b/conf/local-e2e-docker-config.json @@ -44,6 +44,6 @@ "role_okta_group_map_maintainer": "developer", "role_okta_group_map_privileged": "developer", "role_okta_group_map_super_user": "developer", - "s3_key_activates_in_seconds": 86400, - "s3_key_count_per_site": 2 + "cloud_encryption_key_activates_in_seconds": 86400, + "cloud_encryption_key_count_per_site": 2 } From b68c6137129dae74e5430c0411cd4882d57d06b5 Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Thu, 14 Nov 2024 13:41:58 -0700 Subject: [PATCH 3/6] Upgrading the release workflows --- .github/workflows/build-and-test.yaml | 2 +- .github/workflows/check-stable-dependency.yaml | 2 +- .github/workflows/validate-image.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml index e8485b9f..672f3a5b 100644 --- a/.github/workflows/build-and-test.yaml +++ b/.github/workflows/build-and-test.yaml @@ -3,7 +3,7 @@ on: [pull_request, push, workflow_dispatch] jobs: build: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v2 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v3 secrets: inherit with: java_version: 21 diff --git a/.github/workflows/check-stable-dependency.yaml b/.github/workflows/check-stable-dependency.yaml index 3974a6eb..41eab5de 100644 --- a/.github/workflows/check-stable-dependency.yaml +++ b/.github/workflows/check-stable-dependency.yaml @@ -3,7 +3,7 @@ on: [pull_request, workflow_dispatch] jobs: check_dependency: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v2 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v3 secrets: inherit diff --git a/.github/workflows/validate-image.yaml b/.github/workflows/validate-image.yaml index 04011fb1..4fe4ca3b 100644 --- a/.github/workflows/validate-image.yaml +++ b/.github/workflows/validate-image.yaml @@ -19,7 +19,7 @@ on: jobs: build-publish-docker: - uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v2 + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-validate-image.yaml@v23 with: failure_severity: ${{ inputs.failure_severity || 'CRITICAL,HIGH' }} fail_on_error: ${{ inputs.fail_on_error || true }} From ce6f067a1abd9bc9f10448b5301bb6fcd144a958 Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Mon, 18 Nov 2024 10:41:58 -0700 Subject: [PATCH 4/6] Updating version of shared --- pom.xml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 600b9dc9..afe7c64d 100644 --- a/pom.xml +++ b/pom.xml @@ -16,8 +16,7 @@ 1.12.2 5.11.2 - 7.21.1-alpha-157-SNAPSHOT - 7.21.7 + 7.21.8-alpha-159-SNAPSHOT 0.5.10 ${project.version} From 4fb85a567ca9710ccf95d37d19b2f8a6e5f7fb69 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Mon, 18 Nov 2024 17:45:43 +0000 Subject: [PATCH 5/6] [CI Pipeline] Released Snapshot version: 5.15.25-alpha-94-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index afe7c64d..8956af9b 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-admin - 5.15.24 + 5.15.25-alpha-94-SNAPSHOT UTF-8 From 6a35a26b8bee5a4c8ea70bf1cdf50ceb5d5a6efa Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Wed, 20 Nov 2024 14:36:02 -0700 Subject: [PATCH 6/6] Final shared version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index afe7c64d..62a17def 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ 1.12.2 5.11.2 - 7.21.8-alpha-159-SNAPSHOT + 8.0.0 0.5.10 ${project.version}