Create keyid field

IABTechLab · Oct 25, 2023 · 65c656e · 65c656e
1 parent 077c105
commit 65c656e
Show file tree

Hide file tree

Showing 16 changed files with 102 additions and 79 deletions.
diff --git a/src/main/java/com/uid2/admin/auth/AdminUser.java b/src/main/java/com/uid2/admin/auth/AdminUser.java
@@ -21,6 +21,8 @@ public class AdminUser implements IRoleAuthorizable<Role> {
     private final long created; // epochSeconds
     private Set<Role> roles;
     private boolean disabled;
+    @JsonProperty("key_id")
+    private String keyId;
 
     @JsonCreator
     public AdminUser(
@@ -31,7 +33,8 @@ public AdminUser(
             @JsonProperty("contact") String contact,
             @JsonProperty("created") long created,
             @JsonProperty("roles") Set<Role> roles,
-            @JsonProperty("disabled") boolean disabled) {
+            @JsonProperty("disabled") boolean disabled,
+            @JsonProperty("key_id") String keyId) {
         this.key = key;
         this.keyHash = keyHash;
         this.keySalt = keySalt;
@@ -40,11 +43,12 @@ public AdminUser(
         this.created = created;
         this.roles = roles;
         this.disabled = disabled;
+        this.keyId = keyId;
     }
 
     public static AdminUser unknown(String unknown) {
         return new AdminUser(unknown, unknown, unknown, unknown, unknown,
-                Instant.now().getEpochSecond(), Collections.emptySet(), false);
+                Instant.now().getEpochSecond(), Collections.emptySet(), false, unknown);
     }
 
     public String getKey() {
@@ -101,6 +105,9 @@ public Integer getSiteId() {
         return null;
     }
 
+    @Override
+    public String getKeyId() { return keyId; }
+
     @Override
     public boolean equals(Object o) {
         // If the object is compared with itself then return true
@@ -119,7 +126,8 @@ public boolean equals(Object o) {
                 && this.contact.equals(b.contact)
                 && this.created == b.created
                 && this.roles.equals(b.roles)
-                && this.disabled == b.disabled;
+                && this.disabled == b.disabled
+                && this.keyId == b.keyId;
     }
 
     @Override

diff --git a/src/main/java/com/uid2/admin/legacy/LegacyClientKey.java b/src/main/java/com/uid2/admin/legacy/LegacyClientKey.java
@@ -35,6 +35,8 @@ public class LegacyClientKey implements IRoleAuthorizable<Role> {
     private boolean disabled;
     @JsonProperty("service_id")
     private int serviceId;
+    @JsonProperty("key_id")
+    private String keyId;
 
     @JsonCreator
     public LegacyClientKey(
@@ -48,7 +50,8 @@ public LegacyClientKey(
             @JsonProperty("roles") Set<Role> roles,
             @JsonProperty("site_id") int siteId,
             @JsonProperty("disabled") boolean disabled,
-            @JsonProperty("service_id") int serviceId) {
+            @JsonProperty("service_id") int serviceId,
+            @JsonProperty("key_id") String keyId) {
         this.key = key;
         this.keyHash = keyHash;
         this.keySalt = keySalt;
@@ -61,18 +64,19 @@ public LegacyClientKey(
         this.siteId = siteId;
         this.disabled = disabled;
         this.serviceId = serviceId;
+        this.keyId = keyId;
     }
 
-    public LegacyClientKey(String key, String keyHash, String keySalt, String secret, String name, String contact, Instant created, Set<Role> roles, int siteId, boolean disabled) {
-        this(key, keyHash, keySalt, secret, name, contact, created.getEpochSecond(), roles, siteId, disabled, 0);
+    public LegacyClientKey(String key, String keyHash, String keySalt, String secret, String name, String contact, Instant created, Set<Role> roles, int siteId, boolean disabled, String keyId) {
+        this(key, keyHash, keySalt, secret, name, contact, created.getEpochSecond(), roles, siteId, disabled, 0, keyId);
     }
 
-    public LegacyClientKey(String key, String keyHash, String keySalt, String secret, String name, Instant created, Set<Role> roles, int siteId, boolean disabled) {
-        this(key, keyHash, keySalt, secret, name, name, created.getEpochSecond(), roles, siteId, disabled, 0);
+    public LegacyClientKey(String key, String keyHash, String keySalt, String secret, String name, Instant created, Set<Role> roles, int siteId, boolean disabled, String keyId) {
+        this(key, keyHash, keySalt, secret, name, name, created.getEpochSecond(), roles, siteId, disabled, 0, keyId);
     }
 
-    public LegacyClientKey(String key, String keyHash, String keySalt, String secret, String name, Instant created, Set<Role> roles, int siteId) {
-        this(key, keyHash, keySalt, secret, name, name, created.getEpochSecond(), roles, siteId, false, 0);
+    public LegacyClientKey(String key, String keyHash, String keySalt, String secret, String name, Instant created, Set<Role> roles, int siteId, String keyId) {
+        this(key, keyHash, keySalt, secret, name, name, created.getEpochSecond(), roles, siteId, false, 0, keyId);
     }
 
     public String getKey() {
@@ -101,6 +105,7 @@ public byte[] getSecretBytes() {
     public String getName() {
         return name;
     }
+    public String getKeyId() { return keyId; }
 
     public LegacyClientKey withName(String name) {
         this.name = name;
@@ -187,7 +192,8 @@ public ClientKey toClientKey() {
                 roles,
                 siteId,
                 disabled,
-                serviceId
+                serviceId,
+                keyId
         );
     }
 
@@ -210,7 +216,8 @@ public boolean equals(Object o) {
                 && this.siteId == b.siteId
                 && this.disabled == b.disabled
                 && Arrays.equals(this.secretBytes, b.secretBytes)
-                && this.serviceId == b.serviceId;
+                && this.serviceId == b.serviceId
+                && this.keyId == b.keyId;
     }
 
     @Override

diff --git a/src/main/java/com/uid2/admin/vertx/service/AdminKeyService.java b/src/main/java/com/uid2/admin/vertx/service/AdminKeyService.java
@@ -196,11 +196,12 @@ private void handleAdminAdd(RoutingContext rc) {
 
             // create a random key
             String key = (this.adminKeyPrefix != null ? this.adminKeyPrefix : "") + keyGenerator.generateFormattedKeyString(32);
+            String keyId = key.substring(0, "UID2-A-L-".length() + 5);
             KeyHashResult khr = keyHasher.hashKey(key);
 
             // create new admin
             long created = Instant.now().getEpochSecond();
-            AdminUser newAdmin = new AdminUser(key, khr.getHash(), khr.getSalt(), name, name, created, roles, false);
+            AdminUser newAdmin = new AdminUser(key, khr.getHash(), khr.getSalt(), name, name, created, roles, false, keyId);
 
             // add admin to the array
             admins.add(newAdmin);

diff --git a/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java b/src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java
@@ -216,6 +216,8 @@ private void handleClientAdd(RoutingContext rc) {
             KeyHashResult khr = keyHasher.hashKey(key);
             String secret = keyGenerator.generateRandomKeyString(32);
 
+            String keyId = key.substring(0, String.format("UID2-C-L-%d-", site.getId()).length() + 5);
+
             // add new client to array
             Instant created = Instant.now();
             LegacyClientKey newClient = new LegacyClientKey(
@@ -229,7 +231,8 @@ private void handleClientAdd(RoutingContext rc) {
                     roles,
                     site.getId(),
                     false,
-                    serviceId
+                    serviceId,
+                    keyId
             );
             if (!newClient.hasValidSiteId()) {
                 ResponseUtil.error(rc, 400, "invalid site id");

diff --git a/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java b/src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java
@@ -236,11 +236,12 @@ private void handleOperatorAdd(RoutingContext rc) {
 
             // create a random key
             String key = (this.operatorKeyPrefix != null ? (this.operatorKeyPrefix + finalSiteId + "-") : "") + keyGenerator.generateFormattedKeyString(32);
+            String keyId = key.substring(0, String.format("UID2-O-L-%d-", siteId).length() + 5);
             KeyHashResult khr = keyHasher.hashKey(key);
 
             // create new operator
             long created = Instant.now().getEpochSecond();
-            OperatorKey newOperator = new OperatorKey(khr.getHash(), khr.getSalt(), name, name, protocol, created, false, siteId, roles, operatorType);
+            OperatorKey newOperator = new OperatorKey(khr.getHash(), khr.getSalt(), name, name, protocol, created, false, siteId, roles, operatorType, keyId);
 
             // add client to the array
             operators.add(newOperator);

diff --git a/src/test/java/com/uid2/admin/auth/AdminUserProviderTest.java b/src/test/java/com/uid2/admin/auth/AdminUserProviderTest.java
@@ -31,7 +31,7 @@ public class AdminUserProviderTest {
     private List<AdminUser> adminUsers;
 
     private AdminUser createAdminUser(KeyHashResult khr, String name, String contact) {
-        return new AdminUser("", khr.getHash(), khr.getSalt(), name, contact, Instant.now().getEpochSecond(), Set.of(), false);
+        return new AdminUser("", khr.getHash(), khr.getSalt(), name, contact, Instant.now().getEpochSecond(), Set.of(), false, "key-id");
     }
 
     @BeforeEach

diff --git a/src/test/java/com/uid2/admin/job/jobsync/client/ClientKeySyncJobTest.java b/src/test/java/com/uid2/admin/job/jobsync/client/ClientKeySyncJobTest.java
@@ -40,7 +40,8 @@ class ClientKeySyncJobTest {
                     false,
                     scopedSiteId,
                     Set.of(Role.OPERATOR),
-                    OperatorType.PRIVATE
+                    OperatorType.PRIVATE,
+                    "key-id"
             )
     );
     private final LegacyClientKey client = new LegacyClientKey(
@@ -53,7 +54,8 @@ class ClientKeySyncJobTest {
             Instant.MIN,
             Set.of(Role.OPERATOR),
             scopedSiteId,
-            false
+            false,
+            "key-id"
     );
 
     private ClientKeyStoreFactory clientKeyStoreFactory;

diff --git a/src/test/java/com/uid2/admin/job/sitesync/SiteSyncJobTest.java b/src/test/java/com/uid2/admin/job/sitesync/SiteSyncJobTest.java
@@ -43,7 +43,8 @@ public class SiteSyncJobTest {
                     false,
                     scopedSiteId,
                     Set.of(Role.OPERATOR),
-                    OperatorType.PRIVATE)
+                    OperatorType.PRIVATE,
+                    "key-id")
     );
     private final Site site = new Site(scopedSiteId, "site 1", true);
 

diff --git a/src/test/java/com/uid2/admin/managers/KeysetManagerTest.java b/src/test/java/com/uid2/admin/managers/KeysetManagerTest.java
@@ -143,21 +143,21 @@ public void testCreateKeysetForClient() throws Exception {
 
         setKeysets(keysets);
         // Sharer makes an empty list
-        ClientKey sharer = new ClientKey("", "",  "", "", "", Instant.now(), Set.of(Role.SHARER), 7, false);
+        ClientKey sharer = new ClientKey("", "",  "", "", "", Instant.now(), Set.of(Role.SHARER), 7, false, "key-id-7");
         AdminKeyset returnedKeyset = keysetManager.createKeysetForClient(sharer);
         AdminKeyset sharerKeyset = keysets.get(returnedKeyset.getKeysetId());
         assertTrue(sharerKeyset.equals(returnedKeyset));
         assertEquals(sharerKeyset.getAllowedSites(), Set.of());
 
         // Generator makes a null list
-        ClientKey generator = new ClientKey("", "",  "", "", "", Instant.now(), Set.of(Role.GENERATOR), 8, false);
+        ClientKey generator = new ClientKey("", "",  "", "", "", Instant.now(), Set.of(Role.GENERATOR), 8, false, "key-id-8");
         returnedKeyset = keysetManager.createKeysetForClient(generator);
         AdminKeyset generatorKeyset = keysets.get(returnedKeyset.getKeysetId());
         assertTrue(generatorKeyset.equals(returnedKeyset));
         assertNull(generatorKeyset.getAllowedSites());
 
         // Generator takes priority of sharer
-        ClientKey sharerGenerator = new ClientKey("", "",  "", "", "", Instant.now(), Set.of(Role.SHARER, Role.GENERATOR), 9, false);
+        ClientKey sharerGenerator = new ClientKey("", "",  "", "", "", Instant.now(), Set.of(Role.SHARER, Role.GENERATOR), 9, false, "key-id-9");
         keysetManager.createKeysetForClient(sharerGenerator);
         returnedKeyset = keysetManager.createKeysetForClient(sharerGenerator);
         AdminKeyset bothKeyset = keysets.get(returnedKeyset.getKeysetId());

diff --git a/src/test/java/com/uid2/admin/store/writer/ClientKeyStoreTest.java b/src/test/java/com/uid2/admin/store/writer/ClientKeyStoreTest.java
@@ -203,7 +203,8 @@ private List<ClientKey> generateOneClient(String suffix) {
                 Set.of(Role.GENERATOR),
                 5,
                 false,
-                0
+                0,
+                "key-id"
         );
         return ImmutableList.of(key);
     }

diff --git a/src/test/java/com/uid2/admin/util/PrivateSiteUtilTest.java b/src/test/java/com/uid2/admin/util/PrivateSiteUtilTest.java
@@ -317,11 +317,11 @@ public void testGenerateEncryptionKeyData() {
             readerRole.add(Role.ID_READER);
 
             final OperatorKey[] operatorKeys = {
-                    new OperatorKey("keyHash3", "keySalt3", "name3", "contact3", "aws-nitro", 2, false, 3, new HashSet<>(), OperatorType.PRIVATE),
-                    new OperatorKey("keyHash4", "keySalt4", "name4", "contact4", "aws-nitro", 2, false, 4, new HashSet<>(), OperatorType.PRIVATE),
-                    new OperatorKey("keyHash5", "keySalt5", "name5", "contact5", "aws-nitro", 2, false, 5, new HashSet<>(), OperatorType.PUBLIC),
-                    new OperatorKey("keyHash6", "keySalt6", "name6", "contact6", "aws-nitro", 2, false, 6, new HashSet<>(), OperatorType.PRIVATE),
-                    new OperatorKey("keyHash7", "keySalt7", "name6", "contact6", "aws-nitro", 2, false, 7, new HashSet<>(), OperatorType.PUBLIC)
+                    new OperatorKey("keyHash3", "keySalt3", "name3", "contact3", "aws-nitro", 2, false, 3, new HashSet<>(), OperatorType.PRIVATE, "key-id-3"),
+                    new OperatorKey("keyHash4", "keySalt4", "name4", "contact4", "aws-nitro", 2, false, 4, new HashSet<>(), OperatorType.PRIVATE, "key-id-4"),
+                    new OperatorKey("keyHash5", "keySalt5", "name5", "contact5", "aws-nitro", 2, false, 5, new HashSet<>(), OperatorType.PUBLIC, "key-id-5"),
+                    new OperatorKey("keyHash6", "keySalt6", "name6", "contact6", "aws-nitro", 2, false, 6, new HashSet<>(), OperatorType.PRIVATE, "key-id-6"),
+                    new OperatorKey("keyHash7", "keySalt7", "name7", "contact7", "aws-nitro", 2, false, 7, new HashSet<>(), OperatorType.PUBLIC, "key-id-7")
             };
             final EncryptionKey[] encryptionKeys = {
                     new EncryptionKey(1, new byte[]{}, Instant.now(), Instant.now(), Instant.now(), Const.Data.RefreshKeySiteId),
@@ -333,9 +333,9 @@ public void testGenerateEncryptionKeyData() {
                     new EncryptionKey(6, new byte[]{}, Instant.now(), Instant.now(), Instant.now(), 7)
             };
             final LegacyClientKey[] clientKeys = {
-                    new LegacyClientKey("key3", "keyHash3", "keySalt3", "", "name3", "contact3", Instant.now(), readerRole, 3, false),
-                    new LegacyClientKey("key4", "keyHash4", "keySalt4", "", "name4", "contact4", Instant.now(), readerRole, 4, false),
-                    new LegacyClientKey("key7", "keyHash7", "keySalt7", "", "name7", "contact7", Instant.now(), readerRole, 7, false)
+                    new LegacyClientKey("key3", "keyHash3", "keySalt3", "", "name3", "contact3", Instant.now(), readerRole, 3, false, "key-id-3"),
+                    new LegacyClientKey("key4", "keyHash4", "keySalt4", "", "name4", "contact4", Instant.now(), readerRole, 4, false, "key-id-4"),
+                    new LegacyClientKey("key7", "keyHash7", "keySalt7", "", "name7", "contact7", Instant.now(), readerRole, 7, false, "key-id-7")
             };
 
             final Set<Integer> site3Whitelist = new HashSet<>();
@@ -516,10 +516,10 @@ public void doesNotSharesAclWithSitesOnTheBlacklist() {
         @Test
         public void testGenerateEncryptionKeyAclData() {
             final OperatorKey[] operatorKeys = {
-                    new OperatorKey("keyHash3", "keySalt3", "name3", "contact3", "aws-nitro", 2, false, 3, new HashSet<>(), OperatorType.PRIVATE),
-                    new OperatorKey("keyHash4", "keySalt4", "name4", "contact4", "aws-nitro", 2, false, 4, new HashSet<>(), OperatorType.PRIVATE),
-                    new OperatorKey("keyHash5", "keySalt5", "name5", "contact5", "aws-nitro", 2, false, 5, new HashSet<>(), OperatorType.PUBLIC),
-                    new OperatorKey("keyHash6", "keySalt6", "name6", "contact6", "aws-nitro", 2, false, 6, new HashSet<>(), OperatorType.PRIVATE)
+                    new OperatorKey("keyHash3", "keySalt3", "name3", "contact3", "aws-nitro", 2, false, 3, new HashSet<>(), OperatorType.PRIVATE, "key-id-3"),
+                    new OperatorKey("keyHash4", "keySalt4", "name4", "contact4", "aws-nitro", 2, false, 4, new HashSet<>(), OperatorType.PRIVATE, "key-id-4"),
+                    new OperatorKey("keyHash5", "keySalt5", "name5", "contact5", "aws-nitro", 2, false, 5, new HashSet<>(), OperatorType.PUBLIC, "key-id-5"),
+                    new OperatorKey("keyHash6", "keySalt6", "name6", "contact6", "aws-nitro", 2, false, 6, new HashSet<>(), OperatorType.PRIVATE, "key-id-6")
             };
 
             final Set<Integer> site3Whitelist = new HashSet<>();
@@ -551,10 +551,10 @@ public void testGenerateEncryptionKeyAclData() {
         @Test
         public void testGenerateEncryptionKeyAclDataForEachSite() {
             final OperatorKey[] operatorKeys = {
-                    new OperatorKey("keyHash3", "keySalt3", "name3", "contact3", "aws-nitro", 2, false, 3, new HashSet<>(), OperatorType.PRIVATE),
-                    new OperatorKey("keyHash4", "keySalt4", "name4", "contact4", "aws-nitro", 2, false, 4, new HashSet<>(), OperatorType.PRIVATE),
-                    new OperatorKey("keyHash5", "keySalt5", "name5", "contact5", "aws-nitro", 2, false, 5, new HashSet<>(), OperatorType.PUBLIC),
-                    new OperatorKey("keyHash6", "keySalt6", "name6", "contact6", "aws-nitro", 2, false, 6, new HashSet<>(), OperatorType.PRIVATE)
+                    new OperatorKey("keyHash3", "keySalt3", "name3", "contact3", "aws-nitro", 2, false, 3, new HashSet<>(), OperatorType.PRIVATE, "key-id-3"),
+                    new OperatorKey("keyHash4", "keySalt4", "name4", "contact4", "aws-nitro", 2, false, 4, new HashSet<>(), OperatorType.PRIVATE, "key-id-4"),
+                    new OperatorKey("keyHash5", "keySalt5", "name5", "contact5", "aws-nitro", 2, false, 5, new HashSet<>(), OperatorType.PUBLIC, "key-id-5"),
+                    new OperatorKey("keyHash6", "keySalt6", "name6", "contact6", "aws-nitro", 2, false, 6, new HashSet<>(), OperatorType.PRIVATE, "key-id-6")
             };
 
             final Set<Integer> site3Whitelist = new HashSet<>();
@@ -964,12 +964,12 @@ public void testGenerateSiteData() {
                     new Site(5, "4", true)
             };
             final OperatorKey[] publicOperatorKeys = {
-                    new OperatorKey("keyHash2", "keySalt2", "name2", "contact2", "aws-nitro", 2, false, Const.Data.AdvertisingTokenSiteId, new HashSet<>(), OperatorType.PUBLIC),
-                    new OperatorKey("keyHash5", "keySalt5", "name5", "contact5", "aws-nitro", 5, false, 5, new HashSet<>(), OperatorType.PUBLIC),
+                    new OperatorKey("keyHash2", "keySalt2", "name2", "contact2", "aws-nitro", 2, false, Const.Data.AdvertisingTokenSiteId, new HashSet<>(), OperatorType.PUBLIC, "key-id-2"),
+                    new OperatorKey("keyHash5", "keySalt5", "name5", "contact5", "aws-nitro", 5, false, 5, new HashSet<>(), OperatorType.PUBLIC, "key-id-5"),
             };
             final OperatorKey[] privateOperatorKeys = {
-                    new OperatorKey("keyHash3", "keySalt3", "name3", "contact3", "aws-nitro", 3, false, 3, new HashSet<>(), OperatorType.PRIVATE),
-                    new OperatorKey("keyHash4", "keySalt4", "name4", "contact4", "aws-nitro", 4, false, 4, new HashSet<>(), OperatorType.PRIVATE),
+                    new OperatorKey("keyHash3", "keySalt3", "name3", "contact3", "aws-nitro", 3, false, 3, new HashSet<>(), OperatorType.PRIVATE, "key-id-3"),
+                    new OperatorKey("keyHash4", "keySalt4", "name4", "contact4", "aws-nitro", 4, false, 4, new HashSet<>(), OperatorType.PRIVATE, "key-id-4"),
             };
             final List<OperatorKey> allOperatorKeys = new ArrayList<>(Arrays.asList(publicOperatorKeys));
             allOperatorKeys.addAll(Arrays.asList(privateOperatorKeys));
@@ -1003,7 +1003,7 @@ public void testGenerateSiteData() {
     final Map<Integer, EncryptionKeyAcl> noAcls = ImmutableMap.of();
 
     static class OperatorBuilder {
-        private final OperatorKey operator = new OperatorKey("keyHash3", "keySalt3", "name3", "contact3", "aws-nitro", 2, false, siteId1, ImmutableSet.of(), OperatorType.PRIVATE);
+        private final OperatorKey operator = new OperatorKey("keyHash3", "keySalt3", "name3", "contact3", "aws-nitro", 2, false, siteId1, ImmutableSet.of(), OperatorType.PRIVATE, "key-id-3");
 
         public OperatorBuilder withSiteId(int siteId) {
             this.operator.setSiteId(siteId);
@@ -1056,7 +1056,7 @@ public LegacyClientBuilder withReaderRole() {
         }
 
         public LegacyClientKey build() {
-            return new LegacyClientKey("key_1", "keyHash3_1", "keySalt3_1", "", "name3_1", "contact3_1", Instant.now(), roles, siteId, isDisabled);
+            return new LegacyClientKey("key_1", "keyHash3_1", "keySalt3_1", "", "name3_1", "contact3_1", Instant.now(), roles, siteId, isDisabled, "key-id-1");
         }
     }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -203,7 +203,8 @@ private List<ClientKey> generateOneClient(String suffix) { @@
                     Set.of(Role.GENERATOR),
 ,
                     false,
+,
+                    "key-id"
             );
             return ImmutableList.of(key);
         }
@@ Expand Down @@