From e33a56435cd758914a855375ce03a2c314e307a2 Mon Sep 17 00:00:00 2001 From: Qin Li Date: Thu, 21 Oct 2021 14:04:30 -0700 Subject: [PATCH 1/4] add .gitignore --- .gitignore | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ed581df --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +target/ +.idea/ +dependencies/ +conf/*.json +sync/ +out/ +generated/ +uid2-optout.iml From fa098d9f812b9099ca1aaf2ae47cd66d729a3579 Mon Sep 17 00:00:00 2001 From: Qin Li Date: Fri, 20 Aug 2021 12:25:00 -0700 Subject: [PATCH 2/4] fixed a bug --- src/main/java/com/uid2/optout/vertx/OptOutLogProducer.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/optout/vertx/OptOutLogProducer.java b/src/main/java/com/uid2/optout/vertx/OptOutLogProducer.java index a80163a..5b1efd2 100644 --- a/src/main/java/com/uid2/optout/vertx/OptOutLogProducer.java +++ b/src/main/java/com/uid2/optout/vertx/OptOutLogProducer.java @@ -164,7 +164,9 @@ public void stop(Promise stopPromise) throws Exception { } public String getLastDelta() { - Optional last = Arrays.stream((new File(this.deltaProducerDir)).list()) + String[] deltaList = (new File(this.deltaProducerDir)).list(); + if (deltaList == null) return null; + Optional last = Arrays.stream(deltaList) .sorted(OptOutUtils.DeltaFilenameComparatorDescending) .findFirst(); if (last.isPresent()) return Paths.get(this.deltaProducerDir, last.get()).toString(); From eb8cb5829c3eb0f7786a3a16d301665921fa9718 Mon Sep 17 00:00:00 2001 From: Qin Li Date: Fri, 20 Aug 2021 16:44:46 -0700 Subject: [PATCH 3/4] no client key auth --- conf/integ-config.json | 6 ++-- src/main/java/com/uid2/optout/Main.java | 38 +++++++------------------ 2 files changed, 14 insertions(+), 30 deletions(-) diff --git a/conf/integ-config.json b/conf/integ-config.json index a184258..fccaa68 100644 --- a/conf/integ-config.json +++ b/conf/integ-config.json @@ -7,7 +7,7 @@ "optout_internal_api_token": "test-optout-internal-key", "optout_replica_uris": "http://localhost:8081/optout/write,http://localhost:8081/optout/write,http://localhost:8081/optout/write", "partners_config_path": "/com.uid2.core/test/partners/config.json", - "clients_metadata_path": "http://localhost:8088/clients/refresh", - "core_attest_url": "http://localhost:8088/attest/get_token", - "core_api_token": "test-partner-key" + "operators_metadata_path": "http://localhost:8088/operators/refresh", + "core_attest_url": "http://localhost:8088/attest", + "core_api_token": "trusted-partner-key" } \ No newline at end of file diff --git a/src/main/java/com/uid2/optout/Main.java b/src/main/java/com/uid2/optout/Main.java index c47c321..de4f15c 100644 --- a/src/main/java/com/uid2/optout/Main.java +++ b/src/main/java/com/uid2/optout/Main.java @@ -80,10 +80,8 @@ public class Main { private final JsonObject config; private final ICloudStorage fsLocal = new LocalStorageMock(); private final ICloudStorage fsOptOut; - private final ICloudStorage fsClientKeyConfig; private final ICloudStorage fsOperatorKeyConfig; private final ICloudStorage fsPartnerConfig; - private final RotatingClientKeyProvider clientKeyProvider; private final RotatingOperatorKeyProvider operatorKeyProvider; private final boolean observeOnly; @@ -134,33 +132,28 @@ public Main(Vertx vertx, JsonObject config) throws Exception { } String coreAttestUrl = this.config.getString(Const.Config.CoreAttestUrlProp); + final ICloudStorage contentStorage; if (coreAttestUrl != null) { String coreApiToken = this.config.getString(Const.Config.CoreApiTokenProp); - this.fsClientKeyConfig = UidCoreClient.createNoAttest(coreAttestUrl, coreApiToken); - LOGGER.info("Client api-keys - Using uid2-core attestation endpoint: " + coreAttestUrl); - - // need separate s3 creds - currently disabled - String optoutS3Bucket = this.config.getString(Const.Config.OptOutS3BucketProp); - this.fsOperatorKeyConfig = CloudUtils.createStorage(optoutS3Bucket, config); - LOGGER.info("Using CloudStorage for operator api-key config: s3://" + optoutS3Bucket); + UidCoreClient uidCoreClient = UidCoreClient.createNoAttest(coreAttestUrl, coreApiToken); + if (useStorageMock) uidCoreClient.setAllowContentFromLocalFileSystem(true); + this.fsOperatorKeyConfig = uidCoreClient; + contentStorage = uidCoreClient.getContentStorage(); + LOGGER.info("Operator api-keys - Using uid2-core attestation endpoint: " + coreAttestUrl); } else if (useStorageMock) { - this.fsClientKeyConfig = new EmbeddedResourceStorage(Main.class); this.fsOperatorKeyConfig = new EmbeddedResourceStorage(Main.class); + contentStorage = this.fsOperatorKeyConfig; LOGGER.info("Client api-keys - Using EmbeddedResourceStorage"); } else { - String coreBucket = this.config.getString(Const.Config.CoreS3BucketProp); - this.fsClientKeyConfig = CloudUtils.createStorage(coreBucket, config); String optoutS3Bucket = this.config.getString(Const.Config.OptOutS3BucketProp); this.fsOperatorKeyConfig = CloudUtils.createStorage(optoutS3Bucket, config); - LOGGER.info("Using CloudStorage for client api-key at s3://" + coreBucket + ", and operator api-key at s3://" + optoutS3Bucket); + contentStorage = this.fsOperatorKeyConfig; + LOGGER.info("Using CloudStorage for operator api-key at s3://" + optoutS3Bucket); } - String clientsMdPath = this.config.getString(Const.Config.ClientsMetadataPathProp); - this.clientKeyProvider = new RotatingClientKeyProvider(this.fsClientKeyConfig, clientsMdPath); String operatorsMdPath = this.config.getString(Const.Config.OperatorsMetadataPathProp); - this.operatorKeyProvider = new RotatingOperatorKeyProvider(this.fsOperatorKeyConfig, this.fsOperatorKeyConfig, operatorsMdPath); + this.operatorKeyProvider = new RotatingOperatorKeyProvider(this.fsOperatorKeyConfig, contentStorage, operatorsMdPath); if (useStorageMock) { - this.clientKeyProvider.loadContent(); this.operatorKeyProvider.loadContent(this.operatorKeyProvider.getMetadata()); } } @@ -258,9 +251,6 @@ public void run(String[] args) throws IOException { // deploy optout cloud sync verticle futs.add(this.deploySingleInstance(cloudSyncVerticle)); - // deploy client key rotator - futs.add(this.createClientKeyRotator()); - // deploy operator key rotator futs.add(this.createOperatorKeyRotator()); @@ -281,8 +271,7 @@ public void run(String[] args) throws IOException { } Supplier svcSupplier = () -> { - MultisourceAuthProvider authProvider = new MultisourceAuthProvider(this.operatorKeyProvider, this.clientKeyProvider); - OptOutServiceVerticle svc = new OptOutServiceVerticle(vertx, authProvider, this.fsOptOut, this.config); + OptOutServiceVerticle svc = new OptOutServiceVerticle(vertx, this.operatorKeyProvider, this.fsOptOut, this.config); // configure where OptOutService receives the latest cloud paths cs.registerNewCloudPathsHandler(ps -> svc.setCloudPaths(ps)); return svc; @@ -371,11 +360,6 @@ private Future uploadLastDelta(OptOutCloudSync cs, OptOutLogProducer logProducer return promise.future(); } - private Future createClientKeyRotator() { - RotatingStoreVerticle rotatingStore = new RotatingStoreVerticle("clients", 10000, clientKeyProvider); - return this.deploySingleInstance(rotatingStore); - } - private Future createOperatorKeyRotator() { RotatingStoreVerticle rotatingStore = new RotatingStoreVerticle("operators", 10000, operatorKeyProvider); return this.deploySingleInstance(rotatingStore); From 1ad9dcf2e69b55e51ff66e0c3b0c6790d732a1b7 Mon Sep 17 00:00:00 2001 From: Andrei Tarassov Date: Mon, 23 Aug 2021 15:06:39 +1000 Subject: [PATCH 4/4] Capture client versions and pass client versions to Core - integrate with uid2-shared changes - embed application version in JAR --- pom.xml | 17 +++++++++++++++++ src/main/java/com/uid2/optout/Main.java | 6 +++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 27f2827..86b2d59 100644 --- a/pom.xml +++ b/pom.xml @@ -17,6 +17,7 @@ 3.9.4 1.1.0 + ${project.version} @@ -161,6 +162,22 @@ + + org.codehaus.mojo + properties-maven-plugin + 1.0.0 + + + generate-resources + + write-project-properties + + + ${project.build.outputDirectory}/${project.artifactId}.properties + + + + org.codehaus.mojo exec-maven-plugin diff --git a/src/main/java/com/uid2/optout/Main.java b/src/main/java/com/uid2/optout/Main.java index de4f15c..f582d96 100644 --- a/src/main/java/com/uid2/optout/Main.java +++ b/src/main/java/com/uid2/optout/Main.java @@ -26,6 +26,7 @@ import com.uid2.optout.vertx.OptOutLogProducer; import com.uid2.optout.vertx.OptOutServiceVerticle; import com.uid2.optout.vertx.PartnerConfigMonitor; +import com.uid2.shared.ApplicationVersion; import com.uid2.shared.Utils; import com.uid2.shared.attest.UidCoreClient; import com.uid2.shared.auth.MultisourceAuthProvider; @@ -131,11 +132,14 @@ public Main(Vertx vertx, JsonObject config) throws Exception { LOGGER.info("Using CloudStorage for partners config: s3://" + optoutBucket); } + ApplicationVersion appVersion = ApplicationVersion.load("uid2-optout", "uid2-shared", "enclave-attestation-api"); + String coreAttestUrl = this.config.getString(Const.Config.CoreAttestUrlProp); final ICloudStorage contentStorage; if (coreAttestUrl != null) { String coreApiToken = this.config.getString(Const.Config.CoreApiTokenProp); - UidCoreClient uidCoreClient = UidCoreClient.createNoAttest(coreAttestUrl, coreApiToken); + boolean enforceHttps = this.config.getBoolean("enforce_https", true); + UidCoreClient uidCoreClient = UidCoreClient.createNoAttest(coreAttestUrl, coreApiToken, appVersion, enforceHttps); if (useStorageMock) uidCoreClient.setAllowContentFromLocalFileSystem(true); this.fsOperatorKeyConfig = uidCoreClient; contentStorage = uidCoreClient.getContentStorage();