Serializing new salt fields

Author: aulme

src/main/java/com/uid2/admin/store/writer/EncryptedSaltStoreWriter.java

@@ -6,7 +6,6 @@
 import com.uid2.shared.cloud.TaggableCloudStorage;
 import com.uid2.shared.encryption.AesGcm;
 import com.uid2.shared.model.CloudEncryptionKey;
-import com.uid2.shared.model.SaltEntry;
 import com.uid2.shared.store.CloudPath;
 import com.uid2.shared.store.salt.RotatingSaltProvider;
 import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider;
@@ -15,10 +14,7 @@
 import org.slf4j.LoggerFactory;
 import io.vertx.core.json.JsonObject;
 
-import java.io.BufferedWriter;
 import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Path;
 import java.util.*;
 
 public class EncryptedSaltStoreWriter extends SaltStoreWriter implements StoreWriter {
@@ -37,6 +33,19 @@ public EncryptedSaltStoreWriter(JsonObject config, RotatingSaltProvider provider
         this.siteId = siteId;
     }
 
+    @Override
+    public void upload(Object data, JsonObject extraMeta) throws Exception {
+        this.unEncryptedMetadataData = extraMeta;
+        @SuppressWarnings("unchecked")
+        List<RotatingSaltProvider.SaltSnapshot> snapshots = new ArrayList<>((Collection<RotatingSaltProvider.SaltSnapshot>) data);
+        this.buildAndUploadMetadata(snapshots);
+    }
+
+    @Override
+    public void rewriteMeta() throws Exception {
+
+    }
+
     @Override
     protected java.lang.String getSaltSnapshotLocation(RotatingSaltProvider.SaltSnapshot snapshot) {
         return scope.resolve(new CloudPath("salts.txt." + snapshot.getEffective().toEpochMilli())).toString();
@@ -82,13 +91,16 @@ protected boolean tryUploadSaltsSnapshot(RotatingSaltProvider.SaltSnapshot snaps
                  return false;
              }
          }
-        StringBuilder stringBuilder = new StringBuilder();
 
-        for (SaltEntry entry: snapshot.getAllRotatingSalts()) {
-            stringBuilder.append(entry.id()).append(",").append(entry.lastUpdated()).append(",").append(entry.currentSalt()).append("\n");
-        }
+        var saltCsv = SaltSerializer.toCsv(snapshot.getAllRotatingSalts());
+        var encryptedSaltCsv = addEncryptedEnvelope(encryptionKey, saltCsv);
+        uploadSaltsFile(location, encryptedSaltCsv);
+
+        LOGGER.info("File encryption completed for site_id={} key_id={} store={}", siteId, encryptionKey.getId(), "salts");
+        return true;
+    }
 
-        String data = stringBuilder.toString();
+    private String addEncryptedEnvelope(CloudEncryptionKey encryptionKey, String data) {
         JsonObject encryptedJson = new JsonObject();
         if (encryptionKey != null) {
             byte[] secret = Base64.getDecoder().decode(encryptionKey.getSecret());
@@ -100,13 +112,7 @@ protected boolean tryUploadSaltsSnapshot(RotatingSaltProvider.SaltSnapshot snaps
             throw new IllegalStateException("No Cloud Encryption keys available for encryption for site ID: " + siteId);
         }
 
-        final Path newSaltsFile = Files.createTempFile("salts", ".txt");
-        try (BufferedWriter w = Files.newBufferedWriter(newSaltsFile)) {
-            w.write(encryptedJson.encodePrettily());
-        }
-        this.upload(newSaltsFile.toString(), location);
-        LOGGER.info("File encryption completed for site_id={} key_id={} store={}", siteId, encryptionKey.getId(), "salts");
-        return true;
+        return encryptedJson.encodePrettily();
     }
 
     @Override
@@ -118,17 +124,4 @@ protected JsonObject getMetadata(){
     protected Long getMetadataVersion() throws Exception {
         return this.unEncryptedMetadataData.getLong("version");
     }
-
-    @Override
-    public void upload(Object data, JsonObject extraMeta) throws Exception {
-        this.unEncryptedMetadataData = extraMeta;
-        @SuppressWarnings("unchecked")
-        List<RotatingSaltProvider.SaltSnapshot> snapshots = new ArrayList<>((Collection<RotatingSaltProvider.SaltSnapshot>) data);
-        this.buildAndUploadMetadata(snapshots);
-    }
-
-    @Override
-    public void rewriteMeta() throws Exception {
-
-    }
 }

src/main/java/com/uid2/admin/store/writer/SaltSerializer.java

@@ -0,0 +1,56 @@
+package com.uid2.admin.store.writer;
+
+import com.uid2.shared.model.SaltEntry;
+
+import java.util.List;
+
+public class SaltSerializer {
+    public static String toCsv(SaltEntry[] entries) {
+        StringBuilder stringBuilder = new StringBuilder();
+
+        for (SaltEntry entry : entries) {
+            addLine(entry, stringBuilder);
+        }
+
+        return stringBuilder.toString();
+    }
+
+    private static void addLine(SaltEntry entry, StringBuilder stringBuilder) {
+        stringBuilder
+                .append(entry.id())
+                .append(",")
+                .append(entry.lastUpdated())
+                .append(",")
+                .append(entry.currentSalt());
+
+        stringBuilder.append(",");
+        stringBuilder.append(serializeNullable(entry.refreshFrom()));
+
+        stringBuilder.append(",");
+        stringBuilder.append(serializeNullable(entry.previousSalt()));
+
+        appendKey(stringBuilder, entry.currentKey());
+        appendKey(stringBuilder, entry.previousKey());
+
+        stringBuilder.append("\n");
+    }
+
+    private static void appendKey(StringBuilder stringBuilder, SaltEntry.KeyMaterial key) {
+        if (key != null) {
+            stringBuilder
+                    .append(",")
+                    .append(key.id())
+                    .append(",")
+                    .append(serializeNullable(key.key()))
+                    .append(",")
+                    .append(serializeNullable(key.salt()));
+        }
+        else  {
+            stringBuilder.append(",,,");
+        }
+    }
+
+    public static <T> String serializeNullable(T obj) {
+        return obj == null ? "" : obj.toString();
+    }
+}

src/main/java/com/uid2/admin/store/writer/SaltStoreWriter.java

@@ -2,7 +2,6 @@
 
 import com.uid2.admin.store.FileManager;
 import com.uid2.admin.store.version.VersionGenerator;
-import com.uid2.shared.Utils;
 import com.uid2.shared.cloud.CloudStorageException;
 import com.uid2.shared.cloud.TaggableCloudStorage;
 import com.uid2.shared.model.SaltEntry;
@@ -14,15 +13,13 @@
 import org.slf4j.LoggerFactory;
 
 import java.io.BufferedWriter;
-import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
-import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 public class SaltStoreWriter {
@@ -45,6 +42,30 @@ public SaltStoreWriter(JsonObject config, RotatingSaltProvider provider, FileMan
         this.versionGenerator = versionGenerator;
     }
 
+    public void upload(RotatingSaltProvider.SaltSnapshot data) throws Exception {
+        this.buildAndUploadMetadata(this.getSnapshots(data));
+        refreshProvider();
+    }
+
+    /**
+     * reads the metadata file, and marks each referenced file as ready for archiving
+     */
+    public void archiveSaltLocations() throws Exception {
+        final JsonObject metadata = provider.getMetadata();
+
+        metadata.getJsonArray("salts").forEach(instance -> {
+            try {
+                JsonObject salt = (JsonObject) instance;
+                String location = salt.getString("location", "");
+                if (!location.isBlank()) {
+                    this.setStatusTagToObsolete(location);
+                }
+            } catch (Exception ex) {
+                LOGGER.error("Error marking object as ready for archiving", ex);
+            }
+        });
+    }
+
     private List<RotatingSaltProvider.SaltSnapshot> getSnapshots(RotatingSaltProvider.SaltSnapshot data){
         if (provider.getSnapshots() == null) {
             throw new IllegalStateException("Snapshots cannot be null");
@@ -126,6 +147,7 @@ protected void buildAndUploadMetadata(List<RotatingSaltProvider.SaltSnapshot> sn
     protected JsonObject enrichMetadata(JsonObject metadata){
         return metadata;
     }
+
     /**
      * Builds snapshot metadata and uploads snapshots if they need to be updated.
      * <p>
@@ -151,34 +173,10 @@ private JsonArray uploadAndGetSnapshotsMetadata(List<RotatingSaltProvider.SaltSn
         return anyUploadSucceeded ? snapshotsMetadata : new JsonArray();
     }
 
-    public void upload(RotatingSaltProvider.SaltSnapshot data) throws Exception {
-        this.buildAndUploadMetadata(this.getSnapshots(data));
-        refreshProvider();
-    }
-
     private void refreshProvider() throws Exception {
         provider.loadContent();
     }
 
-    /**
-     * reads the metadata file, and marks each referenced file as ready for archiving
-     */
-    public void archiveSaltLocations() throws Exception {
-        final JsonObject metadata = provider.getMetadata();
-
-        metadata.getJsonArray("salts").forEach(instance -> {
-            try {
-                JsonObject salt = (JsonObject) instance;
-                String location = salt.getString("location", "");
-                if (!location.isBlank()) {
-                    this.setStatusTagToObsolete(location);
-                }
-            } catch (Exception ex) {
-                LOGGER.error("Error marking object as ready for archiving", ex);
-            }
-        });
-    }
-
     protected String getSaltSnapshotLocation(RotatingSaltProvider.SaltSnapshot snapshot) {
         return saltSnapshotLocationPrefix + snapshot.getEffective().toEpochMilli();
     }
@@ -200,14 +198,18 @@ protected boolean tryUploadSaltsSnapshot(RotatingSaltProvider.SaltSnapshot snaps
             return false;
         }
 
-        final Path newSaltsFile = Files.createTempFile("operators", ".txt");
+        var saltCsv = SaltSerializer.toCsv(snapshot.getAllRotatingSalts());
+        uploadSaltsFile(location, saltCsv);
+
+        return true;
+    }
+
+    protected void uploadSaltsFile(String location, String data) throws Exception {
+        final Path newSaltsFile = Files.createTempFile("salts", ".txt");
         try (BufferedWriter w = Files.newBufferedWriter(newSaltsFile)) {
-            for (SaltEntry entry : snapshot.getAllRotatingSalts()) {
-                w.write(entry.id() + "," + entry.lastUpdated() + "," + entry.currentSalt() + "\n");
-            }
+            w.write(data);
         }
         this.upload(newSaltsFile.toString(), location);
-        return true;
     }
 
     protected void upload(String data, String location) throws Exception {

src/test/java/com/uid2/admin/store/writer/SaltSerializerTest.java

@@ -0,0 +1,121 @@
+package com.uid2.admin.store.writer;
+
+import com.uid2.shared.model.SaltEntry;
+import com.uid2.shared.model.SaltEntry.KeyMaterial;
+import org.junit.jupiter.api.Test;
+
+import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+
+class SaltSerializerTest {
+    @Test
+    void toCsv_serializesNoSalts() {
+        var expected = "";
+
+        var salts = new SaltEntry[]{};
+        var actual = SaltSerializer.toCsv(salts);
+
+        assertThat(actual).isEqualTo(expected);
+    }
+
+    @Test
+    void toCsv_serializesSaltsWithNoOptionalFields() {
+        var expected = """
+1,100,salt1,,,,,,,,
+2,200,salt2,,,,,,,,
+""";
+
+        var salts = new SaltEntry[]{
+                new SaltEntry(1, "hashedId1", 100, "salt1", null, null, null, null),
+                new SaltEntry(2, "hashedId2", 200, "salt2", null, null, null, null),
+        };
+        var actual = SaltSerializer.toCsv(salts);
+
+        assertThat(actual).isEqualTo(expected);
+    }
+
+    @Test
+    void toCsv_serializesSaltsWithAllOptionalFields() {
+        var expected = """
+1,100,salt1,1000,previousSalt1,11,key1,keySalt1,111,key11,keySalt11
+2,200,salt2,2000,previousSalt2,22,key2,keySalt2,222,key22,keySalt22
+""";
+
+        var salts = new SaltEntry[]{
+                new SaltEntry(1,
+                        "hashedId1",
+                        100,
+                        "salt1",
+                        1000L,
+                        "previousSalt1",
+                        new KeyMaterial(11, "key1", "keySalt1"),
+                        new KeyMaterial(111, "key11", "keySalt11")
+                ),
+                new SaltEntry(2,
+                        "hashedId2",
+                        200,
+                        "salt2",
+                        2000L,
+                        "previousSalt2",
+                        new KeyMaterial(22, "key2", "keySalt2"),
+                        new KeyMaterial(222, "key22", "keySalt22")
+                ),
+        };
+        var actual = SaltSerializer.toCsv(salts);
+
+        assertThat(actual).isEqualTo(expected);
+    }
+
+    @Test
+    void toCsv_serializesSaltsWithV3IdentityMapFields() {
+        var expected = """
+1,100,salt1,1000,previousSalt1,,,,,,
+2,200,salt2,2000,previousSalt2,,,,,,
+""";
+
+        var salts = new SaltEntry[]{
+                new SaltEntry(1,
+                        "hashedId1",
+                        100,
+                        "salt1",
+                        1000L,
+                        "previousSalt1",
+                        null,
+                        null
+                ),
+                new SaltEntry(2,
+                        "hashedId2",
+                        200,
+                        "salt2",
+                        2000L,
+                        "previousSalt2",
+                        null,
+                        null
+                ),
+        };
+        var actual = SaltSerializer.toCsv(salts);
+
+        assertThat(actual).isEqualTo(expected);
+    }
+
+    @Test
+    void toCsv_toleratesNullsInKeys() {
+        var expected = """
+1,100,salt1,1000,previousSalt1,11,,,111,,
+""";
+
+        var salts = new SaltEntry[]{
+                new SaltEntry(1,
+                        "hashedId1",
+                        100,
+                        "salt1",
+                        1000L,
+                        "previousSalt1",
+                        new KeyMaterial(11, null, null),
+                        new KeyMaterial(111, null, null)
+                ),
+        };
+        var actual = SaltSerializer.toCsv(salts);
+
+        assertThat(actual).isEqualTo(expected);
+    }
+}