diff --git a/conf/default-config.json b/conf/default-config.json index 84382e12..f90aac82 100644 --- a/conf/default-config.json +++ b/conf/default-config.json @@ -1,4 +1,3 @@ { - "enable_keysets": false, - "enable_salt_rotation_refresh_from": false -} \ No newline at end of file + "enable_keysets": false +} diff --git a/conf/local-config.json b/conf/local-config.json index 54a1c163..11320300 100644 --- a/conf/local-config.json +++ b/conf/local-config.json @@ -12,7 +12,6 @@ "keys_acl_metadata_path": "keys_acl/metadata.json", "salts_metadata_path": "salts/metadata.json", "salt_snapshot_location_prefix": "salts/salts.txt.", - "enable_salt_rotation_refresh_from": false, "operators_metadata_path": "operators/metadata.json", "enclaves_metadata_path": "enclaves/metadata.json", "partners_metadata_path": "partners/metadata.json", diff --git a/src/main/java/com/uid2/admin/AdminConst.java b/src/main/java/com/uid2/admin/AdminConst.java index c507cd58..b8ccd338 100644 --- a/src/main/java/com/uid2/admin/AdminConst.java +++ b/src/main/java/com/uid2/admin/AdminConst.java @@ -1,10 +1,11 @@ package com.uid2.admin; -public class AdminConst { - public static String enableKeysetConfigProp = "enable_keysets"; +public final class AdminConst { + private AdminConst() { + } + + public static final String enableKeysetConfigProp = "enable_keysets"; public static final String ROLE_OKTA_GROUP_MAP_MAINTAINER = "role_okta_group_map_maintainer"; public static final String ROLE_OKTA_GROUP_MAP_PRIVILEGED = "role_okta_group_map_privileged"; public static final String ROLE_OKTA_GROUP_MAP_SUPER_USER = "role_okta_group_map_super_user"; - public static final String ENABLE_SALT_ROTATION_REFRESH_FROM = "enable_salt_rotation_refresh_from"; - public static final String ENABLE_SALT_ROTATION_CUSTOM_AGE_THRESHOLDS = "enable_salt_rotation_custom_age_thresholds"; } diff --git a/src/main/java/com/uid2/admin/Main.java b/src/main/java/com/uid2/admin/Main.java index ddab20e1..41dd33a4 100644 --- a/src/main/java/com/uid2/admin/Main.java +++ b/src/main/java/com/uid2/admin/Main.java @@ -233,7 +233,7 @@ public void run() { WriteLock writeLock = new WriteLock(); KeyHasher keyHasher = new KeyHasher(); IKeypairGenerator keypairGenerator = new SecureKeypairGenerator(); - SaltRotation saltRotation = new SaltRotation(config, keyGenerator); + SaltRotation saltRotation = new SaltRotation(keyGenerator); EncryptionKeyService encryptionKeyService = new EncryptionKeyService( config, auth, writeLock, encryptionKeyStoreWriter, keysetKeyStoreWriter, keyProvider, keysetKeysProvider, adminKeysetProvider, adminKeysetStoreWriter, keyGenerator, clock); KeysetManager keysetManager = new KeysetManager( diff --git a/src/main/java/com/uid2/admin/salt/SaltRotation.java b/src/main/java/com/uid2/admin/salt/SaltRotation.java index cd2887d0..983c7311 100644 --- a/src/main/java/com/uid2/admin/salt/SaltRotation.java +++ b/src/main/java/com/uid2/admin/salt/SaltRotation.java @@ -1,13 +1,10 @@ package com.uid2.admin.salt; -import com.uid2.admin.AdminConst; import com.uid2.shared.model.SaltEntry; import com.uid2.shared.secret.IKeyGenerator; -import com.uid2.shared.store.salt.ISaltProvider; import com.uid2.shared.store.salt.ISaltProvider.ISaltSnapshot; import com.uid2.shared.store.salt.RotatingSaltProvider.SaltSnapshot; -import io.vertx.core.json.JsonObject; import lombok.Getter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -22,18 +19,10 @@ public class SaltRotation { private static final double MAX_SALT_PERCENTAGE = 0.8; private final IKeyGenerator keyGenerator; - private final boolean isRefreshFromEnabled; - private final boolean isCustomAgeThresholdEnabled; private static final Logger LOGGER = LoggerFactory.getLogger(SaltRotation.class); - public SaltRotation(JsonObject config, IKeyGenerator keyGenerator) { + public SaltRotation(IKeyGenerator keyGenerator) { this.keyGenerator = keyGenerator; - this.isRefreshFromEnabled = config.getBoolean(AdminConst.ENABLE_SALT_ROTATION_REFRESH_FROM, false); - this.isCustomAgeThresholdEnabled = config.getBoolean(AdminConst.ENABLE_SALT_ROTATION_CUSTOM_AGE_THRESHOLDS, false); - } - - public boolean isCustomAgeThresholdEnabled() { - return this.isCustomAgeThresholdEnabled; } public Result rotateSalts( @@ -97,7 +86,6 @@ public Result rotateSaltsZero( return Result.fromSnapshot(nextSnapshot); } - private static int getNumSaltsToRotate(SaltEntry[] preRotationSalts, double fraction) { return (int) Math.ceil(preRotationSalts.length * fraction); } @@ -107,11 +95,7 @@ private Set findRefreshableSalts(SaltEntry[] preRotationSalts, Target } private boolean isRefreshable(TargetDate targetDate, SaltEntry salt) { - if (this.isRefreshFromEnabled) { - return Instant.ofEpochMilli(salt.refreshFrom()).truncatedTo(ChronoUnit.DAYS).equals(targetDate.asInstant()); - } - - return true; + return Instant.ofEpochMilli(salt.refreshFrom()).truncatedTo(ChronoUnit.DAYS).equals(targetDate.asInstant()); } private SaltEntry[] rotateSalts(SaltEntry[] oldSalts, List saltsToRotate, TargetDate targetDate) throws Exception { @@ -163,7 +147,7 @@ private List pickSaltsToRotate( TargetDate targetDate, Duration[] minAges, int numSaltsToRotate) { - var maxSaltsPerAge = this.isRefreshFromEnabled ? (int) (numSaltsToRotate * MAX_SALT_PERCENTAGE) : numSaltsToRotate; + var maxSaltsPerAge = (int) (numSaltsToRotate * MAX_SALT_PERCENTAGE); var thresholds = Arrays.stream(minAges) .map(minAge -> targetDate.asInstant().minusSeconds(minAge.getSeconds())) diff --git a/src/main/java/com/uid2/admin/vertx/service/SaltService.java b/src/main/java/com/uid2/admin/vertx/service/SaltService.java index 05862cda..7cc9a9d8 100644 --- a/src/main/java/com/uid2/admin/vertx/service/SaltService.java +++ b/src/main/java/com/uid2/admin/vertx/service/SaltService.java @@ -132,14 +132,7 @@ private void handleSaltRotate(RoutingContext rc) { final Optional fraction = RequestUtil.getDouble(rc, "fraction"); if (fraction.isEmpty()) return; - final Duration[] ageThresholds; - if (saltRotation.isCustomAgeThresholdEnabled()) { - ageThresholds = RequestUtil.getDurations(rc, "min_ages_in_seconds"); - if (ageThresholds == null) return; - } else { - ageThresholds = SALT_ROTATION_AGE_THRESHOLDS; - } - LOGGER.info("Salt rotation age thresholds in seconds: {}", Arrays.stream(ageThresholds).map(Duration::toSeconds).collect(Collectors.toList())); + LOGGER.info("Salt rotation age thresholds in seconds: {}", Arrays.stream(SALT_ROTATION_AGE_THRESHOLDS).map(Duration::toSeconds).collect(Collectors.toList())); final TargetDate targetDate = RequestUtil.getDate(rc, "target_date", DateTimeFormatter.ISO_LOCAL_DATE) @@ -155,7 +148,7 @@ private void handleSaltRotate(RoutingContext rc) { final List snapshots = saltProvider.getSnapshots(); final RotatingSaltProvider.SaltSnapshot lastSnapshot = snapshots.getLast(); - final SaltRotation.Result result = saltRotation.rotateSalts(lastSnapshot, ageThresholds, fraction.get(), targetDate); + final SaltRotation.Result result = saltRotation.rotateSalts(lastSnapshot, SALT_ROTATION_AGE_THRESHOLDS, fraction.get(), targetDate); if (!result.hasSnapshot()) { ResponseUtil.error(rc, 200, result.getReason()); return; diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/123_public/metadata.json b/src/main/resources/localstack/s3/core/salts/encrypted/123_public/metadata.json index e449356b..9693d790 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/123_public/metadata.json +++ b/src/main/resources/localstack/s3/core/salts/encrypted/123_public/metadata.json @@ -1,6 +1,6 @@ { - "version" : 1744264807066, - "generated" : 1744264807, + "version" : 1, + "generated" : 1754901630, "first_level" : "fOGY/aRE44peL23i+cE9MkJrzmEeNZZziNZBfq7qqk8=", "id_prefix" : "b", "id_secret" : "HF6Qz42HBbVHINxhh191dB09BCuTWyBkNtrNicO4ZCw=", @@ -10,10 +10,10 @@ "location" : "salts/encrypted/123_public/salts.txt.1670796729291", "size" : 2 }, { - "effective" : 1766125493000, + "effective" : 1745907348982, "expires" : 1766720293000, - "location" : "salts/encrypted/123_public/salts.txt.1766125493000", - "size" : 4 + "location" : "salts/encrypted/123_public/salts.txt.1745907348982", + "size" : 2 } ], "key_id" : 3 } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/123_public/salts.txt.1670796729291 b/src/main/resources/localstack/s3/core/salts/encrypted/123_public/salts.txt.1670796729291 index f7f70db6..3ede08cc 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/123_public/salts.txt.1670796729291 +++ b/src/main/resources/localstack/s3/core/salts/encrypted/123_public/salts.txt.1670796729291 @@ -1,5 +1,5 @@ { "key_id" : 3, "encryption_version" : "1.0", - "encrypted_payload" : "9vKzSl5qhansVyce77wGN1PPaqauuiB18AMnDk1qlCU0idX2yPbrVOnulSqzDk3riG03T43qbx80bhGyxYe0oEbUeNmRV/9xmwMjmmkVzBZlCUPomhVxkmHMrOR2nKUWit0s02lm4lxFvkTdjw5yyZA/gPFmNpfP04URb/l6vw+d0Le1TIrE9esYi6GycqTPf8armDW8rEzEJhhN4uSgZvPG" + "encrypted_payload" : "T+Gb8K0+APNgzfQ70bIv6d46r3xMIg2ZoLzKkBIJJ1jYN3s0F/5K6rru7gcdoYGWU8+Oe3i8VCUBAxk7i5NvExsKPObSZZFVxNhkYV9w3PMvTilWTXhSZTSu7fPPr2vb2TPP8MNYb8EqwrygwclHCKTT5GM9tChA5xxjMWa5P9S6tlaIdWrIrlov3zzxEm1XTCvnhQi6sWl3EfmI8pakFjI0jY1O7YtJ2ZELa16I780VeW4d4s1IgMIvVR3oGRtBD3KI0ikmjSJ12S36dp4cZhe/uHRt0UanN4rEjgnNWtujBLK2qoLf0bbZgin3GonG4Q+Y3mzTM8I=" } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/123_public/salts.txt.1745907348982 b/src/main/resources/localstack/s3/core/salts/encrypted/123_public/salts.txt.1745907348982 new file mode 100644 index 00000000..68636320 --- /dev/null +++ b/src/main/resources/localstack/s3/core/salts/encrypted/123_public/salts.txt.1745907348982 @@ -0,0 +1,5 @@ +{ + "key_id" : 3, + "encryption_version" : "1.0", + "encrypted_payload" : "baVbB6zql5BepnPma05MDRHC+o1FP2Fs02wydarYH6/KkPcVwZY3EgSAzGqpgT0xli3+tz4VBB00jjz2uVtRMCNJlvMH4GSPUfdi6qjWgX1fHMXeU+Z5Rxcyg6elsX81pMFD0/87pQBllo6+5rOSfDfan881QqhM2cVJY7gVG/z9plDp33CEhWQ0/dWaoGiyBWMyqmGwkkhipeVAT/lH3gr5W7sMnuG3Z9PQw6sWv5PJLdFiCiN4EjWYIv3qpJ689sbYKGaGi3HNaq3bHsO9nFInDc+80vK+MWpMHb/wRIQgfUGJytfSNuDdczDEijQyTJNElpypQ74=" +} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/123_public/salts.txt.1766125493000 b/src/main/resources/localstack/s3/core/salts/encrypted/123_public/salts.txt.1766125493000 deleted file mode 100644 index 97009c6a..00000000 --- a/src/main/resources/localstack/s3/core/salts/encrypted/123_public/salts.txt.1766125493000 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "key_id" : 3, - "encryption_version" : "1.0", - "encrypted_payload" : "PU1GppKNTfHl052QeRPIykXZr/0d/uaSZ2nz6ydLaZTCGlrZZ6SYKja8ORFenAUqMBBzL4hl44DVkslmUFN5V7/TyPyIZGfvaZ2JIc1T2Io0TDwwmNlgiqzmRqEBiN4IKLPZq/02X9xbobJmgo/cYCHqln3RhrBos2hT/1WZrSSgKH/ZlxBjgpoX00DZ24DIjS+azoFQO5NUw+hY7XlJoqJnZexoKnq20L3E/UXZkGCf9yAgp5zVI/B5qA0YJvG1A9rypAyi7EX7jy38C35qPLZqVxSlkeqIbtrYwS2ODuqrCKriD+pQb8fvG42jkF1fAN6KwWIXpmN16bcsm62F9S4QwX0i0WjkaOZCmaN/ydMli1Qer6i9bO5V/mbtAFKNn2/D7PwjEXE=" -} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/124_private/metadata.json b/src/main/resources/localstack/s3/core/salts/encrypted/124_private/metadata.json index 539eb02e..4cbdbc7d 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/124_private/metadata.json +++ b/src/main/resources/localstack/s3/core/salts/encrypted/124_private/metadata.json @@ -1,6 +1,6 @@ { - "version" : 1744264806846, - "generated" : 1744264806, + "version" : 1, + "generated" : 1754901630, "first_level" : "fOGY/aRE44peL23i+cE9MkJrzmEeNZZziNZBfq7qqk8=", "id_prefix" : "b", "id_secret" : "HF6Qz42HBbVHINxhh191dB09BCuTWyBkNtrNicO4ZCw=", @@ -10,10 +10,10 @@ "location" : "salts/encrypted/124_private/salts.txt.1670796729291", "size" : 2 }, { - "effective" : 1766125493000, + "effective" : 1745907348982, "expires" : 1766720293000, - "location" : "salts/encrypted/124_private/salts.txt.1766125493000", - "size" : 4 + "location" : "salts/encrypted/124_private/salts.txt.1745907348982", + "size" : 2 } ], "key_id" : 5 } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/124_private/salts.txt.1670796729291 b/src/main/resources/localstack/s3/core/salts/encrypted/124_private/salts.txt.1670796729291 index a189f2d2..bebf3e51 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/124_private/salts.txt.1670796729291 +++ b/src/main/resources/localstack/s3/core/salts/encrypted/124_private/salts.txt.1670796729291 @@ -1,5 +1,5 @@ { "key_id" : 5, "encryption_version" : "1.0", - "encrypted_payload" : "AnxisDA19IVFbj7AMQK7ETk5zk7nPNtvXlp+dKlu2eTpV3WPDbHKsvXXfyE0TnbZx7M83L20gJhGCMbLoqepPbnKnIu9qSbMs4wu6931fkDONFPcYFCEKLaMnRXypiZgWLzSl0g9cIo8O+vKvkmD7gNHIsFgXrYG2WaFfKehGRecWyoGbYCIZ+Y3Tr7dMoJcGXNkS7+NEbogKMSW3RDTvHsu" + "encrypted_payload" : "rKQpJJMCejncH9ao42d24+9+DUB2Blt3X614yEycEbvVV/GCX+9vmX5G+opTpYEP92KjsmZCgX9eWH8I7525zlIJtqBtabLdlKcfrF7keVC5lWUBjDJd+K2mRWwhZ/QQiaMqcMcmHsXFLb/i9PvZkMdniaBXtYeJFgGRYITQhGcuGfoxge2mp+SRPTB2CCFAe0PQgg6n4iPSWz8wSfP7bAzFTSlg8zpOk/CVNt/1DJac8nacxgAKiN1N35EoE+GRsYF9GQ/2KugdvsoHlHQqaTtq8FD2jyUg8yjZjFRE5F7Vbn3Rs9az3X1Z7YT3BixIBa3P3tJk2sU=" } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/124_private/salts.txt.1745907348982 b/src/main/resources/localstack/s3/core/salts/encrypted/124_private/salts.txt.1745907348982 new file mode 100644 index 00000000..beb72f53 --- /dev/null +++ b/src/main/resources/localstack/s3/core/salts/encrypted/124_private/salts.txt.1745907348982 @@ -0,0 +1,5 @@ +{ + "key_id" : 5, + "encryption_version" : "1.0", + "encrypted_payload" : "s50gZQCNoCuJ0a+9qdOR3NLWZZm2pSFrCdRs/LHC7trFF/J6m9vOl011zc4Wzfg2t3KX787hRKX/bnQhSN/UneHhRAirzjTUbwyx09XIpulaeARXvKIEHB5arGwqg8eqeG86yS2OePB77JbOYtJy0XL20H5sK/abBcG7382K4JWFjdUzClUb98B1oOgwPoa21kx93LW27RkeoXIeaPlSAPCTE+zLUOVsl/R4ock/uavAG/vUdf/UQDeaV7qpE7n5TZO/O70OX0WW2/8evMVDHZUBYAFsWuEkuG2ev0WvealJjPey8TqP72H2/J/IYNKbxo4DkTDInH4=" +} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/124_private/salts.txt.1766125493000 b/src/main/resources/localstack/s3/core/salts/encrypted/124_private/salts.txt.1766125493000 deleted file mode 100644 index 999fc565..00000000 --- a/src/main/resources/localstack/s3/core/salts/encrypted/124_private/salts.txt.1766125493000 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "key_id" : 5, - "encryption_version" : "1.0", - "encrypted_payload" : "Ss/Aw3qzCnLDbteeageaeYAgNLeCdGcN5eiv5FjUTfYdR+95qAwg2e2ikT7BZF/uEBclFaOBbV6BZiRIDaG9Meoc7463R+tqYq2A2qLHP+/aS98uaiFqchwg4ZNxX57dQozWgjEeUlFXcXLqfrAUFuZQ85VF+qIodNQfjuy4SzKrIGXK/Ag9VVemGCcX2qM/hQ54Ji/9NDfm21pLA/9xJkw91GS6ltM9Q+cLLRpVeMeNu9dPQ0QTEQhTSLsOtg7GLYNWoawnbRmsxGmBV1CKudkAOwGUnCTYcZqJbWWAt0qJQ9+lrmLE9LPi/b1Vv+FMlz0pcNIc+Q2Kye4hQHwSemh+sFuOjI1QgDaZsbTfZdMXUUkaI8UcQmYNpqukz0xPdf4+L6ZlRLA=" -} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/124_public/metadata.json b/src/main/resources/localstack/s3/core/salts/encrypted/124_public/metadata.json index 7eba8de6..9cec12b6 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/124_public/metadata.json +++ b/src/main/resources/localstack/s3/core/salts/encrypted/124_public/metadata.json @@ -1,6 +1,6 @@ { - "version" : 1744264807162, - "generated" : 1744264807, + "version" : 1, + "generated" : 1754901630, "first_level" : "fOGY/aRE44peL23i+cE9MkJrzmEeNZZziNZBfq7qqk8=", "id_prefix" : "b", "id_secret" : "HF6Qz42HBbVHINxhh191dB09BCuTWyBkNtrNicO4ZCw=", @@ -10,10 +10,10 @@ "location" : "salts/encrypted/124_public/salts.txt.1670796729291", "size" : 2 }, { - "effective" : 1766125493000, + "effective" : 1745907348982, "expires" : 1766720293000, - "location" : "salts/encrypted/124_public/salts.txt.1766125493000", - "size" : 4 + "location" : "salts/encrypted/124_public/salts.txt.1745907348982", + "size" : 2 } ], "key_id" : 5 } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/124_public/salts.txt.1670796729291 b/src/main/resources/localstack/s3/core/salts/encrypted/124_public/salts.txt.1670796729291 index f5ac062a..6b23ed23 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/124_public/salts.txt.1670796729291 +++ b/src/main/resources/localstack/s3/core/salts/encrypted/124_public/salts.txt.1670796729291 @@ -1,5 +1,5 @@ { "key_id" : 5, "encryption_version" : "1.0", - "encrypted_payload" : "k7SpEGLVkXilDFlHNOnaofzPcJfy0Y+uht+OTVIFD1d0VfgEFAzt48QZT0KJ+hL999hSB9ISME04AdIgRRWrYmKm76s9oBGZl69qo2ohid6XS3x/lj57A2NKE9pmgG1A3GAoTCOSpevmAJjSsQq0bBDiDxBmbjL4cnKPGYnjvu15u//2+uXrBkWgBwasc8pWVSAkHOywpvMbb0NV7vNcuet4" + "encrypted_payload" : "ORuAwy3UlpizkGzMqsqJa3F76v2nIO/LNlVXQqM2GGDPjZVT+AJrv+MkLoZsiWU0IxO3hU9YTViVhnxJQaKNDFadZSrCjdzSlZhdhxJoXIOMzmpMsYiQhAsaMDFS7zynBkeNUOG4KsveM1YM5RBD1p8BWv2CJlsWjsCmwTuGN4w6r3ocU4jYr2qrAZVQu2kvxDo/2TEgdoc8lZ7c1JZBWtYH8Trdc15kyKzizRRWWNNhrRUti8s0Kroqe58C1EkzoLwDQ5CLcTCmMbQHm/GnIAqFmiFvBcsWGFC3piyD60i8Vevnssket7+iMrTDsWVkDFsdKokUdtw=" } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/124_public/salts.txt.1745907348982 b/src/main/resources/localstack/s3/core/salts/encrypted/124_public/salts.txt.1745907348982 new file mode 100644 index 00000000..3a7fa616 --- /dev/null +++ b/src/main/resources/localstack/s3/core/salts/encrypted/124_public/salts.txt.1745907348982 @@ -0,0 +1,5 @@ +{ + "key_id" : 5, + "encryption_version" : "1.0", + "encrypted_payload" : "YCcXygXni5lQ9qDRRnkvNVji8xkdnTpKFdZ8NyrANL/qVDJV2v+ipeVt6hVqYHiua30UeKdevtgbi3+zK3U0nMU10kM78c9bd34l7gMsmLhFucGQj0L9GDjUF4fXbsrDkRDpoTK6nSybu7Du4JbodkTTahWVQ1d+v5wHFV7lkUqZ9OiDZRoAwWC9lwf0xquP6oVgctqK1VSgj7tyThNE+hvY+yLTt+v+SzR2mnvMcT75J/Ag4eFjbR0k3jqyfIWuy314lxOhDowPeVzz7HiS6cw22TxhQeifJmDInMShJKiAFM+REP+IneTeq7XDIKhcyQzUNIQMI28=" +} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/124_public/salts.txt.1766125493000 b/src/main/resources/localstack/s3/core/salts/encrypted/124_public/salts.txt.1766125493000 deleted file mode 100644 index aeac4e71..00000000 --- a/src/main/resources/localstack/s3/core/salts/encrypted/124_public/salts.txt.1766125493000 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "key_id" : 5, - "encryption_version" : "1.0", - "encrypted_payload" : "VGzQQFXLXeZd1Qkt2l3BrA/WJ1yg7AKam4HY0xhGB5ruHa2BVLpsyfsPxc+8JsaiOPcnFiZ2V++kCFyRPID7Z09edWaq9i8vz2k/kVnP4HKGgaTSmU/ANReF/ZyvmTnsb+WAB6vYoU4BBErG4ctVhwVtR8264v9tc0Hnz/MlydjSAqXp/IveWpHARa8ozXo9guH7pfuncilGAjLbRUW26+UTZBlrHofW4QYzL4i+yHsJOZprAk3jfM83oFcQaLkHEbuxVyOPHHLKEAPCkDF3nUn5qRIKmjXQ0FGb76LLp/kBzBUaBQB1KScIS71YUmg+2DQyYXg2o/o82Bsbew5SOAVosMvC0NtSbzyuf3wIvLC0DaBxzvwOFESdH3rDDeu1wj5RZT+NlCA=" -} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/127_public/metadata.json b/src/main/resources/localstack/s3/core/salts/encrypted/127_public/metadata.json index 095fb976..d0eaf1c6 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/127_public/metadata.json +++ b/src/main/resources/localstack/s3/core/salts/encrypted/127_public/metadata.json @@ -1,6 +1,6 @@ { - "version" : 1744264807247, - "generated" : 1744264807, + "version" : 1, + "generated" : 1754901631, "first_level" : "fOGY/aRE44peL23i+cE9MkJrzmEeNZZziNZBfq7qqk8=", "id_prefix" : "b", "id_secret" : "HF6Qz42HBbVHINxhh191dB09BCuTWyBkNtrNicO4ZCw=", @@ -10,10 +10,10 @@ "location" : "salts/encrypted/127_public/salts.txt.1670796729291", "size" : 2 }, { - "effective" : 1766125493000, + "effective" : 1745907348982, "expires" : 1766720293000, - "location" : "salts/encrypted/127_public/salts.txt.1766125493000", - "size" : 4 + "location" : "salts/encrypted/127_public/salts.txt.1745907348982", + "size" : 2 } ], "key_id" : 7 } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/127_public/salts.txt.1670796729291 b/src/main/resources/localstack/s3/core/salts/encrypted/127_public/salts.txt.1670796729291 index 53bc139b..180a39eb 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/127_public/salts.txt.1670796729291 +++ b/src/main/resources/localstack/s3/core/salts/encrypted/127_public/salts.txt.1670796729291 @@ -1,5 +1,5 @@ { "key_id" : 7, "encryption_version" : "1.0", - "encrypted_payload" : "Fd+VEzTApr+qlZPcMKdwPicH4IynpR8XUPwcafWLQg3YuogXUpDIgmnXeGuxw6w6pruOc+8aobK8wkhQ5huaiZFlMUKyiK2WW+7NKB4nUhk07u4pct1XSdeYwaTAhnhooLlUQ5fAtxKa125YUIWt5fjZVfV//54hM/mpwtsadqtZQ9qL7ZoBht/1fWcXGpG4qMrI0JCh53buxm8UTEo4xCEj" + "encrypted_payload" : "3Nc0Mie3BDDxMvV+YyyvUF4obdvnqgw8URJ53XhqhoHSjmyw0FyJVTb7NpWDrkUkH0gRkJ0gqGszzs/WETsgdpOv3l7bAIkfKumoWNvkHan/uO4uFRRSBXNX7KZ9QNeW2Van5QfhorYdjrdmaaumO3i9lzf1Phq1WyE7s+mGHkdaYeeyP9AgZ8O0Dtj6FVSrDirhehMwJycm060ImzXKgrsOeR322EXs8L3/ykVKsDPsgPy505Ow1uT1ZIExT7V3da+pxynRe4I3y6X4/nDUTjxjdd+irdrcJU0odYajAkMEdid8XFySpqAd7ebu5ucM29QJ4YPmR0I=" } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/127_public/salts.txt.1745907348982 b/src/main/resources/localstack/s3/core/salts/encrypted/127_public/salts.txt.1745907348982 new file mode 100644 index 00000000..1e9d3450 --- /dev/null +++ b/src/main/resources/localstack/s3/core/salts/encrypted/127_public/salts.txt.1745907348982 @@ -0,0 +1,5 @@ +{ + "key_id" : 7, + "encryption_version" : "1.0", + "encrypted_payload" : "A0ub1OrpkQt0Dka9elhiylzQ2MiKGFYwRsE0DvRQTUigltgcWWZwRS2MTHL4BdXQ7uJpgD8XGq/8UNyxgE+lt77gHfp/fMpMCFGYXg/2yn63Bu3iGOjyQr3lSeAwwe+HjMZf0FuUYrMjHz/p8HY8++BP1gW5FalZkUEwbSxV31DiwAvhYjOg8JgvGWCiay/2ET5dlkK8qAGfESeMcpIthmFqhIsYSRnnMj6nfNYrKqr3mzrU0osidOV+KFUO/uz1zVd215KRrjXKTHQpdupRKCqBxlukXV5PntDeGzspVO5y7JutbgEljSsrmxQGlOiBMdU/5VeZRO0=" +} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/127_public/salts.txt.1766125493000 b/src/main/resources/localstack/s3/core/salts/encrypted/127_public/salts.txt.1766125493000 deleted file mode 100644 index c55edbff..00000000 --- a/src/main/resources/localstack/s3/core/salts/encrypted/127_public/salts.txt.1766125493000 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "key_id" : 7, - "encryption_version" : "1.0", - "encrypted_payload" : "KZNPfulbIJ9YnHNGa2vCxtmDTna+f9mpfgaGUzpoASjrC45jp++AGKeJpUlprGLrROkv6yC3Oz4CQdmY1Q2zEI627FkgMUpGNetkGWo84M/4+CsqcL4FXya3568JVqXfO4Irvx+Czo+QWdErqnWQknJzkCBOYivp4WMGebRxfc9xBqp4nzelmJgfETJxJ5MGl9s8lZTN992cKDFt6RS8pem9dWb84ZvVBtTfHgFbn6sXC9yDuCqWK+OVVzR3gkxrFkyonLvLw6kIv3jK+C8dR1wwXr8DccGe9jRx0s+uON1uk4j+kGBeZ9TUngg2iuOpd3lx1hE9+544WsmdLF2tSPkULpFR3igFwh8UKtKuaM3Ou3yt/LwtlqxtqZ/nnppRMG+uxB0NYkQ=" -} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/999_private/metadata.json b/src/main/resources/localstack/s3/core/salts/encrypted/999_private/metadata.json index ced46298..2cc03196 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/999_private/metadata.json +++ b/src/main/resources/localstack/s3/core/salts/encrypted/999_private/metadata.json @@ -1,6 +1,6 @@ { - "version" : 1744264806736, - "generated" : 1744264806, + "version" : 1, + "generated" : 1754901630, "first_level" : "fOGY/aRE44peL23i+cE9MkJrzmEeNZZziNZBfq7qqk8=", "id_prefix" : "b", "id_secret" : "HF6Qz42HBbVHINxhh191dB09BCuTWyBkNtrNicO4ZCw=", @@ -10,10 +10,10 @@ "location" : "salts/encrypted/999_private/salts.txt.1670796729291", "size" : 2 }, { - "effective" : 1766125493000, + "effective" : 1745907348982, "expires" : 1766720293000, - "location" : "salts/encrypted/999_private/salts.txt.1766125493000", - "size" : 4 + "location" : "salts/encrypted/999_private/salts.txt.1745907348982", + "size" : 2 } ], "key_id" : 2 } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/999_private/salts.txt.1670796729291 b/src/main/resources/localstack/s3/core/salts/encrypted/999_private/salts.txt.1670796729291 index 093017aa..fe026a94 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/999_private/salts.txt.1670796729291 +++ b/src/main/resources/localstack/s3/core/salts/encrypted/999_private/salts.txt.1670796729291 @@ -1,5 +1,5 @@ { "key_id" : 2, "encryption_version" : "1.0", - "encrypted_payload" : "KGW8NGn3YE8I36i2CDijWR01RWl5psouFhoaEzSmc1XtpEZVwm8SKZYmfyJcI1fJGZvrBaB1gCd5o+s33G08tirooaSFU+h3eddsCbfZ3CyREq+F37vZFe3jisj5Z8ipCSRnAeOoBdsBVz11GF4VhmJPqPdw8UWilORlh4Fk7ZrdplH0vPC6N6rJelD+itVj5AhBa+7kP9m6O7zfwJ3JXqKx" + "encrypted_payload" : "t6w673Y1gfmP1lm116RqEUCrO1UVn1v8VSM5HTqbCG7a1/OrZuegTKPUU7wEIJcxcY5jCpHJYK5o1obq+tOzBu83owudlwL9yuglXfEAI41V1Mu2xFKTYJl1Yj8/B06qbqmh3pLvXnjbM8UYFMPkW1IIDXBnY3gOW+HWJrkfyGE60MJJzxaUUdQJaGLmmN3eiKWyZz6RVPSDb4/O9odYB/SYwnn7KYMDcQGgyKjwY81tGQ81Jy45bN+5uOg6Xthu24SYHHzpDxdFp3VnlO4RMdL3EW2MPNdSFdIC5USkpNEDbGxUu7CLpeC8dW620CgD68SqNjgsFzM=" } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/999_private/salts.txt.1745907348982 b/src/main/resources/localstack/s3/core/salts/encrypted/999_private/salts.txt.1745907348982 new file mode 100644 index 00000000..f9f3a860 --- /dev/null +++ b/src/main/resources/localstack/s3/core/salts/encrypted/999_private/salts.txt.1745907348982 @@ -0,0 +1,5 @@ +{ + "key_id" : 2, + "encryption_version" : "1.0", + "encrypted_payload" : "AWxVUV2N5icbg7BbJs1AxdTHjUuaTa9E2FfA20gw1kJaPf4+VLFeHH4pm3oo0xTjrKovFlXDK/wJNEUxNUu3D3pF2WRl7ETJjYct3nNDRsyNZEVFiu2y39ye2lkYylzcb4m15zbqx0r+wbk+4dlEGpSlH4Ky/zkd32+azVgrGhDS2FStOQv2tTdpz4+DI5WD7AIthAnBFP6yI1mpVCIpCwayxLiYtldaSTNaDwJjrcaiF7j3jaqMbUYtYTSIqIAfpuDRvmI1emrzOnNiaJ/Zh9izdamVTfWZ1fki6zdoXjjrAa1bza96NSIK8potEGts9Zv6UWIS+nI=" +} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/999_private/salts.txt.1766125493000 b/src/main/resources/localstack/s3/core/salts/encrypted/999_private/salts.txt.1766125493000 deleted file mode 100644 index 160733fe..00000000 --- a/src/main/resources/localstack/s3/core/salts/encrypted/999_private/salts.txt.1766125493000 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "key_id" : 2, - "encryption_version" : "1.0", - "encrypted_payload" : "MwFq9YxWfyIt7VZixCaOrH5y4xOZJynnSmleiLpaXE3EIFsr6fwrk1tG6gfjForKPyrUZ61QJ+kQ2szpZyg+YRdOe5jLskMA8Y4kHfpDBHntRFaFZozi+LjCtFwwecu5lnfBXX/mU6b2jmJinbRIJ/uowBKP1Hpb9bNQPytOLI3VxZYgHGUcLtrRzwi2mcrtErAx78zBdlbU7DVt3GYyJ2HTgn+J8zSwGWJfW3Exgaw09d84AqcZc0OEGcX1fv3vhBcpgnwE3CLViH6rEzwUMRg8ttDpd1lQjZ+Q24fxvLoHqwCLobzaNoz64wgxRorIkLjPt3wZAGIyeSN2AyEjkrOPHXJjixfjx6RgDPunpmJP+ol3pVEMZTStP4L67hMAulGTvSYPxl0=" -} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/999_public/metadata.json b/src/main/resources/localstack/s3/core/salts/encrypted/999_public/metadata.json index b3224ebe..f1a1b101 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/999_public/metadata.json +++ b/src/main/resources/localstack/s3/core/salts/encrypted/999_public/metadata.json @@ -1,6 +1,6 @@ { - "version" : 1744264806971, - "generated" : 1744264806, + "version" : 1, + "generated" : 1754901630, "first_level" : "fOGY/aRE44peL23i+cE9MkJrzmEeNZZziNZBfq7qqk8=", "id_prefix" : "b", "id_secret" : "HF6Qz42HBbVHINxhh191dB09BCuTWyBkNtrNicO4ZCw=", @@ -10,10 +10,10 @@ "location" : "salts/encrypted/999_public/salts.txt.1670796729291", "size" : 2 }, { - "effective" : 1766125493000, + "effective" : 1745907348982, "expires" : 1766720293000, - "location" : "salts/encrypted/999_public/salts.txt.1766125493000", - "size" : 4 + "location" : "salts/encrypted/999_public/salts.txt.1745907348982", + "size" : 2 } ], "key_id" : 2 } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/999_public/salts.txt.1670796729291 b/src/main/resources/localstack/s3/core/salts/encrypted/999_public/salts.txt.1670796729291 index 503180ea..3d098e8f 100644 --- a/src/main/resources/localstack/s3/core/salts/encrypted/999_public/salts.txt.1670796729291 +++ b/src/main/resources/localstack/s3/core/salts/encrypted/999_public/salts.txt.1670796729291 @@ -1,5 +1,5 @@ { "key_id" : 2, "encryption_version" : "1.0", - "encrypted_payload" : "eMwcuDdYq8Gqc7ec/7jDOg/3Md9jN6dhDRpHhhbGQfnl83jZKvcXzJJKtWGKkqTr7VIvEEOq1ekaa9I9Z6+TYYo9KKa0XyuFGXNw1bvzdvo6T90zdgY0recQDQdl1YrigHIdXYw/+TCSosjW34SYy9rLQsb3D4W64smObPlquw/GT/kWhwfiahj9xr/KVZcQAE7qhrIVFcKEuL6H9AbdgdLe" + "encrypted_payload" : "scDgOFdlrGAqWMsLBMN3lgGVPMjSuCHNkn3pyQrc2jf9LrXDAWLk2WbtyAnJPDexSLWFlM1HVvOTZLCkSeD9e7+qbJI3aCW7X/RscfPmvpx5Ieic9LsPNUrgSiQPX9O08Bz2YGNan1SBaVUYtny5/dKGxsCGV7DT6J4ig1A5m1I1ZDwwZiDUEBCWgHAuFrKvDg1wJfOvF80aFsPm8B7ngYWoMuOLfaRnQSuTu3fDw7KltW/9x+hIQDCtqayYXlGvjn5c5DKWYrj1LJUwahlmHSHU+7ydOefzkJ/GLKyoNOYhXx/tqqn9m9x27NBaGDa1sXPL0VKx0Is=" } \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/999_public/salts.txt.1745907348982 b/src/main/resources/localstack/s3/core/salts/encrypted/999_public/salts.txt.1745907348982 new file mode 100644 index 00000000..c18a07c8 --- /dev/null +++ b/src/main/resources/localstack/s3/core/salts/encrypted/999_public/salts.txt.1745907348982 @@ -0,0 +1,5 @@ +{ + "key_id" : 2, + "encryption_version" : "1.0", + "encrypted_payload" : "CFxCYmJ0v4q/QQ33YUARA/7JOTOrKYOqoaCygvd/WommZkHpOYv7W5CfeCfnSUFQMH6yc27bO7EoYEt6uckoth3jndO5FtQaMWY+0t9fnjMDy1kPOy4VkUgJkPlkXuoF9/OhpNQ2k4SMfekUdlkMPxrCXDYqapujmSjFV7pij5KC2H6h0s1L3jS7BBNJHcmtgy69BeLQLgyECgJDsus81+wthwVl/4tOA5L8Se5UYh6/XrEUGW/ECI/uXXlFNkhbb4+9JgnckwPyRqPwCgFFrNWp0J9pkHEjTdWd3TuiValAHhc5FlIQB/9WRY6yy3BYzPTwlPmOIKw=" +} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/encrypted/999_public/salts.txt.1766125493000 b/src/main/resources/localstack/s3/core/salts/encrypted/999_public/salts.txt.1766125493000 deleted file mode 100644 index f9a0b26c..00000000 --- a/src/main/resources/localstack/s3/core/salts/encrypted/999_public/salts.txt.1766125493000 +++ /dev/null @@ -1,5 +0,0 @@ -{ - "key_id" : 2, - "encryption_version" : "1.0", - "encrypted_payload" : "0PjundW+pcHetKgVGO0QNVK/JPBZnmIcewrwOHxFEGDNBbEge0KB6xCR6s38aO/4hrCfC6IqZFmswWl9qtPqJ9BmM6GDYvthcSWPEdxP1go1xmhX/j2AKH3SiF69Dh0G653Ks2uFs7OlVSfsYsmSywdxkgcK3rcpyetGoWALR2adHhokX4Xu1+RLmieJFU+Vv+mSCDl7MTkuoXApVGfQz9VNN7XGKWl7F/c+A8lK3nxLAj5E6qSQF9cceUhkIn6INgVP7PG8iZ/mlVP6HpT6XzGYoYSnuZWVQFKQMqsf2J9NkEBbOKKXhkAbN9NUiyyRgC48ZUKjXrEmJCWjfcWEt+V5kn98eH1D9mQOGXXBApSYKnJFMZSf9IzfD0MY09KQYbNHS8bb9Vk=" -} \ No newline at end of file diff --git a/src/main/resources/localstack/s3/core/salts/metadata.json b/src/main/resources/localstack/s3/core/salts/metadata.json index 0c586a83..b20251e8 100644 --- a/src/main/resources/localstack/s3/core/salts/metadata.json +++ b/src/main/resources/localstack/s3/core/salts/metadata.json @@ -6,11 +6,11 @@ "id_secret" : "HF6Qz42HBbVHINxhh191dB09BCuTWyBkNtrNicO4ZCw=", "salts" : [ { - "effective" : 1670796729291, - "expires" : 1766125493000, - "location" : "salts/salts.txt.1670796729291", - "size" : 2 - },{ + "effective" : 1670796729291, + "expires" : 1766125493000, + "location" : "salts/salts.txt.1670796729291", + "size" : 2 + },{ "effective" : 1745907348982, "expires" : 1766720293000, "location" : "salts/salts.txt.1745907348982", diff --git a/src/test/java/com/uid2/admin/salt/SaltRotationTest.java b/src/test/java/com/uid2/admin/salt/SaltRotationTest.java index b24b7552..94865312 100644 --- a/src/test/java/com/uid2/admin/salt/SaltRotationTest.java +++ b/src/test/java/com/uid2/admin/salt/SaltRotationTest.java @@ -2,12 +2,10 @@ import ch.qos.logback.classic.spi.ILoggingEvent; import ch.qos.logback.core.read.ListAppender; -import com.uid2.admin.AdminConst; import com.uid2.admin.salt.helper.SaltBuilder; import com.uid2.admin.salt.helper.SaltSnapshotBuilder; import com.uid2.shared.model.SaltEntry; import com.uid2.shared.secret.IKeyGenerator; -import io.vertx.core.json.JsonObject; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -45,8 +43,7 @@ void setup() { appender.start(); ((Logger) LoggerFactory.getLogger(SaltRotation.class)).addAppender(appender); - JsonObject config = new JsonObject(); - saltRotation = new SaltRotation(config, keyGenerator); + saltRotation = new SaltRotation(keyGenerator); } @AfterEach @@ -81,7 +78,7 @@ void testRotateSaltsAllSaltsUpToDate() throws Exception { }; var lastSnapshot = SaltSnapshotBuilder.start() - .entries(10, targetDate()) + .entries(10, targetDate(), targetDate()) .build(); var result = saltRotation.rotateSalts(lastSnapshot, minAges, 0.2, targetDate()); @@ -97,16 +94,16 @@ void testRotateSaltsAllSaltsOld() throws Exception { }; var lastSnapshot = SaltSnapshotBuilder.start() - .entries(10, daysEarlier(10)) + .entries(10, daysEarlier(10), targetDate()) .build(); var result = saltRotation.rotateSalts(lastSnapshot, minAges, 0.2, targetDate()); assertTrue(result.hasSnapshot()); - assertEquals(2, countEntriesWithLastUpdated(result.getSnapshot().getAllRotatingSalts(), result.getSnapshot().getEffective())); - assertEquals(8, countEntriesWithLastUpdated(result.getSnapshot().getAllRotatingSalts(), daysEarlier(10))); + assertEquals(1, countEntriesWithLastUpdated(result.getSnapshot().getAllRotatingSalts(), result.getSnapshot().getEffective())); + assertEquals(9, countEntriesWithLastUpdated(result.getSnapshot().getAllRotatingSalts(), daysEarlier(10))); assertEquals(targetDate().asInstant(), result.getSnapshot().getEffective()); assertEquals(daysLater(7).asInstant(), result.getSnapshot().getExpires()); - verify(keyGenerator, times(2)).generateRandomKeyString(anyInt()); + verify(keyGenerator, times(1)).generateRandomKeyString(anyInt()); } @Test @@ -117,17 +114,17 @@ void testRotateSaltsRotateSaltsFromOldestBucketOnly() throws Exception { }; var lastSnapshot = SaltSnapshotBuilder.start() - .entries(3, daysEarlier(6)) - .entries(5, daysEarlier(5)) - .entries(2, daysEarlier(4)) + .entries(3, daysEarlier(6), targetDate()) + .entries(5, daysEarlier(5), targetDate()) + .entries(2, daysEarlier(4), targetDate()) .build(); var result = saltRotation.rotateSalts(lastSnapshot, minAges, 0.2, targetDate()); assertTrue(result.hasSnapshot()); var salts = result.getSnapshot().getAllRotatingSalts(); assertEquals(2, countEntriesWithLastUpdated(salts, result.getSnapshot().getEffective())); - assertEquals(1, countEntriesWithLastUpdated(salts, daysEarlier(6))); - assertEquals(5, countEntriesWithLastUpdated(salts, daysEarlier(5))); + assertEquals(2, countEntriesWithLastUpdated(salts, daysEarlier(6))); + assertEquals(4, countEntriesWithLastUpdated(salts, daysEarlier(5))); assertEquals(2, countEntriesWithLastUpdated(salts, daysEarlier(4))); assertEquals(targetDate().asInstant(), result.getSnapshot().getEffective()); assertEquals(daysLater(7).asInstant(), result.getSnapshot().getExpires()); @@ -142,19 +139,19 @@ void testRotateSaltsRotateSaltsFromNewerBucketOnly() throws Exception { }; var lastSnapshot = SaltSnapshotBuilder.start() - .entries(3, daysEarlier(4)) - .entries(7, daysEarlier(3)) + .entries(3, daysEarlier(4), targetDate()) + .entries(7, daysEarlier(3), targetDate()) .build(); var result = saltRotation.rotateSalts(lastSnapshot, minAges, 0.2, targetDate()); assertTrue(result.hasSnapshot()); var salts = result.getSnapshot().getAllRotatingSalts(); - assertEquals(2, countEntriesWithLastUpdated(salts, result.getSnapshot().getEffective())); - assertEquals(1, countEntriesWithLastUpdated(salts, daysEarlier(4))); + assertEquals(1, countEntriesWithLastUpdated(salts, result.getSnapshot().getEffective())); + assertEquals(2, countEntriesWithLastUpdated(salts, daysEarlier(4))); assertEquals(7, countEntriesWithLastUpdated(salts, daysEarlier(3))); assertEquals(targetDate().asInstant(), result.getSnapshot().getEffective()); assertEquals(daysLater(7).asInstant(), result.getSnapshot().getExpires()); - verify(keyGenerator, times(2)).generateRandomKeyString(anyInt()); + verify(keyGenerator, times(1)).generateRandomKeyString(anyInt()); } @Test @@ -165,9 +162,9 @@ void testRotateSaltsRotateSaltsFromMultipleBuckets() throws Exception { }; var lastSnapshot = SaltSnapshotBuilder.start() - .entries(3, daysEarlier(6)) - .entries(5, daysEarlier(5)) - .entries(2, daysEarlier(4)) + .entries(3, daysEarlier(6), targetDate()) + .entries(5, daysEarlier(5), targetDate()) + .entries(2, daysEarlier(4), targetDate()) .build(); var result = saltRotation.rotateSalts(lastSnapshot, minAges, 0.45, targetDate()); @@ -190,9 +187,9 @@ void testRotateSaltsRotateSaltsInsufficientOutdatedSalts() throws Exception { }; var lastSnapshot = SaltSnapshotBuilder.start() - .entries(1, daysEarlier(5)) - .entries(2, daysEarlier(4)) - .entries(7, daysEarlier(2)) + .entries(1, daysEarlier(5), targetDate()) + .entries(2, daysEarlier(4), targetDate()) + .entries(7, daysEarlier(2), targetDate()) .build(); var result = saltRotation.rotateSalts(lastSnapshot, minAges, 0.45, targetDate()); @@ -218,9 +215,9 @@ void testRotateSaltsRotateSaltsInsufficientOutdatedSalts() throws Exception { }) void testRefreshFromCalculation(int lastRotationDaysAgo, int lastRotationMsOffset, int refreshFromDaysFromRotation) throws Exception { var lastRotation = daysEarlier(lastRotationDaysAgo); - SaltBuilder saltBuilder = SaltBuilder.start().lastUpdated(lastRotation.asInstant().plusMillis(lastRotationMsOffset)); + SaltBuilder saltBuilder = SaltBuilder.start().lastUpdated(lastRotation.asInstant().plusMillis(lastRotationMsOffset)).refreshFrom(targetDate()); var lastSnapshot = SaltSnapshotBuilder.start() - .entries(saltBuilder) + .entries(saltBuilder, saltBuilder, saltBuilder, saltBuilder) .build(); var result = saltRotation.rotateSalts(lastSnapshot, new Duration[]{Duration.ofDays(1)}, 0.45, targetDate()); @@ -244,9 +241,9 @@ void testRotateSaltsPopulatePreviousSaltsOnRotation() throws Exception { var over90Days = daysEarlier(120); var lastSnapshot = SaltSnapshotBuilder.start() .entries( - SaltBuilder.start().lastUpdated(lessThan90Days).currentSalt("salt1"), - SaltBuilder.start().lastUpdated(exactly90Days).currentSalt("salt2"), - SaltBuilder.start().lastUpdated(over90Days).currentSalt("salt3") + SaltBuilder.start().lastUpdated(lessThan90Days).refreshFrom(targetDate()).currentSalt("salt1"), + SaltBuilder.start().lastUpdated(exactly90Days).refreshFrom(targetDate()).currentSalt("salt2"), + SaltBuilder.start().lastUpdated(over90Days).refreshFrom(targetDate()).currentSalt("salt3") ) .build(); @@ -270,10 +267,10 @@ void testRotateSaltsPreservePreviousSaltsLessThan90DaysOld() throws Exception { var validForRotation = daysEarlier(70); var lastSnapshot = SaltSnapshotBuilder.start() .entries( - SaltBuilder.start().lastUpdated(notValidForRotation1).currentSalt("salt1").previousSalt("previousSalt1"), - SaltBuilder.start().lastUpdated(notValidForRotation2).currentSalt("salt2") + SaltBuilder.start().lastUpdated(notValidForRotation1).refreshFrom(targetDate()).currentSalt("salt1").previousSalt("previousSalt1"), + SaltBuilder.start().lastUpdated(notValidForRotation2).refreshFrom(targetDate()).currentSalt("salt2") ) - .entries(1, validForRotation) + .entries(1, validForRotation, targetDate()) .build(); var result = saltRotation.rotateSalts(lastSnapshot, minAges, 1, targetDate()); @@ -295,10 +292,10 @@ void testRotateSaltsRemovePreviousSaltsOver90DaysOld() throws Exception { var validForRotation = daysEarlier(120); var lastSnapshot = SaltSnapshotBuilder.start() .entries( - SaltBuilder.start().lastUpdated(exactly90Days).previousSalt("90DaysOld"), - SaltBuilder.start().lastUpdated(over90Days).previousSalt("over90DaysOld") + SaltBuilder.start().lastUpdated(exactly90Days).refreshFrom(targetDate()).previousSalt("90DaysOld"), + SaltBuilder.start().lastUpdated(over90Days).refreshFrom(targetDate()).previousSalt("over90DaysOld") ) - .entries(1, validForRotation) + .entries(1, validForRotation, targetDate()) .build(); var result = saltRotation.rotateSalts(lastSnapshot, minAges, 0.5, targetDate()); @@ -311,9 +308,7 @@ void testRotateSaltsRemovePreviousSaltsOver90DaysOld() throws Exception { @Test void testRotateSaltsRotateWhenRefreshFromIsTargetDate() throws Exception { - JsonObject config = new JsonObject(); - config.put(AdminConst.ENABLE_SALT_ROTATION_REFRESH_FROM, Boolean.TRUE); - saltRotation = new SaltRotation(config, keyGenerator); + saltRotation = new SaltRotation(keyGenerator); final Duration[] minAges = { Duration.ofDays(90), @@ -351,9 +346,7 @@ void testRotateSaltsRotateWhenRefreshFromIsTargetDate() throws Exception { @Test void testLogFewSaltAgesOnRotation() throws Exception { - JsonObject config = new JsonObject(); - config.put(AdminConst.ENABLE_SALT_ROTATION_REFRESH_FROM, Boolean.TRUE); - saltRotation = new SaltRotation(config, keyGenerator); + saltRotation = new SaltRotation(keyGenerator); // 7 salts total, 5 refreshable, 3 will rotate (6 * 0.4 rounded up), up to 2 will rotate per age (3 * 0.8) var lastSnapshot = SaltSnapshotBuilder.start() @@ -396,9 +389,7 @@ void testLogFewSaltAgesOnRotation() throws Exception { @Test void testLogManySaltAgesOnRotation() throws Exception { - JsonObject config = new JsonObject(); - config.put(AdminConst.ENABLE_SALT_ROTATION_REFRESH_FROM, Boolean.TRUE); - saltRotation = new SaltRotation(config, keyGenerator); + saltRotation = new SaltRotation(keyGenerator); // 50 salts total, 16 refreshable, 10 will rotate (18 * 0.2 rounded up), up to 8 will rotate per age (10 * 0.8) var lastSnapshot = SaltSnapshotBuilder.start() diff --git a/src/test/java/com/uid2/admin/salt/SaltServiceTest.java b/src/test/java/com/uid2/admin/salt/SaltServiceTest.java index 508d3ab2..d6f6ceb2 100644 --- a/src/test/java/com/uid2/admin/salt/SaltServiceTest.java +++ b/src/test/java/com/uid2/admin/salt/SaltServiceTest.java @@ -133,37 +133,9 @@ void rotateSaltsWithSpecificTargetDate(Vertx vertx, VertxTestContext testContext }); } - @Test - void rotateSaltsWithCustomAgeThresholdsEnabled(Vertx vertx, VertxTestContext testContext) throws Exception { - fakeAuth(Role.SUPER_USER); - - when(saltRotation.isCustomAgeThresholdEnabled()).thenReturn(true); - - final SaltSnapshotBuilder lastSnapshot = SaltSnapshotBuilder.start().effective(daysEarlier(1)).expires(daysLater(6)).entries(1, daysEarlier(1)); - setSnapshots(lastSnapshot); - - var result = SaltRotation.Result.fromSnapshot(SaltSnapshotBuilder.start().effective(targetDate()).expires(daysEarlier(7)).entries(1, targetDate()).build()); - - Duration[] expectedCustomAgeThresholds = new Duration[]{ - Duration.ofSeconds(50), - Duration.ofSeconds(60), - Duration.ofSeconds(70) - }; - - when(saltRotation.rotateSalts(any(), eq(expectedCustomAgeThresholds), eq(0.2), eq(utcTomorrow))).thenReturn(result); - - post(vertx, testContext, "api/salt/rotate?min_ages_in_seconds=50,60,70&fraction=0.2", "", response -> { - verify(saltRotation).rotateSalts(any(), eq(expectedCustomAgeThresholds), eq(0.2), eq(utcTomorrow)); - assertEquals(200, response.statusCode()); - testContext.completeNow(); - }); - } - @Test void rotateSaltsWithDefaultAgeThresholds(Vertx vertx, VertxTestContext testContext) throws Exception { - fakeAuth(Role.SUPER_USER); - - when(saltRotation.isCustomAgeThresholdEnabled()).thenReturn(false); + fakeAuth(Role.SUPER_USER); final SaltSnapshotBuilder lastSnapshot = SaltSnapshotBuilder.start().effective(daysEarlier(1)).expires(daysLater(6)).entries(1, daysEarlier(1)); setSnapshots(lastSnapshot); @@ -186,22 +158,6 @@ void rotateSaltsWithDefaultAgeThresholds(Vertx vertx, VertxTestContext testConte }); } - @Test - void rotateSaltsWithCustomAgeThresholdsEnabledButMissingParameter(Vertx vertx, VertxTestContext testContext) { - fakeAuth(Role.SUPER_USER); - - when(saltRotation.isCustomAgeThresholdEnabled()).thenReturn(true); - - final SaltSnapshotBuilder lastSnapshot = SaltSnapshotBuilder.start().effective(daysEarlier(1)).expires(daysLater(6)).entries(1, daysEarlier(1)); - setSnapshots(lastSnapshot); - - post(vertx, testContext, "api/salt/rotate?fraction=0.2", "", response -> { - verify(saltRotation, never()).rotateSalts(any(), any(), anyDouble(), any()); - assertEquals(400, response.statusCode()); - testContext.completeNow(); - }); - } - private void checkSnapshotsResponse(SaltSnapshotBuilder[] expectedSnapshots, Object[] actualSnapshots) { assertEquals(expectedSnapshots.length, actualSnapshots.length); for (int i = 0; i < expectedSnapshots.length; ++i) {