jon-1207-consistent-token-prefixes (#28)

Author: jon8787

src/main/java/com/uid2/client/Uid2TokenGenerator.java

@@ -108,7 +108,7 @@ private static String generateUID2TokenWithDebugInfo(String uid, Key masterKey,
         char firstChar = uid.charAt(0);
         IdentityType identityType = (firstChar == 'F' || firstChar == 'B') ? IdentityType.Phone : IdentityType.Email; //see UID2-79+Token+and+ID+format+v3
 
-        rootWriter.put((byte)((params.identityScope << 4) | (identityType.value << 2)));
+        rootWriter.put((byte)((params.identityScope << 4) | (identityType.value << 2) | 3));
         rootWriter.put((byte)adTokenVersion.value());
         rootWriter.putInt((int)masterKey.getId());
         rootWriter.put(encryptedMasterPayload);

src/test/java/com/uid2/client/EncryptionTestsV4.java

@@ -90,7 +90,7 @@ public void crossPlatformConsistencyCheck_Decrypt() throws Exception {
         UID2Client client = new UID2Client("ep", "ak", CLIENT_SECRET, IdentityScope.UID2);
         client.refreshJson(keySetToJson(masterKey, siteKey));
         //verify that the dynamically created ad token can be decrypted
-        String runtimeAdvertisingToken = Uid2TokenGenerator.generateUid2TokenV4(EXAMPLE_UID, masterKey, SITE_ID, siteKey, params);
+        String runtimeAdvertisingToken = generateUid2TokenV4(EXAMPLE_UID, masterKey, SITE_ID, siteKey, params);
         //best effort check as the token might simply just not require padding
         assertEquals(-1, runtimeAdvertisingToken.indexOf('='));
 
@@ -104,27 +104,51 @@ public void crossPlatformConsistencyCheck_Decrypt() throws Exception {
         assertEquals(EXAMPLE_UID, res.getUid());
     }
 
+    private static void validateAdvertisingToken(String advertisingTokenString, IdentityScope identityScope, IdentityType identityType) {
+        String firstChar = advertisingTokenString.substring(0, 1);
+        if (identityScope == IdentityScope.UID2) {
+            assertEquals(identityType == IdentityType.Email ? "A" : "B", firstChar);
+        } else {
+            assertEquals(identityType == IdentityType.Email ? "E" : "F", firstChar);
+        }
+
+        String secondChar = advertisingTokenString.substring(1, 2);
+        assertEquals("4", secondChar);
+
+        //No URL-unfriendly characters allowed:
+        assertEquals(-1, advertisingTokenString.indexOf('='));
+        assertEquals(-1, advertisingTokenString.indexOf('+'));
+        assertEquals(-1, advertisingTokenString.indexOf('/'));
+    }
+
+    private static String generateUid2TokenV4(String uid, Key masterKey, long siteId, Key siteKey, Uid2TokenGenerator.Params params) {
+        String advertisingToken = Uid2TokenGenerator.generateUid2TokenV4(uid, masterKey, siteId, siteKey, params);
+        validateAdvertisingToken(advertisingToken, IdentityScope.UID2, IdentityType.Email);
+        return advertisingToken;
+    }
+
+
     @Test
     public void smokeTest() throws Exception {
         UID2Client client = new UID2Client("ep", "ak", CLIENT_SECRET, IdentityScope.UID2);
         client.refreshJson(keySetToJson(MASTER_KEY, SITE_KEY));
-        String advertisingToken = Uid2TokenGenerator.generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, Uid2TokenGenerator.defaultParams());
+        String advertisingToken = generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, Uid2TokenGenerator.defaultParams());
         DecryptionResponse res = client.decrypt(advertisingToken);
         assertEquals(EXAMPLE_UID, res.getUid());
     }
 
     @Test
     public void emptyKeyContainer() throws Exception {
         UID2Client client = new UID2Client("ep", "ak", CLIENT_SECRET, IdentityScope.UID2);
-        String advertisingToken = Uid2TokenGenerator.generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, Uid2TokenGenerator.defaultParams());
+        String advertisingToken = generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, Uid2TokenGenerator.defaultParams());
         DecryptionResponse res = client.decrypt(advertisingToken);
         assertEquals(DecryptionStatus.NOT_INITIALIZED, res.getStatus());
     }
 
     @Test
     public void expiredKeyContainer() throws Exception {
         UID2Client client = new UID2Client("ep", "ak", CLIENT_SECRET, IdentityScope.UID2);
-        String advertisingToken = Uid2TokenGenerator.generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, Uid2TokenGenerator.defaultParams());
+        String advertisingToken = generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, Uid2TokenGenerator.defaultParams());
 
         Key masterKeyExpired = new Key(MASTER_KEY_ID, -1, NOW, NOW.minus(2, ChronoUnit.HOURS), NOW.minus(1, ChronoUnit.HOURS), getMasterSecret());
         Key siteKeyExpired = new Key(SITE_KEY_ID, SITE_ID, NOW, NOW.minus(2, ChronoUnit.HOURS), NOW.minus(1, ChronoUnit.HOURS), getSiteSecret());
@@ -137,7 +161,7 @@ public void expiredKeyContainer() throws Exception {
     @Test
     public void notAuthorizedForMasterKey() throws Exception {
         UID2Client client = new UID2Client("ep", "ak", CLIENT_SECRET, IdentityScope.UID2);
-        String advertisingToken = Uid2TokenGenerator.generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, Uid2TokenGenerator.defaultParams());
+        String advertisingToken = generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, Uid2TokenGenerator.defaultParams());
 
         Key anotherMasterKey = new Key(MASTER_KEY_ID + SITE_KEY_ID + 1, -1, NOW, NOW, NOW.plus(1, ChronoUnit.HOURS), getMasterSecret());
         Key anotherSiteKey = new Key(MASTER_KEY_ID + SITE_KEY_ID + 2, SITE_ID, NOW, NOW, NOW.plus(1, ChronoUnit.HOURS), getSiteSecret());
@@ -150,7 +174,7 @@ public void notAuthorizedForMasterKey() throws Exception {
     @Test
     public void invalidPayload() throws Exception {
         UID2Client client = new UID2Client("ep", "ak", CLIENT_SECRET, IdentityScope.UID2);
-        String payload = Uid2TokenGenerator.generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, Uid2TokenGenerator.defaultParams());
+        String payload = generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, Uid2TokenGenerator.defaultParams());
         byte[] payloadInBytes = Uid2Base64UrlCoder.decode(payload);
         String advertisingToken = Uid2Base64UrlCoder.encode(Arrays.copyOfRange(payloadInBytes, 0, payloadInBytes.length - 1));
         client.refreshJson(keySetToJson(MASTER_KEY, SITE_KEY));
@@ -165,7 +189,7 @@ public void tokenExpiryAndCustomNow() throws Exception {
 
         UID2Client client = new UID2Client("ep", "ak", CLIENT_SECRET, IdentityScope.UID2);
         client.refreshJson(keySetToJson(MASTER_KEY, SITE_KEY));
-        String advertisingToken = Uid2TokenGenerator.generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, params);
+        String advertisingToken = generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, SITE_KEY, params);
 
         DecryptionResponse res = client.decrypt(advertisingToken, expiry.plus(1, ChronoUnit.SECONDS));
         assertEquals(DecryptionStatus.EXPIRED_TOKEN, res.getStatus());
@@ -180,7 +204,7 @@ public void encryptDataTokenDecryptKeyExpired() throws Exception {
         UID2Client client = new UID2Client("ep", "ak", CLIENT_SECRET, IdentityScope.UID2);
         final Key key = new Key(SITE_KEY_ID, SITE_ID2, NOW, NOW, NOW.minus(1, ChronoUnit.DAYS), getTestSecret(9));
         client.refreshJson(keySetToJson(MASTER_KEY, key));
-        final String advertisingToken = Uid2TokenGenerator.generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, key, Uid2TokenGenerator.defaultParams());
+        final String advertisingToken = generateUid2TokenV4(EXAMPLE_UID, MASTER_KEY, SITE_ID, key, Uid2TokenGenerator.defaultParams());
         EncryptionDataResponse encrypted = client.encryptData(EncryptionDataRequest.forData(data).withAdvertisingToken(advertisingToken));
         assertEquals(EncryptionStatus.NOT_AUTHORIZED_FOR_KEY, encrypted.getStatus());
     }

src/test/java/com/uid2/client/PublisherTests.java

@@ -93,7 +93,8 @@ public void integrationBadRequests() {
         IdentityTokens currentIdentity = IdentityTokens.fromJsonString(PublisherTests.expectedDecryptedJsonForTokenGenerateResponse);
         Uid2Exception exception = assertThrows(Uid2Exception.class, //expired token
                 () -> publisherUid2Client.refreshToken(currentIdentity));
-        assertTrue(exception.getMessage().contains("expired"));
+        //We no longer assert on what the exception contains - since an expired key is later deleted, and deleted keys give a different error
+        //Previous code: assertTrue(exception.getMessage().contains("expired"));
 
 
         assertThrows(NullPointerException.class, () -> publisherUid2Client.generateToken(TokenGenerateInput.fromEmail(null)));
@@ -111,9 +112,12 @@ public void integrationBadRequests() {
 
         assertThrows(IllegalArgumentException.class, () -> new PublisherUid2Client(UID2_BASE_URL, UID2_API_KEY, "bad secret key"));
 
-        PublisherUid2Client invalidSecretKey = new PublisherUid2Client(UID2_BASE_URL, UID2_API_KEY, "incorrectSecretKey");
-        Uid2Exception invalidSecretKeyException = assertThrows(Uid2Exception.class, () -> invalidSecretKey.generateToken(TokenGenerateInput.fromEmail("[email protected]")));
-        assertTrue(invalidSecretKeyException.getMessage().contains("400"));
+        PublisherUid2Client invalidSecretKey = new PublisherUid2Client(UID2_BASE_URL, UID2_API_KEY, "invalidSecretKey");
+        assertThrows(RuntimeException.class, () -> invalidSecretKey.generateToken(TokenGenerateInput.fromEmail("[email protected]")));
+
+        PublisherUid2Client incorrectSecretKey = new PublisherUid2Client(UID2_BASE_URL, UID2_API_KEY, PublisherTests.UID2_SECRET_KEY); //PublisherTests.UID2_SECRET_KEY is an incorrect key because it's not a client secret for UID2_API_KEY (UID2_SECRET_KEY is the correct secret)
+        Uid2Exception incorrectSecretKeyException = assertThrows(Uid2Exception.class, () -> incorrectSecretKey.generateToken(TokenGenerateInput.fromEmail("[email protected]")));
+        assertTrue(incorrectSecretKeyException.getMessage().contains("400"));
     }
 
     @Test //this test requires these env vars to be configured: EUID_BASE_URL, EUID_API_KEY, EUID_SECRET_KEY
@@ -159,7 +163,7 @@ private static byte[] hexStringToByteArray(String s) {
         return data;
     }
 
-    private final static String UID2_SECRET_KEY = "ioG3wKxAokmp+rERx6A4kM/13qhyolUXIu14WN16Spo=";
+    public final static String UID2_SECRET_KEY = "ioG3wKxAokmp+rERx6A4kM/13qhyolUXIu14WN16Spo=";
     private final PublisherUid2Helper publisherUid2Helper = new PublisherUid2Helper(UID2_SECRET_KEY);
     private final byte[] nonce = hexStringToByteArray("312fe5aa08b2a049");