Merge pull request #277 from IABTechLab/mkc-UID2-4774-require-attestation-operator-config

Require attestation for operator config

Author: mcollins-ttd

conf/local-e2e-config.json

@@ -35,6 +35,6 @@
     "core_public_url": "http://localhost:8088",
     "optout_url": "http://localhost:8081",
     "s3_keys_metadata_path": "s3encryption_keys/metadata.json",
-    "cloud_keys_metadata_path": "cloud_encryption_keys/metadata.json",
+    "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json",
     "encryption_support_version": "6.0.0"
 }

conf/operator/operator-config.json

@@ -1,6 +1,9 @@
 {
-  "identity_token_expires_after_seconds": 3600,
-  "refresh_token_expires_after_seconds": 86400,
-  "refresh_identity_token_after_seconds": 900,
-  "sharing_token_expiry_seconds": 2592000
+  "version": 1,
+  "runtime_config": {
+    "identity_token_expires_after_seconds": 3600,
+    "refresh_token_expires_after_seconds": 86400,
+    "refresh_identity_token_after_seconds": 900,
+    "sharing_token_expiry_seconds": 2592000
+  }
 }

src/main/java/com/uid2/core/vertx/CoreVerticle.java

@@ -201,7 +201,7 @@ private Router createRoutesSetup() {
         router.get(Endpoints.OPERATORS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleOperatorRefresh), Role.OPTOUT_SERVICE));
         router.get(Endpoints.PARTNERS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handlePartnerRefresh), Role.OPTOUT_SERVICE));
         router.get(Endpoints.OPS_HEALTHCHECK.toString()).handler(this::handleHealthCheck);
-        router.get(Endpoints.OPERATOR_CONFIG.toString()).handler(auth.handle(this::handleGetConfig, Role.OPERATOR));
+        router.get(Endpoints.OPERATOR_CONFIG.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleGetConfig), Role.OPERATOR));
 
         if (Optional.ofNullable(ConfigStore.Global.getBoolean("enable_test_endpoints")).orElse(false)) {
             router.route(Endpoints.ATTEST_GET_TOKEN.toString()).handler(auth.handle(this::handleTestGetAttestationToken, Role.OPERATOR));

src/test/java/com/uid2/core/vertx/CoreVerticleTest.java

@@ -894,10 +894,11 @@ void keysRefreshSuccessNoHeaderVersion(Vertx vertx, VertxTestContext testContext
     }
 
     @Test
+    @Tag("dontForceJwt")
     void getConfigSuccess(Vertx vertx, VertxTestContext testContext) {
         JsonObject expectedConfig = new JsonObject(operatorConfig);
 
-        fakeAuth(Role.OPERATOR);
+        fakeAuth(attestationProtocolPublic, "PUBLIC", Role.OPERATOR);
 
         // Make HTTP Get request to operator config endpoint
         this.get(vertx, Endpoints.OPERATOR_CONFIG.toString(), testContext.succeeding(response -> testContext.verify(() -> {
@@ -911,10 +912,11 @@ void getConfigSuccess(Vertx vertx, VertxTestContext testContext) {
     }
 
     @Test
+    @Tag("dontForceJwt")
     void getConfigInvalidJson(Vertx vertx, VertxTestContext testContext) {
         operatorConfig = "invalid config";
 
-        fakeAuth(Role.OPERATOR);
+        fakeAuth(attestationProtocolPublic, "PUBLIC", Role.OPERATOR);
 
         this.get(vertx, Endpoints.OPERATOR_CONFIG.toString(), testContext.succeeding(response -> testContext.verify(() -> {
                     assertEquals(500, response.statusCode());