Merge pull request #164 from IABTechLab/cbc-UID2-4379-rename-s3-encryption-cloud-encryption

Started the rename of core too

Author: cody-constine-ttd

.github/workflows/check-stable-dependency.yaml

@@ -3,5 +3,5 @@ on: [pull_request, workflow_dispatch]
 
 jobs:
   check_dependency:
-    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v2
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-check-stable-dependency.yaml@v3
     secrets: inherit

conf/default-config.json

@@ -17,5 +17,5 @@
     "att_token_enc_key": null,
     "att_token_enc_salt": null,
     "enforceJwt": false,
-    "s3_keys_metadata_path": null
+    "cloud_encryption_keys_metadata_path": null
 }

conf/integ-config.json

@@ -18,5 +18,5 @@
     "keyset_keys_metadata_path": "uid2/keyset_keys/metadata.json",
     "salts_metadata_path": "uid2/salts/metadata.json",
     "enforceJwt": false,
-    "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json"
+    "cloud_encryption_keys_metadata_path": "uid2/cloud_encryption_keys/metadata.json"
 }

conf/local-config.json

@@ -19,5 +19,5 @@
     "att_token_enc_salt": "<salt-for-attestation-token>",
     "provide_private_site_data": true,
     "enforceJwt": false,
-    "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json"
+    "cloud_encryption_keys_metadata_path": "/com.uid2.core/test/cloud_encryption_keys/metadata.json"
 }

conf/local-e2e-config.json

@@ -33,5 +33,5 @@
     "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB",
     "core_public_url": "http://localhost:8088",
     "optout_url": "http://localhost:8081",
-    "s3_keys_metadata_path": "s3encryption_keys/metadata.json"
+    "cloud_keys_metadata_path": "cloud_encryption_keys/metadata.json"
 }

conf/local-e2e-docker-config.json

@@ -32,5 +32,5 @@
   "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB",
   "core_public_url": "http://core:8088",
   "optout_url": "http://optout:8081",
-  "s3_keys_metadata_path": "s3encryption_keys/metadata.json"
+  "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json"
 }

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-core</artifactId>
-    <version>2.20.14</version>
+    <version>2.20.19-alpha-58-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -24,7 +24,7 @@
         <vertx.verticle>com.uid2.core.vertx.CoreVerticle</vertx.verticle>
         <launcher.class>io.vertx.core.Launcher</launcher.class>
 
-        <uid2-shared.version>7.21.7</uid2-shared.version>
+        <uid2-shared.version>8.0.0</uid2-shared.version>
         <image.version>${project.version}</image.version>
     </properties>
 
@@ -97,11 +97,6 @@
             <artifactId>vertx-web-client</artifactId>
             <version>${vertx.version}</version>
         </dependency>
-        <dependency>
-            <groupId>com.google.auth</groupId>
-            <artifactId>google-auth-library-oauth2-http</artifactId>
-            <version>1.23.0</version>
-        </dependency>
         <dependency>
             <groupId>io.vertx</groupId>
             <artifactId>vertx-micrometer-metrics</artifactId>

src/main/java/com/uid2/core/Main.java

@@ -14,8 +14,8 @@
 import com.uid2.shared.attest.JwtService;
 import com.uid2.shared.auth.EnclaveIdentifierProvider;
 import com.uid2.shared.auth.RotatingOperatorKeyProvider;
-import com.uid2.shared.store.reader.RotatingS3KeyProvider;
-import com.uid2.shared.model.S3Key;
+import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider;
+import com.uid2.shared.model.CloudEncryptionKey;
 import com.uid2.shared.cloud.CloudUtils;
 import com.uid2.shared.cloud.EmbeddedResourceStorage;
 import com.uid2.shared.cloud.ICloudStorage;
@@ -106,7 +106,7 @@ public static void main(String[] args) {
 
             RotatingStoreVerticle enclaveRotatingVerticle = null;
             RotatingStoreVerticle operatorRotatingVerticle = null;
-            RotatingStoreVerticle s3KeyRotatingVerticle = null;
+            RotatingStoreVerticle cloudEncryptionKeyRotatingVerticle = null;
             CoreVerticle coreVerticle = null;
             try {
                 CloudPath operatorMetadataPath = new CloudPath(config.getString(Const.Config.OperatorsMetadataPathProp));
@@ -118,10 +118,10 @@ public static void main(String[] args) {
                 EnclaveIdentifierProvider enclaveIdProvider = new EnclaveIdentifierProvider(cloudStorage, enclaveMetadataPath);
                 enclaveRotatingVerticle = new RotatingStoreVerticle("enclaves", 60000, enclaveIdProvider);
 
-                CloudPath s3KeyMetadataPath = new CloudPath(config.getString(Const.Config.S3keysMetadataPathProp));
-                GlobalScope s3KeyScope = new GlobalScope(s3KeyMetadataPath);
-                RotatingS3KeyProvider s3KeyProvider = new RotatingS3KeyProvider(cloudStorage, s3KeyScope);
-                s3KeyRotatingVerticle = new RotatingStoreVerticle("s3encryption_keys", 60000, s3KeyProvider);
+                CloudPath cloudEncryptionKeyMetadataPath = new CloudPath(config.getString(Const.Config.CloudEncryptionKeysMetadataPathProp));
+                GlobalScope cloudEncryptionKeyScope = new GlobalScope(cloudEncryptionKeyMetadataPath);
+                RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider = new RotatingCloudEncryptionKeyProvider(cloudStorage, cloudEncryptionKeyScope);
+                cloudEncryptionKeyRotatingVerticle = new RotatingStoreVerticle("cloud_encryption_keys", 60000, cloudEncryptionKeyProvider);
 
                 String corePublicUrl = ConfigStore.Global.get(Const.Config.CorePublicUrlProp);
                 AttestationService attestationService = new AttestationService()
@@ -157,15 +157,15 @@ public static void main(String[] args) {
 
                 JwtService jwtService = new JwtService(config);
 
-                coreVerticle = new CoreVerticle(cloudStorage, operatorKeyProvider, attestationService, attestationTokenService, enclaveIdProvider, operatorJWTTokenProvider, jwtService, s3KeyProvider);
+                coreVerticle = new CoreVerticle(cloudStorage, operatorKeyProvider, attestationService, attestationTokenService, enclaveIdProvider, operatorJWTTokenProvider, jwtService, cloudEncryptionKeyProvider);
             } catch (Exception e) {
                 System.out.println("failed to initialize core verticle: " + e.getMessage());
                 System.exit(-1);
             }
 
             vertx.deployVerticle(enclaveRotatingVerticle);
             vertx.deployVerticle(operatorRotatingVerticle);
-            vertx.deployVerticle(s3KeyRotatingVerticle);
+            vertx.deployVerticle(cloudEncryptionKeyRotatingVerticle);
             vertx.deployVerticle(coreVerticle);
         });
     }

src/main/java/com/uid2/core/vertx/CoreVerticle.java

@@ -50,8 +50,9 @@
 import java.time.Instant;
 import java.util.*;
 
-import com.uid2.shared.store.reader.RotatingS3KeyProvider;
-import com.uid2.shared.model.S3Key;
+import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider;
+import com.uid2.shared.model.CloudEncryptionKey;
+
 
 import static com.uid2.shared.Const.Config.EnforceJwtProp;
 
@@ -79,7 +80,7 @@ public class CoreVerticle extends AbstractVerticle {
     private final ISaltMetadataProvider saltMetadataProvider;
     private final IPartnerMetadataProvider partnerMetadataProvider;
     private final OperatorJWTTokenProvider operatorJWTTokenProvider;
-    private final RotatingS3KeyProvider s3KeyProvider;
+    private final RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider;
 
     public CoreVerticle(ICloudStorage cloudStorage,
                         IAuthorizableProvider authProvider,
@@ -88,7 +89,7 @@ public CoreVerticle(ICloudStorage cloudStorage,
                         IEnclaveIdentifierProvider enclaveIdentifierProvider,
                         OperatorJWTTokenProvider operatorJWTTokenProvider,
                         JwtService jwtService,
-                        RotatingS3KeyProvider s3KeyProvider) throws Exception {
+                        RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) throws Exception {
         this.operatorJWTTokenProvider = operatorJWTTokenProvider;
         this.healthComponent.setHealthStatus(false, "not started");
 
@@ -98,7 +99,7 @@ public CoreVerticle(ICloudStorage cloudStorage,
         this.attestationTokenService = attestationTokenService;
         this.enclaveIdentifierProvider = enclaveIdentifierProvider;
         this.enclaveIdentifierProvider.addListener(this.attestationService);
-        this.s3KeyProvider = s3KeyProvider;
+        this.cloudEncryptionKeyProvider = cloudEncryptionKeyProvider;
 
         final String jwtAudience = ConfigStore.Global.get(Const.Config.CorePublicUrlProp);
         final String jwtIssuer = ConfigStore.Global.get(Const.Config.CorePublicUrlProp);
@@ -178,7 +179,7 @@ private Router createRoutesSetup() {
         router.post("/attest")
                 .handler(new AttestationFailureHandler())
                 .handler(auth.handle(this::handleAttestAsync, Role.OPERATOR, Role.OPTOUT_SERVICE));
-        router.get("/s3encryption_keys/retrieve").handler(auth.handle(attestationMiddleware.handle(this::handleS3EncryptionKeysRetrieval), Role.OPERATOR));
+        router.get("/cloud_encryption_keys/retrieve").handler(auth.handle(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), Role.OPERATOR));
         router.get("/sites/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleSiteRefresh), Role.OPERATOR));
         router.get("/key/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyRefresh), Role.OPERATOR));
         router.get("/key/acl/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyAclRefresh), Role.OPERATOR));
@@ -609,24 +610,24 @@ private void handleEnclaveUnregister(RoutingContext rc) {
         handleEnclaveChange(rc, true);
     }
 
-    void handleS3EncryptionKeysRetrieval(RoutingContext rc) {
+    void handleCloudEncryptionKeysRetrieval(RoutingContext rc) {
         try {
             OperatorInfo info = OperatorInfo.getOperatorInfo(rc);
             int siteId = info.getSiteId();
-            List<S3Key> s3Keys = s3KeyProvider.getKeys(siteId);
+            List<CloudEncryptionKey> cloudEncryptionKeys = cloudEncryptionKeyProvider.getKeys(siteId);
 
-            if (s3Keys == null || s3Keys.isEmpty()) {
-                Error("No S3 keys found", 500, rc, "No S3 keys found for siteId: " + siteId);
+            if (cloudEncryptionKeys == null || cloudEncryptionKeys.isEmpty()) {
+                Error("No Cloud Encryption keys found", 500, rc, "No Cloud Encryption keys found for siteId: " + siteId);
                 return;
             }
 
             JsonObject response = new JsonObject()
-                    .put("s3Keys", new JsonArray(s3Keys));
+                    .put("cloudEncryptionKeys", new JsonArray(cloudEncryptionKeys));
 
             rc.response().putHeader(HttpHeaders.CONTENT_TYPE, "application/json")
                     .end(response.encode());
         } catch (Exception e) {
-            logger.error("Error in handleRefreshS3Keys: ", e);
+            logger.error("Error in handleRefreshCloudEncryptionKeys: ", e);
             Error("error", 500, rc, "error generating attestation token");
         }
     }