Merge pull request #131 from IABTechLab/wzh-uid2-3571-s3-keys-fetch

let core be able to load all the s3 encryption keys and keep a mapping

Author: lizk886

conf/default-config.json

@@ -16,5 +16,6 @@
     "partners_metadata_path": null,
     "att_token_enc_key": null,
     "att_token_enc_salt": null,
-    "enforceJwt": false
+    "enforceJwt": false,
+    "s3_keys_metadata_path": null
 }

conf/integ-config.json

@@ -17,5 +17,6 @@
     "keysets_metadata_path": "uid2/keysets/metadata.json",
     "keyset_keys_metadata_path": "uid2/keyset_keys/metadata.json",
     "salts_metadata_path": "uid2/salts/metadata.json",
-    "enforceJwt": false
+    "enforceJwt": false,
+    "s3_keys_metadata_path": "uid2/s3encryption_keys/metadata.json"
 }

conf/local-config.json

@@ -18,5 +18,6 @@
     "att_token_enc_key": "<key-for-attestation-token>",
     "att_token_enc_salt": "<salt-for-attestation-token>",
     "provide_private_site_data": true,
-    "enforceJwt": false
+    "enforceJwt": false,
+    "s3_keys_metadata_path": "/com.uid2.core/test/s3encryption_keys/metadata.json"
 }

conf/local-e2e-config.json

@@ -32,5 +32,6 @@
     "aws_kms_jwt_signing_key_id": "ff275b92-0def-4dfc-b0f6-87c96b26c6c7",
     "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB",
     "core_public_url": "http://localhost:8088",
-    "optout_url": "http://localhost:8081"
+    "optout_url": "http://localhost:8081",
+    "s3_keys_metadata_path": "s3encryption_keys/metadata.json"
 }

conf/local-e2e-docker-config.json

@@ -31,5 +31,6 @@
   "aws_kms_jwt_signing_key_id": "ff275b92-0def-4dfc-b0f6-87c96b26c6c7",
   "aws_kms_jwt_signing_public_keys": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvwB41qI5Fe41PDbXqcX5uOvSvfKh8l9QV0O3M+NsB4lKqQEP0t1hfoiXTpOgKz1ArYxHsQ2LeXifX4uwEbYJFlpVM+tyQkTWQjBOw6fsLYK2Xk4X2ylNXUUf7x3SDiOVxyvTh3OZW9kqrDBN9JxSoraNLyfw0hhW0SHpfs699SehgbQ7QWep/gVlKRLIz0XAXaZNw24s79ORcQlrCE6YD0PgQmpI/dK5xMML82n6y3qcTlywlGaU7OGIMdD+CTXA3BcOkgXeqZTXNaX1u6jCTa1lvAczun6avp5VZ4TFiuPo+y4rJ3GU+14cyT5NckEcaTKSvd86UdwK5Id9tl3bQIDAQAB",
   "core_public_url": "http://core:8088",
-  "optout_url": "http://optout:8081"
+  "optout_url": "http://optout:8081",
+  "s3_keys_metadata_path": "s3encryption_keys/metadata.json"
 }

pom.xml

@@ -6,7 +6,7 @@
 
   <groupId>com.uid2</groupId>
   <artifactId>uid2-core</artifactId>
-  <version>2.15.78</version>
+  <version>2.15.79-alpha-30-SNAPSHOT</version>
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -24,7 +24,7 @@
     <vertx.verticle>com.uid2.core.vertx.CoreVerticle</vertx.verticle>
     <launcher.class>io.vertx.core.Launcher</launcher.class>
 
-    <uid2-shared.version>7.10.6</uid2-shared.version>
+    <uid2-shared.version>7.16.0</uid2-shared.version>
     <image.version>${project.version}</image.version>
   </properties>
 

src/main/java/com/uid2/core/Main.java

@@ -14,6 +14,8 @@
 import com.uid2.shared.attest.JwtService;
 import com.uid2.shared.auth.EnclaveIdentifierProvider;
 import com.uid2.shared.auth.RotatingOperatorKeyProvider;
+import com.uid2.shared.store.reader.RotatingS3KeyProvider;
+import com.uid2.shared.model.S3Key;
 import com.uid2.shared.cloud.CloudUtils;
 import com.uid2.shared.cloud.EmbeddedResourceStorage;
 import com.uid2.shared.cloud.ICloudStorage;
@@ -104,6 +106,7 @@ public static void main(String[] args) {
 
             RotatingStoreVerticle enclaveRotatingVerticle = null;
             RotatingStoreVerticle operatorRotatingVerticle = null;
+            RotatingStoreVerticle s3KeyRotatingVerticle = null;
             CoreVerticle coreVerticle = null;
             try {
                 CloudPath operatorMetadataPath = new CloudPath(config.getString(Const.Config.OperatorsMetadataPathProp));
@@ -115,6 +118,11 @@ public static void main(String[] args) {
                 EnclaveIdentifierProvider enclaveIdProvider = new EnclaveIdentifierProvider(cloudStorage, enclaveMetadataPath);
                 enclaveRotatingVerticle = new RotatingStoreVerticle("enclaves", 60000, enclaveIdProvider);
 
+                CloudPath s3KeyMetadataPath = new CloudPath(config.getString(Const.Config.S3keysMetadataPathProp));
+                GlobalScope s3KeyScope = new GlobalScope(s3KeyMetadataPath);
+                RotatingS3KeyProvider s3KeyProvider = new RotatingS3KeyProvider(cloudStorage, s3KeyScope);
+                s3KeyRotatingVerticle = new RotatingStoreVerticle("s3encryption_keys", 60000, s3KeyProvider);
+
                 String corePublicUrl = ConfigStore.Global.get(Const.Config.CorePublicUrlProp);
                 AttestationService attestationService = new AttestationService()
                         .with("trusted", new TrustedCoreAttestationService())
@@ -157,6 +165,7 @@ public static void main(String[] args) {
 
             vertx.deployVerticle(enclaveRotatingVerticle);
             vertx.deployVerticle(operatorRotatingVerticle);
+            vertx.deployVerticle(s3KeyRotatingVerticle);
             vertx.deployVerticle(coreVerticle);
         });
     }

src/main/resources/com.uid2.core/test/s3encryption_keys/metadata.json

@@ -0,0 +1,7 @@
+{
+  "version": 1,
+  "generated": 1620253519,
+  "s3encryption_keys": {
+    "location": "/com.uid2.core/test/s3encryption_keys/s3encryption_keys.json"
+  }
+}

src/main/resources/com.uid2.core/test/s3encryption_keys/s3encryption_keys.json

@@ -0,0 +1,73 @@
+[ {
+  "id" : 1,
+  "siteId" : 999,
+  "activates" : 1720641670,
+  "created" : 1720641670,
+  "secret" : "mydrCudb2PZOm01Qn0SpthltmexHUAA11Hy1m+uxjVw="
+}, {
+  "id" : 2,
+  "siteId" : 999,
+  "activates" : 1720728070,
+  "created" : 1720641670,
+  "secret" : "FtdslrFSsvVXOuhOWGwEI+0QTkCvM8SGZAP3k2u3PgY="
+}, {
+  "id" : 3,
+  "siteId" : 999,
+  "activates" : 1720814470,
+  "created" : 1720641670,
+  "secret" : "/7zO6QbKrhZKIV36G+cU9UR4hZUVg5bD+KjbczICjHw="
+}, {
+  "id" : 4,
+  "siteId" : 123,
+  "activates" : 1720641671,
+  "created" : 1720641671,
+  "secret" : "XjiqRlWQQJGLr7xfV1qbueKwyzt881GVohuUkQt/ht4="
+}, {
+  "id" : 5,
+  "siteId" : 123,
+  "activates" : 1720728071,
+  "created" : 1720641671,
+  "secret" : "QmpIf5NzO+UROjl5XjB/BmF6paefM8n6ub9B2plC9aI="
+}, {
+  "id" : 6,
+  "siteId" : 123,
+  "activates" : 1720814471,
+  "created" : 1720641671,
+  "secret" : "40w9UMSYxGm+KldOWOXhBGI8QgjvUUQjivtkP4VpKV8="
+}, {
+  "id" : 7,
+  "siteId" : 124,
+  "activates" : 1720641671,
+  "created" : 1720641671,
+  "secret" : "QdwD0kQV1BwmLRD0PH1YpqgaOrgpVTfu08o98mSZ6uE="
+}, {
+  "id" : 8,
+  "siteId" : 124,
+  "activates" : 1720728071,
+  "created" : 1720641671,
+  "secret" : "yCVCM/HLf9/6k+aUNrx7w17VbyfSzI8JykLQLSR+CW0="
+}, {
+  "id" : 9,
+  "siteId" : 124,
+  "activates" : 1720814471,
+  "created" : 1720641671,
+  "secret" : "JqHl8BrTyx9XpR2lYj/5xvUpzgnibGeomETTwF4rn1U="
+}, {
+  "id" : 10,
+  "siteId" : 127,
+  "activates" : 1720641671,
+  "created" : 1720641671,
+  "secret" : "JqiG1b34AvrdO3Aj6cCcjOBJMijrDzTmrR+p9ZtP2es="
+}, {
+  "id" : 11,
+  "siteId" : 127,
+  "activates" : 1720728072,
+  "created" : 1720641672,
+  "secret" : "lp1CyHdfc7K0aO5JGpA+Ve5Z/V5LImtGEQwCg/YB0kY="
+}, {
+  "id" : 12,
+  "siteId" : 127,
+  "activates" : 1720814472,
+  "created" : 1720641672,
+  "secret" : "G99rFYJF+dnSlk/xG6fuC3WNqQxTLJbDIdVyPMbGQ6s="
+} ]