From b87547fc5c594fe629d62fd5f0e10f3ec108ac97 Mon Sep 17 00:00:00 2001
From: Matt Collins <matt.collins@thetradedesk.com>
Date: Thu, 10 Apr 2025 12:32:18 +1000
Subject: [PATCH 1/3] Require attestation for operator config

---
 src/main/java/com/uid2/core/vertx/CoreVerticle.java     | 2 +-
 src/test/java/com/uid2/core/vertx/CoreVerticleTest.java | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java
index e0fa68a..f0cfcf5 100644
--- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java
+++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java
@@ -201,7 +201,7 @@ private Router createRoutesSetup() {
         router.get(Endpoints.OPERATORS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleOperatorRefresh), Role.OPTOUT_SERVICE));
         router.get(Endpoints.PARTNERS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handlePartnerRefresh), Role.OPTOUT_SERVICE));
         router.get(Endpoints.OPS_HEALTHCHECK.toString()).handler(this::handleHealthCheck);
-        router.get(Endpoints.OPERATOR_CONFIG.toString()).handler(auth.handle(this::handleGetConfig, Role.OPERATOR));
+        router.get(Endpoints.OPERATOR_CONFIG.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleGetConfig), Role.OPERATOR));
 
         if (Optional.ofNullable(ConfigStore.Global.getBoolean("enable_test_endpoints")).orElse(false)) {
             router.route(Endpoints.ATTEST_GET_TOKEN.toString()).handler(auth.handle(this::handleTestGetAttestationToken, Role.OPERATOR));
diff --git a/src/test/java/com/uid2/core/vertx/CoreVerticleTest.java b/src/test/java/com/uid2/core/vertx/CoreVerticleTest.java
index 29ad8ca..bd0c4d7 100644
--- a/src/test/java/com/uid2/core/vertx/CoreVerticleTest.java
+++ b/src/test/java/com/uid2/core/vertx/CoreVerticleTest.java
@@ -894,10 +894,11 @@ void keysRefreshSuccessNoHeaderVersion(Vertx vertx, VertxTestContext testContext
     }
 
     @Test
+    @Tag("dontForceJwt")
     void getConfigSuccess(Vertx vertx, VertxTestContext testContext) {
         JsonObject expectedConfig = new JsonObject(operatorConfig);
 
-        fakeAuth(Role.OPERATOR);
+        fakeAuth(attestationProtocolPublic, "PUBLIC", Role.OPERATOR);
 
         // Make HTTP Get request to operator config endpoint
         this.get(vertx, Endpoints.OPERATOR_CONFIG.toString(), testContext.succeeding(response -> testContext.verify(() -> {
@@ -911,10 +912,11 @@ void getConfigSuccess(Vertx vertx, VertxTestContext testContext) {
     }
 
     @Test
+    @Tag("dontForceJwt")
     void getConfigInvalidJson(Vertx vertx, VertxTestContext testContext) {
         operatorConfig = "invalid config";
 
-        fakeAuth(Role.OPERATOR);
+        fakeAuth(attestationProtocolPublic, "PUBLIC", Role.OPERATOR);
 
         this.get(vertx, Endpoints.OPERATOR_CONFIG.toString(), testContext.succeeding(response -> testContext.verify(() -> {
                     assertEquals(500, response.statusCode());

From 68c2faf2a7a57242ddbf081f6e910e39e52018fb Mon Sep 17 00:00:00 2001
From: Matt Collins <matt.collins@thetradedesk.com>
Date: Thu, 10 Apr 2025 13:18:14 +1000
Subject: [PATCH 2/3] Fix name of cloud_encryption_keys_metadata_path

---
 conf/local-e2e-config.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/local-e2e-config.json b/conf/local-e2e-config.json
index a418c0f..f72bdb2 100644
--- a/conf/local-e2e-config.json
+++ b/conf/local-e2e-config.json
@@ -35,6 +35,6 @@
     "core_public_url": "http://localhost:8088",
     "optout_url": "http://localhost:8081",
     "s3_keys_metadata_path": "s3encryption_keys/metadata.json",
-    "cloud_keys_metadata_path": "cloud_encryption_keys/metadata.json",
+    "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json",
     "encryption_support_version": "6.0.0"
 }

From 14544c97cea369a44678c313e722a6186a99f8f3 Mon Sep 17 00:00:00 2001
From: Matt Collins <matt.collins@thetradedesk.com>
Date: Thu, 10 Apr 2025 13:22:27 +1000
Subject: [PATCH 3/3] Update operator config to new format

---
 conf/operator/operator-config.json | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/conf/operator/operator-config.json b/conf/operator/operator-config.json
index 817d714..000a336 100644
--- a/conf/operator/operator-config.json
+++ b/conf/operator/operator-config.json
@@ -1,6 +1,9 @@
 {
-  "identity_token_expires_after_seconds": 3600,
-  "refresh_token_expires_after_seconds": 86400,
-  "refresh_identity_token_after_seconds": 900,
-  "sharing_token_expiry_seconds": 2592000
+  "version": 1,
+  "runtime_config": {
+    "identity_token_expires_after_seconds": 3600,
+    "refresh_token_expires_after_seconds": 86400,
+    "refresh_identity_token_after_seconds": 900,
+    "sharing_token_expiry_seconds": 2592000
+  }
 }
\ No newline at end of file