add handler for no active key

Author: lizk886

src/main/java/com/uid2/operator/Main.java

@@ -118,6 +118,7 @@ public Main(Vertx vertx, JsonObject config) throws Exception {
         this.shutdownHandler = new OperatorShutdownHandler(Duration.ofHours(12),
                 Duration.ofHours(config.getInteger(Const.Config.SaltsExpiredShutdownHours, 12)),
                 Duration.ofHours(config.getInteger(Const.Config.KeysetKeysFailedShutdownHours, 168)),
+                Duration.ofMinutes(config.getInteger(Const.Config.KeyAvailabilityFailedShutdownMinutes, 15)),
                 Clock.systemUTC(), new ShutdownService());
         this.uidInstanceIdProvider = new UidInstanceIdProvider(config);
 
@@ -247,7 +248,7 @@ public Main(Vertx vertx, JsonObject config) throws Exception {
     }
 
     private KeyManager getKeyManager() {
-        return new KeyManager(this.keysetKeyStore, this.keysetProvider);
+        return new KeyManager(this.keysetKeyStore, this.keysetProvider, this.shutdownHandler::handleKeyAvailability);
     }
 
     public static void recordStartupComplete() {

src/main/java/com/uid2/operator/model/KeyManager.java

@@ -13,16 +13,23 @@
 import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
+import java.util.function.Consumer;
 import java.util.stream.Collectors;
 
 public class KeyManager {
     private static final Logger LOGGER = LoggerFactory.getLogger(UIDOperatorVerticle.class);
     private final IKeysetKeyStore keysetKeyStore;
     private final RotatingKeysetProvider keysetProvider;
+    private final Consumer<Boolean> keyAvailabilityHandler;
 
     public KeyManager(IKeysetKeyStore keysetKeyStore, RotatingKeysetProvider keysetProvider) {
+        this(keysetKeyStore, keysetProvider, null);
+    }
+
+    public KeyManager(IKeysetKeyStore keysetKeyStore, RotatingKeysetProvider keysetProvider, Consumer<Boolean> keyAvailabilityHandler) {
         this.keysetKeyStore = keysetKeyStore;
         this.keysetProvider = keysetProvider;
+        this.keyAvailabilityHandler = keyAvailabilityHandler;
     }
 
     public KeyManagerSnapshot getKeyManagerSnapshot(int siteId) {
@@ -107,8 +114,14 @@ public KeysetKey getMasterKey() {
     public KeysetKey getMasterKey(Instant asOf) {
         KeysetKey key = this.keysetKeyStore.getSnapshot().getActiveKey(Const.Data.MasterKeysetId, asOf);
         if (key == null) {
+            if (this.keyAvailabilityHandler != null) {
+                this.keyAvailabilityHandler.accept(false);
+            }
             throw new NoActiveKeyException(String.format("Cannot get a master key with keyset ID %d.", Const.Data.MasterKeysetId));
         }
+        if (this.keyAvailabilityHandler != null) {
+            this.keyAvailabilityHandler.accept(true);
+        }
         return key;
     }
 
@@ -119,8 +132,14 @@ public KeysetKey getRefreshKey() {
     public KeysetKey getRefreshKey(Instant asOf) {
         KeysetKey key = this.keysetKeyStore.getSnapshot().getActiveKey(Const.Data.RefreshKeysetId, asOf);
         if (key == null) {
+            if (this.keyAvailabilityHandler != null) {
+                this.keyAvailabilityHandler.accept(false);
+            }
             throw new NoActiveKeyException(String.format("Cannot get a refresh key with keyset ID %d.", Const.Data.RefreshKeysetId));
         }
+        if (this.keyAvailabilityHandler != null) {
+            this.keyAvailabilityHandler.accept(true);
+        }
         return key;
     }
 

src/main/java/com/uid2/operator/vertx/OperatorShutdownHandler.java

@@ -2,7 +2,6 @@
 
 import com.uid2.operator.service.ShutdownService;
 import com.uid2.shared.attest.AttestationResponseCode;
-import lombok.extern.java.Log;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.utils.Pair;
@@ -20,19 +19,22 @@ public class OperatorShutdownHandler {
     private final Duration attestShutdownWaitTime;
     private final Duration saltShutdownWaitTime;
     private final Duration keysetKeyShutdownWaitTime;
+    private final Duration keyAvailabilityShutdownWaitTime;
     private final AtomicReference<Instant> attestFailureStartTime = new AtomicReference<>(null);
     private final AtomicReference<Instant> saltFailureStartTime = new AtomicReference<>(null);
     private final AtomicReference<Instant> keysetKeyFailureStartTime = new AtomicReference<>(null);
+    private final AtomicReference<Instant> keyAvailabilityFailureStartTime = new AtomicReference<>(null);
     private final AtomicReference<Instant> lastSaltFailureLogTime = new AtomicReference<>(null);
     private final AtomicReference<Instant> lastKeysetKeyFailureLogTime = new AtomicReference<>(null);
     private final Clock clock;
     private final ShutdownService shutdownService;
 
     public OperatorShutdownHandler(Duration attestShutdownWaitTime, Duration saltShutdownWaitTime,
-            Duration keysetKeyShutdownWaitTime, Clock clock, ShutdownService shutdownService) {
+            Duration keysetKeyShutdownWaitTime, Duration keyAvailabilityShutdownWaitTime, Clock clock, ShutdownService shutdownService) {
         this.attestShutdownWaitTime = attestShutdownWaitTime;
         this.saltShutdownWaitTime = saltShutdownWaitTime;
         this.keysetKeyShutdownWaitTime = keysetKeyShutdownWaitTime;
+        this.keyAvailabilityShutdownWaitTime = keyAvailabilityShutdownWaitTime;
         this.clock = clock;
         this.shutdownService = shutdownService;
     }
@@ -91,6 +93,22 @@ private void logKeysetKeyFailureProgressAtInterval(Instant failureStartTime, Dur
         }
     }
 
+    public void handleKeyAvailability(Boolean hasActiveKeys) {
+        if (hasActiveKeys) {
+            keyAvailabilityFailureStartTime.set(null);
+        } else {
+            Instant t = keyAvailabilityFailureStartTime.get();
+            if (t == null) {
+                keyAvailabilityFailureStartTime.set(clock.instant());
+                LOGGER.error("No active keys available. shutdown timer started (will shutdown in {} minutes if not recovered)", 
+                    keyAvailabilityShutdownWaitTime.toMinutes());
+            } else if (Duration.between(t, clock.instant()).compareTo(this.keyAvailabilityShutdownWaitTime) > 0) {
+                LOGGER.error("No active keys for too long. shutting down operator");
+                this.shutdownService.Shutdown(1);
+            }
+        }
+    }
+
     public void handleAttestResponse(Pair<AttestationResponseCode, String> response) {
         if (response.left() == AttestationResponseCode.AttestationFailure) {
             LOGGER.error("core attestation failed with AttestationFailure, shutting down operator, core response: {}", response.right());

src/test/java/com/uid2/operator/OperatorShutdownHandlerTest.java

@@ -6,7 +6,6 @@
 import com.uid2.operator.service.ShutdownService;
 import com.uid2.operator.vertx.OperatorShutdownHandler;
 import com.uid2.shared.attest.AttestationResponseCode;
-import io.vertx.core.Vertx;
 import io.vertx.junit5.VertxExtension;
 import io.vertx.junit5.VertxTestContext;
 import org.junit.jupiter.api.AfterEach;
@@ -19,7 +18,6 @@
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.utils.Pair;
 
-import java.security.Permission;
 import java.time.Clock;
 import java.time.Duration;
 import java.time.Instant;
@@ -43,7 +41,7 @@ void beforeEach() {
         mocks = MockitoAnnotations.openMocks(this);
         when(clock.instant()).thenAnswer(i -> Instant.now());
         doThrow(new RuntimeException()).when(shutdownService).Shutdown(1);
-        this.operatorShutdownHandler = new OperatorShutdownHandler(Duration.ofHours(12), Duration.ofHours(12), Duration.ofHours(168), clock, shutdownService);
+        this.operatorShutdownHandler = new OperatorShutdownHandler(Duration.ofHours(12), Duration.ofHours(12), Duration.ofHours(168), Duration.ofMinutes(15), clock, shutdownService);
     }
 
     @AfterEach
@@ -62,7 +60,6 @@ void shutdownOnAttestFailure(VertxTestContext testContext) {
             this.operatorShutdownHandler.handleAttestResponse(Pair.of(AttestationResponseCode.AttestationFailure, "Unauthorized"));
         } catch (RuntimeException e) {
             verify(shutdownService).Shutdown(1);
-            String message = logWatcher.list.get(0).getFormattedMessage();
             Assertions.assertEquals("core attestation failed with AttestationFailure, shutting down operator, core response: Unauthorized", logWatcher.list.get(0).getFormattedMessage());
             testContext.completeNow();
         }
@@ -236,4 +233,55 @@ void keysetKeyLogProgressAtInterval(VertxTestContext testContext) {
 
         testContext.completeNow();
     }
+
+    @Test
+    void shutdownWhenNoActiveKeys(VertxTestContext testContext) {
+        ListAppender<ILoggingEvent> logWatcher = new ListAppender<>();
+        logWatcher.start();
+        ((Logger) LoggerFactory.getLogger(OperatorShutdownHandler.class)).addAppender(logWatcher);
+
+        // No active keys available
+        this.operatorShutdownHandler.handleKeyAvailability(false);
+        Assertions.assertTrue(logWatcher.list.get(0).getFormattedMessage().contains("No active keys available"));
+
+        when(clock.instant()).thenAnswer(i -> Instant.now().plus(15, ChronoUnit.MINUTES).plusSeconds(60));
+        try {
+            this.operatorShutdownHandler.handleKeyAvailability(false);
+        } catch (RuntimeException e) {
+            verify(shutdownService).Shutdown(1);
+            Assertions.assertTrue(logWatcher.list.stream().anyMatch(log -> 
+                log.getFormattedMessage().contains("No active keys for too long")));
+            testContext.completeNow();
+        }
+    }
+
+    @Test
+    void recoverWhenActiveKeysBecomesAvailable(VertxTestContext testContext) {
+        // Start with no active keys
+        this.operatorShutdownHandler.handleKeyAvailability(false);
+        when(clock.instant()).thenAnswer(i -> Instant.now().plus(10, ChronoUnit.MINUTES));
+        
+        // Keys become available
+        this.operatorShutdownHandler.handleKeyAvailability(true);
+
+        // Should not shutdown even after total time exceeds threshold
+        when(clock.instant()).thenAnswer(i -> Instant.now().plus(20, ChronoUnit.MINUTES));
+        assertDoesNotThrow(() -> {
+            this.operatorShutdownHandler.handleKeyAvailability(false);
+        });
+        verify(shutdownService, never()).Shutdown(anyInt());
+        testContext.completeNow();
+    }
+
+    @Test
+    void keyAvailabilityNoShutdownWhenAlwaysAvailable(VertxTestContext testContext) {
+        // Keys are always available
+        this.operatorShutdownHandler.handleKeyAvailability(true);
+        this.operatorShutdownHandler.handleKeyAvailability(true);
+        this.operatorShutdownHandler.handleKeyAvailability(true);
+
+        verify(shutdownService, never()).Shutdown(anyInt());
+        testContext.completeNow();
+    }
+
 }