Catching up to main

cody-constine-ttd · cody-constine-ttd · commit bc2d667c3e13 · 2024-12-02T10:51:54.000-07:00
diff --git a/.trivyignore b/.trivyignore
@@ -5,6 +5,3 @@
 
 # https://thetradedesk.atlassian.net/browse/UID2-4460
 CVE-2024-47535
-
-# https://thetradedesk.atlassian.net/browse/UID2-4461
-CVE-2024-7254
diff --git a/conf/local-config.json b/conf/local-config.json
@@ -15,7 +15,6 @@
   "refresh_identity_token_after_seconds": 900,
   "advertising_token_v3": false,
   "advertising_token_v4_percentage": 0,
-  "site_ids_using_v4_tokens": "",
   "refresh_token_v3": false,
   "identity_v3": false,
   "identity_scope": "uid2",
diff --git a/pom.xml b/pom.xml
@@ -6,11 +6,11 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-operator</artifactId>
-    <version>6.0.0</version>
+    <version>5.42.7-alpha-139-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <vertx.version>4.5.3</vertx.version>
+        <vertx.version>4.5.11</vertx.version>
         <vertx-maven-plugin.version>1.0.22</vertx-maven-plugin.version>
         <junit-jupiter.version>5.11.2</junit-jupiter.version>
         <junit-vintage.version>5.11.2</junit-vintage.version>
@@ -22,7 +22,7 @@
         <enclave-aws.version>2.1.0</enclave-aws.version>
         <enclave-azure.version>2.1.0</enclave-azure.version>
         <enclave-gcp.version>2.1.0</enclave-gcp.version>
-        <uid2-shared.version>8.0.0</uid2-shared.version>
+        <uid2-shared.version>8.0.6</uid2-shared.version>
         <image.version>${project.version}</image.version>
         <maven.compiler.source>21</maven.compiler.source>
         <maven.compiler.target>21</maven.compiler.target>
diff --git a/scripts/aws/conf/default-config.json b/scripts/aws/conf/default-config.json
@@ -35,6 +35,5 @@
   "sharing_token_expiry_seconds": 2592000,
   "validate_service_links": false,
   "advertising_token_v4_percentage": 100,
-  "site_ids_using_v4_tokens": "",
   "operator_type": "private"
 }
diff --git a/scripts/azure-cc/conf/default-config.json b/scripts/azure-cc/conf/default-config.json
@@ -39,6 +39,5 @@
   "sharing_token_expiry_seconds": 2592000,
   "validate_service_links": false,
   "advertising_token_v4_percentage": 100,
-  "site_ids_using_v4_tokens": "",
   "operator_type": "private"
 }
diff --git a/scripts/gcp-oidc/conf/default-config.json b/scripts/gcp-oidc/conf/default-config.json
@@ -39,6 +39,5 @@
   "sharing_token_expiry_seconds": 2592000,
   "validate_service_links": false,
   "advertising_token_v4_percentage": 100,
-  "site_ids_using_v4_tokens": "",
   "operator_type": "private"
 }
diff --git a/src/main/java/com/uid2/operator/Main.java b/src/main/java/com/uid2/operator/Main.java
@@ -422,7 +422,7 @@ private static Vertx createVertx() {
     }
 
     private static void setupMetrics(MicrometerMetricsOptions metricOptions) {
-        BackendRegistries.setupBackend(metricOptions);
+        BackendRegistries.setupBackend(metricOptions, null);
 
         MeterRegistry backendRegistry = BackendRegistries.getDefaultNow();
         if (backendRegistry instanceof PrometheusMeterRegistry) {
diff --git a/src/main/java/com/uid2/operator/service/TokenUtils.java b/src/main/java/com/uid2/operator/service/TokenUtils.java
@@ -62,21 +62,4 @@ public static byte encodeIdentityScope(IdentityScope identityScope) {
     public static byte encodeIdentityType(IdentityType identityType) {
         return (byte) (identityType.value << 2);
     }
-
-    public static Set<Integer> getSiteIdsUsingV4Tokens(String siteIdsUsingV4TokensInString) {
-        String[] siteIdsV4TokensList = siteIdsUsingV4TokensInString.split(",");
-
-        Set<Integer> siteIdsV4TokensSet = new HashSet<>();
-        try {
-            for (String siteId : siteIdsV4TokensList) {
-                String siteIdTrimmed = siteId.trim();
-                if (!siteIdTrimmed.isEmpty()) {
-                    siteIdsV4TokensSet.add(Integer.parseInt(siteIdTrimmed));
-                }
-            }
-        } catch (NumberFormatException ex) {
-            throw new IllegalArgumentException(String.format("Invalid integer format found in site_ids_using_v4_tokens:  %s", siteIdsUsingV4TokensInString));
-        }
-        return siteIdsV4TokensSet;
-    }
 }
diff --git a/src/main/java/com/uid2/operator/service/UIDOperatorService.java b/src/main/java/com/uid2/operator/service/UIDOperatorService.java
@@ -22,7 +22,6 @@
 import java.util.*;
 
 import static com.uid2.operator.IdentityConst.*;
-import static com.uid2.operator.service.TokenUtils.getSiteIdsUsingV4Tokens;
 
 public class UIDOperatorService implements IUIDOperatorService {
     public static final String IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS = "identity_token_expires_after_seconds";
@@ -49,7 +48,6 @@ public class UIDOperatorService implements IUIDOperatorService {
     private final OperatorIdentity operatorIdentity;
     protected final TokenVersion tokenVersionToUseIfNotV4;
     protected final int advertisingTokenV4Percentage;
-    protected final Set<Integer> siteIdsUsingV4Tokens;
     private final TokenVersion refreshTokenVersion;
     private final boolean identityV3Enabled;
 
@@ -94,7 +92,6 @@ public UIDOperatorService(JsonObject config, IOptOutStore optOutStore, ISaltProv
         }
 
         this.advertisingTokenV4Percentage = config.getInteger("advertising_token_v4_percentage", 0); //0 indicates token v4 will not be used
-        this.siteIdsUsingV4Tokens = getSiteIdsUsingV4Tokens(config.getString("site_ids_using_v4_tokens", ""));
         this.tokenVersionToUseIfNotV4 = config.getBoolean("advertising_token_v3", false) ? TokenVersion.V3 : TokenVersion.V2;
 
         this.refreshTokenVersion = TokenVersion.V3;
@@ -271,18 +268,14 @@ private RefreshToken createRefreshToken(PublisherIdentity publisherIdentity, Use
 
     private AdvertisingToken createAdvertisingToken(PublisherIdentity publisherIdentity, UserIdentity userIdentity, Instant now) {
         TokenVersion tokenVersion;
-        if (siteIdsUsingV4Tokens.contains(publisherIdentity.siteId)) {
-            tokenVersion = TokenVersion.V4;
-        } else {
-            int pseudoRandomNumber = 1;
-            final var rawUid = userIdentity.id;
-            if (rawUid.length > 2)
-            {
-                int hash = ((rawUid[0] & 0xFF) << 12) | ((rawUid[1] & 0xFF) << 4) | ((rawUid[2] & 0xFF) & 0xF); //using same logic as ModBasedSaltEntryIndexer.getIndex() in uid2-shared
-                pseudoRandomNumber = (hash % 100) + 1; //1 to 100
-            }
-            tokenVersion = (pseudoRandomNumber <= this.advertisingTokenV4Percentage) ? TokenVersion.V4 : this.tokenVersionToUseIfNotV4;
+        int pseudoRandomNumber = 1;
+        final var rawUid = userIdentity.id;
+        if (rawUid.length > 2)
+        {
+            int hash = ((rawUid[0] & 0xFF) << 12) | ((rawUid[1] & 0xFF) << 4) | ((rawUid[2] & 0xFF) & 0xF); //using same logic as ModBasedSaltEntryIndexer.getIndex() in uid2-shared
+            pseudoRandomNumber = (hash % 100) + 1; //1 to 100
         }
+        tokenVersion = (pseudoRandomNumber <= this.advertisingTokenV4Percentage) ? TokenVersion.V4 : this.tokenVersionToUseIfNotV4;
         return new AdvertisingToken(tokenVersion, now, now.plusMillis(identityExpiresAfter.toMillis()), this.operatorIdentity, publisherIdentity, userIdentity);
     }
 
diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
@@ -357,6 +357,7 @@ private void handleClientSideTokenGenerateImpl(RoutingContext rc) throws NoSuchA
                     null, TokenResponseStatsCollector.Endpoint.ClientSideTokenGenerateV2, TokenResponseStatsCollector.ResponseStatus.BadSubscriptionId, siteProvider, platformType);
             return;
         }
+        rc.put(com.uid2.shared.Const.RoutingContextData.SiteId, clientSideKeypair.getSiteId());
 
         if(clientSideKeypair.isDisabled()) {
             SendClientErrorResponseAndRecordStats(ResponseStatus.Unauthorized, 401, rc, "Unauthorized",
diff --git a/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java b/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java
@@ -58,11 +58,8 @@ public ExtendedUIDOperatorService(JsonObject config, IOptOutStore optOutStore, I
             super(config, optOutStore, saltProvider, encoder, clock, identityScope, saltRetrievalResponseHandler);
         }
 
-        public TokenVersion getAdvertisingTokenVersionForTests(int siteId) {
+        public TokenVersion getAdvertisingTokenVersionForTests() {
             assert this.advertisingTokenV4Percentage == 0 || this.advertisingTokenV4Percentage == 100; //we want tests to be deterministic
-            if (this.siteIdsUsingV4Tokens.contains(siteId)) {
-                return TokenVersion.V4;
-            }
             return this.advertisingTokenV4Percentage == 100 ? TokenVersion.V4 : this.tokenVersionToUseIfNotV4;
         }
     }
@@ -96,8 +93,7 @@ void setup() throws Exception {
         uid2Config.put(UIDOperatorService.IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS, IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS);
         uid2Config.put(UIDOperatorService.REFRESH_TOKEN_EXPIRES_AFTER_SECONDS, REFRESH_TOKEN_EXPIRES_AFTER_SECONDS);
         uid2Config.put(UIDOperatorService.REFRESH_IDENTITY_TOKEN_AFTER_SECONDS, REFRESH_IDENTITY_TOKEN_AFTER_SECONDS);
-        uid2Config.put("advertising_token_v4_percentage", 0);
-        uid2Config.put("site_ids_using_v4_tokens", "127,128");
+        uid2Config.put("advertising_token_v4_percentage", 100);
         uid2Config.put("advertising_token_v3", false); // prod is using v2 token version for now
         uid2Config.put("identity_v3", false);
 
@@ -152,7 +148,7 @@ private UserIdentity createUserIdentity(String rawIdentityHash, IdentityScope sc
     }
 
     private AdvertisingToken validateAndGetToken(EncryptedTokenEncoder tokenEncoder, String advertisingTokenString, IdentityScope scope, IdentityType type, int siteId) {
-        TokenVersion tokenVersion = (scope == IdentityScope.UID2) ? uid2Service.getAdvertisingTokenVersionForTests(siteId) : euidService.getAdvertisingTokenVersionForTests(siteId);
+        TokenVersion tokenVersion = (scope == IdentityScope.UID2) ? uid2Service.getAdvertisingTokenVersionForTests() : euidService.getAdvertisingTokenVersionForTests();
         UIDOperatorVerticleTest.validateAdvertisingToken(advertisingTokenString, tokenVersion, scope, type);
         return tokenEncoder.decodeAdvertisingToken(advertisingTokenString);
     }
@@ -164,7 +160,7 @@ private void assertIdentityScopeIdentityTypeAndEstablishedAt(UserIdentity expcte
     }
 
     @ParameterizedTest
-    @CsvSource({"123, V2","127, V4","128, V4"}) //site id 127 and 128 is for testing "site_ids_using_v4_tokens"
+    @CsvSource({"123, V4","127, V4","128, V4"})
     public void testGenerateAndRefresh(int siteId, TokenVersion tokenVersion) {
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(siteId, 124, 125),
diff --git a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
@@ -160,7 +160,6 @@ private void setupConfig(JsonObject config) {
         config.put("identity_scope", getIdentityScope().toString());
         config.put("advertising_token_v3", getTokenVersion() == TokenVersion.V3);
         config.put("advertising_token_v4_percentage", getTokenVersion() == TokenVersion.V4 ? 100 : 0);
-        config.put("site_ids_using_v4_tokens", "");
         config.put("identity_v3", useIdentityV3());
         config.put("client_side_token_generate", true);
         config.put("key_sharing_endpoint_provide_app_names", true);
diff --git a/src/test/java/com/uid2/operator/service/TokenUtilsTest.java b/src/test/java/com/uid2/operator/service/TokenUtilsTest.java

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,5 @@`
`35`	`35`	`"sharing_token_expiry_seconds": 2592000,`
`36`	`36`	`"validate_service_links": false,`
`37`	`37`	`"advertising_token_v4_percentage": 100,`
`38`		`- "site_ids_using_v4_tokens": "",`
`39`	`38`	`"operator_type": "private"`
`40`	`39`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,5 @@`
`39`	`39`	`"sharing_token_expiry_seconds": 2592000,`
`40`	`40`	`"validate_service_links": false,`
`41`	`41`	`"advertising_token_v4_percentage": 100,`
`42`		`- "site_ids_using_v4_tokens": "",`
`43`	`42`	`"operator_type": "private"`
`44`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -422,7 +422,7 @@ private static Vertx createVertx() {`
`422`	`422`	`}`
`423`	`423`
`424`	`424`	`private static void setupMetrics(MicrometerMetricsOptions metricOptions) {`
`425`		`- BackendRegistries.setupBackend(metricOptions);`
	`425`	`+ BackendRegistries.setupBackend(metricOptions, null);`
`426`	`426`
`427`	`427`	`MeterRegistry backendRegistry = BackendRegistries.getDefaultNow();`
`428`	`428`	`if (backendRegistry instanceof PrometheusMeterRegistry) {`
Original file line number	Diff line number	Diff line change
`@@ -357,6 +357,7 @@ private void handleClientSideTokenGenerateImpl(RoutingContext rc) throws NoSuchA`
`357`	`357`	`null, TokenResponseStatsCollector.Endpoint.ClientSideTokenGenerateV2, TokenResponseStatsCollector.ResponseStatus.BadSubscriptionId, siteProvider, platformType);`
`358`	`358`	`return;`
`359`	`359`	`}`
	`360`	`+ rc.put(com.uid2.shared.Const.RoutingContextData.SiteId, clientSideKeypair.getSiteId());`
`360`	`361`
`361`	`362`	`if(clientSideKeypair.isDisabled()) {`
`362`	`363`	`SendClientErrorResponseAndRecordStats(ResponseStatus.Unauthorized, 401, rc, "Unauthorized",`