Merge branch 'main' into ian-UID2-6345-enable-upload-only-optout-producer

Ian-Nara · Ian-Nara · commit 3b31dc55cf2d · 2025-12-15T22:56:19.000-07:00
diff --git a/.trivyignore b/.trivyignore
@@ -2,5 +2,4 @@
 # See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/ 
 # for more details
 
-# UID2-6128
-CVE-2025-55163 exp:2025-10-30
+
diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-shared</artifactId>
-    <version>11.1.91</version>
+    <version>11.1.124</version>
     <name>${project.groupId}:${project.artifactId}</name>
     <description>Library for all the shared uid2 operations</description>
     <url>https://github.com/IABTechLab/uid2docs</url>
@@ -181,7 +181,7 @@
         <dependency>
             <groupId>com.google.auth</groupId>
             <artifactId>google-auth-library-oauth2-http</artifactId>
-            <version>1.30.0</version>
+            <version>1.41.0</version>
         </dependency>
         <dependency>
             <groupId>com.azure</groupId>
@@ -213,6 +213,11 @@
             <artifactId>commons-collections4</artifactId>
             <version>4.4</version>
         </dependency>
+        <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <version>1.3.4</version>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>secretsmanager</artifactId>
diff --git a/src/main/java/com/uid2/shared/attest/UidCoreClient.java b/src/main/java/com/uid2/shared/attest/UidCoreClient.java
@@ -89,8 +89,12 @@ private InputStream internalDownload(String path) throws CloudStorageException {
                 inputStream = getWithAttest(path);
             }
             return inputStream;
+        } catch (CloudStorageException e) {
+            throw e;
         } catch (Exception e) {
-            throw new CloudStorageException("download error: " + e.getMessage(), e);
+            throw new CloudStorageException(
+                "E12: Data Download Failure - exception: " + e.getClass().getSimpleName() + 
+                ". For troubleshooting information, refer to the applicable Private Operator guide: see https://unifiedid.com/docs/guides/integration-options-private-operator.", e);
         }
     }
 
@@ -108,7 +112,9 @@ private InputStream getWithAttest(String path) throws IOException, AttestationRe
         HttpResponse<String> httpResponse;
         httpResponse = sendHttpRequest(path, attestationToken);
         if (httpResponse.statusCode() != 200) {
-            throw new CloudStorageException(String.format("Non-success response from core on request to %s. Status code: %d", path, httpResponse.statusCode()));
+            throw new CloudStorageException(String.format(
+                "E12: Data Download Failure - HTTP response code %d. For troubleshooting information, refer to the applicable Private Operator guide: see https://unifiedid.com/docs/guides/integration-options-private-operator.", 
+                httpResponse.statusCode()));
         }
         return Utils.convertHttpResponseToInputStream(httpResponse);
     }
diff --git a/src/main/java/com/uid2/shared/cloud/URLStorageWithMetadata.java b/src/main/java/com/uid2/shared/cloud/URLStorageWithMetadata.java
@@ -48,8 +48,8 @@ public InputStream download(String cloudPath) throws CloudStorageException {
             if (responseCode >= 200 && responseCode < 300) {
                 return httpConn.getInputStream();
             } else {
-                throw new CloudStorageException("Cannot download required files, HTTP response code " + responseCode 
-                + ", please visit UID2 guides for more details");
+                throw new CloudStorageException("E12: Data Download Failure - HTTP response code " + responseCode 
+                + ". For troubleshooting information, refer to the applicable Private Operator guide: see https://unifiedid.com/docs/guides/integration-options-private-operator.");
             }
         }
         catch (CloudStorageException e) {
@@ -58,8 +58,8 @@ public InputStream download(String cloudPath) throws CloudStorageException {
         } 
         catch (Throwable t) {
             // Do not log the original exception as it may contain sensitive information such as the pre-signed URL
-            throw new CloudStorageException("Cannot download required files, exception: " + t.getClass().getSimpleName() +
-                ", please visit UID2 guides for more details");
+            throw new CloudStorageException("E12: Data Download Failure - exception: " + t.getClass().getSimpleName() +
+                ". For troubleshooting information, refer to the applicable Private Operator guide: see https://unifiedid.com/docs/guides/integration-options-private-operator.");
         }
     }
 
diff --git a/src/main/java/com/uid2/shared/vertx/CloudSyncVerticle.java b/src/main/java/com/uid2/shared/vertx/CloudSyncVerticle.java
@@ -414,8 +414,13 @@ private void cloudDownloadBlocking(String s3Path) throws Exception {
             
             downloadFailureTimer.record(java.time.Duration.ofMillis(cloudDownloadTimeMs));            
             // Be careful as the s3Path may contain the pre-signed S3 token, so do not log the whole path
-            LOGGER.error("download error: " + ex.getClass().getSimpleName());
-            throw new CloudStorageException("Download failed"); 
+            LOGGER.error("Cloud storage download error, exception type: " + ex.getClass().getSimpleName());
+            
+            if (ex instanceof CloudStorageException) {
+                throw (CloudStorageException) ex;
+            }
+            throw new CloudStorageException("E12: Data Download Failure - Failed to download file from cloud storage, exception: " 
+                + ex.getClass().getSimpleName() + ". Check network connectivity and service availability."); 
         }
     }
 
diff --git a/src/test/java/com/uid2/shared/attest/UidCoreClientTest.java b/src/test/java/com/uid2/shared/attest/UidCoreClientTest.java
@@ -72,7 +72,7 @@ public void Download_AttestInternalFail_ExceptionThrown() throws IOException, At
         CloudStorageException result = assertThrows(CloudStorageException.class, () -> {
             uidCoreClient.download("https://download");
         });
-        String expectedExceptionMessage = "download error: AttestationResponseCode: AttestationFailure, test failure";
+        String expectedExceptionMessage = "E12: Data Download Failure - exception: AttestationResponseHandlerException. For troubleshooting information, refer to the applicable Private Operator guide: see https://unifiedid.com/docs/guides/integration-options-private-operator.";
         assertEquals(expectedExceptionMessage, result.getMessage());
     }
 
@@ -100,4 +100,93 @@ void getJwtReturnsCoreToken() {
         when(mockAttestationResponseHandler.getCoreJWT()).thenReturn("coreJWT");
         Assertions.assertEquals("coreJWT", this.uidCoreClient.getJWT());
     }
+
+    @Test
+    public void Download_Http403Error_LogsStatusCodeAndEndpoint() throws IOException, AttestationResponseHandlerException {
+        HttpResponse<String> mockHttpResponse = mock(HttpResponse.class);
+        when(mockHttpResponse.statusCode()).thenReturn(403);
+        when(mockHttpClient.get(eq("https://core-prod.uidapi.com/sites/refresh"), any(HashMap.class))).thenReturn(mockHttpResponse);
+
+        CloudStorageException result = assertThrows(CloudStorageException.class, () -> {
+            uidCoreClient.download("https://core-prod.uidapi.com/sites/refresh");
+        });
+
+        assertAll(
+            () -> assertTrue(result.getMessage().contains("E12: Data Download Failure"), 
+                "Expected E12 error code in message"),
+            () -> assertTrue(result.getMessage().contains("HTTP response code 403"), 
+                "Expected HTTP status code 403 in message"),
+            () -> assertTrue(result.getMessage().contains("For troubleshooting information, refer to the applicable Private Operator guide"), 
+                "Expected documentation reference in message")
+        );
+    }
+
+    @Test
+    public void Download_Http404Error_LogsStatusCode() throws IOException, AttestationResponseHandlerException {
+        HttpResponse<String> mockHttpResponse = mock(HttpResponse.class);
+        when(mockHttpResponse.statusCode()).thenReturn(404);
+        when(mockHttpClient.get(eq("https://core-prod.uidapi.com/keys/refresh"), any(HashMap.class))).thenReturn(mockHttpResponse);
+
+        CloudStorageException result = assertThrows(CloudStorageException.class, () -> {
+            uidCoreClient.download("https://core-prod.uidapi.com/keys/refresh");
+        });
+
+        assertAll(
+            () -> assertTrue(result.getMessage().contains("HTTP response code 404"), 
+                "Expected HTTP status code 404 in message"),
+            () -> assertTrue(result.getMessage().contains("E12: Data Download Failure"), 
+                "Expected E12 error code in message")
+        );
+    }
+
+    @Test
+    public void Download_Http500Error_LogsStatusCode() throws IOException, AttestationResponseHandlerException {
+        HttpResponse<String> mockHttpResponse = mock(HttpResponse.class);
+        when(mockHttpResponse.statusCode()).thenReturn(500);
+        when(mockHttpClient.get(eq("https://core-prod.uidapi.com/salts/refresh"), any(HashMap.class))).thenReturn(mockHttpResponse);
+
+        CloudStorageException result = assertThrows(CloudStorageException.class, () -> {
+            uidCoreClient.download("https://core-prod.uidapi.com/salts/refresh");
+        });
+
+        assertAll(
+            () -> assertTrue(result.getMessage().contains("E12: Data Download Failure"), 
+                "Expected E12 error code in message"),
+            () -> assertTrue(result.getMessage().contains("HTTP response code 500"), 
+                "Expected HTTP status code 500 in message")
+        );
+    }
+
+    @Test
+    public void Download_Http503Error_LogsStatusCode() throws IOException, AttestationResponseHandlerException {
+        HttpResponse<String> mockHttpResponse = mock(HttpResponse.class);
+        when(mockHttpResponse.statusCode()).thenReturn(503);
+        when(mockHttpClient.get(eq("https://core-integ.uidapi.com/clients/refresh"), any(HashMap.class))).thenReturn(mockHttpResponse);
+
+        CloudStorageException result = assertThrows(CloudStorageException.class, () -> {
+            uidCoreClient.download("https://core-integ.uidapi.com/clients/refresh");
+        });
+
+        assertTrue(result.getMessage().contains("HTTP response code 503"), 
+            "Expected HTTP status code 503 in message");
+    }
+
+    @Test
+    public void Download_NetworkError_LogsExceptionType() throws IOException, AttestationResponseHandlerException {
+        IOException networkException = new IOException("Connection timeout");
+        when(mockHttpClient.get(anyString(), any(HashMap.class))).thenThrow(networkException);
+
+        CloudStorageException result = assertThrows(CloudStorageException.class, () -> {
+            uidCoreClient.download("https://core-prod.uidapi.com/sites/refresh");
+        });
+
+        assertAll(
+            () -> assertTrue(result.getMessage().contains("E12: Data Download Failure"), 
+                "Expected E12 error code in message"),
+            () -> assertTrue(result.getMessage().contains("exception: IOException"), 
+                "Expected exception type in message"),
+            () -> assertTrue(result.getMessage().contains("For troubleshooting information, refer to the applicable Private Operator guide"), 
+                "Expected documentation reference in message")
+        );
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -89,8 +89,12 @@ private InputStream internalDownload(String path) throws CloudStorageException {`
`89`	`89`	`inputStream = getWithAttest(path);`
`90`	`90`	`}`
`91`	`91`	`return inputStream;`
	`92`	`+ } catch (CloudStorageException e) {`
	`93`	`+ throw e;`
`92`	`94`	`} catch (Exception e) {`
`93`		`- throw new CloudStorageException("download error: " + e.getMessage(), e);`
	`95`	`+ throw new CloudStorageException(`
	`96`	`+ "E12: Data Download Failure - exception: " + e.getClass().getSimpleName() +`
	`97`	`+ ". For troubleshooting information, refer to the applicable Private Operator guide: see https://unifiedid.com/docs/guides/integration-options-private-operator.", e);`
`94`	`98`	`}`
`95`	`99`	`}`
`96`	`100`
`@@ -108,7 +112,9 @@ private InputStream getWithAttest(String path) throws IOException, AttestationRe`
`108`	`112`	`HttpResponse<String> httpResponse;`
`109`	`113`	`httpResponse = sendHttpRequest(path, attestationToken);`
`110`	`114`	`if (httpResponse.statusCode() != 200) {`
`111`		`- throw new CloudStorageException(String.format("Non-success response from core on request to %s. Status code: %d", path, httpResponse.statusCode()));`
	`115`	`+ throw new CloudStorageException(String.format(`
	`116`	`+ "E12: Data Download Failure - HTTP response code %d. For troubleshooting information, refer to the applicable Private Operator guide: see https://unifiedid.com/docs/guides/integration-options-private-operator.",`
	`117`	`+ httpResponse.statusCode()));`
`112`	`118`	`}`
`113`	`119`	`return Utils.convertHttpResponseToInputStream(httpResponse);`
`114`	`120`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,8 +48,8 @@ public InputStream download(String cloudPath) throws CloudStorageException {`
`48`	`48`	`if (responseCode >= 200 && responseCode < 300) {`
`49`	`49`	`return httpConn.getInputStream();`
`50`	`50`	`} else {`
`51`		`- throw new CloudStorageException("Cannot download required files, HTTP response code " + responseCode`
`52`		`- + ", please visit UID2 guides for more details");`
	`51`	`+ throw new CloudStorageException("E12: Data Download Failure - HTTP response code " + responseCode`
	`52`	`+ + ". For troubleshooting information, refer to the applicable Private Operator guide: see https://unifiedid.com/docs/guides/integration-options-private-operator.");`
`53`	`53`	`}`
`54`	`54`	`}`
`55`	`55`	`catch (CloudStorageException e) {`
`@@ -58,8 +58,8 @@ public InputStream download(String cloudPath) throws CloudStorageException {`
`58`	`58`	`}`
`59`	`59`	`catch (Throwable t) {`
`60`	`60`	`// Do not log the original exception as it may contain sensitive information such as the pre-signed URL`
`61`		`- throw new CloudStorageException("Cannot download required files, exception: " + t.getClass().getSimpleName() +`
`62`		`- ", please visit UID2 guides for more details");`
	`61`	`+ throw new CloudStorageException("E12: Data Download Failure - exception: " + t.getClass().getSimpleName() +`
	`62`	`+ ". For troubleshooting information, refer to the applicable Private Operator guide: see https://unifiedid.com/docs/guides/integration-options-private-operator.");`
`63`	`63`	`}`
`64`	`64`	`}`
`65`	`65`
Original file line number	Diff line number	Diff line change
`@@ -414,8 +414,13 @@ private void cloudDownloadBlocking(String s3Path) throws Exception {`
`414`	`414`
`415`	`415`	`downloadFailureTimer.record(java.time.Duration.ofMillis(cloudDownloadTimeMs));`
`416`	`416`	`// Be careful as the s3Path may contain the pre-signed S3 token, so do not log the whole path`
`417`		`- LOGGER.error("download error: " + ex.getClass().getSimpleName());`
`418`		`- throw new CloudStorageException("Download failed");`
	`417`	`+ LOGGER.error("Cloud storage download error, exception type: " + ex.getClass().getSimpleName());`
	`418`	`+`
	`419`	`+ if (ex instanceof CloudStorageException) {`
	`420`	`+ throw (CloudStorageException) ex;`
	`421`	`+ }`
	`422`	`+ throw new CloudStorageException("E12: Data Download Failure - Failed to download file from cloud storage, exception: "`
	`423`	`+ + ex.getClass().getSimpleName() + ". Check network connectivity and service availability.");`
`419`	`424`	`}`
`420`	`425`	`}`
`421`	`426`