Update to add flag for forcing https

Update version number to indicate breaking change.

Fix

Author: coltfred

pom.xml

@@ -8,7 +8,7 @@
   <groupId>com.ironcorelabs</groupId>
   <artifactId>tenant-security-java</artifactId>
   <packaging>jar</packaging>
-  <version>7.2.3</version>
+  <version>8.0.0</version>
   <name>tenant-security-java</name>
   <url>https://ironcorelabs.com/docs</url>
   <description>Java client library for the IronCore Labs Tenant Security Proxy.</description>
@@ -63,7 +63,7 @@
     </dependency>
     <dependency>
       <groupId>com.google.http-client</groupId>
-      <artifactId>google-http-client-jackson2</artifactId>
+      <artifactId>google-http-client-gson</artifactId>
     </dependency>
     <dependency>
       <groupId>com.google.http-client</groupId>
@@ -144,10 +144,10 @@
         <artifactId>maven-compiler-plugin</artifactId>
         <version>3.8.1</version>
         <configuration>
-          <source>11</source>
-          <target>11</target>
-          <testSource>11</testSource>
-          <testTarget>11</testTarget>
+          <source>17</source>
+          <target>17</target>
+          <testSource>17</testSource>
+          <testTarget>17</testTarget>
           <compilerArgument>-Xlint:unchecked</compilerArgument>
         </configuration>
       </plugin>

src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityClient.java

@@ -4,6 +4,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.SecureRandom;
 import java.security.Security;
@@ -37,87 +38,169 @@ public final class TenantSecurityClient implements Closeable {
 
   private DeterministicTenantSecurityClient deterministicClient;
 
-  /**
-   * Default size of web request thread pool. Defaults to 25.
-   */
-  public static int DEFAULT_REQUEST_THREADPOOL_SIZE = 25;
+  private TenantSecurityClient(Builder builder) throws Exception {
+    // Validate domain
+    TenantSecurityClient.checkUrlForm(builder.tspDomain, builder.allowInsecureHttp);
 
-  /**
-   * Default size of the threadpool used for AES encryptions/decryptions. Defaults to the number of
-   * cores on the machine being run on.
-   */
-  public static int DEFAULT_AES_THREADPOOL_SIZE = Runtime.getRuntime().availableProcessors();
+    if (builder.apiKey == null || builder.apiKey.isEmpty()) {
+      throw new IllegalArgumentException("No value provided for apiKey!");
+    }
+    if (builder.randomGen == null) {
+      throw new IllegalArgumentException("No value provided for random number generator!");
+    }
+    if (builder.requestThreadSize < 1) {
+      throw new IllegalArgumentException(
+          "Value provided for request threadpool size must be greater than 0!");
+    }
+    if (builder.aesThreadSize < 1) {
+      throw new IllegalArgumentException(
+          "Value provided for AES threadpool size must be greater than 0!");
+    }
+    if (builder.timeout < 1) {
+      throw new IllegalArgumentException("Value provided for timeout must be greater than 0!");
+    }
 
-  /**
-   * Default timeout in ms for the connection to the TSP.
-   */
-  public static int DEFAULT_TIMEOUT_MS = 20000;
+    this.encryptionExecutor = Executors.newFixedThreadPool(builder.aesThreadSize);
+    this.encryptionService = new TenantSecurityRequest(builder.tspDomain, builder.apiKey,
+        builder.requestThreadSize, builder.timeout);
+    this.deterministicClient =
+        new DeterministicTenantSecurityClient(this.encryptionExecutor, this.encryptionService);
 
-  /**
-   * Constructor for TenantSecurityClient class that uses the SecureRandom NativePRNGNonBlocking
-   * instance for random number generation.
-   *
-   * @param tspDomain Domain where the Tenant Security Proxy is running.
-   * @param apiKey Key to use for requests to the Tenant Security Proxy.
-   * @throws Exception If the provided domain is invalid.
-   */
-  public TenantSecurityClient(String tspDomain, String apiKey) throws Exception {
-    this(tspDomain, apiKey, DEFAULT_REQUEST_THREADPOOL_SIZE, DEFAULT_AES_THREADPOOL_SIZE,
-        SecureRandom.getInstance("NativePRNGNonBlocking"));
+    Security.setProperty("crypto.policy", "unlimited");
+    this.secureRandom = builder.randomGen;
   }
 
   /**
-   * Constructor for TenantSecurityClient class that allows call to provide web request and AES
-   * operation thread pool sizes. Uses the SecureRandom NativePRNGNonBlocking instance for random
-   * number generation.
+   * Ensures that the url is valid and if allowInsecureHttp is false that the tsp url must be https.
+   * Will throw if the URL isn't valid or if https is enforced and not provided.
    *
-   * @param tspDomain Domain where the Tenant Security Proxy is running.
-   * @param apiKey Key to use for requests to the Tenant Security Proxy.
-   * @param requestThreadSize Number of threads to use for fixed-size web request thread pool
-   * @param aesThreadSize Number of threads to use for fixed-size AES operations threadpool
-   * @throws Exception If the provided domain is invalid.
+   * @param url The Url to check
+   * @param allowInsecureHttp If normal http should be allowed..
    */
-  public TenantSecurityClient(String tspDomain, String apiKey, int requestThreadSize,
-      int aesThreadSize) throws Exception {
-    this(tspDomain, apiKey, requestThreadSize, aesThreadSize,
-        SecureRandom.getInstance("NativePRNGNonBlocking"));
+  private static void checkUrlForm(String url, boolean allowInsecureHttp) {
+    try {
+      URL parsed = new URL(url);
+      String protocol = parsed.getProtocol();
+      if (!allowInsecureHttp && !"https".equalsIgnoreCase(protocol)) {
+        throw new IllegalArgumentException("Insecure HTTP URL not allowed: " + url);
+      }
+    } catch (MalformedURLException e) {
+      throw new IllegalArgumentException("Invalid URL: " + url, e);
+    }
   }
 
-  /**
-   * Constructor for TenantSecurityClient class that allows call to provide web request and AES
-   * operation thread pool sizes. Uses the SecureRandom NativePRNGNonBlocking instance for random
-   * number generation.
-   *
-   * @param tspDomain Domain where the Tenant Security Proxy is running.
-   * @param apiKey Key to use for requests to the Tenant Security Proxy.
-   * @param requestThreadSize Number of threads to use for fixed-size web request thread pool
-   * @param aesThreadSize Number of threads to use for fixed-size AES operations threadpool
-   * @param timeout Request to TSP read and connect timeout in ms.
-   *
-   * @throws Exception If the provided domain is invalid.
-   */
-  public TenantSecurityClient(String tspDomain, String apiKey, int requestThreadSize,
-      int aesThreadSize, int timeout) throws Exception {
-    this(tspDomain, apiKey, requestThreadSize, aesThreadSize,
-        SecureRandom.getInstance("NativePRNGNonBlocking"), timeout);
-  }
+  public static class Builder {
+
+    /**
+     * Default size of web request thread pool. Defaults to 25.
+     */
+    public static int DEFAULT_REQUEST_THREADPOOL_SIZE = 25;
+
+    /**
+     * Default size of the threadpool used for AES encryptions/decryptions. Defaults to the number
+     * of cores on the machine being run on.
+     */
+    public static int DEFAULT_AES_THREADPOOL_SIZE = Runtime.getRuntime().availableProcessors();
+
+    /**
+     * Default timeout in ms for the connection to the TSP.
+     */
+    public static int DEFAULT_TIMEOUT_MS = 20000;
+
+    private final String tspDomain;
+    private final String apiKey;
+
+    private int requestThreadSize = DEFAULT_REQUEST_THREADPOOL_SIZE;
+    private int aesThreadSize = DEFAULT_AES_THREADPOOL_SIZE;
+    private int timeout = DEFAULT_TIMEOUT_MS;
+    private boolean allowInsecureHttp = false;
+    // If this is null when build is called we set it to the default. Don't set it here
+    // in case the default isn't available on their OS.
+    private SecureRandom randomGen = null;
+
+    /**
+     * Builder for TenantSecurityClient class.
+     *
+     * @param tspDomain Domain where the Tenant Security Proxy is running.
+     * @param apiKey Key to use for requests to the Tenant Security Proxy.
+     * @param tspDomain
+     * @param apiKey
+     */
+    public Builder(String tspDomain, String apiKey) {
+      this.tspDomain = tspDomain;
+      this.apiKey = apiKey;
+    }
 
-  /**
-   * Constructor for TenantSecurityClient class that allows for modifying the random number
-   * generator used for encryption. Sets a default connect and read timeout of 20s.
-   *
-   * @param tspDomain Domain where the Tenant Security Proxy is running.
-   * @param apiKey Key to use for requests to the Tenant Security Proxy.
-   * @param requestThreadSize Number of threads to use for fixed-size web request thread pool
-   * @param aesThreadSize Number of threads to use for fixed-size AES operations threadpool
-   * @param randomGen Instance of SecureRandom to use for PRNG when performing encryption
-   *        operations.
-   * @throws Exception If the provided domain is invalid or the provided SecureRandom instance is
-   *         not set.
-   */
-  public TenantSecurityClient(String tspDomain, String apiKey, int requestThreadSize,
-      int aesThreadSize, SecureRandom randomGen) throws Exception {
-    this(tspDomain, apiKey, requestThreadSize, aesThreadSize, randomGen, DEFAULT_TIMEOUT_MS);
+    /**
+     * Sets the web request pool size. Defaults to DEFAULT_REQUEST_THREADPOOL_SIZE.
+     *
+     * @param size Number of threads to use for fixed-size web request thread pool.
+     * @return The builder
+     */
+    public Builder requestThreadSize(int size) {
+      this.requestThreadSize = size;
+      return this;
+    }
+
+    /**
+     * Sets the number of threads to use for fixed-size AES operations threadpool. Defaults to
+     * DEFAULT_AES_THREADPOOL_SIZE
+     *
+     * @param size The size of the aes thread pool.
+     * @return The builder
+     */
+    public Builder aesThreadSize(int size) {
+      this.aesThreadSize = size;
+      return this;
+    }
+
+    /**
+     * Sets the timeout in milliseconds for communicating with the TSP.
+     *
+     * @param timeout Timeout in milliseconds for the TSP requests.
+     * @return The builder
+     */
+    public Builder timeoutMs(int timeout) {
+      this.timeout = timeout;
+      return this;
+    }
+
+    /**
+     * Sets the random number generator. This should be set with care as the generator must be
+     * cryptographically secure. Defaults to "NativePRNGNonBlocking"
+     *
+     * @param random A new random number generator to use.
+     * @return The builder
+     */
+    public Builder random(SecureRandom random) {
+      this.randomGen = random;
+      return this;
+    }
+
+    /**
+     * Sets allowInsecureHttp. Defaults to false.
+     *
+     * @param allow If the TSP is allowed to be reachable via http.
+     * @return The builder
+     */
+    public Builder allowInsecureHttp(boolean allow) {
+      this.allowInsecureHttp = allow;
+      return this;
+    }
+
+    /**
+     * Construct the TenantSecurityClient fron the builder.
+     *
+     * @return The newly constructed TenantSecurityClient.
+     * @throws Exception If the tsp url isn't valid or if HTTPS is required and not provided.
+     */
+    public TenantSecurityClient build() throws Exception {
+      // Check this here in case they don't have support for NativePRNGNonBlocking.
+      if (this.randomGen == null) {
+        this.randomGen = SecureRandom.getInstance("NativePRNGNonBlocking");
+      }
+      return new TenantSecurityClient(this);
+    }
   }
 
   /**
@@ -135,7 +218,8 @@ public TenantSecurityClient(String tspDomain, String apiKey, int requestThreadSi
    *         not set.
    */
   public TenantSecurityClient(String tspDomain, String apiKey, int requestThreadSize,
-      int aesThreadSize, SecureRandom randomGen, int timeout) throws Exception {
+      int aesThreadSize, SecureRandom randomGen, int timeout, boolean allowInsecureHttp)
+      throws Exception {
     // Use the URL class to validate the form of the provided TSP domain URL
     new URL(tspDomain);
     if (apiKey == null || apiKey.isEmpty()) {
@@ -162,8 +246,6 @@ public TenantSecurityClient(String tspDomain, String apiKey, int requestThreadSi
     this.deterministicClient =
         new DeterministicTenantSecurityClient(this.encryptionExecutor, this.encryptionService);
 
-    // Update the crypto policy to allow us to use 256 bit AES keys
-    Security.setProperty("crypto.policy", "unlimited");
     this.secureRandom = randomGen;
   }
 
@@ -191,7 +273,8 @@ public DeterministicTenantSecurityClient getDeterministicClient() {
    * @return CompletableFuture that resolves in a instance of the TenantSecurityClient class.
    */
   public static CompletableFuture<TenantSecurityClient> create(String tspDomain, String apiKey) {
-    return CompletableFutures.tryCatchNonFatal(() -> new TenantSecurityClient(tspDomain, apiKey));
+    return CompletableFutures
+        .tryCatchNonFatal(() -> new TenantSecurityClient.Builder(tspDomain, apiKey).build());
   }
 
   /**

src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityRequest.java

@@ -20,7 +20,7 @@
 import com.google.api.client.http.json.JsonHttpContent;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.JsonObjectParser;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import com.google.api.client.util.Value;
 import com.ironcorelabs.tenantsecurity.kms.v1.exception.TenantSecurityException;
 import com.ironcorelabs.tenantsecurity.kms.v1.exception.TspServiceException;
@@ -35,7 +35,11 @@
  * works to parse out error codes on wrap/unwrap failures.
  */
 final class TenantSecurityRequest implements Closeable {
-  private static final JsonFactory JSON_FACTORY = new JacksonFactory();
+  private static final JsonFactory JSON_FACTORY = GsonFactory.getDefaultInstance();
+
+  private static String stripTrailingSlash(String s) {
+    return (s == null) ? null : s.replaceAll("/+$", "");
+  }
 
   // Fixed sized thread pool for web requests. Limit the amount of parallel web
   // requests that we let go out at any given time. We don't want to DoS our
@@ -67,8 +71,7 @@ final class TenantSecurityRequest implements Closeable {
     headers.put("x-icl-tsc-version", sdkVersion);
 
     this.httpHeaders = headers;
-
-    String tspApiPrefix = tspDomain + "/api/1/";
+    String tspApiPrefix = stripTrailingSlash(tspDomain) + "/api/1/";
     this.wrapEndpoint = new GenericUrl(tspApiPrefix + "document/wrap");
     this.batchWrapEndpoint = new GenericUrl(tspApiPrefix + "document/batch-wrap");
     this.unwrapEndpoint = new GenericUrl(tspApiPrefix + "document/unwrap");

src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/DevIntegrationTest.java

@@ -24,38 +24,6 @@ public class DevIntegrationTest {
   private String AZURE_TENANT_ID = "INTEGRATION-TEST-AZURE";
   private String INTEGRATION_API_KEY = System.getenv("API_KEY");
 
-  @Test(expectedExceptions = java.net.MalformedURLException.class)
-  public void constructorUrlTest() throws Exception {
-    new TenantSecurityClient("foobaz", "apiKey").close();
-  }
-
-  @Test(expectedExceptions = IllegalArgumentException.class)
-  public void missingApiKeyTest() throws Exception {
-    new TenantSecurityClient("http://localhost", null).close();
-  }
-
-  @Test(expectedExceptions = IllegalArgumentException.class)
-  public void emptyApiKeyTest() throws Exception {
-    new TenantSecurityClient("http://localhost", "").close();
-  }
-
-  @Test(expectedExceptions = IllegalArgumentException.class)
-  public void invalidRequestThreadpoolSize() throws Exception {
-    new TenantSecurityClient("http://localhost", "apiKey", 0, 1).close();
-  }
-
-  @Test(expectedExceptions = IllegalArgumentException.class)
-  public void invalidCryptoThreadpoolSize() throws Exception {
-    new TenantSecurityClient("http://localhost", "apiKey", 1, 0).close();
-  }
-
-  @Test(expectedExceptions = IllegalArgumentException.class)
-  public void missingRandomGen() throws Exception {
-    new TenantSecurityClient("http://localhost", "apiKey",
-        TenantSecurityClient.DEFAULT_REQUEST_THREADPOOL_SIZE,
-        TenantSecurityClient.DEFAULT_AES_THREADPOOL_SIZE, null).close();
-  }
-
   private void assertEqualBytes(byte[] one, byte[] two) throws Exception {
     assertEquals(new String(one, "UTF-8"), new String(two, "UTF-8"));
   }