Skip to content

Commit ff87718

Browse files
gmsdelmundogmsdelmundo
committed
Added v2/token/generate and v2/token/client-generate refresh optout tests
1 parent c702d41 commit ff87718

2 files changed

Lines changed: 59 additions & 31 deletions

File tree

src/main/java/com/uid2/operator/model/KeyManager.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
import java.util.stream.Collectors;
1717

1818
public class KeyManager {
19-
private static final Logger LOGGER = LoggerFactory.getLogger(UIDOperatorVerticle.class);
19+
private static final Logger LOGGER = LoggerFactory.getLogger(KeyManager.class);
2020
private final IKeysetKeyStore keysetKeyStore;
2121
private final RotatingKeysetProvider keysetProvider;
2222

@@ -76,7 +76,6 @@ public KeysetKey getKey(int keyId) {
7676
return this.keysetKeyStore.getSnapshot().getKey(keyId);
7777
}
7878

79-
8079
public List<KeysetKey> getKeysForSharingOrDsps() {
8180
Map<Integer, Keyset> keysetMap = this.keysetProvider.getSnapshot().getAllKeysets();
8281
List<KeysetKey> keys = keysetKeyStore.getSnapshot().getAllKeysetKeys();

src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java

Lines changed: 58 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -137,10 +137,11 @@ public class UIDOperatorVerticleTest {
137137
private IConfigStore configStore;
138138
private UidInstanceIdProvider uidInstanceIdProvider;
139139

140+
private final JsonObject config = new JsonObject();
140141
private SimpleMeterRegistry registry;
141142
private ExtendedUIDOperatorVerticle uidOperatorVerticle;
142143
private RuntimeConfig runtimeConfig;
143-
private final JsonObject config = new JsonObject();
144+
private EncryptedTokenEncoder encoder;
144145

145146
@BeforeEach
146147
void deployVerticle(Vertx vertx, VertxTestContext testContext, TestInfo testInfo) {
@@ -169,6 +170,8 @@ void deployVerticle(Vertx vertx, VertxTestContext testContext, TestInfo testInfo
169170

170171
this.registry = new SimpleMeterRegistry();
171172
Metrics.globalRegistry.add(registry);
173+
174+
this.encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
172175
}
173176

174177
@AfterEach
@@ -1673,8 +1676,6 @@ void tokenGenerateOptOutToken(String policyParameterKey, String identity, Identi
16731676

16741677
decodeV2RefreshToken(json);
16751678

1676-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
1677-
16781679
AdvertisingToken advertisingToken = validateAndGetToken(encoder, body, identityType);
16791680
RefreshToken refreshToken = encoder.decodeRefreshToken(body.getString("decrypted_refresh_token"));
16801681
final byte[] advertisingId = getAdvertisingIdFromIdentity(identityType,
@@ -1775,7 +1776,6 @@ void tokenGenerateForEmail(boolean useV4Uid, String contentType, Vertx vertx, Ve
17751776
setupKeys();
17761777

17771778
SaltEntry salt = useV4Uid ? setupSaltsForV4UidAndV4PrevUid() : setupSalts();
1778-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
17791779

17801780
JsonObject v2Payload = new JsonObject();
17811781
v2Payload.put("email", emailAddress);
@@ -1834,7 +1834,6 @@ void tokenGenerateForEmailHash(Vertx vertx, VertxTestContext testContext) {
18341834
assertEquals("success", json.getString("status"));
18351835
JsonObject body = json.getJsonObject("body");
18361836
assertNotNull(body);
1837-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
18381837

18391838
AdvertisingToken advertisingToken = validateAndGetToken(encoder, body, IdentityType.Email);
18401839

@@ -1882,7 +1881,6 @@ void tokenGenerateThenRefresh(
18821881
setupKeys();
18831882

18841883
SaltEntry salt = useV4Uid ? setupSaltsForV4UidAndV4PrevUid() : setupSalts();
1885-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
18861884

18871885
Map<String, String> additionalHeaders = Map.of(ClientVersionHeader, iosClientVersionHeaderValue,
18881886
HttpHeaders.CONTENT_TYPE.toString(), contentType);
@@ -1982,7 +1980,6 @@ void tokenGenerateThenRefreshSaltsExpired(Vertx vertx, VertxTestContext testCont
19821980
assertEquals("success", refreshRespJson.getString("status"));
19831981
JsonObject refreshBody = refreshRespJson.getJsonObject("body");
19841982
assertNotNull(refreshBody);
1985-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
19861983

19871984
AdvertisingToken advertisingToken = validateAndGetToken(encoder, refreshBody, IdentityType.Email);
19881985

@@ -2057,7 +2054,6 @@ void tokenGenerateThenValidateWithEmail_Match(boolean useV4Uid, Vertx vertx, Ver
20572054
setupKeys();
20582055

20592056
SaltEntry salt = useV4Uid ? setupSaltsForV4UidAndV4PrevUid() : setupSalts();
2060-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
20612057

20622058
generateTokens(vertx, "email", emailAddress, genRespJson -> {
20632059
assertEquals("success", genRespJson.getString("status"));
@@ -2165,7 +2161,6 @@ void tokenGenerateUsingCustomSiteKey(Vertx vertx, VertxTestContext testContext)
21652161
assertEquals("success", json.getString("status"));
21662162
JsonObject body = json.getJsonObject("body");
21672163
assertNotNull(body);
2168-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
21692164

21702165
AdvertisingToken advertisingToken = validateAndGetToken(encoder, body, IdentityType.Email);
21712166
assertEquals(clientSiteId, advertisingToken.publisherIdentity.siteId);
@@ -2196,7 +2191,6 @@ void tokenGenerateSaltsExpired(Vertx vertx, VertxTestContext testContext) {
21962191
assertEquals("success", json.getString("status"));
21972192
JsonObject body = json.getJsonObject("body");
21982193
assertNotNull(body);
2199-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
22002194

22012195
AdvertisingToken advertisingToken = validateAndGetToken(encoder, body, IdentityType.Email);
22022196

@@ -2281,13 +2275,23 @@ void tokenRefreshInvalidTokenUnauthenticated(Vertx vertx, VertxTestContext testC
22812275
});
22822276
}
22832277

2284-
private void generateRefreshToken(Vertx vertx, String identityType, String identity, int siteId, Handler<JsonObject> handler) {
2278+
private void generateRefreshToken(Vertx vertx, String identityType, String identity, int siteId, boolean useV4Uid, Handler<JsonObject> handler) {
22852279
fakeAuth(siteId, Role.GENERATOR);
2286-
setupSalts();
22872280
setupKeys();
2281+
2282+
if (useV4Uid) {
2283+
setupSaltsForV4UidAndV4PrevUid();
2284+
} else {
2285+
setupSalts();
2286+
}
2287+
22882288
generateTokens(vertx, identityType, identity, handler);
22892289
}
22902290

2291+
private void generateRefreshToken(Vertx vertx, String identityType, String identity, int siteId, Handler<JsonObject> handler) {
2292+
generateRefreshToken(vertx, identityType, identity, siteId, false, handler);
2293+
}
2294+
22912295
@Test
22922296
void captureDurationsBetweenRefresh(Vertx vertx, VertxTestContext testContext) {
22932297
final int clientSiteId = 201;
@@ -2409,17 +2413,29 @@ void tokenRefreshOptOut(boolean useV4Uid, Vertx vertx, VertxTestContext testCont
24092413
});
24102414
}
24112415

2412-
@Test
2413-
void tokenRefreshOptOutBeforeLogin(Vertx vertx, VertxTestContext testContext) {
2416+
@ParameterizedTest
2417+
@CsvSource({
2418+
"true,true",
2419+
"true,false",
2420+
"false,true",
2421+
"false,false"
2422+
})
2423+
void tokenRefreshOptOutBeforeLogin(boolean useV4Uid, boolean useRefreshedV4Uid, Vertx vertx, VertxTestContext testContext) {
24142424
final int clientSiteId = 201;
24152425
final String emailAddress = "test@uid2.com";
2416-
generateRefreshToken(vertx, "email", emailAddress, clientSiteId, genRespJson -> {
2426+
generateRefreshToken(vertx, "email", emailAddress, clientSiteId, useV4Uid, genRespJson -> {
24172427
JsonObject bodyJson = genRespJson.getJsonObject("body");
24182428
String refreshToken = bodyJson.getString("refresh_token");
24192429
String refreshTokenDecryptSecret = bodyJson.getString("refresh_response_key");
24202430

24212431
when(this.optOutStore.getLatestEntry(any())).thenReturn(now.minusSeconds(10));
24222432

2433+
if (useRefreshedV4Uid) {
2434+
setupSaltsForV4UidAndV4PrevUid();
2435+
} else {
2436+
setupSalts();
2437+
}
2438+
24232439
sendTokenRefresh(vertx, testContext, refreshToken, refreshTokenDecryptSecret, 200, refreshRespJson -> {
24242440
assertEquals("optout", refreshRespJson.getString("status"));
24252441
assertNull(refreshRespJson.getJsonObject("body"));
@@ -2948,7 +2964,6 @@ void tokenGenerateForPhone(Vertx vertx, VertxTestContext testContext) {
29482964
assertEquals("success", json.getString("status"));
29492965
JsonObject body = json.getJsonObject("body");
29502966
assertNotNull(body);
2951-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
29522967

29532968
AdvertisingToken advertisingToken = validateAndGetToken(encoder, body, IdentityType.Phone);
29542969

@@ -2985,7 +3000,6 @@ void tokenGenerateForPhoneHash(Vertx vertx, VertxTestContext testContext) {
29853000
assertEquals("success", json.getString("status"));
29863001
JsonObject body = json.getJsonObject("body");
29873002
assertNotNull(body);
2988-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
29893003

29903004
AdvertisingToken advertisingToken = validateAndGetToken(encoder, body, IdentityType.Phone);
29913005

@@ -3027,7 +3041,6 @@ void tokenGenerateThenRefreshForPhone(Vertx vertx, VertxTestContext testContext)
30273041
assertEquals("success", refreshRespJson.getString("status"));
30283042
JsonObject refreshBody = refreshRespJson.getJsonObject("body");
30293043
assertNotNull(refreshBody);
3030-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
30313044

30323045
AdvertisingToken advertisingToken = validateAndGetToken(encoder, refreshBody, IdentityType.Phone);
30333046

@@ -3764,7 +3777,6 @@ void cstgDomainNameCheckPasses(String httpOrigin, Vertx vertx, VertxTestContext
37643777

37653778
JsonObject refreshBody = respJson.getJsonObject("body");
37663779
assertNotNull(refreshBody);
3767-
var encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
37683780
validateAndGetToken(encoder, refreshBody, IdentityType.Email); //to validate token version is correct
37693781
testContext.completeNow();
37703782
});
@@ -3791,7 +3803,6 @@ void cstgAppNameCheckPasses(String appName, Vertx vertx, VertxTestContext testCo
37913803

37923804
JsonObject refreshBody = respJson.getJsonObject("body");
37933805
assertNotNull(refreshBody);
3794-
var encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
37953806
validateAndGetToken(encoder, refreshBody, IdentityType.Email); //to validate token version is correct
37963807
assertTokenStatusMetrics(
37973808
clientSideTokenGenerateSiteId,
@@ -4300,19 +4311,31 @@ private Tuple.Tuple2<JsonObject, SecretKey> createClientSideTokenGenerateRequest
43004311

43014312
@ParameterizedTest
43024313
@CsvSource({
4303-
"test@example.com,Email",
4304-
"+61400000000,Phone"
4314+
"true,true,test@example.com,Email",
4315+
"true,true,+61400000000,Phone",
4316+
4317+
"true,false,test@example.com,Email",
4318+
"true,false,+61400000000,Phone",
4319+
4320+
"false,true,test@example.com,Email",
4321+
"false,true,+61400000000,Phone",
4322+
4323+
"false,false,test@example.com,Email",
4324+
"false,false,+61400000000,Phone"
43054325
})
4306-
void cstgUserOptsOutAfterTokenGenerate(String id, IdentityType identityType, Vertx vertx, VertxTestContext testContext) throws NoSuchAlgorithmException, InvalidKeyException {
4326+
void cstgUserOptsOutAfterTokenGenerate(
4327+
boolean useV4Uid, boolean useRefreshedV4Uid, String id, IdentityType identityType,
4328+
Vertx vertx, VertxTestContext testContext) throws NoSuchAlgorithmException, InvalidKeyException {
43074329
setupCstgBackend("cstg.co.uk");
43084330

4331+
SaltEntry salt = useV4Uid ? setupSaltsForV4UidAndV4PrevUid() : setupSalts();
4332+
43094333
final Tuple.Tuple2<JsonObject, SecretKey> data = createClientSideTokenGenerateRequest(identityType, id, Instant.now().toEpochMilli());
43104334

43114335
// When we generate the token the user hasn't opted out.
43124336
when(optOutStore.getLatestEntry(any(UserIdentity.class)))
43134337
.thenReturn(null);
43144338

4315-
final EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
43164339
final ArgumentCaptor<UserIdentity> argumentCaptor = ArgumentCaptor.forClass(UserIdentity.class);
43174340

43184341
sendCstg(vertx,
@@ -4332,12 +4355,22 @@ void cstgUserOptsOutAfterTokenGenerate(String id, IdentityType identityType, Ver
43324355
final AdvertisingToken advertisingToken = validateAndGetToken(encoder, genBody, identityType);
43334356
final RefreshToken refreshToken = decodeRefreshToken(encoder, decodeV2RefreshToken(response), identityType);
43344357

4335-
assertAreClientSideGeneratedTokens(advertisingToken, refreshToken, clientSideTokenGenerateSiteId, identityType, id);
4358+
if (useV4Uid) {
4359+
assertAreClientSideGeneratedTokens(advertisingToken, refreshToken, clientSideTokenGenerateSiteId, identityType, id, salt.currentKeySalt(), false);
4360+
} else {
4361+
assertAreClientSideGeneratedTokens(advertisingToken, refreshToken, clientSideTokenGenerateSiteId, identityType, id);
4362+
}
43364363

43374364
// When we refresh the token the user has opted out.
43384365
when(optOutStore.getLatestEntry(any(UserIdentity.class)))
43394366
.thenReturn(advertisingToken.userIdentity.establishedAt.plusSeconds(1));
43404367

4368+
if (useRefreshedV4Uid) {
4369+
setupSaltsForV4UidAndV4PrevUid();
4370+
} else {
4371+
setupSalts();
4372+
}
4373+
43414374
sendTokenRefresh(vertx, testContext, genBody.getString("refresh_token"), genBody.getString("refresh_response_key"), 200, refreshRespJson -> {
43424375
assertEquals("optout", refreshRespJson.getString("status"));
43434376
testContext.completeNow();
@@ -4382,7 +4415,6 @@ void cstgSuccessForBothOptedAndNonOptedOutTest(
43824415
setupCstgBackend("cstg.co.uk");
43834416

43844417
SaltEntry salt = useV4Uid ? setupSaltsForV4UidAndV4PrevUid() : setupSalts();
4385-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
43864418

43874419
Tuple.Tuple2<JsonObject, SecretKey> data = createClientSideTokenGenerateRequest(identityType, id, Instant.now().toEpochMilli());
43884420

@@ -4513,7 +4545,6 @@ void cstgSaltsExpired(String httpOrigin, Vertx vertx, VertxTestContext testConte
45134545

45144546
JsonObject refreshBody = respJson.getJsonObject("body");
45154547
assertNotNull(refreshBody);
4516-
var encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
45174548
validateAndGetToken(encoder, refreshBody, IdentityType.Email); //to validate token version is correct
45184549

45194550
verify(shutdownHandler, atLeastOnce()).handleSaltRetrievalResponse(true);
@@ -4842,7 +4873,6 @@ void tokenGenerateRotatingKeysets_GENERATOR(String testRun, Vertx vertx, VertxTe
48424873
assertEquals("success", json.getString("status"));
48434874
JsonObject body = json.getJsonObject("body");
48444875
assertNotNull(body);
4845-
EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(new KeyManager(keysetKeyStore, keysetProvider));
48464876

48474877
AdvertisingToken advertisingToken = validateAndGetToken(encoder, body, IdentityType.Email);
48484878
assertEquals(clientSiteId, advertisingToken.publisherIdentity.siteId);
@@ -5027,7 +5057,6 @@ public void keyBidstreamReturnsCustomMaxBidstreamLifetimeHeader(Vertx vertx, Ver
50275057
}
50285058
}
50295059

5030-
50315060
private static Stream<Arguments> testKeyDownloadEndpointKeysetsData_IDREADER() {
50325061
int[] expectedSiteIds = new int[]{101, 102};
50335062
int[] allMockedSiteIds = new int[]{101, 102, 103, 105};

0 commit comments

Comments
 (0)