Merge pull request #213 from DP-3T/feature/insert-manager

Feature/insert manager

dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/config/WSBaseConfig.java

@@ -34,6 +34,16 @@
 import org.dpppt.backend.sdk.ws.controller.DPPPTController;
 import org.dpppt.backend.sdk.ws.controller.GaenController;
 import org.dpppt.backend.sdk.ws.filter.ResponseWrapperFilter;
+import org.dpppt.backend.sdk.ws.insertmanager.InsertManager;
+import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.AssertKeyFormat;
+import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceMatchingJWTClaimsForExposed;
+import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceMatchingJWTClaimsForExposedNextDay;
+import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceRetentionPeriod;
+import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceValidRollingPeriod;
+import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.RemoveFakeKeys;
+import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.RemoveKeysFromFuture;
+import org.dpppt.backend.sdk.ws.insertmanager.insertionmodifier.IOSLegacyProblemRPLT144Modifier;
+import org.dpppt.backend.sdk.ws.insertmanager.insertionmodifier.OldAndroid0RPModifier;
 import org.dpppt.backend.sdk.ws.interceptor.HeaderInjector;
 import org.dpppt.backend.sdk.ws.security.KeyVault;
 import org.dpppt.backend.sdk.ws.security.NoValidateRequest;
@@ -45,6 +55,7 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Lazy;
@@ -203,6 +214,61 @@ public ProtoSignature gaenSigner() {
     }
   }
 
+  @Bean
+  public InsertManager insertManagerExposed() {
+    var manager = new InsertManager(gaenDataService(), gaenValidationUtils());
+    manager.addFilter(new AssertKeyFormat(gaenValidationUtils()));
+    manager.addFilter(new EnforceMatchingJWTClaimsForExposed(gaenRequestValidator));
+    manager.addFilter(new RemoveKeysFromFuture());
+    manager.addFilter(new EnforceRetentionPeriod(gaenValidationUtils()));
+    manager.addFilter(new RemoveFakeKeys());
+    manager.addFilter(new EnforceValidRollingPeriod());
+    return manager;
+  }
+
+  @Bean
+  public InsertManager insertManagerExposedNextDay() {
+    var manager = new InsertManager(gaenDataService(), gaenValidationUtils());
+    manager.addFilter(new AssertKeyFormat(gaenValidationUtils()));
+    manager.addFilter(new EnforceMatchingJWTClaimsForExposedNextDay(gaenValidationUtils()));
+    manager.addFilter(new RemoveKeysFromFuture());
+    manager.addFilter(new EnforceRetentionPeriod(gaenValidationUtils()));
+    manager.addFilter(new RemoveFakeKeys());
+    manager.addFilter(new EnforceValidRollingPeriod());
+    return manager;
+  }
+
+  /**
+   * Even though there are probably no android devices left that send TEKs with rollingPeriod of 0,
+   * this modifier will not hurt. Every TEK with rollingPeriod of 0 will be reported.
+   */
+  @ConditionalOnProperty(
+      value = "ws.app.gaen.insertmanager.android0rpmodifier",
+      havingValue = "true",
+      matchIfMissing = false)
+  @Bean
+  public OldAndroid0RPModifier oldAndroid0RPModifier(InsertManager manager) {
+    var androidModifier = new OldAndroid0RPModifier();
+    manager.addModifier(androidModifier);
+    return androidModifier;
+  }
+
+  /**
+   * This modifier will most probably not be enabled, as there should be very little iOS devices
+   * left that cannot handle a non-144 rollingPeriod key. Also, up to 8th of September 2020, Android
+   * did not release same day keys.
+   */
+  @ConditionalOnProperty(
+      value = "ws.app.gaen.insertmanager.iosrplt144modifier",
+      havingValue = "true",
+      matchIfMissing = false)
+  @Bean
+  public IOSLegacyProblemRPLT144Modifier iosLegacyProblemRPLT144(InsertManager manager) {
+    var iosModifier = new IOSLegacyProblemRPLT144Modifier();
+    manager.addModifier(iosModifier);
+    return iosModifier;
+  }
+
   @Bean
   public DPPPTController dppptSDKController() {
     ValidateRequest theValidator = requestValidator;
@@ -237,6 +303,8 @@ public GaenController gaenController() {
       theValidator = backupValidator();
     }
     return new GaenController(
+        insertManagerExposed(),
+        insertManagerExposedNextDay(),
         gaenDataService(),
         fakeKeyService(),
         theValidator,

dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DPPPTController.java

@@ -116,25 +116,25 @@ public DPPPTController(
                       + " + OS-Version",
               example = "ch.ubique.android.starsdk;1.0;iOS;13.3")
           String userAgent,
-      @AuthenticationPrincipal Object principal) {
+      @AuthenticationPrincipal Object principal)
+      throws InvalidDateException, WrongScopeException, ClaimIsBeforeOnsetException {
     var now = UTCInstant.now();
-    long keyDate;
 
-    try {
-      if (!this.validateRequest.isValid(principal)) {
-        return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
-      }
-      keyDate = this.validateRequest.validateKeyDate(now, principal, exposeeRequest);
-    } catch (WrongScopeException | ClaimIsBeforeOnsetException | InvalidDateException e) {
-      return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
+    if (!this.validateRequest.isValid(principal)) {
+      return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
     }
-
-    if (!validationUtils.isValidBase64Key(exposeeRequest.getKey())) {
+    if (!validationUtils.isValidKeyFormat(exposeeRequest.getKey())) {
       return new ResponseEntity<>("No valid base64 key", HttpStatus.BAD_REQUEST);
     }
     // TODO: should we give that information?
     Exposee exposee = new Exposee();
     exposee.setKey(exposeeRequest.getKey());
+    long keyDate;
+    try {
+      keyDate = this.validateRequest.validateKeyDate(now, principal, exposeeRequest);
+    } catch (ClaimIsBeforeOnsetException | InvalidDateException e) {
+      return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
+    }
 
     exposee.setKeyDate(keyDate);
     if (!this.validateRequest.isFakeRequest(principal, exposeeRequest)) {
@@ -186,7 +186,7 @@ public DPPPTController(
 
     List<Exposee> exposees = new ArrayList<>();
     for (var exposedKey : exposeeRequests.getExposedKeys()) {
-      if (!validationUtils.isValidBase64Key(exposedKey.getKey())) {
+      if (!validationUtils.isValidKeyFormat(exposedKey.getKey())) {
         return new ResponseEntity<>("No valid base64 key", HttpStatus.BAD_REQUEST);
       }
 

dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/DebugController.java

@@ -71,7 +71,7 @@ public DebugController(
 
     List<GaenKey> nonFakeKeys = new ArrayList<>();
     for (var key : gaenRequest.getGaenKeys()) {
-      if (!validationUtils.isValidBase64Key(key.getKeyData())) {
+      if (!validationUtils.isValidKeyFormat(key.getKeyData())) {
         return new ResponseEntity<>("No valid base64 key", HttpStatus.BAD_REQUEST);
       }
       this.validateRequest.validateKeyDate(now, principal, key);