Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/insert manager #213

Merged
merged 13 commits into from
Sep 9, 2020
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,16 @@
import org.dpppt.backend.sdk.ws.controller.DPPPTController;
import org.dpppt.backend.sdk.ws.controller.GaenController;
import org.dpppt.backend.sdk.ws.filter.ResponseWrapperFilter;
import org.dpppt.backend.sdk.ws.insertmanager.InsertManager;
import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.AssertKeyFormat;
import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceMatchingJWTClaimsForExposed;
import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceMatchingJWTClaimsForExposedNextDay;
import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceRetentionPeriod;
import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceValidRollingPeriod;
import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.RemoveFakeKeys;
import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.RemoveKeysFromFuture;
import org.dpppt.backend.sdk.ws.insertmanager.insertionmodifier.IOSLegacyProblemRPLT144Modifier;
import org.dpppt.backend.sdk.ws.insertmanager.insertionmodifier.OldAndroid0RPModifier;
import org.dpppt.backend.sdk.ws.interceptor.HeaderInjector;
import org.dpppt.backend.sdk.ws.security.KeyVault;
import org.dpppt.backend.sdk.ws.security.NoValidateRequest;
Expand All @@ -45,6 +55,7 @@
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
Expand Down Expand Up @@ -203,6 +214,61 @@ public ProtoSignature gaenSigner() {
}
}

@Bean
public InsertManager insertManagerExposed() {
var manager = new InsertManager(gaenDataService(), gaenValidationUtils());
manager.addFilter(new AssertKeyFormat(gaenValidationUtils()));
manager.addFilter(new EnforceMatchingJWTClaimsForExposed(gaenRequestValidator));
manager.addFilter(new RemoveKeysFromFuture());
manager.addFilter(new EnforceRetentionPeriod(gaenValidationUtils()));
manager.addFilter(new RemoveFakeKeys());
manager.addFilter(new EnforceValidRollingPeriod());
return manager;
}

@Bean
public InsertManager insertManagerExposedNextDay() {
var manager = new InsertManager(gaenDataService(), gaenValidationUtils());
manager.addFilter(new AssertKeyFormat(gaenValidationUtils()));
manager.addFilter(new EnforceMatchingJWTClaimsForExposedNextDay(gaenValidationUtils()));
manager.addFilter(new RemoveKeysFromFuture());
manager.addFilter(new EnforceRetentionPeriod(gaenValidationUtils()));
manager.addFilter(new RemoveFakeKeys());
manager.addFilter(new EnforceValidRollingPeriod());
return manager;
}

/**
* Even though there are probably no android devices left that send TEKs with rollingPeriod of 0,
* this modifier will not hurt. Every TEK with rollingPeriod of 0 will be reported.
*/
@ConditionalOnProperty(
value = "ws.app.gaen.insertmanager.android0rpmodifier",
havingValue = "true",
matchIfMissing = false)
@Bean
public OldAndroid0RPModifier oldAndroid0RPModifier(InsertManager manager) {
var androidModifier = new OldAndroid0RPModifier();
ineiti marked this conversation as resolved.
Show resolved Hide resolved
manager.addModifier(androidModifier);
return androidModifier;
}

/**
* This modifier will most probably not be enabled, as there should be very little iOS devices
* left that cannot handle a non-144 rollingPeriod key. Also, up to 8th of September 2020, Android
* did not release same day keys.
*/
@ConditionalOnProperty(
value = "ws.app.gaen.insertmanager.iosrplt144modifier",
havingValue = "true",
matchIfMissing = false)
@Bean
public IOSLegacyProblemRPLT144Modifier iosLegacyProblemRPLT144(InsertManager manager) {
var iosModifier = new IOSLegacyProblemRPLT144Modifier();
manager.addModifier(iosModifier);
return iosModifier;
}

@Bean
public DPPPTController dppptSDKController() {
ValidateRequest theValidator = requestValidator;
Expand Down Expand Up @@ -237,6 +303,8 @@ public GaenController gaenController() {
theValidator = backupValidator();
}
return new GaenController(
insertManagerExposed(),
insertManagerExposedNextDay(),
gaenDataService(),
fakeKeyService(),
theValidator,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -116,25 +116,25 @@ public DPPPTController(
+ " + OS-Version",
example = "ch.ubique.android.starsdk;1.0;iOS;13.3")
String userAgent,
@AuthenticationPrincipal Object principal) {
@AuthenticationPrincipal Object principal)
throws InvalidDateException, WrongScopeException, ClaimIsBeforeOnsetException {
var now = UTCInstant.now();
long keyDate;

try {
if (!this.validateRequest.isValid(principal)) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
keyDate = this.validateRequest.validateKeyDate(now, principal, exposeeRequest);
} catch (WrongScopeException | ClaimIsBeforeOnsetException | InvalidDateException e) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
if (!this.validateRequest.isValid(principal)) {
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}

if (!validationUtils.isValidBase64Key(exposeeRequest.getKey())) {
if (!validationUtils.isValidKeyFormat(exposeeRequest.getKey())) {
return new ResponseEntity<>("No valid base64 key", HttpStatus.BAD_REQUEST);
}
// TODO: should we give that information?
Exposee exposee = new Exposee();
exposee.setKey(exposeeRequest.getKey());
long keyDate;
try {
keyDate = this.validateRequest.validateKeyDate(now, principal, exposeeRequest);
} catch (ClaimIsBeforeOnsetException | InvalidDateException e) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
}

exposee.setKeyDate(keyDate);
if (!this.validateRequest.isFakeRequest(principal, exposeeRequest)) {
Expand Down Expand Up @@ -186,7 +186,7 @@ public DPPPTController(

List<Exposee> exposees = new ArrayList<>();
for (var exposedKey : exposeeRequests.getExposedKeys()) {
if (!validationUtils.isValidBase64Key(exposedKey.getKey())) {
if (!validationUtils.isValidKeyFormat(exposedKey.getKey())) {
return new ResponseEntity<>("No valid base64 key", HttpStatus.BAD_REQUEST);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ public DebugController(

List<GaenKey> nonFakeKeys = new ArrayList<>();
for (var key : gaenRequest.getGaenKeys()) {
if (!validationUtils.isValidBase64Key(key.getKeyData())) {
if (!validationUtils.isValidKeyFormat(key.getKeyData())) {
return new ResponseEntity<>("No valid base64 key", HttpStatus.BAD_REQUEST);
}
this.validateRequest.validateKeyDate(now, principal, key);
Expand Down
Loading