From a908e1f6b0e8b0f6897d7971051a73737d635b83 Mon Sep 17 00:00:00 2001 From: Sunny Wu Date: Wed, 30 Oct 2024 16:25:45 +1100 Subject: [PATCH] added some comments and renamed refreshIdentity method param to input instead of oken --- .../uid2/operator/model/IdentityResponse.java | 3 +++ .../userIdentity/FirstLevelHashIdentity.java | 1 + .../service/EncryptedTokenEncoder.java | 1 + .../operator/service/IUIDOperatorService.java | 2 +- .../operator/service/UIDOperatorService.java | 20 +++++++++---------- 5 files changed, 16 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/uid2/operator/model/IdentityResponse.java b/src/main/java/com/uid2/operator/model/IdentityResponse.java index 8b3ad4a43..45d8b4a59 100644 --- a/src/main/java/com/uid2/operator/model/IdentityResponse.java +++ b/src/main/java/com/uid2/operator/model/IdentityResponse.java @@ -9,9 +9,12 @@ // jsonified public class IdentityResponse { public static IdentityResponse OptOutIdentityResponse = new IdentityResponse("", null, "", Instant.EPOCH, Instant.EPOCH, Instant.EPOCH); + + //aka UID token private final String advertisingToken; private final TokenVersion advertisingTokenVersion; private final String refreshToken; + // when the advertising token/uid token expires private final Instant identityExpires; private final Instant refreshExpires; private final Instant refreshFrom; diff --git a/src/main/java/com/uid2/operator/model/userIdentity/FirstLevelHashIdentity.java b/src/main/java/com/uid2/operator/model/userIdentity/FirstLevelHashIdentity.java index b549833ed..4df2b1c6c 100644 --- a/src/main/java/com/uid2/operator/model/userIdentity/FirstLevelHashIdentity.java +++ b/src/main/java/com/uid2/operator/model/userIdentity/FirstLevelHashIdentity.java @@ -21,6 +21,7 @@ public FirstLevelHashIdentity(IdentityScope identityScope, IdentityType identity this.establishedAt = establishedAt; } + // explicitly not checking establishedAt - this is only for making sure the first level hash matches a new input public boolean matches(FirstLevelHashIdentity that) { return this.identityScope.equals(that.identityScope) && this.identityType.equals(that.identityType) && diff --git a/src/main/java/com/uid2/operator/service/EncryptedTokenEncoder.java b/src/main/java/com/uid2/operator/service/EncryptedTokenEncoder.java index eb13b485d..85961981d 100644 --- a/src/main/java/com/uid2/operator/service/EncryptedTokenEncoder.java +++ b/src/main/java/com/uid2/operator/service/EncryptedTokenEncoder.java @@ -57,6 +57,7 @@ private byte[] encodeIntoAdvertisingTokenV3(AdvertisingTokenInput t, KeysetKey m sitePayload.appendInt(t.privacyBits.getAsInt()); sitePayload.appendLong(t.establishedAt.toEpochMilli()); // this is the refreshedAt field in the spec - but effectively it is the time this advertising token is generated + // this is a redundant field as it is stored in master payload again, can consider dropping this field in future token version sitePayload.appendLong(t.createdAt.toEpochMilli()); sitePayload.appendBytes(t.rawUidIdentity.rawUid); // 32 or 33 bytes diff --git a/src/main/java/com/uid2/operator/service/IUIDOperatorService.java b/src/main/java/com/uid2/operator/service/IUIDOperatorService.java index 38624848d..dc6671cef 100644 --- a/src/main/java/com/uid2/operator/service/IUIDOperatorService.java +++ b/src/main/java/com/uid2/operator/service/IUIDOperatorService.java @@ -14,7 +14,7 @@ public interface IUIDOperatorService { IdentityResponse generateIdentity(IdentityRequest request); - RefreshResponse refreshIdentity(RefreshTokenInput refreshTokenInput); + RefreshResponse refreshIdentity(RefreshTokenInput input); RawUidResponse mapIdentity(MapRequest request); diff --git a/src/main/java/com/uid2/operator/service/UIDOperatorService.java b/src/main/java/com/uid2/operator/service/UIDOperatorService.java index 2b36b1b3c..f5ba469b9 100644 --- a/src/main/java/com/uid2/operator/service/UIDOperatorService.java +++ b/src/main/java/com/uid2/operator/service/UIDOperatorService.java @@ -120,34 +120,34 @@ public IdentityResponse generateIdentity(IdentityRequest request) { } @Override - public RefreshResponse refreshIdentity(RefreshTokenInput token) { + public RefreshResponse refreshIdentity(RefreshTokenInput input) { // should not be possible as different scopes should be using different keys, but just in case - if (token.firstLevelHashIdentity.identityScope != this.identityScope) { + if (input.firstLevelHashIdentity.identityScope != this.identityScope) { return RefreshResponse.Invalid; } - if (token.firstLevelHashIdentity.establishedAt.isBefore(RefreshCutoff)) { + if (input.firstLevelHashIdentity.establishedAt.isBefore(RefreshCutoff)) { return RefreshResponse.Deprecated; } final Instant now = clock.instant(); - if (token.expiresAt.isBefore(now)) { + if (input.expiresAt.isBefore(now)) { return RefreshResponse.Expired; } - final boolean isCstg = token.privacyBits.isClientSideTokenGenerated(); + final boolean isCstg = input.privacyBits.isClientSideTokenGenerated(); try { - final GlobalOptoutResult logoutEntry = getGlobalOptOutResult(token.firstLevelHashIdentity, true); + final GlobalOptoutResult logoutEntry = getGlobalOptOutResult(input.firstLevelHashIdentity, true); final boolean optedOut = logoutEntry.isOptedOut(); - final Duration durationSinceLastRefresh = Duration.between(token.createdAt, now); + final Duration durationSinceLastRefresh = Duration.between(input.createdAt, now); if (!optedOut) { - IdentityResponse identityResponse = this.generateIdentity(token.sourcePublisher, - token.firstLevelHashIdentity, - token.privacyBits); + IdentityResponse identityResponse = this.generateIdentity(input.sourcePublisher, + input.firstLevelHashIdentity, + input.privacyBits); return RefreshResponse.createRefreshedResponse(identityResponse, durationSinceLastRefresh, isCstg); } else {