Change input from domain name to domain or app names for UID2Client a…

…nd BidstreamClient decrypt methods
IABTechLab · Apr 29, 2024 · 9c8ae0c · 9c8ae0c
1 parent e4c13ed
commit 9c8ae0c
Show file tree

Hide file tree

Showing 14 changed files with 155 additions and 69 deletions.
diff --git a/src/UID2.Client/BidstreamClient.cs b/src/UID2.Client/BidstreamClient.cs
@@ -12,14 +12,14 @@ public BidstreamClient(string endpoint, string authKey, string secretKey)
             _tokenHelper = new TokenHelper(endpoint, authKey, secretKey);
         }
 
-        public DecryptionResponse DecryptTokenIntoRawUid(string token, string domainNameFromBidRequest)
+        public DecryptionResponse DecryptTokenIntoRawUid(string token, string domainOrAppNameFromBidRequest)
         {
-            return DecryptTokenIntoRawUid(token, domainNameFromBidRequest, DateTime.UtcNow);
+            return DecryptTokenIntoRawUid(token, domainOrAppNameFromBidRequest, DateTime.UtcNow);
         }
 
-        internal DecryptionResponse DecryptTokenIntoRawUid(string token, string domainNameFromBidRequest, DateTime utcNow)
+        internal DecryptionResponse DecryptTokenIntoRawUid(string token, string domainOrAppNameFromBidRequest, DateTime utcNow)
         {
-            return _tokenHelper.Decrypt(token, utcNow, domainNameFromBidRequest, ClientType.Bidstream);
+            return _tokenHelper.Decrypt(token, utcNow, domainOrAppNameFromBidRequest, ClientType.Bidstream);
         }
 
 

diff --git a/src/UID2.Client/DecryptionStatus.cs b/src/UID2.Client/DecryptionStatus.cs
@@ -16,7 +16,7 @@ public enum DecryptionStatus
         ///  DSPs are still expected to check their records for user opt out, even when this status is not returned
         /// </summary>
         UserOptedOut,
-        DomainNameCheckFailed,
+        DomainOrAppNameCheckFailed,
         InvalidTokenLifetime
     }
 }
diff --git a/src/UID2.Client/IUID2Client.cs b/src/UID2.Client/IUID2Client.cs
@@ -40,17 +40,17 @@ public interface IUID2Client
         DecryptionResponse Decrypt(string token, DateTime utcNow);
         DecryptionResponse Decrypt(string token);
         /// <summary>
-        /// Decrypt advertising token to extract UID2 details and does a domain name check with the provided domainNameFromBidRequest param
+        /// Decrypt advertising token to extract UID2 details and does a domain or app name check with the provided domainOrAppNameFromBidRequest param
         /// for tokens from Client Side Token Generation 
         /// </summary>
         /// <param name="token">The UID2 Token </param>
-        /// <param name="domainNameFromBidRequest">The domain name from bid request which should match the domain name of the publisher (registered with UID2 admin)
+        /// <param name="domainOrAppNameFromBidRequest">The domain or app name from bid request which should match the domain or app name of the publisher (registered with UID2 admin)
         /// generating this token previously using Client Side Token Generation
         /// </param>
         /// <returns>Response showing if decryption is successful and the resulting UID if successful.
-        /// Or it could return error codes/string indicating what went wrong (such as DecryptionStatus.DomainNameCheckFailed)
+        /// Or it could return error codes/string indicating what went wrong (such as DecryptionStatus.DomainOrAppNameCheckFailed)
         /// </returns>
-        DecryptionResponse Decrypt(string token, string domainNameFromBidRequest);
+        DecryptionResponse Decrypt(string token, string domainOrAppNameFromBidRequest);
 
         EncryptionDataResponse Encrypt(string rawUid);
         [Obsolete("Please use Encrypt(string rawUid) instead.")]

diff --git a/src/UID2.Client/KeyContainer.cs b/src/UID2.Client/KeyContainer.cs
@@ -114,14 +114,14 @@ public bool TryGetMasterKey(DateTime now, out Key key)
             return TryGetKeysetActiveKey(_masterKeysetId, now, out key);
         }
 
-        public bool IsDomainNameAllowedForSite(int siteId, string domainName)
+        public bool IsDomainOrAppNameAllowedForSite(int siteId, string domainOrAppName)
         {
-            if (domainName == null)
+            if (domainOrAppName == null)
             {
                 return false;
             }
 
-            return this._siteIdToSite.TryGetValue(siteId, out var site) && site.AllowDomainName(domainName);
+            return this._siteIdToSite.TryGetValue(siteId, out var site) && site.AllowDomainName(domainOrAppName);
         }
 
         private bool TryGetKeysetActiveKey(int keysetId, DateTime now, out Key key)

diff --git a/src/UID2.Client/Site.cs b/src/UID2.Client/Site.cs
@@ -10,7 +10,7 @@ internal class Site
         public Site(int id, IEnumerable<string> domainNames)
         {
             Id = id;
-            _domainNames = new HashSet<string>(domainNames, StringComparer.OrdinalIgnoreCase);
+            _domainNames = new HashSet<string>(domainNames);
         }
 
         public int Id { get; }

diff --git a/src/UID2.Client/TokenHelper.cs b/src/UID2.Client/TokenHelper.cs
@@ -15,7 +15,7 @@ internal TokenHelper(string endpoint, string authKey, string secretKey)
             _uid2ClientHelper = new Uid2ClientHelper(endpoint, authKey, secretKey);
         }
 
-        internal DecryptionResponse Decrypt(string token, DateTime now, string domainNameFromBidRequest, ClientType clientType)
+        internal DecryptionResponse Decrypt(string token, DateTime now, string domainOrAppNameFromBidRequest, ClientType clientType)
         {
             var container = Volatile.Read(ref _container);
             if (container == null)
@@ -30,7 +30,7 @@ internal DecryptionResponse Decrypt(string token, DateTime now, string domainNam
 
             try
             {
-                return UID2Encryption.Decrypt(token, container, now, domainNameFromBidRequest, container.IdentityScope, clientType);
+                return UID2Encryption.Decrypt(token, container, now, domainOrAppNameFromBidRequest, container.IdentityScope, clientType);
             }
             catch (Exception)
             {

diff --git a/src/UID2.Client/UID2Client.cs b/src/UID2.Client/UID2Client.cs
@@ -34,20 +34,20 @@ public UID2Client(string endpoint, string authKey, string secretKey, IdentitySco
 
         public DecryptionResponse Decrypt(string token)
         {
-            return Decrypt(token, DateTime.UtcNow, null, ClientType.LegacyWithoutDomainCheck);
+            return Decrypt(token, DateTime.UtcNow, null, ClientType.LegacyWithoutDomainOrAppNameCheck);
         }
 
         public DecryptionResponse Decrypt(string token, DateTime utcNow)
         {
-            return Decrypt(token, utcNow, null, ClientType.LegacyWithoutDomainCheck);
+            return Decrypt(token, utcNow, null, ClientType.LegacyWithoutDomainOrAppNameCheck);
         }
 
-        public DecryptionResponse Decrypt(string token, string domainNameFromBidRequest)
+        public DecryptionResponse Decrypt(string token, string domainOrAppNameFromBidRequest)
         {
-            return Decrypt(token, DateTime.UtcNow, domainNameFromBidRequest, ClientType.LegacyWithDomainCheck);
+            return Decrypt(token, DateTime.UtcNow, domainOrAppNameFromBidRequest, ClientType.LegacyWithDomainOrAppNameCheck);
         }
 
-        private DecryptionResponse Decrypt(string token, DateTime now, string domainNameFromBidRequest, ClientType clientType)
+        private DecryptionResponse Decrypt(string token, DateTime now, string domainOrAppNameFromBidRequest, ClientType clientType)
         {
             var container = Volatile.Read(ref _container);
             if (container == null)
@@ -62,7 +62,7 @@ private DecryptionResponse Decrypt(string token, DateTime now, string domainName
 
             try
             {
-                return UID2Encryption.Decrypt(token, container, now, domainNameFromBidRequest, _identityScope, clientType);
+                return UID2Encryption.Decrypt(token, container, now, domainOrAppNameFromBidRequest, _identityScope, clientType);
             }
             catch (Exception)
             {

diff --git a/src/UID2.Client/UID2Encryption.cs b/src/UID2.Client/UID2Encryption.cs
@@ -13,8 +13,8 @@ internal enum ClientType
     {
         Sharing,
         Bidstream,
-        LegacyWithoutDomainCheck,
-        LegacyWithDomainCheck
+        LegacyWithoutDomainOrAppNameCheck,
+        LegacyWithDomainOrAppNameCheck
     }
 
     internal static class UID2Encryption
@@ -26,7 +26,7 @@ internal static class UID2Encryption
         private static char[] BASE64_URL_SPECIAL_CHARS = { '-', '_' };
 
 
-        internal static DecryptionResponse Decrypt(string token, KeyContainer keys, DateTime now, string domainName, IdentityScope identityScope, ClientType clientType)
+        internal static DecryptionResponse Decrypt(string token, KeyContainer keys, DateTime now, string domainOrAppName, IdentityScope identityScope, ClientType clientType)
         {
             if (token.Length < 4)
             {
@@ -39,24 +39,24 @@ internal static DecryptionResponse Decrypt(string token, KeyContainer keys, Date
 
             if (data[0] == 2)
             {
-                return DecryptV2(Convert.FromBase64String(token), keys, now, domainName, clientType);
+                return DecryptV2(Convert.FromBase64String(token), keys, now, domainOrAppName, clientType);
             }
 
             if (data[1] == (int)AdvertisingTokenVersion.V3)
             {
-                return DecryptV3(Convert.FromBase64String(token), keys, now, identityScope, 3, domainName, clientType);
+                return DecryptV3(Convert.FromBase64String(token), keys, now, identityScope, 3, domainOrAppName, clientType);
             }
 
             if (data[1] == (int)AdvertisingTokenVersion.V4)
             {
                 //same as V3 but use Base64URL encoding
-                return DecryptV3(UID2Base64UrlCoder.Decode(token), keys, now, identityScope, 4, domainName, clientType);
+                return DecryptV3(UID2Base64UrlCoder.Decode(token), keys, now, identityScope, 4, domainOrAppName, clientType);
             }
 
             return DecryptionResponse.MakeError(DecryptionStatus.VersionNotSupported);
         }
 
-        private static DecryptionResponse DecryptV2(byte[] encryptedId, KeyContainer keys, DateTime now, string domainName, ClientType clientType)
+        private static DecryptionResponse DecryptV2(byte[] encryptedId, KeyContainer keys, DateTime now, string domainOrAppName, ClientType clientType)
         {
             if (encryptedId.Length != TOKEN_V2_LENGTH)
             {
@@ -118,9 +118,9 @@ private static DecryptionResponse DecryptV2(byte[] encryptedId, KeyContainer key
                 return new DecryptionResponse(DecryptionStatus.UserOptedOut, null, established, siteId, siteKey.SiteId, null, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
             }
 
-            if (!IsDomainNameAllowedForSite(clientType, privacyBits, siteId, domainName, keys))
+            if (!IsDomainOrAppNameAllowedForSite(clientType, privacyBits, siteId, domainOrAppName, keys))
             {
-                return new DecryptionResponse(DecryptionStatus.DomainNameCheckFailed, null, established, siteId, siteKey.SiteId, null, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
+                return new DecryptionResponse(DecryptionStatus.DomainOrAppNameCheckFailed, null, established, siteId, siteKey.SiteId, null, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
             }
 
             if (!DoesTokenHaveValidLifetime(clientType, keys, now, expiry, now))
@@ -129,7 +129,7 @@ private static DecryptionResponse DecryptV2(byte[] encryptedId, KeyContainer key
             return new DecryptionResponse(DecryptionStatus.Success, idString, established, siteId, siteKey.SiteId, null, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
         }
 
-        private static DecryptionResponse DecryptV3(byte[] encryptedId, KeyContainer keys, DateTime now, IdentityScope identityScope, int advertisingTokenVersion, string domainName, ClientType clientType)
+        private static DecryptionResponse DecryptV3(byte[] encryptedId, KeyContainer keys, DateTime now, IdentityScope identityScope, int advertisingTokenVersion, string domainOrAppName, ClientType clientType)
         {
             if (encryptedId.Length < TOKEN_V3_MIN_LENGTH)
             {
@@ -203,9 +203,9 @@ private static DecryptionResponse DecryptV3(byte[] encryptedId, KeyContainer key
                 return new DecryptionResponse(DecryptionStatus.UserOptedOut, null, established, siteId, siteKey.SiteId, identityType, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
             }
 
-            if (!IsDomainNameAllowedForSite(clientType, privacyBits, siteId, domainName, keys))
+            if (!IsDomainOrAppNameAllowedForSite(clientType, privacyBits, siteId, domainOrAppName, keys))
             {
-                return new DecryptionResponse(DecryptionStatus.DomainNameCheckFailed, null, established, siteId, siteKey.SiteId, identityType, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
+                return new DecryptionResponse(DecryptionStatus.DomainOrAppNameCheckFailed, null, established, siteId, siteKey.SiteId, identityType, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
             }
 
             if (!DoesTokenHaveValidLifetime(clientType, keys, generated, expiry, now))
@@ -242,15 +242,15 @@ private static bool DoesTokenHaveValidLifetimeImpl(DateTime generatedOrNow, Date
             return (generatedOrNow - now).TotalSeconds <= allowClockSkewSeconds; //returns false if token generated too far in the future
         }
 
-        private static bool IsDomainNameAllowedForSite(ClientType clientType, PrivacyBits privacyBits, int siteId, string domainName, KeyContainer keys)
+        private static bool IsDomainOrAppNameAllowedForSite(ClientType clientType, PrivacyBits privacyBits, int siteId, string domainOrAppName, KeyContainer keys)
         {
             if (!privacyBits.IsClientSideGenerated)
                 return true;
 
-            if (clientType != ClientType.Bidstream && clientType != ClientType.LegacyWithDomainCheck)
+            if (clientType != ClientType.Bidstream && clientType != ClientType.LegacyWithDomainOrAppNameCheck)
                 return true;
 
-            return keys.IsDomainNameAllowedForSite(siteId, domainName);
+            return keys.IsDomainOrAppNameAllowedForSite(siteId, domainOrAppName);
         }
 
         internal static EncryptionDataResponse Encrypt(string rawUid, KeyContainer keys, IdentityScope identityScope, DateTime now)
@@ -327,8 +327,8 @@ internal static EncryptionDataResponse EncryptData(EncryptionDataRequest request
                 {
                     try
                     {
-                        // if the enableDomainNameCheck param is enabled , the caller would have to provide siteId as part of the EncryptionDataRequest.
-                        DecryptionResponse decryptedToken = Decrypt(request.AdvertisingToken, keys, now, domainName: null, identityScope, ClientType.LegacyWithoutDomainCheck);
+                        // if the enableDomainOrAppNameCheck param is enabled , the caller would have to provide siteId as part of the EncryptionDataRequest.
+                        DecryptionResponse decryptedToken = Decrypt(request.AdvertisingToken, keys, now, domainOrAppName: null, identityScope, ClientType.LegacyWithoutDomainOrAppNameCheck);
                         if (!decryptedToken.Success)
                         {
                             return EncryptionDataResponse.MakeError(EncryptionStatus.TokenDecryptFailure);