diff --git a/.trivyignore b/.trivyignore
index f3b81e9c6..be4a48a9d 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -5,6 +5,3 @@
# https://thetradedesk.atlassian.net/browse/UID2-4460
CVE-2024-47535
-
-# https://thetradedesk.atlassian.net/browse/UID2-4461
-CVE-2024-7254
diff --git a/conf/local-config.json b/conf/local-config.json
index 77551f3e2..10dbe4bc8 100644
--- a/conf/local-config.json
+++ b/conf/local-config.json
@@ -15,7 +15,6 @@
"refresh_identity_token_after_seconds": 900,
"advertising_token_v3": false,
"advertising_token_v4_percentage": 0,
- "site_ids_using_v4_tokens": "",
"refresh_token_v3": false,
"identity_v3": false,
"identity_scope": "uid2",
diff --git a/pom.xml b/pom.xml
index b883ef9fa..13a9c3676 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,11 +6,11 @@
com.uid2
uid2-operator
- 6.0.0
+ 5.42.7-alpha-139-SNAPSHOT
UTF-8
- 4.5.3
+ 4.5.11
1.0.22
5.11.2
5.11.2
@@ -22,7 +22,7 @@
2.1.0
2.1.0
2.1.0
- 8.0.0
+ 8.0.6
${project.version}
21
21
diff --git a/scripts/aws/conf/default-config.json b/scripts/aws/conf/default-config.json
index 6db89fd29..1836f1aa7 100644
--- a/scripts/aws/conf/default-config.json
+++ b/scripts/aws/conf/default-config.json
@@ -35,6 +35,5 @@
"sharing_token_expiry_seconds": 2592000,
"validate_service_links": false,
"advertising_token_v4_percentage": 100,
- "site_ids_using_v4_tokens": "",
"operator_type": "private"
}
diff --git a/scripts/azure-cc/conf/default-config.json b/scripts/azure-cc/conf/default-config.json
index fbe3e7184..c47eef8f6 100644
--- a/scripts/azure-cc/conf/default-config.json
+++ b/scripts/azure-cc/conf/default-config.json
@@ -39,6 +39,5 @@
"sharing_token_expiry_seconds": 2592000,
"validate_service_links": false,
"advertising_token_v4_percentage": 100,
- "site_ids_using_v4_tokens": "",
"operator_type": "private"
}
diff --git a/scripts/gcp-oidc/conf/default-config.json b/scripts/gcp-oidc/conf/default-config.json
index 302a8c3c3..aaea43364 100644
--- a/scripts/gcp-oidc/conf/default-config.json
+++ b/scripts/gcp-oidc/conf/default-config.json
@@ -39,6 +39,5 @@
"sharing_token_expiry_seconds": 2592000,
"validate_service_links": false,
"advertising_token_v4_percentage": 100,
- "site_ids_using_v4_tokens": "",
"operator_type": "private"
}
diff --git a/src/main/java/com/uid2/operator/Main.java b/src/main/java/com/uid2/operator/Main.java
index fb69d9c9d..8a5c8d5cb 100644
--- a/src/main/java/com/uid2/operator/Main.java
+++ b/src/main/java/com/uid2/operator/Main.java
@@ -422,7 +422,7 @@ private static Vertx createVertx() {
}
private static void setupMetrics(MicrometerMetricsOptions metricOptions) {
- BackendRegistries.setupBackend(metricOptions);
+ BackendRegistries.setupBackend(metricOptions, null);
MeterRegistry backendRegistry = BackendRegistries.getDefaultNow();
if (backendRegistry instanceof PrometheusMeterRegistry) {
diff --git a/src/main/java/com/uid2/operator/service/TokenUtils.java b/src/main/java/com/uid2/operator/service/TokenUtils.java
index 4a13145c6..2cabc641b 100644
--- a/src/main/java/com/uid2/operator/service/TokenUtils.java
+++ b/src/main/java/com/uid2/operator/service/TokenUtils.java
@@ -62,21 +62,4 @@ public static byte encodeIdentityScope(IdentityScope identityScope) {
public static byte encodeIdentityType(IdentityType identityType) {
return (byte) (identityType.value << 2);
}
-
- public static Set getSiteIdsUsingV4Tokens(String siteIdsUsingV4TokensInString) {
- String[] siteIdsV4TokensList = siteIdsUsingV4TokensInString.split(",");
-
- Set siteIdsV4TokensSet = new HashSet<>();
- try {
- for (String siteId : siteIdsV4TokensList) {
- String siteIdTrimmed = siteId.trim();
- if (!siteIdTrimmed.isEmpty()) {
- siteIdsV4TokensSet.add(Integer.parseInt(siteIdTrimmed));
- }
- }
- } catch (NumberFormatException ex) {
- throw new IllegalArgumentException(String.format("Invalid integer format found in site_ids_using_v4_tokens: %s", siteIdsUsingV4TokensInString));
- }
- return siteIdsV4TokensSet;
- }
}
diff --git a/src/main/java/com/uid2/operator/service/UIDOperatorService.java b/src/main/java/com/uid2/operator/service/UIDOperatorService.java
index 672cec238..7e6450829 100644
--- a/src/main/java/com/uid2/operator/service/UIDOperatorService.java
+++ b/src/main/java/com/uid2/operator/service/UIDOperatorService.java
@@ -22,7 +22,6 @@
import java.util.*;
import static com.uid2.operator.IdentityConst.*;
-import static com.uid2.operator.service.TokenUtils.getSiteIdsUsingV4Tokens;
public class UIDOperatorService implements IUIDOperatorService {
public static final String IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS = "identity_token_expires_after_seconds";
@@ -49,7 +48,6 @@ public class UIDOperatorService implements IUIDOperatorService {
private final OperatorIdentity operatorIdentity;
protected final TokenVersion tokenVersionToUseIfNotV4;
protected final int advertisingTokenV4Percentage;
- protected final Set siteIdsUsingV4Tokens;
private final TokenVersion refreshTokenVersion;
private final boolean identityV3Enabled;
@@ -94,7 +92,6 @@ public UIDOperatorService(JsonObject config, IOptOutStore optOutStore, ISaltProv
}
this.advertisingTokenV4Percentage = config.getInteger("advertising_token_v4_percentage", 0); //0 indicates token v4 will not be used
- this.siteIdsUsingV4Tokens = getSiteIdsUsingV4Tokens(config.getString("site_ids_using_v4_tokens", ""));
this.tokenVersionToUseIfNotV4 = config.getBoolean("advertising_token_v3", false) ? TokenVersion.V3 : TokenVersion.V2;
this.refreshTokenVersion = TokenVersion.V3;
@@ -271,18 +268,14 @@ private RefreshToken createRefreshToken(PublisherIdentity publisherIdentity, Use
private AdvertisingToken createAdvertisingToken(PublisherIdentity publisherIdentity, UserIdentity userIdentity, Instant now) {
TokenVersion tokenVersion;
- if (siteIdsUsingV4Tokens.contains(publisherIdentity.siteId)) {
- tokenVersion = TokenVersion.V4;
- } else {
- int pseudoRandomNumber = 1;
- final var rawUid = userIdentity.id;
- if (rawUid.length > 2)
- {
- int hash = ((rawUid[0] & 0xFF) << 12) | ((rawUid[1] & 0xFF) << 4) | ((rawUid[2] & 0xFF) & 0xF); //using same logic as ModBasedSaltEntryIndexer.getIndex() in uid2-shared
- pseudoRandomNumber = (hash % 100) + 1; //1 to 100
- }
- tokenVersion = (pseudoRandomNumber <= this.advertisingTokenV4Percentage) ? TokenVersion.V4 : this.tokenVersionToUseIfNotV4;
+ int pseudoRandomNumber = 1;
+ final var rawUid = userIdentity.id;
+ if (rawUid.length > 2)
+ {
+ int hash = ((rawUid[0] & 0xFF) << 12) | ((rawUid[1] & 0xFF) << 4) | ((rawUid[2] & 0xFF) & 0xF); //using same logic as ModBasedSaltEntryIndexer.getIndex() in uid2-shared
+ pseudoRandomNumber = (hash % 100) + 1; //1 to 100
}
+ tokenVersion = (pseudoRandomNumber <= this.advertisingTokenV4Percentage) ? TokenVersion.V4 : this.tokenVersionToUseIfNotV4;
return new AdvertisingToken(tokenVersion, now, now.plusMillis(identityExpiresAfter.toMillis()), this.operatorIdentity, publisherIdentity, userIdentity);
}
diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
index f64405588..c3784ae38 100644
--- a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
+++ b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
@@ -357,6 +357,7 @@ private void handleClientSideTokenGenerateImpl(RoutingContext rc) throws NoSuchA
null, TokenResponseStatsCollector.Endpoint.ClientSideTokenGenerateV2, TokenResponseStatsCollector.ResponseStatus.BadSubscriptionId, siteProvider, platformType);
return;
}
+ rc.put(com.uid2.shared.Const.RoutingContextData.SiteId, clientSideKeypair.getSiteId());
if(clientSideKeypair.isDisabled()) {
SendClientErrorResponseAndRecordStats(ResponseStatus.Unauthorized, 401, rc, "Unauthorized",
diff --git a/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java b/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java
index bc1d49bb2..4a8aef9d1 100644
--- a/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java
+++ b/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java
@@ -58,11 +58,8 @@ public ExtendedUIDOperatorService(JsonObject config, IOptOutStore optOutStore, I
super(config, optOutStore, saltProvider, encoder, clock, identityScope, saltRetrievalResponseHandler);
}
- public TokenVersion getAdvertisingTokenVersionForTests(int siteId) {
+ public TokenVersion getAdvertisingTokenVersionForTests() {
assert this.advertisingTokenV4Percentage == 0 || this.advertisingTokenV4Percentage == 100; //we want tests to be deterministic
- if (this.siteIdsUsingV4Tokens.contains(siteId)) {
- return TokenVersion.V4;
- }
return this.advertisingTokenV4Percentage == 100 ? TokenVersion.V4 : this.tokenVersionToUseIfNotV4;
}
}
@@ -96,8 +93,7 @@ void setup() throws Exception {
uid2Config.put(UIDOperatorService.IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS, IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS);
uid2Config.put(UIDOperatorService.REFRESH_TOKEN_EXPIRES_AFTER_SECONDS, REFRESH_TOKEN_EXPIRES_AFTER_SECONDS);
uid2Config.put(UIDOperatorService.REFRESH_IDENTITY_TOKEN_AFTER_SECONDS, REFRESH_IDENTITY_TOKEN_AFTER_SECONDS);
- uid2Config.put("advertising_token_v4_percentage", 0);
- uid2Config.put("site_ids_using_v4_tokens", "127,128");
+ uid2Config.put("advertising_token_v4_percentage", 100);
uid2Config.put("advertising_token_v3", false); // prod is using v2 token version for now
uid2Config.put("identity_v3", false);
@@ -152,7 +148,7 @@ private UserIdentity createUserIdentity(String rawIdentityHash, IdentityScope sc
}
private AdvertisingToken validateAndGetToken(EncryptedTokenEncoder tokenEncoder, String advertisingTokenString, IdentityScope scope, IdentityType type, int siteId) {
- TokenVersion tokenVersion = (scope == IdentityScope.UID2) ? uid2Service.getAdvertisingTokenVersionForTests(siteId) : euidService.getAdvertisingTokenVersionForTests(siteId);
+ TokenVersion tokenVersion = (scope == IdentityScope.UID2) ? uid2Service.getAdvertisingTokenVersionForTests() : euidService.getAdvertisingTokenVersionForTests();
UIDOperatorVerticleTest.validateAdvertisingToken(advertisingTokenString, tokenVersion, scope, type);
return tokenEncoder.decodeAdvertisingToken(advertisingTokenString);
}
@@ -164,7 +160,7 @@ private void assertIdentityScopeIdentityTypeAndEstablishedAt(UserIdentity expcte
}
@ParameterizedTest
- @CsvSource({"123, V2","127, V4","128, V4"}) //site id 127 and 128 is for testing "site_ids_using_v4_tokens"
+ @CsvSource({"123, V4","127, V4","128, V4"})
public void testGenerateAndRefresh(int siteId, TokenVersion tokenVersion) {
final IdentityRequest identityRequest = new IdentityRequest(
new PublisherIdentity(siteId, 124, 125),
diff --git a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
index eafa14f9a..6ef9ba989 100644
--- a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
+++ b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
@@ -160,7 +160,6 @@ private void setupConfig(JsonObject config) {
config.put("identity_scope", getIdentityScope().toString());
config.put("advertising_token_v3", getTokenVersion() == TokenVersion.V3);
config.put("advertising_token_v4_percentage", getTokenVersion() == TokenVersion.V4 ? 100 : 0);
- config.put("site_ids_using_v4_tokens", "");
config.put("identity_v3", useIdentityV3());
config.put("client_side_token_generate", true);
config.put("key_sharing_endpoint_provide_app_names", true);
diff --git a/src/test/java/com/uid2/operator/service/TokenUtilsTest.java b/src/test/java/com/uid2/operator/service/TokenUtilsTest.java
deleted file mode 100644
index 2fb7af1fd..000000000
--- a/src/test/java/com/uid2/operator/service/TokenUtilsTest.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package com.uid2.operator.service;
-
-import com.uid2.shared.cloud.CloudStorageException;
-import org.junit.jupiter.api.Test;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import static com.uid2.operator.service.TokenUtils.getSiteIdsUsingV4Tokens;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-
-public class TokenUtilsTest {
- Set siteIdsV4TokensSet = new HashSet<>(Arrays.asList(127, 128));
- @Test
- void getSiteIdsUsingV4Tokens_multipleSiteIds() {
- Set actualSiteIdsV4TokensSet = getSiteIdsUsingV4Tokens("127, 128");
- assertEquals(siteIdsV4TokensSet, actualSiteIdsV4TokensSet);
- }
-
- @Test
- void getSiteIdsUsingV4Tokens_oneSiteIds() {
- Set actualSiteIdsV4TokensSet = getSiteIdsUsingV4Tokens("127");
- assertEquals(new HashSet<>(List.of(127)), actualSiteIdsV4TokensSet);
- }
-
- @Test
- void getSiteIdsUsingV4Tokens_emptyInput() {
- Set actualSiteIdsV4TokensSet = getSiteIdsUsingV4Tokens("");
- assertEquals(new HashSet<>(), actualSiteIdsV4TokensSet);
- }
-
- @Test
- void getSiteIdsUsingV4Tokens_inputContainsSpaces() {
- Set actualSiteIdsV4TokensSet = getSiteIdsUsingV4Tokens(" 127 ,128 ");
- assertEquals(siteIdsV4TokensSet, actualSiteIdsV4TokensSet);
- }
-
- @Test
- void getSiteIdsUsingV4Tokens_inputContainsInvalidInteger() {
- assertThrows(IllegalArgumentException.class,
- () -> getSiteIdsUsingV4Tokens(" 1 27 ,128 "));
- }
-}