Checkout kcc-UID2-4551-change-buffer-size branch

Dockerfile.nitro.builder

@@ -27,7 +27,7 @@ RUN git clone https://github.com/IABTechLab/uid2-attestation-aws.git \
     && cp uid2-attestation-aws/jnsm/target/release/libjnsm.so .
 
 # build vsockpx
-RUN git clone https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \
+RUN git clone --branch kcc-UID2-4551-change-buffer-size https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \
     && mkdir uid2-aws-enclave-vsockproxy/build \
     && (cd uid2-aws-enclave-vsockproxy/build; cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo; make; cd ../..) \
     && cp uid2-aws-enclave-vsockproxy/build/vsock-bridge/src/vsock-bridge ./vsockpx

scripts/aws/eks-pod/proxies.host.yaml

@@ -9,6 +9,10 @@ operator-service:
   service: direct
   listen: tcp://0.0.0.0:80
   connect: vsock://42:8080
+  acceptRcvBuf: 25600
+  acceptSndBuf: 25600
+  peerRcvBuf: 256000
+  peerSndBuf: 256000
 
 operator-prometheus:
   service: direct

scripts/aws/pipeline/amazonlinux.Dockerfile

@@ -42,7 +42,7 @@ RUN wget https://www.inet.no/dante/files/dante-1.4.3.tar.gz \
     && cd dante-1.4.3; ./configure; make; cd .. \
     && cp dante-1.4.3/sockd/sockd ./
 
-RUN git clone https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \
+RUN git clone --branch kcc-UID2-4551-change-buffer-size https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \
     && mkdir uid2-aws-enclave-vsockproxy/build \
     && cd uid2-aws-enclave-vsockproxy/build; cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo; make; cd ../.. \
     && cp uid2-aws-enclave-vsockproxy/build/vsock-bridge/src/vsock-bridge ./vsockpx

scripts/aws/pipeline/amazonlinux2023.Dockerfile

@@ -26,7 +26,7 @@ RUN wget https://www.inet.no/dante/files/dante-1.4.3.tar.gz \
     && cp dante-1.4.3/sockd/sockd ./ \
     && rm -rf dante-1.4.3 dante-1.4.3.tar.gz
 
-RUN git clone https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \
+RUN git clone --branch kcc-UID2-4551-change-buffer-size https://github.com/IABTechLab/uid2-aws-enclave-vsockproxy.git \
     && mkdir uid2-aws-enclave-vsockproxy/build \
     && cd uid2-aws-enclave-vsockproxy/build; cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo; make; cd ../.. \
     && cp uid2-aws-enclave-vsockproxy/build/vsock-bridge/src/vsock-bridge ./vsockpx \

scripts/aws/proxies.nitro.yaml

@@ -4,6 +4,10 @@ uid-operator-in:
   service: direct
   listen: vsock://-1:8080
   connect: tcp://127.0.0.1:8080
+  acceptRcvBuf: 256000
+  acceptSndBuf: 256000
+  peerRcvBuf: 25600
+  peerSndBuf: 25600
 
 prometheus-server:
   service: direct

src/main/java/com/uid2/operator/service/UIDOperatorService.java

@@ -47,7 +47,8 @@ public class UIDOperatorService implements IUIDOperatorService {
 
     private final OperatorIdentity operatorIdentity;
     private final TokenVersion refreshTokenVersion;
-    private final boolean identityV3Enabled;
+    // if we use Raw UID v3 format for the raw UID2/EUIDs generated in this operator
+    private final boolean rawUidV3Enabled;
 
     private final Handler<Boolean> saltRetrievalResponseHandler;
 
@@ -90,7 +91,7 @@ public UIDOperatorService(JsonObject config, IOptOutStore optOutStore, ISaltProv
         }
 
         this.refreshTokenVersion = TokenVersion.V3;
-        this.identityV3Enabled = config.getBoolean("identity_v3", false);
+        this.rawUidV3Enabled = config.getBoolean("identity_v3", false);
     }
 
     @Override
@@ -230,7 +231,7 @@ private MappedIdentity getAdvertisingId(UserIdentity firstLevelHashIdentity, Ins
         final SaltEntry rotatingSalt = getSaltProviderSnapshot(asOf).getRotatingSalt(firstLevelHashIdentity.id);
 
         return new MappedIdentity(
-                this.identityV3Enabled
+                this.rawUidV3Enabled
                     ? TokenUtils.getAdvertisingIdV3(firstLevelHashIdentity.identityScope, firstLevelHashIdentity.identityType, firstLevelHashIdentity.id, rotatingSalt.getSalt())
                     : TokenUtils.getAdvertisingIdV2(firstLevelHashIdentity.id, rotatingSalt.getSalt()),
                 rotatingSalt.getHashedId());

src/test/java/com/uid2/operator/EUIDOperatorVerticleTest.java

@@ -21,6 +21,8 @@ public EUIDOperatorVerticleTest() throws IOException {
     @Override
     protected IdentityScope getIdentityScope() { return IdentityScope.EUID; }
     @Override
+    protected boolean useRawUidV3() { return true; }
+    @Override
     protected void addAdditionalTokenGenerateParams(JsonObject payload) {
         if (payload != null && !payload.containsKey("tcf_consent_string")) {
             payload.put("tcf_consent_string", "CPehNtWPehNtWABAMBFRACBoALAAAEJAAIYgAKwAQAKgArABAAqAAA");

src/test/java/com/uid2/operator/TokenEncodingTest.java

@@ -16,6 +16,7 @@
 import io.vertx.core.json.JsonObject;
 import org.junit.Assert;
 import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
 import org.junit.jupiter.params.provider.EnumSource;
 
 import java.time.Instant;
@@ -86,15 +87,23 @@ public void testRefreshTokenEncoding(TokenVersion tokenVersion) {
     }
 
     @ParameterizedTest
-    @EnumSource(TokenVersion.class)
-    public void testAdvertisingTokenEncodings(TokenVersion tokenVersion) {
+    @CsvSource({"false, V4", //same as current UID2 prod (as at 2024-12-10)
+            "true, V4", //same as current EUID prod  (as at 2024-12-10)
+            //the following combinations aren't used in any UID2/EUID environments but just testing them regardless
+            "false, V3",
+            "true, V3",
+            "false, V2",
+            "true, V2",
+        }
+    )
+    public void testAdvertisingTokenEncodings(boolean useRawUIDv3, TokenVersion adTokenVersion) {
         final EncryptedTokenEncoder encoder = new EncryptedTokenEncoder(this.keyManager);
         final Instant now = EncodingUtils.NowUTCMillis();
 
-        final byte[] rawUid = UIDOperatorVerticleTest.getRawUid(IdentityType.Email, "[email protected]", IdentityScope.UID2, tokenVersion != TokenVersion.V2);
+        final byte[] rawUid = UIDOperatorVerticleTest.getRawUid(IdentityType.Email, "[email protected]", IdentityScope.UID2, useRawUIDv3);
 
         final AdvertisingToken token = new AdvertisingToken(
-            tokenVersion,
+            adTokenVersion,
             now,
             now.plusSeconds(60),
             new OperatorIdentity(101, OperatorType.Service, 102, 103),
@@ -103,9 +112,9 @@ public void testAdvertisingTokenEncodings(TokenVersion tokenVersion) {
         );
 
         final byte[] encodedBytes = encoder.encode(token, now);
-        final AdvertisingToken decoded = encoder.decodeAdvertisingToken(EncryptedTokenEncoder.bytesToBase64Token(encodedBytes, tokenVersion));
+        final AdvertisingToken decoded = encoder.decodeAdvertisingToken(EncryptedTokenEncoder.bytesToBase64Token(encodedBytes, adTokenVersion));
 
-        assertEquals(tokenVersion, decoded.version);
+        assertEquals(adTokenVersion, decoded.version);
         assertEquals(token.createdAt, decoded.createdAt);
         assertEquals(token.expiresAt, decoded.expiresAt);
         assertTrue(token.userIdentity.matches(decoded.userIdentity));
@@ -114,7 +123,7 @@ public void testAdvertisingTokenEncodings(TokenVersion tokenVersion) {
         assertEquals(token.publisherIdentity.siteId, decoded.publisherIdentity.siteId);
 
         Buffer b = Buffer.buffer(encodedBytes);
-        int keyId = b.getInt(tokenVersion == TokenVersion.V2 ? 1 : 2); //TODO - extract master key from token should be a helper function
+        int keyId = b.getInt(adTokenVersion == TokenVersion.V2 ? 1 : 2); //TODO - extract master key from token should be a helper function
         assertEquals(Data.MasterKeySiteId, keyManager.getSiteIdFromKeyId(keyId));
     }
 }

src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java

@@ -13,7 +13,6 @@
 import com.uid2.operator.util.Tuple;
 import com.uid2.operator.vertx.OperatorShutdownHandler;
 import com.uid2.operator.vertx.UIDOperatorVerticle;
-import com.uid2.operator.vertx.ClientInputValidationException;
 import com.uid2.shared.Utils;
 import com.uid2.shared.auth.ClientKey;
 import com.uid2.shared.auth.Keyset;
@@ -27,9 +26,7 @@
 import com.uid2.shared.secret.KeyHasher;
 import com.uid2.shared.store.*;
 import com.uid2.shared.store.reader.RotatingKeysetProvider;
-import io.micrometer.core.instrument.Counter;
 import io.micrometer.core.instrument.Metrics;
-import io.micrometer.core.instrument.search.MeterNotFoundException;
 import io.micrometer.core.instrument.simple.SimpleMeterRegistry;
 import io.vertx.core.AsyncResult;
 import io.vertx.core.Future;
@@ -158,7 +155,7 @@ private void setupConfig(JsonObject config) {
         config.put(Const.Config.SharingTokenExpiryProp, 60 * 60 * 24 * 30);
 
         config.put("identity_scope", getIdentityScope().toString());
-        config.put("identity_v3", useIdentityV3());
+        config.put("identity_v3", useRawUidV3());
         config.put("client_side_token_generate", true);
         config.put("key_sharing_endpoint_provide_app_names", true);
         config.put("client_side_token_generate_log_invalid_http_origins", true);
@@ -622,23 +619,23 @@ private void assertTokenStatusMetrics(Integer siteId, TokenResponseStatsCollecto
     }
 
     private byte[] getAdvertisingIdFromIdentity(IdentityType identityType, String identityString, String firstLevelSalt, String rotatingSalt) {
-        return getRawUid(identityType, identityString, firstLevelSalt, rotatingSalt, getIdentityScope(), useIdentityV3());
+        return getRawUid(identityType, identityString, firstLevelSalt, rotatingSalt, getIdentityScope(), useRawUidV3());
     }
 
-    private static byte[] getRawUid(IdentityType identityType, String identityString, String firstLevelSalt, String rotatingSalt, IdentityScope identityScope, boolean useIdentityV3) {
-        return !useIdentityV3
+    private static byte[] getRawUid(IdentityType identityType, String identityString, String firstLevelSalt, String rotatingSalt, IdentityScope identityScope, boolean useRawUidV3) {
+        return !useRawUidV3
                 ? TokenUtils.getAdvertisingIdV2FromIdentity(identityString, firstLevelSalt, rotatingSalt)
                 : TokenUtils.getAdvertisingIdV3FromIdentity(identityScope, identityType, identityString, firstLevelSalt, rotatingSalt);
     }
 
-    public static byte[] getRawUid(IdentityType identityType, String identityString, IdentityScope identityScope, boolean useIdentityV3) {
-        return !useIdentityV3
+    public static byte[] getRawUid(IdentityType identityType, String identityString, IdentityScope identityScope, boolean useRawUidV3) {
+        return !useRawUidV3
                 ? TokenUtils.getAdvertisingIdV2FromIdentity(identityString, firstLevelSalt, rotatingSalt123.getSalt())
                 : TokenUtils.getAdvertisingIdV3FromIdentity(identityScope, identityType, identityString, firstLevelSalt, rotatingSalt123.getSalt());
     }
 
     private byte[] getAdvertisingIdFromIdentityHash(IdentityType identityType, String identityString, String firstLevelSalt, String rotatingSalt) {
-        return !useIdentityV3()
+        return !useRawUidV3()
                 ? TokenUtils.getAdvertisingIdV2FromIdentityHash(identityString, firstLevelSalt, rotatingSalt)
                 : TokenUtils.getAdvertisingIdV3FromIdentityHash(getIdentityScope(), identityType, identityString, firstLevelSalt, rotatingSalt);
     }
@@ -665,7 +662,7 @@ private JsonObject setupIdentityMapServiceLinkTest() {
 
     protected TokenVersion getTokenVersion() {return TokenVersion.V4;}
 
-    final boolean useIdentityV3() { return getTokenVersion() != TokenVersion.V2; }
+    protected boolean useRawUidV3() { return false; }
     protected IdentityScope getIdentityScope() { return IdentityScope.UID2; }
     protected void addAdditionalTokenGenerateParams(JsonObject payload) {}
 
@@ -816,7 +813,10 @@ private AdvertisingToken validateAndGetToken(EncryptedTokenEncoder encoder, Json
         final String advertisingTokenString = body.getString("advertising_token");
         validateAdvertisingToken(advertisingTokenString, getTokenVersion(), getIdentityScope(), identityType);
         AdvertisingToken advertisingToken = encoder.decodeAdvertisingToken(advertisingTokenString);
-        if (getTokenVersion() == TokenVersion.V4) {
+
+        // without useIdentityV3() the assert will be trigger as there's no IdentityType in v4 token generated with
+        // a raw UID v2 as old raw UID format doesn't store the identity type (and scope)
+        if (useRawUidV3() && getTokenVersion() == TokenVersion.V4) {
             assertEquals(identityType, advertisingToken.userIdentity.identityType);
         }
         return advertisingToken;