From bab6c15f853b3017bcfec181d6162a8d02e17f7a Mon Sep 17 00:00:00 2001 From: Cody Constine Date: Tue, 12 Nov 2024 14:51:33 -0700 Subject: [PATCH] Starting with the rename of shared --- src/main/java/com/uid2/shared/Const.java | 2 +- .../{S3Key.java => CloudEncryptionKey.java} | 16 +- .../store/EncryptedScopedStoreReader.java | 18 +- .../parser/CloudEncryptionKeyParser.java | 23 + .../uid2/shared/store/parser/S3KeyParser.java | 23 - .../reader/RotatingClientKeyProvider.java | 5 +- ...> RotatingCloudEncryptionKeyProvider.java} | 36 +- .../store/reader/RotatingKeyAclProvider.java | 5 +- .../shared/store/reader/RotatingKeyStore.java | 4 +- .../store/reader/RotatingKeysetKeyStore.java | 5 +- .../store/reader/RotatingKeysetProvider.java | 5 +- .../store/reader/RotatingSiteStore.java | 5 +- .../shared/vertx/RotatingStoreVerticle.java | 1 - .../store/EncryptedScopedStoreReaderTest.java | 21 +- ...java => CloudEncryptionKeyParserTest.java} | 33 +- ...otatingCloudEncryptionKeyProviderTest.java | 473 ++++++++++++++++++ .../reader/RotatingS3KeyProviderTest.java | 473 ------------------ 17 files changed, 568 insertions(+), 580 deletions(-) rename src/main/java/com/uid2/shared/model/{S3Key.java => CloudEncryptionKey.java} (77%) create mode 100644 src/main/java/com/uid2/shared/store/parser/CloudEncryptionKeyParser.java delete mode 100644 src/main/java/com/uid2/shared/store/parser/S3KeyParser.java rename src/main/java/com/uid2/shared/store/reader/{RotatingS3KeyProvider.java => RotatingCloudEncryptionKeyProvider.java} (67%) rename src/test/java/com/uid2/shared/store/parser/{S3KeyParserTest.java => CloudEncryptionKeyParserTest.java} (83%) create mode 100644 src/test/java/com/uid2/shared/store/reader/RotatingCloudEncryptionKeyProviderTest.java delete mode 100644 src/test/java/com/uid2/shared/store/reader/RotatingS3KeyProviderTest.java diff --git a/src/main/java/com/uid2/shared/Const.java b/src/main/java/com/uid2/shared/Const.java index 865944d1..4345ab8f 100644 --- a/src/main/java/com/uid2/shared/Const.java +++ b/src/main/java/com/uid2/shared/Const.java @@ -63,7 +63,7 @@ public static class Config { public static final String ServiceLinkMetadataPathProp = "service_links_metadata_path"; public static final String SitesMetadataPathProp = "sites_metadata_path"; public static final String OperatorsMetadataPathProp = "operators_metadata_path"; - public static final String S3keysMetadataPathProp = "s3_keys_metadata_path"; + public static final String CloudEncryptionKeysMetadataPathProp = "cloud_encryption_keys_metadata_path"; public static final String SaltsMetadataPathProp = "salts_metadata_path"; public static final String OptOutMetadataPathProp = "optout_metadata_path"; public static final String CoreAttestUrlProp = "core_attest_url"; diff --git a/src/main/java/com/uid2/shared/model/S3Key.java b/src/main/java/com/uid2/shared/model/CloudEncryptionKey.java similarity index 77% rename from src/main/java/com/uid2/shared/model/S3Key.java rename to src/main/java/com/uid2/shared/model/CloudEncryptionKey.java index a23b09ee..f699acc3 100644 --- a/src/main/java/com/uid2/shared/model/S3Key.java +++ b/src/main/java/com/uid2/shared/model/CloudEncryptionKey.java @@ -7,7 +7,7 @@ import java.util.Objects; @JsonPropertyOrder({ "id", "siteId", "activates", "created", "secret" }) -public class S3Key { +public class CloudEncryptionKey { private final int id; private final int siteId; private final long activates; @@ -15,7 +15,7 @@ public class S3Key { private final String secret; @JsonCreator - public S3Key( + public CloudEncryptionKey( @JsonProperty("id") int id, @JsonProperty("site_id") int siteId, @JsonProperty("activates") long activates, @@ -52,12 +52,12 @@ public String getSecret() { public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; - S3Key s3Key = (S3Key) o; - return id == s3Key.id && - siteId == s3Key.siteId && - activates == s3Key.activates && - created == s3Key.created && - Objects.equals(secret, s3Key.secret); + CloudEncryptionKey cloudEncryptionKey = (CloudEncryptionKey) o; + return id == cloudEncryptionKey.id && + siteId == cloudEncryptionKey.siteId && + activates == cloudEncryptionKey.activates && + created == cloudEncryptionKey.created && + Objects.equals(secret, cloudEncryptionKey.secret); } @Override diff --git a/src/main/java/com/uid2/shared/store/EncryptedScopedStoreReader.java b/src/main/java/com/uid2/shared/store/EncryptedScopedStoreReader.java index 9b24f762..32b2b5d5 100644 --- a/src/main/java/com/uid2/shared/store/EncryptedScopedStoreReader.java +++ b/src/main/java/com/uid2/shared/store/EncryptedScopedStoreReader.java @@ -1,12 +1,11 @@ package com.uid2.shared.store; import com.uid2.shared.cloud.DownloadCloudStorage; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.model.CloudEncryptionKey; import com.uid2.shared.store.parser.Parser; import com.uid2.shared.store.parser.ParsingResult; -import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import io.vertx.core.json.JsonObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -15,7 +14,6 @@ import com.uid2.shared.encryption.AesGcm; -import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.util.Base64; import java.util.Map; @@ -23,11 +21,11 @@ public class EncryptedScopedStoreReader extends ScopedStoreReader { private static final Logger LOGGER = LoggerFactory.getLogger(EncryptedScopedStoreReader.class); - private final RotatingS3KeyProvider s3KeyProvider; + private final RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider; - public EncryptedScopedStoreReader(DownloadCloudStorage fileStreamProvider, StoreScope scope, Parser parser, String dataTypeName, RotatingS3KeyProvider s3KeyProvider) { + public EncryptedScopedStoreReader(DownloadCloudStorage fileStreamProvider, StoreScope scope, Parser parser, String dataTypeName, RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { super(fileStreamProvider, scope, parser, dataTypeName); - this.s3KeyProvider = s3KeyProvider; + this.cloudEncryptionKeyProvider = cloudEncryptionKeyProvider; } @Override @@ -52,9 +50,9 @@ protected String getDecryptedContent(String encryptedContent) throws Exception { JsonObject json = new JsonObject(encryptedContent); int keyId = json.getInteger("key_id"); String encryptedPayload = json.getString("encrypted_payload"); - Map s3Keys = s3KeyProvider.getAll(); - S3Key decryptionKey = null; - for (S3Key key : s3Keys.values()) { + Map cloudEncryptionKeys = cloudEncryptionKeyProvider.getAll(); + CloudEncryptionKey decryptionKey = null; + for (CloudEncryptionKey key : cloudEncryptionKeys.values()) { if (key.getId() == keyId) { decryptionKey = key; break; diff --git a/src/main/java/com/uid2/shared/store/parser/CloudEncryptionKeyParser.java b/src/main/java/com/uid2/shared/store/parser/CloudEncryptionKeyParser.java new file mode 100644 index 00000000..81e7ec17 --- /dev/null +++ b/src/main/java/com/uid2/shared/store/parser/CloudEncryptionKeyParser.java @@ -0,0 +1,23 @@ +package com.uid2.shared.store.parser; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.uid2.shared.model.CloudEncryptionKey; +import com.uid2.shared.util.Mapper; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Arrays; +import java.util.Map; +import java.util.stream.Collectors; + +public class CloudEncryptionKeyParser implements Parser> { + private static final ObjectMapper OBJECT_MAPPER = Mapper.getInstance(); + + @Override + public ParsingResult> deserialize(InputStream inputStream) throws IOException { + CloudEncryptionKey[] cloudEncryptionKeys = OBJECT_MAPPER.readValue(inputStream, CloudEncryptionKey[].class); + Map cloudEncryptionKeysMap = Arrays.stream(cloudEncryptionKeys) + .collect(Collectors.toMap(CloudEncryptionKey::getId, s -> s)); + return new ParsingResult<>(cloudEncryptionKeysMap, cloudEncryptionKeysMap.size()); + } +} diff --git a/src/main/java/com/uid2/shared/store/parser/S3KeyParser.java b/src/main/java/com/uid2/shared/store/parser/S3KeyParser.java deleted file mode 100644 index 029d1cc1..00000000 --- a/src/main/java/com/uid2/shared/store/parser/S3KeyParser.java +++ /dev/null @@ -1,23 +0,0 @@ -package com.uid2.shared.store.parser; - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.uid2.shared.model.S3Key; -import com.uid2.shared.util.Mapper; - -import java.io.IOException; -import java.io.InputStream; -import java.util.Arrays; -import java.util.Map; -import java.util.stream.Collectors; - -public class S3KeyParser implements Parser> { - private static final ObjectMapper OBJECT_MAPPER = Mapper.getInstance(); - - @Override - public ParsingResult> deserialize(InputStream inputStream) throws IOException { - S3Key[] s3Keys = OBJECT_MAPPER.readValue(inputStream, S3Key[].class); - Map s3KeysMap = Arrays.stream(s3Keys) - .collect(Collectors.toMap(S3Key::getId, s -> s)); - return new ParsingResult<>(s3KeysMap, s3KeysMap.size()); - } -} diff --git a/src/main/java/com/uid2/shared/store/reader/RotatingClientKeyProvider.java b/src/main/java/com/uid2/shared/store/reader/RotatingClientKeyProvider.java index 1be05f3e..c50b4bdb 100644 --- a/src/main/java/com/uid2/shared/store/reader/RotatingClientKeyProvider.java +++ b/src/main/java/com/uid2/shared/store/reader/RotatingClientKeyProvider.java @@ -9,7 +9,6 @@ import com.uid2.shared.store.IClientKeyProvider; import com.uid2.shared.store.ScopedStoreReader; import com.uid2.shared.store.parser.ClientParser; -import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; import io.vertx.core.json.JsonObject; @@ -49,8 +48,8 @@ public RotatingClientKeyProvider(DownloadCloudStorage fileStreamProvider, StoreS this.authorizableStore = new AuthorizableStore<>(ClientKey.class); } - public RotatingClientKeyProvider(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingS3KeyProvider s3KeyProvider) { - this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new ClientParser(), "auth keys", s3KeyProvider); + public RotatingClientKeyProvider(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { + this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new ClientParser(), "auth keys", cloudEncryptionKeyProvider); this.authorizableStore = new AuthorizableStore<>(ClientKey.class); } diff --git a/src/main/java/com/uid2/shared/store/reader/RotatingS3KeyProvider.java b/src/main/java/com/uid2/shared/store/reader/RotatingCloudEncryptionKeyProvider.java similarity index 67% rename from src/main/java/com/uid2/shared/store/reader/RotatingS3KeyProvider.java rename to src/main/java/com/uid2/shared/store/reader/RotatingCloudEncryptionKeyProvider.java index eb1cca23..3716cdd5 100644 --- a/src/main/java/com/uid2/shared/store/reader/RotatingS3KeyProvider.java +++ b/src/main/java/com/uid2/shared/store/reader/RotatingCloudEncryptionKeyProvider.java @@ -3,9 +3,9 @@ import com.uid2.shared.cloud.DownloadCloudStorage; import com.uid2.shared.store.CloudPath; import com.uid2.shared.store.ScopedStoreReader; -import com.uid2.shared.store.parser.S3KeyParser; +import com.uid2.shared.store.parser.CloudEncryptionKeyParser; import com.uid2.shared.store.scope.StoreScope; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.model.CloudEncryptionKey; import io.vertx.core.json.JsonObject; import java.util.Set; @@ -23,14 +23,14 @@ import java.time.Instant; -public class RotatingS3KeyProvider implements StoreReader> { - ScopedStoreReader> reader; +public class RotatingCloudEncryptionKeyProvider implements StoreReader> { + ScopedStoreReader> reader; - private static final Logger LOGGER = LoggerFactory.getLogger(RotatingS3KeyProvider.class); - public Map> siteToKeysMap = new HashMap<>(); + private static final Logger LOGGER = LoggerFactory.getLogger(RotatingCloudEncryptionKeyProvider.class); + public Map> siteToKeysMap = new HashMap<>(); - public RotatingS3KeyProvider(DownloadCloudStorage fileStreamProvider, StoreScope scope) { - this.reader = new ScopedStoreReader<>(fileStreamProvider, scope, new S3KeyParser(), "s3encryption_keys"); + public RotatingCloudEncryptionKeyProvider(DownloadCloudStorage fileStreamProvider, StoreScope scope) { + this.reader = new ScopedStoreReader<>(fileStreamProvider, scope, new CloudEncryptionKeyParser(), "cloud_encryption_keys"); } @Override @@ -50,19 +50,19 @@ public long getVersion(JsonObject metadata) { @Override public long loadContent(JsonObject metadata) throws Exception { - long result = reader.loadContent(metadata, "s3encryption_keys"); + long result = reader.loadContent(metadata, "cloud_encryption_keys"); updateSiteToKeysMapping(); return result; } @Override - public Map getAll() { - Map keys = reader.getSnapshot(); + public Map getAll() { + Map keys = reader.getSnapshot(); return keys != null ? keys : new HashMap<>(); } public void updateSiteToKeysMapping() { - Map allKeys = getAll(); + Map allKeys = getAll(); siteToKeysMap.clear(); allKeys.values().forEach(key -> this.siteToKeysMap @@ -85,28 +85,28 @@ public int getTotalSites() { return siteToKeysMap.size(); } - public List getKeys(int siteId) { + public List getKeys(int siteId) { //for s3 encryption keys retrieval return siteToKeysMap.getOrDefault(siteId, new ArrayList<>()); } - public Collection getKeysForSite(Integer siteId) { - Map allKeys = getAll(); + public Collection getKeysForSite(Integer siteId) { + Map allKeys = getAll(); return allKeys.values().stream() .filter(key -> key.getSiteId() == (siteId)) .collect(Collectors.toList()); } - public S3Key getEncryptionKeyForSite(Integer siteId) { + public CloudEncryptionKey getEncryptionKeyForSite(Integer siteId) { //get the youngest activated key - Collection keys = getKeysForSite(siteId); + Collection keys = getKeysForSite(siteId); long now = Instant.now().getEpochSecond(); if (keys.isEmpty()) { throw new IllegalStateException("No S3 keys available for encryption for site ID: " + siteId); } return keys.stream() .filter(key -> key.getActivates() <= now) - .max(Comparator.comparingLong(S3Key::getCreated)) + .max(Comparator.comparingLong(CloudEncryptionKey::getCreated)) .orElseThrow(() -> new IllegalStateException("No active keys found for site ID: " + siteId)); } } diff --git a/src/main/java/com/uid2/shared/store/reader/RotatingKeyAclProvider.java b/src/main/java/com/uid2/shared/store/reader/RotatingKeyAclProvider.java index 427adaf1..ea1ff333 100644 --- a/src/main/java/com/uid2/shared/store/reader/RotatingKeyAclProvider.java +++ b/src/main/java/com/uid2/shared/store/reader/RotatingKeyAclProvider.java @@ -3,7 +3,6 @@ import com.uid2.shared.auth.AclSnapshot; import com.uid2.shared.auth.EncryptionKeyAcl; import com.uid2.shared.cloud.DownloadCloudStorage; -import com.uid2.shared.cloud.ICloudStorage; import com.uid2.shared.store.CloudPath; import com.uid2.shared.store.EncryptedScopedStoreReader; import com.uid2.shared.store.IKeyAclProvider; @@ -23,8 +22,8 @@ public RotatingKeyAclProvider(DownloadCloudStorage fileStreamProvider, StoreScop this.reader = new ScopedStoreReader<>(fileStreamProvider, scope, new KeyAclParser(), "key acls"); } - public RotatingKeyAclProvider(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingS3KeyProvider s3KeyProvider) { - this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new KeyAclParser(), "key acls", s3KeyProvider); + public RotatingKeyAclProvider(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { + this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new KeyAclParser(), "key acls", cloudEncryptionKeyProvider); } @Override diff --git a/src/main/java/com/uid2/shared/store/reader/RotatingKeyStore.java b/src/main/java/com/uid2/shared/store/reader/RotatingKeyStore.java index d3190cbc..17bba8f3 100644 --- a/src/main/java/com/uid2/shared/store/reader/RotatingKeyStore.java +++ b/src/main/java/com/uid2/shared/store/reader/RotatingKeyStore.java @@ -52,8 +52,8 @@ public RotatingKeyStore(DownloadCloudStorage fileStreamProvider, StoreScope scop this.reader = new ScopedStoreReader<>(fileStreamProvider, scope, new KeyParser(), "keys"); } - public RotatingKeyStore(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingS3KeyProvider s3KeyProvider) { - this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new KeyParser(), "keys", s3KeyProvider); + public RotatingKeyStore(DownloadCloudStorage fileStreamProvider, EncryptedScope scope, RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { + this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new KeyParser(), "keys", cloudEncryptionKeyProvider); } @Override diff --git a/src/main/java/com/uid2/shared/store/reader/RotatingKeysetKeyStore.java b/src/main/java/com/uid2/shared/store/reader/RotatingKeysetKeyStore.java index 81c8ec9a..9d426733 100644 --- a/src/main/java/com/uid2/shared/store/reader/RotatingKeysetKeyStore.java +++ b/src/main/java/com/uid2/shared/store/reader/RotatingKeysetKeyStore.java @@ -7,7 +7,6 @@ import com.uid2.shared.store.KeysetKeyStoreSnapshot; import com.uid2.shared.store.ScopedStoreReader; import com.uid2.shared.store.parser.KeysetKeyParser; -import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; import com.uid2.shared.store.EncryptedScopedStoreReader; import io.vertx.core.json.JsonObject; @@ -22,8 +21,8 @@ public RotatingKeysetKeyStore(DownloadCloudStorage fileStreamProvider, StoreScop this.reader = new ScopedStoreReader<>(fileStreamProvider, scope, new KeysetKeyParser(), "keyset_keys"); } - public RotatingKeysetKeyStore(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingS3KeyProvider s3KeyProvider) { - this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new KeysetKeyParser(), "keyset_keys", s3KeyProvider); + public RotatingKeysetKeyStore(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { + this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new KeysetKeyParser(), "keyset_keys", cloudEncryptionKeyProvider); } @Override diff --git a/src/main/java/com/uid2/shared/store/reader/RotatingKeysetProvider.java b/src/main/java/com/uid2/shared/store/reader/RotatingKeysetProvider.java index 91d8f4f0..28c352af 100644 --- a/src/main/java/com/uid2/shared/store/reader/RotatingKeysetProvider.java +++ b/src/main/java/com/uid2/shared/store/reader/RotatingKeysetProvider.java @@ -7,7 +7,6 @@ import com.uid2.shared.store.EncryptedScopedStoreReader; import com.uid2.shared.store.ScopedStoreReader; import com.uid2.shared.store.parser.KeysetParser; -import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; import io.vertx.core.json.JsonObject; @@ -21,8 +20,8 @@ public RotatingKeysetProvider(DownloadCloudStorage fileStreamProvider, StoreScop this.reader = new ScopedStoreReader<>(fileStreamProvider, scope, new KeysetParser(), "keysets"); } - public RotatingKeysetProvider(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingS3KeyProvider s3KeyProvider) { - this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider,scope,new KeysetParser(),"keysets",s3KeyProvider); + public RotatingKeysetProvider(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { + this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider,scope,new KeysetParser(),"keysets",cloudEncryptionKeyProvider); } public KeysetSnapshot getSnapshot(Instant asOf) { diff --git a/src/main/java/com/uid2/shared/store/reader/RotatingSiteStore.java b/src/main/java/com/uid2/shared/store/reader/RotatingSiteStore.java index 8d0aeecd..7a7f6254 100644 --- a/src/main/java/com/uid2/shared/store/reader/RotatingSiteStore.java +++ b/src/main/java/com/uid2/shared/store/reader/RotatingSiteStore.java @@ -7,7 +7,6 @@ import com.uid2.shared.store.ISiteStore; import com.uid2.shared.store.ScopedStoreReader; import com.uid2.shared.store.parser.SiteParser; -import com.uid2.shared.store.scope.EncryptedScope; import com.uid2.shared.store.scope.StoreScope; import io.vertx.core.json.JsonObject; @@ -23,8 +22,8 @@ public RotatingSiteStore(DownloadCloudStorage fileStreamProvider, StoreScope sco this.reader = new ScopedStoreReader<>(fileStreamProvider, scope, new SiteParser(), "sites"); } - public RotatingSiteStore(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingS3KeyProvider s3KeyProvider) { - this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new SiteParser(), "sites", s3KeyProvider); + public RotatingSiteStore(DownloadCloudStorage fileStreamProvider, StoreScope scope, RotatingCloudEncryptionKeyProvider cloudEncryptionKeyProvider) { + this.reader = new EncryptedScopedStoreReader<>(fileStreamProvider, scope, new SiteParser(), "sites", cloudEncryptionKeyProvider); } @Override diff --git a/src/main/java/com/uid2/shared/vertx/RotatingStoreVerticle.java b/src/main/java/com/uid2/shared/vertx/RotatingStoreVerticle.java index 8b647610..c7c03511 100644 --- a/src/main/java/com/uid2/shared/vertx/RotatingStoreVerticle.java +++ b/src/main/java/com/uid2/shared/vertx/RotatingStoreVerticle.java @@ -3,7 +3,6 @@ import com.uid2.shared.health.HealthComponent; import com.uid2.shared.health.HealthManager; import com.uid2.shared.store.reader.IMetadataVersionedStore; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; import io.micrometer.core.instrument.Counter; import io.micrometer.core.instrument.Gauge; import io.micrometer.core.instrument.Metrics; diff --git a/src/test/java/com/uid2/shared/store/EncryptedScopedStoreReaderTest.java b/src/test/java/com/uid2/shared/store/EncryptedScopedStoreReaderTest.java index 49462f60..3ac00f0a 100644 --- a/src/test/java/com/uid2/shared/store/EncryptedScopedStoreReaderTest.java +++ b/src/test/java/com/uid2/shared/store/EncryptedScopedStoreReaderTest.java @@ -3,12 +3,11 @@ import com.google.common.collect.ImmutableList; import com.uid2.shared.cloud.InMemoryStorageMock; import com.uid2.shared.encryption.AesGcm; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.model.CloudEncryptionKey; import com.uid2.shared.store.parser.Parser; import com.uid2.shared.store.parser.ParsingResult; -import com.uid2.shared.store.reader.RotatingS3KeyProvider; +import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider; import com.uid2.shared.store.scope.EncryptedScope; -import com.uid2.shared.store.scope.GlobalScope; import io.vertx.core.json.JsonObject; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -16,8 +15,6 @@ import java.io.*; import java.nio.charset.StandardCharsets; import java.util.*; -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.atomic.AtomicLong; import java.util.stream.Collectors; import static com.uid2.shared.TestUtilites.toInputStream; @@ -37,22 +34,22 @@ class EncryptedScopedStoreReaderTest { )); private InMemoryStorageMock storage; private final TestDataParser parser = new TestDataParser(); - private RotatingS3KeyProvider keyProvider; + private RotatingCloudEncryptionKeyProvider keyProvider; private final int testSiteId = 123; - private S3Key encryptionKey; + private CloudEncryptionKey encryptionKey; @BeforeEach void setUp() { storage = new InMemoryStorageMock(); - keyProvider = mock(RotatingS3KeyProvider.class); + keyProvider = mock(RotatingCloudEncryptionKeyProvider.class); // Generate a valid 32-byte AES key byte[] keyBytes = new byte[32]; new Random().nextBytes(keyBytes); String base64Key = Base64.getEncoder().encodeToString(keyBytes); - encryptionKey = new S3Key(1, testSiteId, 0, 0, base64Key); + encryptionKey = new CloudEncryptionKey(1, testSiteId, 0, 0, base64Key); - Map mockKeyMap = new HashMap<>(); + Map mockKeyMap = new HashMap<>(); mockKeyMap.put(encryptionKey.getId(), encryptionKey); when(keyProvider.getAll()).thenReturn(mockKeyMap); } @@ -156,9 +153,9 @@ void testLoadWithMultipleEncryptionKeys() throws Exception { byte[] newKeyBytes = new byte[32]; new Random().nextBytes(newKeyBytes); String base64NewKey = Base64.getEncoder().encodeToString(newKeyBytes); - S3Key newKey = new S3Key(2, testSiteId, 0, 0, base64NewKey); + CloudEncryptionKey newKey = new CloudEncryptionKey(2, testSiteId, 0, 0, base64NewKey); - Map mockKeyMap = new HashMap<>(); + Map mockKeyMap = new HashMap<>(); mockKeyMap.put(encryptionKey.getId(), encryptionKey); mockKeyMap.put(newKey.getId(), newKey); when(keyProvider.getAll()).thenReturn(mockKeyMap); diff --git a/src/test/java/com/uid2/shared/store/parser/S3KeyParserTest.java b/src/test/java/com/uid2/shared/store/parser/CloudEncryptionKeyParserTest.java similarity index 83% rename from src/test/java/com/uid2/shared/store/parser/S3KeyParserTest.java rename to src/test/java/com/uid2/shared/store/parser/CloudEncryptionKeyParserTest.java index acbb6f97..42315a12 100644 --- a/src/test/java/com/uid2/shared/store/parser/S3KeyParserTest.java +++ b/src/test/java/com/uid2/shared/store/parser/CloudEncryptionKeyParserTest.java @@ -1,8 +1,7 @@ package com.uid2.shared.store.parser; -import com.uid2.shared.model.S3Key; +import com.uid2.shared.model.CloudEncryptionKey; import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; import java.io.ByteArrayInputStream; @@ -15,13 +14,13 @@ import static org.junit.jupiter.api.Assertions.*; -class S3KeyParserTest { +class CloudEncryptionKeyParserTest { - private S3KeyParser parser; + private CloudEncryptionKeyParser parser; @BeforeEach void setUp() { - parser = new S3KeyParser(); + parser = new CloudEncryptionKeyParser(); } @Test @@ -35,7 +34,7 @@ void testDeserialize() throws IOException { "}]"; InputStream inputStream = new ByteArrayInputStream(json.getBytes(StandardCharsets.UTF_8)); - ParsingResult> result = parser.deserialize(inputStream); + ParsingResult> result = parser.deserialize(inputStream); assertNotNull(result); assertEquals(3, result.getData().size()); @@ -43,21 +42,21 @@ void testDeserialize() throws IOException { assertTrue(result.getData().containsKey(2)); assertTrue(result.getData().containsKey(3)); - S3Key key1 = result.getData().get(1); + CloudEncryptionKey key1 = result.getData().get(1); assertEquals(1, key1.getId()); assertEquals(123, key1.getSiteId()); assertEquals(1687635529L, key1.getActivates()); assertEquals(1687808329L, key1.getCreated()); assertEquals("S3keySecretByteHere1", key1.getSecret()); - S3Key key2 = result.getData().get(2); + CloudEncryptionKey key2 = result.getData().get(2); assertEquals(2, key2.getId()); assertEquals(123, key2.getSiteId()); assertEquals(1687808429L, key2.getActivates()); assertEquals(1687808329L, key2.getCreated()); assertEquals("S3keySecretByteHere2", key2.getSecret()); - S3Key key3 = result.getData().get(3); + CloudEncryptionKey key3 = result.getData().get(3); assertEquals(3, key3.getId()); assertEquals(456, key3.getSiteId()); assertEquals(1687635529L, key3.getActivates()); @@ -71,7 +70,7 @@ void testDeserializeEmpty() throws IOException { String json = "[]"; InputStream inputStream = new ByteArrayInputStream(json.getBytes()); - ParsingResult> result = parser.deserialize(inputStream); + ParsingResult> result = parser.deserialize(inputStream); assertNotNull(result); assertTrue(result.getData().isEmpty()); @@ -86,10 +85,10 @@ void testDeserializeInvalidJson() { } @Test - void testS3KeySerialization() throws Exception { - S3Key s3Key = new S3Key(1, 999, 1718689091L, 1718689091L, "64bNHMpU/mjaywjOpVacFOvEIFZmbYYUsNVNVu1jJZs="); + void testCloudEncryptionKeySerialization() throws Exception { + CloudEncryptionKey cloudEncryptionKey = new CloudEncryptionKey(1, 999, 1718689091L, 1718689091L, "64bNHMpU/mjaywjOpVacFOvEIFZmbYYUsNVNVu1jJZs="); ObjectMapper mapper = new ObjectMapper(); - String jsonString = mapper.writeValueAsString(s3Key); + String jsonString = mapper.writeValueAsString(cloudEncryptionKey); String expectedJson = "{\"id\":1,\"siteId\":999,\"activates\":1718689091,\"created\":1718689091,\"secret\":\"64bNHMpU/mjaywjOpVacFOvEIFZmbYYUsNVNVu1jJZs=\"}"; assertEquals(expectedJson, jsonString); @@ -122,7 +121,7 @@ void testDeserializeEndpointResults() throws IOException { " ]"; InputStream inputStream = new ByteArrayInputStream(json.getBytes(StandardCharsets.UTF_8)); - ParsingResult> result = parser.deserialize(inputStream); + ParsingResult> result = parser.deserialize(inputStream); assertNotNull(result); assertEquals(3, result.getCount()); @@ -131,21 +130,21 @@ void testDeserializeEndpointResults() throws IOException { assertTrue(result.getData().containsKey(2)); assertTrue(result.getData().containsKey(3)); - S3Key key1 = result.getData().get(1); + CloudEncryptionKey key1 = result.getData().get(1); assertEquals(1, key1.getId()); assertEquals(999, key1.getSiteId()); assertEquals(1720641670L, key1.getActivates()); assertEquals(1720641670L, key1.getCreated()); assertEquals("mydrCudb2PZOm01Qn0SpthltmexHUAA11Hy1m+uxjVw=", key1.getSecret()); - S3Key key2 = result.getData().get(2); + CloudEncryptionKey key2 = result.getData().get(2); assertEquals(2, key2.getId()); assertEquals(999, key2.getSiteId()); assertEquals(1720728070L, key2.getActivates()); assertEquals(1720641670L, key2.getCreated()); assertEquals("FtdslrFSsvVXOuhOWGwEI+0QTkCvM8SGZAP3k2u3PgY=", key2.getSecret()); - S3Key key3 = result.getData().get(3); + CloudEncryptionKey key3 = result.getData().get(3); assertEquals(3, key3.getId()); assertEquals(999, key3.getSiteId()); assertEquals(1720814470L, key3.getActivates()); diff --git a/src/test/java/com/uid2/shared/store/reader/RotatingCloudEncryptionKeyProviderTest.java b/src/test/java/com/uid2/shared/store/reader/RotatingCloudEncryptionKeyProviderTest.java new file mode 100644 index 00000000..f12c52ae --- /dev/null +++ b/src/test/java/com/uid2/shared/store/reader/RotatingCloudEncryptionKeyProviderTest.java @@ -0,0 +1,473 @@ +package com.uid2.shared.store.reader; + +import com.uid2.shared.cloud.DownloadCloudStorage; +import com.uid2.shared.model.CloudEncryptionKey; +import com.uid2.shared.store.CloudPath; +import com.uid2.shared.store.ScopedStoreReader; +import com.uid2.shared.store.scope.StoreScope; +import io.vertx.core.json.JsonArray; +import io.vertx.core.json.JsonObject; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; + +import java.time.Instant; +import java.util.Set; +import java.util.Map; +import java.util.List; +import java.util.HashMap; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import static org.junit.jupiter.api.Assertions.*; +import static org.mockito.Mockito.*; + +public class RotatingCloudEncryptionKeyProviderTest { + + @Mock + private DownloadCloudStorage fileStreamProvider; + + @Mock + private StoreScope scope; + + @Mock + private ScopedStoreReader> reader; + + private RotatingCloudEncryptionKeyProvider rotatingCloudEncryptionKeyProvider; + + private static final long CURRENT_TIME = Instant.now().getEpochSecond(); + + @BeforeEach + void setUp() { + MockitoAnnotations.openMocks(this); + rotatingCloudEncryptionKeyProvider = new RotatingCloudEncryptionKeyProvider(fileStreamProvider, scope); + // Inject the mock reader into the RotatingCloudEncryptionKeyProvider + rotatingCloudEncryptionKeyProvider.reader = reader; + } + + @Test + void testGetMetadata() throws Exception { + JsonObject expectedMetadata = new JsonObject().put("version", 1L); + when(reader.getMetadata()).thenReturn(expectedMetadata); + + JsonObject metadata = rotatingCloudEncryptionKeyProvider.getMetadata(); + assertEquals(expectedMetadata, metadata); + } + + @Test + void testGetMetadataPath() { + CloudPath expectedPath = new CloudPath("some/path"); + when(reader.getMetadataPath()).thenReturn(expectedPath); + + CloudPath path = rotatingCloudEncryptionKeyProvider.getMetadataPath(); + assertEquals(expectedPath, path); + } + + @Test + void testGetVersion() { + JsonObject metadata = new JsonObject().put("version", 1L); + long version = rotatingCloudEncryptionKeyProvider.getVersion(metadata); + assertEquals(1L, version); + } + + @Test + void testLoadContentWithMetadata() throws Exception { + JsonObject metadata = new JsonObject(); + when(reader.loadContent(metadata, "cloud_encryption_keys")).thenReturn(1L); + + long version = rotatingCloudEncryptionKeyProvider.loadContent(metadata); + assertEquals(1L, version); + } + + @Test + void testLoadContent() throws Exception { + JsonObject metadata = new JsonObject(); + when(reader.getMetadata()).thenReturn(metadata); + when(reader.loadContent(metadata, "cloud_encryption_keys")).thenReturn(1L); + + rotatingCloudEncryptionKeyProvider.loadContent(); + verify(reader, times(1)).getMetadata(); + verify(reader, times(1)).loadContent(metadata, "cloud_encryption_keys"); + } + + @Test + void testLoadContentEmptyArray() throws Exception { + JsonObject metadata = new JsonObject().put("keys", new JsonArray()); + when(reader.getMetadata()).thenReturn(metadata); + when(reader.loadContent(metadata, "cloud_encryption_keys")).thenReturn(0L); + + long version = rotatingCloudEncryptionKeyProvider.loadContent(metadata); + assertEquals(0L, version); + + Map keys = rotatingCloudEncryptionKeyProvider.getAll(); + assertTrue(keys.isEmpty()); + } + + @Test + void testGetAll() { + Map expectedKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); + expectedKeys.put(1, key1); + expectedKeys.put(2, key2); + when(reader.getSnapshot()).thenReturn(expectedKeys); + + Map keys = rotatingCloudEncryptionKeyProvider.getAll(); + assertEquals(expectedKeys, keys); + } + + @Test + void testGetAllEmpty() { + when(reader.getSnapshot()).thenReturn(new HashMap<>()); + + Map keys = rotatingCloudEncryptionKeyProvider.getAll(); + assertTrue(keys.isEmpty()); + } + + @Test + void testGetAllNullSnapshot() { + when(reader.getSnapshot()).thenReturn(null); + + Map keys = rotatingCloudEncryptionKeyProvider.getAll(); + assertNotNull(keys); + assertTrue(keys.isEmpty()); + } + + @Test + void testUpdateExistingKey() throws Exception { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey existingKey = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "oldSecret"); + existingKeys.put(1, existingKey); + when(reader.getSnapshot()).thenReturn(existingKeys); + + CloudEncryptionKey updatedKey = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "newSecret"); + existingKeys.put(1, updatedKey); + + rotatingCloudEncryptionKeyProvider.getAll().put(1, updatedKey); + + verify(reader, times(1)).getSnapshot(); + assertEquals("newSecret", rotatingCloudEncryptionKeyProvider.getAll().get(1).getSecret()); + } + + @Test + void testAddNewKey() throws Exception { + Map existingKeys = new HashMap<>(); + when(reader.getSnapshot()).thenReturn(existingKeys); + + CloudEncryptionKey newKey = new CloudEncryptionKey(2, 456, 1687808429, 1687808329, "newSecret"); + existingKeys.put(2, newKey); + + rotatingCloudEncryptionKeyProvider.getAll().put(2, newKey); + + verify(reader, times(1)).getSnapshot(); + assertEquals("newSecret", rotatingCloudEncryptionKeyProvider.getAll().get(2).getSecret()); + } + + @Test + void testHandleNonExistentKey() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey existingKey = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); + existingKeys.put(1, existingKey); + when(reader.getSnapshot()).thenReturn(existingKeys); + + CloudEncryptionKey nonExistentKey = rotatingCloudEncryptionKeyProvider.getAll().get(99); + assertNull(nonExistentKey); + } + + @Test + void testGetKeysForSite() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); + CloudEncryptionKey key3 = new CloudEncryptionKey(3, 456, 1687635529, 1687808329, "S3keySecretByteHere3"); + existingKeys.put(1, key1); + existingKeys.put(2, key2); + existingKeys.put(3, key3); + when(reader.getSnapshot()).thenReturn(existingKeys); + + Collection retrievedKeys = rotatingCloudEncryptionKeyProvider.getKeysForSite(123); + assertNotNull(retrievedKeys); + assertEquals(2, retrievedKeys.size()); + assertTrue(retrievedKeys.contains(key1)); + assertTrue(retrievedKeys.contains(key2)); + + Collection noKeysRetrieved = rotatingCloudEncryptionKeyProvider.getKeysForSite(789); + assertNotNull(noKeysRetrieved); + assertTrue(noKeysRetrieved.isEmpty()); + } + + @Test + void testGetAllWithSingleKey() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey singleKey = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); + existingKeys.put(1, singleKey); + when(reader.getSnapshot()).thenReturn(existingKeys); + + Map keys = rotatingCloudEncryptionKeyProvider.getAll(); + assertEquals(1, keys.size()); + assertEquals(singleKey, keys.get(1)); + } + + @Test + void testGetEncryptionKeyForSiteWithSingleKey() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey singleKey = new CloudEncryptionKey(1, 123, CURRENT_TIME - 1000, CURRENT_TIME + 1000, "S3keySecretByteHere1"); + existingKeys.put(1, singleKey); + when(reader.getSnapshot()).thenReturn(existingKeys); + + CloudEncryptionKey retrievedKey = rotatingCloudEncryptionKeyProvider.getEncryptionKeyForSite(123); + assertNotNull(retrievedKey); + assertEquals(singleKey, retrievedKey); + } + + @Test + void testGetKeysForSiteWithSingleKey() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey singleKey = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); + existingKeys.put(1, singleKey); + when(reader.getSnapshot()).thenReturn(existingKeys); + + Collection retrievedKeys = rotatingCloudEncryptionKeyProvider.getKeysForSite(123); + assertNotNull(retrievedKeys); + assertEquals(1, retrievedKeys.size()); + assertTrue(retrievedKeys.contains(singleKey)); + } + + @Test + void testGetKeysForSiteWithMultipleKeys() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); + existingKeys.put(1, key1); + existingKeys.put(2, key2); + when(reader.getSnapshot()).thenReturn(existingKeys); + + Collection retrievedKeys = rotatingCloudEncryptionKeyProvider.getKeysForSite(123); + assertNotNull(retrievedKeys); + assertEquals(2, retrievedKeys.size()); + assertTrue(retrievedKeys.contains(key1)); + assertTrue(retrievedKeys.contains(key2)); + } + + @Test + void testGetEncryptionKeyForNonExistentSite() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, CURRENT_TIME - 1000, CURRENT_TIME + 1000, "S3keySecretByteHere1"); + existingKeys.put(1, key1); + when(reader.getSnapshot()).thenReturn(existingKeys); + + IllegalStateException exception = assertThrows(IllegalStateException.class, + () -> rotatingCloudEncryptionKeyProvider.getEncryptionKeyForSite(456)); + + assertEquals("No S3 keys available for encryption for site ID: 456", exception.getMessage()); + } + + @Test + void testGetAllWhenReaderThrowsException() { + when(reader.getSnapshot()).thenThrow(new RuntimeException("Reader exception")); + + assertThrows(RuntimeException.class, () -> rotatingCloudEncryptionKeyProvider.getAll()); + } + + @Test + void testLoadContentWhenReaderThrowsException() throws Exception { + JsonObject metadata = new JsonObject(); + when(reader.getMetadata()).thenReturn(metadata); + when(reader.loadContent(metadata, "cloud_encryption_keys")).thenThrow(new RuntimeException("Load content exception")); + + assertThrows(RuntimeException.class, () -> rotatingCloudEncryptionKeyProvider.loadContent()); + } + + @Test + void testGetEncryptionKeyForSiteWithEmptyMap() { + Map existingKeys = new HashMap<>(); + when(reader.getSnapshot()).thenReturn(existingKeys); + assertThrows(IllegalStateException.class, () -> rotatingCloudEncryptionKeyProvider.getEncryptionKeyForSite(123)); + } + + @Test + void testGetKeysForSiteWithEmptyMap() { + Map existingKeys = new HashMap<>(); + when(reader.getSnapshot()).thenReturn(existingKeys); + Collection retrievedKeys = rotatingCloudEncryptionKeyProvider.getKeysForSite(123); + assertNotNull(retrievedKeys); + assertEquals(0, retrievedKeys.size()); + } + + @Test + void testGetEncryptionKeyForSiteWithMultipleKeysAndNonExistentSite() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, CURRENT_TIME - 2000, CURRENT_TIME + 1000, "S3keySecretByteHere1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 123, CURRENT_TIME - 1000, CURRENT_TIME + 2000, "S3keySecretByteHere2"); + existingKeys.put(1, key1); + existingKeys.put(2, key2); + when(reader.getSnapshot()).thenReturn(existingKeys); + + IllegalStateException exception = assertThrows(IllegalStateException.class, + () -> rotatingCloudEncryptionKeyProvider.getEncryptionKeyForSite(456)); + + assertEquals("No S3 keys available for encryption for site ID: 456", exception.getMessage()); + } + + @Test + void testGetKeysForSiteWithMultipleKeysAndNonExistentSite() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); + existingKeys.put(1, key1); + existingKeys.put(2, key2); + when(reader.getSnapshot()).thenReturn(existingKeys); + Collection retrievedKeys = rotatingCloudEncryptionKeyProvider.getKeysForSite(456); + assertNotNull(retrievedKeys); + assertEquals(0, retrievedKeys.size()); + } + + @Test + void testUpdateSiteToKeysMapping() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); + CloudEncryptionKey key3 = new CloudEncryptionKey(3, 456, 1687635529, 1687808329, "S3keySecretByteHere3"); + existingKeys.put(1, key1); + existingKeys.put(2, key2); + existingKeys.put(3, key3); + when(reader.getSnapshot()).thenReturn(existingKeys); + + rotatingCloudEncryptionKeyProvider.updateSiteToKeysMapping(); + + // Verify the behavior that depends on siteToKeysMap + Collection site123Keys = rotatingCloudEncryptionKeyProvider.getKeysForSite(123); + Collection site456Keys = rotatingCloudEncryptionKeyProvider.getKeysForSite(456); + + assertEquals(2, site123Keys.size()); + assertTrue(site123Keys.contains(key1)); + assertTrue(site123Keys.contains(key2)); + + assertEquals(1, site456Keys.size()); + assertTrue(site456Keys.contains(key3)); + + assertEquals(2, rotatingCloudEncryptionKeyProvider.getTotalSites()); + Set allSiteIds = rotatingCloudEncryptionKeyProvider.getAllSiteIds(); + assertEquals(2, allSiteIds.size()); + assertTrue(allSiteIds.contains(123)); + assertTrue(allSiteIds.contains(456)); + } + + @Test + void testLoadContentOverride() throws Exception { + JsonObject metadata = new JsonObject(); + when(reader.getMetadata()).thenReturn(metadata); + when(reader.loadContent(metadata, "cloud_encryption_keys")).thenReturn(1L); + + rotatingCloudEncryptionKeyProvider.loadContent(); + + verify(reader, times(1)).getMetadata(); + verify(reader, times(1)).loadContent(metadata, "cloud_encryption_keys"); + } + + @Test + void testGetAllSiteIds() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 456, 1687808429, 1687808329, "S3keySecretByteHere2"); + existingKeys.put(1, key1); + existingKeys.put(2, key2); + when(reader.getSnapshot()).thenReturn(existingKeys); + + rotatingCloudEncryptionKeyProvider.updateSiteToKeysMapping(); + + Set allSiteIds = rotatingCloudEncryptionKeyProvider.getAllSiteIds(); + assertEquals(2, allSiteIds.size()); + assertTrue(allSiteIds.contains(123)); + assertTrue(allSiteIds.contains(456)); + } + + @Test + void testGetTotalSites() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); + CloudEncryptionKey key3 = new CloudEncryptionKey(3, 456, 1687635529, 1687808329, "S3keySecretByteHere3"); + existingKeys.put(1, key1); + existingKeys.put(2, key2); + existingKeys.put(3, key3); + when(reader.getSnapshot()).thenReturn(existingKeys); + + rotatingCloudEncryptionKeyProvider.updateSiteToKeysMapping(); + + int totalSites = rotatingCloudEncryptionKeyProvider.getTotalSites(); + assertEquals(2, totalSites); + } + + @Test + void testGetKeysForSiteFromMap() { + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 100, 1687635529, 1687808329, "secret1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 100, 1687808429, 1687981229, "secret2"); + CloudEncryptionKey key3 = new CloudEncryptionKey(3, 200, 1687981329, 1688154129, "secret3"); + + Map> testMap = new HashMap<>(); + testMap.put(100, Arrays.asList(key1, key2)); + testMap.put(200, Collections.singletonList(key3)); + + rotatingCloudEncryptionKeyProvider.siteToKeysMap = testMap; + + List result1 = rotatingCloudEncryptionKeyProvider.getKeys(100); + assertEquals(2, result1.size()); + assertTrue(result1.contains(key1)); + assertTrue(result1.contains(key2)); + + List result2 = rotatingCloudEncryptionKeyProvider.getKeys(200); + assertEquals(1, result2.size()); + assertTrue(result2.contains(key3)); + + List result3 = rotatingCloudEncryptionKeyProvider.getKeys(300); + assertTrue(result3.isEmpty()); + } + + @Test + void testGetKeysForSiteFromMapWithEmptyMap() { + rotatingCloudEncryptionKeyProvider.siteToKeysMap = new HashMap<>(); + + List result = rotatingCloudEncryptionKeyProvider.getKeys(100); + assertTrue(result.isEmpty()); + } + + @Test + void testGetKeysForSiteFromMapWithNullMap() { + rotatingCloudEncryptionKeyProvider.siteToKeysMap = null; + + assertThrows(NullPointerException.class, () -> rotatingCloudEncryptionKeyProvider.getKeys(100)); + } + + @Test + void testGetEncryptionKeyForSite() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, CURRENT_TIME - 3000, 1687808329, "S3keySecretByteHere1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 123, CURRENT_TIME - 2000, 1687981229, "S3keySecretByteHere2"); + CloudEncryptionKey key3 = new CloudEncryptionKey(3, 123, CURRENT_TIME - 1000, 1688154129, "S3keySecretByteHere3"); + CloudEncryptionKey key4 = new CloudEncryptionKey(4, 123, CURRENT_TIME + 1000, 1688327029, "S3keySecretByteHere4"); // Future key + existingKeys.put(1, key1); + existingKeys.put(2, key2); + existingKeys.put(3, key3); + existingKeys.put(4, key4); + when(reader.getSnapshot()).thenReturn(existingKeys); + + CloudEncryptionKey retrievedKey = rotatingCloudEncryptionKeyProvider.getEncryptionKeyForSite(123); + assertNotNull(retrievedKey); + assertEquals(key3, retrievedKey); // Should return the most recent active key + } + + @Test + void testGetEncryptionKeyForSiteWithNoActiveKeys() { + Map existingKeys = new HashMap<>(); + CloudEncryptionKey key1 = new CloudEncryptionKey(1, 123, CURRENT_TIME + 1000, 1687808329, "S3keySecretByteHere1"); + CloudEncryptionKey key2 = new CloudEncryptionKey(2, 123, CURRENT_TIME + 2000, 1687981229, "S3keySecretByteHere2"); + existingKeys.put(1, key1); + existingKeys.put(2, key2); + when(reader.getSnapshot()).thenReturn(existingKeys); + + assertThrows(IllegalStateException.class, () -> rotatingCloudEncryptionKeyProvider.getEncryptionKeyForSite(123)); + } +} diff --git a/src/test/java/com/uid2/shared/store/reader/RotatingS3KeyProviderTest.java b/src/test/java/com/uid2/shared/store/reader/RotatingS3KeyProviderTest.java deleted file mode 100644 index bdba2c7b..00000000 --- a/src/test/java/com/uid2/shared/store/reader/RotatingS3KeyProviderTest.java +++ /dev/null @@ -1,473 +0,0 @@ -package com.uid2.shared.store.reader; - -import com.uid2.shared.cloud.DownloadCloudStorage; -import com.uid2.shared.model.S3Key; -import com.uid2.shared.store.CloudPath; -import com.uid2.shared.store.ScopedStoreReader; -import com.uid2.shared.store.scope.StoreScope; -import io.vertx.core.json.JsonArray; -import io.vertx.core.json.JsonObject; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.mockito.Mock; -import org.mockito.MockitoAnnotations; - -import java.time.Instant; -import java.util.Set; -import java.util.Map; -import java.util.List; -import java.util.HashMap; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; - -import static org.junit.jupiter.api.Assertions.*; -import static org.mockito.Mockito.*; - -public class RotatingS3KeyProviderTest { - - @Mock - private DownloadCloudStorage fileStreamProvider; - - @Mock - private StoreScope scope; - - @Mock - private ScopedStoreReader> reader; - - private RotatingS3KeyProvider rotatingS3KeyProvider; - - private static final long CURRENT_TIME = Instant.now().getEpochSecond(); - - @BeforeEach - void setUp() { - MockitoAnnotations.openMocks(this); - rotatingS3KeyProvider = new RotatingS3KeyProvider(fileStreamProvider, scope); - // Inject the mock reader into the RotatingS3KeyProvider - rotatingS3KeyProvider.reader = reader; - } - - @Test - void testGetMetadata() throws Exception { - JsonObject expectedMetadata = new JsonObject().put("version", 1L); - when(reader.getMetadata()).thenReturn(expectedMetadata); - - JsonObject metadata = rotatingS3KeyProvider.getMetadata(); - assertEquals(expectedMetadata, metadata); - } - - @Test - void testGetMetadataPath() { - CloudPath expectedPath = new CloudPath("some/path"); - when(reader.getMetadataPath()).thenReturn(expectedPath); - - CloudPath path = rotatingS3KeyProvider.getMetadataPath(); - assertEquals(expectedPath, path); - } - - @Test - void testGetVersion() { - JsonObject metadata = new JsonObject().put("version", 1L); - long version = rotatingS3KeyProvider.getVersion(metadata); - assertEquals(1L, version); - } - - @Test - void testLoadContentWithMetadata() throws Exception { - JsonObject metadata = new JsonObject(); - when(reader.loadContent(metadata, "s3encryption_keys")).thenReturn(1L); - - long version = rotatingS3KeyProvider.loadContent(metadata); - assertEquals(1L, version); - } - - @Test - void testLoadContent() throws Exception { - JsonObject metadata = new JsonObject(); - when(reader.getMetadata()).thenReturn(metadata); - when(reader.loadContent(metadata, "s3encryption_keys")).thenReturn(1L); - - rotatingS3KeyProvider.loadContent(); - verify(reader, times(1)).getMetadata(); - verify(reader, times(1)).loadContent(metadata, "s3encryption_keys"); - } - - @Test - void testLoadContentEmptyArray() throws Exception { - JsonObject metadata = new JsonObject().put("keys", new JsonArray()); - when(reader.getMetadata()).thenReturn(metadata); - when(reader.loadContent(metadata, "s3encryption_keys")).thenReturn(0L); - - long version = rotatingS3KeyProvider.loadContent(metadata); - assertEquals(0L, version); - - Map keys = rotatingS3KeyProvider.getAll(); - assertTrue(keys.isEmpty()); - } - - @Test - void testGetAll() { - Map expectedKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); - S3Key key2 = new S3Key(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); - expectedKeys.put(1, key1); - expectedKeys.put(2, key2); - when(reader.getSnapshot()).thenReturn(expectedKeys); - - Map keys = rotatingS3KeyProvider.getAll(); - assertEquals(expectedKeys, keys); - } - - @Test - void testGetAllEmpty() { - when(reader.getSnapshot()).thenReturn(new HashMap<>()); - - Map keys = rotatingS3KeyProvider.getAll(); - assertTrue(keys.isEmpty()); - } - - @Test - void testGetAllNullSnapshot() { - when(reader.getSnapshot()).thenReturn(null); - - Map keys = rotatingS3KeyProvider.getAll(); - assertNotNull(keys); - assertTrue(keys.isEmpty()); - } - - @Test - void testUpdateExistingKey() throws Exception { - Map existingKeys = new HashMap<>(); - S3Key existingKey = new S3Key(1, 123, 1687635529, 1687808329, "oldSecret"); - existingKeys.put(1, existingKey); - when(reader.getSnapshot()).thenReturn(existingKeys); - - S3Key updatedKey = new S3Key(1, 123, 1687635529, 1687808329, "newSecret"); - existingKeys.put(1, updatedKey); - - rotatingS3KeyProvider.getAll().put(1, updatedKey); - - verify(reader, times(1)).getSnapshot(); - assertEquals("newSecret", rotatingS3KeyProvider.getAll().get(1).getSecret()); - } - - @Test - void testAddNewKey() throws Exception { - Map existingKeys = new HashMap<>(); - when(reader.getSnapshot()).thenReturn(existingKeys); - - S3Key newKey = new S3Key(2, 456, 1687808429, 1687808329, "newSecret"); - existingKeys.put(2, newKey); - - rotatingS3KeyProvider.getAll().put(2, newKey); - - verify(reader, times(1)).getSnapshot(); - assertEquals("newSecret", rotatingS3KeyProvider.getAll().get(2).getSecret()); - } - - @Test - void testHandleNonExistentKey() { - Map existingKeys = new HashMap<>(); - S3Key existingKey = new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); - existingKeys.put(1, existingKey); - when(reader.getSnapshot()).thenReturn(existingKeys); - - S3Key nonExistentKey = rotatingS3KeyProvider.getAll().get(99); - assertNull(nonExistentKey); - } - - @Test - void testGetKeysForSite() { - Map existingKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); - S3Key key2 = new S3Key(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); - S3Key key3 = new S3Key(3, 456, 1687635529, 1687808329, "S3keySecretByteHere3"); - existingKeys.put(1, key1); - existingKeys.put(2, key2); - existingKeys.put(3, key3); - when(reader.getSnapshot()).thenReturn(existingKeys); - - Collection retrievedKeys = rotatingS3KeyProvider.getKeysForSite(123); - assertNotNull(retrievedKeys); - assertEquals(2, retrievedKeys.size()); - assertTrue(retrievedKeys.contains(key1)); - assertTrue(retrievedKeys.contains(key2)); - - Collection noKeysRetrieved = rotatingS3KeyProvider.getKeysForSite(789); - assertNotNull(noKeysRetrieved); - assertTrue(noKeysRetrieved.isEmpty()); - } - - @Test - void testGetAllWithSingleKey() { - Map existingKeys = new HashMap<>(); - S3Key singleKey = new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); - existingKeys.put(1, singleKey); - when(reader.getSnapshot()).thenReturn(existingKeys); - - Map keys = rotatingS3KeyProvider.getAll(); - assertEquals(1, keys.size()); - assertEquals(singleKey, keys.get(1)); - } - - @Test - void testGetEncryptionKeyForSiteWithSingleKey() { - Map existingKeys = new HashMap<>(); - S3Key singleKey = new S3Key(1, 123, CURRENT_TIME - 1000, CURRENT_TIME + 1000, "S3keySecretByteHere1"); - existingKeys.put(1, singleKey); - when(reader.getSnapshot()).thenReturn(existingKeys); - - S3Key retrievedKey = rotatingS3KeyProvider.getEncryptionKeyForSite(123); - assertNotNull(retrievedKey); - assertEquals(singleKey, retrievedKey); - } - - @Test - void testGetKeysForSiteWithSingleKey() { - Map existingKeys = new HashMap<>(); - S3Key singleKey = new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); - existingKeys.put(1, singleKey); - when(reader.getSnapshot()).thenReturn(existingKeys); - - Collection retrievedKeys = rotatingS3KeyProvider.getKeysForSite(123); - assertNotNull(retrievedKeys); - assertEquals(1, retrievedKeys.size()); - assertTrue(retrievedKeys.contains(singleKey)); - } - - @Test - void testGetKeysForSiteWithMultipleKeys() { - Map existingKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); - S3Key key2 = new S3Key(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); - existingKeys.put(1, key1); - existingKeys.put(2, key2); - when(reader.getSnapshot()).thenReturn(existingKeys); - - Collection retrievedKeys = rotatingS3KeyProvider.getKeysForSite(123); - assertNotNull(retrievedKeys); - assertEquals(2, retrievedKeys.size()); - assertTrue(retrievedKeys.contains(key1)); - assertTrue(retrievedKeys.contains(key2)); - } - - @Test - void testGetEncryptionKeyForNonExistentSite() { - Map existingKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, CURRENT_TIME - 1000, CURRENT_TIME + 1000, "S3keySecretByteHere1"); - existingKeys.put(1, key1); - when(reader.getSnapshot()).thenReturn(existingKeys); - - IllegalStateException exception = assertThrows(IllegalStateException.class, - () -> rotatingS3KeyProvider.getEncryptionKeyForSite(456)); - - assertEquals("No S3 keys available for encryption for site ID: 456", exception.getMessage()); - } - - @Test - void testGetAllWhenReaderThrowsException() { - when(reader.getSnapshot()).thenThrow(new RuntimeException("Reader exception")); - - assertThrows(RuntimeException.class, () -> rotatingS3KeyProvider.getAll()); - } - - @Test - void testLoadContentWhenReaderThrowsException() throws Exception { - JsonObject metadata = new JsonObject(); - when(reader.getMetadata()).thenReturn(metadata); - when(reader.loadContent(metadata, "s3encryption_keys")).thenThrow(new RuntimeException("Load content exception")); - - assertThrows(RuntimeException.class, () -> rotatingS3KeyProvider.loadContent()); - } - - @Test - void testGetEncryptionKeyForSiteWithEmptyMap() { - Map existingKeys = new HashMap<>(); - when(reader.getSnapshot()).thenReturn(existingKeys); - assertThrows(IllegalStateException.class, () -> rotatingS3KeyProvider.getEncryptionKeyForSite(123)); - } - - @Test - void testGetKeysForSiteWithEmptyMap() { - Map existingKeys = new HashMap<>(); - when(reader.getSnapshot()).thenReturn(existingKeys); - Collection retrievedKeys = rotatingS3KeyProvider.getKeysForSite(123); - assertNotNull(retrievedKeys); - assertEquals(0, retrievedKeys.size()); - } - - @Test - void testGetEncryptionKeyForSiteWithMultipleKeysAndNonExistentSite() { - Map existingKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, CURRENT_TIME - 2000, CURRENT_TIME + 1000, "S3keySecretByteHere1"); - S3Key key2 = new S3Key(2, 123, CURRENT_TIME - 1000, CURRENT_TIME + 2000, "S3keySecretByteHere2"); - existingKeys.put(1, key1); - existingKeys.put(2, key2); - when(reader.getSnapshot()).thenReturn(existingKeys); - - IllegalStateException exception = assertThrows(IllegalStateException.class, - () -> rotatingS3KeyProvider.getEncryptionKeyForSite(456)); - - assertEquals("No S3 keys available for encryption for site ID: 456", exception.getMessage()); - } - - @Test - void testGetKeysForSiteWithMultipleKeysAndNonExistentSite() { - Map existingKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); - S3Key key2 = new S3Key(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); - existingKeys.put(1, key1); - existingKeys.put(2, key2); - when(reader.getSnapshot()).thenReturn(existingKeys); - Collection retrievedKeys = rotatingS3KeyProvider.getKeysForSite(456); - assertNotNull(retrievedKeys); - assertEquals(0, retrievedKeys.size()); - } - - @Test - void testUpdateSiteToKeysMapping() { - Map existingKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); - S3Key key2 = new S3Key(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); - S3Key key3 = new S3Key(3, 456, 1687635529, 1687808329, "S3keySecretByteHere3"); - existingKeys.put(1, key1); - existingKeys.put(2, key2); - existingKeys.put(3, key3); - when(reader.getSnapshot()).thenReturn(existingKeys); - - rotatingS3KeyProvider.updateSiteToKeysMapping(); - - // Verify the behavior that depends on siteToKeysMap - Collection site123Keys = rotatingS3KeyProvider.getKeysForSite(123); - Collection site456Keys = rotatingS3KeyProvider.getKeysForSite(456); - - assertEquals(2, site123Keys.size()); - assertTrue(site123Keys.contains(key1)); - assertTrue(site123Keys.contains(key2)); - - assertEquals(1, site456Keys.size()); - assertTrue(site456Keys.contains(key3)); - - assertEquals(2, rotatingS3KeyProvider.getTotalSites()); - Set allSiteIds = rotatingS3KeyProvider.getAllSiteIds(); - assertEquals(2, allSiteIds.size()); - assertTrue(allSiteIds.contains(123)); - assertTrue(allSiteIds.contains(456)); - } - - @Test - void testLoadContentOverride() throws Exception { - JsonObject metadata = new JsonObject(); - when(reader.getMetadata()).thenReturn(metadata); - when(reader.loadContent(metadata, "s3encryption_keys")).thenReturn(1L); - - rotatingS3KeyProvider.loadContent(); - - verify(reader, times(1)).getMetadata(); - verify(reader, times(1)).loadContent(metadata, "s3encryption_keys"); - } - - @Test - void testGetAllSiteIds() { - Map existingKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); - S3Key key2 = new S3Key(2, 456, 1687808429, 1687808329, "S3keySecretByteHere2"); - existingKeys.put(1, key1); - existingKeys.put(2, key2); - when(reader.getSnapshot()).thenReturn(existingKeys); - - rotatingS3KeyProvider.updateSiteToKeysMapping(); - - Set allSiteIds = rotatingS3KeyProvider.getAllSiteIds(); - assertEquals(2, allSiteIds.size()); - assertTrue(allSiteIds.contains(123)); - assertTrue(allSiteIds.contains(456)); - } - - @Test - void testGetTotalSites() { - Map existingKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, 1687635529, 1687808329, "S3keySecretByteHere1"); - S3Key key2 = new S3Key(2, 123, 1687808429, 1687808329, "S3keySecretByteHere2"); - S3Key key3 = new S3Key(3, 456, 1687635529, 1687808329, "S3keySecretByteHere3"); - existingKeys.put(1, key1); - existingKeys.put(2, key2); - existingKeys.put(3, key3); - when(reader.getSnapshot()).thenReturn(existingKeys); - - rotatingS3KeyProvider.updateSiteToKeysMapping(); - - int totalSites = rotatingS3KeyProvider.getTotalSites(); - assertEquals(2, totalSites); - } - - @Test - void testGetKeysForSiteFromMap() { - S3Key key1 = new S3Key(1, 100, 1687635529, 1687808329, "secret1"); - S3Key key2 = new S3Key(2, 100, 1687808429, 1687981229, "secret2"); - S3Key key3 = new S3Key(3, 200, 1687981329, 1688154129, "secret3"); - - Map> testMap = new HashMap<>(); - testMap.put(100, Arrays.asList(key1, key2)); - testMap.put(200, Collections.singletonList(key3)); - - rotatingS3KeyProvider.siteToKeysMap = testMap; - - List result1 = rotatingS3KeyProvider.getKeys(100); - assertEquals(2, result1.size()); - assertTrue(result1.contains(key1)); - assertTrue(result1.contains(key2)); - - List result2 = rotatingS3KeyProvider.getKeys(200); - assertEquals(1, result2.size()); - assertTrue(result2.contains(key3)); - - List result3 = rotatingS3KeyProvider.getKeys(300); - assertTrue(result3.isEmpty()); - } - - @Test - void testGetKeysForSiteFromMapWithEmptyMap() { - rotatingS3KeyProvider.siteToKeysMap = new HashMap<>(); - - List result = rotatingS3KeyProvider.getKeys(100); - assertTrue(result.isEmpty()); - } - - @Test - void testGetKeysForSiteFromMapWithNullMap() { - rotatingS3KeyProvider.siteToKeysMap = null; - - assertThrows(NullPointerException.class, () -> rotatingS3KeyProvider.getKeys(100)); - } - - @Test - void testGetEncryptionKeyForSite() { - Map existingKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, CURRENT_TIME - 3000, 1687808329, "S3keySecretByteHere1"); - S3Key key2 = new S3Key(2, 123, CURRENT_TIME - 2000, 1687981229, "S3keySecretByteHere2"); - S3Key key3 = new S3Key(3, 123, CURRENT_TIME - 1000, 1688154129, "S3keySecretByteHere3"); - S3Key key4 = new S3Key(4, 123, CURRENT_TIME + 1000, 1688327029, "S3keySecretByteHere4"); // Future key - existingKeys.put(1, key1); - existingKeys.put(2, key2); - existingKeys.put(3, key3); - existingKeys.put(4, key4); - when(reader.getSnapshot()).thenReturn(existingKeys); - - S3Key retrievedKey = rotatingS3KeyProvider.getEncryptionKeyForSite(123); - assertNotNull(retrievedKey); - assertEquals(key3, retrievedKey); // Should return the most recent active key - } - - @Test - void testGetEncryptionKeyForSiteWithNoActiveKeys() { - Map existingKeys = new HashMap<>(); - S3Key key1 = new S3Key(1, 123, CURRENT_TIME + 1000, 1687808329, "S3keySecretByteHere1"); - S3Key key2 = new S3Key(2, 123, CURRENT_TIME + 2000, 1687981229, "S3keySecretByteHere2"); - existingKeys.put(1, key1); - existingKeys.put(2, key2); - when(reader.getSnapshot()).thenReturn(existingKeys); - - assertThrows(IllegalStateException.class, () -> rotatingS3KeyProvider.getEncryptionKeyForSite(123)); - } -}