Merge pull request #1265 from IABTechLab/cbc-rollback-cloud-encryption

Reverting cloud encryption

conf/default-config.json

@@ -30,8 +30,6 @@
   "salts_metadata_path": "salts/metadata.json",
   "services_metadata_path": "services/metadata.json",
   "service_links_metadata_path": "service_links/metadata.json",
-  "cloud_encryption_keys_metadata_path": "cloud_encryption_keys/metadata.json",
-  "cloud_encryption_keys_refresh_ms": 300000,
   "optout_metadata_path": null,
   "optout_inmem_cache": false,
   "enclave_platform": null,

conf/docker-config.json

@@ -31,7 +31,6 @@
   "salts_metadata_path": "/com.uid2.core/test/salts/metadata.json",
   "services_metadata_path": "/com.uid2.core/test/services/metadata.json",
   "service_links_metadata_path": "/com.uid2.core/test/service_links/metadata.json",
-  "cloud_encryption_keys_metadata_path": "/com.uid2.core/test/cloud_encryption_keys/metadata.json",
   "identity_token_expires_after_seconds": 3600,
   "optout_metadata_path": null,
   "optout_inmem_cache": false,

conf/integ-config.json

@@ -14,6 +14,6 @@
   "optout_api_token": "test-operator-key",
   "optout_api_uri": "http://localhost:8081/optout/replicate",
   "salts_expired_shutdown_hours": 12,
-  "cloud_encryption_keys_metadata_path": "http://localhost:8088/cloud_encryption_keys/retrieve",
   "operator_type": "public"
+
 }

conf/local-config.json

@@ -9,7 +9,6 @@
   "salts_metadata_path": "/com.uid2.core/test/salts/metadata.json",
   "services_metadata_path": "/com.uid2.core/test/services/metadata.json",
   "service_links_metadata_path": "/com.uid2.core/test/service_links/metadata.json",
-  "cloud_encryption_keys_metadata_path":"/com.uid2.core/test/cloud_encryption_keys/metadata.json",
   "identity_token_expires_after_seconds": 3600,
   "refresh_token_expires_after_seconds": 86400,
   "refresh_identity_token_after_seconds": 900,

conf/local-e2e-docker-private-config.json

@@ -11,7 +11,6 @@
   "keysets_metadata_path": "http://core:8088/key/keyset/refresh",
   "keyset_keys_metadata_path": "http://core:8088/key/keyset-keys/refresh",
   "salts_metadata_path": "http://core:8088/salt/refresh",
-  "cloud_encryption_keys_metadata_path": "http://core:8088/cloud_encryption_keys/retrieve",
   "identity_token_expires_after_seconds": 3600,
   "refresh_token_expires_after_seconds": 86400,
   "refresh_identity_token_after_seconds": 900,

conf/local-e2e-docker-public-config.json

@@ -13,7 +13,6 @@
   "salts_metadata_path": "http://core:8088/salt/refresh",
   "services_metadata_path": "http://core:8088/services/refresh",
   "service_links_metadata_path": "http://core:8088/service_links/refresh",
-  "cloud_encryption_keys_metadata_path": "http://core:8088/cloud_encryption_keys/retrieve",
   "identity_token_expires_after_seconds": 3600,
   "refresh_token_expires_after_seconds": 86400,
   "refresh_identity_token_after_seconds": 900,

conf/local-e2e-private-config.json

@@ -13,7 +13,6 @@
   "salts_metadata_path": "http://localhost:8088/salt/refresh",
   "services_metadata_path": "http://localhost:8088/services/refresh",
   "service_links_metadata_path": "http://localhost:8088/service_links/refresh",
-  "cloud_encryption_keys_metadata_path": "http://core:8088/cloud_encryption_keys/retrieve",
   "identity_token_expires_after_seconds": 3600,
   "refresh_token_expires_after_seconds": 86400,
   "refresh_identity_token_after_seconds": 900,

conf/local-e2e-public-config.json

@@ -13,7 +13,6 @@
   "salts_metadata_path": "http://localhost:8088/salt/refresh",
   "services_metadata_path": "http://localhost:8088/services/refresh",
   "service_links_metadata_path": "http://localhost:8088/service_links/refresh",
-  "cloud_encryption_keys_metadata_path": "http://core:8088/cloud_encryption_keys/retrieve",
   "identity_token_expires_after_seconds": 3600,
   "refresh_token_expires_after_seconds": 86400,
   "refresh_identity_token_after_seconds": 900,

conf/validator-latest-e2e-docker-public-config.json

@@ -14,7 +14,6 @@
   "salts_metadata_path": "http://core:8088/salt/refresh",
   "services_metadata_path": "http://core:8088/services/refresh",
   "service_links_metadata_path": "http://core:8088/service_links/refresh",
-  "cloud_encryption_keys_metadata_path": "https://core:8088/cloud_encryption_keys/retrieve",
   "identity_token_expires_after_seconds": 3600,
   "refresh_token_expires_after_seconds": 86400,
   "refresh_identity_token_after_seconds": 900,

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-operator</artifactId>
-    <version>5.45.0</version>
+    <version>5.44.6</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

scripts/aws/conf/integ-euid-config.json

@@ -9,7 +9,6 @@
   "service_links_metadata_path": "https://core.integ.euid.eu/service_links/refresh",
   "optout_metadata_path": "https://optout.integ.euid.eu/optout/refresh",
   "core_attest_url": "https://core.integ.euid.eu/attest",
-  "cloud_encryption_keys_metadata_path": "https://core.integ.euid.eu/cloud_encryption_keys/retrieve",
   "optout_api_uri": "https://optout.integ.euid.eu/optout/replicate",
   "optout_s3_folder": "optout/",
   "allow_legacy_api": false

scripts/aws/conf/integ-uid2-config.json

@@ -8,7 +8,6 @@
   "services_metadata_path": "https://core-integ.uidapi.com/services/refresh",
   "service_links_metadata_path": "https://core-integ.uidapi.com/service_links/refresh",
   "optout_metadata_path": "https://optout-integ.uidapi.com/optout/refresh",
-  "cloud_encryption_keys_metadata_path": "https://core-integ.uidapi.com/cloud_encryption_keys/retrieve",
   "core_attest_url": "https://core-integ.uidapi.com/attest",
   "optout_api_uri": "https://optout-integ.uidapi.com/optout/replicate",
   "optout_s3_folder": "uid-optout-integ/",

scripts/aws/conf/prod-euid-config.json

@@ -9,7 +9,6 @@
   "services_metadata_path": "https://core.prod.euid.eu/services/refresh",
   "service_links_metadata_path": "https://core.prod.euid.eu/service_links/refresh",
   "optout_metadata_path": "https://optout.prod.euid.eu/optout/refresh",
-  "cloud_encryption_keys_metadata_path": "https://core.prod.euid.eu/cloud_encryption_keys/retrieve",
   "core_attest_url": "https://core.prod.euid.eu/attest",
   "core_api_token": "your-api-token",
   "optout_s3_path_compat": false,

scripts/aws/conf/prod-uid2-config.json

@@ -8,7 +8,6 @@
   "salts_metadata_path": "https://core-prod.uidapi.com/salt/refresh",
   "services_metadata_path": "https://core-prod.uidapi.com/services/refresh",
   "service_links_metadata_path": "https://core-prod.uidapi.com/service_links/refresh",
-  "cloud_encryption_keys_metadata_path": "https://core-prod.uidapi.com/cloud_encryption_keys/retrieve",
   "optout_metadata_path": "https://optout-prod.uidapi.com/optout/refresh",
   "core_attest_url": "https://core-prod.uidapi.com/attest",
   "core_api_token": "your-api-token",

scripts/azure-cc/conf/integ-uid2-config.json

@@ -7,7 +7,6 @@
   "salts_metadata_path": "https://core-integ.uidapi.com/salt/refresh",
   "services_metadata_path": "https://core-integ.uidapi.com/services/refresh",
   "service_links_metadata_path": "https://core-integ.uidapi.com/service_links/refresh",
-  "cloud_encryption_keys_metadata_path": "https://core-integ.uidapi.com/cloud_encryption_keys/retrieve",
   "optout_metadata_path": "https://optout-integ.uidapi.com/optout/refresh",
   "core_attest_url": "https://core-integ.uidapi.com/attest",
   "optout_api_uri": "https://optout-integ.uidapi.com/optout/replicate",

scripts/azure-cc/conf/prod-uid2-config.json

@@ -7,7 +7,6 @@
   "salts_metadata_path": "https://core-prod.uidapi.com/salt/refresh",
   "services_metadata_path": "https://core-prod.uidapi.com/services/refresh",
   "service_links_metadata_path": "https://core-prod.uidapi.com/service_links/refresh",
-  "cloud_encryption_keys_metadata_path": "https://core-prod.uidapi.com/cloud_encryption_keys/retrieve",
   "optout_metadata_path": "https://optout-prod.uidapi.com/optout/refresh",
   "core_attest_url": "https://core-prod.uidapi.com/attest",
   "optout_api_uri": "https://optout-prod.uidapi.com/optout/replicate",

scripts/gcp/conf/integ-config.json

@@ -5,7 +5,6 @@
   "salts_metadata_path": "https://core-integ.uidapi.com/salt/refresh",
   "core_attest_url": "https://core-integ.uidapi.com/attest",
   "optout_metadata_path": "https://optout-integ.uidapi.com/optout/refresh",
-  "cloud_encryption_keys_metadata_path": "https://core-integ.uidapi.com/cloud_encryption_keys/retrieve",
   "optout_api_uri": "https://optout-integ.uidapi.com/optout/replicate",
   "optout_s3_folder": "optout-v2/",
   "optout_inmem_cache": true,

scripts/gcp/conf/prod-config.json

@@ -6,7 +6,6 @@
   "core_attest_url": "https://core-prod.uidapi.com/attest",
   "optout_metadata_path": "https://optout-prod.uidapi.com/optout/refresh",
   "optout_api_uri": "https://optout-prod.uidapi.com/optout/replicate",
-  "cloud_encryption_keys_metadata_path": "https://core-prod.uidapi.com/cloud_encryption_keys/retrieve",
   "optout_s3_folder": "optout-v2/",
   "optout_inmem_cache": true,
   "identity_token_expires_after_seconds": 14400,

src/main/java/com/uid2/operator/Main.java

@@ -8,7 +8,6 @@
 import com.uid2.operator.monitoring.IStatsCollectorQueue;
 import com.uid2.operator.monitoring.OperatorMetrics;
 import com.uid2.operator.monitoring.StatsCollectorVerticle;
-import com.uid2.operator.reader.RotatingCloudEncryptionKeyApiProvider;
 import com.uid2.operator.service.SecureLinkValidatorService;
 import com.uid2.operator.service.ShutdownService;
 import com.uid2.operator.vertx.Endpoints;
@@ -23,7 +22,6 @@
 import com.uid2.shared.jmx.AdminApi;
 import com.uid2.shared.optout.OptOutCloudSync;
 import com.uid2.shared.store.CloudPath;
-import com.uid2.shared.store.EncryptedRotatingSaltProvider;
 import com.uid2.shared.store.RotatingSaltProvider;
 import com.uid2.shared.store.reader.*;
 import com.uid2.shared.store.scope.GlobalScope;
@@ -84,7 +82,6 @@ public class Main {
     private IStatsCollectorQueue _statsCollectorQueue;
     private RotatingServiceStore serviceProvider;
     private RotatingServiceLinkStore serviceLinkProvider;
-    private RotatingCloudEncryptionKeyApiProvider cloudEncryptionKeyProvider;
 
     public Main(Vertx vertx, JsonObject config) throws Exception {
         this.vertx = vertx;
@@ -136,19 +133,17 @@ public Main(Vertx vertx, JsonObject config) throws Exception {
             this.fsOptOut = configureCloudOptOutStore();
         }
 
-        String cloudEncryptionKeyMdPath = this.config.getString(Const.Config.CloudEncryptionKeysMetadataPathProp);
-        this.cloudEncryptionKeyProvider = new RotatingCloudEncryptionKeyApiProvider(fsStores, new GlobalScope(new CloudPath(cloudEncryptionKeyMdPath)));
         String sitesMdPath = this.config.getString(Const.Config.SitesMetadataPathProp);
         String keypairMdPath = this.config.getString(Const.Config.ClientSideKeypairsMetadataPathProp);
-        this.clientSideKeypairProvider = new RotatingClientSideKeypairStore(fsStores, new GlobalScope(new CloudPath(keypairMdPath)), cloudEncryptionKeyProvider);
+        this.clientSideKeypairProvider = new RotatingClientSideKeypairStore(fsStores, new GlobalScope(new CloudPath(keypairMdPath)));
         String clientsMdPath = this.config.getString(Const.Config.ClientsMetadataPathProp);
-        this.clientKeyProvider = new RotatingClientKeyProvider(fsStores, new GlobalScope(new CloudPath(clientsMdPath)), cloudEncryptionKeyProvider);
+        this.clientKeyProvider = new RotatingClientKeyProvider(fsStores, new GlobalScope(new CloudPath(clientsMdPath)));
         String keysetKeysMdPath = this.config.getString(Const.Config.KeysetKeysMetadataPathProp);
-        this.keysetKeyStore = new RotatingKeysetKeyStore(fsStores, new GlobalScope(new CloudPath(keysetKeysMdPath)), cloudEncryptionKeyProvider);
+        this.keysetKeyStore = new RotatingKeysetKeyStore(fsStores, new GlobalScope(new CloudPath(keysetKeysMdPath)));
         String keysetMdPath = this.config.getString(Const.Config.KeysetsMetadataPathProp);
-        this.keysetProvider = new RotatingKeysetProvider(fsStores, new GlobalScope(new CloudPath(keysetMdPath)), cloudEncryptionKeyProvider);
+        this.keysetProvider = new RotatingKeysetProvider(fsStores, new GlobalScope(new CloudPath(keysetMdPath)));
         String saltsMdPath = this.config.getString(Const.Config.SaltsMetadataPathProp);
-        this.saltProvider = new EncryptedRotatingSaltProvider(fsStores, cloudEncryptionKeyProvider, new GlobalScope(new CloudPath(saltsMdPath)));
+        this.saltProvider = new RotatingSaltProvider(fsStores, saltsMdPath);
         this.optOutStore = new CloudSyncOptOutStore(vertx, fsLocal, this.config, operatorKey, Clock.systemUTC());
 
         if (this.validateServiceLinks) {
@@ -158,7 +153,7 @@ public Main(Vertx vertx, JsonObject config) throws Exception {
             this.serviceLinkProvider = new RotatingServiceLinkStore(fsStores, new GlobalScope(new CloudPath(serviceLinkMdPath)));
         }
 
-        this.siteProvider = clientSideTokenGenerate ? new RotatingSiteStore(fsStores, new GlobalScope(new CloudPath(sitesMdPath)), cloudEncryptionKeyProvider) : null;
+        this.siteProvider = clientSideTokenGenerate ? new RotatingSiteStore(fsStores, new GlobalScope(new CloudPath(sitesMdPath))) : null;
 
         if (useStorageMock && coreAttestUrl == null) {
             if (clientSideTokenGenerate) {
@@ -169,7 +164,6 @@ public Main(Vertx vertx, JsonObject config) throws Exception {
             this.saltProvider.loadContent();
             this.keysetProvider.loadContent();
             this.keysetKeyStore.loadContent();
-            this.cloudEncryptionKeyProvider.loadContent();
 
             if (this.validateServiceLinks) {
                 this.serviceProvider.loadContent();
@@ -311,8 +305,6 @@ private void run() throws Exception {
 
     private Future<Void> createStoreVerticles() throws Exception {
         // load metadatas for the first time
-        cloudEncryptionKeyProvider.loadContent();
-
         if (clientSideTokenGenerate) {
             siteProvider.getMetadata();
             clientSideKeypairProvider.getMetadata();
@@ -341,7 +333,6 @@ private Future<Void> createStoreVerticles() throws Exception {
         fs.add(createAndDeployRotatingStoreVerticle("auth", clientKeyProvider, "auth_refresh_ms"));
         fs.add(createAndDeployRotatingStoreVerticle("keyset", keysetProvider, "keyset_refresh_ms"));
         fs.add(createAndDeployRotatingStoreVerticle("keysetkey", keysetKeyStore, "keysetkey_refresh_ms"));
-        fs.add(createAndDeployRotatingStoreVerticle("cloud_encryption_keys", cloudEncryptionKeyProvider, "cloud_encryption_keys_refresh_ms"));
         fs.add(createAndDeployRotatingStoreVerticle("salt", saltProvider, "salt_refresh_ms"));
         fs.add(createAndDeployCloudSyncStoreVerticle("optout", fsOptOut, optOutCloudSync));
         CompositeFuture.all(fs).onComplete(ar -> {