added retention period #36
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dcremonini
pushed a commit
to noiapp/noi-app-backend
that referenced
this pull request
Apr 29, 2020
add custom error pages
ubamrein
added a commit
that referenced
this pull request
Jun 5, 2020
* Initial alpha version of DP3T backend * add some info to the makefile * Remove TODO * try swagger * on push to develop * add github token whatever * d3pt -> dp3t * don't use plugin for docu * do we need pluginrepository? * fix syntax * fix configure * fix typo * Add infos regarding Github-Packages fixes [Issue-1](#1) * PP-85: Make Cache Control configurable via application.properties. Default fallback set to 5 minutes. * Update README.md Adjust readme to clarify that the picture does not represent the actual implementation * PP-91: Load max exposed id first for ETag check. * PP-91: Adapt naming. * fix etag generation, use first element because sorted in descending id order, therefore last element never changes, new entries have a higher id * PP-91: improve etag handling * PP-90: Cleanup Dependencies. Add optional actuator. Add cloud config. * Add Publish to GitHub Packages * Fix path to pom * Remove Doc Generation. Add Repo for publish. * Fix path to module. * Publish all. * Remove unused * Update Hello Message * Feature/static analysis recommendations (#12) * some documentation * change documentation * use RequestMapping variants #9 * Use <> operator #10 * Don't use generic wildcard types #11 * Feature/only build on develop (#13) * some documentation * change documentation * use RequestMapping variants #9 * Use <> operator #10 * Don't use generic wildcard types #11 * action should only publish on develop * fix syntax * we currentyl work on develop * Fixes/fix typo refs (#14) * some documentation * change documentation * use RequestMapping variants #9 * Use <> operator #10 * Don't use generic wildcard types #11 * fix typo in if struct * fix typo in docs (#16) * fixed typo in docs * fix typo in template & yaml * Fixes/check GitHub ref (#15) * some documentation * change documentation * use RequestMapping variants #9 * Use <> operator #10 * Don't use generic wildcard types #11 * fix typo in if struct * add echo * check coontains function * Update maven.yml go back to oold * added test setup for data services (#7) * added setup for integration tests for controller refs(#7) * create coverage reports * Onset sanitization (#20) * fixed typo in docs * fix typo in template & yaml * sanitization of onset date * Start with releases. * Add assets to relase. * Update maven.yml * Update release * Use different action for release * Correct path to jar. * Feature/jwt validation (#24) * add spring-security * PP-118: Setup for JWT, Interfaces. * add jwt validators configs * remove generics and add tests * changed test setup to use profiles * fix some bugs * fix config * add tests for jwt token validation * update gitignore * added load mechanism of public key * added Dataservices for uuid * add more tests * add hashtest * add hashtest endpoint * novalidaterequest impl for when no bean is found add tests * add apthargument to template * default validator * add tests for self made jwt add java code to generate private and public key clean tests Co-authored-by: Martin Alig <[email protected]> Co-authored-by: bachmann <[email protected]> * Add after migrate script for clustered postgres. (#25) * Feature/protobuf (#28) * WIP protobuf * protobuf controller * Register Converter. * Wip for buckets. * Fix Build. * use correct claim * added data services for batches * not used anymore * Adapt Unit test to set uuid as claim. Co-authored-by: bachmann <[email protected]> Co-authored-by: martinalig <[email protected]> * Feature/protobuf (#29) * WIP protobuf * protobuf controller * Register Converter. * Wip for buckets. * Fix Build. * use correct claim * added data services for batches * not used anymore * Adapt Unit test to set uuid as claim. Co-authored-by: bachmann <[email protected]> Co-authored-by: Patrick Amrein <[email protected]> * create release with snapshot tag * Feature/filter (#31) * add filter * add jwt generation * add awk to check signature (mac) * Some Cleanup and Refactoring. * Make Startup work again. * remove local properties from repo * add protected headers * fix responenentity * set header to X-HELLO * use fallback keypair in baseconfig * update models * fill values * remove x- from headers * adjust validity to batch-release-time * Bugfix. Cleanup. * only use standard http headers value for digest corrected * Cleanup. Use JTI * Adapt test to use jti. Co-authored-by: martinalig <[email protected]> Co-authored-by: Tobias Bachmann <[email protected]> * add maven and intellij file to git ignore (#33) Co-authored-by: Ciro Cardone <[email protected]> * Check Version in AfterMigrate. * Check Version Fix. * fix model naming * Rename * Update maven.yml * Update maven.yml * Update maven.yml * Resolve Circular Deps. * Force protobufs * added retention period (#36) * Bugfix/onset date (#37) * change etag generatino to consider content-type * use jwt onset or exposeerequest date * fix jsn * Review. Cleanup. Co-authored-by: martinalig <[email protected]> * add documentation-pom (#40) * add documentation-pom * use new minoor * add updated yaml * use only plugin dependencies * use version 1.2.2 * add build of documentation and adding as release artifacts * need pluginrepositories * Run build and doku in single action * Use install Co-authored-by: Martin Alig <[email protected]> * fix getMaxExposedIdForDay and add test with Postgres database (#35) * fix getMaxExposedIdForDay and add test with Postgres database * fix after develop merge Co-authored-by: Ciro Cardone <[email protected]> Co-authored-by: Tobias Bachmann <[email protected]> * added Test for SignatureResponseWrapper * Switch to Timestamps in DB (#48) * added Test for clean up * added test for etag * This patch generates ETags with the SHA-256 secure hashing algorithm and a Base64-encoding in order to get rid of MD5, which is considered insecure since it provides little resistance to collision-attacks. Whether collision-attacks are a potential vulnerability in this scenario is beyond my knowledge, but it sure is good practice to not use collision-vulnerable algorithms in any case. A benchmark has shown that my laptop is able to generate ca. 1.400.000 ETags per second, which should be sufficient throughput. (#47) resources: - https://www.md5online.org/blog/why-md5-is-not-safe/ - https://www.schneier.com/blog/archives/2018/12/md5_and_sha-1_s.html - https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues Co-authored-by: ubamrein <[email protected]> * added Test for batch release time * added assertion * Switch to Java 11 (#46) * Switch to Java 11 Java 8 is end of life this year. Java 11 is the LTS version that should be used for new projects in 2020. Fixes #41. * added java 11 to docker file * added jacoco again Co-authored-by: bachmann <[email protected]> * Enhancement/switch to java 8 time (#51) * change froom joda to java.time * Cleanup controller imports joda -> java.time (#45) Co-authored-by: bachmann <[email protected]> * Feature/load from public private string (#53) * add ectest keypair and add cloudcontroller test * throw if we cannot load the keys * fix tests * the Hex-class from apache's commons-codecs library has byte-to-hex-string functionality, no need to self-implement (#55) Co-authored-by: Tobias Bachmann <[email protected]> * Bugfix/validate jwt correctly (#56) * add ectest keypair and add cloudcontroller test * throw if we cannot load the keys * fix tests * Add validation of keyDate Add tests to validate validation fixes #52 * check if keyDate is larger than now * extend tests * return notfound if bucket is correct but not within time window (#57) * Feature/new cloud config (#58) * Make clear that config is for testing * adjust cloudtests to use correct coonfig * add new profiles * add coonfig test * add overview request and model (#60) * Bugfix/load keys from pem and cert (#61) * add overview request and model * read keys from pem * remove unused code * base64 decode before we parse * add fake requests (#62) * add fake requests add random sleep add tests * change to int fix equals bug adjust tests fix test cansesametokeniffake * uses securerandom * also check json or both results * every rrequest should take 1.5s * remove reference to securerandom Co-authored-by: Tobias Bachmann <[email protected]> * check if fake token exists we have the fallback too check the json so this should be ok * fix second claim * make fake nullable (#66) * make fake nullable * added default value * Perform authentication before input validation (#65) Co-authored-by: ubamrein <[email protected]> * minimum sleep is 0 (#67) * minimum sleep is 0 * min -> max * Make Unit tests date independent. Co-authored-by: martinalig <[email protected]> * Feature/test jwt keydate (#69) * add test for jwt * add more tests * clean up controller add soome more tests * remove expliciit dates * add both generators (#71) * update copyright header (#75) * read public key from certificate or directly, pem encoded generated key pair (#74) * add test config (#80) * Reject JWT that expire too far in the future, or never expire at all (#78) Co-authored-by: ubamrein <[email protected]> Co-authored-by: Martin Alig <[email protected]> * Add configuration parameter to toggle signature debug headers (#83) * try to load keys from config, fallback to automatic generated (#84) * Feature/gapple (#82) * add the possibility to upload a list of keys with keydate * update model * add tests * don't upsert if fake request * remove forgotten if * cleanup imports. * model validation and tests Co-authored-by: Martin Alig <[email protected]> * Bugfix/validate key size (#88) * Validate exposed key size * Adapt unit tests key size * Use @SiZe annotation instead of constant + if statement * add prometheus actuator package (#89) * Feature/gaen impl (#91) * add controller and first model * add protobuf definition and class * add json models * add all dummy requests * update swagger module add bucket request * go back to relative urls * we need a long (uint32) * add region to config * DB Migration for GAEN. New Dataservices. WIP * Bugfix/validate key size (#88) * Validate exposed key size * Adapt unit tests key size * Use @SiZe annotation instead of constant + if statement * add exposed request * abstract validation rules to class add properties to config * add validation utils for codesharing * fix duration * add requests * fix tests * add jwtvalidator for gaen add gaen unit (10 minutes) * remove space * adjust migration to use int * finalize jdbc impl for gaen * fix hsql * fix tests * add gaencontroller test * fix novalidaterequest * add exposednextday * add validation of keys * Fix sql. * add multiple jwtconfig * add second new keypair * add new apple format * new gaen api with protobuf signing and zip * close outputstream * change to buckets based oon keydate * remove not needed beans * add gaenregion as a property * add some more reasonable data to the jwt * add header to zip * fix cast exception when not using JWT token as authentication * check single keys for fake request * adjust vallidation on exposed upload * add new model adjust secondday request * add ios endpoint * add test and fix second day jwt * use gaenRegioon * add else * adjust name * some mnor fixes Co-authored-by: martinalig <[email protected]> Co-authored-by: ChristianConus-Nagra <[email protected]> Co-authored-by: Simon Rösch <[email protected]> * Feature/keyvault (#93) * add controller and first model * add protobuf definition and class * add json models * add all dummy requests * update swagger module add bucket request * go back to relative urls * we need a long (uint32) * add region to config * DB Migration for GAEN. New Dataservices. WIP * Bugfix/validate key size (#88) * Validate exposed key size * Adapt unit tests key size * Use @SiZe annotation instead of constant + if statement * add exposed request * abstract validation rules to class add properties to config * add validation utils for codesharing * fix duration * add requests * fix tests * add jwtvalidator for gaen add gaen unit (10 minutes) * remove space * adjust migration to use int * finalize jdbc impl for gaen * fix hsql * fix tests * add gaencontroller test * fix novalidaterequest * add exposednextday * add validation of keys * Fix sql. * add multiple jwtconfig * add second new keypair * add new apple format * new gaen api with protobuf signing and zip * close outputstream * change to buckets based oon keydate * remove not needed beans * add gaenregion as a property * add some more reasonable data to the jwt * add header to zip * fix cast exception when not using JWT token as authentication * check single keys for fake request * adjust vallidation on exposed upload * add new model adjust secondday request * add ios endpoint * add test and fix second day jwt * use gaenRegioon * add else * adjust name * some mnor fixes * KeyVault initial commit JWTDecoder with EC * logg if invocationo fails * refactor * add more tests * fix tests * Cleanup. Co-authored-by: martinalig <[email protected]> Co-authored-by: ChristianConus-Nagra <[email protected]> Co-authored-by: Simon Rösch <[email protected]> * Feature/new bucket system (#94) * use zip in zip * fix tests * add fake dataservice fix tests groupby zip * refactoring * Improve naming Co-authored-by: martinalig <[email protected]> * Make it stateless. (#95) * Trivial: add maven-enforcer-plugin to require the right Java version (#85) Co-authored-by: ubamrein <[email protected]> * Documentation/update readme (#96) * update swagger and makefile * remove swagger yaml * update poms * add protobuf to ignored * update gitignore * default is only dev * update documentation #59 * change to passiv * fix english * update docummentation * adjust note * java provider has EC * change ecdsa to ec * update readme to include docs for keyvault * update swagger * add new db models * remove toolchains plugin * Use fixed keypair * use correct identifier * use oid to hashmapsignature * Debug features (#99) * allow protoosigner to speciify zip key add debugcontroller * DB Model for Debug Store. Dataservice. * add config for debug * fix foor novalidation * Fix table. * make daily batches without validation * Fix constraint in sql. * close zip before getting bytes * write bytes explictyly Co-authored-by: Patrick Amrein <[email protected]> Co-authored-by: martinalig <[email protected]> * New Endpoints. * Fix unittest. * Ignore old test for the moment. * Return 204 instead of empty zip. Lowercase the GET Parameter. * Cleanup * skip tests * Skip tests. * Feature/new gaen endpoints (#102) * Enable Tests again. * Controller Test for new Zip Logic. * Cleanup. * Remove whitespaces * fix tests * make test independent of local timezone * temporarily disable test * Bundleid for each env. * Add Apple AppId and Android package names to cloud config * fix signature generation to match the specification, sign complete export.bin file * Use key version 1 instead of v1 * Remove Etag generator and handler Without comparing a hash of the output it is not possible to know whether the response changed or not (as the signature or other things might change even though there were no new keys). * Use MCC code (228 for Switzerland) as key identifier * Revert "Use key version 1 instead of v1" This reverts commit 1fda7cb. * change keyVersion to 1 so it maybe works for android * change file export file format for google, use keyVersion v1 and remove packagename * Only validate key date for non-fake keys * Skip tests as long as Github Actions are instable (#112) * Bugfix/fix tests (#114) * fix tests * fix tests (ensure keys are noot fake since then any validatino is ignored) * don't skip tests * change order to skip tests * add etag based on payload digest (#115) * Add sonarcloud analysis (#27) (#116) * Add sonarcloud analysis (#27) Co-authored-by: ubamrein <[email protected]> * remove echo ref * add dp3t projectkey * add project key for different modules * only run analysis on one repo * run tests * fetch all branches * target branch is develop * only pullrequestbase * add env vars to yaml invocation Co-authored-by: Miki <[email protected]> * add test reports (#119) * add test reports * plugin is invoced in sub dir * add keyvault tests (#118) Co-authored-by: Fabian Aggeler <[email protected]> Co-authored-by: alig <[email protected]> Co-authored-by: Simon Rösch <[email protected]> Co-authored-by: Fabian Aggeler <[email protected]> Co-authored-by: Martin Alig <[email protected]> Co-authored-by: StandB <[email protected]> Co-authored-by: bachmann <[email protected]> Co-authored-by: Ciro Cardone <[email protected]> Co-authored-by: Ciro Cardone <[email protected]> Co-authored-by: bernd hopp <[email protected]> Co-authored-by: Jeff R. Allen <[email protected]> Co-authored-by: AndreasHuber-CH <[email protected]> Co-authored-by: Simon Rösch <[email protected]> Co-authored-by: Emanuele Sabellico <[email protected]> Co-authored-by: ChristianConus-Nagra <[email protected]> Co-authored-by: Bertrand Delacretaz <[email protected]> Co-authored-by: Miki <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.