Merge pull request #63 from IABTechLab/ccm-UID2-2878-dsp-refactor-and-check-token-lifetimes

Add BidstreamClient and SharingClient, deprecate UID2Client

Author: caroline-ttd

pom.xml

@@ -62,6 +62,12 @@
             <artifactId>okhttp</artifactId>
             <version>4.10.0</version>
         </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-params</artifactId>
+            <version>5.8.0</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>

src/main/java/com/uid2/client/BidstreamClient.java

@@ -0,0 +1,27 @@
+package com.uid2.client;
+
+import java.time.Instant;
+
+public class BidstreamClient {
+    private final TokenHelper tokenHelper;
+
+    public BidstreamClient(String baseUrl, String clientApiKey, String base64SecretKey) {
+        tokenHelper = new TokenHelper(baseUrl, clientApiKey, base64SecretKey);
+    }
+
+    public DecryptionResponse decryptTokenIntoRawUid(String token, String domainNameFromBidRequest) {
+        return tokenHelper.decrypt(token, Instant.now(), domainNameFromBidRequest, ClientType.BIDSTREAM);
+    }
+
+    DecryptionResponse decryptTokenIntoRawUid(String token, String domainNameFromBidRequest, Instant now) {
+        return tokenHelper.decrypt(token, now, domainNameFromBidRequest, ClientType.BIDSTREAM);
+    }
+
+    public RefreshResponse refresh() {
+        return tokenHelper.refresh("/v2/key/bidstream");
+    }
+
+    RefreshResponse refreshJson(String json) {
+        return tokenHelper.refreshJson(json);
+    }
+}

src/main/java/com/uid2/client/ClientType.java

@@ -0,0 +1,7 @@
+package com.uid2.client;
+
+enum ClientType {
+    SHARING,
+    BIDSTREAM,
+    LEGACY
+}

src/main/java/com/uid2/client/DecryptionResponse.java

@@ -8,13 +8,22 @@ public class DecryptionResponse {
     private final Instant established;
     private final Integer siteId;
     private final Integer siteKeySiteId;
+    private final IdentityType identityType;
+    private final Integer advertisingTokenVersion;
+    private final boolean isClientSideGenerated;
+    private final Instant expiry;
 
-    DecryptionResponse(DecryptionStatus status, String uid, Instant established, Integer siteId, Integer siteKeySiteId) {
+
+    DecryptionResponse(DecryptionStatus status, String uid, Instant established, Integer siteId, Integer siteKeySiteId, IdentityType identityType, Integer advertisingTokenVersion, boolean isClientSideGenerated, Instant expiry) {
         this.status = status;
         this.uid = uid;
         this.established = established;
         this.siteId = siteId;
         this.siteKeySiteId = siteKeySiteId;
+        this.identityType = identityType;
+        this.advertisingTokenVersion = advertisingTokenVersion;
+        this.isClientSideGenerated = isClientSideGenerated;
+        this.expiry = expiry;
     }
 
     /**
@@ -46,11 +55,27 @@ public Instant getEstablished() {
 
     public Integer getSiteKeySiteId() { return siteKeySiteId; }
 
+    public Integer getAdvertisingTokenVersion() {
+        return advertisingTokenVersion;
+    }
+
+    public IdentityType getIdentityType() {
+        return identityType;
+    }
+
+    public boolean getIsClientSideGenerated() {
+        return isClientSideGenerated;
+    }
+
+    public Instant getExpiry() {
+        return expiry;
+    }
+
     static DecryptionResponse makeError(DecryptionStatus status) {
-        return new DecryptionResponse(status, null, Instant.MIN, null, null);
+        return new DecryptionResponse(status, null, Instant.MIN, null, null, null, null, false, Instant.MIN);
     }
 
-    static DecryptionResponse makeError(DecryptionStatus status, Instant established, Integer siteId, Integer siteKeySiteId) {
-        return new DecryptionResponse(status, null, established, siteId, siteKeySiteId);
+    static DecryptionResponse makeError(DecryptionStatus status, Instant established, Integer siteId, Integer siteKeySiteId, IdentityType identityType, Integer advertisingTokenVersion, boolean isClientSideGenerated, Instant expiry) {
+        return new DecryptionResponse(status, null, established, siteId, siteKeySiteId, identityType, advertisingTokenVersion, isClientSideGenerated, expiry);
     }
 }

src/main/java/com/uid2/client/DecryptionStatus.java

@@ -44,4 +44,8 @@ public enum DecryptionStatus {
       * to decrypt a UID2 token. Ensure the factory class matches the token type you are decrypting.
       */
     INVALID_IDENTITY_SCOPE,
+     /**
+      * INVALID_TOKEN_LIFETIME: The token has invalid timestamps.
+      */
+    INVALID_TOKEN_LIFETIME
 }

src/main/java/com/uid2/client/IUID2Client.java

@@ -2,6 +2,10 @@
 
 import java.time.Instant;
 
+/**
+ * @deprecated Please use BidstreamClient or SharingClient instead.
+ */
+@Deprecated
 public interface IUID2Client {
 
     /**

src/main/java/com/uid2/client/KeyContainer.java

@@ -13,6 +13,10 @@ class KeyContainer {
     private int masterKeysetId;
     private int defaultKeysetId;
     private long tokenExpirySeconds;
+    private IdentityScope identityScope;
+    private long maxBidstreamLifetimeSeconds;
+    private long maxSharingLifetimeSeconds;
+    private long allowClockSkewSeconds;
 
 
     KeyContainer(List<Key> keyList)
@@ -34,11 +38,15 @@ class KeyContainer {
         }
     }
 
-    KeyContainer(int callerSiteId, int masterKeysetId, int defaultKeysetId, long tokenExpirySeconds, List<Key> keyList) {
+    KeyContainer(int callerSiteId, int masterKeysetId, int defaultKeysetId, long tokenExpirySeconds, List<Key> keyList, IdentityScope identityScope, long maxBidstreamLifetimeSeconds, long maxSharingLifetimeSeconds, long allowClockSkewSeconds) {
         this.callerSiteId = callerSiteId;
         this.masterKeysetId = masterKeysetId;
         this.defaultKeysetId = defaultKeysetId;
         this.tokenExpirySeconds = tokenExpirySeconds;
+        this.identityScope = identityScope;
+        this.maxBidstreamLifetimeSeconds = maxBidstreamLifetimeSeconds;
+        this.maxSharingLifetimeSeconds = maxSharingLifetimeSeconds;
+        this.allowClockSkewSeconds = allowClockSkewSeconds;
 
         for (Key key : keyList) {
             this.keys.put(key.getId(), key);
@@ -82,12 +90,12 @@ private Key getKeysetActiveKey(int keysetId, Instant now)
 
     private Key getLatestKey(List<Key> keys, Instant now)
     {
-        if(keys == null || keys.isEmpty())
+        if (keys == null || keys.isEmpty())
             return null;
         int it = ListHelpers.upperBound(keys, now, (ts, k) -> ts.isBefore(k.getActivates()));
         while(it > 0) {
             Key key = keys.get(it-1);
-            if(key.isActive(now)) {
+            if (key.isActive(now)) {
                 return key;
             }
             --it;
@@ -107,4 +115,20 @@ public int getCallerSiteId() {
     public long getTokenExpirySeconds() {
         return tokenExpirySeconds;
     }
+
+    long getMaxBidstreamLifetimeSeconds() {
+        return maxBidstreamLifetimeSeconds;
+    }
+
+    long getMaxSharingLifetimeSeconds() {
+        return maxSharingLifetimeSeconds;
+    }
+
+    long getAllowClockSkewSeconds() {
+        return allowClockSkewSeconds;
+    }
+
+    IdentityScope getIdentityScope() {
+        return identityScope;
+    }
 }

src/main/java/com/uid2/client/KeyParser.java

@@ -13,7 +13,7 @@ class KeyParser {
     static KeyContainer parse(InputStream stream) {
         JsonObject json = JsonParser.parseReader(new InputStreamReader(stream)).getAsJsonObject();
         JsonElement bodyElement = json.get("body");
-        if (bodyElement.isJsonArray()) { // key/latest response, which will become legacy
+        if (bodyElement.isJsonArray()) { // key/latest response, which is now become legacy. We can remove this block once all tests use key/sharing JSON instead
             List<Key> keys = new ArrayList<>();
             JsonArray body = json.getAsJsonArray("body");
             for (JsonElement item : body) {
@@ -34,7 +34,12 @@ static KeyContainer parse(InputStream stream) {
             int callerSiteId = getAsInt(body,"caller_site_id");
             int masterKeysetId = getAsInt(body,"master_keyset_id");
             int defaultKeysetId = getAsInt(body,"default_keyset_id");
-            long tokenExpirySeconds = getAsLong(body,"token_expiry_seconds");
+            long maxBidstreamLifetimeSeconds = getAsLongOrDefault(body, "max_bidstream_lifetime_seconds", Long.MAX_VALUE);
+            long maxSharingLifetimeSeconds = getAsLongOrDefault(body, "max_sharing_lifetime_seconds", Long.MAX_VALUE);
+            long allowClockSkewSeconds = getAsLongOrDefault(body, "allow_clock_skew_seconds", 1800);
+            IdentityScope identityScope = getAsIdentityScopeOrDefault(body, "identity_scope", IdentityScope.UID2);
+
+            long tokenExpirySeconds = getAsLongOrDefault(body,"token_expiry_seconds", 0);
             if (tokenExpirySeconds == 0) {
                 final short defaultTokenExpiryDays = 30;
                 tokenExpirySeconds = defaultTokenExpiryDays * 24 * 60 * 60;
@@ -56,7 +61,7 @@ static KeyContainer parse(InputStream stream) {
                 keys.add(key);
             }
 
-            return new KeyContainer(callerSiteId, masterKeysetId, defaultKeysetId, tokenExpirySeconds, keys);
+            return new KeyContainer(callerSiteId, masterKeysetId, defaultKeysetId, tokenExpirySeconds, keys, identityScope, maxBidstreamLifetimeSeconds, maxSharingLifetimeSeconds, allowClockSkewSeconds);
         }
     }
 
@@ -65,9 +70,14 @@ static private int getAsInt(JsonObject body, String memberName) {
         return isNull(element) ? 0 : element.getAsInt();
     }
 
-    static private long getAsLong(JsonObject body, String memberName) {
+    static private long getAsLongOrDefault(JsonObject body, String memberName, long defaultVal) {
+        JsonElement element = body.get(memberName);
+        return isNull(element) ? defaultVal : element.getAsLong();
+    }
+
+    static private IdentityScope getAsIdentityScopeOrDefault(JsonObject body, String memberName, IdentityScope defaultVal) {
         JsonElement element = body.get(memberName);
-        return isNull(element) ? 0 : element.getAsLong();
+        return isNull(element) ?  defaultVal : body.get("identity_scope").getAsString().equals("EUID") ? IdentityScope.EUID : IdentityScope.UID2;
     }
 
     static private boolean isNull(JsonElement jo) {

src/main/java/com/uid2/client/PrivacyBits.java

@@ -0,0 +1,27 @@
+package com.uid2.client;
+
+import java.util.BitSet;
+
+ class PrivacyBits {
+    // Bit 0 is legacy and is no longer in use
+    private final int bitClientSideGenerated = 1;
+
+    private final BitSet bits;
+
+    PrivacyBits(int bitsAsInt)
+    {
+        bits = new BitSet();
+        int index = 0;
+        while (bitsAsInt != 0) {
+            if ((bitsAsInt & 1) == 1) {
+                bits.set(index); // Set the corresponding bit to 1
+            }
+            bitsAsInt >>= 1; // Right shift to get next bit
+            index++;
+        }
+    }
+
+    boolean isClientSideGenerated() {
+        return bits.get(bitClientSideGenerated);
+    }
+}

src/main/java/com/uid2/client/RefreshResponse.java

@@ -0,0 +1,32 @@
+package com.uid2.client;
+
+public class RefreshResponse {
+    private RefreshResponse(boolean success, String reason)
+    {
+        this.success = success;
+        this.reason = reason;
+    }
+
+    static RefreshResponse makeSuccess()
+    {
+        return new RefreshResponse(true, "");
+    }
+
+    static RefreshResponse makeError(String reason)
+    {
+        return new RefreshResponse(false, reason);
+    }
+
+    public boolean isSuccess()
+    {
+        return success;
+    }
+
+    public String getReason()
+    {
+        return reason;
+    }
+
+    private final boolean success;
+    private final String reason;
+}