From 25294e157edc5ac733e1a8c6f6721cc5937ffffe Mon Sep 17 00:00:00 2001 From: FelixRottler <72494737+FelixRottler@users.noreply.github.com> Date: Tue, 17 Aug 2021 17:06:25 +0200 Subject: [PATCH] Merge/latst changes from main into release (#1536) * fix: use correct length attributes for encrypted check in validation (#1535) * fix: remove spinning up unnecessary web server (#1529) --- ...backRegistrationRunnerIntegrationTest.java | 30 +++++++++---------- ...EventCheckInProtectedReportsValidator.java | 10 +++++-- ...tCheckInProtectedReportsValidatorTest.java | 6 ++-- .../submission/integration/DataHelpers.java | 2 +- 4 files changed, 25 insertions(+), 23 deletions(-) diff --git a/services/callback/src/test/java/app/coronawarn/server/services/callback/registration/CallbackRegistrationRunnerIntegrationTest.java b/services/callback/src/test/java/app/coronawarn/server/services/callback/registration/CallbackRegistrationRunnerIntegrationTest.java index db19a9fa33..82e42ba0a5 100644 --- a/services/callback/src/test/java/app/coronawarn/server/services/callback/registration/CallbackRegistrationRunnerIntegrationTest.java +++ b/services/callback/src/test/java/app/coronawarn/server/services/callback/registration/CallbackRegistrationRunnerIntegrationTest.java @@ -1,16 +1,5 @@ package app.coronawarn.server.services.callback.registration; -import static com.github.tomakehurst.wiremock.client.WireMock.aResponse; -import static com.github.tomakehurst.wiremock.client.WireMock.get; -import static com.github.tomakehurst.wiremock.client.WireMock.getRequestedFor; -import static com.github.tomakehurst.wiremock.client.WireMock.put; -import static com.github.tomakehurst.wiremock.client.WireMock.putRequestedFor; -import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo; -import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options; -import static org.mockito.Mockito.verify; -import static org.mockito.internal.verification.VerificationModeFactory.times; -import static org.springframework.http.HttpHeaders.CONTENT_TYPE; - import app.coronawarn.server.common.federation.client.callback.RegistrationResponse; import app.coronawarn.server.common.shared.util.HashUtils; import app.coronawarn.server.services.callback.config.CallbackServiceConfig; @@ -18,24 +7,33 @@ import com.github.tomakehurst.wiremock.WireMockServer; import com.github.tomakehurst.wiremock.http.HttpHeader; import com.github.tomakehurst.wiremock.http.HttpHeaders; -import java.util.List; import org.junit.jupiter.api.AfterAll; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.boot.test.mock.mockito.SpyBean; +import org.springframework.boot.test.web.client.TestRestTemplate; import org.springframework.http.HttpStatus; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ActiveProfiles; +import java.util.List; -@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +import static com.github.tomakehurst.wiremock.client.WireMock.*; +import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options; +import static org.mockito.Mockito.verify; +import static org.mockito.internal.verification.VerificationModeFactory.times; +import static org.springframework.http.HttpHeaders.CONTENT_TYPE; + +@SpringBootTest @ActiveProfiles({"callback-registration"}) @DirtiesContext class CallbackRegistrationRunnerIntegrationTest { - private static WireMockServer server; + private static WireMockServer server = new WireMockServer(options().port(1234)); + @MockBean + TestRestTemplate testRestTemplate; @SpyBean private CallbackServiceConfig callbackServiceConfig; @@ -44,7 +42,7 @@ static void setupWireMock() { RegistrationResponse registrationResponse1 = new RegistrationResponse(HashUtils.md5DigestAsHex("url1"), "url1"); List responses = List.of(registrationResponse1); - server = new WireMockServer(options().port(1234)); + server.start(); server.stubFor( get(urlEqualTo("/diagnosiskeys/callback")) diff --git a/services/submission/src/main/java/app/coronawarn/server/services/submission/checkins/EventCheckInProtectedReportsValidator.java b/services/submission/src/main/java/app/coronawarn/server/services/submission/checkins/EventCheckInProtectedReportsValidator.java index 2e2a2f12ae..a718576f70 100644 --- a/services/submission/src/main/java/app/coronawarn/server/services/submission/checkins/EventCheckInProtectedReportsValidator.java +++ b/services/submission/src/main/java/app/coronawarn/server/services/submission/checkins/EventCheckInProtectedReportsValidator.java @@ -10,6 +10,10 @@ @Component public class EventCheckInProtectedReportsValidator { + public static final int INIT_VECTOR_LENGTH = 16; + public static final int LOCATION_ID_HASH_LENGTH = 32; + public static final int ENCRYPTED_CHECK_IN_RECORD_LENGTH = 16; + /** * Given the submission payload, it verifies whether user event checkInProtectedReports data is aligned with the * application constraints. For each checkInProtectedReports: @@ -29,7 +33,7 @@ && verifyEncryptedCheckInRecordLength(checkInProtectedReport, validatorContext)) boolean verifyLocationIdHashLength(CheckInProtectedReport checkInProtectedReport, ConstraintValidatorContext validatorContext) { if (ObjectUtils.isEmpty(checkInProtectedReport.getLocationIdHash()) - || checkInProtectedReport.getLocationIdHash().size() != 32) { + || checkInProtectedReport.getLocationIdHash().size() != LOCATION_ID_HASH_LENGTH) { addViolation(validatorContext, "CheckInProtectedReports locationIdHash must have 32 bytes not " + (checkInProtectedReport.getLocationIdHash() == null ? 0 : checkInProtectedReport.getLocationIdHash().size())); @@ -41,7 +45,7 @@ boolean verifyLocationIdHashLength(CheckInProtectedReport checkInProtectedReport boolean verifyIvLength(CheckInProtectedReport checkInProtectedReport, ConstraintValidatorContext validatorContext) { if (ObjectUtils.isEmpty(checkInProtectedReport.getIv()) - || checkInProtectedReport.getIv().size() != 32) { + || checkInProtectedReport.getIv().size() != INIT_VECTOR_LENGTH) { addViolation(validatorContext, "CheckInProtectedReports iv must have 32 bytes not " + (checkInProtectedReport.getIv() == null ? 0 : checkInProtectedReport.getIv().size())); return false; @@ -52,7 +56,7 @@ boolean verifyIvLength(CheckInProtectedReport checkInProtectedReport, boolean verifyEncryptedCheckInRecordLength(CheckInProtectedReport checkInProtectedReport, ConstraintValidatorContext validatorContext) { if (ObjectUtils.isEmpty(checkInProtectedReport.getEncryptedCheckInRecord()) - || checkInProtectedReport.getEncryptedCheckInRecord().size() != 16) { + || checkInProtectedReport.getEncryptedCheckInRecord().size() != ENCRYPTED_CHECK_IN_RECORD_LENGTH) { addViolation(validatorContext, "CheckInProtectedReports encryptedCheckInRecord must have 16 bytes not " + (checkInProtectedReport.getEncryptedCheckInRecord() == null ? 0 : checkInProtectedReport.getEncryptedCheckInRecord().size())); diff --git a/services/submission/src/test/java/app/coronawarn/server/services/submission/checkins/EventCheckInProtectedReportsValidatorTest.java b/services/submission/src/test/java/app/coronawarn/server/services/submission/checkins/EventCheckInProtectedReportsValidatorTest.java index 31ccb9c338..31c4fade1b 100644 --- a/services/submission/src/test/java/app/coronawarn/server/services/submission/checkins/EventCheckInProtectedReportsValidatorTest.java +++ b/services/submission/src/test/java/app/coronawarn/server/services/submission/checkins/EventCheckInProtectedReportsValidatorTest.java @@ -48,7 +48,7 @@ void verifyNonEmptyCheckInProtectedReport() { .setEncryptedCheckInRecord(ByteString .copyFrom(generateSecureRandomByteArrayData(16))) .setIv(ByteString - .copyFrom(generateSecureRandomByteArrayData(32))) + .copyFrom(generateSecureRandomByteArrayData(16))) .setLocationIdHash(ByteString .copyFrom(generateSecureRandomByteArrayData(32))) .build())) @@ -85,7 +85,7 @@ void verifyEncryptedCheckInRecordLengthIsFalse(ByteString e) { @Test void verifyIvLengthIsTrue() { CheckInProtectedReport checkInProtectedReport = CheckInProtectedReport.newBuilder().setIv( - ByteString.copyFrom(generateSecureRandomByteArrayData(32))).build(); + ByteString.copyFrom(generateSecureRandomByteArrayData(16))).build(); boolean result = underTest.verifyIvLength(checkInProtectedReport, mockValidatorContext); assertThat(result).isTrue(); @@ -127,7 +127,7 @@ void verifyLocationIdHashLengthIsFalse(ByteString e) { private static Stream generateWrongLengthByteStrings() { return Stream.of( Arguments.of(ByteString.copyFrom(generateSecureRandomByteArrayData(100))), - Arguments.of(ByteString.copyFrom(generateSecureRandomByteArrayData(0))), + Arguments.of(ByteString.copyFrom(generateSecureRandomByteArrayData(33))), Arguments.of(ByteString.EMPTY)); } diff --git a/services/submission/src/test/java/app/coronawarn/server/services/submission/integration/DataHelpers.java b/services/submission/src/test/java/app/coronawarn/server/services/submission/integration/DataHelpers.java index f801ebda24..2483b3eaee 100644 --- a/services/submission/src/test/java/app/coronawarn/server/services/submission/integration/DataHelpers.java +++ b/services/submission/src/test/java/app/coronawarn/server/services/submission/integration/DataHelpers.java @@ -57,7 +57,7 @@ public static CheckInProtectedReport buildEncryptedCheckIn(ByteString checkInRec public static CheckInProtectedReport buildDefaultEncryptedCheckIn() { return buildEncryptedCheckIn(ByteString.copyFrom(generateSecureRandomByteArrayData(16)), - ByteString.copyFrom(generateSecureRandomByteArrayData(32)), + ByteString.copyFrom(generateSecureRandomByteArrayData(16)), ByteString.copyFrom(generateSecureRandomByteArrayData(32))); }