Merging up to main

.trivyignore

@@ -5,6 +5,3 @@
 
 # https://thetradedesk.atlassian.net/browse/UID2-4460
 CVE-2024-47535
-
-# https://thetradedesk.atlassian.net/browse/UID2-4461
-CVE-2024-7254

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-core</artifactId>
-    <version>2.21.1-alpha-61-SNAPSHOT</version>
+    <version>2.21.7</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -16,7 +16,7 @@
         <maven-surefire-plugin.version>2.22.2</maven-surefire-plugin.version>
         <exec-maven-plugin.version>3.0.0</exec-maven-plugin.version>
 
-        <vertx.version>4.5.3</vertx.version>
+        <vertx.version>4.5.11</vertx.version>
         <vertx-maven-plugin.version>1.0.22</vertx-maven-plugin.version>
         <micrometer.version>1.12.2</micrometer.version>
         <junit-jupiter.version>5.10.3</junit-jupiter.version>

src/main/java/com/uid2/core/Main.java

@@ -7,6 +7,7 @@
 import com.uid2.core.service.AttestationService;
 import com.uid2.core.service.OperatorJWTTokenProvider;
 import com.uid2.core.vertx.CoreVerticle;
+import com.uid2.core.vertx.Endpoints;
 import com.uid2.shared.Const;
 import com.uid2.shared.Utils;
 import com.uid2.shared.attest.AttestationTokenService;
@@ -171,7 +172,7 @@ public static void main(String[] args) {
     }
 
     private static void setupMetrics(MicrometerMetricsOptions metricOptions) {
-        BackendRegistries.setupBackend(metricOptions);
+        BackendRegistries.setupBackend(metricOptions, null);
 
         // As of now default backend registry should have been created
         if (BackendRegistries.getDefaultNow() instanceof PrometheusMeterRegistry) {
@@ -183,7 +184,8 @@ private static void setupMetrics(MicrometerMetricsOptions metricOptions) {
                     .meterFilter(new PrometheusRenameFilter())
                     .meterFilter(MeterFilter.replaceTagValues(Label.HTTP_PATH.toString(), actualPath -> {
                         try {
-                            return HttpUtils.normalizePath(actualPath).split("\\?")[0];
+                            String normalized = HttpUtils.normalizePath(actualPath).split("\\?")[0];
+                            return Endpoints.pathSet().contains(normalized) ? normalized : "/unknown";
                         } catch (IllegalArgumentException e) {
                             return actualPath;
                         }

src/main/java/com/uid2/core/vertx/CoreVerticle.java

@@ -175,26 +175,26 @@ private Router createRoutesSetup() {
                 .allowedHeader("Content-Type"));
         router.route().failureHandler(new GenericFailureHandler());
 
-        router.post("/attest")
+        router.post(Endpoints.ATTEST.toString())
                 .handler(new AttestationFailureHandler())
                 .handler(auth.handle(this::handleAttestAsync, Role.OPERATOR, Role.OPTOUT_SERVICE));
-        router.get("/cloud_encryption_keys/retrieve").handler(auth.handle(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), Role.OPERATOR));
-        router.get("/sites/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleSiteRefresh), Role.OPERATOR));
-        router.get("/key/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyRefresh), Role.OPERATOR));
-        router.get("/key/acl/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyAclRefresh), Role.OPERATOR));
-        router.get("/key/keyset/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeysetRefresh), Role.OPERATOR));
-        router.get("/key/keyset-keys/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeysetKeyRefresh), Role.OPERATOR));
-        router.get("/salt/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleSaltRefresh), Role.OPERATOR));
-        router.get("/clients/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleClientRefresh), Role.OPERATOR));
-        router.get("/client_side_keypairs/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleClientSideKeypairRefresh), Role.OPERATOR));
-        router.get("/services/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleServiceRefresh), Role.OPERATOR));
-        router.get("/service_links/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleServiceLinkRefresh), Role.OPERATOR));
-        router.get("/operators/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleOperatorRefresh), Role.OPTOUT_SERVICE));
-        router.get("/partners/refresh").handler(auth.handle(attestationMiddleware.handle(this::handlePartnerRefresh), Role.OPTOUT_SERVICE));
-        router.get("/ops/healthcheck").handler(this::handleHealthCheck);
+        router.get(Endpoints.CLOUD_ENCRYPTION_KEYS_RETRIEVE.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), Role.OPERATOR));
+        router.get(Endpoints.SITES_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleSiteRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeyRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_ACL_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeyAclRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_KEYSET_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeysetRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_KEYSET_KEYS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeysetKeyRefresh), Role.OPERATOR));
+        router.get(Endpoints.SALT_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleSaltRefresh), Role.OPERATOR));
+        router.get(Endpoints.CLIENTS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleClientRefresh), Role.OPERATOR));
+        router.get(Endpoints.CLIENT_SIDE_KEYPAIRS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleClientSideKeypairRefresh), Role.OPERATOR));
+        router.get(Endpoints.SERVICES_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleServiceRefresh), Role.OPERATOR));
+        router.get(Endpoints.SERVICE_LINKS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleServiceLinkRefresh), Role.OPERATOR));
+        router.get(Endpoints.OPERATORS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleOperatorRefresh), Role.OPTOUT_SERVICE));
+        router.get(Endpoints.PARTNERS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handlePartnerRefresh), Role.OPTOUT_SERVICE));
+        router.get(Endpoints.OPS_HEALTHCHECK.toString()).handler(this::handleHealthCheck);
 
         if (Optional.ofNullable(ConfigStore.Global.getBoolean("enable_test_endpoints")).orElse(false)) {
-            router.route("/attest/get_token").handler(auth.handle(this::handleTestGetAttestationToken, Role.OPERATOR));
+            router.route(Endpoints.ATTEST_GET_TOKEN.toString()).handler(auth.handle(this::handleTestGetAttestationToken, Role.OPERATOR));
         }
 
         return router;

src/main/java/com/uid2/core/vertx/Endpoints.java

@@ -0,0 +1,39 @@
+package com.uid2.core.vertx;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+public enum Endpoints {
+    OPS_HEALTHCHECK("/ops/healthcheck"),
+    ATTEST("/attest"),
+    ATTEST_GET_TOKEN("/attest/get_token"),
+    CLOUD_ENCRYPTION_KEYS_RETRIEVE("/cloud_encryption_keys/retrieve"),
+    SITES_REFRESH("/sites/refresh"),
+    KEY_REFRESH("/key/refresh"),
+    KEY_ACL_REFRESH("/key/acl/refresh"),
+    KEY_KEYSET_REFRESH("/key/keyset/refresh"),
+    KEY_KEYSET_KEYS_REFRESH("/key/keyset-keys/refresh"),
+    SALT_REFRESH("/salt/refresh"),
+    CLIENTS_REFRESH("/clients/refresh"),
+    CLIENT_SIDE_KEYPAIRS_REFRESH("/client_side_keypairs/refresh"),
+    SERVICES_REFRESH("/services/refresh"),
+    SERVICE_LINKS_REFRESH("/service_links/refresh"),
+    OPERATORS_REFRESH("/operators/refresh"),
+    PARTNERS_REFRESH("/partners/refresh");
+
+    private final String path;
+
+    Endpoints(final String path) {
+        this.path = path;
+    }
+
+    public static Set<String> pathSet() {
+        return Stream.of(Endpoints.values()).map(Endpoints::toString).collect(Collectors.toSet());
+    }
+
+    @Override
+    public String toString() {
+        return path;
+    }
+}