Add enabled to SVR2 configuration

2026-04-21 08:58:38 +01:00 · 2023-03-28 16:39:35 -05:00
parent 4fa08fb189
commit 0cc84131de
7 changed files with 31 additions and 12 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@@ -796,7 +796,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
            config.getRemoteConfigConfiguration().getGlobalConfig()),
        new SecureBackupController(backupCredentialsGenerator, accountsManager),
        new SecureStorageController(storageCredentialsGenerator),
-        new SecureValueRecovery2Controller(svr2CredentialsGenerator),
+        new SecureValueRecovery2Controller(svr2CredentialsGenerator, config.getSvr2Configuration()),
        new StickerController(rateLimiters, config.getCdnConfiguration().getAccessKey(),
            config.getCdnConfiguration().getAccessSecret(), config.getCdnConfiguration().getRegion(),
            config.getCdnConfiguration().getBucket()),
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/SecureValueRecovery2Configuration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/SecureValueRecovery2Configuration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2020 Signal Messenger, LLC
+ * Copyright 2023 Signal Messenger, LLC
 * SPDX-License-Identifier: AGPL-3.0-only
 */
 package org.whispersystems.textsecuregcm.configuration;
@@ -12,9 +12,10 @@ import javax.validation.constraints.NotNull;
 import org.whispersystems.textsecuregcm.util.ExactlySize;

 public record SecureValueRecovery2Configuration(
+    boolean enabled,
+    @NotBlank String uri,
    @ExactlySize({32}) byte[] userAuthenticationTokenSharedSecret,
    @ExactlySize({32}) byte[] userIdTokenSharedSecret,
-    @NotBlank String uri,
    @NotEmpty List<@NotBlank String> svrCaCertificates,
    @NotNull @Valid CircuitBreakerConfiguration circuitBreaker,
    @NotNull @Valid RetryConfiguration retry) {
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/SecureValueRecovery2Controller.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/SecureValueRecovery2Controller.java
@@ -11,6 +11,7 @@ import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import javax.ws.rs.GET;
+import javax.ws.rs.NotFoundException;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
@@ -32,9 +33,12 @@ public class SecureValueRecovery2Controller {
  }

  private final ExternalServiceCredentialsGenerator backupServiceCredentialGenerator;
+  private final boolean enabled;

-  public SecureValueRecovery2Controller(final ExternalServiceCredentialsGenerator backupServiceCredentialGenerator) {
+  public SecureValueRecovery2Controller(final ExternalServiceCredentialsGenerator backupServiceCredentialGenerator,
+      final SecureValueRecovery2Configuration cfg) {
    this.backupServiceCredentialGenerator = backupServiceCredentialGenerator;
+    this.enabled = cfg.enabled();
  }

  @Timed
@@ -51,6 +55,9 @@ public class SecureValueRecovery2Controller {
  @ApiResponse(responseCode = "200", description = "`JSON` with generated credentials.", useReturnTypeSchema = true)
  @ApiResponse(responseCode = "401", description = "Account authentication check failed.")
  public ExternalServiceCredentials getAuth(@Auth final AuthenticatedAccount auth) {
+    if (!enabled) {
+      throw new NotFoundException();
+    }
    return backupServiceCredentialGenerator.generateFor(auth.getAccount().getUuid().toString());
  }
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/securevaluerecovery/SecureValueRecovery2Client.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/securevaluerecovery/SecureValueRecovery2Client.java
@@ -32,6 +32,7 @@ public class SecureValueRecovery2Client {
  private final ExternalServiceCredentialsGenerator secureValueRecoveryCredentialsGenerator;
  private final URI deleteUri;
  private final FaultTolerantHttpClient httpClient;
+  private final boolean enabled;

  @VisibleForTesting
  static final String DELETE_PATH = "/v1/delete";
@@ -52,9 +53,15 @@ public class SecureValueRecovery2Client {
        .withSecurityProtocol(FaultTolerantHttpClient.SECURITY_PROTOCOL_TLS_1_2)
        .withTrustedServerCertificates(configuration.svrCaCertificates().toArray(new String[0]))
        .build();
+    this.enabled = configuration.enabled();
  }

  public CompletableFuture<Void> deleteBackups(final UUID accountUuid) {
+
+    if (!enabled) {
+      return CompletableFuture.completedFuture(null);
+    }
+
    final ExternalServiceCredentials credentials = secureValueRecoveryCredentialsGenerator.generateForUuid(accountUuid);

    final HttpRequest request = HttpRequest.newBuilder()
--- a/service/src/main/java/org/whispersystems/textsecuregcm/securevaluerecovery/SecureValueRecoveryException.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/securevaluerecovery/SecureValueRecoveryException.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021 Signal Messenger, LLC
+ * Copyright 2023 Signal Messenger, LLC
 * SPDX-License-Identifier: AGPL-3.0-only
 */