Moving secret values out of the main configuration file

2026-04-20 17:58:03 +01:00 · 2023-05-17 11:14:04 -07:00
parent 8d1c26d07d
commit 287e2fa89a
57 changed files with 959 additions and 551 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/ExternalServiceCredentialsGenerator.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/ExternalServiceCredentialsGenerator.java
@@ -10,6 +10,7 @@ import static org.whispersystems.textsecuregcm.util.HmacUtils.hmac256ToHexString
 import static org.whispersystems.textsecuregcm.util.HmacUtils.hmac256TruncatedToHexString;
 import static org.whispersystems.textsecuregcm.util.HmacUtils.hmacHexStringsEqual;

+import com.google.common.annotations.VisibleForTesting;
 import java.time.Clock;
 import java.time.Instant;
 import java.util.Optional;
@@ -17,6 +18,7 @@ import java.util.UUID;
 import java.util.function.Function;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.Validate;
+import org.whispersystems.textsecuregcm.configuration.secrets.SecretBytes;

 public class ExternalServiceCredentialsGenerator {

@@ -40,6 +42,12 @@ public class ExternalServiceCredentialsGenerator {

  private final int derivedUsernameTruncateLength;

+
+  public static ExternalServiceCredentialsGenerator.Builder builder(final SecretBytes key) {
+    return builder(key.value());
+  }
+
+  @VisibleForTesting
  public static ExternalServiceCredentialsGenerator.Builder builder(final byte[] key) {
    return new Builder(key);
  }
@@ -240,6 +248,10 @@ public class ExternalServiceCredentialsGenerator {
      this.key = requireNonNull(key);
    }

+    public Builder withUserDerivationKey(final SecretBytes userDerivationKey) {
+      return withUserDerivationKey(userDerivationKey.value());
+    }
+
    public Builder withUserDerivationKey(final byte[] userDerivationKey) {
      Validate.isTrue(requireNonNull(userDerivationKey).length > 0, "userDerivationKey must not be empty");
      this.userDerivationKey = userDerivationKey;