Add DeviceCheck API for iOS Testflight backup enablement

2026-04-20 14:48:07 +01:00 · 2024-11-13 23:37:22 -06:00
parent fb6c4eca34
commit 2c163352c3
29 changed files with 1877 additions and 7 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/AppleDeviceCheckConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/AppleDeviceCheckConfiguration.java
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2024 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+package org.whispersystems.textsecuregcm.configuration;
+
+import java.time.Duration;
+
+/**
+ * Configuration for Apple DeviceCheck
+ *
+ * @param production               Whether this is for production or sandbox attestations
+ * @param teamId                   The teamId to validate attestations against
+ * @param bundleId                 The bundleId to validation attestations against
+ */
+public record AppleDeviceCheckConfiguration(
+    boolean production,
+    String teamId,
+    String bundleId) {}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/DeviceCheckConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/DeviceCheckConfiguration.java
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2024 Signal Messenger, LLC
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+package org.whispersystems.textsecuregcm.configuration;
+
+import java.time.Duration;
+
+/**
+ * Configuration for Device Check operations
+ *
+ * @param backupRedemptionDuration How long to grant backup access for redemptions via device check
+ * @param backupRedemptionLevel    What backup level to grant redemptions via device check
+ */
+public record DeviceCheckConfiguration(Duration backupRedemptionDuration, long backupRedemptionLevel) {}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/DynamoDbTables.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/DynamoDbTables.java
@@ -48,6 +48,8 @@ public class DynamoDbTables {

  private final AccountsTableConfiguration accounts;

+  private final Table appleDeviceChecks;
+  private final Table appleDeviceCheckPublicKeys;
  private final Table backups;
  private final Table clientPublicKeys;
  private final Table clientReleases;
@@ -74,6 +76,8 @@ public class DynamoDbTables {

  public DynamoDbTables(
      @JsonProperty("accounts") final AccountsTableConfiguration accounts,
+      @JsonProperty("appleDeviceChecks") final Table appleDeviceChecks,
+      @JsonProperty("appleDeviceCheckPublicKeys") final Table appleDeviceCheckPublicKeys,
      @JsonProperty("backups") final Table backups,
      @JsonProperty("clientPublicKeys") final Table clientPublicKeys,
      @JsonProperty("clientReleases") final Table clientReleases,
@@ -99,6 +103,8 @@ public class DynamoDbTables {
      @JsonProperty("verificationSessions") final Table verificationSessions) {

    this.accounts = accounts;
+    this.appleDeviceChecks = appleDeviceChecks;
+    this.appleDeviceCheckPublicKeys = appleDeviceCheckPublicKeys;
    this.backups = backups;
    this.clientPublicKeys = clientPublicKeys;
    this.clientReleases = clientReleases;
@@ -130,6 +136,18 @@ public class DynamoDbTables {
    return accounts;
  }

+  @NotNull
+  @Valid
+  public Table getAppleDeviceChecks() {
+    return appleDeviceChecks;
+  }
+
+  @NotNull
+  @Valid
+  public Table getAppleDeviceCheckPublicKeys() {
+    return appleDeviceCheckPublicKeys;
+  }
+
  @NotNull
  @Valid
  public Table getBackups() {