Retire legacy Secure Value Recovery plumbing

2026-04-21 19:58:03 +01:00 · 2023-10-10 19:06:25 -04:00
parent c6b4e2b71d
commit ae976ef8d6
17 changed files with 5 additions and 480 deletions
--- a/service/src/test/java/org/whispersystems/textsecuregcm/auth/RegistrationLockVerificationManagerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/auth/RegistrationLockVerificationManagerTest.java
@@ -47,8 +47,6 @@ class RegistrationLockVerificationManagerTest {

  private final AccountsManager accountsManager = mock(AccountsManager.class);
  private final ClientPresenceManager clientPresenceManager = mock(ClientPresenceManager.class);
-  private final ExternalServiceCredentialsGenerator svr1CredentialsGenerator = mock(
-      ExternalServiceCredentialsGenerator.class);
  private final ExternalServiceCredentialsGenerator svr2CredentialsGenerator = mock(
      ExternalServiceCredentialsGenerator.class);
  private final RegistrationRecoveryPasswordsManager registrationRecoveryPasswordsManager = mock(
@@ -56,7 +54,7 @@ class RegistrationLockVerificationManagerTest {
  private static PushNotificationManager pushNotificationManager = mock(PushNotificationManager.class);
  private final RateLimiters rateLimiters = mock(RateLimiters.class);
  private final RegistrationLockVerificationManager registrationLockVerificationManager = new RegistrationLockVerificationManager(
-      accountsManager, clientPresenceManager, svr1CredentialsGenerator, svr2CredentialsGenerator, registrationRecoveryPasswordsManager, pushNotificationManager, rateLimiters);
+      accountsManager, clientPresenceManager, svr2CredentialsGenerator, registrationRecoveryPasswordsManager, pushNotificationManager, rateLimiters);

  private final RateLimiter pinLimiter = mock(RateLimiter.class);

@@ -67,8 +65,6 @@ class RegistrationLockVerificationManagerTest {
  void setUp() {
    clearInvocations(pushNotificationManager);
    when(rateLimiters.getPinLimiter()).thenReturn(pinLimiter);
-    when(svr1CredentialsGenerator.generateForUuid(any()))
-        .thenReturn(mock(ExternalServiceCredentials.class));
    when(svr2CredentialsGenerator.generateForUuid(any()))
        .thenReturn(mock(ExternalServiceCredentials.class));

--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/SecureBackupControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/SecureBackupControllerTest.java
@@ -1,55 +0,0 @@
-/*
- * Copyright 2023 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.controllers;
-
-import static org.mockito.Mockito.mock;
-import static org.whispersystems.textsecuregcm.util.MockUtils.randomSecretBytes;
-
-import io.dropwizard.testing.junit5.DropwizardExtensionsSupport;
-import io.dropwizard.testing.junit5.ResourceExtension;
-import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.Mockito;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
-import org.whispersystems.textsecuregcm.configuration.SecureBackupServiceConfiguration;
-import org.whispersystems.textsecuregcm.configuration.secrets.SecretBytes;
-import org.whispersystems.textsecuregcm.storage.AccountsManager;
-import org.whispersystems.textsecuregcm.tests.util.AuthHelper;
-import org.whispersystems.textsecuregcm.util.MockUtils;
-import org.whispersystems.textsecuregcm.util.MutableClock;
-import org.whispersystems.textsecuregcm.util.SystemMapper;
-
-@ExtendWith(DropwizardExtensionsSupport.class)
-class SecureBackupControllerTest extends SecureValueRecoveryControllerBaseTest {
-
-  private static final SecretBytes SECRET = randomSecretBytes(32);
-
-  private static final SecureBackupServiceConfiguration CFG = MockUtils.buildMock(
-      SecureBackupServiceConfiguration.class,
-      cfg -> Mockito.when(cfg.userAuthenticationTokenSharedSecret()).thenReturn(SECRET)
-  );
-
-  private static final MutableClock CLOCK = new MutableClock();
-
-  private static final ExternalServiceCredentialsGenerator CREDENTIAL_GENERATOR =
-      SecureBackupController.credentialsGenerator(CFG, CLOCK);
-
-
-  private static final AccountsManager ACCOUNTS_MANAGER = mock(AccountsManager.class);
-  private static final SecureBackupController CONTROLLER =
-      new SecureBackupController(CREDENTIAL_GENERATOR, ACCOUNTS_MANAGER);
-
-  private static final ResourceExtension RESOURCES = ResourceExtension.builder()
-      .addProvider(AuthHelper.getAuthFilter())
-      .setMapper(SystemMapper.jsonMapper())
-      .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
-      .addResource(CONTROLLER)
-      .build();
-
-  protected SecureBackupControllerTest() {
-    super("/v1", ACCOUNTS_MANAGER, CLOCK, RESOURCES, CREDENTIAL_GENERATOR);
-  }
-}
--- a/service/src/test/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClientTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClientTest.java
@@ -1,147 +0,0 @@
-/*
- * Copyright 2023 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.securebackup;
-
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
-import static com.github.tomakehurst.wiremock.client.WireMock.delete;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
-import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
-import java.security.cert.CertificateException;
-import java.util.List;
-import java.util.UUID;
-import java.util.concurrent.CompletionException;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-import org.apache.commons.lang3.RandomStringUtils;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
-import org.whispersystems.textsecuregcm.configuration.SecureBackupServiceConfiguration;
-
-class SecureBackupClientTest {
-
-  private UUID accountUuid;
-  private ExternalServiceCredentialsGenerator credentialsGenerator;
-  private ExecutorService httpExecutor;
-  private ScheduledExecutorService retryExecutor;
-
-  private SecureBackupClient secureStorageClient;
-
-  @RegisterExtension
-  private final WireMockExtension wireMock = WireMockExtension.newInstance()
-      .options(wireMockConfig().dynamicPort().dynamicHttpsPort())
-      .build();
-
-  @BeforeEach
-  void setUp() throws CertificateException {
-    accountUuid = UUID.randomUUID();
-    credentialsGenerator = mock(ExternalServiceCredentialsGenerator.class);
-    httpExecutor = Executors.newSingleThreadExecutor();
-    retryExecutor = Executors.newSingleThreadScheduledExecutor();
-
-    final SecureBackupServiceConfiguration config = new SecureBackupServiceConfiguration();
-    config.setUri("http://localhost:" + wireMock.getPort());
-
-    // This is a randomly-generated, throwaway certificate that's not actually connected to anything
-    config.setBackupCaCertificates(
-        List.of("""
-            -----BEGIN CERTIFICATE-----
-            MIICZDCCAc2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBPMQswCQYDVQQGEwJ1czEL
-            MAkGA1UECAwCVVMxHjAcBgNVBAoMFVNpZ25hbCBNZXNzZW5nZXIsIExMQzETMBEG
-            A1UEAwwKc2lnbmFsLm9yZzAeFw0yMDEyMjMyMjQ3NTlaFw0zMDEyMjEyMjQ3NTla
-            ME8xCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJVUzEeMBwGA1UECgwVU2lnbmFsIE1l
-            c3NlbmdlciwgTExDMRMwEQYDVQQDDApzaWduYWwub3JnMIGfMA0GCSqGSIb3DQEB
-            AQUAA4GNADCBiQKBgQCfSLcZNHYqbxSsgWp4JvbPRHjQTrlsrKrgD2q7f/OY6O3Y
-            /X0QNcNSOJpliN8rmzwslfsrXHO3q1diGRw4xHogUJZ/7NQrHiP/zhN0VTDh49pD
-            ZpjXVyUbayLS/6qM5arKxBspzEFBb5v8cF6bPr76SO/rpGXiI0j6yJKX6fRiKwID
-            AQABo1AwTjAdBgNVHQ4EFgQU6Jrs/Fmj0z4dA3wvdq/WqA4P49IwHwYDVR0jBBgw
-            FoAU6Jrs/Fmj0z4dA3wvdq/WqA4P49IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
-            AQ0FAAOBgQB+5d5+NtzLILfrc9QmJdIO1YeDP64JmFwTER0kEUouRsb9UwknVWZa
-            y7MTM4NoBV1k0zb5LAk89SIDPr/maW5AsLtEomzjnEiomjoMBUdNe3YCgQReoLnr
-            R/QaUNbrCjTGYfBsjGbIzmkWPUyTec2ZdRyJ8JiVl386+6CZkxnndQ==
-            -----END CERTIFICATE-----
-            """, """
-            -----BEGIN CERTIFICATE-----
-            MIIEpDCCAowCCQC43PUTWSADVjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
-            b2NhbGhvc3QwHhcNMjIxMDE3MjA0NTM0WhcNMjMxMDE3MjA0NTM0WjAUMRIwEAYD
-            VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDV
-            x1cdEd2ffQTlTXWRiCHGcrlYf4RJnctt9sw/BuHWTLXBu5LhyJSGn5LRszO/NCXK
-            Z/cmGR7pLj366RtiwL+Qo3nhvDCK7T9xZeNIusM6XMcMK9D/DGCYPqtjQz8NXd9V
-            ajBBe6nwTDTa+oqX8Mt89foWNkg5Il/lY62u9Dr18LRZ2W9zzYi3Q9/K0CbIX6pM
-            yVlPIO5rITOR2IsbeyqsO9jufgX5lP4ZKLLBAP1b7usjC4YdvWacjQg/rK5aay1x
-            jC2HCDgo/4N30QVXzSA9nFfSe6AE/xkStK4819JqOkY5JsJCbef1P3hOOdSLEjbp
-            xq3MjOs6G6dOgteaAGs10vx7dHxDWETTIiD7BIZ9zRYgOF5bkCaIUO+JfySE1MHD
-            KBAFLoRuvmRev5Ln5R0MCHpUMSmMNgJqz+RWZV3g/gpYbuWiHgJOwL1393eK50Bg
-            W7SXQ8EjJj2yXZSH+1gPzN0DRoJZiaBoTPnCL2qUgvwFpW1PJsM5FDyUJFUoK5kK
-            HLBBSKAPt6ZlSrUe2nBgJv7EF1GK+fTU08LXgW33OpLceGPa0zTShkukQUMtUtZ8
-            GqhO12ohMzEupIu5Xurthq4VVUrzHUdj1ZZRMhAbfLU36sd03MMyL/xBqTN6dzCa
-            GDGIPGpYjAllZ5xMRt2kZdv+Kr6oo3u2nLUIsqI7KQIDAQABMA0GCSqGSIb3DQEB
-            CwUAA4ICAQCB5s43YF35ssf5YONW5iAaifGpi1o0866xfeOybtohFGvQ7V2W34i9
-            TYBCt8+0hgatMcvZ08f0vqig1i7nrvYcE1hnhL7JNkU8qm0s9ytHZt6j62nB0kd/
-            uqE2hOEQalTf/2TGPV0CCgiqLyd8lEUQvQeA38wktwUeZpVnErlzHeMR2CvV3K8R
-            u4vV6SnBcf+TAt56RKYZkPyvZj5llQPo14Glyoo8qZES7Ky1SHmM0GL+baPRBjRW
-            3KgSt98Wyu4yr9qu21JpnbAnLhBfzfSKjSeCRgFElUE1GIaFGRZ7ypA74dUKeLnb
-            /VUWrszmUhGaEjV9dpI6x6B/kSpQMtIQqBaKRY2ALUeEujS/rURi4iMDwSU+GkSH
-            cyEvZKS97OA/dWeXfLXdo4beDBRG93bI4rQnDg5+VdlBOkQSLueb8x6/VThMoC5d
-            vZiotFQHseljQAdTkNa6tBu6c4XDYPCKB3CfkMYOlCfTS7Acn5G6dxTPKBtLGBnL
-            nQfYyzuwYkN09+2PVzt6auBHr3To7uoclkxX+hxyvPIwIZ0N6b4tQR1FCAkvg29Q
-            WIOjZOKGW690ESKCKOnFjUHVO0HpuWnT81URTuY62FXsYdVc2wE4v0E04mEbqQ0P
-            lY6ZKNA81Lm3YADYtObmK1IUrOPo9BeIaPy0UM08SmN880Vunqa91Q==
-            -----END CERTIFICATE-----
-            """));
-
-    secureStorageClient = new SecureBackupClient(credentialsGenerator, httpExecutor, retryExecutor, config);
-  }
-
-  @AfterEach
-  void tearDown() throws InterruptedException {
-    httpExecutor.shutdown();
-    httpExecutor.awaitTermination(1, TimeUnit.SECONDS);
-    retryExecutor.shutdown();
-    retryExecutor.awaitTermination(1, TimeUnit.SECONDS);
-  }
-
-  @Test
-  void deleteStoredData() {
-    final String username = RandomStringUtils.randomAlphabetic(16);
-    final String password = RandomStringUtils.randomAlphanumeric(32);
-
-    when(credentialsGenerator.generateForUuid(accountUuid)).thenReturn(new ExternalServiceCredentials(username, password));
-
-    wireMock.stubFor(delete(urlEqualTo(SecureBackupClient.DELETE_PATH))
-        .withBasicAuth(username, password)
-        .willReturn(aResponse().withStatus(202)));
-
-    // We're happy as long as this doesn't throw an exception
-    secureStorageClient.deleteBackups(accountUuid).join();
-  }
-
-  @Test
-  void deleteStoredDataFailure() {
-    final String username = RandomStringUtils.randomAlphabetic(16);
-    final String password = RandomStringUtils.randomAlphanumeric(32);
-
-    when(credentialsGenerator.generateForUuid(accountUuid)).thenReturn(new ExternalServiceCredentials(username, password));
-
-    wireMock.stubFor(delete(urlEqualTo(SecureBackupClient.DELETE_PATH))
-        .withBasicAuth(username, password)
-        .willReturn(aResponse().withStatus(400)));
-
-    final CompletionException completionException = assertThrows(CompletionException.class, () -> secureStorageClient.deleteBackups(accountUuid).join());
-    assertTrue(completionException.getCause() instanceof SecureBackupException);
-  }
-}
--- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerChangeNumberIntegrationTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerChangeNumberIntegrationTest.java
@@ -38,7 +38,6 @@ import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.textsecuregcm.redis.RedisClusterExtension;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.DynamoDbExtensionSchema.Tables;
@@ -94,9 +93,6 @@ class AccountsManagerChangeNumberIntegrationTest {
      final SecureStorageClient secureStorageClient = mock(SecureStorageClient.class);
      when(secureStorageClient.deleteStoredData(any())).thenReturn(CompletableFuture.completedFuture(null));

-      final SecureBackupClient secureBackupClient = mock(SecureBackupClient.class);
-      when(secureBackupClient.deleteBackups(any())).thenReturn(CompletableFuture.completedFuture(null));
-
      final SecureValueRecovery2Client svr2Client = mock(SecureValueRecovery2Client.class);
      when(svr2Client.deleteBackups(any())).thenReturn(CompletableFuture.completedFuture(null));

@@ -129,7 +125,6 @@ class AccountsManagerChangeNumberIntegrationTest {
          messagesManager,
          profilesManager,
          secureStorageClient,
-          secureBackupClient,
          svr2Client,
          clientPresenceManager,
          mock(ExperimentEnrollmentManager.class),
--- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerConcurrentModificationIntegrationTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerConcurrentModificationIntegrationTest.java
@@ -45,7 +45,6 @@ import org.whispersystems.textsecuregcm.entities.AccountAttributes;
 import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.DynamoDbExtensionSchema.Tables;
@@ -125,7 +124,6 @@ class AccountsManagerConcurrentModificationIntegrationTest {
          mock(MessagesManager.class),
          mock(ProfilesManager.class),
          mock(SecureStorageClient.class),
-          mock(SecureBackupClient.class),
          mock(SecureValueRecovery2Client.class),
          mock(ClientPresenceManager.class),
          mock(ExperimentEnrollmentManager.class),
--- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerTest.java
@@ -71,7 +71,6 @@ import org.whispersystems.textsecuregcm.identity.AciServiceIdentifier;
 import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.identity.PniServiceIdentifier;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.Device.DeviceCapabilities;
@@ -156,9 +155,6 @@ class AccountsManagerTest {
    final SecureStorageClient storageClient = mock(SecureStorageClient.class);
    when(storageClient.deleteStoredData(any())).thenReturn(CompletableFuture.completedFuture(null));

-    final SecureBackupClient backupClient = mock(SecureBackupClient.class);
-    when(backupClient.deleteBackups(any())).thenReturn(CompletableFuture.completedFuture(null));
-
    final SecureValueRecovery2Client svr2Client = mock(SecureValueRecovery2Client.class);
    when(svr2Client.deleteBackups(any())).thenReturn(CompletableFuture.completedFuture(null));

@@ -218,7 +214,6 @@ class AccountsManagerTest {
        messagesManager,
        profilesManager,
        storageClient,
-        backupClient,
        svr2Client,
        clientPresenceManager,
        enrollmentManager,
--- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerUsernameIntegrationTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerUsernameIntegrationTest.java
@@ -41,7 +41,6 @@ import org.whispersystems.textsecuregcm.entities.AccountAttributes;
 import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.textsecuregcm.redis.RedisClusterExtension;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.DynamoDbExtensionSchema.Tables;
@@ -131,7 +130,6 @@ class AccountsManagerUsernameIntegrationTest {
        mock(MessagesManager.class),
        mock(ProfilesManager.class),
        mock(SecureStorageClient.class),
-        mock(SecureBackupClient.class),
        mock(SecureValueRecovery2Client.class),
        mock(ClientPresenceManager.class),
        experimentEnrollmentManager,
--- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsTest.java
@@ -55,7 +55,6 @@ import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.textsecuregcm.redis.FaultTolerantRedisCluster;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.DynamoDbExtensionSchema.Tables;
@@ -176,7 +175,6 @@ class AccountsTest {
        mock(MessagesManager.class),
        mock(ProfilesManager.class),
        mock(SecureStorageClient.class),
-        mock(SecureBackupClient.class),
        mock(SecureValueRecovery2Client.class),
        mock(ClientPresenceManager.class),
        mock(ExperimentEnrollmentManager.class),