Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-04-21 16:08:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove static Remote Config auth tokens

Browse Source
This commit is contained in:
Chris Eager
2023-06-15 10:50:00 -05:00
committed by Chris Eager
parent 8501e61eb1
commit befd336372
6 changed files with 32 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
View File

@@ -745,7 +745,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
new RegistrationController(accountsManager, phoneVerificationTokenManager, registrationLockVerificationManager,
keys, rateLimiters),
new RemoteConfigController(remoteConfigsManager, adminEventLogger,
config.getRemoteConfigConfiguration().authorizedTokens().value(),
config.getRemoteConfigConfiguration().authorizedUsers(),
config.getRemoteConfigConfiguration().requiredHostedDomain(),
config.getRemoteConfigConfiguration().audiences(),

4
service/src/main/java/org/whispersystems/textsecuregcm/configuration/RemoteConfigConfiguration.java
View File

@@ -10,10 +10,8 @@ import java.util.Map;
import java.util.Set;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import org.whispersystems.textsecuregcm.configuration.secrets.SecretStringList;
public record RemoteConfigConfiguration(@NotNull SecretStringList authorizedTokens,
@NotNull Set<String> authorizedUsers,
public record RemoteConfigConfiguration(@NotNull Set<String> authorizedUsers,
@NotNull String requiredHostedDomain,
@NotNull @NotEmpty List<String> audiences,
@NotNull Map<String, String> globalConfig) {

11
service/src/main/java/org/whispersystems/textsecuregcm/controllers/RemoteConfigController.java
View File

@@ -54,7 +54,6 @@ public class RemoteConfigController {
private final RemoteConfigsManager remoteConfigsManager;
private final AdminEventLogger adminEventLogger;
private final List<String> configAuthTokens;
private final Set<String> configAuthUsers;
private final Map<String, String> globalConfig;
@@ -65,11 +64,10 @@ public class RemoteConfigController {
private static final String GLOBAL_CONFIG_PREFIX = "global.";
public RemoteConfigController(RemoteConfigsManager remoteConfigsManager, AdminEventLogger adminEventLogger,
List<String> configAuthTokens, Set<String> configAuthUsers, String requiredHostedDomain, List<String> audience,
Set<String> configAuthUsers, String requiredHostedDomain, List<String> audience,
final GoogleIdTokenVerifier.Builder googleIdTokenVerifierBuilder, Map<String, String> globalConfig) {
this.remoteConfigsManager = remoteConfigsManager;
this.adminEventLogger = Objects.requireNonNull(adminEventLogger);
this.configAuthTokens = configAuthTokens;
this.configAuthUsers = configAuthUsers;
this.globalConfig = globalConfig;
@@ -141,8 +139,7 @@ public class RemoteConfigController {
private Optional<String> getAuthIdentity(String token) {
return getAuthorizedGoogleIdentity(token)
.map(googleIdToken -> googleIdToken.getPayload().getEmail())
.or(() -> Optional.ofNullable(isAuthorized(token) ? token : null));
.map(googleIdToken -> googleIdToken.getPayload().getEmail());
}
private Optional<GoogleIdToken> getAuthorizedGoogleIdentity(String token) {
@@ -183,8 +180,4 @@ public class RemoteConfigController {
return bucket < configPercentage;
}
@SuppressWarnings("BooleanMethodIsAlwaysInverted")
private boolean isAuthorized(String configToken) {
return configToken != null && configAuthTokens.stream().anyMatch(authorized -> MessageDigest.isEqual(authorized.getBytes(), configToken.getBytes()));
}
}