Add support for environment-dependent secondary OAuth2 credentials JSON

2026-04-21 14:08:07 +01:00 · 2023-05-25 15:39:14 -05:00
parent d832eaa759
commit cd8f74e60b
5 changed files with 27 additions and 17 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@@ -311,6 +311,10 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
      Metrics.addRegistry(datadogMeterRegistry);
    }

+    final boolean useSecondaryCredentialsJson = Optional.ofNullable(
+            System.getenv("SIGNAL_USE_SECONDARY_CREDENTIALS_JSON"))
+        .isPresent();
+
    environment.lifecycle().manage(new MicrometerRegistryManager(Metrics.globalRegistry));

    HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup =
@@ -463,7 +467,9 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
    final AdminEventLogger adminEventLogger = new GoogleCloudAdminEventLogger(
        LoggingOptions.newBuilder().setProjectId(config.getAdminEventLoggingConfiguration().projectId())
            .setCredentials(GoogleCredentials.fromStream(new ByteArrayInputStream(
-                config.getAdminEventLoggingConfiguration().credentials().getBytes(StandardCharsets.UTF_8))))
+                useSecondaryCredentialsJson
+                    ? config.getAdminEventLoggingConfiguration().secondaryCredentials().getBytes(StandardCharsets.UTF_8)
+                    : config.getAdminEventLoggingConfiguration().credentials().getBytes(StandardCharsets.UTF_8))))
            .build().getService(),
        config.getAdminEventLoggingConfiguration().projectId(),
        config.getAdminEventLoggingConfiguration().logName());
@@ -500,7 +506,9 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
    RegistrationServiceClient registrationServiceClient = new RegistrationServiceClient(
        config.getRegistrationServiceConfiguration().host(),
        config.getRegistrationServiceConfiguration().port(),
-        config.getRegistrationServiceConfiguration().credentialConfigurationJson(),
+        useSecondaryCredentialsJson
+            ? config.getRegistrationServiceConfiguration().secondaryCredentialConfigurationJson()
+            : config.getRegistrationServiceConfiguration().credentialConfigurationJson(),
        config.getRegistrationServiceConfiguration().identityTokenAudience(),
        config.getRegistrationServiceConfiguration().registrationCaCertificate(),
        registrationCallbackExecutor);
@@ -573,8 +581,10 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
    final TurnTokenGenerator turnTokenGenerator = new TurnTokenGenerator(dynamicConfigurationManager);

    RecaptchaClient recaptchaClient = new RecaptchaClient(
-        config.getRecaptchaConfiguration().getProjectPath(),
-        config.getRecaptchaConfiguration().getCredentialConfigurationJson(),
+        config.getRecaptchaConfiguration().projectPath(),
+        useSecondaryCredentialsJson
+            ? config.getRecaptchaConfiguration().secondaryCredentialConfigurationJson()
+            : config.getRecaptchaConfiguration().credentialConfigurationJson(),
        dynamicConfigurationManager);
    HttpClient hcaptchaHttpClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_2)
        .connectTimeout(Duration.ofSeconds(10)).build();
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/AdminEventLoggingConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/AdminEventLoggingConfiguration.java
@@ -10,6 +10,7 @@ import javax.validation.constraints.NotEmpty;

 public record AdminEventLoggingConfiguration(
    @NotBlank String credentials,
+    @NotBlank String secondaryCredentials,
    @NotEmpty String projectId,
    @NotEmpty String logName) {
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RecaptchaConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RecaptchaConfiguration.java
@@ -7,18 +7,7 @@ package org.whispersystems.textsecuregcm.configuration;

 import javax.validation.constraints.NotEmpty;

-public class RecaptchaConfiguration {
+public record RecaptchaConfiguration(@NotEmpty String projectPath, @NotEmpty String credentialConfigurationJson,
+                                     @NotEmpty String secondaryCredentialConfigurationJson) {

-  private String projectPath;
-  private String credentialConfigurationJson;
-
-  @NotEmpty
-  public String getProjectPath() {
-    return projectPath;
-  }
-
-  @NotEmpty
-  public String getCredentialConfigurationJson() {
-    return credentialConfigurationJson;
-  }
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java
@@ -5,6 +5,7 @@ import javax.validation.constraints.NotBlank;
 public record RegistrationServiceConfiguration(@NotBlank String host,
                                               int port,
                                               @NotBlank String credentialConfigurationJson,
+                                               @NotBlank String secondaryCredentialConfigurationJson,
                                               @NotBlank String identityTokenAudience,
                                               @NotBlank String registrationCaCertificate) {
 }