Stop sending API keys to the registration service

2026-02-24 13:35:20 +00:00 · 2023-05-03 18:44:15 -04:00
parent 1beee5fd04
commit d2baa8b8fb
5 changed files with 4 additions and 13 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@@ -473,7 +473,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
    RegistrationServiceClient registrationServiceClient = new RegistrationServiceClient(
        config.getRegistrationServiceConfiguration().host(),
        config.getRegistrationServiceConfiguration().port(),
-        config.getRegistrationServiceConfiguration().apiKey(),
        config.getRegistrationServiceConfiguration().credentialConfigurationJson(),
        config.getRegistrationServiceConfiguration().identityTokenAudience(),
        config.getRegistrationServiceConfiguration().registrationCaCertificate(),
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java
@@ -4,7 +4,6 @@ import javax.validation.constraints.NotBlank;

 public record RegistrationServiceConfiguration(@NotBlank String host,
                                               int port,
-                                               @NotBlank String apiKey,
                                               @NotBlank String credentialConfigurationJson,
                                               @NotBlank String identityTokenAudience,
                                               @NotBlank String registrationCaCertificate) {
--- a/service/src/main/java/org/whispersystems/textsecuregcm/registration/IdentityTokenCallCredentials.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/registration/IdentityTokenCallCredentials.java
@@ -21,25 +21,21 @@ import org.slf4j.LoggerFactory;

 class IdentityTokenCallCredentials extends CallCredentials {

-  private final String apiKey;
  private final Supplier<String> identityTokenSupplier;

  private static final Duration IDENTITY_TOKEN_LIFETIME = Duration.ofHours(1);
  private static final Duration IDENTITY_TOKEN_REFRESH_BUFFER = Duration.ofMinutes(10);

-  private static final Metadata.Key<String> API_KEY_METADATA_KEY =
-      Metadata.Key.of("x-signal-api-key", Metadata.ASCII_STRING_MARSHALLER);
  private static final Metadata.Key<String> AUTHORIZATION_METADATA_KEY =
      Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);

  private static final Logger logger = LoggerFactory.getLogger(IdentityTokenCallCredentials.class);

-  IdentityTokenCallCredentials(final String apiKey, final Supplier<String> identityTokenSupplier) {
-    this.apiKey = apiKey;
+  IdentityTokenCallCredentials(final Supplier<String> identityTokenSupplier) {
    this.identityTokenSupplier = identityTokenSupplier;
  }

-  static IdentityTokenCallCredentials fromApiKeyAndCredentialConfig(final String apiKey, final String credentialConfigJson, final String audience) throws IOException {
+  static IdentityTokenCallCredentials fromCredentialConfig(final String credentialConfigJson, final String audience) throws IOException {
    try (final InputStream configInputStream = new ByteArrayInputStream(credentialConfigJson.getBytes(StandardCharsets.UTF_8))) {
      final ExternalAccountCredentials credentials = ExternalAccountCredentials.fromStream(configInputStream);
      final ImpersonatedCredentials impersonatedCredentials = ImpersonatedCredentials.create(credentials,
@@ -57,7 +53,7 @@ class IdentityTokenCallCredentials extends CallCredentials {
          IDENTITY_TOKEN_LIFETIME.minus(IDENTITY_TOKEN_REFRESH_BUFFER).toMillis(),
          TimeUnit.MILLISECONDS);

-      return new IdentityTokenCallCredentials(apiKey, idTokenSupplier);
+      return new IdentityTokenCallCredentials(idTokenSupplier);
    }
  }

@@ -70,7 +66,6 @@ class IdentityTokenCallCredentials extends CallCredentials {

    if (identityTokenValue != null) {
      final Metadata metadata = new Metadata();
-      metadata.put(API_KEY_METADATA_KEY, apiKey);
      metadata.put(AUTHORIZATION_METADATA_KEY, "Bearer " + identityTokenValue);

      applier.apply(metadata);
--- a/service/src/main/java/org/whispersystems/textsecuregcm/registration/RegistrationServiceClient.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/registration/RegistrationServiceClient.java
@@ -59,7 +59,6 @@ public class RegistrationServiceClient implements Managed {

  public RegistrationServiceClient(final String host,
      final int port,
-      final String apiKey,
      final String credentialConfigJson,
      final String identityTokenAudience,
      final String caCertificatePem,
@@ -74,7 +73,7 @@ public class RegistrationServiceClient implements Managed {
    }

    this.stub = RegistrationServiceGrpc.newFutureStub(channel)
-        .withCallCredentials(IdentityTokenCallCredentials.fromApiKeyAndCredentialConfig(apiKey, credentialConfigJson, identityTokenAudience));
+        .withCallCredentials(IdentityTokenCallCredentials.fromCredentialConfig(credentialConfigJson, identityTokenAudience));

    this.callbackExecutor = callbackExecutor;
  }