Set TLS keystore password from secrets configuration
This commit is contained in:
Chris Eager
Chris Eager
parent
a37acd1f42
commit
3090de56b8
|
|
@ -93,3 +93,5 @@ currentReportingKey.salt: AAAAAAAAAAA=
|
||||||
turn.secret: AAAAAAAAAAA=
|
turn.secret: AAAAAAAAAAA=
|
||||||
|
|
||||||
linkDevice.secret: AAAAAAAAAAA=
|
linkDevice.secret: AAAAAAAAAAA=
|
||||||
|
|
||||||
|
tlsKeyStore.password: unset
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,9 @@ metrics:
|
||||||
|
|
||||||
grpcPort: 8080
|
grpcPort: 8080
|
||||||
|
|
||||||
|
tlsKeyStore:
|
||||||
|
password: secret://tlsKeyStore.password
|
||||||
|
|
||||||
stripe:
|
stripe:
|
||||||
apiKey: secret://stripe.apiKey
|
apiKey: secret://stripe.apiKey
|
||||||
idempotencyKeyGenerator: secret://stripe.idempotencyKeyGenerator
|
idempotencyKeyGenerator: secret://stripe.idempotencyKeyGenerator
|
||||||
|
|
@ -54,7 +57,6 @@ stripe:
|
||||||
SEPA_DEBIT:
|
SEPA_DEBIT:
|
||||||
- eur
|
- eur
|
||||||
|
|
||||||
|
|
||||||
braintree:
|
braintree:
|
||||||
merchantId: unset
|
merchantId: unset
|
||||||
publicKey: unset
|
publicKey: unset
|
||||||
|
|
|
||||||
|
|
@ -26,8 +26,8 @@ import org.whispersystems.textsecuregcm.configuration.CdnConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.ClientCdnConfiguration;
|
import org.whispersystems.textsecuregcm.configuration.ClientCdnConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.ClientReleaseConfiguration;
|
import org.whispersystems.textsecuregcm.configuration.ClientReleaseConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.CommandStopListenerConfiguration;
|
import org.whispersystems.textsecuregcm.configuration.CommandStopListenerConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.DogstatsdConfiguration;
|
|
||||||
import org.whispersystems.textsecuregcm.configuration.DirectoryV2Configuration;
|
import org.whispersystems.textsecuregcm.configuration.DirectoryV2Configuration;
|
||||||
|
import org.whispersystems.textsecuregcm.configuration.DogstatsdConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.DynamoDbClientConfiguration;
|
import org.whispersystems.textsecuregcm.configuration.DynamoDbClientConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.DynamoDbTables;
|
import org.whispersystems.textsecuregcm.configuration.DynamoDbTables;
|
||||||
import org.whispersystems.textsecuregcm.configuration.FcmConfiguration;
|
import org.whispersystems.textsecuregcm.configuration.FcmConfiguration;
|
||||||
|
|
@ -53,6 +53,7 @@ import org.whispersystems.textsecuregcm.configuration.ShortCodeExpanderConfigura
|
||||||
import org.whispersystems.textsecuregcm.configuration.SpamFilterConfiguration;
|
import org.whispersystems.textsecuregcm.configuration.SpamFilterConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.StripeConfiguration;
|
import org.whispersystems.textsecuregcm.configuration.StripeConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.SubscriptionConfiguration;
|
import org.whispersystems.textsecuregcm.configuration.SubscriptionConfiguration;
|
||||||
|
import org.whispersystems.textsecuregcm.configuration.TlsKeyStoreConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.TurnSecretConfiguration;
|
import org.whispersystems.textsecuregcm.configuration.TurnSecretConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.UnidentifiedDeliveryConfiguration;
|
import org.whispersystems.textsecuregcm.configuration.UnidentifiedDeliveryConfiguration;
|
||||||
import org.whispersystems.textsecuregcm.configuration.ZkConfig;
|
import org.whispersystems.textsecuregcm.configuration.ZkConfig;
|
||||||
|
|
@ -62,6 +63,11 @@ import org.whispersystems.websocket.configuration.WebSocketConfiguration;
|
||||||
/** @noinspection MismatchedQueryAndUpdateOfCollection, WeakerAccess */
|
/** @noinspection MismatchedQueryAndUpdateOfCollection, WeakerAccess */
|
||||||
public class WhisperServerConfiguration extends Configuration {
|
public class WhisperServerConfiguration extends Configuration {
|
||||||
|
|
||||||
|
@NotNull
|
||||||
|
@Valid
|
||||||
|
@JsonProperty
|
||||||
|
private TlsKeyStoreConfiguration tlsKeyStore;
|
||||||
|
|
||||||
@NotNull
|
@NotNull
|
||||||
@Valid
|
@Valid
|
||||||
@JsonProperty
|
@JsonProperty
|
||||||
|
|
@ -310,6 +316,11 @@ public class WhisperServerConfiguration extends Configuration {
|
||||||
@JsonProperty
|
@JsonProperty
|
||||||
private LinkDeviceSecretConfiguration linkDevice;
|
private LinkDeviceSecretConfiguration linkDevice;
|
||||||
|
|
||||||
|
public TlsKeyStoreConfiguration getTlsKeyStoreConfiguration() {
|
||||||
|
return tlsKeyStore;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public StripeConfiguration getStripe() {
|
public StripeConfiguration getStripe() {
|
||||||
return stripe;
|
return stripe;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -16,8 +16,10 @@ import io.dropwizard.auth.PolymorphicAuthValueFactoryProvider;
|
||||||
import io.dropwizard.auth.basic.BasicCredentialAuthFilter;
|
import io.dropwizard.auth.basic.BasicCredentialAuthFilter;
|
||||||
import io.dropwizard.auth.basic.BasicCredentials;
|
import io.dropwizard.auth.basic.BasicCredentials;
|
||||||
import io.dropwizard.core.Application;
|
import io.dropwizard.core.Application;
|
||||||
|
import io.dropwizard.core.server.DefaultServerFactory;
|
||||||
import io.dropwizard.core.setup.Bootstrap;
|
import io.dropwizard.core.setup.Bootstrap;
|
||||||
import io.dropwizard.core.setup.Environment;
|
import io.dropwizard.core.setup.Environment;
|
||||||
|
import io.dropwizard.jetty.HttpsConnectorFactory;
|
||||||
import io.grpc.ServerBuilder;
|
import io.grpc.ServerBuilder;
|
||||||
import io.grpc.ServerInterceptors;
|
import io.grpc.ServerInterceptors;
|
||||||
import io.lettuce.core.metrics.MicrometerCommandLatencyRecorder;
|
import io.lettuce.core.metrics.MicrometerCommandLatencyRecorder;
|
||||||
|
|
@ -298,6 +300,15 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
|
||||||
System.getenv("SIGNAL_USE_REMOTE_ADDRESS"))
|
System.getenv("SIGNAL_USE_REMOTE_ADDRESS"))
|
||||||
.isPresent();
|
.isPresent();
|
||||||
|
|
||||||
|
if (config.getServerFactory() instanceof DefaultServerFactory defaultServerFactory) {
|
||||||
|
defaultServerFactory.getApplicationConnectors()
|
||||||
|
.forEach(connectorFactory -> {
|
||||||
|
if (connectorFactory instanceof HttpsConnectorFactory h) {
|
||||||
|
h.setKeyStorePassword(config.getTlsKeyStoreConfiguration().password().value());
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup =
|
HeaderControlledResourceBundleLookup headerControlledResourceBundleLookup =
|
||||||
new HeaderControlledResourceBundleLookup();
|
new HeaderControlledResourceBundleLookup();
|
||||||
ConfiguredProfileBadgeConverter profileBadgeConverter = new ConfiguredProfileBadgeConverter(
|
ConfiguredProfileBadgeConverter profileBadgeConverter = new ConfiguredProfileBadgeConverter(
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,12 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2023 Signal Messenger, LLC
|
||||||
|
* SPDX-License-Identifier: AGPL-3.0-only
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.whispersystems.textsecuregcm.configuration;
|
||||||
|
|
||||||
|
import org.whispersystems.textsecuregcm.configuration.secrets.SecretString;
|
||||||
|
import javax.validation.constraints.NotNull;
|
||||||
|
|
||||||
|
public record TlsKeyStoreConfiguration(@NotNull SecretString password) {
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue