Convert unidentifiedDelivery.certificate configuration to byte[]

2025-05-27 14:08:12 -05:00 · 2025-05-27 14:08:12 -05:00 · 401165d0d6
parent ccb209ad37
commit 401165d0d6
5 changed files with 5 additions and 5 deletions
--- a/service/config/sample-secrets-bundle.yml
+++ b/service/config/sample-secrets-bundle.yml
@ -66,7 +66,6 @@ cdn.accessSecret: test # AWS Access Secret

 cdn3StorageManager.clientSecret: test

-unidentifiedDelivery.certificate: ABCD1234
 unidentifiedDelivery.privateKey: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789AAAAAAA

 keyTransparencyService.clientPrivateKey: |
--- a/service/config/sample.yml
+++ b/service/config/sample.yml
@ -265,7 +265,7 @@ dogstatsd:
  host: 127.0.0.1

 unidentifiedDelivery:
-  certificate: secret://unidentifiedDelivery.certificate
+  certificate: CgIIAQ==
  privateKey: secret://unidentifiedDelivery.privateKey
  expiresDays: 7

--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@ -1080,7 +1080,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
        new ArchiveController(backupAuthManager, backupManager, backupMetrics),
        new CallRoutingControllerV2(rateLimiters, cloudflareTurnCredentialsManager),
        new CallLinkController(rateLimiters, callingGenericZkSecretParams),
-        new CertificateController(new CertificateGenerator(config.getDeliveryCertificate().certificate().value(),
+        new CertificateController(new CertificateGenerator(config.getDeliveryCertificate().certificate(),
            config.getDeliveryCertificate().ecPrivateKey(), config.getDeliveryCertificate().expiresDays()),
            zkAuthOperations, callingGenericZkSecretParams, clock),
        new ChallengeController(rateLimitChallengeManager, challengeConstraintChecker),
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/UnidentifiedDeliveryConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/UnidentifiedDeliveryConfiguration.java
@ -5,6 +5,7 @@

 package org.whispersystems.textsecuregcm.configuration;

+import jakarta.validation.constraints.NotEmpty;
 import jakarta.validation.constraints.NotNull;
 import org.signal.libsignal.protocol.InvalidKeyException;
 import org.signal.libsignal.protocol.ecc.Curve;
@ -12,7 +13,7 @@ import org.signal.libsignal.protocol.ecc.ECPrivateKey;
 import org.whispersystems.textsecuregcm.configuration.secrets.SecretBytes;
 import org.whispersystems.textsecuregcm.util.ExactlySize;

-public record UnidentifiedDeliveryConfiguration(@NotNull SecretBytes certificate,
+public record UnidentifiedDeliveryConfiguration(@NotNull @NotEmpty  byte[] certificate,
                                                @ExactlySize(32) SecretBytes privateKey,
                                                int expiresDays) {
  public ECPrivateKey ecPrivateKey() throws InvalidKeyException {
--- a/service/src/test/resources/config/test.yml
+++ b/service/src/test/resources/config/test.yml
@ -264,7 +264,7 @@ dogstatsd:
  host: 127.0.0.1

 unidentifiedDelivery:
-  certificate: secret://unidentifiedDelivery.certificate
+  certificate: CgIIAQ==
  privateKey: secret://unidentifiedDelivery.privateKey
  expiresDays: 7