Add support for secondary credentials for registration service

2024-01-24 10:30:44 -06:00 · 2024-01-24 10:30:44 -06:00 · 4b8fc2950f
parent 595cc55578
commit 4b8fc2950f
3 changed files with 12 additions and 1 deletions
--- a/service/config/sample.yml
+++ b/service/config/sample.yml
@ -419,6 +419,10 @@ registrationService:
    {
      "example": "example"
    }
+  secondaryCredentialConfigurationJson: |
+    {
+      "example": "example"
+    }
  identityTokenAudience: https://registration.example.com
  registrationCaCertificate: | # Registration service TLS certificate trust root
    -----BEGIN CERTIFICATE-----
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@ -46,6 +46,7 @@ import java.util.concurrent.ThreadPoolExecutor;
 import javax.servlet.DispatcherType;
 import javax.servlet.FilterRegistration;
 import javax.servlet.ServletRegistration;
+import org.apache.commons.lang3.StringUtils;
 import org.eclipse.jetty.servlets.CrossOriginFilter;
 import org.eclipse.jetty.websocket.server.config.JettyWebSocketServletContainerInitializer;
 import org.glassfish.jersey.server.ServerProperties;
@ -511,10 +512,15 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
        registrationRecoveryPasswords);
    UsernameHashZkProofVerifier usernameHashZkProofVerifier = new UsernameHashZkProofVerifier();

+    final boolean useSecondaryCredentialConfiguration = StringUtils.isNotBlank(
+        System.getenv("SIGNAL_USE_SECONDARY_CREDENTIAL_CONFIGURATION"));
+
    RegistrationServiceClient registrationServiceClient = new RegistrationServiceClient(
        config.getRegistrationServiceConfiguration().host(),
        config.getRegistrationServiceConfiguration().port(),
-        config.getRegistrationServiceConfiguration().credentialConfigurationJson(),
+        useSecondaryCredentialConfiguration ? config.getRegistrationServiceConfiguration()
+            .secondaryCredentialConfigurationJson()
+            : config.getRegistrationServiceConfiguration().credentialConfigurationJson(),
        config.getRegistrationServiceConfiguration().identityTokenAudience(),
        config.getRegistrationServiceConfiguration().registrationCaCertificate(),
        registrationCallbackExecutor);
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java
@ -5,6 +5,7 @@ import javax.validation.constraints.NotBlank;
 public record RegistrationServiceConfiguration(@NotBlank String host,
                                               int port,
                                               @NotBlank String credentialConfigurationJson,
+                                               @NotBlank String secondaryCredentialConfigurationJson,
                                               @NotBlank String identityTokenAudience,
                                               @NotBlank String registrationCaCertificate) {
 }