Add support for secondary credentials for registration service

This commit is contained in:
Chris Eager 2024-01-24 10:30:44 -06:00 committed by Chris Eager
parent 595cc55578
commit 4b8fc2950f
3 changed files with 12 additions and 1 deletions

View File

@ -419,6 +419,10 @@ registrationService:
{ {
"example": "example" "example": "example"
} }
secondaryCredentialConfigurationJson: |
{
"example": "example"
}
identityTokenAudience: https://registration.example.com identityTokenAudience: https://registration.example.com
registrationCaCertificate: | # Registration service TLS certificate trust root registrationCaCertificate: | # Registration service TLS certificate trust root
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----

View File

@ -46,6 +46,7 @@ import java.util.concurrent.ThreadPoolExecutor;
import javax.servlet.DispatcherType; import javax.servlet.DispatcherType;
import javax.servlet.FilterRegistration; import javax.servlet.FilterRegistration;
import javax.servlet.ServletRegistration; import javax.servlet.ServletRegistration;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.jetty.servlets.CrossOriginFilter; import org.eclipse.jetty.servlets.CrossOriginFilter;
import org.eclipse.jetty.websocket.server.config.JettyWebSocketServletContainerInitializer; import org.eclipse.jetty.websocket.server.config.JettyWebSocketServletContainerInitializer;
import org.glassfish.jersey.server.ServerProperties; import org.glassfish.jersey.server.ServerProperties;
@ -511,10 +512,15 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
registrationRecoveryPasswords); registrationRecoveryPasswords);
UsernameHashZkProofVerifier usernameHashZkProofVerifier = new UsernameHashZkProofVerifier(); UsernameHashZkProofVerifier usernameHashZkProofVerifier = new UsernameHashZkProofVerifier();
final boolean useSecondaryCredentialConfiguration = StringUtils.isNotBlank(
System.getenv("SIGNAL_USE_SECONDARY_CREDENTIAL_CONFIGURATION"));
RegistrationServiceClient registrationServiceClient = new RegistrationServiceClient( RegistrationServiceClient registrationServiceClient = new RegistrationServiceClient(
config.getRegistrationServiceConfiguration().host(), config.getRegistrationServiceConfiguration().host(),
config.getRegistrationServiceConfiguration().port(), config.getRegistrationServiceConfiguration().port(),
config.getRegistrationServiceConfiguration().credentialConfigurationJson(), useSecondaryCredentialConfiguration ? config.getRegistrationServiceConfiguration()
.secondaryCredentialConfigurationJson()
: config.getRegistrationServiceConfiguration().credentialConfigurationJson(),
config.getRegistrationServiceConfiguration().identityTokenAudience(), config.getRegistrationServiceConfiguration().identityTokenAudience(),
config.getRegistrationServiceConfiguration().registrationCaCertificate(), config.getRegistrationServiceConfiguration().registrationCaCertificate(),
registrationCallbackExecutor); registrationCallbackExecutor);

View File

@ -5,6 +5,7 @@ import javax.validation.constraints.NotBlank;
public record RegistrationServiceConfiguration(@NotBlank String host, public record RegistrationServiceConfiguration(@NotBlank String host,
int port, int port,
@NotBlank String credentialConfigurationJson, @NotBlank String credentialConfigurationJson,
@NotBlank String secondaryCredentialConfigurationJson,
@NotBlank String identityTokenAudience, @NotBlank String identityTokenAudience,
@NotBlank String registrationCaCertificate) { @NotBlank String registrationCaCertificate) {
} }