From d2baa8b8fbed52a701048b2af817efd91c8f7bb1 Mon Sep 17 00:00:00 2001
From: Jon Chambers <jon@signal.org>
Date: Wed, 3 May 2023 18:44:15 -0400
Subject: [PATCH] Stop sending API keys to the registration service

---
 service/config/sample.yml                             |  1 -
 .../textsecuregcm/WhisperServerService.java           |  1 -
 .../RegistrationServiceConfiguration.java             |  1 -
 .../registration/IdentityTokenCallCredentials.java    | 11 +++--------
 .../registration/RegistrationServiceClient.java       |  3 +--
 5 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/service/config/sample.yml b/service/config/sample.yml
index db4d877a7..93e939140 100644
--- a/service/config/sample.yml
+++ b/service/config/sample.yml
@@ -371,7 +371,6 @@ oneTimeDonations:
 registrationService:
   host: registration.example.com
   port: 443
-  apiKey: EXAMPLE
   credentialConfigurationJson: |
     {
       "example": "example"
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
index 7891e938c..9a5fa2516 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@@ -473,7 +473,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
     RegistrationServiceClient registrationServiceClient = new RegistrationServiceClient(
         config.getRegistrationServiceConfiguration().host(),
         config.getRegistrationServiceConfiguration().port(),
-        config.getRegistrationServiceConfiguration().apiKey(),
         config.getRegistrationServiceConfiguration().credentialConfigurationJson(),
         config.getRegistrationServiceConfiguration().identityTokenAudience(),
         config.getRegistrationServiceConfiguration().registrationCaCertificate(),
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java
index e72408ca3..cb50f6f2d 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/RegistrationServiceConfiguration.java
@@ -4,7 +4,6 @@ import javax.validation.constraints.NotBlank;
 
 public record RegistrationServiceConfiguration(@NotBlank String host,
                                                int port,
-                                               @NotBlank String apiKey,
                                                @NotBlank String credentialConfigurationJson,
                                                @NotBlank String identityTokenAudience,
                                                @NotBlank String registrationCaCertificate) {
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/registration/IdentityTokenCallCredentials.java b/service/src/main/java/org/whispersystems/textsecuregcm/registration/IdentityTokenCallCredentials.java
index cb8ecc9d5..7b261bcda 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/registration/IdentityTokenCallCredentials.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/registration/IdentityTokenCallCredentials.java
@@ -21,25 +21,21 @@ import org.slf4j.LoggerFactory;
 
 class IdentityTokenCallCredentials extends CallCredentials {
 
-  private final String apiKey;
   private final Supplier<String> identityTokenSupplier;
 
   private static final Duration IDENTITY_TOKEN_LIFETIME = Duration.ofHours(1);
   private static final Duration IDENTITY_TOKEN_REFRESH_BUFFER = Duration.ofMinutes(10);
 
-  private static final Metadata.Key<String> API_KEY_METADATA_KEY =
-      Metadata.Key.of("x-signal-api-key", Metadata.ASCII_STRING_MARSHALLER);
   private static final Metadata.Key<String> AUTHORIZATION_METADATA_KEY =
       Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);
 
   private static final Logger logger = LoggerFactory.getLogger(IdentityTokenCallCredentials.class);
 
-  IdentityTokenCallCredentials(final String apiKey, final Supplier<String> identityTokenSupplier) {
-    this.apiKey = apiKey;
+  IdentityTokenCallCredentials(final Supplier<String> identityTokenSupplier) {
     this.identityTokenSupplier = identityTokenSupplier;
   }
 
-  static IdentityTokenCallCredentials fromApiKeyAndCredentialConfig(final String apiKey, final String credentialConfigJson, final String audience) throws IOException {
+  static IdentityTokenCallCredentials fromCredentialConfig(final String credentialConfigJson, final String audience) throws IOException {
     try (final InputStream configInputStream = new ByteArrayInputStream(credentialConfigJson.getBytes(StandardCharsets.UTF_8))) {
       final ExternalAccountCredentials credentials = ExternalAccountCredentials.fromStream(configInputStream);
       final ImpersonatedCredentials impersonatedCredentials = ImpersonatedCredentials.create(credentials,
@@ -57,7 +53,7 @@ class IdentityTokenCallCredentials extends CallCredentials {
           IDENTITY_TOKEN_LIFETIME.minus(IDENTITY_TOKEN_REFRESH_BUFFER).toMillis(),
           TimeUnit.MILLISECONDS);
 
-      return new IdentityTokenCallCredentials(apiKey, idTokenSupplier);
+      return new IdentityTokenCallCredentials(idTokenSupplier);
     }
   }
 
@@ -70,7 +66,6 @@ class IdentityTokenCallCredentials extends CallCredentials {
 
     if (identityTokenValue != null) {
       final Metadata metadata = new Metadata();
-      metadata.put(API_KEY_METADATA_KEY, apiKey);
       metadata.put(AUTHORIZATION_METADATA_KEY, "Bearer " + identityTokenValue);
 
       applier.apply(metadata);
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/registration/RegistrationServiceClient.java b/service/src/main/java/org/whispersystems/textsecuregcm/registration/RegistrationServiceClient.java
index 68d9e8050..d3fcfb330 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/registration/RegistrationServiceClient.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/registration/RegistrationServiceClient.java
@@ -59,7 +59,6 @@ public class RegistrationServiceClient implements Managed {
 
   public RegistrationServiceClient(final String host,
       final int port,
-      final String apiKey,
       final String credentialConfigJson,
       final String identityTokenAudience,
       final String caCertificatePem,
@@ -74,7 +73,7 @@ public class RegistrationServiceClient implements Managed {
     }
 
     this.stub = RegistrationServiceGrpc.newFutureStub(channel)
-        .withCallCredentials(IdentityTokenCallCredentials.fromApiKeyAndCredentialConfig(apiKey, credentialConfigJson, identityTokenAudience));
+        .withCallCredentials(IdentityTokenCallCredentials.fromCredentialConfig(credentialConfigJson, identityTokenAudience));
 
     this.callbackExecutor = callbackExecutor;
   }