Stop sending API keys to the registration service

This commit is contained in:
Jon Chambers 2023-05-03 18:44:15 -04:00 committed by Jon Chambers
parent 1beee5fd04
commit d2baa8b8fb
5 changed files with 4 additions and 13 deletions

View File

@ -371,7 +371,6 @@ oneTimeDonations:
registrationService: registrationService:
host: registration.example.com host: registration.example.com
port: 443 port: 443
apiKey: EXAMPLE
credentialConfigurationJson: | credentialConfigurationJson: |
{ {
"example": "example" "example": "example"

View File

@ -473,7 +473,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
RegistrationServiceClient registrationServiceClient = new RegistrationServiceClient( RegistrationServiceClient registrationServiceClient = new RegistrationServiceClient(
config.getRegistrationServiceConfiguration().host(), config.getRegistrationServiceConfiguration().host(),
config.getRegistrationServiceConfiguration().port(), config.getRegistrationServiceConfiguration().port(),
config.getRegistrationServiceConfiguration().apiKey(),
config.getRegistrationServiceConfiguration().credentialConfigurationJson(), config.getRegistrationServiceConfiguration().credentialConfigurationJson(),
config.getRegistrationServiceConfiguration().identityTokenAudience(), config.getRegistrationServiceConfiguration().identityTokenAudience(),
config.getRegistrationServiceConfiguration().registrationCaCertificate(), config.getRegistrationServiceConfiguration().registrationCaCertificate(),

View File

@ -4,7 +4,6 @@ import javax.validation.constraints.NotBlank;
public record RegistrationServiceConfiguration(@NotBlank String host, public record RegistrationServiceConfiguration(@NotBlank String host,
int port, int port,
@NotBlank String apiKey,
@NotBlank String credentialConfigurationJson, @NotBlank String credentialConfigurationJson,
@NotBlank String identityTokenAudience, @NotBlank String identityTokenAudience,
@NotBlank String registrationCaCertificate) { @NotBlank String registrationCaCertificate) {

View File

@ -21,25 +21,21 @@ import org.slf4j.LoggerFactory;
class IdentityTokenCallCredentials extends CallCredentials { class IdentityTokenCallCredentials extends CallCredentials {
private final String apiKey;
private final Supplier<String> identityTokenSupplier; private final Supplier<String> identityTokenSupplier;
private static final Duration IDENTITY_TOKEN_LIFETIME = Duration.ofHours(1); private static final Duration IDENTITY_TOKEN_LIFETIME = Duration.ofHours(1);
private static final Duration IDENTITY_TOKEN_REFRESH_BUFFER = Duration.ofMinutes(10); private static final Duration IDENTITY_TOKEN_REFRESH_BUFFER = Duration.ofMinutes(10);
private static final Metadata.Key<String> API_KEY_METADATA_KEY =
Metadata.Key.of("x-signal-api-key", Metadata.ASCII_STRING_MARSHALLER);
private static final Metadata.Key<String> AUTHORIZATION_METADATA_KEY = private static final Metadata.Key<String> AUTHORIZATION_METADATA_KEY =
Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER); Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);
private static final Logger logger = LoggerFactory.getLogger(IdentityTokenCallCredentials.class); private static final Logger logger = LoggerFactory.getLogger(IdentityTokenCallCredentials.class);
IdentityTokenCallCredentials(final String apiKey, final Supplier<String> identityTokenSupplier) { IdentityTokenCallCredentials(final Supplier<String> identityTokenSupplier) {
this.apiKey = apiKey;
this.identityTokenSupplier = identityTokenSupplier; this.identityTokenSupplier = identityTokenSupplier;
} }
static IdentityTokenCallCredentials fromApiKeyAndCredentialConfig(final String apiKey, final String credentialConfigJson, final String audience) throws IOException { static IdentityTokenCallCredentials fromCredentialConfig(final String credentialConfigJson, final String audience) throws IOException {
try (final InputStream configInputStream = new ByteArrayInputStream(credentialConfigJson.getBytes(StandardCharsets.UTF_8))) { try (final InputStream configInputStream = new ByteArrayInputStream(credentialConfigJson.getBytes(StandardCharsets.UTF_8))) {
final ExternalAccountCredentials credentials = ExternalAccountCredentials.fromStream(configInputStream); final ExternalAccountCredentials credentials = ExternalAccountCredentials.fromStream(configInputStream);
final ImpersonatedCredentials impersonatedCredentials = ImpersonatedCredentials.create(credentials, final ImpersonatedCredentials impersonatedCredentials = ImpersonatedCredentials.create(credentials,
@ -57,7 +53,7 @@ class IdentityTokenCallCredentials extends CallCredentials {
IDENTITY_TOKEN_LIFETIME.minus(IDENTITY_TOKEN_REFRESH_BUFFER).toMillis(), IDENTITY_TOKEN_LIFETIME.minus(IDENTITY_TOKEN_REFRESH_BUFFER).toMillis(),
TimeUnit.MILLISECONDS); TimeUnit.MILLISECONDS);
return new IdentityTokenCallCredentials(apiKey, idTokenSupplier); return new IdentityTokenCallCredentials(idTokenSupplier);
} }
} }
@ -70,7 +66,6 @@ class IdentityTokenCallCredentials extends CallCredentials {
if (identityTokenValue != null) { if (identityTokenValue != null) {
final Metadata metadata = new Metadata(); final Metadata metadata = new Metadata();
metadata.put(API_KEY_METADATA_KEY, apiKey);
metadata.put(AUTHORIZATION_METADATA_KEY, "Bearer " + identityTokenValue); metadata.put(AUTHORIZATION_METADATA_KEY, "Bearer " + identityTokenValue);
applier.apply(metadata); applier.apply(metadata);

View File

@ -59,7 +59,6 @@ public class RegistrationServiceClient implements Managed {
public RegistrationServiceClient(final String host, public RegistrationServiceClient(final String host,
final int port, final int port,
final String apiKey,
final String credentialConfigJson, final String credentialConfigJson,
final String identityTokenAudience, final String identityTokenAudience,
final String caCertificatePem, final String caCertificatePem,
@ -74,7 +73,7 @@ public class RegistrationServiceClient implements Managed {
} }
this.stub = RegistrationServiceGrpc.newFutureStub(channel) this.stub = RegistrationServiceGrpc.newFutureStub(channel)
.withCallCredentials(IdentityTokenCallCredentials.fromApiKeyAndCredentialConfig(apiKey, credentialConfigJson, identityTokenAudience)); .withCallCredentials(IdentityTokenCallCredentials.fromCredentialConfig(credentialConfigJson, identityTokenAudience));
this.callbackExecutor = callbackExecutor; this.callbackExecutor = callbackExecutor;
} }