Stop sending API keys to the registration service
This commit is contained in:
parent
1beee5fd04
commit
d2baa8b8fb
|
@ -371,7 +371,6 @@ oneTimeDonations:
|
||||||
registrationService:
|
registrationService:
|
||||||
host: registration.example.com
|
host: registration.example.com
|
||||||
port: 443
|
port: 443
|
||||||
apiKey: EXAMPLE
|
|
||||||
credentialConfigurationJson: |
|
credentialConfigurationJson: |
|
||||||
{
|
{
|
||||||
"example": "example"
|
"example": "example"
|
||||||
|
|
|
@ -473,7 +473,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
|
||||||
RegistrationServiceClient registrationServiceClient = new RegistrationServiceClient(
|
RegistrationServiceClient registrationServiceClient = new RegistrationServiceClient(
|
||||||
config.getRegistrationServiceConfiguration().host(),
|
config.getRegistrationServiceConfiguration().host(),
|
||||||
config.getRegistrationServiceConfiguration().port(),
|
config.getRegistrationServiceConfiguration().port(),
|
||||||
config.getRegistrationServiceConfiguration().apiKey(),
|
|
||||||
config.getRegistrationServiceConfiguration().credentialConfigurationJson(),
|
config.getRegistrationServiceConfiguration().credentialConfigurationJson(),
|
||||||
config.getRegistrationServiceConfiguration().identityTokenAudience(),
|
config.getRegistrationServiceConfiguration().identityTokenAudience(),
|
||||||
config.getRegistrationServiceConfiguration().registrationCaCertificate(),
|
config.getRegistrationServiceConfiguration().registrationCaCertificate(),
|
||||||
|
|
|
@ -4,7 +4,6 @@ import javax.validation.constraints.NotBlank;
|
||||||
|
|
||||||
public record RegistrationServiceConfiguration(@NotBlank String host,
|
public record RegistrationServiceConfiguration(@NotBlank String host,
|
||||||
int port,
|
int port,
|
||||||
@NotBlank String apiKey,
|
|
||||||
@NotBlank String credentialConfigurationJson,
|
@NotBlank String credentialConfigurationJson,
|
||||||
@NotBlank String identityTokenAudience,
|
@NotBlank String identityTokenAudience,
|
||||||
@NotBlank String registrationCaCertificate) {
|
@NotBlank String registrationCaCertificate) {
|
||||||
|
|
|
@ -21,25 +21,21 @@ import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
class IdentityTokenCallCredentials extends CallCredentials {
|
class IdentityTokenCallCredentials extends CallCredentials {
|
||||||
|
|
||||||
private final String apiKey;
|
|
||||||
private final Supplier<String> identityTokenSupplier;
|
private final Supplier<String> identityTokenSupplier;
|
||||||
|
|
||||||
private static final Duration IDENTITY_TOKEN_LIFETIME = Duration.ofHours(1);
|
private static final Duration IDENTITY_TOKEN_LIFETIME = Duration.ofHours(1);
|
||||||
private static final Duration IDENTITY_TOKEN_REFRESH_BUFFER = Duration.ofMinutes(10);
|
private static final Duration IDENTITY_TOKEN_REFRESH_BUFFER = Duration.ofMinutes(10);
|
||||||
|
|
||||||
private static final Metadata.Key<String> API_KEY_METADATA_KEY =
|
|
||||||
Metadata.Key.of("x-signal-api-key", Metadata.ASCII_STRING_MARSHALLER);
|
|
||||||
private static final Metadata.Key<String> AUTHORIZATION_METADATA_KEY =
|
private static final Metadata.Key<String> AUTHORIZATION_METADATA_KEY =
|
||||||
Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);
|
Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER);
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(IdentityTokenCallCredentials.class);
|
private static final Logger logger = LoggerFactory.getLogger(IdentityTokenCallCredentials.class);
|
||||||
|
|
||||||
IdentityTokenCallCredentials(final String apiKey, final Supplier<String> identityTokenSupplier) {
|
IdentityTokenCallCredentials(final Supplier<String> identityTokenSupplier) {
|
||||||
this.apiKey = apiKey;
|
|
||||||
this.identityTokenSupplier = identityTokenSupplier;
|
this.identityTokenSupplier = identityTokenSupplier;
|
||||||
}
|
}
|
||||||
|
|
||||||
static IdentityTokenCallCredentials fromApiKeyAndCredentialConfig(final String apiKey, final String credentialConfigJson, final String audience) throws IOException {
|
static IdentityTokenCallCredentials fromCredentialConfig(final String credentialConfigJson, final String audience) throws IOException {
|
||||||
try (final InputStream configInputStream = new ByteArrayInputStream(credentialConfigJson.getBytes(StandardCharsets.UTF_8))) {
|
try (final InputStream configInputStream = new ByteArrayInputStream(credentialConfigJson.getBytes(StandardCharsets.UTF_8))) {
|
||||||
final ExternalAccountCredentials credentials = ExternalAccountCredentials.fromStream(configInputStream);
|
final ExternalAccountCredentials credentials = ExternalAccountCredentials.fromStream(configInputStream);
|
||||||
final ImpersonatedCredentials impersonatedCredentials = ImpersonatedCredentials.create(credentials,
|
final ImpersonatedCredentials impersonatedCredentials = ImpersonatedCredentials.create(credentials,
|
||||||
|
@ -57,7 +53,7 @@ class IdentityTokenCallCredentials extends CallCredentials {
|
||||||
IDENTITY_TOKEN_LIFETIME.minus(IDENTITY_TOKEN_REFRESH_BUFFER).toMillis(),
|
IDENTITY_TOKEN_LIFETIME.minus(IDENTITY_TOKEN_REFRESH_BUFFER).toMillis(),
|
||||||
TimeUnit.MILLISECONDS);
|
TimeUnit.MILLISECONDS);
|
||||||
|
|
||||||
return new IdentityTokenCallCredentials(apiKey, idTokenSupplier);
|
return new IdentityTokenCallCredentials(idTokenSupplier);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -70,7 +66,6 @@ class IdentityTokenCallCredentials extends CallCredentials {
|
||||||
|
|
||||||
if (identityTokenValue != null) {
|
if (identityTokenValue != null) {
|
||||||
final Metadata metadata = new Metadata();
|
final Metadata metadata = new Metadata();
|
||||||
metadata.put(API_KEY_METADATA_KEY, apiKey);
|
|
||||||
metadata.put(AUTHORIZATION_METADATA_KEY, "Bearer " + identityTokenValue);
|
metadata.put(AUTHORIZATION_METADATA_KEY, "Bearer " + identityTokenValue);
|
||||||
|
|
||||||
applier.apply(metadata);
|
applier.apply(metadata);
|
||||||
|
|
|
@ -59,7 +59,6 @@ public class RegistrationServiceClient implements Managed {
|
||||||
|
|
||||||
public RegistrationServiceClient(final String host,
|
public RegistrationServiceClient(final String host,
|
||||||
final int port,
|
final int port,
|
||||||
final String apiKey,
|
|
||||||
final String credentialConfigJson,
|
final String credentialConfigJson,
|
||||||
final String identityTokenAudience,
|
final String identityTokenAudience,
|
||||||
final String caCertificatePem,
|
final String caCertificatePem,
|
||||||
|
@ -74,7 +73,7 @@ public class RegistrationServiceClient implements Managed {
|
||||||
}
|
}
|
||||||
|
|
||||||
this.stub = RegistrationServiceGrpc.newFutureStub(channel)
|
this.stub = RegistrationServiceGrpc.newFutureStub(channel)
|
||||||
.withCallCredentials(IdentityTokenCallCredentials.fromApiKeyAndCredentialConfig(apiKey, credentialConfigJson, identityTokenAudience));
|
.withCallCredentials(IdentityTokenCallCredentials.fromCredentialConfig(credentialConfigJson, identityTokenAudience));
|
||||||
|
|
||||||
this.callbackExecutor = callbackExecutor;
|
this.callbackExecutor = callbackExecutor;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue