MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Treat APNs team/key IDs as secrets so they can change atomically with the key itself

This commit is contained in:
Jon Chambers 2023-10-12 12:23:26 -04:00 committed by Jon Chambers
parent 207ae6129b
commit f2a3b8dba4
4 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
service/config/sample-secrets-bundle.yml
View File

@ -46,6 +46,8 @@ gcpAttachments.rsaSigningKey: |
AAAAAAAA AAAAAAAA
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
apn.teamId: team-id
apn.keyId: key-id
apn.signingKey: | apn.signingKey: |
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ/0123456789+abcdefghijklmnopqrstuvwxyz

4
service/config/sample.yml
View File

@ -208,8 +208,8 @@ accountDatabaseCrawler:
apn: # Apple Push Notifications configuration apn: # Apple Push Notifications configuration
sandbox: true sandbox: true
bundleId: com.example.textsecuregcm bundleId: com.example.textsecuregcm
keyId: unset keyId: secret://apn.keyId
teamId: unset teamId: secret://apn.teamId
signingKey: secret://apn.signingKey signingKey: secret://apn.signingKey
fcm: # FCM configuration fcm: # FCM configuration

4
service/src/main/java/org/whispersystems/textsecuregcm/configuration/ApnConfiguration.java
View File

@ -9,8 +9,8 @@ import javax.validation.constraints.NotNull;
import org.whispersystems.textsecuregcm.configuration.secrets.SecretString; import org.whispersystems.textsecuregcm.configuration.secrets.SecretString;
public record ApnConfiguration(@NotBlank String teamId, public record ApnConfiguration(@NotNull SecretString teamId,
@NotBlank String keyId, @NotNull SecretString keyId,
@NotNull SecretString signingKey, @NotNull SecretString signingKey,
@NotBlank String bundleId, @NotBlank String bundleId,
boolean sandbox) { boolean sandbox) {

2
service/src/main/java/org/whispersystems/textsecuregcm/push/APNSender.java
View File

@ -64,7 +64,7 @@ public class APNSender implements Managed, PushNotificationSender {
this.bundleId = configuration.bundleId(); this.bundleId = configuration.bundleId();
this.apnsClient = new ApnsClientBuilder().setSigningKey( this.apnsClient = new ApnsClientBuilder().setSigningKey(
ApnsSigningKey.loadFromInputStream(new ByteArrayInputStream(configuration.signingKey().value().getBytes()), ApnsSigningKey.loadFromInputStream(new ByteArrayInputStream(configuration.signingKey().value().getBytes()),
configuration.teamId(), configuration.keyId())) configuration.teamId().value(), configuration.keyId().value()))
.setTrustedServerCertificateChain(getClass().getResourceAsStream(APNS_CA_FILENAME)) .setTrustedServerCertificateChain(getClass().getResourceAsStream(APNS_CA_FILENAME))
.setApnsServer(configuration.sandbox() ? ApnsClientBuilder.DEVELOPMENT_APNS_HOST : ApnsClientBuilder.PRODUCTION_APNS_HOST) .setApnsServer(configuration.sandbox() ? ApnsClientBuilder.DEVELOPMENT_APNS_HOST : ApnsClientBuilder.PRODUCTION_APNS_HOST)
.build(); .build();