From 340b1722c627830303f829b9d3b5136bc8cb2a23 Mon Sep 17 00:00:00 2001 From: Finn Date: Sun, 16 Aug 2020 22:40:49 -0700 Subject: [PATCH] Generate zkparams, unidentified access and GCP encryption keys correctly signal server seems to actually start --- cmd/config-generator/jar_invoker.go | 48 ++++++++++++++++++++++++++ cmd/config-generator/main.go | 8 ++--- cmd/config-generator/pki_generators.go | 11 +++++- cmd/config-generator/zkgroups.go | 37 -------------------- migrate-and-start-server.sh | 2 +- 5 files changed, 61 insertions(+), 45 deletions(-) create mode 100644 cmd/config-generator/jar_invoker.go delete mode 100644 cmd/config-generator/zkgroups.go diff --git a/cmd/config-generator/jar_invoker.go b/cmd/config-generator/jar_invoker.go new file mode 100644 index 0000000..8ec0d25 --- /dev/null +++ b/cmd/config-generator/jar_invoker.go @@ -0,0 +1,48 @@ +package main + +import ( + "bytes" + "os" + "os/exec" + "strings" +) + +func TextSecureServer(command ...string) map[string]string { + cmd := exec.Command("java", append([]string{"-jar", os.Getenv("TEXT_SECURE_SERVER_JAR")}, command...)...) + var buf bytes.Buffer + cmd.Stdout = &buf + cmd.Stderr = os.Stderr + err := cmd.Run() + if err != nil { + panic(err) + } + out := make(map[string]string) + for _, line := range strings.Split(buf.String(), "\n") { + if len(line) == 0 { + continue + } + parts := strings.SplitN(line, ":", 2) + if len(parts) < 2 { + continue + } + + out[strings.TrimSpace(parts[0])] = strings.TrimSpace(parts[1]) + } + return out +} + +func GenerateZKConfig() (z ZKConfig) { + params := TextSecureServer("zkparams") + z.ServerPublic = params["Public"] + z.ServerSecret = params["Private"] + z.Enabled = false + return +} + +func GenerateUnidentifiedDeliveryConfiguration() (u UnidentifiedDeliveryConfiguration) { + unidentifiedCA := TextSecureServer("certificate", "--ca") + unidentifiedKeyPair := TextSecureServer("certificate", "--key", unidentifiedCA["Private key"], "--id", "0") + u.Certificate = unidentifiedKeyPair["Certificate"] + u.PrivateKey = unidentifiedKeyPair["Private key"] + return +} diff --git a/cmd/config-generator/main.go b/cmd/config-generator/main.go index f07d526..01e9dc3 100644 --- a/cmd/config-generator/main.go +++ b/cmd/config-generator/main.go @@ -93,12 +93,8 @@ func main() { SenderID: 0, APIKey: "fake.invalid", }, - APN: GenerateAPNConfiguration(), - UnidentifiedDelivery: UnidentifiedDeliveryConfiguration{ - Certificate: "aaaa", - PrivateKey: "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE=", - ExpiresDays: 90, - }, + APN: GenerateAPNConfiguration(), + UnidentifiedDelivery: GenerateUnidentifiedDeliveryConfiguration(), VoiceVerification: VoiceVerificationConfiguration{ URL: "https://fake.invalid/voice", Locales: []string{"en"}, diff --git a/cmd/config-generator/pki_generators.go b/cmd/config-generator/pki_generators.go index 31726ae..8bb5758 100644 --- a/cmd/config-generator/pki_generators.go +++ b/cmd/config-generator/pki_generators.go @@ -112,5 +112,14 @@ func GenerateGCPSigningKey() string { if err != nil { panic(err) } - return keyToPem(key) + pkcs8, err := x509.MarshalPKCS8PrivateKey(key) + if err != nil { + panic(err) + } + block := &pem.Block{ + Type: "PRIVATE KEY", + Bytes: pkcs8, + } + encoded := pem.EncodeToMemory(block) + return string(encoded) } diff --git a/cmd/config-generator/zkgroups.go b/cmd/config-generator/zkgroups.go deleted file mode 100644 index 017e8bf..0000000 --- a/cmd/config-generator/zkgroups.go +++ /dev/null @@ -1,37 +0,0 @@ -package main - -import ( - "bytes" - "os" - "os/exec" - "strings" -) - -func GenerateZKConfig() (z ZKConfig) { - z.Enabled = false - - cmd := exec.Command("java", "-jar", "/usr/share/TextSecureServer.jar", "zkparams") - var out bytes.Buffer - cmd.Stdout = &out - cmd.Stderr = os.Stderr - err := cmd.Run() - if err != nil { - panic(err) - } - for _, line := range strings.Split(out.String(), "\n") { - if len(line) == 0 { - continue - } - parts := strings.Split(line, ": ") - if len(parts) != 2 { - continue - } else { - } - if parts[0] == "Public" { - z.ServerPublic = parts[1] - } else if parts[0] == "Private" { - z.ServerSecret = parts[1] - } - } - return -} diff --git a/migrate-and-start-server.sh b/migrate-and-start-server.sh index 434f7fd..b004e8b 100755 --- a/migrate-and-start-server.sh +++ b/migrate-and-start-server.sh @@ -4,7 +4,7 @@ set -exu CONFIG_FILE="/etc/signal-server/config.yaml" # generate config -/usr/bin/config-generator | tee "${CONFIG_FILE}" +TEXT_SECURE_SERVER_JAR=/usr/share/TextSecureServer.jar /usr/bin/config-generator "${CONFIG_FILE}" for db in abusedb accountdb messagedb; do echo "Migrating $db"