Generate zkparams, unidentified access and GCP encryption keys correctly

signal server seems to actually start

cmd/config-generator/jar_invoker.go

@@ -0,0 +1,48 @@
+package main
+
+import (
+	"bytes"
+	"os"
+	"os/exec"
+	"strings"
+)
+
+func TextSecureServer(command ...string) map[string]string {
+	cmd := exec.Command("java", append([]string{"-jar", os.Getenv("TEXT_SECURE_SERVER_JAR")}, command...)...)
+	var buf bytes.Buffer
+	cmd.Stdout = &buf
+	cmd.Stderr = os.Stderr
+	err := cmd.Run()
+	if err != nil {
+		panic(err)
+	}
+	out := make(map[string]string)
+	for _, line := range strings.Split(buf.String(), "\n") {
+		if len(line) == 0 {
+			continue
+		}
+		parts := strings.SplitN(line, ":", 2)
+		if len(parts) < 2 {
+			continue
+		}
+
+		out[strings.TrimSpace(parts[0])] = strings.TrimSpace(parts[1])
+	}
+	return out
+}
+
+func GenerateZKConfig() (z ZKConfig) {
+	params := TextSecureServer("zkparams")
+	z.ServerPublic = params["Public"]
+	z.ServerSecret = params["Private"]
+	z.Enabled = false
+	return
+}
+
+func GenerateUnidentifiedDeliveryConfiguration() (u UnidentifiedDeliveryConfiguration) {
+	unidentifiedCA := TextSecureServer("certificate", "--ca")
+	unidentifiedKeyPair := TextSecureServer("certificate", "--key", unidentifiedCA["Private key"], "--id", "0")
+	u.Certificate = unidentifiedKeyPair["Certificate"]
+	u.PrivateKey = unidentifiedKeyPair["Private key"]
+	return
+}

cmd/config-generator/main.go

@@ -93,12 +93,8 @@ func main() {
 			SenderID: 0,
 			APIKey:   "fake.invalid",
 		},
-		APN: GenerateAPNConfiguration(),
+		APN:                  GenerateAPNConfiguration(),
-		UnidentifiedDelivery: UnidentifiedDeliveryConfiguration{
+		UnidentifiedDelivery: GenerateUnidentifiedDeliveryConfiguration(),
-			Certificate: "aaaa",
-			PrivateKey:  "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWE=",
-			ExpiresDays: 90,
-		},
 		VoiceVerification: VoiceVerificationConfiguration{
 			URL:     "https://fake.invalid/voice",
 			Locales: []string{"en"},

cmd/config-generator/pki_generators.go

@@ -112,5 +112,14 @@ func GenerateGCPSigningKey() string {
 	if err != nil {
 		panic(err)
 	}
-	return keyToPem(key)
+	pkcs8, err := x509.MarshalPKCS8PrivateKey(key)
+	if err != nil {
+		panic(err)
+	}
+	block := &pem.Block{
+		Type:  "PRIVATE KEY",
+		Bytes: pkcs8,
+	}
+	encoded := pem.EncodeToMemory(block)
+	return string(encoded)
 }

cmd/config-generator/zkgroups.go

@@ -1,37 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"os"
-	"os/exec"
-	"strings"
-)
-
-func GenerateZKConfig() (z ZKConfig) {
-	z.Enabled = false
-
-	cmd := exec.Command("java", "-jar", "/usr/share/TextSecureServer.jar", "zkparams")
-	var out bytes.Buffer
-	cmd.Stdout = &out
-	cmd.Stderr = os.Stderr
-	err := cmd.Run()
-	if err != nil {
-		panic(err)
-	}
-	for _, line := range strings.Split(out.String(), "\n") {
-		if len(line) == 0 {
-			continue
-		}
-		parts := strings.Split(line, ": ")
-		if len(parts) != 2 {
-			continue
-		} else {
-		}
-		if parts[0] == "Public" {
-			z.ServerPublic = parts[1]
-		} else if parts[0] == "Private" {
-			z.ServerSecret = parts[1]
-		}
-	}
-	return
-}

migrate-and-start-server.sh

@@ -4,7 +4,7 @@ set -exu
 CONFIG_FILE="/etc/signal-server/config.yaml"
 
 # generate config
-/usr/bin/config-generator | tee "${CONFIG_FILE}"
+TEXT_SECURE_SERVER_JAR=/usr/share/TextSecureServer.jar /usr/bin/config-generator "${CONFIG_FILE}"
 
 for db in abusedb accountdb messagedb; do
   echo "Migrating $db"