From a62a6c1cb62fa4e52183550156cc20aad38977e2 Mon Sep 17 00:00:00 2001
From: Ravi Khadiwala <ravi@signal.org>
Date: Mon, 8 Jan 2024 15:55:06 -0600
Subject: [PATCH] Change type of Cdn3StorageManagerConfiguration.clientSecret
 to SecretString

---
 service/config/sample-secrets-bundle.yml                 | 2 ++
 .../textsecuregcm/backup/Cdn3RemoteStorageManager.java   | 2 +-
 .../configuration/Cdn3StorageManagerConfiguration.java   | 9 ++++++---
 .../backup/Cdn3RemoteStorageManagerTest.java             | 6 +++++-
 4 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/service/config/sample-secrets-bundle.yml b/service/config/sample-secrets-bundle.yml
index 54cbf0967..8129533a9 100644
--- a/service/config/sample-secrets-bundle.yml
+++ b/service/config/sample-secrets-bundle.yml
@@ -65,6 +65,8 @@ fcm.credentials: |
 cdn.accessKey: test    # AWS Access Key ID
 cdn.accessSecret: test # AWS Access Secret
 
+cdn3StorageManager.clientSecret: test
+
 unidentifiedDelivery.certificate: ABCD1234
 unidentifiedDelivery.privateKey: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789AAAAAAA
 
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/backup/Cdn3RemoteStorageManager.java b/service/src/main/java/org/whispersystems/textsecuregcm/backup/Cdn3RemoteStorageManager.java
index e274257be..99076b721 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/backup/Cdn3RemoteStorageManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/backup/Cdn3RemoteStorageManager.java
@@ -65,7 +65,7 @@ public Cdn3RemoteStorageManager(
     // strip trailing "/" for easier URI construction
     this.storageManagerBaseUrl = StringUtils.removeEnd(configuration.baseUri(), "/");
     this.clientId = configuration.clientId();
-    this.clientSecret = configuration.clientSecret();
+    this.clientSecret = configuration.clientSecret().value();
 
     // Client used to read/write to cdn
     this.cdnHttpClient = FaultTolerantHttpClient.newBuilder()
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/Cdn3StorageManagerConfiguration.java b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/Cdn3StorageManagerConfiguration.java
index d57bce812..8b2e0145c 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/configuration/Cdn3StorageManagerConfiguration.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/configuration/Cdn3StorageManagerConfiguration.java
@@ -1,6 +1,9 @@
 package org.whispersystems.textsecuregcm.configuration;
 
+import org.whispersystems.textsecuregcm.configuration.secrets.SecretString;
+import javax.validation.constraints.NotNull;
+
 public record Cdn3StorageManagerConfiguration(
-    String baseUri,
-    String clientId,
-    String clientSecret) {}
+    @NotNull String baseUri,
+    @NotNull String clientId,
+    @NotNull SecretString clientSecret) {}
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/backup/Cdn3RemoteStorageManagerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/backup/Cdn3RemoteStorageManagerTest.java
index 396e7b6fc..a39f72fbf 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/backup/Cdn3RemoteStorageManagerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/backup/Cdn3RemoteStorageManagerTest.java
@@ -42,6 +42,7 @@
 import org.whispersystems.textsecuregcm.configuration.Cdn3StorageManagerConfiguration;
 import org.whispersystems.textsecuregcm.configuration.CircuitBreakerConfiguration;
 import org.whispersystems.textsecuregcm.configuration.RetryConfiguration;
+import org.whispersystems.textsecuregcm.configuration.secrets.SecretString;
 import org.whispersystems.textsecuregcm.util.CompletableFutureTestUtil;
 import org.whispersystems.textsecuregcm.util.SystemMapper;
 import org.whispersystems.textsecuregcm.util.TestRandomUtil;
@@ -71,7 +72,10 @@ public void init() throws CertificateException {
         new CircuitBreakerConfiguration(),
         new RetryConfiguration(),
         Collections.emptyList(),
-        new Cdn3StorageManagerConfiguration(wireMock.url("storage-manager/"), "clientId", "clientSecret"));
+        new Cdn3StorageManagerConfiguration(
+            wireMock.url("storage-manager/"),
+            "clientId",
+            new SecretString("clientSecret")));
 
     wireMock.stubFor(get(urlEqualTo("/cdn2/source/small"))
         .willReturn(aResponse()