Move OwnEncodedServerEntries to config file

- With this change, the Psinet data that is
  deployed to every server is once again
  identical, and we retain an optimization
  that the Psinet payload is only created
  once per deployment.

- A server's own server entries are unlikely
  to change without also requiring a config
  update, so there was limited benefit to
  having hot reload for OwnEncodedServerEntries.

psiphon/server/api.go

@@ -304,7 +304,7 @@ func handshakeAPIRequestHandler(
 	serverEntryTag, ok := getOptionalStringRequestParam(
 		params, "missing_server_entry_signature")
 	if ok {
-		ownServerEntry, ok := db.OwnServerEntry(serverEntryTag)
+		ownServerEntry, ok := support.Config.GetOwnEncodedServerEntry(serverEntryTag)
 		if ok {
 			encodedServerList = append(encodedServerList, ownServerEntry)
 		}

psiphon/server/config.go

@@ -86,8 +86,8 @@ type Config struct {
 	// ISP data in a separate file.
 	GeoIPDatabaseFilenames []string
 
-	// PsinetDatabaseFilename is the path of the Psiphon automation
-	// jsonpickle format Psiphon API data file.
+	// PsinetDatabaseFilename is the path of the file containing
+	// psinet.Database data.
 	PsinetDatabaseFilename string
 
 	// HostID is the ID of the server host; this is used for API
@@ -337,6 +337,17 @@ type Config struct {
 	// addition to logging events.
 	BlocklistActive bool
 
+	// OwnEncodedServerEntries is a list of the server's own encoded server
+	// entries, idenfified by server entry tag. These values are used in the
+	// handshake API to update clients that don't yet have a signed copy of these
+	// server entries.
+	//
+	// For purposes of compartmentalization, each server receives only its own
+	// server entries here; and, besides the discovery server entries, in
+	// psinet.Database, necessary for the discovery feature, no other server
+	// entries are stored on a Psiphon server.
+	OwnEncodedServerEntries map[string]string
+
 	sshBeginHandshakeTimeout time.Duration
 	sshHandshakeTimeout      time.Duration
 }
@@ -356,6 +367,13 @@ func (config *Config) RunPeriodicGarbageCollection() bool {
 	return config.PeriodicGarbageCollectionSeconds > 0
 }
 
+// GetOwnEncodedServerEntry returns one of the server's own server entries, as
+// identified by the server entry tag.
+func (config *Config) GetOwnEncodedServerEntry(serverEntryTag string) (string, bool) {
+	serverEntry, ok := config.OwnEncodedServerEntries[serverEntryTag]
+	return serverEntry, ok
+}
+
 // LoadConfig loads and validates a JSON encoded server config.
 func LoadConfig(configJSON []byte) (*Config, error) {
 

psiphon/server/psinet/psinet.go

@@ -44,12 +44,11 @@ const (
 type Database struct {
 	common.ReloadableFile
 
-	Sponsors                map[string]*Sponsor        `json:"sponsors"`
-	Versions                map[string][]ClientVersion `json:"client_versions"`
-	DefaultSponsorID        string                     `json:"default_sponsor_id"`
-	ValidServerEntryTags    map[string]bool            `json:"valid_server_entry_tags"`
-	OwnEncodedServerEntries map[string]string          `json:"own_encoded_server_entries"`
-	DiscoveryServers        []*DiscoveryServer         `json:"discovery_servers`
+	Sponsors             map[string]*Sponsor        `json:"sponsors"`
+	Versions             map[string][]ClientVersion `json:"client_versions"`
+	DefaultSponsorID     string                     `json:"default_sponsor_id"`
+	ValidServerEntryTags map[string]bool            `json:"valid_server_entry_tags"`
+	DiscoveryServers     []*DiscoveryServer         `json:"discovery_servers`
 
 	fileModTime time.Time
 }
@@ -116,7 +115,6 @@ func NewDatabase(filename string) (*Database, error) {
 			database.Versions = newDatabase.Versions
 			database.DefaultSponsorID = newDatabase.DefaultSponsorID
 			database.ValidServerEntryTags = newDatabase.ValidServerEntryTags
-			database.OwnEncodedServerEntries = newDatabase.OwnEncodedServerEntries
 			database.DiscoveryServers = newDatabase.DiscoveryServers
 			database.fileModTime = fileModTime
 
@@ -256,27 +254,9 @@ func (db *Database) GetHttpsRequestRegexes(sponsorID string) []map[string]string
 	return regexes
 }
 
-// OwnServerEntry returns one of the server's own server entries, as
-// identified by the server entry tag. This is returned, in the handshake, to
-// clients that don't yet have a signed copy of this server entry.
-//
-// For purposed of compartmentalization, each server stores only its own
-// server entries, along with the discovery server entries necessary for the
-// discovery feature.
-func (db *Database) OwnServerEntry(serverEntryTag string) (string, bool) {
-	db.ReloadableFile.RLock()
-	defer db.ReloadableFile.RUnlock()
-
-	serverEntry, ok := db.OwnEncodedServerEntries[serverEntryTag]
-	return serverEntry, ok
-}
-
 // DiscoverServers selects new encoded server entries to be "discovered" by
 // the client, using the discoveryValue -- a function of the client's IP
 // address -- as the input into the discovery algorithm.
-// The server list (db.Servers) loaded from JSON is stored as an array instead of
-// a map to ensure servers are discovered deterministically. Each iteration over a
-// map in go is seeded with a random value which causes non-deterministic ordering.
 func (db *Database) DiscoverServers(discoveryValue int) []string {
 	db.ReloadableFile.RLock()
 	defer db.ReloadableFile.RUnlock()