From 1083d8bde08d0a3e6ac5b1842bd9af75ecca6a4f Mon Sep 17 00:00:00 2001
From: Jon Chambers <jon@signal.org>
Date: Mon, 17 Apr 2023 18:41:41 -0400
Subject: [PATCH] Remove the legacy group credential endpoint

---
 .../controllers/CertificateController.java    |  39 -------
 .../CertificateControllerTest.java            | 106 ------------------
 2 files changed, 145 deletions(-)

diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java
index dc52505d6..f807391a5 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java
@@ -18,17 +18,14 @@ import java.time.Duration;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
-import java.util.LinkedList;
 import java.util.List;
 import java.util.Objects;
-import java.util.Optional;
 import java.util.UUID;
 import javax.annotation.Nonnull;
 import javax.ws.rs.BadRequestException;
 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.WebApplicationException;
@@ -83,42 +80,6 @@ public class CertificateController {
         certificateGenerator.createFor(auth.getAccount(), auth.getAuthenticatedDevice(), includeE164));
   }
 
-  @Timed
-  @GET
-  @Produces(MediaType.APPLICATION_JSON)
-  @Path("/group/{startRedemptionTime}/{endRedemptionTime}")
-  @Deprecated(forRemoval = true) // Clients should now use getGroupAuthenticationCredentials instead
-  // TODO Assess readiness for removal on or after 2022-11-01
-  public GroupCredentials getAuthenticationCredentials(@Auth AuthenticatedAccount auth,
-      @PathParam("startRedemptionTime") int startRedemptionTime,
-      @PathParam("endRedemptionTime") int endRedemptionTime,
-      @QueryParam("identity") Optional<String> identityType) {
-    if (startRedemptionTime > endRedemptionTime) {
-      throw new WebApplicationException(Response.Status.BAD_REQUEST);
-    }
-    final int currentDaysSinceEpoch = Util.currentDaysSinceEpoch(clock);
-    if (endRedemptionTime > currentDaysSinceEpoch + 7) {
-      throw new WebApplicationException(Response.Status.BAD_REQUEST);
-    }
-    if (startRedemptionTime < currentDaysSinceEpoch) {
-      throw new WebApplicationException(Response.Status.BAD_REQUEST);
-    }
-
-    List<GroupCredentials.GroupCredential> credentials = new LinkedList<>();
-
-    final UUID identifier = identityType.map(String::toLowerCase).orElse("aci").equals("pni") ?
-        auth.getAccount().getPhoneNumberIdentifier() :
-        auth.getAccount().getUuid();
-
-    for (int i = startRedemptionTime; i <= endRedemptionTime; i++) {
-      credentials.add(new GroupCredentials.GroupCredential(
-          serverZkAuthOperations.issueAuthCredential(identifier, i).serialize(),
-          i));
-    }
-
-    return new GroupCredentials(credentials, null);
-  }
-
   @Timed
   @GET
   @Produces(MediaType.APPLICATION_JSON)
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/CertificateControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/CertificateControllerTest.java
index 7af469a28..fc8119a8f 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/CertificateControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/CertificateControllerTest.java
@@ -5,9 +5,6 @@
 
 package org.whispersystems.textsecuregcm.tests.controllers;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatCode;
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -35,8 +32,6 @@ import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.zkgroup.ServerSecretParams;
-import org.signal.libsignal.zkgroup.VerificationFailedException;
-import org.signal.libsignal.zkgroup.auth.AuthCredentialResponse;
 import org.signal.libsignal.zkgroup.auth.AuthCredentialWithPniResponse;
 import org.signal.libsignal.zkgroup.auth.ClientZkAuthOperations;
 import org.signal.libsignal.zkgroup.auth.ServerZkAuthOperations;
@@ -51,7 +46,6 @@ import org.whispersystems.textsecuregcm.entities.MessageProtos.SenderCertificate
 import org.whispersystems.textsecuregcm.entities.MessageProtos.ServerCertificate;
 import org.whispersystems.textsecuregcm.tests.util.AuthHelper;
 import org.whispersystems.textsecuregcm.util.SystemMapper;
-import org.whispersystems.textsecuregcm.util.Util;
 
 @ExtendWith(DropwizardExtensionsSupport.class)
 class CertificateControllerTest {
@@ -222,102 +216,6 @@ class CertificateControllerTest {
     assertEquals(response.getStatus(), 401);
   }
 
-  @Test
-  void testGetSingleAuthCredential() {
-    GroupCredentials credentials = resources.getJerseyTest()
-        .target("/v1/certificate/group/" + currentDaysSinceEpoch() + "/" + currentDaysSinceEpoch())
-        .request()
-        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
-        .get(GroupCredentials.class);
-
-    assertThat(credentials.credentials().size()).isEqualTo(1);
-    assertThat(credentials.credentials().get(0).redemptionTime()).isEqualTo(currentDaysSinceEpoch());
-
-    ClientZkAuthOperations clientZkAuthOperations = new ClientZkAuthOperations(serverSecretParams.getPublicParams());
-
-    assertThatCode(() ->
-        clientZkAuthOperations.receiveAuthCredential(AuthHelper.VALID_UUID, currentDaysSinceEpoch(),
-            new AuthCredentialResponse(credentials.credentials().get(0).credential())))
-        .doesNotThrowAnyException();
-  }
-
-  @Test
-  void testGetSingleAuthCredentialByPni() {
-    GroupCredentials credentials = resources.getJerseyTest()
-        .target("/v1/certificate/group/" + currentDaysSinceEpoch() + "/" + currentDaysSinceEpoch())
-        .queryParam("identity", "pni")
-        .request()
-        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
-        .get(GroupCredentials.class);
-
-    assertThat(credentials.credentials().size()).isEqualTo(1);
-    assertThat(credentials.credentials().get(0).redemptionTime()).isEqualTo(currentDaysSinceEpoch());
-
-    ClientZkAuthOperations clientZkAuthOperations = new ClientZkAuthOperations(serverSecretParams.getPublicParams());
-
-    assertThatExceptionOfType(VerificationFailedException.class)
-        .isThrownBy(() ->
-            clientZkAuthOperations.receiveAuthCredential(AuthHelper.VALID_UUID, currentDaysSinceEpoch(),
-                new AuthCredentialResponse(credentials.credentials().get(0).credential())));
-  }
-
-  @Test
-  void testGetWeekLongAuthCredentials() {
-    GroupCredentials credentials = resources.getJerseyTest()
-        .target("/v1/certificate/group/" + currentDaysSinceEpoch() + "/" + (currentDaysSinceEpoch() + 7))
-        .request()
-        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
-        .get(GroupCredentials.class);
-
-    assertThat(credentials.credentials().size()).isEqualTo(8);
-
-    for (int i = 0; i <= 7; i++) {
-      assertThat(credentials.credentials().get(i).redemptionTime()).isEqualTo(currentDaysSinceEpoch() + i);
-
-      ClientZkAuthOperations clientZkAuthOperations = new ClientZkAuthOperations(serverSecretParams.getPublicParams());
-
-      final int time = i;
-
-      assertThatCode(() ->
-          clientZkAuthOperations.receiveAuthCredential(AuthHelper.VALID_UUID, currentDaysSinceEpoch() + time,
-              new AuthCredentialResponse(credentials.credentials().get(time).credential())))
-          .doesNotThrowAnyException();
-    }
-  }
-
-  @Test
-  void testTooManyDaysOut() {
-    Response response = resources.getJerseyTest()
-        .target("/v1/certificate/group/" + currentDaysSinceEpoch() + "/" + (currentDaysSinceEpoch() + 8))
-        .request()
-        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
-        .get();
-
-    assertThat(response.getStatus()).isEqualTo(400);
-  }
-
-  @Test
-  void testBackwardsInTime() {
-    Response response = resources.getJerseyTest()
-        .target("/v1/certificate/group/" + (currentDaysSinceEpoch() - 1) + "/" + (currentDaysSinceEpoch() + 7))
-        .request()
-        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
-        .get();
-
-    assertThat(response.getStatus()).isEqualTo(400);
-  }
-
-  @Test
-  void testBadAuth() {
-    Response response = resources.getJerseyTest()
-        .target("/v1/certificate/group/" + currentDaysSinceEpoch() + "/" + (currentDaysSinceEpoch() + 7))
-        .request()
-        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.INVALID_PASSWORD))
-        .get();
-
-    assertThat(response.getStatus()).isEqualTo(401);
-  }
-
   @Test
   void testGetSingleGroupCredential() {
     final Instant startOfDay = clock.instant().truncatedTo(ChronoUnit.DAYS);
@@ -413,8 +311,4 @@ class CertificateControllerTest {
         Arguments.of(clock.instant(), clock.instant().plusSeconds(17))
     );
   }
-
-  private static int currentDaysSinceEpoch() {
-    return Util.currentDaysSinceEpoch(Clock.systemUTC());
-  }
 }