Allow clients to request zkc-based auth creds

Allow clients to pass a zkcCredential=true query parameter to request the new
auth credential format implemented with the zkcredential Rust library.

service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java

@@ -91,7 +91,8 @@ public class CertificateController {
   public GroupCredentials getGroupAuthenticationCredentials(
       @ReadOnly @Auth AuthenticatedAccount auth,
       @QueryParam("redemptionStartSeconds") long startSeconds,
-      @QueryParam("redemptionEndSeconds") long endSeconds) {
+      @QueryParam("redemptionEndSeconds") long endSeconds,
+      @QueryParam("zkcCredential") boolean zkcCredential) {
 
     final Instant startOfDay = clock.instant().truncatedTo(ChronoUnit.DAYS);
     final Instant redemptionStart = Instant.ofEpochSecond(startSeconds);
@@ -115,7 +116,12 @@ public class CertificateController {
     ServiceId.Pni pni = new ServiceId.Pni(auth.getAccount().getPhoneNumberIdentifier());
 
     while (!redemption.isAfter(redemptionEnd)) {
-      AuthCredentialWithPniResponse authCredentialWithPni = serverZkAuthOperations.issueAuthCredentialWithPniAsServiceId(aci, pni, redemption);
+      AuthCredentialWithPniResponse authCredentialWithPni;
+      if (zkcCredential) {
+        authCredentialWithPni = serverZkAuthOperations.issueAuthCredentialWithPniZkc(aci, pni, redemption);
+      } else {
+        authCredentialWithPni = serverZkAuthOperations.issueAuthCredentialWithPniAsServiceId(aci, pni, redemption);
+      }
       credentials.add(new GroupCredentials.GroupCredential(
           authCredentialWithPni.serialize(),
           (int) redemption.getEpochSecond()));

service/src/test/java/org/whispersystems/textsecuregcm/controllers/CertificateControllerTest.java

@@ -241,6 +241,43 @@ class CertificateControllerTest {
     });
   }
 
+  @Test
+  void testGetSingleGroupCredentialZkc() {
+    final Instant startOfDay = clock.instant().truncatedTo(ChronoUnit.DAYS);
+
+    final GroupCredentials credentials = resources.getJerseyTest()
+        .target("/v1/certificate/auth/group")
+        .queryParam("redemptionStartSeconds", startOfDay.getEpochSecond())
+        .queryParam("redemptionEndSeconds", startOfDay.getEpochSecond())
+        .queryParam("zkcCredential", true)
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
+        .get(GroupCredentials.class);
+
+    assertEquals(1, credentials.credentials().size());
+    assertEquals(1, credentials.callLinkAuthCredentials().size());
+
+    assertEquals(AuthHelper.VALID_PNI, credentials.pni());
+    assertEquals(startOfDay.getEpochSecond(), credentials.credentials().get(0).redemptionTime());
+    assertEquals(startOfDay.getEpochSecond(), credentials.callLinkAuthCredentials().get(0).redemptionTime());
+
+    final ClientZkAuthOperations clientZkAuthOperations =
+        new ClientZkAuthOperations(serverSecretParams.getPublicParams());
+
+    assertDoesNotThrow(() -> {
+      clientZkAuthOperations.receiveAuthCredentialWithPniAsServiceId(
+          new ServiceId.Aci(AuthHelper.VALID_UUID),
+          new ServiceId.Pni(AuthHelper.VALID_PNI),
+          (int) startOfDay.getEpochSecond(),
+          new AuthCredentialWithPniResponse(credentials.credentials().get(0).credential()));
+    });
+
+    assertDoesNotThrow(() -> {
+      new CallLinkAuthCredentialResponse(credentials.callLinkAuthCredentials().get(0).credential())
+          .receive(new ServiceId.Aci(AuthHelper.VALID_UUID), startOfDay, genericServerSecretParams.getPublicParams());
+    });
+  }
+
   @Test
   void testGetWeekLongGroupCredentials() {
     final Instant startOfDay = clock.instant().truncatedTo(ChronoUnit.DAYS);