diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java index 367ba2530..595119919 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java @@ -91,7 +91,8 @@ public class CertificateController { public GroupCredentials getGroupAuthenticationCredentials( @ReadOnly @Auth AuthenticatedAccount auth, @QueryParam("redemptionStartSeconds") long startSeconds, - @QueryParam("redemptionEndSeconds") long endSeconds) { + @QueryParam("redemptionEndSeconds") long endSeconds, + @QueryParam("zkcCredential") boolean zkcCredential) { final Instant startOfDay = clock.instant().truncatedTo(ChronoUnit.DAYS); final Instant redemptionStart = Instant.ofEpochSecond(startSeconds); @@ -115,7 +116,12 @@ public class CertificateController { ServiceId.Pni pni = new ServiceId.Pni(auth.getAccount().getPhoneNumberIdentifier()); while (!redemption.isAfter(redemptionEnd)) { - AuthCredentialWithPniResponse authCredentialWithPni = serverZkAuthOperations.issueAuthCredentialWithPniAsServiceId(aci, pni, redemption); + AuthCredentialWithPniResponse authCredentialWithPni; + if (zkcCredential) { + authCredentialWithPni = serverZkAuthOperations.issueAuthCredentialWithPniZkc(aci, pni, redemption); + } else { + authCredentialWithPni = serverZkAuthOperations.issueAuthCredentialWithPniAsServiceId(aci, pni, redemption); + } credentials.add(new GroupCredentials.GroupCredential( authCredentialWithPni.serialize(), (int) redemption.getEpochSecond())); diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/CertificateControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/CertificateControllerTest.java index 2cf04f7f4..98837bbb3 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/CertificateControllerTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/CertificateControllerTest.java @@ -241,6 +241,43 @@ class CertificateControllerTest { }); } + @Test + void testGetSingleGroupCredentialZkc() { + final Instant startOfDay = clock.instant().truncatedTo(ChronoUnit.DAYS); + + final GroupCredentials credentials = resources.getJerseyTest() + .target("/v1/certificate/auth/group") + .queryParam("redemptionStartSeconds", startOfDay.getEpochSecond()) + .queryParam("redemptionEndSeconds", startOfDay.getEpochSecond()) + .queryParam("zkcCredential", true) + .request() + .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD)) + .get(GroupCredentials.class); + + assertEquals(1, credentials.credentials().size()); + assertEquals(1, credentials.callLinkAuthCredentials().size()); + + assertEquals(AuthHelper.VALID_PNI, credentials.pni()); + assertEquals(startOfDay.getEpochSecond(), credentials.credentials().get(0).redemptionTime()); + assertEquals(startOfDay.getEpochSecond(), credentials.callLinkAuthCredentials().get(0).redemptionTime()); + + final ClientZkAuthOperations clientZkAuthOperations = + new ClientZkAuthOperations(serverSecretParams.getPublicParams()); + + assertDoesNotThrow(() -> { + clientZkAuthOperations.receiveAuthCredentialWithPniAsServiceId( + new ServiceId.Aci(AuthHelper.VALID_UUID), + new ServiceId.Pni(AuthHelper.VALID_PNI), + (int) startOfDay.getEpochSecond(), + new AuthCredentialWithPniResponse(credentials.credentials().get(0).credential())); + }); + + assertDoesNotThrow(() -> { + new CallLinkAuthCredentialResponse(credentials.callLinkAuthCredentials().get(0).credential()) + .receive(new ServiceId.Aci(AuthHelper.VALID_UUID), startOfDay, genericServerSecretParams.getPublicParams()); + }); + } + @Test void testGetWeekLongGroupCredentials() { final Instant startOfDay = clock.instant().truncatedTo(ChronoUnit.DAYS);