Allow clients to request zkc-based auth creds

Allow clients to pass a zkcCredential=true query parameter to request the new auth credential format implemented with the zkcredential Rust library.
2024-03-04 11:55:48 -05:00 · 2024-03-04 11:55:48 -05:00 · 39fd955f13
parent 4863e1d227
commit 39fd955f13
2 changed files with 45 additions and 2 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java
@ -91,7 +91,8 @@ public class CertificateController {
  public GroupCredentials getGroupAuthenticationCredentials(
      @ReadOnly @Auth AuthenticatedAccount auth,
      @QueryParam("redemptionStartSeconds") long startSeconds,
-      @QueryParam("redemptionEndSeconds") long endSeconds) {
+      @QueryParam("redemptionEndSeconds") long endSeconds,
      @QueryParam("zkcCredential") boolean zkcCredential) {
    final Instant startOfDay = clock.instant().truncatedTo(ChronoUnit.DAYS);
    final Instant redemptionStart = Instant.ofEpochSecond(startSeconds);
@ -115,7 +116,12 @@ public class CertificateController {
    ServiceId.Pni pni = new ServiceId.Pni(auth.getAccount().getPhoneNumberIdentifier());
    while (!redemption.isAfter(redemptionEnd)) {
-      AuthCredentialWithPniResponse authCredentialWithPni = serverZkAuthOperations.issueAuthCredentialWithPniAsServiceId(aci, pni, redemption);
+      AuthCredentialWithPniResponse authCredentialWithPni;
      if (zkcCredential) {
        authCredentialWithPni = serverZkAuthOperations.issueAuthCredentialWithPniZkc(aci, pni, redemption);
      } else {
        authCredentialWithPni = serverZkAuthOperations.issueAuthCredentialWithPniAsServiceId(aci, pni, redemption);
      }
      credentials.add(new GroupCredentials.GroupCredential(
          authCredentialWithPni.serialize(),
          (int) redemption.getEpochSecond()));
--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/CertificateControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/CertificateControllerTest.java
@ -241,6 +241,43 @@ class CertificateControllerTest {
    });
  }
  @Test
  void testGetSingleGroupCredentialZkc() {
    final Instant startOfDay = clock.instant().truncatedTo(ChronoUnit.DAYS);
    final GroupCredentials credentials = resources.getJerseyTest()
        .target("/v1/certificate/auth/group")
        .queryParam("redemptionStartSeconds", startOfDay.getEpochSecond())
        .queryParam("redemptionEndSeconds", startOfDay.getEpochSecond())
        .queryParam("zkcCredential", true)
        .request()
        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
        .get(GroupCredentials.class);
    assertEquals(1, credentials.credentials().size());
    assertEquals(1, credentials.callLinkAuthCredentials().size());
    assertEquals(AuthHelper.VALID_PNI, credentials.pni());
    assertEquals(startOfDay.getEpochSecond(), credentials.credentials().get(0).redemptionTime());
    assertEquals(startOfDay.getEpochSecond(), credentials.callLinkAuthCredentials().get(0).redemptionTime());
    final ClientZkAuthOperations clientZkAuthOperations =
        new ClientZkAuthOperations(serverSecretParams.getPublicParams());
    assertDoesNotThrow(() -> {
      clientZkAuthOperations.receiveAuthCredentialWithPniAsServiceId(
          new ServiceId.Aci(AuthHelper.VALID_UUID),
          new ServiceId.Pni(AuthHelper.VALID_PNI),
          (int) startOfDay.getEpochSecond(),
          new AuthCredentialWithPniResponse(credentials.credentials().get(0).credential()));
    });
    assertDoesNotThrow(() -> {
      new CallLinkAuthCredentialResponse(credentials.callLinkAuthCredentials().get(0).credential())
          .receive(new ServiceId.Aci(AuthHelper.VALID_UUID), startOfDay, genericServerSecretParams.getPublicParams());
    });
  }
  @Test
  void testGetWeekLongGroupCredentials() {
    final Instant startOfDay = clock.instant().truncatedTo(ChronoUnit.DAYS);