From ae976ef8d66074e3c4d7c99420e55d57f80aad8f Mon Sep 17 00:00:00 2001
From: Jon Chambers <jon@signal.org>
Date: Tue, 10 Oct 2023 19:06:25 -0400
Subject: [PATCH] Retire legacy Secure Value Recovery plumbing

---
 .../textsecuregcm/WhisperServerService.java   |  12 +-
 .../RegistrationLockVerificationManager.java  |   5 -
 .../controllers/SecureBackupController.java   | 128 ---------------
 .../entities/RegistrationLockFailure.java     |   2 -
 .../securebackup/SecureBackupClient.java      |  77 ---------
 .../securebackup/SecureBackupException.java   |  13 --
 .../storage/AccountsManager.java              |   5 -
 .../workers/AssignUsernameCommand.java        |   9 +-
 .../workers/CommandDependencies.java          |  10 +-
 ...gistrationLockVerificationManagerTest.java |   6 +-
 .../SecureBackupControllerTest.java           |  55 -------
 .../securebackup/SecureBackupClientTest.java  | 147 ------------------
 ...ntsManagerChangeNumberIntegrationTest.java |   5 -
 ...ConcurrentModificationIntegrationTest.java |   2 -
 .../storage/AccountsManagerTest.java          |   5 -
 ...ccountsManagerUsernameIntegrationTest.java |   2 -
 .../textsecuregcm/storage/AccountsTest.java   |   2 -
 17 files changed, 5 insertions(+), 480 deletions(-)
 delete mode 100644 service/src/main/java/org/whispersystems/textsecuregcm/controllers/SecureBackupController.java
 delete mode 100644 service/src/main/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClient.java
 delete mode 100644 service/src/main/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupException.java
 delete mode 100644 service/src/test/java/org/whispersystems/textsecuregcm/controllers/SecureBackupControllerTest.java
 delete mode 100644 service/src/test/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClientTest.java

diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
index 50a701e76..df58f60e0 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@@ -106,7 +106,6 @@ import org.whispersystems.textsecuregcm.controllers.ProfileController;
 import org.whispersystems.textsecuregcm.controllers.ProvisioningController;
 import org.whispersystems.textsecuregcm.controllers.RegistrationController;
 import org.whispersystems.textsecuregcm.controllers.RemoteConfigController;
-import org.whispersystems.textsecuregcm.controllers.SecureBackupController;
 import org.whispersystems.textsecuregcm.controllers.SecureStorageController;
 import org.whispersystems.textsecuregcm.controllers.SecureValueRecovery2Controller;
 import org.whispersystems.textsecuregcm.controllers.StickerController;
@@ -165,7 +164,6 @@ import org.whispersystems.textsecuregcm.redis.FaultTolerantRedisCluster;
 import org.whispersystems.textsecuregcm.registration.RegistrationServiceClient;
 import org.whispersystems.textsecuregcm.s3.PolicySigner;
 import org.whispersystems.textsecuregcm.s3.PostPolicyGenerator;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.spam.FilterSpam;
@@ -474,8 +472,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         config.getDirectoryV2Configuration().getDirectoryV2ClientConfiguration());
     ExternalServiceCredentialsGenerator storageCredentialsGenerator = SecureStorageController.credentialsGenerator(
         config.getSecureStorageServiceConfiguration());
-    ExternalServiceCredentialsGenerator backupCredentialsGenerator = SecureBackupController.credentialsGenerator(
-        config.getSecureBackupServiceConfiguration());
     ExternalServiceCredentialsGenerator paymentsCredentialsGenerator = PaymentsController.credentialsGenerator(
         config.getPaymentsServiceConfiguration());
     ExternalServiceCredentialsGenerator artCredentialsGenerator = ArtController.credentialsGenerator(
@@ -498,9 +494,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         config.getRegistrationServiceConfiguration().identityTokenAudience(),
         config.getRegistrationServiceConfiguration().registrationCaCertificate(),
         registrationCallbackExecutor);
-    SecureBackupClient secureBackupClient = new SecureBackupClient(backupCredentialsGenerator,
-        secureValueRecoveryServiceExecutor, secureValueRecoveryServiceRetryExecutor,
-        config.getSecureBackupServiceConfiguration());
     SecureValueRecovery2Client secureValueRecovery2Client = new SecureValueRecovery2Client(svr2CredentialsGenerator,
         secureValueRecoveryServiceExecutor, secureValueRecoveryServiceRetryExecutor, config.getSvr2Configuration());
     SecureStorageClient secureStorageClient = new SecureStorageClient(storageCredentialsGenerator,
@@ -523,7 +516,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         config.getDynamoDbTables().getDeletedAccountsLock().getTableName());
     AccountsManager accountsManager = new AccountsManager(accounts, phoneNumberIdentifiers, cacheCluster,
         accountLockManager, keys, messagesManager, profilesManager,
-        secureStorageClient, secureBackupClient, secureValueRecovery2Client,
+        secureStorageClient, secureValueRecovery2Client,
         clientPresenceManager,
         experimentEnrollmentManager, registrationRecoveryPasswordsManager, accountLockExecutor, clock);
     RemoteConfigsManager remoteConfigsManager = new RemoteConfigsManager(remoteConfigs);
@@ -551,7 +544,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
         config.getDynamoDbTables().getSubscriptions().getTableName(), dynamoDbAsyncClient);
 
     final RegistrationLockVerificationManager registrationLockVerificationManager = new RegistrationLockVerificationManager(
-        accountsManager, clientPresenceManager, backupCredentialsGenerator, svr2CredentialsGenerator, registrationRecoveryPasswordsManager, pushNotificationManager, rateLimiters);
+        accountsManager, clientPresenceManager, svr2CredentialsGenerator, registrationRecoveryPasswordsManager, pushNotificationManager, rateLimiters);
     final PhoneVerificationTokenManager phoneVerificationTokenManager = new PhoneVerificationTokenManager(
         registrationServiceClient, registrationRecoveryPasswordsManager);
 
@@ -793,7 +786,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
             config.getRemoteConfigConfiguration().audiences(),
             new GoogleIdTokenVerifier.Builder(new ApacheHttpTransport(), new GsonFactory()),
             config.getRemoteConfigConfiguration().globalConfig()),
-        new SecureBackupController(backupCredentialsGenerator, accountsManager),
         new SecureStorageController(storageCredentialsGenerator),
         new SecureValueRecovery2Controller(svr2CredentialsGenerator, accountsManager),
         new StickerController(rateLimiters, config.getCdnConfiguration().accessKey().value(),
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/auth/RegistrationLockVerificationManager.java b/service/src/main/java/org/whispersystems/textsecuregcm/auth/RegistrationLockVerificationManager.java
index 0e19a70d0..0f80ca6d6 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/RegistrationLockVerificationManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/RegistrationLockVerificationManager.java
@@ -54,7 +54,6 @@ public class RegistrationLockVerificationManager {
 
   private final AccountsManager accounts;
   private final ClientPresenceManager clientPresenceManager;
-  private final ExternalServiceCredentialsGenerator svr1CredentialGenerator;
   private final ExternalServiceCredentialsGenerator svr2CredentialGenerator;
   private final RateLimiters rateLimiters;
   private final RegistrationRecoveryPasswordsManager registrationRecoveryPasswordsManager;
@@ -62,14 +61,12 @@ public class RegistrationLockVerificationManager {
 
   public RegistrationLockVerificationManager(
       final AccountsManager accounts, final ClientPresenceManager clientPresenceManager,
-      final ExternalServiceCredentialsGenerator svr1CredentialGenerator,
       final ExternalServiceCredentialsGenerator svr2CredentialGenerator,
       final RegistrationRecoveryPasswordsManager registrationRecoveryPasswordsManager,
       final PushNotificationManager pushNotificationManager,
       final RateLimiters rateLimiters) {
     this.accounts = accounts;
     this.clientPresenceManager = clientPresenceManager;
-    this.svr1CredentialGenerator = svr1CredentialGenerator;
     this.svr2CredentialGenerator = svr2CredentialGenerator;
     this.registrationRecoveryPasswordsManager = registrationRecoveryPasswordsManager;
     this.pushNotificationManager = pushNotificationManager;
@@ -141,7 +138,6 @@ public class RegistrationLockVerificationManager {
       // Freezing the existing account credentials will definitively start the reglock timeout.
       // Until the timeout, the current reglock can still be supplied,
       // along with phone number verification, to restore access.
-      final ExternalServiceCredentials existingSvr1Credentials = svr1CredentialGenerator.generateForUuid(account.getUuid());
       final ExternalServiceCredentials existingSvr2Credentials = svr2CredentialGenerator.generateForUuid(account.getUuid());
 
       final Account updatedAccount;
@@ -173,7 +169,6 @@ public class RegistrationLockVerificationManager {
 
       throw new WebApplicationException(Response.status(FAILURE_HTTP_STATUS)
           .entity(new RegistrationLockFailure(existingRegistrationLock.getTimeRemaining().toMillis(),
-              existingRegistrationLock.needsFailureCredentials() ? existingSvr1Credentials : null,
               existingRegistrationLock.needsFailureCredentials() ? existingSvr2Credentials : null))
           .build());
     }
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/SecureBackupController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/SecureBackupController.java
deleted file mode 100644
index 7dc7c903e..000000000
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/SecureBackupController.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright 2013 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.controllers;
-
-import static java.util.Objects.requireNonNull;
-
-import io.dropwizard.auth.Auth;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.responses.ApiResponse;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import java.time.Clock;
-import java.util.List;
-import java.util.UUID;
-import java.util.concurrent.TimeUnit;
-import java.util.function.Predicate;
-import java.util.stream.Collectors;
-import javax.validation.Valid;
-import javax.validation.constraints.NotNull;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.MediaType;
-import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsSelector;
-import org.whispersystems.textsecuregcm.configuration.SecureBackupServiceConfiguration;
-import org.whispersystems.textsecuregcm.entities.AuthCheckRequest;
-import org.whispersystems.textsecuregcm.entities.AuthCheckResponse;
-import org.whispersystems.textsecuregcm.limits.RateLimitedByIp;
-import org.whispersystems.textsecuregcm.limits.RateLimiters;
-import org.whispersystems.textsecuregcm.storage.AccountsManager;
-import org.whispersystems.textsecuregcm.util.UUIDUtil;
-
-@Path("/v1/backup")
-@Tag(name = "Secure Value Recovery")
-public class SecureBackupController {
-
-  private static final long MAX_AGE_SECONDS = TimeUnit.DAYS.toSeconds(30);
-
-  private final ExternalServiceCredentialsGenerator credentialsGenerator;
-
-  private final AccountsManager accountsManager;
-
-  public static ExternalServiceCredentialsGenerator credentialsGenerator(final SecureBackupServiceConfiguration cfg) {
-    return credentialsGenerator(cfg, Clock.systemUTC());
-  }
-
-  public static ExternalServiceCredentialsGenerator credentialsGenerator(
-      final SecureBackupServiceConfiguration cfg,
-      final Clock clock) {
-    return ExternalServiceCredentialsGenerator
-        .builder(cfg.userAuthenticationTokenSharedSecret())
-        .prependUsername(true)
-        .withClock(clock)
-        .build();
-  }
-
-  public SecureBackupController(
-      final ExternalServiceCredentialsGenerator credentialsGenerator,
-      final AccountsManager accountsManager) {
-    this.credentialsGenerator = requireNonNull(credentialsGenerator);
-    this.accountsManager = requireNonNull(accountsManager);
-  }
-
-  @GET
-  @Path("/auth")
-  @Produces(MediaType.APPLICATION_JSON)
-  @Operation(
-      summary = "Generate credentials for SVR",
-      description = """
-          Generate SVR service credentials. Generated credentials have an expiration time of 30 days 
-          (however, the TTL is fully controlled by the server side and may change even for already generated credentials). 
-          """
-  )
-  @ApiResponse(responseCode = "200", description = "`JSON` with generated credentials.", useReturnTypeSchema = true)
-  @ApiResponse(responseCode = "401", description = "Account authentication check failed.")
-  public ExternalServiceCredentials getAuth(final @Auth AuthenticatedAccount auth) {
-    return credentialsGenerator.generateForUuid(auth.getAccount().getUuid());
-  }
-
-  @POST
-  @Path("/auth/check")
-  @Consumes(MediaType.APPLICATION_JSON)
-  @Produces(MediaType.APPLICATION_JSON)
-  @RateLimitedByIp(RateLimiters.For.BACKUP_AUTH_CHECK)
-  @Operation(
-      summary = "Check SVR credentials",
-      description = """
-          Over time, clients may wind up with multiple sets of KBS authentication credentials in cloud storage. 
-          To determine which set is most current and should be used to communicate with SVR to retrieve a master key
-          (from which a registration recovery password can be derived), clients should call this endpoint 
-          with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR.
-          """
-  )
-  @ApiResponse(responseCode = "200", description = "`JSON` with the check results.", useReturnTypeSchema = true)
-  @ApiResponse(responseCode = "422", description = "Provided list of KBS credentials could not be parsed")
-  @ApiResponse(responseCode = "400", description = "`POST` request body is not a valid `JSON`")
-  public AuthCheckResponse authCheck(@NotNull @Valid final AuthCheckRequest request) {
-    final List<ExternalServiceCredentialsSelector.CredentialInfo> credentials = ExternalServiceCredentialsSelector.check(
-        request.passwords(),
-        credentialsGenerator,
-        MAX_AGE_SECONDS);
-
-    final Predicate<UUID> uuidMatches = accountsManager
-        .getByE164(request.number())
-        .map(account -> (Predicate<UUID>) account.getUuid()::equals)
-        .orElse(candidateUuid -> false);
-
-    return new AuthCheckResponse(credentials.stream().collect(Collectors.toMap(
-        ExternalServiceCredentialsSelector.CredentialInfo::token,
-        info -> {
-          if (!info.valid()) {
-            return AuthCheckResponse.Result.INVALID;
-          }
-          final String username = info.credentials().username();
-          // does this credential match the account id for the e164 provided in the request?
-          final boolean match = UUIDUtil.fromStringSafe(username).filter(uuidMatches).isPresent();
-          return match ? AuthCheckResponse.Result.MATCH : AuthCheckResponse.Result.NO_MATCH;
-        }
-    )));
-  }
-}
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/entities/RegistrationLockFailure.java b/service/src/main/java/org/whispersystems/textsecuregcm/entities/RegistrationLockFailure.java
index b3074b158..3a4d7aa77 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/RegistrationLockFailure.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/RegistrationLockFailure.java
@@ -13,8 +13,6 @@ import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
 public record RegistrationLockFailure(
     @Schema(description = "Time remaining in milliseconds before the existing registration lock expires")
     long timeRemaining,
-    @Schema(description = "Credentials that can be used with SVR1")
-    ExternalServiceCredentials backupCredentials,
     @Schema(description = "Credentials that can be used with SVR2")
     ExternalServiceCredentials svr2Credentials) {
 }
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClient.java b/service/src/main/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClient.java
deleted file mode 100644
index e6ecd801e..000000000
--- a/service/src/main/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClient.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright 2023 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.securebackup;
-
-import static org.whispersystems.textsecuregcm.util.HeaderUtils.basicAuthHeader;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.net.HttpHeaders;
-import java.net.URI;
-import java.net.http.HttpClient;
-import java.net.http.HttpRequest;
-import java.net.http.HttpResponse;
-import java.security.cert.CertificateException;
-import java.time.Duration;
-import java.util.UUID;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.Executor;
-import java.util.concurrent.ScheduledExecutorService;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
-import org.whispersystems.textsecuregcm.configuration.SecureBackupServiceConfiguration;
-import org.whispersystems.textsecuregcm.http.FaultTolerantHttpClient;
-import org.whispersystems.textsecuregcm.util.HttpUtils;
-
-/**
- * A client for sending requests to Signal's secure value recovery service on behalf of authenticated users.
- */
-public class SecureBackupClient {
-
-  private final ExternalServiceCredentialsGenerator secureBackupCredentialsGenerator;
-  private final URI deleteUri;
-  private final FaultTolerantHttpClient httpClient;
-
-  @VisibleForTesting
-  static final String DELETE_PATH = "/v1/backup";
-
-  public SecureBackupClient(final ExternalServiceCredentialsGenerator secureBackupCredentialsGenerator,
-      final Executor executor, final
-  ScheduledExecutorService retryExecutor, final SecureBackupServiceConfiguration configuration)
-      throws CertificateException {
-    this.secureBackupCredentialsGenerator = secureBackupCredentialsGenerator;
-    this.deleteUri = URI.create(configuration.getUri()).resolve(DELETE_PATH);
-    this.httpClient = FaultTolerantHttpClient.newBuilder()
-        .withCircuitBreaker(configuration.getCircuitBreakerConfiguration())
-        .withRetry(configuration.getRetryConfiguration())
-        .withRetryExecutor(retryExecutor)
-        .withVersion(HttpClient.Version.HTTP_1_1)
-        .withConnectTimeout(Duration.ofSeconds(10))
-        .withRedirect(HttpClient.Redirect.NEVER)
-        .withExecutor(executor)
-        .withName("secure-backup")
-        .withSecurityProtocol(FaultTolerantHttpClient.SECURITY_PROTOCOL_TLS_1_2)
-        .withTrustedServerCertificates(configuration.getBackupCaCertificates().toArray(new String[0]))
-        .build();
-  }
-
-  public CompletableFuture<Void> deleteBackups(final UUID accountUuid) {
-    final ExternalServiceCredentials credentials = secureBackupCredentialsGenerator.generateForUuid(accountUuid);
-
-    final HttpRequest request = HttpRequest.newBuilder()
-        .uri(deleteUri)
-        .DELETE()
-        .header(HttpHeaders.AUTHORIZATION, basicAuthHeader(credentials))
-        .build();
-
-        return httpClient.sendAsync(request, HttpResponse.BodyHandlers.ofString()).thenApply(response -> {
-            if (HttpUtils.isSuccessfulResponse(response.statusCode())) {
-                return null;
-            }
-
-            throw new SecureBackupException("Failed to delete backup: " + response.statusCode());
-        });
-    }
-}
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupException.java b/service/src/main/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupException.java
deleted file mode 100644
index 001a8a448..000000000
--- a/service/src/main/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupException.java
+++ /dev/null
@@ -1,13 +0,0 @@
-/*
- * Copyright 2021 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.securebackup;
-
-public class SecureBackupException extends RuntimeException {
-
-    public SecureBackupException(final String message) {
-        super(message);
-    }
-}
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/storage/AccountsManager.java b/service/src/main/java/org/whispersystems/textsecuregcm/storage/AccountsManager.java
index 60e4f9e34..e922cc982 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/storage/AccountsManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/storage/AccountsManager.java
@@ -58,7 +58,6 @@ import org.whispersystems.textsecuregcm.identity.ServiceIdentifier;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.textsecuregcm.redis.FaultTolerantRedisCluster;
 import org.whispersystems.textsecuregcm.redis.RedisOperation;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.util.Constants;
@@ -106,7 +105,6 @@ public class AccountsManager {
   private final MessagesManager messagesManager;
   private final ProfilesManager profilesManager;
   private final SecureStorageClient secureStorageClient;
-  private final SecureBackupClient secureBackupClient;
   private final SecureValueRecovery2Client secureValueRecovery2Client;
   private final ClientPresenceManager clientPresenceManager;
   private final ExperimentEnrollmentManager experimentEnrollmentManager;
@@ -152,7 +150,6 @@ public class AccountsManager {
       final MessagesManager messagesManager,
       final ProfilesManager profilesManager,
       final SecureStorageClient secureStorageClient,
-      final SecureBackupClient secureBackupClient,
       final SecureValueRecovery2Client secureValueRecovery2Client,
       final ClientPresenceManager clientPresenceManager,
       final ExperimentEnrollmentManager experimentEnrollmentManager,
@@ -167,7 +164,6 @@ public class AccountsManager {
     this.messagesManager = messagesManager;
     this.profilesManager = profilesManager;
     this.secureStorageClient = secureStorageClient;
-    this.secureBackupClient = secureBackupClient;
     this.secureValueRecovery2Client = secureValueRecovery2Client;
     this.clientPresenceManager = clientPresenceManager;
     this.experimentEnrollmentManager = experimentEnrollmentManager;
@@ -872,7 +868,6 @@ public class AccountsManager {
   private CompletableFuture<Void> delete(final Account account) {
     return CompletableFuture.allOf(
             secureStorageClient.deleteStoredData(account.getUuid()),
-            secureBackupClient.deleteBackups(account.getUuid()),
             secureValueRecovery2Client.deleteBackups(account.getUuid()),
             keysManager.delete(account.getUuid()),
             keysManager.delete(account.getPhoneNumberIdentifier()),
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/workers/AssignUsernameCommand.java b/service/src/main/java/org/whispersystems/textsecuregcm/workers/AssignUsernameCommand.java
index 66fd9337a..a6c9ecf34 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/workers/AssignUsernameCommand.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/workers/AssignUsernameCommand.java
@@ -25,13 +25,11 @@ import org.whispersystems.textsecuregcm.WhisperServerConfiguration;
 import org.whispersystems.textsecuregcm.WhisperServerService;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
-import org.whispersystems.textsecuregcm.controllers.SecureBackupController;
 import org.whispersystems.textsecuregcm.controllers.SecureStorageController;
 import org.whispersystems.textsecuregcm.controllers.SecureValueRecovery2Controller;
 import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.textsecuregcm.redis.FaultTolerantRedisCluster;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.Account;
@@ -121,8 +119,6 @@ public class AssignUsernameCommand extends EnvironmentCommand<WhisperServerConfi
     ScheduledExecutorService storageServiceRetryExecutor = environment.lifecycle()
         .scheduledExecutorService(name(getClass(), "storageServiceRetry-%d")).threads(1).build();
 
-    ExternalServiceCredentialsGenerator backupCredentialsGenerator = SecureBackupController.credentialsGenerator(
-        configuration.getSecureBackupServiceConfiguration());
     ExternalServiceCredentialsGenerator storageCredentialsGenerator = SecureStorageController.credentialsGenerator(
         configuration.getSecureStorageServiceConfiguration());
     ExternalServiceCredentialsGenerator secureValueRecoveryCredentialsGenerator = SecureValueRecovery2Controller.credentialsGenerator(
@@ -183,9 +179,6 @@ public class AssignUsernameCommand extends EnvironmentCommand<WhisperServerConfi
         configuration.getClientPresenceClusterConfiguration(), redisClusterClientResources);
     FaultTolerantRedisCluster rateLimitersCluster = new FaultTolerantRedisCluster("rate_limiters",
         configuration.getRateLimitersCluster(), redisClusterClientResources);
-    SecureBackupClient secureBackupClient = new SecureBackupClient(backupCredentialsGenerator,
-        secureValueRecoveryExecutor,
-        secureValueRecoveryServiceRetryExecutor, configuration.getSecureBackupServiceConfiguration());
     SecureValueRecovery2Client secureValueRecovery2Client = new SecureValueRecovery2Client(
         secureValueRecoveryCredentialsGenerator, secureValueRecoveryExecutor, secureValueRecoveryServiceRetryExecutor,
         configuration.getSvr2Configuration());
@@ -207,7 +200,7 @@ public class AssignUsernameCommand extends EnvironmentCommand<WhisperServerConfi
         configuration.getDynamoDbTables().getDeletedAccountsLock().getTableName());
     AccountsManager accountsManager = new AccountsManager(accounts, phoneNumberIdentifiers, cacheCluster,
         accountLockManager, keys, messagesManager, profilesManager,
-            secureStorageClient, secureBackupClient, secureValueRecovery2Client, clientPresenceManager,
+            secureStorageClient, secureValueRecovery2Client, clientPresenceManager,
         experimentEnrollmentManager, registrationRecoveryPasswordsManager, accountLockExecutor, Clock.systemUTC());
 
     final String usernameHash = namespace.getString("usernameHash");
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/workers/CommandDependencies.java b/service/src/main/java/org/whispersystems/textsecuregcm/workers/CommandDependencies.java
index 08ee78ace..94c51ee10 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/workers/CommandDependencies.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/workers/CommandDependencies.java
@@ -19,13 +19,11 @@ import org.whispersystems.textsecuregcm.WhisperServerConfiguration;
 import org.whispersystems.textsecuregcm.WhisperServerService;
 import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
 import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration;
-import org.whispersystems.textsecuregcm.controllers.SecureBackupController;
 import org.whispersystems.textsecuregcm.controllers.SecureStorageController;
 import org.whispersystems.textsecuregcm.controllers.SecureValueRecovery2Controller;
 import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.textsecuregcm.redis.FaultTolerantRedisCluster;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.AccountLockManager;
@@ -97,8 +95,6 @@ record CommandDependencies(
     ScheduledExecutorService storageServiceRetryExecutor = environment.lifecycle()
         .scheduledExecutorService(name(name, "storageServiceRetry-%d")).threads(1).build();
 
-    ExternalServiceCredentialsGenerator backupCredentialsGenerator = SecureBackupController.credentialsGenerator(
-        configuration.getSecureBackupServiceConfiguration());
     ExternalServiceCredentialsGenerator storageCredentialsGenerator = SecureStorageController.credentialsGenerator(
         configuration.getSecureStorageServiceConfiguration());
     ExternalServiceCredentialsGenerator secureValueRecoveryCredentialsGenerator = SecureValueRecovery2Controller.credentialsGenerator(
@@ -160,9 +156,6 @@ record CommandDependencies(
         configuration.getClientPresenceClusterConfiguration(), redisClusterClientResources);
     FaultTolerantRedisCluster rateLimitersCluster = new FaultTolerantRedisCluster("rate_limiters",
         configuration.getRateLimitersCluster(), redisClusterClientResources);
-    SecureBackupClient secureBackupClient = new SecureBackupClient(backupCredentialsGenerator,
-        secureValueRecoveryServiceExecutor, secureValueRecoveryServiceRetryExecutor,
-        configuration.getSecureBackupServiceConfiguration());
     SecureValueRecovery2Client secureValueRecovery2Client = new SecureValueRecovery2Client(
         secureValueRecoveryCredentialsGenerator, secureValueRecoveryServiceExecutor,
         secureValueRecoveryServiceRetryExecutor,
@@ -185,8 +178,7 @@ record CommandDependencies(
         configuration.getDynamoDbTables().getDeletedAccountsLock().getTableName());
     AccountsManager accountsManager = new AccountsManager(accounts, phoneNumberIdentifiers, cacheCluster,
         accountLockManager, keys, messagesManager, profilesManager,
-            secureStorageClient, secureBackupClient, secureValueRecovery2Client,
-        clientPresenceManager,
+        secureStorageClient, secureValueRecovery2Client, clientPresenceManager,
         experimentEnrollmentManager, registrationRecoveryPasswordsManager, accountLockExecutor, clock);
 
     environment.lifecycle().manage(messagesCache);
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/auth/RegistrationLockVerificationManagerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/auth/RegistrationLockVerificationManagerTest.java
index 943b46aa0..44e3b66e2 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/auth/RegistrationLockVerificationManagerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/auth/RegistrationLockVerificationManagerTest.java
@@ -47,8 +47,6 @@ class RegistrationLockVerificationManagerTest {
 
   private final AccountsManager accountsManager = mock(AccountsManager.class);
   private final ClientPresenceManager clientPresenceManager = mock(ClientPresenceManager.class);
-  private final ExternalServiceCredentialsGenerator svr1CredentialsGenerator = mock(
-      ExternalServiceCredentialsGenerator.class);
   private final ExternalServiceCredentialsGenerator svr2CredentialsGenerator = mock(
       ExternalServiceCredentialsGenerator.class);
   private final RegistrationRecoveryPasswordsManager registrationRecoveryPasswordsManager = mock(
@@ -56,7 +54,7 @@ class RegistrationLockVerificationManagerTest {
   private static PushNotificationManager pushNotificationManager = mock(PushNotificationManager.class);
   private final RateLimiters rateLimiters = mock(RateLimiters.class);
   private final RegistrationLockVerificationManager registrationLockVerificationManager = new RegistrationLockVerificationManager(
-      accountsManager, clientPresenceManager, svr1CredentialsGenerator, svr2CredentialsGenerator, registrationRecoveryPasswordsManager, pushNotificationManager, rateLimiters);
+      accountsManager, clientPresenceManager, svr2CredentialsGenerator, registrationRecoveryPasswordsManager, pushNotificationManager, rateLimiters);
 
   private final RateLimiter pinLimiter = mock(RateLimiter.class);
 
@@ -67,8 +65,6 @@ class RegistrationLockVerificationManagerTest {
   void setUp() {
     clearInvocations(pushNotificationManager);
     when(rateLimiters.getPinLimiter()).thenReturn(pinLimiter);
-    when(svr1CredentialsGenerator.generateForUuid(any()))
-        .thenReturn(mock(ExternalServiceCredentials.class));
     when(svr2CredentialsGenerator.generateForUuid(any()))
         .thenReturn(mock(ExternalServiceCredentials.class));
 
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/SecureBackupControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/SecureBackupControllerTest.java
deleted file mode 100644
index 4620a2b97..000000000
--- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/SecureBackupControllerTest.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright 2023 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.controllers;
-
-import static org.mockito.Mockito.mock;
-import static org.whispersystems.textsecuregcm.util.MockUtils.randomSecretBytes;
-
-import io.dropwizard.testing.junit5.DropwizardExtensionsSupport;
-import io.dropwizard.testing.junit5.ResourceExtension;
-import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.Mockito;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
-import org.whispersystems.textsecuregcm.configuration.SecureBackupServiceConfiguration;
-import org.whispersystems.textsecuregcm.configuration.secrets.SecretBytes;
-import org.whispersystems.textsecuregcm.storage.AccountsManager;
-import org.whispersystems.textsecuregcm.tests.util.AuthHelper;
-import org.whispersystems.textsecuregcm.util.MockUtils;
-import org.whispersystems.textsecuregcm.util.MutableClock;
-import org.whispersystems.textsecuregcm.util.SystemMapper;
-
-@ExtendWith(DropwizardExtensionsSupport.class)
-class SecureBackupControllerTest extends SecureValueRecoveryControllerBaseTest {
-
-  private static final SecretBytes SECRET = randomSecretBytes(32);
-
-  private static final SecureBackupServiceConfiguration CFG = MockUtils.buildMock(
-      SecureBackupServiceConfiguration.class,
-      cfg -> Mockito.when(cfg.userAuthenticationTokenSharedSecret()).thenReturn(SECRET)
-  );
-
-  private static final MutableClock CLOCK = new MutableClock();
-
-  private static final ExternalServiceCredentialsGenerator CREDENTIAL_GENERATOR =
-      SecureBackupController.credentialsGenerator(CFG, CLOCK);
-
-
-  private static final AccountsManager ACCOUNTS_MANAGER = mock(AccountsManager.class);
-  private static final SecureBackupController CONTROLLER =
-      new SecureBackupController(CREDENTIAL_GENERATOR, ACCOUNTS_MANAGER);
-
-  private static final ResourceExtension RESOURCES = ResourceExtension.builder()
-      .addProvider(AuthHelper.getAuthFilter())
-      .setMapper(SystemMapper.jsonMapper())
-      .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
-      .addResource(CONTROLLER)
-      .build();
-
-  protected SecureBackupControllerTest() {
-    super("/v1", ACCOUNTS_MANAGER, CLOCK, RESOURCES, CREDENTIAL_GENERATOR);
-  }
-}
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClientTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClientTest.java
deleted file mode 100644
index 8e52ed462..000000000
--- a/service/src/test/java/org/whispersystems/textsecuregcm/securebackup/SecureBackupClientTest.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Copyright 2023 Signal Messenger, LLC
- * SPDX-License-Identifier: AGPL-3.0-only
- */
-
-package org.whispersystems.textsecuregcm.securebackup;
-
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
-import static com.github.tomakehurst.wiremock.client.WireMock.delete;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
-import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
-import java.security.cert.CertificateException;
-import java.util.List;
-import java.util.UUID;
-import java.util.concurrent.CompletionException;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-import org.apache.commons.lang3.RandomStringUtils;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
-import org.whispersystems.textsecuregcm.configuration.SecureBackupServiceConfiguration;
-
-class SecureBackupClientTest {
-
-  private UUID accountUuid;
-  private ExternalServiceCredentialsGenerator credentialsGenerator;
-  private ExecutorService httpExecutor;
-  private ScheduledExecutorService retryExecutor;
-
-  private SecureBackupClient secureStorageClient;
-
-  @RegisterExtension
-  private final WireMockExtension wireMock = WireMockExtension.newInstance()
-      .options(wireMockConfig().dynamicPort().dynamicHttpsPort())
-      .build();
-
-  @BeforeEach
-  void setUp() throws CertificateException {
-    accountUuid = UUID.randomUUID();
-    credentialsGenerator = mock(ExternalServiceCredentialsGenerator.class);
-    httpExecutor = Executors.newSingleThreadExecutor();
-    retryExecutor = Executors.newSingleThreadScheduledExecutor();
-
-    final SecureBackupServiceConfiguration config = new SecureBackupServiceConfiguration();
-    config.setUri("http://localhost:" + wireMock.getPort());
-
-    // This is a randomly-generated, throwaway certificate that's not actually connected to anything
-    config.setBackupCaCertificates(
-        List.of("""
-            -----BEGIN CERTIFICATE-----
-            MIICZDCCAc2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADBPMQswCQYDVQQGEwJ1czEL
-            MAkGA1UECAwCVVMxHjAcBgNVBAoMFVNpZ25hbCBNZXNzZW5nZXIsIExMQzETMBEG
-            A1UEAwwKc2lnbmFsLm9yZzAeFw0yMDEyMjMyMjQ3NTlaFw0zMDEyMjEyMjQ3NTla
-            ME8xCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJVUzEeMBwGA1UECgwVU2lnbmFsIE1l
-            c3NlbmdlciwgTExDMRMwEQYDVQQDDApzaWduYWwub3JnMIGfMA0GCSqGSIb3DQEB
-            AQUAA4GNADCBiQKBgQCfSLcZNHYqbxSsgWp4JvbPRHjQTrlsrKrgD2q7f/OY6O3Y
-            /X0QNcNSOJpliN8rmzwslfsrXHO3q1diGRw4xHogUJZ/7NQrHiP/zhN0VTDh49pD
-            ZpjXVyUbayLS/6qM5arKxBspzEFBb5v8cF6bPr76SO/rpGXiI0j6yJKX6fRiKwID
-            AQABo1AwTjAdBgNVHQ4EFgQU6Jrs/Fmj0z4dA3wvdq/WqA4P49IwHwYDVR0jBBgw
-            FoAU6Jrs/Fmj0z4dA3wvdq/WqA4P49IwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
-            AQ0FAAOBgQB+5d5+NtzLILfrc9QmJdIO1YeDP64JmFwTER0kEUouRsb9UwknVWZa
-            y7MTM4NoBV1k0zb5LAk89SIDPr/maW5AsLtEomzjnEiomjoMBUdNe3YCgQReoLnr
-            R/QaUNbrCjTGYfBsjGbIzmkWPUyTec2ZdRyJ8JiVl386+6CZkxnndQ==
-            -----END CERTIFICATE-----
-            """, """
-            -----BEGIN CERTIFICATE-----
-            MIIEpDCCAowCCQC43PUTWSADVjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
-            b2NhbGhvc3QwHhcNMjIxMDE3MjA0NTM0WhcNMjMxMDE3MjA0NTM0WjAUMRIwEAYD
-            VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDV
-            x1cdEd2ffQTlTXWRiCHGcrlYf4RJnctt9sw/BuHWTLXBu5LhyJSGn5LRszO/NCXK
-            Z/cmGR7pLj366RtiwL+Qo3nhvDCK7T9xZeNIusM6XMcMK9D/DGCYPqtjQz8NXd9V
-            ajBBe6nwTDTa+oqX8Mt89foWNkg5Il/lY62u9Dr18LRZ2W9zzYi3Q9/K0CbIX6pM
-            yVlPIO5rITOR2IsbeyqsO9jufgX5lP4ZKLLBAP1b7usjC4YdvWacjQg/rK5aay1x
-            jC2HCDgo/4N30QVXzSA9nFfSe6AE/xkStK4819JqOkY5JsJCbef1P3hOOdSLEjbp
-            xq3MjOs6G6dOgteaAGs10vx7dHxDWETTIiD7BIZ9zRYgOF5bkCaIUO+JfySE1MHD
-            KBAFLoRuvmRev5Ln5R0MCHpUMSmMNgJqz+RWZV3g/gpYbuWiHgJOwL1393eK50Bg
-            W7SXQ8EjJj2yXZSH+1gPzN0DRoJZiaBoTPnCL2qUgvwFpW1PJsM5FDyUJFUoK5kK
-            HLBBSKAPt6ZlSrUe2nBgJv7EF1GK+fTU08LXgW33OpLceGPa0zTShkukQUMtUtZ8
-            GqhO12ohMzEupIu5Xurthq4VVUrzHUdj1ZZRMhAbfLU36sd03MMyL/xBqTN6dzCa
-            GDGIPGpYjAllZ5xMRt2kZdv+Kr6oo3u2nLUIsqI7KQIDAQABMA0GCSqGSIb3DQEB
-            CwUAA4ICAQCB5s43YF35ssf5YONW5iAaifGpi1o0866xfeOybtohFGvQ7V2W34i9
-            TYBCt8+0hgatMcvZ08f0vqig1i7nrvYcE1hnhL7JNkU8qm0s9ytHZt6j62nB0kd/
-            uqE2hOEQalTf/2TGPV0CCgiqLyd8lEUQvQeA38wktwUeZpVnErlzHeMR2CvV3K8R
-            u4vV6SnBcf+TAt56RKYZkPyvZj5llQPo14Glyoo8qZES7Ky1SHmM0GL+baPRBjRW
-            3KgSt98Wyu4yr9qu21JpnbAnLhBfzfSKjSeCRgFElUE1GIaFGRZ7ypA74dUKeLnb
-            /VUWrszmUhGaEjV9dpI6x6B/kSpQMtIQqBaKRY2ALUeEujS/rURi4iMDwSU+GkSH
-            cyEvZKS97OA/dWeXfLXdo4beDBRG93bI4rQnDg5+VdlBOkQSLueb8x6/VThMoC5d
-            vZiotFQHseljQAdTkNa6tBu6c4XDYPCKB3CfkMYOlCfTS7Acn5G6dxTPKBtLGBnL
-            nQfYyzuwYkN09+2PVzt6auBHr3To7uoclkxX+hxyvPIwIZ0N6b4tQR1FCAkvg29Q
-            WIOjZOKGW690ESKCKOnFjUHVO0HpuWnT81URTuY62FXsYdVc2wE4v0E04mEbqQ0P
-            lY6ZKNA81Lm3YADYtObmK1IUrOPo9BeIaPy0UM08SmN880Vunqa91Q==
-            -----END CERTIFICATE-----
-            """));
-
-    secureStorageClient = new SecureBackupClient(credentialsGenerator, httpExecutor, retryExecutor, config);
-  }
-
-  @AfterEach
-  void tearDown() throws InterruptedException {
-    httpExecutor.shutdown();
-    httpExecutor.awaitTermination(1, TimeUnit.SECONDS);
-    retryExecutor.shutdown();
-    retryExecutor.awaitTermination(1, TimeUnit.SECONDS);
-  }
-
-  @Test
-  void deleteStoredData() {
-    final String username = RandomStringUtils.randomAlphabetic(16);
-    final String password = RandomStringUtils.randomAlphanumeric(32);
-
-    when(credentialsGenerator.generateForUuid(accountUuid)).thenReturn(new ExternalServiceCredentials(username, password));
-
-    wireMock.stubFor(delete(urlEqualTo(SecureBackupClient.DELETE_PATH))
-        .withBasicAuth(username, password)
-        .willReturn(aResponse().withStatus(202)));
-
-    // We're happy as long as this doesn't throw an exception
-    secureStorageClient.deleteBackups(accountUuid).join();
-  }
-
-  @Test
-  void deleteStoredDataFailure() {
-    final String username = RandomStringUtils.randomAlphabetic(16);
-    final String password = RandomStringUtils.randomAlphanumeric(32);
-
-    when(credentialsGenerator.generateForUuid(accountUuid)).thenReturn(new ExternalServiceCredentials(username, password));
-
-    wireMock.stubFor(delete(urlEqualTo(SecureBackupClient.DELETE_PATH))
-        .withBasicAuth(username, password)
-        .willReturn(aResponse().withStatus(400)));
-
-    final CompletionException completionException = assertThrows(CompletionException.class, () -> secureStorageClient.deleteBackups(accountUuid).join());
-    assertTrue(completionException.getCause() instanceof SecureBackupException);
-  }
-}
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerChangeNumberIntegrationTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerChangeNumberIntegrationTest.java
index e5186371d..40b5b1c25 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerChangeNumberIntegrationTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerChangeNumberIntegrationTest.java
@@ -38,7 +38,6 @@ import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.textsecuregcm.redis.RedisClusterExtension;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.DynamoDbExtensionSchema.Tables;
@@ -94,9 +93,6 @@ class AccountsManagerChangeNumberIntegrationTest {
       final SecureStorageClient secureStorageClient = mock(SecureStorageClient.class);
       when(secureStorageClient.deleteStoredData(any())).thenReturn(CompletableFuture.completedFuture(null));
 
-      final SecureBackupClient secureBackupClient = mock(SecureBackupClient.class);
-      when(secureBackupClient.deleteBackups(any())).thenReturn(CompletableFuture.completedFuture(null));
-
       final SecureValueRecovery2Client svr2Client = mock(SecureValueRecovery2Client.class);
       when(svr2Client.deleteBackups(any())).thenReturn(CompletableFuture.completedFuture(null));
 
@@ -129,7 +125,6 @@ class AccountsManagerChangeNumberIntegrationTest {
           messagesManager,
           profilesManager,
           secureStorageClient,
-          secureBackupClient,
           svr2Client,
           clientPresenceManager,
           mock(ExperimentEnrollmentManager.class),
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerConcurrentModificationIntegrationTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerConcurrentModificationIntegrationTest.java
index 9252b8ded..ca1cfd0f2 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerConcurrentModificationIntegrationTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerConcurrentModificationIntegrationTest.java
@@ -45,7 +45,6 @@ import org.whispersystems.textsecuregcm.entities.AccountAttributes;
 import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.DynamoDbExtensionSchema.Tables;
@@ -125,7 +124,6 @@ class AccountsManagerConcurrentModificationIntegrationTest {
           mock(MessagesManager.class),
           mock(ProfilesManager.class),
           mock(SecureStorageClient.class),
-          mock(SecureBackupClient.class),
           mock(SecureValueRecovery2Client.class),
           mock(ClientPresenceManager.class),
           mock(ExperimentEnrollmentManager.class),
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerTest.java
index 70cf5c12d..6d1e6eeee 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerTest.java
@@ -71,7 +71,6 @@ import org.whispersystems.textsecuregcm.identity.AciServiceIdentifier;
 import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.identity.PniServiceIdentifier;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.Device.DeviceCapabilities;
@@ -156,9 +155,6 @@ class AccountsManagerTest {
     final SecureStorageClient storageClient = mock(SecureStorageClient.class);
     when(storageClient.deleteStoredData(any())).thenReturn(CompletableFuture.completedFuture(null));
 
-    final SecureBackupClient backupClient = mock(SecureBackupClient.class);
-    when(backupClient.deleteBackups(any())).thenReturn(CompletableFuture.completedFuture(null));
-
     final SecureValueRecovery2Client svr2Client = mock(SecureValueRecovery2Client.class);
     when(svr2Client.deleteBackups(any())).thenReturn(CompletableFuture.completedFuture(null));
 
@@ -218,7 +214,6 @@ class AccountsManagerTest {
         messagesManager,
         profilesManager,
         storageClient,
-        backupClient,
         svr2Client,
         clientPresenceManager,
         enrollmentManager,
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerUsernameIntegrationTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerUsernameIntegrationTest.java
index 7f0031547..3e887c9d4 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerUsernameIntegrationTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerUsernameIntegrationTest.java
@@ -41,7 +41,6 @@ import org.whispersystems.textsecuregcm.entities.AccountAttributes;
 import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.textsecuregcm.redis.RedisClusterExtension;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.DynamoDbExtensionSchema.Tables;
@@ -131,7 +130,6 @@ class AccountsManagerUsernameIntegrationTest {
         mock(MessagesManager.class),
         mock(ProfilesManager.class),
         mock(SecureStorageClient.class),
-        mock(SecureBackupClient.class),
         mock(SecureValueRecovery2Client.class),
         mock(ClientPresenceManager.class),
         experimentEnrollmentManager,
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsTest.java
index ca4bc4946..0276bfc15 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsTest.java
@@ -55,7 +55,6 @@ import org.whispersystems.textsecuregcm.experiment.ExperimentEnrollmentManager;
 import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.push.ClientPresenceManager;
 import org.whispersystems.textsecuregcm.redis.FaultTolerantRedisCluster;
-import org.whispersystems.textsecuregcm.securebackup.SecureBackupClient;
 import org.whispersystems.textsecuregcm.securestorage.SecureStorageClient;
 import org.whispersystems.textsecuregcm.securevaluerecovery.SecureValueRecovery2Client;
 import org.whispersystems.textsecuregcm.storage.DynamoDbExtensionSchema.Tables;
@@ -176,7 +175,6 @@ class AccountsTest {
         mock(MessagesManager.class),
         mock(ProfilesManager.class),
         mock(SecureStorageClient.class),
-        mock(SecureBackupClient.class),
         mock(SecureValueRecovery2Client.class),
         mock(ClientPresenceManager.class),
         mock(ExperimentEnrollmentManager.class),