1 package org
.asamk
.signal
.manager
.helper
;
3 import com
.google
.protobuf
.InvalidProtocolBufferException
;
5 import org
.asamk
.signal
.manager
.SignalDependencies
;
6 import org
.asamk
.signal
.manager
.api
.Pair
;
7 import org
.asamk
.signal
.manager
.groups
.GroupLinkPassword
;
8 import org
.asamk
.signal
.manager
.groups
.GroupLinkState
;
9 import org
.asamk
.signal
.manager
.groups
.GroupPermission
;
10 import org
.asamk
.signal
.manager
.groups
.GroupUtils
;
11 import org
.asamk
.signal
.manager
.groups
.NotAGroupMemberException
;
12 import org
.asamk
.signal
.manager
.storage
.groups
.GroupInfoV2
;
13 import org
.asamk
.signal
.manager
.storage
.recipients
.RecipientId
;
14 import org
.asamk
.signal
.manager
.util
.IOUtils
;
15 import org
.asamk
.signal
.manager
.util
.Utils
;
16 import org
.signal
.libsignal
.zkgroup
.InvalidInputException
;
17 import org
.signal
.libsignal
.zkgroup
.VerificationFailedException
;
18 import org
.signal
.libsignal
.zkgroup
.auth
.AuthCredentialResponse
;
19 import org
.signal
.libsignal
.zkgroup
.groups
.GroupMasterKey
;
20 import org
.signal
.libsignal
.zkgroup
.groups
.GroupSecretParams
;
21 import org
.signal
.libsignal
.zkgroup
.groups
.UuidCiphertext
;
22 import org
.signal
.storageservice
.protos
.groups
.AccessControl
;
23 import org
.signal
.storageservice
.protos
.groups
.GroupChange
;
24 import org
.signal
.storageservice
.protos
.groups
.Member
;
25 import org
.signal
.storageservice
.protos
.groups
.local
.DecryptedGroup
;
26 import org
.signal
.storageservice
.protos
.groups
.local
.DecryptedGroupChange
;
27 import org
.signal
.storageservice
.protos
.groups
.local
.DecryptedGroupJoinInfo
;
28 import org
.signal
.storageservice
.protos
.groups
.local
.DecryptedPendingMember
;
29 import org
.slf4j
.Logger
;
30 import org
.slf4j
.LoggerFactory
;
31 import org
.whispersystems
.signalservice
.api
.groupsv2
.DecryptedGroupUtil
;
32 import org
.whispersystems
.signalservice
.api
.groupsv2
.GroupCandidate
;
33 import org
.whispersystems
.signalservice
.api
.groupsv2
.GroupLinkNotActiveException
;
34 import org
.whispersystems
.signalservice
.api
.groupsv2
.GroupsV2AuthorizationString
;
35 import org
.whispersystems
.signalservice
.api
.groupsv2
.GroupsV2Operations
;
36 import org
.whispersystems
.signalservice
.api
.groupsv2
.InvalidGroupStateException
;
37 import org
.whispersystems
.signalservice
.api
.groupsv2
.NotAbleToApplyGroupV2ChangeException
;
38 import org
.whispersystems
.signalservice
.api
.push
.ACI
;
39 import org
.whispersystems
.signalservice
.api
.push
.ServiceId
;
40 import org
.whispersystems
.signalservice
.api
.push
.SignalServiceAddress
;
41 import org
.whispersystems
.signalservice
.api
.push
.exceptions
.NonSuccessfulResponseCodeException
;
44 import java
.io
.FileInputStream
;
45 import java
.io
.IOException
;
46 import java
.io
.InputStream
;
47 import java
.util
.ArrayList
;
48 import java
.util
.HashMap
;
49 import java
.util
.List
;
50 import java
.util
.Optional
;
52 import java
.util
.UUID
;
53 import java
.util
.concurrent
.TimeUnit
;
54 import java
.util
.stream
.Collectors
;
58 private final static Logger logger
= LoggerFactory
.getLogger(GroupV2Helper
.class);
60 private final SignalDependencies dependencies
;
61 private final Context context
;
63 private HashMap
<Integer
, AuthCredentialResponse
> groupApiCredentials
;
65 GroupV2Helper(final Context context
) {
66 this.dependencies
= context
.getDependencies();
67 this.context
= context
;
70 DecryptedGroup
getDecryptedGroup(final GroupSecretParams groupSecretParams
) throws NotAGroupMemberException
{
72 final var groupsV2AuthorizationString
= getGroupAuthForToday(groupSecretParams
);
73 return dependencies
.getGroupsV2Api().getGroup(groupSecretParams
, groupsV2AuthorizationString
);
74 } catch (NonSuccessfulResponseCodeException e
) {
75 if (e
.getCode() == 403) {
76 throw new NotAGroupMemberException(GroupUtils
.getGroupIdV2(groupSecretParams
), null);
78 logger
.warn("Failed to retrieve Group V2 info, ignoring: {}", e
.getMessage());
80 } catch (IOException
| VerificationFailedException
| InvalidGroupStateException e
) {
81 logger
.warn("Failed to retrieve Group V2 info, ignoring: {}", e
.getMessage());
86 DecryptedGroupJoinInfo
getDecryptedGroupJoinInfo(
87 GroupMasterKey groupMasterKey
, GroupLinkPassword password
88 ) throws IOException
, GroupLinkNotActiveException
{
89 var groupSecretParams
= GroupSecretParams
.deriveFromMasterKey(groupMasterKey
);
91 return dependencies
.getGroupsV2Api()
92 .getGroupJoinInfo(groupSecretParams
,
93 Optional
.ofNullable(password
).map(GroupLinkPassword
::serialize
),
94 getGroupAuthForToday(groupSecretParams
));
97 Pair
<GroupInfoV2
, DecryptedGroup
> createGroup(
98 String name
, Set
<RecipientId
> members
, File avatarFile
99 ) throws IOException
{
100 final var avatarBytes
= readAvatarBytes(avatarFile
);
101 final var newGroup
= buildNewGroup(name
, members
, avatarBytes
);
102 if (newGroup
== null) {
106 final var groupSecretParams
= newGroup
.getGroupSecretParams();
108 final GroupsV2AuthorizationString groupAuthForToday
;
109 final DecryptedGroup decryptedGroup
;
111 groupAuthForToday
= getGroupAuthForToday(groupSecretParams
);
112 dependencies
.getGroupsV2Api().putNewGroup(newGroup
, groupAuthForToday
);
113 decryptedGroup
= dependencies
.getGroupsV2Api().getGroup(groupSecretParams
, groupAuthForToday
);
114 } catch (IOException
| VerificationFailedException
| InvalidGroupStateException e
) {
115 logger
.warn("Failed to create V2 group: {}", e
.getMessage());
118 if (decryptedGroup
== null) {
119 logger
.warn("Failed to create V2 group, unknown error!");
123 final var groupId
= GroupUtils
.getGroupIdV2(groupSecretParams
);
124 final var masterKey
= groupSecretParams
.getMasterKey();
125 var g
= new GroupInfoV2(groupId
, masterKey
);
127 return new Pair
<>(g
, decryptedGroup
);
130 private byte[] readAvatarBytes(final File avatarFile
) throws IOException
{
131 final byte[] avatarBytes
;
132 try (InputStream avatar
= avatarFile
== null ?
null : new FileInputStream(avatarFile
)) {
133 avatarBytes
= avatar
== null ?
null : IOUtils
.readFully(avatar
);
138 private GroupsV2Operations
.NewGroup
buildNewGroup(
139 String name
, Set
<RecipientId
> members
, byte[] avatar
141 final var profileKeyCredential
= context
.getProfileHelper()
142 .getRecipientProfileKeyCredential(context
.getAccount().getSelfRecipientId());
143 if (profileKeyCredential
== null) {
144 logger
.warn("Cannot create a V2 group as self does not have a versioned profile");
148 final var self
= new GroupCandidate(getSelfAci().uuid(), Optional
.of(profileKeyCredential
));
149 final var memberList
= new ArrayList
<>(members
);
150 final var credentials
= context
.getProfileHelper().getRecipientProfileKeyCredential(memberList
).stream();
151 final var uuids
= memberList
.stream()
152 .map(member
-> context
.getRecipientHelper().resolveSignalServiceAddress(member
).getServiceId().uuid());
153 var candidates
= Utils
.zip(uuids
,
155 (uuid
, credential
) -> new GroupCandidate(uuid
, Optional
.ofNullable(credential
)))
156 .collect(Collectors
.toSet());
158 final var groupSecretParams
= GroupSecretParams
.generate();
159 return dependencies
.getGroupsV2Operations()
160 .createNewGroup(groupSecretParams
,
162 Optional
.ofNullable(avatar
),
169 Pair
<DecryptedGroup
, GroupChange
> updateGroup(
170 GroupInfoV2 groupInfoV2
, String name
, String description
, File avatarFile
171 ) throws IOException
{
172 final var groupSecretParams
= GroupSecretParams
.deriveFromMasterKey(groupInfoV2
.getMasterKey());
173 var groupOperations
= dependencies
.getGroupsV2Operations().forGroup(groupSecretParams
);
175 var change
= name
!= null ? groupOperations
.createModifyGroupTitle(name
) : GroupChange
.Actions
.newBuilder();
177 if (description
!= null) {
178 change
.setModifyDescription(groupOperations
.createModifyGroupDescriptionAction(description
));
181 if (avatarFile
!= null) {
182 final var avatarBytes
= readAvatarBytes(avatarFile
);
183 var avatarCdnKey
= dependencies
.getGroupsV2Api()
184 .uploadAvatar(avatarBytes
, groupSecretParams
, getGroupAuthForToday(groupSecretParams
));
185 change
.setModifyAvatar(GroupChange
.Actions
.ModifyAvatarAction
.newBuilder().setAvatar(avatarCdnKey
));
188 change
.setSourceUuid(getSelfAci().toByteString());
190 return commitChange(groupInfoV2
, change
);
193 Pair
<DecryptedGroup
, GroupChange
> addMembers(
194 GroupInfoV2 groupInfoV2
, Set
<RecipientId
> newMembers
195 ) throws IOException
{
196 GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
198 final var memberList
= new ArrayList
<>(newMembers
);
199 final var credentials
= context
.getProfileHelper().getRecipientProfileKeyCredential(memberList
).stream();
200 final var uuids
= memberList
.stream()
201 .map(member
-> context
.getRecipientHelper().resolveSignalServiceAddress(member
).getServiceId().uuid());
202 var candidates
= Utils
.zip(uuids
,
204 (uuid
, credential
) -> new GroupCandidate(uuid
, Optional
.ofNullable(credential
)))
205 .collect(Collectors
.toSet());
207 final var aci
= getSelfAci();
208 final var change
= groupOperations
.createModifyGroupMembershipChange(candidates
, Set
.of(), aci
.uuid());
210 change
.setSourceUuid(getSelfAci().toByteString());
212 return commitChange(groupInfoV2
, change
);
215 Pair
<DecryptedGroup
, GroupChange
> leaveGroup(
216 GroupInfoV2 groupInfoV2
, Set
<RecipientId
> membersToMakeAdmin
217 ) throws IOException
{
218 var pendingMembersList
= groupInfoV2
.getGroup().getPendingMembersList();
219 final var selfAci
= getSelfAci();
220 var selfPendingMember
= DecryptedGroupUtil
.findPendingByUuid(pendingMembersList
, selfAci
.uuid());
222 if (selfPendingMember
.isPresent()) {
223 return revokeInvites(groupInfoV2
, Set
.of(selfPendingMember
.get()));
226 final var adminUuids
= membersToMakeAdmin
.stream()
227 .map(context
.getRecipientHelper()::resolveSignalServiceAddress
)
228 .map(SignalServiceAddress
::getServiceId
)
229 .map(ServiceId
::uuid
)
231 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
232 return commitChange(groupInfoV2
,
233 groupOperations
.createLeaveAndPromoteMembersToAdmin(selfAci
.uuid(), adminUuids
));
236 Pair
<DecryptedGroup
, GroupChange
> removeMembers(
237 GroupInfoV2 groupInfoV2
, Set
<RecipientId
> members
238 ) throws IOException
{
239 final var memberUuids
= members
.stream()
240 .map(context
.getRecipientHelper()::resolveSignalServiceAddress
)
241 .map(SignalServiceAddress
::getServiceId
)
242 .map(ServiceId
::uuid
)
243 .collect(Collectors
.toSet());
244 return ejectMembers(groupInfoV2
, memberUuids
);
247 Pair
<DecryptedGroup
, GroupChange
> revokeInvitedMembers(
248 GroupInfoV2 groupInfoV2
, Set
<RecipientId
> members
249 ) throws IOException
{
250 var pendingMembersList
= groupInfoV2
.getGroup().getPendingMembersList();
251 final var memberUuids
= members
.stream()
252 .map(context
.getRecipientHelper()::resolveSignalServiceAddress
)
253 .map(SignalServiceAddress
::getServiceId
)
254 .map(ServiceId
::uuid
)
255 .map(uuid
-> DecryptedGroupUtil
.findPendingByUuid(pendingMembersList
, uuid
))
256 .filter(Optional
::isPresent
)
258 .collect(Collectors
.toSet());
259 return revokeInvites(groupInfoV2
, memberUuids
);
262 Pair
<DecryptedGroup
, GroupChange
> resetGroupLinkPassword(GroupInfoV2 groupInfoV2
) throws IOException
{
263 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
264 final var newGroupLinkPassword
= GroupLinkPassword
.createNew().serialize();
265 final var change
= groupOperations
.createModifyGroupLinkPasswordChange(newGroupLinkPassword
);
266 return commitChange(groupInfoV2
, change
);
269 Pair
<DecryptedGroup
, GroupChange
> setGroupLinkState(
270 GroupInfoV2 groupInfoV2
, GroupLinkState state
271 ) throws IOException
{
272 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
274 final var accessRequired
= toAccessControl(state
);
275 final var requiresNewPassword
= state
!= GroupLinkState
.DISABLED
&& groupInfoV2
.getGroup()
276 .getInviteLinkPassword()
279 final var change
= requiresNewPassword ? groupOperations
.createModifyGroupLinkPasswordAndRightsChange(
280 GroupLinkPassword
.createNew().serialize(),
281 accessRequired
) : groupOperations
.createChangeJoinByLinkRights(accessRequired
);
282 return commitChange(groupInfoV2
, change
);
285 Pair
<DecryptedGroup
, GroupChange
> setEditDetailsPermission(
286 GroupInfoV2 groupInfoV2
, GroupPermission permission
287 ) throws IOException
{
288 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
290 final var accessRequired
= toAccessControl(permission
);
291 final var change
= groupOperations
.createChangeAttributesRights(accessRequired
);
292 return commitChange(groupInfoV2
, change
);
295 Pair
<DecryptedGroup
, GroupChange
> setAddMemberPermission(
296 GroupInfoV2 groupInfoV2
, GroupPermission permission
297 ) throws IOException
{
298 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
300 final var accessRequired
= toAccessControl(permission
);
301 final var change
= groupOperations
.createChangeMembershipRights(accessRequired
);
302 return commitChange(groupInfoV2
, change
);
305 GroupChange
joinGroup(
306 GroupMasterKey groupMasterKey
,
307 GroupLinkPassword groupLinkPassword
,
308 DecryptedGroupJoinInfo decryptedGroupJoinInfo
309 ) throws IOException
{
310 final var groupSecretParams
= GroupSecretParams
.deriveFromMasterKey(groupMasterKey
);
311 final var groupOperations
= dependencies
.getGroupsV2Operations().forGroup(groupSecretParams
);
313 final var selfRecipientId
= context
.getAccount().getSelfRecipientId();
314 final var profileKeyCredential
= context
.getProfileHelper().getRecipientProfileKeyCredential(selfRecipientId
);
315 if (profileKeyCredential
== null) {
316 throw new IOException("Cannot join a V2 group as self does not have a versioned profile");
319 var requestToJoin
= decryptedGroupJoinInfo
.getAddFromInviteLink() == AccessControl
.AccessRequired
.ADMINISTRATOR
;
320 var change
= requestToJoin
321 ? groupOperations
.createGroupJoinRequest(profileKeyCredential
)
322 : groupOperations
.createGroupJoinDirect(profileKeyCredential
);
324 change
.setSourceUuid(context
.getRecipientHelper()
325 .resolveSignalServiceAddress(selfRecipientId
)
329 return commitChange(groupSecretParams
, decryptedGroupJoinInfo
.getRevision(), change
, groupLinkPassword
);
332 Pair
<DecryptedGroup
, GroupChange
> acceptInvite(GroupInfoV2 groupInfoV2
) throws IOException
{
333 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
335 final var selfRecipientId
= context
.getAccount().getSelfRecipientId();
336 final var profileKeyCredential
= context
.getProfileHelper().getRecipientProfileKeyCredential(selfRecipientId
);
337 if (profileKeyCredential
== null) {
338 throw new IOException("Cannot join a V2 group as self does not have a versioned profile");
341 final var change
= groupOperations
.createAcceptInviteChange(profileKeyCredential
);
343 final var aci
= context
.getRecipientHelper().resolveSignalServiceAddress(selfRecipientId
).getServiceId();
344 change
.setSourceUuid(aci
.toByteString());
346 return commitChange(groupInfoV2
, change
);
349 Pair
<DecryptedGroup
, GroupChange
> setMemberAdmin(
350 GroupInfoV2 groupInfoV2
, RecipientId recipientId
, boolean admin
351 ) throws IOException
{
352 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
353 final var address
= context
.getRecipientHelper().resolveSignalServiceAddress(recipientId
);
354 final var newRole
= admin ? Member
.Role
.ADMINISTRATOR
: Member
.Role
.DEFAULT
;
355 final var change
= groupOperations
.createChangeMemberRole(address
.getServiceId().uuid(), newRole
);
356 return commitChange(groupInfoV2
, change
);
359 Pair
<DecryptedGroup
, GroupChange
> setMessageExpirationTimer(
360 GroupInfoV2 groupInfoV2
, int messageExpirationTimer
361 ) throws IOException
{
362 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
363 final var change
= groupOperations
.createModifyGroupTimerChange(messageExpirationTimer
);
364 return commitChange(groupInfoV2
, change
);
367 Pair
<DecryptedGroup
, GroupChange
> setIsAnnouncementGroup(
368 GroupInfoV2 groupInfoV2
, boolean isAnnouncementGroup
369 ) throws IOException
{
370 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
371 final var change
= groupOperations
.createAnnouncementGroupChange(isAnnouncementGroup
);
372 return commitChange(groupInfoV2
, change
);
375 private AccessControl
.AccessRequired
toAccessControl(final GroupLinkState state
) {
376 return switch (state
) {
377 case DISABLED
-> AccessControl
.AccessRequired
.UNSATISFIABLE
;
378 case ENABLED
-> AccessControl
.AccessRequired
.ANY
;
379 case ENABLED_WITH_APPROVAL
-> AccessControl
.AccessRequired
.ADMINISTRATOR
;
383 private AccessControl
.AccessRequired
toAccessControl(final GroupPermission permission
) {
384 return switch (permission
) {
385 case EVERY_MEMBER
-> AccessControl
.AccessRequired
.MEMBER
;
386 case ONLY_ADMINS
-> AccessControl
.AccessRequired
.ADMINISTRATOR
;
390 private GroupsV2Operations
.GroupOperations
getGroupOperations(final GroupInfoV2 groupInfoV2
) {
391 final var groupSecretParams
= GroupSecretParams
.deriveFromMasterKey(groupInfoV2
.getMasterKey());
392 return dependencies
.getGroupsV2Operations().forGroup(groupSecretParams
);
395 private Pair
<DecryptedGroup
, GroupChange
> revokeInvites(
396 GroupInfoV2 groupInfoV2
, Set
<DecryptedPendingMember
> pendingMembers
397 ) throws IOException
{
398 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
399 final var uuidCipherTexts
= pendingMembers
.stream().map(member
-> {
401 return new UuidCiphertext(member
.getUuidCipherText().toByteArray());
402 } catch (InvalidInputException e
) {
403 throw new AssertionError(e
);
405 }).collect(Collectors
.toSet());
406 return commitChange(groupInfoV2
, groupOperations
.createRemoveInvitationChange(uuidCipherTexts
));
409 private Pair
<DecryptedGroup
, GroupChange
> ejectMembers(
410 GroupInfoV2 groupInfoV2
, Set
<UUID
> uuids
411 ) throws IOException
{
412 final GroupsV2Operations
.GroupOperations groupOperations
= getGroupOperations(groupInfoV2
);
413 return commitChange(groupInfoV2
, groupOperations
.createRemoveMembersChange(uuids
, false, List
.of()));
416 private Pair
<DecryptedGroup
, GroupChange
> commitChange(
417 GroupInfoV2 groupInfoV2
, GroupChange
.Actions
.Builder change
418 ) throws IOException
{
419 final var groupSecretParams
= GroupSecretParams
.deriveFromMasterKey(groupInfoV2
.getMasterKey());
420 final var groupOperations
= dependencies
.getGroupsV2Operations().forGroup(groupSecretParams
);
421 final var previousGroupState
= groupInfoV2
.getGroup();
422 final var nextRevision
= previousGroupState
.getRevision() + 1;
423 final var changeActions
= change
.setRevision(nextRevision
).build();
424 final DecryptedGroupChange decryptedChange
;
425 final DecryptedGroup decryptedGroupState
;
428 decryptedChange
= groupOperations
.decryptChange(changeActions
, getSelfAci().uuid());
429 decryptedGroupState
= DecryptedGroupUtil
.apply(previousGroupState
, decryptedChange
);
430 } catch (VerificationFailedException
| InvalidGroupStateException
| NotAbleToApplyGroupV2ChangeException e
) {
431 throw new IOException(e
);
434 var signedGroupChange
= dependencies
.getGroupsV2Api()
435 .patchGroup(changeActions
, getGroupAuthForToday(groupSecretParams
), Optional
.empty());
437 return new Pair
<>(decryptedGroupState
, signedGroupChange
);
440 private GroupChange
commitChange(
441 GroupSecretParams groupSecretParams
,
443 GroupChange
.Actions
.Builder change
,
444 GroupLinkPassword password
445 ) throws IOException
{
446 final var nextRevision
= currentRevision
+ 1;
447 final var changeActions
= change
.setRevision(nextRevision
).build();
449 return dependencies
.getGroupsV2Api()
450 .patchGroup(changeActions
,
451 getGroupAuthForToday(groupSecretParams
),
452 Optional
.ofNullable(password
).map(GroupLinkPassword
::serialize
));
455 DecryptedGroup
getUpdatedDecryptedGroup(
456 DecryptedGroup group
, byte[] signedGroupChange
, GroupMasterKey groupMasterKey
459 final var decryptedGroupChange
= getDecryptedGroupChange(signedGroupChange
, groupMasterKey
);
460 if (decryptedGroupChange
== null) {
463 return DecryptedGroupUtil
.apply(group
, decryptedGroupChange
);
464 } catch (NotAbleToApplyGroupV2ChangeException e
) {
469 private DecryptedGroupChange
getDecryptedGroupChange(byte[] signedGroupChange
, GroupMasterKey groupMasterKey
) {
470 if (signedGroupChange
!= null) {
471 var groupOperations
= dependencies
.getGroupsV2Operations()
472 .forGroup(GroupSecretParams
.deriveFromMasterKey(groupMasterKey
));
475 return groupOperations
.decryptChange(GroupChange
.parseFrom(signedGroupChange
), true).orElse(null);
476 } catch (VerificationFailedException
| InvalidGroupStateException
| InvalidProtocolBufferException e
) {
484 private static int currentTimeDays() {
485 return (int) TimeUnit
.MILLISECONDS
.toDays(System
.currentTimeMillis());
488 private GroupsV2AuthorizationString
getGroupAuthForToday(
489 final GroupSecretParams groupSecretParams
490 ) throws IOException
{
491 final var today
= currentTimeDays();
492 if (groupApiCredentials
== null || !groupApiCredentials
.containsKey(today
)) {
493 // Returns credentials for the next 7 days
494 groupApiCredentials
= dependencies
.getGroupsV2Api().getCredentials(today
);
495 // TODO cache credentials on disk until they expire
497 var authCredentialResponse
= groupApiCredentials
.get(today
);
498 final var aci
= getSelfAci();
500 return dependencies
.getGroupsV2Api()
501 .getGroupsV2AuthorizationString(aci
, today
, groupSecretParams
, authCredentialResponse
);
502 } catch (VerificationFailedException e
) {
503 throw new IOException(e
);
507 private ACI
getSelfAci() {
508 return context
.getAccount().getAci();