Add cdn number query parameter to /archives/auth/read

service/src/main/java/org/whispersystems/textsecuregcm/backup/BackupManager.java

@@ -317,10 +317,14 @@ public class BackupManager {
    * Generate credentials that can be used to read from the backup CDN
    *
    * @param backupUser an already ZK authenticated backup user
+   * @param cdnNumber the cdn number to get backup credentials for
    * @return A map of headers to include with CDN requests
    */
-  public Map<String, String> generateReadAuth(final AuthenticatedBackupUser backupUser) {
+  public Map<String, String> generateReadAuth(final AuthenticatedBackupUser backupUser, final int cdnNumber) {
     checkBackupTier(backupUser, BackupTier.MESSAGES);
+    if (cdnNumber != 3) {
+      throw Status.INVALID_ARGUMENT.withDescription("unknown cdn").asRuntimeException();
+    }
     return cdn3BackupCredentialGenerator.readHeaders(backupUser.backupDir());
   }
 

service/src/main/java/org/whispersystems/textsecuregcm/controllers/ArchiveController.java

@@ -280,12 +280,14 @@ public class ArchiveController {
 
       @Parameter(description = BackupAuthCredentialPresentationSignature.DESCRIPTION, schema = @Schema(implementation = String.class))
       @NotNull
-      @HeaderParam(X_SIGNAL_ZK_AUTH_SIGNATURE) final BackupAuthCredentialPresentationSignature signature) {
+      @HeaderParam(X_SIGNAL_ZK_AUTH_SIGNATURE) final BackupAuthCredentialPresentationSignature signature,
+
+      @NotNull @Parameter(description = "The number of the CDN to get credentials for") @QueryParam("cdn") final Integer cdn) {
     if (account.isPresent()) {
       throw new BadRequestException("must not use authenticated connection for anonymous operations");
     }
     return backupManager.authenticateBackupUser(presentation.presentation, signature.signature)
-        .thenApply(backupManager::generateReadAuth)
+        .thenApply(user -> backupManager.generateReadAuth(user, cdn))
         .thenApply(ReadAuthResponse::new);
   }