@wireapp/core-crypto 0.7.0-rc.3 → 0.7.0-rc.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wireapp/core-crypto",
-  "version": "0.7.0-rc.3",
+  "version": "0.7.0-rc.4",
   "description": "CoreCrypto bindings for the Web",
   "type": "module",
   "module": "platforms/web/corecrypto.js",

package/platforms/web/corecrypto.d.ts

@@ -520,12 +520,12 @@ export declare class CoreCrypto {
 	/** @hidden */
 	private constructor();
 	/**
-	 * If this returns > 1 you **cannot** call {@link CoreCrypto.wipe} or {@link CoreCrypto.close} as they will produce an error because of the
+	 * If this returns `true` you **cannot** call {@link CoreCrypto.wipe} or {@link CoreCrypto.close} as they will produce an error because of the
 	 * outstanding references that were detected.
 	 *
 	 * @returns the count of strong refs for this CoreCrypto instance
 	 */
-	strongRefCount(): number;
+	isLocked(): boolean;
 	/**
 	 * Wipes the {@link CoreCrypto} backing storage (i.e. {@link https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API | IndexedDB} database)
 	 *
@@ -934,13 +934,22 @@ export declare class CoreCrypto {
 	/**
 	 * Creates an enrollment instance with private key material you can use in order to fetch
 	 * a new x509 certificate from the acme server.
-	 * Make sure to call {@link WireE2eIdentity.free} to dispose this instance and its associated
-	 * keying material.
 	 *
+	 * @param clientId client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+	 * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
+	 * @param handle user handle e.g. `alice.smith.qa@example.com`
+	 * @param expiryDays generated x509 certificate expiry
 	 * @param ciphersuite - For generating signing key material. Only {@link Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519} is supported currently
 	 * @returns The new {@link WireE2eIdentity} object
 	 */
-	newAcmeEnrollment(ciphersuite?: Ciphersuite): Promise<WireE2eIdentity>;
+	newAcmeEnrollment(clientId: string, displayName: string, handle: string, expiryDays: number, ciphersuite?: Ciphersuite): Promise<WireE2eIdentity>;
+	/**
+	 * Parses the ACME server response from the endpoint fetching x509 certificates and uses it to initialize the MLS client with a certificate
+	 *
+	 * @param e2ei - the enrollment instance used to fetch the certificates
+	 * @param certificateChain - the raw response from ACME server
+	 */
+	e2eiMlsInit(e2ei: WireE2eIdentity, certificateChain: string): Promise<void>;
 	/**
 	 * Returns the current version of {@link CoreCrypto}
 	 *
@@ -949,13 +958,15 @@ export declare class CoreCrypto {
 	static version(): string;
 }
 type JsonRawData = Uint8Array;
-type AcmeAccount = Uint8Array;
-type AcmeOrder = Uint8Array;
 export declare class WireE2eIdentity {
 	#private;
 	/** @hidden */
 	constructor(e2ei: unknown);
 	free(): void;
+	/**
+	 * Should only be used internally
+	 */
+	inner(): unknown;
 	/**
 	 * Parses the response from `GET /acme/{provisioner-name}/directory`.
 	 * Use this {@link AcmeDirectory} in the next step to fetch the first nonce from the acme server. Use
@@ -969,30 +980,23 @@ export declare class WireE2eIdentity {
 	 * For creating a new acme account. This returns a signed JWS-alike request body to send to
 	 * `POST /acme/{provisioner-name}/new-account`.
 	 *
-	 * @param directory you got from {@link directoryResponse}
 	 * @param previousNonce you got from calling `HEAD {@link AcmeDirectory.newNonce}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
 	 */
-	newAccountRequest(directory: AcmeDirectory, previousNonce: string): JsonRawData;
+	newAccountRequest(previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/new-account`.
 	 * @param account HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
 	 */
-	newAccountResponse(account: JsonRawData): AcmeAccount;
+	newAccountResponse(account: JsonRawData): void;
 	/**
 	 * Creates a new acme order for the handle (userId + display name) and the clientId.
 	 *
-	 * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
-	 * @param clientId client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
-	 * @param handle user handle e.g. `alice.smith.qa@example.com`
-	 * @param expiryDays generated x509 certificate expiry
-	 * @param directory you got from {@link directoryResponse}
-	 * @param account you got from {@link newAccountResponse}
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-account`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	newOrderRequest(displayName: string, clientId: string, handle: string, expiryDays: number, directory: AcmeDirectory, account: AcmeAccount, previousNonce: string): JsonRawData;
+	newOrderRequest(previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/new-order`.
 	 *
@@ -1004,12 +1008,11 @@ export declare class WireE2eIdentity {
 	 * Creates a new authorization request.
 	 *
 	 * @param url one of the URL in new order's authorizations (use {@link NewAcmeOrder.authorizations} from {@link newOrderResponse})
-	 * @param account you got from {@link newAccountResponse}
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-order` (or from the
 	 * previous to this method if you are creating the second authorization)
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
 	 */
-	newAuthzRequest(url: string, account: AcmeAccount, previousNonce: string): JsonRawData;
+	newAuthzRequest(url: string, previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/authz/{authz-id}`
 	 *
@@ -1026,32 +1029,25 @@ export declare class WireE2eIdentity {
 	 * {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token} on wire-server.
 	 *
 	 * @param accessTokenUrl backend endpoint where this token will be sent. Should be this one {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token}
-	 * @param clientId client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
-	 * @param dpopChallenge you found after {@link newAuthzResponse}
 	 * @param backendNonce you get by calling `GET /clients/token/nonce` on wire-server as defined here {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/get_clients__client__nonce}
-	 * @param expiryDays token expiry in days
 	 */
-	createDpopToken(accessTokenUrl: string, clientId: string, dpopChallenge: AcmeChallenge, backendNonce: string, expiryDays: number): string;
+	createDpopToken(accessTokenUrl: string, backendNonce: string): Uint8Array;
 	/**
 	 * Creates a new challenge request for Wire Dpop challenge.
 	 *
 	 * @param accessToken returned by wire-server from https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token
-	 * @param dpopChallenge you found after {@link newAuthzResponse}
-	 * @param account you found after {@link newAccountResponse}
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
 	 */
-	newDpopChallengeRequest(accessToken: string, dpopChallenge: AcmeChallenge, account: AcmeAccount, previousNonce: string): JsonRawData;
+	newDpopChallengeRequest(accessToken: string, previousNonce: string): JsonRawData;
 	/**
 	 * Creates a new challenge request for Wire Oidc challenge.
 	 *
 	 * @param idToken you get back from Identity Provider
-	 * @param oidcChallenge you found after {@link newAuthzResponse}
-	 * @param account you found after {@link newAccountResponse}
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
 	 */
-	newOidcChallengeRequest(idToken: string, oidcChallenge: AcmeChallenge, account: AcmeAccount, previousNonce: string): JsonRawData;
+	newOidcChallengeRequest(idToken: string, previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}`.
 	 *
@@ -1067,46 +1063,36 @@ export declare class WireE2eIdentity {
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/challenge/{challenge-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	checkOrderRequest(orderUrl: string, account: AcmeAccount, previousNonce: string): JsonRawData;
+	checkOrderRequest(orderUrl: string, previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}`.
 	 *
 	 * @param order HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	checkOrderResponse(order: JsonRawData): AcmeOrder;
+	checkOrderResponse(order: JsonRawData): void;
 	/**
 	 * Final step before fetching the certificate.
 	 *
 	 * @param order - order you got from {@link checkOrderResponse}
-	 * @param account - account you found after {@link newAccountResponse}
 	 * @param previousNonce - `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	finalizeRequest(order: AcmeOrder, account: AcmeAccount, previousNonce: string): JsonRawData;
+	finalizeRequest(previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}/finalize`.
 	 *
 	 * @param finalize HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	finalizeResponse(finalize: JsonRawData): AcmeFinalize;
+	finalizeResponse(finalize: JsonRawData): void;
 	/**
 	 * Creates a request for finally fetching the x509 certificate.
 	 *
-	 * @param finalize you got from {@link finalizeResponse}
-	 * @param account you got from {@link newAccountResponse}
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}/finalize`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
 	 */
-	certificateRequest(finalize: AcmeFinalize, account: AcmeAccount, previousNonce: string): JsonRawData;
-	/**
-	 * Parses the response from `POST /acme/{provisioner-name}/certificate/{certificate-id}`.
-	 *
-	 * @param certificateChain HTTP string response body
-	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
-	 */
-	certificateResponse(certificateChain: string): Uint8Array[];
+	certificateRequest(previousNonce: string): JsonRawData;
 }
 /**
  * Holds URLs of all the standard ACME endpoint supported on an ACME server.
@@ -1166,13 +1152,13 @@ export interface NewAcmeAuthz {
 	 *
 	 * @readonly
 	 */
-	wireDpopChallenge: AcmeChallenge | null;
+	wireDpopChallenge?: AcmeChallenge;
 	/**
 	 * Challenge for the userId and displayName
 	 *
 	 * @readonly
 	 */
-	wireOidcChallenge: AcmeChallenge | null;
+	wireOidcChallenge?: AcmeChallenge;
 }
 /**
  * For creating a challenge
@@ -1192,23 +1178,5 @@ export interface AcmeChallenge {
 	 */
 	url: string;
 }
-/**
- * Result from finalize.
- * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
- */
-export interface AcmeFinalize {
-	/**
-	 * Contains raw JSON data of this finalize. This is parsed by the underlying Rust library hence should not be accessed
-	 *
-	 * @readonly
-	 */
-	delegate: Uint8Array;
-	/**
-	 * URL of to use for the last request to fetch the x509 certificate
-	 *
-	 * @readonly
-	 */
-	certificateUrl: string;
-}
 
 export {};

package/platforms/web/corecrypto.js

@@ -226,12 +226,12 @@ function makeMutClosure(arg0, arg1, dtor, f) {
     return real;
 }
 function __wbg_adapter_52(arg0, arg1, arg2) {
-    wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h52d25f5c9b3d3ff2(arg0, arg1, addHeapObject(arg2));
+    wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hcd81a8436ed0ce82(arg0, arg1, addHeapObject(arg2));
 }
 function __wbg_adapter_55(arg0, arg1, arg2) {
     try {
         const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-        wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__hf21a7c6a12593e32(retptr, arg0, arg1, addHeapObject(arg2));
+        wasm$1._dyn_core__ops__function__FnMut__A____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h24e8da7fa5a69ec8(retptr, arg0, arg1, addHeapObject(arg2));
         var r0 = getInt32Memory0()[retptr / 4 + 0];
         var r1 = getInt32Memory0()[retptr / 4 + 1];
         if (r1) {
@@ -270,15 +270,6 @@ function passArray8ToWasm0(arg, malloc) {
     WASM_VECTOR_LEN = arg.length;
     return ptr;
 }
-function getArrayJsValueFromWasm0(ptr, len) {
-    const mem = getUint32Memory0();
-    const slice = mem.subarray(ptr / 4, ptr / 4 + len);
-    const result = [];
-    for (let i = 0; i < slice.length; i++) {
-        result.push(takeObject(slice[i]));
-    }
-    return result;
-}
 function getArrayU8FromWasm0(ptr, len) {
     return getUint8Memory0().subarray(ptr / 1, ptr / 1 + len);
 }
@@ -290,8 +281,8 @@ function handleError(f, args) {
         wasm$1.__wbindgen_exn_store(addHeapObject(e));
     }
 }
-function __wbg_adapter_282(arg0, arg1, arg2, arg3) {
-    wasm$1.wasm_bindgen__convert__closures__invoke2_mut__h48b463a50f27b62f(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
+function __wbg_adapter_279(arg0, arg1, arg2, arg3) {
+    wasm$1.wasm_bindgen__convert__closures__invoke2_mut__h4a304d04c926e9b8(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 }
 /**
 * see [core_crypto::prelude::MlsWirePolicy]
@@ -427,10 +418,10 @@ class AcmeDirectory {
     /**
     * @returns {string}
     */
-    get new_nonce() {
+    get newNonce() {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmedirectory_new_nonce(retptr, this.ptr);
+            wasm$1.acmedirectory_newNonce(retptr, this.ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             return getStringFromWasm0(r0, r1);
@@ -443,7 +434,7 @@ class AcmeDirectory {
     /**
     * @returns {string}
     */
-    get new_account() {
+    get newAccount() {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
             wasm$1.acmechallenge_url(retptr, this.ptr);
@@ -459,62 +450,10 @@ class AcmeDirectory {
     /**
     * @returns {string}
     */
-    get new_order() {
-        try {
-            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmedirectory_new_order(retptr, this.ptr);
-            var r0 = getInt32Memory0()[retptr / 4 + 0];
-            var r1 = getInt32Memory0()[retptr / 4 + 1];
-            return getStringFromWasm0(r0, r1);
-        }
-        finally {
-            wasm$1.__wbindgen_add_to_stack_pointer(16);
-            wasm$1.__wbindgen_free(r0, r1);
-        }
-    }
-}
-/**
-* See [core_crypto::e2e_identity::types::E2eiAcmeFinalize]
-*/
-class AcmeFinalize {
-    static __wrap(ptr) {
-        const obj = Object.create(AcmeFinalize.prototype);
-        obj.ptr = ptr;
-        return obj;
-    }
-    __destroy_into_raw() {
-        const ptr = this.ptr;
-        this.ptr = 0;
-        return ptr;
-    }
-    free() {
-        const ptr = this.__destroy_into_raw();
-        wasm$1.__wbg_acmefinalize_free(ptr);
-    }
-    /**
-    * @param {Uint8Array} delegate
-    * @param {string} certificate_url
-    */
-    constructor(delegate, certificate_url) {
-        const ptr0 = passStringToWasm0(certificate_url, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-        const len0 = WASM_VECTOR_LEN;
-        const ret = wasm$1.acmechallenge_new(addHeapObject(delegate), ptr0, len0);
-        return AcmeFinalize.__wrap(ret);
-    }
-    /**
-    * @returns {Uint8Array}
-    */
-    get delegate() {
-        const ret = wasm$1.acmechallenge_delegate(this.ptr);
-        return takeObject(ret);
-    }
-    /**
-    * @returns {string}
-    */
-    get certificate_url() {
+    get newOrder() {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.acmechallenge_url(retptr, this.ptr);
+            wasm$1.acmedirectory_newOrder(retptr, this.ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             return getStringFromWasm0(r0, r1);
@@ -734,11 +673,11 @@ let CoreCrypto$1 = class CoreCrypto {
     }
     /**
     * Returns the Arc strong ref count
-    * @returns {number}
+    * @returns {boolean}
     */
-    strong_ref_count() {
-        const ret = wasm$1.corecrypto_strong_ref_count(this.ptr);
-        return ret >>> 0;
+    has_outstanding_refs() {
+        const ret = wasm$1.corecrypto_has_outstanding_refs(this.ptr);
+        return ret !== 0;
     }
     /**
     * Returns: [`WasmCryptoResult<()>`]
@@ -1472,12 +1411,38 @@ let CoreCrypto$1 = class CoreCrypto {
         return takeObject(ret);
     }
     /**
+    * Returns: [`WasmCryptoResult<WireE2eIdentity>`]
+    *
     * see [core_crypto::mls::MlsCentral::new_acme_enrollment]
+    * @param {string} client_id
+    * @param {string} display_name
+    * @param {string} handle
+    * @param {number} expiry_days
     * @param {number} ciphersuite
-    * @returns {Promise<FfiWireE2EIdentity>}
+    * @returns {Promise<any>}
     */
-    new_acme_enrollment(ciphersuite) {
-        const ret = wasm$1.corecrypto_new_acme_enrollment(this.ptr, ciphersuite);
+    new_acme_enrollment(client_id, display_name, handle, expiry_days, ciphersuite) {
+        const ptr0 = passStringToWasm0(client_id, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passStringToWasm0(display_name, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const len1 = WASM_VECTOR_LEN;
+        const ptr2 = passStringToWasm0(handle, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const len2 = WASM_VECTOR_LEN;
+        const ret = wasm$1.corecrypto_new_acme_enrollment(this.ptr, ptr0, len0, ptr1, len1, ptr2, len2, expiry_days, ciphersuite);
+        return takeObject(ret);
+    }
+    /**
+    * see [core_crypto::mls::MlsCentral::e2ei_mls_init]
+    * @param {FfiWireE2EIdentity} e2ei
+    * @param {string} certificate_chain
+    * @returns {Promise<any>}
+    */
+    e2ei_mls_init(e2ei, certificate_chain) {
+        _assertClass(e2ei, FfiWireE2EIdentity);
+        var ptr0 = e2ei.__destroy_into_raw();
+        const ptr1 = passStringToWasm0(certificate_chain, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const len1 = WASM_VECTOR_LEN;
+        const ret = wasm$1.corecrypto_e2ei_mls_init(this.ptr, ptr0, ptr1, len1);
         return takeObject(ret);
     }
 };
@@ -1621,7 +1586,7 @@ class FfiWireE2EIdentity {
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::directory_response]
     * @param {Uint8Array} directory
-    * @returns {any}
+    * @returns {AcmeDirectory}
     */
     directory_response(directory) {
         try {
@@ -1635,7 +1600,7 @@ class FfiWireE2EIdentity {
             if (r2) {
                 throw takeObject(r1);
             }
-            return takeObject(r0);
+            return AcmeDirectory.__wrap(r0);
         }
         finally {
             wasm$1.__wbindgen_add_to_stack_pointer(16);
@@ -1643,16 +1608,15 @@ class FfiWireE2EIdentity {
     }
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::new_account_request]
-    * @param {any} directory
     * @param {string} previous_nonce
     * @returns {Uint8Array}
     */
-    new_account_request(directory, previous_nonce) {
+    new_account_request(previous_nonce) {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
             const ptr0 = passStringToWasm0(previous_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len0 = WASM_VECTOR_LEN;
-            wasm$1.ffiwiree2eidentity_new_account_request(retptr, this.ptr, addHeapObject(directory), ptr0, len0);
+            wasm$1.ffiwiree2eidentity_new_account_request(retptr, this.ptr, ptr0, len0);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             var r2 = getInt32Memory0()[retptr / 4 + 2];
@@ -1668,7 +1632,7 @@ class FfiWireE2EIdentity {
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::new_account_response]
     * @param {Uint8Array} account
-    * @returns {Uint8Array}
+    * @returns {any}
     */
     new_account_response(account) {
         try {
@@ -1688,27 +1652,15 @@ class FfiWireE2EIdentity {
     }
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::new_order_request]
-    * @param {string} display_name
-    * @param {string} client_id
-    * @param {string} handle
-    * @param {number} expiry_days
-    * @param {any} directory
-    * @param {Uint8Array} account
     * @param {string} previous_nonce
     * @returns {Uint8Array}
     */
-    new_order_request(display_name, client_id, handle, expiry_days, directory, account, previous_nonce) {
+    new_order_request(previous_nonce) {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            const ptr0 = passStringToWasm0(display_name, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+            const ptr0 = passStringToWasm0(previous_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len0 = WASM_VECTOR_LEN;
-            const ptr1 = passStringToWasm0(client_id, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-            const len1 = WASM_VECTOR_LEN;
-            const ptr2 = passStringToWasm0(handle, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-            const len2 = WASM_VECTOR_LEN;
-            const ptr3 = passStringToWasm0(previous_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-            const len3 = WASM_VECTOR_LEN;
-            wasm$1.ffiwiree2eidentity_new_order_request(retptr, this.ptr, ptr0, len0, ptr1, len1, ptr2, len2, expiry_days, addHeapObject(directory), addHeapObject(account), ptr3, len3);
+            wasm$1.ffiwiree2eidentity_new_order_request(retptr, this.ptr, ptr0, len0);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             var r2 = getInt32Memory0()[retptr / 4 + 2];
@@ -1724,7 +1676,7 @@ class FfiWireE2EIdentity {
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::new_order_response]
     * @param {Uint8Array} order
-    * @returns {any}
+    * @returns {NewAcmeOrder}
     */
     new_order_response(order) {
         try {
@@ -1736,7 +1688,7 @@ class FfiWireE2EIdentity {
             if (r2) {
                 throw takeObject(r1);
             }
-            return takeObject(r0);
+            return NewAcmeOrder.__wrap(r0);
         }
         finally {
             wasm$1.__wbindgen_add_to_stack_pointer(16);
@@ -1745,18 +1697,17 @@ class FfiWireE2EIdentity {
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::new_authz_request]
     * @param {string} url
-    * @param {Uint8Array} account
     * @param {string} previous_nonce
     * @returns {Uint8Array}
     */
-    new_authz_request(url, account, previous_nonce) {
+    new_authz_request(url, previous_nonce) {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
             const ptr0 = passStringToWasm0(url, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len0 = WASM_VECTOR_LEN;
             const ptr1 = passStringToWasm0(previous_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len1 = WASM_VECTOR_LEN;
-            wasm$1.ffiwiree2eidentity_new_authz_request(retptr, this.ptr, ptr0, len0, addHeapObject(account), ptr1, len1);
+            wasm$1.ffiwiree2eidentity_new_authz_request(retptr, this.ptr, ptr0, len0, ptr1, len1);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             var r2 = getInt32Memory0()[retptr / 4 + 2];
@@ -1772,7 +1723,7 @@ class FfiWireE2EIdentity {
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::new_authz_response]
     * @param {Uint8Array} authz
-    * @returns {any}
+    * @returns {NewAcmeAuthz}
     */
     new_authz_response(authz) {
         try {
@@ -1784,7 +1735,7 @@ class FfiWireE2EIdentity {
             if (r2) {
                 throw takeObject(r1);
             }
-            return takeObject(r0);
+            return NewAcmeAuthz.__wrap(r0);
         }
         finally {
             wasm$1.__wbindgen_add_to_stack_pointer(16);
@@ -1793,56 +1744,43 @@ class FfiWireE2EIdentity {
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::create_dpop_token]
     * @param {string} access_token_url
-    * @param {string} client_id
-    * @param {any} dpop_challenge
     * @param {string} backend_nonce
-    * @param {number} expiry_days
-    * @returns {string}
+    * @returns {Uint8Array}
     */
-    create_dpop_token(access_token_url, client_id, dpop_challenge, backend_nonce, expiry_days) {
+    create_dpop_token(access_token_url, backend_nonce) {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
             const ptr0 = passStringToWasm0(access_token_url, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len0 = WASM_VECTOR_LEN;
-            const ptr1 = passStringToWasm0(client_id, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+            const ptr1 = passStringToWasm0(backend_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len1 = WASM_VECTOR_LEN;
-            const ptr2 = passStringToWasm0(backend_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-            const len2 = WASM_VECTOR_LEN;
-            wasm$1.ffiwiree2eidentity_create_dpop_token(retptr, this.ptr, ptr0, len0, ptr1, len1, addHeapObject(dpop_challenge), ptr2, len2, expiry_days);
+            wasm$1.ffiwiree2eidentity_create_dpop_token(retptr, this.ptr, ptr0, len0, ptr1, len1);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             var r2 = getInt32Memory0()[retptr / 4 + 2];
-            var r3 = getInt32Memory0()[retptr / 4 + 3];
-            var ptr3 = r0;
-            var len3 = r1;
-            if (r3) {
-                ptr3 = 0;
-                len3 = 0;
-                throw takeObject(r2);
+            if (r2) {
+                throw takeObject(r1);
             }
-            return getStringFromWasm0(ptr3, len3);
+            return takeObject(r0);
         }
         finally {
             wasm$1.__wbindgen_add_to_stack_pointer(16);
-            wasm$1.__wbindgen_free(ptr3, len3);
         }
     }
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::new_dpop_challenge_request]
     * @param {string} access_token
-    * @param {any} dpop_challenge
-    * @param {Uint8Array} account
     * @param {string} previous_nonce
     * @returns {Uint8Array}
     */
-    new_dpop_challenge_request(access_token, dpop_challenge, account, previous_nonce) {
+    new_dpop_challenge_request(access_token, previous_nonce) {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
             const ptr0 = passStringToWasm0(access_token, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len0 = WASM_VECTOR_LEN;
             const ptr1 = passStringToWasm0(previous_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len1 = WASM_VECTOR_LEN;
-            wasm$1.ffiwiree2eidentity_new_dpop_challenge_request(retptr, this.ptr, ptr0, len0, addHeapObject(dpop_challenge), addHeapObject(account), ptr1, len1);
+            wasm$1.ffiwiree2eidentity_new_dpop_challenge_request(retptr, this.ptr, ptr0, len0, ptr1, len1);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             var r2 = getInt32Memory0()[retptr / 4 + 2];
@@ -1858,19 +1796,17 @@ class FfiWireE2EIdentity {
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::new_oidc_challenge_request]
     * @param {string} id_token
-    * @param {any} oidc_challenge
-    * @param {Uint8Array} account
     * @param {string} previous_nonce
     * @returns {Uint8Array}
     */
-    new_oidc_challenge_request(id_token, oidc_challenge, account, previous_nonce) {
+    new_oidc_challenge_request(id_token, previous_nonce) {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
             const ptr0 = passStringToWasm0(id_token, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len0 = WASM_VECTOR_LEN;
             const ptr1 = passStringToWasm0(previous_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len1 = WASM_VECTOR_LEN;
-            wasm$1.ffiwiree2eidentity_new_oidc_challenge_request(retptr, this.ptr, ptr0, len0, addHeapObject(oidc_challenge), addHeapObject(account), ptr1, len1);
+            wasm$1.ffiwiree2eidentity_new_oidc_challenge_request(retptr, this.ptr, ptr0, len0, ptr1, len1);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             var r2 = getInt32Memory0()[retptr / 4 + 2];
@@ -1886,6 +1822,7 @@ class FfiWireE2EIdentity {
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::new_challenge_response]
     * @param {Uint8Array} challenge
+    * @returns {any}
     */
     new_challenge_response(challenge) {
         try {
@@ -1893,9 +1830,11 @@ class FfiWireE2EIdentity {
             wasm$1.ffiwiree2eidentity_new_challenge_response(retptr, this.ptr, addHeapObject(challenge));
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
-            if (r1) {
-                throw takeObject(r0);
+            var r2 = getInt32Memory0()[retptr / 4 + 2];
+            if (r2) {
+                throw takeObject(r1);
             }
+            return takeObject(r0);
         }
         finally {
             wasm$1.__wbindgen_add_to_stack_pointer(16);
@@ -1904,18 +1843,17 @@ class FfiWireE2EIdentity {
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::check_order_request]
     * @param {string} order_url
-    * @param {Uint8Array} account
     * @param {string} previous_nonce
     * @returns {Uint8Array}
     */
-    check_order_request(order_url, account, previous_nonce) {
+    check_order_request(order_url, previous_nonce) {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
             const ptr0 = passStringToWasm0(order_url, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len0 = WASM_VECTOR_LEN;
             const ptr1 = passStringToWasm0(previous_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len1 = WASM_VECTOR_LEN;
-            wasm$1.ffiwiree2eidentity_check_order_request(retptr, this.ptr, ptr0, len0, addHeapObject(account), ptr1, len1);
+            wasm$1.ffiwiree2eidentity_check_order_request(retptr, this.ptr, ptr0, len0, ptr1, len1);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             var r2 = getInt32Memory0()[retptr / 4 + 2];
@@ -1931,7 +1869,7 @@ class FfiWireE2EIdentity {
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::check_order_response]
     * @param {Uint8Array} order
-    * @returns {Uint8Array}
+    * @returns {any}
     */
     check_order_response(order) {
         try {
@@ -1951,17 +1889,15 @@ class FfiWireE2EIdentity {
     }
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::finalize_request]
-    * @param {Uint8Array} order
-    * @param {Uint8Array} account
     * @param {string} previous_nonce
     * @returns {Uint8Array}
     */
-    finalize_request(order, account, previous_nonce) {
+    finalize_request(previous_nonce) {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
             const ptr0 = passStringToWasm0(previous_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len0 = WASM_VECTOR_LEN;
-            wasm$1.ffiwiree2eidentity_finalize_request(retptr, this.ptr, addHeapObject(order), addHeapObject(account), ptr0, len0);
+            wasm$1.ffiwiree2eidentity_finalize_request(retptr, this.ptr, ptr0, len0);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             var r2 = getInt32Memory0()[retptr / 4 + 2];
@@ -1997,17 +1933,15 @@ class FfiWireE2EIdentity {
     }
     /**
     * See [core_crypto::e2e_identity::WireE2eIdentity::certificate_request]
-    * @param {any} finalize
-    * @param {Uint8Array} account
     * @param {string} previous_nonce
     * @returns {Uint8Array}
     */
-    certificate_request(finalize, account, previous_nonce) {
+    certificate_request(previous_nonce) {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
             const ptr0 = passStringToWasm0(previous_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
             const len0 = WASM_VECTOR_LEN;
-            wasm$1.ffiwiree2eidentity_certificate_request(retptr, this.ptr, addHeapObject(finalize), addHeapObject(account), ptr0, len0);
+            wasm$1.ffiwiree2eidentity_certificate_request(retptr, this.ptr, ptr0, len0);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             var r2 = getInt32Memory0()[retptr / 4 + 2];
@@ -2020,32 +1954,6 @@ class FfiWireE2EIdentity {
             wasm$1.__wbindgen_add_to_stack_pointer(16);
         }
     }
-    /**
-    * See [core_crypto::e2e_identity::WireE2eIdentity::certificate_response]
-    * @param {string} certificate_chain
-    * @returns {(Uint8Array)[]}
-    */
-    certificate_response(certificate_chain) {
-        try {
-            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            const ptr0 = passStringToWasm0(certificate_chain, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-            const len0 = WASM_VECTOR_LEN;
-            wasm$1.ffiwiree2eidentity_certificate_response(retptr, this.ptr, ptr0, len0);
-            var r0 = getInt32Memory0()[retptr / 4 + 0];
-            var r1 = getInt32Memory0()[retptr / 4 + 1];
-            var r2 = getInt32Memory0()[retptr / 4 + 2];
-            var r3 = getInt32Memory0()[retptr / 4 + 3];
-            if (r3) {
-                throw takeObject(r2);
-            }
-            var v1 = getArrayJsValueFromWasm0(r0, r1).slice();
-            wasm$1.__wbindgen_free(r0, r1 * 4);
-            return v1;
-        }
-        finally {
-            wasm$1.__wbindgen_add_to_stack_pointer(16);
-        }
-    }
 }
 /**
 * see [core_crypto::prelude::ConversationMember]
@@ -2077,7 +1985,7 @@ class Invitee {
     * @returns {Uint8Array}
     */
     get id() {
-        const ret = wasm$1.invitee_id(this.ptr);
+        const ret = wasm$1.acmechallenge_delegate(this.ptr);
         return takeObject(ret);
     }
     /**
@@ -2197,15 +2105,15 @@ class NewAcmeAuthz {
     /**
     * @returns {AcmeChallenge | undefined}
     */
-    get wire_dpop_challenge() {
-        const ret = wasm$1.newacmeauthz_wire_dpop_challenge(this.ptr);
+    get wireDpopChallenge() {
+        const ret = wasm$1.newacmeauthz_wireDpopChallenge(this.ptr);
         return ret === 0 ? undefined : AcmeChallenge.__wrap(ret);
     }
     /**
     * @returns {AcmeChallenge | undefined}
     */
-    get wire_oidc_challenge() {
-        const ret = wasm$1.newacmeauthz_wire_oidc_challenge(this.ptr);
+    get wireOidcChallenge() {
+        const ret = wasm$1.newacmeauthz_wireOidcChallenge(this.ptr);
         return ret === 0 ? undefined : AcmeChallenge.__wrap(ret);
     }
 }
@@ -2273,7 +2181,7 @@ class ProposalBundle {
     * @returns {Uint8Array}
     */
     get proposal() {
-        const ret = wasm$1.invitee_id(this.ptr);
+        const ret = wasm$1.acmechallenge_delegate(this.ptr);
         return takeObject(ret);
     }
     /**
@@ -2375,7 +2283,7 @@ class PublicGroupStateBundle {
     * @returns {Uint8Array}
     */
     get payload() {
-        const ret = wasm$1.invitee_id(this.ptr);
+        const ret = wasm$1.acmechallenge_delegate(this.ptr);
         return takeObject(ret);
     }
 }
@@ -2472,10 +2380,6 @@ function getImports() {
         const ret = new Uint8Array(getObject(arg0));
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_bigint_from_u64 = function (arg0) {
-        const ret = BigInt.asUintN(64, arg0);
-        return addHeapObject(ret);
-    };
     imports.wbg.__wbg_new_9d3a9ce4282a18a8 = function (arg0, arg1) {
         try {
             var state0 = { a: arg0, b: arg1 };
@@ -2483,7 +2387,7 @@ function getImports() {
                 const a = state0.a;
                 state0.a = 0;
                 try {
-                    return __wbg_adapter_282(a, state0.b, arg0, arg1);
+                    return __wbg_adapter_279(a, state0.b, arg0, arg1);
                 }
                 finally {
                     state0.a = a;
@@ -2496,6 +2400,14 @@ function getImports() {
             state0.a = state0.b = 0;
         }
     };
+    imports.wbg.__wbg_new_f841cc6f2098f4b5 = function () {
+        const ret = new Map();
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_set_388c4c6422704173 = function (arg0, arg1, arg2) {
+        const ret = getObject(arg0).set(getObject(arg1), getObject(arg2));
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbindgen_number_new = function (arg0) {
         const ret = arg0;
         return addHeapObject(ret);
@@ -2508,26 +2420,22 @@ function getImports() {
         const ret = getObject(arg0).push(getObject(arg1));
         return ret;
     };
-    imports.wbg.__wbg_new_f841cc6f2098f4b5 = function () {
-        const ret = new Map();
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_set_388c4c6422704173 = function (arg0, arg1, arg2) {
-        const ret = getObject(arg0).set(getObject(arg1), getObject(arg2));
+    imports.wbg.__wbindgen_bigint_from_u64 = function (arg0) {
+        const ret = BigInt.asUintN(64, arg0);
         return addHeapObject(ret);
     };
     imports.wbg.__wbg_proteusautoprekeybundle_new = function (arg0) {
         const ret = ProteusAutoPrekeyBundle.__wrap(arg0);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_new_f9876326328f45ed = function () {
-        const ret = new Object();
-        return addHeapObject(ret);
-    };
     imports.wbg.__wbg_ffiwiree2eidentity_new = function (arg0) {
         const ret = FfiWireE2EIdentity.__wrap(arg0);
         return addHeapObject(ret);
     };
+    imports.wbg.__wbg_new_f9876326328f45ed = function () {
+        const ret = new Object();
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbg_setonsuccess_925a7718d3f62bc1 = function (arg0, arg1) {
         getObject(arg0).onsuccess = getObject(arg1);
     };
@@ -2539,14 +2447,6 @@ function getImports() {
         const ret = getObject(arg0)[arg1 >>> 0];
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_new0_25059e40b1c02766 = function () {
-        const ret = new Date();
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_getTime_7c59072d1651a3cf = function (arg0) {
-        const ret = getObject(arg0).getTime();
-        return ret;
-    };
     imports.wbg.__wbindgen_jsval_loose_eq = function (arg0, arg1) {
         const ret = getObject(arg0) == getObject(arg1);
         return ret;
@@ -3055,6 +2955,14 @@ function getImports() {
         getInt32Memory0()[arg0 / 4 + 1] = len0;
         getInt32Memory0()[arg0 / 4 + 0] = ptr0;
     };
+    imports.wbg.__wbg_new0_25059e40b1c02766 = function () {
+        const ret = new Date();
+        return addHeapObject(ret);
+    };
+    imports.wbg.__wbg_getTime_7c59072d1651a3cf = function (arg0) {
+        const ret = getObject(arg0).getTime();
+        return ret;
+    };
     imports.wbg.__wbindgen_debug_string = function (arg0, arg1) {
         const ret = debugString(getObject(arg1));
         const ptr0 = passStringToWasm0(ret, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
@@ -3133,12 +3041,12 @@ function getImports() {
             return addHeapObject(ret);
         }, arguments);
     };
-    imports.wbg.__wbindgen_closure_wrapper1553 = function (arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 165, __wbg_adapter_52);
+    imports.wbg.__wbindgen_closure_wrapper1545 = function (arg0, arg1, arg2) {
+        const ret = makeMutClosure(arg0, arg1, 156, __wbg_adapter_52);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper4705 = function (arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 165, __wbg_adapter_55);
+    imports.wbg.__wbindgen_closure_wrapper4563 = function (arg0, arg1, arg2) {
+        const ret = makeMutClosure(arg0, arg1, 156, __wbg_adapter_55);
         return addHeapObject(ret);
     };
     return imports;
@@ -3174,7 +3082,6 @@ var exports = /*#__PURE__*/Object.freeze({
     __proto__: null,
     AcmeChallenge: AcmeChallenge,
     AcmeDirectory: AcmeDirectory,
-    AcmeFinalize: AcmeFinalize,
     Ciphersuite: Ciphersuite$1,
     CommitBundle: CommitBundle,
     ConversationConfiguration: ConversationConfiguration,
@@ -3199,7 +3106,7 @@ var exports = /*#__PURE__*/Object.freeze({
 var wasm = async (opt = {}) => {
                 let {importHook, serverPath} = opt;
 
-                let path = "assets/core_crypto_ffi-834f6094.wasm";
+                let path = "assets/core_crypto_ffi-2bc82439.wasm";
 
                 if (serverPath != null) {
                     path = serverPath + /[^\/\\]*$/.exec(path)[0];
@@ -3485,13 +3392,13 @@ class CoreCrypto {
         __classPrivateFieldSet(this, _CoreCrypto_cc, cc, "f");
     }
     /**
-     * If this returns > 1 you **cannot** call {@link CoreCrypto.wipe} or {@link CoreCrypto.close} as they will produce an error because of the
+     * If this returns `true` you **cannot** call {@link CoreCrypto.wipe} or {@link CoreCrypto.close} as they will produce an error because of the
      * outstanding references that were detected.
      *
      * @returns the count of strong refs for this CoreCrypto instance
      */
-    strongRefCount() {
-        return __classPrivateFieldGet(this, _CoreCrypto_cc, "f").strong_ref_count();
+    isLocked() {
+        return __classPrivateFieldGet(this, _CoreCrypto_cc, "f").has_outstanding_refs();
     }
     /**
      * Wipes the {@link CoreCrypto} backing storage (i.e. {@link https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API | IndexedDB} database)
@@ -4169,19 +4076,30 @@ class CoreCrypto {
     /**
      * Creates an enrollment instance with private key material you can use in order to fetch
      * a new x509 certificate from the acme server.
-     * Make sure to call {@link WireE2eIdentity.free} to dispose this instance and its associated
-     * keying material.
      *
+     * @param clientId client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+     * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
+     * @param handle user handle e.g. `alice.smith.qa@example.com`
+     * @param expiryDays generated x509 certificate expiry
      * @param ciphersuite - For generating signing key material. Only {@link Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519} is supported currently
      * @returns The new {@link WireE2eIdentity} object
      */
-    async newAcmeEnrollment(ciphersuite = Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519) {
+    async newAcmeEnrollment(clientId, displayName, handle, expiryDays, ciphersuite = Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519) {
         if (ciphersuite !== Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519) {
             throw new Error("This ACME ciphersuite isn't supported. Only `Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519` is as of now");
         }
-        const e2ei = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").new_acme_enrollment(ciphersuite));
+        const e2ei = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").new_acme_enrollment(clientId, displayName, handle, expiryDays, ciphersuite));
         return new WireE2eIdentity(e2ei);
     }
+    /**
+     * Parses the ACME server response from the endpoint fetching x509 certificates and uses it to initialize the MLS client with a certificate
+     *
+     * @param e2ei - the enrollment instance used to fetch the certificates
+     * @param certificateChain - the raw response from ACME server
+     */
+    async e2eiMlsInit(e2ei, certificateChain) {
+        return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_mls_init(e2ei.inner(), certificateChain);
+    }
     /**
      * Returns the current version of {@link CoreCrypto}
      *
@@ -4209,6 +4127,12 @@ class WireE2eIdentity {
     free() {
         __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").free();
     }
+    /**
+     * Should only be used internally
+     */
+    inner() {
+        return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f");
+    }
     /**
      * Parses the response from `GET /acme/{provisioner-name}/directory`.
      * Use this {@link AcmeDirectory} in the next step to fetch the first nonce from the acme server. Use
@@ -4229,13 +4153,12 @@ class WireE2eIdentity {
      * For creating a new acme account. This returns a signed JWS-alike request body to send to
      * `POST /acme/{provisioner-name}/new-account`.
      *
-     * @param directory you got from {@link directoryResponse}
      * @param previousNonce you got from calling `HEAD {@link AcmeDirectory.newNonce}`
      * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
      */
-    newAccountRequest(directory, previousNonce) {
+    newAccountRequest(previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_account_request(directory, previousNonce);
+            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_account_request(previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4257,18 +4180,12 @@ class WireE2eIdentity {
     /**
      * Creates a new acme order for the handle (userId + display name) and the clientId.
      *
-     * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
-     * @param clientId client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
-     * @param handle user handle e.g. `alice.smith.qa@example.com`
-     * @param expiryDays generated x509 certificate expiry
-     * @param directory you got from {@link directoryResponse}
-     * @param account you got from {@link newAccountResponse}
      * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-account`
      * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
      */
-    newOrderRequest(displayName, clientId, handle, expiryDays, directory, account, previousNonce) {
+    newOrderRequest(previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_order_request(displayName, clientId, handle, expiryDays, directory, account, previousNonce);
+            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_order_request(previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4292,14 +4209,13 @@ class WireE2eIdentity {
      * Creates a new authorization request.
      *
      * @param url one of the URL in new order's authorizations (use {@link NewAcmeOrder.authorizations} from {@link newOrderResponse})
-     * @param account you got from {@link newAccountResponse}
      * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-order` (or from the
      * previous to this method if you are creating the second authorization)
      * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
      */
-    newAuthzRequest(url, account, previousNonce) {
+    newAuthzRequest(url, previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_authz_request(url, account, previousNonce);
+            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_authz_request(url, previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4328,14 +4244,11 @@ class WireE2eIdentity {
      * {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token} on wire-server.
      *
      * @param accessTokenUrl backend endpoint where this token will be sent. Should be this one {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token}
-     * @param clientId client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
-     * @param dpopChallenge you found after {@link newAuthzResponse}
      * @param backendNonce you get by calling `GET /clients/token/nonce` on wire-server as defined here {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/get_clients__client__nonce}
-     * @param expiryDays token expiry in days
      */
-    createDpopToken(accessTokenUrl, clientId, dpopChallenge, backendNonce, expiryDays) {
+    createDpopToken(accessTokenUrl, backendNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").create_dpop_token(accessTokenUrl, clientId, dpopChallenge, backendNonce, expiryDays);
+            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").create_dpop_token(accessTokenUrl, backendNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4345,14 +4258,12 @@ class WireE2eIdentity {
      * Creates a new challenge request for Wire Dpop challenge.
      *
      * @param accessToken returned by wire-server from https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token
-     * @param dpopChallenge you found after {@link newAuthzResponse}
-     * @param account you found after {@link newAccountResponse}
      * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
      * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
      */
-    newDpopChallengeRequest(accessToken, dpopChallenge, account, previousNonce) {
+    newDpopChallengeRequest(accessToken, previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_dpop_challenge_request(accessToken, dpopChallenge, account, previousNonce);
+            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_dpop_challenge_request(accessToken, previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4362,14 +4273,12 @@ class WireE2eIdentity {
      * Creates a new challenge request for Wire Oidc challenge.
      *
      * @param idToken you get back from Identity Provider
-     * @param oidcChallenge you found after {@link newAuthzResponse}
-     * @param account you found after {@link newAccountResponse}
      * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
      * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
      */
-    newOidcChallengeRequest(idToken, oidcChallenge, account, previousNonce) {
+    newOidcChallengeRequest(idToken, previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_oidc_challenge_request(idToken, oidcChallenge, account, previousNonce);
+            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_oidc_challenge_request(idToken, previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4397,9 +4306,9 @@ class WireE2eIdentity {
      * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/challenge/{challenge-id}`
      * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
      */
-    checkOrderRequest(orderUrl, account, previousNonce) {
+    checkOrderRequest(orderUrl, previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").check_order_request(orderUrl, account, previousNonce);
+            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").check_order_request(orderUrl, previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4423,13 +4332,12 @@ class WireE2eIdentity {
      * Final step before fetching the certificate.
      *
      * @param order - order you got from {@link checkOrderResponse}
-     * @param account - account you found after {@link newAccountResponse}
      * @param previousNonce - `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}`
      * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
      */
-    finalizeRequest(order, account, previousNonce) {
+    finalizeRequest(previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").finalize_request(order, account, previousNonce);
+            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").finalize_request(previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4452,28 +4360,12 @@ class WireE2eIdentity {
     /**
      * Creates a request for finally fetching the x509 certificate.
      *
-     * @param finalize you got from {@link finalizeResponse}
-     * @param account you got from {@link newAccountResponse}
      * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}/finalize`
      * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
      */
-    certificateRequest(finalize, account, previousNonce) {
-        try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").certificate_request(finalize, account, previousNonce);
-        }
-        catch (e) {
-            throw CoreCryptoError.fromStdError(e);
-        }
-    }
-    /**
-     * Parses the response from `POST /acme/{provisioner-name}/certificate/{certificate-id}`.
-     *
-     * @param certificateChain HTTP string response body
-     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
-     */
-    certificateResponse(certificateChain) {
+    certificateRequest(previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").certificate_response(certificateChain);
+            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").certificate_request(previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);