@wireapp/core-crypto 0.7.0-rc.3 → 0.7.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wireapp/core-crypto",
-  "version": "0.7.0-rc.3",
+  "version": "0.7.0",
   "description": "CoreCrypto bindings for the Web",
   "type": "module",
   "module": "platforms/web/corecrypto.js",

package/platforms/web/corecrypto.d.ts

@@ -321,6 +321,33 @@ export interface DecryptedMessage {
 	 * true when the decrypted message resulted in an epoch change i.e. it was a commit
 	 */
 	hasEpochChanged: boolean;
+	/**
+	 * Identity claims present in the sender credential
+	 * Only present when the credential is a x509 certificate
+	 * Present for all messages
+	 */
+	identity?: WireIdentity;
+}
+/**
+ * Represents the identity claims identifying a client. Those claims are verifiable by any member in the group
+ */
+export interface WireIdentity {
+	/**
+	 * Represents the identity claims identifying a client. Those claims are verifiable by any member in the group
+	 */
+	clientId: string;
+	/**
+	 * user handle e.g. `john_wire`
+	 */
+	handle: string;
+	/**
+	 * Name as displayed in the messaging application e.g. `John Fitzgerald Kennedy`
+	 */
+	displayName: string;
+	/**
+	 * DNS domain for which this identity proof was generated e.g. `whitehouse.gov`
+	 */
+	domain: string;
 }
 /**
  * Returned by all methods creating proposals. Contains a proposal message and an identifier to roll back the proposal
@@ -520,12 +547,12 @@ export declare class CoreCrypto {
 	/** @hidden */
 	private constructor();
 	/**
-	 * If this returns > 1 you **cannot** call {@link CoreCrypto.wipe} or {@link CoreCrypto.close} as they will produce an error because of the
+	 * If this returns `true` you **cannot** call {@link CoreCrypto.wipe} or {@link CoreCrypto.close} as they will produce an error because of the
 	 * outstanding references that were detected.
 	 *
 	 * @returns the count of strong refs for this CoreCrypto instance
 	 */
-	strongRefCount(): number;
+	isLocked(): boolean;
 	/**
 	 * Wipes the {@link CoreCrypto} backing storage (i.e. {@link https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API | IndexedDB} database)
 	 *
@@ -934,13 +961,22 @@ export declare class CoreCrypto {
 	/**
 	 * Creates an enrollment instance with private key material you can use in order to fetch
 	 * a new x509 certificate from the acme server.
-	 * Make sure to call {@link WireE2eIdentity.free} to dispose this instance and its associated
-	 * keying material.
 	 *
+	 * @param clientId client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+	 * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
+	 * @param handle user handle e.g. `alice.smith.qa@example.com`
+	 * @param expiryDays generated x509 certificate expiry
 	 * @param ciphersuite - For generating signing key material. Only {@link Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519} is supported currently
 	 * @returns The new {@link WireE2eIdentity} object
 	 */
-	newAcmeEnrollment(ciphersuite?: Ciphersuite): Promise<WireE2eIdentity>;
+	newAcmeEnrollment(clientId: string, displayName: string, handle: string, expiryDays: number, ciphersuite?: Ciphersuite): Promise<WireE2eIdentity>;
+	/**
+	 * Parses the ACME server response from the endpoint fetching x509 certificates and uses it to initialize the MLS client with a certificate
+	 *
+	 * @param e2ei - the enrollment instance used to fetch the certificates
+	 * @param certificateChain - the raw response from ACME server
+	 */
+	e2eiMlsInit(e2ei: WireE2eIdentity, certificateChain: string): Promise<void>;
 	/**
 	 * Returns the current version of {@link CoreCrypto}
 	 *
@@ -949,13 +985,15 @@ export declare class CoreCrypto {
 	static version(): string;
 }
 type JsonRawData = Uint8Array;
-type AcmeAccount = Uint8Array;
-type AcmeOrder = Uint8Array;
 export declare class WireE2eIdentity {
 	#private;
 	/** @hidden */
 	constructor(e2ei: unknown);
 	free(): void;
+	/**
+	 * Should only be used internally
+	 */
+	inner(): unknown;
 	/**
 	 * Parses the response from `GET /acme/{provisioner-name}/directory`.
 	 * Use this {@link AcmeDirectory} in the next step to fetch the first nonce from the acme server. Use
@@ -969,30 +1007,23 @@ export declare class WireE2eIdentity {
 	 * For creating a new acme account. This returns a signed JWS-alike request body to send to
 	 * `POST /acme/{provisioner-name}/new-account`.
 	 *
-	 * @param directory you got from {@link directoryResponse}
 	 * @param previousNonce you got from calling `HEAD {@link AcmeDirectory.newNonce}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
 	 */
-	newAccountRequest(directory: AcmeDirectory, previousNonce: string): JsonRawData;
+	newAccountRequest(previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/new-account`.
 	 * @param account HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
 	 */
-	newAccountResponse(account: JsonRawData): AcmeAccount;
+	newAccountResponse(account: JsonRawData): void;
 	/**
 	 * Creates a new acme order for the handle (userId + display name) and the clientId.
 	 *
-	 * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
-	 * @param clientId client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
-	 * @param handle user handle e.g. `alice.smith.qa@example.com`
-	 * @param expiryDays generated x509 certificate expiry
-	 * @param directory you got from {@link directoryResponse}
-	 * @param account you got from {@link newAccountResponse}
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-account`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	newOrderRequest(displayName: string, clientId: string, handle: string, expiryDays: number, directory: AcmeDirectory, account: AcmeAccount, previousNonce: string): JsonRawData;
+	newOrderRequest(previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/new-order`.
 	 *
@@ -1004,12 +1035,11 @@ export declare class WireE2eIdentity {
 	 * Creates a new authorization request.
 	 *
 	 * @param url one of the URL in new order's authorizations (use {@link NewAcmeOrder.authorizations} from {@link newOrderResponse})
-	 * @param account you got from {@link newAccountResponse}
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-order` (or from the
 	 * previous to this method if you are creating the second authorization)
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
 	 */
-	newAuthzRequest(url: string, account: AcmeAccount, previousNonce: string): JsonRawData;
+	newAuthzRequest(url: string, previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/authz/{authz-id}`
 	 *
@@ -1026,32 +1056,25 @@ export declare class WireE2eIdentity {
 	 * {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token} on wire-server.
 	 *
 	 * @param accessTokenUrl backend endpoint where this token will be sent. Should be this one {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token}
-	 * @param clientId client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
-	 * @param dpopChallenge you found after {@link newAuthzResponse}
 	 * @param backendNonce you get by calling `GET /clients/token/nonce` on wire-server as defined here {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/get_clients__client__nonce}
-	 * @param expiryDays token expiry in days
 	 */
-	createDpopToken(accessTokenUrl: string, clientId: string, dpopChallenge: AcmeChallenge, backendNonce: string, expiryDays: number): string;
+	createDpopToken(accessTokenUrl: string, backendNonce: string): Uint8Array;
 	/**
 	 * Creates a new challenge request for Wire Dpop challenge.
 	 *
 	 * @param accessToken returned by wire-server from https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token
-	 * @param dpopChallenge you found after {@link newAuthzResponse}
-	 * @param account you found after {@link newAccountResponse}
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
 	 */
-	newDpopChallengeRequest(accessToken: string, dpopChallenge: AcmeChallenge, account: AcmeAccount, previousNonce: string): JsonRawData;
+	newDpopChallengeRequest(accessToken: string, previousNonce: string): JsonRawData;
 	/**
 	 * Creates a new challenge request for Wire Oidc challenge.
 	 *
 	 * @param idToken you get back from Identity Provider
-	 * @param oidcChallenge you found after {@link newAuthzResponse}
-	 * @param account you found after {@link newAccountResponse}
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
 	 */
-	newOidcChallengeRequest(idToken: string, oidcChallenge: AcmeChallenge, account: AcmeAccount, previousNonce: string): JsonRawData;
+	newOidcChallengeRequest(idToken: string, previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}`.
 	 *
@@ -1067,46 +1090,36 @@ export declare class WireE2eIdentity {
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/challenge/{challenge-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	checkOrderRequest(orderUrl: string, account: AcmeAccount, previousNonce: string): JsonRawData;
+	checkOrderRequest(orderUrl: string, previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}`.
 	 *
 	 * @param order HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	checkOrderResponse(order: JsonRawData): AcmeOrder;
+	checkOrderResponse(order: JsonRawData): void;
 	/**
 	 * Final step before fetching the certificate.
 	 *
 	 * @param order - order you got from {@link checkOrderResponse}
-	 * @param account - account you found after {@link newAccountResponse}
 	 * @param previousNonce - `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	finalizeRequest(order: AcmeOrder, account: AcmeAccount, previousNonce: string): JsonRawData;
+	finalizeRequest(previousNonce: string): JsonRawData;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}/finalize`.
 	 *
 	 * @param finalize HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	finalizeResponse(finalize: JsonRawData): AcmeFinalize;
+	finalizeResponse(finalize: JsonRawData): void;
 	/**
 	 * Creates a request for finally fetching the x509 certificate.
 	 *
-	 * @param finalize you got from {@link finalizeResponse}
-	 * @param account you got from {@link newAccountResponse}
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}/finalize`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
 	 */
-	certificateRequest(finalize: AcmeFinalize, account: AcmeAccount, previousNonce: string): JsonRawData;
-	/**
-	 * Parses the response from `POST /acme/{provisioner-name}/certificate/{certificate-id}`.
-	 *
-	 * @param certificateChain HTTP string response body
-	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
-	 */
-	certificateResponse(certificateChain: string): Uint8Array[];
+	certificateRequest(previousNonce: string): JsonRawData;
 }
 /**
  * Holds URLs of all the standard ACME endpoint supported on an ACME server.
@@ -1166,13 +1179,13 @@ export interface NewAcmeAuthz {
 	 *
 	 * @readonly
 	 */
-	wireDpopChallenge: AcmeChallenge | null;
+	wireDpopChallenge?: AcmeChallenge;
 	/**
 	 * Challenge for the userId and displayName
 	 *
 	 * @readonly
 	 */
-	wireOidcChallenge: AcmeChallenge | null;
+	wireOidcChallenge?: AcmeChallenge;
 }
 /**
  * For creating a challenge
@@ -1192,23 +1205,5 @@ export interface AcmeChallenge {
 	 */
 	url: string;
 }
-/**
- * Result from finalize.
- * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
- */
-export interface AcmeFinalize {
-	/**
-	 * Contains raw JSON data of this finalize. This is parsed by the underlying Rust library hence should not be accessed
-	 *
-	 * @readonly
-	 */
-	delegate: Uint8Array;
-	/**
-	 * URL of to use for the last request to fetch the x509 certificate
-	 *
-	 * @readonly
-	 */
-	certificateUrl: string;
-}
 
 export {};