@wireapp/core-crypto 1.0.0-rc.1 → 1.0.0-rc.11

package/platforms/web/corecrypto.js

@@ -234,12 +234,12 @@ function makeMutClosure(arg0, arg1, dtor, f) {
     return real;
 }
 function __wbg_adapter_52(arg0, arg1, arg2) {
-    wasm$1.wasm_bindgen__convert__closures__invoke1_mut__h8d579dd3e9d6cb9a(arg0, arg1, addHeapObject(arg2));
+    wasm$1.wasm_bindgen__convert__closures__invoke1_mut__hdb6540dbb26cf63b(arg0, arg1, addHeapObject(arg2));
 }
 function __wbg_adapter_55(arg0, arg1, arg2) {
     try {
         const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-        wasm$1.wasm_bindgen__convert__closures__invoke1_mut__h746b8b0ddaf8393e(retptr, arg0, arg1, addHeapObject(arg2));
+        wasm$1.wasm_bindgen__convert__closures__invoke1_mut__h3c15a82f614455aa(retptr, arg0, arg1, addHeapObject(arg2));
         var r0 = getInt32Memory0()[retptr / 4 + 0];
         var r1 = getInt32Memory0()[retptr / 4 + 1];
         if (r1) {
@@ -313,8 +313,8 @@ function handleError(f, args) {
         wasm$1.__wbindgen_exn_store(addHeapObject(e));
     }
 }
-function __wbg_adapter_296(arg0, arg1, arg2, arg3) {
-    wasm$1.wasm_bindgen__convert__closures__invoke2_mut__h80912c0a9461abcd(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
+function __wbg_adapter_312(arg0, arg1, arg2, arg3) {
+    wasm$1.wasm_bindgen__convert__closures__invoke2_mut__h5286c52f12e3fed2(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 }
 /**
 * see [core_crypto::prelude::MlsWirePolicy]
@@ -481,15 +481,18 @@ class AcmeDirectory {
     * @param {string} new_nonce
     * @param {string} new_account
     * @param {string} new_order
+    * @param {string} revoke_cert
     */
-    constructor(new_nonce, new_account, new_order) {
+    constructor(new_nonce, new_account, new_order, revoke_cert) {
         const ptr0 = passStringToWasm0(new_nonce, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len0 = WASM_VECTOR_LEN;
         const ptr1 = passStringToWasm0(new_account, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len1 = WASM_VECTOR_LEN;
         const ptr2 = passStringToWasm0(new_order, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len2 = WASM_VECTOR_LEN;
-        const ret = wasm$1.acmedirectory_new(ptr0, len0, ptr1, len1, ptr2, len2);
+        const ptr3 = passStringToWasm0(revoke_cert, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const len3 = WASM_VECTOR_LEN;
+        const ret = wasm$1.acmedirectory_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3);
         return AcmeDirectory.__wrap(ret);
     }
     /**
@@ -552,6 +555,103 @@ class AcmeDirectory {
             wasm$1.__wbindgen_free(deferred1_0, deferred1_1, 1);
         }
     }
+    /**
+    * @returns {string}
+    */
+    get revokeCert() {
+        let deferred1_0;
+        let deferred1_1;
+        try {
+            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
+            wasm$1.acmedirectory_revokeCert(retptr, this.__wbg_ptr);
+            var r0 = getInt32Memory0()[retptr / 4 + 0];
+            var r1 = getInt32Memory0()[retptr / 4 + 1];
+            deferred1_0 = r0;
+            deferred1_1 = r1;
+            return getStringFromWasm0(r0, r1);
+        }
+        finally {
+            wasm$1.__wbindgen_add_to_stack_pointer(16);
+            wasm$1.__wbindgen_free(deferred1_0, deferred1_1, 1);
+        }
+    }
+}
+/**
+* to avoid recursion
+*/
+class BufferedDecryptedMessage {
+    static __wrap(ptr) {
+        ptr = ptr >>> 0;
+        const obj = Object.create(BufferedDecryptedMessage.prototype);
+        obj.__wbg_ptr = ptr;
+        return obj;
+    }
+    __destroy_into_raw() {
+        const ptr = this.__wbg_ptr;
+        this.__wbg_ptr = 0;
+        return ptr;
+    }
+    free() {
+        const ptr = this.__destroy_into_raw();
+        wasm$1.__wbg_buffereddecryptedmessage_free(ptr);
+    }
+    /**
+    * @returns {any}
+    */
+    get message() {
+        const ret = wasm$1.buffereddecryptedmessage_message(this.__wbg_ptr);
+        return takeObject(ret);
+    }
+    /**
+    * @returns {Array<any>}
+    */
+    get proposals() {
+        const ret = wasm$1.buffereddecryptedmessage_proposals(this.__wbg_ptr);
+        return takeObject(ret);
+    }
+    /**
+    * @returns {boolean}
+    */
+    get is_active() {
+        const ret = wasm$1.buffereddecryptedmessage_is_active(this.__wbg_ptr);
+        return ret !== 0;
+    }
+    /**
+    * @returns {number | undefined}
+    */
+    get commit_delay() {
+        try {
+            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
+            wasm$1.buffereddecryptedmessage_commit_delay(retptr, this.__wbg_ptr);
+            var r0 = getInt32Memory0()[retptr / 4 + 0];
+            var r1 = getInt32Memory0()[retptr / 4 + 1];
+            return r0 === 0 ? undefined : r1 >>> 0;
+        }
+        finally {
+            wasm$1.__wbindgen_add_to_stack_pointer(16);
+        }
+    }
+    /**
+    * @returns {any}
+    */
+    get sender_client_id() {
+        const ret = wasm$1.buffereddecryptedmessage_sender_client_id(this.__wbg_ptr);
+        return takeObject(ret);
+    }
+    /**
+    * @returns {boolean}
+    */
+    get has_epoch_changed() {
+        const ret = wasm$1.buffereddecryptedmessage_has_epoch_changed(this.__wbg_ptr);
+        return ret !== 0;
+    }
+    /**
+    * @returns {WireIdentity | undefined}
+    */
+    get identity() {
+        const ret = wasm$1.buffereddecryptedmessage_identity(this.__wbg_ptr);
+        return ret === 0 ? undefined : WireIdentity.__wrap(ret);
+    }
 }
 /**
 */
@@ -617,12 +717,25 @@ class ConversationConfiguration {
     * @param {(Uint8Array)[] | undefined} external_senders
     * @param {number | undefined} key_rotation_span
     * @param {number | undefined} wire_policy
+    * @param {Array<any>} per_domain_trust_anchors
     */
-    constructor(ciphersuite, external_senders, key_rotation_span, wire_policy) {
-        var ptr0 = isLikeNone(external_senders) ? 0 : passArrayJsValueToWasm0(external_senders, wasm$1.__wbindgen_malloc);
-        var len0 = WASM_VECTOR_LEN;
-        const ret = wasm$1.conversationconfiguration_new(isLikeNone(ciphersuite) ? 8 : ciphersuite, ptr0, len0, !isLikeNone(key_rotation_span), isLikeNone(key_rotation_span) ? 0 : key_rotation_span, isLikeNone(wire_policy) ? 3 : wire_policy);
-        return ConversationConfiguration.__wrap(ret);
+    constructor(ciphersuite, external_senders, key_rotation_span, wire_policy, per_domain_trust_anchors) {
+        try {
+            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
+            var ptr0 = isLikeNone(external_senders) ? 0 : passArrayJsValueToWasm0(external_senders, wasm$1.__wbindgen_malloc);
+            var len0 = WASM_VECTOR_LEN;
+            wasm$1.conversationconfiguration_new(retptr, isLikeNone(ciphersuite) ? 8 : ciphersuite, ptr0, len0, !isLikeNone(key_rotation_span), isLikeNone(key_rotation_span) ? 0 : key_rotation_span, isLikeNone(wire_policy) ? 3 : wire_policy, addHeapObject(per_domain_trust_anchors));
+            var r0 = getInt32Memory0()[retptr / 4 + 0];
+            var r1 = getInt32Memory0()[retptr / 4 + 1];
+            var r2 = getInt32Memory0()[retptr / 4 + 2];
+            if (r2) {
+                throw takeObject(r1);
+            }
+            return ConversationConfiguration.__wrap(r0);
+        }
+        finally {
+            wasm$1.__wbindgen_add_to_stack_pointer(16);
+        }
     }
 }
 /**
@@ -678,7 +791,7 @@ let CoreCrypto$1 = class CoreCrypto {
         wasm$1.__wbg_corecrypto_free(ptr);
     }
     /**
-    * Returns: [`WasmCryptoResult<WireE2eIdentity>`]
+    * Returns: [`WasmCryptoResult<E2eiEnrollment>`]
     *
     * see [core_crypto::mls::MlsCentral::e2ei_new_enrollment]
     * @param {string} client_id
@@ -699,39 +812,45 @@ let CoreCrypto$1 = class CoreCrypto {
         return takeObject(ret);
     }
     /**
-    * Returns: [`WasmCryptoResult<WireE2eIdentity>`]
+    * Returns: [`WasmCryptoResult<E2eiEnrollment>`]
     *
     * see [core_crypto::mls::MlsCentral::e2ei_new_activation_enrollment]
+    * @param {string} client_id
     * @param {string} display_name
     * @param {string} handle
     * @param {number} expiry_days
     * @param {number} ciphersuite
     * @returns {Promise<any>}
     */
-    e2ei_new_activation_enrollment(display_name, handle, expiry_days, ciphersuite) {
-        const ptr0 = passStringToWasm0(display_name, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+    e2ei_new_activation_enrollment(client_id, display_name, handle, expiry_days, ciphersuite) {
+        const ptr0 = passStringToWasm0(client_id, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len0 = WASM_VECTOR_LEN;
-        const ptr1 = passStringToWasm0(handle, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const ptr1 = passStringToWasm0(display_name, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len1 = WASM_VECTOR_LEN;
-        const ret = wasm$1.corecrypto_e2ei_new_activation_enrollment(this.__wbg_ptr, ptr0, len0, ptr1, len1, expiry_days, ciphersuite);
+        const ptr2 = passStringToWasm0(handle, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const len2 = WASM_VECTOR_LEN;
+        const ret = wasm$1.corecrypto_e2ei_new_activation_enrollment(this.__wbg_ptr, ptr0, len0, ptr1, len1, ptr2, len2, expiry_days, ciphersuite);
         return takeObject(ret);
     }
     /**
-    * Returns: [`WasmCryptoResult<WireE2eIdentity>`]
+    * Returns: [`WasmCryptoResult<E2eiEnrollment>`]
     *
     * see [core_crypto::mls::MlsCentral::e2ei_new_rotate_enrollment]
+    * @param {string} client_id
     * @param {string | undefined} display_name
     * @param {string | undefined} handle
     * @param {number} expiry_days
     * @param {number} ciphersuite
     * @returns {Promise<any>}
     */
-    e2ei_new_rotate_enrollment(display_name, handle, expiry_days, ciphersuite) {
-        var ptr0 = isLikeNone(display_name) ? 0 : passStringToWasm0(display_name, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
-        var len0 = WASM_VECTOR_LEN;
-        var ptr1 = isLikeNone(handle) ? 0 : passStringToWasm0(handle, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+    e2ei_new_rotate_enrollment(client_id, display_name, handle, expiry_days, ciphersuite) {
+        const ptr0 = passStringToWasm0(client_id, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const len0 = WASM_VECTOR_LEN;
+        var ptr1 = isLikeNone(display_name) ? 0 : passStringToWasm0(display_name, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         var len1 = WASM_VECTOR_LEN;
-        const ret = wasm$1.corecrypto_e2ei_new_rotate_enrollment(this.__wbg_ptr, ptr0, len0, ptr1, len1, expiry_days, ciphersuite);
+        var ptr2 = isLikeNone(handle) ? 0 : passStringToWasm0(handle, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        var len2 = WASM_VECTOR_LEN;
+        const ret = wasm$1.corecrypto_e2ei_new_rotate_enrollment(this.__wbg_ptr, ptr0, len0, ptr1, len1, ptr2, len2, expiry_days, ciphersuite);
         return takeObject(ret);
     }
     /**
@@ -788,14 +907,41 @@ let CoreCrypto$1 = class CoreCrypto {
     /**
     * Returns [`WasmCryptoResult<bool>`]
     *
-    * see [core_crypto::mls::MlsCentral::e2ei_is_degraded]
+    * see [core_crypto::mls::MlsCentral::e2ei_conversation_state]
     * @param {Uint8Array} conversation_id
     * @returns {Promise<any>}
     */
-    e2ei_is_degraded(conversation_id) {
+    e2ei_conversation_state(conversation_id) {
         const ptr0 = passArray8ToWasm0(conversation_id, wasm$1.__wbindgen_malloc);
         const len0 = WASM_VECTOR_LEN;
-        const ret = wasm$1.corecrypto_e2ei_is_degraded(this.__wbg_ptr, ptr0, len0);
+        const ret = wasm$1.corecrypto_e2ei_conversation_state(this.__wbg_ptr, ptr0, len0);
+        return takeObject(ret);
+    }
+    /**
+    * Returns [`WasmCryptoResult<bool>`]
+    *
+    * see [core_crypto::mls::MlsCentral::e2ei_is_enabled]
+    * @param {number} ciphersuite
+    * @returns {Promise<any>}
+    */
+    e2ei_is_enabled(ciphersuite) {
+        const ret = wasm$1.corecrypto_e2ei_is_enabled(this.__wbg_ptr, ciphersuite);
+        return takeObject(ret);
+    }
+    /**
+    * Returns [`WasmCryptoResult<Vec<WireIdentity>>`]
+    *
+    * see [core_crypto::mls::MlsCentral::get_user_identities]
+    * @param {Uint8Array} conversation_id
+    * @param {(Uint8Array)[]} client_ids
+    * @returns {Promise<any>}
+    */
+    get_user_identities(conversation_id, client_ids) {
+        const ptr0 = passArray8ToWasm0(conversation_id, wasm$1.__wbindgen_malloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passArrayJsValueToWasm0(client_ids, wasm$1.__wbindgen_malloc);
+        const len1 = WASM_VECTOR_LEN;
+        const ret = wasm$1.corecrypto_get_user_identities(this.__wbg_ptr, ptr0, len0, ptr1, len1);
         return takeObject(ret);
     }
     /**
@@ -1177,9 +1323,26 @@ let CoreCrypto$1 = class CoreCrypto {
         return takeObject(ret);
     }
     /**
+    * Returns: [`WasmCryptoResult<CommitBundle>`]
+    *
+    * see [core_crypto::mls::MlsCentral::update_trust_anchors_from_conversation]
+    * @param {Uint8Array} conversation_id
+    * @param {(string)[]} remove_domain_names
+    * @param {Array<any>} add_trust_anchors
+    * @returns {Promise<any>}
+    */
+    update_trust_anchors_from_conversation(conversation_id, remove_domain_names, add_trust_anchors) {
+        const ptr0 = passArray8ToWasm0(conversation_id, wasm$1.__wbindgen_malloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passArrayJsValueToWasm0(remove_domain_names, wasm$1.__wbindgen_malloc);
+        const len1 = WASM_VECTOR_LEN;
+        const ret = wasm$1.corecrypto_update_trust_anchors_from_conversation(this.__wbg_ptr, ptr0, len0, ptr1, len1, addHeapObject(add_trust_anchors));
+        return takeObject(ret);
+    }
+    /**
     * Returns: [`WasmCryptoResult<js_sys::Uint8Array>`]
     *
-    * see [core_crypto::mls::MlsCentral::new_proposal]
+    * see [core_crypto::mls::MlsCentral::new_add_proposal]
     * @param {Uint8Array} conversation_id
     * @param {Uint8Array} keypackage
     * @returns {Promise<any>}
@@ -1195,7 +1358,7 @@ let CoreCrypto$1 = class CoreCrypto {
     /**
     * Returns: [`WasmCryptoResult<js_sys::Uint8Array>`]
     *
-    * see [core_crypto::mls::MlsCentral::new_proposal]
+    * see [core_crypto::mls::MlsCentral::new_update_proposal]
     * @param {Uint8Array} conversation_id
     * @returns {Promise<any>}
     */
@@ -1208,7 +1371,7 @@ let CoreCrypto$1 = class CoreCrypto {
     /**
     * Returns: [`WasmCryptoResult<js_sys::Uint8Array>`]
     *
-    * see [core_crypto::mls::MlsCentral::new_proposal]
+    * see [core_crypto::mls::MlsCentral::new_remove_proposal]
     * @param {Uint8Array} conversation_id
     * @param {Uint8Array} client_id
     * @returns {Promise<any>}
@@ -1719,14 +1882,14 @@ class DecryptedMessage {
     * @returns {any}
     */
     get message() {
-        const ret = wasm$1.decryptedmessage_message(this.__wbg_ptr);
+        const ret = wasm$1.buffereddecryptedmessage_message(this.__wbg_ptr);
         return takeObject(ret);
     }
     /**
     * @returns {Array<any>}
     */
     get proposals() {
-        const ret = wasm$1.decryptedmessage_proposals(this.__wbg_ptr);
+        const ret = wasm$1.buffereddecryptedmessage_proposals(this.__wbg_ptr);
         return takeObject(ret);
     }
     /**
@@ -1742,7 +1905,7 @@ class DecryptedMessage {
     get commit_delay() {
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.decryptedmessage_commit_delay(retptr, this.__wbg_ptr);
+            wasm$1.buffereddecryptedmessage_commit_delay(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             return r0 === 0 ? undefined : r1 >>> 0;
@@ -1755,7 +1918,7 @@ class DecryptedMessage {
     * @returns {any}
     */
     get sender_client_id() {
-        const ret = wasm$1.decryptedmessage_sender_client_id(this.__wbg_ptr);
+        const ret = wasm$1.buffereddecryptedmessage_sender_client_id(this.__wbg_ptr);
         return takeObject(ret);
     }
     /**
@@ -1769,9 +1932,16 @@ class DecryptedMessage {
     * @returns {WireIdentity | undefined}
     */
     get identity() {
-        const ret = wasm$1.decryptedmessage_identity(this.__wbg_ptr);
+        const ret = wasm$1.buffereddecryptedmessage_identity(this.__wbg_ptr);
         return ret === 0 ? undefined : WireIdentity.__wrap(ret);
     }
+    /**
+    * @returns {Array<any> | undefined}
+    */
+    get buffered_messages() {
+        const ret = wasm$1.decryptedmessage_buffered_messages(this.__wbg_ptr);
+        return takeObject(ret);
+    }
 }
 /**
 */
@@ -2436,6 +2606,37 @@ class NewAcmeOrder {
 }
 /**
 */
+class PerDomainTrustAnchor {
+    static __wrap(ptr) {
+        ptr = ptr >>> 0;
+        const obj = Object.create(PerDomainTrustAnchor.prototype);
+        obj.__wbg_ptr = ptr;
+        return obj;
+    }
+    __destroy_into_raw() {
+        const ptr = this.__wbg_ptr;
+        this.__wbg_ptr = 0;
+        return ptr;
+    }
+    free() {
+        const ptr = this.__destroy_into_raw();
+        wasm$1.__wbg_perdomaintrustanchor_free(ptr);
+    }
+    /**
+    * @param {string} domain_name
+    * @param {string} intermediate_certificate_chain
+    */
+    constructor(domain_name, intermediate_certificate_chain) {
+        const ptr0 = passStringToWasm0(domain_name, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passStringToWasm0(intermediate_certificate_chain, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const len1 = WASM_VECTOR_LEN;
+        const ret = wasm$1.perdomaintrustanchor_new(ptr0, len0, ptr1, len1);
+        return PerDomainTrustAnchor.__wrap(ret);
+    }
+}
+/**
+*/
 class ProposalBundle {
     static __wrap(ptr) {
         ptr = ptr >>> 0;
@@ -2537,7 +2738,7 @@ class RotateBundle {
         wasm$1.__wbg_rotatebundle_free(ptr);
     }
     /**
-    * @returns {Array<any>}
+    * @returns {Map<any, any>}
     */
     get commits() {
         const ret = wasm$1.rotatebundle_commits(this.__wbg_ptr);
@@ -2602,8 +2803,9 @@ class WireIdentity {
     * @param {string} handle
     * @param {string} display_name
     * @param {string} domain
+    * @param {string} certificate
     */
-    constructor(client_id, handle, display_name, domain) {
+    constructor(client_id, handle, display_name, domain, certificate) {
         const ptr0 = passStringToWasm0(client_id, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len0 = WASM_VECTOR_LEN;
         const ptr1 = passStringToWasm0(handle, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
@@ -2612,7 +2814,9 @@ class WireIdentity {
         const len2 = WASM_VECTOR_LEN;
         const ptr3 = passStringToWasm0(domain, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
         const len3 = WASM_VECTOR_LEN;
-        const ret = wasm$1.wireidentity_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3);
+        const ptr4 = passStringToWasm0(certificate, wasm$1.__wbindgen_malloc, wasm$1.__wbindgen_realloc);
+        const len4 = WASM_VECTOR_LEN;
+        const ret = wasm$1.wireidentity_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4);
         return WireIdentity.__wrap(ret);
     }
     /**
@@ -2683,7 +2887,27 @@ class WireIdentity {
         let deferred1_1;
         try {
             const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
-            wasm$1.wireidentity_domain(retptr, this.__wbg_ptr);
+            wasm$1.acmedirectory_revokeCert(retptr, this.__wbg_ptr);
+            var r0 = getInt32Memory0()[retptr / 4 + 0];
+            var r1 = getInt32Memory0()[retptr / 4 + 1];
+            deferred1_0 = r0;
+            deferred1_1 = r1;
+            return getStringFromWasm0(r0, r1);
+        }
+        finally {
+            wasm$1.__wbindgen_add_to_stack_pointer(16);
+            wasm$1.__wbindgen_free(deferred1_0, deferred1_1, 1);
+        }
+    }
+    /**
+    * @returns {string}
+    */
+    get certificate() {
+        let deferred1_0;
+        let deferred1_1;
+        try {
+            const retptr = wasm$1.__wbindgen_add_to_stack_pointer(-16);
+            wasm$1.wireidentity_certificate(retptr, this.__wbg_ptr);
             var r0 = getInt32Memory0()[retptr / 4 + 0];
             var r1 = getInt32Memory0()[retptr / 4 + 1];
             deferred1_0 = r0;
@@ -2801,14 +3025,6 @@ function __wbg_get_imports() {
         const ret = new Uint8Array(getObject(arg0));
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_new_898a68150f225f2e = function () {
-        const ret = new Array();
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_push_ca1c26067ef907ac = function (arg0, arg1) {
-        const ret = getObject(arg0).push(getObject(arg1));
-        return ret;
-    };
     imports.wbg.__wbg_ffiwiree2eidentity_new = function (arg0) {
         const ret = FfiWireE2EIdentity.__wrap(arg0);
         return addHeapObject(ret);
@@ -2817,21 +3033,25 @@ function __wbg_get_imports() {
         const ret = ProteusAutoPrekeyBundle.__wrap(arg0);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_new_b51585de1b234aff = function () {
-        const ret = new Object();
+    imports.wbg.__wbindgen_number_new = function (arg0) {
+        const ret = arg0;
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_set_502d29070ea18557 = function (arg0, arg1, arg2) {
-        getObject(arg0)[arg1 >>> 0] = takeObject(arg2);
-    };
-    imports.wbg.__wbindgen_bigint_from_u64 = function (arg0) {
-        const ret = BigInt.asUintN(64, arg0);
+    imports.wbg.__wbg_new_898a68150f225f2e = function () {
+        const ret = new Array();
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_number_new = function (arg0) {
-        const ret = arg0;
+    imports.wbg.__wbg_push_ca1c26067ef907ac = function (arg0, arg1) {
+        const ret = getObject(arg0).push(getObject(arg1));
+        return ret;
+    };
+    imports.wbg.__wbg_new_b51585de1b234aff = function () {
+        const ret = new Object();
         return addHeapObject(ret);
     };
+    imports.wbg.__wbg_set_841ac57cff3d672b = function (arg0, arg1, arg2) {
+        getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
+    };
     imports.wbg.__wbg_new_56693dbed0c32988 = function () {
         const ret = new Map();
         return addHeapObject(ret);
@@ -2840,22 +3060,29 @@ function __wbg_get_imports() {
         const ret = getObject(arg0).set(getObject(arg1), getObject(arg2));
         return addHeapObject(ret);
     };
+    imports.wbg.__wbg_set_502d29070ea18557 = function (arg0, arg1, arg2) {
+        getObject(arg0)[arg1 >>> 0] = takeObject(arg2);
+    };
+    imports.wbg.__wbindgen_bigint_from_u64 = function (arg0) {
+        const ret = BigInt.asUintN(64, arg0);
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbg_new_d258248ed531ff54 = function (arg0, arg1) {
         const ret = new Error(getStringFromWasm0(arg0, arg1));
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_openCursor_555d508ba71b21cc = function () {
-        return handleError(function (arg0, arg1) {
-            const ret = getObject(arg0).openCursor(getObject(arg1));
-            return addHeapObject(ret);
-        }, arguments);
-    };
     imports.wbg.__wbg_openCursor_4d6f62b69b34be26 = function () {
         return handleError(function (arg0) {
             const ret = getObject(arg0).openCursor();
             return addHeapObject(ret);
         }, arguments);
     };
+    imports.wbg.__wbg_openCursor_555d508ba71b21cc = function () {
+        return handleError(function (arg0, arg1) {
+            const ret = getObject(arg0).openCursor(getObject(arg1));
+            return addHeapObject(ret);
+        }, arguments);
+    };
     imports.wbg.__wbg_setonsuccess_f518a37d8228a576 = function (arg0, arg1) {
         getObject(arg0).onsuccess = getObject(arg1);
     };
@@ -2912,9 +3139,6 @@ function __wbg_get_imports() {
         const ret = CoreCrypto$1.__wrap(arg0);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbg_set_841ac57cff3d672b = function (arg0, arg1, arg2) {
-        getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
-    };
     imports.wbg.__wbg_instanceof_Promise_0e98a5bf082e090f = function (arg0) {
         let result;
         try {
@@ -2966,7 +3190,7 @@ function __wbg_get_imports() {
                 const a = state0.a;
                 state0.a = 0;
                 try {
-                    return __wbg_adapter_296(a, state0.b, arg0, arg1);
+                    return __wbg_adapter_312(a, state0.b, arg0, arg1);
                 }
                 finally {
                     state0.a = a;
@@ -2979,6 +3203,10 @@ function __wbg_get_imports() {
             state0.a = state0.b = 0;
         }
     };
+    imports.wbg.__wbindgen_is_string = function (arg0) {
+        const ret = typeof (getObject(arg0)) === 'string';
+        return ret;
+    };
     imports.wbg.__wbg_reject_7bd6ac9617013c02 = function (arg0) {
         const ret = Promise.reject(getObject(arg0));
         return addHeapObject(ret);
@@ -2987,6 +3215,10 @@ function __wbg_get_imports() {
         const ret = ProposalBundle.__wrap(arg0);
         return addHeapObject(ret);
     };
+    imports.wbg.__wbg_buffereddecryptedmessage_new = function (arg0) {
+        const ret = BufferedDecryptedMessage.__wrap(arg0);
+        return addHeapObject(ret);
+    };
     imports.wbg.__wbg_commitbundle_new = function (arg0) {
         const ret = CommitBundle.__wrap(arg0);
         return addHeapObject(ret);
@@ -3056,11 +3288,9 @@ function __wbg_get_imports() {
             return addHeapObject(ret);
         }, arguments);
     };
-    imports.wbg.__wbg_put_fb32824d87feec5c = function () {
-        return handleError(function (arg0, arg1, arg2) {
-            const ret = getObject(arg0).put(getObject(arg1), getObject(arg2));
-            return addHeapObject(ret);
-        }, arguments);
+    imports.wbg.__wbg_now_9c5990bda04c7e53 = function () {
+        const ret = Date.now();
+        return ret;
     };
     imports.wbg.__wbg_put_d6937bc51f51a398 = function () {
         return handleError(function (arg0, arg1) {
@@ -3068,6 +3298,12 @@ function __wbg_get_imports() {
             return addHeapObject(ret);
         }, arguments);
     };
+    imports.wbg.__wbg_put_fb32824d87feec5c = function () {
+        return handleError(function (arg0, arg1, arg2) {
+            const ret = getObject(arg0).put(getObject(arg1), getObject(arg2));
+            return addHeapObject(ret);
+        }, arguments);
+    };
     imports.wbg.__wbg_delete_ca1cfc48f1f7981c = function () {
         return handleError(function (arg0, arg1) {
             const ret = getObject(arg0).delete(getObject(arg1));
@@ -3098,10 +3334,6 @@ function __wbg_get_imports() {
             return addHeapObject(ret);
         }, arguments);
     };
-    imports.wbg.__wbg_now_9c5990bda04c7e53 = function () {
-        const ret = Date.now();
-        return ret;
-    };
     imports.wbg.__wbindgen_memory = function () {
         const ret = wasm$1.memory;
         return addHeapObject(ret);
@@ -3144,10 +3376,6 @@ function __wbg_get_imports() {
         const ret = getObject(arg0).node;
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_is_string = function (arg0) {
-        const ret = typeof (getObject(arg0)) === 'string';
-        return ret;
-    };
     imports.wbg.__wbg_require_8f08ceecec0f4fee = function () {
         return handleError(function () {
             const ret = module.require;
@@ -3415,12 +3643,12 @@ function __wbg_get_imports() {
             return addHeapObject(ret);
         }, arguments);
     };
-    imports.wbg.__wbindgen_closure_wrapper1977 = function (arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 166, __wbg_adapter_52);
+    imports.wbg.__wbindgen_closure_wrapper1718 = function (arg0, arg1, arg2) {
+        const ret = makeMutClosure(arg0, arg1, 149, __wbg_adapter_52);
         return addHeapObject(ret);
     };
-    imports.wbg.__wbindgen_closure_wrapper4646 = function (arg0, arg1, arg2) {
-        const ret = makeMutClosure(arg0, arg1, 166, __wbg_adapter_55);
+    imports.wbg.__wbindgen_closure_wrapper4849 = function (arg0, arg1, arg2) {
+        const ret = makeMutClosure(arg0, arg1, 149, __wbg_adapter_55);
         return addHeapObject(ret);
     };
     return imports;
@@ -3461,6 +3689,7 @@ var exports = /*#__PURE__*/Object.freeze({
     __proto__: null,
     AcmeChallenge: AcmeChallenge,
     AcmeDirectory: AcmeDirectory,
+    BufferedDecryptedMessage: BufferedDecryptedMessage,
     Ciphersuite: Ciphersuite$1,
     CommitBundle: CommitBundle,
     ConversationConfiguration: ConversationConfiguration,
@@ -3476,6 +3705,7 @@ var exports = /*#__PURE__*/Object.freeze({
     MemberAddedMessages: MemberAddedMessages,
     NewAcmeAuthz: NewAcmeAuthz,
     NewAcmeOrder: NewAcmeOrder,
+    PerDomainTrustAnchor: PerDomainTrustAnchor,
     ProposalBundle: ProposalBundle,
     ProteusAutoPrekeyBundle: ProteusAutoPrekeyBundle,
     RotateBundle: RotateBundle,
@@ -3485,26 +3715,35 @@ var exports = /*#__PURE__*/Object.freeze({
     initSync: initSync
 });
 
-var wasm = async (opt = {}) => {
-                let {importHook, serverPath} = opt;
+const wasm_path = "assets/core_crypto_ffi-c595f07a.wasm";
 
-                let path = "assets/core_crypto_ffi-ca75d34d.wasm";
+            
+            var wasm = async (opt = {}) => {
+                let {importHook, serverPath, initializeHook} = opt;
+
+                let final_path = wasm_path;
 
                 if (serverPath != null) {
-                    path = serverPath + /[^\/\\]*$/.exec(path)[0];
+                    final_path = serverPath + /[^\/\\]*$/.exec(final_path)[0];
                 }
 
                 if (importHook != null) {
-                    path = importHook(path);
+                    final_path = importHook(final_path);
+                }
+
+                if (initializeHook != null) {
+                    await initializeHook(__wbg_init, final_path);
+
+                } else {
+                    await __wbg_init(final_path);
                 }
 
-                await __wbg_init(path);
                 return exports;
             };
 
 // Wire
 // Copyright (C) 2022 Wire Swiss GmbH
-var _a, _CoreCrypto_module, _CoreCrypto_cc, _CoreCrypto_assertModuleLoaded, _WireE2eIdentity_e2ei;
+var _a, _CoreCrypto_module, _CoreCrypto_cc, _CoreCrypto_assertModuleLoaded, _E2eiEnrollment_enrollment;
 /**
  * Error wrapper that takes care of extracting rich error details across the FFI (through JSON parsing)
  *
@@ -3812,7 +4051,7 @@ class CoreCrypto {
     /**
      * Closes this {@link CoreCrypto} instance and deallocates all loaded resources
      *
-     * **CAUTION**: This {@link CoreCrypto} instance won't be useable after a call to this method, but there's no way to express this requirement in TypeScript so you'll get errors instead!
+     * **CAUTION**: This {@link CoreCrypto} instance won't be usable after a call to this method, but there's no way to express this requirement in TypeScript, so you'll get errors instead!
      */
     async close() {
         await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").close());
@@ -3896,8 +4135,8 @@ class CoreCrypto {
      */
     async createConversation(conversationId, creatorCredentialType, configuration = {}) {
         try {
-            const { ciphersuite, externalSenders, custom = {} } = configuration || {};
-            const config = new (__classPrivateFieldGet(CoreCrypto, _a, "f", _CoreCrypto_module).ConversationConfiguration)(ciphersuite, externalSenders, custom?.keyRotationSpan);
+            const { ciphersuite, externalSenders, custom = {}, perDomainTrustAnchors = [] } = configuration || {};
+            const config = new (__classPrivateFieldGet(CoreCrypto, _a, "f", _CoreCrypto_module).ConversationConfiguration)(ciphersuite, externalSenders, custom?.keyRotationSpan, custom?.wirePolicy, perDomainTrustAnchors);
             const ret = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").create_conversation(conversationId, creatorCredentialType, config));
             return ret;
         }
@@ -3906,7 +4145,12 @@ class CoreCrypto {
         }
     }
     /**
-     * Decrypts a message for a given conversation
+     * Decrypts a message for a given conversation.
+     *
+     * Note: you should catch & ignore the following error reasons:
+     * * "We already decrypted this message once"
+     * * "You tried to join with an external commit but did not merge it yet. We will reapply this message for you when you merge your external commit"
+     * * "Incoming message is for a future epoch. We will buffer it until the commit for that epoch arrives"
      *
      * @param conversationId - The ID of the conversation
      * @param payload - The encrypted message buffer
@@ -3931,6 +4175,16 @@ class CoreCrypto {
                 senderClientId: ffiDecryptedMessage.sender_client_id,
                 commitDelay,
                 hasEpochChanged: ffiDecryptedMessage.has_epoch_changed,
+                bufferedMessages: ffiDecryptedMessage.buffered_messages?.map(m => {
+                    return {
+                        message: m.message,
+                        proposals: m.proposals,
+                        isActive: m.is_active,
+                        senderClientId: m.sender_client_id,
+                        commitDelay: m.commit_delay,
+                        hasEpochChanged: m.has_epoch_changed,
+                    };
+                }),
             };
             return ret;
         }
@@ -3949,9 +4203,47 @@ class CoreCrypto {
     async encryptMessage(conversationId, message) {
         return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").encrypt_message(conversationId, message));
     }
+    /**
+     * Updates the trust anchors for a conversation. This should be called when a federated event happens (new team added/removed).
+     * Clients should add and/or remove trust anchors from the new backend to the conversation. The method will check
+     * for duplicated domains and the validity of the certificate chain.
+     *
+     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+     * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+     * epoch, use new encryption secrets etc...
+     *
+     * @param conversationId - The ID of the conversation
+     * @param removeDomainNames - Domains to remove from the trust anchors
+     * @param addTrustAnchors - New trust anchors to add to the conversation
+     *
+     * @returns A {@link CommitBundle}
+     */
+    async updateTrustAnchorsFromConversation(conversationId, removeDomainNames, addTrustAnchors) {
+        try {
+            const ffiRet = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").update_trust_anchors_from_conversation(conversationId, removeDomainNames, addTrustAnchors));
+            const gi = ffiRet.group_info;
+            const ret = {
+                welcome: ffiRet.welcome,
+                commit: ffiRet.commit,
+                groupInfo: {
+                    encryptionType: gi.encryption_type,
+                    ratchetTreeType: gi.ratchet_tree_type,
+                    payload: gi.payload
+                },
+            };
+            return ret;
+        }
+        catch (e) {
+            throw CoreCryptoError.fromStdError(e);
+        }
+    }
     /**
      * Ingest a TLS-serialized MLS welcome message to join an existing MLS group
      *
+     * Important: you have to catch the error with this reason "Although this Welcome seems valid, the local KeyPackage
+     * it references has already been deleted locally. Join this group with an external commit", ignore it and then try
+     * to join this group with an external commit.
+     *
      * @param welcomeMessage - TLS-serialized MLS Welcome message
      * @param configuration - configuration of the MLS group
      * @returns The conversation ID of the newly joined group. You can use the same ID to decrypt/encrypt messages
@@ -3967,7 +4259,10 @@ class CoreCrypto {
         }
     }
     /**
-     * @returns The client's public key
+     * Get the client's public signature key. To upload to the DS for further backend side validation
+     *
+     * @param ciphersuite - of the signature key to get
+     * @returns the client's public signature key
      */
     async clientPublicKey(ciphersuite) {
         return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").client_public_key(ciphersuite));
@@ -4004,7 +4299,7 @@ class CoreCrypto {
     /**
      * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
      *
-     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
      * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
      * epoch, use new encryption secrets etc...
      *
@@ -4038,7 +4333,7 @@ class CoreCrypto {
      * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed
      * to do so, otherwise this operation does nothing.
      *
-     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
      * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
      * epoch, use new encryption secrets etc...
      *
@@ -4067,9 +4362,9 @@ class CoreCrypto {
         }
     }
     /**
-     * Creates an update commit which forces every client to update their keypackages in the conversation
+     * Creates an update commit which forces every client to update their LeafNode in the conversation
      *
-     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+     * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
      * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
      * epoch, use new encryption secrets etc...
      *
@@ -4157,6 +4452,9 @@ class CoreCrypto {
                 throw new Error("Invalid proposal type!");
         }
     }
+    /**
+     * Creates a new external Add proposal for self client to join a conversation.
+     */
     async newExternalProposal(externalProposalType, args) {
         switch (externalProposalType) {
             case ExternalProposalType.Add: {
@@ -4210,6 +4508,7 @@ class CoreCrypto {
      * and deletes the temporary one. This step makes the group operational and ready to encrypt/decrypt message
      *
      * @param conversationId - The ID of the conversation
+     * @returns eventually decrypted buffered messages if any
      */
     async mergePendingGroupFromExternalCommit(conversationId) {
         return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").merge_pending_group_from_external_commit(conversationId));
@@ -4225,20 +4524,19 @@ class CoreCrypto {
         return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").clear_pending_group_from_external_commit(conversationId));
     }
     /**
-     * Allows to mark the latest commit produced as "accepted" and be able to safely merge it
-     * into the local group state
+     * Allows to mark the latest commit produced as "accepted" and be able to safely merge it into the local group state
      *
      * @param conversationId - The group's ID
+     * @returns the messages from current epoch which had been buffered, if any
      */
     async commitAccepted(conversationId) {
         return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").commit_accepted(conversationId));
     }
     /**
-     * Allows to remove a pending proposal (rollback). Use this when backend rejects the proposal you just sent e.g. if permissions
-     * have changed meanwhile.
+     * Allows to remove a pending proposal (rollback). Use this when backend rejects the proposal you just sent e.g. if permissions have changed meanwhile.
      *
      * **CAUTION**: only use this when you had an explicit response from the Delivery Service
-     * e.g. 403 or 409. Do not use otherwise e.g. 5xx responses, timeout etc..
+     * e.g. 403 or 409. Do not use otherwise e.g. 5xx responses, timeout etc…
      *
      * @param conversationId - The group's ID
      * @param proposalRef - A reference to the proposal to delete. You get one when using {@link CoreCrypto.newProposal}
@@ -4247,8 +4545,7 @@ class CoreCrypto {
         return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").clear_pending_proposal(conversationId, proposalRef));
     }
     /**
-     * Allows to remove a pending commit (rollback). Use this when backend rejects the commit you just sent e.g. if permissions
-     * have changed meanwhile.
+     * Allows to remove a pending commit (rollback). Use this when backend rejects the commit you just sent e.g. if permissions have changed meanwhile.
      *
      * **CAUTION**: only use this when you had an explicit response from the Delivery Service
      * e.g. 403. Do not use otherwise e.g. 5xx responses, timeout etc..
@@ -4305,7 +4602,7 @@ class CoreCrypto {
         return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").reseed_rng(seed));
     }
     /**
-     * Initiailizes the proteus client
+     * Initializes the proteus client
      */
     async proteusInit() {
         return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").proteus_init());
@@ -4482,54 +4779,56 @@ class CoreCrypto {
      * Creates an enrollment instance with private key material you can use in order to fetch
      * a new x509 certificate from the acme server.
      *
-     * @param clientId client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
-     * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
-     * @param handle user handle e.g. `alice.smith.qa@example.com`
-     * @param expiryDays generated x509 certificate expiry
+     * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+     * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
+     * @param handle - user handle e.g. `alice.smith.qa@example.com`
+     * @param expiryDays - generated x509 certificate expiry
      * @param ciphersuite - for generating signing key material
-     * @returns The new {@link WireE2eIdentity} object
+     * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCrypto.e2eiMlsInitOnly}
      */
     async e2eiNewEnrollment(clientId, displayName, handle, expiryDays, ciphersuite) {
         const e2ei = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_new_enrollment(clientId, displayName, handle, expiryDays, ciphersuite));
-        return new WireE2eIdentity(e2ei);
+        return new E2eiEnrollment(e2ei);
     }
     /**
      * Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
-     * As a consequence, this method does not support changing the ClientId which should remain the same as the Basic one.
      * Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
      *
-     * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
-     * @param handle user handle e.g. `alice.smith.qa@example.com`
-     * @param expiryDays generated x509 certificate expiry
+     * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+     * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
+     * @param handle - user handle e.g. `alice.smith.qa@example.com`
+     * @param expiryDays - generated x509 certificate expiry
      * @param ciphersuite - for generating signing key material
-     * @returns The new {@link WireE2eIdentity} object
+     * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCrypto.e2eiRotateAll}
      */
-    async e2eiNewActivationEnrollment(displayName, handle, expiryDays, ciphersuite) {
-        const e2ei = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_new_activation_enrollment(displayName, handle, expiryDays, ciphersuite));
-        return new WireE2eIdentity(e2ei);
+    async e2eiNewActivationEnrollment(clientId, displayName, handle, expiryDays, ciphersuite) {
+        const e2ei = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_new_activation_enrollment(clientId, displayName, handle, expiryDays, ciphersuite));
+        return new E2eiEnrollment(e2ei);
     }
     /**
      * Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential)
      * having to change/rotate their credential, either because the former one is expired or it
-     * has been revoked. As a consequence, this method does not support changing neither ClientId which
-     * should remain the same as the previous one. It lets you change the DisplayName or the handle
+     * has been revoked. It lets you change the DisplayName or the handle
      * if you need to. Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
      *
-     * @param expiryDays generated x509 certificate expiry
+     * @param clientId - client identifier with user b64Url encoded & clientId hex encoded e.g. `NDUyMGUyMmY2YjA3NGU3NjkyZjE1NjJjZTAwMmQ2NTQ:6add501bacd1d90e@example.com`
+     * @param expiryDays - generated x509 certificate expiry
      * @param ciphersuite - for generating signing key material
-     * @param displayName human readable name displayed in the application e.g. `Smith, Alice M (QA)`
-     * @param handle user handle e.g. `alice.smith.qa@example.com`
-     * @returns The new {@link WireE2eIdentity} object
+     * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
+     * @param handle - user handle e.g. `alice.smith.qa@example.com`
+     * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCrypto.e2eiRotateAll}
      */
-    async e2eiNewRotateEnrollment(expiryDays, ciphersuite, displayName, handle) {
-        const e2ei = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_new_rotate_enrollment(displayName, handle, expiryDays, ciphersuite));
-        return new WireE2eIdentity(e2ei);
+    async e2eiNewRotateEnrollment(clientId, expiryDays, ciphersuite, displayName, handle) {
+        const e2ei = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_new_rotate_enrollment(clientId, displayName, handle, expiryDays, ciphersuite));
+        return new E2eiEnrollment(e2ei);
     }
     /**
-     * Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ; that means he cannot initialize with a Basic credential
+     * Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ;
+     * that means he cannot initialize with a Basic credential
      *
      * @param enrollment - the enrollment instance used to fetch the certificates
      * @param certificateChain - the raw response from ACME server
+     * @returns a MlsClient initialized with only a x509 credential
      */
     async e2eiMlsInitOnly(enrollment, certificateChain) {
         return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_mls_init_only(enrollment.inner(), certificateChain);
@@ -4542,9 +4841,16 @@ class CoreCrypto {
      * @param enrollment - the enrollment instance used to fetch the certificates
      * @param certificateChain - the raw response from ACME server
      * @param newKeyPackageCount - number of KeyPackages with new identity to generate
+     * @returns a {@link RotateBundle} with commits to fan-out to other group members, KeyPackages to upload and old ones to delete
      */
     async e2eiRotateAll(enrollment, certificateChain, newKeyPackageCount) {
-        return await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_rotate_all(enrollment.inner(), certificateChain, newKeyPackageCount);
+        const ffiRet = await __classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_rotate_all(enrollment.inner(), certificateChain, newKeyPackageCount);
+        const ret = {
+            commits: ffiRet.commits,
+            newKeyPackages: ffiRet.new_key_packages,
+            keyPackageRefsToRemove: ffiRet.key_package_refs_to_remove,
+        };
+        return ret;
     }
     /**
      * Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume
@@ -4564,17 +4870,39 @@ class CoreCrypto {
      */
     async e2eiEnrollmentStashPop(handle) {
         const e2ei = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_enrollment_stash_pop(handle));
-        return new WireE2eIdentity(e2ei);
+        return new E2eiEnrollment(e2ei);
     }
     /**
      * Indicates when to mark a conversation as degraded i.e. when not all its members have a X509.
      * Credential generated by Wire's end-to-end identity enrollment
      *
      * @param conversationId The group's ID
-     * @returns true if all the members have valid X509 credentials
+     * @returns the conversation state given current members
+     */
+    async e2eiConversationState(conversationId) {
+        let state = await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_conversation_state(conversationId));
+        // @ts-ignore
+        return E2eiConversationState[E2eiConversationState[state]];
+    }
+    /**
+     * Returns true when end-to-end-identity is enabled for the given Ciphersuite
+     *
+     * @param ciphersuite of the credential to check
+     * @returns true if end-to-end identity is enabled for the given ciphersuite
      */
-    async e2eiIsDegraded(conversationId) {
-        return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_is_degraded(conversationId));
+    async e2eiIsEnabled(ciphersuite) {
+        return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").e2ei_is_enabled(ciphersuite));
+    }
+    /**
+     * From a given conversation, get the identity of the members supplied. Identity is only present for members with a
+     * Certificate Credential (after turning on end-to-end identity).
+     *
+     * @param conversationId - identifier of the conversation
+     * @param clientIds - identifiers of the user
+     * @returns identities or if no member has a x509 certificate, it will return an empty List
+     */
+    async getUserIdentities(conversationId, clientIds) {
+        return await CoreCryptoError.asyncMapErr(__classPrivateFieldGet(this, _CoreCrypto_cc, "f").get_user_identities(conversationId, clientIds));
     }
     /**
      * Returns the current version of {@link CoreCrypto}
@@ -4593,21 +4921,21 @@ _a = CoreCrypto, _CoreCrypto_cc = new WeakMap(), _CoreCrypto_assertModuleLoaded
 };
 /** @hidden */
 _CoreCrypto_module = { value: void 0 };
-class WireE2eIdentity {
+class E2eiEnrollment {
     /** @hidden */
     constructor(e2ei) {
         /** @hidden */
-        _WireE2eIdentity_e2ei.set(this, void 0);
-        __classPrivateFieldSet(this, _WireE2eIdentity_e2ei, e2ei, "f");
+        _E2eiEnrollment_enrollment.set(this, void 0);
+        __classPrivateFieldSet(this, _E2eiEnrollment_enrollment, e2ei, "f");
     }
     free() {
-        __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").free();
+        __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").free();
     }
     /**
      * Should only be used internally
      */
     inner() {
-        return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f");
+        return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f");
     }
     /**
      * Parses the response from `GET /acme/{provisioner-name}/directory`.
@@ -4619,7 +4947,7 @@ class WireE2eIdentity {
      */
     directoryResponse(directory) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").directory_response(directory);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").directory_response(directory);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4634,7 +4962,7 @@ class WireE2eIdentity {
      */
     newAccountRequest(previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_account_request(previousNonce);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").new_account_request(previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4647,7 +4975,7 @@ class WireE2eIdentity {
      */
     newAccountResponse(account) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_account_response(account);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").new_account_response(account);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4661,7 +4989,7 @@ class WireE2eIdentity {
      */
     newOrderRequest(previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_order_request(previousNonce);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").new_order_request(previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4675,7 +5003,7 @@ class WireE2eIdentity {
      */
     newOrderResponse(order) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_order_response(order);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").new_order_response(order);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4691,7 +5019,7 @@ class WireE2eIdentity {
      */
     newAuthzRequest(url, previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_authz_request(url, previousNonce);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").new_authz_request(url, previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4705,7 +5033,7 @@ class WireE2eIdentity {
      */
     newAuthzResponse(authz) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_authz_response(authz);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").new_authz_response(authz);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4724,7 +5052,7 @@ class WireE2eIdentity {
      */
     createDpopToken(expirySecs, backendNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").create_dpop_token(expirySecs, backendNonce);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").create_dpop_token(expirySecs, backendNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4739,7 +5067,7 @@ class WireE2eIdentity {
      */
     newDpopChallengeRequest(accessToken, previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_dpop_challenge_request(accessToken, previousNonce);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").new_dpop_challenge_request(accessToken, previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4754,7 +5082,7 @@ class WireE2eIdentity {
      */
     newOidcChallengeRequest(idToken, previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_oidc_challenge_request(idToken, previousNonce);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").new_oidc_challenge_request(idToken, previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4768,7 +5096,7 @@ class WireE2eIdentity {
      */
     newChallengeResponse(challenge) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").new_challenge_response(challenge);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").new_challenge_response(challenge);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4783,7 +5111,7 @@ class WireE2eIdentity {
      */
     checkOrderRequest(orderUrl, previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").check_order_request(orderUrl, previousNonce);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").check_order_request(orderUrl, previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4793,12 +5121,12 @@ class WireE2eIdentity {
      * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}`.
      *
      * @param order HTTP response body
-     * @return the finalize url to use with {@link finalizeRequest}
+     * @return finalize url to use with {@link finalizeRequest}
      * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
      */
     checkOrderResponse(order) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").check_order_response(order);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").check_order_response(order);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4812,7 +5140,7 @@ class WireE2eIdentity {
      */
     finalizeRequest(previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").finalize_request(previousNonce);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").finalize_request(previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4827,7 +5155,7 @@ class WireE2eIdentity {
      */
     finalizeResponse(finalize) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").finalize_response(finalize);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").finalize_response(finalize);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
@@ -4841,13 +5169,33 @@ class WireE2eIdentity {
      */
     certificateRequest(previousNonce) {
         try {
-            return __classPrivateFieldGet(this, _WireE2eIdentity_e2ei, "f").certificate_request(previousNonce);
+            return __classPrivateFieldGet(this, _E2eiEnrollment_enrollment, "f").certificate_request(previousNonce);
         }
         catch (e) {
             throw CoreCryptoError.fromStdError(e);
         }
     }
 }
-_WireE2eIdentity_e2ei = new WeakMap();
+_E2eiEnrollment_enrollment = new WeakMap();
+/**
+ * Indicates the state of a Conversation regarding end-to-end identity.
+ * Note: this does not check pending state (pending commit, pending proposals) so it does not
+ * consider members about to be added/removed
+ */
+var E2eiConversationState;
+(function (E2eiConversationState) {
+    /**
+     * All clients have a valid E2EI certificate
+     */
+    E2eiConversationState[E2eiConversationState["Verified"] = 1] = "Verified";
+    /**
+     * Some clients are either still Basic or their certificate is expired
+     */
+    E2eiConversationState[E2eiConversationState["Degraded"] = 2] = "Degraded";
+    /**
+     * All clients are still Basic. If all client have expired certificates, Degraded is returned.
+     */
+    E2eiConversationState[E2eiConversationState["NotEnabled"] = 3] = "NotEnabled";
+})(E2eiConversationState || (E2eiConversationState = {}));
 
-export { Ciphersuite, CoreCrypto, CoreCryptoError, CredentialType, ExternalProposalType, GroupInfoEncryptionType, ProposalType, RatchetTreeType, WireE2eIdentity, WirePolicy };
+export { Ciphersuite, CoreCrypto, CoreCryptoError, CredentialType, E2eiConversationState, E2eiEnrollment, ExternalProposalType, GroupInfoEncryptionType, ProposalType, RatchetTreeType, WirePolicy };