npm - @wireapp/core-crypto - Versions diffs - 1.0.0-rc.21 → 1.0.0-rc.22 - Mend

@wireapp/core-crypto 1.0.0-rc.21 → 1.0.0-rc.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +1 -1
package/package.json +1 -1
package/platforms/web/core-crypto-ffi_bg.wasm +0 -0
package/platforms/web/corecrypto.d.ts +52 -24
package/platforms/web/corecrypto.js +222 -434

package/README.md CHANGED Viewed

@@ -92,7 +92,7 @@ cargo make "copy-jvm-resources"
 cargo make "copy-android-resources"
 # builds iOS framework
-cargo make "create-swift-package"
+cargo make "ios-create-xcframework"
 # builds wasm binary & TS bindings
 cargo make wasm

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wireapp/core-crypto",
-  "version": "1.0.0-rc.21",
+  "version": "1.0.0-rc.22",
   "description": "CoreCrypto bindings for the Web",
   "type": "module",
   "module": "platforms/web/corecrypto.js",

package/platforms/web/core-crypto-ffi_bg.wasm CHANGED Viewed

Binary file

package/platforms/web/corecrypto.d.ts CHANGED Viewed

@@ -1,3 +1,5 @@
+/* tslint:disable */
+/* eslint-disable */
 /**
 * see [core_crypto::prelude::DeviceStatus]
 */
@@ -677,6 +679,10 @@ export interface CoreCryptoCallbacks {
  */
 export declare class CoreCrypto {
 	#private;
+	/**
+	 * Should only be used internally
+	 */
+	inner(): unknown;
 	/**
 	 * This is your entrypoint to initialize {@link CoreCrypto}!
 	 *
@@ -1215,7 +1221,6 @@ export declare class CoreCrypto {
 	 * Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
 	 * Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
 	 *
-	 * @param clientId - client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:6add501bacd1d90e@example.com`
 	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
 	 * @param handle - user handle e.g. `alice.smith.qa@example.com`
 	 * @param expiryDays - generated x509 certificate expiry
@@ -1223,14 +1228,13 @@ export declare class CoreCrypto {
 	 * @param team - name of the Wire team a user belongs to
 	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCrypto.e2eiRotateAll}
 	 */
-	e2eiNewActivationEnrollment(clientId: string, displayName: string, handle: string, expiryDays: number, ciphersuite: Ciphersuite, team?: string): Promise<E2eiEnrollment>;
+	e2eiNewActivationEnrollment(displayName: string, handle: string, expiryDays: number, ciphersuite: Ciphersuite, team?: string): Promise<E2eiEnrollment>;
 	/**
 	 * Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential)
 	 * having to change/rotate their credential, either because the former one is expired or it
 	 * has been revoked. It lets you change the DisplayName or the handle
 	 * if you need to. Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
 	 *
-	 * @param clientId - client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:6add501bacd1d90e@example.com`
 	 * @param expiryDays - generated x509 certificate expiry
 	 * @param ciphersuite - for generating signing key material
 	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
@@ -1238,7 +1242,7 @@ export declare class CoreCrypto {
 	 * @param team - name of the Wire team a user belongs to
 	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCrypto.e2eiRotateAll}
 	 */
-	e2eiNewRotateEnrollment(clientId: string, expiryDays: number, ciphersuite: Ciphersuite, displayName?: string, handle?: string, team?: string): Promise<E2eiEnrollment>;
+	e2eiNewRotateEnrollment(expiryDays: number, ciphersuite: Ciphersuite, displayName?: string, handle?: string, team?: string): Promise<E2eiEnrollment>;
 	/**
 	 * Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ;
 	 * that means he cannot initialize with a Basic credential
@@ -1276,7 +1280,7 @@ export declare class CoreCrypto {
 	 */
 	e2eiEnrollmentStashPop(handle: Uint8Array): Promise<E2eiEnrollment>;
 	/**
-	 * Indicates when to mark a conversation as degraded i.e. when not all its members have a X509.
+	 * Indicates when to mark a conversation as not verified i.e. when not all its members have a X509.
 	 * Credential generated by Wire's end-to-end identity enrollment
 	 *
 	 * @param conversationId The group's ID
@@ -1309,6 +1313,15 @@ export declare class CoreCrypto {
 	 * @returns a Map with all the identities for a given users. Consumers are then recommended to reduce those identities to determine the actual status of a user.
 	 */
 	getUserIdentities(conversationId: ConversationId, userIds: string[]): Promise<Map<string, WireIdentity[]>>;
+	/**
+	 * Gets the e2ei conversation state from a `GroupInfo`. Useful to check if the group has e2ei
+	 * turned on or not before joining it.
+	 *
+	 * @param groupInfo - a TLS encoded GroupInfo fetched from the Delivery Service
+	 * @param credentialType - kind of Credential to check usage of. Defaults to X509 for now as no other value will give any result.
+	 * @returns see {@link E2eiConversationState}
+	 */
+	getCredentialInUse(groupInfo: Uint8Array, credentialType?: CredentialType): Promise<E2eiConversationState>;
 	/**
 	 * Returns the current version of {@link CoreCrypto}
 	 *
@@ -1334,7 +1347,7 @@ export declare class E2eiEnrollment {
 	 * @param directory HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.1.1
 	 */
-	directoryResponse(directory: JsonRawData): AcmeDirectory;
+	directoryResponse(directory: JsonRawData): Promise<AcmeDirectory>;
 	/**
 	 * For creating a new acme account. This returns a signed JWS-alike request body to send to
 	 * `POST /acme/{provisioner-name}/new-account`.
@@ -1342,27 +1355,27 @@ export declare class E2eiEnrollment {
 	 * @param previousNonce you got from calling `HEAD {@link AcmeDirectory.newNonce}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
 	 */
-	newAccountRequest(previousNonce: string): JsonRawData;
+	newAccountRequest(previousNonce: string): Promise<JsonRawData>;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/new-account`.
 	 * @param account HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
 	 */
-	newAccountResponse(account: JsonRawData): void;
+	newAccountResponse(account: JsonRawData): Promise<void>;
 	/**
 	 * Creates a new acme order for the handle (userId + display name) and the clientId.
 	 *
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-account`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	newOrderRequest(previousNonce: string): JsonRawData;
+	newOrderRequest(previousNonce: string): Promise<JsonRawData>;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/new-order`.
 	 *
 	 * @param order HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	newOrderResponse(order: JsonRawData): NewAcmeOrder;
+	newOrderResponse(order: JsonRawData): Promise<NewAcmeOrder>;
 	/**
 	 * Creates a new authorization request.
 	 *
@@ -1371,14 +1384,14 @@ export declare class E2eiEnrollment {
 	 * previous to this method if you are creating the second authorization)
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
 	 */
-	newAuthzRequest(url: string, previousNonce: string): JsonRawData;
+	newAuthzRequest(url: string, previousNonce: string): Promise<JsonRawData>;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/authz/{authz-id}`
 	 *
 	 * @param authz HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
 	 */
-	newAuthzResponse(authz: JsonRawData): NewAcmeAuthz;
+	newAuthzResponse(authz: JsonRawData): Promise<NewAcmeAuthz>;
 	/**
 	 * Generates a new client Dpop JWT token. It demonstrates proof of possession of the nonces
 	 * (from wire-server & acme server) and will be verified by the acme server when verifying the
@@ -1390,7 +1403,7 @@ export declare class E2eiEnrollment {
 	 * @param expirySecs of the client Dpop JWT. This should be equal to the grace period set in Team Management
 	 * @param backendNonce you get by calling `GET /clients/token/nonce` on wire-server as defined here {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/get_clients__client__nonce}
 	 */
-	createDpopToken(expirySecs: number, backendNonce: string): Uint8Array;
+	createDpopToken(expirySecs: number, backendNonce: string): Promise<Uint8Array>;
 	/**
 	 * Creates a new challenge request for Wire Dpop challenge.
 	 *
@@ -1398,22 +1411,31 @@ export declare class E2eiEnrollment {
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
 	 */
-	newDpopChallengeRequest(accessToken: string, previousNonce: string): JsonRawData;
+	newDpopChallengeRequest(accessToken: string, previousNonce: string): Promise<JsonRawData>;
+	/**
+	 * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}` for the DPoP challenge.
+	 *
+	 * @param challenge HTTP response body
+	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
+	 */
+	newDpopChallengeResponse(challenge: JsonRawData): Promise<void>;
 	/**
 	 * Creates a new challenge request for Wire Oidc challenge.
 	 *
 	 * @param idToken you get back from Identity Provider
+	 * @param refreshToken you get back from Identity Provider to renew the access token
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
 	 */
-	newOidcChallengeRequest(idToken: string, previousNonce: string): JsonRawData;
+	newOidcChallengeRequest(idToken: string, refreshToken: string, previousNonce: string): Promise<JsonRawData>;
 	/**
-	 * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}`.
+	 * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}` for the OIDC challenge.
 	 *
+	 * @param cc the CoreCrypto instance
 	 * @param challenge HTTP response body
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
 	 */
-	newChallengeResponse(challenge: JsonRawData): void;
+	newOidcChallengeResponse(cc: CoreCrypto, challenge: JsonRawData): Promise<void>;
 	/**
 	 * Verifies that the previous challenge has been completed.
 	 *
@@ -1421,7 +1443,7 @@ export declare class E2eiEnrollment {
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/challenge/{challenge-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	checkOrderRequest(orderUrl: string, previousNonce: string): JsonRawData;
+	checkOrderRequest(orderUrl: string, previousNonce: string): Promise<JsonRawData>;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}`.
 	 *
@@ -1429,14 +1451,14 @@ export declare class E2eiEnrollment {
 	 * @return finalize url to use with {@link finalizeRequest}
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	checkOrderResponse(order: JsonRawData): string;
+	checkOrderResponse(order: JsonRawData): Promise<string>;
 	/**
 	 * Final step before fetching the certificate.
 	 *
 	 * @param previousNonce - `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	finalizeRequest(previousNonce: string): JsonRawData;
+	finalizeRequest(previousNonce: string): Promise<JsonRawData>;
 	/**
 	 * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}/finalize`.
 	 *
@@ -1444,14 +1466,20 @@ export declare class E2eiEnrollment {
 	 * @return the certificate url to use with {@link certificateRequest}
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
 	 */
-	finalizeResponse(finalize: JsonRawData): string;
+	finalizeResponse(finalize: JsonRawData): Promise<string>;
 	/**
 	 * Creates a request for finally fetching the x509 certificate.
 	 *
 	 * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}/finalize`
 	 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
 	 */
-	certificateRequest(previousNonce: string): JsonRawData;
+	certificateRequest(previousNonce: string): Promise<JsonRawData>;
+	/**
+	 * Lets clients retrieve the OIDC refresh token to try to renew the user's authorization.
+	 * If it's expired, the user needs to reauthenticate and they will update the refresh token
+	 * in {@link newOidcChallengeRequest}
+	 */
+	getRefreshToken(): Promise<String>;
 }
 /**
  * Indicates the state of a Conversation regarding end-to-end identity.
@@ -1466,9 +1494,9 @@ export declare enum E2eiConversationState {
 	/**
 	 * Some clients are either still Basic or their certificate is expired
 	 */
-	Degraded = 2,
+	NotVerified = 2,
 	/**
-	 * All clients are still Basic. If all client have expired certificates, Degraded is returned.
+	 * All clients are still Basic. If all client have expired certificates, NotVerified is returned.
 	 */
 	NotEnabled = 3
 }

package/platforms/web/corecrypto.js CHANGED Viewed

@@ -1,4 +1,12 @@
 // bindings/js/wasm/core-crypto-ffi.js
+var addHeapObject = function(obj) {
+  if (heap_next === heap.length)
+    heap.push(heap.length + 1);
+  const idx = heap_next;
+  heap_next = heap[idx];
+  heap[idx] = obj;
+  return idx;
+};
 var getObject = function(idx) {
   return heap[idx];
 };
@@ -13,20 +21,16 @@ var takeObject = function(idx) {
   dropObject(idx);
   return ret;
 };
-var addHeapObject = function(obj) {
-  if (heap_next === heap.length)
-    heap.push(heap.length + 1);
-  const idx = heap_next;
-  heap_next = heap[idx];
-  heap[idx] = obj;
-  return idx;
-};
 var getUint8Memory0 = function() {
   if (cachedUint8Memory0 === null || cachedUint8Memory0.byteLength === 0) {
     cachedUint8Memory0 = new Uint8Array(wasm.memory.buffer);
   }
   return cachedUint8Memory0;
 };
+var getStringFromWasm0 = function(ptr, len) {
+  ptr = ptr >>> 0;
+  return cachedTextDecoder.decode(getUint8Memory0().subarray(ptr, ptr + len));
+};
 var passStringToWasm0 = function(arg, malloc, realloc) {
   if (realloc === undefined) {
     const buf = cachedTextEncoder.encode(arg);
@@ -72,10 +76,6 @@ var getFloat64Memory0 = function() {
   }
   return cachedFloat64Memory0;
 };
-var getStringFromWasm0 = function(ptr, len) {
-  ptr = ptr >>> 0;
-  return cachedTextDecoder.decode(getUint8Memory0().subarray(ptr, ptr + len));
-};
 var getBigInt64Memory0 = function() {
   if (cachedBigInt64Memory0 === null || cachedBigInt64Memory0.byteLength === 0) {
     cachedBigInt64Memory0 = new BigInt64Array(wasm.memory.buffer);
@@ -156,13 +156,13 @@ var makeMutClosure = function(arg0, arg1, dtor, f) {
   real.original = state;
   return real;
 };
-var __wbg_adapter_52 = function(arg0, arg1, arg2) {
-  wasm.wasm_bindgen__convert__closures__invoke1_mut__h0b5345ebc12af5e6(arg0, arg1, addHeapObject(arg2));
+var __wbg_adapter_54 = function(arg0, arg1, arg2) {
+  wasm.wasm_bindgen__convert__closures__invoke1_mut__hee2344b2c4dec822(arg0, arg1, addHeapObject(arg2));
 };
-var __wbg_adapter_55 = function(arg0, arg1, arg2) {
+var __wbg_adapter_57 = function(arg0, arg1, arg2) {
   try {
     const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-    wasm.wasm_bindgen__convert__closures__invoke1_mut__h6255f70396e441c6(retptr, arg0, arg1, addHeapObject(arg2));
+    wasm.wasm_bindgen__convert__closures__invoke1_mut__h0822694acdee5799(retptr, arg0, arg1, addHeapObject(arg2));
     var r0 = getInt32Memory0()[retptr / 4 + 0];
     var r1 = getInt32Memory0()[retptr / 4 + 1];
     if (r1) {
@@ -232,8 +232,8 @@ var handleError = function(f, args) {
     wasm.__wbindgen_exn_store(addHeapObject(e));
   }
 };
-var __wbg_adapter_395 = function(arg0, arg1, arg2, arg3) {
-  wasm.wasm_bindgen__convert__closures__invoke2_mut__h636d2f832c212b5e(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
+var __wbg_adapter_406 = function(arg0, arg1, arg2, arg3) {
+  wasm.wasm_bindgen__convert__closures__invoke2_mut__hb07ea52845d244dd(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 };
 async function __wbg_load(module, imports) {
   if (typeof Response === "function" && module instanceof Response) {
@@ -266,32 +266,44 @@ var __wbg_get_imports = function() {
     const ret = ProteusAutoPrekeyBundle.__wrap(arg0);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_object_drop_ref = function(arg0) {
-    takeObject(arg0);
+  imports.wbg.__wbg_acmedirectory_new = function(arg0) {
+    const ret = AcmeDirectory.__wrap(arg0);
+    return addHeapObject(ret);
+  };
+  imports.wbg.__wbg_proposalbundle_new = function(arg0) {
+    const ret = ProposalBundle.__wrap(arg0);
+    return addHeapObject(ret);
+  };
+  imports.wbg.__wbg_newacmeauthz_new = function(arg0) {
+    const ret = NewAcmeAuthz.__wrap(arg0);
+    return addHeapObject(ret);
   };
   imports.wbg.__wbg_commitbundle_new = function(arg0) {
     const ret = CommitBundle.__wrap(arg0);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_number_new = function(arg0) {
-    const ret = arg0;
+  imports.wbg.__wbg_newacmeorder_new = function(arg0) {
+    const ret = NewAcmeOrder.__wrap(arg0);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbg_corecrypto_new = function(arg0) {
-    const ret = CoreCrypto.__wrap(arg0);
+  imports.wbg.__wbindgen_number_new = function(arg0) {
+    const ret = arg0;
     return addHeapObject(ret);
   };
   imports.wbg.__wbg_buffereddecryptedmessage_new = function(arg0) {
     const ret = BufferedDecryptedMessage.__wrap(arg0);
     return addHeapObject(ret);
   };
+  imports.wbg.__wbg_corecrypto_new = function(arg0) {
+    const ret = CoreCrypto.__wrap(arg0);
+    return addHeapObject(ret);
+  };
   imports.wbg.__wbg_ffiwiree2eidentity_new = function(arg0) {
     const ret = FfiWireE2EIdentity.__wrap(arg0);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbg_proposalbundle_new = function(arg0) {
-    const ret = ProposalBundle.__wrap(arg0);
-    return addHeapObject(ret);
+  imports.wbg.__wbindgen_object_drop_ref = function(arg0) {
+    takeObject(arg0);
   };
   imports.wbg.__wbindgen_object_clone_ref = function(arg0) {
     const ret = getObject(arg0);
@@ -301,6 +313,10 @@ var __wbg_get_imports = function() {
     const ret = getObject(arg0) === null;
     return ret;
   };
+  imports.wbg.__wbindgen_string_new = function(arg0, arg1) {
+    const ret = getStringFromWasm0(arg0, arg1);
+    return addHeapObject(ret);
+  };
   imports.wbg.__wbindgen_bigint_from_u64 = function(arg0) {
     const ret = BigInt.asUintN(64, arg0);
     return addHeapObject(ret);
@@ -349,10 +365,6 @@ var __wbg_get_imports = function() {
     const ret = typeof val === "object" && val !== null;
     return ret;
   };
-  imports.wbg.__wbindgen_string_new = function(arg0, arg1) {
-    const ret = getStringFromWasm0(arg0, arg1);
-    return addHeapObject(ret);
-  };
   imports.wbg.__wbg_queueMicrotask_adae4bc085237231 = function(arg0) {
     const ret = getObject(arg0).queueMicrotask;
     return addHeapObject(ret);
@@ -385,18 +397,22 @@ var __wbg_get_imports = function() {
     const ret = getObject(arg0) == getObject(arg1);
     return ret;
   };
-  imports.wbg.__wbg_String_917f38a1211cf44b = function(arg0, arg1) {
+  imports.wbg.__wbindgen_as_number = function(arg0) {
+    const ret = +getObject(arg0);
+    return ret;
+  };
+  imports.wbg.__wbg_String_389b54bd9d25375f = function(arg0, arg1) {
     const ret = String(getObject(arg1));
     const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
     const len1 = WASM_VECTOR_LEN;
     getInt32Memory0()[arg0 / 4 + 1] = len1;
     getInt32Memory0()[arg0 / 4 + 0] = ptr1;
   };
-  imports.wbg.__wbg_getwithrefkey_3b3c46ba20582127 = function(arg0, arg1) {
+  imports.wbg.__wbg_getwithrefkey_4a92a5eca60879b9 = function(arg0, arg1) {
     const ret = getObject(arg0)[getObject(arg1)];
     return addHeapObject(ret);
   };
-  imports.wbg.__wbg_set_8761474ad72b9bf1 = function(arg0, arg1, arg2) {
+  imports.wbg.__wbg_set_9182712abebf82ef = function(arg0, arg1, arg2) {
     getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
   };
   imports.wbg.__wbindgen_is_falsy = function(arg0) {
@@ -870,7 +886,7 @@ var __wbg_get_imports = function() {
         const a = state0.a;
         state0.a = 0;
         try {
-          return __wbg_adapter_395(a, state0.b, arg02, arg12);
+          return __wbg_adapter_406(a, state0.b, arg02, arg12);
         } finally {
           state0.a = a;
         }
@@ -950,12 +966,12 @@ var __wbg_get_imports = function() {
     const ret = wasm.memory;
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_closure_wrapper2200 = function(arg0, arg1, arg2) {
-    const ret = makeMutClosure(arg0, arg1, 356, __wbg_adapter_52);
+  imports.wbg.__wbindgen_closure_wrapper2304 = function(arg0, arg1, arg2) {
+    const ret = makeMutClosure(arg0, arg1, 424, __wbg_adapter_54);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_closure_wrapper9921 = function(arg0, arg1, arg2) {
-    const ret = makeMutClosure(arg0, arg1, 1326, __wbg_adapter_55);
+  imports.wbg.__wbindgen_closure_wrapper10033 = function(arg0, arg1, arg2) {
+    const ret = makeMutClosure(arg0, arg1, 1396, __wbg_adapter_57);
     return addHeapObject(ret);
   };
   return imports;
@@ -991,8 +1007,14 @@ var wasm;
 var heap = new Array(128).fill(undefined);
 heap.push(undefined, null, true, false);
 var heap_next = heap.length;
-var WASM_VECTOR_LEN = 0;
+var cachedTextDecoder = typeof TextDecoder !== "undefined" ? new TextDecoder("utf-8", { ignoreBOM: true, fatal: true }) : { decode: () => {
+  throw Error("TextDecoder not available");
+} };
+if (typeof TextDecoder !== "undefined") {
+  cachedTextDecoder.decode();
+}
 var cachedUint8Memory0 = null;
+var WASM_VECTOR_LEN = 0;
 var cachedTextEncoder = typeof TextEncoder !== "undefined" ? new TextEncoder("utf-8") : { encode: () => {
   throw Error("TextEncoder not available");
 } };
@@ -1008,27 +1030,9 @@ var encodeString = typeof cachedTextEncoder.encodeInto === "function" ? function
 };
 var cachedInt32Memory0 = null;
 var cachedFloat64Memory0 = null;
-var cachedTextDecoder = typeof TextDecoder !== "undefined" ? new TextDecoder("utf-8", { ignoreBOM: true, fatal: true }) : { decode: () => {
-  throw Error("TextDecoder not available");
-} };
-if (typeof TextDecoder !== "undefined") {
-  cachedTextDecoder.decode();
-}
 var cachedBigInt64Memory0 = null;
 var cachedUint32Memory0 = null;
 var cachedUint16Memory0 = null;
-var WirePolicy = Object.freeze({
-  Plaintext: 1,
-  "1": "Plaintext",
-  Ciphertext: 2,
-  "2": "Ciphertext"
-});
-var CredentialType = Object.freeze({
-  Basic: 1,
-  "1": "Basic",
-  X509: 2,
-  "2": "X509"
-});
 var DeviceStatus = Object.freeze({
   Valid: 0,
   "0": "Valid",
@@ -1037,6 +1041,18 @@ var DeviceStatus = Object.freeze({
   Revoked: 2,
   "2": "Revoked"
 });
+var CredentialType = Object.freeze({
+  Basic: 1,
+  "1": "Basic",
+  X509: 2,
+  "2": "X509"
+});
+var WirePolicy = Object.freeze({
+  Plaintext: 1,
+  "1": "Plaintext",
+  Ciphertext: 2,
+  "2": "Ciphertext"
+});
 var Ciphersuite = Object.freeze({
   MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519: 1,
   "1": "MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519",
@@ -1341,28 +1357,24 @@ class CoreCrypto {
     const ret = wasm.corecrypto_e2ei_new_enrollment(this.__wbg_ptr, ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, expiry_days, ciphersuite);
     return takeObject(ret);
   }
-  e2ei_new_activation_enrollment(client_id, display_name, handle, team, expiry_days, ciphersuite) {
-    const ptr0 = passStringToWasm0(client_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+  e2ei_new_activation_enrollment(display_name, handle, team, expiry_days, ciphersuite) {
+    const ptr0 = passStringToWasm0(display_name, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
     const len0 = WASM_VECTOR_LEN;
-    const ptr1 = passStringToWasm0(display_name, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const ptr1 = passStringToWasm0(handle, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
     const len1 = WASM_VECTOR_LEN;
-    const ptr2 = passStringToWasm0(handle, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-    const len2 = WASM_VECTOR_LEN;
-    var ptr3 = isLikeNone(team) ? 0 : passStringToWasm0(team, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-    var len3 = WASM_VECTOR_LEN;
-    const ret = wasm.corecrypto_e2ei_new_activation_enrollment(this.__wbg_ptr, ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, expiry_days, ciphersuite);
+    var ptr2 = isLikeNone(team) ? 0 : passStringToWasm0(team, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    var len2 = WASM_VECTOR_LEN;
+    const ret = wasm.corecrypto_e2ei_new_activation_enrollment(this.__wbg_ptr, ptr0, len0, ptr1, len1, ptr2, len2, expiry_days, ciphersuite);
     return takeObject(ret);
   }
-  e2ei_new_rotate_enrollment(client_id, display_name, handle, team, expiry_days, ciphersuite) {
-    const ptr0 = passStringToWasm0(client_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-    const len0 = WASM_VECTOR_LEN;
-    var ptr1 = isLikeNone(display_name) ? 0 : passStringToWasm0(display_name, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+  e2ei_new_rotate_enrollment(display_name, handle, team, expiry_days, ciphersuite) {
+    var ptr0 = isLikeNone(display_name) ? 0 : passStringToWasm0(display_name, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    var len0 = WASM_VECTOR_LEN;
+    var ptr1 = isLikeNone(handle) ? 0 : passStringToWasm0(handle, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
     var len1 = WASM_VECTOR_LEN;
-    var ptr2 = isLikeNone(handle) ? 0 : passStringToWasm0(handle, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    var ptr2 = isLikeNone(team) ? 0 : passStringToWasm0(team, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
     var len2 = WASM_VECTOR_LEN;
-    var ptr3 = isLikeNone(team) ? 0 : passStringToWasm0(team, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-    var len3 = WASM_VECTOR_LEN;
-    const ret = wasm.corecrypto_e2ei_new_rotate_enrollment(this.__wbg_ptr, ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, expiry_days, ciphersuite);
+    const ret = wasm.corecrypto_e2ei_new_rotate_enrollment(this.__wbg_ptr, ptr0, len0, ptr1, len1, ptr2, len2, expiry_days, ciphersuite);
     return takeObject(ret);
   }
   e2ei_mls_init_only(enrollment, certificate_chain, nb_key_package) {
@@ -1419,6 +1431,12 @@ class CoreCrypto {
     const ret = wasm.corecrypto_get_user_identities(this.__wbg_ptr, ptr0, len0, ptr1, len1);
     return takeObject(ret);
   }
+  get_credential_in_use(group_info, credential_type) {
+    const ptr0 = passArray8ToWasm0(group_info, wasm.__wbindgen_malloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.corecrypto_get_credential_in_use(this.__wbg_ptr, ptr0, len0, credential_type);
+    return takeObject(ret);
+  }
   static version() {
     let deferred1_0;
     let deferred1_1;
@@ -1901,292 +1919,108 @@ class FfiWireE2EIdentity {
     wasm.__wbg_ffiwiree2eidentity_free(ptr);
   }
   directory_response(directory) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      const ptr0 = passArray8ToWasm0(directory, wasm.__wbindgen_malloc);
-      const len0 = WASM_VECTOR_LEN;
-      wasm.ffiwiree2eidentity_directory_response(retptr, this.__wbg_ptr, ptr0, len0);
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return AcmeDirectory.__wrap(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ptr0 = passArray8ToWasm0(directory, wasm.__wbindgen_malloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.ffiwiree2eidentity_directory_response(this.__wbg_ptr, ptr0, len0);
+    return takeObject(ret);
   }
   new_account_request(previous_nonce) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      const ptr0 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len0 = WASM_VECTOR_LEN;
-      wasm.ffiwiree2eidentity_new_account_request(retptr, this.__wbg_ptr, ptr0, len0);
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ptr0 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.ffiwiree2eidentity_new_account_request(this.__wbg_ptr, ptr0, len0);
+    return takeObject(ret);
   }
   new_account_response(account) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.ffiwiree2eidentity_new_account_response(retptr, this.__wbg_ptr, addHeapObject(account));
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ret = wasm.ffiwiree2eidentity_new_account_response(this.__wbg_ptr, addHeapObject(account));
+    return takeObject(ret);
   }
   new_order_request(previous_nonce) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      const ptr0 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len0 = WASM_VECTOR_LEN;
-      wasm.ffiwiree2eidentity_new_order_request(retptr, this.__wbg_ptr, ptr0, len0);
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ptr0 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.ffiwiree2eidentity_new_order_request(this.__wbg_ptr, ptr0, len0);
+    return takeObject(ret);
   }
   new_order_response(order) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.ffiwiree2eidentity_new_order_response(retptr, this.__wbg_ptr, addHeapObject(order));
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return NewAcmeOrder.__wrap(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ret = wasm.ffiwiree2eidentity_new_order_response(this.__wbg_ptr, addHeapObject(order));
+    return takeObject(ret);
   }
   new_authz_request(url, previous_nonce) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      const ptr0 = passStringToWasm0(url, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len0 = WASM_VECTOR_LEN;
-      const ptr1 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len1 = WASM_VECTOR_LEN;
-      wasm.ffiwiree2eidentity_new_authz_request(retptr, this.__wbg_ptr, ptr0, len0, ptr1, len1);
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ptr0 = passStringToWasm0(url, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len1 = WASM_VECTOR_LEN;
+    const ret = wasm.ffiwiree2eidentity_new_authz_request(this.__wbg_ptr, ptr0, len0, ptr1, len1);
+    return takeObject(ret);
   }
   new_authz_response(authz) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.ffiwiree2eidentity_new_authz_response(retptr, this.__wbg_ptr, addHeapObject(authz));
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return NewAcmeAuthz.__wrap(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ret = wasm.ffiwiree2eidentity_new_authz_response(this.__wbg_ptr, addHeapObject(authz));
+    return takeObject(ret);
   }
   create_dpop_token(expiry_secs, backend_nonce) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      const ptr0 = passStringToWasm0(backend_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len0 = WASM_VECTOR_LEN;
-      wasm.ffiwiree2eidentity_create_dpop_token(retptr, this.__wbg_ptr, expiry_secs, ptr0, len0);
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ptr0 = passStringToWasm0(backend_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.ffiwiree2eidentity_create_dpop_token(this.__wbg_ptr, expiry_secs, ptr0, len0);
+    return takeObject(ret);
   }
   new_dpop_challenge_request(access_token, previous_nonce) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      const ptr0 = passStringToWasm0(access_token, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len0 = WASM_VECTOR_LEN;
-      const ptr1 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len1 = WASM_VECTOR_LEN;
-      wasm.ffiwiree2eidentity_new_dpop_challenge_request(retptr, this.__wbg_ptr, ptr0, len0, ptr1, len1);
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ptr0 = passStringToWasm0(access_token, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len1 = WASM_VECTOR_LEN;
+    const ret = wasm.ffiwiree2eidentity_new_dpop_challenge_request(this.__wbg_ptr, ptr0, len0, ptr1, len1);
+    return takeObject(ret);
   }
-  new_oidc_challenge_request(id_token, previous_nonce) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      const ptr0 = passStringToWasm0(id_token, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len0 = WASM_VECTOR_LEN;
-      const ptr1 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len1 = WASM_VECTOR_LEN;
-      wasm.ffiwiree2eidentity_new_oidc_challenge_request(retptr, this.__wbg_ptr, ptr0, len0, ptr1, len1);
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+  new_dpop_challenge_response(challenge) {
+    const ret = wasm.ffiwiree2eidentity_new_dpop_challenge_response(this.__wbg_ptr, addHeapObject(challenge));
+    return takeObject(ret);
   }
-  new_challenge_response(challenge) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.ffiwiree2eidentity_new_challenge_response(retptr, this.__wbg_ptr, addHeapObject(challenge));
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+  new_oidc_challenge_request(id_token, refresh_token, previous_nonce) {
+    const ptr0 = passStringToWasm0(id_token, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passStringToWasm0(refresh_token, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len1 = WASM_VECTOR_LEN;
+    const ptr2 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len2 = WASM_VECTOR_LEN;
+    const ret = wasm.ffiwiree2eidentity_new_oidc_challenge_request(this.__wbg_ptr, ptr0, len0, ptr1, len1, ptr2, len2);
+    return takeObject(ret);
+  }
+  new_oidc_challenge_response(cc, challenge) {
+    _assertClass(cc, CoreCrypto);
+    var ptr0 = cc.__destroy_into_raw();
+    const ret = wasm.ffiwiree2eidentity_new_oidc_challenge_response(this.__wbg_ptr, ptr0, addHeapObject(challenge));
+    return takeObject(ret);
   }
   check_order_request(order_url, previous_nonce) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      const ptr0 = passStringToWasm0(order_url, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len0 = WASM_VECTOR_LEN;
-      const ptr1 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len1 = WASM_VECTOR_LEN;
-      wasm.ffiwiree2eidentity_check_order_request(retptr, this.__wbg_ptr, ptr0, len0, ptr1, len1);
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ptr0 = passStringToWasm0(order_url, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len1 = WASM_VECTOR_LEN;
+    const ret = wasm.ffiwiree2eidentity_check_order_request(this.__wbg_ptr, ptr0, len0, ptr1, len1);
+    return takeObject(ret);
   }
   check_order_response(order) {
-    let deferred2_0;
-    let deferred2_1;
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.ffiwiree2eidentity_check_order_response(retptr, this.__wbg_ptr, addHeapObject(order));
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      var r3 = getInt32Memory0()[retptr / 4 + 3];
-      var ptr1 = r0;
-      var len1 = r1;
-      if (r3) {
-        ptr1 = 0;
-        len1 = 0;
-        throw takeObject(r2);
-      }
-      deferred2_0 = ptr1;
-      deferred2_1 = len1;
-      return getStringFromWasm0(ptr1, len1);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-      wasm.__wbindgen_free(deferred2_0, deferred2_1, 1);
-    }
+    const ret = wasm.ffiwiree2eidentity_check_order_response(this.__wbg_ptr, addHeapObject(order));
+    return takeObject(ret);
   }
   finalize_request(previous_nonce) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      const ptr0 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len0 = WASM_VECTOR_LEN;
-      wasm.ffiwiree2eidentity_finalize_request(retptr, this.__wbg_ptr, ptr0, len0);
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ptr0 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.ffiwiree2eidentity_finalize_request(this.__wbg_ptr, ptr0, len0);
+    return takeObject(ret);
   }
   finalize_response(finalize) {
-    let deferred2_0;
-    let deferred2_1;
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      wasm.ffiwiree2eidentity_finalize_response(retptr, this.__wbg_ptr, addHeapObject(finalize));
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      var r3 = getInt32Memory0()[retptr / 4 + 3];
-      var ptr1 = r0;
-      var len1 = r1;
-      if (r3) {
-        ptr1 = 0;
-        len1 = 0;
-        throw takeObject(r2);
-      }
-      deferred2_0 = ptr1;
-      deferred2_1 = len1;
-      return getStringFromWasm0(ptr1, len1);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-      wasm.__wbindgen_free(deferred2_0, deferred2_1, 1);
-    }
+    const ret = wasm.ffiwiree2eidentity_finalize_response(this.__wbg_ptr, addHeapObject(finalize));
+    return takeObject(ret);
   }
   certificate_request(previous_nonce) {
-    try {
-      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-      const ptr0 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
-      const len0 = WASM_VECTOR_LEN;
-      wasm.ffiwiree2eidentity_certificate_request(retptr, this.__wbg_ptr, ptr0, len0);
-      var r0 = getInt32Memory0()[retptr / 4 + 0];
-      var r1 = getInt32Memory0()[retptr / 4 + 1];
-      var r2 = getInt32Memory0()[retptr / 4 + 2];
-      if (r2) {
-        throw takeObject(r1);
-      }
-      return takeObject(r0);
-    } finally {
-      wasm.__wbindgen_add_to_stack_pointer(16);
-    }
+    const ptr0 = passStringToWasm0(previous_nonce, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.ffiwiree2eidentity_certificate_request(this.__wbg_ptr, ptr0, len0);
+    return takeObject(ret);
+  }
+  get_refresh_token() {
+    const ret = wasm.ffiwiree2eidentity_get_refresh_token(this.__wbg_ptr);
+    return takeObject(ret);
   }
 }
@@ -2584,6 +2418,9 @@ var ExternalProposalType;
 class CoreCrypto2 {
   static #module;
   #cc;
+  inner() {
+    return this.#cc;
+  }
   static #assertModuleLoaded() {
     if (!this.#module) {
       throw new Error("Internal module hasn't been initialized. Please use `await CoreCrypto.init(params)` or `await CoreCrypto.deferredInit(params)` !");
@@ -2667,7 +2504,12 @@ class CoreCrypto2 {
   }
   async createConversation(conversationId, creatorCredentialType, configuration = {}) {
     try {
-      const { ciphersuite, externalSenders, custom = {}, perDomainTrustAnchors = [] } = configuration || {};
+      const {
+        ciphersuite,
+        externalSenders,
+        custom = {},
+        perDomainTrustAnchors = []
+      } = configuration || {};
       const config = new ConversationConfiguration(ciphersuite, externalSenders, custom?.keyRotationSpan, custom?.wirePolicy, perDomainTrustAnchors);
       const ret = await CoreCryptoError.asyncMapErr(this.#cc.create_conversation(conversationId, creatorCredentialType, config));
       return ret;
@@ -2972,12 +2814,12 @@ class CoreCrypto2 {
     const e2ei = await CoreCryptoError.asyncMapErr(this.#cc.e2ei_new_enrollment(clientId, displayName, handle, team, expiryDays, ciphersuite));
     return new E2eiEnrollment(e2ei);
   }
-  async e2eiNewActivationEnrollment(clientId, displayName, handle, expiryDays, ciphersuite, team) {
-    const e2ei = await CoreCryptoError.asyncMapErr(this.#cc.e2ei_new_activation_enrollment(clientId, displayName, handle, team, expiryDays, ciphersuite));
+  async e2eiNewActivationEnrollment(displayName, handle, expiryDays, ciphersuite, team) {
+    const e2ei = await CoreCryptoError.asyncMapErr(this.#cc.e2ei_new_activation_enrollment(displayName, handle, team, expiryDays, ciphersuite));
     return new E2eiEnrollment(e2ei);
   }
-  async e2eiNewRotateEnrollment(clientId, expiryDays, ciphersuite, displayName, handle, team) {
-    const e2ei = await CoreCryptoError.asyncMapErr(this.#cc.e2ei_new_rotate_enrollment(clientId, displayName, handle, team, expiryDays, ciphersuite));
+  async e2eiNewRotateEnrollment(expiryDays, ciphersuite, displayName, handle, team) {
+    const e2ei = await CoreCryptoError.asyncMapErr(this.#cc.e2ei_new_rotate_enrollment(displayName, handle, team, expiryDays, ciphersuite));
     return new E2eiEnrollment(e2ei);
   }
   async e2eiMlsInitOnly(enrollment, certificateChain, nbKeyPackage) {
@@ -3012,6 +2854,10 @@ class CoreCrypto2 {
   async getUserIdentities(conversationId, userIds) {
     return await CoreCryptoError.asyncMapErr(this.#cc.get_user_identities(conversationId, userIds));
   }
+  async getCredentialInUse(groupInfo, credentialType = CredentialType2.X509) {
+    let state = await CoreCryptoError.asyncMapErr(this.#cc.get_credential_in_use(groupInfo, credentialType));
+    return E2eiConversationState[E2eiConversationState[state]];
+  }
   static version() {
     this.#assertModuleLoaded();
     return CoreCrypto.version();
@@ -3029,123 +2875,65 @@ class E2eiEnrollment {
   inner() {
     return this.#enrollment;
   }
-  directoryResponse(directory) {
-    try {
-      return this.#enrollment.directory_response(directory);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async directoryResponse(directory) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.directory_response(directory));
   }
-  newAccountRequest(previousNonce) {
-    try {
-      return this.#enrollment.new_account_request(previousNonce);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async newAccountRequest(previousNonce) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.new_account_request(previousNonce));
   }
-  newAccountResponse(account) {
-    try {
-      return this.#enrollment.new_account_response(account);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async newAccountResponse(account) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.new_account_response(account));
   }
-  newOrderRequest(previousNonce) {
-    try {
-      return this.#enrollment.new_order_request(previousNonce);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async newOrderRequest(previousNonce) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.new_order_request(previousNonce));
   }
-  newOrderResponse(order) {
-    try {
-      return this.#enrollment.new_order_response(order);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async newOrderResponse(order) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.new_order_response(order));
   }
-  newAuthzRequest(url, previousNonce) {
-    try {
-      return this.#enrollment.new_authz_request(url, previousNonce);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async newAuthzRequest(url, previousNonce) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.new_authz_request(url, previousNonce));
   }
-  newAuthzResponse(authz) {
-    try {
-      return this.#enrollment.new_authz_response(authz);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async newAuthzResponse(authz) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.new_authz_response(authz));
   }
-  createDpopToken(expirySecs, backendNonce) {
-    try {
-      return this.#enrollment.create_dpop_token(expirySecs, backendNonce);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async createDpopToken(expirySecs, backendNonce) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.create_dpop_token(expirySecs, backendNonce));
   }
-  newDpopChallengeRequest(accessToken, previousNonce) {
-    try {
-      return this.#enrollment.new_dpop_challenge_request(accessToken, previousNonce);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async newDpopChallengeRequest(accessToken, previousNonce) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.new_dpop_challenge_request(accessToken, previousNonce));
   }
-  newOidcChallengeRequest(idToken, previousNonce) {
-    try {
-      return this.#enrollment.new_oidc_challenge_request(idToken, previousNonce);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async newDpopChallengeResponse(challenge) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.new_dpop_challenge_response(challenge));
   }
-  newChallengeResponse(challenge) {
-    try {
-      return this.#enrollment.new_challenge_response(challenge);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async newOidcChallengeRequest(idToken, refreshToken, previousNonce) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.new_oidc_challenge_request(idToken, refreshToken, previousNonce));
   }
-  checkOrderRequest(orderUrl, previousNonce) {
-    try {
-      return this.#enrollment.check_order_request(orderUrl, previousNonce);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async newOidcChallengeResponse(cc, challenge) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.new_oidc_challenge_response(cc.inner(), challenge));
   }
-  checkOrderResponse(order) {
-    try {
-      return this.#enrollment.check_order_response(order);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async checkOrderRequest(orderUrl, previousNonce) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.check_order_request(orderUrl, previousNonce));
   }
-  finalizeRequest(previousNonce) {
-    try {
-      return this.#enrollment.finalize_request(previousNonce);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async checkOrderResponse(order) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.check_order_response(order));
   }
-  finalizeResponse(finalize) {
-    try {
-      return this.#enrollment.finalize_response(finalize);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async finalizeRequest(previousNonce) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.finalize_request(previousNonce));
   }
-  certificateRequest(previousNonce) {
-    try {
-      return this.#enrollment.certificate_request(previousNonce);
-    } catch (e) {
-      throw CoreCryptoError.fromStdError(e);
-    }
+  async finalizeResponse(finalize) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.finalize_response(finalize));
+  }
+  async certificateRequest(previousNonce) {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.certificate_request(previousNonce));
+  }
+  async getRefreshToken() {
+    return await CoreCryptoError.asyncMapErr(this.#enrollment.get_refresh_token());
   }
 }
 var E2eiConversationState;
 (function(E2eiConversationState2) {
   E2eiConversationState2[E2eiConversationState2["Verified"] = 1] = "Verified";
-  E2eiConversationState2[E2eiConversationState2["Degraded"] = 2] = "Degraded";
+  E2eiConversationState2[E2eiConversationState2["NotVerified"] = 2] = "NotVerified";
   E2eiConversationState2[E2eiConversationState2["NotEnabled"] = 3] = "NotEnabled";
 })(E2eiConversationState || (E2eiConversationState = {}));
 export {