@wireapp/core 17.20.2 → 17.22.0

package/src/main/conversation/message/MessageService.test.node.ts

@@ -0,0 +1,163 @@
+/*
+ * Wire
+ * Copyright (C) 2021 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+
+import UUID from 'uuidjs';
+import {StatusCodes} from 'http-status-codes';
+import {APIClient} from '@wireapp/api-client';
+import {MessageSendingStatus, QualifiedUserClients} from '@wireapp/api-client/src/conversation';
+import {CryptographyService} from '../../cryptography';
+import {MessageService} from './MessageService';
+
+const baseMessageSendingStatus: MessageSendingStatus = {
+  deleted: {},
+  missing: {},
+  failed_to_send: {},
+  redundant: {},
+  time: new Date().toISOString(),
+};
+
+type TestUser = {id: string; domain: string; clients: string[]};
+const user1: TestUser = {id: UUID.genV4().toString(), domain: '1.wire.test', clients: ['client1.1', 'client1.2']};
+const user2: TestUser = {id: UUID.genV4().toString(), domain: '2.wire.test', clients: ['client2.1', 'client2.2']};
+
+function generateQualifiedRecipients(users: TestUser[]): QualifiedUserClients {
+  const payload: QualifiedUserClients = {};
+  users.forEach(({id, domain, clients}) => {
+    payload[domain] ||= {};
+    payload[domain][id] = clients;
+  });
+  return payload;
+}
+
+describe('MessageService', () => {
+  const apiClient = new APIClient();
+  const cryptographyService = new CryptographyService(apiClient, {} as any);
+  const messageService = new MessageService(apiClient, cryptographyService);
+  describe('sendFederatedMessage', () => {
+    it('sends a message', async () => {
+      spyOn(apiClient.conversation.api, 'postOTRMessageV2').and.returnValue(Promise.resolve(baseMessageSendingStatus));
+      const recipients = generateQualifiedRecipients([user1, user2]);
+
+      await messageService.sendFederatedOTRMessage(
+        'senderclientid',
+        {id: 'convid', domain: ''},
+        recipients,
+        new Uint8Array(),
+      );
+      expect(apiClient.conversation.api.postOTRMessageV2).toHaveBeenCalled();
+    });
+
+    describe('client mismatch', () => {
+      it('handles client mismatch internally if no onClientMismatch is given', async () => {
+        let spyCounter = 0;
+        const clientMismatch = {...baseMessageSendingStatus, missing: {'2.wire.test': {[user2.id]: ['client22']}}};
+        spyOn(apiClient.conversation.api, 'postOTRMessageV2').and.callFake(() => {
+          spyCounter++;
+          if (spyCounter === 1) {
+            const error = new Error();
+            (error as any).response = {
+              status: StatusCodes.PRECONDITION_FAILED,
+              data: clientMismatch,
+            };
+            return Promise.reject(error);
+          }
+          return Promise.resolve(baseMessageSendingStatus);
+        });
+        spyOn(apiClient.user.api, 'postQualifiedMultiPreKeyBundles').and.returnValue(Promise.resolve({}));
+        spyOn(cryptographyService, 'encryptQualified').and.returnValue(
+          Promise.resolve({'2.wire.test': {[user2.id]: {client22: new Uint8Array()}}}),
+        );
+
+        const recipients = generateQualifiedRecipients([user1, user2]);
+
+        await messageService.sendFederatedOTRMessage(
+          'senderclientid',
+          {id: 'convid', domain: ''},
+          recipients,
+          new Uint8Array(),
+          {reportMissing: true},
+        );
+        expect(apiClient.conversation.api.postOTRMessageV2).toHaveBeenCalledTimes(2);
+      });
+
+      it('continues message sending if onClientMismatch returns true', async () => {
+        const onClientMismatch = jasmine.createSpy().and.returnValue(Promise.resolve(true));
+        const clientMismatch = {...baseMessageSendingStatus, missing: {'2.wire.test': {[user2.id]: ['client22']}}};
+        let spyCounter = 0;
+        spyOn(apiClient.conversation.api, 'postOTRMessageV2').and.callFake(() => {
+          spyCounter++;
+          if (spyCounter === 1) {
+            const error = new Error();
+            (error as any).response = {
+              status: StatusCodes.PRECONDITION_FAILED,
+              data: clientMismatch,
+            };
+            return Promise.reject(error);
+          }
+          return Promise.resolve(baseMessageSendingStatus);
+        });
+        spyOn(apiClient.user.api, 'postQualifiedMultiPreKeyBundles').and.returnValue(Promise.resolve({}));
+        spyOn(cryptographyService, 'encryptQualified').and.returnValue(
+          Promise.resolve({'2.wire.test': {[user2.id]: {client22: new Uint8Array()}}}),
+        );
+
+        const recipients = generateQualifiedRecipients([user1, user2]);
+
+        await messageService.sendFederatedOTRMessage(
+          'senderclientid',
+          {id: 'convid', domain: ''},
+          recipients,
+          new Uint8Array(),
+          {reportMissing: true, onClientMismatch},
+        );
+        expect(apiClient.conversation.api.postOTRMessageV2).toHaveBeenCalledTimes(2);
+        expect(onClientMismatch).toHaveBeenCalledWith(clientMismatch);
+      });
+
+      it('stops message sending if onClientMismatch returns false', async () => {
+        const onClientMismatch = jasmine.createSpy().and.returnValue(Promise.resolve(false));
+        const clientMismatch = {...baseMessageSendingStatus, missing: {'2.wire.test': {[user2.id]: ['client22']}}};
+        spyOn(apiClient.conversation.api, 'postOTRMessageV2').and.callFake(() => {
+          const error = new Error();
+          (error as any).response = {
+            status: StatusCodes.PRECONDITION_FAILED,
+            data: clientMismatch,
+          };
+          return Promise.reject(error);
+        });
+        spyOn(apiClient.user.api, 'postQualifiedMultiPreKeyBundles').and.returnValue(Promise.resolve({}));
+        spyOn(cryptographyService, 'encryptQualified').and.returnValue(
+          Promise.resolve({'2.wire.test': {[user2.id]: {client22: new Uint8Array()}}}),
+        );
+
+        const recipients = generateQualifiedRecipients([user1, user2]);
+
+        await messageService.sendFederatedOTRMessage(
+          'senderclientid',
+          {id: 'convid', domain: ''},
+          recipients,
+          new Uint8Array(),
+          {reportMissing: true, onClientMismatch},
+        );
+        expect(apiClient.conversation.api.postOTRMessageV2).toHaveBeenCalledTimes(1);
+        expect(onClientMismatch).toHaveBeenCalledWith(clientMismatch);
+      });
+    });
+  });
+});

package/src/main/conversation/message/MessageService.ts

@@ -35,11 +35,9 @@ import {
 import {Decoder, Encoder} from 'bazinga64';
 
 import {CryptographyService} from '../../cryptography';
+import {QualifiedId, QualifiedUserPreKeyBundleMap} from '@wireapp/api-client/src/user';
 
-type ClientMismatchError = AxiosError<{
-  deleted: UserClients;
-  missing: UserClients;
-}>;
+type ClientMismatchError = AxiosError<ClientMismatch>;
 
 export class MessageService {
   constructor(private readonly apiClient: APIClient, private readonly cryptographyService: CryptographyService) {}
@@ -75,8 +73,11 @@ export class MessageService {
         ignoreMissing,
       );
     } catch (error) {
+      if (!this.isClientMismatchError(error)) {
+        throw error;
+      }
       const reEncryptedMessage = await this.onClientMismatch(
-        error as AxiosError,
+        error.response!.data,
         {...message, data: base64CipherText ? Decoder.fromBase64(base64CipherText).asBytes : undefined, recipients},
         plainTextArray,
       );
@@ -88,6 +89,10 @@ export class MessageService {
     }
   }
 
+  private isClientMismatchError(error: any): error is ClientMismatchError {
+    return error.response?.status === HTTP_STATUS.PRECONDITION_FAILED;
+  }
+
   private checkFederatedClientsMismatch(
     messageData: ProtobufOTR.QualifiedNewOtrMessage,
     messageSendingStatus: MessageSendingStatus,
@@ -144,13 +149,18 @@ export class MessageService {
 
   public async sendFederatedOTRMessage(
     sendingClientId: string,
-    conversationId: string,
-    conversationDomain: string,
-    recipients: QualifiedOTRRecipients,
+    {id: conversationId, domain}: QualifiedId,
+    recipients: QualifiedUserClients | QualifiedUserPreKeyBundleMap,
     plainTextArray: Uint8Array,
-    assetData?: Uint8Array,
+    options: {
+      assetData?: Uint8Array;
+      reportMissing?: boolean;
+      onClientMismatch?: (mismatch: MessageSendingStatus) => Promise<boolean | undefined>;
+    } = {},
   ): Promise<MessageSendingStatus> {
-    const qualifiedUserEntries = Object.entries(recipients).map<ProtobufOTR.IQualifiedUserEntry>(
+    const otrRecipients = await this.cryptographyService.encryptQualified(plainTextArray, recipients);
+
+    const qualifiedUserEntries = Object.entries(otrRecipients).map<ProtobufOTR.IQualifiedUserEntry>(
       ([domain, otrRecipients]) => {
         const userEntries = Object.entries(otrRecipients).map<ProtobufOTR.IUserEntry>(([userId, otrClientMap]) => {
           const clientEntries = Object.entries(otrClientMap).map<ProtobufOTR.IClientEntry>(([clientId, payload]) => {
@@ -181,8 +191,8 @@ export class MessageService {
       },
     });
 
-    if (assetData) {
-      protoMessage.blob = assetData;
+    if (options.assetData) {
+      protoMessage.blob = options.assetData;
     }
 
     /*
@@ -190,25 +200,33 @@ export class MessageService {
      * missing clients. We have to ignore missing clients because there can be the case that there are clients that
      * don't provide PreKeys (clients from the Pre-E2EE era).
      */
-    protoMessage.ignoreAll = {};
+    if (options.reportMissing) {
+      protoMessage.reportAll = {};
+    } else {
+      protoMessage.ignoreAll = {};
+    }
 
-    const messageSendingStatus = await this.apiClient.conversation.api.postOTRMessageV2(
-      conversationId,
-      conversationDomain,
-      protoMessage,
-    );
+    let sendingStatus: MessageSendingStatus;
+    try {
+      sendingStatus = await this.apiClient.conversation.api.postOTRMessageV2(conversationId, domain, protoMessage);
+    } catch (error) {
+      if (!this.isClientMismatchError(error)) {
+        throw error;
+      }
+      sendingStatus = error.response!.data! as unknown as MessageSendingStatus;
+    }
 
-    const federatedClientsMismatch = this.checkFederatedClientsMismatch(protoMessage, messageSendingStatus);
+    const mismatch = this.checkFederatedClientsMismatch(protoMessage, sendingStatus);
 
-    if (federatedClientsMismatch) {
-      const reEncryptedMessage = await this.onFederatedClientMismatch(
-        protoMessage,
-        federatedClientsMismatch,
-        plainTextArray,
-      );
-      await this.apiClient.conversation.api.postOTRMessageV2(conversationId, conversationDomain, reEncryptedMessage);
+    if (mismatch) {
+      const shouldStopSending = options.onClientMismatch && !(await options.onClientMismatch(mismatch));
+      if (shouldStopSending) {
+        return sendingStatus;
+      }
+      const reEncryptedMessage = await this.onFederatedMismatch(protoMessage, mismatch, plainTextArray);
+      await this.apiClient.conversation.api.postOTRMessageV2(conversationId, domain, reEncryptedMessage);
     }
-    return messageSendingStatus;
+    return sendingStatus;
   }
 
   public async sendOTRProtobufMessage(
@@ -269,7 +287,11 @@ export class MessageService {
         ignoreMissing,
       );
     } catch (error) {
-      const reEncryptedMessage = await this.onClientProtobufMismatch(error as AxiosError, protoMessage, plainTextArray);
+      if (!this.isClientMismatchError(error)) {
+        throw error;
+      }
+      const mismatch = error.response!.data;
+      const reEncryptedMessage = await this.onClientProtobufMismatch(mismatch, protoMessage, plainTextArray);
       if (conversationId === null) {
         return await this.apiClient.broadcast.api.postBroadcastProtobufMessage(sendingClientId, reEncryptedMessage);
       }
@@ -283,182 +305,187 @@ export class MessageService {
   }
 
   private async onClientMismatch(
-    error: AxiosError,
+    clientMismatch: ClientMismatch,
     message: NewOTRMessage<Uint8Array>,
     plainTextArray: Uint8Array,
   ): Promise<NewOTRMessage<Uint8Array>> {
-    if (error.response?.status === HTTP_STATUS.PRECONDITION_FAILED) {
-      const {missing, deleted} = (error as ClientMismatchError).response?.data!;
-
-      const deletedUserIds = Object.keys(deleted);
-      const missingUserIds = Object.keys(missing);
-
-      if (deletedUserIds.length) {
-        for (const deletedUserId of deletedUserIds) {
-          for (const deletedClientId of deleted[deletedUserId]) {
-            const deletedUser = message.recipients[deletedUserId];
-            if (deletedUser) {
-              delete deletedUser[deletedClientId];
-            }
+    const {missing, deleted} = clientMismatch;
+
+    const deletedUserIds = Object.keys(deleted);
+    const missingUserIds = Object.keys(missing);
+
+    if (deletedUserIds.length) {
+      for (const deletedUserId of deletedUserIds) {
+        for (const deletedClientId of deleted[deletedUserId]) {
+          const deletedUser = message.recipients[deletedUserId];
+          if (deletedUser) {
+            delete deletedUser[deletedClientId];
           }
         }
       }
+    }
 
-      if (missingUserIds.length) {
-        const missingPreKeyBundles = await this.apiClient.user.api.postMultiPreKeyBundles(missing);
-        const reEncryptedPayloads = await this.cryptographyService.encrypt(plainTextArray, missingPreKeyBundles);
-        for (const missingUserId of missingUserIds) {
-          for (const missingClientId in reEncryptedPayloads[missingUserId]) {
-            const missingUser = message.recipients[missingUserId];
-            if (!missingUser) {
-              message.recipients[missingUserId] = {};
-            }
-
-            message.recipients[missingUserId][missingClientId] = reEncryptedPayloads[missingUserId][missingClientId];
+    if (missingUserIds.length) {
+      const missingPreKeyBundles = await this.apiClient.user.api.postMultiPreKeyBundles(missing);
+      const reEncryptedPayloads = await this.cryptographyService.encrypt(plainTextArray, missingPreKeyBundles);
+      for (const missingUserId of missingUserIds) {
+        for (const missingClientId in reEncryptedPayloads[missingUserId]) {
+          const missingUser = message.recipients[missingUserId];
+          if (!missingUser) {
+            message.recipients[missingUserId] = {};
           }
+
+          message.recipients[missingUserId][missingClientId] = reEncryptedPayloads[missingUserId][missingClientId];
         }
       }
-
-      return message;
     }
 
-    throw error;
+    return message;
   }
 
   private async onClientProtobufMismatch(
-    error: AxiosError,
+    clientMismatch: {missing: UserClients; deleted: UserClients},
     message: ProtobufOTR.NewOtrMessage,
     plainTextArray: Uint8Array,
   ): Promise<ProtobufOTR.NewOtrMessage> {
-    if (error.response?.status === HTTP_STATUS.PRECONDITION_FAILED) {
-      const {missing, deleted} = (error as ClientMismatchError).response?.data!;
-
-      const deletedUserIds = Object.keys(deleted);
-      const missingUserIds = Object.keys(missing);
-
-      if (deletedUserIds.length) {
-        for (const deletedUserId of deletedUserIds) {
-          for (const deletedClientId of deleted[deletedUserId]) {
-            const deletedUserIndex = message.recipients.findIndex(({user}) => bytesToUUID(user.uuid) === deletedUserId);
-            if (deletedUserIndex > -1) {
-              const deletedClientIndex = message.recipients[deletedUserIndex].clients?.findIndex(({client}) => {
-                return client.client.toString(16) === deletedClientId;
-              });
-              if (typeof deletedClientIndex !== 'undefined' && deletedClientIndex > -1) {
-                delete message.recipients[deletedUserIndex].clients?.[deletedClientIndex!];
-              }
+    const {missing, deleted} = clientMismatch;
+
+    const deletedUserIds = Object.keys(deleted);
+    const missingUserIds = Object.keys(missing);
+
+    if (deletedUserIds.length) {
+      for (const deletedUserId of deletedUserIds) {
+        for (const deletedClientId of deleted[deletedUserId]) {
+          const deletedUserIndex = message.recipients.findIndex(({user}) => bytesToUUID(user.uuid) === deletedUserId);
+          if (deletedUserIndex > -1) {
+            const deletedClientIndex = message.recipients[deletedUserIndex].clients?.findIndex(({client}) => {
+              return client.client.toString(16) === deletedClientId;
+            });
+            if (typeof deletedClientIndex !== 'undefined' && deletedClientIndex > -1) {
+              delete message.recipients[deletedUserIndex].clients?.[deletedClientIndex!];
             }
           }
         }
       }
+    }
 
-      if (missingUserIds.length) {
-        const missingPreKeyBundles = await this.apiClient.user.api.postMultiPreKeyBundles(missing);
-        const reEncryptedPayloads = await this.cryptographyService.encrypt(plainTextArray, missingPreKeyBundles);
-        for (const missingUserId of missingUserIds) {
-          for (const missingClientId in reEncryptedPayloads[missingUserId]) {
-            const missingUserIndex = message.recipients.findIndex(({user}) => bytesToUUID(user.uuid) === missingUserId);
-            if (missingUserIndex === -1) {
-              message.recipients.push({
-                clients: [
-                  {
-                    client: {
-                      client: Long.fromString(missingClientId, 16),
-                    },
-                    text: reEncryptedPayloads[missingUserId][missingClientId],
+    if (missingUserIds.length) {
+      const missingPreKeyBundles = await this.apiClient.user.api.postMultiPreKeyBundles(missing);
+      const reEncryptedPayloads = await this.cryptographyService.encrypt(plainTextArray, missingPreKeyBundles);
+      for (const missingUserId of missingUserIds) {
+        for (const missingClientId in reEncryptedPayloads[missingUserId]) {
+          const missingUserIndex = message.recipients.findIndex(({user}) => bytesToUUID(user.uuid) === missingUserId);
+          if (missingUserIndex === -1) {
+            message.recipients.push({
+              clients: [
+                {
+                  client: {
+                    client: Long.fromString(missingClientId, 16),
                   },
-                ],
-                user: {
-                  uuid: uuidToBytes(missingUserId),
+                  text: reEncryptedPayloads[missingUserId][missingClientId],
                 },
-              });
-            }
+              ],
+              user: {
+                uuid: uuidToBytes(missingUserId),
+              },
+            });
           }
         }
       }
-
-      return message;
     }
 
-    throw error;
+    return message;
   }
 
-  private async onFederatedClientMismatch(
-    messageData: ProtobufOTR.QualifiedNewOtrMessage,
-    messageSendingStatus: MessageSendingStatus,
-    plainTextArray: Uint8Array,
-  ): Promise<ProtobufOTR.QualifiedNewOtrMessage> {
+  private deleteExtraQualifiedClients(
+    message: ProtobufOTR.QualifiedNewOtrMessage,
+    deletedClients: MessageSendingStatus['deleted'],
+  ): ProtobufOTR.QualifiedNewOtrMessage {
     // walk through deleted domain/user map
-    for (const [deletedUserDomain, deletedUserIdClients] of Object.entries(messageSendingStatus.deleted)) {
-      if (!messageData.recipients.find(recipient => recipient.domain === deletedUserDomain)) {
+    for (const [deletedUserDomain, deletedUserIdClients] of Object.entries(deletedClients)) {
+      if (!message.recipients.find(recipient => recipient.domain === deletedUserDomain)) {
         // no user from this domain was deleted
         continue;
       }
       // walk through deleted user ids
       for (const [deletedUserId] of Object.entries(deletedUserIdClients)) {
         // walk through message recipients
-        for (const recipientIndex in messageData.recipients) {
+        for (const recipientIndex in message.recipients) {
           // check if message recipients' domain is the same as the deleted user's domain
-          if (messageData.recipients[recipientIndex].domain === deletedUserDomain) {
+          if (message.recipients[recipientIndex].domain === deletedUserDomain) {
             // check if message recipients' id is the same as the deleted user's id
-            for (const entriesIndex in messageData.recipients[recipientIndex].entries || []) {
-              const uuid = messageData.recipients[recipientIndex].entries![entriesIndex].user?.uuid;
+            for (const entriesIndex in message.recipients[recipientIndex].entries || []) {
+              const uuid = message.recipients[recipientIndex].entries![entriesIndex].user?.uuid;
               if (!!uuid && bytesToUUID(uuid) === deletedUserId) {
                 // delete this user from the message recipients
-                delete messageData.recipients[recipientIndex].entries![entriesIndex];
+                delete message.recipients[recipientIndex].entries![entriesIndex];
               }
             }
           }
         }
       }
     }
+    return message;
+  }
 
-    const missingUserIds = Object.entries(messageSendingStatus.missing);
-    if (missingUserIds.length) {
-      const missingPreKeyBundles = await this.apiClient.user.api.postQualifiedMultiPreKeyBundles(
-        messageSendingStatus.missing,
-      );
-      const reEncryptedPayloads = await this.cryptographyService.encryptQualified(plainTextArray, missingPreKeyBundles);
-
-      // walk through missing domain/user map
-      for (const [missingUserDomain, missingUserIdClients] of missingUserIds) {
-        if (!messageData.recipients.find(recipient => recipient.domain === missingUserDomain)) {
-          // no user from this domain is missing
-          continue;
-        }
+  /**
+   * Will re-encrypt a message when there were some missing clients in the initial send (typically when the server replies with a client mismatch error)
+   *
+   * @param {ProtobufOTR.QualifiedNewOtrMessage} messageData The initial message that was sent
+   * @param {MessageSendingStatus} messageSendingStatus Info about the missing/deleted clients
+   * @param {Uint8Array} plainText The text that should be encrypted for the missing clients
+   * @return resolves with a new message payload that can be sent
+   */
+  private async onFederatedMismatch(
+    message: ProtobufOTR.QualifiedNewOtrMessage,
+    {deleted, missing}: MessageSendingStatus,
+    plainText: Uint8Array,
+  ): Promise<ProtobufOTR.QualifiedNewOtrMessage> {
+    message = this.deleteExtraQualifiedClients(message, deleted);
+    if (Object.keys(missing).length) {
+      const missingPreKeyBundles = await this.apiClient.user.api.postQualifiedMultiPreKeyBundles(missing);
+      const reEncryptedPayloads = await this.cryptographyService.encryptQualified(plainText, missingPreKeyBundles);
+      message = this.addMissingQualifiedClients(message, reEncryptedPayloads);
+    }
+    return message;
+  }
 
-        // walk through missing user ids
-        for (const [missingUserId, missingClientIds] of Object.entries(missingUserIdClients)) {
-          // walk through message recipients
-          for (const recipientIndex in messageData.recipients) {
-            // check if message recipients' domain is the same as the missing user's domain
-            if (messageData.recipients[recipientIndex].domain === missingUserDomain) {
-              // check if there is a recipient with same user id as the missing user's id
-              let userIndex = messageData.recipients[recipientIndex].entries?.findIndex(
-                ({user}) => bytesToUUID(user.uuid) === missingUserId,
-              );
-
-              if (userIndex === -1) {
-                // no recipient found, let's create it
-                userIndex = messageData.recipients[recipientIndex].entries!.push({
+  private addMissingQualifiedClients(
+    messageData: ProtobufOTR.QualifiedNewOtrMessage,
+    reEncryptedPayloads: QualifiedOTRRecipients,
+  ): ProtobufOTR.QualifiedNewOtrMessage {
+    // walk through missing domain/user map
+    for (const [missingDomain, userClients] of Object.entries(reEncryptedPayloads)) {
+      // walk through missing user ids
+      for (const [missingUserId, missingClientIds] of Object.entries(userClients)) {
+        // walk through message recipients
+        for (const domain of messageData.recipients) {
+          // check if message recipients' domain is the same as the missing user's domain
+          if (domain.domain === missingDomain) {
+            // check if there is a recipient with same user id as the missing user's id
+            let userIndex = domain.entries?.findIndex(({user}) => bytesToUUID(user.uuid) === missingUserId);
+
+            if (userIndex === -1) {
+              // no recipient found, let's create it
+              userIndex =
+                domain.entries!.push({
                   user: {
                     uuid: uuidToBytes(missingUserId),
                   },
-                });
-              }
+                }) - 1;
+            }
 
-              const missingUserUUID = messageData.recipients[recipientIndex].entries![userIndex!].user.uuid;
-
-              if (bytesToUUID(missingUserUUID) === missingUserId) {
-                for (const missingClientId of missingClientIds) {
-                  messageData.recipients[recipientIndex].entries![userIndex!].clients ||= [];
-                  messageData.recipients[recipientIndex].entries![userIndex!].clients?.push({
-                    client: {
-                      client: Long.fromString(missingClientId, 16),
-                    },
-                    text: reEncryptedPayloads[missingUserDomain][missingUserId][missingClientId],
-                  });
-                }
+            const missingUserUUID = domain.entries![userIndex!].user.uuid;
+
+            if (bytesToUUID(missingUserUUID) === missingUserId) {
+              for (const [missingClientId, missingClientPayload] of Object.entries(missingClientIds)) {
+                domain.entries![userIndex!].clients ||= [];
+                domain.entries![userIndex!].clients?.push({
+                  client: {
+                    client: Long.fromString(missingClientId, 16),
+                  },
+                  text: missingClientPayload,
+                });
               }
             }
           }

package/src/main/cryptography/CryptographyService.d.ts

@@ -1,7 +1,7 @@
 import type { APIClient } from '@wireapp/api-client';
 import type { PreKey as SerializedPreKey } from '@wireapp/api-client/src/auth/';
 import type { RegisteredClient } from '@wireapp/api-client/src/client/';
-import type { OTRRecipients, QualifiedOTRRecipients } from '@wireapp/api-client/src/conversation/';
+import type { OTRRecipients, QualifiedOTRRecipients, QualifiedUserClients, UserClients } from '@wireapp/api-client/src/conversation/';
 import type { ConversationOtrMessageAddEvent } from '@wireapp/api-client/src/event';
 import type { QualifiedUserPreKeyBundleMap, UserPreKeyBundleMap } from '@wireapp/api-client/src/user/';
 import { Cryptobox } from '@wireapp/cryptobox';
@@ -26,8 +26,8 @@ export declare class CryptographyService {
     createCryptobox(): Promise<SerializedPreKey[]>;
     decrypt(sessionId: string, encodedCiphertext: string): Promise<Uint8Array>;
     private static dismantleSessionId;
-    encryptQualified(plainText: Uint8Array, preKeyBundles: QualifiedUserPreKeyBundleMap): Promise<QualifiedOTRRecipients>;
-    encrypt(plainText: Uint8Array, preKeyBundles: UserPreKeyBundleMap, domain?: string): Promise<OTRRecipients<Uint8Array>>;
+    encryptQualified(plainText: Uint8Array, preKeyBundles: QualifiedUserPreKeyBundleMap | QualifiedUserClients): Promise<QualifiedOTRRecipients>;
+    encrypt(plainText: Uint8Array, users: UserPreKeyBundleMap | UserClients, domain?: string): Promise<OTRRecipients<Uint8Array>>;
     private encryptPayloadForSession;
     initCryptobox(): Promise<void>;
     deleteCryptographyStores(): Promise<boolean[]>;