@wireapp/core 30.3.0 → 30.5.0

package/CHANGELOG.md

@@ -3,6 +3,36 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [30.5.0](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/compare/@wireapp/core@30.4.1...@wireapp/core@30.5.0) (2022-09-09)
+
+
+### Features
+
+* **core:** update keys periodically (FS-562) ([#4374](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/issues/4374)) ([9b9d362](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/commit/9b9d362bca320691fb15314cb1a3ef940a51892c))
+
+
+
+
+
+## [30.4.1](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/compare/@wireapp/core@30.4.0...@wireapp/core@30.4.1) (2022-09-08)
+
+**Note:** Version bump only for package @wireapp/core
+
+
+
+
+
+# [30.4.0](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/compare/@wireapp/core@30.3.0...@wireapp/core@30.4.0) (2022-09-07)
+
+
+### Features
+
+* Update getAllParticipantsClients to use better endpoints without a hack ([#4379](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/issues/4379)) ([f38258d](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/commit/f38258db39e81c4b517126792aa6c605b1ea51c5))
+
+
+
+
+
 # [30.3.0](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/compare/@wireapp/core@30.2.0...@wireapp/core@30.3.0) (2022-09-07)
 
 

package/package.json

@@ -7,7 +7,7 @@
     "@otak/core-crypto": "0.3.0-es2017",
     "@types/long": "4.0.1",
     "@types/node": "~14",
-    "@wireapp/api-client": "20.1.0",
+    "@wireapp/api-client": "20.2.1",
     "@wireapp/commons": "4.3.0",
     "@wireapp/cryptobox": "12.8.0",
     "@wireapp/store-engine-dexie": "1.6.10",
@@ -77,6 +77,6 @@
     "test:node": "nyc jasmine --config=jasmine.json",
     "watch": "tsc ---watch"
   },
-  "version": "30.3.0",
-  "gitHead": "0a4d4b6057006da93a731115ab02c9753b155127"
+  "version": "30.5.0",
+  "gitHead": "a2a55f074ebfb3fe5e3a32df1153a9c1ae7091dd"
 }

package/src/main/Account.d.ts

@@ -22,6 +22,7 @@ import { UserService } from './user/';
 import { AccountService } from './account/';
 import { LinkPreviewService } from './linkPreview';
 import { WEBSOCKET_STATE } from '@wireapp/api-client/src/tcp/ReconnectingWebsocket';
+import type { MLSConfig } from './mls/types';
 export declare type ProcessedEventPayload = HandledEventPayload;
 declare enum TOPIC {
     ERROR = "Account.TOPIC.ERROR"
@@ -55,23 +56,6 @@ export interface Account {
     on(event: TOPIC.ERROR, listener: (payload: CoreError) => void): this;
 }
 export declare type CreateStoreFn = (storeName: string, context: Context) => undefined | Promise<CRUDEngine | undefined>;
-declare type SecretCrypto<T> = {
-    encrypt: (value: Uint8Array) => Promise<T>;
-    decrypt: (payload: T) => Promise<Uint8Array>;
-};
-interface MLSConfig<T = any> {
-    /**
-     * encrypt/decrypt function pair that will be called before storing/fetching secrets in the secrets database.
-     * If not provided will use the built in encryption mechanism
-     */
-    secretsCrypto?: SecretCrypto<T>;
-    /**
-     * path on the public server to the core crypto wasm file.
-     * This file will be downloaded lazily when corecrypto is needed.
-     * It, thus, needs to know where, on the server, the file can be found
-     */
-    coreCrypoWasmFilePath: string;
-}
 interface AccountOptions<T> {
     /** Used to store info in the database (will create a inMemory engine if returns undefined) */
     createStore?: CreateStoreFn;

package/src/main/Account.js

@@ -72,6 +72,7 @@ const account_1 = require("./account/");
 const linkPreview_1 = require("./linkPreview");
 const encryptedStore_1 = require("./util/encryptedStore");
 const bazinga64_1 = require("bazinga64");
+const mls_1 = require("./mls");
 var TOPIC;
 (function (TOPIC) {
     TOPIC["ERROR"] = "Account.TOPIC.ERROR";
@@ -137,7 +138,7 @@ class Account extends events_1.EventEmitter {
      * @param cookie The cookie to identify the user against backend (will use the browser's one if not given)
      */
     async init(clientType, cookie, initClient = true) {
-        var _a;
+        var _a, _b;
         const context = await this.apiClient.init(clientType, cookie);
         await this.initServices(context);
         // Assumption: client gets only initialized once
@@ -145,6 +146,8 @@ class Account extends events_1.EventEmitter {
             await this.initClient({ clientType });
             // initialize schedulers for pending mls proposals once client is initialized
             await ((_a = this.service) === null || _a === void 0 ? void 0 : _a.notification.checkExistingPendingProposals());
+            // initialize schedulers for renewing key materials
+            await ((_b = this.service) === null || _b === void 0 ? void 0 : _b.notification.checkForKeyMaterialsUpdate());
         }
         return context;
     }
@@ -230,14 +233,15 @@ class Account extends events_1.EventEmitter {
             nbPrekeys: this.nbPrekeys,
         });
         const clientService = new client_2.ClientService(this.apiClient, this.storeEngine, cryptographyService);
+        const mlsService = new mls_1.MLSService(this.mlsConfig, this.apiClient, () => this.coreCryptoClient);
         const connectionService = new connection_1.ConnectionService(this.apiClient);
         const giphyService = new giphy_1.GiphyService(this.apiClient);
         const linkPreviewService = new linkPreview_1.LinkPreviewService(assetService);
-        const notificationService = new notification_1.NotificationService(this.apiClient, cryptographyService, this.storeEngine, () => this.coreCryptoClient);
+        const notificationService = new notification_1.NotificationService(this.apiClient, cryptographyService, mlsService, this.storeEngine);
         const conversationService = new conversation_1.ConversationService(this.apiClient, cryptographyService, {
             // We can use qualified ids to send messages as long as the backend supports federated endpoints
             useQualifiedIds: this.backendFeatures.federationEndpoints,
-        }, () => this.coreCryptoClient, notificationService);
+        }, notificationService, mlsService);
         const selfService = new self_1.SelfService(this.apiClient);
         const teamService = new team_1.TeamService(this.apiClient);
         const broadcastService = new broadcast_1.BroadcastService(this.apiClient, cryptographyService);

package/src/main/conversation/ConversationService/ConversationService.d.ts

@@ -1,4 +1,3 @@
-import { CoreCrypto } from '@otak/core-crypto';
 import type { APIClient } from '@wireapp/api-client';
 import { MessageSendingStatus, Conversation, DefaultConversationRoleName, MutedStatus, NewConversation, QualifiedUserClients, UserClients, ClientMismatch } from '@wireapp/api-client/src/conversation';
 import type { ConversationMemberLeaveEvent } from '@wireapp/api-client/src/event';
@@ -6,21 +5,22 @@ import type { QualifiedId, UserPreKeyBundleMap } from '@wireapp/api-client/src/u
 import { MessageTimer, RemoveUsersParams } from '../../conversation/';
 import type { RemoteData } from '../content';
 import type { CryptographyService } from '../../cryptography/';
+import type { MLSService } from '../../mls';
+import type { NotificationService } from '../../notification';
 import type { ClearConversationMessage, DeleteMessage, HideMessage, OtrMessage } from '../message/OtrMessage';
 import { XOR } from '@wireapp/commons/src/main/util/TypeUtil';
-import type { NotificationService } from '../../notification';
 import { AddUsersParams, MessageSendingCallbacks, MessageSendingOptions, MLSReturnType, SendMlsMessageParams, SendProteusMessageParams } from './ConversationService.types';
 export declare class ConversationService {
     private readonly apiClient;
     private readonly config;
-    private readonly coreCryptoClientProvider;
     private readonly notificationService;
+    private readonly mlsService;
     readonly messageTimer: MessageTimer;
     private readonly messageService;
     private selfConversationId?;
     constructor(apiClient: APIClient, cryptographyService: CryptographyService, config: {
         useQualifiedIds?: boolean;
-    }, coreCryptoClientProvider: () => CoreCrypto, notificationService: NotificationService);
+    }, notificationService: NotificationService, mlsService: MLSService);
     private createEphemeral;
     private getConversationQualifiedMembers;
     /**
@@ -92,10 +92,6 @@ export declare class ConversationService {
     })>;
     /**
      * Get a fresh list from backend of clients for all the participants of the conversation.
-     * This is a hacky way of getting all the clients for a conversation.
-     * The idea is to send an empty message to the backend to absolutely no users and let backend reply with a mismatch error.
-     * We then get the missing members in the mismatch, that is our fresh list of participants' clients.
-     *
      * @param {string} conversationId
      * @param {string} conversationDomain? - If given will send the message to the new qualified endpoint
      */
@@ -150,12 +146,10 @@ export declare class ConversationService {
      *   ################ MLS Functions ################
      *   ###############################################
      */
-    private getCoreCryptoKeyPackagesPayload;
-    private addUsersToExistingMLSConversation;
     createMLSConversation(conversationData: NewConversation): Promise<MLSReturnType>;
     private sendMLSMessage;
     addUsersToMLSConversation({ qualifiedUserIds, groupId, conversationId, }: Required<AddUsersParams>): Promise<MLSReturnType>;
-    private sendCommitBundleRemovalMessages;
+    private storeLastKeyMaterialUpdateDateWithCurrentTime;
     removeUsersFromMLSConversation({ groupId, conversationId, qualifiedUserIds, }: RemoveUsersParams): Promise<MLSReturnType>;
     /**
      * Will send an external proposal for the current device to join a specific conversation.

package/src/main/conversation/ConversationService/ConversationService.js

@@ -31,17 +31,13 @@ const MessageToProtoMapper_1 = require("../message/MessageToProtoMapper");
 const ConversationService_types_1 = require("./ConversationService.types");
 const bazinga64_1 = require("bazinga64");
 const mapQualifiedUserClientIdsToFullyQualifiedClientIds_1 = require("../../util/mapQualifiedUserClientIdsToFullyQualifiedClientIds");
-//@todo: this function is temporary, we wait for the update from core-crypto side
-//they are returning regular array instead of Uint8Array for commit and welcome messages
-const optionalToUint8Array = (array) => {
-    return Array.isArray(array) ? Uint8Array.from(array) : array;
-};
+const mls_1 = require("../../mls");
 class ConversationService {
-    constructor(apiClient, cryptographyService, config, coreCryptoClientProvider, notificationService) {
+    constructor(apiClient, cryptographyService, config, notificationService, mlsService) {
         this.apiClient = apiClient;
         this.config = config;
-        this.coreCryptoClientProvider = coreCryptoClientProvider;
         this.notificationService = notificationService;
+        this.mlsService = mlsService;
         this.messageTimer = new conversation_2.MessageTimer();
         this.messageService = new MessageService_1.MessageService(this.apiClient, cryptographyService);
     }
@@ -63,11 +59,10 @@ class ConversationService {
          * yourself in the list of users if you want to sync a message also to your
          * other clients.
          */
-        return (conversation.members.others
+        return conversation.members.others
             .filter(member => !!member.qualified_id)
             .map(member => member.qualified_id)
-            // TODO(Federation): Use 'domain' from 'conversation.members.self' when backend has it implemented
-            .concat({ domain: this.apiClient.context.domain, id: conversation.members.self.id }));
+            .concat(conversation.members.self.qualified_id);
     }
     /**
      * Will generate a prekey bundle for specific users.
@@ -515,37 +510,18 @@ class ConversationService {
     }
     /**
      * Get a fresh list from backend of clients for all the participants of the conversation.
-     * This is a hacky way of getting all the clients for a conversation.
-     * The idea is to send an empty message to the backend to absolutely no users and let backend reply with a mismatch error.
-     * We then get the missing members in the mismatch, that is our fresh list of participants' clients.
-     *
      * @param {string} conversationId
      * @param {string} conversationDomain? - If given will send the message to the new qualified endpoint
      */
-    getAllParticipantsClients(conversationId, conversationDomain) {
-        const sendingClientId = this.apiClient.validatedClientId;
-        const recipients = {};
-        const text = new Uint8Array();
-        return new Promise(async (resolve) => {
-            const onClientMismatch = (mismatch) => {
-                resolve(mismatch.missing);
-                // When the mismatch happens, we ask the messageService to cancel the sending
-                return false;
-            };
-            if (conversationDomain && this.config.useQualifiedIds) {
-                await this.messageService.sendFederatedMessage(sendingClientId, recipients, text, {
-                    conversationId: { id: conversationId, domain: conversationDomain },
-                    onClientMismatch,
-                    reportMissing: true,
-                });
-            }
-            else {
-                await this.messageService.sendMessage(sendingClientId, recipients, text, {
-                    conversationId,
-                    onClientMismatch,
-                });
-            }
-        });
+    async getAllParticipantsClients(conversationId, conversationDomain) {
+        const qualifiedMembers = await this.getConversationQualifiedMembers(conversationDomain ? { id: conversationId, domain: conversationDomain } : conversationId);
+        const allClients = await this.apiClient.api.user.postListClients({ qualified_users: qualifiedMembers });
+        const qualifiedUserClients = {};
+        Object.entries(allClients.qualified_user_map).map(([domain, userClientMap]) => Object.entries(userClientMap).map(async ([userId, clients]) => {
+            qualifiedUserClients[domain] || (qualifiedUserClients[domain] = {});
+            qualifiedUserClients[domain][userId] = clients.map(client => client.id);
+        }));
+        return qualifiedUserClients;
     }
     async deleteMessageLocal(conversationId, messageIdToHide, sendAsProtobuf, conversationDomain) {
         const messageId = MessageBuilder_1.MessageBuilder.createId();
@@ -810,46 +786,6 @@ class ConversationService {
      *   ################ MLS Functions ################
      *   ###############################################
      */
-    async getCoreCryptoKeyPackagesPayload(qualifiedUsers) {
-        /**
-         * @note We need to fetch key packages for all the users
-         * we want to add to the new MLS conversations,
-         * includes self user too.
-         */
-        const keyPackages = await Promise.all([
-            ...qualifiedUsers.map(({ id, domain, skipOwn }) => this.apiClient.api.client.claimMLSKeyPackages(id, domain, skipOwn)),
-        ]);
-        const coreCryptoKeyPackagesPayload = keyPackages.reduce((previousValue, currentValue) => {
-            // skip users that have not uploaded their MLS key packages
-            if (currentValue.key_packages.length > 0) {
-                return [
-                    ...previousValue,
-                    ...currentValue.key_packages.map(keyPackage => ({
-                        id: bazinga64_1.Encoder.toBase64(keyPackage.client).asBytes,
-                        kp: bazinga64_1.Decoder.fromBase64(keyPackage.key_package).asBytes,
-                    })),
-                ];
-            }
-            return previousValue;
-        }, []);
-        return coreCryptoKeyPackagesPayload;
-    }
-    async addUsersToExistingMLSConversation(groupIdDecodedFromBase64, invitee) {
-        const coreCryptoClient = this.coreCryptoClientProvider();
-        const memberAddedMessages = await coreCryptoClient.addClientsToConversation(groupIdDecodedFromBase64, invitee);
-        if (memberAddedMessages === null || memberAddedMessages === void 0 ? void 0 : memberAddedMessages.welcome) {
-            //@todo: it's temporary - we wait for core-crypto fix to return the actual Uint8Array instead of regular array
-            await this.apiClient.api.conversation.postMlsWelcomeMessage(optionalToUint8Array(memberAddedMessages.welcome));
-        }
-        if (memberAddedMessages === null || memberAddedMessages === void 0 ? void 0 : memberAddedMessages.commit) {
-            const messageResponse = await this.apiClient.api.conversation.postMlsMessage(
-            //@todo: it's temporary - we wait for core-crypto fix to return the actual Uint8Array instead of regular array
-            optionalToUint8Array(memberAddedMessages.commit));
-            await coreCryptoClient.commitAccepted(groupIdDecodedFromBase64);
-            return messageResponse;
-        }
-        return null;
-    }
     async createMLSConversation(conversationData) {
         /**
          * @note For creating MLS conversations the users & qualified_users
@@ -866,9 +802,8 @@ class ConversationService {
         if (!selfUserId) {
             throw new Error('You need to pass self user qualified id in order to create an MLS conversation');
         }
-        const coreCryptoClient = this.coreCryptoClientProvider();
-        await coreCryptoClient.createConversation(groupIdDecodedFromBase64);
-        const coreCryptoKeyPackagesPayload = await this.getCoreCryptoKeyPackagesPayload([
+        await this.mlsService.createConversation(groupIdDecodedFromBase64);
+        const coreCryptoKeyPackagesPayload = await this.mlsService.getKeyPackagesPayload([
             {
                 id: selfUserId.id,
                 domain: selfUserId.domain,
@@ -880,8 +815,14 @@ class ConversationService {
             },
             ...qualifiedUsers,
         ]);
-        const response = await this.addUsersToExistingMLSConversation(groupIdDecodedFromBase64, coreCryptoKeyPackagesPayload);
+        const response = await this.mlsService.addUsersToExistingConversation(groupIdDecodedFromBase64, coreCryptoKeyPackagesPayload);
         await this.notificationService.saveConversationGroupId(newConversation);
+        //We store the info when conversation (along with key material) was created, so we will know when to renew it
+        const groupCreationTimeStamp = new Date().getTime();
+        await this.notificationService.storeLastKeyMaterialUpdateDate({
+            previousUpdateDate: groupCreationTimeStamp,
+            groupId,
+        });
         // We fetch the fresh version of the conversation created on backend with the newly added users
         const conversation = await this.getConversations(qualifiedId.id);
         return {
@@ -895,8 +836,7 @@ class ConversationService {
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
         // immediately execute pending commits before sending the message
         await this.notificationService.commitPendingProposals({ groupId });
-        const coreCryptoClient = this.coreCryptoClientProvider();
-        const encrypted = await coreCryptoClient.encryptMessage(groupIdBytes, protocol_messaging_1.GenericMessage.encode(genericMessage).finish());
+        const encrypted = await this.mlsService.encryptMessage(groupIdBytes, protocol_messaging_1.GenericMessage.encode(genericMessage).finish());
         try {
             const { time = '' } = await this.apiClient.api.conversation.postMlsMessage(encrypted);
             onSuccess === null || onSuccess === void 0 ? void 0 : onSuccess(genericMessage, (time === null || time === void 0 ? void 0 : time.length) > 0 ? time : new Date().toISOString());
@@ -908,36 +848,25 @@ class ConversationService {
     }
     async addUsersToMLSConversation({ qualifiedUserIds, groupId, conversationId, }) {
         const groupIdDecodedFromBase64 = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        const coreCryptoKeyPackagesPayload = await this.getCoreCryptoKeyPackagesPayload([...qualifiedUserIds]);
-        const response = await this.addUsersToExistingMLSConversation(groupIdDecodedFromBase64, coreCryptoKeyPackagesPayload);
+        const coreCryptoKeyPackagesPayload = await this.mlsService.getKeyPackagesPayload([...qualifiedUserIds]);
+        const response = await this.mlsService.addUsersToExistingConversation(groupIdDecodedFromBase64, coreCryptoKeyPackagesPayload);
         const conversation = await this.getConversations(conversationId.id);
         return {
             events: (response === null || response === void 0 ? void 0 : response.events) || [],
             conversation,
         };
     }
-    async sendCommitBundleRemovalMessages(groupIdDecodedFromBase64, commitBundle) {
-        const coreCryptoClient = this.coreCryptoClientProvider();
-        if (commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.welcome) {
-            //@todo: it's temporary - we wait for core-crypto fix to return the actual Uint8Array instead of regular array
-            await this.apiClient.api.conversation.postMlsWelcomeMessage(optionalToUint8Array(commitBundle.welcome));
-        }
-        if (commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.commit) {
-            const messageResponse = await this.apiClient.api.conversation.postMlsMessage(
-            //@todo: it's temporary - we wait for core-crypto fix to return the actual Uint8Array instead of regular array
-            optionalToUint8Array(commitBundle.commit));
-            await coreCryptoClient.commitAccepted(groupIdDecodedFromBase64);
-            return messageResponse;
-        }
-        return null;
+    async storeLastKeyMaterialUpdateDateWithCurrentTime(groupId) {
+        const currentTime = new Date().getTime();
+        await this.notificationService.storeLastKeyMaterialUpdateDate({ groupId, previousUpdateDate: currentTime });
     }
     async removeUsersFromMLSConversation({ groupId, conversationId, qualifiedUserIds, }) {
-        const coreCryptoClient = this.coreCryptoClientProvider();
         const groupIdDecodedFromBase64 = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
         const clientsToRemove = await this.apiClient.api.user.postListClients({ qualified_users: qualifiedUserIds });
         const fullyQualifiedClientIds = (0, mapQualifiedUserClientIdsToFullyQualifiedClientIds_1.mapQualifiedUserClientIdsToFullyQualifiedClientIds)(clientsToRemove.qualified_user_map);
-        const commitBundle = await coreCryptoClient.removeClientsFromConversation(groupIdDecodedFromBase64, fullyQualifiedClientIds);
-        const messageResponse = await this.sendCommitBundleRemovalMessages(groupIdDecodedFromBase64, commitBundle);
+        const messageResponse = await this.mlsService.removeClientsFromConversation(groupIdDecodedFromBase64, fullyQualifiedClientIds);
+        //key material gets updated after removing a user from the group, so we can reset last key update time value in the store
+        await this.storeLastKeyMaterialUpdateDateWithCurrentTime(groupId);
         const conversation = await this.getConversations(conversationId.id);
         return {
             events: (messageResponse === null || messageResponse === void 0 ? void 0 : messageResponse.events) || [],
@@ -951,20 +880,20 @@ class ConversationService {
      * @param epoch The current epoch of the local conversation
      */
     async sendExternalJoinProposal(conversationGroupId, epoch) {
-        const coreCryptoClient = this.coreCryptoClientProvider();
         const groupIdDecodedFromBase64 = bazinga64_1.Decoder.fromBase64(conversationGroupId).asBytes;
-        const externalProposal = await coreCryptoClient.newExternalProposal(0 /* Add */, {
+        const externalProposal = await this.mlsService.newExternalProposal(0 /* Add */, {
             epoch,
             conversationId: groupIdDecodedFromBase64,
         });
         await this.apiClient.api.conversation.postMlsMessage(
         //@todo: it's temporary - we wait for core-crypto fix to return the actual Uint8Array instead of regular array
-        optionalToUint8Array(externalProposal));
+        (0, mls_1.optionalToUint8Array)(externalProposal));
+        //We store the info when user was added (and key material was created), so we will know when to renew it
+        await this.storeLastKeyMaterialUpdateDateWithCurrentTime(conversationGroupId);
     }
     async isMLSConversationEstablished(conversationGroupId) {
-        const coreCryptoClient = this.coreCryptoClientProvider();
         const groupIdDecodedFromBase64 = bazinga64_1.Decoder.fromBase64(conversationGroupId).asBytes;
-        return coreCryptoClient.conversationExists(groupIdDecodedFromBase64);
+        return this.mlsService.conversationExists(groupIdDecodedFromBase64);
     }
 }
 exports.ConversationService = ConversationService;

package/src/main/cryptography/CryptographyDatabaseRepository.d.ts

@@ -6,7 +6,8 @@ export declare enum DatabaseStores {
     PRE_KEYS = "prekeys",
     SESSIONS = "sessions",
     GROUP_IDS = "group_ids",
-    PENDING_PROPOSALS = "pending_proposals"
+    PENDING_PROPOSALS = "pending_proposals",
+    LAST_KEY_MATERIAL_UPDATE_DATES = "last_key_material_update_dates"
 }
 export declare class CryptographyDatabaseRepository {
     private readonly storeEngine;

package/src/main/cryptography/CryptographyDatabaseRepository.js

@@ -28,6 +28,7 @@ var DatabaseStores;
     DatabaseStores["SESSIONS"] = "sessions";
     DatabaseStores["GROUP_IDS"] = "group_ids";
     DatabaseStores["PENDING_PROPOSALS"] = "pending_proposals";
+    DatabaseStores["LAST_KEY_MATERIAL_UPDATE_DATES"] = "last_key_material_update_dates";
 })(DatabaseStores = exports.DatabaseStores || (exports.DatabaseStores = {}));
 class CryptographyDatabaseRepository {
     constructor(storeEngine) {

package/src/main/mls/MLSService/MLSService.d.ts

@@ -0,0 +1,26 @@
+import { AddProposalArgs, CommitBundle, ConversationConfiguration, ConversationId, CoreCrypto, DecryptedMessage, ExternalProposalArgs, ExternalProposalType, ExternalRemoveProposalArgs, Invitee, ProposalArgs, ProposalType, RemoveProposalArgs } from '@otak/core-crypto/platforms/web/corecrypto';
+import { APIClient } from '@wireapp/api-client';
+import { QualifiedUsers } from '../../conversation';
+import type { MLSConfig } from '../types';
+import { PostMlsMessageResponse } from '@wireapp/api-client/src/conversation';
+export declare const optionalToUint8Array: (array: Uint8Array | []) => Uint8Array;
+export declare class MLSService {
+    readonly config: MLSConfig | undefined;
+    private readonly apiClient;
+    private readonly coreCryptoClientProvider;
+    constructor(config: MLSConfig | undefined, apiClient: APIClient, coreCryptoClientProvider: () => CoreCrypto | undefined);
+    private getCoreCryptoClient;
+    private uploadCommitBundle;
+    addUsersToExistingConversation(groupIdDecodedFromBase64: Uint8Array, invitee: Invitee[]): Promise<PostMlsMessageResponse | null>;
+    getKeyPackagesPayload(qualifiedUsers: QualifiedUsers[]): Promise<Invitee[]>;
+    newProposal(proposalType: ProposalType, args: ProposalArgs | AddProposalArgs | RemoveProposalArgs): Promise<Uint8Array>;
+    newExternalProposal(externalProposalType: ExternalProposalType, args: ExternalProposalArgs | ExternalRemoveProposalArgs): Promise<Uint8Array>;
+    processWelcomeMessage(welcomeMessage: Uint8Array): Promise<ConversationId>;
+    decryptMessage(conversationId: ConversationId, payload: Uint8Array): Promise<DecryptedMessage>;
+    encryptMessage(conversationId: ConversationId, message: Uint8Array): Promise<Uint8Array>;
+    updateKeyingMaterial(conversationId: ConversationId): Promise<PostMlsMessageResponse | null>;
+    createConversation(conversationId: ConversationId, configuration?: ConversationConfiguration): Promise<any>;
+    removeClientsFromConversation(conversationId: ConversationId, clientIds: Uint8Array[]): Promise<PostMlsMessageResponse | null>;
+    commitPendingProposals(conversationId: ConversationId): Promise<CommitBundle>;
+    conversationExists(conversationId: ConversationId): Promise<boolean>;
+}

package/src/main/mls/MLSService/MLSService.js

@@ -0,0 +1,131 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2022 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MLSService = exports.optionalToUint8Array = void 0;
+const bazinga64_1 = require("bazinga64");
+//@todo: this function is temporary, we wait for the update from core-crypto side
+//they are returning regular array instead of Uint8Array for commit and welcome messages
+const optionalToUint8Array = (array) => {
+    return Array.isArray(array) ? Uint8Array.from(array) : array;
+};
+exports.optionalToUint8Array = optionalToUint8Array;
+class MLSService {
+    constructor(config, apiClient, coreCryptoClientProvider) {
+        this.config = config;
+        this.apiClient = apiClient;
+        this.coreCryptoClientProvider = coreCryptoClientProvider;
+    }
+    getCoreCryptoClient() {
+        const client = this.coreCryptoClientProvider();
+        if (!client) {
+            throw new Error('Could not get coreCryptoClient');
+        }
+        return client;
+    }
+    async uploadCommitBundle(groupIdDecodedFromBase64, commitBundle) {
+        const coreCryptoClient = this.getCoreCryptoClient();
+        if (commitBundle.welcome) {
+            //@todo: it's temporary - we wait for core-crypto fix to return the actual Uint8Array instead of regular array
+            await this.apiClient.api.conversation.postMlsWelcomeMessage((0, exports.optionalToUint8Array)(commitBundle.welcome));
+        }
+        if (commitBundle.commit) {
+            const messageResponse = await this.apiClient.api.conversation.postMlsMessage(
+            //@todo: it's temporary - we wait for core-crypto fix to return the actual Uint8Array instead of regular array
+            (0, exports.optionalToUint8Array)(commitBundle.commit));
+            await coreCryptoClient.commitAccepted(groupIdDecodedFromBase64);
+            return messageResponse;
+        }
+        return null;
+    }
+    async addUsersToExistingConversation(groupIdDecodedFromBase64, invitee) {
+        const coreCryptoClient = this.getCoreCryptoClient();
+        const memberAddedMessages = await coreCryptoClient.addClientsToConversation(groupIdDecodedFromBase64, invitee);
+        if (memberAddedMessages === null || memberAddedMessages === void 0 ? void 0 : memberAddedMessages.welcome) {
+            //@todo: it's temporary - we wait for core-crypto fix to return the actual Uint8Array instead of regular array
+            await this.apiClient.api.conversation.postMlsWelcomeMessage((0, exports.optionalToUint8Array)(memberAddedMessages.welcome));
+        }
+        if (memberAddedMessages === null || memberAddedMessages === void 0 ? void 0 : memberAddedMessages.commit) {
+            const messageResponse = await this.apiClient.api.conversation.postMlsMessage(
+            //@todo: it's temporary - we wait for core-crypto fix to return the actual Uint8Array instead of regular array
+            (0, exports.optionalToUint8Array)(memberAddedMessages.commit));
+            await coreCryptoClient.commitAccepted(groupIdDecodedFromBase64);
+            return messageResponse;
+        }
+        return null;
+    }
+    async getKeyPackagesPayload(qualifiedUsers) {
+        /**
+         * @note We need to fetch key packages for all the users
+         * we want to add to the new MLS conversations,
+         * includes self user too.
+         */
+        const keyPackages = await Promise.all([
+            ...qualifiedUsers.map(({ id, domain, skipOwn }) => this.apiClient.api.client.claimMLSKeyPackages(id, domain, skipOwn)),
+        ]);
+        const coreCryptoKeyPackagesPayload = keyPackages.reduce((previousValue, currentValue) => {
+            // skip users that have not uploaded their MLS key packages
+            if (currentValue.key_packages.length > 0) {
+                return [
+                    ...previousValue,
+                    ...currentValue.key_packages.map(keyPackage => ({
+                        id: bazinga64_1.Encoder.toBase64(keyPackage.client).asBytes,
+                        kp: bazinga64_1.Decoder.fromBase64(keyPackage.key_package).asBytes,
+                    })),
+                ];
+            }
+            return previousValue;
+        }, []);
+        return coreCryptoKeyPackagesPayload;
+    }
+    async newProposal(proposalType, args) {
+        return this.getCoreCryptoClient().newProposal(proposalType, args);
+    }
+    async newExternalProposal(externalProposalType, args) {
+        return this.getCoreCryptoClient().newExternalProposal(externalProposalType, args);
+    }
+    async processWelcomeMessage(welcomeMessage) {
+        return this.getCoreCryptoClient().processWelcomeMessage(welcomeMessage);
+    }
+    async decryptMessage(conversationId, payload) {
+        return this.getCoreCryptoClient().decryptMessage(conversationId, payload);
+    }
+    async encryptMessage(conversationId, message) {
+        return this.getCoreCryptoClient().encryptMessage(conversationId, message);
+    }
+    async updateKeyingMaterial(conversationId) {
+        const commitBundle = await this.getCoreCryptoClient().updateKeyingMaterial(conversationId);
+        return this.uploadCommitBundle(conversationId, commitBundle);
+    }
+    async createConversation(conversationId, configuration) {
+        return this.getCoreCryptoClient().createConversation(conversationId, configuration);
+    }
+    async removeClientsFromConversation(conversationId, clientIds) {
+        const commitBundle = await this.getCoreCryptoClient().removeClientsFromConversation(conversationId, clientIds);
+        return this.uploadCommitBundle(conversationId, commitBundle);
+    }
+    async commitPendingProposals(conversationId) {
+        return this.getCoreCryptoClient().commitPendingProposals(conversationId);
+    }
+    async conversationExists(conversationId) {
+        return this.getCoreCryptoClient().conversationExists(conversationId);
+    }
+}
+exports.MLSService = MLSService;
+//# sourceMappingURL=MLSService.js.map

package/src/main/mls/index.d.ts

@@ -0,0 +1 @@
+export * from './MLSService/MLSService';

package/src/main/mls/index.js

@@ -0,0 +1,32 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2022 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./MLSService/MLSService"), exports);
+//# sourceMappingURL=index.js.map

package/src/main/mls/types.d.ts

@@ -0,0 +1,22 @@
+declare type SecretCrypto<T> = {
+    encrypt: (value: Uint8Array) => Promise<T>;
+    decrypt: (payload: T) => Promise<Uint8Array>;
+};
+export interface MLSConfig<T = any> {
+    /**
+     * encrypt/decrypt function pair that will be called before storing/fetching secrets in the secrets database.
+     * If not provided will use the built in encryption mechanism
+     */
+    secretsCrypto?: SecretCrypto<T>;
+    /**
+     * path on the public server to the core crypto wasm file.
+     * This file will be downloaded lazily when corecrypto is needed.
+     * It, thus, needs to know where, on the server, the file can be found
+     */
+    coreCrypoWasmFilePath: string;
+    /**
+     * (milliseconds) period of time between automatic updates of the keying material (30 days by default)
+     */
+    keyingMaterialUpdateThreshold?: number;
+}
+export {};

package/src/main/mls/types.js

@@ -0,0 +1,21 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2022 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/src/main/notification/NotificationDatabaseRepository.d.ts

@@ -1,7 +1,7 @@
 import type { BackendEvent } from '@wireapp/api-client/src/event';
 import type { Notification } from '@wireapp/api-client/src/notification/';
 import type { CRUDEngine } from '@wireapp/store-engine';
-import { CommonMLS, CompoundGroupIdParams, StorePendingProposalsParams } from './types';
+import { CommonMLS, CompoundGroupIdParams, LastKeyMaterialUpdateParams, StorePendingProposalsParams } from './types';
 export declare enum DatabaseStores {
     EVENTS = "events"
 }
@@ -42,4 +42,25 @@ export declare class NotificationDatabaseRepository {
      *
      */
     getStoredPendingProposals(): Promise<StorePendingProposalsParams[]>;
+    /**
+     * ## MLS only ##
+     * Store groupIds with last key material update dates.
+     *
+     * @param {groupId} params.groupId - groupId of the mls conversation
+     * @param {previousUpdateDate} params.previousUpdateDate - date of the previous key material update
+     */
+    storeLastKeyMaterialUpdateDate(params: LastKeyMaterialUpdateParams): Promise<boolean>;
+    /**
+     * ## MLS only ##
+     * Delete stored entries for last key materials update dates.
+     *
+     * @param {groupId} groupId - of the mls conversation
+     */
+    deleteLastKeyMaterialUpdateDate({ groupId }: CommonMLS): Promise<boolean>;
+    /**
+     * ## MLS only ##
+     * Get all stored entries for last key materials update dates.
+     *
+     */
+    getStoredLastKeyMaterialUpdateDates(): Promise<LastKeyMaterialUpdateParams[]>;
 }

package/src/main/notification/NotificationDatabaseRepository.js

@@ -102,6 +102,35 @@ class NotificationDatabaseRepository {
     async getStoredPendingProposals() {
         return this.storeEngine.readAll(STORES.PENDING_PROPOSALS);
     }
+    /**
+     * ## MLS only ##
+     * Store groupIds with last key material update dates.
+     *
+     * @param {groupId} params.groupId - groupId of the mls conversation
+     * @param {previousUpdateDate} params.previousUpdateDate - date of the previous key material update
+     */
+    async storeLastKeyMaterialUpdateDate(params) {
+        await this.storeEngine.updateOrCreate(STORES.LAST_KEY_MATERIAL_UPDATE_DATES, `${params.groupId}`, params);
+        return true;
+    }
+    /**
+     * ## MLS only ##
+     * Delete stored entries for last key materials update dates.
+     *
+     * @param {groupId} groupId - of the mls conversation
+     */
+    async deleteLastKeyMaterialUpdateDate({ groupId }) {
+        await this.storeEngine.delete(STORES.LAST_KEY_MATERIAL_UPDATE_DATES, `${groupId}`);
+        return true;
+    }
+    /**
+     * ## MLS only ##
+     * Get all stored entries for last key materials update dates.
+     *
+     */
+    async getStoredLastKeyMaterialUpdateDates() {
+        return this.storeEngine.readAll(STORES.LAST_KEY_MATERIAL_UPDATE_DATES);
+    }
 }
 exports.NotificationDatabaseRepository = NotificationDatabaseRepository;
 //# sourceMappingURL=NotificationDatabaseRepository.js.map

package/src/main/notification/NotificationService.d.ts

@@ -9,10 +9,10 @@ import { NotificationError } from '../CoreError';
 import type { CryptographyService } from '../cryptography';
 import { GenericMessage } from '@wireapp/protocol-messaging';
 import { AbortHandler } from '@wireapp/api-client/src/tcp';
-import type { CoreCrypto } from '@otak/core-crypto/platforms/web/corecrypto';
 import { QualifiedId } from '@wireapp/api-client/src/user';
 import { Conversation } from '@wireapp/api-client/src/conversation';
-import { CommitPendingProposalsParams } from './types';
+import { CommitPendingProposalsParams, LastKeyMaterialUpdateParams } from './types';
+import type { MLSService } from '../mls';
 export declare type HandledEventPayload = {
     event: Events.BackendEvent;
     mappedEvent?: PayloadBundle;
@@ -33,14 +33,14 @@ export interface NotificationService {
     on(event: TOPIC.NOTIFICATION_ERROR, listener: (payload: NotificationError) => void): this;
 }
 export declare class NotificationService extends EventEmitter {
-    private readonly coreCryptoClientProvider;
+    private readonly mlsService;
     private readonly apiClient;
     private readonly backend;
     private readonly cryptographyService;
     private readonly database;
     private readonly logger;
     static readonly TOPIC: typeof TOPIC;
-    constructor(apiClient: APIClient, cryptographyService: CryptographyService, storeEngine: CRUDEngine, coreCryptoClientProvider: () => CoreCrypto | undefined);
+    constructor(apiClient: APIClient, cryptographyService: CryptographyService, mlsService: MLSService, storeEngine: CRUDEngine);
     private getAllNotifications;
     /** Should only be called with a completely new client. */
     initializeNotificationStream(): Promise<string>;
@@ -103,5 +103,29 @@ export declare class NotificationService extends EventEmitter {
      *
      */
     checkExistingPendingProposals(): Promise<void>;
+    /**
+     * ## MLS only ##
+     * Store groupIds with last key material update dates.
+     *
+     * @param {groupId} params.groupId - groupId of the mls conversation
+     * @param {previousUpdateDate} params.previousUpdateDate - date of the previous key material update
+     */
+    storeLastKeyMaterialUpdateDate(params: LastKeyMaterialUpdateParams): Promise<void>;
+    /**
+     * ## MLS only ##
+     * Renew key material for a given groupId
+     *
+     * @param groupId groupId of the conversation
+     */
+    private renewKeyMaterial;
+    private createKeyMaterialUpdateTaskSchedulerId;
+    private scheduleTaskToRenewKeyMaterial;
+    /**
+     * ## MLS only ##
+     * Get all pending proposals from the database and schedule them
+     * Function must only be called once, after application start
+     *
+     */
+    checkForKeyMaterialsUpdate(): Promise<void>;
 }
 export {};

package/src/main/notification/NotificationService.js

@@ -53,6 +53,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.NotificationService = void 0;
+const commons_1 = require("@wireapp/commons");
 const Events = __importStar(require("@wireapp/api-client/src/event"));
 const store_engine_1 = require("@wireapp/store-engine");
 const events_1 = require("events");
@@ -66,14 +67,16 @@ const NotificationDatabaseRepository_1 = require("./NotificationDatabaseReposito
 const protocol_messaging_1 = require("@wireapp/protocol-messaging");
 const bazinga64_1 = require("bazinga64");
 const TaskScheduler_1 = require("../util/TaskScheduler/TaskScheduler");
+const LowPrecisionTaskScheduler_1 = require("../util/LowPrecisionTaskScheduler/LowPrecisionTaskScheduler");
 var TOPIC;
 (function (TOPIC) {
     TOPIC["NOTIFICATION_ERROR"] = "NotificationService.TOPIC.NOTIFICATION_ERROR";
 })(TOPIC || (TOPIC = {}));
+const DEFAULT_KEYING_MATERIAL_UPDATE_THRESHOLD = 1000 * 60 * 60 * 24 * 30; //30 days
 class NotificationService extends events_1.EventEmitter {
-    constructor(apiClient, cryptographyService, storeEngine, coreCryptoClientProvider) {
+    constructor(apiClient, cryptographyService, mlsService, storeEngine) {
         super();
-        this.coreCryptoClientProvider = coreCryptoClientProvider;
+        this.mlsService = mlsService;
         this.logger = (0, logdown_1.default)('@wireapp/core/notification/NotificationService', {
             logger: console,
             markdown: false,
@@ -211,15 +214,11 @@ class NotificationService extends events_1.EventEmitter {
     }
     async handleEvent(event, source, dryRun = false) {
         var _a, _b;
-        const coreCryptoClient = this.coreCryptoClientProvider();
         switch (event.type) {
             case Events.CONVERSATION_EVENT.MLS_WELCOME_MESSAGE:
-                if (!coreCryptoClient) {
-                    throw new Error('Unable to access core crypto client');
-                }
                 const data = bazinga64_1.Decoder.fromBase64(event.data).asBytes;
                 // We extract the groupId from the welcome message and let coreCrypto store this group
-                const newGroupId = await coreCryptoClient.processWelcomeMessage(data);
+                const newGroupId = await this.mlsService.processWelcomeMessage(data);
                 const groupIdStr = bazinga64_1.Encoder.toBase64(newGroupId).asString;
                 // The groupId can then be sent back to the consumer
                 return {
@@ -227,13 +226,10 @@ class NotificationService extends events_1.EventEmitter {
                     mappedEvent: ConversationMapper_1.ConversationMapper.mapConversationEvent(Object.assign(Object.assign({}, event), { data: groupIdStr }), source),
                 };
             case Events.CONVERSATION_EVENT.MLS_MESSAGE_ADD:
-                if (!coreCryptoClient) {
-                    throw new Error('Unable to access core crypto client');
-                }
                 const encryptedData = bazinga64_1.Decoder.fromBase64(event.data).asBytes;
                 const groupId = await this.getUint8ArrayFromConversationGroupId((_a = event.qualified_conversation) !== null && _a !== void 0 ? _a : { id: event.conversation, domain: '' });
                 // Check if the message includes proposals
-                const { proposals, commitDelay, message } = await coreCryptoClient.decryptMessage(groupId, encryptedData);
+                const { proposals, commitDelay, message } = await this.mlsService.decryptMessage(groupId, encryptedData);
                 if (proposals.length > 0) {
                     await this.handlePendingProposals({
                         groupId: groupId.toString(),
@@ -369,12 +365,8 @@ class NotificationService extends events_1.EventEmitter {
      * @param skipDelete if true, do not delete the pending proposals from the database
      */
     async commitPendingProposals({ groupId, skipDelete = false }) {
-        const coreCryptoClient = this.coreCryptoClientProvider();
-        if (!coreCryptoClient) {
-            throw new Error('Could not get coreCryptoClient');
-        }
         try {
-            await coreCryptoClient.commitPendingProposals(bazinga64_1.Decoder.fromBase64(groupId).asBytes);
+            await this.mlsService.commitPendingProposals(bazinga64_1.Decoder.fromBase64(groupId).asBytes);
             if (!skipDelete) {
                 TaskScheduler_1.TaskScheduler.cancelTask(groupId);
                 await this.database.deletePendingProposal({ groupId });
@@ -405,6 +397,71 @@ class NotificationService extends events_1.EventEmitter {
             this.logger.error('Could not get pending proposals', error);
         }
     }
+    /**
+     * ## MLS only ##
+     * Store groupIds with last key material update dates.
+     *
+     * @param {groupId} params.groupId - groupId of the mls conversation
+     * @param {previousUpdateDate} params.previousUpdateDate - date of the previous key material update
+     */
+    async storeLastKeyMaterialUpdateDate(params) {
+        await this.database.storeLastKeyMaterialUpdateDate(params);
+        await this.scheduleTaskToRenewKeyMaterial(params);
+    }
+    /**
+     * ## MLS only ##
+     * Renew key material for a given groupId
+     *
+     * @param groupId groupId of the conversation
+     */
+    async renewKeyMaterial({ groupId }) {
+        try {
+            const groupConversationExists = await this.mlsService.conversationExists(bazinga64_1.Decoder.fromBase64(groupId).asBytes);
+            if (!groupConversationExists) {
+                await this.database.deleteLastKeyMaterialUpdateDate({ groupId });
+                return;
+            }
+            const groupIdDecodedFromBase64 = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
+            await this.mlsService.updateKeyingMaterial(groupIdDecodedFromBase64);
+            const keyRenewalTime = new Date().getTime();
+            const keyMaterialUpdateDate = { groupId, previousUpdateDate: keyRenewalTime };
+            await this.storeLastKeyMaterialUpdateDate(keyMaterialUpdateDate);
+        }
+        catch (error) {
+            this.logger.error(`Error while renewing key material for groupId ${groupId}`, error);
+        }
+    }
+    createKeyMaterialUpdateTaskSchedulerId(groupId) {
+        return `renew-key-material-update-${groupId}`;
+    }
+    async scheduleTaskToRenewKeyMaterial({ groupId, previousUpdateDate }) {
+        var _a;
+        //given period of time (30 days by default) after last update date renew key material
+        const keyingMaterialUpdateThreshold = ((_a = this.mlsService.config) === null || _a === void 0 ? void 0 : _a.keyingMaterialUpdateThreshold) || DEFAULT_KEYING_MATERIAL_UPDATE_THRESHOLD;
+        const firingDate = previousUpdateDate + keyingMaterialUpdateThreshold;
+        const key = this.createKeyMaterialUpdateTaskSchedulerId(groupId);
+        LowPrecisionTaskScheduler_1.LowPrecisionTaskScheduler.addTask({
+            task: () => this.renewKeyMaterial({ groupId }),
+            intervalDelay: commons_1.TimeUtil.TimeInMillis.MINUTE,
+            firingDate,
+            key,
+        });
+    }
+    /**
+     * ## MLS only ##
+     * Get all pending proposals from the database and schedule them
+     * Function must only be called once, after application start
+     *
+     */
+    async checkForKeyMaterialsUpdate() {
+        try {
+            const keyMaterialUpdateDates = await this.database.getStoredLastKeyMaterialUpdateDates();
+            keyMaterialUpdateDates.forEach(date => this.scheduleTaskToRenewKeyMaterial(date));
+        }
+        catch (error) {
+            this.logger.error('Could not get last key material update dates', error);
+        }
+    }
 }
 exports.NotificationService = NotificationService;
 NotificationService.TOPIC = TOPIC;

package/src/main/notification/types.d.ts

@@ -15,3 +15,6 @@ export declare type CommitPendingProposalsParams = {
 export declare type StorePendingProposalsParams = {
     firingDate: number;
 } & CommonMLS;
+export declare type LastKeyMaterialUpdateParams = {
+    previousUpdateDate: number;
+} & CommonMLS;

package/src/main/util/LowPrecisionTaskScheduler/LowPrecisionTaskScheduler.d.ts

@@ -0,0 +1,21 @@
+interface IntervalTask {
+    key: string;
+    firingDate: number;
+    task: () => Promise<any>;
+}
+interface ScheduleLowPrecisionTaskParams extends IntervalTask {
+    intervalDelay: number;
+}
+interface CancelLowPrecisionTaskParams {
+    key: string;
+    intervalDelay: number;
+}
+interface CancelLowPrecisionTaskParams {
+    key: string;
+    intervalDelay: number;
+}
+export declare const LowPrecisionTaskScheduler: {
+    addTask: ({ key, firingDate, task, intervalDelay }: ScheduleLowPrecisionTaskParams) => void;
+    cancelTask: ({ intervalDelay, key }: CancelLowPrecisionTaskParams) => void;
+};
+export {};

package/src/main/util/LowPrecisionTaskScheduler/LowPrecisionTaskScheduler.js

@@ -0,0 +1,62 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2022 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LowPrecisionTaskScheduler = void 0;
+const intervals = {};
+const addTask = ({ key, firingDate, task, intervalDelay }) => {
+    var _a, _b;
+    const existingIntervalId = (_a = intervals[intervalDelay]) === null || _a === void 0 ? void 0 : _a.timeoutId;
+    if (existingIntervalId) {
+        clearInterval(existingIntervalId);
+    }
+    const tasks = ((_b = intervals[intervalDelay]) === null || _b === void 0 ? void 0 : _b.tasks) || [];
+    tasks.push({ key, firingDate, task });
+    const timeoutId = setInterval(async () => {
+        var _a;
+        const nowTime = new Date().getTime();
+        const tasks = (_a = intervals[intervalDelay]) === null || _a === void 0 ? void 0 : _a.tasks;
+        if ((tasks === null || tasks === void 0 ? void 0 : tasks.length) !== 0) {
+            const tasksToExecute = await tasks.reduce(async (accPromise, { firingDate, task }) => {
+                const acc = await accPromise;
+                if (nowTime >= firingDate) {
+                    const taskPromise = task();
+                    acc.push(taskPromise);
+                    cancelTask({ intervalDelay, key });
+                }
+                return acc;
+            }, Promise.resolve([]));
+            await Promise.all(tasksToExecute);
+        }
+    }, intervalDelay);
+    intervals[intervalDelay] = { timeoutId, tasks };
+};
+const cancelTask = ({ intervalDelay, key }) => {
+    if (intervals[intervalDelay]) {
+        const tasks = intervals[intervalDelay].tasks || [];
+        const newTasks = tasks.filter(task => task.key !== key);
+        intervals[intervalDelay].tasks = newTasks;
+        if (newTasks.length === 0) {
+            clearInterval(intervals[intervalDelay].timeoutId);
+            delete intervals[intervalDelay];
+        }
+    }
+};
+exports.LowPrecisionTaskScheduler = { addTask, cancelTask };
+//# sourceMappingURL=LowPrecisionTaskScheduler.js.map