@wireapp/core 42.11.0 → 42.12.1

package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.js

@@ -0,0 +1,263 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2023 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.E2EIServiceInternal = void 0;
+const bazinga64_1 = require("bazinga64");
+const logdown_1 = __importDefault(require("logdown"));
+const AcmeServer_1 = require("./Connection/AcmeServer");
+const E2EIService_types_1 = require("./E2EIService.types");
+const Helper_1 = require("./Helper");
+const Account_1 = require("./Steps/Account");
+const Authorization_1 = require("./Steps/Authorization");
+const Certificate_1 = require("./Steps/Certificate");
+const DpopChallenge_1 = require("./Steps/DpopChallenge");
+const OidcChallenge_1 = require("./Steps/OidcChallenge");
+const Order_1 = require("./Steps/Order");
+const E2EIStorage_1 = require("./Storage/E2EIStorage");
+class E2EIServiceInternal {
+    constructor(coreCryptClient, apiClient, e2eiServiceExternal, keyPackagesAmount = 100) {
+        this.logger = (0, logdown_1.default)('@wireapp/core/E2EIdentityServiceInternal');
+        this.isInitialized = false;
+        this.coreCryptoClient = coreCryptClient;
+        this.apiClient = apiClient;
+        this.e2eServiceExternal = e2eiServiceExternal;
+        this.keyPackagesAmount = keyPackagesAmount;
+        this.logger.log('Instance of E2EIServiceInternal created');
+    }
+    // ############ Public Functions ############
+    static async getInstance(params) {
+        if (!E2EIServiceInternal.instance) {
+            if (!params) {
+                throw new Error('E2EIServiceInternal is not initialized. Please call getInstance with params.');
+            }
+            const { skipInit = false, coreCryptClient, apiClient, e2eiServiceExternal, keyPackagesAmount } = params;
+            E2EIServiceInternal.instance = new E2EIServiceInternal(coreCryptClient, apiClient, e2eiServiceExternal, keyPackagesAmount);
+            if (!skipInit) {
+                const { discoveryUrl, user, clientId } = params;
+                if (!discoveryUrl || !user || !clientId) {
+                    throw new Error('discoveryUrl, user and clientId are required to initialize E2EIServiceInternal');
+                }
+                E2EIStorage_1.E2EIStorage.store.initialData({ discoveryUrl, user, clientId });
+                await E2EIServiceInternal.instance.init({ clientId, discoveryUrl, user });
+            }
+        }
+        return E2EIServiceInternal.instance;
+    }
+    async startCertificateProcess() {
+        // Step 0: Check if we have a handle in local storage
+        // If we don't have a handle, we need to start a new OAuth flow
+        try {
+            return this.startNewOAuthFlow();
+        }
+        catch (error) {
+            return this.exitWithError('Error while trying to start OAuth flow with error:', error);
+        }
+    }
+    async continueCertificateProcess(oAuthIdToken) {
+        // If we don't have a handle, we need to start a new OAuth flow
+        if (this.e2eServiceExternal.isEnrollmentInProgress()) {
+            try {
+                return this.continueOAuthFlow(oAuthIdToken);
+            }
+            catch (error) {
+                return this.exitWithError('Error while trying to continue OAuth flow with error:', error);
+            }
+        }
+        this.logger.error('Error while trying to continue OAuth flow. No handle found in local storage');
+        return undefined;
+    }
+    // ############ Internal Functions ############
+    exitWithError(message, error) {
+        this.logger.error(message, error);
+        return undefined;
+    }
+    async init(params) {
+        try {
+            const { user, clientId, discoveryUrl } = params;
+            if (!user || !clientId) {
+                this.logger.error('user and clientId are required to initialize E2eIdentityService');
+                throw new Error();
+            }
+            this.acmeService = new AcmeServer_1.AcmeService(discoveryUrl);
+            this.identity = await this.coreCryptoClient.e2eiNewActivationEnrollment((0, Helper_1.getE2EIClientId)(clientId, user.id, user.domain).asString, user.displayName, user.handle, 2, E2EIService_types_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519);
+            this.isInitialized = true;
+        }
+        catch (error) {
+            this.logger.error('Error while trying to initialize E2eIdentityService', error);
+            throw error;
+        }
+    }
+    async getDirectory(identity, connection) {
+        try {
+            const directory = await connection.getDirectory();
+            if (directory) {
+                const parsedDirectory = identity.directoryResponse(directory);
+                return parsedDirectory;
+            }
+        }
+        catch (error) {
+            this.logger.error('Error while trying to receive a directory', error);
+            throw error;
+        }
+        return undefined;
+    }
+    async getInitialNonce(directory, connection) {
+        try {
+            const nonce = await connection.getInitialNonce(directory.newNonce);
+            if (nonce) {
+                return nonce;
+            }
+            throw new Error('No initial-nonce received');
+        }
+        catch (error) {
+            this.logger.error('Error while trying to receive a nonce', error);
+            throw error;
+        }
+    }
+    async startNewOAuthFlow() {
+        if (this.e2eServiceExternal.isEnrollmentInProgress()) {
+            return this.exitWithError('Error while trying to start OAuth flow. There is already a flow in progress');
+        }
+        if (!this.isInitialized || !this.identity || !this.acmeService) {
+            return this.exitWithError('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
+        }
+        // Get the directory
+        const directory = await this.getDirectory(this.identity, this.acmeService);
+        if (!directory) {
+            return this.exitWithError('Error while trying to start OAuth flow. No directory received');
+        }
+        // Step 1: Get a new nonce from ACME server
+        const nonce = await this.getInitialNonce(directory, this.acmeService);
+        if (!nonce) {
+            return this.exitWithError('Error while trying to start OAuth flow. No nonce received');
+        }
+        // Step 2: Create a new account
+        const newAccountNonce = await (0, Account_1.createNewAccount)({
+            connection: this.acmeService,
+            directory,
+            identity: this.identity,
+            nonce,
+        });
+        // Step 3: Create a new order
+        const orderData = await (0, Order_1.createNewOrder)({
+            directory,
+            connection: this.acmeService,
+            identity: this.identity,
+            nonce: newAccountNonce,
+        });
+        // Step 4: Get authorization challenges
+        const authData = await (0, Authorization_1.getAuthorization)({
+            connection: this.acmeService,
+            identity: this.identity,
+            authzUrl: orderData.authzUrl,
+            nonce: orderData.nonce,
+        });
+        // Manual copy of the data because of a problem with copying the wasm object
+        // Step 6: Start E2E OAuth flow
+        const { authorization: { wireOidcChallenge }, } = authData;
+        if (wireOidcChallenge) {
+            // stash the identity for later use
+            const handle = await this.coreCryptoClient.e2eiEnrollmentStash(this.identity);
+            // stash the handle in local storage
+            E2EIStorage_1.E2EIStorage.store.handle(bazinga64_1.Encoder.toBase64(handle).asString);
+            E2EIStorage_1.E2EIStorage.store.authData(authData);
+            E2EIStorage_1.E2EIStorage.store.orderData({ orderUrl: orderData.orderUrl });
+            // we need to pass back the aquired wireOidcChallenge to the UI
+            return wireOidcChallenge;
+        }
+        return undefined;
+    }
+    async continueOAuthFlow(oAuthIdToken) {
+        // If we have a handle, the user has already started the process to authenticate with the OIDC provider. We can continue the flow.
+        try {
+            if (!this.acmeService) {
+                return this.exitWithError('Error while trying to continue OAuth flow. AcmeService is not initialized');
+            }
+            const handle = E2EIStorage_1.E2EIStorage.get.handle();
+            const authData = E2EIStorage_1.E2EIStorage.get.authData();
+            if (!authData.authorization.wireOidcChallenge) {
+                return this.exitWithError('Error while trying to continue OAuth flow. No wireOidcChallenge received');
+            }
+            this.identity = await this.coreCryptoClient.e2eiEnrollmentStashPop(bazinga64_1.Decoder.fromBase64(handle).asBytes);
+            this.logger.log('retrieved identity from stash');
+            // Step 7: Do OIDC client challenge
+            const oidcData = await (0, OidcChallenge_1.doWireOidcChallenge)({
+                oAuthIdToken,
+                authData,
+                connection: this.acmeService,
+                identity: this.identity,
+                nonce: authData.nonce,
+            });
+            this.logger.log('received oidcData', oidcData);
+            if (!oidcData.data.validated) {
+                return this.exitWithError('Error while trying to continue OAuth flow. OIDC challenge not validated');
+            }
+            const { user: wireUser, clientId } = E2EIStorage_1.E2EIStorage.get.initialData();
+            //Step 8: Do DPOP Challenge
+            const dpopData = await (0, DpopChallenge_1.doWireDpopChallenge)({
+                authData,
+                clientId,
+                connection: this.acmeService,
+                identity: this.identity,
+                userDomain: wireUser.domain,
+                apiClient: this.apiClient,
+                expirySecs: 30,
+                nonce: oidcData.nonce,
+            });
+            this.logger.log('acme dpopData', JSON.stringify(dpopData));
+            if (!(0, Helper_1.isResponseStatusValid)(dpopData.data.status)) {
+                return this.exitWithError('Error while trying to continue OAuth flow. DPOP challenge not validated');
+            }
+            //Step 9: Finalize Order
+            const orderData = E2EIStorage_1.E2EIStorage.get.orderData();
+            const finalizeOrderData = await (0, Order_1.finalizeOrder)({
+                connection: this.acmeService,
+                identity: this.identity,
+                nonce: dpopData.nonce,
+                orderUrl: orderData.orderUrl,
+            });
+            if (!finalizeOrderData.certificateUrl) {
+                return this.exitWithError('Error while trying to continue OAuth flow. No certificateUrl received');
+            }
+            // Step 9: Get certificate
+            const { certificate } = await (0, Certificate_1.getCertificate)({
+                certificateUrl: finalizeOrderData.certificateUrl,
+                nonce: finalizeOrderData.nonce,
+                connection: this.acmeService,
+                identity: this.identity,
+            });
+            if (!certificate) {
+                return this.exitWithError('Error while trying to continue OAuth flow. No certificate received');
+            }
+            E2EIStorage_1.E2EIStorage.store.certificate(certificate);
+            // Step 10: Initialize MLS with the certificate
+            // TODO: This is not working yet (since we initialize mls beforehand) and will be replaced by a new core-crypto function later on
+            return await this.coreCryptoClient.e2eiRotateAll(this.identity, certificate, this.keyPackagesAmount);
+        }
+        catch (error) {
+            this.logger.error('Error while trying to continue OAuth flow', error);
+            throw error;
+        }
+    }
+}
+exports.E2EIServiceInternal = E2EIServiceInternal;

package/lib/messagingProtocols/mls/E2EIdentityService/Helper/index.d.ts

@@ -0,0 +1,12 @@
+import { EncodedData } from 'bazinga64';
+export declare const jsonToByteArray: (data: any) => Uint8Array;
+export declare const uuidTobase64url: (uuid: string) => EncodedData;
+type E2EIClientId = `${string}:${string}@${string}`;
+type GetE2EIClientIdReturnType = {
+    asString: E2EIClientId;
+    asBytes: Uint8Array;
+};
+export declare const getE2EIClientId: (clientId: string, userId: string, userDomain: string) => GetE2EIClientIdReturnType;
+export declare const isResponseStatusValid: (status: string | undefined) => boolean | "" | undefined;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/lib/messagingProtocols/mls/E2EIdentityService/Helper/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Helper/index.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAY,WAAW,EAAU,MAAM,WAAW,CAAC;AAE1D,eAAO,MAAM,eAAe,SAAU,GAAG,KAAG,UAG3C,CAAC;AAEF,eAAO,MAAM,eAAe,SAAU,MAAM,KAAG,WAO9C,CAAC;AAEF,KAAK,YAAY,GAAG,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;AACpD,KAAK,yBAAyB,GAAG;IAC/B,QAAQ,EAAE,YAAY,CAAC;IACvB,OAAO,EAAE,UAAU,CAAC;CACrB,CAAC;AACF,eAAO,MAAM,eAAe,aAAc,MAAM,UAAU,MAAM,cAAc,MAAM,KAAG,yBAOtF,CAAC;AAEF,eAAO,MAAM,qBAAqB,WAAY,MAAM,GAAG,SAAS,6BAAiC,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Helper/index.js

@@ -0,0 +1,46 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2023 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isResponseStatusValid = exports.getE2EIClientId = exports.uuidTobase64url = exports.jsonToByteArray = void 0;
+const bazinga64_1 = require("bazinga64");
+const jsonToByteArray = (data) => {
+    const encoder = new TextEncoder();
+    return encoder.encode(JSON.stringify(data, null, 0));
+};
+exports.jsonToByteArray = jsonToByteArray;
+const uuidTobase64url = (uuid) => {
+    const noDashes = uuid.replace(/-/g, '');
+    if (noDashes.length !== 32) {
+        throw new Error('Invalid UUID');
+    }
+    return bazinga64_1.Encoder.toBase64Url(bazinga64_1.Converter.hexStringToArrayBufferView(noDashes));
+};
+exports.uuidTobase64url = uuidTobase64url;
+const getE2EIClientId = (clientId, userId, userDomain) => {
+    const asString = `${(0, exports.uuidTobase64url)(userId).asString}:${clientId}@${userDomain}`;
+    const asBytes = new TextEncoder().encode(asString);
+    return {
+        asString,
+        asBytes,
+    };
+};
+exports.getE2EIClientId = getE2EIClientId;
+const isResponseStatusValid = (status) => status && status === 'valid';
+exports.isResponseStatusValid = isResponseStatusValid;

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Account.d.ts

@@ -0,0 +1,12 @@
+import { AcmeService } from '../Connection/AcmeServer';
+import { AcmeDirectory, E2eiEnrollment, Nonce } from '../E2EIService.types';
+type CreateNewAccountParams = {
+    nonce: Nonce;
+    identity: E2eiEnrollment;
+    connection: AcmeService;
+    directory: AcmeDirectory;
+};
+type CreateNewAccountReturnValue = Promise<Nonce>;
+export declare const createNewAccount: ({ nonce, connection, directory, identity, }: CreateNewAccountParams) => CreateNewAccountReturnValue;
+export {};
+//# sourceMappingURL=Account.d.ts.map

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Account.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Account.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Account.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAC,aAAa,EAAE,cAAc,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAG1E,KAAK,sBAAsB,GAAG;IAC5B,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,SAAS,EAAE,aAAa,CAAC;CAC1B,CAAC;AACF,KAAK,2BAA2B,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;AAElD,eAAO,MAAM,gBAAgB,gDAK1B,sBAAsB,gCAUxB,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Account.js

@@ -0,0 +1,32 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2023 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createNewAccount = void 0;
+const Helper_1 = require("../Helper");
+const createNewAccount = async ({ nonce, connection, directory, identity, }) => {
+    const reqBody = identity.newAccountRequest(nonce);
+    const response = await connection.createNewAccount(directory.newAccount, reqBody);
+    if ((response === null || response === void 0 ? void 0 : response.data) && !!response.data.status.length && !!response.nonce.length) {
+        identity.newAccountResponse((0, Helper_1.jsonToByteArray)(response.data));
+        return response.nonce;
+    }
+    throw new Error('No account-data received');
+};
+exports.createNewAccount = createNewAccount;

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.d.ts

@@ -0,0 +1,15 @@
+import { AcmeService } from '../Connection';
+import { E2eiEnrollment, NewAcmeAuthz, Nonce } from '../E2EIService.types';
+interface GetAuthorizationParams {
+    nonce: Nonce;
+    authzUrl: string;
+    identity: E2eiEnrollment;
+    connection: AcmeService;
+}
+export type GetAuthorizationReturnValue = {
+    authorization: NewAcmeAuthz;
+    nonce: Nonce;
+};
+export declare const getAuthorization: ({ authzUrl, nonce, identity, connection, }: GetAuthorizationParams) => Promise<GetAuthorizationReturnValue>;
+export {};
+//# sourceMappingURL=Authorization.d.ts.map

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Authorization.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGzE,UAAU,sBAAsB;IAC9B,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,2BAA2B,GAAG;IAAC,aAAa,EAAE,YAAY,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAC,CAAC;AAEtF,eAAO,MAAM,gBAAgB,+CAK1B,sBAAsB,KAAG,QAAQ,2BAA2B,CA2B9D,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.js

@@ -0,0 +1,49 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2023 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAuthorization = void 0;
+const Helper_1 = require("../Helper");
+const getAuthorization = async ({ authzUrl, nonce, identity, connection, }) => {
+    const reqBody = identity.newAuthzRequest(authzUrl, nonce);
+    const response = await connection.getAuthorization(authzUrl, reqBody);
+    if ((response === null || response === void 0 ? void 0 : response.data) && !!response.data.status.length && !!response.nonce.length) {
+        const wasmData = identity.newAuthzResponse((0, Helper_1.jsonToByteArray)(response.data));
+        // manual copy of the wasm data because of a problem while cloning it
+        const authorization = {
+            identifier: wasmData.identifier,
+            wireDpopChallenge: {
+                delegate: wasmData.wireDpopChallenge.delegate,
+                target: wasmData.wireDpopChallenge.target,
+                url: wasmData.wireDpopChallenge.url,
+            },
+            wireOidcChallenge: {
+                delegate: wasmData.wireOidcChallenge.delegate,
+                target: wasmData.wireOidcChallenge.target,
+                url: wasmData.wireOidcChallenge.url,
+            },
+        };
+        return {
+            authorization,
+            nonce: response.nonce,
+        };
+    }
+    throw new Error('No authorization-data received');
+};
+exports.getAuthorization = getAuthorization;

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Certificate.d.ts

@@ -0,0 +1,14 @@
+import { AcmeService } from '../Connection';
+import { E2eiEnrollment, Nonce } from '../E2EIService.types';
+interface GetCertificateParams {
+    identity: E2eiEnrollment;
+    connection: AcmeService;
+    nonce: Nonce;
+    certificateUrl: string;
+}
+export declare const getCertificate: ({ certificateUrl, connection, identity, nonce }: GetCertificateParams) => Promise<{
+    certificate: string;
+    nonce: string;
+}>;
+export {};
+//# sourceMappingURL=Certificate.d.ts.map

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Certificate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Certificate.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Certificate.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,cAAc,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAE3D,UAAU,oBAAoB;IAC5B,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;CACxB;AACD,eAAO,MAAM,cAAc,oDAAyD,oBAAoB;;;EAavG,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Certificate.js

@@ -0,0 +1,33 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2023 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCertificate = void 0;
+const getCertificate = async ({ certificateUrl, connection, identity, nonce }) => {
+    const reqBody = identity.certificateRequest(nonce);
+    const certificateResponse = await connection.getCertificate(certificateUrl, reqBody);
+    if (certificateResponse === null || certificateResponse === void 0 ? void 0 : certificateResponse.data) {
+        return {
+            certificate: certificateResponse.data,
+            nonce: certificateResponse.nonce,
+        };
+    }
+    throw new Error('No certificate received');
+};
+exports.getCertificate = getCertificate;

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts

@@ -0,0 +1,12 @@
+import { DoWireDpopChallengeParams } from './DpopChallenge.types';
+export declare const doWireDpopChallenge: ({ apiClient, clientId, authData, identity, nonce, connection, expirySecs, userDomain, }: DoWireDpopChallengeParams) => Promise<{
+    data: {
+        type: string;
+        url: string;
+        status: string;
+        token: string;
+    };
+    nonce: string;
+    location?: string | undefined;
+}>;
+//# sourceMappingURL=DpopChallenge.d.ts.map

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DpopChallenge.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,yBAAyB,EAAmD,MAAM,uBAAuB,CAAC;AA6BlH,eAAO,MAAM,mBAAmB,4FAS7B,yBAAyB;;;;;;;;;EA4B3B,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.js

@@ -0,0 +1,63 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2023 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.doWireDpopChallenge = void 0;
+const getClientNonce = async ({ apiClient, clientId }) => {
+    try {
+        const nonce = await apiClient.api.client.getNonce(clientId);
+        if (nonce) {
+            return nonce;
+        }
+        throw new Error('No client-nonce received');
+    }
+    catch (e) {
+        throw new Error(`Error while trying to receive a nonce with cause: ${e}`);
+    }
+};
+const getClientAccessToken = async ({ apiClient, clientNonce, identity, clientId, expirySecs, }) => {
+    const dpopToken = identity.createDpopToken(expirySecs, clientNonce);
+    // Remove this when the server is ready to accept the token
+    await new Promise(resolve => setTimeout(resolve, 2000));
+    return await apiClient.api.client.getAccessToken(clientId, dpopToken);
+};
+const doWireDpopChallenge = async ({ apiClient, clientId, authData, identity, nonce, connection, expirySecs, userDomain, }) => {
+    const { wireDpopChallenge } = authData.authorization;
+    if (!wireDpopChallenge) {
+        throw new Error('No wireDpopChallenge defined');
+    }
+    const clientNonce = await getClientNonce({ clientId, apiClient });
+    // We need to wait for the server to be ready to accept the token, there are some issues with the timing
+    await new Promise(resolve => setTimeout(resolve, 1000));
+    const clientAccessTokenData = await getClientAccessToken({
+        apiClient,
+        clientId,
+        clientNonce,
+        identity,
+        expirySecs,
+        userDomain,
+    });
+    const reqBody = identity.newDpopChallengeRequest(clientAccessTokenData.token, nonce);
+    const dpopChallengeResponse = await connection.validateDpopChallenge(wireDpopChallenge.url, reqBody);
+    if (!dpopChallengeResponse) {
+        throw new Error('No response received while validating DPOP challenge');
+    }
+    return dpopChallengeResponse;
+};
+exports.doWireDpopChallenge = doWireDpopChallenge;

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.d.ts

@@ -0,0 +1,20 @@
+import { APIClient } from '@wireapp/api-client';
+import { ClientId } from '../../../types';
+import { AcmeService } from '../../Connection/AcmeServer';
+import { E2eiEnrollment, Nonce, User } from '../../E2EIService.types';
+import { GetAuthorizationReturnValue } from '../Authorization';
+export interface DoWireDpopChallengeParams {
+    apiClient: APIClient;
+    clientId: ClientId;
+    userDomain: User['domain'];
+    authData: GetAuthorizationReturnValue;
+    identity: E2eiEnrollment;
+    connection: AcmeService;
+    nonce: Nonce;
+    expirySecs: number;
+}
+export type GetClientNonceParams = Pick<DoWireDpopChallengeParams, 'clientId' | 'apiClient'>;
+export type GetClientAccessTokenParams = Pick<DoWireDpopChallengeParams, 'clientId' | 'apiClient' | 'identity' | 'expirySecs' | 'userDomain'> & {
+    clientNonce: Nonce;
+};
+//# sourceMappingURL=DpopChallenge.types.d.ts.map

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DpopChallenge.types.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAE9C,OAAO,EAAC,QAAQ,EAAC,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAC,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAC,cAAc,EAAE,KAAK,EAAE,IAAI,EAAC,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAC,2BAA2B,EAAC,MAAM,kBAAkB,CAAC;AAE7D,MAAM,WAAW,yBAAyB;IACxC,SAAS,EAAE,SAAS,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3B,QAAQ,EAAE,2BAA2B,CAAC;IACtC,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,oBAAoB,GAAG,IAAI,CAAC,yBAAyB,EAAE,UAAU,GAAG,WAAW,CAAC,CAAC;AAE7F,MAAM,MAAM,0BAA0B,GAAG,IAAI,CAC3C,yBAAyB,EACzB,UAAU,GAAG,WAAW,GAAG,UAAU,GAAG,YAAY,GAAG,YAAY,CACpE,GAAG;IACF,WAAW,EAAE,KAAK,CAAC;CACpB,CAAC"}

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.js

@@ -0,0 +1,20 @@
+"use strict";
+/*
+ * Wire
+ * Copyright (C) 2023 Wire Swiss GmbH
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ *
+ */
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/index.d.ts

@@ -0,0 +1,2 @@
+export * from './DpopChallenge';
+//# sourceMappingURL=index.d.ts.map

package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/index.ts"],"names":[],"mappings":"AAmBA,cAAc,iBAAiB,CAAC"}