@wireapp/core 43.14.0 → 43.14.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts +3 -3
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.js +30 -46
- package/lib/messagingProtocols/mls/MLSService/MLSService.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/MLSService/MLSService.js +52 -58
- package/package.json +2 -2
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { AcmeService } from './Connection/AcmeServer';
|
|
1
2
|
import { InitParams, RotateBundle } from './E2EIService.types';
|
|
2
3
|
export declare class E2EIServiceInternal {
|
|
3
4
|
private readonly coreCryptoClient;
|
|
@@ -9,11 +10,10 @@ export declare class E2EIServiceInternal {
|
|
|
9
10
|
private readonly dispatchNewCrlDistributionPoints;
|
|
10
11
|
private static instance;
|
|
11
12
|
private readonly logger;
|
|
12
|
-
private
|
|
13
|
-
private acmeService?;
|
|
14
|
-
private isInitialized;
|
|
13
|
+
private _acmeService?;
|
|
15
14
|
private constructor();
|
|
16
15
|
static getInstance(params?: InitParams): Promise<E2EIServiceInternal>;
|
|
16
|
+
get acmeService(): AcmeService;
|
|
17
17
|
startCertificateProcess(hasActiveCertificate: boolean): Promise<{
|
|
18
18
|
challenge: {
|
|
19
19
|
url: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"E2EIServiceInternal.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"E2EIServiceInternal.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts"],"names":[],"mappings":"AAwBA,OAAO,EAAC,WAAW,EAAC,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAyD,UAAU,EAAE,YAAY,EAAC,MAAM,qBAAqB,CAAC;AAcrH,qBAAa,mBAAmB;IAM5B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,wDAAwD;IACxD,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,gCAAgC;IAXnD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAsB;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuD;IAC9E,OAAO,CAAC,YAAY,CAAC,CAAc;IAEnC,OAAO;WAYa,WAAW,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAkClF,IAAI,WAAW,IAAI,WAAW,CAK7B;IAEY,uBAAuB,CAAC,oBAAoB,EAAE,OAAO;;;;;;;;IAOrD,0BAA0B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;YAUlF,YAAY;YAuBZ,IAAI;YASJ,YAAY;YAUZ,eAAe;IAQ7B;;;;;OAKG;YACW,uBAAuB;IA6CrC;;;;;;;OAOG;YACW,sCAAsC;IAiEpD;;;OAGG;YACW,iBAAiB;IAoB/B;;;;;;OAMG;YACW,iBAAiB;IAU/B;;;;;OAKG;IACU,0BAA0B,CAAC,YAAY,EAAE,MAAM,EAAE,oBAAoB,EAAE,OAAO;CAQ5F"}
|
|
@@ -45,7 +45,6 @@ class E2EIServiceInternal {
|
|
|
45
45
|
this.keyPackagesAmount = keyPackagesAmount;
|
|
46
46
|
this.dispatchNewCrlDistributionPoints = dispatchNewCrlDistributionPoints;
|
|
47
47
|
this.logger = (0, logdown_1.default)('@wireapp/core/E2EIdentityServiceInternal');
|
|
48
|
-
this.isInitialized = false;
|
|
49
48
|
}
|
|
50
49
|
// ############ Public Functions ############
|
|
51
50
|
static async getInstance(params) {
|
|
@@ -66,11 +65,17 @@ class E2EIServiceInternal {
|
|
|
66
65
|
}
|
|
67
66
|
return E2EIServiceInternal.instance;
|
|
68
67
|
}
|
|
68
|
+
get acmeService() {
|
|
69
|
+
if (!this._acmeService) {
|
|
70
|
+
throw new Error('Error while trying to get AcmeService. E2EIServiceInternal has not been initialized');
|
|
71
|
+
}
|
|
72
|
+
return this._acmeService;
|
|
73
|
+
}
|
|
69
74
|
async startCertificateProcess(hasActiveCertificate) {
|
|
70
75
|
// Step 0: Check if we have a handle in local storage
|
|
71
76
|
// If we don't have a handle, we need to start a new OAuth flow
|
|
72
|
-
await this.initIdentity(hasActiveCertificate);
|
|
73
|
-
return this.startNewOAuthFlow();
|
|
77
|
+
const identity = await this.initIdentity(hasActiveCertificate);
|
|
78
|
+
return this.startNewOAuthFlow(identity);
|
|
74
79
|
}
|
|
75
80
|
async continueCertificateProcess(oAuthIdToken) {
|
|
76
81
|
// If we don't have a handle, we need to start a new OAuth flow
|
|
@@ -84,12 +89,9 @@ class E2EIServiceInternal {
|
|
|
84
89
|
const { user } = E2EIStorage_1.E2EIStorage.get.initialData();
|
|
85
90
|
// How long the issued certificate should be maximal valid
|
|
86
91
|
const ciphersuite = E2EIService_types_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519;
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
else {
|
|
91
|
-
this.identity = await this.coreCryptoClient.e2eiNewActivationEnrollment(user.displayName, user.handle, this.certificateTtl, ciphersuite, user.teamId);
|
|
92
|
-
}
|
|
92
|
+
return hasActiveCertificate
|
|
93
|
+
? this.coreCryptoClient.e2eiNewRotateEnrollment(this.certificateTtl, ciphersuite, user.displayName, user.handle, user.teamId)
|
|
94
|
+
: this.coreCryptoClient.e2eiNewActivationEnrollment(user.displayName, user.handle, this.certificateTtl, ciphersuite, user.teamId);
|
|
93
95
|
}
|
|
94
96
|
async init(params) {
|
|
95
97
|
const { user, clientId, discoveryUrl } = params;
|
|
@@ -97,8 +99,7 @@ class E2EIServiceInternal {
|
|
|
97
99
|
this.logger.error('user and clientId are required to initialize E2eIdentityService');
|
|
98
100
|
throw new Error();
|
|
99
101
|
}
|
|
100
|
-
this.
|
|
101
|
-
this.isInitialized = true;
|
|
102
|
+
this._acmeService = new AcmeServer_1.AcmeService(discoveryUrl);
|
|
102
103
|
}
|
|
103
104
|
async getDirectory(identity, connection) {
|
|
104
105
|
const directory = await connection.getDirectory();
|
|
@@ -121,21 +122,18 @@ class E2EIServiceInternal {
|
|
|
121
122
|
*
|
|
122
123
|
* @returns authData
|
|
123
124
|
*/
|
|
124
|
-
async getEnrollmentChallenges() {
|
|
125
|
-
if (!this.isInitialized || !this.identity || !this.acmeService) {
|
|
126
|
-
throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
|
|
127
|
-
}
|
|
125
|
+
async getEnrollmentChallenges(identity) {
|
|
128
126
|
// Get the directory
|
|
129
|
-
const
|
|
127
|
+
const { acmeService: acmeService } = this;
|
|
128
|
+
const directory = await this.getDirectory(identity, acmeService);
|
|
130
129
|
if (!directory) {
|
|
131
130
|
throw new Error('Error while trying to start OAuth flow. No directory received');
|
|
132
131
|
}
|
|
133
132
|
// Step 1: Get a new nonce from ACME server
|
|
134
|
-
const nonce = await this.getInitialNonce(directory,
|
|
133
|
+
const nonce = await this.getInitialNonce(directory, acmeService);
|
|
135
134
|
if (!nonce) {
|
|
136
135
|
throw new Error('Error while trying to start OAuth flow. No nonce received');
|
|
137
136
|
}
|
|
138
|
-
const { acmeService, identity } = this;
|
|
139
137
|
// Step 2: Create a new account
|
|
140
138
|
const newAccountNonce = await (0, Account_1.createNewAccount)({
|
|
141
139
|
connection: acmeService,
|
|
@@ -170,16 +168,13 @@ class E2EIServiceInternal {
|
|
|
170
168
|
* @param oAuthIdToken
|
|
171
169
|
* @returns RotateBundle
|
|
172
170
|
*/
|
|
173
|
-
async getRotateBundleAndStoreCertificateData(oAuthIdToken, authData) {
|
|
174
|
-
if (!this.isInitialized || !this.identity || !this.acmeService) {
|
|
175
|
-
throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
|
|
176
|
-
}
|
|
171
|
+
async getRotateBundleAndStoreCertificateData(identity, oAuthIdToken, authData) {
|
|
177
172
|
// Step 7: Do OIDC client challenge
|
|
178
173
|
const oidcData = await (0, OidcChallenge_1.doWireOidcChallenge)({
|
|
179
174
|
oAuthIdToken,
|
|
180
175
|
authData,
|
|
181
176
|
connection: this.acmeService,
|
|
182
|
-
identity
|
|
177
|
+
identity,
|
|
183
178
|
nonce: authData.nonce,
|
|
184
179
|
});
|
|
185
180
|
this.logger.log('received oidcData', oidcData);
|
|
@@ -192,7 +187,7 @@ class E2EIServiceInternal {
|
|
|
192
187
|
authData,
|
|
193
188
|
clientId,
|
|
194
189
|
connection: this.acmeService,
|
|
195
|
-
identity
|
|
190
|
+
identity,
|
|
196
191
|
userDomain: wireUser.domain,
|
|
197
192
|
apiClient: this.apiClient,
|
|
198
193
|
expirySecs: 30,
|
|
@@ -206,7 +201,7 @@ class E2EIServiceInternal {
|
|
|
206
201
|
const orderData = E2EIStorage_1.E2EIStorage.get.orderData();
|
|
207
202
|
const finalizeOrderData = await (0, Order_1.finalizeOrder)({
|
|
208
203
|
connection: this.acmeService,
|
|
209
|
-
identity
|
|
204
|
+
identity,
|
|
210
205
|
nonce: dpopData.nonce,
|
|
211
206
|
orderUrl: orderData.orderUrl,
|
|
212
207
|
});
|
|
@@ -218,13 +213,13 @@ class E2EIServiceInternal {
|
|
|
218
213
|
certificateUrl: finalizeOrderData.certificateUrl,
|
|
219
214
|
nonce: finalizeOrderData.nonce,
|
|
220
215
|
connection: this.acmeService,
|
|
221
|
-
identity
|
|
216
|
+
identity,
|
|
222
217
|
});
|
|
223
218
|
if (!certificate) {
|
|
224
219
|
throw new Error('Error while trying to continue OAuth flow. No certificate received');
|
|
225
220
|
}
|
|
226
221
|
// Step 10: Initialize MLS with the certificate
|
|
227
|
-
const rotateBundle = await this.coreCryptoClient.e2eiRotateAll(
|
|
222
|
+
const rotateBundle = await this.coreCryptoClient.e2eiRotateAll(identity, certificate, this.keyPackagesAmount);
|
|
228
223
|
this.dispatchNewCrlDistributionPoints(rotateBundle);
|
|
229
224
|
return rotateBundle;
|
|
230
225
|
}
|
|
@@ -232,19 +227,16 @@ class E2EIServiceInternal {
|
|
|
232
227
|
* This function starts a new ACME enrollment flow for either a new client
|
|
233
228
|
* or a client that wants to refresh its certificate but has no valid refresh token
|
|
234
229
|
*/
|
|
235
|
-
async startNewOAuthFlow() {
|
|
230
|
+
async startNewOAuthFlow(identity) {
|
|
236
231
|
if (this.e2eiServiceExternal.isEnrollmentInProgress()) {
|
|
237
232
|
throw new Error('Error while trying to start OAuth flow. There is already a flow in progress');
|
|
238
233
|
}
|
|
239
|
-
|
|
240
|
-
throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
|
|
241
|
-
}
|
|
242
|
-
const { authorization: { oidcChallenge: wireOidcChallenge, keyauth }, } = await this.getEnrollmentChallenges();
|
|
234
|
+
const { authorization: { oidcChallenge: wireOidcChallenge, keyauth }, } = await this.getEnrollmentChallenges(identity);
|
|
243
235
|
if (!wireOidcChallenge || !keyauth) {
|
|
244
236
|
throw new Error('missing wireOidcChallenge or keyauth');
|
|
245
237
|
}
|
|
246
238
|
// stash the identity for later use
|
|
247
|
-
const handle = await this.coreCryptoClient.e2eiEnrollmentStash(
|
|
239
|
+
const handle = await this.coreCryptoClient.e2eiEnrollmentStash(identity);
|
|
248
240
|
// stash the handle in local storage
|
|
249
241
|
E2EIStorage_1.E2EIStorage.store.handle(bazinga64_1.Encoder.toBase64(handle).asString);
|
|
250
242
|
// we need to pass back the aquired wireOidcChallenge to the UI
|
|
@@ -258,15 +250,11 @@ class E2EIServiceInternal {
|
|
|
258
250
|
* @returns RotateBundle | undefined
|
|
259
251
|
*/
|
|
260
252
|
async continueOAuthFlow(oAuthIdToken) {
|
|
261
|
-
// If we have a handle, the user has already started the process to authenticate with the OIDC provider. We can continue the flow.
|
|
262
|
-
if (!this.acmeService) {
|
|
263
|
-
throw new Error('Error while trying to continue OAuth flow. AcmeService is not initialized');
|
|
264
|
-
}
|
|
265
253
|
const handle = E2EIStorage_1.E2EIStorage.get.handle();
|
|
266
254
|
const authData = E2EIStorage_1.E2EIStorage.get.authData();
|
|
267
|
-
|
|
255
|
+
const identity = await this.coreCryptoClient.e2eiEnrollmentStashPop(bazinga64_1.Decoder.fromBase64(handle).asBytes);
|
|
268
256
|
this.logger.log('retrieved identity from stash');
|
|
269
|
-
return this.getRotateBundleAndStoreCertificateData(oAuthIdToken, authData);
|
|
257
|
+
return this.getRotateBundleAndStoreCertificateData(identity, oAuthIdToken, authData);
|
|
270
258
|
}
|
|
271
259
|
/**
|
|
272
260
|
* This function starts a ACME refresh flow for an existing client with a valid refresh token
|
|
@@ -275,14 +263,10 @@ class E2EIServiceInternal {
|
|
|
275
263
|
* @returns
|
|
276
264
|
*/
|
|
277
265
|
async startRefreshCertficateFlow(oAuthIdToken, hasActiveCertificate) {
|
|
278
|
-
// we dont have an oauth flow since we already get the oAuthIdToken from the client
|
|
279
|
-
if (!this.acmeService) {
|
|
280
|
-
throw new Error('Error while trying to continue OAuth flow. AcmeService is not initialized');
|
|
281
|
-
}
|
|
282
266
|
// We need to initialize the identity
|
|
283
|
-
await this.initIdentity(hasActiveCertificate);
|
|
284
|
-
const authData = await this.getEnrollmentChallenges();
|
|
285
|
-
return this.getRotateBundleAndStoreCertificateData(oAuthIdToken, authData);
|
|
267
|
+
const identity = await this.initIdentity(hasActiveCertificate);
|
|
268
|
+
const authData = await this.getEnrollmentChallenges(identity);
|
|
269
|
+
return this.getRotateBundleAndStoreCertificateData(identity, oAuthIdToken, authData);
|
|
286
270
|
}
|
|
287
271
|
}
|
|
288
272
|
exports.E2EIServiceInternal = E2EIServiceInternal;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MLSService.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAqB,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;AACzF,OAAO,EAAC,sBAAsB,EAAE,kBAAkB,EAAC,MAAM,sCAAsC,CAAC;AAChG,OAAO,EAAC,8BAA8B,EAAE,2BAA2B,EAAC,MAAM,+BAA+B,CAAC;AAE1G,OAAO,EAAC,WAAW,EAAC,MAAM,8BAA8B,CAAC;AAEzD,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAW,iBAAiB,EAAC,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EACL,eAAe,EAIf,cAAc,EACd,UAAU,EAEV,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EACnB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAC,gBAAgB,EAAuD,MAAM,oBAAoB,CAAC;AAE1G,OAAO,EAAC,mBAAmB,EAAC,MAAM,uBAAuB,CAAC;AAE1D,OAAO,EAAC,YAAY,EAAC,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAC,sBAAsB,EAAC,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAC,aAAa,EAAE,mBAAmB,EAAE,IAAI,EAAC,MAAM,uBAAuB,CAAC;AAQ/E,OAAO,EAAC,QAAQ,EAAE,4BAA4B,EAAE,4BAA4B,EAAC,MAAM,UAAU,CAAC;AAK9F,eAAO,MAAM,oBAAoB,UAAW,UAAU,GAAG,EAAE,KAAG,UAE7D,CAAC;AAEF,KAAK,sBAAsB,GACvB;IACE,MAAM,EAAE,gBAAgB,CAAC;IACzB,uBAAuB,EAAE;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,aAAa,CAAA;KAAC,CAAC;CACtE,GACD;IAAC,MAAM,EAAE,YAAY,CAAA;CAAC,CAAC;AAE3B,UAAU,qBAAsB,SAAQ,gBAAgB;IACtD;;OAEG;IACH,uCAAuC,EAAE,MAAM,CAAC;CACjD;AAQD,KAAK,MAAM,GAAG;IACZ,QAAQ,EAAE;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAC,CAAC;IAC3C,wBAAwB,EAAE,MAAM,EAAE,CAAC;CACpC,CAAC;AACF,qBAAa,UAAW,SAAQ,iBAAiB,CAAC,MAAM,CAAC;IAOrD,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IATzC,MAAM,iBAAuC;IAC7C,MAAM,EAAE,qBAAqB,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;gBAG9B,SAAS,EAAE,SAAS,EACpB,gBAAgB,EAAE,UAAU,EAC5B,YAAY,EAAE,YAAY,EAC1B,sBAAsB,EAAE,sBAAsB,EAC/D,EACE,6BAA2E,EAC3E,aAA2C,EAC3C,WAAuC,GACxC,EAAE,OAAO,CAAC,gBAAgB,CAAC;IAWjB,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,UAAQ;YAyBtF,iBAAiB;IAM/B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CA0CjC;IAEF;;;;;;OAMG;IACI,8BAA8B,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE;IAanE,qBAAqB,CAAC,cAAc,EAAE,mBAAmB,EAAE;;;;IA2CjE,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAK/B,WAAW,CAAC,YAAY,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,eAAe,GAAG,kBAAkB;IAIjG,oBAAoB,CAAC,YAAY,EAAE,MAAM,OAAO,CAAC,UAAU,CAAC;IAwB5D,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMjF,OAAO,CAAC,gCAAgC;IAO3B,qBAAqB,CAAC,cAAc,EAAE,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC;IAM1E,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAkB9F,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAIrG;;;;;;;;;OASG;YACW,mBAAmB;IAQjC,OAAO,CAAC,oBAAoB;IAK5B;;;OAGG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IActE;;;;;OAKG;IACU,oBAAoB,CAC/B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,WAAW,EAAE,EACpB,OAAO,CAAC,EAAE;QAAC,IAAI,EAAE,WAAW,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,GAC7C,OAAO,CAAC,sBAAsB,CAAC;IAiClC;;;;;OAKG;IACH,SAAgB,uBAAuB,YAAmB,MAAM,KAAG,QAAQ,OAAO,CAAC,CA2BjF;IAEF;;;;OAIG;IACI,6BAA6B,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE;YAW7D,eAAe;IAK7B;;;OAGG;IACU,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlE;;;;OAIG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5D,2BAA2B,IAAI,OAAO,CAAC,MAAM,CAAC;IAK9C,iBAAiB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAK9E;;;;OAIG;IACU,gBAAgB,CAAC,OAAO,EAAE,MAAM;IAc7C,OAAO,CAAC,sCAAsC;IAI9C;;;OAGG;IACU,uBAAuB,CAAC,OAAO,EAAE,MAAM;IAKpD;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAIhC;;;OAGG;IACI,0BAA0B,CAAC,OAAO,EAAE,MAAM;IAUjD;;;OAGG;IACI,mCAAmC,CAAC,QAAQ,EAAE,MAAM,EAAE;IAQ7D;;;;OAIG;IACI,sCAAsC,CAAC,QAAQ,EAAE,MAAM;IAQ9D;;;;OAIG;YACW,+BAA+B;YAQ/B,gCAAgC;YAYhC,2BAA2B;IAIzC;;;;;OAKG;YACW,mBAAmB;YAQnB,oBAAoB;IAOrB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAe7D;;;;;;;OAOG;IACU,sBAAsB,CAAC,EAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAC,EAAE,4BAA4B;YAWnF,4BAA4B;YAU5B,0BAA0B;IAKxC,OAAO,CAAC,6BAA6B;IAIrC;;;;;OAKG;IACU,sBAAsB,CAAC,EAAC,OAAO,EAAE,UAAkB,EAAC,EAAE,4BAA4B;IAY/F;;;;OAIG;IACU,+BAA+B;IAiB5C;;;;OAIG;IACU,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAC,EAAE,CAAC;IAY9F,wBAAwB,CACnC,KAAK,EAAE,8BAA8B,EACrC,yBAAyB,EAAE,CACzB,cAAc,EAAE,WAAW,EAC3B,iBAAiB,CAAC,EAAE,kBAAkB,KACnC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAgBrB,4BAA4B,CAAC,KAAK,EAAE,2BAA2B,EAAE,QAAQ,EAAE,MAAM;IAcjF,oBAAoB,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE;IASjF;;;;;;;;OAQG;IACU,UAAU,CACrB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,mBAAmB,EACxC,IAAI,EAAE,IAAI,EACV,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,EACtB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"MLSService.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAqB,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;AACzF,OAAO,EAAC,sBAAsB,EAAE,kBAAkB,EAAC,MAAM,sCAAsC,CAAC;AAChG,OAAO,EAAC,8BAA8B,EAAE,2BAA2B,EAAC,MAAM,+BAA+B,CAAC;AAE1G,OAAO,EAAC,WAAW,EAAC,MAAM,8BAA8B,CAAC;AAEzD,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAW,iBAAiB,EAAC,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EACL,eAAe,EAIf,cAAc,EACd,UAAU,EAEV,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EACnB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAC,gBAAgB,EAAuD,MAAM,oBAAoB,CAAC;AAE1G,OAAO,EAAC,mBAAmB,EAAC,MAAM,uBAAuB,CAAC;AAE1D,OAAO,EAAC,YAAY,EAAC,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAC,sBAAsB,EAAC,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAC,aAAa,EAAE,mBAAmB,EAAE,IAAI,EAAC,MAAM,uBAAuB,CAAC;AAQ/E,OAAO,EAAC,QAAQ,EAAE,4BAA4B,EAAE,4BAA4B,EAAC,MAAM,UAAU,CAAC;AAK9F,eAAO,MAAM,oBAAoB,UAAW,UAAU,GAAG,EAAE,KAAG,UAE7D,CAAC;AAEF,KAAK,sBAAsB,GACvB;IACE,MAAM,EAAE,gBAAgB,CAAC;IACzB,uBAAuB,EAAE;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,aAAa,CAAA;KAAC,CAAC;CACtE,GACD;IAAC,MAAM,EAAE,YAAY,CAAA;CAAC,CAAC;AAE3B,UAAU,qBAAsB,SAAQ,gBAAgB;IACtD;;OAEG;IACH,uCAAuC,EAAE,MAAM,CAAC;CACjD;AAQD,KAAK,MAAM,GAAG;IACZ,QAAQ,EAAE;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAC,CAAC;IAC3C,wBAAwB,EAAE,MAAM,EAAE,CAAC;CACpC,CAAC;AACF,qBAAa,UAAW,SAAQ,iBAAiB,CAAC,MAAM,CAAC;IAOrD,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IATzC,MAAM,iBAAuC;IAC7C,MAAM,EAAE,qBAAqB,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;gBAG9B,SAAS,EAAE,SAAS,EACpB,gBAAgB,EAAE,UAAU,EAC5B,YAAY,EAAE,YAAY,EAC1B,sBAAsB,EAAE,sBAAsB,EAC/D,EACE,6BAA2E,EAC3E,aAA2C,EAC3C,WAAuC,GACxC,EAAE,OAAO,CAAC,gBAAgB,CAAC;IAWjB,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,UAAQ;YAyBtF,iBAAiB;IAM/B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CA0CjC;IAEF;;;;;;OAMG;IACI,8BAA8B,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE;IAanE,qBAAqB,CAAC,cAAc,EAAE,mBAAmB,EAAE;;;;IA2CjE,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAK/B,WAAW,CAAC,YAAY,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,eAAe,GAAG,kBAAkB;IAIjG,oBAAoB,CAAC,YAAY,EAAE,MAAM,OAAO,CAAC,UAAU,CAAC;IAwB5D,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMjF,OAAO,CAAC,gCAAgC;IAO3B,qBAAqB,CAAC,cAAc,EAAE,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC;IAM1E,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAkB9F,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAIrG;;;;;;;;;OASG;YACW,mBAAmB;IAQjC,OAAO,CAAC,oBAAoB;IAK5B;;;OAGG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IActE;;;;;OAKG;IACU,oBAAoB,CAC/B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,WAAW,EAAE,EACpB,OAAO,CAAC,EAAE;QAAC,IAAI,EAAE,WAAW,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,GAC7C,OAAO,CAAC,sBAAsB,CAAC;IAiClC;;;;;OAKG;IACH,SAAgB,uBAAuB,YAAmB,MAAM,KAAG,QAAQ,OAAO,CAAC,CA2BjF;IAEF;;;;OAIG;IACI,6BAA6B,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE;YAW7D,eAAe;IAK7B;;;OAGG;IACU,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlE;;;;OAIG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5D,2BAA2B,IAAI,OAAO,CAAC,MAAM,CAAC;IAK9C,iBAAiB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAK9E;;;;OAIG;IACU,gBAAgB,CAAC,OAAO,EAAE,MAAM;IAc7C,OAAO,CAAC,sCAAsC;IAI9C;;;OAGG;IACU,uBAAuB,CAAC,OAAO,EAAE,MAAM;IAKpD;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAIhC;;;OAGG;IACI,0BAA0B,CAAC,OAAO,EAAE,MAAM;IAUjD;;;OAGG;IACI,mCAAmC,CAAC,QAAQ,EAAE,MAAM,EAAE;IAQ7D;;;;OAIG;IACI,sCAAsC,CAAC,QAAQ,EAAE,MAAM;IAQ9D;;;;OAIG;YACW,+BAA+B;YAQ/B,gCAAgC;YAYhC,2BAA2B;IAIzC;;;;;OAKG;YACW,mBAAmB;YAQnB,oBAAoB;IAOrB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAe7D;;;;;;;OAOG;IACU,sBAAsB,CAAC,EAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAC,EAAE,4BAA4B;YAWnF,4BAA4B;YAU5B,0BAA0B;IAKxC,OAAO,CAAC,6BAA6B;IAIrC;;;;;OAKG;IACU,sBAAsB,CAAC,EAAC,OAAO,EAAE,UAAkB,EAAC,EAAE,4BAA4B;IAY/F;;;;OAIG;IACU,+BAA+B;IAiB5C;;;;OAIG;IACU,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAC,EAAE,CAAC;IAY9F,wBAAwB,CACnC,KAAK,EAAE,8BAA8B,EACrC,yBAAyB,EAAE,CACzB,cAAc,EAAE,WAAW,EAC3B,iBAAiB,CAAC,EAAE,kBAAkB,KACnC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAgBrB,4BAA4B,CAAC,KAAK,EAAE,2BAA2B,EAAE,QAAQ,EAAE,MAAM;IAcjF,oBAAoB,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE;IASjF;;;;;;;;OAQG;IACU,UAAU,CACrB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,mBAAmB,EACxC,IAAI,EAAE,IAAI,EACV,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,EACtB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,sBAAsB,CAAC;CA6DnC"}
|
|
@@ -636,67 +636,61 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
636
636
|
* @returns AcmeChallenge if the user is not authenticated, true if the user is authenticated
|
|
637
637
|
*/
|
|
638
638
|
async enrollE2EI(discoveryUrl, e2eiServiceExternal, user, client, nbPrekeys, certificateTtl, oAuthIdToken) {
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
654
|
-
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
throw new Error('Not oidc challenge found');
|
|
658
|
-
}
|
|
659
|
-
return { status: 'authentication', authenticationChallenge: data };
|
|
660
|
-
}
|
|
661
|
-
// If we have an OAuth id token, we can continue the certificate process / start a refresh
|
|
662
|
-
const rotateBundle = !hasActiveCertificate
|
|
663
|
-
? // If we are not refreshing the active certificate, we need to continue the certificate process with Oauth
|
|
664
|
-
await instance.continueCertificateProcess(oAuthIdToken)
|
|
665
|
-
: // If we are refreshing the active certificate, can start the refresh process
|
|
666
|
-
await instance.startRefreshCertficateFlow(oAuthIdToken, hasActiveCertificate);
|
|
667
|
-
if (rotateBundle === undefined) {
|
|
668
|
-
throw new Error('Could not get the rotate bundle');
|
|
669
|
-
}
|
|
670
|
-
this.dispatchNewCrlDistributionPoints(rotateBundle);
|
|
671
|
-
// upload the clients public keys
|
|
672
|
-
if (!hasActiveCertificate) {
|
|
673
|
-
// we only upload public keys for the initial certification process. Renewals do not need to upload new public keys
|
|
674
|
-
await this.uploadMLSPublicKeys(client);
|
|
675
|
-
}
|
|
676
|
-
// Remove old key packages
|
|
677
|
-
await this.deleteMLSKeyPackages(client.id, rotateBundle.keyPackageRefsToRemove);
|
|
678
|
-
// Upload new key packages with x509 certificate
|
|
679
|
-
await this.uploadMLSKeyPackages(client.id, rotateBundle.newKeyPackages);
|
|
680
|
-
// Verify that we have enough key packages
|
|
681
|
-
await this.verifyRemoteMLSKeyPackagesAmount(client.id);
|
|
682
|
-
// Update keying material
|
|
683
|
-
for (const [groupId, commitBundle] of rotateBundle.commits) {
|
|
684
|
-
const groupIdAsBytes = bazinga64_1.Converter.hexStringToArrayBufferView(groupId);
|
|
685
|
-
// manual copy of the commit bundle data because of a problem while cloning it
|
|
686
|
-
const newCommitBundle = {
|
|
687
|
-
commit: commitBundle.commit,
|
|
688
|
-
// @ts-ignore
|
|
689
|
-
groupInfo: (commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.group_info) || commitBundle.groupInfo,
|
|
690
|
-
welcome: commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.welcome,
|
|
691
|
-
};
|
|
692
|
-
await this.uploadCommitBundle(groupIdAsBytes, newCommitBundle);
|
|
639
|
+
const hasActiveCertificate = await this.coreCryptoClient.e2eiIsEnabled(this.config.cipherSuite);
|
|
640
|
+
const instance = await E2EIServiceInternal_1.E2EIServiceInternal.getInstance({
|
|
641
|
+
apiClient: this.apiClient,
|
|
642
|
+
coreCryptClient: this.coreCryptoClient,
|
|
643
|
+
e2eiServiceExternal,
|
|
644
|
+
user,
|
|
645
|
+
clientId: client.id,
|
|
646
|
+
discoveryUrl,
|
|
647
|
+
keyPackagesAmount: nbPrekeys,
|
|
648
|
+
dispatchNewCrlDistributionPoints: payload => this.dispatchNewCrlDistributionPoints(payload),
|
|
649
|
+
certificateTtl,
|
|
650
|
+
});
|
|
651
|
+
// If we don't have an OAuth id token, we need to start the certificate process with Oauth
|
|
652
|
+
if (!oAuthIdToken) {
|
|
653
|
+
const data = await instance.startCertificateProcess(hasActiveCertificate);
|
|
654
|
+
const oidcChallenge = data.challenge;
|
|
655
|
+
if (!oidcChallenge) {
|
|
656
|
+
throw new Error('Not oidc challenge found');
|
|
693
657
|
}
|
|
694
|
-
return { status: '
|
|
658
|
+
return { status: 'authentication', authenticationChallenge: data };
|
|
695
659
|
}
|
|
696
|
-
|
|
697
|
-
|
|
698
|
-
|
|
660
|
+
// If we have an OAuth id token, we can continue the certificate process / start a refresh
|
|
661
|
+
const rotateBundle = !hasActiveCertificate
|
|
662
|
+
? // If we are not refreshing the active certificate, we need to continue the certificate process with Oauth
|
|
663
|
+
await instance.continueCertificateProcess(oAuthIdToken)
|
|
664
|
+
: // If we are refreshing the active certificate, can start the refresh process
|
|
665
|
+
await instance.startRefreshCertficateFlow(oAuthIdToken, hasActiveCertificate);
|
|
666
|
+
if (rotateBundle === undefined) {
|
|
667
|
+
throw new Error('Could not get the rotate bundle');
|
|
668
|
+
}
|
|
669
|
+
this.dispatchNewCrlDistributionPoints(rotateBundle);
|
|
670
|
+
// upload the clients public keys
|
|
671
|
+
if (!hasActiveCertificate) {
|
|
672
|
+
// we only upload public keys for the initial certification process. Renewals do not need to upload new public keys
|
|
673
|
+
await this.uploadMLSPublicKeys(client);
|
|
674
|
+
}
|
|
675
|
+
// Remove old key packages
|
|
676
|
+
await this.deleteMLSKeyPackages(client.id, rotateBundle.keyPackageRefsToRemove);
|
|
677
|
+
// Upload new key packages with x509 certificate
|
|
678
|
+
await this.uploadMLSKeyPackages(client.id, rotateBundle.newKeyPackages);
|
|
679
|
+
// Verify that we have enough key packages
|
|
680
|
+
await this.verifyRemoteMLSKeyPackagesAmount(client.id);
|
|
681
|
+
// Update keying material
|
|
682
|
+
for (const [groupId, commitBundle] of rotateBundle.commits) {
|
|
683
|
+
const groupIdAsBytes = bazinga64_1.Converter.hexStringToArrayBufferView(groupId);
|
|
684
|
+
// manual copy of the commit bundle data because of a problem while cloning it
|
|
685
|
+
const newCommitBundle = {
|
|
686
|
+
commit: commitBundle.commit,
|
|
687
|
+
// @ts-ignore
|
|
688
|
+
groupInfo: (commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.group_info) || commitBundle.groupInfo,
|
|
689
|
+
welcome: commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.welcome,
|
|
690
|
+
};
|
|
691
|
+
await this.uploadCommitBundle(groupIdAsBytes, newCommitBundle);
|
|
699
692
|
}
|
|
693
|
+
return { status: 'successful' };
|
|
700
694
|
}
|
|
701
695
|
}
|
|
702
696
|
exports.MLSService = MLSService;
|
package/package.json
CHANGED