@wireapp/core 43.14.1 → 43.14.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts +10 -7
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.js +27 -23
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.d.ts +1 -5
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.js +0 -19
- package/lib/messagingProtocols/mls/MLSService/MLSService.js +1 -1
- package/package.json +2 -2
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { AcmeService } from './Connection/AcmeServer';
|
|
2
2
|
import { InitParams, RotateBundle } from './E2EIService.types';
|
|
3
|
+
import { InitialData } from './Storage/E2EIStorage.schema';
|
|
3
4
|
export declare class E2EIServiceInternal {
|
|
4
5
|
private readonly coreCryptoClient;
|
|
5
6
|
private readonly apiClient;
|
|
@@ -11,9 +12,11 @@ export declare class E2EIServiceInternal {
|
|
|
11
12
|
private static instance;
|
|
12
13
|
private readonly logger;
|
|
13
14
|
private _acmeService?;
|
|
15
|
+
private _initialData?;
|
|
14
16
|
private constructor();
|
|
15
17
|
static getInstance(params?: InitParams): Promise<E2EIServiceInternal>;
|
|
16
18
|
get acmeService(): AcmeService;
|
|
19
|
+
get initialData(): InitialData;
|
|
17
20
|
startCertificateProcess(hasActiveCertificate: boolean): Promise<{
|
|
18
21
|
challenge: {
|
|
19
22
|
url: string;
|
|
@@ -23,6 +26,13 @@ export declare class E2EIServiceInternal {
|
|
|
23
26
|
keyAuth: string;
|
|
24
27
|
}>;
|
|
25
28
|
continueCertificateProcess(oAuthIdToken: string): Promise<RotateBundle | undefined>;
|
|
29
|
+
/**
|
|
30
|
+
* This function starts a ACME refresh flow for an existing client with a valid refresh token
|
|
31
|
+
*
|
|
32
|
+
* @param oAuthIdToken
|
|
33
|
+
* @returns
|
|
34
|
+
*/
|
|
35
|
+
renewCertificate(oAuthIdToken: string, hasActiveCertificate: boolean): Promise<RotateBundle>;
|
|
26
36
|
private initIdentity;
|
|
27
37
|
private init;
|
|
28
38
|
private getDirectory;
|
|
@@ -56,12 +66,5 @@ export declare class E2EIServiceInternal {
|
|
|
56
66
|
* @returns RotateBundle | undefined
|
|
57
67
|
*/
|
|
58
68
|
private continueOAuthFlow;
|
|
59
|
-
/**
|
|
60
|
-
* This function starts a ACME refresh flow for an existing client with a valid refresh token
|
|
61
|
-
*
|
|
62
|
-
* @param oAuthIdToken
|
|
63
|
-
* @returns
|
|
64
|
-
*/
|
|
65
|
-
startRefreshCertficateFlow(oAuthIdToken: string, hasActiveCertificate: boolean): Promise<RotateBundle>;
|
|
66
69
|
}
|
|
67
70
|
//# sourceMappingURL=E2EIServiceInternal.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"E2EIServiceInternal.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts"],"names":[],"mappings":"AAwBA,OAAO,EAAC,WAAW,EAAC,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAyD,UAAU,EAAE,YAAY,EAAC,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"E2EIServiceInternal.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts"],"names":[],"mappings":"AAwBA,OAAO,EAAC,WAAW,EAAC,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAyD,UAAU,EAAE,YAAY,EAAC,MAAM,qBAAqB,CAAC;AAUrH,OAAO,EAAW,WAAW,EAAC,MAAM,8BAA8B,CAAC;AAInE,qBAAa,mBAAmB;IAO5B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,wDAAwD;IACxD,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,gCAAgC;IAZnD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAsB;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuD;IAC9E,OAAO,CAAC,YAAY,CAAC,CAAc;IACnC,OAAO,CAAC,YAAY,CAAC,CAAc;IAEnC,OAAO;WAYa,WAAW,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAiClF,IAAI,WAAW,IAAI,WAAW,CAK7B;IAED,IAAI,WAAW,IAAI,WAAW,CAK7B;IAEY,uBAAuB,CAAC,oBAAoB,EAAE,OAAO;;;;;;;;IAOrD,0BAA0B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IAQhG;;;;;OAKG;IACU,gBAAgB,CAAC,YAAY,EAAE,MAAM,EAAE,oBAAoB,EAAE,OAAO;YASnE,YAAY;YAuBZ,IAAI;YASJ,YAAY;YAUZ,eAAe;IAQ7B;;;;;OAKG;YACW,uBAAuB;IAyCrC;;;;;;;OAOG;YACW,sCAAsC;IAiEpD;;;OAGG;YACW,iBAAiB;IAyB/B;;;;;;OAMG;YACW,iBAAiB;CAShC"}
|
|
@@ -59,7 +59,6 @@ class E2EIServiceInternal {
|
|
|
59
59
|
if (!discoveryUrl || !user || !clientId) {
|
|
60
60
|
throw new Error('discoveryUrl, user and clientId are required to initialize E2EIServiceInternal');
|
|
61
61
|
}
|
|
62
|
-
E2EIStorage_1.E2EIStorage.store.initialData({ discoveryUrl, user, clientId });
|
|
63
62
|
await E2EIServiceInternal.instance.init({ clientId, discoveryUrl, user });
|
|
64
63
|
}
|
|
65
64
|
}
|
|
@@ -71,6 +70,12 @@ class E2EIServiceInternal {
|
|
|
71
70
|
}
|
|
72
71
|
return this._acmeService;
|
|
73
72
|
}
|
|
73
|
+
get initialData() {
|
|
74
|
+
if (!this._initialData) {
|
|
75
|
+
throw new Error('Error while trying to get InitialData. E2EIServiceInternal has not been initialized');
|
|
76
|
+
}
|
|
77
|
+
return this._initialData;
|
|
78
|
+
}
|
|
74
79
|
async startCertificateProcess(hasActiveCertificate) {
|
|
75
80
|
// Step 0: Check if we have a handle in local storage
|
|
76
81
|
// If we don't have a handle, we need to start a new OAuth flow
|
|
@@ -84,9 +89,20 @@ class E2EIServiceInternal {
|
|
|
84
89
|
}
|
|
85
90
|
throw new Error('Error while trying to continue OAuth flow. No enrollment in progress found');
|
|
86
91
|
}
|
|
92
|
+
/**
|
|
93
|
+
* This function starts a ACME refresh flow for an existing client with a valid refresh token
|
|
94
|
+
*
|
|
95
|
+
* @param oAuthIdToken
|
|
96
|
+
* @returns
|
|
97
|
+
*/
|
|
98
|
+
async renewCertificate(oAuthIdToken, hasActiveCertificate) {
|
|
99
|
+
const identity = await this.initIdentity(hasActiveCertificate);
|
|
100
|
+
const authData = await this.getEnrollmentChallenges(identity);
|
|
101
|
+
return this.getRotateBundleAndStoreCertificateData(identity, oAuthIdToken, authData.authChallenges);
|
|
102
|
+
}
|
|
87
103
|
// ############ Internal Functions ############
|
|
88
104
|
async initIdentity(hasActiveCertificate) {
|
|
89
|
-
const { user } =
|
|
105
|
+
const { user } = this.initialData;
|
|
90
106
|
// How long the issued certificate should be maximal valid
|
|
91
107
|
const ciphersuite = E2EIService_types_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519;
|
|
92
108
|
return hasActiveCertificate
|
|
@@ -96,9 +112,9 @@ class E2EIServiceInternal {
|
|
|
96
112
|
async init(params) {
|
|
97
113
|
const { user, clientId, discoveryUrl } = params;
|
|
98
114
|
if (!user || !clientId) {
|
|
99
|
-
|
|
100
|
-
throw new Error();
|
|
115
|
+
throw new Error('user and clientId are required to initialize E2eIdentityService');
|
|
101
116
|
}
|
|
117
|
+
this._initialData = { user, clientId, discoveryUrl };
|
|
102
118
|
this._acmeService = new AcmeServer_1.AcmeService(discoveryUrl);
|
|
103
119
|
}
|
|
104
120
|
async getDirectory(identity, connection) {
|
|
@@ -155,10 +171,7 @@ class E2EIServiceInternal {
|
|
|
155
171
|
authzUrls: orderData.authzUrls,
|
|
156
172
|
nonce: orderData.nonce,
|
|
157
173
|
});
|
|
158
|
-
|
|
159
|
-
E2EIStorage_1.E2EIStorage.store.authData(authChallenges);
|
|
160
|
-
E2EIStorage_1.E2EIStorage.store.orderData({ orderUrl: orderData.orderUrl });
|
|
161
|
-
return authChallenges;
|
|
174
|
+
return { authChallenges, orderUrl: orderData.orderUrl };
|
|
162
175
|
}
|
|
163
176
|
/**
|
|
164
177
|
* Continuation of the ACME enrollment flow
|
|
@@ -181,7 +194,7 @@ class E2EIServiceInternal {
|
|
|
181
194
|
if (!oidcData.data.validated) {
|
|
182
195
|
throw new Error('Error while trying to continue OAuth flow. OIDC challenge not validated');
|
|
183
196
|
}
|
|
184
|
-
const { user: wireUser, clientId } =
|
|
197
|
+
const { user: wireUser, clientId } = this.initialData;
|
|
185
198
|
//Step 8: Do DPOP Challenge
|
|
186
199
|
const dpopData = await (0, DpopChallenge_1.doWireDpopChallenge)({
|
|
187
200
|
authData,
|
|
@@ -231,14 +244,17 @@ class E2EIServiceInternal {
|
|
|
231
244
|
if (this.e2eiServiceExternal.isEnrollmentInProgress()) {
|
|
232
245
|
throw new Error('Error while trying to start OAuth flow. There is already a flow in progress');
|
|
233
246
|
}
|
|
234
|
-
const {
|
|
247
|
+
const { authChallenges, orderUrl } = await this.getEnrollmentChallenges(identity);
|
|
248
|
+
const { authorization: { oidcChallenge: wireOidcChallenge, keyauth }, } = authChallenges;
|
|
235
249
|
if (!wireOidcChallenge || !keyauth) {
|
|
236
250
|
throw new Error('missing wireOidcChallenge or keyauth');
|
|
237
251
|
}
|
|
238
252
|
// stash the identity for later use
|
|
239
253
|
const handle = await this.coreCryptoClient.e2eiEnrollmentStash(identity);
|
|
240
|
-
//
|
|
254
|
+
// Store the values in local storage for later use (e.g. in the continue flow)
|
|
241
255
|
E2EIStorage_1.E2EIStorage.store.handle(bazinga64_1.Encoder.toBase64(handle).asString);
|
|
256
|
+
E2EIStorage_1.E2EIStorage.store.authData(authChallenges);
|
|
257
|
+
E2EIStorage_1.E2EIStorage.store.orderData({ orderUrl });
|
|
242
258
|
// we need to pass back the aquired wireOidcChallenge to the UI
|
|
243
259
|
return { challenge: wireOidcChallenge, keyAuth: keyauth };
|
|
244
260
|
}
|
|
@@ -256,17 +272,5 @@ class E2EIServiceInternal {
|
|
|
256
272
|
this.logger.log('retrieved identity from stash');
|
|
257
273
|
return this.getRotateBundleAndStoreCertificateData(identity, oAuthIdToken, authData);
|
|
258
274
|
}
|
|
259
|
-
/**
|
|
260
|
-
* This function starts a ACME refresh flow for an existing client with a valid refresh token
|
|
261
|
-
*
|
|
262
|
-
* @param oAuthIdToken
|
|
263
|
-
* @returns
|
|
264
|
-
*/
|
|
265
|
-
async startRefreshCertficateFlow(oAuthIdToken, hasActiveCertificate) {
|
|
266
|
-
// We need to initialize the identity
|
|
267
|
-
const identity = await this.initIdentity(hasActiveCertificate);
|
|
268
|
-
const authData = await this.getEnrollmentChallenges(identity);
|
|
269
|
-
return this.getRotateBundleAndStoreCertificateData(identity, oAuthIdToken, authData);
|
|
270
|
-
}
|
|
271
275
|
}
|
|
272
276
|
exports.E2EIServiceInternal = E2EIServiceInternal;
|
|
@@ -1,23 +1,19 @@
|
|
|
1
|
-
import { AuthData,
|
|
1
|
+
import { AuthData, OrderData } from './E2EIStorage.schema';
|
|
2
2
|
export declare const E2EIStorage: {
|
|
3
3
|
store: {
|
|
4
4
|
handle: (handle: string) => void;
|
|
5
5
|
authData: (data: AuthData) => void;
|
|
6
6
|
orderData: (data: OrderData) => void;
|
|
7
|
-
initialData: (data: InitialData) => void;
|
|
8
7
|
};
|
|
9
8
|
get: {
|
|
10
|
-
initialData: () => InitialData;
|
|
11
9
|
handle: () => string;
|
|
12
10
|
authData: () => AuthData;
|
|
13
11
|
orderData: () => OrderData;
|
|
14
12
|
};
|
|
15
13
|
has: {
|
|
16
14
|
handle: () => boolean;
|
|
17
|
-
initialData: () => boolean;
|
|
18
15
|
};
|
|
19
16
|
remove: {
|
|
20
|
-
initialData: () => void;
|
|
21
17
|
temporaryData: () => void;
|
|
22
18
|
all: () => void;
|
|
23
19
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"E2EIStorage.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,QAAQ,EAAkB,
|
|
1
|
+
{"version":3,"file":"E2EIStorage.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,QAAQ,EAAkB,SAAS,EAAC,MAAM,sBAAsB,CAAC;AAqDzE,eAAO,MAAM,WAAW;;yBA3CK,MAAM;yBAEN,QAAQ;0BADP,SAAS;;;;wBAcN,QAAQ;yBASP,SAAS;;;;;;;;;CAqC1C,CAAC"}
|
|
@@ -25,14 +25,11 @@ const LocalStorageStore_1 = require("../../../../util/LocalStorageStore");
|
|
|
25
25
|
const HandleKey = 'Handle';
|
|
26
26
|
const AuthDataKey = 'AuthData';
|
|
27
27
|
const OderDataKey = 'OrderData';
|
|
28
|
-
const InitialDataKey = 'InitialData';
|
|
29
28
|
const storage = (0, LocalStorageStore_1.LocalStorageStore)('E2EIStorage');
|
|
30
29
|
const storeHandle = (handle) => storage.add(HandleKey, bazinga64_1.Encoder.toBase64(handle).asString);
|
|
31
30
|
const storeOrderData = (data) => storage.add(OderDataKey, bazinga64_1.Encoder.toBase64(JSON.stringify(data)).asString);
|
|
32
31
|
const storeAuthData = (data) => storage.add(AuthDataKey, bazinga64_1.Encoder.toBase64(JSON.stringify(data)).asString);
|
|
33
|
-
const storeInitialData = (data) => storage.add(InitialDataKey, bazinga64_1.Encoder.toBase64(JSON.stringify(data)).asString);
|
|
34
32
|
const hasHandle = () => storage.has(HandleKey);
|
|
35
|
-
const hasInitialData = () => storage.has(InitialDataKey);
|
|
36
33
|
const getAndVerifyHandle = () => {
|
|
37
34
|
const handle = storage.get(HandleKey);
|
|
38
35
|
if (!handle) {
|
|
@@ -48,14 +45,6 @@ const getAndVerifyAuthData = () => {
|
|
|
48
45
|
const decodedData = bazinga64_1.Decoder.fromBase64(data).asString;
|
|
49
46
|
return E2EIStorage_schema_1.AuthDataSchema.parse(JSON.parse(decodedData));
|
|
50
47
|
};
|
|
51
|
-
const getInitialData = () => {
|
|
52
|
-
const data = storage.get(InitialDataKey);
|
|
53
|
-
if (!data) {
|
|
54
|
-
throw new Error('ACME: InitialData not found');
|
|
55
|
-
}
|
|
56
|
-
const decodedData = bazinga64_1.Decoder.fromBase64(data).asString;
|
|
57
|
-
return E2EIStorage_schema_1.InitialDataSchema.parse(JSON.parse(decodedData));
|
|
58
|
-
};
|
|
59
48
|
const getAndVerifyOrderData = () => {
|
|
60
49
|
const data = storage.get(OderDataKey);
|
|
61
50
|
if (!data) {
|
|
@@ -64,9 +53,6 @@ const getAndVerifyOrderData = () => {
|
|
|
64
53
|
const decodedData = bazinga64_1.Decoder.fromBase64(data).asString;
|
|
65
54
|
return JSON.parse(decodedData);
|
|
66
55
|
};
|
|
67
|
-
const removeInitialData = () => {
|
|
68
|
-
storage.remove(InitialDataKey);
|
|
69
|
-
};
|
|
70
56
|
const removeTemporaryData = () => {
|
|
71
57
|
storage.remove(HandleKey);
|
|
72
58
|
storage.remove(AuthDataKey);
|
|
@@ -74,27 +60,22 @@ const removeTemporaryData = () => {
|
|
|
74
60
|
};
|
|
75
61
|
const removeAll = () => {
|
|
76
62
|
removeTemporaryData();
|
|
77
|
-
removeInitialData();
|
|
78
63
|
};
|
|
79
64
|
exports.E2EIStorage = {
|
|
80
65
|
store: {
|
|
81
66
|
handle: storeHandle,
|
|
82
67
|
authData: storeAuthData,
|
|
83
68
|
orderData: storeOrderData,
|
|
84
|
-
initialData: storeInitialData,
|
|
85
69
|
},
|
|
86
70
|
get: {
|
|
87
|
-
initialData: getInitialData,
|
|
88
71
|
handle: getAndVerifyHandle,
|
|
89
72
|
authData: getAndVerifyAuthData,
|
|
90
73
|
orderData: getAndVerifyOrderData,
|
|
91
74
|
},
|
|
92
75
|
has: {
|
|
93
76
|
handle: hasHandle,
|
|
94
|
-
initialData: hasInitialData,
|
|
95
77
|
},
|
|
96
78
|
remove: {
|
|
97
|
-
initialData: removeInitialData,
|
|
98
79
|
temporaryData: removeTemporaryData,
|
|
99
80
|
all: removeAll,
|
|
100
81
|
},
|
|
@@ -662,7 +662,7 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
662
662
|
? // If we are not refreshing the active certificate, we need to continue the certificate process with Oauth
|
|
663
663
|
await instance.continueCertificateProcess(oAuthIdToken)
|
|
664
664
|
: // If we are refreshing the active certificate, can start the refresh process
|
|
665
|
-
await instance.
|
|
665
|
+
await instance.renewCertificate(oAuthIdToken, hasActiveCertificate);
|
|
666
666
|
if (rotateBundle === undefined) {
|
|
667
667
|
throw new Error('Could not get the rotate bundle');
|
|
668
668
|
}
|
package/package.json
CHANGED