@wireapp/core 43.7.1 → 43.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/Account.d.ts +12 -3
- package/lib/Account.d.ts.map +1 -1
- package/lib/Account.js +3 -3
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.d.ts +72 -104
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.js +13 -31
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.types.d.ts +2 -3
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.types.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIService.types.d.ts +2 -5
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIService.types.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts +8 -7
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.js +57 -119
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.d.ts +2 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.js +3 -3
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts +6 -10
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.d.ts +2 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.d.ts +13 -17
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Order.d.ts +4 -4
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Order.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Order.js +9 -10
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.js +2 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.schema.d.ts +5 -0
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.schema.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.schema.js +1 -0
- package/lib/messagingProtocols/mls/MLSService/MLSService.d.ts +11 -2
- package/lib/messagingProtocols/mls/MLSService/MLSService.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/MLSService/MLSService.js +36 -40
- package/package.json +4 -4
package/lib/Account.d.ts
CHANGED
|
@@ -13,7 +13,7 @@ import { SubconversationService } from './conversation/SubconversationService/Su
|
|
|
13
13
|
import { GiphyService } from './giphy/';
|
|
14
14
|
import { LinkPreviewService } from './linkPreview';
|
|
15
15
|
import { MLSService } from './messagingProtocols/mls';
|
|
16
|
-
import { E2EIServiceExternal
|
|
16
|
+
import { E2EIServiceExternal } from './messagingProtocols/mls/E2EIdentityService';
|
|
17
17
|
import { CoreCallbacks, CoreCryptoConfig, SecretCrypto } from './messagingProtocols/mls/types';
|
|
18
18
|
import { NewClient, ProteusService } from './messagingProtocols/proteus';
|
|
19
19
|
import { HandledEventPayload, NotificationService, NotificationSource } from './notification/';
|
|
@@ -118,12 +118,21 @@ export declare class Account extends TypedEventEmitter<Events> {
|
|
|
118
118
|
useAPIVersion(min: number, max: number, allowDev?: boolean): Promise<BackendFeatures>;
|
|
119
119
|
private persistCookie;
|
|
120
120
|
private getE2EIStatus;
|
|
121
|
-
enrollE2EI({ displayName, handle, discoveryUrl, oAuthIdToken, }: {
|
|
121
|
+
enrollE2EI({ displayName, handle, teamId, discoveryUrl, oAuthIdToken, }: {
|
|
122
122
|
displayName: string;
|
|
123
123
|
handle: string;
|
|
124
|
+
teamId: string;
|
|
124
125
|
discoveryUrl: string;
|
|
125
126
|
oAuthIdToken?: string;
|
|
126
|
-
}): Promise<
|
|
127
|
+
}): Promise<{
|
|
128
|
+
status: "authentication";
|
|
129
|
+
authenticationChallenge: {
|
|
130
|
+
keyAuth: string;
|
|
131
|
+
challenge: import("./messagingProtocols/mls").AcmeChallenge;
|
|
132
|
+
};
|
|
133
|
+
} | {
|
|
134
|
+
status: "successful";
|
|
135
|
+
}>;
|
|
127
136
|
get clientId(): string;
|
|
128
137
|
get userId(): string;
|
|
129
138
|
/**
|
package/lib/Account.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Account.d.ts","sourceRoot":"","sources":["../src/Account.ts"],"names":[],"mappings":"AAmBA,OAAO,EACL,YAAY,EAGZ,OAAO,EACP,MAAM,EAEN,SAAS,EAEV,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAuB,UAAU,EAAE,gBAAgB,EAAC,MAAM,iCAAiC,CAAC;AAEnG,OAAO,KAAK,MAAM,MAAM,+BAA+B,CAAC;AASxD,OAAO,EAAC,SAAS,EAAE,eAAe,EAAC,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAC,iBAAiB,EAAC,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAC,UAAU,EAAe,MAAM,uBAAuB,CAAC;AAE/D,OAAO,EAAC,cAAc,EAAC,MAAM,YAAY,CAAC;AAE1C,OAAO,EAAC,gBAAgB,EAAC,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAC,UAAU,EAAE,aAAa,EAAC,MAAM,WAAW,CAAC;AACpD,OAAO,EAAC,iBAAiB,EAAC,MAAM,eAAe,CAAC;AAChD,OAAO,EAAC,YAAY,EAAE,mBAAmB,EAAC,MAAM,iBAAiB,CAAC;AAElE,OAAO,EAAC,sBAAsB,EAAC,MAAM,8DAA8D,CAAC;AACpG,OAAO,EAAC,YAAY,EAAC,MAAM,UAAU,CAAC;AACtC,OAAO,EAAC,kBAAkB,EAAC,MAAM,eAAe,CAAC;AACjD,OAAO,EAAC,UAAU,EAAC,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAC,mBAAmB,
|
|
1
|
+
{"version":3,"file":"Account.d.ts","sourceRoot":"","sources":["../src/Account.ts"],"names":[],"mappings":"AAmBA,OAAO,EACL,YAAY,EAGZ,OAAO,EACP,MAAM,EAEN,SAAS,EAEV,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAuB,UAAU,EAAE,gBAAgB,EAAC,MAAM,iCAAiC,CAAC;AAEnG,OAAO,KAAK,MAAM,MAAM,+BAA+B,CAAC;AASxD,OAAO,EAAC,SAAS,EAAE,eAAe,EAAC,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAC,iBAAiB,EAAC,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAC,UAAU,EAAe,MAAM,uBAAuB,CAAC;AAE/D,OAAO,EAAC,cAAc,EAAC,MAAM,YAAY,CAAC;AAE1C,OAAO,EAAC,gBAAgB,EAAC,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAC,UAAU,EAAE,aAAa,EAAC,MAAM,WAAW,CAAC;AACpD,OAAO,EAAC,iBAAiB,EAAC,MAAM,eAAe,CAAC;AAChD,OAAO,EAAC,YAAY,EAAE,mBAAmB,EAAC,MAAM,iBAAiB,CAAC;AAElE,OAAO,EAAC,sBAAsB,EAAC,MAAM,8DAA8D,CAAC;AACpG,OAAO,EAAC,YAAY,EAAC,MAAM,UAAU,CAAC;AACtC,OAAO,EAAC,kBAAkB,EAAC,MAAM,eAAe,CAAC;AACjD,OAAO,EAAC,UAAU,EAAC,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAC,mBAAmB,EAAO,MAAM,6CAA6C,CAAC;AACtF,OAAO,EAAC,aAAa,EAAE,gBAAgB,EAAE,YAAY,EAAC,MAAM,gCAAgC,CAAC;AAC7F,OAAO,EAAC,SAAS,EAAE,cAAc,EAAC,MAAM,8BAA8B,CAAC;AAEvE,OAAO,EAAC,mBAAmB,EAAE,mBAAmB,EAAE,kBAAkB,EAAC,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EAAC,WAAW,EAAC,MAAM,SAAS,CAAC;AAEpC,OAAO,EAAC,WAAW,EAAC,MAAM,SAAS,CAAC;AACpC,OAAO,EAAC,WAAW,EAAC,MAAM,SAAS,CAAC;AACpC,OAAO,EAAC,sBAAsB,EAAC,MAAM,+BAA+B,CAAC;AAErE,MAAM,MAAM,qBAAqB,GAAG,mBAAmB,CAAC;AAExD,oBAAY,MAAM;IAChB;;;OAGG;IACH,WAAW,gBAAgB;CAC5B;AAED,oBAAY,eAAe;IACzB,8EAA8E;IAC9E,MAAM,WAAW;IACjB,oCAAoC;IACpC,UAAU,eAAe;IACzB,mFAAmF;IACnF,wBAAwB,6BAA6B;IACrD,oGAAoG;IACpG,IAAI,SAAS;CACd;AAED,MAAM,MAAM,aAAa,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,KAAK,SAAS,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC,CAAC;AAEhH,UAAU,cAAc;IACtB,8FAA8F;IAC9F,WAAW,CAAC,EAAE,aAAa,CAAC;IAC5B,YAAY,CAAC,EAAE,YAAY,CAAC;IAE5B;;;;;;;;OAQG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;OAEG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC;AAED,KAAK,WAAW,GAAG;IACjB,2FAA2F;IAC3F,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAQF,KAAK,MAAM,GAAG;IACZ,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,SAAS,CAAC;CACjC,CAAC;AAEF,qBAAa,OAAQ,SAAQ,iBAAiB,CAAC,MAAM,CAAC;IAuClD,OAAO,CAAC,OAAO;IAtCjB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;IACxC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAmB;IACrD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAyB;IACtD,qIAAqI;IACrI,OAAO,CAAC,aAAa,CAAC,CAAmB;IACzC,OAAO,CAAC,WAAW,CAAC,CAAa;IACjC,OAAO,CAAC,EAAE,CAAC,CAAe;IAC1B,OAAO,CAAC,WAAW,CAAC,CAAsB;IAC1C,OAAO,CAAC,aAAa,CAAC,CAAgB;IAE/B,OAAO,CAAC,EAAE;QACf,GAAG,CAAC,EAAE,UAAU,CAAC;QACjB,WAAW,CAAC,EAAE,mBAAmB,CAAC;QAClC,OAAO,EAAE,cAAc,CAAC;QACxB,OAAO,EAAE,cAAc,CAAC;QACxB,KAAK,EAAE,YAAY,CAAC;QACpB,SAAS,EAAE,gBAAgB,CAAC;QAC5B,MAAM,EAAE,aAAa,CAAC;QACtB,UAAU,EAAE,iBAAiB,CAAC;QAC9B,YAAY,EAAE,mBAAmB,CAAC;QAClC,eAAe,EAAE,sBAAsB,CAAC;QACxC,KAAK,EAAE,YAAY,CAAC;QACpB,WAAW,EAAE,kBAAkB,CAAC;QAChC,YAAY,EAAE,mBAAmB,CAAC;QAClC,IAAI,EAAE,WAAW,CAAC;QAClB,IAAI,EAAE,WAAW,CAAC;QAClB,IAAI,EAAE,WAAW,CAAC;KACnB,CAAC;IACK,eAAe,EAAE,eAAe,CAAC;IACjC,sBAAsB,EAAE,sBAAsB,CAAC;IAEtD;;;OAGG;gBAED,SAAS,GAAE,SAA2B,EAC9B,OAAO,GAAE,cAAiC;IAoCpD;;;;;;;;;;;OAWG;IACU,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO;IAMvE,OAAO,CAAC,aAAa;YAKP,aAAa;IAUd,UAAU,CAAC,EACtB,WAAW,EACX,MAAM,EACN,MAAM,EACN,YAAY,EACZ,YAAY,GACb,EAAE;QACD,WAAW,EAAE,MAAM,CAAC;QACpB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB;;;;;;;;;IA8BD,IAAI,QAAQ,IAAI,MAAM,CAErB;IAED,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED;;;;;OAKG;IACU,QAAQ,CAAC,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAM3F;;;;OAIG;IACU,IAAI,CAAC,UAAU,EAAE,UAAU,EAAE,EAAC,MAAM,EAAC,GAAE,WAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;IAMvF;;;;;OAKG;IACU,KAAK,CAAC,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAU1D;;OAEG;IACU,cAAc,CACzB,SAAS,EAAE,SAAS,EACpB,UAAU,GAAE,UAA8B,EAC1C,WAAW,CAAC,EAAE,UAAU,GACvB,OAAO,CAAC,gBAAgB,CAAC;IAuB5B;;OAEG;YACW,aAAa;IAU3B;;;;OAIG;IACU,UAAU,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAC/D,UAAU,IAAI,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC;YAkClD,iBAAiB;IA2B/B;;;;;;OAMG;IACH,sBAAsB,CAAC,aAAa,EAAE,aAAa;IAItC,YAAY,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IA+E1D,OAAO,CAAC,YAAY;IAMpB;;;OAGG;IACU,MAAM,CAAC,SAAS,GAAE,OAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAU9D;;OAEG;YACW,IAAI;IAQlB;;;;;;OAMG;IACI,MAAM,CAAC,EACZ,OAAkB,EAClB,wBAAmC,EACnC,4BAAuC,EACvC,qBAAgC,EAChC,MAAc,GACf,GAAE;QACD;;;;WAIG;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,kBAAkB,KAAK,IAAI,CAAC;QAE7E;;WAEG;QACH,4BAA4B,CAAC,EAAE,CAAC,EAAC,IAAI,EAAE,KAAK,EAAC,EAAE;YAAC,IAAI,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAC,KAAK,IAAI,CAAC;QAEtF;;WAEG;QACH,wBAAwB,CAAC,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAC;QAE5D;;;;;;WAMG;QACH,qBAAqB,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;QAEzD;;WAEG;QACH,MAAM,CAAC,EAAE,OAAO,CAAC;KACb,GAAG,MAAM,IAAI;IA2FnB,OAAO,CAAC,cAAc;IAKtB,OAAO,CAAC,kBAAkB;IAI1B,OAAO,CAAC,uBAAuB;YAIjB,UAAU;IAuBxB,OAAO,CAAC,yBAAyB,CAS/B;CACH"}
|
package/lib/Account.js
CHANGED
|
@@ -187,7 +187,7 @@ class Account extends commons_1.TypedEventEmitter {
|
|
|
187
187
|
isFeatureEnabled: clientCanUseE2EI && teamCanUseE2EI,
|
|
188
188
|
};
|
|
189
189
|
}
|
|
190
|
-
async enrollE2EI({ displayName, handle, discoveryUrl, oAuthIdToken, }) {
|
|
190
|
+
async enrollE2EI({ displayName, handle, teamId, discoveryUrl, oAuthIdToken, }) {
|
|
191
191
|
var _a, _b, _c;
|
|
192
192
|
const context = this.apiClient.context;
|
|
193
193
|
const domain = (_a = context === null || context === void 0 ? void 0 : context.domain) !== null && _a !== void 0 ? _a : '';
|
|
@@ -195,13 +195,13 @@ class Account extends commons_1.TypedEventEmitter {
|
|
|
195
195
|
throw new Error('Client has not been initialized - please login first');
|
|
196
196
|
}
|
|
197
197
|
if (!((_b = this.service) === null || _b === void 0 ? void 0 : _b.mls) || !((_c = this.service) === null || _c === void 0 ? void 0 : _c.e2eIdentity)) {
|
|
198
|
-
|
|
199
|
-
return false;
|
|
198
|
+
throw new Error('MLS not initialized, unable to enroll E2EI');
|
|
200
199
|
}
|
|
201
200
|
const user = {
|
|
202
201
|
displayName,
|
|
203
202
|
handle,
|
|
204
203
|
domain,
|
|
204
|
+
teamId,
|
|
205
205
|
id: this.userId,
|
|
206
206
|
};
|
|
207
207
|
return this.service.mls.enrollE2EI(discoveryUrl, this.service.e2eIdentity, user, this.currentClient, this.options.nbPrekeys, oAuthIdToken);
|
package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { GetDirectoryReturnValue, GetInitialNonceReturnValue } from './AcmeService.types';
|
|
1
|
+
import { GetDirectoryReturnValue, GetInitialNonceReturnValue, PostJoseRequestReturnValue } from './AcmeService.types';
|
|
2
2
|
import { AcmeChallenge, AcmeDirectory } from '../../E2EIService.types';
|
|
3
3
|
export declare class AcmeService {
|
|
4
4
|
private discoveryUrl;
|
|
@@ -13,115 +13,83 @@ export declare class AcmeService {
|
|
|
13
13
|
getDirectory(): GetDirectoryReturnValue;
|
|
14
14
|
getLocalCertificateRoot(): Promise<string>;
|
|
15
15
|
getInitialNonce(url: AcmeDirectory['newNonce']): GetInitialNonceReturnValue;
|
|
16
|
-
createNewAccount(url: AcmeDirectory['newAccount'], payload: Uint8Array): Promise<{
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
status: string;
|
|
28
|
-
expires: string;
|
|
29
|
-
notBefore: string;
|
|
30
|
-
notAfter: string;
|
|
31
|
-
identifiers: {
|
|
32
|
-
type: string;
|
|
33
|
-
value: string;
|
|
34
|
-
}[];
|
|
35
|
-
authorizations: string[];
|
|
36
|
-
finalize: string;
|
|
37
|
-
};
|
|
38
|
-
nonce: string;
|
|
39
|
-
location?: string | undefined;
|
|
40
|
-
} | undefined>;
|
|
41
|
-
getAuthorization(url: string, payload: Uint8Array): Promise<{
|
|
42
|
-
data: {
|
|
43
|
-
status: string;
|
|
44
|
-
expires: string;
|
|
45
|
-
identifier: {
|
|
46
|
-
type: string;
|
|
47
|
-
value: string;
|
|
48
|
-
};
|
|
49
|
-
challenges: {
|
|
50
|
-
type: string;
|
|
51
|
-
url: string;
|
|
52
|
-
target: string;
|
|
53
|
-
status: string;
|
|
54
|
-
token: string;
|
|
55
|
-
}[];
|
|
56
|
-
};
|
|
57
|
-
nonce: string;
|
|
58
|
-
location?: string | undefined;
|
|
59
|
-
} | undefined>;
|
|
60
|
-
validateDpopChallenge(url: AcmeChallenge['url'], payload: Uint8Array): Promise<{
|
|
61
|
-
data: {
|
|
16
|
+
createNewAccount(url: AcmeDirectory['newAccount'], payload: Uint8Array): Promise<PostJoseRequestReturnValue<{
|
|
17
|
+
status: string;
|
|
18
|
+
orders: string;
|
|
19
|
+
contact: string[];
|
|
20
|
+
}>>;
|
|
21
|
+
createNewOrder(url: AcmeDirectory['newOrder'], payload: Uint8Array): Promise<PostJoseRequestReturnValue<{
|
|
22
|
+
status: string;
|
|
23
|
+
expires: string;
|
|
24
|
+
notBefore: string;
|
|
25
|
+
notAfter: string;
|
|
26
|
+
identifiers: {
|
|
62
27
|
type: string;
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
28
|
+
value: string;
|
|
29
|
+
}[];
|
|
30
|
+
authorizations: string[];
|
|
31
|
+
finalize: string;
|
|
32
|
+
}>>;
|
|
33
|
+
getAuthorization(url: string, payload: Uint8Array): Promise<PostJoseRequestReturnValue<{
|
|
34
|
+
status: string;
|
|
35
|
+
expires: string;
|
|
36
|
+
identifier: {
|
|
37
|
+
type: string;
|
|
38
|
+
value: string;
|
|
66
39
|
};
|
|
67
|
-
|
|
68
|
-
location?: string | undefined;
|
|
69
|
-
} | undefined>;
|
|
70
|
-
validateOidcChallenge(url: AcmeChallenge['url'], payload: Uint8Array): Promise<{
|
|
71
|
-
data: {
|
|
40
|
+
challenges: {
|
|
72
41
|
type: string;
|
|
73
42
|
url: string;
|
|
74
43
|
target: string;
|
|
75
44
|
status: string;
|
|
76
45
|
token: string;
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
} | undefined>;
|
|
46
|
+
}[];
|
|
47
|
+
}>>;
|
|
48
|
+
validateDpopChallenge(url: AcmeChallenge['url'], payload: Uint8Array): Promise<PostJoseRequestReturnValue<{
|
|
49
|
+
type: string;
|
|
50
|
+
url: string;
|
|
51
|
+
status: string;
|
|
52
|
+
token: string;
|
|
53
|
+
}>>;
|
|
54
|
+
validateOidcChallenge(url: AcmeChallenge['url'], payload: Uint8Array): Promise<PostJoseRequestReturnValue<{
|
|
55
|
+
type: string;
|
|
56
|
+
url: string;
|
|
57
|
+
target: string;
|
|
58
|
+
status: string;
|
|
59
|
+
token: string;
|
|
60
|
+
validated?: string | undefined;
|
|
61
|
+
error?: {
|
|
62
|
+
type: string;
|
|
63
|
+
detail: string;
|
|
64
|
+
} | undefined;
|
|
65
|
+
}>>;
|
|
66
|
+
checkStatusOfOrder(url: string, payload: Uint8Array): Promise<PostJoseRequestReturnValue<{
|
|
67
|
+
id: string;
|
|
68
|
+
status: string;
|
|
69
|
+
expires: string;
|
|
70
|
+
notBefore: string;
|
|
71
|
+
notAfter: string;
|
|
72
|
+
identifiers: {
|
|
73
|
+
type: string;
|
|
74
|
+
value: string;
|
|
75
|
+
}[];
|
|
76
|
+
authorizations: string[];
|
|
77
|
+
finalize: string;
|
|
78
|
+
}>>;
|
|
79
|
+
finalizeOrder(url: string, payload: Uint8Array): Promise<PostJoseRequestReturnValue<{
|
|
80
|
+
id: string;
|
|
81
|
+
certificate: string;
|
|
82
|
+
status: string;
|
|
83
|
+
expires: string;
|
|
84
|
+
notBefore: string;
|
|
85
|
+
notAfter: string;
|
|
86
|
+
identifiers: {
|
|
87
|
+
type: string;
|
|
88
|
+
value: string;
|
|
89
|
+
}[];
|
|
90
|
+
authorizations: string[];
|
|
91
|
+
finalize: string;
|
|
92
|
+
}>>;
|
|
93
|
+
getCertificate(url: string, payload: Uint8Array): Promise<PostJoseRequestReturnValue<string>>;
|
|
126
94
|
}
|
|
127
95
|
//# sourceMappingURL=AcmeService.d.ts.map
|
package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AcmeService.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.ts"],"names":[],"mappings":"AAsBA,OAAO,EACL,uBAAuB,EACvB,0BAA0B,
|
|
1
|
+
{"version":3,"file":"AcmeService.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.ts"],"names":[],"mappings":"AAsBA,OAAO,EACL,uBAAuB,EACvB,0BAA0B,EAE1B,0BAA0B,EAC3B,MAAM,qBAAqB,CAAC;AAkB7B,OAAO,EAAC,aAAa,EAAE,aAAa,EAAC,MAAM,yBAAyB,CAAC;AAErE,qBAAa,WAAW;IAOV,OAAO,CAAC,YAAY;IANhC,OAAO,CAAC,MAAM,CAAwC;IACtD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAiC;IAC/D,OAAO,CAAC,QAAQ,CAAC,GAAG,CAElB;gBAEkB,YAAY,EAAE,MAAM;IAExC,OAAO,KAAK,WAAW,GAGtB;IAID,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,eAAe;YAIT,eAAe;IAsBhB,YAAY,IAAI,uBAAuB;IAWvC,uBAAuB,IAAI,OAAO,CAAC,MAAM,CAAC;IAM1C,eAAe,CAAC,GAAG,EAAE,aAAa,CAAC,UAAU,CAAC,GAAG,0BAA0B;IAW3E,gBAAgB,CAAC,GAAG,EAAE,aAAa,CAAC,YAAY,CAAC,EAAE,OAAO,EAAE,UAAU;;;;;IAQtE,cAAc,CAAC,GAAG,EAAE,aAAa,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,UAAU;;;;;;;;;;;;IASlE,gBAAgB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU;;;;;;;;;;;;;;;IAQjD,qBAAqB,CAAC,GAAG,EAAE,aAAa,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,UAAU;;;;;;IAQpE,qBAAqB,CAAC,GAAG,EAAE,aAAa,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,UAAU;;;;;;;;;;;;IAQpE,kBAAkB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU;;;;;;;;;;;;;IAQnD,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU;;;;;;;;;;;;;;IAQ9C,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU;CAO7D"}
|
|
@@ -45,29 +45,19 @@ class AcmeService {
|
|
|
45
45
|
extractLocation(headers) {
|
|
46
46
|
return schema_1.ResponseHeaderLocationSchema.parse(headers).location;
|
|
47
47
|
}
|
|
48
|
-
async postJoseRequest({ payload, schema, url,
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
return {
|
|
62
|
-
data: accountData,
|
|
63
|
-
nonce,
|
|
64
|
-
location,
|
|
65
|
-
};
|
|
66
|
-
}
|
|
67
|
-
catch (e) {
|
|
68
|
-
this.logger.error(errorMessage, e);
|
|
69
|
-
return undefined;
|
|
70
|
-
}
|
|
48
|
+
async postJoseRequest({ payload, schema, url, shouldGetLocation = false, }) {
|
|
49
|
+
const { data, headers } = await this.axiosInstance.post(url, payload, {
|
|
50
|
+
headers: {
|
|
51
|
+
'Content-Type': 'application/jose+json',
|
|
52
|
+
},
|
|
53
|
+
});
|
|
54
|
+
const nonce = this.extractNonce(headers);
|
|
55
|
+
const accountData = schema.parse(data);
|
|
56
|
+
return {
|
|
57
|
+
data: accountData,
|
|
58
|
+
nonce,
|
|
59
|
+
location: shouldGetLocation ? this.extractLocation(headers) : undefined,
|
|
60
|
+
};
|
|
71
61
|
}
|
|
72
62
|
// ############ Public Functions ############
|
|
73
63
|
async getDirectory() {
|
|
@@ -99,7 +89,6 @@ class AcmeService {
|
|
|
99
89
|
}
|
|
100
90
|
async createNewAccount(url, payload) {
|
|
101
91
|
return this.postJoseRequest({
|
|
102
|
-
errorMessage: 'Error while creating new Account',
|
|
103
92
|
payload,
|
|
104
93
|
schema: schema_1.NewAccountResponseSchema,
|
|
105
94
|
url,
|
|
@@ -107,7 +96,6 @@ class AcmeService {
|
|
|
107
96
|
}
|
|
108
97
|
async createNewOrder(url, payload) {
|
|
109
98
|
return this.postJoseRequest({
|
|
110
|
-
errorMessage: 'Error while creating new Order',
|
|
111
99
|
payload,
|
|
112
100
|
schema: schema_1.NewOrderResponseSchema,
|
|
113
101
|
url,
|
|
@@ -116,7 +104,6 @@ class AcmeService {
|
|
|
116
104
|
}
|
|
117
105
|
async getAuthorization(url, payload) {
|
|
118
106
|
return this.postJoseRequest({
|
|
119
|
-
errorMessage: 'Error while receiving Authorization',
|
|
120
107
|
payload,
|
|
121
108
|
schema: schema_1.AuthorizationResponseSchema,
|
|
122
109
|
url,
|
|
@@ -124,7 +111,6 @@ class AcmeService {
|
|
|
124
111
|
}
|
|
125
112
|
async validateDpopChallenge(url, payload) {
|
|
126
113
|
return this.postJoseRequest({
|
|
127
|
-
errorMessage: 'Error while validating DPOP challenge',
|
|
128
114
|
payload,
|
|
129
115
|
schema: schema_1.DpopChallengeResponseSchema,
|
|
130
116
|
url,
|
|
@@ -132,7 +118,6 @@ class AcmeService {
|
|
|
132
118
|
}
|
|
133
119
|
async validateOidcChallenge(url, payload) {
|
|
134
120
|
return this.postJoseRequest({
|
|
135
|
-
errorMessage: 'Error while validating OIDC challenge',
|
|
136
121
|
payload,
|
|
137
122
|
schema: schema_1.OidcChallengeResponseSchema,
|
|
138
123
|
url,
|
|
@@ -140,7 +125,6 @@ class AcmeService {
|
|
|
140
125
|
}
|
|
141
126
|
async checkStatusOfOrder(url, payload) {
|
|
142
127
|
return this.postJoseRequest({
|
|
143
|
-
errorMessage: 'Error while checking status of Order',
|
|
144
128
|
payload,
|
|
145
129
|
schema: schema_1.CheckStatusOfOrderResponseSchema,
|
|
146
130
|
url,
|
|
@@ -148,7 +132,6 @@ class AcmeService {
|
|
|
148
132
|
}
|
|
149
133
|
async finalizeOrder(url, payload) {
|
|
150
134
|
return this.postJoseRequest({
|
|
151
|
-
errorMessage: 'Error while finalizing Order',
|
|
152
135
|
payload,
|
|
153
136
|
schema: schema_1.FinalizeOrderResponseSchema,
|
|
154
137
|
url,
|
|
@@ -156,7 +139,6 @@ class AcmeService {
|
|
|
156
139
|
}
|
|
157
140
|
async getCertificate(url, payload) {
|
|
158
141
|
return this.postJoseRequest({
|
|
159
|
-
errorMessage: 'Error while receiving Certificate',
|
|
160
142
|
payload,
|
|
161
143
|
schema: schema_1.GetCertificateResponseSchema,
|
|
162
144
|
url,
|
package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.types.d.ts
CHANGED
|
@@ -6,12 +6,11 @@ export interface PostJoseRequestParams<T> {
|
|
|
6
6
|
url: string;
|
|
7
7
|
payload: Uint8Array;
|
|
8
8
|
schema: ZodSchema<T>;
|
|
9
|
-
errorMessage: string;
|
|
10
9
|
shouldGetLocation?: boolean;
|
|
11
10
|
}
|
|
12
|
-
export type PostJoseRequestReturnValue<T> =
|
|
11
|
+
export type PostJoseRequestReturnValue<T> = {
|
|
13
12
|
data: T;
|
|
14
13
|
nonce: Nonce;
|
|
15
14
|
location?: string;
|
|
16
|
-
}
|
|
15
|
+
};
|
|
17
16
|
//# sourceMappingURL=AcmeService.types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AcmeService.types.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,KAAK,CAAC;AAE9B,OAAO,EAAC,KAAK,EAAC,MAAM,yBAAyB,CAAC;AAE9C,MAAM,MAAM,uBAAuB,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC,CAAC;AAEtE,MAAM,MAAM,0BAA0B,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;AAErE,MAAM,WAAW,qBAAqB,CAAC,CAAC;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,UAAU,CAAC;IACpB,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACrB,
|
|
1
|
+
{"version":3,"file":"AcmeService.types.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,KAAK,CAAC;AAE9B,OAAO,EAAC,KAAK,EAAC,MAAM,yBAAyB,CAAC;AAE9C,MAAM,MAAM,uBAAuB,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC,CAAC;AAEtE,MAAM,MAAM,0BAA0B,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;AAErE,MAAM,WAAW,qBAAqB,CAAC,CAAC;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,UAAU,CAAC;IACpB,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACrB,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AACD,MAAM,MAAM,0BAA0B,CAAC,CAAC,IAAI;IAC1C,IAAI,EAAE,CAAC,CAAC;IACR,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC"}
|
|
@@ -7,7 +7,7 @@ import { E2EIServiceExternal } from './E2EIServiceExternal';
|
|
|
7
7
|
type OmitFree<T> = Omit<T, 'free'>;
|
|
8
8
|
type NewAcmeAuthzOriginal = OmitFree<Awaited<ReturnType<E2eiEnrollment['newAuthzResponse']>>>;
|
|
9
9
|
export type AcmeDirectory = OmitFree<Awaited<ReturnType<E2eiEnrollment['directoryResponse']>>>;
|
|
10
|
-
export type AcmeChallenge = OmitFree<NonNullable<NewAcmeAuthzOriginal['
|
|
10
|
+
export type AcmeChallenge = OmitFree<NonNullable<NewAcmeAuthzOriginal['wireOidcChallenge']>>;
|
|
11
11
|
export type NewAcmeOrder = OmitFree<Awaited<ReturnType<E2eiEnrollment['newOrderResponse']>>>;
|
|
12
12
|
export type NewAcmeAuthz = Pick<Awaited<ReturnType<E2eiEnrollment['newAuthzResponse']>>, 'identifier' | 'keyauth'> & {
|
|
13
13
|
wireDpopChallenge?: AcmeChallenge;
|
|
@@ -18,6 +18,7 @@ export type User = {
|
|
|
18
18
|
id: string;
|
|
19
19
|
domain: string;
|
|
20
20
|
displayName: string;
|
|
21
|
+
teamId: string;
|
|
21
22
|
handle: string;
|
|
22
23
|
};
|
|
23
24
|
export type Account = Uint8Array;
|
|
@@ -41,8 +42,4 @@ export interface InitParams {
|
|
|
41
42
|
discoveryUrl?: string;
|
|
42
43
|
keyPackagesAmount: number;
|
|
43
44
|
}
|
|
44
|
-
export interface StartNewOAuthFlowReturnValue {
|
|
45
|
-
challenge: AcmeChallenge;
|
|
46
|
-
keyAuth: KeyAuth;
|
|
47
|
-
}
|
|
48
45
|
//# sourceMappingURL=E2EIService.types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"E2EIService.types.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIService.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EACL,cAAc,EACd,WAAW,EACX,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,qBAAqB,EACrB,cAAc,EACf,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAC,mBAAmB,EAAC,MAAM,uBAAuB,CAAC;AAE1D;;GAEG;AACH,KAAK,QAAQ,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AACnC,KAAK,oBAAoB,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9F,MAAM,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;AAC/F,MAAM,MAAM,aAAa,GAAG,QAAQ,CAAC,WAAW,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;AAC7F,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7F,MAAM,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,YAAY,GAAG,SAAS,CAAC,GAAG;IACnH,iBAAiB,CAAC,EAAE,aAAa,CAAC;IAClC,iBAAiB,CAAC,EAAE,aAAa,CAAC;CACnC,CAAC;AACF,OAAO,EAAC,cAAc,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,qBAAqB,EAAE,cAAc,EAAC,CAAC;AAEpH,MAAM,MAAM,IAAI,GAAG;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AACF,MAAM,MAAM,OAAO,GAAG,UAAU,CAAC;AACjC,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC;AAC3B,MAAM,MAAM,OAAO,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;AAEtD,MAAM,WAAW,yBAAyB;IACxC,aAAa,EAAE,aAAa,CAAC;IAC7B,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,uBAAuB;IACtC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,SAAS,CAAC;IACrB,eAAe,EAAE,UAAU,CAAC;IAC5B,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,IAAI,CAAC,EAAE,IAAI,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;CAC3B
|
|
1
|
+
{"version":3,"file":"E2EIService.types.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIService.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EACL,cAAc,EACd,WAAW,EACX,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,qBAAqB,EACrB,cAAc,EACf,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAC,mBAAmB,EAAC,MAAM,uBAAuB,CAAC;AAE1D;;GAEG;AACH,KAAK,QAAQ,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AACnC,KAAK,oBAAoB,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9F,MAAM,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;AAC/F,MAAM,MAAM,aAAa,GAAG,QAAQ,CAAC,WAAW,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;AAC7F,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7F,MAAM,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,YAAY,GAAG,SAAS,CAAC,GAAG;IACnH,iBAAiB,CAAC,EAAE,aAAa,CAAC;IAClC,iBAAiB,CAAC,EAAE,aAAa,CAAC;CACnC,CAAC;AACF,OAAO,EAAC,cAAc,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,qBAAqB,EAAE,cAAc,EAAC,CAAC;AAEpH,MAAM,MAAM,IAAI,GAAG;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AACF,MAAM,MAAM,OAAO,GAAG,UAAU,CAAC;AACjC,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC;AAC3B,MAAM,MAAM,OAAO,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;AAEtD,MAAM,WAAW,yBAAyB;IACxC,aAAa,EAAE,aAAa,CAAC;IAC7B,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,uBAAuB;IACtC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,SAAS,CAAC;IACrB,eAAe,EAAE,UAAU,CAAC;IAC5B,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,IAAI,CAAC,EAAE,IAAI,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;CAC3B"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { InitParams, RotateBundle
|
|
2
|
-
declare class E2EIServiceInternal {
|
|
1
|
+
import { InitParams, RotateBundle } from './E2EIService.types';
|
|
2
|
+
export declare class E2EIServiceInternal {
|
|
3
3
|
private static instance;
|
|
4
4
|
private readonly logger;
|
|
5
5
|
private readonly coreCryptoClient;
|
|
@@ -11,10 +11,12 @@ declare class E2EIServiceInternal {
|
|
|
11
11
|
private isInitialized;
|
|
12
12
|
private constructor();
|
|
13
13
|
static getInstance(params?: InitParams): Promise<E2EIServiceInternal>;
|
|
14
|
-
startCertificateProcess(hasActiveCertificate: boolean): Promise<
|
|
14
|
+
startCertificateProcess(hasActiveCertificate: boolean): Promise<{
|
|
15
|
+
challenge: import("./E2EIService.types").AcmeChallenge;
|
|
16
|
+
keyAuth: string;
|
|
17
|
+
}>;
|
|
15
18
|
continueCertificateProcess(oAuthIdToken: string): Promise<RotateBundle | undefined>;
|
|
16
19
|
private initIdentity;
|
|
17
|
-
private exitWithError;
|
|
18
20
|
private init;
|
|
19
21
|
private getDirectory;
|
|
20
22
|
private getInitialNonce;
|
|
@@ -24,7 +26,7 @@ declare class E2EIServiceInternal {
|
|
|
24
26
|
*
|
|
25
27
|
* @returns authData
|
|
26
28
|
*/
|
|
27
|
-
private
|
|
29
|
+
private getEnrollmentChallenges;
|
|
28
30
|
/**
|
|
29
31
|
* Continuation of the ACME enrollment flow
|
|
30
32
|
* Needs to be called after the user has authenticated with the OIDC provider
|
|
@@ -53,7 +55,6 @@ declare class E2EIServiceInternal {
|
|
|
53
55
|
* @param oAuthIdToken
|
|
54
56
|
* @returns
|
|
55
57
|
*/
|
|
56
|
-
startRefreshCertficateFlow(oAuthIdToken: string, hasActiveCertificate: boolean): Promise<RotateBundle
|
|
58
|
+
startRefreshCertficateFlow(oAuthIdToken: string, hasActiveCertificate: boolean): Promise<RotateBundle>;
|
|
57
59
|
}
|
|
58
|
-
export { E2EIServiceInternal };
|
|
59
60
|
//# sourceMappingURL=E2EIServiceInternal.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"E2EIServiceInternal.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts"],"names":[],"mappings":"AAyBA,OAAO,
|
|
1
|
+
{"version":3,"file":"E2EIServiceInternal.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts"],"names":[],"mappings":"AAyBA,OAAO,EAAyD,UAAU,EAAE,YAAY,EAAC,MAAM,qBAAqB,CAAC;AAYrH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAsB;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuD;IAC9E,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAa;IAC9C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAsB;IACzD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,CAAiB;IAClC,OAAO,CAAC,WAAW,CAAC,CAAc;IAClC,OAAO,CAAC,aAAa,CAAS;IAE9B,OAAO;WAea,WAAW,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAwBrE,uBAAuB,CAAC,oBAAoB,EAAE,OAAO;;;;IAOrD,0BAA0B,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;YAUlF,YAAY;YA0BZ,IAAI;YAUJ,YAAY;YAUZ,eAAe;IAQ7B;;;;;OAKG;YACW,uBAAuB;IAiDrC;;;;;;;OAOG;YACW,sCAAsC;IAgEpD;;;OAGG;YACW,iBAAiB;IAwB/B;;;;;;OAMG;YACW,iBAAiB;IAe/B;;;;;OAKG;IACU,0BAA0B,CAAC,YAAY,EAAE,MAAM,EAAE,oBAAoB,EAAE,OAAO;CAa5F"}
|
|
@@ -66,27 +66,15 @@ class E2EIServiceInternal {
|
|
|
66
66
|
async startCertificateProcess(hasActiveCertificate) {
|
|
67
67
|
// Step 0: Check if we have a handle in local storage
|
|
68
68
|
// If we don't have a handle, we need to start a new OAuth flow
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
await this.initIdentity(hasActiveCertificate);
|
|
72
|
-
return this.startNewOAuthFlow();
|
|
73
|
-
}
|
|
74
|
-
catch (error) {
|
|
75
|
-
return this.exitWithError('Error while trying to start OAuth flow with error:', error);
|
|
76
|
-
}
|
|
69
|
+
await this.initIdentity(hasActiveCertificate);
|
|
70
|
+
return this.startNewOAuthFlow();
|
|
77
71
|
}
|
|
78
72
|
async continueCertificateProcess(oAuthIdToken) {
|
|
79
73
|
// If we don't have a handle, we need to start a new OAuth flow
|
|
80
74
|
if (this.e2eServiceExternal.isEnrollmentInProgress()) {
|
|
81
|
-
|
|
82
|
-
return this.continueOAuthFlow(oAuthIdToken);
|
|
83
|
-
}
|
|
84
|
-
catch (error) {
|
|
85
|
-
return this.exitWithError('Error while trying to continue OAuth flow with error:', error);
|
|
86
|
-
}
|
|
75
|
+
return this.continueOAuthFlow(oAuthIdToken);
|
|
87
76
|
}
|
|
88
|
-
|
|
89
|
-
return undefined;
|
|
77
|
+
throw new Error('Error while trying to continue OAuth flow. No enrollment in progress found');
|
|
90
78
|
}
|
|
91
79
|
// ############ Internal Functions ############
|
|
92
80
|
async initIdentity(hasActiveCertificate) {
|
|
@@ -95,63 +83,35 @@ class E2EIServiceInternal {
|
|
|
95
83
|
const expiryDays = 90;
|
|
96
84
|
const ciphersuite = E2EIService_types_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519;
|
|
97
85
|
if (hasActiveCertificate) {
|
|
98
|
-
|
|
99
|
-
this.identity = await this.coreCryptoClient.e2eiNewRotateEnrollment(expiryDays, ciphersuite, user.displayName, user.handle);
|
|
100
|
-
}
|
|
101
|
-
catch (error) {
|
|
102
|
-
this.logger.error('Error while trying to initIdentity e2eiNewRotateEnrollment', error);
|
|
103
|
-
throw error;
|
|
104
|
-
}
|
|
86
|
+
this.identity = await this.coreCryptoClient.e2eiNewRotateEnrollment(expiryDays, ciphersuite, user.displayName, user.handle, user.teamId);
|
|
105
87
|
}
|
|
106
88
|
else {
|
|
107
|
-
this.identity = await this.coreCryptoClient.e2eiNewActivationEnrollment(user.displayName, user.handle, expiryDays, ciphersuite);
|
|
89
|
+
this.identity = await this.coreCryptoClient.e2eiNewActivationEnrollment(user.displayName, user.handle, expiryDays, ciphersuite, user.teamId);
|
|
108
90
|
}
|
|
109
91
|
}
|
|
110
|
-
exitWithError(message, error) {
|
|
111
|
-
this.logger.error(message, error);
|
|
112
|
-
return undefined;
|
|
113
|
-
}
|
|
114
92
|
async init(params) {
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
throw new Error();
|
|
120
|
-
}
|
|
121
|
-
this.acmeService = new AcmeServer_1.AcmeService(discoveryUrl);
|
|
122
|
-
this.isInitialized = true;
|
|
123
|
-
}
|
|
124
|
-
catch (error) {
|
|
125
|
-
this.logger.error('Error while trying to initialize E2eIdentityService', error);
|
|
126
|
-
throw error;
|
|
93
|
+
const { user, clientId, discoveryUrl } = params;
|
|
94
|
+
if (!user || !clientId) {
|
|
95
|
+
this.logger.error('user and clientId are required to initialize E2eIdentityService');
|
|
96
|
+
throw new Error();
|
|
127
97
|
}
|
|
98
|
+
this.acmeService = new AcmeServer_1.AcmeService(discoveryUrl);
|
|
99
|
+
this.isInitialized = true;
|
|
128
100
|
}
|
|
129
101
|
async getDirectory(identity, connection) {
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
return parsedDirectory;
|
|
135
|
-
}
|
|
136
|
-
}
|
|
137
|
-
catch (error) {
|
|
138
|
-
this.logger.error('Error while trying to receive a directory', error);
|
|
139
|
-
throw error;
|
|
102
|
+
const directory = await connection.getDirectory();
|
|
103
|
+
if (directory) {
|
|
104
|
+
const parsedDirectory = identity.directoryResponse(directory);
|
|
105
|
+
return parsedDirectory;
|
|
140
106
|
}
|
|
141
107
|
return undefined;
|
|
142
108
|
}
|
|
143
109
|
async getInitialNonce(directory, connection) {
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
if (nonce) {
|
|
147
|
-
return nonce;
|
|
148
|
-
}
|
|
110
|
+
const nonce = await connection.getInitialNonce(directory.newNonce);
|
|
111
|
+
if (!nonce) {
|
|
149
112
|
throw new Error('No initial-nonce received');
|
|
150
113
|
}
|
|
151
|
-
|
|
152
|
-
this.logger.error('Error while trying to receive a nonce', error);
|
|
153
|
-
throw error;
|
|
154
|
-
}
|
|
114
|
+
return nonce;
|
|
155
115
|
}
|
|
156
116
|
/**
|
|
157
117
|
* Start of the ACME enrollment flow
|
|
@@ -159,7 +119,7 @@ class E2EIServiceInternal {
|
|
|
159
119
|
*
|
|
160
120
|
* @returns authData
|
|
161
121
|
*/
|
|
162
|
-
async
|
|
122
|
+
async getEnrollmentChallenges() {
|
|
163
123
|
if (!this.isInitialized || !this.identity || !this.acmeService) {
|
|
164
124
|
throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
|
|
165
125
|
}
|
|
@@ -173,31 +133,32 @@ class E2EIServiceInternal {
|
|
|
173
133
|
if (!nonce) {
|
|
174
134
|
throw new Error('Error while trying to start OAuth flow. No nonce received');
|
|
175
135
|
}
|
|
136
|
+
const { acmeService, identity } = this;
|
|
176
137
|
// Step 2: Create a new account
|
|
177
138
|
const newAccountNonce = await (0, Account_1.createNewAccount)({
|
|
178
|
-
connection:
|
|
139
|
+
connection: acmeService,
|
|
179
140
|
directory,
|
|
180
|
-
identity
|
|
141
|
+
identity,
|
|
181
142
|
nonce,
|
|
182
143
|
});
|
|
183
144
|
// Step 3: Create a new order
|
|
184
145
|
const orderData = await (0, Order_1.createNewOrder)({
|
|
185
146
|
directory,
|
|
186
|
-
connection:
|
|
187
|
-
identity
|
|
147
|
+
connection: acmeService,
|
|
148
|
+
identity,
|
|
188
149
|
nonce: newAccountNonce,
|
|
189
150
|
});
|
|
190
151
|
// Step 4: Get authorization challenges
|
|
191
|
-
const
|
|
192
|
-
connection:
|
|
193
|
-
identity:
|
|
194
|
-
authzUrl: orderData.
|
|
152
|
+
const authChallenges = await (0, Authorization_1.getAuthorizationChallenges)({
|
|
153
|
+
connection: acmeService,
|
|
154
|
+
identity: identity,
|
|
155
|
+
authzUrl: orderData.authzUrls[0],
|
|
195
156
|
nonce: orderData.nonce,
|
|
196
157
|
});
|
|
197
158
|
// Store the values in local storage for later use (e.g. in the continue flow)
|
|
198
|
-
E2EIStorage_1.E2EIStorage.store.authData(
|
|
159
|
+
E2EIStorage_1.E2EIStorage.store.authData(authChallenges);
|
|
199
160
|
E2EIStorage_1.E2EIStorage.store.orderData({ orderUrl: orderData.orderUrl });
|
|
200
|
-
return
|
|
161
|
+
return authChallenges;
|
|
201
162
|
}
|
|
202
163
|
/**
|
|
203
164
|
* Continuation of the ACME enrollment flow
|
|
@@ -207,14 +168,10 @@ class E2EIServiceInternal {
|
|
|
207
168
|
* @param oAuthIdToken
|
|
208
169
|
* @returns RotateBundle
|
|
209
170
|
*/
|
|
210
|
-
async getRotateBundleAndStoreCertificateData(oAuthIdToken) {
|
|
171
|
+
async getRotateBundleAndStoreCertificateData(oAuthIdToken, authData) {
|
|
211
172
|
if (!this.isInitialized || !this.identity || !this.acmeService) {
|
|
212
173
|
throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
|
|
213
174
|
}
|
|
214
|
-
const authData = E2EIStorage_1.E2EIStorage.get.authData();
|
|
215
|
-
if (!authData.authorization.wireOidcChallenge) {
|
|
216
|
-
throw new Error('Error while trying to continue OAuth flow. No wireOidcChallenge received');
|
|
217
|
-
}
|
|
218
175
|
// Step 7: Do OIDC client challenge
|
|
219
176
|
const oidcData = await (0, OidcChallenge_1.doWireOidcChallenge)({
|
|
220
177
|
coreCryptoClient: this.coreCryptoClient,
|
|
@@ -266,13 +223,7 @@ class E2EIServiceInternal {
|
|
|
266
223
|
throw new Error('Error while trying to continue OAuth flow. No certificate received');
|
|
267
224
|
}
|
|
268
225
|
// Step 10: Initialize MLS with the certificate
|
|
269
|
-
|
|
270
|
-
return await this.coreCryptoClient.e2eiRotateAll(this.identity, certificate, this.keyPackagesAmount);
|
|
271
|
-
}
|
|
272
|
-
catch (error) {
|
|
273
|
-
this.logger.error('Error while e2eiRotateAll', error);
|
|
274
|
-
throw error;
|
|
275
|
-
}
|
|
226
|
+
return this.coreCryptoClient.e2eiRotateAll(this.identity, certificate, this.keyPackagesAmount);
|
|
276
227
|
}
|
|
277
228
|
/**
|
|
278
229
|
* This function starts a new ACME enrollment flow for either a new client
|
|
@@ -280,23 +231,21 @@ class E2EIServiceInternal {
|
|
|
280
231
|
*/
|
|
281
232
|
async startNewOAuthFlow() {
|
|
282
233
|
if (this.e2eServiceExternal.isEnrollmentInProgress()) {
|
|
283
|
-
|
|
234
|
+
throw new Error('Error while trying to start OAuth flow. There is already a flow in progress');
|
|
284
235
|
}
|
|
285
236
|
if (!this.isInitialized || !this.identity) {
|
|
286
|
-
|
|
237
|
+
throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
|
|
287
238
|
}
|
|
288
|
-
const {
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
if (wireOidcChallenge && keyauth) {
|
|
292
|
-
// stash the identity for later use
|
|
293
|
-
const handle = await this.coreCryptoClient.e2eiEnrollmentStash(this.identity);
|
|
294
|
-
// stash the handle in local storage
|
|
295
|
-
E2EIStorage_1.E2EIStorage.store.handle(bazinga64_1.Encoder.toBase64(handle).asString);
|
|
296
|
-
// we need to pass back the aquired wireOidcChallenge to the UI
|
|
297
|
-
return { challenge: wireOidcChallenge, keyAuth: keyauth };
|
|
239
|
+
const { authorization: { wireOidcChallenge, keyauth }, } = await this.getEnrollmentChallenges();
|
|
240
|
+
if (!wireOidcChallenge || !keyauth) {
|
|
241
|
+
throw new Error('missing wireOidcChallenge or keyauth');
|
|
298
242
|
}
|
|
299
|
-
|
|
243
|
+
// stash the identity for later use
|
|
244
|
+
const handle = await this.coreCryptoClient.e2eiEnrollmentStash(this.identity);
|
|
245
|
+
// stash the handle in local storage
|
|
246
|
+
E2EIStorage_1.E2EIStorage.store.handle(bazinga64_1.Encoder.toBase64(handle).asString);
|
|
247
|
+
// we need to pass back the aquired wireOidcChallenge to the UI
|
|
248
|
+
return { challenge: wireOidcChallenge, keyAuth: keyauth };
|
|
300
249
|
}
|
|
301
250
|
/**
|
|
302
251
|
* This function continues an ACME flow for either a new client
|
|
@@ -307,19 +256,14 @@ class E2EIServiceInternal {
|
|
|
307
256
|
*/
|
|
308
257
|
async continueOAuthFlow(oAuthIdToken) {
|
|
309
258
|
// If we have a handle, the user has already started the process to authenticate with the OIDC provider. We can continue the flow.
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
return this.exitWithError('Error while trying to continue OAuth flow. AcmeService is not initialized');
|
|
313
|
-
}
|
|
314
|
-
const handle = E2EIStorage_1.E2EIStorage.get.handle();
|
|
315
|
-
this.identity = await this.coreCryptoClient.e2eiEnrollmentStashPop(bazinga64_1.Decoder.fromBase64(handle).asBytes);
|
|
316
|
-
this.logger.log('retrieved identity from stash');
|
|
317
|
-
return await this.getRotateBundleAndStoreCertificateData(oAuthIdToken);
|
|
318
|
-
}
|
|
319
|
-
catch (error) {
|
|
320
|
-
this.logger.error('Error while trying to continue OAuth flow', error);
|
|
321
|
-
throw error;
|
|
259
|
+
if (!this.acmeService) {
|
|
260
|
+
throw new Error('Error while trying to continue OAuth flow. AcmeService is not initialized');
|
|
322
261
|
}
|
|
262
|
+
const handle = E2EIStorage_1.E2EIStorage.get.handle();
|
|
263
|
+
const authData = E2EIStorage_1.E2EIStorage.get.authData();
|
|
264
|
+
this.identity = await this.coreCryptoClient.e2eiEnrollmentStashPop(bazinga64_1.Decoder.fromBase64(handle).asBytes);
|
|
265
|
+
this.logger.log('retrieved identity from stash');
|
|
266
|
+
return this.getRotateBundleAndStoreCertificateData(oAuthIdToken, authData);
|
|
323
267
|
}
|
|
324
268
|
/**
|
|
325
269
|
* This function starts a ACME refresh flow for an existing client with a valid refresh token
|
|
@@ -329,19 +273,13 @@ class E2EIServiceInternal {
|
|
|
329
273
|
*/
|
|
330
274
|
async startRefreshCertficateFlow(oAuthIdToken, hasActiveCertificate) {
|
|
331
275
|
// we dont have an oauth flow since we already get the oAuthIdToken from the client
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
return this.exitWithError('Error while trying to continue OAuth flow. AcmeService is not initialized');
|
|
335
|
-
}
|
|
336
|
-
// We need to initialize the identity
|
|
337
|
-
await this.initIdentity(hasActiveCertificate);
|
|
338
|
-
await this.getAndStoreInitialEnrollmentData();
|
|
339
|
-
return await this.getRotateBundleAndStoreCertificateData(oAuthIdToken);
|
|
340
|
-
}
|
|
341
|
-
catch (error) {
|
|
342
|
-
this.logger.error('Error while trying do the certificate refresh flow', error);
|
|
343
|
-
throw error;
|
|
276
|
+
if (!this.acmeService) {
|
|
277
|
+
throw new Error('Error while trying to continue OAuth flow. AcmeService is not initialized');
|
|
344
278
|
}
|
|
279
|
+
// We need to initialize the identity
|
|
280
|
+
await this.initIdentity(hasActiveCertificate);
|
|
281
|
+
const authData = await this.getEnrollmentChallenges();
|
|
282
|
+
return this.getRotateBundleAndStoreCertificateData(oAuthIdToken, authData);
|
|
345
283
|
}
|
|
346
284
|
}
|
|
347
285
|
exports.E2EIServiceInternal = E2EIServiceInternal;
|
|
@@ -6,10 +6,10 @@ interface GetAuthorizationParams {
|
|
|
6
6
|
identity: E2eiEnrollment;
|
|
7
7
|
connection: AcmeService;
|
|
8
8
|
}
|
|
9
|
-
export type
|
|
9
|
+
export type AuthorizationChallenge = {
|
|
10
10
|
authorization: NewAcmeAuthz;
|
|
11
11
|
nonce: Nonce;
|
|
12
12
|
};
|
|
13
|
-
export declare const
|
|
13
|
+
export declare const getAuthorizationChallenges: ({ authzUrl, nonce, identity, connection, }: GetAuthorizationParams) => Promise<AuthorizationChallenge>;
|
|
14
14
|
export {};
|
|
15
15
|
//# sourceMappingURL=Authorization.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Authorization.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGzE,UAAU,sBAAsB;IAC9B,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,
|
|
1
|
+
{"version":3,"file":"Authorization.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGzE,UAAU,sBAAsB;IAC9B,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,sBAAsB,GAAG;IAAC,aAAa,EAAE,YAAY,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAC,CAAC;AAEjF,eAAO,MAAM,0BAA0B,+CAKpC,sBAAsB,KAAG,QAAQ,sBAAsB,CA4BzD,CAAC"}
|
|
@@ -18,9 +18,9 @@
|
|
|
18
18
|
*
|
|
19
19
|
*/
|
|
20
20
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
21
|
-
exports.
|
|
21
|
+
exports.getAuthorizationChallenges = void 0;
|
|
22
22
|
const Helper_1 = require("../Helper");
|
|
23
|
-
const
|
|
23
|
+
const getAuthorizationChallenges = async ({ authzUrl, nonce, identity, connection, }) => {
|
|
24
24
|
const reqBody = await identity.newAuthzRequest(authzUrl, nonce);
|
|
25
25
|
const response = await connection.getAuthorization(authzUrl, reqBody);
|
|
26
26
|
if ((response === null || response === void 0 ? void 0 : response.data) && !!response.data.status.length && !!response.nonce.length) {
|
|
@@ -47,4 +47,4 @@ const getAuthorization = async ({ authzUrl, nonce, identity, connection, }) => {
|
|
|
47
47
|
}
|
|
48
48
|
throw new Error('No authorization-data received');
|
|
49
49
|
};
|
|
50
|
-
exports.
|
|
50
|
+
exports.getAuthorizationChallenges = getAuthorizationChallenges;
|
package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts
CHANGED
|
@@ -1,12 +1,8 @@
|
|
|
1
1
|
import { DoWireDpopChallengeParams } from './DpopChallenge.types';
|
|
2
|
-
export declare const doWireDpopChallenge: ({ apiClient, clientId, authData, identity, nonce, connection, expirySecs, userDomain, }: DoWireDpopChallengeParams) => Promise<{
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
};
|
|
9
|
-
nonce: string;
|
|
10
|
-
location?: string | undefined;
|
|
11
|
-
}>;
|
|
2
|
+
export declare const doWireDpopChallenge: ({ apiClient, clientId, authData, identity, nonce, connection, expirySecs, userDomain, }: DoWireDpopChallengeParams) => Promise<import("../../Connection/AcmeServer/AcmeService.types").PostJoseRequestReturnValue<{
|
|
3
|
+
type: string;
|
|
4
|
+
url: string;
|
|
5
|
+
status: string;
|
|
6
|
+
token: string;
|
|
7
|
+
}>>;
|
|
12
8
|
//# sourceMappingURL=DpopChallenge.d.ts.map
|
package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DpopChallenge.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,yBAAyB,EAAmD,MAAM,uBAAuB,CAAC;AA6BlH,eAAO,MAAM,mBAAmB,4FAS7B,yBAAyB
|
|
1
|
+
{"version":3,"file":"DpopChallenge.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,yBAAyB,EAAmD,MAAM,uBAAuB,CAAC;AA6BlH,eAAO,MAAM,mBAAmB,4FAS7B,yBAAyB;;;;;GA+B3B,CAAC"}
|
package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.d.ts
CHANGED
|
@@ -2,12 +2,12 @@ import { APIClient } from '@wireapp/api-client';
|
|
|
2
2
|
import { ClientId } from '../../../types';
|
|
3
3
|
import { AcmeService } from '../../Connection/AcmeServer';
|
|
4
4
|
import { E2eiEnrollment, Nonce, User } from '../../E2EIService.types';
|
|
5
|
-
import {
|
|
5
|
+
import { AuthorizationChallenge } from '../Authorization';
|
|
6
6
|
export interface DoWireDpopChallengeParams {
|
|
7
7
|
apiClient: APIClient;
|
|
8
8
|
clientId: ClientId;
|
|
9
9
|
userDomain: User['domain'];
|
|
10
|
-
authData:
|
|
10
|
+
authData: AuthorizationChallenge;
|
|
11
11
|
identity: E2eiEnrollment;
|
|
12
12
|
connection: AcmeService;
|
|
13
13
|
nonce: Nonce;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DpopChallenge.types.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAE9C,OAAO,EAAC,QAAQ,EAAC,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAC,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAC,cAAc,EAAE,KAAK,EAAE,IAAI,EAAC,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAC,
|
|
1
|
+
{"version":3,"file":"DpopChallenge.types.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAE9C,OAAO,EAAC,QAAQ,EAAC,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAC,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAC,cAAc,EAAE,KAAK,EAAE,IAAI,EAAC,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAC,sBAAsB,EAAC,MAAM,kBAAkB,CAAC;AAExD,MAAM,WAAW,yBAAyB;IACxC,SAAS,EAAE,SAAS,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3B,QAAQ,EAAE,sBAAsB,CAAC;IACjC,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,oBAAoB,GAAG,IAAI,CAAC,yBAAyB,EAAE,UAAU,GAAG,WAAW,CAAC,CAAC;AAE7F,MAAM,MAAM,0BAA0B,GAAG,IAAI,CAC3C,yBAAyB,EACzB,UAAU,GAAG,WAAW,GAAG,UAAU,GAAG,YAAY,GAAG,YAAY,CACpE,GAAG;IACF,WAAW,EAAE,KAAK,CAAC;CACpB,CAAC"}
|
|
@@ -1,29 +1,25 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AuthorizationChallenge } from './Authorization';
|
|
2
2
|
import { AcmeService } from '../Connection/AcmeServer';
|
|
3
3
|
import { CoreCrypto, E2eiEnrollment, Nonce } from '../E2EIService.types';
|
|
4
4
|
interface DoWireOidcChallengeParams {
|
|
5
5
|
coreCryptoClient: CoreCrypto;
|
|
6
|
-
authData:
|
|
6
|
+
authData: AuthorizationChallenge;
|
|
7
7
|
identity: E2eiEnrollment;
|
|
8
8
|
connection: AcmeService;
|
|
9
9
|
nonce: Nonce;
|
|
10
10
|
oAuthIdToken: string;
|
|
11
11
|
}
|
|
12
|
-
export declare const doWireOidcChallenge: ({ coreCryptoClient, connection, authData, identity, nonce, oAuthIdToken, }: DoWireOidcChallengeParams) => Promise<{
|
|
13
|
-
|
|
12
|
+
export declare const doWireOidcChallenge: ({ coreCryptoClient, connection, authData, identity, nonce, oAuthIdToken, }: DoWireOidcChallengeParams) => Promise<import("../Connection/AcmeServer/AcmeService.types").PostJoseRequestReturnValue<{
|
|
13
|
+
type: string;
|
|
14
|
+
url: string;
|
|
15
|
+
target: string;
|
|
16
|
+
status: string;
|
|
17
|
+
token: string;
|
|
18
|
+
validated?: string | undefined;
|
|
19
|
+
error?: {
|
|
14
20
|
type: string;
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
token: string;
|
|
19
|
-
validated?: string | undefined;
|
|
20
|
-
error?: {
|
|
21
|
-
type: string;
|
|
22
|
-
detail: string;
|
|
23
|
-
} | undefined;
|
|
24
|
-
};
|
|
25
|
-
nonce: string;
|
|
26
|
-
location?: string | undefined;
|
|
27
|
-
}>;
|
|
21
|
+
detail: string;
|
|
22
|
+
} | undefined;
|
|
23
|
+
}>>;
|
|
28
24
|
export {};
|
|
29
25
|
//# sourceMappingURL=OidcChallenge.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OidcChallenge.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,
|
|
1
|
+
{"version":3,"file":"OidcChallenge.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,sBAAsB,EAAC,MAAM,iBAAiB,CAAC;AAEvD,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAC,UAAU,EAAE,cAAc,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAEvE,UAAU,yBAAyB;IACjC,gBAAgB,EAAE,UAAU,CAAC;IAC7B,QAAQ,EAAE,sBAAsB,CAAC;IACjC,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,eAAO,MAAM,mBAAmB,+EAO7B,yBAAyB;;;;;;;;;;;GAmB3B,CAAC"}
|
|
@@ -7,13 +7,13 @@ export interface CreateNewOrderParams {
|
|
|
7
7
|
directory: AcmeDirectory;
|
|
8
8
|
connection: AcmeService;
|
|
9
9
|
}
|
|
10
|
-
export type CreateNewOrderReturnValue =
|
|
10
|
+
export type CreateNewOrderReturnValue = {
|
|
11
11
|
order: NewAcmeOrder;
|
|
12
12
|
nonce: string;
|
|
13
|
-
|
|
13
|
+
authzUrls: string[];
|
|
14
14
|
orderUrl: OrderUrl;
|
|
15
|
-
}
|
|
16
|
-
export declare const createNewOrder: ({ identity, nonce, directory, connection, }: CreateNewOrderParams) => CreateNewOrderReturnValue
|
|
15
|
+
};
|
|
16
|
+
export declare const createNewOrder: ({ identity, nonce, directory, connection, }: CreateNewOrderParams) => Promise<CreateNewOrderReturnValue>;
|
|
17
17
|
export interface FinalizeOrderParams {
|
|
18
18
|
connection: AcmeService;
|
|
19
19
|
identity: E2eiEnrollment;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Order.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Order.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGxF,KAAK,QAAQ,GAAG,MAAM,CAAC;AAEvB,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,SAAS,EAAE,aAAa,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,yBAAyB,GAAG
|
|
1
|
+
{"version":3,"file":"Order.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Order.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGxF,KAAK,QAAQ,GAAG,MAAM,CAAC;AAEvB,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,SAAS,EAAE,aAAa,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,YAAY,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC;AAEF,eAAO,MAAM,cAAc,gDAKxB,oBAAoB,KAAG,QAAQ,yBAAyB,CAY1D,CAAC;AAEF,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,WAAW,CAAC;IACxB,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;CACpB;AACD,eAAO,MAAM,aAAa,8CAAmD,mBAAmB;;;EAqB/F,CAAC"}
|
|
@@ -21,18 +21,17 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
21
21
|
exports.finalizeOrder = exports.createNewOrder = void 0;
|
|
22
22
|
const Helper_1 = require("../Helper");
|
|
23
23
|
const createNewOrder = async ({ identity, nonce, directory, connection, }) => {
|
|
24
|
-
var _a;
|
|
25
24
|
const reqBody = await identity.newOrderRequest(nonce);
|
|
26
|
-
const
|
|
27
|
-
if (
|
|
28
|
-
|
|
29
|
-
order: await identity.newOrderResponse((0, Helper_1.jsonToByteArray)(response.data)),
|
|
30
|
-
authzUrl: response.data.authorizations[0],
|
|
31
|
-
nonce: response.nonce,
|
|
32
|
-
orderUrl: response.location,
|
|
33
|
-
};
|
|
25
|
+
const { data, nonce: responseNonce, location } = await connection.createNewOrder(directory.newOrder, reqBody);
|
|
26
|
+
if (!location) {
|
|
27
|
+
throw new Error('No location header from API received for order creation');
|
|
34
28
|
}
|
|
35
|
-
|
|
29
|
+
return {
|
|
30
|
+
order: await identity.newOrderResponse((0, Helper_1.jsonToByteArray)(data)),
|
|
31
|
+
authzUrls: data.authorizations,
|
|
32
|
+
nonce: responseNonce,
|
|
33
|
+
orderUrl: location,
|
|
34
|
+
};
|
|
36
35
|
};
|
|
37
36
|
exports.createNewOrder = createNewOrder;
|
|
38
37
|
const finalizeOrder = async ({ identity, nonce, orderUrl, connection }) => {
|
|
@@ -45,8 +45,8 @@ const getAndVerifyAuthData = () => {
|
|
|
45
45
|
if (!data) {
|
|
46
46
|
throw new Error('ACME: AuthData not found');
|
|
47
47
|
}
|
|
48
|
-
const
|
|
49
|
-
return E2EIStorage_schema_1.AuthDataSchema.parse(JSON.parse(
|
|
48
|
+
const decodedData = window.atob(data);
|
|
49
|
+
return E2EIStorage_schema_1.AuthDataSchema.parse(JSON.parse(decodedData));
|
|
50
50
|
};
|
|
51
51
|
const getInitialData = () => {
|
|
52
52
|
const data = storage.get(InitialDataKey);
|
|
@@ -7,16 +7,19 @@ export declare const InitialDataSchema: z.ZodObject<{
|
|
|
7
7
|
displayName: z.ZodString;
|
|
8
8
|
handle: z.ZodString;
|
|
9
9
|
domain: z.ZodString;
|
|
10
|
+
teamId: z.ZodString;
|
|
10
11
|
}, "strip", z.ZodTypeAny, {
|
|
11
12
|
id: string;
|
|
12
13
|
domain: string;
|
|
13
14
|
handle: string;
|
|
14
15
|
displayName: string;
|
|
16
|
+
teamId: string;
|
|
15
17
|
}, {
|
|
16
18
|
id: string;
|
|
17
19
|
domain: string;
|
|
18
20
|
handle: string;
|
|
19
21
|
displayName: string;
|
|
22
|
+
teamId: string;
|
|
20
23
|
}>;
|
|
21
24
|
}, "strip", z.ZodTypeAny, {
|
|
22
25
|
user: {
|
|
@@ -24,6 +27,7 @@ export declare const InitialDataSchema: z.ZodObject<{
|
|
|
24
27
|
domain: string;
|
|
25
28
|
handle: string;
|
|
26
29
|
displayName: string;
|
|
30
|
+
teamId: string;
|
|
27
31
|
};
|
|
28
32
|
clientId: string;
|
|
29
33
|
discoveryUrl: string;
|
|
@@ -33,6 +37,7 @@ export declare const InitialDataSchema: z.ZodObject<{
|
|
|
33
37
|
domain: string;
|
|
34
38
|
handle: string;
|
|
35
39
|
displayName: string;
|
|
40
|
+
teamId: string;
|
|
36
41
|
};
|
|
37
42
|
clientId: string;
|
|
38
43
|
discoveryUrl: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"E2EIStorage.schema.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.schema.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,eAAO,MAAM,iBAAiB
|
|
1
|
+
{"version":3,"file":"E2EIStorage.schema.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.schema.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAU5B,CAAC;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAU5D,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQzB,CAAC;AACH,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAEtD,eAAO,MAAM,eAAe;;;;;;EAE1B,CAAC;AACH,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC"}
|
|
@@ -28,6 +28,7 @@ exports.InitialDataSchema = zod_1.z.object({
|
|
|
28
28
|
displayName: zod_1.z.string(),
|
|
29
29
|
handle: zod_1.z.string(),
|
|
30
30
|
domain: zod_1.z.string(),
|
|
31
|
+
teamId: zod_1.z.string(),
|
|
31
32
|
}),
|
|
32
33
|
});
|
|
33
34
|
const Uint8ArraySchema = zod_1.z.custom(value => value instanceof Uint8Array ? { success: true } : { success: false, message: 'Expected Uint8Array' });
|
|
@@ -10,9 +10,18 @@ import { MLSServiceConfig } from './MLSService.types';
|
|
|
10
10
|
import { KeyPackageClaimUser } from '../../../conversation';
|
|
11
11
|
import { CoreDatabase } from '../../../storage/CoreDB';
|
|
12
12
|
import { RecurringTaskScheduler } from '../../../util/RecurringTaskScheduler';
|
|
13
|
-
import {
|
|
13
|
+
import { AcmeChallenge, E2EIServiceExternal, User } from '../E2EIdentityService';
|
|
14
14
|
import { ClientId, CommitPendingProposalsParams, HandlePendingProposalsParams } from '../types';
|
|
15
15
|
export declare const optionalToUint8Array: (array: Uint8Array | []) => Uint8Array;
|
|
16
|
+
type EnrollmentProcessState = {
|
|
17
|
+
status: 'authentication';
|
|
18
|
+
authenticationChallenge: {
|
|
19
|
+
keyAuth: string;
|
|
20
|
+
challenge: AcmeChallenge;
|
|
21
|
+
};
|
|
22
|
+
} | {
|
|
23
|
+
status: 'successful';
|
|
24
|
+
};
|
|
16
25
|
interface LocalMLSServiceConfig extends MLSServiceConfig {
|
|
17
26
|
/**
|
|
18
27
|
* minimum number of key packages client should have available (configured to half of nbKeyPackages)
|
|
@@ -208,7 +217,7 @@ export declare class MLSService extends TypedEventEmitter<Events> {
|
|
|
208
217
|
* @param oAuthIdToken The OAuth id token if the user is already authenticated
|
|
209
218
|
* @returns AcmeChallenge if the user is not authenticated, true if the user is authenticated
|
|
210
219
|
*/
|
|
211
|
-
enrollE2EI(discoveryUrl: string, e2eiServiceExternal: E2EIServiceExternal, user: User, client: RegisteredClient, nbPrekeys: number, oAuthIdToken?: string): Promise<
|
|
220
|
+
enrollE2EI(discoveryUrl: string, e2eiServiceExternal: E2EIServiceExternal, user: User, client: RegisteredClient, nbPrekeys: number, oAuthIdToken?: string): Promise<EnrollmentProcessState>;
|
|
212
221
|
}
|
|
213
222
|
export {};
|
|
214
223
|
//# sourceMappingURL=MLSService.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MLSService.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAqB,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;AACzF,OAAO,EAAC,sBAAsB,EAAE,kBAAkB,EAAC,MAAM,sCAAsC,CAAC;AAChG,OAAO,EAAC,8BAA8B,EAAE,2BAA2B,EAAC,MAAM,+BAA+B,CAAC;AAE1G,OAAO,EAAC,WAAW,EAAC,MAAM,8BAA8B,CAAC;AAEzD,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAW,iBAAiB,EAAC,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EACL,eAAe,EAIf,cAAc,EACd,UAAU,EAEV,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EACnB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAC,gBAAgB,EAAsB,MAAM,oBAAoB,CAAC;AAEzE,OAAO,EAAC,mBAAmB,EAAC,MAAM,uBAAuB,CAAC;AAE1D,OAAO,EAAC,YAAY,EAAC,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAC,sBAAsB,EAAC,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAC,
|
|
1
|
+
{"version":3,"file":"MLSService.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAqB,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;AACzF,OAAO,EAAC,sBAAsB,EAAE,kBAAkB,EAAC,MAAM,sCAAsC,CAAC;AAChG,OAAO,EAAC,8BAA8B,EAAE,2BAA2B,EAAC,MAAM,+BAA+B,CAAC;AAE1G,OAAO,EAAC,WAAW,EAAC,MAAM,8BAA8B,CAAC;AAEzD,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAW,iBAAiB,EAAC,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EACL,eAAe,EAIf,cAAc,EACd,UAAU,EAEV,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EACnB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAC,gBAAgB,EAAsB,MAAM,oBAAoB,CAAC;AAEzE,OAAO,EAAC,mBAAmB,EAAC,MAAM,uBAAuB,CAAC;AAE1D,OAAO,EAAC,YAAY,EAAC,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAC,sBAAsB,EAAC,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAC,aAAa,EAAE,mBAAmB,EAAE,IAAI,EAAC,MAAM,uBAAuB,CAAC;AAQ/E,OAAO,EAAC,QAAQ,EAAE,4BAA4B,EAAE,4BAA4B,EAAC,MAAM,UAAU,CAAC;AAK9F,eAAO,MAAM,oBAAoB,UAAW,UAAU,GAAG,EAAE,KAAG,UAE7D,CAAC;AAEF,KAAK,sBAAsB,GACvB;IACE,MAAM,EAAE,gBAAgB,CAAC;IACzB,uBAAuB,EAAE;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,aAAa,CAAA;KAAC,CAAC;CACtE,GACD;IAAC,MAAM,EAAE,YAAY,CAAA;CAAC,CAAC;AAE3B,UAAU,qBAAsB,SAAQ,gBAAgB;IACtD;;OAEG;IACH,uCAAuC,EAAE,MAAM,CAAC;CACjD;AAQD,KAAK,MAAM,GAAG;IACZ,QAAQ,EAAE;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAC,CAAC;CAC5C,CAAC;AACF,qBAAa,UAAW,SAAQ,iBAAiB,CAAC,MAAM,CAAC;IAOrD,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IATzC,MAAM,iBAAuC;IAC7C,MAAM,EAAE,qBAAqB,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;gBAG9B,SAAS,EAAE,SAAS,EACpB,gBAAgB,EAAE,UAAU,EAC5B,YAAY,EAAE,YAAY,EAC1B,sBAAsB,EAAE,sBAAsB,EAC/D,EACE,6BAA2E,EAC3E,aAA2C,EAC3C,WAAuC,GACxC,EAAE,OAAO,CAAC,gBAAgB,CAAC;IAWjB,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,UAAQ;YAyBtF,iBAAiB;IAM/B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CA0CjC;IAEF;;;;;;OAMG;IACI,8BAA8B,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE;IAWnE,qBAAqB,CAAC,cAAc,EAAE,mBAAmB,EAAE;;;;IA2CjE,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAK/B,WAAW,CAAC,YAAY,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,eAAe,GAAG,kBAAkB;IAIjG,oBAAoB,CAAC,YAAY,EAAE,MAAM,OAAO,CAAC,UAAU,CAAC;IAyB5D,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMpE,qBAAqB,CAAC,cAAc,EAAE,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC;IAI1E,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAiB9F,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAIrG;;;;;;;;;OASG;YACW,mBAAmB;IAQjC,OAAO,CAAC,oBAAoB;IAK5B;;;OAGG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IActE;;;;;OAKG;IACU,oBAAoB,CAC/B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,WAAW,EAAE,EACpB,OAAO,CAAC,EAAE;QAAC,IAAI,EAAE,WAAW,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,GAC7C,OAAO,CAAC,sBAAsB,CAAC;IAiClC;;;;;OAKG;IACH,SAAgB,uBAAuB,YAAmB,MAAM,KAAG,QAAQ,OAAO,CAAC,CA2BjF;IAEF;;;;OAIG;IACI,6BAA6B,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE;YAW7D,eAAe;IAK7B;;;OAGG;IACU,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlE;;;;OAIG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5D,2BAA2B,IAAI,OAAO,CAAC,MAAM,CAAC;IAK9C,iBAAiB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAK9E;;;;OAIG;IACU,gBAAgB,CAAC,OAAO,EAAE,MAAM;IAc7C,OAAO,CAAC,sCAAsC;IAI9C;;;OAGG;IACU,uBAAuB,CAAC,OAAO,EAAE,MAAM;IAKpD;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAIhC;;;OAGG;IACI,0BAA0B,CAAC,OAAO,EAAE,MAAM;IAUjD;;;OAGG;IACI,mCAAmC,CAAC,QAAQ,EAAE,MAAM,EAAE;IAQ7D;;;;OAIG;IACI,sCAAsC,CAAC,QAAQ,EAAE,MAAM;IAQ9D;;;;OAIG;YACW,+BAA+B;YAQ/B,gCAAgC;YAYhC,2BAA2B;IAIzC;;;;;OAKG;YACW,mBAAmB;YAQnB,oBAAoB;IAOrB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAe7D;;;;;;;OAOG;IACU,sBAAsB,CAAC,EAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAC,EAAE,4BAA4B;YAWnF,4BAA4B;YAU5B,0BAA0B;IAKxC,OAAO,CAAC,6BAA6B;IAIrC;;;;;OAKG;IACU,sBAAsB,CAAC,EAAC,OAAO,EAAE,UAAkB,EAAC,EAAE,4BAA4B;IAY/F;;;;OAIG;IACU,+BAA+B;IAiB5C;;;;OAIG;IACU,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAC,EAAE,CAAC;IAY9F,wBAAwB,CACnC,KAAK,EAAE,8BAA8B,EACrC,yBAAyB,EAAE,CACzB,cAAc,EAAE,WAAW,EAC3B,iBAAiB,CAAC,EAAE,kBAAkB,KACnC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAgBrB,4BAA4B,CAAC,KAAK,EAAE,2BAA2B,EAAE,QAAQ,EAAE,MAAM;IAcjF,oBAAoB,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE;IASjF;;;;;;;;OAQG;IACU,UAAU,CACrB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,mBAAmB,EACxC,IAAI,EAAE,IAAI,EACV,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,MAAM,EACjB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,sBAAsB,CAAC;CA+DnC"}
|
|
@@ -635,49 +635,45 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
635
635
|
// If we don't have an OAuth id token, we need to start the certificate process with Oauth
|
|
636
636
|
if (!oAuthIdToken) {
|
|
637
637
|
const data = await instance.startCertificateProcess(hasActiveCertificate);
|
|
638
|
-
|
|
639
|
-
|
|
638
|
+
const oidcChallenge = data.challenge;
|
|
639
|
+
if (!oidcChallenge) {
|
|
640
|
+
throw new Error('Not oidc challenge found');
|
|
640
641
|
}
|
|
641
|
-
|
|
642
|
+
return { status: 'authentication', authenticationChallenge: data };
|
|
642
643
|
}
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
// If we are not refreshing the active certificate, we need to continue the certificate process with Oauth
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
654
|
-
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
658
|
-
|
|
659
|
-
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
|
|
667
|
-
|
|
668
|
-
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
|
|
673
|
-
|
|
674
|
-
};
|
|
675
|
-
await this.uploadCommitBundle(groupIdAsBytes, newCommitBundle);
|
|
676
|
-
}
|
|
677
|
-
return true;
|
|
678
|
-
}
|
|
644
|
+
// If we have an OAuth id token, we can continue the certificate process / start a refresh
|
|
645
|
+
const rotateBundle = !hasActiveCertificate
|
|
646
|
+
? // If we are not refreshing the active certificate, we need to continue the certificate process with Oauth
|
|
647
|
+
await instance.continueCertificateProcess(oAuthIdToken)
|
|
648
|
+
: // If we are refreshing the active certificate, can start the refresh process
|
|
649
|
+
await instance.startRefreshCertficateFlow(oAuthIdToken, hasActiveCertificate);
|
|
650
|
+
if (rotateBundle === undefined) {
|
|
651
|
+
throw new Error('Could not get the rotate bundle');
|
|
652
|
+
}
|
|
653
|
+
// upload the clients public keys
|
|
654
|
+
if (!hasActiveCertificate) {
|
|
655
|
+
// we only upload public keys for the initial certification process. Renewals do not need to upload new public keys
|
|
656
|
+
await this.uploadMLSPublicKeys(client);
|
|
657
|
+
}
|
|
658
|
+
// Remove old key packages
|
|
659
|
+
await this.deleteMLSKeyPackages(client.id, rotateBundle.keyPackageRefsToRemove);
|
|
660
|
+
// Upload new key packages with x509 certificate
|
|
661
|
+
await this.uploadMLSKeyPackages(client.id, rotateBundle.newKeyPackages);
|
|
662
|
+
// Verify that we have enough key packages
|
|
663
|
+
await this.verifyRemoteMLSKeyPackagesAmount(client.id);
|
|
664
|
+
// Update keying material
|
|
665
|
+
for (const [groupId, commitBundle] of rotateBundle.commits) {
|
|
666
|
+
const groupIdAsBytes = bazinga64_1.Converter.hexStringToArrayBufferView(groupId);
|
|
667
|
+
// manual copy of the commit bundle data because of a problem while cloning it
|
|
668
|
+
const newCommitBundle = {
|
|
669
|
+
commit: commitBundle.commit,
|
|
670
|
+
// @ts-ignore
|
|
671
|
+
groupInfo: (commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.group_info) || commitBundle.groupInfo,
|
|
672
|
+
welcome: commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.welcome,
|
|
673
|
+
};
|
|
674
|
+
await this.uploadCommitBundle(groupIdAsBytes, newCommitBundle);
|
|
679
675
|
}
|
|
680
|
-
return
|
|
676
|
+
return { status: 'successful' };
|
|
681
677
|
}
|
|
682
678
|
catch (error) {
|
|
683
679
|
this.logger.error('E2EI - Failed to enroll', error);
|
package/package.json
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
"./lib/cryptography/AssetCryptography/crypto.node": "./lib/cryptography/AssetCryptography/crypto.browser.js"
|
|
12
12
|
},
|
|
13
13
|
"dependencies": {
|
|
14
|
-
"@wireapp/api-client": "^26.10.
|
|
14
|
+
"@wireapp/api-client": "^26.10.1",
|
|
15
15
|
"@wireapp/commons": "^5.2.4",
|
|
16
16
|
"@wireapp/core-crypto": "1.0.0-rc.30",
|
|
17
17
|
"@wireapp/cryptobox": "12.8.0",
|
|
@@ -44,7 +44,7 @@
|
|
|
44
44
|
"fake-indexeddb": "^4.0.0",
|
|
45
45
|
"jest": "^29.2.1",
|
|
46
46
|
"jest-websocket-mock": "2.5.0",
|
|
47
|
-
"nock": "13.
|
|
47
|
+
"nock": "13.5.0",
|
|
48
48
|
"rimraf": "^3.0.2",
|
|
49
49
|
"typescript": "^5.0.4"
|
|
50
50
|
},
|
|
@@ -61,6 +61,6 @@
|
|
|
61
61
|
"test:coverage": "jest --coverage",
|
|
62
62
|
"watch": "tsc --watch"
|
|
63
63
|
},
|
|
64
|
-
"version": "43.7.
|
|
65
|
-
"gitHead": "
|
|
64
|
+
"version": "43.7.2",
|
|
65
|
+
"gitHead": "368d0946bb85bb8eff2c71d91b8c4b46c14aeb1d"
|
|
66
66
|
}
|