@wireapp/core 46.1.0-hotfix-1.1 → 46.1.0-hotfix-1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +674 -0
- package/lib/Account.d.ts +5 -8
- package/lib/Account.d.ts.map +1 -1
- package/lib/Account.js +321 -141
- package/lib/Account.test.js +9 -9
- package/lib/conversation/AssetService/AssetService.test.js +3 -3
- package/lib/conversation/ConversationService/ConversationService.d.ts +1 -1
- package/lib/conversation/ConversationService/ConversationService.d.ts.map +1 -1
- package/lib/conversation/ConversationService/ConversationService.js +5 -11
- package/lib/conversation/ConversationService/ConversationService.test.js +9 -6
- package/lib/conversation/SubconversationService/SubconversationService.d.ts +1 -1
- package/lib/conversation/SubconversationService/SubconversationService.d.ts.map +1 -1
- package/lib/conversation/SubconversationService/SubconversationService.js +1 -3
- package/lib/conversation/SubconversationService/SubconversationService.test.js +5 -6
- package/lib/conversation/message/MessageBuilder.js +2 -2
- package/lib/conversation/message/MessageService.test.js +3 -3
- package/lib/index.d.ts +0 -1
- package/lib/index.d.ts.map +1 -1
- package/lib/index.js +1 -3
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.d.ts +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/schema.d.ts +2 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.js +31 -8
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.test.js +4 -56
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts +2 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.js +6 -3
- package/lib/messagingProtocols/mls/E2EIdentityService/Helper/index.d.ts +2 -4
- package/lib/messagingProtocols/mls/E2EIdentityService/Helper/index.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Helper/index.js +2 -24
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.d.ts +1 -1
- package/lib/messagingProtocols/mls/MLSService/MLSService.d.ts +11 -45
- package/lib/messagingProtocols/mls/MLSService/MLSService.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/MLSService/MLSService.guards.d.ts +4 -0
- package/lib/messagingProtocols/mls/MLSService/MLSService.guards.d.ts.map +1 -0
- package/lib/messagingProtocols/mls/MLSService/{ClientMLSError.js → MLSService.guards.js} +7 -12
- package/lib/messagingProtocols/mls/MLSService/MLSService.js +42 -92
- package/lib/messagingProtocols/mls/MLSService/MLSService.test.js +10 -109
- package/lib/messagingProtocols/mls/MLSService/MLSService.types.d.ts +15 -1
- package/lib/messagingProtocols/mls/MLSService/MLSService.types.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/MLSService/index.d.ts +0 -1
- package/lib/messagingProtocols/mls/MLSService/index.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/MLSService/index.js +0 -1
- package/lib/messagingProtocols/mls/types.d.ts +3 -0
- package/lib/messagingProtocols/mls/types.d.ts.map +1 -1
- package/lib/messagingProtocols/proteus/ProteusService/CryptoClient/CoreCryptoWrapper/CoreCryptoWrapper.d.ts.map +1 -1
- package/lib/messagingProtocols/proteus/ProteusService/CryptoClient/CoreCryptoWrapper/CoreCryptoWrapper.js +1 -0
- package/lib/messagingProtocols/proteus/ProteusService/ProteusService.mocks.d.ts +4 -7
- package/lib/messagingProtocols/proteus/ProteusService/ProteusService.mocks.d.ts.map +1 -1
- package/lib/messagingProtocols/proteus/Utility/SessionHandler/SessionHandler.d.ts +1 -1
- package/lib/messagingProtocols/proteus/Utility/SessionHandler/SessionHandler.d.ts.map +1 -1
- package/lib/test/PayloadHelper.js +2 -2
- package/package.json +8 -8
- package/lib/messagingProtocols/mls/MLSService/ClientMLSError.d.ts +0 -8
- package/lib/messagingProtocols/mls/MLSService/ClientMLSError.d.ts.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"E2EIServiceInternal.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAG9C,OAAO,
|
|
1
|
+
{"version":3,"file":"E2EIServiceInternal.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAG9C,OAAO,EAA6B,UAAU,EAAiB,MAAM,qBAAqB,CAAC;AAS3F,OAAO,EAAqB,WAAW,EAAiC,MAAM,8BAA8B,CAAC;AAE7G,OAAO,EAAC,YAAY,EAAC,MAAM,yBAAyB,CAAC;AAErD,MAAM,MAAM,gBAAgB,GAAG,CAAC,cAAc,CAAC,EAAE;IAAC,SAAS,EAAE,GAAG,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAC,KAAK,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;AACnH,qBAAa,mBAAmB;IAO5B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,wDAAwD;IACxD,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW;IAX9B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuD;IAC9E,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,iBAAiB,CAAiD;gBAGxE,MAAM,EAAE,YAAY,EACH,gBAAgB,EAAE,UAAU,EAC5B,SAAS,EAAE,SAAS;IACrC,wDAAwD;IACvC,cAAc,EAAE,MAAM,EACtB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,WAAW;IAO3C;;;;OAIG;IACU,mBAAmB,CAAC,aAAa,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO;YAkCpE,6BAA6B;YAQ7B,YAAY;YAuBZ,YAAY;YAUZ,eAAe;IAQ7B;;;;;OAKG;YACW,uBAAuB;IAyCrC;;;;;;;OAOG;YACW,eAAe;CAgE9B"}
|
|
@@ -24,6 +24,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
24
24
|
exports.E2EIServiceInternal = void 0;
|
|
25
25
|
const logdown_1 = __importDefault(require("logdown"));
|
|
26
26
|
const AcmeServer_1 = require("./Connection/AcmeServer");
|
|
27
|
+
const E2EIService_types_1 = require("./E2EIService.types");
|
|
27
28
|
const Helper_1 = require("./Helper");
|
|
28
29
|
const Account_1 = require("./Steps/Account");
|
|
29
30
|
const Authorization_1 = require("./Steps/Authorization");
|
|
@@ -51,7 +52,7 @@ class E2EIServiceInternal {
|
|
|
51
52
|
* @param getOAuthToken function called when the process needs an oauth token
|
|
52
53
|
* @param refresh should the process refresh the current certificate or get a new one
|
|
53
54
|
*/
|
|
54
|
-
async generateCertificate(getOAuthToken, refresh
|
|
55
|
+
async generateCertificate(getOAuthToken, refresh) {
|
|
55
56
|
const stashedEnrollmentData = await this.enrollmentStorage.getPendingEnrollmentData();
|
|
56
57
|
if (stashedEnrollmentData) {
|
|
57
58
|
// In case we have stashed data, we continue the enrollment flow (we are coming back from a redirect)
|
|
@@ -62,7 +63,7 @@ class E2EIServiceInternal {
|
|
|
62
63
|
return this.continueCertificateGeneration(oAuthToken, stashedEnrollmentData);
|
|
63
64
|
}
|
|
64
65
|
// We first get the challenges needed to validate the user identity
|
|
65
|
-
const identity = await this.initIdentity(refresh
|
|
66
|
+
const identity = await this.initIdentity(refresh);
|
|
66
67
|
const enrollmentChallenges = await this.getEnrollmentChallenges(identity);
|
|
67
68
|
const { keyauth, oidcChallenge } = enrollmentChallenges.authorization;
|
|
68
69
|
const challengeData = { challenge: oidcChallenge, keyAuth: keyauth };
|
|
@@ -83,8 +84,10 @@ class E2EIServiceInternal {
|
|
|
83
84
|
return this.getRotateBundle(identity, oAuthToken, enrollmentData);
|
|
84
85
|
}
|
|
85
86
|
// ############ Internal Functions ############
|
|
86
|
-
async initIdentity(hasActiveCertificate
|
|
87
|
+
async initIdentity(hasActiveCertificate) {
|
|
87
88
|
const { user } = this.initialData;
|
|
89
|
+
// How long the issued certificate should be maximal valid
|
|
90
|
+
const ciphersuite = E2EIService_types_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519;
|
|
88
91
|
return hasActiveCertificate
|
|
89
92
|
? this.coreCryptoClient.e2eiNewRotateEnrollment(this.certificateTtl, ciphersuite, user.displayName, user.handle, user.teamId)
|
|
90
93
|
: this.coreCryptoClient.e2eiNewActivationEnrollment(user.displayName, user.handle, this.certificateTtl, ciphersuite, user.teamId);
|
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { Ciphersuite } from '@wireapp/core-crypto';
|
|
1
|
+
import { RegisteredClient } from '@wireapp/api-client/lib/client';
|
|
3
2
|
import { ClientIdStringType } from '../../../../util/fullyQualifiedClientIdUtils';
|
|
4
3
|
export declare const jsonToByteArray: (data: any) => Uint8Array;
|
|
5
4
|
type GetE2EIClientIdReturnType = {
|
|
@@ -7,8 +6,7 @@ type GetE2EIClientIdReturnType = {
|
|
|
7
6
|
asBytes: Uint8Array;
|
|
8
7
|
};
|
|
9
8
|
export declare const getE2EIClientId: (clientId: string, userId: string, userDomain: string) => GetE2EIClientIdReturnType;
|
|
10
|
-
export declare const
|
|
11
|
-
export declare const isMLSDevice: ({ mls_public_keys }: RegisteredClient, ciphersuite: Ciphersuite) => boolean;
|
|
9
|
+
export declare const isMLSDevice: ({ mls_public_keys }: RegisteredClient) => boolean;
|
|
12
10
|
export declare const isResponseStatusValid: (status: string | undefined) => boolean | "" | undefined;
|
|
13
11
|
export {};
|
|
14
12
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Helper/index.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Helper/index.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;AAEhE,OAAO,EAAC,kBAAkB,EAAkC,MAAM,8CAA8C,CAAC;AAEjH,eAAO,MAAM,eAAe,SAAU,GAAG,KAAG,UAG3C,CAAC;AAEF,KAAK,yBAAyB,GAAG;IAC/B,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,OAAO,EAAE,UAAU,CAAC;CACrB,CAAC;AACF,eAAO,MAAM,eAAe,aAAc,MAAM,UAAU,MAAM,cAAc,MAAM,KAAG,yBAOtF,CAAC;AAEF,eAAO,MAAM,WAAW,wBAAuB,gBAAgB,YACoB,CAAC;AAEpF,eAAO,MAAM,qBAAqB,WAAY,MAAM,GAAG,SAAS,6BAAiC,CAAC"}
|
|
@@ -18,9 +18,7 @@
|
|
|
18
18
|
*
|
|
19
19
|
*/
|
|
20
20
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
21
|
-
exports.isResponseStatusValid = exports.isMLSDevice = exports.
|
|
22
|
-
const client_1 = require("@wireapp/api-client/lib/client");
|
|
23
|
-
const core_crypto_1 = require("@wireapp/core-crypto");
|
|
21
|
+
exports.isResponseStatusValid = exports.isMLSDevice = exports.getE2EIClientId = exports.jsonToByteArray = void 0;
|
|
24
22
|
const fullyQualifiedClientIdUtils_1 = require("../../../../util/fullyQualifiedClientIdUtils");
|
|
25
23
|
const jsonToByteArray = (data) => {
|
|
26
24
|
const encoder = new TextEncoder();
|
|
@@ -36,27 +34,7 @@ const getE2EIClientId = (clientId, userId, userDomain) => {
|
|
|
36
34
|
};
|
|
37
35
|
};
|
|
38
36
|
exports.getE2EIClientId = getE2EIClientId;
|
|
39
|
-
|
|
40
|
-
* depending on the ciphersuite used, the signature algorithm used is different. We need to keep a mapping of the ciphersuite to the signature algorithm
|
|
41
|
-
*/
|
|
42
|
-
const ciphersuiteSignatureAlgorithmMap = {
|
|
43
|
-
[core_crypto_1.Ciphersuite.MLS_128_DHKEMP256_AES128GCM_SHA256_P256]: client_1.MLSPublicKeyAlgorithmKeys.ECDSA_SECP256R1_SHA256,
|
|
44
|
-
[core_crypto_1.Ciphersuite.MLS_256_DHKEMP384_AES256GCM_SHA384_P384]: client_1.MLSPublicKeyAlgorithmKeys.ECDSA_SECP384R1_SHA384,
|
|
45
|
-
[core_crypto_1.Ciphersuite.MLS_256_DHKEMP521_AES256GCM_SHA512_P521]: client_1.MLSPublicKeyAlgorithmKeys.ECDSA_SECP521R1_SHA512,
|
|
46
|
-
[core_crypto_1.Ciphersuite.MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448]: client_1.MLSPublicKeyAlgorithmKeys.ED448,
|
|
47
|
-
[core_crypto_1.Ciphersuite.MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448]: client_1.MLSPublicKeyAlgorithmKeys.ED448,
|
|
48
|
-
[core_crypto_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519]: client_1.MLSPublicKeyAlgorithmKeys.ED25519,
|
|
49
|
-
[core_crypto_1.Ciphersuite.MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519]: client_1.MLSPublicKeyAlgorithmKeys.ED25519,
|
|
50
|
-
};
|
|
51
|
-
const getSignatureAlgorithmForCiphersuite = (ciphersuite) => {
|
|
52
|
-
return ciphersuiteSignatureAlgorithmMap[ciphersuite];
|
|
53
|
-
};
|
|
54
|
-
exports.getSignatureAlgorithmForCiphersuite = getSignatureAlgorithmForCiphersuite;
|
|
55
|
-
const isMLSDevice = ({ mls_public_keys }, ciphersuite) => {
|
|
56
|
-
const signatureAlogrithm = (0, exports.getSignatureAlgorithmForCiphersuite)(ciphersuite);
|
|
57
|
-
const signature = mls_public_keys[signatureAlogrithm];
|
|
58
|
-
return typeof signature === 'string' && signature.length > 0;
|
|
59
|
-
};
|
|
37
|
+
const isMLSDevice = ({ mls_public_keys }) => typeof mls_public_keys.ed25519 === 'string' && mls_public_keys.ed25519.length > 0;
|
|
60
38
|
exports.isMLSDevice = isMLSDevice;
|
|
61
39
|
const isResponseStatusValid = (status) => status && status === 'valid';
|
|
62
40
|
exports.isResponseStatusValid = isResponseStatusValid;
|
|
@@ -14,11 +14,11 @@ export declare const doWireOidcChallenge: ({ connection, authData, identity, non
|
|
|
14
14
|
target: string;
|
|
15
15
|
status: string;
|
|
16
16
|
token: string;
|
|
17
|
+
validated?: string | undefined;
|
|
17
18
|
error?: {
|
|
18
19
|
type: string;
|
|
19
20
|
detail: string;
|
|
20
21
|
} | undefined;
|
|
21
|
-
validated?: string | undefined;
|
|
22
22
|
}>>;
|
|
23
23
|
export {};
|
|
24
24
|
//# sourceMappingURL=OidcChallenge.d.ts.map
|
|
@@ -1,36 +1,25 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { RegisteredClient } from '@wireapp/api-client/lib/client';
|
|
2
2
|
import { PostMlsMessageResponse, SUBCONVERSATION_ID } from '@wireapp/api-client/lib/conversation';
|
|
3
3
|
import { ConversationMLSMessageAddEvent, ConversationMLSWelcomeEvent } from '@wireapp/api-client/lib/event';
|
|
4
4
|
import { QualifiedId } from '@wireapp/api-client/lib/user';
|
|
5
5
|
import logdown from 'logdown';
|
|
6
6
|
import { APIClient } from '@wireapp/api-client';
|
|
7
7
|
import { TypedEventEmitter } from '@wireapp/commons';
|
|
8
|
-
import { AddProposalArgs,
|
|
8
|
+
import { AddProposalArgs, ConversationId, CoreCrypto, DecryptedMessage, ProposalArgs, ProposalType, RemoveProposalArgs } from '@wireapp/core-crypto';
|
|
9
|
+
import { MLSServiceConfig } from './MLSService.types';
|
|
9
10
|
import { AddUsersFailure, KeyPackageClaimUser } from '../../../conversation';
|
|
10
11
|
import { CoreDatabase } from '../../../storage/CoreDB';
|
|
11
12
|
import { RecurringTaskScheduler } from '../../../util/RecurringTaskScheduler';
|
|
12
13
|
import { User } from '../E2EIdentityService';
|
|
13
14
|
import { getTokenCallback } from '../E2EIdentityService/E2EIServiceInternal';
|
|
14
15
|
import { ClientId, HandlePendingProposalsParams } from '../types';
|
|
15
|
-
|
|
16
|
-
interface
|
|
17
|
-
/** List of ciphersuites that could be used for MLS */
|
|
18
|
-
ciphersuites: Ciphersuite[];
|
|
19
|
-
/** preferred ciphersuite to use */
|
|
20
|
-
defaultCiphersuite: Ciphersuite;
|
|
21
|
-
/**
|
|
22
|
-
* (milliseconds) period of time between automatic updates of the keying material (30 days by default)
|
|
23
|
-
*/
|
|
24
|
-
keyingMaterialUpdateThreshold: number;
|
|
16
|
+
export declare const optionalToUint8Array: (array: Uint8Array | []) => Uint8Array;
|
|
17
|
+
interface LocalMLSServiceConfig extends MLSServiceConfig {
|
|
25
18
|
/**
|
|
26
|
-
* number of key packages client should
|
|
19
|
+
* minimum number of key packages client should have available (configured to half of nbKeyPackages)
|
|
27
20
|
*/
|
|
28
|
-
|
|
21
|
+
minRequiredNumberOfAvailableKeyPackages: number;
|
|
29
22
|
}
|
|
30
|
-
export type InitClientOptions = Optional<MLSConfig, 'keyingMaterialUpdateThreshold' | 'nbKeyPackages'> & {
|
|
31
|
-
skipInitIdentity?: boolean;
|
|
32
|
-
};
|
|
33
|
-
export declare const optionalToUint8Array: (array: Uint8Array | []) => Uint8Array;
|
|
34
23
|
type Events = {
|
|
35
24
|
newEpoch: {
|
|
36
25
|
epoch: number;
|
|
@@ -44,29 +33,18 @@ export declare class MLSService extends TypedEventEmitter<Events> {
|
|
|
44
33
|
private readonly coreDatabase;
|
|
45
34
|
private readonly recurringTaskScheduler;
|
|
46
35
|
logger: logdown.Logger;
|
|
47
|
-
|
|
36
|
+
config: LocalMLSServiceConfig;
|
|
48
37
|
private readonly textEncoder;
|
|
49
38
|
private readonly textDecoder;
|
|
50
39
|
private readonly conflictBackoffQueue;
|
|
51
|
-
constructor(apiClient: APIClient, coreCryptoClient: CoreCrypto, coreDatabase: CoreDatabase, recurringTaskScheduler: RecurringTaskScheduler);
|
|
52
|
-
/**
|
|
53
|
-
* return true if the MLS service if configured and ready to be used
|
|
54
|
-
*/
|
|
55
|
-
get isEnabled(): boolean;
|
|
56
|
-
get config(): MLSConfig;
|
|
57
|
-
private get minRequiredKeyPackages();
|
|
40
|
+
constructor(apiClient: APIClient, coreCryptoClient: CoreCrypto, coreDatabase: CoreDatabase, recurringTaskScheduler: RecurringTaskScheduler, { keyingMaterialUpdateThreshold, nbKeyPackages, cipherSuite, }: Partial<MLSServiceConfig>);
|
|
58
41
|
/**
|
|
59
42
|
* Will initialize an MLS client
|
|
60
43
|
* @param userId the user owning the client
|
|
61
44
|
* @param client id of the client to initialize
|
|
62
45
|
* @param skipInitIdentity avoid registering the client's identity to the backend (needed for e2eidentity as the identity will be uploaded and signed only when enrollment is successful)
|
|
63
46
|
*/
|
|
64
|
-
initClient(userId: QualifiedId, client: RegisteredClient,
|
|
65
|
-
/**
|
|
66
|
-
* returns true if the client has a valid MLS identity in regard of the default ciphersuite set
|
|
67
|
-
* @param client the client to check
|
|
68
|
-
*/
|
|
69
|
-
isInitializedMLSClient: (client: RegisteredClient) => boolean;
|
|
47
|
+
initClient(userId: QualifiedId, client: RegisteredClient, skipInitIdentity?: boolean): Promise<void>;
|
|
70
48
|
private getCredentialType;
|
|
71
49
|
private uploadCommitBundle;
|
|
72
50
|
private readonly _uploadCommitBundle;
|
|
@@ -109,7 +87,7 @@ export declare class MLSService extends TypedEventEmitter<Events> {
|
|
|
109
87
|
* @param groupId the id of the group to create inside of coreCrypto
|
|
110
88
|
* @param parentGroupId in case the conversation is a subconversation, the id of the parent conversation
|
|
111
89
|
*/
|
|
112
|
-
registerEmptyConversation(groupId: string, parentGroupId?: string
|
|
90
|
+
registerEmptyConversation(groupId: string, parentGroupId?: string): Promise<void>;
|
|
113
91
|
/**
|
|
114
92
|
* Will create a conversation inside of coreCrypto, add users to it or update the keying material if empty key packages list is provided.
|
|
115
93
|
* @param groupId the id of the group to create inside of coreCrypto
|
|
@@ -126,18 +104,6 @@ export declare class MLSService extends TypedEventEmitter<Events> {
|
|
|
126
104
|
}): Promise<PostMlsMessageResponse & {
|
|
127
105
|
failures: AddUsersFailure[];
|
|
128
106
|
}>;
|
|
129
|
-
/**
|
|
130
|
-
* Will create a 1:1 conversation inside of coreCrypto, try claiming key packages for user and (if succesfull) add them to the MLS group.
|
|
131
|
-
* @param groupId the id of the group to create inside of coreCrypto
|
|
132
|
-
* @param userId the id of the user to register the conversation with
|
|
133
|
-
* @param selfUser the self user that is creating the 1:1 conversation (user and client ids)
|
|
134
|
-
*/
|
|
135
|
-
register1to1Conversation(groupId: string, userId: QualifiedId, selfUser: {
|
|
136
|
-
user: QualifiedId;
|
|
137
|
-
client: string;
|
|
138
|
-
}, removalKeyFor1to1Signature?: MLSPublicKeyRecord): Promise<PostMlsMessageResponse & {
|
|
139
|
-
failures: AddUsersFailure[];
|
|
140
|
-
}>;
|
|
141
107
|
/**
|
|
142
108
|
* Will try to register mls group and send an empty commit to establish it.
|
|
143
109
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MLSService.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAqB,
|
|
1
|
+
{"version":3,"file":"MLSService.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAqB,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;AACzF,OAAO,EAAC,sBAAsB,EAAE,kBAAkB,EAAC,MAAM,sCAAsC,CAAC;AAChG,OAAO,EAAC,8BAA8B,EAAE,2BAA2B,EAAC,MAAM,+BAA+B,CAAC;AAE1G,OAAO,EAAC,WAAW,EAAC,MAAM,8BAA8B,CAAC;AAGzD,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAW,iBAAiB,EAAC,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EACL,eAAe,EAIf,cAAc,EACd,UAAU,EAEV,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EACnB,MAAM,sBAAsB,CAAC;AAK9B,OAAO,EAAC,gBAAgB,EAAuD,MAAM,oBAAoB,CAAC;AAE1G,OAAO,EAAC,eAAe,EAA0B,mBAAmB,EAAC,MAAM,uBAAuB,CAAC;AAEnG,OAAO,EAAC,YAAY,EAAC,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAC,sBAAsB,EAAC,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAC,IAAI,EAAC,MAAM,uBAAuB,CAAC;AAC3C,OAAO,EAAsB,gBAAgB,EAAC,MAAM,2CAA2C,CAAC;AAQhG,OAAO,EAAC,QAAQ,EAAE,4BAA4B,EAAC,MAAM,UAAU,CAAC;AAKhE,eAAO,MAAM,oBAAoB,UAAW,UAAU,GAAG,EAAE,KAAG,UAE7D,CAAC;AAEF,UAAU,qBAAsB,SAAQ,gBAAgB;IACtD;;OAEG;IACH,uCAAuC,EAAE,MAAM,CAAC;CACjD;AAQD,KAAK,MAAM,GAAG;IACZ,QAAQ,EAAE;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAC,CAAC;IAC3C,wBAAwB,EAAE,MAAM,EAAE,CAAC;CACpC,CAAC;AACF,qBAAa,UAAW,SAAQ,iBAAiB,CAAC,MAAM,CAAC;IAarD,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IAfzC,MAAM,iBAAuC;IAC7C,MAAM,EAAE,qBAAqB,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAKlC;gBAGgB,SAAS,EAAE,SAAS,EACpB,gBAAgB,EAAE,UAAU,EAC5B,YAAY,EAAE,YAAY,EAC1B,sBAAsB,EAAE,sBAAsB,EAC/D,EACE,6BAA2E,EAC3E,aAA2C,EAC3C,WAAuC,GACxC,EAAE,OAAO,CAAC,gBAAgB,CAAC;IAW9B;;;;;OAKG;IACU,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,gBAAgB,EAAE,gBAAgB,UAAQ;YA6BjF,iBAAiB;IAM/B,OAAO,CAAC,kBAAkB,CAiBxB;IAEF,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAkClC;IAEF;;;;;;OAMG;IACU,8BAA8B,CACzC,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,UAAU,EAAE,GACxB,OAAO,CAAC,sBAAsB,GAAG;QAAC,QAAQ,EAAE,eAAe,EAAE,CAAA;KAAC,CAAC;IA6BrD,qBAAqB,CAAC,cAAc,EAAE,mBAAmB,EAAE;;;;IA2EjE,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAK/B,WAAW,CAAC,YAAY,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,eAAe,GAAG,kBAAkB;IAIjG,oBAAoB,CAAC,YAAY,EAAE,MAAM,OAAO,CAAC,UAAU,CAAC;IAwB5D,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMjF,OAAO,CAAC,gCAAgC;IAO3B,qBAAqB,CAAC,cAAc,EAAE,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC;IAM1E,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAkB9F,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAIrG;;;;;;;;;OASG;YACW,mBAAmB;IAUjC,OAAO,CAAC,oBAAoB;IAK5B;;;;OAIG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAqB9F;;;;;;OAMG;IACU,oBAAoB,CAC/B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,WAAW,EAAE,EACpB,OAAO,CAAC,EAAE;QAAC,OAAO,CAAC,EAAE;YAAC,IAAI,EAAE,WAAW,CAAC;YAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAC,CAAC;QAAC,aAAa,CAAC,EAAE,MAAM,CAAA;KAAC,GACjF,OAAO,CAAC,sBAAsB,GAAG;QAAC,QAAQ,EAAE,eAAe,EAAE,CAAA;KAAC,CAAC;IAuClE;;;;;OAKG;IACH,SAAgB,uBAAuB,YAAmB,MAAM,KAAG,QAAQ,OAAO,CAAC,CA2BjF;IAEF;;;;OAIG;IACI,6BAA6B,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE;IAW3E;;;OAGG;IACU,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlE;;;;OAIG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5D,2BAA2B,IAAI,OAAO,CAAC,MAAM,CAAC;IAK9C,iBAAiB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAK9E;;;;OAIG;IACU,gBAAgB,CAAC,OAAO,EAAE,MAAM;IAc7C,OAAO,CAAC,sCAAsC;IAI9C;;;OAGG;IACU,uBAAuB,CAAC,OAAO,EAAE,MAAM;IAKpD;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAIhC;;;OAGG;IACI,0BAA0B,CAAC,OAAO,EAAE,MAAM;IAUjD;;;OAGG;IACI,mCAAmC,CAAC,QAAQ,EAAE,MAAM,EAAE;IAQ7D;;;;OAIG;IACI,sCAAsC,CAAC,QAAQ,EAAE,MAAM;IAQ9D;;;;OAIG;YACW,+BAA+B;YAQ/B,gCAAgC;YAYhC,2BAA2B;IAIzC;;;;;OAKG;YACW,mBAAmB;YASnB,kBAAkB;YAOlB,oBAAoB;IAOrB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAe7D;;;;;;;OAOG;IACU,sBAAsB,CAAC,EAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAC,EAAE,4BAA4B;YAWnF,4BAA4B;YAU5B,0BAA0B;IAKxC,OAAO,CAAC,6BAA6B;IAIrC;;;;OAIG;IACU,sBAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,UAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IA4BvF;;;;OAIG;IACU,+BAA+B;IAiB5C;;;;OAIG;IACU,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAC,EAAE,CAAC;IAY9F,wBAAwB,CACnC,KAAK,EAAE,8BAA8B,EACrC,yBAAyB,EAAE,CACzB,cAAc,EAAE,WAAW,EAC3B,iBAAiB,CAAC,EAAE,kBAAkB,KACnC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAgBrB,4BAA4B,CAAC,KAAK,EAAE,2BAA2B,EAAE,QAAQ,EAAE,MAAM;IAc9F;;;;;;;;OAQG;IACU,UAAU,CACrB,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE,IAAI,EACV,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,EACtB,aAAa,EAAE,gBAAgB,GAC9B,OAAO,CAAC,IAAI,CAAC;CA4CjB"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import { BackendError } from '@wireapp/api-client/lib/http';
|
|
2
|
+
export declare const isObject: (value: unknown) => value is {};
|
|
3
|
+
export declare function isBackendError(errorCandidate: unknown): errorCandidate is BackendError;
|
|
4
|
+
//# sourceMappingURL=MLSService.guards.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"MLSService.guards.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.guards.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,YAAY,EAAC,MAAM,8BAA8B,CAAC;AAE1D,eAAO,MAAM,QAAQ,UAAW,OAAO,gBAA6D,CAAC;AAGrG,wBAAgB,cAAc,CAAC,cAAc,EAAE,OAAO,GAAG,cAAc,IAAI,YAAY,CAEtF"}
|
|
@@ -18,16 +18,11 @@
|
|
|
18
18
|
*
|
|
19
19
|
*/
|
|
20
20
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
21
|
-
exports.
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
constructor(label) {
|
|
28
|
-
super();
|
|
29
|
-
this.label = label;
|
|
30
|
-
Object.setPrototypeOf(this, new.target.prototype);
|
|
31
|
-
}
|
|
21
|
+
exports.isBackendError = exports.isObject = void 0;
|
|
22
|
+
const isObject = (value) => typeof value === 'object' && value !== null;
|
|
23
|
+
exports.isObject = isObject;
|
|
24
|
+
// ToDo: Remove after this package moved to the Monorepo and use the shared function from webapp
|
|
25
|
+
function isBackendError(errorCandidate) {
|
|
26
|
+
return (0, exports.isObject)(errorCandidate) && 'label' in errorCandidate && 'message' in errorCandidate;
|
|
32
27
|
}
|
|
33
|
-
exports.
|
|
28
|
+
exports.isBackendError = isBackendError;
|
|
@@ -40,8 +40,8 @@ const logdown_1 = __importDefault(require("logdown"));
|
|
|
40
40
|
const commons_1 = require("@wireapp/commons");
|
|
41
41
|
const core_crypto_1 = require("@wireapp/core-crypto");
|
|
42
42
|
const priority_queue_1 = require("@wireapp/priority-queue");
|
|
43
|
-
const ClientMLSError_1 = require("./ClientMLSError");
|
|
44
43
|
const CoreCryptoMLSError_1 = require("./CoreCryptoMLSError");
|
|
44
|
+
const MLSService_guards_1 = require("./MLSService.guards");
|
|
45
45
|
const conversation_1 = require("../../../conversation");
|
|
46
46
|
const messageSender_1 = require("../../../conversation/message/messageSender");
|
|
47
47
|
const fullyQualifiedClientIdUtils_1 = require("../../../util/fullyQualifiedClientIdUtils");
|
|
@@ -61,9 +61,10 @@ exports.optionalToUint8Array = optionalToUint8Array;
|
|
|
61
61
|
const defaultConfig = {
|
|
62
62
|
keyingMaterialUpdateThreshold: 1000 * 60 * 60 * 24 * 30, //30 days
|
|
63
63
|
nbKeyPackages: 100,
|
|
64
|
+
cipherSuite: core_crypto_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519,
|
|
64
65
|
};
|
|
65
66
|
class MLSService extends commons_1.TypedEventEmitter {
|
|
66
|
-
constructor(apiClient, coreCryptoClient, coreDatabase, recurringTaskScheduler) {
|
|
67
|
+
constructor(apiClient, coreCryptoClient, coreDatabase, recurringTaskScheduler, { keyingMaterialUpdateThreshold = defaultConfig.keyingMaterialUpdateThreshold, nbKeyPackages = defaultConfig.nbKeyPackages, cipherSuite = defaultConfig.cipherSuite, }) {
|
|
67
68
|
super();
|
|
68
69
|
this.apiClient = apiClient;
|
|
69
70
|
this.coreCryptoClient = coreCryptoClient;
|
|
@@ -76,20 +77,17 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
76
77
|
maxRetries: 10,
|
|
77
78
|
retryDelay: 500,
|
|
78
79
|
maxRetryDelay: TimeUtil_1.TimeInMillis.SECOND * 32,
|
|
79
|
-
shouldRetry: error =>
|
|
80
|
+
shouldRetry: error => (0, MLSService_guards_1.isBackendError)(error) && error.code === http_1.StatusCode.CONFLICT,
|
|
80
81
|
});
|
|
81
|
-
/**
|
|
82
|
-
* returns true if the client has a valid MLS identity in regard of the default ciphersuite set
|
|
83
|
-
* @param client the client to check
|
|
84
|
-
*/
|
|
85
|
-
this.isInitializedMLSClient = (client) => (0, Helper_1.isMLSDevice)(client, this.config.defaultCiphersuite);
|
|
86
82
|
this.uploadCommitBundle = async (groupId, commitBundle, { isExternalCommit = false, regenerateCommitBundle } = {}) => {
|
|
87
83
|
try {
|
|
88
84
|
return await this._uploadCommitBundle(groupId, async () => commitBundle, isExternalCommit);
|
|
89
85
|
}
|
|
90
86
|
catch (error) {
|
|
91
|
-
if (
|
|
92
|
-
|
|
87
|
+
if ((0, MLSService_guards_1.isBackendError)(error)) {
|
|
88
|
+
if (error.code === http_1.StatusCode.CONFLICT && regenerateCommitBundle) {
|
|
89
|
+
return this.conflictBackoffQueue.add(async () => this._uploadCommitBundle(groupId, regenerateCommitBundle, isExternalCommit));
|
|
90
|
+
}
|
|
93
91
|
}
|
|
94
92
|
throw error;
|
|
95
93
|
}
|
|
@@ -156,21 +154,12 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
156
154
|
return false;
|
|
157
155
|
}
|
|
158
156
|
};
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
}
|
|
166
|
-
get config() {
|
|
167
|
-
if (!this._config) {
|
|
168
|
-
throw new Error('mls config is not set, did you forget to call initClient?');
|
|
169
|
-
}
|
|
170
|
-
return this._config;
|
|
171
|
-
}
|
|
172
|
-
get minRequiredKeyPackages() {
|
|
173
|
-
return Math.floor(this.config.nbKeyPackages / 2);
|
|
157
|
+
this.config = {
|
|
158
|
+
keyingMaterialUpdateThreshold,
|
|
159
|
+
nbKeyPackages,
|
|
160
|
+
cipherSuite,
|
|
161
|
+
minRequiredNumberOfAvailableKeyPackages: Math.floor(nbKeyPackages / 2),
|
|
162
|
+
};
|
|
174
163
|
}
|
|
175
164
|
/**
|
|
176
165
|
* Will initialize an MLS client
|
|
@@ -178,19 +167,15 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
178
167
|
* @param client id of the client to initialize
|
|
179
168
|
* @param skipInitIdentity avoid registering the client's identity to the backend (needed for e2eidentity as the identity will be uploaded and signed only when enrollment is successful)
|
|
180
169
|
*/
|
|
181
|
-
async initClient(userId, client,
|
|
182
|
-
|
|
183
|
-
// filter out undefined values from mlsConfig
|
|
184
|
-
const filteredMLSConfig = Object.fromEntries(Object.entries(mlsConfig).filter(([_, value]) => value !== undefined));
|
|
185
|
-
this._config = Object.assign(Object.assign({}, defaultConfig), filteredMLSConfig);
|
|
186
|
-
await this.coreCryptoClient.mlsInit((0, MLSId_1.generateMLSDeviceId)(userId, client.id), this.config.ciphersuites, this.config.nbKeyPackages);
|
|
170
|
+
async initClient(userId, client, skipInitIdentity = false) {
|
|
171
|
+
await this.coreCryptoClient.mlsInit((0, MLSId_1.generateMLSDeviceId)(userId, client.id), [this.config.cipherSuite], this.config.nbKeyPackages);
|
|
187
172
|
await this.coreCryptoClient.registerCallbacks({
|
|
188
173
|
// All authorization/membership rules are enforced on backend
|
|
189
174
|
clientIsExistingGroupUser: async () => true,
|
|
190
175
|
authorize: async () => true,
|
|
191
176
|
userAuthorize: async () => true,
|
|
192
177
|
});
|
|
193
|
-
const isFreshMLSSelfClient =
|
|
178
|
+
const isFreshMLSSelfClient = typeof client.mls_public_keys.ed25519 !== 'string' || client.mls_public_keys.ed25519.length === 0;
|
|
194
179
|
const shouldinitIdentity = !(isFreshMLSSelfClient && skipInitIdentity);
|
|
195
180
|
if (shouldinitIdentity) {
|
|
196
181
|
// We need to make sure keypackages and public key are uploaded to the backend
|
|
@@ -204,7 +189,7 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
204
189
|
}
|
|
205
190
|
}
|
|
206
191
|
async getCredentialType() {
|
|
207
|
-
return (await this.coreCryptoClient.e2eiIsEnabled(this.config.
|
|
192
|
+
return (await this.coreCryptoClient.e2eiIsEnabled(this.config.cipherSuite))
|
|
208
193
|
? core_crypto_1.CredentialType.X509
|
|
209
194
|
: core_crypto_1.CredentialType.Basic;
|
|
210
195
|
}
|
|
@@ -248,7 +233,7 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
248
233
|
const emptyKeyPackagesUsers = [];
|
|
249
234
|
const keyPackagesSettledResult = await Promise.allSettled(qualifiedUsers.map(async ({ id, domain, skipOwnClientId }) => {
|
|
250
235
|
try {
|
|
251
|
-
const keys = await this.apiClient.api.client.claimMLSKeyPackages(id, domain, (0, numberToHex_1.numberToHex)(this.config.
|
|
236
|
+
const keys = await this.apiClient.api.client.claimMLSKeyPackages(id, domain, (0, numberToHex_1.numberToHex)(this.config.cipherSuite), skipOwnClientId);
|
|
252
237
|
const isSelfUser = this.apiClient.userId === id && this.apiClient.domain === domain;
|
|
253
238
|
// It's possible that user's backend is reachable but they have not uploaded their MLS key packages (or all of them have been claimed already)
|
|
254
239
|
// We don't care about the self user here.
|
|
@@ -388,8 +373,7 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
388
373
|
* @param groupId the id of the group to create inside of coreCrypto
|
|
389
374
|
* @param parentGroupId in case the conversation is a subconversation, the id of the parent conversation
|
|
390
375
|
*/
|
|
391
|
-
async registerEmptyConversation(groupId, parentGroupId
|
|
392
|
-
var _a;
|
|
376
|
+
async registerEmptyConversation(groupId, parentGroupId) {
|
|
393
377
|
const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
|
|
394
378
|
let externalSenders = [];
|
|
395
379
|
if (parentGroupId) {
|
|
@@ -398,16 +382,11 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
398
382
|
}
|
|
399
383
|
else {
|
|
400
384
|
const mlsKeys = (await this.apiClient.api.client.getPublicKeys()).removal;
|
|
401
|
-
|
|
402
|
-
const removalKeyForSignature = (_a = removalKeyFor1to1Signature === null || removalKeyFor1to1Signature === void 0 ? void 0 : removalKeyFor1to1Signature[ciphersuiteSignature]) !== null && _a !== void 0 ? _a : mlsKeys[ciphersuiteSignature];
|
|
403
|
-
if (!removalKeyForSignature) {
|
|
404
|
-
throw new Error(`Cannot create conversation: No backend removal key found for the signature ${ciphersuiteSignature}`);
|
|
405
|
-
}
|
|
406
|
-
externalSenders = [bazinga64_1.Decoder.fromBase64(removalKeyForSignature).asBytes];
|
|
385
|
+
externalSenders = Object.values(mlsKeys).map((key) => bazinga64_1.Decoder.fromBase64(key).asBytes);
|
|
407
386
|
}
|
|
408
387
|
const configuration = {
|
|
409
388
|
externalSenders,
|
|
410
|
-
ciphersuite: this.config.
|
|
389
|
+
ciphersuite: this.config.cipherSuite,
|
|
411
390
|
};
|
|
412
391
|
const credentialType = await this.getCredentialType();
|
|
413
392
|
return this.coreCryptoClient.createConversation(groupIdBytes, credentialType, configuration);
|
|
@@ -448,41 +427,6 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
448
427
|
response.failures = [...keysClaimingFailures, ...response.failures];
|
|
449
428
|
return response;
|
|
450
429
|
}
|
|
451
|
-
/**
|
|
452
|
-
* Will create a 1:1 conversation inside of coreCrypto, try claiming key packages for user and (if succesfull) add them to the MLS group.
|
|
453
|
-
* @param groupId the id of the group to create inside of coreCrypto
|
|
454
|
-
* @param userId the id of the user to register the conversation with
|
|
455
|
-
* @param selfUser the self user that is creating the 1:1 conversation (user and client ids)
|
|
456
|
-
*/
|
|
457
|
-
async register1to1Conversation(groupId, userId, selfUser, removalKeyFor1to1Signature) {
|
|
458
|
-
try {
|
|
459
|
-
await this.registerEmptyConversation(groupId, undefined, removalKeyFor1to1Signature);
|
|
460
|
-
// We fist fetch key packages for the user we want to add
|
|
461
|
-
const { keyPackages: otherUserKeyPackages, failures: otherUserKeysClaimingFailures } = await this.getKeyPackagesPayload([userId]);
|
|
462
|
-
// If we're missing key packages for the user we want to add, we can't register the conversation
|
|
463
|
-
if (otherUserKeyPackages.length <= 0) {
|
|
464
|
-
if (otherUserKeysClaimingFailures.length > 0 &&
|
|
465
|
-
otherUserKeysClaimingFailures.some(({ reason }) => reason === conversation_1.AddUsersFailureReasons.OFFLINE_FOR_TOO_LONG)) {
|
|
466
|
-
throw new ClientMLSError_1.ClientMLSError(ClientMLSError_1.ClientMLSErrorLabel.NO_KEY_PACKAGES_AVAILABLE);
|
|
467
|
-
}
|
|
468
|
-
}
|
|
469
|
-
const { keyPackages: selfKeyPackages, failures: selfKeysClaimingFailures } = await this.getKeyPackagesPayload([
|
|
470
|
-
Object.assign(Object.assign({}, selfUser.user), { skipOwnClientId: selfUser.client }),
|
|
471
|
-
]);
|
|
472
|
-
const response = await this.addUsersToExistingConversation(groupId, [
|
|
473
|
-
...otherUserKeyPackages,
|
|
474
|
-
...selfKeyPackages,
|
|
475
|
-
]);
|
|
476
|
-
// We schedule a periodic key material renewal
|
|
477
|
-
await this.scheduleKeyMaterialRenewal(groupId);
|
|
478
|
-
response.failures = [...otherUserKeysClaimingFailures, ...selfKeysClaimingFailures, ...response.failures];
|
|
479
|
-
return response;
|
|
480
|
-
}
|
|
481
|
-
catch (error) {
|
|
482
|
-
await this.wipeConversation(groupId);
|
|
483
|
-
throw error;
|
|
484
|
-
}
|
|
485
|
-
}
|
|
486
430
|
/**
|
|
487
431
|
* Will send a removal commit for given clients
|
|
488
432
|
* @param groupId groupId of the conversation
|
|
@@ -511,11 +455,11 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
511
455
|
}
|
|
512
456
|
async clientValidKeypackagesCount() {
|
|
513
457
|
const credentialType = await this.getCredentialType();
|
|
514
|
-
return this.coreCryptoClient.clientValidKeypackagesCount(this.config.
|
|
458
|
+
return this.coreCryptoClient.clientValidKeypackagesCount(this.config.cipherSuite, credentialType);
|
|
515
459
|
}
|
|
516
460
|
async clientKeypackages(amountRequested) {
|
|
517
461
|
const credentialType = await this.getCredentialType();
|
|
518
|
-
return this.coreCryptoClient.clientKeypackages(this.config.
|
|
462
|
+
return this.coreCryptoClient.clientKeypackages(this.config.cipherSuite, credentialType, amountRequested);
|
|
519
463
|
}
|
|
520
464
|
/**
|
|
521
465
|
* Will send an empty commit into a group (renew key material)
|
|
@@ -595,21 +539,21 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
595
539
|
*/
|
|
596
540
|
async verifyLocalMLSKeyPackagesAmount(clientId) {
|
|
597
541
|
const keyPackagesCount = await this.clientValidKeypackagesCount();
|
|
598
|
-
if (keyPackagesCount <= this.
|
|
542
|
+
if (keyPackagesCount <= this.config.minRequiredNumberOfAvailableKeyPackages) {
|
|
599
543
|
return this.verifyRemoteMLSKeyPackagesAmount(clientId);
|
|
600
544
|
}
|
|
601
545
|
}
|
|
602
546
|
async verifyRemoteMLSKeyPackagesAmount(clientId) {
|
|
603
547
|
const backendKeyPackagesCount = await this.getRemoteMLSKeyPackageCount(clientId);
|
|
604
548
|
// If we have enough keys uploaded on backend, there's no need to upload more.
|
|
605
|
-
if (backendKeyPackagesCount > this.
|
|
549
|
+
if (backendKeyPackagesCount > this.config.minRequiredNumberOfAvailableKeyPackages) {
|
|
606
550
|
return;
|
|
607
551
|
}
|
|
608
552
|
const keyPackages = await this.clientKeypackages(this.config.nbKeyPackages);
|
|
609
553
|
return this.uploadMLSKeyPackages(clientId, keyPackages);
|
|
610
554
|
}
|
|
611
555
|
async getRemoteMLSKeyPackageCount(clientId) {
|
|
612
|
-
return this.apiClient.api.client.getMLSKeyPackageCount(clientId, (0, numberToHex_1.numberToHex)(this.config.
|
|
556
|
+
return this.apiClient.api.client.getMLSKeyPackageCount(clientId, (0, numberToHex_1.numberToHex)(this.config.cipherSuite));
|
|
613
557
|
}
|
|
614
558
|
/**
|
|
615
559
|
* Will update the given client on backend with its public key.
|
|
@@ -620,15 +564,13 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
620
564
|
async uploadMLSPublicKeys(client) {
|
|
621
565
|
// If we've already updated a client with its public key, there's no need to do it again.
|
|
622
566
|
const credentialType = await this.getCredentialType();
|
|
623
|
-
const publicKey = await this.coreCryptoClient.clientPublicKey(this.config.
|
|
567
|
+
const publicKey = await this.coreCryptoClient.clientPublicKey(this.config.cipherSuite, credentialType);
|
|
624
568
|
return this.apiClient.api.client.putClient(client.id, {
|
|
625
|
-
mls_public_keys: {
|
|
626
|
-
[(0, Helper_1.getSignatureAlgorithmForCiphersuite)(this.config.defaultCiphersuite)]: btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(publicKey)),
|
|
627
|
-
},
|
|
569
|
+
mls_public_keys: { ed25519: btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(publicKey)) },
|
|
628
570
|
});
|
|
629
571
|
}
|
|
630
572
|
async replaceKeyPackages(clientId, keyPackages) {
|
|
631
|
-
return this.apiClient.api.client.replaceMLSKeyPackages(clientId, keyPackages.map(keyPackage => btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(keyPackage)))
|
|
573
|
+
return this.apiClient.api.client.replaceMLSKeyPackages(clientId, keyPackages.map(keyPackage => btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(keyPackage))));
|
|
632
574
|
}
|
|
633
575
|
async uploadMLSKeyPackages(clientId, keyPackages) {
|
|
634
576
|
return this.apiClient.api.client.uploadMLSKeyPackages(clientId, keyPackages.map(keyPackage => btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(keyPackage))));
|
|
@@ -772,12 +714,12 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
772
714
|
* @returns AcmeChallenge if the user is not authenticated, true if the user is authenticated
|
|
773
715
|
*/
|
|
774
716
|
async enrollE2EI(discoveryUrl, user, client, nbPrekeys, certificateTtl, getOAuthToken) {
|
|
775
|
-
const isCertificateRenewal = await this.coreCryptoClient.e2eiIsEnabled(this.config.
|
|
717
|
+
const isCertificateRenewal = await this.coreCryptoClient.e2eiIsEnabled(this.config.cipherSuite);
|
|
776
718
|
const e2eiServiceInternal = new E2EIServiceInternal_1.E2EIServiceInternal(this.coreDatabase, this.coreCryptoClient, this.apiClient, certificateTtl, nbPrekeys, { user, clientId: client.id, discoveryUrl });
|
|
777
|
-
const rotateBundle = await e2eiServiceInternal.generateCertificate(getOAuthToken, isCertificateRenewal
|
|
719
|
+
const rotateBundle = await e2eiServiceInternal.generateCertificate(getOAuthToken, isCertificateRenewal);
|
|
778
720
|
this.dispatchNewCrlDistributionPoints(rotateBundle);
|
|
779
721
|
// upload the clients public keys
|
|
780
|
-
if (!
|
|
722
|
+
if (!(0, Helper_1.isMLSDevice)(client)) {
|
|
781
723
|
// we only upload public keys for the initial certification process if the device is not already a registered MLS device.
|
|
782
724
|
await this.uploadMLSPublicKeys(client);
|
|
783
725
|
}
|
|
@@ -795,7 +737,15 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
795
737
|
groupInfo: (commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.group_info) || commitBundle.groupInfo,
|
|
796
738
|
welcome: commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.welcome,
|
|
797
739
|
};
|
|
798
|
-
|
|
740
|
+
try {
|
|
741
|
+
await this.uploadCommitBundle(groupIdAsBytes, newCommitBundle);
|
|
742
|
+
}
|
|
743
|
+
catch (error) {
|
|
744
|
+
if ((0, MLSService_guards_1.isBackendError)(error) && error.label === http_1.BackendErrorLabel.MLS_MISSING_REFERENCE) {
|
|
745
|
+
await this.coreCryptoClient.clearPendingCommit(groupIdAsBytes);
|
|
746
|
+
window.location.reload();
|
|
747
|
+
}
|
|
748
|
+
}
|
|
799
749
|
}
|
|
800
750
|
}
|
|
801
751
|
}
|