@wireapp/core 46.1.0-hotfix-1.5 → 46.1.0-hotfix-1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/lib/Account.d.ts +8 -5
- package/lib/Account.d.ts.map +1 -1
- package/lib/Account.js +141 -321
- package/lib/Account.test.js +9 -9
- package/lib/conversation/AssetService/AssetService.test.js +3 -3
- package/lib/conversation/ConversationService/ConversationService.d.ts +1 -1
- package/lib/conversation/ConversationService/ConversationService.d.ts.map +1 -1
- package/lib/conversation/ConversationService/ConversationService.js +11 -5
- package/lib/conversation/ConversationService/ConversationService.test.js +6 -9
- package/lib/conversation/SubconversationService/SubconversationService.d.ts +1 -1
- package/lib/conversation/SubconversationService/SubconversationService.d.ts.map +1 -1
- package/lib/conversation/SubconversationService/SubconversationService.js +3 -1
- package/lib/conversation/SubconversationService/SubconversationService.test.js +6 -5
- package/lib/conversation/message/MessageBuilder.js +2 -2
- package/lib/conversation/message/MessageService.test.js +3 -3
- package/lib/index.d.ts +1 -0
- package/lib/index.d.ts.map +1 -1
- package/lib/index.js +3 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.d.ts +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/schema.d.ts +2 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.js +8 -31
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.test.js +56 -4
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts +2 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.js +3 -6
- package/lib/messagingProtocols/mls/E2EIdentityService/Helper/index.d.ts +4 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/Helper/index.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Helper/index.js +24 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.d.ts +1 -1
- package/lib/messagingProtocols/mls/MLSService/ClientMLSError.d.ts +8 -0
- package/lib/messagingProtocols/mls/MLSService/ClientMLSError.d.ts.map +1 -0
- package/lib/messagingProtocols/mls/MLSService/{MLSService.guards.js → ClientMLSError.js} +12 -7
- package/lib/messagingProtocols/mls/MLSService/MLSService.d.ts +45 -11
- package/lib/messagingProtocols/mls/MLSService/MLSService.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/MLSService/MLSService.js +92 -42
- package/lib/messagingProtocols/mls/MLSService/MLSService.test.js +109 -10
- package/lib/messagingProtocols/mls/MLSService/MLSService.types.d.ts +1 -15
- package/lib/messagingProtocols/mls/MLSService/MLSService.types.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/MLSService/index.d.ts +1 -0
- package/lib/messagingProtocols/mls/MLSService/index.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/MLSService/index.js +1 -0
- package/lib/messagingProtocols/mls/types.d.ts +0 -3
- package/lib/messagingProtocols/mls/types.d.ts.map +1 -1
- package/lib/messagingProtocols/proteus/ProteusService/CryptoClient/CoreCryptoWrapper/CoreCryptoWrapper.d.ts.map +1 -1
- package/lib/messagingProtocols/proteus/ProteusService/CryptoClient/CoreCryptoWrapper/CoreCryptoWrapper.js +0 -1
- package/lib/messagingProtocols/proteus/ProteusService/ProteusService.mocks.d.ts +7 -4
- package/lib/messagingProtocols/proteus/ProteusService/ProteusService.mocks.d.ts.map +1 -1
- package/lib/messagingProtocols/proteus/Utility/SessionHandler/SessionHandler.d.ts +1 -1
- package/lib/messagingProtocols/proteus/Utility/SessionHandler/SessionHandler.d.ts.map +1 -1
- package/lib/test/PayloadHelper.js +2 -2
- package/package.json +3 -3
- package/lib/messagingProtocols/mls/MLSService/MLSService.guards.d.ts +0 -4
- package/lib/messagingProtocols/mls/MLSService/MLSService.guards.d.ts.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"E2EIServiceInternal.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAG9C,OAAO,
|
|
1
|
+
{"version":3,"file":"E2EIServiceInternal.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAG9C,OAAO,EAAgB,WAAW,EAAE,UAAU,EAAiB,MAAM,qBAAqB,CAAC;AAS3F,OAAO,EAAqB,WAAW,EAAiC,MAAM,8BAA8B,CAAC;AAE7G,OAAO,EAAC,YAAY,EAAC,MAAM,yBAAyB,CAAC;AAErD,MAAM,MAAM,gBAAgB,GAAG,CAAC,cAAc,CAAC,EAAE;IAAC,SAAS,EAAE,GAAG,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAC,KAAK,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;AACnH,qBAAa,mBAAmB;IAO5B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,wDAAwD;IACxD,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW;IAX9B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAuD;IAC9E,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,iBAAiB,CAAiD;gBAGxE,MAAM,EAAE,YAAY,EACH,gBAAgB,EAAE,UAAU,EAC5B,SAAS,EAAE,SAAS;IACrC,wDAAwD;IACvC,cAAc,EAAE,MAAM,EACtB,iBAAiB,EAAE,MAAM,EACzB,WAAW,EAAE,WAAW;IAO3C;;;;OAIG;IACU,mBAAmB,CAAC,aAAa,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,WAAW;YAkC9F,6BAA6B;YAQ7B,YAAY;YAoBZ,YAAY;YAUZ,eAAe;IAQ7B;;;;;OAKG;YACW,uBAAuB;IAyCrC;;;;;;;OAOG;YACW,eAAe;CAgE9B"}
|
|
@@ -24,7 +24,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
24
24
|
exports.E2EIServiceInternal = void 0;
|
|
25
25
|
const logdown_1 = __importDefault(require("logdown"));
|
|
26
26
|
const AcmeServer_1 = require("./Connection/AcmeServer");
|
|
27
|
-
const E2EIService_types_1 = require("./E2EIService.types");
|
|
28
27
|
const Helper_1 = require("./Helper");
|
|
29
28
|
const Account_1 = require("./Steps/Account");
|
|
30
29
|
const Authorization_1 = require("./Steps/Authorization");
|
|
@@ -52,7 +51,7 @@ class E2EIServiceInternal {
|
|
|
52
51
|
* @param getOAuthToken function called when the process needs an oauth token
|
|
53
52
|
* @param refresh should the process refresh the current certificate or get a new one
|
|
54
53
|
*/
|
|
55
|
-
async generateCertificate(getOAuthToken, refresh) {
|
|
54
|
+
async generateCertificate(getOAuthToken, refresh, ciphersuite) {
|
|
56
55
|
const stashedEnrollmentData = await this.enrollmentStorage.getPendingEnrollmentData();
|
|
57
56
|
if (stashedEnrollmentData) {
|
|
58
57
|
// In case we have stashed data, we continue the enrollment flow (we are coming back from a redirect)
|
|
@@ -63,7 +62,7 @@ class E2EIServiceInternal {
|
|
|
63
62
|
return this.continueCertificateGeneration(oAuthToken, stashedEnrollmentData);
|
|
64
63
|
}
|
|
65
64
|
// We first get the challenges needed to validate the user identity
|
|
66
|
-
const identity = await this.initIdentity(refresh);
|
|
65
|
+
const identity = await this.initIdentity(refresh, ciphersuite);
|
|
67
66
|
const enrollmentChallenges = await this.getEnrollmentChallenges(identity);
|
|
68
67
|
const { keyauth, oidcChallenge } = enrollmentChallenges.authorization;
|
|
69
68
|
const challengeData = { challenge: oidcChallenge, keyAuth: keyauth };
|
|
@@ -84,10 +83,8 @@ class E2EIServiceInternal {
|
|
|
84
83
|
return this.getRotateBundle(identity, oAuthToken, enrollmentData);
|
|
85
84
|
}
|
|
86
85
|
// ############ Internal Functions ############
|
|
87
|
-
async initIdentity(hasActiveCertificate) {
|
|
86
|
+
async initIdentity(hasActiveCertificate, ciphersuite) {
|
|
88
87
|
const { user } = this.initialData;
|
|
89
|
-
// How long the issued certificate should be maximal valid
|
|
90
|
-
const ciphersuite = E2EIService_types_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519;
|
|
91
88
|
return hasActiveCertificate
|
|
92
89
|
? this.coreCryptoClient.e2eiNewRotateEnrollment(this.certificateTtl, ciphersuite, user.displayName, user.handle, user.teamId)
|
|
93
90
|
: this.coreCryptoClient.e2eiNewActivationEnrollment(user.displayName, user.handle, this.certificateTtl, ciphersuite, user.teamId);
|
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import { RegisteredClient } from '@wireapp/api-client/lib/client';
|
|
1
|
+
import { MLSPublicKeyAlgorithmKeys, RegisteredClient } from '@wireapp/api-client/lib/client';
|
|
2
|
+
import { Ciphersuite } from '@wireapp/core-crypto';
|
|
2
3
|
import { ClientIdStringType } from '../../../../util/fullyQualifiedClientIdUtils';
|
|
3
4
|
export declare const jsonToByteArray: (data: any) => Uint8Array;
|
|
4
5
|
type GetE2EIClientIdReturnType = {
|
|
@@ -6,7 +7,8 @@ type GetE2EIClientIdReturnType = {
|
|
|
6
7
|
asBytes: Uint8Array;
|
|
7
8
|
};
|
|
8
9
|
export declare const getE2EIClientId: (clientId: string, userId: string, userDomain: string) => GetE2EIClientIdReturnType;
|
|
9
|
-
export declare const
|
|
10
|
+
export declare const getSignatureAlgorithmForCiphersuite: (ciphersuite: Ciphersuite) => MLSPublicKeyAlgorithmKeys;
|
|
11
|
+
export declare const isMLSDevice: ({ mls_public_keys }: RegisteredClient, ciphersuite: Ciphersuite) => boolean;
|
|
10
12
|
export declare const isResponseStatusValid: (status: string | undefined) => boolean | "" | undefined;
|
|
11
13
|
export {};
|
|
12
14
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Helper/index.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Helper/index.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,yBAAyB,EAAE,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;AAE3F,OAAO,EAAC,WAAW,EAAC,MAAM,sBAAsB,CAAC;AAEjD,OAAO,EAAC,kBAAkB,EAAkC,MAAM,8CAA8C,CAAC;AAEjH,eAAO,MAAM,eAAe,SAAU,GAAG,KAAG,UAG3C,CAAC;AAEF,KAAK,yBAAyB,GAAG;IAC/B,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,OAAO,EAAE,UAAU,CAAC;CACrB,CAAC;AACF,eAAO,MAAM,eAAe,aAAc,MAAM,UAAU,MAAM,cAAc,MAAM,KAAG,yBAOtF,CAAC;AAeF,eAAO,MAAM,mCAAmC,gBAAiB,WAAW,KAAG,yBAE9E,CAAC;AAEF,eAAO,MAAM,WAAW,wBAAuB,gBAAgB,eAAe,WAAW,YAIxF,CAAC;AAEF,eAAO,MAAM,qBAAqB,WAAY,MAAM,GAAG,SAAS,6BAAiC,CAAC"}
|
|
@@ -18,7 +18,9 @@
|
|
|
18
18
|
*
|
|
19
19
|
*/
|
|
20
20
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
21
|
-
exports.isResponseStatusValid = exports.isMLSDevice = exports.getE2EIClientId = exports.jsonToByteArray = void 0;
|
|
21
|
+
exports.isResponseStatusValid = exports.isMLSDevice = exports.getSignatureAlgorithmForCiphersuite = exports.getE2EIClientId = exports.jsonToByteArray = void 0;
|
|
22
|
+
const client_1 = require("@wireapp/api-client/lib/client");
|
|
23
|
+
const core_crypto_1 = require("@wireapp/core-crypto");
|
|
22
24
|
const fullyQualifiedClientIdUtils_1 = require("../../../../util/fullyQualifiedClientIdUtils");
|
|
23
25
|
const jsonToByteArray = (data) => {
|
|
24
26
|
const encoder = new TextEncoder();
|
|
@@ -34,7 +36,27 @@ const getE2EIClientId = (clientId, userId, userDomain) => {
|
|
|
34
36
|
};
|
|
35
37
|
};
|
|
36
38
|
exports.getE2EIClientId = getE2EIClientId;
|
|
37
|
-
|
|
39
|
+
/**
|
|
40
|
+
* depending on the ciphersuite used, the signature algorithm used is different. We need to keep a mapping of the ciphersuite to the signature algorithm
|
|
41
|
+
*/
|
|
42
|
+
const ciphersuiteSignatureAlgorithmMap = {
|
|
43
|
+
[core_crypto_1.Ciphersuite.MLS_128_DHKEMP256_AES128GCM_SHA256_P256]: client_1.MLSPublicKeyAlgorithmKeys.ECDSA_SECP256R1_SHA256,
|
|
44
|
+
[core_crypto_1.Ciphersuite.MLS_256_DHKEMP384_AES256GCM_SHA384_P384]: client_1.MLSPublicKeyAlgorithmKeys.ECDSA_SECP384R1_SHA384,
|
|
45
|
+
[core_crypto_1.Ciphersuite.MLS_256_DHKEMP521_AES256GCM_SHA512_P521]: client_1.MLSPublicKeyAlgorithmKeys.ECDSA_SECP521R1_SHA512,
|
|
46
|
+
[core_crypto_1.Ciphersuite.MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448]: client_1.MLSPublicKeyAlgorithmKeys.ED448,
|
|
47
|
+
[core_crypto_1.Ciphersuite.MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448]: client_1.MLSPublicKeyAlgorithmKeys.ED448,
|
|
48
|
+
[core_crypto_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519]: client_1.MLSPublicKeyAlgorithmKeys.ED25519,
|
|
49
|
+
[core_crypto_1.Ciphersuite.MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519]: client_1.MLSPublicKeyAlgorithmKeys.ED25519,
|
|
50
|
+
};
|
|
51
|
+
const getSignatureAlgorithmForCiphersuite = (ciphersuite) => {
|
|
52
|
+
return ciphersuiteSignatureAlgorithmMap[ciphersuite];
|
|
53
|
+
};
|
|
54
|
+
exports.getSignatureAlgorithmForCiphersuite = getSignatureAlgorithmForCiphersuite;
|
|
55
|
+
const isMLSDevice = ({ mls_public_keys }, ciphersuite) => {
|
|
56
|
+
const signatureAlogrithm = (0, exports.getSignatureAlgorithmForCiphersuite)(ciphersuite);
|
|
57
|
+
const signature = mls_public_keys[signatureAlogrithm];
|
|
58
|
+
return typeof signature === 'string' && signature.length > 0;
|
|
59
|
+
};
|
|
38
60
|
exports.isMLSDevice = isMLSDevice;
|
|
39
61
|
const isResponseStatusValid = (status) => status && status === 'valid';
|
|
40
62
|
exports.isResponseStatusValid = isResponseStatusValid;
|
|
@@ -14,11 +14,11 @@ export declare const doWireOidcChallenge: ({ connection, authData, identity, non
|
|
|
14
14
|
target: string;
|
|
15
15
|
status: string;
|
|
16
16
|
token: string;
|
|
17
|
-
validated?: string | undefined;
|
|
18
17
|
error?: {
|
|
19
18
|
type: string;
|
|
20
19
|
detail: string;
|
|
21
20
|
} | undefined;
|
|
21
|
+
validated?: string | undefined;
|
|
22
22
|
}>>;
|
|
23
23
|
export {};
|
|
24
24
|
//# sourceMappingURL=OidcChallenge.d.ts.map
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export declare enum ClientMLSErrorLabel {
|
|
2
|
+
NO_KEY_PACKAGES_AVAILABLE = "no-key-packages-available"
|
|
3
|
+
}
|
|
4
|
+
export declare class ClientMLSError extends Error {
|
|
5
|
+
label: ClientMLSErrorLabel;
|
|
6
|
+
constructor(label: ClientMLSErrorLabel);
|
|
7
|
+
}
|
|
8
|
+
//# sourceMappingURL=ClientMLSError.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ClientMLSError.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/ClientMLSError.ts"],"names":[],"mappings":"AAmBA,oBAAY,mBAAmB;IAC7B,yBAAyB,8BAA8B;CACxD;AAED,qBAAa,cAAe,SAAQ,KAAK;IACvC,KAAK,EAAE,mBAAmB,CAAC;gBAEf,KAAK,EAAE,mBAAmB;CAKvC"}
|
|
@@ -18,11 +18,16 @@
|
|
|
18
18
|
*
|
|
19
19
|
*/
|
|
20
20
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
21
|
-
exports.
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
21
|
+
exports.ClientMLSError = exports.ClientMLSErrorLabel = void 0;
|
|
22
|
+
var ClientMLSErrorLabel;
|
|
23
|
+
(function (ClientMLSErrorLabel) {
|
|
24
|
+
ClientMLSErrorLabel["NO_KEY_PACKAGES_AVAILABLE"] = "no-key-packages-available";
|
|
25
|
+
})(ClientMLSErrorLabel || (exports.ClientMLSErrorLabel = ClientMLSErrorLabel = {}));
|
|
26
|
+
class ClientMLSError extends Error {
|
|
27
|
+
constructor(label) {
|
|
28
|
+
super();
|
|
29
|
+
this.label = label;
|
|
30
|
+
Object.setPrototypeOf(this, new.target.prototype);
|
|
31
|
+
}
|
|
27
32
|
}
|
|
28
|
-
exports.
|
|
33
|
+
exports.ClientMLSError = ClientMLSError;
|
|
@@ -1,25 +1,36 @@
|
|
|
1
|
-
import type { RegisteredClient } from '@wireapp/api-client/lib/client';
|
|
1
|
+
import type { MLSPublicKeyRecord, RegisteredClient } from '@wireapp/api-client/lib/client';
|
|
2
2
|
import { PostMlsMessageResponse, SUBCONVERSATION_ID } from '@wireapp/api-client/lib/conversation';
|
|
3
3
|
import { ConversationMLSMessageAddEvent, ConversationMLSWelcomeEvent } from '@wireapp/api-client/lib/event';
|
|
4
4
|
import { QualifiedId } from '@wireapp/api-client/lib/user';
|
|
5
5
|
import logdown from 'logdown';
|
|
6
6
|
import { APIClient } from '@wireapp/api-client';
|
|
7
7
|
import { TypedEventEmitter } from '@wireapp/commons';
|
|
8
|
-
import { AddProposalArgs, ConversationId, CoreCrypto, DecryptedMessage, ProposalArgs, ProposalType, RemoveProposalArgs } from '@wireapp/core-crypto';
|
|
9
|
-
import { MLSServiceConfig } from './MLSService.types';
|
|
8
|
+
import { AddProposalArgs, Ciphersuite, ConversationId, CoreCrypto, DecryptedMessage, ProposalArgs, ProposalType, RemoveProposalArgs } from '@wireapp/core-crypto';
|
|
10
9
|
import { AddUsersFailure, KeyPackageClaimUser } from '../../../conversation';
|
|
11
10
|
import { CoreDatabase } from '../../../storage/CoreDB';
|
|
12
11
|
import { RecurringTaskScheduler } from '../../../util/RecurringTaskScheduler';
|
|
13
12
|
import { User } from '../E2EIdentityService';
|
|
14
13
|
import { getTokenCallback } from '../E2EIdentityService/E2EIServiceInternal';
|
|
15
14
|
import { ClientId, HandlePendingProposalsParams } from '../types';
|
|
16
|
-
|
|
17
|
-
interface
|
|
15
|
+
type Optional<T, K extends keyof T> = Pick<Partial<T>, K> & Omit<T, K>;
|
|
16
|
+
interface MLSConfig {
|
|
17
|
+
/** List of ciphersuites that could be used for MLS */
|
|
18
|
+
ciphersuites: Ciphersuite[];
|
|
19
|
+
/** preferred ciphersuite to use */
|
|
20
|
+
defaultCiphersuite: Ciphersuite;
|
|
21
|
+
/**
|
|
22
|
+
* (milliseconds) period of time between automatic updates of the keying material (30 days by default)
|
|
23
|
+
*/
|
|
24
|
+
keyingMaterialUpdateThreshold: number;
|
|
18
25
|
/**
|
|
19
|
-
*
|
|
26
|
+
* number of key packages client should upload to the server (100 by default)
|
|
20
27
|
*/
|
|
21
|
-
|
|
28
|
+
nbKeyPackages: number;
|
|
22
29
|
}
|
|
30
|
+
export type InitClientOptions = Optional<MLSConfig, 'keyingMaterialUpdateThreshold' | 'nbKeyPackages'> & {
|
|
31
|
+
skipInitIdentity?: boolean;
|
|
32
|
+
};
|
|
33
|
+
export declare const optionalToUint8Array: (array: Uint8Array | []) => Uint8Array;
|
|
23
34
|
type Events = {
|
|
24
35
|
newEpoch: {
|
|
25
36
|
epoch: number;
|
|
@@ -33,18 +44,29 @@ export declare class MLSService extends TypedEventEmitter<Events> {
|
|
|
33
44
|
private readonly coreDatabase;
|
|
34
45
|
private readonly recurringTaskScheduler;
|
|
35
46
|
logger: logdown.Logger;
|
|
36
|
-
|
|
47
|
+
private _config?;
|
|
37
48
|
private readonly textEncoder;
|
|
38
49
|
private readonly textDecoder;
|
|
39
50
|
private readonly conflictBackoffQueue;
|
|
40
|
-
constructor(apiClient: APIClient, coreCryptoClient: CoreCrypto, coreDatabase: CoreDatabase, recurringTaskScheduler: RecurringTaskScheduler
|
|
51
|
+
constructor(apiClient: APIClient, coreCryptoClient: CoreCrypto, coreDatabase: CoreDatabase, recurringTaskScheduler: RecurringTaskScheduler);
|
|
52
|
+
/**
|
|
53
|
+
* return true if the MLS service if configured and ready to be used
|
|
54
|
+
*/
|
|
55
|
+
get isEnabled(): boolean;
|
|
56
|
+
get config(): MLSConfig;
|
|
57
|
+
private get minRequiredKeyPackages();
|
|
41
58
|
/**
|
|
42
59
|
* Will initialize an MLS client
|
|
43
60
|
* @param userId the user owning the client
|
|
44
61
|
* @param client id of the client to initialize
|
|
45
62
|
* @param skipInitIdentity avoid registering the client's identity to the backend (needed for e2eidentity as the identity will be uploaded and signed only when enrollment is successful)
|
|
46
63
|
*/
|
|
47
|
-
initClient(userId: QualifiedId, client: RegisteredClient, skipInitIdentity
|
|
64
|
+
initClient(userId: QualifiedId, client: RegisteredClient, { skipInitIdentity, ...mlsConfig }: InitClientOptions): Promise<void>;
|
|
65
|
+
/**
|
|
66
|
+
* returns true if the client has a valid MLS identity in regard of the default ciphersuite set
|
|
67
|
+
* @param client the client to check
|
|
68
|
+
*/
|
|
69
|
+
isInitializedMLSClient: (client: RegisteredClient) => boolean;
|
|
48
70
|
private getCredentialType;
|
|
49
71
|
private uploadCommitBundle;
|
|
50
72
|
private readonly _uploadCommitBundle;
|
|
@@ -87,7 +109,7 @@ export declare class MLSService extends TypedEventEmitter<Events> {
|
|
|
87
109
|
* @param groupId the id of the group to create inside of coreCrypto
|
|
88
110
|
* @param parentGroupId in case the conversation is a subconversation, the id of the parent conversation
|
|
89
111
|
*/
|
|
90
|
-
registerEmptyConversation(groupId: string, parentGroupId?: string): Promise<void>;
|
|
112
|
+
registerEmptyConversation(groupId: string, parentGroupId?: string, removalKeyFor1to1Signature?: MLSPublicKeyRecord): Promise<void>;
|
|
91
113
|
/**
|
|
92
114
|
* Will create a conversation inside of coreCrypto, add users to it or update the keying material if empty key packages list is provided.
|
|
93
115
|
* @param groupId the id of the group to create inside of coreCrypto
|
|
@@ -104,6 +126,18 @@ export declare class MLSService extends TypedEventEmitter<Events> {
|
|
|
104
126
|
}): Promise<PostMlsMessageResponse & {
|
|
105
127
|
failures: AddUsersFailure[];
|
|
106
128
|
}>;
|
|
129
|
+
/**
|
|
130
|
+
* Will create a 1:1 conversation inside of coreCrypto, try claiming key packages for user and (if succesfull) add them to the MLS group.
|
|
131
|
+
* @param groupId the id of the group to create inside of coreCrypto
|
|
132
|
+
* @param userId the id of the user to register the conversation with
|
|
133
|
+
* @param selfUser the self user that is creating the 1:1 conversation (user and client ids)
|
|
134
|
+
*/
|
|
135
|
+
register1to1Conversation(groupId: string, userId: QualifiedId, selfUser: {
|
|
136
|
+
user: QualifiedId;
|
|
137
|
+
client: string;
|
|
138
|
+
}, removalKeyFor1to1Signature?: MLSPublicKeyRecord): Promise<PostMlsMessageResponse & {
|
|
139
|
+
failures: AddUsersFailure[];
|
|
140
|
+
}>;
|
|
107
141
|
/**
|
|
108
142
|
* Will try to register mls group and send an empty commit to establish it.
|
|
109
143
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MLSService.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAqB,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;
|
|
1
|
+
{"version":3,"file":"MLSService.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAqB,kBAAkB,EAAE,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;AAC7G,OAAO,EAAC,sBAAsB,EAAE,kBAAkB,EAAC,MAAM,sCAAsC,CAAC;AAChG,OAAO,EAAC,8BAA8B,EAAE,2BAA2B,EAAC,MAAM,+BAA+B,CAAC;AAE1G,OAAO,EAAC,WAAW,EAAC,MAAM,8BAA8B,CAAC;AAGzD,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAW,iBAAiB,EAAC,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EACL,eAAe,EACf,WAAW,EAGX,cAAc,EACd,UAAU,EAEV,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EACnB,MAAM,sBAAsB,CAAC;AAO9B,OAAO,EAAC,eAAe,EAA0B,mBAAmB,EAAC,MAAM,uBAAuB,CAAC;AAEnG,OAAO,EAAC,YAAY,EAAC,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAC,sBAAsB,EAAC,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAC,IAAI,EAAC,MAAM,uBAAuB,CAAC;AAC3C,OAAO,EAAsB,gBAAgB,EAAC,MAAM,2CAA2C,CAAC;AAQhG,OAAO,EAAC,QAAQ,EAAE,4BAA4B,EAAC,MAAM,UAAU,CAAC;AAGhE,KAAK,QAAQ,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAEvE,UAAU,SAAS;IACjB,sDAAsD;IACtD,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,mCAAmC;IACnC,kBAAkB,EAAE,WAAW,CAAC;IAChC;;OAEG;IACH,6BAA6B,EAAE,MAAM,CAAC;IACtC;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;CACvB;AACD,MAAM,MAAM,iBAAiB,GAAG,QAAQ,CAAC,SAAS,EAAE,+BAA+B,GAAG,eAAe,CAAC,GAAG;IACvG,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B,CAAC;AAIF,eAAO,MAAM,oBAAoB,UAAW,UAAU,GAAG,EAAE,KAAG,UAE7D,CAAC;AAOF,KAAK,MAAM,GAAG;IACZ,QAAQ,EAAE;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAC,CAAC;IAC3C,wBAAwB,EAAE,MAAM,EAAE,CAAC;CACpC,CAAC;AACF,qBAAa,UAAW,SAAQ,iBAAiB,CAAC,MAAM,CAAC;IAarD,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IAfzC,MAAM,iBAAuC;IAC7C,OAAO,CAAC,OAAO,CAAC,CAAY;IAC5B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAKlC;gBAGgB,SAAS,EAAE,SAAS,EACpB,gBAAgB,EAAE,UAAU,EAC5B,YAAY,EAAE,YAAY,EAC1B,sBAAsB,EAAE,sBAAsB;IAKjE;;OAEG;IACH,IAAI,SAAS,YAEZ;IAED,IAAI,MAAM,cAKT;IAED,OAAO,KAAK,sBAAsB,GAEjC;IAED;;;;;OAKG;IACU,UAAU,CACrB,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,gBAAgB,EACxB,EAAC,gBAAgB,EAAE,GAAG,SAAS,EAAC,EAAE,iBAAiB;IAuCrD;;;OAGG;IACI,sBAAsB,WAAY,gBAAgB,aAAyD;YAEpG,iBAAiB;IAM/B,OAAO,CAAC,kBAAkB,CAexB;IAEF,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAkClC;IAEF;;;;;;OAMG;IACU,8BAA8B,CACzC,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,UAAU,EAAE,GACxB,OAAO,CAAC,sBAAsB,GAAG;QAAC,QAAQ,EAAE,eAAe,EAAE,CAAA;KAAC,CAAC;IA6BrD,qBAAqB,CAAC,cAAc,EAAE,mBAAmB,EAAE;;;;IA2EjE,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAK/B,WAAW,CAAC,YAAY,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,eAAe,GAAG,kBAAkB;IAIjG,oBAAoB,CAAC,YAAY,EAAE,MAAM,OAAO,CAAC,UAAU,CAAC;IAwB5D,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMjF,OAAO,CAAC,gCAAgC;IAO3B,qBAAqB,CAAC,cAAc,EAAE,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC;IAM1E,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAkB9F,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAIrG;;;;;;;;;OASG;YACW,mBAAmB;IAUjC,OAAO,CAAC,oBAAoB;IAK5B;;;;OAIG;IACU,yBAAyB,CACpC,OAAO,EAAE,MAAM,EACf,aAAa,CAAC,EAAE,MAAM,EACtB,0BAA0B,CAAC,EAAE,kBAAkB,GAC9C,OAAO,CAAC,IAAI,CAAC;IA6BhB;;;;;;OAMG;IACU,oBAAoB,CAC/B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,WAAW,EAAE,EACpB,OAAO,CAAC,EAAE;QAAC,OAAO,CAAC,EAAE;YAAC,IAAI,EAAE,WAAW,CAAC;YAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAC,CAAC;QAAC,aAAa,CAAC,EAAE,MAAM,CAAA;KAAC,GACjF,OAAO,CAAC,sBAAsB,GAAG;QAAC,QAAQ,EAAE,eAAe,EAAE,CAAA;KAAC,CAAC;IAuClE;;;;;OAKG;IACU,wBAAwB,CACnC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,WAAW,EACnB,QAAQ,EAAE;QAAC,IAAI,EAAE,WAAW,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAC,EAC7C,0BAA0B,CAAC,EAAE,kBAAkB,GAC9C,OAAO,CAAC,sBAAsB,GAAG;QAAC,QAAQ,EAAE,eAAe,EAAE,CAAA;KAAC,CAAC;IAsClE;;;;;OAKG;IACH,SAAgB,uBAAuB,YAAmB,MAAM,KAAG,QAAQ,OAAO,CAAC,CA2BjF;IAEF;;;;OAIG;IACI,6BAA6B,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE;IAW3E;;;OAGG;IACU,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlE;;;;OAIG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5D,2BAA2B,IAAI,OAAO,CAAC,MAAM,CAAC;IAK9C,iBAAiB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAK9E;;;;OAIG;IACU,gBAAgB,CAAC,OAAO,EAAE,MAAM;IAc7C,OAAO,CAAC,sCAAsC;IAI9C;;;OAGG;IACU,uBAAuB,CAAC,OAAO,EAAE,MAAM;IAKpD;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAIhC;;;OAGG;IACI,0BAA0B,CAAC,OAAO,EAAE,MAAM;IAUjD;;;OAGG;IACI,mCAAmC,CAAC,QAAQ,EAAE,MAAM,EAAE;IAQ7D;;;;OAIG;IACI,sCAAsC,CAAC,QAAQ,EAAE,MAAM;IAQ9D;;;;OAIG;YACW,+BAA+B;YAQ/B,gCAAgC;YAYhC,2BAA2B;IAIzC;;;;;OAKG;YACW,mBAAmB;YAanB,kBAAkB;YAQlB,oBAAoB;IAOrB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAe7D;;;;;;;OAOG;IACU,sBAAsB,CAAC,EAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAC,EAAE,4BAA4B;YAWnF,4BAA4B;YAU5B,0BAA0B;IAKxC,OAAO,CAAC,6BAA6B;IAIrC;;;;OAIG;IACU,sBAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,UAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IA4BvF;;;;OAIG;IACU,+BAA+B;IAiB5C;;;;OAIG;IACU,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAC,EAAE,CAAC;IAY9F,wBAAwB,CACnC,KAAK,EAAE,8BAA8B,EACrC,yBAAyB,EAAE,CACzB,cAAc,EAAE,WAAW,EAC3B,iBAAiB,CAAC,EAAE,kBAAkB,KACnC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAgBrB,4BAA4B,CAAC,KAAK,EAAE,2BAA2B,EAAE,QAAQ,EAAE,MAAM;IAc9F;;;;;;;;OAQG;IACU,UAAU,CACrB,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE,IAAI,EACV,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,EACtB,aAAa,EAAE,gBAAgB,GAC9B,OAAO,CAAC,IAAI,CAAC;CAyCjB"}
|
|
@@ -40,8 +40,8 @@ const logdown_1 = __importDefault(require("logdown"));
|
|
|
40
40
|
const commons_1 = require("@wireapp/commons");
|
|
41
41
|
const core_crypto_1 = require("@wireapp/core-crypto");
|
|
42
42
|
const priority_queue_1 = require("@wireapp/priority-queue");
|
|
43
|
+
const ClientMLSError_1 = require("./ClientMLSError");
|
|
43
44
|
const CoreCryptoMLSError_1 = require("./CoreCryptoMLSError");
|
|
44
|
-
const MLSService_guards_1 = require("./MLSService.guards");
|
|
45
45
|
const conversation_1 = require("../../../conversation");
|
|
46
46
|
const messageSender_1 = require("../../../conversation/message/messageSender");
|
|
47
47
|
const fullyQualifiedClientIdUtils_1 = require("../../../util/fullyQualifiedClientIdUtils");
|
|
@@ -61,10 +61,9 @@ exports.optionalToUint8Array = optionalToUint8Array;
|
|
|
61
61
|
const defaultConfig = {
|
|
62
62
|
keyingMaterialUpdateThreshold: 1000 * 60 * 60 * 24 * 30, //30 days
|
|
63
63
|
nbKeyPackages: 100,
|
|
64
|
-
cipherSuite: core_crypto_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519,
|
|
65
64
|
};
|
|
66
65
|
class MLSService extends commons_1.TypedEventEmitter {
|
|
67
|
-
constructor(apiClient, coreCryptoClient, coreDatabase, recurringTaskScheduler
|
|
66
|
+
constructor(apiClient, coreCryptoClient, coreDatabase, recurringTaskScheduler) {
|
|
68
67
|
super();
|
|
69
68
|
this.apiClient = apiClient;
|
|
70
69
|
this.coreCryptoClient = coreCryptoClient;
|
|
@@ -77,17 +76,20 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
77
76
|
maxRetries: 10,
|
|
78
77
|
retryDelay: 500,
|
|
79
78
|
maxRetryDelay: TimeUtil_1.TimeInMillis.SECOND * 32,
|
|
80
|
-
shouldRetry: error =>
|
|
79
|
+
shouldRetry: error => error instanceof http_1.BackendError && error.code === http_1.StatusCode.CONFLICT,
|
|
81
80
|
});
|
|
81
|
+
/**
|
|
82
|
+
* returns true if the client has a valid MLS identity in regard of the default ciphersuite set
|
|
83
|
+
* @param client the client to check
|
|
84
|
+
*/
|
|
85
|
+
this.isInitializedMLSClient = (client) => (0, Helper_1.isMLSDevice)(client, this.config.defaultCiphersuite);
|
|
82
86
|
this.uploadCommitBundle = async (groupId, commitBundle, { isExternalCommit = false, regenerateCommitBundle } = {}) => {
|
|
83
87
|
try {
|
|
84
88
|
return await this._uploadCommitBundle(groupId, async () => commitBundle, isExternalCommit);
|
|
85
89
|
}
|
|
86
90
|
catch (error) {
|
|
87
|
-
if (
|
|
88
|
-
|
|
89
|
-
return this.conflictBackoffQueue.add(async () => this._uploadCommitBundle(groupId, regenerateCommitBundle, isExternalCommit));
|
|
90
|
-
}
|
|
91
|
+
if (error instanceof http_1.BackendError && error.code === http_1.StatusCode.CONFLICT && regenerateCommitBundle) {
|
|
92
|
+
return this.conflictBackoffQueue.add(async () => this._uploadCommitBundle(groupId, regenerateCommitBundle, isExternalCommit));
|
|
91
93
|
}
|
|
92
94
|
throw error;
|
|
93
95
|
}
|
|
@@ -154,12 +156,21 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
154
156
|
return false;
|
|
155
157
|
}
|
|
156
158
|
};
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
159
|
+
}
|
|
160
|
+
/**
|
|
161
|
+
* return true if the MLS service if configured and ready to be used
|
|
162
|
+
*/
|
|
163
|
+
get isEnabled() {
|
|
164
|
+
return !!this._config;
|
|
165
|
+
}
|
|
166
|
+
get config() {
|
|
167
|
+
if (!this._config) {
|
|
168
|
+
throw new Error('mls config is not set, did you forget to call initClient?');
|
|
169
|
+
}
|
|
170
|
+
return this._config;
|
|
171
|
+
}
|
|
172
|
+
get minRequiredKeyPackages() {
|
|
173
|
+
return Math.floor(this.config.nbKeyPackages / 2);
|
|
163
174
|
}
|
|
164
175
|
/**
|
|
165
176
|
* Will initialize an MLS client
|
|
@@ -167,15 +178,19 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
167
178
|
* @param client id of the client to initialize
|
|
168
179
|
* @param skipInitIdentity avoid registering the client's identity to the backend (needed for e2eidentity as the identity will be uploaded and signed only when enrollment is successful)
|
|
169
180
|
*/
|
|
170
|
-
async initClient(userId, client,
|
|
171
|
-
|
|
181
|
+
async initClient(userId, client, _a) {
|
|
182
|
+
var { skipInitIdentity } = _a, mlsConfig = __rest(_a, ["skipInitIdentity"]);
|
|
183
|
+
// filter out undefined values from mlsConfig
|
|
184
|
+
const filteredMLSConfig = Object.fromEntries(Object.entries(mlsConfig).filter(([_, value]) => value !== undefined));
|
|
185
|
+
this._config = Object.assign(Object.assign({}, defaultConfig), filteredMLSConfig);
|
|
186
|
+
await this.coreCryptoClient.mlsInit((0, MLSId_1.generateMLSDeviceId)(userId, client.id), this.config.ciphersuites, this.config.nbKeyPackages);
|
|
172
187
|
await this.coreCryptoClient.registerCallbacks({
|
|
173
188
|
// All authorization/membership rules are enforced on backend
|
|
174
189
|
clientIsExistingGroupUser: async () => true,
|
|
175
190
|
authorize: async () => true,
|
|
176
191
|
userAuthorize: async () => true,
|
|
177
192
|
});
|
|
178
|
-
const isFreshMLSSelfClient =
|
|
193
|
+
const isFreshMLSSelfClient = !this.isInitializedMLSClient(client);
|
|
179
194
|
const shouldinitIdentity = !(isFreshMLSSelfClient && skipInitIdentity);
|
|
180
195
|
if (shouldinitIdentity) {
|
|
181
196
|
// We need to make sure keypackages and public key are uploaded to the backend
|
|
@@ -189,7 +204,7 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
189
204
|
}
|
|
190
205
|
}
|
|
191
206
|
async getCredentialType() {
|
|
192
|
-
return (await this.coreCryptoClient.e2eiIsEnabled(this.config.
|
|
207
|
+
return (await this.coreCryptoClient.e2eiIsEnabled(this.config.defaultCiphersuite))
|
|
193
208
|
? core_crypto_1.CredentialType.X509
|
|
194
209
|
: core_crypto_1.CredentialType.Basic;
|
|
195
210
|
}
|
|
@@ -233,7 +248,7 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
233
248
|
const emptyKeyPackagesUsers = [];
|
|
234
249
|
const keyPackagesSettledResult = await Promise.allSettled(qualifiedUsers.map(async ({ id, domain, skipOwnClientId }) => {
|
|
235
250
|
try {
|
|
236
|
-
const keys = await this.apiClient.api.client.claimMLSKeyPackages(id, domain, (0, numberToHex_1.numberToHex)(this.config.
|
|
251
|
+
const keys = await this.apiClient.api.client.claimMLSKeyPackages(id, domain, (0, numberToHex_1.numberToHex)(this.config.defaultCiphersuite), skipOwnClientId);
|
|
237
252
|
const isSelfUser = this.apiClient.userId === id && this.apiClient.domain === domain;
|
|
238
253
|
// It's possible that user's backend is reachable but they have not uploaded their MLS key packages (or all of them have been claimed already)
|
|
239
254
|
// We don't care about the self user here.
|
|
@@ -373,7 +388,8 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
373
388
|
* @param groupId the id of the group to create inside of coreCrypto
|
|
374
389
|
* @param parentGroupId in case the conversation is a subconversation, the id of the parent conversation
|
|
375
390
|
*/
|
|
376
|
-
async registerEmptyConversation(groupId, parentGroupId) {
|
|
391
|
+
async registerEmptyConversation(groupId, parentGroupId, removalKeyFor1to1Signature) {
|
|
392
|
+
var _a;
|
|
377
393
|
const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
|
|
378
394
|
let externalSenders = [];
|
|
379
395
|
if (parentGroupId) {
|
|
@@ -382,11 +398,16 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
382
398
|
}
|
|
383
399
|
else {
|
|
384
400
|
const mlsKeys = (await this.apiClient.api.client.getPublicKeys()).removal;
|
|
385
|
-
|
|
401
|
+
const ciphersuiteSignature = (0, Helper_1.getSignatureAlgorithmForCiphersuite)(this.config.defaultCiphersuite);
|
|
402
|
+
const removalKeyForSignature = (_a = removalKeyFor1to1Signature === null || removalKeyFor1to1Signature === void 0 ? void 0 : removalKeyFor1to1Signature[ciphersuiteSignature]) !== null && _a !== void 0 ? _a : mlsKeys[ciphersuiteSignature];
|
|
403
|
+
if (!removalKeyForSignature) {
|
|
404
|
+
throw new Error(`Cannot create conversation: No backend removal key found for the signature ${ciphersuiteSignature}`);
|
|
405
|
+
}
|
|
406
|
+
externalSenders = [bazinga64_1.Decoder.fromBase64(removalKeyForSignature).asBytes];
|
|
386
407
|
}
|
|
387
408
|
const configuration = {
|
|
388
409
|
externalSenders,
|
|
389
|
-
ciphersuite: this.config.
|
|
410
|
+
ciphersuite: this.config.defaultCiphersuite,
|
|
390
411
|
};
|
|
391
412
|
const credentialType = await this.getCredentialType();
|
|
392
413
|
return this.coreCryptoClient.createConversation(groupIdBytes, credentialType, configuration);
|
|
@@ -427,6 +448,41 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
427
448
|
response.failures = [...keysClaimingFailures, ...response.failures];
|
|
428
449
|
return response;
|
|
429
450
|
}
|
|
451
|
+
/**
|
|
452
|
+
* Will create a 1:1 conversation inside of coreCrypto, try claiming key packages for user and (if succesfull) add them to the MLS group.
|
|
453
|
+
* @param groupId the id of the group to create inside of coreCrypto
|
|
454
|
+
* @param userId the id of the user to register the conversation with
|
|
455
|
+
* @param selfUser the self user that is creating the 1:1 conversation (user and client ids)
|
|
456
|
+
*/
|
|
457
|
+
async register1to1Conversation(groupId, userId, selfUser, removalKeyFor1to1Signature) {
|
|
458
|
+
try {
|
|
459
|
+
await this.registerEmptyConversation(groupId, undefined, removalKeyFor1to1Signature);
|
|
460
|
+
// We fist fetch key packages for the user we want to add
|
|
461
|
+
const { keyPackages: otherUserKeyPackages, failures: otherUserKeysClaimingFailures } = await this.getKeyPackagesPayload([userId]);
|
|
462
|
+
// If we're missing key packages for the user we want to add, we can't register the conversation
|
|
463
|
+
if (otherUserKeyPackages.length <= 0) {
|
|
464
|
+
if (otherUserKeysClaimingFailures.length > 0 &&
|
|
465
|
+
otherUserKeysClaimingFailures.some(({ reason }) => reason === conversation_1.AddUsersFailureReasons.OFFLINE_FOR_TOO_LONG)) {
|
|
466
|
+
throw new ClientMLSError_1.ClientMLSError(ClientMLSError_1.ClientMLSErrorLabel.NO_KEY_PACKAGES_AVAILABLE);
|
|
467
|
+
}
|
|
468
|
+
}
|
|
469
|
+
const { keyPackages: selfKeyPackages, failures: selfKeysClaimingFailures } = await this.getKeyPackagesPayload([
|
|
470
|
+
Object.assign(Object.assign({}, selfUser.user), { skipOwnClientId: selfUser.client }),
|
|
471
|
+
]);
|
|
472
|
+
const response = await this.addUsersToExistingConversation(groupId, [
|
|
473
|
+
...otherUserKeyPackages,
|
|
474
|
+
...selfKeyPackages,
|
|
475
|
+
]);
|
|
476
|
+
// We schedule a periodic key material renewal
|
|
477
|
+
await this.scheduleKeyMaterialRenewal(groupId);
|
|
478
|
+
response.failures = [...otherUserKeysClaimingFailures, ...selfKeysClaimingFailures, ...response.failures];
|
|
479
|
+
return response;
|
|
480
|
+
}
|
|
481
|
+
catch (error) {
|
|
482
|
+
await this.wipeConversation(groupId);
|
|
483
|
+
throw error;
|
|
484
|
+
}
|
|
485
|
+
}
|
|
430
486
|
/**
|
|
431
487
|
* Will send a removal commit for given clients
|
|
432
488
|
* @param groupId groupId of the conversation
|
|
@@ -455,11 +511,11 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
455
511
|
}
|
|
456
512
|
async clientValidKeypackagesCount() {
|
|
457
513
|
const credentialType = await this.getCredentialType();
|
|
458
|
-
return this.coreCryptoClient.clientValidKeypackagesCount(this.config.
|
|
514
|
+
return this.coreCryptoClient.clientValidKeypackagesCount(this.config.defaultCiphersuite, credentialType);
|
|
459
515
|
}
|
|
460
516
|
async clientKeypackages(amountRequested) {
|
|
461
517
|
const credentialType = await this.getCredentialType();
|
|
462
|
-
return this.coreCryptoClient.clientKeypackages(this.config.
|
|
518
|
+
return this.coreCryptoClient.clientKeypackages(this.config.defaultCiphersuite, credentialType, amountRequested);
|
|
463
519
|
}
|
|
464
520
|
/**
|
|
465
521
|
* Will send an empty commit into a group (renew key material)
|
|
@@ -539,21 +595,21 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
539
595
|
*/
|
|
540
596
|
async verifyLocalMLSKeyPackagesAmount(clientId) {
|
|
541
597
|
const keyPackagesCount = await this.clientValidKeypackagesCount();
|
|
542
|
-
if (keyPackagesCount <= this.
|
|
598
|
+
if (keyPackagesCount <= this.minRequiredKeyPackages) {
|
|
543
599
|
return this.verifyRemoteMLSKeyPackagesAmount(clientId);
|
|
544
600
|
}
|
|
545
601
|
}
|
|
546
602
|
async verifyRemoteMLSKeyPackagesAmount(clientId) {
|
|
547
603
|
const backendKeyPackagesCount = await this.getRemoteMLSKeyPackageCount(clientId);
|
|
548
604
|
// If we have enough keys uploaded on backend, there's no need to upload more.
|
|
549
|
-
if (backendKeyPackagesCount > this.
|
|
605
|
+
if (backendKeyPackagesCount > this.minRequiredKeyPackages) {
|
|
550
606
|
return;
|
|
551
607
|
}
|
|
552
608
|
const keyPackages = await this.clientKeypackages(this.config.nbKeyPackages);
|
|
553
609
|
return this.uploadMLSKeyPackages(clientId, keyPackages);
|
|
554
610
|
}
|
|
555
611
|
async getRemoteMLSKeyPackageCount(clientId) {
|
|
556
|
-
return this.apiClient.api.client.getMLSKeyPackageCount(clientId, (0, numberToHex_1.numberToHex)(this.config.
|
|
612
|
+
return this.apiClient.api.client.getMLSKeyPackageCount(clientId, (0, numberToHex_1.numberToHex)(this.config.defaultCiphersuite));
|
|
557
613
|
}
|
|
558
614
|
/**
|
|
559
615
|
* Will update the given client on backend with its public key.
|
|
@@ -564,13 +620,15 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
564
620
|
async uploadMLSPublicKeys(client) {
|
|
565
621
|
// If we've already updated a client with its public key, there's no need to do it again.
|
|
566
622
|
const credentialType = await this.getCredentialType();
|
|
567
|
-
const publicKey = await this.coreCryptoClient.clientPublicKey(this.config.
|
|
623
|
+
const publicKey = await this.coreCryptoClient.clientPublicKey(this.config.defaultCiphersuite, credentialType);
|
|
568
624
|
return this.apiClient.api.client.putClient(client.id, {
|
|
569
|
-
mls_public_keys: {
|
|
625
|
+
mls_public_keys: {
|
|
626
|
+
[(0, Helper_1.getSignatureAlgorithmForCiphersuite)(this.config.defaultCiphersuite)]: btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(publicKey)),
|
|
627
|
+
},
|
|
570
628
|
});
|
|
571
629
|
}
|
|
572
630
|
async replaceKeyPackages(clientId, keyPackages) {
|
|
573
|
-
return this.apiClient.api.client.replaceMLSKeyPackages(clientId, keyPackages.map(keyPackage => btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(keyPackage))));
|
|
631
|
+
return this.apiClient.api.client.replaceMLSKeyPackages(clientId, keyPackages.map(keyPackage => btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(keyPackage))), (0, numberToHex_1.numberToHex)(this.config.defaultCiphersuite));
|
|
574
632
|
}
|
|
575
633
|
async uploadMLSKeyPackages(clientId, keyPackages) {
|
|
576
634
|
return this.apiClient.api.client.uploadMLSKeyPackages(clientId, keyPackages.map(keyPackage => btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(keyPackage))));
|
|
@@ -714,12 +772,12 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
714
772
|
* @returns AcmeChallenge if the user is not authenticated, true if the user is authenticated
|
|
715
773
|
*/
|
|
716
774
|
async enrollE2EI(discoveryUrl, user, client, nbPrekeys, certificateTtl, getOAuthToken) {
|
|
717
|
-
const isCertificateRenewal = await this.coreCryptoClient.e2eiIsEnabled(this.config.
|
|
775
|
+
const isCertificateRenewal = await this.coreCryptoClient.e2eiIsEnabled(this.config.defaultCiphersuite);
|
|
718
776
|
const e2eiServiceInternal = new E2EIServiceInternal_1.E2EIServiceInternal(this.coreDatabase, this.coreCryptoClient, this.apiClient, certificateTtl, nbPrekeys, { user, clientId: client.id, discoveryUrl });
|
|
719
|
-
const rotateBundle = await e2eiServiceInternal.generateCertificate(getOAuthToken, isCertificateRenewal);
|
|
777
|
+
const rotateBundle = await e2eiServiceInternal.generateCertificate(getOAuthToken, isCertificateRenewal, this.config.defaultCiphersuite);
|
|
720
778
|
this.dispatchNewCrlDistributionPoints(rotateBundle);
|
|
721
779
|
// upload the clients public keys
|
|
722
|
-
if (!
|
|
780
|
+
if (!this.isInitializedMLSClient(client)) {
|
|
723
781
|
// we only upload public keys for the initial certification process if the device is not already a registered MLS device.
|
|
724
782
|
await this.uploadMLSPublicKeys(client);
|
|
725
783
|
}
|
|
@@ -737,15 +795,7 @@ class MLSService extends commons_1.TypedEventEmitter {
|
|
|
737
795
|
groupInfo: (commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.group_info) || commitBundle.groupInfo,
|
|
738
796
|
welcome: commitBundle === null || commitBundle === void 0 ? void 0 : commitBundle.welcome,
|
|
739
797
|
};
|
|
740
|
-
|
|
741
|
-
await this.uploadCommitBundle(groupIdAsBytes, newCommitBundle);
|
|
742
|
-
}
|
|
743
|
-
catch (error) {
|
|
744
|
-
if ((0, MLSService_guards_1.isBackendError)(error) && error.label === http_1.BackendErrorLabel.MLS_MISSING_REFERENCE) {
|
|
745
|
-
await this.coreCryptoClient.clearPendingCommit(groupIdAsBytes);
|
|
746
|
-
window.location.reload();
|
|
747
|
-
}
|
|
748
|
-
}
|
|
798
|
+
await this.uploadCommitBundle(groupIdAsBytes, newCommitBundle);
|
|
749
799
|
}
|
|
750
800
|
}
|
|
751
801
|
}
|