@wireapp/core 46.46.6-beta.10.d7a6c4c53 → 46.46.6-beta.14.f6fd03fe6

package/lib/messagingProtocols/mls/MLSService/MLSService.js

@@ -18,20 +18,24 @@
  *
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MLSService = exports.MLSServiceEvents = exports.optionalToUint8Array = void 0;
-const conversation_1 = require("@wireapp/api-client/lib/conversation");
+exports.MLSService = exports.optionalToUint8Array = void 0;
+const http_1 = require("@wireapp/api-client/lib/http");
+const TimeUtil_1 = require("@wireapp/commons/lib/util/TimeUtil");
 const bazinga64_1 = require("bazinga64");
 const commons_1 = require("@wireapp/commons");
 const core_crypto_1 = require("@wireapp/core-crypto");
+const priority_queue_1 = require("@wireapp/priority-queue");
 const ClientMLSError_1 = require("./ClientMLSError");
 const CoreCryptoMLSError_1 = require("./CoreCryptoMLSError");
-const conversation_2 = require("../../../conversation");
+const conversation_1 = require("../../../conversation");
+const messageSender_1 = require("../../../conversation/message/messageSender");
 const fullyQualifiedClientIdUtils_1 = require("../../../util/fullyQualifiedClientIdUtils");
 const numberToHex_1 = require("../../../util/numberToHex");
 const TaskScheduler_1 = require("../../../util/TaskScheduler");
 const E2EIServiceInternal_1 = require("../E2EIdentityService/E2EIServiceInternal");
 const Helper_1 = require("../E2EIdentityService/Helper");
 const events_1 = require("../EventHandler/events");
+const messageAdd_1 = require("../EventHandler/events/messageAdd");
 const MLSId_1 = require("../utils/MLSId");
 //@todo: this function is temporary, we wait for the update from core-crypto side
 //they are returning regular array instead of Uint8Array for commit and welcome messages
@@ -40,17 +44,9 @@ const optionalToUint8Array = (array) => {
 };
 exports.optionalToUint8Array = optionalToUint8Array;
 const defaultConfig = {
-    keyingMaterialUpdateThreshold: commons_1.TimeUtil.TimeInMillis.DAY * 30,
+    keyingMaterialUpdateThreshold: 1000 * 60 * 60 * 24 * 30, //30 days
     nbKeyPackages: 100,
 };
-var MLSServiceEvents;
-(function (MLSServiceEvents) {
-    MLSServiceEvents["NEW_EPOCH"] = "newEpoch";
-    MLSServiceEvents["MLS_CLIENT_MISMATCH"] = "mlsClientMismatch";
-    MLSServiceEvents["NEW_CRL_DISTRIBUTION_POINTS"] = "newCrlDistributionPoints";
-    MLSServiceEvents["MLS_EVENT_DISTRIBUTED"] = "mlsEventDistributed";
-    MLSServiceEvents["KEY_MATERIAL_UPDATE_FAILURE"] = "keyMaterialUpdateFailure";
-})(MLSServiceEvents || (exports.MLSServiceEvents = MLSServiceEvents = {}));
 class MLSService extends commons_1.TypedEventEmitter {
     apiClient;
     coreCryptoClient;
@@ -60,31 +56,18 @@ class MLSService extends commons_1.TypedEventEmitter {
     _config;
     textEncoder = new TextEncoder();
     textDecoder = new TextDecoder();
+    conflictBackoffQueue = new priority_queue_1.PriorityQueue({
+        maxRetries: 10,
+        retryDelay: 500,
+        maxRetryDelay: TimeUtil_1.TimeInMillis.SECOND * 32,
+        shouldRetry: error => error instanceof http_1.BackendError && error.code === http_1.StatusCode.CONFLICT,
+    });
     constructor(apiClient, coreCryptoClient, coreDatabase, recurringTaskScheduler) {
         super();
         this.apiClient = apiClient;
         this.coreCryptoClient = coreCryptoClient;
         this.coreDatabase = coreDatabase;
         this.recurringTaskScheduler = recurringTaskScheduler;
-        const mlsTransport = {
-            sendCommitBundle: this._uploadCommitBundle,
-            // Info: This is not used for now, but we need to implement it to be able to use the mls transport
-            sendMessage: async () => {
-                return 'success';
-            },
-            prepareForTransport: async () => {
-                throw new Error('Method not implemented.');
-            },
-        };
-        const epochObserver = {
-            epochChanged: async (groupId, epoch) => {
-                const groupIdStr = bazinga64_1.Encoder.toBase64(groupId.copyBytes()).asString;
-                this.logger.info(`Epoch changed for group ${groupIdStr}, new epoch: ${epoch}`);
-                this.emit(MLSServiceEvents.NEW_EPOCH, { epoch, groupId: groupIdStr });
-            },
-        };
-        void this.coreCryptoClient.registerEpochObserver(epochObserver);
-        void this.coreCryptoClient.provideTransport(mlsTransport);
     }
     /**
      * return true if the MLS service if configured and ready to be used
@@ -114,39 +97,24 @@ class MLSService extends commons_1.TypedEventEmitter {
             ...defaultConfig,
             ...filteredMLSConfig,
         };
-        await this.coreCryptoClient.transaction(cx => {
-            const clientId = new core_crypto_1.ClientId((0, MLSId_1.generateMLSDeviceId)(userId, client.id));
-            return cx.mlsInit(clientId, this.config.ciphersuites, this.config.nbKeyPackages);
+        await this.coreCryptoClient.mlsInit((0, MLSId_1.generateMLSDeviceId)(userId, client.id), this.config.ciphersuites, this.config.nbKeyPackages);
+        await this.coreCryptoClient.registerCallbacks({
+            // All authorization/membership rules are enforced on backend
+            clientIsExistingGroupUser: async () => true,
+            authorize: async () => true,
+            userAuthorize: async () => true,
         });
-        try {
-            const ccClientSignature = await this.getCCClientSignatureString();
-            const mlsDeviceStatus = (0, Helper_1.getMLSDeviceStatus)(client, this.config.defaultCiphersuite, ccClientSignature);
-            switch (mlsDeviceStatus) {
-                case Helper_1.MLSDeviceStatus.REGISTERED:
-                    if (!skipInitIdentity) {
-                        await this.verifyRemoteMLSKeyPackagesAmount(client.id);
-                    }
-                    else {
-                        this.logger.info(`Blocked initial key package upload for client ${client.id} as E2EI is enabled`);
-                    }
-                    break;
-                case Helper_1.MLSDeviceStatus.MISMATCH:
-                    this.logger.error(`Client ${client.id} is registered but with a different signature`);
-                    this.emit(MLSServiceEvents.MLS_CLIENT_MISMATCH);
-                    break;
-                case Helper_1.MLSDeviceStatus.FRESH:
-                    if (!skipInitIdentity) {
-                        await this.uploadMLSPublicKeys(client);
-                    }
-                    else {
-                        this.logger.info(`Blocked initial key package upload for client ${client.id} as E2EI is enabled`);
-                    }
-                    break;
+        const isFreshMLSSelfClient = !this.isInitializedMLSClient(client);
+        const shouldinitIdentity = !(isFreshMLSSelfClient && skipInitIdentity);
+        if (shouldinitIdentity) {
+            // We need to make sure keypackages and public key are uploaded to the backend
+            if (isFreshMLSSelfClient) {
+                await this.uploadMLSPublicKeys(client);
             }
+            await this.verifyRemoteMLSKeyPackagesAmount(client.id);
         }
-        catch (error) {
-            this.logger.error(`Error while initializing client ${client.id}`, error);
-            throw error;
+        else {
+            this.logger.info(`Blocked initial key package upload for client ${client.id} as E2EI is enabled`);
         }
     }
     /**
@@ -159,62 +127,46 @@ class MLSService extends commons_1.TypedEventEmitter {
             ? core_crypto_1.CredentialType.X509
             : core_crypto_1.CredentialType.Basic;
     }
-    _uploadCommitBundle = async ({ commit, groupInfo, welcome, }) => {
-        const bundlePayload = new Uint8Array([
-            ...commit,
-            ...groupInfo.payload.copyBytes(),
-            ...(welcome?.copyBytes() || []),
-        ]);
+    uploadCommitBundle = async (groupId, commitBundle, { isExternalCommit = false, regenerateCommitBundle } = {}) => {
         try {
-            const response = await this.apiClient.api.conversation.postMlsCommitBundle(bundlePayload);
-            if (response.failed_to_send) {
-                this.logger.warn(`Failed to send commit bundle to backend`);
-                return 'retry';
-            }
-            const { events, time } = response;
-            this.emit(MLSServiceEvents.MLS_EVENT_DISTRIBUTED, { events, time });
-            return 'success';
+            return await this._uploadCommitBundle(groupId, async () => commitBundle, isExternalCommit);
         }
         catch (error) {
-            this.logger.warn(`Failed to upload commit bundle`, error);
-            if (error instanceof conversation_1.MLSInvalidLeafNodeSignatureError || error instanceof conversation_1.MLSInvalidLeafNodeIndexError) {
-                this.logger.info('Aborting commit bundle upload due to broken MLS conversation');
-                return {
-                    abort: {
-                        reason: (0, CoreCryptoMLSError_1.serializeAbortReason)({
-                            message: CoreCryptoMLSError_1.UPLOAD_COMMIT_BUNDLE_ABORT_REASONS.BROKEN_MLS_CONVERSATION,
-                        }),
-                    },
-                };
+            if (error instanceof http_1.BackendError && error.code === http_1.StatusCode.CONFLICT && regenerateCommitBundle) {
+                return this.conflictBackoffQueue.add(async () => this._uploadCommitBundle(groupId, regenerateCommitBundle, isExternalCommit));
             }
-            if (error instanceof conversation_1.MLSStaleMessageError) {
-                this.logger.info('Aborting commit bundle upload due to stale MLS message');
-                return {
-                    abort: {
-                        reason: (0, CoreCryptoMLSError_1.serializeAbortReason)({ message: CoreCryptoMLSError_1.UPLOAD_COMMIT_BUNDLE_ABORT_REASONS.MLS_STALE_MESSAGE }),
-                    },
-                };
+            throw error;
+        }
+    };
+    _uploadCommitBundle = async (groupId, generateCommitBundle, isExternalCommit) => {
+        const groupIdStr = bazinga64_1.Encoder.toBase64(groupId).asString;
+        // We need to lock the incoming mls messages queue while we are uploading the commit bundle
+        // it's possible that we will be sent some mls messages before we receive the response from backend and accept a commit locally.
+        return (0, messageAdd_1.withLockedMLSMessagesQueue)(groupIdStr, async () => {
+            const { commit, groupInfo, welcome } = await generateCommitBundle();
+            const bundlePayload = new Uint8Array([...commit, ...groupInfo.payload, ...(welcome || [])]);
+            try {
+                const response = await this.apiClient.api.conversation.postMlsCommitBundle(bundlePayload);
+                if (isExternalCommit) {
+                    await this.coreCryptoClient.mergePendingGroupFromExternalCommit(groupId);
+                }
+                else {
+                    await this.coreCryptoClient.commitAccepted(groupId);
+                }
+                const newEpoch = await this.getEpoch(groupId);
+                this.emit('newEpoch', { epoch: newEpoch, groupId: groupIdStr });
+                return response;
             }
-            if (error instanceof conversation_1.MLSGroupOutOfSyncError) {
-                this.logger.info('Aborting commit bundle upload due to group out of sync');
-                return {
-                    abort: {
-                        reason: (0, CoreCryptoMLSError_1.serializeAbortReason)({
-                            message: CoreCryptoMLSError_1.UPLOAD_COMMIT_BUNDLE_ABORT_REASONS.MLS_GROUP_OUT_OF_SYNC,
-                            missing_users: error.missing_users,
-                        }),
-                    },
-                };
+            catch (error) {
+                if (isExternalCommit) {
+                    await this.coreCryptoClient.clearPendingGroupFromExternalCommit(groupId);
+                }
+                else {
+                    await this.coreCryptoClient.clearPendingCommit(groupId);
+                }
+                throw error;
             }
-            this.logger.info('Aborting commit bundle upload due to unknown error');
-            return {
-                abort: {
-                    reason: (0, CoreCryptoMLSError_1.serializeAbortReason)({
-                        message: error instanceof Error ? error.message : CoreCryptoMLSError_1.UPLOAD_COMMIT_BUNDLE_ABORT_REASONS.OTHER,
-                    }),
-                },
-            };
-        }
+        });
     };
     /**
      * Will add users to an existing MLS group and send a commit bundle to backend.
@@ -228,26 +180,25 @@ class MLSService extends commons_1.TypedEventEmitter {
         if (keyPackages.length < 1) {
             throw new Error('Empty list of keys provided to addUsersToExistingConversation');
         }
-        const crlNewDistributionPoints = await this.coreCryptoClient.transaction(cx => cx.addClientsToConversation(new core_crypto_1.ConversationId(groupIdBytes), keyPackages));
-        this.dispatchNewCrlDistributionPoints(crlNewDistributionPoints);
-    }
-    /**
-     * Will return a list of client ids which are already in the group at core crypto level
-     *
-     * @param groupId - the group id of the MLS group
-     * @returns list of client ids
-     */
-    async getClientIdsInGroup(groupId) {
-        const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        const currentClientIdsInGroup = [];
-        for (const clientId of await this.coreCryptoClient.getClientIds(new core_crypto_1.ConversationId(groupIdBytes))) {
-            // [user-id]:[client-id]@[domain] -> [client-id]
-            // example: fb880fac-b549-4d8b-9398-4246324c7b85:67f41928e2844b6c@staging.zinfra.io -> 67f41928e2844b6c
-            currentClientIdsInGroup.push(bazinga64_1.Converter.arrayBufferViewToStringUTF8(clientId.copyBytes()).split('@')[0].split(':')[1]);
-        }
-        return currentClientIdsInGroup;
+        //TODO: handle federation error when sending a commit bundle to backend like we do in ProteusService
+        const response = await this.processCommitAction(groupIdBytes, async () => {
+            const commitBundle = await this.coreCryptoClient.addClientsToConversation(groupIdBytes, keyPackages);
+            this.dispatchNewCrlDistributionPoints(commitBundle);
+            return commitBundle;
+        });
+        const failedUsers = response.failed;
+        const failures = failedUsers
+            ? [
+                {
+                    users: failedUsers,
+                    backends: failedUsers.map(({ domain }) => domain),
+                    reason: conversation_1.AddUsersFailureReasons.UNREACHABLE_BACKENDS,
+                },
+            ]
+            : [];
+        return { ...response, failures };
     }
-    async getKeyPackagesPayload(qualifiedUsers, skipClientIds = []) {
+    async getKeyPackagesPayload(qualifiedUsers) {
         /**
          * @note We need to fetch key packages for all the users
          * we want to add to the new MLS conversations,
@@ -287,20 +238,18 @@ class MLSService extends commons_1.TypedEventEmitter {
             if (key_packages.length > 0) {
                 return [
                     ...previousValue,
-                    ...key_packages
-                        .filter(keyPackage => !skipClientIds.includes(keyPackage.client))
-                        .map(keyPackage => bazinga64_1.Decoder.fromBase64(keyPackage.key_package).asBytes),
+                    ...key_packages.map(keyPackage => bazinga64_1.Decoder.fromBase64(keyPackage.key_package).asBytes),
                 ];
             }
             return previousValue;
         }, []);
         const failures = [];
         if (emptyKeyPackagesUsers.length > 0) {
-            failures.push({ reason: conversation_2.AddUsersFailureReasons.OFFLINE_FOR_TOO_LONG, users: emptyKeyPackagesUsers });
+            failures.push({ reason: conversation_1.AddUsersFailureReasons.OFFLINE_FOR_TOO_LONG, users: emptyKeyPackagesUsers });
         }
         if (failedToFetchKeyPackages.length > 0) {
             failures.push({
-                reason: conversation_2.AddUsersFailureReasons.UNREACHABLE_BACKENDS,
+                reason: conversation_1.AddUsersFailureReasons.UNREACHABLE_BACKENDS,
                 users: failedToFetchKeyPackages,
                 backends: failedToFetchKeyPackages.map(({ domain }) => domain),
             });
@@ -309,98 +258,92 @@ class MLSService extends commons_1.TypedEventEmitter {
     }
     getEpoch(groupId) {
         const groupIdBytes = typeof groupId === 'string' ? bazinga64_1.Decoder.fromBase64(groupId).asBytes : groupId;
-        return this.coreCryptoClient.conversationEpoch(new core_crypto_1.ConversationId(groupIdBytes));
+        return this.coreCryptoClient.conversationEpoch(groupIdBytes);
+    }
+    async newProposal(proposalType, args) {
+        return this.coreCryptoClient.newProposal(proposalType, args);
     }
     async joinByExternalCommit(getGroupInfo) {
-        try {
-            this.logger.info('Trying to join MLS group via external commit');
-            const credentialType = await this.getCredentialType();
+        const credentialType = await this.getCredentialType();
+        const generateCommit = async () => {
             const groupInfo = await getGroupInfo();
-            const welcomeBundle = await this.coreCryptoClient.transaction(cx => cx.joinByExternalCommit(new core_crypto_1.GroupInfo(groupInfo), credentialType));
-            await this.dispatchNewCrlDistributionPoints(welcomeBundle.crlNewDistributionPoints);
-            this.logger.info('welcome bundle after joining via external commit');
-            if (welcomeBundle.id) {
-                //after we've successfully joined via external commit, we schedule periodic key material renewal
-                const groupIdStr = bazinga64_1.Encoder.toBase64(welcomeBundle.id.copyBytes()).asString;
-                const newEpoch = await this.getEpoch(groupIdStr);
-                // Schedule the next key material renewal
-                await this.scheduleKeyMaterialRenewal(groupIdStr);
-                // Notify subscribers about the new epoch
-                this.emit(MLSServiceEvents.NEW_EPOCH, { groupId: groupIdStr, epoch: newEpoch });
-                this.logger.info(`Joined MLS group with id ${groupIdStr} via external commit, new epoch: ${newEpoch}`);
-            }
-        }
-        catch (error) {
-            this.logger.warn('Failed to join MLS group via external commit', error);
-            throw error;
+            const joinRequest = await this.coreCryptoClient.joinByExternalCommit(groupInfo, credentialType);
+            this.dispatchNewCrlDistributionPoints(joinRequest);
+            const { conversationId, ...commitBundle } = joinRequest;
+            return { groupId: conversationId, commitBundle };
+        };
+        const { commitBundle, groupId } = await generateCommit();
+        const mlsResponse = await this.uploadCommitBundle(groupId, commitBundle, {
+            isExternalCommit: true,
+            regenerateCommitBundle: async () => (await generateCommit()).commitBundle,
+        });
+        if (mlsResponse) {
+            //after we've successfully joined via external commit, we schedule periodic key material renewal
+            const groupIdStr = bazinga64_1.Encoder.toBase64(groupId).asString;
+            await this.scheduleKeyMaterialRenewal(groupIdStr);
         }
+        return mlsResponse;
     }
     async exportSecretKey(groupId, keyLength) {
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        const key = await this.coreCryptoClient.exportSecretKey(new core_crypto_1.ConversationId(groupIdBytes), keyLength);
+        const key = await this.coreCryptoClient.exportSecretKey(groupIdBytes, keyLength);
         return bazinga64_1.Encoder.toBase64(key).asString;
     }
-    dispatchNewCrlDistributionPoints(crlNewDistributionPoints) {
+    dispatchNewCrlDistributionPoints(payload) {
+        const { crlNewDistributionPoints } = payload;
         if (crlNewDistributionPoints && crlNewDistributionPoints.length > 0) {
-            this.emit(MLSServiceEvents.NEW_CRL_DISTRIBUTION_POINTS, crlNewDistributionPoints);
+            this.emit('newCrlDistributionPoints', crlNewDistributionPoints);
         }
     }
     async processWelcomeMessage(welcomeMessage) {
-        const welcomeBundle = await this.coreCryptoClient.transaction(cx => cx.processWelcomeMessage(new core_crypto_1.Welcome(welcomeMessage)));
-        this.dispatchNewCrlDistributionPoints(welcomeBundle.crlNewDistributionPoints);
+        const welcomeBundle = await this.coreCryptoClient.processWelcomeMessage(welcomeMessage);
+        this.dispatchNewCrlDistributionPoints(welcomeBundle);
         return welcomeBundle.id;
     }
     async decryptMessage(conversationId, payload) {
-        try {
-            const start = Date.now();
-            this.logger.info('Decrypting message', { conversationId });
-            const decryptedMessage = await this.coreCryptoClient.transaction(cx => cx.decryptMessage(conversationId, payload));
-            this.dispatchNewCrlDistributionPoints(decryptedMessage.crlNewDistributionPoints);
-            this.logger.info('Message decrypted successfully', { conversationId, duration: Date.now() - start });
-            return decryptedMessage;
-        }
-        catch (error) {
-            this.logger.warn('Failed to decrypt MLS message', { conversationId, error });
-            // According to CoreCrypto JS doc on .decryptMessage method, we should ignore some errors (corecrypto handle them internally)
-            if ((0, CoreCryptoMLSError_1.shouldMLSDecryptionErrorBeIgnored)(error)) {
-                return {
-                    hasEpochChanged: false,
-                    isActive: false,
-                };
+        return await this.coreCryptoClient.transaction(async (cx) => {
+            try {
+                const decryptedMessage = await cx.decryptMessage(conversationId, payload);
+                this.dispatchNewCrlDistributionPoints(decryptedMessage);
+                return decryptedMessage;
             }
-            throw error;
-        }
+            catch (error) {
+                // According to CoreCrypto JS doc on .decryptMessage method, we should ignore some errors (corecrypto handle them internally)
+                if ((0, CoreCryptoMLSError_1.shouldMLSDecryptionErrorBeIgnored)(error)) {
+                    return {
+                        hasEpochChanged: false,
+                        isActive: false,
+                        proposals: [],
+                    };
+                }
+                throw error;
+            }
+        });
     }
     async encryptMessage(conversationId, message) {
-        return this.coreCryptoClient.transaction(cx => cx.encryptMessage(conversationId, message));
+        return this.coreCryptoClient.encryptMessage(conversationId, message);
     }
-    async updateKeyingMaterial(groupId, retry = true) {
-        try {
-            const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-            await this.coreCryptoClient.transaction(cx => cx.updateKeyingMaterial(new core_crypto_1.ConversationId(groupIdBytes)));
-        }
-        catch (error) {
-            if (!retry) {
-                this.logger.error(`Failed to update keying material for group retrying did not fix the issue`, {
-                    error,
-                    groupId,
-                });
-                throw error;
-            }
-            this.logger.warn(`Failed to update keying material for group`, { error, groupId });
-            this.emit(MLSServiceEvents.KEY_MATERIAL_UPDATE_FAILURE, { error, groupId });
-            setTimeout(async () => {
-                try {
-                    await this.updateKeyingMaterial(groupId, false);
-                }
-                catch (error) {
-                    this.logger.error(`Failed to update keying material for group on retry`, {
-                        error,
-                        groupId,
-                    });
-                }
-            }, commons_1.TimeUtil.TimeInMillis.SECOND * 10); // retry after 10 seconds
-        }
+    /**
+     * Will wrap a coreCrypto call that generates a CommitBundle and do all the necessary work so that commitbundle is handled the right way.
+     * It does:
+     *   - commit the pending proposal
+     *   - then generates the commitBundle with the given function
+     *   - uploads the commitBundle to backend
+     *   - warns coreCrypto that the commit was successfully processed
+     * @param groupId
+     * @param generateCommit The function that will generate a coreCrypto CommitBundle
+     */
+    async processCommitAction(groupId, generateCommit) {
+        const groupIdStr = bazinga64_1.Encoder.toBase64(groupId).asString;
+        return (0, messageSender_1.sendMessage)(async () => {
+            await this.commitPendingProposals(groupIdStr);
+            const commitBundle = await generateCommit();
+            return this.uploadCommitBundle(groupId, commitBundle, { regenerateCommitBundle: generateCommit });
+        });
+    }
+    updateKeyingMaterial(groupId) {
+        const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
+        return this.processCommitAction(groupIdBytes, () => this.coreCryptoClient.updateKeyingMaterial(groupIdBytes));
     }
     /**
      * Will create an empty conversation inside of coreCrypto.
@@ -412,9 +355,7 @@ class MLSService extends commons_1.TypedEventEmitter {
         let externalSenders = [];
         if (parentGroupId) {
             const parentGroupIdBytes = bazinga64_1.Decoder.fromBase64(parentGroupId).asBytes;
-            externalSenders = [
-                new core_crypto_1.ExternalSenderKey(await this.coreCryptoClient.getExternalSender(new core_crypto_1.ConversationId(parentGroupIdBytes))),
-            ];
+            externalSenders = [await this.coreCryptoClient.getExternalSender(parentGroupIdBytes)];
         }
         else {
             const mlsKeys = (await this.apiClient.api.client.getPublicKeys()).removal;
@@ -423,14 +364,14 @@ class MLSService extends commons_1.TypedEventEmitter {
             if (!removalKeyForSignature) {
                 throw new Error(`Cannot create conversation: No backend removal key found for the signature ${ciphersuiteSignature}`);
             }
-            externalSenders = [new core_crypto_1.ExternalSenderKey(bazinga64_1.Decoder.fromBase64(removalKeyForSignature).asBytes)];
+            externalSenders = [bazinga64_1.Decoder.fromBase64(removalKeyForSignature).asBytes];
         }
         const configuration = {
             externalSenders,
             ciphersuite: this.config.defaultCiphersuite,
         };
         const credentialType = await this.getCredentialType();
-        return this.coreCryptoClient.transaction(cx => cx.createConversation(new core_crypto_1.ConversationId(groupIdBytes), credentialType, configuration));
+        return this.coreCryptoClient.createConversation(groupIdBytes, credentialType, configuration);
     }
     /**
      * Will create a conversation inside of coreCrypto, add users to it or update the keying material if empty key packages list is provided.
@@ -454,18 +395,19 @@ class MLSService extends commons_1.TypedEventEmitter {
         }));
         if (keyPackages.length <= 0) {
             // If there are no clients to add, just update the keying material
-            await this.updateKeyingMaterial(groupId);
+            const response = await this.updateKeyingMaterial(groupId);
             await this.scheduleKeyMaterialRenewal(groupId);
-            return keysClaimingFailures;
+            return { ...response, failures: keysClaimingFailures };
         }
-        await this.addUsersToExistingConversation(groupId, keyPackages);
+        const response = await this.addUsersToExistingConversation(groupId, keyPackages);
         // We schedule a periodic key material renewal
         await this.scheduleKeyMaterialRenewal(groupId);
         /**
          * @note If we can't fetch a user's key packages then we can not add them to mls conversation
          * so we're adding them to the list of failed users.
          */
-        return keysClaimingFailures;
+        response.failures = [...keysClaimingFailures, ...response.failures];
+        return response;
     }
     /**
      * Will create a 1:1 conversation inside of coreCrypto, try claiming key packages for user and (if succesfull) add them to the MLS group.
@@ -481,17 +423,21 @@ class MLSService extends commons_1.TypedEventEmitter {
             // If we're missing key packages for the user we want to add, we can't register the conversation
             if (otherUserKeyPackages.length <= 0) {
                 if (otherUserKeysClaimingFailures.length > 0 &&
-                    otherUserKeysClaimingFailures.some(({ reason }) => reason === conversation_2.AddUsersFailureReasons.OFFLINE_FOR_TOO_LONG)) {
+                    otherUserKeysClaimingFailures.some(({ reason }) => reason === conversation_1.AddUsersFailureReasons.OFFLINE_FOR_TOO_LONG)) {
                     throw new ClientMLSError_1.ClientMLSError(ClientMLSError_1.ClientMLSErrorLabel.NO_KEY_PACKAGES_AVAILABLE);
                 }
             }
             const { keyPackages: selfKeyPackages, failures: selfKeysClaimingFailures } = await this.getKeyPackagesPayload([
                 { ...selfUser.user, skipOwnClientId: selfUser.client },
             ]);
-            await this.addUsersToExistingConversation(groupId, [...otherUserKeyPackages, ...selfKeyPackages]);
+            const response = await this.addUsersToExistingConversation(groupId, [
+                ...otherUserKeyPackages,
+                ...selfKeyPackages,
+            ]);
             // We schedule a periodic key material renewal
             await this.scheduleKeyMaterialRenewal(groupId);
-            return [...otherUserKeysClaimingFailures, ...selfKeysClaimingFailures];
+            response.failures = [...otherUserKeysClaimingFailures, ...selfKeysClaimingFailures, ...response.failures];
+            return response;
         }
         catch (error) {
             await this.wipeConversation(groupId);
@@ -518,7 +464,6 @@ class MLSService extends commons_1.TypedEventEmitter {
             return true;
         }
         catch (error) {
-            this.logger.warn("Couldn't establish the MLS group", error);
             // If conversation already existed, locally, nothing more to do, we've received a welcome message.
             if ((0, CoreCryptoMLSError_1.isCoreCryptoMLSConversationAlreadyExistsError)(error)) {
                 this.logger.debug(`MLS Group with id ${groupId} already exists, skipping the initialisation.`);
@@ -538,7 +483,7 @@ class MLSService extends commons_1.TypedEventEmitter {
      */
     removeClientsFromConversation(groupId, clientIds) {
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        return this.coreCryptoClient.transaction(cx => cx.removeClientsFromConversation(new core_crypto_1.ConversationId(groupIdBytes), clientIds.map(id => new core_crypto_1.ClientId(this.textEncoder.encode(id)))));
+        return this.processCommitAction(groupIdBytes, () => this.coreCryptoClient.removeClientsFromConversation(groupIdBytes, clientIds.map(id => this.textEncoder.encode(id))));
     }
     /**
      * Will check if mls group exists in corecrypto.
@@ -546,7 +491,7 @@ class MLSService extends commons_1.TypedEventEmitter {
      */
     async conversationExists(groupId) {
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        return this.coreCryptoClient.conversationExists(new core_crypto_1.ConversationId(groupIdBytes));
+        return this.coreCryptoClient.conversationExists(groupIdBytes);
     }
     /**
      * Will check if mls group is established in coreCrypto.
@@ -559,11 +504,11 @@ class MLSService extends commons_1.TypedEventEmitter {
     }
     async clientValidKeypackagesCount() {
         const credentialType = await this.getCredentialType();
-        return this.coreCryptoClient.transaction(cx => cx.clientValidKeypackagesCount(this.config.defaultCiphersuite, credentialType));
+        return this.coreCryptoClient.clientValidKeypackagesCount(this.config.defaultCiphersuite, credentialType);
     }
     async clientKeypackages(amountRequested) {
         const credentialType = await this.getCredentialType();
-        return this.coreCryptoClient.transaction(cx => cx.clientKeypackages(this.config.defaultCiphersuite, credentialType, amountRequested));
+        return this.coreCryptoClient.clientKeypackages(this.config.defaultCiphersuite, credentialType, amountRequested);
     }
     /**
      * Will send an empty commit into a group (renew key material)
@@ -665,14 +610,6 @@ class MLSService extends commons_1.TypedEventEmitter {
     async getRemoteMLSKeyPackageCount(clientId) {
         return this.apiClient.api.client.getMLSKeyPackageCount(clientId, (0, numberToHex_1.numberToHex)(this.config.defaultCiphersuite));
     }
-    async getCCClientSignatureString() {
-        const credentialType = await this.getCredentialType();
-        const publicKey = await this.coreCryptoClient.clientPublicKey(this.config.defaultCiphersuite, credentialType);
-        if (!publicKey) {
-            throw new Error('No public key found for client');
-        }
-        return btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(publicKey));
-    }
     /**
      * Will update the given client on backend with its public key.
      *
@@ -681,18 +618,13 @@ class MLSService extends commons_1.TypedEventEmitter {
      */
     async uploadMLSPublicKeys(client) {
         // If we've already updated a client with its public key, there's no need to do it again.
-        try {
-            const clientSignature = await this.getCCClientSignatureString();
-            return this.apiClient.api.client.putClient(client.id, {
-                mls_public_keys: {
-                    [(0, Helper_1.getSignatureAlgorithmForCiphersuite)(this.config.defaultCiphersuite)]: clientSignature,
-                },
-            });
-        }
-        catch (error) {
-            this.logger.error(`Failed to upload public keys for client ${client.id}`, error);
-            throw error;
-        }
+        const credentialType = await this.getCredentialType();
+        const publicKey = await this.coreCryptoClient.clientPublicKey(this.config.defaultCiphersuite, credentialType);
+        return this.apiClient.api.client.putClient(client.id, {
+            mls_public_keys: {
+                [(0, Helper_1.getSignatureAlgorithmForCiphersuite)(this.config.defaultCiphersuite)]: btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(publicKey)),
+            },
+        });
     }
     async replaceKeyPackages(clientId, keyPackages) {
         return this.apiClient.api.client.replaceMLSKeyPackages(clientId, keyPackages.map(keyPackage => btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(keyPackage))), (0, numberToHex_1.numberToHex)(this.config.defaultCiphersuite));
@@ -701,6 +633,7 @@ class MLSService extends commons_1.TypedEventEmitter {
         return this.apiClient.api.client.uploadMLSKeyPackages(clientId, keyPackages.map(keyPackage => btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(keyPackage))));
     }
     async wipeConversation(groupId) {
+        (0, messageAdd_1.deleteMLSMessagesQueue)(groupId);
         await this.cancelKeyMaterialRenewal(groupId);
         await this.cancelPendingProposalsTask(groupId);
         const doesConversationExist = await this.conversationExists(groupId);
@@ -709,7 +642,7 @@ class MLSService extends commons_1.TypedEventEmitter {
             return;
         }
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        return this.coreCryptoClient.transaction(cx => cx.wipeConversation(new core_crypto_1.ConversationId(groupIdBytes)));
+        return this.coreCryptoClient.wipeConversation(groupIdBytes);
     }
     /**
      * If there are pending proposals, we need to either process them,
@@ -749,29 +682,25 @@ class MLSService extends commons_1.TypedEventEmitter {
      *
      * @param groupId groupId of the conversation
      */
-    async commitPendingProposals(groupId, shouldRetry = true, params) {
-        this.logger.info(`Committing pending proposals for groupId ${groupId}`, { shouldRetry, params });
+    async commitPendingProposals(groupId, shouldRetry = true) {
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
         try {
-            await this.coreCryptoClient.transaction(cx => cx.commitPendingProposals(new core_crypto_1.ConversationId(groupIdBytes)));
+            const commitBundle = await this.coreCryptoClient.commitPendingProposals(groupIdBytes);
+            if (commitBundle) {
+                await this.uploadCommitBundle(groupIdBytes, commitBundle);
+            }
             await this.cancelPendingProposalsTask(groupId);
         }
         catch (error) {
             if (!shouldRetry) {
                 throw error;
             }
-            if ((0, core_crypto_1.isMlsMessageRejectedError)(error)) {
-                this.logger.warn('Failed to commit proposals, conversation is broken, letting the error bubble up', {
-                    error,
-                    groupId,
-                });
-                throw error;
-            }
-            this.logger.warn('Failed to commit proposals, clearing the pending commit and retrying', {
-                error,
-                groupId,
-                shouldRetry,
-            });
+            this.logger.warn('Failed to commit proposals, clearing the pending commit and retrying', error);
+            // If we failed to commit the proposals, we need to clear the pending commit and retry
+            // this is to avoid a situation where we are stuck with pending proposals that we can't commit.
+            // If there's nothing to clear the methods might throw an error, which we can ignore.
+            await this.coreCryptoClient.clearPendingCommit(groupIdBytes).catch(() => undefined);
+            await this.coreCryptoClient.clearPendingGroupFromExternalCommit(groupIdBytes).catch(() => undefined);
             return this.commitPendingProposals(groupId, false);
         }
     }
@@ -802,9 +731,9 @@ class MLSService extends commons_1.TypedEventEmitter {
      */
     async getClientIds(groupId) {
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        const rawClientIds = await this.coreCryptoClient.getClientIds(new core_crypto_1.ConversationId(groupIdBytes));
+        const rawClientIds = await this.coreCryptoClient.getClientIds(groupIdBytes);
         const clientIds = rawClientIds.map(id => {
-            const { user, client, domain } = (0, fullyQualifiedClientIdUtils_1.parseFullQualifiedClientId)(this.textDecoder.decode(id.copyBytes()));
+            const { user, client, domain } = (0, fullyQualifiedClientIdUtils_1.parseFullQualifiedClientId)(this.textDecoder.decode(id));
             return { userId: user, clientId: client, domain };
         });
         return clientIds;
@@ -816,7 +745,7 @@ class MLSService extends commons_1.TypedEventEmitter {
         if (!groupId) {
             throw new Error(`Could not find a group_id for conversation ${qualifiedConversationId.id}@${qualifiedConversationId.domain}${event.subconv ? `/subconversation:${event.subconv}` : ''}`);
         }
-        return (0, events_1.handleMLSMessageAdd)({ event, mlsService: this, groupId });
+        return (0, messageAdd_1.queueIncomingMLSMessage)(groupId, () => (0, events_1.handleMLSMessageAdd)({ event, mlsService: this, groupId }));
     }
     async handleMLSWelcomeMessageEvent(event, clientId) {
         // Every time we've received a welcome message, it means that our key package was consumed,
@@ -840,20 +769,32 @@ class MLSService extends commons_1.TypedEventEmitter {
      * @param oAuthIdToken The OAuth id token if the user is already authenticated
      * @returns AcmeChallenge if the user is not authenticated, true if the user is authenticated
      */
-    async enrollE2EI(discoveryUrl, user, client, nbPrekeys, certificateTtl, getOAuthToken, getAllConversations) {
+    async enrollE2EI(discoveryUrl, user, client, nbPrekeys, certificateTtl, getOAuthToken) {
         const isCertificateRenewal = await this.coreCryptoClient.e2eiIsEnabled(this.config.defaultCiphersuite);
         const e2eiServiceInternal = new E2EIServiceInternal_1.E2EIServiceInternal(this.coreDatabase, this.coreCryptoClient, this.apiClient, certificateTtl, nbPrekeys, { user, clientId: client.id, discoveryUrl });
-        const { keyPackages, newCrlDistributionPoints } = await e2eiServiceInternal.generateCertificate(getOAuthToken, isCertificateRenewal, getAllConversations, this.config.defaultCiphersuite);
-        this.dispatchNewCrlDistributionPoints(newCrlDistributionPoints);
+        const rotateBundle = await e2eiServiceInternal.generateCertificate(getOAuthToken, isCertificateRenewal, this.config.defaultCiphersuite);
+        this.dispatchNewCrlDistributionPoints(rotateBundle);
         // upload the clients public keys
         if (!this.isInitializedMLSClient(client)) {
             // we only upload public keys for the initial certification process if the device is not already a registered MLS device.
             await this.uploadMLSPublicKeys(client);
         }
         // replace old key packages with new key packages with x509 certificate
-        await this.replaceKeyPackages(client.id, keyPackages);
+        await this.replaceKeyPackages(client.id, rotateBundle.newKeyPackages);
         // Verify that we have enough key packages
         await this.verifyRemoteMLSKeyPackagesAmount(client.id);
+        // Update keying material
+        for (const [groupId, commitBundle] of rotateBundle.commits) {
+            const groupIdAsBytes = bazinga64_1.Converter.hexStringToArrayBufferView(groupId);
+            // manual copy of the commit bundle data because of a problem while cloning it
+            const newCommitBundle = {
+                commit: commitBundle.commit,
+                // @ts-ignore
+                groupInfo: commitBundle?.group_info || commitBundle.groupInfo,
+                welcome: commitBundle?.welcome,
+            };
+            await this.uploadCommitBundle(groupIdAsBytes, newCommitBundle);
+        }
     }
 }
 exports.MLSService = MLSService;