@wireapp/core 46.46.6-beta.14.f6fd03fe6 → 46.46.6

package/lib/messagingProtocols/mls/MLSService/MLSService.js

@@ -18,24 +18,20 @@
  *
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MLSService = exports.optionalToUint8Array = void 0;
-const http_1 = require("@wireapp/api-client/lib/http");
-const TimeUtil_1 = require("@wireapp/commons/lib/util/TimeUtil");
+exports.MLSService = exports.MLSServiceEvents = exports.optionalToUint8Array = void 0;
+const conversation_1 = require("@wireapp/api-client/lib/conversation");
 const bazinga64_1 = require("bazinga64");
 const commons_1 = require("@wireapp/commons");
 const core_crypto_1 = require("@wireapp/core-crypto");
-const priority_queue_1 = require("@wireapp/priority-queue");
 const ClientMLSError_1 = require("./ClientMLSError");
 const CoreCryptoMLSError_1 = require("./CoreCryptoMLSError");
-const conversation_1 = require("../../../conversation");
-const messageSender_1 = require("../../../conversation/message/messageSender");
+const conversation_2 = require("../../../conversation");
 const fullyQualifiedClientIdUtils_1 = require("../../../util/fullyQualifiedClientIdUtils");
 const numberToHex_1 = require("../../../util/numberToHex");
 const TaskScheduler_1 = require("../../../util/TaskScheduler");
 const E2EIServiceInternal_1 = require("../E2EIdentityService/E2EIServiceInternal");
 const Helper_1 = require("../E2EIdentityService/Helper");
 const events_1 = require("../EventHandler/events");
-const messageAdd_1 = require("../EventHandler/events/messageAdd");
 const MLSId_1 = require("../utils/MLSId");
 //@todo: this function is temporary, we wait for the update from core-crypto side
 //they are returning regular array instead of Uint8Array for commit and welcome messages
@@ -44,9 +40,17 @@ const optionalToUint8Array = (array) => {
 };
 exports.optionalToUint8Array = optionalToUint8Array;
 const defaultConfig = {
-    keyingMaterialUpdateThreshold: 1000 * 60 * 60 * 24 * 30, //30 days
+    keyingMaterialUpdateThreshold: commons_1.TimeUtil.TimeInMillis.DAY * 30,
     nbKeyPackages: 100,
 };
+var MLSServiceEvents;
+(function (MLSServiceEvents) {
+    MLSServiceEvents["NEW_EPOCH"] = "newEpoch";
+    MLSServiceEvents["MLS_CLIENT_MISMATCH"] = "mlsClientMismatch";
+    MLSServiceEvents["NEW_CRL_DISTRIBUTION_POINTS"] = "newCrlDistributionPoints";
+    MLSServiceEvents["MLS_EVENT_DISTRIBUTED"] = "mlsEventDistributed";
+    MLSServiceEvents["KEY_MATERIAL_UPDATE_FAILURE"] = "keyMaterialUpdateFailure";
+})(MLSServiceEvents || (exports.MLSServiceEvents = MLSServiceEvents = {}));
 class MLSService extends commons_1.TypedEventEmitter {
     apiClient;
     coreCryptoClient;
@@ -56,18 +60,31 @@ class MLSService extends commons_1.TypedEventEmitter {
     _config;
     textEncoder = new TextEncoder();
     textDecoder = new TextDecoder();
-    conflictBackoffQueue = new priority_queue_1.PriorityQueue({
-        maxRetries: 10,
-        retryDelay: 500,
-        maxRetryDelay: TimeUtil_1.TimeInMillis.SECOND * 32,
-        shouldRetry: error => error instanceof http_1.BackendError && error.code === http_1.StatusCode.CONFLICT,
-    });
     constructor(apiClient, coreCryptoClient, coreDatabase, recurringTaskScheduler) {
         super();
         this.apiClient = apiClient;
         this.coreCryptoClient = coreCryptoClient;
         this.coreDatabase = coreDatabase;
         this.recurringTaskScheduler = recurringTaskScheduler;
+        const mlsTransport = {
+            sendCommitBundle: this._uploadCommitBundle,
+            // Info: This is not used for now, but we need to implement it to be able to use the mls transport
+            sendMessage: async () => {
+                return 'success';
+            },
+            prepareForTransport: async () => {
+                throw new Error('Method not implemented.');
+            },
+        };
+        const epochObserver = {
+            epochChanged: async (groupId, epoch) => {
+                const groupIdStr = bazinga64_1.Encoder.toBase64(groupId.copyBytes()).asString;
+                this.logger.info(`Epoch changed for group ${groupIdStr}, new epoch: ${epoch}`);
+                this.emit(MLSServiceEvents.NEW_EPOCH, { epoch, groupId: groupIdStr });
+            },
+        };
+        void this.coreCryptoClient.registerEpochObserver(epochObserver);
+        void this.coreCryptoClient.provideTransport(mlsTransport);
     }
     /**
      * return true if the MLS service if configured and ready to be used
@@ -97,24 +114,39 @@ class MLSService extends commons_1.TypedEventEmitter {
             ...defaultConfig,
             ...filteredMLSConfig,
         };
-        await this.coreCryptoClient.mlsInit((0, MLSId_1.generateMLSDeviceId)(userId, client.id), this.config.ciphersuites, this.config.nbKeyPackages);
-        await this.coreCryptoClient.registerCallbacks({
-            // All authorization/membership rules are enforced on backend
-            clientIsExistingGroupUser: async () => true,
-            authorize: async () => true,
-            userAuthorize: async () => true,
+        await this.coreCryptoClient.transaction(cx => {
+            const clientId = new core_crypto_1.ClientId((0, MLSId_1.generateMLSDeviceId)(userId, client.id));
+            return cx.mlsInit(clientId, this.config.ciphersuites, this.config.nbKeyPackages);
         });
-        const isFreshMLSSelfClient = !this.isInitializedMLSClient(client);
-        const shouldinitIdentity = !(isFreshMLSSelfClient && skipInitIdentity);
-        if (shouldinitIdentity) {
-            // We need to make sure keypackages and public key are uploaded to the backend
-            if (isFreshMLSSelfClient) {
-                await this.uploadMLSPublicKeys(client);
+        try {
+            const ccClientSignature = await this.getCCClientSignatureString();
+            const mlsDeviceStatus = (0, Helper_1.getMLSDeviceStatus)(client, this.config.defaultCiphersuite, ccClientSignature);
+            switch (mlsDeviceStatus) {
+                case Helper_1.MLSDeviceStatus.REGISTERED:
+                    if (!skipInitIdentity) {
+                        await this.verifyRemoteMLSKeyPackagesAmount(client.id);
+                    }
+                    else {
+                        this.logger.info(`Blocked initial key package upload for client ${client.id} as E2EI is enabled`);
+                    }
+                    break;
+                case Helper_1.MLSDeviceStatus.MISMATCH:
+                    this.logger.error(`Client ${client.id} is registered but with a different signature`);
+                    this.emit(MLSServiceEvents.MLS_CLIENT_MISMATCH);
+                    break;
+                case Helper_1.MLSDeviceStatus.FRESH:
+                    if (!skipInitIdentity) {
+                        await this.uploadMLSPublicKeys(client);
+                    }
+                    else {
+                        this.logger.info(`Blocked initial key package upload for client ${client.id} as E2EI is enabled`);
+                    }
+                    break;
             }
-            await this.verifyRemoteMLSKeyPackagesAmount(client.id);
         }
-        else {
-            this.logger.info(`Blocked initial key package upload for client ${client.id} as E2EI is enabled`);
+        catch (error) {
+            this.logger.error(`Error while initializing client ${client.id}`, error);
+            throw error;
         }
     }
     /**
@@ -127,46 +159,62 @@ class MLSService extends commons_1.TypedEventEmitter {
             ? core_crypto_1.CredentialType.X509
             : core_crypto_1.CredentialType.Basic;
     }
-    uploadCommitBundle = async (groupId, commitBundle, { isExternalCommit = false, regenerateCommitBundle } = {}) => {
+    _uploadCommitBundle = async ({ commit, groupInfo, welcome, }) => {
+        const bundlePayload = new Uint8Array([
+            ...commit,
+            ...groupInfo.payload.copyBytes(),
+            ...(welcome?.copyBytes() || []),
+        ]);
         try {
-            return await this._uploadCommitBundle(groupId, async () => commitBundle, isExternalCommit);
+            const response = await this.apiClient.api.conversation.postMlsCommitBundle(bundlePayload);
+            if (response.failed_to_send) {
+                this.logger.warn(`Failed to send commit bundle to backend`);
+                return 'retry';
+            }
+            const { events, time } = response;
+            this.emit(MLSServiceEvents.MLS_EVENT_DISTRIBUTED, { events, time });
+            return 'success';
         }
         catch (error) {
-            if (error instanceof http_1.BackendError && error.code === http_1.StatusCode.CONFLICT && regenerateCommitBundle) {
-                return this.conflictBackoffQueue.add(async () => this._uploadCommitBundle(groupId, regenerateCommitBundle, isExternalCommit));
+            this.logger.warn(`Failed to upload commit bundle`, error);
+            if (error instanceof conversation_1.MLSInvalidLeafNodeSignatureError || error instanceof conversation_1.MLSInvalidLeafNodeIndexError) {
+                this.logger.info('Aborting commit bundle upload due to broken MLS conversation');
+                return {
+                    abort: {
+                        reason: (0, CoreCryptoMLSError_1.serializeAbortReason)({
+                            message: CoreCryptoMLSError_1.UPLOAD_COMMIT_BUNDLE_ABORT_REASONS.BROKEN_MLS_CONVERSATION,
+                        }),
+                    },
+                };
             }
-            throw error;
-        }
-    };
-    _uploadCommitBundle = async (groupId, generateCommitBundle, isExternalCommit) => {
-        const groupIdStr = bazinga64_1.Encoder.toBase64(groupId).asString;
-        // We need to lock the incoming mls messages queue while we are uploading the commit bundle
-        // it's possible that we will be sent some mls messages before we receive the response from backend and accept a commit locally.
-        return (0, messageAdd_1.withLockedMLSMessagesQueue)(groupIdStr, async () => {
-            const { commit, groupInfo, welcome } = await generateCommitBundle();
-            const bundlePayload = new Uint8Array([...commit, ...groupInfo.payload, ...(welcome || [])]);
-            try {
-                const response = await this.apiClient.api.conversation.postMlsCommitBundle(bundlePayload);
-                if (isExternalCommit) {
-                    await this.coreCryptoClient.mergePendingGroupFromExternalCommit(groupId);
-                }
-                else {
-                    await this.coreCryptoClient.commitAccepted(groupId);
-                }
-                const newEpoch = await this.getEpoch(groupId);
-                this.emit('newEpoch', { epoch: newEpoch, groupId: groupIdStr });
-                return response;
+            if (error instanceof conversation_1.MLSStaleMessageError) {
+                this.logger.info('Aborting commit bundle upload due to stale MLS message');
+                return {
+                    abort: {
+                        reason: (0, CoreCryptoMLSError_1.serializeAbortReason)({ message: CoreCryptoMLSError_1.UPLOAD_COMMIT_BUNDLE_ABORT_REASONS.MLS_STALE_MESSAGE }),
+                    },
+                };
             }
-            catch (error) {
-                if (isExternalCommit) {
-                    await this.coreCryptoClient.clearPendingGroupFromExternalCommit(groupId);
-                }
-                else {
-                    await this.coreCryptoClient.clearPendingCommit(groupId);
-                }
-                throw error;
+            if (error instanceof conversation_1.MLSGroupOutOfSyncError) {
+                this.logger.info('Aborting commit bundle upload due to group out of sync');
+                return {
+                    abort: {
+                        reason: (0, CoreCryptoMLSError_1.serializeAbortReason)({
+                            message: CoreCryptoMLSError_1.UPLOAD_COMMIT_BUNDLE_ABORT_REASONS.MLS_GROUP_OUT_OF_SYNC,
+                            missing_users: error.missing_users,
+                        }),
+                    },
+                };
             }
-        });
+            this.logger.info('Aborting commit bundle upload due to unknown error');
+            return {
+                abort: {
+                    reason: (0, CoreCryptoMLSError_1.serializeAbortReason)({
+                        message: error instanceof Error ? error.message : CoreCryptoMLSError_1.UPLOAD_COMMIT_BUNDLE_ABORT_REASONS.OTHER,
+                    }),
+                },
+            };
+        }
     };
     /**
      * Will add users to an existing MLS group and send a commit bundle to backend.
@@ -180,25 +228,26 @@ class MLSService extends commons_1.TypedEventEmitter {
         if (keyPackages.length < 1) {
             throw new Error('Empty list of keys provided to addUsersToExistingConversation');
         }
-        //TODO: handle federation error when sending a commit bundle to backend like we do in ProteusService
-        const response = await this.processCommitAction(groupIdBytes, async () => {
-            const commitBundle = await this.coreCryptoClient.addClientsToConversation(groupIdBytes, keyPackages);
-            this.dispatchNewCrlDistributionPoints(commitBundle);
-            return commitBundle;
-        });
-        const failedUsers = response.failed;
-        const failures = failedUsers
-            ? [
-                {
-                    users: failedUsers,
-                    backends: failedUsers.map(({ domain }) => domain),
-                    reason: conversation_1.AddUsersFailureReasons.UNREACHABLE_BACKENDS,
-                },
-            ]
-            : [];
-        return { ...response, failures };
+        const crlNewDistributionPoints = await this.coreCryptoClient.transaction(cx => cx.addClientsToConversation(new core_crypto_1.ConversationId(groupIdBytes), keyPackages));
+        this.dispatchNewCrlDistributionPoints(crlNewDistributionPoints);
     }
-    async getKeyPackagesPayload(qualifiedUsers) {
+    /**
+     * Will return a list of client ids which are already in the group at core crypto level
+     *
+     * @param groupId - the group id of the MLS group
+     * @returns list of client ids
+     */
+    async getClientIdsInGroup(groupId) {
+        const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
+        const currentClientIdsInGroup = [];
+        for (const clientId of await this.coreCryptoClient.getClientIds(new core_crypto_1.ConversationId(groupIdBytes))) {
+            // [user-id]:[client-id]@[domain] -> [client-id]
+            // example: fb880fac-b549-4d8b-9398-4246324c7b85:67f41928e2844b6c@staging.zinfra.io -> 67f41928e2844b6c
+            currentClientIdsInGroup.push(bazinga64_1.Converter.arrayBufferViewToStringUTF8(clientId.copyBytes()).split('@')[0].split(':')[1]);
+        }
+        return currentClientIdsInGroup;
+    }
+    async getKeyPackagesPayload(qualifiedUsers, skipClientIds = []) {
         /**
          * @note We need to fetch key packages for all the users
          * we want to add to the new MLS conversations,
@@ -238,18 +287,20 @@ class MLSService extends commons_1.TypedEventEmitter {
             if (key_packages.length > 0) {
                 return [
                     ...previousValue,
-                    ...key_packages.map(keyPackage => bazinga64_1.Decoder.fromBase64(keyPackage.key_package).asBytes),
+                    ...key_packages
+                        .filter(keyPackage => !skipClientIds.includes(keyPackage.client))
+                        .map(keyPackage => bazinga64_1.Decoder.fromBase64(keyPackage.key_package).asBytes),
                 ];
             }
             return previousValue;
         }, []);
         const failures = [];
         if (emptyKeyPackagesUsers.length > 0) {
-            failures.push({ reason: conversation_1.AddUsersFailureReasons.OFFLINE_FOR_TOO_LONG, users: emptyKeyPackagesUsers });
+            failures.push({ reason: conversation_2.AddUsersFailureReasons.OFFLINE_FOR_TOO_LONG, users: emptyKeyPackagesUsers });
         }
         if (failedToFetchKeyPackages.length > 0) {
             failures.push({
-                reason: conversation_1.AddUsersFailureReasons.UNREACHABLE_BACKENDS,
+                reason: conversation_2.AddUsersFailureReasons.UNREACHABLE_BACKENDS,
                 users: failedToFetchKeyPackages,
                 backends: failedToFetchKeyPackages.map(({ domain }) => domain),
             });
@@ -258,92 +309,98 @@ class MLSService extends commons_1.TypedEventEmitter {
     }
     getEpoch(groupId) {
         const groupIdBytes = typeof groupId === 'string' ? bazinga64_1.Decoder.fromBase64(groupId).asBytes : groupId;
-        return this.coreCryptoClient.conversationEpoch(groupIdBytes);
-    }
-    async newProposal(proposalType, args) {
-        return this.coreCryptoClient.newProposal(proposalType, args);
+        return this.coreCryptoClient.conversationEpoch(new core_crypto_1.ConversationId(groupIdBytes));
     }
     async joinByExternalCommit(getGroupInfo) {
-        const credentialType = await this.getCredentialType();
-        const generateCommit = async () => {
+        try {
+            this.logger.info('Trying to join MLS group via external commit');
+            const credentialType = await this.getCredentialType();
             const groupInfo = await getGroupInfo();
-            const joinRequest = await this.coreCryptoClient.joinByExternalCommit(groupInfo, credentialType);
-            this.dispatchNewCrlDistributionPoints(joinRequest);
-            const { conversationId, ...commitBundle } = joinRequest;
-            return { groupId: conversationId, commitBundle };
-        };
-        const { commitBundle, groupId } = await generateCommit();
-        const mlsResponse = await this.uploadCommitBundle(groupId, commitBundle, {
-            isExternalCommit: true,
-            regenerateCommitBundle: async () => (await generateCommit()).commitBundle,
-        });
-        if (mlsResponse) {
-            //after we've successfully joined via external commit, we schedule periodic key material renewal
-            const groupIdStr = bazinga64_1.Encoder.toBase64(groupId).asString;
-            await this.scheduleKeyMaterialRenewal(groupIdStr);
+            const welcomeBundle = await this.coreCryptoClient.transaction(cx => cx.joinByExternalCommit(new core_crypto_1.GroupInfo(groupInfo), credentialType));
+            await this.dispatchNewCrlDistributionPoints(welcomeBundle.crlNewDistributionPoints);
+            this.logger.info('welcome bundle after joining via external commit');
+            if (welcomeBundle.id) {
+                //after we've successfully joined via external commit, we schedule periodic key material renewal
+                const groupIdStr = bazinga64_1.Encoder.toBase64(welcomeBundle.id.copyBytes()).asString;
+                const newEpoch = await this.getEpoch(groupIdStr);
+                // Schedule the next key material renewal
+                await this.scheduleKeyMaterialRenewal(groupIdStr);
+                // Notify subscribers about the new epoch
+                this.emit(MLSServiceEvents.NEW_EPOCH, { groupId: groupIdStr, epoch: newEpoch });
+                this.logger.info(`Joined MLS group with id ${groupIdStr} via external commit, new epoch: ${newEpoch}`);
+            }
+        }
+        catch (error) {
+            this.logger.warn('Failed to join MLS group via external commit', error);
+            throw error;
         }
-        return mlsResponse;
     }
     async exportSecretKey(groupId, keyLength) {
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        const key = await this.coreCryptoClient.exportSecretKey(groupIdBytes, keyLength);
+        const key = await this.coreCryptoClient.exportSecretKey(new core_crypto_1.ConversationId(groupIdBytes), keyLength);
         return bazinga64_1.Encoder.toBase64(key).asString;
     }
-    dispatchNewCrlDistributionPoints(payload) {
-        const { crlNewDistributionPoints } = payload;
+    dispatchNewCrlDistributionPoints(crlNewDistributionPoints) {
         if (crlNewDistributionPoints && crlNewDistributionPoints.length > 0) {
-            this.emit('newCrlDistributionPoints', crlNewDistributionPoints);
+            this.emit(MLSServiceEvents.NEW_CRL_DISTRIBUTION_POINTS, crlNewDistributionPoints);
         }
     }
     async processWelcomeMessage(welcomeMessage) {
-        const welcomeBundle = await this.coreCryptoClient.processWelcomeMessage(welcomeMessage);
-        this.dispatchNewCrlDistributionPoints(welcomeBundle);
+        const welcomeBundle = await this.coreCryptoClient.transaction(cx => cx.processWelcomeMessage(new core_crypto_1.Welcome(welcomeMessage)));
+        this.dispatchNewCrlDistributionPoints(welcomeBundle.crlNewDistributionPoints);
         return welcomeBundle.id;
     }
     async decryptMessage(conversationId, payload) {
-        return await this.coreCryptoClient.transaction(async (cx) => {
-            try {
-                const decryptedMessage = await cx.decryptMessage(conversationId, payload);
-                this.dispatchNewCrlDistributionPoints(decryptedMessage);
-                return decryptedMessage;
-            }
-            catch (error) {
-                // According to CoreCrypto JS doc on .decryptMessage method, we should ignore some errors (corecrypto handle them internally)
-                if ((0, CoreCryptoMLSError_1.shouldMLSDecryptionErrorBeIgnored)(error)) {
-                    return {
-                        hasEpochChanged: false,
-                        isActive: false,
-                        proposals: [],
-                    };
-                }
-                throw error;
+        try {
+            const start = Date.now();
+            this.logger.info('Decrypting message', { conversationId });
+            const decryptedMessage = await this.coreCryptoClient.transaction(cx => cx.decryptMessage(conversationId, payload));
+            this.dispatchNewCrlDistributionPoints(decryptedMessage.crlNewDistributionPoints);
+            this.logger.info('Message decrypted successfully', { conversationId, duration: Date.now() - start });
+            return decryptedMessage;
+        }
+        catch (error) {
+            this.logger.warn('Failed to decrypt MLS message', { conversationId, error });
+            // According to CoreCrypto JS doc on .decryptMessage method, we should ignore some errors (corecrypto handle them internally)
+            if ((0, CoreCryptoMLSError_1.shouldMLSDecryptionErrorBeIgnored)(error)) {
+                return {
+                    hasEpochChanged: false,
+                    isActive: false,
+                };
             }
-        });
+            throw error;
+        }
     }
     async encryptMessage(conversationId, message) {
-        return this.coreCryptoClient.encryptMessage(conversationId, message);
+        return this.coreCryptoClient.transaction(cx => cx.encryptMessage(conversationId, message));
     }
-    /**
-     * Will wrap a coreCrypto call that generates a CommitBundle and do all the necessary work so that commitbundle is handled the right way.
-     * It does:
-     *   - commit the pending proposal
-     *   - then generates the commitBundle with the given function
-     *   - uploads the commitBundle to backend
-     *   - warns coreCrypto that the commit was successfully processed
-     * @param groupId
-     * @param generateCommit The function that will generate a coreCrypto CommitBundle
-     */
-    async processCommitAction(groupId, generateCommit) {
-        const groupIdStr = bazinga64_1.Encoder.toBase64(groupId).asString;
-        return (0, messageSender_1.sendMessage)(async () => {
-            await this.commitPendingProposals(groupIdStr);
-            const commitBundle = await generateCommit();
-            return this.uploadCommitBundle(groupId, commitBundle, { regenerateCommitBundle: generateCommit });
-        });
-    }
-    updateKeyingMaterial(groupId) {
-        const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        return this.processCommitAction(groupIdBytes, () => this.coreCryptoClient.updateKeyingMaterial(groupIdBytes));
+    async updateKeyingMaterial(groupId, retry = true) {
+        try {
+            const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
+            await this.coreCryptoClient.transaction(cx => cx.updateKeyingMaterial(new core_crypto_1.ConversationId(groupIdBytes)));
+        }
+        catch (error) {
+            if (!retry) {
+                this.logger.error(`Failed to update keying material for group retrying did not fix the issue`, {
+                    error,
+                    groupId,
+                });
+                throw error;
+            }
+            this.logger.warn(`Failed to update keying material for group`, { error, groupId });
+            this.emit(MLSServiceEvents.KEY_MATERIAL_UPDATE_FAILURE, { error, groupId });
+            setTimeout(async () => {
+                try {
+                    await this.updateKeyingMaterial(groupId, false);
+                }
+                catch (error) {
+                    this.logger.error(`Failed to update keying material for group on retry`, {
+                        error,
+                        groupId,
+                    });
+                }
+            }, commons_1.TimeUtil.TimeInMillis.SECOND * 10); // retry after 10 seconds
+        }
     }
     /**
      * Will create an empty conversation inside of coreCrypto.
@@ -355,7 +412,9 @@ class MLSService extends commons_1.TypedEventEmitter {
         let externalSenders = [];
         if (parentGroupId) {
             const parentGroupIdBytes = bazinga64_1.Decoder.fromBase64(parentGroupId).asBytes;
-            externalSenders = [await this.coreCryptoClient.getExternalSender(parentGroupIdBytes)];
+            externalSenders = [
+                new core_crypto_1.ExternalSenderKey(await this.coreCryptoClient.getExternalSender(new core_crypto_1.ConversationId(parentGroupIdBytes))),
+            ];
         }
         else {
             const mlsKeys = (await this.apiClient.api.client.getPublicKeys()).removal;
@@ -364,14 +423,14 @@ class MLSService extends commons_1.TypedEventEmitter {
             if (!removalKeyForSignature) {
                 throw new Error(`Cannot create conversation: No backend removal key found for the signature ${ciphersuiteSignature}`);
             }
-            externalSenders = [bazinga64_1.Decoder.fromBase64(removalKeyForSignature).asBytes];
+            externalSenders = [new core_crypto_1.ExternalSenderKey(bazinga64_1.Decoder.fromBase64(removalKeyForSignature).asBytes)];
         }
         const configuration = {
             externalSenders,
             ciphersuite: this.config.defaultCiphersuite,
         };
         const credentialType = await this.getCredentialType();
-        return this.coreCryptoClient.createConversation(groupIdBytes, credentialType, configuration);
+        return this.coreCryptoClient.transaction(cx => cx.createConversation(new core_crypto_1.ConversationId(groupIdBytes), credentialType, configuration));
     }
     /**
      * Will create a conversation inside of coreCrypto, add users to it or update the keying material if empty key packages list is provided.
@@ -395,19 +454,18 @@ class MLSService extends commons_1.TypedEventEmitter {
         }));
         if (keyPackages.length <= 0) {
             // If there are no clients to add, just update the keying material
-            const response = await this.updateKeyingMaterial(groupId);
+            await this.updateKeyingMaterial(groupId);
             await this.scheduleKeyMaterialRenewal(groupId);
-            return { ...response, failures: keysClaimingFailures };
+            return keysClaimingFailures;
         }
-        const response = await this.addUsersToExistingConversation(groupId, keyPackages);
+        await this.addUsersToExistingConversation(groupId, keyPackages);
         // We schedule a periodic key material renewal
         await this.scheduleKeyMaterialRenewal(groupId);
         /**
          * @note If we can't fetch a user's key packages then we can not add them to mls conversation
          * so we're adding them to the list of failed users.
          */
-        response.failures = [...keysClaimingFailures, ...response.failures];
-        return response;
+        return keysClaimingFailures;
     }
     /**
      * Will create a 1:1 conversation inside of coreCrypto, try claiming key packages for user and (if succesfull) add them to the MLS group.
@@ -423,21 +481,17 @@ class MLSService extends commons_1.TypedEventEmitter {
             // If we're missing key packages for the user we want to add, we can't register the conversation
             if (otherUserKeyPackages.length <= 0) {
                 if (otherUserKeysClaimingFailures.length > 0 &&
-                    otherUserKeysClaimingFailures.some(({ reason }) => reason === conversation_1.AddUsersFailureReasons.OFFLINE_FOR_TOO_LONG)) {
+                    otherUserKeysClaimingFailures.some(({ reason }) => reason === conversation_2.AddUsersFailureReasons.OFFLINE_FOR_TOO_LONG)) {
                     throw new ClientMLSError_1.ClientMLSError(ClientMLSError_1.ClientMLSErrorLabel.NO_KEY_PACKAGES_AVAILABLE);
                 }
             }
             const { keyPackages: selfKeyPackages, failures: selfKeysClaimingFailures } = await this.getKeyPackagesPayload([
                 { ...selfUser.user, skipOwnClientId: selfUser.client },
             ]);
-            const response = await this.addUsersToExistingConversation(groupId, [
-                ...otherUserKeyPackages,
-                ...selfKeyPackages,
-            ]);
+            await this.addUsersToExistingConversation(groupId, [...otherUserKeyPackages, ...selfKeyPackages]);
             // We schedule a periodic key material renewal
             await this.scheduleKeyMaterialRenewal(groupId);
-            response.failures = [...otherUserKeysClaimingFailures, ...selfKeysClaimingFailures, ...response.failures];
-            return response;
+            return [...otherUserKeysClaimingFailures, ...selfKeysClaimingFailures];
         }
         catch (error) {
             await this.wipeConversation(groupId);
@@ -464,6 +518,7 @@ class MLSService extends commons_1.TypedEventEmitter {
             return true;
         }
         catch (error) {
+            this.logger.warn("Couldn't establish the MLS group", error);
             // If conversation already existed, locally, nothing more to do, we've received a welcome message.
             if ((0, CoreCryptoMLSError_1.isCoreCryptoMLSConversationAlreadyExistsError)(error)) {
                 this.logger.debug(`MLS Group with id ${groupId} already exists, skipping the initialisation.`);
@@ -483,7 +538,7 @@ class MLSService extends commons_1.TypedEventEmitter {
      */
     removeClientsFromConversation(groupId, clientIds) {
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        return this.processCommitAction(groupIdBytes, () => this.coreCryptoClient.removeClientsFromConversation(groupIdBytes, clientIds.map(id => this.textEncoder.encode(id))));
+        return this.coreCryptoClient.transaction(cx => cx.removeClientsFromConversation(new core_crypto_1.ConversationId(groupIdBytes), clientIds.map(id => new core_crypto_1.ClientId(this.textEncoder.encode(id)))));
     }
     /**
      * Will check if mls group exists in corecrypto.
@@ -491,7 +546,7 @@ class MLSService extends commons_1.TypedEventEmitter {
      */
     async conversationExists(groupId) {
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        return this.coreCryptoClient.conversationExists(groupIdBytes);
+        return this.coreCryptoClient.conversationExists(new core_crypto_1.ConversationId(groupIdBytes));
     }
     /**
      * Will check if mls group is established in coreCrypto.
@@ -504,11 +559,11 @@ class MLSService extends commons_1.TypedEventEmitter {
     }
     async clientValidKeypackagesCount() {
         const credentialType = await this.getCredentialType();
-        return this.coreCryptoClient.clientValidKeypackagesCount(this.config.defaultCiphersuite, credentialType);
+        return this.coreCryptoClient.transaction(cx => cx.clientValidKeypackagesCount(this.config.defaultCiphersuite, credentialType));
     }
     async clientKeypackages(amountRequested) {
         const credentialType = await this.getCredentialType();
-        return this.coreCryptoClient.clientKeypackages(this.config.defaultCiphersuite, credentialType, amountRequested);
+        return this.coreCryptoClient.transaction(cx => cx.clientKeypackages(this.config.defaultCiphersuite, credentialType, amountRequested));
     }
     /**
      * Will send an empty commit into a group (renew key material)
@@ -610,6 +665,14 @@ class MLSService extends commons_1.TypedEventEmitter {
     async getRemoteMLSKeyPackageCount(clientId) {
         return this.apiClient.api.client.getMLSKeyPackageCount(clientId, (0, numberToHex_1.numberToHex)(this.config.defaultCiphersuite));
     }
+    async getCCClientSignatureString() {
+        const credentialType = await this.getCredentialType();
+        const publicKey = await this.coreCryptoClient.clientPublicKey(this.config.defaultCiphersuite, credentialType);
+        if (!publicKey) {
+            throw new Error('No public key found for client');
+        }
+        return btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(publicKey));
+    }
     /**
      * Will update the given client on backend with its public key.
      *
@@ -618,13 +681,18 @@ class MLSService extends commons_1.TypedEventEmitter {
      */
     async uploadMLSPublicKeys(client) {
         // If we've already updated a client with its public key, there's no need to do it again.
-        const credentialType = await this.getCredentialType();
-        const publicKey = await this.coreCryptoClient.clientPublicKey(this.config.defaultCiphersuite, credentialType);
-        return this.apiClient.api.client.putClient(client.id, {
-            mls_public_keys: {
-                [(0, Helper_1.getSignatureAlgorithmForCiphersuite)(this.config.defaultCiphersuite)]: btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(publicKey)),
-            },
-        });
+        try {
+            const clientSignature = await this.getCCClientSignatureString();
+            return this.apiClient.api.client.putClient(client.id, {
+                mls_public_keys: {
+                    [(0, Helper_1.getSignatureAlgorithmForCiphersuite)(this.config.defaultCiphersuite)]: clientSignature,
+                },
+            });
+        }
+        catch (error) {
+            this.logger.error(`Failed to upload public keys for client ${client.id}`, error);
+            throw error;
+        }
     }
     async replaceKeyPackages(clientId, keyPackages) {
         return this.apiClient.api.client.replaceMLSKeyPackages(clientId, keyPackages.map(keyPackage => btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(keyPackage))), (0, numberToHex_1.numberToHex)(this.config.defaultCiphersuite));
@@ -633,7 +701,6 @@ class MLSService extends commons_1.TypedEventEmitter {
         return this.apiClient.api.client.uploadMLSKeyPackages(clientId, keyPackages.map(keyPackage => btoa(bazinga64_1.Converter.arrayBufferViewToBaselineString(keyPackage))));
     }
     async wipeConversation(groupId) {
-        (0, messageAdd_1.deleteMLSMessagesQueue)(groupId);
         await this.cancelKeyMaterialRenewal(groupId);
         await this.cancelPendingProposalsTask(groupId);
         const doesConversationExist = await this.conversationExists(groupId);
@@ -642,7 +709,7 @@ class MLSService extends commons_1.TypedEventEmitter {
             return;
         }
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        return this.coreCryptoClient.wipeConversation(groupIdBytes);
+        return this.coreCryptoClient.transaction(cx => cx.wipeConversation(new core_crypto_1.ConversationId(groupIdBytes)));
     }
     /**
      * If there are pending proposals, we need to either process them,
@@ -682,25 +749,29 @@ class MLSService extends commons_1.TypedEventEmitter {
      *
      * @param groupId groupId of the conversation
      */
-    async commitPendingProposals(groupId, shouldRetry = true) {
+    async commitPendingProposals(groupId, shouldRetry = true, params) {
+        this.logger.info(`Committing pending proposals for groupId ${groupId}`, { shouldRetry, params });
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
         try {
-            const commitBundle = await this.coreCryptoClient.commitPendingProposals(groupIdBytes);
-            if (commitBundle) {
-                await this.uploadCommitBundle(groupIdBytes, commitBundle);
-            }
+            await this.coreCryptoClient.transaction(cx => cx.commitPendingProposals(new core_crypto_1.ConversationId(groupIdBytes)));
             await this.cancelPendingProposalsTask(groupId);
         }
         catch (error) {
             if (!shouldRetry) {
                 throw error;
             }
-            this.logger.warn('Failed to commit proposals, clearing the pending commit and retrying', error);
-            // If we failed to commit the proposals, we need to clear the pending commit and retry
-            // this is to avoid a situation where we are stuck with pending proposals that we can't commit.
-            // If there's nothing to clear the methods might throw an error, which we can ignore.
-            await this.coreCryptoClient.clearPendingCommit(groupIdBytes).catch(() => undefined);
-            await this.coreCryptoClient.clearPendingGroupFromExternalCommit(groupIdBytes).catch(() => undefined);
+            if ((0, core_crypto_1.isMlsMessageRejectedError)(error)) {
+                this.logger.warn('Failed to commit proposals, conversation is broken, letting the error bubble up', {
+                    error,
+                    groupId,
+                });
+                throw error;
+            }
+            this.logger.warn('Failed to commit proposals, clearing the pending commit and retrying', {
+                error,
+                groupId,
+                shouldRetry,
+            });
             return this.commitPendingProposals(groupId, false);
         }
     }
@@ -731,9 +802,9 @@ class MLSService extends commons_1.TypedEventEmitter {
      */
     async getClientIds(groupId) {
         const groupIdBytes = bazinga64_1.Decoder.fromBase64(groupId).asBytes;
-        const rawClientIds = await this.coreCryptoClient.getClientIds(groupIdBytes);
+        const rawClientIds = await this.coreCryptoClient.getClientIds(new core_crypto_1.ConversationId(groupIdBytes));
         const clientIds = rawClientIds.map(id => {
-            const { user, client, domain } = (0, fullyQualifiedClientIdUtils_1.parseFullQualifiedClientId)(this.textDecoder.decode(id));
+            const { user, client, domain } = (0, fullyQualifiedClientIdUtils_1.parseFullQualifiedClientId)(this.textDecoder.decode(id.copyBytes()));
             return { userId: user, clientId: client, domain };
         });
         return clientIds;
@@ -745,7 +816,7 @@ class MLSService extends commons_1.TypedEventEmitter {
         if (!groupId) {
             throw new Error(`Could not find a group_id for conversation ${qualifiedConversationId.id}@${qualifiedConversationId.domain}${event.subconv ? `/subconversation:${event.subconv}` : ''}`);
         }
-        return (0, messageAdd_1.queueIncomingMLSMessage)(groupId, () => (0, events_1.handleMLSMessageAdd)({ event, mlsService: this, groupId }));
+        return (0, events_1.handleMLSMessageAdd)({ event, mlsService: this, groupId });
     }
     async handleMLSWelcomeMessageEvent(event, clientId) {
         // Every time we've received a welcome message, it means that our key package was consumed,
@@ -769,32 +840,20 @@ class MLSService extends commons_1.TypedEventEmitter {
      * @param oAuthIdToken The OAuth id token if the user is already authenticated
      * @returns AcmeChallenge if the user is not authenticated, true if the user is authenticated
      */
-    async enrollE2EI(discoveryUrl, user, client, nbPrekeys, certificateTtl, getOAuthToken) {
+    async enrollE2EI(discoveryUrl, user, client, nbPrekeys, certificateTtl, getOAuthToken, getAllConversations) {
         const isCertificateRenewal = await this.coreCryptoClient.e2eiIsEnabled(this.config.defaultCiphersuite);
         const e2eiServiceInternal = new E2EIServiceInternal_1.E2EIServiceInternal(this.coreDatabase, this.coreCryptoClient, this.apiClient, certificateTtl, nbPrekeys, { user, clientId: client.id, discoveryUrl });
-        const rotateBundle = await e2eiServiceInternal.generateCertificate(getOAuthToken, isCertificateRenewal, this.config.defaultCiphersuite);
-        this.dispatchNewCrlDistributionPoints(rotateBundle);
+        const { keyPackages, newCrlDistributionPoints } = await e2eiServiceInternal.generateCertificate(getOAuthToken, isCertificateRenewal, getAllConversations, this.config.defaultCiphersuite);
+        this.dispatchNewCrlDistributionPoints(newCrlDistributionPoints);
         // upload the clients public keys
         if (!this.isInitializedMLSClient(client)) {
             // we only upload public keys for the initial certification process if the device is not already a registered MLS device.
             await this.uploadMLSPublicKeys(client);
         }
         // replace old key packages with new key packages with x509 certificate
-        await this.replaceKeyPackages(client.id, rotateBundle.newKeyPackages);
+        await this.replaceKeyPackages(client.id, keyPackages);
         // Verify that we have enough key packages
         await this.verifyRemoteMLSKeyPackagesAmount(client.id);
-        // Update keying material
-        for (const [groupId, commitBundle] of rotateBundle.commits) {
-            const groupIdAsBytes = bazinga64_1.Converter.hexStringToArrayBufferView(groupId);
-            // manual copy of the commit bundle data because of a problem while cloning it
-            const newCommitBundle = {
-                commit: commitBundle.commit,
-                // @ts-ignore
-                groupInfo: commitBundle?.group_info || commitBundle.groupInfo,
-                welcome: commitBundle?.welcome,
-            };
-            await this.uploadCommitBundle(groupIdAsBytes, newCommitBundle);
-        }
     }
 }
 exports.MLSService = MLSService;