matrix-js-sdk 41.8.0 → 41.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/README.md +1 -1
- package/lib/@types/AESEncryptedSecretStoragePayload.js +3 -1
- package/lib/@types/IIdentityServerProvider.js +3 -1
- package/lib/@types/PushRules.js +7 -7
- package/lib/@types/PushRules.js.map +1 -1
- package/lib/@types/auth.js +4 -4
- package/lib/@types/auth.js.map +1 -1
- package/lib/@types/beacon.js +2 -2
- package/lib/@types/beacon.js.map +1 -1
- package/lib/@types/common.js +3 -1
- package/lib/@types/crypto.js +3 -1
- package/lib/@types/event.js +20 -20
- package/lib/@types/event.js.map +1 -1
- package/lib/@types/events.js +3 -1
- package/lib/@types/extensible_events.js +6 -6
- package/lib/@types/extensible_events.js.map +1 -1
- package/lib/@types/global.d.js.map +1 -1
- package/lib/@types/json.js +3 -1
- package/lib/@types/local_notifications.js +3 -1
- package/lib/@types/location.js +4 -4
- package/lib/@types/location.js.map +1 -1
- package/lib/@types/matrix-sdk-crypto-wasm.d.js +3 -1
- package/lib/@types/media.js +3 -1
- package/lib/@types/membership.js +1 -1
- package/lib/@types/membership.js.map +1 -1
- package/lib/@types/partials.js +6 -6
- package/lib/@types/partials.js.map +1 -1
- package/lib/@types/polls.js +5 -5
- package/lib/@types/polls.js.map +1 -1
- package/lib/@types/read_receipts.js +2 -2
- package/lib/@types/read_receipts.js.map +1 -1
- package/lib/@types/registration.js +3 -1
- package/lib/@types/requests.js +1 -1
- package/lib/@types/requests.js.map +1 -1
- package/lib/@types/retention.js +1 -1
- package/lib/@types/retention.js.map +1 -1
- package/lib/@types/search.js +1 -1
- package/lib/@types/search.js.map +1 -1
- package/lib/@types/signed.js +3 -1
- package/lib/@types/spaces.js +3 -1
- package/lib/@types/state_events.js +3 -1
- package/lib/@types/synapse.js +3 -1
- package/lib/@types/sync.js +1 -1
- package/lib/@types/sync.js.map +1 -1
- package/lib/@types/threepids.js +1 -1
- package/lib/@types/threepids.js.map +1 -1
- package/lib/@types/topic.js +1 -1
- package/lib/@types/topic.js.map +1 -1
- package/lib/@types/uia.js +3 -1
- package/lib/NamespacedValue.js +8 -8
- package/lib/NamespacedValue.js.map +1 -1
- package/lib/ReEmitter.js +9 -16
- package/lib/ReEmitter.js.map +1 -1
- package/lib/ToDeviceMessageQueue.js +49 -57
- package/lib/ToDeviceMessageQueue.js.map +1 -1
- package/lib/autodiscovery.js +232 -247
- package/lib/autodiscovery.js.map +1 -1
- package/lib/base64.js +1 -1
- package/lib/base64.js.map +1 -1
- package/lib/browser-index.d.ts +2 -2
- package/lib/browser-index.d.ts.map +1 -1
- package/lib/browser-index.js +5 -5
- package/lib/browser-index.js.map +1 -1
- package/lib/capabilityPoller.js +19 -22
- package/lib/capabilityPoller.js.map +1 -1
- package/lib/client.d.ts +2 -8
- package/lib/client.d.ts.map +1 -1
- package/lib/client.js +2043 -2487
- package/lib/client.js.map +1 -1
- package/lib/common-crypto/CryptoBackend.js +2 -2
- package/lib/common-crypto/CryptoBackend.js.map +1 -1
- package/lib/common-crypto/key-passphrase.js.map +1 -1
- package/lib/content-helpers.js +43 -48
- package/lib/content-helpers.js.map +1 -1
- package/lib/content-repo.js +14 -24
- package/lib/content-repo.js.map +1 -1
- package/lib/crypto/store/base.js +6 -6
- package/lib/crypto/store/base.js.map +1 -1
- package/lib/crypto/store/indexeddb-crypto-store-backend.js +190 -238
- package/lib/crypto/store/indexeddb-crypto-store-backend.js.map +1 -1
- package/lib/crypto/store/indexeddb-crypto-store.js +25 -30
- package/lib/crypto/store/indexeddb-crypto-store.js.map +1 -1
- package/lib/crypto/store/localStorage-crypto-store.js +113 -145
- package/lib/crypto/store/localStorage-crypto-store.js.map +1 -1
- package/lib/crypto/store/memory-crypto-store.js +74 -105
- package/lib/crypto/store/memory-crypto-store.js.map +1 -1
- package/lib/crypto-api/CryptoEvent.js +1 -1
- package/lib/crypto-api/CryptoEvent.js.map +1 -1
- package/lib/crypto-api/CryptoEventHandlerMap.js +3 -1
- package/lib/crypto-api/index.d.ts +15 -6
- package/lib/crypto-api/index.d.ts.map +1 -1
- package/lib/crypto-api/index.js +22 -22
- package/lib/crypto-api/index.js.map +1 -1
- package/lib/crypto-api/key-passphrase.js +15 -23
- package/lib/crypto-api/key-passphrase.js.map +1 -1
- package/lib/crypto-api/keybackup.js +3 -1
- package/lib/crypto-api/recovery-key.js +11 -12
- package/lib/crypto-api/recovery-key.js.map +1 -1
- package/lib/crypto-api/verification.js +3 -3
- package/lib/crypto-api/verification.js.map +1 -1
- package/lib/digest.js +7 -14
- package/lib/digest.js.map +1 -1
- package/lib/embedded.d.ts.map +1 -1
- package/lib/embedded.js +380 -505
- package/lib/embedded.js.map +1 -1
- package/lib/errors.js +2 -2
- package/lib/errors.js.map +1 -1
- package/lib/event-mapper.js +10 -12
- package/lib/event-mapper.js.map +1 -1
- package/lib/extensible_events_v1/ExtensibleEvent.js.map +1 -1
- package/lib/extensible_events_v1/InvalidEventError.js.map +1 -1
- package/lib/extensible_events_v1/MessageEvent.js +11 -13
- package/lib/extensible_events_v1/MessageEvent.js.map +1 -1
- package/lib/extensible_events_v1/PollEndEvent.js +3 -4
- package/lib/extensible_events_v1/PollEndEvent.js.map +1 -1
- package/lib/extensible_events_v1/PollResponseEvent.js +5 -6
- package/lib/extensible_events_v1/PollResponseEvent.js.map +1 -1
- package/lib/extensible_events_v1/PollStartEvent.js +8 -10
- package/lib/extensible_events_v1/PollStartEvent.js.map +1 -1
- package/lib/extensible_events_v1/utilities.js.map +1 -1
- package/lib/feature.js +18 -31
- package/lib/feature.js.map +1 -1
- package/lib/filter-component.d.ts.map +1 -1
- package/lib/filter-component.js +20 -26
- package/lib/filter-component.js.map +1 -1
- package/lib/filter.js +14 -17
- package/lib/filter.js.map +1 -1
- package/lib/http-api/errors.js +28 -43
- package/lib/http-api/errors.js.map +1 -1
- package/lib/http-api/fetch.js +141 -159
- package/lib/http-api/fetch.js.map +1 -1
- package/lib/http-api/index.js +17 -20
- package/lib/http-api/index.js.map +1 -1
- package/lib/http-api/interface.js +1 -1
- package/lib/http-api/interface.js.map +1 -1
- package/lib/http-api/method.js +1 -1
- package/lib/http-api/method.js.map +1 -1
- package/lib/http-api/prefix.js +3 -3
- package/lib/http-api/prefix.js.map +1 -1
- package/lib/http-api/refresh.js +74 -94
- package/lib/http-api/refresh.js.map +1 -1
- package/lib/http-api/utils.d.ts +1 -1
- package/lib/http-api/utils.d.ts.map +1 -1
- package/lib/http-api/utils.js +34 -42
- package/lib/http-api/utils.js.map +1 -1
- package/lib/index.js.map +1 -1
- package/lib/indexeddb-helpers.js +3 -3
- package/lib/indexeddb-helpers.js.map +1 -1
- package/lib/indexeddb-worker.js.map +1 -1
- package/lib/interactive-auth.d.ts +5 -5
- package/lib/interactive-auth.d.ts.map +1 -1
- package/lib/interactive-auth.js +172 -204
- package/lib/interactive-auth.js.map +1 -1
- package/lib/logger.js +21 -57
- package/lib/logger.js.map +1 -1
- package/lib/matrix.js +7 -11
- package/lib/matrix.js.map +1 -1
- package/lib/matrixrtc/CallMembership.js +80 -74
- package/lib/matrixrtc/CallMembership.js.map +1 -1
- package/lib/matrixrtc/EncryptionManager.js +1 -1
- package/lib/matrixrtc/EncryptionManager.js.map +1 -1
- package/lib/matrixrtc/IKeyTransport.js +1 -1
- package/lib/matrixrtc/IKeyTransport.js.map +1 -1
- package/lib/matrixrtc/IMembershipManager.js +1 -1
- package/lib/matrixrtc/IMembershipManager.js.map +1 -1
- package/lib/matrixrtc/LivekitTransport.d.ts +1 -1
- package/lib/matrixrtc/LivekitTransport.js +4 -4
- package/lib/matrixrtc/LivekitTransport.js.map +1 -1
- package/lib/matrixrtc/MatrixRTCSession.js +137 -187
- package/lib/matrixrtc/MatrixRTCSession.js.map +1 -1
- package/lib/matrixrtc/MatrixRTCSessionManager.js +36 -41
- package/lib/matrixrtc/MatrixRTCSessionManager.js.map +1 -1
- package/lib/matrixrtc/MembershipManager.js +332 -378
- package/lib/matrixrtc/MembershipManager.js.map +1 -1
- package/lib/matrixrtc/MembershipManagerActionScheduler.js +54 -63
- package/lib/matrixrtc/MembershipManagerActionScheduler.js.map +1 -1
- package/lib/matrixrtc/RTCEncryptionManager.js +119 -143
- package/lib/matrixrtc/RTCEncryptionManager.js.map +1 -1
- package/lib/matrixrtc/ToDeviceKeyTransport.js +53 -58
- package/lib/matrixrtc/ToDeviceKeyTransport.js.map +1 -1
- package/lib/matrixrtc/index.js.map +1 -1
- package/lib/matrixrtc/membershipData/common.js +1 -1
- package/lib/matrixrtc/membershipData/common.js.map +1 -1
- package/lib/matrixrtc/membershipData/index.js.map +1 -1
- package/lib/matrixrtc/membershipData/rtc.js +15 -23
- package/lib/matrixrtc/membershipData/rtc.js.map +1 -1
- package/lib/matrixrtc/membershipData/session.js +4 -5
- package/lib/matrixrtc/membershipData/session.js.map +1 -1
- package/lib/matrixrtc/types.js +4 -6
- package/lib/matrixrtc/types.js.map +1 -1
- package/lib/matrixrtc/utils.js +4 -11
- package/lib/matrixrtc/utils.js.map +1 -1
- package/lib/models/MSC3089Branch.js +91 -116
- package/lib/models/MSC3089Branch.js.map +1 -1
- package/lib/models/MSC3089TreeSpace.js +209 -245
- package/lib/models/MSC3089TreeSpace.js.map +1 -1
- package/lib/models/ToDeviceMessage.js +3 -1
- package/lib/models/beacon.js +14 -13
- package/lib/models/beacon.js.map +1 -1
- package/lib/models/compare-event-ordering.js +13 -13
- package/lib/models/compare-event-ordering.js.map +1 -1
- package/lib/models/device.js +3 -3
- package/lib/models/device.js.map +1 -1
- package/lib/models/event-context.js +5 -8
- package/lib/models/event-context.js.map +1 -1
- package/lib/models/event-status.js +1 -1
- package/lib/models/event-status.js.map +1 -1
- package/lib/models/event-timeline-set.js +88 -94
- package/lib/models/event-timeline-set.js.map +1 -1
- package/lib/models/event-timeline.js +28 -30
- package/lib/models/event-timeline.js.map +1 -1
- package/lib/models/event.js +182 -226
- package/lib/models/event.js.map +1 -1
- package/lib/models/invites-ignorer-types.js +4 -4
- package/lib/models/invites-ignorer-types.js.map +1 -1
- package/lib/models/invites-ignorer.js +159 -179
- package/lib/models/invites-ignorer.js.map +1 -1
- package/lib/models/poll.js +71 -81
- package/lib/models/poll.js.map +1 -1
- package/lib/models/profile-keys.js +2 -2
- package/lib/models/profile-keys.js.map +1 -1
- package/lib/models/read-receipt.js +40 -56
- package/lib/models/read-receipt.js.map +1 -1
- package/lib/models/related-relations.js.map +1 -1
- package/lib/models/relations-container.js +22 -23
- package/lib/models/relations-container.js.map +1 -1
- package/lib/models/relations.js +133 -159
- package/lib/models/relations.js.map +1 -1
- package/lib/models/room-member.js +24 -29
- package/lib/models/room-member.js.map +1 -1
- package/lib/models/room-receipts.js +29 -43
- package/lib/models/room-receipts.js.map +1 -1
- package/lib/models/room-retention.js +74 -83
- package/lib/models/room-retention.js.map +1 -1
- package/lib/models/room-state.js +143 -172
- package/lib/models/room-state.js.map +1 -1
- package/lib/models/room-sticky-events.d.ts +1 -0
- package/lib/models/room-sticky-events.d.ts.map +1 -1
- package/lib/models/room-sticky-events.js +45 -65
- package/lib/models/room-sticky-events.js.map +1 -1
- package/lib/models/room-summary.js.map +1 -1
- package/lib/models/room.d.ts.map +1 -1
- package/lib/models/room.js +765 -909
- package/lib/models/room.js.map +1 -1
- package/lib/models/search-result.js +5 -5
- package/lib/models/search-result.js.map +1 -1
- package/lib/models/thread.js +225 -285
- package/lib/models/thread.js.map +1 -1
- package/lib/models/typed-event-emitter.js +7 -18
- package/lib/models/typed-event-emitter.js.map +1 -1
- package/lib/models/user.js +8 -8
- package/lib/models/user.js.map +1 -1
- package/lib/oidc/authorize.js +208 -241
- package/lib/oidc/authorize.js.map +1 -1
- package/lib/oidc/discovery.js +23 -36
- package/lib/oidc/discovery.js.map +1 -1
- package/lib/oidc/error.js +1 -1
- package/lib/oidc/error.js.map +1 -1
- package/lib/oidc/index.js +1 -0
- package/lib/oidc/index.js.map +1 -1
- package/lib/oidc/register.js +60 -66
- package/lib/oidc/register.js.map +1 -1
- package/lib/oidc/tokenRefresher.js +77 -91
- package/lib/oidc/tokenRefresher.js.map +1 -1
- package/lib/oidc/validate.js +18 -18
- package/lib/oidc/validate.js.map +1 -1
- package/lib/pushprocessor.js +71 -82
- package/lib/pushprocessor.js.map +1 -1
- package/lib/randomstring.js +9 -9
- package/lib/randomstring.js.map +1 -1
- package/lib/realtime-callbacks.js +25 -28
- package/lib/realtime-callbacks.js.map +1 -1
- package/lib/receipt-accumulator.d.ts +2 -0
- package/lib/receipt-accumulator.d.ts.map +1 -1
- package/lib/receipt-accumulator.js +14 -22
- package/lib/receipt-accumulator.js.map +1 -1
- package/lib/rendezvous/MSC4108SignInWithQR.js +271 -302
- package/lib/rendezvous/MSC4108SignInWithQR.js.map +1 -1
- package/lib/rendezvous/RendezvousChannel.js +3 -1
- package/lib/rendezvous/RendezvousCode.js +3 -1
- package/lib/rendezvous/RendezvousError.js.map +1 -1
- package/lib/rendezvous/RendezvousFailureReason.js +2 -2
- package/lib/rendezvous/RendezvousFailureReason.js.map +1 -1
- package/lib/rendezvous/RendezvousIntent.js +1 -1
- package/lib/rendezvous/RendezvousIntent.js.map +1 -1
- package/lib/rendezvous/RendezvousTransport.js +3 -1
- package/lib/rendezvous/channels/MSC4108SecureChannel.js +123 -147
- package/lib/rendezvous/channels/MSC4108SecureChannel.js.map +1 -1
- package/lib/rendezvous/index.js +44 -69
- package/lib/rendezvous/index.js.map +1 -1
- package/lib/rendezvous/transports/MSC4108RendezvousSession.d.ts +1 -1
- package/lib/rendezvous/transports/MSC4108RendezvousSession.js +134 -152
- package/lib/rendezvous/transports/MSC4108RendezvousSession.js.map +1 -1
- package/lib/retentionPolicy.js +6 -9
- package/lib/retentionPolicy.js.map +1 -1
- package/lib/room-hierarchy.js +52 -60
- package/lib/room-hierarchy.js.map +1 -1
- package/lib/rust-crypto/CrossSigningIdentity.js +94 -104
- package/lib/rust-crypto/CrossSigningIdentity.js.map +1 -1
- package/lib/rust-crypto/DehydratedDeviceManager.js +157 -190
- package/lib/rust-crypto/DehydratedDeviceManager.js.map +1 -1
- package/lib/rust-crypto/KeyClaimManager.js +18 -22
- package/lib/rust-crypto/KeyClaimManager.js.map +1 -1
- package/lib/rust-crypto/OutgoingRequestProcessor.js +109 -139
- package/lib/rust-crypto/OutgoingRequestProcessor.js.map +1 -1
- package/lib/rust-crypto/OutgoingRequestsManager.js +66 -80
- package/lib/rust-crypto/OutgoingRequestsManager.js.map +1 -1
- package/lib/rust-crypto/PerSessionKeyBackupDownloader.d.ts +1 -1
- package/lib/rust-crypto/PerSessionKeyBackupDownloader.js +196 -224
- package/lib/rust-crypto/PerSessionKeyBackupDownloader.js.map +1 -1
- package/lib/rust-crypto/RoomEncryptor.js +127 -143
- package/lib/rust-crypto/RoomEncryptor.js.map +1 -1
- package/lib/rust-crypto/backup.js +453 -549
- package/lib/rust-crypto/backup.js.map +1 -1
- package/lib/rust-crypto/constants.js +1 -1
- package/lib/rust-crypto/constants.js.map +1 -1
- package/lib/rust-crypto/device-converter.js +15 -28
- package/lib/rust-crypto/device-converter.js.map +1 -1
- package/lib/rust-crypto/index.js +103 -116
- package/lib/rust-crypto/index.js.map +1 -1
- package/lib/rust-crypto/libolm_migration.js +303 -365
- package/lib/rust-crypto/libolm_migration.js.map +1 -1
- package/lib/rust-crypto/rust-crypto.d.ts +5 -1
- package/lib/rust-crypto/rust-crypto.d.ts.map +1 -1
- package/lib/rust-crypto/rust-crypto.js +1067 -1332
- package/lib/rust-crypto/rust-crypto.js.map +1 -1
- package/lib/rust-crypto/secret-storage.js +12 -25
- package/lib/rust-crypto/secret-storage.js.map +1 -1
- package/lib/rust-crypto/verification.js +137 -189
- package/lib/rust-crypto/verification.js.map +1 -1
- package/lib/scheduler.js +44 -19
- package/lib/scheduler.js.map +1 -1
- package/lib/secret-storage.js +179 -213
- package/lib/secret-storage.js.map +1 -1
- package/lib/serverCapabilities.js +6 -9
- package/lib/serverCapabilities.js.map +1 -1
- package/lib/service-types.js +1 -1
- package/lib/service-types.js.map +1 -1
- package/lib/sliding-sync-sdk.d.ts.map +1 -1
- package/lib/sliding-sync-sdk.js +368 -424
- package/lib/sliding-sync-sdk.js.map +1 -1
- package/lib/sliding-sync.js +135 -171
- package/lib/sliding-sync.js.map +1 -1
- package/lib/store/index.js +3 -1
- package/lib/store/indexeddb-backend.js +3 -1
- package/lib/store/indexeddb-local-backend.js +194 -253
- package/lib/store/indexeddb-local-backend.js.map +1 -1
- package/lib/store/indexeddb-remote-backend.js +33 -63
- package/lib/store/indexeddb-remote-backend.js.map +1 -1
- package/lib/store/indexeddb-store-worker.js +22 -23
- package/lib/store/indexeddb-store-worker.js.map +1 -1
- package/lib/store/indexeddb.js +44 -71
- package/lib/store/indexeddb.js.map +1 -1
- package/lib/store/local-storage-events-emitter.js +2 -2
- package/lib/store/local-storage-events-emitter.js.map +1 -1
- package/lib/store/memory.js +34 -57
- package/lib/store/memory.js.map +1 -1
- package/lib/store/stub.js +22 -35
- package/lib/store/stub.js.map +1 -1
- package/lib/sync-accumulator.js +54 -66
- package/lib/sync-accumulator.js.map +1 -1
- package/lib/sync.d.ts.map +1 -1
- package/lib/sync.js +905 -998
- package/lib/sync.js.map +1 -1
- package/lib/testing.js +63 -105
- package/lib/testing.js.map +1 -1
- package/lib/thread-utils.js +1 -4
- package/lib/thread-utils.js.map +1 -1
- package/lib/timeline-window.js +89 -102
- package/lib/timeline-window.js.map +1 -1
- package/lib/types.js +1 -1
- package/lib/types.js.map +1 -1
- package/lib/utils/decryptAESSecretStorageItem.js +14 -25
- package/lib/utils/decryptAESSecretStorageItem.js.map +1 -1
- package/lib/utils/encryptAESSecretStorageItem.js +27 -38
- package/lib/utils/encryptAESSecretStorageItem.js.map +1 -1
- package/lib/utils/internal/deriveKeys.js +25 -32
- package/lib/utils/internal/deriveKeys.js.map +1 -1
- package/lib/utils/roomVersion.js +1 -1
- package/lib/utils/roomVersion.js.map +1 -1
- package/lib/utils.js +83 -135
- package/lib/utils.js.map +1 -1
- package/lib/version-support.js +3 -3
- package/lib/version-support.js.map +1 -1
- package/lib/webrtc/audioContext.js +5 -6
- package/lib/webrtc/audioContext.js.map +1 -1
- package/lib/webrtc/call.js +1081 -1250
- package/lib/webrtc/call.js.map +1 -1
- package/lib/webrtc/callEventHandler.js +202 -214
- package/lib/webrtc/callEventHandler.js.map +1 -1
- package/lib/webrtc/callEventTypes.js +2 -2
- package/lib/webrtc/callEventTypes.js.map +1 -1
- package/lib/webrtc/callFeed.js +18 -20
- package/lib/webrtc/callFeed.js.map +1 -1
- package/lib/webrtc/groupCall.js +513 -602
- package/lib/webrtc/groupCall.js.map +1 -1
- package/lib/webrtc/groupCallEventHandler.js +59 -62
- package/lib/webrtc/groupCallEventHandler.js.map +1 -1
- package/lib/webrtc/mediaHandler.js +198 -232
- package/lib/webrtc/mediaHandler.js.map +1 -1
- package/lib/webrtc/stats/callFeedStatsReporter.js +16 -20
- package/lib/webrtc/stats/callFeedStatsReporter.js.map +1 -1
- package/lib/webrtc/stats/callStatsReportGatherer.js +67 -75
- package/lib/webrtc/stats/callStatsReportGatherer.js.map +1 -1
- package/lib/webrtc/stats/callStatsReportSummary.js +3 -1
- package/lib/webrtc/stats/connectionStats.js.map +1 -1
- package/lib/webrtc/stats/connectionStatsBuilder.js +2 -2
- package/lib/webrtc/stats/connectionStatsBuilder.js.map +1 -1
- package/lib/webrtc/stats/connectionStatsReportBuilder.js +20 -24
- package/lib/webrtc/stats/connectionStatsReportBuilder.js.map +1 -1
- package/lib/webrtc/stats/groupCallStats.js +6 -8
- package/lib/webrtc/stats/groupCallStats.js.map +1 -1
- package/lib/webrtc/stats/media/mediaSsrcHandler.js +7 -8
- package/lib/webrtc/stats/media/mediaSsrcHandler.js.map +1 -1
- package/lib/webrtc/stats/media/mediaTrackHandler.js +7 -9
- package/lib/webrtc/stats/media/mediaTrackHandler.js.map +1 -1
- package/lib/webrtc/stats/media/mediaTrackStats.js +3 -3
- package/lib/webrtc/stats/media/mediaTrackStats.js.map +1 -1
- package/lib/webrtc/stats/media/mediaTrackStatsHandler.js +7 -7
- package/lib/webrtc/stats/media/mediaTrackStatsHandler.js.map +1 -1
- package/lib/webrtc/stats/statsReport.js +1 -1
- package/lib/webrtc/stats/statsReport.js.map +1 -1
- package/lib/webrtc/stats/statsReportEmitter.js.map +1 -1
- package/lib/webrtc/stats/summaryStatsReportGatherer.js +14 -14
- package/lib/webrtc/stats/summaryStatsReportGatherer.js.map +1 -1
- package/lib/webrtc/stats/trackStatsBuilder.js +32 -34
- package/lib/webrtc/stats/trackStatsBuilder.js.map +1 -1
- package/lib/webrtc/stats/transportStats.js +3 -1
- package/lib/webrtc/stats/transportStatsBuilder.js +9 -9
- package/lib/webrtc/stats/transportStatsBuilder.js.map +1 -1
- package/lib/webrtc/stats/valueFormatter.js +1 -1
- package/lib/webrtc/stats/valueFormatter.js.map +1 -1
- package/package.json +18 -33
- package/src/@types/global.d.ts +2 -2
- package/src/ToDeviceMessageQueue.ts +2 -2
- package/src/browser-index.ts +4 -4
- package/src/client.ts +15 -20
- package/src/crypto-api/index.ts +17 -6
- package/src/embedded.ts +4 -6
- package/src/filter-component.ts +1 -0
- package/src/http-api/utils.ts +1 -1
- package/src/interactive-auth.ts +11 -5
- package/src/matrixrtc/LivekitTransport.ts +1 -1
- package/src/matrixrtc/MatrixRTCSession.ts +1 -1
- package/src/models/MSC3089Branch.ts +1 -1
- package/src/models/room-sticky-events.ts +1 -0
- package/src/models/room.ts +9 -11
- package/src/receipt-accumulator.ts +2 -0
- package/src/rendezvous/index.ts +1 -1
- package/src/rendezvous/transports/MSC4108RendezvousSession.ts +2 -2
- package/src/rust-crypto/PerSessionKeyBackupDownloader.ts +1 -1
- package/src/rust-crypto/index.ts +6 -6
- package/src/rust-crypto/rust-crypto.ts +31 -7
- package/src/rust-crypto/verification.ts +1 -1
- package/src/sliding-sync-sdk.ts +5 -7
- package/src/store/indexeddb-local-backend.ts +3 -3
- package/src/sync.ts +6 -8
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MembershipManagerActionScheduler.js","names":[
|
|
1
|
+
{"version":3,"file":"MembershipManagerActionScheduler.js","names":[],"sources":["../../src/matrixrtc/MembershipManagerActionScheduler.ts"],"sourcesContent":["import { type Logger, logger as rootLogger } from \"../logger.ts\";\nimport { type EmptyObject } from \"../matrix.ts\";\nimport { sleep } from \"../utils.ts\";\nimport { MembershipActionType } from \"./MembershipManager.ts\";\n\n/** @internal */\nexport interface Action {\n /**\n * When this action should be executed\n */\n ts: number;\n /**\n * The state of the different loops\n * can also be thought of as the type of the action\n */\n type: MembershipActionType;\n}\n\n/** @internal */\nexport type ActionUpdate =\n | {\n /** Replace all existing scheduled actions with this new array */\n replace: Action[];\n }\n | {\n /** Add these actions to the existing scheduled actions */\n insert: Action[];\n }\n | EmptyObject;\n\n/**\n * This scheduler tracks the state of the current membership participation\n * and runs one central timer that wakes up a handler callback with the correct action + state\n * whenever necessary.\n *\n * It can also be awakened whenever a new action is added which is\n * earlier then the current \"next awake\".\n * @internal\n */\nexport class ActionScheduler {\n private logger: Logger;\n /**\n * This is tracking the state of the scheduler loop.\n * Only used to prevent starting the loop twice.\n */\n public running = false;\n\n public constructor(\n /** This is the callback called for each scheduled action (`this.addAction()`) */\n private membershipLoopHandler: (type: MembershipActionType) => Promise<ActionUpdate>,\n parentLogger?: Logger,\n ) {\n this.logger = (parentLogger ?? rootLogger).getChild(`[NewMembershipActionScheduler]`);\n }\n\n // function for the wakeup mechanism (in case we add an action externally and need to leave the current sleep)\n private wakeup: (update: ActionUpdate) => void = (update: ActionUpdate): void => {\n this.logger.error(\"Cannot call wakeup before calling `startWithJoin()`\");\n };\n private _actions: Action[] = [];\n public get actions(): Action[] {\n return this._actions;\n }\n\n /**\n * This starts the main loop of the membership manager that handles event sending, delayed event sending and delayed event restarting.\n * @param initialActions The initial actions the manager will start with. It should be enough to pass: DelayedLeaveActionType.Initial\n * @returns Promise that resolves once all actions have run and no more are scheduled.\n * @throws This throws an error if one of the actions throws.\n * In most other error cases the manager will try to handle any server errors by itself.\n */\n public async startWithJoin(): Promise<void> {\n if (this.running) {\n this.logger.error(\"Cannot call startWithJoin() on NewMembershipActionScheduler while already running\");\n return;\n }\n this.running = true;\n this._actions = [{ ts: Date.now(), type: MembershipActionType.SendDelayedEvent }];\n try {\n while (this._actions.length > 0) {\n // Sort so next (smallest ts) action is at the beginning\n this._actions.sort((a, b) => a.ts - b.ts);\n const nextAction = this._actions[0];\n let wakeupUpdate: ActionUpdate | undefined = undefined;\n\n // while we await for the next action, wakeup has to resolve the wakeupPromise\n const wakeupPromise = new Promise<void>((resolve) => {\n this.wakeup = (update: ActionUpdate): void => {\n wakeupUpdate = update;\n resolve();\n };\n });\n if (nextAction.ts > Date.now()) await Promise.race([wakeupPromise, sleep(nextAction.ts - Date.now())]);\n\n let handlerResult: ActionUpdate = {};\n if (!wakeupUpdate) {\n this.logger.debug(\n `Current MembershipManager processing: ${nextAction.type}\\nQueue:`,\n this._actions,\n `\\nDate.now: \"${Date.now()}`,\n );\n try {\n // `this.wakeup` can also be called and sets the `wakeupUpdate` object while we are in the handler.\n handlerResult = await this.membershipLoopHandler(nextAction.type as MembershipActionType);\n } catch (e) {\n // Preserve the original error as `cause`.\n throw new Error(`The MembershipManager shut down because of the end condition: ${e}`, {\n cause: e,\n });\n }\n }\n // remove the processed action only after we are done processing\n this._actions.splice(0, 1);\n // The wakeupUpdate always wins since that is a direct external update.\n const actionUpdate = wakeupUpdate ?? handlerResult;\n\n if (\"replace\" in actionUpdate) {\n this._actions = actionUpdate.replace;\n } else if (\"insert\" in actionUpdate) {\n this._actions.push(...actionUpdate.insert);\n }\n }\n } finally {\n // Set the rtc session running state since we cannot recover from here and the consumer user of the\n // MatrixRTCSession class needs to manually rejoin.\n this.running = false;\n }\n\n this.logger.debug(\"Leave MembershipManager ActionScheduler loop (no more actions)\");\n }\n\n public initiateJoin(): void {\n this.wakeup?.({ replace: [{ ts: Date.now(), type: MembershipActionType.SendDelayedEvent }] });\n }\n public initiateLeave(): void {\n this.wakeup?.({ replace: [{ ts: Date.now(), type: MembershipActionType.SendScheduledDelayedLeaveEvent }] });\n }\n}\n"],"mappings":";AAAA,SAAsB,MAAM,IAAI,UAAU,QAAQ,cAAc;AAEhE,SAAS,KAAK,QAAQ,aAAa;AACnC,SAAS,oBAAoB,QAAQ,wBAAwB;;AAE7D;;AAaA;;AAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM,eAAe,CAAC;EAQlB,WAAW,CACd;EACQ,qBAA4E,EACpF,YAAqB,EACvB;IAAA;IAVF;AACJ;AACA;AACA;IAHI,iCAIiB,KAAK;IAUtB;IAAA,gCACkD,MAAoB,IAAW;MAC7E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qDAAqD,CAAC;IAC5E,CAAC;IAAA,kCAC4B,EAAE;IAAA,KAVnB,qBAA4E,GAA5E,qBAA4E;IAGpF,IAAI,CAAC,MAAM,GAAG,CAAC,YAAY,IAAI,UAAU,EAAE,QAAQ,CAAC,gCAAgC,CAAC;EACzF;EAOA,IAAW,OAAO,GAAa;IAC3B,OAAO,IAAI,CAAC,QAAQ;EACxB;;EAEA;AACJ;AACA;AACA;AACA;AACA;AACA;EACI,MAAa,aAAa,GAAkB;IACxC,IAAI,IAAI,CAAC,OAAO,EAAE;MACd,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mFAAmF,CAAC;MACtG;IACJ;IACA,IAAI,CAAC,OAAO,GAAG,IAAI;IACnB,IAAI,CAAC,QAAQ,GAAG,CAAC;MAAE,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;MAAE,IAAI,EAAE,oBAAoB,CAAC;IAAiB,CAAC,CAAC;IACjF,IAAI;MACA,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;QAC7B;QACA,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnC,IAAI,YAAsC,GAAG,SAAS;;QAEtD;QACA,MAAM,aAAa,GAAG,IAAI,OAAO,CAAQ,OAAO,IAAK;UACjD,IAAI,CAAC,MAAM,GAAI,MAAoB,IAAW;YAC1C,YAAY,GAAG,MAAM;YACrB,OAAO,CAAC,CAAC;UACb,CAAC;QACL,CAAC,CAAC;QACF,IAAI,UAAU,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAEtG,IAAI,aAA2B,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,YAAY,EAAE;UACf,IAAI,CAAC,MAAM,CAAC,KAAK,CACb,yCAAyC,UAAU,CAAC,IAAI,UAAU,EAClE,IAAI,CAAC,QAAQ,EACb,gBAAgB,IAAI,CAAC,GAAG,CAAC,CAAC,EAC9B,CAAC;UACD,IAAI;YACA;YACA,aAAa,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,IAA4B,CAAC;UAC7F,CAAC,CAAC,OAAO,CAAC,EAAE;YACR;YACA,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,EAAE,EAAE;cAClF,KAAK,EAAE;YACX,CAAC,CAAC;UACN;QACJ;QACA;QACA,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;QAC1B;QACA,MAAM,YAAY,GAAG,YAAY,IAAI,aAAa;QAElD,IAAI,SAAS,IAAI,YAAY,EAAE;UAC3B,IAAI,CAAC,QAAQ,GAAG,YAAY,CAAC,OAAO;QACxC,CAAC,MAAM,IAAI,QAAQ,IAAI,YAAY,EAAE;UACjC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC;QAC9C;MACJ;IACJ,CAAC,SAAS;MACN;MACA;MACA,IAAI,CAAC,OAAO,GAAG,KAAK;IACxB;IAEA,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC;EACvF;EAEO,YAAY,GAAS;IACxB,IAAI,CAAC,MAAM,GAAG;MAAE,OAAO,EAAE,CAAC;QAAE,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAAE,IAAI,EAAE,oBAAoB,CAAC;MAAiB,CAAC;IAAE,CAAC,CAAC;EACjG;EACO,aAAa,GAAS;IACzB,IAAI,CAAC,MAAM,GAAG;MAAE,OAAO,EAAE,CAAC;QAAE,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAAE,IAAI,EAAE,oBAAoB,CAAC;MAA+B,CAAC;IAAE,CAAC,CAAC;EAC/G;AACJ","ignoreList":[]}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
|
|
2
1
|
import _defineProperty from "@babel/runtime/helpers/defineProperty";
|
|
3
2
|
/*
|
|
4
3
|
Copyright 2025-2026 The Matrix.org Foundation C.I.C.
|
|
@@ -47,10 +46,6 @@ export class RTCEncryptionManager {
|
|
|
47
46
|
constructor(ownMembership, getMemberships, transport,
|
|
48
47
|
// Callback to notify the media layer of new keys
|
|
49
48
|
onEncryptionKeysChanged, parentLogger, rtcBackendIdProvider) {
|
|
50
|
-
this.ownMembership = ownMembership;
|
|
51
|
-
this.getMemberships = getMemberships;
|
|
52
|
-
this.transport = transport;
|
|
53
|
-
this.onEncryptionKeysChanged = onEncryptionKeysChanged;
|
|
54
49
|
// This is a stop-gap solution for now. The preferred way to handle this case would be instead
|
|
55
50
|
// to create a NoOpEncryptionManager that does nothing and use it for the session.
|
|
56
51
|
// This will be done when removing the legacy EncryptionManager.
|
|
@@ -102,71 +97,69 @@ export class RTCEncryptionManager {
|
|
|
102
97
|
_defineProperty(this, "rtcIdentityProvider", void 0);
|
|
103
98
|
_defineProperty(this, "keysWithoutMatchingRTCMembership", []);
|
|
104
99
|
_defineProperty(this, "onNewKeyReceived", (membership, keyBase64Encoded, index, timestamp) => {
|
|
105
|
-
var _this$logger2;
|
|
106
100
|
// `manageMediaKeys` is a stop-gap solution for now. The preferred way to handle this case would be instead
|
|
107
101
|
// to create a NoOpEncryptionManager that does nothing and use it for the session.
|
|
108
102
|
// This will be done when removing the legacy EncryptionManager.
|
|
109
103
|
if (!this.manageMediaKeys) {
|
|
110
|
-
|
|
111
|
-
(_this$logger = this.logger) === null || _this$logger === void 0 || _this$logger.warn("Received key over transport ".concat(membership.userId, ":").concat(membership.deviceId, " at index ").concat(index, " but media keys are disabled"));
|
|
104
|
+
this.logger?.warn(`Received key over transport ${membership.userId}:${membership.deviceId} at index ${index} but media keys are disabled`);
|
|
112
105
|
return;
|
|
113
106
|
}
|
|
114
|
-
|
|
107
|
+
this.logger?.debug(`Received key over transport ${membership.userId}:${membership.deviceId} at index ${index}`);
|
|
115
108
|
|
|
116
109
|
// We received a new key, notify the video layer of this new key so that it can decrypt the frames properly.
|
|
117
|
-
|
|
118
|
-
|
|
110
|
+
const keyBin = decodeBase64(keyBase64Encoded);
|
|
111
|
+
const candidateInboundSession = {
|
|
119
112
|
key: keyBin,
|
|
120
113
|
membership,
|
|
121
114
|
keyIndex: index,
|
|
122
115
|
creationTS: timestamp
|
|
123
116
|
};
|
|
124
|
-
|
|
117
|
+
const outdated = this.keyBuffer.isOutdated(membership, candidateInboundSession);
|
|
125
118
|
if (!outdated) {
|
|
126
119
|
this.addKeyToParticipant(candidateInboundSession.key, candidateInboundSession.keyIndex, candidateInboundSession.membership);
|
|
127
120
|
} else {
|
|
128
|
-
|
|
129
|
-
(_this$logger3 = this.logger) === null || _this$logger3 === void 0 || _this$logger3.info("Received an out of order key for ".concat(membership.userId, ":").concat(membership.deviceId, ", dropping it"));
|
|
121
|
+
this.logger?.info(`Received an out of order key for ${membership.userId}:${membership.deviceId}, dropping it`);
|
|
130
122
|
}
|
|
131
123
|
});
|
|
132
|
-
this.
|
|
133
|
-
this.
|
|
124
|
+
this.ownMembership = ownMembership;
|
|
125
|
+
this.getMemberships = getMemberships;
|
|
126
|
+
this.transport = transport;
|
|
127
|
+
this.onEncryptionKeysChanged = onEncryptionKeysChanged;
|
|
128
|
+
this.logger = parentLogger?.getChild(`[EncryptionManager]`);
|
|
129
|
+
this.rtcIdentityProvider = rtcBackendIdProvider ?? computeRtcIdentityRaw;
|
|
134
130
|
}
|
|
135
|
-
getOwnRtcBackendIdentity() {
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
return _this.ownRtcBackendIdentityCache;
|
|
152
|
-
})();
|
|
131
|
+
async getOwnRtcBackendIdentity() {
|
|
132
|
+
if (this.ownRtcBackendIdentityCache) return this.ownRtcBackendIdentityCache;
|
|
133
|
+
if (this.useHashedRtcBackendIdentity) {
|
|
134
|
+
const {
|
|
135
|
+
userId,
|
|
136
|
+
deviceId,
|
|
137
|
+
memberId
|
|
138
|
+
} = this.ownMembership;
|
|
139
|
+
this.logger?.info(
|
|
140
|
+
// If we see this log multiple times, we need to reconsider the precompute call of getOwnRtcBackendIdentity
|
|
141
|
+
`Computing RTC backend identity for ${userId}:${deviceId}:${memberId} (SHOULD ONLY BE CALLED ONCE)`);
|
|
142
|
+
this.ownRtcBackendIdentityCache = await this.rtcIdentityProvider(userId, deviceId, memberId);
|
|
143
|
+
} else {
|
|
144
|
+
this.ownRtcBackendIdentityCache = `${this.ownMembership.userId}:${this.ownMembership.deviceId}`;
|
|
145
|
+
}
|
|
146
|
+
return this.ownRtcBackendIdentityCache;
|
|
153
147
|
}
|
|
154
148
|
getEncryptionKeys() {
|
|
155
149
|
return new Map(this.participantKeyRings);
|
|
156
150
|
}
|
|
157
151
|
checkKeysWithoutMatchingRTCMembership() {
|
|
158
|
-
|
|
152
|
+
const keyInfoTemp = this.keysWithoutMatchingRTCMembership;
|
|
159
153
|
this.keysWithoutMatchingRTCMembership = [];
|
|
160
154
|
keyInfoTemp.forEach(keyInfo => {
|
|
161
155
|
this.addKeyToParticipant(keyInfo.key, keyInfo.keyIndex, keyInfo.membership);
|
|
162
156
|
});
|
|
163
157
|
}
|
|
164
158
|
addKeyToParticipant(key, keyIndex, membership) {
|
|
165
|
-
|
|
166
|
-
|
|
159
|
+
const knownRtcMembership = this.getMemberships();
|
|
160
|
+
const fullMembership = knownRtcMembership.find(member => member.userId === membership.userId && member.deviceId === membership.deviceId);
|
|
167
161
|
if (!fullMembership) {
|
|
168
|
-
|
|
169
|
-
(_this$logger5 = this.logger) === null || _this$logger5 === void 0 || _this$logger5.info("No matching RTC membership for key from ".concat(membership.userId, ":").concat(membership.deviceId, ", delaying key addition"));
|
|
162
|
+
this.logger?.info(`No matching RTC membership for key from ${membership.userId}:${membership.deviceId}, delaying key addition`);
|
|
170
163
|
this.keysWithoutMatchingRTCMembership.push({
|
|
171
164
|
key,
|
|
172
165
|
keyIndex,
|
|
@@ -177,7 +170,7 @@ export class RTCEncryptionManager {
|
|
|
177
170
|
this.addKeyToParticipantWithBackendIdentity(key, keyIndex, membership, fullMembership.rtcBackendIdentity);
|
|
178
171
|
}
|
|
179
172
|
addKeyToParticipantWithBackendIdentity(key, keyIndex, membership, rtcBackendIdentity) {
|
|
180
|
-
|
|
173
|
+
const mapKey = getEncryptionKeyMapKey(membership);
|
|
181
174
|
if (!this.participantKeyRings.has(mapKey)) {
|
|
182
175
|
this.participantKeyRings.set(mapKey, []);
|
|
183
176
|
}
|
|
@@ -190,15 +183,14 @@ export class RTCEncryptionManager {
|
|
|
190
183
|
this.onEncryptionKeysChanged(key, keyIndex, membership, rtcBackendIdentity);
|
|
191
184
|
}
|
|
192
185
|
join(joinConfig) {
|
|
193
|
-
|
|
194
|
-
this.
|
|
195
|
-
this.
|
|
196
|
-
this.
|
|
197
|
-
this.keyRotationGracePeriodMs = (_joinConfig$keyRotati = joinConfig === null || joinConfig === void 0 ? void 0 : joinConfig.keyRotationGracePeriodMs) !== null && _joinConfig$keyRotati !== void 0 ? _joinConfig$keyRotati : 10000;
|
|
186
|
+
this.manageMediaKeys = joinConfig?.manageMediaKeys ?? true; // default to true
|
|
187
|
+
this.useHashedRtcBackendIdentity = joinConfig?.unstableSendStickyEvents ?? false;
|
|
188
|
+
this.useKeyDelay = joinConfig?.useKeyDelay ?? 1000;
|
|
189
|
+
this.keyRotationGracePeriodMs = joinConfig?.keyRotationGracePeriodMs ?? 10000;
|
|
198
190
|
this.transport.on(KeyTransportEvents.ReceivedKeys, this.onNewKeyReceived);
|
|
199
191
|
void this.getOwnRtcBackendIdentity(); // precompute own identity
|
|
200
192
|
|
|
201
|
-
|
|
193
|
+
this.logger?.info(`Joining room`);
|
|
202
194
|
this.transport.start();
|
|
203
195
|
}
|
|
204
196
|
leave() {
|
|
@@ -219,26 +211,22 @@ export class RTCEncryptionManager {
|
|
|
219
211
|
// This will be done when removing the legacy EncryptionManager.
|
|
220
212
|
if (!this.manageMediaKeys) return;
|
|
221
213
|
if (this.currentKeyDistributionPromise == null) {
|
|
222
|
-
|
|
223
|
-
(_this$logger7 = this.logger) === null || _this$logger7 === void 0 || _this$logger7.debug("No active rollout, start a new one");
|
|
214
|
+
this.logger?.debug(`No active rollout, start a new one`);
|
|
224
215
|
// start a rollout
|
|
225
216
|
this.currentKeyDistributionPromise = this.rolloutOutboundKey().then(() => {
|
|
226
|
-
|
|
227
|
-
(_this$logger8 = this.logger) === null || _this$logger8 === void 0 || _this$logger8.debug("Rollout completed");
|
|
217
|
+
this.logger?.debug(`Rollout completed`);
|
|
228
218
|
this.currentKeyDistributionPromise = null;
|
|
229
219
|
if (this.needToEnsureKeyAgain) {
|
|
230
|
-
|
|
231
|
-
(_this$logger9 = this.logger) === null || _this$logger9 === void 0 || _this$logger9.debug("New Rollout needed");
|
|
220
|
+
this.logger?.debug(`New Rollout needed`);
|
|
232
221
|
this.needToEnsureKeyAgain = false;
|
|
233
222
|
// rollout a new one
|
|
234
223
|
this.ensureKeyDistribution();
|
|
235
224
|
}
|
|
236
225
|
});
|
|
237
226
|
} else {
|
|
238
|
-
var _this$logger0;
|
|
239
227
|
// There is a rollout in progress, but a key rotation is requested (could be caused by a ownMembership change)
|
|
240
228
|
// Remember that a new rotation is needed after the current one.
|
|
241
|
-
|
|
229
|
+
this.logger?.debug(`Rollout in progress, a new rollout will be started after the current one`);
|
|
242
230
|
this.needToEnsureKeyAgain = true;
|
|
243
231
|
}
|
|
244
232
|
}
|
|
@@ -247,10 +235,8 @@ export class RTCEncryptionManager {
|
|
|
247
235
|
* This encryption manager is very basic, it will rotate the key everytime this is called.
|
|
248
236
|
* @param oldMemberships - This parameter is not used here, but it is kept for compatibility with the interface.
|
|
249
237
|
*/
|
|
250
|
-
onMembershipsUpdate() {
|
|
251
|
-
|
|
252
|
-
var oldMemberships = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : [];
|
|
253
|
-
(_this$logger1 = this.logger) === null || _this$logger1 === void 0 || _this$logger1.trace("onMembershipsUpdate");
|
|
238
|
+
onMembershipsUpdate(oldMemberships = []) {
|
|
239
|
+
this.logger?.trace(`onMembershipsUpdate`);
|
|
254
240
|
|
|
255
241
|
// Ensure the key is distributed. This will be no-op if the key is already being distributed to everyone.
|
|
256
242
|
// If there is an ongoing distribution, it will be completed before a new one is started.
|
|
@@ -258,104 +244,94 @@ export class RTCEncryptionManager {
|
|
|
258
244
|
// ensure key emission to the rtc backend
|
|
259
245
|
this.checkKeysWithoutMatchingRTCMembership();
|
|
260
246
|
}
|
|
261
|
-
rolloutOutboundKey() {
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
};
|
|
286
|
-
});
|
|
287
|
-
var alreadySharedWith = (_this2$outboundSessio = (_this2$outboundSessio2 = _this2.outboundSession) === null || _this2$outboundSessio2 === void 0 ? void 0 : _this2$outboundSessio2.sharedWith) !== null && _this2$outboundSessio !== void 0 ? _this2$outboundSessio : [];
|
|
247
|
+
async rolloutOutboundKey() {
|
|
248
|
+
const isFirstKey = this.outboundSession == null;
|
|
249
|
+
if (isFirstKey) {
|
|
250
|
+
// create the first key
|
|
251
|
+
const firstKey = {
|
|
252
|
+
key: this.generateRandomKey(),
|
|
253
|
+
creationTS: Date.now(),
|
|
254
|
+
sharedWith: [],
|
|
255
|
+
keyId: 0
|
|
256
|
+
};
|
|
257
|
+
this.outboundSession = firstKey;
|
|
258
|
+
this.addKeyToParticipantWithBackendIdentity(firstKey.key, firstKey.keyId, this.ownMembership, await this.getOwnRtcBackendIdentity());
|
|
259
|
+
}
|
|
260
|
+
// get current memberships
|
|
261
|
+
const toShareWith = this.getMemberships().filter(membership => {
|
|
262
|
+
return membership.sender != undefined;
|
|
263
|
+
}).map(membership => {
|
|
264
|
+
return {
|
|
265
|
+
userId: membership.sender,
|
|
266
|
+
deviceId: membership.deviceId,
|
|
267
|
+
membershipTs: membership.createdTs()
|
|
268
|
+
};
|
|
269
|
+
});
|
|
270
|
+
let alreadySharedWith = this.outboundSession?.sharedWith ?? [];
|
|
288
271
|
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
272
|
+
// Some users might have rotate their ownMembership event (formally called fingerprint) meaning they might have
|
|
273
|
+
// clear their key. Reset the `alreadySharedWith` flag for them.
|
|
274
|
+
alreadySharedWith = alreadySharedWith.filter(x =>
|
|
275
|
+
// If there was a member with same userId and deviceId but different membershipTs, we need to clear it
|
|
276
|
+
!toShareWith.some(o => x.userId == o.userId && x.deviceId == o.deviceId && x.membershipTs != o.membershipTs));
|
|
277
|
+
const anyLeft = alreadySharedWith.filter(x => !toShareWith.some(o => x.userId == o.userId && x.deviceId == o.deviceId && x.membershipTs == o.membershipTs));
|
|
278
|
+
const anyJoined = toShareWith.filter(x => !alreadySharedWith.some(o => x.userId == o.userId && x.deviceId == o.deviceId && x.membershipTs == o.membershipTs));
|
|
279
|
+
let toDistributeTo = [];
|
|
280
|
+
let outboundKey;
|
|
281
|
+
let hasKeyChanged = false;
|
|
282
|
+
if (anyLeft.length > 0) {
|
|
283
|
+
// We need to rotate the key
|
|
284
|
+
const newOutboundKey = this.createNewOutboundSession();
|
|
285
|
+
hasKeyChanged = true;
|
|
286
|
+
toDistributeTo = toShareWith;
|
|
287
|
+
outboundKey = newOutboundKey;
|
|
288
|
+
} else if (anyJoined.length > 0) {
|
|
289
|
+
const now = Date.now();
|
|
290
|
+
const keyAge = now - this.outboundSession.creationTS;
|
|
291
|
+
// If the current key is recently created (less than `keyRotationGracePeriodMs`), we can keep it and just distribute it to the new joiners.
|
|
292
|
+
if (keyAge < this.keyRotationGracePeriodMs) {
|
|
293
|
+
// keep the same key
|
|
294
|
+
// XXX In the future we want to distribute a ratcheted key, not the current one
|
|
295
|
+
this.logger?.debug(`New joiners detected, but the key is recent enough (age:${keyAge}), keeping it`);
|
|
296
|
+
toDistributeTo = anyJoined;
|
|
297
|
+
outboundKey = this.outboundSession;
|
|
298
|
+
} else {
|
|
300
299
|
// We need to rotate the key
|
|
301
|
-
|
|
300
|
+
this.logger?.debug(`New joiners detected, rotating the key`);
|
|
301
|
+
const newOutboundKey = this.createNewOutboundSession();
|
|
302
302
|
hasKeyChanged = true;
|
|
303
303
|
toDistributeTo = toShareWith;
|
|
304
304
|
outboundKey = newOutboundKey;
|
|
305
|
-
} else if (anyJoined.length > 0) {
|
|
306
|
-
var now = Date.now();
|
|
307
|
-
var keyAge = now - _this2.outboundSession.creationTS;
|
|
308
|
-
// If the current key is recently created (less than `keyRotationGracePeriodMs`), we can keep it and just distribute it to the new joiners.
|
|
309
|
-
if (keyAge < _this2.keyRotationGracePeriodMs) {
|
|
310
|
-
var _this2$logger;
|
|
311
|
-
// keep the same key
|
|
312
|
-
// XXX In the future we want to distribute a ratcheted key, not the current one
|
|
313
|
-
(_this2$logger = _this2.logger) === null || _this2$logger === void 0 || _this2$logger.debug("New joiners detected, but the key is recent enough (age:".concat(keyAge, "), keeping it"));
|
|
314
|
-
toDistributeTo = anyJoined;
|
|
315
|
-
outboundKey = _this2.outboundSession;
|
|
316
|
-
} else {
|
|
317
|
-
var _this2$logger2;
|
|
318
|
-
// We need to rotate the key
|
|
319
|
-
(_this2$logger2 = _this2.logger) === null || _this2$logger2 === void 0 || _this2$logger2.debug("New joiners detected, rotating the key");
|
|
320
|
-
var _newOutboundKey = _this2.createNewOutboundSession();
|
|
321
|
-
hasKeyChanged = true;
|
|
322
|
-
toDistributeTo = toShareWith;
|
|
323
|
-
outboundKey = _newOutboundKey;
|
|
324
|
-
}
|
|
325
|
-
} else {
|
|
326
|
-
// no changes
|
|
327
|
-
return;
|
|
328
305
|
}
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
}
|
|
344
|
-
|
|
345
|
-
var _this2$logger7;
|
|
346
|
-
(_this2$logger7 = _this2.logger) === null || _this2$logger7 === void 0 || _this2$logger7.error("Failed to rollout key", err);
|
|
306
|
+
} else {
|
|
307
|
+
// no changes
|
|
308
|
+
return;
|
|
309
|
+
}
|
|
310
|
+
try {
|
|
311
|
+
this.logger?.trace(`Sending key...`);
|
|
312
|
+
await this.transport.sendKey(encodeBase64(outboundKey.key), outboundKey.keyId, toDistributeTo);
|
|
313
|
+
outboundKey.sharedWith.push(...toDistributeTo);
|
|
314
|
+
this.logger?.trace(`key index:${outboundKey.keyId} sent to ${outboundKey.sharedWith.map(m => `${m.userId}:${m.deviceId}`).join(",")}`);
|
|
315
|
+
if (hasKeyChanged) {
|
|
316
|
+
// Delay a bit before using this key
|
|
317
|
+
// It is recommended not to start using a key immediately but instead wait for a short time to make sure it is delivered.
|
|
318
|
+
this.logger?.trace(`Delay Rollout for key:${outboundKey.keyId}...`);
|
|
319
|
+
await sleep(this.useKeyDelay);
|
|
320
|
+
this.logger?.trace(`...Delayed rollout of index:${outboundKey.keyId} `);
|
|
321
|
+
this.addKeyToParticipantWithBackendIdentity(outboundKey.key, outboundKey.keyId, this.ownMembership, await this.getOwnRtcBackendIdentity());
|
|
347
322
|
}
|
|
348
|
-
}
|
|
323
|
+
} catch (err) {
|
|
324
|
+
this.logger?.error(`Failed to rollout key`, err);
|
|
325
|
+
}
|
|
349
326
|
}
|
|
350
327
|
createNewOutboundSession() {
|
|
351
|
-
|
|
352
|
-
var newOutboundKey = {
|
|
328
|
+
const newOutboundKey = {
|
|
353
329
|
key: this.generateRandomKey(),
|
|
354
330
|
creationTS: Date.now(),
|
|
355
331
|
sharedWith: [],
|
|
356
332
|
keyId: this.nextKeyIndex()
|
|
357
333
|
};
|
|
358
|
-
|
|
334
|
+
this.logger?.info(`creating new outbound key index:${newOutboundKey.keyId}`);
|
|
359
335
|
// Set this new key as the current one
|
|
360
336
|
this.outboundSession = newOutboundKey;
|
|
361
337
|
return newOutboundKey;
|
|
@@ -367,7 +343,7 @@ export class RTCEncryptionManager {
|
|
|
367
343
|
return 0;
|
|
368
344
|
}
|
|
369
345
|
generateRandomKey() {
|
|
370
|
-
|
|
346
|
+
const key = new Uint8Array(16);
|
|
371
347
|
globalThis.crypto.getRandomValues(key);
|
|
372
348
|
return key;
|
|
373
349
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RTCEncryptionManager.js","names":["getEncryptionKeyMapKey","decodeBase64","encodeBase64","KeyTransportEvents","sleep","OutdatedKeyFilter","computeRtcIdentityRaw","RTCEncryptionManager","constructor","ownMembership","getMemberships","transport","onEncryptionKeysChanged","parentLogger","rtcBackendIdProvider","_defineProperty","Map","undefined","membership","keyBase64Encoded","index","timestamp","_this$logger2","manageMediaKeys","_this$logger","logger","warn","concat","userId","deviceId","debug","keyBin","candidateInboundSession","key","keyIndex","creationTS","outdated","keyBuffer","isOutdated","addKeyToParticipant","_this$logger3","info","getChild","rtcIdentityProvider","getOwnRtcBackendIdentity","_this","_asyncToGenerator","ownRtcBackendIdentityCache","useHashedRtcBackendIdentity","_this$logger4","_this$ownMembership","memberId","getEncryptionKeys","participantKeyRings","checkKeysWithoutMatchingRTCMembership","keyInfoTemp","keysWithoutMatchingRTCMembership","forEach","keyInfo","knownRtcMembership","fullMembership","find","member","_this$logger5","push","addKeyToParticipantWithBackendIdentity","rtcBackendIdentity","mapKey","has","set","get","join","joinConfig","_joinConfig$manageMed","_joinConfig$unstableS","_joinConfig$useKeyDel","_joinConfig$keyRotati","_this$logger6","unstableSendStickyEvents","useKeyDelay","keyRotationGracePeriodMs","on","ReceivedKeys","onNewKeyReceived","start","leave","off","stop","clear","ensureKeyDistribution","currentKeyDistributionPromise","_this$logger7","rolloutOutboundKey","then","_this$logger8","needToEnsureKeyAgain","_this$logger9","_this$logger0","onMembershipsUpdate","_this$logger1","oldMemberships","arguments","length","trace","_this2","_this2$outboundSessio","_this2$outboundSessio2","isFirstKey","outboundSession","firstKey","generateRandomKey","Date","now","sharedWith","keyId","toShareWith","filter","sender","map","membershipTs","createdTs","alreadySharedWith","x","some","o","anyLeft","anyJoined","toDistributeTo","outboundKey","hasKeyChanged","newOutboundKey","createNewOutboundSession","keyAge","_this2$logger","_this2$logger2","_this2$logger3","_this2$logger4","sendKey","m","_this2$logger5","_this2$logger6","err","_this2$logger7","error","_this$logger10","nextKeyIndex","Uint8Array","globalThis","crypto","getRandomValues"],"sources":["../../src/matrixrtc/RTCEncryptionManager.ts"],"sourcesContent":["/*\nCopyright 2025-2026 The Matrix.org Foundation C.I.C.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n*/\n\nimport {\n type CallMembershipIdentityParts,\n getEncryptionKeyMapKey,\n type IEncryptionManager,\n} from \"./EncryptionManager.ts\";\nimport { type EncryptionConfig, type MembershipConfig } from \"./MatrixRTCSession.ts\";\nimport type { CallMembership } from \"./CallMembership.ts\";\nimport { decodeBase64, encodeBase64 } from \"../base64.ts\";\nimport { type IKeyTransport, type KeyTransportEventListener, KeyTransportEvents } from \"./IKeyTransport.ts\";\nimport { type Logger } from \"../logger.ts\";\nimport { sleep } from \"../utils.ts\";\nimport {\n type EncryptionKeyMapKey,\n type InboundEncryptionSession,\n type OutboundEncryptionSession,\n type ParticipantDeviceInfo,\n} from \"./types.ts\";\nimport { OutdatedKeyFilter } from \"./utils.ts\";\nimport { computeRtcIdentityRaw } from \"./membershipData/rtc.ts\";\n\n/**\n * RTCEncryptionManager is used to manage the encryption keys for a call.\n *\n * It is responsible for distributing the keys to the other participants and rotating the keys if needed.\n *\n * This manager when used with to-device transport will share the existing key only to new joiners, and rotate\n * if there is a leaver.\n *\n * XXX In the future we want to distribute a ratcheted key not the current one for new joiners.\n */\nexport class RTCEncryptionManager implements IEncryptionManager {\n // This is a stop-gap solution for now. The preferred way to handle this case would be instead\n // to create a NoOpEncryptionManager that does nothing and use it for the session.\n // This will be done when removing the legacy EncryptionManager.\n private manageMediaKeys = false;\n\n private useHashedRtcBackendIdentity = false;\n private ownRtcBackendIdentityCache: string | undefined;\n\n /**\n * Store the key rings for each participant.\n * The encryption manager stores the keys because the application layer might not be ready yet to handle the keys.\n * The keys are stored and can be retrieved later when the application layer is ready {@link RTCEncryptionManager#getEncryptionKeys}.\n */\n private readonly participantKeyRings = new Map<\n EncryptionKeyMapKey,\n Array<{\n key: Uint8Array<ArrayBuffer>;\n keyIndex: number;\n membership: CallMembershipIdentityParts;\n rtcBackendIdentity: string;\n }>\n >();\n\n // The current per-sender media key for this device\n private outboundSession: OutboundEncryptionSession | null = null;\n\n /**\n * Ensures that there is only one distribute operation at a time for that call.\n */\n private currentKeyDistributionPromise: Promise<void> | null = null;\n\n /**\n * The time to wait before using the outbound session after it has been distributed.\n * This is to ensure that the key is delivered to all participants before it is used.\n * When creating the first key, this is set to 0 so that the key can be used immediately.\n */\n private useKeyDelay = 5000;\n\n /**\n * We want to avoid rolling out a new outbound key when the previous one was created less than `keyRotationGracePeriodMs` milliseconds ago.\n * This is to avoid expensive key rotations when users quickly join the call in a row.\n *\n * This must be higher than `useKeyDelay` to have an effect.\n * If it is lower, the current key will always be older than the grace period.\n * @private\n */\n private keyRotationGracePeriodMs = 10_000;\n\n /**\n * If a new key distribution is being requested while one is going on, we will set this flag to true.\n * This will ensure that a new round is started after the current one.\n * @private\n */\n private needToEnsureKeyAgain = false;\n\n /**\n * There is a possibility that keys arrive in the wrong order.\n * For example, after a quick join/leave/join, there will be 2 keys of index 0 distributed, and\n * if they are received in the wrong order, the stream won't be decryptable.\n * For that reason we keep a small buffer of keys for a limited time to disambiguate.\n * @private\n */\n private keyBuffer = new OutdatedKeyFilter();\n\n private logger: Logger | undefined = undefined;\n\n private readonly rtcIdentityProvider: (userId: string, deviceId: string, memberId: string) => Promise<string>;\n\n /**\n *\n * @param ownMembership - our own membership info\n * @param getMemberships - function to get current memberships\n * @param transport - key transport (room or to-device)\n * @param statistics - statistics collector\n * @param onEncryptionKeysChanged - callback to notify the media layer of new keys\n * @param parentLogger - optional parent logger\n * @param rtcBackendIdProvider - A function to compute the rtc backend identity, exposed for testing purposes\n */\n public constructor(\n private readonly ownMembership: CallMembershipIdentityParts,\n private getMemberships: () => CallMembership[],\n private transport: IKeyTransport,\n // Callback to notify the media layer of new keys\n private onEncryptionKeysChanged: (\n keyBin: Uint8Array<ArrayBuffer>,\n encryptionKeyIndex: number,\n membership: CallMembershipIdentityParts,\n rtcBackendIdentity: string,\n ) => void,\n parentLogger?: Logger,\n rtcBackendIdProvider?: (userId: string, deviceId: string, memberId: string) => Promise<string>,\n ) {\n this.logger = parentLogger?.getChild(`[EncryptionManager]`);\n this.rtcIdentityProvider = rtcBackendIdProvider ?? computeRtcIdentityRaw;\n }\n\n private async getOwnRtcBackendIdentity(): Promise<string> {\n if (this.ownRtcBackendIdentityCache) return this.ownRtcBackendIdentityCache;\n\n if (this.useHashedRtcBackendIdentity) {\n const { userId, deviceId, memberId } = this.ownMembership;\n this.logger?.info(\n // If we see this log multiple times, we need to reconsider the precompute call of getOwnRtcBackendIdentity\n `Computing RTC backend identity for ${userId}:${deviceId}:${memberId} (SHOULD ONLY BE CALLED ONCE)`,\n );\n this.ownRtcBackendIdentityCache = await this.rtcIdentityProvider(userId, deviceId, memberId);\n } else {\n this.ownRtcBackendIdentityCache = `${this.ownMembership.userId}:${this.ownMembership.deviceId}`;\n }\n return this.ownRtcBackendIdentityCache;\n }\n\n public getEncryptionKeys(): ReadonlyMap<\n EncryptionKeyMapKey,\n ReadonlyArray<{\n key: Uint8Array<ArrayBuffer>;\n keyIndex: number;\n membership: CallMembershipIdentityParts;\n rtcBackendIdentity: string;\n }>\n > {\n return new Map(this.participantKeyRings);\n }\n\n private keysWithoutMatchingRTCMembership: Array<{\n key: Uint8Array<ArrayBuffer>;\n keyIndex: number;\n membership: CallMembershipIdentityParts;\n }> = [];\n\n private checkKeysWithoutMatchingRTCMembership(): void {\n const keyInfoTemp = this.keysWithoutMatchingRTCMembership;\n this.keysWithoutMatchingRTCMembership = [];\n keyInfoTemp.forEach((keyInfo) => {\n this.addKeyToParticipant(keyInfo.key, keyInfo.keyIndex, keyInfo.membership);\n });\n }\n\n private addKeyToParticipant(\n key: Uint8Array<ArrayBuffer>,\n keyIndex: number,\n membership: CallMembershipIdentityParts,\n ): void {\n const knownRtcMembership = this.getMemberships();\n const fullMembership = knownRtcMembership.find(\n (member) => member.userId === membership.userId && member.deviceId === membership.deviceId,\n );\n if (!fullMembership) {\n this.logger?.info(\n `No matching RTC membership for key from ${membership.userId}:${membership.deviceId}, delaying key addition`,\n );\n this.keysWithoutMatchingRTCMembership.push({ key, keyIndex, membership });\n return;\n }\n this.addKeyToParticipantWithBackendIdentity(key, keyIndex, membership, fullMembership.rtcBackendIdentity);\n }\n\n private addKeyToParticipantWithBackendIdentity(\n key: Uint8Array<ArrayBuffer>,\n keyIndex: number,\n membership: CallMembershipIdentityParts,\n rtcBackendIdentity: string,\n ): void {\n const mapKey = getEncryptionKeyMapKey(membership);\n if (!this.participantKeyRings.has(mapKey)) {\n this.participantKeyRings.set(mapKey, []);\n }\n this.participantKeyRings.get(mapKey)!.push({ key, keyIndex, membership, rtcBackendIdentity });\n this.onEncryptionKeysChanged(key, keyIndex, membership, rtcBackendIdentity);\n }\n\n public join(joinConfig: (EncryptionConfig & MembershipConfig) | undefined): void {\n this.manageMediaKeys = joinConfig?.manageMediaKeys ?? true; // default to true\n this.useHashedRtcBackendIdentity = joinConfig?.unstableSendStickyEvents ?? false;\n this.useKeyDelay = joinConfig?.useKeyDelay ?? 1000;\n this.keyRotationGracePeriodMs = joinConfig?.keyRotationGracePeriodMs ?? 10_000;\n\n this.transport.on(KeyTransportEvents.ReceivedKeys, this.onNewKeyReceived);\n void this.getOwnRtcBackendIdentity(); // precompute own identity\n\n this.logger?.info(`Joining room`);\n this.transport.start();\n }\n\n public leave(): void {\n this.transport.off(KeyTransportEvents.ReceivedKeys, this.onNewKeyReceived);\n this.transport.stop();\n this.participantKeyRings.clear();\n }\n\n /**\n * Will ensure that a new key is distributed and used to encrypt our media.\n * If there is already a key distribution in progress, it will schedule a new distribution round just after the current one is completed.\n * If this function is called repeatedly while a distribution is in progress,\n * the calls will be coalesced to a single new distribution (that will start just after the current one has completed).\n */\n private ensureKeyDistribution(): void {\n // `manageMediaKeys` is a stop-gap solution for now. The preferred way to handle this case would be instead\n // to create a NoOpEncryptionManager that does nothing and use it for the session.\n // This will be done when removing the legacy EncryptionManager.\n if (!this.manageMediaKeys) return;\n if (this.currentKeyDistributionPromise == null) {\n this.logger?.debug(`No active rollout, start a new one`);\n // start a rollout\n this.currentKeyDistributionPromise = this.rolloutOutboundKey().then(() => {\n this.logger?.debug(`Rollout completed`);\n this.currentKeyDistributionPromise = null;\n if (this.needToEnsureKeyAgain) {\n this.logger?.debug(`New Rollout needed`);\n this.needToEnsureKeyAgain = false;\n // rollout a new one\n this.ensureKeyDistribution();\n }\n });\n } else {\n // There is a rollout in progress, but a key rotation is requested (could be caused by a ownMembership change)\n // Remember that a new rotation is needed after the current one.\n this.logger?.debug(`Rollout in progress, a new rollout will be started after the current one`);\n this.needToEnsureKeyAgain = true;\n }\n }\n\n public onNewKeyReceived: KeyTransportEventListener = (membership, keyBase64Encoded, index, timestamp) => {\n // `manageMediaKeys` is a stop-gap solution for now. The preferred way to handle this case would be instead\n // to create a NoOpEncryptionManager that does nothing and use it for the session.\n // This will be done when removing the legacy EncryptionManager.\n if (!this.manageMediaKeys) {\n this.logger?.warn(\n `Received key over transport ${membership.userId}:${membership.deviceId} at index ${index} but media keys are disabled`,\n );\n return;\n }\n this.logger?.debug(`Received key over transport ${membership.userId}:${membership.deviceId} at index ${index}`);\n\n // We received a new key, notify the video layer of this new key so that it can decrypt the frames properly.\n const keyBin = decodeBase64(keyBase64Encoded);\n const candidateInboundSession: InboundEncryptionSession = {\n key: keyBin,\n membership,\n keyIndex: index,\n creationTS: timestamp,\n };\n\n const outdated = this.keyBuffer.isOutdated(membership, candidateInboundSession);\n if (!outdated) {\n this.addKeyToParticipant(\n candidateInboundSession.key,\n candidateInboundSession.keyIndex,\n candidateInboundSession.membership,\n );\n } else {\n this.logger?.info(\n `Received an out of order key for ${membership.userId}:${membership.deviceId}, dropping it`,\n );\n }\n };\n\n /**\n * Called when the ownMembership of the call changes.\n * This encryption manager is very basic, it will rotate the key everytime this is called.\n * @param oldMemberships - This parameter is not used here, but it is kept for compatibility with the interface.\n */\n public onMembershipsUpdate(oldMemberships: CallMembership[] = []): void {\n this.logger?.trace(`onMembershipsUpdate`);\n\n // Ensure the key is distributed. This will be no-op if the key is already being distributed to everyone.\n // If there is an ongoing distribution, it will be completed before a new one is started.\n this.ensureKeyDistribution();\n // ensure key emission to the rtc backend\n this.checkKeysWithoutMatchingRTCMembership();\n }\n\n private async rolloutOutboundKey(): Promise<void> {\n const isFirstKey = this.outboundSession == null;\n if (isFirstKey) {\n // create the first key\n const firstKey = {\n key: this.generateRandomKey(),\n creationTS: Date.now(),\n sharedWith: [],\n keyId: 0,\n };\n this.outboundSession = firstKey;\n this.addKeyToParticipantWithBackendIdentity(\n firstKey.key,\n firstKey.keyId,\n this.ownMembership,\n await this.getOwnRtcBackendIdentity(),\n );\n }\n // get current memberships\n const toShareWith: ParticipantDeviceInfo[] = this.getMemberships()\n .filter((membership) => {\n return membership.sender != undefined;\n })\n .map((membership) => {\n return {\n userId: membership.sender!,\n deviceId: membership.deviceId,\n membershipTs: membership.createdTs(),\n };\n });\n\n let alreadySharedWith = this.outboundSession?.sharedWith ?? [];\n\n // Some users might have rotate their ownMembership event (formally called fingerprint) meaning they might have\n // clear their key. Reset the `alreadySharedWith` flag for them.\n alreadySharedWith = alreadySharedWith.filter(\n (x) =>\n // If there was a member with same userId and deviceId but different membershipTs, we need to clear it\n !toShareWith.some(\n (o) => x.userId == o.userId && x.deviceId == o.deviceId && x.membershipTs != o.membershipTs,\n ),\n );\n\n const anyLeft = alreadySharedWith.filter(\n (x) =>\n !toShareWith.some(\n (o) => x.userId == o.userId && x.deviceId == o.deviceId && x.membershipTs == o.membershipTs,\n ),\n );\n const anyJoined = toShareWith.filter(\n (x) =>\n !alreadySharedWith.some(\n (o) => x.userId == o.userId && x.deviceId == o.deviceId && x.membershipTs == o.membershipTs,\n ),\n );\n\n let toDistributeTo: ParticipantDeviceInfo[] = [];\n let outboundKey: OutboundEncryptionSession;\n let hasKeyChanged = false;\n if (anyLeft.length > 0) {\n // We need to rotate the key\n const newOutboundKey = this.createNewOutboundSession();\n hasKeyChanged = true;\n toDistributeTo = toShareWith;\n outboundKey = newOutboundKey;\n } else if (anyJoined.length > 0) {\n const now = Date.now();\n const keyAge = now - this.outboundSession!.creationTS;\n // If the current key is recently created (less than `keyRotationGracePeriodMs`), we can keep it and just distribute it to the new joiners.\n if (keyAge < this.keyRotationGracePeriodMs) {\n // keep the same key\n // XXX In the future we want to distribute a ratcheted key, not the current one\n this.logger?.debug(`New joiners detected, but the key is recent enough (age:${keyAge}), keeping it`);\n toDistributeTo = anyJoined;\n outboundKey = this.outboundSession!;\n } else {\n // We need to rotate the key\n this.logger?.debug(`New joiners detected, rotating the key`);\n const newOutboundKey = this.createNewOutboundSession();\n hasKeyChanged = true;\n toDistributeTo = toShareWith;\n outboundKey = newOutboundKey;\n }\n } else {\n // no changes\n return;\n }\n\n try {\n this.logger?.trace(`Sending key...`);\n await this.transport.sendKey(encodeBase64(outboundKey.key), outboundKey.keyId, toDistributeTo);\n outboundKey.sharedWith.push(...toDistributeTo);\n this.logger?.trace(\n `key index:${outboundKey.keyId} sent to ${outboundKey.sharedWith.map((m) => `${m.userId}:${m.deviceId}`).join(\",\")}`,\n );\n if (hasKeyChanged) {\n // Delay a bit before using this key\n // It is recommended not to start using a key immediately but instead wait for a short time to make sure it is delivered.\n this.logger?.trace(`Delay Rollout for key:${outboundKey.keyId}...`);\n await sleep(this.useKeyDelay);\n this.logger?.trace(`...Delayed rollout of index:${outboundKey.keyId} `);\n this.addKeyToParticipantWithBackendIdentity(\n outboundKey.key,\n outboundKey.keyId,\n this.ownMembership,\n await this.getOwnRtcBackendIdentity(),\n );\n }\n } catch (err) {\n this.logger?.error(`Failed to rollout key`, err);\n }\n }\n\n private createNewOutboundSession(): OutboundEncryptionSession {\n const newOutboundKey: OutboundEncryptionSession = {\n key: this.generateRandomKey(),\n creationTS: Date.now(),\n sharedWith: [],\n keyId: this.nextKeyIndex(),\n };\n\n this.logger?.info(`creating new outbound key index:${newOutboundKey.keyId}`);\n // Set this new key as the current one\n this.outboundSession = newOutboundKey;\n return newOutboundKey;\n }\n\n private nextKeyIndex(): number {\n if (this.outboundSession) {\n return (this.outboundSession!.keyId + 1) % 256;\n }\n return 0;\n }\n\n private generateRandomKey(): Uint8Array<ArrayBuffer> {\n const key = new Uint8Array(16);\n globalThis.crypto.getRandomValues(key);\n return key;\n }\n}\n"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAEIA,sBAAsB,QAEnB,wBAAwB;AAG/B,SAASC,YAAY,EAAEC,YAAY,QAAQ,cAAc;AACzD,SAA6DC,kBAAkB,QAAQ,oBAAoB;AAE3G,SAASC,KAAK,QAAQ,aAAa;AAOnC,SAASC,iBAAiB,QAAQ,YAAY;AAC9C,SAASC,qBAAqB,QAAQ,yBAAyB;;AAE/D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,oBAAoB,CAA+B;EAqE5D;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACWC,WAAWA,CACGC,aAA0C,EACnDC,cAAsC,EACtCC,SAAwB;EAChC;EACQC,uBAKC,EACTC,YAAqB,EACrBC,oBAA8F,EAChG;IAAA,KAZmBL,aAA0C,GAA1CA,aAA0C;IAAA,KACnDC,cAAsC,GAAtCA,cAAsC;IAAA,KACtCC,SAAwB,GAAxBA,SAAwB;IAAA,KAExBC,uBAKC,GALDA,uBAKC;IAxFb;IACA;IACA;IAAAG,eAAA,0BAC0B,KAAK;IAAAA,eAAA,sCAEO,KAAK;IAAAA,eAAA;IAG3C;AACJ;AACA;AACA;AACA;IAJIA,eAAA,8BAKuC,IAAIC,GAAG,CAQ5C,CAAC;IAEH;IAAAD,eAAA,0BAC4D,IAAI;IAEhE;AACJ;AACA;IAFIA,eAAA,wCAG8D,IAAI;IAElE;AACJ;AACA;AACA;AACA;IAJIA,eAAA,sBAKsB,IAAI;IAE1B;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;IAPIA,eAAA,mCAQmC,KAAM;IAEzC;AACJ;AACA;AACA;AACA;IAJIA,eAAA,+BAK+B,KAAK;IAEpC;AACJ;AACA;AACA;AACA;AACA;AACA;IANIA,eAAA,oBAOoB,IAAIV,iBAAiB,CAAC,CAAC;IAAAU,eAAA,iBAENE,SAAS;IAAAF,eAAA;IAAAA,eAAA,2CAgEzC,EAAE;IAAAA,eAAA,2BA8F8C,CAACG,UAAU,EAAEC,gBAAgB,EAAEC,KAAK,EAAEC,SAAS,KAAK;MAAA,IAAAC,aAAA;MACrG;MACA;MACA;MACA,IAAI,CAAC,IAAI,CAACC,eAAe,EAAE;QAAA,IAAAC,YAAA;QACvB,CAAAA,YAAA,OAAI,CAACC,MAAM,cAAAD,YAAA,eAAXA,YAAA,CAAaE,IAAI,gCAAAC,MAAA,CACkBT,UAAU,CAACU,MAAM,OAAAD,MAAA,CAAIT,UAAU,CAACW,QAAQ,gBAAAF,MAAA,CAAaP,KAAK,iCAC7F,CAAC;QACD;MACJ;MACA,CAAAE,aAAA,OAAI,CAACG,MAAM,cAAAH,aAAA,eAAXA,aAAA,CAAaQ,KAAK,gCAAAH,MAAA,CAAgCT,UAAU,CAACU,MAAM,OAAAD,MAAA,CAAIT,UAAU,CAACW,QAAQ,gBAAAF,MAAA,CAAaP,KAAK,CAAE,CAAC;;MAE/G;MACA,IAAMW,MAAM,GAAG9B,YAAY,CAACkB,gBAAgB,CAAC;MAC7C,IAAMa,uBAAiD,GAAG;QACtDC,GAAG,EAAEF,MAAM;QACXb,UAAU;QACVgB,QAAQ,EAAEd,KAAK;QACfe,UAAU,EAAEd;MAChB,CAAC;MAED,IAAMe,QAAQ,GAAG,IAAI,CAACC,SAAS,CAACC,UAAU,CAACpB,UAAU,EAAEc,uBAAuB,CAAC;MAC/E,IAAI,CAACI,QAAQ,EAAE;QACX,IAAI,CAACG,mBAAmB,CACpBP,uBAAuB,CAACC,GAAG,EAC3BD,uBAAuB,CAACE,QAAQ,EAChCF,uBAAuB,CAACd,UAC5B,CAAC;MACL,CAAC,MAAM;QAAA,IAAAsB,aAAA;QACH,CAAAA,aAAA,OAAI,CAACf,MAAM,cAAAe,aAAA,eAAXA,aAAA,CAAaC,IAAI,qCAAAd,MAAA,CACuBT,UAAU,CAACU,MAAM,OAAAD,MAAA,CAAIT,UAAU,CAACW,QAAQ,kBAChF,CAAC;MACL;IACJ,CAAC;IAnKG,IAAI,CAACJ,MAAM,GAAGZ,YAAY,aAAZA,YAAY,uBAAZA,YAAY,CAAE6B,QAAQ,sBAAsB,CAAC;IAC3D,IAAI,CAACC,mBAAmB,GAAG7B,oBAAoB,aAApBA,oBAAoB,cAApBA,oBAAoB,GAAIR,qBAAqB;EAC5E;EAEcsC,wBAAwBA,CAAA,EAAoB;IAAA,IAAAC,KAAA;IAAA,OAAAC,iBAAA;MACtD,IAAID,KAAI,CAACE,0BAA0B,EAAE,OAAOF,KAAI,CAACE,0BAA0B;MAE3E,IAAIF,KAAI,CAACG,2BAA2B,EAAE;QAAA,IAAAC,aAAA;QAClC,IAAAC,mBAAA,GAAuCL,KAAI,CAACpC,aAAa;UAAjDmB,MAAM,GAAAsB,mBAAA,CAANtB,MAAM;UAAEC,QAAQ,GAAAqB,mBAAA,CAARrB,QAAQ;UAAEsB,QAAQ,GAAAD,mBAAA,CAARC,QAAQ;QAClC,CAAAF,aAAA,GAAAJ,KAAI,CAACpB,MAAM,cAAAwB,aAAA,eAAXA,aAAA,CAAaR,IAAI,CACb;QAAA,sCAAAd,MAAA,CACsCC,MAAM,OAAAD,MAAA,CAAIE,QAAQ,OAAAF,MAAA,CAAIwB,QAAQ,kCACxE,CAAC;QACDN,KAAI,CAACE,0BAA0B,SAASF,KAAI,CAACF,mBAAmB,CAACf,MAAM,EAAEC,QAAQ,EAAEsB,QAAQ,CAAC;MAChG,CAAC,MAAM;QACHN,KAAI,CAACE,0BAA0B,MAAApB,MAAA,CAAMkB,KAAI,CAACpC,aAAa,CAACmB,MAAM,OAAAD,MAAA,CAAIkB,KAAI,CAACpC,aAAa,CAACoB,QAAQ,CAAE;MACnG;MACA,OAAOgB,KAAI,CAACE,0BAA0B;IAAC;EAC3C;EAEOK,iBAAiBA,CAAA,EAQtB;IACE,OAAO,IAAIpC,GAAG,CAAC,IAAI,CAACqC,mBAAmB,CAAC;EAC5C;EAQQC,qCAAqCA,CAAA,EAAS;IAClD,IAAMC,WAAW,GAAG,IAAI,CAACC,gCAAgC;IACzD,IAAI,CAACA,gCAAgC,GAAG,EAAE;IAC1CD,WAAW,CAACE,OAAO,CAAEC,OAAO,IAAK;MAC7B,IAAI,CAACnB,mBAAmB,CAACmB,OAAO,CAACzB,GAAG,EAAEyB,OAAO,CAACxB,QAAQ,EAAEwB,OAAO,CAACxC,UAAU,CAAC;IAC/E,CAAC,CAAC;EACN;EAEQqB,mBAAmBA,CACvBN,GAA4B,EAC5BC,QAAgB,EAChBhB,UAAuC,EACnC;IACJ,IAAMyC,kBAAkB,GAAG,IAAI,CAACjD,cAAc,CAAC,CAAC;IAChD,IAAMkD,cAAc,GAAGD,kBAAkB,CAACE,IAAI,CACzCC,MAAM,IAAKA,MAAM,CAAClC,MAAM,KAAKV,UAAU,CAACU,MAAM,IAAIkC,MAAM,CAACjC,QAAQ,KAAKX,UAAU,CAACW,QACtF,CAAC;IACD,IAAI,CAAC+B,cAAc,EAAE;MAAA,IAAAG,aAAA;MACjB,CAAAA,aAAA,OAAI,CAACtC,MAAM,cAAAsC,aAAA,eAAXA,aAAA,CAAatB,IAAI,4CAAAd,MAAA,CAC8BT,UAAU,CAACU,MAAM,OAAAD,MAAA,CAAIT,UAAU,CAACW,QAAQ,4BACvF,CAAC;MACD,IAAI,CAAC2B,gCAAgC,CAACQ,IAAI,CAAC;QAAE/B,GAAG;QAAEC,QAAQ;QAAEhB;MAAW,CAAC,CAAC;MACzE;IACJ;IACA,IAAI,CAAC+C,sCAAsC,CAAChC,GAAG,EAAEC,QAAQ,EAAEhB,UAAU,EAAE0C,cAAc,CAACM,kBAAkB,CAAC;EAC7G;EAEQD,sCAAsCA,CAC1ChC,GAA4B,EAC5BC,QAAgB,EAChBhB,UAAuC,EACvCgD,kBAA0B,EACtB;IACJ,IAAMC,MAAM,GAAGnE,sBAAsB,CAACkB,UAAU,CAAC;IACjD,IAAI,CAAC,IAAI,CAACmC,mBAAmB,CAACe,GAAG,CAACD,MAAM,CAAC,EAAE;MACvC,IAAI,CAACd,mBAAmB,CAACgB,GAAG,CAACF,MAAM,EAAE,EAAE,CAAC;IAC5C;IACA,IAAI,CAACd,mBAAmB,CAACiB,GAAG,CAACH,MAAM,CAAC,CAAEH,IAAI,CAAC;MAAE/B,GAAG;MAAEC,QAAQ;MAAEhB,UAAU;MAAEgD;IAAmB,CAAC,CAAC;IAC7F,IAAI,CAACtD,uBAAuB,CAACqB,GAAG,EAAEC,QAAQ,EAAEhB,UAAU,EAAEgD,kBAAkB,CAAC;EAC/E;EAEOK,IAAIA,CAACC,UAA6D,EAAQ;IAAA,IAAAC,qBAAA,EAAAC,qBAAA,EAAAC,qBAAA,EAAAC,qBAAA,EAAAC,aAAA;IAC7E,IAAI,CAACtD,eAAe,IAAAkD,qBAAA,GAAGD,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEjD,eAAe,cAAAkD,qBAAA,cAAAA,qBAAA,GAAI,IAAI,CAAC,CAAC;IAC5D,IAAI,CAACzB,2BAA2B,IAAA0B,qBAAA,GAAGF,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEM,wBAAwB,cAAAJ,qBAAA,cAAAA,qBAAA,GAAI,KAAK;IAChF,IAAI,CAACK,WAAW,IAAAJ,qBAAA,GAAGH,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEO,WAAW,cAAAJ,qBAAA,cAAAA,qBAAA,GAAI,IAAI;IAClD,IAAI,CAACK,wBAAwB,IAAAJ,qBAAA,GAAGJ,UAAU,aAAVA,UAAU,uBAAVA,UAAU,CAAEQ,wBAAwB,cAAAJ,qBAAA,cAAAA,qBAAA,GAAI,KAAM;IAE9E,IAAI,CAACjE,SAAS,CAACsE,EAAE,CAAC9E,kBAAkB,CAAC+E,YAAY,EAAE,IAAI,CAACC,gBAAgB,CAAC;IACzE,KAAK,IAAI,CAACvC,wBAAwB,CAAC,CAAC,CAAC,CAAC;;IAEtC,CAAAiC,aAAA,OAAI,CAACpD,MAAM,cAAAoD,aAAA,eAAXA,aAAA,CAAapC,IAAI,eAAe,CAAC;IACjC,IAAI,CAAC9B,SAAS,CAACyE,KAAK,CAAC,CAAC;EAC1B;EAEOC,KAAKA,CAAA,EAAS;IACjB,IAAI,CAAC1E,SAAS,CAAC2E,GAAG,CAACnF,kBAAkB,CAAC+E,YAAY,EAAE,IAAI,CAACC,gBAAgB,CAAC;IAC1E,IAAI,CAACxE,SAAS,CAAC4E,IAAI,CAAC,CAAC;IACrB,IAAI,CAAClC,mBAAmB,CAACmC,KAAK,CAAC,CAAC;EACpC;;EAEA;AACJ;AACA;AACA;AACA;AACA;EACYC,qBAAqBA,CAAA,EAAS;IAClC;IACA;IACA;IACA,IAAI,CAAC,IAAI,CAAClE,eAAe,EAAE;IAC3B,IAAI,IAAI,CAACmE,6BAA6B,IAAI,IAAI,EAAE;MAAA,IAAAC,aAAA;MAC5C,CAAAA,aAAA,OAAI,CAAClE,MAAM,cAAAkE,aAAA,eAAXA,aAAA,CAAa7D,KAAK,qCAAqC,CAAC;MACxD;MACA,IAAI,CAAC4D,6BAA6B,GAAG,IAAI,CAACE,kBAAkB,CAAC,CAAC,CAACC,IAAI,CAAC,MAAM;QAAA,IAAAC,aAAA;QACtE,CAAAA,aAAA,OAAI,CAACrE,MAAM,cAAAqE,aAAA,eAAXA,aAAA,CAAahE,KAAK,oBAAoB,CAAC;QACvC,IAAI,CAAC4D,6BAA6B,GAAG,IAAI;QACzC,IAAI,IAAI,CAACK,oBAAoB,EAAE;UAAA,IAAAC,aAAA;UAC3B,CAAAA,aAAA,OAAI,CAACvE,MAAM,cAAAuE,aAAA,eAAXA,aAAA,CAAalE,KAAK,qBAAqB,CAAC;UACxC,IAAI,CAACiE,oBAAoB,GAAG,KAAK;UACjC;UACA,IAAI,CAACN,qBAAqB,CAAC,CAAC;QAChC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MAAA,IAAAQ,aAAA;MACH;MACA;MACA,CAAAA,aAAA,OAAI,CAACxE,MAAM,cAAAwE,aAAA,eAAXA,aAAA,CAAanE,KAAK,2EAA2E,CAAC;MAC9F,IAAI,CAACiE,oBAAoB,GAAG,IAAI;IACpC;EACJ;EAqCA;AACJ;AACA;AACA;AACA;EACWG,mBAAmBA,CAAA,EAA8C;IAAA,IAAAC,aAAA;IAAA,IAA7CC,cAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAApF,SAAA,GAAAoF,SAAA,MAAG,EAAE;IAC5D,CAAAF,aAAA,OAAI,CAAC1E,MAAM,cAAA0E,aAAA,eAAXA,aAAA,CAAaI,KAAK,sBAAsB,CAAC;;IAEzC;IACA;IACA,IAAI,CAACd,qBAAqB,CAAC,CAAC;IAC5B;IACA,IAAI,CAACnC,qCAAqC,CAAC,CAAC;EAChD;EAEcsC,kBAAkBA,CAAA,EAAkB;IAAA,IAAAY,MAAA;IAAA,OAAA1D,iBAAA;MAAA,IAAA2D,qBAAA,EAAAC,sBAAA;MAC9C,IAAMC,UAAU,GAAGH,MAAI,CAACI,eAAe,IAAI,IAAI;MAC/C,IAAID,UAAU,EAAE;QACZ;QACA,IAAME,QAAQ,GAAG;UACb5E,GAAG,EAAEuE,MAAI,CAACM,iBAAiB,CAAC,CAAC;UAC7B3E,UAAU,EAAE4E,IAAI,CAACC,GAAG,CAAC,CAAC;UACtBC,UAAU,EAAE,EAAE;UACdC,KAAK,EAAE;QACX,CAAC;QACDV,MAAI,CAACI,eAAe,GAAGC,QAAQ;QAC/BL,MAAI,CAACvC,sCAAsC,CACvC4C,QAAQ,CAAC5E,GAAG,EACZ4E,QAAQ,CAACK,KAAK,EACdV,MAAI,CAAC/F,aAAa,QACZ+F,MAAI,CAAC5D,wBAAwB,CAAC,CACxC,CAAC;MACL;MACA;MACA,IAAMuE,WAAoC,GAAGX,MAAI,CAAC9F,cAAc,CAAC,CAAC,CAC7D0G,MAAM,CAAElG,UAAU,IAAK;QACpB,OAAOA,UAAU,CAACmG,MAAM,IAAIpG,SAAS;MACzC,CAAC,CAAC,CACDqG,GAAG,CAAEpG,UAAU,IAAK;QACjB,OAAO;UACHU,MAAM,EAAEV,UAAU,CAACmG,MAAO;UAC1BxF,QAAQ,EAAEX,UAAU,CAACW,QAAQ;UAC7B0F,YAAY,EAAErG,UAAU,CAACsG,SAAS,CAAC;QACvC,CAAC;MACL,CAAC,CAAC;MAEN,IAAIC,iBAAiB,IAAAhB,qBAAA,IAAAC,sBAAA,GAAGF,MAAI,CAACI,eAAe,cAAAF,sBAAA,uBAApBA,sBAAA,CAAsBO,UAAU,cAAAR,qBAAA,cAAAA,qBAAA,GAAI,EAAE;;MAE9D;MACA;MACAgB,iBAAiB,GAAGA,iBAAiB,CAACL,MAAM,CACvCM,CAAC;MACE;MACA,CAACP,WAAW,CAACQ,IAAI,CACZC,CAAC,IAAKF,CAAC,CAAC9F,MAAM,IAAIgG,CAAC,CAAChG,MAAM,IAAI8F,CAAC,CAAC7F,QAAQ,IAAI+F,CAAC,CAAC/F,QAAQ,IAAI6F,CAAC,CAACH,YAAY,IAAIK,CAAC,CAACL,YACnF,CACR,CAAC;MAED,IAAMM,OAAO,GAAGJ,iBAAiB,CAACL,MAAM,CACnCM,CAAC,IACE,CAACP,WAAW,CAACQ,IAAI,CACZC,CAAC,IAAKF,CAAC,CAAC9F,MAAM,IAAIgG,CAAC,CAAChG,MAAM,IAAI8F,CAAC,CAAC7F,QAAQ,IAAI+F,CAAC,CAAC/F,QAAQ,IAAI6F,CAAC,CAACH,YAAY,IAAIK,CAAC,CAACL,YACnF,CACR,CAAC;MACD,IAAMO,SAAS,GAAGX,WAAW,CAACC,MAAM,CAC/BM,CAAC,IACE,CAACD,iBAAiB,CAACE,IAAI,CAClBC,CAAC,IAAKF,CAAC,CAAC9F,MAAM,IAAIgG,CAAC,CAAChG,MAAM,IAAI8F,CAAC,CAAC7F,QAAQ,IAAI+F,CAAC,CAAC/F,QAAQ,IAAI6F,CAAC,CAACH,YAAY,IAAIK,CAAC,CAACL,YACnF,CACR,CAAC;MAED,IAAIQ,cAAuC,GAAG,EAAE;MAChD,IAAIC,WAAsC;MAC1C,IAAIC,aAAa,GAAG,KAAK;MACzB,IAAIJ,OAAO,CAACvB,MAAM,GAAG,CAAC,EAAE;QACpB;QACA,IAAM4B,cAAc,GAAG1B,MAAI,CAAC2B,wBAAwB,CAAC,CAAC;QACtDF,aAAa,GAAG,IAAI;QACpBF,cAAc,GAAGZ,WAAW;QAC5Ba,WAAW,GAAGE,cAAc;MAChC,CAAC,MAAM,IAAIJ,SAAS,CAACxB,MAAM,GAAG,CAAC,EAAE;QAC7B,IAAMU,GAAG,GAAGD,IAAI,CAACC,GAAG,CAAC,CAAC;QACtB,IAAMoB,MAAM,GAAGpB,GAAG,GAAGR,MAAI,CAACI,eAAe,CAAEzE,UAAU;QACrD;QACA,IAAIiG,MAAM,GAAG5B,MAAI,CAACxB,wBAAwB,EAAE;UAAA,IAAAqD,aAAA;UACxC;UACA;UACA,CAAAA,aAAA,GAAA7B,MAAI,CAAC/E,MAAM,cAAA4G,aAAA,eAAXA,aAAA,CAAavG,KAAK,4DAAAH,MAAA,CAA4DyG,MAAM,kBAAe,CAAC;UACpGL,cAAc,GAAGD,SAAS;UAC1BE,WAAW,GAAGxB,MAAI,CAACI,eAAgB;QACvC,CAAC,MAAM;UAAA,IAAA0B,cAAA;UACH;UACA,CAAAA,cAAA,GAAA9B,MAAI,CAAC/E,MAAM,cAAA6G,cAAA,eAAXA,cAAA,CAAaxG,KAAK,yCAAyC,CAAC;UAC5D,IAAMoG,eAAc,GAAG1B,MAAI,CAAC2B,wBAAwB,CAAC,CAAC;UACtDF,aAAa,GAAG,IAAI;UACpBF,cAAc,GAAGZ,WAAW;UAC5Ba,WAAW,GAAGE,eAAc;QAChC;MACJ,CAAC,MAAM;QACH;QACA;MACJ;MAEA,IAAI;QAAA,IAAAK,cAAA,EAAAC,cAAA;QACA,CAAAD,cAAA,GAAA/B,MAAI,CAAC/E,MAAM,cAAA8G,cAAA,eAAXA,cAAA,CAAahC,KAAK,iBAAiB,CAAC;QACpC,MAAMC,MAAI,CAAC7F,SAAS,CAAC8H,OAAO,CAACvI,YAAY,CAAC8H,WAAW,CAAC/F,GAAG,CAAC,EAAE+F,WAAW,CAACd,KAAK,EAAEa,cAAc,CAAC;QAC9FC,WAAW,CAACf,UAAU,CAACjD,IAAI,CAAC,GAAG+D,cAAc,CAAC;QAC9C,CAAAS,cAAA,GAAAhC,MAAI,CAAC/E,MAAM,cAAA+G,cAAA,eAAXA,cAAA,CAAajC,KAAK,cAAA5E,MAAA,CACDqG,WAAW,CAACd,KAAK,eAAAvF,MAAA,CAAYqG,WAAW,CAACf,UAAU,CAACK,GAAG,CAAEoB,CAAC,OAAA/G,MAAA,CAAQ+G,CAAC,CAAC9G,MAAM,OAAAD,MAAA,CAAI+G,CAAC,CAAC7G,QAAQ,CAAE,CAAC,CAAC0C,IAAI,CAAC,GAAG,CAAC,CACtH,CAAC;QACD,IAAI0D,aAAa,EAAE;UAAA,IAAAU,cAAA,EAAAC,cAAA;UACf;UACA;UACA,CAAAD,cAAA,GAAAnC,MAAI,CAAC/E,MAAM,cAAAkH,cAAA,eAAXA,cAAA,CAAapC,KAAK,0BAAA5E,MAAA,CAA0BqG,WAAW,CAACd,KAAK,QAAK,CAAC;UACnE,MAAM9G,KAAK,CAACoG,MAAI,CAACzB,WAAW,CAAC;UAC7B,CAAA6D,cAAA,GAAApC,MAAI,CAAC/E,MAAM,cAAAmH,cAAA,eAAXA,cAAA,CAAarC,KAAK,gCAAA5E,MAAA,CAAgCqG,WAAW,CAACd,KAAK,MAAG,CAAC;UACvEV,MAAI,CAACvC,sCAAsC,CACvC+D,WAAW,CAAC/F,GAAG,EACf+F,WAAW,CAACd,KAAK,EACjBV,MAAI,CAAC/F,aAAa,QACZ+F,MAAI,CAAC5D,wBAAwB,CAAC,CACxC,CAAC;QACL;MACJ,CAAC,CAAC,OAAOiG,GAAG,EAAE;QAAA,IAAAC,cAAA;QACV,CAAAA,cAAA,GAAAtC,MAAI,CAAC/E,MAAM,cAAAqH,cAAA,eAAXA,cAAA,CAAaC,KAAK,0BAA0BF,GAAG,CAAC;MACpD;IAAC;EACL;EAEQV,wBAAwBA,CAAA,EAA8B;IAAA,IAAAa,cAAA;IAC1D,IAAMd,cAAyC,GAAG;MAC9CjG,GAAG,EAAE,IAAI,CAAC6E,iBAAiB,CAAC,CAAC;MAC7B3E,UAAU,EAAE4E,IAAI,CAACC,GAAG,CAAC,CAAC;MACtBC,UAAU,EAAE,EAAE;MACdC,KAAK,EAAE,IAAI,CAAC+B,YAAY,CAAC;IAC7B,CAAC;IAED,CAAAD,cAAA,OAAI,CAACvH,MAAM,cAAAuH,cAAA,eAAXA,cAAA,CAAavG,IAAI,oCAAAd,MAAA,CAAoCuG,cAAc,CAAChB,KAAK,CAAE,CAAC;IAC5E;IACA,IAAI,CAACN,eAAe,GAAGsB,cAAc;IACrC,OAAOA,cAAc;EACzB;EAEQe,YAAYA,CAAA,EAAW;IAC3B,IAAI,IAAI,CAACrC,eAAe,EAAE;MACtB,OAAO,CAAC,IAAI,CAACA,eAAe,CAAEM,KAAK,GAAG,CAAC,IAAI,GAAG;IAClD;IACA,OAAO,CAAC;EACZ;EAEQJ,iBAAiBA,CAAA,EAA4B;IACjD,IAAM7E,GAAG,GAAG,IAAIiH,UAAU,CAAC,EAAE,CAAC;IAC9BC,UAAU,CAACC,MAAM,CAACC,eAAe,CAACpH,GAAG,CAAC;IACtC,OAAOA,GAAG;EACd;AACJ","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"RTCEncryptionManager.js","names":[],"sources":["../../src/matrixrtc/RTCEncryptionManager.ts"],"sourcesContent":["/*\nCopyright 2025-2026 The Matrix.org Foundation C.I.C.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n*/\n\nimport {\n type CallMembershipIdentityParts,\n getEncryptionKeyMapKey,\n type IEncryptionManager,\n} from \"./EncryptionManager.ts\";\nimport { type EncryptionConfig, type MembershipConfig } from \"./MatrixRTCSession.ts\";\nimport type { CallMembership } from \"./CallMembership.ts\";\nimport { decodeBase64, encodeBase64 } from \"../base64.ts\";\nimport { type IKeyTransport, type KeyTransportEventListener, KeyTransportEvents } from \"./IKeyTransport.ts\";\nimport { type Logger } from \"../logger.ts\";\nimport { sleep } from \"../utils.ts\";\nimport {\n type EncryptionKeyMapKey,\n type InboundEncryptionSession,\n type OutboundEncryptionSession,\n type ParticipantDeviceInfo,\n} from \"./types.ts\";\nimport { OutdatedKeyFilter } from \"./utils.ts\";\nimport { computeRtcIdentityRaw } from \"./membershipData/rtc.ts\";\n\n/**\n * RTCEncryptionManager is used to manage the encryption keys for a call.\n *\n * It is responsible for distributing the keys to the other participants and rotating the keys if needed.\n *\n * This manager when used with to-device transport will share the existing key only to new joiners, and rotate\n * if there is a leaver.\n *\n * XXX In the future we want to distribute a ratcheted key not the current one for new joiners.\n */\nexport class RTCEncryptionManager implements IEncryptionManager {\n // This is a stop-gap solution for now. The preferred way to handle this case would be instead\n // to create a NoOpEncryptionManager that does nothing and use it for the session.\n // This will be done when removing the legacy EncryptionManager.\n private manageMediaKeys = false;\n\n private useHashedRtcBackendIdentity = false;\n private ownRtcBackendIdentityCache: string | undefined;\n\n /**\n * Store the key rings for each participant.\n * The encryption manager stores the keys because the application layer might not be ready yet to handle the keys.\n * The keys are stored and can be retrieved later when the application layer is ready {@link RTCEncryptionManager#getEncryptionKeys}.\n */\n private readonly participantKeyRings = new Map<\n EncryptionKeyMapKey,\n Array<{\n key: Uint8Array<ArrayBuffer>;\n keyIndex: number;\n membership: CallMembershipIdentityParts;\n rtcBackendIdentity: string;\n }>\n >();\n\n // The current per-sender media key for this device\n private outboundSession: OutboundEncryptionSession | null = null;\n\n /**\n * Ensures that there is only one distribute operation at a time for that call.\n */\n private currentKeyDistributionPromise: Promise<void> | null = null;\n\n /**\n * The time to wait before using the outbound session after it has been distributed.\n * This is to ensure that the key is delivered to all participants before it is used.\n * When creating the first key, this is set to 0 so that the key can be used immediately.\n */\n private useKeyDelay = 5000;\n\n /**\n * We want to avoid rolling out a new outbound key when the previous one was created less than `keyRotationGracePeriodMs` milliseconds ago.\n * This is to avoid expensive key rotations when users quickly join the call in a row.\n *\n * This must be higher than `useKeyDelay` to have an effect.\n * If it is lower, the current key will always be older than the grace period.\n * @private\n */\n private keyRotationGracePeriodMs = 10_000;\n\n /**\n * If a new key distribution is being requested while one is going on, we will set this flag to true.\n * This will ensure that a new round is started after the current one.\n * @private\n */\n private needToEnsureKeyAgain = false;\n\n /**\n * There is a possibility that keys arrive in the wrong order.\n * For example, after a quick join/leave/join, there will be 2 keys of index 0 distributed, and\n * if they are received in the wrong order, the stream won't be decryptable.\n * For that reason we keep a small buffer of keys for a limited time to disambiguate.\n * @private\n */\n private keyBuffer = new OutdatedKeyFilter();\n\n private logger: Logger | undefined = undefined;\n\n private readonly rtcIdentityProvider: (userId: string, deviceId: string, memberId: string) => Promise<string>;\n\n /**\n *\n * @param ownMembership - our own membership info\n * @param getMemberships - function to get current memberships\n * @param transport - key transport (room or to-device)\n * @param statistics - statistics collector\n * @param onEncryptionKeysChanged - callback to notify the media layer of new keys\n * @param parentLogger - optional parent logger\n * @param rtcBackendIdProvider - A function to compute the rtc backend identity, exposed for testing purposes\n */\n public constructor(\n private readonly ownMembership: CallMembershipIdentityParts,\n private getMemberships: () => CallMembership[],\n private transport: IKeyTransport,\n // Callback to notify the media layer of new keys\n private onEncryptionKeysChanged: (\n keyBin: Uint8Array<ArrayBuffer>,\n encryptionKeyIndex: number,\n membership: CallMembershipIdentityParts,\n rtcBackendIdentity: string,\n ) => void,\n parentLogger?: Logger,\n rtcBackendIdProvider?: (userId: string, deviceId: string, memberId: string) => Promise<string>,\n ) {\n this.logger = parentLogger?.getChild(`[EncryptionManager]`);\n this.rtcIdentityProvider = rtcBackendIdProvider ?? computeRtcIdentityRaw;\n }\n\n private async getOwnRtcBackendIdentity(): Promise<string> {\n if (this.ownRtcBackendIdentityCache) return this.ownRtcBackendIdentityCache;\n\n if (this.useHashedRtcBackendIdentity) {\n const { userId, deviceId, memberId } = this.ownMembership;\n this.logger?.info(\n // If we see this log multiple times, we need to reconsider the precompute call of getOwnRtcBackendIdentity\n `Computing RTC backend identity for ${userId}:${deviceId}:${memberId} (SHOULD ONLY BE CALLED ONCE)`,\n );\n this.ownRtcBackendIdentityCache = await this.rtcIdentityProvider(userId, deviceId, memberId);\n } else {\n this.ownRtcBackendIdentityCache = `${this.ownMembership.userId}:${this.ownMembership.deviceId}`;\n }\n return this.ownRtcBackendIdentityCache;\n }\n\n public getEncryptionKeys(): ReadonlyMap<\n EncryptionKeyMapKey,\n ReadonlyArray<{\n key: Uint8Array<ArrayBuffer>;\n keyIndex: number;\n membership: CallMembershipIdentityParts;\n rtcBackendIdentity: string;\n }>\n > {\n return new Map(this.participantKeyRings);\n }\n\n private keysWithoutMatchingRTCMembership: Array<{\n key: Uint8Array<ArrayBuffer>;\n keyIndex: number;\n membership: CallMembershipIdentityParts;\n }> = [];\n\n private checkKeysWithoutMatchingRTCMembership(): void {\n const keyInfoTemp = this.keysWithoutMatchingRTCMembership;\n this.keysWithoutMatchingRTCMembership = [];\n keyInfoTemp.forEach((keyInfo) => {\n this.addKeyToParticipant(keyInfo.key, keyInfo.keyIndex, keyInfo.membership);\n });\n }\n\n private addKeyToParticipant(\n key: Uint8Array<ArrayBuffer>,\n keyIndex: number,\n membership: CallMembershipIdentityParts,\n ): void {\n const knownRtcMembership = this.getMemberships();\n const fullMembership = knownRtcMembership.find(\n (member) => member.userId === membership.userId && member.deviceId === membership.deviceId,\n );\n if (!fullMembership) {\n this.logger?.info(\n `No matching RTC membership for key from ${membership.userId}:${membership.deviceId}, delaying key addition`,\n );\n this.keysWithoutMatchingRTCMembership.push({ key, keyIndex, membership });\n return;\n }\n this.addKeyToParticipantWithBackendIdentity(key, keyIndex, membership, fullMembership.rtcBackendIdentity);\n }\n\n private addKeyToParticipantWithBackendIdentity(\n key: Uint8Array<ArrayBuffer>,\n keyIndex: number,\n membership: CallMembershipIdentityParts,\n rtcBackendIdentity: string,\n ): void {\n const mapKey = getEncryptionKeyMapKey(membership);\n if (!this.participantKeyRings.has(mapKey)) {\n this.participantKeyRings.set(mapKey, []);\n }\n this.participantKeyRings.get(mapKey)!.push({ key, keyIndex, membership, rtcBackendIdentity });\n this.onEncryptionKeysChanged(key, keyIndex, membership, rtcBackendIdentity);\n }\n\n public join(joinConfig: (EncryptionConfig & MembershipConfig) | undefined): void {\n this.manageMediaKeys = joinConfig?.manageMediaKeys ?? true; // default to true\n this.useHashedRtcBackendIdentity = joinConfig?.unstableSendStickyEvents ?? false;\n this.useKeyDelay = joinConfig?.useKeyDelay ?? 1000;\n this.keyRotationGracePeriodMs = joinConfig?.keyRotationGracePeriodMs ?? 10_000;\n\n this.transport.on(KeyTransportEvents.ReceivedKeys, this.onNewKeyReceived);\n void this.getOwnRtcBackendIdentity(); // precompute own identity\n\n this.logger?.info(`Joining room`);\n this.transport.start();\n }\n\n public leave(): void {\n this.transport.off(KeyTransportEvents.ReceivedKeys, this.onNewKeyReceived);\n this.transport.stop();\n this.participantKeyRings.clear();\n }\n\n /**\n * Will ensure that a new key is distributed and used to encrypt our media.\n * If there is already a key distribution in progress, it will schedule a new distribution round just after the current one is completed.\n * If this function is called repeatedly while a distribution is in progress,\n * the calls will be coalesced to a single new distribution (that will start just after the current one has completed).\n */\n private ensureKeyDistribution(): void {\n // `manageMediaKeys` is a stop-gap solution for now. The preferred way to handle this case would be instead\n // to create a NoOpEncryptionManager that does nothing and use it for the session.\n // This will be done when removing the legacy EncryptionManager.\n if (!this.manageMediaKeys) return;\n if (this.currentKeyDistributionPromise == null) {\n this.logger?.debug(`No active rollout, start a new one`);\n // start a rollout\n this.currentKeyDistributionPromise = this.rolloutOutboundKey().then(() => {\n this.logger?.debug(`Rollout completed`);\n this.currentKeyDistributionPromise = null;\n if (this.needToEnsureKeyAgain) {\n this.logger?.debug(`New Rollout needed`);\n this.needToEnsureKeyAgain = false;\n // rollout a new one\n this.ensureKeyDistribution();\n }\n });\n } else {\n // There is a rollout in progress, but a key rotation is requested (could be caused by a ownMembership change)\n // Remember that a new rotation is needed after the current one.\n this.logger?.debug(`Rollout in progress, a new rollout will be started after the current one`);\n this.needToEnsureKeyAgain = true;\n }\n }\n\n public onNewKeyReceived: KeyTransportEventListener = (membership, keyBase64Encoded, index, timestamp) => {\n // `manageMediaKeys` is a stop-gap solution for now. The preferred way to handle this case would be instead\n // to create a NoOpEncryptionManager that does nothing and use it for the session.\n // This will be done when removing the legacy EncryptionManager.\n if (!this.manageMediaKeys) {\n this.logger?.warn(\n `Received key over transport ${membership.userId}:${membership.deviceId} at index ${index} but media keys are disabled`,\n );\n return;\n }\n this.logger?.debug(`Received key over transport ${membership.userId}:${membership.deviceId} at index ${index}`);\n\n // We received a new key, notify the video layer of this new key so that it can decrypt the frames properly.\n const keyBin = decodeBase64(keyBase64Encoded);\n const candidateInboundSession: InboundEncryptionSession = {\n key: keyBin,\n membership,\n keyIndex: index,\n creationTS: timestamp,\n };\n\n const outdated = this.keyBuffer.isOutdated(membership, candidateInboundSession);\n if (!outdated) {\n this.addKeyToParticipant(\n candidateInboundSession.key,\n candidateInboundSession.keyIndex,\n candidateInboundSession.membership,\n );\n } else {\n this.logger?.info(\n `Received an out of order key for ${membership.userId}:${membership.deviceId}, dropping it`,\n );\n }\n };\n\n /**\n * Called when the ownMembership of the call changes.\n * This encryption manager is very basic, it will rotate the key everytime this is called.\n * @param oldMemberships - This parameter is not used here, but it is kept for compatibility with the interface.\n */\n public onMembershipsUpdate(oldMemberships: CallMembership[] = []): void {\n this.logger?.trace(`onMembershipsUpdate`);\n\n // Ensure the key is distributed. This will be no-op if the key is already being distributed to everyone.\n // If there is an ongoing distribution, it will be completed before a new one is started.\n this.ensureKeyDistribution();\n // ensure key emission to the rtc backend\n this.checkKeysWithoutMatchingRTCMembership();\n }\n\n private async rolloutOutboundKey(): Promise<void> {\n const isFirstKey = this.outboundSession == null;\n if (isFirstKey) {\n // create the first key\n const firstKey = {\n key: this.generateRandomKey(),\n creationTS: Date.now(),\n sharedWith: [],\n keyId: 0,\n };\n this.outboundSession = firstKey;\n this.addKeyToParticipantWithBackendIdentity(\n firstKey.key,\n firstKey.keyId,\n this.ownMembership,\n await this.getOwnRtcBackendIdentity(),\n );\n }\n // get current memberships\n const toShareWith: ParticipantDeviceInfo[] = this.getMemberships()\n .filter((membership) => {\n return membership.sender != undefined;\n })\n .map((membership) => {\n return {\n userId: membership.sender!,\n deviceId: membership.deviceId,\n membershipTs: membership.createdTs(),\n };\n });\n\n let alreadySharedWith = this.outboundSession?.sharedWith ?? [];\n\n // Some users might have rotate their ownMembership event (formally called fingerprint) meaning they might have\n // clear their key. Reset the `alreadySharedWith` flag for them.\n alreadySharedWith = alreadySharedWith.filter(\n (x) =>\n // If there was a member with same userId and deviceId but different membershipTs, we need to clear it\n !toShareWith.some(\n (o) => x.userId == o.userId && x.deviceId == o.deviceId && x.membershipTs != o.membershipTs,\n ),\n );\n\n const anyLeft = alreadySharedWith.filter(\n (x) =>\n !toShareWith.some(\n (o) => x.userId == o.userId && x.deviceId == o.deviceId && x.membershipTs == o.membershipTs,\n ),\n );\n const anyJoined = toShareWith.filter(\n (x) =>\n !alreadySharedWith.some(\n (o) => x.userId == o.userId && x.deviceId == o.deviceId && x.membershipTs == o.membershipTs,\n ),\n );\n\n let toDistributeTo: ParticipantDeviceInfo[] = [];\n let outboundKey: OutboundEncryptionSession;\n let hasKeyChanged = false;\n if (anyLeft.length > 0) {\n // We need to rotate the key\n const newOutboundKey = this.createNewOutboundSession();\n hasKeyChanged = true;\n toDistributeTo = toShareWith;\n outboundKey = newOutboundKey;\n } else if (anyJoined.length > 0) {\n const now = Date.now();\n const keyAge = now - this.outboundSession!.creationTS;\n // If the current key is recently created (less than `keyRotationGracePeriodMs`), we can keep it and just distribute it to the new joiners.\n if (keyAge < this.keyRotationGracePeriodMs) {\n // keep the same key\n // XXX In the future we want to distribute a ratcheted key, not the current one\n this.logger?.debug(`New joiners detected, but the key is recent enough (age:${keyAge}), keeping it`);\n toDistributeTo = anyJoined;\n outboundKey = this.outboundSession!;\n } else {\n // We need to rotate the key\n this.logger?.debug(`New joiners detected, rotating the key`);\n const newOutboundKey = this.createNewOutboundSession();\n hasKeyChanged = true;\n toDistributeTo = toShareWith;\n outboundKey = newOutboundKey;\n }\n } else {\n // no changes\n return;\n }\n\n try {\n this.logger?.trace(`Sending key...`);\n await this.transport.sendKey(encodeBase64(outboundKey.key), outboundKey.keyId, toDistributeTo);\n outboundKey.sharedWith.push(...toDistributeTo);\n this.logger?.trace(\n `key index:${outboundKey.keyId} sent to ${outboundKey.sharedWith.map((m) => `${m.userId}:${m.deviceId}`).join(\",\")}`,\n );\n if (hasKeyChanged) {\n // Delay a bit before using this key\n // It is recommended not to start using a key immediately but instead wait for a short time to make sure it is delivered.\n this.logger?.trace(`Delay Rollout for key:${outboundKey.keyId}...`);\n await sleep(this.useKeyDelay);\n this.logger?.trace(`...Delayed rollout of index:${outboundKey.keyId} `);\n this.addKeyToParticipantWithBackendIdentity(\n outboundKey.key,\n outboundKey.keyId,\n this.ownMembership,\n await this.getOwnRtcBackendIdentity(),\n );\n }\n } catch (err) {\n this.logger?.error(`Failed to rollout key`, err);\n }\n }\n\n private createNewOutboundSession(): OutboundEncryptionSession {\n const newOutboundKey: OutboundEncryptionSession = {\n key: this.generateRandomKey(),\n creationTS: Date.now(),\n sharedWith: [],\n keyId: this.nextKeyIndex(),\n };\n\n this.logger?.info(`creating new outbound key index:${newOutboundKey.keyId}`);\n // Set this new key as the current one\n this.outboundSession = newOutboundKey;\n return newOutboundKey;\n }\n\n private nextKeyIndex(): number {\n if (this.outboundSession) {\n return (this.outboundSession!.keyId + 1) % 256;\n }\n return 0;\n }\n\n private generateRandomKey(): Uint8Array<ArrayBuffer> {\n const key = new Uint8Array(16);\n globalThis.crypto.getRandomValues(key);\n return key;\n }\n}\n"],"mappings":";AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAEI,sBAAsB,QAEnB,wBAAwB;AAG/B,SAAS,YAAY,EAAE,YAAY,QAAQ,cAAc;AACzD,SAA6D,kBAAkB,QAAQ,oBAAoB;AAE3G,SAAS,KAAK,QAAQ,aAAa;AAOnC,SAAS,iBAAiB,QAAQ,YAAY;AAC9C,SAAS,qBAAqB,QAAQ,yBAAyB;;AAE/D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAM,oBAAoB,CAA+B;EAqE5D;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACW,WAAW,CACG,aAA0C,EACnD,cAAsC,EACtC,SAAwB;EAChC;EACQ,uBAKC,EACT,YAAqB,EACrB,oBAA8F,EAChG;IA3FF;IACA;IACA;IAAA,yCAC0B,KAAK;IAAA,qDAEO,KAAK;IAAA;IAG3C;AACJ;AACA;AACA;AACA;IAJI,6CAKuC,IAAI,GAAG,CAQ5C,CAAC;IAEH;IAAA,yCAC4D,IAAI;IAEhE;AACJ;AACA;IAFI,uDAG8D,IAAI;IAElE;AACJ;AACA;AACA;AACA;IAJI,qCAKsB,IAAI;IAE1B;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;IAPI,kDAQmC,KAAM;IAEzC;AACJ;AACA;AACA;AACA;IAJI,8CAK+B,KAAK;IAEpC;AACJ;AACA;AACA;AACA;AACA;AACA;IANI,mCAOoB,IAAI,iBAAiB,CAAC,CAAC;IAAA,gCAEN,SAAS;IAAA;IAAA,0DAgEzC,EAAE;IAAA,0CA8F8C,CAAC,UAAU,EAAE,gBAAgB,EAAE,KAAK,EAAE,SAAS,KAAK;MACrG;MACA;MACA;MACA,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;QACvB,IAAI,CAAC,MAAM,EAAE,IAAI,CACb,+BAA+B,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,QAAQ,aAAa,KAAK,8BAC7F,CAAC;QACD;MACJ;MACA,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,+BAA+B,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,QAAQ,aAAa,KAAK,EAAE,CAAC;;MAE/G;MACA,MAAM,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC;MAC7C,MAAM,uBAAiD,GAAG;QACtD,GAAG,EAAE,MAAM;QACX,UAAU;QACV,QAAQ,EAAE,KAAK;QACf,UAAU,EAAE;MAChB,CAAC;MAED,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,EAAE,uBAAuB,CAAC;MAC/E,IAAI,CAAC,QAAQ,EAAE;QACX,IAAI,CAAC,mBAAmB,CACpB,uBAAuB,CAAC,GAAG,EAC3B,uBAAuB,CAAC,QAAQ,EAChC,uBAAuB,CAAC,UAC5B,CAAC;MACL,CAAC,MAAM;QACH,IAAI,CAAC,MAAM,EAAE,IAAI,CACb,oCAAoC,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,QAAQ,eAChF,CAAC;MACL;IACJ,CAAC;IAAA,KAhLoB,aAA0C,GAA1C,aAA0C;IAAA,KACnD,cAAsC,GAAtC,cAAsC;IAAA,KACtC,SAAwB,GAAxB,SAAwB;IAAA,KAExB,uBAKC,GALD,uBAKC;IAIT,IAAI,CAAC,MAAM,GAAG,YAAY,EAAE,QAAQ,CAAC,qBAAqB,CAAC;IAC3D,IAAI,CAAC,mBAAmB,GAAG,oBAAoB,IAAI,qBAAqB;EAC5E;EAEA,MAAc,wBAAwB,GAAoB;IACtD,IAAI,IAAI,CAAC,0BAA0B,EAAE,OAAO,IAAI,CAAC,0BAA0B;IAE3E,IAAI,IAAI,CAAC,2BAA2B,EAAE;MAClC,MAAM;QAAE,MAAM;QAAE,QAAQ;QAAE;MAAS,CAAC,GAAG,IAAI,CAAC,aAAa;MACzD,IAAI,CAAC,MAAM,EAAE,IAAI;MACb;MACA,sCAAsC,MAAM,IAAI,QAAQ,IAAI,QAAQ,+BACxE,CAAC;MACD,IAAI,CAAC,0BAA0B,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC;IAChG,CAAC,MAAM;MACH,IAAI,CAAC,0BAA0B,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,IAAI,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE;IACnG;IACA,OAAO,IAAI,CAAC,0BAA0B;EAC1C;EAEO,iBAAiB,GAQtB;IACE,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC;EAC5C;EAQQ,qCAAqC,GAAS;IAClD,MAAM,WAAW,GAAG,IAAI,CAAC,gCAAgC;IACzD,IAAI,CAAC,gCAAgC,GAAG,EAAE;IAC1C,WAAW,CAAC,OAAO,CAAE,OAAO,IAAK;MAC7B,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC;IAC/E,CAAC,CAAC;EACN;EAEQ,mBAAmB,CACvB,GAA4B,EAC5B,QAAgB,EAChB,UAAuC,EACnC;IACJ,MAAM,kBAAkB,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;IAChD,MAAM,cAAc,GAAG,kBAAkB,CAAC,IAAI,CACzC,MAAM,IAAK,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,UAAU,CAAC,QACtF,CAAC;IACD,IAAI,CAAC,cAAc,EAAE;MACjB,IAAI,CAAC,MAAM,EAAE,IAAI,CACb,2CAA2C,UAAU,CAAC,MAAM,IAAI,UAAU,CAAC,QAAQ,yBACvF,CAAC;MACD,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC;QAAE,GAAG;QAAE,QAAQ;QAAE;MAAW,CAAC,CAAC;MACzE;IACJ;IACA,IAAI,CAAC,sCAAsC,CAAC,GAAG,EAAE,QAAQ,EAAE,UAAU,EAAE,cAAc,CAAC,kBAAkB,CAAC;EAC7G;EAEQ,sCAAsC,CAC1C,GAA4B,EAC5B,QAAgB,EAChB,UAAuC,EACvC,kBAA0B,EACtB;IACJ,MAAM,MAAM,GAAG,sBAAsB,CAAC,UAAU,CAAC;IACjD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;MACvC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;IAC5C;IACA,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAE,IAAI,CAAC;MAAE,GAAG;MAAE,QAAQ;MAAE,UAAU;MAAE;IAAmB,CAAC,CAAC;IAC7F,IAAI,CAAC,uBAAuB,CAAC,GAAG,EAAE,QAAQ,EAAE,UAAU,EAAE,kBAAkB,CAAC;EAC/E;EAEO,IAAI,CAAC,UAA6D,EAAQ;IAC7E,IAAI,CAAC,eAAe,GAAG,UAAU,EAAE,eAAe,IAAI,IAAI,CAAC,CAAC;IAC5D,IAAI,CAAC,2BAA2B,GAAG,UAAU,EAAE,wBAAwB,IAAI,KAAK;IAChF,IAAI,CAAC,WAAW,GAAG,UAAU,EAAE,WAAW,IAAI,IAAI;IAClD,IAAI,CAAC,wBAAwB,GAAG,UAAU,EAAE,wBAAwB,IAAI,KAAM;IAE9E,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,kBAAkB,CAAC,YAAY,EAAE,IAAI,CAAC,gBAAgB,CAAC;IACzE,KAAK,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,CAAC;;IAEtC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,cAAc,CAAC;IACjC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;EAC1B;EAEO,KAAK,GAAS;IACjB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC,YAAY,EAAE,IAAI,CAAC,gBAAgB,CAAC;IAC1E,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACrB,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;EACpC;;EAEA;AACJ;AACA;AACA;AACA;AACA;EACY,qBAAqB,GAAS;IAClC;IACA;IACA;IACA,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;IAC3B,IAAI,IAAI,CAAC,6BAA6B,IAAI,IAAI,EAAE;MAC5C,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,oCAAoC,CAAC;MACxD;MACA,IAAI,CAAC,6BAA6B,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM;QACtE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,mBAAmB,CAAC;QACvC,IAAI,CAAC,6BAA6B,GAAG,IAAI;QACzC,IAAI,IAAI,CAAC,oBAAoB,EAAE;UAC3B,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,oBAAoB,CAAC;UACxC,IAAI,CAAC,oBAAoB,GAAG,KAAK;UACjC;UACA,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAChC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACH;MACA;MACA,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,0EAA0E,CAAC;MAC9F,IAAI,CAAC,oBAAoB,GAAG,IAAI;IACpC;EACJ;EAqCA;AACJ;AACA;AACA;AACA;EACW,mBAAmB,CAAC,cAAgC,GAAG,EAAE,EAAQ;IACpE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,qBAAqB,CAAC;;IAEzC;IACA;IACA,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC5B;IACA,IAAI,CAAC,qCAAqC,CAAC,CAAC;EAChD;EAEA,MAAc,kBAAkB,GAAkB;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,IAAI,IAAI;IAC/C,IAAI,UAAU,EAAE;MACZ;MACA,MAAM,QAAQ,GAAG;QACb,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC7B,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QACtB,UAAU,EAAE,EAAE;QACd,KAAK,EAAE;MACX,CAAC;MACD,IAAI,CAAC,eAAe,GAAG,QAAQ;MAC/B,IAAI,CAAC,sCAAsC,CACvC,QAAQ,CAAC,GAAG,EACZ,QAAQ,CAAC,KAAK,EACd,IAAI,CAAC,aAAa,EAClB,MAAM,IAAI,CAAC,wBAAwB,CAAC,CACxC,CAAC;IACL;IACA;IACA,MAAM,WAAoC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAC7D,MAAM,CAAE,UAAU,IAAK;MACpB,OAAO,UAAU,CAAC,MAAM,IAAI,SAAS;IACzC,CAAC,CAAC,CACD,GAAG,CAAE,UAAU,IAAK;MACjB,OAAO;QACH,MAAM,EAAE,UAAU,CAAC,MAAO;QAC1B,QAAQ,EAAE,UAAU,CAAC,QAAQ;QAC7B,YAAY,EAAE,UAAU,CAAC,SAAS,CAAC;MACvC,CAAC;IACL,CAAC,CAAC;IAEN,IAAI,iBAAiB,GAAG,IAAI,CAAC,eAAe,EAAE,UAAU,IAAI,EAAE;;IAE9D;IACA;IACA,iBAAiB,GAAG,iBAAiB,CAAC,MAAM,CACvC,CAAC;IACE;IACA,CAAC,WAAW,CAAC,IAAI,CACZ,CAAC,IAAK,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,YACnF,CACR,CAAC;IAED,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CACnC,CAAC,IACE,CAAC,WAAW,CAAC,IAAI,CACZ,CAAC,IAAK,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,YACnF,CACR,CAAC;IACD,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAC/B,CAAC,IACE,CAAC,iBAAiB,CAAC,IAAI,CAClB,CAAC,IAAK,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,YACnF,CACR,CAAC;IAED,IAAI,cAAuC,GAAG,EAAE;IAChD,IAAI,WAAsC;IAC1C,IAAI,aAAa,GAAG,KAAK;IACzB,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE;MACpB;MACA,MAAM,cAAc,GAAG,IAAI,CAAC,wBAAwB,CAAC,CAAC;MACtD,aAAa,GAAG,IAAI;MACpB,cAAc,GAAG,WAAW;MAC5B,WAAW,GAAG,cAAc;IAChC,CAAC,MAAM,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE;MAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;MACtB,MAAM,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,eAAe,CAAE,UAAU;MACrD;MACA,IAAI,MAAM,GAAG,IAAI,CAAC,wBAAwB,EAAE;QACxC;QACA;QACA,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,2DAA2D,MAAM,eAAe,CAAC;QACpG,cAAc,GAAG,SAAS;QAC1B,WAAW,GAAG,IAAI,CAAC,eAAgB;MACvC,CAAC,MAAM;QACH;QACA,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,wCAAwC,CAAC;QAC5D,MAAM,cAAc,GAAG,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACtD,aAAa,GAAG,IAAI;QACpB,cAAc,GAAG,WAAW;QAC5B,WAAW,GAAG,cAAc;MAChC;IACJ,CAAC,MAAM;MACH;MACA;IACJ;IAEA,IAAI;MACA,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,gBAAgB,CAAC;MACpC,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,WAAW,CAAC,KAAK,EAAE,cAAc,CAAC;MAC9F,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC;MAC9C,IAAI,CAAC,MAAM,EAAE,KAAK,CACd,aAAa,WAAW,CAAC,KAAK,YAAY,WAAW,CAAC,UAAU,CAAC,GAAG,CAAE,CAAC,IAAK,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EACtH,CAAC;MACD,IAAI,aAAa,EAAE;QACf;QACA;QACA,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,yBAAyB,WAAW,CAAC,KAAK,KAAK,CAAC;QACnE,MAAM,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;QAC7B,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,+BAA+B,WAAW,CAAC,KAAK,GAAG,CAAC;QACvE,IAAI,CAAC,sCAAsC,CACvC,WAAW,CAAC,GAAG,EACf,WAAW,CAAC,KAAK,EACjB,IAAI,CAAC,aAAa,EAClB,MAAM,IAAI,CAAC,wBAAwB,CAAC,CACxC,CAAC;MACL;IACJ,CAAC,CAAC,OAAO,GAAG,EAAE;MACV,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,uBAAuB,EAAE,GAAG,CAAC;IACpD;EACJ;EAEQ,wBAAwB,GAA8B;IAC1D,MAAM,cAAyC,GAAG;MAC9C,GAAG,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;MAC7B,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;MACtB,UAAU,EAAE,EAAE;MACd,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC;IAC7B,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,mCAAmC,cAAc,CAAC,KAAK,EAAE,CAAC;IAC5E;IACA,IAAI,CAAC,eAAe,GAAG,cAAc;IACrC,OAAO,cAAc;EACzB;EAEQ,YAAY,GAAW;IAC3B,IAAI,IAAI,CAAC,eAAe,EAAE;MACtB,OAAO,CAAC,IAAI,CAAC,eAAe,CAAE,KAAK,GAAG,CAAC,IAAI,GAAG;IAClD;IACA,OAAO,CAAC;EACZ;EAEQ,iBAAiB,GAA4B;IACjD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC;IAC9B,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC;IACtC,OAAO,GAAG;EACd;AACJ","ignoreList":[]}
|