Skip to content

Commit

Permalink
feat(e2ei)!: remove 'clientId' from activation & rotate enrollment no…
Browse files Browse the repository at this point in the history 
…w that we expect a specific ClientId format
  • Loading branch information
@beltram
beltram committed Dec 13, 2023
1 parent 5508dc5 commit ec73673
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 71 deletions.
6 changes: 0 additions & 6 deletions crypto-ffi/bindings/js/CoreCrypto.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1958,7 +1958,6 @@ export class CoreCrypto {
* Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
* Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
*
* @param clientId - client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:[email protected]`
* @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
* @param handle - user handle e.g. `[email protected]`
* @param expiryDays - generated x509 certificate expiry
Expand All @@ -1967,7 +1966,6 @@ export class CoreCrypto {
* @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCrypto.e2eiRotateAll}
*/
async e2eiNewActivationEnrollment(
clientId: string,
displayName: string,
handle: string,
expiryDays: number,
Expand All @@ -1976,7 +1974,6 @@ export class CoreCrypto {
): Promise<E2eiEnrollment> {
const e2ei = await CoreCryptoError.asyncMapErr(
this.#cc.e2ei_new_activation_enrollment(
clientId,
displayName,
handle,
team,
Expand All @@ -1993,7 +1990,6 @@ export class CoreCrypto {
* has been revoked. It lets you change the DisplayName or the handle
* if you need to. Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
*
* @param clientId - client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:[email protected]`
* @param expiryDays - generated x509 certificate expiry
* @param ciphersuite - for generating signing key material
* @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
Expand All @@ -2002,7 +1998,6 @@ export class CoreCrypto {
* @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCrypto.e2eiRotateAll}
*/
async e2eiNewRotateEnrollment(
clientId: string,
expiryDays: number,
ciphersuite: Ciphersuite,
displayName?: string,
Expand All @@ -2011,7 +2006,6 @@ export class CoreCrypto {
): Promise<E2eiEnrollment> {
const e2ei = await CoreCryptoError.asyncMapErr(
this.#cc.e2ei_new_rotate_enrollment(
clientId,
displayName,
handle,
team,
Expand Down
6 changes: 0 additions & 6 deletions crypto-ffi/bindings/jvm/src/main/kotlin/com/wire/crypto/client/CoreCryptoCentral.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,6 @@ class CoreCryptoCentral private constructor(private val cc: CoreCrypto, private
* Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
* Once the enrollment is finished, use the instance in [e2eiRotateAll] to do the rotation.
*
* @param clientId client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:[email protected]`
* @param displayName human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
* @param handle user handle e.g. `[email protected]`
* @param expiryDays generated x509 certificate expiry
Expand All @@ -90,7 +89,6 @@ class CoreCryptoCentral private constructor(private val cc: CoreCrypto, private
* @return The new [E2EIEnrollment] enrollment to use with [e2eiRotateAll]
*/
suspend fun e2eiNewActivationEnrollment(
clientId: String,
displayName: String,
handle: String,
expiryDays: UInt,
Expand All @@ -99,7 +97,6 @@ class CoreCryptoCentral private constructor(private val cc: CoreCrypto, private
): E2EIEnrollment {
return E2EIEnrollment(
cc.e2eiNewActivationEnrollment(
clientId,
displayName,
handle,
team,
Expand All @@ -114,7 +111,6 @@ class CoreCryptoCentral private constructor(private val cc: CoreCrypto, private
* their credential, either because the former one is expired or it has been revoked. It lets you change the DisplayName
* or the handle if you need to. Once the enrollment is finished, use the instance in [e2eiRotateAll] to do the rotation.
*
* @param clientId client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:[email protected]`
* @param expiryDays generated x509 certificate expiry
* @param ciphersuite for generating signing key material
* @param displayName human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
Expand All @@ -123,7 +119,6 @@ class CoreCryptoCentral private constructor(private val cc: CoreCrypto, private
* @return The new [E2EIEnrollment] enrollment to use with [e2eiRotateAll]
*/
suspend fun e2eiNewRotateEnrollment(
clientId: String,
expiryDays: UInt,
ciphersuite: Ciphersuite,
displayName: String? = null,
Expand All @@ -132,7 +127,6 @@ class CoreCryptoCentral private constructor(private val cc: CoreCrypto, private
): E2EIEnrollment {
return E2EIEnrollment(
cc.e2eiNewRotateEnrollment(
clientId,
displayName,
handle,
team,
Expand Down
10 changes: 4 additions & 6 deletions crypto-ffi/bindings/swift/Sources/CoreCrypto/CoreCrypto.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1162,31 +1162,29 @@ public class CoreCryptoWrapper {
/// Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
/// Once the enrollment is finished, use the instance in ``CoreCrypto/e2eiRotateAll`` to do the rotation.
///
/// - parameter clientId: client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:[email protected]`
/// - parameter displayName: human readable name displayed in the application e.g. `Smith, Alice M (QA)`
/// - parameter handle: user handle e.g. `[email protected]`
/// - parameter expiryDays: generated x509 certificate expiry
/// - parameter ciphersuite: For generating signing key material.
/// - parameter team: name of the Wire team a user belongs to
/// - returns: The new ``CoreCryptoSwift.WireE2eIdentity`` object
public func e2eiNewActivationEnrollment(clientId: String, displayName: String, handle: String, expiryDays: UInt32, ciphersuite: UInt16, handle: String? = nil) async throws -> E2eiEnrollment {
let enrollment = try await self.coreCrypto.e2eiNewActivationEnrollment(clientId: clientId, displayName: displayName, handle: handle, team: team, expiryDays: expiryDays, ciphersuite: ciphersuite)
public func e2eiNewActivationEnrollment(displayName: String, handle: String, expiryDays: UInt32, ciphersuite: UInt16, handle: String? = nil) async throws -> E2eiEnrollment {
let enrollment = try await self.coreCrypto.e2eiNewActivationEnrollment(displayName: displayName, handle: handle, team: team, expiryDays: expiryDays, ciphersuite: ciphersuite)
return E2eiEnrollment(enrollment)
}

/// Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential)having to change/rotate
/// their credential, either because the former one is expired or it has been revoked. It lets you change
/// the DisplayName or the handle if you need to. Once the enrollment is finished, use the instance in ``CoreCrypto/e2eiRotateAll`` to do the rotation.
///
/// - parameter clientId: client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:[email protected]`
/// - parameter expiryDays: generated x509 certificate expiry
/// - parameter ciphersuite: For generating signing key material.
/// - parameter displayName: human readable name displayed in the application e.g. `Smith, Alice M (QA)`
/// - parameter handle: user handle e.g. `[email protected]`
/// - parameter team: name of the Wire team a user belongs to
/// - returns: The new ``CoreCryptoSwift.WireE2eIdentity`` object
public func e2eiNewRotateEnrollment(clientId: String, expiryDays: UInt32, ciphersuite: UInt16, displayName: String? = nil, handle: String? = nil, team: String? = nil) async throws -> E2eiEnrollment {
let enrollment = try await self.coreCrypto.e2eiNewRotateEnrollment(clientId: clientId, expiryDays: expiryDays, ciphersuite: ciphersuite, displayName: displayName, handle: handle, team: team)
public func e2eiNewRotateEnrollment(expiryDays: UInt32, ciphersuite: UInt16, displayName: String? = nil, handle: String? = nil, team: String? = nil) async throws -> E2eiEnrollment {
let enrollment = try await self.coreCrypto.e2eiNewRotateEnrollment(expiryDays: expiryDays, ciphersuite: ciphersuite, displayName: displayName, handle: handle, team: team)
return E2eiEnrollment(enrollment)
}

Expand Down
20 changes: 2 additions & 18 deletions crypto-ffi/src/generic.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1517,7 +1517,6 @@ impl CoreCrypto {
/// See [core_crypto::mls::MlsCentral::e2ei_new_activation_enrollment]
pub async fn e2ei_new_activation_enrollment(
&self,
client_id: String,
display_name: String,
handle: String,
team: Option<String>,
Expand All @@ -1528,14 +1527,7 @@ impl CoreCrypto {
.central
.lock()
.await
.e2ei_new_activation_enrollment(
client_id.into_bytes().into(),
display_name,
handle,
team,
expiry_days,
ciphersuite.into(),
)
.e2ei_new_activation_enrollment(display_name, handle, team, expiry_days, ciphersuite.into())
.map(async_lock::RwLock::new)
.map(std::sync::Arc::new)
.map(E2eiEnrollment)
Expand All @@ -1545,7 +1537,6 @@ impl CoreCrypto {
/// See [core_crypto::mls::MlsCentral::e2ei_new_rotate_enrollment]
pub async fn e2ei_new_rotate_enrollment(
&self,
client_id: String,
display_name: Option<String>,
handle: Option<String>,
team: Option<String>,
Expand All @@ -1556,14 +1547,7 @@ impl CoreCrypto {
.central
.lock()
.await
.e2ei_new_rotate_enrollment(
client_id.into_bytes().into(),
display_name,
handle,
team,
expiry_days,
ciphersuite.into(),
)
.e2ei_new_rotate_enrollment(display_name, handle, team, expiry_days, ciphersuite.into())
.await
.map(async_lock::RwLock::new)
.map(std::sync::Arc::new)
Expand Down
20 changes: 2 additions & 18 deletions crypto-ffi/src/wasm.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2421,7 +2421,6 @@ impl CoreCrypto {
/// see [core_crypto::mls::MlsCentral::e2ei_new_activation_enrollment]
pub fn e2ei_new_activation_enrollment(
&self,
client_id: String,
display_name: String,
handle: String,
team: Option<String>,
Expand All @@ -2434,14 +2433,7 @@ impl CoreCrypto {
async move {
let this = this.read().await;
let enrollment = this
.e2ei_new_activation_enrollment(
client_id.into_bytes().into(),
display_name,
handle,
team,
expiry_days,
ciphersuite.into(),
)
.e2ei_new_activation_enrollment(display_name, handle, team, expiry_days, ciphersuite.into())
.map(async_lock::RwLock::new)
.map(std::sync::Arc::new)
.map(E2eiEnrollment)
Expand All @@ -2458,7 +2450,6 @@ impl CoreCrypto {
/// see [core_crypto::mls::MlsCentral::e2ei_new_rotate_enrollment]
pub fn e2ei_new_rotate_enrollment(
&self,
client_id: String,
display_name: Option<String>,
handle: Option<String>,
team: Option<String>,
Expand All @@ -2471,14 +2462,7 @@ impl CoreCrypto {
async move {
let this = this.read().await;
let enrollment = this
.e2ei_new_rotate_enrollment(
client_id.into_bytes().into(),
display_name,
handle,
team,
expiry_days,
ciphersuite.into(),
)
.e2ei_new_rotate_enrollment(display_name, handle, team, expiry_days, ciphersuite.into())
.await
.map(async_lock::RwLock::new)
.map(std::sync::Arc::new)
Expand Down
21 changes: 4 additions & 17 deletions crypto/src/e2e_identity/rotate.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,11 @@ use openmls_traits::OpenMlsCryptoProvider;
use core_crypto_keystore::{entities::MlsKeyPackage, CryptoKeystoreMls};
use mls_crypto_provider::MlsCryptoProvider;

use crate::prelude::ConversationId;
use crate::{
mls::credential::{ext::CredentialExt, x509::CertificatePrivateKey, CredentialBundle},
prelude::{
CertificateBundle, Client, ClientId, CryptoError, CryptoResult, E2eIdentityError, E2eiEnrollment, MlsCentral,
MlsCiphersuite, MlsCommitBundle, MlsConversation, MlsCredentialType,
CertificateBundle, Client, ConversationId, CryptoError, CryptoResult, E2eIdentityError, E2eiEnrollment,
MlsCentral, MlsCiphersuite, MlsCommitBundle, MlsConversation, MlsCredentialType,
},
MlsError,
};
Expand Down Expand Up @@ -70,7 +69,6 @@ impl MlsCentral {
/// the rotation.
pub fn e2ei_new_activation_enrollment(
&self,
client_id: ClientId,
display_name: String,
handle: String,
team: Option<String>,
Expand All @@ -83,6 +81,7 @@ impl MlsCentral {
let cb = client
.find_most_recent_credential_bundle(ciphersuite.signature_algorithm(), MlsCredentialType::Basic)
.ok_or(E2eIdentityError::MissingExistingClient(MlsCredentialType::Basic))?;
let client_id = cb.credential().identity().into();

let sign_keypair = Some(cb.signature_key.clone().try_into()?);

Expand All @@ -107,7 +106,6 @@ impl MlsCentral {
/// if you need to. Once the enrollment is finished, use the instance in [MlsCentral::e2ei_rotate_all] to do the rotation.
pub async fn e2ei_new_rotate_enrollment(
&self,
client_id: ClientId,
display_name: Option<String>,
handle: Option<String>,
team: Option<String>,
Expand All @@ -120,6 +118,7 @@ impl MlsCentral {
let cb = client
.find_most_recent_credential_bundle(ciphersuite.signature_algorithm(), MlsCredentialType::X509)
.ok_or(E2eIdentityError::MissingExistingClient(MlsCredentialType::X509))?;
let client_id = cb.credential().identity().into();
let sign_keypair = Some(cb.signature_key.clone().try_into()?);
let existing_identity = cb
.credential()
Expand Down Expand Up @@ -335,11 +334,9 @@ pub mod tests {
fn init(wrapper: E2eiInitWrapper) -> InitFnReturn<'_> {
Box::pin(async move {
let E2eiInitWrapper { cc, case } = wrapper;
let cid = cc.get_client_id();
let cs = case.ciphersuite();
match case.credential_type {
MlsCredentialType::Basic => cc.e2ei_new_activation_enrollment(
cid,
NEW_DISPLAY_NAME.to_string(),
NEW_HANDLE.to_string(),
Some(TEAM.to_string()),
Expand All @@ -348,7 +345,6 @@ pub mod tests {
),
MlsCredentialType::X509 => {
cc.e2ei_new_rotate_enrollment(
cid,
Some(NEW_DISPLAY_NAME.to_string()),
Some(NEW_HANDLE.to_string()),
Some(TEAM.to_string()),
Expand Down Expand Up @@ -516,11 +512,9 @@ pub mod tests {
fn init(wrapper: E2eiInitWrapper) -> InitFnReturn<'_> {
Box::pin(async move {
let E2eiInitWrapper { cc, case } = wrapper;
let cid = cc.get_client_id();
let cs = case.ciphersuite();
match case.credential_type {
MlsCredentialType::Basic => cc.e2ei_new_activation_enrollment(
cid,
NEW_DISPLAY_NAME.to_string(),
NEW_HANDLE.to_string(),
Some(TEAM.to_string()),
Expand All @@ -529,7 +523,6 @@ pub mod tests {
),
MlsCredentialType::X509 => {
cc.e2ei_new_rotate_enrollment(
cid,
Some(NEW_DISPLAY_NAME.to_string()),
Some(NEW_HANDLE.to_string()),
Some(TEAM.to_string()),
Expand Down Expand Up @@ -633,11 +626,9 @@ pub mod tests {
fn init_alice(wrapper: E2eiInitWrapper) -> InitFnReturn<'_> {
Box::pin(async move {
let E2eiInitWrapper { cc, case } = wrapper;
let cid = cc.get_client_id();
let cs = case.ciphersuite();
match case.credential_type {
MlsCredentialType::Basic => cc.e2ei_new_activation_enrollment(
cid,
ALICE_NEW_DISPLAY_NAME.to_string(),
ALICE_NEW_HANDLE.to_string(),
Some(TEAM.to_string()),
Expand All @@ -646,7 +637,6 @@ pub mod tests {
),
MlsCredentialType::X509 => {
cc.e2ei_new_rotate_enrollment(
cid,
Some(ALICE_NEW_DISPLAY_NAME.to_string()),
Some(ALICE_NEW_HANDLE.to_string()),
Some(TEAM.to_string()),
Expand Down Expand Up @@ -687,11 +677,9 @@ pub mod tests {
fn init_bob(wrapper: E2eiInitWrapper) -> InitFnReturn<'_> {
Box::pin(async move {
let E2eiInitWrapper { cc, case } = wrapper;
let cid = cc.get_client_id();
let cs = case.ciphersuite();
match case.credential_type {
MlsCredentialType::Basic => cc.e2ei_new_activation_enrollment(
cid,
BOB_NEW_DISPLAY_NAME.to_string(),
BOB_NEW_HANDLE.to_string(),
Some(TEAM.to_string()),
Expand All @@ -700,7 +688,6 @@ pub mod tests {
),
MlsCredentialType::X509 => {
cc.e2ei_new_rotate_enrollment(
cid,
Some(BOB_NEW_DISPLAY_NAME.to_string()),
Some(BOB_NEW_HANDLE.to_string()),
Some(TEAM.to_string()),
Expand Down

0 comments on commit ec73673

Please sign in to comment.