feat(e2ei): use common function to register certificates

packages/core/src/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.ts

@@ -22,11 +22,13 @@ import {Decoder} from 'bazinga64';
 
 import {Ciphersuite, CoreCrypto, E2eiConversationState, WireIdentity, DeviceStatus} from '@wireapp/core-crypto';
 
+import {AcmeService} from './Connection';
 import {getE2EIClientId} from './Helper';
 import {E2EIStorage} from './Storage/E2EIStorage';
 
 import {ClientService} from '../../../client';
 import {parseFullQualifiedClientId} from '../../../util/fullyQualifiedClientIdUtils';
+import {LocalStorageStore} from '../../../util/LocalStorageStore';
 
 export type DeviceIdentity = Omit<WireIdentity, 'free' | 'status'> & {status?: DeviceStatus; deviceId: string};
 
@@ -125,4 +127,44 @@ export class E2EIServiceExternal {
     }
     return typeof client.mls_public_keys.ed25519 !== 'string' || client.mls_public_keys.ed25519.length === 0;
   }
+
+  private async registerLocalCertificateRoot(connection: AcmeService): Promise<string> {
+    const localCertificateRoot = await connection.getLocalCertificateRoot();
+    await this.coreCryptoClient.e2eiRegisterAcmeCA(localCertificateRoot);
+
+    return localCertificateRoot;
+  }
+
+  /**
+   * This function is used to register different server certificates in CoreCrypto.
+   *
+   * 1. Root Certificate: This is the root certificate of the server.
+   * - It must only be registered once.
+   * - It must be the first certificate to be registered. Nothing else will work
+   *
+   * 2. Intermediate Certificate: This is the intermediate certificate of the server. It must be updated every 24 hours.
+   * - It must be registered after the root certificate.
+   * - It must be updated every 24 hours.
+   *
+   * Both must be registered before the first enrollment.
+   *
+   * @param discoveryUrl
+   */
+  public async registerServerCertificates(discoveryUrl: string): Promise<void> {
+    const ROOT_CA_KEY = 'e2ei_root-received';
+    const store = LocalStorageStore(ROOT_CA_KEY);
+    const acmeService = new AcmeService(discoveryUrl);
+
+    // Register root certificate if not already registered
+    if (!store.has(ROOT_CA_KEY)) {
+      try {
+        await this.registerLocalCertificateRoot(acmeService);
+        store.add(ROOT_CA_KEY, 'true');
+      } catch (error) {
+        console.error('Failed to register root certificate', error);
+      }
+    }
+
+    // Register intermediate certificate and update it every 24 hours
+  }
 }

packages/core/src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts

@@ -104,9 +104,6 @@ class E2EIServiceInternal {
         );
       }
 
-      // Before we initialise the identity we need to register the local certificate root.
-      await this.registerLocalCertificateRoot(this.acmeService);
-
       await this.initIdentity(hasActiveCertificate);
       return this.startNewOAuthFlow();
     } catch (error) {
@@ -193,20 +190,6 @@ class E2EIServiceInternal {
     return undefined;
   }
 
-  private async registerLocalCertificateRoot(connection: AcmeService): Promise<string> {
-    try {
-      const localCertificateRoot = await connection.getLocalCertificateRoot();
-      await this.coreCryptoClient.e2eiRegisterAcmeCA(localCertificateRoot);
-
-      return localCertificateRoot;
-    } catch (error) {
-      //TODO: handle errors from corecrypto
-      //open question: how do we recover from these errors
-      this.logger.error('Error while trying to set a local certificate root', error);
-      throw error;
-    }
-  }
-
   private async getInitialNonce(directory: AcmeDirectory, connection: AcmeService): Promise<string> {
     try {
       const nonce = await connection.getInitialNonce(directory.newNonce);