From be9a613ff8b43431960e589d7805a0ba59239ef2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Wei=C3=9F?= Date: Wed, 17 Jan 2024 13:05:48 +0100 Subject: [PATCH] feat(e2ei): use common function to register certificates --- .../E2EIdentityService/E2EIServiceExternal.ts | 42 +++++++++++++++++++ .../E2EIdentityService/E2EIServiceInternal.ts | 17 -------- 2 files changed, 42 insertions(+), 17 deletions(-) diff --git a/packages/core/src/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.ts b/packages/core/src/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.ts index c9ce4230cd4..0c91e4801d5 100644 --- a/packages/core/src/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.ts +++ b/packages/core/src/messagingProtocols/mls/E2EIdentityService/E2EIServiceExternal.ts @@ -22,11 +22,13 @@ import {Decoder} from 'bazinga64'; import {Ciphersuite, CoreCrypto, E2eiConversationState, WireIdentity, DeviceStatus} from '@wireapp/core-crypto'; +import {AcmeService} from './Connection'; import {getE2EIClientId} from './Helper'; import {E2EIStorage} from './Storage/E2EIStorage'; import {ClientService} from '../../../client'; import {parseFullQualifiedClientId} from '../../../util/fullyQualifiedClientIdUtils'; +import {LocalStorageStore} from '../../../util/LocalStorageStore'; export type DeviceIdentity = Omit & {status?: DeviceStatus; deviceId: string}; @@ -125,4 +127,44 @@ export class E2EIServiceExternal { } return typeof client.mls_public_keys.ed25519 !== 'string' || client.mls_public_keys.ed25519.length === 0; } + + private async registerLocalCertificateRoot(connection: AcmeService): Promise { + const localCertificateRoot = await connection.getLocalCertificateRoot(); + await this.coreCryptoClient.e2eiRegisterAcmeCA(localCertificateRoot); + + return localCertificateRoot; + } + + /** + * This function is used to register different server certificates in CoreCrypto. + * + * 1. Root Certificate: This is the root certificate of the server. + * - It must only be registered once. + * - It must be the first certificate to be registered. Nothing else will work + * + * 2. Intermediate Certificate: This is the intermediate certificate of the server. It must be updated every 24 hours. + * - It must be registered after the root certificate. + * - It must be updated every 24 hours. + * + * Both must be registered before the first enrollment. + * + * @param discoveryUrl + */ + public async registerServerCertificates(discoveryUrl: string): Promise { + const ROOT_CA_KEY = 'e2ei_root-received'; + const store = LocalStorageStore(ROOT_CA_KEY); + const acmeService = new AcmeService(discoveryUrl); + + // Register root certificate if not already registered + if (!store.has(ROOT_CA_KEY)) { + try { + await this.registerLocalCertificateRoot(acmeService); + store.add(ROOT_CA_KEY, 'true'); + } catch (error) { + console.error('Failed to register root certificate', error); + } + } + + // Register intermediate certificate and update it every 24 hours + } } diff --git a/packages/core/src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts b/packages/core/src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts index 287afa79d48..9b81e548210 100644 --- a/packages/core/src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts +++ b/packages/core/src/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.ts @@ -104,9 +104,6 @@ class E2EIServiceInternal { ); } - // Before we initialise the identity we need to register the local certificate root. - await this.registerLocalCertificateRoot(this.acmeService); - await this.initIdentity(hasActiveCertificate); return this.startNewOAuthFlow(); } catch (error) { @@ -193,20 +190,6 @@ class E2EIServiceInternal { return undefined; } - private async registerLocalCertificateRoot(connection: AcmeService): Promise { - try { - const localCertificateRoot = await connection.getLocalCertificateRoot(); - await this.coreCryptoClient.e2eiRegisterAcmeCA(localCertificateRoot); - - return localCertificateRoot; - } catch (error) { - //TODO: handle errors from corecrypto - //open question: how do we recover from these errors - this.logger.error('Error while trying to set a local certificate root', error); - throw error; - } - } - private async getInitialNonce(directory: AcmeDirectory, connection: AcmeService): Promise { try { const nonce = await connection.getInitialNonce(directory.newNonce);