From 6fcf7bc5541256acc0a3da245ed638ff22ef4832 Mon Sep 17 00:00:00 2001
From: Mojtaba Chenani <chenani@outlook.com>
Date: Mon, 18 Dec 2023 09:01:49 +0100
Subject: [PATCH 1/4] chore(core-crypto): upgrade to RC 22

---
 .../com/wire/kalium/cryptography/MLSClientImpl.kt   |  2 --
 .../com.wire.kalium.cryptography/MLSClientImpl.kt   |  7 +------
 .../com/wire/kalium/cryptography/MLSClient.kt       |  2 --
 .../com/wire/kalium/cryptography/MLSClientImpl.kt   |  2 --
 gradle/libs.versions.toml                           |  2 +-
 .../kalium/logic/data/client/E2EIClientProvider.kt  | 10 ----------
 .../wire/kalium/logic/feature/UserSessionScope.kt   |  1 -
 .../kalium/logic/client/E2EIClientProviderTest.kt   | 13 ++++++-------
 8 files changed, 8 insertions(+), 31 deletions(-)

diff --git a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt
index 30f85ea0a6f..3ea821a111a 100644
--- a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt
+++ b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt
@@ -184,7 +184,6 @@ class MLSClientImpl(
     }
 
     override suspend fun e2eiNewActivationEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String,
         handle: String,
         teamId: String?
@@ -193,7 +192,6 @@ class MLSClientImpl(
     }
 
     override suspend fun e2eiNewRotateEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String?,
         handle: String?,
         teamId: String?
diff --git a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt
index 53557c21ff9..b5df375e93d 100644
--- a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt
+++ b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt
@@ -217,14 +217,12 @@ class MLSClientImpl(
     }
 
     override suspend fun e2eiNewActivationEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String,
         handle: String,
         teamId: String?
     ): E2EIClient {
         return E2EIClientImpl(
             coreCrypto.e2eiNewActivationEnrollment(
-                clientId.toString(),
                 displayName,
                 handle,
                 teamId,
@@ -235,14 +233,12 @@ class MLSClientImpl(
     }
 
     override suspend fun e2eiNewRotateEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String?,
         handle: String?,
         teamId: String?
     ): E2EIClient {
         return E2EIClientImpl(
             coreCrypto.e2eiNewRotateEnrollment(
-                clientId.toString(),
                 displayName,
                 handle,
                 teamId,
@@ -371,8 +367,7 @@ class MLSClientImpl(
 
         fun toE2EIConversationState(value: com.wire.crypto.E2eiConversationState) = when (value) {
             E2eiConversationState.VERIFIED -> E2EIConversationState.VERIFIED
-            // TODO: this value is wrong on CoreCrypto, it will be renamed to NOT_VERIFIED
-            E2eiConversationState.DEGRADED -> E2EIConversationState.NOT_VERIFIED
+            E2eiConversationState.NOT_VERIFIED -> E2EIConversationState.NOT_VERIFIED
             E2eiConversationState.NOT_ENABLED -> E2EIConversationState.NOT_ENABLED
         }
 
diff --git a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt
index eebc39e0076..837e6fd963d 100644
--- a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt
+++ b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt
@@ -305,7 +305,6 @@ interface MLSClient {
      * @return wire end to end identity client
      */
     suspend fun e2eiNewActivationEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String,
         handle: String,
         teamId: String?
@@ -317,7 +316,6 @@ interface MLSClient {
      * @return wire end to end identity client
      */
     suspend fun e2eiNewRotateEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String?,
         handle: String?,
         teamId: String?
diff --git a/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt b/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt
index e3355169897..fd4f2cd29b3 100644
--- a/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt
+++ b/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt
@@ -122,7 +122,6 @@ class MLSClientImpl : MLSClient {
     }
 
     override suspend fun e2eiNewActivationEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String,
         handle: String,
         teamId: String?
@@ -131,7 +130,6 @@ class MLSClientImpl : MLSClient {
     }
 
     override suspend fun e2eiNewRotateEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String?,
         handle: String?,
         teamId: String?
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 53260e7c4df..10feaf4b105 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -37,7 +37,7 @@ pbandk = "0.14.2"
 turbine = "1.0.0"
 avs = "9.6.3"
 jna = "5.13.0"
-core-crypto = "1.0.0-rc.21"
+core-crypto = "1.0.0-rc.22"
 core-crypto-multiplatform = "0.6.0-rc.3-multiplatform-pre1"
 completeKotlin = "1.1.0"
 desugar-jdk = "2.0.4"
diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt
index 1db3fa59833..e02b51e8457 100644
--- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt
+++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt
@@ -18,13 +18,10 @@
 
 package com.wire.kalium.logic.data.client
 
-import com.wire.kalium.cryptography.CryptoQualifiedClientId
-import com.wire.kalium.cryptography.CryptoQualifiedID
 import com.wire.kalium.cryptography.E2EIClient
 import com.wire.kalium.logic.CoreFailure
 import com.wire.kalium.logic.E2EIFailure
 import com.wire.kalium.logic.data.conversation.ClientId
-import com.wire.kalium.logic.data.user.UserId
 import com.wire.kalium.logic.data.user.UserRepository
 import com.wire.kalium.logic.data.id.CurrentClientIdProvider
 import com.wire.kalium.logic.data.user.SelfUser
@@ -41,7 +38,6 @@ interface E2EIClientProvider {
 }
 
 internal class EI2EIClientProviderImpl(
-    private val userId: UserId,
     private val currentClientIdProvider: CurrentClientIdProvider,
     private val mlsClientProvider: MLSClientProvider,
     private val userRepository: UserRepository,
@@ -54,10 +50,6 @@ internal class EI2EIClientProviderImpl(
         withContext(dispatchers.io) {
             val currentClientId =
                 clientId ?: currentClientIdProvider().fold({ return@withContext Either.Left(it) }, { it })
-            val e2eiClientId = CryptoQualifiedClientId(
-                currentClientId.value,
-                CryptoQualifiedID(value = userId.value, domain = userId.domain)
-            )
 
             return@withContext e2EIClient?.let {
                 Either.Right(it)
@@ -67,7 +59,6 @@ internal class EI2EIClientProviderImpl(
                         val newE2EIClient = if (it.isE2EIEnabled()) {
                             kaliumLogger.e("initial E2EI client for mls client that already has e2ei enabled")
                             it.e2eiNewRotateEnrollment(
-                                e2eiClientId,
                                 selfUser.name,
                                 selfUser.handle,
                                 selfUser.teamId.toString()
@@ -75,7 +66,6 @@ internal class EI2EIClientProviderImpl(
                         } else {
                             kaliumLogger.e("initial E2EI client for MLS client without e2ei")
                             it.e2eiNewActivationEnrollment(
-                                e2eiClientId,
                                 selfUser.name!!,
                                 selfUser.handle!!,
                                 selfUser.teamId.toString()
diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/UserSessionScope.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/UserSessionScope.kt
index 1a474891ecb..7a928511a97 100644
--- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/UserSessionScope.kt
+++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/UserSessionScope.kt
@@ -633,7 +633,6 @@ class UserSessionScope internal constructor(
 
     private val e2EIClientProvider: E2EIClientProvider by lazy {
         EI2EIClientProviderImpl(
-            userId = userId,
             currentClientIdProvider = clientIdProvider,
             mlsClientProvider = mlsClientProvider,
             userRepository = userRepository
diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/client/E2EIClientProviderTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/client/E2EIClientProviderTest.kt
index e9dd4999859..7f77aa913ad 100644
--- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/client/E2EIClientProviderTest.kt
+++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/client/E2EIClientProviderTest.kt
@@ -50,12 +50,12 @@ class E2EIClientProviderTest {
 
         verify(arrangement.mlsClient)
             .suspendFunction(arrangement.mlsClient::e2eiNewActivationEnrollment)
-            .with(any(), any(), any(), any())
+            .with(any(), any(), any())
             .wasInvoked(exactly = once)
 
         verify(arrangement.mlsClient)
             .suspendFunction(arrangement.mlsClient::e2eiNewRotateEnrollment)
-            .with(any(), any(), any(), any())
+            .with(any(), any(), any())
             .wasNotInvoked()
     }
 
@@ -82,12 +82,12 @@ class E2EIClientProviderTest {
 
         verify(arrangement.mlsClient)
             .suspendFunction(arrangement.mlsClient::e2eiNewRotateEnrollment)
-            .with(any(), any(), any(), any())
+            .with(any(), any(), any())
             .wasInvoked(exactly = once)
 
         verify(arrangement.mlsClient)
             .suspendFunction(arrangement.mlsClient::e2eiNewActivationEnrollment)
-            .with(any(), any(), any(), any())
+            .with(any(), any(), any())
             .wasNotInvoked()
     }
 
@@ -114,12 +114,12 @@ class E2EIClientProviderTest {
 
         verify(arrangement.mlsClient)
             .suspendFunction(arrangement.mlsClient::e2eiNewRotateEnrollment)
-            .with(any(), any(), any(), any())
+            .with(any(), any(), any())
             .wasNotInvoked()
 
         verify(arrangement.mlsClient)
             .suspendFunction(arrangement.mlsClient::e2eiNewActivationEnrollment)
-            .with(any(), any(), any(), any())
+            .with(any(), any(), any())
             .wasNotInvoked()
     }
 
@@ -130,7 +130,6 @@ class E2EIClientProviderTest {
         fun arrange(block: Arrangement.() -> Unit): Pair<Arrangement, E2EIClientProvider> {
             apply(block)
             e2eiClientProvider = EI2EIClientProviderImpl(
-                TestUser.USER_ID,
                 currentClientIdProvider,
                 mlsClientProvider,
                 userRepository

From 5e0d0f134fe3f4736ae165985dc6d8f7c6a17ab4 Mon Sep 17 00:00:00 2001
From: Mojtaba Chenani <chenani@outlook.com>
Date: Tue, 19 Dec 2023 09:54:45 +0100
Subject: [PATCH 2/4] chore: update oidc challenge functions to use corecrypto

---
 .../kalium/cryptography/BaseMLSClientTest.kt  |  6 +-
 .../kalium/cryptography/BaseMLSClientTest.kt  |  7 +-
 .../kalium/cryptography/E2EIClientImpl.kt     |  8 +-
 .../kalium/cryptography/BaseMLSClientTest.kt  |  6 +-
 .../CoreCryptoCentral.kt                      |  1 +
 .../E2EIClientImpl.kt                         | 12 ++-
 .../wire/kalium/cryptography/E2EIClient.kt    |  5 +-
 .../kalium/cryptography/BaseMLSClientTest.kt  |  2 +
 .../kalium/cryptography/E2EIClientTest.kt     | 21 +++--
 .../kalium/cryptography/E2EIClientImpl.kt     |  8 +-
 .../kalium/cryptography/BaseMLSClientTest.kt  |  3 +
 .../kalium/cryptography/BaseMLSClientTest.kt  |  6 +-
 .../logic/data/client/MLSClientProvider.kt    | 53 +++++++----
 .../kalium/logic/data/e2ei/E2EIRepository.kt  | 25 +++--
 .../feature/e2ei/usecase/EnrollE2EIUseCase.kt |  4 +-
 .../logic/data/e2ei/E2EIRepositoryTest.kt     | 14 +--
 .../e2ei/EnrollE2EICertificateUseCaseTest.kt  | 94 +++++++++++++++----
 .../provider/E2EIClientProviderArrangement.kt |  4 +-
 18 files changed, 203 insertions(+), 76 deletions(-)

diff --git a/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
index a63e5028e8a..8e66639491c 100644
--- a/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
+++ b/cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
@@ -23,9 +23,13 @@ import java.nio.file.Files
 actual open class BaseMLSClientTest {
 
     actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
+        return createCoreCrypto(clientId).mlsClient(clientId)
+    }
+
+    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
         val root = Files.createTempDirectory("mls").toFile()
         val keyStore = root.resolve("keystore-$clientId")
-        return coreCryptoCentral(keyStore.absolutePath, "test").mlsClient(clientId)
+        return coreCryptoCentral(keyStore.absolutePath, "test")
     }
 
 }
diff --git a/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
index 905f5a40d46..de26c0ec2ee 100644
--- a/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
+++ b/cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
@@ -21,10 +21,13 @@ package com.wire.kalium.cryptography
 import java.nio.file.Files
 
 actual open class BaseMLSClientTest {
-
     actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
+        return createCoreCrypto(clientId).mlsClient(clientId)
+    }
+
+    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
         val root = Files.createTempDirectory("mls").toFile()
         val keyStore = root.resolve("keystore-$clientId")
-        return coreCryptoCentral(keyStore.absolutePath, "test").mlsClient(clientId)
+        return coreCryptoCentral(keyStore.absolutePath, "test")
     }
 }
diff --git a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt
index ac0b8bf8ff6..7cb1d4fddb9 100644
--- a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt
+++ b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt
@@ -55,11 +55,15 @@ class E2EIClientImpl : E2EIClient {
         TODO("Not yet implemented")
     }
 
-    override suspend fun getNewOidcChallengeRequest(idToken: String, previousNonce: String): JsonRawData {
+    override suspend fun getNewOidcChallengeRequest(idToken: String, refreshToken: String, previousNonce: String): JsonRawData {
         TODO("Not yet implemented")
     }
 
-    override suspend fun setChallengeResponse(challenge: JsonRawData) {
+    override suspend fun setOIDCChallengeResponse(coreCrypto: CoreCryptoCentral, challenge: JsonRawData) {
+        TODO("Not yet implemented")
+    }
+
+    override suspend fun setDPoPChallengeResponse(challenge: JsonRawData) {
         TODO("Not yet implemented")
     }
 
diff --git a/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
index bf283e1723c..a804b6f3210 100644
--- a/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
+++ b/cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
@@ -25,9 +25,13 @@ import platform.Foundation.URLByAppendingPathComponent
 
 actual open class BaseMLSClientTest actual constructor() {
     actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
+        return createCoreCrypto(clientId).mlsClient(clientId)
+    }
+
+    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
         val rootDir = NSURL.fileURLWithPath(NSTemporaryDirectory() + "/mls", isDirectory = true)
         NSFileManager.defaultManager.createDirectoryAtURL(rootDir, true, null, null)
         val keyStore = rootDir.URLByAppendingPathComponent("keystore-$clientId")!!
-        return coreCryptoCentral(keyStore.path!!, "test").mlsClient(clientId)
+        return coreCryptoCentral(keyStore.path!!, "test")
     }
 }
diff --git a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt
index a2398b3d597..43c34d5f312 100644
--- a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt
+++ b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt
@@ -60,6 +60,7 @@ private class Callbacks : CoreCryptoCallbacks {
 }
 
 class CoreCryptoCentralImpl(private val cc: CoreCrypto, private val rootDir: String) : CoreCryptoCentral {
+    fun getCoreCrypto() = cc
 
     override suspend fun mlsClient(clientId: CryptoQualifiedClientId): MLSClient {
         cc.mlsInit(clientId.toString().encodeToByteArray(), Ciphersuites.DEFAULT.lower(), null)
diff --git a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt
index 333609914f2..47ead4cd616 100644
--- a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt
+++ b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt
@@ -54,11 +54,15 @@ class E2EIClientImpl(
     override suspend fun getNewDpopChallengeRequest(accessToken: String, previousNonce: String) =
         wireE2eIdentity.newDpopChallengeRequest(accessToken, previousNonce)
 
-    override suspend fun getNewOidcChallengeRequest(idToken: String, previousNonce: String) =
-        wireE2eIdentity.newOidcChallengeRequest(idToken, previousNonce)
+    override suspend fun getNewOidcChallengeRequest(idToken: String, refreshToken: String, previousNonce: String) =
+        wireE2eIdentity.newOidcChallengeRequest(idToken, refreshToken, previousNonce)
 
-    override suspend fun setChallengeResponse(challenge: JsonRawData) =
-        wireE2eIdentity.newChallengeResponse(challenge)
+    override suspend fun setOIDCChallengeResponse(coreCrypto: CoreCryptoCentral, challenge: JsonRawData) =
+        wireE2eIdentity.newOidcChallengeResponse((coreCrypto as CoreCryptoCentralImpl).getCoreCrypto(), challenge)
+
+    override suspend fun setDPoPChallengeResponse(challenge: JsonRawData) {
+        wireE2eIdentity.newDpopChallengeResponse(challenge)
+    }
 
     override suspend fun checkOrderRequest(orderUrl: String, previousNonce: String) =
         wireE2eIdentity.checkOrderRequest(orderUrl, previousNonce)
diff --git a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt
index 7e97ac3823d..38a61f31d3b 100644
--- a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt
+++ b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt
@@ -54,8 +54,9 @@ interface E2EIClient {
     suspend fun setAuthzResponse(authz: JsonRawData): NewAcmeAuthz
     suspend fun createDpopToken(backendNonce: String): DpopToken
     suspend fun getNewDpopChallengeRequest(accessToken: String, previousNonce: String): JsonRawData
-    suspend fun getNewOidcChallengeRequest(idToken: String, previousNonce: String): JsonRawData
-    suspend fun setChallengeResponse(challenge: JsonRawData)
+    suspend fun getNewOidcChallengeRequest(idToken: String, refreshToken: String, previousNonce: String): JsonRawData
+    suspend fun setOIDCChallengeResponse(coreCrypto: CoreCryptoCentral, challenge: JsonRawData)
+    suspend fun setDPoPChallengeResponse(challenge: JsonRawData)
     suspend fun checkOrderRequest(orderUrl: String, previousNonce: String): JsonRawData
     suspend fun checkOrderResponse(order: JsonRawData): String
     suspend fun finalizeRequest(previousNonce: String): JsonRawData
diff --git a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
index e1f08180dee..65fce7147cb 100644
--- a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
+++ b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
@@ -22,4 +22,6 @@ expect open class BaseMLSClientTest() {
 
     suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient
 
+    suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral
+
 }
diff --git a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/E2EIClientTest.kt b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/E2EIClientTest.kt
index e3188c2299f..91f35e9b591 100644
--- a/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/E2EIClientTest.kt
+++ b/cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/E2EIClientTest.kt
@@ -103,46 +103,52 @@ class E2EIClientTest : BaseMLSClientTest() {
         e2eiClient.setOrderResponse(NEW_ORDER_API_RESPONSE)
         e2eiClient.setAuthzResponse(AUTHZ_API_RESPONSE)
         e2eiClient.createDpopToken(NONCE)
-        assertTrue(e2eiClient.getNewOidcChallengeRequest(OAUTH_ID_TOKEN, NONCE).isNotEmpty())
+        assertTrue(e2eiClient.getNewOidcChallengeRequest(OAUTH_ID_TOKEN, REFRESH_TOKEN, NONCE).isNotEmpty())
     }
 
     @Test
     fun givenClient_whenCallingCheckOrderRequest_ReturnNonEmptyResult() = runTest {
+        val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId)
         val e2eiClient = createE2EIClient(ALICE1)
         e2eiClient.directoryResponse(ACME_DIRECTORY_API_RESPONSE)
         e2eiClient.setAccountResponse(NEW_ACCOUNT_API_RESPONSE)
         e2eiClient.setOrderResponse(NEW_ORDER_API_RESPONSE)
         e2eiClient.setAuthzResponse(AUTHZ_API_RESPONSE)
         e2eiClient.createDpopToken(NONCE)
-        e2eiClient.setChallengeResponse(DPOP_CHALLENGE_RESPONSE)
-        e2eiClient.setChallengeResponse(OIDC_CHALLENGE_RESPONSE)
+        e2eiClient.setDPoPChallengeResponse(DPOP_CHALLENGE_RESPONSE)
+        e2eiClient.getNewOidcChallengeRequest(OAUTH_ID_TOKEN, REFRESH_TOKEN, NONCE)
+        e2eiClient.setOIDCChallengeResponse(coreCryptoCentral, OIDC_CHALLENGE_RESPONSE)
         assertTrue(e2eiClient.checkOrderRequest(FINALIZE_ORDER_URL, NONCE).isNotEmpty())
     }
 
     @Test
     fun givenClient_whenCallingFinalizeRequest_ReturnNonEmptyResult() = runTest {
+        val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId)
         val e2eiClient = createE2EIClient(ALICE1)
         e2eiClient.directoryResponse(ACME_DIRECTORY_API_RESPONSE)
         e2eiClient.setAccountResponse(NEW_ACCOUNT_API_RESPONSE)
         e2eiClient.setOrderResponse(NEW_ORDER_API_RESPONSE)
         e2eiClient.setAuthzResponse(AUTHZ_API_RESPONSE)
         e2eiClient.createDpopToken(NONCE)
-        e2eiClient.setChallengeResponse(DPOP_CHALLENGE_RESPONSE)
-        e2eiClient.setChallengeResponse(OIDC_CHALLENGE_RESPONSE)
+        e2eiClient.setDPoPChallengeResponse(DPOP_CHALLENGE_RESPONSE)
+        e2eiClient.getNewOidcChallengeRequest(OAUTH_ID_TOKEN, REFRESH_TOKEN, NONCE)
+        e2eiClient.setOIDCChallengeResponse(coreCryptoCentral, OIDC_CHALLENGE_RESPONSE)
         e2eiClient.checkOrderResponse(ORDER_RESPONSE)
         assertTrue(e2eiClient.finalizeRequest(NONCE).isNotEmpty())
     }
 
     @Test
     fun givenClient_whenCallingCertificateRequest_ReturnNonEmptyResult() = runTest {
+        val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId)
         val e2eiClient = createE2EIClient(ALICE1)
         e2eiClient.directoryResponse(ACME_DIRECTORY_API_RESPONSE)
         e2eiClient.setAccountResponse(NEW_ACCOUNT_API_RESPONSE)
         e2eiClient.setOrderResponse(NEW_ORDER_API_RESPONSE)
         e2eiClient.setAuthzResponse(AUTHZ_API_RESPONSE)
         e2eiClient.createDpopToken(NONCE)
-        e2eiClient.setChallengeResponse(DPOP_CHALLENGE_RESPONSE)
-        e2eiClient.setChallengeResponse(OIDC_CHALLENGE_RESPONSE)
+        e2eiClient.setDPoPChallengeResponse(DPOP_CHALLENGE_RESPONSE)
+        e2eiClient.getNewOidcChallengeRequest(OAUTH_ID_TOKEN, REFRESH_TOKEN, NONCE)
+        e2eiClient.setOIDCChallengeResponse(coreCryptoCentral, OIDC_CHALLENGE_RESPONSE)
         e2eiClient.checkOrderResponse(ORDER_RESPONSE)
         e2eiClient.finalizeResponse(FINALIZE_RESPONSE)
         assertTrue(e2eiClient.certificateRequest(NONCE).isNotEmpty())
@@ -169,6 +175,7 @@ class E2EIClientTest : BaseMLSClientTest() {
             """.toByteArray()
 
         val NONCE = "TGR6Rk45RlR2WDlzanMxWEpYd21YaFR0SkZBYTNzUWk"
+        val REFRESH_TOKEN = "YRjxLpsjRqL7zYuKstXogqioA_P3Z4fiEuga0NCVRcDSc8cy_9msxg"
 
         val NEW_ACCOUNT_API_RESPONSE = """
             {
diff --git a/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt b/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt
index 6a29e06b4ee..af9178080a9 100644
--- a/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt
+++ b/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt
@@ -55,11 +55,15 @@ class E2EIClientImpl : E2EIClient {
         TODO("Not yet implemented")
     }
 
-    override suspend fun getNewOidcChallengeRequest(idToken: String, previousNonce: String): JsonRawData {
+    override suspend fun getNewOidcChallengeRequest(idToken: String, refreshToken: String, previousNonce: String): JsonRawData {
         TODO("Not yet implemented")
     }
 
-    override suspend fun setChallengeResponse(challenge: JsonRawData) {
+    override suspend fun setOIDCChallengeResponse(coreCrypto: CoreCryptoCentral, challenge: JsonRawData) {
+        TODO("Not yet implemented")
+    }
+
+    override suspend fun setDPoPChallengeResponse(challenge: JsonRawData) {
         TODO("Not yet implemented")
     }
 
diff --git a/cryptography/src/jsTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/jsTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
index d2a0fbb545c..6b02c72eba4 100644
--- a/cryptography/src/jsTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
+++ b/cryptography/src/jsTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
@@ -23,4 +23,7 @@ actual open class BaseMLSClientTest actual constructor() {
         TODO("Not yet implemented")
     }
 
+    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId):CoreCryptoCentral {
+        TODO("Not yet implemented")
+    }
 }
diff --git a/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt b/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
index 905f5a40d46..6acd5c35113 100644
--- a/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
+++ b/cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt
@@ -23,8 +23,12 @@ import java.nio.file.Files
 actual open class BaseMLSClientTest {
 
     actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
+        return createCoreCrypto(clientId).mlsClient(clientId)
+    }
+
+    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
         val root = Files.createTempDirectory("mls").toFile()
         val keyStore = root.resolve("keystore-$clientId")
-        return coreCryptoCentral(keyStore.absolutePath, "test").mlsClient(clientId)
+        return coreCryptoCentral(keyStore.absolutePath, "test")
     }
 }
diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/MLSClientProvider.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/MLSClientProvider.kt
index aeab5e02418..3add337d865 100644
--- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/MLSClientProvider.kt
+++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/MLSClientProvider.kt
@@ -18,10 +18,10 @@
 
 package com.wire.kalium.logic.data.client
 
+import com.wire.kalium.cryptography.CoreCryptoCentral
 import com.wire.kalium.cryptography.CryptoQualifiedClientId
 import com.wire.kalium.cryptography.CryptoUserID
 import com.wire.kalium.cryptography.MLSClient
-import com.wire.kalium.cryptography.MlsDBSecret
 import com.wire.kalium.cryptography.coreCryptoCentral
 import com.wire.kalium.logic.CoreFailure
 import com.wire.kalium.logic.data.conversation.ClientId
@@ -29,6 +29,7 @@ import com.wire.kalium.logic.data.user.UserId
 import com.wire.kalium.logic.data.id.CurrentClientIdProvider
 import com.wire.kalium.logic.functional.Either
 import com.wire.kalium.logic.functional.fold
+import com.wire.kalium.logic.functional.map
 import com.wire.kalium.logic.util.SecurityHelperImpl
 import com.wire.kalium.persistence.dbPassphrase.PassphraseStorage
 import com.wire.kalium.util.FileUtil
@@ -39,6 +40,8 @@ import kotlinx.coroutines.withContext
 interface MLSClientProvider {
     suspend fun getMLSClient(clientId: ClientId? = null): Either<CoreFailure, MLSClient>
 
+    suspend fun getCoreCrypto(clientId: ClientId? = null): Either<CoreFailure, CoreCryptoCentral>
+
     suspend fun clearLocalFiles()
 }
 
@@ -51,27 +54,22 @@ class MLSClientProviderImpl(
 ) : MLSClientProvider {
 
     private var mlsClient: MLSClient? = null
+    private var coreCryptoCentral: CoreCryptoCentral? = null
 
     override suspend fun getMLSClient(clientId: ClientId?): Either<CoreFailure, MLSClient> = withContext(dispatchers.io) {
         val currentClientId = clientId ?: currentClientIdProvider().fold({ return@withContext Either.Left(it) }, { it })
         val cryptoUserId = CryptoUserID(value = userId.value, domain = userId.domain)
 
-        val location = "$rootKeyStorePath/${currentClientId.value}".also {
-            // TODO: migrate to okio solution once assert refactor is merged
-            FileUtil.mkDirs(it)
-        }
-
         return@withContext mlsClient?.let {
             Either.Right(it)
         } ?: run {
-            val newClient = mlsClient(
+            mlsClient(
                 cryptoUserId,
-                currentClientId,
-                location,
-                SecurityHelperImpl(passphraseStorage).mlsDBSecret(userId)
-            )
-            mlsClient = newClient
-            Either.Right(newClient)
+                currentClientId
+            ).map {
+                mlsClient = it
+                return@run Either.Right(it)
+            }
         }
     }
 
@@ -81,11 +79,30 @@ class MLSClientProviderImpl(
         FileUtil.deleteDirectory(rootKeyStorePath)
     }
 
-    private suspend fun mlsClient(userId: CryptoUserID, clientId: ClientId, location: String, passphrase: MlsDBSecret): MLSClient {
-        return coreCryptoCentral(
-            rootDir = "$location/$KEYSTORE_NAME",
-            databaseKey = passphrase.value
-        ).mlsClient(CryptoQualifiedClientId(clientId.value, userId))
+    override suspend fun getCoreCrypto(clientId: ClientId?) = withContext(dispatchers.io) {
+        val currentClientId = clientId ?: currentClientIdProvider().fold({ return@withContext Either.Left(it) }, { it })
+
+        val location = "$rootKeyStorePath/${currentClientId.value}".also {
+            // TODO: migrate to okio solution once assert refactor is merged
+            FileUtil.mkDirs(it)
+        }
+        val passphrase = SecurityHelperImpl(passphraseStorage).mlsDBSecret(userId).value
+        return@withContext coreCryptoCentral?.let {
+            Either.Right(it)
+        } ?: run {
+            val cc = coreCryptoCentral(
+                rootDir = "$location/$KEYSTORE_NAME",
+                databaseKey = passphrase
+            )
+            coreCryptoCentral = cc
+            Either.Right(cc)
+        }
+    }
+
+    private suspend fun mlsClient(userId: CryptoUserID, clientId: ClientId): Either<CoreFailure, MLSClient> {
+        return getCoreCrypto(clientId).map {
+            it.mlsClient(CryptoQualifiedClientId(clientId.value, userId))
+        }
     }
 
     private companion object {
diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt
index 4dcdfd2e53a..ccd674322d9 100644
--- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt
+++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt
@@ -55,9 +55,10 @@ interface E2EIRepository {
     suspend fun getDPoPToken(wireNonce: String): Either<CoreFailure, String>
     suspend fun validateDPoPChallenge(accessToken: String, prevNonce: String, acmeChallenge: AcmeChallenge):
             Either<CoreFailure, ChallengeResponse>
-    suspend fun validateOIDCChallenge(idToken: String, prevNonce: String, acmeChallenge: AcmeChallenge):
+    suspend fun validateOIDCChallenge(idToken: String, refreshToken: String, prevNonce: String, acmeChallenge: AcmeChallenge):
             Either<CoreFailure, ChallengeResponse>
-    suspend fun validateChallenge(challengeResponse: ChallengeResponse): Either<CoreFailure, Unit>
+    suspend fun setDPoPChallengeResponse(challengeResponse: ChallengeResponse): Either<CoreFailure, Unit>
+    suspend fun setOIDCChallengeResponse(challengeResponse: ChallengeResponse): Either<CoreFailure, Unit>
     suspend fun finalize(location: String, prevNonce: String): Either<CoreFailure, Pair<ACMEResponse, String>>
     suspend fun checkOrderRequest(location: String, prevNonce: String): Either<CoreFailure, Pair<ACMEResponse, String>>
     suspend fun certificateRequest(location: String, prevNonce: String): Either<CoreFailure, ACMEResponse>
@@ -146,28 +147,36 @@ class E2EIRepositoryImpl(
             wrapApiRequest {
                 acmeApi.sendChallengeRequest(acmeChallenge.url, challengeRequest)
             }.map { apiResponse ->
-                validateChallenge(apiResponse)
+                setDPoPChallengeResponse(apiResponse)
                 apiResponse
             }
         }
 
-    override suspend fun validateOIDCChallenge(idToken: String, prevNonce: String, acmeChallenge: AcmeChallenge) =
+    override suspend fun validateOIDCChallenge(idToken: String, refreshToken: String, prevNonce: String, acmeChallenge: AcmeChallenge) =
         e2EIClientProvider.getE2EIClient().flatMap { e2eiClient ->
-            val challengeRequest = e2eiClient.getNewOidcChallengeRequest(idToken, prevNonce)
+            val challengeRequest = e2eiClient.getNewOidcChallengeRequest(idToken, refreshToken, prevNonce)
             wrapApiRequest {
                 acmeApi.sendChallengeRequest(acmeChallenge.url, challengeRequest)
             }.map { apiResponse ->
-                validateChallenge(apiResponse)
+                setOIDCChallengeResponse(apiResponse)
                 apiResponse
             }
         }
 
-    override suspend fun validateChallenge(challengeResponse: ChallengeResponse) =
+    override suspend fun setDPoPChallengeResponse(challengeResponse: ChallengeResponse) =
         e2EIClientProvider.getE2EIClient().flatMap { e2eiClient ->
-            e2eiClient.setChallengeResponse(Json.encodeToString(challengeResponse).encodeToByteArray())
+            e2eiClient.setDPoPChallengeResponse(Json.encodeToString(challengeResponse).encodeToByteArray())
             Either.Right(Unit)
         }
 
+    override suspend fun setOIDCChallengeResponse(challengeResponse: ChallengeResponse) =
+        mlsClientProvider.getCoreCrypto().flatMap { coreCrypto ->
+            e2EIClientProvider.getE2EIClient().flatMap { e2eiClient ->
+                e2eiClient.setOIDCChallengeResponse(coreCrypto, Json.encodeToString(challengeResponse).encodeToByteArray())
+                Either.Right(Unit)
+            }
+        }
+
     override suspend fun checkOrderRequest(location: String, prevNonce: String) =
         e2EIClientProvider.getE2EIClient().flatMap { e2eiClient ->
             val checkOrderRequest = e2eiClient.checkOrderRequest(location, prevNonce)
diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt
index d8bd6598dd2..d2a34782f83 100644
--- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt
+++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt
@@ -33,6 +33,7 @@ interface EnrollE2EIUseCase {
     suspend fun initialEnrollment(): Either<CoreFailure, E2EIEnrollmentResult>
     suspend fun finalizeEnrollment(
         idToken: String,
+        refreshToken: String?,
         initializationResult: E2EIEnrollmentResult.Initialized
     ): Either<E2EIFailure, E2EIEnrollmentResult>
 }
@@ -90,6 +91,7 @@ class EnrollE2EIUseCaseImpl internal constructor(
      */
     override suspend fun finalizeEnrollment(
         idToken: String,
+        refreshToken: String?,
         initializationResult: E2EIEnrollmentResult.Initialized
     ): Either<E2EIFailure, E2EIEnrollmentResult> {
 
@@ -118,7 +120,7 @@ class EnrollE2EIUseCaseImpl internal constructor(
         prevNonce = dpopChallengeResponse.nonce
 
         val oidcChallengeResponse = e2EIRepository.validateOIDCChallenge(
-            idToken, prevNonce, authz.wireOidcChallenge!!
+            idToken, refreshToken ?: "", prevNonce, authz.wireOidcChallenge!!
         ).getOrFail {
             return E2EIEnrollmentResult.Failed(E2EIEnrollmentResult.E2EIStep.OIDCChallenge, it).toEitherLeft()
         }
diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt
index 6792c526163..45a69e9624b 100644
--- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt
+++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt
@@ -31,6 +31,7 @@ import com.wire.kalium.logic.data.e2ei.E2EIRepositoryTest.Arrangement.Companion.
 import com.wire.kalium.logic.data.e2ei.E2EIRepositoryTest.Arrangement.Companion.RANDOM_ID_TOKEN
 import com.wire.kalium.logic.data.e2ei.E2EIRepositoryTest.Arrangement.Companion.RANDOM_NONCE
 import com.wire.kalium.logic.data.e2ei.E2EIRepositoryTest.Arrangement.Companion.RANDOM_URL
+import com.wire.kalium.logic.data.e2ei.E2EIRepositoryTest.Arrangement.Companion.REFRESH_TOKEN
 import com.wire.kalium.logic.data.e2ei.E2EIRepositoryTest.Arrangement.Companion.TEST_FAILURE
 import com.wire.kalium.logic.data.id.CurrentClientIdProvider
 import com.wire.kalium.logic.framework.TestClient
@@ -375,7 +376,7 @@ class E2EIRepositoryTest {
             .wasInvoked(once)
 
         verify(arrangement.e2eiClient)
-            .function(arrangement.e2eiClient::setChallengeResponse)
+            .function(arrangement.e2eiClient::setOIDCChallengeResponse)
             .with(anyInstanceOf(ByteArray::class))
             .wasInvoked(once)
     }
@@ -407,7 +408,7 @@ class E2EIRepositoryTest {
             .wasInvoked(once)
 
         verify(arrangement.e2eiClient)
-            .function(arrangement.e2eiClient::setChallengeResponse)
+            .function(arrangement.e2eiClient::setOIDCChallengeResponse)
             .with(anyInstanceOf(ByteArray::class))
             .wasNotInvoked()
     }
@@ -423,7 +424,7 @@ class E2EIRepositoryTest {
             .arrange()
 
         // When
-        val result = e2eiRepository.validateOIDCChallenge(RANDOM_ID_TOKEN, RANDOM_NONCE, ACME_CHALLENGE)
+        val result = e2eiRepository.validateOIDCChallenge(RANDOM_ID_TOKEN, REFRESH_TOKEN, RANDOM_NONCE, ACME_CHALLENGE)
 
         // Then
         result.shouldSucceed()
@@ -439,7 +440,7 @@ class E2EIRepositoryTest {
             .wasInvoked(once)
 
         verify(arrangement.e2eiClient)
-            .function(arrangement.e2eiClient::setChallengeResponse)
+            .function(arrangement.e2eiClient::setOIDCChallengeResponse)
             .with(anyInstanceOf(ByteArray::class))
             .wasInvoked(once)
     }
@@ -455,7 +456,7 @@ class E2EIRepositoryTest {
             .arrange()
 
         // When
-        val result = e2eiRepository.validateOIDCChallenge(RANDOM_ID_TOKEN, RANDOM_NONCE, ACME_CHALLENGE)
+        val result = e2eiRepository.validateOIDCChallenge(RANDOM_ID_TOKEN, REFRESH_TOKEN, RANDOM_NONCE, ACME_CHALLENGE)
 
         // Then
         result.shouldFail()
@@ -471,7 +472,7 @@ class E2EIRepositoryTest {
             .wasInvoked(once)
 
         verify(arrangement.e2eiClient)
-            .function(arrangement.e2eiClient::setChallengeResponse)
+            .function(arrangement.e2eiClient::setOIDCChallengeResponse)
             .with(anyInstanceOf(ByteArray::class))
             .wasNotInvoked()
     }
@@ -935,6 +936,7 @@ class E2EIRepositoryTest {
             val INVALID_REQUEST_ERROR = KaliumException.InvalidRequestError(ErrorResponse(405, "", ""))
             val RANDOM_BYTE_ARRAY = "random-value".encodeToByteArray()
             val RANDOM_NONCE = "xxxxx"
+            val REFRESH_TOKEN = "YRjxLpsjRqL7zYuKstXogqioA_P3Z4fiEuga0NCVRcDSc8cy_9msxg"
             val RANDOM_ACCESS_TOKEN = "xxxxx"
             val RANDOM_ID_TOKEN = "xxxxx"
             val RANDOM_URL = "https://random.rn"
diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt
index 0d12282b8fb..c60cc26355a 100644
--- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt
+++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt
@@ -92,7 +92,11 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with()
+            .wasNotInvoked()
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -171,7 +175,11 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with()
+            .wasNotInvoked()
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -252,7 +260,11 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with()
+            .wasNotInvoked()
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -335,7 +347,11 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with()
+            .wasNotInvoked()
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -420,7 +436,11 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with()
+            .wasNotInvoked()
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -482,7 +502,11 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with()
+            .wasNotInvoked()
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -547,7 +571,11 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with()
+            .wasNotInvoked()
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -613,7 +641,11 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with()
+            .wasNotInvoked()
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -681,7 +713,11 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with()
+            .wasNotInvoked()
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -750,10 +786,13 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with(any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
-
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with()
+            .wasNotInvoked()
         verify(arrangement.e2EIRepository)
             .function(arrangement.e2EIRepository::checkOrderRequest)
             .with()
@@ -821,10 +860,13 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with(any<String>(), any<String>(), any<AcmeChallenge>())
+            .wasInvoked(exactly = once)
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with(any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
-
         verify(arrangement.e2EIRepository)
             .function(arrangement.e2EIRepository::checkOrderRequest)
             .with(any<String>(), any<String>())
@@ -895,15 +937,17 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with(any<String>(), any<String>(), any<AcmeChallenge>())
+            .wasInvoked(exactly = once)
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with(any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
-
         verify(arrangement.e2EIRepository)
             .function(arrangement.e2EIRepository::checkOrderRequest)
             .with(any<String>(), any<String>())
             .wasInvoked(exactly = once)
-
         verify(arrangement.e2EIRepository)
             .function(arrangement.e2EIRepository::finalize)
             .with(any<String>(), any<String>())
@@ -964,7 +1008,11 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with(any<String>(), any<String>(), any<AcmeChallenge>())
+            .wasInvoked(exactly = once)
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with(any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
 
@@ -1032,7 +1080,11 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with(any<String>(), any<String>(), any<AcmeChallenge>())
+            .wasInvoked(exactly = once)
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with(any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
 
@@ -1101,7 +1153,11 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
+            .with(any<String>(), any<String>(), any<AcmeChallenge>())
+            .wasInvoked(exactly = once)
+        verify(arrangement.e2EIRepository)
+            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
             .with(any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
 
diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/util/arrangement/provider/E2EIClientProviderArrangement.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/util/arrangement/provider/E2EIClientProviderArrangement.kt
index 25bfb34685f..c7186b2f3d7 100644
--- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/util/arrangement/provider/E2EIClientProviderArrangement.kt
+++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/util/arrangement/provider/E2EIClientProviderArrangement.kt
@@ -74,13 +74,13 @@ class E2EIClientProviderArrangementImpl : E2EIClientProviderArrangement {
     override fun withE2EINewActivationEnrollmentSuccessful() {
         given(mlsClient)
             .suspendFunction(mlsClient::e2eiNewActivationEnrollment)
-            .whenInvokedWith(anything(), anything(), anything(), anything())
+            .whenInvokedWith(anything(), anything(), anything())
             .thenReturn(e2eiClient)
     }
     override fun withE2EINewRotationEnrollmentSuccessful() {
         given(mlsClient)
             .suspendFunction(mlsClient::e2eiNewRotateEnrollment)
-            .whenInvokedWith(anything(), anything(), anything(), anything())
+            .whenInvokedWith(anything(), anything(), anything())
             .thenReturn(e2eiClient)
     }
 

From 07d175feb32e49121209d4d4c64816720dba7e82 Mon Sep 17 00:00:00 2001
From: Mojtaba Chenani <chenani@outlook.com>
Date: Tue, 19 Dec 2023 16:41:24 +0100
Subject: [PATCH 3/4] fix tests

---
 .../e2ei/EnrollE2EICertificateUseCaseTest.kt  | 130 ++++--------------
 1 file changed, 28 insertions(+), 102 deletions(-)

diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt
index c60cc26355a..61a2753a28d 100644
--- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt
+++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt
@@ -92,11 +92,7 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with()
-            .wasNotInvoked()
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -175,11 +171,7 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with()
-            .wasNotInvoked()
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -260,11 +252,7 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with()
-            .wasNotInvoked()
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -347,11 +335,7 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with()
-            .wasNotInvoked()
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -436,11 +420,7 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with()
-            .wasNotInvoked()
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -478,7 +458,7 @@ class EnrollE2EICertificateUseCaseTest {
         arrangement.withGetWireNonceResulting(TEST_EITHER_LEFT)
 
         // when
-        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, INITIALIZATION_RESULT)
+        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT)
 
         // then
         result.shouldFail()
@@ -502,11 +482,7 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with()
-            .wasNotInvoked()
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -545,7 +521,7 @@ class EnrollE2EICertificateUseCaseTest {
         arrangement.withGetDPoPTokenResulting(TEST_EITHER_LEFT)
 
         // when
-        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, INITIALIZATION_RESULT)
+        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT)
 
         // then
         result.shouldFail()
@@ -571,11 +547,7 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with()
-            .wasNotInvoked()
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -615,7 +587,7 @@ class EnrollE2EICertificateUseCaseTest {
         arrangement.withGetWireAccessTokenResulting(TEST_EITHER_LEFT)
 
         // when
-        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, INITIALIZATION_RESULT)
+        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT)
 
         // then
         result.shouldFail()
@@ -641,11 +613,7 @@ class EnrollE2EICertificateUseCaseTest {
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with()
-            .wasNotInvoked()
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -686,7 +654,7 @@ class EnrollE2EICertificateUseCaseTest {
         arrangement.withValidateDPoPChallengeResulting(TEST_EITHER_LEFT)
 
         // when
-        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, INITIALIZATION_RESULT)
+        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT)
 
         // then
         result.shouldFail()
@@ -713,11 +681,7 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with()
-            .wasNotInvoked()
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
             .with()
             .wasNotInvoked()
         verify(arrangement.e2EIRepository)
@@ -759,7 +723,7 @@ class EnrollE2EICertificateUseCaseTest {
         arrangement.withValidateOIDCChallengeResulting(TEST_EITHER_LEFT)
 
         // when
-        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, INITIALIZATION_RESULT)
+        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT)
 
         // then
         result.shouldFail()
@@ -784,19 +748,10 @@ class EnrollE2EICertificateUseCaseTest {
             .function(arrangement.e2EIRepository::validateDPoPChallenge)
             .with(any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
-
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .with(any<String>(), any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with()
-            .wasNotInvoked()
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::checkOrderRequest)
-            .with()
-            .wasNotInvoked()
         verify(arrangement.e2EIRepository)
             .function(arrangement.e2EIRepository::checkOrderRequest)
             .with()
@@ -833,7 +788,7 @@ class EnrollE2EICertificateUseCaseTest {
         arrangement.withCheckOrderRequestResulting(TEST_EITHER_LEFT)
 
         // when
-        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, INITIALIZATION_RESULT)
+        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT)
 
         // then
         result.shouldFail()
@@ -858,15 +813,6 @@ class EnrollE2EICertificateUseCaseTest {
             .function(arrangement.e2EIRepository::validateDPoPChallenge)
             .with(any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
-
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
-            .wasInvoked(exactly = once)
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
-            .wasInvoked(exactly = once)
         verify(arrangement.e2EIRepository)
             .function(arrangement.e2EIRepository::checkOrderRequest)
             .with(any<String>(), any<String>())
@@ -910,7 +856,7 @@ class EnrollE2EICertificateUseCaseTest {
         arrangement.withFinalizeResulting(TEST_EITHER_LEFT)
 
         // when
-        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, INITIALIZATION_RESULT)
+        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT)
 
         // then
         result.shouldFail()
@@ -935,15 +881,6 @@ class EnrollE2EICertificateUseCaseTest {
             .function(arrangement.e2EIRepository::validateDPoPChallenge)
             .with(any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
-
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
-            .wasInvoked(exactly = once)
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
-            .wasInvoked(exactly = once)
         verify(arrangement.e2EIRepository)
             .function(arrangement.e2EIRepository::checkOrderRequest)
             .with(any<String>(), any<String>())
@@ -981,7 +918,7 @@ class EnrollE2EICertificateUseCaseTest {
         arrangement.withRotateKeysAndMigrateConversations(TEST_EITHER_LEFT)
 
         // when
-        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, INITIALIZATION_RESULT)
+        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT)
 
         // then
         result.shouldFail()
@@ -1008,12 +945,8 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
-            .wasInvoked(exactly = once)
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .with(any<String>(), any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
@@ -1053,7 +986,7 @@ class EnrollE2EICertificateUseCaseTest {
         arrangement.withCertificateRequestResulting(TEST_EITHER_LEFT)
 
         // when
-        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, INITIALIZATION_RESULT)
+        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT)
 
         // then
         result.shouldFail()
@@ -1080,12 +1013,8 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
-            .wasInvoked(exactly = once)
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .with(any<String>(), any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
@@ -1126,7 +1055,7 @@ class EnrollE2EICertificateUseCaseTest {
         arrangement.withRotateKeysAndMigrateConversations(Either.Right(Unit))
 
         // when
-        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, INITIALIZATION_RESULT)
+        val result = enrollE2EICertificateUseCase.finalizeEnrollment(RANDOM_ID_TOKEN, REFRESH_TOKEN, INITIALIZATION_RESULT)
 
         // then
         result.shouldSucceed()
@@ -1153,12 +1082,8 @@ class EnrollE2EICertificateUseCaseTest {
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setOIDCChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
-            .wasInvoked(exactly = once)
-        verify(arrangement.e2EIRepository)
-            .function(arrangement.e2EIRepository::setDPoPChallengeResponse)
-            .with(any<String>(), any<String>(), any<AcmeChallenge>())
+            .function(arrangement.e2EIRepository::validateOIDCChallenge)
+            .with(any<String>(), any<String>(), any<String>(), any<AcmeChallenge>())
             .wasInvoked(exactly = once)
 
         verify(arrangement.e2EIRepository)
@@ -1293,6 +1218,7 @@ class EnrollE2EICertificateUseCaseTest {
         val RANDOM_ID_TOKEN = "idToken"
         val RANDOM_DPoP_TOKEN = "dpopToken"
         val RANDOM_NONCE = "random-nonce"
+        val REFRESH_TOKEN = "YRjxLpsjRqL7zYuKstXogqioA_P3Z4fiEuga0NCVRcDSc8cy_9msxg"
         val TEST_CORE_FAILURE = CoreFailure.Unknown(Throwable("an error"))
         val TEST_EITHER_LEFT = Either.Left(TEST_CORE_FAILURE)
         val ACME_BASE_URL = "https://balderdash.hogwash.work:9000"

From 91fe1ae7eedec03be4122dda0f0bce36fbba0c33 Mon Sep 17 00:00:00 2001
From: Mojtaba Chenani <chenani@outlook.com>
Date: Tue, 19 Dec 2023 17:48:17 +0100
Subject: [PATCH 4/4] fix tests

---
 .../logic/data/e2ei/E2EIRepositoryTest.kt     | 27 ++++++++++++++-----
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt
index 45a69e9624b..c05dbd5b89e 100644
--- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt
+++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepositoryTest.kt
@@ -353,6 +353,7 @@ class E2EIRepositoryTest {
     fun givenDpopChallengeRequestSucceed_whenCallingValidateDPoPChallenge_thenItSucceed() = runTest {
         // Given
         val (arrangement, e2eiRepository) = Arrangement()
+            .withGetCoreCryptoSuccessful()
             .withSendChallengeRequestApiSucceed()
             .withGetE2EIClientSuccessful()
             .withGetMLSClientSuccessful()
@@ -376,7 +377,7 @@ class E2EIRepositoryTest {
             .wasInvoked(once)
 
         verify(arrangement.e2eiClient)
-            .function(arrangement.e2eiClient::setOIDCChallengeResponse)
+            .function(arrangement.e2eiClient::setDPoPChallengeResponse)
             .with(anyInstanceOf(ByteArray::class))
             .wasInvoked(once)
     }
@@ -409,7 +410,7 @@ class E2EIRepositoryTest {
 
         verify(arrangement.e2eiClient)
             .function(arrangement.e2eiClient::setOIDCChallengeResponse)
-            .with(anyInstanceOf(ByteArray::class))
+            .with(anyInstanceOf(CoreCryptoCentral::class), anyInstanceOf(ByteArray::class))
             .wasNotInvoked()
     }
 
@@ -417,6 +418,7 @@ class E2EIRepositoryTest {
     fun givenOIDCChallengeRequestSucceed_whenCallingValidateDPoPChallenge_thenItSucceed() = runTest {
         // Given
         val (arrangement, e2eiRepository) = Arrangement()
+            .withGetCoreCryptoSuccessful()
             .withSendChallengeRequestApiSucceed()
             .withGetE2EIClientSuccessful()
             .withGetMLSClientSuccessful()
@@ -431,7 +433,7 @@ class E2EIRepositoryTest {
 
         verify(arrangement.e2eiClient)
             .function(arrangement.e2eiClient::getNewOidcChallengeRequest)
-            .with(anyInstanceOf(String::class), anyInstanceOf(String::class))
+            .with(anyInstanceOf(String::class), anyInstanceOf(String::class), anyInstanceOf(String::class))
             .wasInvoked(once)
 
         verify(arrangement.acmeApi)
@@ -441,7 +443,7 @@ class E2EIRepositoryTest {
 
         verify(arrangement.e2eiClient)
             .function(arrangement.e2eiClient::setOIDCChallengeResponse)
-            .with(anyInstanceOf(ByteArray::class))
+            .with(anyInstanceOf(CoreCryptoCentral::class), anyInstanceOf(ByteArray::class))
             .wasInvoked(once)
     }
 
@@ -449,6 +451,7 @@ class E2EIRepositoryTest {
     fun givenOIDCChallengeRequestFails_whenCallingValidateDPoPChallenge_thenItFail() = runTest {
         // Given
         val (arrangement, e2eiRepository) = Arrangement()
+            .withGetCoreCryptoSuccessful()
             .withSendChallengeRequestApiFails()
             .withGetE2EIClientSuccessful()
             .withGetMLSClientSuccessful()
@@ -463,7 +466,7 @@ class E2EIRepositoryTest {
 
         verify(arrangement.e2eiClient)
             .function(arrangement.e2eiClient::getNewOidcChallengeRequest)
-            .with(anyInstanceOf(String::class), anyInstanceOf(String::class))
+            .with(anyInstanceOf(String::class), anyInstanceOf(String::class), anyInstanceOf(String::class))
             .wasInvoked(once)
 
         verify(arrangement.acmeApi)
@@ -473,7 +476,7 @@ class E2EIRepositoryTest {
 
         verify(arrangement.e2eiClient)
             .function(arrangement.e2eiClient::setOIDCChallengeResponse)
-            .with(anyInstanceOf(ByteArray::class))
+            .with(anyInstanceOf(CoreCryptoCentral::class), anyInstanceOf(ByteArray::class))
             .wasNotInvoked()
     }
 
@@ -731,6 +734,13 @@ class E2EIRepositoryTest {
                 .thenReturn(Either.Right(e2eiClient))
         }
 
+        fun withGetCoreCryptoSuccessful() = apply {
+            given(mlsClientProvider)
+                .suspendFunction(mlsClientProvider::getCoreCrypto)
+                .whenInvokedWith(anything())
+                .thenReturn(Either.Right(coreCryptoCentral))
+        }
+
         fun withE2EIClientLoadDirectoriesSuccessful() = apply {
             given(e2eiClient)
                 .suspendFunction(e2eiClient::directoryResponse)
@@ -819,7 +829,7 @@ class E2EIRepositoryTest {
         fun withGetNewOidcChallengeRequest() = apply {
             given(e2eiClient)
                 .suspendFunction(e2eiClient::getNewOidcChallengeRequest)
-                .whenInvokedWith(anything(), anything())
+                .whenInvokedWith(anything(), anything(), anything())
                 .thenReturn(RANDOM_BYTE_ARRAY)
         }
 
@@ -905,6 +915,9 @@ class E2EIRepositoryTest {
         @Mock
         val e2eiClient = mock(classOf<E2EIClient>())
 
+        @Mock
+        val coreCryptoCentral = mock(classOf<CoreCryptoCentral>())
+
         @Mock
         val mlsClientProvider: MLSClientProvider = mock(classOf<MLSClientProvider>())