From 9720791367ca0606abf09e0455f0f9159f214d0c Mon Sep 17 00:00:00 2001 From: Mojtaba Chenani Date: Thu, 21 Dec 2023 16:01:05 +0100 Subject: [PATCH 1/3] feat(e2ei): use refresh token for idp authorization --- .../kalium/cryptography/E2EIClientImpl.kt | 3 + .../E2EIClientImpl.kt | 7 +++ .../wire/kalium/cryptography/E2EIClient.kt | 1 + .../kalium/cryptography/E2EIClientImpl.kt | 4 ++ .../logic/data/client/E2EIClientProvider.kt | 5 ++ .../kalium/logic/data/e2ei/E2EIRepository.kt | 31 +++++++--- .../feature/e2ei/usecase/EnrollE2EIUseCase.kt | 27 ++++++-- .../e2ei/EnrollE2EICertificateUseCaseTest.kt | 62 +++++++++++++------ 8 files changed, 107 insertions(+), 33 deletions(-) diff --git a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt index 7cb1d4fddb9..fa8378314a4 100644 --- a/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt +++ b/cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt @@ -87,4 +87,7 @@ class E2EIClientImpl : E2EIClient { TODO("Not yet implemented") } + override suspend fun getOAuthRefreshToken(): String? { + TODO("Not yet implemented") + } } diff --git a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt index 47ead4cd616..8945cfe67ff 100644 --- a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt +++ b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt @@ -79,6 +79,12 @@ class E2EIClientImpl( override suspend fun certificateRequest(previousNonce: String) = wireE2eIdentity.certificateRequest(previousNonce) + override suspend fun getOAuthRefreshToken() = try { + wireE2eIdentity.getRefreshToken() + } catch (e: Exception) { + null + } + companion object { fun toAcmeDirectory(value: com.wire.crypto.AcmeDirectory) = AcmeDirectory( value.newNonce, value.newAccount, value.newOrder @@ -102,3 +108,4 @@ class E2EIClientImpl( ) } } + diff --git a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt index 38a61f31d3b..d672aa3cba5 100644 --- a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt +++ b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt @@ -62,4 +62,5 @@ interface E2EIClient { suspend fun finalizeRequest(previousNonce: String): JsonRawData suspend fun finalizeResponse(finalize: JsonRawData): String suspend fun certificateRequest(previousNonce: String): JsonRawData + suspend fun getOAuthRefreshToken():String? } diff --git a/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt b/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt index af9178080a9..fa8378314a4 100644 --- a/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt +++ b/cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt @@ -86,4 +86,8 @@ class E2EIClientImpl : E2EIClient { override suspend fun certificateRequest(previousNonce: String): JsonRawData { TODO("Not yet implemented") } + + override suspend fun getOAuthRefreshToken(): String? { + TODO("Not yet implemented") + } } diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt index e02b51e8457..1dd5f537d82 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt @@ -35,6 +35,7 @@ import kotlinx.coroutines.withContext interface E2EIClientProvider { suspend fun getE2EIClient(clientId: ClientId? = null): Either + suspend fun nuke() } internal class EI2EIClientProviderImpl( @@ -86,6 +87,10 @@ internal class EI2EIClientProviderImpl( else Either.Right(selfUser) } + override suspend fun nuke() { + e2EIClient = null + } + companion object { const val ERROR_NAME_AND_HANDLE_MUST_NOT_BE_NULL = "name and handle must have a value" } diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt index ccd674322d9..7849d47f408 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt @@ -46,23 +46,30 @@ interface E2EIRepository { suspend fun loadACMEDirectories(): Either suspend fun getACMENonce(endpoint: String): Either suspend fun createNewAccount(prevNonce: String, createAccountEndpoint: String): Either - suspend fun createNewOrder(prevNonce: String, createOrderEndpoint: String): - Either> - suspend fun createAuthz(prevNonce: String, authzEndpoint: String): - Either> + suspend fun createNewOrder(prevNonce: String, createOrderEndpoint: String): Either> + suspend fun createAuthz(prevNonce: String, authzEndpoint: String): Either> suspend fun getWireNonce(): Either suspend fun getWireAccessToken(wireNonce: String): Either suspend fun getDPoPToken(wireNonce: String): Either - suspend fun validateDPoPChallenge(accessToken: String, prevNonce: String, acmeChallenge: AcmeChallenge): - Either - suspend fun validateOIDCChallenge(idToken: String, refreshToken: String, prevNonce: String, acmeChallenge: AcmeChallenge): - Either + suspend fun validateDPoPChallenge( + accessToken: String, + prevNonce: String, + acmeChallenge: AcmeChallenge + ): Either + suspend fun validateOIDCChallenge( + idToken: String, + refreshToken: String, + prevNonce: String, + acmeChallenge: AcmeChallenge + ): Either suspend fun setDPoPChallengeResponse(challengeResponse: ChallengeResponse): Either suspend fun setOIDCChallengeResponse(challengeResponse: ChallengeResponse): Either suspend fun finalize(location: String, prevNonce: String): Either> suspend fun checkOrderRequest(location: String, prevNonce: String): Either> suspend fun certificateRequest(location: String, prevNonce: String): Either suspend fun rotateKeysAndMigrateConversations(certificateChain: String): Either + suspend fun getOAuthRefreshToken(): Either + suspend fun nukeE2EIClient() } @Suppress("LongParameterList") @@ -214,6 +221,14 @@ class E2EIRepositoryImpl( } } + override suspend fun getOAuthRefreshToken() = e2EIClientProvider.getE2EIClient().flatMap { e2EIClient -> + Either.Right(e2EIClient.getOAuthRefreshToken()) + } + + override suspend fun nukeE2EIClient() { + e2EIClientProvider.nuke() + } + companion object { // todo: remove after testing e2ei const val TEMP_ACME_DISCOVER_URL = "https://acme.elna.wire.link/acme/defaultteams" diff --git a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt index d2a34782f83..e36fac17893 100644 --- a/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt +++ b/logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/EnrollE2EIUseCase.kt @@ -23,6 +23,7 @@ import com.wire.kalium.logic.E2EIFailure import com.wire.kalium.logic.data.e2ei.E2EIRepository import com.wire.kalium.logic.functional.Either import com.wire.kalium.logic.functional.getOrFail +import com.wire.kalium.logic.functional.getOrNull import com.wire.kalium.logic.functional.onFailure import com.wire.kalium.logic.kaliumLogger @@ -33,7 +34,7 @@ interface EnrollE2EIUseCase { suspend fun initialEnrollment(): Either suspend fun finalizeEnrollment( idToken: String, - refreshToken: String?, + oAuthState: String, initializationResult: E2EIEnrollmentResult.Initialized ): Either } @@ -71,9 +72,17 @@ class EnrollE2EIUseCaseImpl internal constructor( val authzResponse = e2EIRepository.createAuthz(prevNonce, newOrderResponse.first.authorizations[0]).getOrFail { return E2EIEnrollmentResult.Failed(E2EIEnrollmentResult.E2EIStep.AcmeNewAuthz, it).toEitherLeft() } + kaliumLogger.i("getoAuth") + + val oAuthState = e2EIRepository.getOAuthRefreshToken().getOrNull() + kaliumLogger.i("oAuthStAte: $oAuthState") val initializationResult = E2EIEnrollmentResult.Initialized( - authzResponse.first.wireOidcChallenge!!.target, authzResponse.first, authzResponse.second, newOrderResponse.third + target = authzResponse.first.wireOidcChallenge!!.target, + oAuthState = oAuthState, + authz = authzResponse.first, + lastNonce = authzResponse.second, + orderLocation = newOrderResponse.third ) kaliumLogger.i("E2EI Enrollment Initialization Result: $initializationResult") @@ -91,7 +100,7 @@ class EnrollE2EIUseCaseImpl internal constructor( */ override suspend fun finalizeEnrollment( idToken: String, - refreshToken: String?, + oAuthState: String, initializationResult: E2EIEnrollmentResult.Initialized ): Either { @@ -120,7 +129,7 @@ class EnrollE2EIUseCaseImpl internal constructor( prevNonce = dpopChallengeResponse.nonce val oidcChallengeResponse = e2EIRepository.validateOIDCChallenge( - idToken, refreshToken ?: "", prevNonce, authz.wireOidcChallenge!! + idToken, oAuthState, prevNonce, authz.wireOidcChallenge!! ).getOrFail { return E2EIEnrollmentResult.Failed(E2EIEnrollmentResult.E2EIStep.OIDCChallenge, it).toEitherLeft() } @@ -147,6 +156,8 @@ class EnrollE2EIUseCaseImpl internal constructor( return E2EIEnrollmentResult.Failed(E2EIEnrollmentResult.E2EIStep.ConversationMigration, it).toEitherLeft() } + e2EIRepository.nukeE2EIClient() + return Either.Right(E2EIEnrollmentResult.Finalized(certificateRequest.response.decodeToString())) } @@ -171,7 +182,13 @@ sealed interface E2EIEnrollmentResult { Certificate } - class Initialized(val target: String, val authz: NewAcmeAuthz, val lastNonce: String, val orderLocation: String) : E2EIEnrollmentResult + class Initialized( + val target: String, + val oAuthState: String?, + val authz: NewAcmeAuthz, + val lastNonce: String, + val orderLocation: String + ) : E2EIEnrollmentResult class Finalized(val certificate: String) : E2EIEnrollmentResult diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt index 61a2753a28d..0dac13e403b 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt @@ -505,6 +505,10 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() + verify(arrangement.e2EIRepository) + .function(arrangement.e2EIRepository::nukeE2EIClient) + .with() + .wasNotInvoked() } @Test @@ -570,6 +574,10 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() + verify(arrangement.e2EIRepository) + .function(arrangement.e2EIRepository::nukeE2EIClient) + .with() + .wasNotInvoked() } @Test @@ -636,6 +644,10 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() + verify(arrangement.e2EIRepository) + .function(arrangement.e2EIRepository::nukeE2EIClient) + .with() + .wasNotInvoked() } @Test @@ -704,6 +716,10 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() + verify(arrangement.e2EIRepository) + .function(arrangement.e2EIRepository::nukeE2EIClient) + .with() + .wasNotInvoked() } @Test @@ -733,7 +749,6 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::getWireNonce) .with() .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getDPoPToken) .with(any()) @@ -768,6 +783,10 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() + verify(arrangement.e2EIRepository) + .function(arrangement.e2EIRepository::nukeE2EIClient) + .with() + .wasNotInvoked() } @Test @@ -798,17 +817,14 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::getWireNonce) .with() .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getDPoPToken) .with(any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getWireAccessToken) .with(any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateDPoPChallenge) .with(any(), any(), any()) @@ -817,7 +833,6 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::checkOrderRequest) .with(any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::checkOrderRequest) .with() @@ -834,7 +849,10 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with() .wasNotInvoked() - + verify(arrangement.e2EIRepository) + .function(arrangement.e2EIRepository::nukeE2EIClient) + .with() + .wasNotInvoked() } @Test @@ -866,17 +884,14 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::getWireNonce) .with() .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getDPoPToken) .with(any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getWireAccessToken) .with(any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateDPoPChallenge) .with(any(), any(), any()) @@ -889,12 +904,14 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::finalize) .with(any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::certificateRequest) .with() .wasNotInvoked() - + verify(arrangement.e2EIRepository) + .function(arrangement.e2EIRepository::nukeE2EIClient) + .with() + .wasNotInvoked() } @Test @@ -928,32 +945,26 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::getWireNonce) .with() .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getDPoPToken) .with(any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::getWireAccessToken) .with(any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateDPoPChallenge) .with(any(), any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::validateOIDCChallenge) .with(any(), any(), any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::checkOrderRequest) .with(any(), any()) .wasInvoked(exactly = once) - verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::finalize) .with(any(), any()) @@ -963,6 +974,10 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with(any()) .wasInvoked(exactly = once) + verify(arrangement.e2EIRepository) + .function(arrangement.e2EIRepository::nukeE2EIClient) + .with() + .wasInvoked(exactly = once) } @Test @@ -1031,7 +1046,10 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::certificateRequest) .with(any(), any()) .wasInvoked(exactly = once) - + verify(arrangement.e2EIRepository) + .function(arrangement.e2EIRepository::nukeE2EIClient) + .with() + .wasInvoked(exactly = once) } @Test @@ -1105,6 +1123,10 @@ class EnrollE2EICertificateUseCaseTest { .function(arrangement.e2EIRepository::rotateKeysAndMigrateConversations) .with(any()) .wasInvoked(exactly = once) + verify(arrangement.e2EIRepository) + .function(arrangement.e2EIRepository::nukeE2EIClient) + .with() + .wasInvoked(exactly = once) } @@ -1269,10 +1291,10 @@ class EnrollE2EICertificateUseCaseTest { val INITIALIZATION_RESULT = E2EIEnrollmentResult.Initialized( target = ACME_CHALLENGE.target, - ACME_AUTHZ, + oAuthState = REFRESH_TOKEN, + authz = ACME_AUTHZ, lastNonce = RANDOM_NONCE, orderLocation = RANDOM_LOCATION ) - } } From af4abc97f739b785f233e7e31447a0c6915e294b Mon Sep 17 00:00:00 2001 From: Mojtaba Chenani Date: Thu, 21 Dec 2023 16:08:00 +0100 Subject: [PATCH 2/3] fix detekt --- .../kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt | 2 +- .../kotlin/com/wire/kalium/cryptography/E2EIClient.kt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt index 8945cfe67ff..bffb15c2340 100644 --- a/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt +++ b/cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt @@ -79,6 +79,7 @@ class E2EIClientImpl( override suspend fun certificateRequest(previousNonce: String) = wireE2eIdentity.certificateRequest(previousNonce) + @Suppress("TooGenericExceptionCaught") override suspend fun getOAuthRefreshToken() = try { wireE2eIdentity.getRefreshToken() } catch (e: Exception) { @@ -108,4 +109,3 @@ class E2EIClientImpl( ) } } - diff --git a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt index d672aa3cba5..8443093b014 100644 --- a/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt +++ b/cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt @@ -62,5 +62,5 @@ interface E2EIClient { suspend fun finalizeRequest(previousNonce: String): JsonRawData suspend fun finalizeResponse(finalize: JsonRawData): String suspend fun certificateRequest(previousNonce: String): JsonRawData - suspend fun getOAuthRefreshToken():String? + suspend fun getOAuthRefreshToken(): String? } From e5bb30b68a2bd31de0854c303d59c9588f6d7d32 Mon Sep 17 00:00:00 2001 From: Mojtaba Chenani Date: Thu, 21 Dec 2023 16:50:06 +0100 Subject: [PATCH 3/3] fix tests --- .../e2ei/EnrollE2EICertificateUseCaseTest.kt | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt index 0dac13e403b..6ac1b839c07 100644 --- a/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt +++ b/logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/EnrollE2EICertificateUseCaseTest.kt @@ -924,6 +924,7 @@ class EnrollE2EICertificateUseCaseTest { arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) arrangement.withCreateAuthzResulting(Either.Right(Triple(ACME_AUTHZ, RANDOM_NONCE, RANDOM_LOCATION))) + arrangement.withGettingRefreshTokenSucceeding() arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(Either.Right(RANDOM_DPoP_TOKEN)) arrangement.withGetWireAccessTokenResulting(Either.Right(WIRE_ACCESS_TOKEN)) @@ -977,7 +978,7 @@ class EnrollE2EICertificateUseCaseTest { verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::nukeE2EIClient) .with() - .wasInvoked(exactly = once) + .wasNotInvoked() } @Test @@ -990,6 +991,7 @@ class EnrollE2EICertificateUseCaseTest { arrangement.withCreateNewAccountResulting(Either.Right(RANDOM_NONCE)) arrangement.withCreateNewOrderResulting(Either.Right(Triple(ACME_ORDER, RANDOM_NONCE, RANDOM_LOCATION))) arrangement.withCreateAuthzResulting(Either.Right(Triple(ACME_AUTHZ, RANDOM_NONCE, RANDOM_LOCATION))) + arrangement.withGettingRefreshTokenSucceeding() arrangement.withGetWireNonceResulting(Either.Right(RANDOM_NONCE)) arrangement.withGetDPoPTokenResulting(Either.Right(RANDOM_DPoP_TOKEN)) arrangement.withGetWireAccessTokenResulting(Either.Right(WIRE_ACCESS_TOKEN)) @@ -1049,7 +1051,7 @@ class EnrollE2EICertificateUseCaseTest { verify(arrangement.e2EIRepository) .function(arrangement.e2EIRepository::nukeE2EIClient) .with() - .wasInvoked(exactly = once) + .wasNotInvoked() } @Test @@ -1233,6 +1235,13 @@ class EnrollE2EICertificateUseCaseTest { .thenReturn(result) } + fun withGettingRefreshTokenSucceeding() = apply { + given(e2EIRepository) + .suspendFunction(e2EIRepository::getOAuthRefreshToken) + .whenInvoked() + .thenReturn(Either.Right(" ")) + } + fun arrange(): Pair = this to EnrollE2EIUseCaseImpl(e2EIRepository) }