Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Observe self client certificate revocation (WPB-6145) #2384

Merged
merged 23 commits into from
Jan 25, 2024
Merged

feat: Observe self client certificate revocation (WPB-6145) #2384

merged 23 commits into from
Jan 25, 2024

Conversation

ohassine
Copy link
Member

@ohassine ohassine commented Jan 18, 2024
edited
Loading

PR Submission Checklist for internal contributors

  • The PR Title

    • conforms to the style of semantic commits messages¹ supported in Wire's Github Workflow²
    • contains a reference JIRA issue number like SQPIT-764
    • answers the question: If merged, this PR will: ... ³

  • The PR Description

    • is free of optional paragraphs and you have filled the relevant parts to the best of your ability

What's new in this PR?

Description

I this PR, I am creating the logic that will be used in Android to show a dialog when self client's certificate is revoked:

A flag will be observed by Android through a use case called ObserveShouldNotifyForRevokedCertificateUseCase to show the dialog.

Needs releases with:

  • GitHub link to other pull request

Testing

Test Coverage (Optional)

  • I have added automated test to this contribution

How to Test

Briefly describe how this change was tested and if applicable the exact steps taken to verify that it works as expected.

Notes (Optional)

Specify here any other facts that you think are important for this issue.

Attachments (Optional)

Attachments like images, videos, etc. (drag and drop in the text box)

PR Post Submission Checklist for internal contributors (Optional)

  • Wire's Github Workflow has automatically linked the PR to a JIRA issue

PR Post Merge Checklist for internal contributors

  • If any soft of configuration variable was introduced by this PR, it has been added to the relevant documents and the CI jobs have been updated.
References
  1. https://sparkbox.com/foundry/semantic_commit_messages
  2. https://github.com/wireapp/.github#usage
  3. E.g. feat(conversation-list): Sort conversations by most emojis in the title #SQPIT-764.

ohassine added 15 commits January 11, 2024 15:54
@ohassine
feat(MLS): check revocation list
af30446
@ohassine
feat(MLS): cover CheckRevocationListUseCase with unit test
5ec9d73
@ohassine
chore: detekt
d779f1f
@ohassine
Merge remote-tracking branch 'origin/develop' into check_revocation_list
477103b 
# Conflicts:
#	cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt
#	cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt
#	cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt
#	cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt
#	logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt
#	network/src/commonMain/kotlin/com/wire/kalium/network/api/base/unbound/acme/ACMEApi.kt
@ohassine
chore: apply new changes from CC
ad94e4d
@ohassine
Merge branch 'develop' into check_revocation_list
ac1448e
@ohassine
feat: store urls with expiration time
e991e45
@ohassine
feat: pass url as param to the use case
19db4e5
@ohassine
Merge remote-tracking branch 'origin/check_revocation_list' into chec…
c0c02f8 
…k_revocation_list
@ohassine
chore: detekt
aeba6d4
@ohassine
chore: unit test
0fbddf6
@ohassine
feat: Show dialog when current user's certificate is revoked
9993659
@ohassine
feat: update unit test for CheckRevocationListUseCase
c2868bb
@ohassine
Merge remote-tracking branch 'origin/develop' into show_your_device_c…
911d2fd 
…ert_revoked_dialog
@ohassine
Merge remote-tracking branch 'origin/develop' into show_your_device_c…
d3f82de 
…ert_revoked_dialog

# Conflicts:
#	logic/src/commonMain/kotlin/com/wire/kalium/logic/configuration/UserConfigRepository.kt
#	network/src/commonMain/kotlin/com/wire/kalium/network/api/base/unbound/acme/ACMEApi.kt
#	persistence/src/commonMain/kotlin/com/wire/kalium/persistence/dao/unread/UserConfigDAO.kt
@ohassine ohassine mentioned this pull request Jan 18, 2024
Merged
8 tasks
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 18, 2024
edited
Loading

Test Results

2 662 tests   2 652 ✔️  3m 16s ⏱️
       3 suites       10 💤
       3 files           0

Results for commit ca03aa7.

♻️ This comment has been updated with latest results.

@datadog-wireapp
Copy link

datadog-wireapp bot commented Jan 18, 2024
edited
Loading

Datadog Report

All test runs 51cf2bb 🔗

2 Total Test Services: 0 Failed, 2 Passed

Test Services
Service Name Failed Known Flaky New Flaky Passed Skipped Wall Time Test Service View
kalium-ios 0 0 0 2592 80 5m 52s Link
kalium-jvm 0 0 0 2761 105 8m 47.05s Link

@ohassine ohassine added the WIP work in progress label Jan 19, 2024
@ohassine ohassine removed the WIP work in progress label Jan 24, 2024
@ohassine ohassine requested review from a team and removed request for a team January 24, 2024 08:38
@ohassine ohassine changed the base branch from develop to release/candidate January 24, 2024 08:42
mchenani
mchenani approved these changes Jan 24, 2024
View reviewed changes
Copy link
Contributor

@mchenani mchenani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

@borichellow
Copy link
Contributor

Question: how it should work?
With this implementation user will see the dialog every time he/she launches the app (if the certificate was revoked).
And (I guess) there is some option to dismiss that dialog (by MarkNotifyForRevokedCertificateAsNotifiedUseCase).

But I thought if my certificate was revoked it means that I'm a bad guy and should be logged out, isn't it?

@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

❗ No coverage uploaded for pull request base (release/candidate@d86d915). Click here to learn what that means.

Additional details and impacted files 
@@                 Coverage Diff                  @@
##             release/candidate    #2384   +/-   ##
====================================================
  Coverage                     ?   58.65%           
  Complexity                   ?       21           
====================================================
  Files                        ?     1130           
  Lines                        ?    44262           
  Branches                     ?     4128           
====================================================
  Hits                         ?    25961           
  Misses                       ?    16460           
  Partials                     ?     1841

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d86d915...f22c54f. Read the comment docs.

@ohassine
Copy link
Member Author

Question: how it should work? With this implementation user will see the dialog every time he/she launches the app (if the certificate was revoked). And (I guess) there is some option to dismiss that dialog (by MarkNotifyForRevokedCertificateAsNotifiedUseCase).

But I thought if my certificate was revoked it means that I'm a bad guy and should be logged out, isn't it?

Yes we show a dialog recommending to the user to logout.
Check this PR it contains demo video wireapp/wire-android#2594

And once the user dismisses the dialog we invoke markNotifyForRevokedCertificateAsNotified so dialog won't show next time

@borichellow
Copy link
Contributor

Question: how it should work? With this implementation user will see the dialog every time he/she launches the app (if the certificate was revoked). And (I guess) there is some option to dismiss that dialog (by MarkNotifyForRevokedCertificateAsNotifiedUseCase).
But I thought if my certificate was revoked it means that I'm a bad guy and should be logged out, isn't it?

Yes we show a dialog recommending to the user to logout. Check this PR it contains demo video wireapp/wire-android#2594

And once the user dismisses the dialog we invoke markNotifyForRevokedCertificateAsNotified so dialog won't show next time

sounds strange to me (the fact the user could skip the logging out), but okay :)

@ohassine
Merge branch 'release/candidate' into show_your_device_cert_revoked_d…
6e5b325 
…ialog

# Conflicts:
#	logic/src/commonMain/kotlin/com/wire/kalium/logic/configuration/UserConfigRepository.kt
#	logic/src/commonMain/kotlin/com/wire/kalium/logic/data/e2ei/E2EIRepository.kt
#	logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/user/UserScope.kt
#	logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/CheckRevocationListUseCaseTest.kt
#	persistence/src/commonMain/kotlin/com/wire/kalium/persistence/dao/unread/UserConfigDAO.kt
@ohassine
chore: resolve conflicts
e42a5d7
@ohassine ohassine enabled auto-merge (squash) January 25, 2024 09:51
@ohassine ohassine merged commit 35d3229 into release/candidate Jan 25, 2024
17 checks passed
@ohassine ohassine deleted the show_your_device_cert_revoked_dialog branch January 25, 2024 11:50
@github-actions github-actions bot mentioned this pull request Jan 25, 2024
Closed
8 tasks
ohassine added a commit that referenced this pull request Jan 25, 2024
@ohassine
feat: Observe self client certificate revocation (WPB-6145) (#2384)
008a66a 
* feat(MLS): check revocation list

* feat(MLS): cover CheckRevocationListUseCase with unit test

* chore: detekt

* chore: apply new changes from CC

* feat: store urls with expiration time

* feat: pass url as param to the use case

* chore: detekt

* chore: unit test

* feat: Show dialog when current user's certificate is revoked

* feat: update unit test for CheckRevocationListUseCase

* chore: detekt

* chore: cleanup

* chore: resolve conflicts
@ohassine ohassine mentioned this pull request Jan 25, 2024
Merged
8 tasks
github-merge-queue bot pushed a commit that referenced this pull request Jan 25, 2024
@ohassine
feat: Observe self client certificate revocation (WPB-6145) (#2384) (#…
aa9e9c4 
…2408)

* feat(MLS): check revocation list

* feat(MLS): cover CheckRevocationListUseCase with unit test

* chore: detekt

* chore: apply new changes from CC

* feat: store urls with expiration time

* feat: pass url as param to the use case

* chore: detekt

* chore: unit test

* feat: Show dialog when current user's certificate is revoked

* feat: update unit test for CheckRevocationListUseCase

* chore: detekt

* chore: cleanup

* chore: resolve conflicts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@borichellow borichellow borichellow left review comments

@mchenani mchenani mchenani approved these changes

@yamilmedina yamilmedina yamilmedina approved these changes

@typfel typfel Awaiting requested review from typfel typfel was automatically assigned from wireapp/android

@vitorhugods vitorhugods Awaiting requested review from vitorhugods vitorhugods was automatically assigned from wireapp/android

@Garzas Garzas Awaiting requested review from Garzas Garzas was automatically assigned from wireapp/android

@saleniuk saleniuk Awaiting requested review from saleniuk saleniuk was automatically assigned from wireapp/android

Assignees

@ohassine ohassine

Labels
🚨 Potential breaking changes 👕 size: L type: feature ✨
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ohassine @borichellow @codecov-commenter @yamilmedina @mchenani