Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(mls): unify MLSClientIdentity models (WPB-9774) #2818

Merged
Merged
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
package com.wire.kalium.cryptography

import com.wire.crypto.BufferedDecryptedMessage
import com.wire.crypto.Ciphersuite
import com.wire.crypto.ConversationConfiguration
import com.wire.crypto.CoreCrypto
import com.wire.crypto.CustomConfiguration
Expand All @@ -28,7 +29,6 @@ import com.wire.crypto.MlsCredentialType
import com.wire.crypto.MlsGroupInfoEncryptionType
import com.wire.crypto.MlsRatchetTreeType
import com.wire.crypto.MlsWirePolicy
import com.wire.crypto.Ciphersuite
import io.ktor.util.decodeBase64Bytes
import io.ktor.util.encodeBase64
import kotlin.time.Duration
Expand Down Expand Up @@ -332,18 +332,26 @@ class MLSClientImpl(
return clientId?.let {
WireIdentity(
CryptoQualifiedClientId.fromEncodedString(value.clientId)!!,
value.x509Identity?.handle,
value.x509Identity?.displayName,
value.x509Identity?.domain,
value.x509Identity?.certificate,
toDeviceStatus(value.status),
value.thumbprint,
value.x509Identity?.serialNumber,
value.x509Identity?.notAfter?.toLong()
toCredentialType(value.credentialType),
value.x509Identity?.let {
toX509Identity(it)
}
)
}
}

fun toX509Identity(value: com.wire.crypto.X509Identity) = WireIdentity.X509Identity(
handle = WireIdentity.Handle.fromString(value.handle, value.domain),
displayName = value.displayName,
domain = value.domain,
certificate = value.certificate,
serialNumber = value.serialNumber,
notBefore = value.notBefore.toLong(),
notAfter = value.notAfter.toLong()
)

fun toDeviceStatus(value: com.wire.crypto.DeviceStatus) = when (value) {
com.wire.crypto.DeviceStatus.VALID -> CryptoCertificateStatus.VALID
com.wire.crypto.DeviceStatus.EXPIRED -> CryptoCertificateStatus.EXPIRED
Expand Down Expand Up @@ -403,6 +411,11 @@ class MLSClientImpl(
CredentialType.X509 -> MlsCredentialType.X509
}

fun toCredentialType(value: MlsCredentialType) = when (value) {
MlsCredentialType.BASIC -> CredentialType.Basic
MlsCredentialType.X509 -> CredentialType.X509
}

fun toCrlRegistration(value: com.wire.crypto.CrlRegistration) = CrlRegistration(
value.dirty,
value.expiration
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,54 +78,19 @@ data class CryptoQualifiedClientId(

data class WireIdentity(
val clientId: CryptoQualifiedClientId,
val certificate: Certificate?,
val status: CryptoCertificateStatus,
val thumbprint: String,
val credentialType: CredentialType,
val x509Identity: X509Identity?
) {
companion object {
@Suppress("LongParameterList")
operator fun invoke(
clientId: CryptoQualifiedClientId,
handle: String?,
displayName: String?,
domain: String?,
certificate: String?,
status: CryptoCertificateStatus,
thumbprint: String?,
serialNumber: String?,
endTimestampSeconds: Long?
): WireIdentity {
@Suppress("ComplexCondition")
val certificateData = if (handle == null || displayName == null || domain == null || certificate == null
|| thumbprint == null || serialNumber == null || endTimestampSeconds == null
) {
null
} else {
Certificate(
Handle.fromString(handle, domain),
displayName,
domain,
certificate,
thumbprint,
serialNumber,
endTimestampSeconds
)
}
return WireIdentity(
clientId = clientId,
certificate = certificateData,
status = status
)
}
}

data class Certificate(
data class X509Identity(
val handle: Handle,
val displayName: String,
val domain: String,
val certificate: String,
val thumbprint: String,
val serialNumber: String,
val endTimestampSeconds: Long
val notBefore: Long,
val notAfter: Long
)

// WireIdentity handle format is "{scheme}%40{username}@{domain}"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,17 +33,5 @@ fun com.wire.kalium.cryptography.DecryptedMessageBundle.toModel(groupID: GroupID
)
},
commitDelay,
identity?.let { identity ->
identity.certificate?.let { certificate ->
E2EIdentity(
identity.clientId,
certificate.handle.handle,
certificate.displayName,
certificate.domain,
certificate.certificate,
identity.status,
certificate.thumbprint
)
}
}
identity
)
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
package com.wire.kalium.logic.data.conversation

import com.wire.kalium.cryptography.CommitBundle
import com.wire.kalium.cryptography.CryptoCertificateStatus
import com.wire.kalium.cryptography.CryptoQualifiedClientId
import com.wire.kalium.cryptography.E2EIClient
import com.wire.kalium.cryptography.MLSClient
Expand Down Expand Up @@ -102,17 +101,7 @@ data class DecryptedMessageBundle(
val groupID: GroupID,
val applicationMessage: ApplicationMessage?,
val commitDelay: Long?,
val identity: E2EIdentity?
)

data class E2EIdentity(
val clientId: CryptoQualifiedClientId,
val handle: String,
val displayName: String,
val domain: String,
val certificate: String,
val status: CryptoCertificateStatus,
val thumbprint: String
val identity: WireIdentity?
)

@Suppress("TooManyFunctions", "LongParameterList")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,12 @@

package com.wire.kalium.logic.data.id

import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
import kotlin.jvm.JvmInline

@JvmInline
value class PlainId(val value: String)
@Serializable
value class PlainId(@SerialName("value") val value: String)

typealias TeamId = PlainId
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,10 @@ value class SubconversationId(val value: String) {
fun toLogString() = value.obfuscateId()
}

@Serializable
data class QualifiedClientID(
val clientId: ClientId,
val userId: UserId
@SerialName("clientId") val clientId: ClientId,
@SerialName("userId") val userId: UserId
)

typealias MessageId = String
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,6 @@ import com.wire.kalium.logic.data.user.type.DomainUserTypeMapper
import com.wire.kalium.logic.data.user.type.DomainUserTypeMapperImpl
import com.wire.kalium.logic.data.user.type.UserEntityTypeMapper
import com.wire.kalium.logic.data.user.type.UserEntityTypeMapperImpl
import com.wire.kalium.logic.feature.e2ei.CertificateStatusMapper
import com.wire.kalium.logic.feature.e2ei.CertificateStatusMapperImpl

internal object MapperProvider {
fun apiVersionMapper(): ApiVersionMapper = ApiVersionMapperImpl()
Expand Down Expand Up @@ -176,5 +174,4 @@ internal object MapperProvider {
fun serviceMapper(): ServiceMapper = ServiceMapper()
fun legalHoldStatusMapper(): LegalHoldStatusMapper = LegalHoldStatusMapperImpl
fun acmeMapper(): AcmeMapper = AcmeMapperImpl()
fun certificateStatusMapper(): CertificateStatusMapper = CertificateStatusMapperImpl()
}
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,8 @@ enum class CertificateStatus {
EXPIRED,
VALID
}

enum class UserVerificationStatus {
Verified,
NotVerified
}

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@

/*
* Wire
* Copyright (C) 2024 Wire Swiss GmbH
Expand All @@ -17,40 +18,88 @@
*/
package com.wire.kalium.logic.feature.e2ei

import com.wire.kalium.cryptography.CredentialType
import com.wire.kalium.cryptography.CryptoCertificateStatus
import com.wire.kalium.cryptography.WireIdentity
import com.wire.kalium.logic.di.MapperProvider
import com.wire.kalium.logic.data.id.QualifiedClientID
import com.wire.kalium.logic.data.id.toModel
import kotlinx.datetime.Instant
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable

@Serializable
data class E2eiCertificate(
@SerialName("userHandle")
var userHandle: String,
@SerialName("status")
val status: CertificateStatus,
@SerialName("serialNumber")
val serialNumber: String,
@SerialName("certificateDetail")
val certificateDetail: String,
@SerialName("thumbprint")
val thumbprint: String,
@SerialName("endAt")
val endAt: Instant
data class MLSClientIdentity(
@SerialName("clientId") val clientId: QualifiedClientID,
@SerialName("e2eiStatus") val e2eiStatus: MLSClientE2EIStatus,
@SerialName("thumbprint") val thumbprint: String,
@SerialName("credentialType") val credentialType: MLSCredentialsType,
@SerialName("x509Identity") val x509Identity: X509Identity?
) {
companion object {
fun fromWireIdentity(identity: WireIdentity): MLSClientIdentity = MLSClientIdentity(
clientId = identity.clientId.toModel(),
e2eiStatus = MLSClientE2EIStatus.fromCryptoStatus(identity),
thumbprint = identity.thumbprint,
credentialType = MLSCredentialsType.fromCrypto(identity.credentialType),
x509Identity = identity.x509Identity?.let {
X509Identity(
handle = Handle.fromWireIdentity(it.handle),
displayName = it.displayName,
domain = it.domain,
serialNumber = it.serialNumber,
certificate = it.certificate,
notBefore = Instant.fromEpochSeconds(it.notBefore),
notAfter = Instant.fromEpochSeconds(it.notAfter)
)
})
}
}

@Serializable
data class X509Identity(
@SerialName("handle") val handle: Handle,
@SerialName("displayName") val displayName: String,
@SerialName("domain") val domain: String,
@SerialName("serialNumber") val serialNumber: String,
@SerialName("certificateDetail") val certificate: String,
@SerialName("notBefore") val notBefore: Instant,
@SerialName("notAfter") val notAfter: Instant
)

@Serializable
data class Handle(
@SerialName("scheme") val scheme: String,
@SerialName("handle") val handle: String,
@SerialName("domain") val domain: String
) {
companion object {
val certificateStatusMapper = MapperProvider.certificateStatusMapper()

fun fromWireIdentity(identity: WireIdentity): E2eiCertificate? =
identity.certificate?.let {
E2eiCertificate(
userHandle = it.handle.handle,
status = certificateStatusMapper.toCertificateStatus(identity.status),
serialNumber = it.serialNumber,
certificateDetail = it.certificate,
thumbprint = it.thumbprint,
endAt = Instant.fromEpochSeconds(it.endTimestampSeconds)
)
fun fromWireIdentity(handle: WireIdentity.Handle) =
Handle(handle.scheme, handle.handle, handle.domain)
}
}

enum class MLSClientE2EIStatus {
REVOKED, EXPIRED, VALID, NOT_ACTIVATED;

companion object {
fun fromCryptoStatus(identity: WireIdentity) =
if (identity.credentialType == CredentialType.Basic || identity.x509Identity == null)
NOT_ACTIVATED
else when (identity.status) {
CryptoCertificateStatus.REVOKED -> REVOKED
CryptoCertificateStatus.EXPIRED -> EXPIRED
CryptoCertificateStatus.VALID -> VALID
}
}
}

enum class MLSCredentialsType {
X509, BASIC;

companion object {
fun fromCrypto(value: CredentialType) = when (value) {
CredentialType.Basic -> BASIC
CredentialType.X509 -> X509
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
package com.wire.kalium.logic.feature.e2ei.usecase

import com.benasher44.uuid.uuid4
import com.wire.kalium.cryptography.CredentialType
import com.wire.kalium.cryptography.CryptoCertificateStatus
import com.wire.kalium.cryptography.WireIdentity
import com.wire.kalium.logger.KaliumLogger
Expand Down Expand Up @@ -115,9 +116,10 @@ internal class FetchMLSVerificationStatusUseCaseImpl(
val persistedMemberInfo = dbData.members[userId]
val isUserVerified = wireIdentity.firstOrNull {
it.status != CryptoCertificateStatus.VALID ||
it.certificate == null ||
it.certificate?.displayName != persistedMemberInfo?.name ||
it.certificate?.handle?.handle != persistedMemberInfo?.handle
it.credentialType != CredentialType.X509 ||
it.x509Identity == null ||
it.x509Identity?.displayName != persistedMemberInfo?.name ||
it.x509Identity?.handle?.handle != persistedMemberInfo?.handle
} == null
if (!isUserVerified) {
newStatus = VerificationStatus.NOT_VERIFIED
Expand Down
Loading
Loading