chore(cc): upgrade to rc 22 (WPB-5890) (#2316)

* chore(core-crypto): upgrade to RC 22

* chore: update oidc challenge functions to use corecrypto

* fix tests

* fix tests

cryptography/src/androidInstrumentedTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt

@@ -23,9 +23,13 @@ import java.nio.file.Files
 actual open class BaseMLSClientTest {
 
     actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
+        return createCoreCrypto(clientId).mlsClient(clientId)
+    }
+
+    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
         val root = Files.createTempDirectory("mls").toFile()
         val keyStore = root.resolve("keystore-$clientId")
-        return coreCryptoCentral(keyStore.absolutePath, "test").mlsClient(clientId)
+        return coreCryptoCentral(keyStore.absolutePath, "test")
     }
 
 }

cryptography/src/androidUnitTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt

@@ -21,10 +21,13 @@ package com.wire.kalium.cryptography
 import java.nio.file.Files
 
 actual open class BaseMLSClientTest {
-
     actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
+        return createCoreCrypto(clientId).mlsClient(clientId)
+    }
+
+    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
         val root = Files.createTempDirectory("mls").toFile()
         val keyStore = root.resolve("keystore-$clientId")
-        return coreCryptoCentral(keyStore.absolutePath, "test").mlsClient(clientId)
+        return coreCryptoCentral(keyStore.absolutePath, "test")
     }
 }

cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt

@@ -55,11 +55,15 @@ class E2EIClientImpl : E2EIClient {
         TODO("Not yet implemented")
     }
 
-    override suspend fun getNewOidcChallengeRequest(idToken: String, previousNonce: String): JsonRawData {
+    override suspend fun getNewOidcChallengeRequest(idToken: String, refreshToken: String, previousNonce: String): JsonRawData {
         TODO("Not yet implemented")
     }
 
-    override suspend fun setChallengeResponse(challenge: JsonRawData) {
+    override suspend fun setOIDCChallengeResponse(coreCrypto: CoreCryptoCentral, challenge: JsonRawData) {
+        TODO("Not yet implemented")
+    }
+
+    override suspend fun setDPoPChallengeResponse(challenge: JsonRawData) {
         TODO("Not yet implemented")
     }
 

cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt

@@ -184,7 +184,6 @@ class MLSClientImpl(
     }
 
     override suspend fun e2eiNewActivationEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String,
         handle: String,
         teamId: String?
@@ -193,7 +192,6 @@ class MLSClientImpl(
     }
 
     override suspend fun e2eiNewRotateEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String?,
         handle: String?,
         teamId: String?

cryptography/src/appleTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt

@@ -25,9 +25,13 @@ import platform.Foundation.URLByAppendingPathComponent
 
 actual open class BaseMLSClientTest actual constructor() {
     actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
+        return createCoreCrypto(clientId).mlsClient(clientId)
+    }
+
+    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
         val rootDir = NSURL.fileURLWithPath(NSTemporaryDirectory() + "/mls", isDirectory = true)
         NSFileManager.defaultManager.createDirectoryAtURL(rootDir, true, null, null)
         val keyStore = rootDir.URLByAppendingPathComponent("keystore-$clientId")!!
-        return coreCryptoCentral(keyStore.path!!, "test").mlsClient(clientId)
+        return coreCryptoCentral(keyStore.path!!, "test")
     }
 }

cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/CoreCryptoCentral.kt

@@ -60,6 +60,7 @@ private class Callbacks : CoreCryptoCallbacks {
 }
 
 class CoreCryptoCentralImpl(private val cc: CoreCrypto, private val rootDir: String) : CoreCryptoCentral {
+    fun getCoreCrypto() = cc
 
     override suspend fun mlsClient(clientId: CryptoQualifiedClientId): MLSClient {
         cc.mlsInit(clientId.toString().encodeToByteArray(), Ciphersuites.DEFAULT.lower(), null)

cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt

@@ -54,11 +54,15 @@ class E2EIClientImpl(
     override suspend fun getNewDpopChallengeRequest(accessToken: String, previousNonce: String) =
         wireE2eIdentity.newDpopChallengeRequest(accessToken, previousNonce)
 
-    override suspend fun getNewOidcChallengeRequest(idToken: String, previousNonce: String) =
-        wireE2eIdentity.newOidcChallengeRequest(idToken, previousNonce)
+    override suspend fun getNewOidcChallengeRequest(idToken: String, refreshToken: String, previousNonce: String) =
+        wireE2eIdentity.newOidcChallengeRequest(idToken, refreshToken, previousNonce)
 
-    override suspend fun setChallengeResponse(challenge: JsonRawData) =
-        wireE2eIdentity.newChallengeResponse(challenge)
+    override suspend fun setOIDCChallengeResponse(coreCrypto: CoreCryptoCentral, challenge: JsonRawData) =
+        wireE2eIdentity.newOidcChallengeResponse((coreCrypto as CoreCryptoCentralImpl).getCoreCrypto(), challenge)
+
+    override suspend fun setDPoPChallengeResponse(challenge: JsonRawData) {
+        wireE2eIdentity.newDpopChallengeResponse(challenge)
+    }
 
     override suspend fun checkOrderRequest(orderUrl: String, previousNonce: String) =
         wireE2eIdentity.checkOrderRequest(orderUrl, previousNonce)

cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt

@@ -217,14 +217,12 @@ class MLSClientImpl(
     }
 
     override suspend fun e2eiNewActivationEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String,
         handle: String,
         teamId: String?
     ): E2EIClient {
         return E2EIClientImpl(
             coreCrypto.e2eiNewActivationEnrollment(
-                clientId.toString(),
                 displayName,
                 handle,
                 teamId,
@@ -235,14 +233,12 @@ class MLSClientImpl(
     }
 
     override suspend fun e2eiNewRotateEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String?,
         handle: String?,
         teamId: String?
     ): E2EIClient {
         return E2EIClientImpl(
             coreCrypto.e2eiNewRotateEnrollment(
-                clientId.toString(),
                 displayName,
                 handle,
                 teamId,
@@ -371,8 +367,7 @@ class MLSClientImpl(
 
         fun toE2EIConversationState(value: com.wire.crypto.E2eiConversationState) = when (value) {
             E2eiConversationState.VERIFIED -> E2EIConversationState.VERIFIED
-            // TODO: this value is wrong on CoreCrypto, it will be renamed to NOT_VERIFIED
-            E2eiConversationState.DEGRADED -> E2EIConversationState.NOT_VERIFIED
+            E2eiConversationState.NOT_VERIFIED -> E2EIConversationState.NOT_VERIFIED
             E2eiConversationState.NOT_ENABLED -> E2EIConversationState.NOT_ENABLED
         }
 

cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt

@@ -54,8 +54,9 @@ interface E2EIClient {
     suspend fun setAuthzResponse(authz: JsonRawData): NewAcmeAuthz
     suspend fun createDpopToken(backendNonce: String): DpopToken
     suspend fun getNewDpopChallengeRequest(accessToken: String, previousNonce: String): JsonRawData
-    suspend fun getNewOidcChallengeRequest(idToken: String, previousNonce: String): JsonRawData
-    suspend fun setChallengeResponse(challenge: JsonRawData)
+    suspend fun getNewOidcChallengeRequest(idToken: String, refreshToken: String, previousNonce: String): JsonRawData
+    suspend fun setOIDCChallengeResponse(coreCrypto: CoreCryptoCentral, challenge: JsonRawData)
+    suspend fun setDPoPChallengeResponse(challenge: JsonRawData)
     suspend fun checkOrderRequest(orderUrl: String, previousNonce: String): JsonRawData
     suspend fun checkOrderResponse(order: JsonRawData): String
     suspend fun finalizeRequest(previousNonce: String): JsonRawData

cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt

@@ -305,7 +305,6 @@ interface MLSClient {
      * @return wire end to end identity client
      */
     suspend fun e2eiNewActivationEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String,
         handle: String,
         teamId: String?
@@ -317,7 +316,6 @@ interface MLSClient {
      * @return wire end to end identity client
      */
     suspend fun e2eiNewRotateEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String?,
         handle: String?,
         teamId: String?

cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt

@@ -22,4 +22,6 @@ expect open class BaseMLSClientTest() {
 
     suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient
 
+    suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral
+
 }

cryptography/src/commonTest/kotlin/com/wire/kalium/cryptography/E2EIClientTest.kt

@@ -103,46 +103,52 @@ class E2EIClientTest : BaseMLSClientTest() {
         e2eiClient.setOrderResponse(NEW_ORDER_API_RESPONSE)
         e2eiClient.setAuthzResponse(AUTHZ_API_RESPONSE)
         e2eiClient.createDpopToken(NONCE)
-        assertTrue(e2eiClient.getNewOidcChallengeRequest(OAUTH_ID_TOKEN, NONCE).isNotEmpty())
+        assertTrue(e2eiClient.getNewOidcChallengeRequest(OAUTH_ID_TOKEN, REFRESH_TOKEN, NONCE).isNotEmpty())
     }
 
     @Test
     fun givenClient_whenCallingCheckOrderRequest_ReturnNonEmptyResult() = runTest {
+        val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId)
         val e2eiClient = createE2EIClient(ALICE1)
         e2eiClient.directoryResponse(ACME_DIRECTORY_API_RESPONSE)
         e2eiClient.setAccountResponse(NEW_ACCOUNT_API_RESPONSE)
         e2eiClient.setOrderResponse(NEW_ORDER_API_RESPONSE)
         e2eiClient.setAuthzResponse(AUTHZ_API_RESPONSE)
         e2eiClient.createDpopToken(NONCE)
-        e2eiClient.setChallengeResponse(DPOP_CHALLENGE_RESPONSE)
-        e2eiClient.setChallengeResponse(OIDC_CHALLENGE_RESPONSE)
+        e2eiClient.setDPoPChallengeResponse(DPOP_CHALLENGE_RESPONSE)
+        e2eiClient.getNewOidcChallengeRequest(OAUTH_ID_TOKEN, REFRESH_TOKEN, NONCE)
+        e2eiClient.setOIDCChallengeResponse(coreCryptoCentral, OIDC_CHALLENGE_RESPONSE)
         assertTrue(e2eiClient.checkOrderRequest(FINALIZE_ORDER_URL, NONCE).isNotEmpty())
     }
 
     @Test
     fun givenClient_whenCallingFinalizeRequest_ReturnNonEmptyResult() = runTest {
+        val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId)
         val e2eiClient = createE2EIClient(ALICE1)
         e2eiClient.directoryResponse(ACME_DIRECTORY_API_RESPONSE)
         e2eiClient.setAccountResponse(NEW_ACCOUNT_API_RESPONSE)
         e2eiClient.setOrderResponse(NEW_ORDER_API_RESPONSE)
         e2eiClient.setAuthzResponse(AUTHZ_API_RESPONSE)
         e2eiClient.createDpopToken(NONCE)
-        e2eiClient.setChallengeResponse(DPOP_CHALLENGE_RESPONSE)
-        e2eiClient.setChallengeResponse(OIDC_CHALLENGE_RESPONSE)
+        e2eiClient.setDPoPChallengeResponse(DPOP_CHALLENGE_RESPONSE)
+        e2eiClient.getNewOidcChallengeRequest(OAUTH_ID_TOKEN, REFRESH_TOKEN, NONCE)
+        e2eiClient.setOIDCChallengeResponse(coreCryptoCentral, OIDC_CHALLENGE_RESPONSE)
         e2eiClient.checkOrderResponse(ORDER_RESPONSE)
         assertTrue(e2eiClient.finalizeRequest(NONCE).isNotEmpty())
     }
 
     @Test
     fun givenClient_whenCallingCertificateRequest_ReturnNonEmptyResult() = runTest {
+        val coreCryptoCentral = createCoreCrypto(ALICE1.qualifiedClientId)
         val e2eiClient = createE2EIClient(ALICE1)
         e2eiClient.directoryResponse(ACME_DIRECTORY_API_RESPONSE)
         e2eiClient.setAccountResponse(NEW_ACCOUNT_API_RESPONSE)
         e2eiClient.setOrderResponse(NEW_ORDER_API_RESPONSE)
         e2eiClient.setAuthzResponse(AUTHZ_API_RESPONSE)
         e2eiClient.createDpopToken(NONCE)
-        e2eiClient.setChallengeResponse(DPOP_CHALLENGE_RESPONSE)
-        e2eiClient.setChallengeResponse(OIDC_CHALLENGE_RESPONSE)
+        e2eiClient.setDPoPChallengeResponse(DPOP_CHALLENGE_RESPONSE)
+        e2eiClient.getNewOidcChallengeRequest(OAUTH_ID_TOKEN, REFRESH_TOKEN, NONCE)
+        e2eiClient.setOIDCChallengeResponse(coreCryptoCentral, OIDC_CHALLENGE_RESPONSE)
         e2eiClient.checkOrderResponse(ORDER_RESPONSE)
         e2eiClient.finalizeResponse(FINALIZE_RESPONSE)
         assertTrue(e2eiClient.certificateRequest(NONCE).isNotEmpty())
@@ -169,6 +175,7 @@ class E2EIClientTest : BaseMLSClientTest() {
             """.toByteArray()
 
         val NONCE = "TGR6Rk45RlR2WDlzanMxWEpYd21YaFR0SkZBYTNzUWk"
+        val REFRESH_TOKEN = "YRjxLpsjRqL7zYuKstXogqioA_P3Z4fiEuga0NCVRcDSc8cy_9msxg"
 
         val NEW_ACCOUNT_API_RESPONSE = """
             {

cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt

@@ -55,11 +55,15 @@ class E2EIClientImpl : E2EIClient {
         TODO("Not yet implemented")
     }
 
-    override suspend fun getNewOidcChallengeRequest(idToken: String, previousNonce: String): JsonRawData {
+    override suspend fun getNewOidcChallengeRequest(idToken: String, refreshToken: String, previousNonce: String): JsonRawData {
         TODO("Not yet implemented")
     }
 
-    override suspend fun setChallengeResponse(challenge: JsonRawData) {
+    override suspend fun setOIDCChallengeResponse(coreCrypto: CoreCryptoCentral, challenge: JsonRawData) {
+        TODO("Not yet implemented")
+    }
+
+    override suspend fun setDPoPChallengeResponse(challenge: JsonRawData) {
         TODO("Not yet implemented")
     }
 

cryptography/src/jsMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt

@@ -122,7 +122,6 @@ class MLSClientImpl : MLSClient {
     }
 
     override suspend fun e2eiNewActivationEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String,
         handle: String,
         teamId: String?
@@ -131,7 +130,6 @@ class MLSClientImpl : MLSClient {
     }
 
     override suspend fun e2eiNewRotateEnrollment(
-        clientId: CryptoQualifiedClientId,
         displayName: String?,
         handle: String?,
         teamId: String?

cryptography/src/jsTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt

@@ -23,4 +23,7 @@ actual open class BaseMLSClientTest actual constructor() {
         TODO("Not yet implemented")
     }
 
+    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId):CoreCryptoCentral {
+        TODO("Not yet implemented")
+    }
 }

cryptography/src/jvmTest/kotlin/com/wire/kalium/cryptography/BaseMLSClientTest.kt

@@ -23,8 +23,12 @@ import java.nio.file.Files
 actual open class BaseMLSClientTest {
 
     actual suspend fun createMLSClient(clientId: CryptoQualifiedClientId): MLSClient {
+        return createCoreCrypto(clientId).mlsClient(clientId)
+    }
+
+    actual suspend fun createCoreCrypto(clientId: CryptoQualifiedClientId): CoreCryptoCentral {
         val root = Files.createTempDirectory("mls").toFile()
         val keyStore = root.resolve("keystore-$clientId")
-        return coreCryptoCentral(keyStore.absolutePath, "test").mlsClient(clientId)
+        return coreCryptoCentral(keyStore.absolutePath, "test")
     }
 }

gradle/libs.versions.toml

@@ -37,7 +37,7 @@ pbandk = "0.14.2"
 turbine = "1.0.0"
 avs = "9.6.3"
 jna = "5.13.0"
-core-crypto = "1.0.0-rc.21"
+core-crypto = "1.0.0-rc.22"
 core-crypto-multiplatform = "0.6.0-rc.3-multiplatform-pre1"
 completeKotlin = "1.1.0"
 desugar-jdk = "2.0.4"

logic/src/commonMain/kotlin/com/wire/kalium/logic/data/client/E2EIClientProvider.kt

@@ -18,13 +18,10 @@
 
 package com.wire.kalium.logic.data.client
 
-import com.wire.kalium.cryptography.CryptoQualifiedClientId
-import com.wire.kalium.cryptography.CryptoQualifiedID
 import com.wire.kalium.cryptography.E2EIClient
 import com.wire.kalium.logic.CoreFailure
 import com.wire.kalium.logic.E2EIFailure
 import com.wire.kalium.logic.data.conversation.ClientId
-import com.wire.kalium.logic.data.user.UserId
 import com.wire.kalium.logic.data.user.UserRepository
 import com.wire.kalium.logic.data.id.CurrentClientIdProvider
 import com.wire.kalium.logic.data.user.SelfUser
@@ -41,7 +38,6 @@ interface E2EIClientProvider {
 }
 
 internal class EI2EIClientProviderImpl(
-    private val userId: UserId,
     private val currentClientIdProvider: CurrentClientIdProvider,
     private val mlsClientProvider: MLSClientProvider,
     private val userRepository: UserRepository,
@@ -54,10 +50,6 @@ internal class EI2EIClientProviderImpl(
         withContext(dispatchers.io) {
             val currentClientId =
                 clientId ?: currentClientIdProvider().fold({ return@withContext Either.Left(it) }, { it })
-            val e2eiClientId = CryptoQualifiedClientId(
-                currentClientId.value,
-                CryptoQualifiedID(value = userId.value, domain = userId.domain)
-            )
 
             return@withContext e2EIClient?.let {
                 Either.Right(it)
@@ -67,15 +59,13 @@ internal class EI2EIClientProviderImpl(
                         val newE2EIClient = if (it.isE2EIEnabled()) {
                             kaliumLogger.e("initial E2EI client for mls client that already has e2ei enabled")
                             it.e2eiNewRotateEnrollment(
-                                e2eiClientId,
                                 selfUser.name,
                                 selfUser.handle,
                                 selfUser.teamId.toString()
                             )
                         } else {
                             kaliumLogger.e("initial E2EI client for MLS client without e2ei")
                             it.e2eiNewActivationEnrollment(
-                                e2eiClientId,
                                 selfUser.name!!,
                                 selfUser.handle!!,
                                 selfUser.teamId.toString()