All Downloads are FREE. Search and download functionalities are using the official Maven repository.

main.com.wire.crypto.client.E2eiClient.kt Maven / Gradle / Ivy

There is a newer version: 3.0.0
Show newest version
package com.wire.crypto.client

typealias JsonRawData = ByteArray

data class AcmeDirectory(private val delegate: com.wire.crypto.AcmeDirectory) {
    val newNonce: String get() = delegate.newNonce
    val newOrder: String get() = delegate.newOrder
    val newAccount: String get() = delegate.newAccount
    val revokeCert: String get() = delegate.revokeCert

    fun lower() = delegate
}

fun com.wire.crypto.AcmeDirectory.toAcmeDirectory() = AcmeDirectory(this)

@OptIn(ExperimentalUnsignedTypes::class)
data class NewAcmeOrder(private val delegate: com.wire.crypto.NewAcmeOrder) {
    val authorizations: List get() = delegate.authorizations
    val raw: JsonRawData get() = delegate.delegate.toUByteArray().asByteArray()

    fun lower() = delegate
}

fun com.wire.crypto.NewAcmeOrder.toNewAcmeOrder() = NewAcmeOrder(this)

@OptIn(ExperimentalUnsignedTypes::class)
data class AcmeChallenge(private val delegate: com.wire.crypto.AcmeChallenge) {
    val url: String get() = delegate.url
    val raw: JsonRawData get() = delegate.delegate.toUByteArray().asByteArray()

    fun lower() = delegate
}

fun com.wire.crypto.AcmeChallenge.toAcmeChallenge() = AcmeChallenge(this)

data class NewAcmeAuthz(private val delegate: com.wire.crypto.NewAcmeAuthz) {
    val identifier: String get() = delegate.identifier
    val keyauth: String? get() = delegate.keyauth
    val challenge: AcmeChallenge get() = delegate.challenge.toAcmeChallenge()

    fun lower() = delegate
}

fun com.wire.crypto.NewAcmeAuthz.toNewAcmeAuthz() = NewAcmeAuthz(this)

@Suppress("TooManyFunctions")
class E2EIEnrollment(private val delegate: com.wire.crypto.E2eiEnrollment) {

    internal fun lower() = delegate

    /**
     * Parses the response from `GET /acme/{provisioner-name}/directory`. Use this [AcmeDirectory] in the next step to
     * fetch the first nonce from the acme server. Use [AcmeDirectory.newNonce].
     *
     * @param directory HTTP response body
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.1.1
     */
    suspend fun directoryResponse(directory: JsonRawData) =
        delegate.directoryResponse(directory).toAcmeDirectory()

    /**
     * For creating a new acme account. This returns a signed JWS-alike request body to send to
     * `POST /acme/{provisioner-name}/new-account`.
     *
     * @param previousNonce you got from calling `HEAD [AcmeDirectory.newNonce]`
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
     */
    suspend fun newAccountRequest(previousNonce: String) =
        delegate.newAccountRequest(previousNonce)

    /**
     * Parses the response from `POST /acme/{provisioner-name}/new-account`.
     * @param account HTTP response body
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
     */
    suspend fun accountResponse(account: JsonRawData) =
        delegate.newAccountResponse(account)

    /**
     * Creates a new acme order for the handle (userId + display name) and the clientId.
     *
     * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-account`
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
     */
    suspend fun newOrderRequest(previousNonce: String) =
        delegate.newOrderRequest(previousNonce)

    /**
     * Parses the response from `POST /acme/{provisioner-name}/new-order`.
     *
     * @param order HTTP response body
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
     */
    suspend fun newOrderResponse(order: JsonRawData) =
        delegate.newOrderResponse(order).toNewAcmeOrder()

    /**
     * Creates a new authorization request.
     *
     * @param url one of the URL in new order's authorizations (use [NewAcmeOrder.authorizations] from [newOrderResponse])
     * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/new-order` (or from the previous to this method if you are creating the second authorization)
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
     */
    suspend fun newAuthzRequest(url: String, previousNonce: String) =
        delegate.newAuthzRequest(url, previousNonce)

    /**
     * Parses the response from `POST /acme/{provisioner-name}/authz/{authz-id}`
     *
     * @param authz HTTP response body
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
     */
    suspend fun authzResponse(authz: JsonRawData) =
        delegate.newAuthzResponse(authz).toNewAcmeAuthz()

    /**
     * Generates a new client Dpop JWT token. It demonstrates proof of possession of the nonces
     * (from wire-server & acme server) and will be verified by the acme server when verifying the
     * challenge (in order to deliver a certificate).
     *
     * Then send it to [`POST /clients/{id}/access-token`](https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token) on wire-server.
     *
     * @param expirySecs of the client Dpop JWT. This should be equal to the grace period set in Team Management
     * @param backendNonce you get by calling `GET /clients/token/nonce` on wire-server as defined here {@link https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/get_clients__client__nonce}
     */
    suspend fun createDpopToken(expirySecs: UInt, backendNonce: String) =
        delegate.createDpopToken(expirySecs, backendNonce)

    /**
     * Creates a new challenge request for Wire Dpop challenge.
     *
     * @param accessToken returned by wire-server from https://staging-nginz-https.zinfra.io/api/swagger-ui/#/default/post_clients__cid__access_token
     * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
     */
    suspend fun newDpopChallengeRequest(accessToken: String, previousNonce: String) =
        delegate.newDpopChallengeRequest(accessToken, previousNonce)

    /**
     * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}` for DPoP challenge.
     *
     * @param challenge HTTP response body
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
     */
    suspend fun dpopChallengeResponse(challenge: JsonRawData) = delegate.newDpopChallengeResponse(challenge)

    /**
     * Creates a new challenge request for Wire Oidc challenge.
     *
     * @param idToken you get back from Identity Provider
     * @param refreshToken you get back from Identity Provider to renew the access token
     * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/authz/{authz-id}`
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
     */
    suspend fun newOidcChallengeRequest(idToken: String, refreshToken: String, previousNonce: String) =
        delegate.newOidcChallengeRequest(idToken, refreshToken, previousNonce)

    /**
     * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}` for OIDC challenge.
     *
     * @param cc CoreCrypto instance
     * @param challenge HTTP response body
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
     */
    @Deprecated("Use contextOidcChallengeResponse() with the CoreCryptoContext object created from a CoreCryptoCentral.transaction call")
    suspend fun oidcChallengeResponse(cc: CoreCryptoCentral, challenge: JsonRawData) = delegate.newOidcChallengeResponse(cc.lower(), challenge)

    /**
     * Parses the response from `POST /acme/{provisioner-name}/challenge/{challenge-id}` for OIDC challenge within a CoreCryptoContext.
     *
     * @param cc CoreCrypto instance
     * @param challenge HTTP response body
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
     */
    suspend fun contextOidcChallengeResponse(cc: CoreCryptoContext, challenge: JsonRawData) = delegate.contextNewOidcChallengeResponse(cc.lower(), challenge)

    /**
     * Verifies that the previous challenge has been completed.
     *
     * @param orderUrl `location` header from http response you got from [newOrderResponse]
     * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/challenge/{challenge-id}`
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
     */
    suspend fun checkOrderRequest(orderUrl: String, previousNonce: String) =
        delegate.checkOrderRequest(orderUrl, previousNonce)

    /**
     * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}`.
     *
     * @param order HTTP response body
     * @return finalize url to use with [finalizeRequest]
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
     */
    suspend fun checkOrderResponse(order: JsonRawData) =
        delegate.checkOrderResponse(order)

    /**
     * Final step before fetching the certificate.
     *
     * @param previousNonce - `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}`
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
     */
    suspend fun finalizeRequest(previousNonce: String) =
        delegate.finalizeRequest(previousNonce)

    /**
     * Parses the response from `POST /acme/{provisioner-name}/order/{order-id}/finalize`.
     *
     * @param finalize HTTP response body
     * @return the certificate url to use with [certificateRequest]
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4
     */
    suspend fun finalizeResponse(finalize: JsonRawData) =
        delegate.finalizeResponse(finalize)

    /**
     * Creates a request for finally fetching the x509 certificate.
     *
     * @param previousNonce `replay-nonce` response header from `POST /acme/{provisioner-name}/order/{order-id}/finalize`
     * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4.2
     */
    suspend fun certificateRequest(previousNonce: String) =
        delegate.certificateRequest(previousNonce)

    /**
     * Lets clients retrieve the OIDC refresh token to try to renew the user's authorization.
     * If it's expired, the user needs to reauthenticate and they will update the refresh token
     * in [newOidcChallengeRequest]
     */
    suspend fun getRefreshToken() = delegate.getRefreshToken()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy