chore(mls): unify MLSClientIdentity models (WPB-9774)

cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt

@@ -19,6 +19,7 @@
 package com.wire.kalium.cryptography
 
 import com.wire.crypto.BufferedDecryptedMessage
+import com.wire.crypto.Ciphersuite
 import com.wire.crypto.ConversationConfiguration
 import com.wire.crypto.CoreCrypto
 import com.wire.crypto.CustomConfiguration
@@ -28,7 +29,6 @@ import com.wire.crypto.MlsCredentialType
 import com.wire.crypto.MlsGroupInfoEncryptionType
 import com.wire.crypto.MlsRatchetTreeType
 import com.wire.crypto.MlsWirePolicy
-import com.wire.crypto.Ciphersuite
 import io.ktor.util.decodeBase64Bytes
 import io.ktor.util.encodeBase64
 import kotlin.time.Duration
@@ -332,18 +332,26 @@ class MLSClientImpl(
             return clientId?.let {
                 WireIdentity(
                     CryptoQualifiedClientId.fromEncodedString(value.clientId)!!,
-                    value.x509Identity?.handle,
-                    value.x509Identity?.displayName,
-                    value.x509Identity?.domain,
-                    value.x509Identity?.certificate,
                     toDeviceStatus(value.status),
                     value.thumbprint,
-                    value.x509Identity?.serialNumber,
-                    value.x509Identity?.notAfter?.toLong()
+                    toCredentialType(value.credentialType),
+                    value.x509Identity?.let {
+                        toX509Identity(it)
+                    }
                 )
             }
         }
 
+        fun toX509Identity(value: com.wire.crypto.X509Identity) = WireIdentity.X509Identity(
+            handle = WireIdentity.Handle.fromString(value.handle, value.domain),
+            displayName = value.displayName,
+            domain = value.domain,
+            certificate = value.certificate,
+            serialNumber = value.serialNumber,
+            notBefore = value.notBefore.toLong(),
+            notAfter = value.notAfter.toLong()
+        )
+
         fun toDeviceStatus(value: com.wire.crypto.DeviceStatus) = when (value) {
             com.wire.crypto.DeviceStatus.VALID -> CryptoCertificateStatus.VALID
             com.wire.crypto.DeviceStatus.EXPIRED -> CryptoCertificateStatus.EXPIRED
@@ -403,6 +411,11 @@ class MLSClientImpl(
             CredentialType.X509 -> MlsCredentialType.X509
         }
 
+        fun toCredentialType(value: MlsCredentialType) = when (value) {
+            MlsCredentialType.BASIC -> CredentialType.Basic
+            MlsCredentialType.X509 -> CredentialType.X509
+        }
+
         fun toCrlRegistration(value: com.wire.crypto.CrlRegistration) = CrlRegistration(
             value.dirty,
             value.expiration

cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/IDs.kt

@@ -78,54 +78,19 @@ data class CryptoQualifiedClientId(
 
 data class WireIdentity(
     val clientId: CryptoQualifiedClientId,
-    val certificate: Certificate?,
     val status: CryptoCertificateStatus,
+    val thumbprint: String,
+    val credentialType: CredentialType,
+    val x509Identity: X509Identity?
 ) {
-    companion object {
-        @Suppress("LongParameterList")
-        operator fun invoke(
-            clientId: CryptoQualifiedClientId,
-            handle: String?,
-            displayName: String?,
-            domain: String?,
-            certificate: String?,
-            status: CryptoCertificateStatus,
-            thumbprint: String?,
-            serialNumber: String?,
-            endTimestampSeconds: Long?
-        ): WireIdentity {
-            @Suppress("ComplexCondition")
-            val certificateData = if (handle == null || displayName == null || domain == null || certificate == null
-                || thumbprint == null || serialNumber == null || endTimestampSeconds == null
-            ) {
-                null
-            } else {
-                Certificate(
-                    Handle.fromString(handle, domain),
-                    displayName,
-                    domain,
-                    certificate,
-                    thumbprint,
-                    serialNumber,
-                    endTimestampSeconds
-                )
-            }
-            return WireIdentity(
-                clientId = clientId,
-                certificate = certificateData,
-                status = status
-            )
-        }
-    }
-
-    data class Certificate(
+    data class X509Identity(
         val handle: Handle,
         val displayName: String,
         val domain: String,
         val certificate: String,
-        val thumbprint: String,
         val serialNumber: String,
-        val endTimestampSeconds: Long
+        val notBefore: Long,
+        val notAfter: Long
     )
 
     // WireIdentity handle format is "{scheme}%40{username}@{domain}"

logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/DecryptedMessageBundleMapper.kt

@@ -33,17 +33,5 @@ fun com.wire.kalium.cryptography.DecryptedMessageBundle.toModel(groupID: GroupID
             )
         },
         commitDelay,
-        identity?.let { identity ->
-            identity.certificate?.let { certificate ->
-                E2EIdentity(
-                    identity.clientId,
-                    certificate.handle.handle,
-                    certificate.displayName,
-                    certificate.domain,
-                    certificate.certificate,
-                    identity.status,
-                    certificate.thumbprint
-                )
-            }
-        }
+        identity
     )

logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/MLSConversationRepository.kt

@@ -20,7 +20,6 @@
 package com.wire.kalium.logic.data.conversation
 
 import com.wire.kalium.cryptography.CommitBundle
-import com.wire.kalium.cryptography.CryptoCertificateStatus
 import com.wire.kalium.cryptography.CryptoQualifiedClientId
 import com.wire.kalium.cryptography.E2EIClient
 import com.wire.kalium.cryptography.MLSClient
@@ -102,17 +101,7 @@ data class DecryptedMessageBundle(
     val groupID: GroupID,
     val applicationMessage: ApplicationMessage?,
     val commitDelay: Long?,
-    val identity: E2EIdentity?
-)
-
-data class E2EIdentity(
-    val clientId: CryptoQualifiedClientId,
-    val handle: String,
-    val displayName: String,
-    val domain: String,
-    val certificate: String,
-    val status: CryptoCertificateStatus,
-    val thumbprint: String
+    val identity: WireIdentity?
 )
 
 @Suppress("TooManyFunctions", "LongParameterList")

logic/src/commonMain/kotlin/com/wire/kalium/logic/data/id/PlainId.kt

@@ -18,9 +18,12 @@
 
 package com.wire.kalium.logic.data.id
 
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
 import kotlin.jvm.JvmInline
 
 @JvmInline
-value class PlainId(val value: String)
+@Serializable
+value class PlainId(@SerialName("value") val value: String)
 
 typealias TeamId = PlainId

logic/src/commonMain/kotlin/com/wire/kalium/logic/data/id/QualifiedId.kt

@@ -60,9 +60,10 @@ value class SubconversationId(val value: String) {
     fun toLogString() = value.obfuscateId()
 }
 
+@Serializable
 data class QualifiedClientID(
-    val clientId: ClientId,
-    val userId: UserId
+    @SerialName("clientId") val clientId: ClientId,
+    @SerialName("userId") val userId: UserId
 )
 
 typealias MessageId = String

logic/src/commonMain/kotlin/com/wire/kalium/logic/di/MapperProvider.kt

@@ -99,8 +99,6 @@ import com.wire.kalium.logic.data.user.type.DomainUserTypeMapper
 import com.wire.kalium.logic.data.user.type.DomainUserTypeMapperImpl
 import com.wire.kalium.logic.data.user.type.UserEntityTypeMapper
 import com.wire.kalium.logic.data.user.type.UserEntityTypeMapperImpl
-import com.wire.kalium.logic.feature.e2ei.CertificateStatusMapper
-import com.wire.kalium.logic.feature.e2ei.CertificateStatusMapperImpl
 
 internal object MapperProvider {
     fun apiVersionMapper(): ApiVersionMapper = ApiVersionMapperImpl()
@@ -176,5 +174,4 @@ internal object MapperProvider {
     fun serviceMapper(): ServiceMapper = ServiceMapper()
     fun legalHoldStatusMapper(): LegalHoldStatusMapper = LegalHoldStatusMapperImpl
     fun acmeMapper(): AcmeMapper = AcmeMapperImpl()
-    fun certificateStatusMapper(): CertificateStatusMapper = CertificateStatusMapperImpl()
 }

logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/CertificateStatus.kt

@@ -22,3 +22,8 @@ enum class CertificateStatus {
     EXPIRED,
     VALID
 }
+
+enum class UserVerificationStatus {
+    Verified,
+    NotVerified
+}

logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/E2eiCertificate.kt

@@ -1,3 +1,4 @@
+
 /*
  * Wire
  * Copyright (C) 2024 Wire Swiss GmbH
@@ -17,40 +18,88 @@
  */
 package com.wire.kalium.logic.feature.e2ei
 
+import com.wire.kalium.cryptography.CredentialType
+import com.wire.kalium.cryptography.CryptoCertificateStatus
 import com.wire.kalium.cryptography.WireIdentity
-import com.wire.kalium.logic.di.MapperProvider
+import com.wire.kalium.logic.data.id.QualifiedClientID
+import com.wire.kalium.logic.data.id.toModel
 import kotlinx.datetime.Instant
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
 
 @Serializable
-data class E2eiCertificate(
-    @SerialName("userHandle")
-    var userHandle: String,
-    @SerialName("status")
-    val status: CertificateStatus,
-    @SerialName("serialNumber")
-    val serialNumber: String,
-    @SerialName("certificateDetail")
-    val certificateDetail: String,
-    @SerialName("thumbprint")
-    val thumbprint: String,
-    @SerialName("endAt")
-    val endAt: Instant
+data class MLSClientIdentity(
+    @SerialName("clientId") val clientId: QualifiedClientID,
+    @SerialName("e2eiStatus") val e2eiStatus: MLSClientE2EIStatus,
+    @SerialName("thumbprint") val thumbprint: String,
+    @SerialName("credentialType") val credentialType: MLSCredentialsType,
+    @SerialName("x509Identity") val x509Identity: X509Identity?
+) {
+    companion object {
+        fun fromWireIdentity(identity: WireIdentity): MLSClientIdentity = MLSClientIdentity(
+            clientId = identity.clientId.toModel(),
+            e2eiStatus = MLSClientE2EIStatus.fromCryptoStatus(identity),
+                thumbprint = identity.thumbprint,
+                credentialType = MLSCredentialsType.fromCrypto(identity.credentialType),
+                x509Identity = identity.x509Identity?.let {
+                    X509Identity(
+                        handle = Handle.fromWireIdentity(it.handle),
+                        displayName = it.displayName,
+                        domain = it.domain,
+                        serialNumber = it.serialNumber,
+                        certificate = it.certificate,
+                        notBefore = Instant.fromEpochSeconds(it.notBefore),
+                        notAfter = Instant.fromEpochSeconds(it.notAfter)
+                    )
+                })
+    }
+}
+
+@Serializable
+data class X509Identity(
+    @SerialName("handle") val handle: Handle,
+    @SerialName("displayName") val displayName: String,
+    @SerialName("domain") val domain: String,
+    @SerialName("serialNumber") val serialNumber: String,
+    @SerialName("certificateDetail") val certificate: String,
+    @SerialName("notBefore") val notBefore: Instant,
+    @SerialName("notAfter") val notAfter: Instant
+)
+
+@Serializable
+data class Handle(
+    @SerialName("scheme") val scheme: String,
+    @SerialName("handle") val handle: String,
+    @SerialName("domain") val domain: String
 ) {
     companion object {
-        val certificateStatusMapper = MapperProvider.certificateStatusMapper()
-
-        fun fromWireIdentity(identity: WireIdentity): E2eiCertificate? =
-            identity.certificate?.let {
-                E2eiCertificate(
-                    userHandle = it.handle.handle,
-                    status = certificateStatusMapper.toCertificateStatus(identity.status),
-                    serialNumber = it.serialNumber,
-                    certificateDetail = it.certificate,
-                    thumbprint = it.thumbprint,
-                    endAt = Instant.fromEpochSeconds(it.endTimestampSeconds)
-                )
+        fun fromWireIdentity(handle: WireIdentity.Handle) =
+            Handle(handle.scheme, handle.handle, handle.domain)
+    }
+}
+
+enum class MLSClientE2EIStatus {
+    REVOKED, EXPIRED, VALID, NOT_ACTIVATED;
+
+    companion object {
+        fun fromCryptoStatus(identity: WireIdentity) =
+            if (identity.credentialType == CredentialType.Basic || identity.x509Identity == null)
+                NOT_ACTIVATED
+            else when (identity.status) {
+                CryptoCertificateStatus.REVOKED -> REVOKED
+                CryptoCertificateStatus.EXPIRED -> EXPIRED
+                CryptoCertificateStatus.VALID -> VALID
             }
     }
 }
+
+enum class MLSCredentialsType {
+    X509, BASIC;
+
+    companion object {
+        fun fromCrypto(value: CredentialType) = when (value) {
+            CredentialType.Basic -> BASIC
+            CredentialType.X509 -> X509
+        }
+    }
+}

logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/FetchMLSVerificationStatusUseCase.kt

@@ -18,6 +18,7 @@
 package com.wire.kalium.logic.feature.e2ei.usecase
 
 import com.benasher44.uuid.uuid4
+import com.wire.kalium.cryptography.CredentialType
 import com.wire.kalium.cryptography.CryptoCertificateStatus
 import com.wire.kalium.cryptography.WireIdentity
 import com.wire.kalium.logger.KaliumLogger
@@ -115,9 +116,10 @@ internal class FetchMLSVerificationStatusUseCaseImpl(
                     val persistedMemberInfo = dbData.members[userId]
                     val isUserVerified = wireIdentity.firstOrNull {
                         it.status != CryptoCertificateStatus.VALID ||
-                                it.certificate == null ||
-                                it.certificate?.displayName != persistedMemberInfo?.name ||
-                                it.certificate?.handle?.handle != persistedMemberInfo?.handle
+                                it.credentialType != CredentialType.X509 ||
+                                it.x509Identity == null ||
+                                it.x509Identity?.displayName != persistedMemberInfo?.name ||
+                                it.x509Identity?.handle?.handle != persistedMemberInfo?.handle
                     } == null
                     if (!isUserVerified) {
                         newStatus = VerificationStatus.NOT_VERIFIED