chore(mls): unify MLSClientIdentity models (WPB-9774)

cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt

@@ -19,6 +19,7 @@
 package com.wire.kalium.cryptography
 
 import com.wire.crypto.BufferedDecryptedMessage
+import com.wire.crypto.Ciphersuite
 import com.wire.crypto.ConversationConfiguration
 import com.wire.crypto.CoreCrypto
 import com.wire.crypto.CustomConfiguration
@@ -28,7 +29,6 @@ import com.wire.crypto.MlsCredentialType
 import com.wire.crypto.MlsGroupInfoEncryptionType
 import com.wire.crypto.MlsRatchetTreeType
 import com.wire.crypto.MlsWirePolicy
-import com.wire.crypto.Ciphersuite
 import io.ktor.util.decodeBase64Bytes
 import io.ktor.util.encodeBase64
 import kotlin.time.Duration
@@ -332,18 +332,24 @@ class MLSClientImpl(
             return clientId?.let {
                 WireIdentity(
                     CryptoQualifiedClientId.fromEncodedString(value.clientId)!!,
-                    value.x509Identity?.handle,
-                    value.x509Identity?.displayName,
-                    value.x509Identity?.domain,
-                    value.x509Identity?.certificate,
                     toDeviceStatus(value.status),
                     value.thumbprint,
-                    value.x509Identity?.serialNumber,
-                    value.x509Identity?.notAfter?.toLong()
+                    toCredentialType(value.credentialType),
+                    if (value.credentialType == MlsCredentialType.X509) toX509Identity(value.x509Identity!!) else null
                 )
             }
         }
 
+        fun toX509Identity(value: com.wire.crypto.X509Identity) = WireIdentity.X509Identity(
+            handle = WireIdentity.Handle.fromString(value.handle, value.domain),
+            displayName = value.displayName,
+            domain = value.domain,
+            certificate = value.certificate,
+            serialNumber = value.serialNumber,
+            notBefore = value.notBefore.toLong(),
+            notAfter = value.notAfter.toLong()
+        )
+
         fun toDeviceStatus(value: com.wire.crypto.DeviceStatus) = when (value) {
             com.wire.crypto.DeviceStatus.VALID -> CryptoCertificateStatus.VALID
             com.wire.crypto.DeviceStatus.EXPIRED -> CryptoCertificateStatus.EXPIRED
@@ -403,6 +409,11 @@ class MLSClientImpl(
             CredentialType.X509 -> MlsCredentialType.X509
         }
 
+        fun toCredentialType(value: MlsCredentialType) = when (value) {
+            MlsCredentialType.BASIC -> CredentialType.Basic
+            MlsCredentialType.X509 -> CredentialType.X509
+        }
+
         fun toCrlRegistration(value: com.wire.crypto.CrlRegistration) = CrlRegistration(
             value.dirty,
             value.expiration

cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/IDs.kt

@@ -78,54 +78,19 @@ data class CryptoQualifiedClientId(
 
 data class WireIdentity(
     val clientId: CryptoQualifiedClientId,
-    val certificate: Certificate?,
     val status: CryptoCertificateStatus,
+    val thumbprint: String,
+    val credentialType: CredentialType,
+    val x509Identity: X509Identity?
 ) {
-    companion object {
-        @Suppress("LongParameterList")
-        operator fun invoke(
-            clientId: CryptoQualifiedClientId,
-            handle: String?,
-            displayName: String?,
-            domain: String?,
-            certificate: String?,
-            status: CryptoCertificateStatus,
-            thumbprint: String?,
-            serialNumber: String?,
-            endTimestampSeconds: Long?
-        ): WireIdentity {
-            @Suppress("ComplexCondition")
-            val certificateData = if (handle == null || displayName == null || domain == null || certificate == null
-                || thumbprint == null || serialNumber == null || endTimestampSeconds == null
-            ) {
-                null
-            } else {
-                Certificate(
-                    Handle.fromString(handle, domain),
-                    displayName,
-                    domain,
-                    certificate,
-                    thumbprint,
-                    serialNumber,
-                    endTimestampSeconds
-                )
-            }
-            return WireIdentity(
-                clientId = clientId,
-                certificate = certificateData,
-                status = status
-            )
-        }
-    }
-
-    data class Certificate(
+    data class X509Identity(
         val handle: Handle,
         val displayName: String,
         val domain: String,
         val certificate: String,
-        val thumbprint: String,
         val serialNumber: String,
-        val endTimestampSeconds: Long
+        val notBefore: Long,
+        val notAfter: Long
     )
 
     // WireIdentity handle format is "{scheme}%40{username}@{domain}"

logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/DecryptedMessageBundleMapper.kt

@@ -33,17 +33,5 @@ fun com.wire.kalium.cryptography.DecryptedMessageBundle.toModel(groupID: GroupID
             )
         },
         commitDelay,
-        identity?.let { identity ->
-            identity.certificate?.let { certificate ->
-                E2EIdentity(
-                    identity.clientId,
-                    certificate.handle.handle,
-                    certificate.displayName,
-                    certificate.domain,
-                    certificate.certificate,
-                    identity.status,
-                    certificate.thumbprint
-                )
-            }
-        }
+        identity
     )

logic/src/commonMain/kotlin/com/wire/kalium/logic/data/conversation/MLSConversationRepository.kt

@@ -20,7 +20,6 @@
 package com.wire.kalium.logic.data.conversation
 
 import com.wire.kalium.cryptography.CommitBundle
-import com.wire.kalium.cryptography.CryptoCertificateStatus
 import com.wire.kalium.cryptography.CryptoQualifiedClientId
 import com.wire.kalium.cryptography.E2EIClient
 import com.wire.kalium.cryptography.MLSClient
@@ -102,17 +101,7 @@ data class DecryptedMessageBundle(
     val groupID: GroupID,
     val applicationMessage: ApplicationMessage?,
     val commitDelay: Long?,
-    val identity: E2EIdentity?
-)
-
-data class E2EIdentity(
-    val clientId: CryptoQualifiedClientId,
-    val handle: String,
-    val displayName: String,
-    val domain: String,
-    val certificate: String,
-    val status: CryptoCertificateStatus,
-    val thumbprint: String
+    val identity: WireIdentity?
 )
 
 @Suppress("TooManyFunctions", "LongParameterList")

logic/src/commonMain/kotlin/com/wire/kalium/logic/di/MapperProvider.kt

@@ -99,8 +99,6 @@ import com.wire.kalium.logic.data.user.type.DomainUserTypeMapper
 import com.wire.kalium.logic.data.user.type.DomainUserTypeMapperImpl
 import com.wire.kalium.logic.data.user.type.UserEntityTypeMapper
 import com.wire.kalium.logic.data.user.type.UserEntityTypeMapperImpl
-import com.wire.kalium.logic.feature.e2ei.CertificateStatusMapper
-import com.wire.kalium.logic.feature.e2ei.CertificateStatusMapperImpl
 
 internal object MapperProvider {
     fun apiVersionMapper(): ApiVersionMapper = ApiVersionMapperImpl()
@@ -176,5 +174,4 @@ internal object MapperProvider {
     fun serviceMapper(): ServiceMapper = ServiceMapper()
     fun legalHoldStatusMapper(): LegalHoldStatusMapper = LegalHoldStatusMapperImpl
     fun acmeMapper(): AcmeMapper = AcmeMapperImpl()
-    fun certificateStatusMapper(): CertificateStatusMapper = CertificateStatusMapperImpl()
 }

logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/CertificateStatus.kt

@@ -22,3 +22,8 @@ enum class CertificateStatus {
     EXPIRED,
     VALID
 }
+
+enum class UserVerificationStatus {
+    Verified,
+    NotVerified
+}

logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/E2eiCertificate.kt

@@ -17,8 +17,9 @@
  */
 package com.wire.kalium.logic.feature.e2ei
 
+import com.wire.kalium.cryptography.CredentialType
+import com.wire.kalium.cryptography.CryptoCertificateStatus
 import com.wire.kalium.cryptography.WireIdentity
-import com.wire.kalium.logic.di.MapperProvider
 import kotlinx.datetime.Instant
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
@@ -37,20 +38,68 @@ data class E2eiCertificate(
     val thumbprint: String,
     @SerialName("endAt")
     val endAt: Instant
+)
+
+@Serializable
+data class MLSClientIdentity(
+    // val clientId: ClientId,
+    @SerialName("e2eiStatus") val e2eiStatus: MLSClientE2EIStatus,
+    @SerialName("thumbprint") val thumbprint: String,
+    @SerialName("credentialType") val credentialType: MLSCredentialsType,
+    @SerialName("x509Identity") val x509Identity: X509Identity?
 ) {
     companion object {
-        val certificateStatusMapper = MapperProvider.certificateStatusMapper()
-
-        fun fromWireIdentity(identity: WireIdentity): E2eiCertificate? =
-            identity.certificate?.let {
-                E2eiCertificate(
-                    userHandle = it.handle.handle,
-                    status = certificateStatusMapper.toCertificateStatus(identity.status),
-                    serialNumber = it.serialNumber,
-                    certificateDetail = it.certificate,
-                    thumbprint = it.thumbprint,
-                    endAt = Instant.fromEpochSeconds(it.endTimestampSeconds)
-                )
+        fun fromWireIdentity(identity: WireIdentity): MLSClientIdentity =
+            MLSClientIdentity(e2eiStatus = MLSClientE2EIStatus.fromCryptoStatus(identity),
+                thumbprint = identity.thumbprint,
+                credentialType = MLSCredentialsType.fromCrypto(identity.credentialType),
+                x509Identity = identity.x509Identity?.let {
+                    X509Identity(
+                        //  handle = it.handle,
+                        displayName = it.displayName,
+                        domain = it.domain,
+                        serialNumber = it.serialNumber,
+                        certificate = it.certificate,
+                        notBefore = Instant.fromEpochSeconds(it.notBefore),
+                        notAfter = Instant.fromEpochSeconds(it.notAfter)
+                    )
+                })
+    }
+}
+
+@Serializable
+data class X509Identity(
+    // @SerialName("handle") val handle: Handle,
+    @SerialName("displayName") val displayName: String,
+    @SerialName("domain") val domain: String,
+    @SerialName("serialNumber") val serialNumber: String,
+    @SerialName("certificateDetail") val certificate: String,
+    @SerialName("notBefore") val notBefore: Instant,
+    @SerialName("notAfter") val notAfter: Instant
+)
+
+enum class MLSClientE2EIStatus {
+    REVOKED, EXPIRED, VALID, NOT_ACTIVATED;
+
+    companion object {
+        fun fromCryptoStatus(identity: WireIdentity) =
+            if (identity.credentialType == CredentialType.Basic || identity.x509Identity == null)
+                NOT_ACTIVATED
+            else when (identity.status) {
+                CryptoCertificateStatus.REVOKED -> REVOKED
+                CryptoCertificateStatus.EXPIRED -> EXPIRED
+                CryptoCertificateStatus.VALID -> VALID
             }
     }
 }
+
+enum class MLSCredentialsType {
+    X509, BASIC;
+
+    companion object {
+        fun fromCrypto(value: CredentialType) = when (value) {
+            CredentialType.Basic -> BASIC
+            CredentialType.X509 -> X509
+        }
+    }
+}

logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/FetchMLSVerificationStatusUseCase.kt

@@ -18,6 +18,7 @@
 package com.wire.kalium.logic.feature.e2ei.usecase
 
 import com.benasher44.uuid.uuid4
+import com.wire.kalium.cryptography.CredentialType
 import com.wire.kalium.cryptography.CryptoCertificateStatus
 import com.wire.kalium.cryptography.WireIdentity
 import com.wire.kalium.logger.KaliumLogger
@@ -115,9 +116,10 @@ internal class FetchMLSVerificationStatusUseCaseImpl(
                     val persistedMemberInfo = dbData.members[userId]
                     val isUserVerified = wireIdentity.firstOrNull {
                         it.status != CryptoCertificateStatus.VALID ||
-                                it.certificate == null ||
-                                it.certificate?.displayName != persistedMemberInfo?.name ||
-                                it.certificate?.handle?.handle != persistedMemberInfo?.handle
+                                it.credentialType != CredentialType.X509 ||
+                                it.x509Identity == null ||
+                                it.x509Identity?.displayName != persistedMemberInfo?.name ||
+                                it.x509Identity?.handle?.handle != persistedMemberInfo?.handle
                     } == null
                     if (!isUserVerified) {
                         newStatus = VerificationStatus.NOT_VERIFIED

logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/e2ei/usecase/GetE2EICertificateUseCase.kt

@@ -17,36 +17,30 @@
  */
 package com.wire.kalium.logic.feature.e2ei.usecase
 
+import com.wire.kalium.logic.CoreFailure
+import com.wire.kalium.logic.StorageFailure
 import com.wire.kalium.logic.data.conversation.ClientId
 import com.wire.kalium.logic.data.conversation.MLSConversationRepository
-import com.wire.kalium.logic.feature.e2ei.E2eiCertificate
-import com.wire.kalium.logic.functional.fold
+import com.wire.kalium.logic.feature.e2ei.MLSClientIdentity
+import com.wire.kalium.logic.functional.Either
+import com.wire.kalium.logic.functional.flatMap
+import com.wire.kalium.logic.functional.left
+import com.wire.kalium.logic.functional.right
 
 /**
  * This use case is used to get the e2ei certificate
  */
-interface GetE2eiCertificateUseCase {
-    suspend operator fun invoke(clientId: ClientId): GetE2EICertificateUseCaseResult
+interface GetMLSClientIdentityUseCase {
+    suspend operator fun invoke(clientId: ClientId): Either<CoreFailure, MLSClientIdentity>
 }
 
-class GetE2eiCertificateUseCaseImpl internal constructor(
+class GetMLSClientIdentityUseCaseImpl internal constructor(
     private val mlsConversationRepository: MLSConversationRepository
-) : GetE2eiCertificateUseCase {
-    override suspend operator fun invoke(clientId: ClientId): GetE2EICertificateUseCaseResult =
-        mlsConversationRepository.getClientIdentity(clientId).fold(
-            { GetE2EICertificateUseCaseResult.Failure },
-            {
+) : GetMLSClientIdentityUseCase {
+    override suspend operator fun invoke(clientId: ClientId): Either<CoreFailure, MLSClientIdentity> =
+        mlsConversationRepository.getClientIdentity(clientId).flatMap {
                 it?.let {
-                    E2eiCertificate.fromWireIdentity(it)?.let { certificate ->
-                        GetE2EICertificateUseCaseResult.Success(certificate)
-                    }
-                } ?: GetE2EICertificateUseCaseResult.NotActivated
+                    MLSClientIdentity.fromWireIdentity(it).right()
+                } ?: StorageFailure.DataNotFound.left()
             }
-        )
-}
-
-sealed class GetE2EICertificateUseCaseResult {
-    class Success(val certificate: E2eiCertificate) : GetE2EICertificateUseCaseResult()
-    data object NotActivated : GetE2EICertificateUseCaseResult()
-    data object Failure : GetE2EICertificateUseCaseResult()
 }