feat(e2ei): add E2EIEnroll usecase (WPB-370)

cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/E2EIClientImpl.kt

@@ -47,7 +47,7 @@ class E2EIClientImpl : E2EIClient {
         TODO("Not yet implemented")
     }
 
-    override fun createDpopToken(accessTokenUrl: String, backendNonce: String): DpopToken {
+    override fun createDpopToken(backendNonce: String): DpopToken {
         TODO("Not yet implemented")
     }
 

cryptography/src/appleMain/kotlin/com/wire/kalium/cryptography/MLSClientImpl.kt

@@ -227,7 +227,11 @@ actual class MLSClientImpl actual constructor(
         return toByteArray(coreCrypto.exportSecretKey(toUByteList(groupId.decodeBase64Bytes()), keyLength))
     }
 
-    override fun newAcmeEnrollment(clientId: CryptoQualifiedClientId, displayName: String, handle: String): E2EIClient {
+    override fun newAcmeEnrollment(clientId: E2EIQualifiedClientId, displayName: String, handle: String): E2EIClient {
+        TODO("Not yet implemented")
+    }
+
+    override fun initMLSWithE2EI(e2eiClient: E2EIClient, certificate: CertificateChain) {
         TODO("Not yet implemented")
     }
 
@@ -275,7 +279,8 @@ actual class MLSClientImpl actual constructor(
             value.message?.let { toByteArray(it) },
             value.commitDelay?.toLong(),
             value.senderClientId?.let { CryptoQualifiedClientId.fromEncodedString((toByteArray(it).commonToUtf8String())) },
-            value.hasEpochChanged
+            value.hasEpochChanged,
+            identity = null
         )
     }
 

cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/E2EIClientImpl.kt

@@ -24,7 +24,7 @@ import com.wire.kalium.cryptography.MLSClientImpl.Companion.toUByteList
 @Suppress("TooManyFunctions")
 @OptIn(ExperimentalUnsignedTypes::class)
 class E2EIClientImpl(
-    private val wireE2eIdentity: WireE2eIdentity
+    val wireE2eIdentity: WireE2eIdentity
 ) : E2EIClient {
 
     private val defaultDPoPTokenExpiry: UInt = 30U
@@ -50,7 +50,7 @@ class E2EIClientImpl(
     override fun setAuthzResponse(authz: JsonRawData) =
         toNewAcmeAuthz(wireE2eIdentity.newAuthzResponse(toUByteList(authz)))
 
-    override fun createDpopToken(accessTokenUrl: String, backendNonce: String) =
+    override fun createDpopToken(backendNonce: String) =
         wireE2eIdentity.createDpopToken(expirySecs = defaultDPoPTokenExpiry, backendNonce)
 
     override fun getNewDpopChallengeRequest(accessToken: String, previousNonce: String) =
@@ -65,16 +65,14 @@ class E2EIClientImpl(
     override fun checkOrderRequest(orderUrl: String, previousNonce: String) =
         toByteArray(wireE2eIdentity.checkOrderRequest(orderUrl, previousNonce))
 
-    override fun checkOrderResponse(order: JsonRawData) {
+    override fun checkOrderResponse(order: JsonRawData) =
         wireE2eIdentity.checkOrderResponse(toUByteList(order))
-    }
 
     override fun finalizeRequest(previousNonce: String) =
         toByteArray(wireE2eIdentity.finalizeRequest(previousNonce))
 
-    override fun finalizeResponse(finalize: JsonRawData) {
+    override fun finalizeResponse(finalize: JsonRawData) =
         wireE2eIdentity.finalizeResponse(toUByteList(finalize))
-    }
 
     override fun certificateRequest(previousNonce: String) =
         toByteArray(wireE2eIdentity.certificateRequest(previousNonce))
@@ -86,7 +84,7 @@ class E2EIClientImpl(
 
         fun toNewAcmeOrder(value: com.wire.crypto.NewAcmeOrder) = NewAcmeOrder(
             value.delegate.toUByteArray().asByteArray(),
-            value.authorizations,
+            value.authorizations
         )
 
         private fun toAcmeChallenge(value: com.wire.crypto.AcmeChallenge) = AcmeChallenge(

cryptography/src/commonJvmAndroid/kotlin/com.wire.kalium.cryptography/MLSClientImpl.kt

@@ -176,12 +176,18 @@ actual class MLSClientImpl actual constructor(
     }
 
     override fun encryptMessage(groupId: MLSGroupId, message: PlainMessage): ApplicationMessage {
-        val applicationMessage = coreCrypto.encryptMessage(toUByteList(groupId.decodeBase64Bytes()), toUByteList(message))
+        val applicationMessage =
+            coreCrypto.encryptMessage(toUByteList(groupId.decodeBase64Bytes()), toUByteList(message))
         return toByteArray(applicationMessage)
     }
 
     override fun decryptMessage(groupId: MLSGroupId, message: ApplicationMessage): DecryptedMessageBundle {
-        return toDecryptedMessageBundle(coreCrypto.decryptMessage(toUByteList(groupId.decodeBase64Bytes()), toUByteList(message)))
+        return toDecryptedMessageBundle(
+            coreCrypto.decryptMessage(
+                toUByteList(groupId.decodeBase64Bytes()),
+                toUByteList(message)
+            )
+        )
     }
 
     override fun commitAccepted(groupId: MLSGroupId) {
@@ -237,7 +243,7 @@ actual class MLSClientImpl actual constructor(
         return toByteArray(coreCrypto.exportSecretKey(toUByteList(groupId.decodeBase64Bytes()), keyLength))
     }
 
-    override fun newAcmeEnrollment(clientId: CryptoQualifiedClientId, displayName: String, handle: String): E2EIClient {
+    override fun newAcmeEnrollment(clientId: E2EIQualifiedClientId, displayName: String, handle: String): E2EIClient {
         return E2EIClientImpl(
             coreCrypto.e2eiNewEnrollment(
                 clientId.toString(),
@@ -249,6 +255,10 @@ actual class MLSClientImpl actual constructor(
         )
     }
 
+    override fun initMLSWithE2EI(e2eiClient: E2EIClient, certificate: CertificateChain) {
+        coreCrypto.e2eiMlsInit((e2eiClient as E2EIClientImpl).wireE2eIdentity, certificate)
+    }
+
     companion object {
         fun toUByteList(value: ByteArray): List<UByte> = value.asUByteArray().asList()
         fun toUByteList(value: String): List<UByte> = value.encodeToByteArray().asUByteArray().asList()
@@ -293,7 +303,10 @@ actual class MLSClientImpl actual constructor(
             value.message?.let { toByteArray(it) },
             value.commitDelay?.toLong(),
             value.senderClientId?.let { CryptoQualifiedClientId.fromEncodedString(String(toByteArray(it))) },
-            value.hasEpochChanged
+            value.hasEpochChanged,
+            value.identity?.let {
+                E2EIdentity(it.clientId, it.handle, it.displayName, it.domain)
+            }
         )
     }
 

cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/E2EIClient.kt

@@ -51,13 +51,13 @@ interface E2EIClient {
     fun setOrderResponse(order: JsonRawData): NewAcmeOrder
     fun getNewAuthzRequest(url: String, previousNonce: String): JsonRawData
     fun setAuthzResponse(authz: JsonRawData): NewAcmeAuthz
-    fun createDpopToken(accessTokenUrl: String, backendNonce: String): DpopToken
+    fun createDpopToken(backendNonce: String): DpopToken
     fun getNewDpopChallengeRequest(accessToken: String, previousNonce: String): JsonRawData
     fun getNewOidcChallengeRequest(idToken: String, previousNonce: String): JsonRawData
     fun setChallengeResponse(challenge: JsonRawData)
     fun checkOrderRequest(orderUrl: String, previousNonce: String): JsonRawData
-    fun checkOrderResponse(order: JsonRawData)
+    fun checkOrderResponse(order: JsonRawData): String
     fun finalizeRequest(previousNonce: String): JsonRawData
-    fun finalizeResponse(finalize: JsonRawData)
+    fun finalizeResponse(finalize: JsonRawData): String
     fun certificateRequest(previousNonce: String): JsonRawData
 }

cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/IDs.kt

@@ -20,6 +20,8 @@
 
 package com.wire.kalium.cryptography
 
+import io.ktor.util.encodeBase64
+
 typealias MLSGroupId = String
 
 data class CryptoClientId(val value: String) {
@@ -69,3 +71,17 @@ data class CryptoQualifiedClientId(
         }
     }
 }
+
+data class E2EIdentity(
+    var clientId: String,
+    var handle: String,
+    var displayName: String,
+    var domain: String
+)
+
+data class E2EIQualifiedClientId(
+    val value: String,
+    val userId: CryptoQualifiedID
+) {
+    override fun toString() = "${userId.value.encodeBase64()}:${value}@${userId.domain}"
+}

cryptography/src/commonMain/kotlin/com/wire/kalium/cryptography/MLSClient.kt

@@ -25,6 +25,7 @@ typealias HandshakeMessage = ByteArray
 typealias ApplicationMessage = ByteArray
 typealias PlainMessage = ByteArray
 typealias MLSKeyPackage = ByteArray
+typealias CertificateChain = String
 
 enum class GroupInfoEncryptionType {
     PLAINTEXT,
@@ -53,7 +54,8 @@ class DecryptedMessageBundle(
     val message: ByteArray?,
     val commitDelay: Long?,
     val senderClientId: CryptoQualifiedClientId?,
-    val hasEpochChanged: Boolean
+    val hasEpochChanged: Boolean,
+    val identity: E2EIdentity?
 )
 
 @JvmInline
@@ -273,10 +275,12 @@ interface MLSClient {
      * @return wire end to end identity client
      */
     fun newAcmeEnrollment(
-        clientId: CryptoQualifiedClientId,
+        clientId: E2EIQualifiedClientId,
         displayName: String,
         handle: String
     ): E2EIClient
+
+    fun initMLSWithE2EI(e2eiClient: E2EIClient, certificate: CertificateChain)
 }
 
 expect class MLSClientImpl(rootDir: String, databaseKey: MlsDBSecret, clientId: CryptoQualifiedClientId) : MLSClient