feat: Register Proteus and MLS Clients #WPB-18796

* Remove ClientId from DB and replace with only DeviceId
* Add Factory create method for AppClientId
* Check nullability for ENV variables
* Change generateProteusPreKeys to have default values
* Rename initialization methods to: initialized[Mls/Proteus]Client
* Rework CapabilitiesRequest to be simpler and easier to read

Author: alexandreferris

lib/src/main/kotlin/com/wire/integrations/jvm/config/Modules.kt

@@ -42,6 +42,8 @@ import com.wire.integrations.jvm.service.WireApplicationManager
 import com.wire.integrations.jvm.service.WireTeamEventsListener
 import com.wire.integrations.jvm.utils.KtxSerializer
 import com.wire.integrations.jvm.utils.mls
+import com.wire.integrations.jvm.utils.obfuscateClientId
+import com.wire.integrations.jvm.utils.obfuscateId
 import com.wire.integrations.jvm.utils.xprotobuf
 import io.ktor.client.HttpClient
 import io.ktor.client.engine.cio.CIO
@@ -64,8 +66,6 @@ import org.zalando.logbook.client.LogbookClient
 import org.zalando.logbook.common.ExperimentalLogbookKtorApi
 
 private const val WEBSOCKET_PING_INTERVAL_MILLIS = 20_000L
-private const val PROTEUS_PREKEYS_FROM_COUNT = 0
-private const val PROTEUS_PREKEYS_MAX_COUNT = 10
 private val logger = LoggerFactory.getLogger(object {}::class.java.`package`.name)
 
 val sdkModule =
@@ -153,34 +153,43 @@ internal suspend fun getOrInitCryptoClient(
         .mlsFeatureResponse.mlsFeatureConfigResponse.defaultCipherSuite
 
     val userId = System.getenv("WIRE_SDK_USER_ID")
+    val userDomain = System.getenv("WIRE_SDK_ENVIRONMENT")
+
+    requireNotNull(userId)
+    requireNotNull(userDomain)
+
     val cryptoClient = CoreCryptoClient.create(
         userId = userId,
         ciphersuiteCode = mlsCipherSuiteCode
     )
 
-    val storedClientId = appStorage.getClientId()
-    if (storedClientId != null) {
-        logger.info("Loading MLS Client for: $storedClientId")
+    val storedDeviceId = appStorage.getDeviceId()
+    if (storedDeviceId != null) {
+        logger.info("Loading MLS Client for: ${storedDeviceId.obfuscateClientId()}")
+        val appClientId = AppClientId.create(
+            userId = userId,
+            deviceId = storedDeviceId,
+            userDomain = userDomain
+        )
         // App has a client, load MLS client
         cryptoClient.initializeMlsClient(
-            appClientId = storedClientId,
+            appClientId = appClientId,
             mlsTransport = mlsTransport
         )
-        cryptoClient.setAppClientId(storedClientId)
     } else {
+        val userPassword = System.getenv("WIRE_SDK_PASSWORD")
+        requireNotNull(userPassword)
+
         // App doesn't have a client, create one
-        logger.info("Creating Proteus Client")
-        cryptoClient.createProteusClient()
-        val preKeys = cryptoClient.generateProteusPreKeys(
-            from = PROTEUS_PREKEYS_FROM_COUNT,
-            count = PROTEUS_PREKEYS_MAX_COUNT
-        )
+        logger.info("Initializing Proteus Client")
+        cryptoClient.initializeProteusClient()
+        val preKeys = cryptoClient.generateProteusPreKeys()
         val lastKey = cryptoClient.generateProteusLastPreKey()
 
         val clientResponse = try {
             backendClient.registerClient(
                 registerClientRequest = RegisterClientRequest(
-                    password = System.getenv("WIRE_SDK_PASSWORD"),
+                    password = userPassword,
                     lastKey = lastKey.toApi(),
                     preKeys = preKeys.map { it.toApi() },
                     capabilities = RegisterClientRequest.DEFAULT_CAPABILITIES
@@ -193,11 +202,19 @@ internal suspend fun getOrInitCryptoClient(
             )
         }
 
-        val userDomain = System.getenv("WIRE_SDK_ENVIRONMENT")
-        val appClientId = AppClientId(value = "$userId:${clientResponse.id}@$userDomain")
-        appStorage.saveDeviceId(clientResponse.id)
+        val deviceId = clientResponse.id
+        val appClientId = AppClientId.create(
+            userId = userId,
+            deviceId = deviceId,
+            userDomain = userDomain
+        )
+        appStorage.saveDeviceId(deviceId = deviceId)
 
-        logger.info("Creating MLS Client")
+        logger.info(
+            "Initializing MLS Client for {} on device: {}",
+            userId.obfuscateId(),
+            deviceId.obfuscateClientId()
+        )
         cryptoClient.initializeMlsClient(
             appClientId = appClientId,
             mlsTransport = mlsTransport
@@ -212,9 +229,6 @@ internal suspend fun getOrInitCryptoClient(
             appClientId = appClientId,
             mlsKeyPackages = cryptoClient.mlsGenerateKeyPackages().map { it.value }
         )
-
-        cryptoClient.setAppClientId(appClientId)
-        appStorage.saveClientId(appClientId.value)
     }
 
     return cryptoClient

lib/src/main/kotlin/com/wire/integrations/jvm/crypto/CoreCryptoClient.kt

@@ -31,53 +31,13 @@ internal class CoreCryptoClient private constructor(
     private val ciphersuite: Ciphersuite,
     private var coreCrypto: CoreCrypto
 ) : CryptoClient {
-    companion object {
-        private const val DEFAULT_CIPHERSUITE_IDENTIFIER = 1
-        private const val KEYSTORE_NAME = "keystore"
-
-        suspend fun create(
-            userId: String,
-            ciphersuiteCode: Int = DEFAULT_CIPHERSUITE_IDENTIFIER
-        ): CoreCryptoClient {
-            val clientDirectoryPath = "cryptography/$userId"
-            val keystorePath = "$clientDirectoryPath/$KEYSTORE_NAME"
-            val ciphersuite = getMlsCipherSuiteName(ciphersuiteCode)
+    private var appClientId: AppClientId? = null
 
-            File(clientDirectoryPath).mkdirs()
-
-            val coreCrypto = CoreCrypto.invoke(
-                keystore = keystorePath,
-                databaseKey = IsolatedKoinContext.getCryptographyStoragePassword()
-                    ?.let { DatabaseKey(it) }
-                    ?: throw InvalidParameter("Cryptography password missing")
-            )
-
-            return CoreCryptoClient(
-                ciphersuite = ciphersuite,
-                coreCrypto = coreCrypto
-            )
-        }
-
-        private fun getMlsCipherSuiteName(code: Int): Ciphersuite =
-            when (code) {
-                DEFAULT_CIPHERSUITE_IDENTIFIER -> Ciphersuite.DEFAULT
-                2 -> Ciphersuite.MLS_128_DHKEMP256_AES128GCM_SHA256_P256
-                3 -> Ciphersuite.MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519
-                4 -> Ciphersuite.MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448
-                5 -> Ciphersuite.MLS_256_DHKEMP521_AES256GCM_SHA512_P521
-                6 -> Ciphersuite.MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448
-                7 -> Ciphersuite.MLS_256_DHKEMP384_AES256GCM_SHA384_P384
-                else -> Ciphersuite.DEFAULT
-            }
+    private fun setAppClientId(appClientId: AppClientId) {
+        this@CoreCryptoClient.appClientId = appClientId
     }
 
-    private var _appClientId: AppClientId? = null
-
-    override fun setAppClientId(appClientId: AppClientId) {
-        _appClientId = appClientId
-    }
-
-    override fun getAppClientId(): AppClientId? = _appClientId
+    override fun getAppClientId(): AppClientId? = appClientId
 
     override suspend fun encryptMls(
         mlsGroupId: MLSGroupId,
@@ -108,7 +68,7 @@ internal class CoreCryptoClient private constructor(
         return decryptedMessage.message
     }
 
-    override suspend fun createProteusClient() =
+    override suspend fun initializeProteusClient() =
         coreCrypto.transaction {
             it.proteusInit()
         }
@@ -140,6 +100,8 @@ internal class CoreCryptoClient private constructor(
         }
 
         coreCrypto.provideTransport(mlsTransport)
+
+        setAppClientId(appClientId = appClientId)
     }
 
     override suspend fun mlsGetPublicKey(): MlsPublicKeys {
@@ -227,4 +189,44 @@ internal class CoreCryptoClient private constructor(
     override fun close() {
         runBlocking { coreCrypto.close() }
     }
+
+    companion object {
+        private const val DEFAULT_CIPHERSUITE_IDENTIFIER = 1
+        private const val KEYSTORE_NAME = "keystore"
+
+        suspend fun create(
+            userId: String,
+            ciphersuiteCode: Int = DEFAULT_CIPHERSUITE_IDENTIFIER
+        ): CoreCryptoClient {
+            val clientDirectoryPath = "cryptography/$userId"
+            val keystorePath = "$clientDirectoryPath/$KEYSTORE_NAME"
+            val ciphersuite = getMlsCipherSuiteName(ciphersuiteCode)
+
+            File(clientDirectoryPath).mkdirs()
+
+            val coreCrypto = CoreCrypto.invoke(
+                keystore = keystorePath,
+                databaseKey = IsolatedKoinContext.getCryptographyStoragePassword()
+                    ?.let { DatabaseKey(it) }
+                    ?: throw InvalidParameter("Cryptography password missing")
+            )
+
+            return CoreCryptoClient(
+                ciphersuite = ciphersuite,
+                coreCrypto = coreCrypto
+            )
+        }
+
+        private fun getMlsCipherSuiteName(code: Int): Ciphersuite =
+            when (code) {
+                DEFAULT_CIPHERSUITE_IDENTIFIER -> Ciphersuite.DEFAULT
+                2 -> Ciphersuite.MLS_128_DHKEMP256_AES128GCM_SHA256_P256
+                3 -> Ciphersuite.MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519
+                4 -> Ciphersuite.MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448
+                5 -> Ciphersuite.MLS_256_DHKEMP521_AES256GCM_SHA512_P521
+                6 -> Ciphersuite.MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448
+                7 -> Ciphersuite.MLS_256_DHKEMP384_AES256GCM_SHA384_P384
+                else -> Ciphersuite.DEFAULT
+            }
+    }
 }

lib/src/main/kotlin/com/wire/integrations/jvm/crypto/CryptoClient.kt

@@ -26,8 +26,6 @@ import com.wire.integrations.jvm.model.http.MlsPublicKeys
 import com.wire.integrations.jvm.model.http.client.PreKeyCrypto
 
 internal interface CryptoClient : AutoCloseable {
-    fun setAppClientId(appClientId: AppClientId)
-
     fun getAppClientId(): AppClientId?
 
     suspend fun encryptMls(
@@ -43,11 +41,11 @@ internal interface CryptoClient : AutoCloseable {
     /**
      * Proteus Configuration
      */
-    suspend fun createProteusClient()
+    suspend fun initializeProteusClient()
 
     suspend fun generateProteusPreKeys(
-        from: Int,
-        count: Int
+        from: Int = PROTEUS_PREKEYS_FROM_COUNT,
+        count: Int = PROTEUS_PREKEYS_MAX_COUNT
     ): ArrayList<PreKeyCrypto>
 
     suspend fun generateProteusLastPreKey(): PreKeyCrypto
@@ -99,5 +97,7 @@ internal interface CryptoClient : AutoCloseable {
 
     companion object {
         const val DEFAULT_KEYPACKAGE_COUNT = 100u
+        const val PROTEUS_PREKEYS_FROM_COUNT = 0
+        const val PROTEUS_PREKEYS_MAX_COUNT = 10
     }
 }

lib/src/main/kotlin/com/wire/integrations/jvm/model/AppClientId.kt

@@ -23,4 +23,15 @@ import kotlinx.serialization.Serializable
 @Serializable
 value class AppClientId(val value: String) {
     override fun toString(): String = value.obfuscateClientId()
+
+    companion object {
+        fun create(
+            userId: String,
+            deviceId: String,
+            userDomain: String
+        ): AppClientId =
+            AppClientId(
+                value = "$userId:$deviceId@$userDomain"
+            )
+    }
 }

lib/src/main/kotlin/com/wire/integrations/jvm/model/http/client/CapabilitiesRequest.kt

@@ -16,38 +16,14 @@
 
 package com.wire.integrations.jvm.model.http.client
 
-import kotlinx.serialization.KSerializer
+import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
-import kotlinx.serialization.SerializationException
-import kotlinx.serialization.descriptors.PrimitiveKind
-import kotlinx.serialization.descriptors.PrimitiveSerialDescriptor
-import kotlinx.serialization.descriptors.SerialDescriptor
-import kotlinx.serialization.encoding.Decoder
-import kotlinx.serialization.encoding.Encoder
 
-@Serializable(with = CapabilitiesRequestSerializer::class)
-enum class CapabilitiesRequest(val value: String) {
-    LEGALHOLD_IMPLICIT_CONSENT("legalhold-implicit-consent"),
-    CONSUMABLE_NOTIFICATIONS("consumable-notifications")
-}
-
-object CapabilitiesRequestSerializer : KSerializer<CapabilitiesRequest> {
-    override val descriptor: SerialDescriptor =
-        PrimitiveSerialDescriptor(
-            "CapabilitiesRequest",
-            PrimitiveKind.STRING
-        )
-
-    override fun serialize(
-        encoder: Encoder,
-        value: CapabilitiesRequest
-    ) {
-        encoder.encodeString(value.value)
-    }
+@Serializable
+enum class CapabilitiesRequest {
+    @SerialName("legalhold-implicit-consent")
+    LEGALHOLD_IMPLICIT_CONSENT,
 
-    override fun deserialize(decoder: Decoder): CapabilitiesRequest {
-        val value = decoder.decodeString()
-        return CapabilitiesRequest.entries.find { it.value == value }
-            ?: throw SerializationException("Unknown capability: $value")
-    }
+    @SerialName("consumable-notifications")
+    CONSUMABLE_NOTIFICATIONS
 }

lib/src/main/kotlin/com/wire/integrations/jvm/persistence/AppSqlLiteStorage.kt

@@ -19,11 +19,9 @@ package com.wire.integrations.jvm.persistence
 import com.wire.integrations.jvm.App
 import com.wire.integrations.jvm.AppQueries
 import com.wire.integrations.jvm.AppsSdkDatabase
-import com.wire.integrations.jvm.model.AppClientId
 import com.wire.integrations.jvm.model.AppData
 
 private const val DEVICE_ID = "device_id"
-private const val CLIENT_ID = "client_id"
 
 class AppSqlLiteStorage(db: AppsSdkDatabase) : AppStorage {
     private val appQueries: AppQueries = db.appQueries
@@ -44,11 +42,6 @@ class AppSqlLiteStorage(db: AppsSdkDatabase) : AppStorage {
     override fun getById(key: String): AppData =
         appQueries.selectByKey(key).executeAsOne().let { appMapper(it) }
 
-    override fun getClientId(): AppClientId? =
-        runCatching { AppClientId(getById(CLIENT_ID).value) }.getOrNull()
-
-    override fun saveClientId(appClientId: String) = save(CLIENT_ID, appClientId)
-
     override fun getDeviceId(): String? = runCatching { getById(DEVICE_ID).value }.getOrNull()
 
     override fun saveDeviceId(deviceId: String) = save(DEVICE_ID, deviceId)

lib/src/main/kotlin/com/wire/integrations/jvm/persistence/AppStorage.kt

@@ -15,7 +15,6 @@
 
 package com.wire.integrations.jvm.persistence
 
-import com.wire.integrations.jvm.model.AppClientId
 import com.wire.integrations.jvm.model.AppData
 
 interface AppStorage {
@@ -31,10 +30,6 @@ interface AppStorage {
 
     fun getById(key: String): AppData
 
-    fun getClientId(): AppClientId?
-
-    fun saveClientId(appClientId: String)
-
     fun getDeviceId(): String?
 
     fun saveDeviceId(deviceId: String)

lib/src/test/kotlin/com/wire/integrations/jvm/utils/MockCoreCryptoClient.kt

@@ -42,15 +42,15 @@ internal class MockCoreCryptoClient private constructor(
     private var coreCrypto: CoreCrypto
 ) : CryptoClient {
     val conversationExist = mutableSetOf<MLSGroupId>()
-    private var _appClientId: AppClientId? = null
+    private var appClientId: AppClientId? = null
 
-    override fun setAppClientId(appClientId: AppClientId) {
-        _appClientId = appClientId
+    fun setAppClientId(appClientId: AppClientId) {
+        this.appClientId = appClientId
     }
 
-    override fun getAppClientId(): AppClientId? = _appClientId
+    override fun getAppClientId(): AppClientId? = appClientId
 
-    override suspend fun createProteusClient() {
+    override suspend fun initializeProteusClient() {
         // Do nothing
     }