Simon/feat/acquisition from credential ref

crypto-ffi/bindings/js/packages/browser/shared/utils.ts

@@ -136,7 +136,8 @@ export async function sharedSetup() {
             ): Promise<CoreCrypto> {
                 const clientId =
                     options.clientId ?? window.helpers.newClientId();
-                const db = await window.helpers.newDatabase();
+                const db =
+                    options.database ?? (await window.helpers.newDatabase());
                 const cc = window.ccModule.CoreCrypto.new(db);
 
                 // this also sets the default if undefined
@@ -503,11 +504,13 @@ type CcInitOptions =
     | {
           withBasicCredential: false;
           clientId?: ClientId;
+          database?: Database;
       }
     | {
           withBasicCredential?: true;
           cipherSuite?: CipherSuite;
           clientId?: ClientId;
+          database?: Database;
       };
 
 export interface Helpers {

crypto-ffi/bindings/js/packages/browser/test/e2ei.test.ts

@@ -167,6 +167,53 @@ describe("end to end identity", () => {
         await expect(acquisitionCreated).toBe(true);
     });
 
+    it("should instantiate an x509 credential acquisition object from credential ref", async () => {
+        const acquisitionCreated = await browser.execute(async () => {
+            const database = await window.helpers.newDatabase();
+            const pkiEnvironment = await window.ccModule.PkiEnvironment.create(
+                window.pkiEnvironmentHooks,
+                database
+            );
+
+            const clientId = window.helpers.newClientId(
+                "LcksJb74Tm6N12cDjFy7lQ:8e6424430d3b28be@world.com"
+            );
+            const config =
+                window.ccModule.X509CredentialAcquisitionConfiguration.new({
+                    acmeUrl: "acme.example.com",
+                    idpUrl: "https://idp.example.com",
+                    ciphersuite: window.defaultCipherSuite,
+                    displayName: "Alice Smith",
+                    clientId,
+                    handle: "alice_wire",
+                    domain: "world.com",
+                    team: undefined,
+                    validityPeriodSecs: BigInt(3600),
+                });
+
+            const cc = await window.helpers.ccInit({
+                withBasicCredential: true,
+                clientId,
+                database,
+            });
+
+            const [credentialRef] = await cc.transaction(
+                async (ctx) => await ctx.findCredentials({ clientId })
+            );
+
+            const acquisition =
+                await window.ccModule.X509CredentialAcquisition.newFromCredentialRef(
+                    pkiEnvironment,
+                    config,
+                    credentialRef!
+                );
+
+            return acquisition !== undefined;
+        });
+
+        await expect(acquisitionCreated).toBe(true);
+    });
+
     it("should not be enabled on conversation with basic credential", async () => {
         const conversationState = await browser.execute(async () => {
             const cc = await window.helpers.ccInit();

crypto-ffi/bindings/shared/src/commonMain/kotlin/com/wire/crypto/MlsModel.kt

@@ -43,3 +43,17 @@ suspend fun PkiEnvironment.Companion.new(
     hooks: PkiEnvironmentHooks,
     database: Database
 ) = createPkiEnvironment(hooks, database)
+
+/**
+ * Create a new credential acquisition from an existing credential.
+ * This API is temporary until our system decouples client identities from a client's public signature key.
+ *
+ * Provide [coreCryptoDatabase] if you're using distinct DB instances for [PkiEnvironment] and [CoreCrypto].
+ * Otherwise, the [PkiEnvironment]'s DB will be used to load the full credential.
+ */
+suspend fun X509CredentialAcquisition.Companion.newFromCredentialRef(
+    pkiEnvironment: PkiEnvironment,
+    config: X509CredentialAcquisitionConfiguration,
+    credentialRef: CredentialRef,
+    coreCryptoDatabase: Database? = null,
+) = x509CredentialAcquisitionNewFromCredentialRef(pkiEnvironment, config, credentialRef, coreCryptoDatabase)

crypto-ffi/bindings/shared/src/commonTest/kotlin/com/wire/crypto/E2EITest.kt

@@ -89,6 +89,34 @@ internal class E2EITest {
         assertThat(acquisition).isNotNull
     }
 
+    @Test
+    fun testInstantiateX509CredentialAcquisitionFromCredentialRef() = runTest {
+        val db = newDatabase()
+        val pkiEnv = PkiEnvironment.new(MockPkiEnvironmentHooks(), db)
+        val clientId = ClientId("LcksJb74Tm6N12cDjFy7lQ:8e6424430d3b28be@world.com".encodeToByteArray())
+        val config = X509CredentialAcquisitionConfiguration(
+            acmeUrl = "acme.example.com",
+            idpUrl = "https://idp.example.com",
+            ciphersuite = CIPHERSUITE_DEFAULT,
+            displayName = "Alice Smith",
+            clientId = clientId,
+            handle = "alice_wire",
+            domain = "world.com",
+            team = null,
+            validityPeriodSecs = 3600uL
+        )
+
+        val cc = ccInit(CcInitOptions.WithBasicCredential(clientId = clientId, database = db))
+
+        val credentialRef = cc.transaction { ctx ->
+            ctx.findCredentials(clientId = clientId).first()
+        }
+
+        val acquisition = X509CredentialAcquisition.newFromCredentialRef(pkiEnv, config, credentialRef)
+
+        assertThat(acquisition).isNotNull
+    }
+
     @Test
     fun conversation_should_be_not_verified_when_at_least_1_of_the_members_uses_a_Basic_credential() =
         runTest {

crypto-ffi/bindings/shared/src/commonTest/kotlin/com/wire/crypto/testutils/TestUtils.kt

@@ -104,21 +104,24 @@ class MockPkiEnvironmentHooks : PkiEnvironmentHooks {
 
 sealed interface CcInitOptions {
     val clientId: ClientId?
+    val database: Database?
 
     data class WithoutBasicCredential(
-        override val clientId: ClientId? = null
+        override val clientId: ClientId? = null,
+        override val database: Database? = null,
     ) : CcInitOptions
 
     data class WithBasicCredential(
         val cipherSuite: CipherSuite = CIPHERSUITE_DEFAULT,
-        override val clientId: ClientId? = null
+        override val clientId: ClientId? = null,
+        override val database: Database? = null,
     ) : CcInitOptions
 }
 
 suspend fun ccInit(
     options: CcInitOptions = CcInitOptions.WithBasicCredential()
 ): CoreCrypto {
-    val db = newDatabase()
+    val db = options.database ?: newDatabase()
     val cc = CoreCrypto(db)
 
     val clientId = options.clientId ?: genClientId()