pub struct CentralContext { /* private fields */ }
Expand description
This struct provides transactional support for Core Crypto.
This is struct provides mutable access to the internals of Core Crypto. Every operation that causes data to be persisted needs to be done through this struct. This struct will buffer all operations in memory and when CentralContext::finish is called, it will persist the data into the keystore.
Implementations§
source§impl CentralContext
impl CentralContext
sourcepub async fn get_or_create_client_keypackages(
&self,
ciphersuite: MlsCiphersuite,
credential_type: MlsCredentialType,
amount_requested: usize,
) -> CryptoResult<Vec<KeyPackage>>
pub async fn get_or_create_client_keypackages( &self, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, amount_requested: usize, ) -> CryptoResult<Vec<KeyPackage>>
Returns amount_requested
OpenMLS openmls::key_packages::KeyPackages.
Will always return the requested amount as it will generate the necessary (lacking) amount on-the-fly
Note: Keypackage pruning is performed as a first step
§Arguments
amount_requested
- number of KeyPackages to request and fill theKeyPackageBundle
§Return type
A vector of KeyPackageBundle
§Errors
Errors can happen when accessing the KeyStore
sourcepub async fn client_valid_key_packages_count(
&self,
ciphersuite: MlsCiphersuite,
credential_type: MlsCredentialType,
) -> CryptoResult<usize>
pub async fn client_valid_key_packages_count( &self, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, ) -> CryptoResult<usize>
Returns the count of valid, non-expired, unclaimed keypackages in store for the given MlsCiphersuite and MlsCredentialType
sourcepub async fn delete_keypackages(
&self,
refs: &[KeyPackageRef],
) -> CryptoResult<()>
pub async fn delete_keypackages( &self, refs: &[KeyPackageRef], ) -> CryptoResult<()>
Prunes local KeyPackages after making sure they also have been deleted on the backend side You should only use this after CentralContext::e2ei_rotate_all
source§impl CentralContext
impl CentralContext
sourcepub async fn add_members_to_conversation(
&self,
id: &ConversationId,
key_packages: Vec<KeyPackageIn>,
) -> CryptoResult<MlsConversationCreationMessage>
pub async fn add_members_to_conversation( &self, id: &ConversationId, key_packages: Vec<KeyPackageIn>, ) -> CryptoResult<MlsConversationCreationMessage>
Adds new members to the group/conversation
§Arguments
id
- group/conversation idmembers
- members to be added to the group
§Return type
An optional struct containing a welcome and a message will be returned on successful call.
The value will be None
only if the group can’t be found locally (no error will be returned
in this case).
§Errors
If the authorisation callback is set, an error can be caused when the authorization fails. Other errors are KeyStore and OpenMls errors:
sourcepub async fn remove_members_from_conversation(
&self,
id: &ConversationId,
clients: &[ClientId],
) -> CryptoResult<MlsCommitBundle>
pub async fn remove_members_from_conversation( &self, id: &ConversationId, clients: &[ClientId], ) -> CryptoResult<MlsCommitBundle>
Removes clients from the group/conversation.
§Arguments
id
- group/conversation idclients
- list of client ids to be removed from the group
§Return type
An struct containing a welcome(optional, will be present only if there’s pending add proposals in the store), a message with the commit to fan out to other clients and the group info will be returned on successful call.
§Errors
If the authorisation callback is set, an error can be caused when the authorization fails. Other errors are KeyStore and OpenMls errors.
sourcepub async fn update_keying_material(
&self,
id: &ConversationId,
) -> CryptoResult<MlsCommitBundle>
pub async fn update_keying_material( &self, id: &ConversationId, ) -> CryptoResult<MlsCommitBundle>
Self updates the KeyPackage and automatically commits. Pending proposals will be commited
§Arguments
conversation_id
- the group/conversation id
§Return type
An struct containing a welcome(optional, will be present only if there’s pending add proposals in the store), a message with the commit to fan out to other clients and the group info will be returned on successful call.
§Errors
If the conversation can’t be found, an error will be returned. Other errors are originating from OpenMls and the KeyStore
sourcepub async fn commit_pending_proposals(
&self,
id: &ConversationId,
) -> CryptoResult<Option<MlsCommitBundle>>
pub async fn commit_pending_proposals( &self, id: &ConversationId, ) -> CryptoResult<Option<MlsCommitBundle>>
Commits all pending proposals of the group
§Arguments
backend
- the KeyStore to persist group changes
§Return type
A tuple containing the commit message and a possible welcome (in the case Add
proposals were pending within the internal MLS Group)
§Errors
Errors can be originating from the KeyStore and OpenMls
source§impl CentralContext
impl CentralContext
sourcepub async fn set_raw_external_senders(
&self,
cfg: &mut MlsConversationConfiguration,
external_senders: Vec<Vec<u8>>,
) -> CryptoResult<()>
pub async fn set_raw_external_senders( &self, cfg: &mut MlsConversationConfiguration, external_senders: Vec<Vec<u8>>, ) -> CryptoResult<()>
Parses supplied key from Delivery Service in order to build back an [ExternalSender]
source§impl CentralContext
impl CentralContext
sourcepub async fn decrypt_message(
&self,
id: &ConversationId,
message: impl AsRef<[u8]>,
) -> CryptoResult<MlsConversationDecryptMessage>
pub async fn decrypt_message( &self, id: &ConversationId, message: impl AsRef<[u8]>, ) -> CryptoResult<MlsConversationDecryptMessage>
Deserializes a TLS-serialized message, then deciphers it
§Arguments
conversation
- the group/conversation idmessage
- the encrypted message as a byte array
§Return type
This method will return a tuple containing an optional message and an optional delay time
for the callers to wait for committing. A message will be None
in case the provided payload in
case of a system message, such as Proposals and Commits. Otherwise it will return the message as a
byte array. The delay will be Some
when the message has a proposal
§Errors
If the conversation can’t be found, an error will be returned. Other errors are originating from OpenMls and the KeyStore
source§impl CentralContext
impl CentralContext
sourcepub async fn encrypt_message(
&self,
conversation: &ConversationId,
message: impl AsRef<[u8]>,
) -> CryptoResult<Vec<u8>>
pub async fn encrypt_message( &self, conversation: &ConversationId, message: impl AsRef<[u8]>, ) -> CryptoResult<Vec<u8>>
Encrypts a raw payload then serializes it to the TLS wire format
§Arguments
conversation
- the group/conversation idmessage
- the message as a byte array
§Return type
This method will return an encrypted TLS serialized message.
§Errors
If the conversation can’t be found, an error will be returned. Other errors are originating from OpenMls and the KeyStore
source§impl CentralContext
impl CentralContext
sourcepub async fn export_secret_key(
&self,
conversation_id: &ConversationId,
key_length: usize,
) -> CryptoResult<Vec<u8>>
pub async fn export_secret_key( &self, conversation_id: &ConversationId, key_length: usize, ) -> CryptoResult<Vec<u8>>
sourcepub async fn get_client_ids(
&self,
conversation_id: &ConversationId,
) -> CryptoResult<Vec<ClientId>>
pub async fn get_client_ids( &self, conversation_id: &ConversationId, ) -> CryptoResult<Vec<ClientId>>
source§impl CentralContext
impl CentralContext
sourcepub async fn get_external_sender(
&self,
id: &ConversationId,
) -> CryptoResult<Vec<u8>>
pub async fn get_external_sender( &self, id: &ConversationId, ) -> CryptoResult<Vec<u8>>
source§impl CentralContext
impl CentralContext
A MLS group is a distributed object scattered across many parties. We use a Delivery Service to orchestrate those parties. So when we create a commit, a mutable operation, it has to be validated by the Delivery Service. But it might occur that another group member did the exact same thing at the same time. So if we arrive second in this race, we must “rollback” the commit we created and accept (“merge”) the other one. A client would
- Create a commit
- Send the commit to the Delivery Service
- When Delivery Service responds
- 200 OK –> use CentralContext::commit_accepted to merge the commit
- 409 CONFLICT –> do nothing. CentralContext::decrypt_message will restore the proposals not committed
- 5xx –> retry
sourcepub async fn commit_accepted(
&self,
id: &ConversationId,
) -> CryptoResult<Option<Vec<MlsBufferedConversationDecryptMessage>>>
pub async fn commit_accepted( &self, id: &ConversationId, ) -> CryptoResult<Option<Vec<MlsBufferedConversationDecryptMessage>>>
The commit we created has been accepted by the Delivery Service. Hence it is guaranteed to be used for the new epoch. We can now safely “merge” it (effectively apply the commit to the group) and update it in the keystore. The previous can be discarded to respect Forward Secrecy.
sourcepub async fn clear_pending_proposal(
&self,
conversation_id: &ConversationId,
proposal_ref: MlsProposalRef,
) -> CryptoResult<()>
pub async fn clear_pending_proposal( &self, conversation_id: &ConversationId, proposal_ref: MlsProposalRef, ) -> CryptoResult<()>
Allows to remove a pending (uncommitted) proposal. Use this when backend rejects the proposal you just sent e.g. if permissions have changed meanwhile.
CAUTION: only use this when you had an explicit response from the Delivery Service e.g. 403 or 409. Do not use otherwise e.g. 5xx responses, timeout etc..
§Arguments
conversation_id
- the group/conversation idproposal_ref
- unique proposal identifier which is present in crate::prelude::MlsProposalBundle and returned from all operation creating a proposal
§Errors
When the conversation is not found or the proposal reference does not identify a proposal in the local pending proposal store
sourcepub async fn clear_pending_commit(
&self,
conversation_id: &ConversationId,
) -> CryptoResult<()>
pub async fn clear_pending_commit( &self, conversation_id: &ConversationId, ) -> CryptoResult<()>
Allows to remove a pending commit. Use this when backend rejects the commit you just sent e.g. if permissions have changed meanwhile.
CAUTION: only use this when you had an explicit response from the Delivery Service e.g. 403. Do not use otherwise e.g. 5xx responses, timeout etc.. DO NOT use when Delivery Service responds 409, pending state will be renewed in CentralContext::decrypt_message
§Arguments
conversation_id
- the group/conversation id
§Errors
When the conversation is not found or there is no pending commit
source§impl CentralContext
impl CentralContext
sourcepub async fn process_raw_welcome_message(
&self,
welcome: Vec<u8>,
custom_cfg: MlsCustomConfiguration,
) -> CryptoResult<WelcomeBundle>
pub async fn process_raw_welcome_message( &self, welcome: Vec<u8>, custom_cfg: MlsCustomConfiguration, ) -> CryptoResult<WelcomeBundle>
Create a conversation from a TLS serialized MLS Welcome message. The MlsConversationConfiguration
used in this function will be the default implementation.
§Arguments
welcome
- a TLS serialized welcome messageconfiguration
- configuration of the MLS conversation fetched from the Delivery Service
§Return type
This function will return the conversation/group id
§Errors
sourcepub async fn process_welcome_message(
&self,
welcome: MlsMessageIn,
custom_cfg: MlsCustomConfiguration,
) -> CryptoResult<WelcomeBundle>
pub async fn process_welcome_message( &self, welcome: MlsMessageIn, custom_cfg: MlsCustomConfiguration, ) -> CryptoResult<WelcomeBundle>
Create a conversation from a received MLS Welcome message
§Arguments
welcome
- aWelcome
message received as a result of a commit adding new members to a groupconfiguration
- configuration of the group/conversation
§Return type
This function will return the conversation/group id
§Errors
Errors can be originating from the KeyStore of from OpenMls:
- if no openmls::key_packages::KeyPackage can be read from the KeyStore
- if the message can’t be decrypted
source§impl CentralContext
impl CentralContext
sourcepub async fn wipe_conversation(&self, id: &ConversationId) -> CryptoResult<()>
pub async fn wipe_conversation(&self, id: &ConversationId) -> CryptoResult<()>
source§impl CentralContext
impl CentralContext
sourcepub async fn mark_conversation_as_child_of(
&self,
child_id: &ConversationId,
parent_id: &ConversationId,
) -> CryptoResult<()>
pub async fn mark_conversation_as_child_of( &self, child_id: &ConversationId, parent_id: &ConversationId, ) -> CryptoResult<()>
Mark a conversation as child of another one This will affect the behavior of callbacks in particular
source§impl CentralContext
impl CentralContext
sourcepub async fn join_by_external_commit(
&self,
group_info: VerifiableGroupInfo,
custom_cfg: MlsCustomConfiguration,
credential_type: MlsCredentialType,
) -> CryptoResult<MlsConversationInitBundle>
pub async fn join_by_external_commit( &self, group_info: VerifiableGroupInfo, custom_cfg: MlsCustomConfiguration, credential_type: MlsCredentialType, ) -> CryptoResult<MlsConversationInitBundle>
Issues an external commit and stores the group in a temporary table. This method is intended for example when a new client wants to join the user’s existing groups. On success this function will return the group id and a message to be fanned out to other clients.
If the Delivery Service accepts the external commit, you have to CentralContext::merge_pending_group_from_external_commit in order to get back a functional MLS group. On the opposite, if it rejects it, you can either retry by just calling again CentralContext::join_by_external_commit, no need to CentralContext::clear_pending_group_from_external_commit. If you want to abort the operation (too many retries or the user decided to abort), you can use CentralContext::clear_pending_group_from_external_commit in order not to bloat the user’s storage but nothing bad can happen if you forget to except some storage space wasted.
§Arguments
group_info
- a GroupInfo wrapped in a MLS message. it can be obtained by deserializing a TLS serializedGroupInfo
objectcustom_cfg
- configuration of the MLS conversation fetched from the Delivery Servicecredential_type
- kind of openmls::prelude::Credential to use for joining this group. If MlsCredentialType::Basic is chosen and no Credential has been created yet for it, a new one will be generated. When MlsCredentialType::X509 is chosen, it fails when no openmls::prelude::Credential has been created for the given Ciphersuite.
§Return type
It will return a tuple with the group/conversation id and the message containing the commit that was generated by this call
§Errors
Errors resulting from OpenMls, the KeyStore calls and serialization
sourcepub async fn merge_pending_group_from_external_commit(
&self,
id: &ConversationId,
) -> CryptoResult<Option<Vec<MlsBufferedConversationDecryptMessage>>>
pub async fn merge_pending_group_from_external_commit( &self, id: &ConversationId, ) -> CryptoResult<Option<Vec<MlsBufferedConversationDecryptMessage>>>
This merges the commit generated by CentralContext::join_by_external_commit, persists the group permanently and deletes the temporary one. After merging, the group should be fully functional.
§Arguments
id
- the conversation id
§Errors
Errors resulting from OpenMls, the KeyStore calls and deserialization
sourcepub async fn clear_pending_group_from_external_commit(
&self,
id: &ConversationId,
) -> CryptoResult<()>
pub async fn clear_pending_group_from_external_commit( &self, id: &ConversationId, ) -> CryptoResult<()>
In case the external commit generated by CentralContext::join_by_external_commit is rejected by the Delivery Service and we want to abort this external commit once for all, we can wipe out the pending group from the keystore in order not to waste space
§Arguments
id
- the conversation id
§Errors
Errors resulting from the KeyStore calls
source§impl CentralContext
impl CentralContext
sourcepub async fn new_external_add_proposal(
&self,
conversation_id: ConversationId,
epoch: GroupEpoch,
ciphersuite: MlsCiphersuite,
credential_type: MlsCredentialType,
) -> CryptoResult<MlsMessageOut>
pub async fn new_external_add_proposal( &self, conversation_id: ConversationId, epoch: GroupEpoch, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, ) -> CryptoResult<MlsMessageOut>
Crafts a new external Add proposal. Enables a client outside a group to request addition to this group. For Wire only, the client must belong to an user already in the group
§Arguments
conversation_id
- the group/conversation idepoch
- the current epoch of the group. See openmls::group::GroupEpochciphersuite
- of the new openmls::prelude::KeyPackage to createcredential_type
- of the new openmls::prelude::KeyPackage to create
§Return type
Returns a message with the proposal to be add a new client
§Errors
Errors resulting from the creation of the proposal within OpenMls.
Fails when credential_type
is MlsCredentialType::X509 and no Credential has been created
for it beforehand with CentralContext::e2ei_mls_init_only or variants.
source§impl CentralContext
impl CentralContext
sourcepub async fn new_add_proposal(
&self,
id: &ConversationId,
key_package: KeyPackage,
) -> CryptoResult<MlsProposalBundle>
pub async fn new_add_proposal( &self, id: &ConversationId, key_package: KeyPackage, ) -> CryptoResult<MlsProposalBundle>
Creates a new Add proposal
sourcepub async fn new_remove_proposal(
&self,
id: &ConversationId,
client_id: ClientId,
) -> CryptoResult<MlsProposalBundle>
pub async fn new_remove_proposal( &self, id: &ConversationId, client_id: ClientId, ) -> CryptoResult<MlsProposalBundle>
Creates a new Add proposal
sourcepub async fn new_update_proposal(
&self,
id: &ConversationId,
) -> CryptoResult<MlsProposalBundle>
pub async fn new_update_proposal( &self, id: &ConversationId, ) -> CryptoResult<MlsProposalBundle>
Creates a new Add proposal
source§impl CentralContext
impl CentralContext
sourcepub async fn mls_init(
&self,
identifier: ClientIdentifier,
ciphersuites: Vec<MlsCiphersuite>,
nb_init_key_packages: Option<usize>,
) -> CryptoResult<()>
pub async fn mls_init( &self, identifier: ClientIdentifier, ciphersuites: Vec<MlsCiphersuite>, nb_init_key_packages: Option<usize>, ) -> CryptoResult<()>
Initializes the MLS client if super::CoreCrypto has previously been initialized with
CoreCrypto::deferred_init
instead of CoreCrypto::new
.
This should stay as long as proteus is supported. Then it should be removed.
sourcepub async fn mls_generate_keypairs(
&self,
ciphersuites: Vec<MlsCiphersuite>,
) -> CryptoResult<Vec<ClientId>>
pub async fn mls_generate_keypairs( &self, ciphersuites: Vec<MlsCiphersuite>, ) -> CryptoResult<Vec<ClientId>>
Generates MLS KeyPairs/CredentialBundle with a temporary, random client ID. This method is designed to be used in conjunction with CentralContext::mls_init_with_client_id and represents the first step in this process.
This returns the TLS-serialized identity keys (i.e. the signature keypair’s public key)
sourcepub async fn mls_init_with_client_id(
&self,
client_id: ClientId,
tmp_client_ids: Vec<ClientId>,
ciphersuites: Vec<MlsCiphersuite>,
) -> CryptoResult<()>
pub async fn mls_init_with_client_id( &self, client_id: ClientId, tmp_client_ids: Vec<ClientId>, ciphersuites: Vec<MlsCiphersuite>, ) -> CryptoResult<()>
Updates the current temporary Client ID with the newly provided one. This is the second step in the externally-generated clients process
Important: This is designed to be called after CentralContext::mls_generate_keypairs
sourcepub async fn client_public_key(
&self,
ciphersuite: MlsCiphersuite,
credential_type: MlsCredentialType,
) -> CryptoResult<Vec<u8>>
pub async fn client_public_key( &self, ciphersuite: MlsCiphersuite, credential_type: MlsCredentialType, ) -> CryptoResult<Vec<u8>>
sourcepub async fn client_id(&self) -> CryptoResult<ClientId>
pub async fn client_id(&self) -> CryptoResult<ClientId>
sourcepub async fn new_conversation(
&self,
id: &ConversationId,
creator_credential_type: MlsCredentialType,
config: MlsConversationConfiguration,
) -> CryptoResult<()>
pub async fn new_conversation( &self, id: &ConversationId, creator_credential_type: MlsCredentialType, config: MlsConversationConfiguration, ) -> CryptoResult<()>
Create a new empty conversation
§Arguments
id
- identifier of the group/conversation (must be unique otherwise the existing group will be overridden)creator_credential_type
- kind of credential the creator wants to create the group withconfig
- configuration of the group/conversation
§Errors
Errors can happen from the KeyStore or from OpenMls for ex if no openmls::key_packages::KeyPackage can be found in the KeyStore
sourcepub async fn conversation_exists(
&self,
id: &ConversationId,
) -> CryptoResult<bool>
pub async fn conversation_exists( &self, id: &ConversationId, ) -> CryptoResult<bool>
Checks if a given conversation id exists locally
sourcepub async fn conversation_epoch(&self, id: &ConversationId) -> CryptoResult<u64>
pub async fn conversation_epoch(&self, id: &ConversationId) -> CryptoResult<u64>
sourcepub async fn conversation_ciphersuite(
&self,
id: &ConversationId,
) -> CryptoResult<MlsCiphersuite>
pub async fn conversation_ciphersuite( &self, id: &ConversationId, ) -> CryptoResult<MlsCiphersuite>
sourcepub async fn random_bytes(&self, len: usize) -> CryptoResult<Vec<u8>>
pub async fn random_bytes(&self, len: usize) -> CryptoResult<Vec<u8>>
Generates a random byte array of the specified size
source§impl CentralContext
impl CentralContext
sourcepub async fn e2ei_conversation_state(
&self,
id: &ConversationId,
) -> CryptoResult<E2eiConversationState>
pub async fn e2ei_conversation_state( &self, id: &ConversationId, ) -> CryptoResult<E2eiConversationState>
Indicates when to mark a conversation as not verified i.e. when not all its members have a X509 Credential generated by Wire’s end-to-end identity enrollment
sourcepub async fn e2ei_verify_group_state(
&self,
group_info: VerifiableGroupInfo,
) -> CryptoResult<E2eiConversationState>
pub async fn e2ei_verify_group_state( &self, group_info: VerifiableGroupInfo, ) -> CryptoResult<E2eiConversationState>
sourcepub async fn get_credential_in_use(
&self,
group_info: VerifiableGroupInfo,
credential_type: MlsCredentialType,
) -> CryptoResult<E2eiConversationState>
pub async fn get_credential_in_use( &self, group_info: VerifiableGroupInfo, credential_type: MlsCredentialType, ) -> CryptoResult<E2eiConversationState>
source§impl CentralContext
impl CentralContext
sourcepub async fn e2ei_is_enabled(
&self,
signature_scheme: SignatureScheme,
) -> CryptoResult<bool>
pub async fn e2ei_is_enabled( &self, signature_scheme: SignatureScheme, ) -> CryptoResult<bool>
source§impl CentralContext
impl CentralContext
sourcepub async fn get_device_identities(
&self,
conversation_id: &ConversationId,
client_ids: &[ClientId],
) -> CryptoResult<Vec<WireIdentity>>
pub async fn get_device_identities( &self, conversation_id: &ConversationId, client_ids: &[ClientId], ) -> CryptoResult<Vec<WireIdentity>>
sourcepub async fn get_user_identities(
&self,
conversation_id: &ConversationId,
user_ids: &[String],
) -> CryptoResult<HashMap<String, Vec<WireIdentity>>>
pub async fn get_user_identities( &self, conversation_id: &ConversationId, user_ids: &[String], ) -> CryptoResult<HashMap<String, Vec<WireIdentity>>>
source§impl CentralContext
impl CentralContext
sourcepub async fn e2ei_is_pki_env_setup(&self) -> CryptoResult<bool>
pub async fn e2ei_is_pki_env_setup(&self) -> CryptoResult<bool>
See MlsCentral::e2ei_is_pki_env_setup. Unlike MlsCentral::e2ei_is_pki_env_setup, this function returns a result.
sourcepub async fn e2ei_dump_pki_env(&self) -> CryptoResult<Option<E2eiDumpedPkiEnv>>
pub async fn e2ei_dump_pki_env(&self) -> CryptoResult<Option<E2eiDumpedPkiEnv>>
sourcepub async fn e2ei_register_acme_ca(
&self,
trust_anchor_pem: String,
) -> CryptoResult<()>
pub async fn e2ei_register_acme_ca( &self, trust_anchor_pem: String, ) -> CryptoResult<()>
Registers a Root Trust Anchor CA for the use in E2EI processing.
Please note that without a Root Trust Anchor, all validations will fail; So this is the first step to perform after initializing your E2EI client
§Parameters
trust_anchor_pem
- PEM certificate to anchor as a Trust Root
sourcepub async fn e2ei_register_intermediate_ca_pem(
&self,
cert_pem: String,
) -> CryptoResult<NewCrlDistributionPoint>
pub async fn e2ei_register_intermediate_ca_pem( &self, cert_pem: String, ) -> CryptoResult<NewCrlDistributionPoint>
Registers an Intermediate CA for the use in E2EI processing.
Please note that a Root Trust Anchor CA is needed to validate Intermediate CAs; You need to have a Root CA registered before calling this
§Parameters
cert_pem
- PEM certificate to register as an Intermediate CA
sourcepub async fn e2ei_register_crl(
&self,
crl_dp: String,
crl_der: Vec<u8>,
) -> CryptoResult<CrlRegistration>
pub async fn e2ei_register_crl( &self, crl_dp: String, crl_der: Vec<u8>, ) -> CryptoResult<CrlRegistration>
Registers a CRL for the use in E2EI processing.
Please note that a Root Trust Anchor CA is needed to validate CRLs; You need to have a Root CA registered before calling this
§Parameters
crl_dp
- CRL Distribution Point; Basically the URL you fetched it fromcrl_der
- DER representation of the CRL
§Returns
A CrlRegistration with the dirty state of the new CRL (see struct) and its expiration timestamp
source§impl CentralContext
impl CentralContext
sourcepub async fn e2ei_new_activation_enrollment(
&self,
display_name: String,
handle: String,
team: Option<String>,
expiry_sec: u32,
ciphersuite: MlsCiphersuite,
) -> CryptoResult<E2eiEnrollment>
pub async fn e2ei_new_activation_enrollment( &self, display_name: String, handle: String, team: Option<String>, expiry_sec: u32, ciphersuite: MlsCiphersuite, ) -> CryptoResult<E2eiEnrollment>
Generates an E2EI enrollment instance for a “regular” client (with a Basic credential) willing to migrate to E2EI. As a consequence, this method does not support changing the ClientId which should remain the same as the Basic one. Once the enrollment is finished, use the instance in CentralContext::e2ei_rotate_all to do the rotation.
sourcepub async fn e2ei_new_rotate_enrollment(
&self,
display_name: Option<String>,
handle: Option<String>,
team: Option<String>,
expiry_sec: u32,
ciphersuite: MlsCiphersuite,
) -> CryptoResult<E2eiEnrollment>
pub async fn e2ei_new_rotate_enrollment( &self, display_name: Option<String>, handle: Option<String>, team: Option<String>, expiry_sec: u32, ciphersuite: MlsCiphersuite, ) -> CryptoResult<E2eiEnrollment>
Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential) having to change/rotate their credential, either because the former one is expired or it has been revoked. As a consequence, this method does not support changing neither ClientId which should remain the same as the previous one. It lets you change the DisplayName or the handle if you need to. Once the enrollment is finished, use the instance in CentralContext::e2ei_rotate_all to do the rotation.
sourcepub async fn e2ei_rotate_all(
&self,
enrollment: &mut E2eiEnrollment,
certificate_chain: String,
new_key_packages_count: usize,
) -> CryptoResult<MlsRotateBundle>
pub async fn e2ei_rotate_all( &self, enrollment: &mut E2eiEnrollment, certificate_chain: String, new_key_packages_count: usize, ) -> CryptoResult<MlsRotateBundle>
Creates a commit in all local conversations for changing the credential. Requires first having enrolled a new X509 certificate with either CentralContext::e2ei_new_activation_enrollment or CentralContext::e2ei_new_rotate_enrollment
sourcepub async fn e2ei_rotate(
&self,
id: &ConversationId,
cb: Option<&CredentialBundle>,
) -> CryptoResult<MlsCommitBundle>
pub async fn e2ei_rotate( &self, id: &ConversationId, cb: Option<&CredentialBundle>, ) -> CryptoResult<MlsCommitBundle>
Creates a commit in a conversation for changing the credential. Requires first having enrolled a new X509 certificate with either CentralContext::e2ei_new_activation_enrollment or CentralContext::e2ei_new_rotate_enrollment
source§impl CentralContext
impl CentralContext
sourcepub async fn e2ei_enrollment_stash(
&self,
enrollment: E2eiEnrollment,
) -> CryptoResult<Vec<u8>>
pub async fn e2ei_enrollment_stash( &self, enrollment: E2eiEnrollment, ) -> CryptoResult<Vec<u8>>
Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume it later with CentralContext::e2ei_enrollment_stash_pop
§Arguments
enrollment
- the enrollment instance to persist
§Returns
A handle for retrieving the enrollment later on
sourcepub async fn e2ei_enrollment_stash_pop(
&self,
handle: Vec<u8>,
) -> CryptoResult<E2eiEnrollment>
pub async fn e2ei_enrollment_stash_pop( &self, handle: Vec<u8>, ) -> CryptoResult<E2eiEnrollment>
Fetches the persisted enrollment and deletes it from the keystore
§Arguments
handle
- returned by CentralContext::e2ei_enrollment_stash
source§impl CentralContext
impl CentralContext
sourcepub async fn e2ei_new_enrollment(
&self,
client_id: ClientId,
display_name: String,
handle: String,
team: Option<String>,
expiry_sec: u32,
ciphersuite: MlsCiphersuite,
) -> CryptoResult<E2eiEnrollment>
pub async fn e2ei_new_enrollment( &self, client_id: ClientId, display_name: String, handle: String, team: Option<String>, expiry_sec: u32, ciphersuite: MlsCiphersuite, ) -> CryptoResult<E2eiEnrollment>
Creates an enrollment instance with private key material you can use in order to fetch a new x509 certificate from the acme server.
§Parameters
client_id
- client identifier e.g.b7ac11a4-8f01-4527-af88-1c30885a7931:6add501bacd1d90e@example.com
display_name
- human readable name displayed in the application e.g.Smith, Alice M (QA)
handle
- user handle e.g.alice.smith.qa@example.com
expiry_sec
- generated x509 certificate expiry in seconds
sourcepub async fn e2ei_mls_init_only(
&self,
enrollment: &mut E2eiEnrollment,
certificate_chain: String,
nb_init_key_packages: Option<usize>,
) -> CryptoResult<NewCrlDistributionPoint>
pub async fn e2ei_mls_init_only( &self, enrollment: &mut E2eiEnrollment, certificate_chain: String, nb_init_key_packages: Option<usize>, ) -> CryptoResult<NewCrlDistributionPoint>
Parses the ACME server response from the endpoint fetching x509 certificates and uses it to initialize the MLS client with a certificate
source§impl CentralContext
impl CentralContext
sourcepub async fn proteus_init(&self) -> CryptoResult<()>
pub async fn proteus_init(&self) -> CryptoResult<()>
Initializes the proteus client
sourcepub async fn proteus_reload_sessions(&self) -> CryptoResult<()>
pub async fn proteus_reload_sessions(&self) -> CryptoResult<()>
Reloads the sessions from the key store
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or it will do nothing
sourcepub async fn proteus_session_from_prekey(
&self,
session_id: &str,
prekey: &[u8],
) -> CryptoResult<Arc<RwLock<ProteusConversationSession>>>
pub async fn proteus_session_from_prekey( &self, session_id: &str, prekey: &[u8], ) -> CryptoResult<Arc<RwLock<ProteusConversationSession>>>
Creates a proteus session from a prekey
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_session_from_message(
&self,
session_id: &str,
envelope: &[u8],
) -> CryptoResult<(Arc<RwLock<ProteusConversationSession>>, Vec<u8>)>
pub async fn proteus_session_from_message( &self, session_id: &str, envelope: &[u8], ) -> CryptoResult<(Arc<RwLock<ProteusConversationSession>>, Vec<u8>)>
Creates a proteus session from a Proteus message envelope
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_session_save(&self, session_id: &str) -> CryptoResult<()>
pub async fn proteus_session_save(&self, session_id: &str) -> CryptoResult<()>
Saves a proteus session in the keystore
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_session_delete(&self, session_id: &str) -> CryptoResult<()>
pub async fn proteus_session_delete(&self, session_id: &str) -> CryptoResult<()>
Deletes a proteus session from the keystore
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_session(
&self,
session_id: &str,
) -> CryptoResult<Option<Arc<RwLock<ProteusConversationSession>>>>
pub async fn proteus_session( &self, session_id: &str, ) -> CryptoResult<Option<Arc<RwLock<ProteusConversationSession>>>>
Proteus session accessor
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_session_exists(
&self,
session_id: &str,
) -> CryptoResult<bool>
pub async fn proteus_session_exists( &self, session_id: &str, ) -> CryptoResult<bool>
Proteus session exists
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_decrypt(
&self,
session_id: &str,
ciphertext: &[u8],
) -> CryptoResult<Vec<u8>>
pub async fn proteus_decrypt( &self, session_id: &str, ciphertext: &[u8], ) -> CryptoResult<Vec<u8>>
Decrypts a proteus message envelope
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_encrypt(
&self,
session_id: &str,
plaintext: &[u8],
) -> CryptoResult<Vec<u8>>
pub async fn proteus_encrypt( &self, session_id: &str, plaintext: &[u8], ) -> CryptoResult<Vec<u8>>
Encrypts proteus message for a given session ID
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_encrypt_batched(
&self,
sessions: &[impl AsRef<str>],
plaintext: &[u8],
) -> CryptoResult<HashMap<String, Vec<u8>>>
pub async fn proteus_encrypt_batched( &self, sessions: &[impl AsRef<str>], plaintext: &[u8], ) -> CryptoResult<HashMap<String, Vec<u8>>>
Encrypts a proteus message for several sessions ID. This is more efficient than other methods as the calls are batched. This also reduces the rountrips when crossing over the FFI
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_new_prekey(&self, prekey_id: u16) -> CryptoResult<Vec<u8>>
pub async fn proteus_new_prekey(&self, prekey_id: u16) -> CryptoResult<Vec<u8>>
Creates a new Proteus prekey and returns the CBOR-serialized version of the prekey bundle
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_new_prekey_auto(&self) -> CryptoResult<(u16, Vec<u8>)>
pub async fn proteus_new_prekey_auto(&self) -> CryptoResult<(u16, Vec<u8>)>
Creates a new Proteus prekey with an automatically incremented ID and returns the CBOR-serialized version of the prekey bundle
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_last_resort_prekey(&self) -> CryptoResult<Vec<u8>>
pub async fn proteus_last_resort_prekey(&self) -> CryptoResult<Vec<u8>>
Returns the last resort prekey
sourcepub fn proteus_last_resort_prekey_id() -> u16
pub fn proteus_last_resort_prekey_id() -> u16
Returns the proteus last resort prekey id (u16::MAX = 65535)
sourcepub async fn proteus_fingerprint(&self) -> CryptoResult<String>
pub async fn proteus_fingerprint(&self) -> CryptoResult<String>
Returns the proteus identity’s public key fingerprint
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_fingerprint_local(
&self,
session_id: &str,
) -> CryptoResult<String>
pub async fn proteus_fingerprint_local( &self, session_id: &str, ) -> CryptoResult<String>
Returns the proteus identity’s public key fingerprint
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_fingerprint_remote(
&self,
session_id: &str,
) -> CryptoResult<String>
pub async fn proteus_fingerprint_remote( &self, session_id: &str, ) -> CryptoResult<String>
Returns the proteus identity’s public key fingerprint
Warning: The Proteus client MUST be initialized with [CoreCrypto::proteus_init] first or an error will be returned
sourcepub async fn proteus_cryptobox_migrate(&self, path: &str) -> CryptoResult<()>
pub async fn proteus_cryptobox_migrate(&self, path: &str) -> CryptoResult<()>
Migrates an existing Cryptobox data store (whether a folder or an IndexedDB database) located at path
to the keystore.
The client can then be initialized with [CoreCrypto::proteus_init]
source§impl CentralContext
impl CentralContext
sourcepub async fn mls_provider(&self) -> CryptoResult<MlsCryptoProvider>
pub async fn mls_provider(&self) -> CryptoResult<MlsCryptoProvider>
Clones all references that the MlsCryptoProvider comprises.
sourcepub async fn finish(&self) -> CryptoResult<()>
pub async fn finish(&self) -> CryptoResult<()>
Commits the transaction, meaning it takes all the enqueued operations and persist them into the keystore. After that the internal state is switched to invalid, causing errors if something is called from this object.
sourcepub async fn abort(&self) -> CryptoResult<()>
pub async fn abort(&self) -> CryptoResult<()>
Aborts the transaction, meaning it discards all the enqueued operations. After that the internal state is switched to invalid, causing errors if something is called from this object.
sourcepub async fn set_data(&self, data: Vec<u8>) -> CryptoResult<()>
pub async fn set_data(&self, data: Vec<u8>) -> CryptoResult<()>
Set arbitrary data to be retrieved by CentralContext::get_data. This is meant to be used as a check point at the end of a transaction. The data should be limited to a reasonable size.
sourcepub async fn get_data(&self) -> CryptoResult<Option<Vec<u8>>>
pub async fn get_data(&self) -> CryptoResult<Option<Vec<u8>>>
Get the data that has previously been set by CentralContext::set_data. This is meant to be used as a check point at the end of a transaction.
Trait Implementations§
source§impl Clone for CentralContext
impl Clone for CentralContext
source§fn clone(&self) -> CentralContext
fn clone(&self) -> CentralContext
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moreAuto Trait Implementations§
impl Freeze for CentralContext
impl !RefUnwindSafe for CentralContext
impl Send for CentralContext
impl Sync for CentralContext
impl Unpin for CentralContext
impl !UnwindSafe for CentralContext
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)§impl<T, UT> HandleAlloc<UT> for T
impl<T, UT> HandleAlloc<UT> for T
§fn new_handle(value: Arc<T>) -> Handle
fn new_handle(value: Arc<T>) -> Handle
§unsafe fn clone_handle(handle: Handle) -> Handle
unsafe fn clone_handle(handle: Handle) -> Handle
§unsafe fn consume_handle(handle: Handle) -> Arc<T>
unsafe fn consume_handle(handle: Handle) -> Arc<T>
Arc<>
Read moresource§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more