1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

//! Utility for clients to get the current state of E2EI when the app resumes

use crate::prelude::{CryptoError, CryptoResult, MlsCentral, MlsCredentialType};
use openmls_traits::types::SignatureScheme;

impl MlsCentral {
    /// Returns true when end-to-end-identity is enabled for the given SignatureScheme
    pub fn e2ei_is_enabled(&self, signature_scheme: SignatureScheme) -> CryptoResult<bool> {
        let client = self.mls_client.as_ref().ok_or(CryptoError::MlsNotInitialized)?;
        let maybe_x509 = client.find_most_recent_credential_bundle(signature_scheme, MlsCredentialType::X509);
        match maybe_x509 {
            None => {
                client
                    .find_most_recent_credential_bundle(signature_scheme, MlsCredentialType::Basic)
                    .ok_or(CryptoError::CredentialNotFound(MlsCredentialType::Basic))?;
                Ok(false)
            }
            Some(_) => Ok(true),
        }
    }
}

#[cfg(test)]
mod tests {
    use crate::{prelude::MlsCredentialType, test_utils::*, CryptoError};
    use openmls_traits::types::SignatureScheme;
    use wasm_bindgen_test::*;

    wasm_bindgen_test_configure!(run_in_browser);

    #[apply(all_cred_cipher)]
    #[wasm_bindgen_test]
    async fn should_be_false_when_basic_and_true_when_x509(case: TestCase) {
        run_test_with_client_ids(case.clone(), ["alice"], move |[cc]| {
            Box::pin(async move {
                let e2ei_is_enabled = cc.mls_central.e2ei_is_enabled(case.signature_scheme()).unwrap();
                match case.credential_type {
                    MlsCredentialType::Basic => assert!(!e2ei_is_enabled),
                    MlsCredentialType::X509 => assert!(e2ei_is_enabled),
                };
            })
        })
        .await
    }

    #[apply(all_cred_cipher)]
    #[wasm_bindgen_test]
    async fn should_fail_when_no_client(case: TestCase) {
        run_test_wo_clients(case.clone(), move |cc| {
            Box::pin(async move {
                assert!(matches!(
                    cc.mls_central.e2ei_is_enabled(case.signature_scheme()).unwrap_err(),
                    CryptoError::MlsNotInitialized
                ));
            })
        })
        .await
    }

    #[apply(all_cred_cipher)]
    #[wasm_bindgen_test]
    async fn should_fail_when_no_credential_for_given_signature_scheme(case: TestCase) {
        run_test_with_client_ids(case.clone(), ["alice"], move |[cc]| {
            Box::pin(async move {
                // just return something different from the signature scheme the MlsCentral was initialized with
                let other_sc = match case.signature_scheme() {
                    SignatureScheme::ED25519 => SignatureScheme::ECDSA_SECP256R1_SHA256,
                    _ => SignatureScheme::ED25519,
                };
                assert!(matches!(
                    cc.mls_central.e2ei_is_enabled(other_sc).unwrap_err(),
                    CryptoError::CredentialNotFound(_)
                ));
            })
        })
        .await
    }
}