core_crypto/e2e_identity/
enabled.rs

1//! Utility for clients to get the current state of E2EI when the app resumes
2
3use crate::context::CentralContext;
4use crate::prelude::{Client, CryptoError, CryptoResult, MlsCentral, MlsCredentialType};
5use openmls_traits::types::SignatureScheme;
6
7impl CentralContext {
8    /// See [MlsCentral::e2ei_is_enabled]
9    pub async fn e2ei_is_enabled(&self, signature_scheme: SignatureScheme) -> CryptoResult<bool> {
10        let client = self.mls_client().await?;
11        client.e2ei_is_enabled(signature_scheme).await
12    }
13}
14
15impl MlsCentral {
16    /// Returns true when end-to-end-identity is enabled for the given SignatureScheme
17    pub async fn e2ei_is_enabled(&self, signature_scheme: SignatureScheme) -> CryptoResult<bool> {
18        self.mls_client.e2ei_is_enabled(signature_scheme).await
19    }
20}
21
22impl Client {
23    async fn e2ei_is_enabled(&self, signature_scheme: SignatureScheme) -> CryptoResult<bool> {
24        let x509_result = self
25            .find_most_recent_credential_bundle(signature_scheme, MlsCredentialType::X509)
26            .await;
27        match x509_result {
28            Err(CryptoError::CredentialNotFound(MlsCredentialType::X509)) => {
29                self.find_most_recent_credential_bundle(signature_scheme, MlsCredentialType::Basic)
30                    .await?;
31                Ok(false)
32            }
33            Err(e) => Err(e),
34            Ok(_) => Ok(true),
35        }
36    }
37}
38
39#[cfg(test)]
40mod tests {
41    use crate::{prelude::MlsCredentialType, test_utils::*, CryptoError};
42    use openmls_traits::types::SignatureScheme;
43    use wasm_bindgen_test::*;
44
45    wasm_bindgen_test_configure!(run_in_browser);
46
47    #[apply(all_cred_cipher)]
48    #[wasm_bindgen_test]
49    async fn should_be_false_when_basic_and_true_when_x509(case: TestCase) {
50        run_test_with_client_ids(case.clone(), ["alice"], move |[cc]| {
51            Box::pin(async move {
52                let e2ei_is_enabled = cc.context.e2ei_is_enabled(case.signature_scheme()).await.unwrap();
53                match case.credential_type {
54                    MlsCredentialType::Basic => assert!(!e2ei_is_enabled),
55                    MlsCredentialType::X509 => assert!(e2ei_is_enabled),
56                };
57            })
58        })
59        .await
60    }
61
62    #[apply(all_cred_cipher)]
63    #[wasm_bindgen_test]
64    async fn should_fail_when_no_client(case: TestCase) {
65        run_test_wo_clients(case.clone(), move |cc| {
66            Box::pin(async move {
67                assert!(matches!(
68                    cc.context.e2ei_is_enabled(case.signature_scheme()).await.unwrap_err(),
69                    CryptoError::MlsNotInitialized
70                ));
71            })
72        })
73        .await
74    }
75
76    #[apply(all_cred_cipher)]
77    #[wasm_bindgen_test]
78    async fn should_fail_when_no_credential_for_given_signature_scheme(case: TestCase) {
79        run_test_with_client_ids(case.clone(), ["alice"], move |[cc]| {
80            Box::pin(async move {
81                // just return something different from the signature scheme the MlsCentral was initialized with
82                let other_sc = match case.signature_scheme() {
83                    SignatureScheme::ED25519 => SignatureScheme::ECDSA_SECP256R1_SHA256,
84                    _ => SignatureScheme::ED25519,
85                };
86                assert!(matches!(
87                    cc.context.e2ei_is_enabled(other_sc).await.unwrap_err(),
88                    CryptoError::CredentialNotFound(_)
89                ));
90            })
91        })
92        .await
93    }
94}