Jacob/feat/acquisition flow bindings

[typfel]

What's new in this PR

Expose the acquisition flow in the bindings

---

PR Submission Checklist for internal contributors

• The PR Title
  • conforms to the style of semantic commits messages¹ supported in Wire's Github Workflow²
  • contains a reference JIRA issue number like SQPIT-764
  • answers the question: If merged, this PR will: ... ³

1. https://sparkbox.com/foundry/semantic_commit_messages
2. https://github.com/wireapp/.github#usage
3. E.g. feat(conversation-list): Sort conversations by most emojis in the title #SQPIT-764.

[istankovic]

This is a bit of a mess right now -- not your PR, but the general situation with JwsAlgorithm and similar types.

The simple thing first: I would avoid saying "E2EI" or "end-to-end identity" in new API, that's a thing from the past and we would like to move away from that terminology. Instead, we should use credential-type names, e.g. "X509Credential" or similar, that make it much more explicit what the API is about.

That said, here I would perhaps just use "JwsAlgorithm", though even that is not ideal as the enum values are just curve names, not proper JWS algorithm names (I thought about using Curve but I don't think that is really sufficient in this context). It's really a mess and to resolve it properly we would need to rework the way we handle JwsAlgorithm, config and related types (for that we have a item already, I think created by Felix). 😞

[typfel]

Alright, renamed it to just JwsAlgorithm and removed any references to e2ei.

[istankovic]

We should not be exposing this. From the perspective of a CoreCrypto user, the acquisiton flow results in a valid credential, not the (signing key, certificate chain) pair. That is what is going under the hood, as an implementation detail, but the caller of our API should never see the signing key, only the (opaque) credential, that can then be added to the client, used in a conversation etc.

[typfel]

Right of course! Wasn't thinking initially and just exposed everything as is, but why isn't the result type a credential in acquisition flow?

[istankovic]

The problem is that we can't do that right now without introducing a circular dependency because the credential type is currently defined in the crypto crate. Ideally, we would have the credential type in the e2e-identity crate (I'd like to rename that crate too, but that's not critical for CC10 as it is an impl detail), however moving it would probably not be a small change. In a way, the situation is similar to the one with the keystore trait definitions. Right now for crypto-ffi this should not be a problem because it depends on both e2e-identity and crypto crates.

[istankovic]

Why is Option needed here?

[typfel]

The intention was to remove the X509CredentialAcquisition once the flow completes so that you can't call finalize twice. But I guess the idea was to be able to resume from an intermediate state after deserializing the acquisition in the web case so this doesn't work.

[typfel]

Replaced the option with an enum which would need to be extended when add support for serializing / deserializing.

[istankovic]

Heh, it is not intended that clients know about the underlying process details, such as which challenges we have and to call them. Please see the RFC CC2 and in particular how .finalize() is supposed to be used. The state we're in should be tracked internally.

[typfel]

Cleaned this up

[fewerner]

We just merged the ts-browser util changes. You can now access window.helpers to get util from within the browser context.