works !

wireapp · Nov 23, 2023 · 6c4a31f · 6c4a31f
1 parent 251d475
commit 6c4a31f
Show file tree

Hide file tree

Showing 7 changed files with 978 additions and 22 deletions.
diff --git a/acme/src/identity/mod.rs b/acme/src/identity/mod.rs
@@ -49,7 +49,7 @@ impl WireIdentityReader for x509_cert::Certificate {
 
         Ok(WireIdentity {
             client_id,
-            handle: QualifiedHandle::try_from(handle)?,
+            handle,
             display_name,
             domain,
             status,
@@ -118,7 +118,7 @@ fn try_extract_subject(cert: &x509_cert::TbsCertificate) -> RustyAcmeResult<(Str
 }
 
 /// extract Subject Alternative Name to pick client-id & display name
-fn try_extract_san(cert: &x509_cert::TbsCertificate) -> RustyAcmeResult<(String, String)> {
+fn try_extract_san(cert: &x509_cert::TbsCertificate) -> RustyAcmeResult<(String, QualifiedHandle)> {
     let extensions = cert.extensions.as_ref().ok_or(CertificateError::InvalidFormat)?;
 
     let san = extensions
@@ -141,13 +141,7 @@ fn try_extract_san(cert: &x509_cert::TbsCertificate) -> RustyAcmeResult<(String,
             // a ClientId (since it's the most characterizable) and else fallback to a handle
             if let Ok(cid) = ClientId::try_from_uri(name) {
                 client_id = Some(cid.to_qualified());
-            } else if name.starts_with(ClientId::URI_PREFIX) {
-                let h = name
-                    .strip_prefix(ClientId::URI_PREFIX)
-                    .ok_or(RustyAcmeError::ImplementationError)?
-                    .strip_prefix(Handle::PREFIX)
-                    .ok_or(RustyAcmeError::ImplementationError)?
-                    .to_string();
+            } else if let Ok(h) = QualifiedHandle::try_from(name) {
                 handle = Some(h);
             }
             Ok(())

diff --git a/e2e-identity/README.md b/e2e-identity/README.md
diff --git a/e2e-identity/tests/api.rs b/e2e-identity/tests/api.rs
@@ -20,7 +20,7 @@ fn e2e_api() {
         let qualified_client_id = format!("{user_id}:{device_id}@{domain}");
 
         let display_name = "Alice Smith";
-        let handle = Handle::from("alice_wire").to_qualified(domain);
+        let qualified_handle = Handle::from("alice_wire").to_qualified(domain);
         let team = "wire";
 
         // GET http://acme-server/directory
@@ -73,7 +73,7 @@ fn e2e_api() {
                 .acme_new_order_request(
                     display_name,
                     &qualified_client_id,
-                    handle.as_str(),
+                    qualified_handle.as_str(),
                     expiry,
                     &directory,
                     &account,
@@ -155,6 +155,7 @@ fn e2e_api() {
         // POST http://wire-server/client-dpop-token
         let access_token = {
             let expiry = Duration::from_days(1).into();
+            let handle = Handle::try_from(qualified_handle.clone()).unwrap();
             let client_dpop_token = enrollment
                 .new_dpop_token(
                     &qualified_client_id.clone(),
@@ -175,7 +176,7 @@ fn e2e_api() {
             let access_token = RustyJwtTools::generate_access_token(
                 client_dpop_token.as_str(),
                 &alice,
-                handle.into(),
+                qualified_handle.into(),
                 team.into(),
                 backend_nonce,
                 htu,

diff --git a/e2e-identity/tests/e2e.rs b/e2e-identity/tests/e2e.rs
@@ -27,7 +27,7 @@ fn docker() -> &'static Cli {
 #[tokio::test]
 async fn demo_should_succeed() {
     let test = E2eTest::new_demo().start(docker()).await;
-    assert!(test.nominal_enrollment().await.is_ok());
+    test.nominal_enrollment().await.unwrap();
 }
 
 /// Tests the nominal case and prints the pretty output with the mermaid chart in this crate README.

diff --git a/e2e-identity/tests/utils/cfg.rs b/e2e-identity/tests/utils/cfg.rs
@@ -101,6 +101,7 @@ impl<'a> E2eTest<'a> {
         let wire_client_id = random::<u64>();
         let sub = ClientId::try_new(wire_user_id.to_string(), wire_client_id, &domain).unwrap();
         let (handle, team, password) = ("alice_wire", "wire", "foo");
+        let qualified_handle = Handle::from(handle).to_qualified(&domain);
         let email = format!("alicesmith@{domain}");
         let audience = "wireapp";
         let client_secret = rand_base64_str(24);
@@ -157,7 +158,7 @@ impl<'a> E2eTest<'a> {
             ldap_cfg: LdapCfg {
                 host: ldap_host.to_string(),
                 display_name: display_name.to_string(),
-                handle: format!("{}%40{handle}@{domain}", ClientId::URI_PREFIX),
+                handle: qualified_handle.to_string(),
                 email,
                 password: password.to_string(),
                 domain: domain.to_string(),

diff --git a/e2e-identity/tests/utils/display.rs b/e2e-identity/tests/utils/display.rs
@@ -256,7 +256,11 @@ impl Event {
             Self::Step { number, title } => println!("{number}. {title}"),
             Self::Chapter { comment } => println!("----- {comment} -----\n"),
             Self::Token { label, token, .. } => println!("{label}: https://jwt.io/#id_token={token}\n"),
-            Self::Certificate { label, cert } => println!("{label}:\n{cert}\n"),
+            Self::Certificate { label, cert } => {
+                let (pretty, verify) = self.cert_pretty();
+                // println!("{label}:\n{cert}\n")
+                println!("{label}\n{verify}\n```\n{cert}\n```\n```\n{pretty}\n```\n")
+            }
             Self::Csr { label, cert } => println!("{label}:\n{cert}\n"),
             Self::Request { req: Some(req), .. } => println!("=> {req:?}\n"),
             Self::Response { resp: Some(resp), .. } => println!("<= {resp:?}"),
@@ -340,7 +344,7 @@ Decoded:
             }
             Self::Certificate { label, cert } => {
                 let (pretty, verify) = self.cert_pretty();
-                format!("###### {label}\n{verify}\n```\n{cert}\n```\n```\n{pretty}\n```\n",)
+                format!("###### {label}\n{verify}\n```\n{cert}\n```\n```\n{pretty}\n```\n")
             }
             Self::Csr { label, cert } => {
                 let (pretty, verify) = self.cert_pretty();

diff --git a/jwt/src/model/handle.rs b/jwt/src/model/handle.rs
@@ -14,11 +14,17 @@ impl Handle {
     }
 }
 
-impl From<QualifiedHandle> for Handle {
-    fn from(qh: QualifiedHandle) -> Self {
-        qh.trim_start_matches(ClientId::URI_PREFIX)
-            .trim_start_matches(Self::PREFIX)
-            .into()
+impl TryFrom<QualifiedHandle> for Handle {
+    type Error = RustyJwtError;
+
+    fn try_from(qh: QualifiedHandle) -> RustyJwtResult<Self> {
+        let trimmed = qh
+            .trim_start_matches(ClientId::URI_PREFIX)
+            .trim_start_matches(Self::PREFIX);
+        let Some((handle, _)) = trimmed.rsplit_once('@') else {
+            return Err(RustyJwtError::InvalidHandle);
+        };
+        Ok(handle.into())
     }
 }
 
@@ -61,6 +67,13 @@ impl TryFrom<String> for QualifiedHandle {
         }
     }
 }
+impl TryFrom<&str> for QualifiedHandle {
+    type Error = RustyJwtError;
+
+    fn try_from(s: &str) -> RustyJwtResult<Self> {
+        s.to_string().try_into()
+    }
+}
 
 #[cfg(test)]
 impl Default for QualifiedHandle {