feat: Re-issue/send PDAs when first-party endpoint certificates are renewed #212
Conversation
With its own serialisation. Needed in relaycorp/awala-endpoint-android#212 TODO: - [x] Implement serialisation - [x] Define `CertificationPath` in PKI spec. - [x] Implement `validate()` method, which uses `path.leafCertificate.getCertificationPat(emptySet(), listOf(path.chain.last()))`
![kodiakhq[bot]](https://avatars.githubusercontent.com/in/29196?s=60&v=4){kind=small}
|
Hmm, one thing I just realised is that |
| val channelPreferences = | ||
| context.getSharedPreferences("awaladroid-channels", Context.MODE_PRIVATE) |
There was a problem hiding this comment.
This triggers a disk read immediately, we should delay it until we're inside a suspend function.
There was a problem hiding this comment.
Right, we don't want that! Good catch
|
|
||
| internal class ChannelManager( | ||
| sharedPreferences: SharedPreferences, | ||
| coroutineContext: CoroutineContext |
There was a problem hiding this comment.
You could default the context here instead, but that's a small detail.
| coroutineContext: CoroutineContext | ||
| ) { | ||
| internal val flowSharedPreferences: FlowSharedPreferences = | ||
| FlowSharedPreferences(sharedPreferences, coroutineContext) |
There was a problem hiding this comment.
It seems you are never using the Flow part of the FlowSharedPreferences, just using it to run things on a certain coroutine context. You could switch it for a normal SharePreferences + withContext() {} around the calls.
But maybe in the future we will need it.
There was a problem hiding this comment.
👍🏾 I like that! That's really the only reason why I integrated FlowSharedPreferences
kodiakhq
bot
deleted the
185-re-issue-and-send-pdas-when-first-party-endpoint-certificates-are-renewed
branch
|
🎉 This PR is included in version 1.8.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Fixes #185. It's also worth highlighting the following:
FirstPartyEndpoint.authorizeIndefinitely(), which is likeFirstPartyEndpoint.issueAuthorization(), except that it tracks which 3rd party endpoints are authorised in order to renew their PDAs automatically.FirstPartyEndpoint.issueAuthorization()but Letro will useFirstPartyEndpoint.authorizeIndefinitely().ChannelManager), which exists in the Awala protocol suite and refers to an established communication channel between two endpoints (which is end-to-end encrypted and where both are mutually authorised to send messages to each other).FirstPartyEndpoint.reissuePDAs()). This should be done as part of Re-register first-party endpoints when the private gateway's certificate changes #175.CertificationPathfrom the core Awala lib, which effectively duplicates the existingAuthorizationBundledata class. Once this PR is merged, I'll create a separate PR to replace the remaining uses ofAuthorizationBundle.Review notes
Of things that I'm likely to have got wrong here, I'd rank highly the use of
SharedPreferencesand coroutines (esp. where I have to specify a context explicitly), so please pay special attention to those.