Add crypto methods for export and import of secrets bundle

[t3chguy]

Split out from #4134

[BillCarsonFr]

Some minor comments

[BillCarsonFr]

Why do we need this? isn't it already in the index.d.ts of matrix-sdk-crypto-wasm?

[t3chguy]

Yes but with return types of any - see matrix-org/matrix-rust-sdk-crypto-wasm#110

[t3chguy]

[richvdh]

This should be fixed on the wasm side; matrix-org/matrix-rust-sdk-crypto-wasm#123 does so but it will need a release cycle :/

[richvdh]

Well, that PR doesn't help with the return type of SecretsBundle.to_json, to be fair. On the other hand: do you actually need to introspect the result of SecretsBundle.to_json outside of tests (where I would be inclined to do some @ts-ignoreing rather than have a separate definition to keep in step)?

[t3chguy]

Well, that PR doesn't help with the return type of SecretsBundle.to_json, to be fair. On the other hand: do you actually need to introspect the result of SecretsBundle.to_json outside of tests (where I would be inclined to do some @ts-ignoreing rather than have a separate definition to keep in step)?

It should still be a useful type otherwise you'll get junk into the import method. If it isn't meant to be introspectable then it should be a branded type so a round-trip export->import works without needing to rely on any

[BillCarsonFr]

Maybe we could check the getCrossSigningStatus? and see that the identity is there and trusted?

[t3chguy]

Done

[t3chguy]

This causes the test to hang on OlmMachine::getIdentity and I have 0 introspection on the rust side of things to debug this.

[richvdh]

Yes, getCrossSigningStatus will want to fire off /keys/query requests and wait for them to complete, so that is more of an integration-test thing.

That said: some integration tests here might be nice?

[richvdh]

Is this related to MSC4108?

[richvdh]

Yes, getCrossSigningStatus will want to fire off /keys/query requests and wait for them to complete, so that is more of an integration-test thing.

That said: some integration tests here might be nice?

[t3chguy]

Is this related to MSC4108?

That is one consumer of such functions, but the Crypto crate doesn't seem to state that it is specific to MSC4108 so neither will this implementation be. Updated.

[t3chguy]

That said: some integration tests here might be nice?

I disagree. The docs on the methods I'm calling don't describe fully what it does so I cannot really form a full integration test without it being brittle with the exception of the assumption that importing and exporting round-trip successfully.

[richvdh]

The docs on the methods I'm calling don't describe fully what it does so I cannot really form a full integration test without it being brittle with the exception of the assumption that importing and exporting round-trip successfully.

I don't really understand your objection here, I'm afraid. The docs on the rust crate say that the methods import/export the cross-signing keys, and indeed your own documentation (yay, documentation, thank you!) says that of the new methods in CryptoApi.

So can't we test that? We could export the secrets bundle from one MatrixClient, and import it into another, and then check that the second client has the same cross-signing keys as the first.

Frankly, if your argument is "I can't write an integration test because I don't understand what it dos (edit: removed this, it wasn't what I meant to say)

I think a better argument is that these are very thin wrappers, and the cost/benefit of writing a complicated integration test is low, given the meat of the functionality should already be tested at the rust-sdk level.

[t3chguy]

We could export the secrets bundle from one MatrixClient, and import it into another, and then check that the second client has the same cross-signing keys as the first.

We already do. I exported a bundle from a test account & baked it into the test, import it and validate that exporting yields the same bundle once again.

[richvdh]

errr I seem to have pressed enter halfway through editing that comment, so sorry for the half-formed thoughts

[richvdh]

We could export the secrets bundle from one MatrixClient, and import it into another, and then check that the second client has the same cross-signing keys as the first.

We already do. I exported a bundle from a test account & baked it into the test, import it and validate that exporting yields the same bundle once again.

So we do. Apparently I need to read better.

[richvdh]

Thanks. Sorry this took a while to review.

[richvdh]

I still think there's way too much type magic going on here. As a caller of this function, how am I meant to build one of these things?

... I'm not going to block the PR further on it, though.

[t3chguy]

As a caller of this function, how am I meant to build one of these things?

you shouldn't construct manually, only ever exported by the matching export function

[richvdh]

I want to do some work in RustCrypto that will conflict with this, so merging