Commit bundles for subconversations (#2932)

* Add subconversation group info endpoint (wip, untested)

* Fill implemention holes

* refactor clientmap and add TODO for check

* Throw when a client is not in the parent conv

* Remove duplication in MLSConversation type

* Refactor: Introduce incrementEpoch

* Refactor: unqualify parent in SubConversation type

* Bump mls-test-cli

* Store group info bundle for subconvs

* Fix epoch increment query for subconvs

* Add join subconversation test

* Turn TODO into FUTUREWORK

* Add stubs of more subconversation tests

* Add CHANGELOG entries

* Deduplicate function to fetch remote group info

Co-authored-by: Stefan Matting <stefan@wire.com>
Co-authored-by: Marko Dimjašević <marko.dimjasevic@wire.com>

changelog.d/1-api-changes/get-subconversation-groupinfo

@@ -0,0 +1 @@
+Add `GET /conversations/:domain/:cid/subconversations/:id/groupinfo` endpoint to fetch the group info object for a subconversation

changelog.d/2-features/subconv-commit-bundles

@@ -0,0 +1 @@
+Add support for subconversations in `POST /mls/commit-bundles`

libs/wire-api-federation/src/Wire/API/Federation/API/Galley.hs

@@ -351,9 +351,9 @@ data MLSMessageResponse
   deriving (ToJSON, FromJSON) via (CustomEncoded MLSMessageResponse)
 
 data GetGroupInfoRequest = GetGroupInfoRequest
-  { -- | Conversation is assumed to be owned by the target domain, this allows
-    -- us to protect against relay attacks
-    ggireqConv :: ConvId,
+  { -- | Conversation (or subconversation) is assumed to be owned by the target
+    -- domain, this allows us to protect against relay attacks
+    ggireqConv :: ConvOrSubConvId,
     -- | Sender is assumed to be owned by the origin domain, this allows us to
     -- protect against spoofing attacks
     ggireqSender :: UserId

libs/wire-api/src/Wire/API/MLS/SubConversation.hs

@@ -46,10 +46,9 @@ import Wire.Arbitrary
 -- conversation. The pair of a qualified conversation ID and a subconversation
 -- ID identifies globally.
 newtype SubConvId = SubConvId {unSubConvId :: Text}
-  deriving newtype (Eq, ToSchema, Ord)
+  deriving newtype (Eq, ToSchema, Ord, S.ToParamSchema, ToByteString)
   deriving stock (Generic)
   deriving (Arbitrary) via (GenericUniform SubConvId)
-  deriving newtype (S.ToParamSchema)
   deriving stock (Show)
 
 instance FromHttpApiData SubConvId where

libs/wire-api/src/Wire/API/Routes/Public/Galley/Conversation.hs

@@ -396,6 +396,27 @@ type ConversationAPI =
                         PublicSubConversation
                     )
            )
+    :<|> Named
+           "get-subconversation-group-info"
+           ( Summary "Get MLS group information of subconversation"
+               :> CanThrow 'ConvNotFound
+               :> CanThrow 'MLSMissingGroupInfo
+               :> CanThrow 'MLSNotEnabled
+               :> ZLocalUser
+               :> "conversations"
+               :> QualifiedCapture "cnv" ConvId
+               :> "subconversations"
+               :> Capture "subconv" SubConvId
+               :> "groupinfo"
+               :> MultiVerb1
+                    'GET
+                    '[MLS]
+                    ( Respond
+                        200
+                        "The group information"
+                        OpaquePublicGroupState
+                    )
+           )
     -- This endpoint can lead to the following events being sent:
     -- - ConvCreate event to members
     -- TODO: add note: "On 201, the conversation ID is the `Location` header"

nix/pkgs/mls-test-cli/default.nix

@@ -15,8 +15,8 @@ rustPlatform.buildRustPackage rec {
   src = fetchFromGitHub {
     owner = "wireapp";
     repo = "mls-test-cli";
-    sha256 = "sha256-/XQ/9oQTPkRqgMzDGRm+Oh9jgkdeDM1vRJ6/wEf2+bY=";
-    rev = "c6f80be2839ac1ed2894e96044541d1c3cf6ecdf";
+    sha256 = "sha256-FjgAcYdUr/ZWdQxbck2UEG6NEEQLuz0S4a55hrAxUs4=";
+    rev = "82fc148964ef5baa92a90d086fdc61adaa2b5dbf";
   };
   doCheck = false;
   cargoSha256 = "sha256-AlZrxa7f5JwxxrzFBgeFSaYU6QttsUpfLYfq1HzsdbE=";

services/galley/galley.cabal

@@ -31,6 +31,7 @@ library
     Galley.API.Mapping
     Galley.API.Message
     Galley.API.MLS
+    Galley.API.MLS.Conversation
     Galley.API.MLS.Enabled
     Galley.API.MLS.GroupInfo
     Galley.API.MLS.KeyPackage

services/galley/src/Galley/API/Action.hs

@@ -635,8 +635,8 @@ updateLocalConversationUnchecked lconv qusr con action = do
     (convBotsAndMembers conv <> extraTargets)
     action'
 
--- --------------------------------------------------------------------------------
--- -- Utilities
+--------------------------------------------------------------------------------
+-- Utilities
 
 ensureConversationActionAllowed ::
   forall tag mem x r.

services/galley/src/Galley/API/Federation.hs

@@ -44,6 +44,7 @@ import Galley.API.MLS.GroupInfo
 import Galley.API.MLS.KeyPackage
 import Galley.API.MLS.Message
 import Galley.API.MLS.Removal
+import Galley.API.MLS.SubConversation
 import Galley.API.MLS.Welcome
 import qualified Galley.API.Mapping as Mapping
 import Galley.API.Message
@@ -91,6 +92,7 @@ import Wire.API.MLS.Credential
 import Wire.API.MLS.Message
 import Wire.API.MLS.PublicGroupState
 import Wire.API.MLS.Serialisation
+import Wire.API.MLS.SubConversation
 import Wire.API.MLS.Welcome
 import Wire.API.Message
 import Wire.API.Routes.Internal.Brig.Connection
@@ -795,7 +797,8 @@ queryGroupInfo ::
   ( Members
       '[ ConversationStore,
          Input (Local ()),
-         Input Env
+         Input Env,
+         SubConversationStore
        ]
       r,
     Member MemberStore r
@@ -809,9 +812,14 @@ queryGroupInfo origDomain req =
     . mapToGalleyError @MLSGroupInfoStaticErrors
     $ do
       assertMLSEnabled
-      lconvId <- qualifyLocal . ggireqConv $ req
       let sender = toRemoteUnsafe origDomain . ggireqSender $ req
-      state <- getGroupInfoFromLocalConv (tUntagged sender) lconvId
+      state <- case ggireqConv req of
+        Conv convId -> do
+          lconvId <- qualifyLocal convId
+          getGroupInfoFromLocalConv (tUntagged sender) lconvId
+        SubConv convId subConvId -> do
+          lconvId <- qualifyLocal convId
+          getSubConversationGroupInfoFromLocalConv (tUntagged sender) subConvId lconvId
       pure
         . Base64ByteString
         . unOpaquePublicGroupState

services/galley/src/Galley/API/MLS/Conversation.hs

@@ -0,0 +1,57 @@
+-- This file is part of the Wire Server implementation.
+--
+-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
+--
+-- This program is free software: you can redistribute it and/or modify it under
+-- the terms of the GNU Affero General Public License as published by the Free
+-- Software Foundation, either version 3 of the License, or (at your option) any
+-- later version.
+--
+-- This program is distributed in the hope that it will be useful, but WITHOUT
+-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+-- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+-- details.
+--
+-- You should have received a copy of the GNU Affero General Public License along
+-- with this program. If not, see <https://www.gnu.org/licenses/>.
+
+module Galley.API.MLS.Conversation
+  ( mkMLSConversation,
+    mcConv,
+  )
+where
+
+import Galley.API.MLS.Types
+import Galley.Data.Conversation.Types as Data
+import Galley.Effects.MemberStore
+import Imports
+import Polysemy
+import Wire.API.Conversation.Protocol
+
+mkMLSConversation ::
+  Member MemberStore r =>
+  Data.Conversation ->
+  Sem r (Maybe MLSConversation)
+mkMLSConversation conv =
+  for (Data.mlsMetadata conv) $ \mlsData -> do
+    cm <- lookupMLSClients (cnvmlsGroupId mlsData)
+    pure
+      MLSConversation
+        { mcId = Data.convId conv,
+          mcMetadata = Data.convMetadata conv,
+          mcLocalMembers = Data.convLocalMembers conv,
+          mcRemoteMembers = Data.convRemoteMembers conv,
+          mcMLSData = mlsData,
+          mcMembers = cm
+        }
+
+mcConv :: MLSConversation -> Data.Conversation
+mcConv mlsConv =
+  Data.Conversation
+    { convId = mcId mlsConv,
+      convLocalMembers = mcLocalMembers mlsConv,
+      convRemoteMembers = mcRemoteMembers mlsConv,
+      convDeleted = False,
+      convMetadata = mcMetadata mlsConv,
+      convProtocol = ProtocolMLS (mcMLSData mlsConv)
+    }

services/galley/src/Galley/API/MLS/GroupInfo.hs

@@ -37,6 +37,7 @@ import Wire.API.Federation.API
 import Wire.API.Federation.API.Galley
 import Wire.API.Federation.Error
 import Wire.API.MLS.PublicGroupState
+import Wire.API.MLS.SubConversation
 
 type MLSGroupInfoStaticErrors =
   '[ ErrorS 'ConvNotFound,
@@ -62,7 +63,7 @@ getGroupInfo lusr qcnvId = do
   foldQualified
     lusr
     (getGroupInfoFromLocalConv . tUntagged $ lusr)
-    (getGroupInfoFromRemoteConv lusr)
+    (getGroupInfoFromRemoteConv lusr . fmap Conv)
     qcnvId
 
 getGroupInfoFromLocalConv ::
@@ -84,7 +85,7 @@ getGroupInfoFromRemoteConv ::
   Members '[Error FederationError, FederatorAccess] r =>
   Members MLSGroupInfoStaticErrors r =>
   Local UserId ->
-  Remote ConvId ->
+  Remote ConvOrSubConvId ->
   Sem r OpaquePublicGroupState
 getGroupInfoFromRemoteConv lusr rcnv = do
   let getRequest =