From a532d15f737700c869e218254b70cf4f8785aae1 Mon Sep 17 00:00:00 2001
From: Leif Battermann <leif.battermann@wire.com>
Date: Tue, 16 Jan 2024 17:05:19 +0000
Subject: [PATCH 1/4] wip: update mls-test-cli

---
 integration/test/MLS/Util.hs                 |  2 +-
 integration/test/Test/MLS.hs                 |  5 ++---
 libs/wire-api/src/Wire/API/MLS/Credential.hs |  4 ++--
 libs/wire-api/src/Wire/API/MLS/KeyPackage.hs |  1 +
 libs/wire-api/test/unit/Test/Wire/API/MLS.hs | 11 +++++++++--
 nix/pkgs/mls-test-cli/default.nix            |  8 ++++----
 6 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/integration/test/MLS/Util.hs b/integration/test/MLS/Util.hs
index 23686c5f18b..670b4301369 100644
--- a/integration/test/MLS/Util.hs
+++ b/integration/test/MLS/Util.hs
@@ -747,7 +747,7 @@ createApplicationMessage cid messageContent = do
   message <-
     mlscli
       cid
-      ["message", "--group-in", "<group-in>", messageContent, "--group-out", "<group-out>"]
+      ["message", "--group", "<group-in>", messageContent, "--group-out", "<group-out>"]
       Nothing
 
   pure
diff --git a/integration/test/Test/MLS.hs b/integration/test/Test/MLS.hs
index 4315b64f553..049d3d8d4a7 100644
--- a/integration/test/Test/MLS.hs
+++ b/integration/test/Test/MLS.hs
@@ -319,9 +319,8 @@ testMLSProtocolUpgrade secondDomain = do
     resp.status `shouldMatchInt` 200
     resp.json %. "protocol" `shouldMatch` "mls"
 
--- TODO(leif): temporarily disabled to unblock client devs. Fix mls-test-cli and re-enable ASAP.
-_testAddUserSimple :: HasCallStack => Ciphersuite -> CredentialType -> App ()
-_testAddUserSimple suite ctype = do
+testAddUserSimple :: HasCallStack => Ciphersuite -> CredentialType -> App ()
+testAddUserSimple suite ctype = do
   setMLSCiphersuite suite
   [alice, bob] <- createAndConnectUsers [OwnDomain, OwnDomain]
   [alice1, bob1, bob2] <- traverse (createMLSClient def {credType = ctype}) [alice, bob, bob]
diff --git a/libs/wire-api/src/Wire/API/MLS/Credential.hs b/libs/wire-api/src/Wire/API/MLS/Credential.hs
index facf313a3e9..f4b74c6f1d3 100644
--- a/libs/wire-api/src/Wire/API/MLS/Credential.hs
+++ b/libs/wire-api/src/Wire/API/MLS/Credential.hs
@@ -135,13 +135,13 @@ instance ParseMLS ClientIdentity where
       either fail pure . (mkDomain . T.pack) =<< many' anyChar
     pure $ ClientIdentity dom uid cid
 
--- format of the x509 client identity: {userid}!{deviceid}@{host}
+-- format of the x509 client identity: {userid}%21{deviceid}@{host}
 parseX509ClientIdentity :: Get ClientIdentity
 parseX509ClientIdentity = do
   b64uuid <- getByteString 22
   uidBytes <- either fail pure $ B64URL.decodeUnpadded b64uuid
   uid <- maybe (fail "Invalid UUID") (pure . Id) $ fromByteString (L.fromStrict uidBytes)
-  char '!'
+  string "%21"
   cid <- ClientId <$> hexadecimal
   char '@'
   dom <-
diff --git a/libs/wire-api/src/Wire/API/MLS/KeyPackage.hs b/libs/wire-api/src/Wire/API/MLS/KeyPackage.hs
index 15caaa4dba7..906ec74fc58 100644
--- a/libs/wire-api/src/Wire/API/MLS/KeyPackage.hs
+++ b/libs/wire-api/src/Wire/API/MLS/KeyPackage.hs
@@ -29,6 +29,7 @@ module Wire.API.MLS.KeyPackage
     kpRef',
     KeyPackageTBS (..),
     KeyPackageRef (..),
+    sanIdentity,
   )
 where
 
diff --git a/libs/wire-api/test/unit/Test/Wire/API/MLS.hs b/libs/wire-api/test/unit/Test/Wire/API/MLS.hs
index ea8a6b38ad8..cb8c91f35cb 100644
--- a/libs/wire-api/test/unit/Test/Wire/API/MLS.hs
+++ b/libs/wire-api/test/unit/Test/Wire/API/MLS.hs
@@ -61,9 +61,16 @@ tests =
       testCase "parse application message" testParseApplication,
       testCase "parse welcome and groupinfo message" testParseWelcomeAndGroupInfo,
       testCase "key package ref" testKeyPackageRef,
-      testCase "create signed remove proposal" testRemoveProposalMessageSignature
+      testCase "create signed remove proposal" testRemoveProposalMessageSignature,
+      testCase "parse client identity" testParseClientIdentity
     ]
 
+testParseClientIdentity :: IO ()
+testParseClientIdentity = do
+  let cid = "wireapp://qHiDLsbkT2-p9uSJsmrZ_A%217f39900830740008@wire.com"
+  let actual = sanIdentity cid
+  show <$> actual @?= Right "a878832e-c6e4-4f6f-a9f6-e489b26ad9fc:7f39900830740008@wire.com"
+
 testParseKeyPackage :: IO ()
 testParseKeyPackage = do
   alice <- randomIdentity
@@ -123,7 +130,7 @@ testParseApplication = do
   msgData <- withSystemTempDirectory "mls" $ \tmp -> do
     void $ spawn (cli qcid tmp ["init", qcid]) Nothing
     groupJSON <- spawn (cli qcid tmp ["group", "create", "Zm9v"]) Nothing
-    spawn (cli qcid tmp ["message", "--group-in", "-", "hello"]) (Just groupJSON)
+    spawn (cli qcid tmp ["message", "--group", "-", "hello"]) (Just groupJSON)
 
   msg <- case decodeMLS' @Message msgData of
     Left err -> assertFailure (T.unpack err)
diff --git a/nix/pkgs/mls-test-cli/default.nix b/nix/pkgs/mls-test-cli/default.nix
index 9b755e9b6aa..32fea1f6c57 100644
--- a/nix/pkgs/mls-test-cli/default.nix
+++ b/nix/pkgs/mls-test-cli/default.nix
@@ -7,16 +7,16 @@ rustPlatform.buildRustPackage rec {
   src = fetchFromGitHub {
     owner = "wireapp";
     repo = "mls-test-cli";
-    rev = "baaa5c78411a5bf6d697803276b991523c111631";
-    sha256 = "sha256-M6bWB5hWl+WSblcH6L+AyGD+7ef9TvRs8wKYq7lJyS8=";
+    rev = "c03e0f21a27f30a4aeb6381ffd43910a69b5dc19";
+    sha256 = "sha256-BFdkGm+HUNaWbKu5p32C9oJXNo4wYDfYCG8OGAVZPDc=";
   };
   pname = "mls-test-cli";
-  version = "0.9.0";
+  version = "0.10.2";
   cargoLock = {
     lockFile = "${src}/Cargo.lock";
     outputHashes = {
       "hpke-0.10.0" = "sha256-T1+BFwX6allljNZ/8T3mrWhOejnUU27BiWQetqU+0fY=";
-      "openmls-1.0.0" = "sha256-tAIm8+IgubNnU2M2A5cxHY5caiEQmisw73I9/cqfvUc=";
+      "openmls-1.0.0" = "sha256-s1ejM/aicFGvsKY7ajEun1Mc645/k8QVrE8YSbyD3Fg=";
       "safe_pqc_kyber-0.6.0" = "sha256-Ch1LA+by+ezf5RV0LDSQGC1o+IWKXk8IPvkwSrAos68=";
       "tls_codec-0.3.0" = "sha256-IO6tenXKkC14EoUDp/+DtFNOVzDfOlLu8K1EJI7sOzs=";
     };

From f8fbcb21fd7c30dcf42a126e6845bbacfcc5a09d Mon Sep 17 00:00:00 2001
From: Leif Battermann <leif.battermann@wire.com>
Date: Wed, 17 Jan 2024 09:32:35 +0000
Subject: [PATCH 2/4] updated mls-test-cli

---
 nix/pkgs/mls-test-cli/default.nix | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/nix/pkgs/mls-test-cli/default.nix b/nix/pkgs/mls-test-cli/default.nix
index 32fea1f6c57..14b24054f91 100644
--- a/nix/pkgs/mls-test-cli/default.nix
+++ b/nix/pkgs/mls-test-cli/default.nix
@@ -7,8 +7,8 @@ rustPlatform.buildRustPackage rec {
   src = fetchFromGitHub {
     owner = "wireapp";
     repo = "mls-test-cli";
-    rev = "c03e0f21a27f30a4aeb6381ffd43910a69b5dc19";
-    sha256 = "sha256-BFdkGm+HUNaWbKu5p32C9oJXNo4wYDfYCG8OGAVZPDc=";
+    rev = "7d97772f52f8dfaae79d4c73de2e32b551d2d0bf";
+    sha256 = "sha256-OU/bEz98Gh/HPVymGpoQ2K4ccpTZIV0xwsgEEnakOws=";
   };
   pname = "mls-test-cli";
   version = "0.10.2";
@@ -16,8 +16,8 @@ rustPlatform.buildRustPackage rec {
     lockFile = "${src}/Cargo.lock";
     outputHashes = {
       "hpke-0.10.0" = "sha256-T1+BFwX6allljNZ/8T3mrWhOejnUU27BiWQetqU+0fY=";
-      "openmls-1.0.0" = "sha256-s1ejM/aicFGvsKY7ajEun1Mc645/k8QVrE8YSbyD3Fg=";
-      "safe_pqc_kyber-0.6.0" = "sha256-Ch1LA+by+ezf5RV0LDSQGC1o+IWKXk8IPvkwSrAos68=";
+      "openmls-1.0.0" = "sha256-nyIMAlTy7CTV0bVQ0ytamKHpERgtsVKTX4zv7aHzemo=";
+      "safe_pqc_kyber-0.6.2" = "sha256-9t+IIohCJcMIWRtqLA0idyMmjev82BtpST15Tthlge4=";
       "tls_codec-0.3.0" = "sha256-IO6tenXKkC14EoUDp/+DtFNOVzDfOlLu8K1EJI7sOzs=";
     };
   };

From 5a949f07110bee66b85433910b815c27f4dbbd91 Mon Sep 17 00:00:00 2001
From: Leif Battermann <leif.battermann@wire.com>
Date: Wed, 17 Jan 2024 10:46:48 +0000
Subject: [PATCH 3/4] tmp disable test

---
 integration/test/Test/MLS.hs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/integration/test/Test/MLS.hs b/integration/test/Test/MLS.hs
index 049d3d8d4a7..4315b64f553 100644
--- a/integration/test/Test/MLS.hs
+++ b/integration/test/Test/MLS.hs
@@ -319,8 +319,9 @@ testMLSProtocolUpgrade secondDomain = do
     resp.status `shouldMatchInt` 200
     resp.json %. "protocol" `shouldMatch` "mls"
 
-testAddUserSimple :: HasCallStack => Ciphersuite -> CredentialType -> App ()
-testAddUserSimple suite ctype = do
+-- TODO(leif): temporarily disabled to unblock client devs. Fix mls-test-cli and re-enable ASAP.
+_testAddUserSimple :: HasCallStack => Ciphersuite -> CredentialType -> App ()
+_testAddUserSimple suite ctype = do
   setMLSCiphersuite suite
   [alice, bob] <- createAndConnectUsers [OwnDomain, OwnDomain]
   [alice1, bob1, bob2] <- traverse (createMLSClient def {credType = ctype}) [alice, bob, bob]

From 5fb2da9c8bb2a4aa02632eea7c178efe4b5e0466 Mon Sep 17 00:00:00 2001
From: Leif Battermann <leif.battermann@wire.com>
Date: Wed, 17 Jan 2024 11:26:58 +0000
Subject: [PATCH 4/4] revert mls-test-cli upgrade

---
 integration/test/MLS/Util.hs                 |  2 +-
 libs/wire-api/test/unit/Test/Wire/API/MLS.hs |  2 +-
 nix/pkgs/mls-test-cli/default.nix            | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/integration/test/MLS/Util.hs b/integration/test/MLS/Util.hs
index 670b4301369..23686c5f18b 100644
--- a/integration/test/MLS/Util.hs
+++ b/integration/test/MLS/Util.hs
@@ -747,7 +747,7 @@ createApplicationMessage cid messageContent = do
   message <-
     mlscli
       cid
-      ["message", "--group", "<group-in>", messageContent, "--group-out", "<group-out>"]
+      ["message", "--group-in", "<group-in>", messageContent, "--group-out", "<group-out>"]
       Nothing
 
   pure
diff --git a/libs/wire-api/test/unit/Test/Wire/API/MLS.hs b/libs/wire-api/test/unit/Test/Wire/API/MLS.hs
index cb8c91f35cb..b1f51f3b259 100644
--- a/libs/wire-api/test/unit/Test/Wire/API/MLS.hs
+++ b/libs/wire-api/test/unit/Test/Wire/API/MLS.hs
@@ -130,7 +130,7 @@ testParseApplication = do
   msgData <- withSystemTempDirectory "mls" $ \tmp -> do
     void $ spawn (cli qcid tmp ["init", qcid]) Nothing
     groupJSON <- spawn (cli qcid tmp ["group", "create", "Zm9v"]) Nothing
-    spawn (cli qcid tmp ["message", "--group", "-", "hello"]) (Just groupJSON)
+    spawn (cli qcid tmp ["message", "--group-in", "-", "hello"]) (Just groupJSON)
 
   msg <- case decodeMLS' @Message msgData of
     Left err -> assertFailure (T.unpack err)
diff --git a/nix/pkgs/mls-test-cli/default.nix b/nix/pkgs/mls-test-cli/default.nix
index 14b24054f91..9b755e9b6aa 100644
--- a/nix/pkgs/mls-test-cli/default.nix
+++ b/nix/pkgs/mls-test-cli/default.nix
@@ -7,17 +7,17 @@ rustPlatform.buildRustPackage rec {
   src = fetchFromGitHub {
     owner = "wireapp";
     repo = "mls-test-cli";
-    rev = "7d97772f52f8dfaae79d4c73de2e32b551d2d0bf";
-    sha256 = "sha256-OU/bEz98Gh/HPVymGpoQ2K4ccpTZIV0xwsgEEnakOws=";
+    rev = "baaa5c78411a5bf6d697803276b991523c111631";
+    sha256 = "sha256-M6bWB5hWl+WSblcH6L+AyGD+7ef9TvRs8wKYq7lJyS8=";
   };
   pname = "mls-test-cli";
-  version = "0.10.2";
+  version = "0.9.0";
   cargoLock = {
     lockFile = "${src}/Cargo.lock";
     outputHashes = {
       "hpke-0.10.0" = "sha256-T1+BFwX6allljNZ/8T3mrWhOejnUU27BiWQetqU+0fY=";
-      "openmls-1.0.0" = "sha256-nyIMAlTy7CTV0bVQ0ytamKHpERgtsVKTX4zv7aHzemo=";
-      "safe_pqc_kyber-0.6.2" = "sha256-9t+IIohCJcMIWRtqLA0idyMmjev82BtpST15Tthlge4=";
+      "openmls-1.0.0" = "sha256-tAIm8+IgubNnU2M2A5cxHY5caiEQmisw73I9/cqfvUc=";
+      "safe_pqc_kyber-0.6.0" = "sha256-Ch1LA+by+ezf5RV0LDSQGC1o+IWKXk8IPvkwSrAos68=";
       "tls_codec-0.3.0" = "sha256-IO6tenXKkC14EoUDp/+DtFNOVzDfOlLu8K1EJI7sOzs=";
     };
   };