Skip to content

feat: add Pki Environment API #1752

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fewerner wants to merge 32 commits into
base: main
Choose a base branch
from
Open

feat: add Pki Environment API #1752

fewerner wants to merge 32 commits into from

Conversation

@fewerner
Copy link
Contributor

@fewerner fewerner commented Jan 16, 2026

What's new in this PR

This PR adds a new PkiEnvironment to the API and decouples some pki related things from the mls session.

PR Submission Checklist for internal contributors
  • The PR Title
    • conforms to the style of semantic commits messages¹ supported in Wire's Github Workflow²
    • contains a reference JIRA issue number like SQPIT-764
    • answers the question: If merged, this PR will: ... ³
  1. https://sparkbox.com/foundry/semantic_commit_messages
  2. https://github.com/wireapp/.github#usage
  3. E.g. feat(conversation-list): Sort conversations by most emojis in the title #SQPIT-764.

@github-actions
Copy link

github-actions bot commented Jan 16, 2026
edited
Loading

🐰 Bencher Report

Branchfelix/feat/pki-environment
Testbedubuntu-latest

⚠️ WARNING: No Threshold found!

Without a Threshold, no Alerts will ever be generated.

Click here to create a new Threshold
For more information, see the Threshold documentation.
To only post results if a Threshold exists, set the --ci-only-thresholds flag.

Click to view all benchmark results
BenchmarkLatencymicroseconds (µs)
Commit add f(group size)/cs1/mem/1002📈 view plot
⚠️ NO THRESHOLD		15,729.00 µs
Commit add f(group size)/cs1/mem/2📈 view plot
⚠️ NO THRESHOLD		671.58 µs
Commit add f(group size)/cs1/mem/202📈 view plot
⚠️ NO THRESHOLD		3,895.80 µs
Commit add f(group size)/cs1/mem/402📈 view plot
⚠️ NO THRESHOLD		6,916.40 µs
Commit add f(group size)/cs1/mem/602📈 view plot
⚠️ NO THRESHOLD		10,524.00 µs
Commit add f(group size)/cs1/mem/802📈 view plot
⚠️ NO THRESHOLD		13,071.00 µs
Commit add f(number clients)/cs1/mem/1002📈 view plot
⚠️ NO THRESHOLD		983,680.00 µs
Commit add f(number clients)/cs1/mem/2📈 view plot
⚠️ NO THRESHOLD		697.48 µs
Commit add f(number clients)/cs1/mem/202📈 view plot
⚠️ NO THRESHOLD		79,290.00 µs
Commit add f(number clients)/cs1/mem/402📈 view plot
⚠️ NO THRESHOLD		216,000.00 µs
Commit add f(number clients)/cs1/mem/602📈 view plot
⚠️ NO THRESHOLD		422,970.00 µs
Commit add f(number clients)/cs1/mem/802📈 view plot
⚠️ NO THRESHOLD		677,310.00 µs
Commit pending proposals f(group size)/cs1/mem/1002📈 view plot
⚠️ NO THRESHOLD		113,510.00 µs
Commit pending proposals f(group size)/cs1/mem/2📈 view plot
⚠️ NO THRESHOLD		22,634.00 µs
Commit pending proposals f(group size)/cs1/mem/202📈 view plot
⚠️ NO THRESHOLD		40,990.00 µs
Commit pending proposals f(group size)/cs1/mem/402📈 view plot
⚠️ NO THRESHOLD		56,439.00 µs
Commit pending proposals f(group size)/cs1/mem/602📈 view plot
⚠️ NO THRESHOLD		75,572.00 µs
Commit pending proposals f(group size)/cs1/mem/802📈 view plot
⚠️ NO THRESHOLD		91,966.00 µs
Commit pending proposals f(pending size)/cs1/mem/1📈 view plot
⚠️ NO THRESHOLD		15,443.00 µs
Commit pending proposals f(pending size)/cs1/mem/101📈 view plot
⚠️ NO THRESHOLD		112,150.00 µs
Commit pending proposals f(pending size)/cs1/mem/21📈 view plot
⚠️ NO THRESHOLD		32,745.00 µs
Commit pending proposals f(pending size)/cs1/mem/41📈 view plot
⚠️ NO THRESHOLD		53,879.00 µs
Commit pending proposals f(pending size)/cs1/mem/61📈 view plot
⚠️ NO THRESHOLD		73,469.00 µs
Commit pending proposals f(pending size)/cs1/mem/81📈 view plot
⚠️ NO THRESHOLD		92,843.00 µs
Commit remove f(group size)/cs1/mem/1002📈 view plot
⚠️ NO THRESHOLD		9,861.20 µs
Commit remove f(group size)/cs1/mem/2📈 view plot
⚠️ NO THRESHOLD		525.22 µs
Commit remove f(group size)/cs1/mem/202📈 view plot
⚠️ NO THRESHOLD		1,965.90 µs
Commit remove f(group size)/cs1/mem/402📈 view plot
⚠️ NO THRESHOLD		3,562.60 µs
Commit remove f(group size)/cs1/mem/602📈 view plot
⚠️ NO THRESHOLD		5,568.30 µs
Commit remove f(group size)/cs1/mem/802📈 view plot
⚠️ NO THRESHOLD		7,439.60 µs
Commit remove f(number clients)/cs1/mem/1002📈 view plot
⚠️ NO THRESHOLD		13,161.00 µs
Commit remove f(number clients)/cs1/mem/2📈 view plot
⚠️ NO THRESHOLD		134,930.00 µs
Commit remove f(number clients)/cs1/mem/202📈 view plot
⚠️ NO THRESHOLD		111,150.00 µs
Commit remove f(number clients)/cs1/mem/402📈 view plot
⚠️ NO THRESHOLD		86,343.00 µs
Commit remove f(number clients)/cs1/mem/602📈 view plot
⚠️ NO THRESHOLD		62,549.00 µs
Commit remove f(number clients)/cs1/mem/802📈 view plot
⚠️ NO THRESHOLD		37,584.00 µs
Commit update f(group size)/cs1/mem/1002📈 view plot
⚠️ NO THRESHOLD		135,310.00 µs
Commit update f(group size)/cs1/mem/2📈 view plot
⚠️ NO THRESHOLD		681.58 µs
Commit update f(group size)/cs1/mem/202📈 view plot
⚠️ NO THRESHOLD		27,871.00 µs
Commit update f(group size)/cs1/mem/402📈 view plot
⚠️ NO THRESHOLD		55,153.00 µs
Commit update f(group size)/cs1/mem/602📈 view plot
⚠️ NO THRESHOLD		82,744.00 µs
Commit update f(group size)/cs1/mem/802📈 view plot
⚠️ NO THRESHOLD		108,640.00 µs
🐰 View full continuous benchmarking report in Bencher

@fewerner fewerner force-pushed the felix/feat/pki-environment branch from e9881d2 to 0e441d8 Compare January 16, 2026 14:26
@fewerner fewerner changed the title Felix/feat/pki environment feat: add Pki Environment API Jan 16, 2026
@fewerner fewerner force-pushed the felix/feat/pki-environment branch from 0e441d8 to a10d72d Compare January 16, 2026 15:05
@fewerner
Copy link
Contributor Author

fewerner commented Jan 16, 2026
edited
Loading

Except for vergen making problems with building, this is now only missing the swift test and support for the pki environment constructor in swift.

For that we want to add a db.getLocation() function to the public api, then remove the swift database wrapper.

@fewerner fewerner force-pushed the felix/feat/pki-environment branch 4 times, most recently from a1eae2c to 1e65cdf Compare January 19, 2026 17:19
@fewerner fewerner marked this pull request as ready for review January 19, 2026 17:49
@fewerner fewerner requested a review from a team January 19, 2026 17:49
coriolinus
coriolinus reviewed Jan 20, 2026
View reviewed changes
Copy link
Contributor

@coriolinus coriolinus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lots of comments, but most of them are nits. Great work!

I do think we should discuss whether the database instances can actually be independent or not. If they can't--as I now kind of think--then we might not need to keep track of a separate PKI DB after all. But if they can, then we might need more work in that case also:

  • a migrate_pki_data_to_new_database to be called once ever to move existing data from the old DB to the new
  • separate migrations for the new DB

crypto/src/e2e_identity/pki_env.rs Outdated
Comment on lines 169 to 173
/// Only used to authenticate with the user's identity provider
async fn authenticate(&self, idp: String, key_auth: String, acme_aud: String) -> OAuthResponse;

/// Only used for DPoP challenge
async fn fetch_backend_access_token(&self, dpop: String) -> String;
Copy link
Contributor

@coriolinus coriolinus Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you expand on the doc-comments for these methods a little? Could be I just don't have the right mental context right now, but if I were an implementer looking at this documentation I'd have a hard time figuring out what I was supposed to make these methods do.

crypto/src/transaction_context/e2e_identity/init_certificates.rs
"Getting PKI environment from transaction context",
))?;

let database = pki_environment.database();
Copy link
Contributor

@coriolinus coriolinus Jan 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that even though we've documented that the PKI environment database is theoretically independent of the CC database, it's not, because OpenMLS is still doing PKI things with the CC database. Which means that if we start doing updates to some independent PKI database while OpenMLS is still looking at the CC databse for PKI stuff, everything seems likely to explode.

The simplest resolution to all this is to just remove the documentation that the PKI environment can be an independent database.

@fewerner fewerner force-pushed the felix/feat/pki-environment branch 4 times, most recently from 3427fc5 to 7eaa100 Compare January 21, 2026 11:31
coriolinus
coriolinus reviewed Jan 22, 2026
View reviewed changes
@fewerner fewerner force-pushed the felix/feat/pki-environment branch 2 times, most recently from 1c5757e to fc0e6fc Compare January 22, 2026 09:40
@istankovic
Copy link
Member

istankovic commented Jan 22, 2026
edited
Loading

Commit 6557504 says:

feat: add pki environment to transaction context

When initializing the mls session we need to know if a pki environment
is set.  [...]

Why do we need to know if the PKI env is set during MLS session init?

istankovic
istankovic reviewed Jan 22, 2026
View reviewed changes
istankovic
istankovic reviewed Jan 22, 2026
View reviewed changes
istankovic
istankovic reviewed Jan 22, 2026
View reviewed changes
istankovic
istankovic reviewed Jan 22, 2026
View reviewed changes
istankovic
istankovic reviewed Jan 22, 2026
View reviewed changes
@fewerner
Copy link
Contributor Author

fewerner commented Jan 22, 2026
edited
Loading

Commit 6557504 says:

feat: add pki environment to transaction context

When initializing the mls session we need to know if a pki environment
is set.  [...]

Why do we need to know if the PKI env is set during MLS session init?

OpenMls requires us to have a PkiEnvironmentProvider as part of the MlsProvider held by the session. For that reason, we share this provider between the new PkiEnvironment type and the sessions MlsProvider so that they both point to the same instance. This sharing happens during construction of the PkiEnvironment or Session, depending on which has been initialized first.

istankovic
istankovic reviewed Jan 22, 2026
View reviewed changes
istankovic
istankovic reviewed Jan 22, 2026
View reviewed changes
istankovic
istankovic reviewed Jan 22, 2026
View reviewed changes
istankovic
istankovic reviewed Jan 22, 2026
View reviewed changes
fewerner added 27 commits January 23, 2026 18:39
@fewerner
feat: add pki environment to transaction context
5712a38 
When initializing the mls session we need to know if a pki environment
is set. If set we need to share the PkiEnvironmentProvider with the
session during mlsInit. Therefore, the transaction context needs to know
the pki environment.
@fewerner
feat!: set existing pki environment provider on mlsInit
10366cc 
If a mls session is initalized after a PKI environment was set then we
need to get the PkiEnvironmentProvider's reference into the
MlsCryptoProvider. If the PKi environment was not set before we will
take a default and update it whenever the PKI is set through CC.
@fewerner
feat: allow setting PKI to None
5654bbd
@fewerner
feat: add utility functions to pki environment
f5e1276 
Interactions with the pki happen in a transaction context. We need these
getters and the update function to alter the pki environment from the
transaction context.
@fewerner
feat: add pki environment getter to transaction context
70431a6 
This getter allows us to get the pki environment from the inner
transaction context assuming it was set before.
@fewerner
refactor: access via new pki environment type
95343b9
@fewerner
test: add DummyPkiEnvironmentHooks for tests
dcf3fc0
@fewerner
test: set the pki environment before registering CA
0feb875
@fewerner
feat: close the pki database
b6e5017 
Idb doesn't close the database on drop. Since the pki database can be
different from the cc database we close it explicitly on cc close. In
case it is the same database this call is idempotent.
@fewerner
refactor: remove unused code
24a4628
@fewerner
refactor!: e2ei_is_pki_env_setup via new pki type
476431a
@fewerner
test: fix test and unignore
75fa05c
@fewerner
test: update fixing ticket references
d16f678 
We still can't fix these without further refactoring. See WPB-22861
@fewerner
refactor: flatten getter logic
0c54042
@fewerner
feat(ffi): add PKI environment hooks shim
2d7423d 
This allows us to translate the callback trait between ffi and core
similar to mls transport.
@fewerner
feat(ffi)!: add functions to set and get the PKI environment
463f604
@fewerner
feat(ffi)!: add constructor for PkiEnvironment
52abb0d
@fewerner
feat(ffi): export public pki types
0635f25
@fewerner
feat(ffi/ts)!: add getter and setter for pkiEnvironment
f44a039
@fewerner
feat(ffi/ts): export new types
5035c33
@fewerner
test(ffi/ts): add default hooks to window
4f50fd7
@fewerner
test(ffi/ts): test setting and getting pki
bf407b9
@fewerner
feat(ffi/kotlin): add PKI environment getter and setter to CC
e57478a
@fewerner
test(ffi/kotlin): test setting and getting the pki
3717b23
@fewerner
feat(ffi/swift): add PKI environment getter and setter to CC
4061586
@fewerner
test(ffi/swift): test setting and getting the pki
43d6ddf
@fewerner
docs: changelog
9c50798
@fewerner fewerner force-pushed the felix/feat/pki-environment branch from e7a7a3b to 337e33c Compare January 23, 2026 17:47
@fewerner
docs(ts): ignore warnings about ubrn item not included in docs
3db87e7 
If it was possible to include them, we'd like to, but the generated
typescript module doesn't export them.
@fewerner fewerner force-pushed the felix/feat/pki-environment branch from 337e33c to 3db87e7 Compare January 23, 2026 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@istankovic istankovic istankovic left review comments

@coriolinus coriolinus coriolinus left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fewerner @istankovic @coriolinus