Add GetEventShield to language bindings (#182)

Support for checking the event shield from tests.

Author: richvdh

internal/api/client.go

@@ -55,6 +55,8 @@ type Client interface {
 	Backpaginate(t ct.TestLike, roomID string, count int) error
 	// GetEvent will return the client's view of this event, or returns an error if the event cannot be found.
 	GetEvent(t ct.TestLike, roomID, eventID string) (*Event, error)
+	// GetEventShield will return the "shield state" for this event, or `nil` if the event should have no shield, or an error if the event cannot be found.
+	GetEventShield(t ct.TestLike, roomID, eventID string) (*EventShield, error)
 	// BackupKeys will backup E2EE keys, else return an error.
 	BackupKeys(t ct.TestLike) (recoveryKey string, err error)
 	// LoadBackup will recover E2EE keys from the latest backup, else return an error.
@@ -366,6 +368,11 @@ type Event struct {
 	FailedToDecrypt bool
 }
 
+type EventShield struct {
+	Colour string // "Red" or "Grey"
+	Code   string // "VerificationViolation" or similar
+}
+
 type Waiter interface {
 	// Wait for something to happen, up until the timeout s. If nothing happens,
 	// fail the test with the formatted string provided.

internal/api/js/js.go

@@ -551,6 +551,102 @@ func (c *JSClient) GetEvent(t ct.TestLike, roomID, eventID string) (*api.Event,
 	return ev, nil
 }
 
+func (c *JSClient) GetEventShield(t ct.TestLike, roomID, eventID string) (*api.EventShield, error) {
+	t.Helper()
+	// Serialized output:
+	//
+	// {
+	//    shieldColour: 0 | 1 | 2,  // NONE | GREY | RED
+	//    shieldReason: 0 ... 7
+	// }
+	encryptionInfoSerialised, err := chrome.RunAsyncFn[string](t, c.browser.Ctx, fmt.Sprintf(`
+		const ev = window.__client.getRoom("%s")?.getLiveTimeline()?.getEvents().filter((ev, i) => {
+			return ev.getId() === "%s";
+		})[0];
+		const encryptionInfo = await window.__client.getCrypto().getEncryptionInfoForEvent(ev);
+		return JSON.stringify(encryptionInfo);
+	`, roomID, eventID))
+	if err != nil {
+		return nil, fmt.Errorf("failed to get shield for event %s: %s", eventID, err)
+	}
+
+	var encryptionInfo struct {
+		ShieldColour uint `json:"shieldColour"`
+		ShieldReason uint `json:"shieldReason"`
+	}
+
+	if err := json.Unmarshal([]byte(*encryptionInfoSerialised), &encryptionInfo); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal encryption info: %s", err)
+	}
+
+	if encryptionInfo.ShieldColour == 0 {
+		// No shield
+		return nil, nil
+	}
+
+	var eventShield api.EventShield
+	switch encryptionInfo.ShieldColour {
+	case 1:
+		eventShield.Colour = "grey"
+	case 2:
+		eventShield.Colour = "red"
+	default:
+		return nil, fmt.Errorf("unknown shield colour: %d", encryptionInfo.ShieldColour)
+	}
+
+	switch encryptionInfo.ShieldReason {
+	case 0:
+		/** An unknown reason from the crypto library (if you see this, it is a bug in matrix-js-sdk). */
+		eventShield.Code = "Unknown"
+
+	case 1:
+		/** "Encrypted by an unverified user." */
+		eventShield.Code = "UnverifiedIdentity"
+
+	case 2:
+		/** "Encrypted by a device not verified by its owner." */
+		eventShield.Code = "UnsignedDevice"
+
+	case 3:
+		/** "Encrypted by an unknown or deleted device." */
+		eventShield.Code = "UnknownDevice"
+
+	case 4:
+		/**
+		 * "The authenticity of this encrypted message can't be guaranteed on this device."
+		 *
+		 * i.e.: the key has been forwarded, or retrieved from an insecure backup.
+		 */
+		eventShield.Code = "AuthenticityNotGuaranteed"
+
+	case 5:
+		/**
+		 * The (deprecated) sender_key field in the event does not match the Ed25519 key of the device that sent us the
+		 * decryption keys.
+		 *
+		 * No longer used with rust crypto stack, since it doesn't check the sender_key field.
+		 */
+		eventShield.Code = "MismatchedSenderKey"
+
+	case 6:
+		/**
+		 * The event was sent unencrypted in an encrypted room.
+		 */
+		eventShield.Code = "SentInClear"
+
+	case 7:
+		/**
+		 * The sender was previously verified but changed their identity.
+		 */
+		eventShield.Code = "VerificationViolation"
+
+	default:
+		return nil, fmt.Errorf("unknown shield reason code: %d", encryptionInfo.ShieldReason)
+	}
+
+	return &eventShield, nil
+}
+
 // StartSyncing to begin syncing from sync v2 / sliding sync.
 // Tests should call stopSyncing() at the end of the test.
 func (c *JSClient) StartSyncing(t ct.TestLike) (stopSyncing func(), err error) {

internal/api/rust/rust.go

@@ -2,6 +2,8 @@ package rust
 
 import (
 	"fmt"
+	"github.com/matrix-org/complement-crypto/internal/api/rust/matrix_sdk_common"
+	"log"
 	"os"
 	"path/filepath"
 	"strings"
@@ -339,6 +341,60 @@ func (c *RustClient) GetEvent(t ct.TestLike, roomID, eventID string) (*api.Event
 	return ev, nil
 }
 
+func (c *RustClient) GetEventShield(t ct.TestLike, roomID, eventID string) (*api.EventShield, error) {
+	t.Helper()
+	room := c.findRoom(t, roomID)
+	timelineItem, err := mustGetTimeline(t, room).GetEventTimelineItemByEventId(eventID)
+	if err != nil {
+		return nil, fmt.Errorf("failed to GetEventTimelineItemByEventId(%s): %s", eventID, err)
+	}
+	shieldState := timelineItem.LazyProvider.GetShields(false)
+
+	codeToString := func(code matrix_sdk_common.ShieldStateCode) string {
+		var result string
+		switch code {
+		case matrix_sdk_common.ShieldStateCodeAuthenticityNotGuaranteed:
+			result = "AuthenticityNotGuaranteed"
+		case matrix_sdk_common.ShieldStateCodeUnknownDevice:
+			result = "UnknownDevice"
+		case matrix_sdk_common.ShieldStateCodeUnsignedDevice:
+			result = "UnsignedDevice"
+		case matrix_sdk_common.ShieldStateCodeUnverifiedIdentity:
+			result = "UnverifiedIdentity"
+		case matrix_sdk_common.ShieldStateCodeSentInClear:
+			result = "SentInClear"
+		case matrix_sdk_common.ShieldStateCodeVerificationViolation:
+			result = "VerificationViolation"
+		default:
+			log.Panicf("Unknown shield code %d", code)
+		}
+		return result
+	}
+
+	var eventShield *api.EventShield
+
+	if shieldState != nil {
+		shield := *shieldState
+		switch shield.(type) {
+		case matrix_sdk_ffi.ShieldStateNone:
+			// no-op
+
+		case matrix_sdk_ffi.ShieldStateGrey:
+			eventShield = &api.EventShield{
+				Colour: "grey",
+				Code:   codeToString(shield.(matrix_sdk_ffi.ShieldStateGrey).Code),
+			}
+
+		case matrix_sdk_ffi.ShieldStateRed:
+			eventShield = &api.EventShield{
+				Colour: "red",
+				Code:   codeToString(shield.(matrix_sdk_ffi.ShieldStateRed).Code),
+			}
+		}
+	}
+	return eventShield, nil
+}
+
 // StartSyncing to begin syncing from sync v2 / sliding sync.
 // Tests should call stopSyncing() at the end of the test.
 func (c *RustClient) StartSyncing(t ct.TestLike) (stopSyncing func(), err error) {

internal/deploy/rpc/client.go

@@ -294,6 +294,17 @@ func (c *RPCClient) GetEvent(t ct.TestLike, roomID, eventID string) (*api.Event,
 	return &ev, err
 }
 
+// GetEventShield will return the "shield state" for this event, or `nil` if the event should have no shield, or an error if the event cannot be found.
+func (c *RPCClient) GetEventShield(t ct.TestLike, roomID, eventID string) (*api.EventShield, error) {
+	var shield *api.EventShield
+	err := c.client.Call("Server.GetEventShield", RPCGetEvent{
+		TestName: t.Name(),
+		RoomID:   roomID,
+		EventID:  eventID,
+	}, &shield)
+	return shield, err
+}
+
 // BackupKeys will backup E2EE keys, else return an error.
 func (c *RPCClient) BackupKeys(t ct.TestLike) (recoveryKey string, err error) {
 	err = c.client.Call("Server.BackupKeys", 0, &recoveryKey)

internal/deploy/rpc/server.go

@@ -269,6 +269,17 @@ func (s *Server) GetEvent(input RPCGetEvent, output *api.Event) error {
 	return nil
 }
 
+// GetEventShield will return the "shield state" for this event, or `nil` if the event should have no shield, or an error if the event cannot be found.
+func (s *Server) GetEventShield(input RPCGetEvent, output **api.EventShield) error {
+	defer s.keepAlive()
+	shield, err := s.activeClient.GetEventShield(&api.MockT{TestName: input.TestName}, input.RoomID, input.EventID)
+	if err != nil {
+		return err
+	}
+	*output = shield
+	return nil
+}
+
 // BackupKeys will backup E2EE keys, else fail the test.
 func (s *Server) BackupKeys(testName string, recoveryKey *string) error {
 	defer s.keepAlive()