feat: expose explicit decrypt of remote attachments (#107)

Author: dmccartney

library/src/main/java/org/xmtp/android/library/codecs/RemoteAttachmentCodec.kt

@@ -41,26 +41,42 @@ data class RemoteAttachment(
             throw XMTPException("no remote attachment payload")
         }
 
-        if (Hash.sha256(payload).toHex() != contentDigest) {
-            throw XMTPException("contentDigest does not match")
-        }
-
-        val aes = Ciphertext.Aes256gcmHkdfsha256.newBuilder().also {
-            it.hkdfSalt = salt
-            it.gcmNonce = nonce
-            it.payload = payload.toByteString()
-        }.build()
-
-        val ciphertext = Ciphertext.newBuilder().also {
-            it.aes256GcmHkdfSha256 = aes
-        }.build()
+        val encrypted = EncryptedEncodedContent(
+            contentDigest,
+            secret,
+            salt,
+            nonce,
+            payload.toByteString(),
+            contentLength,
+            filename,
+        )
 
-        val decrypted = Crypto.decrypt(secret = secret.toByteArray(), ciphertext = ciphertext)
+        val decrypted = decryptEncoded(encrypted)
 
-        return EncodedContent.parseFrom(decrypted).decoded<T>()
+        return decrypted.decoded<T>()
     }
 
     companion object {
+        fun decryptEncoded(encrypted: EncryptedEncodedContent): EncodedContent {
+            if (Hash.sha256(encrypted.payload.toByteArray()).toHex() != encrypted.contentDigest) {
+                throw XMTPException("contentDigest does not match")
+            }
+
+            val aes = Ciphertext.Aes256gcmHkdfsha256.newBuilder().also {
+                it.hkdfSalt = encrypted.salt
+                it.gcmNonce = encrypted.nonce
+                it.payload = encrypted.payload
+            }.build()
+
+            val ciphertext = Ciphertext.newBuilder().also {
+                it.aes256GcmHkdfSha256 = aes
+            }.build()
+
+            val decrypted = Crypto.decrypt(encrypted.secret.toByteArray(), ciphertext)
+
+            return EncodedContent.parseFrom(decrypted)
+        }
+
         fun <T> encodeEncrypted(content: T, codec: ContentCodec<T>): EncryptedEncodedContent {
             val secret = SecureRandom().generateSeed(32)
             val encodedContent = codec.encode(content).toByteArray()

library/src/test/java/org/xmtp/android/library/RemoteAttachmentTest.kt

@@ -7,14 +7,38 @@ import org.junit.Ignore
 import org.junit.Test
 import org.xmtp.android.library.codecs.Attachment
 import org.xmtp.android.library.codecs.AttachmentCodec
+import org.xmtp.android.library.codecs.ContentTypeAttachment
 import org.xmtp.android.library.codecs.ContentTypeRemoteAttachment
 import org.xmtp.android.library.codecs.RemoteAttachment
 import org.xmtp.android.library.codecs.RemoteAttachmentCodec
+import org.xmtp.android.library.codecs.decoded
+import org.xmtp.android.library.codecs.id
 import org.xmtp.android.library.messages.walletAddress
 import java.io.File
 import java.net.URL
 
 class RemoteAttachmentTest {
+
+    @Test
+    fun testEncryptedContentShouldBeDecryptable() {
+        Client.register(codec = AttachmentCodec())
+        val attachment = Attachment(
+            filename = "test.txt",
+            mimeType = "text/plain",
+            data = "hello world".toByteStringUtf8(),
+        )
+
+        val encrypted = RemoteAttachment.encodeEncrypted(attachment, AttachmentCodec())
+
+        val decrypted = RemoteAttachment.decryptEncoded(encrypted)
+        Assert.assertEquals(ContentTypeAttachment.id, decrypted.type.id)
+
+        val decoded = decrypted.decoded<Attachment>()
+        Assert.assertEquals("test.txt", decoded?.filename)
+        Assert.assertEquals("text/plain", decoded?.mimeType)
+        Assert.assertEquals("hello world", decoded?.data?.toStringUtf8())
+    }
+
     @Test
     @Ignore
     fun testCanUseRemoteAttachmentCodec() {