Added an ability to allow attester search only for domains.| #1827

[DenBond7]

This PR added an ability to allow attester search only for domains

close #1827

---

Tests (delete all except exactly one):

• Tests added or updated

---

To be filled by reviewers

I have reviewed that this PR... (tick whichever items you personally focused on during this review):

• addresses the issue it closes (if any)
• code is readable and understandable
• is accompanied with tests, or tests are not needed
• is free of vulnerabilities

[tomholub]

looks good, but see comment - there are now two ways to disable attester completely

Eventually we'll remove the * method

What exactly does disallowLookupOnAttester do that canLookupThisRecipientOnAttester wouldn't already do?

[tomholub]

Also add (original condition) || (allowAttesterSearchOnlyForDomains != null && allowAttesterSearchOnlyForDomains.isEmpty)

[DenBond7]

Eventually we'll remove the * method

Maybe will be better to remove disallowLookupOnAttester in that case. Please look at #1831 (comment)

[tomholub]

What exactly does disallowLookupOnAttester do that canLookupThisRecipientOnAttester wouldn't already do?

maybe that's for fingerprint lookup, but do we still support that?

[DenBond7]

maybe that's for fingerprint lookup, but do we still support that?

@tomholub we use this code here

flowcrypt-android/FlowCrypt/src/main/java/com/flowcrypt/email/api/retrofit/FlowcryptApiRepository.kt

Line 168 in 3d76f42

} else if (orgRules?.disallowLookupOnAttester() == true) {

      if (identData.isValidEmail()) {
        val wkdResult = getResult(requestCode = requestCode) {
          val pgpPublicKeyRingCollection = WkdClient.lookupEmail(context, identData)

          //For now, we just peak at the first matching key. It should be improved inthe future.
          // See more details here https://github.com/FlowCrypt/flowcrypt-android/issues/480
          val firstMatchingKey = pgpPublicKeyRingCollection?.firstOrNull {
            KeyRingInfo(it)
              .getEncryptionSubkeys(EncryptionPurpose.ANY)
              .isNotEmpty()
          }
          firstMatchingKey?.armor()?.let { armoredPubKey ->
            Response.success(armoredPubKey)
          } ?: Response.error(HttpURLConnection.HTTP_NOT_FOUND, "Not found".toResponseBody())
        }

        if (wkdResult.status == Result.Status.SUCCESS && wkdResult.data?.isNotEmpty() == true) {
          return@withContext resultWrapperFun(wkdResult)
        }

        if (orgRules?.canLookupThisRecipientOnAttester(identData) == false) {
          return@withContext Result.success(
            requestCode = requestCode,
            data = PubResponse(null, null)
          )
        }
      } else if (orgRules?.disallowLookupOnAttester() == true) { // <------- HERE
        return@withContext Result.success(
          requestCode = requestCode,
          data = PubResponse(null, null)
        )
      }

      val apiService = ApiHelper.getInstance(context).retrofit.create(ApiService::class.java)
      val result = getResult(requestCode = requestCode) { apiService.getPubFromAttester(identData) }
      return@withContext resultWrapperFun(result)

But maybe it's not relevant today. It may relay to the following #1399 and #1201 (comment)

[tomholub]

I suspect maybe this branch is never called anymore

      } else if (orgRules?.disallowLookupOnAttester() == true) { // <------- HERE
        return@withContext Result.success(
          requestCode = requestCode,
          data = PubResponse(null, null)
        )
      }

because when getting updated public keys, we no longer do it by fingerprint. We search them again on email, regardless of source (wkd or attester). I don't think we have any search by fingerprint functionality in the app anymore.

[DenBond7]

I don't think we have any search by fingerprint functionality in the app anymore.

Agree. Currently we have identData = email over the whole app