refactor makeShareKey to be more clear its for orgs

2024-11-26 12:25:20 +01:00 · 2023-06-27 09:05:57 -04:00 · 2023-06-27 09:05:57 -04:00 · 1e8dde81b7
commit 1e8dde81b7
parent f1761c6afc
6 changed files with 31 additions and 25 deletions
--- a/apps/web/src/app/auth/accept-organization.component.ts
+++ b/apps/web/src/app/auth/accept-organization.component.ts
@ -18,6 +18,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { OrgKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";

 import { BaseAcceptComponent } from "../common/base.accept.component";

@ -108,16 +109,14 @@ export class AcceptOrganizationComponent extends BaseAcceptComponent {
    const request = new OrganizationUserAcceptInitRequest();
    request.token = qParams.token;

-    const [encryptedOrgShareKey, orgShareKey] = await this.cryptoService.makeShareKey();
-    const [orgPublicKey, encryptedOrgPrivateKey] = await this.cryptoService.makeKeyPair(
-      orgShareKey
-    );
+    const [encryptedOrgKey, orgKey] = await this.cryptoService.makeOrgKey<OrgKey>();
+    const [orgPublicKey, encryptedOrgPrivateKey] = await this.cryptoService.makeKeyPair(orgKey);
    const collection = await this.cryptoService.encrypt(
      this.i18nService.t("defaultCollection"),
-      orgShareKey
+      orgKey
    );

-    request.key = encryptedOrgShareKey.encryptedString;
+    request.key = encryptedOrgKey.encryptedString;
    request.keys = new OrganizationKeysRequest(
      orgPublicKey,
      encryptedOrgPrivateKey.encryptedString
--- a/apps/web/src/app/billing/settings/organization-plans.component.ts
+++ b/apps/web/src/app/billing/settings/organization-plans.component.ts
@ -29,7 +29,10 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import {
+  OrgKey,
+  SymmetricCryptoKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";

 import { PaymentComponent } from "./payment.component";
@ -339,19 +342,19 @@ export class OrganizationPlansComponent implements OnInit, OnDestroy {
      const doSubmit = async (): Promise<string> => {
        let orgId: string = null;
        if (this.createOrganization) {
-          const shareKey = await this.cryptoService.makeShareKey();
-          const key = shareKey[0].encryptedString;
+          const orgKey = await this.cryptoService.makeOrgKey<OrgKey>();
+          const key = orgKey[0].encryptedString;
          const collection = await this.cryptoService.encrypt(
            this.i18nService.t("defaultCollection"),
-            shareKey[1]
+            orgKey[1]
          );
          const collectionCt = collection.encryptedString;
-          const orgKeys = await this.cryptoService.makeKeyPair(shareKey[1]);
+          const orgKeys = await this.cryptoService.makeKeyPair(orgKey[1]);

          if (this.selfHosted) {
            orgId = await this.createSelfHosted(key, collectionCt, orgKeys);
          } else {
-            orgId = await this.createCloudHosted(key, collectionCt, orgKeys, shareKey[1]);
+            orgId = await this.createCloudHosted(key, collectionCt, orgKeys, orgKey[1]);
          }

          this.platformUtilsService.showToast(
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts
@ -8,6 +8,7 @@ import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.se
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
+import { ProviderKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";

@Component({
@ -78,8 +79,8 @@ export class SetupComponent implements OnInit {

  async doSubmit() {
    try {
-      const shareKey = await this.cryptoService.makeShareKey();
-      const key = shareKey[0].encryptedString;
+      const providerKey = await this.cryptoService.makeOrgKey<ProviderKey>();
+      const key = providerKey[0].encryptedString;

      const request = new ProviderSetupRequest();
      request.name = this.name;
--- a/libs/common/src/platform/abstractions/crypto.service.ts
+++ b/libs/common/src/platform/abstractions/crypto.service.ts
@ -9,6 +9,7 @@ import {
  MasterKey,
  OrgKey,
  PinKey,
+  ProviderKey,
  SymmetricCryptoKey,
  UserKey,
 } from "../models/domain/symmetric-crypto-key";
@ -221,11 +222,11 @@ export abstract class CryptoService {
   * @param providerId The desired provider
   * @returns The provider's symmetric key
   */
-  getProviderKey: (providerId: string) => Promise<SymmetricCryptoKey>;
+  getProviderKey: (providerId: string) => Promise<ProviderKey>;
  /**
   * @returns A map of the provider Ids to their symmetric keys
   */
-  getProviderKeys: () => Promise<Map<string, SymmetricCryptoKey>>;
+  getProviderKeys: () => Promise<Map<string, ProviderKey>>;
  /**
   * @param memoryOnly Clear only the in-memory keys
   * @param userId The desired user
@ -238,10 +239,10 @@ export abstract class CryptoService {
   */
  getPublicKey: () => Promise<ArrayBuffer>;
  /**
-   * Create's a new 64 byte key and encrypts it with the user's public key
+   * Creates a new 64 byte key and encrypts it with the user's public key
   * @returns The new encrypted share key and the decrypted key itself
   */
-  makeShareKey: () => Promise<[EncString, SymmetricCryptoKey]>;
+  makeOrgKey: <T extends OrgKey | ProviderKey>() => Promise<[EncString, T]>;
  /**
   * Sets the the user's encrypted private key in storage and
   * clears the decrypted private key from memory
--- a/libs/common/src/platform/models/domain/symmetric-crypto-key.ts
+++ b/libs/common/src/platform/models/domain/symmetric-crypto-key.ts
@ -82,3 +82,4 @@ export type UserKey = Opaque<SymmetricCryptoKey, "UserKey">;
 export type MasterKey = Opaque<SymmetricCryptoKey, "MasterKey">;
 export type PinKey = Opaque<SymmetricCryptoKey, "PinKey">;
 export type OrgKey = Opaque<SymmetricCryptoKey, "OrgKey">;
+export type ProviderKey = Opaque<SymmetricCryptoKey, "ProviderKey">;
--- a/libs/common/src/platform/services/crypto.service.ts
+++ b/libs/common/src/platform/services/crypto.service.ts
@ -30,6 +30,7 @@ import {
  MasterKey,
  OrgKey,
  PinKey,
+  ProviderKey,
  SymmetricCryptoKey,
  UserKey,
 } from "../models/domain/symmetric-crypto-key";
@ -364,7 +365,7 @@ export class CryptoService implements CryptoServiceAbstraction {
    return await this.stateService.setEncryptedProviderKeys(providerKeys);
  }

-  async getProviderKey(providerId: string): Promise<SymmetricCryptoKey> {
+  async getProviderKey(providerId: string): Promise<ProviderKey> {
    if (providerId == null) {
      return null;
    }
@ -378,11 +379,11 @@ export class CryptoService implements CryptoServiceAbstraction {
  }

  @sequentialize(() => "getProviderKeys")
-  async getProviderKeys(): Promise<Map<string, SymmetricCryptoKey>> {
-    const providerKeys: Map<string, SymmetricCryptoKey> = new Map<string, SymmetricCryptoKey>();
+  async getProviderKeys(): Promise<Map<string, ProviderKey>> {
+    const providerKeys: Map<string, ProviderKey> = new Map<string, ProviderKey>();
    const decryptedProviderKeys = await this.stateService.getDecryptedProviderKeys();
    if (decryptedProviderKeys != null && decryptedProviderKeys.size > 0) {
-      return decryptedProviderKeys;
+      return decryptedProviderKeys as Map<string, ProviderKey>;
    }

    const encProviderKeys = await this.stateService.getEncryptedProviderKeys();
@ -399,7 +400,7 @@ export class CryptoService implements CryptoServiceAbstraction {
      }

      const decValue = await this.rsaDecrypt(encProviderKeys[orgId]);
-      providerKeys.set(orgId, new SymmetricCryptoKey(decValue));
+      providerKeys.set(orgId, new SymmetricCryptoKey(decValue) as ProviderKey);
      setKey = true;
    }

@ -433,11 +434,11 @@ export class CryptoService implements CryptoServiceAbstraction {
    return publicKey;
  }

-  async makeShareKey(): Promise<[EncString, SymmetricCryptoKey]> {
+  async makeOrgKey<T extends OrgKey | ProviderKey>(): Promise<[EncString, T]> {
    const shareKey = await this.cryptoFunctionService.randomBytes(64);
    const publicKey = await this.getPublicKey();
    const encShareKey = await this.rsaEncrypt(shareKey, publicKey);
-    return [encShareKey, new SymmetricCryptoKey(shareKey)];
+    return [encShareKey, new SymmetricCryptoKey(shareKey) as T];
  }

  async setPrivateKey(encPrivateKey: string): Promise<void> {