From 001f8fa579b6c195d14c1746998c991296b56bde Mon Sep 17 00:00:00 2001
From: John Harrington <84741727+harr1424@users.noreply.github.com>
Date: Tue, 16 Sep 2025 10:22:05 -0700
Subject: [PATCH] PM-23906 Wrap sdk callsite with try/catch to handle errors
 appropriately (#16410)

* wrap sdk callsite in try/catch to handle error appropriately

`encryptService.decryptString()` calls code in the internal SDK which when provided an invalid
key returns `CryptoError::InvalidMac`. The originating callsite has been wrapped in a try/catch
in order to intercept the error and return false so that logic in parse() may return
a more appropriate error message in the UI.

* add unit test and explanatory comment

* remove misleading comment

* remove null comparison and unused variable
---
 .../bitwarden-password-protected-importer.spec.ts    | 12 ++++++++++++
 .../bitwarden-password-protected-importer.ts         | 10 ++++------
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.spec.ts b/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.spec.ts
index fc81adebcdc..7812cce2c05 100644
--- a/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.spec.ts
+++ b/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.spec.ts
@@ -136,5 +136,17 @@ describe("BitwardenPasswordProtectedImporter", () => {
       jDoc.data = null;
       expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
     });
+
+    it("returns invalidFilePassword errorMessage if decryptString throws", async () => {
+      encryptService.decryptString.mockImplementation(() => {
+        throw new Error("SDK error");
+      });
+      i18nService.t.mockReturnValue("invalidFilePassword");
+
+      const result = await importer.parse(JSON.stringify(jDoc));
+
+      expect(result.success).toBe(false);
+      expect(result.errorMessage).toBe("invalidFilePassword");
+    });
   });
 });
diff --git a/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.ts b/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.ts
index 02dedd98c75..7062089482d 100644
--- a/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.ts
+++ b/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.ts
@@ -90,14 +90,12 @@ export class BitwardenPasswordProtectedImporter extends BitwardenJsonImporter im
 
     const encKeyValidation = new EncString(jdoc.encKeyValidation_DO_NOT_EDIT);
 
-    const encKeyValidationDecrypt = await this.encryptService.decryptString(
-      encKeyValidation,
-      this.key,
-    );
-    if (encKeyValidationDecrypt === null) {
+    try {
+      await this.encryptService.decryptString(encKeyValidation, this.key);
+      return true;
+    } catch {
       return false;
     }
-    return true;
   }
 
   private cannotParseFile(jdoc: BitwardenPasswordProtectedFileFormat): boolean {