[PM-27230] Resolve sdk breaking changes; update account init and save signed public key (#17488)

* Update account init and save signed public key * Update sdk * Fix build * Fix types * Fix test * Fix test
2025-12-06 00:13:28 +00:00 · 2025-12-04 09:14:09 +01:00
parent 433c0ced32
commit 2ef84ca460
11 changed files with 110 additions and 34 deletions
--- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.spec.ts
+++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.spec.ts
@@ -1096,6 +1096,9 @@ describe("KeyRotationService", () => {
      mockKeyService.userSigningKey$.mockReturnValue(
        new BehaviorSubject(TEST_VECTOR_SIGNING_KEY_V2 as WrappedSigningKey),
      );
+      mockKeyService.userSignedPublicKey$.mockReturnValue(
+        new BehaviorSubject(TEST_VECTOR_SIGNED_PUBLIC_KEY_V2 as SignedPublicKey),
+      );
      mockSecurityStateService.accountSecurityState$.mockReturnValue(
        new BehaviorSubject(TEST_VECTOR_SECURITY_STATE_V2 as SignedSecurityState),
      );
@@ -1140,6 +1143,7 @@ describe("KeyRotationService", () => {
          publicKeyEncryptionKeyPair: {
            wrappedPrivateKey: TEST_VECTOR_PRIVATE_KEY_V2,
            publicKey: Utils.fromB64ToArray(TEST_VECTOR_PUBLIC_KEY_V2) as UnsignedPublicKey,
+            signedPublicKey: TEST_VECTOR_SIGNED_PUBLIC_KEY_V2 as SignedPublicKey,
          },
          signingKey: TEST_VECTOR_SIGNING_KEY_V2 as WrappedSigningKey,
          securityState: TEST_VECTOR_SECURITY_STATE_V2 as SignedSecurityState,
--- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
+++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
@@ -10,6 +10,7 @@ import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-st
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/key-management/device-trust/abstractions/device-trust.service.abstraction";
 import { SecurityStateService } from "@bitwarden/common/key-management/security-state/abstractions/security-state.service";
 import {
+  SignedPublicKey,
  SignedSecurityState,
  UnsignedPublicKey,
  WrappedPrivateKey,
@@ -308,9 +309,11 @@ export class UserKeyRotationService {
      userId: asUuid(userId),
      kdfParams: kdfConfig.toSdkConfig(),
      email: email,
-      privateKey: cryptographicStateParameters.publicKeyEncryptionKeyPair.wrappedPrivateKey,
-      signingKey: undefined,
-      securityState: undefined,
+      accountCryptographicState: {
+        V1: {
+          private_key: cryptographicStateParameters.publicKeyEncryptionKeyPair.wrappedPrivateKey,
+        },
+      },
      method: {
        decryptedKey: { decrypted_user_key: cryptographicStateParameters.userKey.toBase64() },
      },
@@ -334,9 +337,15 @@ export class UserKeyRotationService {
      userId: asUuid(userId),
      kdfParams: kdfConfig.toSdkConfig(),
      email: email,
-      privateKey: cryptographicStateParameters.publicKeyEncryptionKeyPair.wrappedPrivateKey,
-      signingKey: cryptographicStateParameters.signingKey,
-      securityState: cryptographicStateParameters.securityState,
+      accountCryptographicState: {
+        V2: {
+          private_key: cryptographicStateParameters.publicKeyEncryptionKeyPair.wrappedPrivateKey,
+          signing_key: cryptographicStateParameters.signingKey,
+          security_state: cryptographicStateParameters.securityState,
+          signed_public_key:
+            cryptographicStateParameters.publicKeyEncryptionKeyPair.signedPublicKey,
+        },
+      },
      method: {
        decryptedKey: { decrypted_user_key: cryptographicStateParameters.userKey.toBase64() },
      },
@@ -632,6 +641,10 @@ export class UserKeyRotationService {
        this.securityStateService.accountSecurityState$(user.id),
        "User security state",
      );
+      const signedPublicKey = await this.firstValueFromOrThrow(
+        this.keyService.userSignedPublicKey$(user.id),
+        "User signed public key",
+      );

      return {
        masterKeyKdfConfig,
@@ -642,6 +655,7 @@ export class UserKeyRotationService {
          publicKeyEncryptionKeyPair: {
            wrappedPrivateKey: currentUserKeyWrappedPrivateKey,
            publicKey: publicKey,
+            signedPublicKey: signedPublicKey!,
          },
          signingKey: signingKey!,
          securityState: securityState!,
@@ -679,6 +693,7 @@ export type V2CryptographicStateParameters = {
  publicKeyEncryptionKeyPair: {
    wrappedPrivateKey: WrappedPrivateKey;
    publicKey: UnsignedPublicKey;
+    signedPublicKey: SignedPublicKey;
  };
  signingKey: WrappedSigningKey;
  securityState: SignedSecurityState;