[PM-5533] migrate provider keys (#7649)

* Provide RSA encryption in encrypt service * Define state for provider keys * Require cryptoService This is temporary until cryptoService has an observable active user private key. We don't want promise-based values in derive functions * Update crypto service provider keys to observables * Remove provider keys from state service * Migrate provider keys out of state account object * Correct Provider key state types * Prefix migration with current version number
2025-12-23 11:43:46 +00:00 · 2024-01-29 16:53:01 -05:00
parent c199f02d44
commit 3a9dead640
16 changed files with 485 additions and 118 deletions
--- a/libs/common/src/platform/services/key-state/provider-keys.state.ts
+++ b/libs/common/src/platform/services/key-state/provider-keys.state.ts
@@ -0,0 +1,45 @@
+import { ProviderId } from "../../../types/guid";
+import { ProviderKey } from "../../../types/key";
+import { EncryptService } from "../../abstractions/encrypt.service";
+import { EncString, EncryptedString } from "../../models/domain/enc-string";
+import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key";
+import { KeyDefinition, CRYPTO_DISK, DeriveDefinition } from "../../state";
+import { CryptoService } from "../crypto.service";
+
+export const USER_ENCRYPTED_PROVIDER_KEYS = KeyDefinition.record<EncryptedString, ProviderId>(
+  CRYPTO_DISK,
+  "providerKeys",
+  {
+    deserializer: (obj) => obj,
+  },
+);
+
+export const USER_PROVIDER_KEYS = DeriveDefinition.from<
+  Record<ProviderId, EncryptedString>,
+  Record<ProviderId, ProviderKey>,
+  { encryptService: EncryptService; cryptoService: CryptoService } // TODO: This should depend on an active user private key observable directly
+>(USER_ENCRYPTED_PROVIDER_KEYS, {
+  deserializer: (obj) => {
+    const result: Record<ProviderId, ProviderKey> = {};
+    for (const providerId of Object.keys(obj ?? {}) as ProviderId[]) {
+      result[providerId] = SymmetricCryptoKey.fromJSON(obj[providerId]) as ProviderKey;
+    }
+    return result;
+  },
+  derive: async (from, { encryptService, cryptoService }) => {
+    const result: Record<ProviderId, ProviderKey> = {};
+    for (const providerId of Object.keys(from ?? {}) as ProviderId[]) {
+      if (result[providerId] != null) {
+        continue;
+      }
+      const encrypted = new EncString(from[providerId]);
+      const privateKey = await cryptoService.getPrivateKey();
+      const decrypted = await encryptService.rsaDecrypt(encrypted, privateKey);
+      const providerKey = new SymmetricCryptoKey(decrypted) as ProviderKey;
+
+      result[providerId] = providerKey;
+    }
+
+    return result;
+  },
+});