diff --git a/libs/common/src/platform/services/key-state/org-keys.state.spec.ts b/libs/common/src/platform/services/key-state/org-keys.state.spec.ts index 98e0139cc4d..79f24b61bb7 100644 --- a/libs/common/src/platform/services/key-state/org-keys.state.spec.ts +++ b/libs/common/src/platform/services/key-state/org-keys.state.spec.ts @@ -1,11 +1,6 @@ -import { mock } from "jest-mock-extended"; +import { makeEncString } from "../../../../spec"; -import { makeEncString, makeStaticByteArray } from "../../../../spec"; -import { OrgKey, UserPrivateKey } from "../../../types/key"; -import { EncryptService } from "../../abstractions/encrypt.service"; -import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key"; - -import { USER_ENCRYPTED_ORGANIZATION_KEYS, USER_ORGANIZATION_KEYS } from "./org-keys.state"; +import { USER_ENCRYPTED_ORGANIZATION_KEYS } from "./org-keys.state"; describe("encrypted org keys", () => { const sut = USER_ENCRYPTED_ORGANIZATION_KEYS; @@ -28,85 +23,3 @@ describe("encrypted org keys", () => { expect(result).toEqual(encryptedOrgKeys); }); }); - -describe("derived decrypted org keys", () => { - const encryptService = mock(); - const userPrivateKey = makeStaticByteArray(64, 3) as UserPrivateKey; - const sut = USER_ORGANIZATION_KEYS; - - afterEach(() => { - jest.resetAllMocks(); - }); - - it("should deserialize org keys", async () => { - const decryptedOrgKeys = { - "org-id-1": new SymmetricCryptoKey(makeStaticByteArray(64, 1)) as OrgKey, - "org-id-2": new SymmetricCryptoKey(makeStaticByteArray(64, 2)) as OrgKey, - }; - - const result = sut.deserialize(JSON.parse(JSON.stringify(decryptedOrgKeys))); - - expect(result).toEqual(decryptedOrgKeys); - }); - - it("should derive org keys", async () => { - const encryptedOrgKeys = { - "org-id-1": { - type: "organization", - key: makeEncString().encryptedString, - }, - "org-id-2": { - type: "organization", - key: makeEncString().encryptedString, - }, - }; - - const decryptedOrgKeys = { - "org-id-1": new SymmetricCryptoKey(makeStaticByteArray(64, 1)) as OrgKey, - "org-id-2": new SymmetricCryptoKey(makeStaticByteArray(64, 2)) as OrgKey, - }; - - // TODO: How to not have to mock these decryptions. They are internal concerns of EncryptedOrganizationKey - encryptService.rsaDecrypt.mockResolvedValueOnce(decryptedOrgKeys["org-id-1"].key); - encryptService.rsaDecrypt.mockResolvedValueOnce(decryptedOrgKeys["org-id-2"].key); - - const result = await sut.derive([encryptedOrgKeys, userPrivateKey, {}], { encryptService }); - - expect(result).toEqual(decryptedOrgKeys); - }); - - it("should derive org keys from providers", async () => { - const encryptedOrgKeys = { - "org-id-1": { - type: "provider", - key: makeEncString().encryptedString, - providerId: "provider-id-1", - }, - "org-id-2": { - type: "provider", - key: makeEncString().encryptedString, - providerId: "provider-id-2", - }, - }; - - const providerKeys = { - "provider-id-1": new SymmetricCryptoKey(makeStaticByteArray(64, 1)), - "provider-id-2": new SymmetricCryptoKey(makeStaticByteArray(64, 2)), - }; - - const decryptedOrgKeys = { - "org-id-1": new SymmetricCryptoKey(makeStaticByteArray(64, 1)) as OrgKey, - "org-id-2": new SymmetricCryptoKey(makeStaticByteArray(64, 2)) as OrgKey, - }; - - // TODO: How to not have to mock these decryptions. They are internal concerns of ProviderEncryptedOrganizationKey - encryptService.decryptToBytes.mockResolvedValueOnce(decryptedOrgKeys["org-id-1"].key); - encryptService.decryptToBytes.mockResolvedValueOnce(decryptedOrgKeys["org-id-2"].key); - - const result = await sut.derive([encryptedOrgKeys, userPrivateKey, providerKeys], { - encryptService, - }); - - expect(result).toEqual(decryptedOrgKeys); - }); -}); diff --git a/libs/common/src/platform/services/key-state/org-keys.state.ts b/libs/common/src/platform/services/key-state/org-keys.state.ts index 8a42e242b12..81cf3411f11 100644 --- a/libs/common/src/platform/services/key-state/org-keys.state.ts +++ b/libs/common/src/platform/services/key-state/org-keys.state.ts @@ -1,10 +1,6 @@ import { EncryptedOrganizationKeyData } from "../../../admin-console/models/data/encrypted-organization-key.data"; -import { BaseEncryptedOrganizationKey } from "../../../admin-console/models/domain/encrypted-organization-key"; -import { OrganizationId, ProviderId } from "../../../types/guid"; -import { OrgKey, ProviderKey, UserPrivateKey } from "../../../types/key"; -import { EncryptService } from "../../abstractions/encrypt.service"; -import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key"; -import { CRYPTO_DISK, CRYPTO_MEMORY, DeriveDefinition, UserKeyDefinition } from "../../state"; +import { OrganizationId } from "../../../types/guid"; +import { CRYPTO_DISK, UserKeyDefinition } from "../../state"; export const USER_ENCRYPTED_ORGANIZATION_KEYS = UserKeyDefinition.record< EncryptedOrganizationKeyData, @@ -13,42 +9,3 @@ export const USER_ENCRYPTED_ORGANIZATION_KEYS = UserKeyDefinition.record< deserializer: (obj) => obj, clearOn: ["logout"], }); - -export const USER_ORGANIZATION_KEYS = new DeriveDefinition< - [ - Record, - UserPrivateKey, - Record, - ], - Record, - { encryptService: EncryptService } ->(CRYPTO_MEMORY, "organizationKeys", { - deserializer: (obj) => { - const result: Record = {}; - for (const orgId of Object.keys(obj ?? {}) as OrganizationId[]) { - result[orgId] = SymmetricCryptoKey.fromJSON(obj[orgId]) as OrgKey; - } - return result; - }, - derive: async ([encryptedOrgKeys, privateKey, providerKeys], { encryptService }) => { - const result: Record = {}; - for (const orgId of Object.keys(encryptedOrgKeys ?? {}) as OrganizationId[]) { - if (result[orgId] != null) { - continue; - } - const encrypted = BaseEncryptedOrganizationKey.fromData(encryptedOrgKeys[orgId]); - - let decrypted: OrgKey; - - if (BaseEncryptedOrganizationKey.isProviderEncrypted(encrypted)) { - decrypted = await encrypted.decrypt(encryptService, providerKeys); - } else { - decrypted = await encrypted.decrypt(encryptService, privateKey); - } - - result[orgId] = decrypted; - } - - return result; - }, -}); diff --git a/libs/common/src/platform/services/key-state/provider-keys.state.spec.ts b/libs/common/src/platform/services/key-state/provider-keys.state.spec.ts index ca84d4a6ea1..a8be2893e7d 100644 --- a/libs/common/src/platform/services/key-state/provider-keys.state.spec.ts +++ b/libs/common/src/platform/services/key-state/provider-keys.state.spec.ts @@ -1,13 +1,6 @@ -import { mock } from "jest-mock-extended"; +import { makeEncString } from "../../../../spec"; -import { makeEncString, makeStaticByteArray } from "../../../../spec"; -import { ProviderId } from "../../../types/guid"; -import { ProviderKey, UserPrivateKey } from "../../../types/key"; -import { EncryptService } from "../../abstractions/encrypt.service"; -import { EncryptedString } from "../../models/domain/enc-string"; -import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key"; - -import { USER_ENCRYPTED_PROVIDER_KEYS, USER_PROVIDER_KEYS } from "./provider-keys.state"; +import { USER_ENCRYPTED_PROVIDER_KEYS } from "./provider-keys.state"; describe("encrypted provider keys", () => { const sut = USER_ENCRYPTED_PROVIDER_KEYS; @@ -23,51 +16,3 @@ describe("encrypted provider keys", () => { expect(result).toEqual(encryptedProviderKeys); }); }); - -describe("derived decrypted provider keys", () => { - const encryptService = mock(); - const userPrivateKey = makeStaticByteArray(64, 0) as UserPrivateKey; - const sut = USER_PROVIDER_KEYS; - - afterEach(() => { - jest.resetAllMocks(); - }); - - it("should deserialize provider keys", async () => { - const decryptedProviderKeys = { - "provider-id-1": new SymmetricCryptoKey(makeStaticByteArray(64, 1)) as ProviderKey, - "provider-id-2": new SymmetricCryptoKey(makeStaticByteArray(64, 2)) as ProviderKey, - }; - - const result = sut.deserialize(JSON.parse(JSON.stringify(decryptedProviderKeys))); - - expect(result).toEqual(decryptedProviderKeys); - }); - - it("should derive provider keys", async () => { - const encryptedProviderKeys = { - "provider-id-1": makeEncString().encryptedString, - "provider-id-2": makeEncString().encryptedString, - }; - - const decryptedProviderKeys = { - "provider-id-1": new SymmetricCryptoKey(makeStaticByteArray(64, 1)) as ProviderKey, - "provider-id-2": new SymmetricCryptoKey(makeStaticByteArray(64, 2)) as ProviderKey, - }; - - encryptService.rsaDecrypt.mockResolvedValueOnce(decryptedProviderKeys["provider-id-1"].key); - encryptService.rsaDecrypt.mockResolvedValueOnce(decryptedProviderKeys["provider-id-2"].key); - - const result = await sut.derive([encryptedProviderKeys, userPrivateKey], { encryptService }); - - expect(result).toEqual(decryptedProviderKeys); - }); - - it("should handle null input values", async () => { - const encryptedProviderKeys: Record = null; - - const result = await sut.derive([encryptedProviderKeys, userPrivateKey], { encryptService }); - - expect(result).toEqual({}); - }); -}); diff --git a/libs/common/src/platform/services/key-state/provider-keys.state.ts b/libs/common/src/platform/services/key-state/provider-keys.state.ts index dfda71be213..c0d9e3a1eab 100644 --- a/libs/common/src/platform/services/key-state/provider-keys.state.ts +++ b/libs/common/src/platform/services/key-state/provider-keys.state.ts @@ -1,9 +1,6 @@ import { ProviderId } from "../../../types/guid"; -import { ProviderKey, UserPrivateKey } from "../../../types/key"; -import { EncryptService } from "../../abstractions/encrypt.service"; -import { EncString, EncryptedString } from "../../models/domain/enc-string"; -import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key"; -import { CRYPTO_DISK, CRYPTO_MEMORY, DeriveDefinition, UserKeyDefinition } from "../../state"; +import { EncryptedString } from "../../models/domain/enc-string"; +import { CRYPTO_DISK, UserKeyDefinition } from "../../state"; export const USER_ENCRYPTED_PROVIDER_KEYS = UserKeyDefinition.record( CRYPTO_DISK, @@ -13,32 +10,3 @@ export const USER_ENCRYPTED_PROVIDER_KEYS = UserKeyDefinition.record, UserPrivateKey], - Record, - { encryptService: EncryptService } ->(CRYPTO_MEMORY, "providerKeys", { - deserializer: (obj) => { - const result: Record = {}; - for (const providerId of Object.keys(obj ?? {}) as ProviderId[]) { - result[providerId] = SymmetricCryptoKey.fromJSON(obj[providerId]) as ProviderKey; - } - return result; - }, - derive: async ([encryptedProviderKeys, privateKey], { encryptService }) => { - const result: Record = {}; - for (const providerId of Object.keys(encryptedProviderKeys ?? {}) as ProviderId[]) { - if (result[providerId] != null) { - continue; - } - const encrypted = new EncString(encryptedProviderKeys[providerId]); - const decrypted = await encryptService.rsaDecrypt(encrypted, privateKey); - const providerKey = new SymmetricCryptoKey(decrypted) as ProviderKey; - - result[providerId] = providerKey; - } - - return result; - }, -}); diff --git a/libs/common/src/platform/services/key-state/user-key.state.spec.ts b/libs/common/src/platform/services/key-state/user-key.state.spec.ts index 63273f1c795..6154fba8f44 100644 --- a/libs/common/src/platform/services/key-state/user-key.state.spec.ts +++ b/libs/common/src/platform/services/key-state/user-key.state.spec.ts @@ -1,19 +1,8 @@ -import { mock } from "jest-mock-extended"; - -import { makeStaticByteArray } from "../../../../spec"; -import { UserKey, UserPrivateKey, UserPublicKey } from "../../../types/key"; -import { CryptoFunctionService } from "../../abstractions/crypto-function.service"; -import { EncryptService } from "../../abstractions/encrypt.service"; import { EncryptionType } from "../../enums"; import { Utils } from "../../misc/utils"; import { EncString } from "../../models/domain/enc-string"; -import { - USER_ENCRYPTED_PRIVATE_KEY, - USER_EVER_HAD_USER_KEY, - USER_PRIVATE_KEY, - USER_PUBLIC_KEY, -} from "./user-key.state"; +import { USER_ENCRYPTED_PRIVATE_KEY, USER_EVER_HAD_USER_KEY } from "./user-key.state"; function makeEncString(data?: string) { data ??= Utils.newGuid(); @@ -43,76 +32,3 @@ describe("Encrypted private key", () => { expect(result).toEqual(encryptedPrivateKey); }); }); - -describe("User public key", () => { - const sut = USER_PUBLIC_KEY; - const userPrivateKey = makeStaticByteArray(64, 1) as UserPrivateKey; - const userPublicKey = makeStaticByteArray(64, 2) as UserPublicKey; - - it("should deserialize user public key", () => { - const userPublicKey = makeStaticByteArray(64, 1); - - const result = sut.deserialize(JSON.parse(JSON.stringify(userPublicKey))); - - expect(result).toEqual(userPublicKey); - }); - - it("should derive user public key", async () => { - const cryptoFunctionService = mock(); - cryptoFunctionService.rsaExtractPublicKey.mockResolvedValue(userPublicKey); - - const result = await sut.derive(userPrivateKey, { cryptoFunctionService }); - - expect(result).toEqual(userPublicKey); - }); -}); - -describe("Derived decrypted private key", () => { - const sut = USER_PRIVATE_KEY; - const userKey = mock(); - const encryptedPrivateKey = makeEncString().encryptedString; - const decryptedPrivateKey = makeStaticByteArray(64, 1); - - afterEach(() => { - jest.resetAllMocks(); - }); - - it("should deserialize decrypted private key", () => { - const decryptedPrivateKey = makeStaticByteArray(64, 1); - - const result = sut.deserialize(JSON.parse(JSON.stringify(decryptedPrivateKey))); - - expect(result).toEqual(decryptedPrivateKey); - }); - - it("should derive decrypted private key", async () => { - const encryptService = mock(); - encryptService.decryptToBytes.mockResolvedValue(decryptedPrivateKey); - - const result = await sut.derive([encryptedPrivateKey, userKey], { - encryptService, - }); - - expect(result).toEqual(decryptedPrivateKey); - }); - - it("should handle null encryptedPrivateKey", async () => { - const encryptService = mock(); - - const result = await sut.derive([null, userKey], { - encryptService, - }); - - expect(result).toEqual(null); - }); - - it("should handle null userKey", async () => { - const encryptService = mock(); - - const result = await sut.derive([encryptedPrivateKey, null], { - encryptService, - }); - - expect(result).toEqual(null); - }); -}); diff --git a/libs/common/src/platform/services/key-state/user-key.state.ts b/libs/common/src/platform/services/key-state/user-key.state.ts index c2b84d6a247..cd124321f61 100644 --- a/libs/common/src/platform/services/key-state/user-key.state.ts +++ b/libs/common/src/platform/services/key-state/user-key.state.ts @@ -1,9 +1,7 @@ -import { UserPrivateKey, UserPublicKey, UserKey } from "../../../types/key"; -import { CryptoFunctionService } from "../../abstractions/crypto-function.service"; -import { EncryptService } from "../../abstractions/encrypt.service"; -import { EncString, EncryptedString } from "../../models/domain/enc-string"; +import { UserKey } from "../../../types/key"; +import { EncryptedString } from "../../models/domain/enc-string"; import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key"; -import { CRYPTO_DISK, DeriveDefinition, CRYPTO_MEMORY, UserKeyDefinition } from "../../state"; +import { CRYPTO_DISK, CRYPTO_MEMORY, UserKeyDefinition } from "../../state"; export const USER_EVER_HAD_USER_KEY = new UserKeyDefinition( CRYPTO_DISK, @@ -23,41 +21,6 @@ export const USER_ENCRYPTED_PRIVATE_KEY = new UserKeyDefinition }, ); -export const USER_PRIVATE_KEY = new DeriveDefinition< - [EncryptedString, UserKey], - UserPrivateKey, - { encryptService: EncryptService } ->(CRYPTO_MEMORY, "privateKey", { - deserializer: (obj) => new Uint8Array(Object.values(obj)) as UserPrivateKey, - derive: async ([encPrivateKeyString, userKey], { encryptService }) => { - if (encPrivateKeyString == null || userKey == null) { - return null; - } - - const encPrivateKey = new EncString(encPrivateKeyString); - const privateKey = (await encryptService.decryptToBytes( - encPrivateKey, - userKey, - )) as UserPrivateKey; - return privateKey; - }, -}); - -export const USER_PUBLIC_KEY = DeriveDefinition.from< - UserPrivateKey, - UserPublicKey, - { cryptoFunctionService: CryptoFunctionService } ->([USER_PRIVATE_KEY, "publicKey"], { - deserializer: (obj) => new Uint8Array(Object.values(obj)) as UserPublicKey, - derive: async (privateKey, { cryptoFunctionService }) => { - if (privateKey == null) { - return null; - } - - return (await cryptoFunctionService.rsaExtractPublicKey(privateKey)) as UserPublicKey; - }, -}); - export const USER_KEY = new UserKeyDefinition(CRYPTO_MEMORY, "userKey", { deserializer: (obj) => SymmetricCryptoKey.fromJSON(obj) as UserKey, clearOn: ["logout", "lock"],