[PM-24353] Drop legacy pin support (#17328)

* Drop legacy pin support

* Fix cli build

* Fix browser build

* Remove pin key

* Fix comment

* Fix CI / tests

* Add migration to remove key

* Inline export key

* Extract vault export key generation

* Cleanup

* Add migrator

* Fix mv2 build

libs/tools/export/vault-export/vault-export-core/src/services/base-vault-export.service.ts

@@ -1,8 +1,8 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
+import { KeyGenerationService } from "@bitwarden/common/key-management/crypto";
 import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
-import { PinServiceAbstraction } from "@bitwarden/common/key-management/pin/pin.service.abstraction";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { UserId } from "@bitwarden/common/types/guid";
 import { CipherType } from "@bitwarden/common/vault/enums";
@@ -12,7 +12,7 @@ import { KdfConfig, KdfConfigService, KdfType } from "@bitwarden/key-management"
 import { BitwardenCsvExportType, BitwardenPasswordProtectedFileFormat } from "../types";
 export class BaseVaultExportService {
   constructor(
-    protected pinService: PinServiceAbstraction,
+    protected keyGenerationService: KeyGenerationService,
     protected encryptService: EncryptService,
     private cryptoFunctionService: CryptoFunctionService,
     private kdfConfigService: KdfConfigService,
@@ -26,7 +26,8 @@ export class BaseVaultExportService {
     const kdfConfig: KdfConfig = await this.kdfConfigService.getKdfConfig(userId);
 
     const salt = Utils.fromBufferToB64(await this.cryptoFunctionService.randomBytes(16));
-    const key = await this.pinService.makePinKey(password, salt, kdfConfig);
+
+    const key = await this.keyGenerationService.deriveVaultExportKey(password, salt, kdfConfig);
 
     const encKeyValidation = await this.encryptService.encryptString(Utils.newGuid(), key);
     const encText = await this.encryptService.encryptString(clearText, key);

libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.spec.ts

@@ -3,13 +3,13 @@ import * as JSZip from "jszip";
 import { BehaviorSubject, of } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { KeyGenerationService } from "@bitwarden/common/key-management/crypto";
 import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import {
   EncryptedString,
   EncString,
 } from "@bitwarden/common/key-management/crypto/models/enc-string";
-import { PinServiceAbstraction } from "@bitwarden/common/key-management/pin/pin.service.abstraction";
 import { CipherWithIdExport } from "@bitwarden/common/models/export/cipher-with-ids.export";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { CipherId, emptyGuid, UserId } from "@bitwarden/common/types/guid";
@@ -169,7 +169,7 @@ describe("VaultExportService", () => {
   let exportService: IndividualVaultExportService;
   let cryptoFunctionService: MockProxy<CryptoFunctionService>;
   let cipherService: MockProxy<CipherService>;
-  let pinService: MockProxy<PinServiceAbstraction>;
+  let keyGenerationService: MockProxy<KeyGenerationService>;
   let folderService: MockProxy<FolderService>;
   let keyService: MockProxy<KeyService>;
   let encryptService: MockProxy<EncryptService>;
@@ -184,7 +184,7 @@ describe("VaultExportService", () => {
   beforeEach(() => {
     cryptoFunctionService = mock<CryptoFunctionService>();
     cipherService = mock<CipherService>();
-    pinService = mock<PinServiceAbstraction>();
+    keyGenerationService = mock<KeyGenerationService>();
     folderService = mock<FolderService>();
     keyService = mock<KeyService>();
     encryptService = mock<EncryptService>();
@@ -220,7 +220,7 @@ describe("VaultExportService", () => {
     exportService = new IndividualVaultExportService(
       folderService,
       cipherService,
-      pinService,
+      keyGenerationService,
       keyService,
       encryptService,
       cryptoFunctionService,

libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts

@@ -5,9 +5,9 @@ import * as papa from "papaparse";
 import { firstValueFrom } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { KeyGenerationService } from "@bitwarden/common/key-management/crypto";
 import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
-import { PinServiceAbstraction } from "@bitwarden/common/key-management/pin/pin.service.abstraction";
 import { CipherWithIdExport, FolderWithIdExport } from "@bitwarden/common/models/export";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { CipherId, UserId } from "@bitwarden/common/types/guid";
@@ -42,7 +42,7 @@ export class IndividualVaultExportService
   constructor(
     private folderService: FolderService,
     private cipherService: CipherService,
-    pinService: PinServiceAbstraction,
+    keyGenerationService: KeyGenerationService,
     private keyService: KeyService,
     encryptService: EncryptService,
     cryptoFunctionService: CryptoFunctionService,
@@ -50,7 +50,7 @@ export class IndividualVaultExportService
     private apiService: ApiService,
     private restrictedItemTypesService: RestrictedItemTypesService,
   ) {
-    super(pinService, encryptService, cryptoFunctionService, kdfConfigService);
+    super(keyGenerationService, encryptService, cryptoFunctionService, kdfConfigService);
   }
 
   /** Creates an export of an individual vault (My Vault). Based on the provided format it will either be unencrypted, encrypted or password protected and in case zip is selected will include attachments

libs/tools/export/vault-export/vault-export-core/src/services/org-vault-export.service.ts

@@ -10,9 +10,9 @@ import {
   CollectionDetailsResponse,
   CollectionView,
 } from "@bitwarden/admin-console/common";
+import { KeyGenerationService } from "@bitwarden/common/key-management/crypto";
 import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
-import { PinServiceAbstraction } from "@bitwarden/common/key-management/pin/pin.service.abstraction";
 import { CipherWithIdExport, CollectionWithIdExport } from "@bitwarden/common/models/export";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
@@ -46,7 +46,7 @@ export class OrganizationVaultExportService
   constructor(
     private cipherService: CipherService,
     private vaultExportApiService: VaultExportApiService,
-    pinService: PinServiceAbstraction,
+    keyGenerationService: KeyGenerationService,
     private keyService: KeyService,
     encryptService: EncryptService,
     cryptoFunctionService: CryptoFunctionService,
@@ -54,7 +54,7 @@ export class OrganizationVaultExportService
     kdfConfigService: KdfConfigService,
     private restrictedItemTypesService: RestrictedItemTypesService,
   ) {
-    super(pinService, encryptService, cryptoFunctionService, kdfConfigService);
+    super(keyGenerationService, encryptService, cryptoFunctionService, kdfConfigService);
   }
 
   /** Creates a password protected export of an organizational vault.