[PM-23099] Prevent private key regen / private key generation on v2 accounts (#15413)

* Prevent private key regen / private key generation on v2 accounts * Fix tests * Fix build * Fix tests
2025-12-06 00:13:28 +00:00 · 2025-07-25 13:19:48 +02:00
parent 1491445392
commit 594455af88
4 changed files with 41 additions and 0 deletions
--- a/libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.spec.ts
+++ b/libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.spec.ts
@@ -354,4 +354,22 @@ describe("regenerateIfNeeded", () => {
    ).not.toHaveBeenCalled();
    expect(keyService.setPrivateKey).not.toHaveBeenCalled();
  });
+
+  it("should not regenerate when userKey type is CoseEncrypt0 (V2 encryption)", async () => {
+    const mockUserKey = {
+      keyB64: "mockKeyB64",
+      inner: () => ({ type: 7 }),
+    } as unknown as UserKey;
+    keyService.userKey$.mockReturnValue(of(mockUserKey));
+
+    await sut.regenerateIfNeeded(userId);
+
+    expect(
+      userAsymmetricKeysRegenerationApiService.regenerateUserAsymmetricKeys,
+    ).not.toHaveBeenCalled();
+    expect(keyService.setPrivateKey).not.toHaveBeenCalled();
+    expect(logService.error).toHaveBeenCalledWith(
+      "[UserAsymmetricKeyRegeneration] Cannot regenerate asymmetric keys for accounts on V2 encryption.",
+    );
+  });
 });
--- a/libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.ts
+++ b/libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.ts
@@ -6,6 +6,7 @@ import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-st
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
+import { EncryptionType } from "@bitwarden/common/platform/enums";
 import { UserId } from "@bitwarden/common/types/guid";
 import { UserKey } from "@bitwarden/common/types/key";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
@@ -60,6 +61,13 @@ export class DefaultUserAsymmetricKeysRegenerationService
      return false;
    }

+    if (userKey.inner().type === EncryptionType.CoseEncrypt0) {
+      this.logService.error(
+        "[UserAsymmetricKeyRegeneration] Cannot regenerate asymmetric keys for accounts on V2 encryption.",
+      );
+      return false;
+    }
+
    const [userKeyEncryptedPrivateKey, publicKeyResponse] = await firstValueFrom(
      combineLatest([
        this.keyService.userEncryptedPrivateKey$(userId),