[EC-135] Delay decryption of provider-encrypted org keys (#2902)

libs/common/src/models/data/encryptedOrganizationKeyData.ts

@@ -0,0 +1,14 @@
+export type EncryptedOrganizationKeyData =
+  | OrganizationEncryptedOrganizationKeyData
+  | ProviderEncryptedOrganizationKeyData;
+
+type OrganizationEncryptedOrganizationKeyData = {
+  type: "organization";
+  key: string;
+};
+
+type ProviderEncryptedOrganizationKeyData = {
+  type: "provider";
+  key: string;
+  providerId: string;
+};

libs/common/src/models/domain/account.ts

@@ -3,6 +3,7 @@ import { KdfType } from "../../enums/kdfType";
 import { UriMatchType } from "../../enums/uriMatchType";
 import { CipherData } from "../data/cipherData";
 import { CollectionData } from "../data/collectionData";
+import { EncryptedOrganizationKeyData } from "../data/encryptedOrganizationKeyData";
 import { EventData } from "../data/eventData";
 import { FolderData } from "../data/folderData";
 import { OrganizationData } from "../data/organizationData";
@@ -69,8 +70,11 @@ export class AccountKeys {
     string,
     SymmetricCryptoKey
   >();
-  organizationKeys?: EncryptionPair<any, Map<string, SymmetricCryptoKey>> = new EncryptionPair<
-    any,
+  organizationKeys?: EncryptionPair<
+    { [orgId: string]: EncryptedOrganizationKeyData },
+    Map<string, SymmetricCryptoKey>
+  > = new EncryptionPair<
+    { [orgId: string]: EncryptedOrganizationKeyData },
     Map<string, SymmetricCryptoKey>
   >();
   providerKeys?: EncryptionPair<any, Map<string, SymmetricCryptoKey>> = new EncryptionPair<

libs/common/src/models/domain/encryptedOrganizationKey.ts

@@ -0,0 +1,56 @@
+import { CryptoService } from "../../abstractions/crypto.service";
+import { EncryptedOrganizationKeyData } from "../../models/data/encryptedOrganizationKeyData";
+
+import { EncString } from "./encString";
+import { SymmetricCryptoKey } from "./symmetricCryptoKey";
+
+export abstract class BaseEncryptedOrganizationKey {
+  decrypt: (cryptoService: CryptoService) => Promise<SymmetricCryptoKey>;
+
+  static fromData(data: EncryptedOrganizationKeyData) {
+    switch (data.type) {
+      case "organization":
+        return new EncryptedOrganizationKey(data.key);
+
+      case "provider":
+        return new ProviderEncryptedOrganizationKey(data.key, data.providerId);
+
+      default:
+        return null;
+    }
+  }
+}
+
+export class EncryptedOrganizationKey implements BaseEncryptedOrganizationKey {
+  constructor(private key: string) {}
+
+  async decrypt(cryptoService: CryptoService) {
+    const decValue = await cryptoService.rsaDecrypt(this.key);
+    return new SymmetricCryptoKey(decValue);
+  }
+
+  toData(): EncryptedOrganizationKeyData {
+    return {
+      type: "organization",
+      key: this.key,
+    };
+  }
+}
+
+export class ProviderEncryptedOrganizationKey implements BaseEncryptedOrganizationKey {
+  constructor(private key: string, private providerId: string) {}
+
+  async decrypt(cryptoService: CryptoService) {
+    const providerKey = await cryptoService.getProviderKey(this.providerId);
+    const decValue = await cryptoService.decryptToBytes(new EncString(this.key), providerKey);
+    return new SymmetricCryptoKey(decValue);
+  }
+
+  toData(): EncryptedOrganizationKeyData {
+    return {
+      type: "provider",
+      key: this.key,
+      providerId: this.providerId,
+    };
+  }
+}