Merge branch 'main' into PM-26250-Explore-options-to-enable-direct-importer-for-mac-app-store-build

2025-12-06 00:13:28 +00:00 · 2025-12-04 07:29:47 -07:00
parent 84d588f6e9 2ef84ca460
commit 70b4993a4e
19 changed files with 239 additions and 307 deletions
--- a/apps/cli/package.json
+++ b/apps/cli/package.json
@@ -75,7 +75,7 @@
    "inquirer": "8.2.6",
    "jsdom": "26.1.0",
    "jszip": "3.10.1",
-    "koa": "2.16.3",
+    "koa": "3.1.1",
    "koa-bodyparser": "4.4.1",
    "koa-json": "2.0.2",
    "lowdb": "1.0.0",
@@ -83,7 +83,7 @@
    "multer": "2.0.2",
    "node-fetch": "2.6.12",
    "node-forge": "1.3.2",
-    "open": "10.1.2",
+    "open": "11.0.0",
    "papaparse": "5.5.3",
    "proper-lockfile": "4.1.2",
    "rxjs": "7.8.1",
--- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.spec.ts
+++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.spec.ts
@@ -1096,6 +1096,9 @@ describe("KeyRotationService", () => {
      mockKeyService.userSigningKey$.mockReturnValue(
        new BehaviorSubject(TEST_VECTOR_SIGNING_KEY_V2 as WrappedSigningKey),
      );
+      mockKeyService.userSignedPublicKey$.mockReturnValue(
+        new BehaviorSubject(TEST_VECTOR_SIGNED_PUBLIC_KEY_V2 as SignedPublicKey),
+      );
      mockSecurityStateService.accountSecurityState$.mockReturnValue(
        new BehaviorSubject(TEST_VECTOR_SECURITY_STATE_V2 as SignedSecurityState),
      );
@@ -1140,6 +1143,7 @@ describe("KeyRotationService", () => {
          publicKeyEncryptionKeyPair: {
            wrappedPrivateKey: TEST_VECTOR_PRIVATE_KEY_V2,
            publicKey: Utils.fromB64ToArray(TEST_VECTOR_PUBLIC_KEY_V2) as UnsignedPublicKey,
+            signedPublicKey: TEST_VECTOR_SIGNED_PUBLIC_KEY_V2 as SignedPublicKey,
          },
          signingKey: TEST_VECTOR_SIGNING_KEY_V2 as WrappedSigningKey,
          securityState: TEST_VECTOR_SECURITY_STATE_V2 as SignedSecurityState,
--- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
+++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
@@ -10,6 +10,7 @@ import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-st
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/key-management/device-trust/abstractions/device-trust.service.abstraction";
 import { SecurityStateService } from "@bitwarden/common/key-management/security-state/abstractions/security-state.service";
 import {
+  SignedPublicKey,
  SignedSecurityState,
  UnsignedPublicKey,
  WrappedPrivateKey,
@@ -308,9 +309,11 @@ export class UserKeyRotationService {
      userId: asUuid(userId),
      kdfParams: kdfConfig.toSdkConfig(),
      email: email,
-      privateKey: cryptographicStateParameters.publicKeyEncryptionKeyPair.wrappedPrivateKey,
-      signingKey: undefined,
-      securityState: undefined,
+      accountCryptographicState: {
+        V1: {
+          private_key: cryptographicStateParameters.publicKeyEncryptionKeyPair.wrappedPrivateKey,
+        },
+      },
      method: {
        decryptedKey: { decrypted_user_key: cryptographicStateParameters.userKey.toBase64() },
      },
@@ -334,9 +337,15 @@ export class UserKeyRotationService {
      userId: asUuid(userId),
      kdfParams: kdfConfig.toSdkConfig(),
      email: email,
-      privateKey: cryptographicStateParameters.publicKeyEncryptionKeyPair.wrappedPrivateKey,
-      signingKey: cryptographicStateParameters.signingKey,
-      securityState: cryptographicStateParameters.securityState,
+      accountCryptographicState: {
+        V2: {
+          private_key: cryptographicStateParameters.publicKeyEncryptionKeyPair.wrappedPrivateKey,
+          signing_key: cryptographicStateParameters.signingKey,
+          security_state: cryptographicStateParameters.securityState,
+          signed_public_key:
+            cryptographicStateParameters.publicKeyEncryptionKeyPair.signedPublicKey,
+        },
+      },
      method: {
        decryptedKey: { decrypted_user_key: cryptographicStateParameters.userKey.toBase64() },
      },
@@ -632,6 +641,10 @@ export class UserKeyRotationService {
        this.securityStateService.accountSecurityState$(user.id),
        "User security state",
      );
+      const signedPublicKey = await this.firstValueFromOrThrow(
+        this.keyService.userSignedPublicKey$(user.id),
+        "User signed public key",
+      );

      return {
        masterKeyKdfConfig,
@@ -642,6 +655,7 @@ export class UserKeyRotationService {
          publicKeyEncryptionKeyPair: {
            wrappedPrivateKey: currentUserKeyWrappedPrivateKey,
            publicKey: publicKey,
+            signedPublicKey: signedPublicKey!,
          },
          signingKey: signingKey!,
          securityState: securityState!,
@@ -679,6 +693,7 @@ export type V2CryptographicStateParameters = {
  publicKeyEncryptionKeyPair: {
    wrappedPrivateKey: WrappedPrivateKey;
    publicKey: UnsignedPublicKey;
+    signedPublicKey: SignedPublicKey;
  };
  signingKey: WrappedSigningKey;
  securityState: SignedSecurityState;