Add get other user's keys endpoint

2026-02-08 12:40:26 +00:00 · 2025-05-19 11:29:25 +02:00
parent 54a69aac32
commit 99454812e5
7 changed files with 63 additions and 12 deletions
--- a/apps/web/src/app/key-management/debug/debug.component.html
+++ b/apps/web/src/app/key-management/debug/debug.component.html
@@ -21,7 +21,8 @@
    <div class="tw-flex tw-flex-col tw-space-y-3">
      <h2>User Public Key</h2>
      <input type="text" bitInput formControlName="fetchPKIUserId" placeholder="UserId" />
-      Result: {{ otherUserPublicKey }}
+      Result Public Key: {{ otherUserPublicKey }} Verifying Key:
+      {{ otherUserVerifyingKey }} PublicKeyOwnershipClaim: {{ otherUserPublicKeyOwnershipClaim }}
      <button type="button" bitButton buttonType="primary" block (click)="getUserPublicKey()">
        <span> Get Public Key </span>
      </button>
--- a/apps/web/src/app/key-management/debug/debug.component.ts
+++ b/apps/web/src/app/key-management/debug/debug.component.ts
@@ -2,9 +2,8 @@ import { Component, OnInit } from "@angular/core";
 import { FormBuilder, FormGroup, Validators } from "@angular/forms";
 import { firstValueFrom } from "rxjs";

-import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
-import { MasterPasswordServiceAbstraction } from "@bitwarden/common/key-management/master-password/abstractions/master-password.service.abstraction";
+import { KeyApiService } from "@bitwarden/common/key-management/keys/services/abstractions/key-api-service.abstraction";
 import { EncryptionType } from "@bitwarden/common/platform/enums";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { KeyService } from "@bitwarden/key-management";
@@ -26,8 +25,6 @@ export class DebugMenu implements OnInit {
  privateKey: string;
  privateKeyType: string;

-  masterKey: string;
-
  userId: string;

  testClaimPublicKeyOwnershipResult: string;
@@ -45,13 +42,14 @@ export class DebugMenu implements OnInit {
    testClaimPublicKeyOwnershipClaim: this.formBuilder.control("", [Validators.required]),
  });
  otherUserPublicKey: string | null = null;
+  otherUserVerifyingKey: string | null = null;
+  otherUserPublicKeyOwnershipClaim: string | null = null;

  constructor(
    private keyService: KeyService,
-    private masterPasswordService: MasterPasswordServiceAbstraction,
    private accountService: AccountService,
    private formBuilder: FormBuilder,
-    private apiService: ApiService,
+    private keyApiService: KeyApiService,
  ) {}

  async ngOnInit() {
@@ -86,9 +84,12 @@ export class DebugMenu implements OnInit {
  }

  getUserPublicKey = async () => {
-    this.otherUserPublicKey = (
-      await this.apiService.getUserPublicKey(this.formGroup.get("fetchPKIUserId").value)
-    ).publicKey;
+    const keys = await this.keyApiService.getUserPublicKeys(
+      this.formGroup.get("fetchPKIUserId").value,
+    );
+    this.otherUserPublicKey = keys.PublicKey;
+    this.otherUserVerifyingKey = keys.VerifyingKey.toString();
+    this.otherUserPublicKeyOwnershipClaim = keys.SignedPublicKeyOwnershipClaim.toString();
  };

  verifyPublicKeyOwnershipClaim = async () => {
--- a/apps/web/src/app/oss-routing.module.ts
+++ b/apps/web/src/app/oss-routing.module.ts
@@ -696,11 +696,11 @@ const routes: Routes = [
        path: "reports",
        loadChildren: () => ReportsModule,
      },
-      {
+      buildDevOnlyRoute({
        path: "debug",
        loadComponent: () =>
          import("./key-management/debug/debug.component").then((mod) => mod.DebugMenu),
-      },
+      }),
      { path: "setup/families-for-enterprise", component: FamiliesForEnterpriseSetupComponent },
    ],
  },
@@ -731,3 +731,12 @@ export function buildFlaggedRoute(flagName: keyof Flags, route: Route): Route {
        redirectTo: "/",
      };
 }
+
+function buildDevOnlyRoute(route: Route): Route {
+  return process.env.NODE_ENV === "development"
+    ? route
+    : {
+        path: route.path,
+        redirectTo: "/",
+      };
+}
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -155,6 +155,8 @@ import { DeviceTrustServiceAbstraction } from "@bitwarden/common/key-management/
 import { DeviceTrustService } from "@bitwarden/common/key-management/device-trust/services/device-trust.service.implementation";
 import { KeyConnectorService as KeyConnectorServiceAbstraction } from "@bitwarden/common/key-management/key-connector/abstractions/key-connector.service";
 import { KeyConnectorService } from "@bitwarden/common/key-management/key-connector/services/key-connector.service";
+import { KeyApiService } from "@bitwarden/common/key-management/keys/services/abstractions/key-api-service.abstraction";
+import { DefaultKeyApiService } from "@bitwarden/common/key-management/keys/services/default-key-api-service.service";
 import {
  InternalMasterPasswordServiceAbstraction,
  MasterPasswordServiceAbstraction,
@@ -746,6 +748,11 @@ const safeProviders: SafeProvider[] = [
    useClass: SendApiService,
    deps: [ApiServiceAbstraction, FileUploadServiceAbstraction, InternalSendService],
  }),
+  safeProvider({
+    provide: KeyApiService,
+    useClass: DefaultKeyApiService,
+    deps: [ApiServiceAbstraction],
+  }),
  safeProvider({
    provide: SyncService,
    useClass: DefaultSyncService,
--- a/libs/common/src/key-management/keys/response/public-account-keys.response.ts
+++ b/libs/common/src/key-management/keys/response/public-account-keys.response.ts
@@ -0,0 +1,15 @@
+import { VerifyingKey } from "@bitwarden/key-management";
+
+import { SignedPublicKeyOwnershipClaim } from "../../types";
+
+export class PublicAccountKeysResponseModel {
+  readonly VerifyingKey: VerifyingKey;
+  readonly PublicKey: string;
+  readonly SignedPublicKeyOwnershipClaim: SignedPublicKeyOwnershipClaim;
+
+  constructor(response: any) {
+    this.VerifyingKey = new VerifyingKey(response.verifyingKey, response.verifyingKeyAlgorithm);
+    this.PublicKey = response.publicKey;
+    this.SignedPublicKeyOwnershipClaim = response.signedPublicKeyOwnershipClaim;
+  }
+}
--- a/libs/common/src/key-management/keys/services/abstractions/key-api-service.abstraction.ts
+++ b/libs/common/src/key-management/keys/services/abstractions/key-api-service.abstraction.ts
@@ -0,0 +1,5 @@
+import { PublicAccountKeysResponseModel } from "../../response/public-account-keys.response";
+
+export class KeyApiService {
+  getUserPublicKeys: (id: string) => Promise<PublicAccountKeysResponseModel>;
+}
--- a/libs/common/src/key-management/keys/services/default-key-api-service.service.ts
+++ b/libs/common/src/key-management/keys/services/default-key-api-service.service.ts
@@ -0,0 +1,13 @@
+import { ApiService } from "../../../abstractions/api.service";
+import { PublicAccountKeysResponseModel } from "../response/public-account-keys.response";
+
+import { KeyApiService } from "./abstractions/key-api-service.abstraction";
+
+export class DefaultKeyApiService implements KeyApiService {
+  constructor(private apiService: ApiService) {}
+
+  async getUserPublicKeys(id: string): Promise<PublicAccountKeysResponseModel> {
+    const r = await this.apiService.send("GET", "/users/" + id + "/keys", null, true, true);
+    return new PublicAccountKeysResponseModel(r);
+  }
+}