From 9b85123acf09676fcaa693df9db5e33ce9676875 Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Fri, 9 May 2025 00:36:07 +0200 Subject: [PATCH] Move sm code to new encrypt service interface (#14545) --- .../secrets-manager/projects/project.service.ts | 6 +++--- .../secrets/secret.service.spec.ts | 4 ++-- .../secrets-manager/secrets/secret.service.ts | 16 ++++++++-------- .../service-accounts/access/access.service.ts | 8 ++++---- .../service-accounts/service-account.service.ts | 9 ++++++--- .../services/sm-porting-api.service.spec.ts | 4 ++-- .../settings/services/sm-porting-api.service.ts | 16 ++++++++-------- .../access-policy.service.spec.ts | 4 ++-- .../access-policies/access-policy.service.ts | 6 +++--- 9 files changed, 38 insertions(+), 35 deletions(-) diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/projects/project.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/projects/project.service.ts index 8c9f894f8f6..334d9ea43a6 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/projects/project.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/projects/project.service.ts @@ -93,7 +93,7 @@ export class ProjectService { ): Promise { const orgKey = await this.getOrganizationKey(organizationId); const request = new ProjectRequest(); - request.name = await this.encryptService.encrypt(projectView.name, orgKey); + request.name = await this.encryptService.encryptString(projectView.name, orgKey); return request; } @@ -108,7 +108,7 @@ export class ProjectService { projectView.revisionDate = projectResponse.revisionDate; projectView.read = projectResponse.read; projectView.write = projectResponse.write; - projectView.name = await this.encryptService.decryptToUtf8( + projectView.name = await this.encryptService.decryptString( new EncString(projectResponse.name), orgKey, ); @@ -127,7 +127,7 @@ export class ProjectService { projectListView.organizationId = s.organizationId; projectListView.read = s.read; projectListView.write = s.write; - projectListView.name = await this.encryptService.decryptToUtf8( + projectListView.name = await this.encryptService.decryptString( new EncString(s.name), orgKey, ); diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.spec.ts b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.spec.ts index c761d73d4a1..113bf130cb5 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.spec.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.spec.ts @@ -24,10 +24,10 @@ describe("SecretService", () => { sut = new SecretService(keyService, apiService, encryptService, accessPolicyService); - encryptService.encrypt.mockResolvedValue({ + encryptService.encryptString.mockResolvedValue({ encryptedString: "mockEncryptedString", } as EncString); - encryptService.decryptToUtf8.mockResolvedValue(mockUnencryptedData); + encryptService.decryptString.mockResolvedValue(mockUnencryptedData); }); it("instantiates", () => { diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.ts index 51c49d79f2d..cf71de288bb 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.ts @@ -166,9 +166,9 @@ export class SecretService { const orgKey = await this.getOrganizationKey(organizationId); const request = new SecretRequest(); const [key, value, note] = await Promise.all([ - this.encryptService.encrypt(secretView.name, orgKey), - this.encryptService.encrypt(secretView.value, orgKey), - this.encryptService.encrypt(secretView.note, orgKey), + this.encryptService.encryptString(secretView.name, orgKey), + this.encryptService.encryptString(secretView.value, orgKey), + this.encryptService.encryptString(secretView.note, orgKey), ]); request.key = key.encryptedString; request.value = value.encryptedString; @@ -193,9 +193,9 @@ export class SecretService { secretView.revisionDate = secretResponse.revisionDate; const [name, value, note] = await Promise.all([ - this.encryptService.decryptToUtf8(new EncString(secretResponse.name), orgKey), - this.encryptService.decryptToUtf8(new EncString(secretResponse.value), orgKey), - this.encryptService.decryptToUtf8(new EncString(secretResponse.note), orgKey), + this.encryptService.decryptString(new EncString(secretResponse.name), orgKey), + this.encryptService.decryptString(new EncString(secretResponse.value), orgKey), + this.encryptService.decryptString(new EncString(secretResponse.note), orgKey), ]); secretView.name = name; secretView.value = value; @@ -230,7 +230,7 @@ export class SecretService { const secretListView = new SecretListView(); secretListView.id = s.id; secretListView.organizationId = s.organizationId; - secretListView.name = await this.encryptService.decryptToUtf8( + secretListView.name = await this.encryptService.decryptString( new EncString(s.name), orgKey, ); @@ -259,7 +259,7 @@ export class SecretService { const projectsMappedToSecretView = new SecretProjectView(); projectsMappedToSecretView.id = s.id; projectsMappedToSecretView.name = s.name - ? await this.encryptService.decryptToUtf8(new EncString(s.name), orgKey) + ? await this.encryptService.decryptString(new EncString(s.name), orgKey) : null; return projectsMappedToSecretView; }), diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts index 773cb83e70a..2e50ec5af7e 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts @@ -102,12 +102,12 @@ export class AccessService { const organizationKey = await this.getOrganizationKey(organizationId); const accessTokenRequest = new AccessTokenRequest(); const [name, encryptedPayload, key] = await Promise.all([ - await this.encryptService.encrypt(accessTokenView.name, organizationKey), - await this.encryptService.encrypt( + await this.encryptService.encryptString(accessTokenView.name, organizationKey), + await this.encryptService.encryptString( JSON.stringify({ encryptionKey: organizationKey.keyB64 }), encryptionKey, ), - await this.encryptService.encrypt(encryptionKey.keyB64, organizationKey), + await this.encryptService.encryptString(encryptionKey.keyB64, organizationKey), ]); accessTokenRequest.name = name; @@ -130,7 +130,7 @@ export class AccessService { accessTokenResponses.map(async (s) => { const view = new AccessTokenView(); view.id = s.id; - view.name = await this.encryptService.decryptToUtf8(new EncString(s.name), orgKey); + view.name = await this.encryptService.decryptString(new EncString(s.name), orgKey); view.scopes = s.scopes; view.expireAt = s.expireAt ? new Date(s.expireAt) : null; view.creationDate = new Date(s.creationDate); diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.service.ts index a56111bc655..c5d4f979ef4 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.service.ts @@ -130,7 +130,10 @@ export class ServiceAccountService { serviceAccountView: ServiceAccountView, ) { const request = new ServiceAccountRequest(); - request.name = await this.encryptService.encrypt(serviceAccountView.name, organizationKey); + request.name = await this.encryptService.encryptString( + serviceAccountView.name, + organizationKey, + ); return request; } @@ -144,7 +147,7 @@ export class ServiceAccountService { serviceAccountView.creationDate = serviceAccountResponse.creationDate; serviceAccountView.revisionDate = serviceAccountResponse.revisionDate; serviceAccountView.name = serviceAccountResponse.name - ? await this.encryptService.decryptToUtf8( + ? await this.encryptService.decryptString( new EncString(serviceAccountResponse.name), organizationKey, ) @@ -163,7 +166,7 @@ export class ServiceAccountService { view.revisionDate = response.revisionDate; view.accessToSecrets = response.accessToSecrets; view.name = response.name - ? await this.encryptService.decryptToUtf8(new EncString(response.name), organizationKey) + ? await this.encryptService.decryptString(new EncString(response.name), organizationKey) : null; return view; } diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.spec.ts b/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.spec.ts index 6b527d56502..6f9f0727ddc 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.spec.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.spec.ts @@ -28,8 +28,8 @@ describe("SecretsManagerPortingApiService", () => { sut = new SecretsManagerPortingApiService(apiService, encryptService, keyService); - encryptService.encrypt.mockResolvedValue(mockEncryptedString); - encryptService.decryptToUtf8.mockResolvedValue(mockUnencryptedString); + encryptService.encryptString.mockResolvedValue(mockEncryptedString); + encryptService.decryptString.mockResolvedValue(mockUnencryptedString); const mockRandomBytes = new Uint8Array(64) as CsprngArray; const mockOrgKey = new SymmetricCryptoKey(mockRandomBytes) as OrgKey; diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.ts index c9d63e61400..41088c1bfa1 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.ts @@ -86,7 +86,7 @@ export class SecretsManagerPortingApiService { importData.projects.map(async (p: any) => { const project = new SecretsManagerImportedProjectRequest(); project.id = p.id; - project.name = await this.encryptService.encrypt(p.name, orgKey); + project.name = await this.encryptService.encryptString(p.name, orgKey); return project; }), ); @@ -96,9 +96,9 @@ export class SecretsManagerPortingApiService { const secret = new SecretsManagerImportedSecretRequest(); [secret.key, secret.value, secret.note] = await Promise.all([ - this.encryptService.encrypt(s.key, orgKey), - this.encryptService.encrypt(s.value, orgKey), - this.encryptService.encrypt(s.note, orgKey), + this.encryptService.encryptString(s.key, orgKey), + this.encryptService.encryptString(s.value, orgKey), + this.encryptService.encryptString(s.note, orgKey), ]); secret.id = s.id; @@ -129,7 +129,7 @@ export class SecretsManagerPortingApiService { exportData.projects.map(async (p) => { const project = new SecretsManagerExportProject(); project.id = p.id; - project.name = await this.encryptService.decryptToUtf8(new EncString(p.name), orgKey); + project.name = await this.encryptService.decryptString(new EncString(p.name), orgKey); return project; }), ); @@ -139,9 +139,9 @@ export class SecretsManagerPortingApiService { const secret = new SecretsManagerExportSecret(); [secret.key, secret.value, secret.note] = await Promise.all([ - this.encryptService.decryptToUtf8(new EncString(s.key), orgKey), - this.encryptService.decryptToUtf8(new EncString(s.value), orgKey), - this.encryptService.decryptToUtf8(new EncString(s.note), orgKey), + this.encryptService.decryptString(new EncString(s.key), orgKey), + this.encryptService.decryptString(new EncString(s.value), orgKey), + this.encryptService.decryptString(new EncString(s.note), orgKey), ]); secret.id = s.id; diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.spec.ts b/bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.spec.ts index d6bc807686a..51231184d77 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.spec.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.spec.ts @@ -138,7 +138,7 @@ describe("AccessPolicyService", () => { const mockRandomBytes = new Uint8Array(64) as CsprngArray; const mockOrgKey = new SymmetricCryptoKey(mockRandomBytes) as OrgKey; keyService.getOrgKey.mockResolvedValue(mockOrgKey); - encryptService.decryptToUtf8.mockImplementation((c) => Promise.resolve(c.encryptedString)); + encryptService.decryptString.mockImplementation((c) => Promise.resolve(c.encryptedString)); const organizationId = Utils.newGuid(); const serviceAccountId = Utils.newGuid(); @@ -175,7 +175,7 @@ describe("AccessPolicyService", () => { const mockRandomBytes = new Uint8Array(64) as CsprngArray; const mockOrgKey = new SymmetricCryptoKey(mockRandomBytes) as OrgKey; keyService.getOrgKey.mockResolvedValue(mockOrgKey); - encryptService.decryptToUtf8.mockImplementation((c) => Promise.resolve(c.encryptedString)); + encryptService.decryptString.mockImplementation((c) => Promise.resolve(c.encryptedString)); const organizationId = Utils.newGuid(); const projectId = Utils.newGuid(); diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.ts index 5223135c17a..6fc8da05036 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.ts @@ -350,7 +350,7 @@ export class AccessPolicyService { ...this.createBaseAccessPolicyView(response), grantedProjectId: response.grantedProjectId, grantedProjectName: response.grantedProjectName - ? await this.encryptService.decryptToUtf8( + ? await this.encryptService.decryptString( new EncString(response.grantedProjectName), organizationKey, ) @@ -394,7 +394,7 @@ export class AccessPolicyService { ...this.createBaseAccessPolicyView(response), serviceAccountId: response.serviceAccountId, serviceAccountName: response.serviceAccountName - ? await this.encryptService.decryptToUtf8( + ? await this.encryptService.decryptString( new EncString(response.serviceAccountName), orgKey, ) @@ -420,7 +420,7 @@ export class AccessPolicyService { if (r.type === "serviceAccount" || r.type === "project") { view.name = r.name - ? await this.encryptService.decryptToUtf8(new EncString(r.name), orgKey) + ? await this.encryptService.decryptString(new EncString(r.name), orgKey) : null; } else { view.name = r.name;