[PM-12423] Migrate Cipher Decryption to Use SDK (#14206)

* Created mappings for client domain object to SDK * Add abstract decrypt observable * Added todo for future consideration * Added implementation to cipher service * Added adapter and unit tests * Created cipher encryption abstraction and service * Register cipher encryption service * Added tests for the cipher encryption service * changed signature * Updated feature flag name * added new function to be used for decrypting ciphers * Added new encryptedKey field * added new function to be used for decrypting ciphers * Manually set fields * Added encrypted key in attachment view * Fixed test * Updated references to use decrypt with feature flag * Added dependency * updated package.json * lint fix * fixed tests * Fixed small mapping issues * Fixed test * Added function to decrypt fido2 key value * Added function to decrypt fido2 key value and updated test * updated to use sdk function without prociding the key * updated localdata sdk type change * decrypt attachment content using sdk * Fixed dependency issues * updated package.json * Refactored service to handle getting decrypted buffer using the legacy and sdk implementations * updated services and component to use refactored version * Updated decryptCiphersWithSdk to use decryptManyLegacy for batch decryption, ensuring the SDK is only called once per batch * Fixed merge conflicts * Fixed merge conflicts * Fixed merge conflicts * Fixed lint issues * Moved getDecryptedAttachmentBuffer to cipher service * Moved getDecryptedAttachmentBuffer to cipher service * ensure CipherView properties are null instead of undefined * Fixed test * ensure AttachmentView properties are null instead of undefined * Linked ticket in comment * removed unused orgKey
2025-12-18 01:03:35 +00:00 · 2025-05-14 10:30:01 -04:00
parent 3e0cc7ca7f
commit ad3121f535
85 changed files with 2171 additions and 218 deletions
--- a/libs/common/src/vault/abstractions/cipher-encryption.service.ts
+++ b/libs/common/src/vault/abstractions/cipher-encryption.service.ts
@@ -0,0 +1,60 @@
+import { CipherListView } from "@bitwarden/sdk-internal";
+
+import { UserId } from "../../types/guid";
+import { Cipher } from "../models/domain/cipher";
+import { AttachmentView } from "../models/view/attachment.view";
+import { CipherView } from "../models/view/cipher.view";
+
+/**
+ * Service responsible for encrypting and decrypting ciphers.
+ */
+export abstract class CipherEncryptionService {
+  /**
+   * Decrypts a cipher using the SDK for the given userId.
+   *
+   * @param cipher The encrypted cipher object
+   * @param userId The user ID whose key will be used for decryption
+   *
+   * @returns A promise that resolves to the decrypted cipher view
+   */
+  abstract decrypt(cipher: Cipher, userId: UserId): Promise<CipherView>;
+  /**
+   * Decrypts many ciphers using the SDK for the given userId.
+   *
+   * For bulk decryption, prefer using `decryptMany`, which returns a more efficient
+   * `CipherListView` object.
+   *
+   * @param ciphers The encrypted cipher objects
+   * @param userId The user ID whose key will be used for decryption
+   *
+   * @deprecated Use `decryptMany` for bulk decryption instead.
+   *
+   * @returns A promise that resolves to an array of decrypted cipher views
+   */
+  abstract decryptManyLegacy(ciphers: Cipher[], userId: UserId): Promise<CipherView[]>;
+  /**
+   * Decrypts many ciphers using the SDK for the given userId.
+   *
+   * @param ciphers The encrypted cipher objects
+   * @param userId The user ID whose key will be used for decryption
+   *
+   * @returns A promise that resolves to an array of decrypted cipher list views
+   */
+  abstract decryptMany(ciphers: Cipher[], userId: UserId): Promise<CipherListView[]>;
+  /**
+   * Decrypts an attachment's content from a response object.
+   *
+   * @param cipher The encrypted cipher object that owns the attachment
+   * @param attachment The attachment view object
+   * @param encryptedContent The encrypted content of the attachment
+   * @param userId The user ID whose key will be used for decryption
+   *
+   * @returns A promise that resolves to the decrypted content
+   */
+  abstract decryptAttachmentContent(
+    cipher: Cipher,
+    attachment: AttachmentView,
+    encryptedContent: Uint8Array,
+    userId: UserId,
+  ): Promise<Uint8Array>;
+}