[PM-12423] Migrate Cipher Decryption to Use SDK (#14206)

* Created mappings for client domain object to SDK * Add abstract decrypt observable * Added todo for future consideration * Added implementation to cipher service * Added adapter and unit tests * Created cipher encryption abstraction and service * Register cipher encryption service * Added tests for the cipher encryption service * changed signature * Updated feature flag name * added new function to be used for decrypting ciphers * Added new encryptedKey field * added new function to be used for decrypting ciphers * Manually set fields * Added encrypted key in attachment view * Fixed test * Updated references to use decrypt with feature flag * Added dependency * updated package.json * lint fix * fixed tests * Fixed small mapping issues * Fixed test * Added function to decrypt fido2 key value * Added function to decrypt fido2 key value and updated test * updated to use sdk function without prociding the key * updated localdata sdk type change * decrypt attachment content using sdk * Fixed dependency issues * updated package.json * Refactored service to handle getting decrypted buffer using the legacy and sdk implementations * updated services and component to use refactored version * Updated decryptCiphersWithSdk to use decryptManyLegacy for batch decryption, ensuring the SDK is only called once per batch * Fixed merge conflicts * Fixed merge conflicts * Fixed merge conflicts * Fixed lint issues * Moved getDecryptedAttachmentBuffer to cipher service * Moved getDecryptedAttachmentBuffer to cipher service * ensure CipherView properties are null instead of undefined * Fixed test * ensure AttachmentView properties are null instead of undefined * Linked ticket in comment * removed unused orgKey
2025-12-19 09:43:23 +00:00 · 2025-05-14 10:30:01 -04:00
parent 3e0cc7ca7f
commit ad3121f535
85 changed files with 2171 additions and 218 deletions
--- a/libs/vault/src/cipher-form/components/attachments/cipher-attachments.component.spec.ts
+++ b/libs/vault/src/cipher-form/components/attachments/cipher-attachments.component.spec.ts
@@ -80,6 +80,7 @@ describe("CipherAttachmentsComponent", () => {
            get: cipherServiceGet,
            saveAttachmentWithServer,
            getKeyForCipherKeyDecryption: () => Promise.resolve(null),
+            decrypt: jest.fn().mockResolvedValue(cipherView),
          },
        },
        {
--- a/libs/vault/src/cipher-form/components/attachments/cipher-attachments.component.ts
+++ b/libs/vault/src/cipher-form/components/attachments/cipher-attachments.component.ts
@@ -137,9 +137,7 @@ export class CipherAttachmentsComponent implements OnInit, AfterViewInit {
    this.organization = await this.getOrganization();
    this.cipherDomain = await this.getCipher(this.cipherId);

-    this.cipher = await this.cipherDomain.decrypt(
-      await this.cipherService.getKeyForCipherKeyDecryption(this.cipherDomain, this.activeUserId),
-    );
+    this.cipher = await this.cipherService.decrypt(this.cipherDomain, this.activeUserId);

    // Update the initial state of the submit button
    if (this.submitBtn) {
@@ -210,9 +208,7 @@ export class CipherAttachmentsComponent implements OnInit, AfterViewInit {
      );

      // re-decrypt the cipher to update the attachments
-      this.cipher = await this.cipherDomain.decrypt(
-        await this.cipherService.getKeyForCipherKeyDecryption(this.cipherDomain, this.activeUserId),
-      );
+      this.cipher = await this.cipherService.decrypt(this.cipherDomain, this.activeUserId);

      // Reset reactive form and input element
      this.fileInput.nativeElement.value = "";
--- a/libs/vault/src/cipher-form/services/default-cipher-form.service.ts
+++ b/libs/vault/src/cipher-form/services/default-cipher-form.service.ts
@@ -3,7 +3,6 @@
 import { inject, Injectable } from "@angular/core";
 import { firstValueFrom } from "rxjs";

-import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
@@ -21,13 +20,10 @@ function isSetEqual(a: Set<string>, b: Set<string>) {
 export class DefaultCipherFormService implements CipherFormService {
  private cipherService: CipherService = inject(CipherService);
  private accountService: AccountService = inject(AccountService);
-  private apiService: ApiService = inject(ApiService);

  async decryptCipher(cipher: Cipher): Promise<CipherView> {
    const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
-    return await cipher.decrypt(
-      await this.cipherService.getKeyForCipherKeyDecryption(cipher, activeUserId),
-    );
+    return await this.cipherService.decrypt(cipher, activeUserId);
  }

  async saveCipher(cipher: CipherView, config: CipherFormConfig): Promise<CipherView> {
@@ -46,9 +42,7 @@ export class DefaultCipherFormService implements CipherFormService {
    // Creating a new cipher
    if (cipher.id == null) {
      savedCipher = await this.cipherService.createWithServer(encryptedCipher, config.admin);
-      return await savedCipher.decrypt(
-        await this.cipherService.getKeyForCipherKeyDecryption(savedCipher, activeUserId),
-      );
+      return await this.cipherService.decrypt(savedCipher, activeUserId);
    }

    if (config.originalCipher == null) {
@@ -100,8 +94,6 @@ export class DefaultCipherFormService implements CipherFormService {
      return null;
    }

-    return await savedCipher.decrypt(
-      await this.cipherService.getKeyForCipherKeyDecryption(savedCipher, activeUserId),
-    );
+    return await this.cipherService.decrypt(savedCipher, activeUserId);
  }
 }