[PM-19603] Change asymmetric interface to only allow key encapsulation (#14046)

* Change asymmetric interface to only allow key encapsulation * Fix naming * Clean up naming * Update libs/common/src/key-management/crypto/abstractions/encrypt.service.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/abstractions/encrypt.service.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Fix test --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2025-12-16 08:13:42 +00:00 · 2025-04-15 16:39:02 +02:00
parent 9f174e7723
commit b09305577f
30 changed files with 229 additions and 143 deletions
--- a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts
+++ b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts
@@ -100,7 +100,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => {
      activeAccountSubject.next(Object.assign(user1AccountInfo, { id: "userId" as UserId }));

      keyService.getUserKey.mockResolvedValue({ key: "key" } as any);
-      encryptService.rsaEncrypt.mockResolvedValue(encryptedKey as any);
+      encryptService.encapsulateKeyUnsigned.mockResolvedValue(encryptedKey as any);

      await service.enroll("orgId");

@@ -122,7 +122,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => {
      };
      const encryptedKey = { encryptedString: "encryptedString" };
      organizationApiService.getKeys.mockResolvedValue(orgKeyResponse as any);
-      encryptService.rsaEncrypt.mockResolvedValue(encryptedKey as any);
+      encryptService.encapsulateKeyUnsigned.mockResolvedValue(encryptedKey as any);

      await service.enroll("orgId", "userId", { key: "key" } as any);

--- a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.ts
+++ b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.ts
@@ -51,7 +51,7 @@ export class PasswordResetEnrollmentServiceImplementation
      userId ?? (await firstValueFrom(this.accountService.activeAccount$.pipe(map((a) => a?.id))));
    userKey = userKey ?? (await this.keyService.getUserKey(userId));
    // RSA Encrypt user's userKey.key with organization public key
-    const encryptedKey = await this.encryptService.rsaEncrypt(userKey.key, orgPublicKey);
+    const encryptedKey = await this.encryptService.encapsulateKeyUnsigned(userKey, orgPublicKey);

    const resetRequest = new OrganizationUserResetPasswordEnrollmentRequest();
    resetRequest.resetPasswordKey = encryptedKey.encryptedString;