From b2c118d607c7be1298b39cd6c3ea3012411e5a78 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Tue, 13 May 2025 15:41:57 +0200
Subject: [PATCH] Move admin-console code to new encrypt service interface
 (#14547)

---
 .../organization-user-reset-password.service.ts             | 2 +-
 .../providers/services/web-provider.service.ts              | 2 +-
 .../services/default-collection-admin.service.ts            | 4 ++--
 .../collections/services/default-collection.service.spec.ts | 5 ++++-
 .../collections/services/default-collection.service.ts      | 2 +-
 .../services/default-vnext-collection.service.spec.ts       | 6 ++++++
 .../services/default-vnext-collection.service.ts            | 2 +-
 .../models/domain/encrypted-organization-key.ts             | 4 ++--
 8 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts b/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts
index 78d2d8fd165..ecf4d26eb52 100644
--- a/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts
+++ b/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts
@@ -112,7 +112,7 @@ export class OrganizationUserResetPasswordService
     if (orgSymKey == null) {
       throw new Error("No org key found");
     }
-    const decPrivateKey = await this.encryptService.decryptToBytes(
+    const decPrivateKey = await this.encryptService.unwrapDecapsulationKey(
       new EncString(response.encryptedPrivateKey),
       orgSymKey,
     );
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts
index 844c6b779a9..418b7020ff9 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts
@@ -74,7 +74,7 @@ export class WebProviderService {
 
     const [publicKey, encryptedPrivateKey] = await this.keyService.makeKeyPair(organizationKey);
 
-    const encryptedCollectionName = await this.encryptService.encrypt(
+    const encryptedCollectionName = await this.encryptService.encryptString(
       this.i18nService.t("defaultCollection"),
       organizationKey,
     );
diff --git a/libs/admin-console/src/common/collections/services/default-collection-admin.service.ts b/libs/admin-console/src/common/collections/services/default-collection-admin.service.ts
index 890353d9039..293090ce315 100644
--- a/libs/admin-console/src/common/collections/services/default-collection-admin.service.ts
+++ b/libs/admin-console/src/common/collections/services/default-collection-admin.service.ts
@@ -116,7 +116,7 @@ export class DefaultCollectionAdminService implements CollectionAdminService {
     const promises = collections.map(async (c) => {
       const view = new CollectionAdminView();
       view.id = c.id;
-      view.name = await this.encryptService.decryptToUtf8(new EncString(c.name), orgKey);
+      view.name = await this.encryptService.decryptString(new EncString(c.name), orgKey);
       view.externalId = c.externalId;
       view.organizationId = c.organizationId;
 
@@ -146,7 +146,7 @@ export class DefaultCollectionAdminService implements CollectionAdminService {
     }
     const collection = new CollectionRequest();
     collection.externalId = model.externalId;
-    collection.name = (await this.encryptService.encrypt(model.name, key)).encryptedString;
+    collection.name = (await this.encryptService.encryptString(model.name, key)).encryptedString;
     collection.groups = model.groups.map(
       (group) =>
         new SelectionReadOnlyRequest(group.id, group.readOnly, group.hidePasswords, group.manage),
diff --git a/libs/admin-console/src/common/collections/services/default-collection.service.spec.ts b/libs/admin-console/src/common/collections/services/default-collection.service.spec.ts
index 7fe81ade4d2..c5f57f38dd3 100644
--- a/libs/admin-console/src/common/collections/services/default-collection.service.spec.ts
+++ b/libs/admin-console/src/common/collections/services/default-collection.service.spec.ts
@@ -120,9 +120,12 @@ const mockStateProvider = () => {
 const mockCryptoService = () => {
   const keyService = mock<KeyService>();
   const encryptService = mock<EncryptService>();
-  encryptService.decryptToUtf8
+  encryptService.decryptString
     .calledWith(expect.any(EncString), expect.anything())
     .mockResolvedValue("DECRYPTED_STRING");
+  encryptService.decryptToUtf8
+    .calledWith(expect.any(EncString), expect.anything(), expect.anything())
+    .mockResolvedValue("DECRYPTED_STRING");
 
   (window as any).bitwardenContainerService = new ContainerService(keyService, encryptService);
 
diff --git a/libs/admin-console/src/common/collections/services/default-collection.service.ts b/libs/admin-console/src/common/collections/services/default-collection.service.ts
index 1ae58d3eef3..a1dd0419e2c 100644
--- a/libs/admin-console/src/common/collections/services/default-collection.service.ts
+++ b/libs/admin-console/src/common/collections/services/default-collection.service.ts
@@ -113,7 +113,7 @@ export class DefaultCollectionService implements CollectionService {
     collection.organizationId = model.organizationId;
     collection.readOnly = model.readOnly;
     collection.externalId = model.externalId;
-    collection.name = await this.encryptService.encrypt(model.name, key);
+    collection.name = await this.encryptService.encryptString(model.name, key);
     return collection;
   }
 
diff --git a/libs/admin-console/src/common/collections/services/default-vnext-collection.service.spec.ts b/libs/admin-console/src/common/collections/services/default-vnext-collection.service.spec.ts
index 9700fcb695a..d4bc026b5bd 100644
--- a/libs/admin-console/src/common/collections/services/default-vnext-collection.service.spec.ts
+++ b/libs/admin-console/src/common/collections/services/default-vnext-collection.service.spec.ts
@@ -46,6 +46,11 @@ describe("DefaultvNextCollectionService", () => {
     keyService.orgKeys$.mockReturnValue(cryptoKeys);
 
     // Set up mock decryption
+    encryptService.decryptString
+      .calledWith(expect.any(EncString), expect.any(SymmetricCryptoKey))
+      .mockImplementation((encString, key) =>
+        Promise.resolve(encString.data.replace("ENC_", "DEC_")),
+      );
     encryptService.decryptToUtf8
       .calledWith(expect.any(EncString), expect.any(SymmetricCryptoKey), expect.any(String))
       .mockImplementation((encString, key) =>
@@ -103,6 +108,7 @@ describe("DefaultvNextCollectionService", () => {
       ]);
 
       // Assert that the correct org keys were used for each encrypted string
+      // This should be replaced with decryptString when the platform PR (https://github.com/bitwarden/clients/pull/14544) is merged
       expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(
         expect.objectContaining(new EncString(collection1.name)),
         orgKey1,
diff --git a/libs/admin-console/src/common/collections/services/default-vnext-collection.service.ts b/libs/admin-console/src/common/collections/services/default-vnext-collection.service.ts
index 0ef8ae99ab3..4dcda795afe 100644
--- a/libs/admin-console/src/common/collections/services/default-vnext-collection.service.ts
+++ b/libs/admin-console/src/common/collections/services/default-vnext-collection.service.ts
@@ -113,7 +113,7 @@ export class DefaultvNextCollectionService implements vNextCollectionService {
     collection.organizationId = model.organizationId;
     collection.readOnly = model.readOnly;
     collection.externalId = model.externalId;
-    collection.name = await this.encryptService.encrypt(model.name, key);
+    collection.name = await this.encryptService.encryptString(model.name, key);
     return collection;
   }
 
diff --git a/libs/common/src/admin-console/models/domain/encrypted-organization-key.ts b/libs/common/src/admin-console/models/domain/encrypted-organization-key.ts
index 984d80ba519..297bcf08d8c 100644
--- a/libs/common/src/admin-console/models/domain/encrypted-organization-key.ts
+++ b/libs/common/src/admin-console/models/domain/encrypted-organization-key.ts
@@ -56,14 +56,14 @@ export class ProviderEncryptedOrganizationKey implements BaseEncryptedOrganizati
   ) {}
 
   async decrypt(encryptService: EncryptService, providerKeys: Record<string, SymmetricCryptoKey>) {
-    const decValue = await encryptService.decryptToBytes(
+    const decValue = await encryptService.unwrapSymmetricKey(
       new EncString(this.key),
       providerKeys[this.providerId],
     );
     if (decValue == null) {
       throw new Error("Failed to decrypt organization key");
     }
-    return new SymmetricCryptoKey(decValue) as OrgKey;
+    return decValue as OrgKey;
   }
 
   get encryptedOrganizationKey() {