Move admin-console code to new encrypt service interface (#14547)

apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts

@@ -112,7 +112,7 @@ export class OrganizationUserResetPasswordService
     if (orgSymKey == null) {
       throw new Error("No org key found");
     }
-    const decPrivateKey = await this.encryptService.decryptToBytes(
+    const decPrivateKey = await this.encryptService.unwrapDecapsulationKey(
       new EncString(response.encryptedPrivateKey),
       orgSymKey,
     );

bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts

@@ -74,7 +74,7 @@ export class WebProviderService {
 
     const [publicKey, encryptedPrivateKey] = await this.keyService.makeKeyPair(organizationKey);
 
-    const encryptedCollectionName = await this.encryptService.encrypt(
+    const encryptedCollectionName = await this.encryptService.encryptString(
       this.i18nService.t("defaultCollection"),
       organizationKey,
     );

libs/admin-console/src/common/collections/services/default-collection-admin.service.ts

@@ -116,7 +116,7 @@ export class DefaultCollectionAdminService implements CollectionAdminService {
     const promises = collections.map(async (c) => {
       const view = new CollectionAdminView();
       view.id = c.id;
-      view.name = await this.encryptService.decryptToUtf8(new EncString(c.name), orgKey);
+      view.name = await this.encryptService.decryptString(new EncString(c.name), orgKey);
       view.externalId = c.externalId;
       view.organizationId = c.organizationId;
 
@@ -146,7 +146,7 @@ export class DefaultCollectionAdminService implements CollectionAdminService {
     }
     const collection = new CollectionRequest();
     collection.externalId = model.externalId;
-    collection.name = (await this.encryptService.encrypt(model.name, key)).encryptedString;
+    collection.name = (await this.encryptService.encryptString(model.name, key)).encryptedString;
     collection.groups = model.groups.map(
       (group) =>
         new SelectionReadOnlyRequest(group.id, group.readOnly, group.hidePasswords, group.manage),

libs/admin-console/src/common/collections/services/default-collection.service.spec.ts

@@ -120,9 +120,12 @@ const mockStateProvider = () => {
 const mockCryptoService = () => {
   const keyService = mock<KeyService>();
   const encryptService = mock<EncryptService>();
-  encryptService.decryptToUtf8
+  encryptService.decryptString
     .calledWith(expect.any(EncString), expect.anything())
     .mockResolvedValue("DECRYPTED_STRING");
+  encryptService.decryptToUtf8
+    .calledWith(expect.any(EncString), expect.anything(), expect.anything())
+    .mockResolvedValue("DECRYPTED_STRING");
 
   (window as any).bitwardenContainerService = new ContainerService(keyService, encryptService);
 

libs/admin-console/src/common/collections/services/default-collection.service.ts

@@ -113,7 +113,7 @@ export class DefaultCollectionService implements CollectionService {
     collection.organizationId = model.organizationId;
     collection.readOnly = model.readOnly;
     collection.externalId = model.externalId;
-    collection.name = await this.encryptService.encrypt(model.name, key);
+    collection.name = await this.encryptService.encryptString(model.name, key);
     return collection;
   }
 

libs/admin-console/src/common/collections/services/default-vnext-collection.service.spec.ts

@@ -46,6 +46,11 @@ describe("DefaultvNextCollectionService", () => {
     keyService.orgKeys$.mockReturnValue(cryptoKeys);
 
     // Set up mock decryption
+    encryptService.decryptString
+      .calledWith(expect.any(EncString), expect.any(SymmetricCryptoKey))
+      .mockImplementation((encString, key) =>
+        Promise.resolve(encString.data.replace("ENC_", "DEC_")),
+      );
     encryptService.decryptToUtf8
       .calledWith(expect.any(EncString), expect.any(SymmetricCryptoKey), expect.any(String))
       .mockImplementation((encString, key) =>
@@ -103,6 +108,7 @@ describe("DefaultvNextCollectionService", () => {
       ]);
 
       // Assert that the correct org keys were used for each encrypted string
+      // This should be replaced with decryptString when the platform PR (https://github.com/bitwarden/clients/pull/14544) is merged
       expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(
         expect.objectContaining(new EncString(collection1.name)),
         orgKey1,

libs/admin-console/src/common/collections/services/default-vnext-collection.service.ts

@@ -113,7 +113,7 @@ export class DefaultvNextCollectionService implements vNextCollectionService {
     collection.organizationId = model.organizationId;
     collection.readOnly = model.readOnly;
     collection.externalId = model.externalId;
-    collection.name = await this.encryptService.encrypt(model.name, key);
+    collection.name = await this.encryptService.encryptString(model.name, key);
     return collection;
   }
 

libs/common/src/admin-console/models/domain/encrypted-organization-key.ts

@@ -56,14 +56,14 @@ export class ProviderEncryptedOrganizationKey implements BaseEncryptedOrganizati
   ) {}
 
   async decrypt(encryptService: EncryptService, providerKeys: Record<string, SymmetricCryptoKey>) {
-    const decValue = await encryptService.decryptToBytes(
+    const decValue = await encryptService.unwrapSymmetricKey(
       new EncString(this.key),
       providerKeys[this.providerId],
     );
     if (decValue == null) {
       throw new Error("Failed to decrypt organization key");
     }
-    return new SymmetricCryptoKey(decValue) as OrgKey;
+    return decValue as OrgKey;
   }
 
   get encryptedOrganizationKey() {