[Pm-13097] Rename cryptoservice to keyservice and move it to km ownership (#11358)

* Rename cryptoservice to keyservice * Rename cryptoservice to keyservice * Move key service to key management ownership * Remove accidentally added file * Fix cli build * Fix browser build * Run prettier * Fix builds * Fix cli build * Fix tests * Fix incorrect renames * Rename webauthn-login-crypto-service * Fix build errors due to merge conflicts * Fix linting
2025-12-20 10:13:31 +00:00 · 2024-10-24 19:41:30 +02:00
parent 554171b688
commit b486fcc689
229 changed files with 1385 additions and 1446 deletions
--- a/libs/angular/src/auth/guards/lock.guard.spec.ts
+++ b/libs/angular/src/auth/guards/lock.guard.spec.ts
@@ -12,10 +12,10 @@ import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractio
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { ClientType } from "@bitwarden/common/enums";
-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { UserId } from "@bitwarden/common/types/guid";
+import { KeyService } from "@bitwarden/key-management";

 import { lockGuard } from "./lock.guard";

@@ -38,9 +38,9 @@ describe("lockGuard", () => {
      mock<VaultTimeoutSettingsService>();
    vaultTimeoutSettingsService.canLock.mockResolvedValue(setupParams.canLock);

-    const cryptoService: MockProxy<CryptoService> = mock<CryptoService>();
-    cryptoService.isLegacyUser.mockResolvedValue(setupParams.isLegacyUser);
-    cryptoService.everHadUserKey$ = of(setupParams.everHadUserKey);
+    const keyService: MockProxy<KeyService> = mock<KeyService>();
+    keyService.isLegacyUser.mockResolvedValue(setupParams.isLegacyUser);
+    keyService.everHadUserKey$ = of(setupParams.everHadUserKey);

    const platformUtilService: MockProxy<PlatformUtilsService> = mock<PlatformUtilsService>();
    platformUtilService.getClientType.mockReturnValue(setupParams.clientType);
@@ -83,7 +83,7 @@ describe("lockGuard", () => {
        { provide: MessagingService, useValue: messagingService },
        { provide: AccountService, useValue: accountService },
        { provide: VaultTimeoutSettingsService, useValue: vaultTimeoutSettingsService },
-        { provide: CryptoService, useValue: cryptoService },
+        { provide: KeyService, useValue: keyService },
        { provide: PlatformUtilsService, useValue: platformUtilService },
        { provide: DeviceTrustServiceAbstraction, useValue: deviceTrustService },
        { provide: UserVerificationService, useValue: userVerificationService },
--- a/libs/angular/src/auth/guards/lock.guard.ts
+++ b/libs/angular/src/auth/guards/lock.guard.ts
@@ -14,9 +14,9 @@ import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractio
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { ClientType } from "@bitwarden/common/enums";
-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { KeyService } from "@bitwarden/key-management";

 /**
 * Only allow access to this route if the vault is locked.
@@ -31,7 +31,7 @@ export function lockGuard(): CanActivateFn {
    routerStateSnapshot: RouterStateSnapshot,
  ) => {
    const authService = inject(AuthService);
-    const cryptoService = inject(CryptoService);
+    const keyService = inject(KeyService);
    const deviceTrustService = inject(DeviceTrustServiceAbstraction);
    const platformUtilService = inject(PlatformUtilsService);
    const messagingService = inject(MessagingService);
@@ -54,7 +54,7 @@ export function lockGuard(): CanActivateFn {
    }

    // If legacy user on web, redirect to migration page
-    if (await cryptoService.isLegacyUser()) {
+    if (await keyService.isLegacyUser()) {
      if (platformUtilService.getClientType() === ClientType.Web) {
        return router.createUrlTree(["migrate-legacy-encryption"]);
      }
@@ -78,7 +78,7 @@ export function lockGuard(): CanActivateFn {
    }

    // If authN user with TDE directly navigates to lock, reject that navigation
-    const everHadUserKey = await firstValueFrom(cryptoService.everHadUserKey$);
+    const everHadUserKey = await firstValueFrom(keyService.everHadUserKey$);
    if (tdeEnabled && !everHadUserKey) {
      return false;
    }
--- a/libs/angular/src/auth/guards/redirect.guard.ts
+++ b/libs/angular/src/auth/guards/redirect.guard.ts
@@ -5,8 +5,8 @@ import { firstValueFrom } from "rxjs";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+import { KeyService } from "@bitwarden/key-management";

 export interface RedirectRoutes {
  loggedIn: string;
@@ -31,7 +31,7 @@ export function redirectGuard(overrides: Partial<RedirectRoutes> = {}): CanActiv
  const routes = { ...defaultRoutes, ...overrides };
  return async (route) => {
    const authService = inject(AuthService);
-    const cryptoService = inject(CryptoService);
+    const keyService = inject(KeyService);
    const deviceTrustService = inject(DeviceTrustServiceAbstraction);
    const logService = inject(LogService);
    const router = inject(Router);
@@ -49,7 +49,7 @@ export function redirectGuard(overrides: Partial<RedirectRoutes> = {}): CanActiv
    // If locked, TDE is enabled, and the user hasn't decrypted yet, then redirect to the
    // login decryption options component.
    const tdeEnabled = await firstValueFrom(deviceTrustService.supportsDeviceTrust$);
-    const everHadUserKey = await firstValueFrom(cryptoService.everHadUserKey$);
+    const everHadUserKey = await firstValueFrom(keyService.everHadUserKey$);
    if (authStatus === AuthenticationStatus.Locked && tdeEnabled && !everHadUserKey) {
      logService.info(
        "Sending user to TDE decryption options. AuthStatus is %s. TDE support is %s. Ever had user key is %s.",
--- a/libs/angular/src/auth/guards/tde-decryption-required.guard.ts
+++ b/libs/angular/src/auth/guards/tde-decryption-required.guard.ts
@@ -10,8 +10,8 @@ import { firstValueFrom } from "rxjs";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+import { KeyService } from "@bitwarden/key-management";

 /**
 * Only allow access to this route if the vault is locked and has never been decrypted.
@@ -22,14 +22,14 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 export function tdeDecryptionRequiredGuard(): CanActivateFn {
  return async (_: ActivatedRouteSnapshot, state: RouterStateSnapshot) => {
    const authService = inject(AuthService);
-    const cryptoService = inject(CryptoService);
+    const keyService = inject(KeyService);
    const deviceTrustService = inject(DeviceTrustServiceAbstraction);
    const logService = inject(LogService);
    const router = inject(Router);

    const authStatus = await authService.getAuthStatus();
    const tdeEnabled = await firstValueFrom(deviceTrustService.supportsDeviceTrust$);
-    const everHadUserKey = await firstValueFrom(cryptoService.everHadUserKey$);
+    const everHadUserKey = await firstValueFrom(keyService.everHadUserKey$);

    // We need to determine if we should bypass the decryption options and send the user to the vault.
    // The ONLY time that we want to send a user to the decryption options is when: