[PM-23085] Use SDK to get rotated cipher data (#15670)

* [PM-23085] Add encryptWithKey method to CipherEncryptionService * [PM-23085] Use new encryptWithKey() SDK method in getRotatedData() based on feature flag * [PM-23085] Rename cipher encryption method to encryptCipherForRotation to better reflect intended use case * [PM-23085] Update @bitwarden/sdk-internal package version * [PM-23085] Fix failing test after method rename * [PM-23085] Fix other failing test * [PM-23085] Typo
2025-12-14 15:23:33 +00:00 · 2025-07-28 10:36:34 -07:00
parent edeb0f4597
commit b48d7d4b97
7 changed files with 110 additions and 7 deletions
--- a/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts
+++ b/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts
@@ -1,6 +1,9 @@
 import { mock } from "jest-mock-extended";
 import { of } from "rxjs";

+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { UserKey } from "@bitwarden/common/types/key";
 import { Fido2Credential } from "@bitwarden/common/vault/models/domain/fido2-credential";
 import {
  Fido2Credential as SdkFido2Credential,
@@ -91,6 +94,7 @@ describe("DefaultCipherEncryptionService", () => {
    vault: jest.fn().mockReturnValue({
      ciphers: jest.fn().mockReturnValue({
        encrypt: jest.fn(),
+        encrypt_cipher_for_rotation: jest.fn(),
        set_fido2_credentials: jest.fn(),
        decrypt: jest.fn(),
        decrypt_list: jest.fn(),
@@ -247,6 +251,31 @@ describe("DefaultCipherEncryptionService", () => {
    });
  });

+  describe("encryptCipherForRotation", () => {
+    it("should call the sdk method to encrypt the cipher with a new key for rotation", async () => {
+      mockSdkClient.vault().ciphers().encrypt_cipher_for_rotation.mockReturnValue({
+        cipher: sdkCipher,
+        encryptedFor: userId,
+      });
+
+      const newUserKey: UserKey = new SymmetricCryptoKey(
+        Utils.fromUtf8ToArray("00000000000000000000000000000000"),
+      ) as UserKey;
+
+      const result = await cipherEncryptionService.encryptCipherForRotation(
+        cipherViewObj,
+        userId,
+        newUserKey,
+      );
+
+      expect(result).toBeDefined();
+      expect(mockSdkClient.vault().ciphers().encrypt_cipher_for_rotation).toHaveBeenCalledWith(
+        expect.objectContaining({ id: cipherId }),
+        newUserKey.toBase64(),
+      );
+    });
+  });
+
  describe("moveToOrganization", () => {
    it("should call the sdk method to move a cipher to an organization", async () => {
      const expectedCipher: Cipher = {