[PM-23085] Use SDK to get rotated cipher data (#15670)

* [PM-23085] Add encryptWithKey method to CipherEncryptionService * [PM-23085] Use new encryptWithKey() SDK method in getRotatedData() based on feature flag * [PM-23085] Rename cipher encryption method to encryptCipherForRotation to better reflect intended use case * [PM-23085] Update @bitwarden/sdk-internal package version * [PM-23085] Fix failing test after method rename * [PM-23085] Fix other failing test * [PM-23085] Typo
2025-12-16 08:13:42 +00:00 · 2025-07-28 10:36:34 -07:00
parent edeb0f4597
commit b48d7d4b97
7 changed files with 110 additions and 7 deletions
--- a/libs/common/src/vault/services/default-cipher-encryption.service.ts
+++ b/libs/common/src/vault/services/default-cipher-encryption.service.ts
@@ -1,5 +1,6 @@
 import { EMPTY, catchError, firstValueFrom, map } from "rxjs";

+import { UserKey } from "@bitwarden/common/types/key";
 import { EncryptionContext } from "@bitwarden/common/vault/abstractions/cipher.service";
 import {
  CipherListView,
@@ -84,6 +85,39 @@ export class DefaultCipherEncryptionService implements CipherEncryptionService {
    );
  }

+  async encryptCipherForRotation(
+    model: CipherView,
+    userId: UserId,
+    newKey: UserKey,
+  ): Promise<EncryptionContext | undefined> {
+    return firstValueFrom(
+      this.sdkService.userClient$(userId).pipe(
+        map((sdk) => {
+          if (!sdk) {
+            throw new Error("SDK not available");
+          }
+
+          using ref = sdk.take();
+          const sdkCipherView = this.toSdkCipherView(model, ref.value);
+
+          const encryptionContext = ref.value
+            .vault()
+            .ciphers()
+            .encrypt_cipher_for_rotation(sdkCipherView, newKey.toBase64());
+
+          return {
+            cipher: Cipher.fromSdkCipher(encryptionContext.cipher)!,
+            encryptedFor: asUuid<UserId>(encryptionContext.encryptedFor),
+          };
+        }),
+        catchError((error: unknown) => {
+          this.logService.error(`Failed to rotate cipher data: ${error}`);
+          return EMPTY;
+        }),
+      ),
+    );
+  }
+
  async decrypt(cipher: Cipher, userId: UserId): Promise<CipherView> {
    return firstValueFrom(
      this.sdkService.userClient$(userId).pipe(