[PM-24107] Migrate KM's usage of getUserKey from the key service (#17117)

* Remove internal use of getUserKey in the key service * Move ownership of RotateableKeySet and remove usage of getUserKey * Add input validation to createKeySet
2025-12-15 15:53:27 +00:00 · 2025-11-13 10:07:13 -06:00
parent 42a79e65cf
commit cfe2458935
23 changed files with 488 additions and 237 deletions
--- a/libs/key-management/src/key.service.ts
+++ b/libs/key-management/src/key.service.ts
@@ -166,6 +166,9 @@ export class DefaultKeyService implements KeyServiceAbstraction {
    return this.stateProvider.getUserState$(USER_KEY, userId);
  }

+  /**
+   * @deprecated Use {@link userKey$} with a required {@link UserId} instead.
+   */
  async getUserKey(userId?: UserId): Promise<UserKey> {
    const userKey = await firstValueFrom(this.stateProvider.getUserState$(USER_KEY, userId));
    return userKey;
@@ -298,9 +301,15 @@ export class DefaultKeyService implements KeyServiceAbstraction {
   */
  async encryptUserKeyWithMasterKey(
    masterKey: MasterKey,
-    userKey?: UserKey,
+    userKey: UserKey,
  ): Promise<[UserKey, EncString]> {
-    userKey ||= await this.getUserKey();
+    if (masterKey == null) {
+      throw new Error("masterKey is required.");
+    }
+    if (userKey == null) {
+      throw new Error("userKey is required.");
+    }
+
    return await this.buildProtectedSymmetricKey(masterKey, userKey);
  }

@@ -630,7 +639,7 @@ export class DefaultKeyService implements KeyServiceAbstraction {
    }

    // Verify user key doesn't exist
-    const existingUserKey = await this.getUserKey(userId);
+    const existingUserKey = await firstValueFrom(this.userKey$(userId));

    if (existingUserKey != null) {
      this.logService.error("Tried to initialize account with existing user key.");