[EC-499] Add encryptService to domain model decryption (#3385)

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2025-12-22 03:03:43 +00:00 · 2022-09-02 11:15:19 +10:00
parent 063acfef40
commit cff2422d7f
14 changed files with 231 additions and 106 deletions
--- a/libs/common/src/misc/utils.ts
+++ b/libs/common/src/misc/utils.ts
@@ -3,6 +3,7 @@ import * as tldjs from "tldjs";

 import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";

+import { AbstractEncryptService } from "../abstractions/abstractEncrypt.service";
 import { I18nService } from "../abstractions/i18n.service";

 const nodeURL = typeof window === "undefined" ? require("url") : null;
@@ -14,6 +15,7 @@ declare global {

 interface BitwardenContainerService {
  getCryptoService: () => CryptoService;
+  getEncryptService: () => AbstractEncryptService;
 }

 export class Utils {
@@ -368,6 +370,16 @@ export class Utils {
    return s.charAt(0).toUpperCase() + s.slice(1);
  }

+  /**
+   * @throws Will throw an error if the ContainerService has not been attached to the window object
+   */
+  static getContainerService(): BitwardenContainerService {
+    if (this.global.bitwardenContainerService == null) {
+      throw new Error("global bitwardenContainerService not initialized.");
+    }
+    return this.global.bitwardenContainerService;
+  }
+
  private static validIpAddress(ipString: string): boolean {
    const ipRegex =
      /^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
--- a/libs/common/src/models/domain/attachment.ts
+++ b/libs/common/src/models/domain/attachment.ts
@@ -1,4 +1,3 @@
-import { CryptoService } from "../../abstractions/crypto.service";
 import { Utils } from "../../misc/utils";
 import { AttachmentData } from "../data/attachmentData";
 import { AttachmentView } from "../view/attachmentView";
@@ -47,26 +46,33 @@ export class Attachment extends Domain {
    );

    if (this.key != null) {
-      let cryptoService: CryptoService;
-      const containerService = Utils.global.bitwardenContainerService;
-      if (containerService) {
-        cryptoService = containerService.getCryptoService();
-      } else {
-        throw new Error("global bitwardenContainerService not initialized.");
-      }
-
-      try {
-        const orgKey = await cryptoService.getOrgKey(orgId);
-        const decValue = await cryptoService.decryptToBytes(this.key, orgKey ?? encKey);
-        view.key = new SymmetricCryptoKey(decValue);
-      } catch (e) {
-        // TODO: error?
-      }
+      view.key = await this.decryptAttachmentKey(orgId, encKey);
    }

    return view;
  }

+  private async decryptAttachmentKey(orgId: string, encKey?: SymmetricCryptoKey) {
+    try {
+      if (encKey == null) {
+        encKey = await this.getKeyForDecryption(orgId);
+      }
+
+      const encryptService = Utils.getContainerService().getEncryptService();
+      const decValue = await encryptService.decryptToBytes(this.key, encKey);
+      return new SymmetricCryptoKey(decValue);
+    } catch (e) {
+      // TODO: error?
+    }
+  }
+
+  private async getKeyForDecryption(orgId: string) {
+    const cryptoService = Utils.getContainerService().getCryptoService();
+    return orgId != null
+      ? await cryptoService.getOrgKey(orgId)
+      : await cryptoService.getKeyForUserEncryption();
+  }
+
  toAttachmentData(): AttachmentData {
    const a = new AttachmentData();
    a.size = this.size;
--- a/libs/common/src/models/domain/encString.ts
+++ b/libs/common/src/models/domain/encString.ts
@@ -2,7 +2,6 @@ import { Jsonify } from "type-fest";

 import { IEncrypted } from "@bitwarden/common/interfaces/IEncrypted";

-import { CryptoService } from "../../abstractions/crypto.service";
 import { EncryptionType } from "../../enums/encryptionType";
 import { Utils } from "../../misc/utils";

@@ -29,30 +28,6 @@ export class EncString implements IEncrypted {
    }
  }

-  async decrypt(orgId: string, key: SymmetricCryptoKey = null): Promise<string> {
-    if (this.decryptedValue != null) {
-      return this.decryptedValue;
-    }
-
-    let cryptoService: CryptoService;
-    const containerService = Utils.global.bitwardenContainerService;
-    if (containerService) {
-      cryptoService = containerService.getCryptoService();
-    } else {
-      throw new Error("global bitwardenContainerService not initialized.");
-    }
-
-    try {
-      if (key == null) {
-        key = await cryptoService.getOrgKey(orgId);
-      }
-      this.decryptedValue = await cryptoService.decryptToUtf8(this, key);
-    } catch (e) {
-      this.decryptedValue = "[error: cannot decrypt]";
-    }
-    return this.decryptedValue;
-  }
-
  get ivBytes(): ArrayBuffer {
    return this.iv == null ? null : Utils.fromB64ToArray(this.iv).buffer;
  }
@@ -160,4 +135,32 @@ export class EncString implements IEncrypted {
      encPieces,
    };
  }
+
+  async decrypt(orgId: string, key: SymmetricCryptoKey = null): Promise<string> {
+    if (this.decryptedValue != null) {
+      return this.decryptedValue;
+    }
+
+    try {
+      if (key == null) {
+        key = await this.getKeyForDecryption(orgId);
+      }
+      if (key == null) {
+        throw new Error("No key to decrypt EncString with orgId " + orgId);
+      }
+
+      const encryptService = Utils.getContainerService().getEncryptService();
+      this.decryptedValue = await encryptService.decryptToUtf8(this, key);
+    } catch (e) {
+      this.decryptedValue = "[error: cannot decrypt]";
+    }
+    return this.decryptedValue;
+  }
+
+  private async getKeyForDecryption(orgId: string) {
+    const cryptoService = Utils.getContainerService().getCryptoService();
+    return orgId != null
+      ? await cryptoService.getOrgKey(orgId)
+      : await cryptoService.getKeyForUserEncryption();
+  }
 }
--- a/libs/common/src/models/domain/send.ts
+++ b/libs/common/src/models/domain/send.ts
@@ -1,4 +1,3 @@
-import { CryptoService } from "../../abstractions/crypto.service";
 import { SendType } from "../../enums/sendType";
 import { Utils } from "../../misc/utils";
 import { SendData } from "../data/sendData";
@@ -71,13 +70,7 @@ export class Send extends Domain {
  async decrypt(): Promise<SendView> {
    const model = new SendView(this);

-    let cryptoService: CryptoService;
-    const containerService = Utils.global.bitwardenContainerService;
-    if (containerService) {
-      cryptoService = containerService.getCryptoService();
-    } else {
-      throw new Error("global bitwardenContainerService not initialized.");
-    }
+    const cryptoService = Utils.getContainerService().getCryptoService();

    try {
      model.key = await cryptoService.decryptToBytes(this.key, null);
--- a/libs/common/src/services/container.service.ts
+++ b/libs/common/src/services/container.service.ts
@@ -1,7 +1,11 @@
+import { AbstractEncryptService } from "../abstractions/abstractEncrypt.service";
 import { CryptoService } from "../abstractions/crypto.service";

 export class ContainerService {
-  constructor(private cryptoService: CryptoService) {}
+  constructor(
+    private cryptoService: CryptoService,
+    private encryptService: AbstractEncryptService
+  ) {}

  attachToGlobal(global: any) {
    if (!global.bitwardenContainerService) {
@@ -9,7 +13,23 @@ export class ContainerService {
    }
  }

+  /**
+   * @throws Will throw if CryptoService was not instantiated and provided to the ContainerService constructor
+   */
  getCryptoService(): CryptoService {
+    if (this.cryptoService == null) {
+      throw new Error("ContainerService.cryptoService not initialized.");
+    }
    return this.cryptoService;
  }
+
+  /**
+   * @throws Will throw if EncryptService was not instantiated and provided to the ContainerService constructor
+   */
+  getEncryptService(): AbstractEncryptService {
+    if (this.encryptService == null) {
+      throw new Error("ContainerService.encryptService not initialized.");
+    }
+    return this.encryptService;
+  }
 }