[EC-499] Add encryptService to domain model decryption (#3385)

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2025-12-15 07:43:35 +00:00 · 2022-09-02 11:15:19 +10:00
parent 063acfef40
commit cff2422d7f
14 changed files with 231 additions and 106 deletions
--- a/libs/common/src/models/domain/attachment.ts
+++ b/libs/common/src/models/domain/attachment.ts
@@ -1,4 +1,3 @@
-import { CryptoService } from "../../abstractions/crypto.service";
 import { Utils } from "../../misc/utils";
 import { AttachmentData } from "../data/attachmentData";
 import { AttachmentView } from "../view/attachmentView";
@@ -47,26 +46,33 @@ export class Attachment extends Domain {
    );

    if (this.key != null) {
-      let cryptoService: CryptoService;
-      const containerService = Utils.global.bitwardenContainerService;
-      if (containerService) {
-        cryptoService = containerService.getCryptoService();
-      } else {
-        throw new Error("global bitwardenContainerService not initialized.");
-      }
-
-      try {
-        const orgKey = await cryptoService.getOrgKey(orgId);
-        const decValue = await cryptoService.decryptToBytes(this.key, orgKey ?? encKey);
-        view.key = new SymmetricCryptoKey(decValue);
-      } catch (e) {
-        // TODO: error?
-      }
+      view.key = await this.decryptAttachmentKey(orgId, encKey);
    }

    return view;
  }

+  private async decryptAttachmentKey(orgId: string, encKey?: SymmetricCryptoKey) {
+    try {
+      if (encKey == null) {
+        encKey = await this.getKeyForDecryption(orgId);
+      }
+
+      const encryptService = Utils.getContainerService().getEncryptService();
+      const decValue = await encryptService.decryptToBytes(this.key, encKey);
+      return new SymmetricCryptoKey(decValue);
+    } catch (e) {
+      // TODO: error?
+    }
+  }
+
+  private async getKeyForDecryption(orgId: string) {
+    const cryptoService = Utils.getContainerService().getCryptoService();
+    return orgId != null
+      ? await cryptoService.getOrgKey(orgId)
+      : await cryptoService.getKeyForUserEncryption();
+  }
+
  toAttachmentData(): AttachmentData {
    const a = new AttachmentData();
    a.size = this.size;
--- a/libs/common/src/models/domain/encString.ts
+++ b/libs/common/src/models/domain/encString.ts
@@ -2,7 +2,6 @@ import { Jsonify } from "type-fest";

 import { IEncrypted } from "@bitwarden/common/interfaces/IEncrypted";

-import { CryptoService } from "../../abstractions/crypto.service";
 import { EncryptionType } from "../../enums/encryptionType";
 import { Utils } from "../../misc/utils";

@@ -29,30 +28,6 @@ export class EncString implements IEncrypted {
    }
  }

-  async decrypt(orgId: string, key: SymmetricCryptoKey = null): Promise<string> {
-    if (this.decryptedValue != null) {
-      return this.decryptedValue;
-    }
-
-    let cryptoService: CryptoService;
-    const containerService = Utils.global.bitwardenContainerService;
-    if (containerService) {
-      cryptoService = containerService.getCryptoService();
-    } else {
-      throw new Error("global bitwardenContainerService not initialized.");
-    }
-
-    try {
-      if (key == null) {
-        key = await cryptoService.getOrgKey(orgId);
-      }
-      this.decryptedValue = await cryptoService.decryptToUtf8(this, key);
-    } catch (e) {
-      this.decryptedValue = "[error: cannot decrypt]";
-    }
-    return this.decryptedValue;
-  }
-
  get ivBytes(): ArrayBuffer {
    return this.iv == null ? null : Utils.fromB64ToArray(this.iv).buffer;
  }
@@ -160,4 +135,32 @@ export class EncString implements IEncrypted {
      encPieces,
    };
  }
+
+  async decrypt(orgId: string, key: SymmetricCryptoKey = null): Promise<string> {
+    if (this.decryptedValue != null) {
+      return this.decryptedValue;
+    }
+
+    try {
+      if (key == null) {
+        key = await this.getKeyForDecryption(orgId);
+      }
+      if (key == null) {
+        throw new Error("No key to decrypt EncString with orgId " + orgId);
+      }
+
+      const encryptService = Utils.getContainerService().getEncryptService();
+      this.decryptedValue = await encryptService.decryptToUtf8(this, key);
+    } catch (e) {
+      this.decryptedValue = "[error: cannot decrypt]";
+    }
+    return this.decryptedValue;
+  }
+
+  private async getKeyForDecryption(orgId: string) {
+    const cryptoService = Utils.getContainerService().getCryptoService();
+    return orgId != null
+      ? await cryptoService.getOrgKey(orgId)
+      : await cryptoService.getKeyForUserEncryption();
+  }
 }
--- a/libs/common/src/models/domain/send.ts
+++ b/libs/common/src/models/domain/send.ts
@@ -1,4 +1,3 @@
-import { CryptoService } from "../../abstractions/crypto.service";
 import { SendType } from "../../enums/sendType";
 import { Utils } from "../../misc/utils";
 import { SendData } from "../data/sendData";
@@ -71,13 +70,7 @@ export class Send extends Domain {
  async decrypt(): Promise<SendView> {
    const model = new SendView(this);

-    let cryptoService: CryptoService;
-    const containerService = Utils.global.bitwardenContainerService;
-    if (containerService) {
-      cryptoService = containerService.getCryptoService();
-    } else {
-      throw new Error("global bitwardenContainerService not initialized.");
-    }
+    const cryptoService = Utils.getContainerService().getCryptoService();

    try {
      model.key = await cryptoService.decryptToBytes(this.key, null);