[PM-19731] Refactor encrypt service to expose key wrapping (#14080)

* Refactor encrypt service to expose key wrapping * Fix build * Undo ts strict removal * Fix wrong method being used to encrypt key material * Rename parameters and remove todo * Add summary to encrypt * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/abstractions/encrypt.service.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Add tests for unhappy paths * Add test coverage * Add links --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2025-12-15 15:53:27 +00:00 · 2025-04-22 15:56:39 +02:00
parent 2aeca29b20
commit e231286f37
21 changed files with 272 additions and 55 deletions
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts
@@ -36,7 +36,7 @@ export class WebProviderService {
    const orgKey = await this.keyService.getOrgKey(organizationId);
    const providerKey = await this.keyService.getProviderKey(providerId);

-    const encryptedOrgKey = await this.encryptService.encrypt(orgKey.key, providerKey);
+    const encryptedOrgKey = await this.encryptService.wrapSymmetricKey(orgKey, providerKey);

    const request = new ProviderAddOrganizationRequest();
    request.organizationId = organizationId;
@@ -55,7 +55,7 @@ export class WebProviderService {
      ),
    );
    const providerKey = await this.keyService.getProviderKey(providerId);
-    const encryptedOrgKey = await this.encryptService.encrypt(orgKey.key, providerKey);
+    const encryptedOrgKey = await this.encryptService.wrapSymmetricKey(orgKey, providerKey);
    await this.providerApiService.addOrganizationToProvider(providerId, {
      key: encryptedOrgKey.encryptedString,
      organizationId,
@@ -81,8 +81,8 @@ export class WebProviderService {

    const providerKey = await this.keyService.getProviderKey(providerId);

-    const encryptedProviderKey = await this.encryptService.encrypt(
-      organizationKey.key,
+    const encryptedProviderKey = await this.encryptService.wrapSymmetricKey(
+      organizationKey,
      providerKey,
    );