[PM-29208] Remove individual cryptographic-key states & migrate key service (#18164)

* Remove inividual user key states and migrate to account cryptographic state * Fix browser * Fix tests * Clean up migration * Remove key-pair creation from login strategy * Add clearing for the account cryptographic state * Add migration * Cleanup * Fix linting
2026-02-13 06:54:07 +00:00 · 2026-02-09 12:39:55 +01:00
parent c21841a2df
commit f7a5ad712f
43 changed files with 562 additions and 597 deletions
--- a/libs/auth/src/angular/login-decryption-options/login-decryption-options.component.spec.ts
+++ b/libs/auth/src/angular/login-decryption-options/login-decryption-options.component.spec.ts
@@ -278,13 +278,6 @@ describe("LoginDecryptionOptionsComponent", () => {
      const expectedUserKey = new SymmetricCryptoKey(new Uint8Array(mockUserKeyBytes));

      // Verify keys were set
-      expect(keyService.setPrivateKey).toHaveBeenCalledWith(mockPrivateKey, mockUserId);
-      expect(keyService.setSignedPublicKey).toHaveBeenCalledWith(mockSignedPublicKey, mockUserId);
-      expect(keyService.setUserSigningKey).toHaveBeenCalledWith(mockSigningKey, mockUserId);
-      expect(securityStateService.setAccountSecurityState).toHaveBeenCalledWith(
-        mockSecurityState,
-        mockUserId,
-      );
      expect(accountCryptographicStateService.setAccountCryptographicState).toHaveBeenCalledWith(
        expect.objectContaining({
          V2: {
--- a/libs/auth/src/angular/login-decryption-options/login-decryption-options.component.ts
+++ b/libs/auth/src/angular/login-decryption-options/login-decryption-options.component.ts
@@ -34,11 +34,6 @@ import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { AccountCryptographicStateService } from "@bitwarden/common/key-management/account-cryptography/account-cryptographic-state.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/key-management/device-trust/abstractions/device-trust.service.abstraction";
 import { SecurityStateService } from "@bitwarden/common/key-management/security-state/abstractions/security-state.service";
-import {
-  SignedPublicKey,
-  SignedSecurityState,
-  WrappedSigningKey,
-} from "@bitwarden/common/key-management/types";
 import { KeysRequest } from "@bitwarden/common/models/request/keys.request";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
@@ -322,23 +317,6 @@ export class LoginDecryptionOptionsComponent implements OnInit {
          register_result.account_cryptographic_state,
          userId,
        );
-        // Legacy individual states
-        await this.keyService.setPrivateKey(
-          register_result.account_cryptographic_state.V2.private_key,
-          userId,
-        );
-        await this.keyService.setSignedPublicKey(
-          register_result.account_cryptographic_state.V2.signed_public_key as SignedPublicKey,
-          userId,
-        );
-        await this.keyService.setUserSigningKey(
-          register_result.account_cryptographic_state.V2.signing_key as WrappedSigningKey,
-          userId,
-        );
-        await this.securityStateService.setAccountSecurityState(
-          register_result.account_cryptographic_state.V2.security_state as SignedSecurityState,
-          userId,
-        );

        // TDE unlock
        await this.deviceTrustService.setDeviceKey(