refactor: key rotation (#2383)
This commit is contained in:
Mo
@@ -20,7 +20,6 @@ import {
|
||||
KeySystemRootKeyParamsInterface,
|
||||
PortablePublicKeySet,
|
||||
} from '@standardnotes/models'
|
||||
import { PkcKeyPair } from '@standardnotes/sncrypto-common'
|
||||
|
||||
export interface EncryptionProviderInterface {
|
||||
initialize(): Promise<void>
|
||||
@@ -72,7 +71,6 @@ export interface EncryptionProviderInterface {
|
||||
}
|
||||
>
|
||||
|
||||
decryptErroredPayloads(): Promise<void>
|
||||
deleteWorkspaceSpecificKeyStateFromDevice(): Promise<void>
|
||||
|
||||
unwrapRootKey(wrappingKey: RootKeyInterface): Promise<void>
|
||||
@@ -110,9 +108,6 @@ export interface EncryptionProviderInterface {
|
||||
rootKeyToken: string,
|
||||
): KeySystemItemsKeyInterface
|
||||
|
||||
getKeyPair(): PkcKeyPair
|
||||
getSigningKeyPair(): PkcKeyPair
|
||||
|
||||
asymmetricSignatureVerifyDetached(
|
||||
encryptedString: AsymmetricallyEncryptedString,
|
||||
): AsymmetricSignatureVerificationDetachedResult
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
import { GetKeyPairs } from './UseCase/GetKeyPairs'
|
||||
import { FindDefaultItemsKey } from './UseCase/ItemsKey/FindDefaultItemsKey'
|
||||
import { InternalEventInterface } from './../Internal/InternalEventInterface'
|
||||
import { InternalEventHandlerInterface } from './../Internal/InternalEventHandlerInterface'
|
||||
@@ -43,7 +44,7 @@ import {
|
||||
PortablePublicKeySet,
|
||||
RootKeyParamsInterface,
|
||||
} from '@standardnotes/models'
|
||||
import { PkcKeyPair, PureCryptoInterface } from '@standardnotes/sncrypto-common'
|
||||
import { PureCryptoInterface } from '@standardnotes/sncrypto-common'
|
||||
import {
|
||||
extendArray,
|
||||
isNotUndefined,
|
||||
@@ -73,7 +74,6 @@ import { DecryptedParameters } from '@standardnotes/encryption/src/Domain/Types/
|
||||
import { RootKeyManager } from '../RootKeyManager/RootKeyManager'
|
||||
import { RootKeyManagerEvent } from '../RootKeyManager/RootKeyManagerEvent'
|
||||
import { CreateNewItemsKeyWithRollback } from './UseCase/ItemsKey/CreateNewItemsKeyWithRollback'
|
||||
import { DecryptErroredTypeAPayloads } from './UseCase/TypeA/DecryptErroredPayloads'
|
||||
import { CreateNewDefaultItemsKey } from './UseCase/ItemsKey/CreateNewDefaultItemsKey'
|
||||
import { DecryptTypeAPayload } from './UseCase/TypeA/DecryptPayload'
|
||||
import { DecryptTypeAPayloadWithKeyLookup } from './UseCase/TypeA/DecryptPayloadWithKeyLookup'
|
||||
@@ -126,12 +126,12 @@ export class EncryptionService
|
||||
private crypto: PureCryptoInterface,
|
||||
private _createNewItemsKeyWithRollback: CreateNewItemsKeyWithRollback,
|
||||
private _findDefaultItemsKey: FindDefaultItemsKey,
|
||||
private _decryptErroredRootPayloads: DecryptErroredTypeAPayloads,
|
||||
private _rootKeyEncryptPayloadWithKeyLookup: EncryptTypeAPayloadWithKeyLookup,
|
||||
private _rootKeyEncryptPayload: EncryptTypeAPayload,
|
||||
private _rootKeyDecryptPayload: DecryptTypeAPayload,
|
||||
private _rootKeyDecryptPayloadWithKeyLookup: DecryptTypeAPayloadWithKeyLookup,
|
||||
private _createDefaultItemsKey: CreateNewDefaultItemsKey,
|
||||
private _getKeyPairs: GetKeyPairs,
|
||||
protected override internalEventBus: InternalEventBusInterface,
|
||||
) {
|
||||
super(internalEventBus)
|
||||
@@ -157,7 +157,6 @@ export class EncryptionService
|
||||
;(this.crypto as unknown) = undefined
|
||||
;(this._createNewItemsKeyWithRollback as unknown) = undefined
|
||||
;(this._findDefaultItemsKey as unknown) = undefined
|
||||
;(this._decryptErroredRootPayloads as unknown) = undefined
|
||||
;(this._rootKeyEncryptPayloadWithKeyLookup as unknown) = undefined
|
||||
;(this._rootKeyEncryptPayload as unknown) = undefined
|
||||
;(this._rootKeyDecryptPayload as unknown) = undefined
|
||||
@@ -167,28 +166,6 @@ export class EncryptionService
|
||||
super.deinit()
|
||||
}
|
||||
|
||||
/** @throws */
|
||||
getKeyPair(): PkcKeyPair {
|
||||
const rootKey = this.getRootKey()
|
||||
|
||||
if (!rootKey?.encryptionKeyPair) {
|
||||
throw new Error('Account keypair not found')
|
||||
}
|
||||
|
||||
return rootKey.encryptionKeyPair
|
||||
}
|
||||
|
||||
/** @throws */
|
||||
getSigningKeyPair(): PkcKeyPair {
|
||||
const rootKey = this.getRootKey()
|
||||
|
||||
if (!rootKey?.signingKeyPair) {
|
||||
throw new Error('Account keypair not found')
|
||||
}
|
||||
|
||||
return rootKey.signingKeyPair
|
||||
}
|
||||
|
||||
hasSigningKeyPair(): boolean {
|
||||
return !!this.getRootKey()?.signingKeyPair
|
||||
}
|
||||
@@ -244,12 +221,6 @@ export class EncryptionService
|
||||
return this._createNewItemsKeyWithRollback.execute()
|
||||
}
|
||||
|
||||
public async decryptErroredPayloads(): Promise<void> {
|
||||
await this._decryptErroredRootPayloads.execute()
|
||||
|
||||
await this.itemsEncryption.decryptErroredItemPayloads()
|
||||
}
|
||||
|
||||
public itemsKeyForEncryptedPayload(
|
||||
payload: EncryptedPayloadInterface,
|
||||
): ItemsKeyInterface | KeySystemItemsKeyInterface | undefined {
|
||||
@@ -279,7 +250,9 @@ export class EncryptionService
|
||||
usesKeySystemRootKeyWithKeyLookup,
|
||||
} = split
|
||||
|
||||
const signingKeyPair = this.hasSigningKeyPair() ? this.getSigningKeyPair() : undefined
|
||||
const keys = this._getKeyPairs.execute()
|
||||
|
||||
const signingKeyPair = keys.isFailed() ? undefined : keys.getValue().signing
|
||||
|
||||
if (usesRootKey) {
|
||||
const rootKeyEncrypted = await this._rootKeyEncryptPayload.executeMany(
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
import { DecryptErroredTypeAPayloads } from './TypeA/DecryptErroredPayloads'
|
||||
import { ItemsEncryptionService } from './../../ItemsEncryption/ItemsEncryption'
|
||||
import { Result, UseCaseInterface } from '@standardnotes/domain-core'
|
||||
|
||||
export class DecryptErroredPayloads implements UseCaseInterface<void> {
|
||||
constructor(
|
||||
private itemsEncryption: ItemsEncryptionService,
|
||||
private _decryptErroredRootPayloads: DecryptErroredTypeAPayloads,
|
||||
) {}
|
||||
|
||||
async execute(): Promise<Result<void>> {
|
||||
await this._decryptErroredRootPayloads.execute()
|
||||
|
||||
await this.itemsEncryption.decryptErroredItemPayloads()
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,25 @@
|
||||
import { Result, SyncUseCaseInterface } from '@standardnotes/domain-core'
|
||||
import { PkcKeyPair } from '@standardnotes/sncrypto-common'
|
||||
import { RootKeyManager } from '../../RootKeyManager/RootKeyManager'
|
||||
|
||||
type UsecaseResult = {
|
||||
encryption: PkcKeyPair
|
||||
signing: PkcKeyPair
|
||||
}
|
||||
|
||||
export class GetKeyPairs implements SyncUseCaseInterface<UsecaseResult> {
|
||||
constructor(private rootKeyManager: RootKeyManager) {}
|
||||
|
||||
execute(): Result<UsecaseResult> {
|
||||
const rootKey = this.rootKeyManager.getRootKey()
|
||||
|
||||
if (!rootKey?.encryptionKeyPair || !rootKey?.signingKeyPair) {
|
||||
return Result.fail('Account keypair not found')
|
||||
}
|
||||
|
||||
return Result.ok({
|
||||
encryption: rootKey.encryptionKeyPair,
|
||||
signing: rootKey.signingKeyPair,
|
||||
})
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user