rmorawski/standardnotes-app-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: key rotation (#2383)

Browse Source
This commit is contained in:
Mo
2023-08-04 09:25:28 -05:00
committed by GitHub
parent a7f266bb68
commit 494436bdb6
65 changed files with 1354 additions and 1232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
packages/services/src/Domain/VaultInvite/UseCase/InviteToVault.ts
View File

@@ -11,27 +11,35 @@ import { EncryptMessage } from '../../Encryption/UseCase/Asymmetric/EncryptMessa
import { Result, SharedVaultUserPermission, UseCaseInterface } from '@standardnotes/domain-core'
import { ShareContactWithVault } from '../../SharedVaults/UseCase/ShareContactWithVault'
import { KeySystemKeyManagerInterface } from '../../KeySystem/KeySystemKeyManagerInterface'
import { GetKeyPairs } from '../../Encryption/UseCase/GetKeyPairs'
export class InviteToVault implements UseCaseInterface<SharedVaultInviteServerHash> {
constructor(
private keyManager: KeySystemKeyManagerInterface,
private encryptMessage: EncryptMessage,
private sendInvite: SendVaultInvite,
private shareContact: ShareContactWithVault,
private _encryptMessage: EncryptMessage,
private _sendInvite: SendVaultInvite,
private _shareContact: ShareContactWithVault,
private _getKeyPairs: GetKeyPairs,
) {}
async execute(params: {
keys: {
encryption: PkcKeyPair
signing: PkcKeyPair
}
senderUuid: string
sharedVault: SharedVaultListingInterface
sharedVaultContacts: TrustedContactInterface[]
recipient: TrustedContactInterface
permission: string
}): Promise<Result<SharedVaultInviteServerHash>> {
const createInviteResult = await this.inviteContact(params)
const keys = this._getKeyPairs.execute()
if (keys.isFailed()) {
return Result.fail('Cannot invite contact; keys not found')
}
const createInviteResult = await this.inviteContact({
keys: keys.getValue(),
sharedVault: params.sharedVault,
sharedVaultContacts: params.sharedVaultContacts,
recipient: params.recipient,
permission: params.permission,
})
if (createInviteResult.isFailed()) {
return createInviteResult
@@ -39,8 +47,7 @@ export class InviteToVault implements UseCaseInterface<SharedVaultInviteServerHa
await this.shareContactWithOtherVaultMembers({
contact: params.recipient,
senderUuid: params.senderUuid,
keys: params.keys,
keys: keys.getValue(),
sharedVault: params.sharedVault,
})
@@ -49,16 +56,13 @@ export class InviteToVault implements UseCaseInterface<SharedVaultInviteServerHa
private async shareContactWithOtherVaultMembers(params: {
contact: TrustedContactInterface
senderUuid: string
keys: {
encryption: PkcKeyPair
signing: PkcKeyPair
}
sharedVault: SharedVaultListingInterface
}): Promise<Result<void>> {
const result = await this.shareContact.execute({
keys: params.keys,
senderUserUuid: params.senderUuid,
const result = await this._shareContact.execute({
sharedVault: params.sharedVault,
contactToShare: params.contact,
})
@@ -108,7 +112,7 @@ export class InviteToVault implements UseCaseInterface<SharedVaultInviteServerHa
}
})
const encryptedMessage = this.encryptMessage.execute({
const encryptedMessage = this._encryptMessage.execute({
message: {
type: AsymmetricMessagePayloadType.SharedVaultInvite,
data: {
@@ -129,7 +133,7 @@ export class InviteToVault implements UseCaseInterface<SharedVaultInviteServerHa
return Result.fail(encryptedMessage.getError())
}
const createInviteResult = await this.sendInvite.execute({
const createInviteResult = await this._sendInvite.execute({
sharedVaultUuid: params.sharedVault.sharing.sharedVaultUuid,
recipientUuid: params.recipient.contactUuid,
encryptedMessage: encryptedMessage.getValue(),

25
packages/services/src/Domain/VaultInvite/VaultInviteService.ts
View File

@@ -12,7 +12,6 @@ import { GetVault } from '../Vault/UseCase/GetVault'
import { InviteToVault } from './UseCase/InviteToVault'
import { GetVaultContacts } from '../VaultUser/UseCase/GetVaultContacts'
import { SyncServiceInterface } from './../Sync/SyncServiceInterface'
import { EncryptionProviderInterface } from './../Encryption/EncryptionProviderInterface'
import { InternalEventBusInterface } from './../Internal/InternalEventBusInterface'
import { SessionsClientInterface } from './../Session/SessionsClientInterface'
import { GetAllContacts } from './../Contacts/UseCase/GetAllContacts'
@@ -33,6 +32,8 @@ import { AbstractService } from './../Service/AbstractService'
import { VaultInviteServiceEvent } from './VaultInviteServiceEvent'
import { ContentType, Result } from '@standardnotes/domain-core'
import { SharedVaultInvitesServer } from '@standardnotes/api'
import { GetKeyPairs } from '../Encryption/UseCase/GetKeyPairs'
import { DecryptErroredPayloads } from '../Encryption/UseCase/DecryptErroredPayloads'
export class VaultInviteService
extends AbstractService<VaultInviteServiceEvent>
@@ -45,7 +46,6 @@ export class VaultInviteService
private session: SessionsClientInterface,
private vaultUsers: VaultUserServiceInterface,
private sync: SyncServiceInterface,
private encryption: EncryptionProviderInterface,
private invitesServer: SharedVaultInvitesServer,
private _getAllContacts: GetAllContacts,
private _getVault: GetVault,
@@ -55,6 +55,8 @@ export class VaultInviteService
private _getUntrustedPayload: GetUntrustedPayload,
private _findContact: FindContact,
private _acceptVaultInvite: AcceptVaultInvite,
private _getKeyPairs: GetKeyPairs,
private _decryptErroredPayloads: DecryptErroredPayloads,
eventBus: InternalEventBusInterface,
) {
super(eventBus)
@@ -75,7 +77,6 @@ export class VaultInviteService
;(this.session as unknown) = undefined
;(this.vaultUsers as unknown) = undefined
;(this.sync as unknown) = undefined
;(this.encryption as unknown) = undefined
;(this.invitesServer as unknown) = undefined
;(this._getAllContacts as unknown) = undefined
;(this._getVault as unknown) = undefined
@@ -85,6 +86,8 @@ export class VaultInviteService
;(this._getUntrustedPayload as unknown) = undefined
;(this._findContact as unknown) = undefined
;(this._acceptVaultInvite as unknown) = undefined
;(this._getKeyPairs as unknown) = undefined
;(this._decryptErroredPayloads as unknown) = undefined
this.pendingInvites = {}
}
@@ -142,7 +145,7 @@ export class VaultInviteService
void this.sync.sync()
await this.encryption.decryptErroredPayloads()
await this._decryptErroredPayloads.execute()
await this.sync.syncSharedVaultsFromScratch([pendingInvite.invite.shared_vault_uuid])
}
@@ -181,11 +184,6 @@ export class VaultInviteService
const contacts = contactsResult.getValue()
const result = await this._inviteToVault.execute({
keys: {
encryption: this.encryption.getKeyPair(),
signing: this.encryption.getSigningKeyPair(),
},
senderUuid: this.session.getSureUser().uuid,
sharedVault,
recipient: contact,
sharedVaultContacts: contacts,
@@ -233,6 +231,11 @@ export class VaultInviteService
return
}
const keys = this._getKeyPairs.execute()
if (keys.isFailed()) {
return
}
for (const invite of invites) {
delete this.pendingInvites[invite.uuid]
@@ -240,7 +243,7 @@ export class VaultInviteService
if (!sender.isFailed()) {
const trustedMessage = this._getTrustedPayload.execute<AsymmetricMessageSharedVaultInvite>({
message: invite,
privateKey: this.encryption.getKeyPair().privateKey,
privateKey: keys.getValue().encryption.privateKey,
ownUserUuid: this.session.userUuid,
sender: sender.getValue(),
})
@@ -258,7 +261,7 @@ export class VaultInviteService
const untrustedMessage = this._getUntrustedPayload.execute<AsymmetricMessageSharedVaultInvite>({
message: invite,
privateKey: this.encryption.getKeyPair().privateKey,
privateKey: keys.getValue().encryption.privateKey,
})
if (!untrustedMessage.isFailed()) {