-
-
Notifications
You must be signed in to change notification settings - Fork 393
/
RotateVaultKey.ts
95 lines (81 loc) · 3.44 KB
/
RotateVaultKey.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import { UuidGenerator, assert } from '@standardnotes/utils'
import { ClientDisplayableError, isClientDisplayableError } from '@standardnotes/responses'
import {
KeySystemIdentifier,
KeySystemRootKeyInterface,
KeySystemRootKeyPasswordType,
KeySystemRootKeyStorageMode,
VaultListingInterface,
VaultListingMutator,
} from '@standardnotes/models'
import { MutatorClientInterface } from '../../Mutator/MutatorClientInterface'
import { EncryptionProviderInterface } from '../../Encryption/EncryptionProviderInterface'
import { KeySystemKeyManagerInterface } from '../../KeySystem/KeySystemKeyManagerInterface'
export class RotateVaultKey {
constructor(
private mutator: MutatorClientInterface,
private encryption: EncryptionProviderInterface,
private keys: KeySystemKeyManagerInterface,
) {}
async execute(params: {
vault: VaultListingInterface
sharedVaultUuid: string | undefined
userInputtedPassword: string | undefined
}): Promise<undefined | ClientDisplayableError[]> {
const currentRootKey = this.keys.getPrimaryKeySystemRootKey(params.vault.systemIdentifier)
if (!currentRootKey) {
throw new Error('Cannot rotate key system root key; key system root key not found')
}
let newRootKey: KeySystemRootKeyInterface | undefined
if (currentRootKey.keyParams.passwordType === KeySystemRootKeyPasswordType.UserInputted) {
if (!params.userInputtedPassword) {
throw new Error('Cannot rotate key system root key; user inputted password required')
}
newRootKey = this.encryption.createUserInputtedKeySystemRootKey({
systemIdentifier: params.vault.systemIdentifier,
userInputtedPassword: params.userInputtedPassword,
})
} else if (currentRootKey.keyParams.passwordType === KeySystemRootKeyPasswordType.Randomized) {
newRootKey = this.encryption.createRandomizedKeySystemRootKey({
systemIdentifier: params.vault.systemIdentifier,
})
}
if (!newRootKey) {
throw new Error('Cannot rotate key system root key; new root key not created')
}
if (params.vault.keyStorageMode === KeySystemRootKeyStorageMode.Synced) {
await this.mutator.insertItem(newRootKey, true)
} else {
this.keys.intakeNonPersistentKeySystemRootKey(newRootKey, params.vault.keyStorageMode)
}
await this.mutator.changeItem<VaultListingMutator>(params.vault, (mutator) => {
assert(newRootKey)
mutator.rootKeyParams = newRootKey.keyParams
})
const errors: ClientDisplayableError[] = []
const updateKeySystemItemsKeyResult = await this.createNewKeySystemItemsKey({
keySystemIdentifier: params.vault.systemIdentifier,
sharedVaultUuid: params.sharedVaultUuid,
rootKeyToken: newRootKey.token,
})
if (isClientDisplayableError(updateKeySystemItemsKeyResult)) {
errors.push(updateKeySystemItemsKeyResult)
}
await this.keys.reencryptKeySystemItemsKeysForVault(params.vault.systemIdentifier)
return errors
}
private async createNewKeySystemItemsKey(params: {
keySystemIdentifier: KeySystemIdentifier
sharedVaultUuid: string | undefined
rootKeyToken: string
}): Promise<ClientDisplayableError | void> {
const newItemsKeyUuid = UuidGenerator.GenerateUuid()
const newItemsKey = this.encryption.createKeySystemItemsKey(
newItemsKeyUuid,
params.keySystemIdentifier,
params.sharedVaultUuid,
params.rootKeyToken,
)
await this.mutator.insertItem(newItemsKey)
}
}