mirror of
https://github.com/bitwarden/android.git
synced 2024-10-31 07:05:35 +03:00
[PM-115] Cipher key encryption update (#2421)
* PM-115 Added new cipher key and encryption/decryption mechanisms on cipher * PM-115 fix format * PM-115 removed ForceKeyRotation from new cipher encryption model given that another approach will be taken * [PM-1690] Added minimum server version restriction to cipher key encryption (#2463) * PM-1690 added minimum server version restriction to cipher key encryption and also change the force key rotation flag * PM-1690 Updated min server version for new cipher encryption key and fixed configService registration * PM-1690 removed forcekeyrotation * PM-115 Temporarily Changed cipher key new encryption config to help testing (this change should be reseted eventually) * PM-2456 Fix attachment encryption on new cipher item encryption model (#2556) * PM-2531 Fix new cipher encryption on adding attachments on ciphers with no item level key (#2559) * PM-115 Changed temporarily cipher key encryption min server version to 2023.6.0 to test * PM-115 Reseted cipher key encryption minimum server version to 2023.5.0 and disable new cipher key on local cipher creation * Added Key value to the cipher export model (#2628) * Update Constants.cs Updated minimum encryption server version to 2023.9.0 so QA can test its behavior * PM-115 Fix file format * PM-115 Changed new encryption off and minimum new encryption server version to 2023.8.0 for testing purposes * PM-115 Changed CIpher key encryption minimum server version to 2023.9.0 * PM-3737 Remove suffix on client version sent to server (#2779) * PM-115 QA testing server min version and enable new cipher key encryption * PM-115 Disable new cipher encryption creation and change minimum server encryption version to 2023.9.1 --------- Co-authored-by: aj-rosado <109146700+aj-rosado@users.noreply.github.com>
This commit is contained in:
parent
e97a37222a
commit
3cdf5ccd3b
26 changed files with 244 additions and 88 deletions
|
@ -123,7 +123,7 @@ namespace Bit.App.Pages
|
||||||
{
|
{
|
||||||
await _deviceActionService.ShowLoadingAsync(AppResources.Saving);
|
await _deviceActionService.ShowLoadingAsync(AppResources.Saving);
|
||||||
_cipherDomain = await _cipherService.SaveAttachmentRawWithServerAsync(
|
_cipherDomain = await _cipherService.SaveAttachmentRawWithServerAsync(
|
||||||
_cipherDomain, FileName, FileData);
|
_cipherDomain, Cipher, FileName, FileData);
|
||||||
Cipher = await _cipherDomain.DecryptAsync();
|
Cipher = await _cipherDomain.DecryptAsync();
|
||||||
await _deviceActionService.HideLoadingAsync();
|
await _deviceActionService.HideLoadingAsync();
|
||||||
_platformUtilsService.ShowToast("success", null, AppResources.AttachementAdded);
|
_platformUtilsService.ShowToast("success", null, AppResources.AttachementAdded);
|
||||||
|
|
|
@ -33,7 +33,7 @@ namespace Bit.Core.Abstractions
|
||||||
Task<Cipher> GetAsync(string id);
|
Task<Cipher> GetAsync(string id);
|
||||||
Task<CipherView> GetLastUsedForUrlAsync(string url);
|
Task<CipherView> GetLastUsedForUrlAsync(string url);
|
||||||
Task ReplaceAsync(Dictionary<string, CipherData> ciphers);
|
Task ReplaceAsync(Dictionary<string, CipherData> ciphers);
|
||||||
Task<Cipher> SaveAttachmentRawWithServerAsync(Cipher cipher, string filename, byte[] data);
|
Task<Cipher> SaveAttachmentRawWithServerAsync(Cipher cipher, CipherView cipherView, string filename, byte[] data);
|
||||||
Task SaveCollectionsWithServerAsync(Cipher cipher);
|
Task SaveCollectionsWithServerAsync(Cipher cipher);
|
||||||
Task SaveWithServerAsync(Cipher cipher);
|
Task SaveWithServerAsync(Cipher cipher);
|
||||||
Task<ShareWithServerError> ShareWithServerAsync(CipherView cipher, string organizationId, HashSet<string> collectionIds);
|
Task<ShareWithServerError> ShareWithServerAsync(CipherView cipher, string organizationId, HashSet<string> collectionIds);
|
||||||
|
|
|
@ -67,6 +67,8 @@ namespace Bit.Core
|
||||||
public const int Argon2MemoryInMB = 64;
|
public const int Argon2MemoryInMB = 64;
|
||||||
public const int Argon2Parallelism = 4;
|
public const int Argon2Parallelism = 4;
|
||||||
public const int MasterPasswordMinimumChars = 12;
|
public const int MasterPasswordMinimumChars = 12;
|
||||||
|
public const int CipherKeyRandomBytesLength = 64;
|
||||||
|
public const string CipherKeyEncryptionMinServerVersion = "2023.9.1";
|
||||||
public const string DefaultFido2KeyType = "public-key";
|
public const string DefaultFido2KeyType = "public-key";
|
||||||
public const string DefaultFido2KeyAlgorithm = "ECDSA";
|
public const string DefaultFido2KeyAlgorithm = "ECDSA";
|
||||||
public const string DefaultFido2KeyCurve = "P-256";
|
public const string DefaultFido2KeyCurve = "P-256";
|
||||||
|
|
|
@ -28,6 +28,7 @@ namespace Bit.Core.Models.Data
|
||||||
Notes = response.Notes;
|
Notes = response.Notes;
|
||||||
CollectionIds = collectionIds?.ToList() ?? response.CollectionIds;
|
CollectionIds = collectionIds?.ToList() ?? response.CollectionIds;
|
||||||
Reprompt = response.Reprompt;
|
Reprompt = response.Reprompt;
|
||||||
|
Key = response.Key;
|
||||||
|
|
||||||
try // Added to address Issue (https://github.com/bitwarden/mobile/issues/1006)
|
try // Added to address Issue (https://github.com/bitwarden/mobile/issues/1006)
|
||||||
{
|
{
|
||||||
|
@ -88,5 +89,6 @@ namespace Bit.Core.Models.Data
|
||||||
public List<PasswordHistoryData> PasswordHistory { get; set; }
|
public List<PasswordHistoryData> PasswordHistory { get; set; }
|
||||||
public List<string> CollectionIds { get; set; }
|
public List<string> CollectionIds { get; set; }
|
||||||
public Enums.CipherRepromptType Reprompt { get; set; }
|
public Enums.CipherRepromptType Reprompt { get; set; }
|
||||||
|
public string Key { get; set; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
using System.Collections.Generic;
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Bit.Core.Abstractions;
|
using Bit.Core.Abstractions;
|
||||||
using Bit.Core.Models.Data;
|
using Bit.Core.Models.Data;
|
||||||
using Bit.Core.Models.View;
|
using Bit.Core.Models.View;
|
||||||
|
using Bit.Core.Services;
|
||||||
using Bit.Core.Utilities;
|
using Bit.Core.Utilities;
|
||||||
|
|
||||||
namespace Bit.Core.Models.Domain
|
namespace Bit.Core.Models.Domain
|
||||||
|
@ -11,11 +13,11 @@ namespace Bit.Core.Models.Domain
|
||||||
{
|
{
|
||||||
private HashSet<string> _map = new HashSet<string>
|
private HashSet<string> _map = new HashSet<string>
|
||||||
{
|
{
|
||||||
"Id",
|
nameof(Id),
|
||||||
"Url",
|
nameof(Url),
|
||||||
"SizeName",
|
nameof(SizeName),
|
||||||
"FileName",
|
nameof(FileName),
|
||||||
"Key"
|
nameof(Key)
|
||||||
};
|
};
|
||||||
|
|
||||||
public Attachment() { }
|
public Attachment() { }
|
||||||
|
@ -23,7 +25,7 @@ namespace Bit.Core.Models.Domain
|
||||||
public Attachment(AttachmentData obj, bool alreadyEncrypted = false)
|
public Attachment(AttachmentData obj, bool alreadyEncrypted = false)
|
||||||
{
|
{
|
||||||
Size = obj.Size;
|
Size = obj.Size;
|
||||||
BuildDomainModel(this, obj, _map, alreadyEncrypted, new HashSet<string> { "Id", "Url", "SizeName" });
|
BuildDomainModel(this, obj, _map, alreadyEncrypted, new HashSet<string> { nameof(Id), nameof(Url), nameof(SizeName) });
|
||||||
}
|
}
|
||||||
|
|
||||||
public string Id { get; set; }
|
public string Id { get; set; }
|
||||||
|
@ -33,25 +35,26 @@ namespace Bit.Core.Models.Domain
|
||||||
public EncString Key { get; set; }
|
public EncString Key { get; set; }
|
||||||
public EncString FileName { get; set; }
|
public EncString FileName { get; set; }
|
||||||
|
|
||||||
public async Task<AttachmentView> DecryptAsync(string orgId)
|
public async Task<AttachmentView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
|
||||||
{
|
{
|
||||||
var view = await DecryptObjAsync(new AttachmentView(this), this, new HashSet<string>
|
var view = await DecryptObjAsync(new AttachmentView(this), this, new HashSet<string>
|
||||||
{
|
{
|
||||||
"FileName"
|
nameof(FileName)
|
||||||
}, orgId);
|
}, orgId, key);
|
||||||
|
|
||||||
if (Key != null)
|
if (Key != null)
|
||||||
{
|
{
|
||||||
var cryptoService = ServiceContainer.Resolve<ICryptoService>("cryptoService");
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
var orgKey = await cryptoService.GetOrgKeyAsync(orgId);
|
var cryptoService = ServiceContainer.Resolve<ICryptoService>();
|
||||||
var decValue = await cryptoService.DecryptToBytesAsync(Key, orgKey);
|
|
||||||
|
var decryptKey = key ?? await cryptoService.GetOrgKeyAsync(orgId);
|
||||||
|
var decValue = await cryptoService.DecryptToBytesAsync(Key, decryptKey);
|
||||||
view.Key = new SymmetricCryptoKey(decValue);
|
view.Key = new SymmetricCryptoKey(decValue);
|
||||||
}
|
}
|
||||||
catch
|
catch (Exception ex)
|
||||||
{
|
{
|
||||||
// TODO: error?
|
LoggerHelper.LogEvenIfCantBeResolved(ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return view;
|
return view;
|
||||||
|
@ -61,7 +64,7 @@ namespace Bit.Core.Models.Domain
|
||||||
{
|
{
|
||||||
var a = new AttachmentData();
|
var a = new AttachmentData();
|
||||||
a.Size = Size;
|
a.Size = Size;
|
||||||
BuildDataModel(this, a, _map, new HashSet<string> { "Id", "Url", "SizeName" });
|
BuildDataModel(this, a, _map, new HashSet<string> { nameof(Id), nameof(Url), nameof(SizeName) });
|
||||||
return a;
|
return a;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,9 +31,9 @@ namespace Bit.Core.Models.Domain
|
||||||
public EncString ExpYear { get; set; }
|
public EncString ExpYear { get; set; }
|
||||||
public EncString Code { get; set; }
|
public EncString Code { get; set; }
|
||||||
|
|
||||||
public Task<CardView> DecryptAsync(string orgId)
|
public Task<CardView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
|
||||||
{
|
{
|
||||||
return DecryptObjAsync(new CardView(this), this, _map, orgId);
|
return DecryptObjAsync(new CardView(this), this, _map, orgId, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
public CardData ToCardData()
|
public CardData ToCardData()
|
||||||
|
|
|
@ -2,9 +2,11 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
|
using Bit.Core.Abstractions;
|
||||||
using Bit.Core.Enums;
|
using Bit.Core.Enums;
|
||||||
using Bit.Core.Models.Data;
|
using Bit.Core.Models.Data;
|
||||||
using Bit.Core.Models.View;
|
using Bit.Core.Models.View;
|
||||||
|
using Bit.Core.Utilities;
|
||||||
|
|
||||||
namespace Bit.Core.Models.Domain
|
namespace Bit.Core.Models.Domain
|
||||||
{
|
{
|
||||||
|
@ -16,12 +18,12 @@ namespace Bit.Core.Models.Domain
|
||||||
{
|
{
|
||||||
BuildDomainModel(this, obj, new HashSet<string>
|
BuildDomainModel(this, obj, new HashSet<string>
|
||||||
{
|
{
|
||||||
"Id",
|
nameof(Id),
|
||||||
"OrganizationId",
|
nameof(OrganizationId),
|
||||||
"FolderId",
|
nameof(FolderId),
|
||||||
"Name",
|
nameof(Name),
|
||||||
"Notes"
|
nameof(Notes)
|
||||||
}, alreadyEncrypted, new HashSet<string> { "Id", "OrganizationId", "FolderId" });
|
}, alreadyEncrypted, new HashSet<string> { nameof(Id), nameof(OrganizationId), nameof(FolderId) });
|
||||||
|
|
||||||
Type = obj.Type;
|
Type = obj.Type;
|
||||||
Favorite = obj.Favorite;
|
Favorite = obj.Favorite;
|
||||||
|
@ -34,6 +36,11 @@ namespace Bit.Core.Models.Domain
|
||||||
LocalData = localData;
|
LocalData = localData;
|
||||||
Reprompt = obj.Reprompt;
|
Reprompt = obj.Reprompt;
|
||||||
|
|
||||||
|
if (obj.Key != null)
|
||||||
|
{
|
||||||
|
Key = new EncString(obj.Key);
|
||||||
|
}
|
||||||
|
|
||||||
switch (Type)
|
switch (Type)
|
||||||
{
|
{
|
||||||
case Enums.CipherType.Login:
|
case Enums.CipherType.Login:
|
||||||
|
@ -81,29 +88,43 @@ namespace Bit.Core.Models.Domain
|
||||||
public List<PasswordHistory> PasswordHistory { get; set; }
|
public List<PasswordHistory> PasswordHistory { get; set; }
|
||||||
public HashSet<string> CollectionIds { get; set; }
|
public HashSet<string> CollectionIds { get; set; }
|
||||||
public CipherRepromptType Reprompt { get; set; }
|
public CipherRepromptType Reprompt { get; set; }
|
||||||
|
public EncString Key { get; set; }
|
||||||
|
|
||||||
public async Task<CipherView> DecryptAsync()
|
public async Task<CipherView> DecryptAsync()
|
||||||
{
|
{
|
||||||
var model = new CipherView(this);
|
var model = new CipherView(this);
|
||||||
|
|
||||||
|
if (Key != null)
|
||||||
|
{
|
||||||
|
// HACK: I don't like resolving this here but I can't see a better way without
|
||||||
|
// refactoring a lot of things.
|
||||||
|
var cryptoService = ServiceContainer.Resolve<ICryptoService>();
|
||||||
|
|
||||||
|
var orgKey = await cryptoService.GetOrgKeyAsync(OrganizationId);
|
||||||
|
|
||||||
|
var key = await cryptoService.DecryptToBytesAsync(Key, orgKey);
|
||||||
|
model.Key = new CipherKey(key);
|
||||||
|
}
|
||||||
|
|
||||||
await DecryptObjAsync(model, this, new HashSet<string>
|
await DecryptObjAsync(model, this, new HashSet<string>
|
||||||
{
|
{
|
||||||
"Name",
|
nameof(Name),
|
||||||
"Notes"
|
nameof(Notes)
|
||||||
}, OrganizationId);
|
}, OrganizationId, model.Key);
|
||||||
|
|
||||||
switch (Type)
|
switch (Type)
|
||||||
{
|
{
|
||||||
case Enums.CipherType.Login:
|
case Enums.CipherType.Login:
|
||||||
model.Login = await Login.DecryptAsync(OrganizationId);
|
model.Login = await Login.DecryptAsync(OrganizationId, model.Key);
|
||||||
break;
|
break;
|
||||||
case Enums.CipherType.SecureNote:
|
case Enums.CipherType.SecureNote:
|
||||||
model.SecureNote = await SecureNote.DecryptAsync(OrganizationId);
|
model.SecureNote = await SecureNote.DecryptAsync(OrganizationId, model.Key);
|
||||||
break;
|
break;
|
||||||
case Enums.CipherType.Card:
|
case Enums.CipherType.Card:
|
||||||
model.Card = await Card.DecryptAsync(OrganizationId);
|
model.Card = await Card.DecryptAsync(OrganizationId, model.Key);
|
||||||
break;
|
break;
|
||||||
case Enums.CipherType.Identity:
|
case Enums.CipherType.Identity:
|
||||||
model.Identity = await Identity.DecryptAsync(OrganizationId);
|
model.Identity = await Identity.DecryptAsync(OrganizationId, model.Key);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
|
@ -115,7 +136,7 @@ namespace Bit.Core.Models.Domain
|
||||||
var tasks = new List<Task>();
|
var tasks = new List<Task>();
|
||||||
async Task decryptAndAddAttachmentAsync(Attachment attachment)
|
async Task decryptAndAddAttachmentAsync(Attachment attachment)
|
||||||
{
|
{
|
||||||
var decAttachment = await attachment.DecryptAsync(OrganizationId);
|
var decAttachment = await attachment.DecryptAsync(OrganizationId, model.Key);
|
||||||
model.Attachments.Add(decAttachment);
|
model.Attachments.Add(decAttachment);
|
||||||
}
|
}
|
||||||
foreach (var attachment in Attachments)
|
foreach (var attachment in Attachments)
|
||||||
|
@ -130,7 +151,7 @@ namespace Bit.Core.Models.Domain
|
||||||
var tasks = new List<Task>();
|
var tasks = new List<Task>();
|
||||||
async Task decryptAndAddFieldAsync(Field field)
|
async Task decryptAndAddFieldAsync(Field field)
|
||||||
{
|
{
|
||||||
var decField = await field.DecryptAsync(OrganizationId);
|
var decField = await field.DecryptAsync(OrganizationId, model.Key);
|
||||||
model.Fields.Add(decField);
|
model.Fields.Add(decField);
|
||||||
}
|
}
|
||||||
foreach (var field in Fields)
|
foreach (var field in Fields)
|
||||||
|
@ -145,7 +166,7 @@ namespace Bit.Core.Models.Domain
|
||||||
var tasks = new List<Task>();
|
var tasks = new List<Task>();
|
||||||
async Task decryptAndAddHistoryAsync(PasswordHistory ph)
|
async Task decryptAndAddHistoryAsync(PasswordHistory ph)
|
||||||
{
|
{
|
||||||
var decPh = await ph.DecryptAsync(OrganizationId);
|
var decPh = await ph.DecryptAsync(OrganizationId, model.Key);
|
||||||
model.PasswordHistory.Add(decPh);
|
model.PasswordHistory.Add(decPh);
|
||||||
}
|
}
|
||||||
foreach (var ph in PasswordHistory)
|
foreach (var ph in PasswordHistory)
|
||||||
|
@ -174,11 +195,12 @@ namespace Bit.Core.Models.Domain
|
||||||
CollectionIds = CollectionIds.ToList(),
|
CollectionIds = CollectionIds.ToList(),
|
||||||
DeletedDate = DeletedDate,
|
DeletedDate = DeletedDate,
|
||||||
Reprompt = Reprompt,
|
Reprompt = Reprompt,
|
||||||
|
Key = Key?.EncryptedString
|
||||||
};
|
};
|
||||||
BuildDataModel(this, c, new HashSet<string>
|
BuildDataModel(this, c, new HashSet<string>
|
||||||
{
|
{
|
||||||
"Name",
|
nameof(Name),
|
||||||
"Notes"
|
nameof(Notes)
|
||||||
});
|
});
|
||||||
switch (c.Type)
|
switch (c.Type)
|
||||||
{
|
{
|
||||||
|
|
|
@ -41,9 +41,9 @@ namespace Bit.Core.Models.Domain
|
||||||
public EncString UserName { get; set; }
|
public EncString UserName { get; set; }
|
||||||
public EncString Counter { get; set; }
|
public EncString Counter { get; set; }
|
||||||
|
|
||||||
public async Task<Fido2KeyView> DecryptAsync(string orgId)
|
public async Task<Fido2KeyView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
|
||||||
{
|
{
|
||||||
return await DecryptObjAsync(new Fido2KeyView(), this, EncryptableProperties, orgId);
|
return await DecryptObjAsync(new Fido2KeyView(), this, EncryptableProperties, orgId, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Fido2KeyData ToFido2KeyData()
|
public Fido2KeyData ToFido2KeyData()
|
||||||
|
|
|
@ -28,9 +28,9 @@ namespace Bit.Core.Models.Domain
|
||||||
public FieldType Type { get; set; }
|
public FieldType Type { get; set; }
|
||||||
public LinkedIdType? LinkedId { get; set; }
|
public LinkedIdType? LinkedId { get; set; }
|
||||||
|
|
||||||
public Task<FieldView> DecryptAsync(string orgId)
|
public Task<FieldView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
|
||||||
{
|
{
|
||||||
return DecryptObjAsync(new FieldView(this), this, _map, orgId);
|
return DecryptObjAsync(new FieldView(this), this, _map, orgId, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
public FieldData ToFieldData()
|
public FieldData ToFieldData()
|
||||||
|
|
|
@ -55,9 +55,9 @@ namespace Bit.Core.Models.Domain
|
||||||
public EncString PassportNumber { get; set; }
|
public EncString PassportNumber { get; set; }
|
||||||
public EncString LicenseNumber { get; set; }
|
public EncString LicenseNumber { get; set; }
|
||||||
|
|
||||||
public Task<IdentityView> DecryptAsync(string orgId)
|
public Task<IdentityView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
|
||||||
{
|
{
|
||||||
return DecryptObjAsync(new IdentityView(this), this, _map, orgId);
|
return DecryptObjAsync(new IdentityView(this), this, _map, orgId, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
public IdentityData ToIdentityData()
|
public IdentityData ToIdentityData()
|
||||||
|
|
|
@ -31,20 +31,20 @@ namespace Bit.Core.Models.Domain
|
||||||
public EncString Totp { get; set; }
|
public EncString Totp { get; set; }
|
||||||
public List<Fido2Key> Fido2Keys { get; set; }
|
public List<Fido2Key> Fido2Keys { get; set; }
|
||||||
|
|
||||||
public async Task<LoginView> DecryptAsync(string orgId)
|
public async Task<LoginView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
|
||||||
{
|
{
|
||||||
var view = await DecryptObjAsync(new LoginView(this), this, new HashSet<string>
|
var view = await DecryptObjAsync(new LoginView(this), this, new HashSet<string>
|
||||||
{
|
{
|
||||||
"Username",
|
"Username",
|
||||||
"Password",
|
"Password",
|
||||||
"Totp"
|
"Totp"
|
||||||
}, orgId);
|
}, orgId, key);
|
||||||
if (Uris != null)
|
if (Uris != null)
|
||||||
{
|
{
|
||||||
view.Uris = new List<LoginUriView>();
|
view.Uris = new List<LoginUriView>();
|
||||||
foreach (var uri in Uris)
|
foreach (var uri in Uris)
|
||||||
{
|
{
|
||||||
view.Uris.Add(await uri.DecryptAsync(orgId));
|
view.Uris.Add(await uri.DecryptAsync(orgId, key));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (Fido2Keys != null)
|
if (Fido2Keys != null)
|
||||||
|
@ -52,7 +52,7 @@ namespace Bit.Core.Models.Domain
|
||||||
view.Fido2Keys = new List<Fido2KeyView>();
|
view.Fido2Keys = new List<Fido2KeyView>();
|
||||||
foreach (var fido2Key in Fido2Keys)
|
foreach (var fido2Key in Fido2Keys)
|
||||||
{
|
{
|
||||||
view.Fido2Keys.Add(await fido2Key.DecryptAsync(orgId));
|
view.Fido2Keys.Add(await fido2Key.DecryptAsync(orgId, key));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return view;
|
return view;
|
||||||
|
|
|
@ -24,9 +24,9 @@ namespace Bit.Core.Models.Domain
|
||||||
public EncString Uri { get; set; }
|
public EncString Uri { get; set; }
|
||||||
public UriMatchType? Match { get; set; }
|
public UriMatchType? Match { get; set; }
|
||||||
|
|
||||||
public Task<LoginUriView> DecryptAsync(string orgId)
|
public Task<LoginUriView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
|
||||||
{
|
{
|
||||||
return DecryptObjAsync(new LoginUriView(this), this, _map, orgId);
|
return DecryptObjAsync(new LoginUriView(this), this, _map, orgId, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
public LoginUriData ToLoginUriData()
|
public LoginUriData ToLoginUriData()
|
||||||
|
|
|
@ -24,9 +24,9 @@ namespace Bit.Core.Models.Domain
|
||||||
public EncString Password { get; set; }
|
public EncString Password { get; set; }
|
||||||
public DateTime LastUsedDate { get; set; }
|
public DateTime LastUsedDate { get; set; }
|
||||||
|
|
||||||
public Task<PasswordHistoryView> DecryptAsync(string orgId)
|
public Task<PasswordHistoryView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
|
||||||
{
|
{
|
||||||
return DecryptObjAsync(new PasswordHistoryView(this), this, _map, orgId);
|
return DecryptObjAsync(new PasswordHistoryView(this), this, _map, orgId, key);
|
||||||
}
|
}
|
||||||
|
|
||||||
public PasswordHistoryData ToPasswordHistoryData()
|
public PasswordHistoryData ToPasswordHistoryData()
|
||||||
|
|
|
@ -16,7 +16,7 @@ namespace Bit.Core.Models.Domain
|
||||||
|
|
||||||
public SecureNoteType Type { get; set; }
|
public SecureNoteType Type { get; set; }
|
||||||
|
|
||||||
public Task<SecureNoteView> DecryptAsync(string orgId)
|
public Task<SecureNoteView> DecryptAsync(string orgId, SymmetricCryptoKey key = null)
|
||||||
{
|
{
|
||||||
return Task.FromResult(new SecureNoteView(this));
|
return Task.FromResult(new SecureNoteView(this));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Linq;
|
|
||||||
using Bit.Core.Enums;
|
using Bit.Core.Enums;
|
||||||
|
|
||||||
namespace Bit.Core.Models.Domain
|
namespace Bit.Core.Models.Domain
|
||||||
|
@ -102,4 +101,11 @@ namespace Bit.Core.Models.Domain
|
||||||
: base(key, encType)
|
: base(key, encType)
|
||||||
{ }
|
{ }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public class CipherKey : SymmetricCryptoKey
|
||||||
|
{
|
||||||
|
public CipherKey(byte[] key, EncryptionType? encType = null)
|
||||||
|
: base(key, encType)
|
||||||
|
{ }
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using Bit.Core.Enums;
|
using Bit.Core.Enums;
|
||||||
|
using Bit.Core.Models.Domain;
|
||||||
using Bit.Core.Models.View;
|
using Bit.Core.Models.View;
|
||||||
using Newtonsoft.Json;
|
using Newtonsoft.Json;
|
||||||
|
|
||||||
|
@ -46,6 +47,7 @@ namespace Bit.Core.Models.Export
|
||||||
Name = obj.Name?.EncryptedString;
|
Name = obj.Name?.EncryptedString;
|
||||||
Notes = obj.Notes?.EncryptedString;
|
Notes = obj.Notes?.EncryptedString;
|
||||||
Favorite = obj.Favorite;
|
Favorite = obj.Favorite;
|
||||||
|
Key = obj.Key?.EncryptedString;
|
||||||
|
|
||||||
Fields = obj.Fields?.Select(f => new Field(f)).ToList();
|
Fields = obj.Fields?.Select(f => new Field(f)).ToList();
|
||||||
|
|
||||||
|
@ -82,6 +84,8 @@ namespace Bit.Core.Models.Export
|
||||||
public Card Card { get; set; }
|
public Card Card { get; set; }
|
||||||
[JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
|
[JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
|
||||||
public Identity Identity { get; set; }
|
public Identity Identity { get; set; }
|
||||||
|
[JsonProperty(NullValueHandling = NullValueHandling.Ignore)]
|
||||||
|
public string Key { get; set; }
|
||||||
|
|
||||||
public CipherView ToView(Cipher req, CipherView view = null)
|
public CipherView ToView(Cipher req, CipherView view = null)
|
||||||
{
|
{
|
||||||
|
|
|
@ -19,6 +19,7 @@ namespace Bit.Core.Models.Request
|
||||||
Favorite = cipher.Favorite;
|
Favorite = cipher.Favorite;
|
||||||
LastKnownRevisionDate = cipher.RevisionDate;
|
LastKnownRevisionDate = cipher.RevisionDate;
|
||||||
Reprompt = cipher.Reprompt;
|
Reprompt = cipher.Reprompt;
|
||||||
|
Key = cipher.Key?.EncryptedString;
|
||||||
|
|
||||||
switch (Type)
|
switch (Type)
|
||||||
{
|
{
|
||||||
|
@ -125,5 +126,6 @@ namespace Bit.Core.Models.Request
|
||||||
public Dictionary<string, AttachmentRequest> Attachments2 { get; set; }
|
public Dictionary<string, AttachmentRequest> Attachments2 { get; set; }
|
||||||
public DateTime LastKnownRevisionDate { get; set; }
|
public DateTime LastKnownRevisionDate { get; set; }
|
||||||
public CipherRepromptType Reprompt { get; set; }
|
public CipherRepromptType Reprompt { get; set; }
|
||||||
|
public string Key { get; set; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,6 +28,7 @@ namespace Bit.Core.Models.Response
|
||||||
public List<string> CollectionIds { get; set; }
|
public List<string> CollectionIds { get; set; }
|
||||||
public DateTime? DeletedDate { get; set; }
|
public DateTime? DeletedDate { get; set; }
|
||||||
public CipherRepromptType Reprompt { get; set; }
|
public CipherRepromptType Reprompt { get; set; }
|
||||||
|
public string Key { get; set; }
|
||||||
public DateTime CreationDate { get; set; }
|
public DateTime CreationDate { get; set; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -51,6 +51,7 @@ namespace Bit.Core.Models.View
|
||||||
public DateTime CreationDate { get; set; }
|
public DateTime CreationDate { get; set; }
|
||||||
public DateTime? DeletedDate { get; set; }
|
public DateTime? DeletedDate { get; set; }
|
||||||
public CipherRepromptType Reprompt { get; set; }
|
public CipherRepromptType Reprompt { get; set; }
|
||||||
|
public CipherKey Key { get; set; }
|
||||||
|
|
||||||
public ItemView Item
|
public ItemView Item
|
||||||
{
|
{
|
||||||
|
|
|
@ -42,7 +42,7 @@ namespace Bit.Core.Services
|
||||||
var device = (int)_platformUtilsService.GetDevice();
|
var device = (int)_platformUtilsService.GetDevice();
|
||||||
_httpClient.DefaultRequestHeaders.Add("Device-Type", device.ToString());
|
_httpClient.DefaultRequestHeaders.Add("Device-Type", device.ToString());
|
||||||
_httpClient.DefaultRequestHeaders.Add("Bitwarden-Client-Name", _platformUtilsService.GetClientType().GetString());
|
_httpClient.DefaultRequestHeaders.Add("Bitwarden-Client-Name", _platformUtilsService.GetClientType().GetString());
|
||||||
_httpClient.DefaultRequestHeaders.Add("Bitwarden-Client-Version", _platformUtilsService.GetApplicationVersion());
|
_httpClient.DefaultRequestHeaders.Add("Bitwarden-Client-Version", VersionHelpers.RemoveSuffix(_platformUtilsService.GetApplicationVersion()));
|
||||||
if (!string.IsNullOrWhiteSpace(customUserAgent))
|
if (!string.IsNullOrWhiteSpace(customUserAgent))
|
||||||
{
|
{
|
||||||
_httpClient.DefaultRequestHeaders.UserAgent.ParseAdd(customUserAgent);
|
_httpClient.DefaultRequestHeaders.UserAgent.ParseAdd(customUserAgent);
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
using System;
|
//#define ENABLE_NEW_CIPHER_KEY_ENCRYPTION_ON_CREATION
|
||||||
|
|
||||||
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
|
@ -30,6 +32,7 @@ namespace Bit.Core.Services
|
||||||
private readonly IStorageService _storageService;
|
private readonly IStorageService _storageService;
|
||||||
private readonly II18nService _i18nService;
|
private readonly II18nService _i18nService;
|
||||||
private readonly Func<ISearchService> _searchService;
|
private readonly Func<ISearchService> _searchService;
|
||||||
|
private readonly IConfigService _configService;
|
||||||
private readonly string _clearCipherCacheKey;
|
private readonly string _clearCipherCacheKey;
|
||||||
private readonly string[] _allClearCipherCacheKeys;
|
private readonly string[] _allClearCipherCacheKeys;
|
||||||
private Dictionary<string, HashSet<string>> _domainMatchBlacklist = new Dictionary<string, HashSet<string>>
|
private Dictionary<string, HashSet<string>> _domainMatchBlacklist = new Dictionary<string, HashSet<string>>
|
||||||
|
@ -48,6 +51,7 @@ namespace Bit.Core.Services
|
||||||
IStorageService storageService,
|
IStorageService storageService,
|
||||||
II18nService i18nService,
|
II18nService i18nService,
|
||||||
Func<ISearchService> searchService,
|
Func<ISearchService> searchService,
|
||||||
|
IConfigService configService,
|
||||||
string clearCipherCacheKey,
|
string clearCipherCacheKey,
|
||||||
string[] allClearCipherCacheKeys)
|
string[] allClearCipherCacheKeys)
|
||||||
{
|
{
|
||||||
|
@ -59,6 +63,7 @@ namespace Bit.Core.Services
|
||||||
_storageService = storageService;
|
_storageService = storageService;
|
||||||
_i18nService = i18nService;
|
_i18nService = i18nService;
|
||||||
_searchService = searchService;
|
_searchService = searchService;
|
||||||
|
_configService = configService;
|
||||||
_clearCipherCacheKey = clearCipherCacheKey;
|
_clearCipherCacheKey = clearCipherCacheKey;
|
||||||
_allClearCipherCacheKeys = allClearCipherCacheKeys;
|
_allClearCipherCacheKeys = allClearCipherCacheKeys;
|
||||||
}
|
}
|
||||||
|
@ -181,6 +186,26 @@ namespace Bit.Core.Services
|
||||||
Reprompt = model.Reprompt
|
Reprompt = model.Reprompt
|
||||||
};
|
};
|
||||||
|
|
||||||
|
key = await UpdateCipherAndGetCipherKeyAsync(cipher, model, key);
|
||||||
|
|
||||||
|
var tasks = new List<Task>
|
||||||
|
{
|
||||||
|
EncryptObjPropertyAsync(model, cipher, new HashSet<string>
|
||||||
|
{
|
||||||
|
nameof(CipherView.Name),
|
||||||
|
nameof(CipherView.Notes)
|
||||||
|
}, key),
|
||||||
|
EncryptCipherDataAsync(cipher, model, key),
|
||||||
|
EncryptFieldsAsync(model.Fields, key, cipher),
|
||||||
|
EncryptPasswordHistoriesAsync(model.PasswordHistory, key, cipher),
|
||||||
|
EncryptAttachmentsAsync(model.Attachments, key, cipher)
|
||||||
|
};
|
||||||
|
await Task.WhenAll(tasks);
|
||||||
|
return cipher;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task<SymmetricCryptoKey> UpdateCipherAndGetCipherKeyAsync(Cipher cipher, CipherView cipherView, SymmetricCryptoKey key = null, bool shouldCreateNewCipherKeyIfNeeded = true)
|
||||||
|
{
|
||||||
if (key == null && cipher.OrganizationId != null)
|
if (key == null && cipher.OrganizationId != null)
|
||||||
{
|
{
|
||||||
key = await _cryptoService.GetOrgKeyAsync(cipher.OrganizationId);
|
key = await _cryptoService.GetOrgKeyAsync(cipher.OrganizationId);
|
||||||
|
@ -190,20 +215,42 @@ namespace Bit.Core.Services
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var tasks = new List<Task>
|
if (!await ShouldUseCipherKeyEncryptionAsync())
|
||||||
{
|
{
|
||||||
EncryptObjPropertyAsync(model, cipher, new HashSet<string>
|
return key;
|
||||||
{
|
}
|
||||||
"Name",
|
|
||||||
"Notes"
|
if (cipherView.Key != null)
|
||||||
}, key),
|
{
|
||||||
EncryptCipherDataAsync(cipher, model, key),
|
cipher.Key = await _cryptoService.EncryptAsync(cipherView.Key.Key, key);
|
||||||
EncryptFieldsAsync(model.Fields, key, cipher),
|
return cipherView.Key;
|
||||||
EncryptPasswordHistoriesAsync(model.PasswordHistory, key, cipher),
|
}
|
||||||
EncryptAttachmentsAsync(model.Attachments, key, cipher)
|
|
||||||
};
|
if (!shouldCreateNewCipherKeyIfNeeded)
|
||||||
await Task.WhenAll(tasks);
|
{
|
||||||
return cipher;
|
return key;
|
||||||
|
}
|
||||||
|
|
||||||
|
#if ENABLE_NEW_CIPHER_KEY_ENCRYPTION_ON_CREATION
|
||||||
|
// turned on, only on debug to check that the enc/decryption is working fine at the cipher level.
|
||||||
|
// this will be allowed on production on a later release.
|
||||||
|
var cfs = ServiceContainer.Resolve<ICryptoFunctionService>();
|
||||||
|
var newKey = new SymmetricCryptoKey(await cfs.RandomBytesAsync(Core.Constants.CipherKeyRandomBytesLength));
|
||||||
|
cipher.Key = await _cryptoService.EncryptAsync(newKey.Key, key);
|
||||||
|
|
||||||
|
return newKey;
|
||||||
|
#else
|
||||||
|
return key;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task<bool> ShouldUseCipherKeyEncryptionAsync()
|
||||||
|
{
|
||||||
|
var config = await _configService.GetAsync();
|
||||||
|
|
||||||
|
return config != null
|
||||||
|
&&
|
||||||
|
VersionHelpers.IsServerVersionGreaterThanOrEqualTo(config.Version, Constants.CipherKeyEncryptionMinServerVersion);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<Cipher> GetAsync(string id)
|
public async Task<Cipher> GetAsync(string id)
|
||||||
|
@ -511,6 +558,7 @@ namespace Bit.Core.Services
|
||||||
var request = new CipherRequest(cipher);
|
var request = new CipherRequest(cipher);
|
||||||
response = await _apiService.PutCipherAsync(cipher.Id, request);
|
response = await _apiService.PutCipherAsync(cipher.Id, request);
|
||||||
}
|
}
|
||||||
|
|
||||||
var userId = await _stateService.GetActiveUserIdAsync();
|
var userId = await _stateService.GetActiveUserIdAsync();
|
||||||
var data = new CipherData(response, userId, cipher.CollectionIds);
|
var data = new CipherData(response, userId, cipher.CollectionIds);
|
||||||
await UpsertAsync(data);
|
await UpsertAsync(data);
|
||||||
|
@ -560,9 +608,9 @@ namespace Bit.Core.Services
|
||||||
.Any(c => !cipher.Login.MainFido2Key.IsUniqueAgainst(c.Login?.MainFido2Key));
|
.Any(c => !cipher.Login.MainFido2Key.IsUniqueAgainst(c.Login?.MainFido2Key));
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task<Cipher> SaveAttachmentRawWithServerAsync(Cipher cipher, string filename, byte[] data)
|
public async Task<Cipher> SaveAttachmentRawWithServerAsync(Cipher cipher, CipherView cipherView, string filename, byte[] data)
|
||||||
{
|
{
|
||||||
var (attachmentKey, protectedAttachmentKey, encKey) = await MakeAttachmentKeyAsync(cipher.OrganizationId);
|
var (attachmentKey, protectedAttachmentKey, encKey) = await MakeAttachmentKeyAsync(cipher.OrganizationId, cipher, cipherView);
|
||||||
|
|
||||||
var encFileName = await _cryptoService.EncryptAsync(filename, encKey);
|
var encFileName = await _cryptoService.EncryptAsync(filename, encKey);
|
||||||
var encFileData = await _cryptoService.EncryptToBytesAsync(data, attachmentKey);
|
var encFileData = await _cryptoService.EncryptToBytesAsync(data, attachmentKey);
|
||||||
|
@ -579,6 +627,7 @@ namespace Bit.Core.Services
|
||||||
|
|
||||||
var uploadDataResponse = await _apiService.PostCipherAttachmentAsync(cipher.Id, request);
|
var uploadDataResponse = await _apiService.PostCipherAttachmentAsync(cipher.Id, request);
|
||||||
response = uploadDataResponse.CipherResponse;
|
response = uploadDataResponse.CipherResponse;
|
||||||
|
|
||||||
await _fileUploadService.UploadCipherAttachmentFileAsync(uploadDataResponse, encFileName, encFileData);
|
await _fileUploadService.UploadCipherAttachmentFileAsync(uploadDataResponse, encFileName, encFileData);
|
||||||
}
|
}
|
||||||
catch (ApiException e) when (e.Error.StatusCode == System.Net.HttpStatusCode.NotFound || e.Error.StatusCode == System.Net.HttpStatusCode.MethodNotAllowed)
|
catch (ApiException e) when (e.Error.StatusCode == System.Net.HttpStatusCode.NotFound || e.Error.StatusCode == System.Net.HttpStatusCode.MethodNotAllowed)
|
||||||
|
@ -801,10 +850,18 @@ namespace Bit.Core.Services
|
||||||
|
|
||||||
// Helpers
|
// Helpers
|
||||||
|
|
||||||
private async Task<Tuple<SymmetricCryptoKey, EncString, SymmetricCryptoKey>> MakeAttachmentKeyAsync(string organizationId)
|
private async Task<Tuple<SymmetricCryptoKey, EncString, SymmetricCryptoKey>> MakeAttachmentKeyAsync(string organizationId, Cipher cipher = null, CipherView cipherView = null)
|
||||||
{
|
{
|
||||||
var encryptionKey = await _cryptoService.GetOrgKeyAsync(organizationId)
|
var orgKey = await _cryptoService.GetOrgKeyAsync(organizationId);
|
||||||
?? (SymmetricCryptoKey)await _cryptoService.GetUserKeyWithLegacySupportAsync();
|
|
||||||
|
SymmetricCryptoKey encryptionKey = orgKey;
|
||||||
|
if (cipher != null && cipherView != null)
|
||||||
|
{
|
||||||
|
encryptionKey = await UpdateCipherAndGetCipherKeyAsync(cipher, cipherView, orgKey, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
encryptionKey ??= await _cryptoService.GetUserKeyWithLegacySupportAsync();
|
||||||
|
|
||||||
var (attachmentKey, protectedAttachmentKey) = await _cryptoService.MakeDataEncKeyAsync(encryptionKey);
|
var (attachmentKey, protectedAttachmentKey) = await _cryptoService.MakeDataEncKeyAsync(encryptionKey);
|
||||||
return new Tuple<SymmetricCryptoKey, EncString, SymmetricCryptoKey>(attachmentKey, protectedAttachmentKey, encryptionKey);
|
return new Tuple<SymmetricCryptoKey, EncString, SymmetricCryptoKey>(attachmentKey, protectedAttachmentKey, encryptionKey);
|
||||||
}
|
}
|
||||||
|
@ -1069,7 +1126,7 @@ namespace Bit.Core.Services
|
||||||
{
|
{
|
||||||
await EncryptObjPropertyAsync(model, attachment, new HashSet<string>
|
await EncryptObjPropertyAsync(model, attachment, new HashSet<string>
|
||||||
{
|
{
|
||||||
"FileName"
|
nameof(AttachmentView.FileName)
|
||||||
}, key);
|
}, key);
|
||||||
if (model.Key != null)
|
if (model.Key != null)
|
||||||
{
|
{
|
||||||
|
|
|
@ -236,9 +236,9 @@ namespace Bit.Core.Services
|
||||||
{
|
{
|
||||||
throw new ArgumentNullException(nameof(key));
|
throw new ArgumentNullException(nameof(key));
|
||||||
}
|
}
|
||||||
if (!(key is UserKey) && !(key is OrgKey))
|
if (!(key is UserKey) && !(key is OrgKey) && !(key is CipherKey))
|
||||||
{
|
{
|
||||||
throw new ArgumentException($"Data encryption keys must be of type UserKey or OrgKey. {key.GetType().FullName} unsupported.");
|
throw new ArgumentException($"Data encryption keys must be of type UserKey or OrgKey or CipherKey. {key.GetType().FullName} unsupported.");
|
||||||
}
|
}
|
||||||
|
|
||||||
var newSymKey = await _cryptoFunctionService.RandomBytesAsync(64);
|
var newSymKey = await _cryptoFunctionService.RandomBytesAsync(64);
|
||||||
|
|
|
@ -44,8 +44,9 @@ namespace Bit.Core.Utilities
|
||||||
var organizationService = new OrganizationService(stateService, apiService);
|
var organizationService = new OrganizationService(stateService, apiService);
|
||||||
var settingsService = new SettingsService(stateService);
|
var settingsService = new SettingsService(stateService);
|
||||||
var fileUploadService = new FileUploadService(apiService);
|
var fileUploadService = new FileUploadService(apiService);
|
||||||
|
var configService = new ConfigService(apiService, stateService, logger);
|
||||||
var cipherService = new CipherService(cryptoService, stateService, settingsService, apiService,
|
var cipherService = new CipherService(cryptoService, stateService, settingsService, apiService,
|
||||||
fileUploadService, storageService, i18nService, () => searchService, clearCipherCacheKey,
|
fileUploadService, storageService, i18nService, () => searchService, configService, clearCipherCacheKey,
|
||||||
allClearCipherCacheKeys);
|
allClearCipherCacheKeys);
|
||||||
var folderService = new FolderService(cryptoService, stateService, apiService, i18nService, cipherService);
|
var folderService = new FolderService(cryptoService, stateService, apiService, i18nService, cipherService);
|
||||||
var collectionService = new CollectionService(cryptoService, stateService, i18nService);
|
var collectionService = new CollectionService(cryptoService, stateService, i18nService);
|
||||||
|
@ -88,7 +89,6 @@ namespace Bit.Core.Utilities
|
||||||
var environmentService = new EnvironmentService(apiService, stateService, conditionedRunner);
|
var environmentService = new EnvironmentService(apiService, stateService, conditionedRunner);
|
||||||
var eventService = new EventService(apiService, stateService, organizationService, cipherService);
|
var eventService = new EventService(apiService, stateService, organizationService, cipherService);
|
||||||
var usernameGenerationService = new UsernameGenerationService(cryptoService, apiService, stateService);
|
var usernameGenerationService = new UsernameGenerationService(cryptoService, apiService, stateService);
|
||||||
var configService = new ConfigService(apiService, stateService, logger);
|
|
||||||
|
|
||||||
Register<IConditionedAwaiterManager>(conditionedRunner);
|
Register<IConditionedAwaiterManager>(conditionedRunner);
|
||||||
Register<ITokenService>("tokenService", tokenService);
|
Register<ITokenService>("tokenService", tokenService);
|
||||||
|
@ -96,6 +96,7 @@ namespace Bit.Core.Utilities
|
||||||
Register<IAppIdService>("appIdService", appIdService);
|
Register<IAppIdService>("appIdService", appIdService);
|
||||||
Register<IOrganizationService>("organizationService", organizationService);
|
Register<IOrganizationService>("organizationService", organizationService);
|
||||||
Register<ISettingsService>("settingsService", settingsService);
|
Register<ISettingsService>("settingsService", settingsService);
|
||||||
|
Register<IConfigService>(configService);
|
||||||
Register<ICipherService>("cipherService", cipherService);
|
Register<ICipherService>("cipherService", cipherService);
|
||||||
Register<IFolderService>("folderService", folderService);
|
Register<IFolderService>("folderService", folderService);
|
||||||
Register<ICollectionService>("collectionService", collectionService);
|
Register<ICollectionService>("collectionService", collectionService);
|
||||||
|
@ -114,7 +115,6 @@ namespace Bit.Core.Utilities
|
||||||
Register<IEnvironmentService>("environmentService", environmentService);
|
Register<IEnvironmentService>("environmentService", environmentService);
|
||||||
Register<IEventService>("eventService", eventService);
|
Register<IEventService>("eventService", eventService);
|
||||||
Register<IUsernameGenerationService>(usernameGenerationService);
|
Register<IUsernameGenerationService>(usernameGenerationService);
|
||||||
Register<IConfigService>(configService);
|
|
||||||
Register<IDeviceTrustCryptoService>(deviceTrustCryptoService);
|
Register<IDeviceTrustCryptoService>(deviceTrustCryptoService);
|
||||||
Register<IPasswordResetEnrollmentService>(passwordResetEnrollmentService);
|
Register<IPasswordResetEnrollmentService>(passwordResetEnrollmentService);
|
||||||
}
|
}
|
||||||
|
|
34
src/Core/Utilities/VersionHelpers.cs
Normal file
34
src/Core/Utilities/VersionHelpers.cs
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
using System;
|
||||||
|
|
||||||
|
namespace Bit.Core.Utilities
|
||||||
|
{
|
||||||
|
public static class VersionHelpers
|
||||||
|
{
|
||||||
|
private const char SUFFIX_SEPARATOR = '-';
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// Compares two server versions and gets whether the <paramref name="targetVersion"/>
|
||||||
|
/// is greater than or equal to <paramref name="compareToVersion"/>.
|
||||||
|
/// WARNING: This doesn't take into account hotfix suffix.
|
||||||
|
/// </summary>
|
||||||
|
/// <param name="targetVersion">Version to compare</param>
|
||||||
|
/// <param name="compareToVersion">Version to compare against</param>
|
||||||
|
/// <returns>
|
||||||
|
/// <c>True</c> if <paramref name="targetVersion"/> is greater than or equal to <paramref name="compareToVersion"/>; <c>False</c> otherwise.
|
||||||
|
/// </returns>
|
||||||
|
public static bool IsServerVersionGreaterThanOrEqualTo(string targetVersion, string compareToVersion)
|
||||||
|
{
|
||||||
|
return new Version(RemoveSuffix(targetVersion)).CompareTo(new Version(RemoveSuffix(compareToVersion))) >= 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static string RemoveSuffix(string version)
|
||||||
|
{
|
||||||
|
if (string.IsNullOrWhiteSpace(version))
|
||||||
|
{
|
||||||
|
throw new ArgumentNullException(nameof(version));
|
||||||
|
}
|
||||||
|
|
||||||
|
return version.Split(SUFFIX_SEPARATOR)[0];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,6 +1,8 @@
|
||||||
using System;
|
using System;
|
||||||
|
using System.Text;
|
||||||
using AutoFixture;
|
using AutoFixture;
|
||||||
using Bit.Core.Models.Domain;
|
using Bit.Core.Models.Domain;
|
||||||
|
using Bit.Core.Models.View;
|
||||||
using Bit.Test.Common.AutoFixture;
|
using Bit.Test.Common.AutoFixture;
|
||||||
using Bit.Test.Common.AutoFixture.Attributes;
|
using Bit.Test.Common.AutoFixture.Attributes;
|
||||||
|
|
||||||
|
@ -26,16 +28,36 @@ namespace Bit.Core.Test.AutoFixture
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
internal class UserCipherView : ICustomization
|
||||||
|
{
|
||||||
|
public void Customize(IFixture fixture)
|
||||||
|
{
|
||||||
|
byte[] getRandomBytes(int size)
|
||||||
|
{
|
||||||
|
Random random = new Random();
|
||||||
|
|
||||||
|
byte[] bytes = new byte[size];
|
||||||
|
random.NextBytes(bytes);
|
||||||
|
return bytes;
|
||||||
|
};
|
||||||
|
|
||||||
|
fixture.Customize<CipherView>(composer => composer
|
||||||
|
.Without(c => c.OrganizationId)
|
||||||
|
.Without(c => c.Attachments)
|
||||||
|
.With(c => c.Key, new SymmetricCryptoKey(getRandomBytes(32), Enums.EncryptionType.AesCbc128_HmacSha256_B64)));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
internal class UserCipherAutoDataAttribute : CustomAutoDataAttribute
|
internal class UserCipherAutoDataAttribute : CustomAutoDataAttribute
|
||||||
{
|
{
|
||||||
public UserCipherAutoDataAttribute() : base(new SutProviderCustomization(),
|
public UserCipherAutoDataAttribute() : base(new SutProviderCustomization(),
|
||||||
new UserCipher())
|
new UserCipher(), new UserCipherView())
|
||||||
{ }
|
{ }
|
||||||
}
|
}
|
||||||
internal class InlineUserCipherAutoDataAttribute : InlineCustomAutoDataAttribute
|
internal class InlineUserCipherAutoDataAttribute : InlineCustomAutoDataAttribute
|
||||||
{
|
{
|
||||||
public InlineUserCipherAutoDataAttribute(params object[] values) : base(new[] { typeof(SutProviderCustomization),
|
public InlineUserCipherAutoDataAttribute(params object[] values) : base(new[] { typeof(SutProviderCustomization),
|
||||||
typeof(UserCipher) }, values)
|
typeof(UserCipher), typeof(UserCipherView) }, values)
|
||||||
{ }
|
{ }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ namespace Bit.Core.Test.Services
|
||||||
{
|
{
|
||||||
[Theory, UserCipherAutoData]
|
[Theory, UserCipherAutoData]
|
||||||
public async Task SaveWithServerAsync_PrefersFileUploadService(SutProvider<CipherService> sutProvider,
|
public async Task SaveWithServerAsync_PrefersFileUploadService(SutProvider<CipherService> sutProvider,
|
||||||
Cipher cipher, string fileName, EncByteArray data, AttachmentUploadDataResponse uploadDataResponse, EncString encKey)
|
Cipher cipher, CipherView cipherView, string fileName, EncByteArray data, AttachmentUploadDataResponse uploadDataResponse, EncString encKey)
|
||||||
{
|
{
|
||||||
var encFileName = new EncString(fileName);
|
var encFileName = new EncString(fileName);
|
||||||
sutProvider.GetDependency<ICryptoService>().EncryptAsync(fileName, Arg.Any<SymmetricCryptoKey>())
|
sutProvider.GetDependency<ICryptoService>().EncryptAsync(fileName, Arg.Any<SymmetricCryptoKey>())
|
||||||
|
@ -33,7 +33,7 @@ namespace Bit.Core.Test.Services
|
||||||
sutProvider.GetDependency<IApiService>().PostCipherAttachmentAsync(cipher.Id, Arg.Any<AttachmentRequest>())
|
sutProvider.GetDependency<IApiService>().PostCipherAttachmentAsync(cipher.Id, Arg.Any<AttachmentRequest>())
|
||||||
.Returns(uploadDataResponse);
|
.Returns(uploadDataResponse);
|
||||||
|
|
||||||
await sutProvider.Sut.SaveAttachmentRawWithServerAsync(cipher, fileName, data.Buffer);
|
await sutProvider.Sut.SaveAttachmentRawWithServerAsync(cipher, cipherView, fileName, data.Buffer);
|
||||||
|
|
||||||
await sutProvider.GetDependency<IFileUploadService>().Received(1)
|
await sutProvider.GetDependency<IFileUploadService>().Received(1)
|
||||||
.UploadCipherAttachmentFileAsync(uploadDataResponse, encFileName, data);
|
.UploadCipherAttachmentFileAsync(uploadDataResponse, encFileName, data);
|
||||||
|
@ -43,7 +43,7 @@ namespace Bit.Core.Test.Services
|
||||||
[InlineUserCipherAutoData(HttpStatusCode.NotFound)]
|
[InlineUserCipherAutoData(HttpStatusCode.NotFound)]
|
||||||
[InlineUserCipherAutoData(HttpStatusCode.MethodNotAllowed)]
|
[InlineUserCipherAutoData(HttpStatusCode.MethodNotAllowed)]
|
||||||
public async Task SaveWithServerAsync_FallsBackToLegacyFormData(HttpStatusCode statusCode,
|
public async Task SaveWithServerAsync_FallsBackToLegacyFormData(HttpStatusCode statusCode,
|
||||||
SutProvider<CipherService> sutProvider, Cipher cipher, string fileName, EncByteArray data,
|
SutProvider<CipherService> sutProvider, Cipher cipher, CipherView cipherView, string fileName, EncByteArray data,
|
||||||
CipherResponse response, EncString encKey)
|
CipherResponse response, EncString encKey)
|
||||||
{
|
{
|
||||||
sutProvider.GetDependency<ICryptoService>().EncryptAsync(fileName, Arg.Any<SymmetricCryptoKey>())
|
sutProvider.GetDependency<ICryptoService>().EncryptAsync(fileName, Arg.Any<SymmetricCryptoKey>())
|
||||||
|
@ -56,7 +56,7 @@ namespace Bit.Core.Test.Services
|
||||||
sutProvider.GetDependency<IApiService>().PostCipherAttachmentLegacyAsync(cipher.Id, Arg.Any<MultipartFormDataContent>())
|
sutProvider.GetDependency<IApiService>().PostCipherAttachmentLegacyAsync(cipher.Id, Arg.Any<MultipartFormDataContent>())
|
||||||
.Returns(response);
|
.Returns(response);
|
||||||
|
|
||||||
await sutProvider.Sut.SaveAttachmentRawWithServerAsync(cipher, fileName, data.Buffer);
|
await sutProvider.Sut.SaveAttachmentRawWithServerAsync(cipher, cipherView, fileName, data.Buffer);
|
||||||
|
|
||||||
await sutProvider.GetDependency<IApiService>().Received(1)
|
await sutProvider.GetDependency<IApiService>().Received(1)
|
||||||
.PostCipherAttachmentLegacyAsync(cipher.Id, Arg.Any<MultipartFormDataContent>());
|
.PostCipherAttachmentLegacyAsync(cipher.Id, Arg.Any<MultipartFormDataContent>());
|
||||||
|
@ -64,7 +64,7 @@ namespace Bit.Core.Test.Services
|
||||||
|
|
||||||
[Theory, UserCipherAutoData]
|
[Theory, UserCipherAutoData]
|
||||||
public async Task SaveWithServerAsync_ThrowsOnBadRequestApiException(SutProvider<CipherService> sutProvider,
|
public async Task SaveWithServerAsync_ThrowsOnBadRequestApiException(SutProvider<CipherService> sutProvider,
|
||||||
Cipher cipher, string fileName, EncByteArray data, EncString encKey)
|
Cipher cipher, CipherView cipherView, string fileName, EncByteArray data, EncString encKey)
|
||||||
{
|
{
|
||||||
sutProvider.GetDependency<ICryptoService>().EncryptAsync(fileName, Arg.Any<SymmetricCryptoKey>())
|
sutProvider.GetDependency<ICryptoService>().EncryptAsync(fileName, Arg.Any<SymmetricCryptoKey>())
|
||||||
.Returns(new EncString(fileName));
|
.Returns(new EncString(fileName));
|
||||||
|
@ -77,7 +77,7 @@ namespace Bit.Core.Test.Services
|
||||||
.Throws(expectedException);
|
.Throws(expectedException);
|
||||||
|
|
||||||
var actualException = await Assert.ThrowsAsync<ApiException>(async () =>
|
var actualException = await Assert.ThrowsAsync<ApiException>(async () =>
|
||||||
await sutProvider.Sut.SaveAttachmentRawWithServerAsync(cipher, fileName, data.Buffer));
|
await sutProvider.Sut.SaveAttachmentRawWithServerAsync(cipher, cipherView, fileName, data.Buffer));
|
||||||
|
|
||||||
Assert.Equal(expectedException.Error.StatusCode, actualException.Error.StatusCode);
|
Assert.Equal(expectedException.Error.StatusCode, actualException.Error.StatusCode);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue