[PM-5693] Migrate SDK to KeyStore

bitwarden_license/bitwarden-sm/src/projects/create.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::ProjectCreateRequestModel;
-use bitwarden_core::Client;
-use bitwarden_crypto::KeyEncryptable;
+use bitwarden_core::{key_management::SymmetricKeyId, Client};
+use bitwarden_crypto::Encryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -26,11 +26,16 @@
 ) -> Result<ProjectResponse, SecretsManagerError> {
     input.validate()?;
 
-    let enc = client.internal.get_encryption_settings()?;
-    let key = enc.get_key(&Some(input.organization_id))?;
+    let key_store = client.internal.get_key_store();
+    let key = SymmetricKeyId::Organization(input.organization_id);
 
     let project = Some(ProjectCreateRequestModel {
-        name: input.name.clone().trim().encrypt_with_key(key)?.to_string(),
+        name: input
+            .name
+            .clone()
+            .trim()
+            .encrypt(&mut key_store.context(), key)?
+            .to_string(),
     });
 
     let config = client.internal.get_api_configurations().await;
@@ -41,7 +46,7 @@
     )
     .await?;
 
-    ProjectResponse::process_response(res, &enc)
+    ProjectResponse::process_response(res, &mut key_store.context())
 }
 
 #[cfg(test)]

bitwarden_license/bitwarden-sm/src/projects/get.rs

@@ -20,7 +20,7 @@
 
     let res = bitwarden_api_api::apis::projects_api::projects_id_get(&config.api, input.id).await?;
 
-    let enc = client.internal.get_encryption_settings()?;
+    let key_store = client.internal.get_key_store();
 
-    ProjectResponse::process_response(res, &enc)
+    ProjectResponse::process_response(res, &mut key_store.context())
 }

bitwarden_license/bitwarden-sm/src/projects/list.rs

@@ -1,5 +1,6 @@
 use bitwarden_api_api::models::ProjectResponseModelListResponseModel;
-use bitwarden_core::client::{encryption_settings::EncryptionSettings, Client};
+use bitwarden_core::{client::Client, key_management::KeyIds};
+use bitwarden_crypto::KeyStoreContext;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -24,9 +25,9 @@
     )
     .await?;
 
-    let enc = client.internal.get_encryption_settings()?;
+    let key_store = client.internal.get_key_store();
 
-    ProjectsResponse::process_response(res, &enc)
+    ProjectsResponse::process_response(res, &mut key_store.context())
 }
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema)]
@@ -38,14 +39,14 @@
 impl ProjectsResponse {
     pub(crate) fn process_response(
         response: ProjectResponseModelListResponseModel,
-        enc: &EncryptionSettings,
+        ctx: &mut KeyStoreContext<KeyIds>,
     ) -> Result<Self, SecretsManagerError> {
         let data = response.data.unwrap_or_default();
 
         Ok(ProjectsResponse {
             data: data
                 .into_iter()
-                .map(|r| ProjectResponse::process_response(r, enc))
+                .map(|r| ProjectResponse::process_response(r, ctx))
                 .collect::<Result<_, _>>()?,
         })
     }

bitwarden_license/bitwarden-sm/src/projects/project_response.rs

@@ -1,6 +1,9 @@
 use bitwarden_api_api::models::ProjectResponseModel;
-use bitwarden_core::{client::encryption_settings::EncryptionSettings, require};
-use bitwarden_crypto::{EncString, KeyDecryptable};
+use bitwarden_core::{
+    key_management::{KeyIds, SymmetricKeyId},
+    require,
+};
+use bitwarden_crypto::{Decryptable, EncString, KeyStoreContext};
 use chrono::{DateTime, Utc};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -21,14 +24,14 @@
 impl ProjectResponse {
     pub(crate) fn process_response(
         response: ProjectResponseModel,
-        enc: &EncryptionSettings,
+        ctx: &mut KeyStoreContext<KeyIds>,
     ) -> Result<Self, SecretsManagerError> {
         let organization_id = require!(response.organization_id);
-        let enc_key = enc.get_key(&Some(organization_id))?;
+        let key = SymmetricKeyId::Organization(organization_id);
 
         let name = require!(response.name)
             .parse::<EncString>()?
-            .decrypt_with_key(enc_key)?;
+            .decrypt(ctx, key)?;
 
         Ok(ProjectResponse {
             id: require!(response.id),

bitwarden_license/bitwarden-sm/src/projects/update.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::ProjectUpdateRequestModel;
-use bitwarden_core::Client;
-use bitwarden_crypto::KeyEncryptable;
+use bitwarden_core::{key_management::SymmetricKeyId, Client};
+use bitwarden_crypto::Encryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -28,19 +28,24 @@
 ) -> Result<ProjectResponse, SecretsManagerError> {
     input.validate()?;
 
-    let enc = client.internal.get_encryption_settings()?;
-    let key = enc.get_key(&Some(input.organization_id))?;
+    let key_store = client.internal.get_key_store();
+    let key = SymmetricKeyId::Organization(input.organization_id);
 
     let project = Some(ProjectUpdateRequestModel {
-        name: input.name.clone().trim().encrypt_with_key(key)?.to_string(),
+        name: input
+            .name
+            .clone()
+            .trim()
+            .encrypt(&mut key_store.context(), key)?
+            .to_string(),
     });
 
     let config = client.internal.get_api_configurations().await;
     let res =
         bitwarden_api_api::apis::projects_api::projects_id_put(&config.api, input.id, project)
             .await?;
 
-    ProjectResponse::process_response(res, &enc)
+    ProjectResponse::process_response(res, &mut key_store.context())
 }
 
 #[cfg(test)]

bitwarden_license/bitwarden-sm/src/secrets/create.rs

@@ -1,6 +1,6 @@
 use bitwarden_api_api::models::SecretCreateRequestModel;
-use bitwarden_core::Client;
-use bitwarden_crypto::KeyEncryptable;
+use bitwarden_core::{key_management::SymmetricKeyId, Client};
+use bitwarden_crypto::Encryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -34,16 +34,23 @@
 ) -> Result<SecretResponse, SecretsManagerError> {
     input.validate()?;
 
-    let enc = client.internal.get_encryption_settings()?;
-    let key = enc.get_key(&Some(input.organization_id))?;
+    let key_store = client.internal.get_key_store();
+    let key = SymmetricKeyId::Organization(input.organization_id);
+    let mut ctx = key_store.context();
 
     let secret = Some(SecretCreateRequestModel {
-        key: input.key.clone().trim().encrypt_with_key(key)?.to_string(),
-        value: input.value.clone().encrypt_with_key(key)?.to_string(),
-        note: input.note.clone().trim().encrypt_with_key(key)?.to_string(),
+        key: input.key.clone().trim().encrypt(&mut ctx, key)?.to_string(),
+        value: input.value.clone().encrypt(&mut ctx, key)?.to_string(),
+        note: input
+            .note
+            .clone()
+            .trim()
+            .encrypt(&mut ctx, key)?
+            .to_string(),
         project_ids: input.project_ids.clone(),
         access_policies_requests: None,
     });
+    drop(ctx);
 
     let config = client.internal.get_api_configurations().await;
     let res = bitwarden_api_api::apis::secrets_api::organizations_organization_id_secrets_post(
@@ -53,7 +60,7 @@
     )
     .await?;
 
-    SecretResponse::process_response(res, &enc)
+    SecretResponse::process_response(res, &mut key_store.context())
 }
 
 #[cfg(test)]

bitwarden_license/bitwarden-sm/src/secrets/get.rs

@@ -19,7 +19,7 @@
     let config = client.internal.get_api_configurations().await;
     let res = bitwarden_api_api::apis::secrets_api::secrets_id_get(&config.api, input.id).await?;
 
-    let enc = client.internal.get_encryption_settings()?;
+    let key_store = client.internal.get_key_store();
 
-    SecretResponse::process_response(res, &enc)
+    SecretResponse::process_response(res, &mut key_store.context())
 }

bitwarden_license/bitwarden-sm/src/secrets/get_by_ids.rs

@@ -24,7 +24,7 @@
     let res =
         bitwarden_api_api::apis::secrets_api::secrets_get_by_ids_post(&config.api, request).await?;
 
-    let enc = client.internal.get_encryption_settings()?;
+    let key_store = client.internal.get_key_store();
 
-    SecretsResponse::process_response(res, &enc)
+    SecretsResponse::process_response(res, &mut key_store.context())
 }

bitwarden_license/bitwarden-sm/src/secrets/list.rs

@@ -2,10 +2,11 @@
     SecretWithProjectsListResponseModel, SecretsWithProjectsInnerSecret,
 };
 use bitwarden_core::{
-    client::{encryption_settings::EncryptionSettings, Client},
+    client::Client,
+    key_management::{KeyIds, SymmetricKeyId},
     require,
 };
-use bitwarden_crypto::{EncString, KeyDecryptable};
+use bitwarden_crypto::{Decryptable, EncString, KeyStoreContext};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -30,9 +31,9 @@
     )
     .await?;
 
-    let enc = client.internal.get_encryption_settings()?;
+    let key_store = client.internal.get_key_store();
 
-    SecretIdentifiersResponse::process_response(res, &enc)
+    SecretIdentifiersResponse::process_response(res, &mut key_store.context())
 }
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema)]
@@ -53,9 +54,9 @@
     )
     .await?;
 
-    let enc = client.internal.get_encryption_settings()?;
+    let key_store = client.internal.get_key_store();
 
-    SecretIdentifiersResponse::process_response(res, &enc)
+    SecretIdentifiersResponse::process_response(res, &mut key_store.context())
 }
 
 #[derive(Serialize, Deserialize, Debug, JsonSchema)]
@@ -67,14 +68,14 @@
 impl SecretIdentifiersResponse {
     pub(crate) fn process_response(
         response: SecretWithProjectsListResponseModel,
-        enc: &EncryptionSettings,
+        ctx: &mut KeyStoreContext<KeyIds>,
     ) -> Result<SecretIdentifiersResponse, SecretsManagerError> {
         Ok(SecretIdentifiersResponse {
             data: response
                 .secrets
                 .unwrap_or_default()
                 .into_iter()
-                .map(|r| SecretIdentifierResponse::process_response(r, enc))
+                .map(|r| SecretIdentifierResponse::process_response(r, ctx))
                 .collect::<Result<_, _>>()?,
         })
     }
@@ -92,14 +93,14 @@
 impl SecretIdentifierResponse {
     pub(crate) fn process_response(
         response: SecretsWithProjectsInnerSecret,
-        enc: &EncryptionSettings,
+        ctx: &mut KeyStoreContext<KeyIds>,
     ) -> Result<SecretIdentifierResponse, SecretsManagerError> {
         let organization_id = require!(response.organization_id);
-        let enc_key = enc.get_key(&Some(organization_id))?;
+        let enc_key = SymmetricKeyId::Organization(organization_id);
 
         let key = require!(response.key)
             .parse::<EncString>()?
-            .decrypt_with_key(enc_key)?;
+            .decrypt(ctx, enc_key)?;
 
         Ok(SecretIdentifierResponse {
             id: require!(response.id),

bitwarden_license/bitwarden-sm/src/secrets/secret_response.rs

@@ -1,8 +1,11 @@
 use bitwarden_api_api::models::{
     BaseSecretResponseModel, BaseSecretResponseModelListResponseModel, SecretResponseModel,
 };
-use bitwarden_core::{client::encryption_settings::EncryptionSettings, require};
-use bitwarden_crypto::{EncString, KeyDecryptable};
+use bitwarden_core::{
+    key_management::{KeyIds, SymmetricKeyId},
+    require,
+};
+use bitwarden_crypto::{Decryptable, EncString, KeyStoreContext};
 use chrono::{DateTime, Utc};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -28,7 +31,7 @@
 impl SecretResponse {
     pub(crate) fn process_response(
         response: SecretResponseModel,
-        enc: &EncryptionSettings,
+        ctx: &mut KeyStoreContext<KeyIds>,
     ) -> Result<SecretResponse, SecretsManagerError> {
         let base = BaseSecretResponseModel {
             object: response.object,
@@ -41,24 +44,26 @@
             revision_date: response.revision_date,
             projects: response.projects,
         };
-        Self::process_base_response(base, enc)
+        Self::process_base_response(base, ctx)
     }
     pub(crate) fn process_base_response(
         response: BaseSecretResponseModel,
-        enc: &EncryptionSettings,
+        ctx: &mut KeyStoreContext<KeyIds>,
     ) -> Result<SecretResponse, SecretsManagerError> {
-        let org_id = response.organization_id;
-        let enc_key = enc.get_key(&org_id)?;
+        let organization_id = require!(response.organization_id);
+        let enc_key = SymmetricKeyId::Organization(organization_id);
 
         let key = require!(response.key)
             .parse::<EncString>()?
-            .decrypt_with_key(enc_key)?;
+            .decrypt(ctx, enc_key)?;
+
         let value = require!(response.value)
             .parse::<EncString>()?
-            .decrypt_with_key(enc_key)?;
+            .decrypt(ctx, enc_key)?;
+
         let note = require!(response.note)
             .parse::<EncString>()?
-            .decrypt_with_key(enc_key)?;
+            .decrypt(ctx, enc_key)?;
 
         let project = response
             .projects
@@ -67,7 +72,7 @@
 
         Ok(SecretResponse {
             id: require!(response.id),
-            organization_id: require!(org_id),
+            organization_id,
             project_id: project,
             key,
             value,
@@ -88,14 +93,14 @@
 impl SecretsResponse {
     pub(crate) fn process_response(
         response: BaseSecretResponseModelListResponseModel,
-        enc: &EncryptionSettings,
+        ctx: &mut KeyStoreContext<KeyIds>,
     ) -> Result<SecretsResponse, SecretsManagerError> {
         Ok(SecretsResponse {
             data: response
                 .data
                 .unwrap_or_default()
                 .into_iter()
-                .map(|r| SecretResponse::process_base_response(r, enc))
+                .map(|r| SecretResponse::process_base_response(r, ctx))
                 .collect::<Result<_, _>>()?,
         })
     }