search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Cleanup - unused files / unused exports / duplicate exports
[ProtonMail-WebClient.git] / packages / shared / lib / recoveryFile / recoveryFile.ts
blob2d1247ba450b57cb139e0dcbbde647689860e0bd
1 import type { PrivateKeyReference, PublicKeyReference } from '@proton/crypto';
2 import { CryptoProxy, VERIFICATION_STATUS } from '@proton/crypto';
3 import { uint8ArrayToBase64String } from '@proton/shared/lib/helpers/encoding';
4 import isTruthy from '@proton/utils/isTruthy';
5 import mergeUint8Arrays from '@proton/utils/mergeUint8Arrays';
6
7 import type { APP_NAMES } from '../constants';
8 import { APPS, RECOVERY_FILE_FILE_NAME } from '../constants';
9 import downloadFile from '../helpers/downloadFile';
10 import type { Address, DecryptedKey, Key, KeyWithRecoverySecret, User } from '../interfaces';
11 import type { ArmoredKeyWithInfo } from '../keys';
12 import { getHasMigratedAddressKeys, getPrimaryKey } from '../keys';
13
14 const decryptRecoveryFile = (recoverySecrets: KeyWithRecoverySecret[]) => async (file: string) => {
15     try {
16         return await Promise.any(
17             recoverySecrets.map(async ({ RecoverySecret }) => {
18                 const { data } = await CryptoProxy.decryptMessage({
19                     armoredMessage: file,
20                     passwords: RecoverySecret,
21                     format: 'binary',
22                 });
23
24                 return data;
25             })
26         );
27     } catch (error: any) {
28         return undefined;
29     }
30 };
31
32 export const parseRecoveryFiles = async (filesAsStrings: string[] = [], recoverySecrets: KeyWithRecoverySecret[]) => {
33     const decryptedFiles = (await Promise.all(filesAsStrings.map(decryptRecoveryFile(recoverySecrets)))).filter(
34         isTruthy
35     );
36     const decryptedArmoredKeys = (
37         await Promise.all(
38             decryptedFiles.map((concatenatedBinaryKeys) =>
39                 CryptoProxy.getArmoredKeys({ binaryKeys: concatenatedBinaryKeys })
40             )
41         )
42     ).flat();
43
44     return Promise.all(
45         decryptedArmoredKeys.map(
46             async (armoredKey): Promise<ArmoredKeyWithInfo> => ({
47                 ...(await CryptoProxy.getKeyInfo({ armoredKey })),
48                 armoredKey,
49             })
50         )
51     );
52 };
53
54 export const generateRecoverySecret = async (privateKey: PrivateKeyReference) => {
55     const length = 32;
56     const randomValues = crypto.getRandomValues(new Uint8Array(length));
57     const recoverySecret = uint8ArrayToBase64String(randomValues);
58
59     const signature = await CryptoProxy.signMessage({
60         textData: recoverySecret,
61         stripTrailingSpaces: true,
62         signingKeys: privateKey,
63         detached: true,
64     });
65
66     return {
67         signature,
68         recoverySecret,
69     };
70 };
71
72 export const generateRecoveryFileMessage = async ({
73     recoverySecret,
74     privateKeys,
75 }: {
76     recoverySecret: string;
77     privateKeys: PrivateKeyReference[];
78 }) => {
79     const userKeysArray = await Promise.all(
80         privateKeys.map((privateKey) =>
81             CryptoProxy.exportPrivateKey({ privateKey: privateKey, passphrase: null, format: 'binary' })
82         )
83     );
84
85     const { message } = await CryptoProxy.encryptMessage({
86         binaryData: mergeUint8Arrays(userKeysArray),
87         passwords: [recoverySecret],
88     });
89
90     return message;
91 };
92
93 export const exportRecoveryFile = async ({
94     recoverySecret,
95     userKeys,
96 }: {
97     recoverySecret: string;
98     userKeys: DecryptedKey[];
99 }) => {
100     const message = await generateRecoveryFileMessage({
101         recoverySecret,
102         privateKeys: userKeys.map(({ privateKey }) => privateKey),
103     });
104     const blob = new Blob([message], { type: 'text/plain' });
105     downloadFile(blob, RECOVERY_FILE_FILE_NAME);
106 };
107
108 export const validateRecoverySecret = async (recoverySecret: KeyWithRecoverySecret, publicKey: PublicKeyReference) => {
109     const { RecoverySecret, RecoverySecretSignature } = recoverySecret;
110
111     const { verified } = await CryptoProxy.verifyMessage({
112         textData: RecoverySecret,
113         stripTrailingSpaces: true,
114         verificationKeys: publicKey,
115         armoredSignature: RecoverySecretSignature,
116     });
117
118     return verified === VERIFICATION_STATUS.SIGNED_AND_VALID;
119 };
120
121 export const getKeyWithRecoverySecret = (key: Key | undefined) => {
122     if (!key?.RecoverySecret || !key?.RecoverySecretSignature) {
123         return;
124     }
125     return key as KeyWithRecoverySecret;
126 };
127
128 export const getRecoverySecrets = (Keys: Key[] = []): KeyWithRecoverySecret[] => {
129     return Keys.map(getKeyWithRecoverySecret).filter(isTruthy);
130 };
131
132 export const getPrimaryRecoverySecret = (Keys: Key[] = []): KeyWithRecoverySecret | undefined => {
133     return getKeyWithRecoverySecret(Keys?.[0]);
134 };
135
136 export const getHasOutdatedRecoveryFile = (keys: Key[] = []) => {
137     const primaryRecoverySecret = getPrimaryRecoverySecret(keys);
138     const recoverySecrets = getRecoverySecrets(keys);
139
140     return recoverySecrets?.length > 0 && !primaryRecoverySecret;
141 };
142
143 export const getIsRecoveryFileAvailable = ({
144     user,
145     addresses,
146     userKeys,
147     appName,
148 }: {
149     user: User;
150     addresses: Address[];
151     userKeys: DecryptedKey[];
152     appName: APP_NAMES;
153 }) => {
154     const hasMigratedKeys = getHasMigratedAddressKeys(addresses);
155     const primaryKey = getPrimaryKey(userKeys);
156
157     const isPrivateUser = Boolean(user.Private);
158
159     return !!primaryKey?.privateKey && hasMigratedKeys && isPrivateUser && appName !== APPS.PROTONVPN_SETTINGS;
160 };
Official AngularJS web client for the ProtonMail secure email service.