@lifeready/core 1.0.1 → 1.0.2

package/src/lib/trusted-parties/tp-password-reset.service.ts

@@ -1,482 +0,0 @@
-import { Injectable, Injector, NgZone } from '@angular/core';
-import { KeyService } from '../cryptography/key.service';
-import { EncryptionService } from '../cryptography/encryption.service';
-import {
-  CreateTpPasswordResetMutation,
-  DeleteTpPasswordResetMutation,
-  TpPasswordResetQuery,
-  UpdateTpPasswordResetMutation,
-  CancelTpPasswordResetRequestMutation,
-} from './tp-password-reset.gql';
-import { KeyGraphService } from '../cryptography/key-graph.service';
-import * as slip from '../cryptography/slip39.service';
-import {
-  LrBadArgumentException,
-  LrBadLogicException,
-} from '../_common/exceptions';
-import { PartialAssemblyKey } from '../scenario/scenario.types';
-import { JWK } from 'node-jose';
-import { Key } from '../cryptography/cryptography.types';
-import { KeyFactoryService } from '../cryptography/key-factory.service';
-import { LrGraphQLService, LrMutation, LrService } from '../api/lr-graphql';
-import { TpNode } from '../api/types';
-import { RunOutsideAngular } from '../_common/run-outside-angular';
-
-export class CreateSubAssembliesInput {
-  name: string;
-  quorum: number;
-  singleReject: boolean;
-  approverTps: TpNode[];
-}
-
-export class UpdateSubAssembliesInput extends CreateSubAssembliesInput {
-  id: string;
-}
-
-export class CreateTpPasswordResetInput {
-  quorum: number;
-  singleReject: boolean;
-  createSubAssemblies: CreateSubAssembliesInput[];
-}
-
-export class UpdateTpPasswordResetInput extends CreateTpPasswordResetInput {
-  updateSubAssemblies: UpdateSubAssembliesInput[];
-}
-
-export interface TpAssemblyApprovers {
-  id: string;
-  tp: {
-    id: string;
-  };
-  sharedKey: Key;
-  sharedCipherData?: string;
-  sharedCipherDataClearJson?: any;
-  sharedCipherApprovalData?: string;
-  sharedCipherApprovalDataClearJson?: any;
-}
-
-export interface TpSubAssembly {
-  id: string;
-  singleReject: boolean;
-  quorum: number;
-  subjectCipherData: string;
-  plainSubjectCipherData: any;
-  approvers: TpAssemblyApprovers[];
-}
-
-export interface TpAssembly {
-  singleReject: boolean;
-  quorum: number;
-  subjectKey: Key;
-  assemblyKey: Key;
-  assemblyCipherData: string;
-  plainAssemblyCipherData: any;
-  subAssemblies: TpSubAssembly[];
-}
-
-export interface TpPasswordReset {
-  id: string;
-  assembly: TpAssembly;
-  applied: boolean;
-}
-
-export interface RequestResetResult {
-  id: string;
-  associate_reset_user_token: string;
-  reset_username: string;
-}
-
-@RunOutsideAngular({
-  ngZoneName: 'ngZone',
-})
-@Injectable({
-  providedIn: 'root',
-})
-export class TpPasswordResetService extends LrService {
-  public static SLIP39_PASSPHRASE = 'lifeready';
-
-  constructor(
-    private ngZone: NgZone,
-    private injector: Injector,
-    private keyService: KeyService,
-    private keyFactory: KeyFactoryService,
-    private encryptionService: EncryptionService,
-    private keyGraph: KeyGraphService,
-    private slip39Service: slip.Slip39Service
-  ) {
-    super(injector);
-  }
-
-  async getReset() {
-    return (
-      await this.query({
-        query: TpPasswordResetQuery,
-      })
-    ).tpPasswordReset;
-  }
-
-  createReset(input: CreateTpPasswordResetInput) {
-    return this.mutate(this.createResetMutation(input));
-  }
-
-  async createResetMutation(input: CreateTpPasswordResetInput) {
-    const { mutationInput } = await this._createReset(
-      input,
-      async (rawAssemblyKey) => {
-        return this.prepareSlip39(
-          input.createSubAssemblies,
-          input.quorum,
-          rawAssemblyKey
-        );
-      }
-    );
-
-    return new LrMutation({
-      mutation: CreateTpPasswordResetMutation,
-      variables: {
-        input: mutationInput,
-      },
-    });
-  }
-
-  deleteReset() {
-    return this.mutate(this.deleteResetMutation());
-  }
-
-  deleteResetMutation() {
-    return new LrMutation({
-      mutation: DeleteTpPasswordResetMutation,
-    });
-  }
-
-  updateReset(input: UpdateTpPasswordResetInput) {
-    return this.mutate(this.updateResetMutation(input));
-  }
-
-  async updateResetMutation(input: UpdateTpPasswordResetInput) {
-    const passwordReset = await this.getReset();
-
-    const {
-      mutationInput,
-      subjectKey,
-      slipAssembly,
-      assemblyKeyParams,
-    } = await this._createReset(input, async (rawAssemblyKey) => {
-      return this.prepareSlip39(
-        input.createSubAssemblies.concat(input.updateSubAssemblies),
-        input.quorum,
-        rawAssemblyKey
-      );
-    });
-
-    const updateSubAssemblies = await Promise.all(
-      input.updateSubAssemblies.map(async (sa, saIndex) => {
-        const subjectCipherData = await this.encryptionService.encryptToString(
-          subjectKey,
-          {
-            name: sa.name,
-          }
-        );
-
-        // Get the existing sub-assembly
-        const existingSa = passwordReset.assembly.subAssemblies.edges.find(
-          (edge) => edge.node.id === sa.id
-        ).node;
-
-        // Get approvers that do not exist yet
-        const createApprovers = [];
-        const updateApprovers = [];
-
-        sa.approverTps.forEach((tp) => {
-          const approver = existingSa.approvers.edges.find(
-            (edge) => edge.node.tp.id === tp.id
-          )?.node;
-          if (approver) {
-            updateApprovers.push({
-              tp,
-              approverId: approver.id,
-            });
-          } else {
-            createApprovers.push({
-              tp,
-            });
-          }
-        });
-
-        return {
-          subAssemblyId: sa.id,
-          singleReject: sa.singleReject,
-          quorum: sa.quorum,
-          subjectCipherData,
-          createApprovers: await Promise.all(
-            createApprovers.map(async ({ tp }, approverIndex) =>
-              this.prepareApprover({
-                tp,
-                approverIndex,
-                saIndex: saIndex + input.createSubAssemblies.length, // slipAssembly is all sub-assemblies combined
-                slipAssembly,
-                assemblyKeyParams,
-                subjectKey,
-              })
-            )
-          ),
-          updateApprovers: await Promise.all(
-            updateApprovers.map(async ({ tp, approverId }, approverIndex) =>
-              this.prepareApprover({
-                approverId,
-                tp,
-                approverIndex: approverIndex + createApprovers.length,
-                saIndex: saIndex + input.createSubAssemblies.length, // slipAssembly is all sub-assemblies combined
-                slipAssembly,
-                assemblyKeyParams,
-                subjectKey,
-              })
-            )
-          ),
-        };
-      })
-    );
-
-    return new LrMutation({
-      mutation: UpdateTpPasswordResetMutation,
-      variables: {
-        input: {
-          ...mutationInput,
-          assembly: {
-            ...mutationInput.assembly,
-            updateSubAssemblies,
-          },
-        },
-      },
-    });
-  }
-
-  cancelResetRequest() {
-    return this.mutate(this.cancelResetRequestMutation());
-  }
-
-  cancelResetRequestMutation() {
-    return new LrMutation({
-      mutation: CancelTpPasswordResetRequestMutation,
-    });
-  }
-
-  validateApprovers(approvers: TpNode[]): void {
-    // Ensure all approvers have mkSharedKey.
-    for (const tp of approvers) {
-      if (!tp.currentUserSharedKey.userSharedKey.mkSharedKey) {
-        const msg = `tp ${tp.other.username} does not have mkSharedKey`;
-        console.log(msg);
-        throw new LrBadArgumentException(msg);
-      }
-    }
-  }
-
-  private async prepareApprover({
-    approverId,
-    tp,
-    approverIndex,
-    saIndex,
-    slipAssembly,
-    assemblyKeyParams,
-    subjectKey,
-  }: {
-    approverId?: string;
-    tp: TpNode;
-    approverIndex: number;
-    saIndex: number;
-    slipAssembly: slip.Assembly;
-    assemblyKeyParams: object;
-    subjectKey: JWK.Key;
-  }) {
-    if (!tp.currentUserSharedKey.userSharedKey.mkSharedKey) {
-      throw new LrBadArgumentException(
-        `Tp ${tp.other.username} does not have mkSharedKey. Need to reshared it first.`
-      );
-    }
-
-    const sharedKey = await this.keyFactory.createKey();
-    const tpMkSharedKey = await this.keyGraph.getKey(
-      tp.currentUserSharedKey.userSharedKey.mkSharedKey.id
-    );
-    // For TP to access shared_key
-    const tpMkSharedKeyWrappedSharedKey = await this.encryptionService.encryptToString(
-      tpMkSharedKey.jwk,
-      sharedKey.toJSON(true)
-    );
-    // For subject to access shared_key
-    const subjectKeyWrappedSharedKey = await this.encryptionService.encryptToString(
-      subjectKey,
-      sharedKey.toJSON(true)
-    );
-
-    const saSlip = slipAssembly.subAssemblies[saIndex];
-    if (saSlip.index !== saIndex) {
-      // Paranoia
-      throw new LrBadLogicException(
-        'slip sub assembly index should match with array index'
-      );
-    }
-
-    // If quorum is 1, then using the same share for every member.
-    const share =
-      saSlip.threshold === 1 ? saSlip.shares[0] : saSlip.shares[approverIndex];
-
-    const partialAssemblyKey: PartialAssemblyKey = {
-      slip39: {
-        share,
-        subAssembly: {
-          quorum: saSlip.threshold,
-          size: saSlip.size,
-        },
-      },
-      assemblyKeyParams,
-    };
-
-    console.log('partialAssemblyKey', partialAssemblyKey);
-
-    return {
-      tpMkSharedKeyId: tpMkSharedKey.id,
-      tpMkSharedKeyWrappedSharedKey,
-      subjectKeyWrappedSharedKey,
-      sharedCipherData: await this.encryptionService.encryptToString(
-        sharedKey,
-        { a: '123' }
-      ),
-      sharedCipherApprovalData: '',
-      sharedCipherPartialAssemblyKey: await this.encryptionService.encryptToString(
-        sharedKey,
-        partialAssemblyKey
-      ),
-      approverId: approverId || void 0,
-      tpId: approverId ? void 0 : tp.id,
-    };
-  }
-
-  // Prepare slip39
-  private async prepareSlip39(
-    subAssemblies,
-    assemblyQuorum: number,
-    rawAssemblyKey: string
-  ): Promise<slip.Assembly> {
-    // Is there enough sub assemblies to meet quorum
-    if (subAssemblies.length < assemblyQuorum) {
-      throw new LrBadArgumentException(
-        'Not enough sub assemblies to meet quorum'
-      );
-    }
-
-    const slipAssembly = new slip.Assembly(assemblyQuorum);
-
-    subAssemblies.forEach((sa, index) => {
-      let approverCount = sa.approverTps.length;
-
-      // slip39 restricts quorum == 1 to have only 1 member. So we just share the same
-      // partial key for all sub assembly members.
-      if (sa.quorum === 1) {
-        approverCount = 1;
-      }
-      slipAssembly.addSubAssembly(
-        new slip.SubAssembly(index, sa.quorum, approverCount)
-      );
-    });
-
-    await this.slip39Service.generateShares(
-      rawAssemblyKey,
-      TpPasswordResetService.SLIP39_PASSPHRASE,
-      slipAssembly
-    );
-    return slipAssembly;
-  }
-
-  private async _createReset(
-    input: CreateTpPasswordResetInput,
-    createSlipAssembly
-  ): Promise<any> {
-    // Create subject key
-    const masterKey = await this.keyService.getCurrentMasterKey();
-    const subjectKey = await this.keyFactory.createKey();
-    const assemblyKey = await this.keyFactory.createKey();
-    const { k: rawAssemblyKey, ...assemblyKeyParams } = assemblyKey.toJSON(
-      true
-    ) as any;
-    const assemblyKeyVerifierPrk = await this.keyFactory.createPkcSignKey();
-    const wrappedAssemblyKeyVerifierPrk = await this.encryptionService.encryptToString(
-      assemblyKey,
-      assemblyKeyVerifierPrk.toJSON(true)
-    );
-
-    const masterKeyWrappedSubjectKey = await this.encryptionService.encryptToString(
-      masterKey.jwk,
-      subjectKey.toJSON(true)
-    );
-    const subjectKeyWrappedAssemblyKey = await this.encryptionService.encryptToString(
-      subjectKey,
-      assemblyKey.toJSON(true)
-    );
-
-    // Encrypt the rootKey with the assemblyKey
-    const rootKey = await this.keyService.getCurrentRootKey();
-
-    const assemblyCipherData = await this.encryptionService.encryptToString(
-      assemblyKey,
-      {
-        rootKey: rootKey.jwk.toJSON(true),
-      }
-    );
-
-    const slipAssembly = await createSlipAssembly(rawAssemblyKey);
-    // const slipAssembly = await this.prepareSlip39(input.createSubAssemblies, input.quorum, rawAssemblyKey);
-
-    const createSubAssemblies = await Promise.all(
-      input.createSubAssemblies.map(async (sa, saIndex) => {
-        const subjectCipherData = await this.encryptionService.encryptToString(
-          subjectKey,
-          {
-            name: sa.name,
-          }
-        );
-
-        return {
-          singleReject: sa.singleReject,
-          quorum: sa.quorum,
-          subjectCipherData,
-          createApprovers: await Promise.all(
-            sa.approverTps.map(async (approverTp, approverIndex) =>
-              this.prepareApprover({
-                tp: approverTp,
-                approverIndex,
-                saIndex,
-                slipAssembly,
-                assemblyKeyParams,
-                subjectKey,
-              })
-            )
-          ),
-        };
-      })
-    );
-
-    return {
-      subjectKey,
-      slipAssembly,
-      assemblyKeyParams,
-      mutationInput: {
-        assembly: {
-          singleReject: input.singleReject,
-          quorum: input.quorum,
-          masterKeyId: masterKey.id,
-          masterKeyWrappedSubjectKey,
-          subjectKeyWrappedAssemblyKey,
-          subjectCipherData: '',
-          assemblyCipherData,
-          createSubAssemblies,
-          assemblyKeyVerifierPbk: JSON.stringify(
-            assemblyKeyVerifierPrk.toJSON()
-          ),
-          wrappedAssemblyKeyVerifierPrk,
-        },
-      },
-    };
-  }
-}

package/src/lib/trusted-parties/trusted-party.gql.ts

@@ -1,159 +0,0 @@
-import gql from 'graphql-tag';
-import { KeyGraphField } from '../_common/queries.gql';
-import {
-  KeyExchangeFields,
-  UserSharedKeyFields,
-} from '../api/key-exchange.gql';
-import { SharedContactCardFields } from '../api/shared-contact-card.service';
-
-export const TrustedPartyProperties = `
-  id
-  user {
-    id
-    username
-  }
-  other{
-    id
-    username,
-    features {
-      shareVault
-    }
-  }
-  sharedContactCard {
-    ${SharedContactCardFields}
-  }
-  myContactCard {
-    ${SharedContactCardFields}
-  }
-  sharedScenarios {
-    edges {
-      node {
-        id
-      }
-    }
-  }
-  sharedItems {
-    directories {
-      edges {
-        node {
-          id
-        }
-      }
-    }
-  }
-  currentUserSharedKey {
-    userSharedKey {
-      keyExchange {
-        ${KeyExchangeFields}
-      }
-      ${UserSharedKeyFields}
-    }
-  }`;
-
-export const GetTrustedPartiesQuery = gql`
-query GetTrustedPartiesQuery {
-  tps {
-    edges {
-      node {
-        ${TrustedPartyProperties}
-      }
-    }
-  }
-  ${KeyGraphField}
-}`;
-
-export const GetAllTrustedPartiesQuery = gql`
-query GetAllTrustedPartiesQuery($userId: ID, $isExpired: Boolean, $inviteState: String, $sentInviteState: String) {
-  tps {
-    edges {
-      node {
-        ${TrustedPartyProperties}
-      }
-    }
-  }
-  invites: keyExchanges(
-    responder: $userId
-    isExpired: $isExpired
-    state: $inviteState
-    orderBy: "state,-created"
-  ) {
-    edges {
-      node {
-        ${KeyExchangeFields}
-      }
-    }
-  }
-  sentInvites: keyExchanges(
-    initiator: $userId
-    isExpired: $isExpired
-    state: $sentInviteState
-    orderBy: "state,-created"
-  ) {
-    edges {
-      node {
-        ${KeyExchangeFields}
-      }
-    }
-  }
-  ${KeyGraphField}
-}`;
-
-export const GetTrustedPartyQuery = gql`
-query GetTrustedPartyQuery($partyId: LrRelayIdInput!) {
-  tp(id: $partyId) {
-    ${TrustedPartyProperties}
-  }
-  ${KeyGraphField}
-}`;
-
-export const DeclineTrustedPartyInvitationMutation = gql`
-  mutation DeclineKeyExchange($input: DeclineKeyExchangeInput!) {
-    declineKeyExchange(input: $input) {
-      keyExchange {
-        id
-      }
-    }
-  }
-`;
-
-export const CancelTrustedPartyInvitationMutation = gql`
-  mutation CancelKeyExchange($input: CancelKeyExchangeInput!) {
-    cancelKeyExchange(input: $input) {
-      keyExchange {
-        id
-      }
-    }
-  }
-`;
-
-export const DeleteTrustedPartyMutation = gql`
-  mutation DeleteTpMutation($input: DeleteTpInput!) {
-    deleteTp(input: $input) {
-      id
-    }
-  }
-`;
-
-export const ShareCategoryMutation = gql`
-  mutation ShareDirectory($input: ShareDirectoryInput!) {
-    shareDirectory(input: $input) {
-      tpDirectory {
-        item {
-          plainMeta
-        }
-      }
-    }
-  }
-`;
-
-export const UnshareCategoryMutation = gql`
-  mutation UnshareDirectory($input: UnshareDirectoryInput!) {
-    unshareDirectory(input: $input) {
-      tpDirectory {
-        item {
-          plainMeta
-        }
-      }
-    }
-  }
-`;