Skip to main content

bitwarden_user_crypto_management/key_rotation/
mod.rs

1//! Client to manage the cryptographic machinery of a user account, including key-rotation
2mod crypto;
3mod data;
4mod partial_rotateable_keyset;
5mod password_change_and_rotate_user_keys;
6mod rotate_user_keys;
7mod rotation_context;
8mod sync;
9mod unlock;
10mod unlock_method;
11
12use bitwarden_error::bitwarden_error;
13use thiserror::Error;
14#[cfg(feature = "wasm")]
15use wasm_bindgen::prelude::*;
16
17use crate::{
18    UserCryptoManagementClient,
19    key_rotation::unlock::{V1EmergencyAccessMembership, V1OrganizationMembership},
20};
21
22#[cfg_attr(feature = "wasm", wasm_bindgen)]
23impl UserCryptoManagementClient {
24    /// Fetches the organization public keys for V1 organization memberships for the user for
25    /// organizations for which reset password is enrolled.
26    /// These have to be trusted manually be the user before rotating.
27    pub async fn get_untrusted_organization_public_keys(
28        &self,
29    ) -> Result<Vec<V1OrganizationMembership>, RotateUserKeysError> {
30        let api_client = &self.client.internal.get_api_configurations().api_client;
31        let organizations = sync::sync_orgs(api_client)
32            .await
33            .map_err(|_| RotateUserKeysError::ApiError)?;
34        Ok(organizations)
35    }
36
37    /// Fetches the emergency access public keys for V1 emergency access memberships for the user.
38    /// These have to be trusted manually be the user before rotating.
39    pub async fn get_untrusted_emergency_access_public_keys(
40        &self,
41    ) -> Result<Vec<V1EmergencyAccessMembership>, RotateUserKeysError> {
42        let api_client = &self.client.internal.get_api_configurations().api_client;
43        let emergency_access = sync::sync_emergency_access(api_client)
44            .await
45            .map_err(|_| RotateUserKeysError::ApiError)?;
46        Ok(emergency_access)
47    }
48}
49
50#[derive(Debug, Error)]
51#[bitwarden_error(flat)]
52pub enum RotateUserKeysError {
53    #[error("API error during key rotation")]
54    ApiError,
55    #[error("Cryptographic error during key rotation")]
56    CryptoError,
57    #[error("Invalid public key provided during key rotation")]
58    InvalidPublicKey,
59    #[error("Untrusted key encountered during key rotation")]
60    UntrustedKeyError,
61    #[error("Unimplemented key rotation method")]
62    UnimplementedKeyRotationMethod,
63}