Add CryptoApi.getSecretStorageStatus (#5054)

* Add `CryptoApi.getSecretStorageStatus` `isSecretStorageReady` is a bit of a blunt instrument: it's hard to see from logs *why* the secret storage isn't ready. Add a new method which returns a bit more data. * Update src/rust-crypto/rust-crypto.ts Co-authored-by: Andy Balaam <andy.balaam@matrix.org> --------- Co-authored-by: Andy Balaam <andy.balaam@matrix.org>
2025-11-25 05:23:13 +03:00 · 2025-10-23 13:04:28 +02:00
parent 977d0322da
commit b0cbe22f64
3 changed files with 78 additions and 4 deletions
--- a/src/rust-crypto/rust-crypto.ts
+++ b/src/rust-crypto/rust-crypto.ts
@@ -65,6 +65,7 @@ import {
    type KeyBackupRestoreOpts,
    type KeyBackupRestoreResult,
    type OwnDeviceKeys,
+    type SecretStorageStatus,
    type StartDehydrationOpts,
    UserVerificationStatus,
    type VerificationRequest,
@@ -78,7 +79,7 @@ import {
    type ServerSideSecretStorage,
 } from "../secret-storage.ts";
 import { CrossSigningIdentity } from "./CrossSigningIdentity.ts";
-import { secretStorageCanAccessSecrets, secretStorageContainsCrossSigningKeys } from "./secret-storage.ts";
+import { secretStorageContainsCrossSigningKeys } from "./secret-storage.ts";
 import { isVerificationEvent, RustVerificationRequest, verificationMethodIdentifierToMethod } from "./verification.ts";
 import { EventType, MsgType } from "../@types/event.ts";
 import { TypedEventEmitter } from "../models/typed-event-emitter.ts";
@@ -827,6 +828,13 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
     * Implementation of {@link CryptoApi#isSecretStorageReady}
     */
    public async isSecretStorageReady(): Promise<boolean> {
+        return (await this.getSecretStorageStatus()).ready;
+    }
+
+    /**
+     * Implementation of {@link CryptoApi#getSecretStorageStatus}
+     */
+    public async getSecretStorageStatus(): Promise<SecretStorageStatus> {
        // make sure that the cross-signing keys are stored
        const secretsToCheck: SecretStorageKey[] = [
            "m.cross_signing.master",
@@ -834,13 +842,32 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, CryptoEventH
            "m.cross_signing.self_signing",
        ];

-        // if key backup is active, we also need to check that the backup decryption key is stored
+        // If key backup is active, we also need to check that the backup decryption key is stored
        const keyBackupEnabled = (await this.backupManager.getActiveBackupVersion()) != null;
        if (keyBackupEnabled) {
            secretsToCheck.push("m.megolm_backup.v1");
        }

-        return secretStorageCanAccessSecrets(this.secretStorage, secretsToCheck);
+        const defaultKeyId = await this.secretStorage.getDefaultKeyId();
+
+        const result: SecretStorageStatus = {
+            // Assume we have all secrets until proven otherwise
+            ready: true,
+            defaultKeyId,
+            secretStorageKeyValidityMap: {},
+        };
+
+        for (const secretName of secretsToCheck) {
+            // Check which keys this particular secret is encrypted with
+            const record = (await this.secretStorage.isStored(secretName)) || {};
+
+            // If it's encrypted with the right key, it is valid
+            const secretStored = !!defaultKeyId && defaultKeyId in record;
+            result.secretStorageKeyValidityMap[secretName] = secretStored;
+            result.ready = result.ready && secretStored;
+        }
+
+        return result;
    }

    /**