From a0f439c9d5b8d2438bd56c2f9f37adb1e215b480 Mon Sep 17 00:00:00 2001
From: Mircea Nistor <mirceanis@gmail.com>
Date: Fri, 24 Feb 2023 21:59:16 +0100
Subject: [PATCH] fix(data-store-json): decrypt before listing in
 `PrivateKeyStoreJson.listKeys()`

fixes #1136
---
 .../src/identifier/private-key-store.ts       | 22 +++++++++++++------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/packages/data-store-json/src/identifier/private-key-store.ts b/packages/data-store-json/src/identifier/private-key-store.ts
index 31db8a642..ae98cdf7c 100644
--- a/packages/data-store-json/src/identifier/private-key-store.ts
+++ b/packages/data-store-json/src/identifier/private-key-store.ts
@@ -26,8 +26,8 @@ export class PrivateKeyStoreJson extends AbstractPrivateKeyStore {
   private readonly notifyUpdate: DiffCallback
 
   /**
-   * @param jsonStore - This serves as the JSON object storing data in memory as well as providing an update notification
-   *   callback to persist this data. The JSON object does not have to be shared with other users of
+   * @param jsonStore - This serves as the JSON object storing data in memory as well as providing an update
+   *   notification callback to persist this data. The JSON object does not have to be shared with other users of
    *   {@link VeramoJsonStore}, but it can be.
    * @param secretBox - If this is used, then key material is encrypted, even in memory.
    */
@@ -66,10 +66,12 @@ export class PrivateKeyStoreJson extends AbstractPrivateKeyStore {
   async importKey(args: ImportablePrivateKey): Promise<ManagedPrivateKey> {
     debug('Saving private key data', args.alias)
     const alias = args.alias || uuid4()
-    const key: ManagedPrivateKey = deserialize(serialize({
-      ...args,
-      alias,
-    }))
+    const key: ManagedPrivateKey = deserialize(
+      serialize({
+        ...args,
+        alias,
+      }),
+    )
     if (this.secretBox && key.privateKeyHex) {
       const copy = key.privateKeyHex
       key.privateKeyHex = await this.secretBox.encrypt(copy)
@@ -89,6 +91,12 @@ export class PrivateKeyStoreJson extends AbstractPrivateKeyStore {
   }
 
   async listKeys(): Promise<Array<ManagedPrivateKey>> {
-    return deserialize(serialize(Object.values(this.cacheTree.privateKeys)))
+    const keys = Object.values(this.cacheTree.privateKeys)
+    if (this.secretBox) {
+      for (const key of keys) {
+        key.privateKeyHex = await this.secretBox.decrypt(key.privateKeyHex)
+      }
+    }
+    return deserialize(serialize(keys))
   }
 }