debug: add detailed logging for WebAuthn decryption

2025-10-26 02:36:27 +01:00 · 2025-10-26 02:36:27 +01:00 · 0e75a49b08
commit 0e75a49b08
parent 3e63b9d8fc
1 changed files with 29 additions and 8 deletions
--- a/src/services/credentials/webauthn.service.ts
+++ b/src/services/credentials/webauthn.service.ts
@ -310,6 +310,7 @@ export class WebAuthnService {
      }

      // Déchiffrer la clé avec le credentialId WebAuthn
+      console.log('🔐 Decrypting PBKDF2 key with credentialId:', credentialId);
      const encrypted = atob(result.encryptedKey);
      const combined = new Uint8Array(encrypted.length);
      for (let i = 0; i < encrypted.length; i++) {
@ -321,6 +322,13 @@ export class WebAuthnService {
      const iv = combined.slice(16, 28);
      const encryptedData = combined.slice(28);
      
+      console.log('🔐 Extraction complete:', {
+        saltLength: salt.length,
+        ivLength: iv.length,
+        encryptedDataLength: encryptedData.length,
+        totalLength: combined.length
+      });
+
      // Dériver la clé avec PBKDF2
      const keyMaterial = await crypto.subtle.importKey(
        'raw',
@ -350,15 +358,28 @@ export class WebAuthnService {
      );

      // Déchiffrer
-      const decrypted = await crypto.subtle.decrypt(
-        { name: 'AES-GCM', iv: iv },
-        cryptoKey,
-        encryptedData
-      );
+      console.log('🔐 Attempting AES-GCM decryption...');
+      try {
+        const decrypted = await crypto.subtle.decrypt(
+          { name: 'AES-GCM', iv: iv },
+          cryptoKey,
+          encryptedData
+        );

-      const decryptedKey = new TextDecoder().decode(decrypted);
-      console.log('🔐 PBKDF2 key decrypted with WebAuthn');
-      return decryptedKey;
+        const decryptedKey = new TextDecoder().decode(decrypted);
+        console.log('🔐 PBKDF2 key decrypted with WebAuthn successfully');
+        return decryptedKey;
+      } catch (decryptError) {
+        console.error('❌ Decryption failed:', decryptError);
+        console.error('❌ Decryption error details:', {
+          errorName: decryptError instanceof Error ? decryptError.name : 'Unknown',
+          errorMessage: decryptError instanceof Error ? decryptError.message : String(decryptError),
+          credentialId: credentialId,
+          iv: Array.from(iv),
+          salt: Array.from(salt)
+        });
+        throw decryptError;
+      }

    } catch (error) {
      secureLogger.error('Failed to retrieve PBKDF2 key with WebAuthn', error as Error, {