[PM-13706] Add repository + stored procedures for private key regener…

…ation (#4898)

* Add stored procedure

* Add repository

src/Core/KeyManagement/Models/Data/UserAsymmetricKeys.cs

@@ -0,0 +1,9 @@
+#nullable enable
+namespace Bit.Core.KeyManagement.Models.Data;
+
+public class UserAsymmetricKeys
+{
+    public Guid UserId { get; set; }
+    public required string PublicKey { get; set; }
+    public required string UserKeyEncryptedPrivateKey { get; set; }
+}

src/Core/KeyManagement/Repositories/IUserAsymmetricKeysRepository.cs

@@ -0,0 +1,9 @@
+#nullable enable
+using Bit.Core.KeyManagement.Models.Data;
+
+namespace Bit.Core.KeyManagement.Repositories;
+
+public interface IUserAsymmetricKeysRepository
+{
+    Task RegenerateUserAsymmetricKeysAsync(UserAsymmetricKeys userAsymmetricKeys);
+}

src/Infrastructure.Dapper/DapperServiceCollectionExtensions.cs

@@ -1,6 +1,7 @@
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Billing.Repositories;
+using Bit.Core.KeyManagement.Repositories;
 using Bit.Core.NotificationCenter.Repositories;
 using Bit.Core.Repositories;
 using Bit.Core.SecretsManager.Repositories;
@@ -9,6 +10,7 @@
 using Bit.Infrastructure.Dapper.AdminConsole.Repositories;
 using Bit.Infrastructure.Dapper.Auth.Repositories;
 using Bit.Infrastructure.Dapper.Billing.Repositories;
+using Bit.Infrastructure.Dapper.KeyManagement.Repositories;
 using Bit.Infrastructure.Dapper.NotificationCenter.Repositories;
 using Bit.Infrastructure.Dapper.Repositories;
 using Bit.Infrastructure.Dapper.SecretsManager.Repositories;
@@ -60,6 +62,7 @@ public static void AddDapperRepositories(this IServiceCollection services, bool
             .AddSingleton<IClientOrganizationMigrationRecordRepository, ClientOrganizationMigrationRecordRepository>();
         services.AddSingleton<IPasswordHealthReportApplicationRepository, PasswordHealthReportApplicationRepository>();
         services.AddSingleton<ISecurityTaskRepository, SecurityTaskRepository>();
+        services.AddSingleton<IUserAsymmetricKeysRepository, UserAsymmetricKeysRepository>();
 
         if (selfHosted)
         {

src/Infrastructure.Dapper/KeyManagement/Repositories/UserAsymmetricKeysRepository.cs

@@ -0,0 +1,36 @@
+#nullable enable
+using System.Data;
+using Bit.Core.KeyManagement.Models.Data;
+using Bit.Core.KeyManagement.Repositories;
+using Bit.Core.Settings;
+using Bit.Infrastructure.Dapper.Repositories;
+using Dapper;
+using Microsoft.Data.SqlClient;
+
+namespace Bit.Infrastructure.Dapper.KeyManagement.Repositories;
+
+public class UserAsymmetricKeysRepository : BaseRepository, IUserAsymmetricKeysRepository
+{
+    public UserAsymmetricKeysRepository(GlobalSettings globalSettings)
+        : this(globalSettings.SqlServer.ConnectionString, globalSettings.SqlServer.ReadOnlyConnectionString)
+    {
+    }
+
+    public UserAsymmetricKeysRepository(string connectionString, string readOnlyConnectionString) : base(
+        connectionString, readOnlyConnectionString)
+    {
+    }
+
+    public async Task RegenerateUserAsymmetricKeysAsync(UserAsymmetricKeys userAsymmetricKeys)
+    {
+        await using var connection = new SqlConnection(ConnectionString);
+
+        await connection.ExecuteAsync("[dbo].[UserAsymmetricKeys_Regenerate]",
+            new
+            {
+                userAsymmetricKeys.UserId,
+                userAsymmetricKeys.PublicKey,
+                PrivateKey = userAsymmetricKeys.UserKeyEncryptedPrivateKey
+            }, commandType: CommandType.StoredProcedure);
+    }
+}

src/Infrastructure.EntityFramework/EntityFrameworkServiceCollectionExtensions.cs

@@ -2,6 +2,7 @@
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Billing.Repositories;
 using Bit.Core.Enums;
+using Bit.Core.KeyManagement.Repositories;
 using Bit.Core.NotificationCenter.Repositories;
 using Bit.Core.Repositories;
 using Bit.Core.SecretsManager.Repositories;
@@ -10,6 +11,7 @@
 using Bit.Infrastructure.EntityFramework.AdminConsole.Repositories;
 using Bit.Infrastructure.EntityFramework.Auth.Repositories;
 using Bit.Infrastructure.EntityFramework.Billing.Repositories;
+using Bit.Infrastructure.EntityFramework.KeyManagement.Repositories;
 using Bit.Infrastructure.EntityFramework.NotificationCenter.Repositories;
 using Bit.Infrastructure.EntityFramework.Repositories;
 using Bit.Infrastructure.EntityFramework.SecretsManager.Repositories;
@@ -97,6 +99,7 @@ public static void AddPasswordManagerEFRepositories(this IServiceCollection serv
             .AddSingleton<IClientOrganizationMigrationRecordRepository, ClientOrganizationMigrationRecordRepository>();
         services.AddSingleton<IPasswordHealthReportApplicationRepository, PasswordHealthReportApplicationRepository>();
         services.AddSingleton<ISecurityTaskRepository, SecurityTaskRepository>();
+        services.AddSingleton<IUserAsymmetricKeysRepository, UserAsymmetricKeysRepository>();
 
         if (selfHosted)
         {

src/Infrastructure.EntityFramework/KeyManagement/Repositories/UserAsymmetricKeysRepository.cs

@@ -0,0 +1,34 @@
+#nullable enable
+using AutoMapper;
+using Bit.Core.KeyManagement.Models.Data;
+using Bit.Core.KeyManagement.Repositories;
+using Bit.Infrastructure.EntityFramework.Repositories;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Bit.Infrastructure.EntityFramework.KeyManagement.Repositories;
+
+public class UserAsymmetricKeysRepository : BaseEntityFrameworkRepository, IUserAsymmetricKeysRepository
+{
+    public UserAsymmetricKeysRepository(IServiceScopeFactory serviceScopeFactory, IMapper mapper) : base(
+        serviceScopeFactory,
+        mapper)
+    {
+    }
+
+    public async Task RegenerateUserAsymmetricKeysAsync(UserAsymmetricKeys userAsymmetricKeys)
+    {
+        await using var scope = ServiceScopeFactory.CreateAsyncScope();
+        var dbContext = GetDatabaseContext(scope);
+
+        var entity = await dbContext.Users.FindAsync(userAsymmetricKeys.UserId);
+        if (entity != null)
+        {
+            var utcNow = DateTime.UtcNow;
+            entity.PublicKey = userAsymmetricKeys.PublicKey;
+            entity.PrivateKey = userAsymmetricKeys.UserKeyEncryptedPrivateKey;
+            entity.RevisionDate = utcNow;
+            entity.AccountRevisionDate = utcNow;
+            await dbContext.SaveChangesAsync();
+        }
+    }
+}

src/Sql/KeyManagement/dbo/Stored Procedures/UserAsymmetricKeys_Regenerate.sql

@@ -0,0 +1,16 @@
+CREATE PROCEDURE [dbo].[UserAsymmetricKeys_Regenerate]
+    @UserId UNIQUEIDENTIFIER,
+    @PublicKey VARCHAR(MAX),
+    @PrivateKey VARCHAR(MAX)
+AS
+BEGIN
+    SET NOCOUNT ON
+    DECLARE @UtcNow DATETIME2(7) = GETUTCDATE();
+
+    UPDATE [dbo].[User]
+    SET [PublicKey] = @PublicKey,
+        [PrivateKey] = @PrivateKey,
+        [RevisionDate] = @UtcNow,
+        [AccountRevisionDate] = @UtcNow
+    WHERE [Id] = @UserId
+END

util/Migrator/DbScripts/2024-11-21_00_AddUserAsymmetricKeysRegenerate.sql

@@ -0,0 +1,16 @@
+CREATE OR ALTER PROCEDURE [dbo].[UserAsymmetricKeys_Regenerate]
+    @UserId UNIQUEIDENTIFIER,
+    @PublicKey VARCHAR(MAX),
+    @PrivateKey VARCHAR(MAX)
+AS
+BEGIN
+    SET NOCOUNT ON
+    DECLARE @UtcNow DATETIME2(7) = GETUTCDATE();
+
+    UPDATE [dbo].[User]
+    SET [PublicKey] = @PublicKey,
+        [PrivateKey] = @PrivateKey,
+        [RevisionDate] = @UtcNow,
+        [AccountRevisionDate] = @UtcNow
+    WHERE [Id] = @UserId
+END