Cleanup

src/Core/Entities/User.cs

@@ -263,11 +263,6 @@ public class User : ITableObject<Guid>, IStorableSubscriber, IRevisable, ITwoFac
             throw new InvalidOperationException("User public key encryption key pair is not fully initialized.");
         }
 
-        return new PublicKeyEncryptionKeyPairData
+        return new PublicKeyEncryptionKeyPairData(PrivateKey, PublicKey, SignedPublicKey);
-        {
-            WrappedPrivateKey = PrivateKey,
-            SignedPublicKey = SignedPublicKey,
-            PublicKey = PublicKey
-        };
     }
 }

src/Core/KeyManagement/Entities/UserSignatureKeyPair.cs

@@ -1,6 +1,7 @@
 using System.ComponentModel.DataAnnotations;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
+using Bit.Core.KeyManagement.Models.Data;
 using Bit.Core.Utilities;
 
 #nullable enable
@@ -25,4 +26,9 @@ public class UserSignatureKeyPair : ITableObject<Guid>, IRevisable
     {
         Id = CoreHelpers.GenerateComb();
     }
+
+    public SignatureKeyPairData ToSignatureKeyPairData()
+    {
+        return new SignatureKeyPairData(SignatureAlgorithm, SigningKey, VerifyingKey);
+    }
 }

src/Core/KeyManagement/Models/Data/PublicKeyEncryptionKeyPairData.cs

@@ -1,4 +1,6 @@
-namespace Bit.Core.KeyManagement.Models.Data;
+using System.Text.Json.Serialization;
+
+namespace Bit.Core.KeyManagement.Models.Data;
 
 #nullable enable
 
@@ -7,4 +9,13 @@ public class PublicKeyEncryptionKeyPairData
     public required string WrappedPrivateKey { get; set; }
     public string? SignedPublicKey { get; set; }
     public required string PublicKey { get; set; }
+
+    [JsonConstructor]
+    [System.Diagnostics.CodeAnalysis.SetsRequiredMembersAttribute]
+    public PublicKeyEncryptionKeyPairData(string wrappedPrivateKey, string publicKey, string? signedPublicKey = null)
+    {
+        WrappedPrivateKey = wrappedPrivateKey ?? throw new ArgumentNullException(nameof(wrappedPrivateKey));
+        PublicKey = publicKey ?? throw new ArgumentNullException(nameof(publicKey));
+        SignedPublicKey = signedPublicKey;
+    }
 }

src/Core/KeyManagement/Models/Data/SignatureKeyPairData.cs

@@ -1,5 +1,6 @@
 #nullable enable
 
+using System.Text.Json.Serialization;
 using Bit.Core.Enums;
 
 namespace Bit.Core.KeyManagement.Models.Data;
@@ -9,4 +10,13 @@ public class SignatureKeyPairData
     public required SignatureAlgorithm SignatureAlgorithm { get; set; }
     public required string WrappedSigningKey { get; set; }
     public required string VerifyingKey { get; set; }
+
+    [JsonConstructor]
+    [System.Diagnostics.CodeAnalysis.SetsRequiredMembersAttribute]
+    public SignatureKeyPairData(SignatureAlgorithm signatureAlgorithm, string wrappedSigningKey, string verifyingKey)
+    {
+        SignatureAlgorithm = signatureAlgorithm;
+        WrappedSigningKey = wrappedSigningKey ?? throw new ArgumentNullException(nameof(wrappedSigningKey));
+        VerifyingKey = verifyingKey ?? throw new ArgumentNullException(nameof(verifyingKey));
+    }
 }

src/Infrastructure.EntityFramework/KeyManagement/Repositories/UserSigningKeysRepository.cs

@@ -25,12 +25,7 @@ public class UserSignatureKeyPairRepository : Repository<Core.KeyManagement.Enti
             return null;
         }
 
-        return new SignatureKeyPairData
+        return signingKeys.ToSignatureKeyPairData();
-        {
-            SignatureAlgorithm = signingKeys.SignatureAlgorithm,
-            WrappedSigningKey = signingKeys.SigningKey,
-            VerifyingKey = signingKeys.VerifyingKey,
-        };
     }
 
     public UpdateEncryptedDataForKeyRotation SetUserSignatureKeyPair(Guid userId, SignatureKeyPairData signingKeys)

test/Api.Test/KeyManagement/Controllers/UsersControllerTests.cs

@@ -51,12 +51,7 @@ public class UsersControllerTests
         };
 
         sutProvider.GetDependency<IUserRepository>().GetByIdAsync(userId).Returns(user);
-        sutProvider.GetDependency<IUserSignatureKeyPairRepository>().GetByUserIdAsync(userId).Returns(new SignatureKeyPairData
+        sutProvider.GetDependency<IUserSignatureKeyPairRepository>().GetByUserIdAsync(userId).Returns(new SignatureKeyPairData(SignatureAlgorithm.Ed25519, "wrappedSigningKey", "verifyingKey"));
-        {
-            WrappedSigningKey = "signingKey",
-            VerifyingKey = "verifyingKey",
-            SignatureAlgorithm = SignatureAlgorithm.Ed25519
-        });
 
         var result = await sutProvider.Sut.GetAccountKeys(userId.ToString());
         Assert.NotNull(result);

test/Api.Test/Vault/Controllers/SyncControllerTests.cs

@@ -1,6 +1,7 @@
 using System.Security.Claims;
 using System.Text.Json;
 using AutoFixture;
+using Bit.Api.KeyManagement.Queries;
 using Bit.Api.Vault.Controllers;
 using Bit.Api.Vault.Models.Response;
 using Bit.Core.AdminConsole.Entities;
@@ -12,6 +13,7 @@ using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.KeyManagement.Models.Data;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
@@ -74,6 +76,7 @@ public class SyncControllerTests
         var policyRepository = sutProvider.GetDependency<IPolicyRepository>();
         var collectionRepository = sutProvider.GetDependency<ICollectionRepository>();
         var collectionCipherRepository = sutProvider.GetDependency<ICollectionCipherRepository>();
+        var userAccountKeysQuery = sutProvider.GetDependency<IUserAccountKeysQuery>();
 
         // Adjust random data to match required formats / test intentions
         user.EquivalentDomains = JsonSerializer.Serialize(userEquivalentDomains);
@@ -98,6 +101,11 @@ public class SyncControllerTests
 
         // Setup returns
         userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).ReturnsForAnyArgs(user);
+        userAccountKeysQuery.Run(user).Returns(new UserAccountKeysData
+        {
+            PublicKeyEncryptionKeyPairData = user.GetPublicKeyEncryptionKeyPair(),
+            SignatureKeyPairData = null,
+        });
 
         organizationUserRepository
             .GetManyDetailsByUserAsync(user.Id, OrganizationUserStatusType.Confirmed).Returns(organizationUserDetails);
@@ -127,7 +135,6 @@ public class SyncControllerTests
         // Execute GET
         var result = await sutProvider.Sut.Get();
 
-
         // Asserts
         // Assert that methods are called
         var hasEnabledOrgs = organizationUserDetails.Any(o => o.Enabled);
@@ -166,6 +173,7 @@ public class SyncControllerTests
         var policyRepository = sutProvider.GetDependency<IPolicyRepository>();
         var collectionRepository = sutProvider.GetDependency<ICollectionRepository>();
         var collectionCipherRepository = sutProvider.GetDependency<ICollectionCipherRepository>();
+        var userAccountKeysQuery = sutProvider.GetDependency<IUserAccountKeysQuery>();
 
         // Adjust random data to match required formats / test intentions
         user.EquivalentDomains = JsonSerializer.Serialize(userEquivalentDomains);
@@ -189,6 +197,11 @@ public class SyncControllerTests
 
         // Setup returns
         userService.GetUserByPrincipalAsync(Arg.Any<ClaimsPrincipal>()).ReturnsForAnyArgs(user);
+        userAccountKeysQuery.Run(user).Returns(new UserAccountKeysData
+        {
+            PublicKeyEncryptionKeyPairData = user.GetPublicKeyEncryptionKeyPair(),
+            SignatureKeyPairData = null,
+        });
 
         organizationUserRepository
             .GetManyDetailsByUserAsync(user.Id, OrganizationUserStatusType.Confirmed).Returns(organizationUserDetails);
@@ -256,6 +269,7 @@ public class SyncControllerTests
         var policyRepository = sutProvider.GetDependency<IPolicyRepository>();
         var collectionRepository = sutProvider.GetDependency<ICollectionRepository>();
         var collectionCipherRepository = sutProvider.GetDependency<ICollectionCipherRepository>();
+        var userAccountKeysQuery = sutProvider.GetDependency<IUserAccountKeysQuery>();
 
         // Adjust random data to match required formats / test intentions
         user.EquivalentDomains = JsonSerializer.Serialize(userEquivalentDomains);