[PM-9576] Make keypair updating more robust to prevent vault/private-key corruption on set-password component (#10180)

* Make keypair setting more robust to prevent vault corruption on set-password component

* Use non-deprecated way to get private key

* Fix build error due to missing service

apps/desktop/src/auth/set-password.component.ts

@@ -14,6 +14,7 @@ import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -54,6 +55,7 @@ export class SetPasswordComponent extends BaseSetPasswordComponent implements On
     ssoLoginService: SsoLoginServiceAbstraction,
     dialogService: DialogService,
     kdfConfigService: KdfConfigService,
+    encryptService: EncryptService,
   ) {
     super(
       accountService,
@@ -76,6 +78,7 @@ export class SetPasswordComponent extends BaseSetPasswordComponent implements On
       ssoLoginService,
       dialogService,
       kdfConfigService,
+      encryptService,
     );
   }
 

libs/angular/src/auth/components/set-password.component.ts

@@ -21,6 +21,7 @@ import { DEFAULT_KDF_CONFIG } from "@bitwarden/common/auth/models/domain/kdf-con
 import { SetPasswordRequest } from "@bitwarden/common/auth/models/request/set-password.request";
 import { KeysRequest } from "@bitwarden/common/models/request/keys.request";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -72,6 +73,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent implements
     private ssoLoginService: SsoLoginServiceAbstraction,
     dialogService: DialogService,
     kdfConfigService: KdfConfigService,
+    private encryptService: EncryptService,
   ) {
     super(
       i18nService,
@@ -160,7 +162,23 @@ export class SetPasswordComponent extends BaseChangePasswordComponent implements
       // Existing JIT provisioned user in a MP encryption org setting first password
       // Users in this state will not already have a user asymmetric key pair so must create it for them
       // We don't want to re-create the user key pair if the user already has one (TDE user case)
-      newKeyPair = await this.cryptoService.makeKeyPair(userKey[0]);
+
+      // in case we have a local private key, and are not sure whether it has been posted to the server, we post the local private key instead of generating a new one
+      const existingUserPrivateKey = (await firstValueFrom(
+        this.cryptoService.userPrivateKey$(this.userId),
+      )) as Uint8Array;
+      const existingUserPublicKey = await firstValueFrom(
+        this.cryptoService.userPublicKey$(this.userId),
+      );
+      if (existingUserPrivateKey != null && existingUserPublicKey != null) {
+        const existingUserPublicKeyB64 = Utils.fromBufferToB64(existingUserPublicKey);
+        newKeyPair = [
+          existingUserPublicKeyB64,
+          await this.encryptService.encrypt(existingUserPrivateKey, userKey[0]),
+        ];
+      } else {
+        newKeyPair = await this.cryptoService.makeKeyPair(userKey[0]);
+      }
       keysRequest = new KeysRequest(newKeyPair[0], newKeyPair[1].encryptedString);
     }