open-vault/ui/app/components/transit-key-actions.js

import { assign } from '@ember/polyfills';
import { copy } from 'ember-copy';
import { assert } from '@ember/debug';
import { inject as service } from '@ember/service';
import Component from '@ember/component';
import { set, get, computed } from '@ember/object';

const TRANSIT_PARAMS = {
  hash_algorithm: 'sha2-256',
  algorithm: 'sha2-256',
  signature_algorithm: 'pss',
  bits: 256,
  bytes: 32,
  ciphertext: null,
  context: null,
  format: 'base64',
  hmac: null,
  input: null,
  key_version: 0,
  keys: null,
  nonce: null,
  param: 'wrapped',
  prehashed: false,
  plaintext: null,
  random_bytes: null,
  signature: null,
  sum: null,
  exportKeyType: null,
  exportKeyVersion: null,
  wrappedToken: null,
  valid: null,
  plaintextOriginal: null,
  didDecode: false,
  verification: 'Signature',
};
const PARAMS_FOR_ACTION = {
  sign: ['input', 'hash_algorithm', 'key_version', 'prehashed', 'signature_algorithm'],
  verify: ['input', 'hmac', 'signature', 'hash_algorithm', 'prehashed'],
  hmac: ['input', 'algorithm', 'key_version'],
  encrypt: ['plaintext', 'context', 'nonce', 'key_version'],
  decrypt: ['ciphertext', 'context', 'nonce'],
  rewrap: ['ciphertext', 'context', 'nonce', 'key_version'],
};
export default Component.extend(TRANSIT_PARAMS, {
  store: service(),

  // public attrs
  selectedAction: null,
  key: null,

  onRefresh() {},
  init() {
    this._super(...arguments);
    if (get(this, 'selectedAction')) {
      return;
    }
    set(this, 'selectedAction', get(this, 'key.supportedActions.firstObject'));
    assert('`key` is required for `' + this.toString() + '`.', this.getModelInfo());
  },

  didReceiveAttrs() {
    this._super(...arguments);
    this.checkAction();
    if (get(this, 'selectedAction') === 'export') {
      this.setExportKeyDefaults();
    }
  },

  setExportKeyDefaults() {
    const exportKeyType = get(this, 'key.exportKeyTypes.firstObject');
    const exportKeyVersion = get(this, 'key.validKeyVersions.lastObject');
    this.setProperties({
      exportKeyType,
      exportKeyVersion,
    });
  },

  keyIsRSA: computed('key.type', function() {
    let type = get(this, 'key.type');
    return type === 'rsa-2048' || type === 'rsa-3072' || type === 'rsa-4096';
  }),

  getModelInfo() {
    const model = get(this, 'key') || get(this, 'backend');
    if (!model) {
      return null;
    }
    const backend = get(model, 'backend') || get(model, 'id');
    const id = get(model, 'id');

    return {
      backend,
      id,
    };
  },

  checkAction() {
    const currentAction = get(this, 'selectedAction');
    const oldAction = get(this, 'oldSelectedAction');

    this.resetParams(oldAction, currentAction);
    set(this, 'oldSelectedAction', currentAction);
  },

  resetParams(oldAction, action) {
    let params = copy(TRANSIT_PARAMS);
    let paramsToKeep;
    let clearWithoutCheck =
      !oldAction ||
      // don't save values from datakey
      oldAction === 'datakey' ||
      // can rewrap signatures — using that as a ciphertext later would be problematic
      (oldAction === 'rewrap' && !get(this, 'key.supportsEncryption'));

    if (!clearWithoutCheck && action) {
      paramsToKeep = PARAMS_FOR_ACTION[action];
    }

    if (paramsToKeep) {
      paramsToKeep.forEach(param => delete params[param]);
    }
    //resets params still left in the object to defaults
    this.clearErrors();
    this.setProperties(params);
    if (action === 'export') {
      this.setExportKeyDefaults();
    }
  },

  handleError(e) {
    this.set('errors', e.errors);
  },

  clearErrors() {
    this.set('errors', null);
  },

  handleSuccess(resp, options, action) {
    let props = {};
    if (resp && resp.data) {
      if (action === 'export' && resp.data.keys) {
        const { keys, type, name } = resp.data;
        resp.data.keys = { keys, type, name };
      }
      props = assign({}, props, resp.data);
    }
    if (options.wrapTTL) {
      props = assign({}, props, { wrappedToken: resp.wrap_info.token });
    }
    this.setProperties(props);
    if (action === 'rotate') {
      this.get('onRefresh')();
    }
  },

  compactData(data) {
    let type = get(this, 'key.type');
    let isRSA = type === 'rsa-2048' || type === 'rsa-3072' || type === 'rsa-4096';
    return Object.keys(data).reduce((result, key) => {
      if (key === 'signature_algorithm' && !isRSA) {
        return result;
      }
      if (data[key]) {
        result[key] = data[key];
      }
      return result;
    }, {});
  },

  actions: {
    onActionChange(action) {
      set(this, 'selectedAction', action);
      this.checkAction();
    },

    onClear() {
      this.resetParams(null, get(this, 'selectedAction'));
    },

    clearParams(params) {
      const arr = Array.isArray(params) ? params : [params];
      arr.forEach(param => this.set(param, null));
    },

    doSubmit(data, options = {}) {
      const { backend, id } = this.getModelInfo();
      const action = this.get('selectedAction');
      let payload = data ? this.compactData(data) : null;
      this.setProperties({
        errors: null,
        result: null,
      });
      this.get('store')
        .adapterFor('transit-key')
        .keyAction(action, { backend, id, payload }, options)
        .then(
          resp => this.handleSuccess(resp, options, action),
          (...errArgs) => this.handleError(...errArgs)
        );
    },
  },
});
Ember update (#5386) Ember update - update ember-cli, ember-data, and ember to 3.4 series 2018-09-25 16:28:26 +00:00			`import { assign } from '@ember/polyfills';`
			`import { copy } from 'ember-copy';`
			`import { assert } from '@ember/debug';`
			`import { inject as service } from '@ember/service';`
			`import Component from '@ember/component';`
			`import { set, get, computed } from '@ember/object';`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00
			`const TRANSIT_PARAMS = {`
UI - transit update (#4298) * use waitForEvent for the CSP service as @alisdair suggested * Secrets engine not secret engine * move algorithm -> hash_algorithm and add support for picking signature_algorithm for RSA keys when signing or verifying in transit 2018-04-09 21:50:36 +00:00			`hash_algorithm: 'sha2-256',`
update hmac form and component to use 'algorithm' instead of 'hash-algorithm' (#4604) 2018-05-21 18:50:54 +00:00			`algorithm: 'sha2-256',`
UI - transit update (#4298) * use waitForEvent for the CSP service as @alisdair suggested * Secrets engine not secret engine * move algorithm -> hash_algorithm and add support for picking signature_algorithm for RSA keys when signing or verifying in transit 2018-04-09 21:50:36 +00:00			`signature_algorithm: 'pss',`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`bits: 256,`
			`bytes: 32,`
			`ciphertext: null,`
			`context: null,`
			`format: 'base64',`
			`hmac: null,`
			`input: null,`
			`key_version: 0,`
			`keys: null,`
			`nonce: null,`
			`param: 'wrapped',`
			`prehashed: false,`
			`plaintext: null,`
			`random_bytes: null,`
			`signature: null,`
			`sum: null,`
			`exportKeyType: null,`
			`exportKeyVersion: null,`
			`wrappedToken: null,`
			`valid: null,`
			`plaintextOriginal: null,`
			`didDecode: false,`
UI - transit update (#4298) * use waitForEvent for the CSP service as @alisdair suggested * Secrets engine not secret engine * move algorithm -> hash_algorithm and add support for picking signature_algorithm for RSA keys when signing or verifying in transit 2018-04-09 21:50:36 +00:00			`verification: 'Signature',`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`};`
			`const PARAMS_FOR_ACTION = {`
UI - transit update (#4298) * use waitForEvent for the CSP service as @alisdair suggested * Secrets engine not secret engine * move algorithm -> hash_algorithm and add support for picking signature_algorithm for RSA keys when signing or verifying in transit 2018-04-09 21:50:36 +00:00			`sign: ['input', 'hash_algorithm', 'key_version', 'prehashed', 'signature_algorithm'],`
			`verify: ['input', 'hmac', 'signature', 'hash_algorithm', 'prehashed'],`
update hmac form and component to use 'algorithm' instead of 'hash-algorithm' (#4604) 2018-05-21 18:50:54 +00:00			`hmac: ['input', 'algorithm', 'key_version'],`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`encrypt: ['plaintext', 'context', 'nonce', 'key_version'],`
			`decrypt: ['ciphertext', 'context', 'nonce'],`
			`rewrap: ['ciphertext', 'context', 'nonce', 'key_version'],`
			`};`
Ember update (#5386) Ember update - update ember-cli, ember-data, and ember to 3.4 series 2018-09-25 16:28:26 +00:00			`export default Component.extend(TRANSIT_PARAMS, {`
			`store: service(),`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00
			`// public attrs`
			`selectedAction: null,`
			`key: null,`

Ember update (#5386) Ember update - update ember-cli, ember-data, and ember to 3.4 series 2018-09-25 16:28:26 +00:00			`onRefresh() {},`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`init() {`
			`this._super(...arguments);`
			`if (get(this, 'selectedAction')) {`
			`return;`
			`}`
			`set(this, 'selectedAction', get(this, 'key.supportedActions.firstObject'));`
Ember update (#5386) Ember update - update ember-cli, ember-data, and ember to 3.4 series 2018-09-25 16:28:26 +00:00			assert('`key` is required for `' + this.toString() + '`.', this.getModelInfo());
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`},`

			`didReceiveAttrs() {`
			`this._super(...arguments);`
			`this.checkAction();`
			`if (get(this, 'selectedAction') === 'export') {`
			`this.setExportKeyDefaults();`
			`}`
			`},`

			`setExportKeyDefaults() {`
			`const exportKeyType = get(this, 'key.exportKeyTypes.firstObject');`
			`const exportKeyVersion = get(this, 'key.validKeyVersions.lastObject');`
			`this.setProperties({`
			`exportKeyType,`
			`exportKeyVersion,`
			`});`
			`},`

Ember update (#5386) Ember update - update ember-cli, ember-data, and ember to 3.4 series 2018-09-25 16:28:26 +00:00			`keyIsRSA: computed('key.type', function() {`
UI - transit update (#4298) * use waitForEvent for the CSP service as @alisdair suggested * Secrets engine not secret engine * move algorithm -> hash_algorithm and add support for picking signature_algorithm for RSA keys when signing or verifying in transit 2018-04-09 21:50:36 +00:00			`let type = get(this, 'key.type');`
RSA3072 implementation in transit secrets engine (#8151) * RSA3072 implementation in transit secrets engine * moved new KeyType at the end of the list So already stored keys still work properly Co-authored-by: Jim Kalafut <jim@kalafut.net> 2020-02-15 22:40:50 +00:00			`return type === 'rsa-2048' \|\| type === 'rsa-3072' \|\| type === 'rsa-4096';`
UI - transit update (#4298) * use waitForEvent for the CSP service as @alisdair suggested * Secrets engine not secret engine * move algorithm -> hash_algorithm and add support for picking signature_algorithm for RSA keys when signing or verifying in transit 2018-04-09 21:50:36 +00:00			`}),`

Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`getModelInfo() {`
			`const model = get(this, 'key') \|\| get(this, 'backend');`
			`if (!model) {`
			`return null;`
			`}`
			`const backend = get(model, 'backend') \|\| get(model, 'id');`
			`const id = get(model, 'id');`

			`return {`
			`backend,`
			`id,`
			`};`
			`},`

			`checkAction() {`
			`const currentAction = get(this, 'selectedAction');`
			`const oldAction = get(this, 'oldSelectedAction');`

			`this.resetParams(oldAction, currentAction);`
			`set(this, 'oldSelectedAction', currentAction);`
			`},`

			`resetParams(oldAction, action) {`
Ember update (#5386) Ember update - update ember-cli, ember-data, and ember to 3.4 series 2018-09-25 16:28:26 +00:00			`let params = copy(TRANSIT_PARAMS);`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`let paramsToKeep;`
			`let clearWithoutCheck =`
			`!oldAction \|\|`
			`// don't save values from datakey`
			`oldAction === 'datakey' \|\|`
			`// can rewrap signatures — using that as a ciphertext later would be problematic`
			`(oldAction === 'rewrap' && !get(this, 'key.supportsEncryption'));`

			`if (!clearWithoutCheck && action) {`
			`paramsToKeep = PARAMS_FOR_ACTION[action];`
			`}`

			`if (paramsToKeep) {`
			`paramsToKeep.forEach(param => delete params[param]);`
			`}`
			`//resets params still left in the object to defaults`
fix: error clears on transit key actions (#8354) 2020-02-18 16:00:50 +00:00			`this.clearErrors();`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`this.setProperties(params);`
			`if (action === 'export') {`
			`this.setExportKeyDefaults();`
			`}`
			`},`

			`handleError(e) {`
			`this.set('errors', e.errors);`
			`},`

fix: error clears on transit key actions (#8354) 2020-02-18 16:00:50 +00:00			`clearErrors() {`
			`this.set('errors', null);`
			`},`

Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`handleSuccess(resp, options, action) {`
			`let props = {};`
			`if (resp && resp.data) {`
			`if (action === 'export' && resp.data.keys) {`
			`const { keys, type, name } = resp.data;`
			`resp.data.keys = { keys, type, name };`
			`}`
Ember update (#5386) Ember update - update ember-cli, ember-data, and ember to 3.4 series 2018-09-25 16:28:26 +00:00			`props = assign({}, props, resp.data);`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`}`
			`if (options.wrapTTL) {`
Ember update (#5386) Ember update - update ember-cli, ember-data, and ember to 3.4 series 2018-09-25 16:28:26 +00:00			`props = assign({}, props, { wrappedToken: resp.wrap_info.token });`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`}`
			`this.setProperties(props);`
			`if (action === 'rotate') {`
Ember update (#5386) Ember update - update ember-cli, ember-data, and ember to 3.4 series 2018-09-25 16:28:26 +00:00			`this.get('onRefresh')();`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`}`
			`},`

			`compactData(data) {`
UI - transit update (#4298) * use waitForEvent for the CSP service as @alisdair suggested * Secrets engine not secret engine * move algorithm -> hash_algorithm and add support for picking signature_algorithm for RSA keys when signing or verifying in transit 2018-04-09 21:50:36 +00:00			`let type = get(this, 'key.type');`
RSA3072 implementation in transit secrets engine (#8151) * RSA3072 implementation in transit secrets engine * moved new KeyType at the end of the list So already stored keys still work properly Co-authored-by: Jim Kalafut <jim@kalafut.net> 2020-02-15 22:40:50 +00:00			`let isRSA = type === 'rsa-2048' \|\| type === 'rsa-3072' \|\| type === 'rsa-4096';`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`return Object.keys(data).reduce((result, key) => {`
UI - transit update (#4298) * use waitForEvent for the CSP service as @alisdair suggested * Secrets engine not secret engine * move algorithm -> hash_algorithm and add support for picking signature_algorithm for RSA keys when signing or verifying in transit 2018-04-09 21:50:36 +00:00			`if (key === 'signature_algorithm' && !isRSA) {`
			`return result;`
			`}`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`if (data[key]) {`
			`result[key] = data[key];`
			`}`
			`return result;`
			`}, {});`
			`},`

			`actions: {`
			`onActionChange(action) {`
			`set(this, 'selectedAction', action);`
			`this.checkAction();`
			`},`

			`onClear() {`
			`this.resetParams(null, get(this, 'selectedAction'));`
			`},`

			`clearParams(params) {`
			`const arr = Array.isArray(params) ? params : [params];`
			`arr.forEach(param => this.set(param, null));`
			`},`

			`doSubmit(data, options = {}) {`
			`const { backend, id } = this.getModelInfo();`
			`const action = this.get('selectedAction');`
			`let payload = data ? this.compactData(data) : null;`
			`this.setProperties({`
			`errors: null,`
			`result: null,`
			`});`
			`this.get('store')`
			`.adapterFor('transit-key')`
			`.keyAction(action, { backend, id, payload }, options)`
			`.then(`
			`resp => this.handleSuccess(resp, options, action),`
			`(...errArgs) => this.handleError(...errArgs)`
			`);`
			`},`
			`},`
			`});`