luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

backport of commit c2a1ce374c6eb340c779fbe26503e949172a6867 (#20948) 

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-06-01 21:26:35 -04:00 committed by GitHub
parent 0ac7213b73
commit 5669d16277
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 120 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ui/lib/pki/addon/components/page/pki-issuer-details.hbs
View File

@ -128,6 +128,20 @@
{{/each-in}}
{{/each}}
</main>
{{#if (or (eq @issuer.parsedCertificate.can_parse false) this.parsingErrors)}}
<AlertBanner
data-test-parsing-error-alert-banner
class="has-top-margin-m"
@type="info"
@title="There was an error parsing certificate metadata"
>
Vault cannot display unparsed values, but this will not interfere with the certificate's functionality. However, if you
wish to cross-sign this issuer it must be done manually using the CLI.
{{#if this.parsingErrors}}
<p class="sub-text is-font-mono">Parsing error(s): {{this.parsingErrors}} </p>
{{/if}}
</AlertBanner>
{{/if}}
{{! ROOT ROTATION MODAL }}
<Modal

7
ui/lib/pki/addon/components/page/pki-issuer-details.ts
View File

@ -13,4 +13,11 @@ interface Args {
export default class PkiIssuerDetailsComponent extends Component<Args> {
@tracked showRotationModal = false;
get parsingErrors() {
if (this.args.issuer.parsedCertificate?.parsing_errors?.length) {
return this.args.issuer.parsedCertificate.parsing_errors.map((e: Error) => e.message).join(', ');
}
return '';
}
}

15
ui/lib/pki/addon/components/parsed-certificate-info-rows.hbs
View File

@ -6,17 +6,4 @@
@formatDate={{field.formatDate}}
/>
{{/let}}
{{/each}}
{{#if (or (eq @model.can_parse false) this.parsingErrors)}}
<AlertBanner
data-test-parsing-error-alert-banner
class="has-top-margin-m"
@type="info"
@title="There was an error parsing certificate metadata"
>
Vault cannot display unparsed values, but this will not interfere with the certificate's functionality.
{{#if this.parsingErrors}}
<p class="sub-text is-font-mono">Parsing error(s): {{this.parsingErrors}} </p>
{{/if}}
</AlertBanner>
{{/if}}
{{/each}}

7
ui/lib/pki/addon/components/parsed-certificate-info-rows.ts
View File

@ -51,11 +51,4 @@ export default class ParsedCertificateInfoRowsComponent extends Component<Args>
};
});
}
get parsingErrors() {
if (this.args.model?.parsing_errors?.length) {
return this.args.model.parsing_errors.map((e) => e.message).join(', ');
}
return '';
}
}

17
ui/tests/helpers/pki/pki-issuer-details.js
View File

@ -4,16 +4,17 @@
*/
export const SELECTORS = {
defaultGroup: '[data-test-details-group="default"]',
urlsGroup: '[data-test-details-group="Issuer URLs"]',
groupTitle: '[data-test-group-title]',
row: '[data-test-component="info-table-row"]',
rotateRoot: '[data-test-pki-issuer-rotate-root]',
crossSign: '[data-test-pki-issuer-cross-sign]',
signIntermediate: '[data-test-pki-issuer-sign-int]',
download: '[data-test-issuer-download]',
configure: '[data-test-pki-issuer-configure]',
crossSign: '[data-test-pki-issuer-cross-sign]',
defaultGroup: '[data-test-details-group="default"]',
download: '[data-test-issuer-download]',
groupTitle: '[data-test-group-title]',
parsingAlertBanner: '[data-test-parsing-error-alert-banner]',
rotateModal: '[data-test-modal-background="Rotate this root"]',
rotateModalGenerate: '[data-test-root-rotate-step-one]',
rotateRoot: '[data-test-pki-issuer-rotate-root]',
row: '[data-test-component="info-table-row"]',
signIntermediate: '[data-test-pki-issuer-sign-int]',
urlsGroup: '[data-test-details-group="Issuer URLs"]',
valueByName: (name) => `[data-test-value-div="${name}"]`,
};

50
ui/tests/integration/components/pki/parsed-certificate-info-rows-test.js
View File

@ -3,8 +3,6 @@ import { setupRenderingTest } from 'vault/tests/helpers';
import { render } from '@ember/test-helpers';
import { hbs } from 'ember-cli-htmlbars';
import { setupEngine } from 'ember-engines/test-support';
import { parseCertificate } from 'vault/utils/parse-pki-cert';
import { unsupportedOids } from 'vault/tests/helpers/pki/values';
module('Integration | Component | parsed-certificate-info-rows', function (hooks) {
setupRenderingTest(hooks);
@ -42,52 +40,4 @@ module('Integration | Component | parsed-certificate-info-rows', function (hooks
.dom('[data-test-parsing-error-alert-banner]')
.doesNotExist('does not render parsing error info banner');
});
test('it renders info banner when parsing fails and no parsing errors', async function (assert) {
this.set('parsedCertificate', {
can_parse: false,
});
await render(hbs`<ParsedCertificateInfoRows @model={{this.parsedCertificate}} />`, {
owner: this.engine,
});
assert
.dom('[data-test-parsing-error-alert-banner]')
.hasText(
"There was an error parsing certificate metadata Vault cannot display unparsed values, but this will not interfere with the certificate's functionality."
);
});
test('it renders info banner when parsing fails and parsing errors exist', async function (assert) {
this.set('parsedCertificate', {
can_parse: false,
parsing_errors: [new Error('some parsing error')],
});
await render(hbs`<ParsedCertificateInfoRows @model={{this.parsedCertificate}} />`, {
owner: this.engine,
});
assert
.dom('[data-test-parsing-error-alert-banner]')
.hasText(
"There was an error parsing certificate metadata Vault cannot display unparsed values, but this will not interfere with the certificate's functionality. Parsing error(s): some parsing error"
);
});
test('it renders info banner when parsing is successful but unsupported OIDs return parsing errors', async function (assert) {
const { parsing_errors } = parseCertificate(unsupportedOids);
this.set('parsedCertificate', {
can_parse: true,
parsing_errors,
});
await render(hbs`<ParsedCertificateInfoRows @model={{this.parsedCertificate}} />`, {
owner: this.engine,
});
assert
.dom('[data-test-parsing-error-alert-banner]')
.hasText(
"There was an error parsing certificate metadata Vault cannot display unparsed values, but this will not interfere with the certificate's functionality. Parsing error(s): certificate contains unsupported subject OIDs: 1.2.840.113549.1.9.1, certificate contains unsupported extension OIDs: 2.5.29.37"
);
});
});

89
ui/tests/integration/components/pki/pki-issuer-details-test.js
View File

@ -36,6 +36,7 @@ module('Integration | Component | page/pki-issuer-details', function (hooks) {
assert.dom(SELECTORS.signIntermediate).doesNotExist();
assert.dom(SELECTORS.download).hasText('Download');
assert.dom(SELECTORS.configure).doesNotExist();
assert.dom(SELECTORS.parsingAlertBanner).doesNotExist();
});
test('it renders toolbar actions depending on passed capabilities', async function (assert) {
@ -60,6 +61,7 @@ module('Integration | Component | page/pki-issuer-details', function (hooks) {
this.context
);
assert.dom(SELECTORS.parsingAlertBanner).doesNotExist();
assert.dom(SELECTORS.rotateRoot).hasText('Rotate this root');
assert.dom(SELECTORS.crossSign).hasText('Cross-sign issuers');
assert.dom(SELECTORS.signIntermediate).hasText('Sign Intermediate');
@ -78,4 +80,91 @@ module('Integration | Component | page/pki-issuer-details', function (hooks) {
assert.dom(SELECTORS.download).hasText('Download');
assert.dom(SELECTORS.configure).doesNotExist();
});
test('it renders parsing error banner if issuer certificate contains unsupported OIDs', async function (assert) {
this.issuer.parsedCertificate = {
common_name: 'fancy-cert-unsupported-subj-and-ext-oids',
subject_serial_number: null,
ou: null,
organization: 'Acme, Inc',
country: 'US',
locality: 'Topeka',
province: 'Kansas',
street_address: null,
parsing_errors: [new Error('certificate contains stuff we cannot parse')],
can_parse: true,
};
await render(
hbs`
<Page::PkiIssuerDetails @issuer={{this.issuer}} />
<div id="modal-wormhole"></div>
`,
this.context
);
assert.dom(SELECTORS.parsingAlertBanner).exists();
assert
.dom(SELECTORS.parsingAlertBanner)
.hasText(
"There was an error parsing certificate metadata Vault cannot display unparsed values, but this will not interfere with the certificate's functionality. However, if you wish to cross-sign this issuer it must be done manually using the CLI. Parsing error(s): certificate contains stuff we cannot parse"
);
});
test('it renders parsing error banner if can_parse=false but no parsing_errors', async function (assert) {
this.issuer.parsedCertificate = {
common_name: 'fancy-cert-unsupported-subj-and-ext-oids',
subject_serial_number: null,
ou: null,
organization: 'Acme, Inc',
country: 'US',
locality: 'Topeka',
province: 'Kansas',
street_address: null,
parsing_errors: [],
can_parse: false,
};
await render(
hbs`
<Page::PkiIssuerDetails @issuer={{this.issuer}} />
<div id="modal-wormhole"></div>
`,
this.context
);
assert.dom(SELECTORS.parsingAlertBanner).exists();
assert
.dom(SELECTORS.parsingAlertBanner)
.hasText(
"There was an error parsing certificate metadata Vault cannot display unparsed values, but this will not interfere with the certificate's functionality. However, if you wish to cross-sign this issuer it must be done manually using the CLI."
);
});
test('it renders parsing error banner if no key for parsing_errors', async function (assert) {
this.issuer.parsedCertificate = {
common_name: 'fancy-cert-unsupported-subj-and-ext-oids',
subject_serial_number: null,
ou: null,
organization: 'Acme, Inc',
country: 'US',
locality: 'Topeka',
province: 'Kansas',
street_address: null,
can_parse: false,
};
await render(
hbs`
<Page::PkiIssuerDetails @issuer={{this.issuer}} />
<div id="modal-wormhole"></div>
`,
this.context
);
assert.dom(SELECTORS.parsingAlertBanner).exists();
assert
.dom(SELECTORS.parsingAlertBanner)
.hasText(
"There was an error parsing certificate metadata Vault cannot display unparsed values, but this will not interfere with the certificate's functionality. However, if you wish to cross-sign this issuer it must be done manually using the CLI."
);
});
});