8fd4f5ba0e
* use waitForEvent for the CSP service as @alisdair suggested * Secrets engine not secret engine * move algorithm -> hash_algorithm and add support for picking signature_algorithm for RSA keys when signing or verifying in transit
264 lines
8.4 KiB
JavaScript
264 lines
8.4 KiB
JavaScript
import { moduleForComponent, test } from 'ember-qunit';
|
|
import hbs from 'htmlbars-inline-precompile';
|
|
import Ember from 'ember';
|
|
import { encodeString } from 'vault/utils/b64';
|
|
|
|
const storeStub = Ember.Service.extend({
|
|
callArgs: null,
|
|
keyActionReturnVal: null,
|
|
rootKeyActionReturnVal: null,
|
|
adapterFor() {
|
|
const self = this;
|
|
return {
|
|
keyAction(action, { backend, id, payload }, options) {
|
|
self.set('callArgs', { action, backend, id, payload });
|
|
self.set('callArgsOptions', options);
|
|
const rootResp = Ember.assign({}, self.get('rootKeyActionReturnVal'));
|
|
const resp =
|
|
Object.keys(rootResp).length > 0
|
|
? rootResp
|
|
: {
|
|
data: Ember.assign({}, self.get('keyActionReturnVal')),
|
|
};
|
|
return Ember.RSVP.resolve(resp);
|
|
},
|
|
};
|
|
},
|
|
});
|
|
|
|
moduleForComponent('transit-key-actions', 'Integration | Component | transit key actions', {
|
|
integration: true,
|
|
beforeEach: function() {
|
|
this.register('service:store', storeStub);
|
|
this.inject.service('store', { as: 'storeService' });
|
|
},
|
|
});
|
|
|
|
test('it requires `key`', function(assert) {
|
|
assert.expectAssertion(
|
|
() => this.render(hbs`{{transit-key-actions}}`),
|
|
/`key` is required for/,
|
|
'asserts without key'
|
|
);
|
|
});
|
|
|
|
test('it renders', function(assert) {
|
|
this.set('key', { backend: 'transit', supportedActions: ['encrypt'] });
|
|
this.render(hbs`{{transit-key-actions selectedAction="encrypt" key=key}}`);
|
|
assert.equal(this.$('[data-test-transit-action="encrypt"]').length, 1, 'renders encrypt');
|
|
|
|
this.set('key', { backend: 'transit', supportedActions: ['sign'] });
|
|
this.render(hbs`{{transit-key-actions selectedAction="sign" key=key}}`);
|
|
assert.equal(this.$('[data-test-transit-action="sign"]').length, 1, 'renders sign');
|
|
});
|
|
|
|
test('it renders: signature_algorithm field', function(assert) {
|
|
this.set('key', { backend: 'transit', supportsSigning: true, supportedActions: ['sign', 'verify'] });
|
|
this.set('selectedAction', 'sign');
|
|
this.render(hbs`{{transit-key-actions selectedAction=selectedAction key=key}}`);
|
|
assert.equal(
|
|
this.$('[data-test-signature-algorithm]').length,
|
|
0,
|
|
'does not render signature_algorithm field on sign'
|
|
);
|
|
this.set('selectedAction', 'verify');
|
|
assert.equal(
|
|
this.$('[data-test-signature-algorithm]').length,
|
|
0,
|
|
'does not render signature_algorithm field on verify'
|
|
);
|
|
|
|
this.set('selectedAction', 'sign');
|
|
this.set('key', {
|
|
type: 'rsa-2048',
|
|
supportsSigning: true,
|
|
backend: 'transit',
|
|
supportedActions: ['sign', 'verify'],
|
|
});
|
|
assert.equal(
|
|
this.$('[data-test-signature-algorithm]').length,
|
|
1,
|
|
'renders signature_algorithm field on sign with rsa key'
|
|
);
|
|
this.set('selectedAction', 'verify');
|
|
assert.equal(
|
|
this.$('[data-test-signature-algorithm]').length,
|
|
1,
|
|
'renders signature_algorithm field on verify with rsa key'
|
|
);
|
|
});
|
|
|
|
test('it renders: rotate', function(assert) {
|
|
this.set('key', { backend: 'transit', id: 'akey', supportedActions: ['rotate'] });
|
|
this.render(hbs`{{transit-key-actions selectedAction="rotate" key=key}}`);
|
|
|
|
assert.equal(this.$().text().trim(), '', 'renders an empty div');
|
|
|
|
this.set('key.canRotate', true);
|
|
assert.equal(
|
|
this.$('button').text().trim(),
|
|
'Rotate encryption key',
|
|
'renders confirm-button when key.canRotate is true'
|
|
);
|
|
});
|
|
|
|
function doEncrypt(assert, actions = [], keyattrs = {}) {
|
|
let keyDefaults = { backend: 'transit', id: 'akey', supportedActions: ['encrypt'].concat(actions) };
|
|
|
|
const key = Ember.assign({}, keyDefaults, keyattrs);
|
|
this.set('key', key);
|
|
this.set('selectedAction', 'encrypt');
|
|
this.set('storeService.keyActionReturnVal', { ciphertext: 'secret' });
|
|
this.render(hbs`{{transit-key-actions selectedAction=selectedAction key=key}}`);
|
|
|
|
this.$('#plaintext').val('plaintext').trigger('input');
|
|
this.$('[data-test-transit-b64-toggle="plaintext"]').click();
|
|
this.$('button:submit').click();
|
|
assert.deepEqual(
|
|
this.get('storeService.callArgs'),
|
|
{
|
|
action: 'encrypt',
|
|
backend: 'transit',
|
|
id: 'akey',
|
|
payload: {
|
|
plaintext: encodeString('plaintext'),
|
|
},
|
|
},
|
|
'passes expected args to the adapter'
|
|
);
|
|
|
|
assert.equal(this.$('#ciphertext').val(), 'secret');
|
|
}
|
|
|
|
test('it encrypts', doEncrypt);
|
|
|
|
test('it shows key version selection', function(assert) {
|
|
let keyDefaults = { backend: 'transit', id: 'akey', supportedActions: ['encrypt'].concat([]) };
|
|
let keyattrs = { keysForEncryption: [3, 2, 1], latestVersion: 3 };
|
|
const key = Ember.assign({}, keyDefaults, keyattrs);
|
|
this.set('key', key);
|
|
this.set('storeService.keyActionReturnVal', { ciphertext: 'secret' });
|
|
this.render(hbs`{{transit-key-actions selectedAction="encrypt" key=key}}`);
|
|
|
|
this.$('#plaintext').val('plaintext').trigger('input');
|
|
this.$('[data-test-transit-b64-toggle="plaintext"]').click();
|
|
assert.equal(this.$('#key_version').length, 1, 'it renders the key version selector');
|
|
|
|
this.$('#key_version').trigger('change');
|
|
this.$('button:submit').click();
|
|
assert.deepEqual(
|
|
this.get('storeService.callArgs'),
|
|
{
|
|
action: 'encrypt',
|
|
backend: 'transit',
|
|
id: 'akey',
|
|
payload: {
|
|
plaintext: encodeString('plaintext'),
|
|
key_version: '0',
|
|
},
|
|
},
|
|
'includes key_version in the payload'
|
|
);
|
|
});
|
|
|
|
test('it hides key version selection', function(assert) {
|
|
let keyDefaults = { backend: 'transit', id: 'akey', supportedActions: ['encrypt'].concat([]) };
|
|
let keyattrs = { keysForEncryption: [1] };
|
|
const key = Ember.assign({}, keyDefaults, keyattrs);
|
|
this.set('key', key);
|
|
this.set('storeService.keyActionReturnVal', { ciphertext: 'secret' });
|
|
this.render(hbs`{{transit-key-actions selectedAction="encrypt" key=key}}`);
|
|
|
|
this.$('#plaintext').val('plaintext').trigger('input');
|
|
this.$('[data-test-transit-b64-toggle="plaintext"]').click();
|
|
|
|
assert.equal(
|
|
this.$('#key_version').length,
|
|
0,
|
|
'it does not render the selector when there is only one key'
|
|
);
|
|
});
|
|
|
|
test('it carries ciphertext value over to decrypt', function(assert) {
|
|
const plaintext = 'not so secret';
|
|
doEncrypt.call(this, assert, ['decrypt']);
|
|
|
|
this.set('storeService.keyActionReturnVal', { plaintext });
|
|
this.set('selectedAction', 'decrypt');
|
|
assert.equal(this.$('#ciphertext').val(), 'secret', 'keeps ciphertext value');
|
|
|
|
this.$('button:submit').click();
|
|
assert.equal(this.$('#plaintext').val(), plaintext, 'renders decrypted value');
|
|
});
|
|
|
|
const setupExport = function() {
|
|
this.set('key', {
|
|
backend: 'transit',
|
|
id: 'akey',
|
|
supportedActions: ['export'],
|
|
exportKeyTypes: ['encryption'],
|
|
validKeyVersions: [1],
|
|
});
|
|
this.render(hbs`{{transit-key-actions key=key}}`);
|
|
};
|
|
|
|
test('it can export a key:default behavior', function(assert) {
|
|
this.set('storeService.rootKeyActionReturnVal', { wrap_info: { token: 'wrapped-token' } });
|
|
setupExport.call(this);
|
|
this.$('button:submit').click();
|
|
|
|
assert.deepEqual(
|
|
this.get('storeService.callArgs'),
|
|
{
|
|
action: 'export',
|
|
backend: 'transit',
|
|
id: 'akey',
|
|
payload: {
|
|
param: ['encryption'],
|
|
},
|
|
},
|
|
'passes expected args to the adapter'
|
|
);
|
|
assert.equal(this.get('storeService.callArgsOptions.wrapTTL'), '30m', 'passes value for wrapTTL');
|
|
assert.equal(this.$('#export').val(), 'wrapped-token', 'wraps by default');
|
|
});
|
|
|
|
test('it can export a key:unwrapped behavior', function(assert) {
|
|
const response = { keys: { a: 'key' } };
|
|
this.set('storeService.keyActionReturnVal', response);
|
|
setupExport.call(this);
|
|
this.$('#wrap-response').click().change();
|
|
this.$('button:submit').click();
|
|
assert.deepEqual(
|
|
JSON.parse(this.$('.CodeMirror').get(0).CodeMirror.getValue()),
|
|
response,
|
|
'prints json response'
|
|
);
|
|
});
|
|
|
|
test('it can export a key: unwrapped, single version', function(assert) {
|
|
const response = { keys: { a: 'key' } };
|
|
this.set('storeService.keyActionReturnVal', response);
|
|
setupExport.call(this);
|
|
this.$('#wrap-response').click().change();
|
|
this.$('#exportVersion').click().change();
|
|
this.$('button:submit').click();
|
|
assert.deepEqual(
|
|
JSON.parse(this.$('.CodeMirror').get(0).CodeMirror.getValue()),
|
|
response,
|
|
'prints json response'
|
|
);
|
|
assert.deepEqual(
|
|
this.get('storeService.callArgs'),
|
|
{
|
|
action: 'export',
|
|
backend: 'transit',
|
|
id: 'akey',
|
|
payload: {
|
|
param: ['encryption', 1],
|
|
},
|
|
},
|
|
'passes expected args to the adapter'
|
|
);
|
|
});
|