-
Notifications
You must be signed in to change notification settings - Fork 135
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test: check that existing P-256 publicKeyHex keys can be recomputed
- Loading branch information
Showing
4 changed files
with
115 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,106 @@ | ||
| // noinspection ES6PreferShortImport | ||
|
|
||
| import { KeyManagementSystem, SecretBox } from '../packages/kms-local/src' | ||
| import { Entities, KeyStore, migrations, PrivateKeyStore, } from '../packages/data-store/src' | ||
| import { PrivateKeyStoreJson } from '../packages/data-store-json/src' | ||
|
|
||
| import { DataSource } from 'typeorm' | ||
| import * as fs from 'fs' | ||
|
|
||
| import { jest } from '@jest/globals' | ||
| import { fileURLToPath } from 'url' | ||
| import { dirname } from 'path' | ||
|
|
||
| // @ts-ignore TS1343 | ||
| const __filename = fileURLToPath(import.meta.url) | ||
| const __dirname = dirname(__filename) | ||
|
|
||
| jest.setTimeout(60000) | ||
|
|
||
| const dbEncryptionKey = '29739248cad1bd1a0fc4d9b75cd4d2990de535baf5caadfdf8d8f86664aa830c' | ||
|
|
||
| describe('data handling tests', () => { | ||
| describe('can recompute p256 keys from old database', () => { | ||
| const fixture = __dirname + '/fixtures/local-database-before-p256key-migration.sqlite' | ||
| const databaseFile = fixture + '.tmp' | ||
| // intentionally using DataSource instead of Promise<DataSource> to test compatibility | ||
| let dbConnection: DataSource | ||
|
|
||
| beforeAll(async () => { | ||
| await fs.promises.copyFile(fixture, databaseFile) | ||
| dbConnection = new DataSource({ | ||
| name: 'test', | ||
| type: 'sqlite', | ||
| database: databaseFile, | ||
| synchronize: false, | ||
| migrations: migrations, | ||
| migrationsRun: true, | ||
| logging: false, | ||
| entities: Entities, | ||
| }) | ||
| }) | ||
|
|
||
| afterAll(async () => { | ||
| await dbConnection.destroy() | ||
| await fs.promises.unlink(databaseFile) | ||
| }) | ||
|
|
||
| it('should recompute p256 keys', async () => { | ||
| const kmsLocal = new KeyManagementSystem( | ||
| new PrivateKeyStore(dbConnection, new SecretBox(dbEncryptionKey)), | ||
| ) | ||
| const managedKeyStore = new KeyStore(dbConnection) | ||
| // list known private keys. kms-local will compute the correct public keys | ||
| const allPrivKeys = await kmsLocal.listKeys() | ||
| const keyIds: string[] = [] | ||
| for (const privKey of allPrivKeys) { | ||
| if (privKey.type === 'Secp256r1') { | ||
| const managedKey = await managedKeyStore.getKey({ kid: privKey.kid }) | ||
| if (managedKey.publicKeyHex.length === 64) { | ||
| keyIds.push(privKey.kid) | ||
| managedKey.publicKeyHex = privKey.publicKeyHex | ||
| } | ||
| await managedKeyStore.importKey(managedKey) | ||
| } | ||
| } | ||
| for (const kid of keyIds) { | ||
| const managedKey = await managedKeyStore.getKey({ kid }) | ||
| expect(managedKey.publicKeyHex.length).toEqual(66) | ||
| expect(managedKey.publicKeyHex).toMatch(/^(02|03).*/) | ||
| } | ||
| }) | ||
| }) | ||
| describe('kms-local maintains public key values for listKeys', () => { | ||
| it('when using data-store-json', async () => { | ||
| const memoryJsonStore = { | ||
| notifyUpdate: () => Promise.resolve(), | ||
| } | ||
| const kmsLocal = new KeyManagementSystem( | ||
| new PrivateKeyStoreJson(memoryJsonStore, new SecretBox(dbEncryptionKey)), | ||
| ) | ||
| const key = await kmsLocal.createKey({ type: 'Secp256r1' }) | ||
| const allPrivKeys = await kmsLocal.listKeys() | ||
| const foundKey = allPrivKeys.find((k) => k.kid === key.kid) | ||
| expect(foundKey?.publicKeyHex).toEqual(key.publicKeyHex) | ||
| }) | ||
|
|
||
| it('when using data-store', async () => { | ||
| const dbConnection = new DataSource({ | ||
| type: 'sqlite', | ||
| database: ':memory:', | ||
| entities: Entities, | ||
| synchronize: false, | ||
| migrations: migrations, | ||
| migrationsRun: true, | ||
| logging: false, | ||
| }) | ||
| const kmsLocal = new KeyManagementSystem( | ||
| new PrivateKeyStore(dbConnection, new SecretBox(dbEncryptionKey)), | ||
| ) | ||
| const key = await kmsLocal.createKey({ type: 'Secp256r1' }) | ||
| const allPrivKeys = await kmsLocal.listKeys() | ||
| const foundKey = allPrivKeys.find((k) => k.kid === key.kid) | ||
| expect(foundKey?.publicKeyHex).toEqual(key.publicKeyHex) | ||
| }) | ||
| }) | ||
| }) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters