From 81e15999f43636e2052e6cd7e9430985754a09b0 Mon Sep 17 00:00:00 2001 From: Chelsea Shaw Date: Thu, 6 Jul 2023 14:10:37 -0500 Subject: [PATCH 1/5] Add private key, issuing ca, ca chain to generated cert display --- ui/app/models/pki/certificate/base.js | 4 +- ui/app/models/pki/certificate/generate.js | 13 +++- .../page/pki-certificate-details.hbs | 24 ++++++- .../pki/page/pki-certificate-details-test.js | 70 ++++++++++++++++++- 4 files changed, 104 insertions(+), 7 deletions(-) diff --git a/ui/app/models/pki/certificate/base.js b/ui/app/models/pki/certificate/base.js index f83858811f90..8564bfa1951f 100644 --- a/ui/app/models/pki/certificate/base.js +++ b/ui/app/models/pki/certificate/base.js @@ -87,8 +87,8 @@ export default class PkiCertificateBaseModel extends Model { @attr('string', { masked: true }) certificate; @attr('number') expiration; @attr('string', { label: 'Issuing CA', masked: true }) issuingCa; - @attr('string') privateKey; // only returned for type=exported - @attr('string') privateKeyType; // only returned for type=exported + @attr('string', { masked: true }) privateKey; // only returned for type=exported and /issue + @attr('string') privateKeyType; // only returned for type=exported and /issue @attr('number', { formatDate: true }) revocationTime; @attr('string') serialNumber; diff --git a/ui/app/models/pki/certificate/generate.js b/ui/app/models/pki/certificate/generate.js index d5f7e30d8b5c..cdccc2cd403f 100644 --- a/ui/app/models/pki/certificate/generate.js +++ b/ui/app/models/pki/certificate/generate.js @@ -21,7 +21,18 @@ const generateFromRole = [ ], }, ]; -@withFormFields(null, generateFromRole) +// Extra fields returned on the /issue endpoint +const certDisplayFields = [ + 'certificate', + 'commonName', + 'revocationTime', + 'serialNumber', + 'caChain', + 'issuingCa', + 'privateKey', + 'privateKeyType', +]; +@withFormFields(certDisplayFields, generateFromRole) export default class PkiCertificateGenerateModel extends PkiCertificateBaseModel { getHelpUrl(backend) { return `/v1/${backend}/issue/example?help=1`; diff --git a/ui/lib/pki/addon/components/page/pki-certificate-details.hbs b/ui/lib/pki/addon/components/page/pki-certificate-details.hbs index ba79e7ad610e..4fb1d45c4046 100644 --- a/ui/lib/pki/addon/components/page/pki-certificate-details.hbs +++ b/ui/lib/pki/addon/components/page/pki-certificate-details.hbs @@ -18,10 +18,28 @@ +{{#if @model.privateKey}} +
+ + Next steps + + The + private_key + is only available once. Make sure you copy and save it now. + + +
+{{/if}} + {{#each @model.formFields as |field|}} - {{#if (eq field.name "certificate")}} - - + {{#if field.options.masked}} + + {{else if (eq field.name "serialNumber")}} diff --git a/ui/tests/integration/components/pki/page/pki-certificate-details-test.js b/ui/tests/integration/components/pki/page/pki-certificate-details-test.js index 482e21b81656..6f288b1b83d8 100644 --- a/ui/tests/integration/components/pki/page/pki-certificate-details-test.js +++ b/ui/tests/integration/components/pki/page/pki-certificate-details-test.js @@ -40,7 +40,25 @@ module('Integration | Component | pki | Page::PkiCertificateDetails', function ( }, }, }); + store.pushPayload('pki/certificate/generate', { + modelName: 'pki/certificate/generate', + data: { + certificate: '-----BEGIN CERTIFICATE-----', + ca_chain: '-----BEGIN CERTIFICATE-----', + issuer_ca: '-----BEGIN CERTIFICATE-----', + private_key: '-----BEGIN PRIVATE KEY-----', + private_key_type: 'rsa', + common_name: 'example.com Intermediate Authority', + issue_date: 1673540867000, + serial_number: id, + parsed_certificate: { + not_valid_after: 1831220897000, + not_valid_before: 1673540867000, + }, + }, + }); this.model = store.peekRecord('pki/certificate/base', id); + this.generatedModel = store.peekRecord('pki/certificate/generate', id); this.server.post('/sys/capabilities-self', () => ({ data: { @@ -50,7 +68,7 @@ module('Integration | Component | pki | Page::PkiCertificateDetails', function ( })); }); - test('it should render actions and fields', async function (assert) { + test('it should render actions and fields for base cert', async function (assert) { assert.expect(6); this.server.post('/pki/revoke', (schema, req) => { @@ -90,6 +108,56 @@ module('Integration | Component | pki | Page::PkiCertificateDetails', function ( assert.dom('[data-test-value-div="Revocation time"]').exists('Revocation time is displayed'); }); + test('it should render actions and fields for generated cert', async function (assert) { + assert.expect(10); + + this.server.post('/pki/revoke', (schema, req) => { + const data = JSON.parse(req.requestBody); + assert.strictEqual( + data.serial_number, + this.model.serialNumber, + 'Revoke request made with serial number' + ); + return { + data: { + revocation_time: 1673972804, + revocation_time_rfc3339: '2023-01-17T16:26:44.960933411Z', + }, + }; + }); + + await render(hbs``, { owner: this.engine }); + assert.dom('[data-test-cert-detail-next-steps]').exists('Private key next steps warning shows'); + assert + .dom('[data-test-component="info-table-row"]') + .exists({ count: 9 }, 'Correct number of fields render when certificate has not been revoked'); + assert + .dom('[data-test-value-div="Certificate"] [data-test-masked-input]') + .exists('Masked input renders for certificate'); + assert.dom('[data-test-value-div="Serial number"] code').exists('Serial number renders as monospace'); + assert + .dom('[data-test-value-div="CA Chain"] [data-test-masked-input]') + .exists('CA Chain shows with masked value'); + assert + .dom('[data-test-value-div="Issuing CA"] [data-test-masked-input]') + .exists('Issuing CA shows with masked value'); + assert + .dom('[data-test-value-div="Private key"] [data-test-masked-input]') + .exists('Private key shows with masked value'); + + await click('[data-test-pki-cert-download-button]'); + const { serialNumber, certificate } = this.model; + assert.ok( + this.downloadSpy.calledWith(serialNumber.replace(/(\s|:)+/g, '-'), certificate), + 'Download pem method called with correct args' + ); + + await click('[data-test-confirm-action-trigger]'); + await click('[data-test-confirm-button]'); + + assert.dom('[data-test-value-div="Revocation time"]').exists('Revocation time is displayed'); + }); + test('it should render back button', async function (assert) { assert.expect(1); From 03d08aaaeb586f5abebe79dd80fb9fe3b233679d Mon Sep 17 00:00:00 2001 From: Chelsea Shaw Date: Thu, 6 Jul 2023 14:11:47 -0500 Subject: [PATCH 2/5] allow download on all masked PKI values --- .../components/page/pki-certificate-details.hbs | 1 + .../addon/components/page/pki-issuer-details.hbs | 1 + .../addon/components/page/pki-key-details.hbs | 8 +++++++- ui/lib/pki/addon/components/pki-generate-csr.hbs | 8 +++++++- .../pki/addon/components/pki-generate-root.hbs | 16 ++++++++++++++-- .../pki/addon/components/pki-info-table-rows.hbs | 8 +++++++- .../components/pki-sign-intermediate-form.hbs | 8 +++++++- 7 files changed, 44 insertions(+), 6 deletions(-) diff --git a/ui/lib/pki/addon/components/page/pki-certificate-details.hbs b/ui/lib/pki/addon/components/page/pki-certificate-details.hbs index 4fb1d45c4046..bfc802749bb6 100644 --- a/ui/lib/pki/addon/components/page/pki-certificate-details.hbs +++ b/ui/lib/pki/addon/components/page/pki-certificate-details.hbs @@ -35,6 +35,7 @@ {{#if field.options.masked}} {{else if (eq attr.name "keyId")}} diff --git a/ui/lib/pki/addon/components/page/pki-key-details.hbs b/ui/lib/pki/addon/components/page/pki-key-details.hbs index 09453bd4352e..7b89b475025f 100644 --- a/ui/lib/pki/addon/components/page/pki-key-details.hbs +++ b/ui/lib/pki/addon/components/page/pki-key-details.hbs @@ -49,7 +49,13 @@ {{/each}} {{#if @key.privateKey}} - + {{/if}} \ No newline at end of file diff --git a/ui/lib/pki/addon/components/pki-generate-csr.hbs b/ui/lib/pki/addon/components/pki-generate-csr.hbs index 751cb36e2908..8b8bc1684c59 100644 --- a/ui/lib/pki/addon/components/pki-generate-csr.hbs +++ b/ui/lib/pki/addon/components/pki-generate-csr.hbs @@ -22,7 +22,13 @@ @addCopyButton={{eq attr.name "keyId"}} > {{#if (and attr.options.masked value)}} - + {{else if (eq attr.name "keyId")}} {{@model.keyId}} diff --git a/ui/lib/pki/addon/components/pki-generate-root.hbs b/ui/lib/pki/addon/components/pki-generate-root.hbs index 01d7129b5647..b667bf5e128d 100644 --- a/ui/lib/pki/addon/components/pki-generate-root.hbs +++ b/ui/lib/pki/addon/components/pki-generate-root.hbs @@ -15,7 +15,13 @@ - + {{else}} {{#if @model.privateKey}} - + {{else}} internal {{/if}} diff --git a/ui/lib/pki/addon/components/pki-info-table-rows.hbs b/ui/lib/pki/addon/components/pki-info-table-rows.hbs index 5799ff3c773e..41863ae586d6 100644 --- a/ui/lib/pki/addon/components/pki-info-table-rows.hbs +++ b/ui/lib/pki/addon/components/pki-info-table-rows.hbs @@ -9,7 +9,13 @@ @addCopyButton={{or (eq attr.name "issuerId") (eq attr.name "keyId")}} > {{#if (and attr.options.masked value)}} - + {{else if attr.options.detailLinkTo}} {{value}} {{else if (or (eq attr.name "privateKey") (eq attr.name "privateKeyType"))}} diff --git a/ui/lib/pki/addon/components/pki-sign-intermediate-form.hbs b/ui/lib/pki/addon/components/pki-sign-intermediate-form.hbs index 4e9184fca127..8c0269a7b1a9 100644 --- a/ui/lib/pki/addon/components/pki-sign-intermediate-form.hbs +++ b/ui/lib/pki/addon/components/pki-sign-intermediate-form.hbs @@ -13,7 +13,13 @@ {{#let (find-by "name" fieldName @model.allFields) as |attr|}} {{#if (and attr.options.masked (get @model attr.name))}} - + {{else if (eq attr.name "serialNumber")}} Date: Thu, 6 Jul 2023 15:50:22 -0500 Subject: [PATCH 3/5] Add changelog --- changelog/21635.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/21635.txt diff --git a/changelog/21635.txt b/changelog/21635.txt new file mode 100644 index 000000000000..6d19e8da9688 --- /dev/null +++ b/changelog/21635.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: Adds missing values to details view after generating PKI certificate +``` \ No newline at end of file From 9bee80d3fecbdcb0058dcb493a7fce1cd36fc9db Mon Sep 17 00:00:00 2001 From: Chelsea Shaw Date: Fri, 7 Jul 2023 09:28:44 -0500 Subject: [PATCH 4/5] Revert "allow download on all masked PKI values" This reverts commit 03d08aaaeb586f5abebe79dd80fb9fe3b233679d. --- .../components/page/pki-certificate-details.hbs | 1 - .../addon/components/page/pki-issuer-details.hbs | 1 - .../addon/components/page/pki-key-details.hbs | 8 +------- ui/lib/pki/addon/components/pki-generate-csr.hbs | 8 +------- .../pki/addon/components/pki-generate-root.hbs | 16 ++-------------- .../pki/addon/components/pki-info-table-rows.hbs | 8 +------- .../components/pki-sign-intermediate-form.hbs | 8 +------- 7 files changed, 6 insertions(+), 44 deletions(-) diff --git a/ui/lib/pki/addon/components/page/pki-certificate-details.hbs b/ui/lib/pki/addon/components/page/pki-certificate-details.hbs index bfc802749bb6..4fb1d45c4046 100644 --- a/ui/lib/pki/addon/components/page/pki-certificate-details.hbs +++ b/ui/lib/pki/addon/components/page/pki-certificate-details.hbs @@ -35,7 +35,6 @@ {{#if field.options.masked}} {{else if (eq attr.name "keyId")}} diff --git a/ui/lib/pki/addon/components/page/pki-key-details.hbs b/ui/lib/pki/addon/components/page/pki-key-details.hbs index 7b89b475025f..09453bd4352e 100644 --- a/ui/lib/pki/addon/components/page/pki-key-details.hbs +++ b/ui/lib/pki/addon/components/page/pki-key-details.hbs @@ -49,13 +49,7 @@ {{/each}} {{#if @key.privateKey}} - + {{/if}} \ No newline at end of file diff --git a/ui/lib/pki/addon/components/pki-generate-csr.hbs b/ui/lib/pki/addon/components/pki-generate-csr.hbs index 8b8bc1684c59..751cb36e2908 100644 --- a/ui/lib/pki/addon/components/pki-generate-csr.hbs +++ b/ui/lib/pki/addon/components/pki-generate-csr.hbs @@ -22,13 +22,7 @@ @addCopyButton={{eq attr.name "keyId"}} > {{#if (and attr.options.masked value)}} - + {{else if (eq attr.name "keyId")}} {{@model.keyId}} diff --git a/ui/lib/pki/addon/components/pki-generate-root.hbs b/ui/lib/pki/addon/components/pki-generate-root.hbs index b667bf5e128d..01d7129b5647 100644 --- a/ui/lib/pki/addon/components/pki-generate-root.hbs +++ b/ui/lib/pki/addon/components/pki-generate-root.hbs @@ -15,13 +15,7 @@ - + {{else}} {{#if @model.privateKey}} - + {{else}} internal {{/if}} diff --git a/ui/lib/pki/addon/components/pki-info-table-rows.hbs b/ui/lib/pki/addon/components/pki-info-table-rows.hbs index 41863ae586d6..5799ff3c773e 100644 --- a/ui/lib/pki/addon/components/pki-info-table-rows.hbs +++ b/ui/lib/pki/addon/components/pki-info-table-rows.hbs @@ -9,13 +9,7 @@ @addCopyButton={{or (eq attr.name "issuerId") (eq attr.name "keyId")}} > {{#if (and attr.options.masked value)}} - + {{else if attr.options.detailLinkTo}} {{value}} {{else if (or (eq attr.name "privateKey") (eq attr.name "privateKeyType"))}} diff --git a/ui/lib/pki/addon/components/pki-sign-intermediate-form.hbs b/ui/lib/pki/addon/components/pki-sign-intermediate-form.hbs index 8c0269a7b1a9..4e9184fca127 100644 --- a/ui/lib/pki/addon/components/pki-sign-intermediate-form.hbs +++ b/ui/lib/pki/addon/components/pki-sign-intermediate-form.hbs @@ -13,13 +13,7 @@ {{#let (find-by "name" fieldName @model.allFields) as |attr|}} {{#if (and attr.options.masked (get @model attr.name))}} - + {{else if (eq attr.name "serialNumber")}} Date: Fri, 7 Jul 2023 09:33:04 -0500 Subject: [PATCH 5/5] remove single allowDownload --- .../pki/addon/components/page/pki-certificate-details.hbs | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/ui/lib/pki/addon/components/page/pki-certificate-details.hbs b/ui/lib/pki/addon/components/page/pki-certificate-details.hbs index 4fb1d45c4046..2b26a9702a5a 100644 --- a/ui/lib/pki/addon/components/page/pki-certificate-details.hbs +++ b/ui/lib/pki/addon/components/page/pki-certificate-details.hbs @@ -34,12 +34,7 @@ {{#each @model.formFields as |field|}} {{#if field.options.masked}} - + {{else if (eq field.name "serialNumber")}}