2022-10-10 17:19:01 +02:00
|
|
|
// eslint-disable-next-line no-restricted-imports
|
2022-09-27 03:17:43 +02:00
|
|
|
import { Substitute, Arg } from "@fluffy-spoon/substitute";
|
2022-09-02 03:15:19 +02:00
|
|
|
import { mock, MockProxy } from "jest-mock-extended";
|
2022-04-16 17:18:12 +02:00
|
|
|
|
2022-06-14 17:10:53 +02:00
|
|
|
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
|
2022-10-27 23:38:54 +02:00
|
|
|
import { EncryptService } from "@bitwarden/common/abstractions/encrypt.service";
|
[AC-1266] Enums filename conventions (#5140)
* refactor: update clientType enum
* refactor: update deviceType filename
* refactor: update encryptedExportType filename
* refactor: update encryptionType filename
* refactor: update eventType filename
* refactor: update fieldType filename
* refactor: update fileUploadType filename
* refactor: update hashPurpose filename
* refactor: update htmlStorageLocation filename
* refactor: update kdfType filename
* refactor: update keySuffixOptions filename
* refactor: update linkedIdType filename
* refactor: update logLevelType filename
* refactor: update nativeMessagingVersion filename
* refactor: update notificationType filename
* refactor: update productType filename
* refactor: update secureNoteType filename
* refactor: update stateVersion filename
* refactor: update storageLocation filename
* refactor: update themeType filename
* refactor: update uriMatchType filename
* fix: update kdfType classes missed in initial pass, refs AC-1266
* fix: missing import update for device-type
* refactor: add barrel file for enums and update pathed import statements, refs AC-1266
* fix: incorrect import statements for web, refs AC-1266
* fix: missed import statement updates (browser), refs AC-1266
* fix: missed import statement changes (cli), refs AC-1266
* fix: missed import statement changes (desktop), refs AC-1266
* fix: prettier, refs AC-1266
* refactor: (libs) update relative paths to use barrel file, refs AC-1266
* fix: missed find/replace import statements for SecureNoteType, refs AC-1266
* refactor: apply .enum suffix to enums folder and modify leftover relative paths, refs AC-1266
* fix: find/replace errors for native-messaging-version, refs AC-1266
2023-04-05 05:42:21 +02:00
|
|
|
import { EncryptionType } from "@bitwarden/common/enums";
|
2022-10-14 18:25:50 +02:00
|
|
|
import { EncString } from "@bitwarden/common/models/domain/enc-string";
|
|
|
|
|
import { SymmetricCryptoKey } from "@bitwarden/common/models/domain/symmetric-crypto-key";
|
2022-06-14 17:10:53 +02:00
|
|
|
import { ContainerService } from "@bitwarden/common/services/container.service";
|
2022-04-16 17:18:12 +02:00
|
|
|
|
|
|
|
|
describe("EncString", () => {
|
|
|
|
|
afterEach(() => {
|
|
|
|
|
(window as any).bitwardenContainerService = undefined;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe("Rsa2048_OaepSha256_B64", () => {
|
|
|
|
|
it("constructor", () => {
|
|
|
|
|
const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
data: "data",
|
|
|
|
|
encryptedString: "3.data",
|
|
|
|
|
encryptionType: 3,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2023-04-18 15:09:47 +02:00
|
|
|
describe("isSerializedEncString", () => {
|
|
|
|
|
it("is true if valid", () => {
|
|
|
|
|
expect(EncString.isSerializedEncString("3.data")).toBe(true);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("is false if invalid", () => {
|
|
|
|
|
expect(EncString.isSerializedEncString("3.data|test")).toBe(false);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-04-16 17:18:12 +02:00
|
|
|
describe("parse existing", () => {
|
|
|
|
|
it("valid", () => {
|
|
|
|
|
const encString = new EncString("3.data");
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
data: "data",
|
|
|
|
|
encryptedString: "3.data",
|
|
|
|
|
encryptionType: 3,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("invalid", () => {
|
|
|
|
|
const encString = new EncString("3.data|test");
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
encryptedString: "3.data|test",
|
|
|
|
|
encryptionType: 3,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe("decrypt", () => {
|
|
|
|
|
const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
|
|
|
|
|
|
|
|
|
|
const cryptoService = Substitute.for<CryptoService>();
|
|
|
|
|
cryptoService.getOrgKey(null).resolves(null);
|
2022-09-02 03:15:19 +02:00
|
|
|
|
2022-10-27 23:38:54 +02:00
|
|
|
const encryptService = Substitute.for<EncryptService>();
|
2022-09-02 03:15:19 +02:00
|
|
|
encryptService.decryptToUtf8(encString, Arg.any()).resolves("decrypted");
|
2022-04-16 17:18:12 +02:00
|
|
|
|
|
|
|
|
beforeEach(() => {
|
2022-09-02 03:15:19 +02:00
|
|
|
(window as any).bitwardenContainerService = new ContainerService(
|
|
|
|
|
cryptoService,
|
|
|
|
|
encryptService
|
|
|
|
|
);
|
2022-04-16 17:18:12 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("decrypts correctly", async () => {
|
|
|
|
|
const decrypted = await encString.decrypt(null);
|
|
|
|
|
|
|
|
|
|
expect(decrypted).toBe("decrypted");
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("result should be cached", async () => {
|
|
|
|
|
const decrypted = await encString.decrypt(null);
|
2022-09-02 03:15:19 +02:00
|
|
|
encryptService.received(1).decryptToUtf8(Arg.any(), Arg.any());
|
2022-04-16 17:18:12 +02:00
|
|
|
|
|
|
|
|
expect(decrypted).toBe("decrypted");
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe("AesCbc256_B64", () => {
|
|
|
|
|
it("constructor", () => {
|
|
|
|
|
const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
data: "data",
|
|
|
|
|
encryptedString: "0.iv|data",
|
|
|
|
|
encryptionType: 0,
|
|
|
|
|
iv: "iv",
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2023-04-18 15:09:47 +02:00
|
|
|
describe("isSerializedEncString", () => {
|
|
|
|
|
it("is true if valid", () => {
|
|
|
|
|
expect(EncString.isSerializedEncString("0.iv|data")).toBe(true);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("is false if invalid", () => {
|
|
|
|
|
expect(EncString.isSerializedEncString("0.iv|data|mac")).toBe(false);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-04-16 17:18:12 +02:00
|
|
|
describe("parse existing", () => {
|
|
|
|
|
it("valid", () => {
|
|
|
|
|
const encString = new EncString("0.iv|data");
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
data: "data",
|
|
|
|
|
encryptedString: "0.iv|data",
|
|
|
|
|
encryptionType: 0,
|
|
|
|
|
iv: "iv",
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("invalid", () => {
|
|
|
|
|
const encString = new EncString("0.iv|data|mac");
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
encryptedString: "0.iv|data|mac",
|
|
|
|
|
encryptionType: 0,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe("AesCbc256_HmacSha256_B64", () => {
|
|
|
|
|
it("constructor", () => {
|
|
|
|
|
const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
data: "data",
|
|
|
|
|
encryptedString: "2.iv|data|mac",
|
|
|
|
|
encryptionType: 2,
|
|
|
|
|
iv: "iv",
|
|
|
|
|
mac: "mac",
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2023-04-18 15:09:47 +02:00
|
|
|
describe("isSerializedEncString", () => {
|
|
|
|
|
it("is true if valid", () => {
|
|
|
|
|
expect(EncString.isSerializedEncString("2.iv|data|mac")).toBe(true);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("is false if invalid", () => {
|
|
|
|
|
expect(EncString.isSerializedEncString("2.iv|data")).toBe(false);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-04-16 17:18:12 +02:00
|
|
|
it("valid", () => {
|
|
|
|
|
const encString = new EncString("2.iv|data|mac");
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
data: "data",
|
|
|
|
|
encryptedString: "2.iv|data|mac",
|
|
|
|
|
encryptionType: 2,
|
|
|
|
|
iv: "iv",
|
|
|
|
|
mac: "mac",
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("invalid", () => {
|
|
|
|
|
const encString = new EncString("2.iv|data");
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
encryptedString: "2.iv|data",
|
|
|
|
|
encryptionType: 2,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("Exit early if null", () => {
|
|
|
|
|
const encString = new EncString(null);
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
encryptedString: null,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe("decrypt", () => {
|
2022-09-02 03:15:19 +02:00
|
|
|
let cryptoService: MockProxy<CryptoService>;
|
2022-10-27 23:38:54 +02:00
|
|
|
let encryptService: MockProxy<EncryptService>;
|
2022-09-02 03:15:19 +02:00
|
|
|
let encString: EncString;
|
|
|
|
|
|
|
|
|
|
beforeEach(() => {
|
|
|
|
|
cryptoService = mock<CryptoService>();
|
2022-10-27 23:38:54 +02:00
|
|
|
encryptService = mock<EncryptService>();
|
2022-09-02 03:15:19 +02:00
|
|
|
encString = new EncString(null);
|
|
|
|
|
|
|
|
|
|
(window as any).bitwardenContainerService = new ContainerService(
|
|
|
|
|
cryptoService,
|
|
|
|
|
encryptService
|
|
|
|
|
);
|
2022-04-16 17:18:12 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("handles value it can't decrypt", async () => {
|
2022-09-02 03:15:19 +02:00
|
|
|
encryptService.decryptToUtf8.mockRejectedValue("error");
|
2022-04-16 17:18:12 +02:00
|
|
|
|
2022-09-02 03:15:19 +02:00
|
|
|
(window as any).bitwardenContainerService = new ContainerService(
|
|
|
|
|
cryptoService,
|
|
|
|
|
encryptService
|
|
|
|
|
);
|
2022-04-16 17:18:12 +02:00
|
|
|
|
|
|
|
|
const decrypted = await encString.decrypt(null);
|
|
|
|
|
|
|
|
|
|
expect(decrypted).toBe("[error: cannot decrypt]");
|
|
|
|
|
|
|
|
|
|
expect(encString).toEqual({
|
|
|
|
|
decryptedValue: "[error: cannot decrypt]",
|
|
|
|
|
encryptedString: null,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-09-02 03:15:19 +02:00
|
|
|
it("uses provided key without depending on CryptoService", async () => {
|
|
|
|
|
const key = mock<SymmetricCryptoKey>();
|
2022-04-16 17:18:12 +02:00
|
|
|
|
2022-09-02 03:15:19 +02:00
|
|
|
await encString.decrypt(null, key);
|
|
|
|
|
|
|
|
|
|
expect(cryptoService.getKeyForUserEncryption).not.toHaveBeenCalled();
|
|
|
|
|
expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, key);
|
|
|
|
|
});
|
2022-04-16 17:18:12 +02:00
|
|
|
|
2022-09-02 03:15:19 +02:00
|
|
|
it("gets an organization key if required", async () => {
|
|
|
|
|
const orgKey = mock<SymmetricCryptoKey>();
|
2022-04-16 17:18:12 +02:00
|
|
|
|
2022-09-02 03:15:19 +02:00
|
|
|
cryptoService.getOrgKey.calledWith("orgId").mockResolvedValue(orgKey);
|
|
|
|
|
|
|
|
|
|
await encString.decrypt("orgId", null);
|
|
|
|
|
|
|
|
|
|
expect(cryptoService.getOrgKey).toHaveBeenCalledWith("orgId");
|
|
|
|
|
expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, orgKey);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("gets the user's decryption key if required", async () => {
|
|
|
|
|
const userKey = mock<SymmetricCryptoKey>();
|
|
|
|
|
|
|
|
|
|
cryptoService.getKeyForUserEncryption.mockResolvedValue(userKey);
|
|
|
|
|
|
|
|
|
|
await encString.decrypt(null, null);
|
2022-04-16 17:18:12 +02:00
|
|
|
|
2022-09-02 03:15:19 +02:00
|
|
|
expect(cryptoService.getKeyForUserEncryption).toHaveBeenCalledWith();
|
|
|
|
|
expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, userKey);
|
2022-04-16 17:18:12 +02:00
|
|
|
});
|
|
|
|
|
});
|
2022-08-16 14:05:03 +02:00
|
|
|
|
|
|
|
|
describe("toJSON", () => {
|
|
|
|
|
it("Should be represented by the encrypted string", () => {
|
|
|
|
|
const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
|
|
|
|
|
|
|
|
|
|
expect(encString.toJSON()).toBe(encString.encryptedString);
|
|
|
|
|
});
|
2022-10-03 22:50:43 +02:00
|
|
|
|
|
|
|
|
it("returns null if object is null", () => {
|
|
|
|
|
expect(EncString.fromJSON(null)).toBeNull();
|
|
|
|
|
});
|
2022-08-16 14:05:03 +02:00
|
|
|
});
|
2022-04-16 17:18:12 +02:00
|
|
|
});
|
