-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test: Refactor functional tests (#32)
- Loading branch information
Showing
5 changed files
with
71 additions
and
76 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,24 @@ | ||
import { KMSClient } from '@aws-sdk/client-kms'; | ||
import { initKmsProviderFromEnv, KmsRsaPssProvider } from '../index'; | ||
import { RSA_PSS_CREATION_ALGORITHM, RSA_PSS_SIGN_ALGORITHM } from '../testUtils/webcrypto'; | ||
import { PLAINTEXT, verifyAsymmetricSignature } from './utils'; | ||
|
||
import { AwsKmsRsaPssProvider } from '../lib/aws/AwsKmsRsaPssProvider'; | ||
import { PLAINTEXT } from '../testUtils/stubs'; | ||
import { | ||
NODEJS_CRYPTO, | ||
RSA_PSS_CREATION_ALGORITHM, | ||
RSA_PSS_SIGN_ALGORITHM, | ||
} from '../testUtils/webcrypto'; | ||
|
||
const CLIENT = new KMSClient({ | ||
credentials: { accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey' }, | ||
endpoint: 'http://localhost:8080', | ||
region: 'eu-west-2', | ||
let provider: KmsRsaPssProvider; | ||
let keyPair: CryptoKeyPair; | ||
beforeAll(async () => { | ||
provider = await initKmsProviderFromEnv('AWS'); | ||
keyPair = await provider.generateKey(RSA_PSS_CREATION_ALGORITHM, true, ['sign', 'verify']); | ||
}); | ||
afterAll(async () => { | ||
if (keyPair) { | ||
await provider?.destroyKey(keyPair.privateKey); | ||
} | ||
await provider?.close(); | ||
}); | ||
|
||
test('AWS KMS', async () => { | ||
const provider = new AwsKmsRsaPssProvider(CLIENT); | ||
const keyPair = (await provider.generateKey(RSA_PSS_CREATION_ALGORITHM, true, [ | ||
'sign', | ||
'verify', | ||
])) as CryptoKeyPair; | ||
const signature = await provider.sign(RSA_PSS_SIGN_ALGORITHM, keyPair.privateKey, PLAINTEXT); | ||
const { publicKey, privateKey } = keyPair; | ||
|
||
const signature = await provider.sign(RSA_PSS_SIGN_ALGORITHM, privateKey, PLAINTEXT); | ||
|
||
await expect( | ||
NODEJS_CRYPTO.subtle.verify(RSA_PSS_SIGN_ALGORITHM, keyPair.publicKey, signature, PLAINTEXT), | ||
).resolves.toBe(true); | ||
await expect(verifyAsymmetricSignature(publicKey, signature, PLAINTEXT)).resolves.toBe(true); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,55 +1,52 @@ | ||
import { constants, createVerify } from 'crypto'; | ||
import { KeyManagementServiceClient } from '@google-cloud/kms'; | ||
|
||
import { initKmsProviderFromEnv, KmsRsaPssProvider } from '../index'; | ||
import { derPublicKeyToPem } from '../testUtils/asn1'; | ||
import { createKeyRingIfMissing } from './gcpUtils'; | ||
import { | ||
derSerializePublicKey, | ||
RSA_PSS_CREATION_ALGORITHM, | ||
RSA_PSS_SIGN_ALGORITHM, | ||
} from '../testUtils/webcrypto'; | ||
|
||
const PLAINTEXT = Buffer.from('this is the plaintext'); | ||
import { PLAINTEXT, verifyAsymmetricSignature } from './utils'; | ||
import { RSA_PSS_CREATION_ALGORITHM, RSA_PSS_SIGN_ALGORITHM } from '../testUtils/webcrypto'; | ||
|
||
if (!process.env.GOOGLE_APPLICATION_CREDENTIALS) { | ||
throw new Error('GOOGLE_APPLICATION_CREDENTIALS must be defined'); | ||
} | ||
|
||
let gcpProvider: KmsRsaPssProvider; | ||
let provider: KmsRsaPssProvider; | ||
let keyPair: CryptoKeyPair; | ||
beforeAll(async () => { | ||
gcpProvider = await initKmsProviderFromEnv('GCP'); | ||
provider = await initKmsProviderFromEnv('GCP'); | ||
await createKeyRingIfMissing(process.env.GCP_KMS_KEYRING!, process.env.GCP_KMS_LOCATION!); | ||
|
||
keyPair = await gcpProvider.generateKey(RSA_PSS_CREATION_ALGORITHM, true, ['sign', 'verify']); | ||
keyPair = await provider.generateKey(RSA_PSS_CREATION_ALGORITHM, true, ['sign', 'verify']); | ||
}); | ||
afterAll(async () => { | ||
if (keyPair) { | ||
await gcpProvider?.destroyKey(keyPair.privateKey); | ||
await provider?.destroyKey(keyPair.privateKey); | ||
} | ||
await gcpProvider?.close(); | ||
await provider?.close(); | ||
}); | ||
|
||
test('Lifecycle', async () => { | ||
test('GCP KMS', async () => { | ||
const { publicKey, privateKey } = keyPair; | ||
|
||
const signature = await gcpProvider.sign(RSA_PSS_SIGN_ALGORITHM, privateKey, PLAINTEXT); | ||
const signature = await provider.sign(RSA_PSS_SIGN_ALGORITHM, privateKey, PLAINTEXT); | ||
|
||
await expect(verifyAsymmetricSignature(publicKey, signature, PLAINTEXT)).resolves.toBe(true); | ||
}); | ||
|
||
async function verifyAsymmetricSignature( | ||
publicKey: CryptoKey, | ||
signature: ArrayBuffer, | ||
plaintext: Buffer, | ||
): Promise<boolean> { | ||
const verify = createVerify('sha256'); | ||
verify.update(plaintext); | ||
verify.end(); | ||
|
||
const publicKeyDer = await derSerializePublicKey(publicKey); | ||
return verify.verify( | ||
{ key: derPublicKeyToPem(publicKeyDer), padding: constants.RSA_PKCS1_PSS_PADDING }, | ||
new Uint8Array(signature), | ||
); | ||
export async function createKeyRingIfMissing(keyRingId: string, location: string): Promise<string> { | ||
const kmsClient = new KeyManagementServiceClient(); | ||
const project = await kmsClient.getProjectId(); | ||
const keyRingName = kmsClient.keyRingPath(project, location, keyRingId); | ||
try { | ||
await kmsClient.getKeyRing({ name: keyRingName }); | ||
} catch (err) { | ||
if ((err as any).code !== 5) { | ||
throw err; | ||
} | ||
|
||
// Key ring was not found | ||
const locationPath = kmsClient.locationPath(project, location); | ||
await kmsClient.createKeyRing({ parent: locationPath, keyRingId }); | ||
} | ||
|
||
await kmsClient.close(); | ||
return keyRingName; | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
import { constants, createVerify } from 'crypto'; | ||
|
||
import { derSerializePublicKey } from '../testUtils/webcrypto'; | ||
import { derPublicKeyToPem } from '../testUtils/asn1'; | ||
|
||
export const PLAINTEXT = Buffer.from('this is the plaintext'); | ||
|
||
export async function verifyAsymmetricSignature( | ||
publicKey: CryptoKey, | ||
signature: ArrayBuffer, | ||
plaintext: Buffer, | ||
): Promise<boolean> { | ||
const verify = createVerify('sha256'); | ||
verify.update(plaintext); | ||
verify.end(); | ||
|
||
const publicKeyDer = await derSerializePublicKey(publicKey); | ||
return verify.verify( | ||
{ key: derPublicKeyToPem(publicKeyDer), padding: constants.RSA_PKCS1_PSS_PADDING }, | ||
new Uint8Array(signature), | ||
); | ||
} |