github.com/ActiveState/cli@v0.0.0-20240508170324-6801f60cd051/internal/secrets/share_test.go

github.com/ActiveState/cli@v0.0.0-20240508170324-6801f60cd051/internal/secrets/share_test.go (about)

     1  package secrets_test
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/ActiveState/cli/internal/testhelpers/suite"
     7  	"github.com/go-openapi/strfmt"
     8  
     9  	"github.com/ActiveState/cli/internal/keypairs"
    10  	"github.com/ActiveState/cli/internal/secrets"
    11  	"github.com/ActiveState/cli/pkg/platform/api/secrets/secrets_models"
    12  )
    13  
    14  type SecretsSharingTestSuite struct {
    15  	suite.Suite
    16  
    17  	sourceKeypair keypairs.Keypair
    18  
    19  	targetKeypair keypairs.Keypair
    20  	targetPubKey  string
    21  }
    22  
    23  func (suite *SecretsSharingTestSuite) SetupSuite() {
    24  	var err error
    25  
    26  	suite.sourceKeypair, err = keypairs.GenerateRSA(1024)
    27  	suite.Require().NoError(err)
    28  
    29  	suite.targetKeypair, err = keypairs.GenerateRSA(1024)
    30  	suite.Require().NoError(err)
    31  
    32  	suite.targetPubKey, err = suite.targetKeypair.EncodePublicKey()
    33  	suite.Require().NoError(err)
    34  }
    35  
    36  func (suite *SecretsSharingTestSuite) TestFailure_ParsingPublicKey() {
    37  	badPubKey := "-- BEGIN BAD RSA PUB KEY --\nabc123\n-- END BAD RSA PUB KEY --"
    38  	newShares, err := secrets.ShareFromDiff(suite.sourceKeypair, &secrets_models.UserSecretDiff{
    39  		PublicKey: &badPubKey,
    40  	})
    41  	suite.Nil(newShares)
    42  	suite.Require().Error(err)
    43  
    44  }
    45  
    46  func (suite *SecretsSharingTestSuite) TestFailure_FirstShareHasBadlyEncryptedValue() {
    47  	newShares, err := secrets.ShareFromDiff(suite.sourceKeypair, &secrets_models.UserSecretDiff{
    48  		PublicKey: &suite.targetPubKey,
    49  		Shares:    []*secrets_models.UserSecretShare{newUserSecretShare("", "FOO", "badly encrypted value")},
    50  	})
    51  	suite.Nil(newShares)
    52  	suite.Require().Error(err)
    53  }
    54  
    55  func (suite *SecretsSharingTestSuite) TestFailure_FailedToEncryptForTargetUser() {
    56  	shortKeypair, err := keypairs.GenerateRSA(keypairs.MinimumRSABitLength)
    57  	suite.Require().NoError(err)
    58  
    59  	// this is a valid public key, but will be too short for encrypting with
    60  	shortPubKey, err := shortKeypair.EncodePublicKey()
    61  	suite.Require().NoError(err)
    62  
    63  	encrValue, err := suite.sourceKeypair.EncryptAndEncode([]byte("luv 2 encrypt data"))
    64  	suite.Require().NoError(err)
    65  
    66  	newShares, err := secrets.ShareFromDiff(suite.sourceKeypair, &secrets_models.UserSecretDiff{
    67  		PublicKey: &shortPubKey,
    68  		Shares:    []*secrets_models.UserSecretShare{newUserSecretShare("", "FOO", encrValue)},
    69  	})
    70  	suite.Nil(newShares)
    71  	suite.Require().Error(err)
    72  }
    73  
    74  func (suite *SecretsSharingTestSuite) TestSuccess_ReceivedEmptySharesList() {
    75  	newShares, err := secrets.ShareFromDiff(suite.sourceKeypair, &secrets_models.UserSecretDiff{
    76  		PublicKey: &suite.targetPubKey,
    77  		Shares:    []*secrets_models.UserSecretShare{},
    78  	})
    79  	suite.Len(newShares, 0)
    80  	suite.Nil(err)
    81  }
    82  
    83  func (suite *SecretsSharingTestSuite) TestSuccess_MultipleSharesProcessed() {
    84  	encrOrgSecret, err := suite.sourceKeypair.EncryptAndEncode([]byte("org secret"))
    85  	suite.Require().NoError(err)
    86  
    87  	projID := strfmt.UUID("00020002-0002-0002-0002-000200020002")
    88  	encrProjSecret, err := suite.sourceKeypair.EncryptAndEncode([]byte("proj secret"))
    89  	suite.Require().NoError(err)
    90  
    91  	newShares, err := secrets.ShareFromDiff(suite.sourceKeypair, &secrets_models.UserSecretDiff{
    92  		PublicKey: &suite.targetPubKey,
    93  		Shares: []*secrets_models.UserSecretShare{
    94  			newUserSecretShare("", "org-secret", encrOrgSecret),
    95  			newUserSecretShare(projID, "proj-secret", encrProjSecret),
    96  		},
    97  	})
    98  
    99  	suite.Require().NoError(err)
   100  	suite.Require().Len(newShares, 2)
   101  
   102  	decrOrgSecret, err := suite.targetKeypair.DecodeAndDecrypt(*newShares[0].Value)
   103  	suite.Require().NoError(err)
   104  	suite.Equal("org secret", string(decrOrgSecret))
   105  	suite.Equal("org-secret", *newShares[0].Name)
   106  	suite.Zero(newShares[0].ProjectID)
   107  
   108  	decrProjSecret, err := suite.targetKeypair.DecodeAndDecrypt(*newShares[1].Value)
   109  	suite.Require().NoError(err)
   110  	suite.Equal("proj secret", string(decrProjSecret))
   111  	suite.Equal("proj-secret", *newShares[1].Name)
   112  	suite.Equal(projID, newShares[1].ProjectID)
   113  }
   114  
   115  func newUserSecretShare(projID strfmt.UUID, name, encrValue string) *secrets_models.UserSecretShare {
   116  	return &secrets_models.UserSecretShare{
   117  		ProjectID: projID,
   118  		Name:      &name,
   119  		Value:     &encrValue,
   120  	}
   121  }
   122  
   123  func Test_SecretsSharing_TestSuite(t *testing.T) {
   124  	suite.Run(t, new(SecretsSharingTestSuite))
   125  }