forked from Azure/azure-sdk-for-js
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[KeyVault-Keys] [CryptographyClient] tests and recordings (Azure#4611)
Tests and recordings
- Loading branch information
Showing
14 changed files
with
7,995 additions
and
4,803 deletions.
There are no files selected for viewing
991 changes: 991 additions & 0 deletions
991
...s/browsers/cryptographyclient_all_decrypts_happen_remotely/recording_before_all_hook.json
Large diffs are not rendered by default.
Oops, something went wrong.
1,504 changes: 752 additions & 752 deletions
1,504
...sers/keys_client__create_read_update_and_delete_operations/recording_before_all_hook.json
Large diffs are not rendered by default.
Oops, something went wrong.
2,662 changes: 1,521 additions & 1,141 deletions
2,662
...recordings/browsers/keys_client__list_keys_in_various_ways/recording_before_all_hook.json
Large diffs are not rendered by default.
Oops, something went wrong.
822 changes: 449 additions & 373 deletions
822
...ngs/browsers/keys_client__restore_keys_and_recover_backups/recording_before_all_hook.json
Large diffs are not rendered by default.
Oops, something went wrong.
1,483 changes: 1,483 additions & 0 deletions
1,483
...ordings/node/cryptographyclient_all_decrypts_happen_remotely/recording_before_all_hook.js
Large diffs are not rendered by default.
Oops, something went wrong.
1,738 changes: 816 additions & 922 deletions
1,738
...s/node/keys_client__create_read_update_and_delete_operations/recording_before_all_hook.js
Large diffs are not rendered by default.
Oops, something went wrong.
2,710 changes: 1,461 additions & 1,249 deletions
2,710
...-keys/recordings/node/keys_client__list_keys_in_various_ways/recording_before_all_hook.js
Large diffs are not rendered by default.
Oops, something went wrong.
712 changes: 356 additions & 356 deletions
712
...ecordings/node/keys_client__restore_keys_and_recover_backups/recording_before_all_hook.js
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,135 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT License. | ||
|
||
import * as assert from "assert"; | ||
import * as crypto from "crypto"; | ||
import * as constants from "constants"; | ||
import { isNode } from "@azure/core-http"; | ||
import { ClientSecretCredential } from "@azure/identity"; | ||
import { CryptographyClient, Key, KeysClient } from "../src"; | ||
import { authenticate } from "./utils/testAuthentication"; | ||
import TestClient from "./utils/testClient"; | ||
import { isRecording } from "./utils/recorder"; | ||
import { stringToUint8Array, uint8ArrayToString } from "./utils/crypto"; | ||
|
||
let keyto: any; | ||
if (isNode) { | ||
keyto = require("@trust/keyto"); | ||
} | ||
|
||
describe("CryptographyClient (all decrypts happen remotely)", () => { | ||
let client: KeysClient; | ||
let testClient: TestClient; | ||
let cryptoClient: CryptographyClient; | ||
let recorder: any; | ||
let credential: ClientSecretCredential; | ||
let keyName: string; | ||
let key: Key; | ||
let keyVaultUrl: string; | ||
let keyUrl: string; | ||
|
||
before(async function() { | ||
const authentication = await authenticate(this); | ||
client = authentication.client; | ||
recorder = authentication.recorder; | ||
testClient = authentication.testClient; | ||
credential = authentication.credential; | ||
keyName = testClient.formatName("cryptography-client-test"); | ||
key = await client.createKey(keyName, "RSA"); | ||
keyVaultUrl = key.vaultUrl; | ||
keyUrl = key.keyMaterial!.kid as string; | ||
cryptoClient = new CryptographyClient(keyVaultUrl, key.keyMaterial!.kid!, credential); | ||
}); | ||
|
||
after(async function() { | ||
await testClient.flushKey(keyName); | ||
recorder.stop(); | ||
}); | ||
|
||
// The tests follow | ||
|
||
it("getKey from client initialized with a key URL", async function() { | ||
const getKeyResult = await cryptoClient.getKey(); | ||
assert.equal(getKeyResult.kid, keyUrl); | ||
}); | ||
|
||
it("getKey from client initialized with a JWK key", async function() { | ||
const jwtKeyClient = new CryptographyClient(keyVaultUrl, key.keyMaterial!, credential); | ||
const getKeyResult = await jwtKeyClient.getKey(); | ||
assert.equal(getKeyResult.kid, key.keyMaterial!.kid); | ||
}); | ||
|
||
if (isRecording) { | ||
it("encrypt & decrypt with RSA1_5", async function() { | ||
const text = this.test!.title; | ||
const encryptResult = await cryptoClient.encrypt("RSA1_5", stringToUint8Array(text)); | ||
const decryptResult = await cryptoClient.decrypt("RSA1_5", encryptResult.result); | ||
const decryptedText = uint8ArrayToString(decryptResult.result); | ||
assert.equal(text, decryptedText); | ||
}); | ||
|
||
if (isNode) { | ||
it("manually encrypt locally and decrypt remotely, both with RSA1_5", async function() { | ||
const text = this.test!.title; | ||
const key = await cryptoClient.getKey(); | ||
const keyPEM = keyto.from(key, "jwk").toString("pem", "public_pkcs1"); | ||
const padded: any = { key: keyPEM, padding: constants.RSA_PKCS1_PADDING }; | ||
const encrypted = crypto.publicEncrypt(padded, Buffer.from(text)); | ||
const decryptResult = await cryptoClient.decrypt("RSA1_5", encrypted); | ||
const decryptedText = uint8ArrayToString(decryptResult.result); | ||
assert.equal(text, decryptedText); | ||
}); | ||
} | ||
|
||
it("encrypt & decrypt with RSA-OAEP", async function() { | ||
const text = this.test!.title; | ||
const encryptResult = await cryptoClient.encrypt("RSA-OAEP", stringToUint8Array(text)); | ||
const decryptResult = await cryptoClient.decrypt("RSA-OAEP", encryptResult.result); | ||
const decryptedText = uint8ArrayToString(decryptResult.result); | ||
assert.equal(text, decryptedText); | ||
}); | ||
|
||
if (isNode) { | ||
it("manually encrypt locally and decrypt remotely, both with RSA-OAEP", async function() { | ||
const text = this.test!.title; | ||
const key = await cryptoClient.getKey(); | ||
// Encrypting outside the client since the client will intentionally | ||
const keyPEM = keyto.from(key, "jwk").toString("pem", "public_pkcs1"); | ||
const encrypted = crypto.publicEncrypt(keyPEM, Buffer.from(text)); | ||
const decryptResult = await cryptoClient.decrypt("RSA-OAEP", encrypted); | ||
const decryptedText = uint8ArrayToString(decryptResult.result); | ||
assert.equal(text, decryptedText); | ||
}); | ||
} | ||
} | ||
|
||
if (isNode) { | ||
it("sign and verify with RS256", async function() { | ||
const signatureValue = this.test!.title; | ||
const hash = crypto.createHash("sha256"); | ||
hash.update(signatureValue); | ||
const digest = hash.digest(); | ||
const signature = await cryptoClient.sign("RS256", digest); | ||
const verifyResult = await cryptoClient.verify("RS256", digest, signature.result); | ||
assert.ok(verifyResult); | ||
}); | ||
} | ||
|
||
if (isRecording) { | ||
it("wrap and unwrap with rsa1_5", async function() { | ||
const text = "arepa"; | ||
const wrapped = await cryptoClient.wrapKey("RSA1_5", stringToUint8Array(text)); | ||
const unwrappedResult = await cryptoClient.unwrapKey("RSA1_5", wrapped.result); | ||
const unwrappedText = uint8ArrayToString(unwrappedResult.result); | ||
assert.equal(text, unwrappedText); | ||
}); | ||
|
||
it("wrap and unwrap with RSA-OAEP", async function() { | ||
const text = this.test!.title; | ||
const wrapped = await cryptoClient.wrapKey("RSA-OAEP", stringToUint8Array(text)); | ||
const unwrappedResult = await cryptoClient.unwrapKey("RSA-OAEP", wrapped.result); | ||
const unwrappedText = uint8ArrayToString(unwrappedResult.result); | ||
assert.equal(text, unwrappedText); | ||
}); | ||
} | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT License. | ||
|
||
import { isNode } from "./recorder"; | ||
|
||
export function stringToUint8Array(str: string): Uint8Array { | ||
if (isNode) { | ||
return new Uint8Array(Buffer.from(str)); | ||
} else { | ||
const bytes = new Uint8Array(str.length); | ||
for (let i = 0; i < str.length; i++) { | ||
bytes[i] = str.charCodeAt(i); | ||
} | ||
return bytes; | ||
} | ||
} | ||
|
||
export function uint8ArrayToString(ab: Uint8Array): string { | ||
if (isNode) { | ||
return Buffer.from(ab).toString("utf-8"); | ||
} else { | ||
const decoder = new TextDecoder("utf-8"); | ||
return decoder.decode(ab); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters