[PM-2132] Move all specs to the src directory (#5367)

libs/common/src/models/domain/account-keys.spec.ts

@@ -1,4 +1,4 @@
-import { makeStaticByteArray } from "../../../spec/utils";
+import { makeStaticByteArray } from "../../../spec";
 import { Utils } from "../../misc/utils";
 
 import { AccountKeys, EncryptionPair } from "./account";

libs/common/src/models/domain/enc-array-buffer.spec.ts

@@ -0,0 +1,76 @@
+import { makeStaticByteArray } from "../../../spec";
+import { EncryptionType } from "../../enums";
+
+import { EncArrayBuffer } from "./enc-array-buffer";
+
+describe("encArrayBuffer", () => {
+  describe("parses the buffer", () => {
+    test.each([
+      [EncryptionType.AesCbc128_HmacSha256_B64, "AesCbc128_HmacSha256_B64"],
+      [EncryptionType.AesCbc256_HmacSha256_B64, "AesCbc256_HmacSha256_B64"],
+    ])("with %c%s", (encType: EncryptionType) => {
+      const iv = makeStaticByteArray(16, 10);
+      const mac = makeStaticByteArray(32, 20);
+      // We use the minimum data length of 1 to test the boundary of valid lengths
+      const data = makeStaticByteArray(1, 100);
+
+      const array = new Uint8Array(1 + iv.byteLength + mac.byteLength + data.byteLength);
+      array.set([encType]);
+      array.set(iv, 1);
+      array.set(mac, 1 + iv.byteLength);
+      array.set(data, 1 + iv.byteLength + mac.byteLength);
+
+      const actual = new EncArrayBuffer(array.buffer);
+
+      expect(actual.encryptionType).toEqual(encType);
+      expect(actual.ivBytes).toEqualBuffer(iv);
+      expect(actual.macBytes).toEqualBuffer(mac);
+      expect(actual.dataBytes).toEqualBuffer(data);
+    });
+
+    it("with AesCbc256_B64", () => {
+      const encType = EncryptionType.AesCbc256_B64;
+      const iv = makeStaticByteArray(16, 10);
+      // We use the minimum data length of 1 to test the boundary of valid lengths
+      const data = makeStaticByteArray(1, 100);
+
+      const array = new Uint8Array(1 + iv.byteLength + data.byteLength);
+      array.set([encType]);
+      array.set(iv, 1);
+      array.set(data, 1 + iv.byteLength);
+
+      const actual = new EncArrayBuffer(array.buffer);
+
+      expect(actual.encryptionType).toEqual(encType);
+      expect(actual.ivBytes).toEqualBuffer(iv);
+      expect(actual.dataBytes).toEqualBuffer(data);
+      expect(actual.macBytes).toBeNull();
+    });
+  });
+
+  describe("throws if the buffer has an invalid length", () => {
+    test.each([
+      [EncryptionType.AesCbc128_HmacSha256_B64, 50, "AesCbc128_HmacSha256_B64"],
+      [EncryptionType.AesCbc256_HmacSha256_B64, 50, "AesCbc256_HmacSha256_B64"],
+      [EncryptionType.AesCbc256_B64, 18, "AesCbc256_B64"],
+    ])("with %c%c%s", (encType: EncryptionType, minLength: number) => {
+      // Generate invalid byte array
+      // Minus 1 to leave room for the encType, minus 1 to make it invalid
+      const invalidBytes = makeStaticByteArray(minLength - 2);
+
+      const invalidArray = new Uint8Array(1 + invalidBytes.buffer.byteLength);
+      invalidArray.set([encType]);
+      invalidArray.set(invalidBytes, 1);
+
+      expect(() => new EncArrayBuffer(invalidArray.buffer)).toThrow(
+        "Error parsing encrypted ArrayBuffer"
+      );
+    });
+  });
+
+  it("doesn't parse the buffer if the encryptionType is not supported", () => {
+    // Starting at 9 implicitly gives us an invalid encType
+    const bytes = makeStaticByteArray(50, 9);
+    expect(() => new EncArrayBuffer(bytes)).toThrow("Error parsing encrypted ArrayBuffer");
+  });
+});

libs/common/src/models/domain/enc-string.spec.ts

@@ -0,0 +1,266 @@
+// eslint-disable-next-line no-restricted-imports
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+import { mock, MockProxy } from "jest-mock-extended";
+
+import { CryptoService } from "../../abstractions/crypto.service";
+import { EncryptService } from "../../abstractions/encrypt.service";
+import { EncryptionType } from "../../enums";
+import { ContainerService } from "../../services/container.service";
+
+import { EncString } from "./enc-string";
+import { SymmetricCryptoKey } from "./symmetric-crypto-key";
+
+describe("EncString", () => {
+  afterEach(() => {
+    (window as any).bitwardenContainerService = undefined;
+  });
+
+  describe("Rsa2048_OaepSha256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "3.data",
+        encryptionType: 3,
+      });
+    });
+
+    describe("isSerializedEncString", () => {
+      it("is true if valid", () => {
+        expect(EncString.isSerializedEncString("3.data")).toBe(true);
+      });
+
+      it("is false if invalid", () => {
+        expect(EncString.isSerializedEncString("3.data|test")).toBe(false);
+      });
+    });
+
+    describe("parse existing", () => {
+      it("valid", () => {
+        const encString = new EncString("3.data");
+
+        expect(encString).toEqual({
+          data: "data",
+          encryptedString: "3.data",
+          encryptionType: 3,
+        });
+      });
+
+      it("invalid", () => {
+        const encString = new EncString("3.data|test");
+
+        expect(encString).toEqual({
+          encryptedString: "3.data|test",
+          encryptionType: 3,
+        });
+      });
+    });
+
+    describe("decrypt", () => {
+      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+
+      const encryptService = Substitute.for<EncryptService>();
+      encryptService.decryptToUtf8(encString, Arg.any()).resolves("decrypted");
+
+      beforeEach(() => {
+        (window as any).bitwardenContainerService = new ContainerService(
+          cryptoService,
+          encryptService
+        );
+      });
+
+      it("decrypts correctly", async () => {
+        const decrypted = await encString.decrypt(null);
+
+        expect(decrypted).toBe("decrypted");
+      });
+
+      it("result should be cached", async () => {
+        const decrypted = await encString.decrypt(null);
+        encryptService.received(1).decryptToUtf8(Arg.any(), Arg.any());
+
+        expect(decrypted).toBe("decrypted");
+      });
+    });
+  });
+
+  describe("AesCbc256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "0.iv|data",
+        encryptionType: 0,
+        iv: "iv",
+      });
+    });
+
+    describe("isSerializedEncString", () => {
+      it("is true if valid", () => {
+        expect(EncString.isSerializedEncString("0.iv|data")).toBe(true);
+      });
+
+      it("is false if invalid", () => {
+        expect(EncString.isSerializedEncString("0.iv|data|mac")).toBe(false);
+      });
+    });
+
+    describe("parse existing", () => {
+      it("valid", () => {
+        const encString = new EncString("0.iv|data");
+
+        expect(encString).toEqual({
+          data: "data",
+          encryptedString: "0.iv|data",
+          encryptionType: 0,
+          iv: "iv",
+        });
+      });
+
+      it("invalid", () => {
+        const encString = new EncString("0.iv|data|mac");
+
+        expect(encString).toEqual({
+          encryptedString: "0.iv|data|mac",
+          encryptionType: 0,
+        });
+      });
+    });
+  });
+
+  describe("AesCbc256_HmacSha256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "2.iv|data|mac",
+        encryptionType: 2,
+        iv: "iv",
+        mac: "mac",
+      });
+    });
+
+    describe("isSerializedEncString", () => {
+      it("is true if valid", () => {
+        expect(EncString.isSerializedEncString("2.iv|data|mac")).toBe(true);
+      });
+
+      it("is false if invalid", () => {
+        expect(EncString.isSerializedEncString("2.iv|data")).toBe(false);
+      });
+    });
+
+    it("valid", () => {
+      const encString = new EncString("2.iv|data|mac");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "2.iv|data|mac",
+        encryptionType: 2,
+        iv: "iv",
+        mac: "mac",
+      });
+    });
+
+    it("invalid", () => {
+      const encString = new EncString("2.iv|data");
+
+      expect(encString).toEqual({
+        encryptedString: "2.iv|data",
+        encryptionType: 2,
+      });
+    });
+  });
+
+  it("Exit early if null", () => {
+    const encString = new EncString(null);
+
+    expect(encString).toEqual({
+      encryptedString: null,
+    });
+  });
+
+  describe("decrypt", () => {
+    let cryptoService: MockProxy<CryptoService>;
+    let encryptService: MockProxy<EncryptService>;
+    let encString: EncString;
+
+    beforeEach(() => {
+      cryptoService = mock<CryptoService>();
+      encryptService = mock<EncryptService>();
+      encString = new EncString(null);
+
+      (window as any).bitwardenContainerService = new ContainerService(
+        cryptoService,
+        encryptService
+      );
+    });
+
+    it("handles value it can't decrypt", async () => {
+      encryptService.decryptToUtf8.mockRejectedValue("error");
+
+      (window as any).bitwardenContainerService = new ContainerService(
+        cryptoService,
+        encryptService
+      );
+
+      const decrypted = await encString.decrypt(null);
+
+      expect(decrypted).toBe("[error: cannot decrypt]");
+
+      expect(encString).toEqual({
+        decryptedValue: "[error: cannot decrypt]",
+        encryptedString: null,
+      });
+    });
+
+    it("uses provided key without depending on CryptoService", async () => {
+      const key = mock<SymmetricCryptoKey>();
+
+      await encString.decrypt(null, key);
+
+      expect(cryptoService.getKeyForUserEncryption).not.toHaveBeenCalled();
+      expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, key);
+    });
+
+    it("gets an organization key if required", async () => {
+      const orgKey = mock<SymmetricCryptoKey>();
+
+      cryptoService.getOrgKey.calledWith("orgId").mockResolvedValue(orgKey);
+
+      await encString.decrypt("orgId", null);
+
+      expect(cryptoService.getOrgKey).toHaveBeenCalledWith("orgId");
+      expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, orgKey);
+    });
+
+    it("gets the user's decryption key if required", async () => {
+      const userKey = mock<SymmetricCryptoKey>();
+
+      cryptoService.getKeyForUserEncryption.mockResolvedValue(userKey);
+
+      await encString.decrypt(null, null);
+
+      expect(cryptoService.getKeyForUserEncryption).toHaveBeenCalledWith();
+      expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, userKey);
+    });
+  });
+
+  describe("toJSON", () => {
+    it("Should be represented by the encrypted string", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
+
+      expect(encString.toJSON()).toBe(encString.encryptedString);
+    });
+
+    it("returns null if object is null", () => {
+      expect(EncString.fromJSON(null)).toBeNull();
+    });
+  });
+});

libs/common/src/models/domain/symmetric-crypto-key.spec.ts

@@ -0,0 +1,86 @@
+import { makeStaticByteArray } from "../../../spec";
+import { EncryptionType } from "../../enums";
+
+import { SymmetricCryptoKey } from "./symmetric-crypto-key";
+
+describe("SymmetricCryptoKey", () => {
+  it("errors if no key", () => {
+    const t = () => {
+      new SymmetricCryptoKey(null);
+    };
+
+    expect(t).toThrowError("Must provide key");
+  });
+
+  describe("guesses encKey from key length", () => {
+    it("AesCbc256_B64", () => {
+      const key = makeStaticByteArray(32);
+      const cryptoKey = new SymmetricCryptoKey(key);
+
+      expect(cryptoKey).toEqual({
+        encKey: key,
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        encType: 0,
+        key: key,
+        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        macKey: null,
+      });
+    });
+
+    it("AesCbc128_HmacSha256_B64", () => {
+      const key = makeStaticByteArray(32);
+      const cryptoKey = new SymmetricCryptoKey(key, EncryptionType.AesCbc128_HmacSha256_B64);
+
+      expect(cryptoKey).toEqual({
+        encKey: key.slice(0, 16),
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODw==",
+        encType: 1,
+        key: key,
+        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        macKey: key.slice(16, 32),
+        macKeyB64: "EBESExQVFhcYGRobHB0eHw==",
+      });
+    });
+
+    it("AesCbc256_HmacSha256_B64", () => {
+      const key = makeStaticByteArray(64);
+      const cryptoKey = new SymmetricCryptoKey(key);
+
+      expect(cryptoKey).toEqual({
+        encKey: key.slice(0, 32),
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        encType: 2,
+        key: key,
+        keyB64:
+          "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+Pw==",
+        macKey: key.slice(32, 64),
+        macKeyB64: "ICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj8=",
+      });
+    });
+
+    it("unknown length", () => {
+      const t = () => {
+        new SymmetricCryptoKey(makeStaticByteArray(30));
+      };
+
+      expect(t).toThrowError("Unable to determine encType.");
+    });
+  });
+
+  it("toJSON creates object for serialization", () => {
+    const key = new SymmetricCryptoKey(makeStaticByteArray(64).buffer);
+    const actual = key.toJSON();
+
+    const expected = { keyB64: key.keyB64 };
+
+    expect(actual).toEqual(expected);
+  });
+
+  it("fromJSON hydrates new object", () => {
+    const expected = new SymmetricCryptoKey(makeStaticByteArray(64).buffer);
+    const actual = SymmetricCryptoKey.fromJSON({ keyB64: expected.keyB64 });
+
+    expect(actual).toEqual(expected);
+    expect(actual).toBeInstanceOf(SymmetricCryptoKey);
+  });
+});