Rework Desktop Biometrics (#5234)

libs/common/spec/models/domain/enc-string.spec.ts

@@ -0,0 +1,265 @@
+// eslint-disable-next-line no-restricted-imports
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+import { mock, MockProxy } from "jest-mock-extended";
+
+import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/abstractions/encrypt.service";
+import { EncryptionType } from "@bitwarden/common/enums";
+import { EncString } from "@bitwarden/common/models/domain/enc-string";
+import { SymmetricCryptoKey } from "@bitwarden/common/models/domain/symmetric-crypto-key";
+import { ContainerService } from "@bitwarden/common/services/container.service";
+
+describe("EncString", () => {
+  afterEach(() => {
+    (window as any).bitwardenContainerService = undefined;
+  });
+
+  describe("Rsa2048_OaepSha256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "3.data",
+        encryptionType: 3,
+      });
+    });
+
+    describe("isSerializedEncString", () => {
+      it("is true if valid", () => {
+        expect(EncString.isSerializedEncString("3.data")).toBe(true);
+      });
+
+      it("is false if invalid", () => {
+        expect(EncString.isSerializedEncString("3.data|test")).toBe(false);
+      });
+    });
+
+    describe("parse existing", () => {
+      it("valid", () => {
+        const encString = new EncString("3.data");
+
+        expect(encString).toEqual({
+          data: "data",
+          encryptedString: "3.data",
+          encryptionType: 3,
+        });
+      });
+
+      it("invalid", () => {
+        const encString = new EncString("3.data|test");
+
+        expect(encString).toEqual({
+          encryptedString: "3.data|test",
+          encryptionType: 3,
+        });
+      });
+    });
+
+    describe("decrypt", () => {
+      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+
+      const encryptService = Substitute.for<EncryptService>();
+      encryptService.decryptToUtf8(encString, Arg.any()).resolves("decrypted");
+
+      beforeEach(() => {
+        (window as any).bitwardenContainerService = new ContainerService(
+          cryptoService,
+          encryptService
+        );
+      });
+
+      it("decrypts correctly", async () => {
+        const decrypted = await encString.decrypt(null);
+
+        expect(decrypted).toBe("decrypted");
+      });
+
+      it("result should be cached", async () => {
+        const decrypted = await encString.decrypt(null);
+        encryptService.received(1).decryptToUtf8(Arg.any(), Arg.any());
+
+        expect(decrypted).toBe("decrypted");
+      });
+    });
+  });
+
+  describe("AesCbc256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "0.iv|data",
+        encryptionType: 0,
+        iv: "iv",
+      });
+    });
+
+    describe("isSerializedEncString", () => {
+      it("is true if valid", () => {
+        expect(EncString.isSerializedEncString("0.iv|data")).toBe(true);
+      });
+
+      it("is false if invalid", () => {
+        expect(EncString.isSerializedEncString("0.iv|data|mac")).toBe(false);
+      });
+    });
+
+    describe("parse existing", () => {
+      it("valid", () => {
+        const encString = new EncString("0.iv|data");
+
+        expect(encString).toEqual({
+          data: "data",
+          encryptedString: "0.iv|data",
+          encryptionType: 0,
+          iv: "iv",
+        });
+      });
+
+      it("invalid", () => {
+        const encString = new EncString("0.iv|data|mac");
+
+        expect(encString).toEqual({
+          encryptedString: "0.iv|data|mac",
+          encryptionType: 0,
+        });
+      });
+    });
+  });
+
+  describe("AesCbc256_HmacSha256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "2.iv|data|mac",
+        encryptionType: 2,
+        iv: "iv",
+        mac: "mac",
+      });
+    });
+
+    describe("isSerializedEncString", () => {
+      it("is true if valid", () => {
+        expect(EncString.isSerializedEncString("2.iv|data|mac")).toBe(true);
+      });
+
+      it("is false if invalid", () => {
+        expect(EncString.isSerializedEncString("2.iv|data")).toBe(false);
+      });
+    });
+
+    it("valid", () => {
+      const encString = new EncString("2.iv|data|mac");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "2.iv|data|mac",
+        encryptionType: 2,
+        iv: "iv",
+        mac: "mac",
+      });
+    });
+
+    it("invalid", () => {
+      const encString = new EncString("2.iv|data");
+
+      expect(encString).toEqual({
+        encryptedString: "2.iv|data",
+        encryptionType: 2,
+      });
+    });
+  });
+
+  it("Exit early if null", () => {
+    const encString = new EncString(null);
+
+    expect(encString).toEqual({
+      encryptedString: null,
+    });
+  });
+
+  describe("decrypt", () => {
+    let cryptoService: MockProxy<CryptoService>;
+    let encryptService: MockProxy<EncryptService>;
+    let encString: EncString;
+
+    beforeEach(() => {
+      cryptoService = mock<CryptoService>();
+      encryptService = mock<EncryptService>();
+      encString = new EncString(null);
+
+      (window as any).bitwardenContainerService = new ContainerService(
+        cryptoService,
+        encryptService
+      );
+    });
+
+    it("handles value it can't decrypt", async () => {
+      encryptService.decryptToUtf8.mockRejectedValue("error");
+
+      (window as any).bitwardenContainerService = new ContainerService(
+        cryptoService,
+        encryptService
+      );
+
+      const decrypted = await encString.decrypt(null);
+
+      expect(decrypted).toBe("[error: cannot decrypt]");
+
+      expect(encString).toEqual({
+        decryptedValue: "[error: cannot decrypt]",
+        encryptedString: null,
+      });
+    });
+
+    it("uses provided key without depending on CryptoService", async () => {
+      const key = mock<SymmetricCryptoKey>();
+
+      await encString.decrypt(null, key);
+
+      expect(cryptoService.getKeyForUserEncryption).not.toHaveBeenCalled();
+      expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, key);
+    });
+
+    it("gets an organization key if required", async () => {
+      const orgKey = mock<SymmetricCryptoKey>();
+
+      cryptoService.getOrgKey.calledWith("orgId").mockResolvedValue(orgKey);
+
+      await encString.decrypt("orgId", null);
+
+      expect(cryptoService.getOrgKey).toHaveBeenCalledWith("orgId");
+      expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, orgKey);
+    });
+
+    it("gets the user's decryption key if required", async () => {
+      const userKey = mock<SymmetricCryptoKey>();
+
+      cryptoService.getKeyForUserEncryption.mockResolvedValue(userKey);
+
+      await encString.decrypt(null, null);
+
+      expect(cryptoService.getKeyForUserEncryption).toHaveBeenCalledWith();
+      expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, userKey);
+    });
+  });
+
+  describe("toJSON", () => {
+    it("Should be represented by the encrypted string", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
+
+      expect(encString.toJSON()).toBe(encString.encryptedString);
+    });
+
+    it("returns null if object is null", () => {
+      expect(EncString.fromJSON(null)).toBeNull();
+    });
+  });
+});