Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UI: PKI show missing info on generated certificate #21635

Merged
merged 8 commits into from
Jul 7, 2023
Merged

UI: PKI show missing info on generated certificate #21635

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
81e1599
Add private key, issuing ca, ca chain to generated cert display
hashishaw Jul 6, 2023
03d08aa
allow download on all masked PKI values
hashishaw Jul 6, 2023
690b164
Merge branch 'main' into ui/VAULT-17825/pki-issue-cert-show-info
hashishaw Jul 6, 2023
8efd7e6
Merge branch 'main' into ui/VAULT-17825/pki-issue-cert-show-info
hashishaw Jul 6, 2023
e0ddaab
Add changelog
hashishaw Jul 6, 2023
9bee80d
Revert "allow download on all masked PKI values"
hashishaw Jul 7, 2023
77ff083
remove single allowDownload
hashishaw Jul 7, 2023
3f0d2f8
Merge branch 'main' into ui/VAULT-17825/pki-issue-cert-show-info
hashishaw Jul 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ui/app/models/pki/certificate/base.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,8 @@ export default class PkiCertificateBaseModel extends Model {
@attr('string', { masked: true }) certificate;
@attr('number') expiration;
@attr('string', { label: 'Issuing CA', masked: true }) issuingCa;
@attr('string') privateKey; // only returned for type=exported
@attr('string') privateKeyType; // only returned for type=exported
@attr('string', { masked: true }) privateKey; // only returned for type=exported and /issue
@attr('string') privateKeyType; // only returned for type=exported and /issue
@attr('number', { formatDate: true }) revocationTime;
@attr('string') serialNumber;

Expand Down
13 changes: 12 additions & 1 deletion ui/app/models/pki/certificate/generate.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,18 @@ const generateFromRole = [
],
},
];
@withFormFields(null, generateFromRole)
// Extra fields returned on the /issue endpoint
const certDisplayFields = [
'certificate',
'commonName',
'revocationTime',
'serialNumber',
'caChain',
'issuingCa',
'privateKey',
'privateKeyType',
];
@withFormFields(certDisplayFields, generateFromRole)
export default class PkiCertificateGenerateModel extends PkiCertificateBaseModel {
getHelpUrl(backend) {
return `/v1/${backend}/issue/example?help=1`;
Expand Down
25 changes: 22 additions & 3 deletions ui/lib/pki/addon/components/page/pki-certificate-details.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,29 @@
</ToolbarActions>
</Toolbar>

{{#if @model.privateKey}}
<div class="has-top-margin-m">
<Hds::Alert data-test-cert-detail-next-steps @type="inline" @color="highlight" class="has-bottom-margin-s" as |A|>
<A.Title>Next steps</A.Title>
<A.Description>
The
<code>private_key</code>
is only available once. Make sure you copy and save it now.
</A.Description>
</Hds::Alert>
</div>
{{/if}}

{{#each @model.formFields as |field|}}
{{#if (eq field.name "certificate")}}
<InfoTableRow @label="Certificate">
<MaskedInput @value={{@model.certificate}} @displayOnly={{true}} @allowCopy={{true}} />
{{#if field.options.masked}}
<InfoTableRow @label={{or field.options.label (capitalize (humanize (dasherize field.name)))}}>
<MaskedInput
@name={{field.name}}
@value={{or (get @model field.name) null}}
@displayOnly={{true}}
@allowCopy={{true}}
@allowDownload={{true}}
/>
</InfoTableRow>
{{else if (eq field.name "serialNumber")}}
<InfoTableRow @label="Serial number">
Expand Down
1 change: 1 addition & 0 deletions ui/lib/pki/addon/components/page/pki-issuer-details.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@
@value={{get @issuer attr.name}}
@displayOnly={{true}}
@allowCopy={{true}}
@allowDownload={{true}}
/>
</InfoTableRow>
{{else if (eq attr.name "keyId")}}
Expand Down
8 changes: 7 additions & 1 deletion ui/lib/pki/addon/components/page/pki-key-details.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,13 @@
{{/each}}
{{#if @key.privateKey}}
<InfoTableRow @label="Private key">
<MaskedInput @value={{@key.privateKey}} @name="Private key" @displayOnly={{true}} @allowCopy={{true}} />
<MaskedInput
@name="Private key"
@value={{@key.privateKey}}
@displayOnly={{true}}
@allowCopy={{true}}
@allowDownload={{true}}
/>
</InfoTableRow>
{{/if}}
</div>
8 changes: 7 additions & 1 deletion ui/lib/pki/addon/components/pki-generate-csr.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,13 @@
@addCopyButton={{eq attr.name "keyId"}}
>
{{#if (and attr.options.masked value)}}
<MaskedInput @value={{value}} @displayOnly={{true}} @allowCopy={{true}} />
<MaskedInput
@name={{attr.name}}
@value={{value}}
@displayOnly={{true}}
@allowCopy={{true}}
@allowDownload={{true}}
/>
{{else if (eq attr.name "keyId")}}
<LinkTo @route="keys.key.details" @model={{@model.keyId}}>
{{@model.keyId}}
Expand Down
16 changes: 14 additions & 2 deletions ui/lib/pki/addon/components/pki-generate-root.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,13 @@
<InfoTableRow
@label={{capitalize (or attr.options.detailsLabel attr.options.label (humanize (dasherize attr.name)))}}
>
<MaskedInput @value={{get @model attr.name}} @displayOnly={{true}} @allowCopy={{true}} />
<MaskedInput
@name={{attr.name}}
@value={{get @model attr.name}}
@displayOnly={{true}}
@allowCopy={{true}}
@allowDownload={{true}}
/>
</InfoTableRow>
{{else}}
<InfoTableRow
Expand All @@ -27,7 +33,13 @@
{{/each}}
<InfoTableRow @label="Private key">
{{#if @model.privateKey}}
<MaskedInput @value={{@model.privateKey}} @displayOnly={{true}} @allowCopy={{true}} />
<MaskedInput
@name="privateKey"
@value={{@model.privateKey}}
@displayOnly={{true}}
@allowCopy={{true}}
@allowDownload={{true}}
/>
{{else}}
<span class="tag">internal</span>
{{/if}}
Expand Down
8 changes: 7 additions & 1 deletion ui/lib/pki/addon/components/pki-info-table-rows.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,13 @@
@addCopyButton={{or (eq attr.name "issuerId") (eq attr.name "keyId")}}
>
{{#if (and attr.options.masked value)}}
<MaskedInput @value={{value}} @displayOnly={{true}} @allowCopy={{true}} />
<MaskedInput
@name={{attr.name}}
@value={{value}}
@displayOnly={{true}}
@allowCopy={{true}}
@allowDownload={{true}}
/>
{{else if attr.options.detailLinkTo}}
<LinkTo @route={{attr.options.detailLinkTo}} @model={{value}}>{{value}}</LinkTo>
{{else if (or (eq attr.name "privateKey") (eq attr.name "privateKeyType"))}}
Expand Down
8 changes: 7 additions & 1 deletion ui/lib/pki/addon/components/pki-sign-intermediate-form.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,13 @@
{{#let (find-by "name" fieldName @model.allFields) as |attr|}}
<InfoTableRow @label={{or attr.options.label (humanize (dasherize attr.name))}} @value={{get @model attr.name}}>
{{#if (and attr.options.masked (get @model attr.name))}}
<MaskedInput @value={{get @model attr.name}} @displayOnly={{true}} @allowCopy={{true}} />
<MaskedInput
@name={{attr.name}}
@value={{get @model attr.name}}
@displayOnly={{true}}
@allowCopy={{true}}
@allowDownload={{true}}
/>
{{else if (eq attr.name "serialNumber")}}
<LinkTo
@route="certificates.certificate.details"
Expand Down
70 changes: 69 additions & 1 deletion ui/tests/integration/components/pki/page/pki-certificate-details-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,25 @@ module('Integration | Component | pki | Page::PkiCertificateDetails', function (
},
},
});
store.pushPayload('pki/certificate/generate', {
modelName: 'pki/certificate/generate',
data: {
certificate: '-----BEGIN CERTIFICATE-----',
ca_chain: '-----BEGIN CERTIFICATE-----',
issuer_ca: '-----BEGIN CERTIFICATE-----',
private_key: '-----BEGIN PRIVATE KEY-----',
private_key_type: 'rsa',
common_name: 'example.com Intermediate Authority',
issue_date: 1673540867000,
serial_number: id,
parsed_certificate: {
not_valid_after: 1831220897000,
not_valid_before: 1673540867000,
},
},
});
this.model = store.peekRecord('pki/certificate/base', id);
this.generatedModel = store.peekRecord('pki/certificate/generate', id);

this.server.post('/sys/capabilities-self', () => ({
data: {
Expand All @@ -50,7 +68,7 @@ module('Integration | Component | pki | Page::PkiCertificateDetails', function (
}));
});

test('it should render actions and fields', async function (assert) {
test('it should render actions and fields for base cert', async function (assert) {
assert.expect(6);

this.server.post('/pki/revoke', (schema, req) => {
Expand Down Expand Up @@ -90,6 +108,56 @@ module('Integration | Component | pki | Page::PkiCertificateDetails', function (
assert.dom('[data-test-value-div="Revocation time"]').exists('Revocation time is displayed');
});

test('it should render actions and fields for generated cert', async function (assert) {
assert.expect(10);

this.server.post('/pki/revoke', (schema, req) => {
const data = JSON.parse(req.requestBody);
assert.strictEqual(
data.serial_number,
this.model.serialNumber,
'Revoke request made with serial number'
);
return {
data: {
revocation_time: 1673972804,
revocation_time_rfc3339: '2023-01-17T16:26:44.960933411Z',
},
};
});

await render(hbs`<Page::PkiCertificateDetails @model={{this.generatedModel}} />`, { owner: this.engine });
assert.dom('[data-test-cert-detail-next-steps]').exists('Private key next steps warning shows');
assert
.dom('[data-test-component="info-table-row"]')
.exists({ count: 9 }, 'Correct number of fields render when certificate has not been revoked');
assert
.dom('[data-test-value-div="Certificate"] [data-test-masked-input]')
.exists('Masked input renders for certificate');
assert.dom('[data-test-value-div="Serial number"] code').exists('Serial number renders as monospace');
assert
.dom('[data-test-value-div="CA Chain"] [data-test-masked-input]')
.exists('CA Chain shows with masked value');
assert
.dom('[data-test-value-div="Issuing CA"] [data-test-masked-input]')
.exists('Issuing CA shows with masked value');
assert
.dom('[data-test-value-div="Private key"] [data-test-masked-input]')
.exists('Private key shows with masked value');

await click('[data-test-pki-cert-download-button]');
const { serialNumber, certificate } = this.model;
assert.ok(
this.downloadSpy.calledWith(serialNumber.replace(/(\s|:)+/g, '-'), certificate),
'Download pem method called with correct args'
);

await click('[data-test-confirm-action-trigger]');
await click('[data-test-confirm-button]');

assert.dom('[data-test-value-div="Revocation time"]').exists('Revocation time is displayed');
});

test('it should render back button', async function (assert) {
assert.expect(1);

Expand Down