From d1ca34aafe9a71f2e58bcbb5e3941361ba606971 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Aug 2022 17:59:12 +0000 Subject: [PATCH 1/4] fix(deps): bump @relaycorp/relaynet-core from 1.81.7 to 1.81.10 Bumps [@relaycorp/relaynet-core](https://github.com/relaycorp/relaynet-core-js) from 1.81.7 to 1.81.10. - [Release notes](https://github.com/relaycorp/relaynet-core-js/releases) - [Commits](https://github.com/relaycorp/relaynet-core-js/compare/v1.81.7...v1.81.10) --- updated-dependencies: - dependency-name: "@relaycorp/relaynet-core" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2a461856..85426a20 100644 --- a/package-lock.json +++ b/package-lock.json @@ -37,8 +37,8 @@ "node": ">=14" }, "peerDependencies": { - "@relaycorp/relaynet-core": ">=1.81.6, < 2.0", "@typegoose/typegoose": "< 10.0", + "mongoose": "< 7.0", "webcrypto-core": "< 2.0" } }, @@ -1395,16 +1395,16 @@ "integrity": "sha1-p3c2C1s5oaLlEG+OhY8v0tBgxXA=" }, "node_modules/@relaycorp/relaynet-core": { - "version": "1.81.7", - "resolved": "https://registry.npmjs.org/@relaycorp/relaynet-core/-/relaynet-core-1.81.7.tgz", - "integrity": "sha512-nbcgITIO9Re3QTLre7Vs2Xd/wf3pso+yeeVJZE9F0/D0InrZmxm/L1LMnfoYOp0ONcdiALUIgIqh0GrLTX+zIA==", + "version": "1.81.10", + "resolved": "https://registry.npmjs.org/@relaycorp/relaynet-core/-/relaynet-core-1.81.10.tgz", + "integrity": "sha512-bjAaMMb0qIx5h2jX9+4BmbekXK60dKgd4KvII3oR16nCx8Dhk284X6VkQ5+xENLtJxxG4u4t9XWDzd2KxicS5A==", "dependencies": { "@peculiar/webcrypto": "^1.4.0", "@stablelib/aes-kw": "^1.0.1", - "@types/verror": "^1.10.5", + "@types/verror": "^1.10.6", "asn1js": "^3.0.5", "buffer-to-arraybuffer": "0.0.6", - "date-fns": "^2.28.0", + "date-fns": "^2.29.1", "dohdec": "^3.1.0", "is-valid-domain": "^0.1.6", "moment": "^2.29.4", @@ -1784,9 +1784,9 @@ "dev": true }, "node_modules/@types/verror": { - "version": "1.10.5", - "resolved": "https://registry.npmjs.org/@types/verror/-/verror-1.10.5.tgz", - "integrity": "sha512-9UjMCHK5GPgQRoNbqdLIAvAy0EInuiqbW0PBMtVP6B5B2HQJlvoJHM+KodPZMEjOa5VkSc+5LH7xy+cUzQdmHw==" + "version": "1.10.6", + "resolved": "https://registry.npmjs.org/@types/verror/-/verror-1.10.6.tgz", + "integrity": "sha512-NNm+gdePAX1VGvPcGZCDKQZKYSiAWigKhKaz5KF94hG6f2s8de9Ow5+7AbXoeKxL8gavZfk4UquSAygOF2duEQ==" }, "node_modules/@types/webidl-conversions": { "version": "6.1.1", @@ -2591,9 +2591,9 @@ } }, "node_modules/date-fns": { - "version": "2.28.0", - "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.28.0.tgz", - "integrity": "sha512-8d35hViGYx/QH0icHYCeLmsLmMUheMmTyV9Fcm6gvNwdw31yXXH+O85sOBJ+OLnLQMKZowvpKb6FgMIQjcpvQw==", + "version": "2.29.1", + "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.29.1.tgz", + "integrity": "sha512-dlLD5rKaKxpFdnjrs+5azHDFOPEu4ANy/LTh04A1DTzMM7qoajmKCBc8pkKRFT41CNzw+4gQh79X5C+Jq27HAw==", "engines": { "node": ">=0.11" }, @@ -9325,16 +9325,16 @@ "integrity": "sha1-p3c2C1s5oaLlEG+OhY8v0tBgxXA=" }, "@relaycorp/relaynet-core": { - "version": "1.81.7", - "resolved": "https://registry.npmjs.org/@relaycorp/relaynet-core/-/relaynet-core-1.81.7.tgz", - "integrity": "sha512-nbcgITIO9Re3QTLre7Vs2Xd/wf3pso+yeeVJZE9F0/D0InrZmxm/L1LMnfoYOp0ONcdiALUIgIqh0GrLTX+zIA==", + "version": "1.81.10", + "resolved": "https://registry.npmjs.org/@relaycorp/relaynet-core/-/relaynet-core-1.81.10.tgz", + "integrity": "sha512-bjAaMMb0qIx5h2jX9+4BmbekXK60dKgd4KvII3oR16nCx8Dhk284X6VkQ5+xENLtJxxG4u4t9XWDzd2KxicS5A==", "requires": { "@peculiar/webcrypto": "^1.4.0", "@stablelib/aes-kw": "^1.0.1", - "@types/verror": "^1.10.5", + "@types/verror": "^1.10.6", "asn1js": "^3.0.5", "buffer-to-arraybuffer": "0.0.6", - "date-fns": "^2.28.0", + "date-fns": "^2.29.1", "dohdec": "^3.1.0", "is-valid-domain": "^0.1.6", "moment": "^2.29.4", @@ -9672,9 +9672,9 @@ "dev": true }, "@types/verror": { - "version": "1.10.5", - "resolved": "https://registry.npmjs.org/@types/verror/-/verror-1.10.5.tgz", - "integrity": "sha512-9UjMCHK5GPgQRoNbqdLIAvAy0EInuiqbW0PBMtVP6B5B2HQJlvoJHM+KodPZMEjOa5VkSc+5LH7xy+cUzQdmHw==" + "version": "1.10.6", + "resolved": "https://registry.npmjs.org/@types/verror/-/verror-1.10.6.tgz", + "integrity": "sha512-NNm+gdePAX1VGvPcGZCDKQZKYSiAWigKhKaz5KF94hG6f2s8de9Ow5+7AbXoeKxL8gavZfk4UquSAygOF2duEQ==" }, "@types/webidl-conversions": { "version": "6.1.1", @@ -10281,9 +10281,9 @@ } }, "date-fns": { - "version": "2.28.0", - "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.28.0.tgz", - "integrity": "sha512-8d35hViGYx/QH0icHYCeLmsLmMUheMmTyV9Fcm6gvNwdw31yXXH+O85sOBJ+OLnLQMKZowvpKb6FgMIQjcpvQw==" + "version": "2.29.1", + "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-2.29.1.tgz", + "integrity": "sha512-dlLD5rKaKxpFdnjrs+5azHDFOPEu4ANy/LTh04A1DTzMM7qoajmKCBc8pkKRFT41CNzw+4gQh79X5C+Jq27HAw==" }, "debug": { "version": "4.3.4", From d24b5862edf9e8164287fb4915b9a1a486aa8136 Mon Sep 17 00:00:00 2001 From: Gus Narea Date: Tue, 2 Aug 2022 22:45:40 +0100 Subject: [PATCH 2/4] fix --- package-lock.json | 1 + src/lib/gcp/GCPPrivateKeyStore.spec.ts | 24 +++++++++++----------- src/lib/gcp/GCPPrivateKeyStore.ts | 10 ++++----- src/lib/vault/VaultPrivateKeyStore.spec.ts | 12 +++++------ src/lib/vault/VaultPrivateKeyStore.ts | 4 ++-- 5 files changed, 26 insertions(+), 25 deletions(-) diff --git a/package-lock.json b/package-lock.json index 85426a20..e3bd3d69 100644 --- a/package-lock.json +++ b/package-lock.json @@ -37,6 +37,7 @@ "node": ">=14" }, "peerDependencies": { + "@relaycorp/relaynet-core": ">=1.81.6, < 2.0", "@typegoose/typegoose": "< 10.0", "mongoose": "< 7.0", "webcrypto-core": "< 2.0" diff --git a/src/lib/gcp/GCPPrivateKeyStore.spec.ts b/src/lib/gcp/GCPPrivateKeyStore.spec.ts index c262e5f3..8637b97c 100644 --- a/src/lib/gcp/GCPPrivateKeyStore.spec.ts +++ b/src/lib/gcp/GCPPrivateKeyStore.spec.ts @@ -5,7 +5,7 @@ import { derDeserializeRSAPublicKey, derSerializePrivateKey, derSerializePublicKey, - getPrivateAddressFromIdentityKey, + getIdFromIdentityKey, KeyStoreError, SessionKeyPair, UnknownKeyError, @@ -77,7 +77,7 @@ describe('Identity keys', () => { beforeAll(async () => { stubPublicKey = await derDeserializeRSAPublicKey(STUB_KMS_PUBLIC_KEY); stubPublicKeySerialized = bufferToArrayBuffer(STUB_KMS_PUBLIC_KEY); - stubPrivateAddress = await getPrivateAddressFromIdentityKey(stubPublicKey); + stubPrivateAddress = await getIdFromIdentityKey(stubPublicKey); }); const mockRetrieveKMSPublicKey = mockSpy( @@ -200,26 +200,26 @@ describe('Identity keys', () => { test('Private address should be stored', async () => { const store = new GCPPrivateKeyStore(makeKmsClient(), getDBConnection(), KMS_CONFIG); - const { privateAddress } = await store.generateIdentityKeyPair(); + const { id } = await store.generateIdentityKeyPair(); - await expect(getDocument(privateAddress)).resolves.toBeTruthy(); + await expect(getDocument(id)).resolves.toBeTruthy(); }); test('Public key should be stored', async () => { const store = new GCPPrivateKeyStore(makeKmsClient(), getDBConnection(), KMS_CONFIG); - const { privateAddress, publicKey } = await store.generateIdentityKeyPair(); + const { id, publicKey } = await store.generateIdentityKeyPair(); - const document = await getDocument(privateAddress); + const document = await getDocument(id); expect(document!.publicKey.equals(await derSerializePublicKey(publicKey))).toBeTrue(); }); test('KMS key should be stored', async () => { const store = new GCPPrivateKeyStore(makeKmsClient(), getDBConnection(), KMS_CONFIG); - const { privateAddress } = await store.generateIdentityKeyPair(); + const { id } = await store.generateIdentityKeyPair(); - const document = await getDocument(privateAddress); + const document = await getDocument(id); expect(document!.kmsKey).toEqual(KMS_CONFIG.identityKeyId); }); @@ -231,9 +231,9 @@ describe('Identity keys', () => { KMS_CONFIG, ); - const { privateAddress } = await store.generateIdentityKeyPair(); + const { id } = await store.generateIdentityKeyPair(); - const document = await getDocument(privateAddress); + const document = await getDocument(id); expect(document?.kmsKeyVersion).toEqual(kmsKeyVersion); }); @@ -278,9 +278,9 @@ describe('Identity keys', () => { test('Private address should match public key', async () => { const store = new GCPPrivateKeyStore(makeKmsClient(), getDBConnection(), KMS_CONFIG); - const { privateAddress } = await store.generateIdentityKeyPair(); + const { id } = await store.generateIdentityKeyPair(); - expect(privateAddress).toEqual(stubPrivateAddress); + expect(id).toEqual(stubPrivateAddress); }); }); diff --git a/src/lib/gcp/GCPPrivateKeyStore.ts b/src/lib/gcp/GCPPrivateKeyStore.ts index fa0be54b..828b199b 100644 --- a/src/lib/gcp/GCPPrivateKeyStore.ts +++ b/src/lib/gcp/GCPPrivateKeyStore.ts @@ -2,7 +2,7 @@ import { KeyManagementServiceClient } from '@google-cloud/kms'; import { derDeserializeRSAPublicKey, derSerializePublicKey, - getPrivateAddressFromIdentityKey, + getIdFromIdentityKey, IdentityKeyPair, RSAKeyGenOptions, SessionPrivateKeyData, @@ -67,11 +67,11 @@ export class GCPPrivateKeyStore extends CloudPrivateKeystore { const publicKeySerialized = await retrieveKMSPublicKey(kmsKeyVersionPath, this.kmsClient); const publicKey = await derDeserializeRSAPublicKey(publicKeySerialized); const privateKey = new GcpKmsRsaPssPrivateKey(kmsKeyVersionPath, publicKey, this.idKeyProvider); - const privateAddress = await getPrivateAddressFromIdentityKey(publicKey); + const id = await getIdFromIdentityKey(publicKey); - await this.linkKMSKeyVersion(kmsKeyVersionPath, privateAddress, publicKey); + await this.linkKMSKeyVersion(kmsKeyVersionPath, id, publicKey); - return { privateAddress, privateKey, publicKey }; + return { id, privateKey, publicKey }; } public async retrieveIdentityKey(privateAddress: string): Promise { @@ -129,7 +129,7 @@ export class GCPPrivateKeyStore extends CloudPrivateKeystore { privateAddress, peerPrivateAddress, ); - return { keySerialized, peerPrivateAddress, privateAddress }; + return { keySerialized, peerId: peerPrivateAddress, nodeId: privateAddress }; } //region Identity key utilities diff --git a/src/lib/vault/VaultPrivateKeyStore.spec.ts b/src/lib/vault/VaultPrivateKeyStore.spec.ts index cdcf0e78..a6d40055 100644 --- a/src/lib/vault/VaultPrivateKeyStore.spec.ts +++ b/src/lib/vault/VaultPrivateKeyStore.spec.ts @@ -1,7 +1,7 @@ import { derSerializePrivateKey, generateRSAKeyPair, - getPrivateAddressFromIdentityKey, + getIdFromIdentityKey, KeyStoreError, SessionKeyPair, UnknownKeyError, @@ -129,11 +129,11 @@ describe('VaultPrivateKeyStore', () => { test('Identity key should be generated', async () => { const store = new VaultPrivateKeyStore(stubVaultUrl, stubVaultToken, stubKvPath); - const { privateKey, privateAddress } = await store.generateIdentityKeyPair(); + const { privateKey, id } = await store.generateIdentityKeyPair(); expect(mockAxiosClient.post).toBeCalledTimes(1); const postCallArgs = mockAxiosClient.post.mock.calls[0]; - expect(postCallArgs[0]).toEqual(`/i-${privateAddress}`); + expect(postCallArgs[0]).toEqual(`/i-${id}`); expect(postCallArgs[1]).toHaveProperty( 'data.privateKey', base64Encode(await derSerializePrivateKey(privateKey)), @@ -234,7 +234,7 @@ describe('VaultPrivateKeyStore', () => { test('Existing identity key should be returned', async () => { const senderKeyPair = await generateRSAKeyPair(); const identityPrivateKey = senderKeyPair.privateKey; - const privateAddress = await getPrivateAddressFromIdentityKey(senderKeyPair.publicKey); + const nodeId = await getIdFromIdentityKey(senderKeyPair.publicKey); mockAxiosClient.get.mockResolvedValue( makeVaultGETResponse( { @@ -245,11 +245,11 @@ describe('VaultPrivateKeyStore', () => { ); const store = new VaultPrivateKeyStore(stubVaultUrl, stubVaultToken, stubKvPath); - const privateKey = await store.retrieveIdentityKey(privateAddress); + const privateKey = await store.retrieveIdentityKey(nodeId); expect(mockAxiosClient.get).toBeCalledTimes(1); const getCallArgs = mockAxiosClient.get.mock.calls[0]; - expect(getCallArgs[0]).toEqual(`/i-${privateAddress}`); + expect(getCallArgs[0]).toEqual(`/i-${nodeId}`); await expect(derSerializePrivateKey(privateKey!)).resolves.toEqual( await derSerializePrivateKey(identityPrivateKey), ); diff --git a/src/lib/vault/VaultPrivateKeyStore.ts b/src/lib/vault/VaultPrivateKeyStore.ts index 0061dace..fc8aeadc 100644 --- a/src/lib/vault/VaultPrivateKeyStore.ts +++ b/src/lib/vault/VaultPrivateKeyStore.ts @@ -78,8 +78,8 @@ export class VaultPrivateKeyStore extends CloudPrivateKeystore { } return { keySerialized: keyData.privateKey, - peerPrivateAddress: (keyData as SessionKeyDataDecoded).peerPrivateAddress, - privateAddress: (keyData as SessionKeyDataDecoded).privateAddress, + peerId: (keyData as SessionKeyDataDecoded).peerPrivateAddress, + nodeId: (keyData as SessionKeyDataDecoded).privateAddress, }; } From 34264e69c1a83c1fb446ca5b549d639ac6cbb1d5 Mon Sep 17 00:00:00 2001 From: Gus Narea Date: Tue, 2 Aug 2022 22:46:37 +0100 Subject: [PATCH 3/4] fix --- package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package-lock.json b/package-lock.json index 5de06809..3d70edde 100644 --- a/package-lock.json +++ b/package-lock.json @@ -38,7 +38,7 @@ }, "peerDependencies": { "@relaycorp/relaynet-core": ">=1.81.6, < 2.0", - "mongoose": "< 7.0", + "@typegoose/typegoose": "< 10.0", "mongoose": "< 7.0", "webcrypto-core": "< 2.0" } From c60647b95b0ca4b0cff3a72795ebe5f56b1433b7 Mon Sep 17 00:00:00 2001 From: Gus Narea Date: Tue, 2 Aug 2022 22:51:41 +0100 Subject: [PATCH 4/4] fix func tests --- src/functional_tests/gcp.test.ts | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/src/functional_tests/gcp.test.ts b/src/functional_tests/gcp.test.ts index 31469dc5..a3e82a0b 100644 --- a/src/functional_tests/gcp.test.ts +++ b/src/functional_tests/gcp.test.ts @@ -68,9 +68,9 @@ describe('Private key store', () => { test('Generate identity key pair', async () => { const store = new GCPPrivateKeyStore(kmsClient, getDBConnection(), getKMSConfig()); - const { privateKey, privateAddress } = await store.generateIdentityKeyPair(); + const { privateKey, id } = await store.generateIdentityKeyPair(); - const privateKeyRetrieved = await store.retrieveIdentityKey(privateAddress); + const privateKeyRetrieved = await store.retrieveIdentityKey(id); expect(privateKeyRetrieved?.kmsKeyVersionPath).toEqual( (privateKey as GcpKmsRsaPssPrivateKey).kmsKeyVersionPath, @@ -78,18 +78,14 @@ describe('Private key store', () => { }); test('Save and retrieve session key', async () => { - const privateAddress = '0deadbeef'; - const peerPrivateAddress = '0deadc0de'; + const id = '0deadbeef'; + const peerId = '0deadc0de'; const store = new GCPPrivateKeyStore(kmsClient, getDBConnection(), getKMSConfig()); const { privateKey, sessionKey } = await SessionKeyPair.generate(); - await store.saveSessionKey(privateKey, sessionKey.keyId, privateAddress, peerPrivateAddress); + await store.saveSessionKey(privateKey, sessionKey.keyId, id, peerId); - const privateKeyRetrieved = await store.retrieveSessionKey( - sessionKey.keyId, - privateAddress, - peerPrivateAddress, - ); + const privateKeyRetrieved = await store.retrieveSessionKey(sessionKey.keyId, id, peerId); await expect(derSerializePrivateKey(privateKeyRetrieved)).resolves.toEqual( await derSerializePrivateKey(privateKey), );