From ed5dd0a32542f9f24656dd3aa9c642362d40801b Mon Sep 17 00:00:00 2001
From: Ahmad Bamieh <ahmadbamieh@gmail.com>
Date: Fri, 10 Apr 2020 22:18:11 +0300
Subject: [PATCH] [Telemetry] use prod keys (#63263)

---
 package.json                                  |  2 +-
 .../server/encryption/encrypt.test.mocks.ts   | 27 +++++++++++++++++++
 .../server/encryption/encrypt.test.ts         | 27 ++++++++++++-------
 .../server/encryption/encrypt.ts              |  2 +-
 .../server/plugin.ts                          |  5 ++--
 yarn.lock                                     |  8 +++---
 6 files changed, 54 insertions(+), 17 deletions(-)
 create mode 100644 src/plugins/telemetry_collection_manager/server/encryption/encrypt.test.mocks.ts

diff --git a/package.json b/package.json
index ec72d5b6603451..a5d46e7f2bf40b 100644
--- a/package.json
+++ b/package.json
@@ -126,7 +126,7 @@
     "@elastic/filesaver": "1.1.2",
     "@elastic/good": "8.1.1-kibana2",
     "@elastic/numeral": "2.4.0",
-    "@elastic/request-crypto": "1.1.2",
+    "@elastic/request-crypto": "1.1.4",
     "@elastic/ui-ace": "0.2.3",
     "@hapi/good-squeeze": "5.2.1",
     "@hapi/wreck": "^15.0.2",
diff --git a/src/plugins/telemetry_collection_manager/server/encryption/encrypt.test.mocks.ts b/src/plugins/telemetry_collection_manager/server/encryption/encrypt.test.mocks.ts
new file mode 100644
index 00000000000000..9a7cb8ba28d041
--- /dev/null
+++ b/src/plugins/telemetry_collection_manager/server/encryption/encrypt.test.mocks.ts
@@ -0,0 +1,27 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export const mockEncrypt = jest.fn();
+export const createRequestEncryptor = jest.fn().mockResolvedValue({
+  encrypt: mockEncrypt,
+});
+
+jest.doMock('@elastic/request-crypto', () => ({
+  createRequestEncryptor,
+}));
diff --git a/src/plugins/telemetry_collection_manager/server/encryption/encrypt.test.ts b/src/plugins/telemetry_collection_manager/server/encryption/encrypt.test.ts
index 4a4ba7aa1f3212..c04625eb1dd427 100644
--- a/src/plugins/telemetry_collection_manager/server/encryption/encrypt.test.ts
+++ b/src/plugins/telemetry_collection_manager/server/encryption/encrypt.test.ts
@@ -16,16 +16,9 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-
+import { createRequestEncryptor, mockEncrypt } from './encrypt.test.mocks';
 import { telemetryJWKS } from './telemetry_jwks';
 import { encryptTelemetry, getKID } from './encrypt';
-import { createRequestEncryptor } from '@elastic/request-crypto';
-
-jest.mock('@elastic/request-crypto', () => ({
-  createRequestEncryptor: jest.fn().mockResolvedValue({
-    encrypt: jest.fn(),
-  }),
-}));
 
 describe('getKID', () => {
   it(`returns 'kibana_dev' kid for development`, async () => {
@@ -42,9 +35,25 @@ describe('getKID', () => {
 });
 
 describe('encryptTelemetry', () => {
+  afterEach(() => {
+    mockEncrypt.mockReset();
+  });
+
   it('encrypts payload', async () => {
     const payload = { some: 'value' };
-    await encryptTelemetry(payload, true);
+    await encryptTelemetry(payload, { isProd: true });
     expect(createRequestEncryptor).toBeCalledWith(telemetryJWKS);
   });
+
+  it('uses kibana kid on { isProd: true }', async () => {
+    const payload = { some: 'value' };
+    await encryptTelemetry(payload, { isProd: true });
+    expect(mockEncrypt).toBeCalledWith('kibana', payload);
+  });
+
+  it('uses kibana_dev kid on { isProd: false }', async () => {
+    const payload = { some: 'value' };
+    await encryptTelemetry(payload, { isProd: false });
+    expect(mockEncrypt).toBeCalledWith('kibana_dev', payload);
+  });
 });
diff --git a/src/plugins/telemetry_collection_manager/server/encryption/encrypt.ts b/src/plugins/telemetry_collection_manager/server/encryption/encrypt.ts
index c20f4b768b7dc0..44f053064cfcbd 100644
--- a/src/plugins/telemetry_collection_manager/server/encryption/encrypt.ts
+++ b/src/plugins/telemetry_collection_manager/server/encryption/encrypt.ts
@@ -24,7 +24,7 @@ export function getKID(isProd = false): string {
   return isProd ? 'kibana' : 'kibana_dev';
 }
 
-export async function encryptTelemetry(payload: any, isProd = false): Promise<string[]> {
+export async function encryptTelemetry(payload: any, { isProd = false } = {}): Promise<string[]> {
   const kid = getKID(isProd);
   const encryptor = await createRequestEncryptor(telemetryJWKS);
   const clusters = [].concat(payload);
diff --git a/src/plugins/telemetry_collection_manager/server/plugin.ts b/src/plugins/telemetry_collection_manager/server/plugin.ts
index 7e8dff9e0aec1e..f2f20e215c5351 100644
--- a/src/plugins/telemetry_collection_manager/server/plugin.ts
+++ b/src/plugins/telemetry_collection_manager/server/plugin.ts
@@ -158,7 +158,7 @@ export class TelemetryCollectionManagerPlugin
           if (config.unencrypted) {
             return optInStats;
           }
-          return encryptTelemetry(optInStats, this.isDev);
+          return encryptTelemetry(optInStats, { isProd: !this.isDev });
         }
       } catch (err) {
         this.logger.debug(`Failed to collect any opt in stats with registered collections.`);
@@ -205,7 +205,8 @@ export class TelemetryCollectionManagerPlugin
           if (config.unencrypted) {
             return usageData;
           }
-          return encryptTelemetry(usageData, this.isDev);
+
+          return encryptTelemetry(usageData, { isProd: !this.isDev });
         }
       } catch (err) {
         this.logger.debug(
diff --git a/yarn.lock b/yarn.lock
index 11abd95498c8d2..42f891aa24e253 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1401,10 +1401,10 @@
   resolved "https://registry.yarnpkg.com/@elastic/numeral/-/numeral-2.4.0.tgz#883197b7f4bf3c2dd994f53b274769ddfa2bf79a"
   integrity sha512-uGBKGCNghTgUZPHClji/00v+AKt5nidPTGOIbcT+lbTPVxNB6QPpPLGWtXyrg3QZAxobPM/LAZB1mAqtJeq44Q==
 
-"@elastic/request-crypto@1.1.2":
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/@elastic/request-crypto/-/request-crypto-1.1.2.tgz#2e323550f546f6286994126d462a9ea480a3bfb1"
-  integrity sha512-i73wjj1Qi8dGJIy170Z8xyJ760mFNjTbdmcp/nEczqWD0miNW6I5wZ5MNrv7M6CXn2m1wMXiT6qzDYd93Hv1Dw==
+"@elastic/request-crypto@1.1.4":
+  version "1.1.4"
+  resolved "https://registry.yarnpkg.com/@elastic/request-crypto/-/request-crypto-1.1.4.tgz#2189d5fea65f7afe1de9f5fa3d0dd420e93e3124"
+  integrity sha512-D5CzSGKkM6BdrVB/HRRTheMsNQOcd2FMUup0O/1hIGUBE8zHh2AYbmSNSpD6LyQAgY39mGkARUi/x+SO0ccVvg==
   dependencies:
     "@elastic/node-crypto" "1.1.1"
     "@types/node-jose" "1.1.0"