Defines TransitProvider#renew for decrypting ciphertext.

rapid7 · Sep 30, 2016 · d06b7cc · d06b7cc
1 parent f47202e
commit d06b7cc
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/lib/providers/transit.js b/lib/providers/transit.js
@@ -51,6 +51,15 @@ class TransitProvider {
     return this._decrypt();
   }
 
+  /**
+   * Decrypt the ciphertext
+   *
+   * @return {Promise} - Resolves with decrypted ciphertext; rejects with an Error if decryption fails
+   */
+  renew() {
+    return this._decrypt();
+  }
+
   /**
    * Decrypt the ciphertext using Vault's /transit/decrypt/ API
    *

diff --git a/test/provider-transit.js b/test/provider-transit.js
@@ -118,4 +118,40 @@ describe('Provider/Transit', function () {
       .catch(done);
     });
   });
+
+  describe('TransitProvider#renew', function () {
+    it('calls Vault every time when renewing', function (done) {
+      const transit = new TransitProvider('KEY', 'TOKEN', {ciphertext: 'CTEXT'});
+
+      localVaultMock.post('/v1/transit/decrypt/KEY', {
+        ciphertext: 'CTEXT'
+      })
+      .reply(STATUS_CODES.OK, {
+        plaintext: 'PTEXT'
+      })
+      .post('/v1/transit/decrypt/KEY', {
+        ciphertext: 'CTEXT'
+      })
+      .reply(STATUS_CODES.OK, {
+        plaintext: 'PTEXT'
+      });
+
+      transit.renew()
+      .then((retrievedPlaintext) => {
+        should(retrievedPlaintext).eql({
+          plaintext: 'PTEXT'
+        });
+      })
+      .then(() => transit.renew())
+      .then((renewedPlaintext) => {
+        should(renewedPlaintext).eql({
+          plaintext: 'PTEXT'
+        });
+
+        localVaultMock.done();
+        done();
+      })
+      .catch(done);
+    });
+  });
 });