zitadel/internal/api/grpc/resources/webkey/v3/webkey_converter_test.go

package webkey

import (
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
	"google.golang.org/protobuf/types/known/timestamppb"

	"github.com/zitadel/zitadel/internal/crypto"
	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/query"
	object "github.com/zitadel/zitadel/pkg/grpc/object/v3alpha"
	resource_object "github.com/zitadel/zitadel/pkg/grpc/resources/object/v3alpha"
	webkey "github.com/zitadel/zitadel/pkg/grpc/resources/webkey/v3alpha"
)

func Test_createWebKeyRequestToConfig(t *testing.T) {
	type args struct {
		req *webkey.CreateWebKeyRequest
	}
	tests := []struct {
		name string
		args args
		want crypto.WebKeyConfig
	}{
		{
			name: "RSA",
			args: args{&webkey.CreateWebKeyRequest{
				Key: &webkey.WebKey{
					Config: &webkey.WebKey_Rsa{
						Rsa: &webkey.WebKeyRSAConfig{
							Bits:   webkey.WebKeyRSAConfig_RSA_BITS_3072,
							Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA384,
						},
					},
				},
			}},
			want: &crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits3072,
				Hasher: crypto.RSAHasherSHA384,
			},
		},
		{
			name: "ECDSA",
			args: args{&webkey.CreateWebKeyRequest{
				Key: &webkey.WebKey{
					Config: &webkey.WebKey_Ecdsa{
						Ecdsa: &webkey.WebKeyECDSAConfig{
							Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P384,
						},
					},
				},
			}},
			want: &crypto.WebKeyECDSAConfig{
				Curve: crypto.EllipticCurveP384,
			},
		},
		{
			name: "ED25519",
			args: args{&webkey.CreateWebKeyRequest{
				Key: &webkey.WebKey{
					Config: &webkey.WebKey_Ed25519{
						Ed25519: &webkey.WebKeyED25519Config{},
					},
				},
			}},
			want: &crypto.WebKeyED25519Config{},
		},
		{
			name: "default",
			args: args{&webkey.CreateWebKeyRequest{}},
			want: &crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits2048,
				Hasher: crypto.RSAHasherSHA256,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := createWebKeyRequestToConfig(tt.args.req)
			assert.Equal(t, tt.want, got)
		})
	}
}

func Test_webKeyRSAConfigToCrypto(t *testing.T) {
	type args struct {
		config *webkey.WebKeyRSAConfig
	}
	tests := []struct {
		name string
		args args
		want *crypto.WebKeyRSAConfig
	}{
		{
			name: "unspecified",
			args: args{&webkey.WebKeyRSAConfig{
				Bits:   webkey.WebKeyRSAConfig_RSA_BITS_UNSPECIFIED,
				Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_UNSPECIFIED,
			}},
			want: &crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits2048,
				Hasher: crypto.RSAHasherSHA256,
			},
		},
		{
			name: "2048, RSA256",
			args: args{&webkey.WebKeyRSAConfig{
				Bits:   webkey.WebKeyRSAConfig_RSA_BITS_2048,
				Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA256,
			}},
			want: &crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits2048,
				Hasher: crypto.RSAHasherSHA256,
			},
		},
		{
			name: "3072, RSA384",
			args: args{&webkey.WebKeyRSAConfig{
				Bits:   webkey.WebKeyRSAConfig_RSA_BITS_3072,
				Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA384,
			}},
			want: &crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits3072,
				Hasher: crypto.RSAHasherSHA384,
			},
		},
		{
			name: "4096, RSA512",
			args: args{&webkey.WebKeyRSAConfig{
				Bits:   webkey.WebKeyRSAConfig_RSA_BITS_4096,
				Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA512,
			}},
			want: &crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits4096,
				Hasher: crypto.RSAHasherSHA512,
			},
		},
		{
			name: "invalid",
			args: args{&webkey.WebKeyRSAConfig{
				Bits:   99,
				Hasher: 99,
			}},
			want: &crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits2048,
				Hasher: crypto.RSAHasherSHA256,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := webKeyRSAConfigToCrypto(tt.args.config)
			assert.Equal(t, tt.want, got)
		})
	}
}

func Test_webKeyECDSAConfigToCrypto(t *testing.T) {
	type args struct {
		config *webkey.WebKeyECDSAConfig
	}
	tests := []struct {
		name string
		args args
		want *crypto.WebKeyECDSAConfig
	}{
		{
			name: "unspecified",
			args: args{&webkey.WebKeyECDSAConfig{
				Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_UNSPECIFIED,
			}},
			want: &crypto.WebKeyECDSAConfig{
				Curve: crypto.EllipticCurveP256,
			},
		},
		{
			name: "P256",
			args: args{&webkey.WebKeyECDSAConfig{
				Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P256,
			}},
			want: &crypto.WebKeyECDSAConfig{
				Curve: crypto.EllipticCurveP256,
			},
		},
		{
			name: "P384",
			args: args{&webkey.WebKeyECDSAConfig{
				Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P384,
			}},
			want: &crypto.WebKeyECDSAConfig{
				Curve: crypto.EllipticCurveP384,
			},
		},
		{
			name: "P512",
			args: args{&webkey.WebKeyECDSAConfig{
				Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P512,
			}},
			want: &crypto.WebKeyECDSAConfig{
				Curve: crypto.EllipticCurveP512,
			},
		},
		{
			name: "invalid",
			args: args{&webkey.WebKeyECDSAConfig{
				Curve: 99,
			}},
			want: &crypto.WebKeyECDSAConfig{
				Curve: crypto.EllipticCurveP256,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := webKeyECDSAConfigToCrypto(tt.args.config)
			assert.Equal(t, tt.want, got)
		})
	}
}

func Test_webKeyDetailsListToPb(t *testing.T) {
	instanceID := "ownerid"
	list := []query.WebKeyDetails{
		{
			KeyID:        "key1",
			CreationDate: time.Unix(123, 456),
			ChangeDate:   time.Unix(789, 0),
			Sequence:     123,
			State:        domain.WebKeyStateActive,
			Config: &crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits3072,
				Hasher: crypto.RSAHasherSHA384,
			},
		},
		{
			KeyID:        "key2",
			CreationDate: time.Unix(123, 456),
			ChangeDate:   time.Unix(789, 0),
			Sequence:     123,
			State:        domain.WebKeyStateActive,
			Config:       &crypto.WebKeyED25519Config{},
		},
	}
	want := []*webkey.GetWebKey{
		{
			Details: &resource_object.Details{
				Id:      "key1",
				Created: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},
				Changed: &timestamppb.Timestamp{Seconds: 789, Nanos: 0},
				Owner:   &object.Owner{Type: object.OwnerType_OWNER_TYPE_INSTANCE, Id: instanceID},
			},
			State: webkey.WebKeyState_STATE_ACTIVE,
			Config: &webkey.WebKey{
				Config: &webkey.WebKey_Rsa{
					Rsa: &webkey.WebKeyRSAConfig{
						Bits:   webkey.WebKeyRSAConfig_RSA_BITS_3072,
						Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA384,
					},
				},
			},
		},
		{
			Details: &resource_object.Details{
				Id:      "key2",
				Created: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},
				Changed: &timestamppb.Timestamp{Seconds: 789, Nanos: 0},
				Owner:   &object.Owner{Type: object.OwnerType_OWNER_TYPE_INSTANCE, Id: instanceID},
			},
			State: webkey.WebKeyState_STATE_ACTIVE,
			Config: &webkey.WebKey{
				Config: &webkey.WebKey_Ed25519{
					Ed25519: &webkey.WebKeyED25519Config{},
				},
			},
		},
	}
	got := webKeyDetailsListToPb(list, instanceID)
	assert.Equal(t, want, got)
}

func Test_webKeyDetailsToPb(t *testing.T) {
	instanceID := "ownerid"
	type args struct {
		details *query.WebKeyDetails
	}
	tests := []struct {
		name string
		args args
		want *webkey.GetWebKey
	}{
		{
			name: "RSA",
			args: args{&query.WebKeyDetails{
				KeyID:        "keyID",
				CreationDate: time.Unix(123, 456),
				ChangeDate:   time.Unix(789, 0),
				Sequence:     123,
				State:        domain.WebKeyStateActive,
				Config: &crypto.WebKeyRSAConfig{
					Bits:   crypto.RSABits3072,
					Hasher: crypto.RSAHasherSHA384,
				},
			}},
			want: &webkey.GetWebKey{
				Details: &resource_object.Details{
					Id:      "keyID",
					Created: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},
					Changed: &timestamppb.Timestamp{Seconds: 789, Nanos: 0},
					Owner:   &object.Owner{Type: object.OwnerType_OWNER_TYPE_INSTANCE, Id: instanceID},
				},
				State: webkey.WebKeyState_STATE_ACTIVE,
				Config: &webkey.WebKey{
					Config: &webkey.WebKey_Rsa{
						Rsa: &webkey.WebKeyRSAConfig{
							Bits:   webkey.WebKeyRSAConfig_RSA_BITS_3072,
							Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA384,
						},
					},
				},
			},
		},
		{
			name: "ECDSA",
			args: args{&query.WebKeyDetails{
				KeyID:        "keyID",
				CreationDate: time.Unix(123, 456),
				ChangeDate:   time.Unix(789, 0),
				Sequence:     123,
				State:        domain.WebKeyStateActive,
				Config: &crypto.WebKeyECDSAConfig{
					Curve: crypto.EllipticCurveP384,
				},
			}},
			want: &webkey.GetWebKey{
				Details: &resource_object.Details{
					Id:      "keyID",
					Created: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},
					Changed: &timestamppb.Timestamp{Seconds: 789, Nanos: 0},
					Owner:   &object.Owner{Type: object.OwnerType_OWNER_TYPE_INSTANCE, Id: instanceID},
				},
				State: webkey.WebKeyState_STATE_ACTIVE,
				Config: &webkey.WebKey{
					Config: &webkey.WebKey_Ecdsa{
						Ecdsa: &webkey.WebKeyECDSAConfig{
							Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P384,
						},
					},
				},
			},
		},
		{
			name: "ED25519",
			args: args{&query.WebKeyDetails{
				KeyID:        "keyID",
				CreationDate: time.Unix(123, 456),
				ChangeDate:   time.Unix(789, 0),
				Sequence:     123,
				State:        domain.WebKeyStateActive,
				Config:       &crypto.WebKeyED25519Config{},
			}},
			want: &webkey.GetWebKey{
				Details: &resource_object.Details{
					Id:      "keyID",
					Created: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},
					Changed: &timestamppb.Timestamp{Seconds: 789, Nanos: 0},
					Owner:   &object.Owner{Type: object.OwnerType_OWNER_TYPE_INSTANCE, Id: instanceID},
				},
				State: webkey.WebKeyState_STATE_ACTIVE,
				Config: &webkey.WebKey{
					Config: &webkey.WebKey_Ed25519{
						Ed25519: &webkey.WebKeyED25519Config{},
					},
				},
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := webKeyDetailsToPb(tt.args.details, instanceID)
			assert.Equal(t, tt.want, got)
		})
	}
}

func Test_webKeyStateToPb(t *testing.T) {
	type args struct {
		state domain.WebKeyState
	}
	tests := []struct {
		name string
		args args
		want webkey.WebKeyState
	}{
		{
			name: "unspecified",
			args: args{domain.WebKeyStateUnspecified},
			want: webkey.WebKeyState_STATE_UNSPECIFIED,
		},
		{
			name: "initial",
			args: args{domain.WebKeyStateInitial},
			want: webkey.WebKeyState_STATE_INITIAL,
		},
		{
			name: "active",
			args: args{domain.WebKeyStateActive},
			want: webkey.WebKeyState_STATE_ACTIVE,
		},
		{
			name: "inactive",
			args: args{domain.WebKeyStateInactive},
			want: webkey.WebKeyState_STATE_INACTIVE,
		},
		{
			name: "removed",
			args: args{domain.WebKeyStateRemoved},
			want: webkey.WebKeyState_STATE_REMOVED,
		},
		{
			name: "invalid",
			args: args{99},
			want: webkey.WebKeyState_STATE_UNSPECIFIED,
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := webKeyStateToPb(tt.args.state)
			assert.Equal(t, tt.want, got)
		})
	}
}

func Test_webKeyRSAConfigToPb(t *testing.T) {
	type args struct {
		config *crypto.WebKeyRSAConfig
	}
	tests := []struct {
		name string
		args args
		want *webkey.WebKeyRSAConfig
	}{
		{
			name: "2048, RSA256",
			args: args{&crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits2048,
				Hasher: crypto.RSAHasherSHA256,
			}},
			want: &webkey.WebKeyRSAConfig{
				Bits:   webkey.WebKeyRSAConfig_RSA_BITS_2048,
				Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA256,
			},
		},
		{
			name: "3072, RSA384",
			args: args{&crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits3072,
				Hasher: crypto.RSAHasherSHA384,
			}},
			want: &webkey.WebKeyRSAConfig{
				Bits:   webkey.WebKeyRSAConfig_RSA_BITS_3072,
				Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA384,
			},
		},
		{
			name: "4096, RSA512",
			args: args{&crypto.WebKeyRSAConfig{
				Bits:   crypto.RSABits4096,
				Hasher: crypto.RSAHasherSHA512,
			}},
			want: &webkey.WebKeyRSAConfig{
				Bits:   webkey.WebKeyRSAConfig_RSA_BITS_4096,
				Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA512,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := webKeyRSAConfigToPb(tt.args.config)
			assert.Equal(t, tt.want, got)
		})
	}
}

func Test_webKeyECDSAConfigToPb(t *testing.T) {
	type args struct {
		config *crypto.WebKeyECDSAConfig
	}
	tests := []struct {
		name string
		args args
		want *webkey.WebKeyECDSAConfig
	}{
		{
			name: "P256",
			args: args{&crypto.WebKeyECDSAConfig{
				Curve: crypto.EllipticCurveP256,
			}},
			want: &webkey.WebKeyECDSAConfig{
				Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P256,
			},
		},
		{
			name: "P384",
			args: args{&crypto.WebKeyECDSAConfig{
				Curve: crypto.EllipticCurveP384,
			}},
			want: &webkey.WebKeyECDSAConfig{
				Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P384,
			},
		},
		{
			name: "P512",
			args: args{&crypto.WebKeyECDSAConfig{
				Curve: crypto.EllipticCurveP512,
			}},
			want: &webkey.WebKeyECDSAConfig{
				Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P512,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got := webKeyECDSAConfigToPb(tt.args.config)
			assert.Equal(t, tt.want, got)
		})
	}
}
feat(v3alpha): web key resource (#8262) # Which Problems Are Solved Implement a new API service that allows management of OIDC signing web keys. This allows users to manage rotation of the instance level keys. which are currently managed based on expiry. The API accepts the generation of the following key types and parameters: - RSA keys with 2048, 3072 or 4096 bit in size and: - Signing with SHA-256 (RS256) - Signing with SHA-384 (RS384) - Signing with SHA-512 (RS512) - ECDSA keys with - P256 curve - P384 curve - P512 curve - ED25519 keys # How the Problems Are Solved Keys are serialized for storage using the JSON web key format from the `jose` library. This is the format that will be used by OIDC for signing, verification and publication. Each instance can have a number of key pairs. All existing public keys are meant to be used for token verification and publication the keys endpoint. Keys can be activated and the active private key is meant to sign new tokens. There is always exactly 1 active signing key: 1. When the first key for an instance is generated, it is automatically activated. 2. Activation of the next key automatically deactivates the previously active key. 3. Keys cannot be manually deactivated from the API 4. Active keys cannot be deleted # Additional Changes - Query methods that later will be used by the OIDC package are already implemented. Preparation for #8031 - Fix indentation in french translation for instance event - Move user_schema translations to consistent positions in all translation files # Additional Context - Closes #8030 - Part of #7809 --------- Co-authored-by: Elio Bischof <elio@zitadel.com> 2024-08-14 14:18:14 +00:00			`package webkey`

			`import (`
			`"testing"`
			`"time"`

			`"github.com/stretchr/testify/assert"`
			`"google.golang.org/protobuf/types/known/timestamppb"`

			`"github.com/zitadel/zitadel/internal/crypto"`
			`"github.com/zitadel/zitadel/internal/domain"`
			`"github.com/zitadel/zitadel/internal/query"`
			`object "github.com/zitadel/zitadel/pkg/grpc/object/v3alpha"`
			`resource_object "github.com/zitadel/zitadel/pkg/grpc/resources/object/v3alpha"`
			`webkey "github.com/zitadel/zitadel/pkg/grpc/resources/webkey/v3alpha"`
			`)`

			`func Test_createWebKeyRequestToConfig(t *testing.T) {`
			`type args struct {`
			`req *webkey.CreateWebKeyRequest`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`want crypto.WebKeyConfig`
			`}{`
			`{`
			`name: "RSA",`
			`args: args{&webkey.CreateWebKeyRequest{`
			`Key: &webkey.WebKey{`
			`Config: &webkey.WebKey_Rsa{`
			`Rsa: &webkey.WebKeyRSAConfig{`
			`Bits: webkey.WebKeyRSAConfig_RSA_BITS_3072,`
			`Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA384,`
			`},`
			`},`
			`},`
			`}},`
			`want: &crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits3072,`
			`Hasher: crypto.RSAHasherSHA384,`
			`},`
			`},`
			`{`
			`name: "ECDSA",`
			`args: args{&webkey.CreateWebKeyRequest{`
			`Key: &webkey.WebKey{`
			`Config: &webkey.WebKey_Ecdsa{`
			`Ecdsa: &webkey.WebKeyECDSAConfig{`
			`Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P384,`
			`},`
			`},`
			`},`
			`}},`
			`want: &crypto.WebKeyECDSAConfig{`
			`Curve: crypto.EllipticCurveP384,`
			`},`
			`},`
			`{`
			`name: "ED25519",`
			`args: args{&webkey.CreateWebKeyRequest{`
			`Key: &webkey.WebKey{`
			`Config: &webkey.WebKey_Ed25519{`
			`Ed25519: &webkey.WebKeyED25519Config{},`
			`},`
			`},`
			`}},`
			`want: &crypto.WebKeyED25519Config{},`
			`},`
			`{`
			`name: "default",`
			`args: args{&webkey.CreateWebKeyRequest{}},`
			`want: &crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits2048,`
			`Hasher: crypto.RSAHasherSHA256,`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`got := createWebKeyRequestToConfig(tt.args.req)`
			`assert.Equal(t, tt.want, got)`
			`})`
			`}`
			`}`

			`func Test_webKeyRSAConfigToCrypto(t *testing.T) {`
			`type args struct {`
			`config *webkey.WebKeyRSAConfig`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`want *crypto.WebKeyRSAConfig`
			`}{`
			`{`
			`name: "unspecified",`
			`args: args{&webkey.WebKeyRSAConfig{`
			`Bits: webkey.WebKeyRSAConfig_RSA_BITS_UNSPECIFIED,`
			`Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_UNSPECIFIED,`
			`}},`
			`want: &crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits2048,`
			`Hasher: crypto.RSAHasherSHA256,`
			`},`
			`},`
			`{`
			`name: "2048, RSA256",`
			`args: args{&webkey.WebKeyRSAConfig{`
			`Bits: webkey.WebKeyRSAConfig_RSA_BITS_2048,`
			`Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA256,`
			`}},`
			`want: &crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits2048,`
			`Hasher: crypto.RSAHasherSHA256,`
			`},`
			`},`
			`{`
			`name: "3072, RSA384",`
			`args: args{&webkey.WebKeyRSAConfig{`
			`Bits: webkey.WebKeyRSAConfig_RSA_BITS_3072,`
			`Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA384,`
			`}},`
			`want: &crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits3072,`
			`Hasher: crypto.RSAHasherSHA384,`
			`},`
			`},`
			`{`
			`name: "4096, RSA512",`
			`args: args{&webkey.WebKeyRSAConfig{`
			`Bits: webkey.WebKeyRSAConfig_RSA_BITS_4096,`
			`Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA512,`
			`}},`
			`want: &crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits4096,`
			`Hasher: crypto.RSAHasherSHA512,`
			`},`
			`},`
			`{`
			`name: "invalid",`
			`args: args{&webkey.WebKeyRSAConfig{`
			`Bits: 99,`
			`Hasher: 99,`
			`}},`
			`want: &crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits2048,`
			`Hasher: crypto.RSAHasherSHA256,`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`got := webKeyRSAConfigToCrypto(tt.args.config)`
			`assert.Equal(t, tt.want, got)`
			`})`
			`}`
			`}`

			`func Test_webKeyECDSAConfigToCrypto(t *testing.T) {`
			`type args struct {`
			`config *webkey.WebKeyECDSAConfig`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`want *crypto.WebKeyECDSAConfig`
			`}{`
			`{`
			`name: "unspecified",`
			`args: args{&webkey.WebKeyECDSAConfig{`
			`Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_UNSPECIFIED,`
			`}},`
			`want: &crypto.WebKeyECDSAConfig{`
			`Curve: crypto.EllipticCurveP256,`
			`},`
			`},`
			`{`
			`name: "P256",`
			`args: args{&webkey.WebKeyECDSAConfig{`
			`Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P256,`
			`}},`
			`want: &crypto.WebKeyECDSAConfig{`
			`Curve: crypto.EllipticCurveP256,`
			`},`
			`},`
			`{`
			`name: "P384",`
			`args: args{&webkey.WebKeyECDSAConfig{`
			`Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P384,`
			`}},`
			`want: &crypto.WebKeyECDSAConfig{`
			`Curve: crypto.EllipticCurveP384,`
			`},`
			`},`
			`{`
			`name: "P512",`
			`args: args{&webkey.WebKeyECDSAConfig{`
			`Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P512,`
			`}},`
			`want: &crypto.WebKeyECDSAConfig{`
			`Curve: crypto.EllipticCurveP512,`
			`},`
			`},`
			`{`
			`name: "invalid",`
			`args: args{&webkey.WebKeyECDSAConfig{`
			`Curve: 99,`
			`}},`
			`want: &crypto.WebKeyECDSAConfig{`
			`Curve: crypto.EllipticCurveP256,`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`got := webKeyECDSAConfigToCrypto(tt.args.config)`
			`assert.Equal(t, tt.want, got)`
			`})`
			`}`
			`}`

			`func Test_webKeyDetailsListToPb(t *testing.T) {`
			`instanceID := "ownerid"`
			`list := []query.WebKeyDetails{`
			`{`
			`KeyID: "key1",`
			`CreationDate: time.Unix(123, 456),`
			`ChangeDate: time.Unix(789, 0),`
			`Sequence: 123,`
			`State: domain.WebKeyStateActive,`
			`Config: &crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits3072,`
			`Hasher: crypto.RSAHasherSHA384,`
			`},`
			`},`
			`{`
			`KeyID: "key2",`
			`CreationDate: time.Unix(123, 456),`
			`ChangeDate: time.Unix(789, 0),`
			`Sequence: 123,`
			`State: domain.WebKeyStateActive,`
			`Config: &crypto.WebKeyED25519Config{},`
			`},`
			`}`
			`want := []*webkey.GetWebKey{`
			`{`
			`Details: &resource_object.Details{`
			`Id: "key1",`
			`Created: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},`
			`Changed: &timestamppb.Timestamp{Seconds: 789, Nanos: 0},`
			`Owner: &object.Owner{Type: object.OwnerType_OWNER_TYPE_INSTANCE, Id: instanceID},`
			`},`
			`State: webkey.WebKeyState_STATE_ACTIVE,`
			`Config: &webkey.WebKey{`
			`Config: &webkey.WebKey_Rsa{`
			`Rsa: &webkey.WebKeyRSAConfig{`
			`Bits: webkey.WebKeyRSAConfig_RSA_BITS_3072,`
			`Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA384,`
			`},`
			`},`
			`},`
			`},`
			`{`
			`Details: &resource_object.Details{`
			`Id: "key2",`
			`Created: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},`
			`Changed: &timestamppb.Timestamp{Seconds: 789, Nanos: 0},`
			`Owner: &object.Owner{Type: object.OwnerType_OWNER_TYPE_INSTANCE, Id: instanceID},`
			`},`
			`State: webkey.WebKeyState_STATE_ACTIVE,`
			`Config: &webkey.WebKey{`
			`Config: &webkey.WebKey_Ed25519{`
			`Ed25519: &webkey.WebKeyED25519Config{},`
			`},`
			`},`
			`},`
			`}`
			`got := webKeyDetailsListToPb(list, instanceID)`
			`assert.Equal(t, want, got)`
			`}`

			`func Test_webKeyDetailsToPb(t *testing.T) {`
			`instanceID := "ownerid"`
			`type args struct {`
			`details *query.WebKeyDetails`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`want *webkey.GetWebKey`
			`}{`
			`{`
			`name: "RSA",`
			`args: args{&query.WebKeyDetails{`
			`KeyID: "keyID",`
			`CreationDate: time.Unix(123, 456),`
			`ChangeDate: time.Unix(789, 0),`
			`Sequence: 123,`
			`State: domain.WebKeyStateActive,`
			`Config: &crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits3072,`
			`Hasher: crypto.RSAHasherSHA384,`
			`},`
			`}},`
			`want: &webkey.GetWebKey{`
			`Details: &resource_object.Details{`
			`Id: "keyID",`
			`Created: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},`
			`Changed: &timestamppb.Timestamp{Seconds: 789, Nanos: 0},`
			`Owner: &object.Owner{Type: object.OwnerType_OWNER_TYPE_INSTANCE, Id: instanceID},`
			`},`
			`State: webkey.WebKeyState_STATE_ACTIVE,`
			`Config: &webkey.WebKey{`
			`Config: &webkey.WebKey_Rsa{`
			`Rsa: &webkey.WebKeyRSAConfig{`
			`Bits: webkey.WebKeyRSAConfig_RSA_BITS_3072,`
			`Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA384,`
			`},`
			`},`
			`},`
			`},`
			`},`
			`{`
			`name: "ECDSA",`
			`args: args{&query.WebKeyDetails{`
			`KeyID: "keyID",`
			`CreationDate: time.Unix(123, 456),`
			`ChangeDate: time.Unix(789, 0),`
			`Sequence: 123,`
			`State: domain.WebKeyStateActive,`
			`Config: &crypto.WebKeyECDSAConfig{`
			`Curve: crypto.EllipticCurveP384,`
			`},`
			`}},`
			`want: &webkey.GetWebKey{`
			`Details: &resource_object.Details{`
			`Id: "keyID",`
			`Created: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},`
			`Changed: &timestamppb.Timestamp{Seconds: 789, Nanos: 0},`
			`Owner: &object.Owner{Type: object.OwnerType_OWNER_TYPE_INSTANCE, Id: instanceID},`
			`},`
			`State: webkey.WebKeyState_STATE_ACTIVE,`
			`Config: &webkey.WebKey{`
			`Config: &webkey.WebKey_Ecdsa{`
			`Ecdsa: &webkey.WebKeyECDSAConfig{`
			`Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P384,`
			`},`
			`},`
			`},`
			`},`
			`},`
			`{`
			`name: "ED25519",`
			`args: args{&query.WebKeyDetails{`
			`KeyID: "keyID",`
			`CreationDate: time.Unix(123, 456),`
			`ChangeDate: time.Unix(789, 0),`
			`Sequence: 123,`
			`State: domain.WebKeyStateActive,`
			`Config: &crypto.WebKeyED25519Config{},`
			`}},`
			`want: &webkey.GetWebKey{`
			`Details: &resource_object.Details{`
			`Id: "keyID",`
			`Created: &timestamppb.Timestamp{Seconds: 123, Nanos: 456},`
			`Changed: &timestamppb.Timestamp{Seconds: 789, Nanos: 0},`
			`Owner: &object.Owner{Type: object.OwnerType_OWNER_TYPE_INSTANCE, Id: instanceID},`
			`},`
			`State: webkey.WebKeyState_STATE_ACTIVE,`
			`Config: &webkey.WebKey{`
			`Config: &webkey.WebKey_Ed25519{`
			`Ed25519: &webkey.WebKeyED25519Config{},`
			`},`
			`},`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`got := webKeyDetailsToPb(tt.args.details, instanceID)`
			`assert.Equal(t, tt.want, got)`
			`})`
			`}`
			`}`

			`func Test_webKeyStateToPb(t *testing.T) {`
			`type args struct {`
			`state domain.WebKeyState`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`want webkey.WebKeyState`
			`}{`
			`{`
			`name: "unspecified",`
			`args: args{domain.WebKeyStateUnspecified},`
			`want: webkey.WebKeyState_STATE_UNSPECIFIED,`
			`},`
			`{`
			`name: "initial",`
			`args: args{domain.WebKeyStateInitial},`
			`want: webkey.WebKeyState_STATE_INITIAL,`
			`},`
			`{`
			`name: "active",`
			`args: args{domain.WebKeyStateActive},`
			`want: webkey.WebKeyState_STATE_ACTIVE,`
			`},`
			`{`
			`name: "inactive",`
			`args: args{domain.WebKeyStateInactive},`
			`want: webkey.WebKeyState_STATE_INACTIVE,`
			`},`
			`{`
			`name: "removed",`
			`args: args{domain.WebKeyStateRemoved},`
			`want: webkey.WebKeyState_STATE_REMOVED,`
			`},`
			`{`
			`name: "invalid",`
			`args: args{99},`
			`want: webkey.WebKeyState_STATE_UNSPECIFIED,`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`got := webKeyStateToPb(tt.args.state)`
			`assert.Equal(t, tt.want, got)`
			`})`
			`}`
			`}`

			`func Test_webKeyRSAConfigToPb(t *testing.T) {`
			`type args struct {`
			`config *crypto.WebKeyRSAConfig`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`want *webkey.WebKeyRSAConfig`
			`}{`
			`{`
			`name: "2048, RSA256",`
			`args: args{&crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits2048,`
			`Hasher: crypto.RSAHasherSHA256,`
			`}},`
			`want: &webkey.WebKeyRSAConfig{`
			`Bits: webkey.WebKeyRSAConfig_RSA_BITS_2048,`
			`Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA256,`
			`},`
			`},`
			`{`
			`name: "3072, RSA384",`
			`args: args{&crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits3072,`
			`Hasher: crypto.RSAHasherSHA384,`
			`}},`
			`want: &webkey.WebKeyRSAConfig{`
			`Bits: webkey.WebKeyRSAConfig_RSA_BITS_3072,`
			`Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA384,`
			`},`
			`},`
			`{`
			`name: "4096, RSA512",`
			`args: args{&crypto.WebKeyRSAConfig{`
			`Bits: crypto.RSABits4096,`
			`Hasher: crypto.RSAHasherSHA512,`
			`}},`
			`want: &webkey.WebKeyRSAConfig{`
			`Bits: webkey.WebKeyRSAConfig_RSA_BITS_4096,`
			`Hasher: webkey.WebKeyRSAConfig_RSA_HASHER_SHA512,`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`got := webKeyRSAConfigToPb(tt.args.config)`
			`assert.Equal(t, tt.want, got)`
			`})`
			`}`
			`}`

			`func Test_webKeyECDSAConfigToPb(t *testing.T) {`
			`type args struct {`
			`config *crypto.WebKeyECDSAConfig`
			`}`
			`tests := []struct {`
			`name string`
			`args args`
			`want *webkey.WebKeyECDSAConfig`
			`}{`
			`{`
			`name: "P256",`
			`args: args{&crypto.WebKeyECDSAConfig{`
			`Curve: crypto.EllipticCurveP256,`
			`}},`
			`want: &webkey.WebKeyECDSAConfig{`
			`Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P256,`
			`},`
			`},`
			`{`
			`name: "P384",`
			`args: args{&crypto.WebKeyECDSAConfig{`
			`Curve: crypto.EllipticCurveP384,`
			`}},`
			`want: &webkey.WebKeyECDSAConfig{`
			`Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P384,`
			`},`
			`},`
			`{`
			`name: "P512",`
			`args: args{&crypto.WebKeyECDSAConfig{`
			`Curve: crypto.EllipticCurveP512,`
			`}},`
			`want: &webkey.WebKeyECDSAConfig{`
			`Curve: webkey.WebKeyECDSAConfig_ECDSA_CURVE_P512,`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`got := webKeyECDSAConfigToPb(tt.args.config)`
			`assert.Equal(t, tt.want, got)`
			`})`
			`}`
			`}`