]>
Commit | Line | Data |
---|---|---|
a1587156 | 1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ |
df66d815 C |
2 | |
3 | import 'mocha' | |
4 | import { expect } from 'chai' | |
df66d815 | 5 | import { cloneDeep } from 'lodash' |
a219c910 | 6 | import { signAndContextify } from '@server/lib/activitypub/send' |
c55e3d72 C |
7 | import { buildRequestStub } from '@server/tests/shared' |
8 | import { buildAbsoluteFixturePath } from '@shared/core-utils' | |
6c5065a0 | 9 | import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto' |
df66d815 C |
10 | |
11 | describe('Test activity pub helpers', function () { | |
4d526901 | 12 | |
df66d815 C |
13 | describe('When checking the Linked Signature', function () { |
14 | ||
15 | it('Should fail with an invalid Mastodon signature', async function () { | |
3d470a53 C |
16 | const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create-bad-signature.json')) |
17 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey | |
df66d815 C |
18 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } |
19 | ||
20 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | |
21 | ||
22 | expect(result).to.be.false | |
23 | }) | |
24 | ||
25 | it('Should fail with an invalid public key', async function () { | |
3d470a53 C |
26 | const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json')) |
27 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey | |
df66d815 C |
28 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } |
29 | ||
30 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | |
31 | ||
32 | expect(result).to.be.false | |
33 | }) | |
34 | ||
35 | it('Should succeed with a valid Mastodon signature', async function () { | |
3d470a53 C |
36 | const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json')) |
37 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey | |
df66d815 C |
38 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } |
39 | ||
40 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | |
41 | ||
42 | expect(result).to.be.true | |
43 | }) | |
44 | ||
45 | it('Should fail with an invalid PeerTube signature', async function () { | |
3d470a53 C |
46 | const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/invalid-keys.json')) |
47 | const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json')) | |
df66d815 C |
48 | |
49 | const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | |
a219c910 | 50 | const signedBody = await signAndContextify(actorSignature as any, body, 'Announce') |
df66d815 C |
51 | |
52 | const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
53 | const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) | |
54 | ||
55 | expect(result).to.be.false | |
56 | }) | |
57 | ||
df66d815 | 58 | it('Should succeed with a valid PeerTube signature', async function () { |
3d470a53 C |
59 | const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json')) |
60 | const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json')) | |
df66d815 C |
61 | |
62 | const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | |
a219c910 | 63 | const signedBody = await signAndContextify(actorSignature as any, body, 'Announce') |
df66d815 C |
64 | |
65 | const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
66 | const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) | |
67 | ||
68 | expect(result).to.be.true | |
69 | }) | |
70 | }) | |
71 | ||
72 | describe('When checking HTTP signature', function () { | |
73 | it('Should fail with an invalid http signature', async function () { | |
74 | const req = buildRequestStub() | |
75 | req.method = 'POST' | |
76 | req.url = '/accounts/ronan/inbox' | |
77 | ||
3d470a53 | 78 | const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-http-signature.json'))) |
df66d815 C |
79 | req.body = mastodonObject.body |
80 | req.headers = mastodonObject.headers | |
df66d815 | 81 | |
f3e4d594 | 82 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) |
3d470a53 | 83 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey |
df66d815 C |
84 | |
85 | const actor = { publicKey } | |
86 | const verified = isHTTPSignatureVerified(parsed, actor as any) | |
87 | ||
88 | expect(verified).to.be.false | |
89 | }) | |
90 | ||
91 | it('Should fail with an invalid public key', async function () { | |
92 | const req = buildRequestStub() | |
93 | req.method = 'POST' | |
94 | req.url = '/accounts/ronan/inbox' | |
95 | ||
3d470a53 | 96 | const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json'))) |
df66d815 C |
97 | req.body = mastodonObject.body |
98 | req.headers = mastodonObject.headers | |
df66d815 | 99 | |
f3e4d594 | 100 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) |
3d470a53 | 101 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey |
df66d815 C |
102 | |
103 | const actor = { publicKey } | |
104 | const verified = isHTTPSignatureVerified(parsed, actor as any) | |
105 | ||
106 | expect(verified).to.be.false | |
107 | }) | |
108 | ||
109 | it('Should fail because of clock skew', async function () { | |
110 | const req = buildRequestStub() | |
111 | req.method = 'POST' | |
112 | req.url = '/accounts/ronan/inbox' | |
113 | ||
3d470a53 | 114 | const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json'))) |
df66d815 C |
115 | req.body = mastodonObject.body |
116 | req.headers = mastodonObject.headers | |
df66d815 C |
117 | |
118 | let errored = false | |
119 | try { | |
120 | parseHTTPSignature(req) | |
121 | } catch { | |
122 | errored = true | |
123 | } | |
124 | ||
125 | expect(errored).to.be.true | |
126 | }) | |
127 | ||
e6122097 | 128 | it('Should with a scheme', async function () { |
df66d815 C |
129 | const req = buildRequestStub() |
130 | req.method = 'POST' | |
131 | req.url = '/accounts/ronan/inbox' | |
132 | ||
3d470a53 | 133 | const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json'))) |
df66d815 C |
134 | req.body = mastodonObject.body |
135 | req.headers = mastodonObject.headers | |
e6122097 | 136 | req.headers = 'Signature ' + mastodonObject.headers |
df66d815 C |
137 | |
138 | let errored = false | |
139 | try { | |
f3e4d594 | 140 | parseHTTPSignature(req, 3600 * 1000 * 365 * 10) |
df66d815 C |
141 | } catch { |
142 | errored = true | |
143 | } | |
144 | ||
145 | expect(errored).to.be.true | |
146 | }) | |
147 | ||
148 | it('Should succeed with a valid signature', async function () { | |
149 | const req = buildRequestStub() | |
150 | req.method = 'POST' | |
151 | req.url = '/accounts/ronan/inbox' | |
152 | ||
3d470a53 | 153 | const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json'))) |
df66d815 C |
154 | req.body = mastodonObject.body |
155 | req.headers = mastodonObject.headers | |
df66d815 | 156 | |
f3e4d594 | 157 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) |
3d470a53 | 158 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey |
df66d815 C |
159 | |
160 | const actor = { publicKey } | |
161 | const verified = isHTTPSignatureVerified(parsed, actor as any) | |
162 | ||
163 | expect(verified).to.be.true | |
164 | }) | |
165 | ||
166 | }) | |
167 | ||
168 | }) |