[github/Chocobozzz/PeerTube.git] / server / tests / api / activitypub / helpers.ts

/* tslint:disable:no-unused-expression */

import 'mocha'
import { expect } from 'chai'
import { buildRequestStub } from '../../../../shared/extra-utils/miscs/stubs'
import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto'
import { cloneDeep } from 'lodash'
import { buildSignedActivity } from '../../../helpers/activitypub'

describe('Test activity pub helpers', function () {
  describe('When checking the Linked Signature', function () {

    it('Should fail with an invalid Mastodon signature', async function () {
      const body = require('./json/mastodon/create-bad-signature.json')
      const publicKey = require('./json/mastodon/public-key.json').publicKey
      const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }

      const result = await isJsonLDSignatureVerified(fromActor as any, body)

      expect(result).to.be.false
    })

    it('Should fail with an invalid public key', async function () {
      const body = require('./json/mastodon/create.json')
      const publicKey = require('./json/mastodon/bad-public-key.json').publicKey
      const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }

      const result = await isJsonLDSignatureVerified(fromActor as any, body)

      expect(result).to.be.false
    })

    it('Should succeed with a valid Mastodon signature', async function () {
      const body = require('./json/mastodon/create.json')
      const publicKey = require('./json/mastodon/public-key.json').publicKey
      const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }

      const result = await isJsonLDSignatureVerified(fromActor as any, body)

      expect(result).to.be.true
    })

    it('Should fail with an invalid PeerTube signature', async function () {
      const keys = require('./json/peertube/invalid-keys.json')
      const body = require('./json/peertube/announce-without-context.json')

      const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
      const signedBody = await buildSignedActivity(actorSignature as any, body)

      const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
      const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)

      expect(result).to.be.false
    })

    it('Should succeed with a valid PeerTube signature', async function () {
      const keys = require('./json/peertube/keys.json')
      const body = require('./json/peertube/announce-without-context.json')

      const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
      const signedBody = await buildSignedActivity(actorSignature as any, body)

      const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
      const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)

      expect(result).to.be.true
    })
  })

  describe('When checking HTTP signature', function () {
    it('Should fail with an invalid http signature', async function () {
      const req = buildRequestStub()
      req.method = 'POST'
      req.url = '/accounts/ronan/inbox'

      const mastodonObject = cloneDeep(require('./json/mastodon/bad-http-signature.json'))
      req.body = mastodonObject.body
      req.headers = mastodonObject.headers

      const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
      const publicKey = require('./json/mastodon/public-key.json').publicKey

      const actor = { publicKey }
      const verified = isHTTPSignatureVerified(parsed, actor as any)

      expect(verified).to.be.false
    })

    it('Should fail with an invalid public key', async function () {
      const req = buildRequestStub()
      req.method = 'POST'
      req.url = '/accounts/ronan/inbox'

      const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
      req.body = mastodonObject.body
      req.headers = mastodonObject.headers

      const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
      const publicKey = require('./json/mastodon/bad-public-key.json').publicKey

      const actor = { publicKey }
      const verified = isHTTPSignatureVerified(parsed, actor as any)

      expect(verified).to.be.false
    })

    it('Should fail because of clock skew', async function () {
      const req = buildRequestStub()
      req.method = 'POST'
      req.url = '/accounts/ronan/inbox'

      const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
      req.body = mastodonObject.body
      req.headers = mastodonObject.headers

      let errored = false
      try {
        parseHTTPSignature(req)
      } catch {
        errored = true
      }

      expect(errored).to.be.true
    })

    it('Should with a scheme', async function () {
      const req = buildRequestStub()
      req.method = 'POST'
      req.url = '/accounts/ronan/inbox'

      const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
      req.body = mastodonObject.body
      req.headers = mastodonObject.headers
      req.headers = 'Signature ' + mastodonObject.headers

      let errored = false
      try {
        parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
      } catch {
        errored = true
      }

      expect(errored).to.be.true
    })

    it('Should succeed with a valid signature', async function () {
      const req = buildRequestStub()
      req.method = 'POST'
      req.url = '/accounts/ronan/inbox'

      const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
      req.body = mastodonObject.body
      req.headers = mastodonObject.headers

      const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
      const publicKey = require('./json/mastodon/public-key.json').publicKey

      const actor = { publicKey }
      const verified = isHTTPSignatureVerified(parsed, actor as any)

      expect(verified).to.be.true
    })

  })

})
Commit	Line	Data
df66d815 C	1	/* tslint:disable:no-unused-expression */
	2
	3	import 'mocha'
	4	import { expect } from 'chai'
94565d52	5	import { buildRequestStub } from '../../../../shared/extra-utils/miscs/stubs'
df66d815 C	6	import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto'
	7	import { cloneDeep } from 'lodash'
	8	import { buildSignedActivity } from '../../../helpers/activitypub'
	9
	10	describe('Test activity pub helpers', function () {
	11	describe('When checking the Linked Signature', function () {
	12
	13	it('Should fail with an invalid Mastodon signature', async function () {
	14	const body = require('./json/mastodon/create-bad-signature.json')
	15	const publicKey = require('./json/mastodon/public-key.json').publicKey
	16	const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
	17
	18	const result = await isJsonLDSignatureVerified(fromActor as any, body)
	19
	20	expect(result).to.be.false
	21	})
	22
	23	it('Should fail with an invalid public key', async function () {
	24	const body = require('./json/mastodon/create.json')
	25	const publicKey = require('./json/mastodon/bad-public-key.json').publicKey
	26	const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
	27
	28	const result = await isJsonLDSignatureVerified(fromActor as any, body)
	29
	30	expect(result).to.be.false
	31	})
	32
	33	it('Should succeed with a valid Mastodon signature', async function () {
	34	const body = require('./json/mastodon/create.json')
	35	const publicKey = require('./json/mastodon/public-key.json').publicKey
	36	const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
	37
	38	const result = await isJsonLDSignatureVerified(fromActor as any, body)
	39
	40	expect(result).to.be.true
	41	})
	42
	43	it('Should fail with an invalid PeerTube signature', async function () {
	44	const keys = require('./json/peertube/invalid-keys.json')
	45	const body = require('./json/peertube/announce-without-context.json')
	46
	47	const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
	48	const signedBody = await buildSignedActivity(actorSignature as any, body)
	49
	50	const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
	51	const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
	52
	53	expect(result).to.be.false
	54	})
	55
df66d815 C	56	it('Should succeed with a valid PeerTube signature', async function () {
	57	const keys = require('./json/peertube/keys.json')
	58	const body = require('./json/peertube/announce-without-context.json')
	59
	60	const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
	61	const signedBody = await buildSignedActivity(actorSignature as any, body)
	62
	63	const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
	64	const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
	65
	66	expect(result).to.be.true
	67	})
	68	})
	69
	70	describe('When checking HTTP signature', function () {
	71	it('Should fail with an invalid http signature', async function () {
	72	const req = buildRequestStub()
	73	req.method = 'POST'
	74	req.url = '/accounts/ronan/inbox'
	75
	76	const mastodonObject = cloneDeep(require('./json/mastodon/bad-http-signature.json'))
	77	req.body = mastodonObject.body
	78	req.headers = mastodonObject.headers
df66d815	79
f3e4d594	80	const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
df66d815 C	81	const publicKey = require('./json/mastodon/public-key.json').publicKey
	82
	83	const actor = { publicKey }
	84	const verified = isHTTPSignatureVerified(parsed, actor as any)
	85
	86	expect(verified).to.be.false
	87	})
	88
	89	it('Should fail with an invalid public key', async function () {
	90	const req = buildRequestStub()
	91	req.method = 'POST'
	92	req.url = '/accounts/ronan/inbox'
	93
	94	const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
	95	req.body = mastodonObject.body
	96	req.headers = mastodonObject.headers
df66d815	97
f3e4d594	98	const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
df66d815 C	99	const publicKey = require('./json/mastodon/bad-public-key.json').publicKey
	100
	101	const actor = { publicKey }
	102	const verified = isHTTPSignatureVerified(parsed, actor as any)
	103
	104	expect(verified).to.be.false
	105	})
	106
	107	it('Should fail because of clock skew', async function () {
	108	const req = buildRequestStub()
	109	req.method = 'POST'
	110	req.url = '/accounts/ronan/inbox'
	111
	112	const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
	113	req.body = mastodonObject.body
	114	req.headers = mastodonObject.headers
df66d815 C	115
	116	let errored = false
	117	try {
	118	parseHTTPSignature(req)
	119	} catch {
	120	errored = true
	121	}
	122
	123	expect(errored).to.be.true
	124	})
	125
e6122097	126	it('Should with a scheme', async function () {
df66d815 C	127	const req = buildRequestStub()
	128	req.method = 'POST'
	129	req.url = '/accounts/ronan/inbox'
	130
	131	const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
	132	req.body = mastodonObject.body
	133	req.headers = mastodonObject.headers
e6122097	134	req.headers = 'Signature ' + mastodonObject.headers
df66d815 C	135
	136	let errored = false
	137	try {
f3e4d594	138	parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
df66d815 C	139	} catch {
	140	errored = true
	141	}
	142
	143	expect(errored).to.be.true
	144	})
	145
	146	it('Should succeed with a valid signature', async function () {
	147	const req = buildRequestStub()
	148	req.method = 'POST'
	149	req.url = '/accounts/ronan/inbox'
	150
	151	const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
	152	req.body = mastodonObject.body
	153	req.headers = mastodonObject.headers
df66d815	154
f3e4d594	155	const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
df66d815 C	156	const publicKey = require('./json/mastodon/public-key.json').publicKey
	157
	158	const actor = { publicKey }
	159	const verified = isHTTPSignatureVerified(parsed, actor as any)
	160
	161	expect(verified).to.be.true
	162	})
	163
	164	})
	165
	166	})