]>
Commit | Line | Data |
---|---|---|
df66d815 C |
1 | /* tslint:disable:no-unused-expression */ |
2 | ||
3 | import 'mocha' | |
4 | import { expect } from 'chai' | |
2a8c5d0a | 5 | import { buildRequestStub } from '../../../../shared/utils/miscs/stubs' |
df66d815 C |
6 | import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto' |
7 | import { cloneDeep } from 'lodash' | |
8 | import { buildSignedActivity } from '../../../helpers/activitypub' | |
9 | ||
10 | describe('Test activity pub helpers', function () { | |
11 | describe('When checking the Linked Signature', function () { | |
12 | ||
13 | it('Should fail with an invalid Mastodon signature', async function () { | |
14 | const body = require('./json/mastodon/create-bad-signature.json') | |
15 | const publicKey = require('./json/mastodon/public-key.json').publicKey | |
16 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
17 | ||
18 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | |
19 | ||
20 | expect(result).to.be.false | |
21 | }) | |
22 | ||
23 | it('Should fail with an invalid public key', async function () { | |
24 | const body = require('./json/mastodon/create.json') | |
25 | const publicKey = require('./json/mastodon/bad-public-key.json').publicKey | |
26 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
27 | ||
28 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | |
29 | ||
30 | expect(result).to.be.false | |
31 | }) | |
32 | ||
33 | it('Should succeed with a valid Mastodon signature', async function () { | |
34 | const body = require('./json/mastodon/create.json') | |
35 | const publicKey = require('./json/mastodon/public-key.json').publicKey | |
36 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
37 | ||
38 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | |
39 | ||
40 | expect(result).to.be.true | |
41 | }) | |
42 | ||
43 | it('Should fail with an invalid PeerTube signature', async function () { | |
44 | const keys = require('./json/peertube/invalid-keys.json') | |
45 | const body = require('./json/peertube/announce-without-context.json') | |
46 | ||
47 | const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | |
48 | const signedBody = await buildSignedActivity(actorSignature as any, body) | |
49 | ||
50 | const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
51 | const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) | |
52 | ||
53 | expect(result).to.be.false | |
54 | }) | |
55 | ||
56 | it('Should fail with an invalid PeerTube URL', async function () { | |
57 | const keys = require('./json/peertube/keys.json') | |
58 | const body = require('./json/peertube/announce-without-context.json') | |
59 | ||
60 | const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | |
61 | const signedBody = await buildSignedActivity(actorSignature as any, body) | |
62 | ||
63 | const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9003/accounts/peertube' } | |
64 | const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) | |
65 | ||
66 | expect(result).to.be.false | |
67 | }) | |
68 | ||
69 | it('Should succeed with a valid PeerTube signature', async function () { | |
70 | const keys = require('./json/peertube/keys.json') | |
71 | const body = require('./json/peertube/announce-without-context.json') | |
72 | ||
73 | const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | |
74 | const signedBody = await buildSignedActivity(actorSignature as any, body) | |
75 | ||
76 | const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
77 | const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) | |
78 | ||
79 | expect(result).to.be.true | |
80 | }) | |
81 | }) | |
82 | ||
83 | describe('When checking HTTP signature', function () { | |
84 | it('Should fail with an invalid http signature', async function () { | |
85 | const req = buildRequestStub() | |
86 | req.method = 'POST' | |
87 | req.url = '/accounts/ronan/inbox' | |
88 | ||
89 | const mastodonObject = cloneDeep(require('./json/mastodon/bad-http-signature.json')) | |
90 | req.body = mastodonObject.body | |
91 | req.headers = mastodonObject.headers | |
92 | req.headers.signature = 'Signature ' + req.headers.signature | |
93 | ||
f3e4d594 | 94 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) |
df66d815 C |
95 | const publicKey = require('./json/mastodon/public-key.json').publicKey |
96 | ||
97 | const actor = { publicKey } | |
98 | const verified = isHTTPSignatureVerified(parsed, actor as any) | |
99 | ||
100 | expect(verified).to.be.false | |
101 | }) | |
102 | ||
103 | it('Should fail with an invalid public key', async function () { | |
104 | const req = buildRequestStub() | |
105 | req.method = 'POST' | |
106 | req.url = '/accounts/ronan/inbox' | |
107 | ||
108 | const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) | |
109 | req.body = mastodonObject.body | |
110 | req.headers = mastodonObject.headers | |
111 | req.headers.signature = 'Signature ' + req.headers.signature | |
112 | ||
f3e4d594 | 113 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) |
df66d815 C |
114 | const publicKey = require('./json/mastodon/bad-public-key.json').publicKey |
115 | ||
116 | const actor = { publicKey } | |
117 | const verified = isHTTPSignatureVerified(parsed, actor as any) | |
118 | ||
119 | expect(verified).to.be.false | |
120 | }) | |
121 | ||
122 | it('Should fail because of clock skew', async function () { | |
123 | const req = buildRequestStub() | |
124 | req.method = 'POST' | |
125 | req.url = '/accounts/ronan/inbox' | |
126 | ||
127 | const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) | |
128 | req.body = mastodonObject.body | |
129 | req.headers = mastodonObject.headers | |
130 | req.headers.signature = 'Signature ' + req.headers.signature | |
131 | ||
132 | let errored = false | |
133 | try { | |
134 | parseHTTPSignature(req) | |
135 | } catch { | |
136 | errored = true | |
137 | } | |
138 | ||
139 | expect(errored).to.be.true | |
140 | }) | |
141 | ||
142 | it('Should fail without scheme', async function () { | |
143 | const req = buildRequestStub() | |
144 | req.method = 'POST' | |
145 | req.url = '/accounts/ronan/inbox' | |
146 | ||
147 | const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) | |
148 | req.body = mastodonObject.body | |
149 | req.headers = mastodonObject.headers | |
150 | ||
151 | let errored = false | |
152 | try { | |
f3e4d594 | 153 | parseHTTPSignature(req, 3600 * 1000 * 365 * 10) |
df66d815 C |
154 | } catch { |
155 | errored = true | |
156 | } | |
157 | ||
158 | expect(errored).to.be.true | |
159 | }) | |
160 | ||
161 | it('Should succeed with a valid signature', async function () { | |
162 | const req = buildRequestStub() | |
163 | req.method = 'POST' | |
164 | req.url = '/accounts/ronan/inbox' | |
165 | ||
166 | const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) | |
167 | req.body = mastodonObject.body | |
168 | req.headers = mastodonObject.headers | |
169 | req.headers.signature = 'Signature ' + req.headers.signature | |
170 | ||
f3e4d594 | 171 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) |
df66d815 C |
172 | const publicKey = require('./json/mastodon/public-key.json').publicKey |
173 | ||
174 | const actor = { publicKey } | |
175 | const verified = isHTTPSignatureVerified(parsed, actor as any) | |
176 | ||
177 | expect(verified).to.be.true | |
178 | }) | |
179 | ||
180 | }) | |
181 | ||
182 | }) |