[github/Chocobozzz/PeerTube.git] / server / tests / api / activitypub / helpers.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import 'mocha'
import { expect } from 'chai'
import { cloneDeep } from 'lodash'
import { buildAbsoluteFixturePath, buildRequestStub } from '@shared/extra-utils'
import { buildSignedActivity } from '../../../helpers/activitypub'
import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto'

describe('Test activity pub helpers', function () {
  describe('When checking the Linked Signature', function () {

    it('Should fail with an invalid Mastodon signature', async function () {
      const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create-bad-signature.json'))
      const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
      const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }

      const result = await isJsonLDSignatureVerified(fromActor as any, body)

      expect(result).to.be.false
    })

    it('Should fail with an invalid public key', async function () {
      const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json'))
      const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey
      const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }

      const result = await isJsonLDSignatureVerified(fromActor as any, body)

      expect(result).to.be.false
    })

    it('Should succeed with a valid Mastodon signature', async function () {
      const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json'))
      const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
      const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }

      const result = await isJsonLDSignatureVerified(fromActor as any, body)

      expect(result).to.be.true
    })

    it('Should fail with an invalid PeerTube signature', async function () {
      const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/invalid-keys.json'))
      const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))

      const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
      const signedBody = await buildSignedActivity(actorSignature as any, body)

      const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
      const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)

      expect(result).to.be.false
    })

    it('Should succeed with a valid PeerTube signature', async function () {
      const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json'))
      const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))

      const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
      const signedBody = await buildSignedActivity(actorSignature as any, body)

      const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
      const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)

      expect(result).to.be.true
    })
  })

  describe('When checking HTTP signature', function () {
    it('Should fail with an invalid http signature', async function () {
      const req = buildRequestStub()
      req.method = 'POST'
      req.url = '/accounts/ronan/inbox'

      const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-http-signature.json')))
      req.body = mastodonObject.body
      req.headers = mastodonObject.headers

      const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
      const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey

      const actor = { publicKey }
      const verified = isHTTPSignatureVerified(parsed, actor as any)

      expect(verified).to.be.false
    })

    it('Should fail with an invalid public key', async function () {
      const req = buildRequestStub()
      req.method = 'POST'
      req.url = '/accounts/ronan/inbox'

      const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
      req.body = mastodonObject.body
      req.headers = mastodonObject.headers

      const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
      const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey

      const actor = { publicKey }
      const verified = isHTTPSignatureVerified(parsed, actor as any)

      expect(verified).to.be.false
    })

    it('Should fail because of clock skew', async function () {
      const req = buildRequestStub()
      req.method = 'POST'
      req.url = '/accounts/ronan/inbox'

      const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
      req.body = mastodonObject.body
      req.headers = mastodonObject.headers

      let errored = false
      try {
        parseHTTPSignature(req)
      } catch {
        errored = true
      }

      expect(errored).to.be.true
    })

    it('Should with a scheme', async function () {
      const req = buildRequestStub()
      req.method = 'POST'
      req.url = '/accounts/ronan/inbox'

      const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
      req.body = mastodonObject.body
      req.headers = mastodonObject.headers
      req.headers = 'Signature ' + mastodonObject.headers

      let errored = false
      try {
        parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
      } catch {
        errored = true
      }

      expect(errored).to.be.true
    })

    it('Should succeed with a valid signature', async function () {
      const req = buildRequestStub()
      req.method = 'POST'
      req.url = '/accounts/ronan/inbox'

      const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
      req.body = mastodonObject.body
      req.headers = mastodonObject.headers

      const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
      const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey

      const actor = { publicKey }
      const verified = isHTTPSignatureVerified(parsed, actor as any)

      expect(verified).to.be.true
    })

  })

})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
df66d815 C	2
	3	import 'mocha'
	4	import { expect } from 'chai'
df66d815	5	import { cloneDeep } from 'lodash'
6c5065a0	6	import { buildAbsoluteFixturePath, buildRequestStub } from '@shared/extra-utils'
df66d815	7	import { buildSignedActivity } from '../../../helpers/activitypub'
6c5065a0	8	import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto'
df66d815 C	9
	10	describe('Test activity pub helpers', function () {
	11	describe('When checking the Linked Signature', function () {
	12
	13	it('Should fail with an invalid Mastodon signature', async function () {
3d470a53 C	14	const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create-bad-signature.json'))
3d470a53 C	15	const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
df66d815 C	16	const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
	17
	18	const result = await isJsonLDSignatureVerified(fromActor as any, body)
	19
	20	expect(result).to.be.false
	21	})
	22
	23	it('Should fail with an invalid public key', async function () {
3d470a53 C	24	const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json'))
3d470a53 C	25	const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey
df66d815 C	26	const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
	27
	28	const result = await isJsonLDSignatureVerified(fromActor as any, body)
	29
	30	expect(result).to.be.false
	31	})
	32
	33	it('Should succeed with a valid Mastodon signature', async function () {
3d470a53 C	34	const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json'))
3d470a53 C	35	const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
df66d815 C	36	const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
	37
	38	const result = await isJsonLDSignatureVerified(fromActor as any, body)
	39
	40	expect(result).to.be.true
	41	})
	42
	43	it('Should fail with an invalid PeerTube signature', async function () {
3d470a53 C	44	const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/invalid-keys.json'))
3d470a53 C	45	const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))
df66d815 C	46
	47	const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
	48	const signedBody = await buildSignedActivity(actorSignature as any, body)
	49
	50	const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
	51	const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
	52
	53	expect(result).to.be.false
	54	})
	55
df66d815	56	it('Should succeed with a valid PeerTube signature', async function () {
3d470a53 C	57	const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json'))
3d470a53 C	58	const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))
df66d815 C	59
	60	const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
	61	const signedBody = await buildSignedActivity(actorSignature as any, body)
	62
	63	const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
	64	const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
	65
	66	expect(result).to.be.true
	67	})
	68	})
	69
	70	describe('When checking HTTP signature', function () {
	71	it('Should fail with an invalid http signature', async function () {
	72	const req = buildRequestStub()
	73	req.method = 'POST'
	74	req.url = '/accounts/ronan/inbox'
	75
3d470a53	76	const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-http-signature.json')))
df66d815 C	77	req.body = mastodonObject.body
df66d815 C	78	req.headers = mastodonObject.headers
df66d815	79
f3e4d594	80	const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
3d470a53	81	const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
df66d815 C	82
	83	const actor = { publicKey }
	84	const verified = isHTTPSignatureVerified(parsed, actor as any)
	85
	86	expect(verified).to.be.false
	87	})
	88
	89	it('Should fail with an invalid public key', async function () {
	90	const req = buildRequestStub()
	91	req.method = 'POST'
	92	req.url = '/accounts/ronan/inbox'
	93
3d470a53	94	const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
df66d815 C	95	req.body = mastodonObject.body
df66d815 C	96	req.headers = mastodonObject.headers
df66d815	97
f3e4d594	98	const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
3d470a53	99	const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey
df66d815 C	100
	101	const actor = { publicKey }
	102	const verified = isHTTPSignatureVerified(parsed, actor as any)
	103
	104	expect(verified).to.be.false
	105	})
	106
	107	it('Should fail because of clock skew', async function () {
	108	const req = buildRequestStub()
	109	req.method = 'POST'
	110	req.url = '/accounts/ronan/inbox'
	111
3d470a53	112	const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
df66d815 C	113	req.body = mastodonObject.body
df66d815 C	114	req.headers = mastodonObject.headers
df66d815 C	115
	116	let errored = false
	117	try {
	118	parseHTTPSignature(req)
	119	} catch {
	120	errored = true
	121	}
	122
	123	expect(errored).to.be.true
	124	})
	125
e6122097	126	it('Should with a scheme', async function () {
df66d815 C	127	const req = buildRequestStub()
	128	req.method = 'POST'
	129	req.url = '/accounts/ronan/inbox'
	130
3d470a53	131	const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
df66d815 C	132	req.body = mastodonObject.body
df66d815 C	133	req.headers = mastodonObject.headers
e6122097	134	req.headers = 'Signature ' + mastodonObject.headers
df66d815 C	135
	136	let errored = false
	137	try {
f3e4d594	138	parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
df66d815 C	139	} catch {
	140	errored = true
	141	}
	142
	143	expect(errored).to.be.true
	144	})
	145
	146	it('Should succeed with a valid signature', async function () {
	147	const req = buildRequestStub()
	148	req.method = 'POST'
	149	req.url = '/accounts/ronan/inbox'
	150
3d470a53	151	const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
df66d815 C	152	req.body = mastodonObject.body
df66d815 C	153	req.headers = mastodonObject.headers
df66d815	154
f3e4d594	155	const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
3d470a53	156	const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
df66d815 C	157
	158	const actor = { publicKey }
	159	const verified = isHTTPSignatureVerified(parsed, actor as any)
	160
	161	expect(verified).to.be.true
	162	})
	163
	164	})
	165
	166	})