]>
Commit | Line | Data |
---|---|---|
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | |
2 | ||
3 | import 'mocha' | |
4 | import { expect } from 'chai' | |
5 | import { cloneDeep } from 'lodash' | |
6 | import { signAndContextify } from '@server/lib/activitypub/send' | |
7 | import { buildRequestStub } from '@server/tests/shared' | |
8 | import { buildAbsoluteFixturePath } from '@shared/core-utils' | |
9 | import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto' | |
10 | ||
11 | describe('Test activity pub helpers', function () { | |
12 | ||
13 | describe('When checking the Linked Signature', function () { | |
14 | ||
15 | it('Should fail with an invalid Mastodon signature', async function () { | |
16 | const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create-bad-signature.json')) | |
17 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey | |
18 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
19 | ||
20 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | |
21 | ||
22 | expect(result).to.be.false | |
23 | }) | |
24 | ||
25 | it('Should fail with an invalid public key', async function () { | |
26 | const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json')) | |
27 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey | |
28 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
29 | ||
30 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | |
31 | ||
32 | expect(result).to.be.false | |
33 | }) | |
34 | ||
35 | it('Should succeed with a valid Mastodon signature', async function () { | |
36 | const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json')) | |
37 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey | |
38 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
39 | ||
40 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | |
41 | ||
42 | expect(result).to.be.true | |
43 | }) | |
44 | ||
45 | it('Should fail with an invalid PeerTube signature', async function () { | |
46 | const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/invalid-keys.json')) | |
47 | const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json')) | |
48 | ||
49 | const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | |
50 | const signedBody = await signAndContextify(actorSignature as any, body, 'Announce') | |
51 | ||
52 | const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
53 | const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) | |
54 | ||
55 | expect(result).to.be.false | |
56 | }) | |
57 | ||
58 | it('Should succeed with a valid PeerTube signature', async function () { | |
59 | const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json')) | |
60 | const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json')) | |
61 | ||
62 | const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | |
63 | const signedBody = await signAndContextify(actorSignature as any, body, 'Announce') | |
64 | ||
65 | const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' } | |
66 | const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) | |
67 | ||
68 | expect(result).to.be.true | |
69 | }) | |
70 | }) | |
71 | ||
72 | describe('When checking HTTP signature', function () { | |
73 | it('Should fail with an invalid http signature', async function () { | |
74 | const req = buildRequestStub() | |
75 | req.method = 'POST' | |
76 | req.url = '/accounts/ronan/inbox' | |
77 | ||
78 | const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-http-signature.json'))) | |
79 | req.body = mastodonObject.body | |
80 | req.headers = mastodonObject.headers | |
81 | ||
82 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) | |
83 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey | |
84 | ||
85 | const actor = { publicKey } | |
86 | const verified = isHTTPSignatureVerified(parsed, actor as any) | |
87 | ||
88 | expect(verified).to.be.false | |
89 | }) | |
90 | ||
91 | it('Should fail with an invalid public key', async function () { | |
92 | const req = buildRequestStub() | |
93 | req.method = 'POST' | |
94 | req.url = '/accounts/ronan/inbox' | |
95 | ||
96 | const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json'))) | |
97 | req.body = mastodonObject.body | |
98 | req.headers = mastodonObject.headers | |
99 | ||
100 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) | |
101 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey | |
102 | ||
103 | const actor = { publicKey } | |
104 | const verified = isHTTPSignatureVerified(parsed, actor as any) | |
105 | ||
106 | expect(verified).to.be.false | |
107 | }) | |
108 | ||
109 | it('Should fail because of clock skew', async function () { | |
110 | const req = buildRequestStub() | |
111 | req.method = 'POST' | |
112 | req.url = '/accounts/ronan/inbox' | |
113 | ||
114 | const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json'))) | |
115 | req.body = mastodonObject.body | |
116 | req.headers = mastodonObject.headers | |
117 | ||
118 | let errored = false | |
119 | try { | |
120 | parseHTTPSignature(req) | |
121 | } catch { | |
122 | errored = true | |
123 | } | |
124 | ||
125 | expect(errored).to.be.true | |
126 | }) | |
127 | ||
128 | it('Should with a scheme', async function () { | |
129 | const req = buildRequestStub() | |
130 | req.method = 'POST' | |
131 | req.url = '/accounts/ronan/inbox' | |
132 | ||
133 | const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json'))) | |
134 | req.body = mastodonObject.body | |
135 | req.headers = mastodonObject.headers | |
136 | req.headers = 'Signature ' + mastodonObject.headers | |
137 | ||
138 | let errored = false | |
139 | try { | |
140 | parseHTTPSignature(req, 3600 * 1000 * 365 * 10) | |
141 | } catch { | |
142 | errored = true | |
143 | } | |
144 | ||
145 | expect(errored).to.be.true | |
146 | }) | |
147 | ||
148 | it('Should succeed with a valid signature', async function () { | |
149 | const req = buildRequestStub() | |
150 | req.method = 'POST' | |
151 | req.url = '/accounts/ronan/inbox' | |
152 | ||
153 | const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json'))) | |
154 | req.body = mastodonObject.body | |
155 | req.headers = mastodonObject.headers | |
156 | ||
157 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) | |
158 | const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey | |
159 | ||
160 | const actor = { publicKey } | |
161 | const verified = isHTTPSignatureVerified(parsed, actor as any) | |
162 | ||
163 | expect(verified).to.be.true | |
164 | }) | |
165 | ||
166 | }) | |
167 | ||
168 | }) |