1 /* tslint:disable:no-unused-expression */
4 import { expect } from 'chai'
5 import { buildRequestStub } from '../../../../shared/extra-utils/miscs/stubs'
6 import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto'
7 import { cloneDeep } from 'lodash'
8 import { buildSignedActivity } from '../../../helpers/activitypub'
10 describe('Test activity pub helpers', function () {
11 describe('When checking the Linked Signature', function () {
13 it('Should fail with an invalid Mastodon signature', async function () {
14 const body = require('./json/mastodon/create-bad-signature.json')
15 const publicKey = require('./json/mastodon/public-key.json').publicKey
16 const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
18 const result = await isJsonLDSignatureVerified(fromActor as any, body)
20 expect(result).to.be.false
23 it('Should fail with an invalid public key', async function () {
24 const body = require('./json/mastodon/create.json')
25 const publicKey = require('./json/mastodon/bad-public-key.json').publicKey
26 const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
28 const result = await isJsonLDSignatureVerified(fromActor as any, body)
30 expect(result).to.be.false
33 it('Should succeed with a valid Mastodon signature', async function () {
34 const body = require('./json/mastodon/create.json')
35 const publicKey = require('./json/mastodon/public-key.json').publicKey
36 const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
38 const result = await isJsonLDSignatureVerified(fromActor as any, body)
40 expect(result).to.be.true
43 it('Should fail with an invalid PeerTube signature', async function () {
44 const keys = require('./json/peertube/invalid-keys.json')
45 const body = require('./json/peertube/announce-without-context.json')
47 const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
48 const signedBody = await buildSignedActivity(actorSignature as any, body)
50 const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
51 const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
53 expect(result).to.be.false
56 it('Should fail with an invalid PeerTube URL', async function () {
57 const keys = require('./json/peertube/keys.json')
58 const body = require('./json/peertube/announce-without-context.json')
60 const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
61 const signedBody = await buildSignedActivity(actorSignature as any, body)
63 const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9003/accounts/peertube' }
64 const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
66 expect(result).to.be.false
69 it('Should succeed with a valid PeerTube signature', async function () {
70 const keys = require('./json/peertube/keys.json')
71 const body = require('./json/peertube/announce-without-context.json')
73 const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
74 const signedBody = await buildSignedActivity(actorSignature as any, body)
76 const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
77 const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
79 expect(result).to.be.true
83 describe('When checking HTTP signature', function () {
84 it('Should fail with an invalid http signature', async function () {
85 const req = buildRequestStub()
87 req.url = '/accounts/ronan/inbox'
89 const mastodonObject = cloneDeep(require('./json/mastodon/bad-http-signature.json'))
90 req.body = mastodonObject.body
91 req.headers = mastodonObject.headers
92 req.headers.signature = 'Signature ' + req.headers.signature
94 const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
95 const publicKey = require('./json/mastodon/public-key.json').publicKey
97 const actor = { publicKey }
98 const verified = isHTTPSignatureVerified(parsed, actor as any)
100 expect(verified).to.be.false
103 it('Should fail with an invalid public key', async function () {
104 const req = buildRequestStub()
106 req.url = '/accounts/ronan/inbox'
108 const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
109 req.body = mastodonObject.body
110 req.headers = mastodonObject.headers
111 req.headers.signature = 'Signature ' + req.headers.signature
113 const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
114 const publicKey = require('./json/mastodon/bad-public-key.json').publicKey
116 const actor = { publicKey }
117 const verified = isHTTPSignatureVerified(parsed, actor as any)
119 expect(verified).to.be.false
122 it('Should fail because of clock skew', async function () {
123 const req = buildRequestStub()
125 req.url = '/accounts/ronan/inbox'
127 const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
128 req.body = mastodonObject.body
129 req.headers = mastodonObject.headers
130 req.headers.signature = 'Signature ' + req.headers.signature
134 parseHTTPSignature(req)
139 expect(errored).to.be.true
142 it('Should fail without scheme', async function () {
143 const req = buildRequestStub()
145 req.url = '/accounts/ronan/inbox'
147 const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
148 req.body = mastodonObject.body
149 req.headers = mastodonObject.headers
153 parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
158 expect(errored).to.be.true
161 it('Should succeed with a valid signature', async function () {
162 const req = buildRequestStub()
164 req.url = '/accounts/ronan/inbox'
166 const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
167 req.body = mastodonObject.body
168 req.headers = mastodonObject.headers
169 req.headers.signature = 'Signature ' + req.headers.signature
171 const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
172 const publicKey = require('./json/mastodon/public-key.json').publicKey
174 const actor = { publicKey }
175 const verified = isHTTPSignatureVerified(parsed, actor as any)
177 expect(verified).to.be.true