1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
4 import { expect } from 'chai'
5 import { cloneDeep } from 'lodash'
6 import { signAndContextify } from '@server/lib/activitypub/send'
7 import { buildRequestStub } from '@server/tests/shared'
8 import { buildAbsoluteFixturePath } from '@shared/core-utils'
9 import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto'
11 describe('Test activity pub helpers', function () {
13 describe('When checking the Linked Signature', function () {
15 it('Should fail with an invalid Mastodon signature', async function () {
16 const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create-bad-signature.json'))
17 const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
18 const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
20 const result = await isJsonLDSignatureVerified(fromActor as any, body)
22 expect(result).to.be.false
25 it('Should fail with an invalid public key', async function () {
26 const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json'))
27 const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey
28 const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
30 const result = await isJsonLDSignatureVerified(fromActor as any, body)
32 expect(result).to.be.false
35 it('Should succeed with a valid Mastodon signature', async function () {
36 const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json'))
37 const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
38 const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
40 const result = await isJsonLDSignatureVerified(fromActor as any, body)
42 expect(result).to.be.true
45 it('Should fail with an invalid PeerTube signature', async function () {
46 const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/invalid-keys.json'))
47 const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))
49 const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
50 const signedBody = await signAndContextify(actorSignature as any, body, 'Announce')
52 const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
53 const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
55 expect(result).to.be.false
58 it('Should succeed with a valid PeerTube signature', async function () {
59 const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json'))
60 const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))
62 const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
63 const signedBody = await signAndContextify(actorSignature as any, body, 'Announce')
65 const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
66 const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
68 expect(result).to.be.true
72 describe('When checking HTTP signature', function () {
73 it('Should fail with an invalid http signature', async function () {
74 const req = buildRequestStub()
76 req.url = '/accounts/ronan/inbox'
78 const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-http-signature.json')))
79 req.body = mastodonObject.body
80 req.headers = mastodonObject.headers
82 const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
83 const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
85 const actor = { publicKey }
86 const verified = isHTTPSignatureVerified(parsed, actor as any)
88 expect(verified).to.be.false
91 it('Should fail with an invalid public key', async function () {
92 const req = buildRequestStub()
94 req.url = '/accounts/ronan/inbox'
96 const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
97 req.body = mastodonObject.body
98 req.headers = mastodonObject.headers
100 const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
101 const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey
103 const actor = { publicKey }
104 const verified = isHTTPSignatureVerified(parsed, actor as any)
106 expect(verified).to.be.false
109 it('Should fail because of clock skew', async function () {
110 const req = buildRequestStub()
112 req.url = '/accounts/ronan/inbox'
114 const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
115 req.body = mastodonObject.body
116 req.headers = mastodonObject.headers
120 parseHTTPSignature(req)
125 expect(errored).to.be.true
128 it('Should with a scheme', async function () {
129 const req = buildRequestStub()
131 req.url = '/accounts/ronan/inbox'
133 const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
134 req.body = mastodonObject.body
135 req.headers = mastodonObject.headers
136 req.headers = 'Signature ' + mastodonObject.headers
140 parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
145 expect(errored).to.be.true
148 it('Should succeed with a valid signature', async function () {
149 const req = buildRequestStub()
151 req.url = '/accounts/ronan/inbox'
153 const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
154 req.body = mastodonObject.body
155 req.headers = mastodonObject.headers
157 const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
158 const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
160 const actor = { publicKey }
161 const verified = isHTTPSignatureVerified(parsed, actor as any)
163 expect(verified).to.be.true