server/tests/api/activitypub/helpers.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { expect } from 'chai'
   5 import { cloneDeep } from 'lodash'
   6 import { signAndContextify } from '@server/lib/activitypub/send'
   7 import { buildRequestStub } from '@server/tests/shared'
   8 import { buildAbsoluteFixturePath } from '@shared/core-utils'
   9 import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto'
  10
  11 describe('Test activity pub helpers', function () {
  12
  13   describe('When checking the Linked Signature', function () {
  14
  15     it('Should fail with an invalid Mastodon signature', async function () {
  16       const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create-bad-signature.json'))
  17       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
  18       const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
  19
  20       const result = await isJsonLDSignatureVerified(fromActor as any, body)
  21
  22       expect(result).to.be.false
  23     })
  24
  25     it('Should fail with an invalid public key', async function () {
  26       const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json'))
  27       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey
  28       const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
  29
  30       const result = await isJsonLDSignatureVerified(fromActor as any, body)
  31
  32       expect(result).to.be.false
  33     })
  34
  35     it('Should succeed with a valid Mastodon signature', async function () {
  36       const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json'))
  37       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
  38       const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
  39
  40       const result = await isJsonLDSignatureVerified(fromActor as any, body)
  41
  42       expect(result).to.be.true
  43     })
  44
  45     it('Should fail with an invalid PeerTube signature', async function () {
  46       const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/invalid-keys.json'))
  47       const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))
  48
  49       const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
  50       const signedBody = await signAndContextify(actorSignature as any, body, 'Announce')
  51
  52       const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
  53       const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
  54
  55       expect(result).to.be.false
  56     })
  57
  58     it('Should succeed with a valid PeerTube signature', async function () {
  59       const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json'))
  60       const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))
  61
  62       const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
  63       const signedBody = await signAndContextify(actorSignature as any, body, 'Announce')
  64
  65       const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
  66       const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
  67
  68       expect(result).to.be.true
  69     })
  70   })
  71
  72   describe('When checking HTTP signature', function () {
  73     it('Should fail with an invalid http signature', async function () {
  74       const req = buildRequestStub()
  75       req.method = 'POST'
  76       req.url = '/accounts/ronan/inbox'
  77
  78       const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-http-signature.json')))
  79       req.body = mastodonObject.body
  80       req.headers = mastodonObject.headers
  81
  82       const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
  83       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
  84
  85       const actor = { publicKey }
  86       const verified = isHTTPSignatureVerified(parsed, actor as any)
  87
  88       expect(verified).to.be.false
  89     })
  90
  91     it('Should fail with an invalid public key', async function () {
  92       const req = buildRequestStub()
  93       req.method = 'POST'
  94       req.url = '/accounts/ronan/inbox'
  95
  96       const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
  97       req.body = mastodonObject.body
  98       req.headers = mastodonObject.headers
  99
 100       const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
 101       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey
 102
 103       const actor = { publicKey }
 104       const verified = isHTTPSignatureVerified(parsed, actor as any)
 105
 106       expect(verified).to.be.false
 107     })
 108
 109     it('Should fail because of clock skew', async function () {
 110       const req = buildRequestStub()
 111       req.method = 'POST'
 112       req.url = '/accounts/ronan/inbox'
 113
 114       const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
 115       req.body = mastodonObject.body
 116       req.headers = mastodonObject.headers
 117
 118       let errored = false
 119       try {
 120         parseHTTPSignature(req)
 121       } catch {
 122         errored = true
 123       }
 124
 125       expect(errored).to.be.true
 126     })
 127
 128     it('Should with a scheme', async function () {
 129       const req = buildRequestStub()
 130       req.method = 'POST'
 131       req.url = '/accounts/ronan/inbox'
 132
 133       const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
 134       req.body = mastodonObject.body
 135       req.headers = mastodonObject.headers
 136       req.headers = 'Signature ' + mastodonObject.headers
 137
 138       let errored = false
 139       try {
 140         parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
 141       } catch {
 142         errored = true
 143       }
 144
 145       expect(errored).to.be.true
 146     })
 147
 148     it('Should succeed with a valid signature', async function () {
 149       const req = buildRequestStub()
 150       req.method = 'POST'
 151       req.url = '/accounts/ronan/inbox'
 152
 153       const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
 154       req.body = mastodonObject.body
 155       req.headers = mastodonObject.headers
 156
 157       const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
 158       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
 159
 160       const actor = { publicKey }
 161       const verified = isHTTPSignatureVerified(parsed, actor as any)
 162
 163       expect(verified).to.be.true
 164     })
 165
 166   })
 167
 168 })