server/tests/api/activitypub/helpers.ts

   1 /* tslint:disable:no-unused-expression */
   2
   3 import 'mocha'
   4 import { expect } from 'chai'
   5 import { buildRequestStub } from '../../../../shared/utils/miscs/stubs'
   6 import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto'
   7 import { cloneDeep } from 'lodash'
   8 import { buildSignedActivity } from '../../../helpers/activitypub'
   9
  10 describe('Test activity pub helpers', function () {
  11   describe('When checking the Linked Signature', function () {
  12
  13     it('Should fail with an invalid Mastodon signature', async function () {
  14       const body = require('./json/mastodon/create-bad-signature.json')
  15       const publicKey = require('./json/mastodon/public-key.json').publicKey
  16       const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
  17
  18       const result = await isJsonLDSignatureVerified(fromActor as any, body)
  19
  20       expect(result).to.be.false
  21     })
  22
  23     it('Should fail with an invalid public key', async function () {
  24       const body = require('./json/mastodon/create.json')
  25       const publicKey = require('./json/mastodon/bad-public-key.json').publicKey
  26       const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
  27
  28       const result = await isJsonLDSignatureVerified(fromActor as any, body)
  29
  30       expect(result).to.be.false
  31     })
  32
  33     it('Should succeed with a valid Mastodon signature', async function () {
  34       const body = require('./json/mastodon/create.json')
  35       const publicKey = require('./json/mastodon/public-key.json').publicKey
  36       const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
  37
  38       const result = await isJsonLDSignatureVerified(fromActor as any, body)
  39
  40       expect(result).to.be.true
  41     })
  42
  43     it('Should fail with an invalid PeerTube signature', async function () {
  44       const keys = require('./json/peertube/invalid-keys.json')
  45       const body = require('./json/peertube/announce-without-context.json')
  46
  47       const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
  48       const signedBody = await buildSignedActivity(actorSignature as any, body)
  49
  50       const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
  51       const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
  52
  53       expect(result).to.be.false
  54     })
  55
  56     it('Should fail with an invalid PeerTube URL', async function () {
  57       const keys = require('./json/peertube/keys.json')
  58       const body = require('./json/peertube/announce-without-context.json')
  59
  60       const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
  61       const signedBody = await buildSignedActivity(actorSignature as any, body)
  62
  63       const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9003/accounts/peertube' }
  64       const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
  65
  66       expect(result).to.be.false
  67     })
  68
  69     it('Should succeed with a valid PeerTube signature', async function () {
  70       const keys = require('./json/peertube/keys.json')
  71       const body = require('./json/peertube/announce-without-context.json')
  72
  73       const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
  74       const signedBody = await buildSignedActivity(actorSignature as any, body)
  75
  76       const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
  77       const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
  78
  79       expect(result).to.be.true
  80     })
  81   })
  82
  83   describe('When checking HTTP signature', function () {
  84     it('Should fail with an invalid http signature', async function () {
  85       const req = buildRequestStub()
  86       req.method = 'POST'
  87       req.url = '/accounts/ronan/inbox'
  88
  89       const mastodonObject = cloneDeep(require('./json/mastodon/bad-http-signature.json'))
  90       req.body = mastodonObject.body
  91       req.headers = mastodonObject.headers
  92       req.headers.signature = 'Signature ' + req.headers.signature
  93
  94       const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
  95       const publicKey = require('./json/mastodon/public-key.json').publicKey
  96
  97       const actor = { publicKey }
  98       const verified = isHTTPSignatureVerified(parsed, actor as any)
  99
 100       expect(verified).to.be.false
 101     })
 102
 103     it('Should fail with an invalid public key', async function () {
 104       const req = buildRequestStub()
 105       req.method = 'POST'
 106       req.url = '/accounts/ronan/inbox'
 107
 108       const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
 109       req.body = mastodonObject.body
 110       req.headers = mastodonObject.headers
 111       req.headers.signature = 'Signature ' + req.headers.signature
 112
 113       const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
 114       const publicKey = require('./json/mastodon/bad-public-key.json').publicKey
 115
 116       const actor = { publicKey }
 117       const verified = isHTTPSignatureVerified(parsed, actor as any)
 118
 119       expect(verified).to.be.false
 120     })
 121
 122     it('Should fail because of clock skew', async function () {
 123       const req = buildRequestStub()
 124       req.method = 'POST'
 125       req.url = '/accounts/ronan/inbox'
 126
 127       const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
 128       req.body = mastodonObject.body
 129       req.headers = mastodonObject.headers
 130       req.headers.signature = 'Signature ' + req.headers.signature
 131
 132       let errored = false
 133       try {
 134         parseHTTPSignature(req)
 135       } catch {
 136         errored = true
 137       }
 138
 139       expect(errored).to.be.true
 140     })
 141
 142     it('Should fail without scheme', async function () {
 143       const req = buildRequestStub()
 144       req.method = 'POST'
 145       req.url = '/accounts/ronan/inbox'
 146
 147       const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
 148       req.body = mastodonObject.body
 149       req.headers = mastodonObject.headers
 150
 151       let errored = false
 152       try {
 153         parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
 154       } catch {
 155         errored = true
 156       }
 157
 158       expect(errored).to.be.true
 159     })
 160
 161     it('Should succeed with a valid signature', async function () {
 162       const req = buildRequestStub()
 163       req.method = 'POST'
 164       req.url = '/accounts/ronan/inbox'
 165
 166       const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
 167       req.body = mastodonObject.body
 168       req.headers = mastodonObject.headers
 169       req.headers.signature = 'Signature ' + req.headers.signature
 170
 171       const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
 172       const publicKey = require('./json/mastodon/public-key.json').publicKey
 173
 174       const actor = { publicKey }
 175       const verified = isHTTPSignatureVerified(parsed, actor as any)
 176
 177       expect(verified).to.be.true
 178     })
 179
 180   })
 181
 182 })