server/tests/api/activitypub/helpers.ts

   1 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
   2
   3 import 'mocha'
   4 import { expect } from 'chai'
   5 import { cloneDeep } from 'lodash'
   6 import { buildAbsoluteFixturePath, buildRequestStub } from '@shared/extra-utils'
   7 import { buildSignedActivity } from '../../../helpers/activitypub'
   8 import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto'
   9
  10 describe('Test activity pub helpers', function () {
  11   describe('When checking the Linked Signature', function () {
  12
  13     it('Should fail with an invalid Mastodon signature', async function () {
  14       const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create-bad-signature.json'))
  15       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
  16       const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
  17
  18       const result = await isJsonLDSignatureVerified(fromActor as any, body)
  19
  20       expect(result).to.be.false
  21     })
  22
  23     it('Should fail with an invalid public key', async function () {
  24       const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json'))
  25       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey
  26       const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
  27
  28       const result = await isJsonLDSignatureVerified(fromActor as any, body)
  29
  30       expect(result).to.be.false
  31     })
  32
  33     it('Should succeed with a valid Mastodon signature', async function () {
  34       const body = require(buildAbsoluteFixturePath('./ap-json/mastodon/create.json'))
  35       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
  36       const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
  37
  38       const result = await isJsonLDSignatureVerified(fromActor as any, body)
  39
  40       expect(result).to.be.true
  41     })
  42
  43     it('Should fail with an invalid PeerTube signature', async function () {
  44       const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/invalid-keys.json'))
  45       const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))
  46
  47       const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
  48       const signedBody = await buildSignedActivity(actorSignature as any, body)
  49
  50       const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
  51       const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
  52
  53       expect(result).to.be.false
  54     })
  55
  56     it('Should succeed with a valid PeerTube signature', async function () {
  57       const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json'))
  58       const body = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))
  59
  60       const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
  61       const signedBody = await buildSignedActivity(actorSignature as any, body)
  62
  63       const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
  64       const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
  65
  66       expect(result).to.be.true
  67     })
  68   })
  69
  70   describe('When checking HTTP signature', function () {
  71     it('Should fail with an invalid http signature', async function () {
  72       const req = buildRequestStub()
  73       req.method = 'POST'
  74       req.url = '/accounts/ronan/inbox'
  75
  76       const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-http-signature.json')))
  77       req.body = mastodonObject.body
  78       req.headers = mastodonObject.headers
  79
  80       const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
  81       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
  82
  83       const actor = { publicKey }
  84       const verified = isHTTPSignatureVerified(parsed, actor as any)
  85
  86       expect(verified).to.be.false
  87     })
  88
  89     it('Should fail with an invalid public key', async function () {
  90       const req = buildRequestStub()
  91       req.method = 'POST'
  92       req.url = '/accounts/ronan/inbox'
  93
  94       const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
  95       req.body = mastodonObject.body
  96       req.headers = mastodonObject.headers
  97
  98       const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
  99       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/bad-public-key.json')).publicKey
 100
 101       const actor = { publicKey }
 102       const verified = isHTTPSignatureVerified(parsed, actor as any)
 103
 104       expect(verified).to.be.false
 105     })
 106
 107     it('Should fail because of clock skew', async function () {
 108       const req = buildRequestStub()
 109       req.method = 'POST'
 110       req.url = '/accounts/ronan/inbox'
 111
 112       const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
 113       req.body = mastodonObject.body
 114       req.headers = mastodonObject.headers
 115
 116       let errored = false
 117       try {
 118         parseHTTPSignature(req)
 119       } catch {
 120         errored = true
 121       }
 122
 123       expect(errored).to.be.true
 124     })
 125
 126     it('Should with a scheme', async function () {
 127       const req = buildRequestStub()
 128       req.method = 'POST'
 129       req.url = '/accounts/ronan/inbox'
 130
 131       const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
 132       req.body = mastodonObject.body
 133       req.headers = mastodonObject.headers
 134       req.headers = 'Signature ' + mastodonObject.headers
 135
 136       let errored = false
 137       try {
 138         parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
 139       } catch {
 140         errored = true
 141       }
 142
 143       expect(errored).to.be.true
 144     })
 145
 146     it('Should succeed with a valid signature', async function () {
 147       const req = buildRequestStub()
 148       req.method = 'POST'
 149       req.url = '/accounts/ronan/inbox'
 150
 151       const mastodonObject = cloneDeep(require(buildAbsoluteFixturePath('./ap-json/mastodon/http-signature.json')))
 152       req.body = mastodonObject.body
 153       req.headers = mastodonObject.headers
 154
 155       const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10)
 156       const publicKey = require(buildAbsoluteFixturePath('./ap-json/mastodon/public-key.json')).publicKey
 157
 158       const actor = { publicKey }
 159       const verified = isHTTPSignatureVerified(parsed, actor as any)
 160
 161       expect(verified).to.be.true
 162     })
 163
 164   })
 165
 166 })