From df66d81583e07ce049daeeef1edc6a87b57b3684 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 23 Oct 2018 11:38:48 +0200 Subject: Add compatibility with other Linked Signature algorithms --- server/tests/api/activitypub/helpers.ts | 182 ++++++++++++++++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 server/tests/api/activitypub/helpers.ts (limited to 'server/tests/api/activitypub/helpers.ts') diff --git a/server/tests/api/activitypub/helpers.ts b/server/tests/api/activitypub/helpers.ts new file mode 100644 index 000000000..610846247 --- /dev/null +++ b/server/tests/api/activitypub/helpers.ts @@ -0,0 +1,182 @@ +/* tslint:disable:no-unused-expression */ + +import 'mocha' +import { expect } from 'chai' +import { buildRequestStub } from '../../utils' +import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto' +import { cloneDeep } from 'lodash' +import { buildSignedActivity } from '../../../helpers/activitypub' + +describe('Test activity pub helpers', function () { + describe('When checking the Linked Signature', function () { + + it('Should fail with an invalid Mastodon signature', async function () { + const body = require('./json/mastodon/create-bad-signature.json') + const publicKey = require('./json/mastodon/public-key.json').publicKey + const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } + + const result = await isJsonLDSignatureVerified(fromActor as any, body) + + expect(result).to.be.false + }) + + it('Should fail with an invalid public key', async function () { + const body = require('./json/mastodon/create.json') + const publicKey = require('./json/mastodon/bad-public-key.json').publicKey + const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } + + const result = await isJsonLDSignatureVerified(fromActor as any, body) + + expect(result).to.be.false + }) + + it('Should succeed with a valid Mastodon signature', async function () { + const body = require('./json/mastodon/create.json') + const publicKey = require('./json/mastodon/public-key.json').publicKey + const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } + + const result = await isJsonLDSignatureVerified(fromActor as any, body) + + expect(result).to.be.true + }) + + it('Should fail with an invalid PeerTube signature', async function () { + const keys = require('./json/peertube/invalid-keys.json') + const body = require('./json/peertube/announce-without-context.json') + + const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } + const signedBody = await buildSignedActivity(actorSignature as any, body) + + const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' } + const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) + + expect(result).to.be.false + }) + + it('Should fail with an invalid PeerTube URL', async function () { + const keys = require('./json/peertube/keys.json') + const body = require('./json/peertube/announce-without-context.json') + + const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } + const signedBody = await buildSignedActivity(actorSignature as any, body) + + const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9003/accounts/peertube' } + const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) + + expect(result).to.be.false + }) + + it('Should succeed with a valid PeerTube signature', async function () { + const keys = require('./json/peertube/keys.json') + const body = require('./json/peertube/announce-without-context.json') + + const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } + const signedBody = await buildSignedActivity(actorSignature as any, body) + + const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' } + const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) + + expect(result).to.be.true + }) + }) + + describe('When checking HTTP signature', function () { + it('Should fail with an invalid http signature', async function () { + const req = buildRequestStub() + req.method = 'POST' + req.url = '/accounts/ronan/inbox' + + const mastodonObject = cloneDeep(require('./json/mastodon/bad-http-signature.json')) + req.body = mastodonObject.body + req.headers = mastodonObject.headers + req.headers.signature = 'Signature ' + req.headers.signature + + const parsed = parseHTTPSignature(req, 3600 * 365 * 3) + const publicKey = require('./json/mastodon/public-key.json').publicKey + + const actor = { publicKey } + const verified = isHTTPSignatureVerified(parsed, actor as any) + + expect(verified).to.be.false + }) + + it('Should fail with an invalid public key', async function () { + const req = buildRequestStub() + req.method = 'POST' + req.url = '/accounts/ronan/inbox' + + const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) + req.body = mastodonObject.body + req.headers = mastodonObject.headers + req.headers.signature = 'Signature ' + req.headers.signature + + const parsed = parseHTTPSignature(req, 3600 * 365 * 3) + const publicKey = require('./json/mastodon/bad-public-key.json').publicKey + + const actor = { publicKey } + const verified = isHTTPSignatureVerified(parsed, actor as any) + + expect(verified).to.be.false + }) + + it('Should fail because of clock skew', async function () { + const req = buildRequestStub() + req.method = 'POST' + req.url = '/accounts/ronan/inbox' + + const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) + req.body = mastodonObject.body + req.headers = mastodonObject.headers + req.headers.signature = 'Signature ' + req.headers.signature + + let errored = false + try { + parseHTTPSignature(req) + } catch { + errored = true + } + + expect(errored).to.be.true + }) + + it('Should fail without scheme', async function () { + const req = buildRequestStub() + req.method = 'POST' + req.url = '/accounts/ronan/inbox' + + const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) + req.body = mastodonObject.body + req.headers = mastodonObject.headers + + let errored = false + try { + parseHTTPSignature(req, 3600 * 365 * 3) + } catch { + errored = true + } + + expect(errored).to.be.true + }) + + it('Should succeed with a valid signature', async function () { + const req = buildRequestStub() + req.method = 'POST' + req.url = '/accounts/ronan/inbox' + + const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) + req.body = mastodonObject.body + req.headers = mastodonObject.headers + req.headers.signature = 'Signature ' + req.headers.signature + + const parsed = parseHTTPSignature(req, 3600 * 365 * 3) + const publicKey = require('./json/mastodon/public-key.json').publicKey + + const actor = { publicKey } + const verified = isHTTPSignatureVerified(parsed, actor as any) + + expect(verified).to.be.true + }) + + }) + +}) -- cgit v1.2.3