Add compatibility with other Linked Signature algorithms

2025-10-05 02:39:33 +02:00 · 2018-10-23 11:38:48 +02:00 · 2018-10-23 11:38:48 +02:00 · df66d81583
commit df66d81583
parent b83b8dd5ae
28 changed files with 1012 additions and 22 deletions
--- a/server/tests/api/activitypub/helpers.ts
+++ b/server/tests/api/activitypub/helpers.ts
@ -0,0 +1,182 @@
+/* tslint:disable:no-unused-expression */
+
+import 'mocha'
+import { expect } from 'chai'
+import { buildRequestStub } from '../../utils'
+import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto'
+import { cloneDeep } from 'lodash'
+import { buildSignedActivity } from '../../../helpers/activitypub'
+
+describe('Test activity pub helpers', function () {
+  describe('When checking the Linked Signature', function () {
+
+    it('Should fail with an invalid Mastodon signature', async function () {
+      const body = require('./json/mastodon/create-bad-signature.json')
+      const publicKey = require('./json/mastodon/public-key.json').publicKey
+      const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
+
+      const result = await isJsonLDSignatureVerified(fromActor as any, body)
+
+      expect(result).to.be.false
+    })
+
+    it('Should fail with an invalid public key', async function () {
+      const body = require('./json/mastodon/create.json')
+      const publicKey = require('./json/mastodon/bad-public-key.json').publicKey
+      const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
+
+      const result = await isJsonLDSignatureVerified(fromActor as any, body)
+
+      expect(result).to.be.false
+    })
+
+    it('Should succeed with a valid Mastodon signature', async function () {
+      const body = require('./json/mastodon/create.json')
+      const publicKey = require('./json/mastodon/public-key.json').publicKey
+      const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' }
+
+      const result = await isJsonLDSignatureVerified(fromActor as any, body)
+
+      expect(result).to.be.true
+    })
+
+    it('Should fail with an invalid PeerTube signature', async function () {
+      const keys = require('./json/peertube/invalid-keys.json')
+      const body = require('./json/peertube/announce-without-context.json')
+
+      const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
+      const signedBody = await buildSignedActivity(actorSignature as any, body)
+
+      const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
+      const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
+
+      expect(result).to.be.false
+    })
+
+    it('Should fail with an invalid PeerTube URL', async function () {
+      const keys = require('./json/peertube/keys.json')
+      const body = require('./json/peertube/announce-without-context.json')
+
+      const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
+      const signedBody = await buildSignedActivity(actorSignature as any, body)
+
+      const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9003/accounts/peertube' }
+      const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
+
+      expect(result).to.be.false
+    })
+
+    it('Should succeed with a valid PeerTube signature', async function () {
+      const keys = require('./json/peertube/keys.json')
+      const body = require('./json/peertube/announce-without-context.json')
+
+      const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey }
+      const signedBody = await buildSignedActivity(actorSignature as any, body)
+
+      const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' }
+      const result = await isJsonLDSignatureVerified(fromActor as any, signedBody)
+
+      expect(result).to.be.true
+    })
+  })
+
+  describe('When checking HTTP signature', function () {
+    it('Should fail with an invalid http signature', async function () {
+      const req = buildRequestStub()
+      req.method = 'POST'
+      req.url = '/accounts/ronan/inbox'
+
+      const mastodonObject = cloneDeep(require('./json/mastodon/bad-http-signature.json'))
+      req.body = mastodonObject.body
+      req.headers = mastodonObject.headers
+      req.headers.signature = 'Signature ' + req.headers.signature
+
+      const parsed = parseHTTPSignature(req, 3600 * 365 * 3)
+      const publicKey = require('./json/mastodon/public-key.json').publicKey
+
+      const actor = { publicKey }
+      const verified = isHTTPSignatureVerified(parsed, actor as any)
+
+      expect(verified).to.be.false
+    })
+
+    it('Should fail with an invalid public key', async function () {
+      const req = buildRequestStub()
+      req.method = 'POST'
+      req.url = '/accounts/ronan/inbox'
+
+      const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
+      req.body = mastodonObject.body
+      req.headers = mastodonObject.headers
+      req.headers.signature = 'Signature ' + req.headers.signature
+
+      const parsed = parseHTTPSignature(req, 3600 * 365 * 3)
+      const publicKey = require('./json/mastodon/bad-public-key.json').publicKey
+
+      const actor = { publicKey }
+      const verified = isHTTPSignatureVerified(parsed, actor as any)
+
+      expect(verified).to.be.false
+    })
+
+    it('Should fail because of clock skew', async function () {
+      const req = buildRequestStub()
+      req.method = 'POST'
+      req.url = '/accounts/ronan/inbox'
+
+      const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
+      req.body = mastodonObject.body
+      req.headers = mastodonObject.headers
+      req.headers.signature = 'Signature ' + req.headers.signature
+
+      let errored = false
+      try {
+        parseHTTPSignature(req)
+      } catch {
+        errored = true
+      }
+
+      expect(errored).to.be.true
+    })
+
+    it('Should fail without scheme', async function () {
+      const req = buildRequestStub()
+      req.method = 'POST'
+      req.url = '/accounts/ronan/inbox'
+
+      const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
+      req.body = mastodonObject.body
+      req.headers = mastodonObject.headers
+
+      let errored = false
+      try {
+        parseHTTPSignature(req, 3600 * 365 * 3)
+      } catch {
+        errored = true
+      }
+
+      expect(errored).to.be.true
+    })
+
+    it('Should succeed with a valid signature', async function () {
+      const req = buildRequestStub()
+      req.method = 'POST'
+      req.url = '/accounts/ronan/inbox'
+
+      const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json'))
+      req.body = mastodonObject.body
+      req.headers = mastodonObject.headers
+      req.headers.signature = 'Signature ' + req.headers.signature
+
+      const parsed = parseHTTPSignature(req, 3600 * 365 * 3)
+      const publicKey = require('./json/mastodon/public-key.json').publicKey
+
+      const actor = { publicKey }
+      const verified = isHTTPSignatureVerified(parsed, actor as any)
+
+      expect(verified).to.be.true
+    })
+
+  })
+
+})