kopia lustrzana https://gitlab.com/rysiekpl/libresilient
signed-integrity: added test for alg: none JWTs (ref. #28)
rodzic
5703763097
commit
5254644402
|
@ -92,6 +92,9 @@ describe("plugin: signed-integrity", () => {
|
|||
content = '{"test": "fail"}'
|
||||
status = 404
|
||||
statusText = "Not Found"
|
||||
// testing "alg: none" on the integrity JWT
|
||||
} else if (url == 'https://resilient.is/alg-none.json.integrity') {
|
||||
content = noneHeader + '.' + payload + '.'
|
||||
// testing bad signature on the integrity JWT
|
||||
} else if (url == 'https://resilient.is/bad-signature.json.integrity') {
|
||||
content = header + '.' + payload + '.' + noneSignature
|
||||
|
@ -226,6 +229,20 @@ describe("plugin: signed-integrity", () => {
|
|||
}
|
||||
});
|
||||
|
||||
test("it should refuse to fetch content when integrity data not provided and integrity data URL is fetched, but JWT uses alg: none", async () => {
|
||||
require("../../plugins/signed-integrity.js");
|
||||
|
||||
expect.assertions(4);
|
||||
try {
|
||||
const response = await LibResilientPluginConstructors.get('signed-integrity')(LR, init).fetch('https://resilient.is/alg-none.json', {});
|
||||
} catch (e) {
|
||||
expect(resolvingFetch).toHaveBeenCalledTimes(1);
|
||||
expect(resolvingFetch).toHaveBeenCalledWith('https://resilient.is/alg-none.json.integrity')
|
||||
expect(e).toBeInstanceOf(Error)
|
||||
expect(e.toString()).toMatch('JWT seems invalid (one or more sections are empty)')
|
||||
}
|
||||
});
|
||||
|
||||
test("it should refuse to fetch content when integrity data not provided and integrity data URL is fetched, but JWT signature check fails", async () => {
|
||||
require("../../plugins/signed-integrity.js");
|
||||
|
||||
|
|
|
@ -125,6 +125,11 @@
|
|||
|
||||
console.log(`JWT b64urlDecoded:\n- ${b64urlDecode(jwt[0])}\n- ${b64urlDecode(jwt[1])}\n- ${b64urlDecode(jwt[2])}`)
|
||||
|
||||
// reality check: all parts of the JWT should be non-empty
|
||||
if ( (jwt[0].length == 0) || (jwt[1].length == 0) || (jwt[2].length == 0) ) {
|
||||
throw new Error('JWT seems invalid (one or more sections are empty).')
|
||||
}
|
||||
|
||||
// WARNING: this is in neither efficient or clear... but works, and this is a PoC
|
||||
var signature = Uint8Array.from(
|
||||
Array.from(
|
||||
|
|
Ładowanie…
Reference in New Issue