signed-integrity: working on implementing JWT processing (ref. #28)

merge-requests/9/merge
Michał 'rysiek' Woźniak 2022-01-12 00:14:31 +00:00
rodzic e1745144c1
commit 6180f8b96a
2 zmienionych plików z 46 dodań i 2 usunięć

Wyświetl plik

@ -11,6 +11,9 @@ describe("plugin: signed-integrity", () => {
global.btoa = (bin) => {
return Buffer.from(bin, 'binary').toString('base64')
}
global.atob = (ascii) => {
return Buffer.from(ascii, 'base64').toString('binary')
}
global.LibResilientPluginConstructors = new Map()
LR = {
@ -19,12 +22,16 @@ describe("plugin: signed-integrity", () => {
}
}
header = btoa('{"alg": "ES384"}').replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
payload = btoa('{"integrity": "sha256-eiMrFuthzteJuj8fPwUMyNQMb2SMW7VITmmt2oAxGj0="}').replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
signature = btoa('FIXME').replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
global.resolvingFetch = jest.fn((url, init)=>{
var content = '{"test": "success"}'
var status = 200
var statusText = "OK"
if (url == 'https://resilient.is/test.json.integrity') {
content = '{"integrity": "sha256-eiMrFuthzteJuj8fPwUMyNQMb2SMW7VITmmt2oAxGj0="}'
content = header + '.' + payload + '.' + signature
} else if (url == 'https://resilient.is/fail.json.integrity') {
content = '{"test": "fail"}'
status = 404

Wyświetl plik

@ -46,6 +46,31 @@
throw new Error(`Expected exactly one plugin to wrap, but ${config.uses.length} configured.`)
}
/**
* utility function
* base64url decode
*/
let b64urlDecode = (data) => {
// figure out the padding to add
var pad = 4 - (data.length % 4);
// that's no bueno
if (pad == 3) {
throw new Error(`Invalid base64-encoded string!`)
}
// no padding, then
if (pad == 4) {
pad = 0
}
// we're done, atob that thing
return atob(
data
.replace(/_/g, '/')
.replace(/-/g, '+')
+ '='.repeat(pad)
)
}
/**
* getting content using the configured plugin,
* but also making sure integrity data file is fetched, signature checked,
@ -64,8 +89,20 @@
// did we get anything sane?
if (integrityResponse.status == 200) {
LR.log(pluginName, `fetched integrity data file`)
// this is where magic happens
LR.log(pluginName, `fetched integrity data file`)
// get the JWT
var jwt = await integrityResponse.text()
console.log('jwt: ' + jwt)
jwt = jwt.split('.')
// unpack it
var header = b64urlDecode(jwt[0])
var payload = b64urlDecode(jwt[1])
var signature = jwt[2]
LR.log(pluginName, `got a JWT:\n- header : ${header}\n- payload: ${payload}`)
} else {
LR.log(pluginName, `fetching integrity data failed: ${integrityResponse.status} ${integrityResponse.statusText}`)
}