signed-integrity: added test for and for JWT payload not containing integrity data (ref. #28)

2022-01-13 02:48:43 +00:00 · 2022-01-13 02:48:43 +00:00 · 87120097f4
commit 87120097f4
--- a/tests/plugins/signed-integrity.test.js
+++ b/tests/plugins/signed-integrity.test.js
@ -94,6 +94,20 @@ describe("plugin: signed-integrity", () => {
    // prepare it for inclusion in the JWT
    invalidPayloadSignature = btoa(invalidPayloadSignature).replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
    
+    // prepare stuff for JWT payload without integrity test
+    var noIntegrityPayload = btoa('{"no": "integrity"}').replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
+    // get an valid signature for invalid payload
+    var noIntegrityPayloadSignature = await subtle.sign(
+      {
+        name: "ECDSA",
+        hash: {name: "SHA-384"}
+      },
+      (await generateECDSAKeypair()).privateKey,
+      (header + '.' + noIntegrityPayload)
+    )
+    // prepare it for inclusion in the JWT
+    noIntegrityPayloadSignature = btoa(noIntegrityPayloadSignature).replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
+    
    global.resolvingFetch = jest.fn((url, init)=>{
                                var content = '{"test": "success"}'
                                var status = 200
@ -118,6 +132,9 @@ describe("plugin: signed-integrity", () => {
                                // testing invalid payload
                                } else if (url == 'https://resilient.is/invalid-payload.json.integrity') {
                                    content = header + '.' + invalidPayload + '.' + invalidPayloadSignature
+                                // testing payload without integrity data
+                                } else if (url == 'https://resilient.is/no-integrity.json.integrity') {
+                                    content = header + '.' + noIntegrityPayload + '.' + noIntegrityPayloadSignature
                                }
                                
                                return Promise.resolve(
@ -319,6 +336,20 @@ describe("plugin: signed-integrity", () => {
    }
  });
  
+  test("it should refuse to fetch content when integrity data not provided and integrity data URL is fetched, but JWT payload does not contain integrity data", async () => {
+    require("../../plugins/signed-integrity.js");
+    
+    expect.assertions(4);
+    try {
+      const response = await LibResilientPluginConstructors.get('signed-integrity')(LR, init).fetch('https://resilient.is/no-integrity.json', {});
+    } catch (e) {
+      expect(resolvingFetch).toHaveBeenCalledTimes(1);
+      expect(resolvingFetch).toHaveBeenCalledWith('https://resilient.is/no-integrity.json.integrity')
+      expect(e).toBeInstanceOf(Error)
+      expect(e.toString()).toMatch('JWT payload did not contain integrity data')
+    }
+  });
+  
  test("it should fetch and verify content, when integrity data not provided, by fetching the integrity data URL and using integrity data from it", async () => {
    require("../../plugins/signed-integrity.js");