From 8bbf48d08ffa6131670c432831f4b07eac2b3e4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20=27rysiek=27=20Wo=C5=BAniak?=
 <rysiek@hackerspace.pl>
Date: Thu, 13 Jan 2022 02:41:22 +0000
Subject: [PATCH] signed-integrity: added test for and for JWT payload not
 being a valid JSON (ref. #28)

---
 __tests__/plugins/signed-integrity.test.js | 31 ++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/__tests__/plugins/signed-integrity.test.js b/__tests__/plugins/signed-integrity.test.js
index d1a7737..2331af6 100644
--- a/__tests__/plugins/signed-integrity.test.js
+++ b/__tests__/plugins/signed-integrity.test.js
@@ -80,6 +80,20 @@ describe("plugin: signed-integrity", () => {
     // prepare it for inclusion in the JWT
     noneSignature = btoa(noneSignature).replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
     
+    // prepare stuff for invalid JWT JSON test
+    var invalidPayload = btoa('not a valid JSON string').replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
+    // get an valid signature for invalid payload
+    var invalidPayloadSignature = await subtle.sign(
+      {
+        name: "ECDSA",
+        hash: {name: "SHA-384"}
+      },
+      (await generateECDSAKeypair()).privateKey,
+      (header + '.' + invalidPayload)
+    )
+    // prepare it for inclusion in the JWT
+    invalidPayloadSignature = btoa(invalidPayloadSignature).replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
+    
     global.resolvingFetch = jest.fn((url, init)=>{
                                 var content = '{"test": "success"}'
                                 var status = 200
@@ -101,6 +115,9 @@ describe("plugin: signed-integrity", () => {
                                 // testing bad signature on the integrity JWT
                                 } else if (url == 'https://resilient.is/bad-signature.json.integrity') {
                                     content = header + '.' + payload + '.' + noneSignature
+                                // testing invalid payload
+                                } else if (url == 'https://resilient.is/invalid-payload.json.integrity') {
+                                    content = header + '.' + invalidPayload + '.' + invalidPayloadSignature
                                 }
                                 
                                 return Promise.resolve(
@@ -288,6 +305,20 @@ describe("plugin: signed-integrity", () => {
     }
   });
   
+  test("it should refuse to fetch content when integrity data not provided and integrity data URL is fetched, but JWT payload is unparseable", async () => {
+    require("../../plugins/signed-integrity.js");
+    
+    expect.assertions(4);
+    try {
+      const response = await LibResilientPluginConstructors.get('signed-integrity')(LR, init).fetch('https://resilient.is/invalid-payload.json', {});
+    } catch (e) {
+      expect(resolvingFetch).toHaveBeenCalledTimes(1);
+      expect(resolvingFetch).toHaveBeenCalledWith('https://resilient.is/invalid-payload.json.integrity')
+      expect(e).toBeInstanceOf(Error)
+      expect(e.toString()).toMatch('JWT payload parsing failed')
+    }
+  });
+  
   test("it should fetch and verify content, when integrity data not provided, by fetching the integrity data URL and using integrity data from it", async () => {
     require("../../plugins/signed-integrity.js");