kopia lustrzana https://gitlab.com/rysiekpl/libresilient
signed-integrity: added test for and for JWT payload not being a valid JSON (ref. #28)
rodzic
bdad3adeff
commit
8bbf48d08f
|
@ -80,6 +80,20 @@ describe("plugin: signed-integrity", () => {
|
||||||
// prepare it for inclusion in the JWT
|
// prepare it for inclusion in the JWT
|
||||||
noneSignature = btoa(noneSignature).replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
|
noneSignature = btoa(noneSignature).replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
|
||||||
|
|
||||||
|
// prepare stuff for invalid JWT JSON test
|
||||||
|
var invalidPayload = btoa('not a valid JSON string').replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
|
||||||
|
// get an valid signature for invalid payload
|
||||||
|
var invalidPayloadSignature = await subtle.sign(
|
||||||
|
{
|
||||||
|
name: "ECDSA",
|
||||||
|
hash: {name: "SHA-384"}
|
||||||
|
},
|
||||||
|
(await generateECDSAKeypair()).privateKey,
|
||||||
|
(header + '.' + invalidPayload)
|
||||||
|
)
|
||||||
|
// prepare it for inclusion in the JWT
|
||||||
|
invalidPayloadSignature = btoa(invalidPayloadSignature).replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
|
||||||
|
|
||||||
global.resolvingFetch = jest.fn((url, init)=>{
|
global.resolvingFetch = jest.fn((url, init)=>{
|
||||||
var content = '{"test": "success"}'
|
var content = '{"test": "success"}'
|
||||||
var status = 200
|
var status = 200
|
||||||
|
@ -101,6 +115,9 @@ describe("plugin: signed-integrity", () => {
|
||||||
// testing bad signature on the integrity JWT
|
// testing bad signature on the integrity JWT
|
||||||
} else if (url == 'https://resilient.is/bad-signature.json.integrity') {
|
} else if (url == 'https://resilient.is/bad-signature.json.integrity') {
|
||||||
content = header + '.' + payload + '.' + noneSignature
|
content = header + '.' + payload + '.' + noneSignature
|
||||||
|
// testing invalid payload
|
||||||
|
} else if (url == 'https://resilient.is/invalid-payload.json.integrity') {
|
||||||
|
content = header + '.' + invalidPayload + '.' + invalidPayloadSignature
|
||||||
}
|
}
|
||||||
|
|
||||||
return Promise.resolve(
|
return Promise.resolve(
|
||||||
|
@ -288,6 +305,20 @@ describe("plugin: signed-integrity", () => {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
test("it should refuse to fetch content when integrity data not provided and integrity data URL is fetched, but JWT payload is unparseable", async () => {
|
||||||
|
require("../../plugins/signed-integrity.js");
|
||||||
|
|
||||||
|
expect.assertions(4);
|
||||||
|
try {
|
||||||
|
const response = await LibResilientPluginConstructors.get('signed-integrity')(LR, init).fetch('https://resilient.is/invalid-payload.json', {});
|
||||||
|
} catch (e) {
|
||||||
|
expect(resolvingFetch).toHaveBeenCalledTimes(1);
|
||||||
|
expect(resolvingFetch).toHaveBeenCalledWith('https://resilient.is/invalid-payload.json.integrity')
|
||||||
|
expect(e).toBeInstanceOf(Error)
|
||||||
|
expect(e.toString()).toMatch('JWT payload parsing failed')
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
test("it should fetch and verify content, when integrity data not provided, by fetching the integrity data URL and using integrity data from it", async () => {
|
test("it should fetch and verify content, when integrity data not provided, by fetching the integrity data URL and using integrity data from it", async () => {
|
||||||
require("../../plugins/signed-integrity.js");
|
require("../../plugins/signed-integrity.js");
|
||||||
|
|
||||||
|
|
Ładowanie…
Reference in New Issue