auth-server-helper/test/spec/KeyStore.ts

/*
 * Copyright (C) Sapphirecode - All Rights Reserved
 * This file is part of Auth-Server-Helper which is released under MIT.
 * See file 'LICENSE' for full license details.
 * Created by Timo Hocker <timo@scode.ovh>, December 2020
 */

import ks, { KeyStore } from '../../lib/KeyStore';
import { clock_finalize, clock_setup } from '../Helper';

const frame = 3600;

/* eslint-disable-next-line max-lines-per-function */
describe ('key store', () => {
  beforeAll (() => {
    clock_setup ();
  });

  afterAll (() => {
    clock_finalize ();
  });

  const keys: {key: string, sign: string, iat: number}[] = [];

  it ('should generate a new key', async () => {
    const iat = (new Date)
      .getTime () / 1000;
    const duration = 10 * frame;
    const key = await ks.get_sign_key (iat, duration);
    const sign = await ks.get_key (iat);
    expect (typeof key)
      .toEqual ('string');
    expect (typeof sign)
      .toEqual ('string');
    keys.push ({ iat, key, sign });
  });

  it ('should return the generated key', async () => {
    const key = await ks.get_sign_key (keys[0].iat, 1);
    expect (key)
      .toEqual (keys[0].key);
    const sign = await ks.get_key (keys[0].iat);
    expect (sign)
      .toEqual (keys[0].sign);
  });

  it ('should return the same key on a different time', async () => {
    const key = await ks.get_sign_key (keys[0].iat + (frame / 2), 1);
    expect (key)
      .toEqual (keys[0].key);
    const sign = await ks.get_key (keys[0].iat + (frame / 2));
    expect (sign)
      .toEqual (keys[0].sign);
  });

  it ('should generate a new key after time frame is over', async () => {
    jasmine.clock ()
      .tick (frame * 1000);
    const iat = (new Date)
      .getTime () / 1000;
    const duration = 10 * frame;
    const key = await ks.get_sign_key (iat, duration);
    const sign = await ks.get_key (iat);
    expect (typeof key)
      .toEqual ('string');
    expect (key).not.toEqual (keys[0].key);
    expect (sign).not.toEqual (keys[0].sign);
    keys.push ({ iat, key, sign });
  });

  it ('should return both keys, but not the first sign key', async () => {
    const sign = await ks.get_key (keys[0].iat);
    expect (sign)
      .toEqual (keys[0].sign);
    await expectAsync (ks.get_sign_key (keys[0].iat, 1))
      .toBeRejectedWithError ('cannot access already expired keys');
    const k2 = await ks.get_sign_key (keys[1].iat, 1);
    const s2 = await ks.get_key (keys[1].iat);
    expect (k2)
      .toEqual (keys[1].key);
    expect (s2)
      .toEqual (keys[1].sign);
  });

  it ('should throw on non existing key', async () => {
    await expectAsync (ks.get_key (keys[1].iat + frame))
      .toBeRejectedWithError ('key could not be found');
  });

  it ('should delete a key after it expires', async () => {
    // go to 10 frames + 1ms after key creation
    jasmine.clock ()
      .tick ((frame * 9e3) + 1);
    // eslint-disable-next-line dot-notation
    ks['garbage_collect'] ();
    await expectAsync (ks.get_key (keys[0].iat))
      .toBeRejectedWithError ('key could not be found');
  });

  it (
    'should still retrieve the second key, but not its sign key',
    async () => {
      await expectAsync (ks.get_sign_key (keys[1].iat, 1))
        .toBeRejectedWithError ('cannot access already expired keys');
      const sign = await ks.get_key (keys[1].iat);
      expect (sign)
        .toEqual (keys[1].sign);
    }
  );

  it ('should reject key generation of expired keys', async () => {
    const iat = ((new Date)
      .getTime () / 1000) - 2;
    const duration = 5;
    await expectAsync (ks.get_sign_key (iat, duration))
      .toBeRejectedWithError ('cannot access already expired keys');
  });

  it ('key should live as long as the longest created token', async () => {
    jasmine.clock ()
      .tick (frame * 10e3);
    const iat = (new Date)
      .getTime () / 1000;
    const duration1 = frame;
    const duration2 = frame * 10;

    const key1 = await ks.get_sign_key (iat, duration1);
    const step = 0.9 * frame;
    jasmine.clock ()
      .tick (step * 1000);
    const key2 = await ks.get_sign_key (iat + step, duration2);
    const sign = await ks.get_key (iat);
    expect (key1)
      .toEqual (key2);
    jasmine.clock ()
      .tick (5000 * frame);
    const signv = await ks.get_key (iat + step);
    expect (signv)
      .toEqual (sign);
  });

  it ('should not allow invalid expiry times', async () => {
    await expectAsync (ks.get_sign_key (0, 0))
      .toBeRejectedWithError ('cannot create infinitely valid key');
    await expectAsync (ks.get_sign_key (0, -1))
      .toBeRejectedWithError ('cannot create infinitely valid key');
  });

  it ('should export and import all keys', async () => {
    const iat = (new Date)
      .getTime () / 1000;

    const sign = await ks.get_sign_key (iat, frame);
    const ver = await ks.get_key (iat);
    const exp = ks.export_verification_data ();
    // eslint-disable-next-line dot-notation
    expect (Object.keys (ks['_keys']))
      .toEqual (exp.map ((v) => v.index));

    const ks2 = (new KeyStore);
    expect (ks2.instance_id).not.toEqual (ks.instance_id);
    ks2.import_verification_data (exp);
    // eslint-disable-next-line dot-notation
    expect (Object.keys (ks2['_keys']))
      .toEqual (exp.map ((v) => v.index));

    const sign2 = await ks2.get_sign_key (iat, frame);
    const ver2 = await ks2.get_key (iat);
    expect (sign).not.toEqual (sign2);
    expect (ver).not.toEqual (ver2);
    await expectAsync (ks2.get_sign_key (iat, 60, ks.instance_id))
      .toBeRejectedWithError ('cannot access already expired keys');
    expect (await ks2.get_key (iat, ks.instance_id))
      .toEqual (ver);
  });

  it ('should disallow importing to itself', () => {
    const exp = ks.export_verification_data ();
    expect (() => ks.import_verification_data (exp))
      .toThrowError ('cannot import to the same instance');
  });

  it ('should clear all', () => {
    // eslint-disable-next-line dot-notation
    expect (Object.keys (ks['_keys']).length)
      .toBeGreaterThan (0);
    const instance = ks.instance_id;
    ks.reset_instance ();
    // eslint-disable-next-line dot-notation
    expect (Object.keys (ks['_keys']).length)
      .toEqual (0);
    expect (instance).not.toEqual (ks.instance_id);
  });
});
improve signature structure, more tests 2020-12-13 13:37:11 +01:00			`/*`
			`* Copyright (C) Sapphirecode - All Rights Reserved`
			`* This file is part of Auth-Server-Helper which is released under MIT.`
			`* See file 'LICENSE' for full license details.`
			`* Created by Timo Hocker <timo@scode.ovh>, December 2020`
			`*/`

export/import keys 2021-01-08 13:30:53 +01:00			`import ks, { KeyStore } from '../../lib/KeyStore';`
fixes 2021-01-07 15:43:54 +01:00			`import { clock_finalize, clock_setup } from '../Helper';`
key store 2020-12-06 21:06:40 +01:00
export/import keys 2021-01-08 13:30:53 +01:00			`const frame = 3600;`
fix 2021-01-06 11:15:56 +01:00
key store 2020-12-06 21:06:40 +01:00			`/* eslint-disable-next-line max-lines-per-function */`
			`describe ('key store', () => {`
			`beforeAll (() => {`
fixes 2021-01-07 15:43:54 +01:00			`clock_setup ();`
			`});`

			`afterAll (() => {`
			`clock_finalize ();`
key store 2020-12-06 21:06:40 +01:00			`});`

formatting 2021-05-10 12:41:00 +02:00			`const keys: {key: string, sign: string, iat: number}[] = [];`
key store 2020-12-06 21:06:40 +01:00
asymmetric keys 2021-01-06 16:06:03 +01:00			`it ('should generate a new key', async () => {`
key store 2020-12-06 21:06:40 +01:00			`const iat = (new Date)`
			`.getTime () / 1000;`
fix 2021-01-06 11:15:56 +01:00			`const duration = 10 * frame;`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const key = await ks.get_sign_key (iat, duration);`
redis sync 2022-08-08 15:52:56 +02:00			`const sign = await ks.get_key (iat);`
key store 2020-12-06 21:06:40 +01:00			`expect (typeof key)`
			`.toEqual ('string');`
asymmetric keys 2021-01-06 16:06:03 +01:00			`expect (typeof sign)`
			`.toEqual ('string');`
			`keys.push ({ iat, key, sign });`
key store 2020-12-06 21:06:40 +01:00			`});`

asymmetric keys 2021-01-06 16:06:03 +01:00			`it ('should return the generated key', async () => {`
			`const key = await ks.get_sign_key (keys[0].iat, 1);`
key store 2020-12-06 21:06:40 +01:00			`expect (key)`
			`.toEqual (keys[0].key);`
redis sync 2022-08-08 15:52:56 +02:00			`const sign = await ks.get_key (keys[0].iat);`
asymmetric keys 2021-01-06 16:06:03 +01:00			`expect (sign)`
			`.toEqual (keys[0].sign);`
key store 2020-12-06 21:06:40 +01:00			`});`

asymmetric keys 2021-01-06 16:06:03 +01:00			`it ('should return the same key on a different time', async () => {`
			`const key = await ks.get_sign_key (keys[0].iat + (frame / 2), 1);`
key store 2020-12-06 21:06:40 +01:00			`expect (key)`
			`.toEqual (keys[0].key);`
redis sync 2022-08-08 15:52:56 +02:00			`const sign = await ks.get_key (keys[0].iat + (frame / 2));`
asymmetric keys 2021-01-06 16:06:03 +01:00			`expect (sign)`
			`.toEqual (keys[0].sign);`
key store 2020-12-06 21:06:40 +01:00			`});`

asymmetric keys 2021-01-06 16:06:03 +01:00			`it ('should generate a new key after time frame is over', async () => {`
key store 2020-12-06 21:06:40 +01:00			`jasmine.clock ()`
fix 2021-01-06 11:15:56 +01:00			`.tick (frame * 1000);`
key store 2020-12-06 21:06:40 +01:00			`const iat = (new Date)`
			`.getTime () / 1000;`
fix 2021-01-06 11:15:56 +01:00			`const duration = 10 * frame;`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const key = await ks.get_sign_key (iat, duration);`
redis sync 2022-08-08 15:52:56 +02:00			`const sign = await ks.get_key (iat);`
key store 2020-12-06 21:06:40 +01:00			`expect (typeof key)`
			`.toEqual ('string');`
			`expect (key).not.toEqual (keys[0].key);`
asymmetric keys 2021-01-06 16:06:03 +01:00			`expect (sign).not.toEqual (keys[0].sign);`
			`keys.push ({ iat, key, sign });`
key store 2020-12-06 21:06:40 +01:00			`});`

asymmetric keys 2021-01-06 16:06:03 +01:00			`it ('should return both keys, but not the first sign key', async () => {`
redis sync 2022-08-08 15:52:56 +02:00			`const sign = await ks.get_key (keys[0].iat);`
asymmetric keys 2021-01-06 16:06:03 +01:00			`expect (sign)`
			`.toEqual (keys[0].sign);`
			`await expectAsync (ks.get_sign_key (keys[0].iat, 1))`
			`.toBeRejectedWithError ('cannot access already expired keys');`
			`const k2 = await ks.get_sign_key (keys[1].iat, 1);`
redis sync 2022-08-08 15:52:56 +02:00			`const s2 = await ks.get_key (keys[1].iat);`
key store 2020-12-06 21:06:40 +01:00			`expect (k2)`
			`.toEqual (keys[1].key);`
asymmetric keys 2021-01-06 16:06:03 +01:00			`expect (s2)`
			`.toEqual (keys[1].sign);`
key store 2020-12-06 21:06:40 +01:00			`});`

redis sync 2022-08-08 15:52:56 +02:00			`it ('should throw on non existing key', async () => {`
			`await expectAsync (ks.get_key (keys[1].iat + frame))`
			`.toBeRejectedWithError ('key could not be found');`
key store 2020-12-06 21:06:40 +01:00			`});`

redis sync 2022-08-08 15:52:56 +02:00			`it ('should delete a key after it expires', async () => {`
fixes 2021-01-07 15:43:54 +01:00			`// go to 10 frames + 1ms after key creation`
key store 2020-12-06 21:06:40 +01:00			`jasmine.clock ()`
fixes 2021-01-07 15:43:54 +01:00			`.tick ((frame * 9e3) + 1);`
			`// eslint-disable-next-line dot-notation`
			`ks['garbage_collect'] ();`
redis sync 2022-08-08 15:52:56 +02:00			`await expectAsync (ks.get_key (keys[0].iat))`
			`.toBeRejectedWithError ('key could not be found');`
key store 2020-12-06 21:06:40 +01:00			`});`

asymmetric keys 2021-01-06 16:06:03 +01:00			`it (`
			`'should still retrieve the second key, but not its sign key',`
			`async () => {`
			`await expectAsync (ks.get_sign_key (keys[1].iat, 1))`
			`.toBeRejectedWithError ('cannot access already expired keys');`
redis sync 2022-08-08 15:52:56 +02:00			`const sign = await ks.get_key (keys[1].iat);`
asymmetric keys 2021-01-06 16:06:03 +01:00			`expect (sign)`
			`.toEqual (keys[1].sign);`
			`}`
			`);`

			`it ('should reject key generation of expired keys', async () => {`
test edge case 2020-12-06 21:29:11 +01:00			`const iat = ((new Date)`
fix 2021-01-06 11:15:56 +01:00			`.getTime () / 1000) - 2;`
test edge case 2020-12-06 21:29:11 +01:00			`const duration = 5;`
asymmetric keys 2021-01-06 16:06:03 +01:00			`await expectAsync (ks.get_sign_key (iat, duration))`
			`.toBeRejectedWithError ('cannot access already expired keys');`
test edge case 2020-12-06 21:29:11 +01:00			`});`

asymmetric keys 2021-01-06 16:06:03 +01:00			`it ('key should live as long as the longest created token', async () => {`
fix 2021-01-06 11:15:56 +01:00			`jasmine.clock ()`
fixes 2021-01-07 15:43:54 +01:00			`.tick (frame * 10e3);`
fix 2021-01-06 11:15:56 +01:00			`const iat = (new Date)`
			`.getTime () / 1000;`
			`const duration1 = frame;`
			`const duration2 = frame * 10;`

asymmetric keys 2021-01-06 16:06:03 +01:00			`const key1 = await ks.get_sign_key (iat, duration1);`
fix 2021-01-06 11:15:56 +01:00			`const step = 0.9 * frame;`
			`jasmine.clock ()`
			`.tick (step * 1000);`
asymmetric keys 2021-01-06 16:06:03 +01:00			`const key2 = await ks.get_sign_key (iat + step, duration2);`
redis sync 2022-08-08 15:52:56 +02:00			`const sign = await ks.get_key (iat);`
fix 2021-01-06 11:15:56 +01:00			`expect (key1)`
			`.toEqual (key2);`
			`jasmine.clock ()`
			`.tick (5000 * frame);`
redis sync 2022-08-08 15:52:56 +02:00			`const signv = await ks.get_key (iat + step);`
asymmetric keys 2021-01-06 16:06:03 +01:00			`expect (signv)`
			`.toEqual (sign);`
fix 2021-01-06 11:15:56 +01:00			`});`

asymmetric keys import/export 2021-01-06 22:43:03 +01:00			`it ('should not allow invalid expiry times', async () => {`
			`await expectAsync (ks.get_sign_key (0, 0))`
			`.toBeRejectedWithError ('cannot create infinitely valid key');`
			`await expectAsync (ks.get_sign_key (0, -1))`
			`.toBeRejectedWithError ('cannot create infinitely valid key');`
			`});`

export/import keys 2021-01-08 13:30:53 +01:00			`it ('should export and import all keys', async () => {`
			`const iat = (new Date)`
			`.getTime () / 1000;`

			`const sign = await ks.get_sign_key (iat, frame);`
redis sync 2022-08-08 15:52:56 +02:00			`const ver = await ks.get_key (iat);`
export/import keys 2021-01-08 13:30:53 +01:00			`const exp = ks.export_verification_data ();`
			`// eslint-disable-next-line dot-notation`
			`expect (Object.keys (ks['_keys']))`
simplify export data 2021-01-14 21:31:21 +01:00			`.toEqual (exp.map ((v) => v.index));`
export/import keys 2021-01-08 13:30:53 +01:00
			`const ks2 = (new KeyStore);`
			`expect (ks2.instance_id).not.toEqual (ks.instance_id);`
			`ks2.import_verification_data (exp);`
			`// eslint-disable-next-line dot-notation`
simplify export data 2021-01-14 21:31:21 +01:00			`expect (Object.keys (ks2['_keys']))`
			`.toEqual (exp.map ((v) => v.index));`
export/import keys 2021-01-08 13:30:53 +01:00
			`const sign2 = await ks2.get_sign_key (iat, frame);`
redis sync 2022-08-08 15:52:56 +02:00			`const ver2 = await ks2.get_key (iat);`
export/import keys 2021-01-08 13:30:53 +01:00			`expect (sign).not.toEqual (sign2);`
			`expect (ver).not.toEqual (ver2);`
			`await expectAsync (ks2.get_sign_key (iat, 60, ks.instance_id))`
			`.toBeRejectedWithError ('cannot access already expired keys');`
redis sync 2022-08-08 15:52:56 +02:00			`expect (await ks2.get_key (iat, ks.instance_id))`
export/import keys 2021-01-08 13:30:53 +01:00			`.toEqual (ver);`
			`});`

			`it ('should disallow importing to itself', () => {`
			`const exp = ks.export_verification_data ();`
			`expect (() => ks.import_verification_data (exp))`
			`.toThrowError ('cannot import to the same instance');`
			`});`
clearing instances 2021-01-15 14:45:05 +01:00
			`it ('should clear all', () => {`
			`// eslint-disable-next-line dot-notation`
			`expect (Object.keys (ks['_keys']).length)`
			`.toBeGreaterThan (0);`
			`const instance = ks.instance_id;`
			`ks.reset_instance ();`
			`// eslint-disable-next-line dot-notation`
			`expect (Object.keys (ks['_keys']).length)`
			`.toEqual (0);`
			`expect (instance).not.toEqual (ks.instance_id);`
			`});`
key store 2020-12-06 21:06:40 +01:00			`});`