2020-12-13 13:37:11 +01:00
|
|
|
/*
|
|
|
|
* Copyright (C) Sapphirecode - All Rights Reserved
|
|
|
|
* This file is part of Auth-Server-Helper which is released under MIT.
|
|
|
|
* See file 'LICENSE' for full license details.
|
|
|
|
* Created by Timo Hocker <timo@scode.ovh>, December 2020
|
|
|
|
*/
|
|
|
|
|
2020-12-06 21:06:40 +01:00
|
|
|
import ks from '../../lib/KeyStore';
|
2021-01-06 22:43:03 +01:00
|
|
|
import { assert_keystore_state, flush_routine } from '../Helper';
|
2020-12-06 21:06:40 +01:00
|
|
|
|
2021-01-06 11:15:56 +01:00
|
|
|
const frame = 60;
|
|
|
|
|
2020-12-06 21:06:40 +01:00
|
|
|
/* eslint-disable-next-line max-lines-per-function */
|
|
|
|
describe ('key store', () => {
|
|
|
|
beforeAll (() => {
|
2021-01-06 22:43:03 +01:00
|
|
|
flush_routine ();
|
|
|
|
assert_keystore_state ();
|
2020-12-06 21:06:40 +01:00
|
|
|
jasmine.clock ()
|
|
|
|
.install ();
|
|
|
|
const base_date = (new Date);
|
|
|
|
base_date.setSeconds (2);
|
|
|
|
jasmine.clock ()
|
|
|
|
.mockDate (base_date);
|
|
|
|
});
|
|
|
|
|
2021-01-06 16:06:03 +01:00
|
|
|
const keys: {key:string, sign:string, iat:number}[] = [];
|
2020-12-06 21:06:40 +01:00
|
|
|
|
2021-01-06 16:06:03 +01:00
|
|
|
it ('should generate a new key', async () => {
|
2020-12-06 21:06:40 +01:00
|
|
|
const iat = (new Date)
|
|
|
|
.getTime () / 1000;
|
2021-01-06 11:15:56 +01:00
|
|
|
const duration = 10 * frame;
|
2021-01-06 16:06:03 +01:00
|
|
|
const key = await ks.get_sign_key (iat, duration);
|
|
|
|
const sign = ks.get_key (iat);
|
2020-12-06 21:06:40 +01:00
|
|
|
expect (typeof key)
|
|
|
|
.toEqual ('string');
|
2021-01-06 16:06:03 +01:00
|
|
|
expect (typeof sign)
|
|
|
|
.toEqual ('string');
|
|
|
|
keys.push ({ iat, key, sign });
|
2020-12-06 21:06:40 +01:00
|
|
|
});
|
|
|
|
|
2021-01-06 16:06:03 +01:00
|
|
|
it ('should return the generated key', async () => {
|
|
|
|
const key = await ks.get_sign_key (keys[0].iat, 1);
|
2020-12-06 21:06:40 +01:00
|
|
|
expect (key)
|
|
|
|
.toEqual (keys[0].key);
|
2021-01-06 16:06:03 +01:00
|
|
|
const sign = ks.get_key (keys[0].iat);
|
|
|
|
expect (sign)
|
|
|
|
.toEqual (keys[0].sign);
|
2020-12-06 21:06:40 +01:00
|
|
|
});
|
|
|
|
|
2021-01-06 16:06:03 +01:00
|
|
|
it ('should return the same key on a different time', async () => {
|
|
|
|
const key = await ks.get_sign_key (keys[0].iat + (frame / 2), 1);
|
2020-12-06 21:06:40 +01:00
|
|
|
expect (key)
|
|
|
|
.toEqual (keys[0].key);
|
2021-01-06 16:06:03 +01:00
|
|
|
const sign = ks.get_key (keys[0].iat + (frame / 2));
|
|
|
|
expect (sign)
|
|
|
|
.toEqual (keys[0].sign);
|
2020-12-06 21:06:40 +01:00
|
|
|
});
|
|
|
|
|
2021-01-06 16:06:03 +01:00
|
|
|
it ('should generate a new key after time frame is over', async () => {
|
2020-12-06 21:06:40 +01:00
|
|
|
jasmine.clock ()
|
2021-01-06 11:15:56 +01:00
|
|
|
.tick (frame * 1000);
|
2020-12-06 21:06:40 +01:00
|
|
|
const iat = (new Date)
|
|
|
|
.getTime () / 1000;
|
2021-01-06 11:15:56 +01:00
|
|
|
const duration = 10 * frame;
|
2021-01-06 16:06:03 +01:00
|
|
|
const key = await ks.get_sign_key (iat, duration);
|
|
|
|
const sign = ks.get_key (iat);
|
2020-12-06 21:06:40 +01:00
|
|
|
expect (typeof key)
|
|
|
|
.toEqual ('string');
|
|
|
|
expect (key).not.toEqual (keys[0].key);
|
2021-01-06 16:06:03 +01:00
|
|
|
expect (sign).not.toEqual (keys[0].sign);
|
|
|
|
keys.push ({ iat, key, sign });
|
2020-12-06 21:06:40 +01:00
|
|
|
});
|
|
|
|
|
2021-01-06 16:06:03 +01:00
|
|
|
it ('should return both keys, but not the first sign key', async () => {
|
|
|
|
const sign = ks.get_key (keys[0].iat);
|
|
|
|
expect (sign)
|
|
|
|
.toEqual (keys[0].sign);
|
|
|
|
await expectAsync (ks.get_sign_key (keys[0].iat, 1))
|
|
|
|
.toBeRejectedWithError ('cannot access already expired keys');
|
|
|
|
const k2 = await ks.get_sign_key (keys[1].iat, 1);
|
|
|
|
const s2 = ks.get_key (keys[1].iat);
|
2020-12-06 21:06:40 +01:00
|
|
|
expect (k2)
|
|
|
|
.toEqual (keys[1].key);
|
2021-01-06 16:06:03 +01:00
|
|
|
expect (s2)
|
|
|
|
.toEqual (keys[1].sign);
|
2020-12-06 21:06:40 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
it ('should throw on non existing key', () => {
|
2021-01-06 11:15:56 +01:00
|
|
|
expect (() => ks.get_key (keys[1].iat + frame))
|
2020-12-06 21:06:40 +01:00
|
|
|
.toThrowError ('key could not be found');
|
|
|
|
});
|
|
|
|
|
|
|
|
it ('should delete a key after it expires', () => {
|
|
|
|
jasmine.clock ()
|
2021-01-06 11:15:56 +01:00
|
|
|
.tick (10000 * frame);
|
2020-12-06 21:06:40 +01:00
|
|
|
expect (() => ks.get_key (keys[0].iat))
|
|
|
|
.toThrowError ('key could not be found');
|
|
|
|
});
|
|
|
|
|
2021-01-06 16:06:03 +01:00
|
|
|
it (
|
|
|
|
'should still retrieve the second key, but not its sign key',
|
|
|
|
async () => {
|
|
|
|
await expectAsync (ks.get_sign_key (keys[1].iat, 1))
|
|
|
|
.toBeRejectedWithError ('cannot access already expired keys');
|
|
|
|
const sign = ks.get_key (keys[1].iat);
|
|
|
|
expect (sign)
|
|
|
|
.toEqual (keys[1].sign);
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
it ('should reject key generation of expired keys', async () => {
|
2020-12-06 21:29:11 +01:00
|
|
|
const iat = ((new Date)
|
2021-01-06 11:15:56 +01:00
|
|
|
.getTime () / 1000) - 2;
|
2020-12-06 21:29:11 +01:00
|
|
|
const duration = 5;
|
2021-01-06 16:06:03 +01:00
|
|
|
await expectAsync (ks.get_sign_key (iat, duration))
|
|
|
|
.toBeRejectedWithError ('cannot access already expired keys');
|
2020-12-06 21:29:11 +01:00
|
|
|
});
|
|
|
|
|
2021-01-06 16:06:03 +01:00
|
|
|
it ('key should live as long as the longest created token', async () => {
|
2021-01-06 11:15:56 +01:00
|
|
|
const base = new Date;
|
|
|
|
base.setSeconds (2, 0);
|
|
|
|
jasmine.clock ()
|
|
|
|
.mockDate (base);
|
|
|
|
jasmine.clock ()
|
|
|
|
.tick (24 * 60 * 60 * 1000);
|
|
|
|
const iat = (new Date)
|
|
|
|
.getTime () / 1000;
|
|
|
|
const duration1 = frame;
|
|
|
|
const duration2 = frame * 10;
|
|
|
|
|
2021-01-06 16:06:03 +01:00
|
|
|
const key1 = await ks.get_sign_key (iat, duration1);
|
2021-01-06 11:15:56 +01:00
|
|
|
const step = 0.9 * frame;
|
|
|
|
jasmine.clock ()
|
|
|
|
.tick (step * 1000);
|
2021-01-06 16:06:03 +01:00
|
|
|
const key2 = await ks.get_sign_key (iat + step, duration2);
|
|
|
|
const sign = ks.get_key (iat);
|
2021-01-06 11:15:56 +01:00
|
|
|
expect (key1)
|
|
|
|
.toEqual (key2);
|
|
|
|
jasmine.clock ()
|
|
|
|
.tick (5000 * frame);
|
2021-01-06 16:06:03 +01:00
|
|
|
const signv = ks.get_key (iat + step);
|
|
|
|
expect (signv)
|
|
|
|
.toEqual (sign);
|
2021-01-06 11:15:56 +01:00
|
|
|
});
|
|
|
|
|
2021-01-06 22:43:03 +01:00
|
|
|
it ('should not allow invalid expiry times', async () => {
|
|
|
|
await expectAsync (ks.get_sign_key (0, 0))
|
|
|
|
.toBeRejectedWithError ('cannot create infinitely valid key');
|
|
|
|
await expectAsync (ks.get_sign_key (0, -1))
|
|
|
|
.toBeRejectedWithError ('cannot create infinitely valid key');
|
|
|
|
});
|
|
|
|
|
2021-01-06 16:06:03 +01:00
|
|
|
// TODO: required use case: insert keys for verification of old tokens
|
2021-01-06 11:15:56 +01:00
|
|
|
|
2020-12-06 21:06:40 +01:00
|
|
|
afterAll (() => {
|
|
|
|
jasmine.clock ()
|
|
|
|
.uninstall ();
|
|
|
|
});
|
|
|
|
});
|