export/import keys

2021-01-08 13:30:53 +01:00
parent 4c42a682d5
commit d6a40871c4
5 changed files with 84 additions and 19 deletions
--- a/test/Helper.ts
+++ b/test/Helper.ts
@@ -7,7 +7,6 @@

 /* eslint-disable no-console */
 import http from 'http';
-import { type } from 'os';
 import ks from '../lib/KeyStore';

 export class Response extends http.IncomingMessage {
@@ -64,7 +63,7 @@ export function clock_setup ():void {
  assert_keystore_state ();

  const date = (new Date);
-  date.setSeconds (2, 0);
+  date.setHours (0, 0, 2, 0);
  jasmine.clock ()
    .install ();
  jasmine.clock ()
--- a/test/spec/KeyStore.ts
+++ b/test/spec/KeyStore.ts
@@ -5,10 +5,10 @@
 * Created by Timo Hocker <timo@scode.ovh>, December 2020
 */

-import ks from '../../lib/KeyStore';
+import ks, { KeyStore } from '../../lib/KeyStore';
 import { clock_finalize, clock_setup } from '../Helper';

-const frame = 60;
+const frame = 3600;

 /* eslint-disable-next-line max-lines-per-function */
 describe ('key store', () => {
@@ -146,5 +146,40 @@ describe ('key store', () => {
      .toBeRejectedWithError ('cannot create infinitely valid key');
  });

-  // TODO: required use case: insert keys for verification of old tokens
+  it ('should export and import all keys', async () => {
+    const iat = (new Date)
+      .getTime () / 1000;
+
+    const sign = await ks.get_sign_key (iat, frame);
+    const ver = ks.get_key (iat);
+    const exp = ks.export_verification_data ();
+    // eslint-disable-next-line dot-notation
+    expect (Object.keys (ks['_keys']))
+      .toEqual (Object.keys (exp));
+    expect (Object.keys (exp)
+      .filter ((v) => typeof exp[v].private_key !== 'undefined').length)
+      .toEqual (0);
+
+    const ks2 = (new KeyStore);
+    expect (ks2.instance_id).not.toEqual (ks.instance_id);
+    ks2.import_verification_data (exp);
+    // eslint-disable-next-line dot-notation
+    expect (ks2['_keys'])
+      .toEqual (exp);
+
+    const sign2 = await ks2.get_sign_key (iat, frame);
+    const ver2 = ks2.get_key (iat);
+    expect (sign).not.toEqual (sign2);
+    expect (ver).not.toEqual (ver2);
+    await expectAsync (ks2.get_sign_key (iat, 60, ks.instance_id))
+      .toBeRejectedWithError ('cannot access already expired keys');
+    expect (ks2.get_key (iat, ks.instance_id))
+      .toEqual (ver);
+  });
+
+  it ('should disallow importing to itself', () => {
+    const exp = ks.export_verification_data ();
+    expect (() => ks.import_verification_data (exp))
+      .toThrowError ('cannot import to the same instance');
+  });
 });