asymmetric keys import/export

2021-01-06 22:43:03 +01:00
parent adfeeaa52c
commit fd4f891b3e
8 changed files with 142 additions and 56 deletions
--- a/test/Helper.ts
+++ b/test/Helper.ts
@ -5,7 +5,9 @@
 * Created by Timo Hocker <timo@scode.ovh>, January 2021
 */

+/* eslint-disable no-console */
 import http from 'http';
+import ks from '../lib/KeyStore';

 export class Response extends http.IncomingMessage {
  body?: string;
@ -41,3 +43,27 @@ export function modify_signature (signature: string): string {
  dec[1] = '';
  return dec.join ('.');
 }
+
+/* eslint-disable dot-notation */
+export function assert_keystore_state (): void {
+  if (Object.keys (ks['_keys']).length !== 0) {
+    console.warn ('keystore gc not running!');
+    ks['_keys'] = {};
+  }
+}
+/* eslint-enable dot-notation */
+
+export function flush_routine (install_clock = true):void {
+  if (install_clock) {
+    jasmine.clock ()
+      .install ();
+  }
+  jasmine.clock ()
+    .mockDate (new Date);
+  jasmine.clock ()
+    .tick (30 * 24 * 60 * 60 * 1000);
+  if (install_clock) {
+    jasmine.clock ()
+      .uninstall ();
+  }
+}
--- a/test/spec/AuthHandler.ts
+++ b/test/spec/AuthHandler.ts
@ -8,7 +8,10 @@
 import http, { IncomingMessage, ServerResponse } from 'http';
 import { to_b64 } from '@sapphirecode/encoding-helper';
 import auth from '../../lib/Authority';
-import { get, modify_signature, Response } from '../Helper';
+import {
+  assert_keystore_state, flush_routine,
+  get, modify_signature, Response
+} from '../Helper';
 import { create_auth_handler } from '../../lib/index';

 const expires_seconds = 600;
@ -47,7 +50,11 @@ function check_token (token: string, type: string):void {
 // eslint-disable-next-line max-lines-per-function
 describe ('auth handler', () => {
  let server: http.Server|null = null;
+  // eslint-disable-next-line max-lines-per-function
  beforeAll (() => {
+    flush_routine ();
+    assert_keystore_state ();
+
    const ah = create_auth_handler ((req) => {
      if (!req.is_basic && !req.is_bearer) {
        req.invalid ('unknown authorization type');
@ -100,6 +107,14 @@ describe ('auth handler', () => {
      .mockDate (new Date);
  });

+  afterAll (() => {
+    if (server === null)
+      throw new Error ('server is null');
+    server.close ();
+    jasmine.clock ()
+      .uninstall ();
+  });
+
  it ('auth test sequence', async () => {
    // get initial access and refresh tokens
    const resp1 = await get ({ authorization: 'Basic foo:bar' });
@ -253,14 +268,4 @@ describe ('auth handler', () => {
        error_description: 'unknown authorization type'
      });
  });
-
-  afterAll (() => {
-    if (server === null)
-      throw new Error ('server is null');
-    server.close ();
-    jasmine.clock ()
-      .tick (24 * 60 * 60 * 1000);
-    jasmine.clock ()
-      .uninstall ();
-  });
 });
--- a/test/spec/Authority.ts
+++ b/test/spec/Authority.ts
@ -7,7 +7,10 @@

 import auth from '../../lib/Authority';
 import bl from '../../lib/Blacklist';
-import { modify_signature } from '../Helper';
+import {
+  assert_keystore_state,
+  flush_routine, modify_signature
+} from '../Helper';

 // eslint-disable-next-line max-lines-per-function
 describe ('authority', () => {
@ -19,8 +22,8 @@ describe ('authority', () => {
  });

  afterEach (() => {
-    jasmine.clock ()
-      .tick (24 * 60 * 60 * 1000);
+    flush_routine (false);
+    assert_keystore_state ();
    jasmine.clock ()
      .uninstall ();
  });
--- a/test/spec/Blacklist.ts
+++ b/test/spec/Blacklist.ts
@ -16,6 +16,11 @@ describe ('blacklist', () => {
      .mockDate (new Date);
  });

+  afterAll (() => {
+    jasmine.clock ()
+      .uninstall ();
+  });
+
  it ('should validate any string', () => {
    expect (blacklist.is_valid ('foo'))
      .toBeTrue ();
@ -58,9 +63,4 @@ describe ('blacklist', () => {
    expect (blacklist.is_valid ('baz'))
      .toBeFalse ();
  });
-
-  afterAll (() => {
-    jasmine.clock ()
-      .uninstall ();
-  });
 });
--- a/test/spec/Gateway.ts
+++ b/test/spec/Gateway.ts
@ -9,13 +9,15 @@ import http from 'http';
 import { create_gateway } from '../../lib/index';
 import authority from '../../lib/Authority';
 import blacklist from '../../lib/Blacklist';
-import { get } from '../Helper';
+import { assert_keystore_state, flush_routine, get } from '../Helper';

 // eslint-disable-next-line max-lines-per-function
 describe ('gateway', () => {
  let server: http.Server|null = null;

  beforeAll (() => {
+    flush_routine ();
+    assert_keystore_state ();
    jasmine.clock ()
      .install ();
    jasmine.clock ()
@ -42,8 +44,6 @@ describe ('gateway', () => {
      throw new Error ('server is null');
    server.close ();

-    jasmine.clock ()
-      .tick (24 * 60 * 60 * 1000);
    jasmine.clock ()
      .uninstall ();
  });
--- a/test/spec/KeyStore.ts
+++ b/test/spec/KeyStore.ts
@ -6,12 +6,15 @@
 */

 import ks from '../../lib/KeyStore';
+import { assert_keystore_state, flush_routine } from '../Helper';

 const frame = 60;

 /* eslint-disable-next-line max-lines-per-function */
 describe ('key store', () => {
  beforeAll (() => {
+    flush_routine ();
+    assert_keystore_state ();
    jasmine.clock ()
      .install ();
    const base_date = (new Date);
@ -140,11 +143,16 @@ describe ('key store', () => {
      .toEqual (sign);
  });

+  it ('should not allow invalid expiry times', async () => {
+    await expectAsync (ks.get_sign_key (0, 0))
+      .toBeRejectedWithError ('cannot create infinitely valid key');
+    await expectAsync (ks.get_sign_key (0, -1))
+      .toBeRejectedWithError ('cannot create infinitely valid key');
+  });
+
  // TODO: required use case: insert keys for verification of old tokens

  afterAll (() => {
-    jasmine.clock ()
-      .tick (24 * 60 * 60 * 1000);
    jasmine.clock ()
      .uninstall ();
  });