/* * Copyright (C) Sapphirecode - All Rights Reserved * This file is part of Auth-Server-Helper which is released under MIT. * See file 'LICENSE' for full license details. * Created by Timo Hocker , December 2020 */ import ks from '../../lib/KeyStore'; const frame = 60; /* eslint-disable-next-line max-lines-per-function */ describe ('key store', () => { beforeAll (() => { jasmine.clock () .install (); const base_date = (new Date); base_date.setSeconds (2); jasmine.clock () .mockDate (base_date); }); const keys: {key:string, sign:string, iat:number}[] = []; it ('should generate a new key', async () => { const iat = (new Date) .getTime () / 1000; const duration = 10 * frame; const key = await ks.get_sign_key (iat, duration); const sign = ks.get_key (iat); expect (typeof key) .toEqual ('string'); expect (typeof sign) .toEqual ('string'); keys.push ({ iat, key, sign }); }); it ('should return the generated key', async () => { const key = await ks.get_sign_key (keys[0].iat, 1); expect (key) .toEqual (keys[0].key); const sign = ks.get_key (keys[0].iat); expect (sign) .toEqual (keys[0].sign); }); it ('should return the same key on a different time', async () => { const key = await ks.get_sign_key (keys[0].iat + (frame / 2), 1); expect (key) .toEqual (keys[0].key); const sign = ks.get_key (keys[0].iat + (frame / 2)); expect (sign) .toEqual (keys[0].sign); }); it ('should generate a new key after time frame is over', async () => { jasmine.clock () .tick (frame * 1000); const iat = (new Date) .getTime () / 1000; const duration = 10 * frame; const key = await ks.get_sign_key (iat, duration); const sign = ks.get_key (iat); expect (typeof key) .toEqual ('string'); expect (key).not.toEqual (keys[0].key); expect (sign).not.toEqual (keys[0].sign); keys.push ({ iat, key, sign }); }); it ('should return both keys, but not the first sign key', async () => { const sign = ks.get_key (keys[0].iat); expect (sign) .toEqual (keys[0].sign); await expectAsync (ks.get_sign_key (keys[0].iat, 1)) .toBeRejectedWithError ('cannot access already expired keys'); const k2 = await ks.get_sign_key (keys[1].iat, 1); const s2 = ks.get_key (keys[1].iat); expect (k2) .toEqual (keys[1].key); expect (s2) .toEqual (keys[1].sign); }); it ('should throw on non existing key', () => { expect (() => ks.get_key (keys[1].iat + frame)) .toThrowError ('key could not be found'); }); it ('should delete a key after it expires', () => { jasmine.clock () .tick (10000 * frame); expect (() => ks.get_key (keys[0].iat)) .toThrowError ('key could not be found'); }); it ( 'should still retrieve the second key, but not its sign key', async () => { await expectAsync (ks.get_sign_key (keys[1].iat, 1)) .toBeRejectedWithError ('cannot access already expired keys'); const sign = ks.get_key (keys[1].iat); expect (sign) .toEqual (keys[1].sign); } ); it ('should reject key generation of expired keys', async () => { const iat = ((new Date) .getTime () / 1000) - 2; const duration = 5; await expectAsync (ks.get_sign_key (iat, duration)) .toBeRejectedWithError ('cannot access already expired keys'); }); it ('key should live as long as the longest created token', async () => { const base = new Date; base.setSeconds (2, 0); jasmine.clock () .mockDate (base); jasmine.clock () .tick (24 * 60 * 60 * 1000); const iat = (new Date) .getTime () / 1000; const duration1 = frame; const duration2 = frame * 10; const key1 = await ks.get_sign_key (iat, duration1); const step = 0.9 * frame; jasmine.clock () .tick (step * 1000); const key2 = await ks.get_sign_key (iat + step, duration2); const sign = ks.get_key (iat); expect (key1) .toEqual (key2); jasmine.clock () .tick (5000 * frame); const signv = ks.get_key (iat + step); expect (signv) .toEqual (sign); }); // TODO: required use case: insert keys for verification of old tokens afterAll (() => { jasmine.clock () .tick (24 * 60 * 60 * 1000); jasmine.clock () .uninstall (); }); });