Home Explore Help
Register Sign In
bida
/
bastodon
7
0
Fork 0
Files Issues 9 Pull Requests 0 Wiki
Tree: 921c6fe654
Branches Tags
bastodon
/
spec
/
lib
/
activitypub
/
linked_data_signature_spec.rb

linked_data_signature_spec.rb 2.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. RSpec.describe ActivityPub::LinkedDataSignature do
    6. 

  6.   include JsonLdHelper
    7. 

  7. 

  8.   subject { described_class.new(json) }
    9. 

  9. 

  10.   let!(:sender) { Fabricate(:account, uri: 'http://example.com/alice', domain: 'example.com') }
    11. 

  11. 

  12.   let(:raw_json) do
    13. 

  13.     {
    14. 

  14.       '@context' => 'https://www.w3.org/ns/activitystreams',
    15. 

  15.       'id' => 'http://example.com/hello-world',
    16. 

  16.     }
    17. 

  17.   end
    18. 

  18. 

  19.   let(:json) { raw_json.merge('signature' => signature) }
    20. 

  20. 

  21.   before do
    22. 

  22.     stub_jsonld_contexts!
    23. 

  23.   end
    24. 

  24. 

  25.   describe '#verify_actor!' do
    26. 

  26.     context 'when signature matches' do
    27. 

  27.       let(:raw_signature) do
    28. 

  28.         {
    29. 

  29.           'creator' => 'http://example.com/alice',
    30. 

  30.           'created' => '2017-09-23T20:21:34Z',
    31. 

  31.         }
    32. 

  32.       end
    33. 

  33. 

  34.       let(:signature) { raw_signature.merge('type' => 'RsaSignature2017', 'signatureValue' => sign(sender, raw_signature, raw_json)) }
    35. 

  35. 

  36.       it 'returns creator' do
    37. 

  37.         expect(subject.verify_actor!).to eq sender
    38. 

  38.       end
    39. 

  39.     end
    40. 

  40. 

  41.     context 'when signature is missing' do
    42. 

  42.       let(:signature) { nil }
    43. 

  43. 

  44.       it 'returns nil' do
    45. 

  45.         expect(subject.verify_actor!).to be_nil
    46. 

  46.       end
    47. 

  47.     end
    48. 

  48. 

  49.     context 'when signature is tampered' do
    50. 

  50.       let(:raw_signature) do
    51. 

  51.         {
    52. 

  52.           'creator' => 'http://example.com/alice',
    53. 

  53.           'created' => '2017-09-23T20:21:34Z',
    54. 

  54.         }
    55. 

  55.       end
    56. 

  56. 

  57.       let(:signature) { raw_signature.merge('type' => 'RsaSignature2017', 'signatureValue' => 's69F3mfddd99dGjmvjdjjs81e12jn121Gkm1') }
    58. 

  58. 

  59.       it 'returns nil' do
    60. 

  60.         expect(subject.verify_actor!).to be_nil
    61. 

  61.       end
    62. 

  62.     end
    63. 

  63.   end
    64. 

  64. 

  65.   describe '#sign!' do
    66. 

  66.     subject { described_class.new(raw_json).sign!(sender) }
    67. 

  67. 

  68.     it 'returns a hash' do
    69. 

  69.       expect(subject).to be_a Hash
    70. 

  70.     end
    71. 

  71. 

  72.     it 'contains signature' do
    73. 

  73.       expect(subject['signature']).to be_a Hash
    74. 

  74.       expect(subject['signature']['signatureValue']).to be_present
    75. 

  75.     end
    76. 

  76. 

  77.     it 'can be verified again' do
    78. 

  78.       expect(described_class.new(subject).verify_actor!).to eq sender
    79. 

  79.     end
    80. 

  80.   end
    81. 

  81. 

  82.   def sign(from_actor, options, document)
    83. 

  83.     options_hash   = Digest::SHA256.hexdigest(canonicalize(options.merge('@context' => ActivityPub::LinkedDataSignature::CONTEXT)))
    84. 

  84.     document_hash  = Digest::SHA256.hexdigest(canonicalize(document))
    85. 

  85.     to_be_verified = options_hash + document_hash
    86. 

  86.     Base64.strict_encode64(from_actor.keypair.sign(OpenSSL::Digest.new('SHA256'), to_be_verified))
    87. 

  87.   end
    88. 

  88. end
    89.