aboutsummaryrefslogtreecommitdiff
path: root/src/test/java
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2023-01-05 11:00:50 +0300
committerGravatar Vitaly Takmazov2023-01-05 20:58:47 +0300
commitcdd03aa64548810591e043fb59a287a1b36c92ba (patch)
tree665ad1e3f1162d0be76c95a814ec4500bcf5ce55 /src/test/java
parent120b26c55069f89cc60ef862514d5cf09566f348 (diff)
ActivityPub: signed GET requests, fix Signature verification
Diffstat (limited to 'src/test/java')
-rw-r--r--src/test/java/com/juick/server/tests/ServerTests.java84
1 files changed, 44 insertions, 40 deletions
diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java
index 51ffb876..04a0802a 100644
--- a/src/test/java/com/juick/server/tests/ServerTests.java
+++ b/src/test/java/com/juick/server/tests/ServerTests.java
@@ -64,6 +64,7 @@ import io.pebbletemplates.pebble.PebbleEngine;
import io.pebbletemplates.pebble.error.PebbleException;
import io.pebbletemplates.pebble.template.PebbleTemplate;
import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
import jakarta.xml.bind.JAXBContext;
import jakarta.xml.bind.JAXBException;
import jakarta.xml.bind.Marshaller;
@@ -85,11 +86,14 @@ import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.core.convert.ConversionService;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.http.*;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.mock.http.client.MockClientHttpRequest;
+import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.mock.web.MockMultipartFile;
import org.springframework.test.context.TestPropertySource;
@@ -203,7 +207,9 @@ public class ServerTests {
@Value("${ios_app_id:}")
private String appId;
@Inject
- private SignatureManager signatureManager;
+ private ActivityPubService activityPubService;
+ @Inject
+ private SignatureService signatureService;
@Inject
private ActivityPubManager activityPubManager;
@Inject
@@ -212,8 +218,6 @@ public class ServerTests {
private WebApp webApp;
@Inject
private RestTemplate apClient;
- @Inject
- private Profile profileController;
@Value("classpath:snapshots/activity/testuser.json")
private Resource testuserResponse;
@@ -274,6 +278,8 @@ public class ServerTests {
private User serviceUser;
@Inject
private User archiveUser;
+ @Inject
+ private ConversionService conversionService;
private static User ugnich, freefd;
static String ugnichName, ugnichPassword, freefdName, freefdPassword;
@@ -527,9 +533,6 @@ public class ServerTests {
public void testAllUnAuthorized() throws Exception {
mockMvc.perform(get("/api/")).andExpect(status().isMovedPermanently());
- mockMvc.perform(get("/api/auth")).andExpect(status().isUnauthorized())
- .andExpect(header().exists("WwW-Authenticate"));
-
mockMvc.perform(get("/api/home")).andExpect(status().isUnauthorized());
mockMvc.perform(get("/api/messages/recommended")).andExpect(status().isUnauthorized());
@@ -672,20 +675,6 @@ public class ServerTests {
}
@Test
- public void performRequestsWithIssuedToken() throws Exception {
- String ugnichHash = userService.getHashByUID(ugnich.getUid());
- mockMvc.perform(get("/api/home")).andExpect(status().isUnauthorized());
- mockMvc.perform(get("/api/auth")).andExpect(status().isUnauthorized());
- mockMvc.perform(get("/api/auth").with(httpBasic(ugnichName, "wrongpassword")))
- .andExpect(status().isUnauthorized());
- MvcResult result = mockMvc.perform(get("/api/auth").with(httpBasic(ugnichName, ugnichPassword)))
- .andExpect(status().isOk()).andReturn();
- String authHash = result.getResponse().getContentAsString();
- assertThat(authHash, equalTo(ugnichHash));
- mockMvc.perform(get("/api/home").param("hash", ugnichHash)).andExpect(status().isOk());
- }
-
- @Test
public void registerForNotificationsTests() throws Exception {
String token = "123456";
ExternalToken registration = new ExternalToken(null, "apns", token, null);
@@ -1592,7 +1581,7 @@ public class ServerTests {
String userName = "oldschooluser";
String userPassword = "";
userService.createUser(userName, userPassword);
- mockMvc.perform(get("/api/auth").with(httpBasic(userName, userPassword)))
+ mockMvc.perform(get("/api/me").with(httpBasic(userName, userPassword)))
.andExpect(status().isUnauthorized());
mockMvc.perform(
post("/login")
@@ -2060,9 +2049,9 @@ public class ServerTests {
create.setId(replyNote.getId());
create.setActor("http://localhost:8080/u/freefd");
create.setObject(replyNote);
- signatureManager.post(
- (Actor) signatureManager.getContext(URI.create("http://localhost:8080/u/freefd")).get(),
- (Actor) signatureManager.getContext(URI.create("http://localhost:8080/u/ugnich")).get(),
+ activityPubService.post(
+ (Actor) activityPubService.get(URI.create("http://localhost:8080/u/freefd")).get(),
+ (Actor) activityPubService.get(URI.create("http://localhost:8080/u/ugnich")).get(),
create);
Message replyToExt = commandsManager
.processCommand(ugnich, String.format("#%d/1 PSSH YOBA ETO TI", msg.getMid()), emptyUri)
@@ -2077,13 +2066,20 @@ public class ServerTests {
}
@Test
- public void signingSpec() throws IOException, NoSuchAlgorithmException {
- Actor from = (Actor) signatureManager.getContext(URI.create("http://localhost:8080/u/freefd")).get();
- Actor to = (Actor) signatureManager.getContext(URI.create("http://localhost:8080/u/ugnich")).get();
+ public void signingSpec() throws Exception {
+ Actor from = (Actor) activityPubService.get(URI.create("http://localhost:8080/u/freefd")).get();
+ Actor to = (Actor) activityPubService.get(URI.create("http://localhost:8080/u/ugnich")).get();
Follow follow = new Follow();
follow.setActor("http://localhost:8080/u/freefd");
follow.setObject(new Context("http://localhost:8080/u/ugnich"));
- signatureManager.post(from, to, follow);
+ var result = activityPubService.post(from, to, follow);
+ assertThat(result, is(HttpStatusCode.valueOf(202)));
+ String testuserResponseString = IOUtils.toString(testuserResponse.getInputStream(),
+ StandardCharsets.UTF_8);
+ Actor maliciousActor = jsonMapper.readValue(testuserResponseString, Actor.class);
+ follow.setActor(maliciousActor.getId());
+ result = activityPubService.post(maliciousActor, to, follow);
+ assertThat(result, is(HttpStatusCode.valueOf(401)));
}
@Test
@@ -2093,15 +2089,15 @@ public class ServerTests {
Instant now = Instant.now();
String requestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
mockMvc.perform(get("/api/me").header("Date", requestDate)).andExpect(status().isUnauthorized());
- String testHost = "localhost";
- Actor ugnichPerson = profileController.getUser("ugnich");
+ String testHost = "localhost:8080";
+ Actor ugnichPerson = conversionService.convert(ugnich, Actor.class);
now = Instant.now();
requestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
- String signatureString = signatureManager.addSignature(ugnichPerson, testHost, "GET", meUri,
+ String signatureString = signatureService.addSignature(ugnichPerson, testHost, "GET", meUri,
requestDate,
StringUtils.EMPTY);
MvcResult me = mockMvc.perform(get("/api/me").header("Host", testHost).header("Date", requestDate)
- .header("Signature", signatureString)).andExpect(status().isOk()).andReturn();
+ .header( "Signature", signatureString)).andExpect(status().isOk()).andReturn();
User meUser = jsonMapper.readValue(me.getResponse().getContentAsString(), User.class);
assertThat(meUser, is(ugnich));
String testuserResponseString = IOUtils.toString(testuserResponse.getInputStream(),
@@ -2116,7 +2112,7 @@ public class ServerTests {
.andRespond(withSuccess(testuserResponseString, MediaType.APPLICATION_JSON));
restServiceServer.expect(times(4), requestTo(testuserkeyUri))
.andRespond(withSuccess(testuserResponseString, MediaType.APPLICATION_JSON));
- Person testuser = (Person) signatureManager.getContext(testuserUri).get();
+ Person testuser = (Person) activityPubService.get(testuserUri).get();
assertThat(testuser.getPublicKey().getPublicKeyPem(), is(testKeystoreManager.getPublicKeyPem()));
Instant now2 = Instant.now();
String testRequestDate = DateFormattersHolder.getHttpDateFormatter().format(now2);
@@ -2124,7 +2120,7 @@ public class ServerTests {
var payload = IOUtils.toByteArray(testfollowRequest.getInputStream());
byte[] digest = MessageDigest.getInstance("SHA-256").digest(payload); // (1)
String digestHeader = "SHA-256=" + new String(Base64.encodeBase64(digest));
- String testSignatureString = signatureManager.addSignature(testuser, testHost, "POST", inboxUri,
+ String testSignatureString = signatureService.addSignature(testuser, testHost, "POST", inboxUri,
testRequestDate, digestHeader, testKeystoreManager);
mockMvc.perform(post(inboxUri).header("Host", testHost).header("Date", testRequestDate)
.header("Digest", digestHeader).header("Signature", testSignatureString)
@@ -2149,7 +2145,7 @@ public class ServerTests {
var digestHeader = "SHA-256=" + new String(Base64.encodeBase64(digest));
var now2 = Instant.now();
String inboxUri = "/api/inbox";
- String testHost = "localhost";
+ String testHost = "localhost:8080";
URI testAppUri = URI.create("https://example.com/actor");
String testappResponseString = IOUtils.toString(testappResponse.getInputStream(),
StandardCharsets.UTF_8);
@@ -2158,9 +2154,9 @@ public class ServerTests {
MockRestServiceServer restServiceServer = MockRestServiceServer.createServer(apClient);
restServiceServer.expect(times(2), requestTo(testAppUri))
.andRespond(withSuccess(testappResponseString, MediaType.APPLICATION_JSON));
- Application testapp = (Application) signatureManager.getContext(testAppUri).get();
+ Application testapp = (Application) activityPubService.get(testAppUri).get();
assertThat(testapp.getPublicKey().getPublicKeyPem(), is(testKeystoreManager.getPublicKeyPem()));
- var testSignatureString = signatureManager.addSignature(testapp, "localhost", "POST", inboxUri,
+ var testSignatureString = signatureService.addSignature(testapp, testHost, "POST", inboxUri,
testRequestDate,
digestHeader, testKeystoreManager);
mockMvc.perform(post(inboxUri).header("Host", testHost).header("Date", testRequestDate)
@@ -2390,18 +2386,18 @@ public class ServerTests {
IOUtils.toString(testSuspendedUserResponse.getInputStream(),
StandardCharsets.UTF_8),
MediaType.APPLICATION_JSON));
- Person testuser = (Person) signatureManager.getContext(URI.create(delete.getObject().getId())).get();
+ Person testuser = (Person) activityPubService.get(URI.create(delete.getObject().getId())).get();
Instant now = Instant.now();
String testRequestDate = DateFormattersHolder.getHttpDateFormatter().format(now);
String inboxUri = "/api/inbox";
byte[] digest = MessageDigest.getInstance("SHA-256").digest(deleteJsonStr.getBytes());
String digestHeader = "SHA-256=" + new String(Base64.encodeBase64(digest));
- String testSignatureString = signatureManager.addSignature(testuser, "localhost", "POST", inboxUri,
+ String testSignatureString = signatureService.addSignature(testuser, "localhost", "POST", inboxUri,
testRequestDate, digestHeader, testKeystoreManager);
mockMvc.perform(post(inboxUri).contentType(ACTIVITY_MEDIA_TYPE).content(deleteJsonStr)
.header("Host", "localhost").header("Date", testRequestDate)
.header("Digest", digestHeader)
- .header("Signature", testSignatureString)).andExpect(status().isAccepted());
+ .header("Signature", testSignatureString)).andExpect(status().isAccepted());
apClient.setRequestFactory(originalRequestFactory);
Mockito.verify(deleteListener, Mockito.times(1)).onApplicationEvent(deleteEventCaptor.capture());
DeleteUserEvent receivedEvent = deleteEventCaptor.getValue();
@@ -2737,6 +2733,14 @@ public class ServerTests {
.andExpect(redirectedUrlPattern("**/settings?continue")).andReturn();
mockMvc.perform(securedResourceAccess.session(session)).andExpect(status().isOk());
}
+
+ @Test
+ @Transactional
+ public void signedGetTest() throws Exception {
+ var protectedAccount = "http://localhost:8080/u/ugnich";
+ var context = activityPubService.get(URI.create(protectedAccount));
+ assertThat(context.get().getId(), is(protectedAccount));
+ }
/*
@Test
public void tokenAuth() throws Exception {