diff options
Diffstat (limited to 'src/test/java/com/juick/server/tests')
-rw-r--r-- | src/test/java/com/juick/server/tests/ServerTests.java | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java index 320ba6fd..925d42f6 100644 --- a/src/test/java/com/juick/server/tests/ServerTests.java +++ b/src/test/java/com/juick/server/tests/ServerTests.java @@ -104,6 +104,7 @@ import org.springframework.web.client.ResourceAccessException; import org.springframework.web.client.RestTemplate; import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; +import org.tomitribe.auth.signatures.Base64; import org.w3c.dom.*; import org.xml.sax.SAXException; import rocks.xmpp.addr.Jid; @@ -1889,7 +1890,7 @@ public class ServerTests { } @Test - public void signingSpec() throws IOException { + public void signingSpec() throws IOException, NoSuchAlgorithmException { Person from = (Person) signatureManager.getContext(URI.create("http://localhost:8080/u/freefd")).get(); Person to = (Person) signatureManager.getContext(URI.create("http://localhost:8080/u/ugnich")).get(); Follow follow = new Follow(); @@ -1910,7 +1911,7 @@ public class ServerTests { Person ugnichPerson = profileController.getUser("ugnich"); now = Instant.now(); requestDate = DateFormattersHolder.getHttpDateFormatter().format(now); - String signatureString = signatureManager.addSignature(ugnichPerson, testHost, "GET", meUri, requestDate); + String signatureString = signatureManager.addSignature(ugnichPerson, testHost, "GET", meUri, requestDate, StringUtils.EMPTY); MvcResult me = mockMvc.perform(get("/api/me") .header("Host", testHost) .header("Date", requestDate) @@ -1924,24 +1925,28 @@ public class ServerTests { URI testuserUri = URI.create("https://example.com/u/testuser"); URI testuserkeyUri = URI.create("https://example.com/u/testuser#main-key"); MockRestServiceServer restServiceServer = MockRestServiceServer.createServer(apClient); - restServiceServer.expect(times(3), requestTo(testuserUri)) + restServiceServer.expect(times(4), requestTo(testuserUri)) .andRespond(withSuccess(testuserResponseString, MediaType.APPLICATION_JSON)); - restServiceServer.expect(times(3), requestTo(testuserkeyUri)) + restServiceServer.expect(times(4), requestTo(testuserkeyUri)) .andRespond(withSuccess(testuserResponseString, MediaType.APPLICATION_JSON)); Person testuser = (Person) signatureManager.getContext(testuserUri).get(); assertThat(testuser.getPublicKey().getPublicKeyPem(), is(testKeystoreManager.getPublicKeyPem())); Instant now2 = Instant.now(); String testRequestDate = DateFormattersHolder.getHttpDateFormatter().format(now2); String inboxUri = "/api/inbox"; + var payload = IOUtils.toByteArray(testfollowRequest.getInputStream()); + final byte[] digest = MessageDigest.getInstance("SHA-256").digest(payload); // (1) + final String digestHeader = "SHA-256=" + new String(Base64.encodeBase64(digest)); String testSignatureString = signatureManager.addSignature(testuser, testHost, "POST", - inboxUri, testRequestDate, testKeystoreManager); + inboxUri, testRequestDate, digestHeader, testKeystoreManager); mockMvc.perform(post(inboxUri) .header("Host", testHost) .header("Date", testRequestDate) + .header("Digest", digestHeader) .header("Signature", testSignatureString) .contentType(Context.LD_JSON_MEDIA_TYPE) - .content(IOUtils.toByteArray(testfollowRequest.getInputStream()))) + .content(payload)) .andExpect(status().isAccepted()); mockMvc.perform(post(inboxUri) .header("Host", "wronghost") @@ -1950,6 +1955,14 @@ public class ServerTests { .contentType(Context.LD_JSON_MEDIA_TYPE) .content(IOUtils.toByteArray(testfollowRequest.getInputStream()))) .andExpect(status().isUnauthorized()); + // digest required but not present + mockMvc.perform(post(inboxUri) + .header("Host", testHost) + .header("Date", testRequestDate) + .header("Signature", testSignatureString) + .contentType(Context.LD_JSON_MEDIA_TYPE) + .content(payload)) + .andExpect(status().isUnauthorized()); apClient.setRequestFactory(originalRequestFactory); } |