
232 строки
8.7 KiB
Исходник Обычный вид История

2013-12-12 05:30:06 +04:00
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
2013-08-29 04:18:09 +04:00
function (tdd, assert, Deferred, request, gherkin, bidbundle, AssertionService) {
'use strict';
tdd.suite('assertion_service', function () {
2013-08-29 04:18:09 +04:00
var client;
var assertionService;
2013-09-17 20:43:19 +04:00
var serverUrl = '';
//var serverUrl = 'https://api-accounts.dev.lcip.org';
2013-08-29 04:18:09 +04:00
// before the suite starts
tdd.before(function () {
2013-08-29 04:18:09 +04:00
var setupDfd = new Deferred();
var Client = gherkin.Client;
2013-09-17 20:43:19 +04:00
var email = 'some' + new Date().getTime() + '@example.com';
2013-08-29 04:18:09 +04:00
var password = '12345678';
2013-09-17 20:43:19 +04:00
.create(serverUrl, email, password)
2013-08-29 04:18:09 +04:00
.then(function (x) {
client = x;
return client.login();
2013-12-12 05:46:12 +04:00
.done(function () {
2013-08-29 04:18:09 +04:00
return setupDfd.promise;
tdd.beforeEach(function () {
2013-08-29 04:18:09 +04:00
assertionService = new AssertionService(client);
tdd.test('client session check', function () {
2013-08-29 04:18:09 +04:00
assert.ok(client.sessionToken, 'token', 'Session should have a sessionToken');
tdd.test('#getAssertion (async)', function () {
2013-08-29 04:18:09 +04:00
// test will time out after 9 seconds
var dfd = this.async(9000);
// dfd.callback resolves the promise as long as no errors are thrown from within the callback function
assertionService.getAssertion(dfd.callback(function (err, assertion) {
assert.isNull(err, 'there was no error');
assert.isNotNull(assertion, 'Assertion is not null');
assert.isTrue(assertion.indexOf('~') > -1, 'Result has the ~');
tdd.test('#generateKeys (async)', function () {
2013-08-29 04:18:09 +04:00
var dfd = this.async(9000);
// dfd.callback resolves the promise as long as no errors are thrown from within the callback function
assertionService.generateKeys(dfd.callback(function (err) {
assert.isNull(err, 'there was no error');
assert.ok(assertionService.sk, 'SecretKey exists');
assert.ok(assertionService.sk.algorithm, 'SecretKey algorithm exists');
assert.ok(assertionService.sk.keysize, 'SecretKey keysize exists');
assert.ok(assertionService.pk, 'PublicKey exists');
assert.ok(assertionService.pk.algorithm, 'PublicKey algorithm exists');
assert.ok(assertionService.pk.keysize, 'PublicKey keysize exists');
tdd.test('#testVerify (async)', function () {
2013-08-29 04:18:09 +04:00
var dfd = this.async(9000);
// dfd.callback resolves the promise as long as no errors are thrown from within the callback function
assertionService.getAssertion(dfd.callback(function (err, assertion) {
assert.isNull(err, 'there was no error');
assert.isNotNull(assertion, 'Assertion is not null');
assert.isTrue(assertion.indexOf('~') > -1, 'Result has the ~');
tdd.test('#checkAssertion (async)', function () {
2013-08-29 04:18:09 +04:00
var dfd = this.async(9000);
var jwcrypto = require('./lib/jwcrypto');
assertionService.getAssertion(function (err, assertion) {
assert.isNull(err, 'there was no error');
assert.isNotNull(assertion, 'Assertion is not null');
assert.isTrue(assertion.indexOf('~') > -1, 'Result has the ~');
.get(serverUrl + '/.well-known/browserid', {
headers: {
2013-12-12 05:46:12 +04:00
'X-Requested-With': ''
2013-08-29 04:18:09 +04:00
2013-09-17 20:43:19 +04:00
function (data) {
assert.ok(data, 'Received .well-known data');
var rk;
2013-09-17 20:43:19 +04:00
try {
rk = JSON.stringify(JSON.parse(data)['public-key']);
2013-09-17 20:43:19 +04:00
} catch (e) {
dfd.reject(new assert.AssertionError({ message: 'Could not parse public key out of .well-known' }));
2013-08-29 04:18:09 +04:00
2013-09-17 20:43:19 +04:00
// jwcrypto verification can go wrong
var fxaRootKey;
var fullAssertion;
var components;
var assertionPublicKey;
var checkDate;
2013-09-17 20:43:19 +04:00
try {
fxaRootKey = jwcrypto.loadPublicKeyFromObject(JSON.parse(rk));
fullAssertion = jwcrypto.cert.unbundle(assertion);
components = jwcrypto.extractComponents(fullAssertion.certs[0]);
assertionPublicKey = jwcrypto.loadPublicKey(JSON.stringify(components.payload['public-key']));
2013-08-29 04:18:09 +04:00
checkDate = new Date(components.payload.exp - 1);
2013-09-17 20:43:19 +04:00
} catch (e) {
dfd.reject(new assert.AssertionError({ message: e }));
2013-08-29 04:18:09 +04:00
2013-09-17 20:43:19 +04:00
assert.ok(components.payload.iss, 'Issuer exists');
assert.ok(components.payload.iat, 'Issued date exists');
assert.ok(components.payload.exp, 'Expire date exists');
2013-08-29 04:18:09 +04:00
2013-12-12 05:46:12 +04:00
if (typeof components.payload.iat !== 'number') {
2013-09-17 20:43:19 +04:00
dfd.reject(new assert.AssertionError({ message: 'cert lacks an "issued at" (.iat) field' }));
2013-12-12 05:46:12 +04:00
2013-08-29 04:18:09 +04:00
2013-12-12 05:46:12 +04:00
if (typeof components.payload.exp !== 'number') {
2013-09-17 20:43:19 +04:00
dfd.reject(new assert.AssertionError({ message: 'cert lacks an "expires" (.exp) field' }));
2013-12-12 05:46:12 +04:00
2013-08-29 04:18:09 +04:00
2013-12-12 05:46:12 +04:00
if (components.payload.exp < components.payload.iat) {
2013-09-17 20:43:19 +04:00
dfd.reject(new assert.AssertionError({ message: 'assertion expires before cert is valid' }));
2013-12-12 05:46:12 +04:00
2013-08-29 04:18:09 +04:00
2013-12-12 05:46:12 +04:00
if (components.payload.exp > (components.payload.exp + 5000)) {
2013-09-17 20:43:19 +04:00
dfd.reject(new assert.AssertionError({ message: 'assertion was likely issued after cert expired' }));
2013-12-12 05:46:12 +04:00
2013-08-29 04:18:09 +04:00
2013-09-17 20:43:19 +04:00
return {
assertion: assertion,
fxaRootKey: fxaRootKey,
fullAssertion: fullAssertion,
assertionPublicKey: assertionPublicKey,
checkDate: checkDate
2013-08-29 04:18:09 +04:00
2013-09-17 20:43:19 +04:00
function (err) {
2013-12-12 05:46:12 +04:00
assert.fail(err, null, '.well-known request failed');
2013-09-17 20:43:19 +04:00
2013-08-29 04:18:09 +04:00
function (objs) {
2013-09-17 20:43:19 +04:00
var verifyDeferred = new Deferred();
objs.fullAssertion.signedAssertion, objs.assertionPublicKey, objs.checkDate,
function (err, payload, assertionParams) {
if (err) {
verifyDeferred.reject(new assert.AssertionError({ message: 'assertion is NOT properly signed: ' + err }));
} else {
assert.isNull(err, 'Assertion is properly signed');
fxaRootKey: objs.fxaRootKey,
payload: payload,
checkDate: objs.checkDate,
assertion: assertion,
assertionParams: assertionParams
2013-08-29 04:18:09 +04:00
2013-09-17 20:43:19 +04:00
2013-08-29 04:18:09 +04:00
2013-12-12 05:46:12 +04:00
return verifyDeferred.promise;
2013-09-17 20:43:19 +04:00
.then(function (objs) {
2013-09-17 20:43:19 +04:00
var verifyBundleDeferred = new Deferred();
objs.checkDate, function (issuer, next) {
assert.ok(issuer, 'issuer is okay');
assert.isString(issuer, 'Issuer is a string');
next(null, objs.fxaRootKey);
function (err, certParamsArray, payload, assertionParams) {
if (err) {
dfd.reject(new assert.AssertionError({ message: 'verifyBundle failed.' }));
} else {
var principal = certParamsArray[certParamsArray.length - 1].certParams.principal;
assert.isNull(err, 'bundle *seems* to verify ok');
assert.ok(certParamsArray.length, 'bundle length ok');
assert.ok(assertionParams.audience, 'bundle audience ok');
assert.ok(principal.email.replace(/^.*@/, ''), 'bundle principle ok');
2013-12-12 05:46:12 +04:00
return verifyBundleDeferred.promise;
2013-09-17 20:43:19 +04:00
).otherwise(function (error) { dfd.reject(error); });
2013-08-29 04:18:09 +04:00
return dfd.promise;