From 35109160ca5d439116bedeb3302ec3745e2895d5 Mon Sep 17 00:00:00 2001 From: Ciro Spaciari Date: Sat, 7 Oct 2023 19:22:45 -0300 Subject: feat(KeyObject) (#5940) * oops * createSecretKey but weird error * use the right prototype, do not add a function called export lol * HMAC JWT export + base64 fix * Fix Equals, Fix Get KeySize, add complete export RSA * fix RSA export * add EC exports * X25519 and ED25519 export + fixes * fix default exports * better asymmetricKeyType * fix private exports * fix symmetricKeySize * createPublicKey validations + refactor * jwt + der fixes * oopsies * add PEM into createPublicKey * cleanup * WIP * bunch of fixes * public from private + private OKP * encrypted keys fixes * oops * fix clear tls error, add some support to jwk and other formats on publicEncrypt/publicDecrypt * more fixes and tests working * more fixes more tests * more clear hmac errors * more tests and fixes * add generateKeyPair * more tests passing, some skips * fix EC key from private * fix OKP JWK * nodejs ignores ext and key_ops on KeyObject.exports * add EC sign verify test * some fixes * add crypto.generateKeyPairSync(type, options) * more fixes and more tests * fix hmac tests * jsonwebtoken tests * oops * oops2 * generated files * revert package.json * vm tests * todos instead of failues * toBunString -> toString * undo simdutf * improvements * unlikely * cleanup * cleanup 2 * oops * move _generateKeyPairSync checks to native --- .../js/third_party/jsonwebtoken/async_sign.test.js | 159 +++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 test/js/third_party/jsonwebtoken/async_sign.test.js (limited to 'test/js/third_party/jsonwebtoken/async_sign.test.js') diff --git a/test/js/third_party/jsonwebtoken/async_sign.test.js b/test/js/third_party/jsonwebtoken/async_sign.test.js new file mode 100644 index 000000000..6efb838d0 --- /dev/null +++ b/test/js/third_party/jsonwebtoken/async_sign.test.js @@ -0,0 +1,159 @@ +import jwt from "jsonwebtoken"; +import { expect, describe, it } from "bun:test"; +import jws from "jws"; +import { generateKeyPairSync } from "crypto"; +var PS_SUPPORTED = true; + +describe("signing a token asynchronously", function () { + describe("when signing a token", function () { + var secret = "shhhhhh"; + + it("should return the same result as singing synchronously", function (done) { + jwt.sign({ foo: "bar" }, secret, { algorithm: "HS256" }, function (err, asyncToken) { + if (err) return done(err); + var syncToken = jwt.sign({ foo: "bar" }, secret, { algorithm: "HS256" }); + expect(typeof asyncToken).toBe("string"); + expect(asyncToken.split(".")).toHaveLength(3); + expect(asyncToken).toEqual(syncToken); + done(); + }); + }); + + it("should work with empty options", function (done) { + jwt.sign({ abc: 1 }, "secret", {}, function (err) { + expect(err).toBeNull(); + done(); + }); + }); + + it("should work without options object at all", function (done) { + jwt.sign({ abc: 1 }, "secret", function (err) { + expect(err).toBeNull(); + done(); + }); + }); + + it("should work with none algorithm where secret is set", function (done) { + jwt.sign({ foo: "bar" }, "secret", { algorithm: "none" }, function (err, token) { + expect(typeof token).toBe("string"); + expect(token.split(".")).toHaveLength(3); + done(); + }); + }); + + //Known bug: https://github.com/brianloveswords/node-jws/issues/62 + //If you need this use case, you need to go for the non-callback-ish code style. + it.skip("should work with none algorithm where secret is falsy", function (done) { + jwt.sign({ foo: "bar" }, undefined, { algorithm: "none" }, function (err, token) { + expect(typeof token).toBe("string"); + expect(token.split(".")).toHaveLength(3); + done(); + }); + }); + + it("should return error when secret is not a cert for RS256", function (done) { + //this throw an error because the secret is not a cert and RS256 requires a cert. + jwt.sign({ foo: "bar" }, secret, { algorithm: "RS256" }, function (err) { + expect(err).toBeTruthy(); + done(); + }); + }); + + it("should not work for RS algorithms when modulus length is less than 2048 when allowInsecureKeySizes is false or not set", function (done) { + const { privateKey } = generateKeyPairSync("rsa", { modulusLength: 1024 }); + + jwt.sign({ foo: "bar" }, privateKey, { algorithm: "RS256" }, function (err) { + expect(err).toBeTruthy(); + done(); + }); + }); + + it("should work for RS algorithms when modulus length is less than 2048 when allowInsecureKeySizes is true", function (done) { + const { privateKey } = generateKeyPairSync("rsa", { modulusLength: 1024 }); + + jwt.sign({ foo: "bar" }, privateKey, { algorithm: "RS256", allowInsecureKeySizes: true }, done); + }); + + if (PS_SUPPORTED) { + it("should return error when secret is not a cert for PS256", function (done) { + //this throw an error because the secret is not a cert and PS256 requires a cert. + jwt.sign({ foo: "bar" }, secret, { algorithm: "PS256" }, function (err) { + expect(err).toBeTruthy(); + done(); + }); + }); + } + + it("should return error on wrong arguments", function (done) { + //this throw an error because the secret is not a cert and RS256 requires a cert. + jwt.sign({ foo: "bar" }, secret, { notBefore: {} }, function (err) { + expect(err).toBeTruthy(); + done(); + }); + }); + + it("should return error on wrong arguments (2)", function (done) { + jwt.sign("string", "secret", { noTimestamp: true }, function (err) { + expect(err).toBeTruthy(); + expect(err).toBeInstanceOf(Error); + done(); + }); + }); + + it("should not stringify the payload", function (done) { + jwt.sign("string", "secret", {}, function (err, token) { + if (err) { + return done(err); + } + expect(jws.decode(token).payload).toEqual("string"); + done(); + }); + }); + + describe("when mutatePayload is not set", function () { + it("should not apply claims to the original payload object (mutatePayload defaults to false)", function (done) { + var originalPayload = { foo: "bar" }; + jwt.sign(originalPayload, "secret", { notBefore: 60, expiresIn: 600 }, function (err) { + if (err) { + return done(err); + } + expect(originalPayload).not.toHaveProperty("nbf"); + expect(originalPayload).not.toHaveProperty("exp"); + done(); + }); + }); + }); + + describe("when mutatePayload is set to true", function () { + it("should apply claims directly to the original payload object", function (done) { + var originalPayload = { foo: "bar" }; + jwt.sign(originalPayload, "secret", { notBefore: 60, expiresIn: 600, mutatePayload: true }, function (err) { + if (err) { + return done(err); + } + expect(originalPayload).toHaveProperty("nbf"); + expect(originalPayload).toHaveProperty("exp"); + done(); + }); + }); + }); + + describe("secret must have a value", function () { + [undefined, "", 0].forEach(function (secret) { + it( + "should return an error if the secret is falsy and algorithm is not set to none: " + + (typeof secret === "string" ? "(empty string)" : secret), + function (done) { + // This is needed since jws will not answer for falsy secrets + jwt.sign("string", secret, {}, function (err, token) { + expect(err).toBeTruthy(); + expect(err.message).toEqual("secretOrPrivateKey must have a value"); + expect(token).toBeFalsy(); + done(); + }); + }, + ); + }); + }); + }); +}); -- cgit v1.2.3