slowly figuring out JWTs and WebCrypto API (ref. #28)

2022-01-12 03:54:36 +00:00 · 2022-01-12 03:54:36 +00:00 · 68ad9b1fa6
commit 68ad9b1fa6
--- a/tests/plugins/signed-integrity.test.js
+++ b/tests/plugins/signed-integrity.test.js
@ -1,6 +1,28 @@
+const { subtle } = require('crypto').webcrypto;
+
 describe("plugin: signed-integrity", () => {
  
-  beforeEach(() => {
+  var keypair = null
+  
+  async function generateECDSAKeypair() {
+    if (keypair == null) {
+      keypair = await subtle.generateKey({
+            name: "ECDSA",
+            namedCurve: "P-384"
+        },
+        true,
+        ["sign", "verify"]
+      );
+    }
+
+    return keypair;
+  }
+  
+  async function getArmouredKey(key) {
+    return JSON.stringify(await subtle.exportKey('jwk', key))
+  }
+  
+  beforeEach(async () => {
    global.nodeFetch = require('node-fetch')
    global.Request = global.nodeFetch.Request
    global.Response = global.nodeFetch.Response
@ -22,9 +44,23 @@ describe("plugin: signed-integrity", () => {
        }
    }
    
+    // debug
+    console.log(await getArmouredKey((await generateECDSAKeypair()).publicKey))
+    console.log(await getArmouredKey((await generateECDSAKeypair()).privateKey))
+    
+    // ES384: ECDSA using P-384 and SHA-384
    header = btoa('{"alg": "ES384"}').replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
    payload = btoa('{"integrity": "sha256-eiMrFuthzteJuj8fPwUMyNQMb2SMW7VITmmt2oAxGj0="}').replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
-    signature = btoa('FIXME').replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
+    
+    signature = await subtle.sign(
+      {
+        name: "ECDSA",
+        hash: {name: "SHA-384"}
+      },
+      (await generateECDSAKeypair()).privateKey,
+      (header + '.' + payload)
+    )
+    signature = btoa(signature).replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
    
    global.resolvingFetch = jest.fn((url, init)=>{
                                var content = '{"test": "success"}'