signed-integrity: added test for and for JWT payload not being a valid JSON (ref. #28)

__tests__/plugins/signed-integrity.test.js

@@ -80,6 +80,20 @@ describe("plugin: signed-integrity", () => {
     // prepare it for inclusion in the JWT
     noneSignature = btoa(noneSignature).replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
     
+    // prepare stuff for invalid JWT JSON test
+    var invalidPayload = btoa('not a valid JSON string').replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
+    // get an valid signature for invalid payload
+    var invalidPayloadSignature = await subtle.sign(
+      {
+        name: "ECDSA",
+        hash: {name: "SHA-384"}
+      },
+      (await generateECDSAKeypair()).privateKey,
+      (header + '.' + invalidPayload)
+    )
+    // prepare it for inclusion in the JWT
+    invalidPayloadSignature = btoa(invalidPayloadSignature).replace(/\//g, '_').replace(/\+/g, '-').replace(/=/g, '')
+    
     global.resolvingFetch = jest.fn((url, init)=>{
                                 var content = '{"test": "success"}'
                                 var status = 200
@@ -101,6 +115,9 @@ describe("plugin: signed-integrity", () => {
                                 // testing bad signature on the integrity JWT
                                 } else if (url == 'https://resilient.is/bad-signature.json.integrity') {
                                     content = header + '.' + payload + '.' + noneSignature
+                                // testing invalid payload
+                                } else if (url == 'https://resilient.is/invalid-payload.json.integrity') {
+                                    content = header + '.' + invalidPayload + '.' + invalidPayloadSignature
                                 }
                                 
                                 return Promise.resolve(
@@ -288,6 +305,20 @@ describe("plugin: signed-integrity", () => {
     }
   });
   
+  test("it should refuse to fetch content when integrity data not provided and integrity data URL is fetched, but JWT payload is unparseable", async () => {
+    require("../../plugins/signed-integrity.js");
+    
+    expect.assertions(4);
+    try {
+      const response = await LibResilientPluginConstructors.get('signed-integrity')(LR, init).fetch('https://resilient.is/invalid-payload.json', {});
+    } catch (e) {
+      expect(resolvingFetch).toHaveBeenCalledTimes(1);
+      expect(resolvingFetch).toHaveBeenCalledWith('https://resilient.is/invalid-payload.json.integrity')
+      expect(e).toBeInstanceOf(Error)
+      expect(e.toString()).toMatch('JWT payload parsing failed')
+    }
+  });
+  
   test("it should fetch and verify content, when integrity data not provided, by fetching the integrity data URL and using integrity data from it", async () => {
     require("../../plugins/signed-integrity.js");