-
-
Notifications
You must be signed in to change notification settings - Fork 303
/
crit.test.js
84 lines (76 loc) · 3.58 KB
/
crit.test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
const test = require('ava')
const base64url = require('../../lib/help/base64url')
const { JWK: { generateSync }, JWE, errors } = require('../..')
const UNDEFINED = 'http:https://example.invalid/UNDEFINED'
test('crit must be understood', t => {
const k = generateSync('oct')
const jws = JWE.encrypt('foo', k, { crit: [UNDEFINED], [UNDEFINED]: true })
t.throws(() => {
JWE.decrypt(jws, k)
}, { instanceOf: errors.JOSECritNotUnderstood, code: 'ERR_JOSE_CRIT_NOT_UNDERSTOOD', message: `critical "${UNDEFINED}" is not understood` })
JWE.decrypt(jws, k, { crit: [UNDEFINED] })
})
test('crit must be present', t => {
const k = generateSync('oct')
t.throws(() => {
JWE.encrypt('foo', k, { crit: [UNDEFINED] })
}, { instanceOf: errors.JWEInvalid, code: 'ERR_JWE_INVALID', message: `critical parameter "${UNDEFINED}" is missing` })
t.throws(() => {
JWE.decrypt(
`${base64url.JSON.encode({ alg: 'HS256', crit: [UNDEFINED] })}.${base64url.JSON.encode({})}...`,
k,
{ crit: [UNDEFINED] }
)
}, { instanceOf: errors.JWEInvalid, code: 'ERR_JWE_INVALID', message: `critical parameter "${UNDEFINED}" is missing` })
})
test('crit must be integrity protected', t => {
const k = generateSync('oct')
t.throws(() => {
JWE.encrypt.flattened('foo', k, undefined, undefined, { crit: [UNDEFINED] })
}, { instanceOf: errors.JWEInvalid, code: 'ERR_JWE_INVALID', message: '"crit" Header Parameter MUST be integrity protected when present' })
const jws = JWE.encrypt.flattened('foo', k)
jws.header = { crit: [UNDEFINED] }
t.throws(() => {
JWE.decrypt(jws, k, { crit: [UNDEFINED] })
}, { instanceOf: errors.JWEInvalid, code: 'ERR_JWE_INVALID', message: '"crit" Header Parameter MUST be integrity protected when present' })
})
test('crit must be an array of strings', t => {
const k = generateSync('oct')
;[{}, new Object(), false, null, Infinity, 0, '', Buffer.from('foo'), []].forEach((val) => { // eslint-disable-line no-new-object
t.throws(() => {
JWE.encrypt('foo', k, { crit: val })
}, { instanceOf: errors.JWEInvalid, code: 'ERR_JWE_INVALID', message: '"crit" Header Parameter MUST be an array of non-empty strings when present' })
t.throws(() => {
JWE.encrypt('foo', k, { crit: [val] })
}, { instanceOf: errors.JWEInvalid, code: 'ERR_JWE_INVALID', message: '"crit" Header Parameter MUST be an array of non-empty strings when present' })
})
})
test('crit option be an array of strings', t => {
;[{}, new Object(), false, null, Infinity, 0, '', Buffer.from('foo')].forEach((val) => { // eslint-disable-line no-new-object
t.throws(() => {
JWE.decrypt({
header: { alg: 'HS256' },
payload: 'foo',
ciphertext: 'bar'
}, generateSync('oct'), { crit: val })
}, { instanceOf: TypeError, message: '"crit" option must be an array of non-empty strings' })
t.throws(() => {
JWE.decrypt({
header: { alg: 'HS256' },
payload: 'foo',
ciphertext: 'bar'
}, generateSync('oct'), { crit: [val] })
}, { instanceOf: TypeError, message: '"crit" option must be an array of non-empty strings' })
})
})
test('crit must not contain JWE/JWS/JWA defined header parameters', t => {
const k = generateSync('oct')
;[
'alg', 'jku', 'jwk', 'kid', 'x5u', 'x5c', 'x5t', 'x5t#S256', 'typ', 'cty',
'crit', 'enc', 'zip', 'epk', 'apu', 'apv', 'iv', 'tag', 'p2s', 'p2c'
].forEach((crit) => {
t.throws(() => {
JWE.encrypt('foo', k, { crit: [crit] })
}, { instanceOf: errors.JWEInvalid, code: 'ERR_JWE_INVALID', message: `The critical list contains a non-extension Header Parameter ${crit}` })
})
})