Skip to content

Commit 51f8f44

Browse files
artongeartonge
committed
feat: Validate signature of users' certificate in metadata
Signed-off-by: Louis Chemineau <[email protected]>
1 parent 7770073 commit 51f8f44

14 files changed

+191
-201
lines changed

__tests__/api-mock.ts

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
/**
2+
* SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
3+
* SPDX-License-Identifier: AGPL-3.0-or-later
4+
*/
5+
6+
import { afterAll, afterEach, beforeAll } from 'vitest'
7+
import { setupServer } from 'msw/node'
8+
import { http, HttpResponse } from 'msw'
9+
import { metadata, serverPublicKey, subfolderMetadata } from './consts.spec'
10+
11+
export const restHandlers = [
12+
http.get('http://nextcloud.local//ocs/v2.php/apps/end_to_end_encryption/api/v2/server-key', () => {
13+
return HttpResponse.json({ ocs: { data: { 'public-key': serverPublicKey }}})
14+
}),
15+
http.get('http://nextcloud.local//ocs/v2.php/apps/end_to_end_encryption/api/v2/meta-data/89', () => {
16+
return HttpResponse.json({ ocs: { data: { 'meta-data': JSON.stringify(metadata) }}})
17+
}),
18+
http.get('http://nextcloud.local//ocs/v2.php/apps/end_to_end_encryption/api/v2/meta-data/266', () => {
19+
return HttpResponse.json({ ocs: { data: { 'meta-data': JSON.stringify(subfolderMetadata) }}})
20+
}),
21+
]
22+
23+
const server = setupServer(...restHandlers)
24+
25+
// Start server before all tests
26+
beforeAll(() => server.listen({ onUnhandledRequest: 'error' }))
27+
28+
// Close server after all tests
29+
afterAll(() => server.close())
30+
31+
// Reset handlers after each test `important for test isolation`
32+
afterEach(() => server.resetHandlers())

__tests__/consts.spec.ts

Lines changed: 31 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -16,31 +16,37 @@ export const privateKeyInfo: PrivateKeyInfo = {
1616

1717
export const metadata: Metadata = {
1818
metadata: {
19-
authenticationTag: '/Jfdn9mViRy7lFJnyaNsnQ==',
20-
ciphertext: 'oND/1RFakDsO3ZkFg/bi9pfu7qvCPz2UlcbF2sT458zfaZ+C2nswnRVjoKVIu70qV1lG7QMlcPd7dRZH8DGGYC8cyKcObIrTUo5i1vidWtXxJrTJwmotnRnzd3jf896Wm37sUld+kaZoyveSYI7x6P9TwdgB2hTvHEraTnKDQXsSDrY7RhxrIyMJnuZKU7DIAC8bBghjXDUF8AHT21RUQq7ILVsmjh575rke0GTskegXX1Qra9UNql6z8lGyN/uF26Hrek7YwKP3ef9VC+cFg5/jozspGjf2DQBsYG6X4+oD03Q0xHmdZ7t7VpAcPhWUJuIBdI+/M229REofdZNbQ0Uj61SolU0r8q/rZjxZ9Ev1zvDVOOyOFGrLJvFiO/6oN+BBywHpI62oLPyX3Z/ZlYkcu5RSZ8mjbJ0=|Rv40Cy2YkO4T2GU0e1ZRkQ==',
21-
nonce: 'Rv40Cy2YkO4T2GU0e1ZRkQ==',
19+
authenticationTag: "9lHh8Du2Mg/OcSxFtI132Q==",
20+
ciphertext: "SoLCWKckjiBWIOXXSnLW41LK6qtIVo3aZv6ozko5k0tkzq0IGKC1IB5Gm0hvibq/2UVRB+RjP1IQwg1SlHHnpRoOSih7pMUl9VbH6nAvoyNJz4N3uoS19NRCuD7obWlsULN2tdA8mvuhAPdSssFpJFNk4rjEigYNPTsDIxtrBZ/cFFS3oRQxlgoR9Eta52/cgghufxW9ytX7pGetuWL8+AbtqlKnrA6K5IhkROcK2drm6Snu6a1QdQ/SOO4wWUlWvmHBrUEaYouNPg11X9xBx+MQIQzU2IgrmVBvYIpXrhbWeYepkbRLYeYvXSXklsg4sdK9j0XPU682q1DbhJEYTosj82a5VVZJ5v1agRK3tudxb2enbQtfBQlfagIe9SJA9n/sAjK2n7eIanjNs0yo1MhslYp55zMH4J1kztGuhnHGOJ1ZIr/i36XrESGfoiGruLyhL4kC9lHh8Du2Mg/OcSxFtI132Q==|KTVo3l7fG4jgdi7R4hINcg==",
21+
nonce: "KTVo3l7fG4jgdi7R4hINcg=="
2222
},
2323
users: [
2424
{
25-
certificate: '-----BEGIN CERTIFICATE-----\nMIIDkjCCAnqgAwIBAgIBADANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJERTEb\nMBkGA1UECAwSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlTdHV0dGdhcnQx\nEjAQBgNVBAoMCU5leHRjbG91ZDEOMAwGA1UEAwwFYWRtaW4wHhcNMjQxMjA5MTQw\nNTI2WhcNNDQxMjA0MTQwNTI2WjBiMQswCQYDVQQGEwJERTEbMBkGA1UECAwSQmFk\nZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlTdHV0dGdhcnQxEjAQBgNVBAoMCU5l\neHRjbG91ZDEOMAwGA1UEAwwFYWRtaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\nggEKAoIBAQCR5e87QtuM8uyh2W+PVPVklS/7xnpYH6QmkwKgK8lNHkrsGFRdaHP0\nx98FbjlVHM/wandZlqKlyspANX57tGUFoR+Ya3ymYkvyrKeFv34WsbBL/3QDS6nT\nNrl40hgsuhAJVl99JfFmJPrHwb9iU8yM89ktWsAa+xhDH9n37vmADJiBjOR7IW1b\nF0xjpwp2+9SDMkWCK5A2WMPIY45waZLJw9PsaiKikhV+n1q00PTnULKSkDuUrENy\nYdqY4MnHs/k70QkTdynyDLS2LUdmMyHEHyyMktiwaRileqrsGsQf2pErD5pKhvcf\nuIhN1g7sNDyOtPtyB1ioX5DGTg6LuhrJAgMBAAGjUzBRMB0GA1UdDgQWBBQgTmjF\nLB/B3VZ6sYYZTXFKGL245TAfBgNVHSMEGDAWgBQgTmjFLB/B3VZ6sYYZTXFKGL24\n5TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQABg8Sz2rlkG6/x\nc6GxwWr64EaqrAPfPpi6yUg1HfscokrgGjMuj/g0N6OBXNodkAxQAxOYdaI8LuAe\niqjuiJh0tn1u0yxF0cxUqk3EUZsPmF8YRN4cG55z0hTnXJ/9YxCrYQl/LRUmvP8q\nufnJX+CtRLs5oDVpmCJrEc8hA1rEDaeGYZDy+sfOqk3YjpVKR/ETI+AdQ9ubxFhj\nvUzF4gZNbCyLk1ul0QzwNW1aKV920BVMhYnMaYM9Xaume4pn6wuZoD0k7py+tKCe\nXaemHYSvFS1lY4Q8Ih2cacIan6FgxI/jkanCEOxdUcwtSOTocrn6DL2wmkcLm0Ao\nYovd2rO6\n-----END CERTIFICATE-----\n',
26-
encryptedMetadataKey: 'KS9P5Et+i94PAdpTtR9pyyuTlV6/3e3E/Zzwu8ua1j/e6uHUfQDxpXsksgX95Q/Hin0caoYfwwyWVs2/wtdkHttBdjywzcNfz5yDblrdKAYoyeuCavNatA3OuFDJVcMiisiskD6GMz6o3V21ZqpHwTry05dv4jZMs88lzTOLeDJ7bmmv5Pjyfbg8lxk6oW85LJkUku3+szv+kz+as18Pk+Oe1MylLP+Zktw+1Pckem32h19MacefZI/tkZLmdmjPtKNQGqlefeTXHKnIOzykdPjBG9CJ7zS0MPN7nv0ZgXeSoEi6fUHwkzmg8GxGSjLoL6L7BhLxw7Z8YWZ1MAYyCA==',
27-
userId: 'admin',
25+
certificate: "-----BEGIN CERTIFICATE-----\nMIIDkjCCAnqgAwIBAgIBADANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJERTEb\nMBkGA1UECAwSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlTdHV0dGdhcnQx\nEjAQBgNVBAoMCU5leHRjbG91ZDEOMAwGA1UEAwwFYWxpY2UwHhcNMjUwMTA2MTU0\nMDUzWhcNNDUwMTAxMTU0MDUzWjBiMQswCQYDVQQGEwJERTEbMBkGA1UECAwSQmFk\nZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlTdHV0dGdhcnQxEjAQBgNVBAoMCU5l\neHRjbG91ZDEOMAwGA1UEAwwFYWxpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\nggEKAoIBAQCJAHLMv5Re7YNU1icw9cG2jyDK69UUo+mCuMpfWCmJBug/FgiD3Vt5\nYq9OlyWVfRe4Sbn2ieQCcLzr/mOuDs9aUUc7CyTEbbrBw/e44WDOxuU0or68Voj3\n0nCS4Nn3l6UM6OgMkA4UFFCtbHhltal7Avr6Pk8vymPr9R9pj+dPUaMjhRHhcfyk\nlwSOKq4bNhyQdBTYmXMximZD6bLoqRRl9rkNJcrm0QtvbohWGRCehtGb+lJ4nPqs\nIHEl/2NSuEq1FQ/XK/6+CSoaXoSKAbvkGBGLe9Zs2M5Fbcav/d6/mjDB792IvQXP\nm9QW7vS0Gdx6x3/ZRtVBIJ43cbs5tOOJAgMBAAGjUzBRMB0GA1UdDgQWBBR9hVB2\nzDl+r5jd5o/8KkSAXCv75jAfBgNVHSMEGDAWgBR9hVB2zDl+r5jd5o/8KkSAXCv7\n5jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCiYEY1UY/jWHu+\naDeioZIlbcrkd9l17ABUoxCrksDh38Z0IGBjS5OWA7j7WhJifetmip3qX7ZXXihg\nuaDarP1UhUtEy/cZxRS6wFLe46GXkaN1t/1gkIdYEJHgEggFCWFrRYqrLqp8p8bh\nCyYAAlz5HB10W3rBlbtJF24bBSlcH2wudjGqlHpiV+uXRo5Cgal404LQzq8bxse5\nz1NvuMOyobYlFU20gyn8hAkij86ppy7X52IoMI64PzVe2JVhBbLDu2K5RGP9NGoD\n+ariLvVl2T/zIRcM4I/WszJWzsMPHrGuUYlv+nhWu6PG/APv493eBDQJKvcPhzo+\nUTzPQFOA\n-----END CERTIFICATE-----\n",
26+
encryptedMetadataKey: "NJEJqsjUI4RLy5IRVuh2oGspCcSxP93x60VcpNQM4h3yEk6krWb9E8e8070UQzOmDAl0NpK6WtUxyL47ZNwbnrHzrHwOYP0WvBTRrtOq5WpLr8tPU4Fg++5DNaA4qzG1fqKIDHaahiBJ90TvD3+whQ+TBfyToIPuz1fyWpVB5OWMWbL+TpVMm18wmyidbvC7nF0NPt0qiZE1XY8TgFBot/8XIZnV2B5fyLpwsOd+DOR3j+rrh5IRgFfwqm0981zMVM0grLE/559pkRLV7NaEKLtS5l2Oj+S0EmhqskjCamw/KSwxI0sqw6R4927J2aICeBhOHAvQyutc3Wi6/pW71w==",
27+
userId: "alice"
2828
},
29+
{
30+
certificate: "-----BEGIN CERTIFICATE-----\nMIIDkjCCAnqgAwIBAgIBADANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJERTEb\nMBkGA1UECAwSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlTdHV0dGdhcnQx\nEjAQBgNVBAoMCU5leHRjbG91ZDEOMAwGA1UEAwwFYWRtaW4wHhcNMjQxMjA5MTQw\nNTI2WhcNNDQxMjA0MTQwNTI2WjBiMQswCQYDVQQGEwJERTEbMBkGA1UECAwSQmFk\nZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlTdHV0dGdhcnQxEjAQBgNVBAoMCU5l\neHRjbG91ZDEOMAwGA1UEAwwFYWRtaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\nggEKAoIBAQCR5e87QtuM8uyh2W+PVPVklS/7xnpYH6QmkwKgK8lNHkrsGFRdaHP0\nx98FbjlVHM/wandZlqKlyspANX57tGUFoR+Ya3ymYkvyrKeFv34WsbBL/3QDS6nT\nNrl40hgsuhAJVl99JfFmJPrHwb9iU8yM89ktWsAa+xhDH9n37vmADJiBjOR7IW1b\nF0xjpwp2+9SDMkWCK5A2WMPIY45waZLJw9PsaiKikhV+n1q00PTnULKSkDuUrENy\nYdqY4MnHs/k70QkTdynyDLS2LUdmMyHEHyyMktiwaRileqrsGsQf2pErD5pKhvcf\nuIhN1g7sNDyOtPtyB1ioX5DGTg6LuhrJAgMBAAGjUzBRMB0GA1UdDgQWBBQgTmjF\nLB/B3VZ6sYYZTXFKGL245TAfBgNVHSMEGDAWgBQgTmjFLB/B3VZ6sYYZTXFKGL24\n5TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQABg8Sz2rlkG6/x\nc6GxwWr64EaqrAPfPpi6yUg1HfscokrgGjMuj/g0N6OBXNodkAxQAxOYdaI8LuAe\niqjuiJh0tn1u0yxF0cxUqk3EUZsPmF8YRN4cG55z0hTnXJ/9YxCrYQl/LRUmvP8q\nufnJX+CtRLs5oDVpmCJrEc8hA1rEDaeGYZDy+sfOqk3YjpVKR/ETI+AdQ9ubxFhj\nvUzF4gZNbCyLk1ul0QzwNW1aKV920BVMhYnMaYM9Xaume4pn6wuZoD0k7py+tKCe\nXaemHYSvFS1lY4Q8Ih2cacIan6FgxI/jkanCEOxdUcwtSOTocrn6DL2wmkcLm0Ao\nYovd2rO6\n-----END CERTIFICATE-----\n",
31+
encryptedMetadataKey: "A+qMBRv2vA936HNUFQLxK5AYA6m8ZsTWU4XrjRg4x47tqjPnRhTV58oqyHDim7ife5CT1XN8jlQEfWUNRxX4ekWxV70f2vaNbzoLMv3LSa0kyww/fagfiOh/6mDHxtp1E1IHgcO1dyb+nOPBbOgPJtkRAYSQw+aaKmld+lNIrCL9xZAZS6nIZLesLdcmRQDZ/BD84mGFY+dCk3zKKsIenKPMBoGmPrBZILLv1UEi2preXm11lvFqcjnG17T2y3wqqqrldDg9iaAUZEOFrIODZsbNjOVTPtD11A5ArbnVPxiv0zOZLDeuGseZjUykLwpTY642PDXOPe95ohBii+qBYQ==",
32+
userId: "admin"
33+
}
2934
],
30-
version: '2.0',
31-
}
35+
version: "2.0"
36+
}
37+
3238

3339
export const subfolderMetadata: Metadata = {
3440
metadata: {
35-
authenticationTag: "yOQBGLKWppAOSOcumNjxKw==",
36-
ciphertext: "NPDibGicEBOy+0iZrWU8euHD/XiSw83turQ+U934WyBq/QcMLz+iSvRYbPQMqDGRmugndMu4VWw1FbombaSPADYP5v7YXX9Dnyha6tYTTL0UM1dPsZhKeXFrCuLf7sgi9U2YjrYBrFEOtaiPsJryCllFndUND9x1aBjdXO7uN118j3LL9stPKZrXy+HkWc4sUoh3PeolZ+tBInAxufa7xQM7mer0KhBCIuwiGKeVYZGBG/AiP7yFLfdEhA7443W2ipP8Xwzhf6MsfWQDHk/v0g4UAPfdWfGYwi5cExtna+ZnFfKkq5eH10yk13YVM8ouIO5D7lqSv18xwSTA1vO8I+bKpTi7bpdLXWeoXLr87MJtQm86zmST/w00dEaBhfoBh+twTSXf5iboTl5wydcFZZGmGAExVB9sRDPpXgy9lnECVgDFHX+pYXORR3Lu/yowXAqNZ77pR2eOhUMOUtvq1S1jTi7uaEE5GhL00k6ACJ46yYkqWKzU3pnHwG+DW96MlDt28O0J3BYwtQ1JGzTypKR8f+2SFZOkMyAOh/yENgiyWdut66Khq7HdfqBEPMjkARiylqaQDkjnLpjY8Ss=|BMiGbM3RtkbqZ2iTwTlgZA==",
37-
nonce: "BMiGbM3RtkbqZ2iTwTlgZA=="
41+
authenticationTag: "5q86PhjjuWscvKj4figExw==",
42+
ciphertext: "EbQAm5B562Y1HM2kifucksL2OXN/T7IQc/pvYltGyRVZFCLqygNr1y9wpZSl0hhdIfOML/46drof4+tk0SDr6WvBtx2SAvE19sWHtO4NFhfD80e2jszAiWlR2975yeFA4xYJYmY59iL6I54xjzQmCbClk4ciOQzENnEgwWOp/ICWMgs7G8yTs6Itjtvdjx+sJXls8yIb4lJ49Xrlg/nzG3zT2ed9e2/yL4QICCpvh83miznTUKTWI1Ev/q0qy1wZT9QwIOthKn8PMBqNQMhO2SP8Y9DyrEoQKFQxgPH0MDsefcNT2fjjbP4ZjpFkjkUKj4rIu2/HkaxJbU1h5yT5sw/WvzWLUNreP6fQ6OhuBIjGCI5GnygU6/DoQhl+MRFW+tNB0SczyhWR5IQOcPZCPwW87XPXtX+tN5nNA3lJfE5hVouPh7Q1EluYIJZhuv55Z1YdWiRyY5wviFsFajGogumY7RhJR3p04GVgflcGEn5jHQ9pLuo3J+e9wh5DxTNuwhd+45yXQDkLASSUdOTMTuWkXK2k3su6nn5D3jw1QJjkRl19IFQLn7iNhHhmROavOj4Y47lrHLyo+H4oBMc=|Neov3q1Ar5jHp/0cfPwxcA==",
43+
nonce: "Neov3q1Ar5jHp/0cfPwxcA=="
3844
},
3945
version: "2.0"
4046
}
4147

4248
export const metadataInfo = {
43-
counter: 4,
49+
counter: 5,
4450
files: {
4551
ad3b12554e0d4364854ae3e21b170152: {
4652
authenticationTag: 'nJHAcpZwSS1BCIkGbmtbNg==',
@@ -53,11 +59,12 @@ export const metadataInfo = {
5359
folders: { fa666d819a6c4315abba421172f0a0b1: 'Test' },
5460
keyChecksums: [
5561
'9a60be9846978884033fcdfb978fbdd428221b20583bca6bfcb425f1b540152a',
62+
"19f63c2ace5a9e2253e5e9ca4bfc0c7f510b544724688ff6ad728a93c9e9eb57",
5663
],
5764
}
5865

5966
export const subfolderMetadataInfo: MetadataInfo = {
60-
counter: 4,
67+
counter: 5,
6168
files: {
6269
"5244e6768c70400c964d91056c750670": {
6370
authenticationTag: "swfNcKdIcM6y1AYj3LgOpg==",
@@ -226,3 +233,14 @@ export const propFindResponse = `<?xml version="1.0"?>
226233
</d:propstat>
227234
</d:response>
228235
</d:multistatus>`
236+
237+
export const serverPublicKey = `
238+
-----BEGIN PUBLIC KEY-----
239+
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuj4493+bYHI1eZ549pm1
240+
FzmowDT/pKKnn2+MbBCSNtYhmVZubL8kkZEFGB4YJ0bA4CH223t8r4qHyfQJh/lS
241+
ZkY3NDzGcsl2YqFD+v8WSoDu2T0pJP+AXos2ZQ3bwhBFAVwSDPPYmKXy0IMKrAU4
242+
TkRych5Upu9342n715DUgoAk96wUMo7ldEGI71Fb4mUNOMXSfIhdjGkULZKqQfGc
243+
ecEvVNv8vFqYIFt/phpb07Wzr51xopL7S0gQ9tQoEtU0kgYIQzoy+LsU7aH35XPJ
244+
neuDa51Wp/trnmzxGplx6NPEU/fThRHNHTPVYZnM8pImNYW89zHZH6BVAvVgXk7R
245+
jQIDAQAB
246+
-----END PUBLIC KEY-----`

__tests__/setup-testing-library.js renamed to __tests__/setup-testing-library.ts

File renamed without changes.

0 commit comments

Comments
 (0)