fix: move to js tests

2025-11-18 02:31:28 +10:00 · 2025-03-27 11:51:19 +11:00
parent b782beb0ea
commit 1b35477b5c
4 changed files with 8 additions and 176 deletions
--- a/test/trust.spec.mjs
+++ b/test/trust.spec.mjs
@ -0,0 +1,122 @@
+import test from "ava";
+
+import {
+  generateRootCa,
+  generateClientCertificate,
+  verifyClientCertificate,
+  signNonce,
+  verifyNonce,
+} from "../index.js";
+import { randomUUID, sign } from "crypto";
+
+test("generate ca", (t) => {
+  const [pub, priv] = generateRootCa();
+  t.pass();
+});
+
+test("generate ca & client certs", (t) => {
+  const [pub, priv] = generateRootCa();
+
+  const clientName = "My Test Client";
+  const [clientPub, clientPriv] = generateClientCertificate(
+    clientName,
+    clientName,
+    pub,
+    priv
+  );
+
+  t.pass();
+});
+
+test("trust chain", (t) => {
+  const [pub, priv] = generateRootCa();
+
+  const clientName = "My Test Client";
+  const [clientPub, clientPriv] = generateClientCertificate(
+    clientName,
+    clientName,
+    pub,
+    priv
+  );
+
+  const [invalidPub, invalidPriv] = generateRootCa();
+
+  const valid = verifyClientCertificate(clientPub, pub);
+  if (valid) return t.pass();
+
+  const invalid = verifyClientCertificate(invalidPub, pub);
+  if (!invalid) return t.pass();
+
+  return t.fail();
+});
+
+test("trust chain fails", (t) => {
+  const [rootPub, rootPriv] = generateRootCa();
+
+  const [clientPub, _priv] = generateClientCertificate(
+    "",
+    "",
+    rootPub,
+    rootPriv
+  );
+
+  const [otherRootPub, otherRootPriv] = generateRootCa();
+
+  const valid = verifyClientCertificate(clientPub, otherRootPub);
+  if (!valid) return t.pass();
+
+  t.fail("client certificate verifies non-related certificate");
+});
+
+test("nonce signing", (t) => {
+  const [pub, priv] = generateRootCa();
+  const [clientPub, clientPriv] = generateClientCertificate(
+    "test",
+    "test",
+    pub,
+    priv
+  );
+
+  const nonce = randomUUID();
+  const signature = signNonce(clientPriv, nonce);
+
+  return t.pass();
+});
+
+test("nonce signing, and verification", (t) => {
+  const [pub, priv] = generateRootCa();
+  const [clientPub, clientPriv] = generateClientCertificate(
+    "test",
+    "test",
+    pub,
+    priv
+  );
+
+  const nonce = randomUUID();
+
+  const signature = signNonce(clientPriv, nonce);
+  const valid = verifyNonce(clientPub, nonce, signature);
+
+  if (!valid) return t.fail("nonce does not verify correctly");
+
+  return t.pass();
+});
+
+test("nonce signing, fails verification", (t) => {
+  const [rootPub, rootPriv] = generateRootCa();
+  const [clientPub, clientPriv] = generateClientCertificate(
+    "test",
+    "test",
+    rootPub,
+    rootPriv
+  );
+  const [otherClientPub, otherClientPriv] = generateClientCertificate("test2", "test2", rootPub, rootPriv);
+
+  const nonce = randomUUID();
+  const signature = signNonce(clientPriv, nonce);
+  const valid = verifyNonce(otherClientPub, nonce, signature);
+
+  if(valid) return t.fail("succesfully verified an invalid nonce");
+
+  t.pass();
+});