mattermostest/src/main/certificateStore.test.js

// Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
'use strict';

import fs from 'fs';

import {validateCertificateStore} from 'common/Validator';

import {CertificateStore} from './certificateStore';

jest.mock('path', () => ({
    resolve: jest.fn(),
}));

jest.mock('electron', () => ({
    app: {
        getPath: jest.fn(),
    },
    ipcMain: {
        on: jest.fn(),
    },
}));

jest.mock('common/Validator', () => ({
    validateCertificateStore: jest.fn(),
}));

jest.mock('fs', () => ({
    existsSync: jest.fn(),
    readFileSync: jest.fn(),
}));

const certificateData = {
    'https://server-1.com': {
        data: 'someRandomData',
        issuerName: 'someIssuer',
        dontTrust: false,
    },
    'https://server-2.com': {
        data: 'someRandomData',
        issuerName: 'someIssuer',
        dontTrust: true,
    },
};

describe('main/certificateStore', () => {
    it('should fail gracefully when loaded data is malformed', () => {
        validateCertificateStore.mockImplementation(() => null);

        let certificateStore;
        expect(() => {
            certificateStore = new CertificateStore('someFilename');
        }).not.toThrow(Error);
        expect(certificateStore.data).toStrictEqual({});
    });

    describe('isTrusted', () => {
        let certificateStore;
        beforeAll(() => {
            validateCertificateStore.mockImplementation((data) => JSON.parse(data));
            fs.readFileSync.mockImplementation(() => JSON.stringify(certificateData));
            certificateStore = new CertificateStore('someFilename');
        });

        it('should return true for stored matching certificate', () => {
            certificateStore = new CertificateStore('someFilename');

            expect(certificateStore.isTrusted(new URL('https://server-1.com'), {
                data: 'someRandomData',
                issuerName: 'someIssuer',
            })).toBe(true);
        });

        it('should return false for missing url', () => {
            expect(certificateStore.isTrusted(new URL('https://server-3.com'), {
                data: 'someRandomData',
                issuerName: 'someIssuer',
            })).toBe(false);
        });

        it('should return false for unmatched cert', () => {
            expect(certificateStore.isTrusted(new URL('https://server-1.com'), {
                data: 'someOtherRandomData',
                issuerName: 'someIssuer',
            })).toBe(false);

            expect(certificateStore.isTrusted(new URL('https://server-1.com'), {
                data: 'someRandomData',
                issuerName: 'someOtherIssuer',
            })).toBe(false);
        });

        it('should add certificate for websocket too', () => {
            const certOrigin = 'https://server-websocket.com';
            const wssCertOrigin = certOrigin.replace('https', 'wss');
            const certData = {
                data: 'someRandomData',
                issuerName: 'someIssuer',
            };

            certificateStore = new CertificateStore('someFilename');
            certificateStore.add(new URL(certOrigin), certData);
            expect(certificateStore.isTrusted(new URL(wssCertOrigin), certData)).toBe(true);
        });
    });

    describe('isExplicitlyUntrusted', () => {
        let certificateStore;
        beforeAll(() => {
            validateCertificateStore.mockImplementation((data) => JSON.parse(data));
            fs.readFileSync.mockImplementation(() => JSON.stringify(certificateData));
            certificateStore = new CertificateStore('someFilename');
        });

        it('should return true for explicitly untrusted cert', () => {
            expect(certificateStore.isExplicitlyUntrusted(new URL('https://server-2.com'), {
                data: 'someRandomData',
                issuerName: 'someIssuer',
            })).toBe(true);
        });

        it('should return false for trusted cert', () => {
            expect(certificateStore.isExplicitlyUntrusted(new URL('https://server-1.com'), {
                data: 'someRandomData',
                issuerName: 'someIssuer',
            })).toBe(false);
        });
    });
});