Mock global.Date instead of refactoring

author: Matthew Miller <matthew@millerti.me> 2022-01-29 13:12:04 -0800
committer: Matthew Miller <matthew@millerti.me> 2022-01-29 13:12:04 -0800
commit: 3441a2d49a67b06fec56220b47a9ed538078ce45 (patch)
tree: e9b2987897ca9b61fce04eba925aec7ca4e40fd4 /packages/server/src
parent: 2348fb1b0a28f51c4d2e86deba506aa800d0cd90 (diff)
4 files changed, 17 insertions, 16 deletions
diff --git a/packages/server/src/helpers/__mocks__/validateCertificateValidityWindow.ts b/packages/server/src/helpers/__mocks__/validateCertificateValidityWindow.ts
deleted file mode 100644
index 64b7ae4..0000000
--- a/packages/server/src/helpers/__mocks__/validateCertificateValidityWindow.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-export function validateCertificateValidityWindow(): boolean {
-  return true;
-}
diff --git a/packages/server/src/helpers/validateCertificatePath.ts b/packages/server/src/helpers/validateCertificatePath.ts
index 32c1c6b..8cacb0b 100644
--- a/packages/server/src/helpers/validateCertificatePath.ts
+++ b/packages/server/src/helpers/validateCertificatePath.ts
@@ -4,7 +4,6 @@
 import { KJUR, X509, ASN1HEX, zulutodate } from 'jsrsasign';
 
 import isCertRevoked from './isCertRevoked';
-import { validateCertificateValidityWindow } from './validateCertificateValidityWindow';
 
 const { crypto } = KJUR;
 
@@ -81,7 +80,8 @@ async function _validatePath(certificates: string[]): Promise<boolean> {
     const notBefore = zulutodate(issuerCert.getNotBefore());
     const notAfter = zulutodate(issuerCert.getNotAfter());
 
-    if (!validateCertificateValidityWindow(notBefore, notAfter)) {
+    const now = new Date(Date.now());
+    if (notBefore > now || notAfter < now) {
       throw new Error('Intermediate certificate is not yet valid or expired');
     }
 
diff --git a/packages/server/src/helpers/validateCertificateValidityWindow.ts b/packages/server/src/helpers/validateCertificateValidityWindow.ts
deleted file mode 100644
index e1a0926..0000000
--- a/packages/server/src/helpers/validateCertificateValidityWindow.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-/**
- * Make sure "now" is within a specific time frame
- */
-export function validateCertificateValidityWindow(notBefore: Date, notAfter: Date): boolean {
-  const now = new Date();
-  return notBefore < now && now < notAfter;
-}
diff --git a/packages/server/src/registration/verifications/verifyAndroidSafetyNet.test.ts b/packages/server/src/registration/verifications/verifyAndroidSafetyNet.test.ts
index 5792886..3cbe9f5 100644
--- a/packages/server/src/registration/verifications/verifyAndroidSafetyNet.test.ts
+++ b/packages/server/src/registration/verifications/verifyAndroidSafetyNet.test.ts
@@ -1,7 +1,3 @@
-// Mock the notBefore and notAfter time window check to always return true due to expiring
-// SafetyNet intermediate certs
-jest.mock('../../helpers/validateCertificateValidityWindow');
-
 import base64url from 'base64url';
 
 import verifyAndroidSafetyNet from './verifyAndroidSafetyNet';
@@ -24,6 +20,7 @@ let aaguid: Buffer;
 let credentialID: Buffer;
 let credentialPublicKey: Buffer;
 let rpIdHash: Buffer;
+let spyDate: jest.SpyInstance;
 
 beforeEach(() => {
   const { attestationObject, clientDataJSON } = attestationAndroidSafetyNet.response;
@@ -37,6 +34,12 @@ beforeEach(() => {
   aaguid = parsedAuthData.aaguid!;
   credentialID = parsedAuthData.credentialID!;
   credentialPublicKey = parsedAuthData.credentialPublicKey!;
+
+  spyDate = jest.spyOn(global.Date, 'now');
+});
+
+afterEach(() => {
+  spyDate.mockRestore();
 });
 
 /**
@@ -44,6 +47,10 @@ beforeEach(() => {
  * signature after modifying the payload with a `timestampMs` we can dynamically set
  */
 test('should verify Android SafetyNet attestation', async () => {
+  // notBefore: 2017-06-15T00:00:42.000Z
+  // notAfter: 2021-12-15T00:00:42.000Z
+  spyDate.mockReturnValue(new Date('2021-11-15T00:00:42.000Z'));
+
   const verified = await verifyAndroidSafetyNet({
     attStmt,
     authData,
@@ -75,6 +82,10 @@ test('should throw error when timestamp is not within one minute of now', async
 });
 
 test('should validate response with cert path completed with GlobalSign R1 root cert', async () => {
+  // notBefore: 2006-12-15T08:00:00.000Z
+  // notAfter: 2021-12-15T08:00:00.000Z
+  spyDate.mockReturnValue(new Date('2021-11-15T00:00:42.000Z'));
+
   const { attestationObject, clientDataJSON } = safetyNetUsingGSR1RootCert.response;
   const decodedAttestationObject = decodeAttestationObject(base64url.toBuffer(attestationObject));
author	Matthew Miller <matthew@millerti.me>	2022-01-29 13:12:04 -0800
committer	Matthew Miller <matthew@millerti.me>	2022-01-29 13:12:04 -0800
commit	3441a2d49a67b06fec56220b47a9ed538078ce45 (patch)
tree	e9b2987897ca9b61fce04eba925aec7ca4e40fd4 /packages/server/src
parent	2348fb1b0a28f51c4d2e86deba506aa800d0cd90 (diff)