[github/fretlink/hmacaroons.git] / src / Crypto / Macaroon / Verifier.hs

{-# LANGUAGE FlexibleInstances    #-}
{-# LANGUAGE OverloadedStrings    #-}
{-# LANGUAGE RankNTypes           #-}
{-# LANGUAGE TypeSynonymInstances #-}
{-# LANGUAGE UndecidableInstances #-}
{-|
Module      : Crypto.Macaroon.Verifier
Copyright   : (c) 2015 Julien Tanguy
License     : BSD3

Maintainer  : julien.tanguy@jhome.fr
Stability   : experimental
Portability : portable


-}
module Crypto.Macaroon.Verifier (
    verify
  , ValidationError(ValidatorError, ParseError)
  -- , (.<), (.<=), (.==), (.>), (.>=)
  -- , module Data.Attoparsec.ByteString.Char8
) where


import           Control.Applicative
import           Control.Monad hiding (forM)
import           Control.Monad.IO.Class
import           Data.Attoparsec.ByteString
import           Data.Attoparsec.ByteString.Char8
import           Data.Bool
import           Data.Traversable
import qualified Data.ByteString                  as BS
import           Data.Either.Combinators

import           Crypto.Macaroon.Internal
import           Crypto.Macaroon.Verifier.Internal


-- (.<) :: (MonadIO m, Ord a, Parsable a) => Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
-- (.<) = verifyOpBool "Greater or equal" (<) "<"

-- (.<=) :: (MonadIO m, Ord a, Parsable a) => Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
-- (.<=) = verifyOpBool "Strictly greater" (<=) "<="

-- (.==) :: (MonadIO m, Eq a, Parsable a) => Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
-- (.==) = verifyOpBool "Not equal" (==) "="

-- (.>) :: (MonadIO m, Ord a, Parsable a) => Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
-- (.>) = verifyOpBool "Less or equal" (>) ">"

-- (.>=) :: (MonadIO m, Ord a, Parsable a) => Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
-- (.>=) = verifyOpBool "Strictly less" (>=) ">="

-- | Verify a Macaroon's signature and caveats, given the corresponding Secret
-- and verifiers.
--
-- A verifier is a function of type
-- @'MonadIO' m => 'Caveat' -> m ('Maybe' ('Either' 'ValidatorError' 'Caveat'))@.
--
-- It should return:
--
-- * 'Nothing' if the caveat is not related to the verifier
-- (for instance a time verifier is given an action caveat);
-- * 'Just' ('Left' ('ParseError' reason)) if the verifier  is related to the
-- caveat, but failed to parse it completely;
-- * 'Just' ('Left' ('ValidatorError' reason)) if the verifier is related to the
-- caveat, parsed it and invalidated it;
-- * 'Just' ('Right' '()') if the verifier has successfully verified the
-- given caveat
verify :: (Functor m, MonadIO m) => Secret -> [Caveat -> m (Maybe (Either ValidationError ()))] -> Macaroon -> m (Either ValidationError Macaroon)
verify secret verifiers m = join <$> forM (verifySig secret m) (verifyCavs verifiers)


-- verifyOpBool :: MonadIO m => String -> Parser a -> (a -> a -> Bool) -> BS.ByteString -> Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
-- verifyOpBool err p f op k val = verifyParser k valueParser $ \s -> do
--     expected <- val
--     return $ bool (Left $ ValidatorError err) (Right Win) =<< f expected <$> mapLeft ParseError (parseOnly p s)
--   where
--     valueParser = string op *> skipSpace *> takeByteString

-- verifyParser :: (MonadIO m) => Key -> Parser a -> (a -> m (Either ValidationError Win)) -> Caveat -> m (Maybe (Either ValidationError Caveat))
-- verifyParser k p f c = case parseOnly keyParser . cid $ c of
--     Left _ -> return Nothing
--     Right bs -> Just <$> case parseOnly p bs of
--       Left err -> return $ Left $ ParseError err
--       Right a -> fmap (const c) <$> f a
--   where
--     keyParser = string k *> skipSpace *> takeByteString
Commit	Line	Data
7f9f7386 JT	1	{-# LANGUAGE FlexibleInstances #-}
	2	{-# LANGUAGE OverloadedStrings #-}
	3	{-# LANGUAGE RankNTypes #-}
	4	{-# LANGUAGE TypeSynonymInstances #-}
	5	{-# LANGUAGE UndecidableInstances #-}
b92e3c15 JT	6	{-\|
	7	Module : Crypto.Macaroon.Verifier
	8	Copyright : (c) 2015 Julien Tanguy
	9	License : BSD3
	10
	11	Maintainer : julien.tanguy@jhome.fr
	12	Stability : experimental
	13	Portability : portable
	14
	15
	16
	17	-}
6f3c0dca	18	module Crypto.Macaroon.Verifier (
7f9f7386 JT	19	verify
	20	, ValidationError(ValidatorError, ParseError)
	21	-- , (.<), (.<=), (.==), (.>), (.>=)
	22	-- , module Data.Attoparsec.ByteString.Char8
6f3c0dca	23	) where
b92e3c15 JT	24
b92e3c15 JT	25
a11f20be JT	26	import Control.Applicative
a11f20be JT	27	import Control.Monad hiding (forM)
7f9f7386	28	import Control.Monad.IO.Class
c830f7c2 JT	29	import Data.Attoparsec.ByteString
c830f7c2 JT	30	import Data.Attoparsec.ByteString.Char8
b92e3c15	31	import Data.Bool
a11f20be	32	import Data.Traversable
c830f7c2	33	import qualified Data.ByteString as BS
7f9f7386	34	import Data.Either.Combinators
b92e3c15 JT	35
b92e3c15 JT	36	import Crypto.Macaroon.Internal
7f9f7386	37	import Crypto.Macaroon.Verifier.Internal
b92e3c15 JT	38
b92e3c15 JT	39
6f3c0dca	40
62576139	41
7f9f7386 JT	42	-- (.<) :: (MonadIO m, Ord a, Parsable a) => Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
	43	-- (.<) = verifyOpBool "Greater or equal" (<) "<"
	44
	45	-- (.<=) :: (MonadIO m, Ord a, Parsable a) => Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
	46	-- (.<=) = verifyOpBool "Strictly greater" (<=) "<="
	47
	48	-- (.==) :: (MonadIO m, Eq a, Parsable a) => Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
	49	-- (.==) = verifyOpBool "Not equal" (==) "="
	50
	51	-- (.>) :: (MonadIO m, Ord a, Parsable a) => Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
	52	-- (.>) = verifyOpBool "Less or equal" (>) ">"
	53
	54	-- (.>=) :: (MonadIO m, Ord a, Parsable a) => Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
	55	-- (.>=) = verifyOpBool "Strictly less" (>=) ">="
6f3c0dca	56
86f38823 JT	57	-- \| Verify a Macaroon's signature and caveats, given the corresponding Secret
	58	-- and verifiers.
	59	--
	60	-- A verifier is a function of type
	61	-- @'MonadIO' m => 'Caveat' -> m ('Maybe' ('Either' 'ValidatorError' 'Caveat'))@.
	62	--
	63	-- It should return:
	64	--
	65	-- * 'Nothing' if the caveat is not related to the verifier
	66	-- (for instance a time verifier is given an action caveat);
	67	-- * 'Just' ('Left' ('ParseError' reason)) if the verifier is related to the
	68	-- caveat, but failed to parse it completely;
	69	-- * 'Just' ('Left' ('ValidatorError' reason)) if the verifier is related to the
	70	-- caveat, parsed it and invalidated it;
	71	-- * 'Just' ('Right' '()') if the verifier has successfully verified the
	72	-- given caveat
a11f20be	73	verify :: (Functor m, MonadIO m) => Secret -> [Caveat -> m (Maybe (Either ValidationError ()))] -> Macaroon -> m (Either ValidationError Macaroon)
7f9f7386 JT	74	verify secret verifiers m = join <$> forM (verifySig secret m) (verifyCavs verifiers)
	75
	76
	77	-- verifyOpBool :: MonadIO m => String -> Parser a -> (a -> a -> Bool) -> BS.ByteString -> Key -> m a -> Caveat -> m (Maybe (Either ValidationError Caveat))
	78	-- verifyOpBool err p f op k val = verifyParser k valueParser $ \s -> do
	79	-- expected <- val
	80	-- return $ bool (Left $ ValidatorError err) (Right Win) =<< f expected <$> mapLeft ParseError (parseOnly p s)
	81	-- where
	82	-- valueParser = string op > skipSpace > takeByteString
	83
86f38823 JT	84	-- verifyParser :: (MonadIO m) => Key -> Parser a -> (a -> m (Either ValidationError Win)) -> Caveat -> m (Maybe (Either ValidationError Caveat))
	85	-- verifyParser k p f c = case parseOnly keyParser . cid $ c of
	86	-- Left _ -> return Nothing
	87	-- Right bs -> Just <$> case parseOnly p bs of
	88	-- Left err -> return $ Left $ ParseError err
	89	-- Right a -> fmap (const c) <$> f a
	90	-- where
	91	-- keyParser = string k > skipSpace > takeByteString
7f9f7386	92