1 {-# LANGUAGE OverloadedStrings #-}
2 {-# LANGUAGE RankNTypes #-}
4 Module : Crypto.Macaroon.Verifier
5 Copyright : (c) 2015 Julien Tanguy
8 Maintainer : julien.tanguy@jhome.fr
9 Stability : experimental
10 Portability : portable
15 module Crypto.Macaroon.Verifier (
21 -- , module Data.Attoparsec.ByteString
22 , module Data.Attoparsec.ByteString.Char8
28 import qualified Data.ByteString as BS
32 import Data.Attoparsec.ByteString
33 import Data.Attoparsec.ByteString.Char8
35 import Crypto.Macaroon.Internal
38 -- | Opaque datatype for now. Might need more explicit errors
39 data Verified = Ok | Failed deriving (Show,Eq)
41 instance Monoid Verified where
47 type CaveatVerifier = Caveat -> Maybe Verified
49 verifySig :: Key -> Macaroon -> Verified
50 verifySig k m = bool Failed Ok $
51 signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m)
53 hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256)
54 derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256)
56 verifyCavs :: [Caveat -> Maybe Verified] -> Macaroon -> Verified
57 verifyCavs verifiers m = mconcat $ map (\c -> mconcat . catMaybes $ map ($ c) verifiers) (caveats m)
59 verifyExact :: (Eq a) => Key -> a -> Parser a -> Caveat -> Maybe Verified
60 verifyExact k expected = verifyFun k (expected ==)
62 verifyFun :: Key -> (a -> Bool) -> Parser a -> Caveat -> Maybe Verified
63 verifyFun key f parser cav = if key `BS.isPrefixOf` cid cav then
64 case parseOnly kvparser (cid cav) of
65 Right v -> (bool Failed Ok . f) <$> Just v