1 {-# LANGUAGE OverloadedStrings #-}
3 Module : Crypto.Macaroon
4 Copyright : (c) 2015 Julien Tanguy
7 Maintainer : julien.tanguy@jhome.fr
8 Stability : experimental
11 Pure haskell implementations of macaroons.
13 Warning: this implementation has not been audited by security experts.
14 Do not use in production
19 - Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud <http://research.google.com/pubs/pub41892.html>
20 - Time for better security in NoSQL <http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex>
22 module Crypto.Macaroon (
30 -- * Accessing functions
45 -- , addThirdPartyCaveat
47 , module Crypto.Macaroon.Serializer.Base64
49 , module Crypto.Macaroon.Verifier
52 -- import Crypto.Cipher.AES
55 import qualified Data.ByteString as BS
57 import Crypto.Macaroon.Internal
58 import Crypto.Macaroon.Serializer.Base64
59 import Crypto.Macaroon.Verifier
61 -- | Create a Macaroon from its key, identifier and location
62 create :: Secret -> Key -> Location -> Macaroon
63 create secret ident loc = MkMacaroon loc ident [] (toBytes (hmac derivedKey ident :: HMAC SHA256))
65 derivedKey = toBytes (hmac "macaroons-key-generator" secret :: HMAC SHA256)
67 -- | Inspect a macaroon's contents. For debugging purposes.
68 inspect :: Macaroon -> String
71 -- | Add a first party Caveat to a Macaroon, with its identifier
72 addFirstPartyCaveat :: Key -> Macaroon -> Macaroon
73 addFirstPartyCaveat ident m = addCaveat (location m) ident BS.empty m
75 -- |Add a third party Caveat to a Macaroon, using its location, identifier and
77 -- addThirdPartyCaveat :: Key
82 -- addThirdPartyCaveat key cid loc m = addCaveat loc cid vid m
84 -- vid = encryptECB (initAES (signature m)) key