From: Julien Tanguy Date: Sat, 16 May 2015 10:51:22 +0000 (+0200) Subject: Add Sig/cav verifier X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=62576139b8dbf2cd0d3c04e927b9df2d0805a199;p=github%2Ffretlink%2Fhmacaroons.git Add Sig/cav verifier [ci skip] --- diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs index 4eedff5..02cb448 100644 --- a/src/Crypto/Macaroon/Verifier.hs +++ b/src/Crypto/Macaroon/Verifier.hs @@ -14,14 +14,14 @@ Portability : portable -} module Crypto.Macaroon.Verifier ( Verified(..) - , CaveatVerifier(..) + , CaveatVerifier , () + , verifyMacaroon , verifySig , verifyExact , verifyFun - , verifyCavs - -- , module Data.Attoparsec.ByteString , module Data.Attoparsec.ByteString.Char8 + , verifyCavs ) where @@ -66,6 +66,10 @@ verifySig k m = bool Failed Ok $ hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256) derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256) +verifyMacaroon :: Key -> [CaveatVerifier] -> Macaroon -> Verified +verifyMacaroon secret verifiers m = verifySig secret m `mappend` verifyCavs verifiers m + + verifyCavs :: [CaveatVerifier] -> Macaroon -> Verified verifyCavs verifiers m = foldMap (\c -> fromMaybe Failed $ foldMap (($ c) . vFun) verifiers) (caveats m) diff --git a/test/Crypto/Macaroon/Verifier/Tests.hs b/test/Crypto/Macaroon/Verifier/Tests.hs index 5f09bca..101fa26 100644 --- a/test/Crypto/Macaroon/Verifier/Tests.hs +++ b/test/Crypto/Macaroon/Verifier/Tests.hs @@ -61,7 +61,7 @@ allvs = [exTC, exTZ, exV42, exV43, funTCPre, funTV43lte] sigs = testProperty "Signatures" $ \sm -> verifySig (secret sm) (macaroon sm) == Ok firstParty = testGroup "First party caveats" [ - testGroup "Pure verifiers" [ + testGroup "Pure verifiers" [ testProperty "Zero caveat" $ forAll (sublistOf allvs) (\vs -> Ok == verifyCavs vs m) , testProperty "One caveat" $ @@ -77,4 +77,20 @@ firstParty = testGroup "First party caveats" [ , Failed === verifyCavs vs m3 ]) ] + , testGroup "Pure verifiers with sig" [ + testProperty "Zero caveat" $ + forAll (sublistOf allvs) (\vs -> Ok == verifyMacaroon sec vs m) + , testProperty "One caveat" $ + forAll (sublistOf allvs) (\vs -> disjoin [ + Ok == verifyMacaroon sec vs m2 .&&. any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs) + , Failed === verifyMacaroon sec vs m2 + ]) + , testProperty "Two Exact" $ + forAll (sublistOf allvs) (\vs -> disjoin [ + Ok == verifyMacaroon sec vs m3 .&&. + any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs) .&&. + any (`elem` vs) [exV42,funTV43lte] .&&. (exV43 `notElem` vs) + , Failed === verifyMacaroon sec vs m3 + ]) + ] ]