diff options
author | Julien Tanguy <julien.tanguy@jhome.fr> | 2015-05-14 19:00:50 +0200 |
---|---|---|
committer | Julien Tanguy <julien.tanguy@jhome.fr> | 2015-05-14 19:00:50 +0200 |
commit | b92e3c159fad49b86fe4bd115f487057c04e3c18 (patch) | |
tree | f8a01bd7345d09b01fa6282adb310ffdfa9b1882 | |
parent | e0ceb8d38cf44ea2a9e0d6564fe64a25fd3039b4 (diff) | |
download | hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.tar.gz hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.tar.zst hmacaroons-b92e3c159fad49b86fe4bd115f487057c04e3c18.zip |
Basic verification of macaroons
- Only signatures are checked
-rw-r--r-- | hmacaroons.cabal | 3 | ||||
-rw-r--r-- | src/Crypto/Macaroon/Verifier.hs | 34 | ||||
-rw-r--r-- | test/Crypto/Macaroon/Verifier/Tests.hs | 59 | ||||
-rw-r--r-- | test/main.hs | 2 |
4 files changed, 97 insertions, 1 deletions
diff --git a/hmacaroons.cabal b/hmacaroons.cabal index e80cfa4..48e2cfe 100644 --- a/hmacaroons.cabal +++ b/hmacaroons.cabal | |||
@@ -53,9 +53,10 @@ source-repository head | |||
53 | location: https://github.com/jtanguy/hmacaroons | 53 | location: https://github.com/jtanguy/hmacaroons |
54 | 54 | ||
55 | library | 55 | library |
56 | exposed-modules: Crypto.Macaroon, | 56 | exposed-modules: Crypto.Macaroon |
57 | Crypto.Macaroon.Binder | 57 | Crypto.Macaroon.Binder |
58 | Crypto.Macaroon.Serializer.Base64 | 58 | Crypto.Macaroon.Serializer.Base64 |
59 | Crypto.Macaroon.Verifier | ||
59 | other-modules: Crypto.Macaroon.Internal | 60 | other-modules: Crypto.Macaroon.Internal |
60 | build-depends: base >=4 && < 5, | 61 | build-depends: base >=4 && < 5, |
61 | attoparsec >=0.12, | 62 | attoparsec >=0.12, |
diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs new file mode 100644 index 0000000..0d1636c --- /dev/null +++ b/src/Crypto/Macaroon/Verifier.hs | |||
@@ -0,0 +1,34 @@ | |||
1 | {-# LANGUAGE OverloadedStrings #-} | ||
2 | {-| | ||
3 | Module : Crypto.Macaroon.Verifier | ||
4 | Copyright : (c) 2015 Julien Tanguy | ||
5 | License : BSD3 | ||
6 | |||
7 | Maintainer : julien.tanguy@jhome.fr | ||
8 | Stability : experimental | ||
9 | Portability : portable | ||
10 | |||
11 | |||
12 | |||
13 | -} | ||
14 | module Crypto.Macaroon.Verifier where | ||
15 | |||
16 | |||
17 | import Crypto.Hash | ||
18 | import Data.Bool | ||
19 | import qualified Data.ByteString as BS | ||
20 | import Data.Byteable | ||
21 | import Data.Foldable | ||
22 | |||
23 | import Crypto.Macaroon.Internal | ||
24 | |||
25 | |||
26 | -- | Opaque datatype for now. Might need more explicit errors | ||
27 | data Result = Success | Failure deriving (Show,Eq) | ||
28 | |||
29 | verifySig :: Key -> Macaroon -> Result | ||
30 | verifySig k m = bool Failure Success $ | ||
31 | signature m == foldl' hash (toBytes (hmac derivedKey (identifier m) :: HMAC SHA256)) (caveats m) | ||
32 | where | ||
33 | hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256) | ||
34 | derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256) | ||
diff --git a/test/Crypto/Macaroon/Verifier/Tests.hs b/test/Crypto/Macaroon/Verifier/Tests.hs new file mode 100644 index 0000000..92a8a21 --- /dev/null +++ b/test/Crypto/Macaroon/Verifier/Tests.hs | |||
@@ -0,0 +1,59 @@ | |||
1 | {-# LANGUAGE OverloadedStrings #-} | ||
2 | {-| | ||
3 | Copyright : (c) 2015 Julien Tanguy | ||
4 | License : BSD3 | ||
5 | |||
6 | Maintainer : julien.tanguy@jhome.fr | ||
7 | |||
8 | |||
9 | This test suite is based on the pymacaroons test suite: | ||
10 | <https://github.com/ecordell/pymacaroons> | ||
11 | -} | ||
12 | module Crypto.Macaroon.Verifier.Tests where | ||
13 | |||
14 | |||
15 | import qualified Data.ByteString.Char8 as B8 | ||
16 | import Test.Tasty | ||
17 | import Test.Tasty.HUnit | ||
18 | |||
19 | import Crypto.Macaroon | ||
20 | import Crypto.Macaroon.Verifier | ||
21 | |||
22 | import Crypto.Macaroon.Instances | ||
23 | |||
24 | tests :: TestTree | ||
25 | tests = testGroup "Crypto.Macaroon.Verifier" [ sigs | ||
26 | ] | ||
27 | |||
28 | sec = B8.pack "this is our super secret key; only we should know it" | ||
29 | |||
30 | m :: Macaroon | ||
31 | m = create sec key loc | ||
32 | where | ||
33 | key = B8.pack "we used our sec key" | ||
34 | loc = B8.pack "http://mybank/" | ||
35 | |||
36 | m2 :: Macaroon | ||
37 | m2 = addFirstPartyCaveat "test = caveat" m | ||
38 | |||
39 | m3 :: Macaroon | ||
40 | m3 = addFirstPartyCaveat "test = acaveat" m | ||
41 | |||
42 | sigs = testGroup "Signatures" [ basic | ||
43 | , minted | ||
44 | ] | ||
45 | |||
46 | basic = testCase "Basic Macaroon Signature" $ | ||
47 | Success @=? verifySig sec m | ||
48 | |||
49 | |||
50 | minted :: TestTree | ||
51 | minted = testGroup "Macaroon with first party caveats" [ one | ||
52 | , two | ||
53 | ] | ||
54 | one = testCase "One caveat" $ | ||
55 | Success @=? verifySig sec m2 | ||
56 | |||
57 | two = testCase "Two caveats" $ | ||
58 | Success @=? verifySig sec m3 | ||
59 | |||
diff --git a/test/main.hs b/test/main.hs index 48519b9..3edbe54 100644 --- a/test/main.hs +++ b/test/main.hs | |||
@@ -6,6 +6,7 @@ import Test.Tasty.HUnit | |||
6 | import qualified Sanity | 6 | import qualified Sanity |
7 | import qualified Crypto.Macaroon.Tests | 7 | import qualified Crypto.Macaroon.Tests |
8 | import qualified Crypto.Macaroon.Serializer.Base64.Tests | 8 | import qualified Crypto.Macaroon.Serializer.Base64.Tests |
9 | import qualified Crypto.Macaroon.Verifier.Tests | ||
9 | 10 | ||
10 | main = defaultMain tests | 11 | main = defaultMain tests |
11 | 12 | ||
@@ -13,5 +14,6 @@ tests :: TestTree | |||
13 | tests = testGroup "Tests" [ Sanity.tests | 14 | tests = testGroup "Tests" [ Sanity.tests |
14 | , Crypto.Macaroon.Tests.tests | 15 | , Crypto.Macaroon.Tests.tests |
15 | , Crypto.Macaroon.Serializer.Base64.Tests.tests | 16 | , Crypto.Macaroon.Serializer.Base64.Tests.tests |
17 | , Crypto.Macaroon.Verifier.Tests.tests | ||
16 | ] | 18 | ] |
17 | 19 | ||