aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Crypto
diff options
context:
space:
mode:
authorJulien Tanguy <julien.tanguy@jhome.fr>2015-05-16 02:12:14 +0200
committerJulien Tanguy <julien.tanguy@jhome.fr>2015-05-16 02:12:14 +0200
commit90695615c54b5939d7286e777cb1b19a221616b9 (patch)
tree0994f0d528149264fce9c8caa183fea4c6b653c0 /src/Crypto
parent857f2f3ba8ba2de9ab65ea3c66eafb718fe4e1a6 (diff)
downloadhmacaroons-90695615c54b5939d7286e777cb1b19a221616b9.tar.gz
hmacaroons-90695615c54b5939d7286e777cb1b19a221616b9.tar.zst
hmacaroons-90695615c54b5939d7286e777cb1b19a221616b9.zip
Fix caveat verification
QuickCheck properties > HUnit tests
Diffstat (limited to 'src/Crypto')
-rw-r--r--src/Crypto/Macaroon/Verifier.hs19
1 files changed, 16 insertions, 3 deletions
diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs
index 012d156..4eedff5 100644
--- a/src/Crypto/Macaroon/Verifier.hs
+++ b/src/Crypto/Macaroon/Verifier.hs
@@ -14,6 +14,8 @@ Portability : portable
14-} 14-}
15module Crypto.Macaroon.Verifier ( 15module Crypto.Macaroon.Verifier (
16 Verified(..) 16 Verified(..)
17 , CaveatVerifier(..)
18 , (<???>)
17 , verifySig 19 , verifySig
18 , verifyExact 20 , verifyExact
19 , verifyFun 21 , verifyFun
@@ -28,7 +30,9 @@ import Data.Bool
28import qualified Data.ByteString as BS 30import qualified Data.ByteString as BS
29import Data.Byteable 31import Data.Byteable
30import Data.Foldable 32import Data.Foldable
33import Data.Function
31import Data.Maybe 34import Data.Maybe
35import Data.Traversable
32import Data.Attoparsec.ByteString 36import Data.Attoparsec.ByteString
33import Data.Attoparsec.ByteString.Char8 37import Data.Attoparsec.ByteString.Char8
34 38
@@ -44,7 +48,16 @@ instance Monoid Verified where
44 mappend _ _ = Failed 48 mappend _ _ = Failed
45 49
46 50
47type CaveatVerifier = Caveat -> Maybe Verified 51data CaveatVerifier = CV { vFun :: Caveat -> Maybe Verified , helpText :: String}
52
53instance Eq CaveatVerifier where
54 (==) = (==) `on` helpText
55
56instance Show CaveatVerifier where
57 show = helpText
58
59(<???>) :: (Caveat -> Maybe Verified) -> String -> CaveatVerifier
60f <???> t = CV f t
48 61
49verifySig :: Key -> Macaroon -> Verified 62verifySig :: Key -> Macaroon -> Verified
50verifySig k m = bool Failed Ok $ 63verifySig k m = bool Failed Ok $
@@ -53,8 +66,8 @@ verifySig k m = bool Failed Ok $
53 hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256) 66 hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256)
54 derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256) 67 derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256)
55 68
56verifyCavs :: [Caveat -> Maybe Verified] -> Macaroon -> Verified 69verifyCavs :: [CaveatVerifier] -> Macaroon -> Verified
57verifyCavs verifiers m = mconcat $ map (\c -> mconcat . catMaybes $ map ($ c) verifiers) (caveats m) 70verifyCavs verifiers m = foldMap (\c -> fromMaybe Failed $ foldMap (($ c) . vFun) verifiers) (caveats m)
58 71
59verifyExact :: (Eq a) => Key -> a -> Parser a -> Caveat -> Maybe Verified 72verifyExact :: (Eq a) => Key -> a -> Parser a -> Caveat -> Maybe Verified
60verifyExact k expected = verifyFun k (expected ==) 73verifyExact k expected = verifyFun k (expected ==)