diff options
author | Julien Tanguy <julien.tanguy@jhome.fr> | 2015-05-16 02:12:14 +0200 |
---|---|---|
committer | Julien Tanguy <julien.tanguy@jhome.fr> | 2015-05-16 02:12:14 +0200 |
commit | 90695615c54b5939d7286e777cb1b19a221616b9 (patch) | |
tree | 0994f0d528149264fce9c8caa183fea4c6b653c0 /src/Crypto | |
parent | 857f2f3ba8ba2de9ab65ea3c66eafb718fe4e1a6 (diff) | |
download | hmacaroons-90695615c54b5939d7286e777cb1b19a221616b9.tar.gz hmacaroons-90695615c54b5939d7286e777cb1b19a221616b9.tar.zst hmacaroons-90695615c54b5939d7286e777cb1b19a221616b9.zip |
Fix caveat verification
QuickCheck properties > HUnit tests
Diffstat (limited to 'src/Crypto')
-rw-r--r-- | src/Crypto/Macaroon/Verifier.hs | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs index 012d156..4eedff5 100644 --- a/src/Crypto/Macaroon/Verifier.hs +++ b/src/Crypto/Macaroon/Verifier.hs | |||
@@ -14,6 +14,8 @@ Portability : portable | |||
14 | -} | 14 | -} |
15 | module Crypto.Macaroon.Verifier ( | 15 | module Crypto.Macaroon.Verifier ( |
16 | Verified(..) | 16 | Verified(..) |
17 | , CaveatVerifier(..) | ||
18 | , (<???>) | ||
17 | , verifySig | 19 | , verifySig |
18 | , verifyExact | 20 | , verifyExact |
19 | , verifyFun | 21 | , verifyFun |
@@ -28,7 +30,9 @@ import Data.Bool | |||
28 | import qualified Data.ByteString as BS | 30 | import qualified Data.ByteString as BS |
29 | import Data.Byteable | 31 | import Data.Byteable |
30 | import Data.Foldable | 32 | import Data.Foldable |
33 | import Data.Function | ||
31 | import Data.Maybe | 34 | import Data.Maybe |
35 | import Data.Traversable | ||
32 | import Data.Attoparsec.ByteString | 36 | import Data.Attoparsec.ByteString |
33 | import Data.Attoparsec.ByteString.Char8 | 37 | import Data.Attoparsec.ByteString.Char8 |
34 | 38 | ||
@@ -44,7 +48,16 @@ instance Monoid Verified where | |||
44 | mappend _ _ = Failed | 48 | mappend _ _ = Failed |
45 | 49 | ||
46 | 50 | ||
47 | type CaveatVerifier = Caveat -> Maybe Verified | 51 | data CaveatVerifier = CV { vFun :: Caveat -> Maybe Verified , helpText :: String} |
52 | |||
53 | instance Eq CaveatVerifier where | ||
54 | (==) = (==) `on` helpText | ||
55 | |||
56 | instance Show CaveatVerifier where | ||
57 | show = helpText | ||
58 | |||
59 | (<???>) :: (Caveat -> Maybe Verified) -> String -> CaveatVerifier | ||
60 | f <???> t = CV f t | ||
48 | 61 | ||
49 | verifySig :: Key -> Macaroon -> Verified | 62 | verifySig :: Key -> Macaroon -> Verified |
50 | verifySig k m = bool Failed Ok $ | 63 | verifySig k m = bool Failed Ok $ |
@@ -53,8 +66,8 @@ verifySig k m = bool Failed Ok $ | |||
53 | hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256) | 66 | hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256) |
54 | derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256) | 67 | derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256) |
55 | 68 | ||
56 | verifyCavs :: [Caveat -> Maybe Verified] -> Macaroon -> Verified | 69 | verifyCavs :: [CaveatVerifier] -> Macaroon -> Verified |
57 | verifyCavs verifiers m = mconcat $ map (\c -> mconcat . catMaybes $ map ($ c) verifiers) (caveats m) | 70 | verifyCavs verifiers m = foldMap (\c -> fromMaybe Failed $ foldMap (($ c) . vFun) verifiers) (caveats m) |
58 | 71 | ||
59 | verifyExact :: (Eq a) => Key -> a -> Parser a -> Caveat -> Maybe Verified | 72 | verifyExact :: (Eq a) => Key -> a -> Parser a -> Caveat -> Maybe Verified |
60 | verifyExact k expected = verifyFun k (expected ==) | 73 | verifyExact k expected = verifyFun k (expected ==) |