diff options
author | Julien Tanguy <julien.tanguy@jhome.fr> | 2015-06-17 17:17:36 +0200 |
---|---|---|
committer | Julien Tanguy <julien.tanguy@jhome.fr> | 2015-06-17 17:17:36 +0200 |
commit | dfcc13bda0f07f012e385d39ea86d7c6e9f9e05f (patch) | |
tree | 3bf3c0104c4051aa94b8cce5b667b0b19a6c6d5b /test | |
parent | 8fad4fa9d1b592ece4806dcd9abb6c011d3948bf (diff) | |
parent | 62576139b8dbf2cd0d3c04e927b9df2d0805a199 (diff) | |
download | hmacaroons-dfcc13bda0f07f012e385d39ea86d7c6e9f9e05f.tar.gz hmacaroons-dfcc13bda0f07f012e385d39ea86d7c6e9f9e05f.tar.zst hmacaroons-dfcc13bda0f07f012e385d39ea86d7c6e9f9e05f.zip |
Add basic macaroon verification
Diffstat (limited to 'test')
-rw-r--r-- | test/Crypto/Macaroon/Instances.hs | 21 | ||||
-rw-r--r-- | test/Crypto/Macaroon/Serializer/Base64/Tests.hs | 2 | ||||
-rw-r--r-- | test/Crypto/Macaroon/Verifier/Tests.hs | 79 |
3 files changed, 79 insertions, 23 deletions
diff --git a/test/Crypto/Macaroon/Instances.hs b/test/Crypto/Macaroon/Instances.hs index 4e2f39f..c82bbd3 100644 --- a/test/Crypto/Macaroon/Instances.hs +++ b/test/Crypto/Macaroon/Instances.hs | |||
@@ -26,9 +26,16 @@ import Crypto.Macaroon | |||
26 | 26 | ||
27 | -- | Adjust the size parameter, by transforming it with the given | 27 | -- | Adjust the size parameter, by transforming it with the given |
28 | -- function. | 28 | -- function. |
29 | -- Copied over from QuickCheck 2.8 | ||
29 | scale :: (Int -> Int) -> Gen a -> Gen a | 30 | scale :: (Int -> Int) -> Gen a -> Gen a |
30 | scale f g = sized (\n -> resize (f n) g) | 31 | scale f g = sized (\n -> resize (f n) g) |
31 | 32 | ||
33 | |||
34 | -- | Generates a random subsequence of the given list. | ||
35 | -- Copied over from QuickCheck 2.8 | ||
36 | sublistOf :: [a] -> Gen [a] | ||
37 | sublistOf = filterM (\_ -> choose (False, True)) | ||
38 | |||
32 | newtype Url = Url { unUrl :: BS.ByteString } deriving (Show) | 39 | newtype Url = Url { unUrl :: BS.ByteString } deriving (Show) |
33 | 40 | ||
34 | instance Arbitrary Url where | 41 | instance Arbitrary Url where |
@@ -48,6 +55,16 @@ newtype Identifier = Identifier { unIdent :: BS.ByteString } deriving (Show) | |||
48 | instance Arbitrary Identifier where | 55 | instance Arbitrary Identifier where |
49 | arbitrary = Identifier . B8.pack <$>(scale (*3) . listOf1 . elements $ ['a'..'z']) | 56 | arbitrary = Identifier . B8.pack <$>(scale (*3) . listOf1 . elements $ ['a'..'z']) |
50 | 57 | ||
58 | newtype EquationLike = EquationLike { unEqlike :: BS.ByteString } deriving (Show) | ||
59 | |||
60 | instance Arbitrary EquationLike where | ||
61 | arbitrary = do | ||
62 | keylen <- choose (3,8) | ||
63 | key <- B8.pack <$> vectorOf keylen (elements ['a'..'z']) | ||
64 | val <- B8.pack <$> (scale (*3) . listOf1 . elements $ ['a'..'z']) | ||
65 | return $ EquationLike (BS.concat [ key, " = ", val]) | ||
66 | |||
67 | |||
51 | data SimpleMac = SimpleMac { secret :: BS.ByteString, macaroon :: Macaroon } deriving Show | 68 | data SimpleMac = SimpleMac { secret :: BS.ByteString, macaroon :: Macaroon } deriving Show |
52 | 69 | ||
53 | instance Arbitrary SimpleMac where | 70 | instance Arbitrary SimpleMac where |
@@ -55,6 +72,8 @@ instance Arbitrary SimpleMac where | |||
55 | secret <- unSecret <$> arbitrary | 72 | secret <- unSecret <$> arbitrary |
56 | location <- unUrl <$> arbitrary | 73 | location <- unUrl <$> arbitrary |
57 | ident <- unIdent <$> arbitrary | 74 | ident <- unIdent <$> arbitrary |
58 | return $ SimpleMac secret (create secret ident location) | 75 | fpcavs <- listOf arbitrary |
76 | let mac = foldl (flip addFirstPartyCaveat) (create secret ident location) (map unEqlike fpcavs) | ||
77 | return $ SimpleMac secret mac | ||
59 | 78 | ||
60 | 79 | ||
diff --git a/test/Crypto/Macaroon/Serializer/Base64/Tests.hs b/test/Crypto/Macaroon/Serializer/Base64/Tests.hs index 19084af..ea3bed9 100644 --- a/test/Crypto/Macaroon/Serializer/Base64/Tests.hs +++ b/test/Crypto/Macaroon/Serializer/Base64/Tests.hs | |||
@@ -30,7 +30,7 @@ tests = testGroup "Crypto.Macaroon.Serializer.Base64" [ basic | |||
30 | ] | 30 | ] |
31 | 31 | ||
32 | basicQC = testProperty "Reversibility" $ | 32 | basicQC = testProperty "Reversibility" $ |
33 | forAll (macaroon <$> arbitrary) (\m -> deserialize (serialize m) == Right m) | 33 | \sm -> deserialize (serialize (macaroon sm)) == Right (macaroon sm) |
34 | 34 | ||
35 | m :: Macaroon | 35 | m :: Macaroon |
36 | m = create secret key loc | 36 | m = create secret key loc |
diff --git a/test/Crypto/Macaroon/Verifier/Tests.hs b/test/Crypto/Macaroon/Verifier/Tests.hs index 92a8a21..101fa26 100644 --- a/test/Crypto/Macaroon/Verifier/Tests.hs +++ b/test/Crypto/Macaroon/Verifier/Tests.hs | |||
@@ -12,9 +12,11 @@ This test suite is based on the pymacaroons test suite: | |||
12 | module Crypto.Macaroon.Verifier.Tests where | 12 | module Crypto.Macaroon.Verifier.Tests where |
13 | 13 | ||
14 | 14 | ||
15 | import Data.List | ||
15 | import qualified Data.ByteString.Char8 as B8 | 16 | import qualified Data.ByteString.Char8 as B8 |
16 | import Test.Tasty | 17 | import Test.Tasty |
17 | import Test.Tasty.HUnit | 18 | -- import Test.Tasty.HUnit |
19 | import Test.Tasty.QuickCheck | ||
18 | 20 | ||
19 | import Crypto.Macaroon | 21 | import Crypto.Macaroon |
20 | import Crypto.Macaroon.Verifier | 22 | import Crypto.Macaroon.Verifier |
@@ -23,8 +25,12 @@ import Crypto.Macaroon.Instances | |||
23 | 25 | ||
24 | tests :: TestTree | 26 | tests :: TestTree |
25 | tests = testGroup "Crypto.Macaroon.Verifier" [ sigs | 27 | tests = testGroup "Crypto.Macaroon.Verifier" [ sigs |
28 | , firstParty | ||
26 | ] | 29 | ] |
27 | 30 | ||
31 | {- | ||
32 | - Test fixtures | ||
33 | -} | ||
28 | sec = B8.pack "this is our super secret key; only we should know it" | 34 | sec = B8.pack "this is our super secret key; only we should know it" |
29 | 35 | ||
30 | m :: Macaroon | 36 | m :: Macaroon |
@@ -37,23 +43,54 @@ m2 :: Macaroon | |||
37 | m2 = addFirstPartyCaveat "test = caveat" m | 43 | m2 = addFirstPartyCaveat "test = caveat" m |
38 | 44 | ||
39 | m3 :: Macaroon | 45 | m3 :: Macaroon |
40 | m3 = addFirstPartyCaveat "test = acaveat" m | 46 | m3 = addFirstPartyCaveat "value = 42" m2 |
41 | 47 | ||
42 | sigs = testGroup "Signatures" [ basic | 48 | exTC = verifyExact "test" "caveat" (many' letter_ascii) <???> "test = caveat" |
43 | , minted | 49 | exTZ = verifyExact "test" "bleh" (many' letter_ascii) <???> "test = bleh" |
44 | ] | 50 | exV42 = verifyExact "value" 42 decimal <???> "value = 42" |
45 | 51 | exV43 = verifyExact "value" 43 decimal <???> "value = 43" | |
46 | basic = testCase "Basic Macaroon Signature" $ | 52 | |
47 | Success @=? verifySig sec m | 53 | funTCPre = verifyFun "test" ("cav" `isPrefixOf`) (many' letter_ascii) <???> "test startsWith cav" |
48 | 54 | funTV43lte = verifyFun "value" (<= 43) decimal <???> "value <= 43" | |
49 | 55 | ||
50 | minted :: TestTree | 56 | allvs = [exTC, exTZ, exV42, exV43, funTCPre, funTV43lte] |
51 | minted = testGroup "Macaroon with first party caveats" [ one | 57 | |
52 | , two | 58 | {- |
53 | ] | 59 | - Tests |
54 | one = testCase "One caveat" $ | 60 | -} |
55 | Success @=? verifySig sec m2 | 61 | sigs = testProperty "Signatures" $ \sm -> verifySig (secret sm) (macaroon sm) == Ok |
56 | 62 | ||
57 | two = testCase "Two caveats" $ | 63 | firstParty = testGroup "First party caveats" [ |
58 | Success @=? verifySig sec m3 | 64 | testGroup "Pure verifiers" [ |
59 | 65 | testProperty "Zero caveat" $ | |
66 | forAll (sublistOf allvs) (\vs -> Ok == verifyCavs vs m) | ||
67 | , testProperty "One caveat" $ | ||
68 | forAll (sublistOf allvs) (\vs -> disjoin [ | ||
69 | Ok == verifyCavs vs m2 .&&. any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs) | ||
70 | , Failed === verifyCavs vs m2 | ||
71 | ]) | ||
72 | , testProperty "Two Exact" $ | ||
73 | forAll (sublistOf allvs) (\vs -> disjoin [ | ||
74 | Ok == verifyCavs vs m3 .&&. | ||
75 | any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs) .&&. | ||
76 | any (`elem` vs) [exV42,funTV43lte] .&&. (exV43 `notElem` vs) | ||
77 | , Failed === verifyCavs vs m3 | ||
78 | ]) | ||
79 | ] | ||
80 | , testGroup "Pure verifiers with sig" [ | ||
81 | testProperty "Zero caveat" $ | ||
82 | forAll (sublistOf allvs) (\vs -> Ok == verifyMacaroon sec vs m) | ||
83 | , testProperty "One caveat" $ | ||
84 | forAll (sublistOf allvs) (\vs -> disjoin [ | ||
85 | Ok == verifyMacaroon sec vs m2 .&&. any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs) | ||
86 | , Failed === verifyMacaroon sec vs m2 | ||
87 | ]) | ||
88 | , testProperty "Two Exact" $ | ||
89 | forAll (sublistOf allvs) (\vs -> disjoin [ | ||
90 | Ok == verifyMacaroon sec vs m3 .&&. | ||
91 | any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs) .&&. | ||
92 | any (`elem` vs) [exV42,funTV43lte] .&&. (exV43 `notElem` vs) | ||
93 | , Failed === verifyMacaroon sec vs m3 | ||
94 | ]) | ||
95 | ] | ||
96 | ] | ||