5 files changed, 90 insertions, 56 deletions
diff --git a/README.md b/README.md
index f3fd91a..45b84e0 100644
--- a/README.md
+++ b/README.md
@@ -5,14 +5,34 @@ Macaroons is a pure haskell implementation of macaroons. It aims to provide
 compatibility at a serialized level with the [reference implementation](https://github.com/rescrv/libmacaroons)
 and the [python implementation](https://github.com/ecordell/pymacaroons)
-[Google paper on macaroons](http://research.google.com/pubs/pub41892.html)
+**WARNING: This library has not been audited by security experts.**
-[Macaroons at Mozilla](https://air.mozilla.org/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/)
+**There is no error handling at the moment, everyhting is silently accepted**
-[Time for better security in NoSQL](http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex/)
-[Pure java implementation](https://github.com/nitram509/jmacaroons)
+It is developed in the purpose of exploration purposes, and would need much
+more attention if it were to be used in production.
+References
+==========
+Papers and articles
+-------------------
+- [Google paper on macaroons](http://research.google.com/pubs/pub41892.html)
+- [Macaroons at Mozilla](https://air.mozilla.org/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/)
+- [Time for better security in NoSQL](http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex/)
+Implementations
+---------------
+- [C](https://github.com/rescrv/libmacaroons)
+- [Java](https://github.com/nitram509/jmacaroons)
+- [Python](https://github.com/ecordell/pymacaroons)
 TODO
 ====
- Verifiy Macaroons
+- Verify Macaroons
 - Discharge Macaroons
+- JSON serialization
+- Quickcheck tests
+- Error handling
diff --git a/src/Crypto/Macaroon.hs b/src/Crypto/Macaroon.hs
index 819a9eb..42e4a07 100644
--- a/src/Crypto/Macaroon.hs
+++ b/src/Crypto/Macaroon.hs
@@ -8,18 +8,16 @@ Maintainer  : julien.tanguy@jhome.fr
 Stability   : experimental
 Portability : portable
 Pure haskell implementations of macaroons.
 Warning: this implementation has not been audited by security experts.
-Use it with caution.
+Do not use in production
 References:
 - Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud <http://research.google.com/pubs/pub41892.html>
 - Time for better security in NoSQL <http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex>
 -}
 module Crypto.Macaroon (
    -- * Types
@@ -50,11 +48,14 @@ module Crypto.Macaroon (
 import           Crypto.Cipher.AES
 import           Crypto.Hash
+import           Data.Char
 import           Data.Byteable
 import qualified Data.ByteString            as BS
 import qualified Data.ByteString.Base64.URL as B64
 import qualified Data.ByteString.Char8      as B8
 import           Data.Hex
+import           Data.Word
+import           Data.Serialize
 import           Crypto.Macaroon.Internal
@@ -62,7 +63,7 @@ import           Crypto.Macaroon.Internal
 create :: Key -> Key -> Location -> Macaroon
 create secret ident loc = MkMacaroon loc ident [] (toBytes (hmac derivedKey ident :: HMAC SHA256))
  where
-    derivedKey = toBytes $ (hmac "macaroons-key-generator" secret :: HMAC SHA256)
+    derivedKey = toBytes (hmac "macaroons-key-generator" secret :: HMAC SHA256)
 caveatLoc :: Caveat -> Location
 caveatLoc = cl
@@ -74,17 +75,7 @@ caveatVId :: Caveat -> Key
 caveatVId = vid
 inspect :: Macaroon -> String
-inspect m = unlines [ "location " ++ show (location m)
+inspect = show
-                    , "identifier " ++ show (identifier m)
-                    , (concatMap (showCav (location m)) (caveats m))
-                    , "signature " ++ show (hex $ signature m)
-                    ]
-  where
-    showCav loc c | cl c == loc && vid c == BS.empty = "cid " ++ show (cid c)
-                  | otherwise = unlines [ "cid " ++ show (cid c)
-                                        , "vid " ++ show (vid c)
-                                        , "cl " ++ show (cl c)
-                                        ]
 serialize :: Macaroon -> BS.ByteString
 serialize m = B8.filter (/= '=') . B64.encode $ packets
@@ -100,6 +91,16 @@ serialize m = B8.filter (/= '=') . B64.encode $ packets
                                            , putPacket "vid" (vid c)
                                            , putPacket "cl" (cl c)
                                            ]
+    putPacket key dat = BS.concat [
+        B8.map toLower . hex . encode $ (fromIntegral size :: Word16)
+        , key
+        , " "
+        , dat
+        , "\n"
+        ]
+      where
+        size = 4 + 2 + BS.length key + BS.length dat
diff --git a/src/Crypto/Macaroon/Binder.hs b/src/Crypto/Macaroon/Binder.hs
index 3ec3d67..91f07ce 100644
--- a/src/Crypto/Macaroon/Binder.hs
+++ b/src/Crypto/Macaroon/Binder.hs
@@ -24,5 +24,5 @@ newtype Binder = Binder { bind :: Macaroon -> Macaroon -> BS.ByteString }
 -- | Binder which concatenates the two signatures and hashes them
 hashSigs :: Binder
-hashSigs = Binder $ \m m' -> toBytes $ (HMAC . hash $ BS.append (toBytes $ signature m') (toBytes $ signature m) :: HMAC SHA256)
+hashSigs = Binder $ \m m' -> toBytes (HMAC . hash $ BS.append (toBytes $ signature m') (toBytes $ signature m) :: HMAC SHA256)
diff --git a/src/Crypto/Macaroon/Internal.hs b/src/Crypto/Macaroon/Internal.hs
index fc50486..82ce0b4 100644
--- a/src/Crypto/Macaroon/Internal.hs
+++ b/src/Crypto/Macaroon/Internal.hs
@@ -21,10 +21,8 @@ import           Data.Byteable
 import qualified Data.ByteString        as BS
 import qualified Data.ByteString.Base64 as B64
 import qualified Data.ByteString.Char8  as B8
-import           Data.Char
 import           Data.Hex
-import           Data.Serialize
+import           Data.List
-import           Data.Word
 -- |Type alias for Macaroons and Caveat keys and identifiers
 type Key = BS.ByteString
@@ -45,6 +43,14 @@ data Macaroon = MkMacaroon { location   :: Location
                           -- ^ Macaroon HMAC signature
                           } deriving (Eq)
+instance Show Macaroon where
+    -- We use intercalate because unlines would add a trailing newline
+    show (MkMacaroon l i c s) = intercalate "\n" [
+                      "location " ++ B8.unpack l
+                    , "identifier " ++ B8.unpack i
+                    , concatMap show c
+                    , "signature " ++ B8.unpack (hex s)
+                    ]
 instance NFData Macaroon where
    rnf (MkMacaroon loc ident cavs sig) = rnf loc `seq` rnf ident `seq` rnf cavs `seq` rnf sig
@@ -60,21 +66,18 @@ data Caveat = MkCaveat { cid :: Key
                       } deriving (Eq)
+instance Show Caveat where
+    show (MkCaveat c v l) | v == BS.empty = "cid " ++ B8.unpack c
+                          | otherwise = unlines [ "cid " ++ B8.unpack c
+                                                , "vid " ++ B8.unpack v
+                                                , "cl " ++ B8.unpack l
+                                                ]
 instance NFData Caveat where
    rnf (MkCaveat cid vid cl) = rnf cid `seq` rnf vid `seq` rnf cl
-putPacket :: BS.ByteString -> BS.ByteString -> BS.ByteString
-putPacket key dat = BS.concat [
-    B8.map toLower . hex . encode $ (fromIntegral size :: Word16)
-    , key
-    , " "
-    , dat
-    , "\n"
-    ]
-  where
-    size = 4 + 2 + BS.length key + BS.length dat
 addCaveat :: Location
          -> Key
          -> Key
@@ -84,5 +87,5 @@ addCaveat loc cid vid m = m { caveats = cavs ++ [cav'], signature = sig}
  where
    cavs = caveats m
    cav' = MkCaveat cid vid loc
-    sig = toBytes $ (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)
+    sig = toBytes (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)
diff --git a/test/Crypto/Macaroon/Tests.hs b/test/Crypto/Macaroon/Tests.hs
index cdfb620..f57bec3 100644
--- a/test/Crypto/Macaroon/Tests.hs
+++ b/test/Crypto/Macaroon/Tests.hs
@@ -23,6 +23,7 @@ tests :: TestTree
 tests = testGroup "Crypto.Macaroon" [ basicSignature
                                    , basicSerialize
                                    , basicMint
+                                    , basicInspect
                                    , basicMintTrimmed
                                    ]
@@ -34,12 +35,39 @@ m = create secret key loc
    key = B8.pack "we used our secret key"
    loc = B8.pack "http://mybank/"
+basicSignature = testCase "Basic signature" $
+    "E3D9E02908526C4C0039AE15114115D97FDD68BF2BA379B342AAF0F617D0552F" @=? (hex . signature) m
+basicSerialize = testCase "Serialization" $
+    "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudG\
+    \lmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAyZnNpZ25h\
+    \dHVyZSDj2eApCFJsTAA5rhURQRXZf91ovyujebNCqvD2F9BVLwo" @=? serialize m
 m2 :: Macaroon
 m2 = addFirstPartyCaveat "test = caveat" m
+basicInspect = testCase "Inspect" $
+    "location http://mybank/\nidentifier we used\
+    \ our secret key\ncid test = caveat\nsignature\
+    \ 197BAC7A044AF33332865B9266E26D49\
+    \3BDD668A660E44D88CE1A998C23DBD67" @=? inspect m2
+basicMint = testCase "First Party Caveat" $
+    "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZ\
+    \WQgb3VyIHNlY3JldCBrZXkKMDAxNmNpZCB0ZXN0ID0gY2F2ZWF0CjAwMmZzaWduYXR1cmUgGXusegR\
+    \K8zMyhluSZuJtSTvdZopmDkTYjOGpmMI9vWcK" @=? serialize m2
 m3 :: Macaroon
 m3 = addFirstPartyCaveat "test = acaveat" m
+basicMintTrimmed = testCase "Trimmed base64" $
+    "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVz\
+    \ZWQgb3VyIHNlY3JldCBrZXkKMDAxN2NpZCB0ZXN0ID0gYWNhdmVhdAowMDJmc2ln\
+    \bmF0dXJlIJRJ_V3WNJQnqlVq5eez7spnltwU_AXs8NIRY739sHooCg" @=? serialize m3
 m4 :: Macaroon
 m4 = addThirdPartyCaveat caveat_key caveat_id caveat_loc n
  where
@@ -52,23 +80,5 @@ m4 = addThirdPartyCaveat caveat_key caveat_id caveat_loc n
    caveat_loc = B8.pack "http://auth.mybank/"
-basicSignature = testCase "Basic signature" $
+basicThirdParty = testCase "Third Party Caveat" $
-    "E3D9E02908526C4C0039AE15114115D97FDD68BF2BA379B342AAF0F617D0552F" @=? (hex . signature) m
-basicSerialize = testCase "Serialization" $
-    "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudG\
-    \lmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAyZnNpZ25h\
-    \dHVyZSDj2eApCFJsTAA5rhURQRXZf91ovyujebNCqvD2F9BVLwo" @=? serialize m
-basicMint = testCase "First Party Caveat" $
-    "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZ\
-    \WQgb3VyIHNlY3JldCBrZXkKMDAxNmNpZCB0ZXN0ID0gY2F2ZWF0CjAwMmZzaWduYXR1cmUgGXusegR\
-    \K8zMyhluSZuJtSTvdZopmDkTYjOGpmMI9vWcK" @=? serialize m2
-basicMintTrimmed = testCase "Trimmed base64" $ 
-    "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVz\
-    \ZWQgb3VyIHNlY3JldCBrZXkKMDAxN2NpZCB0ZXN0ID0gYWNhdmVhdAowMDJmc2ln\
-    \bmF0dXJlIJRJ_V3WNJQnqlVq5eez7spnltwU_AXs8NIRY739sHooCg" @=? serialize m3
-basicThirdParty = testCase "Third Party Caveat" $ 
    "6B99EDB2EC6D7A4382071D7D41A0BF7DFA27D87D2F9FEA86E330D7850FFDA2B2" @=? (hex . signature) m4

diff --git a/README.md b/README.md index f3fd91a..45b84e0 100644 --- a/README.md +++ b/README.md
@@ -5,14 +5,34 @@ Macaroons is a pure haskell implementation of macaroons. It aims to provide
5	compatibility at a serialized level with the [reference implementation](https://github.com/rescrv/libmacaroons)	5	compatibility at a serialized level with the [reference implementation](https://github.com/rescrv/libmacaroons)
6	and the [python implementation](https://github.com/ecordell/pymacaroons)	6	and the [python implementation](https://github.com/ecordell/pymacaroons)
7		7
8	[Google paper on macaroons](http://research.google.com/pubs/pub41892.html)	8	WARNING: This library has not been audited by security experts.
9	[Macaroons at Mozilla](https://air.mozilla.org/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/)	9	There is no error handling at the moment, everyhting is silently accepted
10	[Time for better security in NoSQL](http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex/)	10
11	[Pure java implementation](https://github.com/nitram509/jmacaroons)	11	It is developed in the purpose of exploration purposes, and would need much
		12	more attention if it were to be used in production.
		13
		14	References
		15	==========
		16
		17	Papers and articles
		18	-------------------
		19
		20	- [Google paper on macaroons](http://research.google.com/pubs/pub41892.html)
		21	- [Macaroons at Mozilla](https://air.mozilla.org/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/)
		22	- [Time for better security in NoSQL](http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex/)
		23
		24	Implementations
		25	---------------
		26
		27	- [C](https://github.com/rescrv/libmacaroons)
		28	- [Java](https://github.com/nitram509/jmacaroons)
		29	- [Python](https://github.com/ecordell/pymacaroons)
12		30
13	TODO	31	TODO
14	====	32	====
15		33
16	- Verifiy Macaroons	34	- Verify Macaroons
17	- Discharge Macaroons	35	- Discharge Macaroons
18		36	- JSON serialization
		37	- Quickcheck tests
		38	- Error handling


diff --git a/src/Crypto/Macaroon.hs b/src/Crypto/Macaroon.hs index 819a9eb..42e4a07 100644 --- a/src/Crypto/Macaroon.hs +++ b/src/Crypto/Macaroon.hs
@@ -8,18 +8,16 @@ Maintainer : julien.tanguy@jhome.fr
8	Stability : experimental	8	Stability : experimental
9	Portability : portable	9	Portability : portable
10		10
11
12	Pure haskell implementations of macaroons.	11	Pure haskell implementations of macaroons.
13		12
14	Warning: this implementation has not been audited by security experts.	13	Warning: this implementation has not been audited by security experts.
15	Use it with caution.	14	Do not use in production
16		15
17		16
18	References:	17	References:
19		18
20	- Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud <http://research.google.com/pubs/pub41892.html>	19	- Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud <http://research.google.com/pubs/pub41892.html>
21	- Time for better security in NoSQL <http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex>	20	- Time for better security in NoSQL <http://hackingdistributed.com/2014/11/23/macaroons-in-hyperdex>
22
23	-}	21	-}
24	module Crypto.Macaroon (	22	module Crypto.Macaroon (
25	-- * Types	23	-- * Types
@@ -50,11 +48,14 @@ module Crypto.Macaroon (
50		48
51	import Crypto.Cipher.AES	49	import Crypto.Cipher.AES
52	import Crypto.Hash	50	import Crypto.Hash
		51	import Data.Char
53	import Data.Byteable	52	import Data.Byteable
54	import qualified Data.ByteString as BS	53	import qualified Data.ByteString as BS
55	import qualified Data.ByteString.Base64.URL as B64	54	import qualified Data.ByteString.Base64.URL as B64
56	import qualified Data.ByteString.Char8 as B8	55	import qualified Data.ByteString.Char8 as B8
57	import Data.Hex	56	import Data.Hex
		57	import Data.Word
		58	import Data.Serialize
58		59
59	import Crypto.Macaroon.Internal	60	import Crypto.Macaroon.Internal
60		61
@@ -62,7 +63,7 @@ import Crypto.Macaroon.Internal
62	create :: Key -> Key -> Location -> Macaroon	63	create :: Key -> Key -> Location -> Macaroon
63	create secret ident loc = MkMacaroon loc ident [] (toBytes (hmac derivedKey ident :: HMAC SHA256))	64	create secret ident loc = MkMacaroon loc ident [] (toBytes (hmac derivedKey ident :: HMAC SHA256))
64	where	65	where
65	derivedKey = toBytes $ (hmac "macaroons-key-generator" secret :: HMAC SHA256)	66	derivedKey = toBytes (hmac "macaroons-key-generator" secret :: HMAC SHA256)
66		67
67	caveatLoc :: Caveat -> Location	68	caveatLoc :: Caveat -> Location
68	caveatLoc = cl	69	caveatLoc = cl
@@ -74,17 +75,7 @@ caveatVId :: Caveat -> Key
74	caveatVId = vid	75	caveatVId = vid
75		76
76	inspect :: Macaroon -> String	77	inspect :: Macaroon -> String
77	inspect m = unlines [ "location " ++ show (location m)	78	inspect = show
78	, "identifier " ++ show (identifier m)
79	, (concatMap (showCav (location m)) (caveats m))
80	, "signature " ++ show (hex $ signature m)
81	]
82	where
83	showCav loc c \| cl c == loc && vid c == BS.empty = "cid " ++ show (cid c)
84	\| otherwise = unlines [ "cid " ++ show (cid c)
85	, "vid " ++ show (vid c)
86	, "cl " ++ show (cl c)
87	]
88		79
89	serialize :: Macaroon -> BS.ByteString	80	serialize :: Macaroon -> BS.ByteString
90	serialize m = B8.filter (/= '=') . B64.encode $ packets	81	serialize m = B8.filter (/= '=') . B64.encode $ packets
@@ -100,6 +91,16 @@ serialize m = B8.filter (/= '=') . B64.encode $ packets
100	, putPacket "vid" (vid c)	91	, putPacket "vid" (vid c)
101	, putPacket "cl" (cl c)	92	, putPacket "cl" (cl c)
102	]	93	]
		94	putPacket key dat = BS.concat [
		95	B8.map toLower . hex . encode $ (fromIntegral size :: Word16)
		96	, key
		97	, " "
		98	, dat
		99	, "\n"
		100	]
		101	where
		102	size = 4 + 2 + BS.length key + BS.length dat
		103
103		104
104		105
105		106


diff --git a/src/Crypto/Macaroon/Binder.hs b/src/Crypto/Macaroon/Binder.hs index 3ec3d67..91f07ce 100644 --- a/src/Crypto/Macaroon/Binder.hs +++ b/src/Crypto/Macaroon/Binder.hs
@@ -24,5 +24,5 @@ newtype Binder = Binder { bind :: Macaroon -> Macaroon -> BS.ByteString }
24		24
25	-- \| Binder which concatenates the two signatures and hashes them	25	-- \| Binder which concatenates the two signatures and hashes them
26	hashSigs :: Binder	26	hashSigs :: Binder
27	hashSigs = Binder $ \m m' -> toBytes $ (HMAC . hash $ BS.append (toBytes $ signature m') (toBytes $ signature m) :: HMAC SHA256)	27	hashSigs = Binder $ \m m' -> toBytes (HMAC . hash $ BS.append (toBytes $ signature m') (toBytes $ signature m) :: HMAC SHA256)
28		28


diff --git a/src/Crypto/Macaroon/Internal.hs b/src/Crypto/Macaroon/Internal.hs index fc50486..82ce0b4 100644 --- a/src/Crypto/Macaroon/Internal.hs +++ b/src/Crypto/Macaroon/Internal.hs
@@ -21,10 +21,8 @@ import Data.Byteable
21	import qualified Data.ByteString as BS	21	import qualified Data.ByteString as BS
22	import qualified Data.ByteString.Base64 as B64	22	import qualified Data.ByteString.Base64 as B64
23	import qualified Data.ByteString.Char8 as B8	23	import qualified Data.ByteString.Char8 as B8
24	import Data.Char
25	import Data.Hex	24	import Data.Hex
26	import Data.Serialize	25	import Data.List
27	import Data.Word
28		26
29	-- \|Type alias for Macaroons and Caveat keys and identifiers	27	-- \|Type alias for Macaroons and Caveat keys and identifiers
30	type Key = BS.ByteString	28	type Key = BS.ByteString
@@ -45,6 +43,14 @@ data Macaroon = MkMacaroon { location :: Location
45	-- ^ Macaroon HMAC signature	43	-- ^ Macaroon HMAC signature
46	} deriving (Eq)	44	} deriving (Eq)
47		45
		46	instance Show Macaroon where
		47	-- We use intercalate because unlines would add a trailing newline
		48	show (MkMacaroon l i c s) = intercalate "\n" [
		49	"location " ++ B8.unpack l
		50	, "identifier " ++ B8.unpack i
		51	, concatMap show c
		52	, "signature " ++ B8.unpack (hex s)
		53	]
48		54
49	instance NFData Macaroon where	55	instance NFData Macaroon where
50	rnf (MkMacaroon loc ident cavs sig) = rnf loc `seq` rnf ident `seq` rnf cavs `seq` rnf sig	56	rnf (MkMacaroon loc ident cavs sig) = rnf loc `seq` rnf ident `seq` rnf cavs `seq` rnf sig
@@ -60,21 +66,18 @@ data Caveat = MkCaveat { cid :: Key
60		66
61	} deriving (Eq)	67	} deriving (Eq)
62		68
		69	instance Show Caveat where
		70	show (MkCaveat c v l) \| v == BS.empty = "cid " ++ B8.unpack c
		71	\| otherwise = unlines [ "cid " ++ B8.unpack c
		72	, "vid " ++ B8.unpack v
		73	, "cl " ++ B8.unpack l
		74	]
		75
		76
63	instance NFData Caveat where	77	instance NFData Caveat where
64	rnf (MkCaveat cid vid cl) = rnf cid `seq` rnf vid `seq` rnf cl	78	rnf (MkCaveat cid vid cl) = rnf cid `seq` rnf vid `seq` rnf cl
65		79
66		80
67	putPacket :: BS.ByteString -> BS.ByteString -> BS.ByteString
68	putPacket key dat = BS.concat [
69	B8.map toLower . hex . encode $ (fromIntegral size :: Word16)
70	, key
71	, " "
72	, dat
73	, "\n"
74	]
75	where
76	size = 4 + 2 + BS.length key + BS.length dat
77
78	addCaveat :: Location	81	addCaveat :: Location
79	-> Key	82	-> Key
80	-> Key	83	-> Key
@@ -84,5 +87,5 @@ addCaveat loc cid vid m = m { caveats = cavs ++ [cav'], signature = sig}
84	where	87	where
85	cavs = caveats m	88	cavs = caveats m
86	cav' = MkCaveat cid vid loc	89	cav' = MkCaveat cid vid loc
87	sig = toBytes $ (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)	90	sig = toBytes (hmac (signature m) (BS.append vid cid) :: HMAC SHA256)
88		91


diff --git a/test/Crypto/Macaroon/Tests.hs b/test/Crypto/Macaroon/Tests.hs index cdfb620..f57bec3 100644 --- a/test/Crypto/Macaroon/Tests.hs +++ b/test/Crypto/Macaroon/Tests.hs
@@ -23,6 +23,7 @@ tests :: TestTree
23	tests = testGroup "Crypto.Macaroon" [ basicSignature	23	tests = testGroup "Crypto.Macaroon" [ basicSignature
24	, basicSerialize	24	, basicSerialize
25	, basicMint	25	, basicMint
		26	, basicInspect
26	, basicMintTrimmed	27	, basicMintTrimmed
27	]	28	]
28		29
@@ -34,12 +35,39 @@ m = create secret key loc
34	key = B8.pack "we used our secret key"	35	key = B8.pack "we used our secret key"
35	loc = B8.pack "http://mybank/"	36	loc = B8.pack "http://mybank/"
36		37
		38	basicSignature = testCase "Basic signature" $
		39	"E3D9E02908526C4C0039AE15114115D97FDD68BF2BA379B342AAF0F617D0552F" @=? (hex . signature) m
		40
		41	basicSerialize = testCase "Serialization" $
		42	"MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudG\
		43	\lmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAyZnNpZ25h\
		44	\dHVyZSDj2eApCFJsTAA5rhURQRXZf91ovyujebNCqvD2F9BVLwo" @=? serialize m
		45
37	m2 :: Macaroon	46	m2 :: Macaroon
38	m2 = addFirstPartyCaveat "test = caveat" m	47	m2 = addFirstPartyCaveat "test = caveat" m
39		48
		49	basicInspect = testCase "Inspect" $
		50	"location http://mybank/\nidentifier we used\
		51	\ our secret key\ncid test = caveat\nsignature\
		52	\ 197BAC7A044AF33332865B9266E26D49\
		53	\3BDD668A660E44D88CE1A998C23DBD67" @=? inspect m2
		54
		55
		56	basicMint = testCase "First Party Caveat" $
		57	"MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZ\
		58	\WQgb3VyIHNlY3JldCBrZXkKMDAxNmNpZCB0ZXN0ID0gY2F2ZWF0CjAwMmZzaWduYXR1cmUgGXusegR\
		59	\K8zMyhluSZuJtSTvdZopmDkTYjOGpmMI9vWcK" @=? serialize m2
		60
		61
40	m3 :: Macaroon	62	m3 :: Macaroon
41	m3 = addFirstPartyCaveat "test = acaveat" m	63	m3 = addFirstPartyCaveat "test = acaveat" m
42		64
		65	basicMintTrimmed = testCase "Trimmed base64" $
		66	"MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVz\
		67	\ZWQgb3VyIHNlY3JldCBrZXkKMDAxN2NpZCB0ZXN0ID0gYWNhdmVhdAowMDJmc2ln\
		68	\bmF0dXJlIJRJ_V3WNJQnqlVq5eez7spnltwU_AXs8NIRY739sHooCg" @=? serialize m3
		69
		70
43	m4 :: Macaroon	71	m4 :: Macaroon
44	m4 = addThirdPartyCaveat caveat_key caveat_id caveat_loc n	72	m4 = addThirdPartyCaveat caveat_key caveat_id caveat_loc n
45	where	73	where
@@ -52,23 +80,5 @@ m4 = addThirdPartyCaveat caveat_key caveat_id caveat_loc n
52	caveat_loc = B8.pack "http://auth.mybank/"	80	caveat_loc = B8.pack "http://auth.mybank/"
53		81
54		82
55	basicSignature = testCase "Basic signature" $	83	basicThirdParty = testCase "Third Party Caveat" $
56	"E3D9E02908526C4C0039AE15114115D97FDD68BF2BA379B342AAF0F617D0552F" @=? (hex . signature) m
57
58	basicSerialize = testCase "Serialization" $
59	"MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudG\
60	\lmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAyZnNpZ25h\
61	\dHVyZSDj2eApCFJsTAA5rhURQRXZf91ovyujebNCqvD2F9BVLwo" @=? serialize m
62
63	basicMint = testCase "First Party Caveat" $
64	"MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZ\
65	\WQgb3VyIHNlY3JldCBrZXkKMDAxNmNpZCB0ZXN0ID0gY2F2ZWF0CjAwMmZzaWduYXR1cmUgGXusegR\
66	\K8zMyhluSZuJtSTvdZopmDkTYjOGpmMI9vWcK" @=? serialize m2
67
68	basicMintTrimmed = testCase "Trimmed base64" $
69	"MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVz\
70	\ZWQgb3VyIHNlY3JldCBrZXkKMDAxN2NpZCB0ZXN0ID0gYWNhdmVhdAowMDJmc2ln\
71	\bmF0dXJlIJRJ_V3WNJQnqlVq5eez7spnltwU_AXs8NIRY739sHooCg" @=? serialize m3
72
73	basicThirdParty = testCase "Third Party Caveat" $
74	"6B99EDB2EC6D7A4382071D7D41A0BF7DFA27D87D2F9FEA86E330D7850FFDA2B2" @=? (hex . signature) m4	84	"6B99EDB2EC6D7A4382071D7D41A0BF7DFA27D87D2F9FEA86E330D7850FFDA2B2" @=? (hex . signature) m4