aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/Crypto/Macaroon/Verifier.hs10
-rw-r--r--test/Crypto/Macaroon/Verifier/Tests.hs18
2 files changed, 24 insertions, 4 deletions
diff --git a/src/Crypto/Macaroon/Verifier.hs b/src/Crypto/Macaroon/Verifier.hs
index 4eedff5..02cb448 100644
--- a/src/Crypto/Macaroon/Verifier.hs
+++ b/src/Crypto/Macaroon/Verifier.hs
@@ -14,14 +14,14 @@ Portability : portable
14-} 14-}
15module Crypto.Macaroon.Verifier ( 15module Crypto.Macaroon.Verifier (
16 Verified(..) 16 Verified(..)
17 , CaveatVerifier(..) 17 , CaveatVerifier
18 , (<???>) 18 , (<???>)
19 , verifyMacaroon
19 , verifySig 20 , verifySig
20 , verifyExact 21 , verifyExact
21 , verifyFun 22 , verifyFun
22 , verifyCavs
23 -- , module Data.Attoparsec.ByteString
24 , module Data.Attoparsec.ByteString.Char8 23 , module Data.Attoparsec.ByteString.Char8
24 , verifyCavs
25) where 25) where
26 26
27 27
@@ -66,6 +66,10 @@ verifySig k m = bool Failed Ok $
66 hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256) 66 hash s c = toBytes (hmac s (vid c `BS.append` cid c) :: HMAC SHA256)
67 derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256) 67 derivedKey = toBytes (hmac "macaroons-key-generator" k :: HMAC SHA256)
68 68
69verifyMacaroon :: Key -> [CaveatVerifier] -> Macaroon -> Verified
70verifyMacaroon secret verifiers m = verifySig secret m `mappend` verifyCavs verifiers m
71
72
69verifyCavs :: [CaveatVerifier] -> Macaroon -> Verified 73verifyCavs :: [CaveatVerifier] -> Macaroon -> Verified
70verifyCavs verifiers m = foldMap (\c -> fromMaybe Failed $ foldMap (($ c) . vFun) verifiers) (caveats m) 74verifyCavs verifiers m = foldMap (\c -> fromMaybe Failed $ foldMap (($ c) . vFun) verifiers) (caveats m)
71 75
diff --git a/test/Crypto/Macaroon/Verifier/Tests.hs b/test/Crypto/Macaroon/Verifier/Tests.hs
index 5f09bca..101fa26 100644
--- a/test/Crypto/Macaroon/Verifier/Tests.hs
+++ b/test/Crypto/Macaroon/Verifier/Tests.hs
@@ -61,7 +61,7 @@ allvs = [exTC, exTZ, exV42, exV43, funTCPre, funTV43lte]
61sigs = testProperty "Signatures" $ \sm -> verifySig (secret sm) (macaroon sm) == Ok 61sigs = testProperty "Signatures" $ \sm -> verifySig (secret sm) (macaroon sm) == Ok
62 62
63firstParty = testGroup "First party caveats" [ 63firstParty = testGroup "First party caveats" [
64 testGroup "Pure verifiers" [ 64 testGroup "Pure verifiers" [
65 testProperty "Zero caveat" $ 65 testProperty "Zero caveat" $
66 forAll (sublistOf allvs) (\vs -> Ok == verifyCavs vs m) 66 forAll (sublistOf allvs) (\vs -> Ok == verifyCavs vs m)
67 , testProperty "One caveat" $ 67 , testProperty "One caveat" $
@@ -77,4 +77,20 @@ firstParty = testGroup "First party caveats" [
77 , Failed === verifyCavs vs m3 77 , Failed === verifyCavs vs m3
78 ]) 78 ])
79 ] 79 ]
80 , testGroup "Pure verifiers with sig" [
81 testProperty "Zero caveat" $
82 forAll (sublistOf allvs) (\vs -> Ok == verifyMacaroon sec vs m)
83 , testProperty "One caveat" $
84 forAll (sublistOf allvs) (\vs -> disjoin [
85 Ok == verifyMacaroon sec vs m2 .&&. any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs)
86 , Failed === verifyMacaroon sec vs m2
87 ])
88 , testProperty "Two Exact" $
89 forAll (sublistOf allvs) (\vs -> disjoin [
90 Ok == verifyMacaroon sec vs m3 .&&.
91 any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs) .&&.
92 any (`elem` vs) [exV42,funTV43lte] .&&. (exV43 `notElem` vs)
93 , Failed === verifyMacaroon sec vs m3
94 ])
95 ]
80 ] 96 ]
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 12:00:19 +0000