diff options
Diffstat (limited to 'src/Crypto/Macaroon.hs')
| -rw-r--r-- | src/Crypto/Macaroon.hs | 33 |
1 files changed, 12 insertions, 21 deletions
diff --git a/src/Crypto/Macaroon.hs b/src/Crypto/Macaroon.hs index bfcf8df..86d8eb7 100644 --- a/src/Crypto/Macaroon.hs +++ b/src/Crypto/Macaroon.hs | |||
| @@ -23,6 +23,7 @@ module Crypto.Macaroon ( | |||
| 23 | -- * Types | 23 | -- * Types |
| 24 | Macaroon | 24 | Macaroon |
| 25 | , Caveat | 25 | , Caveat |
| 26 | , Secret | ||
| 26 | , Key | 27 | , Key |
| 27 | , Location | 28 | , Location |
| 28 | , Sig | 29 | , Sig |
| @@ -33,44 +34,36 @@ module Crypto.Macaroon ( | |||
| 33 | , caveats | 34 | , caveats |
| 34 | , signature | 35 | , signature |
| 35 | -- ** Caveats | 36 | -- ** Caveats |
| 36 | , caveatLoc | 37 | , cl |
| 37 | , caveatId | 38 | , cid |
| 38 | , caveatVId | 39 | , vid |
| 39 | 40 | ||
| 40 | -- * Create Macaroons | 41 | -- * Create Macaroons |
| 41 | , create | 42 | , create |
| 42 | , inspect | 43 | , inspect |
| 43 | , addFirstPartyCaveat | 44 | , addFirstPartyCaveat |
| 44 | -- , addThirdPartyCaveat | 45 | -- , addThirdPartyCaveat |
| 46 | -- * Serialize | ||
| 47 | , module Crypto.Macaroon.Serializer.Base64 | ||
| 48 | -- * Verify | ||
| 49 | , module Crypto.Macaroon.Verifier | ||
| 45 | ) where | 50 | ) where |
| 46 | 51 | ||
| 47 | -- import Crypto.Cipher.AES | 52 | -- import Crypto.Cipher.AES |
| 48 | import Crypto.Hash | 53 | import Crypto.Hash |
| 49 | import Data.Byteable | 54 | import Data.Byteable |
| 50 | import qualified Data.ByteString as BS | 55 | import qualified Data.ByteString as BS |
| 51 | import qualified Data.ByteString.Base64.URL as B64 | ||
| 52 | import qualified Data.ByteString.Char8 as B8 | ||
| 53 | 56 | ||
| 54 | import Crypto.Macaroon.Internal | 57 | import Crypto.Macaroon.Internal |
| 58 | import Crypto.Macaroon.Serializer.Base64 | ||
| 59 | import Crypto.Macaroon.Verifier | ||
| 55 | 60 | ||
| 56 | -- | Create a Macaroon from its key, identifier and location | 61 | -- | Create a Macaroon from its key, identifier and location |
| 57 | create :: Key -> Key -> Location -> Macaroon | 62 | create :: Secret -> Key -> Location -> Macaroon |
| 58 | create secret ident loc = MkMacaroon loc ident [] (toBytes (hmac derivedKey ident :: HMAC SHA256)) | 63 | create secret ident loc = MkMacaroon loc ident [] (toBytes (hmac derivedKey ident :: HMAC SHA256)) |
| 59 | where | 64 | where |
| 60 | derivedKey = toBytes (hmac "macaroons-key-generator" secret :: HMAC SHA256) | 65 | derivedKey = toBytes (hmac "macaroons-key-generator" secret :: HMAC SHA256) |
| 61 | 66 | ||
| 62 | -- | Caveat target location | ||
| 63 | caveatLoc :: Caveat -> Location | ||
| 64 | caveatLoc = cl | ||
| 65 | |||
| 66 | -- | Caveat identifier | ||
| 67 | caveatId :: Caveat -> Key | ||
| 68 | caveatId = cid | ||
| 69 | |||
| 70 | -- | Caveat verification identifier | ||
| 71 | caveatVId :: Caveat -> Key | ||
| 72 | caveatVId = vid | ||
| 73 | |||
| 74 | -- | Inspect a macaroon's contents. For debugging purposes. | 67 | -- | Inspect a macaroon's contents. For debugging purposes. |
| 75 | inspect :: Macaroon -> String | 68 | inspect :: Macaroon -> String |
| 76 | inspect = show | 69 | inspect = show |
| @@ -89,5 +82,3 @@ addFirstPartyCaveat ident m = addCaveat (location m) ident BS.empty m | |||
| 89 | -- addThirdPartyCaveat key cid loc m = addCaveat loc cid vid m | 82 | -- addThirdPartyCaveat key cid loc m = addCaveat loc cid vid m |
| 90 | -- where | 83 | -- where |
| 91 | -- vid = encryptECB (initAES (signature m)) key | 84 | -- vid = encryptECB (initAES (signature m)) key |
| 92 | |||
| 93 | |||