1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
{-# LANGUAGE OverloadedStrings #-}
{-|
Copyright : (c) 2015 Julien Tanguy
License : BSD3
Maintainer : julien.tanguy@jhome.fr
This test suite is based on the pymacaroons test suite:
<https://github.com/ecordell/pymacaroons>
-}
module Crypto.Macaroon.Verifier.Tests where
import Data.List
import qualified Data.ByteString.Char8 as B8
import Test.Tasty
-- import Test.Tasty.HUnit
import Test.Tasty.QuickCheck
import Crypto.Macaroon
import Crypto.Macaroon.Verifier
import Crypto.Macaroon.Instances
tests :: TestTree
tests = testGroup "Crypto.Macaroon.Verifier" [ sigs
, firstParty
]
{-
- Test fixtures
-}
sec = B8.pack "this is our super secret key; only we should know it"
m :: Macaroon
m = create sec key loc
where
key = B8.pack "we used our sec key"
loc = B8.pack "http://mybank/"
m2 :: Macaroon
m2 = addFirstPartyCaveat "test = caveat" m
m3 :: Macaroon
m3 = addFirstPartyCaveat "value = 42" m2
exTC = verifyExact "test" "caveat" (many' letter_ascii) <???> "test = caveat"
exTZ = verifyExact "test" "bleh" (many' letter_ascii) <???> "test = bleh"
exV42 = verifyExact "value" 42 decimal <???> "value = 42"
exV43 = verifyExact "value" 43 decimal <???> "value = 43"
funTCPre = verifyFun "test" ("cav" `isPrefixOf`) (many' letter_ascii) <???> "test startsWith cav"
funTV43lte = verifyFun "value" (<= 43) decimal <???> "value <= 43"
allvs = [exTC, exTZ, exV42, exV43, funTCPre, funTV43lte]
{-
- Tests
-}
sigs = testProperty "Signatures" $ \sm -> verifySig (secret sm) (macaroon sm) == Ok
firstParty = testGroup "First party caveats" [
testGroup "Pure verifiers" [
testProperty "Zero caveat" $
forAll (sublistOf allvs) (\vs -> Ok == verifyCavs vs m)
, testProperty "One caveat" $
forAll (sublistOf allvs) (\vs -> disjoin [
Ok == verifyCavs vs m2 .&&. any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs)
, Failed === verifyCavs vs m2
])
, testProperty "Two Exact" $
forAll (sublistOf allvs) (\vs -> disjoin [
Ok == verifyCavs vs m3 .&&.
any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs) .&&.
any (`elem` vs) [exV42,funTV43lte] .&&. (exV43 `notElem` vs)
, Failed === verifyCavs vs m3
])
]
, testGroup "Pure verifiers with sig" [
testProperty "Zero caveat" $
forAll (sublistOf allvs) (\vs -> Ok == verifyMacaroon sec vs m)
, testProperty "One caveat" $
forAll (sublistOf allvs) (\vs -> disjoin [
Ok == verifyMacaroon sec vs m2 .&&. any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs)
, Failed === verifyMacaroon sec vs m2
])
, testProperty "Two Exact" $
forAll (sublistOf allvs) (\vs -> disjoin [
Ok == verifyMacaroon sec vs m3 .&&.
any (`elem` vs) [exTC,funTCPre] .&&. (exTZ `notElem` vs) .&&.
any (`elem` vs) [exV42,funTV43lte] .&&. (exV43 `notElem` vs)
, Failed === verifyMacaroon sec vs m3
])
]
]
|
