static void TestSerialization() { Macaroon m = new Macaroon(LocationBytes, SecretBytes, IdentifierBytes); m.AddFirstPartyCaveat("account = 3735928559"); string caveat_key = "4; guaranteed random by a fair toss of the dice"; string identifier = "this was how we remind auth of key/pred"; m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier); Stopwatch w1 = new Stopwatch(); w1.Start(); for (int i = 0; i < 10000; ++i) { string s = m.Serialize(); Macaroon n = Macaroon.Deserialize(s); } w1.Stop(); Console.WriteLine("Total: " + w1.Elapsed); }
public void VerificationFailsWithInvalidSignature() { // Arrange Macaroon mValid = new Macaroon(Location, Secret, Identifier); mValid.AddFirstPartyCaveat("account = 3735928559"); mValid.AddFirstPartyCaveat("time < 2115-01-01T00:00"); mValid.AddFirstPartyCaveat("email = [email protected]"); // This is a Macaroon from the tutorial (https://github.com/rescrv/libmacaroons) containing an invalid signature string serialized = "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAxZGNpZCBhY2NvdW50ID0gMzczNTkyODU1OQowMDIwY2lkIHRpbWUgPCAyMDE1LTAxLTAxVDAwOjAwCjAwMjJjaWQgZW1haWwgPSBhbGljZUBleGFtcGxlLm9yZwowMDJmc2lnbmF0dXJlID8f19FL+bkC9p/aoMmIecC7GxdOcLVyUnrv6lJMM7NSCg=="; Macaroon mInvalid = Macaroon.Deserialize(serialized); Verifier v = new Verifier(); v.SatisfyExact("account = 3735928559"); v.SatisfyExact("time < 2115-01-01T00:00"); v.SatisfyExact("email = [email protected]"); // Act VerificationResult verifiedOk = mValid.Verify(v, Secret); VerificationResult verifiedFails = mInvalid.Verify(v, Secret); // Assert Assert.AreEqual(mValid.Location, mInvalid.Location); Assert.AreEqual(mValid.Identifier, mInvalid.Identifier); Assert.AreEqual(mValid.Caveats.Count, mInvalid.Caveats.Count); Assert.AreNotEqual(mValid.Signature, mInvalid.Signature); Assert.IsTrue(verifiedOk.Success); Assert.IsFalse(verifiedFails.Success); Assert.AreEqual(2, verifiedFails.Messages.Count); StringAssert.Contains("Caveat 'time < 2015-01-01T00:00' failed", verifiedFails.Messages[0]); StringAssert.Contains("Signature mismatch", verifiedFails.Messages[1]); }
public void CanSerializeAndDeserializeThirdPartyCaveats() { // Arrange Macaroon m1 = new Macaroon(Location, Secret, Identifier); m1.AddFirstPartyCaveat("account = 3735928559"); string caveat_key = "4; guaranteed random by a fair toss of the dice"; string identifier = "this was how we remind auth of key/pred"; m1.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier); // Act string s = m1.Serialize(); Macaroon m2 = Macaroon.Deserialize(s); // Assert Assert.AreEqual(m1.Location, m2.Location); Assert.AreEqual(m1.Identifier, m2.Identifier); Assert.AreEqual(m1.Signature, m2.Signature); Assert.AreEqual(m1.Caveats.Count, m2.Caveats.Count); Assert.AreEqual(m1.Caveats[0].Cl, m2.Caveats[0].Cl); Assert.AreEqual(m1.Caveats[0].CId, m2.Caveats[0].CId); Assert.AreEqual(m1.Caveats[0].VId, m2.Caveats[0].VId); Assert.AreEqual(m1.Caveats[1].Cl, m2.Caveats[1].Cl); Assert.AreEqual(m1.Caveats[1].CId, m2.Caveats[1].CId); Assert.AreEqual(m1.Caveats[1].VId, m2.Caveats[1].VId); }
public void WhenDeserializingBadPacketItThrowsInvalidDataException() { // Arrange // - This data would make the deserializer run around in circles in earlier versions. string s = "MDAyNWxvY2F0aW9uIGNTZWFyY2g6ZG9jdW1lbnQ6MTQ5MzY0CjAwMjJpZGVudGlmaWVyIGRvY3VtZW50SWQ6IDE0OTM2NAowMDFiY2lkIGRvY3VtZW50SWQ6IDE0OTM2NAowMDIzY2lkIHRpbWUgPCAyMDE2LTAxLTA0VDEyOjQzOjU2CjAwMmZzaWduyXR1cmUgQbpcMXKEUSc4AE1xANE2V4b1BbKAGSbrEO2oAOqZYhkK"; Assert.Throws <InvalidDataException>(() => Macaroon.Deserialize(s)); }
public void CanDeserializeEmptyMacaroon() { // Arrange (this is a Macaroon from the tutorial (https://github.com/rescrv/libmacaroons) containing an invalid signature - but that should not be checked here) string serialized = "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAyZnNpZ25hdHVyZSDj2eApCFJsTAA5rhURQRXZf91ovyujebNCqvD2F9BVLwo"; // Act Macaroon m = Macaroon.Deserialize(serialized); // Assert Assert.AreEqual(Location, m.Location.ToString()); Assert.AreEqual(Identifier, m.Identifier.ToString()); Assert.AreEqual(0, m.Caveats.Count); Assert.IsTrue(m.Verify(new Verifier(), Secret).Success); }
public void CanDeserializeMultipleFirstPartyCaveats() { // Arrange string serialized = "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAxZGNpZCBhY2NvdW50ID0gMzczNTkyODU1OQowMDIwY2lkIHRpbWUgPCAyMDE1LTAxLTAxVDAwOjAwCjAwMjJjaWQgZW1haWwgPSBhbGljZUBleGFtcGxlLm9yZwowMDJmc2lnbmF0dXJlID8f19FL+bkC9p/aoMmIecC7GxdOcLVyUnrv6lJMM7NSCg=="; // Act Macaroon m = Macaroon.Deserialize(serialized); // Assert Assert.AreEqual(Location, m.Location.ToString()); Assert.AreEqual(Identifier, m.Identifier.ToString()); Assert.AreEqual(3, m.Caveats.Count); Assert.AreEqual("account = 3735928559", m.Caveats[0].CId.ToString()); Assert.AreEqual("time < 2015-01-01T00:00", m.Caveats[1].CId.ToString()); Assert.AreEqual("email = [email protected]", m.Caveats[2].CId.ToString()); }
static void Main(string[] args) { Macaroon.Crypto = new SecretBoxCryptoAlgorithm(false); string secret = "this is our super secret key; only we should know it"; string pubid = "we used our secret key"; string location = "http://mybank/"; Macaroon m = new Macaroon(location, secret, pubid); Console.WriteLine(m.Identifier); Console.WriteLine(m.Location); Console.WriteLine(m.Signature); Console.WriteLine(m.Serialize()); Console.WriteLine(m.Inspect()); m.AddFirstPartyCaveat("account = 3735928559"); Console.WriteLine(m.Inspect()); m.AddFirstPartyCaveat("time < 2015-01-01T00:00"); Console.WriteLine(m.Signature); m.AddFirstPartyCaveat("email = [email protected]"); Console.WriteLine(m.Signature); Console.WriteLine(m.Inspect()); string msg = m.Serialize(); // Send to bank // Receive again m = Macaroon.Deserialize(msg); Console.WriteLine(m.Inspect()); Verifier v = new Verifier(); var result = v.Verify(m, secret); Console.WriteLine("Success: {0}", result.Success); v.SatisfyExact("account = 3735928559"); v.SatisfyExact("email = [email protected]"); v.SatisfyExact("IP = 127.0.0.1"); v.SatisfyExact("browser = Chrome"); v.SatisfyExact("action = deposit"); Console.WriteLine(CheckTime(new Packet("time < 2015-01-01T00:00"))); Console.WriteLine(CheckTime(new Packet("time < 2014-01-01T00:00"))); Console.WriteLine(CheckTime(new Packet("account = 3735928559"))); v.SatisfyGeneral(CheckTime); result = v.Verify(m, secret); Console.WriteLine("Success: {0}", result.Success); Macaroon n = new Macaroon(m).AddFirstPartyCaveat("action = deposit"); result = v.Verify(n, secret); Console.WriteLine("Success: {0}", result.Success); n = new Macaroon(m).AddFirstPartyCaveat("OS = Windows XP"); result = v.Verify(n, secret); Console.WriteLine("Success: {0}", result.Success); n = new Macaroon(m).AddFirstPartyCaveat("time < 2014-01-01T00:00"); result = v.Verify(n, secret); Console.WriteLine("Success: {0}", result.Success); result = v.Verify(m, "this is not the secret we were looking for"); Console.WriteLine("Success: {0}", result.Success); n = Macaroon.Deserialize("MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAxZGNpZCBhY2NvdW50ID0gMzczNTkyODU1OQowMDIwY2lkIHRpbWUgPCAyMDE1LTAxLTAxVDAwOjAwCjAwMjJjaWQgZW1haWwgPSBhbGljZUBleGFtcGxlLm9yZwowMDJmc2lnbmF0dXJlID8f19FL+bkC9p/aoMmIecC7GxdOcLVyUnrv6lJMM7NSCg=="); Console.WriteLine(n.Inspect()); Console.WriteLine("n.Signature == m.Signature: {0}", m.Signature == n.Signature); result = v.Verify(n, secret); Console.WriteLine("Success: {0}", result.Success); string location2 = "http://mybank/"; string secret2 = "this is a different super-secret key; never use the same secret twice"; string pubid2 = "we used our other secret key"; m = new Macaroon(location2, secret2, pubid2); m.AddFirstPartyCaveat("account = 3735928559"); Console.WriteLine(m.Inspect()); string caveat_key = "4; guaranteed random by a fair toss of the dice"; // string predicate = "user = Alice"; // send_to_auth(caveat_key, predicate) // identifier = recv_from_auth() string identifier = "this was how we remind auth of key/pred"; m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier); Console.WriteLine(m.Inspect()); var caveats = m.ThirdPartyCaveats; Macaroon d = new Macaroon("http://auth.mybank/", caveat_key, identifier); d.AddFirstPartyCaveat("time < 2015-01-01T00:00"); Console.WriteLine(d.Inspect()); Macaroon dp = m.PrepareForRequest(d); Console.WriteLine(d.Signature); Console.WriteLine(dp.Signature); result = v.Verify(m, secret2, new List <Macaroon> { dp }); Console.WriteLine("Success: {0}", result.Success); result = v.Verify(m, secret2, new List <Macaroon> { d }); Console.WriteLine("Success: {0}", result.Success); Console.WriteLine(Macaroon.MACAROON_SUGGESTED_SECRET_LENGTH); byte[] randomSecret = new byte[Macaroon.MACAROON_SUGGESTED_SECRET_LENGTH]; using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider()) rng.GetBytes(randomSecret); Packet key = new Packet(randomSecret, DataEncoding.Hex); Console.WriteLine(key); m = new Macaroon(new Packet(location), key, new Packet(pubid)); Console.WriteLine(m.Inspect()); }