public void CanAddMultipleFirstPartyCaveats() { // Arrange Macaroon m = new Macaroon(Location, Secret, Identifier); // Act m.AddFirstPartyCaveat("account = 3735928559"); m.AddFirstPartyCaveat("time < 2015-01-01T00:00"); m.AddFirstPartyCaveat("email = [email protected]"); // Assert Assert.AreEqual(3, m.Caveats.Count); Assert.AreEqual("CId = account = 3735928559", m.Caveats[0].Inspect()); Assert.AreEqual("CId = time < 2015-01-01T00:00", m.Caveats[1].Inspect()); Assert.AreEqual("CId = email = [email protected]", m.Caveats[2].Inspect()); Assert.AreEqual("882E6D59496ED5245EDB7AB5B8839ECD63E5D504E54839804F164070D8EED952", m.Signature.ToString()); string expectedStringRepresentation = @"Location = http://mybank/ Identifier = we used our secret key CId = account = 3735928559 CId = time < 2015-01-01T00:00 CId = email = [email protected] Signature = 882E6D59496ED5245EDB7AB5B8839ECD63E5D504E54839804F164070D8EED952 "; Assert.AreEqual(expectedStringRepresentation, m.Inspect()); }
public void CanAddThirdPartyCaveat() { // Arrange Macaroon m = new Macaroon(Location2, Secret2, Identifier2); m.AddFirstPartyCaveat("account = 3735928559"); // - just checking (this should although be covered in other tests) ... Assert.AreEqual("1434E674AD84FDFDC9BC1AA00785325C8B6D57341FC7CE200BA4680C80786DDA", m.Signature.ToString()); // Act string caveat_key = "4; guaranteed random by a fair toss of the dice"; // string predicate = "user = Alice"; // # send_to_auth(caveat_key, predicate) // # identifier = recv_from_auth() string identifier = "this was how we remind auth of key/pred"; m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier); // Assert Assert.AreEqual("D27DB2FD1F22760E4C3DAE8137E2D8FC1DF6C0741C18AED4B97256BF78D1F55C", m.Signature.ToString()); string expectedStringRepresentation = string.Join(Environment.NewLine, new[] { "Location = http://mybank/", "Identifier = we used our other secret key", "CId = account = 3735928559", "CId = this was how we remind auth of key/pred", " VId = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA027FAuBYhtHwJ58FX6UlVNFtFsGxQHS7uD_w_dedwv4Jjw7UorCREw5rXbRqIKhr", " Cl = http://auth.mybank/", "Signature = D27DB2FD1F22760E4C3DAE8137E2D8FC1DF6C0741C18AED4B97256BF78D1F55C", "" }); Assert.AreEqual(expectedStringRepresentation, m.Inspect()); List <Caveat> thirdPartyCaveats = m.ThirdPartyCaveats.ToList(); Assert.AreEqual(1, thirdPartyCaveats.Count); Assert.AreEqual("http://auth.mybank/", thirdPartyCaveats[0].Cl.ToString()); Assert.AreEqual("this was how we remind auth of key/pred", thirdPartyCaveats[0].CId.ToString()); }
public void CanAddThirdPartyCaveat() { // Arrange Macaroon m = new Macaroon(Location2, Secret2, Identifier2); m.AddFirstPartyCaveat("account = 3735928559"); // - just checking (this should although be covered in other Tests) ... Assert.Equal("1434E674AD84FDFDC9BC1AA00785325C8B6D57341FC7CE200BA4680C80786DDA", m.Signature.ToString().ToUpperInvariant()); // Act string caveat_key = "4; guaranteed random by a fair toss of the dice"; // string predicate = "user = Alice"; // # send_to_auth(caveat_key, predicate) // # identifier = recv_from_auth() string identifier = "this was how we remind auth of key/pred"; m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier); // Assert Assert.Equal("D27DB2FD1F22760E4C3DAE8137E2D8FC1DF6C0741C18AED4B97256BF78D1F55C", m.Signature.ToString().ToUpperInvariant()); string expectedStringRepresentation = @"Location = http://mybank/ Identifier = we used our other secret key CId = account = 3735928559 CId = this was how we remind auth of key/pred VId = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA027FAuBYhtHwJ58FX6UlVNFtFsGxQHS7uD_w_dedwv4Jjw7UorCREw5rXbRqIKhr Cl = http://auth.mybank/ Signature = d27db2fd1f22760e4c3dae8137e2d8fc1df6c0741c18aed4b97256bf78d1f55c "; Assert.Equal(expectedStringRepresentation, m.Inspect()); List <Caveat> thirdPartyCaveats = m.ThirdPartyCaveats.ToList(); Assert.Single(thirdPartyCaveats); Assert.Equal("http://auth.mybank/", thirdPartyCaveats[0].Cl.ToString()); Assert.Equal("this was how we remind auth of key/pred", thirdPartyCaveats[0].CId.ToString()); }
static void Main(string[] args) { Macaroon.Crypto = new SecretBoxCryptoAlgorithm(false); string secret = "this is our super secret key; only we should know it"; string pubid = "we used our secret key"; string location = "http://mybank/"; Macaroon m = new Macaroon(location, secret, pubid); Console.WriteLine(m.Identifier); Console.WriteLine(m.Location); Console.WriteLine(m.Signature); Console.WriteLine(m.Serialize()); Console.WriteLine(m.Inspect()); m.AddFirstPartyCaveat("account = 3735928559"); Console.WriteLine(m.Inspect()); m.AddFirstPartyCaveat("time < 2015-01-01T00:00"); Console.WriteLine(m.Signature); m.AddFirstPartyCaveat("email = [email protected]"); Console.WriteLine(m.Signature); Console.WriteLine(m.Inspect()); string msg = m.Serialize(); // Send to bank // Receive again m = Macaroon.Deserialize(msg); Console.WriteLine(m.Inspect()); Verifier v = new Verifier(); var result = v.Verify(m, secret); Console.WriteLine("Success: {0}", result.Success); v.SatisfyExact("account = 3735928559"); v.SatisfyExact("email = [email protected]"); v.SatisfyExact("IP = 127.0.0.1"); v.SatisfyExact("browser = Chrome"); v.SatisfyExact("action = deposit"); Console.WriteLine(CheckTime(new Packet("time < 2015-01-01T00:00"))); Console.WriteLine(CheckTime(new Packet("time < 2014-01-01T00:00"))); Console.WriteLine(CheckTime(new Packet("account = 3735928559"))); v.SatisfyGeneral(CheckTime); result = v.Verify(m, secret); Console.WriteLine("Success: {0}", result.Success); Macaroon n = new Macaroon(m).AddFirstPartyCaveat("action = deposit"); result = v.Verify(n, secret); Console.WriteLine("Success: {0}", result.Success); n = new Macaroon(m).AddFirstPartyCaveat("OS = Windows XP"); result = v.Verify(n, secret); Console.WriteLine("Success: {0}", result.Success); n = new Macaroon(m).AddFirstPartyCaveat("time < 2014-01-01T00:00"); result = v.Verify(n, secret); Console.WriteLine("Success: {0}", result.Success); result = v.Verify(m, "this is not the secret we were looking for"); Console.WriteLine("Success: {0}", result.Success); n = Macaroon.Deserialize("MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAxZGNpZCBhY2NvdW50ID0gMzczNTkyODU1OQowMDIwY2lkIHRpbWUgPCAyMDE1LTAxLTAxVDAwOjAwCjAwMjJjaWQgZW1haWwgPSBhbGljZUBleGFtcGxlLm9yZwowMDJmc2lnbmF0dXJlID8f19FL+bkC9p/aoMmIecC7GxdOcLVyUnrv6lJMM7NSCg=="); Console.WriteLine(n.Inspect()); Console.WriteLine("n.Signature == m.Signature: {0}", m.Signature == n.Signature); result = v.Verify(n, secret); Console.WriteLine("Success: {0}", result.Success); string location2 = "http://mybank/"; string secret2 = "this is a different super-secret key; never use the same secret twice"; string pubid2 = "we used our other secret key"; m = new Macaroon(location2, secret2, pubid2); m.AddFirstPartyCaveat("account = 3735928559"); Console.WriteLine(m.Inspect()); string caveat_key = "4; guaranteed random by a fair toss of the dice"; // string predicate = "user = Alice"; // send_to_auth(caveat_key, predicate) // identifier = recv_from_auth() string identifier = "this was how we remind auth of key/pred"; m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier); Console.WriteLine(m.Inspect()); var caveats = m.ThirdPartyCaveats; Macaroon d = new Macaroon("http://auth.mybank/", caveat_key, identifier); d.AddFirstPartyCaveat("time < 2015-01-01T00:00"); Console.WriteLine(d.Inspect()); Macaroon dp = m.PrepareForRequest(d); Console.WriteLine(d.Signature); Console.WriteLine(dp.Signature); result = v.Verify(m, secret2, new List <Macaroon> { dp }); Console.WriteLine("Success: {0}", result.Success); result = v.Verify(m, secret2, new List <Macaroon> { d }); Console.WriteLine("Success: {0}", result.Success); Console.WriteLine(Macaroon.MACAROON_SUGGESTED_SECRET_LENGTH); byte[] randomSecret = new byte[Macaroon.MACAROON_SUGGESTED_SECRET_LENGTH]; using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider()) rng.GetBytes(randomSecret); Packet key = new Packet(randomSecret, DataEncoding.Hex); Console.WriteLine(key); m = new Macaroon(new Packet(location), key, new Packet(pubid)); Console.WriteLine(m.Inspect()); }