public void CanAddMultipleFirstPartyCaveats()
{
// Arrange
Macaroon m = new Macaroon(Location, Secret, Identifier);
// Act
m.AddFirstPartyCaveat("account = 3735928559");
m.AddFirstPartyCaveat("time < 2015-01-01T00:00");
m.AddFirstPartyCaveat("email = [email protected]");
// Assert
Assert.AreEqual(3, m.Caveats.Count);
Assert.AreEqual("CId = account = 3735928559", m.Caveats[0].Inspect());
Assert.AreEqual("CId = time < 2015-01-01T00:00", m.Caveats[1].Inspect());
Assert.AreEqual("CId = email = [email protected]", m.Caveats[2].Inspect());
Assert.AreEqual("882E6D59496ED5245EDB7AB5B8839ECD63E5D504E54839804F164070D8EED952", m.Signature.ToString());
string expectedStringRepresentation = @"Location = http://mybank/
Identifier = we used our secret key
CId = account = 3735928559
CId = time < 2015-01-01T00:00
CId = email = [email protected]
Signature = 882E6D59496ED5245EDB7AB5B8839ECD63E5D504E54839804F164070D8EED952
";
Assert.AreEqual(expectedStringRepresentation, m.Inspect());
}
public void CanAddThirdPartyCaveat()
{
// Arrange
Macaroon m = new Macaroon(Location2, Secret2, Identifier2);
m.AddFirstPartyCaveat("account = 3735928559");
// - just checking (this should although be covered in other tests) ...
Assert.AreEqual("1434E674AD84FDFDC9BC1AA00785325C8B6D57341FC7CE200BA4680C80786DDA", m.Signature.ToString());
// Act
string caveat_key = "4; guaranteed random by a fair toss of the dice";
// string predicate = "user = Alice";
// # send_to_auth(caveat_key, predicate)
// # identifier = recv_from_auth()
string identifier = "this was how we remind auth of key/pred";
m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier);
// Assert
Assert.AreEqual("D27DB2FD1F22760E4C3DAE8137E2D8FC1DF6C0741C18AED4B97256BF78D1F55C", m.Signature.ToString());
string expectedStringRepresentation = string.Join(Environment.NewLine, new[] {
"Location = http://mybank/",
"Identifier = we used our other secret key",
"CId = account = 3735928559",
"CId = this was how we remind auth of key/pred",
" VId = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA027FAuBYhtHwJ58FX6UlVNFtFsGxQHS7uD_w_dedwv4Jjw7UorCREw5rXbRqIKhr",
" Cl = http://auth.mybank/",
"Signature = D27DB2FD1F22760E4C3DAE8137E2D8FC1DF6C0741C18AED4B97256BF78D1F55C",
""
});
Assert.AreEqual(expectedStringRepresentation, m.Inspect());
List <Caveat> thirdPartyCaveats = m.ThirdPartyCaveats.ToList();
Assert.AreEqual(1, thirdPartyCaveats.Count);
Assert.AreEqual("http://auth.mybank/", thirdPartyCaveats[0].Cl.ToString());
Assert.AreEqual("this was how we remind auth of key/pred", thirdPartyCaveats[0].CId.ToString());
}
public void CanAddThirdPartyCaveat()
{
// Arrange
Macaroon m = new Macaroon(Location2, Secret2, Identifier2);
m.AddFirstPartyCaveat("account = 3735928559");
// - just checking (this should although be covered in other Tests) ...
Assert.Equal("1434E674AD84FDFDC9BC1AA00785325C8B6D57341FC7CE200BA4680C80786DDA", m.Signature.ToString().ToUpperInvariant());
// Act
string caveat_key = "4; guaranteed random by a fair toss of the dice";
// string predicate = "user = Alice";
// # send_to_auth(caveat_key, predicate)
// # identifier = recv_from_auth()
string identifier = "this was how we remind auth of key/pred";
m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier);
// Assert
Assert.Equal("D27DB2FD1F22760E4C3DAE8137E2D8FC1DF6C0741C18AED4B97256BF78D1F55C", m.Signature.ToString().ToUpperInvariant());
string expectedStringRepresentation = @"Location = http://mybank/
Identifier = we used our other secret key
CId = account = 3735928559
CId = this was how we remind auth of key/pred
VId = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA027FAuBYhtHwJ58FX6UlVNFtFsGxQHS7uD_w_dedwv4Jjw7UorCREw5rXbRqIKhr
Cl = http://auth.mybank/
Signature = d27db2fd1f22760e4c3dae8137e2d8fc1df6c0741c18aed4b97256bf78d1f55c
";
Assert.Equal(expectedStringRepresentation, m.Inspect());
List <Caveat> thirdPartyCaveats = m.ThirdPartyCaveats.ToList();
Assert.Single(thirdPartyCaveats);
Assert.Equal("http://auth.mybank/", thirdPartyCaveats[0].Cl.ToString());
Assert.Equal("this was how we remind auth of key/pred", thirdPartyCaveats[0].CId.ToString());
}
static void Main(string[] args)
{
Macaroon.Crypto = new SecretBoxCryptoAlgorithm(false);
string secret = "this is our super secret key; only we should know it";
string pubid = "we used our secret key";
string location = "http://mybank/";
Macaroon m = new Macaroon(location, secret, pubid);
Console.WriteLine(m.Identifier);
Console.WriteLine(m.Location);
Console.WriteLine(m.Signature);
Console.WriteLine(m.Serialize());
Console.WriteLine(m.Inspect());
m.AddFirstPartyCaveat("account = 3735928559");
Console.WriteLine(m.Inspect());
m.AddFirstPartyCaveat("time < 2015-01-01T00:00");
Console.WriteLine(m.Signature);
m.AddFirstPartyCaveat("email = [email protected]");
Console.WriteLine(m.Signature);
Console.WriteLine(m.Inspect());
string msg = m.Serialize();
// Send to bank
// Receive again
m = Macaroon.Deserialize(msg);
Console.WriteLine(m.Inspect());
Verifier v = new Verifier();
var result = v.Verify(m, secret);
Console.WriteLine("Success: {0}", result.Success);
v.SatisfyExact("account = 3735928559");
v.SatisfyExact("email = [email protected]");
v.SatisfyExact("IP = 127.0.0.1");
v.SatisfyExact("browser = Chrome");
v.SatisfyExact("action = deposit");
Console.WriteLine(CheckTime(new Packet("time < 2015-01-01T00:00")));
Console.WriteLine(CheckTime(new Packet("time < 2014-01-01T00:00")));
Console.WriteLine(CheckTime(new Packet("account = 3735928559")));
v.SatisfyGeneral(CheckTime);
result = v.Verify(m, secret);
Console.WriteLine("Success: {0}", result.Success);
Macaroon n = new Macaroon(m).AddFirstPartyCaveat("action = deposit");
result = v.Verify(n, secret);
Console.WriteLine("Success: {0}", result.Success);
n = new Macaroon(m).AddFirstPartyCaveat("OS = Windows XP");
result = v.Verify(n, secret);
Console.WriteLine("Success: {0}", result.Success);
n = new Macaroon(m).AddFirstPartyCaveat("time < 2014-01-01T00:00");
result = v.Verify(n, secret);
Console.WriteLine("Success: {0}", result.Success);
result = v.Verify(m, "this is not the secret we were looking for");
Console.WriteLine("Success: {0}", result.Success);
n = Macaroon.Deserialize("MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAxZGNpZCBhY2NvdW50ID0gMzczNTkyODU1OQowMDIwY2lkIHRpbWUgPCAyMDE1LTAxLTAxVDAwOjAwCjAwMjJjaWQgZW1haWwgPSBhbGljZUBleGFtcGxlLm9yZwowMDJmc2lnbmF0dXJlID8f19FL+bkC9p/aoMmIecC7GxdOcLVyUnrv6lJMM7NSCg==");
Console.WriteLine(n.Inspect());
Console.WriteLine("n.Signature == m.Signature: {0}", m.Signature == n.Signature);
result = v.Verify(n, secret);
Console.WriteLine("Success: {0}", result.Success);
string location2 = "http://mybank/";
string secret2 = "this is a different super-secret key; never use the same secret twice";
string pubid2 = "we used our other secret key";
m = new Macaroon(location2, secret2, pubid2);
m.AddFirstPartyCaveat("account = 3735928559");
Console.WriteLine(m.Inspect());
string caveat_key = "4; guaranteed random by a fair toss of the dice";
// string predicate = "user = Alice";
// send_to_auth(caveat_key, predicate)
// identifier = recv_from_auth()
string identifier = "this was how we remind auth of key/pred";
m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier);
Console.WriteLine(m.Inspect());
var caveats = m.ThirdPartyCaveats;
Macaroon d = new Macaroon("http://auth.mybank/", caveat_key, identifier);
d.AddFirstPartyCaveat("time < 2015-01-01T00:00");
Console.WriteLine(d.Inspect());
Macaroon dp = m.PrepareForRequest(d);
Console.WriteLine(d.Signature);
Console.WriteLine(dp.Signature);
result = v.Verify(m, secret2, new List <Macaroon> {
dp
});
Console.WriteLine("Success: {0}", result.Success);
result = v.Verify(m, secret2, new List <Macaroon> {
d
});
Console.WriteLine("Success: {0}", result.Success);
Console.WriteLine(Macaroon.MACAROON_SUGGESTED_SECRET_LENGTH);
byte[] randomSecret = new byte[Macaroon.MACAROON_SUGGESTED_SECRET_LENGTH];
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
rng.GetBytes(randomSecret);
Packet key = new Packet(randomSecret, DataEncoding.Hex);
Console.WriteLine(key);
m = new Macaroon(new Packet(location), key, new Packet(pubid));
Console.WriteLine(m.Inspect());
}