protected VerificationResult VerifyInner3rd(Macaroon TM, Caveat c, Verifier v, List <Macaroon> ms, Packet csig,
Stack <Macaroon> treePath)
{
var discharge = ms.FirstOrDefault(m => m.Identifier == c.CId);
if (discharge is null)
{
return(new VerificationResult(String.Format($"No discharge macaroon found for caveat '{c}'")));
}
if (treePath.Contains(discharge))
{
return(new VerificationResult($"A circular discharge macaroon reference was found for caveat {c}"));
}
try
{
byte[] keyData = Crypto.Decrypt(csig.Data, c.VId.Data);
Packet key = new Packet(keyData, DataEncoding.Hex);
treePath.Push(discharge);
var result = discharge.VerifyInner(TM, v, key, ms, treePath);
treePath.Pop();
return(result);
}
catch (CryptographicException ex)
{
return(new VerificationResult(ex.Message));
}
}
/// <summary>
/// Initialize caveat with the values from another caveat.
/// </summary>
/// <param name="src"></param>
public Caveat(Caveat src)
{
CId = new Packet(src.CId);
if (src.VId != null)
{
VId = new Packet(src.VId);
}
if (src.Cl != null)
{
Cl = new Packet(src.Cl);
}
}
protected VerificationResult VerifyInner3rd(Macaroon TM, Caveat c, Verifier v, List <Macaroon> ms, Packet csig, Stack <Macaroon> treePath)
{
// Find discharge macaroon
Macaroon discharge = ms.Where(m => m.Identifier == c.CId).FirstOrDefault();
// No discharge found? Thats an error.
if (discharge == null)
{
return(new VerificationResult(string.Format("No discharge macaroon found for caveat '{0}'", c)));
}
// Have we used this before? That would mean a circular reference was found
if (treePath.Contains(discharge))
{
return(new VerificationResult(string.Format("A circular discharge macaroon reference was found for caveat '{0}'", c)));
}
try
{
// Decrypt root key for discharge macaroon
byte[] keyData = Crypto.Decrypt(csig.Data, c.VId.Data);
Packet key = new Packet(keyData, DataEncoding.Hex);
// Keep track of visited discharge macaroons
treePath.Push(discharge);
// Use the root key to verify discharge macaroon recursively
VerificationResult result = discharge.VerifyInner(TM, v, key, ms, treePath);
treePath.Pop();
return(result);
}
catch (CryptographicException ex)
{
return(new VerificationResult(ex.Message));
}
}
protected bool VerifyInner1st(Caveat c, Verifier v, out string reason)
{
return(v.IsValidFirstPartyCaveat(c.CId, out reason));
}
/// <summary>
/// Deserialize macaroon from a stream.
/// </summary>
/// <param name="s">Input stream.</param>
/// <param name="options">Serialization options.</param>
/// <returns>Deserialized macaroon.</returns>
public static Macaroon Deserialize(Stream s, SerializationOptions options = null)
{
if (options == null)
{
options = SerializationOptions.Default;
}
using (PacketReader r = new PacketReader(s, options))
{
Packet location = r.ReadLocationPacket();
Packet identifier = r.ReadIdentifierPacket();
Packet signature = null;
// Start by reading the first packet
KeyValuePair <byte[], byte[]> packet = r.ReadKVPacket();
List <Caveat> caveats = new List <Caveat>();
while (true)
{
bool handled = false;
if (Utility.ByteArrayEquals(PacketSerializerBase.CIdID, packet.Key))
{
Packet cid = new Packet(packet.Value, options.CaveatIdentifierEncoding);
Packet vid = null;
Packet cl = null;
// Done with this package, now read next one
packet = r.ReadKVPacket();
if (Utility.ByteArrayEquals(PacketSerializerBase.VIdID, packet.Key))
{
vid = new Packet(packet.Value, DataEncoding.Base64UrlSafe);
// Done with this package, now read next one
packet = r.ReadKVPacket();
}
if (Utility.ByteArrayEquals(PacketSerializerBase.ClID, packet.Key))
{
cl = new Packet(packet.Value, DataEncoding.UTF8);
// Done with this package, now read next one
packet = r.ReadKVPacket();
}
Caveat c = new Caveat(cid, vid, cl);
caveats.Add(c);
handled = true;
}
if (Utility.ByteArrayEquals(PacketSerializerBase.SignatureID, packet.Key))
{
signature = new Packet(packet.Value, DataEncoding.Hex);
// Done with this package - don't read more packages since signature should be the last one
break;
}
if (!handled)
{
throw new InvalidDataException("Unexpected data in input (did not find Cid or signature).");
}
}
if (signature == null)
{
throw new InvalidDataException("Missing signature packet");
}
return(new Macaroon()
{
Location = location,
Identifier = identifier,
Signature = signature,
CaveatsList = caveats
});
}
}