static void TestSerialization()
{
Macaroon m = new Macaroon(LocationBytes, SecretBytes, IdentifierBytes);
m.AddFirstPartyCaveat("account = 3735928559");
string caveat_key = "4; guaranteed random by a fair toss of the dice";
string identifier = "this was how we remind auth of key/pred";
m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier);
Stopwatch w1 = new Stopwatch();
w1.Start();
for (int i = 0; i < 10000; ++i)
{
string s = m.Serialize();
Macaroon n = Macaroon.Deserialize(s);
}
w1.Stop();
Console.WriteLine("Total: " + w1.Elapsed);
}
public void VerificationFailsWithInvalidSignature()
{
// Arrange
Macaroon mValid = new Macaroon(Location, Secret, Identifier);
mValid.AddFirstPartyCaveat("account = 3735928559");
mValid.AddFirstPartyCaveat("time < 2115-01-01T00:00");
mValid.AddFirstPartyCaveat("email = [email protected]");
// This is a Macaroon from the tutorial (https://github.com/rescrv/libmacaroons) containing an invalid signature
string serialized = "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAxZGNpZCBhY2NvdW50ID0gMzczNTkyODU1OQowMDIwY2lkIHRpbWUgPCAyMDE1LTAxLTAxVDAwOjAwCjAwMjJjaWQgZW1haWwgPSBhbGljZUBleGFtcGxlLm9yZwowMDJmc2lnbmF0dXJlID8f19FL+bkC9p/aoMmIecC7GxdOcLVyUnrv6lJMM7NSCg==";
Macaroon mInvalid = Macaroon.Deserialize(serialized);
Verifier v = new Verifier();
v.SatisfyExact("account = 3735928559");
v.SatisfyExact("time < 2115-01-01T00:00");
v.SatisfyExact("email = [email protected]");
// Act
VerificationResult verifiedOk = mValid.Verify(v, Secret);
VerificationResult verifiedFails = mInvalid.Verify(v, Secret);
// Assert
Assert.AreEqual(mValid.Location, mInvalid.Location);
Assert.AreEqual(mValid.Identifier, mInvalid.Identifier);
Assert.AreEqual(mValid.Caveats.Count, mInvalid.Caveats.Count);
Assert.AreNotEqual(mValid.Signature, mInvalid.Signature);
Assert.IsTrue(verifiedOk.Success);
Assert.IsFalse(verifiedFails.Success);
Assert.AreEqual(2, verifiedFails.Messages.Count);
StringAssert.Contains("Caveat 'time < 2015-01-01T00:00' failed", verifiedFails.Messages[0]);
StringAssert.Contains("Signature mismatch", verifiedFails.Messages[1]);
}
public void CanSerializeAndDeserializeThirdPartyCaveats()
{
// Arrange
Macaroon m1 = new Macaroon(Location, Secret, Identifier);
m1.AddFirstPartyCaveat("account = 3735928559");
string caveat_key = "4; guaranteed random by a fair toss of the dice";
string identifier = "this was how we remind auth of key/pred";
m1.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier);
// Act
string s = m1.Serialize();
Macaroon m2 = Macaroon.Deserialize(s);
// Assert
Assert.AreEqual(m1.Location, m2.Location);
Assert.AreEqual(m1.Identifier, m2.Identifier);
Assert.AreEqual(m1.Signature, m2.Signature);
Assert.AreEqual(m1.Caveats.Count, m2.Caveats.Count);
Assert.AreEqual(m1.Caveats[0].Cl, m2.Caveats[0].Cl);
Assert.AreEqual(m1.Caveats[0].CId, m2.Caveats[0].CId);
Assert.AreEqual(m1.Caveats[0].VId, m2.Caveats[0].VId);
Assert.AreEqual(m1.Caveats[1].Cl, m2.Caveats[1].Cl);
Assert.AreEqual(m1.Caveats[1].CId, m2.Caveats[1].CId);
Assert.AreEqual(m1.Caveats[1].VId, m2.Caveats[1].VId);
}
public void WhenDeserializingBadPacketItThrowsInvalidDataException()
{
// Arrange
// - This data would make the deserializer run around in circles in earlier versions.
string s =
"MDAyNWxvY2F0aW9uIGNTZWFyY2g6ZG9jdW1lbnQ6MTQ5MzY0CjAwMjJpZGVudGlmaWVyIGRvY3VtZW50SWQ6IDE0OTM2NAowMDFiY2lkIGRvY3VtZW50SWQ6IDE0OTM2NAowMDIzY2lkIHRpbWUgPCAyMDE2LTAxLTA0VDEyOjQzOjU2CjAwMmZzaWduyXR1cmUgQbpcMXKEUSc4AE1xANE2V4b1BbKAGSbrEO2oAOqZYhkK";
Assert.Throws <InvalidDataException>(() => Macaroon.Deserialize(s));
}
public void CanDeserializeEmptyMacaroon()
{
// Arrange (this is a Macaroon from the tutorial (https://github.com/rescrv/libmacaroons) containing an invalid signature - but that should not be checked here)
string serialized = "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAyZnNpZ25hdHVyZSDj2eApCFJsTAA5rhURQRXZf91ovyujebNCqvD2F9BVLwo";
// Act
Macaroon m = Macaroon.Deserialize(serialized);
// Assert
Assert.AreEqual(Location, m.Location.ToString());
Assert.AreEqual(Identifier, m.Identifier.ToString());
Assert.AreEqual(0, m.Caveats.Count);
Assert.IsTrue(m.Verify(new Verifier(), Secret).Success);
}
public void CanDeserializeMultipleFirstPartyCaveats()
{
// Arrange
string serialized = "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAxZGNpZCBhY2NvdW50ID0gMzczNTkyODU1OQowMDIwY2lkIHRpbWUgPCAyMDE1LTAxLTAxVDAwOjAwCjAwMjJjaWQgZW1haWwgPSBhbGljZUBleGFtcGxlLm9yZwowMDJmc2lnbmF0dXJlID8f19FL+bkC9p/aoMmIecC7GxdOcLVyUnrv6lJMM7NSCg==";
// Act
Macaroon m = Macaroon.Deserialize(serialized);
// Assert
Assert.AreEqual(Location, m.Location.ToString());
Assert.AreEqual(Identifier, m.Identifier.ToString());
Assert.AreEqual(3, m.Caveats.Count);
Assert.AreEqual("account = 3735928559", m.Caveats[0].CId.ToString());
Assert.AreEqual("time < 2015-01-01T00:00", m.Caveats[1].CId.ToString());
Assert.AreEqual("email = [email protected]", m.Caveats[2].CId.ToString());
}
static void Main(string[] args)
{
Macaroon.Crypto = new SecretBoxCryptoAlgorithm(false);
string secret = "this is our super secret key; only we should know it";
string pubid = "we used our secret key";
string location = "http://mybank/";
Macaroon m = new Macaroon(location, secret, pubid);
Console.WriteLine(m.Identifier);
Console.WriteLine(m.Location);
Console.WriteLine(m.Signature);
Console.WriteLine(m.Serialize());
Console.WriteLine(m.Inspect());
m.AddFirstPartyCaveat("account = 3735928559");
Console.WriteLine(m.Inspect());
m.AddFirstPartyCaveat("time < 2015-01-01T00:00");
Console.WriteLine(m.Signature);
m.AddFirstPartyCaveat("email = [email protected]");
Console.WriteLine(m.Signature);
Console.WriteLine(m.Inspect());
string msg = m.Serialize();
// Send to bank
// Receive again
m = Macaroon.Deserialize(msg);
Console.WriteLine(m.Inspect());
Verifier v = new Verifier();
var result = v.Verify(m, secret);
Console.WriteLine("Success: {0}", result.Success);
v.SatisfyExact("account = 3735928559");
v.SatisfyExact("email = [email protected]");
v.SatisfyExact("IP = 127.0.0.1");
v.SatisfyExact("browser = Chrome");
v.SatisfyExact("action = deposit");
Console.WriteLine(CheckTime(new Packet("time < 2015-01-01T00:00")));
Console.WriteLine(CheckTime(new Packet("time < 2014-01-01T00:00")));
Console.WriteLine(CheckTime(new Packet("account = 3735928559")));
v.SatisfyGeneral(CheckTime);
result = v.Verify(m, secret);
Console.WriteLine("Success: {0}", result.Success);
Macaroon n = new Macaroon(m).AddFirstPartyCaveat("action = deposit");
result = v.Verify(n, secret);
Console.WriteLine("Success: {0}", result.Success);
n = new Macaroon(m).AddFirstPartyCaveat("OS = Windows XP");
result = v.Verify(n, secret);
Console.WriteLine("Success: {0}", result.Success);
n = new Macaroon(m).AddFirstPartyCaveat("time < 2014-01-01T00:00");
result = v.Verify(n, secret);
Console.WriteLine("Success: {0}", result.Success);
result = v.Verify(m, "this is not the secret we were looking for");
Console.WriteLine("Success: {0}", result.Success);
n = Macaroon.Deserialize("MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAxZGNpZCBhY2NvdW50ID0gMzczNTkyODU1OQowMDIwY2lkIHRpbWUgPCAyMDE1LTAxLTAxVDAwOjAwCjAwMjJjaWQgZW1haWwgPSBhbGljZUBleGFtcGxlLm9yZwowMDJmc2lnbmF0dXJlID8f19FL+bkC9p/aoMmIecC7GxdOcLVyUnrv6lJMM7NSCg==");
Console.WriteLine(n.Inspect());
Console.WriteLine("n.Signature == m.Signature: {0}", m.Signature == n.Signature);
result = v.Verify(n, secret);
Console.WriteLine("Success: {0}", result.Success);
string location2 = "http://mybank/";
string secret2 = "this is a different super-secret key; never use the same secret twice";
string pubid2 = "we used our other secret key";
m = new Macaroon(location2, secret2, pubid2);
m.AddFirstPartyCaveat("account = 3735928559");
Console.WriteLine(m.Inspect());
string caveat_key = "4; guaranteed random by a fair toss of the dice";
// string predicate = "user = Alice";
// send_to_auth(caveat_key, predicate)
// identifier = recv_from_auth()
string identifier = "this was how we remind auth of key/pred";
m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier);
Console.WriteLine(m.Inspect());
var caveats = m.ThirdPartyCaveats;
Macaroon d = new Macaroon("http://auth.mybank/", caveat_key, identifier);
d.AddFirstPartyCaveat("time < 2015-01-01T00:00");
Console.WriteLine(d.Inspect());
Macaroon dp = m.PrepareForRequest(d);
Console.WriteLine(d.Signature);
Console.WriteLine(dp.Signature);
result = v.Verify(m, secret2, new List <Macaroon> {
dp
});
Console.WriteLine("Success: {0}", result.Success);
result = v.Verify(m, secret2, new List <Macaroon> {
d
});
Console.WriteLine("Success: {0}", result.Success);
Console.WriteLine(Macaroon.MACAROON_SUGGESTED_SECRET_LENGTH);
byte[] randomSecret = new byte[Macaroon.MACAROON_SUGGESTED_SECRET_LENGTH];
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
rng.GetBytes(randomSecret);
Packet key = new Packet(randomSecret, DataEncoding.Hex);
Console.WriteLine(key);
m = new Macaroon(new Packet(location), key, new Packet(pubid));
Console.WriteLine(m.Inspect());
}