Пример #1
0
        public void VerificationFailsWhenDischargeMacaroonIsMissing()
        {
            // Arrange

            // - Create primary macaroon
            Macaroon m = new Macaroon(Location, Secret, Identifier);

            m.AddFirstPartyCaveat("account = 3735928559");

            // - Add third party caveat (1)
            string caveat_key1 = "4; guaranteed random by a fair toss of the dice";
            string identifier1 = "this was how we remind auth of key/pred";

            m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key1, identifier1);

            // - Add third party caveat (2)
            string caveat_key2 = "random key 2";
            string identifier2 = "identifier 2";

            m.AddThirdPartyCaveat("http://auth.government/", caveat_key2, identifier2);

            // - Create discharge macaroon (1)
            Macaroon d1 = new Macaroon("http://auth.mybank/", caveat_key1, identifier1);

            d1.AddFirstPartyCaveat("time < 2115-01-01T00:00");
            Macaroon dp1 = m.PrepareForRequest(d1);

            // - Create discharge macaroon (2)
            Macaroon d2  = new Macaroon("http://auth.mybank/", caveat_key2, identifier2);
            Macaroon dp2 = m.PrepareForRequest(d2);

            // Create verifier with suitable predicates
            Verifier v = new Verifier();

            v.SatisfyExact("account = 3735928559");
            v.SatisfyGeneral(TimeVerifier);

            // Act
            VerificationResult result1 = m.Verify(v, Secret, new List <Macaroon> {
                dp1
            });
            VerificationResult result2 = m.Verify(v, Secret, new List <Macaroon> {
                dp2
            });

            // Assert
            Assert.IsFalse(result1.Success);
            Assert.IsFalse(result2.Success);
        }
Пример #2
0
        public void CanVerifyWithDischargeMacaroon()
        {
            // Arrange
            Macaroon m = new Macaroon(Location2, Secret2, Identifier2);

            m.AddFirstPartyCaveat("account = 3735928559");

            string caveat_key = "4; guaranteed random by a fair toss of the dice";
            string identifier = "this was how we remind auth of key/pred";

            m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier);

            Macaroon d = new Macaroon("http://auth.mybank/", caveat_key, identifier);

            d.AddFirstPartyCaveat("time < 2115-01-01T00:00");

            Macaroon dp = m.PrepareForRequest(d);

            Verifier v = new Verifier();

            v.SatisfyExact("account = 3735928559");
            v.SatisfyGeneral(TimeVerifier);

            // Act
            VerificationResult result = m.Verify(v, Secret2, new List <Macaroon> {
                dp
            });

            // Assert
            Assert.True(result.Success);
        }
Пример #3
0
        public void CanVerifyFirstPartyGeneralCaveat()
        {
            // Arrange
            Macaroon mSuccess = new Macaroon(Location, Secret, Identifier);

            mSuccess.AddFirstPartyCaveat("time < 2115-01-01T00:00");

            Macaroon mFailure = new Macaroon(Location, Secret, Identifier);

            mFailure.AddFirstPartyCaveat("time < 2000-01-01T00:00");

            Verifier v = new Verifier();

            v.SatisfyGeneral(TimeVerifier);

            // Act
            VerificationResult verified1 = mSuccess.Verify(v, Secret);
            VerificationResult verified2 = mFailure.Verify(v, Secret);

            // Assert
            Assert.IsTrue(verified1.Success);
            Assert.IsFalse(verified2.Success);
            Assert.AreEqual(1, verified2.Messages.Count);
            StringAssert.Contains("Caveat", verified2.Messages[0]);
            StringAssert.Contains("time < 2000-01-01T00:00", verified2.Messages[0]);
            StringAssert.Contains("failed", verified2.Messages[0]);
        }
Пример #4
0
        public void VerificationFailsWithInvalidSignature()
        {
            // Arrange
            Macaroon mValid = new Macaroon(Location, Secret, Identifier);

            mValid.AddFirstPartyCaveat("account = 3735928559");
            mValid.AddFirstPartyCaveat("time < 2115-01-01T00:00");
            mValid.AddFirstPartyCaveat("email = [email protected]");

            // This is a Macaroon from the tutorial (https://github.com/rescrv/libmacaroons) containing an invalid signature
            string   serialized = "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAxZGNpZCBhY2NvdW50ID0gMzczNTkyODU1OQowMDIwY2lkIHRpbWUgPCAyMDE1LTAxLTAxVDAwOjAwCjAwMjJjaWQgZW1haWwgPSBhbGljZUBleGFtcGxlLm9yZwowMDJmc2lnbmF0dXJlID8f19FL+bkC9p/aoMmIecC7GxdOcLVyUnrv6lJMM7NSCg==";
            Macaroon mInvalid   = Macaroon.Deserialize(serialized);

            Verifier v = new Verifier();

            v.SatisfyExact("account = 3735928559");
            v.SatisfyExact("time < 2115-01-01T00:00");
            v.SatisfyExact("email = [email protected]");

            // Act
            VerificationResult verifiedOk    = mValid.Verify(v, Secret);
            VerificationResult verifiedFails = mInvalid.Verify(v, Secret);

            // Assert
            Assert.AreEqual(mValid.Location, mInvalid.Location);
            Assert.AreEqual(mValid.Identifier, mInvalid.Identifier);
            Assert.AreEqual(mValid.Caveats.Count, mInvalid.Caveats.Count);
            Assert.AreNotEqual(mValid.Signature, mInvalid.Signature);
            Assert.IsTrue(verifiedOk.Success);
            Assert.IsFalse(verifiedFails.Success);
            Assert.AreEqual(2, verifiedFails.Messages.Count);
            StringAssert.Contains("Caveat 'time < 2015-01-01T00:00' failed", verifiedFails.Messages[0]);
            StringAssert.Contains("Signature mismatch", verifiedFails.Messages[1]);
        }
Пример #5
0
        public void CanVerifyEmptyMacaroon()
        {
            var m = new Macaroon(Location, Secret, Identifier);
            var v = new Verifier();

            var r = m.Verify(v, Secret);

            Assert.True(r.Success);
        }
Пример #6
0
        static void TestCreateAndDecrypt()
        {
            //Macaroon.Crypto = new NoEncryption();

            Stopwatch w1 = new Stopwatch();
            Stopwatch w2 = new Stopwatch();
            Stopwatch w3 = new Stopwatch();
            Stopwatch w4 = new Stopwatch();

            w1.Start();

            for (int i = 0; i < 2000; ++i)
            {
                w2.Start();
                //Macaroon m = new Macaroon(Location2, Secret2, Identifier2);
                Macaroon m = new Macaroon(LocationBytes, SecretBytes, IdentifierBytes);
                m.AddFirstPartyCaveat("account = 3735928559");

                string caveat_key = "4; guaranteed random by a fair toss of the dice";
                string identifier = "this was how we remind auth of key/pred";
                m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key, identifier);
                //m.AddFirstPartyCaveat("account = 3735928559");
                w2.Stop();

                Macaroon d = new Macaroon("http://auth.mybank/", caveat_key, identifier);
                //d.AddFirstPartyCaveat("time < 2015-01-01T00:00");

                w3.Start();
                Macaroon dp = m.PrepareForRequest(d);
                w3.Stop();

                w4.Start();
                Verifier v = new Verifier();
                v.SatisfyExact("account = 3735928559");
                //v.SatisfyGeneral(TimeVerifier);

                VerificationResult result = m.Verify(v, Secret2, new List <Macaroon> {
                    dp
                });
                w4.Stop();

                if (!result.Success)
                {
                    throw new InvalidOperationException();
                }
            }
            //Console.WriteLine(result.Success);

            w1.Stop();
            Console.WriteLine("Total: " + w1.Elapsed);
            Console.WriteLine("Create: " + w2.Elapsed);
            Console.WriteLine("Prepare: " + w3.Elapsed);
            Console.WriteLine("Verify: " + w4.Elapsed);
        }
Пример #7
0
        public void CanVerifyEmptyMacaroon()
        {
            // Arrange - create macaroon without any caveats
            Macaroon m = new Macaroon(Location, Secret, Identifier);
            Verifier v = new Verifier();

            // Act
            VerificationResult verified = m.Verify(v, Secret);

            // Assert
            Assert.IsTrue(verified.Success);
        }
Пример #8
0
        public void CanDeserializeEmptyMacaroon()
        {
            // Arrange (this is a Macaroon from the tutorial (https://github.com/rescrv/libmacaroons) containing an invalid signature - but that should not be checked here)
            string serialized = "MDAxY2xvY2F0aW9uIGh0dHA6Ly9teWJhbmsvCjAwMjZpZGVudGlmaWVyIHdlIHVzZWQgb3VyIHNlY3JldCBrZXkKMDAyZnNpZ25hdHVyZSDj2eApCFJsTAA5rhURQRXZf91ovyujebNCqvD2F9BVLwo";

            // Act
            Macaroon m = Macaroon.Deserialize(serialized);

            // Assert
            Assert.AreEqual(Location, m.Location.ToString());
            Assert.AreEqual(Identifier, m.Identifier.ToString());
            Assert.AreEqual(0, m.Caveats.Count);
            Assert.IsTrue(m.Verify(new Verifier(), Secret).Success);
        }
Пример #9
0
        public void CanVerifyFirstPartyCaveat()
        {
            // Arrange
            Macaroon m = new Macaroon(Location, Secret, Identifier);

            m.AddFirstPartyCaveat("account = 3735928559");

            Verifier v = new Verifier();

            v.SatisfyExact("account = 3735928559");

            // Act
            VerificationResult verified = m.Verify(v, Secret);

            // Assert
            Assert.IsTrue(verified.Success);
        }
Пример #10
0
        public void StandardExpiresVerifierDoesNotAddReasonWhenNoExpiresCaveatArePresent()
        {
            // Arrange
            Macaroon mFailure = new Macaroon(Location, Secret, Identifier);

            mFailure.AddFirstPartyCaveat("other: 1234");

            Verifier v = new Verifier();

            v.SatisfyGeneral(StandardCaveatVerifiers.ExpiresVerifier);

            // Act
            VerificationResult verified2 = mFailure.Verify(v, Secret);

            // Assert
            Assert.IsFalse(verified2.Success);
            Assert.AreEqual(1, verified2.Messages.Count);
            Assert.AreEqual("Caveat 'other: 1234' failed", verified2.Messages[0]);
        }
Пример #11
0
        public void StandardExpiresVerifierOnlyAcceptsISOTimeStamp()
        {
            // Arrange
            Macaroon mFailure = new Macaroon(Location, Secret, Identifier);

            mFailure.AddFirstPartyCaveat("expires: 23-12-2000");

            Verifier v = new Verifier();

            v.SatisfyGeneral(StandardCaveatVerifiers.ExpiresVerifier);

            // Act
            VerificationResult verified2 = mFailure.Verify(v, Secret);

            // Assert
            Assert.IsFalse(verified2.Success);
            Assert.AreEqual(1, verified2.Messages.Count);
            Assert.AreEqual("Invalid timestamp in 'expires: 23-12-2000'", verified2.Messages[0]);
        }
Пример #12
0
        public void FailedVerificationAddsVerifierReason()
        {
            // Arrange
            Macaroon mFailure = new Macaroon(Location, Secret, Identifier);

            mFailure.AddFirstPartyCaveat("expires: 2000-01-01T00:00:00Z");

            Verifier v = new Verifier();

            v.SatisfyGeneral(StandardCaveatVerifiers.ExpiresVerifier);

            // Act
            VerificationResult verified2 = mFailure.Verify(v, Secret);

            // Assert
            Assert.IsFalse(verified2.Success);
            Assert.AreEqual(1, verified2.Messages.Count);
            Assert.AreEqual("Timestamp '2000-01-01T00:00:00Z' has expired", verified2.Messages[0]);
        }
Пример #13
0
        public void VerificationFailsWhenHavingCircularMacaroonReferences()
        {
            // Arrange

            // - Create primary macaroon
            Macaroon m = new Macaroon(Location, Secret, Identifier);

            // - Add third party caveat (1)
            string caveat_key1 = "4; guaranteed random by a fair toss of the dice";
            string identifier1 = "this was how we remind auth of key/pred";

            m.AddThirdPartyCaveat("http://auth.mybank/", caveat_key1, identifier1);

            // - Add third party caveat (2)
            string caveat_key2 = "random key 2";
            string identifier2 = "identifier 2";

            m.AddThirdPartyCaveat("http://auth.government/", caveat_key2, identifier2);

            // - Create discharge macaroon (1) with reference to (2)
            Macaroon d1 = new Macaroon("http://auth.mybank/", caveat_key1, identifier1);

            d1.AddThirdPartyCaveat("http://auth.government/", caveat_key2, identifier2);
            Macaroon dp1 = m.PrepareForRequest(d1);

            // - Create discharge macaroon (2) with reference to (1)
            Macaroon d2 = new Macaroon("http://auth.mybank/", caveat_key2, identifier2);

            d2.AddThirdPartyCaveat("http://auth.government/", caveat_key1, identifier1);
            Macaroon dp2 = m.PrepareForRequest(d2);

            Verifier v = new Verifier();

            // Act
            VerificationResult result = m.Verify(v, Secret, new List <Macaroon> {
                dp1, dp2
            });

            // Assert
            Assert.IsFalse(result.Success);
            Assert.AreEqual(2, result.Messages.Count);
            StringAssert.Contains("circular", result.Messages[0]);
        }
Пример #14
0
        public void VerificationFailsWithInvalidSecret()
        {
            // Arrange
            Macaroon m = new Macaroon(Location, "Another secret", Identifier);

            m.AddFirstPartyCaveat("account = 3735928559");

            Verifier v = new Verifier();

            v.SatisfyExact("account = 3735928559");

            // Act
            VerificationResult verified = m.Verify(v, Secret);

            // Assert
            Assert.IsFalse(verified.Success);
            Assert.AreEqual(1, verified.Messages.Count);
            StringAssert.Contains("Signature mismatch", verified.Messages[0]);
        }
Пример #15
0
        public void VerificationFailsWithUnknownCaveat()
        {
            // Arrange
            Macaroon m = new Macaroon(Location, Secret, Identifier);

            m.AddFirstPartyCaveat("account = 3735928559");

            Verifier v = new Verifier();

            v.SatisfyExact("account = 88778");

            // Act
            VerificationResult verified = m.Verify(v, Secret);

            // Assert
            Assert.IsFalse(verified.Success);
            Assert.AreEqual(1, verified.Messages.Count);
            StringAssert.Contains("Caveat", verified.Messages[0]);
            StringAssert.Contains("failed", verified.Messages[0]);
        }
Пример #16
0
        public void CanVerifyMultipleFirstPartyCaveats()
        {
            // Arrange
            Macaroon m = new Macaroon(Location, Secret, Identifier);

            m.AddFirstPartyCaveat("account = 3735928559");
            m.AddFirstPartyCaveat("time < 2115-01-01T00:00");
            m.AddFirstPartyCaveat("email = [email protected]");

            Verifier v = new Verifier();

            v.SatisfyExact("account = 3735928559");
            v.SatisfyExact("time < 2115-01-01T00:00");
            v.SatisfyExact("email = [email protected]");

            // Act
            VerificationResult verified = m.Verify(v, Secret);

            // Assert
            Assert.IsTrue(verified.Success);
        }