func (*macaroonSuite) TestJSONRoundTrip(c *gc.C) {
// jsonData produced from the second example in libmacaroons
// example README, but with the signature tweaked to
// match our current behaviour.
// TODO fix that behaviour so that our signatures match.
jsonData := `{"caveats":[{"cid":"account = 3735928559"},{"cid":"this was how we remind auth of key\/pred","vid":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA027FAuBYhtHwJ58FX6UlVNFtFsGxQHS7uD\/w\/dedwv4Jjw7UorCREw5rXbRqIKhr","cl":"http:\/\/auth.mybank\/"}],"location":"http:\/\/mybank\/","identifier":"we used our other secret key","signature":"6e315b0b391e8c6cc6f8d88fc22933a13430fb289b2fb613cf70f746bbe7d27d"}`
var m macaroon.Macaroon
err := json.Unmarshal([]byte(jsonData), &m)
c.Assert(err, gc.IsNil)
c.Assert(hex.EncodeToString(m.Signature()), gc.Equals,
"6e315b0b391e8c6cc6f8d88fc22933a13430fb289b2fb613cf70f746bbe7d27d")
data, err := m.MarshalJSON()
c.Assert(err, gc.IsNil)
// Check that the round-tripped data is the same as the original
// data when unmarshalled into an interface{}.
var got interface{}
err = json.Unmarshal(data, &got)
c.Assert(err, gc.IsNil)
var original interface{}
err = json.Unmarshal([]byte(jsonData), &original)
c.Assert(err, gc.IsNil)
c.Assert(got, gc.DeepEquals, original)
}
func Auth(h MacrHandler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
// This is fast, if it's not timed out
macHdr := r.Header.Get("Macaroon")
// These will have to talk to another authority to authorize.
// TODO configurable timeout
authHdr := r.Header.Get("Authorization")
// keyHdr := r.Header.Get("Keystone")
// etc..
switch {
case macHdr != "":
mac := new(macaroon.Macaroon)
err := mac.UnmarshalJSON([]byte(macHdr))
if err != nil {
w.Write([]byte("error deserializing Macaroon"))
return
}
// TODO check for timeout, add discharge to Header
// TODO check for third party auth
h(w, r, mac)
case authHdr != "":
default:
w.Write([]byte("no auth supplied"))
return
}
}
}
func assertEqualMacaroons(c *gc.C, m0, m1 *macaroon.Macaroon) {
m0json, err := m0.MarshalJSON()
c.Assert(err, gc.IsNil)
m1json, err := m1.MarshalJSON()
var m0val, m1val interface{}
err = json.Unmarshal(m0json, &m0val)
c.Assert(err, gc.IsNil)
err = json.Unmarshal(m1json, &m1val)
c.Assert(err, gc.IsNil)
c.Assert(m0val, gc.DeepEquals, m1val)
}
func BenchmarkUnmarshalJSON(b *testing.B) {
rootKey := randomBytes(24)
id := base64.StdEncoding.EncodeToString(randomBytes(100))
loc := base64.StdEncoding.EncodeToString(randomBytes(40))
m := MustNew(rootKey, id, loc)
data, err := m.MarshalJSON()
if err != nil {
b.Fatalf("cannot marshal JSON: %v", err)
}
for i := b.N - 1; i >= 0; i-- {
var m macaroon.Macaroon
err := m.UnmarshalJSON(data)
if err != nil {
b.Fatalf("cannot unmarshal JSON: %v", err)
}
}
}
func (*macaroonSuite) TestBinaryRoundTrip(c *gc.C) {
// Test the binary marshalling and unmarshalling of a macaroon with
// first and third party caveats.
rootKey := []byte("secret")
m0 := MustNew(rootKey, "some id", "a location")
err := m0.AddFirstPartyCaveat("first caveat")
c.Assert(err, gc.IsNil)
err = m0.AddFirstPartyCaveat("second caveat")
c.Assert(err, gc.IsNil)
err = m0.AddThirdPartyCaveat([]byte("shared root key"), "3rd party caveat", "remote.com")
c.Assert(err, gc.IsNil)
data, err := m0.MarshalBinary()
c.Assert(err, gc.IsNil)
var m1 macaroon.Macaroon
err = m1.UnmarshalBinary(data)
c.Assert(err, gc.IsNil)
assertEqualMacaroons(c, m0, &m1)
}
// this should be a caveat verifier
func auth(w http.ResponseWriter, r *http.Request) {
macHdr := r.Header.Get("Macaroon")
authHdr := r.Header.Get("Authorization")
switch {
case macHdr != "":
mac := new(macaroon.Macaroon)
err := mac.UnmarshalBinary([]byte(macHdr))
if err != nil {
w.Write([]byte("error deserializing Macaroon"))
return
}
// TODO check for timeout, add discharge to Header
// TODO check for third party auth
case authHdr != "":
default:
w.Write([]byte("no auth supplied"))
return
}
}
func (*macaroonSuite) TestMarshalJSON(c *gc.C) {
rootKey := []byte("secret")
m0 := MustNew(rootKey, "some id", "a location")
m0.AddFirstPartyCaveat("account = 3735928559")
m0JSON, err := json.Marshal(m0)
c.Assert(err, gc.IsNil)
var m1 macaroon.Macaroon
err = json.Unmarshal(m0JSON, &m1)
c.Assert(err, gc.IsNil)
c.Assert(m0.Location(), gc.Equals, m1.Location())
c.Assert(m0.Id(), gc.Equals, m1.Id())
c.Assert(
hex.EncodeToString(m0.Signature()),
gc.Equals,
hex.EncodeToString(m1.Signature()))
}
func (*macaroonSuite) TestBinaryMarshalingAgainstLibmacaroon(c *gc.C) {
// Test that a libmacaroon marshalled macaroon can be correctly unmarshaled
data, err := base64.StdEncoding.DecodeString(
"MDAxN2xvY2F0aW9uIHNvbWV3aGVyZQowMDEyaWRlbnRpZmllciBpZAowMDEzY2lkIGlkZW50aWZpZXIKMDA1MXZpZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4i9QwCgbL/wZGFvLQpsyhLOv0v6VjIo2KJv5miz+7krqCpt5EhmrL8pYO9xrhT80KMDAxM2NsIHRoaXJkIHBhcnR5CjAwMmZzaWduYXR1cmUg3BXkIDX0giAPPrgkDLbiMGYy/zsC2qPb4jU4G/dohkAK")
c.Assert(err, gc.IsNil)
var m0 macaroon.Macaroon
err = m0.UnmarshalBinary(data)
c.Assert(err, gc.IsNil)
jsonData := []byte(`{"caveats":[{"cid":"identifier\n","vid":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuIvUMAoGy/8GRhby0KbMoSzr9L+lYyKNiib+Zos/u5K6gqbeRIZqy/KWDvca4U/NCg==","cl":"third party\n"}],"location":"somewhere\n","identifier":"id\n","signature":"dc15e42035f482200f3eb8240cb6e2306632ff3b02daa3dbe235381bf76886400a"}`)
var m1 macaroon.Macaroon
err = m1.UnmarshalJSON(jsonData)
c.Assert(err, gc.IsNil)
assertEqualMacaroons(c, &m0, &m1)
}
func hi(w http.ResponseWriter, r *http.Request, m *macaroon.Macaroon) {
w.Write([]byte(fmt.Sprintf("hi, your macaroon sig is %s", string(m.Signature()))))
}