예제 #1
0
func (*macaroonSuite) TestJSONRoundTrip(c *gc.C) {
	// jsonData produced from the second example in libmacaroons
	// example README, but with the signature tweaked to
	// match our current behaviour.
	// TODO fix that behaviour so that our signatures match.
	jsonData := `{"caveats":[{"cid":"account = 3735928559"},{"cid":"this was how we remind auth of key\/pred","vid":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA027FAuBYhtHwJ58FX6UlVNFtFsGxQHS7uD\/w\/dedwv4Jjw7UorCREw5rXbRqIKhr","cl":"http:\/\/auth.mybank\/"}],"location":"http:\/\/mybank\/","identifier":"we used our other secret key","signature":"6e315b0b391e8c6cc6f8d88fc22933a13430fb289b2fb613cf70f746bbe7d27d"}`

	var m macaroon.Macaroon
	err := json.Unmarshal([]byte(jsonData), &m)
	c.Assert(err, gc.IsNil)
	c.Assert(hex.EncodeToString(m.Signature()), gc.Equals,
		"6e315b0b391e8c6cc6f8d88fc22933a13430fb289b2fb613cf70f746bbe7d27d")
	data, err := m.MarshalJSON()
	c.Assert(err, gc.IsNil)

	// Check that the round-tripped data is the same as the original
	// data when unmarshalled into an interface{}.
	var got interface{}
	err = json.Unmarshal(data, &got)
	c.Assert(err, gc.IsNil)

	var original interface{}
	err = json.Unmarshal([]byte(jsonData), &original)
	c.Assert(err, gc.IsNil)

	c.Assert(got, gc.DeepEquals, original)
}
예제 #2
0
func Auth(h MacrHandler) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		// This is fast, if it's not timed out
		macHdr := r.Header.Get("Macaroon")

		// These will have to talk to another authority to authorize.
		// TODO configurable timeout
		authHdr := r.Header.Get("Authorization")
		// keyHdr := r.Header.Get("Keystone")
		// etc..

		switch {
		case macHdr != "":
			mac := new(macaroon.Macaroon)
			err := mac.UnmarshalJSON([]byte(macHdr))
			if err != nil {
				w.Write([]byte("error deserializing Macaroon"))
				return
			}
			// TODO check for timeout, add discharge to Header
			// TODO check for third party auth
			h(w, r, mac)
		case authHdr != "":
		default:
			w.Write([]byte("no auth supplied"))
			return
		}
	}
}
예제 #3
0
func assertEqualMacaroons(c *gc.C, m0, m1 *macaroon.Macaroon) {
	m0json, err := m0.MarshalJSON()
	c.Assert(err, gc.IsNil)
	m1json, err := m1.MarshalJSON()
	var m0val, m1val interface{}
	err = json.Unmarshal(m0json, &m0val)
	c.Assert(err, gc.IsNil)
	err = json.Unmarshal(m1json, &m1val)
	c.Assert(err, gc.IsNil)
	c.Assert(m0val, gc.DeepEquals, m1val)
}
예제 #4
0
func BenchmarkUnmarshalJSON(b *testing.B) {
	rootKey := randomBytes(24)
	id := base64.StdEncoding.EncodeToString(randomBytes(100))
	loc := base64.StdEncoding.EncodeToString(randomBytes(40))
	m := MustNew(rootKey, id, loc)
	data, err := m.MarshalJSON()
	if err != nil {
		b.Fatalf("cannot marshal JSON: %v", err)
	}
	for i := b.N - 1; i >= 0; i-- {
		var m macaroon.Macaroon
		err := m.UnmarshalJSON(data)
		if err != nil {
			b.Fatalf("cannot unmarshal JSON: %v", err)
		}
	}
}
예제 #5
0
func (*macaroonSuite) TestBinaryRoundTrip(c *gc.C) {
	// Test the binary marshalling and unmarshalling of a macaroon with
	// first and third party caveats.
	rootKey := []byte("secret")
	m0 := MustNew(rootKey, "some id", "a location")
	err := m0.AddFirstPartyCaveat("first caveat")
	c.Assert(err, gc.IsNil)
	err = m0.AddFirstPartyCaveat("second caveat")
	c.Assert(err, gc.IsNil)
	err = m0.AddThirdPartyCaveat([]byte("shared root key"), "3rd party caveat", "remote.com")
	c.Assert(err, gc.IsNil)
	data, err := m0.MarshalBinary()
	c.Assert(err, gc.IsNil)
	var m1 macaroon.Macaroon
	err = m1.UnmarshalBinary(data)
	c.Assert(err, gc.IsNil)
	assertEqualMacaroons(c, m0, &m1)
}
예제 #6
0
// this should be a caveat verifier
func auth(w http.ResponseWriter, r *http.Request) {
	macHdr := r.Header.Get("Macaroon")
	authHdr := r.Header.Get("Authorization")

	switch {
	case macHdr != "":
		mac := new(macaroon.Macaroon)
		err := mac.UnmarshalBinary([]byte(macHdr))
		if err != nil {
			w.Write([]byte("error deserializing Macaroon"))
			return
		}
		// TODO check for timeout, add discharge to Header
		// TODO check for third party auth
	case authHdr != "":
	default:
		w.Write([]byte("no auth supplied"))
		return
	}
}
예제 #7
0
func (*macaroonSuite) TestMarshalJSON(c *gc.C) {
	rootKey := []byte("secret")
	m0 := MustNew(rootKey, "some id", "a location")
	m0.AddFirstPartyCaveat("account = 3735928559")
	m0JSON, err := json.Marshal(m0)
	c.Assert(err, gc.IsNil)
	var m1 macaroon.Macaroon
	err = json.Unmarshal(m0JSON, &m1)
	c.Assert(err, gc.IsNil)
	c.Assert(m0.Location(), gc.Equals, m1.Location())
	c.Assert(m0.Id(), gc.Equals, m1.Id())
	c.Assert(
		hex.EncodeToString(m0.Signature()),
		gc.Equals,
		hex.EncodeToString(m1.Signature()))
}
예제 #8
0
func (*macaroonSuite) TestBinaryMarshalingAgainstLibmacaroon(c *gc.C) {
	// Test that a libmacaroon marshalled macaroon can be correctly unmarshaled
	data, err := base64.StdEncoding.DecodeString(
		"MDAxN2xvY2F0aW9uIHNvbWV3aGVyZQowMDEyaWRlbnRpZmllciBpZAowMDEzY2lkIGlkZW50aWZpZXIKMDA1MXZpZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4i9QwCgbL/wZGFvLQpsyhLOv0v6VjIo2KJv5miz+7krqCpt5EhmrL8pYO9xrhT80KMDAxM2NsIHRoaXJkIHBhcnR5CjAwMmZzaWduYXR1cmUg3BXkIDX0giAPPrgkDLbiMGYy/zsC2qPb4jU4G/dohkAK")
	c.Assert(err, gc.IsNil)
	var m0 macaroon.Macaroon
	err = m0.UnmarshalBinary(data)
	c.Assert(err, gc.IsNil)
	jsonData := []byte(`{"caveats":[{"cid":"identifier\n","vid":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuIvUMAoGy/8GRhby0KbMoSzr9L+lYyKNiib+Zos/u5K6gqbeRIZqy/KWDvca4U/NCg==","cl":"third party\n"}],"location":"somewhere\n","identifier":"id\n","signature":"dc15e42035f482200f3eb8240cb6e2306632ff3b02daa3dbe235381bf76886400a"}`)
	var m1 macaroon.Macaroon
	err = m1.UnmarshalJSON(jsonData)
	c.Assert(err, gc.IsNil)
	assertEqualMacaroons(c, &m0, &m1)
}
예제 #9
0
func hi(w http.ResponseWriter, r *http.Request, m *macaroon.Macaroon) {
	w.Write([]byte(fmt.Sprintf("hi, your macaroon sig is %s", string(m.Signature()))))
}