Add macaroon auth token verification Change-Id: I600116c238a495c7c1ba44267cdc44eb97d181d8 Reviewed-on: https://weave-review.googlesource.com/1946 Reviewed-by: Alex Vakulenko <avakulenko@google.com>

diff --git a/src/privet/auth_manager.cc b/src/privet/auth_manager.cc
index 8e2bfce..0364a87 100644
--- a/src/privet/auth_manager.cc
+++ b/src/privet/auth_manager.cc

@@ -133,5 +133,16 @@
   return clock_->Now();
 }
 
+bool AuthManager::IsValidAuthToken(const std::vector<uint8_t>& token) const {
+  std::vector<uint8_t> buffer(kMaxMacaroonSize);
+  UwMacaroon macaroon{};
+  if (!uw_macaroon_load_(token.data(), token.size(), buffer.data(),
+                         buffer.size(), &macaroon)) {
+    return false;
+  }
+
+  return uw_macaroon_verify_(&macaroon, secret_.data(), secret_.size());
+}
+
 }  // namespace privet
 }  // namespace weave

diff --git a/src/privet/auth_manager.h b/src/privet/auth_manager.h
index b893be3..dfdd6b3 100644
--- a/src/privet/auth_manager.h
+++ b/src/privet/auth_manager.h

@@ -36,6 +36,8 @@
 
   base::Time Now() const;
 
+  bool IsValidAuthToken(const std::vector<uint8_t>& token) const;
+
  private:
   base::DefaultClock default_clock_;
   base::Clock* clock_{nullptr};

diff --git a/src/privet/auth_manager_unittest.cc b/src/privet/auth_manager_unittest.cc
index 6a48f11..72e7afd 100644
--- a/src/privet/auth_manager_unittest.cc
+++ b/src/privet/auth_manager_unittest.cc

@@ -134,5 +134,17 @@
             Base64Encode(auth.GetRootClientAuthToken()));
 }
 
+TEST_F(AuthManagerTest, IsValidAuthToken) {
+  EXPECT_TRUE(auth_.IsValidAuthToken(auth_.GetRootClientAuthToken()));
+  // Multiple attempts with random secrets.
+  for (size_t i = 0; i < 1000; ++i) {
+    AuthManager auth{{}, {}, &clock_};
+
+    auto token = auth.GetRootClientAuthToken();
+    EXPECT_FALSE(auth_.IsValidAuthToken(token));
+    EXPECT_TRUE(auth.IsValidAuthToken(token));
+  }
+}
+
 }  // namespace privet
 }  // namespace weave