Add macaroon auth token verification
Change-Id: I600116c238a495c7c1ba44267cdc44eb97d181d8
Reviewed-on: https://weave-review.googlesource.com/1946
Reviewed-by: Alex Vakulenko <avakulenko@google.com>
diff --git a/src/privet/auth_manager.cc b/src/privet/auth_manager.cc
index 8e2bfce..0364a87 100644
--- a/src/privet/auth_manager.cc
+++ b/src/privet/auth_manager.cc
@@ -133,5 +133,16 @@
return clock_->Now();
}
+bool AuthManager::IsValidAuthToken(const std::vector<uint8_t>& token) const {
+ std::vector<uint8_t> buffer(kMaxMacaroonSize);
+ UwMacaroon macaroon{};
+ if (!uw_macaroon_load_(token.data(), token.size(), buffer.data(),
+ buffer.size(), &macaroon)) {
+ return false;
+ }
+
+ return uw_macaroon_verify_(&macaroon, secret_.data(), secret_.size());
+}
+
} // namespace privet
} // namespace weave
diff --git a/src/privet/auth_manager.h b/src/privet/auth_manager.h
index b893be3..dfdd6b3 100644
--- a/src/privet/auth_manager.h
+++ b/src/privet/auth_manager.h
@@ -36,6 +36,8 @@
base::Time Now() const;
+ bool IsValidAuthToken(const std::vector<uint8_t>& token) const;
+
private:
base::DefaultClock default_clock_;
base::Clock* clock_{nullptr};
diff --git a/src/privet/auth_manager_unittest.cc b/src/privet/auth_manager_unittest.cc
index 6a48f11..72e7afd 100644
--- a/src/privet/auth_manager_unittest.cc
+++ b/src/privet/auth_manager_unittest.cc
@@ -134,5 +134,17 @@
Base64Encode(auth.GetRootClientAuthToken()));
}
+TEST_F(AuthManagerTest, IsValidAuthToken) {
+ EXPECT_TRUE(auth_.IsValidAuthToken(auth_.GetRootClientAuthToken()));
+ // Multiple attempts with random secrets.
+ for (size_t i = 0; i < 1000; ++i) {
+ AuthManager auth{{}, {}, &clock_};
+
+ auto token = auth.GetRootClientAuthToken();
+ EXPECT_FALSE(auth_.IsValidAuthToken(token));
+ EXPECT_TRUE(auth.IsValidAuthToken(token));
+ }
+}
+
} // namespace privet
} // namespace weave