- Notifications
You must be signed in to change notification settings - Fork0
A Java library for Macaroons.
License
NotificationsYou must be signed in to change notification settings
pvriel/macaroons4J
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
A Java library forMacaroons.
The aim of this library is to provide an easy-to-use, yet versatile (e.g., support for structural caveats) library for developers.
We now useGitHub packages instead of JitPack.
StringhintTargetLocation ="https://google.com";byte[]macaroonIdentifier =UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8);StringmacaroonSecret ="A secret, only known to the target location";Macaroonmacaroon =newSimpleMacaroon(macaroonSecret,macaroonIdentifier,hintTargetLocation);VerificationContextcontext =newVerificationContext();HashSet<VerificationContext>validContexts =macaroon.verify(macaroonSecret,context);assert(validContexts.size() >=1);
byte[]firstPartyCaveatIdentifier =UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8);// Create a custom FirstPartyCaveat subclass and define its verification process.FirstPartyCaveattimeConstraint =newFirstPartyCaveat(firstPartyCaveatIdentifier) {@Overrideprotectedvoidverify(@NotNullMacaroonmacaroon,@NotNullVerificationContextcontext)throwsIllegalStateException {/* macaroon: the Macaroon instance that is being verified. context: the context in which the caveat should hold. */context.addRangeConstraint("time",Pair.of(5,10)); }};macaroon.addCaveat(timeConstraint);validContexts =macaroon.verify(macaroonSecret,context);assert(validContexts.size() >=1);context =newVerificationContext();context.addRangeConstraint("time",Pair.of(11,15));/* No possible solutions here: context only valid in 'time' range 11 - 15, while the constraint is only valid between 5 - 10. There is no overlapping between the two ranges. */validContexts =macaroon.verify(macaroonSecret,context);assert(validContexts.size() ==0);
StringthirdPartyCaveatRootKey ="Another secret, shared with the third-party";byte[]thirdPartyCaveatIdentifier ="user is Alice";StringhintDischargeLocation ="https://oauthprovider.com";ThirdPartyCaveatthirdPartyCaveat =newThirdPartyCaveat(thirdPartyCaveatRootKey,thirdPartyCaveatIdentifier,hintDischargeLocation);macaroon.addCaveat(thirdPartyCaveat);macaroon.verify(macaroonSecret,newVerificationContext());// Exception thrown: no discharge Macaroon bound.// You can add additional caveats to the discharge Macaroons, but we are not doing that here.MacaroondischargeMacaroon =newSimpleMacaroon(thirdPartyCaveatRootKey,thirdPartyCaveatIdentifier,hintDischargeLocation);macaroon.bindMacaroonForRequest(dischargeMacaroon);validContexts =macaroon.verify(macaroonSecret,newVerificationContext());assert(validContexts.size() >=1);
Found a bug, problem, ... or do you have a question about this library?
Do not hesitate to contact me as soon as possible!
About
A Java library for Macaroons.
Topics
Resources
License
Stars
Watchers
Forks
Releases
No releases published