search

ecordell / pymacaroons

A Python Macaroon Library
pymacaroons.readthedocs.org
MIT License
79 stars 23 forks source link

Signature when Adding Third Party Caveats #57

Open BigSamu opened 2 years ago

BigSamu commented 2 years ago

Hi all,

Quick question. For this library, when adding third-party caveats, is it expected that the signatures obtained for two different macaroons with the same set of parameters be different? Playing with other libraries (such as macaroon.js) this behaviour does not happen. Is this OK? What is happening behind scenes?

Below, some code and outputs to clarify my question:

I) USING PYMACROONS LIBRARY

CODE:

from pymacaroons import Macaroon, Verifier

m_1 = Macaroon(
        location='www.sp1.com',
        key='a-very-secret-key-for-pictures',
        identifier='key-for-pictures' ) \
    .add_first_party_caveat('picture_id = bobs_cool_cat.jpg') \
    .add_third_party_caveat(
        location='www.isp.com',
        key_id='key-for-bob',
        key='a-very-secret-key-for-bob-from-third-party'
    )

m_2 = Macaroon(
        location='www.sp1.com',
        identifier='key-for-pictures',
        key='a-very-secret-key-for-pictures') \
    .add_first_party_caveat('picture_id = bobs_cool_cat.jpg') \
    .add_third_party_caveat(
        location='www.isp.com',
        key_id='key-for-bob',
        key='a-very-secret-key-for-bob-from-third-party'
    )

print("")
print("-"*50)
print("INSPECTING MACAROON #1")
print("-"*50)
print(m_1.inspect())

print("")

print("-"*50)
print("INSPECTING MACAROON #2")
print("-"*50)
print(m_2.inspect())
print("")

OUTPUT:

INSPECTING MACAROON #1

location www.sp1.com identifier key-for-pictures cid picture_id = bobs_cool_cat.jpg cid key-for-bob vid SmsvdG/Unb7GH8C1L1pnLV+oc9jFtHaMwvRL0QKVS/YsCN5qGz3ScxXYn+DIsuAgUobjoDjApsVq2n/QbWn6vjrn62LlACUq cl www.isp.com signature 40f9bc2ee47df38326dbebebe3bf5b53158aba16bb6d76bb71db66d6ec6ad26e

INSPECTING MACAROON #2

location www.sp1.com identifier key-for-pictures cid picture_id = bobs_cool_cat.jpg cid key-for-bob vid 7hrq9P8Z23m/BzSjSl+lb5UJ4aTvQ3PgxnZLnr5ni8xOpfBAeyphLp6LCh9Y1k+1xvplgHBpanO2jLbvPVoF8PmdrcYlgd89 cl www.isp.com signature 121e619d379dd44363c2cc433a1c66b7192f20446e333b9d8c0db6af4f831c78

I) USING MACAROONS>JS LIBRARY

CODE:

var MacaroonsBuilder = require('macaroons.js').MacaroonsBuilder;
var MacaroonsVerifier = require('macaroons.js').MacaroonsVerifier;
var TimestampCaveatVerifier = require('macaroons.js').verifier.TimestampCaveatVerifier;

var SectionDelimiter = "-"
var SectionDelimiterTimes = 50

var m_1 = new MacaroonsBuilder(
   location='www.sp1.com',
   secretKey='a-very-secret-key-for-pictures',
   identifier='key-for-pictures')
 .add_first_party_caveat('picture_id = bobs_cool_cat.jpg')
 .add_third_party_caveat(
    location = 'www.isp.com',
    secretKey = 'a-very-secret-key-for-bob-from-third-party',
    identifier = 'key-for-bob')
 .getMacaroon();

 var m_2 = new MacaroonsBuilder(
   location='www.sp1.com',
   secretKey='a-very-secret-key-for-pictures',
   identifier='key-for-pictures',
)
 .add_first_party_caveat('picture_id = bobs_cool_cat.jpg')
 .add_third_party_caveat(
    'www.isp.com',
    'key-for-bob', 
    'a-very-secret-key-for-bob-from-third-party')
 .getMacaroon();

console.log("")
console.log(SectionDelimiter.repeat(SectionDelimiterTimes))
console.log("INSPECTING MACAROON #1")
console.log(SectionDelimiter.repeat(SectionDelimiterTimes))
console.log(m_1.inspect());

console.log(SectionDelimiter.repeat(SectionDelimiterTimes))
console.log("INSPECTING MACAROON #1")
console.log(SectionDelimiter.repeat(SectionDelimiterTimes))
console.log(m_2.inspect());
console.log("")

OUTPUT:

INSPECTING MACAROON #1

location www.sp1.com identifier key-for-pictures cid picture_id = bobs_cool_cat.jpg cid key-for-bob vid AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwV0PBpdryuvEamzlkov4xnYHwn_D5Kytrhvf2nyMwK1GCE3H2B8dbmpu0fdWWGB cl www.isp.com signature b6f4f6dd2b4892265df1eeddd5b68b0c7c2ac9a2f170a3a162e219df38dd21e9

INSPECTING MACAROON #1

location www.sp1.com identifier key-for-pictures cid picture_id = bobs_cool_cat.jpg cid a-very-secret-key-for-bob-from-third-party vid AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMFsqO8vpN5A3k3mGMuKwKEGaoyf_Q2ejKWntTJJjc6wfUO8A5ta4hq5gnOaS0Avo cl www.isp.com signature 2cd276da544fdceef48723a9fabfe2d55dd824186aec43664d61c8c97ea971ba