Merge pull request #31 from superfly/verifier-func

bundle: VerifierFunc
superfly · Aug 16, 2024 · 909573e · 909573e
2 parents 699743b + 58697d1
commit 909573e
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 24 deletions.
diff --git a/bundle/bundle_test.go b/bundle/bundle_test.go
@@ -263,10 +263,10 @@ func TestWithDischarges(t *testing.T) {
 	})
 }
 
-type verifierFunc func(ctx context.Context, dischargesByPermission map[Macaroon][]Macaroon) map[Macaroon]VerificationResult
+type testVerifier func(ctx context.Context, dischargesByPermission map[Macaroon][]Macaroon) map[Macaroon]VerificationResult
 
-func (vf verifierFunc) Verify(ctx context.Context, dischargesByPermission map[Macaroon][]Macaroon) map[Macaroon]VerificationResult {
-	return vf(ctx, dischargesByPermission)
+func (f testVerifier) Verify(ctx context.Context, dischargesByPermission map[Macaroon][]Macaroon) map[Macaroon]VerificationResult {
+	return f(ctx, dischargesByPermission)
 }
 
 func TestVerify(t *testing.T) {
@@ -283,7 +283,7 @@ func TestVerify(t *testing.T) {
 		bun, err := ParseBundle(permLoc, toks.String())
 		assert.NoError(t, err)
 
-		_, err = bun.Verify(context.Background(), verifierFunc(func(ctx context.Context, dischargesByPermission map[Macaroon][]Macaroon) map[Macaroon]VerificationResult {
+		_, err = bun.Verify(context.Background(), testVerifier(func(ctx context.Context, dischargesByPermission map[Macaroon][]Macaroon) map[Macaroon]VerificationResult {
 			ret := make(map[Macaroon]VerificationResult, len(dischargesByPermission))
 			assert.Equal(t, 2, len(dischargesByPermission))
 
@@ -315,7 +315,7 @@ func TestVerify(t *testing.T) {
 		bun, err := ParseBundle(permLoc, toks.String())
 		assert.NoError(t, err)
 
-		_, err = bun.Verify(context.Background(), verifierFunc(func(ctx context.Context, dischargesByPermission map[Macaroon][]Macaroon) map[Macaroon]VerificationResult {
+		_, err = bun.Verify(context.Background(), testVerifier(func(ctx context.Context, dischargesByPermission map[Macaroon][]Macaroon) map[Macaroon]VerificationResult {
 			ret := make(map[Macaroon]VerificationResult, len(dischargesByPermission))
 			for perm := range dischargesByPermission {
 				ret[perm] = &FailedMacaroon{perm.Unverified(), errors.New("hi")}
@@ -337,7 +337,7 @@ func TestVerify(t *testing.T) {
 		bun, err := ParseBundle(permLoc, toks.String())
 		assert.NoError(t, err)
 
-		_, err = bun.Verify(context.Background(), verifierFunc(func(ctx context.Context, dischargesByPermission map[Macaroon][]Macaroon) map[Macaroon]VerificationResult {
+		_, err = bun.Verify(context.Background(), testVerifier(func(ctx context.Context, dischargesByPermission map[Macaroon][]Macaroon) map[Macaroon]VerificationResult {
 			ret := make(map[Macaroon]VerificationResult, len(dischargesByPermission))
 
 			for perm := range dischargesByPermission {

diff --git a/bundle/verifier.go b/bundle/verifier.go
@@ -51,28 +51,26 @@ func WithKeys(keyByKID map[string]macaroon.SigningKey, trustedTPs map[string][]m
 }
 
 func (kr KeyResolver) Verify(ctx context.Context, dissByPerm map[Macaroon][]Macaroon) map[Macaroon]VerificationResult {
-	ret := make(map[Macaroon]VerificationResult, len(dissByPerm))
-
-	for perm, diss := range dissByPerm {
-		key, trustedTPs, err := kr(ctx, perm.Nonce())
-		if err != nil {
-			ret[perm] = &FailedMacaroon{perm.Unverified(), err}
-			continue
-		}
+	return VerifierFunc(kr.VerifyOne).Verify(ctx, dissByPerm)
+}
 
-		disMacs := make([]*macaroon.Macaroon, 0, len(diss))
-		for _, d := range diss {
-			disMacs = append(disMacs, d.UnsafeMacaroon())
-		}
+// VerifyOne is a VerifierFunc
+func (kr KeyResolver) VerifyOne(ctx context.Context, perm Macaroon, diss []Macaroon) VerificationResult {
+	key, trustedTPs, err := kr(ctx, perm.Nonce())
+	if err != nil {
+		return &FailedMacaroon{perm.Unverified(), err}
+	}
 
-		if cavs, err := perm.UnsafeMacaroon().VerifyParsed(key, disMacs, trustedTPs); err != nil {
-			ret[perm] = &FailedMacaroon{perm.Unverified(), err}
-		} else {
-			ret[perm] = &VerifiedMacaroon{perm.Unverified(), cavs}
-		}
+	disMacs := make([]*macaroon.Macaroon, 0, len(diss))
+	for _, d := range diss {
+		disMacs = append(disMacs, d.UnsafeMacaroon())
 	}
 
-	return ret
+	if cavs, err := perm.UnsafeMacaroon().VerifyParsed(key, disMacs, trustedTPs); err != nil {
+		return &FailedMacaroon{perm.Unverified(), err}
+	} else {
+		return &VerifiedMacaroon{perm.Unverified(), cavs}
+	}
 }
 
 // VerificationCache is a Verifier that caches successful verification results.
@@ -135,3 +133,15 @@ func (vc *VerificationCache) Verify(ctx context.Context, dissByPerm map[Macaroon
 func (vc *VerificationCache) Purge() {
 	vc.cache.Purge()
 }
+
+type VerifierFunc func(ctx context.Context, perm Macaroon, diss []Macaroon) VerificationResult
+
+func (vf VerifierFunc) Verify(ctx context.Context, dissByPerm map[Macaroon][]Macaroon) map[Macaroon]VerificationResult {
+	ret := make(map[Macaroon]VerificationResult, len(dissByPerm))
+
+	for perm, diss := range dissByPerm {
+		ret[perm] = vf(ctx, perm, diss)
+	}
+
+	return ret
+}