1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107

use crate::Cookies;
use cookie::{Cookie, Key};

/// A child cookie jar that authenticates its cookies.
/// It signs all the cookies added to it and verifies cookies retrieved from it.
/// Any cookies stored in `SignedCookies` are provided integrity and authenticity. In other
/// words, clients cannot tamper with the contents of a cookie nor can they fabricate cookie
/// values, but the data is visible in plaintext.
pub struct SignedCookies<'a> {
    cookies: Cookies,
    key: &'a Key,
}

impl<'a> SignedCookies<'a> {
    /// Creates an instance of `SignedCookies` with parent `cookies` and key `key`. This method is
    /// typically called indirectly via the `signed` method of [`Cookies`].
    pub(crate) fn new(cookies: &Cookies, key: &'a Key) -> Self {
        Self {
            cookies: cookies.clone(),
            key,
        }
    }

    /// Adds cookie to the parent jar. The cookie’s value is signed assuring integrity and
    /// authenticity.
    pub fn add(&self, cookie: Cookie<'static>) {
        let mut inner = self.cookies.inner.lock();
        inner.changed = true;
        inner.jar().signed_mut(self.key).add(cookie);
    }

    /// Returns `Cookie` with the `name` and verifies the authenticity and integrity of the
    /// cookie’s value, returning a `Cookie` with the authenticated value. If the cookie cannot be
    /// found, or the cookie fails to verify, None is returned.
    pub fn get(&self, name: &str) -> Option<Cookie> {
        let mut inner = self.cookies.inner.lock();
        inner.jar().signed(self.key).get(name)
    }

    /// Removes the `cookie` from the parent jar.
    pub fn remove(&self, cookie: Cookie<'static>) {
        self.cookies.remove(cookie);
    }
}

#[cfg(all(test, feature = "signed"))]
mod tests {
    use crate::Cookies;
    use cookie::{Cookie, Key};

    #[test]
    fn get_absent() {
        let key = Key::generate();
        let cookies = Cookies::new(None);
        assert_eq!(cookies.signed(&key).get("foo"), None);
    }

    #[test]
    fn add_get_signed() {
        let key = Key::generate();
        let cookies = Cookies::new(None);
        let cookie = Cookie::new("foo", "bar");
        let signed = cookies.signed(&key);
        signed.add(cookie.clone());
        assert_eq!(signed.get("foo").unwrap(), cookie);
    }

    #[test]
    fn add_signed_get_raw() {
        let key = Key::generate();
        let cookies = Cookies::new(None);
        let cookie = Cookie::new("foo", "bar");
        cookies.signed(&key).add(cookie.clone());
        assert_ne!(cookies.get("foo").unwrap(), cookie);
    }

    #[test]
    fn add_raw_get_signed() {
        let key = Key::generate();
        let cookies = Cookies::new(None);
        let cookie = Cookie::new("foo", "bar");
        cookies.add(cookie);
        assert_eq!(cookies.signed(&key).get("foo"), None);
    }

    #[test]
    fn messed_keys() {
        let key1 = Key::generate();
        let key2 = Key::generate();
        let cookies = Cookies::new(None);
        let cookie = Cookie::new("foo", "bar");
        cookies.signed(&key1).add(cookie);
        assert_eq!(cookies.signed(&key2).get("foo"), None);
    }

    #[test]
    fn remove() {
        let key = Key::generate();
        let cookies = Cookies::new(None);
        let cookie = Cookie::new("foo", "bar");
        let signed = cookies.signed(&key);
        signed.add(cookie.clone());
        assert!(signed.get("foo").is_some());
        signed.remove(cookie);
        assert!(signed.get("foo").is_none());
    }
}