Skip to content

Commit

Permalink
Fix sample tests (#78)
Browse files Browse the repository at this point in the history 
* remove old tests
* check revocation ids
* check all validations from samples
* compare the authorizer world after execution
* fix policy printing
* fix expression printing
* remove the token_checks field from Authorizer
* fix check printing
* remove debug prints
* fix BuilderTest
* more info on success or failure differences
  • Loading branch information
@Geal
Geal authored Jan 7, 2024
1 parent 4be971d commit 5658ad4
Show file tree
Hide file tree
Showing 46 changed files with 473 additions and 3,211 deletions.
2 changes: 1 addition & 1 deletion src/main/java/org/biscuitsec/biscuit/crypto/PublicKey.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,6 @@ public int hashCode() {

@Override
public String toString() {
return "ed25519/" + toHex();
return "ed25519/" + toHex().toLowerCase();
}
}
5 changes: 0 additions & 5 deletions src/main/java/org/biscuitsec/biscuit/crypto/Token.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,6 @@ public Either<Error, Void> verify(PublicKey root) throws NoSuchAlgorithmExceptio
PublicKey next_key = this.keys.get(i);
byte[] signature = this.signatures.get(i);

System.out.println("verifying block "+i+" with current key "+current_key.toHex()+" block "+block+" next key "+next_key.toHex()+" signature "+signature);
Signature sgr = new EdDSAEngine(MessageDigest.getInstance(KeyPair.ed25519.getHashAlgorithm()));
ByteBuffer algo_buf = ByteBuffer.allocate(4).order(ByteOrder.LITTLE_ENDIAN);
algo_buf.putInt(Integer.valueOf(next.public_key().algorithm.getNumber()));
Expand All @@ -88,17 +87,13 @@ public Either<Error, Void> verify(PublicKey root) throws NoSuchAlgorithmExceptio
if (sgr.verify(signature)) {
current_key = next_key;
} else {
System.out.println("signature not verified");
return Left(new Error.FormatError.Signature.InvalidSignature("signature error: Verification equation was not satisfied"));
}
}

if(this.next.public_key == current_key.key) {
return Right(null);
} else {
System.out.println("current key and next public key not equal:");
System.out.println("current: "+current_key.toHex());
System.out.println("next: "+this.next.public_key().toHex());
return Left(new Error.FormatError.Signature.InvalidSignature("signature error: Verification equation was not satisfied"));
}
}
Expand Down
31 changes: 4 additions & 27 deletions src/main/java/org/biscuitsec/biscuit/datalog/SymbolTable.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ public final class SymbolTable implements Serializable {

private final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ISO_INSTANT;

private String fromEpochIsoDate(long epochSec) {
public String fromEpochIsoDate(long epochSec) {
return Instant.ofEpochSecond(epochSec).atOffset(ZoneOffset.ofTotalSeconds(0)).format(dateTimeFormatter);
}

Expand Down Expand Up @@ -137,31 +137,6 @@ public Option<PublicKey> get_pk(int i) {
}
}

public String print_id(final Term value) {
String _s = "";
if (value instanceof Term.Bool) {
_s = Boolean.toString(((Term.Bool) value).value());
} else if (value instanceof Term.Bytes) {
_s = TokenSignature.hex(((Term.Bytes) value).value());
} else if (value instanceof Term.Date) {
_s = fromEpochIsoDate(((Term.Date) value).value());
} else if (value instanceof Term.Integer) {
_s = Long.toString(((Term.Integer) value).value());
} else if (value instanceof Term.Set) {
Term.Set idset = (Term.Set) value;
if (idset.value().size() > 0) {
_s = "[ ";
_s += String.join(", ", idset.value().stream().map((id) -> print_id(id)).collect(Collectors.toList()));
_s += " ]";
}
} else if (value instanceof Term.Str) {
_s = "\"" + print_symbol((int) ((Term.Str) value).value()) + "\"";
} else if (value instanceof Term.Variable) {
_s = "$" + print_symbol((int) ((Term.Variable) value).value());
}
return _s;
}

public String print_rule(final Rule r) {
String res = this.print_predicate(r.head());
res += " <- " + this.print_rule_body(r);
Expand Down Expand Up @@ -218,14 +193,16 @@ public String print_predicate(final Predicate p) {
public String print_term(final Term i) {
if (i instanceof Term.Variable) {
return "$" + this.print_symbol((int) ((Term.Variable) i).value());
} else if(i instanceof Term.Bool) {
return i.toString();
} else if (i instanceof Term.Date) {
return fromEpochIsoDate(((Term.Date) i).value());
} else if (i instanceof Term.Integer) {
return "" + ((Term.Integer) i).value();
} else if (i instanceof Term.Str) {
return "\"" + this.print_symbol((int) ((Term.Str) i).value()) + "\"";
} else if (i instanceof Term.Bytes) {
return "hex:" + Utils.byteArrayToHexString(((Term.Bytes) i).value());
return "hex:" + Utils.byteArrayToHexString(((Term.Bytes) i).value()).toLowerCase();
} else if (i instanceof Term.Set) {
final List<String> values = ((Term.Set) i).value().stream().map((v) -> this.print_term(v)).collect(Collectors.toList());
return "[" + String.join(", ", values) + "]";
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/biscuitsec/biscuit/datalog/expressions/Op.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ public boolean evaluate(Deque<Term> stack, Map<Long, Term> variables, TemporaryS

@Override
public String print(Deque<String> stack, SymbolTable symbols) {
String s = symbols.print_id(value);
String s = symbols.print_term(value);
stack.push(s);
return s;
}
Expand Down
51 changes: 42 additions & 9 deletions src/main/java/org/biscuitsec/biscuit/token/Authorizer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@
import io.vavr.control.Either;
import io.vavr.control.Option;
import org.biscuitsec.biscuit.datalog.Scope;
import org.biscuitsec.biscuit.token.builder.Check;
import org.biscuitsec.biscuit.token.builder.Fact;
import org.biscuitsec.biscuit.token.builder.Term;
import org.biscuitsec.biscuit.token.builder.parser.Parser;

Expand All @@ -27,7 +29,6 @@
public class Authorizer {
Biscuit token;
List<org.biscuitsec.biscuit.token.builder.Check> checks;
List<List<org.biscuitsec.biscuit.datalog.Check>> token_checks;
List<Policy> policies;
List<Scope> scopes;
HashMap<Long, List<Long>> publicKeyToBlockId;
Expand All @@ -41,7 +42,6 @@ private Authorizer(Biscuit token, World w) throws Error.FailedLogic {
this.checks = new ArrayList<>();
this.policies = new ArrayList<>();
this.scopes = new ArrayList<>();
this.token_checks = this.token.checks();
this.publicKeyToBlockId = new HashMap<>();
update_on_token();
}
Expand All @@ -57,17 +57,15 @@ public Authorizer() {
this.symbols = Biscuit.default_symbol_table();
this.checks = new ArrayList<>();
this.policies = new ArrayList<>();
this.token_checks = new ArrayList<>();
this.scopes = new ArrayList<>();
this.publicKeyToBlockId = new HashMap<>();
}

private Authorizer(Biscuit token, List<org.biscuitsec.biscuit.token.builder.Check> checks, List<Policy> policies,
List<List<org.biscuitsec.biscuit.datalog.Check>> token_checks, World world, SymbolTable symbols) {
World world, SymbolTable symbols) {
this.token = token;
this.checks = checks;
this.policies = policies;
this.token_checks = token_checks;
this.world = world;
this.symbols = symbols;
this.scopes = new ArrayList<>();
Expand All @@ -88,7 +86,7 @@ static public Authorizer make(Biscuit token) throws Error.FailedLogic {

public Authorizer clone() {
return new Authorizer(this.token, new ArrayList<>(this.checks), new ArrayList<>(this.policies),
new ArrayList<>(this.token_checks), new World(this.world), new SymbolTable(this.symbols));
new World(this.world), new SymbolTable(this.symbols));
}

public void update_on_token() throws Error.FailedLogic {
Expand Down Expand Up @@ -592,7 +590,6 @@ public Long authorize(RunLimits limits) throws Error {
}

public String print_world() {
//FIXME
StringBuilder facts = new StringBuilder();
for(Map.Entry<Origin, HashSet<org.biscuitsec.biscuit.datalog.Fact>> entry: this.world.facts().facts().entrySet()) {
facts.append("\n\t\t"+entry.getKey()+":");
Expand All @@ -601,7 +598,6 @@ public String print_world() {
facts.append(this.symbols.print_fact(f));
}
}
//final List<String> facts = this.world.facts().facts().entrySet().stream().map((f) -> this.symbols.print_fact(f)).collect(Collectors.toList());
final List<String> rules = this.world.rules().stream().map((r) -> this.symbols.print_rule(r)).collect(Collectors.toList());

List<String> checks = new ArrayList<>();
Expand Down Expand Up @@ -633,4 +629,41 @@ public String print_world() {
String.join(",\n\t\t", checks) +
"\n\t]\n}";
}
}

public List<Fact> facts() {
return this.world.facts().stream()
.map((f) -> org.biscuitsec.biscuit.token.builder.Fact.convert_from(f, this.symbols))
.collect(Collectors.toList());
}

public List<org.biscuitsec.biscuit.token.builder.Rule> rules() {
return this.world.rules().stream()
.map((r) -> org.biscuitsec.biscuit.token.builder.Rule.convert_from(r, this.symbols))
.collect(Collectors.toList());
}

public List<Check> checks() {
List<Check> checks = new ArrayList<>(this.checks);
for(org.biscuitsec.biscuit.datalog.Check check: this.token.authority.checks) {
checks.add(Check.convert_from(check, token.symbols));
}
for(Block block: this.token.blocks) {
if(block.externalKey.isDefined()) {
SymbolTable blockSymbols = new SymbolTable(block.symbols.symbols, token.symbols.publicKeys());
for(org.biscuitsec.biscuit.datalog.Check check: block.checks) {
checks.add(Check.convert_from(check, blockSymbols));
}
} else {
for(org.biscuitsec.biscuit.datalog.Check check: block.checks) {
checks.add(Check.convert_from(check, token.symbols));
}
}
}

return checks;
}

public List<Policy> policies() {
return this.policies;
}
}
7 changes: 5 additions & 2 deletions src/main/java/org/biscuitsec/biscuit/token/Policy.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;

public class Policy {
public enum Kind {
Expand All @@ -29,11 +30,13 @@ public Policy(Rule query, Kind kind) {

@Override
public String toString() {
final List<String> qs = queries.stream().map((q) -> q.bodyToString()).collect(Collectors.toList());

switch(this.kind) {
case Allow:
return "allow if "+queries;
return "allow if "+String.join(" or ", qs);
case Deny:
return "deny if "+queries;
return "deny if "+String.join(" or ", qs);
}
return null;
}
Expand Down
6 changes: 6 additions & 0 deletions src/main/java/org/biscuitsec/biscuit/token/RevocationIdentifier.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package org.biscuitsec.biscuit.token;

import org.biscuitsec.biscuit.token.builder.Utils;

import java.util.Base64;

public class RevocationIdentifier {
Expand All @@ -26,6 +28,10 @@ public String serialize_b64url() {
return Base64.getEncoder().encodeToString(this.bytes);
}

public String toHex() {
return Utils.byteArrayToHexString(this.bytes).toLowerCase();
}

public static RevocationIdentifier from_bytes(byte[] bytes) {
return new RevocationIdentifier(bytes);
}
Expand Down
17 changes: 1 addition & 16 deletions src/main/java/org/biscuitsec/biscuit/token/builder/Check.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,22 +46,7 @@ public static Check convert_from(org.biscuitsec.biscuit.datalog.Check r, SymbolT

@Override
public String toString() {
final List<String> qs = queries.stream().map((q) -> {
final List<String> b = q.body.stream().map((pred) -> pred.toString()).collect(Collectors.toList());
String res = String.join(", ", b);

if(!q.expressions.isEmpty()) {
final List<String> e = q.expressions.stream().map((expression) -> expression.toString()).collect(Collectors.toList());
res += ", "+ String.join(", ", e);
}

if(!q.scopes.isEmpty()) {
final List<String> e = q.scopes.stream().map((scope) -> scope.toString()).collect(Collectors.toList());
res += " trusting " + String.join(", ", e);
}

return res;
}).collect(Collectors.toList());
final List<String> qs = queries.stream().map((q) -> q.bodyToString()).collect(Collectors.toList());

if(kind == One) {
return "check if " + String.join(" or ", qs);
Expand Down
67 changes: 55 additions & 12 deletions src/main/java/org/biscuitsec/biscuit/token/builder/Expression.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,9 +178,7 @@ public int hashCode() {

@Override
public String toString() {
return "Value{" +
"value=" + value +
'}';
return value.toString();
}
}

Expand Down Expand Up @@ -233,10 +231,15 @@ public int hashCode() {

@Override
public String toString() {
return "Unary{" +
"op=" + op +
", arg1=" + arg1 +
'}';
switch(op) {
case Negate:
return "!"+arg1;
case Parens:
return "("+arg1+")";
case Length:
return arg1.toString()+".length()";
}
return "";
}
}

Expand Down Expand Up @@ -349,11 +352,51 @@ public int hashCode() {

@Override
public String toString() {
return "Binary{" +
"op=" + op +
", arg1=" + arg1 +
", arg2=" + arg2 +
'}';
switch(op) {
case LessThan:
return arg1.toString() + " < " + arg2.toString();
case GreaterThan:
return arg1.toString() + " > " + arg2.toString();
case LessOrEqual:
return arg1.toString() + " <= " + arg2.toString();
case GreaterOrEqual:
return arg1.toString() + " >= " + arg2.toString();
case Equal:
return arg1.toString() + " == " + arg2.toString();
case NotEqual:
return arg1.toString() + " != " + arg2.toString();
case Contains:
return arg1.toString() + ".contains(" + arg2.toString()+")";
case Prefix:
return arg1.toString() + ".starts_with(" + arg2.toString()+")";
case Suffix:
return arg1.toString() + ".ends_with(" + arg2.toString()+")";
case Regex:
return arg1.toString() + ".matches(" + arg2.toString()+")";
case Add:
return arg1.toString() + " + " + arg2.toString();
case Sub:
return arg1.toString() + " - " + arg2.toString();
case Mul:
return arg1.toString() + " * " + arg2.toString();
case Div:
return arg1.toString() + " / " + arg2.toString();
case And:
return arg1.toString() + " && " + arg2.toString();
case Or:
return arg1.toString() + " || " + arg2.toString();
case Intersection:
return arg1.toString() + ".intersection(" + arg2.toString()+")";
case Union:
return arg1.toString() + ".union(" + arg2.toString()+")";
case BitwiseAnd:
return arg1.toString() + " & " + arg2.toString();
case BitwiseOr:
return arg1.toString() + " | " + arg2.toString();
case BitwiseXor:
return arg1.toString() + " ^ " + arg2.toString();
}
return "";
}
}
}
2 changes: 1 addition & 1 deletion src/main/java/org/biscuitsec/biscuit/token/builder/Fact.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ public static Fact convert_from(org.biscuitsec.biscuit.datalog.Fact f, SymbolTab
public String toString() {
Fact f = this.clone();
f.apply_variables();
return "fact(" + f.predicate + ")";
return f.predicate.toString();
}

public String name() {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/biscuitsec/biscuit/token/builder/Predicate.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public static Predicate convert_from(org.biscuitsec.biscuit.datalog.Predicate p,

@Override
public String toString() {
final List<String> i = terms.stream().map((id) -> id.toString()).collect(Collectors.toList());
final List<String> i = terms.stream().map((term) -> term.toString()).collect(Collectors.toList());
return ""+name+"("+String.join(", ", i)+")";
}

Expand Down
Loading

0 comments on commit 5658ad4

Please sign in to comment.