diff --git a/pom.xml b/pom.xml
index de8c9deb..4e242e1f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -35,13 +35,13 @@
0.10.3
1.6
2.8.9
- 1.79
+ 1.80
5.8.2
2.30.2
- 1.20.4
- 1.20.4
+ 1.20.6
+ 1.20.6
@@ -221,7 +221,7 @@
maven-failsafe-plugin
2.22.2
-
+
maven-surefire-plugin
3.2.5
@@ -237,7 +237,7 @@
true
+ implementation="org.apache.maven.plugin.surefire.extensions.junit5.JUnit5StatelessTestsetInfoTreeReporter">
true
true
true
@@ -281,11 +281,6 @@
protobuf-java
${protobuf.version}
-
- net.i2p.crypto
- eddsa
- ${net.i2p.crypto.eddsa.version}
-
io.vavr
vavr
diff --git a/src/main/java/org/biscuitsec/biscuit/crypto/Ed25519KeyPair.java b/src/main/java/org/biscuitsec/biscuit/crypto/Ed25519KeyPair.java
index 7b7815d0..d57fcdf8 100644
--- a/src/main/java/org/biscuitsec/biscuit/crypto/Ed25519KeyPair.java
+++ b/src/main/java/org/biscuitsec/biscuit/crypto/Ed25519KeyPair.java
@@ -1,81 +1,52 @@
package org.biscuitsec.biscuit.crypto;
-import biscuit.format.schema.Schema;
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import net.i2p.crypto.eddsa.EdDSAEngine;
-import net.i2p.crypto.eddsa.EdDSAPrivateKey;
-import net.i2p.crypto.eddsa.EdDSAPublicKey;
-import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
-import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
-import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
-import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import org.biscuitsec.biscuit.token.builder.Utils;
+import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
+import org.bouncycastle.crypto.generators.Ed25519KeyPairGenerator;
+import org.bouncycastle.crypto.params.Ed25519KeyGenerationParameters;
+import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
+import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
+import org.bouncycastle.crypto.signers.Ed25519Signer;
final class Ed25519KeyPair extends KeyPair {
- private static final int BUFFER_SIZE = 32;
-
public static final int SIGNATURE_LENGTH = 64;
- private final EdDSAPrivateKey privateKey;
- private final EdDSAPublicKey publicKey;
-
- private static final EdDSANamedCurveSpec ED_25519 =
- EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519);
+ private final Ed25519PrivateKeyParameters privateKey;
+ private final Ed25519PublicKeyParameters publicKey;
Ed25519KeyPair(byte[] bytes) {
- EdDSAPrivateKeySpec privKeySpec = new EdDSAPrivateKeySpec(bytes, ED_25519);
- EdDSAPrivateKey privKey = new EdDSAPrivateKey(privKeySpec);
-
- EdDSAPublicKeySpec pubKeySpec = new EdDSAPublicKeySpec(privKey.getA(), ED_25519);
- EdDSAPublicKey pubKey = new EdDSAPublicKey(pubKeySpec);
+ Ed25519PrivateKeyParameters privateKey = new Ed25519PrivateKeyParameters(bytes);
+ Ed25519PublicKeyParameters publicKey = privateKey.generatePublicKey();
- this.privateKey = privKey;
- this.publicKey = pubKey;
+ this.privateKey = privateKey;
+ this.publicKey = publicKey;
}
Ed25519KeyPair(SecureRandom rng) {
- byte[] b = new byte[BUFFER_SIZE];
- rng.nextBytes(b);
- EdDSAPrivateKeySpec privKeySpec = new EdDSAPrivateKeySpec(b, ED_25519);
- EdDSAPrivateKey privKey = new EdDSAPrivateKey(privKeySpec);
+ Ed25519KeyPairGenerator kpg = new Ed25519KeyPairGenerator();
+ kpg.init(new Ed25519KeyGenerationParameters(rng));
- EdDSAPublicKeySpec pubKeySpec = new EdDSAPublicKeySpec(privKey.getA(), ED_25519);
- EdDSAPublicKey pubKey = new EdDSAPublicKey(pubKeySpec);
-
- this.privateKey = privKey;
- this.publicKey = pubKey;
- }
-
- Ed25519KeyPair(String hex) {
- this(Utils.hexStringToByteArray(hex));
- }
-
- public static java.security.PublicKey decode(byte[] data) {
- return new EdDSAPublicKey(new EdDSAPublicKeySpec(data, ED_25519));
- }
+ AsymmetricCipherKeyPair kp = kpg.generateKeyPair();
+ Ed25519PrivateKeyParameters privateKey = (Ed25519PrivateKeyParameters) kp.getPrivate();
+ Ed25519PublicKeyParameters publicKey = (Ed25519PublicKeyParameters) kp.getPublic();
- public static Signature getSignature() throws NoSuchAlgorithmException {
- return new EdDSAEngine(MessageDigest.getInstance(ED_25519.getHashAlgorithm()));
+ this.privateKey = privateKey;
+ this.publicKey = publicKey;
}
@Override
- public byte[] sign(byte[] data)
- throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
- Signature sgr = KeyPair.generateSignature(Schema.PublicKey.Algorithm.Ed25519);
- sgr.initSign(privateKey);
- sgr.update(data);
- return sgr.sign();
+ public byte[] sign(byte[] data) {
+ var sgr = new Ed25519Signer();
+ sgr.init(true, this.privateKey);
+ sgr.update(data, 0, data.length);
+ return sgr.generateSignature();
}
@Override
public byte[] toBytes() {
- return privateKey.getSeed();
+ return privateKey.getEncoded();
}
@Override
@@ -85,6 +56,6 @@ public String toHex() {
@Override
public PublicKey getPublicKey() {
- return new PublicKey(Schema.PublicKey.Algorithm.Ed25519, this.publicKey);
+ return new Ed25519PublicKey(this.publicKey);
}
}
diff --git a/src/main/java/org/biscuitsec/biscuit/crypto/Ed25519PublicKey.java b/src/main/java/org/biscuitsec/biscuit/crypto/Ed25519PublicKey.java
new file mode 100644
index 00000000..652fb643
--- /dev/null
+++ b/src/main/java/org/biscuitsec/biscuit/crypto/Ed25519PublicKey.java
@@ -0,0 +1,60 @@
+package org.biscuitsec.biscuit.crypto;
+
+import biscuit.format.schema.Schema.PublicKey.Algorithm;
+import java.util.Arrays;
+import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
+import org.bouncycastle.crypto.signers.Ed25519Signer;
+
+class Ed25519PublicKey extends PublicKey {
+ private final Ed25519PublicKeyParameters publicKey;
+
+ Ed25519PublicKey(final Ed25519PublicKeyParameters publicKey) {
+ super();
+ this.publicKey = publicKey;
+ }
+
+ static Ed25519PublicKey loadEd25519(byte[] data) {
+ return new Ed25519PublicKey(new Ed25519PublicKeyParameters(data));
+ }
+
+ @Override
+ public byte[] toBytes() {
+ return this.publicKey.getEncoded();
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+
+ Ed25519PublicKey publicKey = (Ed25519PublicKey) o;
+
+ return Arrays.equals(this.toBytes(), publicKey.toBytes());
+ }
+
+ @Override
+ public int hashCode() {
+ return this.publicKey.hashCode();
+ }
+
+ @Override
+ public String toString() {
+ return "ed25519/" + toHex().toLowerCase();
+ }
+
+ public Algorithm getAlgorithm() {
+ return Algorithm.Ed25519;
+ }
+
+ @Override
+ public boolean verify(byte[] data, byte[] signature) {
+ var sgr = new Ed25519Signer();
+ sgr.init(false, this.publicKey);
+ sgr.update(data, 0, data.length);
+ return sgr.verifySignature(signature);
+ }
+}
diff --git a/src/main/java/org/biscuitsec/biscuit/crypto/KeyPair.java b/src/main/java/org/biscuitsec/biscuit/crypto/KeyPair.java
index 62498eb5..eba27a3b 100644
--- a/src/main/java/org/biscuitsec/biscuit/crypto/KeyPair.java
+++ b/src/main/java/org/biscuitsec/biscuit/crypto/KeyPair.java
@@ -1,12 +1,8 @@
package org.biscuitsec.biscuit.crypto;
import biscuit.format.schema.Schema.PublicKey.Algorithm;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
-import java.security.Signature;
-import java.security.SignatureException;
-import net.i2p.crypto.eddsa.Utils;
+import org.biscuitsec.biscuit.token.builder.Utils;
/** Private and public key. */
public abstract class KeyPair implements Signer {
@@ -16,7 +12,7 @@ public static KeyPair generate(Algorithm algorithm) {
}
public static KeyPair generate(Algorithm algorithm, String hex) {
- return generate(algorithm, Utils.hexToBytes(hex));
+ return generate(algorithm, Utils.hexStringToByteArray(hex));
}
public static KeyPair generate(Algorithm algorithm, byte[] bytes) {
@@ -39,24 +35,6 @@ public static KeyPair generate(Algorithm algorithm, SecureRandom rng) {
}
}
- public static Signature generateSignature(Algorithm algorithm) throws NoSuchAlgorithmException {
- if (algorithm == Algorithm.Ed25519) {
- return Ed25519KeyPair.getSignature();
- } else if (algorithm == Algorithm.SECP256R1) {
- return SECP256R1KeyPair.getSignature();
- } else {
- throw new NoSuchAlgorithmException("Unsupported algorithm");
- }
- }
-
- public static boolean verify(PublicKey publicKey, byte[] data, byte[] signature)
- throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
- Signature sgr = KeyPair.generateSignature(publicKey.getAlgorithm());
- sgr.initVerify(publicKey.getKey());
- sgr.update(data);
- return sgr.verify(signature);
- }
-
public abstract byte[] toBytes();
public abstract String toHex();
diff --git a/src/main/java/org/biscuitsec/biscuit/crypto/PublicKey.java b/src/main/java/org/biscuitsec/biscuit/crypto/PublicKey.java
index aced9765..30c0eaab 100644
--- a/src/main/java/org/biscuitsec/biscuit/crypto/PublicKey.java
+++ b/src/main/java/org/biscuitsec/biscuit/crypto/PublicKey.java
@@ -3,58 +3,34 @@
import biscuit.format.schema.Schema;
import biscuit.format.schema.Schema.PublicKey.Algorithm;
import com.google.protobuf.ByteString;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
import java.util.Optional;
import java.util.Set;
-import net.i2p.crypto.eddsa.EdDSAPublicKey;
import org.biscuitsec.biscuit.error.Error;
import org.biscuitsec.biscuit.token.builder.Utils;
-import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
-public final class PublicKey {
-
- private final java.security.PublicKey key;
- private final Algorithm algorithm;
+public abstract class PublicKey {
private static final Set SUPPORTED_ALGORITHMS =
Set.of(Algorithm.Ed25519, Algorithm.SECP256R1);
- public PublicKey(Algorithm algorithm, java.security.PublicKey publicKey) {
- this.key = publicKey;
- this.algorithm = algorithm;
- }
-
- public PublicKey(Algorithm algorithm, byte[] data) {
+ public static PublicKey load(Algorithm algorithm, byte[] data) {
if (algorithm == Algorithm.Ed25519) {
- this.key = Ed25519KeyPair.decode(data);
+ return Ed25519PublicKey.loadEd25519(data);
} else if (algorithm == Algorithm.SECP256R1) {
- this.key = SECP256R1KeyPair.decode(data);
+ return SECP256R1PublicKey.loadSECP256R1(data);
} else {
- throw new IllegalArgumentException("Invalid algorithm");
+ throw new IllegalArgumentException("Unsupported algorithm");
}
- this.algorithm = algorithm;
}
- public PublicKey(Algorithm algorithm, String hex) {
- byte[] data = Utils.hexStringToByteArray(hex);
- if (algorithm == Algorithm.Ed25519) {
- this.key = Ed25519KeyPair.decode(data);
- } else if (algorithm == Algorithm.SECP256R1) {
- this.key = SECP256R1KeyPair.decode(data);
- } else {
- throw new IllegalArgumentException("Invalid algorithm");
- }
- this.algorithm = algorithm;
+ public static PublicKey load(Algorithm algorithm, String hex) {
+ return load(algorithm, Utils.hexStringToByteArray(hex));
}
- public byte[] toBytes() {
- if (this.algorithm == Algorithm.Ed25519) {
- return ((EdDSAPublicKey) getKey()).getAbyte();
- } else if (this.algorithm == Algorithm.SECP256R1) {
- return ((BCECPublicKey) getKey()).getQ().getEncoded(true); // true = compressed
- } else {
- throw new IllegalArgumentException("Invalid algorithm");
- }
- }
+ public abstract byte[] toBytes();
public String toHex() {
return Utils.byteArrayToHexString(this.toBytes());
@@ -63,7 +39,7 @@ public String toHex() {
public Schema.PublicKey serialize() {
Schema.PublicKey.Builder publicKey = Schema.PublicKey.newBuilder();
publicKey.setKey(ByteString.copyFrom(this.toBytes()));
- publicKey.setAlgorithm(this.algorithm);
+ publicKey.setAlgorithm(this.getAlgorithm());
return publicKey.build();
}
@@ -72,7 +48,7 @@ public static PublicKey deserialize(Schema.PublicKey pk)
if (!pk.hasAlgorithm() || !pk.hasKey() || !SUPPORTED_ALGORITHMS.contains(pk.getAlgorithm())) {
throw new Error.FormatError.DeserializationError("Invalid public key");
}
- return new PublicKey(pk.getAlgorithm(), pk.getKey().toByteArray());
+ return PublicKey.load(pk.getAlgorithm(), pk.getKey().toByteArray());
}
public static Optional validateSignatureLength(Algorithm algorithm, int length) {
@@ -93,41 +69,8 @@ public static Optional validateSignatureLength(Algorithm algorithm, int l
return error;
}
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
- if (o == null || getClass() != o.getClass()) {
- return false;
- }
-
- PublicKey publicKey = (PublicKey) o;
-
- return this.key.equals(publicKey.getKey());
- }
-
- @Override
- public int hashCode() {
- return getKey().hashCode();
- }
-
- @Override
- public String toString() {
- if (this.algorithm == Algorithm.Ed25519) {
- return "ed25519/" + toHex().toLowerCase();
- } else if (this.algorithm == Algorithm.SECP256R1) {
- return "secp256r1/" + toHex().toLowerCase();
- } else {
- return null;
- }
- }
+ public abstract Algorithm getAlgorithm();
- public java.security.PublicKey getKey() {
- return this.key;
- }
-
- public Algorithm getAlgorithm() {
- return this.algorithm;
- }
+ public abstract boolean verify(byte[] data, byte[] signature)
+ throws InvalidKeyException, SignatureException, NoSuchAlgorithmException;
}
diff --git a/src/main/java/org/biscuitsec/biscuit/crypto/SECP256R1KeyPair.java b/src/main/java/org/biscuitsec/biscuit/crypto/SECP256R1KeyPair.java
index c7d4aa5f..c1373067 100644
--- a/src/main/java/org/biscuitsec/biscuit/crypto/SECP256R1KeyPair.java
+++ b/src/main/java/org/biscuitsec/biscuit/crypto/SECP256R1KeyPair.java
@@ -1,6 +1,5 @@
package org.biscuitsec.biscuit.crypto;
-import biscuit.format.schema.Schema;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
@@ -27,15 +26,14 @@ final class SECP256R1KeyPair extends KeyPair {
private final BCECPrivateKey privateKey;
private final BCECPublicKey publicKey;
- private static final String ALGORITHM = "ECDSA";
- private static final String CURVE = "secp256r1";
- private static final ECNamedCurveParameterSpec SECP256R1 =
- ECNamedCurveTable.getParameterSpec(CURVE);
-
static {
Security.addProvider(new BouncyCastleProvider());
}
+ static final String ALGORITHM = "ECDSA";
+ static final String CURVE = "secp256r1";
+ static final ECNamedCurveParameterSpec SECP256R1 = ECNamedCurveTable.getParameterSpec(CURVE);
+
SECP256R1KeyPair(byte[] bytes) {
var privateKeySpec = new ECPrivateKeySpec(BigIntegers.fromUnsignedByteArray(bytes), SECP256R1);
var privateKey =
@@ -65,24 +63,14 @@ final class SECP256R1KeyPair extends KeyPair {
this.publicKey = publicKey;
}
- SECP256R1KeyPair(String hex) {
- this(Utils.hexStringToByteArray(hex));
- }
-
- public static java.security.PublicKey decode(byte[] data) {
- var params = ECNamedCurveTable.getParameterSpec(CURVE);
- var spec = new ECPublicKeySpec(params.getCurve().decodePoint(data), params);
- return new BCECPublicKey(ALGORITHM, spec, BouncyCastleProvider.CONFIGURATION);
- }
-
- public static Signature getSignature() throws NoSuchAlgorithmException {
+ static Signature getSignature() throws NoSuchAlgorithmException {
return Signature.getInstance("SHA256withECDSA", new BouncyCastleProvider());
}
@Override
public byte[] sign(byte[] data)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
- Signature sgr = KeyPair.generateSignature(Schema.PublicKey.Algorithm.SECP256R1);
+ Signature sgr = getSignature();
sgr.initSign(privateKey);
sgr.update(data);
return sgr.sign();
@@ -100,6 +88,6 @@ public String toHex() {
@Override
public PublicKey getPublicKey() {
- return new PublicKey(Schema.PublicKey.Algorithm.SECP256R1, publicKey);
+ return new SECP256R1PublicKey(this.publicKey);
}
}
diff --git a/src/main/java/org/biscuitsec/biscuit/crypto/SECP256R1PublicKey.java b/src/main/java/org/biscuitsec/biscuit/crypto/SECP256R1PublicKey.java
new file mode 100644
index 00000000..4e7d46be
--- /dev/null
+++ b/src/main/java/org/biscuitsec/biscuit/crypto/SECP256R1PublicKey.java
@@ -0,0 +1,74 @@
+package org.biscuitsec.biscuit.crypto;
+
+import static org.biscuitsec.biscuit.crypto.SECP256R1KeyPair.CURVE;
+import static org.biscuitsec.biscuit.crypto.SECP256R1KeyPair.getSignature;
+
+import biscuit.format.schema.Schema.PublicKey.Algorithm;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
+import java.util.Arrays;
+import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
+import org.bouncycastle.jce.ECNamedCurveTable;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jce.spec.ECPublicKeySpec;
+
+@SuppressWarnings("checkstyle:AbbreviationAsWordInName")
+class SECP256R1PublicKey extends PublicKey {
+
+ private final BCECPublicKey publicKey;
+
+ SECP256R1PublicKey(BCECPublicKey publicKey) {
+ super();
+ this.publicKey = publicKey;
+ }
+
+ static SECP256R1PublicKey loadSECP256R1(byte[] data) {
+ var params = ECNamedCurveTable.getParameterSpec(CURVE);
+ var spec = new ECPublicKeySpec(params.getCurve().decodePoint(data), params);
+ return new SECP256R1PublicKey(
+ new BCECPublicKey(SECP256R1KeyPair.ALGORITHM, spec, BouncyCastleProvider.CONFIGURATION));
+ }
+
+ @Override
+ public byte[] toBytes() {
+ return this.publicKey.getQ().getEncoded(true);
+ } // true : compressed
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+
+ SECP256R1PublicKey publicKey = (SECP256R1PublicKey) o;
+
+ return Arrays.equals(this.toBytes(), publicKey.toBytes());
+ }
+
+ @Override
+ public int hashCode() {
+ return this.publicKey.hashCode();
+ }
+
+ @Override
+ public String toString() {
+ return "secp256r1/" + toHex().toLowerCase();
+ }
+
+ public Algorithm getAlgorithm() {
+ return Algorithm.SECP256R1;
+ }
+
+ @Override
+ public boolean verify(byte[] data, byte[] signature)
+ throws InvalidKeyException, SignatureException, NoSuchAlgorithmException {
+ var sgr = getSignature();
+ sgr.initVerify(this.publicKey);
+ sgr.update(data);
+ return sgr.verify(signature);
+ }
+}
diff --git a/src/main/java/org/biscuitsec/biscuit/crypto/Token.java b/src/main/java/org/biscuitsec/biscuit/crypto/Token.java
index 63a2eb0b..093b2ef4 100644
--- a/src/main/java/org/biscuitsec/biscuit/crypto/Token.java
+++ b/src/main/java/org/biscuitsec/biscuit/crypto/Token.java
@@ -64,7 +64,7 @@ public Either verify(PublicKey root)
byte[] signature = this.signatures.get(i);
byte[] payload = BlockSignatureBuffer.getBufferSignature(nextKey, block);
- if (KeyPair.verify(currentKey, payload, signature)) {
+ if (currentKey.verify(payload, signature)) {
currentKey = nextKey;
} else {
return Left(
diff --git a/src/main/java/org/biscuitsec/biscuit/datalog/Combinator.java b/src/main/java/org/biscuitsec/biscuit/datalog/Combinator.java
index 7dc8f8e4..3fd25191 100644
--- a/src/main/java/org/biscuitsec/biscuit/datalog/Combinator.java
+++ b/src/main/java/org/biscuitsec/biscuit/datalog/Combinator.java
@@ -119,7 +119,10 @@ public Option>> getNext() {
// no need to copy all the expressions at all levels
this.currentIt =
new Combinator(
- vars, predicates.subList(1, predicates.size()), this.allFacts, this.symbolTable);
+ vars,
+ predicates.subList(1, predicates.size()),
+ this.allFacts,
+ this.symbolTable);
}
break;
diff --git a/src/main/java/org/biscuitsec/biscuit/datalog/MatchedVariables.java b/src/main/java/org/biscuitsec/biscuit/datalog/MatchedVariables.java
index 6f55d192..770cb952 100644
--- a/src/main/java/org/biscuitsec/biscuit/datalog/MatchedVariables.java
+++ b/src/main/java/org/biscuitsec/biscuit/datalog/MatchedVariables.java
@@ -64,8 +64,8 @@ public MatchedVariables(final Set ids) {
}
}
- public Option> checkExpressions(List expressions, SymbolTable symbolTable)
- throws Error {
+ public Option> checkExpressions(
+ List expressions, SymbolTable symbolTable) throws Error {
final Option> vars = this.complete();
if (vars.isDefined()) {
Map variables = vars.get();
diff --git a/src/main/java/org/biscuitsec/biscuit/datalog/Rule.java b/src/main/java/org/biscuitsec/biscuit/datalog/Rule.java
index 6ae5e4ea..4d2b4536 100644
--- a/src/main/java/org/biscuitsec/biscuit/datalog/Rule.java
+++ b/src/main/java/org/biscuitsec/biscuit/datalog/Rule.java
@@ -127,7 +127,8 @@ private MatchedVariables variablesSet() {
// do not produce new facts, only find one matching set of facts
public boolean findMatch(
- final FactSet facts, Long origin, TrustedOrigins scope, SymbolTable symbolTable) throws Error {
+ final FactSet facts, Long origin, TrustedOrigins scope, SymbolTable symbolTable)
+ throws Error {
MatchedVariables variables = variablesSet();
if (this.body.isEmpty()) {
@@ -135,7 +136,8 @@ public boolean findMatch(
}
Supplier>> factsSupplier = () -> facts.stream(scope);
- Stream>> stream = this.apply(factsSupplier, origin, symbolTable);
+ Stream>> stream =
+ this.apply(factsSupplier, origin, symbolTable);
Iterator>> it = stream.iterator();
diff --git a/src/main/java/org/biscuitsec/biscuit/datalog/World.java b/src/main/java/org/biscuitsec/biscuit/datalog/World.java
index 2ebdbe9f..a7a89108 100644
--- a/src/main/java/org/biscuitsec/biscuit/datalog/World.java
+++ b/src/main/java/org/biscuitsec/biscuit/datalog/World.java
@@ -90,13 +90,14 @@ public RuleSet getRules() {
return this.rules;
}
- public FactSet queryRule(final Rule rule, Long origin, TrustedOrigins scope, SymbolTable symbolTable)
- throws Error {
+ public FactSet queryRule(
+ final Rule rule, Long origin, TrustedOrigins scope, SymbolTable symbolTable) throws Error {
final FactSet newFacts = new FactSet();
Supplier>> factsSupplier = () -> this.facts.stream(scope);
- Stream>> stream = rule.apply(factsSupplier, origin, symbolTable);
+ Stream>> stream =
+ rule.apply(factsSupplier, origin, symbolTable);
for (Iterator>> it = stream.iterator(); it.hasNext(); ) {
Either> res = it.next();
@@ -111,8 +112,8 @@ public FactSet queryRule(final Rule rule, Long origin, TrustedOrigins scope, Sym
return newFacts;
}
- public boolean queryMatch(final Rule rule, Long origin, TrustedOrigins scope, SymbolTable symbolTable)
- throws Error {
+ public boolean queryMatch(
+ final Rule rule, Long origin, TrustedOrigins scope, SymbolTable symbolTable) throws Error {
return rule.findMatch(this.facts, origin, scope, symbolTable);
}
diff --git a/src/main/java/org/biscuitsec/biscuit/datalog/expressions/Op.java b/src/main/java/org/biscuitsec/biscuit/datalog/expressions/Op.java
index 8353381e..a1af1e4e 100644
--- a/src/main/java/org/biscuitsec/biscuit/datalog/expressions/Op.java
+++ b/src/main/java/org/biscuitsec/biscuit/datalog/expressions/Op.java
@@ -52,7 +52,8 @@ public Term getValue() {
}
@Override
- public void evaluate(Deque stack, Map variables, TemporarySymbolTable temporarySymbolTable)
+ public void evaluate(
+ Deque stack, Map variables, TemporarySymbolTable temporarySymbolTable)
throws Error.Execution {
if (value instanceof Term.Variable) {
Term.Variable var = (Term.Variable) value;
@@ -126,7 +127,8 @@ public UnaryOp getOp() {
}
@Override
- public void evaluate(Deque stack, Map variables, TemporarySymbolTable temporarySymbolTable)
+ public void evaluate(
+ Deque stack, Map variables, TemporarySymbolTable temporarySymbolTable)
throws Error.Execution {
Term value = stack.pop();
switch (this.op) {
@@ -287,7 +289,8 @@ public BinaryOp getOp() {
}
@Override
- public void evaluate(Deque stack, Map variables, TemporarySymbolTable temporarySymbolTable)
+ public void evaluate(
+ Deque stack, Map variables, TemporarySymbolTable temporarySymbolTable)
throws Error.Execution {
Term right = stack.pop();
Term left = stack.pop();
@@ -398,7 +401,8 @@ public void evaluate(Deque stack, Map variables, TemporarySymb
}
if (left instanceof Term.Str && right instanceof Term.Str) {
Option leftS = temporarySymbolTable.getSymbol((int) ((Term.Str) left).value());
- Option rightS = temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
+ Option rightS =
+ temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
if (leftS.isEmpty()) {
throw new Error.Execution(
@@ -415,7 +419,8 @@ public void evaluate(Deque stack, Map variables, TemporarySymb
case Prefix:
if (right instanceof Term.Str && left instanceof Term.Str) {
Option leftS = temporarySymbolTable.getSymbol((int) ((Term.Str) left).value());
- Option rightS = temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
+ Option rightS =
+ temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
if (leftS.isEmpty()) {
throw new Error.Execution(
"cannot find string in symbols for index " + ((Term.Str) left).value());
@@ -431,7 +436,8 @@ public void evaluate(Deque stack, Map variables, TemporarySymb
case Suffix:
if (right instanceof Term.Str && left instanceof Term.Str) {
Option leftS = temporarySymbolTable.getSymbol((int) ((Term.Str) left).value());
- Option rightS = temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
+ Option rightS =
+ temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
if (leftS.isEmpty()) {
throw new Error.Execution(
"cannot find string in symbols for index " + ((Term.Str) left).value());
@@ -446,7 +452,8 @@ public void evaluate(Deque stack, Map variables, TemporarySymb
case Regex:
if (right instanceof Term.Str && left instanceof Term.Str) {
Option leftS = temporarySymbolTable.getSymbol((int) ((Term.Str) left).value());
- Option rightS = temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
+ Option rightS =
+ temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
if (leftS.isEmpty()) {
throw new Error.Execution(
"cannot find string in symbols for index " + ((Term.Str) left).value());
@@ -474,7 +481,8 @@ public void evaluate(Deque stack, Map variables, TemporarySymb
}
if (right instanceof Term.Str && left instanceof Term.Str) {
Option leftS = temporarySymbolTable.getSymbol((int) ((Term.Str) left).value());
- Option rightS = temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
+ Option rightS =
+ temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
if (leftS.isEmpty()) {
throw new Error.Execution(
diff --git a/src/main/java/org/biscuitsec/biscuit/token/Authorizer.java b/src/main/java/org/biscuitsec/biscuit/token/Authorizer.java
index d9892702..50ff67cf 100644
--- a/src/main/java/org/biscuitsec/biscuit/token/Authorizer.java
+++ b/src/main/java/org/biscuitsec/biscuit/token/Authorizer.java
@@ -274,7 +274,8 @@ public Authorizer addCheck(String s) throws Error.Parser {
public Authorizer setTime() throws Error.Language {
world.addFact(
- Origin.authorizer(), Utils.fact("time", List.of(Utils.date(new Date()))).convert(symbolTable));
+ Origin.authorizer(),
+ Utils.fact("time", List.of(Utils.date(new Date()))).convert(symbolTable));
return this;
}
@@ -649,7 +650,12 @@ public String formatWorld() {
for (int j = 0; j < b.getChecks().size(); j++) {
checks.add(
- "Block[" + (i + 1) + "][" + j + "]: " + blockSymbolTable.formatCheck(b.getChecks().get(j)));
+ "Block["
+ + (i + 1)
+ + "]["
+ + j
+ + "]: "
+ + blockSymbolTable.formatCheck(b.getChecks().get(j)));
}
}
}
@@ -691,7 +697,8 @@ public List>> getChecks() {
List blockChecks = new ArrayList<>();
if (block.getExternalKey().isDefined()) {
- SymbolTable blockSymbolTable = new SymbolTable(block.getSymbolTable(), block.getPublicKeys());
+ SymbolTable blockSymbolTable =
+ new SymbolTable(block.getSymbolTable(), block.getPublicKeys());
for (org.biscuitsec.biscuit.datalog.Check check : block.getChecks()) {
blockChecks.add(Check.convertFrom(check, blockSymbolTable));
}
diff --git a/src/main/java/org/biscuitsec/biscuit/token/Biscuit.java b/src/main/java/org/biscuitsec/biscuit/token/Biscuit.java
index f78110ac..dff6e9ba 100644
--- a/src/main/java/org/biscuitsec/biscuit/token/Biscuit.java
+++ b/src/main/java/org/biscuitsec/biscuit/token/Biscuit.java
@@ -241,7 +241,8 @@ public static Biscuit fromBytesWithSymbols(byte[] data, PublicKey root, SymbolTa
* @param data
* @return
*/
- public static Biscuit fromBytesWithSymbols(byte[] data, KeyDelegate delegate, SymbolTable symbolTable)
+ public static Biscuit fromBytesWithSymbols(
+ byte[] data, KeyDelegate delegate, SymbolTable symbolTable)
throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
// System.out.println("will deserialize and verify token");
SerializedBiscuit ser = SerializedBiscuit.fromBytes(data, delegate);
@@ -255,7 +256,8 @@ public static Biscuit fromBytesWithSymbols(byte[] data, KeyDelegate delegate, Sy
*
* @return
*/
- static Biscuit fromSerializedBiscuit(SerializedBiscuit ser, SymbolTable symbolTable) throws Error {
+ static Biscuit fromSerializedBiscuit(SerializedBiscuit ser, SymbolTable symbolTable)
+ throws Error {
Tuple2> t = ser.extractBlocks(symbolTable);
Block authority = t._1;
ArrayList blocks = t._2;
diff --git a/src/main/java/org/biscuitsec/biscuit/token/Block.java b/src/main/java/org/biscuitsec/biscuit/token/Block.java
index c87ba63d..ae7b8451 100644
--- a/src/main/java/org/biscuitsec/biscuit/token/Block.java
+++ b/src/main/java/org/biscuitsec/biscuit/token/Block.java
@@ -485,7 +485,6 @@ public List getChecks() {
return Collections.unmodifiableList(checks);
}
-
public List getPublicKeys() {
return Collections.unmodifiableList(this.publicKeys);
}
diff --git a/src/main/java/org/biscuitsec/biscuit/token/UnverifiedBiscuit.java b/src/main/java/org/biscuitsec/biscuit/token/UnverifiedBiscuit.java
index dc49be95..dfd4dfbd 100644
--- a/src/main/java/org/biscuitsec/biscuit/token/UnverifiedBiscuit.java
+++ b/src/main/java/org/biscuitsec/biscuit/token/UnverifiedBiscuit.java
@@ -87,8 +87,8 @@ public static UnverifiedBiscuit fromBytesWithSymbols(byte[] data, SymbolTable sy
*
* @return UnverifiedBiscuit
*/
- private static UnverifiedBiscuit fromSerializedBiscuit(SerializedBiscuit ser, SymbolTable symbolTable)
- throws Error {
+ private static UnverifiedBiscuit fromSerializedBiscuit(
+ SerializedBiscuit ser, SymbolTable symbolTable) throws Error {
Tuple2> t = ser.extractBlocks(symbolTable);
Block authority = t._1;
ArrayList blocks = t._2;
@@ -265,7 +265,7 @@ public UnverifiedBiscuit appendThirdPartyBlock(
KeyPair nextKeyPair = KeyPair.generate(previousKey.getAlgorithm());
byte[] payload =
BlockSignatureBuffer.getBufferSignature(previousKey, blockResponse.getPayload());
- if (!KeyPair.verify(externalKey, payload, blockResponse.getSignature())) {
+ if (!externalKey.verify(payload, blockResponse.getSignature())) {
throw new Error.FormatError.Signature.InvalidSignature(
"signature error: Verification equation was not satisfied");
}
diff --git a/src/main/java/org/biscuitsec/biscuit/token/builder/Expression.java b/src/main/java/org/biscuitsec/biscuit/token/builder/Expression.java
index e2e99fef..e1d3473a 100644
--- a/src/main/java/org/biscuitsec/biscuit/token/builder/Expression.java
+++ b/src/main/java/org/biscuitsec/biscuit/token/builder/Expression.java
@@ -9,7 +9,8 @@
public abstract class Expression {
- public final org.biscuitsec.biscuit.datalog.expressions.Expression convert(SymbolTable symbolTable) {
+ public final org.biscuitsec.biscuit.datalog.expressions.Expression convert(
+ SymbolTable symbolTable) {
ArrayList ops = new ArrayList<>();
this.toOpcodes(symbolTable, ops);
@@ -162,8 +163,9 @@ public Value(Term value) {
}
public void toOpcodes(
- SymbolTable symbolTable, List ops) {
- ops.add(new org.biscuitsec.biscuit.datalog.expressions.Op.Value(this.value.convert(symbolTable)));
+ SymbolTable symbolTable, List ops) {
+ ops.add(
+ new org.biscuitsec.biscuit.datalog.expressions.Op.Value(this.value.convert(symbolTable)));
}
public void gatherVariables(Set variables) {
@@ -207,7 +209,7 @@ public Unary(Op op, Expression arg1) {
}
public void toOpcodes(
- SymbolTable symbolTable, List ops) {
+ SymbolTable symbolTable, List ops) {
this.arg1.toOpcodes(symbolTable, ops);
switch (this.op) {
@@ -286,7 +288,7 @@ public Binary(Op op, Expression arg1, Expression arg2) {
}
public void toOpcodes(
- SymbolTable symbolTable, List ops) {
+ SymbolTable symbolTable, List ops) {
this.arg1.toOpcodes(symbolTable, ops);
this.arg2.toOpcodes(symbolTable, ops);
diff --git a/src/main/java/org/biscuitsec/biscuit/token/builder/Scope.java b/src/main/java/org/biscuitsec/biscuit/token/builder/Scope.java
index 4c0436e2..3c4047a6 100644
--- a/src/main/java/org/biscuitsec/biscuit/token/builder/Scope.java
+++ b/src/main/java/org/biscuitsec/biscuit/token/builder/Scope.java
@@ -67,7 +67,8 @@ public org.biscuitsec.biscuit.datalog.Scope convert(SymbolTable symbolTable) {
}
}
- public static Scope convertFrom(org.biscuitsec.biscuit.datalog.Scope scope, SymbolTable symbolTable) {
+ public static Scope convertFrom(
+ org.biscuitsec.biscuit.datalog.Scope scope, SymbolTable symbolTable) {
switch (scope.kind()) {
case Authority:
return new Scope(Kind.Authority);
@@ -75,7 +76,8 @@ public static Scope convertFrom(org.biscuitsec.biscuit.datalog.Scope scope, Symb
return new Scope(Kind.Previous);
case PublicKey:
// FIXME error management should bubble up here
- return new Scope(Kind.PublicKey, symbolTable.getPublicKey((int) scope.getPublicKey()).get());
+ return new Scope(
+ Kind.PublicKey, symbolTable.getPublicKey((int) scope.getPublicKey()).get());
default:
return null;
}
diff --git a/src/main/java/org/biscuitsec/biscuit/token/builder/parser/Parser.java b/src/main/java/org/biscuitsec/biscuit/token/builder/parser/Parser.java
index d5b3dfa9..5abff23a 100644
--- a/src/main/java/org/biscuitsec/biscuit/token/builder/parser/Parser.java
+++ b/src/main/java/org/biscuitsec/biscuit/token/builder/parser/Parser.java
@@ -442,12 +442,12 @@ public static Either> publicKey(String s) {
s = s.substring("ed25519/".length());
Tuple2 t = hex(s);
return Either.right(
- new Tuple2(t._1, new PublicKey(Schema.PublicKey.Algorithm.Ed25519, t._2)));
+ new Tuple2(t._1, PublicKey.load(Schema.PublicKey.Algorithm.Ed25519, t._2)));
} else if (s.startsWith("secp256r1/")) {
s = s.substring("secp256r1/".length());
Tuple2 t = hex(s);
return Either.right(
- new Tuple2(t._1, new PublicKey(Schema.PublicKey.Algorithm.SECP256R1, t._2)));
+ new Tuple2(t._1, PublicKey.load(Schema.PublicKey.Algorithm.SECP256R1, t._2)));
} else {
return Either.left(new Error(s, "unrecognized public key prefix"));
}
diff --git a/src/main/java/org/biscuitsec/biscuit/token/format/SerializedBiscuit.java b/src/main/java/org/biscuitsec/biscuit/token/format/SerializedBiscuit.java
index 78d2c502..d2d262fc 100644
--- a/src/main/java/org/biscuitsec/biscuit/token/format/SerializedBiscuit.java
+++ b/src/main/java/org/biscuitsec/biscuit/token/format/SerializedBiscuit.java
@@ -15,7 +15,6 @@
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
-import java.security.Signature;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.List;
@@ -157,10 +156,16 @@ private static SerializedBiscuit deserialize(Schema.Biscuit data)
external));
}
- if (!(data.getProof().hasNextSecret() ^ data.getProof().hasFinalSignature())) {
+ // One flags between hasNextSecret() and hasFinalSignature() needs to be set
+ if (!data.getProof().hasNextSecret() && !data.getProof().hasFinalSignature()) {
throw new Error.FormatError.DeserializationError("empty proof");
}
+ // Both flags can’t be set at the same time
+ if (data.getProof().hasNextSecret() && data.getProof().hasFinalSignature()) {
+ throw new Error.FormatError.DeserializationError("invalid proof");
+ }
+
final Proof proof =
data.getProof().hasFinalSignature()
? new Proof.FinalSignature(data.getProof().getFinalSignature().toByteArray())
@@ -356,7 +361,7 @@ public Either verify(org.biscuitsec.biscuit.crypto.PublicKey root)
byte[] payload = BlockSignatureBuffer.getBufferSealedSignature(nextKey, block, signature);
- if (KeyPair.verify(currentKey, payload, finalSignature)) {
+ if (currentKey.verify(payload, finalSignature)) {
return Right(null);
} else {
return Left(new Error.FormatError.Signature.SealedSignature());
@@ -382,18 +387,10 @@ static Either verifyBlockSignatu
algoBuf.flip();
byte[] block = signedBlock.getBlock();
- Signature sgr = KeyPair.generateSignature(publicKey.getAlgorithm());
- sgr.initVerify(publicKey.getKey());
- sgr.update(block);
- if (signedBlock.getExternalSignature().isDefined()) {
- sgr.update(signedBlock.getExternalSignature().get().getSignature());
- }
- sgr.update(algoBuf);
- sgr.update(nextKey.toBytes());
byte[] payload =
BlockSignatureBuffer.getBufferSignature(
nextKey, block, signedBlock.getExternalSignature().toJavaOptional());
- if (!KeyPair.verify(publicKey, payload, signature)) {
+ if (!publicKey.verify(payload, signature)) {
return Left(
new Error.FormatError.Signature.InvalidSignature(
"signature error: Verification equation was not satisfied"));
@@ -403,8 +400,7 @@ static Either verifyBlockSignatu
byte[] externalPayload = BlockSignatureBuffer.getBufferSignature(publicKey, block);
ExternalSignature externalSignature = signedBlock.getExternalSignature().get();
- if (!KeyPair.verify(
- externalSignature.getKey(), externalPayload, externalSignature.getSignature())) {
+ if (!externalSignature.getKey().verify(externalPayload, externalSignature.getSignature())) {
return Left(
new Error.FormatError.Signature.InvalidSignature(
"external signature error: Verification equation was not satisfied"));
@@ -477,7 +473,7 @@ public Either seal()
block = this.blocks.get(this.blocks.size() - 1);
}
- KeyPair secretKey = ((Proof.NextSecret) this.proof).secretKey();
+ KeyPair secretKey = this.proof.secretKey();
byte[] payload =
BlockSignatureBuffer.getBufferSealedSignature(
block.getKey(), block.getBlock(), block.getSignature());
@@ -521,7 +517,7 @@ public List getBlocks() {
return blocks;
}
- public Proof getProof() {
+ Proof getProof() {
return proof;
}
diff --git a/src/test/java/org/biscuitsec/biscuit/builder/parser/ParserTest.java b/src/test/java/org/biscuitsec/biscuit/builder/parser/ParserTest.java
index 99d1fd38..df3e38bd 100644
--- a/src/test/java/org/biscuitsec/biscuit/builder/parser/ParserTest.java
+++ b/src/test/java/org/biscuitsec/biscuit/builder/parser/ParserTest.java
@@ -259,7 +259,7 @@ void testRuleWithScope() {
new ArrayList<>(),
Arrays.asList(
Scope.publicKey(
- new PublicKey(
+ PublicKey.load(
Schema.PublicKey.Algorithm.Ed25519,
"6e9e6d5a75cf0c0e87ec1256b4dfed0ca3ba452912d213fcc70f8516583db9db")),
Scope.authority()));
@@ -275,7 +275,7 @@ void testCheck() {
new Tuple2<>(
"",
new Check(
- ONE,
+ ONE,
Arrays.asList(
Utils.rule(
"query",
diff --git a/src/test/java/org/biscuitsec/biscuit/crypto/SignatureTest.java b/src/test/java/org/biscuitsec/biscuit/crypto/SignatureTest.java
index 69a8668a..69054550 100644
--- a/src/test/java/org/biscuitsec/biscuit/crypto/SignatureTest.java
+++ b/src/test/java/org/biscuitsec/biscuit/crypto/SignatureTest.java
@@ -9,9 +9,11 @@
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
+import java.security.Security;
import java.security.SignatureException;
import org.biscuitsec.biscuit.error.Error;
import org.biscuitsec.biscuit.token.Biscuit;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.Test;
/**
@@ -19,6 +21,10 @@
*/
public class SignatureTest {
+ static {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
@Test
public void testSerialize() {
prTestSerialize(Schema.PublicKey.Algorithm.Ed25519, 32);
@@ -27,6 +33,12 @@ public void testSerialize() {
Schema.PublicKey.Algorithm.SECP256R1, 33);
}
+ @Test
+ public void testHex() {
+ prGenSigKeys(Schema.PublicKey.Algorithm.SECP256R1);
+ prGenSigKeys(Schema.PublicKey.Algorithm.Ed25519);
+ }
+
@Test
public void testThreeMessages()
throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
@@ -59,7 +71,7 @@ private static void prTestSerialize(
byte[] serializedPublicKey = pubkey.toBytes();
final KeyPair deserializedSecretKey = KeyPair.generate(algorithm, serializedSecretKey);
- final PublicKey deserializedPublicKey = new PublicKey(algorithm, serializedPublicKey);
+ final PublicKey deserializedPublicKey = PublicKey.load(algorithm, serializedPublicKey);
assertEquals(32, serializedSecretKey.length);
assertEquals(expectedPublicKeyLength, serializedPublicKey.length);
@@ -99,4 +111,20 @@ private static void prTestThreeMessages(Schema.PublicKey.Algorithm algorithm)
Token token3 = token2.append(keypair4, message3.getBytes());
assertEquals(Right(null), token3.verify(root.getPublicKey()));
}
+
+ private static void prGenSigKeys(Schema.PublicKey.Algorithm algorithm) {
+ var keypair = KeyPair.generate(algorithm);
+ var pubKey = keypair.getPublicKey();
+ var privHexString = keypair.toHex();
+ var pubKeyString = pubKey.toHex();
+ System.out.println(algorithm + " Keypair hex " + privHexString);
+ System.out.println(algorithm + " pubKey hex " + pubKeyString);
+ var pubKey2 = PublicKey.load(algorithm, pubKeyString);
+ var keyPair2 = KeyPair.generate(algorithm, privHexString);
+ System.out.println(algorithm + " Keypair2 hex " + keyPair2.toHex());
+ System.out.println(algorithm + " pubKey hex " + pubKey2.toHex());
+ assertEquals(keypair.toHex(), keyPair2.toHex(), "keypair hex");
+ assertEquals(pubKey.toHex(), pubKey2.toHex(), "public keys hex equals");
+ assertEquals(pubKey, pubKey2, "public keys equals");
+ }
}
diff --git a/src/test/java/org/biscuitsec/biscuit/token/BiscuitTest.java b/src/test/java/org/biscuitsec/biscuit/token/BiscuitTest.java
index 84e73077..17d42807 100644
--- a/src/test/java/org/biscuitsec/biscuit/token/BiscuitTest.java
+++ b/src/test/java/org/biscuitsec/biscuit/token/BiscuitTest.java
@@ -25,12 +25,10 @@
import java.util.Arrays;
import java.util.Date;
import java.util.List;
-
import org.biscuitsec.biscuit.crypto.KeyDelegate;
import org.biscuitsec.biscuit.crypto.KeyPair;
import org.biscuitsec.biscuit.crypto.PublicKey;
import org.biscuitsec.biscuit.datalog.RunLimits;
-import org.biscuitsec.biscuit.datalog.SymbolTable;
import org.biscuitsec.biscuit.error.Error;
import org.biscuitsec.biscuit.error.FailedCheck;
import org.biscuitsec.biscuit.error.LogicError;
@@ -82,7 +80,7 @@ public void testBasic()
check(
rule(
"caveat1",
- List.of(var("resource")),
+ List.of(var("resource")),
Arrays.asList(
pred("resource", List.of(var("resource"))),
pred("operation", List.of(str("read"))),
@@ -115,8 +113,8 @@ public void testBasic()
check(
rule(
"caveat2",
- List.of(str("file1")),
- List.of(pred("resource", List.of(str("file1")))))));
+ List.of(str("file1")),
+ List.of(pred("resource", List.of(str("file1")))))));
Biscuit b3 = deser2.attenuate(rng, keypair3, builder3);
@@ -441,7 +439,7 @@ public void testBasicWithNamespaces()
check(
rule(
"caveat1",
- List.of(var("resource")),
+ List.of(var("resource")),
Arrays.asList(
pred("resource", List.of(var("resource"))),
pred("operation", List.of(str("read"))),
@@ -474,8 +472,8 @@ public void testBasicWithNamespaces()
check(
rule(
"caveat2",
- List.of(str("file1")),
- List.of(pred("resource", List.of(str("file1")))))));
+ List.of(str("file1")),
+ List.of(pred("resource", List.of(str("file1")))))));
Biscuit b3 = deser2.attenuate(rng, keypair3, builder3);
@@ -571,7 +569,7 @@ public void testBasicWithNamespacesWithAddAuthorityFact()
check(
rule(
"caveat1",
- List.of(var("resource")),
+ List.of(var("resource")),
Arrays.asList(
pred("resource", List.of(var("resource"))),
pred("operation", List.of(str("read"))),
@@ -604,8 +602,8 @@ public void testBasicWithNamespacesWithAddAuthorityFact()
check(
rule(
"caveat2",
- List.of(str("file1")),
- List.of(pred("resource", List.of(str("file1")))))));
+ List.of(str("file1")),
+ List.of(pred("resource", List.of(str("file1")))))));
Biscuit b3 = deser2.attenuate(rng, keypair3, builder3);
@@ -762,12 +760,12 @@ public void testCheckAll()
new Error.FailedLogic(
new LogicError.Unauthorized(
new LogicError.MatchedPolicy.Allow(0),
- List.of(
- new FailedCheck.FailedBlock(
- 0,
- 0,
- "check all operation($op), allowed_operations($allowed),"
- + " $allowed.contains($op)")))),
+ List.of(
+ new FailedCheck.FailedBlock(
+ 0,
+ 0,
+ "check all operation($op), allowed_operations($allowed),"
+ + " $allowed.contains($op)")))),
e);
}
diff --git a/src/test/java/org/biscuitsec/biscuit/token/ExampleTest.java b/src/test/java/org/biscuitsec/biscuit/token/ExampleTest.java
index 70faef91..f8fbb275 100644
--- a/src/test/java/org/biscuitsec/biscuit/token/ExampleTest.java
+++ b/src/test/java/org/biscuitsec/biscuit/token/ExampleTest.java
@@ -39,5 +39,4 @@ public Biscuit attenuate(KeyPair root, byte[] serializedToken)
Block block = token.createBlock().addCheck("check if operation(\"read\")");
return token.attenuate(block, root.getPublicKey().getAlgorithm());
}
-
}
diff --git a/src/test/java/org/biscuitsec/biscuit/token/KmsSignerExampleTest.java b/src/test/java/org/biscuitsec/biscuit/token/KmsSignerExampleTest.java
index 07fe7e24..990ef580 100644
--- a/src/test/java/org/biscuitsec/biscuit/token/KmsSignerExampleTest.java
+++ b/src/test/java/org/biscuitsec/biscuit/token/KmsSignerExampleTest.java
@@ -65,7 +65,7 @@ public void testCreateBiscuitWithRemoteSigner() throws Error {
var x509EncodedPublicKey = getPublicKeyResponse.publicKey().asByteArray();
var sec1CompressedEncodedPublicKey =
convertDerEncodedX509PublicKeyToSec1CompressedEncodedPublicKey(x509EncodedPublicKey);
- var publicKey = new PublicKey(Algorithm.SECP256R1, sec1CompressedEncodedPublicKey);
+ var publicKey = PublicKey.load(Algorithm.SECP256R1, sec1CompressedEncodedPublicKey);
var signer =
new Signer() {
@Override
diff --git a/src/test/java/org/biscuitsec/biscuit/token/SamplesTest.java b/src/test/java/org/biscuitsec/biscuit/token/SamplesTest.java
index addfcd77..cf2693b5 100644
--- a/src/test/java/org/biscuitsec/biscuit/token/SamplesTest.java
+++ b/src/test/java/org/biscuitsec/biscuit/token/SamplesTest.java
@@ -49,7 +49,8 @@ Stream jsonTest() {
Gson gson = new Gson();
Sample sample =
gson.fromJson(new InputStreamReader(new BufferedInputStream(inputStream)), Sample.class);
- PublicKey publicKey = new PublicKey(Schema.PublicKey.Algorithm.Ed25519, sample.root_public_key);
+ PublicKey publicKey =
+ PublicKey.load(Schema.PublicKey.Algorithm.Ed25519, sample.root_public_key);
KeyPair keyPair = KeyPair.generate(Schema.PublicKey.Algorithm.Ed25519, sample.root_private_key);
return sample.testcases.stream().map(t -> processTestcase(t, publicKey, keyPair));
}
@@ -173,8 +174,7 @@ DynamicTest processTestcase(
System.out.println(
Arrays.toString(token.serializedBiscuit.getAuthority().getBlock()));
org.biscuitsec.biscuit.token.Block deserBlockAuthority =
- fromBytes(serBlockAuthority, token.authority.getExternalKey())
- .get();
+ fromBytes(serBlockAuthority, token.authority.getExternalKey()).get();
assertEquals(
token.authority.print(token.symbolTable),
deserBlockAuthority.print(token.symbolTable));
@@ -189,7 +189,8 @@ DynamicTest processTestcase(
org.biscuitsec.biscuit.token.Block deserBlock =
fromBytes(serBlock, block.getExternalKey()).get();
assertEquals(
- block.print(token.symbolTable), deserBlock.print(token.symbolTable));
+ block.print(token.symbolTable),
+ deserBlock.print(token.symbolTable));
assert (Arrays.equals(serBlock, signedBlock.getBlock()));
}
@@ -300,8 +301,10 @@ DynamicTest processTestcase(
class Block {
List symbols;
String code;
+
@SuppressWarnings("checkstyle:MemberName")
List public_keys;
+
@SuppressWarnings("checkstyle:MemberName")
String external_key;
@@ -414,6 +417,7 @@ public void setRoot_public_key(String root_public_key) {
@SuppressWarnings("checkstyle:MemberName")
String root_public_key;
+
List testcases;
@SuppressWarnings("checkstyle:MethodName")