diff --git a/biscuit-core/pom.xml b/biscuit-core/pom.xml
new file mode 100644
index 00000000..176cfe28
--- /dev/null
+++ b/biscuit-core/pom.xml
@@ -0,0 +1,29 @@
+
+
+
+ 4.0.0
+ biscuit-core
+ jar
+
+
+ org.eclipse
+ biscuit-java
+ 4.1.0
+
+
+
+
+ com.google.protobuf
+ protobuf-java
+ ${protobuf.version}
+
+
+ com.fasterxml.jackson.core
+ jackson-databind
+ ${jackson.version}
+
+
+
diff --git a/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java
diff --git a/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java
diff --git a/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java
new file mode 100644
index 00000000..1d293d1d
--- /dev/null
+++ b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2019 Geoffroy Couprie and Contributors to the Eclipse Foundation.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.eclipse.biscuit.crypto;
+
+import biscuit.format.schema.Schema.PublicKey.Algorithm;
+import java.security.SecureRandom;
+import java.util.ServiceLoader;
+import java.util.stream.Collectors;
+import org.eclipse.biscuit.error.Error;
+import org.eclipse.biscuit.token.builder.Utils;
+
+/** Private and public key. */
+public abstract class KeyPair implements Signer {
+ public interface Factory {
+ KeyPair generate(Algorithm algorithm, byte[] bytes) throws Error.FormatError;
+
+ KeyPair generate(Algorithm algorithm, SecureRandom rng) throws Error.FormatError;
+ }
+
+ private static final Factory factory;
+
+ static {
+ var factories = ServiceLoader.load(KeyPair.Factory.class).stream().collect(Collectors.toList());
+ if (factories.size() != 1) {
+ throw new IllegalStateException(
+ "A single KeyPair implementation expected; found " + factories.size());
+ }
+ factory = factories.get(0).get();
+ }
+
+ public static KeyPair generate(Algorithm algorithm) throws Error.FormatError {
+ return generate(algorithm, new SecureRandom());
+ }
+
+ public static KeyPair generate(Algorithm algorithm, String hex) throws Error.FormatError {
+ return generate(algorithm, Utils.hexStringToByteArray(hex));
+ }
+
+ public static KeyPair generate(Algorithm algorithm, byte[] bytes) throws Error.FormatError {
+ return factory.generate(algorithm, bytes);
+ }
+
+ public static KeyPair generate(Algorithm algorithm, SecureRandom rng) throws Error.FormatError {
+ return factory.generate(algorithm, rng);
+ }
+
+ public abstract byte[] toBytes();
+
+ public abstract String toHex();
+
+ @Override
+ public abstract PublicKey getPublicKey();
+}
diff --git a/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java
similarity index 52%
rename from src/main/java/org/eclipse/biscuit/crypto/PublicKey.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java
index b10aac41..5d63d1aa 100644
--- a/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java
+++ b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java
@@ -12,34 +12,34 @@
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.util.Optional;
+import java.util.ServiceLoader;
import java.util.Set;
+import java.util.stream.Collectors;
import org.eclipse.biscuit.error.Error;
import org.eclipse.biscuit.token.builder.Utils;
public abstract class PublicKey {
public interface Factory {
- PublicKey load(byte[] bytes) throws Error.FormatError.InvalidKey;
+ PublicKey load(Algorithm algorithm, byte[] bytes) throws Error.FormatError;
}
- public static final Factory DEFAULT_ED25519_FACTORY =
- bytes -> Ed25519PublicKey.loadEd25519(bytes);
- public static final Factory DEFAULT_SECP256R1_FACTORY =
- bytes -> SECP256R1PublicKey.loadSECP256R1(bytes);
+ private static final Factory factory;
- private static volatile Factory ed25519Factory = DEFAULT_ED25519_FACTORY;
- private static volatile Factory secp256r1Factory = DEFAULT_SECP256R1_FACTORY;
+ static {
+ var factories =
+ ServiceLoader.load(PublicKey.Factory.class).stream().collect(Collectors.toList());
+ if (factories.size() != 1) {
+ throw new IllegalStateException(
+ "A single PublicKey implementation expected; found " + factories.size());
+ }
+ factory = factories.get(0).get();
+ }
private static final Set SUPPORTED_ALGORITHMS =
Set.of(Algorithm.Ed25519, Algorithm.SECP256R1);
public static PublicKey load(Algorithm algorithm, byte[] data) throws Error.FormatError {
- if (algorithm == Algorithm.Ed25519) {
- return ed25519Factory.load(data);
- } else if (algorithm == Algorithm.SECP256R1) {
- return secp256r1Factory.load(data);
- } else {
- throw new IllegalArgumentException("Unsupported algorithm");
- }
+ return factory.load(algorithm, data);
}
public static PublicKey load(Algorithm algorithm, String hex) throws Error.FormatError {
@@ -66,34 +66,8 @@ public static PublicKey deserialize(Schema.PublicKey pk) throws Error.FormatErro
return PublicKey.load(pk.getAlgorithm(), pk.getKey().toByteArray());
}
- public static Optional validateSignatureLength(Algorithm algorithm, int length) {
- Optional error = Optional.empty();
- if (algorithm == Algorithm.Ed25519) {
- if (length != Ed25519KeyPair.SIGNATURE_LENGTH) {
- error = Optional.of(new Error.FormatError.Signature.InvalidSignatureSize(length));
- }
- } else if (algorithm == Algorithm.SECP256R1) {
- if (length < SECP256R1KeyPair.MINIMUM_SIGNATURE_LENGTH
- || length > SECP256R1KeyPair.MAXIMUM_SIGNATURE_LENGTH) {
- error = Optional.of(new Error.FormatError.Signature.InvalidSignatureSize(length));
- }
- } else {
- error =
- Optional.of(new Error.FormatError.Signature.InvalidSignature("unsupported algorithm"));
- }
- return error;
- }
-
- public static void setEd25519Factory(Factory factory) {
- ed25519Factory = factory;
- }
-
- public static void setSECP256R1Factory(Factory factory) {
- secp256r1Factory = factory;
- }
-
public abstract Algorithm getAlgorithm();
- public abstract boolean verify(byte[] data, byte[] signature)
+ public abstract Optional verify(byte[] data, byte[] signature)
throws InvalidKeyException, SignatureException, NoSuchAlgorithmException;
}
diff --git a/src/main/java/org/eclipse/biscuit/crypto/Signer.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/Signer.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/crypto/Signer.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/Signer.java
diff --git a/src/main/java/org/eclipse/biscuit/crypto/Token.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/Token.java
similarity index 91%
rename from src/main/java/org/eclipse/biscuit/crypto/Token.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/Token.java
index 03b7b87d..ce08fd68 100644
--- a/src/main/java/org/eclipse/biscuit/crypto/Token.java
+++ b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/Token.java
@@ -72,13 +72,12 @@ public Result verify(PublicKey root)
byte[] payload =
BlockSignatureBuffer.generateBlockSignaturePayloadV0(block, nextKey, Optional.empty());
- if (currentKey.verify(payload, signature)) {
- currentKey = nextKey;
- } else {
- return Result.err(
- new Error.FormatError.Signature.InvalidSignature(
- "signature error: Verification equation was not satisfied"));
+ var verificationResult = currentKey.verify(payload, signature);
+ if (verificationResult.isPresent()) {
+ return Result.err(verificationResult.get());
}
+
+ currentKey = nextKey;
}
if (this.next.getPublicKey().equals(currentKey)) {
diff --git a/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java
diff --git a/src/main/java/org/eclipse/biscuit/crypto/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/package-info.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/crypto/package-info.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/package-info.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/Check.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Check.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/Check.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Check.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/Combinator.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Combinator.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/Combinator.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Combinator.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/Fact.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Fact.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/Fact.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Fact.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/FactSet.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/FactSet.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/FactSet.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/FactSet.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/MapKey.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/MapKey.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/MapKey.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/MapKey.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/Origin.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Origin.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/Origin.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Origin.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/Pair.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Pair.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/Pair.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Pair.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/Predicate.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Predicate.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/Predicate.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Predicate.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/Rule.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Rule.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/Rule.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Rule.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/RuleSet.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/RunLimits.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/Scope.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Scope.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/Scope.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Scope.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/Term.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Term.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/Term.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Term.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/World.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/World.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/World.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/World.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java
diff --git a/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java
similarity index 99%
rename from src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java
index 51272beb..e1aae371 100644
--- a/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java
+++ b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java
@@ -6,8 +6,6 @@
package org.eclipse.biscuit.datalog.expressions;
import biscuit.format.schema.Schema;
-import com.google.re2j.Matcher;
-import com.google.re2j.Pattern;
import java.io.UnsupportedEncodingException;
import java.util.ArrayDeque;
import java.util.ArrayList;
@@ -24,6 +22,7 @@
import org.eclipse.biscuit.datalog.Term;
import org.eclipse.biscuit.error.Error;
import org.eclipse.biscuit.error.Result;
+import org.eclipse.biscuit.regex.PatternMatcher;
import org.eclipse.biscuit.token.builder.Expression;
public abstract class Op {
@@ -455,9 +454,7 @@ public void evaluate(
"cannot find string in symbols for index " + ((Term.Str) right).value());
}
- Pattern p = Pattern.compile(rightS.get());
- Matcher m = p.matcher(leftS.get());
- stack.push(new Term.Bool(m.find()));
+ stack.push(new Term.Bool(PatternMatcher.create(rightS.get()).match(leftS.get())));
}
break;
case Add:
diff --git a/src/main/java/org/eclipse/biscuit/datalog/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/package-info.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/datalog/package-info.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/package-info.java
diff --git a/src/main/java/org/eclipse/biscuit/error/Error.java b/biscuit-core/src/main/java/org/eclipse/biscuit/error/Error.java
similarity index 93%
rename from src/main/java/org/eclipse/biscuit/error/Error.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/error/Error.java
index e71ddf90..c631523a 100644
--- a/src/main/java/org/eclipse/biscuit/error/Error.java
+++ b/biscuit-core/src/main/java/org/eclipse/biscuit/error/Error.java
@@ -13,6 +13,8 @@
import java.util.List;
import java.util.Objects;
import java.util.Optional;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
import org.eclipse.biscuit.datalog.expressions.Expression;
public abstract class Error extends Exception {
@@ -265,6 +267,46 @@ public JsonNode toJson() {
}
}
+ public static final class BlockSignatureDeserializationError extends FormatError {
+ private final String err;
+
+ public BlockSignatureDeserializationError(byte[] signature) {
+ this.err =
+ "block signature deserialization error: "
+ + IntStream.range(0, signature.length)
+ .mapToObj(i -> String.valueOf(signature[i] & 0xff))
+ .collect(Collectors.joining(", ", "[", "]"));
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ BlockSignatureDeserializationError other = (BlockSignatureDeserializationError) o;
+ return err.equals(other.err);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(err);
+ }
+
+ @Override
+ public String toString() {
+ return "Err(FormatError.BlockSignatureDeserializationError{ error: " + err + " }";
+ }
+
+ @Override
+ public JsonNode toJson() {
+ return FormatError.jsonWrapper(
+ objectMapper.createObjectNode().put("BlockSignatureDeserializationError", this.err));
+ }
+ }
+
public static final class BlockSerializationError extends FormatError {
private final String err;
diff --git a/src/main/java/org/eclipse/biscuit/error/FailedCheck.java b/biscuit-core/src/main/java/org/eclipse/biscuit/error/FailedCheck.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/error/FailedCheck.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/error/FailedCheck.java
diff --git a/src/main/java/org/eclipse/biscuit/error/LogicError.java b/biscuit-core/src/main/java/org/eclipse/biscuit/error/LogicError.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/error/LogicError.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/error/LogicError.java
diff --git a/src/main/java/org/eclipse/biscuit/error/Result.java b/biscuit-core/src/main/java/org/eclipse/biscuit/error/Result.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/error/Result.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/error/Result.java
diff --git a/src/main/java/org/eclipse/biscuit/error/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/error/package-info.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/error/package-info.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/error/package-info.java
diff --git a/biscuit-core/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java b/biscuit-core/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java
new file mode 100644
index 00000000..6c7dbc01
--- /dev/null
+++ b/biscuit-core/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java
@@ -0,0 +1,28 @@
+package org.eclipse.biscuit.regex;
+
+import java.util.ServiceLoader;
+import java.util.stream.Collectors;
+
+public abstract class PatternMatcher {
+ public interface Factory {
+ PatternMatcher create(String regex);
+ }
+
+ private static final Factory factory;
+
+ static {
+ var factories =
+ ServiceLoader.load(PatternMatcher.Factory.class).stream().collect(Collectors.toList());
+ if (factories.size() != 1) {
+ throw new IllegalStateException(
+ "A single PatternMatcher implementation expected; found " + factories.size());
+ }
+ factory = factories.get(0).get();
+ }
+
+ public static PatternMatcher create(String regex) {
+ return factory.create(regex);
+ }
+
+ public abstract boolean match(CharSequence input);
+}
diff --git a/src/main/java/org/eclipse/biscuit/token/Authorizer.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/Authorizer.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/Authorizer.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/Authorizer.java
diff --git a/src/main/java/org/eclipse/biscuit/token/Biscuit.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/Biscuit.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/Biscuit.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/Biscuit.java
diff --git a/src/main/java/org/eclipse/biscuit/token/Block.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/Block.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/Block.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/Block.java
diff --git a/src/main/java/org/eclipse/biscuit/token/Policy.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/Policy.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/Policy.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/Policy.java
diff --git a/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java
diff --git a/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java
diff --git a/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java
diff --git a/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java
similarity index 98%
rename from src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java
index 161f419e..48168bd2 100644
--- a/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java
+++ b/biscuit-core/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java
@@ -291,9 +291,9 @@ public UnverifiedBiscuit appendThirdPartyBlock(
blockResponse.getPayload(),
previousBlock.getSignature(),
BlockSignatureBuffer.THIRD_PARTY_SIGNATURE_VERSION);
- if (!externalKey.verify(payload, blockResponse.getSignature())) {
- throw new Error.FormatError.Signature.InvalidSignature(
- "signature error: Verification equation was not satisfied");
+ var verificationResult = externalKey.verify(payload, blockResponse.getSignature());
+ if (verificationResult.isPresent()) {
+ throw verificationResult.get();
}
var res = Block.fromBytes(blockResponse.getPayload(), Optional.of(externalKey));
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Block.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Block.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/Block.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Block.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Check.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Check.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/Check.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Check.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Expression.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Expression.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/Expression.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Expression.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Fact.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Fact.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/Fact.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Fact.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/MapKey.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/Predicate.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Rule.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Rule.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/Rule.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Rule.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Scope.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Scope.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/Scope.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Scope.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Term.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Term.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/Term.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Term.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Utils.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Utils.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/Utils.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Utils.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/package-info.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/package-info.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/package-info.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java
diff --git a/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java
diff --git a/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java
diff --git a/src/main/java/org/eclipse/biscuit/token/format/Proof.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/Proof.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/format/Proof.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/format/Proof.java
diff --git a/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java
similarity index 91%
rename from src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java
index 613c448b..80eddd4f 100644
--- a/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java
+++ b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java
@@ -358,7 +358,7 @@ public Result append(
public Result verify(org.eclipse.biscuit.crypto.PublicKey root)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
- org.eclipse.biscuit.crypto.PublicKey currentKey = root;
+ PublicKey currentKey = root;
var res = verifyAuthorityBlockSignature(this.authority, currentKey);
if (res.isOk()) {
currentKey = res.getOk();
@@ -377,26 +377,15 @@ public Result verify(org.eclipse.biscuit.crypto.PublicKey root)
}
}
- // System.out.println("signatures verified, checking proof");
-
if (!this.proof.isSealed()) {
- // System.out.println("checking secret key");
- // System.out.println("current key: " + currentKey.toHex());
- // System.out.println("key from proof: " + this.proof.secretKey.get().public_key().toHex());
if (this.proof.secretKey().getPublicKey().equals(currentKey)) {
- // System.out.println("public keys are equal");
-
return Result.ok(null);
} else {
- // System.out.println("public keys are not equal");
-
return Result.err(
new Error.FormatError.Signature.InvalidSignature(
"signature error: Verification equation was not satisfied"));
}
} else {
- // System.out.println("checking final signature");
-
byte[] finalSignature = this.proof.getSignature().get();
SignedBlock b;
@@ -407,10 +396,11 @@ public Result verify(org.eclipse.biscuit.crypto.PublicKey root)
}
byte[] payload = BlockSignatureBuffer.generateSealBlockSignaturePayloadV0(b);
- if (currentKey.verify(payload, finalSignature)) {
- return Result.ok(null);
- } else {
+ var verificationResult = currentKey.verify(payload, finalSignature);
+ if (verificationResult.isPresent()) {
return Result.err(new Error.FormatError.Signature.SealedSignature());
+ } else {
+ return Result.ok(null);
}
}
}
@@ -418,13 +408,6 @@ public Result verify(org.eclipse.biscuit.crypto.PublicKey root)
static Result verifyAuthorityBlockSignature(
SignedBlock signedBlock, org.eclipse.biscuit.crypto.PublicKey publicKey)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
- var signatureLengthError =
- PublicKey.validateSignatureLength(
- publicKey.getAlgorithm(), signedBlock.getSignature().length);
- if (signatureLengthError.isPresent()) {
- return Result.err(signatureLengthError.get());
- }
-
var payload =
BlockSignatureBuffer.generateBlockSignaturePayload(
signedBlock.getBlock(),
@@ -436,10 +419,9 @@ static Result verifyAuthorityBlockS
return Result.err(payload.getErr());
}
- if (!publicKey.verify(payload.getOk(), signedBlock.getSignature())) {
- return Result.err(
- new Error.FormatError.Signature.InvalidSignature(
- "signature error: Verification equation was not satisfied"));
+ var verificationResult = publicKey.verify(payload.getOk(), signedBlock.getSignature());
+ if (verificationResult.isPresent()) {
+ return Result.err(verificationResult.get());
}
return Result.ok(signedBlock.getKey());
@@ -450,13 +432,6 @@ static Result verifyBlockSignature(
org.eclipse.biscuit.crypto.PublicKey publicKey,
byte[] previousSignature)
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
- var signatureLengthError =
- PublicKey.validateSignatureLength(
- publicKey.getAlgorithm(), signedBlock.getSignature().length);
- if (signatureLengthError.isPresent()) {
- return Result.err(signatureLengthError.get());
- }
-
var payload =
BlockSignatureBuffer.generateBlockSignaturePayload(
signedBlock.getBlock(),
@@ -468,10 +443,9 @@ static Result verifyBlockSignature(
return Result.err(payload.getErr());
}
- if (!publicKey.verify(payload.getOk(), signedBlock.getSignature())) {
- return Result.err(
- new Error.FormatError.Signature.InvalidSignature(
- "signature error: Verification equation was not satisfied"));
+ var verificationResult = publicKey.verify(payload.getOk(), signedBlock.getSignature());
+ if (verificationResult.isPresent()) {
+ return Result.err(verificationResult.get());
}
if (signedBlock.getExternalSignature().isPresent()) {
@@ -480,10 +454,10 @@ static Result verifyBlockSignature(
signedBlock.getBlock(), publicKey, previousSignature, signedBlock.getVersion());
ExternalSignature externalSignature = signedBlock.getExternalSignature().get();
- if (!externalSignature.getKey().verify(externalPayload, externalSignature.getSignature())) {
- return Result.err(
- new Error.FormatError.Signature.InvalidSignature(
- "external signature error: Verification equation was not satisfied"));
+ var externalResult =
+ externalSignature.getKey().verify(externalPayload, externalSignature.getSignature());
+ if (externalResult.isPresent()) {
+ return Result.err(externalResult.get());
}
}
diff --git a/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java
diff --git a/src/main/java/org/eclipse/biscuit/token/format/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/package-info.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/format/package-info.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/format/package-info.java
diff --git a/src/main/java/org/eclipse/biscuit/token/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/package-info.java
similarity index 100%
rename from src/main/java/org/eclipse/biscuit/token/package-info.java
rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/package-info.java
diff --git a/src/main/proto/schema.proto b/biscuit-core/src/main/proto/schema.proto
similarity index 100%
rename from src/main/proto/schema.proto
rename to biscuit-core/src/main/proto/schema.proto
diff --git a/biscuit/pom.xml b/biscuit/pom.xml
new file mode 100644
index 00000000..5b2ee774
--- /dev/null
+++ b/biscuit/pom.xml
@@ -0,0 +1,57 @@
+
+
+
+ 4.0.0
+ biscuit
+ jar
+
+
+ org.eclipse
+ biscuit-java
+ 4.1.0
+
+
+
+
+ org.eclipse
+ biscuit-core
+ 4.1.0
+
+
+ com.google.re2j
+ re2j
+ ${re2j.version}
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+ ${bcprov.version}
+
+
+ org.junit.jupiter
+ junit-jupiter
+ test
+
+
+ software.amazon.awssdk
+ kms
+ ${awssdk-kms.version}
+ test
+
+
+ org.testcontainers
+ junit-jupiter
+ ${testcontainers-junit-jupiter.version}
+ test
+
+
+ org.testcontainers
+ localstack
+ ${testcontainers-localstack.version}
+ test
+
+
+
diff --git a/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultKeyPairFactory.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultKeyPairFactory.java
new file mode 100644
index 00000000..0acfa81b
--- /dev/null
+++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultKeyPairFactory.java
@@ -0,0 +1,31 @@
+package org.eclipse.biscuit.bouncycastle;
+
+import biscuit.format.schema.Schema;
+import java.security.SecureRandom;
+import org.eclipse.biscuit.crypto.KeyPair;
+import org.eclipse.biscuit.error.Error;
+
+public final class DefaultKeyPairFactory implements KeyPair.Factory {
+ @Override
+ public KeyPair generate(Schema.PublicKey.Algorithm algorithm, byte[] bytes)
+ throws Error.FormatError.InvalidKeySize {
+ if (algorithm == Schema.PublicKey.Algorithm.Ed25519) {
+ return new Ed25519KeyPair(bytes);
+ } else if (algorithm == Schema.PublicKey.Algorithm.SECP256R1) {
+ return new SECP256R1KeyPair(bytes);
+ } else {
+ throw new IllegalArgumentException("Unsupported algorithm");
+ }
+ }
+
+ @Override
+ public KeyPair generate(Schema.PublicKey.Algorithm algorithm, SecureRandom rng) {
+ if (algorithm == Schema.PublicKey.Algorithm.Ed25519) {
+ return new Ed25519KeyPair(rng);
+ } else if (algorithm == Schema.PublicKey.Algorithm.SECP256R1) {
+ return new SECP256R1KeyPair(rng);
+ } else {
+ throw new IllegalArgumentException("Unsupported algorithm");
+ }
+ }
+}
diff --git a/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultPublicKeyFactory.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultPublicKeyFactory.java
new file mode 100644
index 00000000..5f095ac9
--- /dev/null
+++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultPublicKeyFactory.java
@@ -0,0 +1,19 @@
+package org.eclipse.biscuit.bouncycastle;
+
+import biscuit.format.schema.Schema;
+import org.eclipse.biscuit.crypto.PublicKey;
+import org.eclipse.biscuit.error.Error;
+
+public final class DefaultPublicKeyFactory implements PublicKey.Factory {
+ @Override
+ public PublicKey load(Schema.PublicKey.Algorithm algorithm, byte[] bytes)
+ throws Error.FormatError.InvalidKey {
+ if (algorithm == Schema.PublicKey.Algorithm.Ed25519) {
+ return Ed25519PublicKey.loadEd25519(bytes);
+ } else if (algorithm == Schema.PublicKey.Algorithm.SECP256R1) {
+ return SECP256R1PublicKey.loadSECP256R1(bytes);
+ } else {
+ throw new IllegalArgumentException("Unsupported algorithm");
+ }
+ }
+}
diff --git a/src/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519KeyPair.java
similarity index 94%
rename from src/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java
rename to biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519KeyPair.java
index 0cc0bf7e..f4ee77ca 100644
--- a/src/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java
+++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519KeyPair.java
@@ -3,7 +3,7 @@
* SPDX-License-Identifier: Apache-2.0
*/
-package org.eclipse.biscuit.crypto;
+package org.eclipse.biscuit.bouncycastle;
import java.security.SecureRandom;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
@@ -13,6 +13,8 @@
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.signers.Ed25519Signer;
import org.bouncycastle.math.ec.rfc8032.Ed25519;
+import org.eclipse.biscuit.crypto.KeyPair;
+import org.eclipse.biscuit.crypto.PublicKey;
import org.eclipse.biscuit.error.Error;
import org.eclipse.biscuit.token.builder.Utils;
diff --git a/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519PublicKey.java
similarity index 74%
rename from src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java
rename to biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519PublicKey.java
index 5408b8b0..965489c3 100644
--- a/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java
+++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519PublicKey.java
@@ -3,12 +3,14 @@
* SPDX-License-Identifier: Apache-2.0
*/
-package org.eclipse.biscuit.crypto;
+package org.eclipse.biscuit.bouncycastle;
import biscuit.format.schema.Schema.PublicKey.Algorithm;
import java.util.Arrays;
+import java.util.Optional;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.signers.Ed25519Signer;
+import org.eclipse.biscuit.crypto.PublicKey;
import org.eclipse.biscuit.error.Error;
class Ed25519PublicKey extends PublicKey {
@@ -63,10 +65,20 @@ public Algorithm getAlgorithm() {
}
@Override
- public boolean verify(byte[] data, byte[] signature) {
+ public Optional verify(byte[] data, byte[] signature) {
+ if (signature.length != Ed25519KeyPair.SIGNATURE_LENGTH) {
+ return Optional.of(new Error.FormatError.BlockSignatureDeserializationError(signature));
+ }
+
var sgr = new Ed25519Signer();
sgr.init(false, this.publicKey);
sgr.update(data, 0, data.length);
- return sgr.verifySignature(signature);
+ if (!sgr.verifySignature(signature)) {
+ return Optional.of(
+ new Error.FormatError.Signature.InvalidSignature(
+ "signature error: Verification equation was not satisfied"));
+ }
+
+ return Optional.empty();
}
}
diff --git a/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1KeyPair.java
similarity index 87%
rename from src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java
rename to biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1KeyPair.java
index a3804084..1a43c7ec 100644
--- a/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java
+++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1KeyPair.java
@@ -3,7 +3,7 @@
* SPDX-License-Identifier: Apache-2.0
*/
-package org.eclipse.biscuit.crypto;
+package org.eclipse.biscuit.bouncycastle;
import java.io.IOException;
import java.security.SecureRandom;
@@ -19,6 +19,8 @@
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.util.BigIntegers;
+import org.eclipse.biscuit.crypto.KeyPair;
+import org.eclipse.biscuit.crypto.PublicKey;
import org.eclipse.biscuit.error.Error;
import org.eclipse.biscuit.token.builder.Utils;
@@ -31,16 +33,12 @@ final class SECP256R1KeyPair extends KeyPair {
private final BCECPrivateKey privateKey;
private final BCECPublicKey publicKey;
- private final boolean deterministicNonce;
static final String ALGORITHM = "ECDSA";
static final String CURVE = "secp256r1";
static final ECNamedCurveParameterSpec SECP256R1 = ECNamedCurveTable.getParameterSpec(CURVE);
- SECP256R1KeyPair(byte[] bytes, boolean deterministicNonce)
- throws Error.FormatError.InvalidKeySize {
- this.deterministicNonce = deterministicNonce;
-
+ SECP256R1KeyPair(byte[] bytes) throws Error.FormatError.InvalidKeySize {
if (bytes.length != BUFFER_SIZE) {
throw new Error.FormatError.InvalidKeySize(bytes.length);
}
@@ -56,9 +54,7 @@ final class SECP256R1KeyPair extends KeyPair {
this.publicKey = publicKey;
}
- SECP256R1KeyPair(SecureRandom rng, boolean deterministicNonce) {
- this.deterministicNonce = deterministicNonce;
-
+ SECP256R1KeyPair(SecureRandom rng) {
byte[] bytes = new byte[BUFFER_SIZE];
rng.nextBytes(bytes);
@@ -89,13 +85,7 @@ public byte[] sign(byte[] data) {
var hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
- ECDSASigner signer;
- if (deterministicNonce) {
- signer = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
- } else {
- signer = new ECDSASigner();
- }
-
+ var signer = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest()));
signer.init(true, privateKey.engineGetKeyParameters());
var sig = signer.generateSignature(hash);
diff --git a/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1PublicKey.java
similarity index 81%
rename from src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java
rename to biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1PublicKey.java
index 5199eab7..b11aa451 100644
--- a/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java
+++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1PublicKey.java
@@ -3,14 +3,15 @@
* SPDX-License-Identifier: Apache-2.0
*/
-package org.eclipse.biscuit.crypto;
+package org.eclipse.biscuit.bouncycastle;
-import static org.eclipse.biscuit.crypto.SECP256R1KeyPair.CURVE;
+import static org.eclipse.biscuit.bouncycastle.SECP256R1KeyPair.CURVE;
import biscuit.format.schema.Schema.PublicKey.Algorithm;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
+import java.util.Optional;
import org.bouncycastle.asn1.sec.SECNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.digests.SHA256Digest;
@@ -24,6 +25,7 @@
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.math.ec.ECPoint;
+import org.eclipse.biscuit.crypto.PublicKey;
import org.eclipse.biscuit.error.Error;
@SuppressWarnings("checkstyle:AbbreviationAsWordInName")
@@ -91,7 +93,12 @@ public Algorithm getAlgorithm() {
}
@Override
- public boolean verify(byte[] data, byte[] signature) {
+ public Optional verify(byte[] data, byte[] signature) {
+ if (signature.length < SECP256R1KeyPair.MINIMUM_SIGNATURE_LENGTH
+ || signature.length > SECP256R1KeyPair.MAXIMUM_SIGNATURE_LENGTH) {
+ return Optional.of(new Error.FormatError.BlockSignatureDeserializationError(signature));
+ }
+
var digest = new SHA256Digest();
digest.update(data, 0, data.length);
var hash = new byte[digest.getDigestSize()];
@@ -107,6 +114,12 @@ public boolean verify(byte[] data, byte[] signature) {
throw new IllegalStateException(e.toString());
}
- return signer.verifySignature(hash, sig[0], sig[1]);
+ if (!signer.verifySignature(hash, sig[0], sig[1])) {
+ return Optional.of(
+ new Error.FormatError.Signature.InvalidSignature(
+ "signature error: Verification equation was not satisfied"));
+ }
+
+ return Optional.empty();
}
}
diff --git a/biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java b/biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java
new file mode 100644
index 00000000..9da7891f
--- /dev/null
+++ b/biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java
@@ -0,0 +1,16 @@
+package org.eclipse.biscuit.regex;
+
+import com.google.re2j.Pattern;
+
+public final class DefaultPatternMatcherFactory implements PatternMatcher.Factory {
+ @Override
+ public PatternMatcher create(String regex) {
+ var p = Pattern.compile(regex);
+ return new PatternMatcher() {
+ @Override
+ public boolean match(CharSequence input) {
+ return p.matcher(input).find();
+ }
+ };
+ }
+}
diff --git a/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.KeyPair$Factory b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.KeyPair$Factory
new file mode 100644
index 00000000..66575535
--- /dev/null
+++ b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.KeyPair$Factory
@@ -0,0 +1 @@
+org.eclipse.biscuit.bouncycastle.DefaultKeyPairFactory
\ No newline at end of file
diff --git a/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.PublicKey$Factory b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.PublicKey$Factory
new file mode 100644
index 00000000..efc4aaf0
--- /dev/null
+++ b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.PublicKey$Factory
@@ -0,0 +1 @@
+org.eclipse.biscuit.bouncycastle.DefaultPublicKeyFactory
\ No newline at end of file
diff --git a/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.regex.PatternMatcher$Factory b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.regex.PatternMatcher$Factory
new file mode 100644
index 00000000..5591c36f
--- /dev/null
+++ b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.regex.PatternMatcher$Factory
@@ -0,0 +1 @@
+org.eclipse.biscuit.regex.DefaultPatternMatcherFactory
\ No newline at end of file
diff --git a/src/test/java/org/eclipse/biscuit/builder/BuilderTest.java b/biscuit/src/test/java/org/eclipse/biscuit/builder/BuilderTest.java
similarity index 100%
rename from src/test/java/org/eclipse/biscuit/builder/BuilderTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/builder/BuilderTest.java
diff --git a/src/test/java/org/eclipse/biscuit/builder/parser/ParserTest.java b/biscuit/src/test/java/org/eclipse/biscuit/builder/parser/ParserTest.java
similarity index 100%
rename from src/test/java/org/eclipse/biscuit/builder/parser/ParserTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/builder/parser/ParserTest.java
diff --git a/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java b/biscuit/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java
similarity index 98%
rename from src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java
index b818b815..45ea0069 100644
--- a/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java
+++ b/biscuit/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java
@@ -50,7 +50,7 @@ public void testHex() throws Error.FormatError {
@Test
public void testThreeMessages()
- throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
+ throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error.FormatError {
prTestThreeMessages(Schema.PublicKey.Algorithm.Ed25519);
prTestThreeMessages(Schema.PublicKey.Algorithm.SECP256R1);
}
@@ -120,7 +120,7 @@ private void prTestSerialize(Schema.PublicKey.Algorithm algorithm, int expectedP
}
private void prTestThreeMessages(Schema.PublicKey.Algorithm algorithm)
- throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
+ throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error.FormatError {
String message1 = "hello";
KeyPair root = KeyPair.generate(algorithm, rng);
KeyPair keypair2 = KeyPair.generate(algorithm, rng);
diff --git a/src/test/java/org/eclipse/biscuit/datalog/ExpressionTest.java b/biscuit/src/test/java/org/eclipse/biscuit/datalog/ExpressionTest.java
similarity index 100%
rename from src/test/java/org/eclipse/biscuit/datalog/ExpressionTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/datalog/ExpressionTest.java
diff --git a/src/test/java/org/eclipse/biscuit/datalog/WorldTest.java b/biscuit/src/test/java/org/eclipse/biscuit/datalog/WorldTest.java
similarity index 100%
rename from src/test/java/org/eclipse/biscuit/datalog/WorldTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/datalog/WorldTest.java
diff --git a/src/test/java/org/eclipse/biscuit/token/AuthorizerTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/AuthorizerTest.java
similarity index 100%
rename from src/test/java/org/eclipse/biscuit/token/AuthorizerTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/token/AuthorizerTest.java
diff --git a/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java
similarity index 98%
rename from src/test/java/org/eclipse/biscuit/token/BiscuitTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java
index 841c3df4..dc429dcb 100644
--- a/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java
+++ b/biscuit/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java
@@ -704,8 +704,12 @@ public Optional getRootKey(Optional keyId) {
new KeyDelegate() {
@Override
public Optional getRootKey(Optional keyId) {
-
- KeyPair root = KeyPair.generate(Schema.PublicKey.Algorithm.Ed25519, rng);
+ KeyPair root = null;
+ try {
+ root = KeyPair.generate(Schema.PublicKey.Algorithm.Ed25519, rng);
+ } catch (Error.FormatError e) {
+ throw new IllegalStateException(e);
+ }
return Optional.of(root.getPublicKey());
}
});
diff --git a/src/test/java/org/eclipse/biscuit/token/ExampleTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/ExampleTest.java
similarity index 97%
rename from src/test/java/org/eclipse/biscuit/token/ExampleTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/token/ExampleTest.java
index dc68774e..99fa9028 100644
--- a/src/test/java/org/eclipse/biscuit/token/ExampleTest.java
+++ b/biscuit/src/test/java/org/eclipse/biscuit/token/ExampleTest.java
@@ -17,7 +17,7 @@
* if these functions change, please send a PR to update them at https://github.com/biscuit-auth/website
*/
public class ExampleTest {
- public KeyPair root() {
+ public KeyPair root() throws Error.FormatError {
return KeyPair.generate(Schema.PublicKey.Algorithm.Ed25519);
}
diff --git a/src/test/java/org/eclipse/biscuit/token/KmsSignerExampleTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/KmsSignerExampleTest.java
similarity index 100%
rename from src/test/java/org/eclipse/biscuit/token/KmsSignerExampleTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/token/KmsSignerExampleTest.java
diff --git a/src/test/java/org/eclipse/biscuit/token/SamplesTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/SamplesTest.java
similarity index 100%
rename from src/test/java/org/eclipse/biscuit/token/SamplesTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/token/SamplesTest.java
diff --git a/src/test/java/org/eclipse/biscuit/token/ThirdPartyTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/ThirdPartyTest.java
similarity index 100%
rename from src/test/java/org/eclipse/biscuit/token/ThirdPartyTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/token/ThirdPartyTest.java
diff --git a/src/test/java/org/eclipse/biscuit/token/UnverifiedBiscuitTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/UnverifiedBiscuitTest.java
similarity index 100%
rename from src/test/java/org/eclipse/biscuit/token/UnverifiedBiscuitTest.java
rename to biscuit/src/test/java/org/eclipse/biscuit/token/UnverifiedBiscuitTest.java
diff --git a/src/test/resources/samples/README.md b/biscuit/src/test/resources/samples/README.md
similarity index 99%
rename from src/test/resources/samples/README.md
rename to biscuit/src/test/resources/samples/README.md
index 9e40b16e..efd33f9c 100644
--- a/src/test/resources/samples/README.md
+++ b/biscuit/src/test/resources/samples/README.md
@@ -153,7 +153,7 @@ check if resource($0), operation("read"), right($0, "read");
### validation
-result: `Err(Format(InvalidSignatureSize(16)))`
+result: `Err(Format(BlockSignatureDeserializationError("block signature deserialization error: [117, 149, 161, 18, 161, 235, 91, 129, 166, 227, 152, 133, 46, 97, 24, 183]")))`
------------------------------
diff --git a/src/test/resources/samples/samples.json b/biscuit/src/test/resources/samples/samples.json
similarity index 99%
rename from src/test/resources/samples/samples.json
rename to biscuit/src/test/resources/samples/samples.json
index ab72835b..ebecb1d6 100644
--- a/src/test/resources/samples/samples.json
+++ b/biscuit/src/test/resources/samples/samples.json
@@ -160,7 +160,7 @@
"result": {
"Err": {
"Format": {
- "InvalidSignatureSize": 16
+ "BlockSignatureDeserializationError": "block signature deserialization error: [117, 149, 161, 18, 161, 235, 91, 129, 166, 227, 152, 133, 46, 97, 24, 183]"
}
}
},
diff --git a/src/test/resources/samples/test001_basic.bc b/biscuit/src/test/resources/samples/test001_basic.bc
similarity index 100%
rename from src/test/resources/samples/test001_basic.bc
rename to biscuit/src/test/resources/samples/test001_basic.bc
diff --git a/src/test/resources/samples/test002_different_root_key.bc b/biscuit/src/test/resources/samples/test002_different_root_key.bc
similarity index 100%
rename from src/test/resources/samples/test002_different_root_key.bc
rename to biscuit/src/test/resources/samples/test002_different_root_key.bc
diff --git a/src/test/resources/samples/test003_invalid_signature_format.bc b/biscuit/src/test/resources/samples/test003_invalid_signature_format.bc
similarity index 100%
rename from src/test/resources/samples/test003_invalid_signature_format.bc
rename to biscuit/src/test/resources/samples/test003_invalid_signature_format.bc
diff --git a/src/test/resources/samples/test004_random_block.bc b/biscuit/src/test/resources/samples/test004_random_block.bc
similarity index 100%
rename from src/test/resources/samples/test004_random_block.bc
rename to biscuit/src/test/resources/samples/test004_random_block.bc
diff --git a/src/test/resources/samples/test005_invalid_signature.bc b/biscuit/src/test/resources/samples/test005_invalid_signature.bc
similarity index 100%
rename from src/test/resources/samples/test005_invalid_signature.bc
rename to biscuit/src/test/resources/samples/test005_invalid_signature.bc
diff --git a/src/test/resources/samples/test006_reordered_blocks.bc b/biscuit/src/test/resources/samples/test006_reordered_blocks.bc
similarity index 100%
rename from src/test/resources/samples/test006_reordered_blocks.bc
rename to biscuit/src/test/resources/samples/test006_reordered_blocks.bc
diff --git a/src/test/resources/samples/test007_scoped_rules.bc b/biscuit/src/test/resources/samples/test007_scoped_rules.bc
similarity index 100%
rename from src/test/resources/samples/test007_scoped_rules.bc
rename to biscuit/src/test/resources/samples/test007_scoped_rules.bc
diff --git a/src/test/resources/samples/test008_scoped_checks.bc b/biscuit/src/test/resources/samples/test008_scoped_checks.bc
similarity index 100%
rename from src/test/resources/samples/test008_scoped_checks.bc
rename to biscuit/src/test/resources/samples/test008_scoped_checks.bc
diff --git a/src/test/resources/samples/test009_expired_token.bc b/biscuit/src/test/resources/samples/test009_expired_token.bc
similarity index 100%
rename from src/test/resources/samples/test009_expired_token.bc
rename to biscuit/src/test/resources/samples/test009_expired_token.bc
diff --git a/src/test/resources/samples/test010_authorizer_scope.bc b/biscuit/src/test/resources/samples/test010_authorizer_scope.bc
similarity index 100%
rename from src/test/resources/samples/test010_authorizer_scope.bc
rename to biscuit/src/test/resources/samples/test010_authorizer_scope.bc
diff --git a/src/test/resources/samples/test011_authorizer_authority_caveats.bc b/biscuit/src/test/resources/samples/test011_authorizer_authority_caveats.bc
similarity index 100%
rename from src/test/resources/samples/test011_authorizer_authority_caveats.bc
rename to biscuit/src/test/resources/samples/test011_authorizer_authority_caveats.bc
diff --git a/src/test/resources/samples/test012_authority_caveats.bc b/biscuit/src/test/resources/samples/test012_authority_caveats.bc
similarity index 100%
rename from src/test/resources/samples/test012_authority_caveats.bc
rename to biscuit/src/test/resources/samples/test012_authority_caveats.bc
diff --git a/src/test/resources/samples/test013_block_rules.bc b/biscuit/src/test/resources/samples/test013_block_rules.bc
similarity index 100%
rename from src/test/resources/samples/test013_block_rules.bc
rename to biscuit/src/test/resources/samples/test013_block_rules.bc
diff --git a/src/test/resources/samples/test014_regex_constraint.bc b/biscuit/src/test/resources/samples/test014_regex_constraint.bc
similarity index 100%
rename from src/test/resources/samples/test014_regex_constraint.bc
rename to biscuit/src/test/resources/samples/test014_regex_constraint.bc
diff --git a/src/test/resources/samples/test015_multi_queries_caveats.bc b/biscuit/src/test/resources/samples/test015_multi_queries_caveats.bc
similarity index 100%
rename from src/test/resources/samples/test015_multi_queries_caveats.bc
rename to biscuit/src/test/resources/samples/test015_multi_queries_caveats.bc
diff --git a/src/test/resources/samples/test016_caveat_head_name.bc b/biscuit/src/test/resources/samples/test016_caveat_head_name.bc
similarity index 100%
rename from src/test/resources/samples/test016_caveat_head_name.bc
rename to biscuit/src/test/resources/samples/test016_caveat_head_name.bc
diff --git a/src/test/resources/samples/test017_expressions.bc b/biscuit/src/test/resources/samples/test017_expressions.bc
similarity index 100%
rename from src/test/resources/samples/test017_expressions.bc
rename to biscuit/src/test/resources/samples/test017_expressions.bc
diff --git a/src/test/resources/samples/test018_unbound_variables_in_rule.bc b/biscuit/src/test/resources/samples/test018_unbound_variables_in_rule.bc
similarity index 100%
rename from src/test/resources/samples/test018_unbound_variables_in_rule.bc
rename to biscuit/src/test/resources/samples/test018_unbound_variables_in_rule.bc
diff --git a/src/test/resources/samples/test019_generating_ambient_from_variables.bc b/biscuit/src/test/resources/samples/test019_generating_ambient_from_variables.bc
similarity index 100%
rename from src/test/resources/samples/test019_generating_ambient_from_variables.bc
rename to biscuit/src/test/resources/samples/test019_generating_ambient_from_variables.bc
diff --git a/src/test/resources/samples/test020_sealed.bc b/biscuit/src/test/resources/samples/test020_sealed.bc
similarity index 100%
rename from src/test/resources/samples/test020_sealed.bc
rename to biscuit/src/test/resources/samples/test020_sealed.bc
diff --git a/src/test/resources/samples/test021_parsing.bc b/biscuit/src/test/resources/samples/test021_parsing.bc
similarity index 100%
rename from src/test/resources/samples/test021_parsing.bc
rename to biscuit/src/test/resources/samples/test021_parsing.bc
diff --git a/src/test/resources/samples/test022_default_symbols.bc b/biscuit/src/test/resources/samples/test022_default_symbols.bc
similarity index 100%
rename from src/test/resources/samples/test022_default_symbols.bc
rename to biscuit/src/test/resources/samples/test022_default_symbols.bc
diff --git a/src/test/resources/samples/test023_execution_scope.bc b/biscuit/src/test/resources/samples/test023_execution_scope.bc
similarity index 100%
rename from src/test/resources/samples/test023_execution_scope.bc
rename to biscuit/src/test/resources/samples/test023_execution_scope.bc
diff --git a/src/test/resources/samples/test024_third_party.bc b/biscuit/src/test/resources/samples/test024_third_party.bc
similarity index 100%
rename from src/test/resources/samples/test024_third_party.bc
rename to biscuit/src/test/resources/samples/test024_third_party.bc
diff --git a/src/test/resources/samples/test025_check_all.bc b/biscuit/src/test/resources/samples/test025_check_all.bc
similarity index 100%
rename from src/test/resources/samples/test025_check_all.bc
rename to biscuit/src/test/resources/samples/test025_check_all.bc
diff --git a/src/test/resources/samples/test026_public_keys_interning.bc b/biscuit/src/test/resources/samples/test026_public_keys_interning.bc
similarity index 100%
rename from src/test/resources/samples/test026_public_keys_interning.bc
rename to biscuit/src/test/resources/samples/test026_public_keys_interning.bc
diff --git a/src/test/resources/samples/test027_integer_wraparound.bc b/biscuit/src/test/resources/samples/test027_integer_wraparound.bc
similarity index 100%
rename from src/test/resources/samples/test027_integer_wraparound.bc
rename to biscuit/src/test/resources/samples/test027_integer_wraparound.bc
diff --git a/src/test/resources/samples/test028_expressions_v4.bc b/biscuit/src/test/resources/samples/test028_expressions_v4.bc
similarity index 100%
rename from src/test/resources/samples/test028_expressions_v4.bc
rename to biscuit/src/test/resources/samples/test028_expressions_v4.bc
diff --git a/src/test/resources/samples/test029_reject_if.bc b/biscuit/src/test/resources/samples/test029_reject_if.bc
similarity index 100%
rename from src/test/resources/samples/test029_reject_if.bc
rename to biscuit/src/test/resources/samples/test029_reject_if.bc
diff --git a/src/test/resources/samples/test030_null.bc b/biscuit/src/test/resources/samples/test030_null.bc
similarity index 100%
rename from src/test/resources/samples/test030_null.bc
rename to biscuit/src/test/resources/samples/test030_null.bc
diff --git a/src/test/resources/samples/test031_heterogeneous_equal.bc b/biscuit/src/test/resources/samples/test031_heterogeneous_equal.bc
similarity index 100%
rename from src/test/resources/samples/test031_heterogeneous_equal.bc
rename to biscuit/src/test/resources/samples/test031_heterogeneous_equal.bc
diff --git a/src/test/resources/samples/test032_laziness_closures.bc b/biscuit/src/test/resources/samples/test032_laziness_closures.bc
similarity index 100%
rename from src/test/resources/samples/test032_laziness_closures.bc
rename to biscuit/src/test/resources/samples/test032_laziness_closures.bc
diff --git a/src/test/resources/samples/test033_typeof.bc b/biscuit/src/test/resources/samples/test033_typeof.bc
similarity index 100%
rename from src/test/resources/samples/test033_typeof.bc
rename to biscuit/src/test/resources/samples/test033_typeof.bc
diff --git a/src/test/resources/samples/test034_array_map.bc b/biscuit/src/test/resources/samples/test034_array_map.bc
similarity index 100%
rename from src/test/resources/samples/test034_array_map.bc
rename to biscuit/src/test/resources/samples/test034_array_map.bc
diff --git a/src/test/resources/samples/test036_secp256r1.bc b/biscuit/src/test/resources/samples/test036_secp256r1.bc
similarity index 100%
rename from src/test/resources/samples/test036_secp256r1.bc
rename to biscuit/src/test/resources/samples/test036_secp256r1.bc
diff --git a/src/test/resources/samples/test037_secp256r1_third_party.bc b/biscuit/src/test/resources/samples/test037_secp256r1_third_party.bc
similarity index 100%
rename from src/test/resources/samples/test037_secp256r1_third_party.bc
rename to biscuit/src/test/resources/samples/test037_secp256r1_third_party.bc
diff --git a/src/test/resources/samples/test038_try_op.bc b/biscuit/src/test/resources/samples/test038_try_op.bc
similarity index 100%
rename from src/test/resources/samples/test038_try_op.bc
rename to biscuit/src/test/resources/samples/test038_try_op.bc
diff --git a/pom.xml b/pom.xml
index dd79987d..fec7d8d9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,14 +7,19 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
4.0.0
org.eclipse
- biscuit
- jar
- 4.0.1
+ biscuit-java
+ pom
+ 4.1.0
biscuit-java
https://github.com/eclipse-biscuit/biscuit-java
Java support for the biscuit auth token and policy language
+
+ biscuit
+ biscuit-core
+
+
UTF-8
11
@@ -278,51 +283,6 @@
-
-
- com.google.protobuf
- protobuf-java
- ${protobuf.version}
-
-
- com.google.re2j
- re2j
- ${re2j.version}
-
-
- com.fasterxml.jackson.core
- jackson-databind
- ${jackson.version}
-
-
- org.bouncycastle
- bcprov-jdk18on
- ${bcprov.version}
-
-
- org.junit.jupiter
- junit-jupiter
- test
-
-
- software.amazon.awssdk
- kms
- ${awssdk-kms.version}
- test
-
-
- org.testcontainers
- junit-jupiter
- ${testcontainers-junit-jupiter.version}
- test
-
-
- org.testcontainers
- localstack
- ${testcontainers-localstack.version}
- test
-
-
diff --git a/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java b/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java
deleted file mode 100644
index f1f105a6..00000000
--- a/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 2019 Geoffroy Couprie and Contributors to the Eclipse Foundation.
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.eclipse.biscuit.crypto;
-
-import biscuit.format.schema.Schema.PublicKey.Algorithm;
-import java.security.SecureRandom;
-import org.eclipse.biscuit.error.Error;
-import org.eclipse.biscuit.token.builder.Utils;
-
-/** Private and public key. */
-public abstract class KeyPair implements Signer {
- public interface Factory {
- KeyPair generate(byte[] bytes) throws Error.FormatError.InvalidKeySize;
-
- KeyPair generate(SecureRandom rng);
- }
-
- public static final Factory DEFAULT_ED25519_FACTORY =
- new Factory() {
- @Override
- public KeyPair generate(byte[] bytes) throws Error.FormatError.InvalidKeySize {
- return new Ed25519KeyPair(bytes);
- }
-
- @Override
- public KeyPair generate(SecureRandom rng) {
- return new Ed25519KeyPair(rng);
- }
- };
-
- public static final Factory DEFAULT_SECP256R1_FACTORY =
- new Factory() {
- @Override
- public KeyPair generate(byte[] bytes) throws Error.FormatError.InvalidKeySize {
- return new SECP256R1KeyPair(bytes, true);
- }
-
- @Override
- public KeyPair generate(SecureRandom rng) {
- return new SECP256R1KeyPair(rng, true);
- }
- };
-
- public static final Factory DEFAULT_NONDETERMINISTIC_SECP256R1_FACTORY =
- new Factory() {
- @Override
- public KeyPair generate(byte[] bytes) throws Error.FormatError.InvalidKeySize {
- return new SECP256R1KeyPair(bytes, false);
- }
-
- @Override
- public KeyPair generate(SecureRandom rng) {
- return new SECP256R1KeyPair(rng, false);
- }
- };
-
- private static volatile Factory ed25519Factory = DEFAULT_ED25519_FACTORY;
- private static volatile Factory secp256r1Factory = DEFAULT_SECP256R1_FACTORY;
-
- public static KeyPair generate(Algorithm algorithm) {
- return generate(algorithm, new SecureRandom());
- }
-
- public static KeyPair generate(Algorithm algorithm, String hex)
- throws Error.FormatError.InvalidKeySize {
- return generate(algorithm, Utils.hexStringToByteArray(hex));
- }
-
- public static KeyPair generate(Algorithm algorithm, byte[] bytes)
- throws Error.FormatError.InvalidKeySize {
- if (algorithm == Algorithm.Ed25519) {
- return ed25519Factory.generate(bytes);
- } else if (algorithm == Algorithm.SECP256R1) {
- return secp256r1Factory.generate(bytes);
- } else {
- throw new IllegalArgumentException("Unsupported algorithm");
- }
- }
-
- public static KeyPair generate(Algorithm algorithm, SecureRandom rng) {
- if (algorithm == Algorithm.Ed25519) {
- return ed25519Factory.generate(rng);
- } else if (algorithm == Algorithm.SECP256R1) {
- return secp256r1Factory.generate(rng);
- } else {
- throw new IllegalArgumentException("Unsupported algorithm");
- }
- }
-
- public static void setEd25519Factory(Factory factory) {
- ed25519Factory = factory;
- }
-
- public static void setSECP256R1Factory(Factory factory) {
- secp256r1Factory = factory;
- }
-
- public abstract byte[] toBytes();
-
- public abstract String toHex();
-
- @Override
- public abstract PublicKey getPublicKey();
-}
diff --git a/src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java b/src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java
deleted file mode 100644
index cf07faed..00000000
--- a/src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2019 Geoffroy Couprie and Contributors to the Eclipse Foundation.
- * SPDX-License-Identifier: Apache-2.0
- */
-
-package org.eclipse.biscuit.token;
-
-import static org.eclipse.biscuit.token.builder.Utils.fact;
-import static org.eclipse.biscuit.token.builder.Utils.str;
-
-import biscuit.format.schema.Schema;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.SignatureException;
-import java.util.List;
-import org.eclipse.biscuit.crypto.KeyPair;
-import org.eclipse.biscuit.error.Error;
-import org.eclipse.biscuit.token.builder.Block;
-import org.junit.jupiter.api.AfterAll;
-import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.parallel.Isolated;
-
-/** Top-level test to ensure ECDSA with nondeterministic nonce also works. */
-@Isolated
-public class NondeterministicEcdsaTest {
- @BeforeAll
- static void beforeAll() {
- KeyPair.setSECP256R1Factory(KeyPair.DEFAULT_NONDETERMINISTIC_SECP256R1_FACTORY);
- }
-
- @AfterAll
- static void afterAll() {
- KeyPair.setSECP256R1Factory(KeyPair.DEFAULT_SECP256R1_FACTORY);
- }
-
- @Test
- public void simpleSigningTest()
- throws Error, NoSuchAlgorithmException, SignatureException, InvalidKeyException {
- var root = KeyPair.generate(Schema.PublicKey.Algorithm.SECP256R1);
- var b =
- Biscuit.make(
- new SecureRandom(),
- root,
- new Block().addFact(fact("foo", List.of(str("bar")))).build());
- Biscuit.fromBytes(b.serialize(), root.getPublicKey());
- }
-}