From 17721a58fbd03bbbcd6e374ccdb8ff2bd577d80f Mon Sep 17 00:00:00 2001 From: Adam Preuss Date: Thu, 17 Jul 2025 11:37:49 -0600 Subject: [PATCH 1/9] Update samples to latest. This requires an update to error handling for invalid key size. --- .../biscuit/crypto/Ed25519PublicKey.java | 15 ++++- .../org/eclipse/biscuit/crypto/PublicKey.java | 20 +------ .../biscuit/crypto/SECP256R1PublicKey.java | 16 +++++- .../org/eclipse/biscuit/crypto/Token.java | 11 ++-- .../java/org/eclipse/biscuit/error/Error.java | 42 ++++++++++++++ .../biscuit/token/UnverifiedBiscuit.java | 6 +- .../token/format/SerializedBiscuit.java | 56 +++++-------------- src/test/resources/samples/README.md | 2 +- src/test/resources/samples/samples.json | 2 +- 9 files changed, 95 insertions(+), 75 deletions(-) diff --git a/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java b/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java index 5408b8b0..502c1ccf 100644 --- a/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java +++ b/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java @@ -7,6 +7,7 @@ import biscuit.format.schema.Schema.PublicKey.Algorithm; import java.util.Arrays; +import java.util.Optional; import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters; import org.bouncycastle.crypto.signers.Ed25519Signer; import org.eclipse.biscuit.error.Error; @@ -63,10 +64,20 @@ public Algorithm getAlgorithm() { } @Override - public boolean verify(byte[] data, byte[] signature) { + public Optional verify(byte[] data, byte[] signature) { + if (signature.length != Ed25519KeyPair.SIGNATURE_LENGTH) { + return Optional.of(new Error.FormatError.BlockSignatureDeserializationError(signature)); + } + var sgr = new Ed25519Signer(); sgr.init(false, this.publicKey); sgr.update(data, 0, data.length); - return sgr.verifySignature(signature); + if (!sgr.verifySignature(signature)) { + return Optional.of( + new Error.FormatError.Signature.InvalidSignature( + "signature error: Verification equation was not satisfied")); + } + + return Optional.empty(); } } diff --git a/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java b/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java index b10aac41..9ba0375b 100644 --- a/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java +++ b/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java @@ -66,24 +66,6 @@ public static PublicKey deserialize(Schema.PublicKey pk) throws Error.FormatErro return PublicKey.load(pk.getAlgorithm(), pk.getKey().toByteArray()); } - public static Optional validateSignatureLength(Algorithm algorithm, int length) { - Optional error = Optional.empty(); - if (algorithm == Algorithm.Ed25519) { - if (length != Ed25519KeyPair.SIGNATURE_LENGTH) { - error = Optional.of(new Error.FormatError.Signature.InvalidSignatureSize(length)); - } - } else if (algorithm == Algorithm.SECP256R1) { - if (length < SECP256R1KeyPair.MINIMUM_SIGNATURE_LENGTH - || length > SECP256R1KeyPair.MAXIMUM_SIGNATURE_LENGTH) { - error = Optional.of(new Error.FormatError.Signature.InvalidSignatureSize(length)); - } - } else { - error = - Optional.of(new Error.FormatError.Signature.InvalidSignature("unsupported algorithm")); - } - return error; - } - public static void setEd25519Factory(Factory factory) { ed25519Factory = factory; } @@ -94,6 +76,6 @@ public static void setSECP256R1Factory(Factory factory) { public abstract Algorithm getAlgorithm(); - public abstract boolean verify(byte[] data, byte[] signature) + public abstract Optional verify(byte[] data, byte[] signature) throws InvalidKeyException, SignatureException, NoSuchAlgorithmException; } diff --git a/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java b/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java index 5199eab7..a0804f0f 100644 --- a/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java +++ b/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java @@ -11,6 +11,7 @@ import java.io.IOException; import java.math.BigInteger; import java.util.Arrays; +import java.util.Optional; import org.bouncycastle.asn1.sec.SECNamedCurves; import org.bouncycastle.asn1.x9.X9ECParameters; import org.bouncycastle.crypto.digests.SHA256Digest; @@ -91,7 +92,12 @@ public Algorithm getAlgorithm() { } @Override - public boolean verify(byte[] data, byte[] signature) { + public Optional verify(byte[] data, byte[] signature) { + if (signature.length < SECP256R1KeyPair.MINIMUM_SIGNATURE_LENGTH + || signature.length > SECP256R1KeyPair.MAXIMUM_SIGNATURE_LENGTH) { + return Optional.of(new Error.FormatError.BlockSignatureDeserializationError(signature)); + } + var digest = new SHA256Digest(); digest.update(data, 0, data.length); var hash = new byte[digest.getDigestSize()]; @@ -107,6 +113,12 @@ public boolean verify(byte[] data, byte[] signature) { throw new IllegalStateException(e.toString()); } - return signer.verifySignature(hash, sig[0], sig[1]); + if (!signer.verifySignature(hash, sig[0], sig[1])) { + return Optional.of( + new Error.FormatError.Signature.InvalidSignature( + "signature error: Verification equation was not satisfied")); + } + + return Optional.empty(); } } diff --git a/src/main/java/org/eclipse/biscuit/crypto/Token.java b/src/main/java/org/eclipse/biscuit/crypto/Token.java index 03b7b87d..ce08fd68 100644 --- a/src/main/java/org/eclipse/biscuit/crypto/Token.java +++ b/src/main/java/org/eclipse/biscuit/crypto/Token.java @@ -72,13 +72,12 @@ public Result verify(PublicKey root) byte[] payload = BlockSignatureBuffer.generateBlockSignaturePayloadV0(block, nextKey, Optional.empty()); - if (currentKey.verify(payload, signature)) { - currentKey = nextKey; - } else { - return Result.err( - new Error.FormatError.Signature.InvalidSignature( - "signature error: Verification equation was not satisfied")); + var verificationResult = currentKey.verify(payload, signature); + if (verificationResult.isPresent()) { + return Result.err(verificationResult.get()); } + + currentKey = nextKey; } if (this.next.getPublicKey().equals(currentKey)) { diff --git a/src/main/java/org/eclipse/biscuit/error/Error.java b/src/main/java/org/eclipse/biscuit/error/Error.java index e71ddf90..c631523a 100644 --- a/src/main/java/org/eclipse/biscuit/error/Error.java +++ b/src/main/java/org/eclipse/biscuit/error/Error.java @@ -13,6 +13,8 @@ import java.util.List; import java.util.Objects; import java.util.Optional; +import java.util.stream.Collectors; +import java.util.stream.IntStream; import org.eclipse.biscuit.datalog.expressions.Expression; public abstract class Error extends Exception { @@ -265,6 +267,46 @@ public JsonNode toJson() { } } + public static final class BlockSignatureDeserializationError extends FormatError { + private final String err; + + public BlockSignatureDeserializationError(byte[] signature) { + this.err = + "block signature deserialization error: " + + IntStream.range(0, signature.length) + .mapToObj(i -> String.valueOf(signature[i] & 0xff)) + .collect(Collectors.joining(", ", "[", "]")); + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + BlockSignatureDeserializationError other = (BlockSignatureDeserializationError) o; + return err.equals(other.err); + } + + @Override + public int hashCode() { + return Objects.hash(err); + } + + @Override + public String toString() { + return "Err(FormatError.BlockSignatureDeserializationError{ error: " + err + " }"; + } + + @Override + public JsonNode toJson() { + return FormatError.jsonWrapper( + objectMapper.createObjectNode().put("BlockSignatureDeserializationError", this.err)); + } + } + public static final class BlockSerializationError extends FormatError { private final String err; diff --git a/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java b/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java index 161f419e..48168bd2 100644 --- a/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java +++ b/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java @@ -291,9 +291,9 @@ public UnverifiedBiscuit appendThirdPartyBlock( blockResponse.getPayload(), previousBlock.getSignature(), BlockSignatureBuffer.THIRD_PARTY_SIGNATURE_VERSION); - if (!externalKey.verify(payload, blockResponse.getSignature())) { - throw new Error.FormatError.Signature.InvalidSignature( - "signature error: Verification equation was not satisfied"); + var verificationResult = externalKey.verify(payload, blockResponse.getSignature()); + if (verificationResult.isPresent()) { + throw verificationResult.get(); } var res = Block.fromBytes(blockResponse.getPayload(), Optional.of(externalKey)); diff --git a/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java b/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java index 613c448b..80eddd4f 100644 --- a/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java +++ b/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java @@ -358,7 +358,7 @@ public Result append( public Result verify(org.eclipse.biscuit.crypto.PublicKey root) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { - org.eclipse.biscuit.crypto.PublicKey currentKey = root; + PublicKey currentKey = root; var res = verifyAuthorityBlockSignature(this.authority, currentKey); if (res.isOk()) { currentKey = res.getOk(); @@ -377,26 +377,15 @@ public Result verify(org.eclipse.biscuit.crypto.PublicKey root) } } - // System.out.println("signatures verified, checking proof"); - if (!this.proof.isSealed()) { - // System.out.println("checking secret key"); - // System.out.println("current key: " + currentKey.toHex()); - // System.out.println("key from proof: " + this.proof.secretKey.get().public_key().toHex()); if (this.proof.secretKey().getPublicKey().equals(currentKey)) { - // System.out.println("public keys are equal"); - return Result.ok(null); } else { - // System.out.println("public keys are not equal"); - return Result.err( new Error.FormatError.Signature.InvalidSignature( "signature error: Verification equation was not satisfied")); } } else { - // System.out.println("checking final signature"); - byte[] finalSignature = this.proof.getSignature().get(); SignedBlock b; @@ -407,10 +396,11 @@ public Result verify(org.eclipse.biscuit.crypto.PublicKey root) } byte[] payload = BlockSignatureBuffer.generateSealBlockSignaturePayloadV0(b); - if (currentKey.verify(payload, finalSignature)) { - return Result.ok(null); - } else { + var verificationResult = currentKey.verify(payload, finalSignature); + if (verificationResult.isPresent()) { return Result.err(new Error.FormatError.Signature.SealedSignature()); + } else { + return Result.ok(null); } } } @@ -418,13 +408,6 @@ public Result verify(org.eclipse.biscuit.crypto.PublicKey root) static Result verifyAuthorityBlockSignature( SignedBlock signedBlock, org.eclipse.biscuit.crypto.PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { - var signatureLengthError = - PublicKey.validateSignatureLength( - publicKey.getAlgorithm(), signedBlock.getSignature().length); - if (signatureLengthError.isPresent()) { - return Result.err(signatureLengthError.get()); - } - var payload = BlockSignatureBuffer.generateBlockSignaturePayload( signedBlock.getBlock(), @@ -436,10 +419,9 @@ static Result verifyAuthorityBlockS return Result.err(payload.getErr()); } - if (!publicKey.verify(payload.getOk(), signedBlock.getSignature())) { - return Result.err( - new Error.FormatError.Signature.InvalidSignature( - "signature error: Verification equation was not satisfied")); + var verificationResult = publicKey.verify(payload.getOk(), signedBlock.getSignature()); + if (verificationResult.isPresent()) { + return Result.err(verificationResult.get()); } return Result.ok(signedBlock.getKey()); @@ -450,13 +432,6 @@ static Result verifyBlockSignature( org.eclipse.biscuit.crypto.PublicKey publicKey, byte[] previousSignature) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { - var signatureLengthError = - PublicKey.validateSignatureLength( - publicKey.getAlgorithm(), signedBlock.getSignature().length); - if (signatureLengthError.isPresent()) { - return Result.err(signatureLengthError.get()); - } - var payload = BlockSignatureBuffer.generateBlockSignaturePayload( signedBlock.getBlock(), @@ -468,10 +443,9 @@ static Result verifyBlockSignature( return Result.err(payload.getErr()); } - if (!publicKey.verify(payload.getOk(), signedBlock.getSignature())) { - return Result.err( - new Error.FormatError.Signature.InvalidSignature( - "signature error: Verification equation was not satisfied")); + var verificationResult = publicKey.verify(payload.getOk(), signedBlock.getSignature()); + if (verificationResult.isPresent()) { + return Result.err(verificationResult.get()); } if (signedBlock.getExternalSignature().isPresent()) { @@ -480,10 +454,10 @@ static Result verifyBlockSignature( signedBlock.getBlock(), publicKey, previousSignature, signedBlock.getVersion()); ExternalSignature externalSignature = signedBlock.getExternalSignature().get(); - if (!externalSignature.getKey().verify(externalPayload, externalSignature.getSignature())) { - return Result.err( - new Error.FormatError.Signature.InvalidSignature( - "external signature error: Verification equation was not satisfied")); + var externalResult = + externalSignature.getKey().verify(externalPayload, externalSignature.getSignature()); + if (externalResult.isPresent()) { + return Result.err(externalResult.get()); } } diff --git a/src/test/resources/samples/README.md b/src/test/resources/samples/README.md index 9e40b16e..efd33f9c 100644 --- a/src/test/resources/samples/README.md +++ b/src/test/resources/samples/README.md @@ -153,7 +153,7 @@ check if resource($0), operation("read"), right($0, "read"); ### validation -result: `Err(Format(InvalidSignatureSize(16)))` +result: `Err(Format(BlockSignatureDeserializationError("block signature deserialization error: [117, 149, 161, 18, 161, 235, 91, 129, 166, 227, 152, 133, 46, 97, 24, 183]")))` ------------------------------ diff --git a/src/test/resources/samples/samples.json b/src/test/resources/samples/samples.json index ab72835b..ebecb1d6 100644 --- a/src/test/resources/samples/samples.json +++ b/src/test/resources/samples/samples.json @@ -160,7 +160,7 @@ "result": { "Err": { "Format": { - "InvalidSignatureSize": 16 + "BlockSignatureDeserializationError": "block signature deserialization error: [117, 149, 161, 18, 161, 235, 91, 129, 166, 227, 152, 133, 46, 97, 24, 183]" } } }, From d0e56b5495a755729cc4476508cbca5919f82bcd Mon Sep 17 00:00:00 2001 From: Adam Preuss Date: Tue, 20 Jan 2026 11:15:19 -0700 Subject: [PATCH 2/9] Move everything into a new biscuit submodule. This prepares for the eventual split into biscuit and biscuit-core. --- biscuit/pom.xml | 63 ++++++++++++++++++ .../biscuit/crypto/BlockSignatureBuffer.java | 0 .../biscuit/crypto/Ed25519KeyPair.java | 0 .../biscuit/crypto/Ed25519PublicKey.java | 0 .../eclipse/biscuit/crypto/KeyDelegate.java | 0 .../org/eclipse/biscuit/crypto/KeyPair.java | 0 .../org/eclipse/biscuit/crypto/PublicKey.java | 0 .../biscuit/crypto/SECP256R1KeyPair.java | 0 .../biscuit/crypto/SECP256R1PublicKey.java | 0 .../org/eclipse/biscuit/crypto/Signer.java | 0 .../org/eclipse/biscuit/crypto/Token.java | 0 .../biscuit/crypto/TokenSignature.java | 0 .../eclipse/biscuit/crypto/package-info.java | 0 .../org/eclipse/biscuit/datalog/Check.java | 0 .../eclipse/biscuit/datalog/Combinator.java | 0 .../org/eclipse/biscuit/datalog/Fact.java | 0 .../org/eclipse/biscuit/datalog/FactSet.java | 0 .../org/eclipse/biscuit/datalog/MapKey.java | 0 .../biscuit/datalog/MatchedVariables.java | 0 .../org/eclipse/biscuit/datalog/Origin.java | 0 .../org/eclipse/biscuit/datalog/Pair.java | 0 .../eclipse/biscuit/datalog/Predicate.java | 0 .../org/eclipse/biscuit/datalog/Rule.java | 0 .../org/eclipse/biscuit/datalog/RuleSet.java | 0 .../eclipse/biscuit/datalog/RunLimits.java | 0 .../biscuit/datalog/SchemaVersion.java | 0 .../org/eclipse/biscuit/datalog/Scope.java | 0 .../eclipse/biscuit/datalog/SymbolTable.java | 0 .../biscuit/datalog/TemporarySymbolTable.java | 0 .../org/eclipse/biscuit/datalog/Term.java | 0 .../biscuit/datalog/TrustedOrigins.java | 0 .../org/eclipse/biscuit/datalog/World.java | 0 .../datalog/expressions/Expression.java | 0 .../biscuit/datalog/expressions/Op.java | 0 .../eclipse/biscuit/datalog/package-info.java | 0 .../java/org/eclipse/biscuit/error/Error.java | 0 .../eclipse/biscuit/error/FailedCheck.java | 0 .../org/eclipse/biscuit/error/LogicError.java | 0 .../org/eclipse/biscuit/error/Result.java | 0 .../eclipse/biscuit/error/package-info.java | 0 .../org/eclipse/biscuit/token/Authorizer.java | 0 .../org/eclipse/biscuit/token/Biscuit.java | 0 .../java/org/eclipse/biscuit/token/Block.java | 0 .../org/eclipse/biscuit/token/Policy.java | 0 .../biscuit/token/RevocationIdentifier.java | 0 .../token/ThirdPartyBlockContents.java | 0 .../biscuit/token/ThirdPartyBlockRequest.java | 0 .../biscuit/token/UnverifiedBiscuit.java | 0 .../biscuit/token/builder/Biscuit.java | 0 .../eclipse/biscuit/token/builder/Block.java | 0 .../eclipse/biscuit/token/builder/Check.java | 0 .../biscuit/token/builder/Expression.java | 0 .../eclipse/biscuit/token/builder/Fact.java | 0 .../eclipse/biscuit/token/builder/MapKey.java | 0 .../biscuit/token/builder/Predicate.java | 0 .../eclipse/biscuit/token/builder/Rule.java | 0 .../eclipse/biscuit/token/builder/Scope.java | 0 .../eclipse/biscuit/token/builder/Term.java | 0 .../eclipse/biscuit/token/builder/Utils.java | 0 .../biscuit/token/builder/package-info.java | 0 .../biscuit/token/builder/parser/Error.java | 0 .../builder/parser/ExpressionParser.java | 0 .../biscuit/token/builder/parser/Parser.java | 0 .../token/format/ExternalSignature.java | 0 .../eclipse/biscuit/token/format/Proof.java | 0 .../token/format/SerializedBiscuit.java | 0 .../biscuit/token/format/SignedBlock.java | 0 .../biscuit/token/format/package-info.java | 0 .../eclipse/biscuit/token/package-info.java | 0 {src => biscuit/src}/main/proto/schema.proto | 0 .../eclipse/biscuit/builder/BuilderTest.java | 0 .../biscuit/builder/parser/ParserTest.java | 0 .../eclipse/biscuit/crypto/SignatureTest.java | 0 .../biscuit/datalog/ExpressionTest.java | 0 .../eclipse/biscuit/datalog/WorldTest.java | 0 .../eclipse/biscuit/token/AuthorizerTest.java | 0 .../eclipse/biscuit/token/BiscuitTest.java | 0 .../eclipse/biscuit/token/ExampleTest.java | 0 .../biscuit/token/KmsSignerExampleTest.java | 0 .../token/NondeterministicEcdsaTest.java | 0 .../eclipse/biscuit/token/SamplesTest.java | 0 .../eclipse/biscuit/token/ThirdPartyTest.java | 0 .../biscuit/token/UnverifiedBiscuitTest.java | 0 .../src}/test/resources/samples/README.md | 0 .../src}/test/resources/samples/samples.json | 0 .../test/resources/samples/test001_basic.bc | Bin .../samples/test002_different_root_key.bc | Bin .../test003_invalid_signature_format.bc | Bin .../resources/samples/test004_random_block.bc | Bin .../samples/test005_invalid_signature.bc | Bin .../samples/test006_reordered_blocks.bc | Bin .../resources/samples/test007_scoped_rules.bc | Bin .../samples/test008_scoped_checks.bc | Bin .../samples/test009_expired_token.bc | Bin .../samples/test010_authorizer_scope.bc | Bin .../test011_authorizer_authority_caveats.bc | Bin .../samples/test012_authority_caveats.bc | Bin .../resources/samples/test013_block_rules.bc | Bin .../samples/test014_regex_constraint.bc | Bin .../samples/test015_multi_queries_caveats.bc | Bin .../samples/test016_caveat_head_name.bc | Bin .../resources/samples/test017_expressions.bc | Bin .../test018_unbound_variables_in_rule.bc | Bin ...st019_generating_ambient_from_variables.bc | Bin .../test/resources/samples/test020_sealed.bc | Bin .../test/resources/samples/test021_parsing.bc | Bin .../samples/test022_default_symbols.bc | Bin .../samples/test023_execution_scope.bc | Bin .../resources/samples/test024_third_party.bc | Bin .../resources/samples/test025_check_all.bc | Bin .../samples/test026_public_keys_interning.bc | Bin .../samples/test027_integer_wraparound.bc | Bin .../samples/test028_expressions_v4.bc | Bin .../resources/samples/test029_reject_if.bc | Bin .../test/resources/samples/test030_null.bc | Bin .../samples/test031_heterogeneous_equal.bc | Bin .../samples/test032_laziness_closures.bc | Bin .../test/resources/samples/test033_typeof.bc | Bin .../resources/samples/test034_array_map.bc | Bin .../resources/samples/test036_secp256r1.bc | Bin .../samples/test037_secp256r1_third_party.bc | Bin .../test/resources/samples/test038_try_op.bc | Bin pom.xml | 53 ++------------- 123 files changed, 69 insertions(+), 47 deletions(-) create mode 100644 biscuit/pom.xml rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/KeyPair.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/PublicKey.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/Signer.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/Token.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/TokenSignature.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/crypto/package-info.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/Check.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/Combinator.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/Fact.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/FactSet.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/MapKey.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/Origin.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/Pair.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/Predicate.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/Rule.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/RuleSet.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/RunLimits.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/Scope.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/SymbolTable.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/Term.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/World.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/expressions/Op.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/datalog/package-info.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/error/Error.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/error/FailedCheck.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/error/LogicError.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/error/Result.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/error/package-info.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/Authorizer.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/Biscuit.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/Block.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/Policy.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/Biscuit.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/Block.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/Check.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/Expression.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/Fact.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/MapKey.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/Predicate.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/Rule.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/Scope.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/Term.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/Utils.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/package-info.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/parser/Error.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/format/Proof.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/format/SignedBlock.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/format/package-info.java (100%) rename {src => biscuit/src}/main/java/org/eclipse/biscuit/token/package-info.java (100%) rename {src => biscuit/src}/main/proto/schema.proto (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/builder/BuilderTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/builder/parser/ParserTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/crypto/SignatureTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/datalog/ExpressionTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/datalog/WorldTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/token/AuthorizerTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/token/BiscuitTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/token/ExampleTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/token/KmsSignerExampleTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/token/SamplesTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/token/ThirdPartyTest.java (100%) rename {src => biscuit/src}/test/java/org/eclipse/biscuit/token/UnverifiedBiscuitTest.java (100%) rename {src => biscuit/src}/test/resources/samples/README.md (100%) rename {src => biscuit/src}/test/resources/samples/samples.json (100%) rename {src => biscuit/src}/test/resources/samples/test001_basic.bc (100%) rename {src => biscuit/src}/test/resources/samples/test002_different_root_key.bc (100%) rename {src => biscuit/src}/test/resources/samples/test003_invalid_signature_format.bc (100%) rename {src => biscuit/src}/test/resources/samples/test004_random_block.bc (100%) rename {src => biscuit/src}/test/resources/samples/test005_invalid_signature.bc (100%) rename {src => biscuit/src}/test/resources/samples/test006_reordered_blocks.bc (100%) rename {src => biscuit/src}/test/resources/samples/test007_scoped_rules.bc (100%) rename {src => biscuit/src}/test/resources/samples/test008_scoped_checks.bc (100%) rename {src => biscuit/src}/test/resources/samples/test009_expired_token.bc (100%) rename {src => biscuit/src}/test/resources/samples/test010_authorizer_scope.bc (100%) rename {src => biscuit/src}/test/resources/samples/test011_authorizer_authority_caveats.bc (100%) rename {src => biscuit/src}/test/resources/samples/test012_authority_caveats.bc (100%) rename {src => biscuit/src}/test/resources/samples/test013_block_rules.bc (100%) rename {src => biscuit/src}/test/resources/samples/test014_regex_constraint.bc (100%) rename {src => biscuit/src}/test/resources/samples/test015_multi_queries_caveats.bc (100%) rename {src => biscuit/src}/test/resources/samples/test016_caveat_head_name.bc (100%) rename {src => biscuit/src}/test/resources/samples/test017_expressions.bc (100%) rename {src => biscuit/src}/test/resources/samples/test018_unbound_variables_in_rule.bc (100%) rename {src => biscuit/src}/test/resources/samples/test019_generating_ambient_from_variables.bc (100%) rename {src => biscuit/src}/test/resources/samples/test020_sealed.bc (100%) rename {src => biscuit/src}/test/resources/samples/test021_parsing.bc (100%) rename {src => biscuit/src}/test/resources/samples/test022_default_symbols.bc (100%) rename {src => biscuit/src}/test/resources/samples/test023_execution_scope.bc (100%) rename {src => biscuit/src}/test/resources/samples/test024_third_party.bc (100%) rename {src => biscuit/src}/test/resources/samples/test025_check_all.bc (100%) rename {src => biscuit/src}/test/resources/samples/test026_public_keys_interning.bc (100%) rename {src => biscuit/src}/test/resources/samples/test027_integer_wraparound.bc (100%) rename {src => biscuit/src}/test/resources/samples/test028_expressions_v4.bc (100%) rename {src => biscuit/src}/test/resources/samples/test029_reject_if.bc (100%) rename {src => biscuit/src}/test/resources/samples/test030_null.bc (100%) rename {src => biscuit/src}/test/resources/samples/test031_heterogeneous_equal.bc (100%) rename {src => biscuit/src}/test/resources/samples/test032_laziness_closures.bc (100%) rename {src => biscuit/src}/test/resources/samples/test033_typeof.bc (100%) rename {src => biscuit/src}/test/resources/samples/test034_array_map.bc (100%) rename {src => biscuit/src}/test/resources/samples/test036_secp256r1.bc (100%) rename {src => biscuit/src}/test/resources/samples/test037_secp256r1_third_party.bc (100%) rename {src => biscuit/src}/test/resources/samples/test038_try_op.bc (100%) diff --git a/biscuit/pom.xml b/biscuit/pom.xml new file mode 100644 index 00000000..3b14fb5b --- /dev/null +++ b/biscuit/pom.xml @@ -0,0 +1,63 @@ + + + + 4.0.0 + org.eclipse + biscuit + jar + + + org.eclipse + biscuit-java + 4.0.1 + + + + + com.google.protobuf + protobuf-java + ${protobuf.version} + + + com.google.re2j + re2j + ${re2j.version} + + + com.fasterxml.jackson.core + jackson-databind + ${jackson.version} + + + org.bouncycastle + bcprov-jdk18on + ${bcprov.version} + + + org.junit.jupiter + junit-jupiter + test + + + software.amazon.awssdk + kms + ${awssdk-kms.version} + test + + + org.testcontainers + junit-jupiter + ${testcontainers-junit-jupiter.version} + test + + + org.testcontainers + localstack + ${testcontainers-localstack.version} + test + + + diff --git a/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/KeyPair.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/PublicKey.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/Signer.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/Signer.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/Signer.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/Signer.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/Token.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/Token.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/Token.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/Token.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java diff --git a/src/main/java/org/eclipse/biscuit/crypto/package-info.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/package-info.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/crypto/package-info.java rename to biscuit/src/main/java/org/eclipse/biscuit/crypto/package-info.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/Check.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/Check.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/Check.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/Check.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/Combinator.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/Combinator.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/Combinator.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/Combinator.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/Fact.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/Fact.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/Fact.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/Fact.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/FactSet.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/FactSet.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/FactSet.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/FactSet.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/MapKey.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/MapKey.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/MapKey.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/MapKey.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/Origin.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/Origin.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/Origin.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/Origin.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/Pair.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/Pair.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/Pair.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/Pair.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/Predicate.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/Predicate.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/Predicate.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/Predicate.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/Rule.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/Rule.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/Rule.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/Rule.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/RuleSet.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/RunLimits.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/Scope.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/Scope.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/Scope.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/Scope.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/Term.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/Term.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/Term.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/Term.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/World.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/World.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/World.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/World.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java diff --git a/src/main/java/org/eclipse/biscuit/datalog/package-info.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/package-info.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/datalog/package-info.java rename to biscuit/src/main/java/org/eclipse/biscuit/datalog/package-info.java diff --git a/src/main/java/org/eclipse/biscuit/error/Error.java b/biscuit/src/main/java/org/eclipse/biscuit/error/Error.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/error/Error.java rename to biscuit/src/main/java/org/eclipse/biscuit/error/Error.java diff --git a/src/main/java/org/eclipse/biscuit/error/FailedCheck.java b/biscuit/src/main/java/org/eclipse/biscuit/error/FailedCheck.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/error/FailedCheck.java rename to biscuit/src/main/java/org/eclipse/biscuit/error/FailedCheck.java diff --git a/src/main/java/org/eclipse/biscuit/error/LogicError.java b/biscuit/src/main/java/org/eclipse/biscuit/error/LogicError.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/error/LogicError.java rename to biscuit/src/main/java/org/eclipse/biscuit/error/LogicError.java diff --git a/src/main/java/org/eclipse/biscuit/error/Result.java b/biscuit/src/main/java/org/eclipse/biscuit/error/Result.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/error/Result.java rename to biscuit/src/main/java/org/eclipse/biscuit/error/Result.java diff --git a/src/main/java/org/eclipse/biscuit/error/package-info.java b/biscuit/src/main/java/org/eclipse/biscuit/error/package-info.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/error/package-info.java rename to biscuit/src/main/java/org/eclipse/biscuit/error/package-info.java diff --git a/src/main/java/org/eclipse/biscuit/token/Authorizer.java b/biscuit/src/main/java/org/eclipse/biscuit/token/Authorizer.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/Authorizer.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/Authorizer.java diff --git a/src/main/java/org/eclipse/biscuit/token/Biscuit.java b/biscuit/src/main/java/org/eclipse/biscuit/token/Biscuit.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/Biscuit.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/Biscuit.java diff --git a/src/main/java/org/eclipse/biscuit/token/Block.java b/biscuit/src/main/java/org/eclipse/biscuit/token/Block.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/Block.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/Block.java diff --git a/src/main/java/org/eclipse/biscuit/token/Policy.java b/biscuit/src/main/java/org/eclipse/biscuit/token/Policy.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/Policy.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/Policy.java diff --git a/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java b/biscuit/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java diff --git a/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java b/biscuit/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java diff --git a/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java b/biscuit/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java diff --git a/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java b/biscuit/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Block.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Block.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/Block.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/Block.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Check.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Check.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/Check.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/Check.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Expression.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Expression.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/Expression.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/Expression.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Fact.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Fact.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/Fact.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/Fact.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/MapKey.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/Predicate.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Rule.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Rule.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/Rule.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/Rule.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Scope.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Scope.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/Scope.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/Scope.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Term.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Term.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/Term.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/Term.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/Utils.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Utils.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/Utils.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/Utils.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/package-info.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/package-info.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/package-info.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/package-info.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java diff --git a/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java b/biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java diff --git a/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java b/biscuit/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java diff --git a/src/main/java/org/eclipse/biscuit/token/format/Proof.java b/biscuit/src/main/java/org/eclipse/biscuit/token/format/Proof.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/format/Proof.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/format/Proof.java diff --git a/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java b/biscuit/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java diff --git a/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java b/biscuit/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java diff --git a/src/main/java/org/eclipse/biscuit/token/format/package-info.java b/biscuit/src/main/java/org/eclipse/biscuit/token/format/package-info.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/format/package-info.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/format/package-info.java diff --git a/src/main/java/org/eclipse/biscuit/token/package-info.java b/biscuit/src/main/java/org/eclipse/biscuit/token/package-info.java similarity index 100% rename from src/main/java/org/eclipse/biscuit/token/package-info.java rename to biscuit/src/main/java/org/eclipse/biscuit/token/package-info.java diff --git a/src/main/proto/schema.proto b/biscuit/src/main/proto/schema.proto similarity index 100% rename from src/main/proto/schema.proto rename to biscuit/src/main/proto/schema.proto diff --git a/src/test/java/org/eclipse/biscuit/builder/BuilderTest.java b/biscuit/src/test/java/org/eclipse/biscuit/builder/BuilderTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/builder/BuilderTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/builder/BuilderTest.java diff --git a/src/test/java/org/eclipse/biscuit/builder/parser/ParserTest.java b/biscuit/src/test/java/org/eclipse/biscuit/builder/parser/ParserTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/builder/parser/ParserTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/builder/parser/ParserTest.java diff --git a/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java b/biscuit/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java diff --git a/src/test/java/org/eclipse/biscuit/datalog/ExpressionTest.java b/biscuit/src/test/java/org/eclipse/biscuit/datalog/ExpressionTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/datalog/ExpressionTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/datalog/ExpressionTest.java diff --git a/src/test/java/org/eclipse/biscuit/datalog/WorldTest.java b/biscuit/src/test/java/org/eclipse/biscuit/datalog/WorldTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/datalog/WorldTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/datalog/WorldTest.java diff --git a/src/test/java/org/eclipse/biscuit/token/AuthorizerTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/AuthorizerTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/token/AuthorizerTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/token/AuthorizerTest.java diff --git a/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/token/BiscuitTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java diff --git a/src/test/java/org/eclipse/biscuit/token/ExampleTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/ExampleTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/token/ExampleTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/token/ExampleTest.java diff --git a/src/test/java/org/eclipse/biscuit/token/KmsSignerExampleTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/KmsSignerExampleTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/token/KmsSignerExampleTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/token/KmsSignerExampleTest.java diff --git a/src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java diff --git a/src/test/java/org/eclipse/biscuit/token/SamplesTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/SamplesTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/token/SamplesTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/token/SamplesTest.java diff --git a/src/test/java/org/eclipse/biscuit/token/ThirdPartyTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/ThirdPartyTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/token/ThirdPartyTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/token/ThirdPartyTest.java diff --git a/src/test/java/org/eclipse/biscuit/token/UnverifiedBiscuitTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/UnverifiedBiscuitTest.java similarity index 100% rename from src/test/java/org/eclipse/biscuit/token/UnverifiedBiscuitTest.java rename to biscuit/src/test/java/org/eclipse/biscuit/token/UnverifiedBiscuitTest.java diff --git a/src/test/resources/samples/README.md b/biscuit/src/test/resources/samples/README.md similarity index 100% rename from src/test/resources/samples/README.md rename to biscuit/src/test/resources/samples/README.md diff --git a/src/test/resources/samples/samples.json b/biscuit/src/test/resources/samples/samples.json similarity index 100% rename from src/test/resources/samples/samples.json rename to biscuit/src/test/resources/samples/samples.json diff --git a/src/test/resources/samples/test001_basic.bc b/biscuit/src/test/resources/samples/test001_basic.bc similarity index 100% rename from src/test/resources/samples/test001_basic.bc rename to biscuit/src/test/resources/samples/test001_basic.bc diff --git a/src/test/resources/samples/test002_different_root_key.bc b/biscuit/src/test/resources/samples/test002_different_root_key.bc similarity index 100% rename from src/test/resources/samples/test002_different_root_key.bc rename to biscuit/src/test/resources/samples/test002_different_root_key.bc diff --git a/src/test/resources/samples/test003_invalid_signature_format.bc b/biscuit/src/test/resources/samples/test003_invalid_signature_format.bc similarity index 100% rename from src/test/resources/samples/test003_invalid_signature_format.bc rename to biscuit/src/test/resources/samples/test003_invalid_signature_format.bc diff --git a/src/test/resources/samples/test004_random_block.bc b/biscuit/src/test/resources/samples/test004_random_block.bc similarity index 100% rename from src/test/resources/samples/test004_random_block.bc rename to biscuit/src/test/resources/samples/test004_random_block.bc diff --git a/src/test/resources/samples/test005_invalid_signature.bc b/biscuit/src/test/resources/samples/test005_invalid_signature.bc similarity index 100% rename from src/test/resources/samples/test005_invalid_signature.bc rename to biscuit/src/test/resources/samples/test005_invalid_signature.bc diff --git a/src/test/resources/samples/test006_reordered_blocks.bc b/biscuit/src/test/resources/samples/test006_reordered_blocks.bc similarity index 100% rename from src/test/resources/samples/test006_reordered_blocks.bc rename to biscuit/src/test/resources/samples/test006_reordered_blocks.bc diff --git a/src/test/resources/samples/test007_scoped_rules.bc b/biscuit/src/test/resources/samples/test007_scoped_rules.bc similarity index 100% rename from src/test/resources/samples/test007_scoped_rules.bc rename to biscuit/src/test/resources/samples/test007_scoped_rules.bc diff --git a/src/test/resources/samples/test008_scoped_checks.bc b/biscuit/src/test/resources/samples/test008_scoped_checks.bc similarity index 100% rename from src/test/resources/samples/test008_scoped_checks.bc rename to biscuit/src/test/resources/samples/test008_scoped_checks.bc diff --git a/src/test/resources/samples/test009_expired_token.bc b/biscuit/src/test/resources/samples/test009_expired_token.bc similarity index 100% rename from src/test/resources/samples/test009_expired_token.bc rename to biscuit/src/test/resources/samples/test009_expired_token.bc diff --git a/src/test/resources/samples/test010_authorizer_scope.bc b/biscuit/src/test/resources/samples/test010_authorizer_scope.bc similarity index 100% rename from src/test/resources/samples/test010_authorizer_scope.bc rename to biscuit/src/test/resources/samples/test010_authorizer_scope.bc diff --git a/src/test/resources/samples/test011_authorizer_authority_caveats.bc b/biscuit/src/test/resources/samples/test011_authorizer_authority_caveats.bc similarity index 100% rename from src/test/resources/samples/test011_authorizer_authority_caveats.bc rename to biscuit/src/test/resources/samples/test011_authorizer_authority_caveats.bc diff --git a/src/test/resources/samples/test012_authority_caveats.bc b/biscuit/src/test/resources/samples/test012_authority_caveats.bc similarity index 100% rename from src/test/resources/samples/test012_authority_caveats.bc rename to biscuit/src/test/resources/samples/test012_authority_caveats.bc diff --git a/src/test/resources/samples/test013_block_rules.bc b/biscuit/src/test/resources/samples/test013_block_rules.bc similarity index 100% rename from src/test/resources/samples/test013_block_rules.bc rename to biscuit/src/test/resources/samples/test013_block_rules.bc diff --git a/src/test/resources/samples/test014_regex_constraint.bc b/biscuit/src/test/resources/samples/test014_regex_constraint.bc similarity index 100% rename from src/test/resources/samples/test014_regex_constraint.bc rename to biscuit/src/test/resources/samples/test014_regex_constraint.bc diff --git a/src/test/resources/samples/test015_multi_queries_caveats.bc b/biscuit/src/test/resources/samples/test015_multi_queries_caveats.bc similarity index 100% rename from src/test/resources/samples/test015_multi_queries_caveats.bc rename to biscuit/src/test/resources/samples/test015_multi_queries_caveats.bc diff --git a/src/test/resources/samples/test016_caveat_head_name.bc b/biscuit/src/test/resources/samples/test016_caveat_head_name.bc similarity index 100% rename from src/test/resources/samples/test016_caveat_head_name.bc rename to biscuit/src/test/resources/samples/test016_caveat_head_name.bc diff --git a/src/test/resources/samples/test017_expressions.bc b/biscuit/src/test/resources/samples/test017_expressions.bc similarity index 100% rename from src/test/resources/samples/test017_expressions.bc rename to biscuit/src/test/resources/samples/test017_expressions.bc diff --git a/src/test/resources/samples/test018_unbound_variables_in_rule.bc b/biscuit/src/test/resources/samples/test018_unbound_variables_in_rule.bc similarity index 100% rename from src/test/resources/samples/test018_unbound_variables_in_rule.bc rename to biscuit/src/test/resources/samples/test018_unbound_variables_in_rule.bc diff --git a/src/test/resources/samples/test019_generating_ambient_from_variables.bc b/biscuit/src/test/resources/samples/test019_generating_ambient_from_variables.bc similarity index 100% rename from src/test/resources/samples/test019_generating_ambient_from_variables.bc rename to biscuit/src/test/resources/samples/test019_generating_ambient_from_variables.bc diff --git a/src/test/resources/samples/test020_sealed.bc b/biscuit/src/test/resources/samples/test020_sealed.bc similarity index 100% rename from src/test/resources/samples/test020_sealed.bc rename to biscuit/src/test/resources/samples/test020_sealed.bc diff --git a/src/test/resources/samples/test021_parsing.bc b/biscuit/src/test/resources/samples/test021_parsing.bc similarity index 100% rename from src/test/resources/samples/test021_parsing.bc rename to biscuit/src/test/resources/samples/test021_parsing.bc diff --git a/src/test/resources/samples/test022_default_symbols.bc b/biscuit/src/test/resources/samples/test022_default_symbols.bc similarity index 100% rename from src/test/resources/samples/test022_default_symbols.bc rename to biscuit/src/test/resources/samples/test022_default_symbols.bc diff --git a/src/test/resources/samples/test023_execution_scope.bc b/biscuit/src/test/resources/samples/test023_execution_scope.bc similarity index 100% rename from src/test/resources/samples/test023_execution_scope.bc rename to biscuit/src/test/resources/samples/test023_execution_scope.bc diff --git a/src/test/resources/samples/test024_third_party.bc b/biscuit/src/test/resources/samples/test024_third_party.bc similarity index 100% rename from src/test/resources/samples/test024_third_party.bc rename to biscuit/src/test/resources/samples/test024_third_party.bc diff --git a/src/test/resources/samples/test025_check_all.bc b/biscuit/src/test/resources/samples/test025_check_all.bc similarity index 100% rename from src/test/resources/samples/test025_check_all.bc rename to biscuit/src/test/resources/samples/test025_check_all.bc diff --git a/src/test/resources/samples/test026_public_keys_interning.bc b/biscuit/src/test/resources/samples/test026_public_keys_interning.bc similarity index 100% rename from src/test/resources/samples/test026_public_keys_interning.bc rename to biscuit/src/test/resources/samples/test026_public_keys_interning.bc diff --git a/src/test/resources/samples/test027_integer_wraparound.bc b/biscuit/src/test/resources/samples/test027_integer_wraparound.bc similarity index 100% rename from src/test/resources/samples/test027_integer_wraparound.bc rename to biscuit/src/test/resources/samples/test027_integer_wraparound.bc diff --git a/src/test/resources/samples/test028_expressions_v4.bc b/biscuit/src/test/resources/samples/test028_expressions_v4.bc similarity index 100% rename from src/test/resources/samples/test028_expressions_v4.bc rename to biscuit/src/test/resources/samples/test028_expressions_v4.bc diff --git a/src/test/resources/samples/test029_reject_if.bc b/biscuit/src/test/resources/samples/test029_reject_if.bc similarity index 100% rename from src/test/resources/samples/test029_reject_if.bc rename to biscuit/src/test/resources/samples/test029_reject_if.bc diff --git a/src/test/resources/samples/test030_null.bc b/biscuit/src/test/resources/samples/test030_null.bc similarity index 100% rename from src/test/resources/samples/test030_null.bc rename to biscuit/src/test/resources/samples/test030_null.bc diff --git a/src/test/resources/samples/test031_heterogeneous_equal.bc b/biscuit/src/test/resources/samples/test031_heterogeneous_equal.bc similarity index 100% rename from src/test/resources/samples/test031_heterogeneous_equal.bc rename to biscuit/src/test/resources/samples/test031_heterogeneous_equal.bc diff --git a/src/test/resources/samples/test032_laziness_closures.bc b/biscuit/src/test/resources/samples/test032_laziness_closures.bc similarity index 100% rename from src/test/resources/samples/test032_laziness_closures.bc rename to biscuit/src/test/resources/samples/test032_laziness_closures.bc diff --git a/src/test/resources/samples/test033_typeof.bc b/biscuit/src/test/resources/samples/test033_typeof.bc similarity index 100% rename from src/test/resources/samples/test033_typeof.bc rename to biscuit/src/test/resources/samples/test033_typeof.bc diff --git a/src/test/resources/samples/test034_array_map.bc b/biscuit/src/test/resources/samples/test034_array_map.bc similarity index 100% rename from src/test/resources/samples/test034_array_map.bc rename to biscuit/src/test/resources/samples/test034_array_map.bc diff --git a/src/test/resources/samples/test036_secp256r1.bc b/biscuit/src/test/resources/samples/test036_secp256r1.bc similarity index 100% rename from src/test/resources/samples/test036_secp256r1.bc rename to biscuit/src/test/resources/samples/test036_secp256r1.bc diff --git a/src/test/resources/samples/test037_secp256r1_third_party.bc b/biscuit/src/test/resources/samples/test037_secp256r1_third_party.bc similarity index 100% rename from src/test/resources/samples/test037_secp256r1_third_party.bc rename to biscuit/src/test/resources/samples/test037_secp256r1_third_party.bc diff --git a/src/test/resources/samples/test038_try_op.bc b/biscuit/src/test/resources/samples/test038_try_op.bc similarity index 100% rename from src/test/resources/samples/test038_try_op.bc rename to biscuit/src/test/resources/samples/test038_try_op.bc diff --git a/pom.xml b/pom.xml index dd79987d..3a546521 100644 --- a/pom.xml +++ b/pom.xml @@ -7,14 +7,18 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> 4.0.0 org.eclipse - biscuit - jar + biscuit-java + pom 4.0.1 biscuit-java https://github.com/eclipse-biscuit/biscuit-java Java support for the biscuit auth token and policy language + + biscuit + + UTF-8 11 @@ -278,51 +282,6 @@ - - - com.google.protobuf - protobuf-java - ${protobuf.version} - - - com.google.re2j - re2j - ${re2j.version} - - - com.fasterxml.jackson.core - jackson-databind - ${jackson.version} - - - org.bouncycastle - bcprov-jdk18on - ${bcprov.version} - - - org.junit.jupiter - junit-jupiter - test - - - software.amazon.awssdk - kms - ${awssdk-kms.version} - test - - - org.testcontainers - junit-jupiter - ${testcontainers-junit-jupiter.version} - test - - - org.testcontainers - localstack - ${testcontainers-localstack.version} - test - - From ee0e55e15a00b215a6817fa2faf771fb6424c055 Mon Sep 17 00:00:00 2001 From: Adam Preuss Date: Tue, 20 Jan 2026 12:42:55 -0700 Subject: [PATCH 3/9] Introduce DefaultKeyPairFactory. Additionally, we remove support for nondeterministic nonce. Users that desire this can implement their own KeyPairFactory. --- .../biscuit/crypto/DefaultKeyPairFactory.java | 30 ++++++++ .../org/eclipse/biscuit/crypto/KeyPair.java | 70 ++----------------- .../biscuit/crypto/SECP256R1KeyPair.java | 18 +---- .../token/NondeterministicEcdsaTest.java | 49 ------------- 4 files changed, 40 insertions(+), 127 deletions(-) create mode 100644 biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultKeyPairFactory.java delete mode 100644 biscuit/src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultKeyPairFactory.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultKeyPairFactory.java new file mode 100644 index 00000000..6da88426 --- /dev/null +++ b/biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultKeyPairFactory.java @@ -0,0 +1,30 @@ +package org.eclipse.biscuit.crypto; + +import biscuit.format.schema.Schema; +import java.security.SecureRandom; +import org.eclipse.biscuit.error.Error; + +public final class DefaultKeyPairFactory implements KeyPair.Factory { + @Override + public KeyPair generate(Schema.PublicKey.Algorithm algorithm, byte[] bytes) + throws Error.FormatError.InvalidKeySize { + if (algorithm == Schema.PublicKey.Algorithm.Ed25519) { + return new Ed25519KeyPair(bytes); + } else if (algorithm == Schema.PublicKey.Algorithm.SECP256R1) { + return new SECP256R1KeyPair(bytes); + } else { + throw new IllegalArgumentException("Unsupported algorithm"); + } + } + + @Override + public KeyPair generate(Schema.PublicKey.Algorithm algorithm, SecureRandom rng) { + if (algorithm == Schema.PublicKey.Algorithm.Ed25519) { + return new Ed25519KeyPair(rng); + } else if (algorithm == Schema.PublicKey.Algorithm.SECP256R1) { + return new SECP256R1KeyPair(rng); + } else { + throw new IllegalArgumentException("Unsupported algorithm"); + } + } +} diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java index f1f105a6..bf6d6709 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java @@ -13,52 +13,12 @@ /** Private and public key. */ public abstract class KeyPair implements Signer { public interface Factory { - KeyPair generate(byte[] bytes) throws Error.FormatError.InvalidKeySize; + KeyPair generate(Algorithm algorithm, byte[] bytes) throws Error.FormatError.InvalidKeySize; - KeyPair generate(SecureRandom rng); + KeyPair generate(Algorithm algorithm, SecureRandom rng); } - public static final Factory DEFAULT_ED25519_FACTORY = - new Factory() { - @Override - public KeyPair generate(byte[] bytes) throws Error.FormatError.InvalidKeySize { - return new Ed25519KeyPair(bytes); - } - - @Override - public KeyPair generate(SecureRandom rng) { - return new Ed25519KeyPair(rng); - } - }; - - public static final Factory DEFAULT_SECP256R1_FACTORY = - new Factory() { - @Override - public KeyPair generate(byte[] bytes) throws Error.FormatError.InvalidKeySize { - return new SECP256R1KeyPair(bytes, true); - } - - @Override - public KeyPair generate(SecureRandom rng) { - return new SECP256R1KeyPair(rng, true); - } - }; - - public static final Factory DEFAULT_NONDETERMINISTIC_SECP256R1_FACTORY = - new Factory() { - @Override - public KeyPair generate(byte[] bytes) throws Error.FormatError.InvalidKeySize { - return new SECP256R1KeyPair(bytes, false); - } - - @Override - public KeyPair generate(SecureRandom rng) { - return new SECP256R1KeyPair(rng, false); - } - }; - - private static volatile Factory ed25519Factory = DEFAULT_ED25519_FACTORY; - private static volatile Factory secp256r1Factory = DEFAULT_SECP256R1_FACTORY; + private static volatile Factory factory = new DefaultKeyPairFactory(); public static KeyPair generate(Algorithm algorithm) { return generate(algorithm, new SecureRandom()); @@ -71,31 +31,15 @@ public static KeyPair generate(Algorithm algorithm, String hex) public static KeyPair generate(Algorithm algorithm, byte[] bytes) throws Error.FormatError.InvalidKeySize { - if (algorithm == Algorithm.Ed25519) { - return ed25519Factory.generate(bytes); - } else if (algorithm == Algorithm.SECP256R1) { - return secp256r1Factory.generate(bytes); - } else { - throw new IllegalArgumentException("Unsupported algorithm"); - } + return factory.generate(algorithm, bytes); } public static KeyPair generate(Algorithm algorithm, SecureRandom rng) { - if (algorithm == Algorithm.Ed25519) { - return ed25519Factory.generate(rng); - } else if (algorithm == Algorithm.SECP256R1) { - return secp256r1Factory.generate(rng); - } else { - throw new IllegalArgumentException("Unsupported algorithm"); - } - } - - public static void setEd25519Factory(Factory factory) { - ed25519Factory = factory; + return factory.generate(algorithm, rng); } - public static void setSECP256R1Factory(Factory factory) { - secp256r1Factory = factory; + public static void setFactory(Factory factory) { + KeyPair.factory = factory; } public abstract byte[] toBytes(); diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java index a3804084..9e2d8f97 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java @@ -31,16 +31,12 @@ final class SECP256R1KeyPair extends KeyPair { private final BCECPrivateKey privateKey; private final BCECPublicKey publicKey; - private final boolean deterministicNonce; static final String ALGORITHM = "ECDSA"; static final String CURVE = "secp256r1"; static final ECNamedCurveParameterSpec SECP256R1 = ECNamedCurveTable.getParameterSpec(CURVE); - SECP256R1KeyPair(byte[] bytes, boolean deterministicNonce) - throws Error.FormatError.InvalidKeySize { - this.deterministicNonce = deterministicNonce; - + SECP256R1KeyPair(byte[] bytes) throws Error.FormatError.InvalidKeySize { if (bytes.length != BUFFER_SIZE) { throw new Error.FormatError.InvalidKeySize(bytes.length); } @@ -56,9 +52,7 @@ final class SECP256R1KeyPair extends KeyPair { this.publicKey = publicKey; } - SECP256R1KeyPair(SecureRandom rng, boolean deterministicNonce) { - this.deterministicNonce = deterministicNonce; - + SECP256R1KeyPair(SecureRandom rng) { byte[] bytes = new byte[BUFFER_SIZE]; rng.nextBytes(bytes); @@ -89,13 +83,7 @@ public byte[] sign(byte[] data) { var hash = new byte[digest.getDigestSize()]; digest.doFinal(hash, 0); - ECDSASigner signer; - if (deterministicNonce) { - signer = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest())); - } else { - signer = new ECDSASigner(); - } - + var signer = new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest())); signer.init(true, privateKey.engineGetKeyParameters()); var sig = signer.generateSignature(hash); diff --git a/biscuit/src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java deleted file mode 100644 index cf07faed..00000000 --- a/biscuit/src/test/java/org/eclipse/biscuit/token/NondeterministicEcdsaTest.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2019 Geoffroy Couprie and Contributors to the Eclipse Foundation. - * SPDX-License-Identifier: Apache-2.0 - */ - -package org.eclipse.biscuit.token; - -import static org.eclipse.biscuit.token.builder.Utils.fact; -import static org.eclipse.biscuit.token.builder.Utils.str; - -import biscuit.format.schema.Schema; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.SignatureException; -import java.util.List; -import org.eclipse.biscuit.crypto.KeyPair; -import org.eclipse.biscuit.error.Error; -import org.eclipse.biscuit.token.builder.Block; -import org.junit.jupiter.api.AfterAll; -import org.junit.jupiter.api.BeforeAll; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.parallel.Isolated; - -/** Top-level test to ensure ECDSA with nondeterministic nonce also works. */ -@Isolated -public class NondeterministicEcdsaTest { - @BeforeAll - static void beforeAll() { - KeyPair.setSECP256R1Factory(KeyPair.DEFAULT_NONDETERMINISTIC_SECP256R1_FACTORY); - } - - @AfterAll - static void afterAll() { - KeyPair.setSECP256R1Factory(KeyPair.DEFAULT_SECP256R1_FACTORY); - } - - @Test - public void simpleSigningTest() - throws Error, NoSuchAlgorithmException, SignatureException, InvalidKeyException { - var root = KeyPair.generate(Schema.PublicKey.Algorithm.SECP256R1); - var b = - Biscuit.make( - new SecureRandom(), - root, - new Block().addFact(fact("foo", List.of(str("bar")))).build()); - Biscuit.fromBytes(b.serialize(), root.getPublicKey()); - } -} From da207696c07d6e7de082b314e2bdb057bfea154c Mon Sep 17 00:00:00 2001 From: Adam Preuss Date: Tue, 20 Jan 2026 12:48:21 -0700 Subject: [PATCH 4/9] Introduce DefaultPublicKeyFactory. --- .../crypto/DefaultPublicKeyFactory.java | 18 +++++++++++++ .../org/eclipse/biscuit/crypto/PublicKey.java | 26 ++++--------------- 2 files changed, 23 insertions(+), 21 deletions(-) create mode 100644 biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultPublicKeyFactory.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultPublicKeyFactory.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultPublicKeyFactory.java new file mode 100644 index 00000000..82efa8df --- /dev/null +++ b/biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultPublicKeyFactory.java @@ -0,0 +1,18 @@ +package org.eclipse.biscuit.crypto; + +import biscuit.format.schema.Schema; +import org.eclipse.biscuit.error.Error; + +public final class DefaultPublicKeyFactory implements PublicKey.Factory { + @Override + public PublicKey load(Schema.PublicKey.Algorithm algorithm, byte[] bytes) + throws Error.FormatError.InvalidKey { + if (algorithm == Schema.PublicKey.Algorithm.Ed25519) { + return Ed25519PublicKey.loadEd25519(bytes); + } else if (algorithm == Schema.PublicKey.Algorithm.SECP256R1) { + return SECP256R1PublicKey.loadSECP256R1(bytes); + } else { + throw new IllegalArgumentException("Unsupported algorithm"); + } + } +} diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java index 9ba0375b..6a69e92a 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java @@ -18,28 +18,16 @@ public abstract class PublicKey { public interface Factory { - PublicKey load(byte[] bytes) throws Error.FormatError.InvalidKey; + PublicKey load(Algorithm algorithm, byte[] bytes) throws Error.FormatError.InvalidKey; } - public static final Factory DEFAULT_ED25519_FACTORY = - bytes -> Ed25519PublicKey.loadEd25519(bytes); - public static final Factory DEFAULT_SECP256R1_FACTORY = - bytes -> SECP256R1PublicKey.loadSECP256R1(bytes); - - private static volatile Factory ed25519Factory = DEFAULT_ED25519_FACTORY; - private static volatile Factory secp256r1Factory = DEFAULT_SECP256R1_FACTORY; + private static volatile Factory factory = new DefaultPublicKeyFactory(); private static final Set SUPPORTED_ALGORITHMS = Set.of(Algorithm.Ed25519, Algorithm.SECP256R1); public static PublicKey load(Algorithm algorithm, byte[] data) throws Error.FormatError { - if (algorithm == Algorithm.Ed25519) { - return ed25519Factory.load(data); - } else if (algorithm == Algorithm.SECP256R1) { - return secp256r1Factory.load(data); - } else { - throw new IllegalArgumentException("Unsupported algorithm"); - } + return factory.load(algorithm, data); } public static PublicKey load(Algorithm algorithm, String hex) throws Error.FormatError { @@ -66,12 +54,8 @@ public static PublicKey deserialize(Schema.PublicKey pk) throws Error.FormatErro return PublicKey.load(pk.getAlgorithm(), pk.getKey().toByteArray()); } - public static void setEd25519Factory(Factory factory) { - ed25519Factory = factory; - } - - public static void setSECP256R1Factory(Factory factory) { - secp256r1Factory = factory; + public static void setFactory(Factory factory) { + PublicKey.factory = factory; } public abstract Algorithm getAlgorithm(); From 8c0d62561463d7088823bd491b0e21cf4ae4a16e Mon Sep 17 00:00:00 2001 From: Adam Preuss Date: Tue, 20 Jan 2026 13:00:03 -0700 Subject: [PATCH 5/9] Move all the default factories into their own module. --- .../{crypto => bouncycastle}/DefaultKeyPairFactory.java | 3 ++- .../{crypto => bouncycastle}/DefaultPublicKeyFactory.java | 3 ++- .../biscuit/{crypto => bouncycastle}/Ed25519KeyPair.java | 4 +++- .../biscuit/{crypto => bouncycastle}/Ed25519PublicKey.java | 3 ++- .../biscuit/{crypto => bouncycastle}/SECP256R1KeyPair.java | 4 +++- .../biscuit/{crypto => bouncycastle}/SECP256R1PublicKey.java | 5 +++-- .../src/main/java/org/eclipse/biscuit/crypto/KeyPair.java | 1 + .../src/main/java/org/eclipse/biscuit/crypto/PublicKey.java | 1 + 8 files changed, 17 insertions(+), 7 deletions(-) rename biscuit/src/main/java/org/eclipse/biscuit/{crypto => bouncycastle}/DefaultKeyPairFactory.java (92%) rename biscuit/src/main/java/org/eclipse/biscuit/{crypto => bouncycastle}/DefaultPublicKeyFactory.java (87%) rename biscuit/src/main/java/org/eclipse/biscuit/{crypto => bouncycastle}/Ed25519KeyPair.java (94%) rename biscuit/src/main/java/org/eclipse/biscuit/{crypto => bouncycastle}/Ed25519PublicKey.java (96%) rename biscuit/src/main/java/org/eclipse/biscuit/{crypto => bouncycastle}/SECP256R1KeyPair.java (96%) rename biscuit/src/main/java/org/eclipse/biscuit/{crypto => bouncycastle}/SECP256R1PublicKey.java (96%) diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultKeyPairFactory.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultKeyPairFactory.java similarity index 92% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultKeyPairFactory.java rename to biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultKeyPairFactory.java index 6da88426..0acfa81b 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultKeyPairFactory.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultKeyPairFactory.java @@ -1,7 +1,8 @@ -package org.eclipse.biscuit.crypto; +package org.eclipse.biscuit.bouncycastle; import biscuit.format.schema.Schema; import java.security.SecureRandom; +import org.eclipse.biscuit.crypto.KeyPair; import org.eclipse.biscuit.error.Error; public final class DefaultKeyPairFactory implements KeyPair.Factory { diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultPublicKeyFactory.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultPublicKeyFactory.java similarity index 87% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultPublicKeyFactory.java rename to biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultPublicKeyFactory.java index 82efa8df..5f095ac9 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/DefaultPublicKeyFactory.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/DefaultPublicKeyFactory.java @@ -1,6 +1,7 @@ -package org.eclipse.biscuit.crypto; +package org.eclipse.biscuit.bouncycastle; import biscuit.format.schema.Schema; +import org.eclipse.biscuit.crypto.PublicKey; import org.eclipse.biscuit.error.Error; public final class DefaultPublicKeyFactory implements PublicKey.Factory { diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519KeyPair.java similarity index 94% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java rename to biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519KeyPair.java index 0cc0bf7e..f4ee77ca 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/Ed25519KeyPair.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519KeyPair.java @@ -3,7 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -package org.eclipse.biscuit.crypto; +package org.eclipse.biscuit.bouncycastle; import java.security.SecureRandom; import org.bouncycastle.crypto.AsymmetricCipherKeyPair; @@ -13,6 +13,8 @@ import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters; import org.bouncycastle.crypto.signers.Ed25519Signer; import org.bouncycastle.math.ec.rfc8032.Ed25519; +import org.eclipse.biscuit.crypto.KeyPair; +import org.eclipse.biscuit.crypto.PublicKey; import org.eclipse.biscuit.error.Error; import org.eclipse.biscuit.token.builder.Utils; diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519PublicKey.java similarity index 96% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java rename to biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519PublicKey.java index 502c1ccf..965489c3 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/Ed25519PublicKey.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/Ed25519PublicKey.java @@ -3,13 +3,14 @@ * SPDX-License-Identifier: Apache-2.0 */ -package org.eclipse.biscuit.crypto; +package org.eclipse.biscuit.bouncycastle; import biscuit.format.schema.Schema.PublicKey.Algorithm; import java.util.Arrays; import java.util.Optional; import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters; import org.bouncycastle.crypto.signers.Ed25519Signer; +import org.eclipse.biscuit.crypto.PublicKey; import org.eclipse.biscuit.error.Error; class Ed25519PublicKey extends PublicKey { diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1KeyPair.java similarity index 96% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java rename to biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1KeyPair.java index 9e2d8f97..1a43c7ec 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1KeyPair.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1KeyPair.java @@ -3,7 +3,7 @@ * SPDX-License-Identifier: Apache-2.0 */ -package org.eclipse.biscuit.crypto; +package org.eclipse.biscuit.bouncycastle; import java.io.IOException; import java.security.SecureRandom; @@ -19,6 +19,8 @@ import org.bouncycastle.jce.spec.ECPrivateKeySpec; import org.bouncycastle.jce.spec.ECPublicKeySpec; import org.bouncycastle.util.BigIntegers; +import org.eclipse.biscuit.crypto.KeyPair; +import org.eclipse.biscuit.crypto.PublicKey; import org.eclipse.biscuit.error.Error; import org.eclipse.biscuit.token.builder.Utils; diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1PublicKey.java similarity index 96% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java rename to biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1PublicKey.java index a0804f0f..b11aa451 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/SECP256R1PublicKey.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/bouncycastle/SECP256R1PublicKey.java @@ -3,9 +3,9 @@ * SPDX-License-Identifier: Apache-2.0 */ -package org.eclipse.biscuit.crypto; +package org.eclipse.biscuit.bouncycastle; -import static org.eclipse.biscuit.crypto.SECP256R1KeyPair.CURVE; +import static org.eclipse.biscuit.bouncycastle.SECP256R1KeyPair.CURVE; import biscuit.format.schema.Schema.PublicKey.Algorithm; import java.io.IOException; @@ -25,6 +25,7 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.spec.ECPublicKeySpec; import org.bouncycastle.math.ec.ECPoint; +import org.eclipse.biscuit.crypto.PublicKey; import org.eclipse.biscuit.error.Error; @SuppressWarnings("checkstyle:AbbreviationAsWordInName") diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java index bf6d6709..8072ef0a 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java @@ -7,6 +7,7 @@ import biscuit.format.schema.Schema.PublicKey.Algorithm; import java.security.SecureRandom; +import org.eclipse.biscuit.bouncycastle.DefaultKeyPairFactory; import org.eclipse.biscuit.error.Error; import org.eclipse.biscuit.token.builder.Utils; diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java b/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java index 6a69e92a..ed22b119 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java @@ -13,6 +13,7 @@ import java.security.SignatureException; import java.util.Optional; import java.util.Set; +import org.eclipse.biscuit.bouncycastle.DefaultPublicKeyFactory; import org.eclipse.biscuit.error.Error; import org.eclipse.biscuit.token.builder.Utils; From e68f9608ee568848a05d5da2b7beeea714e37db6 Mon Sep 17 00:00:00 2001 From: Adam Preuss Date: Tue, 20 Jan 2026 13:28:26 -0700 Subject: [PATCH 6/9] Introduce PatternMatcher.Factory, similar to the KeyPair.Factory. --- .../org/eclipse/biscuit/datalog/expressions/Op.java | 11 ++++++----- .../biscuit/regex/DefaultPatternMatcherFactory.java | 11 +++++++++++ .../org/eclipse/biscuit/regex/PatternMatcher.java | 9 +++++++++ 3 files changed, 26 insertions(+), 5 deletions(-) create mode 100644 biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java create mode 100644 biscuit/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java b/biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java index 51272beb..2e806ab9 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java @@ -6,8 +6,6 @@ package org.eclipse.biscuit.datalog.expressions; import biscuit.format.schema.Schema; -import com.google.re2j.Matcher; -import com.google.re2j.Pattern; import java.io.UnsupportedEncodingException; import java.util.ArrayDeque; import java.util.ArrayList; @@ -24,9 +22,13 @@ import org.eclipse.biscuit.datalog.Term; import org.eclipse.biscuit.error.Error; import org.eclipse.biscuit.error.Result; +import org.eclipse.biscuit.regex.DefaultPatternMatcherFactory; +import org.eclipse.biscuit.regex.PatternMatcher; import org.eclipse.biscuit.token.builder.Expression; public abstract class Op { + PatternMatcher.Factory patternMatcherFactory = new DefaultPatternMatcherFactory(); + public abstract void evaluate( Deque stack, Map variables, TemporarySymbolTable temporarySymbolTable) throws Error.Execution; @@ -455,9 +457,8 @@ public void evaluate( "cannot find string in symbols for index " + ((Term.Str) right).value()); } - Pattern p = Pattern.compile(rightS.get()); - Matcher m = p.matcher(leftS.get()); - stack.push(new Term.Bool(m.find())); + stack.push( + new Term.Bool(patternMatcherFactory.create(rightS.get()).match(leftS.get()))); } break; case Add: diff --git a/biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java b/biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java new file mode 100644 index 00000000..efd34395 --- /dev/null +++ b/biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java @@ -0,0 +1,11 @@ +package org.eclipse.biscuit.regex; + +import com.google.re2j.Pattern; + +public final class DefaultPatternMatcherFactory implements PatternMatcher.Factory { + @Override + public PatternMatcher create(String regex) { + var p = Pattern.compile(regex); + return input -> p.matcher(input).find(); + } +} diff --git a/biscuit/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java b/biscuit/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java new file mode 100644 index 00000000..89124363 --- /dev/null +++ b/biscuit/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java @@ -0,0 +1,9 @@ +package org.eclipse.biscuit.regex; + +public interface PatternMatcher { + public interface Factory { + PatternMatcher create(String regex); + } + + boolean match(CharSequence input); +} From b3f3da575862c655a797f498ff28f4d63e349c27 Mon Sep 17 00:00:00 2001 From: Adam Preuss Date: Thu, 29 Jan 2026 16:07:46 -0700 Subject: [PATCH 7/9] Shuffle out things to biscuit-core. - Use `ServiceProvider` to pull in default implementations. - Add exports for the default factories. --- biscuit-core/pom.xml | 29 +++++++++++++++++++ .../biscuit/crypto/BlockSignatureBuffer.java | 0 .../eclipse/biscuit/crypto/KeyDelegate.java | 0 .../org/eclipse/biscuit/crypto/KeyPair.java | 18 ++++++++---- .../org/eclipse/biscuit/crypto/PublicKey.java | 19 ++++++++---- .../org/eclipse/biscuit/crypto/Signer.java | 0 .../org/eclipse/biscuit/crypto/Token.java | 0 .../biscuit/crypto/TokenSignature.java | 0 .../eclipse/biscuit/crypto/package-info.java | 0 .../org/eclipse/biscuit/datalog/Check.java | 0 .../eclipse/biscuit/datalog/Combinator.java | 0 .../org/eclipse/biscuit/datalog/Fact.java | 0 .../org/eclipse/biscuit/datalog/FactSet.java | 0 .../org/eclipse/biscuit/datalog/MapKey.java | 0 .../biscuit/datalog/MatchedVariables.java | 0 .../org/eclipse/biscuit/datalog/Origin.java | 0 .../org/eclipse/biscuit/datalog/Pair.java | 0 .../eclipse/biscuit/datalog/Predicate.java | 0 .../org/eclipse/biscuit/datalog/Rule.java | 0 .../org/eclipse/biscuit/datalog/RuleSet.java | 0 .../eclipse/biscuit/datalog/RunLimits.java | 0 .../biscuit/datalog/SchemaVersion.java | 0 .../org/eclipse/biscuit/datalog/Scope.java | 0 .../eclipse/biscuit/datalog/SymbolTable.java | 0 .../biscuit/datalog/TemporarySymbolTable.java | 0 .../org/eclipse/biscuit/datalog/Term.java | 0 .../biscuit/datalog/TrustedOrigins.java | 0 .../org/eclipse/biscuit/datalog/World.java | 0 .../datalog/expressions/Expression.java | 0 .../biscuit/datalog/expressions/Op.java | 6 +--- .../eclipse/biscuit/datalog/package-info.java | 0 .../java/org/eclipse/biscuit/error/Error.java | 0 .../eclipse/biscuit/error/FailedCheck.java | 0 .../org/eclipse/biscuit/error/LogicError.java | 0 .../org/eclipse/biscuit/error/Result.java | 0 .../eclipse/biscuit/error/package-info.java | 0 .../eclipse/biscuit/regex/PatternMatcher.java | 28 ++++++++++++++++++ .../org/eclipse/biscuit/token/Authorizer.java | 0 .../org/eclipse/biscuit/token/Biscuit.java | 0 .../java/org/eclipse/biscuit/token/Block.java | 0 .../org/eclipse/biscuit/token/Policy.java | 0 .../biscuit/token/RevocationIdentifier.java | 0 .../token/ThirdPartyBlockContents.java | 0 .../biscuit/token/ThirdPartyBlockRequest.java | 0 .../biscuit/token/UnverifiedBiscuit.java | 0 .../biscuit/token/builder/Biscuit.java | 0 .../eclipse/biscuit/token/builder/Block.java | 0 .../eclipse/biscuit/token/builder/Check.java | 0 .../biscuit/token/builder/Expression.java | 0 .../eclipse/biscuit/token/builder/Fact.java | 0 .../eclipse/biscuit/token/builder/MapKey.java | 0 .../biscuit/token/builder/Predicate.java | 0 .../eclipse/biscuit/token/builder/Rule.java | 0 .../eclipse/biscuit/token/builder/Scope.java | 0 .../eclipse/biscuit/token/builder/Term.java | 0 .../eclipse/biscuit/token/builder/Utils.java | 0 .../biscuit/token/builder/package-info.java | 0 .../biscuit/token/builder/parser/Error.java | 0 .../builder/parser/ExpressionParser.java | 0 .../biscuit/token/builder/parser/Parser.java | 0 .../token/format/ExternalSignature.java | 0 .../eclipse/biscuit/token/format/Proof.java | 0 .../token/format/SerializedBiscuit.java | 0 .../biscuit/token/format/SignedBlock.java | 0 .../biscuit/token/format/package-info.java | 0 .../eclipse/biscuit/token/package-info.java | 0 .../src/main/proto/schema.proto | 0 biscuit/pom.xml | 12 ++------ .../regex/DefaultPatternMatcherFactory.java | 7 ++++- .../eclipse/biscuit/regex/PatternMatcher.java | 9 ------ ...org.eclipse.biscuit.crypto.KeyPair$Factory | 1 + ...g.eclipse.biscuit.crypto.PublicKey$Factory | 1 + ...lipse.biscuit.regex.PatternMatcher$Factory | 1 + pom.xml | 1 + 74 files changed, 96 insertions(+), 36 deletions(-) create mode 100644 biscuit-core/pom.xml rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java (76%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java (83%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/crypto/Signer.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/crypto/Token.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/crypto/package-info.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/Check.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/Combinator.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/Fact.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/FactSet.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/MapKey.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/Origin.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/Pair.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/Predicate.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/Rule.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/Scope.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/Term.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/World.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java (99%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/datalog/package-info.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/error/Error.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/error/FailedCheck.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/error/LogicError.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/error/Result.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/error/package-info.java (100%) create mode 100644 biscuit-core/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/Authorizer.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/Biscuit.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/Block.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/Policy.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/Block.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/Check.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/Expression.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/Fact.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/Rule.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/Scope.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/Term.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/Utils.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/package-info.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/format/Proof.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/format/package-info.java (100%) rename {biscuit => biscuit-core}/src/main/java/org/eclipse/biscuit/token/package-info.java (100%) rename {biscuit => biscuit-core}/src/main/proto/schema.proto (100%) delete mode 100644 biscuit/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java create mode 100644 biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.KeyPair$Factory create mode 100644 biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.PublicKey$Factory create mode 100644 biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.regex.PatternMatcher$Factory diff --git a/biscuit-core/pom.xml b/biscuit-core/pom.xml new file mode 100644 index 00000000..7e50419f --- /dev/null +++ b/biscuit-core/pom.xml @@ -0,0 +1,29 @@ + + + + 4.0.0 + biscuit-core + jar + + + org.eclipse + biscuit-java + 4.0.1 + + + + + com.google.protobuf + protobuf-java + ${protobuf.version} + + + com.fasterxml.jackson.core + jackson-databind + ${jackson.version} + + + diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java similarity index 76% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java index 8072ef0a..a0a69a96 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java +++ b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java @@ -7,7 +7,8 @@ import biscuit.format.schema.Schema.PublicKey.Algorithm; import java.security.SecureRandom; -import org.eclipse.biscuit.bouncycastle.DefaultKeyPairFactory; +import java.util.ServiceLoader; +import java.util.stream.Collectors; import org.eclipse.biscuit.error.Error; import org.eclipse.biscuit.token.builder.Utils; @@ -19,7 +20,16 @@ public interface Factory { KeyPair generate(Algorithm algorithm, SecureRandom rng); } - private static volatile Factory factory = new DefaultKeyPairFactory(); + private static final Factory factory; + + static { + var factories = ServiceLoader.load(KeyPair.Factory.class).stream().collect(Collectors.toList()); + if (factories.size() != 1) { + throw new IllegalStateException( + "A single KeyPair implementation expected; found " + factories.size()); + } + factory = factories.get(0).get(); + } public static KeyPair generate(Algorithm algorithm) { return generate(algorithm, new SecureRandom()); @@ -39,10 +49,6 @@ public static KeyPair generate(Algorithm algorithm, SecureRandom rng) { return factory.generate(algorithm, rng); } - public static void setFactory(Factory factory) { - KeyPair.factory = factory; - } - public abstract byte[] toBytes(); public abstract String toHex(); diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java similarity index 83% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java index ed22b119..63413ce1 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java +++ b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java @@ -12,8 +12,9 @@ import java.security.NoSuchAlgorithmException; import java.security.SignatureException; import java.util.Optional; +import java.util.ServiceLoader; import java.util.Set; -import org.eclipse.biscuit.bouncycastle.DefaultPublicKeyFactory; +import java.util.stream.Collectors; import org.eclipse.biscuit.error.Error; import org.eclipse.biscuit.token.builder.Utils; @@ -22,7 +23,17 @@ public interface Factory { PublicKey load(Algorithm algorithm, byte[] bytes) throws Error.FormatError.InvalidKey; } - private static volatile Factory factory = new DefaultPublicKeyFactory(); + private static final Factory factory; + + static { + var factories = + ServiceLoader.load(PublicKey.Factory.class).stream().collect(Collectors.toList()); + if (factories.size() != 1) { + throw new IllegalStateException( + "A single PublicKey implementation expected; found " + factories.size()); + } + factory = factories.get(0).get(); + } private static final Set SUPPORTED_ALGORITHMS = Set.of(Algorithm.Ed25519, Algorithm.SECP256R1); @@ -55,10 +66,6 @@ public static PublicKey deserialize(Schema.PublicKey pk) throws Error.FormatErro return PublicKey.load(pk.getAlgorithm(), pk.getKey().toByteArray()); } - public static void setFactory(Factory factory) { - PublicKey.factory = factory; - } - public abstract Algorithm getAlgorithm(); public abstract Optional verify(byte[] data, byte[] signature) diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/Signer.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/Signer.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/Signer.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/Signer.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/Token.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/Token.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/Token.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/Token.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/TokenSignature.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/crypto/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/package-info.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/crypto/package-info.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/package-info.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/Check.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Check.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/Check.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Check.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/Combinator.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Combinator.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/Combinator.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Combinator.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/Fact.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Fact.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/Fact.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Fact.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/FactSet.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/FactSet.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/FactSet.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/FactSet.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/MapKey.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/MapKey.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/MapKey.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/MapKey.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/MatchedVariables.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/Origin.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Origin.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/Origin.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Origin.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/Pair.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Pair.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/Pair.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Pair.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/Predicate.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Predicate.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/Predicate.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Predicate.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/Rule.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Rule.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/Rule.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Rule.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/RuleSet.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/RunLimits.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/SchemaVersion.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/Scope.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Scope.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/Scope.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Scope.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/SymbolTable.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/TemporarySymbolTable.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/Term.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Term.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/Term.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/Term.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/TrustedOrigins.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/World.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/World.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/World.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/World.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/expressions/Expression.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java similarity index 99% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java index 2e806ab9..e1aae371 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java +++ b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/expressions/Op.java @@ -22,13 +22,10 @@ import org.eclipse.biscuit.datalog.Term; import org.eclipse.biscuit.error.Error; import org.eclipse.biscuit.error.Result; -import org.eclipse.biscuit.regex.DefaultPatternMatcherFactory; import org.eclipse.biscuit.regex.PatternMatcher; import org.eclipse.biscuit.token.builder.Expression; public abstract class Op { - PatternMatcher.Factory patternMatcherFactory = new DefaultPatternMatcherFactory(); - public abstract void evaluate( Deque stack, Map variables, TemporarySymbolTable temporarySymbolTable) throws Error.Execution; @@ -457,8 +454,7 @@ public void evaluate( "cannot find string in symbols for index " + ((Term.Str) right).value()); } - stack.push( - new Term.Bool(patternMatcherFactory.create(rightS.get()).match(leftS.get()))); + stack.push(new Term.Bool(PatternMatcher.create(rightS.get()).match(leftS.get()))); } break; case Add: diff --git a/biscuit/src/main/java/org/eclipse/biscuit/datalog/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/datalog/package-info.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/datalog/package-info.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/datalog/package-info.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/error/Error.java b/biscuit-core/src/main/java/org/eclipse/biscuit/error/Error.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/error/Error.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/error/Error.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/error/FailedCheck.java b/biscuit-core/src/main/java/org/eclipse/biscuit/error/FailedCheck.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/error/FailedCheck.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/error/FailedCheck.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/error/LogicError.java b/biscuit-core/src/main/java/org/eclipse/biscuit/error/LogicError.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/error/LogicError.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/error/LogicError.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/error/Result.java b/biscuit-core/src/main/java/org/eclipse/biscuit/error/Result.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/error/Result.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/error/Result.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/error/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/error/package-info.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/error/package-info.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/error/package-info.java diff --git a/biscuit-core/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java b/biscuit-core/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java new file mode 100644 index 00000000..6c7dbc01 --- /dev/null +++ b/biscuit-core/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java @@ -0,0 +1,28 @@ +package org.eclipse.biscuit.regex; + +import java.util.ServiceLoader; +import java.util.stream.Collectors; + +public abstract class PatternMatcher { + public interface Factory { + PatternMatcher create(String regex); + } + + private static final Factory factory; + + static { + var factories = + ServiceLoader.load(PatternMatcher.Factory.class).stream().collect(Collectors.toList()); + if (factories.size() != 1) { + throw new IllegalStateException( + "A single PatternMatcher implementation expected; found " + factories.size()); + } + factory = factories.get(0).get(); + } + + public static PatternMatcher create(String regex) { + return factory.create(regex); + } + + public abstract boolean match(CharSequence input); +} diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/Authorizer.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/Authorizer.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/Authorizer.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/Authorizer.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/Biscuit.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/Biscuit.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/Biscuit.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/Biscuit.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/Block.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/Block.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/Block.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/Block.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/Policy.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/Policy.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/Policy.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/Policy.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/RevocationIdentifier.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockContents.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/ThirdPartyBlockRequest.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Biscuit.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Block.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Block.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/Block.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Block.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Check.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Check.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/Check.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Check.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Expression.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Expression.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/Expression.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Expression.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Fact.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Fact.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/Fact.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Fact.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/MapKey.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Predicate.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Rule.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Rule.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/Rule.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Rule.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Scope.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Scope.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/Scope.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Scope.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Term.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Term.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/Term.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Term.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/Utils.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Utils.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/Utils.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/Utils.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/package-info.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/package-info.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/package-info.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/Error.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/ExpressionParser.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/builder/parser/Parser.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/format/ExternalSignature.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/format/Proof.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/Proof.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/format/Proof.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/format/Proof.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/format/SignedBlock.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/format/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/format/package-info.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/format/package-info.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/format/package-info.java diff --git a/biscuit/src/main/java/org/eclipse/biscuit/token/package-info.java b/biscuit-core/src/main/java/org/eclipse/biscuit/token/package-info.java similarity index 100% rename from biscuit/src/main/java/org/eclipse/biscuit/token/package-info.java rename to biscuit-core/src/main/java/org/eclipse/biscuit/token/package-info.java diff --git a/biscuit/src/main/proto/schema.proto b/biscuit-core/src/main/proto/schema.proto similarity index 100% rename from biscuit/src/main/proto/schema.proto rename to biscuit-core/src/main/proto/schema.proto diff --git a/biscuit/pom.xml b/biscuit/pom.xml index 3b14fb5b..c81716dd 100644 --- a/biscuit/pom.xml +++ b/biscuit/pom.xml @@ -5,7 +5,6 @@ 4.0.0 - org.eclipse biscuit jar @@ -17,20 +16,15 @@ - com.google.protobuf - protobuf-java - ${protobuf.version} + org.eclipse + biscuit-core + 4.0.1 com.google.re2j re2j ${re2j.version} - - com.fasterxml.jackson.core - jackson-databind - ${jackson.version} - org.bouncycastle bcprov-jdk18on diff --git a/biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java b/biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java index efd34395..9da7891f 100644 --- a/biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java +++ b/biscuit/src/main/java/org/eclipse/biscuit/regex/DefaultPatternMatcherFactory.java @@ -6,6 +6,11 @@ public final class DefaultPatternMatcherFactory implements PatternMatcher.Factor @Override public PatternMatcher create(String regex) { var p = Pattern.compile(regex); - return input -> p.matcher(input).find(); + return new PatternMatcher() { + @Override + public boolean match(CharSequence input) { + return p.matcher(input).find(); + } + }; } } diff --git a/biscuit/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java b/biscuit/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java deleted file mode 100644 index 89124363..00000000 --- a/biscuit/src/main/java/org/eclipse/biscuit/regex/PatternMatcher.java +++ /dev/null @@ -1,9 +0,0 @@ -package org.eclipse.biscuit.regex; - -public interface PatternMatcher { - public interface Factory { - PatternMatcher create(String regex); - } - - boolean match(CharSequence input); -} diff --git a/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.KeyPair$Factory b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.KeyPair$Factory new file mode 100644 index 00000000..66575535 --- /dev/null +++ b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.KeyPair$Factory @@ -0,0 +1 @@ +org.eclipse.biscuit.bouncycastle.DefaultKeyPairFactory \ No newline at end of file diff --git a/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.PublicKey$Factory b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.PublicKey$Factory new file mode 100644 index 00000000..efc4aaf0 --- /dev/null +++ b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.crypto.PublicKey$Factory @@ -0,0 +1 @@ +org.eclipse.biscuit.bouncycastle.DefaultPublicKeyFactory \ No newline at end of file diff --git a/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.regex.PatternMatcher$Factory b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.regex.PatternMatcher$Factory new file mode 100644 index 00000000..5591c36f --- /dev/null +++ b/biscuit/src/main/resources/META-INF/services/org.eclipse.biscuit.regex.PatternMatcher$Factory @@ -0,0 +1 @@ +org.eclipse.biscuit.regex.DefaultPatternMatcherFactory \ No newline at end of file diff --git a/pom.xml b/pom.xml index 3a546521..0c8b0753 100644 --- a/pom.xml +++ b/pom.xml @@ -17,6 +17,7 @@ biscuit + biscuit-core From b354d002ff3e45fdfb3d263f7105885151653f87 Mon Sep 17 00:00:00 2001 From: Adam Preuss Date: Wed, 11 Feb 2026 11:23:31 -0700 Subject: [PATCH 8/9] Support a wider set of errors for key generation. --- .../java/org/eclipse/biscuit/crypto/KeyPair.java | 14 ++++++-------- .../java/org/eclipse/biscuit/crypto/PublicKey.java | 2 +- .../org/eclipse/biscuit/crypto/SignatureTest.java | 4 ++-- .../org/eclipse/biscuit/token/BiscuitTest.java | 8 ++++++-- .../org/eclipse/biscuit/token/ExampleTest.java | 2 +- 5 files changed, 16 insertions(+), 14 deletions(-) diff --git a/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java index a0a69a96..1d293d1d 100644 --- a/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java +++ b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java @@ -15,9 +15,9 @@ /** Private and public key. */ public abstract class KeyPair implements Signer { public interface Factory { - KeyPair generate(Algorithm algorithm, byte[] bytes) throws Error.FormatError.InvalidKeySize; + KeyPair generate(Algorithm algorithm, byte[] bytes) throws Error.FormatError; - KeyPair generate(Algorithm algorithm, SecureRandom rng); + KeyPair generate(Algorithm algorithm, SecureRandom rng) throws Error.FormatError; } private static final Factory factory; @@ -31,21 +31,19 @@ public interface Factory { factory = factories.get(0).get(); } - public static KeyPair generate(Algorithm algorithm) { + public static KeyPair generate(Algorithm algorithm) throws Error.FormatError { return generate(algorithm, new SecureRandom()); } - public static KeyPair generate(Algorithm algorithm, String hex) - throws Error.FormatError.InvalidKeySize { + public static KeyPair generate(Algorithm algorithm, String hex) throws Error.FormatError { return generate(algorithm, Utils.hexStringToByteArray(hex)); } - public static KeyPair generate(Algorithm algorithm, byte[] bytes) - throws Error.FormatError.InvalidKeySize { + public static KeyPair generate(Algorithm algorithm, byte[] bytes) throws Error.FormatError { return factory.generate(algorithm, bytes); } - public static KeyPair generate(Algorithm algorithm, SecureRandom rng) { + public static KeyPair generate(Algorithm algorithm, SecureRandom rng) throws Error.FormatError { return factory.generate(algorithm, rng); } diff --git a/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java index 63413ce1..5d63d1aa 100644 --- a/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java +++ b/biscuit-core/src/main/java/org/eclipse/biscuit/crypto/PublicKey.java @@ -20,7 +20,7 @@ public abstract class PublicKey { public interface Factory { - PublicKey load(Algorithm algorithm, byte[] bytes) throws Error.FormatError.InvalidKey; + PublicKey load(Algorithm algorithm, byte[] bytes) throws Error.FormatError; } private static final Factory factory; diff --git a/biscuit/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java b/biscuit/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java index b818b815..45ea0069 100644 --- a/biscuit/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java +++ b/biscuit/src/test/java/org/eclipse/biscuit/crypto/SignatureTest.java @@ -50,7 +50,7 @@ public void testHex() throws Error.FormatError { @Test public void testThreeMessages() - throws NoSuchAlgorithmException, SignatureException, InvalidKeyException { + throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error.FormatError { prTestThreeMessages(Schema.PublicKey.Algorithm.Ed25519); prTestThreeMessages(Schema.PublicKey.Algorithm.SECP256R1); } @@ -120,7 +120,7 @@ private void prTestSerialize(Schema.PublicKey.Algorithm algorithm, int expectedP } private void prTestThreeMessages(Schema.PublicKey.Algorithm algorithm) - throws NoSuchAlgorithmException, SignatureException, InvalidKeyException { + throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error.FormatError { String message1 = "hello"; KeyPair root = KeyPair.generate(algorithm, rng); KeyPair keypair2 = KeyPair.generate(algorithm, rng); diff --git a/biscuit/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java index 841c3df4..dc429dcb 100644 --- a/biscuit/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java +++ b/biscuit/src/test/java/org/eclipse/biscuit/token/BiscuitTest.java @@ -704,8 +704,12 @@ public Optional getRootKey(Optional keyId) { new KeyDelegate() { @Override public Optional getRootKey(Optional keyId) { - - KeyPair root = KeyPair.generate(Schema.PublicKey.Algorithm.Ed25519, rng); + KeyPair root = null; + try { + root = KeyPair.generate(Schema.PublicKey.Algorithm.Ed25519, rng); + } catch (Error.FormatError e) { + throw new IllegalStateException(e); + } return Optional.of(root.getPublicKey()); } }); diff --git a/biscuit/src/test/java/org/eclipse/biscuit/token/ExampleTest.java b/biscuit/src/test/java/org/eclipse/biscuit/token/ExampleTest.java index dc68774e..99fa9028 100644 --- a/biscuit/src/test/java/org/eclipse/biscuit/token/ExampleTest.java +++ b/biscuit/src/test/java/org/eclipse/biscuit/token/ExampleTest.java @@ -17,7 +17,7 @@ * if these functions change, please send a PR to update them at https://github.com/biscuit-auth/website */ public class ExampleTest { - public KeyPair root() { + public KeyPair root() throws Error.FormatError { return KeyPair.generate(Schema.PublicKey.Algorithm.Ed25519); } From ecb92122e2d45d0b38afdd5b101dbdd5f06d124b Mon Sep 17 00:00:00 2001 From: Adam Preuss Date: Mon, 23 Feb 2026 11:48:27 -0700 Subject: [PATCH 9/9] Increment version to 4.1.0 --- biscuit-core/pom.xml | 2 +- biscuit/pom.xml | 4 ++-- pom.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/biscuit-core/pom.xml b/biscuit-core/pom.xml index 7e50419f..176cfe28 100644 --- a/biscuit-core/pom.xml +++ b/biscuit-core/pom.xml @@ -11,7 +11,7 @@ org.eclipse biscuit-java - 4.0.1 + 4.1.0 diff --git a/biscuit/pom.xml b/biscuit/pom.xml index c81716dd..5b2ee774 100644 --- a/biscuit/pom.xml +++ b/biscuit/pom.xml @@ -11,14 +11,14 @@ org.eclipse biscuit-java - 4.0.1 + 4.1.0 org.eclipse biscuit-core - 4.0.1 + 4.1.0 com.google.re2j diff --git a/pom.xml b/pom.xml index 0c8b0753..fec7d8d9 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ org.eclipse biscuit-java pom - 4.0.1 + 4.1.0 biscuit-java https://github.com/eclipse-biscuit/biscuit-java