/// <summary>
/// Creates a token
/// </summary>
/// <param name="rng">random number generator</param>
/// <param name="root">root private key</param>
/// <param name="symbols">symbol table</param>
/// <param name="authority">authority authority block</param>
/// <returns></returns>
static public Either <Error, Biscuit> Make(RNGCryptoServiceProvider rng, KeyPair root, SymbolTable symbols, Block authority)
{
if (!Collections.Disjoint(symbols.Symbols, authority.Symbols.Symbols))
{
return(new Left(new SymbolTableOverlap()));
}
if (authority.Index != 0)
{
return(new Left(new InvalidAuthorityIndex(authority.Index)));
}
symbols.Symbols.AddRange(authority.Symbols.Symbols);
List <Block> blocks = new List <Block>();
Either <FormatError, SerializedBiscuit> container = SerializedBiscuit.Make(rng, root, authority);
if (container.IsLeft)
{
return(container.Left);
}
else
{
SerializedBiscuit s = container.Right;
List <RevocationIdentifier> revocation_ids = s.RevocationIdentifiers();
Option <SerializedBiscuit> c = Option.Some(s);
return(new Right(new Biscuit(authority, blocks, symbols, c, revocation_ids)));
}
}
/// <summary>
/// Generates a new token from an existing one and a new block
/// </summary>
/// <param name="rng">random number generator</param>
/// <param name="keypair">ephemeral key pair</param>
/// <param name="block">new block(should be generated from a Block builder)</param>
/// <returns></returns>
public Either <Error, Biscuit> Attenuate(RNGCryptoServiceProvider rng, KeyPair keypair, Block block)
{
Either <Error, Biscuit> e = this.Copy();
if (e.IsLeft)
{
return(e.Left);
}
Biscuit copiedBiscuit = e.Right;
if (!Collections.Disjoint(copiedBiscuit.Symbols.Symbols, block.Symbols.Symbols))
{
return(new SymbolTableOverlap());
}
if (block.Index != 1 + this.Blocks.Count)
{
return(new InvalidBlockIndex(1 + copiedBiscuit.Blocks.Count, block.Index));
}
Either <FormatError, SerializedBiscuit> containerRes = copiedBiscuit.container.Get().Append(rng, keypair, block);
if (containerRes.IsLeft)
{
FormatError error = containerRes.Left;
return(new Left(error));
}
SerializedBiscuit container = containerRes.Right;
SymbolTable symbols = new SymbolTable(copiedBiscuit.Symbols);
foreach (string s in block.Symbols.Symbols)
{
symbols.Add(s);
}
List <Block> blocks = new List <Block>();
foreach (Block b in copiedBiscuit.Blocks)
{
blocks.Add(b);
}
blocks.Add(block);
List <RevocationIdentifier> revocation_ids = container.RevocationIdentifiers();
return(new Biscuit(copiedBiscuit.Authority, blocks, symbols, Option.Some(container), revocation_ids));
}
/// <summary>
/// Deserializes a Biscuit token from a byte array
/// This checks the signature, but does not verify that the first key is the root key,
/// to allow appending blocks without knowing about the root key.
/// The root key check is performed in the verify method
/// </summary>
/// <param name="data"></param>
/// <param name="symbols"></param>
/// <returns></returns>
static public Either <Error, Biscuit> FromBytesWithSymbols(byte[] data, SymbolTable symbols)
{
Either <Error, SerializedBiscuit> res = SerializedBiscuit.FromBytes(data);
if (res.IsLeft)
{
Error e = res.Left;
return(new Left(e));
}
SerializedBiscuit ser = res.Right;
Either <FormatError, Block> authRes = Block.FromBytes(ser.authority);
if (authRes.IsLeft)
{
Error e = authRes.Left;
return(new Left(e));
}
Block authority = authRes.Right;
List <Block> blocks = new List <Block>();
foreach (byte[] bdata in ser.blocks)
{
Either <FormatError, Block> blockRes = Block.FromBytes(bdata);
if (blockRes.IsLeft)
{
return(blockRes.Left);
}
blocks.Add(blockRes.Right);
}
foreach (string s in authority.Symbols.Symbols)
{
symbols.Add(s);
}
foreach (Block b in blocks)
{
foreach (string s in b.Symbols.Symbols)
{
symbols.Add(s);
}
}
List <RevocationIdentifier> revocationIds = ser.RevocationIdentifiers();
return(new Right(new Biscuit(authority, blocks, symbols, Option.Some(ser), revocationIds)));
}
