public void TestSealedTokens()
{
byte[] seed = { 0, 0, 0, 0 };
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(seed);
Console.WriteLine("preparing the authority block");
KeyPair root = new KeyPair(rng);
SymbolTable symbols = Biscuit.Token.Biscuit.DefaultSymbolTable();
BlockBuilder authority_builder = new BlockBuilder(0, symbols);
authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file1"), Utils.Symbol("read"))));
authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file2"), Utils.Symbol("read"))));
authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file1"), Utils.Symbol("write"))));
Biscuit.Token.Biscuit b = Biscuit.Token.Biscuit.Make(rng, root, Biscuit.Token.Biscuit.DefaultSymbolTable(), authority_builder.Build()).Right;
Console.WriteLine(b.Print());
Console.WriteLine("serializing the first token");
byte[] data = b.Serialize().Right;
Console.Write("data len: ");
Console.WriteLine(data.Length);
//Console.WriteLine(hex(data));
Console.WriteLine("deserializing the first token");
Biscuit.Token.Biscuit deser = Biscuit.Token.Biscuit.FromBytes(data).Right;
Console.WriteLine(deser.Print());
// SECOND BLOCK
Console.WriteLine("preparing the second block");
KeyPair keypair2 = new KeyPair(rng);
BlockBuilder builder = deser.CreateBlock();
builder.AddCheck(Utils.Check(Utils.Rule(
"caveat1",
Arrays.AsList(Utils.Var("resource")),
Arrays.AsList(
Utils.Pred("resource", Arrays.AsList(Utils.Symbol("ambient"), Utils.Var("resource"))),
Utils.Pred("operation", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("read"))),
Utils.Pred("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Var("resource"), Utils.Symbol("read")))
)
)));
Biscuit.Token.Biscuit b2 = deser.Attenuate(rng, keypair2, builder.Build()).Right;
Console.WriteLine(b2.Print());
Console.WriteLine("sealing the second token");
byte[] testkey = Encoding.UTF8.GetBytes("testkey");
var sealedd = b2.Seal(testkey).Right;
Console.Write("sealed data len: ");
Console.WriteLine(sealedd.Length);
Console.WriteLine("deserializing the sealed token with an invalid key");
Error e = Biscuit.Token.Biscuit.FromSealed(sealedd, Encoding.UTF8.GetBytes("not this key")).Left;
Console.WriteLine(e);
Assert.AreEqual(new SealedSignature(), e);
Console.WriteLine("deserializing the sealed token with a valid key");
Biscuit.Token.Biscuit deser2 = Biscuit.Token.Biscuit.FromSealed(sealedd, Encoding.UTF8.GetBytes("testkey")).Right;
Console.WriteLine(deser2.Print());
Console.WriteLine("trying to attenuate to a sealed token");
_ = deser2.CreateBlock();
_ = deser2.Attenuate(rng, keypair2, builder.Build()).Left;
Verifier v = deser2.VerifySealed().Right;
Console.WriteLine(v.PrintWorld());
}
public void TestBasic()
{
byte[] seed = { 0, 0, 0, 0 };
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(seed);
Console.WriteLine("preparing the authority block");
KeyPair root = new KeyPair(rng);
SymbolTable symbols = Biscuit.Token.Biscuit.DefaultSymbolTable();
BlockBuilder authority_builder = new BlockBuilder(0, symbols);
authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file1"), Utils.Symbol("read"))));
authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file2"), Utils.Symbol("read"))));
authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file1"), Utils.Symbol("write"))));
Biscuit.Token.Biscuit b = Biscuit.Token.Biscuit.Make(rng, root, Biscuit.Token.Biscuit.DefaultSymbolTable(), authority_builder.Build()).Right;
Console.WriteLine(b.Print());
Console.WriteLine("serializing the first token");
byte[] data = b.Serialize().Right;
Console.Write("data len: ");
Console.WriteLine(data.Length);
//Console.WriteLine(hex(data));
Console.WriteLine("deserializing the first token");
Biscuit.Token.Biscuit deser = Biscuit.Token.Biscuit.FromBytes(data).Right;
Console.WriteLine(deser.Print());
// SECOND BLOCK
Console.WriteLine("preparing the second block");
KeyPair keypair2 = new KeyPair(rng);
BlockBuilder builder = deser.CreateBlock();
builder.AddCheck(Utils.Check(Utils.Rule(
"caveat1",
Arrays.AsList(Utils.Var("resource")),
Arrays.AsList(
Utils.Pred("resource", Arrays.AsList(Utils.Symbol("ambient"), Utils.Var("resource"))),
Utils.Pred("operation", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("read"))),
Utils.Pred("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Var("resource"), Utils.Symbol("read")))
)
)));
Biscuit.Token.Biscuit b2 = deser.Attenuate(rng, keypair2, builder.Build()).Right;
Console.WriteLine(b2.Print());
Console.WriteLine("serializing the second token");
byte[] data2 = b2.Serialize().Right;
Console.Write("data len: ");
Console.WriteLine(data2.Length);
//Console.WriteLine(hex(data2));
Console.WriteLine("deserializing the second token");
Biscuit.Token.Biscuit deser2 = Biscuit.Token.Biscuit.FromBytes(data2).Right;
Console.WriteLine(deser2.Print());
// THIRD BLOCK
Console.WriteLine("preparing the third block");
KeyPair keypair3 = new KeyPair(rng);
BlockBuilder builder3 = deser2.CreateBlock();
builder3.AddCheck(Utils.Check(Utils.Rule(
"caveat2",
Arrays.AsList(Utils.Symbol("file1")),
Arrays.AsList(
Utils.Pred("resource", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("file1")))
)
)));
Biscuit.Token.Biscuit b3 = deser2.Attenuate(rng, keypair3, builder3.Build()).Right;
Console.WriteLine(b3.Print());
Console.WriteLine("serializing the third token");
byte[] data3 = b3.Serialize().Right;
Console.Write("data len: ");
Console.WriteLine(data3.Length);
//Console.WriteLine(hex(data3));
Console.WriteLine("deserializing the third token");
Biscuit.Token.Biscuit final_token = Biscuit.Token.Biscuit.FromBytes(data3).Right;
Console.WriteLine(final_token.Print());
// check
Console.WriteLine("will check the token for resource=file1 and operation=read");
SymbolTable check_symbols = new SymbolTable(final_token.Symbols);
List <Fact> ambient_facts = Arrays.AsList(
Utils.Fact("resource", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("file1"))).Convert(check_symbols),
Utils.Fact("operation", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("read"))).Convert(check_symbols)
);
Either <Error, Dictionary <string, HashSet <Fact> > > res = final_token.Check(check_symbols, ambient_facts,
new List <Rule>(), new List <Check>(), new Dictionary <string, Rule>());
Assert.IsTrue(res.IsRight);
Console.WriteLine("will check the token for resource=file2 and operation=write");
SymbolTable check_symbols2 = new SymbolTable(final_token.Symbols);
List <Fact> ambient_facts2 = Arrays.AsList(
Utils.Fact("resource", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("file2"))).Convert(check_symbols2),
Utils.Fact("operation", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("write"))).Convert(check_symbols2)
);
Either <Error, Dictionary <string, HashSet <Fact> > > res2 = final_token.Check(check_symbols2, ambient_facts2,
new List <Rule>(), new List <Check>(), new Dictionary <string, Rule>());
Assert.IsTrue(res2.IsLeft);
Console.WriteLine(res2.Left);
Assert.AreEqual(
new FailedLogic(new LogicError.FailedChecks(Arrays.AsList <FailedCheck>(
new FailedCheck.FailedBlock(1, 0, "check if resource(#ambient, $resource), operation(#ambient, #read), right(#authority, $resource, #read)"),
new FailedCheck.FailedBlock(2, 0, "check if resource(#ambient, #file1)")
))),
res2.Left);
}