public void TestEmptyVerifier() { byte[] seed = { 0, 0, 0, 0 }; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(seed); Console.WriteLine("preparing the authority block"); KeyPair root = new KeyPair(rng); Biscuit.Token.Builder.BiscuitBuilder builder = Biscuit.Token.Biscuit.Builder(rng, root); builder.AddRight("/folder1/file1", "read"); builder.AddRight("/folder1/file1", "write"); builder.AddRight("/folder1/file2", "read"); builder.AddRight("/folder1/file2", "write"); builder.AddRight("/folder2/file3", "read"); Console.WriteLine(builder.Build()); Biscuit.Token.Biscuit b = builder.Build().Right; Console.WriteLine(b.Print()); BlockBuilder block2 = b.CreateBlock(); block2.ResourcePrefix("/folder1/"); block2.CheckRight("read"); KeyPair keypair2 = new KeyPair(rng); Biscuit.Token.Biscuit b2 = b.Attenuate(rng, keypair2, block2.Build()).Right; Verifier v1 = new Verifier(); v1.Allow(); Either <Error, long> res = v1.Verify(); Assert.IsTrue(res.IsRight); v1.AddToken(b2, Option.Some(root.ToPublicKey())).Get(); v1.AddResource("/folder2/file1"); v1.AddOperation("write"); res = v1.Verify(); Assert.IsTrue(res.IsLeft); }
public void TestFolders() { byte[] seed = { 0, 0, 0, 0 }; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(seed); Console.WriteLine("preparing the authority block"); KeyPair root = new KeyPair(rng); BiscuitBuilder builder = Biscuit.Token.Biscuit.Builder(rng, root); builder.AddRight("/folder1/file1", "read"); builder.AddRight("/folder1/file1", "write"); builder.AddRight("/folder1/file2", "read"); builder.AddRight("/folder1/file2", "write"); builder.AddRight("/folder2/file3", "read"); Console.WriteLine(builder.Build()); Biscuit.Token.Biscuit b = builder.Build().Right; Console.WriteLine(b.Print()); BlockBuilder block2 = b.CreateBlock(); block2.ResourcePrefix("/folder1/"); block2.CheckRight("read"); KeyPair keypair2 = new KeyPair(rng); Biscuit.Token.Biscuit b2 = b.Attenuate(rng, keypair2, block2.Build()).Right; Verifier v1 = b2.Verify(root.ToPublicKey()).Right; v1.AddResource("/folder1/file1"); v1.AddOperation("read"); v1.Allow(); Either <Error, long> res = v1.Verify(); Assert.IsTrue(res.IsRight); Verifier v2 = b2.Verify(root.ToPublicKey()).Right; v2.AddResource("/folder2/file3"); v2.AddOperation("read"); v2.Allow(); res = v2.Verify(); Assert.IsTrue(res.IsLeft); Verifier v3 = b2.Verify(root.ToPublicKey()).Right; v3.AddResource("/folder2/file1"); v3.AddOperation("write"); v3.Allow(); res = v3.Verify(); Error e = res.Left; Assert.IsTrue(res.IsLeft); Console.WriteLine(v3.PrintWorld()); foreach (FailedCheck f in e.FailedCheck().Get()) { Console.WriteLine(f.ToString()); } Assert.AreEqual( new FailedLogic(new LogicError.FailedChecks(Arrays.AsList <FailedCheck>( new FailedCheck.FailedBlock(1, 0, "check if resource(#ambient, $resource), $resource.starts_with(\"/folder1/\")"), new FailedCheck.FailedBlock(1, 1, "check if resource(#ambient, $resource), operation(#ambient, #read), right(#authority, $resource, #read)") ))), e); }