Exemplo n.º 1
0
        public void TestEmptyVerifier()
        {
            byte[] seed = { 0, 0, 0, 0 };
            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(seed);

            Console.WriteLine("preparing the authority block");

            KeyPair root = new KeyPair(rng);

            Biscuit.Token.Builder.BiscuitBuilder builder = Biscuit.Token.Biscuit.Builder(rng, root);

            builder.AddRight("/folder1/file1", "read");
            builder.AddRight("/folder1/file1", "write");
            builder.AddRight("/folder1/file2", "read");
            builder.AddRight("/folder1/file2", "write");
            builder.AddRight("/folder2/file3", "read");

            Console.WriteLine(builder.Build());
            Biscuit.Token.Biscuit b = builder.Build().Right;

            Console.WriteLine(b.Print());

            BlockBuilder block2 = b.CreateBlock();

            block2.ResourcePrefix("/folder1/");
            block2.CheckRight("read");

            KeyPair keypair2 = new KeyPair(rng);

            Biscuit.Token.Biscuit b2 = b.Attenuate(rng, keypair2, block2.Build()).Right;

            Verifier v1 = new Verifier();

            v1.Allow();

            Either <Error, long> res = v1.Verify();

            Assert.IsTrue(res.IsRight);

            v1.AddToken(b2, Option.Some(root.ToPublicKey())).Get();

            v1.AddResource("/folder2/file1");
            v1.AddOperation("write");

            res = v1.Verify();

            Assert.IsTrue(res.IsLeft);
        }
Exemplo n.º 2
0
        public void TestFolders()
        {
            byte[] seed = { 0, 0, 0, 0 };
            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(seed);

            Console.WriteLine("preparing the authority block");

            KeyPair root = new KeyPair(rng);

            BiscuitBuilder builder = Biscuit.Token.Biscuit.Builder(rng, root);

            builder.AddRight("/folder1/file1", "read");
            builder.AddRight("/folder1/file1", "write");
            builder.AddRight("/folder1/file2", "read");
            builder.AddRight("/folder1/file2", "write");
            builder.AddRight("/folder2/file3", "read");

            Console.WriteLine(builder.Build());
            Biscuit.Token.Biscuit b = builder.Build().Right;

            Console.WriteLine(b.Print());

            BlockBuilder block2 = b.CreateBlock();

            block2.ResourcePrefix("/folder1/");
            block2.CheckRight("read");

            KeyPair keypair2 = new KeyPair(rng);

            Biscuit.Token.Biscuit b2 = b.Attenuate(rng, keypair2, block2.Build()).Right;

            Verifier v1 = b2.Verify(root.ToPublicKey()).Right;

            v1.AddResource("/folder1/file1");
            v1.AddOperation("read");
            v1.Allow();
            Either <Error, long> res = v1.Verify();

            Assert.IsTrue(res.IsRight);

            Verifier v2 = b2.Verify(root.ToPublicKey()).Right;

            v2.AddResource("/folder2/file3");
            v2.AddOperation("read");
            v2.Allow();
            res = v2.Verify();
            Assert.IsTrue(res.IsLeft);

            Verifier v3 = b2.Verify(root.ToPublicKey()).Right;

            v3.AddResource("/folder2/file1");
            v3.AddOperation("write");
            v3.Allow();
            res = v3.Verify();

            Error e = res.Left;

            Assert.IsTrue(res.IsLeft);

            Console.WriteLine(v3.PrintWorld());
            foreach (FailedCheck f in e.FailedCheck().Get())
            {
                Console.WriteLine(f.ToString());
            }
            Assert.AreEqual(
                new FailedLogic(new LogicError.FailedChecks(Arrays.AsList <FailedCheck>(
                                                                new FailedCheck.FailedBlock(1, 0, "check if resource(#ambient, $resource), $resource.starts_with(\"/folder1/\")"),
                                                                new FailedCheck.FailedBlock(1, 1, "check if resource(#ambient, $resource), operation(#ambient, #read), right(#authority, $resource, #read)")
                                                                ))),
                e);
        }