示例#1
0
        public void TestSealedTokens()
        {
            byte[] seed = { 0, 0, 0, 0 };
            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(seed);

            Console.WriteLine("preparing the authority block");

            KeyPair root = new KeyPair(rng);

            SymbolTable  symbols           = Biscuit.Token.Biscuit.DefaultSymbolTable();
            BlockBuilder authority_builder = new BlockBuilder(0, symbols);

            authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file1"), Utils.Symbol("read"))));
            authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file2"), Utils.Symbol("read"))));
            authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file1"), Utils.Symbol("write"))));

            Biscuit.Token.Biscuit b = Biscuit.Token.Biscuit.Make(rng, root, Biscuit.Token.Biscuit.DefaultSymbolTable(), authority_builder.Build()).Right;

            Console.WriteLine(b.Print());

            Console.WriteLine("serializing the first token");

            byte[] data = b.Serialize().Right;

            Console.Write("data len: ");
            Console.WriteLine(data.Length);
            //Console.WriteLine(hex(data));

            Console.WriteLine("deserializing the first token");
            Biscuit.Token.Biscuit deser = Biscuit.Token.Biscuit.FromBytes(data).Right;

            Console.WriteLine(deser.Print());

            // SECOND BLOCK
            Console.WriteLine("preparing the second block");

            KeyPair keypair2 = new KeyPair(rng);

            BlockBuilder builder = deser.CreateBlock();

            builder.AddCheck(Utils.Check(Utils.Rule(
                                             "caveat1",
                                             Arrays.AsList(Utils.Var("resource")),
                                             Arrays.AsList(
                                                 Utils.Pred("resource", Arrays.AsList(Utils.Symbol("ambient"), Utils.Var("resource"))),
                                                 Utils.Pred("operation", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("read"))),
                                                 Utils.Pred("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Var("resource"), Utils.Symbol("read")))
                                                 )
                                             )));

            Biscuit.Token.Biscuit b2 = deser.Attenuate(rng, keypair2, builder.Build()).Right;

            Console.WriteLine(b2.Print());

            Console.WriteLine("sealing the second token");

            byte[] testkey = Encoding.UTF8.GetBytes("testkey");

            var sealedd = b2.Seal(testkey).Right;

            Console.Write("sealed data len: ");
            Console.WriteLine(sealedd.Length);

            Console.WriteLine("deserializing the sealed token with an invalid key");
            Error e = Biscuit.Token.Biscuit.FromSealed(sealedd, Encoding.UTF8.GetBytes("not this key")).Left;

            Console.WriteLine(e);
            Assert.AreEqual(new SealedSignature(), e);

            Console.WriteLine("deserializing the sealed token with a valid key");
            Biscuit.Token.Biscuit deser2 = Biscuit.Token.Biscuit.FromSealed(sealedd, Encoding.UTF8.GetBytes("testkey")).Right;
            Console.WriteLine(deser2.Print());

            Console.WriteLine("trying to attenuate to a sealed token");
            _ = deser2.CreateBlock();
            _ = deser2.Attenuate(rng, keypair2, builder.Build()).Left;

            Verifier v = deser2.VerifySealed().Right;

            Console.WriteLine(v.PrintWorld());
        }
示例#2
0
        public void TestBasic()
        {
            byte[] seed = { 0, 0, 0, 0 };
            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(seed);

            Console.WriteLine("preparing the authority block");

            KeyPair root = new KeyPair(rng);

            SymbolTable  symbols           = Biscuit.Token.Biscuit.DefaultSymbolTable();
            BlockBuilder authority_builder = new BlockBuilder(0, symbols);

            authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file1"), Utils.Symbol("read"))));
            authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file2"), Utils.Symbol("read"))));
            authority_builder.AddFact(Utils.Fact("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Symbol("file1"), Utils.Symbol("write"))));

            Biscuit.Token.Biscuit b = Biscuit.Token.Biscuit.Make(rng, root, Biscuit.Token.Biscuit.DefaultSymbolTable(), authority_builder.Build()).Right;

            Console.WriteLine(b.Print());

            Console.WriteLine("serializing the first token");

            byte[] data = b.Serialize().Right;

            Console.Write("data len: ");
            Console.WriteLine(data.Length);
            //Console.WriteLine(hex(data));

            Console.WriteLine("deserializing the first token");
            Biscuit.Token.Biscuit deser = Biscuit.Token.Biscuit.FromBytes(data).Right;

            Console.WriteLine(deser.Print());

            // SECOND BLOCK
            Console.WriteLine("preparing the second block");

            KeyPair keypair2 = new KeyPair(rng);

            BlockBuilder builder = deser.CreateBlock();

            builder.AddCheck(Utils.Check(Utils.Rule(
                                             "caveat1",
                                             Arrays.AsList(Utils.Var("resource")),
                                             Arrays.AsList(
                                                 Utils.Pred("resource", Arrays.AsList(Utils.Symbol("ambient"), Utils.Var("resource"))),
                                                 Utils.Pred("operation", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("read"))),
                                                 Utils.Pred("right", Arrays.AsList(Utils.Symbol("authority"), Utils.Var("resource"), Utils.Symbol("read")))
                                                 )
                                             )));

            Biscuit.Token.Biscuit b2 = deser.Attenuate(rng, keypair2, builder.Build()).Right;

            Console.WriteLine(b2.Print());

            Console.WriteLine("serializing the second token");

            byte[] data2 = b2.Serialize().Right;

            Console.Write("data len: ");
            Console.WriteLine(data2.Length);
            //Console.WriteLine(hex(data2));

            Console.WriteLine("deserializing the second token");
            Biscuit.Token.Biscuit deser2 = Biscuit.Token.Biscuit.FromBytes(data2).Right;

            Console.WriteLine(deser2.Print());

            // THIRD BLOCK
            Console.WriteLine("preparing the third block");

            KeyPair keypair3 = new KeyPair(rng);

            BlockBuilder builder3 = deser2.CreateBlock();

            builder3.AddCheck(Utils.Check(Utils.Rule(
                                              "caveat2",
                                              Arrays.AsList(Utils.Symbol("file1")),
                                              Arrays.AsList(
                                                  Utils.Pred("resource", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("file1")))
                                                  )
                                              )));

            Biscuit.Token.Biscuit b3 = deser2.Attenuate(rng, keypair3, builder3.Build()).Right;

            Console.WriteLine(b3.Print());

            Console.WriteLine("serializing the third token");

            byte[] data3 = b3.Serialize().Right;

            Console.Write("data len: ");
            Console.WriteLine(data3.Length);
            //Console.WriteLine(hex(data3));

            Console.WriteLine("deserializing the third token");
            Biscuit.Token.Biscuit final_token = Biscuit.Token.Biscuit.FromBytes(data3).Right;

            Console.WriteLine(final_token.Print());

            // check
            Console.WriteLine("will check the token for resource=file1 and operation=read");

            SymbolTable check_symbols = new SymbolTable(final_token.Symbols);
            List <Fact> ambient_facts = Arrays.AsList(
                Utils.Fact("resource", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("file1"))).Convert(check_symbols),
                Utils.Fact("operation", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("read"))).Convert(check_symbols)
                );

            Either <Error, Dictionary <string, HashSet <Fact> > > res = final_token.Check(check_symbols, ambient_facts,
                                                                                          new List <Rule>(), new List <Check>(), new Dictionary <string, Rule>());

            Assert.IsTrue(res.IsRight);

            Console.WriteLine("will check the token for resource=file2 and operation=write");

            SymbolTable check_symbols2 = new SymbolTable(final_token.Symbols);
            List <Fact> ambient_facts2 = Arrays.AsList(
                Utils.Fact("resource", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("file2"))).Convert(check_symbols2),
                Utils.Fact("operation", Arrays.AsList(Utils.Symbol("ambient"), Utils.Symbol("write"))).Convert(check_symbols2)
                );

            Either <Error, Dictionary <string, HashSet <Fact> > > res2 = final_token.Check(check_symbols2, ambient_facts2,
                                                                                           new List <Rule>(), new List <Check>(), new Dictionary <string, Rule>());

            Assert.IsTrue(res2.IsLeft);
            Console.WriteLine(res2.Left);

            Assert.AreEqual(
                new FailedLogic(new LogicError.FailedChecks(Arrays.AsList <FailedCheck>(
                                                                new FailedCheck.FailedBlock(1, 0, "check if resource(#ambient, $resource), operation(#ambient, #read), right(#authority, $resource, #read)"),
                                                                new FailedCheck.FailedBlock(2, 0, "check if resource(#ambient, #file1)")
                                                                ))),
                res2.Left);
        }