Skip to content
This repository has been archived by the owner on Feb 9, 2023. It is now read-only.

Commit

Permalink
implement revocation identifiers generated from block hashes
Browse files Browse the repository at this point in the history
  • Loading branch information
@Geal
Geal committed Mar 23, 2021
1 parent 7832a93 commit 7cf654c
Show file tree
Hide file tree
Showing 4 changed files with 73 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/main/java/com/clevercloud/biscuit/datalog/SymbolTable.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

import com.clevercloud.biscuit.crypto.TokenSignature;
import com.clevercloud.biscuit.datalog.expressions.Expression;
import com.clevercloud.biscuit.token.builder.Utils;
import io.vavr.control.Option;

public final class SymbolTable implements Serializable {
Expand Down Expand Up @@ -104,6 +105,8 @@ public String print_predicate(final Predicate p) {
return "" + ((ID.Integer) i).value();
} else if (i instanceof ID.Str) {
return "\""+((ID.Str) i).value()+"\"";
} else if(i instanceof ID.Bytes) {
return "hex:"+ Utils.byteArrayToHexString(((ID.Bytes) i).value());
} else {
return "???";
}
Expand Down
42 changes: 42 additions & 0 deletions src/main/java/com/clevercloud/biscuit/token/Biscuit.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
import static io.vavr.API.Left;
import static io.vavr.API.Right;

import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.*;

Expand Down Expand Up @@ -304,6 +305,13 @@ Either<Error, World> generate_world() {
}
}

List<byte[]> revocation_ids = this.revocation_identifiers();
long rev = symbols.get("revocation_id").get();
for(int i = 0; i < revocation_ids.size(); i++) {
byte[] id = revocation_ids.get(i);
world.add_fact(new Fact(new Predicate(rev, Arrays.asList(new ID.Integer(i), new ID.Bytes(id)))));
}

return Right(world);
}

Expand Down Expand Up @@ -463,6 +471,40 @@ public List<List<com.clevercloud.biscuit.datalog.Check>> checks() {
return l;
}

public List<byte[]> revocation_identifiers() {
ArrayList<byte[]> l = new ArrayList<>();

if(this.container.isEmpty()) {
return l;
} else {
SerializedBiscuit b = this.container.get();

try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
digest.update(b.authority);
digest.update(b.keys.get(0).compress().toByteArray());
MessageDigest cloned = (MessageDigest)digest.clone();
l.add(digest.digest());

digest = cloned;

for(int i = 0; i < b.blocks.size(); i++) {
byte[] block = b.blocks.get(i);
digest.update(block);
digest.update(b.keys.get(i+1).compress().toByteArray());
cloned = (MessageDigest)digest.clone();
l.add(digest.digest());

digest = cloned;
}
} catch (Exception e) {
e.printStackTrace();
}

return l;
}
}

public List<Option<String>> context() {
ArrayList res = new ArrayList();
if(this.authority.context.isEmpty()) {
Expand Down
7 changes: 7 additions & 0 deletions src/main/java/com/clevercloud/biscuit/token/Verifier.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,13 @@ public Either<Error, Void> add_token(Biscuit token, Option<PublicKey> root) {
token_checks.add(block_checks);
}

List<byte[]> revocation_ids = token.revocation_identifiers();
long rev = symbols.get("revocation_id").get();
for(int i = 0; i < revocation_ids.size(); i++) {
byte[] id = revocation_ids.get(i);
world.add_fact(new com.clevercloud.biscuit.datalog.Fact(new com.clevercloud.biscuit.datalog.Predicate(rev, Arrays.asList(new ID.Integer(i), new ID.Bytes(id)))));
}

return Right(null);
}

Expand Down
21 changes: 21 additions & 0 deletions src/main/java/com/clevercloud/biscuit/token/builder/Utils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,4 +47,25 @@ public static Term date(Date d) {
public static Term var(String name) {
return new Term.Variable(name);
}

private static final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();
public static String byteArrayToHexString(byte[] bytes) {
char[] hexChars = new char[bytes.length * 2];
for (int j = 0; j < bytes.length; j++) {
int v = bytes[j] & 0xFF;
hexChars[j * 2] = HEX_ARRAY[v >>> 4];
hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
}
return new String(hexChars);
}

public static byte[] hexStringToByteArray(String hex) {
int l = hex.length();
byte[] data = new byte[l/2];
for (int i = 0; i < l; i += 2) {
data[i/2] = (byte) ((Character.digit(hex.charAt(i), 16) << 4)
+ Character.digit(hex.charAt(i+1), 16));
}
return data;
}
}

0 comments on commit 7cf654c

Please # to comment.