Merge pull request #139 from preuss-adam/apreuss/split-modules

Split out core logic from library dependencies

Author: Korbik

biscuit-core/pom.xml

@@ -0,0 +1,29 @@
+<!--
+  ~ Copyright (c) 2019 Geoffroy Couprie <contact@geoffroycouprie.com> and Contributors to the Eclipse Foundation.
+  ~  SPDX-License-Identifier: Apache-2.0
+  -->
+
+<project>
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>biscuit-core</artifactId>
+    <packaging>jar</packaging>
+
+    <parent>
+        <groupId>org.eclipse</groupId>
+        <artifactId>biscuit-java</artifactId>
+        <version>4.1.0</version>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.google.protobuf</groupId>
+            <artifactId>protobuf-java</artifactId>
+            <version>${protobuf.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>${jackson.version}</version>
+        </dependency>
+    </dependencies>
+</project>

…biscuit/crypto/BlockSignatureBuffer.java …biscuit/crypto/BlockSignatureBuffer.javasrc/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java renamed to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java renamed to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/BlockSignatureBuffer.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2019 Geoffroy Couprie <contact@geoffroycouprie.com> and Contributors to the Eclipse Foundation.
+ *  SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.eclipse.biscuit.crypto;
+
+import biscuit.format.schema.Schema.PublicKey.Algorithm;
+import java.security.SecureRandom;
+import java.util.ServiceLoader;
+import java.util.stream.Collectors;
+import org.eclipse.biscuit.error.Error;
+import org.eclipse.biscuit.token.builder.Utils;
+
+/** Private and public key. */
+public abstract class KeyPair implements Signer {
+  public interface Factory {
+    KeyPair generate(Algorithm algorithm, byte[] bytes) throws Error.FormatError;
+
+    KeyPair generate(Algorithm algorithm, SecureRandom rng) throws Error.FormatError;
+  }
+
+  private static final Factory factory;
+
+  static {
+    var factories = ServiceLoader.load(KeyPair.Factory.class).stream().collect(Collectors.toList());
+    if (factories.size() != 1) {
+      throw new IllegalStateException(
+          "A single KeyPair implementation expected; found " + factories.size());
+    }
+    factory = factories.get(0).get();
+  }
+
+  public static KeyPair generate(Algorithm algorithm) throws Error.FormatError {
+    return generate(algorithm, new SecureRandom());
+  }
+
+  public static KeyPair generate(Algorithm algorithm, String hex) throws Error.FormatError {
+    return generate(algorithm, Utils.hexStringToByteArray(hex));
+  }
+
+  public static KeyPair generate(Algorithm algorithm, byte[] bytes) throws Error.FormatError {
+    return factory.generate(algorithm, bytes);
+  }
+
+  public static KeyPair generate(Algorithm algorithm, SecureRandom rng) throws Error.FormatError {
+    return factory.generate(algorithm, rng);
+  }
+
+  public abstract byte[] toBytes();
+
+  public abstract String toHex();
+
+  @Override
+  public abstract PublicKey getPublicKey();
+}

…/eclipse/biscuit/crypto/KeyDelegate.java …/eclipse/biscuit/crypto/KeyDelegate.javasrc/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java renamed to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java renamed to biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyDelegate.java

@@ -12,34 +12,34 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.SignatureException;
 import java.util.Optional;
+import java.util.ServiceLoader;
 import java.util.Set;
+import java.util.stream.Collectors;
 import org.eclipse.biscuit.error.Error;
 import org.eclipse.biscuit.token.builder.Utils;
 
 public abstract class PublicKey {
   public interface Factory {
-    PublicKey load(byte[] bytes) throws Error.FormatError.InvalidKey;
+    PublicKey load(Algorithm algorithm, byte[] bytes) throws Error.FormatError;
   }
 
-  public static final Factory DEFAULT_ED25519_FACTORY =
-      bytes -> Ed25519PublicKey.loadEd25519(bytes);
-  public static final Factory DEFAULT_SECP256R1_FACTORY =
-      bytes -> SECP256R1PublicKey.loadSECP256R1(bytes);
+  private static final Factory factory;
 
-  private static volatile Factory ed25519Factory = DEFAULT_ED25519_FACTORY;
-  private static volatile Factory secp256r1Factory = DEFAULT_SECP256R1_FACTORY;
+  static {
+    var factories =
+        ServiceLoader.load(PublicKey.Factory.class).stream().collect(Collectors.toList());
+    if (factories.size() != 1) {
+      throw new IllegalStateException(
+          "A single PublicKey implementation expected; found " + factories.size());
+    }
+    factory = factories.get(0).get();
+  }
 
   private static final Set<Algorithm> SUPPORTED_ALGORITHMS =
       Set.of(Algorithm.Ed25519, Algorithm.SECP256R1);
 
   public static PublicKey load(Algorithm algorithm, byte[] data) throws Error.FormatError {
-    if (algorithm == Algorithm.Ed25519) {
-      return ed25519Factory.load(data);
-    } else if (algorithm == Algorithm.SECP256R1) {
-      return secp256r1Factory.load(data);
-    } else {
-      throw new IllegalArgumentException("Unsupported algorithm");
-    }
+    return factory.load(algorithm, data);
   }
 
   public static PublicKey load(Algorithm algorithm, String hex) throws Error.FormatError {
@@ -66,34 +66,8 @@ public static PublicKey deserialize(Schema.PublicKey pk) throws Error.FormatErro
     return PublicKey.load(pk.getAlgorithm(), pk.getKey().toByteArray());
   }
 
-  public static Optional<Error> validateSignatureLength(Algorithm algorithm, int length) {
-    Optional<Error> error = Optional.empty();
-    if (algorithm == Algorithm.Ed25519) {
-      if (length != Ed25519KeyPair.SIGNATURE_LENGTH) {
-        error = Optional.of(new Error.FormatError.Signature.InvalidSignatureSize(length));
-      }
-    } else if (algorithm == Algorithm.SECP256R1) {
-      if (length < SECP256R1KeyPair.MINIMUM_SIGNATURE_LENGTH
-          || length > SECP256R1KeyPair.MAXIMUM_SIGNATURE_LENGTH) {
-        error = Optional.of(new Error.FormatError.Signature.InvalidSignatureSize(length));
-      }
-    } else {
-      error =
-          Optional.of(new Error.FormatError.Signature.InvalidSignature("unsupported algorithm"));
-    }
-    return error;
-  }
-
-  public static void setEd25519Factory(Factory factory) {
-    ed25519Factory = factory;
-  }
-
-  public static void setSECP256R1Factory(Factory factory) {
-    secp256r1Factory = factory;
-  }
-
   public abstract Algorithm getAlgorithm();
 
-  public abstract boolean verify(byte[] data, byte[] signature)
+  public abstract Optional<Error> verify(byte[] data, byte[] signature)
       throws InvalidKeyException, SignatureException, NoSuchAlgorithmException;
 }

biscuit-core/src/main/java/org/eclipse/biscuit/crypto/KeyPair.java

@@ -72,13 +72,12 @@ public Result<Void, Error> verify(PublicKey root)
 
       byte[] payload =
           BlockSignatureBuffer.generateBlockSignaturePayloadV0(block, nextKey, Optional.empty());
-      if (currentKey.verify(payload, signature)) {
-        currentKey = nextKey;
-      } else {
-        return Result.err(
-            new Error.FormatError.Signature.InvalidSignature(
-                "signature error: Verification equation was not satisfied"));
+      var verificationResult = currentKey.verify(payload, signature);
+      if (verificationResult.isPresent()) {
+        return Result.err(verificationResult.get());
       }
+
+      currentKey = nextKey;
     }
 
     if (this.next.getPublicKey().equals(currentKey)) {