eclipse-biscuit · Korbik · Apr 14, 2025 · Apr 4, 2025 · Apr 4, 2025 · Apr 8, 2025
diff --git a/src/main/java/org/biscuitsec/biscuit/datalog/Combinator.java b/src/main/java/org/biscuitsec/biscuit/datalog/Combinator.java
@@ -119,7 +119,10 @@ public Option<Tuple2<Origin, Map<Long, Term>>> getNext() {
               // no need to copy all the expressions at all levels
               this.currentIt =
                   new Combinator(
-                      vars, predicates.subList(1, predicates.size()), this.allFacts, this.symbolTable);
+                      vars,
+                      predicates.subList(1, predicates.size()),
+                      this.allFacts,
+                      this.symbolTable);
             }
             break;
 

diff --git a/src/main/java/org/biscuitsec/biscuit/datalog/MatchedVariables.java b/src/main/java/org/biscuitsec/biscuit/datalog/MatchedVariables.java
@@ -64,8 +64,8 @@ public MatchedVariables(final Set<Long> ids) {
     }
   }
 
-  public Option<Map<Long, Term>> checkExpressions(List<Expression> expressions, SymbolTable symbolTable)
-      throws Error {
+  public Option<Map<Long, Term>> checkExpressions(
+      List<Expression> expressions, SymbolTable symbolTable) throws Error {
     final Option<Map<Long, Term>> vars = this.complete();
     if (vars.isDefined()) {
       Map<Long, Term> variables = vars.get();

diff --git a/src/main/java/org/biscuitsec/biscuit/datalog/Rule.java b/src/main/java/org/biscuitsec/biscuit/datalog/Rule.java
@@ -127,15 +127,17 @@ private MatchedVariables variablesSet() {
 
   // do not produce new facts, only find one matching set of facts
   public boolean findMatch(
-      final FactSet facts, Long origin, TrustedOrigins scope, SymbolTable symbolTable) throws Error {
+      final FactSet facts, Long origin, TrustedOrigins scope, SymbolTable symbolTable)
+      throws Error {
     MatchedVariables variables = variablesSet();
 
     if (this.body.isEmpty()) {
       return variables.checkExpressions(this.expressions, symbolTable).isDefined();
     }
 
     Supplier<Stream<Tuple2<Origin, Fact>>> factsSupplier = () -> facts.stream(scope);
-    Stream<Either<Error, Tuple2<Origin, Fact>>> stream = this.apply(factsSupplier, origin, symbolTable);
+    Stream<Either<Error, Tuple2<Origin, Fact>>> stream =
+        this.apply(factsSupplier, origin, symbolTable);
 
     Iterator<Either<Error, Tuple2<Origin, Fact>>> it = stream.iterator();
 

diff --git a/src/main/java/org/biscuitsec/biscuit/datalog/World.java b/src/main/java/org/biscuitsec/biscuit/datalog/World.java
@@ -90,13 +90,14 @@ public RuleSet getRules() {
     return this.rules;
   }
 
-  public FactSet queryRule(final Rule rule, Long origin, TrustedOrigins scope, SymbolTable symbolTable)
-      throws Error {
+  public FactSet queryRule(
+      final Rule rule, Long origin, TrustedOrigins scope, SymbolTable symbolTable) throws Error {
     final FactSet newFacts = new FactSet();
 
     Supplier<Stream<Tuple2<Origin, Fact>>> factsSupplier = () -> this.facts.stream(scope);
 
-    Stream<Either<Error, Tuple2<Origin, Fact>>> stream = rule.apply(factsSupplier, origin, symbolTable);
+    Stream<Either<Error, Tuple2<Origin, Fact>>> stream =
+        rule.apply(factsSupplier, origin, symbolTable);
     for (Iterator<Either<Error, Tuple2<Origin, Fact>>> it = stream.iterator(); it.hasNext(); ) {
       Either<Error, Tuple2<Origin, Fact>> res = it.next();
 
@@ -111,8 +112,8 @@ public FactSet queryRule(final Rule rule, Long origin, TrustedOrigins scope, Sym
     return newFacts;
   }
 
-  public boolean queryMatch(final Rule rule, Long origin, TrustedOrigins scope, SymbolTable symbolTable)
-      throws Error {
+  public boolean queryMatch(
+      final Rule rule, Long origin, TrustedOrigins scope, SymbolTable symbolTable) throws Error {
     return rule.findMatch(this.facts, origin, scope, symbolTable);
   }
 

diff --git a/src/main/java/org/biscuitsec/biscuit/datalog/expressions/Op.java b/src/main/java/org/biscuitsec/biscuit/datalog/expressions/Op.java
@@ -52,7 +52,8 @@ public Term getValue() {
     }
 
     @Override
-    public void evaluate(Deque<Term> stack, Map<Long, Term> variables, TemporarySymbolTable temporarySymbolTable)
+    public void evaluate(
+        Deque<Term> stack, Map<Long, Term> variables, TemporarySymbolTable temporarySymbolTable)
         throws Error.Execution {
       if (value instanceof Term.Variable) {
         Term.Variable var = (Term.Variable) value;
@@ -126,7 +127,8 @@ public UnaryOp getOp() {
     }
 
     @Override
-    public void evaluate(Deque<Term> stack, Map<Long, Term> variables, TemporarySymbolTable temporarySymbolTable)
+    public void evaluate(
+        Deque<Term> stack, Map<Long, Term> variables, TemporarySymbolTable temporarySymbolTable)
         throws Error.Execution {
       Term value = stack.pop();
       switch (this.op) {
@@ -287,7 +289,8 @@ public BinaryOp getOp() {
     }
 
     @Override
-    public void evaluate(Deque<Term> stack, Map<Long, Term> variables, TemporarySymbolTable temporarySymbolTable)
+    public void evaluate(
+        Deque<Term> stack, Map<Long, Term> variables, TemporarySymbolTable temporarySymbolTable)
         throws Error.Execution {
       Term right = stack.pop();
       Term left = stack.pop();
@@ -398,7 +401,8 @@ public void evaluate(Deque<Term> stack, Map<Long, Term> variables, TemporarySymb
           }
           if (left instanceof Term.Str && right instanceof Term.Str) {
             Option<String> leftS = temporarySymbolTable.getSymbol((int) ((Term.Str) left).value());
-            Option<String> rightS = temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
+            Option<String> rightS =
+                temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
 
             if (leftS.isEmpty()) {
               throw new Error.Execution(
@@ -415,7 +419,8 @@ public void evaluate(Deque<Term> stack, Map<Long, Term> variables, TemporarySymb
         case Prefix:
           if (right instanceof Term.Str && left instanceof Term.Str) {
             Option<String> leftS = temporarySymbolTable.getSymbol((int) ((Term.Str) left).value());
-            Option<String> rightS = temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
+            Option<String> rightS =
+                temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
             if (leftS.isEmpty()) {
               throw new Error.Execution(
                   "cannot find string in symbols for index " + ((Term.Str) left).value());
@@ -431,7 +436,8 @@ public void evaluate(Deque<Term> stack, Map<Long, Term> variables, TemporarySymb
         case Suffix:
           if (right instanceof Term.Str && left instanceof Term.Str) {
             Option<String> leftS = temporarySymbolTable.getSymbol((int) ((Term.Str) left).value());
-            Option<String> rightS = temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
+            Option<String> rightS =
+                temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
             if (leftS.isEmpty()) {
               throw new Error.Execution(
                   "cannot find string in symbols for index " + ((Term.Str) left).value());
@@ -446,7 +452,8 @@ public void evaluate(Deque<Term> stack, Map<Long, Term> variables, TemporarySymb
         case Regex:
           if (right instanceof Term.Str && left instanceof Term.Str) {
             Option<String> leftS = temporarySymbolTable.getSymbol((int) ((Term.Str) left).value());
-            Option<String> rightS = temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
+            Option<String> rightS =
+                temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
             if (leftS.isEmpty()) {
               throw new Error.Execution(
                   "cannot find string in symbols for index " + ((Term.Str) left).value());
@@ -474,7 +481,8 @@ public void evaluate(Deque<Term> stack, Map<Long, Term> variables, TemporarySymb
           }
           if (right instanceof Term.Str && left instanceof Term.Str) {
             Option<String> leftS = temporarySymbolTable.getSymbol((int) ((Term.Str) left).value());
-            Option<String> rightS = temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
+            Option<String> rightS =
+                temporarySymbolTable.getSymbol((int) ((Term.Str) right).value());
 
             if (leftS.isEmpty()) {
               throw new Error.Execution(

diff --git a/src/main/java/org/biscuitsec/biscuit/token/Authorizer.java b/src/main/java/org/biscuitsec/biscuit/token/Authorizer.java
@@ -4,6 +4,7 @@
 import static io.vavr.API.Right;
 
 import io.vavr.Tuple2;
+import io.vavr.Tuple5;
 import io.vavr.control.Either;
 import io.vavr.control.Option;
 import java.time.Instant;
@@ -203,6 +204,53 @@ public Authorizer addToken(Biscuit token) throws Error.FailedLogic {
     return this;
   }
 
+  public Either<Map<Integer, List<Error>>, Authorizer> addDatalog(String s) {
+    Either<
+            Map<Integer, List<org.biscuitsec.biscuit.token.builder.parser.Error>>,
+            Tuple5<
+                List<org.biscuitsec.biscuit.token.builder.Fact>,
+                List<org.biscuitsec.biscuit.token.builder.Rule>,
+                List<org.biscuitsec.biscuit.token.builder.Check>,
+                List<org.biscuitsec.biscuit.token.builder.Scope>,
+                List<Policy>>>
+        result = Parser.datalogComponents(s);
+
+    if (result.isLeft()) {
+      Map<Integer, List<org.biscuitsec.biscuit.token.builder.parser.Error>> errors =
+          result.getLeft();
+      Map<Integer, List<Error>> errorMap = new HashMap<>();
+      for (Map.Entry<Integer, List<org.biscuitsec.biscuit.token.builder.parser.Error>> entry :
+          errors.entrySet()) {
+        List<Error> errorsList = new ArrayList<>();
+        for (org.biscuitsec.biscuit.token.builder.parser.Error error : entry.getValue()) {
+          errorsList.add(new Error.Parser(error));
+        }
+        errorMap.put(entry.getKey(), errorsList);
+      }
+      return Either.left(errorMap);
+    }
+
+    Tuple5<
+            List<org.biscuitsec.biscuit.token.builder.Fact>,
+            List<org.biscuitsec.biscuit.token.builder.Rule>,
+            List<org.biscuitsec.biscuit.token.builder.Check>,
+            List<org.biscuitsec.biscuit.token.builder.Scope>,
+            List<Policy>>
+        components = result.get();
+    components._1.forEach(this::addFact);
+    components._2.forEach(this::addRule);
+    components._3.forEach(this::addCheck);
+    components._4.forEach(this::addScope);
+    components._5.forEach(this::addPolicy);
+
+    return Either.right(this);
+  }
+
+  public Authorizer addScope(org.biscuitsec.biscuit.token.builder.Scope s) {
+    this.scopes.add(s.convert(symbolTable));
+    return this;
+  }
+
   public Authorizer addFact(org.biscuitsec.biscuit.token.builder.Fact fact) {
     world.addFact(Origin.authorizer(), fact.convert(symbolTable));
     return this;
@@ -274,7 +322,8 @@ public Authorizer addCheck(String s) throws Error.Parser {
 
   public Authorizer setTime() throws Error.Language {
     world.addFact(
-        Origin.authorizer(), Utils.fact("time", List.of(Utils.date(new Date()))).convert(symbolTable));
+        Origin.authorizer(),
+        Utils.fact("time", List.of(Utils.date(new Date()))).convert(symbolTable));
     return this;
   }
 
@@ -649,7 +698,12 @@ public String formatWorld() {
 
         for (int j = 0; j < b.getChecks().size(); j++) {
           checks.add(
-              "Block[" + (i + 1) + "][" + j + "]: " + blockSymbolTable.formatCheck(b.getChecks().get(j)));
+              "Block["
+                  + (i + 1)
+                  + "]["
+                  + j
+                  + "]: "
+                  + blockSymbolTable.formatCheck(b.getChecks().get(j)));
         }
       }
     }
@@ -691,7 +745,8 @@ public List<Tuple2<Long, List<Check>>> getChecks() {
       List<Check> blockChecks = new ArrayList<>();
 
       if (block.getExternalKey().isDefined()) {
-        SymbolTable blockSymbolTable = new SymbolTable(block.getSymbolTable(), block.getPublicKeys());
+        SymbolTable blockSymbolTable =
+            new SymbolTable(block.getSymbolTable(), block.getPublicKeys());
         for (org.biscuitsec.biscuit.datalog.Check check : block.getChecks()) {
           blockChecks.add(Check.convertFrom(check, blockSymbolTable));
         }

diff --git a/src/main/java/org/biscuitsec/biscuit/token/Biscuit.java b/src/main/java/org/biscuitsec/biscuit/token/Biscuit.java
@@ -241,7 +241,8 @@ public static Biscuit fromBytesWithSymbols(byte[] data, PublicKey root, SymbolTa
    * @param data
    * @return
    */
-  public static Biscuit fromBytesWithSymbols(byte[] data, KeyDelegate delegate, SymbolTable symbolTable)
+  public static Biscuit fromBytesWithSymbols(
+      byte[] data, KeyDelegate delegate, SymbolTable symbolTable)
       throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, Error {
     // System.out.println("will deserialize and verify token");
     SerializedBiscuit ser = SerializedBiscuit.fromBytes(data, delegate);
@@ -255,7 +256,8 @@ public static Biscuit fromBytesWithSymbols(byte[] data, KeyDelegate delegate, Sy
    *
    * @return
    */
-  static Biscuit fromSerializedBiscuit(SerializedBiscuit ser, SymbolTable symbolTable) throws Error {
+  static Biscuit fromSerializedBiscuit(SerializedBiscuit ser, SymbolTable symbolTable)
+      throws Error {
     Tuple2<Block, ArrayList<Block>> t = ser.extractBlocks(symbolTable);
     Block authority = t._1;
     ArrayList<Block> blocks = t._2;

diff --git a/src/main/java/org/biscuitsec/biscuit/token/Block.java b/src/main/java/org/biscuitsec/biscuit/token/Block.java
@@ -485,7 +485,6 @@ public List<Check> getChecks() {
     return Collections.unmodifiableList(checks);
   }
 
-
   public List<PublicKey> getPublicKeys() {
     return Collections.unmodifiableList(this.publicKeys);
   }

diff --git a/src/main/java/org/biscuitsec/biscuit/token/UnverifiedBiscuit.java b/src/main/java/org/biscuitsec/biscuit/token/UnverifiedBiscuit.java
@@ -87,8 +87,8 @@ public static UnverifiedBiscuit fromBytesWithSymbols(byte[] data, SymbolTable sy
    *
    * @return UnverifiedBiscuit
    */
-  private static UnverifiedBiscuit fromSerializedBiscuit(SerializedBiscuit ser, SymbolTable symbolTable)
-      throws Error {
+  private static UnverifiedBiscuit fromSerializedBiscuit(
+      SerializedBiscuit ser, SymbolTable symbolTable) throws Error {
     Tuple2<Block, ArrayList<Block>> t = ser.extractBlocks(symbolTable);
     Block authority = t._1;
     ArrayList<Block> blocks = t._2;

diff --git a/src/main/java/org/biscuitsec/biscuit/token/builder/Expression.java b/src/main/java/org/biscuitsec/biscuit/token/builder/Expression.java
@@ -9,7 +9,8 @@
 
 public abstract class Expression {
 
-  public final org.biscuitsec.biscuit.datalog.expressions.Expression convert(SymbolTable symbolTable) {
+  public final org.biscuitsec.biscuit.datalog.expressions.Expression convert(
+      SymbolTable symbolTable) {
     ArrayList<org.biscuitsec.biscuit.datalog.expressions.Op> ops = new ArrayList<>();
     this.toOpcodes(symbolTable, ops);
 
@@ -162,8 +163,9 @@ public Value(Term value) {
     }
 
     public void toOpcodes(
-            SymbolTable symbolTable, List<org.biscuitsec.biscuit.datalog.expressions.Op> ops) {
-      ops.add(new org.biscuitsec.biscuit.datalog.expressions.Op.Value(this.value.convert(symbolTable)));
+        SymbolTable symbolTable, List<org.biscuitsec.biscuit.datalog.expressions.Op> ops) {
+      ops.add(
+          new org.biscuitsec.biscuit.datalog.expressions.Op.Value(this.value.convert(symbolTable)));
     }
 
     public void gatherVariables(Set<String> variables) {
@@ -207,7 +209,7 @@ public Unary(Op op, Expression arg1) {
     }
 
     public void toOpcodes(
-            SymbolTable symbolTable, List<org.biscuitsec.biscuit.datalog.expressions.Op> ops) {
+        SymbolTable symbolTable, List<org.biscuitsec.biscuit.datalog.expressions.Op> ops) {
       this.arg1.toOpcodes(symbolTable, ops);
 
       switch (this.op) {
@@ -286,7 +288,7 @@ public Binary(Op op, Expression arg1, Expression arg2) {
     }
 
     public void toOpcodes(
-            SymbolTable symbolTable, List<org.biscuitsec.biscuit.datalog.expressions.Op> ops) {
+        SymbolTable symbolTable, List<org.biscuitsec.biscuit.datalog.expressions.Op> ops) {
       this.arg1.toOpcodes(symbolTable, ops);
       this.arg2.toOpcodes(symbolTable, ops);
 

diff --git a/src/main/java/org/biscuitsec/biscuit/token/builder/Scope.java b/src/main/java/org/biscuitsec/biscuit/token/builder/Scope.java
@@ -67,15 +67,17 @@ public org.biscuitsec.biscuit.datalog.Scope convert(SymbolTable symbolTable) {
     }
   }
 
-  public static Scope convertFrom(org.biscuitsec.biscuit.datalog.Scope scope, SymbolTable symbolTable) {
+  public static Scope convertFrom(
+      org.biscuitsec.biscuit.datalog.Scope scope, SymbolTable symbolTable) {
     switch (scope.kind()) {
       case Authority:
         return new Scope(Kind.Authority);
       case Previous:
         return new Scope(Kind.Previous);
       case PublicKey:
         // FIXME error management should bubble up here
-        return new Scope(Kind.PublicKey, symbolTable.getPublicKey((int) scope.getPublicKey()).get());
+        return new Scope(
+            Kind.PublicKey, symbolTable.getPublicKey((int) scope.getPublicKey()).get());
       default:
         return null;
     }
-Original file line number
+Diff line change
@@ Expand Up / @@ -485,7 +485,6 @@ public List<Check> getChecks() { @@
         return Collections.unmodifiableList(checks);
       }
       public List<PublicKey> getPublicKeys() {
         return Collections.unmodifiableList(this.publicKeys);
       }
@@ Expand Down @@