From 1c976b97aee3ec7f9c1513a99ced1db4d72d8aa6 Mon Sep 17 00:00:00 2001 From: Geoffroy Couprie Date: Sat, 11 Feb 2023 19:11:46 +0100 Subject: [PATCH 1/7] update ed25519-dalek and rand --- biscuit-auth/Cargo.toml | 8 +++--- biscuit-auth/src/crypto/mod.rs | 41 ++++++++++------------------ biscuit-auth/src/format/mod.rs | 35 +++++------------------- biscuit-auth/src/token/mod.rs | 7 +---- biscuit-auth/src/token/unverified.rs | 7 +---- 5 files changed, 28 insertions(+), 70 deletions(-) diff --git a/biscuit-auth/Cargo.toml b/biscuit-auth/Cargo.toml index 2f1bad20..acef1320 100644 --- a/biscuit-auth/Cargo.toml +++ b/biscuit-auth/Cargo.toml @@ -24,7 +24,7 @@ docsrs = [] uuid = ["dep:uuid"] [dependencies] -rand_core = "^0.5" +rand_core = "^0.6" sha2 = "^0.9" prost = "0.10" prost-types = "0.10" @@ -33,11 +33,11 @@ nom = {version = "7", default-features = false, features = ["std"] } hex = "0.4" zeroize = { version = "1", default-features = false } thiserror = "1" -rand = { version = "0.7" } +rand = { version = "0.8" } inline-c = { version = "0.1", optional = true } wasm-bindgen = { version = "0.2", optional = true } base64 = "0.13.0" -ed25519-dalek = "1.0.1" +ed25519-dalek = { version = "2.0.0-pre.0", features = ["rand_core", "zeroize"] } serde = { version = "1.0.132", optional = true, features = ["derive"] } getrandom = { version = "0.1.16" } time = { version = "0.3.7", features = ["formatting", "parsing"] } @@ -48,7 +48,7 @@ biscuit-quote = { version = "0.2.1", optional = true, path = "../biscuit-quote" [dev-dependencies] bencher = "0.1.5" -rand = "0.7" +rand = "0.8" colored-diff = "0.2.3" prost-build = "0.10" serde = { version = "1.0.130", features = ["derive"] } diff --git a/biscuit-auth/src/crypto/mod.rs b/biscuit-auth/src/crypto/mod.rs index 4b7589bd..4feaabeb 100644 --- a/biscuit-auth/src/crypto/mod.rs +++ b/biscuit-auth/src/crypto/mod.rs @@ -19,7 +19,7 @@ use zeroize::Zeroize; /// pair of cryptographic keys used to sign a token's block #[derive(Debug)] pub struct KeyPair { - pub kp: ed25519_dalek::Keypair, + pub kp: ed25519_dalek::SigningKey, } impl KeyPair { @@ -28,28 +28,24 @@ impl KeyPair { } pub fn new_with_rng(rng: &mut T) -> Self { - let kp = ed25519_dalek::Keypair::generate(rng); + let kp = ed25519_dalek::SigningKey::generate(rng); KeyPair { kp } } pub fn from(key: &PrivateKey) -> Self { - let secret = SecretKey::from_bytes(&key.0.to_bytes()).unwrap(); - - let public = (&key.0).into(); - KeyPair { - kp: ed25519_dalek::Keypair { secret, public }, + kp: ed25519_dalek::SigningKey::from_bytes(&key.0), } } pub fn private(&self) -> PrivateKey { - let secret = SecretKey::from_bytes(&self.kp.secret.to_bytes()).unwrap(); + let secret = self.kp.to_bytes(); PrivateKey(secret) } pub fn public(&self) -> PublicKey { - PublicKey(self.kp.public) + PublicKey(self.kp.verifying_key()) } } @@ -59,12 +55,6 @@ impl std::default::Default for KeyPair { } } -impl Drop for KeyPair { - fn drop(&mut self) { - self.kp.secret.zeroize(); - } -} - /// the private part of a [KeyPair] #[derive(Debug)] pub struct PrivateKey(pub(crate) ed25519_dalek::SecretKey); @@ -72,7 +62,7 @@ pub struct PrivateKey(pub(crate) ed25519_dalek::SecretKey); impl PrivateKey { /// serializes to a byte array pub fn to_bytes(&self) -> [u8; 32] { - self.0.to_bytes() + self.0 } /// serializes to an hex-encoded string @@ -85,10 +75,7 @@ impl PrivateKey { let bytes: [u8; 32] = bytes .try_into() .map_err(|_| Format::InvalidKeySize(bytes.len()))?; - SecretKey::from_bytes(&bytes) - .map(PrivateKey) - .map_err(|s| s.to_string()) - .map_err(Format::InvalidKey) + Ok(PrivateKey(bytes)) } /// deserializes from an hex-encoded string @@ -99,7 +86,7 @@ impl PrivateKey { /// returns the matching public key pub fn public(&self) -> PublicKey { - PublicKey((&self.0).into()) + PublicKey(SigningKey::from_bytes(&self.0).verifying_key()) } } @@ -117,7 +104,7 @@ impl Drop for PrivateKey { /// the public part of a [KeyPair] #[derive(Debug, Clone, Copy, Eq)] -pub struct PublicKey(pub(crate) ed25519_dalek::PublicKey); +pub struct PublicKey(pub(crate) ed25519_dalek::VerifyingKey); impl PublicKey { /// serializes to a byte array @@ -132,7 +119,11 @@ impl PublicKey { /// deserializes from a byte array pub fn from_bytes(bytes: &[u8]) -> Result { - ed25519_dalek::PublicKey::from_bytes(bytes) + let bytes: [u8; 32] = bytes + .try_into() + .map_err(|_| Format::InvalidKeySize(bytes.len()))?; + + ed25519_dalek::VerifyingKey::from_bytes(&bytes) .map(PublicKey) .map_err(|s| s.to_string()) .map_err(Format::InvalidKey) @@ -245,13 +236,11 @@ pub fn sign( } pub fn verify_block_signature(block: &Block, public_key: &PublicKey) -> Result<(), error::Format> { - use ed25519_dalek::ed25519::signature::Signature; - //FIXME: replace with SHA512 hashing let mut to_verify = block.data.to_vec(); if let Some(signature) = block.external_signature.as_ref() { - to_verify.extend_from_slice(signature.signature.as_bytes()); + to_verify.extend_from_slice(&signature.signature.to_bytes()); } to_verify.extend(&(crate::format::schema::public_key::Algorithm::Ed25519 as i32).to_le_bytes()); to_verify.extend(&block.next_key.to_bytes()); diff --git a/biscuit-auth/src/format/mod.rs b/biscuit-auth/src/format/mod.rs index 8d80eb0c..89562ec9 100644 --- a/biscuit-auth/src/format/mod.rs +++ b/biscuit-auth/src/format/mod.rs @@ -6,7 +6,7 @@ //! - serialization of a wrapper structure containing serialized blocks and the signature use super::crypto::{self, KeyPair, PrivateKey, PublicKey, TokenNext}; -use ed25519_dalek::ed25519::signature::Signature; +use ed25519_dalek::Signer; use prost::Message; use super::error; @@ -14,7 +14,6 @@ use super::token::Block; use crate::crypto::ExternalSignature; use crate::datalog::SymbolTable; use crate::token::RootKeyProvider; -use ed25519_dalek::Signer; use std::collections::HashMap; use std::convert::TryInto; @@ -63,12 +62,7 @@ impl SerializedBiscuit { .try_into() .map_err(|_| error::Format::InvalidSignatureSize(data.authority.signature.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::SignatureDeserializationError(format!( - "signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); if data.authority.external_signature.is_some() { return Err(error::Format::DeserializationError( @@ -91,12 +85,7 @@ impl SerializedBiscuit { .try_into() .map_err(|_| error::Format::InvalidSignatureSize(block.signature.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::BlockSignatureDeserializationError(format!( - "block signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); let external_signature = if let Some(ex) = block.external_signature.as_ref() { let public_key = PublicKey::from_proto(&ex.public_key)?; @@ -105,12 +94,7 @@ impl SerializedBiscuit { .try_into() .map_err(|_| error::Format::InvalidSignatureSize(ex.signature.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::BlockSignatureDeserializationError(format!( - "block external signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); Some(ExternalSignature { public_key, @@ -141,12 +125,7 @@ impl SerializedBiscuit { let bytes: [u8; 64] = (&v[..]) .try_into() .map_err(|_| error::Format::InvalidSignatureSize(v.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::SignatureDeserializationError(format!( - "final signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); TokenNext::Seal(signature) } }; @@ -336,7 +315,7 @@ impl SerializedBiscuit { error::Format::SerializationError(format!("serialization error: {:?}", e)) })?; if let Some(signature) = &external_signature { - v.extend_from_slice(signature.signature.as_bytes()); + v.extend_from_slice(&signature.signature.to_bytes()); } let signature = crypto::sign(&keypair, next_keypair, &v)?; @@ -369,7 +348,7 @@ impl SerializedBiscuit { let mut v = block.clone(); if let Some(signature) = &external_signature { - v.extend_from_slice(signature.signature.as_bytes()); + v.extend_from_slice(&signature.signature.to_bytes()); } let signature = crypto::sign(&keypair, next_keypair, &v)?; diff --git a/biscuit-auth/src/token/mod.rs b/biscuit-auth/src/token/mod.rs index 07fde3b7..a4deef35 100644 --- a/biscuit-auth/src/token/mod.rs +++ b/biscuit-auth/src/token/mod.rs @@ -412,12 +412,7 @@ impl Biscuit { .try_into() .map_err(|_| error::Format::InvalidSignatureSize(external_signature.signature.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::BlockSignatureDeserializationError(format!( - "block external signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); let previous_key = self .container .blocks diff --git a/biscuit-auth/src/token/unverified.rs b/biscuit-auth/src/token/unverified.rs index 2073b7b9..75f3edfc 100644 --- a/biscuit-auth/src/token/unverified.rs +++ b/biscuit-auth/src/token/unverified.rs @@ -306,12 +306,7 @@ impl UnverifiedBiscuit { .try_into() .map_err(|_| error::Format::InvalidSignatureSize(external_signature.signature.len()))?; - let signature = ed25519_dalek::Signature::from_bytes(&bytes).map_err(|e| { - error::Format::BlockSignatureDeserializationError(format!( - "block external signature deserialization error: {:?}", - e - )) - })?; + let signature = ed25519_dalek::Signature::from_bytes(&bytes); let previous_key = self .container .blocks From 9dc0bf13d31637f543f6429b946653a907594719 Mon Sep 17 00:00:00 2001 From: Geoffroy Couprie Date: Mon, 29 May 2023 16:45:16 +0200 Subject: [PATCH 2/7] update to 2.0.0-rc.2 --- biscuit-auth/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/biscuit-auth/Cargo.toml b/biscuit-auth/Cargo.toml index acef1320..cb6cb796 100644 --- a/biscuit-auth/Cargo.toml +++ b/biscuit-auth/Cargo.toml @@ -37,7 +37,7 @@ rand = { version = "0.8" } inline-c = { version = "0.1", optional = true } wasm-bindgen = { version = "0.2", optional = true } base64 = "0.13.0" -ed25519-dalek = { version = "2.0.0-pre.0", features = ["rand_core", "zeroize"] } +ed25519-dalek = { version = "2.0.0-rc.2", features = ["rand_core", "zeroize"] } serde = { version = "1.0.132", optional = true, features = ["derive"] } getrandom = { version = "0.1.16" } time = { version = "0.3.7", features = ["formatting", "parsing"] } From 4abc9d7e0087418e00a22a9089a78c5ded8db914 Mon Sep 17 00:00:00 2001 From: Geoffroy Couprie Date: Mon, 29 May 2023 16:48:35 +0200 Subject: [PATCH 3/7] update samples --- biscuit-auth/samples/README.md | 154 +++++++++--------- biscuit-auth/samples/samples.json | 146 ++++++++--------- biscuit-auth/samples/test001_basic.bc | Bin 358 -> 358 bytes .../samples/test002_different_root_key.bc | Bin 321 -> 321 bytes .../test003_invalid_signature_format.bc | Bin 309 -> 309 bytes biscuit-auth/samples/test004_random_block.bc | Bin 347 -> 347 bytes .../samples/test005_invalid_signature.bc | Bin 358 -> 358 bytes .../samples/test006_reordered_blocks.bc | Bin 485 -> 485 bytes biscuit-auth/samples/test007_scoped_rules.bc | Bin 535 -> 535 bytes biscuit-auth/samples/test008_scoped_checks.bc | Bin 454 -> 454 bytes biscuit-auth/samples/test009_expired_token.bc | Bin 321 -> 321 bytes .../samples/test010_authorizer_scope.bc | Bin 302 -> 302 bytes .../test011_authorizer_authority_caveats.bc | Bin 169 -> 169 bytes .../samples/test012_authority_caveats.bc | Bin 171 -> 171 bytes biscuit-auth/samples/test013_block_rules.bc | Bin 490 -> 490 bytes .../samples/test014_regex_constraint.bc | Bin 205 -> 205 bytes .../samples/test015_multi_queries_caveats.bc | Bin 183 -> 183 bytes .../samples/test016_caveat_head_name.bc | Bin 298 -> 298 bytes biscuit-auth/samples/test017_expressions.bc | Bin 1725 -> 1725 bytes .../test018_unbound_variables_in_rule.bc | Bin 323 -> 323 bytes ...st019_generating_ambient_from_variables.bc | Bin 297 -> 297 bytes biscuit-auth/samples/test020_sealed.bc | Bin 390 -> 390 bytes biscuit-auth/samples/test021_parsing.bc | Bin 188 -> 188 bytes .../samples/test022_default_symbols.bc | Bin 428 -> 428 bytes .../samples/test023_execution_scope.bc | Bin 461 -> 461 bytes biscuit-auth/samples/test024_third_party.bc | Bin 458 -> 458 bytes biscuit-auth/samples/test025_check_all.bc | Bin 258 -> 258 bytes .../samples/test026_public_keys_interning.bc | Bin 1316 -> 1316 bytes .../samples/test027_integer_wraparound.bc | Bin 329 -> 329 bytes .../samples/test028_expressions_v4.bc | Bin 388 -> 388 bytes 30 files changed, 150 insertions(+), 150 deletions(-) diff --git a/biscuit-auth/samples/README.md b/biscuit-auth/samples/README.md index 6fbc3a73..3f61f248 100644 --- a/biscuit-auth/samples/README.md +++ b/biscuit-auth/samples/README.md @@ -1,7 +1,7 @@ # Biscuit samples and expected results -root secret key: 12aca40167fbdd1a11037e9fd440e3d510d9d9dea70a6646aa4aaf84d718d75a -root public key: acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189 +root secret key: 99e87b0e9158531eeeb503ff15266e2b23c2a2507b138c9d1b1f2ab458df2d61 +root public key: 1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284 ------------------------------ @@ -38,8 +38,8 @@ allow if true; ``` revocation ids: -- `36d2d7cf28796c69a0ed6dfa0fde5b3ffb2f637f0ba19aa1da858353e88678ad945ebaaa566a050b8abe8adb5b873855900b157e1e5f1cc11047a14385e5a203` -- `b694af382e2115df7d02bb88a75b9c0cdcb9e51c23dea082c306b1b7a26dfe9a3ca7ba7ca3a8089e7b88bb3718ff0294c2a0dc6b5b810f64462e89393ff35e05` +- `7595a112a1eb5b81a6e398852e6118b7f5b8cbbff452778e655100e5fb4faa8d3a2af52fe2c4f9524879605675fae26adbc4783e0cafc43522fa82385f396c03` +- `45f4c14f9d9e8fa044d68be7a2ec8cddb835f575c7b913ec59bd636c70acae9a90db9064ba0b3084290ed0c422bbb7170092a884f5e0202b31e9235bbcc1650d` authorizer world: ``` @@ -291,9 +291,9 @@ allow if true; ``` revocation ids: -- `9ff0d3b8dcd5235b5d88e17a21d5c789953e3bf4769ee40f34d4bc276b8672858504f6ae8098c43328a1e60589d7efc0e5fd2ec70a229904a1c493262d498c09` -- `9e82a5f203e17d0515af7486599c1608d82a41c8e8cfe4457cb30c0eb62273d89970a2316223ccfdb64a49214762e80e82938531a2e0dc462f14ff52205e9107` -- `c24b1da5ece026338fd3175648e443b97dce52659efe47881583cd35574670b21abdb345ebd0adf095620d8d7b805028fdcb480c24170d34e023e3a8df29fb04` +- `4d86c9af808dc2e0583f47282e6f5df3e09dc264d5231ec360b4519e15ddaeec60b25a9bbcb22e8d192f4d36a0da3f9243711e30535b00ee55c53cb1395f230a` +- `63208c668c66f3ba6927140ba37533593b25e03459447805d4b2a8b75adeef45794c3d7249afe506ed77ccee276160bb4052a4009302bd34871a440f070b4509` +- `d8da982888eae8c038e4894a8c06fc57d8e5f06ad2e972b9cf4bde49ad60804558a0d1938192596c702d8e4f7f12ec19201d7c33d0cd77774a0d879a33880d02` authorizer world: ``` @@ -399,9 +399,9 @@ allow if true; ``` revocation ids: -- `ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603` -- `3a69659a56d933ea7bf2dc4ccab997ed0bec6ce26b178ec24a9ec0d2fc006bcf31eae762f17cb5862457459b3d5ae9c17845dcf45f8cf0acd774e06f6b7d620d` -- `c0f06ebdf58b5e17b150e7306a9361667a6a6d9945c1d478b4e8d9fac1869bd7726ef57e5cb9de95fe48718984e7dce617d5394caf25822cd646310affb2a202` +- `a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00` +- `77df45442be86a416aa02fd9d98d6d4703c634a9e3b1d293b41f5dc97849afbe7faeec8c22a210574888acc008fb64fe691ec9e8d2655586f970d9a6b6577000` +- `b31398aefe97d3db41ebc445760f216fb3aa7bf7439adcfc3a07489bfcc163970af3f4e20f5460aa24cf841101a5ab114d21acc0ee8d442bae7793b121284900` authorizer world: ``` @@ -484,8 +484,8 @@ allow if true; ``` revocation ids: -- `ceb1a909c91d558a962c23d9d1c60aa06279f9dff1cc546ca6b2b6bf17db6fe4a03a04e9c1ed9131b7c6f3e609d5f17abab289909ae46f5e66f8876a5946a20c` -- `8419da0abe321d3a830ffc93aa159140138a2c4b61dfd4b05328b69567aae23d357764672d114940cabb9bd465c4d2d4766e52c8805b0acdccc22b60e00c860c` +- `c248907bb6e5f433bbb5edf6367b399ebefca0d321d0b2ea9fc67f66dc1064ce926adb0c05d90c3e8a2833328b3578f79c4e1bca43583d9bcfb2ba6c37303d00` +- `a4edf7aaea8658bb9ae19b3ffe2adcc77cc9f16c249aeb0a85a584b5362f89f27f7c67ac0af16d7170673d6d1fb1563d1934b25ec5a461f6c01fa49805cd5e07` authorizer world: ``` @@ -560,8 +560,8 @@ allow if true; ``` revocation ids: -- `ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603` -- `d1d56ea3c9469186fe32f56a2c488b31b2dead6701ce833d521d2b1f223355edb058839c68ea6b50af02e2ffa4b92d80116b25f1cb0623b6685cb3415677970a` +- `a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00` +- `966eceb2aa937c41b25368808bab6e0698c02a4038de669d007c9c3d43602638a640083558d1576ac80cf3eb2ac6a7585527e0f6c1a65402f0935cf7f4df8005` authorizer world: ``` @@ -636,7 +636,7 @@ allow if true; ``` revocation ids: -- `ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603` +- `a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00` authorizer world: ``` @@ -701,7 +701,7 @@ allow if true; ``` revocation ids: -- `bc15caa9476568fef796c13385d0cf455df66a0b1aa2be7980549f69aa5a4a7864555d94ddd64c652c7c24c191298dd5c0ca1aadb638ffd91971d15edee0aa07` +- `6a8f90dad67ae2ac188460463914ae7326fda431c80785755f4edcc15f1a53911f7366e606ad80cbbeba94672e42713e88632a932128f1d796ce9ba7d7a0b80a` authorizer world: ``` @@ -742,7 +742,7 @@ allow if true; ``` revocation ids: -- `bc15caa9476568fef796c13385d0cf455df66a0b1aa2be7980549f69aa5a4a7864555d94ddd64c652c7c24c191298dd5c0ca1aadb638ffd91971d15edee0aa07` +- `6a8f90dad67ae2ac188460463914ae7326fda431c80785755f4edcc15f1a53911f7366e606ad80cbbeba94672e42713e88632a932128f1d796ce9ba7d7a0b80a` authorizer world: ``` @@ -811,8 +811,8 @@ allow if true; ``` revocation ids: -- `58a9aead6684468383ba121d1d1ba6a2dd087f41240ecb3b8229587b7717630d5db86e230c4aa3a6da802f04483da06ae4cb71c7c35f30207550be4450787601` -- `745941a089e3e4efc479ac8d934fc0f95d9add8dca119c68e2ef34dfb285385396ad9b2d2cf6633894c234b1b9c854978be6788ca05262e3d2362e82f984b605` +- `c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006` +- `a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00` authorizer world: ``` @@ -891,8 +891,8 @@ allow if true; ``` revocation ids: -- `58a9aead6684468383ba121d1d1ba6a2dd087f41240ecb3b8229587b7717630d5db86e230c4aa3a6da802f04483da06ae4cb71c7c35f30207550be4450787601` -- `745941a089e3e4efc479ac8d934fc0f95d9add8dca119c68e2ef34dfb285385396ad9b2d2cf6633894c234b1b9c854978be6788ca05262e3d2362e82f984b605` +- `c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006` +- `a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00` authorizer world: ``` @@ -977,7 +977,7 @@ allow if true; ``` revocation ids: -- `7d2e7c6bc4878efcdb7f704948e668fcf5338cb1e4eeb5f0434944ace98597652f062d67e2ebdb47fe2c7b17d40f0d8a2386cb2d753fb430168be5e0b5fd410b` +- `da42718ad2631c12d3a44b7710dcc76c6c7809c6bc3a2d7eb0378c4154eae10e0884a8d54a2cd25ca3dfe01091d816ebbb9d246227baf7a359a787cb2344ad07` authorizer world: ``` @@ -1011,7 +1011,7 @@ allow if true; ``` revocation ids: -- `7d2e7c6bc4878efcdb7f704948e668fcf5338cb1e4eeb5f0434944ace98597652f062d67e2ebdb47fe2c7b17d40f0d8a2386cb2d753fb430168be5e0b5fd410b` +- `da42718ad2631c12d3a44b7710dcc76c6c7809c6bc3a2d7eb0378c4154eae10e0884a8d54a2cd25ca3dfe01091d816ebbb9d246227baf7a359a787cb2344ad07` authorizer world: ``` @@ -1061,7 +1061,7 @@ allow if true; ``` revocation ids: -- `e2c762315434ccc9194e012e47e75afb3329a46488a468d75d776b5a502ee5930d04750ae7b1836617fe07051bd92d4ce8336d662da4ca9ce9e9d4f4af5be70d` +- `b0d466d31e015fa85a075fa875f7e1c9017edd503fee9f62a5f033e1fcfa811074b6e39dfe5af2f452043db97a3f98650592a370f5685b62c5d6abf9dd10b603` authorizer world: ``` @@ -1120,8 +1120,8 @@ allow if true; ``` revocation ids: -- `812958ef3b43273b2c8e88bb13d0f91f0a8f5bf95544f79dafdaff07d89bd551baca72f83589b9e89120b0dc41c0f4b10678f03dd1b3ac0422e16074ff396b08` -- `51c0e278bed1085afe45519aa60d5b4b9e13f1819dadb38fb5854ed3a599bfe18485d8f396219540bd17bfb9f46ab3c407a4ac51ebf88734b4f2fb56b24a6e01` +- `ce6f804f4390e693a8853d9a4a10bd4f3c94b86b7c6d671993a6e19346bc4d20bbb52cc945e5d0d02e4e75fa5da2caa99764050190353564a0a0b4b276809402` +- `916d566cc724e0773046fc5266e9d0d804311435b8d6955b332f823ab296be9a78dfea190447732ac9f6217234cf5726becf88f65169c6de56a766af55451b0f` authorizer world: ``` @@ -1209,7 +1209,7 @@ allow if true; ``` revocation ids: -- `a0fdd27c0d21292a4d944a86a9e97cfee7513969a209729ebcff2dec50b8725816dad3b9d7fc004d3f6dc705399c303c1a76a8b955a5f23d2045132b68b4d50b` +- `f61b4cb4fc58777fec6c8d39fe62259dc3c78511868236c391e9f67ffd03a3a8b8e3042d4bacce0d5756d053f5afccd4c5e4df0597af44b36bdfab492e5fe50e` authorizer world: ``` @@ -1326,8 +1326,8 @@ allow if true; ``` revocation ids: -- `6d79797e655457166810826d7c398bc75ac4896d8de80650298796faf0aaf67f2abb80c46efdd915a210c9401bc41c75f3a7c19bebe4c02be9c991fae62b8808` -- `f7d3f3eadd83cc30aa3c0a9b8288d44b9107b5a099e52da6447fdb7aca5d00cd58add7b7b12b3fb73bd9b664f33ed207d91efcda2d05523cb9b8db0e9bca0502` +- `a44210c6a01e55eadefc7d8540c2e6eff80ab6eeedde4751de734f9d780435780680d3f42d826b7e0f0dcf4a5ba303fd4c116984bb30978813d46ed867924307` +- `d3f8822a9b9bc0ee3933283c493ca9e711be5dd8339b5fe2eba1de3805aad4e84d3e2fb4affb4a743f1289915c167582b9425343635e45b70573ea1ee7a1ea03` authorizer world: ``` @@ -1405,8 +1405,8 @@ allow if true; ``` revocation ids: -- `36d2d7cf28796c69a0ed6dfa0fde5b3ffb2f637f0ba19aa1da858353e88678ad945ebaaa566a050b8abe8adb5b873855900b157e1e5f1cc11047a14385e5a203` -- `b694af382e2115df7d02bb88a75b9c0cdcb9e51c23dea082c306b1b7a26dfe9a3ca7ba7ca3a8089e7b88bb3718ff0294c2a0dc6b5b810f64462e89393ff35e05` +- `7595a112a1eb5b81a6e398852e6118b7f5b8cbbff452778e655100e5fb4faa8d3a2af52fe2c4f9524879605675fae26adbc4783e0cafc43522fa82385f396c03` +- `45f4c14f9d9e8fa044d68be7a2ec8cddb835f575c7b913ec59bd636c70acae9a90db9064ba0b3084290ed0c422bbb7170092a884f5e0202b31e9235bbcc1650d` authorizer world: ``` @@ -1486,7 +1486,7 @@ allow if true; ``` revocation ids: -- `6a945aca807c25971cc4b711cd6364141fdaf4cee013022416f22986240238cc029b5ae41eb5c5b8a461b0d6063329132b5bac91ca8b51e82829a2b6a273150d` +- `d4b2f417b6e906434fdf5058afcabfcb98d3628f814f1c9dd7e64250d9beec4465aff51bd0cb2e85d0e67dc9f613c2a42af6158c678bc6f8b4684cd3a2d0d302` authorizer world: ``` @@ -1565,7 +1565,7 @@ allow if true; ``` revocation ids: -- `23183284bdad88fbf5b4cbaed2218cf0a38d7e360f3ac401d6337eecf36e8da1ce15eda6d11fe94c20c344f687327d9338a0e863f98c9a14576739533d2fb804` +- `75ce48d496fd28f99905901783a1ba46d7ff8d69f9d364d1546fd73006026eae51849ad1190a4ae521a0a1269f9c6951e226afba8fcd24fa50f679162439ae09` authorizer world: ``` @@ -1850,9 +1850,9 @@ allow if true; ``` revocation ids: -- `8c94b6f3a2cbe086a7df1135f04c7b88b4a8d6b4f595cd963e8f2a36b9c1edb551f1b0360f7995eec8ea8c846847fba53932f5e70aaee7783a852c83c08dd80b` -- `ce286369809e4f4a6e2d6b95ba6c19af28c3694ffd408d09ee292c0233a3d73e3257151d6099177ae61aa71cfb91f85b3ccac80952bf5d34c9e807c5e4cf2c04` -- `9bc1209ffa1e11d5fd3fe3811e55893e6c5a94d56e5835e83f7a84142db50642899b92705a32ab64a375e36e665564607cbf50d6366682b5381849f8e8b3340a` +- `f9b49866caef5ece7be14ec5a9b36d98ca81d06b306eb0b4c57cd7436af176f40ee972f40903f87ec4460ab8b1adfcbfa9b19b20a6955a1e8dae7d88b2076005` +- `889054b9119e4440e54da1b63266a98d0f6646cde195fef206efd8b133cfb2ee7be49b32a9a5925ece452e64f9e6f6d80dab422e916c599675dd68cdea053802` +- `0a85ffbf27e08aa23665ba0d96a985b274d747556c9f016fd7f590c641ed0e4133291521aa442b320ee9ce80f5ad701b914a0c87b3dfa0cc92629dce94201806` authorizer world: ``` @@ -1897,11 +1897,11 @@ result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedB authority: symbols: [] -public keys: ["ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"] +public keys: ["ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284"] ``` right("read"); -check if group("admin") trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; +check if group("admin") trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; ``` 1: @@ -1909,7 +1909,7 @@ symbols: [] public keys: [] -external signature by: "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" +external signature by: "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284" ``` group("admin"); @@ -1924,8 +1924,8 @@ allow if true; ``` revocation ids: -- `f5e36f36c18a9a7d3660366a9dccf1eeefbb2a639571e5aba63714cf02e412d222f7aadec14aef59cb5cf104e0d3bdba439c4147249e2d703498b2f0610e1008` -- `79217fcc94823ccbfc1cdbd6aaf770890659bb94d48ca14dddff70e9d0d386a4755e452e732a071c8e9884ca280ead059c473b3bd4ea5f82e99ee3c484518004` +- `4d3b72f5c769501fa7cbfd3f7821bcc341ab644ac78a748437d8aaae0f72049d90a6c98e876d910c68dd5583cca85bf7187ced3bf535d6d4c4d202a0d8c05d0e` +- `ad70c176b9b62b09d0c8428b7b94b19374d2c7218bf452caccc41197ccb8c8f26a7d9e07f89c0397fe915e4977a87381ca75f6dd52526de698e38c33fc7fb305` authorizer world: ``` @@ -1950,7 +1950,7 @@ World { } rules: {} checks: { - "check if group(\"admin\") trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "check if group(\"admin\") trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", "check if right(\"read\")", } policies: { @@ -1988,7 +1988,7 @@ allow if true; ``` revocation ids: -- `96f15d9598d682d387d9f01b4df28f6f29e6e2a0d2cdd699266a685e983f64c8349054a77ca7e940d6775da79ed53d41373863e3a35b86181d132148a8d5980a` +- `c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d` authorizer world: ``` @@ -2037,7 +2037,7 @@ allow if true; ``` revocation ids: -- `96f15d9598d682d387d9f01b4df28f6f29e6e2a0d2cdd699266a685e983f64c8349054a77ca7e940d6775da79ed53d41373863e3a35b86181d132148a8d5980a` +- `c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d` authorizer world: ``` @@ -2085,25 +2085,25 @@ result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedB authority: symbols: [] -public keys: ["ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"] +public keys: ["ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284"] ``` query(0); -check if true trusting previous, ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; +check if true trusting previous, ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; ``` 1: symbols: [] -public keys: ["ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463"] +public keys: ["ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1"] -external signature by: "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" +external signature by: "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284" ``` query(1); -query(1, 2) <- query(1), query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; -check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; -check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; +query(1, 2) <- query(1), query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; +check if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; +check if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; ``` 2: @@ -2111,12 +2111,12 @@ symbols: [] public keys: [] -external signature by: "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463" +external signature by: "ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1" ``` query(2); -check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; -check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; +check if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; +check if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; ``` 3: @@ -2124,43 +2124,43 @@ symbols: [] public keys: [] -external signature by: "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463" +external signature by: "ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1" ``` query(3); -check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; -check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; +check if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; +check if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; ``` 4: symbols: [] -public keys: ["ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136"] +public keys: ["ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97"] ``` query(4); -check if query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; -check if query(4) trusting ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136; +check if query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; +check if query(4) trusting ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97; ``` ### validation authorizer code: ``` -check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; +check if query(1, 2) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284, ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; deny if query(3); deny if query(1, 2); -deny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; +deny if query(0) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; allow if true; ``` revocation ids: -- `0e823acf10d97afef5d327d08ecde17fad1808388dedf678770b60521170180f4ad3b4dc81494d92122658f3bbfe2567ad5493b2bf0fc6570f2be52566320d03` -- `35bacaf3a817a26ffcb6a2b5658ef60665b63696c00061f5cef75fe3dac315595f0e24c20533916d90077b708e62396bf4b50dcd774092b43100f9271cd9830a` -- `3198c7f606e1611e6a6df503b74a9ac5769dd11b3a1c6c4d5f0e3dbf92671d009e0ec648fadc49442e9c94455258c8502ed2d5031a57436f2521520a0b9ac009` -- `16f8e0231f514816282621730510e41e0ba1a41d1944634f13fe4aaf28d0565e658fa624186fafc0bd996af39b638a31904b637e24ecc791f3d7210f9b83d90e` -- `68db0a0319dd91ee6638fe5fe380f9037c63b37fd0674b9df01cae5e40fcfe37a04498cba34a92433c6f9d3c423be5a5fbee49136b734f9d98d1b7962c1e730b` +- `40dc7572f86987690e2ae2755b57a33d0b372cdc482fe598300901e0f6eabcfda5b937a18d0e34312d9f1705bd4f65d9ed9776cb1b15fc42f2b40636106b260c` +- `a349c4a2f01a7e8ef45c3335afaf41885bbaf952e7cbe17da681b181efc3bd55b4d92702c9607dfc3854ca621a80e2f64afd89578c8da297736684c76b552d0d` +- `242474cd43d0babd3a2460cc9cd54cdf46a10bac02f7ae6bb98317c87f55e608b294c42716606679d0a015a4eef889019de1ea185bc16185070ec51eb003810c` +- `8a155bf697da245a34c24b999948270910635586f2c8196a1b3d51f5e63f957cd452637b7b94012b87c7046d5209a0f097204c99c81f1b32b3f4b621ec167703` +- `8af8af0d01aa11904a49a7a211d8ecf035d904ac1f5ed2027c8b66deacb14d7d634e736e8f02d3c32ffecdc92e83f1e6401e00ce98dcd48032758bae1cc42000` authorizer world: ``` @@ -2220,23 +2220,23 @@ World { } rules: { ( - "query(1, 2) <- query(1), query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "query(1, 2) <- query(1), query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", Some( 1, ), ), } checks: { - "check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", - "check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", - "check if query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", - "check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", - "check if query(4) trusting ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136", - "check if true trusting previous, ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "check if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", + "check if query(1, 2) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284, ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", + "check if query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", + "check if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", + "check if query(4) trusting ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97", + "check if true trusting previous, ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", } policies: { "allow if true", - "deny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "deny if query(0) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", "deny if query(1, 2)", "deny if query(3)", } @@ -2270,7 +2270,7 @@ allow if true; ``` revocation ids: -- `c554195c11cd462ca550f833833fad64213bdbef31d5e4b48ae6c2dc072d5218792bbf0da612f7ec9d20dc04c505d8c6ebdeee96ae95307546227efca713c70b` +- `3346a22aae0abfc1ffa526f02f7650e90af909e5e519989026441e78cdc245b7fd126503cfdc8831325fc04307edc65238db319724477915f7040a2f6a719a05` authorizer world: ``` @@ -2318,7 +2318,7 @@ allow if true; ``` revocation ids: -- `56ff3e571202e641dfb84955adb6700b61e42e1100412b3e0e957f1693875fbb8fdeaeb008092b2f42c5c7ded97cde638eeaf3ab73df678273f6ba970916ad00` +- `117fa653744c859561555e6a6f5990e3a8e7817f91b87aa6991b6d64297158b4e884c92d10f49f74c96069df722aa676839b72751ca9d1fe83a7025b591de00b` authorizer world: ``` diff --git a/biscuit-auth/samples/samples.json b/biscuit-auth/samples/samples.json index 7ce26704..10a52992 100644 --- a/biscuit-auth/samples/samples.json +++ b/biscuit-auth/samples/samples.json @@ -1,6 +1,6 @@ { - "root_private_key": "12aca40167fbdd1a11037e9fd440e3d510d9d9dea70a6646aa4aaf84d718d75a", - "root_public_key": "acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "root_private_key": "99e87b0e9158531eeeb503ff15266e2b23c2a2507b138c9d1b1f2ab458df2d61", + "root_public_key": "1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", "testcases": [ { "title": "basic token", @@ -83,8 +83,8 @@ }, "authorizer_code": "resource(\"file1\");\n\nallow if true;\n", "revocation_ids": [ - "36d2d7cf28796c69a0ed6dfa0fde5b3ffb2f637f0ba19aa1da858353e88678ad945ebaaa566a050b8abe8adb5b873855900b157e1e5f1cc11047a14385e5a203", - "b694af382e2115df7d02bb88a75b9c0cdcb9e51c23dea082c306b1b7a26dfe9a3ca7ba7ca3a8089e7b88bb3718ff0294c2a0dc6b5b810f64462e89393ff35e05" + "7595a112a1eb5b81a6e398852e6118b7f5b8cbbff452778e655100e5fb4faa8d3a2af52fe2c4f9524879605675fae26adbc4783e0cafc43522fa82385f396c03", + "45f4c14f9d9e8fa044d68be7a2ec8cddb835f575c7b913ec59bd636c70acae9a90db9064ba0b3084290ed0c422bbb7170092a884f5e0202b31e9235bbcc1650d" ] } } @@ -389,9 +389,9 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "9ff0d3b8dcd5235b5d88e17a21d5c789953e3bf4769ee40f34d4bc276b8672858504f6ae8098c43328a1e60589d7efc0e5fd2ec70a229904a1c493262d498c09", - "9e82a5f203e17d0515af7486599c1608d82a41c8e8cfe4457cb30c0eb62273d89970a2316223ccfdb64a49214762e80e82938531a2e0dc462f14ff52205e9107", - "c24b1da5ece026338fd3175648e443b97dce52659efe47881583cd35574670b21abdb345ebd0adf095620d8d7b805028fdcb480c24170d34e023e3a8df29fb04" + "4d86c9af808dc2e0583f47282e6f5df3e09dc264d5231ec360b4519e15ddaeec60b25a9bbcb22e8d192f4d36a0da3f9243711e30535b00ee55c53cb1395f230a", + "63208c668c66f3ba6927140ba37533593b25e03459447805d4b2a8b75adeef45794c3d7249afe506ed77ccee276160bb4052a4009302bd34871a440f070b4509", + "d8da982888eae8c038e4894a8c06fc57d8e5f06ad2e972b9cf4bde49ad60804558a0d1938192596c702d8e4f7f12ec19201d7c33d0cd77774a0d879a33880d02" ] } } @@ -484,9 +484,9 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603", - "3a69659a56d933ea7bf2dc4ccab997ed0bec6ce26b178ec24a9ec0d2fc006bcf31eae762f17cb5862457459b3d5ae9c17845dcf45f8cf0acd774e06f6b7d620d", - "c0f06ebdf58b5e17b150e7306a9361667a6a6d9945c1d478b4e8d9fac1869bd7726ef57e5cb9de95fe48718984e7dce617d5394caf25822cd646310affb2a202" + "a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00", + "77df45442be86a416aa02fd9d98d6d4703c634a9e3b1d293b41f5dc97849afbe7faeec8c22a210574888acc008fb64fe691ec9e8d2655586f970d9a6b6577000", + "b31398aefe97d3db41ebc445760f216fb3aa7bf7439adcfc3a07489bfcc163970af3f4e20f5460aa24cf841101a5ab114d21acc0ee8d442bae7793b121284900" ] } } @@ -564,8 +564,8 @@ }, "authorizer_code": "resource(\"file1\");\noperation(\"read\");\ntime(2020-12-21T09:23:12Z);\n\nallow if true;\n", "revocation_ids": [ - "ceb1a909c91d558a962c23d9d1c60aa06279f9dff1cc546ca6b2b6bf17db6fe4a03a04e9c1ed9131b7c6f3e609d5f17abab289909ae46f5e66f8876a5946a20c", - "8419da0abe321d3a830ffc93aa159140138a2c4b61dfd4b05328b69567aae23d357764672d114940cabb9bd465c4d2d4766e52c8805b0acdccc22b60e00c860c" + "c248907bb6e5f433bbb5edf6367b399ebefca0d321d0b2ea9fc67f66dc1064ce926adb0c05d90c3e8a2833328b3578f79c4e1bca43583d9bcfb2ba6c37303d00", + "a4edf7aaea8658bb9ae19b3ffe2adcc77cc9f16c249aeb0a85a584b5362f89f27f7c67ac0af16d7170673d6d1fb1563d1934b25ec5a461f6c01fa49805cd5e07" ] } } @@ -649,8 +649,8 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\ncheck if right($0, $1), resource($0), operation($1);\n\nallow if true;\n", "revocation_ids": [ - "ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603", - "d1d56ea3c9469186fe32f56a2c488b31b2dead6701ce833d521d2b1f223355edb058839c68ea6b50af02e2ffa4b92d80116b25f1cb0623b6685cb3415677970a" + "a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00", + "966eceb2aa937c41b25368808bab6e0698c02a4038de669d007c9c3d43602638a640083558d1576ac80cf3eb2ac6a7585527e0f6c1a65402f0935cf7f4df8005" ] } } @@ -720,7 +720,7 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\ncheck if right($0, $1), resource($0), operation($1);\n\nallow if true;\n", "revocation_ids": [ - "ba4d8f66dd4e3fef1f35d75be6df25fc41fbe237f645ea4434678add9dc356be23462eb1ada51bbb446995539f43b5d04581190ce2de66ea6194563efe88d603" + "a80c985ddef895518c216f64c65dcd50a5d97d012a94453d79159aed2981654b1fe9748c686c5667604026a94fb8db8a1d02de747df61e99fa9a63ff2878ad00" ] } } @@ -768,7 +768,7 @@ }, "authorizer_code": "resource(\"file1\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "bc15caa9476568fef796c13385d0cf455df66a0b1aa2be7980549f69aa5a4a7864555d94ddd64c652c7c24c191298dd5c0ca1aadb638ffd91971d15edee0aa07" + "6a8f90dad67ae2ac188460463914ae7326fda431c80785755f4edcc15f1a53911f7366e606ad80cbbeba94672e42713e88632a932128f1d796ce9ba7d7a0b80a" ] }, "file2": { @@ -817,7 +817,7 @@ }, "authorizer_code": "resource(\"file2\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "bc15caa9476568fef796c13385d0cf455df66a0b1aa2be7980549f69aa5a4a7864555d94ddd64c652c7c24c191298dd5c0ca1aadb638ffd91971d15edee0aa07" + "6a8f90dad67ae2ac188460463914ae7326fda431c80785755f4edcc15f1a53911f7366e606ad80cbbeba94672e42713e88632a932128f1d796ce9ba7d7a0b80a" ] } } @@ -904,8 +904,8 @@ }, "authorizer_code": "resource(\"file1\");\ntime(2020-12-21T09:23:12Z);\n\nallow if true;\n", "revocation_ids": [ - "58a9aead6684468383ba121d1d1ba6a2dd087f41240ecb3b8229587b7717630d5db86e230c4aa3a6da802f04483da06ae4cb71c7c35f30207550be4450787601", - "745941a089e3e4efc479ac8d934fc0f95d9add8dca119c68e2ef34dfb285385396ad9b2d2cf6633894c234b1b9c854978be6788ca05262e3d2362e82f984b605" + "c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006", + "a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00" ] }, "file2": { @@ -975,8 +975,8 @@ }, "authorizer_code": "resource(\"file2\");\ntime(2020-12-21T09:23:12Z);\n\nallow if true;\n", "revocation_ids": [ - "58a9aead6684468383ba121d1d1ba6a2dd087f41240ecb3b8229587b7717630d5db86e230c4aa3a6da802f04483da06ae4cb71c7c35f30207550be4450787601", - "745941a089e3e4efc479ac8d934fc0f95d9add8dca119c68e2ef34dfb285385396ad9b2d2cf6633894c234b1b9c854978be6788ca05262e3d2362e82f984b605" + "c46d071ff3f33434223c8305fdad529f62bf78bb5d9cbfc2a345d4bca6bf314014840e18ba353f86fdb9073d58b12b8c872ac1f8e593c2e9064b90f6c2ede006", + "a0c4c163a0b3ca406df4ece3d1371356190df04208eccef72f77e875ed0531b5d37e243d6f388b1967776a5dfd16ef228f19c5bdd6d2820f145c5ed3c3dcdc00" ] } } @@ -1036,7 +1036,7 @@ }, "authorizer_code": "resource(\"file1\");\n\nallow if true;\n", "revocation_ids": [ - "7d2e7c6bc4878efcdb7f704948e668fcf5338cb1e4eeb5f0434944ace98597652f062d67e2ebdb47fe2c7b17d40f0d8a2386cb2d753fb430168be5e0b5fd410b" + "da42718ad2631c12d3a44b7710dcc76c6c7809c6bc3a2d7eb0378c4154eae10e0884a8d54a2cd25ca3dfe01091d816ebbb9d246227baf7a359a787cb2344ad07" ] }, "file123": { @@ -1062,7 +1062,7 @@ }, "authorizer_code": "resource(\"file123.txt\");\n\nallow if true;\n", "revocation_ids": [ - "7d2e7c6bc4878efcdb7f704948e668fcf5338cb1e4eeb5f0434944ace98597652f062d67e2ebdb47fe2c7b17d40f0d8a2386cb2d753fb430168be5e0b5fd410b" + "da42718ad2631c12d3a44b7710dcc76c6c7809c6bc3a2d7eb0378c4154eae10e0884a8d54a2cd25ca3dfe01091d816ebbb9d246227baf7a359a787cb2344ad07" ] } } @@ -1105,7 +1105,7 @@ }, "authorizer_code": "check if must_be_present($0) or must_be_present($0);\n\nallow if true;\n", "revocation_ids": [ - "e2c762315434ccc9194e012e47e75afb3329a46488a468d75d776b5a502ee5930d04750ae7b1836617fe07051bd92d4ce8336d662da4ca9ce9e9d4f4af5be70d" + "b0d466d31e015fa85a075fa875f7e1c9017edd503fee9f62a5f033e1fcfa811074b6e39dfe5af2f452043db97a3f98650592a370f5685b62c5d6abf9dd10b603" ] } } @@ -1172,8 +1172,8 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "812958ef3b43273b2c8e88bb13d0f91f0a8f5bf95544f79dafdaff07d89bd551baca72f83589b9e89120b0dc41c0f4b10678f03dd1b3ac0422e16074ff396b08", - "51c0e278bed1085afe45519aa60d5b4b9e13f1819dadb38fb5854ed3a599bfe18485d8f396219540bd17bfb9f46ab3c407a4ac51ebf88734b4f2fb56b24a6e01" + "ce6f804f4390e693a8853d9a4a10bd4f3c94b86b7c6d671993a6e19346bc4d20bbb52cc945e5d0d02e4e75fa5da2caa99764050190353564a0a0b4b276809402", + "916d566cc724e0773046fc5266e9d0d804311435b8d6955b332f823ab296be9a78dfea190447732ac9f6217234cf5726becf88f65169c6de56a766af55451b0f" ] } } @@ -1256,7 +1256,7 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "a0fdd27c0d21292a4d944a86a9e97cfee7513969a209729ebcff2dec50b8725816dad3b9d7fc004d3f6dc705399c303c1a76a8b955a5f23d2045132b68b4d50b" + "f61b4cb4fc58777fec6c8d39fe62259dc3c78511868236c391e9f67ffd03a3a8b8e3042d4bacce0d5756d053f5afccd4c5e4df0597af44b36bdfab492e5fe50e" ] } } @@ -1297,8 +1297,8 @@ }, "authorizer_code": "", "revocation_ids": [ - "6d79797e655457166810826d7c398bc75ac4896d8de80650298796faf0aaf67f2abb80c46efdd915a210c9401bc41c75f3a7c19bebe4c02be9c991fae62b8808", - "b25cea85ce06b97df471896c7c709b3962dd6e97074a66a2da2fe6721c250c418b4c55455f7209362752343873bb4105d18ef6a880ecb9c0b41d98f0b7d31505" + "a44210c6a01e55eadefc7d8540c2e6eff80ab6eeedde4751de734f9d780435780680d3f42d826b7e0f0dcf4a5ba303fd4c116984bb30978813d46ed867924307", + "b0a33e3f4cd0994c0766c196c4d11c15e5a0f9bfba79a3a2b35ddd04ddb890282a7c63336ada5c680b9f9c940c1fa7127d2699754cbc77c21e1a2d85c5ef700c" ] } } @@ -1375,8 +1375,8 @@ }, "authorizer_code": "operation(\"write\");\n\nallow if true;\n", "revocation_ids": [ - "6d79797e655457166810826d7c398bc75ac4896d8de80650298796faf0aaf67f2abb80c46efdd915a210c9401bc41c75f3a7c19bebe4c02be9c991fae62b8808", - "f7d3f3eadd83cc30aa3c0a9b8288d44b9107b5a099e52da6447fdb7aca5d00cd58add7b7b12b3fb73bd9b664f33ed207d91efcda2d05523cb9b8db0e9bca0502" + "a44210c6a01e55eadefc7d8540c2e6eff80ab6eeedde4751de734f9d780435780680d3f42d826b7e0f0dcf4a5ba303fd4c116984bb30978813d46ed867924307", + "d3f8822a9b9bc0ee3933283c493ca9e711be5dd8339b5fe2eba1de3805aad4e84d3e2fb4affb4a743f1289915c167582b9425343635e45b70573ea1ee7a1ea03" ] } } @@ -1451,8 +1451,8 @@ }, "authorizer_code": "resource(\"file1\");\noperation(\"read\");\n\nallow if true;\n", "revocation_ids": [ - "36d2d7cf28796c69a0ed6dfa0fde5b3ffb2f637f0ba19aa1da858353e88678ad945ebaaa566a050b8abe8adb5b873855900b157e1e5f1cc11047a14385e5a203", - "b694af382e2115df7d02bb88a75b9c0cdcb9e51c23dea082c306b1b7a26dfe9a3ca7ba7ca3a8089e7b88bb3718ff0294c2a0dc6b5b810f64462e89393ff35e05" + "7595a112a1eb5b81a6e398852e6118b7f5b8cbbff452778e655100e5fb4faa8d3a2af52fe2c4f9524879605675fae26adbc4783e0cafc43522fa82385f396c03", + "45f4c14f9d9e8fa044d68be7a2ec8cddb835f575c7b913ec59bd636c70acae9a90db9064ba0b3084290ed0c422bbb7170092a884f5e0202b31e9235bbcc1650d" ] } } @@ -1495,7 +1495,7 @@ }, "authorizer_code": "check if ns::fact_123(\"hello é\t😁\");\n\nallow if true;\n", "revocation_ids": [ - "6a945aca807c25971cc4b711cd6364141fdaf4cee013022416f22986240238cc029b5ae41eb5c5b8a461b0d6063329132b5bac91ca8b51e82829a2b6a273150d" + "d4b2f417b6e906434fdf5058afcabfcb98d3628f814f1c9dd7e64250d9beec4465aff51bd0cb2e85d0e67dc9f613c2a42af6158c678bc6f8b4684cd3a2d0d302" ] } } @@ -1697,7 +1697,7 @@ }, "authorizer_code": "check if read(0), write(1), resource(2), operation(3), right(4), time(5), role(6), owner(7), tenant(8), namespace(9), user(10), team(11), service(12), admin(13), email(14), group(15), member(16), ip_address(17), client(18), client_ip(19), domain(20), path(21), version(22), cluster(23), node(24), hostname(25), nonce(26), query(27);\n\nallow if true;\n", "revocation_ids": [ - "23183284bdad88fbf5b4cbaed2218cf0a38d7e360f3ac401d6337eecf36e8da1ce15eda6d11fe94c20c344f687327d9338a0e863f98c9a14576739533d2fb804" + "75ce48d496fd28f99905901783a1ba46d7ff8d69f9d364d1546fd73006026eae51849ad1190a4ae521a0a1269f9c6951e226afba8fcd24fa50f679162439ae09" ] } } @@ -1779,9 +1779,9 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "8c94b6f3a2cbe086a7df1135f04c7b88b4a8d6b4f595cd963e8f2a36b9c1edb551f1b0360f7995eec8ea8c846847fba53932f5e70aaee7783a852c83c08dd80b", - "ce286369809e4f4a6e2d6b95ba6c19af28c3694ffd408d09ee292c0233a3d73e3257151d6099177ae61aa71cfb91f85b3ccac80952bf5d34c9e807c5e4cf2c04", - "9bc1209ffa1e11d5fd3fe3811e55893e6c5a94d56e5835e83f7a84142db50642899b92705a32ab64a375e36e665564607cbf50d6366682b5381849f8e8b3340a" + "f9b49866caef5ece7be14ec5a9b36d98ca81d06b306eb0b4c57cd7436af176f40ee972f40903f87ec4460ab8b1adfcbfa9b19b20a6955a1e8dae7d88b2076005", + "889054b9119e4440e54da1b63266a98d0f6646cde195fef206efd8b133cfb2ee7be49b32a9a5925ece452e64f9e6f6d80dab422e916c599675dd68cdea053802", + "0a85ffbf27e08aa23665ba0d96a985b274d747556c9f016fd7f590c641ed0e4133291521aa442b320ee9ce80f5ad701b914a0c87b3dfa0cc92629dce94201806" ] } } @@ -1793,15 +1793,15 @@ { "symbols": [], "public_keys": [ - "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" + "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284" ], "external_key": null, - "code": "right(\"read\");\ncheck if group(\"admin\") trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" + "code": "right(\"read\");\ncheck if group(\"admin\") trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\n" }, { "symbols": [], "public_keys": [], - "external_key": "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "external_key": "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", "code": "group(\"admin\");\ncheck if right(\"read\");\n" } ], @@ -1824,7 +1824,7 @@ ], "rules": [], "checks": [ - "check if group(\"admin\") trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "check if group(\"admin\") trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", "check if right(\"read\")" ], "policies": [ @@ -1836,8 +1836,8 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "f5e36f36c18a9a7d3660366a9dccf1eeefbb2a639571e5aba63714cf02e412d222f7aadec14aef59cb5cf104e0d3bdba439c4147249e2d703498b2f0610e1008", - "79217fcc94823ccbfc1cdbd6aaf770890659bb94d48ca14dddff70e9d0d386a4755e452e732a071c8e9884ca280ead059c473b3bd4ea5f82e99ee3c484518004" + "4d3b72f5c769501fa7cbfd3f7821bcc341ab644ac78a748437d8aaae0f72049d90a6c98e876d910c68dd5583cca85bf7187ced3bf535d6d4c4d202a0d8c05d0e", + "ad70c176b9b62b09d0c8428b7b94b19374d2c7218bf452caccc41197ccb8c8f26a7d9e07f89c0397fe915e4977a87381ca75f6dd52526de698e38c33fc7fb305" ] } } @@ -1895,7 +1895,7 @@ }, "authorizer_code": "operation(\"A\");\noperation(\"B\");\n\nallow if true;\n", "revocation_ids": [ - "96f15d9598d682d387d9f01b4df28f6f29e6e2a0d2cdd699266a685e983f64c8349054a77ca7e940d6775da79ed53d41373863e3a35b86181d132148a8d5980a" + "c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d" ] }, "A, invalid": { @@ -1950,7 +1950,7 @@ }, "authorizer_code": "operation(\"A\");\noperation(\"invalid\");\n\nallow if true;\n", "revocation_ids": [ - "96f15d9598d682d387d9f01b4df28f6f29e6e2a0d2cdd699266a685e983f64c8349054a77ca7e940d6775da79ed53d41373863e3a35b86181d132148a8d5980a" + "c456817012e1d523c6d145b6d6a3475d9f7dd4383c535454ff3f745ecf4234984ce09b9dec0551f3d783abe850f826ce43b12f1fd91999a4753a56ecf4c56d0d" ] } } @@ -1962,38 +1962,38 @@ { "symbols": [], "public_keys": [ - "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" + "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284" ], "external_key": null, - "code": "query(0);\ncheck if true trusting previous, ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" + "code": "query(0);\ncheck if true trusting previous, ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\n" }, { "symbols": [], "public_keys": [ - "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463" + "ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1" ], - "external_key": "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", - "code": "query(1);\nquery(1, 2) <- query(1), query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" + "external_key": "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", + "code": "query(1);\nquery(1, 2) <- query(1), query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\ncheck if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\ncheck if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\n" }, { "symbols": [], "public_keys": [], - "external_key": "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", - "code": "query(2);\ncheck if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" + "external_key": "ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", + "code": "query(2);\ncheck if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\ncheck if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\n" }, { "symbols": [], "public_keys": [], - "external_key": "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", - "code": "query(3);\ncheck if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" + "external_key": "ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", + "code": "query(3);\ncheck if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\ncheck if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\n" }, { "symbols": [], "public_keys": [ - "ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136" + "ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97" ], "external_key": null, - "code": "query(4);\ncheck if query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(4) trusting ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136;\n" + "code": "query(4);\ncheck if query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\ncheck if query(4) trusting ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97;\n" } ], "validations": { @@ -2040,21 +2040,21 @@ ], "rules": [ [ - "query(1, 2) <- query(1), query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "query(1, 2) <- query(1), query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", 1 ] ], "checks": [ - "check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", - "check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", - "check if query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", - "check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", - "check if query(4) trusting ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136", - "check if true trusting previous, ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" + "check if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", + "check if query(1, 2) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284, ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", + "check if query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", + "check if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", + "check if query(4) trusting ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97", + "check if true trusting previous, ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284" ], "policies": [ "allow if true", - "deny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "deny if query(0) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", "deny if query(1, 2)", "deny if query(3)" ] @@ -2062,13 +2062,13 @@ "result": { "Ok": 3 }, - "authorizer_code": "check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\n\ndeny if query(3);\ndeny if query(1, 2);\ndeny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\nallow if true;\n", + "authorizer_code": "check if query(1, 2) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284, ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\n\ndeny if query(3);\ndeny if query(1, 2);\ndeny if query(0) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\nallow if true;\n", "revocation_ids": [ - "0e823acf10d97afef5d327d08ecde17fad1808388dedf678770b60521170180f4ad3b4dc81494d92122658f3bbfe2567ad5493b2bf0fc6570f2be52566320d03", - "35bacaf3a817a26ffcb6a2b5658ef60665b63696c00061f5cef75fe3dac315595f0e24c20533916d90077b708e62396bf4b50dcd774092b43100f9271cd9830a", - "3198c7f606e1611e6a6df503b74a9ac5769dd11b3a1c6c4d5f0e3dbf92671d009e0ec648fadc49442e9c94455258c8502ed2d5031a57436f2521520a0b9ac009", - "16f8e0231f514816282621730510e41e0ba1a41d1944634f13fe4aaf28d0565e658fa624186fafc0bd996af39b638a31904b637e24ecc791f3d7210f9b83d90e", - "68db0a0319dd91ee6638fe5fe380f9037c63b37fd0674b9df01cae5e40fcfe37a04498cba34a92433c6f9d3c423be5a5fbee49136b734f9d98d1b7962c1e730b" + "40dc7572f86987690e2ae2755b57a33d0b372cdc482fe598300901e0f6eabcfda5b937a18d0e34312d9f1705bd4f65d9ed9776cb1b15fc42f2b40636106b260c", + "a349c4a2f01a7e8ef45c3335afaf41885bbaf952e7cbe17da681b181efc3bd55b4d92702c9607dfc3854ca621a80e2f64afd89578c8da297736684c76b552d0d", + "242474cd43d0babd3a2460cc9cd54cdf46a10bac02f7ae6bb98317c87f55e608b294c42716606679d0a015a4eef889019de1ea185bc16185070ec51eb003810c", + "8a155bf697da245a34c24b999948270910635586f2c8196a1b3d51f5e63f957cd452637b7b94012b87c7046d5209a0f097204c99c81f1b32b3f4b621ec167703", + "8af8af0d01aa11904a49a7a211d8ecf035d904ac1f5ed2027c8b66deacb14d7d634e736e8f02d3c32ffecdc92e83f1e6401e00ce98dcd48032758bae1cc42000" ] } } @@ -2105,7 +2105,7 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "c554195c11cd462ca550f833833fad64213bdbef31d5e4b48ae6c2dc072d5218792bbf0da612f7ec9d20dc04c505d8c6ebdeee96ae95307546227efca713c70b" + "3346a22aae0abfc1ffa526f02f7650e90af909e5e519989026441e78cdc245b7fd126503cfdc8831325fc04307edc65238db319724477915f7040a2f6a719a05" ] } } @@ -2146,7 +2146,7 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "56ff3e571202e641dfb84955adb6700b61e42e1100412b3e0e957f1693875fbb8fdeaeb008092b2f42c5c7ded97cde638eeaf3ab73df678273f6ba970916ad00" + "117fa653744c859561555e6a6f5990e3a8e7817f91b87aa6991b6d64297158b4e884c92d10f49f74c96069df722aa676839b72751ca9d1fe83a7025b591de00b" ] } } diff --git a/biscuit-auth/samples/test001_basic.bc b/biscuit-auth/samples/test001_basic.bc index e9a777a816e4d32ebe8252ad6da1fb2e7de25866..f45e91bbc0960b93e915b19f4b232b2437318de4 100644 GIT binary patch delta 243 zcmV7tXKt=SyPo18R zphVV-=c4S4-MBUNb;r3A>{-2IY;dfunvmO&WV#D5geeZt#3H-57XXr|g!SMcD>3OK tTfD(#4I&~6Aj(17u!WHAq(U*a{PepK423Hs@G!rbYKaH%EX>7zwehm$d8YsX delta 243 zcmVB;bJkDS9gWa*z}mah`a0mQaA--`TuWF%u6K(>^xI4&U- z-+cnRh^Jee4BWZp93$SKg2M)}x1w$Snmnhve50rco_mP9HyHl{l)|9gYg>U2WJWHD tIY0AW1tKB}AOVg)Xk?+u|H9^ZIjA+%9Ds`egtOPWzmo@K_H^4B?z4TocX9v# diff --git a/biscuit-auth/samples/test002_different_root_key.bc b/biscuit-auth/samples/test002_different_root_key.bc index 0d75d0adec6e1d7589945d3fe11222845e9d1757..edf2dd78d677ebbf7242e0d7880cff2851debb56 100644 GIT binary patch delta 244 zcmVJ{1BVs&n_MV*|?Iw`EVhEW{)7or0tZ4a@v#;nQIB*QReh(TzunD^w zHZPk9Ovzvb}4EG@n$z^+Y2ewg?4Oc@X`Hnef(FXo=9{8bD4;m&XSz z7k+p7=BJnMeU*fDh#Ud#bCx@n@$d3ndOr)Dcwsm8XYL9#nWSxU@7p+_v8jF}5d1=V uUAQ)3qyZu#3LvTC&j5^+f(czU4RA)UL*dJ{1BVs4PVl4u-;VPPiEp^3HUxi`ibU7>*L9im?b`KA4xAYo7go>^C z{)~2!x6nCJO}O*M*7083gc-$SggY|O5x=NhHjW>-i0G6E1hh9Fr9TED>G}v{&sDsu<{q2y8bF3w4r3sy z@w}WEHsUsp*aOcOwFMrt27pjkyxThQ@#LhIdIqjKV#@kfk`ME+-xwc2rn)y@u3Nbe uMxLs0qX{A+3LxHVu6%4CXDwk;05H&=lGM~hcLi|3;3jNQ03^>xR&6YN>NV{CA&u9}eBkYu_GFoY=%(8MCUw-*4CsD$<4 yAS*HHBU`+|Wep-C3Lwfs+OUO??W966w*2(F5e$VZB=9i5nQDm#@GQ*5ezoyP1z(5& delta 196 zcmV;#06YJ+0<{8=M>4G4ZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCUIii|3LpWFKWJp3$^XLUc{!*x)Et0|0EDyGy1$bLWcGC18Sb-rI$*N^ diff --git a/biscuit-auth/samples/test004_random_block.bc b/biscuit-auth/samples/test004_random_block.bc index 1b2611fed72e48d8a8d8383a6977dbe8252c7296..e8882d3ecba88f1b7ba802c6f1af2b4f97d16d81 100644 GIT binary patch delta 284 zcmV+%0ptGL0^0(RNPiGj$564MP+2#x6*tBvx-w&#Tr;LeSgNnFCtCv&;)EJNb(NtK zq3c_LrsJ4}E@2qA^|;Hw^ip?@Wl;d-`%kKkIx6)q;>7tbuucQ(r2mlfw z)Iv=j5|J~ZN0;MF++V5Mr%WpwXR7{Bwb8Raz1mvQ8bC$#!B3r@kDx@>i|3;3jNQ03 z^>xR&6YN>NV{CA&u9}eBkYu_GFoY=%(8MCUw-*4CsD$<4AS*HHBU`+|Wep-C3Lwfs i+OUO??W966wiW#JyAce9DUIii|3LpWF iKWJp3$^XLUc@;URHPjq{ivWbP*Sf!xWcGC18Sb-a(}vdo diff --git a/biscuit-auth/samples/test005_invalid_signature.bc b/biscuit-auth/samples/test005_invalid_signature.bc index d7620dc2d9825c0689ef88780c56d4229d5cc54f..b33c6abdd8148b71b0ffa9fffd6754a5dac01a0c 100644 GIT binary patch delta 243 zcmV7tXKt=SyPo18R zphVV-=c4S4-MBUNb;r3A>{-2IY;dfunvmO&WV#D5geeZt#3H-57XXr|g!SMcD>3OK tTfD(#4I&~6Aj(17u!WHAq(U*a{PepK423Hs@G!rbYKaH%EX>7zwehpBd8hyY delta 243 zcmVB;bJkDS9gWa*z}mah`a0mQaA--`TuWF%u6K(>^xI4&U- z-+cnRh^Jee4BWZp93$SKg2M)}x1w$Snmnhve50rco_mP9HyHl{l)|9gYg>U2WJWHD tIY0AW1tKB}AOVg)Xk?+u|H9^ZIjA+%9Ds`egtOPWzmo@K_H^4B?z4V|cXI#$ diff --git a/biscuit-auth/samples/test006_reordered_blocks.bc b/biscuit-auth/samples/test006_reordered_blocks.bc index 338c73d9ead9729045ada3af806a13189b1e607f..486981c5bb9165ecb8faa5a9ffcfe05caca85914 100644 GIT binary patch delta 346 zcmV-g0j2)s1LXsdNMR6F$564MP+2#x6*tBvx-w&#Tr;LeSgNnFCtCv&;)EJNb(NtK zq3c_LrsJ4}E@2qA^|;Hw^ip?@Wl;d-`%kKkIx6)q;>7t&FG90<9~M^ZaD@zPpziKwTHI5L>!< zaNI6rER`;0uQ5CizZJ=<}bA` zwpQP{3zI1UHhot}@N zMAnPvqU?;_xHa{4$GH>iS-oRyaICJHklT=Cx(hIbDGt!YBD=R20FtPL_23{YG3g^) syuoD+A|eVP6Kcfdj~NBlm-rdqPoks}0)APb@90mrFb7&d=l-25SD((O5dZ)H delta 346 zcmV-g0j2)s1LXsdNMWqqZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCU2~sSkHr>|5YEUU*N5Dzt#Hl$LHngA|jPj8|X-HS&DSuPZa{8??)Ku_~84HpQbo0 zTv0Rx1(PWOHh-XCCk?mh$?$HEoWnX~>7QkmuM*1v#I`u!iu`+IBx4#twv?|pE+G}) zeFD3Pr(2v1+_~i(Bi^8b!v?XpqHX?~Jg2&Rqo@d;dx*O?82?}iYCNoLgW zLI;g_{p-gCr2?%hkn{Xx_rANA8bH|Em?((q=)gGSiAszH{8!lJ@M_ZOa=Fh--bt-s zfJIoK(UXCaS!{4Ej!%CQ>=_^(d^6C^cXvt+hnh2p4FVz}3Lq0|#N>||1=g4N8Q)K$ Wq!I#tS)lLePq#1!T0rOiohw(nC8K}< delta 376 zcmV-;0f+vV1eXMmK!2>=ZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCV zp~RCWElG?C8pr_(UJ3y)3IQ<~11c^G3kU=f0|63YR^wm9F4{Ci|1V;Vr7f~E2U;e7=auXKi4oE8Y!DnZET&*VjXvkVTl zB6HZ8aH26{Bh3A_N=YF{V(1QnlZ7#&;M_(p6#r5nUXcfrZ2=^I`HiT-&yaXlLmT`( z$aOK`>aDtv`5EoPGC*5}hko%k8bHEJ9i{BxCNq!I7gk8*L%Ds zaIzY`vqkIBt?-p%4UKz%P$>P&NDL$w4K&~*)NDS>56AL(?AXlzzzU_d6RPq^EP9Rl8TefA!i z`kG_^D0r;^k%cy5)Iv=j5|J~ZN0;MF++V5Mr%WpwXR7{Bwb8Raz1mvQ8bEj7MMNv; zYC&qCFWK3RZASyfG^yjU(v!3wUCDS!ufBh-?2IC!5LZZutiTBSWd3O$$>`E$RfhR+ z*`~HvZ~&7X0V97l!|h}5h7g5GX4LRP2aS0B>&FG90<9~M^ZaD@zPpziK(iB=uKt(P z+d=EZMRpG%Z?md<_d}Z8{5l6noBY9JmkRUr;ty0{swB^Z5do#E5ltbi!0wGiE3S8w tu^}i)03sp^AQNiD3m+cGeY~pJdj>1Zwz|#BxYtJ$2=VI}EwT2{DMVmcZ>A`qK-1J|J@T}K# z;BRYvVhxiW0V99;ji|xTka$)@8~i=Ubur-Tt-6r;8STO{KwE`}e(^RMK)~>Bz4eP; z7qL+1Flv)wW_oIEnMJ|Wc(mx*`oV^q*K%(4eq6cUmHtR^iG=6e<`>mDOs^$^EY?Ob t3jeaA0wN*`Ac)2{J`*5^M?r7y}X{2mlfw5LL%ev7t~|H?I{p#wNNlW0_ntrbk$+udydv z0}|qd8bHEGkbAb}^fSA)?e;c%Ii9}!pwl7Hvg)74e`eeeWX_Um+YANS3_gk|Gct=c zc=w!68_GjiJ)6(6x@{KGLQNhLku#x3m*Y&_ zU#Z%sOe-5_s{T*4(X&3i+FH>XK&0*Ws_KSVyPDyfKmID*$9&20Y$TfN3WcSFwKgw_ z@_&41tP1gMad2lnZ6C2#JsC8zUd5zg_P`&cm<7#V2O=U0Aj(17u!WHAq(U*a{PepK V423Hs@G!rbYKaH%EX>7zwebmJ`*5^M?r7y}X{2mlfwtle!}Q@`#{JnU?&Z?>B;bJkDS9g zWa*z}mah`a0mQaA--`TuWF%u6K!h3E3cfNOI)e}Vld2VwKog2AOJU#Cuu~|um1nBr zJvDb^XDty)K+3zD)Mdod)OK!C$bef4&CJ3pVBidf3?d>5AOVg)Xk?+u|H9^ZIjA+% V9Ds`egtOPWzmo@K_H^4B?z5)fe{=u< diff --git a/biscuit-auth/samples/test010_authorizer_scope.bc b/biscuit-auth/samples/test010_authorizer_scope.bc index 975adeba08e3024d75ac24840708b44f0d062242..b0188a76c2857ad5f1a9303026c051cfb4fc5847 100644 GIT binary patch delta 244 zcmV)NDS>56AL(?AXlzzzU_d6RPq^EP9Rl8TefA!i z`kG_^D0r;^k%c3F)Iv=j5|J~ZN0;MF++V5Mr%WpwXR7{Bwb8Raz1mvQ8bFqA&a$eL zd_l5PXn>2WZU&gZDnK~iW}N_hoIOKeCOD=*2sK#IS8B)%^Xn?cr&v`d;P%0$R08mm uT=(?ffCVBV3Lwfs+OUO??W966w*2(F5e$VZB=9i5nQDm#@GQ*5ezozY;BwIb delta 244 zcmV)NDS>56AL(?AXlzzzU_d6RPq^EP9Rl8TefA!i w`kG_^D0r;^A|eVPndo~Ckyuk6?zIE|6((*gBf_FkdlQVE8wVdMv{>IQVd>307ytkO delta 142 zcmV;90CE4R0jU9yBY&*jZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCFXZzh65d(go)Ij6a5ZT$@rwV39ss~E1gx46?THTmM)c^nh diff --git a/biscuit-auth/samples/test012_authority_caveats.bc b/biscuit-auth/samples/test012_authority_caveats.bc index f4352a67f8e7da992ec3d6f77d7de5beb6a1704d..6d852ec77d3333de65663a6e1bdf064a7597820b 100644 GIT binary patch delta 142 zcmV;90CE4T0jmL!C4UfA$564MP+2#x6*tBvx-w&#Tr;LeSgNnFCtCv&;)EJNYLAfG z)_UTs7=&O(ITWsQCjF!_$OnaWUryY?Um8=9A9H5r2Cab0zPglWE<$lWh+`^~At>?J wmd=}}*PyrxA|eVPndo~Ckyuk6?zIE|6((*gBf_FkdlQVE8wVdMv{>IQVLGopTL1t6 delta 142 zcmV;90CE4T0jmL!C4a2lZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCFXZzh65d(go)Ij6a5ZT$@rwV39ss~E1gx46?THZ@WDgXcg diff --git a/biscuit-auth/samples/test013_block_rules.bc b/biscuit-auth/samples/test013_block_rules.bc index 4ee974ebd970f03662174957ef46707d4047df62..149b4ee813b07486eed803628efcf7616e08b9ce 100644 GIT binary patch delta 244 zcmV1L^~iIbsl1$564MP+2#x6*tBvx-w&#Tr;LeSgNnFCtCv&;)EJN#BB#3 z^Yb(`B0Pfy{jE};V!wF1U7WwdqeaxbroS;j6od{Kx-~zB{kaD{Sg|XNhbqDN<&(nc z21}6k!tLM&k(1L^~iIby8cZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCi-3Wg{Bo50vf+<*gcNb#~UAS%|3`(P>+JG+vNIjrxpz;G_kqJRF{k9c#NP@V&l>_ uE`s@lwgn<03LpWFKWJp3$^XLUc{!*x)Et0|0EDyGy1$bLWcGC18Sb+w!FZ|w diff --git a/biscuit-auth/samples/test014_regex_constraint.bc b/biscuit-auth/samples/test014_regex_constraint.bc index f35237c1ced3f42b78078826b5f83e5f63936ef6..6c3c87e845fd3d16437699ad2b64b8a6897676bb 100644 GIT binary patch delta 142 zcmV;90CE4#0nGuBM}H7i$564MP+2#x6*tBvx-w&#Tr;LeSgNnFCtCv&;)EJN+Cp)P z(qkMF)1*sx5ZuRXYIQVQp4DxBvhE delta 142 zcmV;90CE4#0nGuBM}Mr{ZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycC4leNF9t1V;_KT-{w#YJ)DI1cBZkW@bw9K) w7K`QJwf#X0A|eVP60D>FXZzh65d(go)Ij6a5ZT$@rwV39ss~E1gx46?T0WFURsaA1 diff --git a/biscuit-auth/samples/test015_multi_queries_caveats.bc b/biscuit-auth/samples/test015_multi_queries_caveats.bc index 85fff4171aa1f775b0fb33cb5780ce0fed0e7e76..7c775b723826a7568853d373d8c6da8e2fb13f63 100644 GIT binary patch delta 142 zcmV;90CE4f0k;8=F@F$M$564MP+2#x6*tBvx-w&#Tr;LeSgNnFCtCv&;)EJNu+(PL z9sysdS_faKb@$=P0e;<3KklDmrSLQ1{Q7|qbhhK2{#x?%QUpD@dOw(D1(Kt1^=MmS w#n!9&-4M0|A|eVPndo~Ckyuk6?zIE|6((*gBf_FkdlQVE8wVdMv{>IQVM{eZ9smFU delta 142 zcmV;90CE4f0k;8=F@LPxZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCTh! zR5Z-V8BPH%N9S7mGbyBGh@@!OU3Y6*P%h<@4Fq)x=dpuk7ybtY8`&*P=re6*Eu_kv w>FLz;uUqF0A|eVP60D>FXZzh65d(go)Ij6a5ZT$@rwV39ss~E1gx46?TG?Vk=Kufz diff --git a/biscuit-auth/samples/test016_caveat_head_name.bc b/biscuit-auth/samples/test016_caveat_head_name.bc index 1a56d12fbf36db80b0a7d5ac5f0be0f932a8fa4d..c506641558defdd366216441e87cba70ecd98e16 100644 GIT binary patch delta 244 zcmV3m&U82gVmt+M2kTo@A zprEv}c7T)uk%t|B)Iv=j5|J~ZN0;MF++V5Mr%WpwXR7{Bwb8Raz1mvQ8bFb4R&2*4 z;CC=a{8DD=(AWeq6g9Zkm0L3}f;zI6zM6R7>KOz_b1KR9A#ya&S0=vCi1txw#@<$^ uX0KI68xJBP3Lwfs+OUO??W966w*2(F5e$VZB=9i5nQDm#@GQ*5ezoz6opY4{ delta 244 zcmV_k|2b<2k%t|BpkOBrx9Q37ZjYS9I%MgeWtOiJ%K^l;INyr=dt@YI8bDFN;&{H% z2wMI{QJSU=TT7l3@qwMKvyZifPSd5Czu|<1*z=Yll|a20zq#~kv&09atWoRuhcvYE u`&P0_ZUG`93LpWFKWJp3$^XLUc{!*x)Et0|0EDyGy1$bLWcGC18Sb<327ciH diff --git a/biscuit-auth/samples/test017_expressions.bc b/biscuit-auth/samples/test017_expressions.bc index c41083b5a1841258a20f03acd639eb4c510363d2..10f50241d96621a4a6d9b28f9e7386e98f21d91a 100644 GIT binary patch delta 143 zcmV;A0C4}k4ZRJpHwJ$YRmV`Vp-@>juN61OCb}|XnOrlbM_8(_u_s#t65@m!K=vC< zwES3if9!0HIsRfLox{h45r%>`!;$IsfBgfasJP<9`3aR{}m=~D`=IJSQgsTx!3#vO+RhN1v#8BJQ{YWxmBg| xJs?FBD`>RU3nC&4AQG&k0cZQ&8W972pVUC()eza)-lqy?Mydx&uY}ha*IIf)Lwx`M diff --git a/biscuit-auth/samples/test018_unbound_variables_in_rule.bc b/biscuit-auth/samples/test018_unbound_variables_in_rule.bc index 718e0b58a616be7c919beff2a937fd9d0c9e18a1..36799591e6ee909d7ab50c6dccdf65b85849cc72 100644 GIT binary patch delta 244 zcmVc839AXev$564MP+2#x6*tBvx-w&#Tr;LeSgNnFCtCv&;)EJNq(TtJ zpdMA~-u!)qK*Hwl_zJe}?cPUG-g8f#cmy?g27uG_ErM%)4-L;sTcZR0Oc7~>yD*oC z6Vz_lXOcq)k$yja)Iv=j5|J~ZN0;MF++V5Mr%WpwXR7{Bwb8Raz1mvQ8bGk4K0i#* znM?;}!Is3)92MoD`M4>nTxbiQoRkb7rxJZ8nRQIOcfuYT uErrGJa10_M3Lwfs+OUO??W966w*2(F5e$VZB=9i5nQDm#@GQ*5ezoyQ26M>( delta 244 zcmVc839Ad29ZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycC*T;I z>B*7$<|~K@k$yjapkOBrx9Q37ZjYS9I%MgeWtOiJ%K^l;INyr=dt@YI8bGpK>V?h* zxqb9;iEMmun>k|LZkGp2W}@0J=5ib*3_*)bRYhNN2{tEEG&pm+K?Tu{_NajDxxlm? unDDpL6$K(93LpWFKWJp3$^XLUc{!*x)Et0|0EDyGy1$bLWcGC18Sb-+ba_(% diff --git a/biscuit-auth/samples/test019_generating_ambient_from_variables.bc b/biscuit-auth/samples/test019_generating_ambient_from_variables.bc index 7a90e3279102b15a69034ecb04dc5d0c414d6f05..f486a3c75ef201bfcc57ae1db3003fdb20fff31e 100644 GIT binary patch delta 244 zcmVyD*oC z6Vz_lXOcq)k$xqA)Iv=j5|J~ZN0;MF++V5Mr%WpwXR7{Bwb8Raz1mvQ8bH(df-0Mv z!0tISC_G6#spk>CUDz|5U*hYb-Z%xS)aXqK^Bz>H{Jo3Lwfs+OUO??W966w*2(F5e$VZB=9i5nQDm#@GQ*5ezoyH_;hRl delta 244 zcmV*T;I z>B*7$<|~K@k$xqApkOBrx9Q37ZjYS9I%MgeWtOiJ%K^l;INyr=dt@YI8bJ5c^XlD$ z%rL4v3Y&t6)Ju^EwV;{hEv7_&+j`1f0L@sf*SE1NKes#Cwq)}@(g)cd{Ms!AQari1 u+YXz`1p*=>3LpWFKWJp3$^XLUc{!*x)Et0|0EDyGy1$bLWcGC18Sb;FNqrCi diff --git a/biscuit-auth/samples/test020_sealed.bc b/biscuit-auth/samples/test020_sealed.bc index 82a3b5e6c15ea89a3634a5d421340a92a90cfe8c..6ce220727a82340ea19363b74962f6ddb7927c82 100644 GIT binary patch delta 275 zcmV+u0qp*U1BL^TNMR6F$564MP+2#x6*tBvx-w&#Tr;LeSgNnFCtCv&;)EJNb(NtK zq3c_LrsJ4}E@2qA^|;Hw^ip?@Wl;d-`%kKkIx6)q;>7tXKt=SyPo18R zphVV-=c4S4-MBUNb;r3A>{-2IY;dfunvmO&WV#D5geeZt#3H-57XXr|g!SMcD>3OK zTfD(#4I)AkK%XL(xyYivY8R=K2wdqK!^(SBA#c?(!L27!N|oce%eKWlW4R+$(Mbf6 ZpL6J=Lv7IjM+4^3k>`okwx?ijmIU*`h#>#~ delta 275 zcmV+u0qp*U1BL^TNMWqqZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCB;bJkDS9gWa*z}mah`a0mQaA--`TuWF%u6K(>^xI4&U- z-+cnRh^Jee4BWZp93$SKg2M)}x1w$Snmnhve50rco_mP9HyHl{l)|9gYg>U2WJWHD zIY0AW1tLNcKqV&+EUo6nB{JIQVd|FXZzh65d(go)Ij6a5ZT$@rwV39ss~E1gx46?TA8y!1poj5 diff --git a/biscuit-auth/samples/test022_default_symbols.bc b/biscuit-auth/samples/test022_default_symbols.bc index 8744c10c8fc462d48e0b12c19320fe6f31b90bf7..c12449dfb1e02eb47355c34da33b002e040e449c 100644 GIT binary patch delta 143 zcmV;A0C4}T1FQqECINpCRmV`Vp-@>juN61OCb}|XnOrlbM_8(_u_s#t65@m!Ky}VY z)Rz4y`I!Zf7lWa?M%Vw1Y5CJ+(Nu5OFa`o{u2F=V(HRO#9`3aR{}m=~DHV-<)0oF5q?DKAoq0SZUrqLhiOd!KV_J=ZklQ^L0WBH7l x6jx_CQ#~)Z1R^2|AQG&k0cZQ&8W972pVUC()eza)-lqy?Mydx&uY}ha*IMyUMQZ>6 diff --git a/biscuit-auth/samples/test023_execution_scope.bc b/biscuit-auth/samples/test023_execution_scope.bc index 464ffe623d84d21aa77d03f811b6d7929101fe03..b10a686137f4cbfadeceb1d209d3203f29c745d9 100644 GIT binary patch delta 347 zcmV-h0i^!T1I+`FC}I#*$564MP+2#x6*tBvx-w&#Tr;LeSgNnFCtCv&;)EJN`Lvj3 z%I{vzd*M#Ssk3dE%7M^pFmAB4#eCO8YVmgT4(W3A2?O|k#6}9Zv90{Ssj-_Nrj=SA zjjnx&vIk%Vk%}c^)Iv=j5|J~ZN0;MF++V5Mr%WpwXR7{Bwb8Raz1mvQ8bFAURJjqJ zL_p&FG90<9~M^ZaD@zPpziKnjKbzbD{| zqBdo^4VI~evUJx+RcxODZ`bvZ#zE~4K{F{8A*w_xG7jm^fc33#8<9#3hqK?H%#vcA t&Xgb+1|lK~AQNiDU}ok%}c^pkOBrx9Q37ZjYS9I%MgeWtOiJ%K^l;INyr=dt@YI8bHn{V`+e% zPfBhrYn8fe8LueAX;1w?jS224ECMs5*FG{=6&+xi7kcIzryTo{_**>6$O%%vT{Ow) z2gT&iECiDg0XBd6ji|xTka$)@8~i=Ubur-Tt-6r;8STO{KwE`}e(^RMK%2oJpZXpV z)%`!?fgV+fK5SZ))oxfd=s$Xd6fLy|LW!G_a9T2}WTSQCZe~?vV0^z&);4B>wKy0_ t_~^4V3L+v3Ac)2{# zl@pq1ywH96W1l7&Kwb(erCssPg%9|*niAnp8juQoM-up;>J^@-|hwl~(_NL_lanu3 zI{Mu#Q`pgtLx3>6c`^HvNa>eg8#EgqZ3g S7rcMrzuh3p;rYM0+Tj3>LAo*k delta 389 zcmX@be2RI3cKw>WxzWM<-??{x>-_OR=wD^W{?a(xn!unbReMBcA7bnjQsH0_Qdp3n z&b$5P$q#w`a}HajyquppZN1QG#v|J-?sxsEPEkpga`^f<-|S%5tXi`Kv#hyiKE8Xu zTPt~L;nUU2%tg*KJrTO3^nKO6gI@0=Pse;@d2o5}F6TLp?ke+iISWi?Z2FMMC%`dr zvwHo{-W3PWPpAlUmi}XVqSWxgtF^l({FHoq$jBkOwY~16nUq7NV*QyZO*W_h$lSiR z>U%*aTjcI3S9%uu-u++j^1|h|C8cq$dc|7oGJP{zPHFJ1Wu4=0ZGGiceACN$kB_tj zHn1pVa5+d+O_k3{@}HY(Yx<U&pS9 zu*E@~IpWW2itKOJ&epNB5B7WR%nJz;+Nt*MqC*Q1~X!L$NO(*%_In wbvjn;^u=urA|eVPndo~Ckyuk6?zIE|6((*gBf_FkdlQVE8wVdMv{>IQVa;woO8@`> delta 142 zcmV;90CE3<0)hgNe1ELnZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCRhuQEOP4bU#Ddys!(#_VHCTeJ2m_KC5G>}xMe5dI^)^}Z}p4B};H#lSCqg#d; w9TOo)sMVMXA|eVP60D>FXZzh65d(go)Ij6a5ZT$@rwV39ss~E1gx46?S~IRi&;S4c diff --git a/biscuit-auth/samples/test026_public_keys_interning.bc b/biscuit-auth/samples/test026_public_keys_interning.bc index 1b56f8965f7ceb4cdf0348cb7ceccc21422a314a..1a5ecf3c702aa44ed5ff10746a13418c1b7a372e 100644 GIT binary patch delta 1001 zcmZ3&wS;See!W2G@qmpB10v1Wi<%!(+hvqIGsbwCd&H{s8`Yzkg&wsCscUgI@xixOd;TunX}++R&%{u7zBub%|J0jrr-!R8Y`T8EV@LF^pFz)0KdfEWxUup5 z;k}_-ZmKh#OsM^15ppU?s^QT$ufLt)J-v(Srx&NS9M2Bbv}e=ckDZ}* z?6UTY{VKeVq#RUKO3pf8*tOS6CE?7Rt3LPL7ILp)`o1oEXS4W;`p{<_o2DF57fVR1 zys$uY$-5t&jB_8pl88Q-*vig#RBi)vBM-=PFT=e3LtR!ja_!p7buBz4oL{tCuXIg_ zYq0O7wHJ%DH(RZh$jdMNR~fy*&&kca`EXDwcT~CHH%~($|HrK>55;mod`Bq4CaW>K z*LR22H!?)C9NPY=byDgcZS6q$y$Kg|Iv0Oi+O044>&R^>hc40RZ_{t7M424&o;lM) zol_t=wC&Rg$t-Exz^~8jr`B8vO0KS+!l>PToFzAibHRt{3O+MW$V(e-{<2N+jaWG| z$VbmyP4Y6{-~N0oFyYwLQ8lyQ)1TIJQ&sPq$(%pKpz!3m#&({`8y^5OP1le0yo{>^ zCwO@-UnF?r%?Hz)ENkTBE-}?~r`=n#(YH3)uQ;!t>GEOye`inXHGh2OAjfcS#+@s= z4MwHi>tv27FeoW;Dcs4-kc?{K-6OG2=JMmbp1sC@?!S$;<`r7LLbkWkrOyBW)sep* delta 1001 zcmZ3&wS;See*K!exzWM<-??{x>-_OR=wD^W{?a(xn!unbReMBcA7bnjQsH0_Qg~wS z9$@ijli%_SliPDnb%y^_?fP@K)Voe(5gAi?i-dCQ$fPv1#GY7w7z|5Ht08!~y*e*R;e;r!Z9Rnv@knI~?~ zs$Y>hlWmMfrcWE!vve_l+%eo7uDj42fUQeUE>9 z>#%5KJfF%TR^y4e6WFT@`jRZOzij0_TkbHaev2W)Pj#7_&0IHvW z67}&>PoQP*B#ngN6MUWzvNkv$>gQ`_OqOx_GGk}f9Fy1Sub=T~%cP!v&S_=aJE^lz zC#mZ*E5xyc!dGen6PJwyixLMH8^>gMChPi$uQQWw^O&bDxz=_$Q(LcYHtU9O4{|k? z*Eat`aDqIyFVRk7*18wWKdBcNaMt%kBSREHPr05_|C<>Zp&i_!OKypXWmx(|K>Wj&s+aBAH;WrB5bl6 zvwOYr+`IcsoR2(OJ?-Edb0@jVcczDV5}X({LgE>#)YuB)c$2E68Y;7?46nQd3JJ_;RNsGI+ZuaCw{)J$UnRJ zCLhR0$M(z%yYyw!r>&C?ztu8&=9<3pp`)==J@+)<9fgZ}@^+os+q59KsQ#&>$HUeG zVzcb!Q||x!bLQ7Vj@3t2#(kS*!A_))ELrU9fA+38cz!}fn6vaB+Y_aR4_>X^HQ}e^ z+e1bU(XH)uAI%^}{cvEgtl-K`DL7koT>kxxpw25j_bLM0`jpCC&PJrQ>q$9e+~#7I zygTt-n#I5P#|=N3YmztDUr6_!`$1-1oWq}g<_lbAoL=lT$=N1IQVLSUfi~s-t delta 142 zcmV;90CE4x0?7i9!+)&ZZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCisr)H2Q5+)!5`u9Yx# wMk0RvrxV8uA|eVP60D>FXZzh65d(go)Ij6a5ZT$@rwV39ss~E1gx46?TFBK!X8-^I diff --git a/biscuit-auth/samples/test028_expressions_v4.bc b/biscuit-auth/samples/test028_expressions_v4.bc index 63f8f7889740717e4f3728e273f5750cc7071a99..c34d7a103fcfe7a1ada52e0be46ec70f544137e0 100644 GIT binary patch delta 142 zcmV;90CE3>1B3&R{(lfv$564MP+2#x6*tBvx-w&#Tr;LeSgNnFCtCv&;)EJN5r3vr zbWDYnVO3sgZ&{GzsON!yk+^!MnHz0nDREe|=!D5F5cHpP$zW;Uaw?{FgPU@79I4U% wgQo&pSsmaDA|eVPndo~Ckyuk6?zIE|6((*gBf_FkdlQVE8wVdMv{>IQVU5;3?EnA( delta 142 zcmV;90CE3>1B3&R{(r39ZCg{n?njIEiTL0W{&|SMbzVJuQBst8ycCFXZzh65d(go)Ij6a5ZT$@rwV39ss~E1gx46?S_2Y8M*si- From a443d4fc63eb4fcc23e587575af49450afaf7826 Mon Sep 17 00:00:00 2001 From: Geoffroy Couprie Date: Tue, 15 Aug 2023 17:28:07 +0200 Subject: [PATCH 4/7] Update biscuit-auth/Cargo.toml Co-authored-by: pinkforest(she/her) <36498018+pinkforest@users.noreply.github.com> --- biscuit-auth/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/biscuit-auth/Cargo.toml b/biscuit-auth/Cargo.toml index cb6cb796..99e21b87 100644 --- a/biscuit-auth/Cargo.toml +++ b/biscuit-auth/Cargo.toml @@ -37,7 +37,7 @@ rand = { version = "0.8" } inline-c = { version = "0.1", optional = true } wasm-bindgen = { version = "0.2", optional = true } base64 = "0.13.0" -ed25519-dalek = { version = "2.0.0-rc.2", features = ["rand_core", "zeroize"] } +ed25519-dalek = { version = "2.0.0", features = ["rand_core", "zeroize"] } serde = { version = "1.0.132", optional = true, features = ["derive"] } getrandom = { version = "0.1.16" } time = { version = "0.3.7", features = ["formatting", "parsing"] } From ff2687067af392febefe77095fd0987433eeb14a Mon Sep 17 00:00:00 2001 From: Geoffroy Couprie Date: Wed, 16 Aug 2023 21:53:20 +0200 Subject: [PATCH 5/7] remove the keypair field from the public API --- biscuit-auth/src/crypto/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/biscuit-auth/src/crypto/mod.rs b/biscuit-auth/src/crypto/mod.rs index 4feaabeb..9cfa0fff 100644 --- a/biscuit-auth/src/crypto/mod.rs +++ b/biscuit-auth/src/crypto/mod.rs @@ -19,7 +19,7 @@ use zeroize::Zeroize; /// pair of cryptographic keys used to sign a token's block #[derive(Debug)] pub struct KeyPair { - pub kp: ed25519_dalek::SigningKey, + pub(crate) kp: ed25519_dalek::SigningKey, } impl KeyPair { From e6f47dc1085b5241f4bfe17090799eea61e6c053 Mon Sep 17 00:00:00 2001 From: Geoffroy Couprie Date: Wed, 23 Aug 2023 21:59:38 +0200 Subject: [PATCH 6/7] update samples with the more deterministic keys --- biscuit-auth/samples/README.md | 74 +++++++++++++++---------------- biscuit-auth/samples/samples.json | 62 +++++++++++++------------- 2 files changed, 68 insertions(+), 68 deletions(-) diff --git a/biscuit-auth/samples/README.md b/biscuit-auth/samples/README.md index 3f61f248..0f915a7b 100644 --- a/biscuit-auth/samples/README.md +++ b/biscuit-auth/samples/README.md @@ -1897,11 +1897,11 @@ result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedB authority: symbols: [] -public keys: ["ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284"] +public keys: ["ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"] ``` right("read"); -check if group("admin") trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; +check if group("admin") trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; ``` 1: @@ -1909,7 +1909,7 @@ symbols: [] public keys: [] -external signature by: "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284" +external signature by: "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" ``` group("admin"); @@ -1924,8 +1924,8 @@ allow if true; ``` revocation ids: -- `4d3b72f5c769501fa7cbfd3f7821bcc341ab644ac78a748437d8aaae0f72049d90a6c98e876d910c68dd5583cca85bf7187ced3bf535d6d4c4d202a0d8c05d0e` -- `ad70c176b9b62b09d0c8428b7b94b19374d2c7218bf452caccc41197ccb8c8f26a7d9e07f89c0397fe915e4977a87381ca75f6dd52526de698e38c33fc7fb305` +- `470e4bf7aa2a01ab39c98150bd06aa15b4aa5d86509044a8809a8634cd8cf2b42269a51a774b65d10bac9369d013070b00187925196a8e680108473f11cf8f03` +- `93a7315ab1272da9eeef015f6fecbc9ac96fe4660e6204bf64ea2105ebe309e9c9cadc0a26c5604f13910fae3f2cd0800756afb6b6b208bf77adeb1ab2f42405` authorizer world: ``` @@ -1950,7 +1950,7 @@ World { } rules: {} checks: { - "check if group(\"admin\") trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", + "check if group(\"admin\") trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", "check if right(\"read\")", } policies: { @@ -2085,25 +2085,25 @@ result: `Err(FailedLogic(Unauthorized { policy: Allow(0), checks: [Block(FailedB authority: symbols: [] -public keys: ["ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284"] +public keys: ["ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189"] ``` query(0); -check if true trusting previous, ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; +check if true trusting previous, ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; ``` 1: symbols: [] -public keys: ["ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1"] +public keys: ["ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463"] -external signature by: "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284" +external signature by: "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" ``` query(1); -query(1, 2) <- query(1), query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; -check if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; -check if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; +query(1, 2) <- query(1), query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; +check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; +check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; ``` 2: @@ -2111,12 +2111,12 @@ symbols: [] public keys: [] -external signature by: "ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1" +external signature by: "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463" ``` query(2); -check if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; -check if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; +check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; +check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; ``` 3: @@ -2124,43 +2124,43 @@ symbols: [] public keys: [] -external signature by: "ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1" +external signature by: "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463" ``` query(3); -check if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; -check if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; +check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; +check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; ``` 4: symbols: [] -public keys: ["ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97"] +public keys: ["ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136"] ``` query(4); -check if query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; -check if query(4) trusting ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97; +check if query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; +check if query(4) trusting ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136; ``` ### validation authorizer code: ``` -check if query(1, 2) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284, ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1; +check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463; deny if query(3); deny if query(1, 2); -deny if query(0) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284; +deny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189; allow if true; ``` revocation ids: -- `40dc7572f86987690e2ae2755b57a33d0b372cdc482fe598300901e0f6eabcfda5b937a18d0e34312d9f1705bd4f65d9ed9776cb1b15fc42f2b40636106b260c` -- `a349c4a2f01a7e8ef45c3335afaf41885bbaf952e7cbe17da681b181efc3bd55b4d92702c9607dfc3854ca621a80e2f64afd89578c8da297736684c76b552d0d` -- `242474cd43d0babd3a2460cc9cd54cdf46a10bac02f7ae6bb98317c87f55e608b294c42716606679d0a015a4eef889019de1ea185bc16185070ec51eb003810c` -- `8a155bf697da245a34c24b999948270910635586f2c8196a1b3d51f5e63f957cd452637b7b94012b87c7046d5209a0f097204c99c81f1b32b3f4b621ec167703` -- `8af8af0d01aa11904a49a7a211d8ecf035d904ac1f5ed2027c8b66deacb14d7d634e736e8f02d3c32ffecdc92e83f1e6401e00ce98dcd48032758bae1cc42000` +- `3771cefe71beb21ead35a59c8116ee82627a5717c0295f35980662abccb159fe1b37848cb1818e548656bd4fd882d0094a2daab631c76b2b72e3a093914bfe04` +- `45133b90f228a81fe4d3042a79f6c6b7608e656e903d6b1f4db32cd774b09b8315af360879a5f210ad7be37ff55e3eb34f237bcc9711407b6329ac6018bfb400` +- `179f054f3c572646aba5013159ae192ac42f5666dbdd984129955f4652b6829e59f54aa251e451f96329d42a2524ce569c3e1ec52e708b642dd8994af51dd703` +- `edab54789d6656936fcd28200b9c61643434842d531f09f209fad555e11ff53174db174dafba126e6de448983a56f78d2042bc5782d71a45799c022fe69fb30d` +- `6a62306831e9dbe83e7b33db96b758c77dd690930f2d2d87e239b210b1944c5582bf6d7e1bfea8e7f928c27f2fff0e2ee2e0adc41e11e0c3abe8d7b96b9ede07` authorizer world: ``` @@ -2220,23 +2220,23 @@ World { } rules: { ( - "query(1, 2) <- query(1), query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", + "query(1, 2) <- query(1), query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", Some( 1, ), ), } checks: { - "check if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", - "check if query(1, 2) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284, ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", - "check if query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", - "check if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", - "check if query(4) trusting ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97", - "check if true trusting previous, ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", + "check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "check if query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "check if query(4) trusting ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136", + "check if true trusting previous, ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", } policies: { "allow if true", - "deny if query(0) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", + "deny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", "deny if query(1, 2)", "deny if query(3)", } diff --git a/biscuit-auth/samples/samples.json b/biscuit-auth/samples/samples.json index 10a52992..6e9a4bb8 100644 --- a/biscuit-auth/samples/samples.json +++ b/biscuit-auth/samples/samples.json @@ -1793,15 +1793,15 @@ { "symbols": [], "public_keys": [ - "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284" + "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" ], "external_key": null, - "code": "right(\"read\");\ncheck if group(\"admin\") trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\n" + "code": "right(\"read\");\ncheck if group(\"admin\") trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" }, { "symbols": [], "public_keys": [], - "external_key": "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", + "external_key": "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", "code": "group(\"admin\");\ncheck if right(\"read\");\n" } ], @@ -1824,7 +1824,7 @@ ], "rules": [], "checks": [ - "check if group(\"admin\") trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", + "check if group(\"admin\") trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", "check if right(\"read\")" ], "policies": [ @@ -1836,8 +1836,8 @@ }, "authorizer_code": "allow if true;\n", "revocation_ids": [ - "4d3b72f5c769501fa7cbfd3f7821bcc341ab644ac78a748437d8aaae0f72049d90a6c98e876d910c68dd5583cca85bf7187ced3bf535d6d4c4d202a0d8c05d0e", - "ad70c176b9b62b09d0c8428b7b94b19374d2c7218bf452caccc41197ccb8c8f26a7d9e07f89c0397fe915e4977a87381ca75f6dd52526de698e38c33fc7fb305" + "470e4bf7aa2a01ab39c98150bd06aa15b4aa5d86509044a8809a8634cd8cf2b42269a51a774b65d10bac9369d013070b00187925196a8e680108473f11cf8f03", + "93a7315ab1272da9eeef015f6fecbc9ac96fe4660e6204bf64ea2105ebe309e9c9cadc0a26c5604f13910fae3f2cd0800756afb6b6b208bf77adeb1ab2f42405" ] } } @@ -1962,38 +1962,38 @@ { "symbols": [], "public_keys": [ - "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284" + "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" ], "external_key": null, - "code": "query(0);\ncheck if true trusting previous, ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\n" + "code": "query(0);\ncheck if true trusting previous, ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" }, { "symbols": [], "public_keys": [ - "ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1" + "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463" ], - "external_key": "ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", - "code": "query(1);\nquery(1, 2) <- query(1), query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\ncheck if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\ncheck if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\n" + "external_key": "ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "code": "query(1);\nquery(1, 2) <- query(1), query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" }, { "symbols": [], "public_keys": [], - "external_key": "ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", - "code": "query(2);\ncheck if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\ncheck if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\n" + "external_key": "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "code": "query(2);\ncheck if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" }, { "symbols": [], "public_keys": [], - "external_key": "ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", - "code": "query(3);\ncheck if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\ncheck if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\n" + "external_key": "ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "code": "query(3);\ncheck if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\n" }, { "symbols": [], "public_keys": [ - "ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97" + "ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136" ], "external_key": null, - "code": "query(4);\ncheck if query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\ncheck if query(4) trusting ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97;\n" + "code": "query(4);\ncheck if query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\ncheck if query(4) trusting ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136;\n" } ], "validations": { @@ -2040,21 +2040,21 @@ ], "rules": [ [ - "query(1, 2) <- query(1), query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", + "query(1, 2) <- query(1), query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", 1 ] ], "checks": [ - "check if query(1) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", - "check if query(1, 2) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284, ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", - "check if query(2) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", - "check if query(2), query(3) trusting ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1", - "check if query(4) trusting ed25519/36c3ed63ef8610854966d4f042078d78fdebc705a502ad2b90f3fc64f7bebb97", - "check if true trusting previous, ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284" + "check if query(1) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", + "check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "check if query(2) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "check if query(2), query(3) trusting ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463", + "check if query(4) trusting ed25519/f98da8c1cf907856431bfc3dc87531e0eaadba90f919edc232405b85877ef136", + "check if true trusting previous, ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189" ], "policies": [ "allow if true", - "deny if query(0) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284", + "deny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189", "deny if query(1, 2)", "deny if query(3)" ] @@ -2062,13 +2062,13 @@ "result": { "Ok": 3 }, - "authorizer_code": "check if query(1, 2) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284, ed25519/d4424d1e129133a14797e34cdc5fa9daa74c2b1b67aafe4fb5d1b33ebdda5ad1;\n\ndeny if query(3);\ndeny if query(1, 2);\ndeny if query(0) trusting ed25519/1055c750b1a1505937af1537c626ba3263995c33a64758aaafb1275b0312e284;\nallow if true;\n", + "authorizer_code": "check if query(1, 2) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189, ed25519/a060270db7e9c9f06e8f9cc33a64e99f6596af12cb01c4b638df8afc7b642463;\n\ndeny if query(3);\ndeny if query(1, 2);\ndeny if query(0) trusting ed25519/acdd6d5b53bfee478bf689f8e012fe7988bf755e3d7c5152947abc149bc20189;\nallow if true;\n", "revocation_ids": [ - "40dc7572f86987690e2ae2755b57a33d0b372cdc482fe598300901e0f6eabcfda5b937a18d0e34312d9f1705bd4f65d9ed9776cb1b15fc42f2b40636106b260c", - "a349c4a2f01a7e8ef45c3335afaf41885bbaf952e7cbe17da681b181efc3bd55b4d92702c9607dfc3854ca621a80e2f64afd89578c8da297736684c76b552d0d", - "242474cd43d0babd3a2460cc9cd54cdf46a10bac02f7ae6bb98317c87f55e608b294c42716606679d0a015a4eef889019de1ea185bc16185070ec51eb003810c", - "8a155bf697da245a34c24b999948270910635586f2c8196a1b3d51f5e63f957cd452637b7b94012b87c7046d5209a0f097204c99c81f1b32b3f4b621ec167703", - "8af8af0d01aa11904a49a7a211d8ecf035d904ac1f5ed2027c8b66deacb14d7d634e736e8f02d3c32ffecdc92e83f1e6401e00ce98dcd48032758bae1cc42000" + "3771cefe71beb21ead35a59c8116ee82627a5717c0295f35980662abccb159fe1b37848cb1818e548656bd4fd882d0094a2daab631c76b2b72e3a093914bfe04", + "45133b90f228a81fe4d3042a79f6c6b7608e656e903d6b1f4db32cd774b09b8315af360879a5f210ad7be37ff55e3eb34f237bcc9711407b6329ac6018bfb400", + "179f054f3c572646aba5013159ae192ac42f5666dbdd984129955f4652b6829e59f54aa251e451f96329d42a2524ce569c3e1ec52e708b642dd8994af51dd703", + "edab54789d6656936fcd28200b9c61643434842d531f09f209fad555e11ff53174db174dafba126e6de448983a56f78d2042bc5782d71a45799c022fe69fb30d", + "6a62306831e9dbe83e7b33db96b758c77dd690930f2d2d87e239b210b1944c5582bf6d7e1bfea8e7f928c27f2fff0e2ee2e0adc41e11e0c3abe8d7b96b9ede07" ] } } From ae2e52c97d9b637c043568d5d52386febb67dff0 Mon Sep 17 00:00:00 2001 From: Geoffroy Couprie Date: Wed, 23 Aug 2023 22:14:02 +0200 Subject: [PATCH 7/7] update samples --- biscuit-auth/samples/test024_third_party.bc | Bin 458 -> 458 bytes .../samples/test026_public_keys_interning.bc | Bin 1316 -> 1316 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/biscuit-auth/samples/test024_third_party.bc b/biscuit-auth/samples/test024_third_party.bc index 7cf6f1c3784cd5a7b16e39ba332c2f63fbe981fb..7bca415c6f4aeff3f27628adbaa6211f6e263493 100644 GIT binary patch delta 286 zcmX@be2RI3w!)gbxzWM<-??{x>-_OR=wD^W{?a(xn!unbReMBcA7bpB=&j-4&gcDo zl@{Y_%ae@(d)ZcrZdn!E7BInOMZ>H%le0aawkTyTl`8j6y~w?0a^?kLc5ViVN>$0M zz6?eVcYDF}{mc_Ld)7~0ZWy&uU3cZX_l)uRZ}!YOng1k>FNtM;$}2_I*N-`0o;-Dj zOYLZazwku%Vt!-QI{qS-xf7P1>}$`R$dhq5wE4`6=_(Y zUb}MS64Qbk2V(gqZuYESTX3*!=QeH53n!eqtEX(7Typ8SV)vJzQ)i9{PCv8b#HXy< zdF(&tFi-zCG0wAmMRDV)(r8{G|$;p>19sO>WDeP_KKeIJ!omjcg+t1qiLdkV3 QLMj{#LIk}$c^RV$0Mr(T_y7O^ diff --git a/biscuit-auth/samples/test026_public_keys_interning.bc b/biscuit-auth/samples/test026_public_keys_interning.bc index 1a5ecf3c702aa44ed5ff10746a13418c1b7a372e..49e417b23324b9ef24fa82114610e0ab3c3a14fe 100644 GIT binary patch delta 780 zcmZ3&wS;SezQUTjxzWM<-??{x>-_OR=wD^W{?a(xn!unbReMBcA7bpB=&#{mUU=?b z;l53BYfYEVX%u_clvEWien2zcbOu|}>N6W7|4Ey-^lWVG3uz16>wlx^0;iYms%?hH zv$cyJFPJ>h`yb21?O6&764ZIOzdZRNuYb;AtCW}XQ>U#LI?Z@wo5lUEKh-HJ$&(!! zHR@f3ttWiaSRw!9GK*H_w`1EA`cm^I*k;T7Zq~V8vSD_!=z24b%B7zK)>c2R{~Bkv z*SWC|2@?CaFeqhkIpi#zAMg44!S8vFpWFSl)e1U0n>?jHPL|4<_UXvN z292M`Wb|&_c%CM$@P95h+lpvg**}jT_N)utw$nmSTjnxj6pN4w2ZIp7aG5O3lvyu6 zpVi+cT+MCuQbxnbb&^^~^uy9_-<{#8IW^ubXj{{~$gf_D0-pr_OxC=jrK)l+Y>u7W zQN4oh6x|y$y}rs`X9l_VPIkTSc9!NhAFEQGekVN_2$#9%chK^2tG!B;bJ&{LJjRcK z+Pgme_+ounw^>0^)RLo5ao1A}E zLxFovVv31Li*B$y=O@lzS3@7le>E(*E$+L1mr!2r6OS2IVc&Zdoc4q_U6*pLoWrF5 zZ2o3mkbC)c4n2Mr|98*r=tYfs7fTY(m3%bX?rinJODyt1@#ddz-TJ!vmp$-4Ipefi zy5OoqZ8P-upLSCFy=_KtiS~k8&l)x&-D}BWukf>X#liCvD#Dzl|Ja@=HGJ@D?XC$w zCEp%0a)@qiulr~=c?OGyLspVOhT+TGFYKy~Z%^AEalH20gvtE6y6ulFHwkQ<;uG4m oKetZ$--_oyH4fG5|L4bogRhZgZVG9{Nvb7;rK^`1Weg-=#av7xwa*80yX!XWi?cdh_k{veVL{ zf1EyTVKWoRR^yqtJxk$=ldqi6MB|0-(;xfXiC=kZxsSGV`l^5aTQ6?5+j}eO;$%lg zjrzr&M;3jMs_Xj_V{E#9y<JrWdER9M2BbHE6uoz3DW>O-G#Y?^XJT`VE3^1=eqCGUQ8GR}SY zN+SATVk$?w|)T0PUQd~jm#t@!);IO|fT zwb~Ot|4I42Z};@cGgvenx_+$ZWn3jV!OL^`BEcJPKA7HQStB2JiK(VL?cSP=zO~7I n#d-Zqmk;azJ9|>E`QtMOIfipH?p$dwD(zk;b3}n*5~~UTEn8(Z