fix scopes execution

src/main/java/com/clevercloud/biscuit/token/Authorizer.java

@@ -1,5 +1,6 @@
 package com.clevercloud.biscuit.token;
 
+import com.clevercloud.biscuit.crypto.PublicKey;
 import com.clevercloud.biscuit.datalog.*;
 import com.clevercloud.biscuit.datalog.Scope;
 import com.clevercloud.biscuit.error.Error;
@@ -108,6 +109,10 @@ public void update_on_token() throws Error.FailedLogic {
  }
  }
  this.publicKeyToBlockId.putAll(token.publicKeyToBlockId);
+ for(Long keyId: token.publicKeyToBlockId.keySet()) {
+ PublicKey pk = token.symbols.get_pk((int) keyId.longValue()).get();
+ this.symbols.insert(pk);
+ }
  }
  }
 
@@ -336,8 +341,16 @@ public Long authorize(RunLimits limits) throws Error {
  if (token != null) {
  for (com.clevercloud.biscuit.datalog.Fact fact : token.authority.facts) {
  com.clevercloud.biscuit.datalog.Fact converted_fact = Fact.convert_from(fact, token.symbols).convert(this.symbols);
- world.add_fact(authorizerOrigin, converted_fact);
+ world.add_fact(new Origin(0), converted_fact);
  }
+
+ TrustedOrigins authorityTrustedOrigins = TrustedOrigins.fromScopes(
+ token.authority.scopes,
+ TrustedOrigins.defaultOrigins(),
+ 0,
+ this.publicKeyToBlockId
+ );
+
  for (com.clevercloud.biscuit.datalog.Rule rule : token.authority.rules) {
  com.clevercloud.biscuit.token.builder.Rule _rule = Rule.convert_from(rule, token.symbols);
  com.clevercloud.biscuit.datalog.Rule converted_rule = _rule.convert(this.symbols);
@@ -346,27 +359,35 @@ public Long authorize(RunLimits limits) throws Error {
  if(res.isLeft()){
  throw new Error.FailedLogic(new LogicError.InvalidBlockRule(0, token.symbols.print_rule(converted_rule)));
  }
+ TrustedOrigins ruleTrustedOrigins = TrustedOrigins.fromScopes(
+ converted_rule.scopes(),
+ authorityTrustedOrigins,
+ 0,
+ this.publicKeyToBlockId
+ );
+ world.add_rule((long) 0, ruleTrustedOrigins, converted_rule);
  }
 
  for (int i = 0; i < token.blocks.size(); i++) {
- Block b = token.blocks.get(i);
+ Block block = token.blocks.get(i);
  TrustedOrigins blockTrustedOrigins = TrustedOrigins.fromScopes(
- b.scopes,
+ block.scopes,
  TrustedOrigins.defaultOrigins(),
  i + 1,
  this.publicKeyToBlockId
  );
  SymbolTable blockSymbols = token.symbols;
- if (b.externalKey.isDefined()) {
- blockSymbols = new SymbolTable(b.symbols.symbols, symbols.publicKeys);
+
+ if (block.externalKey.isDefined()) {
+ blockSymbols = new SymbolTable(block.symbols.symbols, token.symbols.publicKeys());
  }
 
- for (com.clevercloud.biscuit.datalog.Fact fact : b.facts) {
+ for (com.clevercloud.biscuit.datalog.Fact fact : block.facts) {
  com.clevercloud.biscuit.datalog.Fact converted_fact = Fact.convert_from(fact, blockSymbols).convert(this.symbols);
  world.add_fact(new Origin(i + 1), converted_fact);
  }
 
- for (com.clevercloud.biscuit.datalog.Rule rule : b.rules) {
+ for (com.clevercloud.biscuit.datalog.Rule rule : block.rules) {
  com.clevercloud.biscuit.token.builder.Rule _rule = Rule.convert_from(rule, blockSymbols);
  com.clevercloud.biscuit.datalog.Rule converted_rule = _rule.convert(this.symbols);
 
@@ -478,13 +499,13 @@ public Long authorize(RunLimits limits) throws Error {
 
  for (int j = 0; j < policy.queries.size(); j++) {
  com.clevercloud.biscuit.datalog.Rule query = policy.queries.get(j).convert(symbols);
- TrustedOrigins ruleTrustedOrigins = TrustedOrigins.fromScopes(
+ TrustedOrigins policyTrustedOrigins = TrustedOrigins.fromScopes(
  query.scopes(),
  authorizerTrustedOrigins,
  Long.MAX_VALUE,
  this.publicKeyToBlockId
  );
- boolean res = world.query_match(query, Long.MAX_VALUE, ruleTrustedOrigins, symbols);
+ boolean res = world.query_match(query, Long.MAX_VALUE, policyTrustedOrigins, symbols);
 
  if (Instant.now().compareTo(timeLimit) >= 0) {
  throw new Error.Timeout();
@@ -512,7 +533,7 @@ public Long authorize(RunLimits limits) throws Error {
  );
  SymbolTable blockSymbols = token.symbols;
  if(b.externalKey.isDefined()) {
- blockSymbols = new SymbolTable(b.symbols.symbols, symbols.publicKeys);
+ blockSymbols = new SymbolTable(b.symbols.symbols, token.symbols.publicKeys());
  }
 
  for (int j = 0; j < b.checks.size(); j++) {

src/main/java/com/clevercloud/biscuit/token/builder/Biscuit.java

@@ -37,8 +37,8 @@ public class Biscuit {
  public Biscuit(final SecureRandom rng, final KeyPair root, SymbolTable base_symbols) {
  this.rng = rng;
  this.root = root;
- this.symbol_start = base_symbols.symbols.size();
- this.publicKeyStart = base_symbols.publicKeys.size();
+ this.symbol_start = base_symbols.currentOffset();
+ this.publicKeyStart = base_symbols.currentPublicKeyOffset();
  this.symbols = new SymbolTable(base_symbols);
  this.context = "";
  this.facts = new ArrayList<>();
@@ -145,8 +145,8 @@ public com.clevercloud.biscuit.token.Biscuit build() throws Error {
  }
 
  List<PublicKey> publicKeys = new ArrayList<>();
- for (int i = this.publicKeyStart; i < this.symbols.publicKeys.size(); i++) {
- publicKeys.add(this.symbols.publicKeys.get(i));
+ for (int i = this.publicKeyStart; i < this.symbols.currentPublicKeyOffset(); i++) {
+ publicKeys.add(this.symbols.publicKeys().get(i));
  }
 
  SchemaVersion schemaVersion = new SchemaVersion(this.facts, this.rules, this.checks, this.scopes);

src/main/java/com/clevercloud/biscuit/token/builder/Block.java

@@ -34,8 +34,8 @@ public class Block {
 
  public Block(long index, SymbolTable base_symbols) {
  this.index = index;
- this.symbol_start = base_symbols.symbols.size();
- this.publicKeyStart = base_symbols.publicKeys.size();
+ this.symbol_start = base_symbols.currentOffset();
+ this.publicKeyStart = base_symbols.currentPublicKeyOffset();
  this.symbols = new SymbolTable(base_symbols);
  this.context = "";
  this.facts = new ArrayList<>();
@@ -116,8 +116,8 @@ public com.clevercloud.biscuit.token.Block build() {
  }
 
  List<PublicKey> publicKeys = new ArrayList<>();
- for (int i = this.publicKeyStart; i < this.symbols.publicKeys.size(); i++) {
- publicKeys.add(this.symbols.publicKeys.get(i));
+ for (int i = this.publicKeyStart; i < this.symbols.currentPublicKeyOffset(); i++) {
+ publicKeys.add(this.symbols.publicKeys().get(i));
  }
 
  SchemaVersion schemaVersion = new SchemaVersion(this.facts, this.rules, this.checks, this.scopes);

src/main/java/com/clevercloud/biscuit/token/format/SerializedBiscuit.java

@@ -460,7 +460,7 @@ public Tuple3<Block, ArrayList<Block>, HashMap<Long, List<Long>>> extractBlocks(
  }
  Block authority = authRes.get();
  for(PublicKey pk: authority.publicKeys()) {
- symbols.publicKeys.add(pk);
+ symbols.insert(pk);
  }
  blockExternalKeys.add(Option.none());
 
@@ -483,7 +483,7 @@ public Tuple3<Block, ArrayList<Block>, HashMap<Long, List<Long>>> extractBlocks(
 
  // blocks with external signatures keep their own symbol table
  if(bdata.externalSignature.isDefined()) {
- symbols.publicKeys.add(bdata.externalSignature.get().key);
+ symbols.insert(bdata.externalSignature.get().key);
  blockExternalKeys.add(Option.some(bdata.externalSignature.get().key));
  } else {
  blockExternalKeys.add(Option.none());
@@ -492,7 +492,7 @@ public Tuple3<Block, ArrayList<Block>, HashMap<Long, List<Long>>> extractBlocks(
  }
  }
  for(PublicKey pk: block.publicKeys()) {
- symbols.publicKeys.add(pk);
+ symbols.insert(pk);
  }
  blocks.add(block);
  }