Merge pull request #138 from preuss-adam/apreuss/make-blocks-visible

Korbik · web-flow · commit 3ad37d7b9437 · 2026-02-01T09:06:45.000+01:00
Add examining the blocks (readonly) of the biscuit.
diff --git a/src/main/java/org/eclipse/biscuit/token/Biscuit.java b/src/main/java/org/eclipse/biscuit/token/Biscuit.java
@@ -253,11 +253,8 @@ public static Biscuit fromBytesWithSymbols(
    */
   static Biscuit fromSerializedBiscuit(SerializedBiscuit ser, SymbolTable symbolTable)
       throws Error {
-    Pair<Block, ArrayList<Block>> t = ser.extractBlocks(symbolTable);
-    Block authority = t._1;
-    ArrayList<Block> blocks = t._2;
-
-    return new Biscuit(authority, blocks, symbolTable, ser);
+    Pair<Block, List<Block>> t = ser.extractBlocks(symbolTable);
+    return new Biscuit(t._1, t._2, symbolTable, ser);
   }
 
   /**
diff --git a/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java b/src/main/java/org/eclipse/biscuit/token/UnverifiedBiscuit.java
@@ -21,7 +21,6 @@
 import org.eclipse.biscuit.crypto.KeyPair;
 import org.eclipse.biscuit.crypto.PublicKey;
 import org.eclipse.biscuit.datalog.Check;
-import org.eclipse.biscuit.datalog.Pair;
 import org.eclipse.biscuit.datalog.SymbolTable;
 import org.eclipse.biscuit.error.Error;
 import org.eclipse.biscuit.token.format.ExternalSignature;
@@ -92,11 +91,8 @@ public static UnverifiedBiscuit fromBytesWithSymbols(byte[] data, SymbolTable sy
    */
   private static UnverifiedBiscuit fromSerializedBiscuit(
       SerializedBiscuit ser, SymbolTable symbolTable) throws Error {
-    Pair<Block, ArrayList<Block>> t = ser.extractBlocks(symbolTable);
-    Block authority = t._1;
-    ArrayList<Block> blocks = t._2;
-
-    return new UnverifiedBiscuit(authority, blocks, symbolTable, ser);
+    var t = ser.extractBlocks(symbolTable);
+    return new UnverifiedBiscuit(t._1, t._2, symbolTable, ser);
   }
 
   /**
@@ -201,15 +197,12 @@ public List<Optional<PublicKey>> externalPublicKeys() {
         .collect(Collectors.toList());
   }
 
-  public List<List<Check>> getChecks() {
-    ArrayList<List<Check>> l = new ArrayList<>();
-    l.add(new ArrayList<>(this.authority.getChecks()));
-
-    for (Block b : this.blocks) {
-      l.add(new ArrayList<>(b.getChecks()));
-    }
+  public List<Block> getBlocks() {
+    return Stream.concat(Stream.of(authority), blocks.stream()).collect(Collectors.toList());
+  }
 
-    return l;
+  public List<List<Check>> getChecks() {
+    return getBlocks().stream().map(Block::getChecks).collect(Collectors.toList());
   }
 
   public List<Optional<String>> getContext() {
diff --git a/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java b/src/main/java/org/eclipse/biscuit/token/format/SerializedBiscuit.java
@@ -14,6 +14,7 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.SignatureException;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
 import java.util.stream.Stream;
@@ -489,7 +490,7 @@ static Result<org.eclipse.biscuit.crypto.PublicKey, Error> verifyBlockSignature(
     return Result.ok(signedBlock.getKey());
   }
 
-  public Pair<Block, ArrayList<Block>> extractBlocks(SymbolTable symbolTable) throws Error {
+  public Pair<Block, List<Block>> extractBlocks(SymbolTable symbolTable) throws Error {
     ArrayList<Optional<org.eclipse.biscuit.crypto.PublicKey>> blockExternalKeys = new ArrayList<>();
     var authRes = Block.fromBytes(this.authority.getBlock(), Optional.empty());
     if (authRes.isErr()) {
@@ -534,7 +535,7 @@ public Pair<Block, ArrayList<Block>> extractBlocks(SymbolTable symbolTable) thro
       blocks.add(block);
     }
 
-    return new Pair<>(authority, blocks);
+    return new Pair<>(authority, Collections.unmodifiableList(blocks));
   }
 
   public Result<Void, Error> seal()
