remove previous_key from ThirdPartyBlockRequest

Same as for `legacyPublicKeys`, it is now deprecated and should not be set. It is kept in the schema to allow implementations to make sure it is not set.
biscuit-auth · Nov 21, 2024 · 17ea8f5 · 17ea8f5
1 parent fe3e74d
commit 17ea8f5
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 23 deletions.
diff --git a/biscuit-auth/src/format/schema.proto b/biscuit-auth/src/format/schema.proto
@@ -217,7 +217,7 @@ message AuthorizerPolicies {
 }
 
 message ThirdPartyBlockRequest {
-  required PublicKey legacyPreviousKey = 1;
+  optional PublicKey legacyPreviousKey = 1;
   repeated PublicKey legacyPublicKeys = 2;
   required bytes previousSignature = 3;
 

diff --git a/biscuit-auth/src/format/schema.rs b/biscuit-auth/src/format/schema.rs
@@ -334,8 +334,8 @@ pub struct AuthorizerPolicies {
 }
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct ThirdPartyBlockRequest {
-    #[prost(message, required, tag="1")]
-    pub legacy_previous_key: PublicKey,
+    #[prost(message, optional, tag="1")]
+    pub legacy_previous_key: ::core::option::Option<PublicKey>,
     #[prost(message, repeated, tag="2")]
     pub legacy_public_keys: ::prost::alloc::vec::Vec<PublicKey>,
     #[prost(bytes="vec", required, tag="3")]

diff --git a/biscuit-auth/src/token/third_party.rs b/biscuit-auth/src/token/third_party.rs
@@ -4,7 +4,7 @@ use prost::Message;
 
 use crate::{
     builder::BlockBuilder,
-    crypto::{generate_external_signature_payload_v1, PublicKey},
+    crypto::generate_external_signature_payload_v1,
     datalog::SymbolTable,
     error,
     format::{convert::token_block_to_proto_block, schema, SerializedBiscuit},
@@ -16,7 +16,6 @@ use super::THIRD_PARTY_SIGNATURE_VERSION;
 /// Third party block request
 #[derive(Debug)]
 pub struct ThirdPartyRequest {
-    pub(crate) legacy_previous_key: PublicKey,
     pub(crate) previous_signature: Vec<u8>,
 }
 
@@ -28,31 +27,21 @@ impl ThirdPartyRequest {
             return Err(error::Token::AppendOnSealed);
         }
 
-        let legacy_previous_key = container
-            .blocks
-            .last()
-            .unwrap_or(&container.authority)
-            .next_key;
-
         let previous_signature = container
             .blocks
             .last()
             .unwrap_or(&container.authority)
             .signature
             .to_bytes()
             .to_vec();
-        Ok(ThirdPartyRequest {
-            legacy_previous_key,
-            previous_signature,
-        })
+        Ok(ThirdPartyRequest { previous_signature })
     }
 
     pub fn serialize(&self) -> Result<Vec<u8>, error::Token> {
-        let legacy_previous_key = self.legacy_previous_key.to_proto();
         let previous_signature = self.previous_signature.clone();
 
         let request = schema::ThirdPartyBlockRequest {
-            legacy_previous_key,
+            legacy_previous_key: None,
             legacy_public_keys: Vec::new(),
             previous_signature,
         };
@@ -75,20 +64,21 @@ impl ThirdPartyRequest {
             error::Format::DeserializationError(format!("deserialization error: {:?}", e))
         })?;
 
-        let legacy_previous_key = PublicKey::from_proto(&data.legacy_previous_key)?;
-
         if !data.legacy_public_keys.is_empty() {
             return Err(error::Token::Format(error::Format::DeserializationError(
                 "public keys were provided in third-party block request".to_owned(),
             )));
         }
 
+        if data.legacy_previous_key.is_some() {
+            return Err(error::Token::Format(error::Format::DeserializationError(
+                "previous public key was provided in third-party block request".to_owned(),
+            )));
+        }
+
         let previous_signature = data.previous_signature.to_vec();
 
-        Ok(ThirdPartyRequest {
-            legacy_previous_key,
-            previous_signature,
-        })
+        Ok(ThirdPartyRequest { previous_signature })
     }
 
     pub fn deserialize_base64<T>(slice: T) -> Result<Self, error::Token>