ACP -> WAC

Author: langsamu

src/acp/Matcher.ts

@@ -6,4 +6,16 @@ export class Matcher extends Typed {
     get agent(): Set<string> {
         return SetFrom.subjectPredicate(this, ACP.agent, NamedNodeAs.string, NamedNodeFrom.string)
     }
+
+    get client(): Set<string> {
+        return SetFrom.subjectPredicate(this, ACP.client, NamedNodeAs.string, NamedNodeFrom.string)
+    }
+
+    get issuer(): Set<string> {
+        return SetFrom.subjectPredicate(this, ACP.issuer, NamedNodeAs.string, NamedNodeFrom.string)
+    }
+
+    get vc(): Set<string> {
+        return SetFrom.subjectPredicate(this, ACP.vc, NamedNodeAs.string, NamedNodeFrom.string)
+    }
 }

src/acp/Policy.ts

@@ -8,11 +8,19 @@ export class Policy extends Typed {
         return SetFrom.subjectPredicate(this, ACP.allow, NamedNodeAs.string, NamedNodeFrom.string)
     }
 
+    get deny(): Set<string> {
+        return SetFrom.subjectPredicate(this, ACP.deny, NamedNodeAs.string, NamedNodeFrom.string)
+    }
+
     get anyOf(): Set<Matcher> {
         return SetFrom.subjectPredicate(this, ACP.anyOf, TermAs.instance(Matcher), TermFrom.instance)
     }
 
     get allOf(): Set<Matcher> {
         return SetFrom.subjectPredicate(this, ACP.allOf, TermAs.instance(Matcher), TermFrom.instance)
     }
+
+    get noneOf(): Set<Matcher> {
+        return SetFrom.subjectPredicate(this, ACP.noneOf, TermAs.instance(Matcher), TermFrom.instance)
+    }
 }

src/vocabulary/acp.ts

@@ -5,9 +5,14 @@ export const ACP = {
   Policy: "http://www.w3.org/ns/solid/acp#Policy",
   accessControl: "http://www.w3.org/ns/solid/acp#accessControl",
   agent: "http://www.w3.org/ns/solid/acp#agent",
+  client: "http://www.w3.org/ns/solid/acp#client",
+  issuer: "http://www.w3.org/ns/solid/acp#issuer",
+  vc: "http://www.w3.org/ns/solid/acp#vc",
   allow: "http://www.w3.org/ns/solid/acp#allow",
+  deny: "http://www.w3.org/ns/solid/acp#deny",
   anyOf: "http://www.w3.org/ns/solid/acp#anyOf",
   allOf: "http://www.w3.org/ns/solid/acp#allOf",
+  noneOf: "http://www.w3.org/ns/solid/acp#noneOf",
   apply: "http://www.w3.org/ns/solid/acp#apply",
   memberAccessControl: "http://www.w3.org/ns/solid/acp#memberAccessControl",
   mode: "http://www.w3.org/ns/solid/acp#mode",

test/unit/wac2acp.test.ts

@@ -44,20 +44,13 @@ async function wacToAcp() {
     const wac = new AclResource(read(wacRdf), DataFactory)
     const result = new Store()
 
-    for (const auth of wac.authorizations) {
-        processAuthorization(auth, result)
-    }
+    for (const auth of wac.authorizations) processAuthorization(auth, result)
 
-    console.log("--------------------------")
-    console.log("WAC -> ACP")
-    console.log(await write(result))
-    console.log("--------------------------")
+    await log("WAC -> ACP", result)
 }
 
 function processAuthorization(auth: Authorization, result: DatasetCore) {
-    if (auth.origin.size > 0) {
-        throw new Error("WAC origin cannot be translated to ACP")
-    }
+    if (any(auth.origin)) throw new Wac2AcpError("origin")
 
     if (auth.accessTo !== undefined) {
         const acr = new AccessControlResource(auth.factory.blankNode(), result, auth.factory)
@@ -81,27 +74,15 @@ function populatePolicy(acr: AccessControlResource, auth: Authorization, resourc
 
     acr.resource = resource
 
-    for (const mode of auth.mode) {
-        policy.allow.add(mode)
-    }
+    for (const mode of auth.mode) policy.allow.add(mode)
 
     for (const agent of auth.agent) {
-        matcher.agent.add(agent)
+        if (agent === FOAF.Agent) matcher.agent.add(ACP.PublicAgent)
+        else if (agent === ACL.AuthenticatedAgent) matcher.agent.add(ACP.AuthenticatedAgent)
+        else matcher.agent.add(agent)
     }
 
-    if (auth.agentGroup !== undefined) {
-        for (const member of auth.agentGroup.hasMember) {
-            matcher.agent.add(member)
-        }
-    }
-
-    if (auth.agentClass.has(ACL.AuthenticatedAgent)) {
-        matcher.agent.add(ACP.AuthenticatedAgent)
-    }
-
-    if (auth.agentClass.has(FOAF.Agent)) {
-        matcher.agent.add(ACP.PublicAgent)
-    }
+    for (const member of auth.agentGroup?.hasMember ?? []) matcher.agent.add(member)
 }
 
 //#endregion
@@ -111,16 +92,48 @@ function populatePolicy(acr: AccessControlResource, auth: Authorization, resourc
 const acpRdf = `
 `;
 
-function acpToWac() {
+async function acpToWac() {
     const acp = new AcrDataset(read(acpRdf), DataFactory)
+    const result = new Store()
 
-    if (acp.acr != undefined) {
-        processAcr(acp.acr)
-    }
+    if (acp.acr != undefined) processAcr(acp.acr, result)
+
+    await log("ACP -> WAC", result)
+}
+
+function processAcr(acr: AccessControlResource, result: DatasetCore) {
+    const auth = new Authorization(acr.factory.blankNode(), result, acr.factory)
+
+    if (any(acr.accessControl)) auth.accessTo = acr.resource
+    if (any(acr.memberAccessControl)) auth.default = acr.resource
+
+    for (const ac of acr.accessControl) processAc(ac, auth)
+    for (const ac of acr.memberAccessControl) processAc(ac, auth)
 }
 
-function processAcr(acr: AccessControlResource) {
+function processAc(ac: AccessControl, auth: Authorization) {
+    for (const policy of ac.apply) {
+        if (any(policy.deny)) throw new Acp2WacError("deny")
+        if (any(policy.anyOf)) throw new Acp2WacError("anyOf")
+        if (any(policy.noneOf)) throw new Acp2WacError("noneOf")
+
+        for (const mode of policy.allow) auth.mode.add(mode)
+
+        for (const matcher of policy.allOf) {
+            if (any(matcher.client)) throw new Acp2WacError("client")
+            if (any(matcher.issuer)) throw new Acp2WacError("issuer")
+            if (any(matcher.vc)) throw new Acp2WacError("vc")
+
+            for (const agent of matcher.agent) {
+                if (agent === ACP.CreatorAgent) throw new Acp2WacError("CreatorAgent")
+                if (agent === ACP.OwnerAgent) throw new Acp2WacError("OwnerAgent")
 
+                if (agent === ACP.PublicAgent) auth.agent.add(FOAF.Agent)
+                else if (agent === ACP.AuthenticatedAgent) auth.agent.add(ACL.AuthenticatedAgent)
+                else auth.agent.add(agent)
+            }
+        }
+    }
 }
 
 //#endregion
@@ -135,6 +148,8 @@ const ACL = {
 
 const ACP = {
     AuthenticatedAgent: "http://www.w3.org/ns/solid/acp#AuthenticatedAgent",
+    CreatorAgent: "http://www.w3.org/ns/solid/acp#CreatorAgent",
+    OwnerAgent: "http://www.w3.org/ns/solid/acp#OwnerAgent",
     PublicAgent: "http://www.w3.org/ns/solid/acp#PublicAgent",
 } as const
 
@@ -156,7 +171,7 @@ function read(rdf: string): DatasetCore {
     return dataset
 }
 
-export function write(dataset: DatasetCore): Promise<string> {
+function write(dataset: DatasetCore): Promise<string> {
     return new Promise((resolve, reject) => {
         const writer = new Writer({
             prefixes: {
@@ -178,4 +193,39 @@ export function write(dataset: DatasetCore): Promise<string> {
     })
 }
 
+function any<T>(set: Set<T>) {
+    return set.size > 0
+}
+
+async function log(title: string, dataset: DatasetCore) {
+    console.log("--------------------------")
+    console.log(title)
+    console.log(await write(dataset))
+    console.log("--------------------------")
+}
+
+//#region Errors
+
+class TranslationError extends Error {
+    constructor(prefix: string, property: string, target: string, cause?: any) {
+        super(`${prefix}:${property} cannot be translated to ${target}`)
+        this.name = this.constructor.name
+        this.cause = cause
+    }
+}
+
+class Acp2WacError extends TranslationError {
+    constructor(property: string, cause?: any) {
+        super("acp", property, "WAC", cause)
+    }
+}
+
+class Wac2AcpError extends TranslationError {
+    constructor(property: string, cause?: any) {
+        super("acl", property, "ACP", cause)
+    }
+}
+
+//#endregion
+
 //#endregion