| 1 | |
|---|
| 2 | /***** |
|---|
| 3 | abac_attr.java |
|---|
| 4 | |
|---|
| 5 | To demonstrate how to use ABAC's api in java |
|---|
| 6 | |
|---|
| 7 | call: abac_attr IceCream_ID.pem IceCream_private.pem IceCream_attr.der Chocolate_ID.pem |
|---|
| 8 | |
|---|
| 9 | This program will generate 2 principal credentials, (IceCream, Chocolate) and |
|---|
| 10 | an attribute rule, write it out to an external |
|---|
| 11 | file and also load it into the context (prolog db) |
|---|
| 12 | [keyid:IceCream].delicious <- [Keyid:Chocolate] |
|---|
| 13 | |
|---|
| 14 | Then, a query is made against the context to see if it is populated correctly. |
|---|
| 15 | |
|---|
| 16 | Note: Chocolate's principal is loaded without it private key. It does not |
|---|
| 17 | need to because it is not being used to generate attribute credential |
|---|
| 18 | ***/ |
|---|
| 19 | |
|---|
| 20 | import java.io.*; |
|---|
| 21 | import java.util.*; |
|---|
| 22 | |
|---|
| 23 | import net.deterlab.abac.*; |
|---|
| 24 | |
|---|
| 25 | public class abac_attr { |
|---|
| 26 | |
|---|
| 27 | static { |
|---|
| 28 | System.loadLibrary("jABAC"); |
|---|
| 29 | } |
|---|
| 30 | |
|---|
| 31 | public static void main(String[] args) { |
|---|
| 32 | Context ctxt=new Context(); |
|---|
| 33 | |
|---|
| 34 | ID iceID=new ID("IceCream",0); |
|---|
| 35 | iceID.id_write_cert("IceCream_ID.pem"); |
|---|
| 36 | iceID.id_write_privkey("IceCream_private.pem"); |
|---|
| 37 | |
|---|
| 38 | ID chocoID=new ID("Chocolate",0); |
|---|
| 39 | chocoID.id_write_cert("Chocolate_ID.pem"); |
|---|
| 40 | chocoID.id_write_privkey("Chocolate_private.pem"); |
|---|
| 41 | |
|---|
| 42 | /* ctxt.load_id(chocoID); */ |
|---|
| 43 | /* ctxt.load_id_chunks(iceID.id_cert_chunk(), iceID.id_privkey_chunk()); */ |
|---|
| 44 | /*or, ctxt.load_id(iceID); */ |
|---|
| 45 | |
|---|
| 46 | /* create an attribute cert |
|---|
| 47 | iceCream.delicous <- chocolate */ |
|---|
| 48 | Role head= new Role(iceID.id_keyid(),"delicious"); |
|---|
| 49 | Role tail= new Role(chocoID.id_keyid()); |
|---|
| 50 | |
|---|
| 51 | Attribute attr = new Attribute(head, 1800); |
|---|
| 52 | attr.attribute_add_tail(tail); |
|---|
| 53 | attr.attribute_bake(); |
|---|
| 54 | |
|---|
| 55 | /* write it out */ |
|---|
| 56 | attr.attribute_write_cert("IceCream_attr.der"); |
|---|
| 57 | |
|---|
| 58 | ctxt.load_id(chocoID); |
|---|
| 59 | ctxt.load_id_chunks(iceID.id_cert_chunk(), iceID.id_privkey_chunk()); |
|---|
| 60 | ctxt.load_attribute(attr); |
|---|
| 61 | |
|---|
| 62 | /* load attribute cert into the context */ |
|---|
| 63 | /* bad--ctxt.load_attribute_chunk(attr.cert_chunk()); */ |
|---|
| 64 | /* or, ctxt.load_attribute(attr); */ |
|---|
| 65 | |
|---|
| 66 | /* what is in prolog db |
|---|
| 67 | ctxt.dump_yap_db(); */ |
|---|
| 68 | |
|---|
| 69 | AttributeVector credentials = ctxt.query(head, tail); |
|---|
| 70 | long sz=credentials.size(); |
|---|
| 71 | if(sz > 0) |
|---|
| 72 | System.out.println("prover success!!"); |
|---|
| 73 | else |
|---|
| 74 | System.out.println("prover failed!!"); |
|---|
| 75 | |
|---|
| 76 | for(int i=0; i<sz; i++) { |
|---|
| 77 | Attribute c=credentials.get(i); |
|---|
| 78 | System.out.println(c.head_string()+"<- "+c.tail_string()); |
|---|
| 79 | } |
|---|
| 80 | |
|---|
| 81 | ctxt.free_context_now(); |
|---|
| 82 | System.out.println("done, main from abac_attr.java"); |
|---|
| 83 | |
|---|
| 84 | } |
|---|
| 85 | } |
|---|
| 86 | |
|---|
