1 | import java.io.*; |
---|
2 | import java.util.*; |
---|
3 | |
---|
4 | import edu.uci.ics.jung.graph.*; |
---|
5 | |
---|
6 | import net.deterlab.abac.Credential; |
---|
7 | import net.deterlab.abac.CredentialGraph; |
---|
8 | import net.deterlab.abac.Query; |
---|
9 | import net.deterlab.abac.Role; |
---|
10 | import net.deterlab.abac.Identity; |
---|
11 | |
---|
12 | import org.bouncycastle.openssl.PEMReader; |
---|
13 | import org.bouncycastle.jce.provider.X509CertificateObject; |
---|
14 | import java.security.KeyPair; |
---|
15 | import java.security.PublicKey; |
---|
16 | // import org.bouncycastle.util.io.pem.PemObject; |
---|
17 | |
---|
18 | |
---|
19 | /** |
---|
20 | * Simple test of the native Java implementation of ABAC. Loads credentials |
---|
21 | * from an rt0 file and runs a query against them. |
---|
22 | */ |
---|
23 | public class GraphTest { |
---|
24 | /** |
---|
25 | * Translate either keys to nicknames or vice versa. Break the string into |
---|
26 | * space separated tokens and then each of them into period separated |
---|
27 | * strings. If any of the smallest strings is in the map, replace it with |
---|
28 | * the value. |
---|
29 | */ |
---|
30 | protected static String replace(String is, Map<String, String> m) { |
---|
31 | String rv = ""; |
---|
32 | for (String tok: is.split(" ")) { |
---|
33 | String term = ""; |
---|
34 | for (String s: tok.split("\\.")) { |
---|
35 | String next = m.containsKey(s) ? m.get(s) : s; |
---|
36 | |
---|
37 | if (term.isEmpty()) term = next; |
---|
38 | else term += "." + next; |
---|
39 | } |
---|
40 | if (rv.isEmpty()) rv = term; |
---|
41 | else rv += " " + term; |
---|
42 | } |
---|
43 | return rv; |
---|
44 | } |
---|
45 | |
---|
46 | |
---|
47 | /** |
---|
48 | * Import a credential from a der file and add it to the credential graph. |
---|
49 | */ |
---|
50 | protected static void importCred(File f, CredentialGraph g) |
---|
51 | throws Exception { |
---|
52 | Credential c = new Credential(f); |
---|
53 | g.add_credential(c); |
---|
54 | } |
---|
55 | |
---|
56 | |
---|
57 | /** |
---|
58 | * Import a directory full of files, using the suffixes as determinants. |
---|
59 | * First import all the identities (pem), then the credentials (der) into |
---|
60 | * the credential graph then any alias files into the two maps. |
---|
61 | */ |
---|
62 | protected static void importDir(File d, CredentialGraph g, |
---|
63 | Map<String, String> nick, Map<String, String> keys) { |
---|
64 | Vector<File> ids = new Vector<File>(); |
---|
65 | Vector<File> creds = new Vector<File>(); |
---|
66 | Vector<File> alias = new Vector<File>(); |
---|
67 | |
---|
68 | for (File f: d.listFiles()) { |
---|
69 | if (f.getPath().endsWith(".pem")) ids.add(f); |
---|
70 | else if (f.getPath().endsWith(".der") ) creds.add(f); |
---|
71 | else System.out.println(f + " of unknown type"); |
---|
72 | } |
---|
73 | for (File f: ids ){ |
---|
74 | try { |
---|
75 | Identity id = new Identity(f); |
---|
76 | |
---|
77 | Credential.addIdentity(id); |
---|
78 | nick.put(id.getName(), id.getKeyID()); |
---|
79 | keys.put(id.getKeyID(),id.getName()); |
---|
80 | } |
---|
81 | catch (Exception e) { |
---|
82 | System.err.println("Cannot add " + f + ": " + e); |
---|
83 | } |
---|
84 | } |
---|
85 | |
---|
86 | for (File f: creds) { |
---|
87 | try { |
---|
88 | importCred(f, g); |
---|
89 | } |
---|
90 | catch (Exception e) { |
---|
91 | System.err.println("Cannot add " + f + ": " + e); |
---|
92 | } |
---|
93 | } |
---|
94 | } |
---|
95 | public static void main(String[] args) throws IOException { |
---|
96 | if (args.length < 3) { |
---|
97 | System.out.println("Usage: GraphTest <files> <role> <principal>"); |
---|
98 | System.out.println(" runs the query role <-?- principal and prints the result"); |
---|
99 | System.exit(1); |
---|
100 | } |
---|
101 | |
---|
102 | CredentialGraph graph = new CredentialGraph(); |
---|
103 | TreeMap<String, String> nicknames = new TreeMap<String, String>(); |
---|
104 | TreeMap<String, String> keys = new TreeMap<String, String>(); |
---|
105 | String role = args[args.length-2]; |
---|
106 | String prin = args[args.length-1]; |
---|
107 | |
---|
108 | for (int i= 0; i < args.length-2; i++) { |
---|
109 | File f = new File(args[i]); |
---|
110 | |
---|
111 | try { |
---|
112 | if (f.isDirectory()) |
---|
113 | importDir(f, graph, nicknames, keys); |
---|
114 | else if (f.getPath().endsWith(".pem")) { |
---|
115 | Identity id = new Identity(f); |
---|
116 | Credential.addIdentity(id); |
---|
117 | nicknames.put(id.getName(), id.getKeyID()); |
---|
118 | keys.put(id.getKeyID(),id.getName()); |
---|
119 | } |
---|
120 | else if (f.getPath().endsWith(".der")) |
---|
121 | importCred(f, graph); |
---|
122 | else |
---|
123 | System.out.println(f + " of unknown type"); |
---|
124 | } |
---|
125 | catch (Exception e) { |
---|
126 | System.err.println("Failed to process " + f + ": " +e); |
---|
127 | } |
---|
128 | } |
---|
129 | |
---|
130 | // Translate nicknames into key ids. |
---|
131 | role = replace(role, nicknames); |
---|
132 | prin = replace(prin, nicknames); |
---|
133 | // |
---|
134 | // run the query |
---|
135 | // |
---|
136 | |
---|
137 | Query q = graph.querier(); |
---|
138 | Graph<Role, Credential> ret = q.run(role, prin); |
---|
139 | for (Credential c : ret.getEdges()) |
---|
140 | System.out.println(replace(c.toString(), keys)); |
---|
141 | |
---|
142 | for (Identity i: Credential.identities()) |
---|
143 | System.out.println("ID: " + i); |
---|
144 | } |
---|
145 | } |
---|