import java.io.*; import java.util.*; import edu.uci.ics.jung.graph.*; import net.deterlab.abac.Credential; import net.deterlab.abac.CredentialGraph; import net.deterlab.abac.Query; import net.deterlab.abac.Role; import net.deterlab.abac.Identity; import org.bouncycastle.openssl.PEMReader; import org.bouncycastle.jce.provider.X509CertificateObject; import java.security.KeyPair; import java.security.PublicKey; // import org.bouncycastle.util.io.pem.PemObject; /** * Simple test of the native Java implementation of ABAC. Loads credentials * from an rt0 file and runs a query against them. */ public class GraphTest { /** * Translate either keys to nicknames or vice versa. Break the string into * space separated tokens and then each of them into period separated * strings. If any of the smallest strings is in the map, replace it with * the value. */ protected static String replace(String is, Map m) { String rv = ""; for (String tok: is.split(" ")) { String term = ""; for (String s: tok.split("\\.")) { String next = m.containsKey(s) ? m.get(s) : s; if (term.isEmpty()) term = next; else term += "." + next; } if (rv.isEmpty()) rv = term; else rv += " " + term; } return rv; } /** * Import a credential from a der file and add it to the credential graph. */ protected static void importCred(File f, CredentialGraph g) throws Exception { Credential c = new Credential(f); g.add_credential(c); } /** * Import a directory full of files, using the suffixes as determinants. * First import all the identities (pem), then the credentials (der) into * the credential graph then any alias files into the two maps. */ protected static void importDir(File d, CredentialGraph g, Map nick, Map keys) { Vector ids = new Vector(); Vector creds = new Vector(); Vector alias = new Vector(); for (File f: d.listFiles()) { if (f.getPath().endsWith(".pem")) ids.add(f); else if (f.getPath().endsWith(".der") ) creds.add(f); else System.out.println(f + " of unknown type"); } for (File f: ids ){ try { Identity id = new Identity(f); Credential.addIdentity(id); nick.put(id.getName(), id.getKeyID()); keys.put(id.getKeyID(),id.getName()); } catch (Exception e) { System.err.println("Cannot add " + f + ": " + e); } } for (File f: creds) { try { importCred(f, g); } catch (Exception e) { System.err.println("Cannot add " + f + ": " + e); } } } public static void main(String[] args) throws IOException { if (args.length < 3) { System.out.println("Usage: GraphTest "); System.out.println(" runs the query role <-?- principal and prints the result"); System.exit(1); } CredentialGraph graph = new CredentialGraph(); TreeMap nicknames = new TreeMap(); TreeMap keys = new TreeMap(); String role = args[args.length-2]; String prin = args[args.length-1]; for (int i= 0; i < args.length-2; i++) { File f = new File(args[i]); try { if (f.isDirectory()) importDir(f, graph, nicknames, keys); else if (f.getPath().endsWith(".pem")) { Identity id = new Identity(f); Credential.addIdentity(id); nicknames.put(id.getName(), id.getKeyID()); keys.put(id.getKeyID(),id.getName()); } else if (f.getPath().endsWith(".der")) importCred(f, graph); else System.out.println(f + " of unknown type"); } catch (Exception e) { System.err.println("Failed to process " + f + ": " +e); } } // Translate nicknames into key ids. role = replace(role, nicknames); prin = replace(prin, nicknames); // // run the query // Query q = graph.querier(); Graph ret = q.run(role, prin); for (Credential c : ret.getEdges()) System.out.println(replace(c.toString(), keys)); for (Identity i: Credential.identities()) System.out.println("ID: " + i); } }