source: java/net/deterlab/abac/Credential.java @ 1a7e6d3

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since 1a7e6d3 was 1a7e6d3, checked in by Ted Faber <faber@…>, 13 years ago

Write IDs and creds (better reading too)
  • Property mode set to 100644
File size: 3.9 KB
RevLine 
[31b67d5]1package net.deterlab.abac;
2
[7ef13e3]3import java.io.*;
4
5import java.util.*;
6import java.security.*;
7import java.security.cert.*;
8
[9725efb]9import net.deterlab.abac.Identity;
[90f939f]10
11import org.bouncycastle.asn1.*;
12import org.bouncycastle.x509.*;
13import org.bouncycastle.jce.provider.X509AttrCertParser;
[7ef13e3]14import org.bouncycastle.jce.provider.X509CertificateObject;
15import org.bouncycastle.openssl.PEMReader;
[90f939f]16
[31b67d5]17public class Credential {
[9725efb]18    protected static Vector<Identity> s_ids = new Vector<Identity>();
[31b67d5]19    /**
20     * Create a credential from a head and tail role. This is only for testing.
21     * In a real implementation the Credential must be loaded from an X.509
22     * attribute cert.
23     */
24    public Credential(Role head, Role tail) {
25        m_head = head;
26        m_tail = tail;
27    }
28
[90f939f]29    /**
[7ef13e3]30     * Do the credential initialization from a filename.
[90f939f]31     */
[1a7e6d3]32    protected void init(InputStream stream) throws Exception {
[90f939f]33        X509AttrCertParser parser = new X509AttrCertParser();
[1a7e6d3]34        parser.engineInit(stream);
[90f939f]35        m_ac = (X509V2AttributeCertificate)parser.engineRead();
[7ef13e3]36        m_id = null;
37
[9725efb]38        for (Identity id: s_ids) {
[7ef13e3]39            try {
[9725efb]40                m_ac.verify(id.getCertificate().getPublicKey(), "BC");
[7ef13e3]41                m_id = id;
42                break;
43            }
[9725efb]44            catch (InvalidKeyException e) { }
[7ef13e3]45        }
46        if (m_id == null) throw new InvalidKeyException("Unknown identity");
[90f939f]47
48        load_roles();
49    }
50
[7ef13e3]51    /**
52     * Create a credential from an attribute cert. Throws an exception if the
53     * cert file can't be opened or if there's a format problem with the cert.
54     */
55    public Credential(String filename) throws Exception {
[1a7e6d3]56        init(new FileInputStream(filename));
[7ef13e3]57    }
58
59    /**
60     * Create a credential from an attribute cert. Throws an exception if the
61     * cert file can't be opened or if there's a format problem with the cert.
62     */
63    public Credential(File file) throws Exception {
[1a7e6d3]64        init(new FileInputStream(file));
65    }
66
67    /**
68     * Create a credential from an InputStream.
69     */
70    public Credential(InputStream s) throws Exception { 
71        init(s);
[7ef13e3]72    }
73
74
[90f939f]75    /**
76     * Load the roles off the attribute cert. Throws a RuntimeException if
77     * there's something wrong with the cert.
78     */
79    private void load_roles() throws RuntimeException {
80        String roles = null;
81        try {
82            X509Attribute attr = m_ac.getAttributes()[0];
83
84            DERSequence    java     = (DERSequence)attr.getValues()[0];
85            DERSequence    fucking  = (DERSequence)java.getObjectAt(0);
86            DERUTF8String  sucks    = (DERUTF8String)fucking.getObjectAt(0);
87
88            roles = sucks.getString();
89        }
90        catch (Exception e) {
91            throw new RuntimeException("Your attribute certificate is funky and I'm not gonna debug it", e);
92        }
93
94        String[] parts = roles.split("\\s*<--?\\s*");
95        if (parts.length != 2)
96            throw new RuntimeException("Invalid attribute: " + roles);
97
98        m_head = new Role(parts[0]);
99        m_tail = new Role(parts[1]);
100    }
101
[31b67d5]102    /**
103     * Get the head role from the credential.
104     */
105    public Role head() {
106        return m_head;
107    }
108
109    /**
110     * Get the tail role from the credential
111     */
112    public Role tail() {
113        return m_tail;
114    }
115
[90f939f]116    /**
117     * Gets the cert associated with this credential (if any).
118     */
119    public X509V2AttributeCertificate cert() {
120        return m_ac;
121    }
122
[31b67d5]123    /**
124     * Turn the credential into string form. The format is head &lt;- tail. For
125     * example: A.r1 &lt;- B.r2.r3.
126     */
127    public String toString() {
128        return m_head + " <- " + m_tail;
129    }
130
[1a7e6d3]131    public void write(OutputStream s) throws IOException {
132        s.write(m_ac.getEncoded());
133    }
134
135    public void write(String fn) throws IOException, FileNotFoundException {
136        write(new FileOutputStream(fn));
137    }
138
139
[31b67d5]140    private Role m_head, m_tail;
[90f939f]141
142    private X509V2AttributeCertificate m_ac;
[9725efb]143    private Identity m_id;
[7ef13e3]144
[9725efb]145    public static void addIdentity(Identity id) { s_ids.add(id); }
146    public static Collection<Identity> identities() { return s_ids; }
[31b67d5]147}
Note: See TracBrowser for help on using the repository browser.