Context Navigation

source: java/net/deterlab/abac/Credential.java @ 3f928b0

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml

Last change on this file since 3f928b0 was 675770e, checked in by Ted Faber <faber@…>, 12 years ago
Allow users to set validity periods.
Property mode set to `100644`
File size: 8.1 KB

Rev	Line
[31b67d5]	1	package net.deterlab.abac;
	2
[7ef13e3]	3	import java.io.*;
[281158a]	4	import java.math.*;
[7ef13e3]	5
	6	import java.util.*;
	7	import java.security.*;
	8	import java.security.cert.*;
	9
[e36ea1d]	10	import javax.security.auth.x500.*;
[90f939f]	11
	12	import org.bouncycastle.asn1.*;
[e9360e2]	13	import org.bouncycastle.asn1.x509.*;
[90f939f]	14	import org.bouncycastle.x509.*;
[e36ea1d]	15	import org.bouncycastle.x509.util.*;
	16	import org.bouncycastle.openssl.*;
	17
	18	/**
	19	* An ABAC credential, with or without an underlying certificate that
[3797bbe]	20	* represents it. These are edges in proof graphs and can be constructed from
[e36ea1d]	21	* their constituent Roles.
	22	* @author <a href="http://abac.deterlab.net">ISI ABAC team</a>
[4560b65]	23	* @version 1.4
[e36ea1d]	24	*/
[7b33c9b]	25	public abstract class Credential implements Comparable {
[675770e]	26	/** Default validity period (in seconds) */
	27	static public long defaultValidity = 3600L * 24L * 365L;
[e36ea1d]	28	/** The role at the head */
	29	protected Role m_head
	30	/** The role at the tail */;
[d69593c]	31	protected Role m_tail;
[e36ea1d]	32	/** The identity that issued the certificate */
[d69593c]	33	protected Identity id;
[7f614c1]	34	/** The expiration time of the credential */
	35	protected Date m_expiration;
[0595372]	36
[9394f1f]	37	/**
[e36ea1d]	38	* Create an empty Credential.
[9394f1f]	39	*/
[a7f73b5]	40	Credential() {
[9394f1f]	41	m_head = m_tail = null;
[0595372]	42	id = null;
[7f614c1]	43	m_expiration = null;
[9394f1f]	44	}
[31b67d5]	45	/**
[e36ea1d]	46	* Create a credential from a head and tail role. This credential has no
	47	* underlying certificate, and cannot be exported or used in real proofs.
	48	* make_cert can create a certificate for a credential initialized this
	49	* way.
	50	* @param head the Role at the head of the credential
	51	* @param tail the Role at the tail of the credential
[31b67d5]	52	*/
[a7f73b5]	53	Credential(Role head, Role tail) {
[31b67d5]	54	m_head = head;
	55	m_tail = tail;
[0595372]	56	id = null;
[7f614c1]	57	m_expiration = null;
[31b67d5]	58	}
	59
[7ef13e3]	60	/**
[e36ea1d]	61	* Create a credential from an attribute cert in a file. Throws an
	62	* exception if the cert file can't be opened or if there's a format
	63	* problem with the cert. Note that catching
	64	* java.security.GeneralSecurityException catches most of the exceptions
	65	* this throws.
	66	* @param filename a String containing the filename to read
	67	* @param ids a Collection of Identities to use in validating the cert
[44896b5]	68	* @throws CertInvalidException if the stream is unparsable
	69	* @throws MissingIssuerException if none of the Identities can validate the
[e36ea1d]	70	* certificate
[44896b5]	71	* @throws BadSignatureException if the signature check fails
[7ef13e3]	72	*/
[4d5f56d]	73	Credential(String filename, Collection<Identity> ids)
[44896b5]	74	throws ABACException { this(); }
[7ef13e3]	75
	76	/**
[e36ea1d]	77	* Create a credential from an attribute cert in a file. Throws an
	78	* exception if the cert file can't be opened or if there's a format
	79	* problem with the cert. Note that catching
	80	* java.security.GeneralSecurityException catches most of the exceptions
	81	* this throws.
	82	* @param file the File to read
	83	* @param ids a Collection of Identities to use in validating the cert
[44896b5]	84	* @throws CertInvalidException if the stream is unparsable
	85	* @throws MissingIssuerException if none of the Identities can validate the
[e36ea1d]	86	* certificate
[44896b5]	87	* @throws BadSignatureException if the signature check fails
[7ef13e3]	88	*/
[4d5f56d]	89	Credential(File file, Collection<Identity> ids)
[44896b5]	90	throws ABACException {
[7b33c9b]	91	this();
[e36ea1d]	92	}
[1a7e6d3]	93
	94	/**
[e36ea1d]	95	* Create a credential from an InputStream. Throws an exception if the
	96	* stream can't be parsed or if there's a format problem with the cert.
	97	* Note that catching java.security.GeneralSecurityException catches most
	98	* of the exceptions this throws.
	99	* @param s the InputStream to read
	100	* @param ids a Collection of Identities to use in validating the cert
[44896b5]	101	* @throws CertInvalidException if the stream is unparsable
	102	* @throws MissingIssuerException if none of the Identities can validate the
[e36ea1d]	103	* certificate
[44896b5]	104	* @throws BadSignatureException if the signature check fails
[1a7e6d3]	105	*/
[4d5f56d]	106	Credential(InputStream s, Collection<Identity> ids)
[44896b5]	107	throws ABACException {
[7b33c9b]	108	this();
[7ef13e3]	109	}
	110
[e9360e2]	111	/**
[675770e]	112	* Create a certificate from this credential issued by the given identity,
	113	* valid for the given time.
	114	* @param i the Identity that will issue the certificate
	115	* @param validity a long holding the number of seconds that the credential
	116	* is valid for.
	117	* @throws ABACException for Credential-specific errors
	118	* @throws MissingIssuerException the identity is invalid
	119	* @throws BadSignatureException if the signature creation fails
	120	*/
	121	public abstract void make_cert(Identity i, long validity)
	122	throws ABACException;
	123	/**
	124	* Create a certificate from this credential issued by the given identity,
	125	* valid for the default interval.
[e36ea1d]	126	* @param i the Identity that will issue the certificate
[44896b5]	127	* @throws ABACException for Credential-specific errors
	128	* @throws MissingIssuerException the identity is invalid
	129	* @throws BadSignatureException if the signature creation fails
[e9360e2]	130	*/
[7b33c9b]	131	public abstract void make_cert(Identity i)
[44896b5]	132	throws ABACException;
[90f939f]	133
[cfcdcb4b]	134	/**
[a7f73b5]	135	* Return true if 2 credentials represent the same ABAC. Two credentials
	136	* are the same if their roles are the same.
[e36ea1d]	137	* @param o an Object to compare
	138	* @return true if the Credentials have the Roles
[cfcdcb4b]	139	*/
	140	public boolean equals(Object o) {
	141	if ( o instanceof Credential ) {
	142	Credential c = (Credential) o;
	143
	144	if (m_head == null \|\| m_tail == null ) return false;
	145	else return (m_head.equals(c.head()) && m_tail.equals(c.tail()));
	146	}
	147	else return false;
	148	}
	149
[e36ea1d]	150	/**
[a7f73b5]	151	* Compare 2 credentials for sorting. They are ordered by their Roles,
	152	* head then tail.
[e36ea1d]	153	* @param o an Object to compare
	154	* @return -1 if this Credential is before, 0 if they are the same, and 1
	155	* if this Credential is after the given object.
	156	*/
[88e139a]	157	public int compareTo(Object o) {
	158	if (o instanceof Credential) {
	159	Credential c = (Credential) o;
	160
	161	if (head().equals(c.head())) return tail().compareTo(c.tail());
	162	else return head().compareTo(c.head());
	163	}
	164	else return 1;
	165	}
	166
	167
[31b67d5]	168	/**
	169	* Get the head role from the credential.
[e36ea1d]	170	* @return the Role in the head
[31b67d5]	171	*/
[0595372]	172	public Role head() { return m_head; }
[31b67d5]	173
	174	/**
	175	* Get the tail role from the credential
[e36ea1d]	176	* @return the Role in the tail
[31b67d5]	177	*/
[0595372]	178	public Role tail() { return m_tail; }
[31b67d5]	179
[7f614c1]	180	/**
	181	* Get the expiration Date of the credential.
	182	*/
	183	public Date expiration() { return m_expiration; }
	184
[31b67d5]	185	/**
[a7f73b5]	186	* Return an untranslated string form of the credential. The format is head
	187	* <- tail. For example: A.r1 <- B.r2.r3. Principal names are key
	188	* identifiers.
[e36ea1d]	189	* @return the string form
[31b67d5]	190	*/
	191	public String toString() {
	192	return m_head + " <- " + m_tail;
	193	}
	194
[e36ea1d]	195	/**
[a7f73b5]	196	* Return a translated string form of the credential. The format is head
	197	* <- tail. For example: A.r1 <- B.r2.r3. Principal names are
	198	* shortened to menmonics if the Context knows the identity.
[e36ea1d]	199	* @param c the Context to translate names in
	200	* @return the string form
	201	*/
[84f0e7a]	202	public String simpleString(Context c) {
	203	return m_head.simpleString(c) + " <- " + m_tail.simpleString(c);
[de63a31]	204	}
	205
[e36ea1d]	206	/**
[a7f73b5]	207	* Output the external representation of the Credential to the OutputStream
	208	* given. Subclasses will overload this for their output format.
[e36ea1d]	209	* @param s the OutputStream on which to write
	210	* @throws IOException if there is an error writing.
	211	*/
[7b33c9b]	212	public abstract void write(OutputStream s) throws IOException;
[1a7e6d3]	213
[e36ea1d]	214	/**
[a7f73b5]	215	* Output the external representation of the Credential to the filename
	216	* given. Subclasses will overload this for their output format.
[e36ea1d]	217	* @param fn a String containing the output filename
	218	* @throws IOException if there is an error writing.
	219	*/
[7b33c9b]	220	public abstract void write(String fn)
	221	throws IOException, FileNotFoundException;
[1a7e6d3]	222
[e36ea1d]	223	/**
	224	* Return true if this Credential has a certificate associated. A jabac
	225	* extension.
	226	* @return true if this Credential has a certificate associated.
	227	*/
[7b33c9b]	228	public abstract boolean hasCertificate();
[5cf72cc]	229
[e36ea1d]	230	/**
[a7f73b5]	231	* Return the Identity that issued the underlying certificate (if any). A
	232	* jabac extension.
	233	* @return the Identity that issued the underlying certificate.
[e36ea1d]	234	*/
[d69593c]	235	public Identity issuer() { return id; }
[f84d71e]	236
[31b67d5]	237	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: