source: java/net/deterlab/abac/Credential.java @ 7ebf16d

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml
Last change on this file since 7ebf16d was 675770e, checked in by Ted Faber <faber@…>, 12 years ago

Allow users to set validity periods.

  • Property mode set to 100644
File size: 8.1 KB
RevLine 
[31b67d5]1package net.deterlab.abac;
2
[7ef13e3]3import java.io.*;
[281158a]4import java.math.*;
[7ef13e3]5
6import java.util.*;
7import java.security.*;
8import java.security.cert.*;
9
[e36ea1d]10import javax.security.auth.x500.*;
[90f939f]11
12import org.bouncycastle.asn1.*;
[e9360e2]13import org.bouncycastle.asn1.x509.*;
[90f939f]14import org.bouncycastle.x509.*;
[e36ea1d]15import org.bouncycastle.x509.util.*;
16import org.bouncycastle.openssl.*;
17
18/**
19 * An ABAC credential, with or without an underlying certificate that
[3797bbe]20 * represents it.  These are edges in proof graphs and can be constructed from
[e36ea1d]21 * their constituent Roles.
22 * @author <a href="http://abac.deterlab.net">ISI ABAC team</a>
[4560b65]23 * @version 1.4
[e36ea1d]24 */
[7b33c9b]25public abstract class Credential implements Comparable {
[675770e]26    /** Default validity period (in seconds) */
27    static public long defaultValidity = 3600L * 24L * 365L;
[e36ea1d]28    /** The role at the head */
29    protected Role m_head
30    /** The role at the tail */;
[d69593c]31    protected Role m_tail;
[e36ea1d]32    /** The identity that issued the certificate */
[d69593c]33    protected Identity id;
[7f614c1]34    /** The expiration time of the credential */
35    protected Date m_expiration;
[0595372]36
[9394f1f]37    /**
[e36ea1d]38     * Create an empty Credential.
[9394f1f]39     */
[a7f73b5]40    Credential() {
[9394f1f]41        m_head = m_tail = null;
[0595372]42        id = null;
[7f614c1]43        m_expiration = null;
[9394f1f]44    }
[31b67d5]45    /**
[e36ea1d]46     * Create a credential from a head and tail role.  This credential has no
47     * underlying certificate, and cannot be exported or used in real proofs.
48     * make_cert can create a certificate for a credential initialized this
49     * way.
50     * @param head the Role at the head of the credential
51     * @param tail the Role at the tail of the credential
[31b67d5]52     */
[a7f73b5]53    Credential(Role head, Role tail) {
[31b67d5]54        m_head = head;
55        m_tail = tail;
[0595372]56        id = null;
[7f614c1]57        m_expiration = null;
[31b67d5]58    }
59
[7ef13e3]60    /**
[e36ea1d]61     * Create a credential from an attribute cert in a file. Throws an
62     * exception if the cert file can't be opened or if there's a format
63     * problem with the cert.  Note that catching
64     * java.security.GeneralSecurityException catches most of the exceptions
65     * this throws.
66     * @param filename a String containing the filename to read
67     * @param ids a Collection of Identities to use in validating the cert
[44896b5]68     * @throws CertInvalidException if the stream is unparsable
69     * @throws MissingIssuerException if none of the Identities can validate the
[e36ea1d]70     *                              certificate
[44896b5]71     * @throws BadSignatureException if the signature check fails
[7ef13e3]72     */
[4d5f56d]73    Credential(String filename, Collection<Identity> ids) 
[44896b5]74        throws ABACException { this(); }
[7ef13e3]75
76    /**
[e36ea1d]77     * Create a credential from an attribute cert in a file. Throws an
78     * exception if the cert file can't be opened or if there's a format
79     * problem with the cert.  Note that catching
80     * java.security.GeneralSecurityException catches most of the exceptions
81     * this throws.
82     * @param file the File to read
83     * @param ids a Collection of Identities to use in validating the cert
[44896b5]84     * @throws CertInvalidException if the stream is unparsable
85     * @throws MissingIssuerException if none of the Identities can validate the
[e36ea1d]86     *                              certificate
[44896b5]87     * @throws BadSignatureException if the signature check fails
[7ef13e3]88     */
[4d5f56d]89    Credential(File file, Collection<Identity> ids) 
[44896b5]90            throws ABACException {
[7b33c9b]91         this();
[e36ea1d]92    }
[1a7e6d3]93
94    /**
[e36ea1d]95     * Create a credential from an InputStream.  Throws an exception if the
96     * stream can't be parsed or if there's a format problem with the cert.
97     * Note that catching java.security.GeneralSecurityException catches most
98     * of the exceptions this throws.
99     * @param s the InputStream to read
100     * @param ids a Collection of Identities to use in validating the cert
[44896b5]101     * @throws CertInvalidException if the stream is unparsable
102     * @throws MissingIssuerException if none of the Identities can validate the
[e36ea1d]103     *                              certificate
[44896b5]104     * @throws BadSignatureException if the signature check fails
[1a7e6d3]105     */
[4d5f56d]106    Credential(InputStream s, Collection<Identity> ids) 
[44896b5]107            throws ABACException {
[7b33c9b]108         this();
[7ef13e3]109    }
110
[e9360e2]111    /**
[675770e]112     * Create a certificate from this credential issued by the given identity,
113     * valid for the given time.
114     * @param i the Identity that will issue the certificate
115     * @param validity a long holding the number of seconds that the credential
116     * is valid for.
117     * @throws ABACException for Credential-specific errors
118     * @throws MissingIssuerException the identity is invalid
119     * @throws BadSignatureException if the signature creation fails
120     */
121    public abstract void make_cert(Identity i, long validity) 
122            throws ABACException;
123    /**
124     * Create a certificate from this credential issued by the given identity,
125     * valid for the default interval.
[e36ea1d]126     * @param i the Identity that will issue the certificate
[44896b5]127     * @throws ABACException for Credential-specific errors
128     * @throws MissingIssuerException the identity is invalid
129     * @throws BadSignatureException if the signature creation fails
[e9360e2]130     */
[7b33c9b]131    public abstract void make_cert(Identity i) 
[44896b5]132            throws ABACException;
[90f939f]133
[cfcdcb4b]134    /**
[a7f73b5]135     * Return true if 2 credentials represent the same ABAC. Two credentials
136     * are the same if their roles are the same.
[e36ea1d]137     * @param o an Object to compare
138     * @return true if the Credentials have the Roles
[cfcdcb4b]139     */
140    public boolean equals(Object o) {
141        if ( o instanceof Credential ) {
142            Credential c = (Credential) o;
143
144            if (m_head == null || m_tail == null ) return false;
145            else return (m_head.equals(c.head()) && m_tail.equals(c.tail()));
146        }
147        else return false;
148    }
149
[e36ea1d]150    /**
[a7f73b5]151     * Compare 2 credentials for sorting.  They are ordered by their Roles,
152     * head then tail.
[e36ea1d]153     * @param o an Object to compare
154     * @return -1 if this Credential is before, 0 if they are the same, and 1
155     *              if this Credential is after the given object.
156     */
[88e139a]157    public int compareTo(Object o) {
158        if (o instanceof Credential) {
159            Credential c = (Credential) o;
160
161            if (head().equals(c.head())) return tail().compareTo(c.tail());
162            else return head().compareTo(c.head());
163        }
164        else return 1;
165    }
166
167
[31b67d5]168    /**
169     * Get the head role from the credential.
[e36ea1d]170     * @return the Role in the head
[31b67d5]171     */
[0595372]172    public Role head() { return m_head; }
[31b67d5]173
174    /**
175     * Get the tail role from the credential
[e36ea1d]176     * @return the Role in the tail
[31b67d5]177     */
[0595372]178    public Role tail() { return m_tail; }
[31b67d5]179
[7f614c1]180    /**
181     * Get the expiration Date of the credential.
182     */
183    public Date expiration() { return m_expiration; }
184
[31b67d5]185    /**
[a7f73b5]186     * Return an untranslated string form of the credential. The format is head
187     * &lt;- tail. For example: A.r1 &lt;- B.r2.r3.  Principal names are key
188     * identifiers.
[e36ea1d]189     * @return the string form
[31b67d5]190     */
191    public String toString() {
192        return m_head + " <- " + m_tail;
193    }
194
[e36ea1d]195    /**
[a7f73b5]196     * Return a translated string form of the credential. The format is head
197     * &lt;- tail. For example: A.r1 &lt;- B.r2.r3.  Principal names are
198     * shortened to menmonics if the Context knows the identity.
[e36ea1d]199     * @param c the Context to translate names in
200     * @return the string form
201     */
[84f0e7a]202    public String simpleString(Context c) {
203        return m_head.simpleString(c) + " <- " + m_tail.simpleString(c);
[de63a31]204    }
205
[e36ea1d]206    /**
[a7f73b5]207     * Output the external representation of the Credential to the OutputStream
208     * given. Subclasses will overload this for their output format.
[e36ea1d]209     * @param s the OutputStream on which to write
210     * @throws IOException if there is an error writing.
211     */
[7b33c9b]212    public abstract void write(OutputStream s) throws IOException;
[1a7e6d3]213
[e36ea1d]214    /**
[a7f73b5]215     * Output the external representation of the Credential to the filename
216     * given. Subclasses will overload this for their output format.
[e36ea1d]217     * @param fn a String containing the output filename
218     * @throws IOException if there is an error writing.
219     */
[7b33c9b]220    public abstract void write(String fn) 
221        throws IOException, FileNotFoundException;
[1a7e6d3]222
[e36ea1d]223    /**
224     * Return true if this Credential has a certificate associated.  A jabac
225     * extension.
226     * @return true if this Credential has a certificate associated.
227     */
[7b33c9b]228    public abstract boolean hasCertificate();
[5cf72cc]229
[e36ea1d]230    /**
[a7f73b5]231     * Return the Identity that issued the underlying certificate (if any).  A
232     * jabac extension.
233     * @return the Identity that issued the underlying certificate.
[e36ea1d]234     */
[d69593c]235    public Identity issuer() { return id; }
[f84d71e]236
[31b67d5]237}
Note: See TracBrowser for help on using the repository browser.