source: java/net/deterlab/abac/Credential.java @ 8ee55e7

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml
Last change on this file since 8ee55e7 was f84d71e, checked in by Ted Faber <faber@…>, 12 years ago

More credential parsing
  • Property mode set to 100644
File size: 7.9 KB
RevLine 
[31b67d5]1package net.deterlab.abac;
2
[7ef13e3]3import java.io.*;
[281158a]4import java.math.*;
[7ef13e3]5
6import java.util.*;
7import java.security.*;
8import java.security.cert.*;
9
[e36ea1d]10import javax.security.auth.x500.*;
[90f939f]11
12import org.bouncycastle.asn1.*;
[e9360e2]13import org.bouncycastle.asn1.x509.*;
[90f939f]14import org.bouncycastle.x509.*;
[e36ea1d]15import org.bouncycastle.x509.util.*;
16import org.bouncycastle.openssl.*;
17
18/**
19 * An ABAC credential, with or without an underlying certificate that
[3797bbe]20 * represents it.  These are edges in proof graphs and can be constructed from
[e36ea1d]21 * their constituent Roles.
22 * @author <a href="http://abac.deterlab.net">ISI ABAC team</a>
23 * @version 1.3
24 */
[7b33c9b]25public abstract class Credential implements Comparable {
[e36ea1d]26    /** The role at the head */
27    protected Role m_head
28    /** The role at the tail */;
[d69593c]29    protected Role m_tail;
[e36ea1d]30    /** The identity that issued the certificate */
[d69593c]31    protected Identity id;
[0595372]32
[9394f1f]33    /**
[e36ea1d]34     * Create an empty Credential.
[9394f1f]35     */
36    public Credential() {
37        m_head = m_tail = null;
[0595372]38        id = null;
[9394f1f]39    }
[31b67d5]40    /**
[e36ea1d]41     * Create a credential from a head and tail role.  This credential has no
42     * underlying certificate, and cannot be exported or used in real proofs.
43     * make_cert can create a certificate for a credential initialized this
44     * way.
45     * @param head the Role at the head of the credential
46     * @param tail the Role at the tail of the credential
[31b67d5]47     */
48    public Credential(Role head, Role tail) {
49        m_head = head;
50        m_tail = tail;
[0595372]51        id = null;
[31b67d5]52    }
53
[7ef13e3]54    /**
[e36ea1d]55     * Create a credential from an attribute cert in a file. Throws an
56     * exception if the cert file can't be opened or if there's a format
57     * problem with the cert.  Note that catching
58     * java.security.GeneralSecurityException catches most of the exceptions
59     * this throws.
60     * @param filename a String containing the filename to read
61     * @param ids a Collection of Identities to use in validating the cert
[44896b5]62     * @throws CertInvalidException if the stream is unparsable
63     * @throws MissingIssuerException if none of the Identities can validate the
[e36ea1d]64     *                              certificate
[44896b5]65     * @throws BadSignatureException if the signature check fails
[7ef13e3]66     */
[84f0e7a]67    public Credential(String filename, Collection<Identity> ids) 
[44896b5]68        throws ABACException { this(); }
[7ef13e3]69
70    /**
[e36ea1d]71     * Create a credential from an attribute cert in a file. Throws an
72     * exception if the cert file can't be opened or if there's a format
73     * problem with the cert.  Note that catching
74     * java.security.GeneralSecurityException catches most of the exceptions
75     * this throws.
76     * @param file the File to read
77     * @param ids a Collection of Identities to use in validating the cert
[44896b5]78     * @throws CertInvalidException if the stream is unparsable
79     * @throws MissingIssuerException if none of the Identities can validate the
[e36ea1d]80     *                              certificate
[44896b5]81     * @throws BadSignatureException if the signature check fails
[7ef13e3]82     */
[84f0e7a]83    public Credential(File file, Collection<Identity> ids) 
[44896b5]84            throws ABACException {
[7b33c9b]85         this();
[e36ea1d]86    }
[1a7e6d3]87
88    /**
[e36ea1d]89     * Create a credential from an InputStream.  Throws an exception if the
90     * stream can't be parsed or if there's a format problem with the cert.
91     * Note that catching java.security.GeneralSecurityException catches most
92     * of the exceptions this throws.
93     * @param s the InputStream to read
94     * @param ids a Collection of Identities to use in validating the cert
[44896b5]95     * @throws CertInvalidException if the stream is unparsable
96     * @throws MissingIssuerException if none of the Identities can validate the
[e36ea1d]97     *                              certificate
[44896b5]98     * @throws BadSignatureException if the signature check fails
[1a7e6d3]99     */
[84f0e7a]100    public Credential(InputStream s, Collection<Identity> ids) 
[44896b5]101            throws ABACException {
[7b33c9b]102         this();
[7ef13e3]103    }
104
[84f0e7a]105
[e9360e2]106    /**
107     * Create a certificate from this credential issued by the given identity.
[e36ea1d]108     * Note that catching java.security.GeneralSecurityException catches most
109     * of the exceptions this throws.
110     * @param i the Identity that will issue the certificate
[44896b5]111     * @throws ABACException for Credential-specific errors
112     * @throws MissingIssuerException the identity is invalid
113     * @throws BadSignatureException if the signature creation fails
[e9360e2]114     */
[7b33c9b]115    public abstract void make_cert(Identity i) 
[44896b5]116            throws ABACException;
[90f939f]117
[cfcdcb4b]118    /**
119     * Two credentials are the same if their roles are the same.
[e36ea1d]120     * @param o an Object to compare
121     * @return true if the Credentials have the Roles
[cfcdcb4b]122     */
123    public boolean equals(Object o) {
124        if ( o instanceof Credential ) {
125            Credential c = (Credential) o;
126
127            if (m_head == null || m_tail == null ) return false;
128            else return (m_head.equals(c.head()) && m_tail.equals(c.tail()));
129        }
130        else return false;
131    }
132
[e36ea1d]133    /**
134     * Allow credentials to be compared.  They are ordered by their Roles, head
135     * then tail.
136     * @param o an Object to compare
137     * @return -1 if this Credential is before, 0 if they are the same, and 1
138     *              if this Credential is after the given object.
139     */
[88e139a]140    public int compareTo(Object o) {
141        if (o instanceof Credential) {
142            Credential c = (Credential) o;
143
144            if (head().equals(c.head())) return tail().compareTo(c.tail());
145            else return head().compareTo(c.head());
146        }
147        else return 1;
148    }
149
150
[31b67d5]151    /**
152     * Get the head role from the credential.
[e36ea1d]153     * @return the Role in the head
[31b67d5]154     */
[0595372]155    public Role head() { return m_head; }
[31b67d5]156
157    /**
158     * Get the tail role from the credential
[e36ea1d]159     * @return the Role in the tail
[31b67d5]160     */
[0595372]161    public Role tail() { return m_tail; }
[31b67d5]162
163    /**
164     * Turn the credential into string form. The format is head &lt;- tail. For
[e36ea1d]165     * example: A.r1 &lt;- B.r2.r3.  Principal names are key identifiers.
166     * @return the string form
[31b67d5]167     */
168    public String toString() {
169        return m_head + " <- " + m_tail;
170    }
171
[e36ea1d]172    /**
173     * Turn the credential into string form. The format is head &lt;- tail. For
174     * example: A.r1 &lt;- B.r2.r3.  Principal names are shortened to menmonics
175     * if the Context knows the identity.
176     * @param c the Context to translate names in
177     * @return the string form
178     */
[84f0e7a]179    public String simpleString(Context c) {
180        return m_head.simpleString(c) + " <- " + m_tail.simpleString(c);
[de63a31]181    }
182
[e36ea1d]183    /**
184     * Output the DER formatted attribute certificate associated with this
185     * Credential to the OutputStream.
186     * @param s the OutputStream on which to write
187     * @throws IOException if there is an error writing.
188     */
[7b33c9b]189    public abstract void write(OutputStream s) throws IOException;
[1a7e6d3]190
[e36ea1d]191    /**
192     * Output the DER formatted attribute certificate associated with this
193     * Credential to the filename given.
194     * @param fn a String containing the output filename
195     * @throws IOException if there is an error writing.
196     */
[7b33c9b]197    public abstract void write(String fn) 
198        throws IOException, FileNotFoundException;
[1a7e6d3]199
[e36ea1d]200    /**
201     * Return true if this Credential has a certificate associated.  A jabac
202     * extension.
203     * @return true if this Credential has a certificate associated.
204     */
[7b33c9b]205    public abstract boolean hasCertificate();
[5cf72cc]206
[e36ea1d]207    /**
208     * Return the Identity that issued the underlying certificate.  A jabac
209     * extension.
210     * @return the Identity that issued the underlying certificate.
211     */
[d69593c]212    public Identity issuer() { return id; }
[e36ea1d]213    /**
214     * Return the X509Certificate that issued the underlying certificate.
215     * @return the X509Certificate that issued the underlying certificate.
216     */
[d69593c]217    public X509Certificate issuerCert() { return id.getCertificate(); }
[f84d71e]218
219    /**
220     * Return a CredentialParser that never parses a credential.  Credentials
221     * that can be parsed must override this.  Called indirectly by
222     * CredentialFactory.registerClass().
223     * @return a CredentialParser for this kind of credential.
224     */
225    static public CredentialParser getCredentialParser() { 
226        return new CredentialParser() {
227            public Credential[] parseCredential(InputStream s, 
228                    Collection<Identity> ids) { 
229                return null; 
230            } 
231        };
232    }
[31b67d5]233}
Note: See TracBrowser for help on using the repository browser.