source: java/net/deterlab/abac/Credential.java @ 1a1acd9

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml
Last change on this file since 1a1acd9 was aaadefd, checked in by Ted Faber <faber@…>, 12 years ago

Add newCredential to the Context

  • Property mode set to 100644
File size: 8.0 KB
Line 
1package net.deterlab.abac;
2
3import java.io.*;
4import java.math.*;
5
6import java.util.*;
7import java.security.*;
8import java.security.cert.*;
9
10import javax.security.auth.x500.*;
11
12import org.bouncycastle.asn1.*;
13import org.bouncycastle.asn1.x509.*;
14import org.bouncycastle.x509.*;
15import org.bouncycastle.x509.util.*;
16import org.bouncycastle.openssl.*;
17
18/**
19 * An ABAC credential, with or without an underlying certificate that
20 * represents it.  These are edges in proof graphs and can be constructed from
21 * their constituent Roles.
22 * @author <a href="http://abac.deterlab.net">ISI ABAC team</a>
23 * @version 1.4
24 */
25public abstract class Credential implements Comparable {
26    /** The role at the head */
27    protected Role m_head
28    /** The role at the tail */;
29    protected Role m_tail;
30    /** The identity that issued the certificate */
31    protected Identity id;
32
33    /**
34     * Create an empty Credential.
35     */
36    public Credential() {
37        m_head = m_tail = null;
38        id = null;
39    }
40    /**
41     * Create a credential from a head and tail role.  This credential has no
42     * underlying certificate, and cannot be exported or used in real proofs.
43     * make_cert can create a certificate for a credential initialized this
44     * way.
45     * @param head the Role at the head of the credential
46     * @param tail the Role at the tail of the credential
47     */
48    public Credential(Role head, Role tail) {
49        m_head = head;
50        m_tail = tail;
51        id = null;
52    }
53
54    /**
55     * Create a credential from an attribute cert in a file. Throws an
56     * exception if the cert file can't be opened or if there's a format
57     * problem with the cert.  Note that catching
58     * java.security.GeneralSecurityException catches most of the exceptions
59     * this throws.
60     * @param filename a String containing the filename to read
61     * @param ids a Collection of Identities to use in validating the cert
62     * @throws CertInvalidException if the stream is unparsable
63     * @throws MissingIssuerException if none of the Identities can validate the
64     *                              certificate
65     * @throws BadSignatureException if the signature check fails
66     */
67    public Credential(String filename, Collection<Identity> ids) 
68        throws ABACException { this(); }
69
70    /**
71     * Create a credential from an attribute cert in a file. Throws an
72     * exception if the cert file can't be opened or if there's a format
73     * problem with the cert.  Note that catching
74     * java.security.GeneralSecurityException catches most of the exceptions
75     * this throws.
76     * @param file the File to read
77     * @param ids a Collection of Identities to use in validating the cert
78     * @throws CertInvalidException if the stream is unparsable
79     * @throws MissingIssuerException if none of the Identities can validate the
80     *                              certificate
81     * @throws BadSignatureException if the signature check fails
82     */
83    public Credential(File file, Collection<Identity> ids) 
84            throws ABACException {
85         this();
86    }
87
88    /**
89     * Create a credential from an InputStream.  Throws an exception if the
90     * stream can't be parsed or if there's a format problem with the cert.
91     * Note that catching java.security.GeneralSecurityException catches most
92     * of the exceptions this throws.
93     * @param s the InputStream to read
94     * @param ids a Collection of Identities to use in validating the cert
95     * @throws CertInvalidException if the stream is unparsable
96     * @throws MissingIssuerException if none of the Identities can validate the
97     *                              certificate
98     * @throws BadSignatureException if the signature check fails
99     */
100    public Credential(InputStream s, Collection<Identity> ids) 
101            throws ABACException {
102         this();
103    }
104
105
106    /**
107     * Create a certificate from this credential issued by the given identity.
108     * Note that catching java.security.GeneralSecurityException catches most
109     * of the exceptions this throws.
110     * @param i the Identity that will issue the certificate
111     * @throws ABACException for Credential-specific errors
112     * @throws MissingIssuerException the identity is invalid
113     * @throws BadSignatureException if the signature creation fails
114     */
115    public abstract void make_cert(Identity i) 
116            throws ABACException;
117
118    /**
119     * Two credentials are the same if their roles are the same.
120     * @param o an Object to compare
121     * @return true if the Credentials have the Roles
122     */
123    public boolean equals(Object o) {
124        if ( o instanceof Credential ) {
125            Credential c = (Credential) o;
126
127            if (m_head == null || m_tail == null ) return false;
128            else return (m_head.equals(c.head()) && m_tail.equals(c.tail()));
129        }
130        else return false;
131    }
132
133    /**
134     * Allow credentials to be compared.  They are ordered by their Roles, head
135     * then tail.
136     * @param o an Object to compare
137     * @return -1 if this Credential is before, 0 if they are the same, and 1
138     *              if this Credential is after the given object.
139     */
140    public int compareTo(Object o) {
141        if (o instanceof Credential) {
142            Credential c = (Credential) o;
143
144            if (head().equals(c.head())) return tail().compareTo(c.tail());
145            else return head().compareTo(c.head());
146        }
147        else return 1;
148    }
149
150
151    /**
152     * Get the head role from the credential.
153     * @return the Role in the head
154     */
155    public Role head() { return m_head; }
156
157    /**
158     * Get the tail role from the credential
159     * @return the Role in the tail
160     */
161    public Role tail() { return m_tail; }
162
163    /**
164     * Turn the credential into string form. The format is head &lt;- tail. For
165     * example: A.r1 &lt;- B.r2.r3.  Principal names are key identifiers.
166     * @return the string form
167     */
168    public String toString() {
169        return m_head + " <- " + m_tail;
170    }
171
172    /**
173     * Turn the credential into string form. The format is head &lt;- tail. For
174     * example: A.r1 &lt;- B.r2.r3.  Principal names are shortened to menmonics
175     * if the Context knows the identity.
176     * @param c the Context to translate names in
177     * @return the string form
178     */
179    public String simpleString(Context c) {
180        return m_head.simpleString(c) + " <- " + m_tail.simpleString(c);
181    }
182
183    /**
184     * Output the DER formatted attribute certificate associated with this
185     * Credential to the OutputStream.
186     * @param s the OutputStream on which to write
187     * @throws IOException if there is an error writing.
188     */
189    public abstract void write(OutputStream s) throws IOException;
190
191    /**
192     * Output the DER formatted attribute certificate associated with this
193     * Credential to the filename given.
194     * @param fn a String containing the output filename
195     * @throws IOException if there is an error writing.
196     */
197    public abstract void write(String fn) 
198        throws IOException, FileNotFoundException;
199
200    /**
201     * Return true if this Credential has a certificate associated.  A jabac
202     * extension.
203     * @return true if this Credential has a certificate associated.
204     */
205    public abstract boolean hasCertificate();
206
207    /**
208     * Return the Identity that issued the underlying certificate.  A jabac
209     * extension.
210     * @return the Identity that issued the underlying certificate.
211     */
212    public Identity issuer() { return id; }
213    /**
214     * Return the X509Certificate that issued the underlying certificate.
215     * @return the X509Certificate that issued the underlying certificate.
216     */
217    public X509Certificate issuerCert() { return id.getCertificate(); }
218
219    /**
220     * Return a CredentialParser that never parses or generates a credential.
221     * Credentials that can be parsed must override this.  Called indirectly by
222     * CredentialFactory.registerClass().
223     * @return a CredentialFactorySpecialization for this kind of credential.
224     */
225    static public CredentialFactorySpecialization
226            getCredentialFactorySpecialization() { 
227        return new CredentialFactorySpecialization() {
228            public Credential[] parseCredential(InputStream s, 
229                    Collection<Identity> ids) { 
230                return null; 
231            } 
232            public Credential generateCredential(Role head, Role tail) {
233                return null;
234            }
235        };
236    }
237}
Note: See TracBrowser for help on using the repository browser.