source: java/net/deterlab/abac/Credential.java @ 484bb5a

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml
Last change on this file since 484bb5a was a7f73b5, checked in by Ted Faber <faber@…>, 12 years ago

Document cleanup. Change a few visibilities.

  • Property mode set to 100644
File size: 7.3 KB
Line 
1package net.deterlab.abac;
2
3import java.io.*;
4import java.math.*;
5
6import java.util.*;
7import java.security.*;
8import java.security.cert.*;
9
10import javax.security.auth.x500.*;
11
12import org.bouncycastle.asn1.*;
13import org.bouncycastle.asn1.x509.*;
14import org.bouncycastle.x509.*;
15import org.bouncycastle.x509.util.*;
16import org.bouncycastle.openssl.*;
17
18/**
19 * An ABAC credential, with or without an underlying certificate that
20 * represents it.  These are edges in proof graphs and can be constructed from
21 * their constituent Roles.
22 * @author <a href="http://abac.deterlab.net">ISI ABAC team</a>
23 * @version 1.4
24 */
25public abstract class Credential implements Comparable {
26    /** The role at the head */
27    protected Role m_head
28    /** The role at the tail */;
29    protected Role m_tail;
30    /** The identity that issued the certificate */
31    protected Identity id;
32
33    /**
34     * Create an empty Credential.
35     */
36    Credential() {
37        m_head = m_tail = null;
38        id = null;
39    }
40    /**
41     * Create a credential from a head and tail role.  This credential has no
42     * underlying certificate, and cannot be exported or used in real proofs.
43     * make_cert can create a certificate for a credential initialized this
44     * way.
45     * @param head the Role at the head of the credential
46     * @param tail the Role at the tail of the credential
47     */
48    Credential(Role head, Role tail) {
49        m_head = head;
50        m_tail = tail;
51        id = null;
52    }
53
54    /**
55     * Create a credential from an attribute cert in a file. Throws an
56     * exception if the cert file can't be opened or if there's a format
57     * problem with the cert.  Note that catching
58     * java.security.GeneralSecurityException catches most of the exceptions
59     * this throws.
60     * @param filename a String containing the filename to read
61     * @param ids a Collection of Identities to use in validating the cert
62     * @throws CertInvalidException if the stream is unparsable
63     * @throws MissingIssuerException if none of the Identities can validate the
64     *                              certificate
65     * @throws BadSignatureException if the signature check fails
66     */
67    Credential(String filename, Collection<Identity> ids) 
68        throws ABACException { this(); }
69
70    /**
71     * Create a credential from an attribute cert in a file. Throws an
72     * exception if the cert file can't be opened or if there's a format
73     * problem with the cert.  Note that catching
74     * java.security.GeneralSecurityException catches most of the exceptions
75     * this throws.
76     * @param file the File to read
77     * @param ids a Collection of Identities to use in validating the cert
78     * @throws CertInvalidException if the stream is unparsable
79     * @throws MissingIssuerException if none of the Identities can validate the
80     *                              certificate
81     * @throws BadSignatureException if the signature check fails
82     */
83    Credential(File file, Collection<Identity> ids) 
84            throws ABACException {
85         this();
86    }
87
88    /**
89     * Create a credential from an InputStream.  Throws an exception if the
90     * stream can't be parsed or if there's a format problem with the cert.
91     * Note that catching java.security.GeneralSecurityException catches most
92     * of the exceptions this throws.
93     * @param s the InputStream to read
94     * @param ids a Collection of Identities to use in validating the cert
95     * @throws CertInvalidException if the stream is unparsable
96     * @throws MissingIssuerException if none of the Identities can validate the
97     *                              certificate
98     * @throws BadSignatureException if the signature check fails
99     */
100    Credential(InputStream s, Collection<Identity> ids) 
101            throws ABACException {
102         this();
103    }
104
105
106    /**
107     * Create a certificate from this credential issued by the given identity.
108     * Note that catching java.security.GeneralSecurityException catches most
109     * of the exceptions this throws.
110     * @param i the Identity that will issue the certificate
111     * @throws ABACException for Credential-specific errors
112     * @throws MissingIssuerException the identity is invalid
113     * @throws BadSignatureException if the signature creation fails
114     */
115    public abstract void make_cert(Identity i) 
116            throws ABACException;
117
118    /**
119     * Return true if 2 credentials represent the same ABAC. Two credentials
120     * are the same if their roles are the same.
121     * @param o an Object to compare
122     * @return true if the Credentials have the Roles
123     */
124    public boolean equals(Object o) {
125        if ( o instanceof Credential ) {
126            Credential c = (Credential) o;
127
128            if (m_head == null || m_tail == null ) return false;
129            else return (m_head.equals(c.head()) && m_tail.equals(c.tail()));
130        }
131        else return false;
132    }
133
134    /**
135     * Compare 2 credentials for sorting.  They are ordered by their Roles,
136     * head then tail.
137     * @param o an Object to compare
138     * @return -1 if this Credential is before, 0 if they are the same, and 1
139     *              if this Credential is after the given object.
140     */
141    public int compareTo(Object o) {
142        if (o instanceof Credential) {
143            Credential c = (Credential) o;
144
145            if (head().equals(c.head())) return tail().compareTo(c.tail());
146            else return head().compareTo(c.head());
147        }
148        else return 1;
149    }
150
151
152    /**
153     * Get the head role from the credential.
154     * @return the Role in the head
155     */
156    public Role head() { return m_head; }
157
158    /**
159     * Get the tail role from the credential
160     * @return the Role in the tail
161     */
162    public Role tail() { return m_tail; }
163
164    /**
165     * Return an untranslated string form of the credential. The format is head
166     * &lt;- tail. For example: A.r1 &lt;- B.r2.r3.  Principal names are key
167     * identifiers.
168     * @return the string form
169     */
170    public String toString() {
171        return m_head + " <- " + m_tail;
172    }
173
174    /**
175     * Return a translated string form of the credential. The format is head
176     * &lt;- tail. For example: A.r1 &lt;- B.r2.r3.  Principal names are
177     * shortened to menmonics if the Context knows the identity.
178     * @param c the Context to translate names in
179     * @return the string form
180     */
181    public String simpleString(Context c) {
182        return m_head.simpleString(c) + " <- " + m_tail.simpleString(c);
183    }
184
185    /**
186     * Output the external representation of the Credential to the OutputStream
187     * given. Subclasses will overload this for their output format.
188     * @param s the OutputStream on which to write
189     * @throws IOException if there is an error writing.
190     */
191    public abstract void write(OutputStream s) throws IOException;
192
193    /**
194     * Output the external representation of the Credential to the filename
195     * given. Subclasses will overload this for their output format.
196     * @param fn a String containing the output filename
197     * @throws IOException if there is an error writing.
198     */
199    public abstract void write(String fn) 
200        throws IOException, FileNotFoundException;
201
202    /**
203     * Return true if this Credential has a certificate associated.  A jabac
204     * extension.
205     * @return true if this Credential has a certificate associated.
206     */
207    public abstract boolean hasCertificate();
208
209    /**
210     * Return the Identity that issued the underlying certificate (if any).  A
211     * jabac extension.
212     * @return the Identity that issued the underlying certificate.
213     */
214    public Identity issuer() { return id; }
215
216}
Note: See TracBrowser for help on using the repository browser.