source: java/net/deterlab/abac/Credential.java @ 9725efb

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since 9725efb was 9725efb, checked in by Ted Faber <faber@…>, 14 years ago

Parse Identity certs fully. Put 'em in a class.

  • Property mode set to 100644
File size: 3.6 KB
Line 
1package net.deterlab.abac;
2
3import java.io.*;
4
5import java.util.*;
6import java.security.*;
7import java.security.cert.*;
8
9import net.deterlab.abac.Identity;
10
11import org.bouncycastle.asn1.*;
12import org.bouncycastle.x509.*;
13import org.bouncycastle.jce.provider.X509AttrCertParser;
14import org.bouncycastle.jce.provider.X509CertificateObject;
15import org.bouncycastle.openssl.PEMReader;
16
17public class Credential {
18    protected static Vector<Identity> s_ids = new Vector<Identity>();
19    /**
20     * Create a credential from a head and tail role. This is only for testing.
21     * In a real implementation the Credential must be loaded from an X.509
22     * attribute cert.
23     */
24    public Credential(Role head, Role tail) {
25        m_head = head;
26        m_tail = tail;
27    }
28
29    /**
30     * Do the credential initialization from a filename.
31     */
32    protected void init(String filename) throws Exception {
33        FileInputStream fis = new FileInputStream(filename);
34        X509AttrCertParser parser = new X509AttrCertParser();
35        parser.engineInit(fis);
36        m_ac = (X509V2AttributeCertificate)parser.engineRead();
37        m_id = null;
38
39        for (Identity id: s_ids) {
40            try {
41                m_ac.verify(id.getCertificate().getPublicKey(), "BC");
42                m_id = id;
43                break;
44            }
45            catch (InvalidKeyException e) { }
46        }
47        if (m_id == null) throw new InvalidKeyException("Unknown identity");
48
49        load_roles();
50    }
51
52    /**
53     * Create a credential from an attribute cert. Throws an exception if the
54     * cert file can't be opened or if there's a format problem with the cert.
55     */
56    public Credential(String filename) throws Exception {
57        init(filename);
58    }
59
60    /**
61     * Create a credential from an attribute cert. Throws an exception if the
62     * cert file can't be opened or if there's a format problem with the cert.
63     */
64    public Credential(File file) throws Exception {
65        init(file.getPath());
66    }
67
68
69    /**
70     * Load the roles off the attribute cert. Throws a RuntimeException if
71     * there's something wrong with the cert.
72     */
73    private void load_roles() throws RuntimeException {
74        String roles = null;
75        try {
76            X509Attribute attr = m_ac.getAttributes()[0];
77
78            DERSequence    java     = (DERSequence)attr.getValues()[0];
79            DERSequence    fucking  = (DERSequence)java.getObjectAt(0);
80            DERUTF8String  sucks    = (DERUTF8String)fucking.getObjectAt(0);
81
82            roles = sucks.getString();
83        }
84        catch (Exception e) {
85            throw new RuntimeException("Your attribute certificate is funky and I'm not gonna debug it", e);
86        }
87
88        String[] parts = roles.split("\\s*<--?\\s*");
89        if (parts.length != 2)
90            throw new RuntimeException("Invalid attribute: " + roles);
91
92        m_head = new Role(parts[0]);
93        m_tail = new Role(parts[1]);
94    }
95
96    /**
97     * Get the head role from the credential.
98     */
99    public Role head() {
100        return m_head;
101    }
102
103    /**
104     * Get the tail role from the credential
105     */
106    public Role tail() {
107        return m_tail;
108    }
109
110    /**
111     * Gets the cert associated with this credential (if any).
112     */
113    public X509V2AttributeCertificate cert() {
114        return m_ac;
115    }
116
117    /**
118     * Turn the credential into string form. The format is head &lt;- tail. For
119     * example: A.r1 &lt;- B.r2.r3.
120     */
121    public String toString() {
122        return m_head + " <- " + m_tail;
123    }
124
125    private Role m_head, m_tail;
126
127    private X509V2AttributeCertificate m_ac;
128    private Identity m_id;
129
130    public static void addIdentity(Identity id) { s_ids.add(id); }
131    public static Collection<Identity> identities() { return s_ids; }
132}
Note: See TracBrowser for help on using the repository browser.