1 | package net.deterlab.abac; |
---|
2 | |
---|
3 | import java.io.*; |
---|
4 | |
---|
5 | import java.util.*; |
---|
6 | import java.security.*; |
---|
7 | import java.security.cert.*; |
---|
8 | |
---|
9 | |
---|
10 | import org.bouncycastle.asn1.*; |
---|
11 | import org.bouncycastle.x509.*; |
---|
12 | import org.bouncycastle.jce.provider.X509AttrCertParser; |
---|
13 | import org.bouncycastle.jce.provider.X509CertificateObject; |
---|
14 | import org.bouncycastle.openssl.PEMReader; |
---|
15 | |
---|
16 | public class Credential { |
---|
17 | protected static Vector<X509CertificateObject> s_ids = |
---|
18 | new Vector<X509CertificateObject>(); |
---|
19 | /** |
---|
20 | * Create a credential from a head and tail role. This is only for testing. |
---|
21 | * In a real implementation the Credential must be loaded from an X.509 |
---|
22 | * attribute cert. |
---|
23 | */ |
---|
24 | public Credential(Role head, Role tail) { |
---|
25 | m_head = head; |
---|
26 | m_tail = tail; |
---|
27 | } |
---|
28 | |
---|
29 | /** |
---|
30 | * Do the credential initialization from a filename. |
---|
31 | */ |
---|
32 | protected void init(String filename) throws Exception { |
---|
33 | FileInputStream fis = new FileInputStream(filename); |
---|
34 | X509AttrCertParser parser = new X509AttrCertParser(); |
---|
35 | parser.engineInit(fis); |
---|
36 | m_ac = (X509V2AttributeCertificate)parser.engineRead(); |
---|
37 | m_id = null; |
---|
38 | |
---|
39 | for (X509CertificateObject id: s_ids) { |
---|
40 | try { |
---|
41 | m_ac.verify(id.getPublicKey(), "BC"); |
---|
42 | m_id = id; |
---|
43 | break; |
---|
44 | } |
---|
45 | // catch (InvalidKeyException e) { |
---|
46 | catch (Exception e) { |
---|
47 | System.err.println("validate" + e); |
---|
48 | } |
---|
49 | } |
---|
50 | if (m_id == null) throw new InvalidKeyException("Unknown identity"); |
---|
51 | |
---|
52 | load_roles(); |
---|
53 | } |
---|
54 | |
---|
55 | /** |
---|
56 | * Create a credential from an attribute cert. Throws an exception if the |
---|
57 | * cert file can't be opened or if there's a format problem with the cert. |
---|
58 | */ |
---|
59 | public Credential(String filename) throws Exception { |
---|
60 | init(filename); |
---|
61 | } |
---|
62 | |
---|
63 | /** |
---|
64 | * Create a credential from an attribute cert. Throws an exception if the |
---|
65 | * cert file can't be opened or if there's a format problem with the cert. |
---|
66 | */ |
---|
67 | public Credential(File file) throws Exception { |
---|
68 | init(file.getPath()); |
---|
69 | } |
---|
70 | |
---|
71 | |
---|
72 | /** |
---|
73 | * Load the roles off the attribute cert. Throws a RuntimeException if |
---|
74 | * there's something wrong with the cert. |
---|
75 | */ |
---|
76 | private void load_roles() throws RuntimeException { |
---|
77 | String roles = null; |
---|
78 | try { |
---|
79 | X509Attribute attr = m_ac.getAttributes()[0]; |
---|
80 | |
---|
81 | DERSequence java = (DERSequence)attr.getValues()[0]; |
---|
82 | DERSequence fucking = (DERSequence)java.getObjectAt(0); |
---|
83 | DERUTF8String sucks = (DERUTF8String)fucking.getObjectAt(0); |
---|
84 | |
---|
85 | roles = sucks.getString(); |
---|
86 | } |
---|
87 | catch (Exception e) { |
---|
88 | throw new RuntimeException("Your attribute certificate is funky and I'm not gonna debug it", e); |
---|
89 | } |
---|
90 | |
---|
91 | String[] parts = roles.split("\\s*<--?\\s*"); |
---|
92 | if (parts.length != 2) |
---|
93 | throw new RuntimeException("Invalid attribute: " + roles); |
---|
94 | |
---|
95 | m_head = new Role(parts[0]); |
---|
96 | m_tail = new Role(parts[1]); |
---|
97 | } |
---|
98 | |
---|
99 | /** |
---|
100 | * Get the head role from the credential. |
---|
101 | */ |
---|
102 | public Role head() { |
---|
103 | return m_head; |
---|
104 | } |
---|
105 | |
---|
106 | /** |
---|
107 | * Get the tail role from the credential |
---|
108 | */ |
---|
109 | public Role tail() { |
---|
110 | return m_tail; |
---|
111 | } |
---|
112 | |
---|
113 | /** |
---|
114 | * Gets the cert associated with this credential (if any). |
---|
115 | */ |
---|
116 | public X509V2AttributeCertificate cert() { |
---|
117 | return m_ac; |
---|
118 | } |
---|
119 | |
---|
120 | /** |
---|
121 | * Turn the credential into string form. The format is head <- tail. For |
---|
122 | * example: A.r1 <- B.r2.r3. |
---|
123 | */ |
---|
124 | public String toString() { |
---|
125 | return m_head + " <- " + m_tail; |
---|
126 | } |
---|
127 | |
---|
128 | private Role m_head, m_tail; |
---|
129 | |
---|
130 | private X509V2AttributeCertificate m_ac; |
---|
131 | private X509CertificateObject m_id; |
---|
132 | |
---|
133 | public static boolean addIdentity(String filename) throws |
---|
134 | CertificateException, NoSuchAlgorithmException,InvalidKeyException, |
---|
135 | NoSuchProviderException, SignatureException, FileNotFoundException, |
---|
136 | IOException { |
---|
137 | PEMReader pr = new PEMReader(new FileReader(filename)); |
---|
138 | Object c = pr.readObject(); |
---|
139 | |
---|
140 | if (c instanceof X509CertificateObject) { |
---|
141 | X509CertificateObject cert = (X509CertificateObject) c; |
---|
142 | |
---|
143 | cert.verify(cert.getPublicKey()); |
---|
144 | s_ids.add(cert); |
---|
145 | return true; |
---|
146 | } |
---|
147 | else return false; |
---|
148 | } |
---|
149 | public static boolean addIdentity(File file) throws |
---|
150 | CertificateException, NoSuchAlgorithmException,InvalidKeyException, |
---|
151 | NoSuchProviderException, SignatureException, FileNotFoundException, |
---|
152 | IOException { |
---|
153 | return addIdentity(file.getPath()); |
---|
154 | } |
---|
155 | |
---|
156 | } |
---|