source: java/net/deterlab/abac/Credential.java @ 7ef13e3

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since 7ef13e3 was 7ef13e3, checked in by Ted Faber <faber@…>, 13 years ago

Validate credentials.
  • Property mode set to 100644
File size: 4.3 KB
Line 
1package net.deterlab.abac;
2
3import java.io.*;
4
5import java.util.*;
6import java.security.*;
7import java.security.cert.*;
8
9
10import org.bouncycastle.asn1.*;
11import org.bouncycastle.x509.*;
12import org.bouncycastle.jce.provider.X509AttrCertParser;
13import org.bouncycastle.jce.provider.X509CertificateObject;
14import org.bouncycastle.openssl.PEMReader;
15
16public class Credential {
17    protected static Vector<X509CertificateObject> s_ids = 
18        new Vector<X509CertificateObject>();
19    /**
20     * Create a credential from a head and tail role. This is only for testing.
21     * In a real implementation the Credential must be loaded from an X.509
22     * attribute cert.
23     */
24    public Credential(Role head, Role tail) {
25        m_head = head;
26        m_tail = tail;
27    }
28
29    /**
30     * Do the credential initialization from a filename.
31     */
32    protected void init(String filename) throws Exception {
33        FileInputStream fis = new FileInputStream(filename);
34        X509AttrCertParser parser = new X509AttrCertParser();
35        parser.engineInit(fis);
36        m_ac = (X509V2AttributeCertificate)parser.engineRead();
37        m_id = null;
38
39        for (X509CertificateObject id: s_ids) {
40            try {
41                m_ac.verify(id.getPublicKey(), "BC");
42                m_id = id;
43                break;
44            }
45            // catch (InvalidKeyException e) {
46            catch (Exception e) { 
47                System.err.println("validate" + e);
48            }
49        }
50        if (m_id == null) throw new InvalidKeyException("Unknown identity");
51
52        load_roles();
53    }
54
55    /**
56     * Create a credential from an attribute cert. Throws an exception if the
57     * cert file can't be opened or if there's a format problem with the cert.
58     */
59    public Credential(String filename) throws Exception {
60        init(filename);
61    }
62
63    /**
64     * Create a credential from an attribute cert. Throws an exception if the
65     * cert file can't be opened or if there's a format problem with the cert.
66     */
67    public Credential(File file) throws Exception {
68        init(file.getPath());
69    }
70
71
72    /**
73     * Load the roles off the attribute cert. Throws a RuntimeException if
74     * there's something wrong with the cert.
75     */
76    private void load_roles() throws RuntimeException {
77        String roles = null;
78        try {
79            X509Attribute attr = m_ac.getAttributes()[0];
80
81            DERSequence    java     = (DERSequence)attr.getValues()[0];
82            DERSequence    fucking  = (DERSequence)java.getObjectAt(0);
83            DERUTF8String  sucks    = (DERUTF8String)fucking.getObjectAt(0);
84
85            roles = sucks.getString();
86        }
87        catch (Exception e) {
88            throw new RuntimeException("Your attribute certificate is funky and I'm not gonna debug it", e);
89        }
90
91        String[] parts = roles.split("\\s*<--?\\s*");
92        if (parts.length != 2)
93            throw new RuntimeException("Invalid attribute: " + roles);
94
95        m_head = new Role(parts[0]);
96        m_tail = new Role(parts[1]);
97    }
98
99    /**
100     * Get the head role from the credential.
101     */
102    public Role head() {
103        return m_head;
104    }
105
106    /**
107     * Get the tail role from the credential
108     */
109    public Role tail() {
110        return m_tail;
111    }
112
113    /**
114     * Gets the cert associated with this credential (if any).
115     */
116    public X509V2AttributeCertificate cert() {
117        return m_ac;
118    }
119
120    /**
121     * Turn the credential into string form. The format is head &lt;- tail. For
122     * example: A.r1 &lt;- B.r2.r3.
123     */
124    public String toString() {
125        return m_head + " <- " + m_tail;
126    }
127
128    private Role m_head, m_tail;
129
130    private X509V2AttributeCertificate m_ac;
131    private X509CertificateObject m_id;
132
133    public static boolean addIdentity(String filename) throws 
134        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
135        NoSuchProviderException, SignatureException, FileNotFoundException,
136        IOException {
137            PEMReader pr = new PEMReader(new FileReader(filename));
138            Object c = pr.readObject();
139
140            if (c instanceof X509CertificateObject) {
141                X509CertificateObject cert = (X509CertificateObject) c;
142
143                cert.verify(cert.getPublicKey());
144                s_ids.add(cert);
145                return true;
146            }
147            else return false;
148    }
149    public static boolean addIdentity(File file) throws 
150        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
151        NoSuchProviderException, SignatureException, FileNotFoundException,
152        IOException {
153            return addIdentity(file.getPath());
154    }
155
156}
Note: See TracBrowser for help on using the repository browser.