Context Navigation

source: java/net/deterlab/abac/Credential.java @ 7f614c1

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml

Last change on this file since 7f614c1 was 7f614c1, checked in by Ted Faber <faber@…>, 11 years ago
Add expirations to all credentials
Property mode set to `100644`
File size: 7.6 KB

Line
1	package net.deterlab.abac;
2
3	import java.io.*;
4	import java.math.*;
5
6	import java.util.*;
7	import java.security.*;
8	import java.security.cert.*;
9
10	import javax.security.auth.x500.*;
11
12	import org.bouncycastle.asn1.*;
13	import org.bouncycastle.asn1.x509.*;
14	import org.bouncycastle.x509.*;
15	import org.bouncycastle.x509.util.*;
16	import org.bouncycastle.openssl.*;
17
18	/**
19	* An ABAC credential, with or without an underlying certificate that
20	* represents it. These are edges in proof graphs and can be constructed from
21	* their constituent Roles.
22	* @author <a href="http://abac.deterlab.net">ISI ABAC team</a>
23	* @version 1.4
24	*/
25	public abstract class Credential implements Comparable {
26	/** The role at the head */
27	protected Role m_head
28	/** The role at the tail */;
29	protected Role m_tail;
30	/** The identity that issued the certificate */
31	protected Identity id;
32	/** The expiration time of the credential */
33	protected Date m_expiration;
34
35	/**
36	* Create an empty Credential.
37	*/
38	Credential() {
39	m_head = m_tail = null;
40	id = null;
41	m_expiration = null;
42	}
43	/**
44	* Create a credential from a head and tail role. This credential has no
45	* underlying certificate, and cannot be exported or used in real proofs.
46	* make_cert can create a certificate for a credential initialized this
47	* way.
48	* @param head the Role at the head of the credential
49	* @param tail the Role at the tail of the credential
50	*/
51	Credential(Role head, Role tail) {
52	m_head = head;
53	m_tail = tail;
54	id = null;
55	m_expiration = null;
56	}
57
58	/**
59	* Create a credential from an attribute cert in a file. Throws an
60	* exception if the cert file can't be opened or if there's a format
61	* problem with the cert. Note that catching
62	* java.security.GeneralSecurityException catches most of the exceptions
63	* this throws.
64	* @param filename a String containing the filename to read
65	* @param ids a Collection of Identities to use in validating the cert
66	* @throws CertInvalidException if the stream is unparsable
67	* @throws MissingIssuerException if none of the Identities can validate the
68	* certificate
69	* @throws BadSignatureException if the signature check fails
70	*/
71	Credential(String filename, Collection<Identity> ids)
72	throws ABACException { this(); }
73
74	/**
75	* Create a credential from an attribute cert in a file. Throws an
76	* exception if the cert file can't be opened or if there's a format
77	* problem with the cert. Note that catching
78	* java.security.GeneralSecurityException catches most of the exceptions
79	* this throws.
80	* @param file the File to read
81	* @param ids a Collection of Identities to use in validating the cert
82	* @throws CertInvalidException if the stream is unparsable
83	* @throws MissingIssuerException if none of the Identities can validate the
84	* certificate
85	* @throws BadSignatureException if the signature check fails
86	*/
87	Credential(File file, Collection<Identity> ids)
88	throws ABACException {
89	this();
90	}
91
92	/**
93	* Create a credential from an InputStream. Throws an exception if the
94	* stream can't be parsed or if there's a format problem with the cert.
95	* Note that catching java.security.GeneralSecurityException catches most
96	* of the exceptions this throws.
97	* @param s the InputStream to read
98	* @param ids a Collection of Identities to use in validating the cert
99	* @throws CertInvalidException if the stream is unparsable
100	* @throws MissingIssuerException if none of the Identities can validate the
101	* certificate
102	* @throws BadSignatureException if the signature check fails
103	*/
104	Credential(InputStream s, Collection<Identity> ids)
105	throws ABACException {
106	this();
107	}
108
109
110	/**
111	* Create a certificate from this credential issued by the given identity.
112	* Note that catching java.security.GeneralSecurityException catches most
113	* of the exceptions this throws.
114	* @param i the Identity that will issue the certificate
115	* @throws ABACException for Credential-specific errors
116	* @throws MissingIssuerException the identity is invalid
117	* @throws BadSignatureException if the signature creation fails
118	*/
119	public abstract void make_cert(Identity i)
120	throws ABACException;
121
122	/**
123	* Return true if 2 credentials represent the same ABAC. Two credentials
124	* are the same if their roles are the same.
125	* @param o an Object to compare
126	* @return true if the Credentials have the Roles
127	*/
128	public boolean equals(Object o) {
129	if ( o instanceof Credential ) {
130	Credential c = (Credential) o;
131
132	if (m_head == null \|\| m_tail == null ) return false;
133	else return (m_head.equals(c.head()) && m_tail.equals(c.tail()));
134	}
135	else return false;
136	}
137
138	/**
139	* Compare 2 credentials for sorting. They are ordered by their Roles,
140	* head then tail.
141	* @param o an Object to compare
142	* @return -1 if this Credential is before, 0 if they are the same, and 1
143	* if this Credential is after the given object.
144	*/
145	public int compareTo(Object o) {
146	if (o instanceof Credential) {
147	Credential c = (Credential) o;
148
149	if (head().equals(c.head())) return tail().compareTo(c.tail());
150	else return head().compareTo(c.head());
151	}
152	else return 1;
153	}
154
155
156	/**
157	* Get the head role from the credential.
158	* @return the Role in the head
159	*/
160	public Role head() { return m_head; }
161
162	/**
163	* Get the tail role from the credential
164	* @return the Role in the tail
165	*/
166	public Role tail() { return m_tail; }
167
168	/**
169	* Get the expiration Date of the credential.
170	*/
171	public Date expiration() { return m_expiration; }
172
173	/**
174	* Return an untranslated string form of the credential. The format is head
175	* <- tail. For example: A.r1 <- B.r2.r3. Principal names are key
176	* identifiers.
177	* @return the string form
178	*/
179	public String toString() {
180	return m_head + " <- " + m_tail;
181	}
182
183	/**
184	* Return a translated string form of the credential. The format is head
185	* <- tail. For example: A.r1 <- B.r2.r3. Principal names are
186	* shortened to menmonics if the Context knows the identity.
187	* @param c the Context to translate names in
188	* @return the string form
189	*/
190	public String simpleString(Context c) {
191	return m_head.simpleString(c) + " <- " + m_tail.simpleString(c);
192	}
193
194	/**
195	* Output the external representation of the Credential to the OutputStream
196	* given. Subclasses will overload this for their output format.
197	* @param s the OutputStream on which to write
198	* @throws IOException if there is an error writing.
199	*/
200	public abstract void write(OutputStream s) throws IOException;
201
202	/**
203	* Output the external representation of the Credential to the filename
204	* given. Subclasses will overload this for their output format.
205	* @param fn a String containing the output filename
206	* @throws IOException if there is an error writing.
207	*/
208	public abstract void write(String fn)
209	throws IOException, FileNotFoundException;
210
211	/**
212	* Return true if this Credential has a certificate associated. A jabac
213	* extension.
214	* @return true if this Credential has a certificate associated.
215	*/
216	public abstract boolean hasCertificate();
217
218	/**
219	* Return the Identity that issued the underlying certificate (if any). A
220	* jabac extension.
221	* @return the Identity that issued the underlying certificate.
222	*/
223	public Identity issuer() { return id; }
224
225	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: