Context Navigation

source: java/net/deterlab/abac/Credential.java @ a1a9a47

abac0-leakabac0-mei

Last change on this file since a1a9a47 was a1a9a47, checked in by Ted Faber <faber@…>, 11 years ago
Bump version
Property mode set to `100644`
File size: 9.2 KB

Line
1	package net.deterlab.abac;
2
3	import java.io.*;
4	import java.math.*;
5
6	import java.util.*;
7	import java.security.*;
8	import java.security.cert.*;
9
10	import javax.security.auth.x500.*;
11
12	import org.bouncycastle.asn1.*;
13	import org.bouncycastle.asn1.x509.*;
14	import org.bouncycastle.x509.*;
15	import org.bouncycastle.x509.util.*;
16	import org.bouncycastle.openssl.*;
17
18	/**
19	* An ABAC credential, with or without an underlying certificate that
20	* represents it. These are edges in proof graphs and can be constructed from
21	* their constituent Roles.
22	* @author <a href="http://abac.deterlab.net">ISI ABAC team</a>
23	* @version 1.5
24	*/
25	public abstract class Credential implements Comparable {
26	/** Default validity period (in seconds) */
27	static public long defaultValidity = 3600L * 24L * 365L;
28	/** The role at the head */
29	protected Role m_head
30	/** The role at the tail */;
31	protected Role m_tail;
32	/** The identity that issued the certificate */
33	protected Identity id;
34	/** The expiration time of the credential */
35	protected Date m_expiration;
36	/**
37	* Suggested file suffix to save this format credential under. Subclasses
38	should override it.
39	*/
40	protected String suffix;
41	/** Default file suffix. */
42	private static final String defSuffix = ".cred";
43
44	/**
45	* Create an empty Credential.
46	*/
47	Credential() {
48	m_head = m_tail = null;
49	id = null;
50	m_expiration = null;
51	suffix = defSuffix;
52	}
53	/**
54	* Create a credential from a head and tail role. This credential has no
55	* underlying certificate, and cannot be exported or used in real proofs.
56	* make_cert can create a certificate for a credential initialized this
57	* way.
58	* @param head the Role at the head of the credential
59	* @param tail the Role at the tail of the credential
60	*/
61	Credential(Role head, Role tail) {
62	m_head = head;
63	m_tail = tail;
64	id = null;
65	m_expiration = null;
66	suffix = defSuffix;
67	}
68
69	/**
70	* Create a credential from an attribute cert in a file. Throws an
71	* exception if the cert file can't be opened or if there's a format
72	* problem with the cert. Note that catching
73	* java.security.GeneralSecurityException catches most of the exceptions
74	* this throws.
75	* @param filename a String containing the filename to read
76	* @param ids a Collection of Identities to use in validating the cert
77	* @throws CertInvalidException if the stream is unparsable
78	* @throws MissingIssuerException if none of the Identities can validate the
79	* certificate
80	* @throws BadSignatureException if the signature check fails
81	*/
82	Credential(String filename, Collection<Identity> ids)
83	throws ABACException { this(); }
84
85	/**
86	* Create a credential from an attribute cert in a file. Throws an
87	* exception if the cert file can't be opened or if there's a format
88	* problem with the cert. Note that catching
89	* java.security.GeneralSecurityException catches most of the exceptions
90	* this throws.
91	* @param file the File to read
92	* @param ids a Collection of Identities to use in validating the cert
93	* @throws CertInvalidException if the stream is unparsable
94	* @throws MissingIssuerException if none of the Identities can validate the
95	* certificate
96	* @throws BadSignatureException if the signature check fails
97	*/
98	Credential(File file, Collection<Identity> ids)
99	throws ABACException { this(); }
100
101	/**
102	* Create a credential from an InputStream. Throws an exception if the
103	* stream can't be parsed or if there's a format problem with the cert.
104	* Note that catching java.security.GeneralSecurityException catches most
105	* of the exceptions this throws.
106	* @param s the InputStream to read
107	* @param ids a Collection of Identities to use in validating the cert
108	* @throws CertInvalidException if the stream is unparsable
109	* @throws MissingIssuerException if none of the Identities can validate the
110	* certificate
111	* @throws BadSignatureException if the signature check fails
112	*/
113	Credential(InputStream s, Collection<Identity> ids)
114	throws ABACException { this(); }
115
116	/**
117	* Create a certificate from this credential issued by the given identity,
118	* valid for the given time.
119	* @param i the Identity that will issue the certificate
120	* @param validity a long holding the number of seconds that the credential
121	* is valid for.
122	* @throws ABACException for Credential-specific errors
123	* @throws MissingIssuerException the identity is invalid
124	* @throws BadSignatureException if the signature creation fails
125	*/
126	public abstract void make_cert(Identity i, long validity)
127	throws ABACException;
128	/**
129	* Create a certificate from this credential issued by the given identity,
130	* valid for the default interval.
131	* @param i the Identity that will issue the certificate
132	* @throws ABACException for Credential-specific errors
133	* @throws MissingIssuerException the identity is invalid
134	* @throws BadSignatureException if the signature creation fails
135	*/
136	public abstract void make_cert(Identity i)
137	throws ABACException;
138
139	/**
140	* Return true if 2 credentials represent the same ABAC. Two credentials
141	* are the same if their roles are the same.
142	* @param o an Object to compare
143	* @return true if the Credentials have the Roles
144	*/
145	public boolean equals(Object o) {
146	if ( o instanceof Credential ) {
147	Credential c = (Credential) o;
148
149	if (m_head == null \|\| m_tail == null ) return false;
150	else return (m_head.equals(c.head()) && m_tail.equals(c.tail()));
151	}
152	else return false;
153	}
154
155	/**
156	* Return a hash code for the Credential - the hashes of its roles.
157	* @return an int, the hashCode
158	*/
159	public int hashCode() {
160	if ( m_head == null \|\| m_tail == null) return super.hashCode();
161
162	return m_head.hashCode() + m_tail.hashCode();
163	}
164
165	/**
166	* Compare 2 credentials for sorting. They are ordered by their Roles,
167	* head then tail.
168	* @param o an Object to compare
169	* @return -1 if this Credential is before, 0 if they are the same, and 1
170	* if this Credential is after the given object.
171	*/
172	public int compareTo(Object o) {
173	if (o instanceof Credential) {
174	Credential c = (Credential) o;
175
176	if (head().equals(c.head())) return tail().compareTo(c.tail());
177	else return head().compareTo(c.head());
178	}
179	else return 1;
180	}
181
182
183	/**
184	* Get the head role from the credential.
185	* @return the Role in the head
186	*/
187	public Role head() { return m_head; }
188
189	/**
190	* Get the tail role from the credential
191	* @return the Role in the tail
192	*/
193	public Role tail() { return m_tail; }
194
195	/**
196	* Get the expiration Date of the credential.
197	*/
198	public Date expiration() { return m_expiration; }
199
200	/**
201	* Return an untranslated string form of the credential. The format is head
202	* <- tail. For example: A.r1 <- B.r2.r3. Principal names are key
203	* identifiers.
204	* @return the string form
205	*/
206	public String toString() {
207	return m_head + " <- " + m_tail;
208	}
209
210	/**
211	* Return a translated string form of the credential. The format is head
212	* <- tail. For example: A.r1 <- B.r2.r3. Principal names are
213	* shortened to menmonics if the Context knows the identity.
214	* @param c the Context to translate names in
215	* @return the string form
216	*/
217	public String simpleString(Context c) {
218	return m_head.simpleString(c) + " <- " + m_tail.simpleString(c);
219	}
220
221	/**
222	* Output the external representation of the Credential to the OutputStream
223	* given. Subclasses will overload this for their output format.
224	* @param s the OutputStream on which to write
225	* @throws IOException if there is an error writing.
226	*/
227	public abstract void write(OutputStream s) throws IOException;
228
229	/**
230	* Output the external representation of the Credential to the filename
231	* given. Subclasses will overload this for their output format.
232	* @param fn a String containing the output filename
233	* @throws IOException if there is an error writing.
234	*/
235	public abstract void write(String fn)
236	throws IOException, FileNotFoundException;
237
238	/**
239	* Return true if this Credential has a certificate associated. A jabac
240	* extension.
241	* @return true if this Credential has a certificate associated.
242	*/
243	public abstract boolean hasCertificate();
244
245	/**
246	* Return the Identity that issued the underlying certificate (if any). A
247	* jabac extension.
248	* @return the Identity that issued the underlying certificate.
249	*/
250	public Identity issuer() { return id; }
251
252	/**
253	* Return an suggested suffix for output files (most start with a ".").
254	* @return a String, an optional suffix for output files.
255	*/
256	public String getSuffix() { return suffix; }
257
258	/**
259	* Set the suggested suffix for output files (most start with a ".").
260	* Available for subclasses to set the value without knowing the member
261	* name.
262	* @param suff a String, an optional suffix for output files.
263	*/
264	protected void setSuffix(String suff) { suffix = suff; }
265
266	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: