Context Navigation

source: java/net/deterlab/abac/Credential.java @ a7f73b5

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml

Last change on this file since a7f73b5 was a7f73b5, checked in by Ted Faber <faber@…>, 11 years ago
Document cleanup. Change a few visibilities.
Property mode set to `100644`
File size: 7.3 KB

Line
1	package net.deterlab.abac;
2
3	import java.io.*;
4	import java.math.*;
5
6	import java.util.*;
7	import java.security.*;
8	import java.security.cert.*;
9
10	import javax.security.auth.x500.*;
11
12	import org.bouncycastle.asn1.*;
13	import org.bouncycastle.asn1.x509.*;
14	import org.bouncycastle.x509.*;
15	import org.bouncycastle.x509.util.*;
16	import org.bouncycastle.openssl.*;
17
18	/**
19	* An ABAC credential, with or without an underlying certificate that
20	* represents it. These are edges in proof graphs and can be constructed from
21	* their constituent Roles.
22	* @author <a href="http://abac.deterlab.net">ISI ABAC team</a>
23	* @version 1.4
24	*/
25	public abstract class Credential implements Comparable {
26	/** The role at the head */
27	protected Role m_head
28	/** The role at the tail */;
29	protected Role m_tail;
30	/** The identity that issued the certificate */
31	protected Identity id;
32
33	/**
34	* Create an empty Credential.
35	*/
36	Credential() {
37	m_head = m_tail = null;
38	id = null;
39	}
40	/**
41	* Create a credential from a head and tail role. This credential has no
42	* underlying certificate, and cannot be exported or used in real proofs.
43	* make_cert can create a certificate for a credential initialized this
44	* way.
45	* @param head the Role at the head of the credential
46	* @param tail the Role at the tail of the credential
47	*/
48	Credential(Role head, Role tail) {
49	m_head = head;
50	m_tail = tail;
51	id = null;
52	}
53
54	/**
55	* Create a credential from an attribute cert in a file. Throws an
56	* exception if the cert file can't be opened or if there's a format
57	* problem with the cert. Note that catching
58	* java.security.GeneralSecurityException catches most of the exceptions
59	* this throws.
60	* @param filename a String containing the filename to read
61	* @param ids a Collection of Identities to use in validating the cert
62	* @throws CertInvalidException if the stream is unparsable
63	* @throws MissingIssuerException if none of the Identities can validate the
64	* certificate
65	* @throws BadSignatureException if the signature check fails
66	*/
67	Credential(String filename, Collection<Identity> ids)
68	throws ABACException { this(); }
69
70	/**
71	* Create a credential from an attribute cert in a file. Throws an
72	* exception if the cert file can't be opened or if there's a format
73	* problem with the cert. Note that catching
74	* java.security.GeneralSecurityException catches most of the exceptions
75	* this throws.
76	* @param file the File to read
77	* @param ids a Collection of Identities to use in validating the cert
78	* @throws CertInvalidException if the stream is unparsable
79	* @throws MissingIssuerException if none of the Identities can validate the
80	* certificate
81	* @throws BadSignatureException if the signature check fails
82	*/
83	Credential(File file, Collection<Identity> ids)
84	throws ABACException {
85	this();
86	}
87
88	/**
89	* Create a credential from an InputStream. Throws an exception if the
90	* stream can't be parsed or if there's a format problem with the cert.
91	* Note that catching java.security.GeneralSecurityException catches most
92	* of the exceptions this throws.
93	* @param s the InputStream to read
94	* @param ids a Collection of Identities to use in validating the cert
95	* @throws CertInvalidException if the stream is unparsable
96	* @throws MissingIssuerException if none of the Identities can validate the
97	* certificate
98	* @throws BadSignatureException if the signature check fails
99	*/
100	Credential(InputStream s, Collection<Identity> ids)
101	throws ABACException {
102	this();
103	}
104
105
106	/**
107	* Create a certificate from this credential issued by the given identity.
108	* Note that catching java.security.GeneralSecurityException catches most
109	* of the exceptions this throws.
110	* @param i the Identity that will issue the certificate
111	* @throws ABACException for Credential-specific errors
112	* @throws MissingIssuerException the identity is invalid
113	* @throws BadSignatureException if the signature creation fails
114	*/
115	public abstract void make_cert(Identity i)
116	throws ABACException;
117
118	/**
119	* Return true if 2 credentials represent the same ABAC. Two credentials
120	* are the same if their roles are the same.
121	* @param o an Object to compare
122	* @return true if the Credentials have the Roles
123	*/
124	public boolean equals(Object o) {
125	if ( o instanceof Credential ) {
126	Credential c = (Credential) o;
127
128	if (m_head == null \|\| m_tail == null ) return false;
129	else return (m_head.equals(c.head()) && m_tail.equals(c.tail()));
130	}
131	else return false;
132	}
133
134	/**
135	* Compare 2 credentials for sorting. They are ordered by their Roles,
136	* head then tail.
137	* @param o an Object to compare
138	* @return -1 if this Credential is before, 0 if they are the same, and 1
139	* if this Credential is after the given object.
140	*/
141	public int compareTo(Object o) {
142	if (o instanceof Credential) {
143	Credential c = (Credential) o;
144
145	if (head().equals(c.head())) return tail().compareTo(c.tail());
146	else return head().compareTo(c.head());
147	}
148	else return 1;
149	}
150
151
152	/**
153	* Get the head role from the credential.
154	* @return the Role in the head
155	*/
156	public Role head() { return m_head; }
157
158	/**
159	* Get the tail role from the credential
160	* @return the Role in the tail
161	*/
162	public Role tail() { return m_tail; }
163
164	/**
165	* Return an untranslated string form of the credential. The format is head
166	* <- tail. For example: A.r1 <- B.r2.r3. Principal names are key
167	* identifiers.
168	* @return the string form
169	*/
170	public String toString() {
171	return m_head + " <- " + m_tail;
172	}
173
174	/**
175	* Return a translated string form of the credential. The format is head
176	* <- tail. For example: A.r1 <- B.r2.r3. Principal names are
177	* shortened to menmonics if the Context knows the identity.
178	* @param c the Context to translate names in
179	* @return the string form
180	*/
181	public String simpleString(Context c) {
182	return m_head.simpleString(c) + " <- " + m_tail.simpleString(c);
183	}
184
185	/**
186	* Output the external representation of the Credential to the OutputStream
187	* given. Subclasses will overload this for their output format.
188	* @param s the OutputStream on which to write
189	* @throws IOException if there is an error writing.
190	*/
191	public abstract void write(OutputStream s) throws IOException;
192
193	/**
194	* Output the external representation of the Credential to the filename
195	* given. Subclasses will overload this for their output format.
196	* @param fn a String containing the output filename
197	* @throws IOException if there is an error writing.
198	*/
199	public abstract void write(String fn)
200	throws IOException, FileNotFoundException;
201
202	/**
203	* Return true if this Credential has a certificate associated. A jabac
204	* extension.
205	* @return true if this Credential has a certificate associated.
206	*/
207	public abstract boolean hasCertificate();
208
209	/**
210	* Return the Identity that issued the underlying certificate (if any). A
211	* jabac extension.
212	* @return the Identity that issued the underlying certificate.
213	*/
214	public Identity issuer() { return id; }
215
216	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: