source: java/net/deterlab/abac/Credential.java @ cfcdcb4b

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since cfcdcb4b was cfcdcb4b, checked in by Ted Faber <faber@…>, 13 years ago

Equality
  • Property mode set to 100644
File size: 4.7 KB
Line 
1package net.deterlab.abac;
2
3import java.io.*;
4
5import java.util.*;
6import java.security.*;
7import java.security.cert.*;
8
9import net.deterlab.abac.Identity;
10
11import org.bouncycastle.asn1.*;
12import org.bouncycastle.x509.*;
13import org.bouncycastle.jce.provider.X509AttrCertParser;
14import org.bouncycastle.jce.provider.X509CertificateObject;
15import org.bouncycastle.openssl.PEMReader;
16
17public class Credential {
18    protected static Vector<Identity> s_ids = new Vector<Identity>();
19
20    /**
21     * A dummy credential.
22     */
23    public Credential() {
24        m_head = m_tail = null;
25        m_ac = null;
26        m_id = null;
27    }
28    /**
29     * Create a credential from a head and tail role. This is only for testing.
30     * In a real implementation the Credential must be loaded from an X.509
31     * attribute cert.
32     */
33    public Credential(Role head, Role tail) {
34        m_head = head;
35        m_tail = tail;
36        m_ac = null; 
37        m_id = null;
38    }
39
40    /**
41     * Do the credential initialization from a filename.
42     */
43    protected void init(InputStream stream) throws Exception {
44        X509AttrCertParser parser = new X509AttrCertParser();
45        parser.engineInit(stream);
46        m_ac = (X509V2AttributeCertificate)parser.engineRead();
47        m_id = null;
48
49        for (Identity id: s_ids) {
50            try {
51                m_ac.verify(id.getCertificate().getPublicKey(), "BC");
52                m_id = id;
53                break;
54            }
55            catch (InvalidKeyException e) { }
56        }
57        if (m_id == null) throw new InvalidKeyException("Unknown identity");
58
59        load_roles();
60    }
61
62    /**
63     * Create a credential from an attribute cert. Throws an exception if the
64     * cert file can't be opened or if there's a format problem with the cert.
65     */
66    public Credential(String filename) throws Exception {
67        init(new FileInputStream(filename));
68    }
69
70    /**
71     * Create a credential from an attribute cert. Throws an exception if the
72     * cert file can't be opened or if there's a format problem with the cert.
73     */
74    public Credential(File file) throws Exception {
75        init(new FileInputStream(file));
76    }
77
78    /**
79     * Create a credential from an InputStream.
80     */
81    public Credential(InputStream s) throws Exception { 
82        init(s);
83    }
84
85
86    /**
87     * Load the roles off the attribute cert. Throws a RuntimeException if
88     * there's something wrong with the cert.
89     */
90    private void load_roles() throws RuntimeException {
91        String roles = null;
92        try {
93            X509Attribute attr = m_ac.getAttributes()[0];
94
95            DERSequence    java     = (DERSequence)attr.getValues()[0];
96            DERSequence    fucking  = (DERSequence)java.getObjectAt(0);
97            DERUTF8String  sucks    = (DERUTF8String)fucking.getObjectAt(0);
98
99            roles = sucks.getString();
100        }
101        catch (Exception e) {
102            throw new RuntimeException("Your attribute certificate is funky and I'm not gonna debug it", e);
103        }
104
105        String[] parts = roles.split("\\s*<--?\\s*");
106        if (parts.length != 2)
107            throw new RuntimeException("Invalid attribute: " + roles);
108
109        m_head = new Role(parts[0]);
110        m_tail = new Role(parts[1]);
111    }
112
113    /**
114     * Two credentials are the same if their roles are the same.
115     */
116    public boolean equals(Object o) {
117        if ( o instanceof Credential ) {
118            Credential c = (Credential) o;
119
120            if (m_head == null || m_tail == null ) return false;
121            else return (m_head.equals(c.head()) && m_tail.equals(c.tail()));
122        }
123        else return false;
124    }
125
126    /**
127     * Get the head role from the credential.
128     */
129    public Role head() {
130        return m_head;
131    }
132
133    /**
134     * Get the tail role from the credential
135     */
136    public Role tail() {
137        return m_tail;
138    }
139
140    /**
141     * Gets the cert associated with this credential (if any).
142     */
143    public X509V2AttributeCertificate cert() {
144        return m_ac;
145    }
146
147    /**
148     * Turn the credential into string form. The format is head &lt;- tail. For
149     * example: A.r1 &lt;- B.r2.r3.
150     */
151    public String toString() {
152        return m_head + " <- " + m_tail;
153    }
154
155    public String simpleString() {
156        return m_head.simpleString() + " <- " + m_tail.simpleString();
157    }
158
159    public void write(OutputStream s) throws IOException {
160        s.write(m_ac.getEncoded());
161    }
162
163    public void write(String fn) throws IOException, FileNotFoundException {
164        write(new FileOutputStream(fn));
165    }
166
167    public boolean hasCertificate() { return m_ac != null; }
168
169    private Role m_head, m_tail;
170
171    private X509V2AttributeCertificate m_ac;
172    private Identity m_id;
173
174    public static void addIdentity(Identity id) { 
175        s_ids.add(id);
176        if (id.getName() != null && id.getKeyID() != null) 
177            Role.add_mapping(id.getName(), id.getKeyID());
178    }
179    public static Collection<Identity> identities() { return s_ids; }
180}
Note: See TracBrowser for help on using the repository browser.