Context Navigation

source: java/net/deterlab/abac/Credential.java @ e8f8b79

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml

Last change on this file since e8f8b79 was e8f8b79, checked in by Ted Faber <faber@…>, 11 years ago
We really don't need that class method in Credential
Property mode set to `100644`
File size: 7.4 KB

Line
1	package net.deterlab.abac;
2
3	import java.io.*;
4	import java.math.*;
5
6	import java.util.*;
7	import java.security.*;
8	import java.security.cert.*;
9
10	import javax.security.auth.x500.*;
11
12	import org.bouncycastle.asn1.*;
13	import org.bouncycastle.asn1.x509.*;
14	import org.bouncycastle.x509.*;
15	import org.bouncycastle.x509.util.*;
16	import org.bouncycastle.openssl.*;
17
18	/**
19	* An ABAC credential, with or without an underlying certificate that
20	* represents it. These are edges in proof graphs and can be constructed from
21	* their constituent Roles.
22	* @author <a href="http://abac.deterlab.net">ISI ABAC team</a>
23	* @version 1.4
24	*/
25	public abstract class Credential implements Comparable {
26	/** The role at the head */
27	protected Role m_head
28	/** The role at the tail */;
29	protected Role m_tail;
30	/** The identity that issued the certificate */
31	protected Identity id;
32
33	/**
34	* Create an empty Credential.
35	*/
36	public Credential() {
37	m_head = m_tail = null;
38	id = null;
39	}
40	/**
41	* Create a credential from a head and tail role. This credential has no
42	* underlying certificate, and cannot be exported or used in real proofs.
43	* make_cert can create a certificate for a credential initialized this
44	* way.
45	* @param head the Role at the head of the credential
46	* @param tail the Role at the tail of the credential
47	*/
48	public Credential(Role head, Role tail) {
49	m_head = head;
50	m_tail = tail;
51	id = null;
52	}
53
54	/**
55	* Create a credential from an attribute cert in a file. Throws an
56	* exception if the cert file can't be opened or if there's a format
57	* problem with the cert. Note that catching
58	* java.security.GeneralSecurityException catches most of the exceptions
59	* this throws.
60	* @param filename a String containing the filename to read
61	* @param ids a Collection of Identities to use in validating the cert
62	* @throws CertInvalidException if the stream is unparsable
63	* @throws MissingIssuerException if none of the Identities can validate the
64	* certificate
65	* @throws BadSignatureException if the signature check fails
66	*/
67	Credential(String filename, Collection<Identity> ids)
68	throws ABACException { this(); }
69
70	/**
71	* Create a credential from an attribute cert in a file. Throws an
72	* exception if the cert file can't be opened or if there's a format
73	* problem with the cert. Note that catching
74	* java.security.GeneralSecurityException catches most of the exceptions
75	* this throws.
76	* @param file the File to read
77	* @param ids a Collection of Identities to use in validating the cert
78	* @throws CertInvalidException if the stream is unparsable
79	* @throws MissingIssuerException if none of the Identities can validate the
80	* certificate
81	* @throws BadSignatureException if the signature check fails
82	*/
83	Credential(File file, Collection<Identity> ids)
84	throws ABACException {
85	this();
86	}
87
88	/**
89	* Create a credential from an InputStream. Throws an exception if the
90	* stream can't be parsed or if there's a format problem with the cert.
91	* Note that catching java.security.GeneralSecurityException catches most
92	* of the exceptions this throws.
93	* @param s the InputStream to read
94	* @param ids a Collection of Identities to use in validating the cert
95	* @throws CertInvalidException if the stream is unparsable
96	* @throws MissingIssuerException if none of the Identities can validate the
97	* certificate
98	* @throws BadSignatureException if the signature check fails
99	*/
100	Credential(InputStream s, Collection<Identity> ids)
101	throws ABACException {
102	this();
103	}
104
105
106	/**
107	* Create a certificate from this credential issued by the given identity.
108	* Note that catching java.security.GeneralSecurityException catches most
109	* of the exceptions this throws.
110	* @param i the Identity that will issue the certificate
111	* @throws ABACException for Credential-specific errors
112	* @throws MissingIssuerException the identity is invalid
113	* @throws BadSignatureException if the signature creation fails
114	*/
115	public abstract void make_cert(Identity i)
116	throws ABACException;
117
118	/**
119	* Two credentials are the same if their roles are the same.
120	* @param o an Object to compare
121	* @return true if the Credentials have the Roles
122	*/
123	public boolean equals(Object o) {
124	if ( o instanceof Credential ) {
125	Credential c = (Credential) o;
126
127	if (m_head == null \|\| m_tail == null ) return false;
128	else return (m_head.equals(c.head()) && m_tail.equals(c.tail()));
129	}
130	else return false;
131	}
132
133	/**
134	* Allow credentials to be compared. They are ordered by their Roles, head
135	* then tail.
136	* @param o an Object to compare
137	* @return -1 if this Credential is before, 0 if they are the same, and 1
138	* if this Credential is after the given object.
139	*/
140	public int compareTo(Object o) {
141	if (o instanceof Credential) {
142	Credential c = (Credential) o;
143
144	if (head().equals(c.head())) return tail().compareTo(c.tail());
145	else return head().compareTo(c.head());
146	}
147	else return 1;
148	}
149
150
151	/**
152	* Get the head role from the credential.
153	* @return the Role in the head
154	*/
155	public Role head() { return m_head; }
156
157	/**
158	* Get the tail role from the credential
159	* @return the Role in the tail
160	*/
161	public Role tail() { return m_tail; }
162
163	/**
164	* Turn the credential into string form. The format is head <- tail. For
165	* example: A.r1 <- B.r2.r3. Principal names are key identifiers.
166	* @return the string form
167	*/
168	public String toString() {
169	return m_head + " <- " + m_tail;
170	}
171
172	/**
173	* Turn the credential into string form. The format is head <- tail. For
174	* example: A.r1 <- B.r2.r3. Principal names are shortened to menmonics
175	* if the Context knows the identity.
176	* @param c the Context to translate names in
177	* @return the string form
178	*/
179	public String simpleString(Context c) {
180	return m_head.simpleString(c) + " <- " + m_tail.simpleString(c);
181	}
182
183	/**
184	* Output the DER formatted attribute certificate associated with this
185	* Credential to the OutputStream.
186	* @param s the OutputStream on which to write
187	* @throws IOException if there is an error writing.
188	*/
189	public abstract void write(OutputStream s) throws IOException;
190
191	/**
192	* Output the DER formatted attribute certificate associated with this
193	* Credential to the filename given.
194	* @param fn a String containing the output filename
195	* @throws IOException if there is an error writing.
196	*/
197	public abstract void write(String fn)
198	throws IOException, FileNotFoundException;
199
200	/**
201	* Return true if this Credential has a certificate associated. A jabac
202	* extension.
203	* @return true if this Credential has a certificate associated.
204	*/
205	public abstract boolean hasCertificate();
206
207	/**
208	* Return the Identity that issued the underlying certificate. A jabac
209	* extension.
210	* @return the Identity that issued the underlying certificate.
211	*/
212	public Identity issuer() { return id; }
213	/**
214	* Return the X509Certificate that issued the underlying certificate.
215	* @return the X509Certificate that issued the underlying certificate.
216	*/
217	public X509Certificate issuerCert() { return id.getCertificate(); }
218
219	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: