source: java/net/deterlab/abac/Credential.java @ f6789db

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since f6789db was f6789db, checked in by Ted Faber <faber@…>, 13 years ago

Make it possible to tell what edges are implicit

  • Property mode set to 100644
File size: 4.4 KB
Line 
1package net.deterlab.abac;
2
3import java.io.*;
4
5import java.util.*;
6import java.security.*;
7import java.security.cert.*;
8
9import net.deterlab.abac.Identity;
10
11import org.bouncycastle.asn1.*;
12import org.bouncycastle.x509.*;
13import org.bouncycastle.jce.provider.X509AttrCertParser;
14import org.bouncycastle.jce.provider.X509CertificateObject;
15import org.bouncycastle.openssl.PEMReader;
16
17public class Credential {
18    protected static Vector<Identity> s_ids = new Vector<Identity>();
19
20    /**
21     * A dummy credential.
22     */
23    public Credential() {
24        m_head = m_tail = null;
25        m_ac = null;
26        m_id = null;
27    }
28    /**
29     * Create a credential from a head and tail role. This is only for testing.
30     * In a real implementation the Credential must be loaded from an X.509
31     * attribute cert.
32     */
33    public Credential(Role head, Role tail) {
34        m_head = head;
35        m_tail = tail;
36        m_ac = null; 
37        m_id = null;
38    }
39
40    /**
41     * Do the credential initialization from a filename.
42     */
43    protected void init(InputStream stream) throws Exception {
44        X509AttrCertParser parser = new X509AttrCertParser();
45        parser.engineInit(stream);
46        m_ac = (X509V2AttributeCertificate)parser.engineRead();
47        m_id = null;
48
49        for (Identity id: s_ids) {
50            try {
51                m_ac.verify(id.getCertificate().getPublicKey(), "BC");
52                m_id = id;
53                break;
54            }
55            catch (InvalidKeyException e) { }
56        }
57        if (m_id == null) throw new InvalidKeyException("Unknown identity");
58
59        load_roles();
60    }
61
62    /**
63     * Create a credential from an attribute cert. Throws an exception if the
64     * cert file can't be opened or if there's a format problem with the cert.
65     */
66    public Credential(String filename) throws Exception {
67        init(new FileInputStream(filename));
68    }
69
70    /**
71     * Create a credential from an attribute cert. Throws an exception if the
72     * cert file can't be opened or if there's a format problem with the cert.
73     */
74    public Credential(File file) throws Exception {
75        init(new FileInputStream(file));
76    }
77
78    /**
79     * Create a credential from an InputStream.
80     */
81    public Credential(InputStream s) throws Exception { 
82        init(s);
83    }
84
85
86    /**
87     * Load the roles off the attribute cert. Throws a RuntimeException if
88     * there's something wrong with the cert.
89     */
90    private void load_roles() throws RuntimeException {
91        String roles = null;
92        try {
93            X509Attribute attr = m_ac.getAttributes()[0];
94
95            DERSequence    java     = (DERSequence)attr.getValues()[0];
96            DERSequence    fucking  = (DERSequence)java.getObjectAt(0);
97            DERUTF8String  sucks    = (DERUTF8String)fucking.getObjectAt(0);
98
99            roles = sucks.getString();
100        }
101        catch (Exception e) {
102            throw new RuntimeException("Your attribute certificate is funky and I'm not gonna debug it", e);
103        }
104
105        String[] parts = roles.split("\\s*<--?\\s*");
106        if (parts.length != 2)
107            throw new RuntimeException("Invalid attribute: " + roles);
108
109        m_head = new Role(parts[0]);
110        m_tail = new Role(parts[1]);
111    }
112
113    /**
114     * Get the head role from the credential.
115     */
116    public Role head() {
117        return m_head;
118    }
119
120    /**
121     * Get the tail role from the credential
122     */
123    public Role tail() {
124        return m_tail;
125    }
126
127    /**
128     * Gets the cert associated with this credential (if any).
129     */
130    public X509V2AttributeCertificate cert() {
131        return m_ac;
132    }
133
134    /**
135     * Turn the credential into string form. The format is head &lt;- tail. For
136     * example: A.r1 &lt;- B.r2.r3.
137     */
138    public String toString() {
139        return m_head + " <- " + m_tail;
140    }
141
142    public String simpleString() {
143        return m_head.simpleString() + " <- " + m_tail.simpleString();
144    }
145
146    public void write(OutputStream s) throws IOException {
147        s.write(m_ac.getEncoded());
148    }
149
150    public void write(String fn) throws IOException, FileNotFoundException {
151        write(new FileOutputStream(fn));
152    }
153
154    public boolean hasCertificate() { return m_ac != null; }
155
156    private Role m_head, m_tail;
157
158    private X509V2AttributeCertificate m_ac;
159    private Identity m_id;
160
161    public static void addIdentity(Identity id) { 
162        s_ids.add(id);
163        if (id.getName() != null && id.getKeyID() != null) 
164            Role.add_mapping(id.getName(), id.getKeyID());
165    }
166    public static Collection<Identity> identities() { return s_ids; }
167}
Note: See TracBrowser for help on using the repository browser.