source: java/net/deterlab/abac/Identity.java @ 0595372

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since 0595372 was 0595372, checked in by Ted Faber <faber@…>, 13 years ago

Some cleanup
  • Property mode set to 100644
File size: 7.0 KB
RevLine 
[9725efb]1package net.deterlab.abac;
2
3import java.io.*;
4
5import java.util.*;
6import java.security.*;
7import java.security.cert.*;
[3a52bed]8import javax.security.auth.x500.*;
[9725efb]9
[3a52bed]10import java.math.BigInteger;
[9725efb]11
12import org.bouncycastle.asn1.*;
13import org.bouncycastle.asn1.util.*;
14import org.bouncycastle.asn1.x509.*;
15import org.bouncycastle.x509.*;
16import org.bouncycastle.jce.provider.X509AttrCertParser;
[84f0e7a]17// import org.bouncycastle.jce.provider.X509CertificateObject;
[9725efb]18import org.bouncycastle.openssl.PEMReader;
[1a7e6d3]19import org.bouncycastle.openssl.PEMWriter;
[9725efb]20
[5cf72cc]21public class Identity implements Comparable {
[0595372]22    private X509Certificate cert;
23    private String keyid;
24    private String cn;
[42ca4b8]25    private KeyPair kp;
[9725efb]26
[1a7e6d3]27    /**
28     *  Initialize internals from PEM cert in a reader.  Use a PEMReader to get
[8a14e37]29     *  the certificate, and call init(cert) on it.
[1a7e6d3]30     */
[8a14e37]31    protected void init(Reader r) throws 
[42ca4b8]32            CertificateException, NoSuchAlgorithmException,InvalidKeyException,
33            NoSuchProviderException, SignatureException, IOException {
34        PEMReader pr = new PEMReader(r);
35        Object c = null;
36
37        while ( ( c= pr.readObject()) != null ){
38
[84f0e7a]39            if (c instanceof X509Certificate) {
[0595372]40                if ( cn == null ) 
[84f0e7a]41                    init((X509Certificate)c);
[42ca4b8]42                else
43                    throw new CertificateException("Two certs in one file");
44            }
45            else if (c instanceof KeyPair) setKeyPair((KeyPair)c);
[8a14e37]46            else 
[42ca4b8]47                throw new CertificateException(
48                        "Not an identity certificate");
49        }
[8a14e37]50    }
51
52    /**
53     *  Initialize internals from cert.  Confirm it is self signed,  and then
54     *  the keyid and common name.  There's some work to get this stuff, but
55     *  it's all an incantation of getting the right classes to get the right
56     *  data.  Looks more complex than it is.
57     */
[84f0e7a]58    protected void init(X509Certificate c) throws
[8a14e37]59        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
60        NoSuchProviderException, SignatureException, IOException {
[0595372]61            cert = (X509Certificate) c;
62            cert.verify(cert.getPublicKey());
[8a14e37]63            // Cert is valid, fill in the CN and keyid
[0595372]64            keyid = Context.extractKeyID(cert.getPublicKey());
65            cn = cert.getSubjectDN().getName();
[8a14e37]66            /// XXX: better parse
[0595372]67            if (cn.startsWith("CN=")) cn = cn.substring(3);
[9725efb]68    }
69
[1a7e6d3]70    /**
[3a52bed]71     * Construct from a string, used as a CN
[1a7e6d3]72     */
[3a52bed]73    public Identity(String cn) throws
74            CertificateException, NoSuchAlgorithmException,InvalidKeyException,
75            NoSuchProviderException, SignatureException, IOException {
76        X509V1CertificateGenerator gen = new X509V1CertificateGenerator();
[42ca4b8]77        kp = KeyPairGenerator.getInstance("RSA").genKeyPair();
[3a52bed]78
79        gen.setIssuerDN(new X500Principal("CN=" + cn));
80        gen.setSubjectDN(new X500Principal("CN=" + cn));
81        gen.setNotAfter(new Date(System.currentTimeMillis() 
82                    + 3600 * 1000 * 24 * 365));
83        gen.setNotBefore(new Date(System.currentTimeMillis()));
84        gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
85        gen.setPublicKey(kp.getPublic());
86        gen.setSignatureAlgorithm("SHA256WithRSAEncryption");
[84f0e7a]87        X509Certificate a = (X509Certificate) gen.generate(kp.getPrivate());
[3a52bed]88        init(a);
89    }
90
[9725efb]91
92
[1a7e6d3]93    /**
94     * Construct from a file, containing a self-signed PEM certificate.
95     */
[9725efb]96    public Identity(File file) throws 
97        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
98        NoSuchProviderException, SignatureException, FileNotFoundException,
[42ca4b8]99        IOException { 
100            kp = null;
101            init(new FileReader(file));
102        }
[1a7e6d3]103
104    /**
105     * Construct from a reader, containing a self-signed PEM certificate.
106     */
107    public Identity(Reader r) throws 
108        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
[42ca4b8]109        NoSuchProviderException, SignatureException, IOException {
110            kp = null;
111            init(r);
112        }
[1a7e6d3]113
114    /**
115     * Construct from an InputStream, containing a self-signed PEM certificate.
116     */
117    public Identity(InputStream s) throws 
118        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
119        NoSuchProviderException, SignatureException, IOException { 
[42ca4b8]120            kp = null;
[1a7e6d3]121            init(new InputStreamReader(s));
122        }
123
[8a14e37]124    /**
[84f0e7a]125     * Construct from an X509Certificate, if you parsed one somewhere
[8a14e37]126     * else.
127     */
[84f0e7a]128    public Identity(X509Certificate cert) throws 
[8a14e37]129        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
130        NoSuchProviderException, SignatureException, FileNotFoundException,
[42ca4b8]131        IOException { 
132            kp = null;
133            init(cert);
134        }
[8a14e37]135
[8a93b41]136    /**
137     * Write the PEM key to the given writer.
138     */
139    public boolean writePrivateKey(Writer w) throws IOException {
140        if (kp != null ) {
141            PEMWriter pw = new PEMWriter(w);
142
143            pw.writeObject(kp.getPrivate());
144            pw.flush();
145            return true;
146        }
147        else return false;
148    }
149
150    /**
151     * Write the PEM key to a file with the given name.
152     */
153    public boolean writePrivateKey(String fn) 
154            throws IOException, FileNotFoundException {
155        return writePrivateKey(new FileWriter(fn));
156    }
157
158    /**
159     * Write the PEM key to the given file.
160     */
161    public boolean writePrivateKey(File fn) 
162            throws IOException, FileNotFoundException {
163        return writePrivateKey(new FileWriter(fn));
164    }
165
166    /**
167     * Write the PEM key to the given OutputStream.
168     */
169    public boolean writePrivateKey(OutputStream s) 
170            throws IOException, FileNotFoundException {
171        return writePrivateKey(new OutputStreamWriter(s));
172    }
173
[1a7e6d3]174
175    /**
176     * Write the PEM cert to the given writer.
177     */
178    public void write(Writer w) throws IOException {
179        PEMWriter pw = new PEMWriter(w);
180
[0595372]181        pw.writeObject(cert);
[5cf72cc]182        pw.flush();
[1a7e6d3]183    }
184
185    /**
186     * Write the PEM cert to a file with the given name.
187     */
188    public void write(String fn) throws IOException, FileNotFoundException {
189        write(new FileWriter(fn));
190    }
191
192    /**
193     * Write the PEM cert to the given file.
194     */
195    public void write(File fn) throws IOException, FileNotFoundException {
196        write(new FileWriter(fn));
197    }
198
199    /**
200     * Write the PEM cert to the given OutputStream.
201     */
202    public void write(OutputStream s) 
203        throws IOException, FileNotFoundException {
204        write(new OutputStreamWriter(s));
205    }
[9725efb]206
[e9360e2]207
[1a7e6d3]208    // Accessors
[0595372]209    public String getKeyID() { return keyid; }
210    public String getName() { return cn; }
[42ca4b8]211    public String toString() { 
[0595372]212        String s = keyid + " (" + cn ;
[42ca4b8]213
[0595372]214        if (keyid != null ) s += " [keyed]";
[42ca4b8]215        s += ")";
216        return s;
217    }
218    /**
219     * Associate a keypair with this Identity.  If the ID has a certificate,
220     * make sure that the keypair matches it.  If not throw an
221     * IllegalArgumentException.
222     */
223    public void setKeyPair(KeyPair k) {
[0595372]224        if (keyid != null) {
225            String kid = Context.extractKeyID(k.getPublic());
[42ca4b8]226
[0595372]227            if ( kid != null && kid.equals(keyid)) kp = k;
[42ca4b8]228            else 
229                throw new IllegalArgumentException(
230                        "Keypair does not match certificate");
231        }
232        else kp = k;
233    }
234    public KeyPair getKeyPair() { return kp; }
[5cf72cc]235    public boolean equals(Object o) { 
236        if ( o == null ) return false;
237        else if ( ! (o instanceof Identity) ) return false;
238        else return getKeyID().equals(((Identity)o).getKeyID());
239    }
240    public int compareTo(Object o) { 
241        if ( ! (o instanceof Identity) ) return 1;
242        else return getKeyID().compareTo(((Identity)o).getKeyID());
243    }
[0595372]244    public X509Certificate getCertificate() { return cert; }
[1a7e6d3]245
[9725efb]246};
Note: See TracBrowser for help on using the repository browser.