source: java/net/deterlab/abac/Identity.java @ 622bdbc

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since 622bdbc was 1a7e6d3, checked in by Ted Faber <faber@…>, 14 years ago

Write IDs and creds (better reading too)
  • Property mode set to 100644
File size: 4.3 KB
Line 
1package net.deterlab.abac;
2
3import java.io.*;
4
5import java.util.*;
6import java.security.*;
7import java.security.cert.*;
8
9
10import org.bouncycastle.asn1.*;
11import org.bouncycastle.asn1.util.*;
12import org.bouncycastle.asn1.x509.*;
13import org.bouncycastle.x509.*;
14import org.bouncycastle.jce.provider.X509AttrCertParser;
15import org.bouncycastle.jce.provider.X509CertificateObject;
16import org.bouncycastle.openssl.PEMReader;
17import org.bouncycastle.openssl.PEMWriter;
18
19public class Identity {
20    private X509CertificateObject m_cert;
21    private String m_keyid;
22    private String m_cn;
23
24    /**
25     *  Initialize internals from PEM cert in a reader.  Use a PEMReader to get
26     *  the certificate, confirm it is self signed,  and then the keyid and
27     *  common name.  There's some work to get this stuff, but it's all an
28     *  incantation of getting the right classes to get the right data.  Looks
29     *  more complex than it is.
30     */
31    public void init(Reader r) throws 
32        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
33        NoSuchProviderException, SignatureException, IOException {
34            PEMReader pr = new PEMReader(r);
35            Object c = pr.readObject();
36
37            if (c instanceof X509CertificateObject) {
38                m_cert = (X509CertificateObject) c;
39                m_cert.verify(m_cert.getPublicKey());
40
41                // Cert is valid, fill in the CN and keyid
42                //
43                //  This little rigamarole is to get to the SHA1 hash of the
44                //  key.
45                PublicKey k = m_cert.getPublicKey();
46                ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(
47                        k.getEncoded()).readObject();
48                SubjectPublicKeyInfo ki = new SubjectPublicKeyInfo(seq);
49                SubjectKeyIdentifier id = 
50                    SubjectKeyIdentifier.createSHA1KeyIdentifier(ki);
51
52                // Now format it into a string for keeps
53                Formatter fmt = new Formatter(new StringWriter());
54                for (byte b: id.getKeyIdentifier())
55                    fmt.format("%02x", b);
56                m_keyid = fmt.out().toString();
57
58                m_cn = m_cert.getSubjectDN().getName();
59                /// XXX: better parse
60                if (m_cn.startsWith("CN=")) m_cn = m_cn.substring(3);
61            }
62            else throw new CertificateException("Not an identity certificate");
63    }
64
65    /**
66     * Construct from a string, which is a filename, containing a PEM format
67     * self signed certificate.
68     */
69    public Identity(String filename) throws 
70        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
71        NoSuchProviderException, SignatureException, FileNotFoundException,
72        IOException { init(new FileReader(filename)); }
73
74
75    /**
76     * Construct from a file, containing a self-signed PEM certificate.
77     */
78    public Identity(File file) throws 
79        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
80        NoSuchProviderException, SignatureException, FileNotFoundException,
81        IOException { init(new FileReader(file)); }
82
83    /**
84     * Construct from a reader, containing a self-signed PEM certificate.
85     */
86    public Identity(Reader r) throws 
87        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
88        NoSuchProviderException, SignatureException, IOException { init(r); }
89
90    /**
91     * Construct from an InputStream, containing a self-signed PEM certificate.
92     */
93    public Identity(InputStream s) throws 
94        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
95        NoSuchProviderException, SignatureException, IOException { 
96            init(new InputStreamReader(s));
97        }
98
99
100    /**
101     * Write the PEM cert to the given writer.
102     */
103    public void write(Writer w) throws IOException {
104        PEMWriter pw = new PEMWriter(w);
105
106        pw.writeObject(m_cert);
107        pw.close();
108    }
109
110    /**
111     * Write the PEM cert to a file with the given name.
112     */
113    public void write(String fn) throws IOException, FileNotFoundException {
114        write(new FileWriter(fn));
115    }
116
117    /**
118     * Write the PEM cert to the given file.
119     */
120    public void write(File fn) throws IOException, FileNotFoundException {
121        write(new FileWriter(fn));
122    }
123
124    /**
125     * Write the PEM cert to the given OutputStream.
126     */
127    public void write(OutputStream s) 
128        throws IOException, FileNotFoundException {
129        write(new OutputStreamWriter(s));
130    }
131
132    // Accessors
133    public String getKeyID() { return m_keyid; }
134    public String getName() { return m_cn; }
135    public String toString() { return m_keyid + " (" + m_cn + ")"; }
136    public X509CertificateObject getCertificate() { return m_cert; }
137
138};
Note: See TracBrowser for help on using the repository browser.