source: java/net/deterlab/abac/Identity.java @ 8a14e37

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since 8a14e37 was 8a14e37, checked in by Ted Faber <faber@…>, 13 years ago

Restructure for more flexible init and file reading.

  • Property mode set to 100644
File size: 5.0 KB
Line 
1package net.deterlab.abac;
2
3import java.io.*;
4
5import java.util.*;
6import java.security.*;
7import java.security.cert.*;
8
9
10import org.bouncycastle.asn1.*;
11import org.bouncycastle.asn1.util.*;
12import org.bouncycastle.asn1.x509.*;
13import org.bouncycastle.x509.*;
14import org.bouncycastle.jce.provider.X509AttrCertParser;
15import org.bouncycastle.jce.provider.X509CertificateObject;
16import org.bouncycastle.openssl.PEMReader;
17import org.bouncycastle.openssl.PEMWriter;
18
19public class Identity {
20    private X509CertificateObject m_cert;
21    private String m_keyid;
22    private String m_cn;
23
24    /**
25     *  Initialize internals from PEM cert in a reader.  Use a PEMReader to get
26     *  the certificate, and call init(cert) on it.
27     */
28    protected void init(Reader r) throws 
29        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
30        NoSuchProviderException, SignatureException, IOException {
31            PEMReader pr = new PEMReader(r);
32            Object c = pr.readObject();
33
34            if (c instanceof X509CertificateObject) 
35                init((X509CertificateObject)c);
36            else 
37                throw new CertificateException("Not an identity certificate");
38    }
39
40    /**
41     *  Initialize internals from cert.  Confirm it is self signed,  and then
42     *  the keyid and common name.  There's some work to get this stuff, but
43     *  it's all an incantation of getting the right classes to get the right
44     *  data.  Looks more complex than it is.
45     */
46    protected void init(X509CertificateObject c) throws
47        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
48        NoSuchProviderException, SignatureException, IOException {
49            m_cert = (X509CertificateObject) c;
50            m_cert.verify(m_cert.getPublicKey());
51            // Cert is valid, fill in the CN and keyid
52            m_keyid = extractKeyID(m_cert.getPublicKey());
53            m_cn = m_cert.getSubjectDN().getName();
54            /// XXX: better parse
55            if (m_cn.startsWith("CN=")) m_cn = m_cn.substring(3);
56    }
57
58    /**
59     * Construct from a string, which is a filename, containing a PEM format
60     * self signed certificate.
61     */
62    public Identity(String filename) throws 
63        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
64        NoSuchProviderException, SignatureException, FileNotFoundException,
65        IOException { init(new FileReader(filename)); }
66
67
68    /**
69     * Construct from a file, containing a self-signed PEM certificate.
70     */
71    public Identity(File file) throws 
72        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
73        NoSuchProviderException, SignatureException, FileNotFoundException,
74        IOException { init(new FileReader(file)); }
75
76    /**
77     * Construct from a reader, containing a self-signed PEM certificate.
78     */
79    public Identity(Reader r) throws 
80        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
81        NoSuchProviderException, SignatureException, IOException { init(r); }
82
83    /**
84     * Construct from an InputStream, containing a self-signed PEM certificate.
85     */
86    public Identity(InputStream s) throws 
87        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
88        NoSuchProviderException, SignatureException, IOException { 
89            init(new InputStreamReader(s));
90        }
91
92    /**
93     * Construct from an X509CertificateObject, if you parsed one somewhere
94     * else.
95     */
96    public Identity(X509CertificateObject cert) throws 
97        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
98        NoSuchProviderException, SignatureException, FileNotFoundException,
99        IOException { init(cert); }
100
101
102    /**
103     * Write the PEM cert to the given writer.
104     */
105    public void write(Writer w) throws IOException {
106        PEMWriter pw = new PEMWriter(w);
107
108        pw.writeObject(m_cert);
109        pw.close();
110    }
111
112    /**
113     * Write the PEM cert to a file with the given name.
114     */
115    public void write(String fn) throws IOException, FileNotFoundException {
116        write(new FileWriter(fn));
117    }
118
119    /**
120     * Write the PEM cert to the given file.
121     */
122    public void write(File fn) throws IOException, FileNotFoundException {
123        write(new FileWriter(fn));
124    }
125
126    /**
127     * Write the PEM cert to the given OutputStream.
128     */
129    public void write(OutputStream s) 
130        throws IOException, FileNotFoundException {
131        write(new OutputStreamWriter(s));
132    }
133
134    /**
135     * Get to the SHA1 hash of the key.
136     */
137    public static String extractKeyID(PublicKey k) {
138        ASN1Sequence seq = null;
139        try {
140            seq = (ASN1Sequence) new ASN1InputStream(
141                    k.getEncoded()).readObject();
142        }
143        catch (IOException ie) {
144            // Badly formatted key??
145            return null;
146        }
147        SubjectPublicKeyInfo ki = new SubjectPublicKeyInfo(seq);
148        SubjectKeyIdentifier id = 
149            SubjectKeyIdentifier.createSHA1KeyIdentifier(ki);
150
151        // Now format it into a string for keeps
152        Formatter fmt = new Formatter(new StringWriter());
153        for (byte b: id.getKeyIdentifier())
154            fmt.format("%02x", b);
155        return fmt.out().toString();
156    }
157
158    // Accessors
159    public String getKeyID() { return m_keyid; }
160    public String getName() { return m_cn; }
161    public String toString() { return m_keyid + " (" + m_cn + ")"; }
162    public X509CertificateObject getCertificate() { return m_cert; }
163
164};
Note: See TracBrowser for help on using the repository browser.