Changeset 281158a


Ignore:
Timestamp:
Mar 12, 2011 8:48:40 PM (8 years ago)
Author:
Ted Faber <faber@…>
Branches:
abac0-leak, abac0-mei, compt_changes, gec13, master, mei-id, mei-rt0-n, mei_rt0, mei_rt2, mei_rt2_fix_1, meiyap-rt1, meiyap1, rt2, tvf-new-xml
Children:
201be1c
Parents:
a624bd1
Message:

Write credentials

Location:
java
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • java/build.xml

    r1a7e6d3 r281158a  
    55  <property name="classes.dir" value="${build.dir}/classes"/>
    66  <property name="jar.dir" value="${build.dir}/jar"/>
    7   <property name="main.class" value="GraphTest"/>
     7  <property name="main.class" value="MakeTest"/>
    88
    99  <target name="clean">
     
    4747        <pathelement path="${classes.dir}"/>
    4848      </classpath>
    49       <arg file="../examples/acme_rockets"/>
    50       <arg value="Acme.buy_rockets"/>
    51       <arg value="Coyote"/>
     49      <arg file="../examples/experiment_create/Acme_ID.pem"/>
     50      <arg file="../examples/experiment_create/Acme_private.pem"/>
     51      <arg value="Acme.experiment_create"/>
     52      <arg value="Bob"/>
    5253    </java>
    5354  </target>
  • java/net/deterlab/abac/Credential.java

    rcfcdcb4b r281158a  
    22
    33import java.io.*;
     4import java.math.*;
    45
    56import java.util.*;
     
    1112import org.bouncycastle.asn1.*;
    1213import org.bouncycastle.x509.*;
     14import org.bouncycastle.jce.X509Principal;
    1315import org.bouncycastle.jce.provider.X509AttrCertParser;
    1416import org.bouncycastle.jce.provider.X509CertificateObject;
    1517import org.bouncycastle.openssl.PEMReader;
    1618
     19import org.bouncycastle.asn1.util.ASN1Dump;
     20
     21import java.security.PrivateKey;
     22
    1723public class Credential {
    1824    protected static Vector<Identity> s_ids = new Vector<Identity>();
     25    protected static String attrOID = "1.3.6.1.5.5.7.10.4";
    1926
    2027    /**
     
    5865
    5966        load_roles();
     67
     68        if (!m_id.getKeyID().equals(m_head.issuer_part()))
     69            throw new InvalidKeyException("Unknown identity");
    6070    }
    6171
     
    8393    }
    8494
     95    public void make_cert(PrivateKey key) {
     96        X509V2AttributeCertificateGenerator gen =
     97            new X509V2AttributeCertificateGenerator();
     98
     99        gen.setIssuer(new AttributeCertificateIssuer(
     100                    new X509Principal("CN="+m_head.issuer_part())));
     101        gen.setHolder(new AttributeCertificateHolder(
     102                    new X509Principal("CN="+m_head.issuer_part())));
     103        gen.setNotAfter(new Date(System.currentTimeMillis()
     104                    + 3600 * 1000 * 24 * 365));
     105        gen.setNotBefore(new Date(System.currentTimeMillis()));
     106        gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
     107        gen.addAttribute(new X509Attribute(attrOID,
     108                    new DERSequence(
     109                        new DERSequence(
     110                            new DERUTF8String(toString())))));
     111        gen.setSignatureAlgorithm("SHA256WithRSAEncryption");
     112
     113        try {
     114            m_ac = (X509V2AttributeCertificate) gen.generate(key, "BC");
     115        }
     116        catch (Exception e) {
     117            System.err.println(e);
     118        }
     119    }
    85120
    86121    /**
     
    92127        try {
    93128            X509Attribute attr = m_ac.getAttributes()[0];
     129
     130            //System.err.println(ASN1Dump.dumpAsString(attr));
    94131
    95132            DERSequence    java     = (DERSequence)attr.getValues()[0];
  • java/net/deterlab/abac/Role.java

    rde63a31 r281158a  
    22
    33import java.util.*;
     4
     5import org.bouncycastle.asn1.*;
    46
    57/**
     
    128130
    129131    /**
     132     * Returns an issuer, only the first element.
     133     */
     134    public String issuer_part() { return m_parts[0]; }
     135
     136    /**
    130137     * Returns true if the principal part of the name matches a prefix. This
    131138     * is used when filtering graphs.
     
    163170        return m_string.hashCode();
    164171    }
     172
    165173
    166174    /**
Note: See TracChangeset for help on using the changeset viewer.