Changeset 81c80b9


Ignore:
Timestamp:
Jul 11, 2013 11:18:23 AM (6 years ago)
Author:
Ted Faber <faber@…>
Branches:
abac0-leak, abac0-mei, master
Children:
3c30b59
Parents:
fbdd2d1
Message:

Let jabac generate signed IDs

File:
1 edited

Legend:

Unmodified
Added
Removed
  • java/net/deterlab/abac/Identity.java

    rfbdd2d1 r81c80b9  
    123123
    124124    /**
    125      * Construct from a string, used as a CN.  Keys are generated.
     125     * Construct from a string, used as a CN.  Keys are generated.  If signer
     126     * and signingKey are given, sign the certificate with them.  If neither is
     127     * given, self sign it.  If one is given and not the other, throw an
     128     * ABACException.
    126129     * @param cn a String containing the menomnic name
    127130     * @param validity a long containing the validity period (in seconds)
    128      * @throws CertInvalidException if the stream is unparsable
    129      * @throws MissingIssuerException if none of the Identities can validate the
    130      *                              certificate
    131      * @throws BadSignatureException if the signature check fails
    132      * @throws ABACException if an uncategorized error occurs
    133      */
    134     public Identity(String cn, long validity) throws ABACException {
     131     * @param signer an X509Certificate that is signing the Identity
     132     * @param signingKey the key with which to sign
     133     * @throws CertInvalidException if the stream is unparsable
     134     * @throws MissingIssuerException if none of the Identities can validate the
     135     *                              certificate
     136     * @throws BadSignatureException if the signature check fails
     137     * @throws ABACException if an uncategorized error occurs
     138     */
     139    public Identity(String cn, long validity, X509Certificate signer,
     140            PrivateKey signingKey)
     141            throws ABACException {
     142
     143        if ( (signer != null && signingKey == null) ||
     144                (signer == null && signingKey != null) )
     145            throw new ABACException("Both signer and signingKey must be "+
     146                    "given or neither");
     147
    135148        X509V1CertificateGenerator gen = new X509V1CertificateGenerator();
    136149        try {
     
    141154        }
    142155        X509Certificate a = null;
    143 
    144         gen.setIssuerDN(new X500Principal("CN=" + cn));
     156        X500Principal sp = (signer != null ) ?
     157            signer.getSubjectX500Principal() : new X500Principal("CN=" + cn);
     158        PrivateKey sk = (signingKey != null ) ? signingKey : kp.getPrivate();
     159
     160        gen.setIssuerDN(sp);
    145161        gen.setSubjectDN(new X500Principal("CN=" + cn));
    146162        gen.setNotAfter(new Date(System.currentTimeMillis() +
     
    151167        gen.setSignatureAlgorithm("SHA256WithRSAEncryption");
    152168        try {
    153             a = (X509Certificate) gen.generate(kp.getPrivate(), "BC");
     169            a = (X509Certificate) gen.generate(sk, "BC");
    154170        }
    155171        catch (CertificateEncodingException e) {
     
    161177
    162178        init(a);
     179    }
     180    /**
     181     * Construct from a string, used as a CN.  Keys are generated.
     182     * @param cn a String containing the menomnic name
     183     * @param validity a long containing the validity period (in seconds)
     184     * @throws CertInvalidException if the stream is unparsable
     185     * @throws MissingIssuerException if none of the Identities can validate the
     186     *                              certificate
     187     * @throws BadSignatureException if the signature check fails
     188     * @throws ABACException if an uncategorized error occurs
     189     */
     190    public Identity(String cn, long validity) throws ABACException {
     191        this(cn, validity, null, null);
    163192    }
    164193
Note: See TracChangeset for help on using the changeset viewer.