Changeset 8a14e37


Ignore:
Timestamp:
Mar 14, 2011 12:31:53 PM (8 years ago)
Author:
Ted Faber <faber@…>
Branches:
abac0-leak, abac0-mei, compt_changes, gec13, master, mei-id, mei-rt0-n, mei_rt0, mei_rt2, mei_rt2_fix_1, meiyap-rt1, meiyap1, rt2, tvf-new-xml
Children:
7ad0076
Parents:
201be1c
git-author:
Ted Faber <faber@…> (03/14/11 12:30:51)
git-committer:
Ted Faber <faber@…> (03/14/11 12:31:53)
Message:

Restructure for more flexible init and file reading.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • java/net/deterlab/abac/Identity.java

    r1a7e6d3 r8a14e37  
    2424    /**
    2525     *  Initialize internals from PEM cert in a reader.  Use a PEMReader to get
    26      *  the certificate, confirm it is self signed,  and then the keyid and
    27      *  common name.  There's some work to get this stuff, but it's all an
    28      *  incantation of getting the right classes to get the right data.  Looks
    29      *  more complex than it is.
     26     *  the certificate, and call init(cert) on it.
    3027     */
    31     public void init(Reader r) throws
     28    protected void init(Reader r) throws
    3229        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
    3330        NoSuchProviderException, SignatureException, IOException {
     
    3532            Object c = pr.readObject();
    3633
    37             if (c instanceof X509CertificateObject) {
    38                 m_cert = (X509CertificateObject) c;
    39                 m_cert.verify(m_cert.getPublicKey());
     34            if (c instanceof X509CertificateObject)
     35                init((X509CertificateObject)c);
     36            else
     37                throw new CertificateException("Not an identity certificate");
     38    }
    4039
    41                 // Cert is valid, fill in the CN and keyid
    42                 //
    43                 //  This little rigamarole is to get to the SHA1 hash of the
    44                 //  key.
    45                 PublicKey k = m_cert.getPublicKey();
    46                 ASN1Sequence seq = (ASN1Sequence) new ASN1InputStream(
    47                         k.getEncoded()).readObject();
    48                 SubjectPublicKeyInfo ki = new SubjectPublicKeyInfo(seq);
    49                 SubjectKeyIdentifier id =
    50                     SubjectKeyIdentifier.createSHA1KeyIdentifier(ki);
    51 
    52                 // Now format it into a string for keeps
    53                 Formatter fmt = new Formatter(new StringWriter());
    54                 for (byte b: id.getKeyIdentifier())
    55                     fmt.format("%02x", b);
    56                 m_keyid = fmt.out().toString();
    57 
    58                 m_cn = m_cert.getSubjectDN().getName();
    59                 /// XXX: better parse
    60                 if (m_cn.startsWith("CN=")) m_cn = m_cn.substring(3);
    61             }
    62             else throw new CertificateException("Not an identity certificate");
     40    /**
     41     *  Initialize internals from cert.  Confirm it is self signed,  and then
     42     *  the keyid and common name.  There's some work to get this stuff, but
     43     *  it's all an incantation of getting the right classes to get the right
     44     *  data.  Looks more complex than it is.
     45     */
     46    protected void init(X509CertificateObject c) throws
     47        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
     48        NoSuchProviderException, SignatureException, IOException {
     49            m_cert = (X509CertificateObject) c;
     50            m_cert.verify(m_cert.getPublicKey());
     51            // Cert is valid, fill in the CN and keyid
     52            m_keyid = extractKeyID(m_cert.getPublicKey());
     53            m_cn = m_cert.getSubjectDN().getName();
     54            /// XXX: better parse
     55            if (m_cn.startsWith("CN=")) m_cn = m_cn.substring(3);
    6356    }
    6457
     
    9790        }
    9891
     92    /**
     93     * Construct from an X509CertificateObject, if you parsed one somewhere
     94     * else.
     95     */
     96    public Identity(X509CertificateObject cert) throws
     97        CertificateException, NoSuchAlgorithmException,InvalidKeyException,
     98        NoSuchProviderException, SignatureException, FileNotFoundException,
     99        IOException { init(cert); }
     100
    99101
    100102    /**
     
    130132    }
    131133
     134    /**
     135     * Get to the SHA1 hash of the key.
     136     */
     137    public static String extractKeyID(PublicKey k) {
     138        ASN1Sequence seq = null;
     139        try {
     140            seq = (ASN1Sequence) new ASN1InputStream(
     141                    k.getEncoded()).readObject();
     142        }
     143        catch (IOException ie) {
     144            // Badly formatted key??
     145            return null;
     146        }
     147        SubjectPublicKeyInfo ki = new SubjectPublicKeyInfo(seq);
     148        SubjectKeyIdentifier id =
     149            SubjectKeyIdentifier.createSHA1KeyIdentifier(ki);
     150
     151        // Now format it into a string for keeps
     152        Formatter fmt = new Formatter(new StringWriter());
     153        for (byte b: id.getKeyIdentifier())
     154            fmt.format("%02x", b);
     155        return fmt.out().toString();
     156    }
     157
    132158    // Accessors
    133159    public String getKeyID() { return m_keyid; }
Note: See TracChangeset for help on using the changeset viewer.