Changeset e9360e2


Ignore:
Timestamp:
Mar 23, 2011 4:53:27 PM (8 years ago)
Author:
Ted Faber <faber@…>
Branches:
abac0-leak, abac0-mei, compt_changes, gec13, master, mei-id, mei-rt0-n, mei_rt0, mei_rt2, mei_rt2_fix_1, meiyap-rt1, meiyap1, rt2, tvf-new-xml
Children:
84f0e7a
Parents:
ea3bddc
Message:

Credential compatibility with libcreddy. Creddy expects an X509 extension identifying the key used to sign an attribute credential.

Location:
java
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • java/GraphTest.java

    r8a93b41 re9360e2  
    2626
    2727        CredentialGraph graph = new CredentialGraph();
    28         Vector<KeyPair> kp = new Vector<KeyPair>();
    2928        Map<String, Exception> errs = new HashMap<String, Exception>();
    3029
     
    3433            try {
    3534                if (f.isDirectory())
    36                     for (Credential c :Credential.readDirectory(f, kp, errs))
     35                    for (Credential c :Credential.readDirectory(f, errs))
    3736                        graph.add_credential(c);
    3837                else if (f.getPath().endsWith(".pem"))
     
    4140                    graph.add_credential(new Credential(f));
    4241                else if (f.getPath().endsWith(".zip"))
    43                     for (Credential c :Credential.readZipFile(f, kp, errs))
     42                    for (Credential c :Credential.readZipFile(f, errs))
    4443                        graph.add_credential(c);
    4544                else
     
    5150        }
    5251
    53         for (KeyPair k: kp) System.err.println(k);
    5452        for (String f: errs.keySet()) System.err.println(f + " " + errs.get(f));
    5553
  • java/net/deterlab/abac/Credential.java

    r8a93b41 re9360e2  
    1212
    1313import org.bouncycastle.asn1.*;
     14import org.bouncycastle.asn1.x509.*;
    1415import org.bouncycastle.x509.*;
    1516import org.bouncycastle.jce.X509Principal;
     
    1819import org.bouncycastle.openssl.PEMReader;
    1920
    20 import org.bouncycastle.asn1.util.ASN1Dump;
    21 
    2221import java.security.PrivateKey;
    2322
     
    2524    protected static Vector<Identity> s_ids = new Vector<Identity>();
    2625    protected static String attrOID = "1.3.6.1.5.5.7.10.4";
     26    protected static String authKeyOID = "2.5.29.35";
    2727
    2828    /**
     
    9696    }
    9797
    98     public void make_cert(PrivateKey key) {
     98    /**
     99     * Create a certificate from this credential issued by the given identity.
     100     * This is just grungy credential generation work.
     101     */
     102    public void make_cert(Identity i) {
     103        PrivateKey key = i.getKeyPair().getPrivate();
     104        SubjectPublicKeyInfo pki = Identity.extractSubjectPublicKeyInfo(
     105                i.getKeyPair().getPublic());
    99106        X509V2AttributeCertificateGenerator gen =
    100107            new X509V2AttributeCertificateGenerator();
     
    115122
    116123        try {
     124            // Creddy expects an authority key identifier.
     125            gen.addExtension(authKeyOID, false,
     126                    new AuthorityKeyIdentifier(pki));
     127            // Create the cert.
    117128            m_ac = (X509V2AttributeCertificate) gen.generate(key, "BC");
    118129        }
     
    208219    public void write(OutputStream s) throws IOException {
    209220        s.write(m_ac.getEncoded());
     221        s.flush();
    210222    }
    211223
  • java/net/deterlab/abac/Identity.java

    r8a93b41 re9360e2  
    206206    }
    207207
     208
    208209    /**
    209210     * Get to the SHA1 hash of the key.
    210211     */
    211212    public static String extractKeyID(PublicKey k) {
    212         ASN1Sequence seq = null;
    213         try {
    214             seq = (ASN1Sequence) new ASN1InputStream(
    215                     k.getEncoded()).readObject();
    216         }
    217         catch (IOException ie) {
    218             // Badly formatted key??
    219             return null;
    220         }
    221         SubjectPublicKeyInfo ki = new SubjectPublicKeyInfo(seq);
     213        SubjectPublicKeyInfo ki = extractSubjectPublicKeyInfo(k);
    222214        SubjectKeyIdentifier id =
    223215            SubjectKeyIdentifier.createSHA1KeyIdentifier(ki);
     
    230222    }
    231223
     224    /**
     225     * Extratct the SubjectPublicKeyInfo.  Useful for some other encryptions,
     226     * notably Certificate.make_cert().
     227     */
     228    public static SubjectPublicKeyInfo extractSubjectPublicKeyInfo(PublicKey k) {
     229        ASN1Sequence seq = null;
     230        try {
     231            seq = (ASN1Sequence) new ASN1InputStream(
     232                    k.getEncoded()).readObject();
     233        }
     234        catch (IOException ie) {
     235            // Badly formatted key??
     236            return null;
     237        }
     238        return new SubjectPublicKeyInfo(seq);
     239    }
     240
     241
    232242    // Accessors
    233243    public String getKeyID() { return m_keyid; }
Note: See TracChangeset for help on using the changeset viewer.