The Role Specification Attribute Certificate could contain privileges as plaintext or XML files, while field RSACHolder is of String type. In our application, RAAC has been implemented in package jace1.*, while RSAC has been implemented in package jace2.*.
Package acgen.* contains two applications:
- ACGenApplication, which generates role assignment attribute certificates (Figure 1).
- ACReadApplication, which reads role assignment attribute certificates (Figure 2).
Package acgen2.* also contains two applications:
- ACGenApplication, which generates role-specification attribute certificates (Figure 3).
- ACReadApplication, which reads role specification attribute certificates (Figure 4).
It is also necessary to generate CA keys. This can be done using AppletGenerateCAKeys (see our article "Java Cryptography & X.509 Authentication," http://www.ddj.com/184405961).
The IMPCS provider can be installed by adding classes to CLASSPATH.
Class IMPCS extends the java.security .Provider class and provides mapping of service name to the name of class that implements service (Listing Three). Therefore, service RAAC certificate type generation uses class jace1.X509RAACFactory, while service RSAC certificate type generation uses class jace2.X509RSACFactory.
package jace1;
import java.io.*;
import java.util.*;
import java.security.*;
import sun.security.provider.*;
public class IMPCS extends Provider {
private static final String INFO =
"IMPCS " + "Attribute Certificates Management";
public IMPCS() {
super("IMPCS", 1.0, INFO);
AccessController.doPrivileged(
new java.security.PrivilegedAction()
{
public Object run() {
put("CertificateFactory.RAC",
"jace1.X509RAACFactory");
put("CertificateFactory.RSC",
"jace2.X509RSACFactory");
return null;
}
}
);
}
}
