Changeset 1621520

Timestamp:

05/21/12 00:10:44 (12 months ago)

Author:

Mei <mei@…>

Branches:

mei_rt2, mei_rt2_fix_1

Children:

adc0815

Parents:

ed3dc05

git-author:

Mei <mei@…> (05/21/12 00:10:44)

git-committer:

Mei <mei@…> (05/21/12 00:10:44)

Message:

1) more comments

File:

• libabac/abac.hh (modified) (3 diffs)

libabac/abac.hh

@@ -587 +587 @@
 
 
+/***
+ABAC::ID
+   An ID holds a principal credential. It maybe imported from an existing 
+   ID credential via external files, constructed from a streaming chunk,
+   or instantiated on the fly  
+***/
     class ID {
         public:
+/***
+   ID()
+     default constructor, do not use, for swig only
+   ID(const ID &)
+     copy constructor, used for cloning an ID
+   ~ID()
+     default destructor
+***/
             ID() : m_id(NULL) { } // do not use: here for swig
-            ID(abac_id_t *id): m_id(abac_id_dup(id)) 
-              { }
-            ID(abac_id_credential_t *idcred) {
-                if(idcred)
-                  m_id=abac_id_dup(abac_id_credential_id(idcred));
-                else m_id=NULL;
-              }
             ID(const ID &id) { m_id =abac_id_dup(id.m_id); }
             ~ID() { if(m_id) abac_id_free(m_id); }
-
-/* load an ID cert from a file
-Will throw an exception if the cert cannot be loaded */
+/*** ???
+   ID(abac_id_t *)
+     constructor from abac_id_t
+   ID(abac_id_credential_t *)
+     constructor from abac_id_t
+***/
+            ID(abac_id_t *id): m_id(abac_id_dup(id)) 
+            { }
+            ID(abac_id_credential_t *idcred) {
+              if(idcred)
+                m_id=abac_id_dup(abac_id_credential_id(idcred));
+              else m_id=NULL;
+            }
+
+/*** 
+   ID(char *)
+     load an ID cert from a file, will throw an exception 
+     if the cert cannot be loaded 
+***/
             ID(char *filename) {
-                m_id=abac_id_from_file(filename); 
-                if(m_id==NULL)
-                  abac_errx(1, "Id creation from filename failed");
-              }
-/* generates a new ID with the supplied CN and validity period
-   - CN must be alphanumeric and begin with a letter
-   - validity must be at least one second
-   Will throw an exception if either of the above is violated */
+              m_id=abac_id_from_file(filename); 
+              if(m_id==NULL)
+                abac_errx(1, "Id creation from filename failed");
+            }
+/*** 
+   ID(char *,int)
+     generates a new ID with the supplied CN and validity period
+     - CN must be alphanumeric and begin with a letter
+     - validity must be at least one second
+     will throw an exception if either of the above is violated 
+***/
             ID(char *cn, int validity) {
-                int rt=abac_id_generate(&m_id, cn, validity);
-                if(rt != ABAC_ID_SUCCESS)  
-                  abac_errx(1, "Id creation failed");
-              }
-/* loads the private key associated with the cert
-   will throw an exception if the key cannot be loaded */
+              int rt=abac_id_generate(&m_id, cn, validity);
+              if(rt != ABAC_ID_SUCCESS)  
+                abac_errx(1, "Id creation failed");
+            }
+/*** 
+   void load_privkey(char *)
+     loads the private key associated with the ID credential
+     will throw an exception if the key cannot be loaded 
+***/
             void load_privkey(char *filename) {
                 int rt=abac_id_load_privkey_file(m_id, filename);
@@ -623 +652 @@
                   abac_errx(1, "Failed to load private key");
               }
+/***
+   abac_id_t *id()
+     returns the abac_id_t 
+     returns the interal libabac representation of this id
+***/
             abac_id_t *id() { return m_id; }
 
-/* returns the SHA1 keyid of the cert */
+/***
+   char *keyid()
+     returns the SHA1 keyid of the id cert
+   char *name()
+     returns the CN 
+***/
             char *keyid() { return abac_id_keyid(m_id); }
-/* returns the CN */
             char *name() { return abac_id_cn(m_id); }
-/* returns true if the ID has an associated private key */
-            bool has_privkey() {
-                return abac_id_has_privkey(m_id);
-              }
-/* writes a PEM-encoded cert to the file handle */
-            void write_cert(FILE *out) {
-                abac_id_write_cert(m_id, out); 
-              }
-/* writes a PEM-encoded cert to a file named out */
+/***
+   bool has_privkey()
+     returns true if the ID has an associated private key
+***/
+            bool has_privkey()
+            { return abac_id_has_privkey(m_id); }
+
+/***
+   void write_cert(FILE *)
+     writes a PEM-encoded cert to the file handle 
+   void write_cert(char *)
+     writes a PEM-encoded cert to a file named out 
+***/
+            void write_cert(FILE *out)
+            { abac_id_write_cert(m_id, out); }
             void write_cert(char *filename) {
-                FILE *out = fopen(filename, "a");
-                write_cert(out);
-                fclose(out);
-              }
-/* writes a PEM-encoded private key to the file handle
-   throws an exception if no private key is loaded */
+              FILE *out = fopen(filename, "a");
+              write_cert(out);
+              fclose(out);
+            }
+/***
+   void write_privkey(FILE *)
+     writes a PEM-encoded private key to the file handle
+     throws an exception if no private key is loaded 
+   void write_privkey(char *)
+      writes a PEM-encoded private key a file named out
+      throws an exception if no private key is loaded 
+***/
             void write_privkey(FILE *out) {
-                if(!has_privkey())
-                    abac_errx(1, "No privkey to write");
-                abac_id_write_privkey(m_id, out);
-              }
-/* writes a PEM-encoded private key a file named out
-   throws an exception if no private key is loaded */
+              if(!has_privkey())
+                  abac_errx(1, "No privkey to write");
+              abac_id_write_privkey(m_id, out);
+            }
             void write_privkey(char *filename) {
-                FILE *out = fopen(filename, "a");
-                write_privkey(out);
-                fclose(out);
-              }
-/* returns a DER-encoded binary representation of the X.509 ID cert
-   associated with this ID.
-   can be passed to libabac's Context::load_id_chunk() */
-            abac_chunk_t cert_chunk() {
-                return abac_id_cert_chunk(m_id);
-              }
+              FILE *out = fopen(filename, "a");
+              write_privkey(out);
+              fclose(out);
+            }
+/***
+   abac_chunk_t cert_chunk()
+     returns a DER-encoded binary representation of the X.509 ID cert
+     associated with this ID.
+     can be passed to libabac's Context::load_id_chunk() 
+***/
+            abac_chunk_t cert_chunk()
+            { return abac_id_cert_chunk(m_id); }
+/***
+   char *string()
+     returns literal string of the id credential
+***/
             char *string() {
-                char *tmp=NULL;
-                if(has_privkey())
-                  asprintf(&tmp,"(%s,%s,y)",abac_id_name(m_id),abac_id_idtype_string(m_id));
-                  else asprintf(&tmp,"(%s,%s,n)",abac_id_name(m_id),abac_id_idtype_string(m_id));
-                return tmp;
-              }
+              char *tmp=NULL;
+              if(has_privkey())
+                asprintf(&tmp,"(%s,%s,y)",abac_id_name(m_id),abac_id_idtype_string(m_id));
+                else asprintf(&tmp,"(%s,%s,n)",abac_id_name(m_id),abac_id_idtype_string(m_id));
+              return tmp;
+            }
         public:
             abac_id_t *m_id;
@@ -675 +729 @@
 
 
-/* N.B., The way you use this class is by instantiating the object, adding
-   subjects to it, and then baking it. Only once it's baked can you access the
-   X.509 cert. Once it's been baked you can no longer add subjects to it. */
+/*** 
+ABAC::Attribute
+   This is the attribute representation for the access policy rule
+          LHS <- RHS
+   The sequence of generation is to 
+     first, instantiate the object, ie, LHS (head)
+     second, adding subject(s) to it, ie, RHS (tail)
+     and then baking it.
+   Only once it's baked can you access the X.509 cert. 
+   Once it's been baked you can no longer add subjects to it
+***/
     class Attribute {
         public:
-            Attribute() : m_attr(NULL) { } // do not use: here for swig
+/***
+   Attribute()
+     default constructor, do not use, for swig only 
+   Attribute(const Attribute &)
+     copy constructor, used for cloning an attribute
+   ~Attribute()
+     default destructor
+***/
+            Attribute() : m_attr(NULL) { } 
+            Attribute(const Attribute &id)
+            { m_attr =abac_attribute_dup(id.m_attr); }
+            ~Attribute()
+            { if(m_attr) abac_attribute_free(m_attr); }
+/***
+XXX
+***/
             Attribute(abac_attribute_t *attr): m_attr(abac_attribute_dup(attr)) 
               { }
             Attribute(abac_credential_t *cred) {
                 m_attr=abac_attribute_dup(abac_credential_attribute(cred));
-              }
-            Attribute(const Attribute &id) { 
-                m_attr =abac_attribute_dup(id.m_attr);
-              }
-            ~Attribute() { 
-                if(m_attr) abac_attribute_free(m_attr);
               }
 /* Create an object to be signed by the given issuer with the given role