[04f5da1] | 1 | #ifndef __LIBCREDDY_H__ |
---|
| 2 | #define __LIBCREDDY_H__ |
---|
| 3 | |
---|
| 4 | #include <stdio.h> |
---|
| 5 | |
---|
[11e3eb7] | 6 | #include <abac_common.h> |
---|
| 7 | |
---|
[04f5da1] | 8 | #define CREDDY_SUCCESS 0 |
---|
| 9 | #define CREDDY_GENERATE_INVALID_CN -1 |
---|
| 10 | #define CREDDY_GENERATE_INVALID_VALIDITY -2 |
---|
| 11 | #define CREDDY_ATTRIBUTE_ISSUER_NOKEY -3 |
---|
| 12 | #define CREDDY_ATTRIBUTE_INVALID_ROLE -4 |
---|
| 13 | #define CREDDY_ATTRIBUTE_INVALID_VALIDITY -5 |
---|
| 14 | |
---|
| 15 | /** |
---|
| 16 | * Creddy identifiers. |
---|
| 17 | */ |
---|
| 18 | |
---|
| 19 | typedef struct _creddy_id_t creddy_id_t; |
---|
| 20 | |
---|
| 21 | // create an ID from an X.509 certificate |
---|
| 22 | creddy_id_t *creddy_id_from_file(char *filename); |
---|
| 23 | |
---|
| 24 | // load an X.509 private key for an from a file |
---|
| 25 | // handles keys with a password |
---|
| 26 | int creddy_id_load_privkey(creddy_id_t *id, char *filename); |
---|
| 27 | |
---|
| 28 | // generate an ID |
---|
| 29 | // returns one of CREDDY_SUCCESS or CREDDY_GENERATE_* (see top) |
---|
| 30 | int creddy_id_generate(creddy_id_t **ret, char *cn, int validity); |
---|
| 31 | |
---|
| 32 | // get the SHA1 keyid, pointer is valid for the lifetime of the object |
---|
| 33 | char *creddy_id_keyid(creddy_id_t *id); |
---|
| 34 | |
---|
| 35 | // default filename for the cert: ${CN}_ID.pem |
---|
| 36 | // caller must free the returned string |
---|
| 37 | char *creddy_id_cert_filename(creddy_id_t *id); |
---|
| 38 | |
---|
| 39 | // write the cert fo an open file pointer |
---|
| 40 | void creddy_id_write_cert(creddy_id_t *id, FILE *out); |
---|
| 41 | |
---|
| 42 | // default filename for the private key: ${CN}_key.pem |
---|
| 43 | // caller must free the return value |
---|
| 44 | char *creddy_id_privkey_filename(creddy_id_t *id); |
---|
| 45 | |
---|
| 46 | // write the private key to a file |
---|
| 47 | // it is recommended that you open this file mode 0600 |
---|
[d56e51b] | 48 | // returns false if there's no private key loaded |
---|
| 49 | int creddy_id_write_privkey(creddy_id_t *id, FILE *out); |
---|
[04f5da1] | 50 | |
---|
[11e3eb7] | 51 | // get a chunk representing the cert |
---|
| 52 | // you must free the ptr of the chunk when done |
---|
| 53 | abac_chunk_t creddy_id_cert_chunk(creddy_id_t *id); |
---|
| 54 | |
---|
[2a20fa0] | 55 | // dup an ID (increases its refcount) |
---|
| 56 | creddy_id_t *creddy_id_dup(creddy_id_t *id); |
---|
| 57 | |
---|
[04f5da1] | 58 | // destroy the id |
---|
[2a20fa0] | 59 | // decreases refcount and destroys when it hits 0 |
---|
[04f5da1] | 60 | void creddy_id_free(creddy_id_t *id); |
---|
| 61 | |
---|
| 62 | /** |
---|
| 63 | * Attribute cert |
---|
| 64 | */ |
---|
| 65 | typedef struct _creddy_attribute_t creddy_attribute_t; |
---|
| 66 | |
---|
| 67 | // |
---|
| 68 | // Here's the skinny: |
---|
| 69 | // Attribute cert objects don't contain an actual cert until they're baked. |
---|
| 70 | // First you construct the object using creddy_attribute_create, then you add |
---|
| 71 | // subjects to it using creddy_attribute_{principal,role,linking_role}. |
---|
| 72 | // Finally you bake it. Once you've done that, you can access the DER encoding |
---|
| 73 | // or write it to a file. |
---|
| 74 | // |
---|
| 75 | |
---|
| 76 | // create an attribute cert |
---|
| 77 | // validity is in days |
---|
| 78 | // returns one of CREDDY_SUCCESS or CREDDY_ATTRIBUTE_* (see top) |
---|
| 79 | int creddy_attribute_create(creddy_attribute_t **attr, creddy_id_t *issuer, char *role, int validity); |
---|
| 80 | |
---|
| 81 | // add a principal subject to the cert |
---|
| 82 | int creddy_attribute_principal(creddy_attribute_t *attr, char *keyid); |
---|
| 83 | |
---|
| 84 | // add a role subject |
---|
| 85 | int creddy_attribute_role(creddy_attribute_t *attr, char *keyid, char *role); |
---|
| 86 | |
---|
| 87 | // add a linking role subject |
---|
| 88 | int creddy_attribute_linking_role(creddy_attribute_t *attr, char *keyid, char *role, char *linked); |
---|
| 89 | |
---|
| 90 | // create the attribute cert once all the subjects have been added |
---|
| 91 | // can return 0 if there are no subjects or there's a problem building the cert |
---|
| 92 | int creddy_attribute_bake(creddy_attribute_t *attr); |
---|
| 93 | |
---|
[e02c742] | 94 | // returns true iff the cert's been baked |
---|
| 95 | int creddy_attribute_baked(creddy_attribute_t *attr); |
---|
| 96 | |
---|
[78358ab] | 97 | // write the cert to a file. returns 0 if the cert hasn't been baked |
---|
| 98 | int creddy_attribute_write(creddy_attribute_t *attr, FILE *out); |
---|
| 99 | |
---|
[11e3eb7] | 100 | // get the DER-encoded cert |
---|
| 101 | // returns 0 if the cert isn't baked |
---|
| 102 | int creddy_attribute_cert_chunk(creddy_attribute_t *attr, abac_chunk_t *chunk); |
---|
| 103 | |
---|
[04f5da1] | 104 | // destroy the cert |
---|
| 105 | void creddy_attribute_free(creddy_attribute_t *attr); |
---|
| 106 | |
---|
| 107 | #endif /* __LIBCREDDY_H__ */ |
---|