source: creddy/creddy.h @ 08bb122

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0tvf-new-xml 0.2.0
Last change on this file since 08bb122 was 956e1c6, checked in by Mike Ryan <mikeryan@…>, 13 years ago

load an ID from a chunk

  • Property mode set to 100644
File size: 3.9 KB
Line 
1#ifndef __LIBCREDDY_H__
2#define __LIBCREDDY_H__
3
4#include <stdio.h>
5#include <time.h> // for time_t
6
7#include <abac_common.h>
8
9#define CREDDY_SUCCESS                      0
10#define CREDDY_GENERATE_INVALID_CN          -1
11#define CREDDY_GENERATE_INVALID_VALIDITY    -2
12#define CREDDY_ATTRIBUTE_ISSUER_NOKEY       -3
13#define CREDDY_ATTRIBUTE_INVALID_ROLE       -4
14#define CREDDY_ATTRIBUTE_INVALID_VALIDITY   -5
15
16/**
17 * Creddy identifiers.
18 */
19
20typedef struct _creddy_id_t creddy_id_t;
21
22// create an ID from an X.509 certificate
23creddy_id_t *creddy_id_from_file(char *filename);
24
25// create an ID from a DER-encoded X.509 certificate chunk
26creddy_id_t *creddy_id_from_chunk(abac_chunk_t chunk);
27
28// load an X.509 private key for an from a file
29// handles keys with a password
30int creddy_id_load_privkey(creddy_id_t *id, char *filename);
31
32// generate an ID
33// returns one of CREDDY_SUCCESS or CREDDY_GENERATE_* (see top)
34int creddy_id_generate(creddy_id_t **ret, char *cn, int validity);
35
36// get the SHA1 keyid, pointer is valid for the lifetime of the object
37char *creddy_id_keyid(creddy_id_t *id);
38
39// get the name of the issuer
40// caller must free the returned string
41char *creddy_id_issuer(creddy_id_t *id);
42
43// get the DN of the subject
44// caller must free the returned string
45char *creddy_id_subject(creddy_id_t *id);
46
47// get the validity period of the cert
48void creddy_id_validity(creddy_id_t *id, time_t *not_before, time_t *not_after);
49
50// default filename for the cert: ${CN}_ID.pem
51// caller must free the returned string
52char *creddy_id_cert_filename(creddy_id_t *id);
53
54// write the cert fo an open file pointer
55void creddy_id_write_cert(creddy_id_t *id, FILE *out);
56
57// default filename for the private key: ${CN}_key.pem
58// caller must free the return value
59char *creddy_id_privkey_filename(creddy_id_t *id);
60
61// write the private key to a file
62// it is recommended that you open this file mode 0600
63// returns false if there's no private key loaded
64int creddy_id_write_privkey(creddy_id_t *id, FILE *out);
65
66// get a chunk representing the cert
67// you must free the ptr of the chunk when done
68abac_chunk_t creddy_id_cert_chunk(creddy_id_t *id);
69
70// dup an ID (increases its refcount)
71creddy_id_t *creddy_id_dup(creddy_id_t *id);
72
73// destroy the id
74// decreases refcount and destroys when it hits 0
75void creddy_id_free(creddy_id_t *id);
76
77/**
78 * Attribute cert
79 */
80typedef struct _creddy_attribute_t creddy_attribute_t;
81
82//
83// Here's the skinny:
84//  Attribute cert objects don't contain an actual cert until they're baked.
85//  First you construct the object using creddy_attribute_create, then you add
86//  subjects to it using creddy_attribute_{principal,role,linking_role}.
87//  Finally you bake it. Once you've done that, you can access the DER encoding
88//  or write it to a file.
89//
90
91// create an attribute cert
92// validity is in days
93// returns one of CREDDY_SUCCESS or CREDDY_ATTRIBUTE_* (see top)
94int creddy_attribute_create(creddy_attribute_t **attr, creddy_id_t *issuer, char *role, int validity);
95
96// add a principal subject to the cert
97int creddy_attribute_principal(creddy_attribute_t *attr, char *keyid);
98
99// add a role subject
100int creddy_attribute_role(creddy_attribute_t *attr, char *keyid, char *role);
101
102// add a linking role subject
103int creddy_attribute_linking_role(creddy_attribute_t *attr, char *keyid, char *role, char *linked);
104
105// create the attribute cert once all the subjects have been added
106// can return 0 if there are no subjects or there's a problem building the cert
107int creddy_attribute_bake(creddy_attribute_t *attr);
108
109// returns true iff the cert's been baked
110int creddy_attribute_baked(creddy_attribute_t *attr);
111
112// write the cert to a file. returns 0 if the cert hasn't been baked
113int creddy_attribute_write(creddy_attribute_t *attr, FILE *out);
114
115// get the DER-encoded cert
116// returns 0 if the cert isn't baked
117int creddy_attribute_cert_chunk(creddy_attribute_t *attr, abac_chunk_t *chunk);
118
119// destroy the cert
120void creddy_attribute_free(creddy_attribute_t *attr);
121
122#endif /* __LIBCREDDY_H__ */
Note: See TracBrowser for help on using the repository browser.