[1f6becb] | 1 | #ifndef __CREDDY_HH__ |
---|
| 2 | #define __CREDDY_HH__ |
---|
| 3 | |
---|
| 4 | #include <cstdio> |
---|
| 5 | #include <stdexcept> |
---|
| 6 | |
---|
| 7 | namespace Creddy { |
---|
| 8 | extern "C" { |
---|
| 9 | #include <creddy.h> |
---|
| 10 | } |
---|
| 11 | |
---|
| 12 | class ID { |
---|
| 13 | public: |
---|
| 14 | ID() : m_id(NULL) { } // do not use: required by swig |
---|
| 15 | |
---|
| 16 | // load an ID from a file |
---|
| 17 | ID(char *filename) : m_id(NULL) { |
---|
| 18 | m_id = creddy_id_from_file(filename); |
---|
| 19 | if (m_id == NULL) |
---|
| 20 | throw std::invalid_argument("Could not load ID cert"); |
---|
| 21 | } |
---|
| 22 | |
---|
| 23 | // generate an ID with a given CN and validity |
---|
| 24 | ID(char *cn, int validity) : m_id(NULL) { |
---|
| 25 | int ret = creddy_id_generate(&m_id, cn, validity); |
---|
| 26 | if (ret == CREDDY_GENERATE_INVALID_CN) |
---|
| 27 | throw std::invalid_argument("CN must be alphanumeric and start with a letter"); |
---|
| 28 | if (ret == CREDDY_GENERATE_INVALID_VALIDITY) |
---|
| 29 | throw std::invalid_argument("Validity must be > 0 days"); |
---|
| 30 | } |
---|
| 31 | |
---|
| 32 | ~ID() { creddy_id_free(m_id); } |
---|
| 33 | |
---|
| 34 | // load private key from a file |
---|
| 35 | void load_privkey(char *filename) { |
---|
| 36 | int ret = creddy_id_load_privkey(m_id, filename); |
---|
| 37 | if (!ret) |
---|
| 38 | throw std::invalid_argument("Could not load private key"); |
---|
| 39 | } |
---|
| 40 | |
---|
| 41 | char *keyid() { return creddy_id_keyid(m_id); } |
---|
| 42 | char *cert_filename() { return creddy_id_cert_filename(m_id); } |
---|
| 43 | void write_cert(std::FILE *out) { creddy_id_write_cert(m_id, out); } |
---|
| 44 | char *privkey_filename() { return creddy_id_privkey_filename(m_id); } |
---|
| 45 | void write_privkey(std::FILE *out) { creddy_id_write_privkey(m_id, out); } |
---|
| 46 | |
---|
| 47 | friend class Attribute; |
---|
| 48 | |
---|
| 49 | private: |
---|
| 50 | creddy_id_t *m_id; |
---|
| 51 | }; |
---|
| 52 | |
---|
| 53 | class Attribute { |
---|
| 54 | public: |
---|
| 55 | Attribute() : m_attr(NULL) { } // do not use: required by swig |
---|
| 56 | |
---|
| 57 | // create a cert |
---|
| 58 | Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) { |
---|
| 59 | int ret = creddy_attribute_create(&m_attr, issuer.m_id, role, validity); |
---|
| 60 | if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY) |
---|
| 61 | throw std::invalid_argument("Issuer has no private key"); |
---|
| 62 | if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE) |
---|
| 63 | throw std::invalid_argument("Role name must be alphanumeric"); |
---|
| 64 | if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY) |
---|
| 65 | throw std::invalid_argument("Validity must be > 0 days"); |
---|
| 66 | } |
---|
| 67 | |
---|
| 68 | ~Attribute() { creddy_attribute_free(m_attr); } |
---|
| 69 | |
---|
| 70 | // these return false if there's a bad keyid or role name |
---|
| 71 | // they'll throw a std::logic_error if the cert's been baked |
---|
| 72 | bool principal(char *keyid) { |
---|
| 73 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 74 | return creddy_attribute_principal(m_attr, keyid); |
---|
| 75 | } |
---|
| 76 | bool role(char *keyid, char *role) { |
---|
| 77 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 78 | return creddy_attribute_role(m_attr, keyid, role); |
---|
| 79 | } |
---|
| 80 | bool linking_role(char *keyid, char *role, char *linked) { |
---|
| 81 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 82 | return creddy_attribute_linking_role(m_attr, keyid, role, linked); |
---|
| 83 | } |
---|
| 84 | |
---|
| 85 | // returns false if there are no subjects or libstrongswan fails |
---|
| 86 | // throws a std::logic_error if the cert's already been baked |
---|
| 87 | bool bake() { |
---|
| 88 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 89 | return creddy_attribute_bake(m_attr); |
---|
| 90 | } |
---|
| 91 | |
---|
| 92 | // returns true iff the cert's been baked |
---|
| 93 | bool baked() { return creddy_attribute_baked(m_attr); } |
---|
| 94 | |
---|
| 95 | // throws a std::logic_error if the cert isn't baked |
---|
| 96 | void write(std::FILE *out) { |
---|
| 97 | int ret = creddy_attribute_write(m_attr, out); |
---|
| 98 | if (!ret) throw std::logic_error("Cert is not baked"); |
---|
| 99 | } |
---|
| 100 | |
---|
| 101 | private: |
---|
| 102 | creddy_attribute_t *m_attr; |
---|
| 103 | }; |
---|
| 104 | } |
---|
| 105 | |
---|
| 106 | #endif /* __CREDDY_HH__ */ |
---|