[1f6becb] | 1 | #ifndef __CREDDY_HH__ |
---|
| 2 | #define __CREDDY_HH__ |
---|
| 3 | |
---|
| 4 | #include <cstdio> |
---|
| 5 | #include <stdexcept> |
---|
| 6 | |
---|
| 7 | namespace Creddy { |
---|
| 8 | extern "C" { |
---|
| 9 | #include <creddy.h> |
---|
| 10 | } |
---|
| 11 | |
---|
| 12 | class ID { |
---|
| 13 | public: |
---|
| 14 | ID() : m_id(NULL) { } // do not use: required by swig |
---|
| 15 | |
---|
| 16 | // load an ID from a file |
---|
| 17 | ID(char *filename) : m_id(NULL) { |
---|
| 18 | m_id = creddy_id_from_file(filename); |
---|
| 19 | if (m_id == NULL) |
---|
| 20 | throw std::invalid_argument("Could not load ID cert"); |
---|
| 21 | } |
---|
| 22 | |
---|
[956e1c6] | 23 | // load an ID from a chunk |
---|
| 24 | ID(abac_chunk_t chunk) : m_id(NULL) { |
---|
| 25 | m_id = creddy_id_from_chunk(chunk); |
---|
| 26 | if (m_id == NULL) |
---|
| 27 | throw std::invalid_argument("Could not load ID cert"); |
---|
| 28 | } |
---|
| 29 | |
---|
[1f6becb] | 30 | // generate an ID with a given CN and validity |
---|
| 31 | ID(char *cn, int validity) : m_id(NULL) { |
---|
| 32 | int ret = creddy_id_generate(&m_id, cn, validity); |
---|
| 33 | if (ret == CREDDY_GENERATE_INVALID_CN) |
---|
| 34 | throw std::invalid_argument("CN must be alphanumeric and start with a letter"); |
---|
| 35 | if (ret == CREDDY_GENERATE_INVALID_VALIDITY) |
---|
| 36 | throw std::invalid_argument("Validity must be > 0 days"); |
---|
| 37 | } |
---|
| 38 | |
---|
[2a20fa0] | 39 | ID(const ID &id) { m_id = creddy_id_dup(id.m_id); } |
---|
| 40 | |
---|
[1f6becb] | 41 | ~ID() { creddy_id_free(m_id); } |
---|
| 42 | |
---|
| 43 | // load private key from a file |
---|
| 44 | void load_privkey(char *filename) { |
---|
| 45 | int ret = creddy_id_load_privkey(m_id, filename); |
---|
| 46 | if (!ret) |
---|
| 47 | throw std::invalid_argument("Could not load private key"); |
---|
| 48 | } |
---|
| 49 | |
---|
| 50 | char *keyid() { return creddy_id_keyid(m_id); } |
---|
| 51 | char *cert_filename() { return creddy_id_cert_filename(m_id); } |
---|
| 52 | void write_cert(std::FILE *out) { creddy_id_write_cert(m_id, out); } |
---|
[0cdea0b] | 53 | void write_cert(const std::string &name) { |
---|
[2a095a4] | 54 | std::FILE *out = fopen(name.c_str(), "w"); |
---|
| 55 | if (out == NULL) |
---|
| 56 | throw std::invalid_argument("Could not open cert file for writing"); |
---|
| 57 | write_cert(out); |
---|
| 58 | fclose(out); |
---|
| 59 | } |
---|
[811fda1] | 60 | // Simplifies access from swig |
---|
[0cdea0b] | 61 | void write_cert(const char *n) { |
---|
| 62 | write_cert(std::string(n)); |
---|
[9491fd7] | 63 | } |
---|
[1f6becb] | 64 | char *privkey_filename() { return creddy_id_privkey_filename(m_id); } |
---|
[d56e51b] | 65 | |
---|
| 66 | // write the private ket |
---|
| 67 | // throws a std::logic_error if no private key is loaded |
---|
| 68 | void write_privkey(std::FILE *out) { |
---|
| 69 | int ret = creddy_id_write_privkey(m_id, out); |
---|
| 70 | if (!ret) throw new std::logic_error("No private key loaded"); |
---|
| 71 | } |
---|
[0cdea0b] | 72 | void write_privkey(const std::string &name) { |
---|
[2a095a4] | 73 | std::FILE *out = fopen(name.c_str(), "w"); |
---|
| 74 | if (out == NULL) |
---|
| 75 | throw std::invalid_argument("Could not open privkey file for writing"); |
---|
| 76 | write_privkey(out); |
---|
| 77 | fclose(out); |
---|
| 78 | } |
---|
[811fda1] | 79 | // Simplifies access from swig |
---|
[0cdea0b] | 80 | void write_privkey(const char *name) { |
---|
| 81 | write_privkey(std::string(name)); |
---|
[811fda1] | 82 | } |
---|
[1f6becb] | 83 | |
---|
[11e3eb7] | 84 | abac_chunk_t cert_chunk() { return creddy_id_cert_chunk(m_id); } |
---|
| 85 | |
---|
[1f6becb] | 86 | friend class Attribute; |
---|
| 87 | |
---|
| 88 | private: |
---|
| 89 | creddy_id_t *m_id; |
---|
| 90 | }; |
---|
| 91 | |
---|
| 92 | class Attribute { |
---|
| 93 | public: |
---|
| 94 | Attribute() : m_attr(NULL) { } // do not use: required by swig |
---|
| 95 | |
---|
| 96 | // create a cert |
---|
| 97 | Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) { |
---|
| 98 | int ret = creddy_attribute_create(&m_attr, issuer.m_id, role, validity); |
---|
| 99 | if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY) |
---|
| 100 | throw std::invalid_argument("Issuer has no private key"); |
---|
| 101 | if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE) |
---|
| 102 | throw std::invalid_argument("Role name must be alphanumeric"); |
---|
| 103 | if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY) |
---|
| 104 | throw std::invalid_argument("Validity must be > 0 days"); |
---|
| 105 | } |
---|
| 106 | |
---|
| 107 | ~Attribute() { creddy_attribute_free(m_attr); } |
---|
| 108 | |
---|
| 109 | // these return false if there's a bad keyid or role name |
---|
| 110 | // they'll throw a std::logic_error if the cert's been baked |
---|
| 111 | bool principal(char *keyid) { |
---|
| 112 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 113 | return creddy_attribute_principal(m_attr, keyid); |
---|
| 114 | } |
---|
| 115 | bool role(char *keyid, char *role) { |
---|
| 116 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 117 | return creddy_attribute_role(m_attr, keyid, role); |
---|
| 118 | } |
---|
| 119 | bool linking_role(char *keyid, char *role, char *linked) { |
---|
| 120 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 121 | return creddy_attribute_linking_role(m_attr, keyid, role, linked); |
---|
| 122 | } |
---|
| 123 | |
---|
| 124 | // returns false if there are no subjects or libstrongswan fails |
---|
| 125 | // throws a std::logic_error if the cert's already been baked |
---|
| 126 | bool bake() { |
---|
| 127 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 128 | return creddy_attribute_bake(m_attr); |
---|
| 129 | } |
---|
| 130 | |
---|
| 131 | // returns true iff the cert's been baked |
---|
| 132 | bool baked() { return creddy_attribute_baked(m_attr); } |
---|
| 133 | |
---|
| 134 | // throws a std::logic_error if the cert isn't baked |
---|
| 135 | void write(std::FILE *out) { |
---|
| 136 | int ret = creddy_attribute_write(m_attr, out); |
---|
| 137 | if (!ret) throw std::logic_error("Cert is not baked"); |
---|
| 138 | } |
---|
| 139 | |
---|
[0cdea0b] | 140 | void write(const std::string &name) { |
---|
[2a095a4] | 141 | std::FILE *out = fopen(name.c_str(), "w"); |
---|
| 142 | if (out == NULL) |
---|
| 143 | throw std::invalid_argument("Could not open cert file for writing"); |
---|
| 144 | write(out); |
---|
| 145 | fclose(out); |
---|
| 146 | } |
---|
| 147 | |
---|
[811fda1] | 148 | // Simplifies access from swig |
---|
[0cdea0b] | 149 | void write(const char *name) { |
---|
| 150 | write(std::string(name)); |
---|
[811fda1] | 151 | } |
---|
| 152 | |
---|
[11e3eb7] | 153 | // throws a std::logic_error if the cert isn't baked |
---|
| 154 | abac_chunk_t cert_chunk() { |
---|
| 155 | abac_chunk_t ret; |
---|
| 156 | if (!baked()) throw new std::logic_error("Cert is not baked"); |
---|
| 157 | creddy_attribute_cert_chunk(m_attr, &ret); |
---|
| 158 | return ret; |
---|
| 159 | } |
---|
| 160 | |
---|
[1f6becb] | 161 | private: |
---|
| 162 | creddy_attribute_t *m_attr; |
---|
| 163 | }; |
---|
| 164 | } |
---|
| 165 | |
---|
| 166 | #endif /* __CREDDY_HH__ */ |
---|