[1f6becb] | 1 | #ifndef __CREDDY_HH__ |
---|
| 2 | #define __CREDDY_HH__ |
---|
| 3 | |
---|
| 4 | #include <cstdio> |
---|
| 5 | #include <stdexcept> |
---|
| 6 | |
---|
| 7 | namespace Creddy { |
---|
| 8 | extern "C" { |
---|
| 9 | #include <creddy.h> |
---|
| 10 | } |
---|
| 11 | |
---|
| 12 | class ID { |
---|
| 13 | public: |
---|
| 14 | ID() : m_id(NULL) { } // do not use: required by swig |
---|
| 15 | |
---|
| 16 | // load an ID from a file |
---|
| 17 | ID(char *filename) : m_id(NULL) { |
---|
| 18 | m_id = creddy_id_from_file(filename); |
---|
| 19 | if (m_id == NULL) |
---|
| 20 | throw std::invalid_argument("Could not load ID cert"); |
---|
| 21 | } |
---|
| 22 | |
---|
| 23 | // generate an ID with a given CN and validity |
---|
| 24 | ID(char *cn, int validity) : m_id(NULL) { |
---|
| 25 | int ret = creddy_id_generate(&m_id, cn, validity); |
---|
| 26 | if (ret == CREDDY_GENERATE_INVALID_CN) |
---|
| 27 | throw std::invalid_argument("CN must be alphanumeric and start with a letter"); |
---|
| 28 | if (ret == CREDDY_GENERATE_INVALID_VALIDITY) |
---|
| 29 | throw std::invalid_argument("Validity must be > 0 days"); |
---|
| 30 | } |
---|
| 31 | |
---|
[2a20fa0] | 32 | ID(const ID &id) { m_id = creddy_id_dup(id.m_id); } |
---|
| 33 | |
---|
[1f6becb] | 34 | ~ID() { creddy_id_free(m_id); } |
---|
| 35 | |
---|
| 36 | // load private key from a file |
---|
| 37 | void load_privkey(char *filename) { |
---|
| 38 | int ret = creddy_id_load_privkey(m_id, filename); |
---|
| 39 | if (!ret) |
---|
| 40 | throw std::invalid_argument("Could not load private key"); |
---|
| 41 | } |
---|
| 42 | |
---|
| 43 | char *keyid() { return creddy_id_keyid(m_id); } |
---|
| 44 | char *cert_filename() { return creddy_id_cert_filename(m_id); } |
---|
| 45 | void write_cert(std::FILE *out) { creddy_id_write_cert(m_id, out); } |
---|
[2a095a4] | 46 | void write_cert(std::string &name) { |
---|
| 47 | std::FILE *out = fopen(name.c_str(), "w"); |
---|
| 48 | if (out == NULL) |
---|
| 49 | throw std::invalid_argument("Could not open cert file for writing"); |
---|
| 50 | write_cert(out); |
---|
| 51 | fclose(out); |
---|
| 52 | } |
---|
[1f6becb] | 53 | char *privkey_filename() { return creddy_id_privkey_filename(m_id); } |
---|
[d56e51b] | 54 | |
---|
| 55 | // write the private ket |
---|
| 56 | // throws a std::logic_error if no private key is loaded |
---|
| 57 | void write_privkey(std::FILE *out) { |
---|
| 58 | int ret = creddy_id_write_privkey(m_id, out); |
---|
| 59 | if (!ret) throw new std::logic_error("No private key loaded"); |
---|
| 60 | } |
---|
[2a095a4] | 61 | void write_privkey(std::string &name) { |
---|
| 62 | std::FILE *out = fopen(name.c_str(), "w"); |
---|
| 63 | if (out == NULL) |
---|
| 64 | throw std::invalid_argument("Could not open privkey file for writing"); |
---|
| 65 | write_privkey(out); |
---|
| 66 | fclose(out); |
---|
| 67 | } |
---|
[1f6becb] | 68 | |
---|
[11e3eb7] | 69 | abac_chunk_t cert_chunk() { return creddy_id_cert_chunk(m_id); } |
---|
| 70 | |
---|
[1f6becb] | 71 | friend class Attribute; |
---|
| 72 | |
---|
| 73 | private: |
---|
| 74 | creddy_id_t *m_id; |
---|
| 75 | }; |
---|
| 76 | |
---|
| 77 | class Attribute { |
---|
| 78 | public: |
---|
| 79 | Attribute() : m_attr(NULL) { } // do not use: required by swig |
---|
| 80 | |
---|
| 81 | // create a cert |
---|
| 82 | Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) { |
---|
| 83 | int ret = creddy_attribute_create(&m_attr, issuer.m_id, role, validity); |
---|
| 84 | if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY) |
---|
| 85 | throw std::invalid_argument("Issuer has no private key"); |
---|
| 86 | if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE) |
---|
| 87 | throw std::invalid_argument("Role name must be alphanumeric"); |
---|
| 88 | if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY) |
---|
| 89 | throw std::invalid_argument("Validity must be > 0 days"); |
---|
| 90 | } |
---|
| 91 | |
---|
| 92 | ~Attribute() { creddy_attribute_free(m_attr); } |
---|
| 93 | |
---|
| 94 | // these return false if there's a bad keyid or role name |
---|
| 95 | // they'll throw a std::logic_error if the cert's been baked |
---|
| 96 | bool principal(char *keyid) { |
---|
| 97 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 98 | return creddy_attribute_principal(m_attr, keyid); |
---|
| 99 | } |
---|
| 100 | bool role(char *keyid, char *role) { |
---|
| 101 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 102 | return creddy_attribute_role(m_attr, keyid, role); |
---|
| 103 | } |
---|
| 104 | bool linking_role(char *keyid, char *role, char *linked) { |
---|
| 105 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 106 | return creddy_attribute_linking_role(m_attr, keyid, role, linked); |
---|
| 107 | } |
---|
| 108 | |
---|
| 109 | // returns false if there are no subjects or libstrongswan fails |
---|
| 110 | // throws a std::logic_error if the cert's already been baked |
---|
| 111 | bool bake() { |
---|
| 112 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
| 113 | return creddy_attribute_bake(m_attr); |
---|
| 114 | } |
---|
| 115 | |
---|
| 116 | // returns true iff the cert's been baked |
---|
| 117 | bool baked() { return creddy_attribute_baked(m_attr); } |
---|
| 118 | |
---|
| 119 | // throws a std::logic_error if the cert isn't baked |
---|
| 120 | void write(std::FILE *out) { |
---|
| 121 | int ret = creddy_attribute_write(m_attr, out); |
---|
| 122 | if (!ret) throw std::logic_error("Cert is not baked"); |
---|
| 123 | } |
---|
| 124 | |
---|
[2a095a4] | 125 | void write(std::string &name) { |
---|
| 126 | std::FILE *out = fopen(name.c_str(), "w"); |
---|
| 127 | if (out == NULL) |
---|
| 128 | throw std::invalid_argument("Could not open cert file for writing"); |
---|
| 129 | write(out); |
---|
| 130 | fclose(out); |
---|
| 131 | } |
---|
| 132 | |
---|
[11e3eb7] | 133 | // throws a std::logic_error if the cert isn't baked |
---|
| 134 | abac_chunk_t cert_chunk() { |
---|
| 135 | abac_chunk_t ret; |
---|
| 136 | if (!baked()) throw new std::logic_error("Cert is not baked"); |
---|
| 137 | creddy_attribute_cert_chunk(m_attr, &ret); |
---|
| 138 | return ret; |
---|
| 139 | } |
---|
| 140 | |
---|
[1f6becb] | 141 | private: |
---|
| 142 | creddy_attribute_t *m_attr; |
---|
| 143 | }; |
---|
| 144 | } |
---|
| 145 | |
---|
| 146 | #endif /* __CREDDY_HH__ */ |
---|