Context Navigation

source: creddy/creddy.hh @ 1283aa3

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since 1283aa3 was 0cdea0b, checked in by Ted Faber <faber@…>, 13 years ago
Shake out a few more bugs (Attribute::write())
Property mode set to `100644`
File size: 6.1 KB

Line
1	#ifndef __CREDDY_HH__
2	#define __CREDDY_HH__
3
4	#include <cstdio>
5	#include <stdexcept>
6
7	namespace Creddy {
8	extern "C" {
9	#include <creddy.h>
10	}
11
12	class ID {
13	public:
14	ID() : m_id(NULL) { } // do not use: required by swig
15
16	// load an ID from a file
17	ID(char *filename) : m_id(NULL) {
18	m_id = creddy_id_from_file(filename);
19	if (m_id == NULL)
20	throw std::invalid_argument("Could not load ID cert");
21	}
22
23	// generate an ID with a given CN and validity
24	ID(char *cn, int validity) : m_id(NULL) {
25	int ret = creddy_id_generate(&m_id, cn, validity);
26	if (ret == CREDDY_GENERATE_INVALID_CN)
27	throw std::invalid_argument("CN must be alphanumeric and start with a letter");
28	if (ret == CREDDY_GENERATE_INVALID_VALIDITY)
29	throw std::invalid_argument("Validity must be > 0 days");
30	}
31
32	ID(const ID &id) { m_id = creddy_id_dup(id.m_id); }
33
34	~ID() { creddy_id_free(m_id); }
35
36	// load private key from a file
37	void load_privkey(char *filename) {
38	int ret = creddy_id_load_privkey(m_id, filename);
39	if (!ret)
40	throw std::invalid_argument("Could not load private key");
41	}
42
43	char *keyid() { return creddy_id_keyid(m_id); }
44	char *cert_filename() { return creddy_id_cert_filename(m_id); }
45	void write_cert(std::FILE *out) { creddy_id_write_cert(m_id, out); }
46	void write_cert(const std::string &name) {
47	std::FILE *out = fopen(name.c_str(), "w");
48	if (out == NULL)
49	throw std::invalid_argument("Could not open cert file for writing");
50	write_cert(out);
51	fclose(out);
52	}
53	// Simplifies access from swig
54	void write_cert(const char *n) {
55	write_cert(std::string(n));
56	}
57	char *privkey_filename() { return creddy_id_privkey_filename(m_id); }
58
59	// write the private ket
60	// throws a std::logic_error if no private key is loaded
61	void write_privkey(std::FILE *out) {
62	int ret = creddy_id_write_privkey(m_id, out);
63	if (!ret) throw new std::logic_error("No private key loaded");
64	}
65	void write_privkey(const std::string &name) {
66	std::FILE *out = fopen(name.c_str(), "w");
67	if (out == NULL)
68	throw std::invalid_argument("Could not open privkey file for writing");
69	write_privkey(out);
70	fclose(out);
71	}
72	// Simplifies access from swig
73	void write_privkey(const char *name) {
74	write_privkey(std::string(name));
75	}
76
77	abac_chunk_t cert_chunk() { return creddy_id_cert_chunk(m_id); }
78
79	friend class Attribute;
80
81	private:
82	creddy_id_t *m_id;
83	};
84
85	class Attribute {
86	public:
87	Attribute() : m_attr(NULL) { } // do not use: required by swig
88
89	// create a cert
90	Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) {
91	int ret = creddy_attribute_create(&m_attr, issuer.m_id, role, validity);
92	if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY)
93	throw std::invalid_argument("Issuer has no private key");
94	if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE)
95	throw std::invalid_argument("Role name must be alphanumeric");
96	if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY)
97	throw std::invalid_argument("Validity must be > 0 days");
98	}
99
100	~Attribute() { creddy_attribute_free(m_attr); }
101
102	// these return false if there's a bad keyid or role name
103	// they'll throw a std::logic_error if the cert's been baked
104	bool principal(char *keyid) {
105	if (baked()) throw std::logic_error("Cert is already baked");
106	return creddy_attribute_principal(m_attr, keyid);
107	}
108	bool role(char keyid, char role) {
109	if (baked()) throw std::logic_error("Cert is already baked");
110	return creddy_attribute_role(m_attr, keyid, role);
111	}
112	bool linking_role(char keyid, char role, char *linked) {
113	if (baked()) throw std::logic_error("Cert is already baked");
114	return creddy_attribute_linking_role(m_attr, keyid, role, linked);
115	}
116
117	// returns false if there are no subjects or libstrongswan fails
118	// throws a std::logic_error if the cert's already been baked
119	bool bake() {
120	if (baked()) throw std::logic_error("Cert is already baked");
121	return creddy_attribute_bake(m_attr);
122	}
123
124	// returns true iff the cert's been baked
125	bool baked() { return creddy_attribute_baked(m_attr); }
126
127	// throws a std::logic_error if the cert isn't baked
128	void write(std::FILE *out) {
129	int ret = creddy_attribute_write(m_attr, out);
130	if (!ret) throw std::logic_error("Cert is not baked");
131	}
132
133	void write(const std::string &name) {
134	std::FILE *out = fopen(name.c_str(), "w");
135	if (out == NULL)
136	throw std::invalid_argument("Could not open cert file for writing");
137	write(out);
138	fclose(out);
139	}
140
141	// Simplifies access from swig
142	void write(const char *name) {
143	write(std::string(name));
144	}
145
146	// throws a std::logic_error if the cert isn't baked
147	abac_chunk_t cert_chunk() {
148	abac_chunk_t ret;
149	if (!baked()) throw new std::logic_error("Cert is not baked");
150	creddy_attribute_cert_chunk(m_attr, &ret);
151	return ret;
152	}
153
154	private:
155	creddy_attribute_t *m_attr;
156	};
157	}
158
159	#endif /* __CREDDY_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: