Context Navigation

source: creddy/creddy.hh @ 811fda1

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since 811fda1 was 811fda1, checked in by Ted Faber <faber@…>, 13 years ago
Untangle overloaded functions. See ticket #23
Property mode set to `100644`
File size: 6.1 KB

Line
1	#ifndef __CREDDY_HH__
2	#define __CREDDY_HH__
3
4	#include <cstdio>
5	#include <stdexcept>
6
7	namespace Creddy {
8	extern "C" {
9	#include <creddy.h>
10	}
11
12	class ID {
13	public:
14	ID() : m_id(NULL) { } // do not use: required by swig
15
16	// load an ID from a file
17	ID(char *filename) : m_id(NULL) {
18	m_id = creddy_id_from_file(filename);
19	if (m_id == NULL)
20	throw std::invalid_argument("Could not load ID cert");
21	}
22
23	// generate an ID with a given CN and validity
24	ID(char *cn, int validity) : m_id(NULL) {
25	int ret = creddy_id_generate(&m_id, cn, validity);
26	if (ret == CREDDY_GENERATE_INVALID_CN)
27	throw std::invalid_argument("CN must be alphanumeric and start with a letter");
28	if (ret == CREDDY_GENERATE_INVALID_VALIDITY)
29	throw std::invalid_argument("Validity must be > 0 days");
30	}
31
32	ID(const ID &id) { m_id = creddy_id_dup(id.m_id); }
33
34	~ID() { creddy_id_free(m_id); }
35
36	// load private key from a file
37	void load_privkey(char *filename) {
38	int ret = creddy_id_load_privkey(m_id, filename);
39	if (!ret)
40	throw std::invalid_argument("Could not load private key");
41	}
42
43	char *keyid() { return creddy_id_keyid(m_id); }
44	char *cert_filename() { return creddy_id_cert_filename(m_id); }
45	void write_cert(std::FILE *out) { creddy_id_write_cert(m_id, out); }
46	void write_cert(std::string &name) {
47	std::FILE *out = fopen(name.c_str(), "w");
48	if (out == NULL)
49	throw std::invalid_argument("Could not open cert file for writing");
50	write_cert(out);
51	fclose(out);
52	}
53	// Simplifies access from swig
54	void write_cert(char *n) {
55	std::string nn = n;
56	write_cert(nn);
57	}
58	char *privkey_filename() { return creddy_id_privkey_filename(m_id); }
59
60	// write the private ket
61	// throws a std::logic_error if no private key is loaded
62	void write_privkey(std::FILE *out) {
63	int ret = creddy_id_write_privkey(m_id, out);
64	if (!ret) throw new std::logic_error("No private key loaded");
65	}
66	void write_privkey(std::string &name) {
67	std::FILE *out = fopen(name.c_str(), "w");
68	if (out == NULL)
69	throw std::invalid_argument("Could not open privkey file for writing");
70	write_privkey(out);
71	fclose(out);
72	}
73	// Simplifies access from swig
74	void write_privkey(char *name) {
75	std::string n = name;
76	write_privkey(n);
77	}
78
79	abac_chunk_t cert_chunk() { return creddy_id_cert_chunk(m_id); }
80
81	friend class Attribute;
82
83	private:
84	creddy_id_t *m_id;
85	};
86
87	class Attribute {
88	public:
89	Attribute() : m_attr(NULL) { } // do not use: required by swig
90
91	// create a cert
92	Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) {
93	int ret = creddy_attribute_create(&m_attr, issuer.m_id, role, validity);
94	if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY)
95	throw std::invalid_argument("Issuer has no private key");
96	if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE)
97	throw std::invalid_argument("Role name must be alphanumeric");
98	if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY)
99	throw std::invalid_argument("Validity must be > 0 days");
100	}
101
102	~Attribute() { creddy_attribute_free(m_attr); }
103
104	// these return false if there's a bad keyid or role name
105	// they'll throw a std::logic_error if the cert's been baked
106	bool principal(char *keyid) {
107	if (baked()) throw std::logic_error("Cert is already baked");
108	return creddy_attribute_principal(m_attr, keyid);
109	}
110	bool role(char keyid, char role) {
111	if (baked()) throw std::logic_error("Cert is already baked");
112	return creddy_attribute_role(m_attr, keyid, role);
113	}
114	bool linking_role(char keyid, char role, char *linked) {
115	if (baked()) throw std::logic_error("Cert is already baked");
116	return creddy_attribute_linking_role(m_attr, keyid, role, linked);
117	}
118
119	// returns false if there are no subjects or libstrongswan fails
120	// throws a std::logic_error if the cert's already been baked
121	bool bake() {
122	if (baked()) throw std::logic_error("Cert is already baked");
123	return creddy_attribute_bake(m_attr);
124	}
125
126	// returns true iff the cert's been baked
127	bool baked() { return creddy_attribute_baked(m_attr); }
128
129	// throws a std::logic_error if the cert isn't baked
130	void write(std::FILE *out) {
131	int ret = creddy_attribute_write(m_attr, out);
132	if (!ret) throw std::logic_error("Cert is not baked");
133	}
134
135	void write(std::string &name) {
136	std::FILE *out = fopen(name.c_str(), "w");
137	if (out == NULL)
138	throw std::invalid_argument("Could not open cert file for writing");
139	write(out);
140	fclose(out);
141	}
142
143	// Simplifies access from swig
144	void write(char *name) {
145	std::string n = name;
146	write(name);
147	}
148
149	// throws a std::logic_error if the cert isn't baked
150	abac_chunk_t cert_chunk() {
151	abac_chunk_t ret;
152	if (!baked()) throw new std::logic_error("Cert is not baked");
153	creddy_attribute_cert_chunk(m_attr, &ret);
154	return ret;
155	}
156
157	private:
158	creddy_attribute_t *m_attr;
159	};
160	}
161
162	#endif /* __CREDDY_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: