1 | #ifndef __CREDDY_HH__ |
---|
2 | #define __CREDDY_HH__ |
---|
3 | |
---|
4 | #include <cstdio> |
---|
5 | #include <stdexcept> |
---|
6 | |
---|
7 | namespace Creddy { |
---|
8 | extern "C" { |
---|
9 | #include <creddy.h> |
---|
10 | } |
---|
11 | |
---|
12 | class ID { |
---|
13 | public: |
---|
14 | ID() : m_id(NULL) { } // do not use: required by swig |
---|
15 | |
---|
16 | // load an ID from a file |
---|
17 | ID(char *filename) : m_id(NULL) { |
---|
18 | m_id = creddy_id_from_file(filename); |
---|
19 | if (m_id == NULL) |
---|
20 | throw std::invalid_argument("Could not load ID cert"); |
---|
21 | } |
---|
22 | |
---|
23 | // generate an ID with a given CN and validity |
---|
24 | ID(char *cn, int validity) : m_id(NULL) { |
---|
25 | int ret = creddy_id_generate(&m_id, cn, validity); |
---|
26 | if (ret == CREDDY_GENERATE_INVALID_CN) |
---|
27 | throw std::invalid_argument("CN must be alphanumeric and start with a letter"); |
---|
28 | if (ret == CREDDY_GENERATE_INVALID_VALIDITY) |
---|
29 | throw std::invalid_argument("Validity must be > 0 days"); |
---|
30 | } |
---|
31 | |
---|
32 | ID(const ID &id) { m_id = creddy_id_dup(id.m_id); } |
---|
33 | |
---|
34 | ~ID() { creddy_id_free(m_id); } |
---|
35 | |
---|
36 | // load private key from a file |
---|
37 | void load_privkey(char *filename) { |
---|
38 | int ret = creddy_id_load_privkey(m_id, filename); |
---|
39 | if (!ret) |
---|
40 | throw std::invalid_argument("Could not load private key"); |
---|
41 | } |
---|
42 | |
---|
43 | char *keyid() { return creddy_id_keyid(m_id); } |
---|
44 | char *cert_filename() { return creddy_id_cert_filename(m_id); } |
---|
45 | void write_cert(std::FILE *out) { creddy_id_write_cert(m_id, out); } |
---|
46 | void write_cert(std::string &name) { |
---|
47 | std::FILE *out = fopen(name.c_str(), "w"); |
---|
48 | if (out == NULL) |
---|
49 | throw std::invalid_argument("Could not open cert file for writing"); |
---|
50 | write_cert(out); |
---|
51 | fclose(out); |
---|
52 | } |
---|
53 | // Simplifies access from swig |
---|
54 | void write_cert(char *n) { |
---|
55 | std::string nn = n; |
---|
56 | write_cert(nn); |
---|
57 | } |
---|
58 | char *privkey_filename() { return creddy_id_privkey_filename(m_id); } |
---|
59 | |
---|
60 | // write the private ket |
---|
61 | // throws a std::logic_error if no private key is loaded |
---|
62 | void write_privkey(std::FILE *out) { |
---|
63 | int ret = creddy_id_write_privkey(m_id, out); |
---|
64 | if (!ret) throw new std::logic_error("No private key loaded"); |
---|
65 | } |
---|
66 | void write_privkey(std::string &name) { |
---|
67 | std::FILE *out = fopen(name.c_str(), "w"); |
---|
68 | if (out == NULL) |
---|
69 | throw std::invalid_argument("Could not open privkey file for writing"); |
---|
70 | write_privkey(out); |
---|
71 | fclose(out); |
---|
72 | } |
---|
73 | // Simplifies access from swig |
---|
74 | void write_privkey(char *name) { |
---|
75 | std::string n = name; |
---|
76 | write_privkey(n); |
---|
77 | } |
---|
78 | |
---|
79 | abac_chunk_t cert_chunk() { return creddy_id_cert_chunk(m_id); } |
---|
80 | |
---|
81 | friend class Attribute; |
---|
82 | |
---|
83 | private: |
---|
84 | creddy_id_t *m_id; |
---|
85 | }; |
---|
86 | |
---|
87 | class Attribute { |
---|
88 | public: |
---|
89 | Attribute() : m_attr(NULL) { } // do not use: required by swig |
---|
90 | |
---|
91 | // create a cert |
---|
92 | Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) { |
---|
93 | int ret = creddy_attribute_create(&m_attr, issuer.m_id, role, validity); |
---|
94 | if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY) |
---|
95 | throw std::invalid_argument("Issuer has no private key"); |
---|
96 | if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE) |
---|
97 | throw std::invalid_argument("Role name must be alphanumeric"); |
---|
98 | if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY) |
---|
99 | throw std::invalid_argument("Validity must be > 0 days"); |
---|
100 | } |
---|
101 | |
---|
102 | ~Attribute() { creddy_attribute_free(m_attr); } |
---|
103 | |
---|
104 | // these return false if there's a bad keyid or role name |
---|
105 | // they'll throw a std::logic_error if the cert's been baked |
---|
106 | bool principal(char *keyid) { |
---|
107 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
108 | return creddy_attribute_principal(m_attr, keyid); |
---|
109 | } |
---|
110 | bool role(char *keyid, char *role) { |
---|
111 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
112 | return creddy_attribute_role(m_attr, keyid, role); |
---|
113 | } |
---|
114 | bool linking_role(char *keyid, char *role, char *linked) { |
---|
115 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
116 | return creddy_attribute_linking_role(m_attr, keyid, role, linked); |
---|
117 | } |
---|
118 | |
---|
119 | // returns false if there are no subjects or libstrongswan fails |
---|
120 | // throws a std::logic_error if the cert's already been baked |
---|
121 | bool bake() { |
---|
122 | if (baked()) throw std::logic_error("Cert is already baked"); |
---|
123 | return creddy_attribute_bake(m_attr); |
---|
124 | } |
---|
125 | |
---|
126 | // returns true iff the cert's been baked |
---|
127 | bool baked() { return creddy_attribute_baked(m_attr); } |
---|
128 | |
---|
129 | // throws a std::logic_error if the cert isn't baked |
---|
130 | void write(std::FILE *out) { |
---|
131 | int ret = creddy_attribute_write(m_attr, out); |
---|
132 | if (!ret) throw std::logic_error("Cert is not baked"); |
---|
133 | } |
---|
134 | |
---|
135 | void write(std::string &name) { |
---|
136 | std::FILE *out = fopen(name.c_str(), "w"); |
---|
137 | if (out == NULL) |
---|
138 | throw std::invalid_argument("Could not open cert file for writing"); |
---|
139 | write(out); |
---|
140 | fclose(out); |
---|
141 | } |
---|
142 | |
---|
143 | // Simplifies access from swig |
---|
144 | void write(char *name) { |
---|
145 | std::string n = name; |
---|
146 | write(name); |
---|
147 | } |
---|
148 | |
---|
149 | // throws a std::logic_error if the cert isn't baked |
---|
150 | abac_chunk_t cert_chunk() { |
---|
151 | abac_chunk_t ret; |
---|
152 | if (!baked()) throw new std::logic_error("Cert is not baked"); |
---|
153 | creddy_attribute_cert_chunk(m_attr, &ret); |
---|
154 | return ret; |
---|
155 | } |
---|
156 | |
---|
157 | private: |
---|
158 | creddy_attribute_t *m_attr; |
---|
159 | }; |
---|
160 | } |
---|
161 | |
---|
162 | #endif /* __CREDDY_HH__ */ |
---|