Context Navigation

source: creddy/creddy.hh @ 8f58012

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since 8f58012 was 956e1c6, checked in by Mike Ryan <mikeryan@…>, 13 years ago
load an ID from a chunk
Property mode set to `100644`
File size: 6.4 KB

Line
1	#ifndef __CREDDY_HH__
2	#define __CREDDY_HH__
3
4	#include <cstdio>
5	#include <stdexcept>
6
7	namespace Creddy {
8	extern "C" {
9	#include <creddy.h>
10	}
11
12	class ID {
13	public:
14	ID() : m_id(NULL) { } // do not use: required by swig
15
16	// load an ID from a file
17	ID(char *filename) : m_id(NULL) {
18	m_id = creddy_id_from_file(filename);
19	if (m_id == NULL)
20	throw std::invalid_argument("Could not load ID cert");
21	}
22
23	// load an ID from a chunk
24	ID(abac_chunk_t chunk) : m_id(NULL) {
25	m_id = creddy_id_from_chunk(chunk);
26	if (m_id == NULL)
27	throw std::invalid_argument("Could not load ID cert");
28	}
29
30	// generate an ID with a given CN and validity
31	ID(char *cn, int validity) : m_id(NULL) {
32	int ret = creddy_id_generate(&m_id, cn, validity);
33	if (ret == CREDDY_GENERATE_INVALID_CN)
34	throw std::invalid_argument("CN must be alphanumeric and start with a letter");
35	if (ret == CREDDY_GENERATE_INVALID_VALIDITY)
36	throw std::invalid_argument("Validity must be > 0 days");
37	}
38
39	ID(const ID &id) { m_id = creddy_id_dup(id.m_id); }
40
41	~ID() { creddy_id_free(m_id); }
42
43	// load private key from a file
44	void load_privkey(char *filename) {
45	int ret = creddy_id_load_privkey(m_id, filename);
46	if (!ret)
47	throw std::invalid_argument("Could not load private key");
48	}
49
50	char *keyid() { return creddy_id_keyid(m_id); }
51	char *cert_filename() { return creddy_id_cert_filename(m_id); }
52	void write_cert(std::FILE *out) { creddy_id_write_cert(m_id, out); }
53	void write_cert(const std::string &name) {
54	std::FILE *out = fopen(name.c_str(), "w");
55	if (out == NULL)
56	throw std::invalid_argument("Could not open cert file for writing");
57	write_cert(out);
58	fclose(out);
59	}
60	// Simplifies access from swig
61	void write_cert(const char *n) {
62	write_cert(std::string(n));
63	}
64	char *privkey_filename() { return creddy_id_privkey_filename(m_id); }
65
66	// write the private ket
67	// throws a std::logic_error if no private key is loaded
68	void write_privkey(std::FILE *out) {
69	int ret = creddy_id_write_privkey(m_id, out);
70	if (!ret) throw new std::logic_error("No private key loaded");
71	}
72	void write_privkey(const std::string &name) {
73	std::FILE *out = fopen(name.c_str(), "w");
74	if (out == NULL)
75	throw std::invalid_argument("Could not open privkey file for writing");
76	write_privkey(out);
77	fclose(out);
78	}
79	// Simplifies access from swig
80	void write_privkey(const char *name) {
81	write_privkey(std::string(name));
82	}
83
84	abac_chunk_t cert_chunk() { return creddy_id_cert_chunk(m_id); }
85
86	friend class Attribute;
87
88	private:
89	creddy_id_t *m_id;
90	};
91
92	class Attribute {
93	public:
94	Attribute() : m_attr(NULL) { } // do not use: required by swig
95
96	// create a cert
97	Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) {
98	int ret = creddy_attribute_create(&m_attr, issuer.m_id, role, validity);
99	if (ret == CREDDY_ATTRIBUTE_ISSUER_NOKEY)
100	throw std::invalid_argument("Issuer has no private key");
101	if (ret == CREDDY_ATTRIBUTE_INVALID_ROLE)
102	throw std::invalid_argument("Role name must be alphanumeric");
103	if (ret == CREDDY_ATTRIBUTE_INVALID_VALIDITY)
104	throw std::invalid_argument("Validity must be > 0 days");
105	}
106
107	~Attribute() { creddy_attribute_free(m_attr); }
108
109	// these return false if there's a bad keyid or role name
110	// they'll throw a std::logic_error if the cert's been baked
111	bool principal(char *keyid) {
112	if (baked()) throw std::logic_error("Cert is already baked");
113	return creddy_attribute_principal(m_attr, keyid);
114	}
115	bool role(char keyid, char role) {
116	if (baked()) throw std::logic_error("Cert is already baked");
117	return creddy_attribute_role(m_attr, keyid, role);
118	}
119	bool linking_role(char keyid, char role, char *linked) {
120	if (baked()) throw std::logic_error("Cert is already baked");
121	return creddy_attribute_linking_role(m_attr, keyid, role, linked);
122	}
123
124	// returns false if there are no subjects or libstrongswan fails
125	// throws a std::logic_error if the cert's already been baked
126	bool bake() {
127	if (baked()) throw std::logic_error("Cert is already baked");
128	return creddy_attribute_bake(m_attr);
129	}
130
131	// returns true iff the cert's been baked
132	bool baked() { return creddy_attribute_baked(m_attr); }
133
134	// throws a std::logic_error if the cert isn't baked
135	void write(std::FILE *out) {
136	int ret = creddy_attribute_write(m_attr, out);
137	if (!ret) throw std::logic_error("Cert is not baked");
138	}
139
140	void write(const std::string &name) {
141	std::FILE *out = fopen(name.c_str(), "w");
142	if (out == NULL)
143	throw std::invalid_argument("Could not open cert file for writing");
144	write(out);
145	fclose(out);
146	}
147
148	// Simplifies access from swig
149	void write(const char *name) {
150	write(std::string(name));
151	}
152
153	// throws a std::logic_error if the cert isn't baked
154	abac_chunk_t cert_chunk() {
155	abac_chunk_t ret;
156	if (!baked()) throw new std::logic_error("Cert is not baked");
157	creddy_attribute_cert_chunk(m_attr, &ret);
158	return ret;
159	}
160
161	private:
162	creddy_attribute_t *m_attr;
163	};
164	}
165
166	#endif /* __CREDDY_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: