Context Navigation

source: doc/ABAC.hh @ 3c30b59

abac0-leakabac0-mei

Last change on this file since 3c30b59 was 3c30b59, checked in by Mei <mei@…>, 11 years ago
1) add in new refactored regression testing directory 2) undo the abac.hh/ABAC.hh api changes 3) merged with Ted's changes to attribute format/nickname/issuer processing
Property mode set to `100644`
File size: 11.5 KB

Line
1	#ifndef __ABAC_HH__
2	#define __ABAC_HH__
3
4	#include <cstdio>
5	#include <stdexcept>
6	#include <string>
7	#include <vector>
8
9	namespace ABAC {
10	extern "C" {
11	#include "abac.h"
12	}
13
14	class Attribute;
15	class ID;
16	class Role;
17	class Credential;
18
19	class Context {
20	public:
21	Context() { m_ctx = abac_context_new(); }
22	Context(const Context &context) { m_ctx = abac_context_dup(context.m_ctx); }
23	~Context() { abac_context_free(m_ctx); }
24
25	int load_id_file(char *filename) { return abac_context_load_id_file(m_ctx, filename); }
26	int load_id_chunk(abac_chunk_t cert) { return abac_context_load_id_chunk(m_ctx, cert); }
27	int load_attribute_file(char *filename) { return abac_context_load_attribute_file(m_ctx, filename); }
28	int load_attribute_chunk(abac_chunk_t cert) { return abac_context_load_attribute_chunk(m_ctx, cert); }
29
30	void load_directory(char *path) { abac_context_load_directory(m_ctx, path); }
31
32
33	/* abac query, returns a vector of credentials on success, NULL on fail */
34	std::vector<Credential> query(char role, char principal, bool &success) {
35	abac_credential_t creds, end;
36	int i, success_int;
37	creds = abac_context_query(m_ctx, role, principal, &success_int);
38	success = success_int;
39
40	for (i = 0; creds[i] != NULL; ++i)
41	;
42
43	end = &creds[i];
44	std::vector<Credential> credentials = std::vector<Credential>(creds, end);
45	abac_context_credentials_free(creds);
46	return credentials;
47	}
48	std::vector<Credential> credentials() {
49	abac_credential_t creds, end;
50	int i;
51
52	creds = abac_context_credentials(m_ctx);
53	for (i = 0; creds[i] != NULL; ++i)
54	;
55
56	end = &creds[i];
57	std::vector<Credential> credentials = std::vector<Credential>(creds, end);
58
59	abac_context_credentials_free(creds);
60	return credentials;
61	}
62	void set_nickname(char key, char nick) {
63	abac_context_set_nickname(m_ctx, key, nick);
64	}
65	private:
66	abac_context_t *m_ctx;
67	friend class Role;
68	friend class Attribute;
69	};
70
71	class Role {
72	public:
73	Role() : m_role(NULL) { } // do not use: here for swig
74	Role(abac_role_t *role) { m_role = abac_role_dup(role); }
75	Role(char *role_name) { m_role = abac_role_from_string(role_name); }
76	Role(const Role &role) { m_role = abac_role_dup(role.m_role); }
77	~Role() { abac_role_free(m_role); }
78	bool is_principal() const { return abac_role_is_principal(m_role); }
79	bool is_role() const { return abac_role_is_role(m_role); }
80	bool is_linking() const { return abac_role_is_linking(m_role); }
81
82	char *string() const { return abac_role_string(m_role); }
83	char *short_string(Context& c) const {
84	return abac_role_short_string(m_role, c.m_ctx);
85	}
86	char *linked_role() const { return abac_role_linked_role(m_role); }
87	char *role_name() const { return abac_role_role_name(m_role); }
88	char *principal() const { return abac_role_principal(m_role); }
89
90	private:
91	abac_role_t *m_role;
92	};
93
94	class Credential {
95	public:
96	Credential() : m_cred(NULL) { } // do not use: here for swig
97	Credential(abac_credential_t *cred) :
98	m_head(abac_credential_head(cred)),
99	m_tail(abac_credential_tail(cred)),
100	m_cred(abac_credential_dup(cred))
101	{ }
102	Credential(const Credential &cred) :
103	m_head(cred.m_head),
104	m_tail(cred.m_tail),
105	m_cred(abac_credential_dup(cred.m_cred))
106	{ }
107	~Credential() { abac_credential_free(m_cred); }
108	const Role &head() { return m_head; }
109	const Role &tail() { return m_tail; }
110	abac_chunk_t attribute_cert() { return abac_credential_attribute_cert(m_cred); }
111	abac_chunk_t issuer_cert() { return abac_credential_issuer_cert(m_cred); }
112
113	private:
114	abac_credential_t *m_cred;
115	Role m_head, m_tail;
116	};
117
118
119	class ID {
120	public:
121	ID() : m_id(NULL) { } // do not use: required by swig
122	ID(const ID &id) { m_id = abac_id_dup(id.m_id); }
123	~ID() { abac_id_free(m_id); }
124
125	ID(char *filename) : m_id(NULL) {
126	m_id = abac_id_from_file(filename);
127	if (m_id == NULL)
128	throw std::invalid_argument("Could not load ID cert");
129	}
130
131	ID(abac_chunk_t chunk) : m_id(NULL) {
132	m_id = abac_id_from_chunk(chunk);
133	if (m_id == NULL)
134	throw std::invalid_argument("Could not load ID certificate with a chunk");
135	}
136	ID(char *cn, int validity) : m_id(NULL) {
137	int ret = abac_id_generate(&m_id, cn, validity);
138	if (ret == ABAC_GENERATE_INVALID_CN)
139	throw std::invalid_argument("CN must be alphanumeric and start with a letter");
140	if (ret == ABAC_GENERATE_INVALID_VALIDITY)
141	throw std::invalid_argument("Validity must be > 0 days");
142	}
143	void load_privkey(char *filename) {
144	int ret = abac_id_privkey_from_file(m_id, filename);
145	if (ret != ABAC_SUCCESS)
146	throw std::invalid_argument("Could not load private key");
147	}
148	void load_privkey_chunk(abac_chunk_t chunk) {
149	int ret = abac_id_privkey_from_chunk(m_id, chunk);
150	if (ret != ABAC_SUCCESS)
151	throw std::invalid_argument("Could not load private key with a chunk");
152	}
153	int has_privkey() {
154	int ret= abac_id_has_privkey(m_id);
155	return ret;
156	}
157	char *keyid() { return abac_id_keyid(m_id); }
158	char *cert_filename() { return abac_id_cert_filename(m_id); }
159	void write_cert(FILE *out) { abac_id_write_cert(m_id, out); }
160	void write_cert(const std::string &name) {
161	FILE *out = fopen(name.c_str(), "a+");
162	if (out == NULL)
163	throw std::invalid_argument("Could not open certificate file for writing");
164	write_cert(out);
165	fclose(out);
166	}
167	// Simplifies access from swig
168	void write_cert_file(const char *n) {
169	write_cert(std::string(n));
170	}
171	void write_cert_name(const char *n) {
172	write_cert(std::string(n));
173	fprintf(stderr,"ABAC::ID::write_cert_name is deprecated, please use ABAC::ID::write_cert_name\n");
174	}
175	char *privkey_filename() { return abac_id_privkey_filename(m_id); }
176	void write_privkey(FILE *out) {
177	int ret = abac_id_write_privkey(m_id, out);
178	if (ret!=ABAC_SUCCESS) throw std::logic_error("No private key loaded");
179	}
180	void write_privkey(const std::string &name) {
181	FILE *out = fopen(name.c_str(), "a+");
182	if (out == NULL)
183	throw std::invalid_argument("Could not open privkey file for writing");
184	write_privkey(out);
185	fclose(out);
186	}
187	// Simplifies access from swig
188	void write_privkey_file(const char *name) {
189	write_privkey(std::string(name));
190	}
191	void write_privkey_name(const char *name) {
192	write_privkey(std::string(name));
193	fprintf(stderr,"ABAC::ID::write_privkey_name is deprecated, please use ABAC::ID::write_privkey_file\n");
194	}
195	abac_chunk_t cert_chunk() { return abac_id_cert_chunk(m_id); }
196	abac_chunk_t privkey_chunk() { return abac_id_privkey_chunk(m_id); }
197
198	friend class Attribute;
199
200	private:
201	abac_id_t *m_id;
202	};
203
204	class Attribute {
205	public:
206	Attribute() : m_attr(NULL) { } // do not use: required by swig
207	~Attribute() { abac_attribute_free(m_attr); }
208
209	Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) {
210	int ret = abac_attribute_create(&m_attr, issuer.m_id, role, validity);
211	if (ret == ABAC_ATTRIBUTE_ISSUER_NOKEY)
212	throw std::invalid_argument("Issuer has no private key");
213	if (ret == ABAC_ATTRIBUTE_INVALID_ROLE)
214	throw std::invalid_argument("Role name must be alphanumeric");
215	if (ret == ABAC_ATTRIBUTE_INVALID_VALIDITY)
216	throw std::invalid_argument("Validity must be > 0 days");
217	if (ret == ABAC_ATTRIBUTE_INVALID_ISSUER)
218	throw std::invalid_argument("Issuer's validity expired");
219	}
220
221
222	bool principal(char *keyid) {
223	if (baked()) throw std::logic_error("Cert is already baked");
224	return abac_attribute_principal(m_attr, keyid);
225	}
226	bool role(char keyid, char role) {
227	if (baked()) throw std::logic_error("Cert is already baked");
228	return abac_attribute_role(m_attr, keyid, role);
229	}
230	bool linking_role(char keyid, char role, char *linked) {
231	if (baked()) throw std::logic_error("Cert is already baked");
232	return abac_attribute_linking_role(m_attr, keyid, role, linked);
233	}
234	bool bake() {
235	if (baked()) throw std::logic_error("Cert is already baked");
236	return abac_attribute_bake(m_attr);
237	}
238
239	bool bake(Context& c) {
240	if (baked()) throw std::logic_error("Cert is already baked");
241	return abac_attribute_bake_context(m_attr, c.m_ctx);
242	}
243
244	bool baked() { return abac_attribute_baked(m_attr); }
245
246	void set_output_format(char *fmt) {
247	abac_attribute_set_output_format(m_attr, fmt);
248	}
249
250	char *get_output_format() {
251	return abac_attribute_get_output_format(m_attr);
252	}
253
254	void write(FILE *out) {
255	int ret = abac_attribute_write(m_attr, out);
256	if (ret!=ABAC_SUCCESS) throw std::logic_error("Cert is not baked");
257	}
258	void write(const std::string &name) {
259	FILE *out = fopen(name.c_str(), "w");
260	if (out == NULL)
261	throw std::invalid_argument("Could not open certificate file for writing");
262	write(out);
263	fclose(out);
264	}
265	void write_file(const char *name) {
266	int ret = abac_attribute_write_file(m_attr, name);
267	if (ret!=ABAC_SUCCESS) throw std::logic_error("Cert is not baked");
268	}
269	void write_name(const char *name) {
270	write_file(name);
271	fprintf(stderr,"ABAC::Attribute::write_name is deprecated, please use ABAC::Attribute::write_name\n");
272	}
273	abac_chunk_t cert_chunk() {
274	abac_chunk_t ret=abac_attribute_cert_chunk(m_attr);
275	if(ret.len == 0)
276	throw std::logic_error("Cert is not baked");
277	return ret;
278	}
279
280	private:
281	abac_attribute_t *m_attr;
282	};
283	}
284
285	#endif /* __ABAC_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: