Context Navigation

source: doc/API

Last change on this file was 7764378, checked in by Mei <mei@…>, 11 years ago
1) tweak according valgrind's leak report
Property mode set to `100644`
File size: 12.9 KB

Line
1	C++ API
2
3	(see bottom for notes on C, Perl, Python and Java)
4
5	ABAC::abac_chunk_t
6	Structure, represents a blob of memory
7	used to load/return Identity credentials and Attribute certificates
8	-unsigned char *data
9	-int len
10
11	ABAC::Context
12	An ABAC Context
13
14	Context()
15	default constructor
16	(C:abac_context_new)
17
18	Context(const Context &)
19	copy constructor, used for cloning the context
20	(C:abac_context_dup)
21
22	~Context()
23	default destructor
24	(C:abac_context_free)
25
26	int load_id_file(char *)
27	load identity certificate from an id file
28	(C:abac_context_load_id_file)
29
30	int load_id_chunk(abac_chunk_t)
31	load id certificate from an chunk
32	(C:abac_context_load_id_chunk)
33
34	int load_id_id(ID&)
35	load id certificate from an existing ID
36	(C:abac_context_load_id_id)
37
38	int load_attribute_file(char *)
39	load attribute certificate from an id file.
40	(C:abac_context_load_attribute_file)
41
42	int load_attribute_chunk(abac_chunk_t)
43	load attribute certificate from an chunk
44	(C:abac_context_load_attribute_chunk)
45
46	returns :
47	ABAC_CERT_SUCCESS successfully loaded
48	ABAC_CERT_INVALID invalid certificate (or file not found)
49	ABAC_CERT_BAD_SIG invalid signature
50
51	void load_directory(char *)
52	load a directory full of certificates:
53
54	first: ${path}/NAME_ID.{der,pem} as identity certificates
55	implicitly looking for ${path}/NAME_private.{der,pem} as
56	the private key file
57	last: ${path}/NAME_attr.xml as attribute certificates
58	(C:abac_context_load_directory)
59
60	std::vector<Credential> query(char , char , bool &)
61	run the query:
62	role <-?- principal
63	returns true/false in success
64	returns a proof upon success, partial proof on failure
65	(C:abac_context_query)
66	(C::abac_free_credentials_free)
67
68	std::vector<Credential> credentials(bool &)
69	returns a vector of all the credentials loaded in the context
70	(C:abac_context_credentials)
71	(C::abac_context_credentials_free)
72
73	void set_nickname(char key, char nick)
74	Set the nickname (value printed) for keyid. The substitution is made
75	in Role::short_string(Context) and when bake(Context) is called on a new
76	attribute.
77	(C:abac_context_set_nickname)
78
79	ABAC::Role
80	A Role, most calls are rarely used outside the library
81
82	Role()
83	default constructor, do not use, for swig only
84
85	Role(abac_role_t*)
86	copy constructor, used for cloning an Role
87	(C:abac_role_dup)
88
89	Role(char *)
90	instantiate a role from a string
91	(C:abac_role_from_string)
92
93	Role(const Role &)
94	copy constructor, used for cloning an Role
95	(C:abac_role_dup)
96
97	~Role()
98	default destructor
99	(C:abac_role_free)
100
101	bool is_principal()
102	(C:abac_role_is_principal)
103
104	bool is_role()
105	(C:abac_role_is_role)
106
107	bool is_linking()
108	(C:abac_role_is_linking)
109	indicates the type of role encoded
110
111	char* string()
112	string representation of the role
113	(C:abac_role_string)
114
115	char* short_string()
116	string representation of the role
117	(C:abac_role_short_string)
118
119	char* linked_role()
120	the linked role of a linking role
121	i.e., A.r1.r2, linked_role() returns A.r1
122	(C:abac_role_linked_role)
123
124	char* role_name()
125	the role name of any role (the part after the last dot)
126	(C:abac_role_role_name)
127
128	char* principal()
129	the principal part of any role
130	(C:abac_role_principal)
131
132	ABAC::Credential
133	This is never instantiated directly. These will only ever be
134	returned as a result of calls to Context::query or
135	Context::credentials.
136
137	Credential()
138	default constructor, do not use, for swig only
139
140	Credential(abac_credential_t*)
141	copy constructor, used for cloning a credential
142	(C:abac_credential_head)
143	(C:abac_credential_tail)
144	(C:abac_credential_dup)
145
146	Credential(const Credential&)
147	copy constructor, used for cloning a credential
148	(C:abac_credential_head)
149	(C:abac_credential_tail)
150	(C:abac_credential_dup)
151
152	~Credential()
153	default destructor
154	(C:abac_credential_free)
155
156	Role &head()
157	returns the head of the credential
158
159	Role &tail()
160	returns the tail of the credential
161
162	abac_chunk_t attribute_cert()
163	returns the attribute certificate in chunk, suitable for
164	transmission over the network or storage in a file
165	(C:abac_credential_attribute_cert)
166
167	abac_chunk_t issuer_cert()
168	returns the issuer certificate in chunk, again suitable for
169	network transmission or file storage
170	(C:abac_credential_issuer_cert)
171
172	ABAC::ID
173	An ID holds a principal credential. It maybe imported from an existing
174	ID credential via external files, constructed from a streaming chunk,
175	or instantiated on the fly
176
177	ID()
178	default constructor, do not use, for swig only
179
180	ID(const ID &)
181	copy constructor, used for cloning an ID
182	(C:abac_id_dup)
183
184	~ID()
185	default destructor
186	(C:abac_id_free)
187
188	ID(char *)
189	load an ID certificate from a file, will throw an exception
190	if the certificate cannot be loaded
191	(C:abac_id_from_file)
192
193	ID_chunk(abac_chunk_t chunk)
194	create an ID certificate from an certificate chunk, will
195	throw an exception if the certificate cannot be loaded
196	(C:abac_id_from_chunk)
197
198	ID(char *,int)
199	generates a new ID(cert&key) with the supplied CN and validity period
200	- CN must be alphanumeric and begin with a letter
201	- validity must be at least one second
202	will throw an exception if either of the above is violated
203	(C:abac_id_generate)
204
205	void load_privkey(char *)
206	loads the private key associated with the ID credential,
207	will throw an exception if the key cannot be loaded
208	(C:abac_id_privkey_from_file)
209
210	void load_privkey_chunk(abac_chunk_t)
211	loads the private key associated with the ID credential,
212	will throw an exception if the key cannot be loaded
213	(C:abac_id_privkey_from_chunk)
214
215	int has_privkey()
216	check to see if there is a privkey in this ID
217	(C:abac_id_has_privkey)
218
219	char *keyid()
220	returns the SHA1 keyid of the id cert
221	(C:abac_id_keyid)
222
223	char *cn()
224	returns the cn of the id cert
225	(C:abac_id_cn)
226
227	char *cert_filename()
228	returns the default libabac filename for the cert.
229	value must be freed by caller.
230	(C:abac_id_cert_filename)
231
232	void write_cert(FILE *)
233	writes a PEM-encoded certificate to a file handle
234	(C:abac_id_write_cert)
235
236	void write_cert(string &)
237	writes a PEM-encoded certificate to a file named in string
238
239	void write_cert_file(const char *)
240	writes a PEM-encoded certificate to a file
241
242	void write_cert_name(const char *)
243	writes a PEM-encoded certificate to a file
244	(added to support original libcreddy users)
245
246	char *privkey_filename()
247	returns the default libabac filename for the private key.
248	value must be freed by caller.
249	(C:abac_id_privkey_filename)
250
251	void write_privkey(FILE *)
252	write the private key to a file handle
253	throws a std::logic_error if no private key is loaded
254	(C:abac_id_write_privkey)
255
256	void write_privkey(string &)
257	writes a private key to file named in string
258
259	void write_privkey_file(const char *)
260	writes a private key to a file
261
262	void write_privkey_name(const char *)
263	writes a private key to a file
264	(added to support original libcreddy users)
265
266	abac_chunk_t cert_chunk()
267	returns a DER-encoded binary representation of the X.509 ID cert
268	associated with this ID.
269	can be passed to libabac's Context::load_id_chunk()
270	(C:abac_id_cert_chunk)
271
272	abac_chunk_t privkey_chunk()
273	returns a PEM-encoded binary representation of the private key
274	associated with this ID.
275	(C:abac_id_privkey_chunk)
276
277	ABAC::Attribute
278	This is the attribute representation for the access policy rule
279	LHS <- RHS
280	The sequence of generation is to
281	first, instantiate the object, ie, LHS (head)
282	second, adding subject(s) to it, ie, RHS (tail)
283	and then baking it.
284	Only once it's baked can you access the X.509 cert.
285	Once it's been baked you can no longer add subjects to it
286
287	Attribute()
288	default constructor, do not use, for swig only
289
290	~Attribute()
291	default destructor
292	(C:abac_attribute_free)
293
294	Attribute(ID&, char*,int)
295	constructor that creates an attribute policy to be signed by the issuer
296	with the given role with a specified validity period
297	An exception will be thrown if:
298	- the issuer has no private key
299	- the Head role is invalid
300	- the validity period is invalid (must be >= 0 second)
301	- The issuer is invalid
302	(C:abac_attribute_create)
303
304	bool principal(char *keyid)
305	{keyid}
306	validate the principal and insert into the attribute
307	throw a std::logic_error if the cert's been baked and keyid bad
308	(C:abac_attribute_principal)
309
310	bool role(char keyid, char role)
311	{keyid.role}
312	validate the principal and role and insert into the attribute
313	throw a std::logic_error if the cert's been baked and keyid bad
314	(C:abac_attribute_role)
315
316	bool linking_role(char keyid, char role, char *linked)
317	{keyid.linked.role}
318	validate the role and linking role and insert into the attribute
319	throw a std::logic_error if the cert's been baked and keyid bad
320	(C:abac_attribute_linking_role)
321
322	bool bake()
323	Generate the cert. Call this after you've added subjects to your cert.
324	This returns false if there are no subjects
325	This will throw an exception if the cert's already been baked.
326	(C:abac_attribute_bake)
327
328	bool bake(Context c)
329	Generate the cert. Call this after you've added subjects to your cert.
330	This returns false if there are no subjects
331	This will throw an exception if the cert's already been baked.
332	This version annotated the baked credential with any mnemonic names in the
333	context.
334	(C:abac_attribute_bake_context)
335
336	bool baked()
337	returns true iff the certificate has been baked.
338	(C:abac_attribute_baked)
339
340	set_output_format(char *fmt)
341	{fmt}
342	Set the attribute's output format. Valid choices are GENIv1.0 and
343	GENIV1.1. Default is GENIv1.1.
344
345	get_output_format(char *fmt)
346	Get the attribute's output format. Do not delete the string/
347
348	void write(FILE *)
349	write an attribute certificate in XML to an open file handle
350	Throws an exception if the certificate isn't baked
351	(C:abac_attribute_write)
352
353	void write(const string&)
354	write an attribute certificate in XML to file named in string
355
356	void write_file(const char *)
357	write an attribute certificate in XML to file
358
359	void write_name(const char *)
360	write an attribute certificate in XML to file
361	(added to support original libcreddy users)
362
363	abac_chunk_t cert_chunk()
364	returns a XML structure of the attribute certificate in a abac_chunk_t
365	Throws an exception if the certificate isn't baked
366	the chunk can be passed to libabac's Context::load_attribute_chunk()
367	(C:abac_attribute_cert_chunk)
368	C API
369
370	The C API is nearly identical to the C++ API. Due to lack of namespaces,
371	all function names are preceeded by abac_. Furthermore, the parameter
372	representing the object must be passed explicitly. Each of the C++ calls
373	are appended with a matching C routine call. The C function declaration
374	can be found in abac.h
375
376	Examples:
377
378	C++: head.role_name()
379	C: abac_role_name(head)
380	or
381	C++: ctxt.load_attribute_file("test_attr.der")
382	C: abac_context_load_attribute_file(ctxt, "test_attr.der")
383
384	Instead of copy constructors, the C API uses _dup. Therefore,
385	to copy a role use abac_role_dup(m_role),
386	to copy a context use abac_context_dup(m_ctxt),
387	to copy a ID use abac_id_dup(m_id)
388	and to copy an attribute use abac_attribute_dup(m_attr)
389
390	abac_context_query() and abac_context_credentials() return
391	NULL-terminated arrays of Credential objects (abac_credential_t * in C).
392	When you are done with them, you must free the whole array at once using
393	abac_context_credentials_free().
394
395	PERL, PYTHON AND JAVA API
396
397	The Perl, Python and Java APIs are even more similar to the C++ API. The main
398	changes are the use of native types instead of C/C++ types.
399
400	- native strings instead of char *
401
402	Java:
403	- String instead of char *
404	- Context::query returns a vector of Credentials:
405	credentials = ctxt.query(role, principal)
406	success if credentials' size is > 0
407
408	Perl:
409	- arrayref instead of vector
410	- string instead of chunk_t
411	- Context::query returns a list of two elements:
412	my ($success, $credentials) = $ctxt->query($role, $principal)
413	$success is a boolean
414	$credentials is an arrayref of Credential objects
415
416	Python:
417	- tuple instead of vector
418	- bytearray instead of chunk_t (>= 2.6)
419	- string instead of chunk_t (< 2.6)
420	- Context::query returns a tuple with two elements:
421	(success, credentials) = ctxt.query(role, principal)
422	success is a boolean
423	credentials is a tuple of Credential objects
424

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format