source: doc/API @ 89146cf

mei_rt2mei_rt2_fix_1
Last change on this file since 89146cf was 4a72b30, checked in by Mei <mei@…>, 12 years ago

1) add more doc for java

  • Property mode set to 100644
File size: 23.9 KB
RevLine 
[58ba801]1C++ API
2
[4a72b30]3(see bottom for notes on C, Perl, Python and Java)
[fe5682f]4
5ABAC::abac_chunk_t
[5d06689]6   Structure, represents a blob of memory
7   used to load/return DER-encoded X509 certificates
8     -unsigned char *data
9     -int len
[fe5682f]10
[5d06689]11ABAC::Constraint
12   Constraint on a data term.
13   There are 3 types:
14     - Role constraint on a principal
15     - Oset constraint on a principal, or a data object
16     - Range/List constraint on a data object
17   It holds a ptr to a abac_condition_t structure
[fe5682f]18
[5d06689]19   Constraint()
20     default constructor, do not use, for swig only
21
22   Constraint(const Constraint &)
23     copy constructor, used for cloning a constraint
24
25   ~Constraint()
26     default destructor
27
28   Constraint(Role &)
29     constructor that takes a constraining role
30       [role:?R[{role-constraint}]
[669b481]31     (C:abac_constraint_from_role)
[5d06689]32
33   Constraint(Oset &)
34     constructor that takes a constraining oset
35       [oset:?O[{oset-constraint}]
36       [urn:?F[keyid:$alpha_keyid].oset:documents([string:?P])]
[669b481]37     (C:abac_constraint_from_oset)
[5d06689]38
39   Constraint(char *)
40     constructor that takes one of following string
41     as its vartype to set up a range constraint:
42       "integer"
43       "urn"
44       "float"
45       "boolean"
46       "time"
47       "string"
48     it should be followed with one or many of following utility
49     calls.
[669b481]50     (C:abac_constraint_create)
[5d06689]51
52   void constraint_add_integer_max(int)
[669b481]53     (C:abac_constraint_add_integer_max)
[5d06689]54   void constraint_add_integer_min(int)
55     utility routines to setup a integer range constraint
56       [integer:?I[10 .. 20]]
[669b481]57     (C:abac_constraint_add_integer_min)
[5d06689]58
59   void constraint_add_integer_target(int)
60     utility routine to setup a integer list constraint
61       [integer:?I[10,20]]
[669b481]62     (C:abac_constraint_add_integer_target)
[5d06689]63
64   void constraint_add_float_max(float)
[669b481]65     (C:abac_constraint_add_float_max)
[5d06689]66   void constraint_add_float_min(float)
67     utility routines to setup a float range constraint
68       [float:?F[1.0 .. 2.5]]
[669b481]69     (C:abac_constraint_add_float_min)
[5d06689]70
71   void constraint_add_float_target(float)
72     utility routine to setup a float list constraint
73       [float:?F[0.5, 2.5]]
[669b481]74     (C:abac_constraint_add_float_target)
[5d06689]75
76   void constraint_add_time_max(char*)
[669b481]77     (C:abac_constraint_add_time_max)
[5d06689]78   void constraint_add_time_min(char*)
79     utility routines to setup a time range constraint,
80     takes quoted string values, beyond T is optional
81       [time:?F["20120228T" .. "20120228T090000"]]
[669b481]82     (C:abac_constraint_add_time_min)
[5d06689]83
84   void constraint_add_time_target(char*)
85     utility routine to setup a time list constraint
86       [time:?M["20201101T182930","20201101T"]]
[669b481]87     (C:abac_constraint_add_time_target)
[5d06689]88
89   void constraint_add_urn_target(char*)
90     utility routine to setup a an urn list constraint
91       [urn:?U["fileA","http://fileB"]]
[669b481]92     (C:abac_constraint_add_urn_target)
[5d06689]93
94   void constraint_add_string_target(char*)
95     utility routine to setup a a string list constraint
96       [string:?S["abc",'efg',"hij"]]
[669b481]97     (C:abac_constraint_add_string_target)
[5d06689]98
99   void constraint_add_boolean_target(char*)
100     utility routine to setup a a boolean list constraint
101       [boolean:?B['true']]
[669b481]102     (C:abac_constraint_add_boolean_target)
[5d06689]103
104   char *string() const
105     returns literal string of the constraint
[669b481]106     (C:abac_constraint_string)
[5d06689]107
108   char *typed_string() const
109     returns typed literal string of the constraint
[669b481]110     (C:abac_constraint_typed_string)
[5d06689]111
112ABAC::DataTerm
113   A data term is associated with Role or Oset as a parameter that
114   maybe be instantiated, or uninstantiated but being constrained,
115   or as a principal oset term (standalone right handside of an oset
[669b481]116   policy rule).  It holds a pointer to a abac_term_t structure.
117   Types of data terms are:
118     "integer"
119     "urn"
120     "float"
121     "boolean"
122     "string"
123     "time"
124     "principal"
125     "anonymous"
[5d06689]126
127   DataTerm()
128     default constructor, do not use, for swig only
129
130   DataTerm(const DataTerm &)
131     copy constructor, used for cloning a data term
132
133   ~DataTerm()
134     default destructor
135
136   DataTerm(char*)
137     constructor to make named principal data term for the oset RHS
138     (C: abac_term_named_create)
139
[669b481]140   DataTerm(const ID&)
141     constructor to make named principal data term for parameter term
142     (C: abac_term_id_create)
143
[5d06689]144   DataTerm(char*, char*, Constraint*)
145     constructor for making a variable data term
146     (C: abac_term_create)
147
148   DataTerm(char*, char*)
149     constructor for making an instantiated data term
150     (C: abac_term_create)
151
152   char *string() const
153     returns literal string of the data term
[669b481]154     (C:abac_term_string)
[5d06689]155
156   char *typed_string() const
157     returns typed literal string of the data term
[669b481]158     (C:abac_term_typed_string)
[5d06689]159
160   bool term_is_time() const
[669b481]161     (C:abac_term_is_time)
[5d06689]162   bool term_is_string() const
[669b481]163     (C:abac_term_is_string)
[5d06689]164   bool term_is_urn() const
[669b481]165     (C:abac_term_is_urn)
[5d06689]166   bool term_is_integer() const
[669b481]167     (C:abac_term_is_integer)
[5d06689]168     returns true if data term is of certain type
169
170   int term_add_constraint(Contraint&)
171     utiltiy routine to add a constraint to this data term
[669b481]172     (C:abac_term_add_constraint)
[5d06689]173
174   int term_type() const
175     returns subtype of the data term
[669b481]176     (C:abac_term_type)
[5d06689]177
178   char *term_name() const
179     returns the name of the data term
[669b481]180     (C:abac_term_name)
[fe5682f]181
182ABAC::Role
[5d06689]183   A Role is role specification of a set of entitities for a principal
184
185   Role()
186     default constructor, do not use, for swig only
187
188   Role(const Role &)
189     copy constructor, used for cloning a role
190
191   ~Role()
192     default destructor
193
194   Role(char*)
195     constructor that builds a bare bone role with just principal's name
[669b481]196     (C:abac_role_principal_create)
[5d06689]197
198   Role(char*, char*)
199     constructor that builds a bare bone role with just principal's name
200     and a role name
[669b481]201     (C:abac_role_create)
202
203   Role(char*, char*, char*)
204     constructor that builds a bare bone role with just principal's name
205     and a linking role name and a role name
206     (C:abac_role_linked_create)
[5d06689]207
208   bool role_is_principal() const
209     return true if the role is a principal object(made from
210     a data term), the right hand side of,
211       [keyid:A].role:r <- [keyid:B]
[669b481]212     (C:abac_role_is_principal)
[5d06689]213
214   bool role_is_linking() const
215     returns true if the role is a linking role like
216     the right hand side of,
217       [keyid:A].role:r1 <- [keyid:B].role:r2.role:r3
[669b481]218     (C:abac_role_is_linking)
[5d06689]219
220   char *string() const
221     returns literal string of the role
[669b481]222     (C:abac_role_string)
[5d06689]223
224   char *typed_string() const
225     returns typed literal string of the role
[669b481]226     (C:abac_role_typed_string)
[5d06689]227
228   char *role_linked_role() const
229     returns linked part of a linking role, for
230       [keyid:A].role:r1.role:r2, it returns r1
[669b481]231     (C:abac_role_linked_role)
[5d06689]232
233   char *role_name() const
234     returns the role name of any role (the part after the last dot)
235       [keyid:A].role.r1.role:r2, it returns r2
236       [keyid:A].role.r1, it returns r1
[669b481]237     (C:abac_role_name)
[5d06689]238
239   char *role_principal() const
240     returns the principal of role (the part before the first dot)
241       [keyid:A].role.r1, it returns A
[669b481]242     (C:abac_role_principal)
[5d06689]243
244   void role_add_data_term(DataTerm&)
245     add a data term to the role
[669b481]246     (C:abac_role_add_data_term)
[5d06689]247
248   std::vector<DataTerm> get_data_terms(bool &)
249     return the data terms bound to this role.
[669b481]250     (C:abac_role_get_data_terms)
[5d06689]251
252   void role_add_linked_data_term(DataTerm&)
253     add a data term to the linking role
[669b481]254     (C:abac_role_add_linked_data_term)
[5d06689]255
256   std::vector<DataTerm> get_linked_data_terms(bool &)
257     return the data terms bound to this role's linking role.
[669b481]258     (C:abac_role_get_linked_data_terms)
[5d06689]259
260ABAC::Oset
261   An Oset is oset specification of a set of entitities for a principal
262
263   Oset()
264     default constructor, do not use, for swig only
265
266   Oset(const Oset &)
267     copy constructor, used for cloning an oset
268
269   ~Oset()
270     default destructor
271
272   Oset(char *)
273     constructor that makes a principal oset, ie [keyid:B]
[669b481]274     (C:abac_role_principal_create)
[5d06689]275
276   Oset(char *, char *)
277     constructor that makes a regular oset, ie. [keyid:B].oset:o
[669b481]278     (C:abac_role_create)
279
280   Oset(char *, char*, char *)
281     constructor that makes a linked oset, ie. [keyid:B].role:r.oset:o
282     (C:abac_oset_linked_create)
[5d06689]283
284   Oset(DataTerm&)
285     constructor that makes an object oset, ie. [urn:'file/fileA']
[669b481]286     (C:abac_oset_object_create)
[5d06689]287
288   bool oset_is_object(), ie <- [integer:10]
289     return ture if this oset is an object oset
[669b481]290     (C:abac_oset_is_object)
[5d06689]291
292   bool oset_is_principal() const
293     return true if the oset is a principal object(made from
294     a data term), the right hand side of,
295       [keyid:A].oset:o <- [keyid:B]
[669b481]296     (C:abac_oset_is_principal)
[5d06689]297
298   bool oset_is_linking() const
299     returns true if the oset is a linking oset like
300     the right hand side of,
301       [keyid:A].oset:o1 <- [keyid:B].role:r1.oset:o2
[669b481]302     (C:abac_oset_is_linking)
[5d06689]303
304   char *string() const
305     returns literal string of the oset
[669b481]306     (C:abac_oset_string)
[5d06689]307
308   char *typed_string() const
309     returns typed literal string of the oset
[669b481]310     (C:abac_oset_typed_string)
[5d06689]311
312   char *oset_linked_role() const
313     returns linked part of a linking oset, for
314       [keyid:A].role:r1.oset:o1, it returns r1
[669b481]315     (C:abac_oset_linked_role)
[5d06689]316
317   char *oset_name() const
318     returns oset name,
319       [keyid:A].role:r1.oset:o1, it returns o1
320       [keyid:A].oset:o1, it returns o1
[669b481]321     (C:abac_oset_name)
[5d06689]322
323   char *oset_principal() const
324     returns principal name,
325       [keyid:A].role:r1.oset:o1, it returns A
[669b481]326     (C:abac_oset_principal)
[5d06689]327
328   char *oset_object() const
329     returns object's name when the oset is a principal object
330       [keyid:A].oset:values <- [integer:10], it returns 10
[669b481]331     (C:abac_oset_object)
[5d06689]332
333   void add_data_term(DataTerm&)
334     add a data term to this oset's parameter set
[669b481]335     (C:abac_oset_add_data_term)
[5d06689]336
337   std::vector<DataTerm> get_data_terms(bool &)
338     returns the data terms bound to this oset. 
[669b481]339     (C:abac_oset_get_data_terms)
[5d06689]340
341   void oset_add_linked_data_term(DataTerm&)
342     add a data term to this oset's linking role's parameter set.
[669b481]343     (C:abac_oset_add_linked_data_term)
[5d06689]344
345   std::vector<DataTerm> get_linked_data_terms(bool &)
346     returns the data terms bound to this oset's linking role. 
[669b481]347     (C:abac_oset_get_linked_data_terms)
[5d06689]348
349ABAC::ID
350   An ID holds a principal credential. It maybe imported from an existing
351   ID credential via external files, constructed from a streaming chunk,
352   or instantiated on the fly 
353
354   ID()
355     default constructor, do not use, for swig only
356
357   ID(const ID &)
358     copy constructor, used for cloning an ID
359
360   ~ID()
361     default destructor
362
363   ID(char *)
364     load an ID cert from a file, will throw an exception
365     if the cert cannot be loaded
[669b481]366     (C:abac_id_from_file)
[5d06689]367
[dfe6b61]368   ID_chunk(abac_chunk_t chunk)
[09496b3]369     create an ID cert from an cert chunk, will
370     throw an exception if the cert cannot be loaded
371     (C:abac_id_from_chunk)
372
[5d06689]373   ID(char *,int)
[ba6027a]374     generates a new ID(cert&key) with the supplied CN and validity period
[5d06689]375     - CN must be alphanumeric and begin with a letter
376     - validity must be at least one second
377     will throw an exception if either of the above is violated
[669b481]378     (C:abac_id_generate)
[5d06689]379
[ba6027a]380   ID(char *,int, char*, char*)
381     generates a new ID from a supplied CN, keyfile, passphrase(optional) file
382     and validity period
383     - CN must be alphanumeric and begin with a letter
384     - validity must be at least one second
385     will throw an exception if either of the above is violated
386     (C:abac_id_generate_with_key)
387
[5d06689]388   void id_load_privkey_file(char *)
[ba6027a]389     loads the private key associated with the ID credential,
[5d06689]390     will throw an exception if the key cannot be loaded
[669b481]391     (C:abac_id_load_privkey_file)
[5d06689]392
[ba6027a]393   void id_load_encrypted_privkey_file(char *, char*)
394     loads an encrypted private key and pfile associated with the
395     ID credential, will throw an exception if the key cannot be loaded
396     (C:abac_id_load_enc_privkey_file)
397
[5d06689]398   char *id_keyid()
399     returns the SHA1 keyid of the id cert
[669b481]400     (C:abac_id_keyid)
[5d06689]401
402   char *id_name()
403     returns the CN (the parameter passed to the constructor or the
404     CN of the cert).
[669b481]405     (C:abac_id_cn)
[5d06689]406
407   bool id_has_privkey()
408     returns true if the ID has an associated private key
[669b481]409     (C:abac_id_has_privkey)
[5d06689]410
411   void id_write_cert(FILE *)
412     writes a PEM-encoded cert to the file handle
[669b481]413     (C:abac_id_write_cert)
[5d06689]414
415   void id_write_cert(char *)
416     writes a PEM-encoded cert to a file named out
[669b481]417     (C:abac_id_write_cert_fname)
[5d06689]418
419   void id_write_privkey(FILE *)
420     writes a PEM-encoded private key to the file handle
421     throws an exception if no private key is loaded
[669b481]422     (C:abac_id_write_privkey)
[5d06689]423
424   void id_write_privkey(char *)
425      writes a PEM-encoded private key a file named out
426      throws an exception if no private key is loaded
[669b481]427     (C:abac_id_write_privkey_fname)
[5d06689]428
429   abac_chunk_t id_cert_chunk()
430     returns a DER-encoded binary representation of the X.509 ID cert
431     associated with this ID.
432     can be passed to libabac's Context::load_id_chunk()
[669b481]433     (C:abac_id_cert_chunk)
[5d06689]434
[9b43fc3]435   abac_chunk_t id_privkey_chunk()
436     returns a PEM-encoded binary representation of the private key
437     associated with this ID.
438     can be passed to libabac's Context::load_id_chunks()
439     (C:abac_id_privkey_chunk)
440
[5d06689]441   char *string()
442     returns literal string of the id credential
[669b481]443     (C:abac_id_string)
[5d06689]444
445ABAC::Attribute
446   This is the attribute representation for the access policy rule
447       LHS <- RHS
448   The sequence of generation is to
449       first, instantiate the object, ie, LHS (head)
450       second, adding subject(s) to it, ie, RHS (tail)
451       and then baking it.
452   Only once it's baked can you access the X.509 cert.
453   Once it's been baked you can no longer add subjects to it
454
455   Attribute()
456     default constructor, do not use, for swig only
457
458   Attribute(const Attribute &)
459     copy constructor, used for cloning an attribute
460
461   ~Attribute()
462     default destructor
463
464   Attribute(Role&, int)
465     constructor that creates an attribute policy to be signed by the issuer
466     with the given role with a specified validity period
467     An exception will be thrown if:
468       - the issuer has no private key
469       - the Head role is invalid
470       - the validity period is invalid (must be >= 1 second)
[669b481]471     (C:abac_attribute_create)
[5d06689]472
473   Attribute(Oset&, int)
474     constructor that creates an attribute policy to be signed by the issuer
475     with the given oset with a specified validity period
476     An exception will be thrown if:
477       - the issuer has no private key
478       - the Head oset is invalid
479       - the validity period is invalid (must be >= 1 second)
[669b481]480     (C:abac_attribute_create)
[5d06689]481
[dfe6b61]482   Attribute_chunk(abac_chunk_t chunk)
483     constructor that creates an attribute policy to be signed by the issuer
484     with a given cert chunk.
485     (C:abac_attribute_from_chunk)
486
[5d06689]487   bool attribute_add_tail(Role&)
[669b481]488      Add a role tail.  Call multiple times for intersection
489     (C:abac_attribute_add_tail)
[5d06689]490
491   bool attribute_add_tail(Oset&)
[669b481]492      Add an oset tail.  Call multiple times for intersection
493     (C:abac_attribute_add_tail)
[5d06689]494
495   char *head_string()
496     returns literal string of head of the attribute
[669b481]497     (C:abac_head_string)
[5d06689]498
499   char *tail_string()
500     returns literal string of tail of the attribute
[669b481]501     (C:abac_tail_string)
[5d06689]502
503   char *head_typed_string()
504     returns typed literal string of head of the attribute
[669b481]505     (C:abac_head_typed_string)
[5d06689]506
507   char *tail_typed_string()
508     returns typed literal string of tail of the attribute
[669b481]509     (C:abac_tail_typed_string)
[5d06689]510
511   char *string()
512     returns literal string of the attribute
[669b481]513     (C:abac_attribute_string)
[5d06689]514
515   char *typed_string()
516     returns typed literal string of the attribute
[669b481]517     (C:abac_attribute_typed_string)
[5d06689]518
519   const Role &role_head()
520     returns the head role
521
522   const Oset &oset_head()
523     returns the oset head
524
525   std::vector<Role> role_tails(bool &)
526     retrieve tail role which maybe more than 1 if intersecting
[669b481]527     (C:abac_attribute_role_tails)
[5d06689]528
529   std::vector<Oset> oset_tails(bool &)
530     retrieve tail oset which maybe more than 1 if intersecting
[669b481]531     (C:abac_attribute_oset_tails)
[5d06689]532
533   bool attribute_bake()
534     Generate the cert. Call this after you've added subjects to your cert.
535     This returns false if there are no subjects
536     This will throw an exception if the cert's already been baked.
[669b481]537     (C:abac_attribute_bake)
[5d06689]538
539   bool attribute_baked()
540     returns true iff the cert has been baked.
[669b481]541     (C:abac_attribute_baked)
[5d06689]542
543   void attribute_write_cert(FILE *)
544     write the DER-encoded X.509 attribute cert to the open file handle
545     Throws an exception if the cert isn't baked
[669b481]546     (C:abac_attribute_write_cert)
[5d06689]547
548   void attribute_write_cert(char *)
549     write the DER-encoded X.509 attribute cert to a file named out
550     Throws an exception if the cert isn't baked
[669b481]551     (C:abac_attribute_write_cert_fname)
[5d06689]552
553   abac_chunk_t cert_chunk()
554     returns a DER-encoded binary representation of the X.509 attribute
555     cert associated with this cert
556     Throws an exception if the cert isn't baked
557     the chunk can be passed to libabac's Context::load_attribute_chunk()
[669b481]558     (C:abac_attribute_cert_chunk)
[5d06689]559
560ABAC::Context
561    An ABAC Context
562
563   Context()
564     default constructor
565
566   Context(const Context &)
567     copy constructor, used for cloning the context
568
569   ~Context()
570     default destructor
571
[e3c7769]572   void free_context_now()
573     Explicitly freeing the the context. This is to prevent libstrongswan's
574     mainthread from GC'ed by Java. Used with Java/Swig/JNI combination only.
575
[5d06689]576   void dump_yap_db()
577     dump the complete yap prolog database
[669b481]578     (C:show_yap_db)
[5d06689]579
580   int load_id(ABAC::ID&)
581     load id cert from ID
[669b481]582     (C:abac_context_load_id)
[5d06689]583
584   int load_id_file(char *)
[ba6027a]585     load id cert from an idkey combo file. key retrieval will be attempted
[5d06689]586     but won't fail if not found
[669b481]587     (C:abac_context_load_id_file)
[5d06689]588
[ba6027a]589   int load_id_encrypted_file(char *, char *)
590     load id cert from an idkey combo file and a pfile. Encrypted key
591     retrieval will be attempted but won't fail if not found
592     (C:abac_context_load_encrypted_id_file)
593
[5d06689]594   int load_id_files(char *, char *)
595     load id cert from an id file and a key file
[669b481]596     (C:abac_context_load_id_files)
[5d06689]597
[ba6027a]598   int load_id_encrypted_files(char *, char *, char *)
599     load id cert from an id file, an encrypted key file, and a pfile
600     (C:abac_context_load_encrypted_id_files)
601
[5d06689]602   int load_id_chunk(abac_chunk_t)
603     load id cert from a chunk structure
[669b481]604     (C:abac_context_load_id_chunk)
[9b43fc3]605
606   int load_id_chunks(abac_chunk_t, abac_chunk_t)
[ba6027a]607     load id & privkey from chunk structures
[9b43fc3]608     (C:abac_context_load_id_privkey_chunk)
[ba6027a]609
610   int load_id_encrypted_chunks(abac_chunk_t, abac_chunk_t,char *pfile)
611     load id & encrypted privkey from chunk structures
612     (C:abac_context_load_id_enc_privkey_chunk)
[5d06689]613     returns:
614       ABAC_CERT_SUCCESS   successfully loaded
615       ABAC_CERT_INVALID   invalid certificate (or file not found)
616       ABAC_CERT_BAD_SIG   invalid signature
617
618   int load_attribute(ABAC::Attribute&)
619     load attribute credential from attribute structure
[669b481]620     (C:abac_context_load_attribute)
[5d06689]621
622   int load_attribute_file(char *)
623     load attribute credential from a file
[669b481]624     (C:abac_context_load_attribute_file)
[5d06689]625
626   int load_attribute_chunk(abac_chunk_t)
627     load attribute credential from a chunk
[669b481]628     (C:abac_context_load_attribute_chunk)
[5d06689]629
630     returns the same values as above, additionally
631     returns ABAC_CERT_MISSING_ISSUER if the issuer
632     certificate has not been loaded
[fe5682f]633
[2efdff5]634   void load_principals(char *)
635     load a directory full of principals only:
636
637        first: ${path}/*_ID.{der,pem} as identity certificates
638               implicitly looking for ${path}/*_private.{der,pem} as
639               the private key file
640        then: ${path}/*_IDKEY.{der,pem} as id/key combo certificate
641      (C:abac_context_load_principals)
642
[5d06689]643   void load_directory(char *)
644     load a directory full of certificates:
[fe5682f]645
[5d06689]646        first: ${path}/*_ID.{der,pem} as identity certificates
647               implicitly looking for ${path}/*_private.{der,pem} as
648               the private key file
649        then: ${path}/*_IDKEY.{der,pem} as id/key combo certificate
650        last: ${path}/*_attr.der as attribute certificates
[669b481]651      (C:abac_context_load_directory)
[fe5682f]652
[646e57e]653   void set_no_partial_proof()
654      (C:abac_context_set_no_partial_proof)
655   void set_want_partial_proof()
656        enable and disable the partial proof on query proof failure
657      (C:abac_context_set_want_partial_proof)
658
[5d06689]659   std::vector<Attribute> query(char *, char *, bool &)
660     the string version is for query that is composed by hand with SHA or
661     in non ABAC_CN mode 
[669b481]662     (C:abac_context_query)
[fe5682f]663
[5d06689]664   std::vector<Attribute> query(Role &, Role &, bool &)
[669b481]665     (C:abac_context_query_with_structure)
[5d06689]666   std::vector<Attribute> query(Oset &, Oset &, bool &)
[669b481]667     (C:abac_context_query_with_structure)
[5d06689]668     runs the query:
669       role <-?- principal
670       oset <-?- principal/obj
671     returns true/false in success
672     returns a proof upon success,
[646e57e]673             a partial proof on failure by default
[fe5682f]674
[abf8d5d]675   std::vector<Attribute> next_proof(bool &)
676     (C:abac_context_query_again)
677     force backtrack and try to get next solution proof:
678     returns true/false in success
679     returns a proof upon success,
680
[5d06689]681   std::vector<Attribute> context_credentials(bool &)
682     returns a vector of all the credentials loaded in the context
683     extracted from the internal data structure
[669b481]684     (C:abac_context_credentials)
[5308660]685
[5d06689]686   std::vector<Attribute> context_principals(bool &)
687     returns a vector of all the principals loaded in the context
688     extracted from the internal data structure
[669b481]689     (C:abac_context_principals)
[fe5682f]690
[ba6027a]691   ID lookup_principal(char *)
692     find a particular principal from the context
693
[5d06689]694   char *version()
695     return the version of this interface
[58ba801]696C API
[fe5682f]697
698The C API is nearly identical to the C++ API. Due to lack of namespaces,
699all function names are preceeded by abac_. Furthermore, the parameter
[669b481]700representing the object must be passed explicitly. Each of the C++ calls
701are appended with a matching C routine call. The C function declaration
702can be found in abac.h
703
704Examples:
705
706    C++:    head.role_name()
707    C:      abac_role_name(head)
708    or
709    C++:    ctxt.load_attribute_file("test_attr.der")
710    C:      abac_context_load_attribute_file(ctx, "test_attr.der")
711
712Instead of copy constructors, the C API uses _dup.  Therefore,
713to copy a role use abac_aspect_dup(m_role),
714to copy a oset use abac_aspect_dup(m_oset),
715to copy a context use abac_context_dup(m_ctx),
716to copy a constraint use abac_condition_dup(m_constraint),
717to copy a data term use abac_term_dup(m_term),
718to copy a ID use abac_id_dup(m_id)
719and to copy an attribute use abac_attribute_dup(m_attr)
720
721Various flavors of abac_context_query() and abac_context_credentials()
722return NULL-terminated arrays of Attribute objects (abac_credential_t * in C).
723abac_context_principals() returns NULL-terminated array of ID objects
724(abac_id_credential_t * in C)
[58ba801]725
726When you are done with them, you must free the whole array at once using
[669b481]727abac_context_credentials_free() and abac_context_principals_free() respectively.
[58ba801]728
[4a72b30]729PERL, PYTHON AND JAVA API
[fe5682f]730
[4a72b30]731The Perl, Python and Java APIs are even more similar to the C++ API. The main
[fe5682f]732changes are the use of native types instead of C/C++ types.
733
734    - native strings instead of char *
735
[4a72b30]736    Java:
737        - String instead of char *
738        - Context::query returns a vector of Credentials:
739            credentials = ctx.query(role, principal)
740            success if credentials' size is > 0
741
[fe5682f]742    Perl:
743        - arrayref instead of vector
744        - string instead of chunk_t
745        - Context::query returns a list of two elements:
[4a72b30]746            my ($success, $credentials) = $ctx->query($role, $principal)
[fe5682f]747            $success is a boolean
748            $credentials is an arrayref of Credential objects
749
750    Python:
751        - tuple instead of vector
752        - bytearray instead of chunk_t (>= 2.6)
753        - string instead of chunk_t (< 2.6)
754        - Context::query returns a tuple with two elements:
755            (success, credentials) = ctx.query(role, principal)
756            success is a boolean
757            credentials is a tuple of Credential objects
[4a72b30]758
Note: See TracBrowser for help on using the repository browser.