Context Navigation

source: libabac/abac.hh @ afcafea

abac0-leakabac0-meitvf-new-xml

Last change on this file since afcafea was afcafea, checked in by Ted Faber <faber@…>, 11 years ago
Outputs names with bake(Context)
Property mode set to `100644`
File size: 11.4 KB

Rev	Line
[64fa9ba]	1	#ifndef __ABAC_HH__
	2	#define __ABAC_HH__
	3
[461541a]	4	#include <cstdio>
	5	#include <stdexcept>
[2af3b82]	6	#include <string>
[9dffbd6]	7	#include <vector>
	8
[3ed053d]	9	/* This file is generated from doc/ABAC.hh by doc/extract_doc.c */
	10
[64fa9ba]	11	namespace ABAC {
	12	extern "C" {
	13	#include "abac.h"
	14	}
	15
[4721618]	16	class Attribute;
	17	class ID;
[94605f2]	18	class Role;
	19	class Credential;
[9dffbd6]	20
[64fa9ba]	21	class Context {
	22	public:
	23	Context() { m_ctx = abac_context_new(); }
	24	Context(const Context &context) { m_ctx = abac_context_dup(context.m_ctx); }
	25	~Context() { abac_context_free(m_ctx); }
	26
	27	int load_id_file(char *filename) { return abac_context_load_id_file(m_ctx, filename); }
	28	int load_id_chunk(abac_chunk_t cert) { return abac_context_load_id_chunk(m_ctx, cert); }
	29	int load_attribute_file(char *filename) { return abac_context_load_attribute_file(m_ctx, filename); }
	30	int load_attribute_chunk(abac_chunk_t cert) { return abac_context_load_attribute_chunk(m_ctx, cert); }
	31
	32	void load_directory(char *path) { abac_context_load_directory(m_ctx, path); }
	33
[92661b4]	34
[9dffbd6]	35	/* abac query, returns a vector of credentials on success, NULL on fail */
[4e426c9]	36	std::vector<Credential> query(char role, char principal, bool &success) {
[a70acc9]	37	abac_credential_t creds, end;
[4e426c9]	38	int i, success_int;
[a70acc9]	39	creds = abac_context_query(m_ctx, role, principal, &success_int);
[4e426c9]	40	success = success_int;
[9dffbd6]	41
[a70acc9]	42	for (i = 0; creds[i] != NULL; ++i)
[9dffbd6]	43	;
	44
[a70acc9]	45	end = &creds[i];
	46	std::vector<Credential> credentials = std::vector<Credential>(creds, end);
	47	abac_context_credentials_free(creds);
[9dffbd6]	48	return credentials;
	49	}
[3c4fd68]	50	std::vector<Credential> credentials() {
	51	abac_credential_t creds, end;
	52	int i;
	53
	54	creds = abac_context_credentials(m_ctx);
	55	for (i = 0; creds[i] != NULL; ++i)
	56	;
	57
	58	end = &creds[i];
	59	std::vector<Credential> credentials = std::vector<Credential>(creds, end);
	60
	61	abac_context_credentials_free(creds);
	62	return credentials;
	63	}
[64fa9ba]	64	private:
	65	abac_context_t *m_ctx;
[94605f2]	66	friend class Role;
[afcafea]	67	friend class Attribute;
[64fa9ba]	68	};
[461541a]	69
[94605f2]	70	class Role {
	71	public:
	72	Role() : m_role(NULL) { } // do not use: here for swig
	73	Role(abac_role_t *role) { m_role = abac_role_dup(role); }
	74	Role(char *role_name) { m_role = abac_role_from_string(role_name); }
	75	Role(const Role &role) { m_role = abac_role_dup(role.m_role); }
	76	~Role() { abac_role_free(m_role); }
	77	bool is_principal() const { return abac_role_is_principal(m_role); }
	78	bool is_role() const { return abac_role_is_role(m_role); }
	79	bool is_linking() const { return abac_role_is_linking(m_role); }
	80
	81	char *string() const { return abac_role_string(m_role); }
	82	char *short_string(Context& c) const {
	83	return abac_role_short_string(m_role, c.m_ctx);
	84	}
	85	char *linked_role() const { return abac_role_linked_role(m_role); }
	86	char *role_name() const { return abac_role_role_name(m_role); }
	87	char *principal() const { return abac_role_principal(m_role); }
	88
	89	private:
	90	abac_role_t *m_role;
	91	};
	92
	93	class Credential {
	94	public:
	95	Credential() : m_cred(NULL) { } // do not use: here for swig
	96	Credential(abac_credential_t *cred) :
	97	m_head(abac_credential_head(cred)),
	98	m_tail(abac_credential_tail(cred)),
	99	m_cred(abac_credential_dup(cred))
	100	{ }
	101	Credential(const Credential &cred) :
	102	m_head(cred.m_head),
	103	m_tail(cred.m_tail),
	104	m_cred(abac_credential_dup(cred.m_cred))
	105	{ }
	106	~Credential() { abac_credential_free(m_cred); }
	107	const Role &head() { return m_head; }
	108	const Role &tail() { return m_tail; }
	109	abac_chunk_t attribute_cert() { return abac_credential_attribute_cert(m_cred); }
	110	abac_chunk_t issuer_cert() { return abac_credential_issuer_cert(m_cred); }
	111
	112	private:
	113	abac_credential_t *m_cred;
	114	Role m_head, m_tail;
	115	};
	116
	117
[461541a]	118	class ID {
	119	public:
	120	ID() : m_id(NULL) { } // do not use: required by swig
[92661b4]	121	ID(const ID &id) { m_id = abac_id_dup(id.m_id); }
	122	~ID() { abac_id_free(m_id); }
[461541a]	123
	124	ID(char *filename) : m_id(NULL) {
	125	m_id = abac_id_from_file(filename);
	126	if (m_id == NULL)
	127	throw std::invalid_argument("Could not load ID cert");
	128	}
	129
	130	ID(abac_chunk_t chunk) : m_id(NULL) {
	131	m_id = abac_id_from_chunk(chunk);
	132	if (m_id == NULL)
[a02c849]	133	throw std::invalid_argument("Could not load ID certificate with a chunk");
[461541a]	134	}
	135	ID(char *cn, int validity) : m_id(NULL) {
	136	int ret = abac_id_generate(&m_id, cn, validity);
	137	if (ret == ABAC_GENERATE_INVALID_CN)
	138	throw std::invalid_argument("CN must be alphanumeric and start with a letter");
	139	if (ret == ABAC_GENERATE_INVALID_VALIDITY)
	140	throw std::invalid_argument("Validity must be > 0 days");
	141	}
	142	void load_privkey(char *filename) {
	143	int ret = abac_id_privkey_from_file(m_id, filename);
[4721618]	144	if (ret != ABAC_SUCCESS)
[461541a]	145	throw std::invalid_argument("Could not load private key");
	146	}
[a02c849]	147	void load_privkey_chunk(abac_chunk_t chunk) {
	148	int ret = abac_id_privkey_from_chunk(m_id, chunk);
	149	if (ret != ABAC_SUCCESS)
	150	throw std::invalid_argument("Could not load private key with a chunk");
	151	}
	152	int has_privkey() {
	153	int ret= abac_id_has_privkey(m_id);
	154	return ret;
	155	}
[461541a]	156	char *keyid() { return abac_id_keyid(m_id); }
	157	char *cert_filename() { return abac_id_cert_filename(m_id); }
[4721618]	158	void write_cert(FILE *out) { abac_id_write_cert(m_id, out); }
[461541a]	159	void write_cert(const std::string &name) {
[a02c849]	160	FILE *out = fopen(name.c_str(), "a+");
[461541a]	161	if (out == NULL)
[92661b4]	162	throw std::invalid_argument("Could not open certificate file for writing");
[461541a]	163	write_cert(out);
	164	fclose(out);
	165	}
	166	// Simplifies access from swig
[4721618]	167	void write_cert_file(const char *n) {
[461541a]	168	write_cert(std::string(n));
	169	}
[92661b4]	170	void write_cert_name(const char *n) {
	171	write_cert(std::string(n));
	172	fprintf(stderr,"ABAC::ID::write_cert_name is deprecated, please use ABAC::ID::write_cert_name\n");
	173	}
[461541a]	174	char *privkey_filename() { return abac_id_privkey_filename(m_id); }
[4721618]	175	void write_privkey(FILE *out) {
[461541a]	176	int ret = abac_id_write_privkey(m_id, out);
[4721618]	177	if (ret!=ABAC_SUCCESS) throw std::logic_error("No private key loaded");
[461541a]	178	}
	179	void write_privkey(const std::string &name) {
[a02c849]	180	FILE *out = fopen(name.c_str(), "a+");
[461541a]	181	if (out == NULL)
	182	throw std::invalid_argument("Could not open privkey file for writing");
	183	write_privkey(out);
	184	fclose(out);
	185	}
	186	// Simplifies access from swig
[4721618]	187	void write_privkey_file(const char *name) {
[461541a]	188	write_privkey(std::string(name));
	189	}
[92661b4]	190	void write_privkey_name(const char *name) {
	191	write_privkey(std::string(name));
	192	fprintf(stderr,"ABAC::ID::write_privkey_name is deprecated, please use ABAC::ID::write_privkey_file\n");
	193	}
[461541a]	194	abac_chunk_t cert_chunk() { return abac_id_cert_chunk(m_id); }
[92661b4]	195	abac_chunk_t privkey_chunk() { return abac_id_privkey_chunk(m_id); }
[461541a]	196
	197	friend class Attribute;
	198
	199	private:
	200	abac_id_t *m_id;
	201	};
	202
	203	class Attribute {
	204	public:
	205	Attribute() : m_attr(NULL) { } // do not use: required by swig
[92661b4]	206	~Attribute() { abac_attribute_free(m_attr); }
[461541a]	207
	208	Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) {
	209	int ret = abac_attribute_create(&m_attr, issuer.m_id, role, validity);
	210	if (ret == ABAC_ATTRIBUTE_ISSUER_NOKEY)
	211	throw std::invalid_argument("Issuer has no private key");
	212	if (ret == ABAC_ATTRIBUTE_INVALID_ROLE)
	213	throw std::invalid_argument("Role name must be alphanumeric");
	214	if (ret == ABAC_ATTRIBUTE_INVALID_VALIDITY)
	215	throw std::invalid_argument("Validity must be > 0 days");
	216	if (ret == ABAC_ATTRIBUTE_INVALID_ISSUER)
	217	throw std::invalid_argument("Issuer's validity expired");
	218	}
	219
	220
	221	bool principal(char *keyid) {
	222	if (baked()) throw std::logic_error("Cert is already baked");
	223	return abac_attribute_principal(m_attr, keyid);
	224	}
	225	bool role(char keyid, char role) {
	226	if (baked()) throw std::logic_error("Cert is already baked");
	227	return abac_attribute_role(m_attr, keyid, role);
	228	}
	229	bool linking_role(char keyid, char role, char *linked) {
	230	if (baked()) throw std::logic_error("Cert is already baked");
	231	return abac_attribute_linking_role(m_attr, keyid, role, linked);
	232	}
	233	bool bake() {
	234	if (baked()) throw std::logic_error("Cert is already baked");
	235	return abac_attribute_bake(m_attr);
	236	}
	237
[afcafea]	238	bool bake(Context& c) {
	239	if (baked()) throw std::logic_error("Cert is already baked");
	240	return abac_attribute_bake_context(m_attr, c.m_ctx);
	241	}
	242
[461541a]	243	bool baked() { return abac_attribute_baked(m_attr); }
	244
[bc12f3d]	245	void set_output_format(char *fmt) {
	246	abac_attribute_set_output_format(m_attr, fmt);
	247	}
	248
[4721618]	249	void write(FILE *out) {
[461541a]	250	int ret = abac_attribute_write(m_attr, out);
[4721618]	251	if (ret!=ABAC_SUCCESS) throw std::logic_error("Cert is not baked");
[461541a]	252	}
	253	void write(const std::string &name) {
[4721618]	254	FILE *out = fopen(name.c_str(), "w");
[461541a]	255	if (out == NULL)
[92661b4]	256	throw std::invalid_argument("Could not open certificate file for writing");
[461541a]	257	write(out);
	258	fclose(out);
	259	}
[4721618]	260	void write_file(const char *name) {
	261	int ret = abac_attribute_write_file(m_attr, name);
	262	if (ret!=ABAC_SUCCESS) throw std::logic_error("Cert is not baked");
[461541a]	263	}
[92661b4]	264	void write_name(const char *name) {
	265	write_file(name);
[3ed053d]	266	fprintf(stderr,"ABAC::Attribute::write_name is deprecated, please use ABAC::Attribute::write_name\n");
[92661b4]	267	}
[461541a]	268	abac_chunk_t cert_chunk() {
[4721618]	269	abac_chunk_t ret=abac_attribute_cert_chunk(m_attr);
	270	if(ret.len == 0)
	271	throw std::logic_error("Cert is not baked");
[461541a]	272	return ret;
	273	}
	274
	275	private:
	276	abac_attribute_t *m_attr;
	277	};
[64fa9ba]	278	}
	279
	280	#endif /* __ABAC_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: