Context Navigation

source: libabac/abac.hh @ 3ed053d

abac0-leakabac0-meimei-idtvf-new-xml

Last change on this file since 3ed053d was 3ed053d, checked in by Mei <mei@…>, 11 years ago
1) add the missing ABAC.hh
Property mode set to `100644`
File size: 10.9 KB

Line
1	#ifndef __ABAC_HH__
2	#define __ABAC_HH__
3
4	#include <cstdio>
5	#include <stdexcept>
6	#include <string>
7	#include <vector>
8
9	/* This file is generated from doc/ABAC.hh by doc/extract_doc.c */
10
11	namespace ABAC {
12	extern "C" {
13	#include "abac.h"
14	}
15
16	class Attribute;
17	class ID;
18
19	class Role {
20	public:
21	Role() : m_role(NULL) { } // do not use: here for swig
22	Role(abac_role_t *role) { m_role = abac_role_dup(role); }
23	Role(char *role_name) { m_role = abac_role_from_string(role_name); }
24	Role(const Role &role) { m_role = abac_role_dup(role.m_role); }
25	~Role() { abac_role_free(m_role); }
26	bool is_principal() const { return abac_role_is_principal(m_role); }
27	bool is_role() const { return abac_role_is_role(m_role); }
28	bool is_linking() const { return abac_role_is_linking(m_role); }
29
30	char *string() const { return abac_role_string(m_role); }
31	char *linked_role() const { return abac_role_linked_role(m_role); }
32	char *role_name() const { return abac_role_role_name(m_role); }
33	char *principal() const { return abac_role_principal(m_role); }
34
35	private:
36	abac_role_t *m_role;
37	};
38
39	class Credential {
40	public:
41	Credential() : m_cred(NULL) { } // do not use: here for swig
42	Credential(abac_credential_t *cred) :
43	m_head(abac_credential_head(cred)),
44	m_tail(abac_credential_tail(cred)),
45	m_cred(abac_credential_dup(cred))
46	{ }
47	Credential(const Credential &cred) :
48	m_head(cred.m_head),
49	m_tail(cred.m_tail),
50	m_cred(abac_credential_dup(cred.m_cred))
51	{ }
52	~Credential() { abac_credential_free(m_cred); }
53	const Role &head() { return m_head; }
54	const Role &tail() { return m_tail; }
55	abac_chunk_t attribute_cert() { return abac_credential_attribute_cert(m_cred); }
56	abac_chunk_t issuer_cert() { return abac_credential_issuer_cert(m_cred); }
57
58	private:
59	abac_credential_t *m_cred;
60	Role m_head, m_tail;
61	};
62
63	class Context {
64	public:
65	Context() { m_ctx = abac_context_new(); }
66	Context(const Context &context) { m_ctx = abac_context_dup(context.m_ctx); }
67	~Context() { abac_context_free(m_ctx); }
68
69	int load_id_file(char *filename) { return abac_context_load_id_file(m_ctx, filename); }
70	int load_id_chunk(abac_chunk_t cert) { return abac_context_load_id_chunk(m_ctx, cert); }
71	int load_attribute_file(char *filename) { return abac_context_load_attribute_file(m_ctx, filename); }
72	int load_attribute_chunk(abac_chunk_t cert) { return abac_context_load_attribute_chunk(m_ctx, cert); }
73
74	void load_directory(char *path) { abac_context_load_directory(m_ctx, path); }
75
76
77	/* abac query, returns a vector of credentials on success, NULL on fail */
78	std::vector<Credential> query(char role, char principal, bool &success) {
79	abac_credential_t creds, end;
80	int i, success_int;
81	creds = abac_context_query(m_ctx, role, principal, &success_int);
82	success = success_int;
83
84	for (i = 0; creds[i] != NULL; ++i)
85	;
86
87	end = &creds[i];
88	std::vector<Credential> credentials = std::vector<Credential>(creds, end);
89	abac_context_credentials_free(creds);
90	return credentials;
91	}
92	std::vector<Credential> credentials() {
93	abac_credential_t creds, end;
94	int i;
95
96	creds = abac_context_credentials(m_ctx);
97	for (i = 0; creds[i] != NULL; ++i)
98	;
99
100	end = &creds[i];
101	std::vector<Credential> credentials = std::vector<Credential>(creds, end);
102
103	abac_context_credentials_free(creds);
104	return credentials;
105	}
106
107	private:
108	abac_context_t *m_ctx;
109	};
110
111	class ID {
112	public:
113	ID() : m_id(NULL) { } // do not use: required by swig
114	ID(const ID &id) { m_id = abac_id_dup(id.m_id); }
115	~ID() { abac_id_free(m_id); }
116
117	ID(char *filename) : m_id(NULL) {
118	m_id = abac_id_from_file(filename);
119	if (m_id == NULL)
120	throw std::invalid_argument("Could not load ID cert");
121	}
122
123	ID(abac_chunk_t chunk) : m_id(NULL) {
124	m_id = abac_id_from_chunk(chunk);
125	if (m_id == NULL)
126	throw std::invalid_argument("Could not load ID certificate with a chunk");
127	}
128	ID(char *cn, int validity) : m_id(NULL) {
129	int ret = abac_id_generate(&m_id, cn, validity);
130	if (ret == ABAC_GENERATE_INVALID_CN)
131	throw std::invalid_argument("CN must be alphanumeric and start with a letter");
132	if (ret == ABAC_GENERATE_INVALID_VALIDITY)
133	throw std::invalid_argument("Validity must be > 0 days");
134	}
135	void load_privkey(char *filename) {
136	int ret = abac_id_privkey_from_file(m_id, filename);
137	if (ret != ABAC_SUCCESS)
138	throw std::invalid_argument("Could not load private key");
139	}
140	void load_privkey_chunk(abac_chunk_t chunk) {
141	int ret = abac_id_privkey_from_chunk(m_id, chunk);
142	if (ret != ABAC_SUCCESS)
143	throw std::invalid_argument("Could not load private key with a chunk");
144	}
145	int has_privkey() {
146	int ret= abac_id_has_privkey(m_id);
147	return ret;
148	}
149	char *keyid() { return abac_id_keyid(m_id); }
150	char *cert_filename() { return abac_id_cert_filename(m_id); }
151	void write_cert(FILE *out) { abac_id_write_cert(m_id, out); }
152	void write_cert(const std::string &name) {
153	FILE *out = fopen(name.c_str(), "a+");
154	if (out == NULL)
155	throw std::invalid_argument("Could not open certificate file for writing");
156	write_cert(out);
157	fclose(out);
158	}
159	// Simplifies access from swig
160	void write_cert_file(const char *n) {
161	write_cert(std::string(n));
162	}
163	void write_cert_name(const char *n) {
164	write_cert(std::string(n));
165	fprintf(stderr,"ABAC::ID::write_cert_name is deprecated, please use ABAC::ID::write_cert_name\n");
166	}
167	char *privkey_filename() { return abac_id_privkey_filename(m_id); }
168	void write_privkey(FILE *out) {
169	int ret = abac_id_write_privkey(m_id, out);
170	if (ret!=ABAC_SUCCESS) throw std::logic_error("No private key loaded");
171	}
172	void write_privkey(const std::string &name) {
173	FILE *out = fopen(name.c_str(), "a+");
174	if (out == NULL)
175	throw std::invalid_argument("Could not open privkey file for writing");
176	write_privkey(out);
177	fclose(out);
178	}
179	// Simplifies access from swig
180	void write_privkey_file(const char *name) {
181	write_privkey(std::string(name));
182	}
183	void write_privkey_name(const char *name) {
184	write_privkey(std::string(name));
185	fprintf(stderr,"ABAC::ID::write_privkey_name is deprecated, please use ABAC::ID::write_privkey_file\n");
186	}
187	abac_chunk_t cert_chunk() { return abac_id_cert_chunk(m_id); }
188	abac_chunk_t privkey_chunk() { return abac_id_privkey_chunk(m_id); }
189
190	friend class Attribute;
191
192	private:
193	abac_id_t *m_id;
194	};
195
196	class Attribute {
197	public:
198	Attribute() : m_attr(NULL) { } // do not use: required by swig
199	~Attribute() { abac_attribute_free(m_attr); }
200
201	Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) {
202	int ret = abac_attribute_create(&m_attr, issuer.m_id, role, validity);
203	if (ret == ABAC_ATTRIBUTE_ISSUER_NOKEY)
204	throw std::invalid_argument("Issuer has no private key");
205	if (ret == ABAC_ATTRIBUTE_INVALID_ROLE)
206	throw std::invalid_argument("Role name must be alphanumeric");
207	if (ret == ABAC_ATTRIBUTE_INVALID_VALIDITY)
208	throw std::invalid_argument("Validity must be > 0 days");
209	if (ret == ABAC_ATTRIBUTE_INVALID_ISSUER)
210	throw std::invalid_argument("Issuer's validity expired");
211	}
212
213
214	bool principal(char *keyid) {
215	if (baked()) throw std::logic_error("Cert is already baked");
216	return abac_attribute_principal(m_attr, keyid);
217	}
218	bool role(char keyid, char role) {
219	if (baked()) throw std::logic_error("Cert is already baked");
220	return abac_attribute_role(m_attr, keyid, role);
221	}
222	bool linking_role(char keyid, char role, char *linked) {
223	if (baked()) throw std::logic_error("Cert is already baked");
224	return abac_attribute_linking_role(m_attr, keyid, role, linked);
225	}
226	bool bake() {
227	if (baked()) throw std::logic_error("Cert is already baked");
228	return abac_attribute_bake(m_attr);
229	}
230
231	bool baked() { return abac_attribute_baked(m_attr); }
232
233	void write(FILE *out) {
234	int ret = abac_attribute_write(m_attr, out);
235	if (ret!=ABAC_SUCCESS) throw std::logic_error("Cert is not baked");
236	}
237	void write(const std::string &name) {
238	FILE *out = fopen(name.c_str(), "w");
239	if (out == NULL)
240	throw std::invalid_argument("Could not open certificate file for writing");
241	write(out);
242	fclose(out);
243	}
244	void write_file(const char *name) {
245	int ret = abac_attribute_write_file(m_attr, name);
246	if (ret!=ABAC_SUCCESS) throw std::logic_error("Cert is not baked");
247	}
248	void write_name(const char *name) {
249	write_file(name);
250	fprintf(stderr,"ABAC::Attribute::write_name is deprecated, please use ABAC::Attribute::write_name\n");
251	}
252	abac_chunk_t cert_chunk() {
253	abac_chunk_t ret=abac_attribute_cert_chunk(m_attr);
254	if(ret.len == 0)
255	throw std::logic_error("Cert is not baked");
256	return ret;
257	}
258
259	private:
260	abac_attribute_t *m_attr;
261	};
262	}
263
264	#endif /* __ABAC_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: