Context Navigation

source: libabac/abac.hh @ 94d1dae

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml

Last change on this file since 94d1dae was 4721618, checked in by Mei <mei@…>, 11 years ago

1) tested out python and perl test scripts along with

abac_chunk_t calls in libabac's abac.hh

Property mode set to 100644

File size: 10.6 KB

Line
1	#ifndef __ABAC_HH__
2	#define __ABAC_HH__
3
4	#include <cstdio>
5	#include <stdexcept>
6	#include <string>
7	#include <vector>
8
9	namespace ABAC {
10	extern "C" {
11	#include "abac.h"
12	}
13
14	class Attribute;
15	class ID;
16
17	class Role {
18	public:
19	Role() : m_role(NULL) { } // do not use: here for swig
20	Role(abac_role_t *role) { m_role = abac_role_dup(role); }
21	Role(char *role_name) { m_role = abac_role_from_string(role_name); }
22	Role(const Role &role) { m_role = abac_role_dup(role.m_role); }
23	~Role() { abac_role_free(m_role); }
24
25	bool is_principal() const { return abac_role_is_principal(m_role); }
26	bool is_role() const { return abac_role_is_role(m_role); }
27	bool is_linking() const { return abac_role_is_linking(m_role); }
28
29	char *string() const { return abac_role_string(m_role); }
30	char *linked_role() const { return abac_role_linked_role(m_role); }
31	char *role_name() const { return abac_role_role_name(m_role); }
32	char *principal() const { return abac_role_principal(m_role); }
33
34	private:
35	abac_role_t *m_role;
36	};
37
38	class Credential {
39	public:
40	Credential() : m_cred(NULL) { } // do not use: here for swig
41	Credential(abac_credential_t *cred) :
42	m_head(abac_credential_head(cred)),
43	m_tail(abac_credential_tail(cred)),
44	m_cred(abac_credential_dup(cred))
45	{ }
46	Credential(const Credential &cred) :
47	m_head(cred.m_head),
48	m_tail(cred.m_tail),
49	m_cred(abac_credential_dup(cred.m_cred))
50	{ }
51	~Credential() { abac_credential_free(m_cred); }
52
53	const Role &head() { return m_head; }
54	const Role &tail() { return m_tail; }
55	abac_chunk_t attribute_cert() { return abac_credential_attribute_cert(m_cred); }
56	abac_chunk_t issuer_cert() { return abac_credential_issuer_cert(m_cred); }
57
58	private:
59	abac_credential_t *m_cred;
60	Role m_head, m_tail;
61	};
62
63	class Context {
64	public:
65	Context() { m_ctx = abac_context_new(); }
66	Context(const Context &context) { m_ctx = abac_context_dup(context.m_ctx); }
67	~Context() { abac_context_free(m_ctx); }
68
69	/* see abac.h for possible return values */
70	int load_id_file(char *filename) { return abac_context_load_id_file(m_ctx, filename); }
71	int load_id_chunk(abac_chunk_t cert) { return abac_context_load_id_chunk(m_ctx, cert); }
72	int load_attribute_file(char *filename) { return abac_context_load_attribute_file(m_ctx, filename); }
73	int load_attribute_chunk(abac_chunk_t cert) { return abac_context_load_attribute_chunk(m_ctx, cert); }
74
75	/* load an entire directory full of certs */
76	void load_directory(char *path) { abac_context_load_directory(m_ctx, path); }
77
78	/* abac query, returns a vector of credentials on success, NULL on fail */
79	std::vector<Credential> query(char role, char principal, bool &success) {
80	abac_credential_t creds, end;
81	int i, success_int;
82
83	creds = abac_context_query(m_ctx, role, principal, &success_int);
84	success = success_int;
85
86	for (i = 0; creds[i] != NULL; ++i)
87	;
88
89	end = &creds[i];
90	std::vector<Credential> credentials = std::vector<Credential>(creds, end);
91
92	abac_context_credentials_free(creds);
93
94	return credentials;
95	}
96
97	std::vector<Credential> credentials() {
98	abac_credential_t creds, end;
99	int i;
100
101	creds = abac_context_credentials(m_ctx);
102	for (i = 0; creds[i] != NULL; ++i)
103	;
104
105	end = &creds[i];
106	std::vector<Credential> credentials = std::vector<Credential>(creds, end);
107
108	abac_context_credentials_free(creds);
109	return credentials;
110	}
111
112	private:
113	abac_context_t *m_ctx;
114	};
115
116	class ID {
117	public:
118	ID() : m_id(NULL) { } // do not use: required by swig
119
120	// load an ID from a file
121	ID(char *filename) : m_id(NULL) {
122	m_id = abac_id_from_file(filename);
123	if (m_id == NULL)
124	throw std::invalid_argument("Could not load ID cert");
125	}
126
127	// load an ID from a chunk
128	ID(abac_chunk_t chunk) : m_id(NULL) {
129	m_id = abac_id_from_chunk(chunk);
130	if (m_id == NULL)
131	throw std::invalid_argument("Could not load ID cert");
132	}
133
134	// generate an ID with a given CN and validity
135	ID(char *cn, int validity) : m_id(NULL) {
136	int ret = abac_id_generate(&m_id, cn, validity);
137	if (ret == ABAC_GENERATE_INVALID_CN)
138	throw std::invalid_argument("CN must be alphanumeric and start with a letter");
139	if (ret == ABAC_GENERATE_INVALID_VALIDITY)
140	throw std::invalid_argument("Validity must be > 0 days");
141	}
142
143	ID(const ID &id) { m_id = abac_id_dup(id.m_id); }
144
145	~ID() { abac_id_free(m_id); }
146
147	// load private key from a file
148	void load_privkey(char *filename) {
149	int ret = abac_id_privkey_from_file(m_id, filename);
150	if (ret != ABAC_SUCCESS)
151	throw std::invalid_argument("Could not load private key");
152	}
153
154	char *keyid() { return abac_id_keyid(m_id); }
155	char *cert_filename() { return abac_id_cert_filename(m_id); }
156	void write_cert(FILE *out) { abac_id_write_cert(m_id, out); }
157	void write_cert(const std::string &name) {
158	FILE *out = fopen(name.c_str(), "w");
159	if (out == NULL)
160	throw std::invalid_argument("Could not open cert file for writing");
161	write_cert(out);
162	fclose(out);
163	}
164	// Simplifies access from swig
165	void write_cert_file(const char *n) {
166	write_cert(std::string(n));
167	}
168	char *privkey_filename() { return abac_id_privkey_filename(m_id); }
169
170	// write the private key
171	// throws a std::logic_error if no private key is loaded
172	void write_privkey(FILE *out) {
173	int ret = abac_id_write_privkey(m_id, out);
174	if (ret!=ABAC_SUCCESS) throw std::logic_error("No private key loaded");
175	}
176	void write_privkey(const std::string &name) {
177	FILE *out = fopen(name.c_str(), "w");
178	if (out == NULL)
179	throw std::invalid_argument("Could not open privkey file for writing");
180	write_privkey(out);
181	fclose(out);
182	}
183	// Simplifies access from swig
184	void write_privkey_file(const char *name) {
185	write_privkey(std::string(name));
186	}
187
188	abac_chunk_t cert_chunk() { return abac_id_cert_chunk(m_id); }
189
190	friend class Attribute;
191
192	private:
193	abac_id_t *m_id;
194	};
195
196	class Attribute {
197	public:
198	Attribute() : m_attr(NULL) { } // do not use: required by swig
199
200	// create a cert
201	Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) {
202	int ret = abac_attribute_create(&m_attr, issuer.m_id, role, validity);
203	if (ret == ABAC_ATTRIBUTE_ISSUER_NOKEY)
204	throw std::invalid_argument("Issuer has no private key");
205	if (ret == ABAC_ATTRIBUTE_INVALID_ROLE)
206	throw std::invalid_argument("Role name must be alphanumeric");
207	if (ret == ABAC_ATTRIBUTE_INVALID_VALIDITY)
208	throw std::invalid_argument("Validity must be > 0 days");
209	if (ret == ABAC_ATTRIBUTE_INVALID_ISSUER)
210	throw std::invalid_argument("Issuer's validity expired");
211	}
212
213	~Attribute() { abac_attribute_free(m_attr); }
214
215	// these return false if there's a bad keyid or role name
216	// they'll throw a std::logic_error if the cert's been baked
217	bool principal(char *keyid) {
218	if (baked()) throw std::logic_error("Cert is already baked");
219	return abac_attribute_principal(m_attr, keyid);
220	}
221	bool role(char keyid, char role) {
222	if (baked()) throw std::logic_error("Cert is already baked");
223	return abac_attribute_role(m_attr, keyid, role);
224	}
225	bool linking_role(char keyid, char role, char *linked) {
226	if (baked()) throw std::logic_error("Cert is already baked");
227	return abac_attribute_linking_role(m_attr, keyid, role, linked);
228	}
229
230	// returns false if there are no subjects
231	// throws a std::logic_error if the cert's already been baked
232	bool bake() {
233	if (baked()) throw std::logic_error("Cert is already baked");
234	return abac_attribute_bake(m_attr);
235	}
236
237	// returns true iff the cert's been baked
238	bool baked() { return abac_attribute_baked(m_attr); }
239
240	// throws a std::logic_error if the cert isn't baked
241	void write(FILE *out) {
242	int ret = abac_attribute_write(m_attr, out);
243	if (ret!=ABAC_SUCCESS) throw std::logic_error("Cert is not baked");
244	}
245
246	void write(const std::string &name) {
247	FILE *out = fopen(name.c_str(), "w");
248	if (out == NULL)
249	throw std::invalid_argument("Could not open cert file for writing");
250	write(out);
251	fclose(out);
252	}
253
254	void write_file(const char *name) {
255	int ret = abac_attribute_write_file(m_attr, name);
256	if (ret!=ABAC_SUCCESS) throw std::logic_error("Cert is not baked");
257	}
258
259	// throws a std::logic_error if the cert isn't baked
260	abac_chunk_t cert_chunk() {
261	abac_chunk_t ret=abac_attribute_cert_chunk(m_attr);
262	if(ret.len == 0)
263	throw std::logic_error("Cert is not baked");
264	return ret;
265	}
266
267	private:
268	abac_attribute_t *m_attr;
269	};
270	}
271
272	#endif /* __ABAC_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: