Context Navigation

source: libabac/abac.hh @ afcafea

abac0-leakabac0-meitvf-new-xml

Last change on this file since afcafea was afcafea, checked in by Ted Faber <faber@…>, 11 years ago
Outputs names with bake(Context)
Property mode set to `100644`
File size: 11.4 KB

Line
1	#ifndef __ABAC_HH__
2	#define __ABAC_HH__
3
4	#include <cstdio>
5	#include <stdexcept>
6	#include <string>
7	#include <vector>
8
9	/* This file is generated from doc/ABAC.hh by doc/extract_doc.c */
10
11	namespace ABAC {
12	extern "C" {
13	#include "abac.h"
14	}
15
16	class Attribute;
17	class ID;
18	class Role;
19	class Credential;
20
21	class Context {
22	public:
23	Context() { m_ctx = abac_context_new(); }
24	Context(const Context &context) { m_ctx = abac_context_dup(context.m_ctx); }
25	~Context() { abac_context_free(m_ctx); }
26
27	int load_id_file(char *filename) { return abac_context_load_id_file(m_ctx, filename); }
28	int load_id_chunk(abac_chunk_t cert) { return abac_context_load_id_chunk(m_ctx, cert); }
29	int load_attribute_file(char *filename) { return abac_context_load_attribute_file(m_ctx, filename); }
30	int load_attribute_chunk(abac_chunk_t cert) { return abac_context_load_attribute_chunk(m_ctx, cert); }
31
32	void load_directory(char *path) { abac_context_load_directory(m_ctx, path); }
33
34
35	/* abac query, returns a vector of credentials on success, NULL on fail */
36	std::vector<Credential> query(char role, char principal, bool &success) {
37	abac_credential_t creds, end;
38	int i, success_int;
39	creds = abac_context_query(m_ctx, role, principal, &success_int);
40	success = success_int;
41
42	for (i = 0; creds[i] != NULL; ++i)
43	;
44
45	end = &creds[i];
46	std::vector<Credential> credentials = std::vector<Credential>(creds, end);
47	abac_context_credentials_free(creds);
48	return credentials;
49	}
50	std::vector<Credential> credentials() {
51	abac_credential_t creds, end;
52	int i;
53
54	creds = abac_context_credentials(m_ctx);
55	for (i = 0; creds[i] != NULL; ++i)
56	;
57
58	end = &creds[i];
59	std::vector<Credential> credentials = std::vector<Credential>(creds, end);
60
61	abac_context_credentials_free(creds);
62	return credentials;
63	}
64	private:
65	abac_context_t *m_ctx;
66	friend class Role;
67	friend class Attribute;
68	};
69
70	class Role {
71	public:
72	Role() : m_role(NULL) { } // do not use: here for swig
73	Role(abac_role_t *role) { m_role = abac_role_dup(role); }
74	Role(char *role_name) { m_role = abac_role_from_string(role_name); }
75	Role(const Role &role) { m_role = abac_role_dup(role.m_role); }
76	~Role() { abac_role_free(m_role); }
77	bool is_principal() const { return abac_role_is_principal(m_role); }
78	bool is_role() const { return abac_role_is_role(m_role); }
79	bool is_linking() const { return abac_role_is_linking(m_role); }
80
81	char *string() const { return abac_role_string(m_role); }
82	char *short_string(Context& c) const {
83	return abac_role_short_string(m_role, c.m_ctx);
84	}
85	char *linked_role() const { return abac_role_linked_role(m_role); }
86	char *role_name() const { return abac_role_role_name(m_role); }
87	char *principal() const { return abac_role_principal(m_role); }
88
89	private:
90	abac_role_t *m_role;
91	};
92
93	class Credential {
94	public:
95	Credential() : m_cred(NULL) { } // do not use: here for swig
96	Credential(abac_credential_t *cred) :
97	m_head(abac_credential_head(cred)),
98	m_tail(abac_credential_tail(cred)),
99	m_cred(abac_credential_dup(cred))
100	{ }
101	Credential(const Credential &cred) :
102	m_head(cred.m_head),
103	m_tail(cred.m_tail),
104	m_cred(abac_credential_dup(cred.m_cred))
105	{ }
106	~Credential() { abac_credential_free(m_cred); }
107	const Role &head() { return m_head; }
108	const Role &tail() { return m_tail; }
109	abac_chunk_t attribute_cert() { return abac_credential_attribute_cert(m_cred); }
110	abac_chunk_t issuer_cert() { return abac_credential_issuer_cert(m_cred); }
111
112	private:
113	abac_credential_t *m_cred;
114	Role m_head, m_tail;
115	};
116
117
118	class ID {
119	public:
120	ID() : m_id(NULL) { } // do not use: required by swig
121	ID(const ID &id) { m_id = abac_id_dup(id.m_id); }
122	~ID() { abac_id_free(m_id); }
123
124	ID(char *filename) : m_id(NULL) {
125	m_id = abac_id_from_file(filename);
126	if (m_id == NULL)
127	throw std::invalid_argument("Could not load ID cert");
128	}
129
130	ID(abac_chunk_t chunk) : m_id(NULL) {
131	m_id = abac_id_from_chunk(chunk);
132	if (m_id == NULL)
133	throw std::invalid_argument("Could not load ID certificate with a chunk");
134	}
135	ID(char *cn, int validity) : m_id(NULL) {
136	int ret = abac_id_generate(&m_id, cn, validity);
137	if (ret == ABAC_GENERATE_INVALID_CN)
138	throw std::invalid_argument("CN must be alphanumeric and start with a letter");
139	if (ret == ABAC_GENERATE_INVALID_VALIDITY)
140	throw std::invalid_argument("Validity must be > 0 days");
141	}
142	void load_privkey(char *filename) {
143	int ret = abac_id_privkey_from_file(m_id, filename);
144	if (ret != ABAC_SUCCESS)
145	throw std::invalid_argument("Could not load private key");
146	}
147	void load_privkey_chunk(abac_chunk_t chunk) {
148	int ret = abac_id_privkey_from_chunk(m_id, chunk);
149	if (ret != ABAC_SUCCESS)
150	throw std::invalid_argument("Could not load private key with a chunk");
151	}
152	int has_privkey() {
153	int ret= abac_id_has_privkey(m_id);
154	return ret;
155	}
156	char *keyid() { return abac_id_keyid(m_id); }
157	char *cert_filename() { return abac_id_cert_filename(m_id); }
158	void write_cert(FILE *out) { abac_id_write_cert(m_id, out); }
159	void write_cert(const std::string &name) {
160	FILE *out = fopen(name.c_str(), "a+");
161	if (out == NULL)
162	throw std::invalid_argument("Could not open certificate file for writing");
163	write_cert(out);
164	fclose(out);
165	}
166	// Simplifies access from swig
167	void write_cert_file(const char *n) {
168	write_cert(std::string(n));
169	}
170	void write_cert_name(const char *n) {
171	write_cert(std::string(n));
172	fprintf(stderr,"ABAC::ID::write_cert_name is deprecated, please use ABAC::ID::write_cert_name\n");
173	}
174	char *privkey_filename() { return abac_id_privkey_filename(m_id); }
175	void write_privkey(FILE *out) {
176	int ret = abac_id_write_privkey(m_id, out);
177	if (ret!=ABAC_SUCCESS) throw std::logic_error("No private key loaded");
178	}
179	void write_privkey(const std::string &name) {
180	FILE *out = fopen(name.c_str(), "a+");
181	if (out == NULL)
182	throw std::invalid_argument("Could not open privkey file for writing");
183	write_privkey(out);
184	fclose(out);
185	}
186	// Simplifies access from swig
187	void write_privkey_file(const char *name) {
188	write_privkey(std::string(name));
189	}
190	void write_privkey_name(const char *name) {
191	write_privkey(std::string(name));
192	fprintf(stderr,"ABAC::ID::write_privkey_name is deprecated, please use ABAC::ID::write_privkey_file\n");
193	}
194	abac_chunk_t cert_chunk() { return abac_id_cert_chunk(m_id); }
195	abac_chunk_t privkey_chunk() { return abac_id_privkey_chunk(m_id); }
196
197	friend class Attribute;
198
199	private:
200	abac_id_t *m_id;
201	};
202
203	class Attribute {
204	public:
205	Attribute() : m_attr(NULL) { } // do not use: required by swig
206	~Attribute() { abac_attribute_free(m_attr); }
207
208	Attribute(ID &issuer, char *role, int validity) : m_attr(NULL) {
209	int ret = abac_attribute_create(&m_attr, issuer.m_id, role, validity);
210	if (ret == ABAC_ATTRIBUTE_ISSUER_NOKEY)
211	throw std::invalid_argument("Issuer has no private key");
212	if (ret == ABAC_ATTRIBUTE_INVALID_ROLE)
213	throw std::invalid_argument("Role name must be alphanumeric");
214	if (ret == ABAC_ATTRIBUTE_INVALID_VALIDITY)
215	throw std::invalid_argument("Validity must be > 0 days");
216	if (ret == ABAC_ATTRIBUTE_INVALID_ISSUER)
217	throw std::invalid_argument("Issuer's validity expired");
218	}
219
220
221	bool principal(char *keyid) {
222	if (baked()) throw std::logic_error("Cert is already baked");
223	return abac_attribute_principal(m_attr, keyid);
224	}
225	bool role(char keyid, char role) {
226	if (baked()) throw std::logic_error("Cert is already baked");
227	return abac_attribute_role(m_attr, keyid, role);
228	}
229	bool linking_role(char keyid, char role, char *linked) {
230	if (baked()) throw std::logic_error("Cert is already baked");
231	return abac_attribute_linking_role(m_attr, keyid, role, linked);
232	}
233	bool bake() {
234	if (baked()) throw std::logic_error("Cert is already baked");
235	return abac_attribute_bake(m_attr);
236	}
237
238	bool bake(Context& c) {
239	if (baked()) throw std::logic_error("Cert is already baked");
240	return abac_attribute_bake_context(m_attr, c.m_ctx);
241	}
242
243	bool baked() { return abac_attribute_baked(m_attr); }
244
245	void set_output_format(char *fmt) {
246	abac_attribute_set_output_format(m_attr, fmt);
247	}
248
249	void write(FILE *out) {
250	int ret = abac_attribute_write(m_attr, out);
251	if (ret!=ABAC_SUCCESS) throw std::logic_error("Cert is not baked");
252	}
253	void write(const std::string &name) {
254	FILE *out = fopen(name.c_str(), "w");
255	if (out == NULL)
256	throw std::invalid_argument("Could not open certificate file for writing");
257	write(out);
258	fclose(out);
259	}
260	void write_file(const char *name) {
261	int ret = abac_attribute_write_file(m_attr, name);
262	if (ret!=ABAC_SUCCESS) throw std::logic_error("Cert is not baked");
263	}
264	void write_name(const char *name) {
265	write_file(name);
266	fprintf(stderr,"ABAC::Attribute::write_name is deprecated, please use ABAC::Attribute::write_name\n");
267	}
268	abac_chunk_t cert_chunk() {
269	abac_chunk_t ret=abac_attribute_cert_chunk(m_attr);
270	if(ret.len == 0)
271	throw std::logic_error("Cert is not baked");
272	return ret;
273	}
274
275	private:
276	abac_attribute_t *m_attr;
277	};
278	}
279
280	#endif /* __ABAC_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: