Context Navigation

source: libabac/abac.hh @ e97d2e2

mei_rt2_fix_1

Last change on this file since e97d2e2 was e3c7769, checked in by Mei <mei@…>, 12 years ago
1) wrap up java interface with swig/jni/abac linkup 2) java regression tests 3) update doc related to new java implmentation
Property mode set to `100644`
File size: 49.3 KB

Line
1	#ifndef __ABAC_HH__
2	#define __ABAC_HH__
3
4	#include <string>
5	#include <vector>
6
7	namespace ABAC {
8	extern "C" {
9	#include "abac.h"
10	}
11	static int debug=0;
12	class Role;
13	class Oset;
14	class ID;
15
16	/***
17	ABAC::Constraint
18	Constraint on a data term.
19	There are 3 types:
20	- Role constraint on a principal
21	- Oset constraint on a principal, or a data object
22	- Range/List constraint on a data object
23	It holds a ptr to a abac_condition_t structure
24	***/
25	class Constraint {
26	public:
27	/***
28	f Constraint()
29	default constructor, do not use, for swig only
30	f Constraint(const Constraint &)
31	copy constructor, used for cloning a constraint
32	f ~Constraint()
33	default destructor
34	***/
35	Constraint() : m_constraint(NULL) { }
36	Constraint(const Constraint &constraint) {
37	m_constraint=abac_condition_dup(constraint.m_constraint);
38	}
39	~Constraint() {
40	if(m_constraint) abac_condition_free(m_constraint);
41	}
42	/***
43	f Constraint(Role &)
44	constructor that takes a constraining role
45	[role:?R[{role-constraint}]
46	(C:abac_constraint_from_role)
47	f Constraint(Oset &)
48	constructor that takes a constraining oset
49	[oset:?O[{oset-constraint}]
50	[urn:?F[keyid:$alpha_keyid].oset:documents([string:?P])]
51	(C:abac_constraint_from_oset)
52	f Constraint(char *)
53	constructor that takes one of following string
54	as its vartype to set up a range constraint:
55	"integer"
56	"urn"
57	"float"
58	"boolean"
59	"time"
60	"string"
61	it should be followed with one or many of following utility
62	calls.
63	(C:abac_constraint_create)
64	***/
65	Constraint(Role& role);
66	Constraint(Oset& oset);
67	Constraint(char *vartype)
68	{ m_constraint=abac_constraint_create(vartype); }
69	/ii*
70	f Constraint(abac_condition_t *)
71	internal constructor that takes an abac_condition_t structure
72	*ii/
73	Constraint(abac_condition_t *constraint):
74	m_constraint(abac_condition_dup(constraint))
75	{ }
76	/***
77	f void constraint_add_integer_max(int)
78	(C:abac_constraint_add_integer_max)
79	void constraint_add_integer_min(int)
80	utility routines to setup a integer range constraint
81	[integer:?I[10 .. 20]]
82	(C:abac_constraint_add_integer_min)
83	f void constraint_add_integer_target(int)
84	utility routine to setup a integer list constraint
85	[integer:?I[10,20]]
86	(C:abac_constraint_add_integer_target)
87	***/
88	void constraint_add_integer_max(int val)
89	{ abac_constraint_add_integer_max(m_constraint,val); }
90	void constraint_add_integer_min(int val)
91	{ abac_constraint_add_integer_min(m_constraint,val); }
92	void constraint_add_integer_target(int val)
93	{ abac_constraint_add_integer_target(m_constraint,val); }
94	/***
95	f void constraint_add_float_max(float)
96	(C:abac_constraint_add_float_max)
97	void constraint_add_float_min(float)
98	utility routines to setup a float range constraint
99	[float:?F[1.0 .. 2.5]]
100	(C:abac_constraint_add_float_min)
101	f void constraint_add_float_target(float)
102	utility routine to setup a float list constraint
103	[float:?F[0.5, 2.5]]
104	(C:abac_constraint_add_float_target)
105	***/
106	void constraint_add_float_max(float val)
107	{ abac_constraint_add_float_max(m_constraint,val); }
108	void constraint_add_float_min(float val)
109	{ abac_constraint_add_float_min(m_constraint,val); }
110	void constraint_add_float_target(float val)
111	{ abac_constraint_add_float_target(m_constraint,val); }
112	/***
113	f void constraint_add_time_max(char*)
114	(C:abac_constraint_add_time_max)
115	void constraint_add_time_min(char*)
116	utility routines to setup a time range constraint,
117	takes quoted string values, beyond T is optional
118	[time:?F["20120228T" .. "20120228T090000"]]
119	(C:abac_constraint_add_time_min)
120	f void constraint_add_time_target(char*)
121	utility routine to setup a time list constraint
122	[time:?M["20201101T182930","20201101T"]]
123	(C:abac_constraint_add_time_target)
124	***/
125	void constraint_add_time_max(char* val)
126	{ abac_constraint_add_time_max(m_constraint,val); }
127	void constraint_add_time_min(char* val)
128	{ abac_constraint_add_time_min(m_constraint,val); }
129	void constraint_add_time_target(char* val)
130	{ abac_constraint_add_time_target(m_constraint,val); }
131	/***
132	f void constraint_add_urn_target(char*)
133	utility routine to setup a an urn list constraint
134	[urn:?U["fileA","http://fileB"]]
135	(C:abac_constraint_add_urn_target)
136	f void constraint_add_string_target(char*)
137	utility routine to setup a a string list constraint
138	[string:?S["abc",'efg',"hij"]]
139	(C:abac_constraint_add_string_target)
140	f void constraint_add_boolean_target(char*)
141	utility routine to setup a a boolean list constraint
142	[boolean:?B['true']]
143	(C:abac_constraint_add_boolean_target)
144	***/
145	void constraint_add_urn_target(char* val)
146	{ abac_constraint_add_urn_target(m_constraint,val); }
147	void constraint_add_string_target(char* val)
148	{ abac_constraint_add_string_target(m_constraint,val); }
149	void constraint_add_boolean_target(char* val)
150	{ abac_constraint_add_boolean_target(m_constraint,val); }
151	/***
152	f char *string() const
153	returns literal string of the constraint
154	(C:abac_constraint_string)
155	f char *typed_string() const
156	returns typed literal string of the constraint
157	(C:abac_constraint_typed_string)
158	***/
159	char *string() const
160	{ return abac_constraint_string(m_constraint); }
161	char *typed_string() const
162	{ return abac_constraint_typed_string(m_constraint); }
163	/ii*
164	f abac_condition_t *constraint()
165	internal returns internal constraint structure
166	*ii/
167	abac_condition_t *constraint()
168	{ return m_constraint; }
169	private:
170	abac_condition_t *m_constraint;
171	};
172
173	/***
174	ABAC::DataTerm
175	A data term is associated with Role or Oset as a parameter that
176	maybe be instantiated, or uninstantiated but being constrained,
177	or as a principal oset term (standalone right handside of an oset
178	policy rule). It holds a pointer to a abac_term_t structure.
179	Types of data terms are:
180	"integer"
181	"urn"
182	"float"
183	"boolean"
184	"string"
185	"time"
186	"principal"
187	"anonymous"
188	***/
189	class DataTerm {
190	public:
191	/***
192	f DataTerm()
193	default constructor, do not use, for swig only
194	f DataTerm(const DataTerm &)
195	copy constructor, used for cloning a data term
196	f ~DataTerm()
197	default destructor
198	***/
199	DataTerm() : m_term(NULL) { } // do not use: here for swig
200	DataTerm(const DataTerm &dterm) {
201	m_term=abac_term_dup(dterm.m_term);
202	}
203	~DataTerm() {
204	if(m_term) abac_term_free(m_term);
205	}
206	/ii*
207	f DataTerm(abac_term_t *)
208	internal constructor to make data term from abac_term_t structure
209	*ii/
210	DataTerm(abac_term_t *term)
211	{ m_term=abac_term_dup(term); }
212	/***
213	f DataTerm(char*)
214	constructor to make named principal data term for the oset RHS
215	(C: abac_term_named_create)
216	f DataTerm(const ID&)
217	constructor to make named principal data term for parameter term
218	(C: abac_term_id_create)
219	f DataTerm(char, char, Constraint*)
220	constructor for making a variable data term
221	(C: abac_term_create)
222	f DataTerm(char, char)
223	constructor for making an instantiated data term
224	(C: abac_term_create)
225	***/
226	DataTerm(char *name) {
227	if(debug) printf("adding a Dataterm named principal(%s)\n",name);
228	m_term=abac_term_named_create(name);
229	}
230	DataTerm(ID& id);
231	DataTerm(char* typenm, char name, Constraint cond) {
232	if(debug) printf("adding a Dataterm (%s)\n",name);
233	m_term=abac_term_create(typenm,name,cond->constraint());
234	}
235	DataTerm(char* typenm, char *name) {
236	if(debug) printf("adding a Dataterm (%s)\n",name);
237	m_term=abac_term_create(typenm,name,NULL);
238	}
239	/***
240	f char *string() const
241	returns literal string of the data term
242	(C:abac_term_string)
243	f char *typed_string() const
244	returns typed literal string of the data term
245	(C:abac_term_typed_string)
246	***/
247	char *string() const
248	{ return abac_term_string(m_term); }
249	char *typed_string() const
250	{ return abac_term_typed_string(m_term); }
251	/***
252	f bool term_is_time() const
253	(C:abac_term_is_time)
254	bool term_is_string() const
255	(C:abac_term_is_string)
256	bool term_is_urn() const
257	(C:abac_term_is_urn)
258	bool term_is_integer() const
259	(C:abac_term_is_integer)
260	returns true if data term is of certain type
261	***/
262	bool term_is_time() const
263	{ return abac_term_is_time(m_term); }
264	bool term_is_string() const
265	{ return abac_term_is_string(m_term); }
266	bool term_is_urn() const
267	{ return abac_term_is_urn(m_term); }
268	bool term_is_integer() const
269	{ return abac_term_is_integer(m_term); }
270	/***
271	f int term_add_constraint(Contraint&)
272	utiltiy routine to add a constraint to this data term
273	(C:abac_term_add_constraint)
274	***/
275	int term_add_constraint(Constraint& cond) {
276	abac_term_add_constraint(m_term, cond.constraint());
277	return 1;
278	}
279	/***
280	f int term_type() const
281	returns subtype of the data term
282	(C:abac_term_type)
283	f char *term_name() const
284	returns the name of the data term
285	(C:abac_term_name)
286	***/
287	int term_type() const
288	{ abac_term_type(m_term); }
289	char *term_name() const
290	{ return abac_term_name(m_term); }
291	/ii*
292	f abac_term_t *term()
293	returns abac_term_t term structure
294	*ii/
295	abac_term_t *term()
296	{ return m_term; }
297	private:
298	abac_term_t *m_term;
299	};
300
301
302	/***
303	ABAC::Role
304	A Role is role specification of a set of entitities for a principal
305	***/
306	class Role {
307	public:
308	/***
309	f Role()
310	default constructor, do not use, for swig only
311	f Role(const Role &)
312	copy constructor, used for cloning a role
313	f ~Role()
314	default destructor
315	***/
316	Role() : m_role(NULL) { } // do not use: here for swig
317	Role(const Role &role) {
318	m_role = abac_aspect_dup(role.m_role);
319	}
320	~Role() {
321	if (m_role) abac_aspect_free(m_role);
322	}
323	/ii*
324	f Role(abac_aspect_t*)
325	constructor that takes an abac_aspect_t structure
326	*ii/
327	Role(abac_aspect_t *role): m_role(abac_aspect_dup(role))
328	{ }
329	/***
330	f Role(char*)
331	constructor that builds a bare bone role with just principal's name
332	(C:abac_role_principal_create)
333	f Role(char, char)
334	constructor that builds a bare bone role with just principal's name
335	and a role name
336	(C:abac_role_create)
337	f Role(char, char, char*)
338	constructor that builds a bare bone role with just principal's name
339	and a linking role name and a role name
340	(C:abac_role_linked_create)
341	***/
342	Role(char *principal_name) :
343	m_role(abac_role_principal_create(principal_name))
344	{ }
345	Role(char principal_name, char role_name) :
346	m_role(abac_role_create(principal_name, role_name))
347	{ }
348	Role(char principal_name, char linked_role_name, char *role_name) :
349	m_role(abac_role_linked_create(principal_name, linked_role_name,role_name))
350	{ }
351	/***
352	f bool role_is_principal() const
353	return true if the role is a principal object(made from
354	a data term), the right hand side of,
355	[keyid:A].role:r <- [keyid:B]
356	(C:abac_role_is_principal)
357	***/
358	bool role_is_principal() const
359	{ return abac_role_is_principal(m_role); }
360	/***
361	f bool role_is_linking() const
362	returns true if the role is a linking role like
363	the right hand side of,
364	[keyid:A].role:r1 <- [keyid:B].role:r2.role:r3
365	(C:abac_role_is_linking)
366	***/
367	bool is_linking() const
368	{ return abac_role_is_linking(m_role); }
369	/***
370	f char *string() const
371	returns literal string of the role
372	(C:abac_role_string)
373	f char *typed_string() const
374	returns typed literal string of the role
375	(C:abac_role_typed_string)
376	***/
377	char *string() const
378	{ return abac_role_string(m_role); }
379	char *typed_string()
380	{ return abac_role_typed_string(m_role); }
381	/***
382	f char *role_linked_role() const
383	returns linked part of a linking role, for
384	[keyid:A].role:r1.role:r2, it returns r1
385	(C:abac_role_linked_role)
386	***/
387	char *role_linked_role() const
388	{ return abac_role_linked_role(m_role); }
389	/***
390	f char *role_name() const
391	returns the role name of any role (the part after the last dot)
392	[keyid:A].role.r1.role:r2, it returns r2
393	[keyid:A].role.r1, it returns r1
394	(C:abac_role_name)
395	f char *role_principal() const
396	returns the principal of role (the part before the first dot)
397	[keyid:A].role.r1, it returns A
398	(C:abac_role_principal)
399	***/
400	char *role_name() const
401	{ return abac_role_name(m_role); }
402	char *role_principal() const
403	{ return abac_role_principal(m_role); }
404
405	/***
406	f void role_add_data_term(DataTerm&)
407	add a data term to the role
408	(C:abac_role_add_data_term)
409	***/
410	void role_add_data_term(DataTerm& d) {
411	abac_role_add_data_term(m_role, d.term());
412	}
413	/***
414	f std::vector<DataTerm> get_data_terms(bool &)
415	return the data terms bound to this role.
416	(C:abac_role_get_data_terms)
417	***/
418	std::vector<DataTerm> get_data_terms(bool &success) {
419	abac_term_t terms, end;
420	int i;
421	terms = abac_role_get_data_terms(m_role);
422	for (i = 0; terms[i] != NULL; ++i)
423	;
424	end = &terms[i];
425	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
426	abac_terms_free(terms);
427	success=1;
428	return dataterms;
429	}
430	/***
431	f void role_add_linked_data_term(DataTerm&)
432	add a data term to the linking role
433	(C:abac_role_add_linked_data_term)
434	***/
435	void role_add_linked_data_term(DataTerm& d) {
436	abac_role_add_linked_data_term(m_role, d.term());
437	}
438	/***
439	f std::vector<DataTerm> get_linked_data_terms(bool &)
440	return the data terms bound to this role's linking role.
441	(C:abac_role_get_linked_data_terms)
442	***/
443	std::vector<DataTerm> get_linked_data_terms(bool &success) {
444	abac_term_t terms, end;
445	int i;
446	terms = abac_role_get_linked_data_terms(m_role);
447	for (i = 0; terms[i] != NULL; ++i)
448	;
449	end = &terms[i];
450	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
451	abac_terms_free(terms);
452	success=1;
453	return dataterms;
454	}
455	/ii*
456	f abac_aspect_t *role()
457	returns the interal libabac representation of this role
458	*ii/
459	abac_aspect_t *role() {return m_role;}
460	private:
461	abac_aspect_t *m_role;
462	};
463
464	/***
465	ABAC::Oset
466	An Oset is oset specification of a set of entitities for a principal
467	***/
468	class Oset {
469	public:
470	/***
471	f Oset()
472	default constructor, do not use, for swig only
473	f Oset(const Oset &)
474	copy constructor, used for cloning an oset
475	f ~Oset()
476	default destructor
477	***/
478	Oset() : m_oset(NULL) { } // do not use: here for swig
479	Oset(const Oset &oset)
480	{ m_oset =abac_aspect_dup(oset.m_oset); }
481	~Oset()
482	{ if(m_oset) abac_aspect_free(m_oset); }
483	/ii*
484	f Oset(abac_aspect_t *)
485	constructor that takes abac_aspect_t structure
486	*ii/
487	Oset(abac_aspect_t *oset): m_oset(abac_aspect_dup(oset))
488	{ }
489	/***
490	f Oset(char *)
491	constructor that makes a principal oset, ie [keyid:B]
492	(C:abac_role_principal_create)
493	f Oset(char , char )
494	constructor that makes a regular oset, ie. [keyid:B].oset:o
495	(C:abac_role_create)
496	f Oset(char , char, char *)
497	constructor that makes a linked oset, ie. [keyid:B].role:r.oset:o
498	(C:abac_oset_linked_create)
499	f Oset(DataTerm&)
500	constructor that makes an object oset, ie. [urn:'file/fileA']
501	(C:abac_oset_object_create)
502	***/
503	Oset(char *oset_name) : m_oset(abac_oset_principal_create(oset_name))
504	{ }
505	Oset(char principal_name, char oset_name) :
506	m_oset(abac_oset_create(principal_name, oset_name))
507	{ }
508	Oset(char principal_name, char linked_role_name,char *oset_name) :
509	m_oset(abac_oset_linked_create(principal_name, linked_role_name, oset_name))
510	{ }
511	Oset(DataTerm& d) :
512	m_oset(abac_oset_object_create(d.term()))
513	{ }
514
515	/***
516	f bool oset_is_object(), ie <- [integer:10]
517	return ture if this oset is an object oset
518	(C:abac_oset_is_object)
519	***/
520	bool oset_is_object() const
521	{ return abac_oset_is_object(m_oset); }
522	/***
523	f bool oset_is_principal() const
524	return true if the oset is a principal object(made from
525	a data term), the right hand side of,
526	[keyid:A].oset:o <- [keyid:B]
527	(C:abac_oset_is_principal)
528	***/
529	bool oset_is_principal() const
530	{ return abac_oset_is_principal(m_oset); }
531	/***
532	f bool oset_is_linking() const
533	returns true if the oset is a linking oset like
534	the right hand side of,
535	[keyid:A].oset:o1 <- [keyid:B].role:r1.oset:o2
536	(C:abac_oset_is_linking)
537	***/
538	bool oset_is_linking() const
539	{ return abac_oset_is_linking(m_oset); }
540	/***
541	f char *string() const
542	returns literal string of the oset
543	(C:abac_oset_string)
544	f char *typed_string() const
545	returns typed literal string of the oset
546	(C:abac_oset_typed_string)
547	***/
548	char *string() const
549	{ return abac_oset_string(m_oset); }
550	char *typed_string()
551	{ return abac_oset_typed_string(m_oset); }
552	/***
553	f char *oset_linked_role() const
554	returns linked part of a linking oset, for
555	[keyid:A].role:r1.oset:o1, it returns r1
556	(C:abac_oset_linked_role)
557	***/
558	char *oset_linked_role() const
559	{ return abac_oset_linked_role(m_oset); }
560	/***
561	f char *oset_name() const
562	returns oset name,
563	[keyid:A].role:r1.oset:o1, it returns o1
564	[keyid:A].oset:o1, it returns o1
565	(C:abac_oset_name)
566	***/
567	char *oset_name() const
568	{ return abac_oset_name(m_oset); }
569	/***
570	f char *oset_principal() const
571	returns principal name,
572	[keyid:A].role:r1.oset:o1, it returns A
573	(C:abac_oset_principal)
574	***/
575	char *oset_principal() const
576	{ return abac_oset_principal(m_oset); }
577	/***
578	f char *oset_object() const
579	returns object's name when the oset is a principal object
580	[keyid:A].oset:values <- [integer:10], it returns 10
581	(C:abac_oset_object)
582	***/
583	char *oset_object() const
584	{ return abac_oset_object(m_oset); }
585	/***
586	f void add_data_term(DataTerm&)
587	add a data term to this oset's parameter set
588	(C:abac_oset_add_data_term)
589	***/
590	void oset_add_data_term(DataTerm& d) {
591	abac_oset_add_data_term(m_oset, d.term());
592	}
593	/***
594	f std::vector<DataTerm> get_data_terms(bool &)
595	returns the data terms bound to this oset.
596	(C:abac_oset_get_data_terms)
597	***/
598	std::vector<DataTerm> get_data_terms(bool &success) {
599	abac_term_t terms, end;
600	int i;
601	terms = abac_oset_get_data_terms(m_oset);
602	for (i = 0; terms[i] != NULL; ++i)
603	;
604	end = &terms[i];
605	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
606	abac_terms_free(terms);
607	success=1;
608	return dataterms;
609	}
610	/***
611	f void oset_add_linked_data_term(DataTerm&)
612	add a data term to this oset's linking role's parameter set.
613	(C:abac_oset_add_linked_data_term)
614	***/
615	void oset_add_linked_data_term(DataTerm& d) {
616	abac_oset_add_linked_data_term(m_oset, d.term());
617	}
618	/***
619	f std::vector<DataTerm> get_linked_data_terms(bool &)
620	returns the data terms bound to this oset's linking role.
621	(C:abac_oset_get_linked_data_terms)
622	***/
623	std::vector<DataTerm> get_linked_data_terms(bool &success) {
624	abac_term_t terms, end;
625	int i;
626	terms = abac_oset_get_linked_data_terms(m_oset);
627	for (i = 0; terms[i] != NULL; ++i)
628	;
629	end = &terms[i];
630	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
631	abac_terms_free(terms);
632	success=1;
633	return dataterms;
634	}
635	/ii*
636	f abac_aspect_t *oset()
637	internal returns the internal libabac representation of the oset
638	*ii/
639	abac_aspect_t *oset() {return m_oset;}
640	private:
641	abac_aspect_t *m_oset;
642	};
643
644
645	/***
646	ABAC::ID
647	An ID holds a principal credential. It maybe imported from an existing
648	ID credential via external files, constructed from a streaming chunk,
649	or instantiated on the fly
650	***/
651	class ID {
652	public:
653	/***
654	f ID()
655	default constructor, do not use, for swig only
656	f ID(const ID &)
657	copy constructor, used for cloning an ID
658	f ~ID()
659	default destructor
660	***/
661	ID() : m_id(NULL) { } // do not use: here for swig
662	ID(const ID &id) { m_id =abac_id_dup(id.m_id); }
663	~ID() { if(m_id) abac_id_free(m_id); }
664	/ii*
665	f ID(abac_id_t *)
666	constructor from abac_id_t
667	f ID(abac_id_credential_t *)
668	constructor from abac_id_credential_t
669	*ii/
670	ID(abac_id_t *id): m_id(abac_id_dup(id))
671	{ }
672	ID(abac_id_credential_t *idcred) {
673	if(idcred)
674	m_id=abac_id_dup(abac_id_credential_id(idcred));
675	else m_id=NULL;
676	}
677	/***
678	f ID(char *)
679	load an ID cert from a file, will throw an exception
680	if the cert cannot be loaded
681	(C:abac_id_from_file)
682	***/
683	ID(char *filename) {
684	if(debug) printf("calling ID with a filename\n");
685	m_id=abac_id_from_file(filename);
686	if(m_id==NULL) {
687	printf("trying.. %s\n",filename);
688	abac_errx(1, "Id creation from filename failed");
689	}
690	}
691	/***
692	f ID_chunk(abac_chunk_t chunk)
693	create an ID cert from an cert chunk, will
694	throw an exception if the cert cannot be loaded
695	(C:abac_id_from_chunk)
696	***/
697	ID(abac_chunk_t chunk) {
698	/* had to renamed to ID_chunk(chunk) to make it to work with swig */
699	if(debug) printf("calling ID with chunk\n");
700	m_id=abac_id_from_chunk(chunk);
701	if(m_id==NULL)
702	abac_errx(1, "Id creation from chunk failed");
703	}
704	/***
705	f ID(char *,int)
706	generates a new ID(cert&key) with the supplied CN and validity period
707	- CN must be alphanumeric and begin with a letter
708	- validity must be at least one second
709	will throw an exception if either of the above is violated
710	(C:abac_id_generate)
711	***/
712	ID(char *cn, int validity) {
713	int rt=abac_id_generate(&m_id, cn, validity);
714	if(rt != ABAC_ID_SUCCESS)
715	abac_errx(1, "Id generation failed");
716	}
717	/***
718	f ID(char ,int, char, char*)
719	generates a new ID from a supplied CN, keyfile, passphrase(optional) file
720	and validity period
721	- CN must be alphanumeric and begin with a letter
722	- validity must be at least one second
723	will throw an exception if either of the above is violated
724	(C:abac_id_generate_with_key)
725	***/
726	ID(char cn, int validity, char kfile, char* pfile) {
727
728	int rt=abac_id_generate_with_key(&m_id, cn, validity, kfile, pfile);
729	if(rt != ABAC_ID_SUCCESS)
730	abac_errx(1, "Id (with key) creation failed");
731	}
732	/***
733	f void id_load_privkey_file(char *)
734	loads the private key associated with the ID credential,
735	will throw an exception if the key cannot be loaded
736	(C:abac_id_load_privkey_file)
737	***/
738	void id_load_privkey_file(char *filename) {
739	int rt=abac_id_load_privkey_file(m_id, filename);
740	if(rt != 1)
741	abac_errx(1, "Failed to load private key");
742	}
743	/***
744	f void id_load_encrypted_privkey_file(char , char)
745	loads an encrypted private key and pfile associated with the
746	ID credential, will throw an exception if the key cannot be loaded
747	(C:abac_id_load_enc_privkey_file)
748	***/
749	void id_load_encrypted_privkey_file(char filename, char pfile) {
750	int rt=abac_id_load_encrypted_privkey_file(m_id, filename, pfile);
751	if(rt != 1)
752	abac_errx(1, "Failed to load private key");
753	}
754	/ii*
755	f abac_id_t *id()
756	returns the abac_id_t
757	returns the interal libabac representation of this id
758	*ii/
759	abac_id_t *id() { return m_id; }
760
761	/***
762	f char *id_keyid()
763	returns the SHA1 keyid of the id cert
764	(C:abac_id_keyid)
765	f char *id_name()
766	returns the CN (the parameter passed to the constructor or the
767	CN of the cert).
768	(C:abac_id_cn)
769	***/
770	char *id_keyid() { return abac_id_keyid(m_id); }
771	char *id_name() { return abac_id_cn(m_id); }
772	/***
773	f bool id_has_privkey()
774	returns true if the ID has an associated private key
775	(C:abac_id_has_privkey)
776	***/
777	bool id_has_privkey()
778	{ return abac_id_has_privkey(m_id); }
779
780	/***
781	f void id_write_cert(FILE *)
782	writes a PEM-encoded cert to the file handle
783	(C:abac_id_write_cert)
784	f void id_write_cert(char *)
785	writes a PEM-encoded cert to a file named out
786	(C:abac_id_write_cert_fname)
787	***/
788	void id_write_cert(FILE *out)
789	{ abac_id_write_cert(m_id, out); }
790	void id_write_cert(char *filename)
791	{ abac_id_write_cert_fname(m_id, filename); }
792	/***
793	f void id_write_privkey(FILE *)
794	writes a PEM-encoded private key to the file handle
795	throws an exception if no private key is loaded
796	(C:abac_id_write_privkey)
797	f void id_write_privkey(char *)
798	writes a PEM-encoded private key a file named out
799	throws an exception if no private key is loaded
800	(C:abac_id_write_privkey_fname)
801	***/
802	void id_write_privkey(FILE *out) {
803	if(!id_has_privkey())
804	abac_errx(1, "No privkey to write");
805	abac_id_write_privkey(m_id, out);
806	}
807	void id_write_privkey(char *filename)
808	{ abac_id_write_privkey_fname(m_id, filename); }
809	/***
810	f abac_chunk_t id_cert_chunk()
811	returns a DER-encoded binary representation of the X.509 ID cert
812	associated with this ID.
813	can be passed to libabac's Context::load_id_chunk()
814	(C:abac_id_cert_chunk)
815	f abac_chunk_t id_privkey_chunk()
816	returns a PEM-encoded binary representation of the private key
817	associated with this ID.
818	can be passed to libabac's Context::load_id_chunks()
819	(C:abac_id_privkey_chunk)
820	***/
821	abac_chunk_t id_cert_chunk()
822	{
823	return abac_id_cert_chunk(m_id);
824	}
825	abac_chunk_t id_privkey_chunk()
826	{ return abac_id_privkey_chunk(m_id); }
827	void print_key_chunk()
828	{ abac_id_print_key_chunk(m_id); }
829	/***
830	f char *string()
831	returns literal string of the id credential
832	(C:abac_id_string)
833	***/
834	char *string()
835	{ return abac_id_string(m_id); }
836	public:
837	abac_id_t *m_id;
838	};
839
840
841	/***
842	ABAC::Attribute
843	This is the attribute representation for the access policy rule
844	LHS <- RHS
845	The sequence of generation is to
846	first, instantiate the object, ie, LHS (head)
847	second, adding subject(s) to it, ie, RHS (tail)
848	and then baking it.
849	Only once it's baked can you access the X.509 cert.
850	Once it's been baked you can no longer add subjects to it
851	***/
852	class Attribute {
853	public:
854	/***
855	f Attribute()
856	default constructor, do not use, for swig only
857	f Attribute(const Attribute &)
858	copy constructor, used for cloning an attribute
859	f ~Attribute()
860	default destructor
861	***/
862	Attribute() : m_attr(NULL) { }
863	Attribute(const Attribute &id)
864	{ m_attr =abac_attribute_dup(id.m_attr); }
865	~Attribute()
866	{ if(m_attr) abac_attribute_free(m_attr); }
867	/ii*
868	f Attribute(abac_attribute_t *)
869	constructor that takes abac_attribute_t, locally used
870	f Attribute(abac_credential_t *)
871	constructor that takes abac_credential_t, locally used
872	*ii/
873	Attribute(abac_attribute_t *attr): m_attr(abac_attribute_dup(attr))
874	{ }
875	Attribute(abac_credential_t *cred)
876	{ m_attr=abac_attribute_dup(abac_credential_attribute(cred)); }
877	/***
878	f Attribute(Role&, int)
879	constructor that creates an attribute policy to be signed by the issuer
880	with the given role with a specified validity period
881	An exception will be thrown if:
882	- the issuer has no private key
883	- the Head role is invalid
884	- the validity period is invalid (must be >= 1 second)
885	(C:abac_attribute_create)
886	***/
887	Attribute(Role& head, int validity) {
888	int rt=abac_attribute_create(&m_attr, head.role(), NULL, validity);
889	if(rt!=ABAC_ATTRIBUTE_SUCCESS)
890	abac_errx(1, "attribute(role), unable to make an attribute");
891	}
892	/***
893	f Attribute(Oset&, int)
894	constructor that creates an attribute policy to be signed by the issuer
895	with the given oset with a specified validity period
896	An exception will be thrown if:
897	- the issuer has no private key
898	- the Head oset is invalid
899	- the validity period is invalid (must be >= 1 second)
900	(C:abac_attribute_create)
901	***/
902	Attribute(Oset& head, int validity) {
903	int rt=abac_attribute_create(&m_attr, head.oset(), NULL, validity);
904	if(rt!=ABAC_ATTRIBUTE_SUCCESS)
905	abac_errx(1, "attribute(oset), unable to make an attribute");
906	}
907	/***
908	f Attribute_chunk(abac_chunk_t chunk)
909	constructor that creates an attribute policy to be signed by the issuer
910	with a given cert chunk.
911	(C:abac_attribute_from_chunk)
912	***/
913	Attribute(abac_chunk_t chunk) {
914	/* had to renamed to Attribute_chunk(chunk) to make it to work with swig */
915	m_attr=abac_attribute_from_chunk(chunk);
916	if(m_attr==NULL)
917	abac_errx(1, "attribute(chunk), unable to make an attribute");
918	}
919	/***
920	f bool attribute_add_tail(Role&)
921	Add a role tail. Call multiple times for intersection
922	(C:abac_attribute_add_tail)
923	f bool attribute_add_tail(Oset&)
924	Add an oset tail. Call multiple times for intersection
925	(C:abac_attribute_add_tail)
926	***/
927	bool attribute_add_tail(Role& tail) {
928	if(abac_attribute_add_tail(m_attr, tail.role()))
929	return 1;
930	else return 0;
931	}
932	bool attribute_add_tail(Oset& tail) {
933	if(abac_attribute_add_tail(m_attr, tail.oset()))
934	return 1;
935	else return 0;
936	}
937	/***
938	f char *head_string()
939	returns literal string of head of the attribute
940	(C:abac_head_string)
941	f char *tail_string()
942	returns literal string of tail of the attribute
943	(C:abac_tail_string)
944	***/
945	char *head_string()
946	{ return abac_head_string(m_attr); }
947	char *tail_string()
948	{ return abac_tail_string(m_attr); }
949	/***
950	f char *head_typed_string()
951	returns typed literal string of head of the attribute
952	(C:abac_head_typed_string)
953	f char *tail_typed_string()
954	returns typed literal string of tail of the attribute
955	(C:abac_tail_typed_string)
956	***/
957	char *head_typed_string()
958	{ return abac_head_typed_string(m_attr); }
959	char *tail_typed_string()
960	{ return abac_tail_typed_string(m_attr); }
961	/***
962	f char *string()
963	returns literal string of the attribute
964	(C:abac_attribute_string)
965	f char *typed_string()
966	returns typed literal string of the attribute
967	(C:abac_attribute_typed_string)
968	***/
969	char *string()
970	{ return abac_attribute_string(m_attr); }
971	char *typed_string()
972	{ return abac_attribute_typed_string(m_attr); }
973
974	/*** ??? not sure about implmentation
975	f const Role &role_head()
976	returns the head role
977	f const Oset &oset_head()
978	returns the oset head
979	***/
980	const Role &role_head() {
981	abac_aspect_t *head=abac_attribute_head(m_attr);
982	static Role role=Role(head);
983	return role;
984	}
985	const Oset &oset_head() {
986	abac_aspect_t *head=abac_attribute_tail(m_attr);
987	static Oset oset=Oset(head);
988	return oset;
989	}
990	/***
991	f std::vector<Role> role_tails(bool &)
992	retrieve tail role which maybe more than 1 if intersecting
993	(C:abac_attribute_role_tails)
994	f std::vector<Oset> oset_tails(bool &)
995	retrieve tail oset which maybe more than 1 if intersecting
996	(C:abac_attribute_oset_tails)
997	***/
998	std::vector<Role> role_tails(bool &success) {
999	abac_aspect_t tails, end;
1000	int i;
1001	/* make sure it is role */
1002	if(!abac_attribute_is_role(m_attr)) {
1003	success=0;
1004	abac_errx(1, "role_tails, attribute is not a role");
1005	}
1006	tails = abac_attribute_role_tails(m_attr);
1007	for (i = 0; tails[i] != NULL; ++i)
1008	;
1009	end = &tails[i];
1010	std::vector<Role> roles = std::vector<Role>(tails, end);
1011	abac_aspects_free(tails);
1012	success=1;
1013	return roles;
1014	}
1015	std::vector<Oset> oset_tails(bool &success) {
1016	abac_aspect_t tails, end;
1017	int i;
1018	/* make sure that tail is not role */
1019	if(abac_attribute_is_role(m_attr)) {
1020	success=0;
1021	abac_errx(1, "oset_tails, attribute is not an oset");
1022	}
1023	tails = abac_attribute_oset_tails(m_attr);
1024	for (i = 0; tails[i] != NULL; ++i)
1025	;
1026	end = &tails[i];
1027	std::vector<Oset> osets = std::vector<Oset>(tails, end);
1028	success=1;
1029	abac_aspects_free(tails);
1030	return osets;
1031	}
1032	/ii*
1033	f abac_attribute_t *attribute()
1034	return libabac structure for attribute
1035	*ii/
1036	abac_attribute_t *attribute() { return m_attr; }
1037
1038	/***
1039	f bool attribute_bake()
1040	Generate the cert. Call this after you've added subjects to your cert.
1041	This returns false if there are no subjects
1042	This will throw an exception if the cert's already been baked.
1043	(C:abac_attribute_bake)
1044	***/
1045	bool attribute_bake() {
1046	/* can not bake in ABAC_CN mode */
1047	if(USE("ABAC_CN"))
1048	abac_errx(1, "bake, can not bake the cert with env(ABAC_CN) set");
1049	int rt=abac_attribute_bake(m_attr);
1050	if(rt!=1)
1051	abac_errx(1, "bake, can not bake the cert");
1052	}
1053	/***
1054	f bool attribute_baked()
1055	returns true iff the cert has been baked.
1056	(C:abac_attribute_baked)
1057	***/
1058	bool attribute_baked()
1059	{ return abac_attribute_baked(m_attr); }
1060
1061	/***
1062	f void attribute_write_cert(FILE *)
1063	write the DER-encoded X.509 attribute cert to the open file handle
1064	Throws an exception if the cert isn't baked
1065	(C:abac_attribute_write_cert)
1066	***/
1067	void attribute_write_cert(FILE *out) {
1068	int rt= abac_attribute_write_cert(m_attr,out);
1069	if(!rt)
1070	abac_errx(1, "write, cert is not baked");
1071	}
1072	/***
1073	f void attribute_write_cert(char *)
1074	write the DER-encoded X.509 attribute cert to a file named out
1075	Throws an exception if the cert isn't baked
1076	(C:abac_attribute_write_cert_fname)
1077	***/
1078	void attribute_write_cert(char *filename)
1079	{ abac_attribute_write_cert_fname(m_attr,filename); }
1080	/***
1081	f abac_chunk_t cert_chunk()
1082	returns a DER-encoded binary representation of the X.509 attribute
1083	cert associated with this cert
1084	Throws an exception if the cert isn't baked
1085	the chunk can be passed to libabac's Context::load_attribute_chunk()
1086	(C:abac_attribute_cert_chunk)
1087	***/
1088	abac_chunk_t cert_chunk()
1089	{ return abac_attribute_cert_chunk(m_attr); }
1090	private:
1091	abac_attribute_t *m_attr;
1092	};
1093
1094
1095	/***
1096	ABAC::Context
1097	An ABAC Context
1098	***/
1099	class Context {
1100	public:
1101	/***
1102	f Context()
1103	default constructor
1104	f Context(const Context &)
1105	copy constructor, used for cloning the context
1106	f ~Context()
1107	default destructor
1108	f void free_context_now()
1109	Explicitly freeing the the context. This is to prevent libstrongswan's
1110	mainthread from GC'ed by Java. Used with Java/Swig/JNI combination only.
1111	***/
1112	Context() {
1113	m_ctx = abac_context_new();
1114	m_abac_version=strdup(abac_version());
1115	}
1116	Context(const Context &context) {
1117	m_ctx = abac_context_dup(context.m_ctx);
1118	m_abac_version=strdup(context.m_abac_version);
1119	}
1120	~Context() {
1121	if(m_abac_version!=NULL) free(m_abac_version);
1122	if(m_ctx!=NULL) abac_context_free(m_ctx);
1123	}
1124	void free_context_now() {
1125	if(m_ctx!=NULL) {
1126	abac_context_free_now(m_ctx);
1127	m_ctx=NULL;
1128	}
1129	if(m_abac_version!=NULL) {
1130	free(m_abac_version);
1131	m_abac_version=NULL;
1132	}
1133	}
1134	/***
1135	f void dump_yap_db()
1136	dump the complete yap prolog database
1137	(C:show_yap_db)
1138	***/
1139	void dump_yap_db()
1140	{ show_yap_db("dump_yap"); }
1141	/***
1142	f int load_id(ABAC::ID&)
1143	load id cert from ID
1144	(C:abac_context_load_id)
1145	f int load_id_file(char *)
1146	load id cert from an idkey combo file. key retrieval will be attempted
1147	but won't fail if not found
1148	(C:abac_context_load_id_file)
1149	f int load_id_encrypted_file(char , char )
1150	load id cert from an idkey combo file and a pfile. Encrypted key
1151	retrieval will be attempted but won't fail if not found
1152	(C:abac_context_load_encrypted_id_file)
1153	f int load_id_files(char , char )
1154	load id cert from an id file and a key file
1155	(C:abac_context_load_id_files)
1156	f int load_id_encrypted_files(char , char , char *)
1157	load id cert from an id file, an encrypted key file, and a pfile
1158	(C:abac_context_load_encrypted_id_files)
1159	f int load_id_chunk(abac_chunk_t)
1160	load id cert from a chunk structure
1161	(C:abac_context_load_id_chunk)
1162	f int load_id_chunks(abac_chunk_t, abac_chunk_t)
1163	load id & privkey from chunk structures
1164	(C:abac_context_load_id_privkey_chunk)
1165	f int load_id_encrypted_chunks(abac_chunk_t, abac_chunk_t,char *pfile)
1166	load id & encrypted privkey from chunk structures
1167	(C:abac_context_load_id_enc_privkey_chunk)
1168	returns:
1169	ABAC_CERT_SUCCESS successfully loaded
1170	ABAC_CERT_INVALID invalid certificate (or file not found)
1171	ABAC_CERT_BAD_SIG invalid signature
1172	***/
1173	int load_id(ABAC::ID& id)
1174	{ return abac_context_load_id(m_ctx, id.id()); }
1175	int load_id_file(char *filename)
1176	{ return abac_context_load_id_file(m_ctx, filename); }
1177	int load_id_encrypted_file(char filename, char pfile)
1178	{ return abac_context_load_encrypted_id_file(m_ctx, filename, pfile); }
1179	int load_id_files(char filename, char keyfilename)
1180	{ return abac_context_load_id_files(m_ctx, filename, keyfilename); }
1181	int load_id_encrypted_files(char filename, char keyfilename, char *pfile)
1182	{ return abac_context_load_encrypted_id_files(m_ctx, filename, keyfilename, pfile); }
1183	int load_id_chunk(abac_chunk_t cert)
1184	{ return abac_context_load_id_chunk(m_ctx, cert); }
1185	int load_id_chunks(abac_chunk_t cert, abac_chunk_t privkey)
1186	{ if(debug) printf("load_id_chunks, FUNNY privkey ptr, loc(%p)\n",
1187	privkey.ptr);
1188	return abac_context_load_id_privkey_chunk(m_ctx, cert, privkey); }
1189	int load_id_encrypted_chunks(abac_chunk_t cert, abac_chunk_t privkey, char *pfile)
1190	{ if(debug) printf("load_id_encrypted_chunks, FUNNY privkey ptr, loc(%p)\n",
1191	privkey.ptr);
1192	return abac_context_load_id_enc_privkey_chunk(m_ctx, cert, privkey, pfile); }
1193
1194	/***
1195	f int load_attribute(ABAC::Attribute&)
1196	load attribute credential from attribute structure
1197	(C:abac_context_load_attribute)
1198	f int load_attribute_file(char *)
1199	load attribute credential from a file
1200	(C:abac_context_load_attribute_file)
1201	f int load_attribute_chunk(abac_chunk_t)
1202	load attribute credential from a chunk
1203	(C:abac_context_load_attribute_chunk)
1204	f returns the same values as above, additionally
1205	returns ABAC_CERT_MISSING_ISSUER if the issuer
1206	certificate has not been loaded
1207	***/
1208	int load_attribute(ABAC::Attribute& a)
1209	{ return abac_context_load_attribute(m_ctx, a.attribute()); }
1210	int load_attribute_file(char *filename)
1211	{ return abac_context_load_attribute_file(m_ctx, filename); }
1212	int load_attribute_chunk(abac_chunk_t cert)
1213	{ return abac_context_load_attribute_chunk(m_ctx, cert); }
1214	/***
1215	f void load_principals(char *)
1216	load a directory full of principals only:
1217	f first: ${path}/*_ID.{der,pem} as identity certificates
1218	implicitly looking for ${path}/*_private.{der,pem} as
1219	the private key file
1220	then: ${path}/*_IDKEY.{der,pem} as id/key combo certificate
1221	(C:abac_context_load_principals)
1222	f void load_directory(char *)
1223	load a directory full of certificates:
1224	f first: ${path}/*_ID.{der,pem} as identity certificates
1225	implicitly looking for ${path}/*_private.{der,pem} as
1226	the private key file
1227	then: ${path}/*_IDKEY.{der,pem} as id/key combo certificate
1228	last: ${path}/*_attr.der as attribute certificates
1229	(C:abac_context_load_directory)
1230	***/
1231	void load_principals(char *path)
1232	{ abac_context_load_principals(m_ctx, path); }
1233	void load_directory(char *path)
1234	{ abac_context_load_directory(m_ctx, path); }
1235	/***
1236	f void set_no_partial_proof()
1237	(C:abac_context_set_no_partial_proof)
1238	void set_want_partial_proof()
1239	enable and disable the partial proof on query proof failure
1240	(C:abac_context_set_want_partial_proof)
1241	***/
1242	void set_no_partial_proof()
1243	{ abac_context_set_no_partial_proof(m_ctx); }
1244	void set_want_partial_proof()
1245	{ abac_context_set_want_partial_proof(m_ctx); }
1246	/***
1247	f std::vector<Attribute> query(char , char , bool &)
1248	the string version is for query that is composed by hand with SHA or
1249	in non ABAC_CN mode
1250	(C:abac_context_query)
1251	f std::vector<Attribute> query(Role &, Role &, bool &)
1252	(C:abac_context_query_with_structure)
1253	std::vector<Attribute> query(Oset &, Oset &, bool &)
1254	(C:abac_context_query_with_structure)
1255	runs the query:
1256	role <-?- principal
1257	oset <-?- principal/obj
1258	returns true/false in success
1259	returns a proof upon success,
1260	a partial proof on failure by default
1261	***/
1262	std::vector<Attribute> query(char role, char principal, bool &success) {
1263	abac_credential_t creds, end;
1264	int i, success_int;
1265
1266	creds = abac_context_query(m_ctx, role, principal, &success_int);
1267	success = success_int;
1268
1269	for (i = 0; creds[i] != NULL; ++i)
1270	;
1271
1272	end = &creds[i];
1273	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
1274	if(debug) printf("query, got rules(%d)\n", i);
1275
1276	abac_context_credentials_free(creds);
1277
1278	return attributes;
1279	}
1280
1281	std::vector<Attribute> query(Role &role, Role &p_role, bool &success) {
1282	abac_credential_t creds, end;
1283	int i, success_int;
1284
1285	creds = abac_context_query_with_structure(m_ctx, role.role(), p_role.role(), &success_int);
1286	success = success_int;
1287
1288	for (i = 0; creds[i] != NULL; ++i)
1289	;
1290
1291	end = &creds[i];
1292	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
1293
1294	abac_context_credentials_free(creds);
1295
1296	return attributes;
1297	}
1298
1299	std::vector<Attribute> query(Oset &oset, Oset &p_oset, bool &success) {
1300	abac_credential_t creds, end;
1301	int i, success_int;
1302
1303	creds = abac_context_query_with_structure(m_ctx, oset.oset(), p_oset.oset(), &success_int);
1304	success = success_int;
1305
1306	for (i = 0; creds[i] != NULL; ++i)
1307	;
1308
1309	end = &creds[i];
1310	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
1311	if(debug) printf("query, returning rules(%d)\n", i);
1312
1313	abac_context_credentials_free(creds);
1314
1315	return attributes;
1316	}
1317
1318	/***
1319	f std::vector<Attribute> next_proof(bool &)
1320	(C:abac_context_query_again)
1321	force backtrack and try to get next solution proof:
1322	returns true/false in success
1323	returns a proof upon success,
1324	***/
1325	std::vector<Attribute> next_proof(bool &success) {
1326	abac_credential_t creds, end;
1327	int i, success_int;
1328
1329	creds = abac_context_query_again(m_ctx, &success_int);
1330	success = success_int;
1331
1332	for (i = 0; creds[i] != NULL; ++i)
1333	;
1334
1335	end = &creds[i];
1336	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
1337	if(debug) printf("repeat query, got rules(%d)\n", i);
1338
1339	abac_context_credentials_free(creds);
1340
1341	return attributes;
1342	}
1343	/***
1344	f std::vector<Attribute> context_credentials(bool &)
1345	returns a vector of all the credentials loaded in the context
1346	extracted from the internal data structure
1347	(C:abac_context_credentials)
1348	***/
1349	std::vector<Attribute> context_credentials(bool &success) {
1350	abac_credential_t creds, end;
1351	int i;
1352	success = 1;
1353
1354	creds = abac_context_credentials(m_ctx);
1355	for (i = 0; creds[i] != NULL; ++i)
1356	;
1357
1358	end = &creds[i];
1359	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
1360	if(debug) printf("credentials, got (%d)\n", i);
1361
1362	abac_context_credentials_free(creds);
1363	if(debug) show_yap_db("calling from context_credentials");
1364	return attributes;
1365	}
1366
1367	/***
1368	f std::vector<Attribute> context_principals(bool &)
1369	returns a vector of all the principals loaded in the context
1370	extracted from the internal data structure
1371	(C:abac_context_principals)
1372	***/
1373	std::vector<ID> context_principals(bool &success) {
1374	abac_id_credential_t ids, end;
1375	int i;
1376	success = 1;
1377
1378	ids = abac_context_principals(m_ctx);
1379	for (i = 0; ids[i] != NULL; ++i)
1380	;
1381
1382	end = &ids[i];
1383	std::vector<ID> principals = std::vector<ID>(ids, end);
1384	if(debug) printf("principals, got (%d)\n", i);
1385
1386	abac_context_principals_free(ids);
1387	return principals;
1388	}
1389	/***
1390	f ID lookup_principal(char *)
1391	find a particular principal from the context
1392	***/
1393	ID lookup_principal(char *name) const
1394	{
1395	abac_id_credential_t *principal=abac_context_principal_lookup(m_ctx,name);
1396	if(principal==NULL) {
1397	if(debug) printf("did not find the principal(%s)\n", name);
1398	abac_errx(1, "lookup principal failed");
1399	}
1400	return principal;
1401	}
1402	/***
1403	f char *version()
1404	return the version of this interface
1405	***/
1406	char *version() const { return m_abac_version; }
1407
1408	private:
1409	abac_context_t *m_ctx;
1410	char *m_abac_version;
1411	};
1412
1413	Constraint::Constraint(Role& role)
1414	{ m_constraint=abac_constraint_from_role(role.role()); }
1415	Constraint::Constraint(Oset &oset)
1416	{ m_constraint=abac_constraint_from_oset(oset.oset()); }
1417	DataTerm::DataTerm(ID& id)
1418	{ m_term=abac_term_id_create(id.id()); }
1419	}
1420
1421	#endif /* __ABAC_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: