1 | C++ API, see bottom for notes on C, Perl, and Python. |
---|
2 | |
---|
3 | ABAC::libabac_init() |
---|
4 | must be called before using the library |
---|
5 | |
---|
6 | ABAC::abac_chunk_t |
---|
7 | unsigned char *data |
---|
8 | int len |
---|
9 | |
---|
10 | structure, represents a blob of memory |
---|
11 | used to load/return DER-encoded X509 certificates |
---|
12 | |
---|
13 | ABAC::Context |
---|
14 | Context() |
---|
15 | default constructor, takes no argument |
---|
16 | Context(const Context &ctx) |
---|
17 | copy constructor, used for cloning the context |
---|
18 | |
---|
19 | int load_id_chunk(abac_chunk_t chunk) |
---|
20 | int load_id_file(char *filename) |
---|
21 | load an identity certificate, returns: |
---|
22 | ABAC_CERT_SUCCESS successfully loaded |
---|
23 | ABAC_CERT_INVALID invalid certificate (or file not found) |
---|
24 | ABAC_CERT_BAD_SIG invalid signature |
---|
25 | |
---|
26 | int load_attribute_chunk(abac_chunk_t chunk) |
---|
27 | int load_attribute_file(char *filename) |
---|
28 | load an attribute certificate, returns the same values as above |
---|
29 | * additionally can return ABAC_CERT_MISSING_ISSUER if the issuer |
---|
30 | certificate has not been loaded |
---|
31 | |
---|
32 | void load_directory(char *path) |
---|
33 | load a directory full of certificates: |
---|
34 | first: ${path}/*_ID.{der,pem} as identity certificates |
---|
35 | then: ${path}/*_attr.der as attribute certificates |
---|
36 | |
---|
37 | std::vector<Credential> query(char *role, char *principal, bool &success) |
---|
38 | run the query: |
---|
39 | role <-?- principal |
---|
40 | returns true/false in success |
---|
41 | returns a proof upon success, partial proof on failure |
---|
42 | |
---|
43 | std::vector<Credential> credentials() |
---|
44 | returns a vector of all the credentials loaded in the context |
---|
45 | |
---|
46 | ABAC::Credential |
---|
47 | This is never instantiated directly. These will only ever be |
---|
48 | returned as a result of calls to Context::query or |
---|
49 | Context::credentials. |
---|
50 | |
---|
51 | Role &head() |
---|
52 | Role &tail() |
---|
53 | returns the head or tail of the credential |
---|
54 | see below for Role object |
---|
55 | |
---|
56 | abac_chunk_t attribute_cert() |
---|
57 | returns the DER-encoded attribute certificate, suitable for |
---|
58 | transmission over the network or storage in a file |
---|
59 | |
---|
60 | abac_chunk_t issuer_cert() |
---|
61 | returns the DER-encoded issuer certificate, again suitable for |
---|
62 | network transmission or file storage |
---|
63 | |
---|
64 | ABAC::Role |
---|
65 | Role(const Role &role) |
---|
66 | copy constructor, clones the role |
---|
67 | |
---|
68 | char *string() |
---|
69 | returns a string representation of the role |
---|
70 | |
---|
71 | the following are rarely used outside the library: |
---|
72 | |
---|
73 | Role(char *role_name) |
---|
74 | instantiate a role from a string |
---|
75 | |
---|
76 | bool is_principal() |
---|
77 | bool is_role() |
---|
78 | bool is_linking() |
---|
79 | indicates the type of role encoded |
---|
80 | |
---|
81 | char *principal() |
---|
82 | returns the principal part of any role |
---|
83 | char *role_name() |
---|
84 | returns the role name of any role (the part after the last dot) |
---|
85 | char *linked_role() |
---|
86 | returns the linked role of a linking role |
---|
87 | i.e., A.r1.r2, linked_role() returns A.r1 |
---|
88 | |
---|
89 | NOTES ON OTHER LANGUAGES |
---|
90 | |
---|
91 | The C API is nearly identical to the C++ API. Due to lack of namespaces, |
---|
92 | all function names are preceeded by abac_. Furthermore, the parameter |
---|
93 | representing the object must be passed explicitly. |
---|
94 | |
---|
95 | Example: |
---|
96 | |
---|
97 | C++: ctx.load_attribute_file("test.der"); |
---|
98 | C: abac_context_load_attribute_file(ctx, "test.der"); |
---|
99 | |
---|
100 | The Perl and Python APIs are even more similar to the C++ API. The main |
---|
101 | changes are the use of native types instead of C/C++ types. |
---|
102 | |
---|
103 | - native strings instead of char * |
---|
104 | |
---|
105 | Perl: |
---|
106 | - arrayref instead of vector |
---|
107 | - string instead of chunk_t |
---|
108 | - Context::query returns a list of two elements: |
---|
109 | my ($success, $credentials) = $ctx->query($role, $principal); |
---|
110 | $success is a boolean |
---|
111 | $credentials is an arrayref of Credential objects |
---|
112 | |
---|
113 | Python: |
---|
114 | - tuple instead of vector |
---|
115 | - bytearray instead of chunk_t (>= 2.6) |
---|
116 | - string instead of chunk_t (< 2.6) |
---|
117 | - Context::query returns a tuple with two elements: |
---|
118 | (success, credentials) = ctx.query(role, principal) |
---|
119 | success is a boolean |
---|
120 | credentials is a tuple of Credential objects |
---|