C++ API (see bottom for notes on C, Perl, and Python) Creddy::ID ID(char *filename) load an ID cert from a file Will throw an exception if the cert cannot be loaded ID(char *cn, int validity) generates a new ID with the supplied CN and validity period - CN must be alphanumeric and begin with a letter - validity must be at least one day Will throw an exception if either of the above is violated void load_privkey(char *filename) loads the private key associated with the cert will throw an exception if the key cannot be loaded char *keyid() returns the SHA1 keyid of the cert char *cert_filename() returns a suggested filename for the generated ID cert, namely: ${CN}_id.pem char *privkey_filename() returns a suggested filename for the private key of the ID cert: ${CN}_key.pem void write_cert(FILE *out) writes a PEM-encoded cert to the file handle void write_privkey(FILE *out) writes a PEM-encoded private key to the file handle throws an exception if no private key is loaded Creddy::Attribute N.B., The way you use this class is by instantiating the object, adding subjects to it, and then baking it. Only once it's baked can you access the X.509 cert. Once it's been baked you can no longer add subjects to it. Attribute(ID &issuer, char *role, int validity) Create an object to be signed by the given issuer with the given role and validity period An exception will be thrown if: - the issuer has no private key - the role name is invalid (must be alphanumeric) - the validity period is invalid (must be >= 1 day) (The following three methods will throw an exception if the certificate has been baked. They return false if there's an invalid principal or role name.) bool principial(char *keyid) Add a principal subject bool role(char *keyid, char *role) Add a role subject bool linking_role(char *keyid, char *role, char *linked) Add a linking role subject bool bake() Generate the cert. Call this after you've added subjects to your cert. This returns false if there are no subjects This will throw an exception if the cert's already been baked. bool baked() Returns true iff the cert has been baked. void write(FILE *out) Write the DER-encoded X.509 attribute cert to the open file handle Throws an exception if the cert isn't baked C API (Mostly cut/pasted from ABAC) The C API is nearly identical to the C++ API. Due to lack of namespaces, all function names are preceeded by creddy_. Furthermore, the parameter representing the object must be passed explicitly. Due to a lack of exceptions, the C API uses return values for functions which can fail. See creddy.h for more details: Example: C++: id.load_privkey("test_key.pem"); C: ret = creddy_id_load_privkey(id, "test_key.pem"); Perl/Python: The API is identical to C++. Native types are used instead of C types, but this should be seamless to a user of the library.