1 /* fides.cc - Light-weight, decentralised trust and authorisation management
2 Copyright (C) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>
4 Fides is free software; you can redistribute it and/or modify
5 it under the terms of the GNU Lesser General Public License as
6 published by the Free Software Foundation; either version 2.1 of
7 the License, or (at your option) any later version.
9 Fides is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU Lesser General Public License for more details.
14 You should have received a copy of the GNU Lesser General Public
15 License along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include "certificate.h"
27 /// \class Certificate
29 /// \brief Representation of a certificate.
31 /// Construct a certificate from elements of an already existing certificate.
33 /// @param key Public key used to sign the certificate.
34 /// @param timestamp Timestamp of the certificate.
35 /// @param statement Statement of the certificate.
36 /// @param signature Signature of the certificate.
37 Certificate::Certificate(const PublicKey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {}
39 /// Verifies the signature of the certificate.
41 /// @return True if the signature is valid, false otherwise.
42 bool Certificate::validate() const {
43 string data = signer->fingerprint(256);
44 data += string((const char *)×tamp, sizeof timestamp);
46 return signer->verify(data, signature);
49 /// Construct a new certificate and sign it with the private key.
51 /// @param key Private key to sign the certificate with.
52 /// @param timestamp Timestamp of the certificate.
53 /// @param statement Statement of the certificate.
54 Certificate::Certificate(const PrivateKey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) {
55 string data = signer->fingerprint(256);
56 data += string((const char *)×tamp, sizeof timestamp);
58 signature = key->sign(data);
61 /// Get the fingerprint of this certificate.
63 /// @param bits Number of bits from the fingerprint to return.
64 /// The number will be rounded down to the nearest multiple of 8.
65 /// @return String containing the fingerprint.
66 string Certificate::fingerprint(unsigned int bits) const {
67 return signature.substr(signature.size() - bits / 8);
70 /// Write the certificate to a string.
72 /// @return String containing the certificate in textual format.
73 string Certificate::to_string() const {
74 string data = hexencode(signer->fingerprint());
77 snprintf(ts, sizeof ts, "%lu.%06lu", timestamp.tv_sec, timestamp.tv_usec);
80 data += b64encode(signature);
89 fides_certificate *fides_certificate_new(const fides_publickey *pub, struct timeval timestamp, const char *statement, const char *signature) {
90 return new Fides::Certificate(pub, timestamp, statement, signature);
93 fides_certificate *fides_certificate_new_priv(const fides_privatekey *priv, struct timeval timestamp, const char *statement) {
94 return new Fides::Certificate(priv, timestamp, statement);
97 void fides_certificate_free(fides_certificate *c) {
102 char *fides_certificate_to_string(fides_certificate *c) {
103 return strdup(c->to_string().c_str());
106 char *fides_certificate_fingerprint(fides_certificate *c, unsigned int bits) {
107 return strdup(c->fingerprint(bits).c_str());
110 bool fides_certificate_validate(fides_certificate *c) {
111 return c->validate();