#ifndef __FIDES_H__
#define __FIDES_H__
-#include <stdexcept>
-#include <regex.h>
-#include <botan/botan.h>
-#include <botan/ecdsa.h>
#include <sys/time.h>
-#include <map>
+#include "certificate.h"
+#include "publickey.h"
+#include "privatekey.h"
+#include "utility.h"
-class fides {
- std::string homedir;
- std::string certdir;
- std::string obsoletedir;
- std::string keydir;
+#ifdef __cplusplus
+#include <stdexcept>
+#include <map>
+#include <vector>
- bool firstrun;
- struct timeval latest;
- static Botan::AutoSeeded_RNG rng;
+namespace Fides {
+ class exception: public std::runtime_error {
+ public:
+ exception(const std::string reason): runtime_error(reason) {}
+ };
- public:
- // Utility functions
+ class Manager {
+ std::string homedir;
+ std::string certdir;
+ std::string obsoletedir;
+ std::string keydir;
- static std::string b64encode(const std::string &in);
- static std::string b64decode(const std::string &in);
- static std::string hexencode(const std::string &in);
- static std::string hexdecode(const std::string &in);
+ bool firstrun;
+ struct timeval latest;
- /// Compiled regular expression.
+ private:
+ PrivateKey mykey;
+ std::map<std::string, PublicKey *> keys;
+ std::map<std::string, Certificate *> certs;
- /// This class holds a compiled regular expression,
- /// which can be used to match arbitrary strings to.
- /// It is a wrapper for the POSIX regex functions
- /// regcomp() and regexec().
- class regexp {
- regex_t comp;
+ void merge(Certificate *cert);
+ void merge(PublicKey *key);
public:
- static const int EXTENDED = REG_EXTENDED;
- static const int ICASE = REG_ICASE;
- static const int NOSUB = REG_NOSUB;
- static const int NEWLINE = REG_NEWLINE;
-
- static const int NOTBOL = REG_NOTBOL;
- static const int NOTEOL = REG_NOTEOL;
-
- /// Construct a compiled regular expression.
- ///
- /// @param exp Regular expression to compile.
- /// @param cflags Bitwise OR of options to apply when compiling the regular expression:
- /// - fides::regexp::EXTENDED
- /// Use POSIX Extended Regular Expression syntax when interpreting exp.
- /// - fides::regexp::ICASE
- /// Make the expression case-insensitive.
- /// - fides::regexp::NOSUB
- /// Disable support for substring addressing.
- /// - fides::regexp::NEWLINE
- /// Do not treat the newline character as the start or end of a line.
- regexp(const std::string &exp, int cflags = 0) {
- int err = regcomp(&comp, exp.c_str(), cflags);
- if(err)
- throw exception("Could not compile regular expression");
- }
-
- ~regexp() {
- regfree(&comp);
- }
-
- /// Test whether a string matches the regular expression.
- ///
- /// @param in String to test.
- /// @param eflags Bitwise OR of options to apply when matching the string:
- /// - fides::regexp::NOTBOL
- /// Do not treat the start of the string as the start of a line.
- /// - fides::regexp::NOTEOL
- /// Do not treat the end of the string as the end of a line.
- /// @return True if the string matches the regular expression, false otherwise.
- bool match(const std::string &in, int eflags = 0) {
- return regexec(&comp, in.c_str(), 0, 0, eflags) == 0;
- }
- };
+ Manager(const std::string &homedir = "");
+ ~Manager();
- class exception: public std::runtime_error {
- public:
- exception(const std::string reason): runtime_error(reason) {}
- };
+ bool is_firstrun() const;
+ bool fsck() const;
+ std::string get_homedir() const;
- // Objects manipulated by fides
+ void sign(const std::string &statement);
- class publickey {
- protected:
- Botan::ECDSA_PublicKey *pub;
+ void allow(const std::string &statement, const PublicKey *key = 0);
+ void dontcare(const std::string &statement, const PublicKey *key = 0);
+ void deny(const std::string &statement, const PublicKey *key = 0);
+ bool is_allowed(const std::string &statement, const PublicKey *key = 0) const;
+ bool is_denied(const std::string &statement, const PublicKey *key = 0) const;
- public:
- publickey();
- ~publickey();
-
- int trust;
- void load(std::istream &in);
- void save(std::ostream &out) const;
- void load(const std::string &filename);
- void save(const std::string &filename) const;
- bool verify(const std::string &data, const std::string &signature) const;
- std::string to_string() const;
- void from_string(const std::string &in);
- std::string fingerprint(unsigned int bits = 64) const;
- };
+ void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const;
+ void trust(const PublicKey *key);
+ void dctrust(const PublicKey *key);
+ void distrust(const PublicKey *key);
+ bool is_trusted(const PublicKey *key) const;
+ bool is_distrusted(const PublicKey *key) const;
+ PublicKey *find_key(const std::string &fingerprint) const;
+ void update_trust();
- class privatekey: public publickey {
- Botan::ECDSA_PrivateKey *priv;
+ std::vector<const Certificate *> find_certificates(const PublicKey *key, const std::string &statement) const;
+ std::vector<const Certificate *> find_certificates(const std::string &statement) const;
+ std::vector<const Certificate *> find_certificates(const PublicKey *key) const;
- public:
- privatekey();
- ~privatekey();
-
- void load_private(std::istream &in);
- void save_private(std::ostream &out) const;
- void load_private(const std::string &filename);
- void save_private(const std::string &filename) const;
- void generate(const std::string &field);
- void generate(unsigned int bits = 224);
- std::string sign(const std::string &data) const;
- };
+ const Certificate *import_certificate(const std::string &Certificate);
+ std::string export_certificate(const Certificate *) const;
- class certificate {
- friend class fides;
+ const PublicKey *import_key(const std::string &key);
+ std::string export_key(const PublicKey *key) const;
- /// Public key that signed this certificate.
- const publickey *signer;
- struct timeval timestamp;
- std::string statement;
- std::string signature;
+ void import_all(std::istream &in);
+ void export_all(std::ostream &out) const;
- public:
- certificate(const publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
- certificate(const privatekey *priv, struct timeval timestamp, const std::string &statement);
+ Certificate *certificate_from_string(const std::string &Certificate);
+ Certificate *certificate_load(const std::string &filename);
+ void certificate_save(const Certificate *cert, const std::string &filename) const;
- std::string to_string() const;
- std::string fingerprint(unsigned int bits = 64) const;
- bool validate() const;
};
+}
+
+extern "C" {
+typedef Fides::Manager fides_manager;
+#else
+#include <stdbool.h>
+#include <stdio.h>
+typedef struct fides_manager fides_manager;
+#endif
- // Fides class itself
-
- private:
- privatekey mykey;
- std::map<std::string, publickey *> keys;
- std::map<std::string, certificate *> certs;
-
- void merge(certificate *cert);
- void merge(publickey *key);
-
- public:
- fides(const std::string &homedir = "");
- ~fides();
+extern fides_manager *fides_init_manager(char *homedir);
+extern void fides_exit_manager(fides_manager *m);
- bool is_firstrun() const;
- bool fsck() const;
- std::string get_homedir() const;
+extern bool fides_is_firstrun(fides_manager *m);
+extern bool fides_fsck(fides_manager *m);
+extern char *fides_get_homedir(fides_manager *m);
- void sign(const std::string &statement);
+extern void fides_sign(fides_manager *m, const char *statement);
- void allow(const std::string &statement, const publickey *key = 0);
- void dontcare(const std::string &statement, const publickey *key = 0);
- void deny(const std::string &statement, const publickey *key = 0);
- bool is_allowed(const std::string &statement, const publickey *key = 0) const;
- bool is_denied(const std::string &statement, const publickey *key = 0) const;
+extern void fides_allow(fides_manager *m, const char *statement, const fides_publickey *key);
+extern void fides_dontcare(fides_manager *m, const char *statement, const fides_publickey *key);
+extern void fides_deny(fides_manager *m, const char *statement, const fides_publickey *key);
+extern bool fides_is_allowed(fides_manager *m, const char *statement, const fides_publickey *key);
+extern bool fides_is_denied(fides_manager *m, const char *statement, const fides_publickey *key);
- void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const;
- void trust(const publickey *key);
- void dctrust(const publickey *key);
- void distrust(const publickey *key);
- bool is_trusted(const publickey *key) const;
- bool is_distrusted(const publickey *key) const;
- publickey *find_key(const std::string &fingerprint) const;
- void update_trust();
+extern void fides_auth_stats(fides_manager *m, const char *statement, int *self, int *trusted, int *all);
+extern void fides_trust(fides_manager *m, const fides_publickey *key);
+extern void fides_dctrust(fides_manager *m, const fides_publickey *key);
+extern void fides_distrust(fides_manager *m, const fides_publickey *key);
+extern bool fides_is_trusted(fides_manager *m, const fides_publickey *key);
+extern bool fides_is_distrusted(fides_manager *m, const fides_publickey *key);
+extern fides_publickey *fides_find_key(fides_manager *m, const char *fingerprint);
+extern void fides_update_trust(fides_manager *m);
- std::vector<const certificate *> find_certificates(const publickey *key, const std::string &statement) const;
- std::vector<const certificate *> find_certificates(const std::string &statement) const;
- std::vector<const certificate *> find_certificates(const publickey *key) const;
+extern fides_certificate **find_certificates(fides_manager *m, const fides_publickey *key, const char *statement);
- const certificate *import_certificate(const std::string &certificate);
- std::string export_certificate(const certificate *) const;
+extern const fides_certificate *fides_import_certificate(fides_manager *m, const char *certificate);
+extern char *fides_export_certificate(fides_manager *m, const fides_certificate *certificcate);
- const publickey *import_key(const std::string &key);
- std::string export_key(const publickey *key) const;
+extern const fides_publickey *fides_import_key(fides_manager *m, const char *key);
+extern char *fides_export_key(fides_manager *m, const fides_publickey *key);
- void import_all(std::istream &in);
- void export_all(std::ostream &out) const;
+extern void fides_import_all(fides_manager *m, FILE *in);
+extern void fides_export_all(fides_manager *m, FILE *out);
- certificate *certificate_from_string(const std::string &certificate);
- certificate *certificate_load(const std::string &filename);
- void certificate_save(const certificate *cert, const std::string &filename) const;
+extern fides_certificate *fides_certificate_from_string(fides_manager *m, const char *certificate);
+extern fides_certificate *fides_certificate_load(fides_manager *m, const char *filename);
+extern void fides_certificate_save(fides_manager *m, const fides_certificate *cert, const char *filename);
-};
+#ifdef __cplusplus
+}
+#endif
#endif