- Class names are capitalised.
- Fides is now only a namespace.
- The former fides class is now Fides::Manager.
-namespace fides {
- /// \class fides::certificate
+namespace Fides {
+ /// \class Certificate
///
/// \brief Representation of a certificate.
///
/// \brief Representation of a certificate.
/// @param timestamp Timestamp of the certificate.
/// @param statement Statement of the certificate.
/// @param signature Signature of the certificate.
/// @param timestamp Timestamp of the certificate.
/// @param statement Statement of the certificate.
/// @param signature Signature of the certificate.
- certificate::certificate(const publickey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {}
+ Certificate::Certificate(const PublicKey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {}
/// Verifies the signature of the certificate.
//
/// @return True if the signature is valid, false otherwise.
/// Verifies the signature of the certificate.
//
/// @return True if the signature is valid, false otherwise.
- bool certificate::validate() const {
+ bool Certificate::validate() const {
string data = signer->fingerprint(256);
data += string((const char *)×tamp, sizeof timestamp);
data += statement;
string data = signer->fingerprint(256);
data += string((const char *)×tamp, sizeof timestamp);
data += statement;
/// @param key Private key to sign the certificate with.
/// @param timestamp Timestamp of the certificate.
/// @param statement Statement of the certificate.
/// @param key Private key to sign the certificate with.
/// @param timestamp Timestamp of the certificate.
/// @param statement Statement of the certificate.
- certificate::certificate(const privatekey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) {
+ Certificate::Certificate(const PrivateKey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) {
string data = signer->fingerprint(256);
data += string((const char *)×tamp, sizeof timestamp);
data += statement;
string data = signer->fingerprint(256);
data += string((const char *)×tamp, sizeof timestamp);
data += statement;
/// @param bits Number of bits from the fingerprint to return.
/// The number will be rounded down to the nearest multiple of 8.
/// @return String containing the fingerprint.
/// @param bits Number of bits from the fingerprint to return.
/// The number will be rounded down to the nearest multiple of 8.
/// @return String containing the fingerprint.
- string certificate::fingerprint(unsigned int bits) const {
+ string Certificate::fingerprint(unsigned int bits) const {
return signature.substr(signature.size() - bits / 8);
}
/// Write the certificate to a string.
//
/// @return String containing the certificate in textual format.
return signature.substr(signature.size() - bits / 8);
}
/// Write the certificate to a string.
//
/// @return String containing the certificate in textual format.
- string certificate::to_string() const {
+ string Certificate::to_string() const {
string data = hexencode(signer->fingerprint());
data += ' ';
char ts[100];
string data = hexencode(signer->fingerprint());
data += ' ';
char ts[100];
-/* certificate.h - Fides certificate class
+/* Certificate.h - Fides Certificate class
Copyright (C) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>
Fides is free software; you can redistribute it and/or modify
Copyright (C) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>
Fides is free software; you can redistribute it and/or modify
#include "publickey.h"
#include "privatekey.h"
#include "publickey.h"
#include "privatekey.h"
-namespace fides {
- class certificate {
- friend class fides;
+namespace Fides {
+ class Certificate {
+ friend class Manager;
/// Public key that signed this certificate.
/// Public key that signed this certificate.
- const publickey *signer;
+ const PublicKey *signer;
struct timeval timestamp;
std::string statement;
std::string signature;
public:
struct timeval timestamp;
std::string statement;
std::string signature;
public:
- certificate(const publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
- certificate(const privatekey *priv, struct timeval timestamp, const std::string &statement);
+ Certificate(const PublicKey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
+ Certificate(const PrivateKey *priv, struct timeval timestamp, const std::string &statement);
std::string to_string() const;
std::string fingerprint(unsigned int bits = 64) const;
std::string to_string() const;
std::string fingerprint(unsigned int bits = 64) const;
+namespace Fides {
+ static regexp authexp("^a[+0-] ");
+ static regexp trustexp("^t[+0-] ");
+
/// Saves a certificate to a file.
//
/// @param cert Certificate to save.
/// @param filename File to save the certificate to.
/// Saves a certificate to a file.
//
/// @param cert Certificate to save.
/// @param filename File to save the certificate to.
- void fides::certificate_save(const certificate *cert, const std::string &filename) const {
+ void Manager::certificate_save(const Certificate *cert, const std::string &filename) const {
ofstream file(filename.c_str());
file << cert->to_string() << '\n';
}
ofstream file(filename.c_str());
file << cert->to_string() << '\n';
}
//
/// @param filename File to save the certificate to.
/// @return The certificate.
//
/// @param filename File to save the certificate to.
/// @return The certificate.
- certificate *fides::certificate_load(const std::string &filename) {
+ Certificate *Manager::certificate_load(const std::string &filename) {
ifstream file(filename.c_str());
string data;
getline(file, data);
ifstream file(filename.c_str());
string data;
getline(file, data);
//
/// @param data String containing the certificate in textual form.
/// @return The certificate.
//
/// @param data String containing the certificate in textual form.
/// @return The certificate.
- certificate *fides::certificate_from_string(const std::string &data) {
+ Certificate *Manager::certificate_from_string(const std::string &data) {
size_t b, e;
e = data.find(' ', 0);
if(e == string::npos)
size_t b, e;
e = data.find(' ', 0);
if(e == string::npos)
- throw exception("Invalid certificate");
+ throw exception("Invalid Certificate");
string fingerprint = hexdecode(data.substr(0, e));
string fingerprint = hexdecode(data.substr(0, e));
- const publickey *signer = find_key(fingerprint);
+ const PublicKey *signer = find_key(fingerprint);
if(!signer)
throw exception("Unknown public key");
b = e + 1;
e = data.find('.', b);
if(e == string::npos)
if(!signer)
throw exception("Unknown public key");
b = e + 1;
e = data.find('.', b);
if(e == string::npos)
- throw exception("Invalid certificate");
+ throw exception("Invalid Certificate");
struct timeval timestamp;
timestamp.tv_sec = atol(data.c_str() + b);
b = e + 1;
timestamp.tv_usec = atol(data.c_str() + b);
e = data.find(' ', b);
if(e == string::npos)
struct timeval timestamp;
timestamp.tv_sec = atol(data.c_str() + b);
b = e + 1;
timestamp.tv_usec = atol(data.c_str() + b);
e = data.find(' ', b);
if(e == string::npos)
- throw exception("Invalid certificate");
+ throw exception("Invalid Certificate");
b = e + 1;
e = data.find(' ', b);
if(e == string::npos)
b = e + 1;
e = data.find(' ', b);
if(e == string::npos)
- throw exception("Invalid certificate");
+ throw exception("Invalid Certificate");
string signature = b64decode(data.substr(b, e - b));
b = e + 1;
string statement = data.substr(b);
string signature = b64decode(data.substr(b, e - b));
b = e + 1;
string statement = data.substr(b);
- return new certificate(signer, timestamp, statement, signature);
+ return new Certificate(signer, timestamp, statement, signature);
///
/// \brief Interaction with a Fides database.
///
///
/// \brief Interaction with a Fides database.
///
- /// A fides object manages a database of public keys and certificates.
+ /// A Manager object manages a database of public keys and certificates.
/// New certificates can be created, certificates can be imported and exported,
/// and queries can be done on the database.
/// New certificates can be created, certificates can be imported and exported,
/// and queries can be done on the database.
/// are used, in the given order:
/// - \$FIDES_HOME
/// - \$HOME/.fides
/// are used, in the given order:
/// - \$FIDES_HOME
/// - \$HOME/.fides
- /// - \$WPD/.fides
- fides::fides(const std::string &dir): homedir(dir) {
+ /// - \$PWD/.fides
+ Manager::Manager(const std::string &dir): homedir(dir) {
debug cerr << "Fides initialising\n";
// Set homedir to provided directory, or $FIDES_HOME, or $HOME/.fides, or as a last resort $PWD/.fides
debug cerr << "Fides initialising\n";
// Set homedir to provided directory, or $FIDES_HOME, or $HOME/.fides, or as a last resort $PWD/.fides
try {
mykey.load_private(homedir + "priv");
firstrun = false;
try {
mykey.load_private(homedir + "priv");
firstrun = false;
- } catch(fides::exception &e) {
+ } catch(exception &e) {
cerr << "Fides generating keypair\n";
mykey.generate();
mykey.save_private(homedir + "priv");
cerr << "Fides generating keypair\n";
mykey.generate();
mykey.save_private(homedir + "priv");
for(size_t i = 0; i < files.size(); ++i) {
debug cerr << "Loading key " << files[i] << '\n';
for(size_t i = 0; i < files.size(); ++i) {
debug cerr << "Loading key " << files[i] << '\n';
- publickey *key = new publickey();
+ PublicKey *key = new PublicKey();
key->load(keydir + files[i]);
keys[hexdecode(files[i])] = key;
}
key->load(keydir + files[i]);
keys[hexdecode(files[i])] = key;
}
files = dirlist(certdir);
for(size_t i = 0; i < files.size(); ++i) {
files = dirlist(certdir);
for(size_t i = 0; i < files.size(); ++i) {
- debug cerr << "Loading certificate " << files[i] << '\n';
- certificate *cert = certificate_load(certdir + files[i]);
+ debug cerr << "Loading Certificate " << files[i] << '\n';
+ Certificate *cert = certificate_load(certdir + files[i]);
if(false && !cert->validate()) {
if(false && !cert->validate()) {
- cerr << "Bad certificate in database: " << cert->to_string() << '\n';
+ cerr << "Bad Certificate in database: " << cert->to_string() << '\n';
continue;
}
certs[hexdecode(files[i])] = cert;
}
continue;
}
certs[hexdecode(files[i])] = cert;
}
- // TODO: save and load this value
+ /// \TODO save and load this value
latest.tv_sec = 0;
latest.tv_usec = 0;
update_trust();
}
latest.tv_sec = 0;
latest.tv_usec = 0;
update_trust();
}
debug cerr << "Fides exitting\n";
debug cerr << "Fides exitting\n";
- for(map<string, certificate *>::const_iterator i = certs.begin(); i != certs.end(); ++i)
+ for(map<string, Certificate *>::const_iterator i = certs.begin(); i != certs.end(); ++i)
- for(map<string, publickey *>::const_iterator i = keys.begin(); i != keys.end(); ++i)
+ for(map<string, PublicKey *>::const_iterator i = keys.begin(); i != keys.end(); ++i)
if(i->second != &mykey)
delete i->second;
}
if(i->second != &mykey)
delete i->second;
}
/// Checks the validaty of all certificates.
//
/// @return True if all known certificates are valid, false otherwise.
/// Checks the validaty of all certificates.
//
/// @return True if all known certificates are valid, false otherwise.
- bool fides::fsck() const {
+ bool Manager::fsck() const {
- for(map<string, certificate *>::const_iterator i = certs.begin(); i != certs.end(); ++i) {
+ for(map<string, Certificate *>::const_iterator i = certs.begin(); i != certs.end(); ++i) {
if(!i->second->validate()) {
if(!i->second->validate()) {
- cerr << "Validation of certificate failed: " << i->second->to_string() << '\n';
+ cerr << "Validation of Certificate failed: " << i->second->to_string() << '\n';
- cerr << errors << " errors in " << certs.size() << " certificates\n";
+ cerr << errors << " errors in " << certs.size() << " Certificates\n";
return !errors;
}
/// Returns the base directory used by Fides.
//
/// @return The home directory.
return !errors;
}
/// Returns the base directory used by Fides.
//
/// @return The home directory.
- string fides::get_homedir() const {
+ string Manager::get_homedir() const {
return homedir;
}
/// Tests whether this is the first time Fides has run and has generated new keys.
//
/// @return True if this is the first time, false otherwise.
return homedir;
}
/// Tests whether this is the first time Fides has run and has generated new keys.
//
/// @return True if this is the first time, false otherwise.
- bool fides::is_firstrun() const {
+ bool Manager::is_firstrun() const {
//
/// @param fingerprint String containing a fingerprint.
/// @return Pointer to the public key corresponding to the fingerprint, or NULL if it was not found.
//
/// @param fingerprint String containing a fingerprint.
/// @return Pointer to the public key corresponding to the fingerprint, or NULL if it was not found.
- publickey *fides::find_key(const std::string &fingerprint) const {
- map<string, publickey *>::const_iterator i;
+ PublicKey *Manager::find_key(const std::string &fingerprint) const {
+ map<string, PublicKey *>::const_iterator i;
i = keys.find(fingerprint);
if(i != keys.end())
return i->second;
i = keys.find(fingerprint);
if(i != keys.end())
return i->second;
/// @param signer Public key to match certificates to.
/// @param regex Regular expression to match the statement of each certificate to.
/// @return A vector of certificates that match the criteria.
/// @param signer Public key to match certificates to.
/// @param regex Regular expression to match the statement of each certificate to.
/// @return A vector of certificates that match the criteria.
- vector<const certificate *> fides::find_certificates(const publickey *signer, const std::string ®ex) const {
- vector<const certificate *> found;
- map<string, certificate *>::const_iterator i;
+ vector<const Certificate *> Manager::find_certificates(const PublicKey *signer, const std::string ®ex) const {
+ vector<const Certificate *> found;
+ map<string, Certificate *>::const_iterator i;
regexp regexp(regex);
for(i = certs.begin(); i != certs.end(); ++i) {
if(!i->second) {
regexp regexp(regex);
for(i = certs.begin(); i != certs.end(); ++i) {
if(!i->second) {
- cerr << "No certificate for " << hexencode(i->first) << '\n';
+ cerr << "No Certificate for " << hexencode(i->first) << '\n';
continue;
}
if(i->second->signer == signer)
continue;
}
if(i->second->signer == signer)
//
/// @param regex Regular expression to match the statement of each certificate to.
/// @return A vector of certificates that match the criteria.
//
/// @param regex Regular expression to match the statement of each certificate to.
/// @return A vector of certificates that match the criteria.
- vector<const certificate *> fides::find_certificates(const std::string ®ex) const {
- vector<const certificate *> found;
- map<string, certificate *>::const_iterator i;
+ vector<const Certificate *> Manager::find_certificates(const std::string ®ex) const {
+ vector<const Certificate *> found;
+ map<string, Certificate *>::const_iterator i;
regexp regexp(regex);
for(i = certs.begin(); i != certs.end(); ++i)
if(regexp.match(i->second->statement))
regexp regexp(regex);
for(i = certs.begin(); i != certs.end(); ++i)
if(regexp.match(i->second->statement))
//
/// @param signer Public key to match certificates to.
/// @return A vector of certificates that match the criteria.
//
/// @param signer Public key to match certificates to.
/// @return A vector of certificates that match the criteria.
- vector<const certificate *> fides::find_certificates(const publickey *signer) const {
- vector<const certificate *> found;
- map<string, certificate *>::const_iterator i;
+ vector<const Certificate *> Manager::find_certificates(const PublicKey *signer) const {
+ vector<const Certificate *> found;
+ map<string, Certificate *>::const_iterator i;
for(i = certs.begin(); i != certs.end(); ++i)
if(i->second->signer == signer)
found.push_back(i->second);
for(i = certs.begin(); i != certs.end(); ++i)
if(i->second->signer == signer)
found.push_back(i->second);
/// Import public keys and certificates from a stream.
//
/// @param in Stream to read from.
/// Import public keys and certificates from a stream.
//
/// @param in Stream to read from.
- void fides::import_all(std::istream &in) {
+ void Manager::import_all(std::istream &in) {
string line, pem;
bool is_pem = false;
string line, pem;
bool is_pem = false;
if(is_pem || !line.compare(0, 11, "-----BEGIN ")) {
pem += line + '\n';
if(!line.compare(0, 9, "-----END ")) {
if(is_pem || !line.compare(0, 11, "-----BEGIN ")) {
pem += line + '\n';
if(!line.compare(0, 9, "-----END ")) {
- publickey *key = new publickey();
+ PublicKey *key = new PublicKey();
key->from_string(pem);
debug cerr << "Imported key " << hexencode(key->fingerprint()) << '\n';
merge(key);
key->from_string(pem);
debug cerr << "Imported key " << hexencode(key->fingerprint()) << '\n';
merge(key);
- certificate *cert = certificate_from_string(line);
- debug cerr << "Importing certificate " << hexencode(cert->fingerprint()) << '\n';
+ Certificate *cert = certificate_from_string(line);
+ debug cerr << "Importing Certificate " << hexencode(cert->fingerprint()) << '\n';
/// Export all public keys and certificates to a stream.
//
/// @param out Stream to write to.
/// Export all public keys and certificates to a stream.
//
/// @param out Stream to write to.
- void fides::export_all(std::ostream &out) const {
- for(map<string, publickey *>::const_iterator i = keys.begin(); i != keys.end(); ++i)
+ void Manager::export_all(std::ostream &out) const {
+ for(map<string, PublicKey *>::const_iterator i = keys.begin(); i != keys.end(); ++i)
out << i->second->to_string();
out << i->second->to_string();
- for(map<string, certificate *>::const_iterator i = certs.begin(); i != certs.end(); ++i)
+ for(map<string, Certificate *>::const_iterator i = certs.begin(); i != certs.end(); ++i)
out << i->second->to_string() << '\n';
}
out << i->second->to_string() << '\n';
}
//
/// This creates a certificate that says that we trust the given public key.
/// If a key is trusted, then authorisation certificates from that key are taken into account
//
/// This creates a certificate that says that we trust the given public key.
/// If a key is trusted, then authorisation certificates from that key are taken into account
- /// when calling functions such as fides::is_allowed().
+ /// when calling functions such as Manager::is_allowed().
///
/// @param key Public key to trust.
///
/// @param key Public key to trust.
- void fides::trust(const publickey *key) {
+ void Manager::trust(const PublicKey *key) {
string full = "t+ " + hexencode(key->fingerprint());
sign(full);
}
string full = "t+ " + hexencode(key->fingerprint());
sign(full);
}
//
/// This creates a certificate that says that we distrust the given public key.
/// If a key is distrusted, then authorisation certificates from that key are not taken into account
//
/// This creates a certificate that says that we distrust the given public key.
/// If a key is distrusted, then authorisation certificates from that key are not taken into account
- /// when calling functions such as fides::is_allowed().
+ /// when calling functions such as Manager::is_allowed().
///
/// @param key Public key to trust.
///
/// @param key Public key to trust.
- void fides::distrust(const publickey *key) {
+ void Manager::distrust(const PublicKey *key) {
string full = "t- " + hexencode(key->fingerprint());
sign(full);
}
string full = "t- " + hexencode(key->fingerprint());
sign(full);
}
/// This key and certificates created by it are then treated as if we have never trusted nor distrusted this key.
///
/// @param key Public key to trust.
/// This key and certificates created by it are then treated as if we have never trusted nor distrusted this key.
///
/// @param key Public key to trust.
- void fides::dctrust(const publickey *key) {
+ void Manager::dctrust(const PublicKey *key) {
string full = "t0 " + hexencode(key->fingerprint());
sign(full);
}
/// Recalculate the trust value of all known public keys.
string full = "t0 " + hexencode(key->fingerprint());
sign(full);
}
/// Recalculate the trust value of all known public keys.
- void fides::update_trust() {
+ void Manager::update_trust() {
// clear trust on all keys
// clear trust on all keys
- for(map<string, publickey *>::const_iterator i = keys.begin(); i != keys.end(); ++i)
+ for(map<string, PublicKey *>::const_iterator i = keys.begin(); i != keys.end(); ++i)
i->second->trust = 0;
// Start by checking all trust certificates from ourself.
i->second->trust = 0;
// Start by checking all trust certificates from ourself.
// Already checked keys are never updated anymore (TODO: is that smart?)
// Certificates of keys with a zero or negative trust score are not processed.
// Already checked keys are never updated anymore (TODO: is that smart?)
// Certificates of keys with a zero or negative trust score are not processed.
- set<publickey *> checked;
- set<publickey *> tocheck;
- set<publickey *> newkeys;
- set<publickey *>::iterator i;
+ set<PublicKey *> checked;
+ set<PublicKey *> tocheck;
+ set<PublicKey *> newkeys;
+ set<PublicKey *>::iterator i;
mykey.trust = 3;
tocheck.insert(&mykey);
mykey.trust = 3;
tocheck.insert(&mykey);
// find all non-zero trust certificates of this key
// find all non-zero trust certificates of this key
- vector<const certificate *> matches = find_certificates(*i, "^t[+-] ");
+ vector<const Certificate *> matches = find_certificates(*i, "^t[+-] ");
// update trust value of those keys
for(size_t j = 0; j < matches.size(); j++) {
// update trust value of those keys
for(size_t j = 0; j < matches.size(); j++) {
- publickey *other = find_key(hexdecode(matches[j]->statement.substr(3)));
+ PublicKey *other = find_key(hexdecode(matches[j]->statement.substr(3)));
- cerr << "Trust certificate for unknown key: " << matches[j]->to_string() << '\n';
+ cerr << "Trust Certificate for unknown key: " << matches[j]->to_string() << '\n';
continue;
}
// except for keys we already checked
if(checked.find(other) != checked.end()) {
continue;
}
// except for keys we already checked
if(checked.find(other) != checked.end()) {
- debug cerr << "Skipping trust certificate for already checked key: " << matches[j]->to_string() << '\n';
+ debug cerr << "Skipping trust Certificate for already checked key: " << matches[j]->to_string() << '\n';
/// Merges a public key into the database.
//
/// @param key The public key to merge.
/// Merges a public key into the database.
//
/// @param key The public key to merge.
- void fides::merge(publickey *key) {
+ void Manager::merge(PublicKey *key) {
if(keys.find(key->fingerprint()) != keys.end()) {
debug cerr << "Key already known\n";
return;
if(keys.find(key->fingerprint()) != keys.end()) {
debug cerr << "Key already known\n";
return;
/// the older certificate will be removed.
///
/// @param cert The certificate to merge.
/// the older certificate will be removed.
///
/// @param cert The certificate to merge.
- void fides::merge(certificate *cert) {
+ void Manager::merge(Certificate *cert) {
// TODO: check if cert is already in database
// TODO: check if cert obsoletes other certs
// TODO: check if cert is already in database
// TODO: check if cert obsoletes other certs
// If the certificate does not validate, drop it.
if(!cert->validate()) {
// TODO: this should not happen, be wary of DoS attacks
// If the certificate does not validate, drop it.
if(!cert->validate()) {
// TODO: this should not happen, be wary of DoS attacks
- cerr << "Trying to merge invalid certificate: " << cert->to_string() << '\n';
+ cerr << "Trying to merge invalid Certificate: " << cert->to_string() << '\n';
- // TODO: move these regexps to the class?
- regexp authexp("^a[+0-] ");
- regexp trustexp("^t[+0-] ");
- vector<const certificate *> others;
+ vector<const Certificate *> others;
// Is this an authorisation cert?
if(authexp.match(cert->statement)) {
// Is this an authorisation cert?
if(authexp.match(cert->statement)) {
others = find_certificates(cert->signer, string("^a[+0-] ") + cert->statement.substr(3) + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
others = find_certificates(cert->signer, string("^a[+0-] ") + cert->statement.substr(3) + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
- debug cerr << "Certificate is overruled by a newer certificate\n";
+ debug cerr << "Certificate is overruled by a newer Certificate\n";
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
debug cerr << "Certificate has same timestamp as another timestamp!\n";
return;
}
debug cerr << "Certificate has same timestamp as another timestamp!\n";
return;
}
- debug cerr << "Certificate overrules an older certificate!\n";
+ debug cerr << "Certificate overrules an older Certificate!\n";
// save new cert first
certificate_save(cert, certdir + hexencode(cert->fingerprint()));
certs[cert->fingerprint()] = cert;
// save new cert first
certificate_save(cert, certdir + hexencode(cert->fingerprint()));
certs[cert->fingerprint()] = cert;
others = find_certificates(cert->signer, string("^t[+0-] ") + cert->statement.substr(3) + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
others = find_certificates(cert->signer, string("^t[+0-] ") + cert->statement.substr(3) + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
- debug cerr << "Certificate is overruled by a newer certificate\n";
+ debug cerr << "Certificate is overruled by a newer Certificate\n";
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
debug cerr << "Certificate has same timestamp as another timestamp!\n";
return;
}
debug cerr << "Certificate has same timestamp as another timestamp!\n";
return;
}
- debug cerr << "Certificate overrules an older certificate!\n";
+ debug cerr << "Certificate overrules an older Certificate!\n";
// delete old one
rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str());
certs.erase(others[0]->fingerprint());
// delete old one
rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str());
certs.erase(others[0]->fingerprint());
others = find_certificates(cert->signer, string("^") + cert->statement + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
others = find_certificates(cert->signer, string("^") + cert->statement + '$');
if(others.size()) {
if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) {
- debug cerr << "Certificate is overruled by a newer certificate\n";
+ debug cerr << "Certificate is overruled by a newer Certificate\n";
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
return;
}
if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) {
debug cerr << "Certificate has same timestamp as another timestamp!\n";
return;
}
debug cerr << "Certificate has same timestamp as another timestamp!\n";
return;
}
- debug cerr << "Certificate overrules an older certificate!\n";
+ debug cerr << "Certificate overrules an older Certificate!\n";
// delete old one
rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str());
certs.erase(others[0]->fingerprint());
// delete old one
rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str());
certs.erase(others[0]->fingerprint());
/// gave a positive authorisation, 0 if there is a tie,
/// or negative if the majority gave a negative authorisation.
/// @param all Same as trusted but for all public keys.
/// gave a positive authorisation, 0 if there is a tie,
/// or negative if the majority gave a negative authorisation.
/// @param all Same as trusted but for all public keys.
- void fides::auth_stats(const std::string &statement, int &self, int &trusted, int &all) const {
+ void Manager::auth_stats(const std::string &statement, int &self, int &trusted, int &all) const {
self = trusted = all = 0;
self = trusted = all = 0;
- vector<const certificate *> matches = find_certificates(string("^a[+0-] ") + statement + '$');
+ vector<const Certificate *> matches = find_certificates(string("^a[+0-] ") + statement + '$');
for(size_t i = 0; i < matches.size(); ++i) {
char code = matches[i]->statement[1];
int diff = 0;
for(size_t i = 0; i < matches.size(); ++i) {
char code = matches[i]->statement[1];
int diff = 0;
//
/// @param key The public key to test.
/// @return True if the key is explicitly trusted, false otherwise.
//
/// @param key The public key to test.
/// @return True if the key is explicitly trusted, false otherwise.
- bool fides::is_trusted(const publickey *key) const {
+ bool Manager::is_trusted(const PublicKey *key) const {
//
/// @param key The public key to test.
/// @return True if the key is explicitly distrusted, false otherwise.
//
/// @param key The public key to test.
/// @return True if the key is explicitly distrusted, false otherwise.
- bool fides::is_distrusted(const publickey *key) const {
+ bool Manager::is_distrusted(const PublicKey *key) const {
/// @param statement The statement to test.
/// @param key The public key to test.
/// @return True if the statement is allowed for the given key, false otherwise.
/// @param statement The statement to test.
/// @param key The public key to test.
/// @return True if the statement is allowed for the given key, false otherwise.
- bool fides::is_allowed(const std::string &statement, const publickey *key) const {
+ bool Manager::is_allowed(const std::string &statement, const PublicKey *key) const {
int self, trusted, all;
if(key)
int self, trusted, all;
if(key)
/// @param statement The statement to test.
/// @param key The public key to test.
/// @return True if the statement is denied for the given key, false otherwise.
/// @param statement The statement to test.
/// @param key The public key to test.
/// @return True if the statement is denied for the given key, false otherwise.
- bool fides::is_denied(const std::string &statement, const publickey *key) const {
+ bool Manager::is_denied(const std::string &statement, const PublicKey *key) const {
int self, trusted, all;
if(key)
int self, trusted, all;
if(key)
/// Creates a certificate for the given statement.
//
/// @param statement The statement to create a certificate for.
/// Creates a certificate for the given statement.
//
/// @param statement The statement to create a certificate for.
- void fides::sign(const std::string &statement) {
+ void Manager::sign(const std::string &statement) {
// Try to set "latest" to now, but ensure monoticity
struct timeval now;
gettimeofday(&now, 0);
// Try to set "latest" to now, but ensure monoticity
struct timeval now;
gettimeofday(&now, 0);
}
// Create a new certificate and merge it with our database
}
// Create a new certificate and merge it with our database
- merge(new certificate(&mykey, latest, statement));
+ merge(new Certificate(&mykey, latest, statement));
- void fides::allow(const std::string &statement, const publickey *key) {
+ void Manager::allow(const std::string &statement, const PublicKey *key) {
string full = "a+ ";
if(key)
full += hexencode(key->fingerprint()) + ' ';
string full = "a+ ";
if(key)
full += hexencode(key->fingerprint()) + ' ';
- void fides::dontcare(const std::string &statement, const publickey *key) {
+ void Manager::dontcare(const std::string &statement, const PublicKey *key) {
string full = "a0 ";
if(key)
full += hexencode(key->fingerprint()) + ' ';
string full = "a0 ";
if(key)
full += hexencode(key->fingerprint()) + ' ';
- void fides::deny(const std::string &statement, const publickey *key) {
+ void Manager::deny(const std::string &statement, const PublicKey *key) {
string full = "a- ";
if(key)
full += hexencode(key->fingerprint()) + ' ';
string full = "a- ";
if(key)
full += hexencode(key->fingerprint()) + ' ';
#include "privatekey.h"
#include "utility.h"
#include "privatekey.h"
#include "utility.h"
-namespace fides {
- class fides {
+namespace Fides {
+ class exception: public std::runtime_error {
+ public:
+ exception(const std::string reason): runtime_error(reason) {}
+ };
+
+ class Manager {
std::string homedir;
std::string certdir;
std::string obsoletedir;
std::string homedir;
std::string certdir;
std::string obsoletedir;
bool firstrun;
struct timeval latest;
bool firstrun;
struct timeval latest;
- public:
- // Utility functions
-
- class exception: public std::runtime_error {
- public:
- exception(const std::string reason): runtime_error(reason) {}
- };
- // Fides class itself
-
- privatekey mykey;
- std::map<std::string, publickey *> keys;
- std::map<std::string, certificate *> certs;
+ PrivateKey mykey;
+ std::map<std::string, PublicKey *> keys;
+ std::map<std::string, Certificate *> certs;
- void merge(certificate *cert);
- void merge(publickey *key);
+ void merge(Certificate *cert);
+ void merge(PublicKey *key);
- fides(const std::string &homedir = "");
- ~fides();
+ Manager(const std::string &homedir = "");
+ ~Manager();
bool is_firstrun() const;
bool fsck() const;
bool is_firstrun() const;
bool fsck() const;
void sign(const std::string &statement);
void sign(const std::string &statement);
- void allow(const std::string &statement, const publickey *key = 0);
- void dontcare(const std::string &statement, const publickey *key = 0);
- void deny(const std::string &statement, const publickey *key = 0);
- bool is_allowed(const std::string &statement, const publickey *key = 0) const;
- bool is_denied(const std::string &statement, const publickey *key = 0) const;
+ void allow(const std::string &statement, const PublicKey *key = 0);
+ void dontcare(const std::string &statement, const PublicKey *key = 0);
+ void deny(const std::string &statement, const PublicKey *key = 0);
+ bool is_allowed(const std::string &statement, const PublicKey *key = 0) const;
+ bool is_denied(const std::string &statement, const PublicKey *key = 0) const;
void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const;
void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const;
- void trust(const publickey *key);
- void dctrust(const publickey *key);
- void distrust(const publickey *key);
- bool is_trusted(const publickey *key) const;
- bool is_distrusted(const publickey *key) const;
- publickey *find_key(const std::string &fingerprint) const;
+ void trust(const PublicKey *key);
+ void dctrust(const PublicKey *key);
+ void distrust(const PublicKey *key);
+ bool is_trusted(const PublicKey *key) const;
+ bool is_distrusted(const PublicKey *key) const;
+ PublicKey *find_key(const std::string &fingerprint) const;
- std::vector<const certificate *> find_certificates(const publickey *key, const std::string &statement) const;
- std::vector<const certificate *> find_certificates(const std::string &statement) const;
- std::vector<const certificate *> find_certificates(const publickey *key) const;
+ std::vector<const Certificate *> find_certificates(const PublicKey *key, const std::string &statement) const;
+ std::vector<const Certificate *> find_certificates(const std::string &statement) const;
+ std::vector<const Certificate *> find_certificates(const PublicKey *key) const;
- const certificate *import_certificate(const std::string &certificate);
- std::string export_certificate(const certificate *) const;
+ const Certificate *import_certificate(const std::string &Certificate);
+ std::string export_certificate(const Certificate *) const;
- const publickey *import_key(const std::string &key);
- std::string export_key(const publickey *key) const;
+ const PublicKey *import_key(const std::string &key);
+ std::string export_key(const PublicKey *key) const;
void import_all(std::istream &in);
void export_all(std::ostream &out) const;
void import_all(std::istream &in);
void export_all(std::ostream &out) const;
- certificate *certificate_from_string(const std::string &certificate);
- certificate *certificate_load(const std::string &filename);
- void certificate_save(const certificate *cert, const std::string &filename) const;
+ Certificate *certificate_from_string(const std::string &Certificate);
+ Certificate *certificate_load(const std::string &filename);
+ void certificate_save(const Certificate *cert, const std::string &filename) const;
static Botan::AutoSeeded_RNG rng;
static Botan::AutoSeeded_RNG rng;
-namespace fides {
- /// \class privatekey
+namespace Fides {
+ /// \class PrivateKey
///
/// \brief Representation of a public/private keypair.
///
///
/// \brief Representation of a public/private keypair.
///
/// so that others who have the corresponding public key
/// can ascertain that the statement was really made by us.
/// so that others who have the corresponding public key
/// can ascertain that the statement was really made by us.
- privatekey::privatekey(): priv(0) {
+ PrivateKey::PrivateKey(): priv(0) {
- privatekey::~privatekey() {
+ PrivateKey::~PrivateKey() {
/// Generates a new public/private keypair.
//
/// @param field OID of the field to generate a key in.
/// Generates a new public/private keypair.
//
/// @param field OID of the field to generate a key in.
- void privatekey::generate(const std::string &field) {
+ void PrivateKey::generate(const std::string &field) {
Botan::EC_Domain_Params domain = Botan::get_EC_Dom_Pars_by_oid(field);
pub = priv = new Botan::ECDSA_PrivateKey(rng, domain);
}
Botan::EC_Domain_Params domain = Botan::get_EC_Dom_Pars_by_oid(field);
pub = priv = new Botan::ECDSA_PrivateKey(rng, domain);
}
/// Allowed values are 112, 128, 160, 192, 224, 256, 384 and 521.
/// Keys less than 160 bits are considered weak.
/// Keys greater than 224 bits are considered very strong.
/// Allowed values are 112, 128, 160, 192, 224, 256, 384 and 521.
/// Keys less than 160 bits are considered weak.
/// Keys greater than 224 bits are considered very strong.
- void privatekey::generate(unsigned int bits) {
+ void PrivateKey::generate(unsigned int bits) {
switch(bits) {
case 112: return generate("1.3.132.0.6");
case 128: return generate("1.3.132.0.28");
switch(bits) {
case 112: return generate("1.3.132.0.6");
case 128: return generate("1.3.132.0.28");
case 256: return generate("1.3.132.0.10");
case 384: return generate("1.3.132.0.34");
case 521: return generate("1.3.132.0.35");
case 256: return generate("1.3.132.0.10");
case 384: return generate("1.3.132.0.34");
case 521: return generate("1.3.132.0.35");
- default: throw fides::exception("Unsupported number of bits for private key");
+ default: throw Fides::exception("Unsupported number of bits for private key");
}
}
/// Loads a private key from a stream.
//
/// @param in Stream to read from.
}
}
/// Loads a private key from a stream.
//
/// @param in Stream to read from.
- void privatekey::load_private(std::istream &in) {
+ void PrivateKey::load_private(std::istream &in) {
try {
Botan::DataSource_Stream stream(in);
pub = priv = dynamic_cast<Botan::ECDSA_PrivateKey *>(Botan::PKCS8::load_key(stream, rng, ""));
} catch(Botan::Exception &e) {
try {
Botan::DataSource_Stream stream(in);
pub = priv = dynamic_cast<Botan::ECDSA_PrivateKey *>(Botan::PKCS8::load_key(stream, rng, ""));
} catch(Botan::Exception &e) {
- throw fides::exception(e.what());
+ throw Fides::exception(e.what());
}
}
/// Loads a private key from a file.
//
/// @param filename Name of the file to read from.
}
}
/// Loads a private key from a file.
//
/// @param filename Name of the file to read from.
- void privatekey::load_private(const std::string &filename) {
+ void PrivateKey::load_private(const std::string &filename) {
ifstream in(filename.c_str());
load_private(in);
}
ifstream in(filename.c_str());
load_private(in);
}
/// Saves the private key to a stream.
//
/// @param out Stream to write to.
/// Saves the private key to a stream.
//
/// @param out Stream to write to.
- void privatekey::save_private(std::ostream &out) const {
+ void PrivateKey::save_private(std::ostream &out) const {
out << Botan::PKCS8::PEM_encode(*priv);
}
/// Saves the private key to a file.
//
/// @param filename Name of the file to write to.
out << Botan::PKCS8::PEM_encode(*priv);
}
/// Saves the private key to a file.
//
/// @param filename Name of the file to write to.
- void privatekey::save_private(const std::string &filename) const {
+ void PrivateKey::save_private(const std::string &filename) const {
ofstream out(filename.c_str());
save_private(out);
}
ofstream out(filename.c_str());
save_private(out);
}
//
/// @param statement The statement that is to be signed.
/// @return A string containing the signature.
//
/// @param statement The statement that is to be signed.
/// @return A string containing the signature.
- string privatekey::sign(const std::string &statement) const {
+ string PrivateKey::sign(const std::string &statement) const {
auto_ptr<Botan::PK_Signer> signer(Botan::get_pk_signer(*priv, "EMSA1(SHA-512)"));
Botan::SecureVector<Botan::byte> sig = signer->sign_message((const Botan::byte *)statement.data(), statement.size(), rng);
return string((const char *)sig.begin(), (size_t)sig.size());
auto_ptr<Botan::PK_Signer> signer(Botan::get_pk_signer(*priv, "EMSA1(SHA-512)"));
Botan::SecureVector<Botan::byte> sig = signer->sign_message((const Botan::byte *)statement.data(), statement.size(), rng);
return string((const char *)sig.begin(), (size_t)sig.size());
-/* privatekey.h - Fides private key class
+/* PrivateKey.h - Fides private key class
Copyright (C) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>
Fides is free software; you can redistribute it and/or modify
Copyright (C) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>
Fides is free software; you can redistribute it and/or modify
#include <botan/ecdsa.h>
#include "publickey.h"
#include <botan/ecdsa.h>
#include "publickey.h"
-namespace fides {
- class privatekey: public publickey {
+namespace Fides {
+ class PrivateKey: public PublicKey {
Botan::ECDSA_PrivateKey *priv;
public:
Botan::ECDSA_PrivateKey *priv;
public:
- privatekey();
- ~privatekey();
+ PrivateKey();
+ ~PrivateKey();
void load_private(std::istream &in);
void save_private(std::ostream &out) const;
void load_private(std::istream &in);
void save_private(std::ostream &out) const;
-namespace fides {
- /// \class publickey
+namespace Fides {
+ /// \class PublicKey
///
/// \brief Representation of a public key.
///
///
/// \brief Representation of a public key.
///
/// Thus, we can ascertain if a statement, if it has been properly signed,
/// was indeed made by that entity.
/// Thus, we can ascertain if a statement, if it has been properly signed,
/// was indeed made by that entity.
- publickey::publickey(): pub(0), trust(0) {
+ PublicKey::PublicKey(): pub(0), trust(0) {
- publickey::~publickey() {
+ PublicKey::~PublicKey() {
delete pub;
}
/// Loads a public key from a stream.
//
/// @param in Stream to read from.
delete pub;
}
/// Loads a public key from a stream.
//
/// @param in Stream to read from.
- void publickey::load(std::istream &in) {
+ void PublicKey::load(std::istream &in) {
try {
Botan::DataSource_Stream source(in);
pub = dynamic_cast<Botan::ECDSA_PublicKey *>(Botan::X509::load_key(source));
} catch(Botan::Exception &e) {
try {
Botan::DataSource_Stream source(in);
pub = dynamic_cast<Botan::ECDSA_PublicKey *>(Botan::X509::load_key(source));
} catch(Botan::Exception &e) {
- throw fides::exception(e.what());
+ throw Fides::exception(e.what());
}
}
/// Loads a public key from a file.
//
/// @param filename Name of the file to read the key from.
}
}
/// Loads a public key from a file.
//
/// @param filename Name of the file to read the key from.
- void publickey::load(const std::string &filename) {
+ void PublicKey::load(const std::string &filename) {
ifstream in(filename.c_str());
load(in);
}
ifstream in(filename.c_str());
load(in);
}
/// Saves the public key to a stream.
//
/// @param out Stream to write to.
/// Saves the public key to a stream.
//
/// @param out Stream to write to.
- void publickey::save(std::ostream &out) const {
+ void PublicKey::save(std::ostream &out) const {
out << to_string();
}
/// Saves the public key to a file.
//
/// @param filename Name of the file to save the key to.
out << to_string();
}
/// Saves the public key to a file.
//
/// @param filename Name of the file to save the key to.
- void publickey::save(const std::string &filename) const {
+ void PublicKey::save(const std::string &filename) const {
ofstream out(filename.c_str());
save(out);
}
ofstream out(filename.c_str());
save(out);
}
/// Loads a public key from a string.
//
/// @param in String containing a public key in textual format.
/// Loads a public key from a string.
//
/// @param in String containing a public key in textual format.
- void publickey::from_string(const std::string &in) {
+ void PublicKey::from_string(const std::string &in) {
try {
Botan::DataSource_Memory source(in);
pub = dynamic_cast<Botan::ECDSA_PublicKey *>(Botan::X509::load_key(source));
} catch(Botan::Exception &e) {
try {
Botan::DataSource_Memory source(in);
pub = dynamic_cast<Botan::ECDSA_PublicKey *>(Botan::X509::load_key(source));
} catch(Botan::Exception &e) {
- throw fides::exception(e.what());
+ throw Fides::exception(e.what());
}
}
/// Write the public key to a string.
//
/// @return String containing the public key in textual format.
}
}
/// Write the public key to a string.
//
/// @return String containing the public key in textual format.
- string publickey::to_string() const {
+ string PublicKey::to_string() const {
return Botan::X509::PEM_encode(*pub);
}
return Botan::X509::PEM_encode(*pub);
}
/// @param bits Number of bits from the fingerprint to return.
/// The number will be rounded down to the nearest multiple of 8.
/// @return String containing the fingerprint.
/// @param bits Number of bits from the fingerprint to return.
/// The number will be rounded down to the nearest multiple of 8.
/// @return String containing the fingerprint.
- string publickey::fingerprint(unsigned int bits) const {
+ string PublicKey::fingerprint(unsigned int bits) const {
// TODO: find out if there is a standard way to get a hash of an ECDSA public key
Botan::SHA_256 sha256;
Botan::SecureVector<Botan::byte> hash = sha256.process(Botan::X509::PEM_encode(*pub));
// TODO: find out if there is a standard way to get a hash of an ECDSA public key
Botan::SHA_256 sha256;
Botan::SecureVector<Botan::byte> hash = sha256.process(Botan::X509::PEM_encode(*pub));
/// @param signature The signature of the statement.
/// @return Returns true if the signature is indeed a valid signature, made by this public key, of the statement.
/// Return false otherwise.
/// @param signature The signature of the statement.
/// @return Returns true if the signature is indeed a valid signature, made by this public key, of the statement.
/// Return false otherwise.
- bool publickey::verify(const std::string &statement, const std::string &signature) const {
+ bool PublicKey::verify(const std::string &statement, const std::string &signature) const {
auto_ptr<Botan::PK_Verifier> verifier(Botan::get_pk_verifier(*pub, "EMSA1(SHA-512)"));
verifier->update((const Botan::byte *)statement.data(), statement.size());
Botan::SecureVector<Botan::byte> sig;
auto_ptr<Botan::PK_Verifier> verifier(Botan::get_pk_verifier(*pub, "EMSA1(SHA-512)"));
verifier->update((const Botan::byte *)statement.data(), statement.size());
Botan::SecureVector<Botan::byte> sig;
#include <botan/botan.h>
#include <botan/ecdsa.h>
#include <botan/botan.h>
#include <botan/ecdsa.h>
-namespace fides {
- class publickey {
+namespace Fides {
+ class PublicKey {
protected:
Botan::ECDSA_PublicKey *pub;
public:
protected:
Botan::ECDSA_PublicKey *pub;
public:
- publickey();
- ~publickey();
+ PublicKey();
+ ~PublicKey();
int trust;
void load(std::istream &in);
int trust;
void load(std::istream &in);
// Base64 and hex encoding/decoding functions
/// Hexadecimal encode data.
// Base64 and hex encoding/decoding functions
/// Hexadecimal encode data.
#include <vector>
#include <regex.h>
#include <vector>
#include <regex.h>
class regexp {
regex_t comp;
class regexp {
regex_t comp;
///
/// @param exp Regular expression to compile.
/// @param cflags Bitwise OR of options to apply when compiling the regular expression:
///
/// @param exp Regular expression to compile.
/// @param cflags Bitwise OR of options to apply when compiling the regular expression:
- /// - fides::regexp::EXTENDED
+ /// - Fides::regexp::EXTENDED
/// Use POSIX Extended Regular Expression syntax when interpreting exp.
/// Use POSIX Extended Regular Expression syntax when interpreting exp.
- /// - fides::regexp::ICASE
+ /// - Fides::regexp::ICASE
/// Make the expression case-insensitive.
/// Make the expression case-insensitive.
- /// - fides::regexp::NOSUB
+ /// - Fides::regexp::NOSUB
/// Disable support for substring addressing.
/// Disable support for substring addressing.
- /// - fides::regexp::NEWLINE
+ /// - Fides::regexp::NEWLINE
/// Do not treat the newline character as the start or end of a line.
regexp(const std::string &exp, int cflags = 0) {
int err = regcomp(&comp, exp.c_str(), cflags);
/// Do not treat the newline character as the start or end of a line.
regexp(const std::string &exp, int cflags = 0) {
int err = regcomp(&comp, exp.c_str(), cflags);
///
/// @param in String to test.
/// @param eflags Bitwise OR of options to apply when matching the string:
///
/// @param in String to test.
/// @param eflags Bitwise OR of options to apply when matching the string:
- /// - fides::regexp::NOTBOL
+ /// - Fides::regexp::NOTBOL
/// Do not treat the start of the string as the start of a line.
/// Do not treat the start of the string as the start of a line.
- /// - fides::regexp::NOTEOL
+ /// - Fides::regexp::NOTEOL
/// Do not treat the end of the string as the end of a line.
/// @return True if the string matches the regular expression, false otherwise.
bool match(const std::string &in, int eflags = 0) {
/// Do not treat the end of the string as the end of a line.
/// @return True if the string matches the regular expression, false otherwise.
bool match(const std::string &in, int eflags = 0) {
if(fides.is_firstrun()) {
cout << "New keys generated in " << fides.get_homedir() << '\n';
} else {
if(fides.is_firstrun()) {
cout << "New keys generated in " << fides.get_homedir() << '\n';
} else {
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
- fides::fides fides;
- fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
+ Fides::Manager fides;
+ Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0]));
if(!key) {
cerr << "Unknown key!\n";
return 1;
if(!key) {
cerr << "Unknown key!\n";
return 1;
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
- fides::fides fides;
- fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
+ Fides::Manager fides;
+ Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0]));
if(!key) {
cerr << "Unknown key!\n";
return 1;
if(!key) {
cerr << "Unknown key!\n";
return 1;
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
- fides::fides fides;
- fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
+ Fides::Manager fides;
+ Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0]));
if(key)
fides.trust(key);
else {
if(key)
fides.trust(key);
else {
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
- fides::fides fides;
- fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
+ Fides::Manager fides;
+ Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0]));
if(key)
fides.dctrust(key);
else {
if(key)
fides.dctrust(key);
else {
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
- fides::fides fides;
- fides::publickey *key = fides.find_key(fides::hexdecode(argv[0]));
+ Fides::Manager fides;
+ Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0]));
if(key)
fides.distrust(key);
else {
if(key)
fides.distrust(key);
else {
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
fides.sign(argv[0]);
return 0;
}
fides.sign(argv[0]);
return 0;
}
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
fides.allow(argv[0]);
return 0;
}
fides.allow(argv[0]);
return 0;
}
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
fides.dontcare(argv[0]);
return 0;
}
fides.dontcare(argv[0]);
return 0;
}
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
fides.deny(argv[0]);
return 0;
}
static int import(int argc, char *const argv[]) {
fides.deny(argv[0]);
return 0;
}
static int import(int argc, char *const argv[]) {
if(argc) {
ifstream in(argv[0]);
if(argc) {
ifstream in(argv[0]);
}
static int exprt(int argc, char *const argv[]) {
}
static int exprt(int argc, char *const argv[]) {
if(argc) {
ofstream out(argv[0]);
if(argc) {
ofstream out(argv[0]);
return EX_USAGE;
// Find certificates matching statement
return EX_USAGE;
// Find certificates matching statement
- fides::fides fides;
- const vector<const fides::certificate *> &certs = fides.find_certificates(argv[0]);
+ Fides::Manager fides;
+ const vector<const Fides::Certificate *> &certs = fides.find_certificates(argv[0]);
for(size_t i = 0; i < certs.size(); ++i)
cout << i << ' ' << certs[i]->to_string() << '\n';
return 0;
for(size_t i = 0; i < certs.size(); ++i)
cout << i << ' ' << certs[i]->to_string() << '\n';
return 0;
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
return fides.is_allowed(argv[0]) ? 0 : 1;
}
return fides.is_allowed(argv[0]) ? 0 : 1;
}
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
return fides.is_denied(argv[0]) ? 0 : 1;
}
return fides.is_denied(argv[0]) ? 0 : 1;
}
if(argc < 1)
return EX_USAGE;
if(argc < 1)
return EX_USAGE;
int self, trusted, all;
fides.auth_stats(argv[0], self, trusted, all);
cout << "Self: " << self << ", trusted: " << trusted << ", all: " << all << '\n';
int self, trusted, all;
fides.auth_stats(argv[0], self, trusted, all);
cout << "Self: " << self << ", trusted: " << trusted << ", all: " << all << '\n';
if(fides.fsck()) {
cout << "Everything OK\n";
return 0;
if(fides.fsck()) {
cout << "Everything OK\n";
return 0;