Update to a somewhat usable version.

[fides] / fides.h

diff --git a/fides.h b/fides.h
new file mode 100644 (file)
index 0000000..7d94719
--- /dev/null
+++ b/fides.h
@@ -0,0 +1,170 @@
+#ifndef __FIDES_H__
+#define __FIDES_H__
+
+#include <stdexcept>
+#include <regex.h>
+#include <botan/botan.h>
+#include <sys/time.h>
+#include <map>
+
+class fides {
+       std::string homedir;
+       std::string certdir;
+       std::string obsoletedir;
+       std::string keydir;
+
+       bool firstrun;
+       struct timeval latest;
+       static Botan::AutoSeeded_RNG rng;
+
+       public:
+       // Utility functions
+
+       static std::string b64encode(const std::string &in);
+       static std::string b64decode(const std::string &in);
+       static std::string hexencode(const std::string &in);
+       static std::string hexdecode(const std::string &in);
+
+       class regexp {
+               regex_t comp;
+
+               public:
+               static const int EXTENDED = REG_EXTENDED;
+               static const int ICASE = REG_ICASE;
+               static const int NOSUB = REG_NOSUB;
+               static const int NEWLINE = REG_NEWLINE;
+
+               static const int NOTBOL = REG_NOTBOL;
+               static const int NOTEAL = REG_NOTEOL;
+
+               regexp(const std::string &exp, int cflags = 0) {
+                       int err = regcomp(&comp, exp.c_str(), cflags | NOSUB);
+                       if(err)
+                               throw exception("Could not compile regular expression");
+               }
+
+               ~regexp() {
+                       regfree(&comp);
+               }
+
+               bool match(const std::string &in, int eflags = 0) {
+                       return regexec(&comp, in.c_str(), 0, 0, eflags) == 0;
+               }
+       };
+
+       // Exception class
+
+       class exception: public std::runtime_error {
+                public:
+                exception(const std::string reason): runtime_error(reason) {}
+        };
+
+       // Objects manipulated by fides
+
+       class publickey {
+               protected:
+               Botan::ECDSA_PublicKey *pub;
+
+               public:
+               publickey();
+               ~publickey();
+
+               int trust;
+               void load(std::istream &in);
+               void save(std::ostream &out);
+               void load(const std::string &filename);
+               void save(const std::string &filename);
+               bool verify(const std::string &data, const std::string &signature);
+               std::string to_string();
+               void from_string(const std::string &in);
+               std::string fingerprint(unsigned int bits = 64);
+       };
+
+       class privatekey: public publickey {
+               Botan::ECDSA_PrivateKey *priv;
+
+               public:
+               privatekey();
+               ~privatekey();
+
+               void load_private(std::istream &in);
+               void save_private(std::ostream &out);
+               void load_private(const std::string &filename);
+               void save_private(const std::string &filename);
+               void generate(const std::string &field);
+               void generate(unsigned int bits = 224);
+               std::string sign(const std::string &data);
+       };
+
+       class certificate {
+               friend class fides;
+               publickey *signer;
+               struct timeval timestamp;
+               std::string statement;
+               std::string signature;
+
+               public:
+               certificate(publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
+               certificate(privatekey *priv, struct timeval timestamp, const std::string &statement);
+
+               std::string to_string() const;
+               std::string fingerprint(unsigned int bits = 64);
+               bool validate();
+       };
+
+       // Fides class itself
+
+       private:
+       privatekey mykey;
+       std::map<std::string, publickey *> keys;
+       std::map<std::string, certificate *> certs;
+       std::set<publickey *> trustedkeys;
+
+       void merge(certificate *cert);
+       void merge(publickey *key);
+
+       public:
+       fides(const std::string &homedir = "");
+       ~fides();
+
+       bool is_firstrun();
+       bool fsck();
+       std::string get_homedir();
+
+       void sign(const std::string &statement);
+
+       void allow(const std::string &statement, publickey *key = 0);
+       void dontcare(const std::string &statement, publickey *key = 0);
+       void deny(const std::string &statement, publickey *key = 0);
+       bool is_allowed(const std::string &statement, publickey *key = 0);
+       bool is_denied(const std::string &statement, publickey *key = 0);
+
+       void auth_stats(const std::string &statement, int &self, int &trusted, int &all);
+       void trust(publickey *key);
+       void dctrust(publickey *key);
+       void distrust(publickey *key);
+       bool is_trusted(publickey *key);
+       bool is_distrusted(publickey *key);
+       publickey *find_key(const std::string &fingerprint);
+       void update_trust();
+
+       std::vector<certificate *> find_certificates(publickey *key, const std::string &statement);
+       std::vector<certificate *> find_certificates(const std::string &statement);
+       std::vector<certificate *> find_certificates(publickey *key);
+
+       certificate *import_certificate(const std::string &certificate);
+       std::string export_certificate(const certificate *);
+
+       publickey *import_key(const std::string &key);
+       std::string export_key(const publickey *key);
+
+       void import_all(std::istream &in);
+       void export_all(std::ostream &out);
+
+       certificate *certificate_from_string(const std::string &certificate);
+       certificate *certificate_load(const std::string &filename);
+       void certificate_save(const certificate *cert, const std::string &filename);
+
+};
+
+#endif