X-Git-Url: http://tinc-vpn.org/git/browse?p=fides;a=blobdiff_plain;f=fides.h;fp=fides.h;h=7d947194d9204383c89531fbc47f3d9c3c1b0b8c;hp=0000000000000000000000000000000000000000;hb=4887fb5f75d884730370a1963ee3a6f18dc39b94;hpb=6a8df9b73c1285e173de88fe105272d8541226d3

diff --git a/fides.h b/fides.h
new file mode 100644
index 0000000..7d94719
--- /dev/null
+++ b/fides.h
@@ -0,0 +1,170 @@
+#ifndef __FIDES_H__
+#define __FIDES_H__
+
+#include <stdexcept>
+#include <regex.h>
+#include <botan/botan.h>
+#include <sys/time.h>
+#include <map>
+
+class fides {
+	std::string homedir;
+	std::string certdir;
+	std::string obsoletedir;
+	std::string keydir;
+
+	bool firstrun;
+	struct timeval latest;
+	static Botan::AutoSeeded_RNG rng;
+
+	public:
+	// Utility functions
+
+	static std::string b64encode(const std::string &in);
+	static std::string b64decode(const std::string &in);
+	static std::string hexencode(const std::string &in);
+	static std::string hexdecode(const std::string &in);
+
+	class regexp {
+		regex_t comp;
+
+		public:
+		static const int EXTENDED = REG_EXTENDED;
+		static const int ICASE = REG_ICASE;
+		static const int NOSUB = REG_NOSUB;
+		static const int NEWLINE = REG_NEWLINE;
+
+		static const int NOTBOL = REG_NOTBOL;
+		static const int NOTEAL = REG_NOTEOL;
+
+		regexp(const std::string &exp, int cflags = 0) {
+			int err = regcomp(&comp, exp.c_str(), cflags | NOSUB);
+			if(err)
+				throw exception("Could not compile regular expression");
+		}
+
+		~regexp() {
+			regfree(&comp);
+		}
+
+		bool match(const std::string &in, int eflags = 0) {
+			return regexec(&comp, in.c_str(), 0, 0, eflags) == 0;
+		}
+	};
+
+	// Exception class
+
+	class exception: public std::runtime_error {
+                public:
+                exception(const std::string reason): runtime_error(reason) {}
+        };
+
+	// Objects manipulated by fides
+
+	class publickey {
+		protected:
+		Botan::ECDSA_PublicKey *pub;
+
+		public:
+		publickey();
+		~publickey();
+
+		int trust;
+		void load(std::istream &in);
+		void save(std::ostream &out);
+		void load(const std::string &filename);
+		void save(const std::string &filename);
+		bool verify(const std::string &data, const std::string &signature);
+		std::string to_string();
+		void from_string(const std::string &in);
+		std::string fingerprint(unsigned int bits = 64);
+	};
+
+	class privatekey: public publickey {
+		Botan::ECDSA_PrivateKey *priv;
+
+		public:
+		privatekey();
+		~privatekey();
+
+		void load_private(std::istream &in);
+		void save_private(std::ostream &out);
+		void load_private(const std::string &filename);
+		void save_private(const std::string &filename);
+		void generate(const std::string &field);
+		void generate(unsigned int bits = 224);
+		std::string sign(const std::string &data);
+	};
+
+	class certificate {
+		friend class fides;
+		publickey *signer;
+		struct timeval timestamp;
+		std::string statement;
+		std::string signature;
+
+		public:
+		certificate(publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
+		certificate(privatekey *priv, struct timeval timestamp, const std::string &statement);
+
+		std::string to_string() const;
+		std::string fingerprint(unsigned int bits = 64);
+		bool validate();
+	};
+
+	// Fides class itself
+
+	private:
+	privatekey mykey;
+	std::map<std::string, publickey *> keys;
+	std::map<std::string, certificate *> certs;
+	std::set<publickey *> trustedkeys;
+
+	void merge(certificate *cert);
+	void merge(publickey *key);
+
+	public:
+	fides(const std::string &homedir = "");
+	~fides();
+
+	bool is_firstrun();
+	bool fsck();
+	std::string get_homedir();
+
+	void sign(const std::string &statement);
+
+	void allow(const std::string &statement, publickey *key = 0);
+	void dontcare(const std::string &statement, publickey *key = 0);
+	void deny(const std::string &statement, publickey *key = 0);
+	bool is_allowed(const std::string &statement, publickey *key = 0);
+	bool is_denied(const std::string &statement, publickey *key = 0);
+
+	void auth_stats(const std::string &statement, int &self, int &trusted, int &all);
+	void trust(publickey *key);
+	void dctrust(publickey *key);
+	void distrust(publickey *key);
+	bool is_trusted(publickey *key);
+	bool is_distrusted(publickey *key);
+	publickey *find_key(const std::string &fingerprint);
+	void update_trust();
+
+	std::vector<certificate *> find_certificates(publickey *key, const std::string &statement);
+	std::vector<certificate *> find_certificates(const std::string &statement);
+	std::vector<certificate *> find_certificates(publickey *key);
+
+	certificate *import_certificate(const std::string &certificate);
+	std::string export_certificate(const certificate *);
+
+	publickey *import_key(const std::string &key);
+	std::string export_key(const publickey *key);
+
+	void import_all(std::istream &in);
+	void export_all(std::ostream &out);
+
+	certificate *certificate_from_string(const std::string &certificate);
+	certificate *certificate_load(const std::string &filename);
+	void certificate_save(const certificate *cert, const std::string &filename);
+
+};
+
+#endif