6 #include <botan/botan.h>
13 std::string obsoletedir;
17 struct timeval latest;
18 static Botan::AutoSeeded_RNG rng;
23 static std::string b64encode(const std::string &in);
24 static std::string b64decode(const std::string &in);
25 static std::string hexencode(const std::string &in);
26 static std::string hexdecode(const std::string &in);
32 static const int EXTENDED = REG_EXTENDED;
33 static const int ICASE = REG_ICASE;
34 static const int NOSUB = REG_NOSUB;
35 static const int NEWLINE = REG_NEWLINE;
37 static const int NOTBOL = REG_NOTBOL;
38 static const int NOTEAL = REG_NOTEOL;
40 regexp(const std::string &exp, int cflags = 0) {
41 int err = regcomp(&comp, exp.c_str(), cflags | NOSUB);
43 throw exception("Could not compile regular expression");
50 bool match(const std::string &in, int eflags = 0) {
51 return regexec(&comp, in.c_str(), 0, 0, eflags) == 0;
57 class exception: public std::runtime_error {
59 exception(const std::string reason): runtime_error(reason) {}
62 // Objects manipulated by fides
66 Botan::ECDSA_PublicKey *pub;
73 void load(std::istream &in);
74 void save(std::ostream &out);
75 void load(const std::string &filename);
76 void save(const std::string &filename);
77 bool verify(const std::string &data, const std::string &signature);
78 std::string to_string();
79 void from_string(const std::string &in);
80 std::string fingerprint(unsigned int bits = 64);
83 class privatekey: public publickey {
84 Botan::ECDSA_PrivateKey *priv;
90 void load_private(std::istream &in);
91 void save_private(std::ostream &out);
92 void load_private(const std::string &filename);
93 void save_private(const std::string &filename);
94 void generate(const std::string &field);
95 void generate(unsigned int bits = 224);
96 std::string sign(const std::string &data);
102 struct timeval timestamp;
103 std::string statement;
104 std::string signature;
107 certificate(publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
108 certificate(privatekey *priv, struct timeval timestamp, const std::string &statement);
110 std::string to_string() const;
111 std::string fingerprint(unsigned int bits = 64);
115 // Fides class itself
119 std::map<std::string, publickey *> keys;
120 std::map<std::string, certificate *> certs;
121 std::set<publickey *> trustedkeys;
123 void merge(certificate *cert);
124 void merge(publickey *key);
127 fides(const std::string &homedir = "");
132 std::string get_homedir();
134 void sign(const std::string &statement);
136 void allow(const std::string &statement, publickey *key = 0);
137 void dontcare(const std::string &statement, publickey *key = 0);
138 void deny(const std::string &statement, publickey *key = 0);
139 bool is_allowed(const std::string &statement, publickey *key = 0);
140 bool is_denied(const std::string &statement, publickey *key = 0);
142 void auth_stats(const std::string &statement, int &self, int &trusted, int &all);
143 void trust(publickey *key);
144 void dctrust(publickey *key);
145 void distrust(publickey *key);
146 bool is_trusted(publickey *key);
147 bool is_distrusted(publickey *key);
148 publickey *find_key(const std::string &fingerprint);
151 std::vector<certificate *> find_certificates(publickey *key, const std::string &statement);
152 std::vector<certificate *> find_certificates(const std::string &statement);
153 std::vector<certificate *> find_certificates(publickey *key);
155 certificate *import_certificate(const std::string &certificate);
156 std::string export_certificate(const certificate *);
158 publickey *import_key(const std::string &key);
159 std::string export_key(const publickey *key);
161 void import_all(std::istream &in);
162 void export_all(std::ostream &out);
164 certificate *certificate_from_string(const std::string &certificate);
165 certificate *certificate_load(const std::string &filename);
166 void certificate_save(const certificate *cert, const std::string &filename);