1 /* fides.h - Light-weight, decentralised trust and authorisation management
2 Copyright (C) 2008-2009 Guus Sliepen <guus@tinc-vpn.org>
4 Fides is free software; you can redistribute it and/or modify
5 it under the terms of the GNU Lesser General Public License as
6 published by the Free Software Foundation; either version 2.1 of
7 the License, or (at your option) any later version.
9 Fides is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU Lesser General Public License for more details.
14 You should have received a copy of the GNU Lesser General Public
15 License along with this program; if not, see <http://www.gnu.org/licenses/>.
23 #include <botan/botan.h>
24 #include <botan/ecdsa.h>
31 std::string obsoletedir;
35 struct timeval latest;
36 static Botan::AutoSeeded_RNG rng;
41 static std::string b64encode(const std::string &in);
42 static std::string b64decode(const std::string &in);
43 static std::string hexencode(const std::string &in);
44 static std::string hexdecode(const std::string &in);
50 static const int EXTENDED = REG_EXTENDED;
51 static const int ICASE = REG_ICASE;
52 static const int NOSUB = REG_NOSUB;
53 static const int NEWLINE = REG_NEWLINE;
55 static const int NOTBOL = REG_NOTBOL;
56 static const int NOTEAL = REG_NOTEOL;
58 regexp(const std::string &exp, int cflags = 0) {
59 int err = regcomp(&comp, exp.c_str(), cflags | NOSUB);
61 throw exception("Could not compile regular expression");
68 bool match(const std::string &in, int eflags = 0) {
69 return regexec(&comp, in.c_str(), 0, 0, eflags) == 0;
75 class exception: public std::runtime_error {
77 exception(const std::string reason): runtime_error(reason) {}
80 // Objects manipulated by fides
84 Botan::ECDSA_PublicKey *pub;
91 void load(std::istream &in);
92 void save(std::ostream &out) const;
93 void load(const std::string &filename);
94 void save(const std::string &filename) const;
95 bool verify(const std::string &data, const std::string &signature) const;
96 std::string to_string() const;
97 void from_string(const std::string &in);
98 std::string fingerprint(unsigned int bits = 64) const;
101 class privatekey: public publickey {
102 Botan::ECDSA_PrivateKey *priv;
108 void load_private(std::istream &in);
109 void save_private(std::ostream &out) const;
110 void load_private(const std::string &filename);
111 void save_private(const std::string &filename) const;
112 void generate(const std::string &field);
113 void generate(unsigned int bits = 224);
114 std::string sign(const std::string &data) const;
119 const publickey *signer;
120 struct timeval timestamp;
121 std::string statement;
122 std::string signature;
125 certificate(const publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
126 certificate(const privatekey *priv, struct timeval timestamp, const std::string &statement);
128 std::string to_string() const;
129 std::string fingerprint(unsigned int bits = 64) const;
130 bool validate() const;
133 // Fides class itself
137 std::map<std::string, publickey *> keys;
138 std::map<std::string, certificate *> certs;
140 void merge(certificate *cert);
141 void merge(publickey *key);
144 fides(const std::string &homedir = "");
147 bool is_firstrun() const;
149 std::string get_homedir() const;
151 void sign(const std::string &statement);
153 void allow(const std::string &statement, const publickey *key = 0);
154 void dontcare(const std::string &statement, const publickey *key = 0);
155 void deny(const std::string &statement, const publickey *key = 0);
156 bool is_allowed(const std::string &statement, const publickey *key = 0) const;
157 bool is_denied(const std::string &statement, const publickey *key = 0) const;
159 void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const;
160 void trust(const publickey *key);
161 void dctrust(const publickey *key);
162 void distrust(const publickey *key);
163 bool is_trusted(const publickey *key) const;
164 bool is_distrusted(const publickey *key) const;
165 publickey *find_key(const std::string &fingerprint) const;
168 std::vector<const certificate *> find_certificates(const publickey *key, const std::string &statement) const;
169 std::vector<const certificate *> find_certificates(const std::string &statement) const;
170 std::vector<const certificate *> find_certificates(const publickey *key) const;
172 const certificate *import_certificate(const std::string &certificate);
173 std::string export_certificate(const certificate *) const;
175 const publickey *import_key(const std::string &key);
176 std::string export_key(const publickey *key) const;
178 void import_all(std::istream &in);
179 void export_all(std::ostream &out) const;
181 certificate *certificate_from_string(const std::string &certificate);
182 certificate *certificate_load(const std::string &filename);
183 void certificate_save(const certificate *cert, const std::string &filename) const;