-string fides::hexdecode(const string &in) {
- Botan::Pipe pipe(new Botan::Hex_Decoder);
- pipe.process_msg((Botan::byte *)in.data(), in.size());
- return pipe.read_all_as_string();
-}
-
-string fides::b64encode(const string &in) {
- Botan::Pipe pipe(new Botan::Base64_Encoder);
- pipe.process_msg((Botan::byte *)in.data(), in.size());
- return pipe.read_all_as_string();
-}
-
-string fides::b64decode(const string &in) {
- Botan::Pipe pipe(new Botan::Base64_Decoder);
- pipe.process_msg((Botan::byte *)in.data(), in.size());
- return pipe.read_all_as_string();
-}
-
-// Certificate functions
-
-fides::certificate::certificate(publickey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {}
-
-bool fides::certificate::validate() {
- string data = signer->fingerprint(256);
- data += string((const char *)×tamp, sizeof timestamp);
- data += statement;
- return signer->verify(data, signature);
-}
-
-fides::certificate::certificate(privatekey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) {
- string data = signer->fingerprint(256);
- data += string((const char *)×tamp, sizeof timestamp);
- data += statement;
- signature = key->sign(data);
-}
-
-string fides::certificate::fingerprint(unsigned int bits) {
- return signature.substr(signature.size() - bits / 8);
-}
-
-string fides::certificate::to_string() const {
- string data = fides::hexencode(signer->fingerprint());
- data += ' ';
- char ts[100];
- snprintf(ts, sizeof ts, "%lu.%06lu", timestamp.tv_sec, timestamp.tv_usec);
- data += ts;
- data += ' ';
- data += fides::b64encode(signature);
- data += ' ';
- data += statement;
- return data;
-}
+ /// \class Manager
+ ///
+ /// \brief Interaction with a Fides database.
+ ///
+ /// A Manager object manages a database of public keys and certificates.
+ /// New certificates can be created, certificates can be imported and exported,
+ /// and queries can be done on the database.
+
+
+ /// Creates a new handle on a Fides database.
+ //
+ /// Will load the private key, known public keys and certificates.
+ /// After that it will calculate the trust value of all keys.
+ ///
+ /// @param dir Directory where Fides stores the keys and certificates.
+ /// If no directory is specified, the following environment variables
+ /// are used, in the given order:
+ /// - \$FIDES_HOME
+ /// - \$HOME/.fides
+ /// - \$PWD/.fides
+ Manager::Manager(const std::string &dir): homedir(dir) {
+ debug cerr << "Fides initialising\n";
+
+ // Set homedir to provided directory, or $FIDES_HOME, or $HOME/.fides, or as a last resort $PWD/.fides
+ if(homedir.empty())
+ homedir = getenv("FIDES_HOME") ?: "";
+ if(homedir.empty()) {
+ char cwd[PATH_MAX];
+ homedir = getenv("HOME") ?: getcwd(cwd, sizeof cwd);
+ homedir += "/.fides";
+ }