X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=lib%2Ffides.h;h=569f87619fea8a6094ee94c8b6a7651fbed7dea9;hb=0f3083b8693bfaddc4bf3fd6ce7174ac06afa958;hp=7d947194d9204383c89531fbc47f3d9c3c1b0b8c;hpb=811b273f857703f489875376f188f1fc21b7e850;p=fides

diff --git a/lib/fides.h b/lib/fides.h
index 7d94719..569f876 100644
--- a/lib/fides.h
+++ b/lib/fides.h
@@ -1,9 +1,27 @@
+/* fides.h - Light-weight, decentralised trust and authorisation management
+   Copyright (C) 2008-2009  Guus Sliepen <guus@tinc-vpn.org>
+  
+   Fides is free software; you can redistribute it and/or modify
+   it under the terms of the GNU Lesser General Public License as
+   published by the Free Software Foundation; either version 2.1 of
+   the License, or (at your option) any later version.
+  
+   Fides is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+   GNU Lesser General Public License for more details.
+  
+   You should have received a copy of the GNU Lesser General Public
+   License along with this program; if not, see <http://www.gnu.org/licenses/>.
+*/
+
 #ifndef __FIDES_H__
 #define __FIDES_H__
 
 #include <stdexcept>
 #include <regex.h>
 #include <botan/botan.h>
+#include <botan/ecdsa.h>
 #include <sys/time.h>
 #include <map>
 
@@ -25,6 +43,12 @@ class fides {
 	static std::string hexencode(const std::string &in);
 	static std::string hexdecode(const std::string &in);
 
+	/// Compiled regular expression.
+
+	/// This class holds a compiled regular expression,
+	/// which can be used to match arbitrary strings to.
+	/// It is a wrapper for the POSIX regex functions
+	/// regcomp() and regexec().
 	class regexp {
 		regex_t comp;
 
@@ -35,10 +59,22 @@ class fides {
 		static const int NEWLINE = REG_NEWLINE;
 
 		static const int NOTBOL = REG_NOTBOL;
-		static const int NOTEAL = REG_NOTEOL;
-
+		static const int NOTEOL = REG_NOTEOL;
+
+		/// Construct a compiled regular expression.
+		///
+		/// @param exp    Regular expression to compile.
+		/// @param cflags Bitwise OR of options to apply when compiling the regular expression:
+		///               - fides::regexp::EXTENDED
+		///                 Use POSIX Extended Regular Expression syntax when interpreting exp.
+		///               - fides::regexp::ICASE
+		///                 Make the expression case-insensitive.
+		///               - fides::regexp::NOSUB
+		///                 Disable support for substring addressing.
+		///               - fides::regexp::NEWLINE
+		///                 Do not treat the newline character as the start or end of a line.
 		regexp(const std::string &exp, int cflags = 0) {
-			int err = regcomp(&comp, exp.c_str(), cflags | NOSUB);
+			int err = regcomp(&comp, exp.c_str(), cflags);
 			if(err)
 				throw exception("Could not compile regular expression");
 		}
@@ -47,13 +83,20 @@ class fides {
 			regfree(&comp);
 		}
 
+		/// Test whether a string matches the regular expression.
+		///
+		/// @param in     String to test.
+		/// @param eflags Bitwise OR of options to apply when matching the string:
+		///               - fides::regexp::NOTBOL
+		///                 Do not treat the start of the string as the start of a line.
+		///               - fides::regexp::NOTEOL
+		///                 Do not treat the end of the string as the end of a line.
+		/// @return True if the string matches the regular expression, false otherwise.
 		bool match(const std::string &in, int eflags = 0) {
 			return regexec(&comp, in.c_str(), 0, 0, eflags) == 0;
 		}
 	};
 
-	// Exception class
-
 	class exception: public std::runtime_error {
                 public:
                 exception(const std::string reason): runtime_error(reason) {}
@@ -71,13 +114,13 @@ class fides {
 
 		int trust;
 		void load(std::istream &in);
-		void save(std::ostream &out);
+		void save(std::ostream &out) const;
 		void load(const std::string &filename);
-		void save(const std::string &filename);
-		bool verify(const std::string &data, const std::string &signature);
-		std::string to_string();
+		void save(const std::string &filename) const;
+		bool verify(const std::string &data, const std::string &signature) const;
+		std::string to_string() const;
 		void from_string(const std::string &in);
-		std::string fingerprint(unsigned int bits = 64);
+		std::string fingerprint(unsigned int bits = 64) const;
 	};
 
 	class privatekey: public publickey {
@@ -88,28 +131,30 @@ class fides {
 		~privatekey();
 
 		void load_private(std::istream &in);
-		void save_private(std::ostream &out);
+		void save_private(std::ostream &out) const;
 		void load_private(const std::string &filename);
-		void save_private(const std::string &filename);
+		void save_private(const std::string &filename) const;
 		void generate(const std::string &field);
 		void generate(unsigned int bits = 224);
-		std::string sign(const std::string &data);
+		std::string sign(const std::string &data) const;
 	};
 
 	class certificate {
 		friend class fides;
-		publickey *signer;
+
+		/// Public key that signed this certificate.
+		const publickey *signer;
 		struct timeval timestamp;
 		std::string statement;
 		std::string signature;
 
 		public:
-		certificate(publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
-		certificate(privatekey *priv, struct timeval timestamp, const std::string &statement);
+		certificate(const publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature);
+		certificate(const privatekey *priv, struct timeval timestamp, const std::string &statement);
 
 		std::string to_string() const;
-		std::string fingerprint(unsigned int bits = 64);
-		bool validate();
+		std::string fingerprint(unsigned int bits = 64) const;
+		bool validate() const;
 	};
 
 	// Fides class itself
@@ -118,7 +163,6 @@ class fides {
 	privatekey mykey;
 	std::map<std::string, publickey *> keys;
 	std::map<std::string, certificate *> certs;
-	std::set<publickey *> trustedkeys;
 
 	void merge(certificate *cert);
 	void merge(publickey *key);
@@ -127,43 +171,43 @@ class fides {
 	fides(const std::string &homedir = "");
 	~fides();
 
-	bool is_firstrun();
-	bool fsck();
-	std::string get_homedir();
+	bool is_firstrun() const;
+	bool fsck() const;
+	std::string get_homedir() const;
 
 	void sign(const std::string &statement);
 
-	void allow(const std::string &statement, publickey *key = 0);
-	void dontcare(const std::string &statement, publickey *key = 0);
-	void deny(const std::string &statement, publickey *key = 0);
-	bool is_allowed(const std::string &statement, publickey *key = 0);
-	bool is_denied(const std::string &statement, publickey *key = 0);
-
-	void auth_stats(const std::string &statement, int &self, int &trusted, int &all);
-	void trust(publickey *key);
-	void dctrust(publickey *key);
-	void distrust(publickey *key);
-	bool is_trusted(publickey *key);
-	bool is_distrusted(publickey *key);
-	publickey *find_key(const std::string &fingerprint);
+	void allow(const std::string &statement, const publickey *key = 0);
+	void dontcare(const std::string &statement, const publickey *key = 0);
+	void deny(const std::string &statement, const publickey *key = 0);
+	bool is_allowed(const std::string &statement, const publickey *key = 0) const;
+	bool is_denied(const std::string &statement, const publickey *key = 0) const;
+
+	void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const;
+	void trust(const publickey *key);
+	void dctrust(const publickey *key);
+	void distrust(const publickey *key);
+	bool is_trusted(const publickey *key) const;
+	bool is_distrusted(const publickey *key) const;
+	publickey *find_key(const std::string &fingerprint) const;
 	void update_trust();
 
-	std::vector<certificate *> find_certificates(publickey *key, const std::string &statement);
-	std::vector<certificate *> find_certificates(const std::string &statement);
-	std::vector<certificate *> find_certificates(publickey *key);
+	std::vector<const certificate *> find_certificates(const publickey *key, const std::string &statement) const;
+	std::vector<const certificate *> find_certificates(const std::string &statement) const;
+	std::vector<const certificate *> find_certificates(const publickey *key) const;
 
-	certificate *import_certificate(const std::string &certificate);
-	std::string export_certificate(const certificate *);
+	const certificate *import_certificate(const std::string &certificate);
+	std::string export_certificate(const certificate *) const;
 
-	publickey *import_key(const std::string &key);
-	std::string export_key(const publickey *key);
+	const publickey *import_key(const std::string &key);
+	std::string export_key(const publickey *key) const;
 
 	void import_all(std::istream &in);
-	void export_all(std::ostream &out);
+	void export_all(std::ostream &out) const;
 
 	certificate *certificate_from_string(const std::string &certificate);
 	certificate *certificate_load(const std::string &filename);
-	void certificate_save(const certificate *cert, const std::string &filename);
+	void certificate_save(const certificate *cert, const std::string &filename) const;
 
 };