From: Guus Sliepen Date: Mon, 26 Jan 2009 23:09:52 +0000 (+0100) Subject: Clean up the namespace. X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=f36a11f15b1d75cf3d786cab06fefe0d50812c83;p=fides Clean up the namespace. - Class names are capitalised. - Fides is now only a namespace. - The former fides class is now Fides::Manager. --- diff --git a/lib/certificate.cc b/lib/certificate.cc index 9b83ec0..b801403 100644 --- a/lib/certificate.cc +++ b/lib/certificate.cc @@ -22,8 +22,8 @@ using namespace std; -namespace fides { - /// \class fides::certificate +namespace Fides { + /// \class Certificate /// /// \brief Representation of a certificate. @@ -33,12 +33,12 @@ namespace fides { /// @param timestamp Timestamp of the certificate. /// @param statement Statement of the certificate. /// @param signature Signature of the certificate. - certificate::certificate(const publickey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {} + Certificate::Certificate(const PublicKey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {} /// Verifies the signature of the certificate. // /// @return True if the signature is valid, false otherwise. - bool certificate::validate() const { + bool Certificate::validate() const { string data = signer->fingerprint(256); data += string((const char *)×tamp, sizeof timestamp); data += statement; @@ -50,7 +50,7 @@ namespace fides { /// @param key Private key to sign the certificate with. /// @param timestamp Timestamp of the certificate. /// @param statement Statement of the certificate. - certificate::certificate(const privatekey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) { + Certificate::Certificate(const PrivateKey *key, struct timeval timestamp, const std::string &statement): signer(key), timestamp(timestamp), statement(statement) { string data = signer->fingerprint(256); data += string((const char *)×tamp, sizeof timestamp); data += statement; @@ -62,14 +62,14 @@ namespace fides { /// @param bits Number of bits from the fingerprint to return. /// The number will be rounded down to the nearest multiple of 8. /// @return String containing the fingerprint. - string certificate::fingerprint(unsigned int bits) const { + string Certificate::fingerprint(unsigned int bits) const { return signature.substr(signature.size() - bits / 8); } /// Write the certificate to a string. // /// @return String containing the certificate in textual format. - string certificate::to_string() const { + string Certificate::to_string() const { string data = hexencode(signer->fingerprint()); data += ' '; char ts[100]; diff --git a/lib/certificate.h b/lib/certificate.h index ff8c452..2a605ea 100644 --- a/lib/certificate.h +++ b/lib/certificate.h @@ -1,4 +1,4 @@ -/* certificate.h - Fides certificate class +/* Certificate.h - Fides Certificate class Copyright (C) 2008-2009 Guus Sliepen Fides is free software; you can redistribute it and/or modify @@ -23,19 +23,19 @@ #include "publickey.h" #include "privatekey.h" -namespace fides { - class certificate { - friend class fides; +namespace Fides { + class Certificate { + friend class Manager; /// Public key that signed this certificate. - const publickey *signer; + const PublicKey *signer; struct timeval timestamp; std::string statement; std::string signature; public: - certificate(const publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature); - certificate(const privatekey *priv, struct timeval timestamp, const std::string &statement); + Certificate(const PublicKey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature); + Certificate(const PrivateKey *priv, struct timeval timestamp, const std::string &statement); std::string to_string() const; std::string fingerprint(unsigned int bits = 64) const; diff --git a/lib/fides.cc b/lib/fides.cc index 0e367aa..7c3cabf 100644 --- a/lib/fides.cc +++ b/lib/fides.cc @@ -34,12 +34,15 @@ using namespace std; -namespace fides { +namespace Fides { + static regexp authexp("^a[+0-] "); + static regexp trustexp("^t[+0-] "); + /// Saves a certificate to a file. // /// @param cert Certificate to save. /// @param filename File to save the certificate to. - void fides::certificate_save(const certificate *cert, const std::string &filename) const { + void Manager::certificate_save(const Certificate *cert, const std::string &filename) const { ofstream file(filename.c_str()); file << cert->to_string() << '\n'; } @@ -48,7 +51,7 @@ namespace fides { // /// @param filename File to save the certificate to. /// @return The certificate. - certificate *fides::certificate_load(const std::string &filename) { + Certificate *Manager::certificate_load(const std::string &filename) { ifstream file(filename.c_str()); string data; getline(file, data); @@ -59,42 +62,42 @@ namespace fides { // /// @param data String containing the certificate in textual form. /// @return The certificate. - certificate *fides::certificate_from_string(const std::string &data) { + Certificate *Manager::certificate_from_string(const std::string &data) { size_t b, e; e = data.find(' ', 0); if(e == string::npos) - throw exception("Invalid certificate"); + throw exception("Invalid Certificate"); string fingerprint = hexdecode(data.substr(0, e)); - const publickey *signer = find_key(fingerprint); + const PublicKey *signer = find_key(fingerprint); if(!signer) throw exception("Unknown public key"); b = e + 1; e = data.find('.', b); if(e == string::npos) - throw exception("Invalid certificate"); + throw exception("Invalid Certificate"); struct timeval timestamp; timestamp.tv_sec = atol(data.c_str() + b); b = e + 1; timestamp.tv_usec = atol(data.c_str() + b); e = data.find(' ', b); if(e == string::npos) - throw exception("Invalid certificate"); + throw exception("Invalid Certificate"); b = e + 1; e = data.find(' ', b); if(e == string::npos) - throw exception("Invalid certificate"); + throw exception("Invalid Certificate"); string signature = b64decode(data.substr(b, e - b)); b = e + 1; string statement = data.substr(b); - return new certificate(signer, timestamp, statement, signature); + return new Certificate(signer, timestamp, statement, signature); } - /// \class fides + /// \class Manager /// /// \brief Interaction with a Fides database. /// - /// A fides object manages a database of public keys and certificates. + /// A Manager object manages a database of public keys and certificates. /// New certificates can be created, certificates can be imported and exported, /// and queries can be done on the database. @@ -109,8 +112,8 @@ namespace fides { /// are used, in the given order: /// - \$FIDES_HOME /// - \$HOME/.fides - /// - \$WPD/.fides - fides::fides(const std::string &dir): homedir(dir) { + /// - \$PWD/.fides + Manager::Manager(const std::string &dir): homedir(dir) { debug cerr << "Fides initialising\n"; // Set homedir to provided directory, or $FIDES_HOME, or $HOME/.fides, or as a last resort $PWD/.fides @@ -137,7 +140,7 @@ namespace fides { try { mykey.load_private(homedir + "priv"); firstrun = false; - } catch(fides::exception &e) { + } catch(exception &e) { cerr << "Fides generating keypair\n"; mykey.generate(); mykey.save_private(homedir + "priv"); @@ -148,7 +151,7 @@ namespace fides { for(size_t i = 0; i < files.size(); ++i) { debug cerr << "Loading key " << files[i] << '\n'; - publickey *key = new publickey(); + PublicKey *key = new PublicKey(); key->load(keydir + files[i]); keys[hexdecode(files[i])] = key; } @@ -157,27 +160,27 @@ namespace fides { files = dirlist(certdir); for(size_t i = 0; i < files.size(); ++i) { - debug cerr << "Loading certificate " << files[i] << '\n'; - certificate *cert = certificate_load(certdir + files[i]); + debug cerr << "Loading Certificate " << files[i] << '\n'; + Certificate *cert = certificate_load(certdir + files[i]); if(false && !cert->validate()) { - cerr << "Bad certificate in database: " << cert->to_string() << '\n'; + cerr << "Bad Certificate in database: " << cert->to_string() << '\n'; continue; } certs[hexdecode(files[i])] = cert; } - // TODO: save and load this value + /// \TODO save and load this value latest.tv_sec = 0; latest.tv_usec = 0; update_trust(); } - fides::~fides() { + Manager::~Manager() { debug cerr << "Fides exitting\n"; - for(map::const_iterator i = certs.begin(); i != certs.end(); ++i) + for(map::const_iterator i = certs.begin(); i != certs.end(); ++i) delete i->second; - for(map::const_iterator i = keys.begin(); i != keys.end(); ++i) + for(map::const_iterator i = keys.begin(); i != keys.end(); ++i) if(i->second != &mykey) delete i->second; } @@ -185,31 +188,31 @@ namespace fides { /// Checks the validaty of all certificates. // /// @return True if all known certificates are valid, false otherwise. - bool fides::fsck() const { + bool Manager::fsck() const { int errors = 0; - for(map::const_iterator i = certs.begin(); i != certs.end(); ++i) { + for(map::const_iterator i = certs.begin(); i != certs.end(); ++i) { if(!i->second->validate()) { - cerr << "Validation of certificate failed: " << i->second->to_string() << '\n'; + cerr << "Validation of Certificate failed: " << i->second->to_string() << '\n'; errors++; } } - cerr << errors << " errors in " << certs.size() << " certificates\n"; + cerr << errors << " errors in " << certs.size() << " Certificates\n"; return !errors; } /// Returns the base directory used by Fides. // /// @return The home directory. - string fides::get_homedir() const { + string Manager::get_homedir() const { return homedir; } /// Tests whether this is the first time Fides has run and has generated new keys. // /// @return True if this is the first time, false otherwise. - bool fides::is_firstrun() const { + bool Manager::is_firstrun() const { return firstrun; } @@ -217,8 +220,8 @@ namespace fides { // /// @param fingerprint String containing a fingerprint. /// @return Pointer to the public key corresponding to the fingerprint, or NULL if it was not found. - publickey *fides::find_key(const std::string &fingerprint) const { - map::const_iterator i; + PublicKey *Manager::find_key(const std::string &fingerprint) const { + map::const_iterator i; i = keys.find(fingerprint); if(i != keys.end()) return i->second; @@ -231,13 +234,13 @@ namespace fides { /// @param signer Public key to match certificates to. /// @param regex Regular expression to match the statement of each certificate to. /// @return A vector of certificates that match the criteria. - vector fides::find_certificates(const publickey *signer, const std::string ®ex) const { - vector found; - map::const_iterator i; + vector Manager::find_certificates(const PublicKey *signer, const std::string ®ex) const { + vector found; + map::const_iterator i; regexp regexp(regex); for(i = certs.begin(); i != certs.end(); ++i) { if(!i->second) { - cerr << "No certificate for " << hexencode(i->first) << '\n'; + cerr << "No Certificate for " << hexencode(i->first) << '\n'; continue; } if(i->second->signer == signer) @@ -251,9 +254,9 @@ namespace fides { // /// @param regex Regular expression to match the statement of each certificate to. /// @return A vector of certificates that match the criteria. - vector fides::find_certificates(const std::string ®ex) const { - vector found; - map::const_iterator i; + vector Manager::find_certificates(const std::string ®ex) const { + vector found; + map::const_iterator i; regexp regexp(regex); for(i = certs.begin(); i != certs.end(); ++i) if(regexp.match(i->second->statement)) @@ -265,9 +268,9 @@ namespace fides { // /// @param signer Public key to match certificates to. /// @return A vector of certificates that match the criteria. - vector fides::find_certificates(const publickey *signer) const { - vector found; - map::const_iterator i; + vector Manager::find_certificates(const PublicKey *signer) const { + vector found; + map::const_iterator i; for(i = certs.begin(); i != certs.end(); ++i) if(i->second->signer == signer) found.push_back(i->second); @@ -277,7 +280,7 @@ namespace fides { /// Import public keys and certificates from a stream. // /// @param in Stream to read from. - void fides::import_all(std::istream &in) { + void Manager::import_all(std::istream &in) { string line, pem; bool is_pem = false; @@ -288,7 +291,7 @@ namespace fides { if(is_pem || !line.compare(0, 11, "-----BEGIN ")) { pem += line + '\n'; if(!line.compare(0, 9, "-----END ")) { - publickey *key = new publickey(); + PublicKey *key = new PublicKey(); key->from_string(pem); debug cerr << "Imported key " << hexencode(key->fingerprint()) << '\n'; merge(key); @@ -299,8 +302,8 @@ namespace fides { continue; } - certificate *cert = certificate_from_string(line); - debug cerr << "Importing certificate " << hexencode(cert->fingerprint()) << '\n'; + Certificate *cert = certificate_from_string(line); + debug cerr << "Importing Certificate " << hexencode(cert->fingerprint()) << '\n'; merge(cert); } } @@ -308,10 +311,10 @@ namespace fides { /// Export all public keys and certificates to a stream. // /// @param out Stream to write to. - void fides::export_all(std::ostream &out) const { - for(map::const_iterator i = keys.begin(); i != keys.end(); ++i) + void Manager::export_all(std::ostream &out) const { + for(map::const_iterator i = keys.begin(); i != keys.end(); ++i) out << i->second->to_string(); - for(map::const_iterator i = certs.begin(); i != certs.end(); ++i) + for(map::const_iterator i = certs.begin(); i != certs.end(); ++i) out << i->second->to_string() << '\n'; } @@ -319,10 +322,10 @@ namespace fides { // /// This creates a certificate that says that we trust the given public key. /// If a key is trusted, then authorisation certificates from that key are taken into account - /// when calling functions such as fides::is_allowed(). + /// when calling functions such as Manager::is_allowed(). /// /// @param key Public key to trust. - void fides::trust(const publickey *key) { + void Manager::trust(const PublicKey *key) { string full = "t+ " + hexencode(key->fingerprint()); sign(full); } @@ -331,10 +334,10 @@ namespace fides { // /// This creates a certificate that says that we distrust the given public key. /// If a key is distrusted, then authorisation certificates from that key are not taken into account - /// when calling functions such as fides::is_allowed(). + /// when calling functions such as Manager::is_allowed(). /// /// @param key Public key to trust. - void fides::distrust(const publickey *key) { + void Manager::distrust(const PublicKey *key) { string full = "t- " + hexencode(key->fingerprint()); sign(full); } @@ -345,15 +348,15 @@ namespace fides { /// This key and certificates created by it are then treated as if we have never trusted nor distrusted this key. /// /// @param key Public key to trust. - void fides::dctrust(const publickey *key) { + void Manager::dctrust(const PublicKey *key) { string full = "t0 " + hexencode(key->fingerprint()); sign(full); } /// Recalculate the trust value of all known public keys. - void fides::update_trust() { + void Manager::update_trust() { // clear trust on all keys - for(map::const_iterator i = keys.begin(); i != keys.end(); ++i) + for(map::const_iterator i = keys.begin(); i != keys.end(); ++i) i->second->trust = 0; // Start by checking all trust certificates from ourself. @@ -364,10 +367,10 @@ namespace fides { // Already checked keys are never updated anymore (TODO: is that smart?) // Certificates of keys with a zero or negative trust score are not processed. - set checked; - set tocheck; - set newkeys; - set::iterator i; + set checked; + set tocheck; + set newkeys; + set::iterator i; mykey.trust = 3; tocheck.insert(&mykey); @@ -389,22 +392,22 @@ namespace fides { // find all non-zero trust certificates of this key - vector matches = find_certificates(*i, "^t[+-] "); + vector matches = find_certificates(*i, "^t[+-] "); // update trust value of those keys for(size_t j = 0; j < matches.size(); j++) { - publickey *other = find_key(hexdecode(matches[j]->statement.substr(3))); + PublicKey *other = find_key(hexdecode(matches[j]->statement.substr(3))); if(!other) { - cerr << "Trust certificate for unknown key: " << matches[j]->to_string() << '\n'; + cerr << "Trust Certificate for unknown key: " << matches[j]->to_string() << '\n'; continue; } // except for keys we already checked if(checked.find(other) != checked.end()) { - debug cerr << "Skipping trust certificate for already checked key: " << matches[j]->to_string() << '\n'; + debug cerr << "Skipping trust Certificate for already checked key: " << matches[j]->to_string() << '\n'; continue; } @@ -426,7 +429,7 @@ namespace fides { /// Merges a public key into the database. // /// @param key The public key to merge. - void fides::merge(publickey *key) { + void Manager::merge(PublicKey *key) { if(keys.find(key->fingerprint()) != keys.end()) { debug cerr << "Key already known\n"; return; @@ -445,7 +448,7 @@ namespace fides { /// the older certificate will be removed. /// /// @param cert The certificate to merge. - void fides::merge(certificate *cert) { + void Manager::merge(Certificate *cert) { // TODO: check if cert is already in database // TODO: check if cert obsoletes other certs @@ -458,14 +461,11 @@ namespace fides { // If the certificate does not validate, drop it. if(!cert->validate()) { // TODO: this should not happen, be wary of DoS attacks - cerr << "Trying to merge invalid certificate: " << cert->to_string() << '\n'; + cerr << "Trying to merge invalid Certificate: " << cert->to_string() << '\n'; return; } - // TODO: move these regexps to the class? - regexp authexp("^a[+0-] "); - regexp trustexp("^t[+0-] "); - vector others; + vector others; // Is this an authorisation cert? if(authexp.match(cert->statement)) { @@ -474,7 +474,7 @@ namespace fides { others = find_certificates(cert->signer, string("^a[+0-] ") + cert->statement.substr(3) + '$'); if(others.size()) { if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) { - debug cerr << "Certificate is overruled by a newer certificate\n"; + debug cerr << "Certificate is overruled by a newer Certificate\n"; return; } if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) { @@ -482,7 +482,7 @@ namespace fides { debug cerr << "Certificate has same timestamp as another timestamp!\n"; return; } - debug cerr << "Certificate overrules an older certificate!\n"; + debug cerr << "Certificate overrules an older Certificate!\n"; // save new cert first certificate_save(cert, certdir + hexencode(cert->fingerprint())); certs[cert->fingerprint()] = cert; @@ -503,7 +503,7 @@ namespace fides { others = find_certificates(cert->signer, string("^t[+0-] ") + cert->statement.substr(3) + '$'); if(others.size()) { if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) { - debug cerr << "Certificate is overruled by a newer certificate\n"; + debug cerr << "Certificate is overruled by a newer Certificate\n"; return; } if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) { @@ -511,7 +511,7 @@ namespace fides { debug cerr << "Certificate has same timestamp as another timestamp!\n"; return; } - debug cerr << "Certificate overrules an older certificate!\n"; + debug cerr << "Certificate overrules an older Certificate!\n"; // delete old one rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str()); certs.erase(others[0]->fingerprint()); @@ -527,7 +527,7 @@ namespace fides { others = find_certificates(cert->signer, string("^") + cert->statement + '$'); if(others.size()) { if(timercmp(&others[0]->timestamp, &cert->timestamp, >)) { - debug cerr << "Certificate is overruled by a newer certificate\n"; + debug cerr << "Certificate is overruled by a newer Certificate\n"; return; } if(timercmp(&others[0]->timestamp, &cert->timestamp, ==)) { @@ -535,7 +535,7 @@ namespace fides { debug cerr << "Certificate has same timestamp as another timestamp!\n"; return; } - debug cerr << "Certificate overrules an older certificate!\n"; + debug cerr << "Certificate overrules an older Certificate!\n"; // delete old one rename((certdir + hexencode(others[0]->fingerprint())).c_str(), (obsoletedir + hexencode(others[0]->fingerprint())).c_str()); certs.erase(others[0]->fingerprint()); @@ -560,9 +560,9 @@ namespace fides { /// gave a positive authorisation, 0 if there is a tie, /// or negative if the majority gave a negative authorisation. /// @param all Same as trusted but for all public keys. - void fides::auth_stats(const std::string &statement, int &self, int &trusted, int &all) const { + void Manager::auth_stats(const std::string &statement, int &self, int &trusted, int &all) const { self = trusted = all = 0; - vector matches = find_certificates(string("^a[+0-] ") + statement + '$'); + vector matches = find_certificates(string("^a[+0-] ") + statement + '$'); for(size_t i = 0; i < matches.size(); ++i) { char code = matches[i]->statement[1]; int diff = 0; @@ -582,7 +582,7 @@ namespace fides { // /// @param key The public key to test. /// @return True if the key is explicitly trusted, false otherwise. - bool fides::is_trusted(const publickey *key) const { + bool Manager::is_trusted(const PublicKey *key) const { return key->trust > 0; } @@ -590,7 +590,7 @@ namespace fides { // /// @param key The public key to test. /// @return True if the key is explicitly distrusted, false otherwise. - bool fides::is_distrusted(const publickey *key) const { + bool Manager::is_distrusted(const PublicKey *key) const { return key->trust < 0; } @@ -599,7 +599,7 @@ namespace fides { /// @param statement The statement to test. /// @param key The public key to test. /// @return True if the statement is allowed for the given key, false otherwise. - bool fides::is_allowed(const std::string &statement, const publickey *key) const { + bool Manager::is_allowed(const std::string &statement, const PublicKey *key) const { int self, trusted, all; if(key) @@ -620,7 +620,7 @@ namespace fides { /// @param statement The statement to test. /// @param key The public key to test. /// @return True if the statement is denied for the given key, false otherwise. - bool fides::is_denied(const std::string &statement, const publickey *key) const { + bool Manager::is_denied(const std::string &statement, const PublicKey *key) const { int self, trusted, all; if(key) @@ -639,7 +639,7 @@ namespace fides { /// Creates a certificate for the given statement. // /// @param statement The statement to create a certificate for. - void fides::sign(const std::string &statement) { + void Manager::sign(const std::string &statement) { // Try to set "latest" to now, but ensure monoticity struct timeval now; gettimeofday(&now, 0); @@ -654,10 +654,10 @@ namespace fides { } // Create a new certificate and merge it with our database - merge(new certificate(&mykey, latest, statement)); + merge(new Certificate(&mykey, latest, statement)); } - void fides::allow(const std::string &statement, const publickey *key) { + void Manager::allow(const std::string &statement, const PublicKey *key) { string full = "a+ "; if(key) full += hexencode(key->fingerprint()) + ' '; @@ -665,7 +665,7 @@ namespace fides { sign(full); } - void fides::dontcare(const std::string &statement, const publickey *key) { + void Manager::dontcare(const std::string &statement, const PublicKey *key) { string full = "a0 "; if(key) full += hexencode(key->fingerprint()) + ' '; @@ -673,7 +673,7 @@ namespace fides { sign(full); } - void fides::deny(const std::string &statement, const publickey *key) { + void Manager::deny(const std::string &statement, const PublicKey *key) { string full = "a- "; if(key) full += hexencode(key->fingerprint()) + ' '; diff --git a/lib/fides.h b/lib/fides.h index fb54b12..4ca088f 100644 --- a/lib/fides.h +++ b/lib/fides.h @@ -28,8 +28,13 @@ #include "privatekey.h" #include "utility.h" -namespace fides { - class fides { +namespace Fides { + class exception: public std::runtime_error { + public: + exception(const std::string reason): runtime_error(reason) {} + }; + + class Manager { std::string homedir; std::string certdir; std::string obsoletedir; @@ -38,26 +43,17 @@ namespace fides { bool firstrun; struct timeval latest; - public: - // Utility functions - - class exception: public std::runtime_error { - public: - exception(const std::string reason): runtime_error(reason) {} - }; - // Fides class itself - private: - privatekey mykey; - std::map keys; - std::map certs; + PrivateKey mykey; + std::map keys; + std::map certs; - void merge(certificate *cert); - void merge(publickey *key); + void merge(Certificate *cert); + void merge(PublicKey *key); public: - fides(const std::string &homedir = ""); - ~fides(); + Manager(const std::string &homedir = ""); + ~Manager(); bool is_firstrun() const; bool fsck() const; @@ -65,37 +61,37 @@ namespace fides { void sign(const std::string &statement); - void allow(const std::string &statement, const publickey *key = 0); - void dontcare(const std::string &statement, const publickey *key = 0); - void deny(const std::string &statement, const publickey *key = 0); - bool is_allowed(const std::string &statement, const publickey *key = 0) const; - bool is_denied(const std::string &statement, const publickey *key = 0) const; + void allow(const std::string &statement, const PublicKey *key = 0); + void dontcare(const std::string &statement, const PublicKey *key = 0); + void deny(const std::string &statement, const PublicKey *key = 0); + bool is_allowed(const std::string &statement, const PublicKey *key = 0) const; + bool is_denied(const std::string &statement, const PublicKey *key = 0) const; void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const; - void trust(const publickey *key); - void dctrust(const publickey *key); - void distrust(const publickey *key); - bool is_trusted(const publickey *key) const; - bool is_distrusted(const publickey *key) const; - publickey *find_key(const std::string &fingerprint) const; + void trust(const PublicKey *key); + void dctrust(const PublicKey *key); + void distrust(const PublicKey *key); + bool is_trusted(const PublicKey *key) const; + bool is_distrusted(const PublicKey *key) const; + PublicKey *find_key(const std::string &fingerprint) const; void update_trust(); - std::vector find_certificates(const publickey *key, const std::string &statement) const; - std::vector find_certificates(const std::string &statement) const; - std::vector find_certificates(const publickey *key) const; + std::vector find_certificates(const PublicKey *key, const std::string &statement) const; + std::vector find_certificates(const std::string &statement) const; + std::vector find_certificates(const PublicKey *key) const; - const certificate *import_certificate(const std::string &certificate); - std::string export_certificate(const certificate *) const; + const Certificate *import_certificate(const std::string &Certificate); + std::string export_certificate(const Certificate *) const; - const publickey *import_key(const std::string &key); - std::string export_key(const publickey *key) const; + const PublicKey *import_key(const std::string &key); + std::string export_key(const PublicKey *key) const; void import_all(std::istream &in); void export_all(std::ostream &out) const; - certificate *certificate_from_string(const std::string &certificate); - certificate *certificate_load(const std::string &filename); - void certificate_save(const certificate *cert, const std::string &filename) const; + Certificate *certificate_from_string(const std::string &Certificate); + Certificate *certificate_load(const std::string &filename); + void certificate_save(const Certificate *cert, const std::string &filename) const; }; } diff --git a/lib/privatekey.cc b/lib/privatekey.cc index 4cda7a5..e990c25 100644 --- a/lib/privatekey.cc +++ b/lib/privatekey.cc @@ -33,8 +33,8 @@ using namespace std; static Botan::AutoSeeded_RNG rng; -namespace fides { - /// \class privatekey +namespace Fides { + /// \class PrivateKey /// /// \brief Representation of a public/private keypair. /// @@ -42,10 +42,10 @@ namespace fides { /// so that others who have the corresponding public key /// can ascertain that the statement was really made by us. - privatekey::privatekey(): priv(0) { + PrivateKey::PrivateKey(): priv(0) { } - privatekey::~privatekey() { + PrivateKey::~PrivateKey() { delete priv; pub = 0; } @@ -53,7 +53,7 @@ namespace fides { /// Generates a new public/private keypair. // /// @param field OID of the field to generate a key in. - void privatekey::generate(const std::string &field) { + void PrivateKey::generate(const std::string &field) { Botan::EC_Domain_Params domain = Botan::get_EC_Dom_Pars_by_oid(field); pub = priv = new Botan::ECDSA_PrivateKey(rng, domain); } @@ -65,7 +65,7 @@ namespace fides { /// Allowed values are 112, 128, 160, 192, 224, 256, 384 and 521. /// Keys less than 160 bits are considered weak. /// Keys greater than 224 bits are considered very strong. - void privatekey::generate(unsigned int bits) { + void PrivateKey::generate(unsigned int bits) { switch(bits) { case 112: return generate("1.3.132.0.6"); case 128: return generate("1.3.132.0.28"); @@ -75,26 +75,26 @@ namespace fides { case 256: return generate("1.3.132.0.10"); case 384: return generate("1.3.132.0.34"); case 521: return generate("1.3.132.0.35"); - default: throw fides::exception("Unsupported number of bits for private key"); + default: throw Fides::exception("Unsupported number of bits for private key"); } } /// Loads a private key from a stream. // /// @param in Stream to read from. - void privatekey::load_private(std::istream &in) { + void PrivateKey::load_private(std::istream &in) { try { Botan::DataSource_Stream stream(in); pub = priv = dynamic_cast(Botan::PKCS8::load_key(stream, rng, "")); } catch(Botan::Exception &e) { - throw fides::exception(e.what()); + throw Fides::exception(e.what()); } } /// Loads a private key from a file. // /// @param filename Name of the file to read from. - void privatekey::load_private(const std::string &filename) { + void PrivateKey::load_private(const std::string &filename) { ifstream in(filename.c_str()); load_private(in); } @@ -102,14 +102,14 @@ namespace fides { /// Saves the private key to a stream. // /// @param out Stream to write to. - void privatekey::save_private(std::ostream &out) const { + void PrivateKey::save_private(std::ostream &out) const { out << Botan::PKCS8::PEM_encode(*priv); } /// Saves the private key to a file. // /// @param filename Name of the file to write to. - void privatekey::save_private(const std::string &filename) const { + void PrivateKey::save_private(const std::string &filename) const { ofstream out(filename.c_str()); save_private(out); } @@ -118,7 +118,7 @@ namespace fides { // /// @param statement The statement that is to be signed. /// @return A string containing the signature. - string privatekey::sign(const std::string &statement) const { + string PrivateKey::sign(const std::string &statement) const { auto_ptr signer(Botan::get_pk_signer(*priv, "EMSA1(SHA-512)")); Botan::SecureVector sig = signer->sign_message((const Botan::byte *)statement.data(), statement.size(), rng); return string((const char *)sig.begin(), (size_t)sig.size()); diff --git a/lib/privatekey.h b/lib/privatekey.h index 9e95859..a648604 100644 --- a/lib/privatekey.h +++ b/lib/privatekey.h @@ -1,4 +1,4 @@ -/* privatekey.h - Fides private key class +/* PrivateKey.h - Fides private key class Copyright (C) 2008-2009 Guus Sliepen Fides is free software; you can redistribute it and/or modify @@ -23,13 +23,13 @@ #include #include "publickey.h" -namespace fides { - class privatekey: public publickey { +namespace Fides { + class PrivateKey: public PublicKey { Botan::ECDSA_PrivateKey *priv; public: - privatekey(); - ~privatekey(); + PrivateKey(); + ~PrivateKey(); void load_private(std::istream &in); void save_private(std::ostream &out) const; diff --git a/lib/publickey.cc b/lib/publickey.cc index 7a8a16d..4dd5b76 100644 --- a/lib/publickey.cc +++ b/lib/publickey.cc @@ -32,8 +32,8 @@ using namespace std; -namespace fides { - /// \class publickey +namespace Fides { + /// \class PublicKey /// /// \brief Representation of a public key. /// @@ -42,29 +42,29 @@ namespace fides { /// Thus, we can ascertain if a statement, if it has been properly signed, /// was indeed made by that entity. - publickey::publickey(): pub(0), trust(0) { + PublicKey::PublicKey(): pub(0), trust(0) { } - publickey::~publickey() { + PublicKey::~PublicKey() { delete pub; } /// Loads a public key from a stream. // /// @param in Stream to read from. - void publickey::load(std::istream &in) { + void PublicKey::load(std::istream &in) { try { Botan::DataSource_Stream source(in); pub = dynamic_cast(Botan::X509::load_key(source)); } catch(Botan::Exception &e) { - throw fides::exception(e.what()); + throw Fides::exception(e.what()); } } /// Loads a public key from a file. // /// @param filename Name of the file to read the key from. - void publickey::load(const std::string &filename) { + void PublicKey::load(const std::string &filename) { ifstream in(filename.c_str()); load(in); } @@ -72,14 +72,14 @@ namespace fides { /// Saves the public key to a stream. // /// @param out Stream to write to. - void publickey::save(std::ostream &out) const { + void PublicKey::save(std::ostream &out) const { out << to_string(); } /// Saves the public key to a file. // /// @param filename Name of the file to save the key to. - void publickey::save(const std::string &filename) const { + void PublicKey::save(const std::string &filename) const { ofstream out(filename.c_str()); save(out); } @@ -87,19 +87,19 @@ namespace fides { /// Loads a public key from a string. // /// @param in String containing a public key in textual format. - void publickey::from_string(const std::string &in) { + void PublicKey::from_string(const std::string &in) { try { Botan::DataSource_Memory source(in); pub = dynamic_cast(Botan::X509::load_key(source)); } catch(Botan::Exception &e) { - throw fides::exception(e.what()); + throw Fides::exception(e.what()); } } /// Write the public key to a string. // /// @return String containing the public key in textual format. - string publickey::to_string() const { + string PublicKey::to_string() const { return Botan::X509::PEM_encode(*pub); } @@ -108,7 +108,7 @@ namespace fides { /// @param bits Number of bits from the fingerprint to return. /// The number will be rounded down to the nearest multiple of 8. /// @return String containing the fingerprint. - string publickey::fingerprint(unsigned int bits) const { + string PublicKey::fingerprint(unsigned int bits) const { // TODO: find out if there is a standard way to get a hash of an ECDSA public key Botan::SHA_256 sha256; Botan::SecureVector hash = sha256.process(Botan::X509::PEM_encode(*pub)); @@ -121,7 +121,7 @@ namespace fides { /// @param signature The signature of the statement. /// @return Returns true if the signature is indeed a valid signature, made by this public key, of the statement. /// Return false otherwise. - bool publickey::verify(const std::string &statement, const std::string &signature) const { + bool PublicKey::verify(const std::string &statement, const std::string &signature) const { auto_ptr verifier(Botan::get_pk_verifier(*pub, "EMSA1(SHA-512)")); verifier->update((const Botan::byte *)statement.data(), statement.size()); Botan::SecureVector sig; diff --git a/lib/publickey.h b/lib/publickey.h index ad7993c..f8aae83 100644 --- a/lib/publickey.h +++ b/lib/publickey.h @@ -23,14 +23,14 @@ #include #include -namespace fides { - class publickey { +namespace Fides { + class PublicKey { protected: Botan::ECDSA_PublicKey *pub; public: - publickey(); - ~publickey(); + PublicKey(); + ~PublicKey(); int trust; void load(std::istream &in); diff --git a/lib/utility.cc b/lib/utility.cc index d853ec9..bf0915e 100644 --- a/lib/utility.cc +++ b/lib/utility.cc @@ -41,7 +41,7 @@ using namespace std; -namespace fides { +namespace Fides { // Base64 and hex encoding/decoding functions /// Hexadecimal encode data. diff --git a/lib/utility.h b/lib/utility.h index 7ad7ab1..4a90e7e 100644 --- a/lib/utility.h +++ b/lib/utility.h @@ -23,7 +23,7 @@ #include #include -namespace fides { +namespace Fides { class regexp { regex_t comp; @@ -40,13 +40,13 @@ namespace fides { /// /// @param exp Regular expression to compile. /// @param cflags Bitwise OR of options to apply when compiling the regular expression: - /// - fides::regexp::EXTENDED + /// - Fides::regexp::EXTENDED /// Use POSIX Extended Regular Expression syntax when interpreting exp. - /// - fides::regexp::ICASE + /// - Fides::regexp::ICASE /// Make the expression case-insensitive. - /// - fides::regexp::NOSUB + /// - Fides::regexp::NOSUB /// Disable support for substring addressing. - /// - fides::regexp::NEWLINE + /// - Fides::regexp::NEWLINE /// Do not treat the newline character as the start or end of a line. regexp(const std::string &exp, int cflags = 0) { int err = regcomp(&comp, exp.c_str(), cflags); @@ -62,9 +62,9 @@ namespace fides { /// /// @param in String to test. /// @param eflags Bitwise OR of options to apply when matching the string: - /// - fides::regexp::NOTBOL + /// - Fides::regexp::NOTBOL /// Do not treat the start of the string as the start of a line. - /// - fides::regexp::NOTEOL + /// - Fides::regexp::NOTEOL /// Do not treat the end of the string as the end of a line. /// @return True if the string matches the regular expression, false otherwise. bool match(const std::string &in, int eflags = 0) { diff --git a/src/fides.cc b/src/fides.cc index b322a84..9040d5f 100644 --- a/src/fides.cc +++ b/src/fides.cc @@ -79,7 +79,7 @@ static void version(ostream &out = cout) { } static int init() { - fides::fides fides; + Fides::Manager fides; if(fides.is_firstrun()) { cout << "New keys generated in " << fides.get_homedir() << '\n'; } else { @@ -92,8 +92,8 @@ static int is_trusted(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; - fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); + Fides::Manager fides; + Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0])); if(!key) { cerr << "Unknown key!\n"; return 1; @@ -105,8 +105,8 @@ static int is_distrusted(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; - fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); + Fides::Manager fides; + Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0])); if(!key) { cerr << "Unknown key!\n"; return 1; @@ -118,8 +118,8 @@ static int trust(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; - fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); + Fides::Manager fides; + Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0])); if(key) fides.trust(key); else { @@ -133,8 +133,8 @@ static int dctrust(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; - fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); + Fides::Manager fides; + Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0])); if(key) fides.dctrust(key); else { @@ -148,8 +148,8 @@ static int distrust(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; - fides::publickey *key = fides.find_key(fides::hexdecode(argv[0])); + Fides::Manager fides; + Fides::PublicKey *key = fides.find_key(Fides::hexdecode(argv[0])); if(key) fides.distrust(key); else { @@ -163,7 +163,7 @@ static int sign(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; + Fides::Manager fides; fides.sign(argv[0]); return 0; } @@ -172,7 +172,7 @@ static int allow(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; + Fides::Manager fides; fides.allow(argv[0]); return 0; } @@ -181,7 +181,7 @@ static int dontcare(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; + Fides::Manager fides; fides.dontcare(argv[0]); return 0; } @@ -190,13 +190,13 @@ static int deny(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; + Fides::Manager fides; fides.deny(argv[0]); return 0; } static int import(int argc, char *const argv[]) { - fides::fides fides; + Fides::Manager fides; if(argc) { ifstream in(argv[0]); @@ -207,7 +207,7 @@ static int import(int argc, char *const argv[]) { } static int exprt(int argc, char *const argv[]) { - fides::fides fides; + Fides::Manager fides; if(argc) { ofstream out(argv[0]); @@ -222,8 +222,8 @@ static int find(int argc, char *const argv[]) { return EX_USAGE; // Find certificates matching statement - fides::fides fides; - const vector &certs = fides.find_certificates(argv[0]); + Fides::Manager fides; + const vector &certs = fides.find_certificates(argv[0]); for(size_t i = 0; i < certs.size(); ++i) cout << i << ' ' << certs[i]->to_string() << '\n'; return 0; @@ -233,7 +233,7 @@ static int is_allowed(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; + Fides::Manager fides; return fides.is_allowed(argv[0]) ? 0 : 1; } @@ -241,7 +241,7 @@ static int is_denied(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; + Fides::Manager fides; return fides.is_denied(argv[0]) ? 0 : 1; } @@ -249,7 +249,7 @@ static int test(int argc, char *const argv[]) { if(argc < 1) return EX_USAGE; - fides::fides fides; + Fides::Manager fides; int self, trusted, all; fides.auth_stats(argv[0], self, trusted, all); cout << "Self: " << self << ", trusted: " << trusted << ", all: " << all << '\n'; @@ -257,7 +257,7 @@ static int test(int argc, char *const argv[]) { } static int fsck() { - fides::fides fides; + Fides::Manager fides; if(fides.fsck()) { cout << "Everything OK\n"; return 0;