X-Git-Url: https://tinc-vpn.org/git/browse?p=fides;a=blobdiff_plain;f=lib%2Ffides.h;fp=lib%2Ffides.h;h=fb54b12b456a8be5b14c4c518ac26656d1c1251b;hp=569f87619fea8a6094ee94c8b6a7651fbed7dea9;hb=401e0b5e1d97ded0e2c7415c6dd0f94ee6bfb470;hpb=0f3083b8693bfaddc4bf3fd6ce7174ac06afa958 diff --git a/lib/fides.h b/lib/fides.h index 569f876..fb54b12 100644 --- a/lib/fides.h +++ b/lib/fides.h @@ -19,196 +19,85 @@ #define __FIDES_H__ #include -#include -#include -#include #include #include +#include -class fides { - std::string homedir; - std::string certdir; - std::string obsoletedir; - std::string keydir; +#include "certificate.h" +#include "publickey.h" +#include "privatekey.h" +#include "utility.h" - bool firstrun; - struct timeval latest; - static Botan::AutoSeeded_RNG rng; +namespace fides { + class fides { + std::string homedir; + std::string certdir; + std::string obsoletedir; + std::string keydir; - public: - // Utility functions - - static std::string b64encode(const std::string &in); - static std::string b64decode(const std::string &in); - static std::string hexencode(const std::string &in); - static std::string hexdecode(const std::string &in); - - /// Compiled regular expression. - - /// This class holds a compiled regular expression, - /// which can be used to match arbitrary strings to. - /// It is a wrapper for the POSIX regex functions - /// regcomp() and regexec(). - class regexp { - regex_t comp; - - public: - static const int EXTENDED = REG_EXTENDED; - static const int ICASE = REG_ICASE; - static const int NOSUB = REG_NOSUB; - static const int NEWLINE = REG_NEWLINE; - - static const int NOTBOL = REG_NOTBOL; - static const int NOTEOL = REG_NOTEOL; - - /// Construct a compiled regular expression. - /// - /// @param exp Regular expression to compile. - /// @param cflags Bitwise OR of options to apply when compiling the regular expression: - /// - fides::regexp::EXTENDED - /// Use POSIX Extended Regular Expression syntax when interpreting exp. - /// - fides::regexp::ICASE - /// Make the expression case-insensitive. - /// - fides::regexp::NOSUB - /// Disable support for substring addressing. - /// - fides::regexp::NEWLINE - /// Do not treat the newline character as the start or end of a line. - regexp(const std::string &exp, int cflags = 0) { - int err = regcomp(&comp, exp.c_str(), cflags); - if(err) - throw exception("Could not compile regular expression"); - } - - ~regexp() { - regfree(&comp); - } - - /// Test whether a string matches the regular expression. - /// - /// @param in String to test. - /// @param eflags Bitwise OR of options to apply when matching the string: - /// - fides::regexp::NOTBOL - /// Do not treat the start of the string as the start of a line. - /// - fides::regexp::NOTEOL - /// Do not treat the end of the string as the end of a line. - /// @return True if the string matches the regular expression, false otherwise. - bool match(const std::string &in, int eflags = 0) { - return regexec(&comp, in.c_str(), 0, 0, eflags) == 0; - } - }; - - class exception: public std::runtime_error { - public: - exception(const std::string reason): runtime_error(reason) {} - }; - - // Objects manipulated by fides - - class publickey { - protected: - Botan::ECDSA_PublicKey *pub; + bool firstrun; + struct timeval latest; public: - publickey(); - ~publickey(); - - int trust; - void load(std::istream &in); - void save(std::ostream &out) const; - void load(const std::string &filename); - void save(const std::string &filename) const; - bool verify(const std::string &data, const std::string &signature) const; - std::string to_string() const; - void from_string(const std::string &in); - std::string fingerprint(unsigned int bits = 64) const; - }; + // Utility functions - class privatekey: public publickey { - Botan::ECDSA_PrivateKey *priv; + class exception: public std::runtime_error { + public: + exception(const std::string reason): runtime_error(reason) {} + }; + // Fides class itself - public: - privatekey(); - ~privatekey(); - - void load_private(std::istream &in); - void save_private(std::ostream &out) const; - void load_private(const std::string &filename); - void save_private(const std::string &filename) const; - void generate(const std::string &field); - void generate(unsigned int bits = 224); - std::string sign(const std::string &data) const; - }; - - class certificate { - friend class fides; + private: + privatekey mykey; + std::map keys; + std::map certs; - /// Public key that signed this certificate. - const publickey *signer; - struct timeval timestamp; - std::string statement; - std::string signature; + void merge(certificate *cert); + void merge(publickey *key); public: - certificate(const publickey *pub, struct timeval timestamp, const std::string &statement, const std::string &signature); - certificate(const privatekey *priv, struct timeval timestamp, const std::string &statement); - - std::string to_string() const; - std::string fingerprint(unsigned int bits = 64) const; - bool validate() const; - }; + fides(const std::string &homedir = ""); + ~fides(); - // Fides class itself + bool is_firstrun() const; + bool fsck() const; + std::string get_homedir() const; - private: - privatekey mykey; - std::map keys; - std::map certs; + void sign(const std::string &statement); - void merge(certificate *cert); - void merge(publickey *key); + void allow(const std::string &statement, const publickey *key = 0); + void dontcare(const std::string &statement, const publickey *key = 0); + void deny(const std::string &statement, const publickey *key = 0); + bool is_allowed(const std::string &statement, const publickey *key = 0) const; + bool is_denied(const std::string &statement, const publickey *key = 0) const; - public: - fides(const std::string &homedir = ""); - ~fides(); + void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const; + void trust(const publickey *key); + void dctrust(const publickey *key); + void distrust(const publickey *key); + bool is_trusted(const publickey *key) const; + bool is_distrusted(const publickey *key) const; + publickey *find_key(const std::string &fingerprint) const; + void update_trust(); - bool is_firstrun() const; - bool fsck() const; - std::string get_homedir() const; + std::vector find_certificates(const publickey *key, const std::string &statement) const; + std::vector find_certificates(const std::string &statement) const; + std::vector find_certificates(const publickey *key) const; - void sign(const std::string &statement); + const certificate *import_certificate(const std::string &certificate); + std::string export_certificate(const certificate *) const; - void allow(const std::string &statement, const publickey *key = 0); - void dontcare(const std::string &statement, const publickey *key = 0); - void deny(const std::string &statement, const publickey *key = 0); - bool is_allowed(const std::string &statement, const publickey *key = 0) const; - bool is_denied(const std::string &statement, const publickey *key = 0) const; + const publickey *import_key(const std::string &key); + std::string export_key(const publickey *key) const; - void auth_stats(const std::string &statement, int &self, int &trusted, int &all) const; - void trust(const publickey *key); - void dctrust(const publickey *key); - void distrust(const publickey *key); - bool is_trusted(const publickey *key) const; - bool is_distrusted(const publickey *key) const; - publickey *find_key(const std::string &fingerprint) const; - void update_trust(); + void import_all(std::istream &in); + void export_all(std::ostream &out) const; - std::vector find_certificates(const publickey *key, const std::string &statement) const; - std::vector find_certificates(const std::string &statement) const; - std::vector find_certificates(const publickey *key) const; + certificate *certificate_from_string(const std::string &certificate); + certificate *certificate_load(const std::string &filename); + void certificate_save(const certificate *cert, const std::string &filename) const; - const certificate *import_certificate(const std::string &certificate); - std::string export_certificate(const certificate *) const; - - const publickey *import_key(const std::string &key); - std::string export_key(const publickey *key) const; - - void import_all(std::istream &in); - void export_all(std::ostream &out) const; - - certificate *certificate_from_string(const std::string &certificate); - certificate *certificate_load(const std::string &filename); - void certificate_save(const certificate *cert, const std::string &filename) const; - -}; + }; +} #endif