-/// Saves the private key to a file.
-//
-/// @param filename Name of the file to write to.
-void fides::privatekey::save_private(const std::string &filename) const {
- ofstream out(filename.c_str());
- save_private(out);
-}
-
-/// Signs a statement with this private key.
-//
-/// @param statement The statement that is to be signed.
-/// @return A string containing the signature.
-string fides::privatekey::sign(const std::string &statement) const {
- auto_ptr<Botan::PK_Signer> signer(Botan::get_pk_signer(*priv, "EMSA1(SHA-512)"));
- Botan::SecureVector<Botan::byte> sig = signer->sign_message((const Botan::byte *)statement.data(), statement.size(), rng);
- return string((const char *)sig.begin(), (size_t)sig.size());
-}
-
-// Base64 and hex encoding/decoding functions
-
-/// Hexadecimal encode data.
-//
-/// @param in A string containing raw data.
-/// @return A string containing the hexadecimal encoded data.
-string fides::hexencode(const std::string &in) {
- Botan::Pipe pipe(new Botan::Hex_Encoder);
- pipe.process_msg((Botan::byte *)in.data(), in.size());
- return pipe.read_all_as_string();
-}
-
-/// Decode hexadecimal data.
-//
-/// @param in A string containing hexadecimal encoded data.
-/// @return A string containing the raw data.
-string fides::hexdecode(const std::string &in) {
- Botan::Pipe pipe(new Botan::Hex_Decoder);
- pipe.process_msg((Botan::byte *)in.data(), in.size());
- return pipe.read_all_as_string();
-}
-
-/// Base-64 encode data.
-//
-/// @param in A string containing raw data.
-/// @return A string containing the base-64 encoded data.
-string fides::b64encode(const std::string &in) {
- Botan::Pipe pipe(new Botan::Base64_Encoder);
- pipe.process_msg((Botan::byte *)in.data(), in.size());
- return pipe.read_all_as_string();
-}
-
-/// Decode base-64 data.
-//
-/// @param in A string containing base-64 encoded data.
-/// @return A string containing the raw data.
-string fides::b64decode(const std::string &in) {
- Botan::Pipe pipe(new Botan::Base64_Decoder);
- pipe.process_msg((Botan::byte *)in.data(), in.size());
- return pipe.read_all_as_string();
-}
-
-/// \class fides::certificate
-///
-/// \brief Representation of a certificate.
-
-/// Construct a certificate from elements of an already existing certificate.
-//
-/// @param key Public key used to sign the certificate.
-/// @param timestamp Timestamp of the certificate.
-/// @param statement Statement of the certificate.
-/// @param signature Signature of the certificate.
-fides::certificate::certificate(const publickey *key, struct timeval timestamp, const std::string &statement, const std::string &signature): signer(key), timestamp(timestamp), statement(statement), signature(signature) {}
-
-/// Verifies the signature of the certificate.
-//
-/// @return True if the signature is valid, false otherwise.
-bool fides::certificate::validate() const {
- string data = signer->fingerprint(256);
- data += string((const char *)×tamp, sizeof timestamp);
- data += statement;
- return signer->verify(data, signature);
-}
+ /// \class Manager
+ ///
+ /// \brief Interaction with a Fides database.
+ ///
+ /// A Manager object manages a database of public keys and certificates.
+ /// New certificates can be created, certificates can be imported and exported,
+ /// and queries can be done on the database.
+
+
+ /// Creates a new handle on a Fides database.
+ //
+ /// Will load the private key, known public keys and certificates.
+ /// After that it will calculate the trust value of all keys.
+ ///
+ /// @param dir Directory where Fides stores the keys and certificates.
+ /// If no directory is specified, the following environment variables
+ /// are used, in the given order:
+ /// - \$FIDES_HOME
+ /// - \$HOME/.fides
+ /// - \$PWD/.fides
+ Manager::Manager(const std::string &dir): homedir(dir) {
+ debug cerr << "Fides initialising\n";
+
+ // Set homedir to provided directory, or $FIDES_HOME, or $HOME/.fides, or as a last resort $PWD/.fides
+ if(homedir.empty())
+ homedir = getenv("FIDES_HOME") ?: "";
+ if(homedir.empty()) {
+ char cwd[PATH_MAX];
+ homedir = getenv("HOME") ?: getcwd(cwd, sizeof cwd);
+ homedir += "/.fides";
+ }