Hi Martin,

I needed some more time for thinking about the API. OpenCA moved in the last time consequently towards an objectoriented design. So what about an object-oriented API?

Authentication
--------------

This could cleanup the authentication framework too. During the initialization of a request we would do this:

$api->set_x509_login_callback
$api->set_passwd_login_callback
$api->set_crypto_callback
$api->set_output_callback(s)

The callbacks would have really simple interfaces:

set_x509_login_callback
  in:  challenge
  out: name + signature
set_passwd_login_callback
  in:  -
  out: name + passwd
set_crypto_callback
  in:  passwd_parts
  out: passphrase

The session handling would simply require a getteer and setter for the session ID that's all (set_session_id and get_session_id). The interface decides by itself about the used storage method at the client side (e.g. cookie or parameter). This should clean op OpenCA::AC too.

The important question for me is what should we do if a callback requires to stop the api object (e.g. HTML passphrase callback)? My idea would be a function like serialize_api and if the HTML interface knows the passphrase then we can call deserialize_api (session_id). After this the callback returns the answer immediately. We have only to cleanup the serialized objects from time to time.

Functions
---------

The functions should be in common/lib/api/ while the frontends should be placed in a new area like common/lib/frontends/html/. The functions itself should look like this:

- get functions for objects
(cryptoShell should not be visible)
- data or serial based
- getters are:
- get_X509
- get_REQ
- get_CRL
- API functions like the todays commands (perhaps we can reuse the cmds/ directory instead of the api/ directory)
- set_approval (for new policy handling)
- get_errno
- get_errval


Ok, it's too much like always for one mail - so I should stop here.

Michael
--
_______________________________________________________________

Michael Bell                    Humboldt-Universitaet zu Berlin

Tel.: +49 (0)30-2093 2482       ZE Computer- und Medienservice
Fax:  +49 (0)30-2093 2704       Unter den Linden 6
[EMAIL PROTECTED]   D-10099 Berlin
_______________________________________________________________


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to