Encapsulates the authentication properties of an EKEP-based gRPC connection.
More...
#include <enclave_auth_context.h>
|
| | EnclaveAuthContext ()=default |
| |
| virtual | ~EnclaveAuthContext ()=default |
| |
| virtual RecordProtocol | GetRecordProtocol () const |
| | Gets the secure transport record-protocol used for securing frames over the connection. More...
|
| |
| virtual bool | HasEnclaveIdentity (const EnclaveIdentityDescription &description) const |
| | Indicates whether the authenticated peer has an identity matching description. More...
|
| |
| virtual StatusOr< const EnclaveIdentity * > | FindEnclaveIdentity (const EnclaveIdentityDescription &description) const |
| | Finds and returns a peer identity matching description, if one exists. More...
|
| |
| virtual StatusOr< bool > | EvaluateAcl (const IdentityAclPredicate &acl) const |
| | Evaluates the peer's identities against acl. More...
|
| |
| virtual StatusOr< bool > | EvaluateAcl (const IdentityAclPredicate &acl, std::string *explanation) const |
| | Evaluates the peer's identities against acl. More...
|
| |
| virtual StatusOr< bool > | EvaluateAcl (const EnclaveIdentityExpectation &expectation) const |
| | Evaluates whether any of the peer's identities match expectation. More...
|
| |
| virtual StatusOr< bool > | EvaluateAcl (const EnclaveIdentityExpectation &expectation, std::string *explanation) const |
| | Evaluates whether any of the peer's identities match expectation. More...
|
| |
Encapsulates the authentication properties of an EKEP-based gRPC connection.
The authentication properties in an EnclaveAuthContext object include the secure transport protocol and the peer's enclave identities.
Virtual functions are only for mocking.
◆ EnclaveAuthContext()
| asylo::EnclaveAuthContext::EnclaveAuthContext |
( |
| ) |
|
|
default |
◆ ~EnclaveAuthContext()
| virtual asylo::EnclaveAuthContext::~EnclaveAuthContext |
( |
| ) |
|
|
virtualdefault |
◆ CreateFromAuthContext()
Creates an EnclaveAuthContext from the authentication properties in auth_context.
- Parameters
-
| auth_context | An authentication context. |
◆ CreateFromServerContext()
| static StatusOr<EnclaveAuthContext> asylo::EnclaveAuthContext::CreateFromServerContext |
( |
const ::grpc::ServerContext & |
server_context | ) |
|
|
static |
Constructs an EnclaveAuthContext using the authentication properties from server_context.
The resulting EnclaveAuthContext contains the authentication properties on the server-side of the connection.
- Parameters
-
| server_context | The server's authentication context. |
◆ EvaluateAcl() [1/4]
| virtual StatusOr<bool> asylo::EnclaveAuthContext::EvaluateAcl |
( |
const IdentityAclPredicate & |
acl | ) |
const |
|
virtual |
Evaluates the peer's identities against acl.
- Parameters
-
| acl | The ACL against which to evaluate the peer's identities. |
- Returns
- A bool indicating whether the peer's identities match
acl, or a non-OK Status if an error occurred while evaluating the ACL.
◆ EvaluateAcl() [2/4]
| virtual StatusOr<bool> asylo::EnclaveAuthContext::EvaluateAcl |
( |
const IdentityAclPredicate & |
acl, |
|
|
std::string * |
explanation |
|
) |
| const |
|
virtual |
Evaluates the peer's identities against acl.
- Parameters
-
| acl | The ACL against which to evaluate the peer's identities. |
| [out] | explanation | An explanation of why the peer's identities did not match acl, if the result is false. |
- Returns
- A bool indicating whether the peer's identities match
acl, or a non-OK Status if an error occurred while evaluating the ACL.
◆ EvaluateAcl() [3/4]
| virtual StatusOr<bool> asylo::EnclaveAuthContext::EvaluateAcl |
( |
const EnclaveIdentityExpectation & |
expectation | ) |
const |
|
virtual |
Evaluates whether any of the peer's identities match expectation.
- Parameters
-
| expectation | The expectation against which to evaluate the peer's identities. |
- Returns
- A bool indicating whether any of the peer's identities match
expectation, or a non-OK Status if an error occurred while evaluating expectation.
◆ EvaluateAcl() [4/4]
| virtual StatusOr<bool> asylo::EnclaveAuthContext::EvaluateAcl |
( |
const EnclaveIdentityExpectation & |
expectation, |
|
|
std::string * |
explanation |
|
) |
| const |
|
virtual |
Evaluates whether any of the peer's identities match expectation.
- Parameters
-
| expectation | The expectation against which to evaluate the peer's identities. |
| [out] | explanation | An explanation of why the peer's identities did not match expectation, if the result is false. |
- Returns
- A bool indicating whether any of the peer's identities match
expectation, or a non-OK Status if an error occurred while evaluating expectation.
◆ FindEnclaveIdentity()
| virtual StatusOr<const EnclaveIdentity *> asylo::EnclaveAuthContext::FindEnclaveIdentity |
( |
const EnclaveIdentityDescription & |
description | ) |
const |
|
virtual |
Finds and returns a peer identity matching description, if one exists.
- Parameters
-
| description | A description of an identity to find. |
- Returns
- A pointer to the identity on success, and a StatusOr with a
GoogleError::NOT_FOUND Status on failure.
◆ GetRecordProtocol()
| virtual RecordProtocol asylo::EnclaveAuthContext::GetRecordProtocol |
( |
| ) |
const |
|
virtual |
Gets the secure transport record-protocol used for securing frames over the connection.
- Returns
- The secure transport record-protocol.
◆ HasEnclaveIdentity()
| virtual bool asylo::EnclaveAuthContext::HasEnclaveIdentity |
( |
const EnclaveIdentityDescription & |
description | ) |
const |
|
virtual |
Indicates whether the authenticated peer has an identity matching description.
- Parameters
-
| description | A description of the identity. |
- Returns
- True if the peer has the specified identity.
The documentation for this class was generated from the following file: