Defines an abstract interface that describes how to match an EnclaveIdentity against an EnclaveIdentityExpectation.
More...
#include <identity_expectation_matcher.h>
Public Member Functions | |
| IdentityExpectationMatcher ()=default | |
| virtual | ~IdentityExpectationMatcher ()=default |
| virtual StatusOr< bool > | MatchAndExplain (const EnclaveIdentity &identity, const EnclaveIdentityExpectation &expectation, std::string *explanation) const =0 |
Evaluates whether identity matches expectation. More... | |
| virtual StatusOr< bool > | Match (const EnclaveIdentity &identity, const EnclaveIdentityExpectation &expectation) const |
Shim for MatchAndExplain that does not support an explanation output string. More... | |
Detailed Description
Defines an abstract interface that describes how to match an EnclaveIdentity against an EnclaveIdentityExpectation.
All implementations of this interface are expected to be thread-safe.
Constructor & Destructor Documentation
◆ IdentityExpectationMatcher()
|
default |
◆ ~IdentityExpectationMatcher()
|
virtualdefault |
Member Function Documentation
◆ Match()
|
inlinevirtual |
Shim for MatchAndExplain that does not support an explanation output string.
- Deprecated:
- Use MatchAndExplain instead
◆ MatchAndExplain()
|
pure virtual |
Evaluates whether identity matches expectation.
Evaluating identity against expectation produces a boolean result indicating whether identity matches expectation, but only if the inputs are valid for this matcher. Otherwise, if matcher does not understand either identity or expectation, this method returns a non-OK Status. This can happen if any of the following is true:
identity.description()is unrecognized by the matcherexpectation.reference_identity().description()is unrecognized by the matcheridentityand/orexpectationis malformed
An IdentityExpectationMatcher's MatchAndExplain() implementation is not obliged to handle all possible EnclaveIdentity and EnclaveIdentityExpectation protos. Rather, each implementation of IdentityExpectationMatcher is free to refine expectations on what kinds of EnclaveIdentity and EnclaveIdentityExpectation arguments it can handle. It is up to the caller of this method to provide inputs that fit the expectations of the underlying matcher implementation.
The explanation parameter, is populated with an explanation of why the match failed in the case that this method returns false. explanation can be nullptr, in which case it is ignored.
- Parameters
-
identity An identity to match. expectation The identity expectation to match against. [out] explanation An explanation of why the match failed, if the return value was false.
- Returns
- A bool indicating whether the match succeeded, or a non-OK Status in the case of invalid arguments.
Implemented in asylo::SgxIdentityExpectationMatcher.
The documentation for this class was generated from the following file:
- asylo/identity/identity_expectation_matcher.h