Asylo
Public Member Functions | List of all members
asylo::IdentityExpectationMatcher Class Referenceabstract

Defines an abstract interface that describes how to match an EnclaveIdentity against an EnclaveIdentityExpectation. More...

#include <identity_expectation_matcher.h>

Public Member Functions

 IdentityExpectationMatcher ()=default
 
virtual ~IdentityExpectationMatcher ()=default
 
virtual StatusOr< bool > Match (const EnclaveIdentity &identity, const EnclaveIdentityExpectation &expectation) const =0
 Evaluates whether identity matches expectation. More...
 

Detailed Description

Defines an abstract interface that describes how to match an EnclaveIdentity against an EnclaveIdentityExpectation.

All implementations of this interface are expected to be thread-safe.

Constructor & Destructor Documentation

◆ IdentityExpectationMatcher()

asylo::IdentityExpectationMatcher::IdentityExpectationMatcher ( )
default

◆ ~IdentityExpectationMatcher()

virtual asylo::IdentityExpectationMatcher::~IdentityExpectationMatcher ( )
virtualdefault

Member Function Documentation

◆ Match()

virtual StatusOr<bool> asylo::IdentityExpectationMatcher::Match ( const EnclaveIdentity &  identity,
const EnclaveIdentityExpectation &  expectation 
) const
pure virtual

Evaluates whether identity matches expectation.

Evaluating identity against expectation produces a boolean result indicating whether identity matches expectation, but only if the inputs are valid for this matcher. Otherwise, if matcher does not understand either identity or expectation, this method returns a non-OK Status. This can happen if any of the following is true:

  • identity.description() is unrecognized by the matcher
  • expectation.reference_identity().description() is unrecognized by the matcher
  • identity and/or expectation is malformed

An IdentityExpectationMatcher's Match() implementation is not obliged to handle all possible EnclaveIdentity and EnclaveIdentityExpectation protos. Rather, each implementation of IdentityExpectationMatcher is free to refine expectations on what kinds of EnclaveIdentity and EnclaveIdentityExpectation arguments it can handle. It is up to the caller of this method to provide inputs that fit the expectations of the underlying matcher implementation.

Parameters
identityAn identity to match.
expectationThe identity expectation to match against.
Returns
A bool indicating whether the match succeeded, or a non-OK Status in the case of invalid arguments.

The documentation for this class was generated from the following file: