Asylo
enclave_assertion_authority.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2017 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_IDENTITY_ENCLAVE_ASSERTION_AUTHORITY_H_
20 #define ASYLO_IDENTITY_ENCLAVE_ASSERTION_AUTHORITY_H_
21 
22 #include <string>
23 
24 #include "asylo/crypto/util/byte_container_util.h"
25 #include "asylo/identity/identity.pb.h"
26 #include "asylo/util/status.h"
27 #include "asylo/util/status_macros.h"
28 #include "asylo/util/statusor.h"
29 
30 namespace asylo {
31 
32 /// An EnclaveAssertionAuthority is an authority for assertions of a particular
33 /// identity type. An EnclaveAssertionAuthority is also identified by its
34 /// authority type. The combination of identity type and authority type uniquely
35 /// identifies an EnclaveAssertionAuthority.
36 ///
37 /// EnclaveAssertionAuthority cannot be instantiated. It is an abstract
38 /// interface that is intended to be extended by subclasses that define a
39 /// particular set of operations on assertion authorities.
40 ///
41 /// See EnclaveAssertionGenerator and EnclaveAssertionVerifier for examples of
42 /// how the EnclaveAssertionAuthority interface can be extended.
43 class EnclaveAssertionAuthority {
44  public:
45  virtual ~EnclaveAssertionAuthority() = default;
46 
47  /// Initializes this assertion authority using the provided `config`.
48  ///
49  /// \param config A config with which to initialize this authority.
50  /// \return A Status indicating whether initialization succeeded.
51  virtual Status Initialize(const std::string &config) = 0;
52 
53  /// Indicates whether this assertion authority has been initialized
54  /// successfully via a call to Initialize().
55  ///
56  /// \return True if this authority is initialized.
57  virtual bool IsInitialized() const = 0;
58 
59  /// Gets the enclave identity type handled by this assertion authority.
60  ///
61  /// \return The identity type handled by this authority.
62  virtual EnclaveIdentityType IdentityType() const = 0;
63 
64  /// Gets the type of this assertion authority.
65  ///
66  /// \return The type of this authority.
67  virtual std::string AuthorityType() const = 0;
68 
69  /// Gets a unique identifier for an EnclaveAssertionAuthority with the given
70  /// `identity_type` and `authority_type`.
71  ///
72  /// The identifier is a string that combines `identity_type` and
73  /// `authority_type`. It can be used as a unique identifier for an authority
74  /// that handles assertions for `identity_type` and `authority_type`.
75  ///
76  /// \param identity_type The identity type handled by the authority.
77  /// \param authority_type The authority type of the authority.
78  /// \return The generated authority identifier on success, or a non-OK
79  /// Status on failure.
80  static StatusOr<std::string> GenerateAuthorityId(
81  const EnclaveIdentityType &identity_type,
82  const std::string &authority_type) {
83  std::string serialized;
84  ASYLO_RETURN_IF_ERROR(asylo::SerializeByteContainers(
85  &serialized, EnclaveIdentityType_Name(identity_type), authority_type));
86  return serialized;
87  }
88 
89  protected:
90  /// Indicates whether `description` describes an assertion that is compatible
91  /// with this authority.
92  ///
93  /// This functionality is common to all assertion authorities and is provided
94  /// for convenience of implementing more complex operations.
95  ///
96  /// \param description A description to check for compatibility.
97  /// \return True if `description` is compatible with this authority.
98  bool IsCompatibleAssertionDescription(
99  const AssertionDescription &description) const {
100  return (description.identity_type() == IdentityType()) &&
101  (description.authority_type() == AuthorityType());
102  }
103 };
104 
105 } // namespace asylo
106 
107 #endif // ASYLO_IDENTITY_ENCLAVE_ASSERTION_AUTHORITY_H_
asylo::EnclaveAssertionAuthority::IdentityType
virtual EnclaveIdentityType IdentityType() const =0
Gets the enclave identity type handled by this assertion authority.
asylo::EnclaveAssertionAuthority::GenerateAuthorityId
static StatusOr< std::string > GenerateAuthorityId(const EnclaveIdentityType &identity_type, const std::string &authority_type)
Gets a unique identifier for an EnclaveAssertionAuthority with the given identity_type and authority_...
Definition: enclave_assertion_authority.h:80
asylo::EnclaveAssertionAuthority::IsInitialized
virtual bool IsInitialized() const =0
Indicates whether this assertion authority has been initialized successfully via a call to Initialize...
asylo::EnclaveAssertionAuthority::AuthorityType
virtual std::string AuthorityType() const =0
Gets the type of this assertion authority.
asylo::kStatusMoveAssignmentMsg
ABSL_CONST_INIT const char kStatusMoveAssignmentMsg[]
asylo::EnclaveAssertionAuthority::IsCompatibleAssertionDescription
bool IsCompatibleAssertionDescription(const AssertionDescription &description) const
Indicates whether description describes an assertion that is compatible with this authority...
Definition: enclave_assertion_authority.h:98
asylo::EnclaveAssertionAuthority::~EnclaveAssertionAuthority
virtual ~EnclaveAssertionAuthority()=default
asylo::EnclaveAssertionAuthority
An EnclaveAssertionAuthority is an authority for assertions of a particular identity type...
Definition: enclave_assertion_authority.h:43
asylo::EnclaveAssertionAuthority::Initialize
virtual Status Initialize(const std::string &config)=0
Initializes this assertion authority using the provided config.