enclave_assertion_generator.h

Go to the documentation of this file.

/*
 *
 * Copyright 2017 Asylo authors
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

#ifndef ASYLO_IDENTITY_ATTESTATION_ENCLAVE_ASSERTION_GENERATOR_H_
#define ASYLO_IDENTITY_ATTESTATION_ENCLAVE_ASSERTION_GENERATOR_H_

#include <string>

#include "asylo/identity/enclave_assertion_authority.h"
#include "asylo/identity/identity.pb.h"
#include "asylo/platform/common/static_map.h"
#include "asylo/util/status.h"
#include "asylo/util/statusor.h"

namespace asylo {

/// Defines an interface for assertion authorities that create assertion offers
/// and generate assertions.
///
/// EnclaveAssertionGenerator cannot be instantiated; it is intended to be
/// derived from by classes that implement the EnclaveAssertionGenerator
/// interface for a particular identity type and authority type.
///
/// Derived classes of EnclaveAssertionGenerator must:
///   * Be marked final
///   * Be trivially default-constructible
///
/// Derived classes of EnclaveAssertionGenerator must also implement virtual
/// methods presented by EnclaveAssertionAuthority.
class EnclaveAssertionGenerator : public EnclaveAssertionAuthority {
 public:
  /// Creates an assertion offer compatible with this generator's identity type
  /// and authority type and places the result in `offer`.
  ///
  /// \param[out] offer The generated offer.
  /// \return A Status indicating whether the offer was created. Returns a
  ///         non-OK Status if this generator is not initialized or if an
  ///         internal error occurs while attempting the operation.
  virtual Status CreateAssertionOffer(AssertionOffer *offer) const = 0;

  /// Indicates whether the assertion requested in `request` can be generated by
  /// this generator.
  ///
  /// \param request A request to be fulfilled.
  /// \return True if the assertion specified in `request` can be generated,
  ///         and false if no errors occur during the operation but `request`
  ///         cannot be fulfilled. Returns a non-OK Status if this generator is
  ///         not yet initialized or if an internal error occurs while
  ///         attempting the operation.
  virtual StatusOr<bool> CanGenerate(const AssertionRequest &request) const = 0;

  /// Generates an assertion that satisfies the given `request`, if `request` is
  /// compatible with this generator's identity type and authority type.
  ///
  /// The caller cannot make any assumptions about the contents of `assertion`
  /// if generation fails.
  ///
  /// \param user_data User-provided binding data.
  /// \param request A request to fulfill.
  /// \param[out] assertion The generated assertion.
  /// \return A Status indicating whether an assertion was generated
  ///         successfully. Returns a non-OK Status if the generator is not
  ///         initialized or if an internal error occurs while attempting the
  ///         operation.
  virtual Status Generate(const std::string &user_data,
                          const AssertionRequest &request,
                          Assertion *assertion) const = 0;
};

// \cond Internal
template <>
struct Namer<EnclaveAssertionGenerator> {
  std::string operator()(const EnclaveAssertionGenerator &generator) {
    return EnclaveAssertionAuthority::GenerateAuthorityId(
               generator.IdentityType(), generator.AuthorityType())
        .value();
  }
};

DEFINE_STATIC_MAP_OF_BASE_TYPE(AssertionGeneratorMap,
                               EnclaveAssertionGenerator);
// \endcond

}  // namespace asylo

#endif  // ASYLO_IDENTITY_ATTESTATION_ENCLAVE_ASSERTION_GENERATOR_H_