Asylo
enclave_auth_context.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2017 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_GRPC_AUTH_ENCLAVE_AUTH_CONTEXT_H_
20 #define ASYLO_GRPC_AUTH_ENCLAVE_AUTH_CONTEXT_H_
21 
22 #include <string>
23 
24 #include "asylo/grpc/auth/core/handshake.pb.h"
25 #include "asylo/identity/identity.pb.h"
26 #include "asylo/util/statusor.h"
27 #include "include/grpcpp/server_context.h"
28 
29 namespace asylo {
30 
31 /// Encapsulates the authentication properties of an EKEP-based gRPC connection.
32 ///
33 /// The authentication properties in an EnclaveAuthContext object include the
34 /// secure transport protocol and the peer's enclave identities.
35 ///
36 /// Virtual functions are only for mocking.
38  public:
39  /// Constructs an EnclaveAuthContext using the authentication properties from
40  /// `server_context`.
41  ///
42  /// The resulting EnclaveAuthContext contains the authentication properties on
43  /// the server-side of the connection.
44  ///
45  /// \param server_context The server's authentication context.
48 
49  /// Creates an EnclaveAuthContext from the authentication properties in
50  /// `auth_context`.
51  ///
52  /// \param auth_context An authentication context.
54  const ::grpc::AuthContext &auth_context);
55 
56  virtual ~EnclaveAuthContext() = default;
57 
58  /// Gets the secure transport record-protocol used for securing frames over
59  /// the connection.
60  ///
61  /// \return The secure transport record-protocol.
62  virtual RecordProtocol GetRecordProtocol() const;
63 
64  /// Indicates whether the authenticated peer has an identity matching
65  /// `description`.
66  ///
67  /// \param description A description of the identity.
68  /// \return True if the peer has the specified identity.
69  virtual bool HasEnclaveIdentity(
70  const EnclaveIdentityDescription &description) const;
71 
72  /// Finds and returns a peer identity matching `description`, if one exists.
73  ///
74  /// \param description A description of an identity to find.
75  /// \return A pointer to the identity on success, and a StatusOr with a
76  /// `GoogleError::NOT_FOUND` Status on failure.
79 
80  protected:
83 
84  private:
85  // Creates an EnclaveAuthContext for the given peer's |identities| and the
86  // session |record_protocol|.
87  EnclaveAuthContext(EnclaveIdentities identities,
88  RecordProtocol record_protocol);
89 
90  // Enclave identities held by the authenticated peer.
91  const EnclaveIdentities identities_;
92 
93  // Secure transport record protocol.
94  const RecordProtocol record_protocol_;
95 };
96 
97 } // namespace asylo
98 
99 #endif // ASYLO_GRPC_AUTH_ENCLAVE_AUTH_CONTEXT_H_
virtual StatusOr< const EnclaveIdentity * > FindEnclaveIdentity(const EnclaveIdentityDescription &description) const
Finds and returns a peer identity matching description, if one exists.
virtual ~EnclaveAuthContext()=default
virtual RecordProtocol GetRecordProtocol() const
Gets the secure transport record-protocol used for securing frames over the connection.
Encapsulates the authentication properties of an EKEP-based gRPC connection.
Definition: enclave_auth_context.h:37
static StatusOr< EnclaveAuthContext > CreateFromAuthContext(const ::grpc::AuthContext &auth_context)
Creates an EnclaveAuthContext from the authentication properties in auth_context. ...
Definition: aead_cryptor.h:32
virtual bool HasEnclaveIdentity(const EnclaveIdentityDescription &description) const
Indicates whether the authenticated peer has an identity matching description.
EnclaveAuthContext()
Definition: enclave_auth_context.h:81
static StatusOr< EnclaveAuthContext > CreateFromServerContext(const ::grpc::ServerContext &server_context)
Constructs an EnclaveAuthContext using the authentication properties from server_context.