Asylo
enclave_auth_context.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2017 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_GRPC_AUTH_ENCLAVE_AUTH_CONTEXT_H_
20 #define ASYLO_GRPC_AUTH_ENCLAVE_AUTH_CONTEXT_H_
21 
22 #include <string>
23 
24 #include "asylo/grpc/auth/core/handshake.pb.h"
25 #include "asylo/identity/identity.pb.h"
26 #include "asylo/util/statusor.h"
27 #include "include/grpcpp/server_context.h"
28 
29 namespace asylo {
30 
31 /// Encapsulates the authentication properties of an EKEP-based gRPC connection.
32 ///
33 /// The authentication properties in an EnclaveAuthContext object include the
34 /// secure transport protocol and the peer's enclave identities.
36  public:
37  /// Constructs an EnclaveAuthContext using the authentication properties from
38  /// `server_context`.
39  ///
40  /// The resulting EnclaveAuthContext contains the authentication properties on
41  /// the server-side of the connection.
42  ///
43  /// \param server_context The server's authentication context.
46 
47  /// Creates an EnclaveAuthContext from the authentication properties in
48  /// `auth_context`.
49  ///
50  /// \param auth_context An authentication context.
52  const ::grpc::AuthContext &auth_context);
53 
54  /// Gets the secure transport record-protocol used for securing frames over
55  /// the connection.
56  ///
57  /// \return The secure transport record-protocol.
59 
60  /// Indicates whether the authenticated peer has an identity matching
61  /// `description`.
62  ///
63  /// \param description A description of the identity.
64  /// \return True if the peer has the specified identity.
65  bool HasEnclaveIdentity(const EnclaveIdentityDescription &description) const;
66 
67  /// Finds and returns a peer identity matching `description`, if one exists.
68  ///
69  /// \param description A description of an identity to find.
70  /// \return A pointer to the identity on success, and a StatusOr with a
71  /// `GoogleError::NOT_FOUND` Status on failure.
74 
75  private:
76  // Creates an EnclaveAuthContext for the given peer's |identities| and the
77  // session |record_protocol|.
78  EnclaveAuthContext(EnclaveIdentities identities,
79  RecordProtocol record_protocol);
80 
81  // Enclave identities held by the authenticated peer.
82  const EnclaveIdentities identities_;
83 
84  // Secure transport record protocol.
85  const RecordProtocol record_protocol_;
86 };
87 
88 } // namespace asylo
89 
90 #endif // ASYLO_GRPC_AUTH_ENCLAVE_AUTH_CONTEXT_H_
bool HasEnclaveIdentity(const EnclaveIdentityDescription &description) const
Indicates whether the authenticated peer has an identity matching description.
Encapsulates the authentication properties of an EKEP-based gRPC connection.
Definition: enclave_auth_context.h:35
RecordProtocol GetRecordProtocol() const
Gets the secure transport record-protocol used for securing frames over the connection.
static StatusOr< EnclaveAuthContext > CreateFromAuthContext(const ::grpc::AuthContext &auth_context)
Creates an EnclaveAuthContext from the authentication properties in auth_context. ...
Definition: aes_gcm_siv.h:37
StatusOr< const EnclaveIdentity * > FindEnclaveIdentity(const EnclaveIdentityDescription &description) const
Finds and returns a peer identity matching description, if one exists.
static StatusOr< EnclaveAuthContext > CreateFromServerContext(const ::grpc::ServerContext &server_context)
Constructs an EnclaveAuthContext using the authentication properties from server_context.