Asylo
identity_expectation_matcher.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2017 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_IDENTITY_IDENTITY_EXPECTATION_MATCHER_H_
20 #define ASYLO_IDENTITY_IDENTITY_EXPECTATION_MATCHER_H_
21 
22 #include "asylo/identity/identity.pb.h"
23 #include "asylo/util/statusor.h"
24 
25 namespace asylo {
26 
27 /// Defines an abstract interface that describes how to match an
28 /// `EnclaveIdentity` against an `EnclaveIdentityExpectation`.
29 ///
30 /// All implementations of this interface are expected to be thread-safe.
32  public:
33  IdentityExpectationMatcher() = default;
34  virtual ~IdentityExpectationMatcher() = default;
35 
36  /// Evaluates whether `identity` matches `expectation`.
37  ///
38  /// Evaluating `identity` against `expectation` produces a boolean result
39  /// indicating whether `identity` matches `expectation`, but only if the
40  /// inputs are valid for this matcher. Otherwise, if `matcher` does not
41  /// understand either `identity` or `expectation`, this method returns a
42  /// non-OK Status. This can happen if any of the following is true:
43  ///
44  /// * `identity.description()` is unrecognized by the matcher
45  /// * `expectation.reference_identity().description()` is unrecognized by the
46  /// matcher
47  /// * `identity` and/or `expectation` is malformed
48  ///
49  /// An IdentityExpectationMatcher's Match() implementation is not obliged to
50  /// handle all possible `EnclaveIdentity` and `EnclaveIdentityExpectation`
51  /// protos. Rather, each implementation of IdentityExpectationMatcher is free
52  /// to refine expectations on what kinds of `EnclaveIdentity` and
53  /// `EnclaveIdentityExpectation` arguments it can handle. It is up to the
54  /// caller of this method to provide inputs that fit the expectations of the
55  /// underlying matcher implementation.
56  ///
57  /// \param identity An identity to match.
58  /// \param expectation The identity expectation to match against.
59  /// \return A bool indicating whether the match succeeded, or a non-OK Status
60  /// in the case of invalid arguments.
61  virtual StatusOr<bool> Match(
63  const EnclaveIdentityExpectation &expectation) const = 0;
64 };
65 
66 } // namespace asylo
67 
68 #endif // ASYLO_IDENTITY_IDENTITY_EXPECTATION_MATCHER_H_
Defines an abstract interface that describes how to match an EnclaveIdentity against an EnclaveIdenti...
Definition: identity_expectation_matcher.h:31
virtual StatusOr< bool > Match(const EnclaveIdentity &identity, const EnclaveIdentityExpectation &expectation) const =0
Evaluates whether identity matches expectation.
Definition: aes_gcm_siv.h:37
virtual ~IdentityExpectationMatcher()=default