CCF
Loading...
Searching...
No Matches
cose_auth.h
Go to the documentation of this file.
1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the Apache 2.0 License.
3#pragma once
4
5#include "ccf/crypto/pem.h"
6#include "ccf/endpoints/authentication/authentication_types.h"
7#include "ccf/entity_id.h"
8#include "ccf/service/signed_req.h"
9
10namespace ccf
11{
12 struct ProtectedHeader
13 {
14 int64_t alg;
15 std::string kid;
16 };
17
18 struct GovernanceProtectedHeader : ProtectedHeader
19 {
20 std::optional<std::string> gov_msg_type;
21 std::optional<std::string> gov_msg_proposal_id;
22 uint64_t gov_msg_created_at;
23 };
24
25 struct TimestampedProtectedHeader : ProtectedHeader
26 {
27 std::optional<std::string> msg_type;
28 std::optional<uint64_t> msg_created_at;
29 };
30
31 struct COSESign1AuthnIdentity : public AuthnIdentity
32 {
34 std::span<const uint8_t> content;
35
41 std::span<const uint8_t> envelope;
42
44 std::span<const uint8_t> signature;
45
46 COSESign1AuthnIdentity(
47 const std::span<const uint8_t>& content_,
48 const std::span<const uint8_t>& envelope_,
49 const std::span<const uint8_t>& signature_) :
50 content(content_),
51 envelope(envelope_),
52 signature(signature_)
53 {}
54
55 COSESign1AuthnIdentity() = default;
56 };
57
58 struct MemberCOSESign1AuthnIdentity : public COSESign1AuthnIdentity
59 {
61 MemberId member_id;
62
64 ccf::crypto::Pem member_cert;
65
67 GovernanceProtectedHeader protected_header;
68
69 MemberCOSESign1AuthnIdentity(
70 const std::span<const uint8_t>& content_,
71 const std::span<const uint8_t>& envelope_,
72 const std::span<const uint8_t>& signature_,
73 const MemberId& member_id_,
74 const ccf::crypto::Pem& member_cert_,
75 const GovernanceProtectedHeader& protected_header_) :
76 COSESign1AuthnIdentity(content_, envelope_, signature_),
77 member_id(member_id_),
78 member_cert(member_cert_),
79 protected_header(protected_header_)
80 {}
81 };
82
83 struct UserCOSESign1AuthnIdentity : public COSESign1AuthnIdentity
84 {
86 UserId user_id;
87
89 ccf::crypto::Pem user_cert;
90
92 TimestampedProtectedHeader protected_header;
93
94 UserCOSESign1AuthnIdentity(
95 const std::span<const uint8_t>& content_,
96 const std::span<const uint8_t>& envelope_,
97 const std::span<const uint8_t>& signature_,
98 const UserId& user_id_,
99 const ccf::crypto::Pem& user_cert_,
100 const TimestampedProtectedHeader& protected_header_) :
101 COSESign1AuthnIdentity(content_, envelope_, signature_),
102 user_id(user_id_),
103 user_cert(user_cert_),
104 protected_header(protected_header_)
105 {}
106 };
107
114 class MemberCOSESign1AuthnPolicy : public AuthnPolicy
115 {
116 protected:
117 static const OpenAPISecuritySchema security_schema;
118 std::optional<std::string> gov_msg_type = std::nullopt;
119
120 public:
121 static constexpr auto SECURITY_SCHEME_NAME = "member_cose_sign1";
122
123 MemberCOSESign1AuthnPolicy(
124 std::optional<std::string> gov_msg_type_ = std::nullopt);
125 ~MemberCOSESign1AuthnPolicy();
126
127 std::unique_ptr<AuthnIdentity> authenticate(
128 ccf::kv::ReadOnlyTx& tx,
129 const std::shared_ptr<ccf::RpcContext>& ctx,
130 std::string& error_reason) override;
131
132 void set_unauthenticated_error(
133 std::shared_ptr<ccf::RpcContext> ctx,
134 std::string&& error_reason) override;
135
136 std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
137 const override
138 {
139 return security_schema;
140 }
141
142 std::string get_security_scheme_name() override
143 {
144 return SECURITY_SCHEME_NAME;
145 }
146 };
147
153 class ActiveMemberCOSESign1AuthnPolicy : public MemberCOSESign1AuthnPolicy
154 {
155 public:
156 static constexpr auto SECURITY_SCHEME_NAME = "active_member_cose_sign1";
157
158 using MemberCOSESign1AuthnPolicy::MemberCOSESign1AuthnPolicy;
159
160 std::unique_ptr<AuthnIdentity> authenticate(
161 ccf::kv::ReadOnlyTx& tx,
162 const std::shared_ptr<ccf::RpcContext>& ctx,
163 std::string& error_reason) override;
164
165 std::string get_security_scheme_name() override
166 {
167 return SECURITY_SCHEME_NAME;
168 }
169 };
170
176 class UserCOSESign1AuthnPolicy : public AuthnPolicy
177 {
178 std::string msg_type_name;
179 std::string msg_created_at_name;
180
181 protected:
182 static const OpenAPISecuritySchema security_schema;
183
184 virtual std::unique_ptr<UserCOSESign1AuthnIdentity> _authenticate(
185 ccf::kv::ReadOnlyTx& tx,
186 const std::shared_ptr<ccf::RpcContext>& ctx,
187 std::string& error_reason);
188
189 public:
190 static constexpr auto SECURITY_SCHEME_NAME = "user_cose_sign1";
191
192 UserCOSESign1AuthnPolicy(
193 const std::string& msg_type_name_ = "ccf.msg.type",
194 const std::string& msg_created_at_name_ = "ccf.msg.created_at") :
195 msg_type_name(msg_type_name_),
196 msg_created_at_name(msg_created_at_name_)
197 {}
198 ~UserCOSESign1AuthnPolicy();
199
200 std::unique_ptr<AuthnIdentity> authenticate(
201 ccf::kv::ReadOnlyTx& tx,
202 const std::shared_ptr<ccf::RpcContext>& ctx,
203 std::string& error_reason) override;
204
205 void set_unauthenticated_error(
206 std::shared_ptr<ccf::RpcContext> ctx,
207 std::string&& error_reason) override;
208
209 std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
210 const override
211 {
212 return security_schema;
213 }
214
215 std::string get_security_scheme_name() override
216 {
217 return SECURITY_SCHEME_NAME;
218 }
219 };
220
226 class TypedUserCOSESign1AuthnPolicy : public UserCOSESign1AuthnPolicy
227 {
228 private:
229 std::string expected_msg_type;
230
231 public:
232 static constexpr auto SECURITY_SCHEME_NAME = "typed_user_cose_sign1";
233
234 TypedUserCOSESign1AuthnPolicy(
235 const std::string& expected_msg_type_,
236 const std::string& msg_type_name_ = "ccf.msg.type",
237 const std::string& msg_created_at_name_ = "ccf.msg.created_at") :
238 UserCOSESign1AuthnPolicy(msg_type_name_, msg_created_at_name_),
239 expected_msg_type(expected_msg_type_)
240 {}
241
242 std::unique_ptr<AuthnIdentity> authenticate(
243 ccf::kv::ReadOnlyTx& tx,
244 const std::shared_ptr<ccf::RpcContext>& ctx,
245 std::string& error_reason) override;
246
247 std::string get_security_scheme_name() override
248 {
249 return SECURITY_SCHEME_NAME;
250 }
251 };
252}
authentication_types.h
ccf::ActiveMemberCOSESign1AuthnPolicy
Definition cose_auth.h:154
ccf::ActiveMemberCOSESign1AuthnPolicy::get_security_scheme_name
std::string get_security_scheme_name() override
Definition cose_auth.h:165
ccf::ActiveMemberCOSESign1AuthnPolicy::authenticate
std::unique_ptr< AuthnIdentity > authenticate(ccf::kv::ReadOnlyTx &tx, const std::shared_ptr< ccf::RpcContext > &ctx, std::string &error_reason) override
Definition cose_auth.cpp:405
ccf::ActiveMemberCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cose_auth.h:156
ccf::AuthnPolicy
Definition authentication_types.h:28
ccf::MemberCOSESign1AuthnPolicy
Definition cose_auth.h:115
ccf::MemberCOSESign1AuthnPolicy::get_openapi_security_schema
std::optional< OpenAPISecuritySchema > get_openapi_security_schema() const override
Definition cose_auth.h:136
ccf::MemberCOSESign1AuthnPolicy::security_schema
static const OpenAPISecuritySchema security_schema
Definition cose_auth.h:117
ccf::MemberCOSESign1AuthnPolicy::set_unauthenticated_error
void set_unauthenticated_error(std::shared_ptr< ccf::RpcContext > ctx, std::string &&error_reason) override
Definition cose_auth.cpp:382
ccf::MemberCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cose_auth.h:121
ccf::MemberCOSESign1AuthnPolicy::gov_msg_type
std::optional< std::string > gov_msg_type
Definition cose_auth.h:118
ccf::MemberCOSESign1AuthnPolicy::authenticate
std::unique_ptr< AuthnIdentity > authenticate(ccf::kv::ReadOnlyTx &tx, const std::shared_ptr< ccf::RpcContext > &ctx, std::string &error_reason) override
Definition cose_auth.cpp:302
ccf::MemberCOSESign1AuthnPolicy::MemberCOSESign1AuthnPolicy
MemberCOSESign1AuthnPolicy(std::optional< std::string > gov_msg_type_=std::nullopt)
Definition cose_auth.cpp:297
ccf::MemberCOSESign1AuthnPolicy::get_security_scheme_name
std::string get_security_scheme_name() override
Definition cose_auth.h:142
ccf::TypedUserCOSESign1AuthnPolicy
Definition cose_auth.h:227
ccf::TypedUserCOSESign1AuthnPolicy::get_security_scheme_name
std::string get_security_scheme_name() override
Definition cose_auth.h:247
ccf::TypedUserCOSESign1AuthnPolicy::authenticate
std::unique_ptr< AuthnIdentity > authenticate(ccf::kv::ReadOnlyTx &tx, const std::shared_ptr< ccf::RpcContext > &ctx, std::string &error_reason) override
Definition cose_auth.cpp:529
ccf::TypedUserCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cose_auth.h:232
ccf::TypedUserCOSESign1AuthnPolicy::TypedUserCOSESign1AuthnPolicy
TypedUserCOSESign1AuthnPolicy(const std::string &expected_msg_type_, const std::string &msg_type_name_="ccf.msg.type", const std::string &msg_created_at_name_="ccf.msg.created_at")
Definition cose_auth.h:234
ccf::UserCOSESign1AuthnPolicy
Definition cose_auth.h:177
ccf::UserCOSESign1AuthnPolicy::get_openapi_security_schema
std::optional< OpenAPISecuritySchema > get_openapi_security_schema() const override
Definition cose_auth.h:209
ccf::UserCOSESign1AuthnPolicy::security_schema
static const OpenAPISecuritySchema security_schema
Definition cose_auth.h:182
ccf::UserCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cose_auth.h:190
ccf::UserCOSESign1AuthnPolicy::UserCOSESign1AuthnPolicy
UserCOSESign1AuthnPolicy(const std::string &msg_type_name_="ccf.msg.type", const std::string &msg_created_at_name_="ccf.msg.created_at")
Definition cose_auth.h:192
ccf::UserCOSESign1AuthnPolicy::set_unauthenticated_error
void set_unauthenticated_error(std::shared_ptr< ccf::RpcContext > ctx, std::string &&error_reason) override
Definition cose_auth.cpp:506
ccf::UserCOSESign1AuthnPolicy::get_security_scheme_name
std::string get_security_scheme_name() override
Definition cose_auth.h:215
ccf::UserCOSESign1AuthnPolicy::authenticate
std::unique_ptr< AuthnIdentity > authenticate(ccf::kv::ReadOnlyTx &tx, const std::shared_ptr< ccf::RpcContext > &ctx, std::string &error_reason) override
Definition cose_auth.cpp:498
ccf::UserCOSESign1AuthnPolicy::_authenticate
virtual std::unique_ptr< UserCOSESign1AuthnIdentity > _authenticate(ccf::kv::ReadOnlyTx &tx, const std::shared_ptr< ccf::RpcContext > &ctx, std::string &error_reason)
Definition cose_auth.cpp:440
ccf::crypto::Pem
Definition pem.h:18
ccf::kv::ReadOnlyTx
Definition tx.h:160
entity_id.h
ccf
Definition app_interface.h:14
ccf::OpenAPISecuritySchema
std::pair< std::string, nlohmann::json > OpenAPISecuritySchema
Definition authentication_types.h:23
signed_req.h
ccf::AuthnIdentity
Definition authentication_types.h:19
ccf::COSESign1AuthnIdentity
Definition cose_auth.h:32
ccf::COSESign1AuthnIdentity::content
std::span< const uint8_t > content
Definition cose_auth.h:34
ccf::COSESign1AuthnIdentity::envelope
std::span< const uint8_t > envelope
Definition cose_auth.h:41
ccf::COSESign1AuthnIdentity::signature
std::span< const uint8_t > signature
Definition cose_auth.h:44
ccf::COSESign1AuthnIdentity::COSESign1AuthnIdentity
COSESign1AuthnIdentity(const std::span< const uint8_t > &content_, const std::span< const uint8_t > &envelope_, const std::span< const uint8_t > &signature_)
Definition cose_auth.h:46
ccf::GovernanceProtectedHeader
Definition cose_auth.h:19
ccf::GovernanceProtectedHeader::gov_msg_type
std::optional< std::string > gov_msg_type
Definition cose_auth.h:20
ccf::GovernanceProtectedHeader::gov_msg_created_at
uint64_t gov_msg_created_at
Definition cose_auth.h:22
ccf::GovernanceProtectedHeader::gov_msg_proposal_id
std::optional< std::string > gov_msg_proposal_id
Definition cose_auth.h:21
ccf::MemberCOSESign1AuthnIdentity
Definition cose_auth.h:59
ccf::MemberCOSESign1AuthnIdentity::protected_header
GovernanceProtectedHeader protected_header
Definition cose_auth.h:67
ccf::MemberCOSESign1AuthnIdentity::member_id
MemberId member_id
Definition cose_auth.h:61
ccf::MemberCOSESign1AuthnIdentity::member_cert
ccf::crypto::Pem member_cert
Definition cose_auth.h:64
ccf::MemberCOSESign1AuthnIdentity::MemberCOSESign1AuthnIdentity
MemberCOSESign1AuthnIdentity(const std::span< const uint8_t > &content_, const std::span< const uint8_t > &envelope_, const std::span< const uint8_t > &signature_, const MemberId &member_id_, const ccf::crypto::Pem &member_cert_, const GovernanceProtectedHeader &protected_header_)
Definition cose_auth.h:69
ccf::ProtectedHeader
Definition cose_auth.h:13
ccf::ProtectedHeader::kid
std::string kid
Definition cose_auth.h:15
ccf::ProtectedHeader::alg
int64_t alg
Definition cose_auth.h:14
ccf::TimestampedProtectedHeader
Definition cose_auth.h:26
ccf::TimestampedProtectedHeader::msg_created_at
std::optional< uint64_t > msg_created_at
Definition cose_auth.h:28
ccf::TimestampedProtectedHeader::msg_type
std::optional< std::string > msg_type
Definition cose_auth.h:27
ccf::UserCOSESign1AuthnIdentity
Definition cose_auth.h:84
ccf::UserCOSESign1AuthnIdentity::user_cert
ccf::crypto::Pem user_cert
Definition cose_auth.h:89
ccf::UserCOSESign1AuthnIdentity::user_id
UserId user_id
Definition cose_auth.h:86
ccf::UserCOSESign1AuthnIdentity::UserCOSESign1AuthnIdentity
UserCOSESign1AuthnIdentity(const std::span< const uint8_t > &content_, const std::span< const uint8_t > &envelope_, const std::span< const uint8_t > &signature_, const UserId &user_id_, const ccf::crypto::Pem &user_cert_, const TimestampedProtectedHeader &protected_header_)
Definition cose_auth.h:94
ccf::UserCOSESign1AuthnIdentity::protected_header
TimestampedProtectedHeader protected_header
Definition cose_auth.h:92
Generated by doxygen 1.9.8