CCF
Loading...
Searching...
No Matches
cose_auth.h
Go to the documentation of this file.
1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the Apache 2.0 License.
3#pragma once
4
5#include "ccf/crypto/pem.h"
6#include "ccf/endpoints/authentication/authentication_types.h"
7#include "ccf/entity_id.h"
8#include "ccf/service/signed_req.h"
9
10namespace ccf
11{
12 struct ProtectedHeader
13 {
14 int64_t alg = 0;
15 std::string kid;
16 };
17
18 struct GovernanceProtectedHeader : ProtectedHeader
19 {
20 std::optional<std::string> gov_msg_type;
21 std::optional<std::string> gov_msg_proposal_id;
22 uint64_t gov_msg_created_at = 0;
23 };
24
25 struct TimestampedProtectedHeader : ProtectedHeader
26 {
27 std::optional<std::string> msg_type;
28 std::optional<uint64_t> msg_created_at;
29 };
30
31 struct COSESign1AuthnIdentity : public AuthnIdentity
32 {
34 std::span<const uint8_t> content;
35
41 std::span<const uint8_t> envelope;
42
44 std::span<const uint8_t> signature;
45
46 COSESign1AuthnIdentity(
47 const std::span<const uint8_t>& content_,
48 const std::span<const uint8_t>& envelope_,
49 const std::span<const uint8_t>& signature_) :
50 content(content_),
51 envelope(envelope_),
52 signature(signature_)
53 {}
54
55 COSESign1AuthnIdentity() = default;
56 };
57
58 struct MemberCOSESign1AuthnIdentity : public COSESign1AuthnIdentity
59 {
61 MemberId member_id;
62
64 ccf::crypto::Pem member_cert;
65
67 GovernanceProtectedHeader protected_header;
68
69 MemberCOSESign1AuthnIdentity(
70 const std::span<const uint8_t>& content_,
71 const std::span<const uint8_t>& envelope_,
72 const std::span<const uint8_t>& signature_,
73 MemberId member_id_,
74 ccf::crypto::Pem member_cert_,
75 GovernanceProtectedHeader protected_header_) :
76 COSESign1AuthnIdentity(content_, envelope_, signature_),
77 member_id(std::move(member_id_)),
78 member_cert(std::move(member_cert_)),
79 protected_header(std::move(protected_header_))
80 {}
81 };
82
83 struct UserCOSESign1AuthnIdentity : public COSESign1AuthnIdentity
84 {
86 UserId user_id;
87
89 ccf::crypto::Pem user_cert;
90
92 TimestampedProtectedHeader protected_header;
93
94 UserCOSESign1AuthnIdentity(
95 const std::span<const uint8_t>& content_,
96 const std::span<const uint8_t>& envelope_,
97 const std::span<const uint8_t>& signature_,
98 UserId user_id_,
99 ccf::crypto::Pem user_cert_,
100 TimestampedProtectedHeader protected_header_) :
101 COSESign1AuthnIdentity(content_, envelope_, signature_),
102 user_id(std::move(user_id_)),
103 user_cert(std::move(user_cert_)),
104 protected_header(std::move(protected_header_))
105 {}
106 };
107
114 class MemberCOSESign1AuthnPolicy : public AuthnPolicy
115 {
116 protected:
117 static const OpenAPISecuritySchema security_schema;
118 std::optional<std::string> gov_msg_type = std::nullopt;
119
120 public:
121 static constexpr auto SECURITY_SCHEME_NAME = "member_cose_sign1";
122
123 MemberCOSESign1AuthnPolicy(
124 std::optional<std::string> gov_msg_type_ = std::nullopt);
125 ~MemberCOSESign1AuthnPolicy() override;
126
127 std::unique_ptr<AuthnIdentity> authenticate(
128 ccf::kv::ReadOnlyTx& tx,
129 const std::shared_ptr<ccf::RpcContext>& ctx,
130 std::string& error_reason) override;
131
132 void set_unauthenticated_error(
133 std::shared_ptr<ccf::RpcContext> ctx,
134 std::string&& error_reason) override;
135
136 [[nodiscard]] std::optional<OpenAPISecuritySchema>
137 get_openapi_security_schema() const override
138 {
139 return security_schema;
140 }
141
142 std::string get_security_scheme_name() override
143 {
144 return SECURITY_SCHEME_NAME;
145 }
146 };
147
153 class ActiveMemberCOSESign1AuthnPolicy : public MemberCOSESign1AuthnPolicy
154 {
155 public:
156 static constexpr auto SECURITY_SCHEME_NAME = "active_member_cose_sign1";
157
158 using MemberCOSESign1AuthnPolicy::MemberCOSESign1AuthnPolicy;
159
160 std::unique_ptr<AuthnIdentity> authenticate(
161 ccf::kv::ReadOnlyTx& tx,
162 const std::shared_ptr<ccf::RpcContext>& ctx,
163 std::string& error_reason) override;
164
165 std::string get_security_scheme_name() override
166 {
167 return SECURITY_SCHEME_NAME;
168 }
169 };
170
176 class UserCOSESign1AuthnPolicy : public AuthnPolicy
177 {
178 std::string msg_type_name;
179 std::string msg_created_at_name;
180
181 protected:
182 static const OpenAPISecuritySchema security_schema;
183
184 virtual std::unique_ptr<UserCOSESign1AuthnIdentity> _authenticate(
185 ccf::kv::ReadOnlyTx& tx,
186 const std::shared_ptr<ccf::RpcContext>& ctx,
187 std::string& error_reason);
188
189 public:
190 static constexpr auto SECURITY_SCHEME_NAME = "user_cose_sign1";
191
192 UserCOSESign1AuthnPolicy(
193 std::string msg_type_name_ = "ccf.msg.type",
194 std::string msg_created_at_name_ = "ccf.msg.created_at") :
195 msg_type_name(std::move(msg_type_name_)),
196 msg_created_at_name(std::move(msg_created_at_name_))
197 {}
198 ~UserCOSESign1AuthnPolicy() override;
199
200 std::unique_ptr<AuthnIdentity> authenticate(
201 ccf::kv::ReadOnlyTx& tx,
202 const std::shared_ptr<ccf::RpcContext>& ctx,
203 std::string& error_reason) override;
204
205 void set_unauthenticated_error(
206 std::shared_ptr<ccf::RpcContext> ctx,
207 std::string&& error_reason) override;
208
209 [[nodiscard]] std::optional<OpenAPISecuritySchema>
210 get_openapi_security_schema() const override
211 {
212 return security_schema;
213 }
214
215 std::string get_security_scheme_name() override
216 {
217 return SECURITY_SCHEME_NAME;
218 }
219 };
220
226 class TypedUserCOSESign1AuthnPolicy : public UserCOSESign1AuthnPolicy
227 {
228 private:
229 std::string expected_msg_type;
230
231 public:
232 static constexpr auto SECURITY_SCHEME_NAME = "typed_user_cose_sign1";
233
234 TypedUserCOSESign1AuthnPolicy(
235 std::string expected_msg_type_,
236 std::string msg_type_name_ = "ccf.msg.type",
237 std::string msg_created_at_name_ = "ccf.msg.created_at") :
238 UserCOSESign1AuthnPolicy(
239 std::move(msg_type_name_), std::move(msg_created_at_name_)),
240 expected_msg_type(std::move(expected_msg_type_))
241 {}
242
243 std::unique_ptr<AuthnIdentity> authenticate(
244 ccf::kv::ReadOnlyTx& tx,
245 const std::shared_ptr<ccf::RpcContext>& ctx,
246 std::string& error_reason) override;
247
248 std::string get_security_scheme_name() override
249 {
250 return SECURITY_SCHEME_NAME;
251 }
252 };
253}
authentication_types.h
ccf::ActiveMemberCOSESign1AuthnPolicy
Definition cose_auth.h:154
ccf::ActiveMemberCOSESign1AuthnPolicy::get_security_scheme_name
std::string get_security_scheme_name() override
Definition cose_auth.h:165
ccf::ActiveMemberCOSESign1AuthnPolicy::authenticate
std::unique_ptr< AuthnIdentity > authenticate(ccf::kv::ReadOnlyTx &tx, const std::shared_ptr< ccf::RpcContext > &ctx, std::string &error_reason) override
Definition cose_auth.cpp:404
ccf::ActiveMemberCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cose_auth.h:156
ccf::AuthnPolicy
Definition authentication_types.h:28
ccf::MemberCOSESign1AuthnPolicy
Definition cose_auth.h:115
ccf::MemberCOSESign1AuthnPolicy::get_openapi_security_schema
std::optional< OpenAPISecuritySchema > get_openapi_security_schema() const override
Definition cose_auth.h:137
ccf::MemberCOSESign1AuthnPolicy::security_schema
static const OpenAPISecuritySchema security_schema
Definition cose_auth.h:117
ccf::MemberCOSESign1AuthnPolicy::set_unauthenticated_error
void set_unauthenticated_error(std::shared_ptr< ccf::RpcContext > ctx, std::string &&error_reason) override
Definition cose_auth.cpp:381
ccf::MemberCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cose_auth.h:121
ccf::MemberCOSESign1AuthnPolicy::gov_msg_type
std::optional< std::string > gov_msg_type
Definition cose_auth.h:118
ccf::MemberCOSESign1AuthnPolicy::authenticate
std::unique_ptr< AuthnIdentity > authenticate(ccf::kv::ReadOnlyTx &tx, const std::shared_ptr< ccf::RpcContext > &ctx, std::string &error_reason) override
Definition cose_auth.cpp:301
ccf::MemberCOSESign1AuthnPolicy::MemberCOSESign1AuthnPolicy
MemberCOSESign1AuthnPolicy(std::optional< std::string > gov_msg_type_=std::nullopt)
Definition cose_auth.cpp:296
ccf::MemberCOSESign1AuthnPolicy::get_security_scheme_name
std::string get_security_scheme_name() override
Definition cose_auth.h:142
ccf::TypedUserCOSESign1AuthnPolicy
Definition cose_auth.h:227
ccf::TypedUserCOSESign1AuthnPolicy::TypedUserCOSESign1AuthnPolicy
TypedUserCOSESign1AuthnPolicy(std::string expected_msg_type_, std::string msg_type_name_="ccf.msg.type", std::string msg_created_at_name_="ccf.msg.created_at")
Definition cose_auth.h:234
ccf::TypedUserCOSESign1AuthnPolicy::get_security_scheme_name
std::string get_security_scheme_name() override
Definition cose_auth.h:248
ccf::TypedUserCOSESign1AuthnPolicy::authenticate
std::unique_ptr< AuthnIdentity > authenticate(ccf::kv::ReadOnlyTx &tx, const std::shared_ptr< ccf::RpcContext > &ctx, std::string &error_reason) override
Definition cose_auth.cpp:528
ccf::TypedUserCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cose_auth.h:232
ccf::UserCOSESign1AuthnPolicy
Definition cose_auth.h:177
ccf::UserCOSESign1AuthnPolicy::get_openapi_security_schema
std::optional< OpenAPISecuritySchema > get_openapi_security_schema() const override
Definition cose_auth.h:210
ccf::UserCOSESign1AuthnPolicy::security_schema
static const OpenAPISecuritySchema security_schema
Definition cose_auth.h:182
ccf::UserCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cose_auth.h:190
ccf::UserCOSESign1AuthnPolicy::set_unauthenticated_error
void set_unauthenticated_error(std::shared_ptr< ccf::RpcContext > ctx, std::string &&error_reason) override
Definition cose_auth.cpp:505
ccf::UserCOSESign1AuthnPolicy::UserCOSESign1AuthnPolicy
UserCOSESign1AuthnPolicy(std::string msg_type_name_="ccf.msg.type", std::string msg_created_at_name_="ccf.msg.created_at")
Definition cose_auth.h:192
ccf::UserCOSESign1AuthnPolicy::get_security_scheme_name
std::string get_security_scheme_name() override
Definition cose_auth.h:215
ccf::UserCOSESign1AuthnPolicy::authenticate
std::unique_ptr< AuthnIdentity > authenticate(ccf::kv::ReadOnlyTx &tx, const std::shared_ptr< ccf::RpcContext > &ctx, std::string &error_reason) override
Definition cose_auth.cpp:497
ccf::UserCOSESign1AuthnPolicy::_authenticate
virtual std::unique_ptr< UserCOSESign1AuthnIdentity > _authenticate(ccf::kv::ReadOnlyTx &tx, const std::shared_ptr< ccf::RpcContext > &ctx, std::string &error_reason)
Definition cose_auth.cpp:439
ccf::crypto::Pem
Definition pem.h:18
ccf::kv::ReadOnlyTx
Definition tx.h:159
entity_id.h
ccf
Definition app_interface.h:14
ccf::OpenAPISecuritySchema
std::pair< std::string, nlohmann::json > OpenAPISecuritySchema
Definition authentication_types.h:23
std
STL namespace.
signed_req.h
ccf::AuthnIdentity
Definition authentication_types.h:19
ccf::COSESign1AuthnIdentity
Definition cose_auth.h:32
ccf::COSESign1AuthnIdentity::content
std::span< const uint8_t > content
Definition cose_auth.h:34
ccf::COSESign1AuthnIdentity::envelope
std::span< const uint8_t > envelope
Definition cose_auth.h:41
ccf::COSESign1AuthnIdentity::signature
std::span< const uint8_t > signature
Definition cose_auth.h:44
ccf::COSESign1AuthnIdentity::COSESign1AuthnIdentity
COSESign1AuthnIdentity(const std::span< const uint8_t > &content_, const std::span< const uint8_t > &envelope_, const std::span< const uint8_t > &signature_)
Definition cose_auth.h:46
ccf::GovernanceProtectedHeader
Definition cose_auth.h:19
ccf::GovernanceProtectedHeader::gov_msg_type
std::optional< std::string > gov_msg_type
Definition cose_auth.h:20
ccf::GovernanceProtectedHeader::gov_msg_created_at
uint64_t gov_msg_created_at
Definition cose_auth.h:22
ccf::GovernanceProtectedHeader::gov_msg_proposal_id
std::optional< std::string > gov_msg_proposal_id
Definition cose_auth.h:21
ccf::MemberCOSESign1AuthnIdentity
Definition cose_auth.h:59
ccf::MemberCOSESign1AuthnIdentity::protected_header
GovernanceProtectedHeader protected_header
Definition cose_auth.h:67
ccf::MemberCOSESign1AuthnIdentity::member_id
MemberId member_id
Definition cose_auth.h:61
ccf::MemberCOSESign1AuthnIdentity::member_cert
ccf::crypto::Pem member_cert
Definition cose_auth.h:64
ccf::MemberCOSESign1AuthnIdentity::MemberCOSESign1AuthnIdentity
MemberCOSESign1AuthnIdentity(const std::span< const uint8_t > &content_, const std::span< const uint8_t > &envelope_, const std::span< const uint8_t > &signature_, MemberId member_id_, ccf::crypto::Pem member_cert_, GovernanceProtectedHeader protected_header_)
Definition cose_auth.h:69
ccf::ProtectedHeader
Definition cose_auth.h:13
ccf::ProtectedHeader::kid
std::string kid
Definition cose_auth.h:15
ccf::ProtectedHeader::alg
int64_t alg
Definition cose_auth.h:14
ccf::TimestampedProtectedHeader
Definition cose_auth.h:26
ccf::TimestampedProtectedHeader::msg_created_at
std::optional< uint64_t > msg_created_at
Definition cose_auth.h:28
ccf::TimestampedProtectedHeader::msg_type
std::optional< std::string > msg_type
Definition cose_auth.h:27
ccf::UserCOSESign1AuthnIdentity
Definition cose_auth.h:84
ccf::UserCOSESign1AuthnIdentity::UserCOSESign1AuthnIdentity
UserCOSESign1AuthnIdentity(const std::span< const uint8_t > &content_, const std::span< const uint8_t > &envelope_, const std::span< const uint8_t > &signature_, UserId user_id_, ccf::crypto::Pem user_cert_, TimestampedProtectedHeader protected_header_)
Definition cose_auth.h:94
ccf::UserCOSESign1AuthnIdentity::user_cert
ccf::crypto::Pem user_cert
Definition cose_auth.h:89
ccf::UserCOSESign1AuthnIdentity::user_id
UserId user_id
Definition cose_auth.h:86
ccf::UserCOSESign1AuthnIdentity::protected_header
TimestampedProtectedHeader protected_header
Definition cose_auth.h:92
Generated by doxygen 1.9.8