CCF
Loading...
Searching...
No Matches
js.h
Go to the documentation of this file.
1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the Apache 2.0 License.
3#pragma once
4
5#include "ccf/common_auth_policies.h"
6#include "ccf/endpoint.h"
7#include "ccf/endpoints/authentication/all_of_auth.h"
8
9namespace ccf
10{
11 using NamedAuthPolicies =
12 std::unordered_map<std::string, std::shared_ptr<ccf::AuthnPolicy>>;
13
14 static inline NamedAuthPolicies& auth_policies_by_name()
15 {
16 static NamedAuthPolicies policies;
17 if (policies.empty())
18 {
19 policies.emplace(
20 ccf::UserCertAuthnPolicy::SECURITY_SCHEME_NAME,
21 ccf::user_cert_auth_policy);
22
23 policies.emplace(
24 ccf::MemberCertAuthnPolicy::SECURITY_SCHEME_NAME,
25 ccf::member_cert_auth_policy);
26
27 policies.emplace(
28 ccf::AnyCertAuthnPolicy::SECURITY_SCHEME_NAME,
29 ccf::any_cert_auth_policy);
30
31 policies.emplace(
32 ccf::JwtAuthnPolicy::SECURITY_SCHEME_NAME, ccf::jwt_auth_policy);
33
34 policies.emplace(
35 ccf::UserCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME,
36 ccf::user_cose_sign1_auth_policy);
37
38 policies.emplace(
39 ccf::EmptyAuthnPolicy::SECURITY_SCHEME_NAME, ccf::empty_auth_policy);
40 }
41
42 return policies;
43 }
44
45 static inline std::shared_ptr<ccf::AuthnPolicy> get_policy_by_name(
46 const std::string& name)
47 {
48 auto& policies = auth_policies_by_name();
49 auto it = policies.find(name);
50 if (it == policies.end())
51 {
52 return nullptr;
53 }
54
55 return it->second;
56 }
57
58 template <typename T>
59 static inline constexpr char const* get_policy_name_from_ident(const T*)
60 {
61 if constexpr (std::is_same_v<T, ccf::UserCertAuthnIdentity>)
62 {
63 return ccf::UserCertAuthnPolicy::SECURITY_SCHEME_NAME;
64 }
65 else if constexpr (std::is_same_v<T, ccf::MemberCertAuthnIdentity>)
66 {
67 return ccf::MemberCertAuthnPolicy::SECURITY_SCHEME_NAME;
68 }
69 else if constexpr (std::is_same_v<T, ccf::AnyCertAuthnIdentity>)
70 {
71 return ccf::AnyCertAuthnPolicy::SECURITY_SCHEME_NAME;
72 }
73 else if constexpr (std::is_same_v<T, ccf::JwtAuthnIdentity>)
74 {
75 return ccf::JwtAuthnPolicy::SECURITY_SCHEME_NAME;
76 }
77 else if constexpr (std::is_same_v<T, ccf::UserCOSESign1AuthnIdentity>)
78 {
79 return ccf::UserCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME;
80 }
81 else if constexpr (std::is_same_v<T, ccf::MemberCOSESign1AuthnIdentity>)
82 {
83 return ccf::MemberCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME;
84 }
85 else if constexpr (std::is_same_v<T, ccf::EmptyAuthnIdentity>)
86 {
87 return ccf::EmptyAuthnPolicy::SECURITY_SCHEME_NAME;
88 }
89 else
90 {
91 return nullptr;
92 }
93 }
94
95 static inline void instantiate_authn_policies(
96 ccf::endpoints::EndpointDefinition& endpoint)
97 {
98 for (const auto& policy_desc : endpoint.properties.authn_policies)
99 {
100 if (policy_desc.is_string())
101 {
102 const auto policy_name = policy_desc.get<std::string>();
103 auto policy = get_policy_by_name(policy_name);
104 if (policy == nullptr)
105 {
106 throw std::logic_error(
107 fmt::format("Unknown auth policy: {}", policy_name));
108 }
109 endpoint.authn_policies.push_back(std::move(policy));
110 }
111 else
112 {
113 if (policy_desc.is_object())
114 {
115 const auto it = policy_desc.find("all_of");
116 if (it != policy_desc.end())
117 {
118 if (it.value().is_array())
119 {
120 std::vector<std::shared_ptr<ccf::AuthnPolicy>>
121 constituent_policies;
122 for (const auto& val : it.value())
123 {
124 if (!val.is_string())
125 {
126 constituent_policies.clear();
127 break;
128 }
129
130 const auto policy_name = val.get<std::string>();
131 auto policy = get_policy_by_name(policy_name);
132 if (policy == nullptr)
133 {
134 throw std::logic_error(
135 fmt::format("Unknown auth policy: {}", policy_name));
136 }
137 constituent_policies.push_back(std::move(policy));
138 }
139
140 if (!constituent_policies.empty())
141 {
142 endpoint.authn_policies.push_back(
143 std::make_shared<ccf::AllOfAuthnPolicy>(
144 constituent_policies));
145 continue;
146 }
147 }
148 }
149 }
150
151 // Any failure in above checks falls through to this detailed error.
152 throw std::logic_error(fmt::format(
153 "Unsupported auth policy. Policies must be either a string, or an "
154 "object containing an \"all_of\" key with list-of-strings value. "
155 "Unsupported value: {}",
156 policy_desc.dump()));
157 }
158 }
159 }
160}
all_of_auth.h
ccf::AnyCertAuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cert_auth.h:130
ccf::EmptyAuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition empty_auth.h:17
ccf::JwtAuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition jwt_auth.h:34
ccf::MemberCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cose_auth.h:121
ccf::MemberCertAuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cert_auth.h:69
ccf::UserCOSESign1AuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cose_auth.h:190
ccf::UserCertAuthnPolicy::SECURITY_SCHEME_NAME
static constexpr auto SECURITY_SCHEME_NAME
Definition cert_auth.h:35
common_auth_policies.h
ccf
Definition app_interface.h:14
ccf::NamedAuthPolicies
std::unordered_map< std::string, std::shared_ptr< ccf::AuthnPolicy > > NamedAuthPolicies
Definition js.h:12
ccf::endpoints::EndpointDefinition
Definition endpoint.h:198
ccf::endpoints::EndpointDefinition::authn_policies
AuthnPolicies authn_policies
Definition endpoint.h:231
Generated by doxygen 1.9.8