зеркало из https://github.com/microsoft/CCF.git
60 строки
1.4 KiB
C++
60 строки
1.4 KiB
C++
// Copyright (c) Microsoft Corporation. All rights reserved.
|
|
// Licensed under the Apache 2.0 License.
|
|
#pragma once
|
|
|
|
#include "ccf/endpoints/authentication/authentication_types.h"
|
|
|
|
namespace ccf
|
|
{
|
|
struct JwtAuthnIdentity : public AuthnIdentity
|
|
{
|
|
/** JWT key issuer, as defined in @c
|
|
* public:ccf.gov.jwt_public_signing_key_issuer */
|
|
std::string key_issuer;
|
|
/** JWT header */
|
|
nlohmann::json header;
|
|
/** JWT payload */
|
|
nlohmann::json payload;
|
|
};
|
|
|
|
struct VerifiersCache;
|
|
|
|
bool validate_issuer(
|
|
const std::string& iss,
|
|
const std::optional<std::string>& tid,
|
|
std::string constraint);
|
|
|
|
class JwtAuthnPolicy : public AuthnPolicy
|
|
{
|
|
protected:
|
|
static const OpenAPISecuritySchema security_schema;
|
|
std::unique_ptr<VerifiersCache> verifiers;
|
|
|
|
public:
|
|
static constexpr auto SECURITY_SCHEME_NAME = "jwt";
|
|
|
|
JwtAuthnPolicy();
|
|
virtual ~JwtAuthnPolicy();
|
|
|
|
std::unique_ptr<AuthnIdentity> authenticate(
|
|
ccf::kv::ReadOnlyTx& tx,
|
|
const std::shared_ptr<ccf::RpcContext>& ctx,
|
|
std::string& error_reason) override;
|
|
|
|
void set_unauthenticated_error(
|
|
std::shared_ptr<ccf::RpcContext> ctx,
|
|
std::string&& error_reason) override;
|
|
|
|
std::optional<OpenAPISecuritySchema> get_openapi_security_schema()
|
|
const override
|
|
{
|
|
return security_schema;
|
|
}
|
|
|
|
std::string get_security_scheme_name() override
|
|
{
|
|
return SECURITY_SCHEME_NAME;
|
|
}
|
|
};
|
|
}
|