5.x/doxygen/jwt_8h_source.html

// Copyright (c) Microsoft Corporation. All rights reserved.

// Licensed under the Apache 2.0 License.

#pragma once


#include "ccf/crypto/jwk.h"

#include "ccf/ds/json.h"

#include "ccf/service/map.h"


#include <map>

#include <optional>

#include <string>


namespace ccf

{


  struct JwtIssuerKeyPolicy

  {

    std::optional<std::map<std::string, std::string>> sgx_claims;


    bool operator!=(const JwtIssuerKeyPolicy& rhs) const

    {

      return rhs.sgx_claims != sgx_claims;

    }


  };


  DECLARE_JSON_TYPE(JwtIssuerKeyPolicy);

  DECLARE_JSON_REQUIRED_FIELDS(JwtIssuerKeyPolicy, sgx_claims);


  enum class JwtIssuerKeyFilter

  {

    All,

    SGX

  };


  DECLARE_JSON_ENUM(

    JwtIssuerKeyFilter,

    {{JwtIssuerKeyFilter::All, "all"}, {JwtIssuerKeyFilter::SGX, "sgx"}});


  struct JwtIssuerMetadata

  {

    JwtIssuerKeyFilter key_filter;

    std::optional<JwtIssuerKeyPolicy> key_policy;

    std::optional<std::string> ca_cert_bundle_name;

    bool auto_refresh = false;

  };


  DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(JwtIssuerMetadata);

  DECLARE_JSON_REQUIRED_FIELDS(JwtIssuerMetadata, key_filter);

  DECLARE_JSON_OPTIONAL_FIELDS(

    JwtIssuerMetadata, key_policy, ca_cert_bundle_name, auto_refresh);


  using JwtIssuer = std::string;

  using JwtKeyId = std::string;

  using Cert = std::vector<uint8_t>;


  struct OpenIDJWKMetadata

  {

    Cert cert;

    JwtIssuer issuer;

    std::optional<JwtIssuer> constraint;

  };


  DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(OpenIDJWKMetadata);

  DECLARE_JSON_REQUIRED_FIELDS(OpenIDJWKMetadata, cert, issuer);

  DECLARE_JSON_OPTIONAL_FIELDS(OpenIDJWKMetadata, constraint);


  using JwtIssuers = ServiceMap<JwtIssuer, JwtIssuerMetadata>;

  using JwtPublicSigningKeys =

    ServiceMap<JwtKeyId, std::vector<OpenIDJWKMetadata>>;


  namespace Tables

  {

    static constexpr auto JWT_ISSUERS = "public:ccf.gov.jwt.issuers";


    static constexpr auto JWT_PUBLIC_SIGNING_KEYS_METADATA =

      "public:ccf.gov.jwt.public_signing_keys_metadata";


    namespace Legacy

    {

      static constexpr auto JWT_PUBLIC_SIGNING_KEYS =

        "public:ccf.gov.jwt.public_signing_key";

      static constexpr auto JWT_PUBLIC_SIGNING_KEY_ISSUER =

        "public:ccf.gov.jwt.public_signing_key_issuer";


      using JwtPublicSigningKeys =

        ccf::kv::RawCopySerialisedMap<JwtKeyId, Cert>;

      using JwtPublicSigningKeyIssuer =

        ccf::kv::RawCopySerialisedMap<JwtKeyId, JwtIssuer>;

    }


  }


  struct JsonWebKeySet

  {

    std::vector<ccf::crypto::JsonWebKey> keys;


    bool operator!=(const JsonWebKeySet& rhs) const

    {

      return keys != rhs.keys;

    }


  };


  DECLARE_JSON_TYPE(JsonWebKeySet)

  DECLARE_JSON_REQUIRED_FIELDS(JsonWebKeySet, keys)

}

ccf::kv::TypedMap
Definition map.h:30

json.h

DECLARE_JSON_REQUIRED_FIELDS
#define DECLARE_JSON_REQUIRED_FIELDS(TYPE,...)
Definition json.h:712

DECLARE_JSON_TYPE
#define DECLARE_JSON_TYPE(TYPE)
Definition json.h:661

DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS
#define DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(TYPE)
Definition json.h:688

DECLARE_JSON_OPTIONAL_FIELDS
#define DECLARE_JSON_OPTIONAL_FIELDS(TYPE,...)
Definition json.h:784

DECLARE_JSON_ENUM
#define DECLARE_JSON_ENUM(TYPE,...)
Definition json.h:835

jwk.h

ccf::Tables::Legacy::JwtPublicSigningKeyIssuer
ccf::kv::RawCopySerialisedMap< JwtKeyId, JwtIssuer > JwtPublicSigningKeyIssuer
Definition jwt.h:92

ccf::Tables::Legacy::JwtPublicSigningKeys
ccf::kv::RawCopySerialisedMap< JwtKeyId, Cert > JwtPublicSigningKeys
Definition jwt.h:90

ccf::kv::RawCopySerialisedMap
TypedMap< K, V, ccf::kv::serialisers::BlitSerialiser< K >, ccf::kv::serialisers::BlitSerialiser< V > > RawCopySerialisedMap
Definition map.h:105

ccf
Definition app_interface.h:15

ccf::Cert
std::vector< uint8_t > Cert
Definition jwt.h:59

ccf::JwtIssuer
std::string JwtIssuer
Definition jwt.h:57

ccf::JwtIssuers
ServiceMap< JwtIssuer, JwtIssuerMetadata > JwtIssuers
Definition jwt.h:71

ccf::JwtIssuerKeyFilter
JwtIssuerKeyFilter
Definition jwt.h:31

ccf::JwtIssuerKeyFilter::SGX
@ SGX

ccf::JwtIssuerKeyFilter::All
@ All

ccf::JwtPublicSigningKeys
ServiceMap< JwtKeyId, std::vector< OpenIDJWKMetadata > > JwtPublicSigningKeys
Definition jwt.h:73

ccf::JwtKeyId
std::string JwtKeyId
Definition jwt.h:58

map.h

ccf::JsonWebKeySet
Definition jwt.h:97

ccf::JsonWebKeySet::keys
std::vector< ccf::crypto::JsonWebKey > keys
Definition jwt.h:98

ccf::JsonWebKeySet::operator!=
bool operator!=(const JsonWebKeySet &rhs) const
Definition jwt.h:100

ccf::JwtIssuerKeyPolicy
Definition jwt.h:16

ccf::JwtIssuerKeyPolicy::sgx_claims
std::optional< std::map< std::string, std::string > > sgx_claims
Definition jwt.h:19

ccf::JwtIssuerKeyPolicy::operator!=
bool operator!=(const JwtIssuerKeyPolicy &rhs) const
Definition jwt.h:21

ccf::JwtIssuerMetadata
Definition jwt.h:41

ccf::JwtIssuerMetadata::auto_refresh
bool auto_refresh
Whether to auto-refresh keys from the issuer.
Definition jwt.h:49

ccf::JwtIssuerMetadata::ca_cert_bundle_name
std::optional< std::string > ca_cert_bundle_name
Optional CA bundle name used for authentication when auto-refreshing.
Definition jwt.h:47

ccf::JwtIssuerMetadata::key_policy
std::optional< JwtIssuerKeyPolicy > key_policy
Optional Key Policy.
Definition jwt.h:45

ccf::JwtIssuerMetadata::key_filter
JwtIssuerKeyFilter key_filter
JWT issuer key filter.
Definition jwt.h:43

ccf::OpenIDJWKMetadata
Definition jwt.h:62

ccf::OpenIDJWKMetadata::issuer
JwtIssuer issuer
Definition jwt.h:64

ccf::OpenIDJWKMetadata::cert
Cert cert
Definition jwt.h:63

ccf::OpenIDJWKMetadata::constraint
std::optional< JwtIssuer > constraint
Definition jwt.h:65