pub struct AttestationReportVerifier {
pub accepted_enclave_attrs: Vec<EnclaveAttr>,
pub root_ca: Vec<u8>,
pub verifier: AttestationReportVerificationFn,
}
Expand description
Type used to verify attestation reports (this can be set as a certificate
verifier in rustls::ClientConfig
).
Fields
accepted_enclave_attrs: Vec<EnclaveAttr>
Valid enclave attributes (only enclaves with attributes in this vector will be accepted).
root_ca: Vec<u8>
Root certificate of the attestation service provider (e.g., IAS).
verifier: AttestationReportVerificationFn
User defined function to verify the attestation report.
Implementations
sourceimpl AttestationReportVerifier
impl AttestationReportVerifier
pub fn new(
accepted_enclave_attrs: Vec<EnclaveAttr>,
root_ca: &[u8],
verifier: AttestationReportVerificationFn
) -> Self
Trait Implementations
sourceimpl ClientCertVerifier for AttestationReportVerifier
impl ClientCertVerifier for AttestationReportVerifier
sourcefn offer_client_auth(&self) -> bool
fn offer_client_auth(&self) -> bool
Returns
true
to enable the server to request a client certificate and
false
to skip requesting a client certificate. Defaults to true
. Read moresourcefn client_auth_root_subjects(
&self,
_sni: Option<&DNSName>
) -> Option<DistinguishedNames>
fn client_auth_root_subjects(
&self,
_sni: Option<&DNSName>
) -> Option<DistinguishedNames>
Returns the subject names of the client authentication trust anchors to
share with the client when requesting client authentication. Read more
sourcefn verify_client_cert(
&self,
certs: &[Certificate],
_sni: Option<&DNSName>
) -> Result<ClientCertVerified, TLSError>
fn verify_client_cert(
&self,
certs: &[Certificate],
_sni: Option<&DNSName>
) -> Result<ClientCertVerified, TLSError>
Verify a certificate chain.
presented_certs
is the certificate chain from the client. Read moresourcefn client_auth_mandatory(&self, _sni: Option<&DNSName>) -> Option<bool>
fn client_auth_mandatory(&self, _sni: Option<&DNSName>) -> Option<bool>
Return
Some(true)
to require a client certificate and Some(false)
to make
client authentication optional. Return None
to abort the connection.
Defaults to Some(self.offer_client_auth())
. Read moresourcefn verify_tls12_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
fn verify_tls12_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
Verify a signature allegedly by the given server certificate. Read more
sourcefn verify_tls13_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
fn verify_tls13_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
Verify a signature allegedly by the given server certificate. Read more
sourcefn supported_verify_schemes(&self) -> Vec<SignatureScheme, Global>
fn supported_verify_schemes(&self) -> Vec<SignatureScheme, Global>
Return the list of SignatureSchemes that this verifier will handle,
in
verify_tls12_signature
and verify_tls13_signature
calls. Read moresourceimpl Clone for AttestationReportVerifier
impl Clone for AttestationReportVerifier
sourcefn clone(&self) -> AttestationReportVerifier
fn clone(&self) -> AttestationReportVerifier
Returns a copy of the value. Read more
1.0.0const fn clone_from(&mut self, source: &Self)
const fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source
. Read moresourceimpl ServerCertVerifier for AttestationReportVerifier
impl ServerCertVerifier for AttestationReportVerifier
sourcefn verify_server_cert(
&self,
_roots: &RootCertStore,
certs: &[Certificate],
_hostname: DNSNameRef<'_>,
_ocsp: &[u8]
) -> Result<ServerCertVerified, TLSError>
fn verify_server_cert(
&self,
_roots: &RootCertStore,
certs: &[Certificate],
_hostname: DNSNameRef<'_>,
_ocsp: &[u8]
) -> Result<ServerCertVerified, TLSError>
Verify a the certificate chain
presented_certs
against the roots
configured in roots
. Make sure that dns_name
is quoted by
the top certificate in the chain. Read moresourcefn verify_tls12_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
fn verify_tls12_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
Verify a signature allegedly by the given server certificate. Read more
sourcefn verify_tls13_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
fn verify_tls13_signature(
&self,
message: &[u8],
cert: &Certificate,
dss: &DigitallySignedStruct
) -> Result<HandshakeSignatureValid, TLSError>
Verify a signature allegedly by the given server certificate. Read more
sourcefn supported_verify_schemes(&self) -> Vec<SignatureScheme, Global>
fn supported_verify_schemes(&self) -> Vec<SignatureScheme, Global>
Return the list of SignatureSchemes that this verifier will handle,
in
verify_tls12_signature
and verify_tls13_signature
calls. Read moreAuto Trait Implementations
impl RefUnwindSafe for AttestationReportVerifier
impl Send for AttestationReportVerifier
impl Sync for AttestationReportVerifier
impl Unpin for AttestationReportVerifier
impl UnwindSafe for AttestationReportVerifier
Blanket Implementations
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
const: unstablefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<T> Instrument for T
impl<T> Instrument for T
sourcefn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
sourcefn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
sourceimpl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
sourcefn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
Wrap the input message
T
in a tonic::Request
impl<T> ToOwned for Twhere
T: Clone,
impl<T> ToOwned for Twhere
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
fn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
Uses borrowed data to replace owned data, usually by cloning. Read more