coapcore/
generalclaims.rs

1//! Abstractions around the permissions of a particular security context.
2
3use crate::scope::Scope;
4
5/// Claims about a peer that are independent of the security mechanism.
6///
7/// A [`GeneralClaims`] instance represents processed properties of a particular security
8/// connection peer.
9///
10/// The data is similar to a CWT's claims, but does not include ACE profile specifics (eg. the
11/// confirmation data), may come from a source that does not even originally stem from ACE (eg.
12/// when a raw public key is known) and also contains data not typically expressed in a CWT (eg.
13/// whether these claims represent a more valuable connection for the purpose of discarding
14/// connections).
15pub trait GeneralClaims: core::fmt::Debug {
16    /// An internal representation of a scope (which may be parsed from a CWT).
17    ///
18    /// Being generic, this allow both to transport claims in their original form (copied into a
19    /// buffer and processed request by request) or to be preprocessed further (eg. converting
20    /// paths in an AIF into an enum that indicates a resource).
21    type Scope: Scope;
22
23    /// Accesses the scope of the claim.
24    ///
25    /// This is used to decide whether a particular request is allowed on a particular resource.
26    fn scope(&self) -> &Self::Scope;
27
28    /// Accesses the temporal validity of the claim.
29    ///
30    /// This is evaluated independently of the request's content, and may be evaluated without a
31    /// request when eviction of a security context is being considered.
32    fn time_constraint(&self) -> crate::time::TimeConstraint;
33
34    /// Access whether a security context is important.
35    ///
36    /// This is intentionally vague (importance of a security context can vary by application), but
37    /// useful for keeping administrative security contexts around even when attackers can create
38    /// many low-authorization contexts.
39    fn is_important(&self) -> bool {
40        false
41    }
42}
43
44impl GeneralClaims for core::convert::Infallible {
45    type Scope = core::convert::Infallible;
46
47    fn scope(&self) -> &Self::Scope {
48        self
49    }
50
51    fn time_constraint(&self) -> crate::time::TimeConstraint {
52        match *self {}
53    }
54}
55
56/// An implementation of [`GeneralClaims`] that puts no additional restrictions on the [`Scope`]
57/// `S` it contains.
58#[derive(Debug)]
59pub struct Unlimited<S: Scope>(pub S);
60
61impl<S: Scope> GeneralClaims for Unlimited<S> {
62    type Scope = S;
63
64    fn scope(&self) -> &Self::Scope {
65        &self.0
66    }
67
68    fn time_constraint(&self) -> crate::time::TimeConstraint {
69        crate::time::TimeConstraint::unbounded()
70    }
71}