mls_rs_core/identity/provider.rs
1// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
2// Copyright by contributors to this project.
3// SPDX-License-Identifier: (Apache-2.0 OR MIT)
4
5use crate::{error::IntoAnyError, extension::ExtensionList, group::GroupContext, time::MlsTime};
6#[cfg(mls_build_async)]
7use alloc::boxed::Box;
8use alloc::vec::Vec;
9
10use super::{CredentialType, SigningIdentity};
11
12#[derive(Clone, Copy, PartialEq, Eq, Debug)]
13#[cfg_attr(feature = "serde", derive(serde::Serialize,))]
14#[non_exhaustive]
15pub enum MemberValidationContext<'a> {
16 ForCommit {
17 current_context: &'a GroupContext,
18 new_extensions: &'a ExtensionList,
19 },
20 ForNewGroup {
21 current_context: &'a GroupContext,
22 },
23 None,
24}
25
26impl MemberValidationContext<'_> {
27 pub fn new_extensions(&self) -> Option<&ExtensionList> {
28 match self {
29 Self::ForCommit { new_extensions, .. } => Some(*new_extensions),
30 Self::ForNewGroup { current_context } => Some(¤t_context.extensions),
31 Self::None => None,
32 }
33 }
34}
35
36/// Identity system that can be used to validate a
37/// [`SigningIdentity`](mls-rs-core::identity::SigningIdentity)
38#[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)]
39#[cfg_attr(mls_build_async, maybe_async::must_be_async)]
40pub trait IdentityProvider: Send + Sync {
41 /// Error type that this provider returns on internal failure.
42 type Error: IntoAnyError;
43
44 /// Determine if `signing_identity` is valid for a group member.
45 ///
46 /// A `timestamp` value can optionally be supplied to aid with validation
47 /// of a [`Credential`](mls-rs-core::identity::Credential) that requires
48 /// time based context. For example, X.509 certificates can become expired.
49 async fn validate_member(
50 &self,
51 signing_identity: &SigningIdentity,
52 timestamp: Option<MlsTime>,
53 context: MemberValidationContext<'_>,
54 ) -> Result<(), Self::Error>;
55
56 /// Determine if `signing_identity` is valid for an external sender in
57 /// the ExternalSendersExtension stored in the group context.
58 ///
59 /// A `timestamp` value can optionally be supplied to aid with validation
60 /// of a [`Credential`](mls-rs-core::identity::Credential) that requires
61 /// time based context. For example, X.509 certificates can become expired.
62 async fn validate_external_sender(
63 &self,
64 signing_identity: &SigningIdentity,
65 timestamp: Option<MlsTime>,
66 extensions: Option<&ExtensionList>,
67 ) -> Result<(), Self::Error>;
68
69 /// A unique identifier for `signing_identity`.
70 ///
71 /// The MLS protocol requires that each member of a group has a
72 /// unique identifiers, which is determined by the application.
73 /// The identity must be stable over the lifetime of the group.
74 ///
75 /// The identity does not need to be consistent for different
76 /// group members: Alice might use `b"bob-123"` as the identity
77 /// for Bob, while Bob on his side could use `b"Bob"` for himself.
78 async fn identity(
79 &self,
80 signing_identity: &SigningIdentity,
81 extensions: &ExtensionList,
82 ) -> Result<Vec<u8>, Self::Error>;
83
84 /// Determines if `successor` can remove `predecessor` as part of an external commit.
85 ///
86 /// The MLS protocol allows for removal of an existing member when adding a
87 /// new member via external commit. This function determines if a removal
88 /// should be allowed by providing the target member to be removed as
89 /// `predecessor` and the new member as `successor`.
90 async fn valid_successor(
91 &self,
92 predecessor: &SigningIdentity,
93 successor: &SigningIdentity,
94 extensions: &ExtensionList,
95 ) -> Result<bool, Self::Error>;
96
97 /// Credential types that are supported by this provider.
98 fn supported_types(&self) -> Vec<CredentialType>;
99}