1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

use crate::core::{
    common::{
        crypto::signature::PublicKey,
        sgx::{EnclaveIdentity, QuotePolicy},
    },
    consensus::beacon::EpochTime,
};

/// Per-application ROFL policy.
#[derive(Clone, Debug, PartialEq, Eq, Default, cbor::Encode, cbor::Decode)]
pub struct AppAuthPolicy {
    /// Quote policy.
    pub quotes: QuotePolicy,
    /// The set of allowed enclave identities.
    pub enclaves: Vec<EnclaveIdentity>,
    /// The set of allowed endorsements.
    pub endorsements: Vec<AllowedEndorsement>,
    /// Gas fee payment policy.
    pub fees: FeePolicy,
    /// Maximum number of future epochs for which one can register.
    pub max_expiration: EpochTime,
}

/// An allowed endorsement policy.
#[derive(Clone, Debug, PartialEq, Eq, cbor::Encode, cbor::Decode)]
#[cbor(no_default)]
pub enum AllowedEndorsement {
    /// Any node can endorse the enclave.
    #[cbor(rename = "any", as_struct)]
    Any,
    /// Compute node for the current runtime can endorse the enclave.
    #[cbor(rename = "role_compute", as_struct)]
    ComputeRole,
    /// Observer node for the current runtime can endorse the enclave.
    #[cbor(rename = "role_observer", as_struct)]
    ObserverRole,
    /// Registered node from a specific entity can endorse the enclave.
    #[cbor(rename = "entity")]
    Entity(PublicKey),
    /// Specific node can endorse the enclave.
    #[cbor(rename = "node")]
    Node(PublicKey),
}

/// Gas fee payment policy.
#[derive(Clone, Debug, Default, PartialEq, Eq, cbor::Encode, cbor::Decode)]
#[repr(u8)]
pub enum FeePolicy {
    /// Application enclave pays the gas fees.
    InstancePays = 1,
    /// Endorsing node pays the gas fees.
    #[default]
    EndorsingNodePays = 2,
}