class MemberAuthenticationService extends NamedLogging with Subscriber
The authentication service issues tokens to members after successfully completed the following challenge response protocol and after they have accepted the service agreement of the domain. The tokens are required for connecting to the sequencer.
In order for a member to subscribe to the sequencer, it must follow a few steps for it to authenticate. Assuming the domain already has knowledge of the member's public keys, the following steps are to be taken:
- member sends request to the domain for authenticating 2. domain returns a nonce (a challenge random number) 3. member takes the nonce, concatenates it with the identity of the domain, signs it and sends it back 4. domain checks the signature against the key of the member. if it matches, create a token and return it 5. member will use the token when subscribing to the sequencer
- Alphabetic
- By Inheritance
- MemberAuthenticationService
- Subscriber
- NamedLogging
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new MemberAuthenticationService(domain: DomainId, cryptoApi: DomainSyncCryptoClient, store: MemberAuthenticationStore, agreementManager: Option[ServiceAgreementManager], clock: Clock, nonceExpirationTime: Duration, tokenExpirationTime: Duration, invalidateMemberCallback: (Traced[Member]) => Unit, isTopologyInitialized: Future[Unit], loggerFactory: NamedLoggerFactory, auditLogger: TracedLogger)(implicit ec: ExecutionContext)
- invalidateMemberCallback
Called when a member is explicitly deactivated on the domain so all active subscriptions for this member should be terminated.
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native() @HotSpotIntrinsicCandidate()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- def generateNonce(member: Member)(implicit traceContext: TraceContext): EitherT[Future, AuthenticationError, (Nonce, NonEmptyList[Fingerprint])]
Domain generates nonce that he expects the participant to use to concatenate with the domain's id and sign to proceed with the authentication (step 2).
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- def isParticipantActive(participant: ParticipantId)(implicit traceContext: TraceContext): Future[Boolean]
- Attributes
- protected
- def logger: TracedLogger
- Attributes
- protected
- Definition Classes
- NamedLogging
- val loggerFactory: NamedLoggerFactory
- Definition Classes
- MemberAuthenticationService → NamedLogging
- implicit def loggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def noTracingLogger: Logger
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- def observed(sequencerTimestamp: SequencedTime, effectiveTimestamp: EffectiveTime, sc: SequencerCounter, transactions: Seq[SignedTopologyTransaction[TopologyChangeOp]])(implicit traceContext: TraceContext): Unit
domain topology client subscriber used to remove member tokens if they get disabled
domain topology client subscriber used to remove member tokens if they get disabled
- Definition Classes
- MemberAuthenticationService → Subscriber
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def toString(): String
- Definition Classes
- AnyRef → Any
- def validateSignature(member: Member, signature: Signature, providedNonce: Nonce)(implicit traceContext: TraceContext): EitherT[Future, AuthenticationError, AuthenticationTokenWithExpiry]
Domain checks that the signature given by the member matches and returns a token if it does (step 4) Al
- def validateToken(intendedDomain: DomainId, member: Member, token: AuthenticationToken)(implicit traceContext: TraceContext): EitherT[Future, AuthenticationError, StoredAuthenticationToken]
Domain checks if the token given by the participant is the one previously assigned to it for authentication.
Domain checks if the token given by the participant is the one previously assigned to it for authentication. The participant also provides the domain id for which they think they are connecting to. If this id does not match this domain's id, it means the participant was previously connected to a different domain on the same address and now should be informed that this address now hosts a different domain.
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])