c

com.digitalasset.canton.topology.processing

IncomingTopologyTransactionAuthorizationValidator

class IncomingTopologyTransactionAuthorizationValidator extends NamedLogging

validate incoming topology transactions

NOT THREAD SAFE. Note that this class is not thread safe

we check three things: (1) are the signatures valid (2) are the signatures properly authorized

  1. load current set of authorized keys b. for each transaction, verify that the authorization key is valid. a key is a valid authorization if there is a certificate chain that originates from the root certificate at the time when the transaction is added (one by one). c. if the transaction is a namespace or identifier delegation, update its impact on the authorization set this means that if we add or remove a namespace delegation, then we need to perform a cascading update that activates or deactivates states that depend on this delegation. (3) finally, what we compute as the "authorized graph" is then used to compute the derived table of "namespace delegations"
Linear Supertypes
NamedLogging, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. IncomingTopologyTransactionAuthorizationValidator
  2. NamedLogging
  3. AnyRef
  4. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new IncomingTopologyTransactionAuthorizationValidator(cryptoPureApi: CryptoPureApi, store: TopologyStore, domainId: Option[DomainId], loggerFactory: NamedLoggerFactory)(implicit ec: ExecutionContext)

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def authorizedIdentifierDelegationsForUid(uid: UniqueIdentifier): Seq[AuthorizedIdentifierDelegation]
  6. def authorizedNamespaceDelegationsForNamespaces(namespaces: Set[Namespace]): Seq[AuthorizedNamespaceDelegation]
  7. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @HotSpotIntrinsicCandidate()
  8. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  9. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  10. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  11. def getValidSigningKeysForMapping(asOf: CantonTimestamp, mapping: TopologyMapping)(implicit traceContext: TraceContext): Future[Seq[Fingerprint]]
  12. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  13. def isAuthorizedForUid(uid: UniqueIdentifier, authKey: Fingerprint): Boolean
  14. def isCurrentlyAuthorized(sit: SignedTopologyTransaction[TopologyChangeOp]): Boolean
  15. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  16. def logger: TracedLogger
    Attributes
    protected
    Definition Classes
    NamedLogging
  17. val loggerFactory: NamedLoggerFactory
    Definition Classes
    IncomingTopologyTransactionAuthorizationValidatorNamedLogging
  18. implicit def loggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  19. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  20. def noTracingLogger: Logger
    Attributes
    protected
    Definition Classes
    NamedLogging
  21. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  22. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  23. def reset(): Unit
  24. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  25. def toString(): String
    Definition Classes
    AnyRef → Any
  26. def validateAndUpdateHeadAuthState(timestamp: CantonTimestamp, transactions: Seq[SignedTopologyTransaction[TopologyChangeOp]])(implicit traceContext: TraceContext): Future[(UpdateAggregation, Seq[ValidatedTopologyTransaction])]

    Validates the provided domain topology transactions and applies the certificates to the auth state

    Validates the provided domain topology transactions and applies the certificates to the auth state

    When receiving topology transactions we have to evaluate them and continuously apply any update to the namespace delegations or identifier delegations to the "head state".

    And we use that "head state" to verify if the transactions are authorized or not.

  27. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  28. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  29. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated
    Deprecated

Inherited from NamedLogging

Inherited from AnyRef

Inherited from Any

Ungrouped