class MemberAuthenticationService extends NamedLogging with FlagCloseable with TopologyTransactionProcessingSubscriber
The authentication service issues tokens to members after they have successfully completed the following challenge response protocol and after they have accepted the service agreement of the domain. The tokens are required for connecting to the sequencer.
In order for a member to subscribe to the sequencer, it must follow a few steps for it to authenticate. Assuming the domain already has knowledge of the member's public keys, the following steps are to be taken:
- member sends request to the domain for authenticating 2. domain returns a nonce (a challenge random number) 3. member takes the nonce, concatenates it with the identity of the domain, signs it and sends it back 4. domain checks the signature against the key of the member. if it matches, create a token and return it 5. member will use the token when subscribing to the sequencer
- Alphabetic
- By Inheritance
- MemberAuthenticationService
- TopologyTransactionProcessingSubscriber
- FlagCloseable
- AutoCloseable
- NamedLogging
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new MemberAuthenticationService(domain: DomainId, cryptoApi: DomainSyncCryptoClient, store: MemberAuthenticationStore, agreementManager: Option[ServiceAgreementManager], clock: Clock, nonceExpirationTime: Duration, tokenExpirationTime: Duration, invalidateMemberCallback: (Traced[Member]) => Unit, isTopologyInitialized: Future[Unit], timeouts: ProcessingTimeout, loggerFactory: NamedLoggerFactory, auditLogger: TracedLogger)(implicit ec: ExecutionContext)
- invalidateMemberCallback
Called when a member is explicitly deactivated on the domain so all active subscriptions for this member should be terminated.
Type Members
- case class ReaderState(count: Int, readers: MultiSet[String]) extends Product with Serializable
- Definition Classes
- FlagCloseable
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native() @HotSpotIntrinsicCandidate()
- final def close(): Unit
Blocks until all earlier tasks have completed and then prevents further tasks from being run.
Blocks until all earlier tasks have completed and then prevents further tasks from being run.
- Definition Classes
- FlagCloseable → AutoCloseable
- Annotations
- @SuppressWarnings()
- def closingTimeout: FiniteDuration
- Attributes
- protected
- Definition Classes
- FlagCloseable
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- implicit def errorLoggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- def generateNonce(member: Member)(implicit traceContext: TraceContext): EitherT[Future, AuthenticationError, (Nonce, NonEmpty[Seq[Fingerprint]])]
Domain generates nonce that he expects the participant to use to concatenate with the domain's id and sign to proceed with the authentication (step 2).
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- def internalPerformUnlessClosingF[A](name: String)(f: => Future[A])(implicit ec: ExecutionContext, traceContext: TraceContext): UnlessShutdown[Future[A]]
- Attributes
- protected
- Definition Classes
- FlagCloseable
- def isClosing: Boolean
Check whether we're closing.
Check whether we're closing. Susceptible to race conditions; unless you're using using this as a flag to the retry lib or you really know what you're doing, prefer performUnlessClosing and friends.
- Definition Classes
- FlagCloseable
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- def isParticipantActive(participant: ParticipantId)(implicit traceContext: TraceContext): Future[Boolean]
- Attributes
- protected
- def keepTrackOfOpenFutures: Boolean
track running futures on shutdown
track running futures on shutdown
set to true to get detailed information about all futures that did not complete during shutdown. if set to false, we don't do anything.
- Attributes
- protected
- Definition Classes
- FlagCloseable
- def logger: TracedLogger
- Attributes
- protected
- Definition Classes
- NamedLogging
- val loggerFactory: NamedLoggerFactory
- Definition Classes
- MemberAuthenticationService → NamedLogging
- def maxSleepMillis: Long
- Attributes
- protected
- Definition Classes
- FlagCloseable
- implicit def namedLoggingContext(implicit traceContext: TraceContext): NamedLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def noTracingLogger: Logger
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- def observed(sequencerTimestamp: SequencedTime, effectiveTimestamp: EffectiveTime, sc: SequencerCounter, transactions: Seq[SignedTopologyTransaction[TopologyChangeOp]])(implicit traceContext: TraceContext): FutureUnlessShutdown[Unit]
domain topology client subscriber used to remove member tokens if they get disabled
domain topology client subscriber used to remove member tokens if they get disabled
- Definition Classes
- MemberAuthenticationService → TopologyTransactionProcessingSubscriber
- def onClosed(): Unit
- Definition Classes
- MemberAuthenticationService → FlagCloseable
- def performUnlessClosing[A](name: String)(f: => A)(implicit traceContext: TraceContext): UnlessShutdown[A]
Performs the task given by
funless a shutdown has been initiated.Performs the task given by
funless a shutdown has been initiated. The shutdown will only begin afterfcompletes, but other tasks may execute concurrently withf, if started using this function, or one of the other variants (performUnlessClosingF and performUnlessClosingEitherT). The tasks are assumed to take less than closingTimeout to complete.DO NOT CALL
this.closeas part off, because it will result in a deadlock.- f
The task to perform
- returns
scala.None$ if a shutdown has been initiated. Otherwise the result of the task.
- Definition Classes
- FlagCloseable
- def performUnlessClosingCheckedT[A, N, R](name: String, onClosing: Checked[A, N, R])(etf: => CheckedT[Future, A, N, R])(implicit ec: ExecutionContext, traceContext: TraceContext): CheckedT[Future, A, N, R]
- Definition Classes
- FlagCloseable
- def performUnlessClosingEitherT[E, R](name: String, onClosing: => E)(etf: => EitherT[Future, E, R])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[Future, E, R]
Performs the EitherT[Future] given by
etfunless a shutdown has been initiated, in which case the provided error is returned instead.Performs the EitherT[Future] given by
etfunless a shutdown has been initiated, in which case the provided error is returned instead. Bothetfand the error are lazy;etfis only evaluated if there is no shutdown, the error only if we're shutting down. The shutdown will only begin afteretfcompletes, but other tasks may execute concurrently withetf, if started using this function, or one of the other variants (performUnlessClosing and performUnlessClosingF). The tasks are assumed to take less than closingTimeout to complete.DO NOT CALL
this.closeas part ofetf, because it will result in a deadlock.- etf
The task to perform
- Definition Classes
- FlagCloseable
- def performUnlessClosingEitherTF[E, R](name: String, onClosing: => E)(etf: => EitherT[Future, E, Future[R]])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[Future, E, Future[R]]
- Definition Classes
- FlagCloseable
- def performUnlessClosingEitherU[E, R](name: String)(etf: => EitherT[Future, E, R])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[FutureUnlessShutdown, E, R]
- Definition Classes
- FlagCloseable
- def performUnlessClosingF[A](name: String)(f: => Future[A])(implicit ec: ExecutionContext, traceContext: TraceContext): FutureUnlessShutdown[A]
Performs the Future given by
funless a shutdown has been initiated.Performs the Future given by
funless a shutdown has been initiated. The future is lazy and not evaluated during shutdown. The shutdown will only begin afterfcompletes, but other tasks may execute concurrently withf, if started using this function, or one of the other variants (performUnlessClosing and performUnlessClosingEitherT). The tasks are assumed to take less than closingTimeout to complete.DO NOT CALL
this.closeas part off, because it will result in a deadlock.- f
The task to perform
- returns
The future completes with com.digitalasset.canton.lifecycle.UnlessShutdown.AbortedDueToShutdown if a shutdown has been initiated. Otherwise the result of the task wrapped in com.digitalasset.canton.lifecycle.UnlessShutdown.Outcome.
- Definition Classes
- FlagCloseable
- def performUnlessClosingUSF[A](name: String)(f: => FutureUnlessShutdown[A])(implicit ec: ExecutionContext, traceContext: TraceContext): FutureUnlessShutdown[A]
- Definition Classes
- FlagCloseable
- def runOnShutdown[T](task: RunOnShutdown)(implicit traceContext: TraceContext): Unit
Register a task to run when shutdown is initiated.
Register a task to run when shutdown is initiated.
You can use this for example to register tasks that cancel long-running computations, whose termination you can then wait for in "closeAsync".
- Definition Classes
- FlagCloseable
- def runStateChanged(waitingState: Boolean = false): Unit
- Attributes
- protected
- Definition Classes
- FlagCloseable
- Annotations
- @VisibleForTesting()
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- val timeouts: ProcessingTimeout
- Definition Classes
- MemberAuthenticationService → FlagCloseable
- def toString(): String
- Definition Classes
- AnyRef → Any
- def updateHead(effectiveTimestamp: EffectiveTime, approximateTimestamp: ApproximateTime, potentialTopologyChange: Boolean)(implicit traceContext: TraceContext): Unit
Inform the subscriber about non-idm changes (mostly about the timestamp)
Inform the subscriber about non-idm changes (mostly about the timestamp)
- Definition Classes
- MemberAuthenticationService → TopologyTransactionProcessingSubscriber
- def validateSignature(member: Member, signature: Signature, providedNonce: Nonce)(implicit traceContext: TraceContext): EitherT[Future, AuthenticationError, AuthenticationTokenWithExpiry]
Domain checks that the signature given by the member matches and returns a token if it does (step 4) Al
- def validateToken(intendedDomain: DomainId, member: Member, token: AuthenticationToken)(implicit traceContext: TraceContext): EitherT[Future, AuthenticationError, StoredAuthenticationToken]
Domain checks if the token given by the participant is the one previously assigned to it for authentication.
Domain checks if the token given by the participant is the one previously assigned to it for authentication. The participant also provides the domain id for which they think they are connecting to. If this id does not match this domain's id, it means the participant was previously connected to a different domain on the same address and now should be informed that this address now hosts a different domain.
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- object ReaderState extends Serializable
- Definition Classes
- FlagCloseable