class IncomingTopologyTransactionAuthorizationValidator extends NamedLogging with TransactionAuthorizationValidator
validate incoming topology transactions
NOT THREAD SAFE. Note that this class is not thread safe
we check three things: (1) are the signatures valid (2) are the signatures properly authorized
- load current set of authorized keys b. for each transaction, verify that the authorization key is valid. a key is a valid authorization if there is a certificate chain that originates from the root certificate at the time when the transaction is added (one by one). c. if the transaction is a namespace or identifier delegation, update its impact on the authorization set this means that if we add or remove a namespace delegation, then we need to perform a cascading update that activates or deactivates states that depend on this delegation. (3) finally, what we compute as the "authorized graph" is then used to compute the derived table of "namespace delegations"
Linear Supertypes
Ordering
- Alphabetic
- By Inheritance
Inherited
- IncomingTopologyTransactionAuthorizationValidator
- TransactionAuthorizationValidator
- NamedLogging
- AnyRef
- Any
- Hide All
- Show All
Visibility
- Public
- Protected
Instance Constructors
- new IncomingTopologyTransactionAuthorizationValidator(cryptoPureApi: CryptoPureApi, store: TopologyStore[TopologyStoreId], domainId: Option[DomainId], loggerFactory: NamedLoggerFactory)(implicit ec: ExecutionContext)
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def authorizationChainFor(uid: UniqueIdentifier, authKey: Fingerprint): Option[AuthorizationChain]
- Attributes
- protected
- Definition Classes
- TransactionAuthorizationValidator
- def authorizationChainFor(sit: SignedTopologyTransaction[TopologyChangeOp]): Option[AuthorizationChain]
- Definition Classes
- TransactionAuthorizationValidator
- def authorizedIdentifierDelegationsForUid(uid: UniqueIdentifier): Seq[AuthorizedIdentifierDelegation]
- def authorizedNamespaceDelegationsForNamespaces(namespaces: Set[Namespace]): Seq[AuthorizedNamespaceDelegation]
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @native() @HotSpotIntrinsicCandidate()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- implicit def errorLoggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- def getAuthorizationGraphForNamespace(namespace: Namespace): AuthorizationGraph
- Attributes
- protected
- Definition Classes
- TransactionAuthorizationValidator
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- def getIdentifierDelegationsForUid(uid: UniqueIdentifier): Set[AuthorizedIdentifierDelegation]
- Attributes
- protected
- Definition Classes
- TransactionAuthorizationValidator
- def getValidSigningKeysForMapping(asOf: CantonTimestamp, mapping: TopologyMapping)(implicit traceContext: TraceContext): Future[Seq[Fingerprint]]
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- val identifierDelegationCache: TrieMap[UniqueIdentifier, Set[AuthorizedIdentifierDelegation]]
- Attributes
- protected
- Definition Classes
- TransactionAuthorizationValidator
- def isAuthorizedForUid(uid: UniqueIdentifier, authKey: Fingerprint): Boolean
- Definition Classes
- TransactionAuthorizationValidator
- def isCurrentlyAuthorized(sit: SignedTopologyTransaction[TopologyChangeOp]): Boolean
- Definition Classes
- TransactionAuthorizationValidator
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- def loadAuthorizationGraphs(timestamp: CantonTimestamp, namespaces: Set[Namespace])(implicit traceContext: TraceContext, executionContext: ExecutionContext): Future[Unit]
- Attributes
- protected
- Definition Classes
- TransactionAuthorizationValidator
- def loadIdentifierDelegations(timestamp: CantonTimestamp, namespaces: Seq[Namespace], uids: Set[UniqueIdentifier])(implicit traceContext: TraceContext, executionContext: ExecutionContext): Future[Set[UniqueIdentifier]]
- Attributes
- protected
- Definition Classes
- TransactionAuthorizationValidator
- def logger: TracedLogger
- Attributes
- protected
- Definition Classes
- NamedLogging
- val loggerFactory: NamedLoggerFactory
- Definition Classes
- IncomingTopologyTransactionAuthorizationValidator → NamedLogging
- implicit def namedLoggingContext(implicit traceContext: TraceContext): NamedLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- val namespaceCache: TrieMap[Namespace, AuthorizationGraph]
- Attributes
- protected
- Definition Classes
- TransactionAuthorizationValidator
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def noTracingLogger: Logger
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @HotSpotIntrinsicCandidate()
- def reset(): Unit
- val store: TopologyStore[TopologyStoreId]
- Definition Classes
- IncomingTopologyTransactionAuthorizationValidator → TransactionAuthorizationValidator
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def toString(): String
- Definition Classes
- AnyRef → Any
- def updateIdentifierDelegationCache(uid: UniqueIdentifier, op: (Set[AuthorizedIdentifierDelegation]) => Set[AuthorizedIdentifierDelegation]): Unit
- Attributes
- protected
- Definition Classes
- TransactionAuthorizationValidator
- def validateAndUpdateHeadAuthState(timestamp: CantonTimestamp, transactions: Seq[SignedTopologyTransaction[TopologyChangeOp]])(implicit traceContext: TraceContext): Future[(UpdateAggregation, Seq[ValidatedTopologyTransaction])]
Validates the provided domain topology transactions and applies the certificates to the auth state
Validates the provided domain topology transactions and applies the certificates to the auth state
When receiving topology transactions we have to evaluate them and continuously apply any update to the namespace delegations or identifier delegations to the "head state".
And we use that "head state" to verify if the transactions are authorized or not.
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])