class AuthorizationGraph extends NamedLogging

maintain a dependency graph for the namespace delegations

namespace delegations are a bit tricky as there can be an arbitrary number of delegations before we reach the actual key that will be used for authorizations. think of it as a certificate chain where we get a series of certificates and we need to figure out a path from one certificate to the root certificate.

NOTE: this class is not thread-safe

properties of the graph:

  • the nodes are the target key fingerprints
  • the node with fingerprint of the namespace is the root node
  • the edges between the nodes are the authorizations where key A authorizes key B to act on the namespace in this case, the authorization is outgoing from A and incoming to B.
  • the graph SHOULD be directed acyclic graph, but we MIGHT have cycles (i.e. key A authorizing B, B authorizing A). we don't need to make a fuss about cycles in the graph. we just ignore / report them assuming it was an admin mistake, but we don't get confused.
  • root certificates are edges pointing to the node itself. they are separate such that they don't show up in the list of incoming / outgoing.
  • we track for each node the set of outgoing edges and incoming edges. an outgoing edge is a delegation where the source node is authorizing a target node. obviously every outgoing edge is also an incoming edge.

computation task:

  • once we've modified the graph, we compute the nodes that are somehow connected to the root node.

purpose:

  • once we know which target keys are actually authorized to act on this particular namespace, we can then use this information to find out which resulting mapping is properly authorized and which one not.

authorization checks:

  • when adding "single transactions", we do check that the transaction is properly authorized. otherwise we "ignore" it (returning false). this is used during processing.
  • when adding "batch transactions", we don't check that all of them are properly authorized, as we do allow temporarily "nodes" to be unauthorized (so that errors can be fixed by adding a replacement certificate)
  • when removing transactions, we do check that the authorizing key is authorized. but note that the authorizing key of an edge REMOVAL doesn't need to match the key used to authorized the ADD.
Linear Supertypes
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. AuthorizationGraph
  2. NamedLogging
  3. AnyRef
  4. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new AuthorizationGraph(namespace: Namespace, extraDebugInfo: Boolean, loggerFactory: NamedLoggerFactory)

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. def add(item: AuthorizedNamespaceDelegation)(implicit traceContext: TraceContext): Boolean
  5. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  6. def authorizationChain(startAuthKey: Fingerprint, requireRoot: Boolean): Option[AuthorizationChain]
  7. def authorizedDelegations(): Seq[AuthorizedNamespaceDelegation]
  8. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @HotSpotIntrinsicCandidate()
  9. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  10. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  11. implicit def errorLoggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  12. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  13. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  14. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  15. def isValidAuthorizationKey(authKey: Fingerprint, requireRoot: Boolean): Boolean
  16. def logger: TracedLogger
    Attributes
    protected
    Definition Classes
    NamedLogging
  17. val loggerFactory: NamedLoggerFactory
    Definition Classes
    AuthorizationGraphNamedLogging
  18. implicit def namedLoggingContext(implicit traceContext: TraceContext): NamedLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  19. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  20. def noTracingLogger: Logger
    Attributes
    protected
    Definition Classes
    NamedLogging
  21. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  22. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  23. def recompute()(implicit traceContext: TraceContext): Unit
    Attributes
    protected
  24. def remove(item: AuthorizedNamespaceDelegation)(implicit traceContext: TraceContext): Boolean
  25. def report()(implicit traceContext: TraceContext): Unit
  26. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  27. def toString(): String
    Definition Classes
    AnyRef → Any
  28. def unauthorizedAdd(items: Seq[AuthorizedNamespaceDelegation])(implicit traceContext: TraceContext): Unit
  29. def unauthorizedRemove(items: Seq[AuthorizedNamespaceDelegation])(implicit traceContext: TraceContext): Unit
  30. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  31. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  32. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated @Deprecated
    Deprecated

Inherited from NamedLogging

Inherited from AnyRef

Inherited from Any

Ungrouped