c

com.digitalasset.canton.topology.processing

IncomingTopologyTransactionAuthorizationValidator

class IncomingTopologyTransactionAuthorizationValidator extends NamedLogging with TransactionAuthorizationValidator

validate incoming topology transactions

NOT THREAD SAFE. Note that this class is not thread safe

we check three things: (1) are the signatures valid (2) are the signatures properly authorized

  1. load current set of authorized keys b. for each transaction, verify that the authorization key is valid. a key is a valid authorization if there is a certificate chain that originates from the root certificate at the time when the transaction is added (one by one). c. if the transaction is a namespace or identifier delegation, update its impact on the authorization set this means that if we add or remove a namespace delegation, then we need to perform a cascading update that activates or deactivates states that depend on this delegation. (3) finally, what we compute as the "authorized graph" is then used to compute the derived table of "namespace delegations"
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. IncomingTopologyTransactionAuthorizationValidator
  2. TransactionAuthorizationValidator
  3. NamedLogging
  4. AnyRef
  5. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new IncomingTopologyTransactionAuthorizationValidator(cryptoPureApi: CryptoPureApi, store: TopologyStore[TopologyStoreId], domainId: Option[DomainId], loggerFactory: NamedLoggerFactory)(implicit ec: ExecutionContext)

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def authorizationChainFor(uid: UniqueIdentifier, authKey: Fingerprint): Option[AuthorizationChain]
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationValidator
  6. def authorizationChainFor(sit: SignedTopologyTransaction[TopologyChangeOp]): Option[AuthorizationChain]
  7. def authorizedIdentifierDelegationsForUid(uid: UniqueIdentifier): Seq[AuthorizedIdentifierDelegation]
  8. def authorizedNamespaceDelegationsForNamespaces(namespaces: Set[Namespace]): Seq[AuthorizedNamespaceDelegation]
  9. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @HotSpotIntrinsicCandidate()
  10. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  11. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  12. implicit def errorLoggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  13. def getAuthorizationGraphForNamespace(namespace: Namespace): AuthorizationGraph
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationValidator
  14. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  15. def getIdentifierDelegationsForUid(uid: UniqueIdentifier): Set[AuthorizedIdentifierDelegation]
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationValidator
  16. def getValidSigningKeysForMapping(asOf: CantonTimestamp, mapping: TopologyMapping)(implicit traceContext: TraceContext): Future[Seq[Fingerprint]]
  17. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  18. val identifierDelegationCache: TrieMap[UniqueIdentifier, Set[AuthorizedIdentifierDelegation]]
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationValidator
  19. def isAuthorizedForUid(uid: UniqueIdentifier, authKey: Fingerprint): Boolean
  20. def isCurrentlyAuthorized(sit: SignedTopologyTransaction[TopologyChangeOp]): Boolean
  21. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  22. def loadAuthorizationGraphs(timestamp: CantonTimestamp, namespaces: Set[Namespace])(implicit traceContext: TraceContext, executionContext: ExecutionContext): Future[Unit]
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationValidator
  23. def loadIdentifierDelegations(timestamp: CantonTimestamp, namespaces: Seq[Namespace], uids: Set[UniqueIdentifier])(implicit traceContext: TraceContext, executionContext: ExecutionContext): Future[Set[UniqueIdentifier]]
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationValidator
  24. def logger: TracedLogger
    Attributes
    protected
    Definition Classes
    NamedLogging
  25. val loggerFactory: NamedLoggerFactory
  26. implicit def namedLoggingContext(implicit traceContext: TraceContext): NamedLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  27. val namespaceCache: TrieMap[Namespace, AuthorizationGraph]
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationValidator
  28. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  29. def noTracingLogger: Logger
    Attributes
    protected
    Definition Classes
    NamedLogging
  30. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  31. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  32. def reset(): Unit
  33. val store: TopologyStore[TopologyStoreId]
  34. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  35. def toString(): String
    Definition Classes
    AnyRef → Any
  36. def updateIdentifierDelegationCache(uid: UniqueIdentifier, op: (Set[AuthorizedIdentifierDelegation]) => Set[AuthorizedIdentifierDelegation]): Unit
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationValidator
  37. def validateAndUpdateHeadAuthState(timestamp: CantonTimestamp, transactions: Seq[SignedTopologyTransaction[TopologyChangeOp]])(implicit traceContext: TraceContext): Future[(UpdateAggregation, Seq[ValidatedTopologyTransaction])]

    Validates the provided domain topology transactions and applies the certificates to the auth state

    Validates the provided domain topology transactions and applies the certificates to the auth state

    When receiving topology transactions we have to evaluate them and continuously apply any update to the namespace delegations or identifier delegations to the "head state".

    And we use that "head state" to verify if the transactions are authorized or not.

  38. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  39. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  40. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated @Deprecated
    Deprecated

Inherited from NamedLogging

Inherited from AnyRef

Inherited from Any

Ungrouped