final case class SessionSigningKeysConfig(enabled: Boolean, keyValidityDuration: PositiveDurationSeconds = PositiveDurationSeconds.ofMinutes(5), cutOffDuration: PositiveDurationSeconds = PositiveDurationSeconds.ofSeconds(30), keyEvictionPeriod: PositiveDurationSeconds = PositiveDurationSeconds.ofMinutes(10), signingAlgorithmSpec: SigningAlgorithmSpec = SigningAlgorithmSpec.Ed25519, signingKeySpec: SigningKeySpec = SigningKeySpec.EcCurve25519) extends PrettyPrinting with UniformCantonConfigValidation with Product with Serializable
Configuration for enabling session signing keys with a specified validity period. This setting is applicable only when using a KMS provider with externally stored keys.
- enabled
Enables the usage of session signing keys in the protocol.
- keyValidityDuration
Specifies the validity duration for each session signing key. Its lifespan should be configured to be at least as long as the participant's response timeout. This ensures that, in the event of a crash, the participant can generate a new session signing key while still being able to serve confirmation responses for requests received before the crash. Since the response's signature will rely on the topology snapshot from the request's original timestamp (i.e., pre-crash), the key should remain valid at least until that request has timed out.
- cutOffDuration
A cut-off duration that defines how long before the session key expires we stop using it. This is important because a participant uses this key to sign submission requests, but the timestamp assigned by the sequencer is unknown in advance. Since the sequencer and other protocol participants use this timestamp to verify the delegation’s validity, if a new session signing key is only created after the previous key's validity period expires, multiple submissions may fail signature verification because their sequencing timestamps exceed the validity period. The configured baseline is based on the maximum expected time to generate and sign a new delegation.
- keyEvictionPeriod
This defines how long the private session signing key remains in memory. This is distinct from the validity period in the sense that we can be asked to sign arbitrarily old timestamps, and so we want to persist the key for longer times so we can re-use it. The eviction period should be longer than keyValidityDuration and at least as long as the majority of confirmation request decision latencies (for the mediator) or confirmation request response latencies (for participants).
- signingAlgorithmSpec
Defines the signing algorithm when using session signing keys. It defaults to Ed25519.
- signingKeySpec
Defines the key scheme to use for the session signing keys. It defaults to EcCurve25519. Both algorithm and key scheme must be supported and allowed by the node.
- Alphabetic
- By Inheritance
- SessionSigningKeysConfig
- Serializable
- Product
- Equals
- UniformCantonConfigValidation
- CustomCantonConfigValidation
- CantonConfigValidation
- PrettyPrinting
- PrettyUtil
- ShowUtil
- ShowSyntax
- ToShowOps
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new SessionSigningKeysConfig(enabled: Boolean, keyValidityDuration: PositiveDurationSeconds = PositiveDurationSeconds.ofMinutes(5), cutOffDuration: PositiveDurationSeconds = PositiveDurationSeconds.ofSeconds(30), keyEvictionPeriod: PositiveDurationSeconds = PositiveDurationSeconds.ofMinutes(10), signingAlgorithmSpec: SigningAlgorithmSpec = SigningAlgorithmSpec.Ed25519, signingKeySpec: SigningKeySpec = SigningKeySpec.EcCurve25519)
- enabled
Enables the usage of session signing keys in the protocol.
- keyValidityDuration
Specifies the validity duration for each session signing key. Its lifespan should be configured to be at least as long as the participant's response timeout. This ensures that, in the event of a crash, the participant can generate a new session signing key while still being able to serve confirmation responses for requests received before the crash. Since the response's signature will rely on the topology snapshot from the request's original timestamp (i.e., pre-crash), the key should remain valid at least until that request has timed out.
- cutOffDuration
A cut-off duration that defines how long before the session key expires we stop using it. This is important because a participant uses this key to sign submission requests, but the timestamp assigned by the sequencer is unknown in advance. Since the sequencer and other protocol participants use this timestamp to verify the delegation’s validity, if a new session signing key is only created after the previous key's validity period expires, multiple submissions may fail signature verification because their sequencing timestamps exceed the validity period. The configured baseline is based on the maximum expected time to generate and sign a new delegation.
- keyEvictionPeriod
This defines how long the private session signing key remains in memory. This is distinct from the validity period in the sense that we can be asked to sign arbitrarily old timestamps, and so we want to persist the key for longer times so we can re-use it. The eviction period should be longer than keyValidityDuration and at least as long as the majority of confirmation request decision latencies (for the mediator) or confirmation request response latencies (for participants).
- signingAlgorithmSpec
Defines the signing algorithm when using session signing keys. It defaults to Ed25519.
- signingKeySpec
Defines the key scheme to use for the session signing keys. It defaults to EcCurve25519. Both algorithm and key scheme must be supported and allowed by the node.
Type Members
- implicit class ShowAnyRefSyntax extends AnyRef
- Definition Classes
- ShowUtil
- implicit class ShowEitherSyntax[L, R] extends AnyRef
Enables the syntax
show"${myEither.showMerged}".Enables the syntax
show"${myEither.showMerged}".- Definition Classes
- ShowUtil
- implicit class ShowLengthLimitedStringSyntax extends StringOperators
- Definition Classes
- ShowUtil
- implicit class ShowLengthLimitedStringWrapperSyntax extends StringOperators
- Definition Classes
- ShowUtil
- implicit class ShowOptionSyntax[T] extends AnyRef
- Definition Classes
- ShowUtil
- implicit class ShowProductSyntax extends AnyRef
- Definition Classes
- ShowUtil
- Annotations
- @SuppressWarnings()
- implicit class ShowStringSyntax extends StringOperators
- Definition Classes
- ShowUtil
- implicit class ShowTraversableSyntax[T] extends AnyRef
Enables syntax like
show"Found several elements: ${myCollection.mkShow()}".Enables syntax like
show"Found several elements: ${myCollection.mkShow()}".- Definition Classes
- ShowUtil
- abstract class StringOperators extends AnyRef
Enables syntax like:
Enables syntax like:
show"This is a string: ${myString.doubleQuoted}"and:
show"This is a hash: ${myHash.readableHash}"- Definition Classes
- ShowUtil
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- def adHocPrettyInstance[T <: Product](implicit c: ClassTag[T]): Pretty[T]
Use this as a temporary solution, to make the code compile during an ongoing migration.
Use this as a temporary solution, to make the code compile during an ongoing migration. Drawbacks:
- Instances of
Pretty[T]are ignored. - No parameter names
- Definition Classes
- PrettyUtil
- Instances of
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @IntrinsicCandidate() @native()
- def customParam[T](getValue: (T) => String, cond: (T) => Boolean = (_: T) => true): (T) => Option[Tree]
Use this if you need a custom representation of a parameter.
Use this if you need a custom representation of a parameter. Do not use this to create lengthy strings, as line wrapping is not supported.
- Definition Classes
- PrettyUtil
- val cutOffDuration: PositiveDurationSeconds
- final def doValidate(edition: CantonEdition): Seq[CantonConfigValidationError]
Returns all validation errors that are specific to this Canton configuration class.
Returns all validation errors that are specific to this Canton configuration class. Successful validation should return an empty sequence.
Validation errors of subconfigurations should not be reported by this method, but via the type class derivation.
- Attributes
- protected
- Definition Classes
- UniformCantonConfigValidation → CustomCantonConfigValidation
- val enabled: Boolean
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @IntrinsicCandidate() @native()
- def indicateOmittedFields[T]: (T) => Option[Tree]
Use this to indicate that you've omitted fields from pretty printing
Use this to indicate that you've omitted fields from pretty printing
- Definition Classes
- PrettyUtil
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- val keyEvictionPeriod: PositiveDurationSeconds
- val keyValidityDuration: PositiveDurationSeconds
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @IntrinsicCandidate() @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @IntrinsicCandidate() @native()
- def param[T, V](name: String, getValue: (T) => V, cond: (T) => Boolean = (_: T) => true)(implicit arg0: Pretty[V]): (T) => Option[Tree]
A tree representing both parameter name and value.
A tree representing both parameter name and value.
- Definition Classes
- PrettyUtil
- def paramIfDefined[T, V](name: String, getValue: (T) => Option[V])(implicit arg0: Pretty[V]): (T) => Option[Tree]
- Definition Classes
- PrettyUtil
- def paramIfNonEmpty[T, V <: IterableOnce[_]](name: String, getValue: (T) => V)(implicit arg0: Pretty[V]): (T) => Option[Tree]
- Definition Classes
- PrettyUtil
- def paramIfNotDefault[T, V](name: String, getValue: (T) => V, default: V)(implicit arg0: Pretty[V]): (T) => Option[Tree]
A tree only written if not matching the default value
A tree only written if not matching the default value
- Definition Classes
- PrettyUtil
- def paramIfTrue[T](label: String, getValue: (T) => Boolean): (T) => Option[Tree]
- Definition Classes
- PrettyUtil
- def paramWithoutValue[T](name: String, cond: (T) => Boolean = (_: T) => true): (T) => Option[Tree]
A tree representing a parameter name without a parameter value.
A tree representing a parameter name without a parameter value. Use this for parameters storing confidential or binary data.
- Definition Classes
- PrettyUtil
- def pretty: Pretty[SessionSigningKeysConfig]
Indicates how to pretty print this instance.
Indicates how to pretty print this instance. See
PrettyPrintingTestfor examples on how to implement this method.- Attributes
- protected
- Definition Classes
- SessionSigningKeysConfig → PrettyPrinting
- def prettyInfix[T]: PrettyInfixPartiallyApplied[T]
- Definition Classes
- PrettyUtil
- def prettyNode[T](label: String, children: (T) => Option[Tree]*): Pretty[T]
A tree consisting of a labelled node with the given children.
A tree consisting of a labelled node with the given children.
- Definition Classes
- PrettyUtil
- def prettyOfClass[T](getParamTrees: (T) => Option[Tree]*): Pretty[T]
A tree representing the type name and parameter trees.
A tree representing the type name and parameter trees.
- Definition Classes
- PrettyUtil
- def prettyOfClassWithName[T](name: String)(getParamTrees: (T) => Option[Tree]*): Pretty[T]
Like prettyOfClass, except takes an explicit name for the class.
Like prettyOfClass, except takes an explicit name for the class.
- Definition Classes
- PrettyUtil
- def prettyOfObject[T <: Product]: Pretty[T]
A tree presenting the type name only.
A tree presenting the type name only. (E.g., for case objects.)
- Definition Classes
- PrettyUtil
- def prettyOfParam[T, V](getValue: (T) => V)(implicit arg0: Pretty[V]): Pretty[T]
Use this to give a class with a singleton parameter the same pretty representation as the parameter.
Use this to give a class with a singleton parameter the same pretty representation as the parameter.
- Definition Classes
- PrettyUtil
- def prettyOfString[T](toString: (T) => String): Pretty[T]
Creates a pretty instance from a string function.
Creates a pretty instance from a string function. Do not use this with lengthy strings, as line wrapping is not supported.
- Definition Classes
- PrettyUtil
- def productElementNames: Iterator[String]
- Definition Classes
- Product
- implicit final def showInterpolator(sc: StringContext): ShowInterpolator
- Definition Classes
- ShowSyntax
- implicit def showPretty[T](implicit arg0: Pretty[T]): Show[T]
Enables the syntax
show"This object is pretty: $myPrettyType".Enables the syntax
show"This object is pretty: $myPrettyType".- Definition Classes
- ShowUtil
- val signingAlgorithmSpec: SigningAlgorithmSpec
- val signingKeySpec: SigningKeySpec
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- implicit def toShow[A](target: A)(implicit tc: Show[A]): Ops[A]
- Definition Classes
- ToShowOps
- final def toString(): String
Yields a readable string representation based on com.digitalasset.canton.logging.pretty.Pretty.DefaultPprinter.
Yields a readable string representation based on com.digitalasset.canton.logging.pretty.Pretty.DefaultPprinter.
Finalto avoid accidental overwriting.- Definition Classes
- PrettyPrinting → AnyRef → Any
- def unnamedParam[T, V](getValue: (T) => V, cond: (T) => Boolean = (_: T) => true)(implicit arg0: Pretty[V]): (T) => Option[Tree]
A tree representing a parameter value without a parameter name.
A tree representing a parameter value without a parameter name.
- Definition Classes
- PrettyUtil
- def unnamedParamIfDefined[T, V](getValue: (T) => Option[V])(implicit arg0: Pretty[V]): (T) => Option[Tree]
- Definition Classes
- PrettyUtil
- def unnamedParamIfNonEmpty[T, V <: IterableOnce[_]](getValue: (T) => V)(implicit arg0: Pretty[V]): (T) => Option[Tree]
- Definition Classes
- PrettyUtil
- final def validate[T >: SessionSigningKeysConfig.this.type](edition: CantonEdition)(implicit validator: CantonConfigValidator[T]): Either[NonEmpty[Seq[CantonConfigValidationError]], Unit]
- Definition Classes
- CantonConfigValidation
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])