com.digitalasset.canton.participant.protocol.validation
RecipientsValidator
Companion object RecipientsValidator
class RecipientsValidator[I] extends NamedLogging
- Alphabetic
- By Inheritance
- RecipientsValidator
- NamedLogging
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new RecipientsValidator(viewOfInput: (I) => ViewTree, recipientsOfInput: (I) => Recipients, loggerFactory: NamedLoggerFactory)(implicit executionContext: ExecutionContext)
Type Members
- class RecipientsValidatorErrors extends AnyRef
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @IntrinsicCandidate() @native()
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def equals(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef → Any
- implicit def errorLoggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @IntrinsicCandidate() @native()
- def hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @IntrinsicCandidate() @native()
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- def logger: TracedLogger
- Attributes
- protected
- Definition Classes
- NamedLogging
- val loggerFactory: NamedLoggerFactory
- Attributes
- protected
- Definition Classes
- RecipientsValidator → NamedLogging
- implicit def namedLoggingContext(implicit traceContext: TraceContext): NamedLoggingContext
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- def noTracingLogger: Logger
- Attributes
- protected
- Definition Classes
- NamedLogging
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @IntrinsicCandidate() @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @IntrinsicCandidate() @native()
- def retainInputsWithValidRecipients(requestId: RequestId, inputs: Seq[I], sequencingSnapshot: PartyTopologySnapshotClient, submissionSnapshotO: Option[PartyTopologySnapshotClient])(implicit traceContext: TraceContext): FutureUnlessShutdown[(Seq[WrongRecipientsBase], Seq[I])]
Checks the recipients of all inputs and discards inputs corresponding to views with invalid recipients.
Checks the recipients of all inputs and discards inputs corresponding to views with invalid recipients. Also reports a security alert on invalid recipients.
Effectively, the method tries to establish consensus on whether the recipients of an input are valid, and if consensus cannot be established, then the input is discarded. So an input may even be discarded, if its recipients are valid (but not every recipient knows about this).
A view v will be kept iff there is a path rp through the recipients tree (ordered leaf to root) such that the following conditions hold:
- Every informee of the view is hosted by an active participant.
- Every informee participant of the view v is declared as a recipient of v in the first element of rp.
- For every descendant v2 of v and every informee participant p of v, the participant p is declared as recipient of v2. Thereby, if v2 and v have distance d, then participant p needs to be declared at element d+1 in rp.
- Every descendant of v also meets Conditions 1-3 with the same path rp.
Why does this give us transparency? If an informee participant p1 keeps a view v, then:
- Every informee of the view v is hosted by an active participant.
- Every informee participant of v has received v.
- Every informee participant of v has received every descendant of v.
- Every informee participant of v can evaluate the above conditions 1-4 for v and will conclude that v should be kept.
As for all other validations, the recipients validation is performed using the topology effective at the sequencing time of the request. The submitter, however, creates the request using the latest topology available locally. Therefore, it is possible that a change in topology between submission and sequencing time results in errors detected by the recipients validator: for example, a party can be newly or no longer hosted on a participant, thereby affecting the recipients. These situations are quite common on a busy network with concurrent changes, and logging them at a high severity is overkill and possibly confusing. Therefore, if the errors detected can possibly be attributed to a change in the topology, we perform the check again using the topology at submission time. If no error occurs then, the original errors are logged at a lower severity. Note that the *outcome* of the validation is itself not affected: in other words, the request will still be rejected. The only change is the severity of the logs.
- returns
errors for the incorrect recipients and inputs with valid recipients
- Exceptions thrown
java.lang.IllegalArgumentExceptionif the views corresponding to inputs have different root hashes
- def retainInputsWithValidRecipientsInternal(requestId: RequestId, inputs: Seq[I], snapshot: PartyTopologySnapshotClient)(implicit traceContext: TraceContext): FutureUnlessShutdown[(Seq[WrongRecipients], Seq[I], RecipientsValidatorErrors)]
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- def toString(): String
- Definition Classes
- AnyRef → Any
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])