c

com.digitalasset.canton.topology.processing

TopologyManagerSigningKeyDetection

class TopologyManagerSigningKeyDetection[+PureCrypto <: CryptoPureApi] extends TransactionAuthorizationCache[PureCrypto] with NamedLogging

Component that determines the signing keys both relevant for the transaction and available on the node.

The selection rules are as follows:

General objectives:

  • the selected keys must be in the node's private crypto store
  • if possible, select a key other than the root certificate key

For namespaces: select the key with the longest certificate chain from the root certificate. This way we always favor keys that are not the root certificate key. We define chainLength(ns, k) as number of namespace delegations required to construct a valid certificate chain from the root certificate of namespace ns to the target key k.

If there are multiple keys with the same chainLength, sort the keys lexicographically and take the last one. While this decision is arbitrary (because there is no other criteria easily available), it is deterministic.

Example:

Given:

  • NSD(ns1, target k1, signedBy = k1) // root certificate
  • NSD(ns1, target = k2, signedBy = k1)
  • NSD(ns1, target = k3, signedBy = k2)

Then:

  • chainLength(ns1, k1) = 1
  • chainLength(ns1, k2) = 2
  • chainLength(ns1, k3) = 3

For decentralized namespaces: apply the mechanism used for determining keys for namespaces separately for each of the decentralized namespace owners' namespace.

If there are multiple keys with the same chainLength, sort the keys lexicographically and take the last one. While this decision is arbitrary (because there is no other criteria easily available), it is deterministic.

Linear Supertypes
NamedLogging, TransactionAuthorizationCache[PureCrypto], AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. TopologyManagerSigningKeyDetection
  2. NamedLogging
  3. TransactionAuthorizationCache
  4. AnyRef
  5. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new TopologyManagerSigningKeyDetection(store: TopologyStore[TopologyStoreId], pureCrypto: PureCrypto, cryptoPrivateStore: CryptoPrivateStore, loggerFactory: NamedLoggerFactory)(implicit executionContext: ExecutionContext)

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @IntrinsicCandidate() @native()
  6. val cryptoPrivateStore: CryptoPrivateStore
    Attributes
    protected
  7. val decentralizedNamespaceCache: TrieMap[Namespace, Option[DecentralizedNamespaceAuthorizationGraph]]

    Invariants:

    Invariants:

    • If it stores ns -> Some(graph), then the graph corresponds to the active decentralized namespace delegation for ns. Moreover, for each owner o, the owner graph is namespaceCache(o).
    • If it stores ns -> None, then there is no decentralized namespace delegation active for ns.
    • If it stores ns -> Some(graph), then there is no direct namespace delegation active for ns.
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationCache
  8. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  9. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  10. implicit def errorLoggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  11. implicit val executionContext: ExecutionContext
    Definition Classes
    TopologyManagerSigningKeyDetectionTransactionAuthorizationCache
  12. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @IntrinsicCandidate() @native()
  13. def getValidSigningKeysForTransaction(asOfExclusive: CantonTimestamp, toSign: GenericTopologyTransaction, inStore: Option[GenericTopologyTransaction], returnAllValidKeys: Boolean)(implicit traceContext: TraceContext): EitherT[FutureUnlessShutdown, TopologyManagerError, (ReferencedAuthorizations, Seq[Fingerprint])]

    asOfExclusive

    the timestamp used to query topology state

    toSign

    the topology transaction to sign

    inStore

    the latest fully authorized topology transaction with the same unique key as toSign

    returnAllValidKeys

    if true, returns all keys that can be used to sign. if false, only returns the most specific keys per namespace/uid.

    returns

    fingerprints of keys the node can use to sign the topology transaction toSign

  14. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @IntrinsicCandidate() @native()
  15. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  16. def loadNamespaceCaches(asOfExclusive: CantonTimestamp, namespaces: Set[Namespace])(implicit traceContext: TraceContext): FutureUnlessShutdown[Unit]
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationCache
  17. def logger: TracedLogger
    Attributes
    protected
    Definition Classes
    NamedLogging
  18. val loggerFactory: NamedLoggerFactory
    Definition Classes
    TopologyManagerSigningKeyDetectionNamedLogging
  19. implicit def namedLoggingContext(implicit traceContext: TraceContext): NamedLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  20. val namespaceCache: TrieMap[Namespace, AuthorizationGraph]

    Invariants:

    Invariants:

    • If it stores ns -> graph, then graph consists of all active namespace delegations for ns.
    • If it stores ns -> graph and graph is non-empty, then there is no decentralized namespace delegation active for ns.
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationCache
  21. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  22. def noTracingLogger: Logger
    Attributes
    protected
    Definition Classes
    NamedLogging
  23. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @IntrinsicCandidate() @native()
  24. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @IntrinsicCandidate() @native()
  25. final def populateCaches(asOfExclusive: CantonTimestamp, toProcess: GenericTopologyTransaction, inStore: Option[GenericTopologyTransaction])(implicit traceContext: TraceContext): FutureUnlessShutdown[Unit]
    Definition Classes
    TransactionAuthorizationCache
  26. val pureCrypto: PureCrypto
    Attributes
    protected
    Definition Classes
    TopologyManagerSigningKeyDetectionTransactionAuthorizationCache
  27. final def reset(): Unit
    Definition Classes
    TransactionAuthorizationCache
  28. val store: TopologyStore[TopologyStoreId]
    Attributes
    protected[processing]
    Definition Classes
    TopologyManagerSigningKeyDetectionTransactionAuthorizationCache
  29. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  30. def toString(): String
    Definition Classes
    AnyRef → Any
  31. def tryGetAuthorizationCheckForNamespace(namespace: Namespace)(implicit traceContext: TraceContext): AuthorizationCheck
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationCache
  32. def tryGetAuthorizationGraphForNamespace(namespace: Namespace)(implicit traceContext: TraceContext): AuthorizationGraph
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationCache
  33. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  34. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  35. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated
    Deprecated

    (Since version 9)

Inherited from NamedLogging

Inherited from TransactionAuthorizationCache[PureCrypto]

Inherited from AnyRef

Inherited from Any

Ungrouped