c

com.digitalasset.canton.topology.processing

TopologyTransactionAuthorizationValidator

class TopologyTransactionAuthorizationValidator[+PureCrypto <: CryptoPureApi] extends NamedLogging with TransactionAuthorizationCache[PureCrypto]

validate topology transactions

NOT THREAD SAFE. Note that this class is not thread safe

we check three things:

  1. are the signatures valid
  2. are the signatures properly authorized
    1. load current set of authorized keys
    2. for each transaction, verify that the authorization keys are valid. a key is a valid authorization if there is a certificate chain that originates from the root certificate at the time when the transaction is added (one by one).
    3. if the transaction is a namespace, update its impact on the authorization set. This means that if we add or remove a namespace delegation, then we need to perform a cascading update that activates or deactivates states that depend on this delegation.
  3. finally, what we compute as the "authorized graph" is then used to compute the derived table of "namespace delegations"
Linear Supertypes
TransactionAuthorizationCache[PureCrypto], NamedLogging, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. TopologyTransactionAuthorizationValidator
  2. TransactionAuthorizationCache
  3. NamedLogging
  4. AnyRef
  5. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new TopologyTransactionAuthorizationValidator(pureCrypto: PureCrypto, store: TopologyStore[TopologyStoreId], validationIsFinal: Boolean, loggerFactory: NamedLoggerFactory)(implicit executionContext: ExecutionContext)

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @IntrinsicCandidate() @native()
  6. val decentralizedNamespaceCache: TrieMap[Namespace, Option[DecentralizedNamespaceAuthorizationGraph]]

    Invariants:

    Invariants:

    • If it stores ns -> Some(graph), then the graph corresponds to the active decentralized namespace delegation for ns. Moreover, for each owner o, the owner graph is namespaceCache(o).
    • If it stores ns -> None, then there is no decentralized namespace delegation active for ns.
    • If it stores ns -> Some(graph), then there is no direct namespace delegation active for ns.
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationCache
  7. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  8. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  9. implicit def errorLoggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  10. implicit val executionContext: ExecutionContext
    Definition Classes
    TopologyTransactionAuthorizationValidatorTransactionAuthorizationCache
  11. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @IntrinsicCandidate() @native()
  12. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @IntrinsicCandidate() @native()
  13. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  14. def loadNamespaceCaches(asOfExclusive: CantonTimestamp, namespaces: Set[Namespace])(implicit traceContext: TraceContext): FutureUnlessShutdown[Unit]
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationCache
  15. def logger: TracedLogger
    Attributes
    protected
    Definition Classes
    NamedLogging
  16. val loggerFactory: NamedLoggerFactory
    Definition Classes
    TopologyTransactionAuthorizationValidatorNamedLogging
  17. implicit def namedLoggingContext(implicit traceContext: TraceContext): NamedLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  18. val namespaceCache: TrieMap[Namespace, AuthorizationGraph]

    Invariants:

    Invariants:

    • If it stores ns -> graph, then graph consists of all active namespace delegations for ns.
    • If it stores ns -> graph and graph is non-empty, then there is no decentralized namespace delegation active for ns.
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationCache
  19. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  20. def noTracingLogger: Logger
    Attributes
    protected
    Definition Classes
    NamedLogging
  21. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @IntrinsicCandidate() @native()
  22. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @IntrinsicCandidate() @native()
  23. final def populateCaches(asOfExclusive: CantonTimestamp, toProcess: GenericTopologyTransaction, inStore: Option[GenericTopologyTransaction])(implicit traceContext: TraceContext): FutureUnlessShutdown[Unit]
    Definition Classes
    TransactionAuthorizationCache
  24. val pureCrypto: PureCrypto
    Definition Classes
    TopologyTransactionAuthorizationValidatorTransactionAuthorizationCache
  25. final def reset(): Unit
    Definition Classes
    TransactionAuthorizationCache
  26. val store: TopologyStore[TopologyStoreId]
    Definition Classes
    TopologyTransactionAuthorizationValidatorTransactionAuthorizationCache
  27. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  28. def toString(): String
    Definition Classes
    AnyRef → Any
  29. def tryGetAuthorizationCheckForNamespace(namespace: Namespace)(implicit traceContext: TraceContext): AuthorizationCheck
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationCache
  30. def tryGetAuthorizationGraphForNamespace(namespace: Namespace)(implicit traceContext: TraceContext): AuthorizationGraph
    Attributes
    protected
    Definition Classes
    TransactionAuthorizationCache
  31. def validateAndUpdateHeadAuthState(effectiveTime: CantonTimestamp, toValidate: GenericSignedTopologyTransaction, inStore: Option[GenericSignedTopologyTransaction], expectFullAuthorization: Boolean, transactionMayHaveMissingSigningKeySignatures: Boolean)(implicit traceContext: TraceContext): FutureUnlessShutdown[GenericValidatedTopologyTransaction]

    Validates the provided topology transactions and applies the certificates to the auth state

    Validates the provided topology transactions and applies the certificates to the auth state

    When receiving topology transactions we have to evaluate them and continuously apply any update to the namespace delegations to the "head state".

    And we use that "head state" to verify if the transactions are authorized or not.

    transactionMayHaveMissingSigningKeySignatures

    If set to true, the validation of the transaction does not consider missing signatures for extra keys (e.g. new signing keys for OwnerToKeyMapping) to be required for the transaction to become fully authorized. This flag allows importing legacy topology snapshots that contain topology transactions that did not require signatures for new signing keys.

  32. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  33. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  34. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated
    Deprecated

    (Since version 9)

Inherited from TransactionAuthorizationCache[PureCrypto]

Inherited from NamedLogging

Inherited from AnyRef

Inherited from Any

Ungrouped