Packages

class MemberAuthenticationService extends NamedLogging with FlagCloseable with TopologyTransactionProcessingSubscriber

The authentication service issues tokens to members after they have successfully completed the following challenge response protocol and after they have accepted the service agreement of the domain. The tokens are required for connecting to the sequencer.

In order for a member to subscribe to the sequencer, it must follow a few steps for it to authenticate. Assuming the domain already has knowledge of the member's public keys, the following steps are to be taken:

  1. member sends request to the domain for authenticating 2. domain returns a nonce (a challenge random number) 3. member takes the nonce, concatenates it with the identity of the domain, signs it and sends it back 4. domain checks the signature against the key of the member. if it matches, create a token and return it 5. member will use the token when subscribing to the sequencer
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. MemberAuthenticationService
  2. TopologyTransactionProcessingSubscriber
  3. FlagCloseable
  4. AutoCloseable
  5. NamedLogging
  6. AnyRef
  7. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new MemberAuthenticationService(domain: DomainId, cryptoApi: DomainSyncCryptoClient, store: MemberAuthenticationStore, agreementManager: Option[ServiceAgreementManager], clock: Clock, nonceExpirationTime: Duration, tokenExpirationTime: Duration, invalidateMemberCallback: (Traced[Member]) => Unit, isTopologyInitialized: Future[Unit], timeouts: ProcessingTimeout, loggerFactory: NamedLoggerFactory, auditLogger: TracedLogger)(implicit ec: ExecutionContext)

    invalidateMemberCallback

    Called when a member is explicitly deactivated on the domain so all active subscriptions for this member should be terminated.

Type Members

  1. case class ReaderState(count: Int, readers: MultiSet[String]) extends Product with Serializable
    Definition Classes
    FlagCloseable

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @HotSpotIntrinsicCandidate()
  6. final def close(): Unit

    Blocks until all earlier tasks have completed and then prevents further tasks from being run.

    Blocks until all earlier tasks have completed and then prevents further tasks from being run.

    Definition Classes
    FlagCloseable → AutoCloseable
    Annotations
    @SuppressWarnings()
  7. def closingTimeout: FiniteDuration
    Attributes
    protected
    Definition Classes
    FlagCloseable
  8. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  9. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  10. implicit def errorLoggingContext(implicit traceContext: TraceContext): ErrorLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  11. def generateNonce(member: Member)(implicit traceContext: TraceContext): EitherT[Future, AuthenticationError, (Nonce, NonEmpty[Seq[Fingerprint]])]

    Domain generates nonce that he expects the participant to use to concatenate with the domain's id and sign to proceed with the authentication (step 2).

  12. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  13. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  14. def internalPerformUnlessClosingF[A](name: String)(f: => Future[A])(implicit ec: ExecutionContext, traceContext: TraceContext): UnlessShutdown[Future[A]]
    Attributes
    protected
    Definition Classes
    FlagCloseable
  15. def isClosing: Boolean

    Check whether we're closing.

    Check whether we're closing. Susceptible to race conditions; unless you're using using this as a flag to the retry lib or you really know what you're doing, prefer performUnlessClosing and friends.

    Definition Classes
    FlagCloseable
  16. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  17. def isParticipantActive(participant: ParticipantId)(implicit traceContext: TraceContext): Future[Boolean]
    Attributes
    protected
  18. def keepTrackOfOpenFutures: Boolean

    track running futures on shutdown

    track running futures on shutdown

    set to true to get detailed information about all futures that did not complete during shutdown. if set to false, we don't do anything.

    Attributes
    protected
    Definition Classes
    FlagCloseable
  19. def logger: TracedLogger
    Attributes
    protected
    Definition Classes
    NamedLogging
  20. val loggerFactory: NamedLoggerFactory
  21. def maxSleepMillis: Long
    Attributes
    protected
    Definition Classes
    FlagCloseable
  22. implicit def namedLoggingContext(implicit traceContext: TraceContext): NamedLoggingContext
    Attributes
    protected
    Definition Classes
    NamedLogging
  23. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  24. def noTracingLogger: Logger
    Attributes
    protected
    Definition Classes
    NamedLogging
  25. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  26. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  27. def observed(sequencerTimestamp: SequencedTime, effectiveTimestamp: EffectiveTime, sc: SequencerCounter, transactions: Seq[SignedTopologyTransaction[TopologyChangeOp]])(implicit traceContext: TraceContext): FutureUnlessShutdown[Unit]

    domain topology client subscriber used to remove member tokens if they get disabled

    domain topology client subscriber used to remove member tokens if they get disabled

    Definition Classes
    MemberAuthenticationServiceTopologyTransactionProcessingSubscriber
  28. def onClosed(): Unit
  29. def performUnlessClosing[A](name: String)(f: => A)(implicit traceContext: TraceContext): UnlessShutdown[A]

    Performs the task given by f unless a shutdown has been initiated.

    Performs the task given by f unless a shutdown has been initiated. The shutdown will only begin after f completes, but other tasks may execute concurrently with f, if started using this function, or one of the other variants (performUnlessClosingF and performUnlessClosingEitherT). The tasks are assumed to take less than closingTimeout to complete.

    DO NOT CALL this.close as part of f, because it will result in a deadlock.

    f

    The task to perform

    returns

    scala.None$ if a shutdown has been initiated. Otherwise the result of the task.

    Definition Classes
    FlagCloseable
  30. def performUnlessClosingCheckedT[A, N, R](name: String, onClosing: Checked[A, N, R])(etf: => CheckedT[Future, A, N, R])(implicit ec: ExecutionContext, traceContext: TraceContext): CheckedT[Future, A, N, R]
    Definition Classes
    FlagCloseable
  31. def performUnlessClosingEitherT[E, R](name: String, onClosing: => E)(etf: => EitherT[Future, E, R])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[Future, E, R]

    Performs the EitherT[Future] given by etf unless a shutdown has been initiated, in which case the provided error is returned instead.

    Performs the EitherT[Future] given by etf unless a shutdown has been initiated, in which case the provided error is returned instead. Both etf and the error are lazy; etf is only evaluated if there is no shutdown, the error only if we're shutting down. The shutdown will only begin after etf completes, but other tasks may execute concurrently with etf, if started using this function, or one of the other variants (performUnlessClosing and performUnlessClosingF). The tasks are assumed to take less than closingTimeout to complete.

    DO NOT CALL this.close as part of etf, because it will result in a deadlock.

    etf

    The task to perform

    Definition Classes
    FlagCloseable
  32. def performUnlessClosingEitherTF[E, R](name: String, onClosing: => E)(etf: => EitherT[Future, E, Future[R]])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[Future, E, Future[R]]
    Definition Classes
    FlagCloseable
  33. def performUnlessClosingEitherU[E, R](name: String)(etf: => EitherT[Future, E, R])(implicit ec: ExecutionContext, traceContext: TraceContext): EitherT[FutureUnlessShutdown, E, R]
    Definition Classes
    FlagCloseable
  34. def performUnlessClosingF[A](name: String)(f: => Future[A])(implicit ec: ExecutionContext, traceContext: TraceContext): FutureUnlessShutdown[A]

    Performs the Future given by f unless a shutdown has been initiated.

    Performs the Future given by f unless a shutdown has been initiated. The future is lazy and not evaluated during shutdown. The shutdown will only begin after f completes, but other tasks may execute concurrently with f, if started using this function, or one of the other variants (performUnlessClosing and performUnlessClosingEitherT). The tasks are assumed to take less than closingTimeout to complete.

    DO NOT CALL this.close as part of f, because it will result in a deadlock.

    f

    The task to perform

    returns

    The future completes with com.digitalasset.canton.lifecycle.UnlessShutdown.AbortedDueToShutdown if a shutdown has been initiated. Otherwise the result of the task wrapped in com.digitalasset.canton.lifecycle.UnlessShutdown.Outcome.

    Definition Classes
    FlagCloseable
  35. def performUnlessClosingUSF[A](name: String)(f: => FutureUnlessShutdown[A])(implicit ec: ExecutionContext, traceContext: TraceContext): FutureUnlessShutdown[A]
    Definition Classes
    FlagCloseable
  36. def runOnShutdown[T](task: RunOnShutdown)(implicit traceContext: TraceContext): Unit

    Register a task to run when shutdown is initiated.

    Register a task to run when shutdown is initiated.

    You can use this for example to register tasks that cancel long-running computations, whose termination you can then wait for in "closeAsync".

    Definition Classes
    FlagCloseable
  37. def runStateChanged(waitingState: Boolean = false): Unit
    Attributes
    protected
    Definition Classes
    FlagCloseable
    Annotations
    @VisibleForTesting()
  38. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  39. val timeouts: ProcessingTimeout
  40. def toString(): String
    Definition Classes
    AnyRef → Any
  41. def updateHead(effectiveTimestamp: EffectiveTime, approximateTimestamp: ApproximateTime, potentialTopologyChange: Boolean)(implicit traceContext: TraceContext): Unit

    Inform the subscriber about non-idm changes (mostly about the timestamp)

    Inform the subscriber about non-idm changes (mostly about the timestamp)

    Definition Classes
    MemberAuthenticationServiceTopologyTransactionProcessingSubscriber
  42. def validateSignature(member: Member, signature: Signature, providedNonce: Nonce)(implicit traceContext: TraceContext): EitherT[Future, AuthenticationError, AuthenticationTokenWithExpiry]

    Domain checks that the signature given by the member matches and returns a token if it does (step 4) Al

  43. def validateToken(intendedDomain: DomainId, member: Member, token: AuthenticationToken)(implicit traceContext: TraceContext): EitherT[Future, AuthenticationError, StoredAuthenticationToken]

    Domain checks if the token given by the participant is the one previously assigned to it for authentication.

    Domain checks if the token given by the participant is the one previously assigned to it for authentication. The participant also provides the domain id for which they think they are connecting to. If this id does not match this domain's id, it means the participant was previously connected to a different domain on the same address and now should be informed that this address now hosts a different domain.

  44. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  45. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  46. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  47. object ReaderState extends Serializable
    Definition Classes
    FlagCloseable

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated
    Deprecated

Inherited from FlagCloseable

Inherited from AutoCloseable

Inherited from NamedLogging

Inherited from AnyRef

Inherited from Any

Ungrouped