multipaz/org.multipaz.rpc.handler/RpcAuthInspectorSignature

RpcAuthInspectorSignature

class RpcAuthInspectorSignature(val timeout: Duration = 10.minutes, val nonceChecker: suspend (clientId: String, nonce: ByteString, expiration: Instant) -> RpcNonceAndSession = RpcNonceAndSession::checkNonce, val certificateLookup: suspend (String) -> X509Cert) : RpcAuthInspector

Implementation of RpcAuthInspector that requires each RPC call to be authorized with AssertionRpcAuth object signed by a trusted well-known public key.

Constructors

constructor(timeout: Duration = 10.minutes, nonceChecker: suspend (clientId: String, nonce: ByteString, expiration: Instant) -> RpcNonceAndSession = RpcNonceAndSession::checkNonce, certificateLookup: suspend (String) -> X509Cert)

Types

Companion

object Companion

Properties

certificateLookup

val certificateLookup: suspend (String) -> X509Cert

function that returns certificate with the public key that is used to validate message signature (directly or through the certificate chain, if it is included in the message).

nonceChecker

val nonceChecker: suspend (clientId: String, nonce: ByteString, expiration: Instant) -> RpcNonceAndSession

function that validates nonce AssertionRpcAuth.nonce

timeout

val timeout: Duration

authorization is only trusted for this duration

Functions

authCheck

open suspend override fun authCheck(target: String, method: String, payload: Bstr, authMessage: DataItem): RpcAuthContext

Checks RPC authorization.