multipaz/org.multipaz.rpc.handler/RpcAuthInspectorAssertion

RpcAuthInspectorAssertion

class RpcAuthInspectorAssertion(val timeout: Duration = 10.minutes, val nonceChecker: suspend (clientId: String, nonce: ByteString, expiration: Instant) -> RpcNonceAndSession = RpcNonceAndSession::checkNonce, val clientLookup: suspend (clientId: String) -> DeviceAttestation? = Companion::getClientDeviceAttestation) : RpcAuthInspector

Implementation of RpcAuthInspector that requires each RPC call to be authorized with AssertionRpcAuth object signed by a secure device key (see DeviceAssertion). Authorization is only trusted by timeout duration. Nonce AssertionRpcAuth.nonce uniqueness is checked by nonceChecker and DeviceAttestation that is used to validate AssertionRpcAuth is looked up by the client id using clientLookup.

Constructors

constructor(timeout: Duration = 10.minutes, nonceChecker: suspend (clientId: String, nonce: ByteString, expiration: Instant) -> RpcNonceAndSession = RpcNonceAndSession::checkNonce, clientLookup: suspend (clientId: String) -> DeviceAttestation? = Companion::getClientDeviceAttestation)

Types

Companion

object Companion

Properties

clientLookup

val clientLookup: suspend (clientId: String) -> DeviceAttestation?

nonceChecker

val nonceChecker: suspend (clientId: String, nonce: ByteString, expiration: Instant) -> RpcNonceAndSession

timeout

val timeout: Duration

Functions

authCheck

open suspend override fun authCheck(target: String, method: String, payload: Bstr, authMessage: DataItem): RpcAuthContext

Checks RPC authorization.