RpcAuthInspectorAssertion

class RpcAuthInspectorAssertion(val timeout: Duration = 10.minutes, val nonceChecker: suspend (clientId: String, nonce: ByteString, expiration: Instant) -> RpcAuthInspectorAssertion.NonceAndSession = Companion::checkNonce, val clientLookup: suspend (clientId: String) -> DeviceAttestation? = Companion::getClientDeviceAttestation) : RpcAuthInspector

Implementation of RpcAuthInspector that requires each RPC call to be authorized with AssertionRpcAuth object signed by a secure device key (see DeviceAssertion). Authorization is only trusted by timeout duration. Nonce AssertionRpcAuth.nonce uniqueness is checked by nonceChecker and DeviceAttestation that is used to validate AssertionRpcAuth is looked up by the client id using clientLookup.

Constructors

constructor(timeout: Duration = 10.minutes, nonceChecker: suspend (clientId: String, nonce: ByteString, expiration: Instant) -> RpcAuthInspectorAssertion.NonceAndSession = Companion::checkNonce, clientLookup: suspend (clientId: String) -> DeviceAttestation? = Companion::getClientDeviceAttestation)

data class NonceAndSession(val nextNonce: ByteString, val sessionId: String)

val nonceChecker: suspend (clientId: String, nonce: ByteString, expiration: Instant) -> RpcAuthInspectorAssertion.NonceAndSession

open suspend override fun authCheck(target: String, method: String, payload: Bstr, authMessage: DataItem): RpcAuthContext

Checks RPC authorization.