Interface IdentityService
-
- All Implemented Interfaces:
@DoNotImplement() public interface IdentityService
An identity service maintains a directory of parties by their associated distinguished name/public keys and thus supports lookup of a party given its key, or name. The service also manages the certificates linking confidential identities back to the well known identity.
Well known identities in Corda are the public identity of a party, registered with the network map directory, whereas confidential identities are distributed only on a need to know basis (typically between parties in a transaction being built). See NetworkMapCache for retrieving well known identities from the network map.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description public class
IdentityService.Companion
-
Method Summary
Modifier and Type Method Description abstract PartyAndCertificate
verifyAndRegisterIdentity(PartyAndCertificate identity)
Verify and then store an identity. Unit
assertOwnership(Party party, AnonymousParty anonymousParty)
Asserts that an anonymous party maps to the given full party, by looking up the certificate chain associated with the anonymous party and resolving it back to the given full party. abstract Iterable<PartyAndCertificate>
getAllIdentities()
Get all identities known to the service. abstract PartyAndCertificate
certificateFromKey(PublicKey owningKey)
Resolves a public key to the well known identity PartyAndCertificate instance which is owned by the key. abstract Party
partyFromKey(PublicKey key)
Converts an owning PublicKey to the X500Name extended Party object if the Party has been previously registered with the IdentityService either as a well known network map identity, or as a part of flows creating and exchanging the identity. abstract Party
wellKnownPartyFromX500Name(CordaX500Name name)
Resolves a party name to the well known identity Party instance for this name. Party
wellKnownPartyFromAnonymous(AbstractParty party)
Resolves a (optionally) confidential identity to the corresponding well known identity Party. Party
wellKnownPartyFromAnonymous(PartyAndReference partyRef)
Resolves a (optionally) confidential identity to the corresponding well known identity Party. Party
requireWellKnownPartyFromAnonymous(AbstractParty party)
Resolve the well known identity of a party. abstract Set<Party>
partiesFromName(String query, Boolean exactMatch)
Returns a list of candidate matches for a given string, with optional fuzzy(ish) matching. abstract Unit
registerKey(PublicKey publicKey, Party party, UUID externalId)
Registers a mapping in the database between the provided PublicKey and Party if one does not already exist. abstract UUID
externalIdForPublicKey(PublicKey publicKey)
This method allows lookups of PublicKeys to an associated "external ID" / UUID. abstract Iterable<PublicKey>
publicKeysForExternalId(UUID externalId)
This method returns all the PublicKeys which have been mapped to the supplied external ID. abstract X509Certificate
getTrustRoot()
abstract TrustAnchor
getTrustAnchor()
abstract CertStore
getCaCertStore()
-
-
Method Detail
-
verifyAndRegisterIdentity
abstract PartyAndCertificate verifyAndRegisterIdentity(PartyAndCertificate identity)
Verify and then store an identity.
- Parameters:
identity
- a party and the certificate path linking them to the network trust root.
-
assertOwnership
Unit assertOwnership(Party party, AnonymousParty anonymousParty)
Asserts that an anonymous party maps to the given full party, by looking up the certificate chain associated with the anonymous party and resolving it back to the given full party.
-
getAllIdentities
abstract Iterable<PartyAndCertificate> getAllIdentities()
Get all identities known to the service. This is expensive, and partyFromKey or partyFromX500Name should be used in preference where possible.
-
certificateFromKey
abstract PartyAndCertificate certificateFromKey(PublicKey owningKey)
Resolves a public key to the well known identity PartyAndCertificate instance which is owned by the key.
- Parameters:
owningKey
- The PublicKey to determine well known identity for.
-
partyFromKey
abstract Party partyFromKey(PublicKey key)
Converts an owning PublicKey to the X500Name extended Party object if the Party has been previously registered with the IdentityService either as a well known network map identity, or as a part of flows creating and exchanging the identity.
-
wellKnownPartyFromX500Name
abstract Party wellKnownPartyFromX500Name(CordaX500Name name)
Resolves a party name to the well known identity Party instance for this name. Where possible well known identity lookup from name should be done from the network map (via NetworkMapCache) instead, as it is the authoritative source of well known identities.
- Parameters:
name
- The CordaX500Name to determine well known identity for.
-
wellKnownPartyFromAnonymous
Party wellKnownPartyFromAnonymous(AbstractParty party)
Resolves a (optionally) confidential identity to the corresponding well known identity Party. It transparently handles returning the well known identity back if a well known identity is passed in.
- Parameters:
party
- identity to determine well known identity for.
-
wellKnownPartyFromAnonymous
Party wellKnownPartyFromAnonymous(PartyAndReference partyRef)
Resolves a (optionally) confidential identity to the corresponding well known identity Party. Convenience method which unwraps the Party from the PartyAndReference and then resolves the well known identity as normal. It transparently handles returning the well known identity back if a well known identity is passed in.
- Parameters:
partyRef
- identity (and reference, which is unused) to determine well known identity for.
-
requireWellKnownPartyFromAnonymous
Party requireWellKnownPartyFromAnonymous(AbstractParty party)
Resolve the well known identity of a party. Throws an exception if the party cannot be identified. If the party passed in is already a well known identity (i.e. a Party) this returns it as-is.
-
partiesFromName
abstract Set<Party> partiesFromName(String query, Boolean exactMatch)
Returns a list of candidate matches for a given string, with optional fuzzy(ish) matching. Fuzzy matching may get smarter with time e.g. to correct spelling errors, so you should not hard-code indexes into the results but rather show them via a user interface and let the user pick the one they wanted.
- Parameters:
query
- The string to check against the X.exactMatch
- If true, a case sensitive match is done against each component of each X.500 name.
-
registerKey
abstract Unit registerKey(PublicKey publicKey, Party party, UUID externalId)
Registers a mapping in the database between the provided PublicKey and Party if one does not already exist. If an entry exists for the supplied PublicKey but the associated Party does not match the one supplied to the method then a warning will be logged and the operation will not be carried out as a key can only ever be registered to one Party.
This method also optionally adds a mapping from PublicKey to external ID if one is provided. Lastly, the PublicKey is also stored (as well as the PublicKey hash).
-
externalIdForPublicKey
abstract UUID externalIdForPublicKey(PublicKey publicKey)
This method allows lookups of PublicKeys to an associated "external ID" / UUID. Providing a PublicKey that is unknown by the node or is not mapped to an external ID will return null. Otherwise, if the PublicKey has been mapped to an external ID, then the UUID for that external ID will be returned. The method looks up keys generated by the node as well as keys generated on other nodes and registered with the IdentityService.
- Parameters:
publicKey
- the PublicKey used to perform the lookup to external ID
-
publicKeysForExternalId
abstract Iterable<PublicKey> publicKeysForExternalId(UUID externalId)
This method returns all the PublicKeys which have been mapped to the supplied external ID.
- Parameters:
externalId
- the external ID to lookup PublicKeys for
-
getTrustRoot
abstract X509Certificate getTrustRoot()
-
getTrustAnchor
abstract TrustAnchor getTrustAnchor()
-
getCaCertStore
abstract CertStore getCaCertStore()
-
-
-
-