Remove notaryIdentityKey from ServiceHub (#1541)

* Remove notaryIdentityKey from ServiceHub

It was redundant, as we have notary field on a transaction. Notaries can
use this field to check if the transaction was meant for them and then
use that information while choosing a key to sign a transaction.

* Move notaryIdentityKey to NotaryService

* Address comments

* Fixes after rebase

core/src/main/kotlin/net/corda/core/flows/NotaryFlow.kt

@@ -13,6 +13,7 @@ import net.corda.core.node.services.NotaryService
 import net.corda.core.node.services.TrustedAuthorityNotaryService
 import net.corda.core.node.services.UniquenessProvider
 import net.corda.core.serialization.CordaSerializable
+import net.corda.core.transactions.FilteredTransaction
 import net.corda.core.transactions.SignedTransaction
 import net.corda.core.utilities.ProgressTracker
 import net.corda.core.utilities.UntrustworthyData
@@ -71,7 +72,7 @@ class NotaryFlow {
                     val tx: Any = if (stx.isNotaryChangeTransaction()) {
                         stx.notaryChangeTx
                     } else {
-                        stx.buildFilteredTransaction(Predicate { it is StateRef || it is TimeWindow })
+                        stx.buildFilteredTransaction(Predicate { it is StateRef || it is TimeWindow || it == notaryParty })
                     }
                     sendAndReceiveWithRetry(notaryParty, tx)
                 }
@@ -118,7 +119,8 @@ class NotaryFlow {
 
         @Suspendable
         override fun call(): Void? {
-            val (id, inputs, timeWindow) = receiveAndVerifyTx()
+            val (id, inputs, timeWindow, notary) = receiveAndVerifyTx()
+            checkNotary(notary)
             service.validateTimeWindow(timeWindow)
             service.commitInputStates(inputs, id, otherSide)
             signAndSendResponse(id)
@@ -132,6 +134,13 @@ class NotaryFlow {
         @Suspendable
         abstract fun receiveAndVerifyTx(): TransactionParts
 
+        // Check if transaction is intended to be signed by this notary.
+        @Suspendable
+        protected fun checkNotary(notary: Party?) {
+            if (notary !in serviceHub.myInfo.legalIdentities)
+                throw NotaryException(NotaryError.WrongNotary)
+        }
+
         @Suspendable
         private fun signAndSendResponse(txId: SecureHash) {
             val signature = service.sign(txId)
@@ -144,7 +153,7 @@ class NotaryFlow {
  * The minimum amount of information needed to notarise a transaction. Note that this does not include
  * any sensitive transaction details.
  */
-data class TransactionParts(val id: SecureHash, val inputs: List<StateRef>, val timestamp: TimeWindow?)
+data class TransactionParts(val id: SecureHash, val inputs: List<StateRef>, val timestamp: TimeWindow?, val notary: Party?)
 
 class NotaryException(val error: NotaryError) : FlowException("Error response from Notary - $error")
 
@@ -160,4 +169,6 @@ sealed class NotaryError {
     data class TransactionInvalid(val cause: Throwable) : NotaryError() {
         override fun toString() = cause.toString()
     }
+
+    object WrongNotary: NotaryError()
 }

core/src/main/kotlin/net/corda/core/node/ServiceHub.kt

@@ -133,20 +133,6 @@ interface ServiceHub : ServicesForResolution {
 
     private val legalIdentityKey: PublicKey get() = this.myInfo.legalIdentitiesAndCerts.first().owningKey
 
-    /**
-     * Helper property to shorten code for fetching the the [PublicKey] portion of the
-     * Node's Notary signing identity. It is required that the Node hosts a notary service,
-     * otherwise an [IllegalArgumentException] will be thrown.
-     * Typical use is during signing in flows and for unit test signing.
-     * When this [PublicKey] is passed into the signing methods below, or on the KeyManagementService
-     * the matching [java.security.PrivateKey] will be looked up internally and used to sign.
-     * If the key is actually a [net.corda.core.crypto.CompositeKey], the first leaf key hosted on this node
-     * will be used to create the signature.
-     */
-    // TODO Remove that from ServiceHub, we could take that information from a transaction notary field and figure out what key to use from that.
-    //  But, it's separate PR.
-    val notaryIdentityKey: PublicKey
-
     // Helper method to construct an initial partially signed transaction from a [TransactionBuilder].
     private fun signInitialTransaction(builder: TransactionBuilder, publicKey: PublicKey, signatureMetadata: SignatureMetadata): SignedTransaction {
         return builder.toSignedTransaction(keyManagementService, publicKey, signatureMetadata)

core/src/main/kotlin/net/corda/core/node/services/NotaryService.kt

@@ -13,9 +13,11 @@ import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.loggerFor
 import org.slf4j.Logger
+import java.security.PublicKey
 
 abstract class NotaryService : SingletonSerializeAsToken() {
     abstract val services: ServiceHub
+    abstract val notaryIdentityKey: PublicKey
 
     abstract fun start()
     abstract fun stop()
@@ -70,11 +72,11 @@ abstract class TrustedAuthorityNotaryService : NotaryService() {
     }
 
     fun sign(bits: ByteArray): DigitalSignature.WithKey {
-        return services.keyManagementService.sign(bits, services.notaryIdentityKey)
+        return services.keyManagementService.sign(bits, notaryIdentityKey)
     }
 
     fun sign(txId: SecureHash): TransactionSignature {
-        val signableData = SignableData(txId, SignatureMetadata(services.myInfo.platformVersion, Crypto.findSignatureScheme(services.notaryIdentityKey).schemeNumberID))
-        return services.keyManagementService.sign(signableData, services.notaryIdentityKey)
+        val signableData = SignableData(txId, SignatureMetadata(services.myInfo.platformVersion, Crypto.findSignatureScheme(notaryIdentityKey).schemeNumberID))
+        return services.keyManagementService.sign(signableData, notaryIdentityKey)
     }
 }