First cut at removing PrivateKey leakage from KeyManagementService

Fixup after rebase Restore original key property names Fixup after rebase Undo extra import that IntelliJ keeps erroneously adding. Add comments and fix docs for transaction signing. Fixes after rebase More fixes after rebase Address PR requests Address PR requests
2025-06-13 04:38:19 +00:00 · 2017-05-12 17:42:13 +01:00
parent ccbe76eb84
commit 05a97b11f3
58 changed files with 454 additions and 399 deletions
--- a/docs/source/example-code/src/main/kotlin/net/corda/docs/FxTransactionBuildTutorial.kt
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/FxTransactionBuildTutorial.kt
@ -8,7 +8,6 @@ import net.corda.core.contracts.StateAndRef
 import net.corda.core.contracts.TransactionType
 import net.corda.core.crypto.DigitalSignature
 import net.corda.core.crypto.SecureHash
-import net.corda.core.crypto.sign
 import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.InitiatingFlow
 import net.corda.core.identity.Party
@ -206,11 +205,9 @@ class ForeignExchangeFlow(val tradeId: String,
        builder.withItems(*theirStates.outputs.toTypedArray())

        // We have already validated their response and trust our own data
-        // so we can sign
-        builder.signWith(serviceHub.legalIdentityKey)
-        // create a signed transaction, but pass false as parameter, because we know it is not fully signed
-        val signedTransaction = builder.toSignedTransaction(checkSufficientSignatures = false)
-        return signedTransaction
+        // so we can sign. Note the returned SignedTransaction is still not fully signed
+        // and would not pass full verification yet.
+        return serviceHub.signInitialTransaction(builder)
    }
    // DOCEND 3
 }
@ -260,7 +257,7 @@ class ForeignExchangeRemoteFlow(val source: Party) : FlowLogic<Unit>() {
        }

        // assuming we have completed state and business level validation we can sign the trade
-        val ourSignature = serviceHub.legalIdentityKey.sign(proposedTrade.id)
+        val ourSignature = serviceHub.createSignature(proposedTrade)

        // send the other side our signature.
        send(source, ourSignature)
--- a/docs/source/example-code/src/main/kotlin/net/corda/docs/WorkflowTransactionBuildTutorial.kt
+++ b/docs/source/example-code/src/main/kotlin/net/corda/docs/WorkflowTransactionBuildTutorial.kt
@ -5,7 +5,6 @@ import net.corda.core.contracts.*
 import net.corda.core.crypto.DigitalSignature
 import net.corda.core.crypto.SecureHash
 import net.corda.core.crypto.containsAny
-import net.corda.core.crypto.sign
 import net.corda.core.flows.FlowLogic
 import net.corda.core.flows.InitiatingFlow
 import net.corda.core.identity.AbstractParty
@ -135,9 +134,7 @@ class SubmitTradeApprovalFlow(val tradeId: String,
                .withItems(tradeProposal, Command(TradeApprovalContract.Commands.Issue(), listOf(tradeProposal.source.owningKey)))
        tx.setTime(serviceHub.clock.instant(), Duration.ofSeconds(60))
        // We can automatically sign as there is no untrusted data.
-        tx.signWith(serviceHub.legalIdentityKey)
-        // Convert to a SignedTransaction that we can send to the notary
-        val signedTx = tx.toSignedTransaction(false)
+        val signedTx = serviceHub.signInitialTransaction(tx)
        // Notarise and distribute.
        subFlow(FinalityFlow(signedTx, setOf(serviceHub.myInfo.legalIdentity, counterparty)))
        // Return the initial state
@ -199,9 +196,9 @@ class SubmitCompletionFlow(val ref: StateRef, val verdict: WorkflowState) : Flow
        tx.setTime(serviceHub.clock.instant(), Duration.ofSeconds(60))
        // We can sign this transaction immediately as we have already checked all the fields and the decision
        // is ultimately a manual one from the caller.
-        tx.signWith(serviceHub.legalIdentityKey)
-        // Convert to SignedTransaction we can pass around certain that it cannot be modified.
-        val selfSignedTx = tx.toSignedTransaction(false)
+        // As a SignedTransaction we can pass the data around certain that it cannot be modified,
+        // although we do require further signatures to complete the process.
+        val selfSignedTx = serviceHub.signInitialTransaction(tx)
        //DOCEND 2
        // Send the signed transaction to the originator and await their signature to confirm
        val allPartySignedTx = sendAndReceive<DigitalSignature.WithKey>(newState.source, selfSignedTx).unwrap {
@ -257,7 +254,7 @@ class RecordCompletionFlow(val source: Party) : FlowLogic<Unit>() {
        }
        // DOCEND 3
        // Having verified the SignedTransaction passed to us we can sign it too
-        val ourSignature = serviceHub.legalIdentityKey.sign(completeTx.tx.id)
+        val ourSignature = serviceHub.createSignature(completeTx)
        // Send our signature to the other party.
        send(source, ourSignature)
        // N.B. The FinalityProtocol will be responsible for Notarising the SignedTransaction
--- a/docs/source/example-code/src/test/kotlin/net/corda/docs/FxTransactionBuildTutorialTest.kt
+++ b/docs/source/example-code/src/test/kotlin/net/corda/docs/FxTransactionBuildTutorialTest.kt
@ -8,7 +8,6 @@ import net.corda.core.toFuture
 import net.corda.core.utilities.DUMMY_NOTARY
 import net.corda.core.utilities.DUMMY_NOTARY_KEY
 import net.corda.flows.CashIssueFlow
-import net.corda.flows.CashPaymentFlow
 import net.corda.node.services.network.NetworkMapService
 import net.corda.node.services.transactions.ValidatingNotaryService
 import net.corda.node.utilities.transaction