First cut at removing PrivateKey leakage from KeyManagementService

Fixup after rebase Restore original key property names Fixup after rebase Undo extra import that IntelliJ keeps erroneously adding. Add comments and fix docs for transaction signing. Fixes after rebase More fixes after rebase Address PR requests Address PR requests
2025-06-22 00:57:21 +00:00 · 2017-05-12 17:42:13 +01:00
parent ccbe76eb84
commit 05a97b11f3
58 changed files with 454 additions and 399 deletions
--- a/test-utils/src/main/kotlin/net/corda/testing/node/MockServices.kt
+++ b/test-utils/src/main/kotlin/net/corda/testing/node/MockServices.kt
@ -47,7 +47,11 @@ import javax.annotation.concurrent.ThreadSafe
 * A singleton utility that only provides a mock identity, key and storage service. However, this is sufficient for
 * building chains of transactions and verifying them. It isn't sufficient for testing flows however.
 */
-open class MockServices(val key: KeyPair = generateKeyPair()) : ServiceHub {
+open class MockServices(vararg val keys: KeyPair) : ServiceHub {
+    constructor() : this(generateKeyPair())
+
+    val key: KeyPair get() = keys.first()
+
    override fun recordTransactions(txs: Iterable<SignedTransaction>) {
        txs.forEach {
            storageService.stateMachineRecordedTransactionMapping.addMapping(StateMachineRunId.createRandom(), it.id)
@ -59,7 +63,7 @@ open class MockServices(val key: KeyPair = generateKeyPair()) : ServiceHub {

    override val storageService: TxWritableStorageService = MockStorageService()
    override val identityService: MockIdentityService = MockIdentityService(listOf(MEGA_CORP, MINI_CORP, DUMMY_NOTARY))
-    override val keyManagementService: MockKeyManagementService = MockKeyManagementService(key)
+    override val keyManagementService: KeyManagementService = MockKeyManagementService(*keys)

    override val vaultService: VaultService get() = throw UnsupportedOperationException()
    override val networkMapCache: NetworkMapCache get() = throw UnsupportedOperationException()
@ -106,14 +110,27 @@ class MockIdentityService(val identities: List<Party>,


 class MockKeyManagementService(vararg initialKeys: KeyPair) : SingletonSerializeAsToken(), KeyManagementService {
-    override val keys: MutableMap<PublicKey, PrivateKey> = initialKeys.associateByTo(HashMap(), { it.public }, { it.private })
+    private val keyStore: MutableMap<PublicKey, PrivateKey> = initialKeys.associateByTo(HashMap(), { it.public }, { it.private })
+
+    override val keys: Set<PublicKey> get() = keyStore.keys

    val nextKeys = LinkedList<KeyPair>()

-    override fun freshKey(): KeyPair {
+    override fun freshKey(): PublicKey {
        val k = nextKeys.poll() ?: generateKeyPair()
-        keys[k.public] = k.private
-        return k
+        keyStore[k.public] = k.private
+        return k.public
+    }
+
+    private fun getSigningKeyPair(publicKey: PublicKey): KeyPair {
+        val pk = publicKey.keys.first { keyStore.containsKey(it) }
+        return KeyPair(pk, keyStore[pk]!!)
+    }
+
+    override fun sign(bytes: ByteArray, publicKey: PublicKey): DigitalSignature.WithKey {
+        val keyPair = getSigningKeyPair(publicKey)
+        val signature = keyPair.sign(bytes)
+        return signature
    }
 }

--- a/test-utils/src/main/kotlin/net/corda/testing/node/SimpleNode.kt
+++ b/test-utils/src/main/kotlin/net/corda/testing/node/SimpleNode.kt
@ -6,18 +6,19 @@ import com.google.common.util.concurrent.SettableFuture
 import net.corda.core.crypto.commonName
 import net.corda.core.crypto.generateKeyPair
 import net.corda.core.messaging.RPCOps
-import net.corda.testing.MOCK_VERSION_INFO
+import net.corda.core.node.services.KeyManagementService
 import net.corda.node.services.RPCUserServiceImpl
 import net.corda.node.services.api.MonitoringService
 import net.corda.node.services.config.NodeConfiguration
+import net.corda.node.services.keys.E2ETestKeyManagementService
 import net.corda.node.services.messaging.ArtemisMessagingServer
 import net.corda.node.services.messaging.NodeMessagingClient
 import net.corda.node.services.network.InMemoryNetworkMapCache
 import net.corda.node.utilities.AffinityExecutor.ServiceAffinityExecutor
 import net.corda.node.utilities.configureDatabase
 import net.corda.node.utilities.transaction
+import net.corda.testing.MOCK_VERSION_INFO
 import net.corda.testing.freeLocalHostAndPort
-import org.bouncycastle.asn1.x500.X500Name
 import org.jetbrains.exposed.sql.Database
 import java.io.Closeable
 import java.security.KeyPair
@ -34,6 +35,7 @@ class SimpleNode(val config: NodeConfiguration, val address: HostAndPort = freeL
    val userService = RPCUserServiceImpl(config.rpcUsers)
    val monitoringService = MonitoringService(MetricRegistry())
    val identity: KeyPair = generateKeyPair()
+    val keyService: KeyManagementService = E2ETestKeyManagementService(setOf(identity))
    val executor = ServiceAffinityExecutor(config.myLegalName.commonName, 1)
    val broker = ArtemisMessagingServer(config, address, rpcAddress, InMemoryNetworkMapCache(), userService)
    val networkMapRegistrationFuture: SettableFuture<Unit> = SettableFuture.create<Unit>()