From e860c67086ec87eab3bacd946e9dc8f5b1c43736 Mon Sep 17 00:00:00 2001
From: Shams Asari <shams.asari@r3.com>
Date: Tue, 19 Mar 2024 09:38:15 +0000
Subject: [PATCH] ENT-11662: Using EdDSA keys when generating notary servive
 identities

It was previously generating TLS keys, which seems to have been an oversight.

Using EdDSA also has a slight performance edge, as there's some mutex contention when ECDSA keys are used.
---
 .../registration/NetworkRegistrationHelper.kt    | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
index c35cc1fa9f..a82bdd5308 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
@@ -121,8 +121,11 @@ open class NetworkRegistrationHelper(
         requestIdStore.deleteIfExists()
     }
 
-    private fun generateKeyPairAndCertificate(keyAlias: String, legalName: CordaX500Name, certificateRole: CertRole, certStore: CertificateStore): Pair<PublicKey, List<X509Certificate>> {
-        val entityPublicKey = loadOrGenerateKeyPair(keyAlias)
+    private fun generateKeyPairAndCertificate(keyAlias: String,
+                                              legalName: CordaX500Name,
+                                              certificateRole: CertRole,
+                                              certStore: CertificateStore): Pair<PublicKey, List<X509Certificate>> {
+        val entityPublicKey = loadOrGenerateKeyPair(keyAlias, certificateRole)
 
         val requestId = submitOrResumeCertificateSigningRequest(entityPublicKey, legalName, certificateRole, cryptoService.getSigner(keyAlias))
 
@@ -209,11 +212,16 @@ open class NetworkRegistrationHelper(
         logProgress("Node identity private key and certificate chain stored in $nodeIdentityAlias.")
     }
 
-    private fun loadOrGenerateKeyPair(keyAlias: String): PublicKey {
+    private fun loadOrGenerateKeyPair(keyAlias: String, certificateRole: CertRole): PublicKey {
         return if (cryptoService.containsKey(keyAlias)) {
             cryptoService.getPublicKey(keyAlias)!!
         } else {
-            cryptoService.generateKeyPair(keyAlias, cryptoService.defaultTLSSignatureScheme())
+            val signatureScheme = if (certificateRole == CertRole.SERVICE_IDENTITY) {
+                cryptoService.defaultIdentitySignatureScheme()
+            } else {
+                cryptoService.defaultTLSSignatureScheme()
+            }
+            cryptoService.generateKeyPair(keyAlias, signatureScheme)
         }
     }