* Remove Kryo from ServiceIdentityGenerator (#1083)

* Store encoded private, public and composite key to file instead of Party and Key using Kryo.
2025-01-29 15:43:55 +00:00 · 2017-07-19 16:34:56 +01:00 · 2017-07-19 16:34:56 +01:00 · 0e0b99eaf0
commit 0e0b99eaf0
parent 9d3ad5fe06
2 changed files with 13 additions and 18 deletions
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@ -718,11 +718,12 @@ abstract class AbstractNode(open val configuration: NodeConfiguration,
        if (!keyStore.containsAlias(privateKeyAlias)) {
            val privKeyFile = configuration.baseDirectory / privateKeyAlias
            val pubIdentityFile = configuration.baseDirectory / "$serviceId-public"
+            val compositeKeyFile = configuration.baseDirectory / compositeKeyAlias
            // TODO: Remove use of [ServiceIdentityGenerator.generateToDisk].
            // Get keys from key file.
            // TODO: this is here to smooth out the key storage transition, remove this migration in future release.
            if (privKeyFile.exists()) {
-                migrateKeysFromFile(keyStore, serviceName, pubIdentityFile, privKeyFile, privateKeyAlias, compositeKeyAlias)
+                migrateKeysFromFile(keyStore, serviceName, pubIdentityFile, privKeyFile, compositeKeyFile, privateKeyAlias, compositeKeyAlias)
            } else {
                log.info("$privateKeyAlias not found in keystore ${configuration.nodeKeystore}, generating fresh key!")
                keyStore.saveNewKeyPair(serviceName, privateKeyAlias, generateKeyPair())
@ -750,21 +751,17 @@ abstract class AbstractNode(open val configuration: NodeConfiguration,
    }

    private fun migrateKeysFromFile(keyStore: KeyStoreWrapper, serviceName: X500Name,
-                                    pubIdentityFile: Path, privKeyFile: Path,
+                                    pubKeyFile: Path, privKeyFile: Path, compositeKeyFile:Path,
                                    privateKeyAlias: String, compositeKeyAlias: String) {
        log.info("Migrating $privateKeyAlias from file to keystore...")
-        val myIdentity = pubIdentityFile.readAll().deserialize<Party>()
        // Check that the identity in the config file matches the identity file we have stored to disk.
-        // This is just a sanity check. It shouldn't fail unless the admin has fiddled with the files and messed
-        // things up for us.
-        if (myIdentity.name != serviceName)
-            throw ConfigurationException("The legal name in the config file doesn't match the stored identity file:$serviceName vs ${myIdentity.name}")
        // Load the private key.
-        val keyPair = privKeyFile.readAll().deserialize<KeyPair>()
-        keyStore.saveNewKeyPair(serviceName, privateKeyAlias, keyPair)
+        val publicKey = Crypto.decodePublicKey(pubKeyFile.readAll())
+        val privateKey = Crypto.decodePrivateKey(privKeyFile.readAll())
+        keyStore.saveNewKeyPair(serviceName, privateKeyAlias, KeyPair(publicKey, privateKey))
        // Store composite key separately.
-        if (myIdentity.owningKey is CompositeKey) {
-            keyStore.savePublicKey(serviceName, compositeKeyAlias, myIdentity.owningKey)
+        if (compositeKeyFile.exists()) {
+            keyStore.savePublicKey(serviceName, compositeKeyAlias, Crypto.decodePublicKey(compositeKeyFile.readAll()))
        }
        log.info("Finish migrating $privateKeyAlias from file to keystore.")
    }
--- a/node/src/main/kotlin/net/corda/node/utilities/ServiceIdentityGenerator.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/ServiceIdentityGenerator.kt
@ -3,8 +3,6 @@ package net.corda.node.utilities
 import net.corda.core.crypto.composite.CompositeKey
 import net.corda.core.crypto.generateKeyPair
 import net.corda.core.identity.Party
-import net.corda.core.serialization.serialize
-import net.corda.core.serialization.storageKryo
 import net.corda.core.utilities.loggerFor
 import net.corda.core.utilities.trace
 import org.bouncycastle.asn1.x500.X500Name
@ -33,16 +31,16 @@ object ServiceIdentityGenerator {
        val keyPairs = (1..dirs.size).map { generateKeyPair() }
        val notaryKey = CompositeKey.Builder().addKeys(keyPairs.map { it.public }).build(threshold)
        // Avoid adding complexity! This class is a hack that needs to stay runnable in the gradle environment.
-        val notaryParty = Party(serviceName, notaryKey)
-        val notaryPartyBytes = notaryParty.serialize()
        val privateKeyFile = "$serviceId-private-key"
        val publicKeyFile = "$serviceId-public"
+        val compositeKeyFile = "$serviceId-composite-key"
        keyPairs.zip(dirs) { keyPair, dir ->
            Files.createDirectories(dir)
-            notaryPartyBytes.writeToFile(dir.resolve(publicKeyFile))
+            Files.write(dir.resolve(compositeKeyFile), notaryKey.encoded)
            // Use storageKryo as our whitelist is not available in the gradle build environment:
-            keyPair.serialize(storageKryo()).writeToFile(dir.resolve(privateKeyFile))
+            Files.write(dir.resolve(privateKeyFile), keyPair.private.encoded)
+            Files.write(dir.resolve(publicKeyFile), keyPair.public.encoded)
        }
-        return notaryParty
+        return Party(serviceName, notaryKey)
    }
 }