From 0e0b99eaf09a5ae5243bd1311fc608254b31ee17 Mon Sep 17 00:00:00 2001
From: Patrick Kuo <patrick.kuo@r3.com>
Date: Wed, 19 Jul 2017 16:34:56 +0100
Subject: [PATCH] * Remove Kryo from ServiceIdentityGenerator (#1083)

* Store encoded private, public and composite key to file instead of Party and Key using Kryo.
---
 .../net/corda/node/internal/AbstractNode.kt   | 19 ++++++++-----------
 .../utilities/ServiceIdentityGenerator.kt     | 12 +++++-------
 2 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
index fdc15af0d2..c76566a993 100644
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@@ -718,11 +718,12 @@ abstract class AbstractNode(open val configuration: NodeConfiguration,
         if (!keyStore.containsAlias(privateKeyAlias)) {
             val privKeyFile = configuration.baseDirectory / privateKeyAlias
             val pubIdentityFile = configuration.baseDirectory / "$serviceId-public"
+            val compositeKeyFile = configuration.baseDirectory / compositeKeyAlias
             // TODO: Remove use of [ServiceIdentityGenerator.generateToDisk].
             // Get keys from key file.
             // TODO: this is here to smooth out the key storage transition, remove this migration in future release.
             if (privKeyFile.exists()) {
-                migrateKeysFromFile(keyStore, serviceName, pubIdentityFile, privKeyFile, privateKeyAlias, compositeKeyAlias)
+                migrateKeysFromFile(keyStore, serviceName, pubIdentityFile, privKeyFile, compositeKeyFile, privateKeyAlias, compositeKeyAlias)
             } else {
                 log.info("$privateKeyAlias not found in keystore ${configuration.nodeKeystore}, generating fresh key!")
                 keyStore.saveNewKeyPair(serviceName, privateKeyAlias, generateKeyPair())
@@ -750,21 +751,17 @@ abstract class AbstractNode(open val configuration: NodeConfiguration,
     }
 
     private fun migrateKeysFromFile(keyStore: KeyStoreWrapper, serviceName: X500Name,
-                                    pubIdentityFile: Path, privKeyFile: Path,
+                                    pubKeyFile: Path, privKeyFile: Path, compositeKeyFile:Path,
                                     privateKeyAlias: String, compositeKeyAlias: String) {
         log.info("Migrating $privateKeyAlias from file to keystore...")
-        val myIdentity = pubIdentityFile.readAll().deserialize<Party>()
         // Check that the identity in the config file matches the identity file we have stored to disk.
-        // This is just a sanity check. It shouldn't fail unless the admin has fiddled with the files and messed
-        // things up for us.
-        if (myIdentity.name != serviceName)
-            throw ConfigurationException("The legal name in the config file doesn't match the stored identity file:$serviceName vs ${myIdentity.name}")
         // Load the private key.
-        val keyPair = privKeyFile.readAll().deserialize<KeyPair>()
-        keyStore.saveNewKeyPair(serviceName, privateKeyAlias, keyPair)
+        val publicKey = Crypto.decodePublicKey(pubKeyFile.readAll())
+        val privateKey = Crypto.decodePrivateKey(privKeyFile.readAll())
+        keyStore.saveNewKeyPair(serviceName, privateKeyAlias, KeyPair(publicKey, privateKey))
         // Store composite key separately.
-        if (myIdentity.owningKey is CompositeKey) {
-            keyStore.savePublicKey(serviceName, compositeKeyAlias, myIdentity.owningKey)
+        if (compositeKeyFile.exists()) {
+            keyStore.savePublicKey(serviceName, compositeKeyAlias, Crypto.decodePublicKey(compositeKeyFile.readAll()))
         }
         log.info("Finish migrating $privateKeyAlias from file to keystore.")
     }
diff --git a/node/src/main/kotlin/net/corda/node/utilities/ServiceIdentityGenerator.kt b/node/src/main/kotlin/net/corda/node/utilities/ServiceIdentityGenerator.kt
index 2f2db9d09b..43daa96cbc 100644
--- a/node/src/main/kotlin/net/corda/node/utilities/ServiceIdentityGenerator.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/ServiceIdentityGenerator.kt
@@ -3,8 +3,6 @@ package net.corda.node.utilities
 import net.corda.core.crypto.composite.CompositeKey
 import net.corda.core.crypto.generateKeyPair
 import net.corda.core.identity.Party
-import net.corda.core.serialization.serialize
-import net.corda.core.serialization.storageKryo
 import net.corda.core.utilities.loggerFor
 import net.corda.core.utilities.trace
 import org.bouncycastle.asn1.x500.X500Name
@@ -33,16 +31,16 @@ object ServiceIdentityGenerator {
         val keyPairs = (1..dirs.size).map { generateKeyPair() }
         val notaryKey = CompositeKey.Builder().addKeys(keyPairs.map { it.public }).build(threshold)
         // Avoid adding complexity! This class is a hack that needs to stay runnable in the gradle environment.
-        val notaryParty = Party(serviceName, notaryKey)
-        val notaryPartyBytes = notaryParty.serialize()
         val privateKeyFile = "$serviceId-private-key"
         val publicKeyFile = "$serviceId-public"
+        val compositeKeyFile = "$serviceId-composite-key"
         keyPairs.zip(dirs) { keyPair, dir ->
             Files.createDirectories(dir)
-            notaryPartyBytes.writeToFile(dir.resolve(publicKeyFile))
+            Files.write(dir.resolve(compositeKeyFile), notaryKey.encoded)
             // Use storageKryo as our whitelist is not available in the gradle build environment:
-            keyPair.serialize(storageKryo()).writeToFile(dir.resolve(privateKeyFile))
+            Files.write(dir.resolve(privateKeyFile), keyPair.private.encoded)
+            Files.write(dir.resolve(publicKeyFile), keyPair.public.encoded)
         }
-        return notaryParty
+        return Party(serviceName, notaryKey)
     }
 }