Merge pull request #7875 from corda/merge-release/os/4.11-release/os/4.12-2024-11-07-445

ENT-12373: Merging forward updates from release/os/4.11 to release/os/4.12 - 2024-11-07

core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt

@@ -115,10 +115,11 @@ object AutomaticPlaceholderConstraint : AttachmentConstraint {
  * @property key A [PublicKey] that must be fulfilled by the owning keys of the attachment's signing parties.
  */
 data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstraint {
-    override fun isSatisfiedBy(attachment: Attachment): Boolean {
+    override fun isSatisfiedBy(attachment: Attachment) = isSatisfiedBy(attachment, disableWarnings = false)
-        log.debug { "Checking signature constraints: verifying $key in contract attachment signer keys: ${attachment.signerKeys}" }
+    fun isSatisfiedBy(attachment: Attachment, disableWarnings: Boolean): Boolean {
+        log.debug("Checking signature constraints: verifying $key in contract attachment signer keys: ${attachment.signerKeys}")
         return if (!key.isFulfilledBy(attachment.signerKeys)) {
-            log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}")
+            if (!disableWarnings) log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}")
             false
         } else true
     }
@@ -135,3 +136,11 @@ data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstra
         fun create(key: PublicKey) = interner.intern(SignatureAttachmentConstraint(key))
     }
 }
+
+fun isSatisfiedByWithNoWarnForSigConstraint(constraint: AttachmentConstraint, attachment: Attachment): Boolean {
+    return if (constraint is SignatureAttachmentConstraint) {
+        constraint.isSatisfiedBy(attachment, true)
+    } else {
+        constraint.isSatisfiedBy(attachment)
+    }
+}

core/src/main/kotlin/net/corda/core/internal/verification/Verifier.kt

@@ -28,6 +28,7 @@ import net.corda.core.contracts.TransactionVerificationException.TransactionMiss
 import net.corda.core.contracts.TransactionVerificationException.TransactionNonMatchingEncumbranceException
 import net.corda.core.contracts.TransactionVerificationException.TransactionNotaryMismatchEncumbranceException
 import net.corda.core.contracts.TransactionVerificationException.TransactionRequiredContractUnspecifiedException
+import net.corda.core.contracts.isSatisfiedByWithNoWarnForSigConstraint
 import net.corda.core.crypto.CompositeKey
 import net.corda.core.crypto.SecureHash
 import net.corda.core.internal.AttachmentWithContext
@@ -432,7 +433,7 @@ private class Validator(private val ltx: LedgerTransaction, private val transact
 
             if (HashAttachmentConstraint.disableHashConstraints && constraint is HashAttachmentConstraint)
                 logger.warnOnce("Skipping hash constraints verification.")
-            else if (!constraint.isSatisfiedBy(constraintAttachment)) {
+            else if (!isSatisfiedByWithNoWarnForSigConstraint(constraint, constraintAttachment)) {
                 verifyConstraintUsingRotatedKeys(constraint, constraintAttachment, contract)
             }
         }

core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt

@@ -571,7 +571,7 @@ open class TransactionBuilder(
 
         // Sanity check that the selected attachment actually passes.
 
-        if (!defaultOutputConstraint.isSatisfiedBy(constraintAttachment)) {
+        if (!isSatisfiedByWithNoWarnForSigConstraint(defaultOutputConstraint, constraintAttachment)) {
             // The defaultOutputConstraint is the input constraint by the attachment in use currently may have a rotated key
             if (defaultOutputConstraint is SignatureAttachmentConstraint && services.toVerifyingServiceHub().rotatedKeys.canBeTransitioned(defaultOutputConstraint.key, constraintAttachment.signerKeys)) {
                 return Pair(makeSignatureAttachmentConstraint(attachmentToUse.signerKeys), constraintAttachment)