Identity service refactor for confidential-identities and accounts (#5434)

* Removed IdentityServiceInternal as it is no longer used. * Removed externalIdForPublicKey API from KMS and added it to IdentityService. Added a registerKeyToExternalId API on IdentityService. * Fix remaining compile errors. * Removed "registerKeyToParty" and in its place added a new registerKey method which takes a PublicKey, Party and optionally a UUID. Added a cache to the "PersistentIdentityService" to store other node's public keys. Added the cache and new hibernate entity to all teh places where one needs to add them. New keys created by teh node now automatically get associated entries in the KEY -> PARTY map and optionally the KEy -> EXT ID map. Added a test. * Removed old comments and TODOs. * Fixed broken test. Added comments/explanations for what's going on in IdentityService. Updated kdocs. * First try at Implementing publicKeysForExternalId. * Fixed broken test. * Added migration. Amended existing persistent identity service migration to handle new migration. Addressed some review comments. * Fixed broken test - whoops! * Implemented mock identity service methods. * Added back exception when remapping a key to a different party. * Fixed compile errors. Fixed broken tests. * Use set instead of first entry in ourNames.
2025-06-23 01:19:00 +00:00 · 2019-09-16 13:14:12 +01:00
parent 4ef032071d
commit 1c2c3d3fed
26 changed files with 378 additions and 223 deletions
--- a/core/src/main/kotlin/net/corda/core/node/services/IdentityService.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/IdentityService.kt
@ -1,5 +1,6 @@
 package net.corda.core.node.services

+import co.paralleluniverse.fibers.Suspendable
 import net.corda.core.CordaException
 import net.corda.core.DoNotImplement
 import net.corda.core.contracts.PartyAndReference
@ -10,6 +11,7 @@ import net.corda.core.utilities.contextLogger
 import java.security.InvalidAlgorithmParameterException
 import java.security.PublicKey
 import java.security.cert.*
+import java.util.*

 /**
 * An identity service maintains a directory of parties by their associated distinguished name/public keys and thus
@ -69,8 +71,6 @@ interface IdentityService {
     * @param owningKey The [PublicKey] to determine well known identity for.
     * @return the party and certificate, or null if unknown.
     */
-    @Deprecated("This method has been deprecated in favour of using a new way to generate and use confidential identities. See the new " +
-            "confidential identities repository.")
    fun certificateFromKey(owningKey: PublicKey): PartyAndCertificate?

    /**
@ -153,15 +153,32 @@ interface IdentityService {

    /**
     * Registers a mapping in the database between the provided [PublicKey] and [Party] if one does not already exist. If an entry
-     * exists for the supplied [PublicKey] but the associated [Party] does not match the one supplied to the method then an exception will
-     * be thrown.
+     * exists for the supplied [PublicKey] but the associated [Party] does not match the one supplied to the method then a warning will be
+     * logged and the operation will not be carried out as a key can only ever be registered to one [Party].
     *
-     * @param key The public key that will be registered to the supplied [Party]
-     * @param party The party that the supplied public key will be registered to
-     * @throws IllegalArgumentException if the public key is already registered to a party that does not match the supplied party
+     * This method also optionally adds a mapping from [PublicKey] to external ID if one is provided. Lastly, the [PublicKey] is
+     * also stored (as well as the [PublicKey] hash).
+     *
+     * @param publicKey The public publicKey that will be registered to the supplied [Party]
+     * @param party The party that the supplied public publicKey will be registered to
+     * @param externalId The [UUID] that the supplied public key can be optionally registered to
+     * @throws IllegalArgumentException if the public publicKey is already registered to a party that does not match the supplied party
     */
    @Throws(IllegalArgumentException::class)
-    fun registerKeyToParty(key: PublicKey, party: Party)
+    fun registerKey(publicKey: PublicKey, party: Party, externalId: UUID? = null)
+
+    /**
+     * This method allows lookups of [PublicKey]s to an associated "external ID" / [UUID]. Providing a [PublicKey] that is unknown by the node
+     * or is not mapped to an external ID will return null. Otherwise, if the [PublicKey] has been mapped to an external ID, then the [UUID]
+     * for that external ID will be returned. The method looks up keys generated by the node as well as keys generated on other nodes and
+     * registered with the [IdentityService].
+     *
+     * @param publicKey the [PublicKey] used to perform the lookup to external ID
+     */
+    @Suspendable
+    fun externalIdForPublicKey(publicKey: PublicKey): UUID?
+
+    fun publicKeysForExternalId(externalId: UUID): Iterable<PublicKey>
 }

 class UnknownAnonymousPartyException(message: String) : CordaException(message)
--- a/core/src/main/kotlin/net/corda/core/node/services/KeyManagementService.kt
+++ b/core/src/main/kotlin/net/corda/core/node/services/KeyManagementService.kt
@ -90,13 +90,4 @@ interface KeyManagementService {
     */
    @Suspendable
    fun sign(signableData: SignableData, publicKey: PublicKey): TransactionSignature
-
-    /**
-     * This method allows lookups of [PublicKey]s to an associated "external ID" / [UUID]. Providing a [PublicKey] that is unknown by the node
-     * or is not mapped to an external ID will return null. Otherwise, if the [PublicKey] has been mapped to an external ID, then the [UUID]
-     * for that external ID will be returned.
-     * @param publicKey the [PublicKey] used to perform the lookup to external ID
-     */
-    @Suspendable
-    fun externalIdForPublicKey(publicKey: PublicKey): UUID?
 }