mirror of
https://github.com/corda/corda.git
synced 2024-12-24 07:06:44 +00:00
Merge pull request #7847 from corda/adel/ENT-12314
ENT-12314: Updated signature attachment constraint warning message to mention the key may be a rotated key.
This commit is contained in:
commit
397a91f365
@ -114,12 +114,21 @@ object AutomaticPlaceholderConstraint : AttachmentConstraint {
|
|||||||
*/
|
*/
|
||||||
@KeepForDJVM
|
@KeepForDJVM
|
||||||
data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstraint {
|
data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstraint {
|
||||||
override fun isSatisfiedBy(attachment: Attachment): Boolean {
|
override fun isSatisfiedBy(attachment: Attachment) = isSatisfiedBy(attachment, disableWarnings = false)
|
||||||
|
fun isSatisfiedBy(attachment: Attachment, disableWarnings: Boolean): Boolean {
|
||||||
log.debug("Checking signature constraints: verifying $key in contract attachment signer keys: ${attachment.signerKeys}")
|
log.debug("Checking signature constraints: verifying $key in contract attachment signer keys: ${attachment.signerKeys}")
|
||||||
return if (!key.isFulfilledBy(attachment.signerKeys.map { it })) {
|
return if (!key.isFulfilledBy(attachment.signerKeys.map { it })) {
|
||||||
log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}")
|
if (!disableWarnings) log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}")
|
||||||
false
|
false
|
||||||
}
|
}
|
||||||
else true
|
else true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fun isSatisfiedByWithNoWarnForSigConstraint(constraint: AttachmentConstraint, attachment: Attachment): Boolean {
|
||||||
|
return if (constraint is SignatureAttachmentConstraint) {
|
||||||
|
constraint.isSatisfiedBy(attachment, true)
|
||||||
|
} else {
|
||||||
|
constraint.isSatisfiedBy(attachment)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -32,6 +32,7 @@ import net.corda.core.contracts.TransactionVerificationException.TransactionMiss
|
|||||||
import net.corda.core.contracts.TransactionVerificationException.TransactionNonMatchingEncumbranceException
|
import net.corda.core.contracts.TransactionVerificationException.TransactionNonMatchingEncumbranceException
|
||||||
import net.corda.core.contracts.TransactionVerificationException.TransactionNotaryMismatchEncumbranceException
|
import net.corda.core.contracts.TransactionVerificationException.TransactionNotaryMismatchEncumbranceException
|
||||||
import net.corda.core.contracts.TransactionVerificationException.TransactionRequiredContractUnspecifiedException
|
import net.corda.core.contracts.TransactionVerificationException.TransactionRequiredContractUnspecifiedException
|
||||||
|
import net.corda.core.contracts.isSatisfiedByWithNoWarnForSigConstraint
|
||||||
import net.corda.core.crypto.CompositeKey
|
import net.corda.core.crypto.CompositeKey
|
||||||
import net.corda.core.crypto.SecureHash
|
import net.corda.core.crypto.SecureHash
|
||||||
import net.corda.core.internal.rules.StateContractValidationEnforcementRule
|
import net.corda.core.internal.rules.StateContractValidationEnforcementRule
|
||||||
@ -430,7 +431,7 @@ private class Validator(private val ltx: LedgerTransaction, private val transact
|
|||||||
|
|
||||||
if (HashAttachmentConstraint.disableHashConstraints && constraint is HashAttachmentConstraint)
|
if (HashAttachmentConstraint.disableHashConstraints && constraint is HashAttachmentConstraint)
|
||||||
logger.warnOnce("Skipping hash constraints verification.")
|
logger.warnOnce("Skipping hash constraints verification.")
|
||||||
else if (!constraint.isSatisfiedBy(constraintAttachment)) {
|
else if (!isSatisfiedByWithNoWarnForSigConstraint(constraint, constraintAttachment)) {
|
||||||
verifyConstraintUsingRotatedKeys(constraint, constraintAttachment, contract)
|
verifyConstraintUsingRotatedKeys(constraint, constraintAttachment, contract)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -573,7 +573,7 @@ open class TransactionBuilder(
|
|||||||
|
|
||||||
// Sanity check that the selected attachment actually passes.
|
// Sanity check that the selected attachment actually passes.
|
||||||
|
|
||||||
if (!defaultOutputConstraint.isSatisfiedBy(constraintAttachment)) {
|
if (!isSatisfiedByWithNoWarnForSigConstraint(defaultOutputConstraint, constraintAttachment)) {
|
||||||
// The defaultOutputConstraint is the input constraint by the attachment in use currently may have a rotated key
|
// The defaultOutputConstraint is the input constraint by the attachment in use currently may have a rotated key
|
||||||
if (defaultOutputConstraint is SignatureAttachmentConstraint && (getRotatedKeys(serviceHub).canBeTransitioned(defaultOutputConstraint.key, constraintAttachment.signerKeys))) {
|
if (defaultOutputConstraint is SignatureAttachmentConstraint && (getRotatedKeys(serviceHub).canBeTransitioned(defaultOutputConstraint.key, constraintAttachment.signerKeys))) {
|
||||||
return Pair(makeSignatureAttachmentConstraint(attachmentToUse.signerKeys), constraintAttachment)
|
return Pair(makeSignatureAttachmentConstraint(attachmentToUse.signerKeys), constraintAttachment)
|
||||||
|
Loading…
Reference in New Issue
Block a user