ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-13 04:38:19 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CORDA-3021: Introduce SignOnlyCryptoService and use it whenever possible (#5239)

Browse Source 
* CORDA-3021: Introduce `SignOnlyCryptoService` and use it whenever possible

Also modify `CryptoServiceFactory` to show how sign only implementation can be created.

* CORDA-3021: Undo some of my earlier changes

Which after discussion with @dimosr and @fowlerrr proven to be contradictory.
This commit is contained in:
Viktor Kolomeyko
2019-06-27 11:55:59 +01:00
committed by Anthony Keenan
parent 0083931eb7
commit 51f1e442a3
3 changed files with 27 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
node-api/src/main/kotlin/net/corda/nodeapi/internal/cryptoservice/CryptoService.kt
View File

@ -7,19 +7,11 @@ import org.bouncycastle.operator.ContentSigner
import java.security.KeyPair
import java.security.PublicKey
/**
* Unlike [CryptoService] can only perform "read-only" operations but never create new key pairs.
*/
@DoNotImplement
interface CryptoService {
/**
* Generate and store a new [KeyPair].
* Note that schemeNumberID is Corda specific. Cross-check with the network operator for supported schemeNumberID
* and their corresponding signature schemes. The main reason for using schemeNumberID and not algorithm OIDs is
* because some schemes might not be standardised and thus an official OID might for this scheme not exist yet.
*
* Returns the [PublicKey] of the generated [KeyPair].
*/
fun generateKeyPair(alias: String, scheme: SignatureScheme): PublicKey
interface SignOnlyCryptoService {
/** Check if this [CryptoService] has a private key entry for the input alias. */
fun containsKey(alias: String): Boolean
@ -52,4 +44,21 @@ interface CryptoService {
fun defaultTLSSignatureScheme(): SignatureScheme = X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME
}
/**
* Fully-powered crypto service which can sign as well as create new key pairs.
*/
@DoNotImplement
interface CryptoService : SignOnlyCryptoService {
/**
* Generate and store a new [KeyPair].
* Note that schemeNumberID is Corda specific. Cross-check with the network operator for supported schemeNumberID
* and their corresponding signature schemes. The main reason for using schemeNumberID and not algorithm OIDs is
* because some schemes might not be standardised and thus an official OID might for this scheme not exist yet.
*
* Returns the [PublicKey] of the generated [KeyPair].
*/
fun generateKeyPair(alias: String, scheme: SignatureScheme): PublicKey
}
open class CryptoServiceException(message: String?, cause: Throwable? = null) : Exception(message, cause)