mirror of
https://github.com/corda/corda.git
synced 2024-12-19 04:57:58 +00:00
Merge pull request #7873 from corda/merge-release/os/4.10-release/os/4.11-2024-11-07-402
ENT-12373: Merging forward updates from release/os/4.10 to release/os/4.11 - 2024-11-07
This commit is contained in:
commit
5552044ddb
@ -110,10 +110,11 @@ object AutomaticPlaceholderConstraint : AttachmentConstraint {
|
|||||||
* @property key A [PublicKey] that must be fulfilled by the owning keys of the attachment's signing parties.
|
* @property key A [PublicKey] that must be fulfilled by the owning keys of the attachment's signing parties.
|
||||||
*/
|
*/
|
||||||
data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstraint {
|
data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstraint {
|
||||||
override fun isSatisfiedBy(attachment: Attachment): Boolean {
|
override fun isSatisfiedBy(attachment: Attachment) = isSatisfiedBy(attachment, disableWarnings = false)
|
||||||
|
fun isSatisfiedBy(attachment: Attachment, disableWarnings: Boolean): Boolean {
|
||||||
log.debug("Checking signature constraints: verifying $key in contract attachment signer keys: ${attachment.signerKeys}")
|
log.debug("Checking signature constraints: verifying $key in contract attachment signer keys: ${attachment.signerKeys}")
|
||||||
return if (!key.isFulfilledBy(attachment.signerKeys.map { it })) {
|
return if (!key.isFulfilledBy(attachment.signerKeys.map { it })) {
|
||||||
log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}")
|
if (!disableWarnings) log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}")
|
||||||
false
|
false
|
||||||
} else true
|
} else true
|
||||||
}
|
}
|
||||||
@ -128,3 +129,11 @@ data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstra
|
|||||||
fun create(key: PublicKey) = interner.intern(SignatureAttachmentConstraint(key))
|
fun create(key: PublicKey) = interner.intern(SignatureAttachmentConstraint(key))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fun isSatisfiedByWithNoWarnForSigConstraint(constraint: AttachmentConstraint, attachment: Attachment): Boolean {
|
||||||
|
return if (constraint is SignatureAttachmentConstraint) {
|
||||||
|
constraint.isSatisfiedBy(attachment, true)
|
||||||
|
} else {
|
||||||
|
constraint.isSatisfiedBy(attachment)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -30,6 +30,7 @@ import net.corda.core.contracts.TransactionVerificationException.TransactionMiss
|
|||||||
import net.corda.core.contracts.TransactionVerificationException.TransactionNonMatchingEncumbranceException
|
import net.corda.core.contracts.TransactionVerificationException.TransactionNonMatchingEncumbranceException
|
||||||
import net.corda.core.contracts.TransactionVerificationException.TransactionNotaryMismatchEncumbranceException
|
import net.corda.core.contracts.TransactionVerificationException.TransactionNotaryMismatchEncumbranceException
|
||||||
import net.corda.core.contracts.TransactionVerificationException.TransactionRequiredContractUnspecifiedException
|
import net.corda.core.contracts.TransactionVerificationException.TransactionRequiredContractUnspecifiedException
|
||||||
|
import net.corda.core.contracts.isSatisfiedByWithNoWarnForSigConstraint
|
||||||
import net.corda.core.crypto.CompositeKey
|
import net.corda.core.crypto.CompositeKey
|
||||||
import net.corda.core.crypto.SecureHash
|
import net.corda.core.crypto.SecureHash
|
||||||
import net.corda.core.internal.rules.StateContractValidationEnforcementRule
|
import net.corda.core.internal.rules.StateContractValidationEnforcementRule
|
||||||
@ -427,7 +428,7 @@ private class Validator(private val ltx: LedgerTransaction, private val transact
|
|||||||
|
|
||||||
if (HashAttachmentConstraint.disableHashConstraints && constraint is HashAttachmentConstraint)
|
if (HashAttachmentConstraint.disableHashConstraints && constraint is HashAttachmentConstraint)
|
||||||
logger.warnOnce("Skipping hash constraints verification.")
|
logger.warnOnce("Skipping hash constraints verification.")
|
||||||
else if (!constraint.isSatisfiedBy(constraintAttachment)) {
|
else if (!isSatisfiedByWithNoWarnForSigConstraint(constraint, constraintAttachment)) {
|
||||||
verifyConstraintUsingRotatedKeys(constraint, constraintAttachment, contract)
|
verifyConstraintUsingRotatedKeys(constraint, constraintAttachment, contract)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -571,7 +571,7 @@ open class TransactionBuilder(
|
|||||||
|
|
||||||
// Sanity check that the selected attachment actually passes.
|
// Sanity check that the selected attachment actually passes.
|
||||||
|
|
||||||
if (!defaultOutputConstraint.isSatisfiedBy(constraintAttachment)) {
|
if (!isSatisfiedByWithNoWarnForSigConstraint(defaultOutputConstraint, constraintAttachment)) {
|
||||||
// The defaultOutputConstraint is the input constraint by the attachment in use currently may have a rotated key
|
// The defaultOutputConstraint is the input constraint by the attachment in use currently may have a rotated key
|
||||||
if (defaultOutputConstraint is SignatureAttachmentConstraint && (getRotatedKeys(serviceHub).canBeTransitioned(defaultOutputConstraint.key, constraintAttachment.signerKeys))) {
|
if (defaultOutputConstraint is SignatureAttachmentConstraint && (getRotatedKeys(serviceHub).canBeTransitioned(defaultOutputConstraint.key, constraintAttachment.signerKeys))) {
|
||||||
return Pair(makeSignatureAttachmentConstraint(attachmentToUse.signerKeys), constraintAttachment)
|
return Pair(makeSignatureAttachmentConstraint(attachmentToUse.signerKeys), constraintAttachment)
|
||||||
|
Loading…
Reference in New Issue
Block a user