Incorporating feedback from PR review.

2025-02-20 17:33:15 +00:00 · 2019-02-14 15:55:36 +00:00 · 2019-02-14 15:55:36 +00:00 · 6314c1757a
commit 6314c1757a
parent 4feac7f3f0
4 changed files with 23 additions and 12 deletions
--- a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
@ -47,13 +47,23 @@ object AlwaysAcceptAttachmentConstraint : AttachmentConstraint {
 */
@KeepForDJVM
 data class HashAttachmentConstraint(val attachmentId: SecureHash) : AttachmentConstraint {
+    companion object {
+        val disableHashConstraints = System.getProperty("net.corda.node.disableHashConstraints")?.toBoolean() ?: false
+    }
    override fun isSatisfiedBy(attachment: Attachment): Boolean {
-        return if (attachment is AttachmentWithContext) {
-            log.debug("Checking attachment uploader ${attachment.contractAttachment.uploader} is trusted")
-            attachment.id == attachmentId && isUploaderTrusted(attachment.contractAttachment.uploader)
-        } else {
-            log.warn("Hash constraint check failed: $attachmentId does not match contract attachment JAR ${attachment.id} or contract attachment JAR is untrusted")
-            false
+        return when {
+            disableHashConstraints -> {
+                log.warn("Skipping hash constraints verification.")
+                true
+            }
+            attachment is AttachmentWithContext -> {
+                log.debug("Checking attachment uploader ${attachment.contractAttachment.uploader} is trusted")
+                attachment.id == attachmentId && isUploaderTrusted(attachment.contractAttachment.uploader)
+            }
+            else -> {
+                log.warn("Hash constraint check failed: $attachmentId does not match contract attachment JAR ${attachment.id} or contract attachment JAR is untrusted")
+                false
+            }
        }
    }
 }
--- a/core/src/main/kotlin/net/corda/core/internal/ConstraintsUtils.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/ConstraintsUtils.kt
@ -70,6 +70,9 @@ fun AttachmentConstraint.canBeTransitionedFrom(input: AttachmentConstraint, atta
        // TODO - we don't support currently third party signers. When we do, the output key will have to be stronger then the input key.
        input is SignatureAttachmentConstraint && output is SignatureAttachmentConstraint -> input.key == output.key

+        // HashAttachmentConstraint can be transformed to a SignatureAttachmentConstraint when hash constraint verification checking disabled.
+        HashAttachmentConstraint.disableHashConstraints && input is HashAttachmentConstraint && output is SignatureAttachmentConstraint -> true
+
        // You can transition from the WhitelistConstraint to the SignatureConstraint only if all signers of the JAR are required to sign in the future.
        input is WhitelistedByZoneAttachmentConstraint && output is SignatureAttachmentConstraint ->
            attachment.signerKeys.isNotEmpty() && output.key.keys.containsAll(attachment.signerKeys)
--- a/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt
@ -36,7 +36,6 @@ class Verifier(val ltx: LedgerTransaction,

    companion object {
        private val logger = contextLogger()
-        private val disableHashConstraints = System.getProperty("net.corda.node.disableHashConstraints")?.toBoolean() ?: false
    }

    /**
@ -339,10 +338,9 @@ class Verifier(val ltx: LedgerTransaction,

            val constraintAttachment = AttachmentWithContext(contractAttachment, contract, ltx.networkParameters!!.whitelistedContractImplementations)

-            if (disableHashConstraints && constraint is HashAttachmentConstraint)
-                logger.warn("Skipping hash constraints verification.")
-            else if (!constraint.isSatisfiedBy(constraintAttachment))
+            if (!constraint.isSatisfiedBy(constraintAttachment)) {
                throw TransactionVerificationException.ContractConstraintRejection(ltx.id, contract)
+            }
        }
    }

--- a/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
@ -5,6 +5,7 @@ import net.corda.cliutils.CliWrapperBase
 import net.corda.cliutils.CordaCliWrapper
 import net.corda.cliutils.CordaVersionProvider
 import net.corda.cliutils.ExitCodes
+import net.corda.core.contracts.HashAttachmentConstraint
 import net.corda.core.crypto.Crypto
 import net.corda.core.internal.*
 import net.corda.core.internal.concurrent.thenMatch
@ -177,8 +178,7 @@ open class NodeStartup : NodeStartupLogging {
            logger.info("The Corda node is running in production mode. If this is a developer environment you can set 'devMode=true' in the node.conf file.")
        }

-        val disableHashConstraints = System.getProperty("net.corda.node.disableHashConstraints")?.toBoolean() ?: false
-        if (disableHashConstraints) {
+        if (HashAttachmentConstraint.disableHashConstraints) {
            Node.printWarning("Hash constraints checking has been disabled by the node operator.")
        }