ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-05-31 22:50:53 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Incorporating feedback from PR review.

Browse Source
This commit is contained in:
josecoll 2019-02-14 15:55:36 +00:00 committed by Mike Hearn
parent 4feac7f3f0
commit 6314c1757a
4 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
View File

@ -47,15 +47,25 @@ object AlwaysAcceptAttachmentConstraint : AttachmentConstraint {
*/ */
@KeepForDJVM @KeepForDJVM
data class HashAttachmentConstraint(val attachmentId: SecureHash) : AttachmentConstraint { data class HashAttachmentConstraint(val attachmentId: SecureHash) : AttachmentConstraint {
companion object {
val disableHashConstraints = System.getProperty("net.corda.node.disableHashConstraints")?.toBoolean() ?: false
}
override fun isSatisfiedBy(attachment: Attachment): Boolean { override fun isSatisfiedBy(attachment: Attachment): Boolean {
return if (attachment is AttachmentWithContext) { return when {
disableHashConstraints -> {
log.warn("Skipping hash constraints verification.")
true
}
attachment is AttachmentWithContext -> {
log.debug("Checking attachment uploader ${attachment.contractAttachment.uploader} is trusted") log.debug("Checking attachment uploader ${attachment.contractAttachment.uploader} is trusted")
attachment.id == attachmentId && isUploaderTrusted(attachment.contractAttachment.uploader) attachment.id == attachmentId && isUploaderTrusted(attachment.contractAttachment.uploader)
} else { }
else -> {
log.warn("Hash constraint check failed: $attachmentId does not match contract attachment JAR ${attachment.id} or contract attachment JAR is untrusted") log.warn("Hash constraint check failed: $attachmentId does not match contract attachment JAR ${attachment.id} or contract attachment JAR is untrusted")
false false
} }
} }
}
} }
/** /**

3
core/src/main/kotlin/net/corda/core/internal/ConstraintsUtils.kt
View File

@ -70,6 +70,9 @@ fun AttachmentConstraint.canBeTransitionedFrom(input: AttachmentConstraint, atta
// TODO - we don't support currently third party signers. When we do, the output key will have to be stronger then the input key. // TODO - we don't support currently third party signers. When we do, the output key will have to be stronger then the input key.
input is SignatureAttachmentConstraint && output is SignatureAttachmentConstraint -> input.key == output.key input is SignatureAttachmentConstraint && output is SignatureAttachmentConstraint -> input.key == output.key
// HashAttachmentConstraint can be transformed to a SignatureAttachmentConstraint when hash constraint verification checking disabled.
HashAttachmentConstraint.disableHashConstraints && input is HashAttachmentConstraint && output is SignatureAttachmentConstraint -> true
// You can transition from the WhitelistConstraint to the SignatureConstraint only if all signers of the JAR are required to sign in the future. // You can transition from the WhitelistConstraint to the SignatureConstraint only if all signers of the JAR are required to sign in the future.
input is WhitelistedByZoneAttachmentConstraint && output is SignatureAttachmentConstraint -> input is WhitelistedByZoneAttachmentConstraint && output is SignatureAttachmentConstraint ->
attachment.signerKeys.isNotEmpty() && output.key.keys.containsAll(attachment.signerKeys) attachment.signerKeys.isNotEmpty() && output.key.keys.containsAll(attachment.signerKeys)

6
core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt
View File

@ -36,7 +36,6 @@ class Verifier(val ltx: LedgerTransaction,
companion object { companion object {
private val logger = contextLogger() private val logger = contextLogger()
private val disableHashConstraints = System.getProperty("net.corda.node.disableHashConstraints")?.toBoolean() ?: false
} }
/** /**
@ -339,12 +338,11 @@ class Verifier(val ltx: LedgerTransaction,
val constraintAttachment = AttachmentWithContext(contractAttachment, contract, ltx.networkParameters!!.whitelistedContractImplementations) val constraintAttachment = AttachmentWithContext(contractAttachment, contract, ltx.networkParameters!!.whitelistedContractImplementations)
if (disableHashConstraints && constraint is HashAttachmentConstraint) if (!constraint.isSatisfiedBy(constraintAttachment)) {
logger.warn("Skipping hash constraints verification.")
else if (!constraint.isSatisfiedBy(constraintAttachment))
throw TransactionVerificationException.ContractConstraintRejection(ltx.id, contract) throw TransactionVerificationException.ContractConstraintRejection(ltx.id, contract)
} }
} }
}
/** /**
* Check the transaction is contract-valid by running the verify() for each input and output state contract. * Check the transaction is contract-valid by running the verify() for each input and output state contract.

4
node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
View File

@ -5,6 +5,7 @@ import net.corda.cliutils.CliWrapperBase
import net.corda.cliutils.CordaCliWrapper import net.corda.cliutils.CordaCliWrapper
import net.corda.cliutils.CordaVersionProvider import net.corda.cliutils.CordaVersionProvider
import net.corda.cliutils.ExitCodes import net.corda.cliutils.ExitCodes
import net.corda.core.contracts.HashAttachmentConstraint
import net.corda.core.crypto.Crypto import net.corda.core.crypto.Crypto
import net.corda.core.internal.* import net.corda.core.internal.*
import net.corda.core.internal.concurrent.thenMatch import net.corda.core.internal.concurrent.thenMatch
@ -177,8 +178,7 @@ open class NodeStartup : NodeStartupLogging {
logger.info("The Corda node is running in production mode. If this is a developer environment you can set 'devMode=true' in the node.conf file.") logger.info("The Corda node is running in production mode. If this is a developer environment you can set 'devMode=true' in the node.conf file.")
} }
val disableHashConstraints = System.getProperty("net.corda.node.disableHashConstraints")?.toBoolean() ?: false if (HashAttachmentConstraint.disableHashConstraints) {
if (disableHashConstraints) {
Node.printWarning("Hash constraints checking has been disabled by the node operator.") Node.printWarning("Hash constraints checking has been disabled by the node operator.")
} }