ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-20 05:28:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CORDA-3750: Delete unwanted methods from the deterministic artifacts. (#6208)

Browse Source
This commit is contained in:
Chris Rankin 2020-05-04 11:33:06 +01:00 committed by GitHub
parent 14d5751591
commit 8dccd4231d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
core/src/main/kotlin/net/corda/core/crypto/Crypto.kt
View File

@ -3,7 +3,6 @@ package net.corda.core.crypto
import net.corda.core.CordaOID import net.corda.core.CordaOID
import net.corda.core.DeleteForDJVM import net.corda.core.DeleteForDJVM
import net.corda.core.KeepForDJVM import net.corda.core.KeepForDJVM
import net.corda.core.StubOutForDJVM
import net.corda.core.crypto.internal.AliasPrivateKey import net.corda.core.crypto.internal.AliasPrivateKey
import net.corda.core.crypto.internal.Instances.withSignature import net.corda.core.crypto.internal.Instances.withSignature
import net.corda.core.crypto.internal.`id-Curve25519ph` import net.corda.core.crypto.internal.`id-Curve25519ph`
@ -220,11 +219,12 @@ object Crypto {
* Map of supported digital signature schemes associated by [SignatureScheme.schemeNumberID]. * Map of supported digital signature schemes associated by [SignatureScheme.schemeNumberID].
* SchemeNumberID is the scheme identifier attached to [SignatureMetadata]. * SchemeNumberID is the scheme identifier attached to [SignatureMetadata].
*/ */
private val signatureSchemeNumberIDMap: Map<Int, SignatureScheme> = Crypto.supportedSignatureSchemes().associateBy { it.schemeNumberID } private val signatureSchemeNumberIDMap: Map<Int, SignatureScheme> = supportedSignatureSchemes().associateBy { it.schemeNumberID }
@JvmStatic @JvmStatic
fun supportedSignatureSchemes(): List<SignatureScheme> = ArrayList(signatureSchemeMap.values) fun supportedSignatureSchemes(): List<SignatureScheme> = ArrayList(signatureSchemeMap.values)
@DeleteForDJVM
@JvmStatic @JvmStatic
fun findProvider(name: String): Provider { fun findProvider(name: String): Provider {
return providerMap[name] ?: throw IllegalArgumentException("Unrecognised provider: $name") return providerMap[name] ?: throw IllegalArgumentException("Unrecognised provider: $name")
@ -303,6 +303,7 @@ object Crypto {
* @throws IllegalArgumentException on not supported scheme or if the given key specification * @throws IllegalArgumentException on not supported scheme or if the given key specification
* is inappropriate for this key factory to produce a private key. * is inappropriate for this key factory to produce a private key.
*/ */
@DeleteForDJVM
@JvmStatic @JvmStatic
fun decodePrivateKey(encodedKey: ByteArray): PrivateKey { fun decodePrivateKey(encodedKey: ByteArray): PrivateKey {
val keyInfo = PrivateKeyInfo.getInstance(encodedKey) val keyInfo = PrivateKeyInfo.getInstance(encodedKey)
@ -314,6 +315,7 @@ object Crypto {
return keyFactory.generatePrivate(PKCS8EncodedKeySpec(encodedKey)) return keyFactory.generatePrivate(PKCS8EncodedKeySpec(encodedKey))
} }
@DeleteForDJVM
private fun decodeAliasPrivateKey(keyInfo: PrivateKeyInfo): PrivateKey { private fun decodeAliasPrivateKey(keyInfo: PrivateKeyInfo): PrivateKey {
val encodable = keyInfo.parsePrivateKey() as DLSequence val encodable = keyInfo.parsePrivateKey() as DLSequence
val derutF8String = encodable.getObjectAt(0) val derutF8String = encodable.getObjectAt(0)
@ -329,6 +331,7 @@ object Crypto {
* @throws IllegalArgumentException on not supported scheme or if the given key specification * @throws IllegalArgumentException on not supported scheme or if the given key specification
* is inappropriate for this key factory to produce a private key. * is inappropriate for this key factory to produce a private key.
*/ */
@DeleteForDJVM
@JvmStatic @JvmStatic
@Throws(InvalidKeySpecException::class) @Throws(InvalidKeySpecException::class)
fun decodePrivateKey(schemeCodeName: String, encodedKey: ByteArray): PrivateKey { fun decodePrivateKey(schemeCodeName: String, encodedKey: ByteArray): PrivateKey {
@ -407,7 +410,7 @@ object Crypto {
val keyFactory = keyFactory(signatureScheme) val keyFactory = keyFactory(signatureScheme)
return keyFactory.generatePublic(X509EncodedKeySpec(encodedKey)) return keyFactory.generatePublic(X509EncodedKeySpec(encodedKey))
} catch (ikse: InvalidKeySpecException) { } catch (ikse: InvalidKeySpecException) {
throw throw InvalidKeySpecException("This public key cannot be decoded, please ensure it is X509 encoded and " + throw InvalidKeySpecException("This public key cannot be decoded, please ensure it is X509 encoded and " +
"that it corresponds to the input scheme's code name.", ikse) "that it corresponds to the input scheme's code name.", ikse)
} }
} }
@ -499,14 +502,14 @@ object Crypto {
@JvmStatic @JvmStatic
@Throws(InvalidKeyException::class, SignatureException::class) @Throws(InvalidKeyException::class, SignatureException::class)
fun doSign(keyPair: KeyPair, signableData: SignableData): TransactionSignature { fun doSign(keyPair: KeyPair, signableData: SignableData): TransactionSignature {
val sigKey: SignatureScheme = Crypto.findSignatureScheme(keyPair.private) val sigKey: SignatureScheme = findSignatureScheme(keyPair.private)
val sigMetaData: SignatureScheme = Crypto.findSignatureScheme(signableData.signatureMetadata.schemeNumberID) val sigMetaData: SignatureScheme = findSignatureScheme(signableData.signatureMetadata.schemeNumberID)
// Special handling if the advertised SignatureScheme is CompositeKey. // Special handling if the advertised SignatureScheme is CompositeKey.
// TODO fix notaries that advertise [CompositeKey] in their signature Metadata. Currently, clustered notary nodes // TODO fix notaries that advertise [CompositeKey] in their signature Metadata. Currently, clustered notary nodes
// mention Crypto.COMPOSITE_KEY in their SignatureMetadata, but they are actually signing with a leaf-key // mention Crypto.COMPOSITE_KEY in their SignatureMetadata, but they are actually signing with a leaf-key
// (and if they refer to it as a Composite key, then we lose info about the actual type of their signing key). // (and if they refer to it as a Composite key, then we lose info about the actual type of their signing key).
// In short, their metadata should be the leaf key-type, until we support CompositeKey signatures. // In short, their metadata should be the leaf key-type, until we support CompositeKey signatures.
require(sigKey == sigMetaData || sigMetaData == Crypto.COMPOSITE_KEY) { require(sigKey == sigMetaData || sigMetaData == COMPOSITE_KEY) {
"Metadata schemeCodeName: ${sigMetaData.schemeCodeName} is not aligned with the key type: ${sigKey.schemeCodeName}." "Metadata schemeCodeName: ${sigMetaData.schemeCodeName} is not aligned with the key type: ${sigKey.schemeCodeName}."
} }
val signatureBytes = doSign(sigKey.schemeCodeName, keyPair.private, signableData.serialize().bytes) val signatureBytes = doSign(sigKey.schemeCodeName, keyPair.private, signableData.serialize().bytes)
@ -601,7 +604,7 @@ object Crypto {
@Throws(InvalidKeyException::class, SignatureException::class) @Throws(InvalidKeyException::class, SignatureException::class)
fun doVerify(txId: SecureHash, transactionSignature: TransactionSignature): Boolean { fun doVerify(txId: SecureHash, transactionSignature: TransactionSignature): Boolean {
val signableData = SignableData(originalSignedHash(txId, transactionSignature.partialMerkleTree), transactionSignature.signatureMetadata) val signableData = SignableData(originalSignedHash(txId, transactionSignature.partialMerkleTree), transactionSignature.signatureMetadata)
return Crypto.doVerify(transactionSignature.by, transactionSignature.bytes, signableData.serialize().bytes) return doVerify(transactionSignature.by, transactionSignature.bytes, signableData.serialize().bytes)
} }
/** /**
@ -975,15 +978,6 @@ object Crypto {
@JvmStatic @JvmStatic
fun validatePublicKey(key: PublicKey): Boolean = validatePublicKey(findSignatureScheme(key), key) fun validatePublicKey(key: PublicKey): Boolean = validatePublicKey(findSignatureScheme(key), key)
// Validate a key, by checking its algorithmic params.
private fun validateKey(signatureScheme: SignatureScheme, key: Key): Boolean {
return when (key) {
is PublicKey -> validatePublicKey(signatureScheme, key)
is PrivateKey -> validatePrivateKey(signatureScheme, key)
else -> throw IllegalArgumentException("Unsupported key type: ${key::class}")
}
}
// Check if a public key satisfies algorithm specs (for ECC: key should lie on the curve and not being point-at-infinity). // Check if a public key satisfies algorithm specs (for ECC: key should lie on the curve and not being point-at-infinity).
private fun validatePublicKey(signatureScheme: SignatureScheme, key: PublicKey): Boolean { private fun validatePublicKey(signatureScheme: SignatureScheme, key: PublicKey): Boolean {
return when (key) { return when (key) {
@ -994,16 +988,6 @@ object Crypto {
} }
} }
// Check if a private key satisfies algorithm specs.
private fun validatePrivateKey(signatureScheme: SignatureScheme, key: PrivateKey): Boolean {
return when (key) {
is BCECPrivateKey -> key.parameters == signatureScheme.algSpec
is EdDSAPrivateKey -> key.params == signatureScheme.algSpec
is BCRSAPrivateKey, is BCSphincs256PrivateKey -> true // TODO: Check if non-ECC keys satisfy params (i.e. approved/valid RSA modulus size).
else -> throw IllegalArgumentException("Unsupported key type: ${key::class}")
}
}
/** /**
* Convert a public key to a supported implementation. * Convert a public key to a supported implementation.
* @param key a public key. * @param key a public key.
@ -1043,6 +1027,7 @@ object Crypto {
* @throws IllegalArgumentException on not supported scheme or if the given key specification * @throws IllegalArgumentException on not supported scheme or if the given key specification
* is inappropriate for a supported key factory to produce a private key. * is inappropriate for a supported key factory to produce a private key.
*/ */
@DeleteForDJVM
@JvmStatic @JvmStatic
fun toSupportedPrivateKey(key: PrivateKey): PrivateKey { fun toSupportedPrivateKey(key: PrivateKey): PrivateKey {
return when (key) { return when (key) {
@ -1078,6 +1063,7 @@ object Crypto {
* CRL & CSR checks etc.). * CRL & CSR checks etc.).
*/ */
// TODO: perform all cryptographic operations via Crypto. // TODO: perform all cryptographic operations via Crypto.
@DeleteForDJVM
@JvmStatic @JvmStatic
fun registerProviders() { fun registerProviders() {
providerMap providerMap
@ -1088,7 +1074,7 @@ object Crypto {
setBouncyCastleRNG() setBouncyCastleRNG()
} }
@StubOutForDJVM @DeleteForDJVM
private fun setBouncyCastleRNG() { private fun setBouncyCastleRNG() {
CryptoServicesRegistrar.setSecureRandom(newSecureRandom()) CryptoServicesRegistrar.setSecureRandom(newSecureRandom())
} }

2
serialization/src/main/kotlin/net/corda/serialization/internal/amqp/AMQPSerializationScheme.kt
View File

@ -166,7 +166,6 @@ abstract class AbstractAMQPSerializationScheme(
fun registerCustomSerializers(factory: SerializerFactory) { fun registerCustomSerializers(factory: SerializerFactory) {
with(factory) { with(factory) {
register(net.corda.serialization.internal.amqp.custom.PrivateKeySerializer)
register(net.corda.serialization.internal.amqp.custom.ThrowableSerializer(this)) register(net.corda.serialization.internal.amqp.custom.ThrowableSerializer(this))
register(net.corda.serialization.internal.amqp.custom.BigDecimalSerializer) register(net.corda.serialization.internal.amqp.custom.BigDecimalSerializer)
register(net.corda.serialization.internal.amqp.custom.BigIntegerSerializer) register(net.corda.serialization.internal.amqp.custom.BigIntegerSerializer)
@ -205,6 +204,7 @@ fun registerCustomSerializers(factory: SerializerFactory) {
@StubOutForDJVM @StubOutForDJVM
private fun registerNonDeterministicSerializers(factory: SerializerFactory) { private fun registerNonDeterministicSerializers(factory: SerializerFactory) {
with(factory) { with(factory) {
register(net.corda.serialization.internal.amqp.custom.PrivateKeySerializer)
register(net.corda.serialization.internal.amqp.custom.SimpleStringSerializer) register(net.corda.serialization.internal.amqp.custom.SimpleStringSerializer)
} }
} }

2
serialization/src/main/kotlin/net/corda/serialization/internal/amqp/custom/PrivateKeySerializer.kt
View File

@ -1,5 +1,6 @@
package net.corda.serialization.internal.amqp.custom package net.corda.serialization.internal.amqp.custom
import net.corda.core.DeleteForDJVM
import net.corda.core.crypto.Crypto import net.corda.core.crypto.Crypto
import net.corda.core.serialization.SerializationContext import net.corda.core.serialization.SerializationContext
import net.corda.core.serialization.SerializationContext.UseCase.Storage import net.corda.core.serialization.SerializationContext.UseCase.Storage
@ -9,6 +10,7 @@ import org.apache.qpid.proton.codec.Data
import java.lang.reflect.Type import java.lang.reflect.Type
import java.security.PrivateKey import java.security.PrivateKey
@DeleteForDJVM
object PrivateKeySerializer object PrivateKeySerializer
: CustomSerializer.Implements<PrivateKey>( : CustomSerializer.Implements<PrivateKey>(
PrivateKey::class.java PrivateKey::class.java