mirror of
https://github.com/corda/corda.git
synced 2024-12-19 21:17:58 +00:00
CORDA-3750: Delete unwanted methods from the deterministic artifacts. (#6208)
This commit is contained in:
parent
14d5751591
commit
8dccd4231d
@ -3,7 +3,6 @@ package net.corda.core.crypto
|
|||||||
import net.corda.core.CordaOID
|
import net.corda.core.CordaOID
|
||||||
import net.corda.core.DeleteForDJVM
|
import net.corda.core.DeleteForDJVM
|
||||||
import net.corda.core.KeepForDJVM
|
import net.corda.core.KeepForDJVM
|
||||||
import net.corda.core.StubOutForDJVM
|
|
||||||
import net.corda.core.crypto.internal.AliasPrivateKey
|
import net.corda.core.crypto.internal.AliasPrivateKey
|
||||||
import net.corda.core.crypto.internal.Instances.withSignature
|
import net.corda.core.crypto.internal.Instances.withSignature
|
||||||
import net.corda.core.crypto.internal.`id-Curve25519ph`
|
import net.corda.core.crypto.internal.`id-Curve25519ph`
|
||||||
@ -220,11 +219,12 @@ object Crypto {
|
|||||||
* Map of supported digital signature schemes associated by [SignatureScheme.schemeNumberID].
|
* Map of supported digital signature schemes associated by [SignatureScheme.schemeNumberID].
|
||||||
* SchemeNumberID is the scheme identifier attached to [SignatureMetadata].
|
* SchemeNumberID is the scheme identifier attached to [SignatureMetadata].
|
||||||
*/
|
*/
|
||||||
private val signatureSchemeNumberIDMap: Map<Int, SignatureScheme> = Crypto.supportedSignatureSchemes().associateBy { it.schemeNumberID }
|
private val signatureSchemeNumberIDMap: Map<Int, SignatureScheme> = supportedSignatureSchemes().associateBy { it.schemeNumberID }
|
||||||
|
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
fun supportedSignatureSchemes(): List<SignatureScheme> = ArrayList(signatureSchemeMap.values)
|
fun supportedSignatureSchemes(): List<SignatureScheme> = ArrayList(signatureSchemeMap.values)
|
||||||
|
|
||||||
|
@DeleteForDJVM
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
fun findProvider(name: String): Provider {
|
fun findProvider(name: String): Provider {
|
||||||
return providerMap[name] ?: throw IllegalArgumentException("Unrecognised provider: $name")
|
return providerMap[name] ?: throw IllegalArgumentException("Unrecognised provider: $name")
|
||||||
@ -303,6 +303,7 @@ object Crypto {
|
|||||||
* @throws IllegalArgumentException on not supported scheme or if the given key specification
|
* @throws IllegalArgumentException on not supported scheme or if the given key specification
|
||||||
* is inappropriate for this key factory to produce a private key.
|
* is inappropriate for this key factory to produce a private key.
|
||||||
*/
|
*/
|
||||||
|
@DeleteForDJVM
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
fun decodePrivateKey(encodedKey: ByteArray): PrivateKey {
|
fun decodePrivateKey(encodedKey: ByteArray): PrivateKey {
|
||||||
val keyInfo = PrivateKeyInfo.getInstance(encodedKey)
|
val keyInfo = PrivateKeyInfo.getInstance(encodedKey)
|
||||||
@ -314,6 +315,7 @@ object Crypto {
|
|||||||
return keyFactory.generatePrivate(PKCS8EncodedKeySpec(encodedKey))
|
return keyFactory.generatePrivate(PKCS8EncodedKeySpec(encodedKey))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@DeleteForDJVM
|
||||||
private fun decodeAliasPrivateKey(keyInfo: PrivateKeyInfo): PrivateKey {
|
private fun decodeAliasPrivateKey(keyInfo: PrivateKeyInfo): PrivateKey {
|
||||||
val encodable = keyInfo.parsePrivateKey() as DLSequence
|
val encodable = keyInfo.parsePrivateKey() as DLSequence
|
||||||
val derutF8String = encodable.getObjectAt(0)
|
val derutF8String = encodable.getObjectAt(0)
|
||||||
@ -329,6 +331,7 @@ object Crypto {
|
|||||||
* @throws IllegalArgumentException on not supported scheme or if the given key specification
|
* @throws IllegalArgumentException on not supported scheme or if the given key specification
|
||||||
* is inappropriate for this key factory to produce a private key.
|
* is inappropriate for this key factory to produce a private key.
|
||||||
*/
|
*/
|
||||||
|
@DeleteForDJVM
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Throws(InvalidKeySpecException::class)
|
@Throws(InvalidKeySpecException::class)
|
||||||
fun decodePrivateKey(schemeCodeName: String, encodedKey: ByteArray): PrivateKey {
|
fun decodePrivateKey(schemeCodeName: String, encodedKey: ByteArray): PrivateKey {
|
||||||
@ -407,7 +410,7 @@ object Crypto {
|
|||||||
val keyFactory = keyFactory(signatureScheme)
|
val keyFactory = keyFactory(signatureScheme)
|
||||||
return keyFactory.generatePublic(X509EncodedKeySpec(encodedKey))
|
return keyFactory.generatePublic(X509EncodedKeySpec(encodedKey))
|
||||||
} catch (ikse: InvalidKeySpecException) {
|
} catch (ikse: InvalidKeySpecException) {
|
||||||
throw throw InvalidKeySpecException("This public key cannot be decoded, please ensure it is X509 encoded and " +
|
throw InvalidKeySpecException("This public key cannot be decoded, please ensure it is X509 encoded and " +
|
||||||
"that it corresponds to the input scheme's code name.", ikse)
|
"that it corresponds to the input scheme's code name.", ikse)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -499,14 +502,14 @@ object Crypto {
|
|||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Throws(InvalidKeyException::class, SignatureException::class)
|
@Throws(InvalidKeyException::class, SignatureException::class)
|
||||||
fun doSign(keyPair: KeyPair, signableData: SignableData): TransactionSignature {
|
fun doSign(keyPair: KeyPair, signableData: SignableData): TransactionSignature {
|
||||||
val sigKey: SignatureScheme = Crypto.findSignatureScheme(keyPair.private)
|
val sigKey: SignatureScheme = findSignatureScheme(keyPair.private)
|
||||||
val sigMetaData: SignatureScheme = Crypto.findSignatureScheme(signableData.signatureMetadata.schemeNumberID)
|
val sigMetaData: SignatureScheme = findSignatureScheme(signableData.signatureMetadata.schemeNumberID)
|
||||||
// Special handling if the advertised SignatureScheme is CompositeKey.
|
// Special handling if the advertised SignatureScheme is CompositeKey.
|
||||||
// TODO fix notaries that advertise [CompositeKey] in their signature Metadata. Currently, clustered notary nodes
|
// TODO fix notaries that advertise [CompositeKey] in their signature Metadata. Currently, clustered notary nodes
|
||||||
// mention Crypto.COMPOSITE_KEY in their SignatureMetadata, but they are actually signing with a leaf-key
|
// mention Crypto.COMPOSITE_KEY in their SignatureMetadata, but they are actually signing with a leaf-key
|
||||||
// (and if they refer to it as a Composite key, then we lose info about the actual type of their signing key).
|
// (and if they refer to it as a Composite key, then we lose info about the actual type of their signing key).
|
||||||
// In short, their metadata should be the leaf key-type, until we support CompositeKey signatures.
|
// In short, their metadata should be the leaf key-type, until we support CompositeKey signatures.
|
||||||
require(sigKey == sigMetaData || sigMetaData == Crypto.COMPOSITE_KEY) {
|
require(sigKey == sigMetaData || sigMetaData == COMPOSITE_KEY) {
|
||||||
"Metadata schemeCodeName: ${sigMetaData.schemeCodeName} is not aligned with the key type: ${sigKey.schemeCodeName}."
|
"Metadata schemeCodeName: ${sigMetaData.schemeCodeName} is not aligned with the key type: ${sigKey.schemeCodeName}."
|
||||||
}
|
}
|
||||||
val signatureBytes = doSign(sigKey.schemeCodeName, keyPair.private, signableData.serialize().bytes)
|
val signatureBytes = doSign(sigKey.schemeCodeName, keyPair.private, signableData.serialize().bytes)
|
||||||
@ -601,7 +604,7 @@ object Crypto {
|
|||||||
@Throws(InvalidKeyException::class, SignatureException::class)
|
@Throws(InvalidKeyException::class, SignatureException::class)
|
||||||
fun doVerify(txId: SecureHash, transactionSignature: TransactionSignature): Boolean {
|
fun doVerify(txId: SecureHash, transactionSignature: TransactionSignature): Boolean {
|
||||||
val signableData = SignableData(originalSignedHash(txId, transactionSignature.partialMerkleTree), transactionSignature.signatureMetadata)
|
val signableData = SignableData(originalSignedHash(txId, transactionSignature.partialMerkleTree), transactionSignature.signatureMetadata)
|
||||||
return Crypto.doVerify(transactionSignature.by, transactionSignature.bytes, signableData.serialize().bytes)
|
return doVerify(transactionSignature.by, transactionSignature.bytes, signableData.serialize().bytes)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -975,15 +978,6 @@ object Crypto {
|
|||||||
@JvmStatic
|
@JvmStatic
|
||||||
fun validatePublicKey(key: PublicKey): Boolean = validatePublicKey(findSignatureScheme(key), key)
|
fun validatePublicKey(key: PublicKey): Boolean = validatePublicKey(findSignatureScheme(key), key)
|
||||||
|
|
||||||
// Validate a key, by checking its algorithmic params.
|
|
||||||
private fun validateKey(signatureScheme: SignatureScheme, key: Key): Boolean {
|
|
||||||
return when (key) {
|
|
||||||
is PublicKey -> validatePublicKey(signatureScheme, key)
|
|
||||||
is PrivateKey -> validatePrivateKey(signatureScheme, key)
|
|
||||||
else -> throw IllegalArgumentException("Unsupported key type: ${key::class}")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if a public key satisfies algorithm specs (for ECC: key should lie on the curve and not being point-at-infinity).
|
// Check if a public key satisfies algorithm specs (for ECC: key should lie on the curve and not being point-at-infinity).
|
||||||
private fun validatePublicKey(signatureScheme: SignatureScheme, key: PublicKey): Boolean {
|
private fun validatePublicKey(signatureScheme: SignatureScheme, key: PublicKey): Boolean {
|
||||||
return when (key) {
|
return when (key) {
|
||||||
@ -994,16 +988,6 @@ object Crypto {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if a private key satisfies algorithm specs.
|
|
||||||
private fun validatePrivateKey(signatureScheme: SignatureScheme, key: PrivateKey): Boolean {
|
|
||||||
return when (key) {
|
|
||||||
is BCECPrivateKey -> key.parameters == signatureScheme.algSpec
|
|
||||||
is EdDSAPrivateKey -> key.params == signatureScheme.algSpec
|
|
||||||
is BCRSAPrivateKey, is BCSphincs256PrivateKey -> true // TODO: Check if non-ECC keys satisfy params (i.e. approved/valid RSA modulus size).
|
|
||||||
else -> throw IllegalArgumentException("Unsupported key type: ${key::class}")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Convert a public key to a supported implementation.
|
* Convert a public key to a supported implementation.
|
||||||
* @param key a public key.
|
* @param key a public key.
|
||||||
@ -1043,6 +1027,7 @@ object Crypto {
|
|||||||
* @throws IllegalArgumentException on not supported scheme or if the given key specification
|
* @throws IllegalArgumentException on not supported scheme or if the given key specification
|
||||||
* is inappropriate for a supported key factory to produce a private key.
|
* is inappropriate for a supported key factory to produce a private key.
|
||||||
*/
|
*/
|
||||||
|
@DeleteForDJVM
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
fun toSupportedPrivateKey(key: PrivateKey): PrivateKey {
|
fun toSupportedPrivateKey(key: PrivateKey): PrivateKey {
|
||||||
return when (key) {
|
return when (key) {
|
||||||
@ -1078,6 +1063,7 @@ object Crypto {
|
|||||||
* CRL & CSR checks etc.).
|
* CRL & CSR checks etc.).
|
||||||
*/
|
*/
|
||||||
// TODO: perform all cryptographic operations via Crypto.
|
// TODO: perform all cryptographic operations via Crypto.
|
||||||
|
@DeleteForDJVM
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
fun registerProviders() {
|
fun registerProviders() {
|
||||||
providerMap
|
providerMap
|
||||||
@ -1088,7 +1074,7 @@ object Crypto {
|
|||||||
setBouncyCastleRNG()
|
setBouncyCastleRNG()
|
||||||
}
|
}
|
||||||
|
|
||||||
@StubOutForDJVM
|
@DeleteForDJVM
|
||||||
private fun setBouncyCastleRNG() {
|
private fun setBouncyCastleRNG() {
|
||||||
CryptoServicesRegistrar.setSecureRandom(newSecureRandom())
|
CryptoServicesRegistrar.setSecureRandom(newSecureRandom())
|
||||||
}
|
}
|
||||||
|
@ -166,7 +166,6 @@ abstract class AbstractAMQPSerializationScheme(
|
|||||||
|
|
||||||
fun registerCustomSerializers(factory: SerializerFactory) {
|
fun registerCustomSerializers(factory: SerializerFactory) {
|
||||||
with(factory) {
|
with(factory) {
|
||||||
register(net.corda.serialization.internal.amqp.custom.PrivateKeySerializer)
|
|
||||||
register(net.corda.serialization.internal.amqp.custom.ThrowableSerializer(this))
|
register(net.corda.serialization.internal.amqp.custom.ThrowableSerializer(this))
|
||||||
register(net.corda.serialization.internal.amqp.custom.BigDecimalSerializer)
|
register(net.corda.serialization.internal.amqp.custom.BigDecimalSerializer)
|
||||||
register(net.corda.serialization.internal.amqp.custom.BigIntegerSerializer)
|
register(net.corda.serialization.internal.amqp.custom.BigIntegerSerializer)
|
||||||
@ -205,6 +204,7 @@ fun registerCustomSerializers(factory: SerializerFactory) {
|
|||||||
@StubOutForDJVM
|
@StubOutForDJVM
|
||||||
private fun registerNonDeterministicSerializers(factory: SerializerFactory) {
|
private fun registerNonDeterministicSerializers(factory: SerializerFactory) {
|
||||||
with(factory) {
|
with(factory) {
|
||||||
|
register(net.corda.serialization.internal.amqp.custom.PrivateKeySerializer)
|
||||||
register(net.corda.serialization.internal.amqp.custom.SimpleStringSerializer)
|
register(net.corda.serialization.internal.amqp.custom.SimpleStringSerializer)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
package net.corda.serialization.internal.amqp.custom
|
package net.corda.serialization.internal.amqp.custom
|
||||||
|
|
||||||
|
import net.corda.core.DeleteForDJVM
|
||||||
import net.corda.core.crypto.Crypto
|
import net.corda.core.crypto.Crypto
|
||||||
import net.corda.core.serialization.SerializationContext
|
import net.corda.core.serialization.SerializationContext
|
||||||
import net.corda.core.serialization.SerializationContext.UseCase.Storage
|
import net.corda.core.serialization.SerializationContext.UseCase.Storage
|
||||||
@ -9,6 +10,7 @@ import org.apache.qpid.proton.codec.Data
|
|||||||
import java.lang.reflect.Type
|
import java.lang.reflect.Type
|
||||||
import java.security.PrivateKey
|
import java.security.PrivateKey
|
||||||
|
|
||||||
|
@DeleteForDJVM
|
||||||
object PrivateKeySerializer
|
object PrivateKeySerializer
|
||||||
: CustomSerializer.Implements<PrivateKey>(
|
: CustomSerializer.Implements<PrivateKey>(
|
||||||
PrivateKey::class.java
|
PrivateKey::class.java
|
||||||
|
Loading…
Reference in New Issue
Block a user