Merging forward updates from release/os/4.10 to release/os/4.11 - 2024-11-07

This commit is contained in:
r3-build 2024-11-07 11:08:57 +00:00
commit b6dbd51326
3 changed files with 14 additions and 4 deletions

View File

@ -110,10 +110,11 @@ object AutomaticPlaceholderConstraint : AttachmentConstraint {
* @property key A [PublicKey] that must be fulfilled by the owning keys of the attachment's signing parties.
*/
data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstraint {
override fun isSatisfiedBy(attachment: Attachment): Boolean {
override fun isSatisfiedBy(attachment: Attachment) = isSatisfiedBy(attachment, disableWarnings = false)
fun isSatisfiedBy(attachment: Attachment, disableWarnings: Boolean): Boolean {
log.debug("Checking signature constraints: verifying $key in contract attachment signer keys: ${attachment.signerKeys}")
return if (!key.isFulfilledBy(attachment.signerKeys.map { it })) {
log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}")
if (!disableWarnings) log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}")
false
} else true
}
@ -128,3 +129,11 @@ data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstra
fun create(key: PublicKey) = interner.intern(SignatureAttachmentConstraint(key))
}
}
fun isSatisfiedByWithNoWarnForSigConstraint(constraint: AttachmentConstraint, attachment: Attachment): Boolean {
return if (constraint is SignatureAttachmentConstraint) {
constraint.isSatisfiedBy(attachment, true)
} else {
constraint.isSatisfiedBy(attachment)
}
}

View File

@ -30,6 +30,7 @@ import net.corda.core.contracts.TransactionVerificationException.TransactionMiss
import net.corda.core.contracts.TransactionVerificationException.TransactionNonMatchingEncumbranceException
import net.corda.core.contracts.TransactionVerificationException.TransactionNotaryMismatchEncumbranceException
import net.corda.core.contracts.TransactionVerificationException.TransactionRequiredContractUnspecifiedException
import net.corda.core.contracts.isSatisfiedByWithNoWarnForSigConstraint
import net.corda.core.crypto.CompositeKey
import net.corda.core.crypto.SecureHash
import net.corda.core.internal.rules.StateContractValidationEnforcementRule
@ -427,7 +428,7 @@ private class Validator(private val ltx: LedgerTransaction, private val transact
if (HashAttachmentConstraint.disableHashConstraints && constraint is HashAttachmentConstraint)
logger.warnOnce("Skipping hash constraints verification.")
else if (!constraint.isSatisfiedBy(constraintAttachment)) {
else if (!isSatisfiedByWithNoWarnForSigConstraint(constraint, constraintAttachment)) {
verifyConstraintUsingRotatedKeys(constraint, constraintAttachment, contract)
}
}

View File

@ -571,7 +571,7 @@ open class TransactionBuilder(
// Sanity check that the selected attachment actually passes.
if (!defaultOutputConstraint.isSatisfiedBy(constraintAttachment)) {
if (!isSatisfiedByWithNoWarnForSigConstraint(defaultOutputConstraint, constraintAttachment)) {
// The defaultOutputConstraint is the input constraint by the attachment in use currently may have a rotated key
if (defaultOutputConstraint is SignatureAttachmentConstraint && (getRotatedKeys(serviceHub).canBeTransitioned(defaultOutputConstraint.key, constraintAttachment.signerKeys))) {
return Pair(makeSignatureAttachmentConstraint(attachmentToUse.signerKeys), constraintAttachment)