diff --git a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt index e7efccdde9..2a601a1300 100644 --- a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt +++ b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt @@ -110,10 +110,11 @@ object AutomaticPlaceholderConstraint : AttachmentConstraint { * @property key A [PublicKey] that must be fulfilled by the owning keys of the attachment's signing parties. */ data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstraint { - override fun isSatisfiedBy(attachment: Attachment): Boolean { + override fun isSatisfiedBy(attachment: Attachment) = isSatisfiedBy(attachment, disableWarnings = false) + fun isSatisfiedBy(attachment: Attachment, disableWarnings: Boolean): Boolean { log.debug("Checking signature constraints: verifying $key in contract attachment signer keys: ${attachment.signerKeys}") return if (!key.isFulfilledBy(attachment.signerKeys.map { it })) { - log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}") + if (!disableWarnings) log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}") false } else true } @@ -128,3 +129,11 @@ data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstra fun create(key: PublicKey) = interner.intern(SignatureAttachmentConstraint(key)) } } + +fun isSatisfiedByWithNoWarnForSigConstraint(constraint: AttachmentConstraint, attachment: Attachment): Boolean { + return if (constraint is SignatureAttachmentConstraint) { + constraint.isSatisfiedBy(attachment, true) + } else { + constraint.isSatisfiedBy(attachment) + } +} diff --git a/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt b/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt index 5c8bc2c11c..b589fd4818 100644 --- a/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt +++ b/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt @@ -30,6 +30,7 @@ import net.corda.core.contracts.TransactionVerificationException.TransactionMiss import net.corda.core.contracts.TransactionVerificationException.TransactionNonMatchingEncumbranceException import net.corda.core.contracts.TransactionVerificationException.TransactionNotaryMismatchEncumbranceException import net.corda.core.contracts.TransactionVerificationException.TransactionRequiredContractUnspecifiedException +import net.corda.core.contracts.isSatisfiedByWithNoWarnForSigConstraint import net.corda.core.crypto.CompositeKey import net.corda.core.crypto.SecureHash import net.corda.core.internal.rules.StateContractValidationEnforcementRule @@ -427,7 +428,7 @@ private class Validator(private val ltx: LedgerTransaction, private val transact if (HashAttachmentConstraint.disableHashConstraints && constraint is HashAttachmentConstraint) logger.warnOnce("Skipping hash constraints verification.") - else if (!constraint.isSatisfiedBy(constraintAttachment)) { + else if (!isSatisfiedByWithNoWarnForSigConstraint(constraint, constraintAttachment)) { verifyConstraintUsingRotatedKeys(constraint, constraintAttachment, contract) } } diff --git a/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt b/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt index 75a09efbe0..6ba1735c4c 100644 --- a/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt +++ b/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt @@ -571,7 +571,7 @@ open class TransactionBuilder( // Sanity check that the selected attachment actually passes. - if (!defaultOutputConstraint.isSatisfiedBy(constraintAttachment)) { + if (!isSatisfiedByWithNoWarnForSigConstraint(defaultOutputConstraint, constraintAttachment)) { // The defaultOutputConstraint is the input constraint by the attachment in use currently may have a rotated key if (defaultOutputConstraint is SignatureAttachmentConstraint && (getRotatedKeys(serviceHub).canBeTransitioned(defaultOutputConstraint.key, constraintAttachment.signerKeys))) { return Pair(makeSignatureAttachmentConstraint(attachmentToUse.signerKeys), constraintAttachment)