mirror of
https://github.com/corda/corda.git
synced 2024-12-18 20:47:57 +00:00
ENT-12373: Dont output constraint warnings if they fail when we retry with rotated keys.
This commit is contained in:
parent
f0c73cc95f
commit
cd328a0ca5
@ -115,10 +115,12 @@ object AutomaticPlaceholderConstraint : AttachmentConstraint {
|
||||
* @property key A [PublicKey] that must be fulfilled by the owning keys of the attachment's signing parties.
|
||||
*/
|
||||
data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstraint {
|
||||
override fun isSatisfiedBy(attachment: Attachment): Boolean {
|
||||
override fun isSatisfiedBy(attachment: Attachment) = isSatisfiedBy(attachment, disableWarnings = false)
|
||||
|
||||
fun isSatisfiedBy(attachment: Attachment, disableWarnings: Boolean): Boolean {
|
||||
log.debug { "Checking signature constraints: verifying $key in contract attachment signer keys: ${attachment.signerKeys}" }
|
||||
return if (!key.isFulfilledBy(attachment.signerKeys)) {
|
||||
log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}")
|
||||
if (!disableWarnings) log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}")
|
||||
false
|
||||
} else true
|
||||
}
|
||||
@ -135,3 +137,11 @@ data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstra
|
||||
fun create(key: PublicKey) = interner.intern(SignatureAttachmentConstraint(key))
|
||||
}
|
||||
}
|
||||
|
||||
fun isSatisfiedByWithNoWarnForSigConstraint(constraint: AttachmentConstraint, attachment: Attachment): Boolean {
|
||||
return if (constraint is SignatureAttachmentConstraint) {
|
||||
constraint.isSatisfiedBy(attachment, true)
|
||||
} else {
|
||||
constraint.isSatisfiedBy(attachment)
|
||||
}
|
||||
}
|
||||
|
@ -28,6 +28,7 @@ import net.corda.core.contracts.TransactionVerificationException.TransactionMiss
|
||||
import net.corda.core.contracts.TransactionVerificationException.TransactionNonMatchingEncumbranceException
|
||||
import net.corda.core.contracts.TransactionVerificationException.TransactionNotaryMismatchEncumbranceException
|
||||
import net.corda.core.contracts.TransactionVerificationException.TransactionRequiredContractUnspecifiedException
|
||||
import net.corda.core.contracts.isSatisfiedByWithNoWarnForSigConstraint
|
||||
import net.corda.core.crypto.CompositeKey
|
||||
import net.corda.core.crypto.SecureHash
|
||||
import net.corda.core.internal.AttachmentWithContext
|
||||
@ -432,7 +433,7 @@ private class Validator(private val ltx: LedgerTransaction, private val transact
|
||||
|
||||
if (HashAttachmentConstraint.disableHashConstraints && constraint is HashAttachmentConstraint)
|
||||
logger.warnOnce("Skipping hash constraints verification.")
|
||||
else if (!constraint.isSatisfiedBy(constraintAttachment)) {
|
||||
else if (!isSatisfiedByWithNoWarnForSigConstraint(constraint, constraintAttachment)) {
|
||||
verifyConstraintUsingRotatedKeys(constraint, constraintAttachment, contract)
|
||||
}
|
||||
}
|
||||
|
@ -571,7 +571,7 @@ open class TransactionBuilder(
|
||||
|
||||
// Sanity check that the selected attachment actually passes.
|
||||
|
||||
if (!defaultOutputConstraint.isSatisfiedBy(constraintAttachment)) {
|
||||
if (!isSatisfiedByWithNoWarnForSigConstraint(defaultOutputConstraint, constraintAttachment)) {
|
||||
// The defaultOutputConstraint is the input constraint by the attachment in use currently may have a rotated key
|
||||
if (defaultOutputConstraint is SignatureAttachmentConstraint && services.toVerifyingServiceHub().rotatedKeys.canBeTransitioned(defaultOutputConstraint.key, constraintAttachment.signerKeys)) {
|
||||
return Pair(makeSignatureAttachmentConstraint(attachmentToUse.signerKeys), constraintAttachment)
|
||||
|
Loading…
Reference in New Issue
Block a user