diff --git a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt index 0540933683..a11956fa79 100644 --- a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt +++ b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt @@ -117,10 +117,11 @@ object AutomaticPlaceholderConstraint : AttachmentConstraint { */ @KeepForDJVM data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstraint { - override fun isSatisfiedBy(attachment: Attachment): Boolean { + override fun isSatisfiedBy(attachment: Attachment) = isSatisfiedBy(attachment, disableWarnings = false) + fun isSatisfiedBy(attachment: Attachment, disableWarnings: Boolean): Boolean { log.debug("Checking signature constraints: verifying $key in contract attachment signer keys: ${attachment.signerKeys}") return if (!key.isFulfilledBy(attachment.signerKeys.map { it })) { - log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}") + if (!disableWarnings) log.warn("Untrusted signing key: expected $key. but contract attachment contains ${attachment.signerKeys}") false } else true } @@ -135,3 +136,11 @@ data class SignatureAttachmentConstraint(val key: PublicKey) : AttachmentConstra fun create(key: PublicKey) = interner.intern(SignatureAttachmentConstraint(key)) } } + +fun isSatisfiedByWithNoWarnForSigConstraint(constraint: AttachmentConstraint, attachment: Attachment): Boolean { + return if (constraint is SignatureAttachmentConstraint) { + constraint.isSatisfiedBy(attachment, true) + } else { + constraint.isSatisfiedBy(attachment) + } +} diff --git a/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt b/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt index 74cb1577f5..c0a922b911 100644 --- a/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt +++ b/core/src/main/kotlin/net/corda/core/internal/TransactionVerifierServiceInternal.kt @@ -32,6 +32,7 @@ import net.corda.core.contracts.TransactionVerificationException.TransactionMiss import net.corda.core.contracts.TransactionVerificationException.TransactionNonMatchingEncumbranceException import net.corda.core.contracts.TransactionVerificationException.TransactionNotaryMismatchEncumbranceException import net.corda.core.contracts.TransactionVerificationException.TransactionRequiredContractUnspecifiedException +import net.corda.core.contracts.isSatisfiedByWithNoWarnForSigConstraint import net.corda.core.crypto.CompositeKey import net.corda.core.crypto.SecureHash import net.corda.core.internal.rules.StateContractValidationEnforcementRule @@ -430,7 +431,7 @@ private class Validator(private val ltx: LedgerTransaction, private val transact if (HashAttachmentConstraint.disableHashConstraints && constraint is HashAttachmentConstraint) logger.warnOnce("Skipping hash constraints verification.") - else if (!constraint.isSatisfiedBy(constraintAttachment)) { + else if (!isSatisfiedByWithNoWarnForSigConstraint(constraint, constraintAttachment)) { verifyConstraintUsingRotatedKeys(constraint, constraintAttachment, contract) } } diff --git a/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt b/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt index daeb6afa0d..b61adc8d07 100644 --- a/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt +++ b/core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt @@ -573,7 +573,7 @@ open class TransactionBuilder( // Sanity check that the selected attachment actually passes. - if (!defaultOutputConstraint.isSatisfiedBy(constraintAttachment)) { + if (!isSatisfiedByWithNoWarnForSigConstraint(defaultOutputConstraint, constraintAttachment)) { // The defaultOutputConstraint is the input constraint by the attachment in use currently may have a rotated key if (defaultOutputConstraint is SignatureAttachmentConstraint && (getRotatedKeys(serviceHub).canBeTransitioned(defaultOutputConstraint.key, constraintAttachment.signerKeys))) { return Pair(makeSignatureAttachmentConstraint(attachmentToUse.signerKeys), constraintAttachment)