ENT-11662: Using EdDSA keys when generating notary servive identities

It was previously generating TLS keys, which seems to have been an oversight. Using EdDSA also has a slight performance edge, as there's some mutex contention when ECDSA keys are used.
2024-12-18 20:47:57 +00:00 · 2024-03-19 09:38:15 +00:00 · 2024-03-19 09:38:15 +00:00 · e860c67086
commit e860c67086
parent d478decc6f
1 changed files with 12 additions and 4 deletions
--- a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
@ -121,8 +121,11 @@ open class NetworkRegistrationHelper(
        requestIdStore.deleteIfExists()
    }

-    private fun generateKeyPairAndCertificate(keyAlias: String, legalName: CordaX500Name, certificateRole: CertRole, certStore: CertificateStore): Pair<PublicKey, List<X509Certificate>> {
-        val entityPublicKey = loadOrGenerateKeyPair(keyAlias)
+    private fun generateKeyPairAndCertificate(keyAlias: String,
+                                              legalName: CordaX500Name,
+                                              certificateRole: CertRole,
+                                              certStore: CertificateStore): Pair<PublicKey, List<X509Certificate>> {
+        val entityPublicKey = loadOrGenerateKeyPair(keyAlias, certificateRole)

        val requestId = submitOrResumeCertificateSigningRequest(entityPublicKey, legalName, certificateRole, cryptoService.getSigner(keyAlias))

@ -209,11 +212,16 @@ open class NetworkRegistrationHelper(
        logProgress("Node identity private key and certificate chain stored in $nodeIdentityAlias.")
    }

-    private fun loadOrGenerateKeyPair(keyAlias: String): PublicKey {
+    private fun loadOrGenerateKeyPair(keyAlias: String, certificateRole: CertRole): PublicKey {
        return if (cryptoService.containsKey(keyAlias)) {
            cryptoService.getPublicKey(keyAlias)!!
        } else {
-            cryptoService.generateKeyPair(keyAlias, cryptoService.defaultTLSSignatureScheme())
+            val signatureScheme = if (certificateRole == CertRole.SERVICE_IDENTITY) {
+                cryptoService.defaultIdentitySignatureScheme()
+            } else {
+                cryptoService.defaultTLSSignatureScheme()
+            }
+            cryptoService.generateKeyPair(keyAlias, signatureScheme)
        }
    }