ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-20 21:43:14 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ENT-11662: Using EdDSA keys when generating notary servive identities

Browse Source 
It was previously generating TLS keys, which seems to have been an oversight.

Using EdDSA also has a slight performance edge, as there's some mutex contention when ECDSA keys are used.
This commit is contained in:
Shams Asari 2024-03-19 09:38:15 +00:00
parent d478decc6f
commit e860c67086
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
View File

@ -121,8 +121,11 @@ open class NetworkRegistrationHelper(
requestIdStore.deleteIfExists() requestIdStore.deleteIfExists()
} }
private fun generateKeyPairAndCertificate(keyAlias: String, legalName: CordaX500Name, certificateRole: CertRole, certStore: CertificateStore): Pair<PublicKey, List<X509Certificate>> { private fun generateKeyPairAndCertificate(keyAlias: String,
val entityPublicKey = loadOrGenerateKeyPair(keyAlias) legalName: CordaX500Name,
certificateRole: CertRole,
certStore: CertificateStore): Pair<PublicKey, List<X509Certificate>> {
val entityPublicKey = loadOrGenerateKeyPair(keyAlias, certificateRole)
val requestId = submitOrResumeCertificateSigningRequest(entityPublicKey, legalName, certificateRole, cryptoService.getSigner(keyAlias)) val requestId = submitOrResumeCertificateSigningRequest(entityPublicKey, legalName, certificateRole, cryptoService.getSigner(keyAlias))
@ -209,11 +212,16 @@ open class NetworkRegistrationHelper(
logProgress("Node identity private key and certificate chain stored in $nodeIdentityAlias.") logProgress("Node identity private key and certificate chain stored in $nodeIdentityAlias.")
} }
private fun loadOrGenerateKeyPair(keyAlias: String): PublicKey { private fun loadOrGenerateKeyPair(keyAlias: String, certificateRole: CertRole): PublicKey {
return if (cryptoService.containsKey(keyAlias)) { return if (cryptoService.containsKey(keyAlias)) {
cryptoService.getPublicKey(keyAlias)!! cryptoService.getPublicKey(keyAlias)!!
} else { } else {
cryptoService.generateKeyPair(keyAlias, cryptoService.defaultTLSSignatureScheme()) val signatureScheme = if (certificateRole == CertRole.SERVICE_IDENTITY) {
cryptoService.defaultIdentitySignatureScheme()
} else {
cryptoService.defaultTLSSignatureScheme()
}
cryptoService.generateKeyPair(keyAlias, signatureScheme)
} }
} }