feat: always generate agreement key on startup (#16315)

Signed-off-by: Edward Wertz <[email protected]>
hashgraph · Oct 31, 2024 · 0b2f935 · 0b2f935
1 parent 2bb9c6c
commit 0b2f935
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 18 deletions.
diff --git a/...orm-sdk/swirlds-platform-core/src/main/java/com/swirlds/platform/crypto/CryptoStatic.java b/...orm-sdk/swirlds-platform-core/src/main/java/com/swirlds/platform/crypto/CryptoStatic.java
@@ -551,7 +551,7 @@ public static Map<NodeId, KeysAndCerts> initNodeSecurity(
                     keysAndCerts = EnhancedKeyStoreLoader.using(addressBook, configuration)
                             .migrate()
                             .scan()
-                            .generateIfNecessary()
+                            .generate()
                             .verify()
                             .injectInAddressBook()
                             .keysAndCerts();

diff --git a/...irlds-platform-core/src/main/java/com/swirlds/platform/crypto/EnhancedKeyStoreLoader.java b/...irlds-platform-core/src/main/java/com/swirlds/platform/crypto/EnhancedKeyStoreLoader.java
@@ -298,33 +298,27 @@ public EnhancedKeyStoreLoader scan() throws KeyLoadingException, KeyStoreExcepti
                 localNodes.add(nodeId);
                 sigPrivateKeys.compute(
                         nodeId, (k, v) -> resolveNodePrivateKey(nodeId, nodeAlias, KeyCertPurpose.SIGNING));
-                agrPrivateKeys.compute(
-                        nodeId, (k, v) -> resolveNodePrivateKey(nodeId, nodeAlias, KeyCertPurpose.AGREEMENT));
             }
 
             sigCertificates.compute(
                     nodeId,
                     (k, v) -> resolveNodeCertificate(nodeId, nodeAlias, KeyCertPurpose.SIGNING, legacyPublicStore));
-            agrCertificates.compute(
-                    nodeId,
-                    (k, v) -> resolveNodeCertificate(nodeId, nodeAlias, KeyCertPurpose.AGREEMENT, legacyPublicStore));
         });
 
         logger.trace(STARTUP.getMarker(), "Completed key store enumeration");
         return this;
     }
 
     /**
-     * Iterates over the local nodes and creates the agreement key and certificate for each if they do not exist.  This
-     * method should be called after {@link #scan()} and before {@link #verify()} in order to generate any missing
-     * agreement keys for local nodes to pass verification.
+     * Iterates over the local nodes and creates the agreement key and certificate for each.  This
+     * method should be called after {@link #scan()} and before {@link #verify()}.
      *
      * @return this {@link EnhancedKeyStoreLoader} instance.
      * @throws NoSuchAlgorithmException if the algorithm required to generate the key pair is not available.
      * @throws NoSuchProviderException  if the security provider required to generate the key pair is not available.
      * @throws KeyGeneratingException   if an error occurred while generating the agreement key pair.
      */
-    public EnhancedKeyStoreLoader generateIfNecessary()
+    public EnhancedKeyStoreLoader generate()
             throws NoSuchAlgorithmException, NoSuchProviderException, KeyGeneratingException {
 
         for (final NodeId node : localNodes) {

diff --git a/...k/swirlds-platform-core/src/test/java/com/swirlds/platform/crypto/CryptoArgsProvider.java b/...k/swirlds-platform-core/src/test/java/com/swirlds/platform/crypto/CryptoArgsProvider.java
@@ -102,7 +102,7 @@ public static AddressBookAndCerts loadAddressBookWithKeys(final int size)
         final Map<NodeId, KeysAndCerts> loadedC = EnhancedKeyStoreLoader.using(
                         createdAB, configure(ResourceLoader.getFile("preGeneratedPEMKeysAndCerts/")))
                 .scan()
-                .generateIfNecessary()
+                .generate()
                 .verify()
                 .injectInAddressBook()
                 .keysAndCerts();

diff --git a/...s-platform-core/src/test/java/com/swirlds/platform/crypto/EnhancedKeyStoreLoaderTest.java b/...s-platform-core/src/test/java/com/swirlds/platform/crypto/EnhancedKeyStoreLoaderTest.java
@@ -117,7 +117,7 @@ void keyStoreLoaderPositiveTest(final String directoryName)
         assertThat(loader).isNotNull();
         assertThatCode(loader::migrate).doesNotThrowAnyException();
         assertThatCode(loader::scan).doesNotThrowAnyException();
-        assertThatCode(loader::generateIfNecessary).doesNotThrowAnyException();
+        assertThatCode(loader::generate).doesNotThrowAnyException();
         assertThatCode(loader::verify).doesNotThrowAnyException();
         assertThatCode(loader::injectInAddressBook).doesNotThrowAnyException();
 
@@ -189,13 +189,9 @@ void keyStoreLoaderNegativeCase2Test(final String directoryName) throws IOExcept
         assertThat(loader).isNotNull();
         assertThatCode(loader::migrate).doesNotThrowAnyException();
         assertThatCode(loader::scan).doesNotThrowAnyException();
-        assertThatCode(loader::generateIfNecessary).isInstanceOf(KeyGeneratingException.class);
+        assertThatCode(loader::generate).isInstanceOf(KeyGeneratingException.class);
         assertThatCode(loader::verify).isInstanceOf(KeyLoadingException.class);
-        if (directoryName.equals("hybrid-invalid-case-2") || directoryName.equals("enhanced-invalid-case-2")) {
-            assertThatCode(loader::injectInAddressBook).isInstanceOf(KeyLoadingException.class);
-        } else {
-            assertThatCode(loader::injectInAddressBook).doesNotThrowAnyException();
-        }
+        assertThatCode(loader::injectInAddressBook).isInstanceOf(KeyLoadingException.class);
         assertThatCode(loader::keysAndCerts).isInstanceOf(KeyLoadingException.class);
     }