Skip to content

chore: Remove loadKeysFromPfxFiles config#23535

Open
poulok wants to merge 6 commits intomainfrom
23124-remove-loadkeys-config
Open

chore: Remove loadKeysFromPfxFiles config#23535
poulok wants to merge 6 commits intomainfrom
23124-remove-loadkeys-config

Conversation

@poulok
Copy link
Copy Markdown
Contributor

@poulok poulok commented Feb 11, 2026
edited
Loading

Description:

Platform (CryptoStatic / BasicConfig):
The loadKeysFromPfxFiles boolean config property is removed entirely. Previously, setting it to false allowed the platform to skip disk-based key loading and instead generate keys deterministically at startup for test environments. That fallback path is now gone — the platform always loads keys from disk via EnhancedKeyStoreLoader.

HAPI Test Framework (NetworkUtils, SubProcessNetwork, WorkingDirUtils):
To keep the HAPI tests working under the new requirement that keys must exist on disk, the changes thread the generated keys through to disk before nodes start:

  1. generateNetworkConfig() now returns a NetworkWithKeys record (wrapping Network + Map<NodeId, KeysAndCerts>) instead of just Network.
  2. SubProcessNetwork stores the nodeKeys map and calls writeNodeSigningKey() after initWorkingDir() — both during initial start() and when adding a node dynamically.
  3. WorkingDirUtils.writeSigningKey() is a new method that writes the signing private key as s-private-node{N}.pem into the node's data/keys/ directory, where EnhancedKeyStoreLoader will find it.

Local Node
Local node is not affected because it puts keys on disk prior to starting the CNs.

** Configuration Changes **
Removal of loadKeysFromPfxFiles from settings.txt files that had overrides for local environments.

Net effect: Key loading is no longer optional/configurable — the platform always expects PEM/PFX files on disk. The HAPI test framework compensates by writing the generated keys to disk itself before each node boots.

Related issue(s):
Fixes #24635

@poulok
remove loadKeysFromPfxFiles config
3178d45 
Signed-off-by: Kelly Greco <kelly@swirldslabs.com>
@poulok poulok added this to the v0.72 milestone Feb 11, 2026
@poulok poulok self-assigned this Feb 11, 2026
@trunk-io
Copy link
Copy Markdown

trunk-io bot commented Feb 11, 2026

Merging to main in this repository is managed by Trunk.

  • To merge this pull request, check the box to the left or comment /trunk merge below.

@lfdt-bot
Copy link
Copy Markdown

lfdt-bot commented Feb 11, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@codacy-production
Copy link
Copy Markdown

codacy-production bot commented Feb 11, 2026
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.00% (target: -1.00%) 0.00%
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (98ccacc) 94614 77712 82.14%
Head commit (d51b181) 94606 (-8) 77708 (-4) 82.14% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#23535) 16 0 0.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 11, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 16 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...java/com/swirlds/platform/crypto/CryptoStatic.java 0.00% 16 Missing ⚠️

Impacted file tree graph

@@            Coverage Diff            @@
##               main   #23535   +/-   ##
=========================================
  Coverage     78.15%   78.15%           
- Complexity    11679    11680    +1     
=========================================
  Files          2488     2488           
  Lines         94711    94703    -8     
  Branches      10231    10229    -2     
=========================================
- Hits          74020    74017    -3     
+ Misses        16948    16944    -4     
+ Partials       3743     3742    -1
Files with missing lines Coverage Δ Complexity Δ
...n/java/org/hiero/consensus/config/BasicConfig.java 100.00% <ø> (ø) 0.00 <0.00> (ø)
...java/com/swirlds/platform/crypto/CryptoStatic.java 40.00% <0.00%> (+4.38%) 0.00 <0.00> (ø)

... and 7 files with indirect coverage changes

Impacted file tree graph

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@poulok
Copy link
Copy Markdown
Contributor Author

poulok commented Feb 13, 2026

Note to self: this cannot be merged until LocalNode is updated to generate keys and not depend on the CN generating keys at startup

@poulok poulok linked an issue Feb 13, 2026 that may be closed by this pull request
Clean up global configuration classes #23124
Open
@poulok poulok removed this from the v0.72 milestone Mar 5, 2026
poulok added 3 commits March 17, 2026 08:43
@poulok
Merge branch 'main' into 23124-remove-loadkeys-config
e31c119 
Signed-off-by: Kelly Greco <kelly@swirldslabs.com>

# Conflicts:
#	hedera-node/test-clients/src/main/java/com/hedera/services/bdd/junit/hedera/subprocess/SubProcessNetwork.java
@poulok
Merge branch 'main' into 23124-remove-loadkeys-config
a0c5d4b
@poulok
cleanup
d51b181 
Signed-off-by: Kelly Greco <kelly@swirldslabs.com>
@poulok poulok added this to the v0.74 milestone Mar 30, 2026
@poulok
Copy link
Copy Markdown
Contributor Author

poulok commented Mar 30, 2026

Note to self: this cannot be merged until LocalNode is updated to generate keys and not depend on the CN generating keys at startup

Upon further investigation, LocalNode does not need to be updated. It is already compatible with this change.

@poulok poulok marked this pull request as ready for review March 30, 2026 19:42
@poulok poulok requested a review from akdev as a code owner March 30, 2026 19:42
@poulok poulok requested a review from lpetrovic05 March 30, 2026 19:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lpetrovic05 lpetrovic05 lpetrovic05 approved these changes

@anthony-swirldslabs anthony-swirldslabs anthony-swirldslabs approved these changes

@rbair23 rbair23 Awaiting requested review from rbair23 rbair23 is a code owner

@dalvizu dalvizu Awaiting requested review from dalvizu dalvizu is a code owner

@Nana-EC Nana-EC Awaiting requested review from Nana-EC Nana-EC is a code owner

@SimiHunjan SimiHunjan Awaiting requested review from SimiHunjan SimiHunjan is a code owner

@steven-sheehy steven-sheehy Awaiting requested review from steven-sheehy steven-sheehy is a code owner

@nathanklick nathanklick Awaiting requested review from nathanklick nathanklick is a code owner

@rbarker-dev rbarker-dev Awaiting requested review from rbarker-dev rbarker-dev is a code owner

@Ferparishuertas Ferparishuertas Awaiting requested review from Ferparishuertas Ferparishuertas is a code owner

@akdev akdev Awaiting requested review from akdev akdev is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@poulok poulok

Labels

None yet

Projects

None yet

Milestone

v0.74

Development

Successfully merging this pull request may close these issues.

Remove loadKeysFromPfxFiles configuration Clean up global configuration classes

4 participants

@poulok @lfdt-bot @lpetrovic05 @anthony-swirldslabs