From 9b266307569bee3819b57e4bbf9781cdf768dd17 Mon Sep 17 00:00:00 2001
From: Simon Johnson <106170800+simon-johnson-r3@users.noreply.github.com>
Date: Tue, 23 Jan 2024 12:43:27 +0000
Subject: [PATCH] CORE-19368 Managed key rotation (#1455)

- Made the unmanaged key rotation fields optional (nullable)
- Removed "old generation" because you always and only rotate from the latest generation
- Added keyUuid which is the input for managed key rotation
---
 .../rotation/IndividualKeyRotationRequest.avsc  | 17 +++++++++++------
 .../ops/key/rotation/KeyRotationRequest.avsc    | 11 +++--------
 gradle.properties                               |  2 +-
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/crypto/wire/ops/key/rotation/IndividualKeyRotationRequest.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/crypto/wire/ops/key/rotation/IndividualKeyRotationRequest.avsc
index 6dcef5f83c..6c065ae936 100644
--- a/data/avro-schema/src/main/resources/avro/net/corda/data/crypto/wire/ops/key/rotation/IndividualKeyRotationRequest.avsc
+++ b/data/avro-schema/src/main/resources/avro/net/corda/data/crypto/wire/ops/key/rotation/IndividualKeyRotationRequest.avsc
@@ -16,18 +16,23 @@
     },
     {
       "name": "oldParentKeyAlias",
-      "type": "string",
-      "doc": "The key alias whose protected content will be re-wrapped with a new key."
+      "type": ["null", "string"],
+      "doc": "Mandatory for unmanaged key rotation only, always null for managed key rotation. The key alias whose protected content will be re-wrapped with a new key."
     },
     {
       "name": "newParentKeyAlias",
-      "type": "string",
-      "doc": "The new wrapping key which oldParentKeyAlias' content will be re-wrapped with."
+      "type": ["null", "string"],
+      "doc": "Mandatory for unmanaged key rotation only, always null for managed key rotation. The new wrapping key which oldParentKeyAlias' content will be re-wrapped with."
     },
     {
       "name": "targetKeyAlias",
-      "type": "string",
-      "doc": "Specifies the wrapped key to rotate."
+      "type": ["null", "string"],
+      "doc": "Mandatory for unmanaged key rotation only, always null for managed key rotation. Specifies the wrapped key to rotate."
+    },
+        {
+      "name": "keyUuid",
+      "type": ["null", "string"],
+      "doc": "Mandatory for managed key rotation only, always null for unmanaged key rotation. Specifies the managed wrapping key id to rotate."
     },
     {
       "name": "keyType",
diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/crypto/wire/ops/key/rotation/KeyRotationRequest.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/crypto/wire/ops/key/rotation/KeyRotationRequest.avsc
index 7975c07f61..340c58ab60 100644
--- a/data/avro-schema/src/main/resources/avro/net/corda/data/crypto/wire/ops/key/rotation/KeyRotationRequest.avsc
+++ b/data/avro-schema/src/main/resources/avro/net/corda/data/crypto/wire/ops/key/rotation/KeyRotationRequest.avsc
@@ -21,22 +21,17 @@
     {
       "name": "oldParentKeyAlias",
       "type": ["null", "string"],
-      "doc": "The key alias that should no longer be used, and all its protected content re-wrapped with a new key."
+      "doc": "Mandatory for unmanaged key rotation only, always null for managed key rotation. The key alias that should no longer be used, and all its protected content re-wrapped with a new key."
     },
     {
       "name": "newParentKeyAlias",
       "type": ["null", "string"],
-      "doc": "The unmanaged key alias that should be used for material currently wrapped with old key. Only specified when rotating unmanaged keys."
-    },
-    {
-      "name": "oldGeneration",
-      "type": ["null", "int"],
-      "doc": "Specifies the old generation number we should move away from. If absent, rotate all matching keys."
+      "doc": "Mandatory for unmanaged key rotation only, always null for managed key rotation. The unmanaged key alias that should be used for material currently wrapped with old key."
     },
     {
       "name": "tenantId",
       "type": ["null", "string"],
-      "doc": "Only specified when targeting managed keys. Specifies the specific tenant that owns the old and new key."
+      "doc": "Mandatory for managed key rotation only, always null for unmanaged key rotation. Specifies the specific tenant for which managed wrapping keys will be rotated."
     }
   ]
 }
diff --git a/gradle.properties b/gradle.properties
index 60ca258c14..ed95abb1af 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -5,7 +5,7 @@ cordaProductVersion = 5.2.0
 # NOTE: update this each time this module contains a breaking change
 ## NOTE: currently this is a top level revision, so all API versions will line up, but this could be moved to
 ##   a per module property in which case module versions can change independently.
-cordaApiRevision = 29
+cordaApiRevision = 30
 
 # Main
 kotlin.stdlib.default.dependency = false