mirror of
https://github.com/corda/corda.git
synced 2025-01-14 08:49:47 +00:00
Renaming DAO for the CSR (#500)
This commit is contained in:
parent
965035a92e
commit
021b677b7d
@ -18,7 +18,7 @@ data class CertificateSigningRequest(val requestId: String,
|
||||
/**
|
||||
* Provide certificate signing request storage for the certificate signing server.
|
||||
*/
|
||||
interface CertificationRequestStorage {
|
||||
interface CertificateSigningRequestStorage {
|
||||
companion object {
|
||||
val DOORMAN_SIGNATURE = "Doorman"
|
||||
}
|
@ -17,9 +17,9 @@ import java.time.Instant
|
||||
import javax.security.auth.x500.X500Principal
|
||||
|
||||
/**
|
||||
* Database implementation of the [CertificationRequestStorage] interface.
|
||||
* Database implementation of the [CertificateSigningRequestStorage] interface.
|
||||
*/
|
||||
class PersistentCertificateRequestStorage(private val database: CordaPersistence) : CertificationRequestStorage {
|
||||
class PersistentCertificateSigningRequestStorage(private val database: CordaPersistence) : CertificateSigningRequestStorage {
|
||||
companion object {
|
||||
// TODO: make this configurable?
|
||||
private val allowedCertRoles = setOf(CertRole.NODE_CA, CertRole.SERVICE_IDENTITY)
|
||||
@ -56,7 +56,7 @@ class PersistentCertificateRequestStorage(private val database: CordaPersistence
|
||||
legalName = legalName,
|
||||
publicKeyHash = toSupportedPublicKey(request.subjectPublicKeyInfo).hashString(),
|
||||
requestBytes = request.encoded,
|
||||
modifiedBy = CertificationRequestStorage.DOORMAN_SIGNATURE,
|
||||
modifiedBy = CertificateSigningRequestStorage.DOORMAN_SIGNATURE,
|
||||
status = RequestStatus.NEW
|
||||
)
|
||||
} catch (e: RequestValidationException) {
|
||||
@ -66,7 +66,7 @@ class PersistentCertificateRequestStorage(private val database: CordaPersistence
|
||||
publicKeyHash = toSupportedPublicKey(request.subjectPublicKeyInfo).hashString(),
|
||||
requestBytes = request.encoded,
|
||||
remark = e.rejectMessage,
|
||||
modifiedBy = CertificationRequestStorage.DOORMAN_SIGNATURE,
|
||||
modifiedBy = CertificateSigningRequestStorage.DOORMAN_SIGNATURE,
|
||||
status = RequestStatus.REJECTED
|
||||
)
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
package com.r3.corda.networkmanage.doorman
|
||||
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificationRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificationRequestStorage.Companion.DOORMAN_SIGNATURE
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateSigningRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateSigningRequestStorage.Companion.DOORMAN_SIGNATURE
|
||||
import com.r3.corda.networkmanage.common.persistence.configureDatabase
|
||||
import com.r3.corda.networkmanage.common.utils.*
|
||||
import com.r3.corda.networkmanage.doorman.signer.LocalSigner
|
||||
@ -33,7 +33,7 @@ private fun processKeyStore(parameters: NetworkManagementServerParameters): Pair
|
||||
/**
|
||||
* This storage automatically approves all created requests.
|
||||
*/
|
||||
class ApproveAllCertificateRequestStorage(private val delegate: CertificationRequestStorage) : CertificationRequestStorage by delegate {
|
||||
class ApproveAllCertificateRequestStorage(private val delegate: CertificateSigningRequestStorage) : CertificateSigningRequestStorage by delegate {
|
||||
override fun saveRequest(request: PKCS10CertificationRequest): String {
|
||||
val requestId = delegate.saveRequest(request)
|
||||
delegate.markRequestTicketCreated(requestId)
|
||||
|
@ -1,7 +1,7 @@
|
||||
package com.r3.corda.networkmanage.doorman
|
||||
|
||||
import com.atlassian.jira.rest.client.internal.async.AsynchronousJiraRestClientFactory
|
||||
import com.r3.corda.networkmanage.common.persistence.PersistentCertificateRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.PersistentCertificateSigningRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.PersistentNetworkMapStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.PersistentNodeInfoStorage
|
||||
import com.r3.corda.networkmanage.common.signer.NetworkMapSigner
|
||||
@ -85,9 +85,9 @@ class NetworkManagementServer : Closeable {
|
||||
val requestService = if (config.approveAll) {
|
||||
require(config.jira == null) { "Jira configuration cannot be specified when the approveAll parameter is set to true." }
|
||||
logger.warn("Doorman server is in 'Approve All' mode, this will approve all incoming certificate signing requests.")
|
||||
ApproveAllCertificateRequestStorage(PersistentCertificateRequestStorage(database))
|
||||
ApproveAllCertificateRequestStorage(PersistentCertificateSigningRequestStorage(database))
|
||||
} else {
|
||||
PersistentCertificateRequestStorage(database)
|
||||
PersistentCertificateSigningRequestStorage(database)
|
||||
}
|
||||
|
||||
val jiraConfig = config.jira
|
||||
|
@ -1,13 +1,11 @@
|
||||
package com.r3.corda.networkmanage.doorman.signer
|
||||
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateResponse
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificationRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificationRequestStorage.Companion.DOORMAN_SIGNATURE
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateSigningRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateSigningRequestStorage.Companion.DOORMAN_SIGNATURE
|
||||
import com.r3.corda.networkmanage.common.persistence.RequestStatus
|
||||
import com.r3.corda.networkmanage.common.utils.CertPathAndKey
|
||||
import com.r3.corda.networkmanage.common.utils.getCertRole
|
||||
import net.corda.core.internal.CertRole
|
||||
import net.corda.nodeapi.internal.crypto.CertificateType
|
||||
import net.corda.nodeapi.internal.crypto.X509CertificateFactory
|
||||
import net.corda.nodeapi.internal.crypto.X509Utilities
|
||||
import net.corda.nodeapi.internal.crypto.certificateType
|
||||
@ -25,7 +23,7 @@ interface CsrHandler {
|
||||
fun getResponse(requestId: String): CertificateResponse
|
||||
}
|
||||
|
||||
class DefaultCsrHandler(private val storage: CertificationRequestStorage,
|
||||
class DefaultCsrHandler(private val storage: CertificateSigningRequestStorage,
|
||||
private val csrCertPathAndKey: CertPathAndKey?) : CsrHandler {
|
||||
|
||||
override fun processRequests() {
|
||||
|
@ -2,7 +2,7 @@ package com.r3.corda.networkmanage.doorman.signer
|
||||
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateResponse
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateSigningRequest
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificationRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateSigningRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.RequestStatus
|
||||
import com.r3.corda.networkmanage.doorman.ApprovedRequest
|
||||
import com.r3.corda.networkmanage.doorman.JiraClient
|
||||
@ -10,7 +10,7 @@ import com.r3.corda.networkmanage.doorman.RejectedRequest
|
||||
import net.corda.core.utilities.contextLogger
|
||||
import org.bouncycastle.pkcs.PKCS10CertificationRequest
|
||||
|
||||
class JiraCsrHandler(private val jiraClient: JiraClient, private val storage: CertificationRequestStorage, private val delegate: CsrHandler) : CsrHandler by delegate {
|
||||
class JiraCsrHandler(private val jiraClient: JiraClient, private val storage: CertificateSigningRequestStorage, private val delegate: CsrHandler) : CsrHandler by delegate {
|
||||
private companion object {
|
||||
val log = contextLogger()
|
||||
}
|
||||
|
@ -1,7 +1,7 @@
|
||||
package com.r3.corda.networkmanage.hsm.persistence
|
||||
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateSigningRequest
|
||||
import com.r3.corda.networkmanage.common.persistence.PersistentCertificateRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.PersistentCertificateSigningRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.RequestStatus
|
||||
import net.corda.nodeapi.internal.persistence.CordaPersistence
|
||||
import org.bouncycastle.pkcs.PKCS10CertificationRequest
|
||||
@ -11,7 +11,7 @@ data class ApprovedCertificateRequestData(val requestId: String, val request: PK
|
||||
|
||||
class DBSignedCertificateRequestStorage(database: CordaPersistence) : SignedCertificateRequestStorage {
|
||||
|
||||
private val storage = PersistentCertificateRequestStorage(database)
|
||||
private val storage = PersistentCertificateSigningRequestStorage(database)
|
||||
|
||||
override fun store(requests: List<ApprovedCertificateRequestData>, signer: String) {
|
||||
for ((requestId, _, certPath) in requests) {
|
||||
|
@ -1,7 +1,7 @@
|
||||
package com.r3.corda.networkmanage.common.persistence
|
||||
|
||||
import com.r3.corda.networkmanage.TestBase
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificationRequestStorage.Companion.DOORMAN_SIGNATURE
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateSigningRequestStorage.Companion.DOORMAN_SIGNATURE
|
||||
import com.r3.corda.networkmanage.common.persistence.entity.CertificateSigningRequestEntity
|
||||
import net.corda.core.crypto.Crypto
|
||||
import net.corda.core.crypto.SecureHash
|
||||
@ -25,13 +25,13 @@ import javax.security.auth.x500.X500Principal
|
||||
import kotlin.test.*
|
||||
|
||||
class PersistentCertificateRequestStorageTest : TestBase() {
|
||||
private lateinit var storage: PersistentCertificateRequestStorage
|
||||
private lateinit var storage: PersistentCertificateSigningRequestStorage
|
||||
private lateinit var persistence: CordaPersistence
|
||||
|
||||
@Before
|
||||
fun startDb() {
|
||||
persistence = configureDatabase(makeTestDataSourceProperties(), DatabaseConfig(runMigration = true))
|
||||
storage = PersistentCertificateRequestStorage(persistence)
|
||||
storage = PersistentCertificateSigningRequestStorage(persistence)
|
||||
}
|
||||
|
||||
@After
|
||||
|
@ -22,7 +22,7 @@ class PersistentNetworkMapStorageTest : TestBase() {
|
||||
private lateinit var persistence: CordaPersistence
|
||||
private lateinit var networkMapStorage: PersistentNetworkMapStorage
|
||||
private lateinit var nodeInfoStorage: PersistentNodeInfoStorage
|
||||
private lateinit var requestStorage: PersistentCertificateRequestStorage
|
||||
private lateinit var requestStorage: PersistentCertificateSigningRequestStorage
|
||||
|
||||
private lateinit var rootCaCert: X509Certificate
|
||||
private lateinit var networkMapCa: CertificateAndKeyPair
|
||||
@ -35,7 +35,7 @@ class PersistentNetworkMapStorageTest : TestBase() {
|
||||
persistence = configureDatabase(makeTestDataSourceProperties(), DatabaseConfig(runMigration = true))
|
||||
networkMapStorage = PersistentNetworkMapStorage(persistence)
|
||||
nodeInfoStorage = PersistentNodeInfoStorage(persistence)
|
||||
requestStorage = PersistentCertificateRequestStorage(persistence)
|
||||
requestStorage = PersistentCertificateSigningRequestStorage(persistence)
|
||||
}
|
||||
|
||||
@After
|
||||
|
@ -28,7 +28,7 @@ import kotlin.test.assertNotNull
|
||||
import kotlin.test.assertNull
|
||||
|
||||
class PersistentNodeInfoStorageTest : TestBase() {
|
||||
private lateinit var requestStorage: CertificationRequestStorage
|
||||
private lateinit var requestStorage: CertificateSigningRequestStorage
|
||||
private lateinit var nodeInfoStorage: PersistentNodeInfoStorage
|
||||
private lateinit var persistence: CordaPersistence
|
||||
private lateinit var rootCaCert: X509Certificate
|
||||
@ -41,7 +41,7 @@ class PersistentNodeInfoStorageTest : TestBase() {
|
||||
this.intermediateCa = intermediateCa
|
||||
persistence = configureDatabase(MockServices.makeTestDataSourceProperties(), DatabaseConfig(runMigration = true))
|
||||
nodeInfoStorage = PersistentNodeInfoStorage(persistence)
|
||||
requestStorage = PersistentCertificateRequestStorage(persistence)
|
||||
requestStorage = PersistentCertificateSigningRequestStorage(persistence)
|
||||
}
|
||||
|
||||
@After
|
||||
@ -65,14 +65,14 @@ class PersistentNodeInfoStorageTest : TestBase() {
|
||||
|
||||
val requestId = requestStorage.saveRequest(request)
|
||||
requestStorage.markRequestTicketCreated(requestId)
|
||||
requestStorage.approveRequest(requestId, CertificationRequestStorage.DOORMAN_SIGNATURE)
|
||||
requestStorage.approveRequest(requestId, CertificateSigningRequestStorage.DOORMAN_SIGNATURE)
|
||||
|
||||
assertNull(nodeInfoStorage.getCertificatePath(SecureHash.parse(keyPair.public.hashString())))
|
||||
|
||||
requestStorage.putCertificatePath(
|
||||
requestId,
|
||||
X509Utilities.buildCertPath(nodeCaCert, intermediateCa.certificate, rootCaCert),
|
||||
CertificationRequestStorage.DOORMAN_SIGNATURE)
|
||||
CertificateSigningRequestStorage.DOORMAN_SIGNATURE)
|
||||
|
||||
val storedCertPath = nodeInfoStorage.getCertificatePath(SecureHash.parse(keyPair.public.hashString()))
|
||||
assertNotNull(storedCertPath)
|
||||
@ -132,7 +132,7 @@ class PersistentNodeInfoStorageTest : TestBase() {
|
||||
}
|
||||
|
||||
internal fun createValidSignedNodeInfo(organisation: String,
|
||||
storage: CertificationRequestStorage): Pair<NodeInfoWithSigned, PrivateKey> {
|
||||
storage: CertificateSigningRequestStorage): Pair<NodeInfoWithSigned, PrivateKey> {
|
||||
val (csr, nodeKeyPair) = createRequest(organisation, certRole = CertRole.NODE_CA)
|
||||
val requestId = storage.saveRequest(csr)
|
||||
storage.markRequestTicketCreated(requestId)
|
||||
|
@ -4,8 +4,8 @@ import com.nhaarman.mockito_kotlin.*
|
||||
import com.r3.corda.networkmanage.TestBase
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateResponse
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateStatus
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificationRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificationRequestStorage.Companion.DOORMAN_SIGNATURE
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateSigningRequestStorage
|
||||
import com.r3.corda.networkmanage.common.persistence.CertificateSigningRequestStorage.Companion.DOORMAN_SIGNATURE
|
||||
import com.r3.corda.networkmanage.common.persistence.RequestStatus
|
||||
import com.r3.corda.networkmanage.common.utils.CertPathAndKey
|
||||
import net.corda.core.crypto.Crypto
|
||||
@ -26,7 +26,7 @@ class DefaultCsrHandlerTest : TestBase() {
|
||||
val keyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
|
||||
val cert = X509Utilities.createSelfSignedCACertificate(X500Principal("O=Test,L=London,C=GB"), keyPair)
|
||||
|
||||
val requestStorage: CertificationRequestStorage = mock {
|
||||
val requestStorage: CertificateSigningRequestStorage = mock {
|
||||
on { getRequest("New") }.thenReturn(certificateSigningRequest())
|
||||
on { getRequest("Signed") }.thenReturn(certificateSigningRequest(
|
||||
status = RequestStatus.DONE,
|
||||
@ -51,7 +51,7 @@ class DefaultCsrHandlerTest : TestBase() {
|
||||
Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME))
|
||||
}
|
||||
|
||||
val requestStorage: CertificationRequestStorage = mock {
|
||||
val requestStorage: CertificateSigningRequestStorage = mock {
|
||||
on { getRequests(RequestStatus.APPROVED) }.thenReturn(listOf(
|
||||
certificateSigningRequest(requestId = "1", request = requests[0], status = RequestStatus.APPROVED),
|
||||
certificateSigningRequest(requestId = "2", request = requests[1], status = RequestStatus.APPROVED)
|
||||
@ -97,7 +97,7 @@ class DefaultCsrHandlerTest : TestBase() {
|
||||
Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME), certRole = CertRole.SERVICE_IDENTITY)
|
||||
}
|
||||
|
||||
val requestStorage: CertificationRequestStorage = mock {
|
||||
val requestStorage: CertificateSigningRequestStorage = mock {
|
||||
on { getRequests(RequestStatus.APPROVED) }.thenReturn(listOf(
|
||||
certificateSigningRequest(requestId = "1", request = requests[0], status = RequestStatus.APPROVED)
|
||||
))
|
||||
|
@ -28,7 +28,7 @@ class JiraCsrHandlerTest : TestBase() {
|
||||
private lateinit var jiraClient: JiraClient
|
||||
|
||||
@Mock
|
||||
private lateinit var certificationRequestStorage: CertificationRequestStorage
|
||||
private lateinit var certificationRequestStorage: CertificateSigningRequestStorage
|
||||
|
||||
@Mock
|
||||
private lateinit var defaultCsrHandler: DefaultCsrHandler
|
||||
|
Loading…
Reference in New Issue
Block a user