Merge and test fixes

network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/SigningServiceIntegrationTest.kt

@@ -3,14 +3,12 @@ package com.r3.corda.networkmanage.hsm
 import com.nhaarman.mockito_kotlin.*
 import com.r3.corda.networkmanage.common.persistence.configureDatabase
 import com.r3.corda.networkmanage.common.utils.buildCertPath
-import com.r3.corda.networkmanage.common.utils.toX509Certificate
 import com.r3.corda.networkmanage.doorman.DoormanConfig
 import com.r3.corda.networkmanage.doorman.NetworkManagementServer
 import com.r3.corda.networkmanage.hsm.persistence.ApprovedCertificateRequestData
 import com.r3.corda.networkmanage.hsm.persistence.DBSignedCertificateRequestStorage
 import com.r3.corda.networkmanage.hsm.persistence.SignedCertificateRequestStorage
 import com.r3.corda.networkmanage.hsm.signer.HsmCsrSigner
-import net.corda.core.crypto.Crypto
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.cert
 import net.corda.core.internal.createDirectories
@@ -21,12 +19,14 @@ import net.corda.core.utilities.seconds
 import net.corda.node.services.config.NodeConfiguration
 import net.corda.node.utilities.registration.HTTPNetworkRegistrationService
 import net.corda.node.utilities.registration.NetworkRegistrationHelper
+import net.corda.nodeapi.internal.createDevNodeCa
 import net.corda.nodeapi.internal.crypto.*
 import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.testing.ALICE_NAME
 import net.corda.testing.BOB_NAME
 import net.corda.testing.CHARLIE_NAME
 import net.corda.testing.SerializationEnvironmentRule
+import net.corda.testing.internal.createDevIntermediateCaCertPath
 import net.corda.testing.internal.rigorousMock
 import org.bouncycastle.cert.X509CertificateHolder
 import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest
@@ -34,7 +34,6 @@ import org.h2.tools.Server
 import org.junit.*
 import org.junit.rules.TemporaryFolder
 import java.net.URL
-import java.security.KeyPair
 import java.util.*
 import javax.persistence.PersistenceException
 import kotlin.concurrent.scheduleAtFixedRate
@@ -56,15 +55,15 @@ class SigningServiceIntegrationTest {
     val testSerialization = SerializationEnvironmentRule(true)
 
     private lateinit var timer: Timer
-    private lateinit var rootCAKey: KeyPair
+    private lateinit var rootCaCert: X509CertificateHolder
-    private lateinit var rootCACert: X509CertificateHolder
+    private lateinit var intermediateCa: CertificateAndKeyPair
 
     @Before
     fun setUp() {
         timer = Timer()
-        rootCAKey = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+        val (rootCa, intermediateCa) = createDevIntermediateCaCertPath()
-        rootCACert = X509Utilities.createSelfSignedCACertificate(CordaX500Name(commonName = "Integration Test Corda Node Root CA",
+        rootCaCert = rootCa.certificate
-                organisation = "R3 Ltd", locality = "London", country = "GB"), rootCAKey)
+        this.intermediateCa = intermediateCa
     }
 
     @After
@@ -73,22 +72,17 @@ class SigningServiceIntegrationTest {
     }
 
     private fun givenSignerSigningAllRequests(storage: SignedCertificateRequestStorage): HsmCsrSigner {
-        // Create all certificates
-        val intermediateCAKey = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
-        val intermediateCACert = X509Utilities.createCertificate(CertificateType.INTERMEDIATE_CA, rootCACert, rootCAKey,
-                CordaX500Name(commonName = "Integration Test Corda Node Intermediate CA", locality = "London", country = "GB",
-                        organisation = "R3 Ltd"), intermediateCAKey.public)
         // Mock signing logic but keep certificate persistence
         return mock {
             on { sign(any()) }.then {
-                val toSign: List<ApprovedCertificateRequestData> = uncheckedCast(it.arguments[0])
+                val approvedRequests: List<ApprovedCertificateRequestData> = uncheckedCast(it.arguments[0])
-                toSign.forEach {
+                for (approvedRequest in approvedRequests) {
-                    JcaPKCS10CertificationRequest(it.request).run {
+                    JcaPKCS10CertificationRequest(approvedRequest.request).run {
-                        val certificate = X509Utilities.createCertificate(CertificateType.TLS, intermediateCACert, intermediateCAKey, subject, publicKey).toX509Certificate()
+                        val nodeCa = createDevNodeCa(intermediateCa, CordaX500Name.parse(subject.toString()))
-                        it.certPath = buildCertPath(certificate, rootCACert.toX509Certificate())
+                        approvedRequest.certPath = buildCertPath(nodeCa.certificate.cert, intermediateCa.certificate.cert, rootCaCert.cert)
                     }
                 }
-                storage.store(toSign, listOf("TEST"))
+                storage.store(approvedRequests, listOf("TEST"))
             }
         }
     }
@@ -128,9 +122,9 @@ class SigningServiceIntegrationTest {
                     // [org.hibernate.tool.schema.spi.SchemaManagementException] being thrown as the schema is missing.
                 }
             }
-            config.trustStoreFile.parent.createDirectories()
+            config.certificatesDirectory.createDirectories()
             loadOrCreateKeyStore(config.trustStoreFile, config.trustStorePassword).also {
-                it.addOrReplaceCertificate(X509Utilities.CORDA_ROOT_CA, rootCACert.cert)
+                it.addOrReplaceCertificate(X509Utilities.CORDA_ROOT_CA, rootCaCert.cert)
                 it.save(config.trustStoreFile, config.trustStorePassword)
             }
             NetworkRegistrationHelper(config, HTTPNetworkRegistrationService(config.compatibilityZoneURL!!)).buildKeystore()
@@ -172,9 +166,9 @@ class SigningServiceIntegrationTest {
                         }).whenever(it).myLegalName
                         doReturn(URL("http://$HOST:${server.hostAndPort.port}")).whenever(it).compatibilityZoneURL
                     }
-                    config.trustStoreFile.parent.createDirectories()
+                    config.certificatesDirectory.createDirectories()
                     loadOrCreateKeyStore(config.trustStoreFile, config.trustStorePassword).also {
-                        it.addOrReplaceCertificate(X509Utilities.CORDA_ROOT_CA, rootCACert.cert)
+                        it.addOrReplaceCertificate(X509Utilities.CORDA_ROOT_CA, rootCaCert.cert)
                         it.save(config.trustStoreFile, config.trustStorePassword)
                     }
                     NetworkRegistrationHelper(config, HTTPNetworkRegistrationService(config.compatibilityZoneURL!!)).buildKeystore()
@@ -183,7 +177,7 @@ class SigningServiceIntegrationTest {
         }
     }
 
-    fun createConfig(): NodeConfiguration {
+    private fun createConfig(): NodeConfiguration {
         return rigorousMock<NodeConfiguration>().also {
             doReturn(tempFolder.root.toPath()).whenever(it).baseDirectory
             doReturn(it.baseDirectory / "certificates").whenever(it).certificatesDirectory
@@ -195,15 +189,15 @@ class SigningServiceIntegrationTest {
             doReturn("iTest@R3.com").whenever(it).emailAddress
         }
     }
+
+    private fun makeTestDataSourceProperties(): Properties {
+        val props = Properties()
+        props.setProperty("dataSourceClassName", "org.h2.jdbcx.JdbcDataSource")
+        props.setProperty("dataSource.url", "jdbc:h2:mem:${SigningServiceIntegrationTest.DB_NAME};DB_CLOSE_DELAY=-1")
+        props.setProperty("dataSource.user", "sa")
+        props.setProperty("dataSource.password", "")
+        return props
+    }
 }
 
-private fun makeTestDataSourceProperties(): Properties {
+internal fun makeNotInitialisingTestDatabaseProperties() = DatabaseConfig(runMigration = false)
-    val props = Properties()
-    props.setProperty("dataSourceClassName", "org.h2.jdbcx.JdbcDataSource")
-    props.setProperty("dataSource.url", "jdbc:h2:mem:${SigningServiceIntegrationTest.DB_NAME};DB_CLOSE_DELAY=-1")
-    props.setProperty("dataSource.user", "sa")
-    props.setProperty("dataSource.password", "")
-    return props
-}
-
-internal fun makeNotInitialisingTestDatabaseProperties() = DatabaseConfig(runMigration = false)

node/src/integration-test/kotlin/net/corda/node/services/MySQLNotaryServiceTests.kt

@@ -14,7 +14,7 @@ import net.corda.core.transactions.TransactionBuilder
 import net.corda.core.utilities.getOrThrow
 import net.corda.node.internal.StartedNode
 import net.corda.node.services.config.NotaryConfig
-import net.corda.nodeapi.internal.IdentityGenerator
+import net.corda.nodeapi.internal.DevIdentityGenerator
 import net.corda.nodeapi.internal.network.NetworkParametersCopier
 import net.corda.nodeapi.internal.network.NotaryInfo
 import net.corda.testing.*
@@ -46,7 +46,7 @@ class MySQLNotaryServiceTests : IntegrationTest() {
     @Before
     fun before() {
         mockNet = MockNetwork(cordappPackages = listOf("net.corda.testing.contracts"))
-        notaryParty = IdentityGenerator.generateNodeIdentity(mockNet.baseDirectory(mockNet.nextNodeId), notaryName)
+        notaryParty = DevIdentityGenerator.installKeyStoreWithNodeIdentity(mockNet.baseDirectory(mockNet.nextNodeId), notaryName)
         val networkParameters = NetworkParametersCopier(testNetworkParameters(listOf(NotaryInfo(notaryParty, false))))
         val notaryNodeUnstarted = createNotaryNode()
         val nodeUnstarted = mockNet.createUnstartedNode()

node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt

@@ -19,18 +19,13 @@ import net.corda.nodeapi.internal.crypto.X509Utilities
 import net.corda.nodeapi.internal.crypto.X509Utilities.CORDA_CLIENT_CA
 import net.corda.nodeapi.internal.crypto.X509Utilities.CORDA_INTERMEDIATE_CA
 import net.corda.nodeapi.internal.crypto.X509Utilities.CORDA_ROOT_CA
-import net.corda.testing.IntegrationTest
+import net.corda.testing.*
-import net.corda.testing.IntegrationTestSchemas
-import net.corda.testing.ROOT_CA
-import net.corda.testing.SerializationEnvironmentRule
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.driver.PortAllocation
-import net.corda.testing.node.internal.CompatibilityZoneParams
 import net.corda.testing.node.NotarySpec
 import net.corda.testing.node.internal.CompatibilityZoneParams
 import net.corda.testing.node.internal.internalDriver
 import net.corda.testing.node.internal.network.NetworkMapServer
-import net.corda.testing.singleIdentity
 import org.assertj.core.api.Assertions.assertThat
 import org.assertj.core.api.Assertions.assertThatThrownBy
 import org.bouncycastle.pkcs.PKCS10CertificationRequest

node/src/integration-test/kotlin/net/corda/services/messaging/MQSecurityTest.kt

@@ -25,9 +25,7 @@ import net.corda.nodeapi.internal.ArtemisMessagingComponent.Companion.P2P_QUEUE
 import net.corda.nodeapi.internal.ArtemisMessagingComponent.Companion.PEERS_PREFIX
 import net.corda.nodeapi.internal.config.SSLConfiguration
 import net.corda.nodeapi.internal.config.User
-import net.corda.testing.ALICE_NAME
+import net.corda.testing.*
-import net.corda.testing.BOB_NAME
-import net.corda.testing.chooseIdentity
 import net.corda.testing.internal.configureTestSSL
 import net.corda.testing.node.internal.NodeBasedTest
 import net.corda.testing.node.startFlow
@@ -49,6 +47,7 @@ abstract class MQSecurityTest : NodeBasedTest() {
         @ClassRule @JvmField
         val databaseSchemas = IntegrationTestSchemas(ALICE_NAME.toDatabaseSchemaName(), BOB_NAME.toDatabaseSchemaName())
     }
+
     val rpcUser = User("user1", "pass", permissions = emptySet())
     lateinit var alice: StartedNode<Node>
     lateinit var attacker: SimpleMQClient