ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-05 17:01:45 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Removed "Node" prefix from NodeSSLConfiguration and renamed two file properties to end in "File"

Browse Source
This commit is contained in:
Shams Asari 2017-01-23 13:29:10 +00:00
parent 052a660c1b
commit 20fe0f32f2
18 changed files with 62 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
client/src/main/kotlin/net/corda/client/model/NodeMonitorModel.kt
View File

@ -6,14 +6,11 @@ import net.corda.core.flows.StateMachineRunId
import net.corda.core.messaging.CordaRPCOps import net.corda.core.messaging.CordaRPCOps
import net.corda.core.messaging.StateMachineInfo import net.corda.core.messaging.StateMachineInfo
import net.corda.core.messaging.StateMachineUpdate import net.corda.core.messaging.StateMachineUpdate
import net.corda.core.messaging.startFlow
import net.corda.core.node.services.NetworkMapCache.MapChange import net.corda.core.node.services.NetworkMapCache.MapChange
import net.corda.core.node.services.StateMachineTransactionMapping import net.corda.core.node.services.StateMachineTransactionMapping
import net.corda.core.node.services.Vault import net.corda.core.node.services.Vault
import net.corda.core.transactions.SignedTransaction import net.corda.core.transactions.SignedTransaction
import net.corda.flows.CashCommand import net.corda.node.services.config.SSLConfiguration
import net.corda.flows.CashFlow
import net.corda.node.services.config.NodeSSLConfiguration
import net.corda.node.services.messaging.CordaRPCClient import net.corda.node.services.messaging.CordaRPCClient
import rx.Observable import rx.Observable
import rx.subjects.PublishSubject import rx.subjects.PublishSubject
@ -54,7 +51,7 @@ class NodeMonitorModel {
* Register for updates to/from a given vault. * Register for updates to/from a given vault.
* TODO provide an unsubscribe mechanism * TODO provide an unsubscribe mechanism
*/ */
fun register(nodeHostAndPort: HostAndPort, sslConfig: NodeSSLConfiguration, username: String, password: String) { fun register(nodeHostAndPort: HostAndPort, sslConfig: SSLConfiguration, username: String, password: String) {
val client = CordaRPCClient(nodeHostAndPort, sslConfig) val client = CordaRPCClient(nodeHostAndPort, sslConfig)
client.start(username, password) client.start(username, password)
val proxy = client.proxy() val proxy = client.proxy()

4
node/src/integration-test/kotlin/net/corda/services/messaging/MQSecurityTest.kt
View File

@ -12,7 +12,7 @@ import net.corda.core.random63BitValue
import net.corda.core.seconds import net.corda.core.seconds
import net.corda.node.internal.Node import net.corda.node.internal.Node
import net.corda.node.services.User import net.corda.node.services.User
import net.corda.node.services.config.NodeSSLConfiguration import net.corda.node.services.config.SSLConfiguration
import net.corda.node.services.config.configureTestSSL import net.corda.node.services.config.configureTestSSL
import net.corda.node.services.messaging.ArtemisMessagingComponent.Companion.CLIENTS_PREFIX import net.corda.node.services.messaging.ArtemisMessagingComponent.Companion.CLIENTS_PREFIX
import net.corda.node.services.messaging.ArtemisMessagingComponent.Companion.INTERNAL_PREFIX import net.corda.node.services.messaging.ArtemisMessagingComponent.Companion.INTERNAL_PREFIX
@ -151,7 +151,7 @@ abstract class MQSecurityTest : NodeBasedTest() {
assertAllQueueCreationAttacksFail(randomQueue) assertAllQueueCreationAttacksFail(randomQueue)
} }
fun clientTo(target: HostAndPort, config: NodeSSLConfiguration = configureTestSSL()): SimpleMQClient { fun clientTo(target: HostAndPort, config: SSLConfiguration = configureTestSSL()): SimpleMQClient {
val client = SimpleMQClient(target, config) val client = SimpleMQClient(target, config)
clients += client clients += client
return client return client

2
node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
View File

@ -299,7 +299,7 @@ abstract class AbstractNode(open val configuration: NodeConfiguration,
private fun hasSSLCertificates(): Boolean { private fun hasSSLCertificates(): Boolean {
val keyStore = try { val keyStore = try {
// This will throw exception if key file not found or keystore password is incorrect. // This will throw exception if key file not found or keystore password is incorrect.
X509Utilities.loadKeyStore(configuration.keyStorePath, configuration.keyStorePassword) X509Utilities.loadKeyStore(configuration.keyStoreFile, configuration.keyStorePassword)
} catch (e: Exception) { } catch (e: Exception) {
null null
} }

4
node/src/main/kotlin/net/corda/node/internal/Node.kt
View File

@ -188,10 +188,10 @@ class Node(override val configuration: FullNodeConfiguration,
httpsConfiguration.outputBufferSize = 32768 httpsConfiguration.outputBufferSize = 32768
httpsConfiguration.addCustomizer(SecureRequestCustomizer()) httpsConfiguration.addCustomizer(SecureRequestCustomizer())
val sslContextFactory = SslContextFactory() val sslContextFactory = SslContextFactory()
sslContextFactory.keyStorePath = configuration.keyStorePath.toString() sslContextFactory.keyStorePath = configuration.keyStoreFile.toString()
sslContextFactory.setKeyStorePassword(configuration.keyStorePassword) sslContextFactory.setKeyStorePassword(configuration.keyStorePassword)
sslContextFactory.setKeyManagerPassword(configuration.keyStorePassword) sslContextFactory.setKeyManagerPassword(configuration.keyStorePassword)
sslContextFactory.setTrustStorePath(configuration.trustStorePath.toString()) sslContextFactory.setTrustStorePath(configuration.trustStoreFile.toString())
sslContextFactory.setTrustStorePassword(configuration.trustStorePassword) sslContextFactory.setTrustStorePassword(configuration.trustStorePassword)
sslContextFactory.setExcludeProtocols("SSL.*", "TLSv1", "TLSv1.1") sslContextFactory.setExcludeProtocols("SSL.*", "TLSv1", "TLSv1.1")
sslContextFactory.setIncludeProtocols("TLSv1.2") sslContextFactory.setIncludeProtocols("TLSv1.2")

12
node/src/main/kotlin/net/corda/node/services/config/ConfigUtilities.kt
View File

@ -103,22 +103,22 @@ inline fun <reified T : Any> Config.getListOrElse(path: String, default: Config.
*/ */
fun NodeConfiguration.configureWithDevSSLCertificate() = configureDevKeyAndTrustStores(myLegalName) fun NodeConfiguration.configureWithDevSSLCertificate() = configureDevKeyAndTrustStores(myLegalName)
private fun NodeSSLConfiguration.configureDevKeyAndTrustStores(myLegalName: String) { private fun SSLConfiguration.configureDevKeyAndTrustStores(myLegalName: String) {
certificatesDirectory.createDirectories() certificatesDirectory.createDirectories()
if (!trustStorePath.exists()) { if (!trustStoreFile.exists()) {
javaClass.classLoader.getResourceAsStream("net/corda/node/internal/certificates/cordatruststore.jks").copyTo(trustStorePath) javaClass.classLoader.getResourceAsStream("net/corda/node/internal/certificates/cordatruststore.jks").copyTo(trustStoreFile)
} }
if (!keyStorePath.exists()) { if (!keyStoreFile.exists()) {
val caKeyStore = X509Utilities.loadKeyStore( val caKeyStore = X509Utilities.loadKeyStore(
javaClass.classLoader.getResourceAsStream("net/corda/node/internal/certificates/cordadevcakeys.jks"), javaClass.classLoader.getResourceAsStream("net/corda/node/internal/certificates/cordadevcakeys.jks"),
"cordacadevpass") "cordacadevpass")
X509Utilities.createKeystoreForSSL(keyStorePath, keyStorePassword, keyStorePassword, caKeyStore, "cordacadevkeypass", myLegalName) X509Utilities.createKeystoreForSSL(keyStoreFile, keyStorePassword, keyStorePassword, caKeyStore, "cordacadevkeypass", myLegalName)
} }
} }
// TODO Move this to CoreTestUtils.kt once we can pry this from the explorer // TODO Move this to CoreTestUtils.kt once we can pry this from the explorer
@JvmOverloads @JvmOverloads
fun configureTestSSL(legalName: String = "Mega Corp."): NodeSSLConfiguration = object : NodeSSLConfiguration { fun configureTestSSL(legalName: String = "Mega Corp."): SSLConfiguration = object : SSLConfiguration {
override val certificatesDirectory = Files.createTempDirectory("certs") override val certificatesDirectory = Files.createTempDirectory("certs")
override val keyStorePassword: String get() = "cordacadevpass" override val keyStorePassword: String get() = "cordacadevpass"
override val trustStorePassword: String get() = "trustpass" override val trustStorePassword: String get() = "trustpass"

11
node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
View File

@ -13,18 +13,15 @@ import net.corda.node.utilities.TestClock
import java.nio.file.Path import java.nio.file.Path
import java.util.* import java.util.*
// TODO Rename this to SSLConfiguration as it's also used by non-node components interface SSLConfiguration {
interface NodeSSLConfiguration {
val keyStorePassword: String val keyStorePassword: String
val trustStorePassword: String val trustStorePassword: String
val certificatesDirectory: Path val certificatesDirectory: Path
// TODO Rename to keyStoreFile val keyStoreFile: Path get() = certificatesDirectory / "sslkeystore.jks"
val keyStorePath: Path get() = certificatesDirectory / "sslkeystore.jks" val trustStoreFile: Path get() = certificatesDirectory / "truststore.jks"
// TODO Rename to trustStoreFile
val trustStorePath: Path get() = certificatesDirectory / "truststore.jks"
} }
interface NodeConfiguration : NodeSSLConfiguration { interface NodeConfiguration : SSLConfiguration {
val baseDirectory: Path val baseDirectory: Path
override val certificatesDirectory: Path get() = baseDirectory / "certificates" override val certificatesDirectory: Path get() = baseDirectory / "certificates"
val myLegalName: String val myLegalName: String

16
node/src/main/kotlin/net/corda/node/services/messaging/ArtemisMessagingComponent.kt
View File

@ -8,7 +8,7 @@ import net.corda.core.messaging.MessageRecipients
import net.corda.core.messaging.SingleMessageRecipient import net.corda.core.messaging.SingleMessageRecipient
import net.corda.core.read import net.corda.core.read
import net.corda.core.serialization.SingletonSerializeAsToken import net.corda.core.serialization.SingletonSerializeAsToken
import net.corda.node.services.config.NodeSSLConfiguration import net.corda.node.services.config.SSLConfiguration
import net.corda.node.services.messaging.ArtemisMessagingComponent.ConnectionDirection.Inbound import net.corda.node.services.messaging.ArtemisMessagingComponent.ConnectionDirection.Inbound
import net.corda.node.services.messaging.ArtemisMessagingComponent.ConnectionDirection.Outbound import net.corda.node.services.messaging.ArtemisMessagingComponent.ConnectionDirection.Outbound
import org.apache.activemq.artemis.api.core.TransportConfiguration import org.apache.activemq.artemis.api.core.TransportConfiguration
@ -105,7 +105,7 @@ abstract class ArtemisMessagingComponent() : SingletonSerializeAsToken() {
} }
/** The config object is used to pass in the passwords for the certificate KeyStore and TrustStore */ /** The config object is used to pass in the passwords for the certificate KeyStore and TrustStore */
abstract val config: NodeSSLConfiguration? abstract val config: SSLConfiguration?
// Restrict enabled Cipher Suites to AES and GCM as minimum for the bulk cipher. // Restrict enabled Cipher Suites to AES and GCM as minimum for the bulk cipher.
// Our self-generated certificates all use ECDSA for handshakes, but we allow classical RSA certificates to work // Our self-generated certificates all use ECDSA for handshakes, but we allow classical RSA certificates to work
@ -126,10 +126,10 @@ abstract class ArtemisMessagingComponent() : SingletonSerializeAsToken() {
*/ */
fun checkStorePasswords() { fun checkStorePasswords() {
val config = config ?: return val config = config ?: return
config.keyStorePath.read { config.keyStoreFile.read {
KeyStore.getInstance("JKS").load(it, config.keyStorePassword.toCharArray()) KeyStore.getInstance("JKS").load(it, config.keyStorePassword.toCharArray())
} }
config.trustStorePath.read { config.trustStoreFile.read {
KeyStore.getInstance("JKS").load(it, config.trustStorePassword.toCharArray()) KeyStore.getInstance("JKS").load(it, config.trustStorePassword.toCharArray())
} }
} }
@ -149,17 +149,17 @@ abstract class ArtemisMessagingComponent() : SingletonSerializeAsToken() {
) )
if (config != null) { if (config != null) {
config.keyStorePath.expectedOnDefaultFileSystem() config.keyStoreFile.expectedOnDefaultFileSystem()
config.trustStorePath.expectedOnDefaultFileSystem() config.trustStoreFile.expectedOnDefaultFileSystem()
val tlsOptions = mapOf<String, Any?>( val tlsOptions = mapOf<String, Any?>(
// Enable TLS transport layer with client certs and restrict to at least SHA256 in handshake // Enable TLS transport layer with client certs and restrict to at least SHA256 in handshake
// and AES encryption // and AES encryption
TransportConstants.SSL_ENABLED_PROP_NAME to true, TransportConstants.SSL_ENABLED_PROP_NAME to true,
TransportConstants.KEYSTORE_PROVIDER_PROP_NAME to "JKS", TransportConstants.KEYSTORE_PROVIDER_PROP_NAME to "JKS",
TransportConstants.KEYSTORE_PATH_PROP_NAME to config.keyStorePath, TransportConstants.KEYSTORE_PATH_PROP_NAME to config.keyStoreFile,
TransportConstants.KEYSTORE_PASSWORD_PROP_NAME to config.keyStorePassword, // TODO proper management of keystores and password TransportConstants.KEYSTORE_PASSWORD_PROP_NAME to config.keyStorePassword, // TODO proper management of keystores and password
TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME to "JKS", TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME to "JKS",
TransportConstants.TRUSTSTORE_PATH_PROP_NAME to config.trustStorePath, TransportConstants.TRUSTSTORE_PATH_PROP_NAME to config.trustStoreFile,
TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME to config.trustStorePassword, TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME to config.trustStorePassword,
TransportConstants.ENABLED_CIPHER_SUITES_PROP_NAME to CIPHER_SUITES.joinToString(","), TransportConstants.ENABLED_CIPHER_SUITES_PROP_NAME to CIPHER_SUITES.joinToString(","),
TransportConstants.ENABLED_PROTOCOLS_PROP_NAME to "TLSv1.2", TransportConstants.ENABLED_PROTOCOLS_PROP_NAME to "TLSv1.2",

4
node/src/main/kotlin/net/corda/node/services/messaging/ArtemisMessagingServer.kt
View File

@ -211,10 +211,10 @@ class ArtemisMessagingServer(override val config: NodeConfiguration,
private fun createArtemisSecurityManager(): ActiveMQJAASSecurityManager { private fun createArtemisSecurityManager(): ActiveMQJAASSecurityManager {
val rootCAPublicKey = X509Utilities val rootCAPublicKey = X509Utilities
.loadCertificateFromKeyStore(config.trustStorePath, config.trustStorePassword, CORDA_ROOT_CA) .loadCertificateFromKeyStore(config.trustStoreFile, config.trustStorePassword, CORDA_ROOT_CA)
.publicKey .publicKey
val ourCertificate = X509Utilities val ourCertificate = X509Utilities
.loadCertificateFromKeyStore(config.keyStorePath, config.keyStorePassword, CORDA_CLIENT_CA) .loadCertificateFromKeyStore(config.keyStoreFile, config.keyStorePassword, CORDA_CLIENT_CA)
val ourSubjectDN = X500Name(ourCertificate.subjectDN.name) val ourSubjectDN = X500Name(ourCertificate.subjectDN.name)
// This is a sanity check and should not fail unless things have been misconfigured // This is a sanity check and should not fail unless things have been misconfigured
require(ourSubjectDN.commonName == config.myLegalName) { require(ourSubjectDN.commonName == config.myLegalName) {

4
node/src/main/kotlin/net/corda/node/services/messaging/CordaRPCClient.kt
View File

@ -5,7 +5,7 @@ import net.corda.core.ThreadBox
import net.corda.core.logElapsedTime import net.corda.core.logElapsedTime
import net.corda.core.messaging.CordaRPCOps import net.corda.core.messaging.CordaRPCOps
import net.corda.core.utilities.loggerFor import net.corda.core.utilities.loggerFor
import net.corda.node.services.config.NodeSSLConfiguration import net.corda.node.services.config.SSLConfiguration
import net.corda.node.services.messaging.ArtemisMessagingComponent.ConnectionDirection.Outbound import net.corda.node.services.messaging.ArtemisMessagingComponent.ConnectionDirection.Outbound
import org.apache.activemq.artemis.api.core.ActiveMQException import org.apache.activemq.artemis.api.core.ActiveMQException
import org.apache.activemq.artemis.api.core.client.ActiveMQClient import org.apache.activemq.artemis.api.core.client.ActiveMQClient
@ -24,7 +24,7 @@ import javax.annotation.concurrent.ThreadSafe
* @param config If specified, the SSL configuration to use. If not specified, SSL will be disabled and the node will not be authenticated, nor will RPC traffic be encrypted. * @param config If specified, the SSL configuration to use. If not specified, SSL will be disabled and the node will not be authenticated, nor will RPC traffic be encrypted.
*/ */
@ThreadSafe @ThreadSafe
class CordaRPCClient(val host: HostAndPort, override val config: NodeSSLConfiguration?) : Closeable, ArtemisMessagingComponent() { class CordaRPCClient(val host: HostAndPort, override val config: SSLConfiguration?) : Closeable, ArtemisMessagingComponent() {
private companion object { private companion object {
val log = loggerFor<CordaRPCClient>() val log = loggerFor<CordaRPCClient>()
} }

10
node/src/main/kotlin/net/corda/node/services/transactions/RaftUniquenessProvider.kt
View File

@ -20,7 +20,7 @@ import net.corda.core.serialization.SingletonSerializeAsToken
import net.corda.core.serialization.deserialize import net.corda.core.serialization.deserialize
import net.corda.core.serialization.serialize import net.corda.core.serialization.serialize
import net.corda.core.utilities.loggerFor import net.corda.core.utilities.loggerFor
import net.corda.node.services.config.NodeSSLConfiguration import net.corda.node.services.config.SSLConfiguration
import org.jetbrains.exposed.sql.Database import org.jetbrains.exposed.sql.Database
import java.nio.file.Path import java.nio.file.Path
import java.util.concurrent.CompletableFuture import java.util.concurrent.CompletableFuture
@ -43,7 +43,7 @@ import javax.annotation.concurrent.ThreadSafe
*/ */
@ThreadSafe @ThreadSafe
class RaftUniquenessProvider(storagePath: Path, myAddress: HostAndPort, clusterAddresses: List<HostAndPort>, class RaftUniquenessProvider(storagePath: Path, myAddress: HostAndPort, clusterAddresses: List<HostAndPort>,
db: Database, config: NodeSSLConfiguration) : UniquenessProvider, SingletonSerializeAsToken() { db: Database, config: SSLConfiguration) : UniquenessProvider, SingletonSerializeAsToken() {
companion object { companion object {
private val log = loggerFor<RaftUniquenessProvider>() private val log = loggerFor<RaftUniquenessProvider>()
private val DB_TABLE_NAME = "notary_committed_states" private val DB_TABLE_NAME = "notary_committed_states"
@ -96,13 +96,13 @@ class RaftUniquenessProvider(storagePath: Path, myAddress: HostAndPort, clusterA
.build() .build()
} }
private fun buildTransport(config: NodeSSLConfiguration): Transport? { private fun buildTransport(config: SSLConfiguration): Transport? {
return NettyTransport.builder() return NettyTransport.builder()
.withSsl() .withSsl()
.withSslProtocol(SslProtocol.TLSv1_2) .withSslProtocol(SslProtocol.TLSv1_2)
.withKeyStorePath(config.keyStorePath.toString()) .withKeyStorePath(config.keyStoreFile.toString())
.withKeyStorePassword(config.keyStorePassword) .withKeyStorePassword(config.keyStorePassword)
.withTrustStorePath(config.trustStorePath.toString()) .withTrustStorePath(config.trustStoreFile.toString())
.withTrustStorePassword(config.trustStorePassword) .withTrustStorePassword(config.trustStorePassword)
.build() .build()
} }

10
node/src/main/kotlin/net/corda/node/utilities/certsigning/CertificateSigner.kt
View File

@ -33,14 +33,14 @@ class CertificateSigner(val config: NodeConfiguration, val certService: Certific
fun buildKeyStore() { fun buildKeyStore() {
config.certificatesDirectory.createDirectories() config.certificatesDirectory.createDirectories()
val caKeyStore = X509Utilities.loadOrCreateKeyStore(config.keyStorePath, config.keyStorePassword) val caKeyStore = X509Utilities.loadOrCreateKeyStore(config.keyStoreFile, config.keyStorePassword)
if (!caKeyStore.containsAlias(CORDA_CLIENT_CA)) { if (!caKeyStore.containsAlias(CORDA_CLIENT_CA)) {
// No certificate found in key store, create certificate signing request and post request to signing server. // No certificate found in key store, create certificate signing request and post request to signing server.
log.info("No certificate found in key store, creating certificate signing request...") log.info("No certificate found in key store, creating certificate signing request...")
// Create or load key pair from the key store. // Create or load key pair from the key store.
val keyPair = X509Utilities.loadOrCreateKeyPairFromKeyStore(config.keyStorePath, config.keyStorePassword, val keyPair = X509Utilities.loadOrCreateKeyPairFromKeyStore(config.keyStoreFile, config.keyStorePassword,
config.keyStorePassword, CORDA_CLIENT_CA_PRIVATE_KEY) { config.keyStorePassword, CORDA_CLIENT_CA_PRIVATE_KEY) {
X509Utilities.createSelfSignedCACert(config.myLegalName) X509Utilities.createSelfSignedCACert(config.myLegalName)
} }
@ -58,15 +58,15 @@ class CertificateSigner(val config: NodeConfiguration, val certService: Certific
// Assumes certificate chain always starts with client certificate and end with root certificate. // Assumes certificate chain always starts with client certificate and end with root certificate.
caKeyStore.addOrReplaceCertificate(CORDA_CLIENT_CA, certificates.first()) caKeyStore.addOrReplaceCertificate(CORDA_CLIENT_CA, certificates.first())
X509Utilities.saveKeyStore(caKeyStore, config.keyStorePath, config.keyStorePassword) X509Utilities.saveKeyStore(caKeyStore, config.keyStoreFile, config.keyStorePassword)
// Save certificates to trust store. // Save certificates to trust store.
val trustStore = X509Utilities.loadOrCreateKeyStore(config.trustStorePath, config.trustStorePassword) val trustStore = X509Utilities.loadOrCreateKeyStore(config.trustStoreFile, config.trustStorePassword)
// Assumes certificate chain always starts with client certificate and end with root certificate. // Assumes certificate chain always starts with client certificate and end with root certificate.
trustStore.addOrReplaceCertificate(CORDA_ROOT_CA, certificates.last()) trustStore.addOrReplaceCertificate(CORDA_ROOT_CA, certificates.last())
X509Utilities.saveKeyStore(trustStore, config.trustStorePath, config.trustStorePassword) X509Utilities.saveKeyStore(trustStore, config.trustStoreFile, config.trustStorePassword)
} else { } else {
log.trace("Certificate already exists, exiting certificate signer...") log.trace("Certificate already exists, exiting certificate signer...")
} }

12
node/src/test/kotlin/net/corda/node/utilities/certsigning/CertificateSignerTest.kt
View File

@ -39,15 +39,15 @@ class CertificateSignerTest {
myLegalName = "me", myLegalName = "me",
networkMapService = null) networkMapService = null)
assertFalse(config.keyStorePath.exists()) assertFalse(config.keyStoreFile.exists())
assertFalse(config.trustStorePath.exists()) assertFalse(config.trustStoreFile.exists())
CertificateSigner(config, certService).buildKeyStore() CertificateSigner(config, certService).buildKeyStore()
assertTrue(config.keyStorePath.exists()) assertTrue(config.keyStoreFile.exists())
assertTrue(config.trustStorePath.exists()) assertTrue(config.trustStoreFile.exists())
X509Utilities.loadKeyStore(config.keyStorePath, config.keyStorePassword).run { X509Utilities.loadKeyStore(config.keyStoreFile, config.keyStorePassword).run {
assertTrue(containsAlias(X509Utilities.CORDA_CLIENT_CA_PRIVATE_KEY)) assertTrue(containsAlias(X509Utilities.CORDA_CLIENT_CA_PRIVATE_KEY))
assertTrue(containsAlias(X509Utilities.CORDA_CLIENT_CA)) assertTrue(containsAlias(X509Utilities.CORDA_CLIENT_CA))
assertFalse(containsAlias(X509Utilities.CORDA_INTERMEDIATE_CA)) assertFalse(containsAlias(X509Utilities.CORDA_INTERMEDIATE_CA))
@ -56,7 +56,7 @@ class CertificateSignerTest {
assertFalse(containsAlias(X509Utilities.CORDA_ROOT_CA_PRIVATE_KEY)) assertFalse(containsAlias(X509Utilities.CORDA_ROOT_CA_PRIVATE_KEY))
} }
X509Utilities.loadKeyStore(config.trustStorePath, config.trustStorePassword).run { X509Utilities.loadKeyStore(config.trustStoreFile, config.trustStorePassword).run {
assertFalse(containsAlias(X509Utilities.CORDA_CLIENT_CA_PRIVATE_KEY)) assertFalse(containsAlias(X509Utilities.CORDA_CLIENT_CA_PRIVATE_KEY))
assertFalse(containsAlias(X509Utilities.CORDA_CLIENT_CA)) assertFalse(containsAlias(X509Utilities.CORDA_CLIENT_CA))
assertFalse(containsAlias(X509Utilities.CORDA_INTERMEDIATE_CA)) assertFalse(containsAlias(X509Utilities.CORDA_INTERMEDIATE_CA))

6
samples/attachment-demo/src/main/kotlin/net/corda/attachmentdemo/AttachmentDemo.kt
View File

@ -10,7 +10,7 @@ import net.corda.core.messaging.CordaRPCOps
import net.corda.core.messaging.startFlow import net.corda.core.messaging.startFlow
import net.corda.core.utilities.Emoji import net.corda.core.utilities.Emoji
import net.corda.flows.FinalityFlow import net.corda.flows.FinalityFlow
import net.corda.node.services.config.NodeSSLConfiguration import net.corda.node.services.config.SSLConfiguration
import net.corda.node.services.messaging.CordaRPCClient import net.corda.node.services.messaging.CordaRPCClient
import net.corda.testing.ALICE_KEY import net.corda.testing.ALICE_KEY
import java.nio.file.Path import java.nio.file.Path
@ -112,8 +112,8 @@ private fun printHelp(parser: OptionParser) {
// TODO: Take this out once we have a dedicated RPC port and allow SSL on it to be optional. // TODO: Take this out once we have a dedicated RPC port and allow SSL on it to be optional.
private fun sslConfigFor(nodename: String, certsPath: String?): NodeSSLConfiguration { private fun sslConfigFor(nodename: String, certsPath: String?): SSLConfiguration {
return object : NodeSSLConfiguration { return object : SSLConfiguration {
override val keyStorePassword: String = "cordacadevpass" override val keyStorePassword: String = "cordacadevpass"
override val trustStorePassword: String = "trustpass" override val trustStorePassword: String = "trustpass"
override val certificatesDirectory: Path = if (certsPath != null) Paths.get(certsPath) else Paths.get("build") / "nodes" / nodename / "certificates" override val certificatesDirectory: Path = if (certsPath != null) Paths.get(certsPath) else Paths.get("build") / "nodes" / nodename / "certificates"

6
samples/raft-notary-demo/src/main/kotlin/net/corda/notarydemo/NotaryDemo.kt
View File

@ -7,7 +7,7 @@ import net.corda.core.messaging.CordaRPCOps
import net.corda.core.messaging.startFlow import net.corda.core.messaging.startFlow
import net.corda.core.transactions.SignedTransaction import net.corda.core.transactions.SignedTransaction
import net.corda.flows.NotaryFlow import net.corda.flows.NotaryFlow
import net.corda.node.services.config.NodeSSLConfiguration import net.corda.node.services.config.SSLConfiguration
import net.corda.node.services.messaging.CordaRPCClient import net.corda.node.services.messaging.CordaRPCClient
import net.corda.notarydemo.flows.DummyIssueAndMove import net.corda.notarydemo.flows.DummyIssueAndMove
import java.nio.file.Path import java.nio.file.Path
@ -90,8 +90,8 @@ private class NotaryDemoClientApi(val rpc: CordaRPCOps) {
} }
// TODO: Take this out once we have a dedicated RPC port and allow SSL on it to be optional. // TODO: Take this out once we have a dedicated RPC port and allow SSL on it to be optional.
private fun sslConfigFor(nodename: String, certsPath: String?): NodeSSLConfiguration { private fun sslConfigFor(nodename: String, certsPath: String?): SSLConfiguration {
return object : NodeSSLConfiguration { return object : SSLConfiguration {
override val keyStorePassword: String = "cordacadevpass" override val keyStorePassword: String = "cordacadevpass"
override val trustStorePassword: String = "trustpass" override val trustStorePassword: String = "trustpass"
override val certificatesDirectory: Path = if (certsPath != null) Paths.get(certsPath) else Paths.get("build") / "nodes" / nodename / "certificates" override val certificatesDirectory: Path = if (certsPath != null) Paths.get(certsPath) else Paths.get("build") / "nodes" / nodename / "certificates"

6
samples/trader-demo/src/main/kotlin/net/corda/traderdemo/TraderDemo.kt
View File

@ -5,7 +5,7 @@ import joptsimple.OptionParser
import net.corda.core.contracts.DOLLARS import net.corda.core.contracts.DOLLARS
import net.corda.core.div import net.corda.core.div
import net.corda.core.utilities.loggerFor import net.corda.core.utilities.loggerFor
import net.corda.node.services.config.NodeSSLConfiguration import net.corda.node.services.config.SSLConfiguration
import net.corda.node.services.messaging.CordaRPCClient import net.corda.node.services.messaging.CordaRPCClient
import org.slf4j.Logger import org.slf4j.Logger
import java.nio.file.Path import java.nio.file.Path
@ -68,8 +68,8 @@ private class TraderDemo {
} }
// TODO: Take this out once we have a dedicated RPC port and allow SSL on it to be optional. // TODO: Take this out once we have a dedicated RPC port and allow SSL on it to be optional.
private fun sslConfigFor(nodename: String, certsPath: String?): NodeSSLConfiguration { private fun sslConfigFor(nodename: String, certsPath: String?): SSLConfiguration {
return object : NodeSSLConfiguration { return object : SSLConfiguration {
override val keyStorePassword: String = "cordacadevpass" override val keyStorePassword: String = "cordacadevpass"
override val trustStorePassword: String = "trustpass" override val trustStorePassword: String = "trustpass"
override val certificatesDirectory: Path = if (certsPath != null) Paths.get(certsPath) else Paths.get("build") / "nodes" / nodename / "certificates" override val certificatesDirectory: Path = if (certsPath != null) Paths.get(certsPath) else Paths.get("build") / "nodes" / nodename / "certificates"

4
test-utils/src/main/kotlin/net/corda/testing/messaging/SimpleMQClient.kt
View File

@ -1,7 +1,7 @@
package net.corda.testing.messaging package net.corda.testing.messaging
import com.google.common.net.HostAndPort import com.google.common.net.HostAndPort
import net.corda.node.services.config.NodeSSLConfiguration import net.corda.node.services.config.SSLConfiguration
import net.corda.node.services.config.configureTestSSL import net.corda.node.services.config.configureTestSSL
import net.corda.node.services.messaging.ArtemisMessagingComponent import net.corda.node.services.messaging.ArtemisMessagingComponent
import net.corda.node.services.messaging.ArtemisMessagingComponent.ConnectionDirection.Outbound import net.corda.node.services.messaging.ArtemisMessagingComponent.ConnectionDirection.Outbound
@ -11,7 +11,7 @@ import org.apache.activemq.artemis.api.core.client.*
* As the name suggests this is a simple client for connecting to MQ brokers. * As the name suggests this is a simple client for connecting to MQ brokers.
*/ */
class SimpleMQClient(val target: HostAndPort, class SimpleMQClient(val target: HostAndPort,
override val config: NodeSSLConfiguration = configureTestSSL("SimpleMQClient")) : ArtemisMessagingComponent() { override val config: SSLConfiguration = configureTestSSL("SimpleMQClient")) : ArtemisMessagingComponent() {
lateinit var sessionFactory: ClientSessionFactory lateinit var sessionFactory: ClientSessionFactory
lateinit var session: ClientSession lateinit var session: ClientSession
lateinit var producer: ClientProducer lateinit var producer: ClientProducer

8
tools/explorer/src/main/kotlin/net/corda/explorer/views/LoginView.kt
View File

@ -10,7 +10,7 @@ import net.corda.client.model.NodeMonitorModel
import net.corda.client.model.objectProperty import net.corda.client.model.objectProperty
import net.corda.core.exists import net.corda.core.exists
import net.corda.explorer.model.SettingsModel import net.corda.explorer.model.SettingsModel
import net.corda.node.services.config.NodeSSLConfiguration import net.corda.node.services.config.SSLConfiguration
import net.corda.node.services.config.configureTestSSL import net.corda.node.services.config.configureTestSSL
import org.controlsfx.dialog.ExceptionDialog import org.controlsfx.dialog.ExceptionDialog
import tornadofx.* import tornadofx.*
@ -79,14 +79,14 @@ class LoginView : View() {
if (status != LoginStatus.loggedIn) login() if (status != LoginStatus.loggedIn) login()
} }
private fun configureSSL(): NodeSSLConfiguration { private fun configureSSL(): SSLConfiguration {
val sslConfig = object : NodeSSLConfiguration { val sslConfig = object : SSLConfiguration {
override val certificatesDirectory: Path get() = certificatesDir.get() override val certificatesDirectory: Path get() = certificatesDir.get()
override val keyStorePassword: String get() = keyStorePasswordProperty.get() override val keyStorePassword: String get() = keyStorePasswordProperty.get()
override val trustStorePassword: String get() = trustStorePasswordProperty.get() override val trustStorePassword: String get() = trustStorePasswordProperty.get()
} }
// TODO : Don't use dev certificates. // TODO : Don't use dev certificates.
return if (sslConfig.keyStorePath.exists()) sslConfig else configureTestSSL().apply { return if (sslConfig.keyStoreFile.exists()) sslConfig else configureTestSSL().apply {
alert(Alert.AlertType.WARNING, "", "KeyStore not found in certificates directory.\nDEV certificates will be used by default.") alert(Alert.AlertType.WARNING, "", "KeyStore not found in certificates directory.\nDEV certificates will be used by default.")
} }
} }

4
tools/loadtest/src/main/kotlin/net/corda/loadtest/ConnectionManager.kt
View File

@ -11,7 +11,7 @@ import net.corda.core.createDirectories
import net.corda.core.div import net.corda.core.div
import net.corda.core.messaging.CordaRPCOps import net.corda.core.messaging.CordaRPCOps
import net.corda.node.driver.PortAllocation import net.corda.node.driver.PortAllocation
import net.corda.node.services.config.NodeSSLConfiguration import net.corda.node.services.config.SSLConfiguration
import net.corda.node.services.messaging.CordaRPCClient import net.corda.node.services.messaging.CordaRPCClient
import org.slf4j.LoggerFactory import org.slf4j.LoggerFactory
import java.io.ByteArrayOutputStream import java.io.ByteArrayOutputStream
@ -154,7 +154,7 @@ class NodeConnection(
private val certificatesDirectory: Path private val certificatesDirectory: Path
) : Closeable { ) : Closeable {
private val sslConfig = object : NodeSSLConfiguration { private val sslConfig = object : SSLConfiguration {
override val certificatesDirectory = this@NodeConnection.certificatesDirectory override val certificatesDirectory = this@NodeConnection.certificatesDirectory
override val keyStorePassword: String get() = "cordacadevpass" override val keyStorePassword: String get() = "cordacadevpass"
override val trustStorePassword: String get() = "trustpass" override val trustStorePassword: String get() = "trustpass"