mirror of
https://github.com/corda/corda.git
synced 2025-06-22 17:09:00 +00:00
CORDA-831: Add roles to X509 certificates (#2180)
* Add roles to X509 certificates so that the identity service can always determine which certificate in a hierarchy is the well known identity * Rename CLIENT_CA certificate type to NODE_CA * Rename DOORMAN role to INTERMEDIATE_CA * Correct issue in CashTests where instead of providing a well known identity to generateSpend(), a confidential identity was passed in and a confidential identity generated from it. * Enforce role hierarchy in PKI * Enforce that party certificates must be well known or confidential identities * Add network map certificate role
This commit is contained in:
Ross Nicoll
GitHub
@ -102,7 +102,7 @@ fun getTestPartyAndCertificate(party: Party): PartyAndCertificate {
|
||||
nameConstraints = NameConstraints(arrayOf(GeneralSubtree(GeneralName(GeneralName.directoryName, party.name.x500Name))), arrayOf()))
|
||||
|
||||
val identityCert = X509Utilities.createCertificate(
|
||||
CertificateType.WELL_KNOWN_IDENTITY,
|
||||
CertificateType.LEGAL_IDENTITY,
|
||||
nodeCaCert,
|
||||
nodeCaKeyPair,
|
||||
party.name,
|
||||
|
||||
@ -7,7 +7,10 @@ import net.corda.core.contracts.TypeOnlyCommandData
|
||||
import net.corda.core.crypto.generateKeyPair
|
||||
import net.corda.core.identity.CordaX500Name
|
||||
import net.corda.core.internal.toX509CertHolder
|
||||
import net.corda.nodeapi.internal.crypto.*
|
||||
import net.corda.nodeapi.internal.crypto.CertificateAndKeyPair
|
||||
import net.corda.nodeapi.internal.crypto.X509Utilities
|
||||
import net.corda.nodeapi.internal.crypto.getCertificateAndKeyPair
|
||||
import net.corda.nodeapi.internal.crypto.loadKeyStore
|
||||
import org.bouncycastle.cert.X509CertificateHolder
|
||||
import java.security.PublicKey
|
||||
import java.time.Instant
|
||||
|
||||
Reference in New Issue
Block a user