mirror of
https://github.com/corda/corda.git
synced 2024-12-29 09:18:58 +00:00
Refactoring modifiedBy and status fields for the certificate signing … (#475)
* Refactoring modifiedBy and status fields for the certificate signing request entity * Fixing migration
This commit is contained in:
parent
26a11bccc9
commit
2d16647498
@ -78,7 +78,7 @@ class SigningServiceIntegrationTest : HsmBaseTest() {
|
|||||||
approvedRequest.certPath = X509Utilities.buildCertPath(nodeCa.certificate, intermediateCa.certificate, rootCaCert)
|
approvedRequest.certPath = X509Utilities.buildCertPath(nodeCa.certificate, intermediateCa.certificate, rootCaCert)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
storage.store(approvedRequests, listOf("TEST"))
|
storage.store(approvedRequests, "TEST")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -12,7 +12,7 @@ data class CertificateSigningRequest(val requestId: String,
|
|||||||
val status: RequestStatus,
|
val status: RequestStatus,
|
||||||
val request: PKCS10CertificationRequest,
|
val request: PKCS10CertificationRequest,
|
||||||
val remark: String?,
|
val remark: String?,
|
||||||
val modifiedBy: List<String>,
|
val modifiedBy: String,
|
||||||
val certData: CertificateData?)
|
val certData: CertificateData?)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -64,12 +64,12 @@ interface CertificationRequestStorage {
|
|||||||
fun rejectRequest(requestId: String, rejectedBy: String, rejectReason: String?)
|
fun rejectRequest(requestId: String, rejectedBy: String, rejectReason: String?)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Store certificate path with [requestId], this will store the encoded [CertPath] and transit request status to [RequestStatus.SIGNED].
|
* Store certificate path with [requestId], this will store the encoded [CertPath] and transit request status to [RequestStatus.DONE].
|
||||||
* @param requestId id of the certificate signing request
|
* @param requestId id of the certificate signing request
|
||||||
* @param signedBy authority (its identifier) signing this request.
|
* @param signedBy authority (its identifier) signing this request.
|
||||||
* @throws IllegalArgumentException if request is not found or not in Approved state.
|
* @throws IllegalArgumentException if request is not found or not in Approved state.
|
||||||
*/
|
*/
|
||||||
fun putCertificatePath(requestId: String, certificates: CertPath, signedBy: List<String>)
|
fun putCertificatePath(requestId: String, certificates: CertPath, signedBy: String)
|
||||||
}
|
}
|
||||||
|
|
||||||
sealed class CertificateResponse {
|
sealed class CertificateResponse {
|
||||||
@ -100,9 +100,9 @@ enum class RequestStatus {
|
|||||||
REJECTED,
|
REJECTED,
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The request has been signed, this is a terminal state, once a request gets in this state it won't change anymore.
|
* The request has been successfully processed, this is a terminal state, once a request gets in this state it won't change anymore.
|
||||||
*/
|
*/
|
||||||
SIGNED
|
DONE
|
||||||
}
|
}
|
||||||
|
|
||||||
enum class CertificateStatus {
|
enum class CertificateStatus {
|
||||||
|
@ -25,7 +25,7 @@ class PersistentCertificateRequestStorage(private val database: CordaPersistence
|
|||||||
private val allowedCertRoles = setOf(CertRole.NODE_CA, CertRole.SERVICE_IDENTITY)
|
private val allowedCertRoles = setOf(CertRole.NODE_CA, CertRole.SERVICE_IDENTITY)
|
||||||
}
|
}
|
||||||
|
|
||||||
override fun putCertificatePath(requestId: String, certificates: CertPath, signedBy: List<String>) {
|
override fun putCertificatePath(requestId: String, certificates: CertPath, signedBy: String) {
|
||||||
return database.transaction(TransactionIsolationLevel.SERIALIZABLE) {
|
return database.transaction(TransactionIsolationLevel.SERIALIZABLE) {
|
||||||
val request = singleRequestWhere(CertificateSigningRequestEntity::class.java) { builder, path ->
|
val request = singleRequestWhere(CertificateSigningRequestEntity::class.java) { builder, path ->
|
||||||
val requestIdEq = builder.equal(path.get<String>(CertificateSigningRequestEntity::requestId.name), requestId)
|
val requestIdEq = builder.equal(path.get<String>(CertificateSigningRequestEntity::requestId.name), requestId)
|
||||||
@ -36,7 +36,7 @@ class PersistentCertificateRequestStorage(private val database: CordaPersistence
|
|||||||
val certificateSigningRequest = request.copy(
|
val certificateSigningRequest = request.copy(
|
||||||
modifiedBy = signedBy,
|
modifiedBy = signedBy,
|
||||||
modifiedAt = Instant.now(),
|
modifiedAt = Instant.now(),
|
||||||
status = RequestStatus.SIGNED)
|
status = RequestStatus.DONE)
|
||||||
session.merge(certificateSigningRequest)
|
session.merge(certificateSigningRequest)
|
||||||
val certificateDataEntity = CertificateDataEntity(
|
val certificateDataEntity = CertificateDataEntity(
|
||||||
certificateStatus = CertificateStatus.VALID,
|
certificateStatus = CertificateStatus.VALID,
|
||||||
@ -56,7 +56,7 @@ class PersistentCertificateRequestStorage(private val database: CordaPersistence
|
|||||||
legalName = legalName,
|
legalName = legalName,
|
||||||
publicKeyHash = toSupportedPublicKey(request.subjectPublicKeyInfo).hashString(),
|
publicKeyHash = toSupportedPublicKey(request.subjectPublicKeyInfo).hashString(),
|
||||||
requestBytes = request.encoded,
|
requestBytes = request.encoded,
|
||||||
modifiedBy = emptyList(),
|
modifiedBy = CertificationRequestStorage.DOORMAN_SIGNATURE,
|
||||||
status = RequestStatus.NEW
|
status = RequestStatus.NEW
|
||||||
)
|
)
|
||||||
} catch (e: RequestValidationException) {
|
} catch (e: RequestValidationException) {
|
||||||
@ -66,7 +66,7 @@ class PersistentCertificateRequestStorage(private val database: CordaPersistence
|
|||||||
publicKeyHash = toSupportedPublicKey(request.subjectPublicKeyInfo).hashString(),
|
publicKeyHash = toSupportedPublicKey(request.subjectPublicKeyInfo).hashString(),
|
||||||
requestBytes = request.encoded,
|
requestBytes = request.encoded,
|
||||||
remark = e.rejectMessage,
|
remark = e.rejectMessage,
|
||||||
modifiedBy = emptyList(),
|
modifiedBy = CertificationRequestStorage.DOORMAN_SIGNATURE,
|
||||||
status = RequestStatus.REJECTED
|
status = RequestStatus.REJECTED
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@ -103,7 +103,7 @@ class PersistentCertificateRequestStorage(private val database: CordaPersistence
|
|||||||
return database.transaction(TransactionIsolationLevel.SERIALIZABLE) {
|
return database.transaction(TransactionIsolationLevel.SERIALIZABLE) {
|
||||||
findRequest(requestId, RequestStatus.TICKET_CREATED)?.let {
|
findRequest(requestId, RequestStatus.TICKET_CREATED)?.let {
|
||||||
val update = it.copy(
|
val update = it.copy(
|
||||||
modifiedBy = listOf(approvedBy),
|
modifiedBy = approvedBy,
|
||||||
modifiedAt = Instant.now(),
|
modifiedAt = Instant.now(),
|
||||||
status = RequestStatus.APPROVED)
|
status = RequestStatus.APPROVED)
|
||||||
session.merge(update)
|
session.merge(update)
|
||||||
@ -116,7 +116,7 @@ class PersistentCertificateRequestStorage(private val database: CordaPersistence
|
|||||||
val request = findRequest(requestId)
|
val request = findRequest(requestId)
|
||||||
request ?: throw IllegalArgumentException("Error when rejecting request with id: $requestId. Request does not exist.")
|
request ?: throw IllegalArgumentException("Error when rejecting request with id: $requestId. Request does not exist.")
|
||||||
val update = request.copy(
|
val update = request.copy(
|
||||||
modifiedBy = listOf(rejectedBy),
|
modifiedBy = rejectedBy,
|
||||||
modifiedAt = Instant.now(),
|
modifiedAt = Instant.now(),
|
||||||
status = RequestStatus.REJECTED,
|
status = RequestStatus.REJECTED,
|
||||||
remark = rejectReason
|
remark = rejectReason
|
||||||
|
@ -66,7 +66,7 @@ class PersistentNodeInfoStorage(private val database: CordaPersistence) : NodeIn
|
|||||||
private fun getSignedRequestByPublicHash(publicKeyHash: SecureHash, transaction: DatabaseTransaction): CertificateSigningRequestEntity? {
|
private fun getSignedRequestByPublicHash(publicKeyHash: SecureHash, transaction: DatabaseTransaction): CertificateSigningRequestEntity? {
|
||||||
return transaction.singleRequestWhere(CertificateSigningRequestEntity::class.java) { builder, path ->
|
return transaction.singleRequestWhere(CertificateSigningRequestEntity::class.java) { builder, path ->
|
||||||
val publicKeyEq = builder.equal(path.get<String>(CertificateSigningRequestEntity::publicKeyHash.name), publicKeyHash.toString())
|
val publicKeyEq = builder.equal(path.get<String>(CertificateSigningRequestEntity::publicKeyHash.name), publicKeyHash.toString())
|
||||||
val statusEq = builder.equal(path.get<RequestStatus>(CertificateSigningRequestEntity::status.name), RequestStatus.SIGNED)
|
val statusEq = builder.equal(path.get<RequestStatus>(CertificateSigningRequestEntity::status.name), RequestStatus.DONE)
|
||||||
builder.and(publicKeyEq, statusEq)
|
builder.and(publicKeyEq, statusEq)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -33,8 +33,7 @@ class CertificateSigningRequestEntity(
|
|||||||
|
|
||||||
@Audited
|
@Audited
|
||||||
@Column(name = "modified_by", length = 512)
|
@Column(name = "modified_by", length = 512)
|
||||||
@ElementCollection(targetClass = String::class, fetch = FetchType.EAGER)
|
val modifiedBy: String,
|
||||||
val modifiedBy: List<String> = emptyList(),
|
|
||||||
|
|
||||||
@Audited
|
@Audited
|
||||||
@Column(name = "modified_at", nullable = false)
|
@Column(name = "modified_at", nullable = false)
|
||||||
@ -66,7 +65,7 @@ class CertificateSigningRequestEntity(
|
|||||||
legalName: String = this.legalName,
|
legalName: String = this.legalName,
|
||||||
publicKeyHash: String = this.publicKeyHash,
|
publicKeyHash: String = this.publicKeyHash,
|
||||||
status: RequestStatus = this.status,
|
status: RequestStatus = this.status,
|
||||||
modifiedBy: List<String> = this.modifiedBy,
|
modifiedBy: String = this.modifiedBy,
|
||||||
modifiedAt: Instant = this.modifiedAt,
|
modifiedAt: Instant = this.modifiedAt,
|
||||||
remark: String? = this.remark,
|
remark: String? = this.remark,
|
||||||
certificateData: CertificateDataEntity? = this.certificateData,
|
certificateData: CertificateDataEntity? = this.certificateData,
|
||||||
|
@ -34,7 +34,7 @@ class DefaultCsrHandler(private val storage: CertificationRequestStorage,
|
|||||||
val nodeCertPath = createSignedNodeCertificate(it.request, csrCertPathAndKey)
|
val nodeCertPath = createSignedNodeCertificate(it.request, csrCertPathAndKey)
|
||||||
// Since Doorman is deployed in the auto-signing mode (i.e. signer != null),
|
// Since Doorman is deployed in the auto-signing mode (i.e. signer != null),
|
||||||
// we use DOORMAN_SIGNATURE as the signer.
|
// we use DOORMAN_SIGNATURE as the signer.
|
||||||
storage.putCertificatePath(it.requestId, nodeCertPath, listOf(DOORMAN_SIGNATURE))
|
storage.putCertificatePath(it.requestId, nodeCertPath, DOORMAN_SIGNATURE)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -45,7 +45,7 @@ class DefaultCsrHandler(private val storage: CertificationRequestStorage,
|
|||||||
return when (response?.status) {
|
return when (response?.status) {
|
||||||
RequestStatus.NEW, RequestStatus.APPROVED, RequestStatus.TICKET_CREATED, null -> CertificateResponse.NotReady
|
RequestStatus.NEW, RequestStatus.APPROVED, RequestStatus.TICKET_CREATED, null -> CertificateResponse.NotReady
|
||||||
RequestStatus.REJECTED -> CertificateResponse.Unauthorised(response.remark ?: "Unknown reason")
|
RequestStatus.REJECTED -> CertificateResponse.Unauthorised(response.remark ?: "Unknown reason")
|
||||||
RequestStatus.SIGNED -> CertificateResponse.Ready(response.certData?.certPath ?: throw IllegalArgumentException("Certificate should not be null."))
|
RequestStatus.DONE -> CertificateResponse.Ready(response.certData?.certPath ?: throw IllegalArgumentException("Certificate should not be null."))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -8,7 +8,6 @@ import com.r3.corda.networkmanage.doorman.ApprovedRequest
|
|||||||
import com.r3.corda.networkmanage.doorman.JiraClient
|
import com.r3.corda.networkmanage.doorman.JiraClient
|
||||||
import com.r3.corda.networkmanage.doorman.RejectedRequest
|
import com.r3.corda.networkmanage.doorman.RejectedRequest
|
||||||
import net.corda.core.utilities.contextLogger
|
import net.corda.core.utilities.contextLogger
|
||||||
import net.corda.core.utilities.loggerFor
|
|
||||||
import org.bouncycastle.pkcs.PKCS10CertificationRequest
|
import org.bouncycastle.pkcs.PKCS10CertificationRequest
|
||||||
|
|
||||||
class JiraCsrHandler(private val jiraClient: JiraClient, private val storage: CertificationRequestStorage, private val delegate: CsrHandler) : CsrHandler by delegate {
|
class JiraCsrHandler(private val jiraClient: JiraClient, private val storage: CertificationRequestStorage, private val delegate: CsrHandler) : CsrHandler by delegate {
|
||||||
@ -50,7 +49,7 @@ class JiraCsrHandler(private val jiraClient: JiraClient, private val storage: Ce
|
|||||||
private fun updateJiraTickets(approvedRequest: List<ApprovedRequest>, rejectedRequest: List<RejectedRequest>) {
|
private fun updateJiraTickets(approvedRequest: List<ApprovedRequest>, rejectedRequest: List<RejectedRequest>) {
|
||||||
// Reconfirm request status and update jira status
|
// Reconfirm request status and update jira status
|
||||||
val signedRequests = approvedRequest.mapNotNull { storage.getRequest(it.requestId) }
|
val signedRequests = approvedRequest.mapNotNull { storage.getRequest(it.requestId) }
|
||||||
.filter { it.status == RequestStatus.SIGNED && it.certData != null }
|
.filter { it.status == RequestStatus.DONE && it.certData != null }
|
||||||
.associateBy { it.requestId }
|
.associateBy { it.requestId }
|
||||||
.mapValues { it.value.certData!!.certPath }
|
.mapValues { it.value.certData!!.certPath }
|
||||||
jiraClient.updateSignedRequests(signedRequests)
|
jiraClient.updateSignedRequests(signedRequests)
|
||||||
|
@ -13,9 +13,9 @@ class DBSignedCertificateRequestStorage(database: CordaPersistence) : SignedCert
|
|||||||
|
|
||||||
private val storage = PersistentCertificateRequestStorage(database)
|
private val storage = PersistentCertificateRequestStorage(database)
|
||||||
|
|
||||||
override fun store(requests: List<ApprovedCertificateRequestData>, signers: List<String>) {
|
override fun store(requests: List<ApprovedCertificateRequestData>, signer: String) {
|
||||||
for ((requestId, _, certPath) in requests) {
|
for ((requestId, _, certPath) in requests) {
|
||||||
storage.putCertificatePath(requestId, certPath!!, signers)
|
storage.putCertificatePath(requestId, certPath!!, signer)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -16,5 +16,5 @@ interface SignedCertificateRequestStorage {
|
|||||||
* @param requests Signed requests that are to be stored.
|
* @param requests Signed requests that are to be stored.
|
||||||
* @param signers List of user names that signed those requests. To be specific, each request has been signed by all of those users.
|
* @param signers List of user names that signed those requests. To be specific, each request has been signed by all of those users.
|
||||||
*/
|
*/
|
||||||
fun store(requests: List<ApprovedCertificateRequestData>, signers: List<String>)
|
fun store(requests: List<ApprovedCertificateRequestData>, signer: String)
|
||||||
}
|
}
|
@ -64,7 +64,7 @@ class HsmCsrSigner(private val storage: SignedCertificateRequestStorage,
|
|||||||
it.certPath = buildCertPath(nodeCaCert, doormanCertAndKey.certificate, rootCert)
|
it.certPath = buildCertPath(nodeCaCert, doormanCertAndKey.certificate, rootCert)
|
||||||
}
|
}
|
||||||
logger.debug("Storing signed CSRs...")
|
logger.debug("Storing signed CSRs...")
|
||||||
storage.store(toSign, signers)
|
storage.store(toSign, signers.toString())
|
||||||
printStream.println("The following certificates have been signed by $signers:")
|
printStream.println("The following certificates have been signed by $signers:")
|
||||||
logger.debug("The following certificates have been signed by $signers:")
|
logger.debug("The following certificates have been signed by $signers:")
|
||||||
toSign.forEachIndexed { index, data ->
|
toSign.forEachIndexed { index, data ->
|
||||||
|
@ -4,5 +4,6 @@
|
|||||||
<include file="migration/network-manager.changelog-init.xml"/>
|
<include file="migration/network-manager.changelog-init.xml"/>
|
||||||
<include file="migration/network-manager.changelog-signing-network-params.xml"/>
|
<include file="migration/network-manager.changelog-signing-network-params.xml"/>
|
||||||
<include file="migration/network-manager.changelog-pub-key-move.xml"/>
|
<include file="migration/network-manager.changelog-pub-key-move.xml"/>
|
||||||
|
<include file="migration/network-manager.changelog-modified-by-refactor.xml"/>
|
||||||
|
|
||||||
</databaseChangeLog>
|
</databaseChangeLog>
|
||||||
|
@ -0,0 +1,61 @@
|
|||||||
|
<?xml version="1.1" encoding="UTF-8" standalone="no"?>
|
||||||
|
<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:ext="http://www.liquibase.org/xml/ns/dbchangelog-ext" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog-ext http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-ext.xsd http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
|
||||||
|
<changeSet author="R3.Corda" id="refactor_request_status">
|
||||||
|
<update tableName="certificate_signing_request">
|
||||||
|
<column name="status" value="DONE"/>
|
||||||
|
<where>status = 'SIGNED'</where>
|
||||||
|
</update>
|
||||||
|
<update tableName="certificate_signing_request_AUD">
|
||||||
|
<column name="status" value="DONE"/>
|
||||||
|
<where>status = 'SIGNED'</where>
|
||||||
|
</update>
|
||||||
|
</changeSet>
|
||||||
|
<changeSet author="R3.Corda" id="refactor_modified_by">
|
||||||
|
<addColumn tableName="certificate_signing_request">
|
||||||
|
<column name="modified_by" type="NVARCHAR(512)"/>
|
||||||
|
</addColumn>
|
||||||
|
<addColumn tableName="certificate_signing_request_AUD">
|
||||||
|
<column name="modified_by" type="NVARCHAR(512)"/>
|
||||||
|
</addColumn>
|
||||||
|
<update tableName="certificate_signing_request">
|
||||||
|
<column name="modified_by" valueComputed="(select b.modified_by from CertificateSigningRequestEntity_modifiedBy b where b.CertificateSigningRequestEntity_request_id=request_id)"/>
|
||||||
|
</update>
|
||||||
|
</changeSet>
|
||||||
|
<changeSet author="R3.Corda" id="refactor_modified_by_sql_azure" dbms="azure">
|
||||||
|
<sql>
|
||||||
|
UPDATE
|
||||||
|
csr_a
|
||||||
|
SET
|
||||||
|
csr_a.modified_by = csr_mb_a.modified_by
|
||||||
|
FROM
|
||||||
|
certificate_signing_request_AUD AS csr_a
|
||||||
|
INNER JOIN CertificateSigningRequestEntity_modifiedBy_AUD AS csr_mb_a
|
||||||
|
ON csr_a.rev = csr_mb_a.rev
|
||||||
|
WHERE
|
||||||
|
csr_mb_a.revtype = 0
|
||||||
|
</sql>
|
||||||
|
</changeSet>
|
||||||
|
<changeSet author="R3.Corda" id="refactor_modified_by_sql_h2" dbms="h2">
|
||||||
|
<sql>
|
||||||
|
UPDATE
|
||||||
|
certificate_signing_request_AUD as csr_a
|
||||||
|
SET
|
||||||
|
(csr_a.modified_by) = (SELECT csr_mb_a.modified_by
|
||||||
|
FROM
|
||||||
|
certificate_signing_request_AUD AS csr_a
|
||||||
|
INNER JOIN CertificateSigningRequestEntity_modifiedBy_AUD AS csr_mb_a
|
||||||
|
ON csr_a.rev = csr_mb_a.rev
|
||||||
|
WHERE
|
||||||
|
csr_mb_a.revtype = 0)
|
||||||
|
</sql>
|
||||||
|
</changeSet>
|
||||||
|
<changeSet author="R3.Corda" id="refactor_modified_by_drops">
|
||||||
|
<dropForeignKeyConstraint baseTableName="CertificateSigningRequestEntity_modifiedBy" constraintName="FKLFW2KLKDPLYDROVIBVEOMF9PU"/>
|
||||||
|
<dropIndex indexName="FKLFW2KLKDPLYDROVIBVEOMF9PU_INDEX_C"
|
||||||
|
tableName="CertificateSigningRequestEntity_modifiedBy"/>
|
||||||
|
<dropTable cascadeConstraints="true"
|
||||||
|
tableName="CertificateSigningRequestEntity_modifiedBy"/>
|
||||||
|
<dropTable cascadeConstraints="true"
|
||||||
|
tableName="CertificateSigningRequestEntity_modifiedBy_AUD"/>
|
||||||
|
</changeSet>
|
||||||
|
</databaseChangeLog>
|
@ -24,7 +24,7 @@ abstract class TestBase {
|
|||||||
remark: String = "Test remark",
|
remark: String = "Test remark",
|
||||||
request: PKCS10CertificationRequest = mock(),
|
request: PKCS10CertificationRequest = mock(),
|
||||||
certData: CertificateData = mock(),
|
certData: CertificateData = mock(),
|
||||||
modifiedBy: List<String> = emptyList()
|
modifiedBy: String = "Test"
|
||||||
): CertificateSigningRequest {
|
): CertificateSigningRequest {
|
||||||
return CertificateSigningRequest(
|
return CertificateSigningRequest(
|
||||||
requestId = requestId,
|
requestId = requestId,
|
||||||
|
@ -108,7 +108,7 @@ class PersistentCertificateRequestStorageTest : TestBase() {
|
|||||||
storage.putCertificatePath(
|
storage.putCertificatePath(
|
||||||
requestId,
|
requestId,
|
||||||
generateSignedCertPath(csr, nodeKeyPair),
|
generateSignedCertPath(csr, nodeKeyPair),
|
||||||
listOf(DOORMAN_SIGNATURE)
|
DOORMAN_SIGNATURE
|
||||||
)
|
)
|
||||||
// Check request is ready
|
// Check request is ready
|
||||||
assertNotNull(storage.getRequest(requestId)!!.certData)
|
assertNotNull(storage.getRequest(requestId)!!.certData)
|
||||||
@ -126,14 +126,14 @@ class PersistentCertificateRequestStorageTest : TestBase() {
|
|||||||
storage.putCertificatePath(
|
storage.putCertificatePath(
|
||||||
requestId,
|
requestId,
|
||||||
generateSignedCertPath(csr, nodeKeyPair),
|
generateSignedCertPath(csr, nodeKeyPair),
|
||||||
listOf(DOORMAN_SIGNATURE)
|
DOORMAN_SIGNATURE
|
||||||
)
|
)
|
||||||
// When subsequent signature requested
|
// When subsequent signature requested
|
||||||
assertFailsWith(IllegalArgumentException::class) {
|
assertFailsWith(IllegalArgumentException::class) {
|
||||||
storage.putCertificatePath(
|
storage.putCertificatePath(
|
||||||
requestId,
|
requestId,
|
||||||
generateSignedCertPath(csr, nodeKeyPair),
|
generateSignedCertPath(csr, nodeKeyPair),
|
||||||
listOf(DOORMAN_SIGNATURE))
|
DOORMAN_SIGNATURE)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -149,7 +149,7 @@ class PersistentCertificateRequestStorageTest : TestBase() {
|
|||||||
storage.putCertificatePath(
|
storage.putCertificatePath(
|
||||||
requestId,
|
requestId,
|
||||||
generateSignedCertPath(csr, nodeKeyPair),
|
generateSignedCertPath(csr, nodeKeyPair),
|
||||||
listOf(DOORMAN_SIGNATURE)
|
DOORMAN_SIGNATURE
|
||||||
)
|
)
|
||||||
// Sign certificate
|
// Sign certificate
|
||||||
// When request with the same public key is requested
|
// When request with the same public key is requested
|
||||||
@ -202,7 +202,7 @@ class PersistentCertificateRequestStorageTest : TestBase() {
|
|||||||
storage.putCertificatePath(
|
storage.putCertificatePath(
|
||||||
requestId,
|
requestId,
|
||||||
generateSignedCertPath(csr, nodeKeyPair),
|
generateSignedCertPath(csr, nodeKeyPair),
|
||||||
listOf(DOORMAN_SIGNATURE)
|
DOORMAN_SIGNATURE
|
||||||
)
|
)
|
||||||
val rejectedRequestId = storage.saveRequest(createRequest("BankA", certRole = CertRole.NODE_CA).first)
|
val rejectedRequestId = storage.saveRequest(createRequest("BankA", certRole = CertRole.NODE_CA).first)
|
||||||
assertThat(storage.getRequest(rejectedRequestId)!!.remark).containsIgnoringCase("duplicate")
|
assertThat(storage.getRequest(rejectedRequestId)!!.remark).containsIgnoringCase("duplicate")
|
||||||
@ -234,15 +234,15 @@ class PersistentCertificateRequestStorageTest : TestBase() {
|
|||||||
val auditReader = AuditReaderFactory.get(persistence.entityManagerFactory.createEntityManager())
|
val auditReader = AuditReaderFactory.get(persistence.entityManagerFactory.createEntityManager())
|
||||||
val newRevision = auditReader.find(CertificateSigningRequestEntity::class.java, requestId, 1)
|
val newRevision = auditReader.find(CertificateSigningRequestEntity::class.java, requestId, 1)
|
||||||
assertEquals(RequestStatus.NEW, newRevision.status)
|
assertEquals(RequestStatus.NEW, newRevision.status)
|
||||||
assertTrue(newRevision.modifiedBy.isEmpty())
|
assertEquals(DOORMAN_SIGNATURE, newRevision.modifiedBy)
|
||||||
|
|
||||||
val ticketCreatedRevision = auditReader.find(CertificateSigningRequestEntity::class.java, requestId, 2)
|
val ticketCreatedRevision = auditReader.find(CertificateSigningRequestEntity::class.java, requestId, 2)
|
||||||
assertEquals(RequestStatus.TICKET_CREATED, ticketCreatedRevision.status)
|
assertEquals(RequestStatus.TICKET_CREATED, ticketCreatedRevision.status)
|
||||||
assertTrue(ticketCreatedRevision.modifiedBy.isEmpty())
|
assertEquals(DOORMAN_SIGNATURE, ticketCreatedRevision.modifiedBy)
|
||||||
|
|
||||||
val approvedRevision = auditReader.find(CertificateSigningRequestEntity::class.java, requestId, 3)
|
val approvedRevision = auditReader.find(CertificateSigningRequestEntity::class.java, requestId, 3)
|
||||||
assertEquals(RequestStatus.APPROVED, approvedRevision.status)
|
assertEquals(RequestStatus.APPROVED, approvedRevision.status)
|
||||||
assertEquals(approver, approvedRevision.modifiedBy.first())
|
assertEquals(approver, approvedRevision.modifiedBy)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -72,7 +72,7 @@ class PersistentNodeInfoStorageTest : TestBase() {
|
|||||||
requestStorage.putCertificatePath(
|
requestStorage.putCertificatePath(
|
||||||
requestId,
|
requestId,
|
||||||
X509Utilities.buildCertPath(nodeCaCert, intermediateCa.certificate, rootCaCert),
|
X509Utilities.buildCertPath(nodeCaCert, intermediateCa.certificate, rootCaCert),
|
||||||
listOf(CertificationRequestStorage.DOORMAN_SIGNATURE))
|
CertificationRequestStorage.DOORMAN_SIGNATURE)
|
||||||
|
|
||||||
val storedCertPath = nodeInfoStorage.getCertificatePath(SecureHash.parse(keyPair.public.hashString()))
|
val storedCertPath = nodeInfoStorage.getCertificatePath(SecureHash.parse(keyPair.public.hashString()))
|
||||||
assertNotNull(storedCertPath)
|
assertNotNull(storedCertPath)
|
||||||
@ -139,7 +139,7 @@ internal fun createValidSignedNodeInfo(organisation: String,
|
|||||||
storage.approveRequest(requestId, "TestUser")
|
storage.approveRequest(requestId, "TestUser")
|
||||||
val nodeInfoBuilder = TestNodeInfoBuilder()
|
val nodeInfoBuilder = TestNodeInfoBuilder()
|
||||||
val (identity, key) = nodeInfoBuilder.addIdentity(CordaX500Name.build(X500Principal(csr.subject.encoded)), nodeKeyPair)
|
val (identity, key) = nodeInfoBuilder.addIdentity(CordaX500Name.build(X500Principal(csr.subject.encoded)), nodeKeyPair)
|
||||||
storage.putCertificatePath(requestId, identity.certPath, listOf("Test"))
|
storage.putCertificatePath(requestId, identity.certPath, "Test")
|
||||||
val (_, signedNodeInfo) = nodeInfoBuilder.buildWithSigned(1)
|
val (_, signedNodeInfo) = nodeInfoBuilder.buildWithSigned(1)
|
||||||
return Pair(NodeInfoWithSigned(signedNodeInfo), key)
|
return Pair(NodeInfoWithSigned(signedNodeInfo), key)
|
||||||
}
|
}
|
@ -29,7 +29,7 @@ class DefaultCsrHandlerTest : TestBase() {
|
|||||||
val requestStorage: CertificationRequestStorage = mock {
|
val requestStorage: CertificationRequestStorage = mock {
|
||||||
on { getRequest("New") }.thenReturn(certificateSigningRequest())
|
on { getRequest("New") }.thenReturn(certificateSigningRequest())
|
||||||
on { getRequest("Signed") }.thenReturn(certificateSigningRequest(
|
on { getRequest("Signed") }.thenReturn(certificateSigningRequest(
|
||||||
status = RequestStatus.SIGNED,
|
status = RequestStatus.DONE,
|
||||||
certData = certificateData(CertificateStatus.VALID, X509Utilities.buildCertPath(cert))
|
certData = certificateData(CertificateStatus.VALID, X509Utilities.buildCertPath(cert))
|
||||||
))
|
))
|
||||||
on { getRequest("Rejected") }.thenReturn(certificateSigningRequest(status = RequestStatus.REJECTED, remark = "Random reason"))
|
on { getRequest("Rejected") }.thenReturn(certificateSigningRequest(status = RequestStatus.REJECTED, remark = "Random reason"))
|
||||||
@ -71,8 +71,8 @@ class DefaultCsrHandlerTest : TestBase() {
|
|||||||
|
|
||||||
// Verify only the approved requests are taken
|
// Verify only the approved requests are taken
|
||||||
verify(requestStorage, times(1)).getRequests(RequestStatus.APPROVED)
|
verify(requestStorage, times(1)).getRequests(RequestStatus.APPROVED)
|
||||||
verify(requestStorage, times(1)).putCertificatePath(eq("1"), certPathCapture.capture(), eq(listOf(DOORMAN_SIGNATURE)))
|
verify(requestStorage, times(1)).putCertificatePath(eq("1"), certPathCapture.capture(), eq(DOORMAN_SIGNATURE))
|
||||||
verify(requestStorage, times(1)).putCertificatePath(eq("2"), certPathCapture.capture(), eq(listOf(DOORMAN_SIGNATURE)))
|
verify(requestStorage, times(1)).putCertificatePath(eq("2"), certPathCapture.capture(), eq(DOORMAN_SIGNATURE))
|
||||||
|
|
||||||
// Then make sure the generated node cert paths are correct
|
// Then make sure the generated node cert paths are correct
|
||||||
certPathCapture.allValues.forEachIndexed { index, certPath ->
|
certPathCapture.allValues.forEachIndexed { index, certPath ->
|
||||||
@ -113,7 +113,7 @@ class DefaultCsrHandlerTest : TestBase() {
|
|||||||
|
|
||||||
// Verify only the approved requests are taken
|
// Verify only the approved requests are taken
|
||||||
verify(requestStorage, times(1)).getRequests(RequestStatus.APPROVED)
|
verify(requestStorage, times(1)).getRequests(RequestStatus.APPROVED)
|
||||||
verify(requestStorage, times(1)).putCertificatePath(eq("1"), certPathCapture.capture(), eq(listOf(DOORMAN_SIGNATURE)))
|
verify(requestStorage, times(1)).putCertificatePath(eq("1"), certPathCapture.capture(), eq(DOORMAN_SIGNATURE))
|
||||||
|
|
||||||
// Then make sure the generated node cert paths are correct
|
// Then make sure the generated node cert paths are correct
|
||||||
certPathCapture.allValues.forEachIndexed { index, certPath ->
|
certPathCapture.allValues.forEachIndexed { index, certPath ->
|
||||||
|
@ -95,8 +95,8 @@ class JiraCsrHandlerTest : TestBase() {
|
|||||||
fun `sync tickets status`() {
|
fun `sync tickets status`() {
|
||||||
val id1 = SecureHash.randomSHA256().toString()
|
val id1 = SecureHash.randomSHA256().toString()
|
||||||
val id2 = SecureHash.randomSHA256().toString()
|
val id2 = SecureHash.randomSHA256().toString()
|
||||||
val csr1 = CertificateSigningRequest(id1, "name1", SecureHash.randomSHA256(), RequestStatus.NEW, pkcS10CertificationRequest, null, emptyList(), null)
|
val csr1 = CertificateSigningRequest(id1, "name1", SecureHash.randomSHA256(), RequestStatus.NEW, pkcS10CertificationRequest, null, "Test", null)
|
||||||
val csr2 = CertificateSigningRequest(id2, "name2", SecureHash.randomSHA256(), RequestStatus.NEW, pkcS10CertificationRequest, null, emptyList(), null)
|
val csr2 = CertificateSigningRequest(id2, "name2", SecureHash.randomSHA256(), RequestStatus.NEW, pkcS10CertificationRequest, null, "Test", null)
|
||||||
|
|
||||||
val requests = mutableMapOf(id1 to csr1, id2 to csr2)
|
val requests = mutableMapOf(id1 to csr1, id2 to csr2)
|
||||||
|
|
||||||
@ -106,13 +106,13 @@ class JiraCsrHandlerTest : TestBase() {
|
|||||||
whenever(certificationRequestStorage.approveRequest(any(), any())).then {
|
whenever(certificationRequestStorage.approveRequest(any(), any())).then {
|
||||||
val id = it.getArgument<String>(0)
|
val id = it.getArgument<String>(0)
|
||||||
if (requests[id]?.status == RequestStatus.NEW) {
|
if (requests[id]?.status == RequestStatus.NEW) {
|
||||||
requests[id] = requests[id]!!.copy(status = RequestStatus.APPROVED, modifiedBy = listOf(it.getArgument(1)))
|
requests[id] = requests[id]!!.copy(status = RequestStatus.APPROVED, modifiedBy = it.getArgument(1))
|
||||||
}
|
}
|
||||||
null
|
null
|
||||||
}
|
}
|
||||||
whenever(certificationRequestStorage.rejectRequest(any(), any(), any())).then {
|
whenever(certificationRequestStorage.rejectRequest(any(), any(), any())).then {
|
||||||
val id = it.getArgument<String>(0)
|
val id = it.getArgument<String>(0)
|
||||||
requests[id] = requests[id]!!.copy(status = RequestStatus.REJECTED, modifiedBy = listOf(it.getArgument(1)), remark = it.getArgument(2))
|
requests[id] = requests[id]!!.copy(status = RequestStatus.REJECTED, modifiedBy = it.getArgument(1), remark = it.getArgument(2))
|
||||||
null
|
null
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -140,7 +140,7 @@ class JiraCsrHandlerTest : TestBase() {
|
|||||||
// Sign request 1
|
// Sign request 1
|
||||||
val certPath = mock<CertPath>()
|
val certPath = mock<CertPath>()
|
||||||
val certData = CertificateData(CertificateStatus.VALID, certPath)
|
val certData = CertificateData(CertificateStatus.VALID, certPath)
|
||||||
requests[id1] = requests[id1]!!.copy(status = RequestStatus.SIGNED, certData = certData)
|
requests[id1] = requests[id1]!!.copy(status = RequestStatus.DONE, certData = certData)
|
||||||
|
|
||||||
// Process request again.
|
// Process request again.
|
||||||
jiraCsrHandler.processRequests()
|
jiraCsrHandler.processRequests()
|
||||||
|
Loading…
Reference in New Issue
Block a user