mirror of
https://github.com/corda/corda.git
synced 2025-06-23 01:19:00 +00:00
check for empty rpc keystore/trustore passwords + extract method refactoring. (#3944)
This commit is contained in:
Konstantinos Chalkias
committed by
GitHub
GitHub
parent
5be7d5c4f1
commit
356bddb2d4
@ -256,66 +256,7 @@ open class NodeStartup: CordaCliWrapper("corda", "Runs a Corda Node") {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
if (cmdLineOptions.justGenerateRpcSslCerts) {
|
if (cmdLineOptions.justGenerateRpcSslCerts) {
|
||||||
val (keyPair, cert) = createKeyPairAndSelfSignedTLSCertificate(conf.myLegalName.x500Principal)
|
generateRpcSslCertificates(conf)
|
||||||
|
|
||||||
val keyStorePath = conf.baseDirectory / "certificates" / "rpcsslkeystore.jks"
|
|
||||||
val trustStorePath = conf.baseDirectory / "certificates" / "export" / "rpcssltruststore.jks"
|
|
||||||
|
|
||||||
if (keyStorePath.exists() || trustStorePath.exists()) {
|
|
||||||
println("Found existing RPC SSL keystores. Command was already run. Exiting..")
|
|
||||||
exitProcess(0)
|
|
||||||
}
|
|
||||||
|
|
||||||
val console: Console? = System.console()
|
|
||||||
|
|
||||||
when (console) {
|
|
||||||
// In this case, the JVM is not connected to the console so we need to exit
|
|
||||||
null -> {
|
|
||||||
println("Not connected to console. Exiting")
|
|
||||||
exitProcess(1)
|
|
||||||
}
|
|
||||||
// Otherwise we can proceed normally
|
|
||||||
else -> {
|
|
||||||
while (true) {
|
|
||||||
val keystorePassword1 = console.readPassword("Enter the keystore password => ")
|
|
||||||
val keystorePassword2 = console.readPassword("Re-enter the keystore password => ")
|
|
||||||
if (!keystorePassword1.contentEquals(keystorePassword2)) {
|
|
||||||
println("The keystore passwords don't match.")
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
saveToKeyStore(keyStorePath, keyPair, cert, String(keystorePassword1), "rpcssl")
|
|
||||||
println("The keystore was saved to: $keyStorePath .")
|
|
||||||
break
|
|
||||||
}
|
|
||||||
|
|
||||||
while (true) {
|
|
||||||
val trustStorePassword1 = console.readPassword("Enter the truststore password => ")
|
|
||||||
val trustStorePassword2 = console.readPassword("Re-enter the truststore password => ")
|
|
||||||
if (!trustStorePassword1.contentEquals(trustStorePassword2)) {
|
|
||||||
println("The truststore passwords don't match.")
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
saveToTrustStore(trustStorePath, cert, String(trustStorePassword1), "rpcssl")
|
|
||||||
println("The truststore was saved to: $trustStorePath .")
|
|
||||||
println("You need to distribute this file along with the password in a secure way to all RPC clients.")
|
|
||||||
break
|
|
||||||
}
|
|
||||||
|
|
||||||
val dollar = '$'
|
|
||||||
println("""
|
|
||||||
|
|
|
||||||
|The SSL certificates were generated successfully.
|
|
||||||
|
|
|
||||||
|Add this snippet to the "rpcSettings" section of your node.conf:
|
|
||||||
| useSsl=true
|
|
||||||
| ssl {
|
|
||||||
| keyStorePath=$dollar{baseDirectory}/certificates/rpcsslkeystore.jks
|
|
||||||
| keyStorePassword=the_above_password
|
|
||||||
| }
|
|
||||||
|""".trimMargin())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -355,6 +296,82 @@ open class NodeStartup: CordaCliWrapper("corda", "Runs a Corda Node") {
|
|||||||
node.run()
|
node.run()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private fun generateRpcSslCertificates(conf: NodeConfiguration) {
|
||||||
|
val (keyPair, cert) = createKeyPairAndSelfSignedTLSCertificate(conf.myLegalName.x500Principal)
|
||||||
|
|
||||||
|
val keyStorePath = conf.baseDirectory / "certificates" / "rpcsslkeystore.jks"
|
||||||
|
val trustStorePath = conf.baseDirectory / "certificates" / "export" / "rpcssltruststore.jks"
|
||||||
|
|
||||||
|
if (keyStorePath.exists() || trustStorePath.exists()) {
|
||||||
|
println("Found existing RPC SSL keystores. Command was already run. Exiting..")
|
||||||
|
exitProcess(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
val console: Console? = System.console()
|
||||||
|
|
||||||
|
when (console) {
|
||||||
|
// In this case, the JVM is not connected to the console so we need to exit.
|
||||||
|
null -> {
|
||||||
|
println("Not connected to console. Exiting")
|
||||||
|
exitProcess(1)
|
||||||
|
}
|
||||||
|
// Otherwise we can proceed normally.
|
||||||
|
else -> {
|
||||||
|
while (true) {
|
||||||
|
val keystorePassword1 = console.readPassword("Enter the RPC keystore password => ")
|
||||||
|
// TODO: consider adding a password strength policy.
|
||||||
|
if (keystorePassword1.isEmpty()) {
|
||||||
|
println("The RPC keystore password cannot be an empty String.")
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
val keystorePassword2 = console.readPassword("Re-enter the RPC keystore password => ")
|
||||||
|
if (!keystorePassword1.contentEquals(keystorePassword2)) {
|
||||||
|
println("The RPC keystore passwords don't match.")
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
saveToKeyStore(keyStorePath, keyPair, cert, String(keystorePassword1), "rpcssl")
|
||||||
|
println("The RPC keystore was saved to: $keyStorePath .")
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
while (true) {
|
||||||
|
val trustStorePassword1 = console.readPassword("Enter the RPC truststore password => ")
|
||||||
|
// TODO: consider adding a password strength policy.
|
||||||
|
if (trustStorePassword1.isEmpty()) {
|
||||||
|
println("The RPC truststore password cannot be an empty String.")
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
val trustStorePassword2 = console.readPassword("Re-enter the RPC truststore password => ")
|
||||||
|
if (!trustStorePassword1.contentEquals(trustStorePassword2)) {
|
||||||
|
println("The RPC truststore passwords don't match.")
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
saveToTrustStore(trustStorePath, cert, String(trustStorePassword1), "rpcssl")
|
||||||
|
println("The RPC truststore was saved to: $trustStorePath .")
|
||||||
|
println("You need to distribute this file along with the password in a secure way to all RPC clients.")
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
val dollar = '$'
|
||||||
|
println("""
|
||||||
|
|
|
||||||
|
|The SSL certificates for RPC were generated successfully.
|
||||||
|
|
|
||||||
|
|Add this snippet to the "rpcSettings" section of your node.conf:
|
||||||
|
| useSsl=true
|
||||||
|
| ssl {
|
||||||
|
| keyStorePath=$dollar{baseDirectory}/certificates/rpcsslkeystore.jks
|
||||||
|
| keyStorePassword=the_above_password
|
||||||
|
| }
|
||||||
|
|""".trimMargin())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
protected open fun logStartupInfo(versionInfo: VersionInfo, conf: NodeConfiguration) {
|
protected open fun logStartupInfo(versionInfo: VersionInfo, conf: NodeConfiguration) {
|
||||||
logger.info("Vendor: ${versionInfo.vendor}")
|
logger.info("Vendor: ${versionInfo.vendor}")
|
||||||
logger.info("Release: ${versionInfo.releaseVersion}")
|
logger.info("Release: ${versionInfo.releaseVersion}")
|
||||||
@ -411,7 +428,7 @@ open class NodeStartup: CordaCliWrapper("corda", "Runs a Corda Node") {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
open protected fun logLoadedCorDapps(corDapps: List<CordappImpl>) {
|
protected open fun logLoadedCorDapps(corDapps: List<CordappImpl>) {
|
||||||
fun CordappImpl.Info.description() = "$shortName version $version by $vendor"
|
fun CordappImpl.Info.description() = "$shortName version $version by $vendor"
|
||||||
|
|
||||||
Node.printBasicNodeInfo("Loaded ${corDapps.size} CorDapp(s)", corDapps.map { it.info }.joinToString(", ", transform = CordappImpl.Info::description))
|
Node.printBasicNodeInfo("Loaded ${corDapps.size} CorDapp(s)", corDapps.map { it.info }.joinToString(", ", transform = CordappImpl.Info::description))
|
||||||
|
|||||||
Reference in New Issue
Block a user