mirror of
https://github.com/corda/corda.git
synced 2025-01-01 02:36:44 +00:00
Improve run instructions for the HSM doorman (#190)
* Add more detail to HSM doorman outputs * Remove duplicate display of defaults, add default value where it was only set in text, and show the actual names of the authentication modes. * Add instructions for getting command line help * Change error display to use System.err
This commit is contained in:
parent
fbcdc23434
commit
3ab1a06db6
@ -28,9 +28,13 @@ To run the HSM signing server:
|
|||||||
|
|
||||||
```
|
```
|
||||||
cd network-management
|
cd network-management
|
||||||
java -jar capsule-hsm/build/libs/hsm-3.0-NETWORKMAP-20171204.134345-6-capsule.jar --configFile hsm.conf
|
java -jar capsule-hsm/build/libs/hsm-3.0-NETWORKMAP-20171204.134345-6.jar --configFile hsm.conf
|
||||||
```
|
```
|
||||||
|
|
||||||
|
For a list of options the HSM signing server takes, run with the `--help` option:
|
||||||
|
|
||||||
|
java -jar capsule-hsm/build/libs/hsm-3.0-NETWORKMAP-20171204.134345-6.jar --help
|
||||||
|
|
||||||
#Configuring network management service
|
#Configuring network management service
|
||||||
### Local signing
|
### Local signing
|
||||||
|
|
||||||
|
@ -110,7 +110,7 @@ fun run(parameters: Parameters) {
|
|||||||
|
|
||||||
private fun processError(exception: Exception) {
|
private fun processError(exception: Exception) {
|
||||||
val processed = mapCryptoServerException(exception)
|
val processed = mapCryptoServerException(exception)
|
||||||
println("An error occured: ${processed.message}")
|
System.err.println("An error occurred: ${processed.message}")
|
||||||
}
|
}
|
||||||
|
|
||||||
private fun confirmedSign(selectedItems: List<ApprovedCertificateRequestData>): Boolean {
|
private fun confirmedSign(selectedItems: List<ApprovedCertificateRequestData>): Boolean {
|
||||||
|
@ -43,12 +43,15 @@ class Authenticator(private val provider: CryptoServerProvider,
|
|||||||
autoUsername
|
autoUsername
|
||||||
}
|
}
|
||||||
when (mode) {
|
when (mode) {
|
||||||
AuthMode.CARD_READER -> provider.loginSign(user, ":cs2:cyb:USB0", null)
|
AuthMode.CARD_READER -> {
|
||||||
|
println("Authenticating using card reader")
|
||||||
|
provider.loginSign(user, ":cs2:cyb:USB0", null)
|
||||||
|
}
|
||||||
AuthMode.KEY_FILE -> {
|
AuthMode.KEY_FILE -> {
|
||||||
println("Authenticating using preconfigured key file")
|
println("Authenticating using preconfigured key file $authKeyFilePath")
|
||||||
val password = if (authKeyFilePass == null) {
|
val password = if (authKeyFilePass == null) {
|
||||||
val input = readPassword("Enter key file password (or Q to quit): ")
|
val input = readPassword("Enter key file password (or Q to quit): ")
|
||||||
if ("q" == input.toLowerCase()) {
|
if ("q" == input.toLowerCase().trim()) {
|
||||||
authenticated.clear()
|
authenticated.clear()
|
||||||
break@loop
|
break@loop
|
||||||
} else {
|
} else {
|
||||||
@ -60,6 +63,7 @@ class Authenticator(private val provider: CryptoServerProvider,
|
|||||||
provider.loginSign(user, authKeyFilePath.toString(), password)
|
provider.loginSign(user, authKeyFilePath.toString(), password)
|
||||||
}
|
}
|
||||||
AuthMode.PASSWORD -> {
|
AuthMode.PASSWORD -> {
|
||||||
|
println("Authenticating using password")
|
||||||
val password = readPassword("Enter password (or Q to quit): ")
|
val password = readPassword("Enter password (or Q to quit): ")
|
||||||
if ("q" == password.toLowerCase()) {
|
if ("q" == password.toLowerCase()) {
|
||||||
authenticated.clear()
|
authenticated.clear()
|
||||||
|
@ -68,22 +68,22 @@ data class Parameters(val dataSourceProperties: Properties,
|
|||||||
fun parseParameters(vararg args: String): Parameters {
|
fun parseParameters(vararg args: String): Parameters {
|
||||||
val argConfig = args.toConfigWithOptions {
|
val argConfig = args.toConfigWithOptions {
|
||||||
accepts("basedir", "Overriding configuration filepath, default to current directory.").withRequiredArg().defaultsTo(".").describedAs("filepath")
|
accepts("basedir", "Overriding configuration filepath, default to current directory.").withRequiredArg().defaultsTo(".").describedAs("filepath")
|
||||||
accepts("configFile", "Overriding configuration file. (default: <<current directory>>/node.conf)").withRequiredArg().describedAs("filepath")
|
accepts("configFile", "Overriding configuration file.").withRequiredArg().defaultsTo("node.conf").describedAs("filepath")
|
||||||
accepts("device", "CryptoServer device address (default: $DEFAULT_DEVICE)").withRequiredArg()
|
accepts("device", "CryptoServer device address").withRequiredArg().defaultsTo(DEFAULT_DEVICE)
|
||||||
accepts("keyGroup", "CryptoServer key group").withRequiredArg()
|
accepts("keyGroup", "CryptoServer key group").withRequiredArg()
|
||||||
accepts("keySpecifier", "CryptoServer key specifier (default: $DEFAULT_KEY_SPECIFIER)").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_KEY_SPECIFIER)
|
accepts("keySpecifier", "CryptoServer key specifier").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_KEY_SPECIFIER)
|
||||||
accepts("rootPrivateKeyPassword", "Password for the root certificate private key").withRequiredArg().describedAs("password")
|
accepts("rootPrivateKeyPassword", "Password for the root certificate private key").withRequiredArg().describedAs("password")
|
||||||
accepts("csrPrivateKeyPassword", "Password for the CSR signing certificate private key").withRequiredArg().describedAs("password")
|
accepts("csrPrivateKeyPassword", "Password for the CSR signing certificate private key").withRequiredArg().describedAs("password")
|
||||||
accepts("keyGenAuthThreshold", "Authentication strength threshold for the HSM key generation (default: $DEFAULT_KEY_GEN_AUTH_THRESHOLD)").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_KEY_GEN_AUTH_THRESHOLD)
|
accepts("keyGenAuthThreshold", "Authentication strength threshold for the HSM key generation").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_KEY_GEN_AUTH_THRESHOLD)
|
||||||
accepts("signAuthThreshold", "Authentication strength threshold for the HSM CSR signing (default: $DEFAULT_SIGN_AUTH_THRESHOLD)").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_SIGN_AUTH_THRESHOLD)
|
accepts("signAuthThreshold", "Authentication strength threshold for the HSM CSR signing").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_SIGN_AUTH_THRESHOLD)
|
||||||
accepts("authMode", "Authentication mode. Allowed values: ${AuthMode.values()} (default: $DEFAULT_AUTH_MODE)").withRequiredArg().defaultsTo(DEFAULT_AUTH_MODE.name)
|
accepts("authMode", "Authentication mode. Allowed values: ${AuthMode.values().map(AuthMode::name)})").withRequiredArg().defaultsTo(DEFAULT_AUTH_MODE.name)
|
||||||
accepts("authKeyFilePath", "Key file path when authentication is based on a key file (i.e. authMode=${AuthMode.KEY_FILE.name})").withRequiredArg().describedAs("filepath")
|
accepts("authKeyFilePath", "Key file path when authentication is based on a key file (i.e. authMode=${AuthMode.KEY_FILE.name})").withRequiredArg().describedAs("filepath")
|
||||||
accepts("authKeyFilePassword", "Key file password when authentication is based on a key file (i.e. authMode=${AuthMode.KEY_FILE.name})").withRequiredArg()
|
accepts("authKeyFilePassword", "Key file password when authentication is based on a key file (i.e. authMode=${AuthMode.KEY_FILE.name})").withRequiredArg()
|
||||||
accepts("autoUsername", "Username to be used for certificate signing (if not specified it will be prompted for input)").withRequiredArg()
|
accepts("autoUsername", "Username to be used for certificate signing (if not specified it will be prompted for input)").withRequiredArg()
|
||||||
accepts("csrCertificateName", "Name of the certificate to be used by this CA to sign CSR (default: $DEFAULT_CSR_CERTIFICATE_NAME)").withRequiredArg().defaultsTo(DEFAULT_CSR_CERTIFICATE_NAME)
|
accepts("csrCertificateName", "Name of the certificate to be used by this CA to sign CSR").withRequiredArg().defaultsTo(DEFAULT_CSR_CERTIFICATE_NAME)
|
||||||
accepts("rootCertificateName", "Name of the root certificate to be used by this CA (default: $DEFAULT_ROOT_CERTIFICATE_NAME)").withRequiredArg().defaultsTo(DEFAULT_ROOT_CERTIFICATE_NAME)
|
accepts("rootCertificateName", "Name of the root certificate to be used by this CA").withRequiredArg().defaultsTo(DEFAULT_ROOT_CERTIFICATE_NAME)
|
||||||
accepts("validDays", "Validity duration in days").withRequiredArg().ofType(Int::class.java)
|
accepts("validDays", "Validity duration in days").withRequiredArg().ofType(Int::class.java)
|
||||||
accepts("signInterval", "Time interval (in seconds) in which network map is signed (default: $DEFAULT_SIGN_INTERVAL)").withRequiredArg().ofType(Long::class.java).defaultsTo(DEFAULT_SIGN_INTERVAL)
|
accepts("signInterval", "Time interval (in seconds) in which network map is signed").withRequiredArg().ofType(Long::class.java).defaultsTo(DEFAULT_SIGN_INTERVAL)
|
||||||
}
|
}
|
||||||
|
|
||||||
val configFile = if (argConfig.hasPath("configFile")) {
|
val configFile = if (argConfig.hasPath("configFile")) {
|
||||||
|
Loading…
Reference in New Issue
Block a user