ENT-2577 Custom SSL props for external Artemis connections (#1549)

* ENT-2577 added additional node config for external artemis ssl config

* ENT-2577 update tests for external p2p broker

* ENT-2577 rename new config
This commit is contained in:
bpaunescu 2018-11-08 16:31:02 +00:00 committed by GitHub
parent 7a62e65ec7
commit 41f5c530b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 62 additions and 10 deletions

View File

@ -124,7 +124,14 @@ class SNIBridgeTest : IntegrationTest() {
"p2pAddress" to "localhost:$advertisedP2PPort",
"messagingServerAddress" to "0.0.0.0:$artemisPort",
"messagingServerExternal" to true,
"enterpriseConfiguration" to mapOf("externalBridge" to true)
"enterpriseConfiguration" to mapOf(
"externalBridge" to true,
"messagingServerSslConfiguration" to mapOf(
"sslKeystore" to "${bankAPath}/certificates/sslkeystore.jks",
"keyStorePassword" to "cordacadevpass",
"trustStoreFile" to "${bankAPath}/certificates/truststore.jks",
"trustStorePassword" to "trustpass"
))
)
)
@ -138,14 +145,21 @@ class SNIBridgeTest : IntegrationTest() {
"p2pAddress" to "localhost:$advertisedP2PPort",
"messagingServerAddress" to "0.0.0.0:$artemisPort",
"messagingServerExternal" to true,
"enterpriseConfiguration" to mapOf("externalBridge" to true)
"enterpriseConfiguration" to mapOf(
"externalBridge" to true,
"messagingServerSslConfiguration" to mapOf(
"sslKeystore" to "${bankBPath}/certificates/sslkeystore.jks",
"keyStorePassword" to "cordacadevpass",
"trustStoreFile" to "${bankBPath}/certificates/truststore.jks",
"trustStorePassword" to "trustpass"
)
)
)
)
val b = bFuture.getOrThrow()
val bridge = startBridge(ALICE_NAME, advertisedP2PPort, artemisPort, emptyMap(
)).getOrThrow()
startBridge(ALICE_NAME, advertisedP2PPort, artemisPort, emptyMap()).getOrThrow()
// Start a node on the other side of the bridge
val c = startNode(providedName = DUMMY_BANK_C_NAME, rpcUsers = listOf(demoUser), customOverrides = mapOf("p2pAddress" to "localhost:${portAllocation.nextPort()}")).getOrThrow()

View File

@ -52,11 +52,19 @@ class ExternalBrokertests : IntegrationTest() {
val p2pPort = portAllocator.nextPort()
val rpcPort = portAllocator.nextPort()
val broker = createArtemis(p2pPort)
val nodeBaseDir = tempFolder.root.toPath()
val nodeConfiguration = mapOf(
"baseDirectory" to tempFolder.root.toPath().toString() + "/",
"baseDirectory" to "$nodeBaseDir",
"devMode" to false, "messagingServerExternal" to true,
"messagingServerAddress" to NetworkHostAndPort("localhost", p2pPort).toString(),
"enterpriseConfiguration" to mapOf("externalBridge" to true),
"enterpriseConfiguration" to mapOf(
"externalBridge" to true,
"messagingServerSslConfiguration" to mapOf(
"sslKeystore" to "${nodeBaseDir}/certificates/sslkeystore.jks",
"keyStorePassword" to "cordacadevpass",
"trustStoreFile" to "${nodeBaseDir}/certificates/truststore.jks",
"trustStorePassword" to "trustpass"
)),
"keyStorePassword" to "cordacadevpass",
"trustStorePassword" to "trustpass",
"rpcSettings.address" to NetworkHostAndPort("localhost", rpcPort).toString())
@ -100,11 +108,19 @@ class ExternalBrokertests : IntegrationTest() {
val p2pPort = portAllocator.nextPort()
val broker = createArtemis(p2pPort)
broker.start()
val nodeBaseDir = tempFolder.root.toPath()
val nodeConfiguration = mapOf(
"baseDirectory" to tempFolder.root.toPath().toString() + "/",
"baseDirectory" to "$nodeBaseDir",
"devMode" to false, "messagingServerExternal" to true,
"messagingServerAddress" to NetworkHostAndPort("localhost", p2pPort).toString(),
"enterpriseConfiguration" to mapOf("externalBrokerConnectionConfiguration" to "FAIL_FAST"),
"enterpriseConfiguration" to mapOf(
"externalBrokerConnectionConfiguration" to "FAIL_FAST",
"messagingServerSslConfiguration" to mapOf(
"sslKeystore" to "${nodeBaseDir}/certificates/sslkeystore.jks",
"keyStorePassword" to "cordacadevpass",
"trustStoreFile" to "${nodeBaseDir}/certificates/truststore.jks",
"trustStorePassword" to "trustpass"
)),
"keyStorePassword" to "cordacadevpass",
"trustStorePassword" to "trustpass")
driver(DriverParameters(startNodesInProcess = false, notarySpecs = emptyList())) {

View File

@ -5,11 +5,14 @@ import java.io.File
import java.net.InetAddress
import java.nio.file.Path
import net.corda.nodeapi.internal.config.ExternalBrokerConnectionConfiguration
import net.corda.nodeapi.internal.config.FileBasedCertificateStoreSupplier
import net.corda.nodeapi.internal.config.MutualSslConfiguration
data class EnterpriseConfiguration(
val mutualExclusionConfiguration: MutualExclusionConfiguration,
val externalBrokerConnectionConfiguration: ExternalBrokerConnectionConfiguration = ExternalBrokerConnectionConfiguration.DEFAULT,
val externalBrokerBackupAddresses: List<NetworkHostAndPort> = emptyList(),
val messagingServerSslConfiguration: MessagingServerSslConfiguration? = null,
val useMultiThreadedSMM: Boolean = true,
val tuning: PerformanceTuning = PerformanceTuning.default,
val externalBridge: Boolean? = null,
@ -17,6 +20,16 @@ data class EnterpriseConfiguration(
val traceTargetDirectory: Path = File(".").toPath()
)
data class MessagingServerSslConfiguration(private val sslKeystore: Path,
private val keyStorePassword: String,
private val trustStoreFile: Path,
private val trustStorePassword: String,
override val useOpenSsl: Boolean = false) : MutualSslConfiguration {
override val keyStore = FileBasedCertificateStoreSupplier(sslKeystore, keyStorePassword, keyStorePassword)
override val trustStore = FileBasedCertificateStoreSupplier(trustStoreFile, trustStorePassword, trustStorePassword)
}
data class MutualExclusionConfiguration(val on: Boolean = false,
val machineName: String = defaultMachineName,
val updateInterval: Long,

View File

@ -281,6 +281,10 @@ data class NodeConfigurationImpl(
rpcSettings
}
}
if (messagingServerExternal && messagingServerAddress != null) {
require(enterpriseConfiguration.messagingServerSslConfiguration != null) {"Missing SSL configuration required by broker connection."}
}
}
override val certificatesDirectory = baseDirectory / "certificates"

View File

@ -185,8 +185,13 @@ class P2PMessagingClient(val config: NodeConfiguration,
this.maxMessageSize = maxMessageSize
state.locked {
started = true
val tcpTransport = p2pConnectorTcpTransport(serverAddress, config.p2pSslOptions)
val backupTransports = p2pConnectorTcpTransportFromList(config.enterpriseConfiguration.externalBrokerBackupAddresses, config.p2pSslOptions)
val sslOptions = if (config.messagingServerExternal) {
config.enterpriseConfiguration.messagingServerSslConfiguration
} else {
config.p2pSslOptions
}
val tcpTransport = p2pConnectorTcpTransport(serverAddress, sslOptions)
val backupTransports = p2pConnectorTcpTransportFromList(config.enterpriseConfiguration.externalBrokerBackupAddresses, sslOptions)
log.info("Connecting to message broker: $serverAddress")
if (backupTransports.isNotEmpty()) {
log.info("Back-up message broker addresses: ${config.enterpriseConfiguration.externalBrokerBackupAddresses}")