ENT-2577 Custom SSL props for external Artemis connections (#1549)

* ENT-2577 added additional node config for external artemis ssl config * ENT-2577 update tests for external p2p broker * ENT-2577 rename new config
2025-03-15 08:41:04 +00:00 · 2018-11-08 16:31:02 +00:00 · 2018-11-08 16:31:02 +00:00 · 41f5c530b2
commit 41f5c530b2
parent 7a62e65ec7
5 changed files with 62 additions and 10 deletions
--- a/bridge/src/integration-test/kotlin/net/corda/bridge/SNIBridgeTest.kt
+++ b/bridge/src/integration-test/kotlin/net/corda/bridge/SNIBridgeTest.kt
@ -124,7 +124,14 @@ class SNIBridgeTest : IntegrationTest() {
                            "p2pAddress" to "localhost:$advertisedP2PPort",
                            "messagingServerAddress" to "0.0.0.0:$artemisPort",
                            "messagingServerExternal" to true,
-                            "enterpriseConfiguration" to mapOf("externalBridge" to true)
+                            "enterpriseConfiguration" to mapOf(
+                                    "externalBridge" to true,
+                                    "messagingServerSslConfiguration" to mapOf(
+                                            "sslKeystore" to "${bankAPath}/certificates/sslkeystore.jks",
+                                            "keyStorePassword" to "cordacadevpass",
+                                            "trustStoreFile" to "${bankAPath}/certificates/truststore.jks",
+                                            "trustStorePassword" to "trustpass"
+                                    ))
                    )
            )

@ -138,14 +145,21 @@ class SNIBridgeTest : IntegrationTest() {
                            "p2pAddress" to "localhost:$advertisedP2PPort",
                            "messagingServerAddress" to "0.0.0.0:$artemisPort",
                            "messagingServerExternal" to true,
-                            "enterpriseConfiguration" to mapOf("externalBridge" to true)
+                            "enterpriseConfiguration" to mapOf(
+                                    "externalBridge" to true,
+                                    "messagingServerSslConfiguration" to mapOf(
+                                            "sslKeystore" to "${bankBPath}/certificates/sslkeystore.jks",
+                                            "keyStorePassword" to "cordacadevpass",
+                                            "trustStoreFile" to "${bankBPath}/certificates/truststore.jks",
+                                            "trustStorePassword" to "trustpass"
+                                    )
+                            )
                    )
            )

            val b = bFuture.getOrThrow()

-            val bridge = startBridge(ALICE_NAME, advertisedP2PPort, artemisPort, emptyMap(
-            )).getOrThrow()
+            startBridge(ALICE_NAME, advertisedP2PPort, artemisPort, emptyMap()).getOrThrow()

            // Start a node on the other side of the bridge
            val c = startNode(providedName = DUMMY_BANK_C_NAME, rpcUsers = listOf(demoUser), customOverrides = mapOf("p2pAddress" to "localhost:${portAllocation.nextPort()}")).getOrThrow()
--- a/node/src/integration-test/kotlin/net/corda/node/ExternalBrokerTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/ExternalBrokerTests.kt
@ -52,11 +52,19 @@ class ExternalBrokertests : IntegrationTest() {
        val p2pPort = portAllocator.nextPort()
        val rpcPort = portAllocator.nextPort()
        val broker = createArtemis(p2pPort)
+        val nodeBaseDir = tempFolder.root.toPath()
        val nodeConfiguration  = mapOf(
-                "baseDirectory" to tempFolder.root.toPath().toString() + "/",
+                "baseDirectory" to "$nodeBaseDir",
                "devMode" to false, "messagingServerExternal" to true,
                "messagingServerAddress" to NetworkHostAndPort("localhost", p2pPort).toString(),
-                "enterpriseConfiguration" to mapOf("externalBridge" to true),
+                "enterpriseConfiguration" to mapOf(
+                        "externalBridge" to true,
+                        "messagingServerSslConfiguration" to mapOf(
+                                "sslKeystore" to "${nodeBaseDir}/certificates/sslkeystore.jks",
+                                "keyStorePassword" to "cordacadevpass",
+                                "trustStoreFile" to "${nodeBaseDir}/certificates/truststore.jks",
+                                "trustStorePassword" to "trustpass"
+                        )),
                "keyStorePassword" to "cordacadevpass",
                "trustStorePassword" to "trustpass",
                "rpcSettings.address" to NetworkHostAndPort("localhost", rpcPort).toString())
@ -100,11 +108,19 @@ class ExternalBrokertests : IntegrationTest() {
        val p2pPort = portAllocator.nextPort()
        val broker = createArtemis(p2pPort)
        broker.start()
+        val nodeBaseDir = tempFolder.root.toPath()
        val nodeConfiguration  = mapOf(
-                "baseDirectory" to tempFolder.root.toPath().toString() + "/",
+                "baseDirectory" to "$nodeBaseDir",
                "devMode" to false, "messagingServerExternal" to true,
                "messagingServerAddress" to NetworkHostAndPort("localhost", p2pPort).toString(),
-                "enterpriseConfiguration" to mapOf("externalBrokerConnectionConfiguration" to "FAIL_FAST"),
+                "enterpriseConfiguration" to mapOf(
+                        "externalBrokerConnectionConfiguration" to "FAIL_FAST",
+                        "messagingServerSslConfiguration" to mapOf(
+                                "sslKeystore" to "${nodeBaseDir}/certificates/sslkeystore.jks",
+                                "keyStorePassword" to "cordacadevpass",
+                                "trustStoreFile" to "${nodeBaseDir}/certificates/truststore.jks",
+                                "trustStorePassword" to "trustpass"
+                        )),
                "keyStorePassword" to "cordacadevpass",
                "trustStorePassword" to "trustpass")
        driver(DriverParameters(startNodesInProcess = false, notarySpecs = emptyList())) {
--- a/node/src/main/kotlin/net/corda/node/services/config/EnterpriseConfiguration.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/EnterpriseConfiguration.kt
@ -5,11 +5,14 @@ import java.io.File
 import java.net.InetAddress
 import java.nio.file.Path
 import net.corda.nodeapi.internal.config.ExternalBrokerConnectionConfiguration
+import net.corda.nodeapi.internal.config.FileBasedCertificateStoreSupplier
+import net.corda.nodeapi.internal.config.MutualSslConfiguration

 data class EnterpriseConfiguration(
        val mutualExclusionConfiguration: MutualExclusionConfiguration,
        val externalBrokerConnectionConfiguration: ExternalBrokerConnectionConfiguration = ExternalBrokerConnectionConfiguration.DEFAULT,
        val externalBrokerBackupAddresses: List<NetworkHostAndPort> = emptyList(),
+        val messagingServerSslConfiguration: MessagingServerSslConfiguration? = null,
        val useMultiThreadedSMM: Boolean = true,
        val tuning: PerformanceTuning = PerformanceTuning.default,
        val externalBridge: Boolean? = null,
@ -17,6 +20,16 @@ data class EnterpriseConfiguration(
        val traceTargetDirectory: Path = File(".").toPath()
 )

+data class MessagingServerSslConfiguration(private val sslKeystore: Path,
+                                           private val keyStorePassword: String,
+                                           private val trustStoreFile: Path,
+                                           private val trustStorePassword: String,
+                                           override val useOpenSsl: Boolean = false) : MutualSslConfiguration {
+
+    override val keyStore = FileBasedCertificateStoreSupplier(sslKeystore, keyStorePassword, keyStorePassword)
+    override val trustStore = FileBasedCertificateStoreSupplier(trustStoreFile, trustStorePassword, trustStorePassword)
+}
+
 data class MutualExclusionConfiguration(val on: Boolean = false,
                                        val machineName: String = defaultMachineName,
                                        val updateInterval: Long,
--- a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
@ -281,6 +281,10 @@ data class NodeConfigurationImpl(
                rpcSettings
            }
        }
+
+        if (messagingServerExternal && messagingServerAddress != null) {
+            require(enterpriseConfiguration.messagingServerSslConfiguration != null) {"Missing SSL configuration required by broker connection."}
+        }
    }

    override val certificatesDirectory = baseDirectory / "certificates"
--- a/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt
+++ b/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt
@ -185,8 +185,13 @@ class P2PMessagingClient(val config: NodeConfiguration,
        this.maxMessageSize = maxMessageSize
        state.locked {
            started = true
-            val tcpTransport = p2pConnectorTcpTransport(serverAddress, config.p2pSslOptions)
-            val backupTransports = p2pConnectorTcpTransportFromList(config.enterpriseConfiguration.externalBrokerBackupAddresses, config.p2pSslOptions)
+            val sslOptions = if (config.messagingServerExternal) {
+                config.enterpriseConfiguration.messagingServerSslConfiguration
+            } else {
+                config.p2pSslOptions
+            }
+            val tcpTransport = p2pConnectorTcpTransport(serverAddress, sslOptions)
+            val backupTransports = p2pConnectorTcpTransportFromList(config.enterpriseConfiguration.externalBrokerBackupAddresses, sslOptions)
            log.info("Connecting to message broker: $serverAddress")
            if (backupTransports.isNotEmpty()) {
                log.info("Back-up message broker addresses: ${config.enterpriseConfiguration.externalBrokerBackupAddresses}")