diff --git a/bridge/src/integration-test/kotlin/net/corda/bridge/SNIBridgeTest.kt b/bridge/src/integration-test/kotlin/net/corda/bridge/SNIBridgeTest.kt index 5300b19d0c..ca464afced 100644 --- a/bridge/src/integration-test/kotlin/net/corda/bridge/SNIBridgeTest.kt +++ b/bridge/src/integration-test/kotlin/net/corda/bridge/SNIBridgeTest.kt @@ -124,7 +124,14 @@ class SNIBridgeTest : IntegrationTest() { "p2pAddress" to "localhost:$advertisedP2PPort", "messagingServerAddress" to "0.0.0.0:$artemisPort", "messagingServerExternal" to true, - "enterpriseConfiguration" to mapOf("externalBridge" to true) + "enterpriseConfiguration" to mapOf( + "externalBridge" to true, + "messagingServerSslConfiguration" to mapOf( + "sslKeystore" to "${bankAPath}/certificates/sslkeystore.jks", + "keyStorePassword" to "cordacadevpass", + "trustStoreFile" to "${bankAPath}/certificates/truststore.jks", + "trustStorePassword" to "trustpass" + )) ) ) @@ -138,14 +145,21 @@ class SNIBridgeTest : IntegrationTest() { "p2pAddress" to "localhost:$advertisedP2PPort", "messagingServerAddress" to "0.0.0.0:$artemisPort", "messagingServerExternal" to true, - "enterpriseConfiguration" to mapOf("externalBridge" to true) + "enterpriseConfiguration" to mapOf( + "externalBridge" to true, + "messagingServerSslConfiguration" to mapOf( + "sslKeystore" to "${bankBPath}/certificates/sslkeystore.jks", + "keyStorePassword" to "cordacadevpass", + "trustStoreFile" to "${bankBPath}/certificates/truststore.jks", + "trustStorePassword" to "trustpass" + ) + ) ) ) val b = bFuture.getOrThrow() - val bridge = startBridge(ALICE_NAME, advertisedP2PPort, artemisPort, emptyMap( - )).getOrThrow() + startBridge(ALICE_NAME, advertisedP2PPort, artemisPort, emptyMap()).getOrThrow() // Start a node on the other side of the bridge val c = startNode(providedName = DUMMY_BANK_C_NAME, rpcUsers = listOf(demoUser), customOverrides = mapOf("p2pAddress" to "localhost:${portAllocation.nextPort()}")).getOrThrow() diff --git a/node/src/integration-test/kotlin/net/corda/node/ExternalBrokerTests.kt b/node/src/integration-test/kotlin/net/corda/node/ExternalBrokerTests.kt index 116a7211ba..538df50361 100644 --- a/node/src/integration-test/kotlin/net/corda/node/ExternalBrokerTests.kt +++ b/node/src/integration-test/kotlin/net/corda/node/ExternalBrokerTests.kt @@ -52,11 +52,19 @@ class ExternalBrokertests : IntegrationTest() { val p2pPort = portAllocator.nextPort() val rpcPort = portAllocator.nextPort() val broker = createArtemis(p2pPort) + val nodeBaseDir = tempFolder.root.toPath() val nodeConfiguration = mapOf( - "baseDirectory" to tempFolder.root.toPath().toString() + "/", + "baseDirectory" to "$nodeBaseDir", "devMode" to false, "messagingServerExternal" to true, "messagingServerAddress" to NetworkHostAndPort("localhost", p2pPort).toString(), - "enterpriseConfiguration" to mapOf("externalBridge" to true), + "enterpriseConfiguration" to mapOf( + "externalBridge" to true, + "messagingServerSslConfiguration" to mapOf( + "sslKeystore" to "${nodeBaseDir}/certificates/sslkeystore.jks", + "keyStorePassword" to "cordacadevpass", + "trustStoreFile" to "${nodeBaseDir}/certificates/truststore.jks", + "trustStorePassword" to "trustpass" + )), "keyStorePassword" to "cordacadevpass", "trustStorePassword" to "trustpass", "rpcSettings.address" to NetworkHostAndPort("localhost", rpcPort).toString()) @@ -100,11 +108,19 @@ class ExternalBrokertests : IntegrationTest() { val p2pPort = portAllocator.nextPort() val broker = createArtemis(p2pPort) broker.start() + val nodeBaseDir = tempFolder.root.toPath() val nodeConfiguration = mapOf( - "baseDirectory" to tempFolder.root.toPath().toString() + "/", + "baseDirectory" to "$nodeBaseDir", "devMode" to false, "messagingServerExternal" to true, "messagingServerAddress" to NetworkHostAndPort("localhost", p2pPort).toString(), - "enterpriseConfiguration" to mapOf("externalBrokerConnectionConfiguration" to "FAIL_FAST"), + "enterpriseConfiguration" to mapOf( + "externalBrokerConnectionConfiguration" to "FAIL_FAST", + "messagingServerSslConfiguration" to mapOf( + "sslKeystore" to "${nodeBaseDir}/certificates/sslkeystore.jks", + "keyStorePassword" to "cordacadevpass", + "trustStoreFile" to "${nodeBaseDir}/certificates/truststore.jks", + "trustStorePassword" to "trustpass" + )), "keyStorePassword" to "cordacadevpass", "trustStorePassword" to "trustpass") driver(DriverParameters(startNodesInProcess = false, notarySpecs = emptyList())) { diff --git a/node/src/main/kotlin/net/corda/node/services/config/EnterpriseConfiguration.kt b/node/src/main/kotlin/net/corda/node/services/config/EnterpriseConfiguration.kt index b81d20e45f..a30fa3c26a 100644 --- a/node/src/main/kotlin/net/corda/node/services/config/EnterpriseConfiguration.kt +++ b/node/src/main/kotlin/net/corda/node/services/config/EnterpriseConfiguration.kt @@ -5,11 +5,14 @@ import java.io.File import java.net.InetAddress import java.nio.file.Path import net.corda.nodeapi.internal.config.ExternalBrokerConnectionConfiguration +import net.corda.nodeapi.internal.config.FileBasedCertificateStoreSupplier +import net.corda.nodeapi.internal.config.MutualSslConfiguration data class EnterpriseConfiguration( val mutualExclusionConfiguration: MutualExclusionConfiguration, val externalBrokerConnectionConfiguration: ExternalBrokerConnectionConfiguration = ExternalBrokerConnectionConfiguration.DEFAULT, val externalBrokerBackupAddresses: List = emptyList(), + val messagingServerSslConfiguration: MessagingServerSslConfiguration? = null, val useMultiThreadedSMM: Boolean = true, val tuning: PerformanceTuning = PerformanceTuning.default, val externalBridge: Boolean? = null, @@ -17,6 +20,16 @@ data class EnterpriseConfiguration( val traceTargetDirectory: Path = File(".").toPath() ) +data class MessagingServerSslConfiguration(private val sslKeystore: Path, + private val keyStorePassword: String, + private val trustStoreFile: Path, + private val trustStorePassword: String, + override val useOpenSsl: Boolean = false) : MutualSslConfiguration { + + override val keyStore = FileBasedCertificateStoreSupplier(sslKeystore, keyStorePassword, keyStorePassword) + override val trustStore = FileBasedCertificateStoreSupplier(trustStoreFile, trustStorePassword, trustStorePassword) +} + data class MutualExclusionConfiguration(val on: Boolean = false, val machineName: String = defaultMachineName, val updateInterval: Long, diff --git a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt index 25727f6695..12de61b4a1 100644 --- a/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt +++ b/node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt @@ -281,6 +281,10 @@ data class NodeConfigurationImpl( rpcSettings } } + + if (messagingServerExternal && messagingServerAddress != null) { + require(enterpriseConfiguration.messagingServerSslConfiguration != null) {"Missing SSL configuration required by broker connection."} + } } override val certificatesDirectory = baseDirectory / "certificates" diff --git a/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt b/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt index 2ead2c5a30..e6ba01c1bb 100644 --- a/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt +++ b/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt @@ -185,8 +185,13 @@ class P2PMessagingClient(val config: NodeConfiguration, this.maxMessageSize = maxMessageSize state.locked { started = true - val tcpTransport = p2pConnectorTcpTransport(serverAddress, config.p2pSslOptions) - val backupTransports = p2pConnectorTcpTransportFromList(config.enterpriseConfiguration.externalBrokerBackupAddresses, config.p2pSslOptions) + val sslOptions = if (config.messagingServerExternal) { + config.enterpriseConfiguration.messagingServerSslConfiguration + } else { + config.p2pSslOptions + } + val tcpTransport = p2pConnectorTcpTransport(serverAddress, sslOptions) + val backupTransports = p2pConnectorTcpTransportFromList(config.enterpriseConfiguration.externalBrokerBackupAddresses, sslOptions) log.info("Connecting to message broker: $serverAddress") if (backupTransports.isNotEmpty()) { log.info("Back-up message broker addresses: ${config.enterpriseConfiguration.externalBrokerBackupAddresses}")