Merge branch 'master' into merges/08_11_2018_16_05

# Conflicts: # node/src/main/kotlin/net/corda/node/services/config/EnterpriseConfiguration.kt # node/src/main/kotlin/net/corda/node/services/config/NodeConfiguration.kt
2025-03-15 00:36:49 +00:00 · 2018-11-08 18:20:02 +00:00 · 2018-11-08 18:20:02 +00:00 · 420b2ccd40
commit 420b2ccd40
parent 6a90f42eba 41f5c530b2
6 changed files with 80 additions and 10 deletions
--- a/bridge/src/integration-test/kotlin/net/corda/bridge/SNIBridgeTest.kt
+++ b/bridge/src/integration-test/kotlin/net/corda/bridge/SNIBridgeTest.kt
@ -124,7 +124,14 @@ class SNIBridgeTest : IntegrationTest() {
                            "p2pAddress" to "localhost:$advertisedP2PPort",
                            "messagingServerAddress" to "0.0.0.0:$artemisPort",
                            "messagingServerExternal" to true,
-                            "enterpriseConfiguration" to mapOf("externalBridge" to true)
+                            "enterpriseConfiguration" to mapOf(
+                                    "externalBridge" to true,
+                                    "messagingServerSslConfiguration" to mapOf(
+                                            "sslKeystore" to "${bankAPath}/certificates/sslkeystore.jks",
+                                            "keyStorePassword" to "cordacadevpass",
+                                            "trustStoreFile" to "${bankAPath}/certificates/truststore.jks",
+                                            "trustStorePassword" to "trustpass"
+                                    ))
                    )
            )

@ -138,14 +145,21 @@ class SNIBridgeTest : IntegrationTest() {
                            "p2pAddress" to "localhost:$advertisedP2PPort",
                            "messagingServerAddress" to "0.0.0.0:$artemisPort",
                            "messagingServerExternal" to true,
-                            "enterpriseConfiguration" to mapOf("externalBridge" to true)
+                            "enterpriseConfiguration" to mapOf(
+                                    "externalBridge" to true,
+                                    "messagingServerSslConfiguration" to mapOf(
+                                            "sslKeystore" to "${bankBPath}/certificates/sslkeystore.jks",
+                                            "keyStorePassword" to "cordacadevpass",
+                                            "trustStoreFile" to "${bankBPath}/certificates/truststore.jks",
+                                            "trustStorePassword" to "trustpass"
+                                    )
+                            )
                    )
            )

            val b = bFuture.getOrThrow()

-            val bridge = startBridge(ALICE_NAME, advertisedP2PPort, artemisPort, emptyMap(
-            )).getOrThrow()
+            startBridge(ALICE_NAME, advertisedP2PPort, artemisPort, emptyMap()).getOrThrow()

            // Start a node on the other side of the bridge
            val c = startNode(providedName = DUMMY_BANK_C_NAME, rpcUsers = listOf(demoUser), customOverrides = mapOf("p2pAddress" to "localhost:${portAllocation.nextPort()}")).getOrThrow()
--- a/node/src/integration-test/kotlin/net/corda/node/ExternalBrokerTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/ExternalBrokerTests.kt
@ -52,11 +52,19 @@ class ExternalBrokertests : IntegrationTest() {
        val p2pPort = portAllocator.nextPort()
        val rpcPort = portAllocator.nextPort()
        val broker = createArtemis(p2pPort)
+        val nodeBaseDir = tempFolder.root.toPath()
        val nodeConfiguration  = mapOf(
-                "baseDirectory" to tempFolder.root.toPath().toString() + "/",
+                "baseDirectory" to "$nodeBaseDir",
                "devMode" to false, "messagingServerExternal" to true,
                "messagingServerAddress" to NetworkHostAndPort("localhost", p2pPort).toString(),
-                "enterpriseConfiguration" to mapOf("externalBridge" to true),
+                "enterpriseConfiguration" to mapOf(
+                        "externalBridge" to true,
+                        "messagingServerSslConfiguration" to mapOf(
+                                "sslKeystore" to "${nodeBaseDir}/certificates/sslkeystore.jks",
+                                "keyStorePassword" to "cordacadevpass",
+                                "trustStoreFile" to "${nodeBaseDir}/certificates/truststore.jks",
+                                "trustStorePassword" to "trustpass"
+                        )),
                "keyStorePassword" to "cordacadevpass",
                "trustStorePassword" to "trustpass",
                "rpcSettings.address" to NetworkHostAndPort("localhost", rpcPort).toString())
@ -100,11 +108,19 @@ class ExternalBrokertests : IntegrationTest() {
        val p2pPort = portAllocator.nextPort()
        val broker = createArtemis(p2pPort)
        broker.start()
+        val nodeBaseDir = tempFolder.root.toPath()
        val nodeConfiguration  = mapOf(
-                "baseDirectory" to tempFolder.root.toPath().toString() + "/",
+                "baseDirectory" to "$nodeBaseDir",
                "devMode" to false, "messagingServerExternal" to true,
                "messagingServerAddress" to NetworkHostAndPort("localhost", p2pPort).toString(),
-                "enterpriseConfiguration" to mapOf("externalBrokerConnectionConfiguration" to "FAIL_FAST"),
+                "enterpriseConfiguration" to mapOf(
+                        "externalBrokerConnectionConfiguration" to "FAIL_FAST",
+                        "messagingServerSslConfiguration" to mapOf(
+                                "sslKeystore" to "${nodeBaseDir}/certificates/sslkeystore.jks",
+                                "keyStorePassword" to "cordacadevpass",
+                                "trustStoreFile" to "${nodeBaseDir}/certificates/truststore.jks",
+                                "trustStorePassword" to "trustpass"
+                        )),
                "keyStorePassword" to "cordacadevpass",
                "trustStorePassword" to "trustpass")
        driver(DriverParameters(startNodesInProcess = false, notarySpecs = emptyList())) {
--- a/node/src/main/kotlin/net/corda/node/services/config/EnterpriseConfiguration.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/EnterpriseConfiguration.kt
@ -5,11 +5,14 @@ import java.io.File
 import java.net.InetAddress
 import java.nio.file.Path
 import net.corda.nodeapi.internal.config.ExternalBrokerConnectionConfiguration
+import net.corda.nodeapi.internal.config.FileBasedCertificateStoreSupplier
+import net.corda.nodeapi.internal.config.MutualSslConfiguration

 data class EnterpriseConfiguration(
        val mutualExclusionConfiguration: MutualExclusionConfiguration,
        val externalBrokerConnectionConfiguration: ExternalBrokerConnectionConfiguration = Defaults.externalBrokerConnectionConfiguration,
        val externalBrokerBackupAddresses: List<NetworkHostAndPort> = Defaults.externalBrokerBackupAddresses,
+        val messagingServerSslConfiguration: MessagingServerSslConfiguration? = null,
        val useMultiThreadedSMM: Boolean = Defaults.useMultiThreadedSMM,
        val tuning: PerformanceTuning = Defaults.tuning,
        val externalBridge: Boolean? = null,
@ -26,6 +29,19 @@ data class EnterpriseConfiguration(
    }
 }

+data class MessagingServerSslConfiguration(private val sslKeystore: Path,
+                                           private val keyStorePassword: String,
+                                           private val trustStoreFile: Path,
+                                           private val trustStorePassword: String,
+                                           override val useOpenSsl: Boolean = Defaults.useOpenSsl) : MutualSslConfiguration {
+    internal object Defaults {
+        val useOpenSsl: Boolean = false
+    }
+
+    override val keyStore = FileBasedCertificateStoreSupplier(sslKeystore, keyStorePassword, keyStorePassword)
+    override val trustStore = FileBasedCertificateStoreSupplier(trustStoreFile, trustStorePassword, trustStorePassword)
+}
+
 data class MutualExclusionConfiguration(val on: Boolean = Defaults.on,
                                        val machineName: String = Defaults.machineName,
                                        val updateInterval: Long,
--- a/node/src/main/kotlin/net/corda/node/services/config/NodeConfigurationImpl.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/NodeConfigurationImpl.kt
@ -188,6 +188,10 @@ data class NodeConfigurationImpl(
            """.trimMargin())
        }

+        if (messagingServerExternal && messagingServerAddress != null) {
+            require(enterpriseConfiguration.messagingServerSslConfiguration != null) { "Missing SSL configuration required by broker connection." }
+        }
+
        // Support the deprecated method of configuring network services with a single compatibilityZoneURL option
        if (compatibilityZoneURL != null && networkServices == null) {
            networkServices = NetworkServicesConfig(compatibilityZoneURL, compatibilityZoneURL, inferred = true)
--- a/node/src/main/kotlin/net/corda/node/services/config/schema/v1/ConfigSections.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/schema/v1/ConfigSections.kt
@ -22,6 +22,7 @@ import net.corda.node.services.config.FlowOverride
 import net.corda.node.services.config.FlowOverrideConfig
 import net.corda.node.services.config.FlowTimeoutConfiguration
 import net.corda.node.services.config.GraphiteOptions
+import net.corda.node.services.config.MessagingServerSslConfiguration
 import net.corda.node.services.config.MutualExclusionConfiguration
 import net.corda.node.services.config.NetworkServicesConfig
 import net.corda.node.services.config.NodeH2Settings
@ -278,12 +279,14 @@ internal object EnterpriseConfigurationSpec : Configuration.Specification<Enterp
    private val externalBridge by boolean().optional()
    private val enableCacheTracing by boolean().optional().withDefaultValue(EnterpriseConfiguration.Defaults.enableCacheTracing)
    private val traceTargetDirectory by string().mapValid(::toPath).optional().withDefaultValue(EnterpriseConfiguration.Defaults.traceTargetDirectory)
+    private val messagingServerSslConfiguration by nested(MessagingServerSslConfigurationSpec).optional()

    override fun parseValid(configuration: Config): Valid<EnterpriseConfiguration> {
        return valid(EnterpriseConfiguration(
                configuration[mutualExclusionConfiguration],
                configuration[externalBrokerConnectionConfiguration],
                configuration[externalBrokerBackupAddresses],
+                configuration[messagingServerSslConfiguration],
                configuration[useMultiThreadedSMM],
                configuration[tuning],
                configuration[externalBridge],
@ -293,6 +296,18 @@ internal object EnterpriseConfigurationSpec : Configuration.Specification<Enterp
    }
 }

+internal object MessagingServerSslConfigurationSpec : Configuration.Specification<MessagingServerSslConfiguration>("MessagingServerSslConfiguration") {
+    private val sslKeystore by string().mapValid(::toPath)
+    private val keyStorePassword by string(sensitive = true)
+    private val trustStoreFile by string().mapValid(::toPath)
+    private val trustStorePassword by string(sensitive = true)
+    private val useOpenSsl by boolean().optional().withDefaultValue(MessagingServerSslConfiguration.Defaults.useOpenSsl)
+
+    override fun parseValid(configuration: Config): Valid<MessagingServerSslConfiguration> {
+        return valid(MessagingServerSslConfiguration(configuration[sslKeystore], configuration[keyStorePassword], configuration[trustStoreFile], configuration[trustStorePassword], configuration[useOpenSsl]))
+    }
+}
+
 internal object MutualExclusionConfigurationSpec : Configuration.Specification<MutualExclusionConfiguration>("MutualExclusionConfiguration") {
    private val on by boolean().optional().withDefaultValue(MutualExclusionConfiguration.Defaults.on)
    private val machineName by string().optional().withDefaultValue(MutualExclusionConfiguration.Defaults.machineName)
--- a/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt
+++ b/node/src/main/kotlin/net/corda/node/services/messaging/P2PMessagingClient.kt
@ -185,8 +185,13 @@ class P2PMessagingClient(val config: NodeConfiguration,
        this.maxMessageSize = maxMessageSize
        state.locked {
            started = true
-            val tcpTransport = p2pConnectorTcpTransport(serverAddress, config.p2pSslOptions)
-            val backupTransports = p2pConnectorTcpTransportFromList(config.enterpriseConfiguration.externalBrokerBackupAddresses, config.p2pSslOptions)
+            val sslOptions = if (config.messagingServerExternal) {
+                config.enterpriseConfiguration.messagingServerSslConfiguration
+            } else {
+                config.p2pSslOptions
+            }
+            val tcpTransport = p2pConnectorTcpTransport(serverAddress, sslOptions)
+            val backupTransports = p2pConnectorTcpTransportFromList(config.enterpriseConfiguration.externalBrokerBackupAddresses, sslOptions)
            log.info("Connecting to message broker: $serverAddress")
            if (backupTransports.isNotEmpty()) {
                log.info("Back-up message broker addresses: ${config.enterpriseConfiguration.externalBrokerBackupAddresses}")