diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/config/FirewallConfigurationImpl.kt b/bridge/src/main/kotlin/net/corda/bridge/services/config/FirewallConfigurationImpl.kt index fcd248ab31..c0f86cf002 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/config/FirewallConfigurationImpl.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/config/FirewallConfigurationImpl.kt @@ -22,8 +22,8 @@ data class BridgeSSLConfigurationImpl(private val sslKeystore: Path, private val crlCheckSoftFail: Boolean, override val useOpenSsl: Boolean = false) : BridgeSSLConfiguration { - override val keyStore = FileBasedCertificateStoreSupplier(sslKeystore, keyStorePassword) - override val trustStore = FileBasedCertificateStoreSupplier(trustStoreFile, trustStorePassword) + override val keyStore = FileBasedCertificateStoreSupplier(sslKeystore, keyStorePassword, keyStorePassword) + override val trustStore = FileBasedCertificateStoreSupplier(trustStoreFile, trustStorePassword, trustStorePassword) } data class BridgeOutboundConfigurationImpl(override val artemisBrokerAddress: NetworkHostAndPort, @@ -81,9 +81,9 @@ data class FirewallConfigurationImpl( } private val p2pKeystorePath = sslKeystore - private val p2pKeyStore = FileBasedCertificateStoreSupplier(p2pKeystorePath, keyStorePassword) + private val p2pKeyStore = FileBasedCertificateStoreSupplier(p2pKeystorePath, keyStorePassword, keyStorePassword) private val p2pTrustStoreFilePath = trustStoreFile - private val p2pTrustStore = FileBasedCertificateStoreSupplier(p2pTrustStoreFilePath, trustStorePassword) + private val p2pTrustStore = FileBasedCertificateStoreSupplier(p2pTrustStoreFilePath, trustStorePassword, trustStorePassword) override val p2pSslOptions: MutualSslConfiguration = SslConfiguration.mutual(p2pKeyStore, p2pTrustStore) } diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/BridgeAMQPListenerServiceImpl.kt b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/BridgeAMQPListenerServiceImpl.kt index eb83e6431e..8376e4b470 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/BridgeAMQPListenerServiceImpl.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/BridgeAMQPListenerServiceImpl.kt @@ -48,8 +48,8 @@ class BridgeAMQPListenerServiceImpl(val conf: FirewallConfiguration, require(active) { "AuditService must be active" } require(keyStorePassword !== keyStorePrivateKeyPassword) { "keyStorePassword and keyStorePrivateKeyPassword must reference distinct arrays!" } - val keyStore = CertificateStore.of(loadKeyStore(keyStoreBytes, keyStorePassword), java.lang.String.valueOf(keyStorePrivateKeyPassword)).also { wipeKeys(keyStoreBytes, keyStorePassword) } - val trustStore = CertificateStore.of(loadKeyStore(trustStoreBytes, trustStorePassword), java.lang.String.valueOf(trustStorePassword)).also { wipeKeys(trustStoreBytes, trustStorePassword) } + val keyStore = CertificateStore.of(loadKeyStore(keyStoreBytes, keyStorePassword), java.lang.String.valueOf(keyStorePrivateKeyPassword), java.lang.String.valueOf(keyStorePrivateKeyPassword)).also { wipeKeys(keyStoreBytes, keyStorePassword) } + val trustStore = CertificateStore.of(loadKeyStore(trustStoreBytes, trustStorePassword), java.lang.String.valueOf(trustStorePassword), java.lang.String.valueOf(trustStorePassword)).also { wipeKeys(trustStoreBytes, trustStorePassword) } val bindAddress = conf.inboundConfig!!.listeningAddress val amqpConfiguration = object : AMQPConfiguration { override val keyStore = keyStore diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/InProcessBridgeReceiverService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/InProcessBridgeReceiverService.kt index 540cf2c320..ee74dd4d1e 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/InProcessBridgeReceiverService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/InProcessBridgeReceiverService.kt @@ -35,10 +35,10 @@ class InProcessBridgeReceiverService(val conf: FirewallConfiguration, val keyStoreBytes = sslConfiguration.keyStore.path.readAll() val trustStoreBytes = sslConfiguration.trustStore.path.readAll() amqpListenerService.provisionKeysAndActivate(keyStoreBytes, - sslConfiguration.keyStore.password.toCharArray(), - sslConfiguration.keyStore.password.toCharArray(), + sslConfiguration.keyStore.storePassword.toCharArray(), + sslConfiguration.keyStore.entryPassword.toCharArray(), trustStoreBytes, - sslConfiguration.trustStore.password.toCharArray()) + sslConfiguration.trustStore.storePassword.toCharArray()) } else { if (amqpListenerService.running) { amqpListenerService.wipeKeysAndDeactivate() diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/TunnelingBridgeReceiverService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/TunnelingBridgeReceiverService.kt index e70c5e7374..6fa9a66035 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/TunnelingBridgeReceiverService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/TunnelingBridgeReceiverService.kt @@ -118,7 +118,7 @@ class TunnelingBridgeReceiverService(val conf: FirewallConfiguration, freshKeyStorePassword, freshKeyStoreKeyPassword, trustStoreBytes, - floatListenerSSLConfiguration.trustStore.password.toCharArray()) + floatListenerSSLConfiguration.trustStore.storePassword.toCharArray()) val amqpActivateMessage = amqpControlClient!!.createMessage(activateMessage.serialize(context = SerializationDefaults.P2P_CONTEXT).bytes, FLOAT_CONTROL_TOPIC, expectedCertificateSubject.toString(), @@ -141,7 +141,7 @@ class TunnelingBridgeReceiverService(val conf: FirewallConfiguration, // Recode KeyStore to use a fresh random password for entries and overall private fun recodeKeyStore(sslConfiguration: MutualSslConfiguration): Triple { val keyStoreOriginal = sslConfiguration.keyStore.get().value.internal - val originalKeyStorePassword = sslConfiguration.keyStore.password.toCharArray() + val originalKeyStorePassword = sslConfiguration.keyStore.storePassword.toCharArray() val freshKeyStorePassword = CharArray(20) { secureRandom.nextInt(0xD800).toChar() } // Stick to single character Unicode range val freshPrivateKeyPassword = CharArray(20) { secureRandom.nextInt(0xD800).toChar() } // Stick to single character Unicode range for (alias in keyStoreOriginal.aliases()) { diff --git a/lib/quasar.jar b/lib/quasar.jar index 7282d8c8b8..df70e4890f 100644 Binary files a/lib/quasar.jar and b/lib/quasar.jar differ