CORDA-1343 Make the RPCClient ssl constructors public. Clean up broke… (#3039)

* CORDA-1343 Make the RPCClient ssl constructors public. Clean up broker authentication logic * CORDA-1343 small fix * CORDA-1343 cleanup * CORDA-1343 fixed api changes script * CORDA-1343 fixed merge * CORDA-1343 removed unused property * CORDA-1343 add separate p2p and rpc node users * CORDA-1343 remove test configuration * CORDA-1343 fix tests * CORDA-1343 address core review comments * CORDA-1343 some documentation and adding createWithSsl method for a haAddressPool * CORDA-1343 clean up the CordaRPCClient interface * CORDA-1343 add internal shell test * CORDA-1343 address code review comments * CORDA-1343 split the internalShell user from the System Rpc user * CORDA-1343 fix test * CORDA-1343 Add warning when certificateChainCheckPolicies is being configured * CORDA-1343 Address code review changes * CORDA-1343 fix merge * CORDA-1343 added test, docs, clarify comments * CORDA-1343 clean up docs * CORDA-1343 fix api * CORDA-1343 fix merge * CORDA-1343 fix merge * CORDA-1343 fix merge * CORDA-1343 fix merge
2025-06-22 17:09:00 +00:00 · 2018-05-21 13:05:08 +03:00
parent fc88cefbc8
commit 455221629b
49 changed files with 1002 additions and 1045 deletions
--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalTestUtils.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/InternalTestUtils.kt
@ -10,14 +10,16 @@ import net.corda.core.node.NodeInfo
 import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.loggerFor
 import net.corda.node.services.config.configureDevKeyAndTrustStores
+import net.corda.nodeapi.BrokerRpcSslOptions
 import net.corda.nodeapi.internal.config.SSLConfiguration
+import net.corda.nodeapi.internal.createDevKeyStores
 import net.corda.nodeapi.internal.createDevNodeCa
-import net.corda.nodeapi.internal.crypto.CertificateAndKeyPair
-import net.corda.nodeapi.internal.crypto.CertificateType
-import net.corda.nodeapi.internal.crypto.X509Utilities
+import net.corda.nodeapi.internal.crypto.*
 import net.corda.serialization.internal.amqp.AMQP_ENABLED
 import java.nio.file.Files
+import java.nio.file.Path
 import java.security.KeyPair
+import java.security.cert.X509Certificate
 import javax.security.auth.x500.X500Principal

@Suppress("unused")
@ -92,13 +94,11 @@ fun createDevNodeCaCertPath(
    return Triple(rootCa, intermediateCa, nodeCa)
 }

-fun SSLConfiguration.useSslRpcOverrides(): Map<String, Any> {
+fun BrokerRpcSslOptions.useSslRpcOverrides(): Map<String, String> {
    return mapOf(
            "rpcSettings.useSsl" to "true",
-            "rpcSettings.ssl.certificatesDirectory" to certificatesDirectory.toString(),
-            "rpcSettings.ssl.keyStorePassword" to keyStorePassword,
-            "rpcSettings.ssl.trustStorePassword" to trustStorePassword,
-            "rpcSettings.ssl.crlCheckSoftFail" to true
+            "rpcSettings.ssl.keyStorePath" to keyStorePath.toAbsolutePath().toString(),
+            "rpcSettings.ssl.keyStorePassword" to keyStorePassword
    )
 }

@ -125,3 +125,40 @@ fun NodeInfo.chooseIdentityAndCert(): PartyAndCertificate = legalIdentitiesAndCe
 * TODO: Should be removed after multiple identities are introduced.
 */
 fun NodeInfo.chooseIdentity(): Party = chooseIdentityAndCert().party
+
+fun createNodeSslConfig(path: Path, name: CordaX500Name = CordaX500Name("MegaCorp", "London", "GB")): SSLConfiguration {
+    val sslConfig = object : SSLConfiguration {
+        override val crlCheckSoftFail = true
+        override val certificatesDirectory = path
+        override val keyStorePassword = "serverstorepass"
+        override val trustStorePassword = "trustpass"
+    }
+    val (rootCa, intermediateCa) = createDevIntermediateCaCertPath()
+    sslConfig.createDevKeyStores(name, rootCa.certificate, intermediateCa)
+    val trustStore = loadOrCreateKeyStore(sslConfig.trustStoreFile, sslConfig.trustStorePassword)
+    trustStore.addOrReplaceCertificate(X509Utilities.CORDA_ROOT_CA, rootCa.certificate)
+    trustStore.save(sslConfig.trustStoreFile, sslConfig.trustStorePassword)
+
+    return sslConfig
+}
+
+fun createKeyPairAndSelfSignedCertificate(): Pair<KeyPair, X509Certificate> {
+    val rpcKeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
+    val testName = X500Principal("CN=Test,O=R3 Ltd,L=London,C=GB")
+    val selfSignCert = X509Utilities.createSelfSignedCACertificate(testName, rpcKeyPair)
+    return Pair(rpcKeyPair, selfSignCert)
+}
+
+fun saveToKeyStore(keyStorePath: Path, rpcKeyPair: KeyPair, selfSignCert: X509Certificate, password: String = "password"): Path {
+    val keyStore = loadOrCreateKeyStore(keyStorePath, password)
+    keyStore.addOrReplaceKey("Key", rpcKeyPair.private, password.toCharArray(), arrayOf(selfSignCert))
+    keyStore.save(keyStorePath, password)
+    return keyStorePath
+}
+
+fun saveToTrustStore(trustStorePath: Path, selfSignCert: X509Certificate, password: String = "password"): Path {
+    val trustStore = loadOrCreateKeyStore(trustStorePath, password)
+    trustStore.addOrReplaceCertificate("Key", selfSignCert)
+    trustStore.save(trustStorePath, password)
+    return trustStorePath
+}