diff --git a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt index 58cea399d2..d1cc073a7b 100644 --- a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt +++ b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt @@ -43,7 +43,9 @@ open class NetworkRegistrationHelper( networkRootTrustStorePassword: String, private val nodeCaKeyAlias: String, private val certRole: CertRole, - private val nextIdleDuration: (Duration?) -> Duration? = FixedPeriodLimitedRetrialStrategy(10, Duration.ofMinutes(1)) + private val nextIdleDuration: (Duration?) -> Duration? = FixedPeriodLimitedRetrialStrategy(10, Duration.ofMinutes(1)), + protected val logProgress: (String) -> Unit = ::println, + protected val logError: (String) -> Unit = System.err::println ) { companion object { @@ -86,7 +88,7 @@ open class NetworkRegistrationHelper( // SELF_SIGNED_PRIVATE_KEY is used as progress indicator. if (certStore.contains(nodeCaKeyAlias) && !certStore.contains(SELF_SIGNED_PRIVATE_KEY)) { - println("Certificate already exists, Corda node will now terminate...") + logProgress("Certificate already exists, Corda node will now terminate...") return } @@ -106,7 +108,7 @@ open class NetworkRegistrationHelper( certStore.setCertPathOnly(nodeCaKeyAlias, nodeCaCertificates) certStore.value.internal.deleteEntry(SELF_SIGNED_PRIVATE_KEY) certStore.value.save() - println("Private key '$nodeCaKeyAlias' and its certificate-chain stored successfully.") + logProgress("Private key '$nodeCaKeyAlias' and its certificate-chain stored successfully.") onSuccess(nodeCaPublicKey, cryptoService.getSigner(nodeCaKeyAlias), nodeCaCertificates, tlsCrlIssuerCert?.subjectX500Principal?.toX500Name()) // All done, clean up temp files. @@ -124,9 +126,9 @@ open class NetworkRegistrationHelper( private fun getTlsCrlIssuerCert(): X509Certificate? { val tlsCrlIssuerCert = validateAndGetTlsCrlIssuerCert() if (tlsCrlIssuerCert == null && isTlsCrlIssuerCertRequired()) { - System.err.println("""tlsCrlIssuerCert config does not match the root certificate issuer and nor is there any other certificate in the trust store with a matching issuer. + logError("""tlsCrlIssuerCert config does not match the root certificate issuer and nor is there any other certificate in the trust store with a matching issuer. | Please make sure the config is correct or that the correct certificate for the CRL issuer is added to the node's trust store. - | The node will now terminate.""".trimMargin()) + | The node registration will now terminate.""".trimMargin()) throw IllegalArgumentException("TLS CRL issuer certificate not found in the trust store.") } return tlsCrlIssuerCert @@ -161,7 +163,7 @@ open class NetworkRegistrationHelper( // Validate certificate chain returned from the doorman with the root cert obtained via out-of-band process, to prevent MITM attack on doorman server. X509Utilities.validateCertificateChain(rootCert, certificates) - println("Certificate signing request approved, storing private key with the certificate chain.") + logProgress("Certificate signing request approved, storing private key with the certificate chain.") } private fun CertificateStore.loadOrCreateKeyPair(alias: String, entryPassword: String = password): KeyPair { @@ -188,7 +190,7 @@ open class NetworkRegistrationHelper( */ private fun pollServerForCertificates(requestId: String): List { try { - println("Start polling server for certificate signing approval.") + logProgress("Start polling server for certificate signing approval.") // Poll server to download the signed certificate once request has been approved. var idlePeriodDuration: Duration? = null while (true) { @@ -209,9 +211,9 @@ open class NetworkRegistrationHelper( } } } catch (certificateRequestException: CertificateRequestException) { - System.err.println(certificateRequestException.message) - System.err.println("Please make sure the details in configuration file are correct and try again.") - System.err.println("Corda node will now terminate.") + certificateRequestException.message?.let { logError(it) } + logError("Please make sure the details in configuration file are correct and try again.") + logError("Corda node registration will now terminate.") requestIdStore.deleteIfExists() throw certificateRequestException } @@ -233,24 +235,21 @@ open class NetworkRegistrationHelper( JcaPEMWriter(writer).use { it.writeObject(PemObject("CERTIFICATE REQUEST", request.encoded)) } - println("Certificate signing request with the following information will be submitted to the Corda certificate signing server.") - println() - println("Legal Name: $myLegalName") - println("Email: $emailAddress") - println() - println("Public Key: $publicKey") - println() - println("$writer") + logProgress("Certificate signing request with the following information will be submitted to the Corda certificate signing server.") + logProgress("Legal Name: $myLegalName") + logProgress("Email: $emailAddress") + logProgress("Public Key: $publicKey") + logProgress("$writer") // Post request to signing server via http. - println("Submitting certificate signing request to Corda certificate signing server.") + logProgress("Submitting certificate signing request to Corda certificate signing server.") val requestId = certService.submitRequest(request) // Persists request ID to file in case of node shutdown. requestIdStore.writeLines(listOf(requestId)) - println("Successfully submitted request to Corda certificate signing server, request ID: $requestId.") + logProgress("Successfully submitted request to Corda certificate signing server, request ID: $requestId.") requestId } else { val requestId = requestIdStore.readLines { it.findFirst().get() } - println("Resuming from previous certificate signing request, request ID: $requestId.") + logProgress("Resuming from previous certificate signing request, request ID: $requestId.") requestId } } catch (e: Exception) { @@ -274,15 +273,19 @@ class NodeRegistrationException( class NodeRegistrationHelper( private val config: NodeConfiguration, - certService: NetworkRegistrationService, regConfig: NodeRegistrationOption, computeNextIdleDoormanConnectionPollInterval: (Duration?) -> Duration? = FixedPeriodLimitedRetrialStrategy(10, Duration.ofMinutes(1))) : - NetworkRegistrationHelper( - config, - certService, - regConfig.networkRootTrustStorePath, - regConfig.networkRootTrustStorePassword, - CORDA_CLIENT_CA, - CertRole.NODE_CA, - computeNextIdleDoormanConnectionPollInterval) { + certService: NetworkRegistrationService, + regConfig: NodeRegistrationOption, + computeNextIdleDoormanConnectionPollInterval: (Duration?) -> Duration? = FixedPeriodLimitedRetrialStrategy(10, Duration.ofMinutes(1)), + logProgress: (String) -> Unit = ::println, + logError: (String) -> Unit = System.err::println) : + NetworkRegistrationHelper( + config, + certService, + regConfig.networkRootTrustStorePath, + regConfig.networkRootTrustStorePassword, + CORDA_CLIENT_CA, + CertRole.NODE_CA, + computeNextIdleDoormanConnectionPollInterval, logProgress, logError) { companion object { val logger = contextLogger() @@ -297,7 +300,7 @@ class NodeRegistrationHelper( val keyStore = config.p2pSslOptions.keyStore val certificateStore = keyStore.get(createNew = true) certificateStore.update { - println("Generating SSL certificate for node messaging service.") + logProgress("Generating SSL certificate for node messaging service.") val sslKeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME) val issuerCertificate = nodeCaCertificateChain.first() val validityWindow = X509Utilities.getCertificateValidityWindow(DEFAULT_VALIDITY_WINDOW.first, DEFAULT_VALIDITY_WINDOW.second, issuerCertificate) @@ -319,7 +322,7 @@ class NodeRegistrationHelper( X509Utilities.validateCertificateChain(rootCert, sslCertificateChain) setPrivateKey(CORDA_CLIENT_TLS, sslKeyPair.private, sslCertificateChain, keyStore.entryPassword) } - println("SSL private key and certificate chain stored in ${keyStore.path}.") + logProgress("SSL private key and certificate chain stored in ${keyStore.path}.") } private fun createTruststore(rootCertificate: X509Certificate) { @@ -328,7 +331,7 @@ class NodeRegistrationHelper( if (this.aliases().hasNext()) { logger.warn("The node's trust store already exists. The following certificates will be overridden: ${this.aliases().asSequence()}") } - println("Generating trust store for corda node.") + logProgress("Generating trust store for corda node.") // Assumes certificate chain always starts with client certificate and end with root certificate. setCertificate(CORDA_ROOT_CA, rootCertificate) // Copy remaining certificates from the network-trust-store @@ -338,7 +341,7 @@ class NodeRegistrationHelper( setCertificate(it, certificate) } } - println("Node trust store stored in ${config.p2pSslOptions.trustStore.path}.") + logProgress("Node trust store stored in ${config.p2pSslOptions.trustStore.path}.") } override fun validateAndGetTlsCrlIssuerCert(): X509Certificate? {