From 6113cbbd39be5f7dec0dd7eb4eebe81d24996e5c Mon Sep 17 00:00:00 2001 From: Nikolett Nagy <61757742+nikinagy@users.noreply.github.com> Date: Wed, 2 Sep 2020 09:48:01 +0100 Subject: [PATCH] verify with NETWORK_PARAMETERS role and test (#6628) --- .../nodeapi/internal/KeyStoreConfigHelpers.kt | 10 +++++++ .../internal/DBNetworkParametersStorage.kt | 3 +-- .../network/NetworkParametersReaderTest.kt | 27 +++++++++++++++++++ .../internal/MockNetworkParametersService.kt | 4 +-- 4 files changed, 40 insertions(+), 4 deletions(-) diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt index 76bf478b31..7dc49d24df 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/KeyStoreConfigHelpers.kt @@ -77,6 +77,16 @@ fun createDevNetworkMapCa(rootCa: CertificateAndKeyPair = DEV_ROOT_CA): Certific return CertificateAndKeyPair(cert, keyPair) } +fun createDevNetworkParametersCa(rootCa: CertificateAndKeyPair = DEV_ROOT_CA): CertificateAndKeyPair { + val keyPair = generateKeyPair() + val cert = X509Utilities.createCertificate( + CertificateType.NETWORK_PARAMETERS, + rootCa.certificate, + rootCa.keyPair, + X500Principal("CN=Network Parameters,O=R3 Ltd,L=London,C=GB"), + keyPair.public) + return CertificateAndKeyPair(cert, keyPair) +} /** * Create a dev node CA cert, as a sub-cert of the given [intermediateCa], and matching key pair using the given * [CordaX500Name] as the cert subject. diff --git a/node/src/main/kotlin/net/corda/node/internal/DBNetworkParametersStorage.kt b/node/src/main/kotlin/net/corda/node/internal/DBNetworkParametersStorage.kt index 637afabca3..f93b579ace 100644 --- a/node/src/main/kotlin/net/corda/node/internal/DBNetworkParametersStorage.kt +++ b/node/src/main/kotlin/net/corda/node/internal/DBNetworkParametersStorage.kt @@ -19,7 +19,6 @@ import net.corda.node.utilities.AppendOnlyPersistentMap import net.corda.nodeapi.internal.crypto.X509CertificateFactory import net.corda.nodeapi.internal.crypto.X509Utilities import net.corda.nodeapi.internal.network.SignedNetworkParameters -import net.corda.nodeapi.internal.network.verifiedNetworkMapCert import net.corda.nodeapi.internal.network.verifiedNetworkParametersCert import net.corda.nodeapi.internal.persistence.CordaPersistence import net.corda.nodeapi.internal.persistence.NODE_DATABASE_PREFIX @@ -86,7 +85,7 @@ class DBNetworkParametersStorage( override fun saveParameters(signedNetworkParameters: SignedNetworkParameters) { log.trace { "Saving new network parameters to network parameters storage." } - val networkParameters = signedNetworkParameters.verifiedNetworkMapCert(trustRoot) + val networkParameters = signedNetworkParameters.verifiedNetworkParametersCert(trustRoot) val hash = signedNetworkParameters.raw.hash log.trace { "Parameters to save $networkParameters with hash $hash" } database.transaction { diff --git a/node/src/test/kotlin/net/corda/node/services/network/NetworkParametersReaderTest.kt b/node/src/test/kotlin/net/corda/node/services/network/NetworkParametersReaderTest.kt index f44331d296..b2c04d5806 100644 --- a/node/src/test/kotlin/net/corda/node/services/network/NetworkParametersReaderTest.kt +++ b/node/src/test/kotlin/net/corda/node/services/network/NetworkParametersReaderTest.kt @@ -2,16 +2,23 @@ package net.corda.node.services.network import com.google.common.jimfs.Configuration import com.google.common.jimfs.Jimfs +import net.corda.core.identity.CordaX500Name import net.corda.core.internal.* import net.corda.core.serialization.deserialize import net.corda.core.utilities.days import net.corda.core.utilities.seconds +import net.corda.coretesting.internal.DEV_INTERMEDIATE_CA import net.corda.node.VersionInfo import net.corda.node.internal.NetworkParametersReader import net.corda.nodeapi.internal.network.* import net.corda.testing.common.internal.testNetworkParameters import net.corda.testing.core.SerializationEnvironmentRule import net.corda.coretesting.internal.DEV_ROOT_CA +import net.corda.nodeapi.internal.createDevNetworkMapCa +import net.corda.nodeapi.internal.createDevNetworkParametersCa +import net.corda.nodeapi.internal.createDevNodeCa +import net.corda.nodeapi.internal.crypto.CertificateAndKeyPair +import net.corda.testing.core.TestIdentity import net.corda.testing.node.internal.network.NetworkMapServer import org.assertj.core.api.Assertions.assertThat import org.junit.After @@ -21,6 +28,7 @@ import org.junit.Test import java.net.URL import java.nio.file.FileSystem import kotlin.test.assertEquals +import kotlin.test.assertFailsWith import kotlin.test.assertFalse import kotlin.test.assertNotNull @@ -84,4 +92,23 @@ class NetworkParametersReaderTest { val parameters = inByteArray.deserialize() assertThat(parameters.verified().eventHorizon).isEqualTo(Int.MAX_VALUE.days) } + + @Test(timeout = 300_000) + fun `verifying works with NETWORK_PARAMETERS role and NETWORK_MAP role, but fails for NODE_CA role`() { + val netParameters = testNetworkParameters(epoch = 1) + val certKeyPairNetworkParameters: CertificateAndKeyPair = createDevNetworkParametersCa() + val netParamsForNetworkParameters= certKeyPairNetworkParameters.sign(netParameters) + netParamsForNetworkParameters.verifiedNetworkParametersCert(DEV_ROOT_CA.certificate) + + val certKeyPairNetworkMap: CertificateAndKeyPair = createDevNetworkMapCa() + val netParamsForNetworkMap = certKeyPairNetworkMap.sign(netParameters) + netParamsForNetworkMap.verifiedNetworkParametersCert(DEV_ROOT_CA.certificate) + + val megaCorp = TestIdentity(CordaX500Name("MegaCorp", "London", "GB")) + val x = createDevNodeCa(DEV_INTERMEDIATE_CA, megaCorp.name) + val netParamsForNode = x.sign(netParameters) + assertFailsWith(IllegalArgumentException::class, "Incorrect cert role: NODE_CA") { + netParamsForNode.verifiedNetworkParametersCert(DEV_ROOT_CA.certificate) + } + } } \ No newline at end of file diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MockNetworkParametersService.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MockNetworkParametersService.kt index 8f906b58cd..2155343d27 100644 --- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MockNetworkParametersService.kt +++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/internal/MockNetworkParametersService.kt @@ -9,7 +9,7 @@ import net.corda.core.node.NetworkParameters import net.corda.core.node.NotaryInfo import net.corda.core.serialization.serialize import net.corda.nodeapi.internal.network.SignedNetworkParameters -import net.corda.nodeapi.internal.network.verifiedNetworkMapCert +import net.corda.nodeapi.internal.network.verifiedNetworkParametersCert import net.corda.testing.common.internal.testNetworkParameters import net.corda.testing.core.ALICE_NAME import net.corda.testing.core.TestIdentity @@ -30,7 +30,7 @@ class MockNetworkParametersStorage(private var currentParameters: NetworkParamet } override fun setCurrentParameters(currentSignedParameters: SignedDataWithCert, trustRoot: X509Certificate) { - setCurrentParametersUnverified(currentSignedParameters.verifiedNetworkMapCert(trustRoot)) + setCurrentParametersUnverified(currentSignedParameters.verifiedNetworkParametersCert(trustRoot)) } override fun lookupSigned(hash: SecureHash): SignedDataWithCert? {