diff --git a/core/src/main/kotlin/net/corda/core/Utils.kt b/core/src/main/kotlin/net/corda/core/Utils.kt index fea248b305..93d574b151 100644 --- a/core/src/main/kotlin/net/corda/core/Utils.kt +++ b/core/src/main/kotlin/net/corda/core/Utils.kt @@ -1,3 +1,4 @@ +// TODO Move out the Kotlin specific stuff into a separate file @file:JvmName("Utils") package net.corda.core diff --git a/docs/source/permissioning.rst b/docs/source/permissioning.rst index 548cd19278..721f2a33fe 100644 --- a/docs/source/permissioning.rst +++ b/docs/source/permissioning.rst @@ -2,12 +2,15 @@ Network permissioning ===================== The keystore located in ``/certificates/sslkeystore.jks`` is required to connect to the Corda network securely. -In development mode (when ``devMode = true``, see :doc:`corda-configuration-file` for more information) a pre-configured keystore will be used if the keystore does not exist. -This is to ensure developers can get the nodes working as quickly as possible. +In development mode (when ``devMode = true``, see :doc:`corda-configuration-file` for more information) a pre-configured +keystore will be used if the keystore does not exist. This is to ensure developers can get the nodes working as quickly +as possible. -However this is not secure for the real network. This documentation will explain the procedure of obtaining a signed certificate for TestNet. +However this is not secure for the real network. This documentation will explain the procedure of obtaining a signed +certificate for TestNet. -.. warning:: The TestNet has not been setup yet as of Milestone 6 release. You will not be able to connect to the certificate signing server. +.. warning:: The TestNet has not been setup yet as of Milestone 6 release. You will not be able to connect to the + certificate signing server. Certificate signing request utility ----------------------------------- @@ -15,13 +18,19 @@ Certificate signing request utility The utility creates certificate signing request based on node information obtained from the node configuration. The following information from the node configuration file is needed to generate a certificate signing request. -:myLegalName: Your company's legal name. e.g. "R3 CEV, LLC" +:myLegalName: Your company's legal name. e.g. "Mega Corp LLC". This needs to be unique on the network. If another node + has already been permissioned with this name then the permissioning server will automatically reject the request. The + request will also be rejected if the name contains a ``=`` or ``,``. -:nearestCity: e.g. "London" + .. note:: In a future version the uniquess requirement will be relaxed to a X.500 name. This will allow differentiation + between entities with the same name. + +:nearestCity: e.g. "London" :emailAddress: e.g. "admin@company.com" -:certificateSigningService: Certificate signing server URL. A certificate signing server will be hosted by R3 in the near future. e.g."https://testnet.certificate.corda.net" +:certificateSigningService: Certificate signing server URL. A certificate signing server will be hosted by R3 in the near + future. e.g."https://testnet.certificate.corda.net" A new pair of private and public keys will be generated by the utility and will be used to create the request. diff --git a/node/src/main/kotlin/net/corda/node/services/statemachine/StateMachineManager.kt b/node/src/main/kotlin/net/corda/node/services/statemachine/StateMachineManager.kt index 69769b2799..a2369b5609 100644 --- a/node/src/main/kotlin/net/corda/node/services/statemachine/StateMachineManager.kt +++ b/node/src/main/kotlin/net/corda/node/services/statemachine/StateMachineManager.kt @@ -217,10 +217,7 @@ class StateMachineManager(val serviceHub: ServiceHubInternal, when (sessionMessage) { is ExistingSessionMessage -> onExistingSessionMessage(sessionMessage) is SessionInit -> { - // TODO SECURITY Look up the party with the full X.500 name instead of just the legal name which - // isn't required to be unique - // TODO For now have the doorman block signups with identical names, and names with characters that - // are used in X.500 name textual serialisation + // TODO Look up the party with the full X.500 name instead of just the legal name val otherParty = serviceHub.networkMapCache.getNodeByLegalName(message.peer.commonName)?.legalIdentity if (otherParty != null) { onSessionInit(sessionMessage, otherParty)