Legal name validation for X500Name (#983)

* * Legal name validation for X500Name while loading from config file. * * Removed unintended changes.
2025-01-20 03:36:29 +00:00 · 2017-07-11 12:09:30 +01:00 · 2017-07-11 12:09:30 +01:00 · 7e8de79848
commit 7e8de79848
parent d52b0e5db9
5 changed files with 15 additions and 8 deletions
--- a/core/src/main/kotlin/net/corda/core/utilities/LegalNameValidator.kt
+++ b/core/src/main/kotlin/net/corda/core/utilities/LegalNameValidator.kt
@ -2,6 +2,8 @@

 package net.corda.core.utilities

+import net.corda.core.crypto.commonName
+import org.bouncycastle.asn1.x500.X500Name
 import java.lang.Character.UnicodeScript.*
 import java.text.Normalizer
 import java.util.regex.Pattern
@ -19,9 +21,13 @@ import javax.security.auth.x500.X500Principal
 *
 * @throws IllegalArgumentException if the name does not meet the required rules. The message indicates why not.
 */
-@Throws(IllegalArgumentException::class)
 fun validateLegalName(normalizedLegalName: String) {
-    rules.forEach { it.validate(normalizedLegalName) }
+    legalNameRules.forEach { it.validate(normalizedLegalName) }
+}
+
+// TODO: Implement X500 attribute validation once the specification has been finalised.
+fun validateX500Name(x500Name: X500Name) {
+    validateLegalName(x500Name.commonName)
 }

 val WHITESPACE = "\\s++".toRegex()
@ -35,7 +41,7 @@ fun normaliseLegalName(legalName: String): String {
    return Normalizer.normalize(trimmedLegalName, Normalizer.Form.NFKC)
 }

-private val rules: List<Rule<String>> = listOf(
+private val legalNameRules: List<Rule<String>> = listOf(
        UnicodeNormalizationRule(),
        CharacterRule(',', '=', '$', '"', '\'', '\\'),
        WordRule("node", "server"),
@ -107,7 +113,7 @@ private class X500NameRule : Rule<String> {
 private class MustHaveAtLeastTwoLettersRule : Rule<String> {
    override fun validate(legalName: String) {
        // Try to exclude names like "/", "£", "X" etc.
-        require(legalName.count { it.isLetter() } >= 3) { "Must have at least two letters" }
+        require(legalName.count { it.isLetter() } >= 3) { "Illegal input legal name '$legalName'. Legal name must have at least two letters" }
    }
 }

--- a/node-api/src/main/kotlin/net/corda/nodeapi/config/ConfigUtilities.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/config/ConfigUtilities.kt
@ -3,6 +3,7 @@ package net.corda.nodeapi.config
 import com.typesafe.config.Config
 import com.typesafe.config.ConfigUtil
 import net.corda.core.noneOrSingle
+import net.corda.core.utilities.validateX500Name
 import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.parseNetworkHostAndPort
 import org.bouncycastle.asn1.x500.X500Name
@ -72,7 +73,7 @@ private fun Config.getSingleValue(path: String, type: KType): Any? {
        Path::class -> Paths.get(getString(path))
        URL::class -> URL(getString(path))
        Properties::class -> getConfig(path).toProperties()
-        X500Name::class -> X500Name(getString(path))
+        X500Name::class -> X500Name(getString(path)).apply(::validateX500Name)
        else -> if (typeClass.java.isEnum) {
            parseEnum(typeClass.java, getString(path))
        } else {
--- a/node-api/src/test/kotlin/net/corda/nodeapi/config/ConfigParsingTest.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/config/ConfigParsingTest.kt
@ -112,7 +112,7 @@ class ConfigParsingTest {

    @Test
    fun x500Name() {
-        testPropertyType<X500NameData, X500NameListData, X500Name>(getTestX509Name("Mock Node"), getTestX509Name("Mock Node 2"), valuesToString = true)
+        testPropertyType<X500NameData, X500NameListData, X500Name>(getTestX509Name("Mock Party"), getTestX509Name("Mock Party 2"), valuesToString = true)
    }

    @Test
--- a/node/src/integration-test/kotlin/net/corda/services/messaging/P2PMessagingTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/services/messaging/P2PMessagingTest.kt
@ -30,7 +30,7 @@ import java.util.concurrent.atomic.AtomicInteger
 class P2PMessagingTest : NodeBasedTest() {
    private companion object {
        val DISTRIBUTED_SERVICE_NAME = getTestX509Name("DistributedService")
-        val SERVICE_2_NAME = getTestX509Name("Service Node 2")
+        val SERVICE_2_NAME = getTestX509Name("Service 2")
    }

    @Test
--- a/node/src/integration-test/kotlin/net/corda/services/messaging/P2PSecurityTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/services/messaging/P2PSecurityTest.kt
@ -30,7 +30,7 @@ class P2PSecurityTest : NodeBasedTest() {

    @Test
    fun `incorrect legal name for the network map service config`() {
-        val incorrectNetworkMapName = X509Utilities.getDevX509Name(random63BitValue().toString())
+        val incorrectNetworkMapName = X509Utilities.getDevX509Name("NetworkMap-${random63BitValue()}")
        val node = startNode(BOB.name, configOverrides = mapOf(
                "networkMapService" to mapOf(
                        "address" to networkMapNode.configuration.p2pAddress.toString(),