mirror of
https://github.com/corda/corda.git
synced 2024-12-18 20:47:57 +00:00
Merge pull request #2958 from corda/pat/ent-1323-cherrypick
ENT-1323 Network map service to check all identities in submitted node info
This commit is contained in:
commit
80c075b19e
@ -31,23 +31,23 @@ class SignedNodeInfoTest {
|
||||
|
||||
@Test
|
||||
fun `verifying single identity`() {
|
||||
nodeInfoBuilder.addIdentity(ALICE_NAME)
|
||||
nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||
val (nodeInfo, signedNodeInfo) = nodeInfoBuilder.buildWithSigned()
|
||||
assertThat(signedNodeInfo.verified()).isEqualTo(nodeInfo)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `verifying multiple identities`() {
|
||||
nodeInfoBuilder.addIdentity(ALICE_NAME)
|
||||
nodeInfoBuilder.addIdentity(BOB_NAME)
|
||||
nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||
nodeInfoBuilder.addLegalIdentity(BOB_NAME)
|
||||
val (nodeInfo, signedNodeInfo) = nodeInfoBuilder.buildWithSigned()
|
||||
assertThat(signedNodeInfo.verified()).isEqualTo(nodeInfo)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `verifying missing signature`() {
|
||||
val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
|
||||
nodeInfoBuilder.addIdentity(BOB_NAME)
|
||||
val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||
nodeInfoBuilder.addLegalIdentity(BOB_NAME)
|
||||
val nodeInfo = nodeInfoBuilder.build()
|
||||
val signedNodeInfo = nodeInfo.signWith(listOf(aliceKey))
|
||||
assertThatThrownBy { signedNodeInfo.verified() }
|
||||
@ -70,7 +70,7 @@ class SignedNodeInfoTest {
|
||||
|
||||
@Test
|
||||
fun `verifying extra signature`() {
|
||||
val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
|
||||
val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||
val nodeInfo = nodeInfoBuilder.build()
|
||||
val signedNodeInfo = nodeInfo.signWith(listOf(aliceKey, generateKeyPair().private))
|
||||
assertThatThrownBy { signedNodeInfo.verified() }
|
||||
@ -80,7 +80,7 @@ class SignedNodeInfoTest {
|
||||
|
||||
@Test
|
||||
fun `verifying incorrect signature`() {
|
||||
nodeInfoBuilder.addIdentity(ALICE_NAME)
|
||||
nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||
val nodeInfo = nodeInfoBuilder.build()
|
||||
val signedNodeInfo = nodeInfo.signWith(listOf(generateKeyPair().private))
|
||||
assertThatThrownBy { signedNodeInfo.verified() }
|
||||
@ -90,8 +90,8 @@ class SignedNodeInfoTest {
|
||||
|
||||
@Test
|
||||
fun `verifying with signatures in wrong order`() {
|
||||
val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
|
||||
val (_, bobKey) = nodeInfoBuilder.addIdentity(BOB_NAME)
|
||||
val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||
val (_, bobKey) = nodeInfoBuilder.addLegalIdentity(BOB_NAME)
|
||||
val nodeInfo = nodeInfoBuilder.build()
|
||||
val signedNodeInfo = nodeInfo.signWith(listOf(bobKey, aliceKey))
|
||||
assertThatThrownBy { signedNodeInfo.verified() }
|
||||
|
@ -73,8 +73,8 @@ class NetworkMapClientTest {
|
||||
@Test
|
||||
fun `errors return a meaningful error message`() {
|
||||
val nodeInfoBuilder = TestNodeInfoBuilder()
|
||||
val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
|
||||
nodeInfoBuilder.addIdentity(BOB_NAME)
|
||||
val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||
nodeInfoBuilder.addLegalIdentity(BOB_NAME)
|
||||
val nodeInfo3 = nodeInfoBuilder.build()
|
||||
val signedNodeInfo3 = nodeInfo3.signWith(listOf(aliceKey))
|
||||
|
||||
|
@ -20,7 +20,7 @@ import java.security.cert.X509Certificate
|
||||
class TestNodeInfoBuilder(private val intermediateAndRoot: Pair<CertificateAndKeyPair, X509Certificate> = DEV_INTERMEDIATE_CA to DEV_ROOT_CA.certificate) {
|
||||
private val identitiesAndPrivateKeys = ArrayList<Pair<PartyAndCertificate, PrivateKey>>()
|
||||
|
||||
fun addIdentity(name: CordaX500Name, nodeKeyPair: KeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)): Pair<PartyAndCertificate, PrivateKey> {
|
||||
fun addLegalIdentity(name: CordaX500Name, nodeKeyPair: KeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)): Pair<PartyAndCertificate, PrivateKey> {
|
||||
val nodeCertificateAndKeyPair = createDevNodeCa(intermediateAndRoot.first, name, nodeKeyPair)
|
||||
val identityKeyPair = Crypto.generateKeyPair()
|
||||
val identityCert = X509Utilities.createCertificate(
|
||||
@ -29,12 +29,35 @@ class TestNodeInfoBuilder(private val intermediateAndRoot: Pair<CertificateAndKe
|
||||
nodeCertificateAndKeyPair.keyPair,
|
||||
nodeCertificateAndKeyPair.certificate.subjectX500Principal,
|
||||
identityKeyPair.public)
|
||||
val certPath = X509Utilities.buildCertPath(
|
||||
identityCert,
|
||||
nodeCertificateAndKeyPair.certificate,
|
||||
|
||||
val certs = arrayOf(identityCert, nodeCertificateAndKeyPair.certificate)
|
||||
val key = identityKeyPair.private
|
||||
|
||||
val certPath = X509Utilities.buildCertPath(*certs,
|
||||
intermediateAndRoot.first.certificate,
|
||||
intermediateAndRoot.second)
|
||||
return Pair(PartyAndCertificate(certPath), identityKeyPair.private).also {
|
||||
|
||||
return Pair(PartyAndCertificate(certPath), key).also {
|
||||
identitiesAndPrivateKeys += it
|
||||
}
|
||||
}
|
||||
|
||||
fun addServiceIdentity(name: CordaX500Name, nodeKeyPair: KeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)): Pair<PartyAndCertificate, PrivateKey> {
|
||||
val serviceCert = X509Utilities.createCertificate(
|
||||
CertificateType.SERVICE_IDENTITY,
|
||||
intermediateAndRoot.first.certificate,
|
||||
intermediateAndRoot.first.keyPair,
|
||||
name.x500Principal,
|
||||
nodeKeyPair.public)
|
||||
|
||||
val certs = arrayOf(serviceCert)
|
||||
val key = nodeKeyPair.private
|
||||
|
||||
val certPath = X509Utilities.buildCertPath(*certs,
|
||||
intermediateAndRoot.first.certificate,
|
||||
intermediateAndRoot.second)
|
||||
|
||||
return Pair(PartyAndCertificate(certPath), key).also {
|
||||
identitiesAndPrivateKeys += it
|
||||
}
|
||||
}
|
||||
@ -62,7 +85,7 @@ class TestNodeInfoBuilder(private val intermediateAndRoot: Pair<CertificateAndKe
|
||||
|
||||
fun createNodeInfoAndSigned(vararg names: CordaX500Name, serial: Long = 1, platformVersion: Int = 1): NodeInfoAndSigned {
|
||||
val nodeInfoBuilder = TestNodeInfoBuilder()
|
||||
names.forEach { nodeInfoBuilder.addIdentity(it) }
|
||||
names.forEach { nodeInfoBuilder.addLegalIdentity(it) }
|
||||
return nodeInfoBuilder.buildWithSigned(serial, platformVersion)
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user