Merge pull request #2958 from corda/pat/ent-1323-cherrypick

ENT-1323 Network map service to check all identities in submitted node info
2024-12-19 04:57:58 +00:00 · 2018-04-12 14:04:47 +01:00 · 2018-04-12 14:04:47 +01:00 · 80c075b19e
commit 80c075b19e
parent 842dd04b0c b5f304a104
3 changed files with 40 additions and 17 deletions
--- a/node-api/src/test/kotlin/net/corda/nodeapi/internal/SignedNodeInfoTest.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/SignedNodeInfoTest.kt
@ -31,23 +31,23 @@ class SignedNodeInfoTest {

    @Test
    fun `verifying single identity`() {
-        nodeInfoBuilder.addIdentity(ALICE_NAME)
+        nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
        val (nodeInfo, signedNodeInfo) = nodeInfoBuilder.buildWithSigned()
        assertThat(signedNodeInfo.verified()).isEqualTo(nodeInfo)
    }

    @Test
    fun `verifying multiple identities`() {
-        nodeInfoBuilder.addIdentity(ALICE_NAME)
-        nodeInfoBuilder.addIdentity(BOB_NAME)
+        nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
+        nodeInfoBuilder.addLegalIdentity(BOB_NAME)
        val (nodeInfo, signedNodeInfo) = nodeInfoBuilder.buildWithSigned()
        assertThat(signedNodeInfo.verified()).isEqualTo(nodeInfo)
    }

    @Test
    fun `verifying missing signature`() {
-        val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
-        nodeInfoBuilder.addIdentity(BOB_NAME)
+        val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
+        nodeInfoBuilder.addLegalIdentity(BOB_NAME)
        val nodeInfo = nodeInfoBuilder.build()
        val signedNodeInfo = nodeInfo.signWith(listOf(aliceKey))
        assertThatThrownBy { signedNodeInfo.verified() }
@ -70,7 +70,7 @@ class SignedNodeInfoTest {

    @Test
    fun `verifying extra signature`() {
-        val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
+        val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
        val nodeInfo = nodeInfoBuilder.build()
        val signedNodeInfo = nodeInfo.signWith(listOf(aliceKey, generateKeyPair().private))
        assertThatThrownBy { signedNodeInfo.verified() }
@ -80,7 +80,7 @@ class SignedNodeInfoTest {

    @Test
    fun `verifying incorrect signature`() {
-        nodeInfoBuilder.addIdentity(ALICE_NAME)
+        nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
        val nodeInfo = nodeInfoBuilder.build()
        val signedNodeInfo = nodeInfo.signWith(listOf(generateKeyPair().private))
        assertThatThrownBy { signedNodeInfo.verified() }
@ -90,8 +90,8 @@ class SignedNodeInfoTest {

    @Test
    fun `verifying with signatures in wrong order`() {
-        val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
-        val (_, bobKey) = nodeInfoBuilder.addIdentity(BOB_NAME)
+        val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
+        val (_, bobKey) = nodeInfoBuilder.addLegalIdentity(BOB_NAME)
        val nodeInfo = nodeInfoBuilder.build()
        val signedNodeInfo = nodeInfo.signWith(listOf(bobKey, aliceKey))
        assertThatThrownBy { signedNodeInfo.verified() }
--- a/node/src/test/kotlin/net/corda/node/services/network/NetworkMapClientTest.kt
+++ b/node/src/test/kotlin/net/corda/node/services/network/NetworkMapClientTest.kt
@ -73,8 +73,8 @@ class NetworkMapClientTest {
    @Test
    fun `errors return a meaningful error message`() {
        val nodeInfoBuilder = TestNodeInfoBuilder()
-        val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
-        nodeInfoBuilder.addIdentity(BOB_NAME)
+        val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
+        nodeInfoBuilder.addLegalIdentity(BOB_NAME)
        val nodeInfo3 = nodeInfoBuilder.build()
        val signedNodeInfo3 = nodeInfo3.signWith(listOf(aliceKey))

--- a/testing/test-utils/src/main/kotlin/net/corda/testing/internal/TestNodeInfoBuilder.kt
+++ b/testing/test-utils/src/main/kotlin/net/corda/testing/internal/TestNodeInfoBuilder.kt
@ -20,7 +20,7 @@ import java.security.cert.X509Certificate
 class TestNodeInfoBuilder(private val intermediateAndRoot: Pair<CertificateAndKeyPair, X509Certificate> = DEV_INTERMEDIATE_CA to DEV_ROOT_CA.certificate) {
    private val identitiesAndPrivateKeys = ArrayList<Pair<PartyAndCertificate, PrivateKey>>()

-    fun addIdentity(name: CordaX500Name, nodeKeyPair: KeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)): Pair<PartyAndCertificate, PrivateKey> {
+    fun addLegalIdentity(name: CordaX500Name, nodeKeyPair: KeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)): Pair<PartyAndCertificate, PrivateKey> {
        val nodeCertificateAndKeyPair = createDevNodeCa(intermediateAndRoot.first, name, nodeKeyPair)
        val identityKeyPair = Crypto.generateKeyPair()
        val identityCert = X509Utilities.createCertificate(
@ -29,12 +29,35 @@ class TestNodeInfoBuilder(private val intermediateAndRoot: Pair<CertificateAndKe
                nodeCertificateAndKeyPair.keyPair,
                nodeCertificateAndKeyPair.certificate.subjectX500Principal,
                identityKeyPair.public)
-        val certPath = X509Utilities.buildCertPath(
-                identityCert,
-                nodeCertificateAndKeyPair.certificate,
+
+        val certs = arrayOf(identityCert, nodeCertificateAndKeyPair.certificate)
+        val key = identityKeyPair.private
+
+        val certPath = X509Utilities.buildCertPath(*certs,
                intermediateAndRoot.first.certificate,
                intermediateAndRoot.second)
-        return Pair(PartyAndCertificate(certPath), identityKeyPair.private).also {
+
+        return Pair(PartyAndCertificate(certPath), key).also {
+            identitiesAndPrivateKeys += it
+        }
+    }
+
+    fun addServiceIdentity(name: CordaX500Name, nodeKeyPair: KeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)): Pair<PartyAndCertificate, PrivateKey> {
+        val serviceCert = X509Utilities.createCertificate(
+                CertificateType.SERVICE_IDENTITY,
+                intermediateAndRoot.first.certificate,
+                intermediateAndRoot.first.keyPair,
+                name.x500Principal,
+                nodeKeyPair.public)
+
+        val certs = arrayOf(serviceCert)
+        val key = nodeKeyPair.private
+
+        val certPath = X509Utilities.buildCertPath(*certs,
+                intermediateAndRoot.first.certificate,
+                intermediateAndRoot.second)
+
+        return Pair(PartyAndCertificate(certPath), key).also {
            identitiesAndPrivateKeys += it
        }
    }
@ -62,7 +85,7 @@ class TestNodeInfoBuilder(private val intermediateAndRoot: Pair<CertificateAndKe

 fun createNodeInfoAndSigned(vararg names: CordaX500Name, serial: Long = 1, platformVersion: Int = 1): NodeInfoAndSigned {
    val nodeInfoBuilder = TestNodeInfoBuilder()
-    names.forEach { nodeInfoBuilder.addIdentity(it) }
+    names.forEach { nodeInfoBuilder.addLegalIdentity(it) }
    return nodeInfoBuilder.buildWithSigned(serial, platformVersion)
 }