diff --git a/docs/source/running-signing-service.rst b/docs/source/running-signing-service.rst index f208008212..3e102b61da 100644 --- a/docs/source/running-signing-service.rst +++ b/docs/source/running-signing-service.rst @@ -34,7 +34,7 @@ Allowed parameters are: :dataSourceProperties: Data source properties. It should describe (or point to) the Doorman database. -:csrSigning: CSR signing process configuration parameters. If specified, the signing service will sign approved CSRs. +:doorman: CSR signing process configuration parameters. If specified, the signing service will sign approved CSRs. :validDays: Number of days issued signatures are valid for. @@ -56,7 +56,7 @@ Allowed parameters are: :threshold: Minimum authentication strength threshold required for certificate signing requests. -:networkMapSigning: Network map signing process configuration parameters. If specified, the signing service will sign the network map. +:networkMap: Network map signing process configuration parameters. If specified, the signing service will sign the network map. :username: HSM username to be used when communicating with the HSM. diff --git a/network-management/hsm.conf b/network-management/hsm.conf index b85f7f110b..55f435d4c3 100644 --- a/network-management/hsm.conf +++ b/network-management/hsm.conf @@ -2,7 +2,7 @@ basedir = "." device = "3001@192.168.0.1" keySpecifier = -1 -csrSigning { +doorman { crlDistributionPoint = "http://test.com/revoked.crl" validDays = 3650 rootKeyStoreFile = "dummyfile.jks" @@ -15,7 +15,7 @@ csrSigning { } } -networkMapSigning { +networkMap { username = "TEST_USERNAME", keyGroup = "DEV.CORDACONNECT.OPS.NETMAP" authParameters { diff --git a/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/common/HsmBaseTest.kt b/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/common/HsmBaseTest.kt index b98ee2b040..62fbdaaed5 100644 --- a/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/common/HsmBaseTest.kt +++ b/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/common/HsmBaseTest.kt @@ -122,7 +122,7 @@ abstract class HsmBaseTest { dataSourceProperties = mock(), device = "${hsmSimulator.port}@${hsmSimulator.host}", keySpecifier = 1, - csrSigning = DoormanCertificateParameters( + doorman = DoormanCertificateParameters( rootKeyStoreFile = rootKeyStoreFile, keyGroup = DOORMAN_CERT_KEY_GROUP, validDays = 3650, @@ -133,7 +133,7 @@ abstract class HsmBaseTest { threshold = 2 ) ), - networkMapSigning = NetworkMapCertificateParameters( + networkMap = NetworkMapCertificateParameters( username = "INTEGRATION_TEST", keyGroup = NETWORK_MAP_CERT_KEY_GROUP, authParameters = AuthenticationParameters( diff --git a/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmAuthenticatorTest.kt b/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmAuthenticatorTest.kt index 8a5b852aca..2ce6ec642f 100644 --- a/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmAuthenticatorTest.kt +++ b/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmAuthenticatorTest.kt @@ -14,7 +14,7 @@ class HsmAuthenticatorTest : HsmBaseTest() { // given val userInput = givenHsmUserAuthenticationInput() val hsmSigningServiceConfig = createHsmSigningServiceConfig() - val doormanCertificateConfig = hsmSigningServiceConfig.csrSigning!! + val doormanCertificateConfig = hsmSigningServiceConfig.doorman!! val authenticator = Authenticator(provider = createProvider( doormanCertificateConfig.keyGroup, hsmSigningServiceConfig.keySpecifier, diff --git a/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmPermissionTest.kt b/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmPermissionTest.kt index a654d23c02..5d5f281ce1 100644 --- a/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmPermissionTest.kt +++ b/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmPermissionTest.kt @@ -49,13 +49,13 @@ class HsmPermissionTest : HsmBaseTest() { val hsmSigningServiceConfig = createHsmSigningServiceConfig() val signer = HsmCsrSigner( mock(), - hsmSigningServiceConfig.csrSigning!!.loadRootKeyStore(), + hsmSigningServiceConfig.doorman!!.loadRootKeyStore(), "", null, 3650, Authenticator( provider = createProvider( - hsmSigningServiceConfig.csrSigning!!.keyGroup, + hsmSigningServiceConfig.doorman!!.keyGroup, hsmSigningServiceConfig.keySpecifier, hsmSigningServiceConfig.device), inputReader = userInput) @@ -105,13 +105,13 @@ class HsmPermissionTest : HsmBaseTest() { val hsmSigningServiceConfig = createHsmSigningServiceConfig() val signer = HsmCsrSigner( mock(), - hsmSigningServiceConfig.csrSigning!!.loadRootKeyStore(), + hsmSigningServiceConfig.doorman!!.loadRootKeyStore(), "trustpass", null, 3650, Authenticator( provider = createProvider( - hsmSigningServiceConfig.csrSigning!!.keyGroup, + hsmSigningServiceConfig.doorman!!.keyGroup, hsmSigningServiceConfig.keySpecifier, hsmSigningServiceConfig.device), inputReader = userInput) diff --git a/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmSigningServiceTest.kt b/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmSigningServiceTest.kt index 2a0416c2d4..b5e36217f6 100644 --- a/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmSigningServiceTest.kt +++ b/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmSigningServiceTest.kt @@ -45,7 +45,7 @@ class HsmSigningServiceTest : HsmBaseTest() { // given HSM CSR signer val hsmSigningServiceConfig = createHsmSigningServiceConfig() - val doormanCertificateConfig = hsmSigningServiceConfig.csrSigning!! + val doormanCertificateConfig = hsmSigningServiceConfig.doorman!! val signer = HsmCsrSigner( mock(), doormanCertificateConfig.loadRootKeyStore(), @@ -89,7 +89,7 @@ class HsmSigningServiceTest : HsmBaseTest() { // given HSM CSR signer val hsmSigningServiceConfig = createHsmSigningServiceConfig() - val doormanCertificateConfig = hsmSigningServiceConfig.csrSigning!! + val doormanCertificateConfig = hsmSigningServiceConfig.doorman!! val signer = HsmCsrSigner( mock(), doormanCertificateConfig.loadRootKeyStore(), @@ -134,7 +134,7 @@ class HsmSigningServiceTest : HsmBaseTest() { // given HSM network map signer val hsmSigningServiceConfig = createHsmSigningServiceConfig() - val networkMapCertificateConfig = hsmSigningServiceConfig.networkMapSigning!! + val networkMapCertificateConfig = hsmSigningServiceConfig.networkMap!! val hsmDataSigner = HsmSigner(Authenticator( provider = createProvider( networkMapCertificateConfig.keyGroup, diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt index 2bc9a9345b..9f3071f6f2 100644 --- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt +++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt @@ -1,5 +1,6 @@ package com.r3.corda.networkmanage.hsm +import com.google.common.primitives.Booleans import com.r3.corda.networkmanage.common.persistence.configureDatabase import com.r3.corda.networkmanage.common.utils.ShowHelpException import com.r3.corda.networkmanage.common.utils.initialiseSerialization @@ -21,8 +22,8 @@ fun main(args: Array) { require(Cipher.getMaxAllowedKeyLength("AES") >= 256) { "Unlimited Strength Jurisdiction Policy Files must be installed, see http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html" } - require(csrSigning != null || networkMapSigning != null) { - "Either network map or certificate signing request certificate parameters must be specified." + require(Booleans.countTrue(doorman != null, networkMap != null) == 1) { + "Exactly one networkMap or doorman configuration needs to be specified." } requireNotNull(dataSourceProperties) @@ -34,12 +35,11 @@ fun main(args: Array) { initialiseSerialization() // Create DB connection. val persistence = configureDatabase(dataSourceProperties, database) - if (networkMapSigning != null) { - NetworkMapProcessor(networkMapSigning, device, keySpecifier, persistence).run() - } - if (csrSigning != null) { + if (networkMap != null) { + NetworkMapProcessor(networkMap, device, keySpecifier, persistence).run() + } else { try { - CsrProcessor(csrSigning, device, keySpecifier, persistence).showMenu() + CsrProcessor(doorman!!, device, keySpecifier, persistence).showMenu() } catch (e: ShowHelpException) { e.errorMessage?.let(::println) e.parser.printHelpOn(System.out) diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/Configuration.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/Configuration.kt index d40e1e9428..fb4c9ab218 100644 --- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/Configuration.kt +++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/Configuration.kt @@ -21,8 +21,8 @@ data class Parameters(val dataSourceProperties: Properties, val database: DatabaseConfig = DatabaseConfig(), val device: String, val keySpecifier: Int, - val networkMapSigning: NetworkMapCertificateParameters? = null, - val csrSigning: DoormanCertificateParameters? = null) + val networkMap: NetworkMapCertificateParameters? = null, + val doorman: DoormanCertificateParameters? = null) /** * Network map signing process specific parameters. diff --git a/network-management/src/test/kotlin/com/r3/corda/networkmanage/hsm/configuration/ConfigurationTest.kt b/network-management/src/test/kotlin/com/r3/corda/networkmanage/hsm/configuration/ConfigurationTest.kt index 3eee5a6c9e..5839ae9ab3 100644 --- a/network-management/src/test/kotlin/com/r3/corda/networkmanage/hsm/configuration/ConfigurationTest.kt +++ b/network-management/src/test/kotlin/com/r3/corda/networkmanage/hsm/configuration/ConfigurationTest.kt @@ -18,11 +18,11 @@ class ConfigurationTest : TestBase() { fun `config file is parsed correctly`() { val parameters = parseParameters("--config-file", validConfigPath) assertEquals("3001@192.168.0.1", parameters.device) - val doormanCertParameters = parameters.csrSigning!! + val doormanCertParameters = parameters.doorman!! assertEquals(AuthMode.PASSWORD, doormanCertParameters.authParameters.mode) assertEquals(2, doormanCertParameters.authParameters.threshold) assertEquals(3650, doormanCertParameters.validDays) - val nmParams = parameters.networkMapSigning!! + val nmParams = parameters.networkMap!! assertEquals(AuthMode.KEY_FILE, nmParams.authParameters.mode) assertEquals(Paths.get("./Administrator.KEY"), nmParams.authParameters.keyFilePath) assertEquals(2, nmParams.authParameters.threshold)