ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-27 08:22:35 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Renaming configuration sections for doorman and network map (#472)

Browse Source
This commit is contained in:
Michal Kit 2018-03-02 11:41:00 +00:00 committed by GitHub
parent 29215035e1
commit 8f05dc2230
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/source/running-signing-service.rst
View File

@ -34,7 +34,7 @@ Allowed parameters are:
:dataSourceProperties: Data source properties. It should describe (or point to) the Doorman database. :dataSourceProperties: Data source properties. It should describe (or point to) the Doorman database.
:csrSigning: CSR signing process configuration parameters. If specified, the signing service will sign approved CSRs. :doorman: CSR signing process configuration parameters. If specified, the signing service will sign approved CSRs.
:validDays: Number of days issued signatures are valid for. :validDays: Number of days issued signatures are valid for.
@ -56,7 +56,7 @@ Allowed parameters are:
:threshold: Minimum authentication strength threshold required for certificate signing requests. :threshold: Minimum authentication strength threshold required for certificate signing requests.
:networkMapSigning: Network map signing process configuration parameters. If specified, the signing service will sign the network map. :networkMap: Network map signing process configuration parameters. If specified, the signing service will sign the network map.
:username: HSM username to be used when communicating with the HSM. :username: HSM username to be used when communicating with the HSM.

4
network-management/hsm.conf
View File

@ -2,7 +2,7 @@ basedir = "."
device = "3001@192.168.0.1" device = "3001@192.168.0.1"
keySpecifier = -1 keySpecifier = -1
csrSigning { doorman {
crlDistributionPoint = "http://test.com/revoked.crl" crlDistributionPoint = "http://test.com/revoked.crl"
validDays = 3650 validDays = 3650
rootKeyStoreFile = "dummyfile.jks" rootKeyStoreFile = "dummyfile.jks"
@ -15,7 +15,7 @@ csrSigning {
} }
} }
networkMapSigning { networkMap {
username = "TEST_USERNAME", username = "TEST_USERNAME",
keyGroup = "DEV.CORDACONNECT.OPS.NETMAP" keyGroup = "DEV.CORDACONNECT.OPS.NETMAP"
authParameters { authParameters {

4
network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/common/HsmBaseTest.kt
View File

@ -122,7 +122,7 @@ abstract class HsmBaseTest {
dataSourceProperties = mock(), dataSourceProperties = mock(),
device = "${hsmSimulator.port}@${hsmSimulator.host}", device = "${hsmSimulator.port}@${hsmSimulator.host}",
keySpecifier = 1, keySpecifier = 1,
csrSigning = DoormanCertificateParameters( doorman = DoormanCertificateParameters(
rootKeyStoreFile = rootKeyStoreFile, rootKeyStoreFile = rootKeyStoreFile,
keyGroup = DOORMAN_CERT_KEY_GROUP, keyGroup = DOORMAN_CERT_KEY_GROUP,
validDays = 3650, validDays = 3650,
@ -133,7 +133,7 @@ abstract class HsmBaseTest {
threshold = 2 threshold = 2
) )
), ),
networkMapSigning = NetworkMapCertificateParameters( networkMap = NetworkMapCertificateParameters(
username = "INTEGRATION_TEST", username = "INTEGRATION_TEST",
keyGroup = NETWORK_MAP_CERT_KEY_GROUP, keyGroup = NETWORK_MAP_CERT_KEY_GROUP,
authParameters = AuthenticationParameters( authParameters = AuthenticationParameters(

2
network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmAuthenticatorTest.kt
View File

@ -14,7 +14,7 @@ class HsmAuthenticatorTest : HsmBaseTest() {
// given // given
val userInput = givenHsmUserAuthenticationInput() val userInput = givenHsmUserAuthenticationInput()
val hsmSigningServiceConfig = createHsmSigningServiceConfig() val hsmSigningServiceConfig = createHsmSigningServiceConfig()
val doormanCertificateConfig = hsmSigningServiceConfig.csrSigning!! val doormanCertificateConfig = hsmSigningServiceConfig.doorman!!
val authenticator = Authenticator(provider = createProvider( val authenticator = Authenticator(provider = createProvider(
doormanCertificateConfig.keyGroup, doormanCertificateConfig.keyGroup,
hsmSigningServiceConfig.keySpecifier, hsmSigningServiceConfig.keySpecifier,

8
network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmPermissionTest.kt
View File

@ -49,13 +49,13 @@ class HsmPermissionTest : HsmBaseTest() {
val hsmSigningServiceConfig = createHsmSigningServiceConfig() val hsmSigningServiceConfig = createHsmSigningServiceConfig()
val signer = HsmCsrSigner( val signer = HsmCsrSigner(
mock(), mock(),
hsmSigningServiceConfig.csrSigning!!.loadRootKeyStore(), hsmSigningServiceConfig.doorman!!.loadRootKeyStore(),
"", "",
null, null,
3650, 3650,
Authenticator( Authenticator(
provider = createProvider( provider = createProvider(
hsmSigningServiceConfig.csrSigning!!.keyGroup, hsmSigningServiceConfig.doorman!!.keyGroup,
hsmSigningServiceConfig.keySpecifier, hsmSigningServiceConfig.keySpecifier,
hsmSigningServiceConfig.device), hsmSigningServiceConfig.device),
inputReader = userInput) inputReader = userInput)
@ -105,13 +105,13 @@ class HsmPermissionTest : HsmBaseTest() {
val hsmSigningServiceConfig = createHsmSigningServiceConfig() val hsmSigningServiceConfig = createHsmSigningServiceConfig()
val signer = HsmCsrSigner( val signer = HsmCsrSigner(
mock(), mock(),
hsmSigningServiceConfig.csrSigning!!.loadRootKeyStore(), hsmSigningServiceConfig.doorman!!.loadRootKeyStore(),
"trustpass", "trustpass",
null, null,
3650, 3650,
Authenticator( Authenticator(
provider = createProvider( provider = createProvider(
hsmSigningServiceConfig.csrSigning!!.keyGroup, hsmSigningServiceConfig.doorman!!.keyGroup,
hsmSigningServiceConfig.keySpecifier, hsmSigningServiceConfig.keySpecifier,
hsmSigningServiceConfig.device), hsmSigningServiceConfig.device),
inputReader = userInput) inputReader = userInput)

6
network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/hsm/HsmSigningServiceTest.kt
View File

@ -45,7 +45,7 @@ class HsmSigningServiceTest : HsmBaseTest() {
// given HSM CSR signer // given HSM CSR signer
val hsmSigningServiceConfig = createHsmSigningServiceConfig() val hsmSigningServiceConfig = createHsmSigningServiceConfig()
val doormanCertificateConfig = hsmSigningServiceConfig.csrSigning!! val doormanCertificateConfig = hsmSigningServiceConfig.doorman!!
val signer = HsmCsrSigner( val signer = HsmCsrSigner(
mock(), mock(),
doormanCertificateConfig.loadRootKeyStore(), doormanCertificateConfig.loadRootKeyStore(),
@ -89,7 +89,7 @@ class HsmSigningServiceTest : HsmBaseTest() {
// given HSM CSR signer // given HSM CSR signer
val hsmSigningServiceConfig = createHsmSigningServiceConfig() val hsmSigningServiceConfig = createHsmSigningServiceConfig()
val doormanCertificateConfig = hsmSigningServiceConfig.csrSigning!! val doormanCertificateConfig = hsmSigningServiceConfig.doorman!!
val signer = HsmCsrSigner( val signer = HsmCsrSigner(
mock(), mock(),
doormanCertificateConfig.loadRootKeyStore(), doormanCertificateConfig.loadRootKeyStore(),
@ -134,7 +134,7 @@ class HsmSigningServiceTest : HsmBaseTest() {
// given HSM network map signer // given HSM network map signer
val hsmSigningServiceConfig = createHsmSigningServiceConfig() val hsmSigningServiceConfig = createHsmSigningServiceConfig()
val networkMapCertificateConfig = hsmSigningServiceConfig.networkMapSigning!! val networkMapCertificateConfig = hsmSigningServiceConfig.networkMap!!
val hsmDataSigner = HsmSigner(Authenticator( val hsmDataSigner = HsmSigner(Authenticator(
provider = createProvider( provider = createProvider(
networkMapCertificateConfig.keyGroup, networkMapCertificateConfig.keyGroup,

14
network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt
View File

@ -1,5 +1,6 @@
package com.r3.corda.networkmanage.hsm package com.r3.corda.networkmanage.hsm
import com.google.common.primitives.Booleans
import com.r3.corda.networkmanage.common.persistence.configureDatabase import com.r3.corda.networkmanage.common.persistence.configureDatabase
import com.r3.corda.networkmanage.common.utils.ShowHelpException import com.r3.corda.networkmanage.common.utils.ShowHelpException
import com.r3.corda.networkmanage.common.utils.initialiseSerialization import com.r3.corda.networkmanage.common.utils.initialiseSerialization
@ -21,8 +22,8 @@ fun main(args: Array<String>) {
require(Cipher.getMaxAllowedKeyLength("AES") >= 256) { require(Cipher.getMaxAllowedKeyLength("AES") >= 256) {
"Unlimited Strength Jurisdiction Policy Files must be installed, see http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html" "Unlimited Strength Jurisdiction Policy Files must be installed, see http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html"
} }
require(csrSigning != null || networkMapSigning != null) { require(Booleans.countTrue(doorman != null, networkMap != null) == 1) {
"Either network map or certificate signing request certificate parameters must be specified." "Exactly one networkMap or doorman configuration needs to be specified."
} }
requireNotNull(dataSourceProperties) requireNotNull(dataSourceProperties)
@ -34,12 +35,11 @@ fun main(args: Array<String>) {
initialiseSerialization() initialiseSerialization()
// Create DB connection. // Create DB connection.
val persistence = configureDatabase(dataSourceProperties, database) val persistence = configureDatabase(dataSourceProperties, database)
if (networkMapSigning != null) { if (networkMap != null) {
NetworkMapProcessor(networkMapSigning, device, keySpecifier, persistence).run() NetworkMapProcessor(networkMap, device, keySpecifier, persistence).run()
} } else {
if (csrSigning != null) {
try { try {
CsrProcessor(csrSigning, device, keySpecifier, persistence).showMenu() CsrProcessor(doorman!!, device, keySpecifier, persistence).showMenu()
} catch (e: ShowHelpException) { } catch (e: ShowHelpException) {
e.errorMessage?.let(::println) e.errorMessage?.let(::println)
e.parser.printHelpOn(System.out) e.parser.printHelpOn(System.out)

4
network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/Configuration.kt
View File

@ -21,8 +21,8 @@ data class Parameters(val dataSourceProperties: Properties,
val database: DatabaseConfig = DatabaseConfig(), val database: DatabaseConfig = DatabaseConfig(),
val device: String, val device: String,
val keySpecifier: Int, val keySpecifier: Int,
val networkMapSigning: NetworkMapCertificateParameters? = null, val networkMap: NetworkMapCertificateParameters? = null,
val csrSigning: DoormanCertificateParameters? = null) val doorman: DoormanCertificateParameters? = null)
/** /**
* Network map signing process specific parameters. * Network map signing process specific parameters.

4
network-management/src/test/kotlin/com/r3/corda/networkmanage/hsm/configuration/ConfigurationTest.kt
View File

@ -18,11 +18,11 @@ class ConfigurationTest : TestBase() {
fun `config file is parsed correctly`() { fun `config file is parsed correctly`() {
val parameters = parseParameters("--config-file", validConfigPath) val parameters = parseParameters("--config-file", validConfigPath)
assertEquals("3001@192.168.0.1", parameters.device) assertEquals("3001@192.168.0.1", parameters.device)
val doormanCertParameters = parameters.csrSigning!! val doormanCertParameters = parameters.doorman!!
assertEquals(AuthMode.PASSWORD, doormanCertParameters.authParameters.mode) assertEquals(AuthMode.PASSWORD, doormanCertParameters.authParameters.mode)
assertEquals(2, doormanCertParameters.authParameters.threshold) assertEquals(2, doormanCertParameters.authParameters.threshold)
assertEquals(3650, doormanCertParameters.validDays) assertEquals(3650, doormanCertParameters.validDays)
val nmParams = parameters.networkMapSigning!! val nmParams = parameters.networkMap!!
assertEquals(AuthMode.KEY_FILE, nmParams.authParameters.mode) assertEquals(AuthMode.KEY_FILE, nmParams.authParameters.mode)
assertEquals(Paths.get("./Administrator.KEY"), nmParams.authParameters.keyFilePath) assertEquals(Paths.get("./Administrator.KEY"), nmParams.authParameters.keyFilePath)
assertEquals(2, nmParams.authParameters.threshold) assertEquals(2, nmParams.authParameters.threshold)