CORDA-2199 NetworkParameters certificate role (#4278)

node/src/main/kotlin/net/corda/node/internal/NetworkParametersReader.kt

@@ -6,10 +6,7 @@ import net.corda.core.node.NetworkParameters
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.contextLogger
 import net.corda.node.services.network.NetworkMapClient
-import net.corda.nodeapi.internal.network.NETWORK_PARAMS_FILE_NAME
-import net.corda.nodeapi.internal.network.NETWORK_PARAMS_UPDATE_FILE_NAME
-import net.corda.nodeapi.internal.network.SignedNetworkParameters
-import net.corda.nodeapi.internal.network.verifiedNetworkMapCert
+import net.corda.nodeapi.internal.network.*
 import java.nio.file.Path
 import java.nio.file.StandardCopyOption
 import java.security.cert.X509Certificate
@@ -93,7 +90,9 @@ class NetworkParametersReader(private val trustRoot: X509Certificate,
     // By passing in just the SignedNetworkParameters object, this class guarantees that the networkParameters property
     // could have only been derived from it.
     class NetworkParametersAndSigned(val signed: SignedNetworkParameters, trustRoot: X509Certificate) {
-        val networkParameters: NetworkParameters = signed.verifiedNetworkMapCert(trustRoot)
+        // for backwards compatibility we allow netparams to be signed with the networkmap cert,
+        // but going forwards we also accept the distinct netparams cert as well
+        val networkParameters: NetworkParameters = signed.verifiedNetworkParametersCert(trustRoot)
         operator fun component1() = networkParameters
         operator fun component2() = signed
     }

node/src/main/kotlin/net/corda/node/services/network/NetworkMapUpdater.kt

@@ -208,7 +208,7 @@ The node will shutdown now.""")
             return
         }
         val newSignedNetParams = networkMapClient.getNetworkParameters(update.newParametersHash)
-        val newNetParams = newSignedNetParams.verifiedNetworkMapCert(trustRoot)
+        val newNetParams = newSignedNetParams.verifiedNetworkParametersCert(trustRoot)
         logger.info("Downloaded new network parameters: $newNetParams from the update: $update")
         newNetworkParameters = Pair(update, newSignedNetParams)
         val updateInfo = ParametersUpdateInfo(
@@ -233,7 +233,7 @@ The node will shutdown now.""")
         // Add persisting of newest parameters from update.
         val (update, signedNewNetParams) = requireNotNull(newNetworkParameters) { "Couldn't find parameters update for the hash: $parametersHash" }
         // We should check that we sign the right data structure hash.
-        val newNetParams = signedNewNetParams.verifiedNetworkMapCert(trustRoot)
+        val newNetParams = signedNewNetParams.verifiedNetworkParametersCert(trustRoot)
         val newParametersHash = signedNewNetParams.raw.hash
         if (parametersHash == newParametersHash) {
             // The latest parameters have priority.

node/src/test/kotlin/net/corda/node/services/network/NetworkMapUpdaterTest.kt

@@ -22,10 +22,7 @@ import net.corda.core.internal.NODE_INFO_DIRECTORY
 import net.corda.nodeapi.internal.NodeInfoAndSigned
 import net.corda.nodeapi.internal.SignedNodeInfo
 import net.corda.nodeapi.internal.crypto.X509Utilities
-import net.corda.nodeapi.internal.network.NETWORK_PARAMS_UPDATE_FILE_NAME
-import net.corda.nodeapi.internal.network.NodeInfoFilesCopier
-import net.corda.nodeapi.internal.network.SignedNetworkParameters
-import net.corda.nodeapi.internal.network.verifiedNetworkMapCert
+import net.corda.nodeapi.internal.network.*
 import net.corda.testing.common.internal.testNetworkParameters
 import net.corda.testing.core.*
 import net.corda.testing.internal.DEV_ROOT_CA
@@ -240,7 +237,7 @@ class NetworkMapUpdaterTest {
         assert(!updateFile.exists()) { "network parameters should not be auto accepted" }
         updater.acceptNewNetworkParameters(newHash) { it.serialize().sign(ourKeyPair) }
         val signedNetworkParams = updateFile.readObject<SignedNetworkParameters>()
-        val paramsFromFile = signedNetworkParams.verifiedNetworkMapCert(DEV_ROOT_CA.certificate)
+        val paramsFromFile = signedNetworkParams.verifiedNetworkParametersCert(DEV_ROOT_CA.certificate)
         assertEquals(newParameters, paramsFromFile)
         assertEquals(newHash, server.latestParametersAccepted(ourKeyPair.public))
     }
@@ -258,7 +255,7 @@ class NetworkMapUpdaterTest {
         val newHash = newParameters.serialize().hash
         val updateFile = baseDir / NETWORK_PARAMS_UPDATE_FILE_NAME
         val signedNetworkParams = updateFile.readObject<SignedNetworkParameters>()
-        val paramsFromFile = signedNetworkParams.verifiedNetworkMapCert(DEV_ROOT_CA.certificate)
+        val paramsFromFile = signedNetworkParams.verifiedNetworkParametersCert(DEV_ROOT_CA.certificate)
         assertEquals(newParameters, paramsFromFile)
         assertEquals(newHash, server.latestParametersAccepted(ourKeyPair.public))
     }

node/src/test/kotlin/net/corda/node/services/network/NetworkParametersReaderTest.kt

@@ -2,10 +2,7 @@ package net.corda.node.services.network
 
 import com.google.common.jimfs.Configuration
 import com.google.common.jimfs.Jimfs
-import net.corda.core.internal.createDirectories
-import net.corda.core.internal.div
-import net.corda.core.internal.exists
-import net.corda.core.internal.readObject
+import net.corda.core.internal.*
 import net.corda.core.serialization.deserialize
 import net.corda.core.utilities.days
 import net.corda.core.utilities.seconds
@@ -64,7 +61,7 @@ class NetworkParametersReaderTest {
         // Parameters from update should be moved to `network-parameters` file.
         val parametersFromFile = (baseDirectory / NETWORK_PARAMS_FILE_NAME)
                 .readObject<SignedNetworkParameters>()
-                .verifiedNetworkMapCert(DEV_ROOT_CA.certificate)
+                .verifiedNetworkParametersCert(DEV_ROOT_CA.certificate)
         assertEquals(server.networkParameters, parametersFromFile)
     }