Cleanup: add an extension function to X509CertificateHolder and use that instead of the verbose JcaX509CertificateConverter construct everywhere.

2025-06-17 22:58:19 +00:00 · 2017-06-13 10:45:06 +02:00
parent 475044597d
commit a9b794ace5
8 changed files with 19 additions and 38 deletions
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@ -58,7 +58,6 @@ import net.corda.node.utilities.transaction
 import org.apache.activemq.artemis.utils.ReusableLatch
 import org.bouncycastle.asn1.x500.X500Name
 import org.bouncycastle.cert.X509CertificateHolder
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
 import org.jetbrains.exposed.sql.Database
 import org.slf4j.Logger
 import rx.Observable
@ -819,9 +818,8 @@ private class KeyStoreWrapper(private val storePath: Path, private val storePass
    }

    fun save(serviceName: X500Name, privateKeyAlias: String, keyPair: KeyPair) {
-        val converter = JcaX509CertificateConverter()
        val clientCA = keyStore.getCertificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA, storePassword)
-        val cert = converter.getCertificate(X509Utilities.createCertificate(CertificateType.IDENTITY, clientCA.certificate, clientCA.keyPair, serviceName, keyPair.public))
+        val cert = X509Utilities.createCertificate(CertificateType.IDENTITY, clientCA.certificate, clientCA.keyPair, serviceName, keyPair.public).cert
        keyStore.addOrReplaceKey(privateKeyAlias, keyPair.private, storePassword.toCharArray(), arrayOf(cert, *keyStore.getCertificateChain(X509Utilities.CORDA_CLIENT_CA)))
        keyStore.save(storePath, storePassword)
    }
--- a/node/src/main/kotlin/net/corda/node/services/identity/InMemoryIdentityService.kt
+++ b/node/src/main/kotlin/net/corda/node/services/identity/InMemoryIdentityService.kt
@ -2,6 +2,7 @@ package net.corda.node.services.identity

 import net.corda.core.contracts.PartyAndReference
 import net.corda.core.contracts.requireThat
+import net.corda.core.crypto.cert
 import net.corda.core.crypto.subject
 import net.corda.core.crypto.toStringShort
 import net.corda.core.identity.AbstractParty
@ -14,7 +15,6 @@ import net.corda.core.utilities.loggerFor
 import net.corda.core.utilities.trace
 import org.bouncycastle.asn1.x500.X500Name
 import org.bouncycastle.cert.X509CertificateHolder
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
 import java.security.InvalidAlgorithmParameterException
 import java.security.PublicKey
 import java.security.cert.*
@ -35,7 +35,7 @@ class InMemoryIdentityService(identities: Iterable<PartyAndCertificate>,
                              val trustRoot: X509Certificate?) : SingletonSerializeAsToken(), IdentityService {
    constructor(identities: Iterable<PartyAndCertificate> = emptySet(),
                certPaths: Map<AnonymousParty, CertPath> = emptyMap(),
-                trustRoot: X509CertificateHolder?) : this(identities, certPaths, trustRoot?.let { JcaX509CertificateConverter().getCertificate(it) })
+                trustRoot: X509CertificateHolder?) : this(identities, certPaths, trustRoot?.cert)
    companion object {
        private val log = loggerFor<InMemoryIdentityService>()
    }
@ -61,8 +61,7 @@ class InMemoryIdentityService(identities: Iterable<PartyAndCertificate>,
        } else {
            // TODO: We should always require a full chain back to a trust anchor, but until we have a network
            // trust anchor everywhere, this will have to do.
-            val converter = JcaX509CertificateConverter()
-            PKIXParameters(setOf(TrustAnchor(converter.getCertificate(party.certificate), null)))
+            PKIXParameters(setOf(TrustAnchor(party.certificate.cert, null)))
        }
        val validator = CertPathValidator.getInstance("PKIX")
        validatorParameters.isRevocationEnabled = false
@ -142,8 +141,7 @@ class InMemoryIdentityService(identities: Iterable<PartyAndCertificate>,
        } else {
            // TODO: We should always require a full chain back to a trust anchor, but until we have a network
            // trust anchor everywhere, this will have to do.
-            val converter = JcaX509CertificateConverter()
-            PKIXParameters(setOf(TrustAnchor(converter.getCertificate(fullParty.certificate), null)))
+            PKIXParameters(setOf(TrustAnchor(fullParty.certificate.cert, null)))
        }
        validatorParameters.isRevocationEnabled = false
        val result = validator.validate(path, validatorParameters) as PKIXCertPathValidatorResult
--- a/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelper.kt
@ -6,7 +6,6 @@ import net.corda.core.crypto.X509Utilities.CORDA_CLIENT_CA
 import net.corda.core.crypto.X509Utilities.CORDA_CLIENT_TLS
 import net.corda.core.crypto.X509Utilities.CORDA_ROOT_CA
 import net.corda.node.services.config.NodeConfiguration
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
 import org.bouncycastle.cert.path.CertPath
 import org.bouncycastle.openssl.jcajce.JcaPEMWriter
 import org.bouncycastle.util.io.pem.PemObject
@ -72,13 +71,12 @@ class NetworkRegistrationHelper(val config: NodeConfiguration, val certService:
            println("Node private key and certificate stored in ${config.nodeKeystore}.")

            println("Generating SSL certificate for node messaging service.")
-            val converter = JcaX509CertificateConverter()
            val sslKey = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
            val caCert = caKeyStore.getX509Certificate(CORDA_CLIENT_CA)
            val sslCert = X509Utilities.createCertificate(CertificateType.TLS, caCert, keyPair, caCert.subject, sslKey.public)
            val sslKeyStore = KeyStoreUtilities.loadOrCreateKeyStore(config.sslKeystore, keystorePassword)
            sslKeyStore.addOrReplaceKey(CORDA_CLIENT_TLS, sslKey.private, privateKeyPassword.toCharArray(),
-                    arrayOf(converter.getCertificate(sslCert), *certificates))
+                    arrayOf(sslCert.cert, *certificates))
            sslKeyStore.save(config.sslKeystore, config.keyStorePassword)
            println("SSL private key and certificate stored in ${config.sslKeystore}.")
            // All done, clean up temp files.
--- a/node/src/test/kotlin/net/corda/node/utilities/registration/NetworkisRegistrationHelperTest.kt
+++ b/node/src/test/kotlin/net/corda/node/utilities/registration/NetworkisRegistrationHelperTest.kt
@ -10,7 +10,6 @@ import net.corda.core.utilities.ALICE
 import net.corda.testing.TestNodeConfiguration
 import net.corda.testing.getTestX509Name
 import org.bouncycastle.cert.X509CertificateHolder
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
 import org.junit.Rule
 import org.junit.Test
 import org.junit.rules.TemporaryFolder
@ -31,9 +30,8 @@ class NetworkRegistrationHelperTest {
                "CORDA_INTERMEDIATE_CA",
                "CORDA_ROOT_CA")
                .map { getTestX509Name(it) }
-        val converter = JcaX509CertificateConverter()
        val certs = identities.stream().map { X509Utilities.createSelfSignedCACertificate(it, Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)) }
-                .map(converter::getCertificate).toTypedArray()
+                .map { it.cert }.toTypedArray()

        val certService: NetworkRegistrationService = mock {
            on { submitRequest(any()) }.then { id }