ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-06 01:11:45 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ENT-3142: net-params signing tool: include certificate path in signature (#5165)

Browse Source
This commit is contained in:
James Brown 2019-06-21 16:39:33 +01:00 committed by Shams Asari
parent 0cd57c81bc
commit ae877f87ba
2 changed files with 40 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/src/main/kotlin/net/corda/core/internal/InternalUtils.kt
View File

@ -493,6 +493,13 @@ fun <T : Any> T.signWithCert(privateKey: PrivateKey, certificate: X509Certificat
} }
} }
@DeleteForDJVM
fun <T : Any> T.signWithCertPath(privateKey: PrivateKey, certPath: List<X509Certificate>): SignedDataWithCert<T> {
return signWithCert {
val signature = Crypto.doSign(privateKey, it.bytes)
DigitalSignatureWithCert(certPath.first(), certPath.takeLast(certPath.size - 1), signature)
}
}
@DeleteForDJVM @DeleteForDJVM
inline fun <T : Any> SerializedBytes<T>.sign(signer: (SerializedBytes<T>) -> DigitalSignature.WithKey): SignedData<T> { inline fun <T : Any> SerializedBytes<T>.sign(signer: (SerializedBytes<T>) -> DigitalSignature.WithKey): SignedData<T> {
return SignedData(this, signer(this)) return SignedData(this, signer(this))

32
experimental/netparams/src/main/kotlin/net.corda.netparams/NetParams.kt → experimental/netparams/src/main/kotlin/net/corda/netparams/NetParams.kt
View File

@ -5,6 +5,7 @@ import com.typesafe.config.ConfigFactory
import com.typesafe.config.ConfigParseOptions import com.typesafe.config.ConfigParseOptions
import net.corda.cliutils.CordaCliWrapper import net.corda.cliutils.CordaCliWrapper
import net.corda.cliutils.start import net.corda.cliutils.start
import net.corda.core.crypto.Crypto
import net.corda.core.identity.Party import net.corda.core.identity.Party
import net.corda.core.internal.* import net.corda.core.internal.*
import net.corda.core.node.NetworkParameters import net.corda.core.node.NetworkParameters
@ -17,6 +18,7 @@ import net.corda.core.serialization.internal.nodeSerializationEnv
import net.corda.core.serialization.serialize import net.corda.core.serialization.serialize
import net.corda.nodeapi.internal.SignedNodeInfo import net.corda.nodeapi.internal.SignedNodeInfo
import net.corda.nodeapi.internal.createDevNetworkMapCa import net.corda.nodeapi.internal.createDevNetworkMapCa
import net.corda.nodeapi.internal.crypto.CertificateAndKeyPair
import net.corda.nodeapi.internal.crypto.X509KeyStore import net.corda.nodeapi.internal.crypto.X509KeyStore
import net.corda.serialization.internal.* import net.corda.serialization.internal.*
import net.corda.serialization.internal.amqp.* import net.corda.serialization.internal.amqp.*
@ -24,6 +26,8 @@ import picocli.CommandLine.*
import java.io.File import java.io.File
import java.nio.file.Path import java.nio.file.Path
import java.nio.file.StandardCopyOption import java.nio.file.StandardCopyOption
import java.security.KeyPair
import java.security.cert.X509Certificate
import java.time.Instant import java.time.Instant
/** /**
@ -126,6 +130,11 @@ class NetParamsSigner : CordaCliWrapper("netparams-signer", "Sign network parame
AMQP_P2P_CONTEXT) AMQP_P2P_CONTEXT)
} }
class CertificatePathAndKeyPair(val certPath: List<X509Certificate>, private val certificateAndKeyPair: CertificateAndKeyPair) {
val keyPair: KeyPair
get() = certificateAndKeyPair.keyPair
}
override fun runProgram(): Int { override fun runProgram(): Int {
require(configFile != null) { "The --config parameter must be specified" } require(configFile != null) { "The --config parameter must be specified" }
@ -158,21 +167,23 @@ class NetParamsSigner : CordaCliWrapper("netparams-signer", "Sign network parame
keyPass = getInput("Key password (${keyAlias}): ") keyPass = getInput("Key password (${keyAlias}): ")
val keyStore = X509KeyStore.fromFile(keyStorePath!!, keyStorePass!!) val keyStore = X509KeyStore.fromFile(keyStorePath!!, keyStorePass!!)
keyStore.getCertificateAndKeyPair(keyAlias!!, keyPass!!) val signingKey = keyStore.getCertificateAndKeyPair(keyAlias!!, keyPass!!)
} val x509Chain = keyStore.getCertificateChain(keyAlias!!)
else {
CertificatePathAndKeyPair(x509Chain, signingKey)
} else {
// issue from the development root // issue from the development root
createDevNetworkMapCa() CertificatePathAndKeyPair(emptyList(), createDevNetworkMapCa())
} }
// sign & serialise // sign and include the certificate path
val serializedSignedNetParams = signingkey.sign(networkParameters).serialize() val signedNetParams = networkParameters.signWithCertPath(signingkey.keyPair.private, signingkey.certPath)
if (outputFile != null) { if (outputFile != null) {
print("\nWriting: " + outputFile) print("\nWriting: " + outputFile)
serializedSignedNetParams.open().copyTo(outputFile!!, StandardCopyOption.REPLACE_EXISTING) val ssnp = signedNetParams.serialize()
} ssnp.open().copyTo(outputFile!!, StandardCopyOption.REPLACE_EXISTING)
else { } else {
print("\nUse --output to write results") print("\nUse --output to write results")
} }
@ -187,8 +198,7 @@ class NetParamsSigner : CordaCliWrapper("netparams-signer", "Sign network parame
fun identityFromNodeInfoPath(nodeInfoPath: File): Party { fun identityFromNodeInfoPath(nodeInfoPath: File): Party {
val serializedNodeInfo = SerializedBytes<SignedNodeInfo>(nodeInfoPath.toPath().readAll()) val signedNodeInfo = nodeInfoPath.toPath().readObject<SignedNodeInfo>()
val signedNodeInfo = serializedNodeInfo.deserialize()
val nodeInfo = signedNodeInfo.verified() val nodeInfo = signedNodeInfo.verified()
return nodeInfo.legalIdentities.last() return nodeInfo.legalIdentities.last()