From af21f6065dcce1f3fff9bef3bd0fa50fc33bf9da Mon Sep 17 00:00:00 2001 From: Michal Kit Date: Thu, 18 Jan 2018 11:15:11 +0000 Subject: [PATCH] Fixing missing certificate (#373) * Fixing missing certificate * Addressing review comments --- .../networkmanage/hsm/signer/HsmCsrSigner.kt | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/signer/HsmCsrSigner.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/signer/HsmCsrSigner.kt index 916e4f9042..4d6cd46fb9 100644 --- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/signer/HsmCsrSigner.kt +++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/signer/HsmCsrSigner.kt @@ -12,9 +12,9 @@ import com.r3.corda.networkmanage.hsm.utils.X509Utilities.retrieveCertificateAnd * Encapsulates certificate signing logic */ class HsmCsrSigner(private val storage: SignedCertificateRequestStorage, - private val caCertificateName: String, - private val caPrivateKeyPass: String?, - private val caParentCertificateName: String, + private val intermediateCertAlias: String, + private val intermediateCertPrivateKeyPass: String?, + private val rootCertAlias: String, private val validDays: Int, private val authenticator: Authenticator) : CertificateSigningRequestSigner { @@ -33,11 +33,14 @@ class HsmCsrSigner(private val storage: SignedCertificateRequestStorage, val keyStore = getAndInitializeKeyStore(provider) // This should be changed once we allow for more certificates in the chain. Preferably we should use // keyStore.getCertificateChain(String) and assume entire chain is stored in the HSM (depending on the support). - val caParentCertificate = keyStore.getCertificate(caParentCertificateName) - val caPrivateKeyPass = caPrivateKeyPass ?: authenticator.readPassword("CA Private Key Password: ") - val caCertAndKey = retrieveCertificateAndKeys(caCertificateName, caPrivateKeyPass, keyStore) + val rootCert = keyStore.getCertificate(rootCertAlias) + val intermediatePrivateKeyPass = intermediateCertPrivateKeyPass ?: authenticator.readPassword("CA Private Key Password: ") + val intermediateCertAndKey = retrieveCertificateAndKeys(intermediateCertAlias, intermediatePrivateKeyPass, keyStore) toSign.forEach { - it.certPath = buildCertPath(createClientCertificate(caCertAndKey, it.request, validDays, provider), caParentCertificate) + it.certPath = buildCertPath( + createClientCertificate(intermediateCertAndKey, it.request, validDays, provider), + intermediateCertAndKey.certificate, + rootCert) } storage.store(toSign, signers) println("The following certificates have been signed by $signers:")