ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-01-16 09:50:11 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fixing missing certificate (#373)

Browse Source 
* Fixing missing certificate

* Addressing review comments
This commit is contained in:
Michal Kit 2018-01-18 11:15:11 +00:00 committed by GitHub
parent 7bd2210d2f
commit af21f6065d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/signer/HsmCsrSigner.kt
View File

@ -12,9 +12,9 @@ import com.r3.corda.networkmanage.hsm.utils.X509Utilities.retrieveCertificateAnd
* Encapsulates certificate signing logic * Encapsulates certificate signing logic
*/ */
class HsmCsrSigner(private val storage: SignedCertificateRequestStorage, class HsmCsrSigner(private val storage: SignedCertificateRequestStorage,
private val caCertificateName: String, private val intermediateCertAlias: String,
private val caPrivateKeyPass: String?, private val intermediateCertPrivateKeyPass: String?,
private val caParentCertificateName: String, private val rootCertAlias: String,
private val validDays: Int, private val validDays: Int,
private val authenticator: Authenticator) : CertificateSigningRequestSigner { private val authenticator: Authenticator) : CertificateSigningRequestSigner {
@ -33,11 +33,14 @@ class HsmCsrSigner(private val storage: SignedCertificateRequestStorage,
val keyStore = getAndInitializeKeyStore(provider) val keyStore = getAndInitializeKeyStore(provider)
// This should be changed once we allow for more certificates in the chain. Preferably we should use // This should be changed once we allow for more certificates in the chain. Preferably we should use
// keyStore.getCertificateChain(String) and assume entire chain is stored in the HSM (depending on the support). // keyStore.getCertificateChain(String) and assume entire chain is stored in the HSM (depending on the support).
val caParentCertificate = keyStore.getCertificate(caParentCertificateName) val rootCert = keyStore.getCertificate(rootCertAlias)
val caPrivateKeyPass = caPrivateKeyPass ?: authenticator.readPassword("CA Private Key Password: ") val intermediatePrivateKeyPass = intermediateCertPrivateKeyPass ?: authenticator.readPassword("CA Private Key Password: ")
val caCertAndKey = retrieveCertificateAndKeys(caCertificateName, caPrivateKeyPass, keyStore) val intermediateCertAndKey = retrieveCertificateAndKeys(intermediateCertAlias, intermediatePrivateKeyPass, keyStore)
toSign.forEach { toSign.forEach {
it.certPath = buildCertPath(createClientCertificate(caCertAndKey, it.request, validDays, provider), caParentCertificate) it.certPath = buildCertPath(
createClientCertificate(intermediateCertAndKey, it.request, validDays, provider),
intermediateCertAndKey.certificate,
rootCert)
} }
storage.store(toSign, signers) storage.store(toSign, signers)
println("The following certificates have been signed by $signers:") println("The following certificates have been signed by $signers:")