mirror of
https://github.com/corda/corda.git
synced 2025-02-06 11:09:18 +00:00
ENT-1323 Network map service to check all identities in submitted node info (#499)
* ENT-1323 Network map service to check all identities in submitted node info * fixup after rebase * address PR issues, refactored createValidNodeInfo * address PR issues (cherry picked from commit f9ed55b)
This commit is contained in:
Patrick Kuo
parent
72bd530b11
commit
b5f304a104
@ -31,23 +31,23 @@ class SignedNodeInfoTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
fun `verifying single identity`() {
|
fun `verifying single identity`() {
|
||||||
nodeInfoBuilder.addIdentity(ALICE_NAME)
|
nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||||
val (nodeInfo, signedNodeInfo) = nodeInfoBuilder.buildWithSigned()
|
val (nodeInfo, signedNodeInfo) = nodeInfoBuilder.buildWithSigned()
|
||||||
assertThat(signedNodeInfo.verified()).isEqualTo(nodeInfo)
|
assertThat(signedNodeInfo.verified()).isEqualTo(nodeInfo)
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
fun `verifying multiple identities`() {
|
fun `verifying multiple identities`() {
|
||||||
nodeInfoBuilder.addIdentity(ALICE_NAME)
|
nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||||
nodeInfoBuilder.addIdentity(BOB_NAME)
|
nodeInfoBuilder.addLegalIdentity(BOB_NAME)
|
||||||
val (nodeInfo, signedNodeInfo) = nodeInfoBuilder.buildWithSigned()
|
val (nodeInfo, signedNodeInfo) = nodeInfoBuilder.buildWithSigned()
|
||||||
assertThat(signedNodeInfo.verified()).isEqualTo(nodeInfo)
|
assertThat(signedNodeInfo.verified()).isEqualTo(nodeInfo)
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
fun `verifying missing signature`() {
|
fun `verifying missing signature`() {
|
||||||
val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
|
val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||||
nodeInfoBuilder.addIdentity(BOB_NAME)
|
nodeInfoBuilder.addLegalIdentity(BOB_NAME)
|
||||||
val nodeInfo = nodeInfoBuilder.build()
|
val nodeInfo = nodeInfoBuilder.build()
|
||||||
val signedNodeInfo = nodeInfo.signWith(listOf(aliceKey))
|
val signedNodeInfo = nodeInfo.signWith(listOf(aliceKey))
|
||||||
assertThatThrownBy { signedNodeInfo.verified() }
|
assertThatThrownBy { signedNodeInfo.verified() }
|
||||||
@ -70,7 +70,7 @@ class SignedNodeInfoTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
fun `verifying extra signature`() {
|
fun `verifying extra signature`() {
|
||||||
val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
|
val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||||
val nodeInfo = nodeInfoBuilder.build()
|
val nodeInfo = nodeInfoBuilder.build()
|
||||||
val signedNodeInfo = nodeInfo.signWith(listOf(aliceKey, generateKeyPair().private))
|
val signedNodeInfo = nodeInfo.signWith(listOf(aliceKey, generateKeyPair().private))
|
||||||
assertThatThrownBy { signedNodeInfo.verified() }
|
assertThatThrownBy { signedNodeInfo.verified() }
|
||||||
@ -80,7 +80,7 @@ class SignedNodeInfoTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
fun `verifying incorrect signature`() {
|
fun `verifying incorrect signature`() {
|
||||||
nodeInfoBuilder.addIdentity(ALICE_NAME)
|
nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||||
val nodeInfo = nodeInfoBuilder.build()
|
val nodeInfo = nodeInfoBuilder.build()
|
||||||
val signedNodeInfo = nodeInfo.signWith(listOf(generateKeyPair().private))
|
val signedNodeInfo = nodeInfo.signWith(listOf(generateKeyPair().private))
|
||||||
assertThatThrownBy { signedNodeInfo.verified() }
|
assertThatThrownBy { signedNodeInfo.verified() }
|
||||||
@ -90,8 +90,8 @@ class SignedNodeInfoTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
fun `verifying with signatures in wrong order`() {
|
fun `verifying with signatures in wrong order`() {
|
||||||
val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
|
val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||||
val (_, bobKey) = nodeInfoBuilder.addIdentity(BOB_NAME)
|
val (_, bobKey) = nodeInfoBuilder.addLegalIdentity(BOB_NAME)
|
||||||
val nodeInfo = nodeInfoBuilder.build()
|
val nodeInfo = nodeInfoBuilder.build()
|
||||||
val signedNodeInfo = nodeInfo.signWith(listOf(bobKey, aliceKey))
|
val signedNodeInfo = nodeInfo.signWith(listOf(bobKey, aliceKey))
|
||||||
assertThatThrownBy { signedNodeInfo.verified() }
|
assertThatThrownBy { signedNodeInfo.verified() }
|
||||||
|
|||||||
@ -73,8 +73,8 @@ class NetworkMapClientTest {
|
|||||||
@Test
|
@Test
|
||||||
fun `errors return a meaningful error message`() {
|
fun `errors return a meaningful error message`() {
|
||||||
val nodeInfoBuilder = TestNodeInfoBuilder()
|
val nodeInfoBuilder = TestNodeInfoBuilder()
|
||||||
val (_, aliceKey) = nodeInfoBuilder.addIdentity(ALICE_NAME)
|
val (_, aliceKey) = nodeInfoBuilder.addLegalIdentity(ALICE_NAME)
|
||||||
nodeInfoBuilder.addIdentity(BOB_NAME)
|
nodeInfoBuilder.addLegalIdentity(BOB_NAME)
|
||||||
val nodeInfo3 = nodeInfoBuilder.build()
|
val nodeInfo3 = nodeInfoBuilder.build()
|
||||||
val signedNodeInfo3 = nodeInfo3.signWith(listOf(aliceKey))
|
val signedNodeInfo3 = nodeInfo3.signWith(listOf(aliceKey))
|
||||||
|
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import java.security.cert.X509Certificate
|
|||||||
class TestNodeInfoBuilder(private val intermediateAndRoot: Pair<CertificateAndKeyPair, X509Certificate> = DEV_INTERMEDIATE_CA to DEV_ROOT_CA.certificate) {
|
class TestNodeInfoBuilder(private val intermediateAndRoot: Pair<CertificateAndKeyPair, X509Certificate> = DEV_INTERMEDIATE_CA to DEV_ROOT_CA.certificate) {
|
||||||
private val identitiesAndPrivateKeys = ArrayList<Pair<PartyAndCertificate, PrivateKey>>()
|
private val identitiesAndPrivateKeys = ArrayList<Pair<PartyAndCertificate, PrivateKey>>()
|
||||||
|
|
||||||
fun addIdentity(name: CordaX500Name, nodeKeyPair: KeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)): Pair<PartyAndCertificate, PrivateKey> {
|
fun addLegalIdentity(name: CordaX500Name, nodeKeyPair: KeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)): Pair<PartyAndCertificate, PrivateKey> {
|
||||||
val nodeCertificateAndKeyPair = createDevNodeCa(intermediateAndRoot.first, name, nodeKeyPair)
|
val nodeCertificateAndKeyPair = createDevNodeCa(intermediateAndRoot.first, name, nodeKeyPair)
|
||||||
val identityKeyPair = Crypto.generateKeyPair()
|
val identityKeyPair = Crypto.generateKeyPair()
|
||||||
val identityCert = X509Utilities.createCertificate(
|
val identityCert = X509Utilities.createCertificate(
|
||||||
@ -29,12 +29,35 @@ class TestNodeInfoBuilder(private val intermediateAndRoot: Pair<CertificateAndKe
|
|||||||
nodeCertificateAndKeyPair.keyPair,
|
nodeCertificateAndKeyPair.keyPair,
|
||||||
nodeCertificateAndKeyPair.certificate.subjectX500Principal,
|
nodeCertificateAndKeyPair.certificate.subjectX500Principal,
|
||||||
identityKeyPair.public)
|
identityKeyPair.public)
|
||||||
val certPath = X509Utilities.buildCertPath(
|
|
||||||
identityCert,
|
val certs = arrayOf(identityCert, nodeCertificateAndKeyPair.certificate)
|
||||||
nodeCertificateAndKeyPair.certificate,
|
val key = identityKeyPair.private
|
||||||
|
|
||||||
|
val certPath = X509Utilities.buildCertPath(*certs,
|
||||||
intermediateAndRoot.first.certificate,
|
intermediateAndRoot.first.certificate,
|
||||||
intermediateAndRoot.second)
|
intermediateAndRoot.second)
|
||||||
return Pair(PartyAndCertificate(certPath), identityKeyPair.private).also {
|
|
||||||
|
return Pair(PartyAndCertificate(certPath), key).also {
|
||||||
|
identitiesAndPrivateKeys += it
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fun addServiceIdentity(name: CordaX500Name, nodeKeyPair: KeyPair = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)): Pair<PartyAndCertificate, PrivateKey> {
|
||||||
|
val serviceCert = X509Utilities.createCertificate(
|
||||||
|
CertificateType.SERVICE_IDENTITY,
|
||||||
|
intermediateAndRoot.first.certificate,
|
||||||
|
intermediateAndRoot.first.keyPair,
|
||||||
|
name.x500Principal,
|
||||||
|
nodeKeyPair.public)
|
||||||
|
|
||||||
|
val certs = arrayOf(serviceCert)
|
||||||
|
val key = nodeKeyPair.private
|
||||||
|
|
||||||
|
val certPath = X509Utilities.buildCertPath(*certs,
|
||||||
|
intermediateAndRoot.first.certificate,
|
||||||
|
intermediateAndRoot.second)
|
||||||
|
|
||||||
|
return Pair(PartyAndCertificate(certPath), key).also {
|
||||||
identitiesAndPrivateKeys += it
|
identitiesAndPrivateKeys += it
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -62,7 +85,7 @@ class TestNodeInfoBuilder(private val intermediateAndRoot: Pair<CertificateAndKe
|
|||||||
|
|
||||||
fun createNodeInfoAndSigned(vararg names: CordaX500Name, serial: Long = 1, platformVersion: Int = 1): NodeInfoAndSigned {
|
fun createNodeInfoAndSigned(vararg names: CordaX500Name, serial: Long = 1, platformVersion: Int = 1): NodeInfoAndSigned {
|
||||||
val nodeInfoBuilder = TestNodeInfoBuilder()
|
val nodeInfoBuilder = TestNodeInfoBuilder()
|
||||||
names.forEach { nodeInfoBuilder.addIdentity(it) }
|
names.forEach { nodeInfoBuilder.addLegalIdentity(it) }
|
||||||
return nodeInfoBuilder.buildWithSigned(serial, platformVersion)
|
return nodeInfoBuilder.buildWithSigned(serial, platformVersion)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user