Merge fixup

2025-05-09 12:02:56 +00:00 · 2025-03-14 10:28:00 +00:00 · 2025-03-14 10:28:00 +00:00 · c1b718202c
commit c1b718202c
parent 91da445d99
1 changed files with 10 additions and 28 deletions
--- a/node/src/main/kotlin/net/corda/node/services/messaging/ArtemisMessagingServer.kt
+++ b/node/src/main/kotlin/net/corda/node/services/messaging/ArtemisMessagingServer.kt
@ -6,7 +6,6 @@ import net.corda.core.serialization.SingletonSerializeAsToken
 import net.corda.core.utilities.NetworkHostAndPort
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
-import net.corda.ext.internal.rpc.security.RPCSecurityManager
 import net.corda.node.internal.artemis.ArtemisBroker
 import net.corda.node.internal.artemis.BrokerAddresses
 import net.corda.node.internal.artemis.BrokerJaasLoginModule
@ -14,19 +13,12 @@ import net.corda.node.internal.artemis.BrokerJaasLoginModule.Companion.NODE_P2P_
 import net.corda.node.internal.artemis.BrokerJaasLoginModule.Companion.NODE_SECURITY_CONFIG
 import net.corda.node.internal.artemis.BrokerJaasLoginModule.Companion.P2P_SECURITY_CONFIG
 import net.corda.node.internal.artemis.BrokerJaasLoginModule.Companion.PEER_ROLE
-import net.corda.node.internal.artemis.BrokerJaasLoginModule.Companion.RPC_SECURITY_CONFIG
 import net.corda.node.internal.artemis.NodeJaasConfig
 import net.corda.node.internal.artemis.P2PJaasConfig
-import net.corda.node.internal.artemis.RPCJaasConfig
 import net.corda.node.internal.artemis.SecureArtemisConfiguration
 import net.corda.node.internal.artemis.UserValidationPlugin
 import net.corda.node.internal.artemis.isBindingError
 import net.corda.node.services.config.NodeConfiguration
-import net.corda.node.services.config.p2pArtemisSslOptions
-import net.corda.node.services.config.shell.INTERNAL_SHELL_USER
-import net.corda.node.services.config.shouldStartLocalShell
-import net.corda.node.services.config.useArtemisSslConfig
-import net.corda.node.services.rpc.RolesAdderOnLogin
 import net.corda.node.services.rpc.RpcBrokerConfiguration.Companion.queueConfigurations
 import net.corda.node.utilities.artemis.startSynchronously
 import net.corda.nodeapi.RPCApi
@ -84,7 +76,6 @@ class ArtemisMessagingServer(
        private val distPointCrlSource: CertDistPointCrlSource = CertDistPointCrlSource.SINGLETON,
        private val remotingThreads: Int? = null,
        private val rpcAddresses: BrokerAddresses? = null,
-        val rpcSecurityManager: RPCSecurityManager? = null,
        val rpcSslOptions: MutualSslConfiguration? = null,
 ) : ArtemisBroker, SingletonSerializeAsToken() {
    companion object {
@ -112,7 +103,6 @@ class ArtemisMessagingServer(

    override fun stop() = mutex.locked {
        activeMQServer.stop()
-        rpcSecurityManager?.close()
        running = false
    }

@ -124,7 +114,7 @@ class ArtemisMessagingServer(
    @Suppress("ThrowsCount", "NestedBlockDepth")
    private fun configureAndStartServer() {
        val artemisConfig = createArtemisConfig()
-        val securityManager = createArtemisSecurityManager(artemisConfig.loginListener)
+        val securityManager = createArtemisSecurityManager()
        activeMQServer = ActiveMQServerImpl(artemisConfig, securityManager).apply {
            // Some types of queue might need special preparation on our side, like dialling back or preparing
            // a lazily initialised subsystem.
@ -154,13 +144,8 @@ class ArtemisMessagingServer(
        log.info("P2P messaging server listening on $messagingServerAddress")
    }

-    internal abstract class P2PBrokerConfig : SecureArtemisConfiguration() {
-        abstract val loginListener: (String) -> Unit
-    }
-
    @Suppress("ComplexMethod", "MagicNumber")
-    private fun createArtemisConfig() = object : P2PBrokerConfig() {
-        override val loginListener: (String) -> Unit
+    private fun createArtemisConfig() = object : SecureArtemisConfiguration() {

        init {
            name = if (rpcAddresses != null) "P2PAndRPC" else "P2P"
@ -179,13 +164,13 @@ class ArtemisMessagingServer(
                RevocationConfig.Mode.OFF
            }
            val trustManagerFactory = trustManagerFactoryWithRevocation(
-                    config.p2pArtemisSslOptions().trustStore.get(),
+                    config.p2pSslOptions.trustStore.get(),
                    RevocationConfigImpl(revocationMode),
                    distPointCrlSource
            )
            addAcceptorConfiguration(p2pAcceptorTcpTransport(
                    NetworkHostAndPort(messagingServerAddress.host, messagingServerAddress.port),
-                    config.p2pArtemisSslOptions(),
+                    config.p2pSslOptions,
                    trustManagerFactory,
                    threadPoolName = threadPoolName,
                    trace = trace,
@ -228,7 +213,7 @@ class ArtemisMessagingServer(
     * 3. RPC users. These are only given sufficient access to perform RPC with us.
     * 4. Verifiers. These are given read access to the verification request queue and write access to the response queue.
     */
-    private fun P2PBrokerConfig.configureAddressSecurity(): P2PBrokerConfig {
+    private fun SecureArtemisConfiguration.configureAddressSecurity(): SecureArtemisConfiguration {
        val nodeInternalP2PRole = Role(NODE_P2P_ROLE, true, true, true, true, true, true, true, true, true, true, false, false)
        securityRoles["$P2P_PREFIX#"] = setOf(nodeInternalP2PRole, restrictedRole(PEER_ROLE, send = true))
        if (rpcAddresses != null) {
@ -249,9 +234,9 @@ class ArtemisMessagingServer(
                deleteNonDurableQueue, manage, browse, createDurableQueue || createNonDurableQueue, deleteDurableQueue || deleteNonDurableQueue, false, false)
    }

-    private fun createArtemisSecurityManager(loginListener: (String) -> Unit): ActiveMQJAASSecurityManager {
-        val keyStore = config.p2pArtemisSslOptions().keyStore.get().value.internal
-        val trustStore = config.p2pArtemisSslOptions().trustStore.get().value.internal
+    private fun createArtemisSecurityManager(): ActiveMQJAASSecurityManager {
+        val keyStore = config.p2pSslOptions.keyStore.get().value.internal
+        val trustStore = config.p2pSslOptions.trustStore.get().value.internal
        val revocationMode = when {
            config.crlCheckArtemisServer && config.crlCheckSoftFail -> RevocationConfig.Mode.SOFT_FAIL
            config.crlCheckArtemisServer && !config.crlCheckSoftFail -> RevocationConfig.Mode.HARD_FAIL
@ -262,12 +247,9 @@ class ArtemisMessagingServer(
            // Override to make it work with our login module
            override fun getAppConfigurationEntry(name: String): Array<AppConfigurationEntry> {
                val options = mapOf(
-                        BrokerJaasLoginModule.P2P_SECURITY_CONFIG to P2PJaasConfig(keyStore, trustStore, revocationMode),
-                        BrokerJaasLoginModule.NODE_SECURITY_CONFIG to NodeJaasConfig(keyStore, trustStore)
+                        P2P_SECURITY_CONFIG to P2PJaasConfig(keyStore, trustStore, revocationMode),
+                        NODE_SECURITY_CONFIG to NodeJaasConfig(keyStore, trustStore)
                )
-                if (rpcSecurityManager != null) {
-                    options[RPC_SECURITY_CONFIG] = RPCJaasConfig(rpcSecurityManager, loginListener, config.rpcOptions.useSsl)
-                }
                return arrayOf(AppConfigurationEntry(name, REQUIRED, options))
            }
        }