Backport [ENT-2817] (#4364)

2025-02-21 01:42:24 +00:00 · 2018-12-06 15:04:49 +00:00 · 2018-12-06 15:04:49 +00:00 · c46fde1133
commit c46fde1133
parent af1202ba79
2 changed files with 24 additions and 17 deletions
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@ -266,7 +266,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,

    private fun initKeyStores(): X509Certificate {
        if (configuration.devMode) {
-            configuration.configureWithDevSSLCertificate()
+            configuration.configureWithDevSSLCertificate(cryptoService)
            // configureWithDevSSLCertificate is a devMode process that writes directly to keystore files, so
            // we should re-synchronise BCCryptoService with the updated keystore file.
            if (cryptoService is BCCryptoService) {
--- a/node/src/main/kotlin/net/corda/node/services/config/ConfigUtilities.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/ConfigUtilities.kt
@ -8,11 +8,13 @@ import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.createDirectories
 import net.corda.core.internal.div
 import net.corda.core.internal.exists
+import net.corda.node.services.keys.cryptoservice.BCCryptoService
 import net.corda.nodeapi.internal.*
 import net.corda.nodeapi.internal.config.FileBasedCertificateStoreSupplier
 import net.corda.nodeapi.internal.config.MutualSslConfiguration
 import net.corda.nodeapi.internal.config.toProperties
 import net.corda.nodeapi.internal.crypto.X509KeyStore
+import net.corda.nodeapi.internal.cryptoservice.CryptoService
 import org.slf4j.LoggerFactory
 import java.nio.file.Path

@ -68,12 +70,10 @@ object ConfigHelper {
 * the CA certs in Node resources. Then provision KeyStores into certificates folder under node path.
 */
 // TODO Move this to KeyStoreConfigHelpers.
-// TODO consider taking CryptoService as an input.
-fun NodeConfiguration.configureWithDevSSLCertificate() = p2pSslOptions.configureDevKeyAndTrustStores(myLegalName, signingCertificateStore, certificatesDirectory)
+fun NodeConfiguration.configureWithDevSSLCertificate(cryptoService: CryptoService? = null) = p2pSslOptions.configureDevKeyAndTrustStores(myLegalName, signingCertificateStore, certificatesDirectory, cryptoService)

 // TODO Move this to KeyStoreConfigHelpers.
-fun MutualSslConfiguration.configureDevKeyAndTrustStores(myLegalName: CordaX500Name, signingCertificateStore: FileBasedCertificateStoreSupplier, certificatesDirectory: Path) {
-
+fun MutualSslConfiguration.configureDevKeyAndTrustStores(myLegalName: CordaX500Name, signingCertificateStore: FileBasedCertificateStoreSupplier, certificatesDirectory: Path, cryptoService: CryptoService? = null) {
    val specifiedTrustStore = trustStore.getOptional()

    val specifiedKeyStore = keyStore.getOptional()
@ -87,23 +87,30 @@ fun MutualSslConfiguration.configureDevKeyAndTrustStores(myLegalName: CordaX500N
    }

    if (specifiedKeyStore == null || specifiedSigningStore == null) {
-        val signingKeyStore = FileBasedCertificateStoreSupplier(signingCertificateStore.path, signingCertificateStore.storePassword, signingCertificateStore.entryPassword).get(true).also { it.registerDevSigningCertificates(myLegalName) }
+        FileBasedCertificateStoreSupplier(keyStore.path, keyStore.storePassword, keyStore.entryPassword).get(true)
+                .also { it.registerDevP2pCertificates(myLegalName) }
+        when (cryptoService) {
+            is BCCryptoService, null -> {
+                val signingKeyStore = FileBasedCertificateStoreSupplier(signingCertificateStore.path, signingCertificateStore.storePassword, signingCertificateStore.entryPassword).get(true)
+                        .also { it.registerDevSigningCertificates(myLegalName) }

-        FileBasedCertificateStoreSupplier(keyStore.path, keyStore.storePassword, keyStore.entryPassword).get(true).also { it.registerDevP2pCertificates(myLegalName) }
+                // Move distributed service composite key (generated by IdentityGenerator.generateToDisk) to keystore if exists.
+                val distributedServiceKeystore = certificatesDirectory / "distributedService.jks"
+                if (distributedServiceKeystore.exists()) {
+                    val serviceKeystore = X509KeyStore.fromFile(distributedServiceKeystore, DEV_CA_KEY_STORE_PASS)

-        // Move distributed service composite key (generated by IdentityGenerator.generateToDisk) to keystore if exists.
-        val distributedServiceKeystore = certificatesDirectory / "distributedService.jks"
-        if (distributedServiceKeystore.exists()) {
-            val serviceKeystore = X509KeyStore.fromFile(distributedServiceKeystore, DEV_CA_KEY_STORE_PASS)
-            signingKeyStore.update {
-                serviceKeystore.aliases().forEach {
-                    if (serviceKeystore.internal.isKeyEntry(it)) {
-                        setPrivateKey(it, serviceKeystore.getPrivateKey(it, DEV_CA_KEY_STORE_PASS), serviceKeystore.getCertificateChain(it), signingKeyStore.entryPassword)
-                    } else {
-                        setCertificate(it, serviceKeystore.getCertificate(it))
+                    signingKeyStore.update {
+                        serviceKeystore.aliases().forEach {
+                            if (serviceKeystore.internal.isKeyEntry(it)) {
+                                setPrivateKey(it, serviceKeystore.getPrivateKey(it, DEV_CA_KEY_STORE_PASS), serviceKeystore.getCertificateChain(it), signingKeyStore.entryPassword)
+                            } else {
+                                setCertificate(it, serviceKeystore.getCertificate(it))
+                            }
+                        }
                    }
                }
            }
+            else -> throw IllegalArgumentException("CryptoService not supported.")
        }
    }
 }