Backport [ENT-2817] (#4364)

node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt

@@ -266,7 +266,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
 
     private fun initKeyStores(): X509Certificate {
         if (configuration.devMode) {
-            configuration.configureWithDevSSLCertificate()
+            configuration.configureWithDevSSLCertificate(cryptoService)
             // configureWithDevSSLCertificate is a devMode process that writes directly to keystore files, so
             // we should re-synchronise BCCryptoService with the updated keystore file.
             if (cryptoService is BCCryptoService) {

node/src/main/kotlin/net/corda/node/services/config/ConfigUtilities.kt

@@ -8,11 +8,13 @@ import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.createDirectories
 import net.corda.core.internal.div
 import net.corda.core.internal.exists
+import net.corda.node.services.keys.cryptoservice.BCCryptoService
 import net.corda.nodeapi.internal.*
 import net.corda.nodeapi.internal.config.FileBasedCertificateStoreSupplier
 import net.corda.nodeapi.internal.config.MutualSslConfiguration
 import net.corda.nodeapi.internal.config.toProperties
 import net.corda.nodeapi.internal.crypto.X509KeyStore
+import net.corda.nodeapi.internal.cryptoservice.CryptoService
 import org.slf4j.LoggerFactory
 import java.nio.file.Path
 
@@ -68,12 +70,10 @@ object ConfigHelper {
  * the CA certs in Node resources. Then provision KeyStores into certificates folder under node path.
  */
 // TODO Move this to KeyStoreConfigHelpers.
-// TODO consider taking CryptoService as an input.
+fun NodeConfiguration.configureWithDevSSLCertificate(cryptoService: CryptoService? = null) = p2pSslOptions.configureDevKeyAndTrustStores(myLegalName, signingCertificateStore, certificatesDirectory, cryptoService)
-fun NodeConfiguration.configureWithDevSSLCertificate() = p2pSslOptions.configureDevKeyAndTrustStores(myLegalName, signingCertificateStore, certificatesDirectory)
 
 // TODO Move this to KeyStoreConfigHelpers.
-fun MutualSslConfiguration.configureDevKeyAndTrustStores(myLegalName: CordaX500Name, signingCertificateStore: FileBasedCertificateStoreSupplier, certificatesDirectory: Path) {
+fun MutualSslConfiguration.configureDevKeyAndTrustStores(myLegalName: CordaX500Name, signingCertificateStore: FileBasedCertificateStoreSupplier, certificatesDirectory: Path, cryptoService: CryptoService? = null) {
-
     val specifiedTrustStore = trustStore.getOptional()
 
     val specifiedKeyStore = keyStore.getOptional()
@@ -87,23 +87,30 @@ fun MutualSslConfiguration.configureDevKeyAndTrustStores(myLegalName: CordaX500N
     }
 
     if (specifiedKeyStore == null || specifiedSigningStore == null) {
-        val signingKeyStore = FileBasedCertificateStoreSupplier(signingCertificateStore.path, signingCertificateStore.storePassword, signingCertificateStore.entryPassword).get(true).also { it.registerDevSigningCertificates(myLegalName) }
+        FileBasedCertificateStoreSupplier(keyStore.path, keyStore.storePassword, keyStore.entryPassword).get(true)
+                .also { it.registerDevP2pCertificates(myLegalName) }
+        when (cryptoService) {
+            is BCCryptoService, null -> {
+                val signingKeyStore = FileBasedCertificateStoreSupplier(signingCertificateStore.path, signingCertificateStore.storePassword, signingCertificateStore.entryPassword).get(true)
+                        .also { it.registerDevSigningCertificates(myLegalName) }
 
-        FileBasedCertificateStoreSupplier(keyStore.path, keyStore.storePassword, keyStore.entryPassword).get(true).also { it.registerDevP2pCertificates(myLegalName) }
+                // Move distributed service composite key (generated by IdentityGenerator.generateToDisk) to keystore if exists.
+                val distributedServiceKeystore = certificatesDirectory / "distributedService.jks"
+                if (distributedServiceKeystore.exists()) {
+                    val serviceKeystore = X509KeyStore.fromFile(distributedServiceKeystore, DEV_CA_KEY_STORE_PASS)
 
-        // Move distributed service composite key (generated by IdentityGenerator.generateToDisk) to keystore if exists.
+                    signingKeyStore.update {
-        val distributedServiceKeystore = certificatesDirectory / "distributedService.jks"
+                        serviceKeystore.aliases().forEach {
-        if (distributedServiceKeystore.exists()) {
+                            if (serviceKeystore.internal.isKeyEntry(it)) {
-            val serviceKeystore = X509KeyStore.fromFile(distributedServiceKeystore, DEV_CA_KEY_STORE_PASS)
+                                setPrivateKey(it, serviceKeystore.getPrivateKey(it, DEV_CA_KEY_STORE_PASS), serviceKeystore.getCertificateChain(it), signingKeyStore.entryPassword)
-            signingKeyStore.update {
+                            } else {
-                serviceKeystore.aliases().forEach {
+                                setCertificate(it, serviceKeystore.getCertificate(it))
-                    if (serviceKeystore.internal.isKeyEntry(it)) {
+                            }
-                        setPrivateKey(it, serviceKeystore.getPrivateKey(it, DEV_CA_KEY_STORE_PASS), serviceKeystore.getCertificateChain(it), signingKeyStore.entryPassword)
+                        }
-                    } else {
-                        setCertificate(it, serviceKeystore.getCertificate(it))
                     }
                 }
             }
+            else -> throw IllegalArgumentException("CryptoService not supported.")
         }
     }
 }