mirror of
https://github.com/corda/corda.git
synced 2025-01-13 16:30:25 +00:00
Fixing CRR signing execution mode (#677)
* Fixing CRR signing execution mode * Addressing review comments
This commit is contained in:
parent
ed7e9e64cf
commit
c4df6b0c85
@ -34,7 +34,7 @@ Allowed parameters are:
|
|||||||
|
|
||||||
:dataSourceProperties: Data source properties. It should describe (or point to) the Doorman database.
|
:dataSourceProperties: Data source properties. It should describe (or point to) the Doorman database.
|
||||||
|
|
||||||
:doorman: CSR signing process configuration parameters. If specified, the signing service will sign approved CSRs.
|
:doorman: CSR signing process configuration parameters. If specified, the signing service will sign CRL or approved CSRs depending on the operating mode defined in the mode parameter.
|
||||||
|
|
||||||
:validDays: Number of days issued signatures are valid for.
|
:validDays: Number of days issued signatures are valid for.
|
||||||
|
|
||||||
@ -44,6 +44,12 @@ Allowed parameters are:
|
|||||||
|
|
||||||
:keyGroup: HSM key group for the doorman certificate key. This parameter is vendor specific (see Utimaco docs).
|
:keyGroup: HSM key group for the doorman certificate key. This parameter is vendor specific (see Utimaco docs).
|
||||||
|
|
||||||
|
:mode: Manual HSM signing mode. Allowed values:
|
||||||
|
|
||||||
|
:CSR: Run the signing service for the certificate signing requests.
|
||||||
|
|
||||||
|
:CRL: Run the signing service for the certificate revocation list.
|
||||||
|
|
||||||
:crlDistributionPoint: Certificate revocation list location for the node CA certificate.
|
:crlDistributionPoint: Certificate revocation list location for the node CA certificate.
|
||||||
|
|
||||||
:crlServerSocketAddress: Address of the socket connection serving the certificate revocation list.
|
:crlServerSocketAddress: Address of the socket connection serving the certificate revocation list.
|
||||||
|
@ -7,6 +7,7 @@ doorman {
|
|||||||
crlServerSocketAddress = "test.com:2333"
|
crlServerSocketAddress = "test.com:2333"
|
||||||
crlUpdatePeriod = 200000
|
crlUpdatePeriod = 200000
|
||||||
validDays = 3650
|
validDays = 3650
|
||||||
|
mode = CSR
|
||||||
rootKeyStoreFile = "dummyfile.jks"
|
rootKeyStoreFile = "dummyfile.jks"
|
||||||
rootKeyStorePassword = "trustpass"
|
rootKeyStorePassword = "trustpass"
|
||||||
keyGroup = "DEV.CORDACONNECT.OPS.CERT"
|
keyGroup = "DEV.CORDACONNECT.OPS.CERT"
|
||||||
|
@ -15,10 +15,7 @@ import com.nhaarman.mockito_kotlin.mock
|
|||||||
import com.nhaarman.mockito_kotlin.whenever
|
import com.nhaarman.mockito_kotlin.whenever
|
||||||
import com.r3.corda.networkmanage.HsmSimulator
|
import com.r3.corda.networkmanage.HsmSimulator
|
||||||
import com.r3.corda.networkmanage.hsm.authentication.InputReader
|
import com.r3.corda.networkmanage.hsm.authentication.InputReader
|
||||||
import com.r3.corda.networkmanage.hsm.configuration.AuthParametersConfig
|
import com.r3.corda.networkmanage.hsm.configuration.*
|
||||||
import com.r3.corda.networkmanage.hsm.configuration.DoormanCertificateConfig
|
|
||||||
import com.r3.corda.networkmanage.hsm.configuration.NetworkMapCertificateConfig
|
|
||||||
import com.r3.corda.networkmanage.hsm.configuration.SigningServiceConfig
|
|
||||||
import com.r3.corda.networkmanage.hsm.generator.CertificateConfiguration
|
import com.r3.corda.networkmanage.hsm.generator.CertificateConfiguration
|
||||||
import com.r3.corda.networkmanage.hsm.generator.GeneratorParameters
|
import com.r3.corda.networkmanage.hsm.generator.GeneratorParameters
|
||||||
import com.r3.corda.networkmanage.hsm.generator.UserAuthenticationParameters
|
import com.r3.corda.networkmanage.hsm.generator.UserAuthenticationParameters
|
||||||
@ -149,6 +146,7 @@ abstract class HsmBaseTest {
|
|||||||
crlDistributionPoint = URL("http://test.com/revoked.crl"),
|
crlDistributionPoint = URL("http://test.com/revoked.crl"),
|
||||||
crlServerSocketAddress = NetworkHostAndPort("test.com", 4555),
|
crlServerSocketAddress = NetworkHostAndPort("test.com", 4555),
|
||||||
crlUpdatePeriod = 1000,
|
crlUpdatePeriod = 1000,
|
||||||
|
mode = ManualMode.CSR,
|
||||||
authParameters = AuthParametersConfig(
|
authParameters = AuthParametersConfig(
|
||||||
mode = SigningServiceAuthMode.PASSWORD,
|
mode = SigningServiceAuthMode.PASSWORD,
|
||||||
threshold = 2
|
threshold = 2
|
||||||
@ -165,7 +163,6 @@ abstract class HsmBaseTest {
|
|||||||
password = "INTEGRATION_TEST",
|
password = "INTEGRATION_TEST",
|
||||||
threshold = 2
|
threshold = 2
|
||||||
)
|
)
|
||||||
|
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -15,6 +15,7 @@ import com.r3.corda.networkmanage.common.persistence.configureDatabase
|
|||||||
import com.r3.corda.networkmanage.common.utils.ShowHelpException
|
import com.r3.corda.networkmanage.common.utils.ShowHelpException
|
||||||
import com.r3.corda.networkmanage.common.utils.initialiseSerialization
|
import com.r3.corda.networkmanage.common.utils.initialiseSerialization
|
||||||
import com.r3.corda.networkmanage.common.utils.parseConfig
|
import com.r3.corda.networkmanage.common.utils.parseConfig
|
||||||
|
import com.r3.corda.networkmanage.hsm.configuration.ManualMode
|
||||||
import com.r3.corda.networkmanage.hsm.configuration.SigningServiceArgsParser
|
import com.r3.corda.networkmanage.hsm.configuration.SigningServiceArgsParser
|
||||||
import com.r3.corda.networkmanage.hsm.configuration.SigningServiceConfig
|
import com.r3.corda.networkmanage.hsm.configuration.SigningServiceConfig
|
||||||
import com.r3.corda.networkmanage.hsm.processor.CrrProcessor
|
import com.r3.corda.networkmanage.hsm.processor.CrrProcessor
|
||||||
@ -60,8 +61,9 @@ fun main(args: Array<String>) {
|
|||||||
if (config.networkMap != null) {
|
if (config.networkMap != null) {
|
||||||
NetworkMapProcessor(config.networkMap, config.device, config.keySpecifier, persistence).run()
|
NetworkMapProcessor(config.networkMap, config.device, config.keySpecifier, persistence).run()
|
||||||
} else if (config.doorman != null) {
|
} else if (config.doorman != null) {
|
||||||
CsrProcessor(config.doorman, config.device, config.keySpecifier, persistence).showMenu()
|
when (config.doorman.mode) {
|
||||||
} else if (config.doorman != null) {
|
ManualMode.CSR -> CsrProcessor(config.doorman, config.device, config.keySpecifier, persistence).showMenu()
|
||||||
CrrProcessor(config.doorman, config.device, config.keySpecifier).showMenu()
|
ManualMode.CRL -> CrrProcessor(config.doorman, config.device, config.keySpecifier).showMenu()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -60,6 +60,7 @@ data class NetworkMapCertificateConfig(val username: String,
|
|||||||
data class DoormanCertificateConfig(val crlDistributionPoint: URL,
|
data class DoormanCertificateConfig(val crlDistributionPoint: URL,
|
||||||
val crlServerSocketAddress: NetworkHostAndPort,
|
val crlServerSocketAddress: NetworkHostAndPort,
|
||||||
val crlUpdatePeriod: Long,
|
val crlUpdatePeriod: Long,
|
||||||
|
val mode: ManualMode,
|
||||||
val keyGroup:String,
|
val keyGroup:String,
|
||||||
val validDays: Int,
|
val validDays: Int,
|
||||||
val rootKeyStoreFile: Path,
|
val rootKeyStoreFile: Path,
|
||||||
@ -70,6 +71,11 @@ data class DoormanCertificateConfig(val crlDistributionPoint: URL,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
enum class ManualMode {
|
||||||
|
CRL, // Run manual mode for the certificate revocation list.
|
||||||
|
CSR // Run manual mode for the certificate signing requests.
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authentication related parameters.
|
* Authentication related parameters.
|
||||||
*/
|
*/
|
||||||
|
Loading…
Reference in New Issue
Block a user