mirror of
https://github.com/corda/corda.git
synced 2025-01-13 16:30:25 +00:00
Fixing CRR signing execution mode (#677)
* Fixing CRR signing execution mode * Addressing review comments
This commit is contained in:
parent
ed7e9e64cf
commit
c4df6b0c85
@ -34,7 +34,7 @@ Allowed parameters are:
|
||||
|
||||
:dataSourceProperties: Data source properties. It should describe (or point to) the Doorman database.
|
||||
|
||||
:doorman: CSR signing process configuration parameters. If specified, the signing service will sign approved CSRs.
|
||||
:doorman: CSR signing process configuration parameters. If specified, the signing service will sign CRL or approved CSRs depending on the operating mode defined in the mode parameter.
|
||||
|
||||
:validDays: Number of days issued signatures are valid for.
|
||||
|
||||
@ -44,6 +44,12 @@ Allowed parameters are:
|
||||
|
||||
:keyGroup: HSM key group for the doorman certificate key. This parameter is vendor specific (see Utimaco docs).
|
||||
|
||||
:mode: Manual HSM signing mode. Allowed values:
|
||||
|
||||
:CSR: Run the signing service for the certificate signing requests.
|
||||
|
||||
:CRL: Run the signing service for the certificate revocation list.
|
||||
|
||||
:crlDistributionPoint: Certificate revocation list location for the node CA certificate.
|
||||
|
||||
:crlServerSocketAddress: Address of the socket connection serving the certificate revocation list.
|
||||
|
@ -7,6 +7,7 @@ doorman {
|
||||
crlServerSocketAddress = "test.com:2333"
|
||||
crlUpdatePeriod = 200000
|
||||
validDays = 3650
|
||||
mode = CSR
|
||||
rootKeyStoreFile = "dummyfile.jks"
|
||||
rootKeyStorePassword = "trustpass"
|
||||
keyGroup = "DEV.CORDACONNECT.OPS.CERT"
|
||||
|
@ -15,10 +15,7 @@ import com.nhaarman.mockito_kotlin.mock
|
||||
import com.nhaarman.mockito_kotlin.whenever
|
||||
import com.r3.corda.networkmanage.HsmSimulator
|
||||
import com.r3.corda.networkmanage.hsm.authentication.InputReader
|
||||
import com.r3.corda.networkmanage.hsm.configuration.AuthParametersConfig
|
||||
import com.r3.corda.networkmanage.hsm.configuration.DoormanCertificateConfig
|
||||
import com.r3.corda.networkmanage.hsm.configuration.NetworkMapCertificateConfig
|
||||
import com.r3.corda.networkmanage.hsm.configuration.SigningServiceConfig
|
||||
import com.r3.corda.networkmanage.hsm.configuration.*
|
||||
import com.r3.corda.networkmanage.hsm.generator.CertificateConfiguration
|
||||
import com.r3.corda.networkmanage.hsm.generator.GeneratorParameters
|
||||
import com.r3.corda.networkmanage.hsm.generator.UserAuthenticationParameters
|
||||
@ -149,6 +146,7 @@ abstract class HsmBaseTest {
|
||||
crlDistributionPoint = URL("http://test.com/revoked.crl"),
|
||||
crlServerSocketAddress = NetworkHostAndPort("test.com", 4555),
|
||||
crlUpdatePeriod = 1000,
|
||||
mode = ManualMode.CSR,
|
||||
authParameters = AuthParametersConfig(
|
||||
mode = SigningServiceAuthMode.PASSWORD,
|
||||
threshold = 2
|
||||
@ -165,7 +163,6 @@ abstract class HsmBaseTest {
|
||||
password = "INTEGRATION_TEST",
|
||||
threshold = 2
|
||||
)
|
||||
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -15,6 +15,7 @@ import com.r3.corda.networkmanage.common.persistence.configureDatabase
|
||||
import com.r3.corda.networkmanage.common.utils.ShowHelpException
|
||||
import com.r3.corda.networkmanage.common.utils.initialiseSerialization
|
||||
import com.r3.corda.networkmanage.common.utils.parseConfig
|
||||
import com.r3.corda.networkmanage.hsm.configuration.ManualMode
|
||||
import com.r3.corda.networkmanage.hsm.configuration.SigningServiceArgsParser
|
||||
import com.r3.corda.networkmanage.hsm.configuration.SigningServiceConfig
|
||||
import com.r3.corda.networkmanage.hsm.processor.CrrProcessor
|
||||
@ -60,8 +61,9 @@ fun main(args: Array<String>) {
|
||||
if (config.networkMap != null) {
|
||||
NetworkMapProcessor(config.networkMap, config.device, config.keySpecifier, persistence).run()
|
||||
} else if (config.doorman != null) {
|
||||
CsrProcessor(config.doorman, config.device, config.keySpecifier, persistence).showMenu()
|
||||
} else if (config.doorman != null) {
|
||||
CrrProcessor(config.doorman, config.device, config.keySpecifier).showMenu()
|
||||
when (config.doorman.mode) {
|
||||
ManualMode.CSR -> CsrProcessor(config.doorman, config.device, config.keySpecifier, persistence).showMenu()
|
||||
ManualMode.CRL -> CrrProcessor(config.doorman, config.device, config.keySpecifier).showMenu()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -60,6 +60,7 @@ data class NetworkMapCertificateConfig(val username: String,
|
||||
data class DoormanCertificateConfig(val crlDistributionPoint: URL,
|
||||
val crlServerSocketAddress: NetworkHostAndPort,
|
||||
val crlUpdatePeriod: Long,
|
||||
val mode: ManualMode,
|
||||
val keyGroup:String,
|
||||
val validDays: Int,
|
||||
val rootKeyStoreFile: Path,
|
||||
@ -70,6 +71,11 @@ data class DoormanCertificateConfig(val crlDistributionPoint: URL,
|
||||
}
|
||||
}
|
||||
|
||||
enum class ManualMode {
|
||||
CRL, // Run manual mode for the certificate revocation list.
|
||||
CSR // Run manual mode for the certificate signing requests.
|
||||
}
|
||||
|
||||
/**
|
||||
* Authentication related parameters.
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user