Fixing CRR signing execution mode (#677)

* Fixing CRR signing execution mode * Addressing review comments
2024-12-26 16:11:12 +00:00 · 2018-04-06 17:00:47 +01:00 · 2018-04-06 17:00:47 +01:00 · c4df6b0c85
commit c4df6b0c85
parent ed7e9e64cf
5 changed files with 21 additions and 9 deletions
--- a/docs/source/running-signing-service.rst
+++ b/docs/source/running-signing-service.rst
@ -34,7 +34,7 @@ Allowed parameters are:

 :dataSourceProperties: Data source properties. It should describe (or point to) the Doorman database.

-:doorman: CSR signing process configuration parameters. If specified, the signing service will sign approved CSRs.
+:doorman: CSR signing process configuration parameters. If specified, the signing service will sign CRL or approved CSRs depending on the operating mode defined in the mode parameter.

    :validDays: Number of days issued signatures are valid for.

@ -44,6 +44,12 @@ Allowed parameters are:

    :keyGroup: HSM key group for the doorman certificate key. This parameter is vendor specific (see Utimaco docs).

+    :mode: Manual HSM signing mode. Allowed values:
+
+        :CSR: Run the signing service for the certificate signing requests.
+
+        :CRL: Run the signing service for the certificate revocation list.
+
    :crlDistributionPoint: Certificate revocation list location for the node CA certificate.

    :crlServerSocketAddress: Address of the socket connection serving the certificate revocation list.
--- a/network-management/hsm-for-doorman.conf
+++ b/network-management/hsm-for-doorman.conf
@ -7,6 +7,7 @@ doorman {
    crlServerSocketAddress = "test.com:2333"
    crlUpdatePeriod = 200000
    validDays = 3650
+    mode = CSR
    rootKeyStoreFile = "dummyfile.jks"
    rootKeyStorePassword = "trustpass"
    keyGroup = "DEV.CORDACONNECT.OPS.CERT"
--- a/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/common/HsmBaseTest.kt
+++ b/network-management/src/integration-test/kotlin/com/r3/corda/networkmanage/common/HsmBaseTest.kt
@ -15,10 +15,7 @@ import com.nhaarman.mockito_kotlin.mock
 import com.nhaarman.mockito_kotlin.whenever
 import com.r3.corda.networkmanage.HsmSimulator
 import com.r3.corda.networkmanage.hsm.authentication.InputReader
-import com.r3.corda.networkmanage.hsm.configuration.AuthParametersConfig
-import com.r3.corda.networkmanage.hsm.configuration.DoormanCertificateConfig
-import com.r3.corda.networkmanage.hsm.configuration.NetworkMapCertificateConfig
-import com.r3.corda.networkmanage.hsm.configuration.SigningServiceConfig
+import com.r3.corda.networkmanage.hsm.configuration.*
 import com.r3.corda.networkmanage.hsm.generator.CertificateConfiguration
 import com.r3.corda.networkmanage.hsm.generator.GeneratorParameters
 import com.r3.corda.networkmanage.hsm.generator.UserAuthenticationParameters
@ -149,6 +146,7 @@ abstract class HsmBaseTest {
                crlDistributionPoint = URL("http://test.com/revoked.crl"),
                crlServerSocketAddress = NetworkHostAndPort("test.com", 4555),
                crlUpdatePeriod = 1000,
+                mode = ManualMode.CSR,
                authParameters = AuthParametersConfig(
                        mode = SigningServiceAuthMode.PASSWORD,
                        threshold = 2
@ -165,7 +163,6 @@ abstract class HsmBaseTest {
                        password = "INTEGRATION_TEST",
                        threshold = 2
                )
-
        )
    }

--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt
@ -15,6 +15,7 @@ import com.r3.corda.networkmanage.common.persistence.configureDatabase
 import com.r3.corda.networkmanage.common.utils.ShowHelpException
 import com.r3.corda.networkmanage.common.utils.initialiseSerialization
 import com.r3.corda.networkmanage.common.utils.parseConfig
+import com.r3.corda.networkmanage.hsm.configuration.ManualMode
 import com.r3.corda.networkmanage.hsm.configuration.SigningServiceArgsParser
 import com.r3.corda.networkmanage.hsm.configuration.SigningServiceConfig
 import com.r3.corda.networkmanage.hsm.processor.CrrProcessor
@ -60,8 +61,9 @@ fun main(args: Array<String>) {
    if (config.networkMap != null) {
        NetworkMapProcessor(config.networkMap, config.device, config.keySpecifier, persistence).run()
    } else if (config.doorman != null) {
-        CsrProcessor(config.doorman, config.device, config.keySpecifier, persistence).showMenu()
-    } else if (config.doorman != null) {
-        CrrProcessor(config.doorman, config.device, config.keySpecifier).showMenu()
+        when (config.doorman.mode) {
+            ManualMode.CSR -> CsrProcessor(config.doorman, config.device, config.keySpecifier, persistence).showMenu()
+            ManualMode.CRL -> CrrProcessor(config.doorman, config.device, config.keySpecifier).showMenu()
+        }
    }
 }
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/SigningServiceConfig.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/SigningServiceConfig.kt
@ -60,6 +60,7 @@ data class NetworkMapCertificateConfig(val username: String,
 data class DoormanCertificateConfig(val crlDistributionPoint: URL,
                                    val crlServerSocketAddress: NetworkHostAndPort,
                                    val crlUpdatePeriod: Long,
+                                    val mode: ManualMode,
                                    val keyGroup:String,
                                    val validDays: Int,
                                    val rootKeyStoreFile: Path,
@ -70,6 +71,11 @@ data class DoormanCertificateConfig(val crlDistributionPoint: URL,
    }
 }

+enum class ManualMode {
+    CRL, // Run manual mode for the certificate revocation list.
+    CSR  // Run manual mode for the certificate signing requests.
+}
+
 /**
 * Authentication related parameters.
 */