ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-02-14 14:42:32 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Small refactoring of the HSM certificate generator (#869)

Browse Source 
* Small refactoring of the HSM certificate generator

* Updating docs
This commit is contained in:
Michal Kit 2018-05-22 16:27:51 +01:00 committed by GitHub
parent 9446d8093d
commit c4f9f1cb68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/source/running-hsm-cert-generator.rst
View File

@ -28,10 +28,10 @@ Allowed parameters are:
:certConfig: Certificate specific configuration. See below section on Certificate Configuration.
:trustStoreDirectory: Path to the directory where the generated trust store should be placed.
The name of the generated file is "truststore.jks".
The name of the generated file is "network-root-truststore.jks".
If the trust store file does not exist, it will be created.
IMPORTANT - This trust store is intended to be distributed across the nodes.
Nodes are hardcoded to use "truststore.jks" file as the trust store name.
Nodes are hardcoded to use "network-root-truststore.jks" file as the trust store name.
As such, it is required that the file name is as the one expected by nodes.
:trustStorePassword: Password for the generated trust store.

1
network-management/src/main/kotlin/com/r3/corda/networkmanage/common/utils/Utils.kt
View File

@ -36,6 +36,7 @@ import java.security.cert.CertPath
import java.security.cert.X509Certificate
const val CORDA_NETWORK_MAP = "cordanetworkmap"
const val NETWORK_ROOT_TRUSTSTORE_FILENAME = "network-root-truststore.jks"
val logger: Logger = LoggerFactory.getLogger("com.r3.corda.networkmanage.common.utils")

2
network-management/src/main/kotlin/com/r3/corda/networkmanage/doorman/NetworkManagementUtilities.kt
View File

@ -11,6 +11,7 @@
package com.r3.corda.networkmanage.doorman
import com.r3.corda.networkmanage.common.utils.CORDA_NETWORK_MAP
import com.r3.corda.networkmanage.common.utils.NETWORK_ROOT_TRUSTSTORE_FILENAME
import com.r3.corda.networkmanage.common.utils.createSignedCrl
import com.r3.corda.networkmanage.doorman.signer.LocalSigner
import net.corda.core.crypto.Crypto
@ -34,7 +35,6 @@ import kotlin.system.exitProcess
// TODO The cert subjects need to be configurable
const val CORDA_X500_BASE = "O=R3 HoldCo LLC,OU=Corda,L=New York,C=US"
const val NETWORK_ROOT_TRUSTSTORE_FILENAME = "network-root-truststore.jks"
/** Read password from console, do a readLine instead if console is null (e.g. when debugging in IDE). */
internal fun readPassword(fmt: String): String {

3
network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/generator/KeyCertificateGenerator.kt
View File

@ -14,6 +14,7 @@ import CryptoServerCXI.CryptoServerCXI.KEY_ALGO_ECDSA
import CryptoServerCXI.CryptoServerCXI.KeyAttributes
import CryptoServerJCE.CryptoServerProvider
import com.r3.corda.networkmanage.common.utils.CORDA_NETWORK_MAP
import com.r3.corda.networkmanage.common.utils.NETWORK_ROOT_TRUSTSTORE_FILENAME
import com.r3.corda.networkmanage.hsm.utils.HsmX509Utilities.cleanEcdsaPublicKey
import com.r3.corda.networkmanage.hsm.utils.HsmX509Utilities.createIntermediateCert
import com.r3.corda.networkmanage.hsm.utils.HsmX509Utilities.createSelfSignedCert
@ -89,7 +90,7 @@ class KeyCertificateGenerator(private val parameters: GeneratorParameters) {
crlDistributionUrl,
crlIssuer?.let { X500Name(it) })
logger.info("Created root cert:\n$rootCert")
val trustStorePath = networkRootTrustStoreDirectory / "truststore.jks"
val trustStorePath = networkRootTrustStoreDirectory / NETWORK_ROOT_TRUSTSTORE_FILENAME
X509KeyStore.fromFile(trustStorePath, networkRootTrustStorePassword, createNew = true).update {
setCertificate(CORDA_ROOT_CA, rootCert)
}

2
network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/generator/Main.kt
View File

@ -40,7 +40,7 @@ fun run(parameters: GeneratorParameters) {
val rootProviderConfig = CryptoServerProviderConfig(
Device = "$hsmPort@$hsmHost",
KeySpecifier = certConfig.keySpecifier,
KeyGroup = certConfig.rootKeyGroup!!,
KeyGroup = requireNotNull(certConfig.rootKeyGroup) { "rootKeyGroup needs to be specified." },
StoreKeysExternal = certConfig.storeKeysExternal)
AutoAuthenticator(rootProviderConfig, userConfigs).connectAndAuthenticate { rootProvider ->
generator.generate(provider, rootProvider)