ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-14 13:18:18 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Addressing some of the technical debt

Browse Source
This commit is contained in:
Shams Asari
2017-12-06 22:01:41 +00:00
parent 89256a7f16
commit cb11379d98
17 changed files with 23 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/test/kotlin/net/corda/core/crypto/X509NameConstraintsTest.kt
View File

@ -50,7 +50,7 @@ class X509NameConstraintsTest {
val nameConstraints = NameConstraints(acceptableNames, arrayOf()) val nameConstraints = NameConstraints(acceptableNames, arrayOf())
val pathValidator = CertPathValidator.getInstance("PKIX") val pathValidator = CertPathValidator.getInstance("PKIX")
val certFactory = X509CertificateFactory().delegate val certFactory = X509CertificateFactory()
assertFailsWith(CertPathValidatorException::class) { assertFailsWith(CertPathValidatorException::class) {
val (keystore, trustStore) = makeKeyStores(X500Name("CN=Bank B"), nameConstraints) val (keystore, trustStore) = makeKeyStores(X500Name("CN=Bank B"), nameConstraints)

2
node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/KeyStoreWrapper.kt
View File

@ -19,7 +19,7 @@ class KeyStoreWrapper(private val storePath: Path, private val storePassword: St
val clientCA = certificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA) val clientCA = certificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA)
// Create new keys and store in keystore. // Create new keys and store in keystore.
val cert = X509Utilities.createCertificate(CertificateType.IDENTITY, clientCA.certificate, clientCA.keyPair, serviceName, pubKey) val cert = X509Utilities.createCertificate(CertificateType.IDENTITY, clientCA.certificate, clientCA.keyPair, serviceName, pubKey)
val certPath = X509CertificateFactory().delegate.generateCertPath(listOf(cert.cert) + clientCertPath) val certPath = X509CertificateFactory().generateCertPath(cert.cert, *clientCertPath)
require(certPath.certificates.isNotEmpty()) { "Certificate path cannot be empty" } require(certPath.certificates.isNotEmpty()) { "Certificate path cannot be empty" }
// TODO: X509Utilities.validateCertificateChain() // TODO: X509Utilities.validateCertificateChain()
return certPath return certPath

8
node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509Utilities.kt
View File

@ -151,7 +151,7 @@ object X509Utilities {
require(certificates.isNotEmpty()) { "Certificate path must contain at least one certificate" } require(certificates.isNotEmpty()) { "Certificate path must contain at least one certificate" }
val params = PKIXParameters(setOf(TrustAnchor(trustedRoot, null))) val params = PKIXParameters(setOf(TrustAnchor(trustedRoot, null)))
params.isRevocationEnabled = false params.isRevocationEnabled = false
val certPath = X509CertificateFactory().delegate.generateCertPath(certificates.toList()) val certPath = X509CertificateFactory().generateCertPath(*certificates)
val pathValidator = CertPathValidator.getInstance("PKIX") val pathValidator = CertPathValidator.getInstance("PKIX")
pathValidator.validate(certPath, params) pathValidator.validate(certPath, params)
} }
@ -308,11 +308,15 @@ object X509Utilities {
*/ */
class X509CertificateFactory { class X509CertificateFactory {
val delegate: CertificateFactory = CertificateFactory.getInstance("X.509") val delegate: CertificateFactory = CertificateFactory.getInstance("X.509")
fun generateCertificate(input: InputStream): X509Certificate { fun generateCertificate(input: InputStream): X509Certificate {
return delegate.generateCertificate(input) as X509Certificate return delegate.generateCertificate(input) as X509Certificate
} }
// TODO migrate calls to [CertificateFactory#generateCertPath] to call this instead. fun generateCertPath(certificates: List<Certificate>): CertPath {
return delegate.generateCertPath(certificates)
}
fun generateCertPath(vararg certificates: Certificate): CertPath { fun generateCertPath(vararg certificates: Certificate): CertPath {
return delegate.generateCertPath(certificates.asList()) return delegate.generateCertPath(certificates.asList())
} }

2
node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/X509UtilitiesTest.kt
View File

@ -433,7 +433,7 @@ class X509UtilitiesTest {
val rootCAKey = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME) val rootCAKey = Crypto.generateKeyPair(X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME)
val rootCACert = X509Utilities.createSelfSignedCACertificate(ALICE.name, rootCAKey) val rootCACert = X509Utilities.createSelfSignedCACertificate(ALICE.name, rootCAKey)
val certificate = X509Utilities.createCertificate(CertificateType.TLS, rootCACert, rootCAKey, BOB.name.x500Name, BOB_PUBKEY) val certificate = X509Utilities.createCertificate(CertificateType.TLS, rootCACert, rootCAKey, BOB.name.x500Name, BOB_PUBKEY)
val expected = X509CertificateFactory().delegate.generateCertPath(listOf(certificate.cert, rootCACert.cert)) val expected = X509CertificateFactory().generateCertPath(certificate.cert, rootCACert.cert)
val serialized = expected.serialize(factory, context).bytes val serialized = expected.serialize(factory, context).bytes
val actual: CertPath = serialized.deserialize(factory, context) val actual: CertPath = serialized.deserialize(factory, context)
assertEquals(expected, actual) assertEquals(expected, actual)

5
node/src/integration-test/kotlin/net/corda/node/services/network/NetworkMapClientTest.kt → node/src/integration-test/kotlin/net/corda/node/services/network/NetworkMapTest.kt
View File

@ -15,8 +15,7 @@ import org.junit.Before
import org.junit.Test import org.junit.Test
import java.net.URL import java.net.URL
// TODO There is a unit test class with the same name. Rename this to something else. class NetworkMapTest {
class NetworkMapClientTest {
private val cacheTimeout = 1.seconds private val cacheTimeout = 1.seconds
private val portAllocation = PortAllocation.Incremental(10000) private val portAllocation = PortAllocation.Incremental(10000)
@ -27,7 +26,7 @@ class NetworkMapClientTest {
fun start() { fun start() {
networkMapServer = NetworkMapServer(cacheTimeout, portAllocation.nextHostAndPort()) networkMapServer = NetworkMapServer(cacheTimeout, portAllocation.nextHostAndPort())
val address = networkMapServer.start() val address = networkMapServer.start()
compatibilityZone = CompatibilityZoneParams(URL("http://$address"), rootCert = null) compatibilityZone = CompatibilityZoneParams(URL("http://$address"))
} }
@After @After

5
node/src/integration-test/kotlin/net/corda/node/utilities/registration/NetworkRegistrationHelperDriverTest.kt → node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt
View File

@ -35,8 +35,7 @@ import javax.ws.rs.*
import javax.ws.rs.core.MediaType import javax.ws.rs.core.MediaType
import javax.ws.rs.core.Response import javax.ws.rs.core.Response
// TODO Rename this to NodeRegistrationTest class NodeRegistrationTest {
class NetworkRegistrationHelperDriverTest {
private val portAllocation = PortAllocation.Incremental(13000) private val portAllocation = PortAllocation.Incremental(13000)
private val rootCertAndKeyPair = createSelfKeyAndSelfSignedCertificate() private val rootCertAndKeyPair = createSelfKeyAndSelfSignedCertificate()
private val registrationHandler = RegistrationHandler(rootCertAndKeyPair) private val registrationHandler = RegistrationHandler(rootCertAndKeyPair)
@ -48,7 +47,7 @@ class NetworkRegistrationHelperDriverTest {
fun startServer() { fun startServer() {
server = NetworkMapServer(1.minutes, portAllocation.nextHostAndPort(), registrationHandler) server = NetworkMapServer(1.minutes, portAllocation.nextHostAndPort(), registrationHandler)
val address = server.start() val address = server.start()
compatibilityZone = CompatibilityZoneParams(URL("http://$address"), rootCertAndKeyPair.certificate.cert) compatibilityZone = CompatibilityZoneParams(URL("http://$address"), rootCert = rootCertAndKeyPair.certificate.cert)
} }
@After @After

2
node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
View File

@ -718,7 +718,7 @@ abstract class AbstractNode(val configuration: NodeConfiguration,
throw ConfigurationException("The name '$singleName' for $id doesn't match what's in the key store: $subject") throw ConfigurationException("The name '$singleName' for $id doesn't match what's in the key store: $subject")
} }
val certPath = X509CertificateFactory().delegate.generateCertPath(certificates) val certPath = X509CertificateFactory().generateCertPath(certificates)
return Pair(PartyAndCertificate(certPath), keyPair) return Pair(PartyAndCertificate(certPath), keyPair)
} }

2
node/src/main/kotlin/net/corda/node/services/identity/InMemoryIdentityService.kt
View File

@ -79,7 +79,7 @@ class InMemoryIdentityService(identities: Iterable<PartyAndCertificate> = emptyS
if (firstCertWithThisName != identity.certificate) { if (firstCertWithThisName != identity.certificate) {
val certificates = identity.certPath.certificates val certificates = identity.certPath.certificates
val idx = certificates.lastIndexOf(firstCertWithThisName) val idx = certificates.lastIndexOf(firstCertWithThisName)
val firstPath = X509CertificateFactory().delegate.generateCertPath(certificates.slice(idx until certificates.size)) val firstPath = X509CertificateFactory().generateCertPath(certificates.slice(idx until certificates.size))
verifyAndRegisterIdentity(PartyAndCertificate(firstPath)) verifyAndRegisterIdentity(PartyAndCertificate(firstPath))
} }

2
node/src/main/kotlin/net/corda/node/services/identity/PersistentIdentityService.kt
View File

@ -134,7 +134,7 @@ class PersistentIdentityService(override val trustRoot: X509Certificate,
if (firstCertWithThisName != identity.certificate) { if (firstCertWithThisName != identity.certificate) {
val certificates = identity.certPath.certificates val certificates = identity.certPath.certificates
val idx = certificates.lastIndexOf(firstCertWithThisName) val idx = certificates.lastIndexOf(firstCertWithThisName)
val firstPath = X509CertificateFactory().delegate.generateCertPath(certificates.slice(idx until certificates.size)) val firstPath = X509CertificateFactory().generateCertPath(certificates.slice(idx until certificates.size))
verifyAndRegisterIdentity(PartyAndCertificate(firstPath)) verifyAndRegisterIdentity(PartyAndCertificate(firstPath))
} }

2
node/src/main/kotlin/net/corda/node/services/keys/KMSUtils.kt
View File

@ -37,7 +37,7 @@ fun freshCertificate(identityService: IdentityService,
val window = X509Utilities.getCertificateValidityWindow(Duration.ZERO, 3650.days, issuerCert) val window = X509Utilities.getCertificateValidityWindow(Duration.ZERO, 3650.days, issuerCert)
val ourCertificate = X509Utilities.createCertificate(CertificateType.IDENTITY, issuerCert.subject, val ourCertificate = X509Utilities.createCertificate(CertificateType.IDENTITY, issuerCert.subject,
issuerSigner, issuer.name, subjectPublicKey, window) issuerSigner, issuer.name, subjectPublicKey, window)
val ourCertPath = X509CertificateFactory().delegate.generateCertPath(listOf(ourCertificate.cert) + issuer.certPath.certificates) val ourCertPath = X509CertificateFactory().generateCertPath(listOf(ourCertificate.cert) + issuer.certPath.certificates)
val anonymisedIdentity = PartyAndCertificate(ourCertPath) val anonymisedIdentity = PartyAndCertificate(ourCertPath)
identityService.verifyAndRegisterIdentity(anonymisedIdentity) identityService.verifyAndRegisterIdentity(anonymisedIdentity)
return anonymisedIdentity return anonymisedIdentity

2
node/src/test/kotlin/net/corda/node/services/identity/InMemoryIdentityServiceTests.kt
View File

@ -159,7 +159,7 @@ class InMemoryIdentityServiceTests {
val issuer = getTestPartyAndCertificate(x500Name, issuerKeyPair.public, ca) val issuer = getTestPartyAndCertificate(x500Name, issuerKeyPair.public, ca)
val txKey = Crypto.generateKeyPair() val txKey = Crypto.generateKeyPair()
val txCert = X509Utilities.createCertificate(CertificateType.IDENTITY, issuer.certificate.toX509CertHolder(), issuerKeyPair, x500Name, txKey.public) val txCert = X509Utilities.createCertificate(CertificateType.IDENTITY, issuer.certificate.toX509CertHolder(), issuerKeyPair, x500Name, txKey.public)
val txCertPath = X509CertificateFactory().delegate.generateCertPath(listOf(txCert.cert) + issuer.certPath.certificates) val txCertPath = X509CertificateFactory().generateCertPath(listOf(txCert.cert) + issuer.certPath.certificates)
return Pair(issuer, PartyAndCertificate(txCertPath)) return Pair(issuer, PartyAndCertificate(txCertPath))
} }

2
node/src/test/kotlin/net/corda/node/services/identity/PersistentIdentityServiceTests.kt
View File

@ -257,7 +257,7 @@ class PersistentIdentityServiceTests {
val issuer = getTestPartyAndCertificate(x500Name, issuerKeyPair.public, ca) val issuer = getTestPartyAndCertificate(x500Name, issuerKeyPair.public, ca)
val txKey = Crypto.generateKeyPair() val txKey = Crypto.generateKeyPair()
val txCert = X509Utilities.createCertificate(CertificateType.IDENTITY, issuer.certificate.toX509CertHolder(), issuerKeyPair, x500Name, txKey.public) val txCert = X509Utilities.createCertificate(CertificateType.IDENTITY, issuer.certificate.toX509CertHolder(), issuerKeyPair, x500Name, txKey.public)
val txCertPath = X509CertificateFactory().delegate.generateCertPath(listOf(txCert.cert) + issuer.certPath.certificates) val txCertPath = X509CertificateFactory().generateCertPath(listOf(txCert.cert) + issuer.certPath.certificates)
return Pair(issuer, PartyAndCertificate(txCertPath)) return Pair(issuer, PartyAndCertificate(txCertPath))
} }

2
node/src/test/kotlin/net/corda/node/services/network/TestNodeInfoFactory.kt
View File

@ -39,7 +39,7 @@ object TestNodeInfoFactory {
} }
private fun buildCertPath(vararg certificates: Certificate): CertPath { private fun buildCertPath(vararg certificates: Certificate): CertPath {
return X509CertificateFactory().delegate.generateCertPath(certificates.asList()) return X509CertificateFactory().generateCertPath(*certificates)
} }
private fun X509CertificateHolder.toX509Certificate(): X509Certificate { private fun X509CertificateHolder.toX509Certificate(): X509Certificate {

2
testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
View File

@ -383,7 +383,7 @@ fun <A> driver(
* @property rootCert If specified then the node will register itself using [url] and expect the registration response * @property rootCert If specified then the node will register itself using [url] and expect the registration response
* to be rooted at this cert. * to be rooted at this cert.
*/ */
data class CompatibilityZoneParams(val url: URL, val rootCert: X509Certificate?) data class CompatibilityZoneParams(val url: URL, val rootCert: X509Certificate? = null)
fun <A> internalDriver( fun <A> internalDriver(
isDebug: Boolean = DriverParameters().isDebug, isDebug: Boolean = DriverParameters().isDebug,

1
testing/node-driver/src/main/kotlin/net/corda/testing/internal/demorun/DemoRunner.kt
View File

@ -18,7 +18,6 @@ fun CordformDefinition.clean() {
* Deploy the nodes specified in the given [CordformDefinition]. This will block until all the nodes and webservers * Deploy the nodes specified in the given [CordformDefinition]. This will block until all the nodes and webservers
* have terminated. * have terminated.
*/ */
// TODO add notaries to cordform!
fun CordformDefinition.deployNodes() { fun CordformDefinition.deployNodes() {
runNodes(waitForAllNodesToFinish = true) { } runNodes(waitForAllNodesToFinish = true) { }
} }

3
testing/node-driver/src/main/kotlin/net/corda/testing/node/network/NetworkMapServer.kt
View File

@ -70,12 +70,11 @@ class NetworkMapServer(cacheTimeout: Duration,
register(service) register(service)
additionalServices.forEach { register(it) } additionalServices.forEach { register(it) }
} }
val jerseyServlet = ServletHolder(ServletContainer(resourceConfig)).apply { initOrder = 0 }// Initialise at server start val jerseyServlet = ServletHolder(ServletContainer(resourceConfig)).apply { initOrder = 0 } // Initialise at server start
addServlet(jerseyServlet, "/*") addServlet(jerseyServlet, "/*")
}) })
} }
} }
} }
fun start(): NetworkHostAndPort { fun start(): NetworkHostAndPort {

2
testing/test-utils/src/main/kotlin/net/corda/testing/CoreTestUtils.kt
View File

@ -131,7 +131,7 @@ fun configureTestSSL(legalName: CordaX500Name = MEGA_CORP.name): SSLConfiguratio
fun getTestPartyAndCertificate(party: Party, trustRoot: CertificateAndKeyPair = DEV_CA): PartyAndCertificate { fun getTestPartyAndCertificate(party: Party, trustRoot: CertificateAndKeyPair = DEV_CA): PartyAndCertificate {
val certHolder = X509Utilities.createCertificate(CertificateType.IDENTITY, trustRoot.certificate, trustRoot.keyPair, party.name, party.owningKey) val certHolder = X509Utilities.createCertificate(CertificateType.IDENTITY, trustRoot.certificate, trustRoot.keyPair, party.name, party.owningKey)
val certPath = X509CertificateFactory().delegate.generateCertPath(listOf(certHolder.cert, trustRoot.certificate.cert)) val certPath = X509CertificateFactory().generateCertPath(certHolder.cert, trustRoot.certificate.cert)
return PartyAndCertificate(certPath) return PartyAndCertificate(certPath)
} }