diff --git a/docs/source/corda-configuration-file.rst b/docs/source/corda-configuration-file.rst index e62f7103b3..bb76acadc8 100644 --- a/docs/source/corda-configuration-file.rst +++ b/docs/source/corda-configuration-file.rst @@ -297,6 +297,9 @@ absolute path to the node's base directory. .. _Dropwizard: https://metrics.dropwizard.io/3.2.3/manual/third-party.html .. _Introduction to New Relic for Java: https://docs.newrelic.com/docs/agents/java-agent/getting-started/introduction-new-relic-java +:useOpenSsl: If set to true, the node will use a native SSL implementation for TLS rather than the JVM SSL. The native SSL library currently + shipped with Corda Enterprise is BoringSsl. The default is to use JVM SSL, i.e. the flag being set to ``false``. + :enterpriseConfiguration: Allows fine-grained controls of various features only available in the enterprise version of Corda. :tuning: Performance tuning parameters for Corda Enterprise diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/AliasProvidingKeyMangerWrapper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/AliasProvidingKeyMangerWrapper.kt index aaa36c3f3f..4f44869212 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/AliasProvidingKeyMangerWrapper.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/AliasProvidingKeyMangerWrapper.kt @@ -2,8 +2,6 @@ package net.corda.nodeapi.internal.protonwrapper.netty import java.net.Socket import java.security.Principal -import java.security.PrivateKey -import java.security.cert.X509Certificate import javax.net.ssl.SSLEngine import javax.net.ssl.X509ExtendedKeyManager import javax.net.ssl.X509KeyManager @@ -13,31 +11,15 @@ interface AliasProvidingKeyMangerWrapper : X509KeyManager { } -class AliasProvidingKeyMangerWrapperImpl(private val keyManager: X509KeyManager) : AliasProvidingKeyMangerWrapper { +class AliasProvidingKeyMangerWrapperImpl(private val keyManager: X509KeyManager) : AliasProvidingKeyMangerWrapper, X509KeyManager by keyManager { override var lastAlias: String? = null - override fun getClientAliases(p0: String?, p1: Array?): Array { - return keyManager.getClientAliases(p0, p1) + override fun chooseServerAlias(keyType: String?, issuers: Array?, socket: Socket?): String? { + return storeIfNotNull { keyManager.chooseServerAlias(keyType, issuers, socket) } } - override fun getServerAliases(p0: String?, p1: Array?): Array { - return getServerAliases(p0, p1) - } - - override fun chooseServerAlias(p0: String?, p1: Array?, p2: Socket?): String? { - return storeIfNotNull { keyManager.chooseServerAlias(p0, p1, p2) } - } - - override fun getCertificateChain(p0: String?): Array { - return keyManager.getCertificateChain(p0) - } - - override fun getPrivateKey(p0: String?): PrivateKey { - return keyManager.getPrivateKey(p0) - } - - override fun chooseClientAlias(p0: Array?, p1: Array?, p2: Socket?): String? { - return storeIfNotNull { keyManager.chooseClientAlias(p0, p1, p2) } + override fun chooseClientAlias(keyType: Array?, issuers: Array?, socket: Socket?): String? { + return storeIfNotNull { keyManager.chooseClientAlias(keyType, issuers, socket) } } private fun storeIfNotNull(func: () -> String?): String? { @@ -49,39 +31,23 @@ class AliasProvidingKeyMangerWrapperImpl(private val keyManager: X509KeyManager) } } -class AliasProvidingExtendedKeyMangerWrapper(private val keyManager: X509ExtendedKeyManager) : X509ExtendedKeyManager(), AliasProvidingKeyMangerWrapper { +class AliasProvidingExtendedKeyMangerWrapper(private val keyManager: X509ExtendedKeyManager) : X509ExtendedKeyManager(), X509KeyManager by keyManager, AliasProvidingKeyMangerWrapper { override var lastAlias: String? = null - override fun getClientAliases(p0: String?, p1: Array?): Array { - return keyManager.getClientAliases(p0, p1) + override fun chooseServerAlias(keyType: String?, issuers: Array?, socket: Socket?): String? { + return storeIfNotNull { keyManager.chooseServerAlias(keyType, issuers, socket) } } - override fun getServerAliases(p0: String?, p1: Array?): Array { - return keyManager.getServerAliases(p0, p1) + override fun chooseClientAlias(keyType: Array?, issuers: Array?, socket: Socket?): String? { + return storeIfNotNull { keyManager.chooseClientAlias(keyType, issuers, socket) } } - override fun chooseServerAlias(p0: String?, p1: Array?, p2: Socket?): String? { - return storeIfNotNull { keyManager.chooseServerAlias(p0, p1, p2) } + override fun chooseEngineClientAlias(keyType: Array?, issuers: Array?, engine: SSLEngine?): String? { + return storeIfNotNull { keyManager.chooseEngineClientAlias(keyType, issuers, engine) } } - override fun getCertificateChain(p0: String?): Array { - return keyManager.getCertificateChain(p0) - } - - override fun getPrivateKey(p0: String?): PrivateKey { - return keyManager.getPrivateKey(p0) - } - - override fun chooseClientAlias(p0: Array?, p1: Array?, p2: Socket?): String? { - return storeIfNotNull { keyManager.chooseClientAlias(p0, p1, p2) } - } - - override fun chooseEngineClientAlias(p0: Array?, p1: Array?, p2: SSLEngine?): String? { - return storeIfNotNull { keyManager.chooseEngineClientAlias(p0, p1, p2) } - } - - override fun chooseEngineServerAlias(p0: String?, p1: Array?, p2: SSLEngine?): String? { - return storeIfNotNull { keyManager.chooseEngineServerAlias(p0, p1, p2) } + override fun chooseEngineServerAlias(keyType: String?, issuers: Array?, engine: SSLEngine?): String? { + return storeIfNotNull { keyManager.chooseEngineServerAlias(keyType, issuers, engine) } } private fun storeIfNotNull(func: () -> String?): String? { diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/CertHoldingKeyManagerFactoryWrapper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/CertHoldingKeyManagerFactoryWrapper.kt index 102886fcc2..7ce99a79a4 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/CertHoldingKeyManagerFactoryWrapper.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/CertHoldingKeyManagerFactoryWrapper.kt @@ -6,16 +6,16 @@ import javax.net.ssl.* class CertHoldingKeyManagerFactorySpiWrapper(private val factorySpi: KeyManagerFactorySpi) : KeyManagerFactorySpi() { - override fun engineInit(p0: KeyStore?, p1: CharArray?) { + override fun engineInit(keyStore: KeyStore?, password: CharArray?) { val engineInitMethod = KeyManagerFactorySpi::class.java.getDeclaredMethod("engineInit", KeyStore::class.java, CharArray::class.java) engineInitMethod.isAccessible = true - engineInitMethod.invoke(factorySpi, p0, p1) + engineInitMethod.invoke(factorySpi, keyStore, password) } - override fun engineInit(p0: ManagerFactoryParameters?) { + override fun engineInit(spec: ManagerFactoryParameters?) { val engineInitMethod = KeyManagerFactorySpi::class.java.getDeclaredMethod("engineInit", ManagerFactoryParameters::class.java) engineInitMethod.isAccessible = true - engineInitMethod.invoke(factorySpi, p0) + engineInitMethod.invoke(factorySpi, spec) } private fun getKeyManagersImpl(): Array { diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/TrustManagerFactoryWrapper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/TrustManagerFactoryWrapper.kt index dd3a318cae..51486c747a 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/TrustManagerFactoryWrapper.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/TrustManagerFactoryWrapper.kt @@ -12,16 +12,16 @@ class LoggingTrustManagerFactorySpiWrapper(private val factorySpi: TrustManagerF return if (factorySpi is LoggingTrustManagerFactorySpiWrapper) trustManagers else trustManagers.filterIsInstance(X509ExtendedTrustManager::class.java).map { LoggingTrustManagerWrapper(it) }.toTypedArray() } - override fun engineInit(p0: KeyStore?) { + override fun engineInit(ks: KeyStore?) { val engineInitMethod = TrustManagerFactorySpi::class.java.getDeclaredMethod("engineInit", KeyStore::class.java) engineInitMethod.isAccessible = true - engineInitMethod.invoke(factorySpi, p0) + engineInitMethod.invoke(factorySpi, ks) } - override fun engineInit(p0: ManagerFactoryParameters?) { + override fun engineInit(spec: ManagerFactoryParameters?) { val engineInitMethod = TrustManagerFactorySpi::class.java.getDeclaredMethod("engineInit", ManagerFactoryParameters::class.java) engineInitMethod.isAccessible = true - engineInitMethod.invoke(factorySpi, p0) + engineInitMethod.invoke(factorySpi, spec) } }