ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-01-28 15:14:48 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CORDA-1661 - Reverting DEV certificates keys (#3466)

Browse Source
This commit is contained in:
Michal Kit 2018-06-29 13:41:03 +01:00 committed by Katelyn Baker
parent 5be8c9a102
commit d1409656bc
5 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
node-api/src/main/resources/certificates/cordadevcakeys.jks
View File

Binary file not shown.

BIN
node-api/src/main/resources/certificates/cordatruststore.jks
View File

Binary file not shown.

48
node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/DevCertificatesTest.kt Normal file
View File

@ -0,0 +1,48 @@
package net.corda.nodeapi.internal.crypto
import org.junit.Rule
import org.junit.Test
import org.junit.rules.TemporaryFolder
import java.security.cert.*
class DevCertificatesTest {
private companion object {
const val OLD_DEV_KEYSTORE_PASS = "password"
const val OLD_NODE_DEV_KEYSTORE_FILE_NAME = "nodekeystore.jks"
const val DEV_CA_TRUST_STORE_FILE = "cordatruststore.jks"
const val DEV_CA_TRUST_STORE_PASS = "trustpass"
}
@Rule
@JvmField
val tempFolder = TemporaryFolder()
@Test
fun `create server certificate in keystore for SSL`() {
// given
val newTrustStore = loadKeyStore(javaClass.classLoader.getResourceAsStream("certificates/$DEV_CA_TRUST_STORE_FILE"), DEV_CA_TRUST_STORE_PASS)
val newTrustRoot = newTrustStore.getX509Certificate(X509Utilities.CORDA_ROOT_CA)
val newTrustAnchor = TrustAnchor(newTrustRoot, null)
val oldNodeCaKeyStore = loadKeyStore(javaClass.classLoader.getResourceAsStream("regression-test/$OLD_NODE_DEV_KEYSTORE_FILE_NAME"), OLD_DEV_KEYSTORE_PASS)
val oldX509Certificates = oldNodeCaKeyStore.getCertificateChain(X509Utilities.CORDA_CLIENT_CA).map {
it as X509Certificate
}.toTypedArray()
val certPath = X509Utilities.buildCertPath(*oldX509Certificates)
// when
certPath.validate(newTrustAnchor)
// then no exception is thrown
}
private fun CertPath.validate(trustAnchor: TrustAnchor): PKIXCertPathValidatorResult {
val parameters = PKIXParameters(setOf(trustAnchor)).apply { isRevocationEnabled = false }
try {
return CertPathValidator.getInstance("PKIX").validate(this, parameters) as PKIXCertPathValidatorResult
} catch (e: CertPathValidatorException) {
throw CertPathValidatorException("CertPath validation failure.")
}
}
}

BIN
node-api/src/test/resources/regression-test/nodekeystore.jks Normal file
View File

Binary file not shown.

BIN
node-api/src/test/resources/regression-test/sslkeystore.jks Normal file
View File

Binary file not shown.