diff --git a/node-api/src/main/resources/certificates/cordadevcakeys.jks b/node-api/src/main/resources/certificates/cordadevcakeys.jks index af5ff8fce8..83ab6bb01f 100644 Binary files a/node-api/src/main/resources/certificates/cordadevcakeys.jks and b/node-api/src/main/resources/certificates/cordadevcakeys.jks differ diff --git a/node-api/src/main/resources/certificates/cordatruststore.jks b/node-api/src/main/resources/certificates/cordatruststore.jks index dd2c81122c..47528654e0 100644 Binary files a/node-api/src/main/resources/certificates/cordatruststore.jks and b/node-api/src/main/resources/certificates/cordatruststore.jks differ diff --git a/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/DevCertificatesTest.kt b/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/DevCertificatesTest.kt new file mode 100644 index 0000000000..ad0295699c --- /dev/null +++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/DevCertificatesTest.kt @@ -0,0 +1,48 @@ +package net.corda.nodeapi.internal.crypto + +import org.junit.Rule +import org.junit.Test +import org.junit.rules.TemporaryFolder +import java.security.cert.* + +class DevCertificatesTest { + private companion object { + const val OLD_DEV_KEYSTORE_PASS = "password" + const val OLD_NODE_DEV_KEYSTORE_FILE_NAME = "nodekeystore.jks" + const val DEV_CA_TRUST_STORE_FILE = "cordatruststore.jks" + const val DEV_CA_TRUST_STORE_PASS = "trustpass" + } + + @Rule + @JvmField + val tempFolder = TemporaryFolder() + + @Test + fun `create server certificate in keystore for SSL`() { + // given + val newTrustStore = loadKeyStore(javaClass.classLoader.getResourceAsStream("certificates/$DEV_CA_TRUST_STORE_FILE"), DEV_CA_TRUST_STORE_PASS) + val newTrustRoot = newTrustStore.getX509Certificate(X509Utilities.CORDA_ROOT_CA) + val newTrustAnchor = TrustAnchor(newTrustRoot, null) + + val oldNodeCaKeyStore = loadKeyStore(javaClass.classLoader.getResourceAsStream("regression-test/$OLD_NODE_DEV_KEYSTORE_FILE_NAME"), OLD_DEV_KEYSTORE_PASS) + val oldX509Certificates = oldNodeCaKeyStore.getCertificateChain(X509Utilities.CORDA_CLIENT_CA).map { + it as X509Certificate + }.toTypedArray() + + val certPath = X509Utilities.buildCertPath(*oldX509Certificates) + + // when + certPath.validate(newTrustAnchor) + + // then no exception is thrown + } + + private fun CertPath.validate(trustAnchor: TrustAnchor): PKIXCertPathValidatorResult { + val parameters = PKIXParameters(setOf(trustAnchor)).apply { isRevocationEnabled = false } + try { + return CertPathValidator.getInstance("PKIX").validate(this, parameters) as PKIXCertPathValidatorResult + } catch (e: CertPathValidatorException) { + throw CertPathValidatorException("CertPath validation failure.") + } + } +} \ No newline at end of file diff --git a/node-api/src/test/resources/regression-test/nodekeystore.jks b/node-api/src/test/resources/regression-test/nodekeystore.jks new file mode 100644 index 0000000000..948cac3577 Binary files /dev/null and b/node-api/src/test/resources/regression-test/nodekeystore.jks differ diff --git a/node-api/src/test/resources/regression-test/sslkeystore.jks b/node-api/src/test/resources/regression-test/sslkeystore.jks new file mode 100644 index 0000000000..60288cb5f7 Binary files /dev/null and b/node-api/src/test/resources/regression-test/sslkeystore.jks differ