Merge pull request #7323 from corda/shams-ent-8898-cherrypick

ENT-8898: Revert change made to externalCrlSource checking
2025-05-03 17:23:03 +00:00 · 2023-04-11 09:33:38 +01:00 · 2023-04-11 09:33:38 +01:00 · d140cb5974
commit d140cb5974
parent 1e6ccfdb60 ddb979d693
2 changed files with 6 additions and 26 deletions
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/RevocationConfig.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/RevocationConfig.kt
@ -11,7 +11,6 @@ import java.security.cert.PKIXRevocationChecker
 * Data structure for controlling the way how Certificate Revocation Lists are handled.
 */
@CustomConfigParser(parser = RevocationConfigParser::class)
 // TODO This and RevocationConfigImpl should really be a single sealed data type
 interface RevocationConfig {
    enum class Mode {
@ -47,15 +46,13 @@ interface RevocationConfig {
     */
    val externalCrlSource: CrlSource?
    /**
     * Creates a copy of [RevocationConfig] enriched by a [CrlSource].
     */
    fun enrichExternalCrlSource(sourceFunc: (() -> CrlSource)?): RevocationConfig
    fun createPKIXRevocationChecker(): PKIXRevocationChecker {
        return when (mode) {
            Mode.OFF -> AllowAllRevocationChecker
-            Mode.EXTERNAL_SOURCE -> CordaRevocationChecker(externalCrlSource!!, softFail = true)
+            Mode.EXTERNAL_SOURCE -> {
                val externalCrlSource = requireNotNull(externalCrlSource) { "externalCrlSource must be specfied for EXTERNAL_SOURCE" }
                CordaRevocationChecker(externalCrlSource, softFail = true)
            }
            Mode.SOFT_FAIL -> CordaRevocationChecker(CertDistPointCrlSource(), softFail = true)
            Mode.HARD_FAIL -> CordaRevocationChecker(CertDistPointCrlSource(), softFail = false)
        }
@ -67,24 +64,7 @@ interface RevocationConfig {
 */
 fun Boolean.toRevocationConfig() = if(this) RevocationConfigImpl(RevocationConfig.Mode.SOFT_FAIL) else RevocationConfigImpl(RevocationConfig.Mode.HARD_FAIL)
-data class RevocationConfigImpl(override val mode: RevocationConfig.Mode, override val externalCrlSource: CrlSource? = null) : RevocationConfig {
+data class RevocationConfigImpl(override val mode: RevocationConfig.Mode, override val externalCrlSource: CrlSource? = null) : RevocationConfig
    init {
        if (mode == RevocationConfig.Mode.EXTERNAL_SOURCE) {
            requireNotNull(externalCrlSource) { "externalCrlSource must not be null" }
        }
    }
    // TODO This doesn't really need to be a member method. All it does is change externalCrlSource if applicable, which is the same as
    //  just creating a new RevocationConfigImpl with that CrlSource.
    override fun enrichExternalCrlSource(sourceFunc: (() -> CrlSource)?): RevocationConfig {
        return if (mode != RevocationConfig.Mode.EXTERNAL_SOURCE) {
            this
        } else {
            val func = requireNotNull(sourceFunc) { "There should be a way to obtain CrlSource" }
            copy(externalCrlSource = func())
        }
    }
 }
 class RevocationConfigParser : ConfigParser<RevocationConfig> {
    override fun parse(config: Config): RevocationConfig {
--- a/node/src/integration-test/kotlin/net/corda/node/amqp/CertificateRevocationListNodeTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/amqp/CertificateRevocationListNodeTests.kt
@ -201,7 +201,7 @@ class CertificateRevocationListNodeTests {
        verifyAMQPConnection(
                crlCheckSoftFail = true,
                nodeCrlDistPoint = "http://${newUnreachableIpAddress()}/crl/unreachable.crl",
-                sslHandshakeTimeout = crlConnectTimeout * 2,
+                sslHandshakeTimeout = crlConnectTimeout * 3,
                expectedConnectStatus = true
        )
        val timeoutExceptions = (amqpServer.softFailExceptions + amqpClient.softFailExceptions)