ENT-1592 Add private network id to CSR (#533)

* * add private network id to CSR * TODO : Doc * TODO : Signing server and network map end points * Remove private network attribute from CSR * revert unnecessary changes * remove private network identifier from node as we are not shipping this to the node in DP3 * revert unnecessary changes * address PR issues
2024-12-28 16:58:55 +00:00 · 2018-03-15 15:20:07 +00:00 · 2018-03-15 15:20:07 +00:00 · d2b29b42fe
commit d2b29b42fe
parent f67c6874f4
8 changed files with 87 additions and 54 deletions
--- a/network-management/README.md
+++ b/network-management/README.md
@ -230,3 +230,49 @@ Run the following SQL script to archive the node info table (change the timestam
    delect from node_info where is_current = false and published_at < '2018-03-12'
 ```

+## Private Network Map
+The private network is a tactical solution to provide temporary privacy to the initial network map.
+
+### Creating a private network
+To create a new private network, a entry has to be create in the ``private_network`` table manually.
+
+Run the following SQL script to create a new private network:
+
+```
+insert into private_network (id, name)
+values (NEWID(), 'Private Network Name')
+```  
+
+Then use the following SQL to retrieve the private network ID for the private network owner:
+```
+select id from private_network where name = 'Private Network Name'
+```
+
+### Modify existing private network registration
+Since this is a tactical solution, any modification will require manual database changes.
+
+**We should try to keep these changes to the minimal**
+
+#### Add nodes to a private network
+
+```
+update certificate_signing_request 
+set private_network = '<<private_network_id>>' 
+where request_id in ('<<certificate_request_id>>', ...)
+```
+
+or this SQL script to add all approved nodes to the private network map.
+
+```
+update certificate_signing_request 
+set private_network = '<<private_network_id>>' 
+where status = 'APPROVED'
+```
+
+#### Move a node from its private network and into the global network map**
+
+```
+update certificate_signing_request 
+set private_network = null 
+where request_id = '<<certificate_request_id>>'
+```
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/persistence/PersistenceUtils.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/persistence/PersistenceUtils.kt
@ -63,6 +63,7 @@ sealed class NetworkManagementSchemaServices {
                    CertificateSigningRequestEntity::class.java,
                    CertificateDataEntity::class.java,
                    CertificateRevocationRequestEntity::class.java,
+                    PrivateNetworkEntity::class.java,
                    CertificateRevocationListEntity::class.java,
                    NodeInfoEntity::class.java,
                    NetworkParametersEntity::class.java,
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/persistence/PersistentNodeInfoStorage.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/persistence/PersistentNodeInfoStorage.kt
@ -63,7 +63,7 @@ class PersistentNodeInfoStorage(private val database: CordaPersistence) : NodeIn

    override fun getNodeInfo(nodeInfoHash: SecureHash): SignedNodeInfo? {
        return database.transaction {
-            session.find(NodeInfoEntity::class.java, nodeInfoHash.toString())?.signedNodeInfo()
+            session.find(NodeInfoEntity::class.java, nodeInfoHash.toString())?.toSignedNodeInfo()
        }
    }

--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/persistence/entity/CertificateSigningRequestEntity.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/persistence/entity/CertificateSigningRequestEntity.kt
@ -26,7 +26,7 @@ import javax.persistence.*

@Entity
@Table(name = "certificate_signing_request", indexes = arrayOf(Index(name = "IDX_PUB_KEY_HASH", columnList = "public_key_hash")))
-class CertificateSigningRequestEntity(
+data class CertificateSigningRequestEntity(
        @Id
        @Column(name = "request_id", length = 64)
        val requestId: String,
@ -60,7 +60,11 @@ class CertificateSigningRequestEntity(

        @Lob
        @Column(name = "request_bytes", nullable = false)
-        val requestBytes: ByteArray
+        val requestBytes: ByteArray,
+
+        @ManyToOne
+        @JoinColumn(name = "private_network", foreignKey = ForeignKey(name = "FK_CSR_PN"))
+        val privateNetwork: PrivateNetworkEntity? = null
 ) {
    fun toCertificateSigningRequest() = CertificateSigningRequest(
            requestId = requestId,
@ -73,36 +77,12 @@ class CertificateSigningRequestEntity(
            certData = certificateData?.toCertificateData()
    )

-    fun copy(requestId: String = this.requestId,
-             legalName: String = this.legalName,
-             publicKeyHash: String = this.publicKeyHash,
-             status: RequestStatus = this.status,
-             modifiedBy: String = this.modifiedBy,
-             modifiedAt: Instant = this.modifiedAt,
-             remark: String? = this.remark,
-             certificateData: CertificateDataEntity? = this.certificateData,
-             requestBytes: ByteArray = this.requestBytes
-    ): CertificateSigningRequestEntity {
-        return CertificateSigningRequestEntity(
-                requestId = requestId,
-                legalName = legalName,
-                publicKeyHash = publicKeyHash,
-                status = status,
-                modifiedAt = modifiedAt,
-                modifiedBy = modifiedBy,
-                remark = remark,
-                certificateData = certificateData,
-                requestBytes = requestBytes
-        )
-    }
-
    private fun request() = PKCS10CertificationRequest(requestBytes)
 }

@Entity
@Table(name = "certificate_data")
-class CertificateDataEntity(
-
+data class CertificateDataEntity(
        @Id
        @GeneratedValue(strategy = GenerationType.SEQUENCE)
        val id: Long? = null,
@ -146,3 +126,14 @@ class CertificateDataEntity(

    private fun toCertificatePath(): CertPath = buildCertPath(certificatePathBytes)
 }
+
+@Entity
+@Table(name = "private_network")
+data class PrivateNetworkEntity(
+        @Id
+        @Column(name = "id")
+        val networkId: String,
+
+        @Column(name = "name")
+        val networkName: String
+)
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/persistence/entity/NodeInfoEntity.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/persistence/entity/NodeInfoEntity.kt
@ -12,13 +12,12 @@ package com.r3.corda.networkmanage.common.persistence.entity

 import net.corda.core.serialization.deserialize
 import net.corda.nodeapi.internal.SignedNodeInfo
-import org.hibernate.annotations.CreationTimestamp
 import java.time.Instant
 import javax.persistence.*

@Entity
@Table(name = "node_info")
-class NodeInfoEntity(
+data class NodeInfoEntity(
        // Hash of serialized [NodeInfo] without signatures.
        @Id
        @Column(name = "node_info_hash", length = 64)
@ -39,22 +38,7 @@ class NodeInfoEntity(
        val publishedAt: Instant = Instant.now()
 ) {
    /**
-     * Deserializes NodeInfoEntity.soignedNodeInfoBytes into the [SignedNodeInfo] instance
+     * Deserialize NodeInfoEntity.signedNodeInfoBytes into the [SignedNodeInfo] instance
     */
-    fun signedNodeInfo() = signedNodeInfoBytes.deserialize<SignedNodeInfo>()
-
-    fun copy(nodeInfoHash: String = this.nodeInfoHash,
-             certificateSigningRequest: CertificateSigningRequestEntity = this.certificateSigningRequest,
-             signedNodeInfoBytes: ByteArray = this.signedNodeInfoBytes,
-             isCurrent: Boolean = this.isCurrent,
-             publishedAt: Instant = this.publishedAt
-    ): NodeInfoEntity {
-        return NodeInfoEntity(
-                nodeInfoHash = nodeInfoHash,
-                certificateSigningRequest = certificateSigningRequest,
-                signedNodeInfoBytes = signedNodeInfoBytes,
-                isCurrent = isCurrent,
-                publishedAt = publishedAt
-        )
-    }
+    fun toSignedNodeInfo() = signedNodeInfoBytes.deserialize<SignedNodeInfo>()
 }
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/utils/Utils.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/common/utils/Utils.kt
@ -98,7 +98,4 @@ fun PKCS10CertificationRequest.getCertRole(): CertRole {
 /**
 * Helper method to extract email from certificate signing request.
 */
-fun PKCS10CertificationRequest.getEmail(): String {
-    // TODO: Add basic email check?
-    return firstAttributeValue(BCStyle.E).toString()
-}
+fun PKCS10CertificationRequest.getEmail(): String = firstAttributeValue(BCStyle.E).toString()
--- a/network-management/src/main/resources/migration/network-manager.changelog-init.xml
+++ b/network-management/src/main/resources/migration/network-manager.changelog-init.xml
@ -57,6 +57,7 @@
            </column>
            <column name="public_key_hash" type="NVARCHAR(64)"/>
            <column name="modified_by" type="NVARCHAR(512)"/>
+            <column name="private_network" type="NVARCHAR(255)"/>
        </createTable>
    </changeSet>
    <changeSet author="R3.Corda" id="1520338500424-4">
@ -285,4 +286,17 @@
            <column name="rev"/>
        </createIndex>
    </changeSet>
+    <changeSet author="R3.Corda" id="1520338500424-36">
+        <createTable tableName="private_network">
+            <column name="id" type="NVARCHAR(255)">
+                <constraints primaryKey="true" primaryKeyName="PK_PRIV_NETWORK_ID"/>
+            </column>
+            <column name="name" type="NVARCHAR(255)"/>
+        </createTable>
+    </changeSet>
+    <changeSet author="R3.Corda" id="1520338500424-37">
+        <addForeignKeyConstraint baseColumnNames="private_network" baseTableName="certificate_signing_request"
+                                 constraintName="FK_CSR_PN"
+                                 referencedColumnNames="id" referencedTableName="private_network"/>
+    </changeSet>
 </databaseChangeLog>