ENT-8898: Revert change made to externalCrlSource checking

It's now moved back to createPKIXRevocationChecker(). RevocationConfig.enrichExternalCrlSource has also been removed, and moved to where it's called.
2025-02-21 01:42:24 +00:00 · 2023-04-04 10:54:44 +01:00 · 2023-04-04 10:54:44 +01:00 · ddb979d693
commit ddb979d693
parent 1e6ccfdb60
2 changed files with 6 additions and 26 deletions
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/RevocationConfig.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/RevocationConfig.kt
@ -11,7 +11,6 @@ import java.security.cert.PKIXRevocationChecker
 * Data structure for controlling the way how Certificate Revocation Lists are handled.
 */
@CustomConfigParser(parser = RevocationConfigParser::class)
-// TODO This and RevocationConfigImpl should really be a single sealed data type
 interface RevocationConfig {

    enum class Mode {
@ -47,15 +46,13 @@ interface RevocationConfig {
     */
    val externalCrlSource: CrlSource?

-    /**
-     * Creates a copy of [RevocationConfig] enriched by a [CrlSource].
-     */
-    fun enrichExternalCrlSource(sourceFunc: (() -> CrlSource)?): RevocationConfig
-
    fun createPKIXRevocationChecker(): PKIXRevocationChecker {
        return when (mode) {
            Mode.OFF -> AllowAllRevocationChecker
-            Mode.EXTERNAL_SOURCE -> CordaRevocationChecker(externalCrlSource!!, softFail = true)
+            Mode.EXTERNAL_SOURCE -> {
+                val externalCrlSource = requireNotNull(externalCrlSource) { "externalCrlSource must be specfied for EXTERNAL_SOURCE" }
+                CordaRevocationChecker(externalCrlSource, softFail = true)
+            }
            Mode.SOFT_FAIL -> CordaRevocationChecker(CertDistPointCrlSource(), softFail = true)
            Mode.HARD_FAIL -> CordaRevocationChecker(CertDistPointCrlSource(), softFail = false)
        }
@ -67,24 +64,7 @@ interface RevocationConfig {
 */
 fun Boolean.toRevocationConfig() = if(this) RevocationConfigImpl(RevocationConfig.Mode.SOFT_FAIL) else RevocationConfigImpl(RevocationConfig.Mode.HARD_FAIL)

-data class RevocationConfigImpl(override val mode: RevocationConfig.Mode, override val externalCrlSource: CrlSource? = null) : RevocationConfig {
-    init {
-        if (mode == RevocationConfig.Mode.EXTERNAL_SOURCE) {
-            requireNotNull(externalCrlSource) { "externalCrlSource must not be null" }
-        }
-    }
-
-    // TODO This doesn't really need to be a member method. All it does is change externalCrlSource if applicable, which is the same as
-    //  just creating a new RevocationConfigImpl with that CrlSource.
-    override fun enrichExternalCrlSource(sourceFunc: (() -> CrlSource)?): RevocationConfig {
-        return if (mode != RevocationConfig.Mode.EXTERNAL_SOURCE) {
-            this
-        } else {
-            val func = requireNotNull(sourceFunc) { "There should be a way to obtain CrlSource" }
-            copy(externalCrlSource = func())
-        }
-    }
-}
+data class RevocationConfigImpl(override val mode: RevocationConfig.Mode, override val externalCrlSource: CrlSource? = null) : RevocationConfig

 class RevocationConfigParser : ConfigParser<RevocationConfig> {
    override fun parse(config: Config): RevocationConfig {
--- a/node/src/integration-test/kotlin/net/corda/node/amqp/CertificateRevocationListNodeTests.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/amqp/CertificateRevocationListNodeTests.kt
@ -201,7 +201,7 @@ class CertificateRevocationListNodeTests {
        verifyAMQPConnection(
                crlCheckSoftFail = true,
                nodeCrlDistPoint = "http://${newUnreachableIpAddress()}/crl/unreachable.crl",
-                sslHandshakeTimeout = crlConnectTimeout * 2,
+                sslHandshakeTimeout = crlConnectTimeout * 3,
                expectedConnectStatus = true
        )
        val timeoutExceptions = (amqpServer.softFailExceptions + amqpClient.softFailExceptions)