Merge remote-tracking branch 'open/master' into shams-os-merge-191217

# Conflicts: # core/src/main/kotlin/net/corda/core/node/services/NotaryService.kt # node/src/integration-test/kotlin/net/corda/node/services/BFTNotaryServiceTests.kt # node/src/integration-test/kotlin/net/corda/node/services/RaftNotaryServiceTests.kt # node/src/integration-test/kotlin/net/corda/services/messaging/P2PMessagingTest.kt # node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
2025-06-17 06:38:21 +00:00 · 2017-12-19 23:44:07 +00:00
parent 762d7b7275 313d21f068
commit de9565b96a
32 changed files with 261 additions and 252 deletions
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/ServiceIdentityGenerator.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/ServiceIdentityGenerator.kt
@ -13,42 +13,54 @@ import org.slf4j.LoggerFactory
 import java.nio.file.Path
 import java.security.cert.X509Certificate

-object ServiceIdentityGenerator {
+object IdentityGenerator {
    private val log = LoggerFactory.getLogger(javaClass)

+    const val NODE_IDENTITY_ALIAS_PREFIX = "identity"
+    const val DISTRIBUTED_NOTARY_ALIAS_PREFIX = "distributed-notary"
+
+    fun generateNodeIdentity(dir: Path, legalName: CordaX500Name, customRootCert: X509Certificate? = null): Party {
+        return generateToDisk(listOf(dir), legalName, NODE_IDENTITY_ALIAS_PREFIX, threshold = 1, customRootCert = customRootCert)
+    }
+
+    fun generateDistributedNotaryIdentity(dirs: List<Path>, notaryName: CordaX500Name, threshold: Int = 1, customRootCert: X509Certificate? = null): Party {
+        return generateToDisk(dirs, notaryName, DISTRIBUTED_NOTARY_ALIAS_PREFIX, threshold, customRootCert)
+    }
+
    /**
     * Generates signing key pairs and a common distributed service identity for a set of nodes.
     * The key pairs and the group identity get serialized to disk in the corresponding node directories.
     * This method should be called *before* any of the nodes are started.
     *
     * @param dirs List of node directories to place the generated identity and key pairs in.
-     * @param serviceName The legal name of the distributed service.
+     * @param name The name of the identity.
     * @param threshold The threshold for the generated group [CompositeKey].
-     * @param customRootCert the certificate to use a Corda root CA. If not specified the one in
-     *      certificates/cordadevcakeys.jks is used.
+     * @param customRootCert the certificate to use as the Corda root CA. If not specified the one in
+     *      internal/certificates/cordadevcakeys.jks is used.
     */
-    fun generateToDisk(dirs: List<Path>,
-                       serviceName: CordaX500Name,
-                       serviceId: String,
-                       threshold: Int = 1,
-                       customRootCert: X509Certificate? = null): Party {
-        log.trace { "Generating a group identity \"serviceName\" for nodes: ${dirs.joinToString()}" }
+    private fun generateToDisk(dirs: List<Path>,
+                               name: CordaX500Name,
+                               aliasPrefix: String,
+                               threshold: Int,
+                               customRootCert: X509Certificate?): Party {
+        log.trace { "Generating identity \"$name\" for nodes: ${dirs.joinToString()}" }
        val keyPairs = (1..dirs.size).map { generateKeyPair() }
-        val notaryKey = CompositeKey.Builder().addKeys(keyPairs.map { it.public }).build(threshold)
+        val key = CompositeKey.Builder().addKeys(keyPairs.map { it.public }).build(threshold)

        val caKeyStore = loadKeyStore(javaClass.classLoader.getResourceAsStream("certificates/cordadevcakeys.jks"), "cordacadevpass")
        val intermediateCa = caKeyStore.getCertificateAndKeyPair(X509Utilities.CORDA_INTERMEDIATE_CA, "cordacadevkeypass")
        val rootCert = customRootCert ?: caKeyStore.getCertificate(X509Utilities.CORDA_ROOT_CA)

        keyPairs.zip(dirs) { keyPair, dir ->
-            val serviceKeyCert = X509Utilities.createCertificate(CertificateType.SERVICE_IDENTITY, intermediateCa.certificate, intermediateCa.keyPair, serviceName, keyPair.public)
-            val compositeKeyCert = X509Utilities.createCertificate(CertificateType.SERVICE_IDENTITY, intermediateCa.certificate, intermediateCa.keyPair, serviceName, notaryKey)
+            val serviceKeyCert = X509Utilities.createCertificate(CertificateType.SERVICE_IDENTITY, intermediateCa.certificate, intermediateCa.keyPair, name, keyPair.public)
+            val compositeKeyCert = X509Utilities.createCertificate(CertificateType.SERVICE_IDENTITY, intermediateCa.certificate, intermediateCa.keyPair, name, key)
            val certPath = (dir / "certificates").createDirectories() / "distributedService.jks"
            val keystore = loadOrCreateKeyStore(certPath, "cordacadevpass")
-            keystore.setCertificateEntry("$serviceId-composite-key", compositeKeyCert.cert)
-            keystore.setKeyEntry("$serviceId-private-key", keyPair.private, "cordacadevkeypass".toCharArray(), arrayOf(serviceKeyCert.cert, intermediateCa.certificate.cert, rootCert))
+            keystore.setCertificateEntry("$aliasPrefix-composite-key", compositeKeyCert.cert)
+            keystore.setKeyEntry("$aliasPrefix-private-key", keyPair.private, "cordacadevkeypass".toCharArray(), arrayOf(serviceKeyCert.cert, intermediateCa.certificate.cert, rootCert))
            keystore.save(certPath, "cordacadevpass")
        }
-        return Party(serviceName, notaryKey)
+
+        return Party(name, key)
    }
 }
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509Utilities.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509Utilities.kt
@ -7,7 +7,8 @@ import net.corda.core.crypto.random63BitValue
 import net.corda.core.internal.CertRole
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.cert
-import net.corda.core.internal.read
+import net.corda.core.internal.reader
+import net.corda.core.internal.writer
 import net.corda.core.internal.x500Name
 import net.corda.core.utilities.days
 import net.corda.core.utilities.millis
@ -48,8 +49,6 @@ object X509Utilities {
    const val CORDA_CLIENT_TLS = "cordaclienttls"
    const val CORDA_CLIENT_CA = "cordaclientca"

-    const val CORDA_CLIENT_CA_CN = "Corda Client CA Certificate"
-
    private val DEFAULT_VALIDITY_WINDOW = Pair(0.millis, 3650.days)

    /**
@ -162,7 +161,7 @@ object X509Utilities {
     */
    @JvmStatic
    fun saveCertificateAsPEMFile(x509Certificate: X509Certificate, file: Path) {
-        JcaPEMWriter(file.toFile().writer()).use {
+        JcaPEMWriter(file.writer()).use {
            it.writeObject(x509Certificate)
        }
    }
@ -174,9 +173,8 @@ object X509Utilities {
     */
    @JvmStatic
    fun loadCertificateFromPEMFile(file: Path): X509Certificate {
-        return file.read {
-            val reader = PemReader(it.reader())
-            val pemObject = reader.readPemObject()
+        return file.reader().use {
+            val pemObject = PemReader(it).readPemObject()
            val certHolder = X509CertificateHolder(pemObject.content)
            certHolder.isValidOn(Date())
            certHolder.cert