mirror of
https://github.com/corda/corda.git
synced 2024-12-27 08:22:35 +00:00
Fixup support for customized certificate configuration
Fix typo
This commit is contained in:
parent
625d0447aa
commit
e79989cc8f
@ -38,6 +38,14 @@ enum class BridgeMode {
|
||||
FloatOuter
|
||||
}
|
||||
|
||||
interface BridgeSSLConfiguration : SSLConfiguration {
|
||||
override val keyStorePassword: String
|
||||
override val trustStorePassword: String
|
||||
override val sslKeystore: Path
|
||||
override val trustStoreFile: Path
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Details of the local Artemis broker.
|
||||
* Required in SenderReceiver and FloatInner modes.
|
||||
@ -45,7 +53,7 @@ enum class BridgeMode {
|
||||
interface BridgeOutboundConfiguration {
|
||||
val artemisBrokerAddress: NetworkHostAndPort
|
||||
// Allows override of [KeyStore] details for the artemis connection, otherwise the general top level details are used.
|
||||
val customSSLConfiguration: SSLConfiguration?
|
||||
val customSSLConfiguration: BridgeSSLConfiguration?
|
||||
// Allows use of a SOCKS 4/5 proxy
|
||||
val socksProxyConfig: SocksProxyConfig?
|
||||
}
|
||||
@ -58,7 +66,7 @@ interface BridgeOutboundConfiguration {
|
||||
interface BridgeInboundConfiguration {
|
||||
val listeningAddress: NetworkHostAndPort
|
||||
// Allows override of [KeyStore] details for the AMQP listener port, otherwise the general top level details are used.
|
||||
val customSSLConfiguration: SSLConfiguration?
|
||||
val customSSLConfiguration: BridgeSSLConfiguration?
|
||||
}
|
||||
|
||||
/**
|
||||
@ -70,9 +78,9 @@ interface FloatInnerConfiguration {
|
||||
val expectedCertificateSubject: CordaX500Name
|
||||
// Allows override of [KeyStore] details for the control port, otherwise the general top level details are used.
|
||||
// Used for connection to Float in DMZ
|
||||
val customSSLConfiguration: SSLConfiguration?
|
||||
val customSSLConfiguration: BridgeSSLConfiguration?
|
||||
// The SSL keystores to provision into the Float in DMZ
|
||||
val customFloatOuterSSLConfiguration: SSLConfiguration?
|
||||
val customFloatOuterSSLConfiguration: BridgeSSLConfiguration?
|
||||
}
|
||||
|
||||
/**
|
||||
@ -83,7 +91,7 @@ interface FloatOuterConfiguration {
|
||||
val floatAddress: NetworkHostAndPort
|
||||
val expectedCertificateSubject: CordaX500Name
|
||||
// Allows override of [KeyStore] details for the control port, otherwise the general top level details are used.
|
||||
val customSSLConfiguration: SSLConfiguration?
|
||||
val customSSLConfiguration: BridgeSSLConfiguration?
|
||||
}
|
||||
|
||||
interface BridgeConfiguration : NodeSSLConfiguration {
|
||||
|
@ -10,10 +10,8 @@
|
||||
|
||||
package net.corda.bridge.services.artemis
|
||||
|
||||
import net.corda.bridge.services.api.BridgeArtemisConnectionService
|
||||
import net.corda.bridge.services.api.BridgeAuditService
|
||||
import net.corda.bridge.services.api.BridgeConfiguration
|
||||
import net.corda.bridge.services.api.ServiceStateSupport
|
||||
import net.corda.bridge.services.api.*
|
||||
import net.corda.bridge.services.config.BridgeSSLConfigurationImpl
|
||||
import net.corda.bridge.services.util.ServiceStateCombiner
|
||||
import net.corda.bridge.services.util.ServiceStateHelper
|
||||
import net.corda.core.internal.ThreadBox
|
||||
@ -23,7 +21,6 @@ import net.corda.nodeapi.ArtemisTcpTransport
|
||||
import net.corda.nodeapi.ConnectionDirection
|
||||
import net.corda.nodeapi.internal.ArtemisMessagingClient
|
||||
import net.corda.nodeapi.internal.ArtemisMessagingComponent
|
||||
import net.corda.nodeapi.internal.config.SSLConfiguration
|
||||
import org.apache.activemq.artemis.api.core.client.ActiveMQClient
|
||||
import org.apache.activemq.artemis.api.core.client.FailoverEventType
|
||||
import org.apache.activemq.artemis.api.core.client.ServerLocator
|
||||
@ -46,13 +43,13 @@ class BridgeArtemisConnectionServiceImpl(val conf: BridgeConfiguration,
|
||||
}
|
||||
|
||||
private val state = ThreadBox(InnerState())
|
||||
private val sslConfiguration: SSLConfiguration
|
||||
private val sslConfiguration: BridgeSSLConfiguration
|
||||
private val statusFollower: ServiceStateCombiner
|
||||
private var statusSubscriber: Subscription? = null
|
||||
|
||||
init {
|
||||
statusFollower = ServiceStateCombiner(listOf(auditService))
|
||||
sslConfiguration = conf.outboundConfig?.customSSLConfiguration ?: conf
|
||||
sslConfiguration = conf.outboundConfig?.customSSLConfiguration ?: BridgeSSLConfigurationImpl(conf)
|
||||
}
|
||||
|
||||
override fun start() {
|
||||
|
@ -13,38 +13,47 @@ package net.corda.bridge.services.config
|
||||
import com.typesafe.config.Config
|
||||
import net.corda.bridge.services.api.*
|
||||
import net.corda.core.identity.CordaX500Name
|
||||
import net.corda.core.internal.div
|
||||
import net.corda.core.utilities.NetworkHostAndPort
|
||||
import net.corda.nodeapi.internal.ArtemisMessagingComponent
|
||||
import net.corda.nodeapi.internal.config.SSLConfiguration
|
||||
import net.corda.nodeapi.internal.config.NodeSSLConfiguration
|
||||
import net.corda.nodeapi.internal.config.parseAs
|
||||
import net.corda.nodeapi.internal.protonwrapper.netty.SocksProxyConfig
|
||||
import java.nio.file.Path
|
||||
import java.nio.file.Paths
|
||||
|
||||
|
||||
fun Config.parseAsBridgeConfiguration(): BridgeConfiguration = parseAs<BridgeConfigurationImpl>()
|
||||
|
||||
data class CustomSSLConfiguration(override val keyStorePassword: String,
|
||||
data class BridgeSSLConfigurationImpl(override val keyStorePassword: String,
|
||||
override val trustStorePassword: String,
|
||||
override val certificatesDirectory: Path) : SSLConfiguration
|
||||
override val certificatesDirectory: Path = Paths.get("certificates"),
|
||||
override val sslKeystore: Path = certificatesDirectory / "sslkeystore.jks",
|
||||
override val trustStoreFile: Path = certificatesDirectory / "truststore.jks") : BridgeSSLConfiguration {
|
||||
constructor(config: NodeSSLConfiguration) : this(config.keyStorePassword, config.trustStorePassword, config.certificatesDirectory, config.sslKeystore, config.trustStoreFile)
|
||||
}
|
||||
|
||||
data class BridgeOutboundConfigurationImpl(override val artemisBrokerAddress: NetworkHostAndPort,
|
||||
override val customSSLConfiguration: CustomSSLConfiguration?,
|
||||
override val customSSLConfiguration: BridgeSSLConfigurationImpl?,
|
||||
override val socksProxyConfig: SocksProxyConfig? = null) : BridgeOutboundConfiguration
|
||||
|
||||
data class BridgeInboundConfigurationImpl(override val listeningAddress: NetworkHostAndPort,
|
||||
override val customSSLConfiguration: CustomSSLConfiguration?) : BridgeInboundConfiguration
|
||||
override val customSSLConfiguration: BridgeSSLConfigurationImpl?) : BridgeInboundConfiguration
|
||||
|
||||
data class FloatInnerConfigurationImpl(override val floatAddresses: List<NetworkHostAndPort>,
|
||||
override val expectedCertificateSubject: CordaX500Name,
|
||||
override val customSSLConfiguration: CustomSSLConfiguration?,
|
||||
override val customFloatOuterSSLConfiguration: CustomSSLConfiguration?) : FloatInnerConfiguration
|
||||
override val customSSLConfiguration: BridgeSSLConfigurationImpl?,
|
||||
override val customFloatOuterSSLConfiguration: BridgeSSLConfigurationImpl?) : FloatInnerConfiguration
|
||||
|
||||
data class FloatOuterConfigurationImpl(override val floatAddress: NetworkHostAndPort,
|
||||
override val expectedCertificateSubject: CordaX500Name,
|
||||
override val customSSLConfiguration: CustomSSLConfiguration?) : FloatOuterConfiguration
|
||||
override val customSSLConfiguration: BridgeSSLConfigurationImpl?) : FloatOuterConfiguration
|
||||
|
||||
data class BridgeConfigurationImpl(
|
||||
override val baseDirectory: Path,
|
||||
override val certificatesDirectory: Path = baseDirectory / "certificates",
|
||||
override val sslKeystore: Path = certificatesDirectory / "sslkeystore.jks",
|
||||
override val trustStoreFile: Path = certificatesDirectory / "truststore.jks",
|
||||
override val keyStorePassword: String,
|
||||
override val trustStorePassword: String,
|
||||
override val bridgeMode: BridgeMode,
|
||||
|
@ -11,6 +11,7 @@
|
||||
package net.corda.bridge.services.receiver
|
||||
|
||||
import net.corda.bridge.services.api.*
|
||||
import net.corda.bridge.services.config.BridgeSSLConfigurationImpl
|
||||
import net.corda.bridge.services.receiver.FloatControlTopics.FLOAT_DATA_TOPIC
|
||||
import net.corda.bridge.services.util.ServiceStateCombiner
|
||||
import net.corda.bridge.services.util.ServiceStateHelper
|
||||
@ -21,7 +22,6 @@ import net.corda.core.serialization.serialize
|
||||
import net.corda.core.utilities.NetworkHostAndPort
|
||||
import net.corda.core.utilities.contextLogger
|
||||
import net.corda.nodeapi.internal.ArtemisMessagingComponent.Companion.P2P_PREFIX
|
||||
import net.corda.nodeapi.internal.config.SSLConfiguration
|
||||
import net.corda.nodeapi.internal.protonwrapper.messages.MessageStatus
|
||||
import net.corda.nodeapi.internal.protonwrapper.messages.ReceivedMessage
|
||||
import net.corda.nodeapi.internal.protonwrapper.netty.AMQPServer
|
||||
@ -47,7 +47,7 @@ class FloatControlListenerService(val conf: BridgeConfiguration,
|
||||
private var connectSubscriber: Subscription? = null
|
||||
private var receiveSubscriber: Subscription? = null
|
||||
private var amqpControlServer: AMQPServer? = null
|
||||
private val sslConfiguration: SSLConfiguration
|
||||
private val sslConfiguration: BridgeSSLConfiguration
|
||||
private val keyStore: KeyStore
|
||||
private val keyStorePrivateKeyPassword: String
|
||||
private val trustStore: KeyStore
|
||||
@ -59,7 +59,7 @@ class FloatControlListenerService(val conf: BridgeConfiguration,
|
||||
|
||||
init {
|
||||
statusFollower = ServiceStateCombiner(listOf(auditService, amqpListener))
|
||||
sslConfiguration = conf.floatOuterConfig?.customSSLConfiguration ?: conf
|
||||
sslConfiguration = conf.floatOuterConfig?.customSSLConfiguration ?: BridgeSSLConfigurationImpl(conf)
|
||||
keyStore = sslConfiguration.loadSslKeyStore().internal
|
||||
keyStorePrivateKeyPassword = sslConfiguration.keyStorePassword
|
||||
trustStore = sslConfiguration.loadTrustStore().internal
|
||||
|
@ -19,6 +19,7 @@ import org.junit.Assert.assertNull
|
||||
import org.junit.Rule
|
||||
import org.junit.Test
|
||||
import org.junit.rules.TemporaryFolder
|
||||
import java.nio.file.Paths
|
||||
|
||||
class ConfigTest {
|
||||
@Rule
|
||||
@ -63,4 +64,44 @@ class ConfigTest {
|
||||
assertEquals(NetworkHostAndPort("localhost", 12005), config.floatOuterConfig!!.floatAddress)
|
||||
assertEquals(CordaX500Name.parse("O=Bank A, L=London, C=GB"), config.floatOuterConfig!!.expectedCertificateSubject)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `Load overridden cert config`() {
|
||||
val configResource = "/net/corda/bridge/custombasecerts/bridge.conf"
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(Paths.get("customcerts/mysslkeystore.jks"), config.sslKeystore)
|
||||
assertEquals(Paths.get("customcerts/mytruststore.jks"), config.trustStoreFile)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `Load custom inner certificate config`() {
|
||||
val configResource = "/net/corda/bridge/separatedwithcustomcerts/bridge/bridge.conf"
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(Paths.get("outboundcerts/outboundkeys.jks"), config.outboundConfig!!.customSSLConfiguration!!.sslKeystore)
|
||||
assertEquals(Paths.get("outboundcerts/outboundtrust.jks"), config.outboundConfig!!.customSSLConfiguration!!.trustStoreFile)
|
||||
assertEquals("outboundkeypassword", config.outboundConfig!!.customSSLConfiguration!!.keyStorePassword)
|
||||
assertEquals("outboundtrustpassword", config.outboundConfig!!.customSSLConfiguration!!.trustStorePassword)
|
||||
assertNull(config.inboundConfig)
|
||||
assertEquals(Paths.get("tunnelcerts/tunnelkeys.jks"), config.floatInnerConfig!!.customSSLConfiguration!!.sslKeystore)
|
||||
assertEquals(Paths.get("tunnelcerts/tunneltrust.jks"), config.floatInnerConfig!!.customSSLConfiguration!!.trustStoreFile)
|
||||
assertEquals("tunnelkeypassword", config.floatInnerConfig!!.customSSLConfiguration!!.keyStorePassword)
|
||||
assertEquals("tunneltrustpassword", config.floatInnerConfig!!.customSSLConfiguration!!.trustStorePassword)
|
||||
assertNull(config.floatOuterConfig)
|
||||
}
|
||||
|
||||
@Test
|
||||
fun `Load custom outer certificate config`() {
|
||||
val configResource = "/net/corda/bridge/separatedwithcustomcerts/float/bridge.conf"
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(Paths.get("inboundcerts/inboundkeys.jks"), config.inboundConfig!!.customSSLConfiguration!!.sslKeystore)
|
||||
assertEquals(Paths.get("inboundcerts/inboundtrust.jks"), config.inboundConfig!!.customSSLConfiguration!!.trustStoreFile)
|
||||
assertEquals("inboundkeypassword", config.inboundConfig!!.customSSLConfiguration!!.keyStorePassword)
|
||||
assertEquals("inboundtrustpassword", config.inboundConfig!!.customSSLConfiguration!!.trustStorePassword)
|
||||
assertNull(config.outboundConfig)
|
||||
assertEquals(Paths.get("tunnelcerts/tunnelkeys.jks"), config.floatOuterConfig!!.customSSLConfiguration!!.sslKeystore)
|
||||
assertEquals(Paths.get("tunnelcerts/tunneltrust.jks"), config.floatOuterConfig!!.customSSLConfiguration!!.trustStoreFile)
|
||||
assertEquals("tunnelkeypassword", config.floatOuterConfig!!.customSSLConfiguration!!.keyStorePassword)
|
||||
assertEquals("tunneltrustpassword", config.floatOuterConfig!!.customSSLConfiguration!!.trustStorePassword)
|
||||
assertNull(config.floatInnerConfig)
|
||||
}
|
||||
}
|
@ -0,0 +1,19 @@
|
||||
//
|
||||
// R3 Proprietary and Confidential
|
||||
//
|
||||
// Copyright (c) 2018 R3 Limited. All rights reserved.
|
||||
//
|
||||
// The intellectual and technical concepts contained herein are proprietary to R3 and its suppliers and are protected by trade secret law.
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = SenderReceiver
|
||||
sslKeystore = "customcerts/mysslkeystore.jks"
|
||||
trustStoreFile = "customcerts/mytruststore.jks"
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
}
|
||||
inboundConfig : {
|
||||
listeningAddress = "0.0.0.0:10005"
|
||||
}
|
||||
networkParametersPath = network-parameters
|
@ -0,0 +1,30 @@
|
||||
//
|
||||
// R3 Proprietary and Confidential
|
||||
//
|
||||
// Copyright (c) 2018 R3 Limited. All rights reserved.
|
||||
//
|
||||
// The intellectual and technical concepts contained herein are proprietary to R3 and its suppliers and are protected by trade secret law.
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = FloatInner
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
customSSLConfiguration : {
|
||||
keyStorePassword = "outboundkeypassword"
|
||||
trustStorePassword = "outboundtrustpassword"
|
||||
sslKeystore = "outboundcerts/outboundkeys.jks"
|
||||
trustStoreFile = "outboundcerts/outboundtrust.jks"
|
||||
}
|
||||
}
|
||||
floatInnerConfig : {
|
||||
floatAddresses = [ "localhost:12005" ]
|
||||
expectedCertificateSubject = "O=Bank A, L=London, C=GB"
|
||||
customSSLConfiguration : {
|
||||
keyStorePassword = "tunnelkeypassword"
|
||||
trustStorePassword = "tunneltrustpassword"
|
||||
sslKeystore = "tunnelcerts/tunnelkeys.jks"
|
||||
trustStoreFile = "tunnelcerts/tunneltrust.jks"
|
||||
}
|
||||
}
|
||||
networkParametersPath = network-parameters
|
@ -0,0 +1,30 @@
|
||||
//
|
||||
// R3 Proprietary and Confidential
|
||||
//
|
||||
// Copyright (c) 2018 R3 Limited. All rights reserved.
|
||||
//
|
||||
// The intellectual and technical concepts contained herein are proprietary to R3 and its suppliers and are protected by trade secret law.
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = FloatOuter
|
||||
inboundConfig : {
|
||||
listeningAddress = "0.0.0.0:10005"
|
||||
customSSLConfiguration : {
|
||||
keyStorePassword = "inboundkeypassword"
|
||||
trustStorePassword = "inboundtrustpassword"
|
||||
sslKeystore = "inboundcerts/inboundkeys.jks"
|
||||
trustStoreFile = "inboundcerts/inboundtrust.jks"
|
||||
}
|
||||
}
|
||||
floatOuterConfig : {
|
||||
floatAddress = "localhost:12005"
|
||||
expectedCertificateSubject = "O=Bank A, L=London, C=GB"
|
||||
customSSLConfiguration : {
|
||||
keyStorePassword = "tunnelkeypassword"
|
||||
trustStorePassword = "tunneltrustpassword"
|
||||
sslKeystore = "tunnelcerts/tunnelkeys.jks"
|
||||
trustStoreFile = "tunnelcerts/tunneltrust.jks"
|
||||
}
|
||||
}
|
||||
networkParametersPath = network-parameters
|
Loading…
Reference in New Issue
Block a user