ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-01-30 08:04:16 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix composite key cert path in AbstractNode (#1249)

Browse Source 
* fix composite key cert path

* address PR issues

* added comment

* added the wrong keypair to the identity service
This commit is contained in:
Patrick Kuo 2017-08-15 15:54:02 +01:00 committed by GitHub
parent 1a44f98379
commit eb925904ce
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
View File

@ -67,6 +67,7 @@ import net.corda.node.utilities.*
import net.corda.node.utilities.AddOrRemove.ADD
import org.apache.activemq.artemis.utils.ReusableLatch
import org.bouncycastle.asn1.x500.X500Name
import org.bouncycastle.cert.X509CertificateHolder
import org.slf4j.Logger
import rx.Observable
import java.io.IOException
@ -718,24 +719,26 @@ abstract class AbstractNode(open val configuration: NodeConfiguration,
}
}
val (cert, keyPair) = keyStore.certificateAndKeyPair(privateKeyAlias)
val (cert, keys) = keyStore.certificateAndKeyPair(privateKeyAlias)
// Get keys from keystore.
val loadedServiceName = cert.subject
if (loadedServiceName != serviceName)
throw ConfigurationException("The legal name in the config file doesn't match the stored identity keystore:$serviceName vs $loadedServiceName")
val certPath = CertificateFactory.getInstance("X509").generateCertPath(keyStore.getCertificateChain(privateKeyAlias).toList())
// Use composite key instead if exists
// TODO: Use configuration to indicate composite key should be used instead of public key for the identity.
val publicKey = if (keyStore.containsAlias(compositeKeyAlias)) {
Crypto.toSupportedPublicKey(keyStore.getCertificate(compositeKeyAlias).publicKey)
val (keyPair, certs) = if (keyStore.containsAlias(compositeKeyAlias)) {
val compositeKey = Crypto.toSupportedPublicKey(keyStore.getCertificate(compositeKeyAlias).publicKey)
val compositeKeyCert = keyStore.getCertificate(compositeKeyAlias)
// We have to create the certificate chain for the composite key manually, this is because in order to store
// the chain in keystore we need a private key, however there are no corresponding private key for composite key.
Pair(KeyPair(compositeKey, keys.private), listOf(compositeKeyCert, *keyStore.getCertificateChain(X509Utilities.CORDA_CLIENT_CA)))
} else {
keyPair.public
Pair(keys, keyStore.getCertificateChain(privateKeyAlias).toList())
}
partyKeys += keyPair
return Pair(PartyAndCertificate(loadedServiceName, publicKey, cert, certPath), keyPair)
val certPath = CertificateFactory.getInstance("X509").generateCertPath(certs)
partyKeys += keys
return Pair(PartyAndCertificate(loadedServiceName, keyPair.public, X509CertificateHolder(certs.first().encoded), certPath), keyPair)
}
private fun migrateKeysFromFile(keyStore: KeyStoreWrapper, serviceName: X500Name,