ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-05-30 14:14:29 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ENT-2182: Clean up of network permissioning docs (#3478)

Browse Source
This commit is contained in:
Shams Asari 2018-06-29 13:11:46 +01:00 committed by Michele Sollecito
parent c50fd5e07e
commit f08b0e469d
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/source/permissioning.rst
View File

@ -20,7 +20,7 @@ The issued certificates take the form of three keystores in a node's ``<workspac
Most users will join an existing network such as the main Corda network or the Corda TestNet. You can also build your Most users will join an existing network such as the main Corda network or the Corda TestNet. You can also build your
own networks. During development, no network is required because you can use the included tools to pre-create own networks. During development, no network is required because you can use the included tools to pre-create
and pre-distribute the certificates and map files that would normally be provided dynamically by the network. Effectively and pre-distribute the certificates and map files that would normally be provided dynamically by the network. Effectively
the bootstrapper tool creates a private semi-static network for you. the :doc:`bootstrapper tool <network-bootstrapper>` creates a private semi-static network for you.
Certificate hierarchy Certificate hierarchy
--------------------- ---------------------
@ -72,9 +72,8 @@ certificates must obey the following restrictions:
The required identity and TLS keys/certificates will be automatically generated for you by the node on first run. The required identity and TLS keys/certificates will be automatically generated for you by the node on first run.
However, you can also generate them manually for more control. The ``X509Utilities`` class shows how to generate the However, you can also generate them manually for more control. The ``X509Utilities`` class shows how to generate the
required public/private keypairs and certificates using Bouncy Castle. You can find the ``X509Utilities`` in the `Corda required public/private keypairs and certificates using Bouncy Castle. You can find it in the `Corda repository
repository <https://github.com/corda/corda>`__, under <https://github.com/corda/corda/blob/master/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509Utilities.kt>`__.
``/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509Utilities.kt``.
Certificate role extension Certificate role extension
-------------------------- --------------------------
@ -140,7 +139,7 @@ The following information from the node configuration file is needed to generate
* **devMode** must be set to false * **devMode** must be set to false
* **networkServices or compatibilityZoneURL** The Corda compatibility zone services must be configured. This must be either: * **networkServices** or **compatibilityZoneURL** The Corda compatibility zone services must be configured. This must be either:
* **compatibilityZoneURL** The Corda compatibility zone network management service root URL. * **compatibilityZoneURL** The Corda compatibility zone network management service root URL.
* **networkServices** Replaces the ``compatibilityZoneURL`` when the doorman and network map services * **networkServices** Replaces the ``compatibilityZoneURL`` when the doorman and network map services
@ -172,7 +171,7 @@ Think twice before going down this route:
1. It isn't necessary for testing. 1. It isn't necessary for testing.
2. It isn't necessary for adding another layer of permissioning or 'know your customer' requirements onto your app. 2. It isn't necessary for adding another layer of permissioning or 'know your customer' requirements onto your app.
**Testing.** Creating a production-ready zone isn't necessary for testing as you can use the *network bootstrapper* **Testing.** Creating a production-ready zone isn't necessary for testing as you can use the :doc:`network bootstrapper <network-bootstrapper>`
tool to create all the certificates, keys, and distribute the needed map files to run many nodes. The bootstrapper can tool to create all the certificates, keys, and distribute the needed map files to run many nodes. The bootstrapper can
create a network locally on your desktop/laptop but it also knows how to automate cloud providers via their APIs and create a network locally on your desktop/laptop but it also knows how to automate cloud providers via their APIs and
using Docker. In this way you can bring up a simulation of a real Corda network with different nodes on different using Docker. In this way you can bring up a simulation of a real Corda network with different nodes on different
@ -277,8 +276,9 @@ Setting zone parameters
Zone parameters are stored in a file containing a Corda AMQP serialised ``SignedDataWithCert<NetworkParameters>`` Zone parameters are stored in a file containing a Corda AMQP serialised ``SignedDataWithCert<NetworkParameters>``
object. It is easy to create such a file with a small Java or Kotlin program. The ``NetworkParameters`` object is a object. It is easy to create such a file with a small Java or Kotlin program. The ``NetworkParameters`` object is a
simple data holder that could be read from e.g. a config file, or settings from a database. Signing and saving the simple data holder that could be read from e.g. a config file, or settings from a database. Signing and saving the
resulting file is just a few lines of code. A full example can be found in ``NetworkParametersCopier.kt`` in the source resulting file is just a few lines of code. A full example can be found in `NetworkParametersCopier.kt
tree, but a flavour of it looks like this: <https://github.com/corda/corda/blob/master/node-api/src/main/kotlin/net/corda/nodeapi/internal/network/NetworkParametersCopier.kt>`__,
but a flavour of it looks like this:
.. container:: codeset .. container:: codeset