ENT-1740 Make registration tool notary only to avoid confusion (#734)

* ENT-1740 Make registration tool notary only to avoid confusion * address PR issues
2024-12-27 08:22:35 +00:00 · 2018-04-16 14:56:13 +01:00 · 2018-04-16 14:56:13 +01:00 · fbdba41b07
commit fbdba41b07
parent 34f8719363
7 changed files with 30 additions and 29 deletions
--- a/network-management/registration-tool/README.md
+++ b/network-management/registration-tool/README.md
@ -1,6 +1,6 @@
-#Network Registration Tool
+#Distributed Notary Registration Tool

-The network registration tool creates a CSR (Certificate Signing Request) and sent to compatibility zone doorman for approval.
+The notary registration tool creates a CSR (Certificate Signing Request) with ``SERVICE_IDENTITY`` certificate role and sent to compatibility zone doorman for approval.
 A keystore and a trust store will be created once the request is approved.  

 ##Configuration file
@ -20,8 +20,6 @@ compatibilityZoneURL            Compatibility zone URL.

 networkRootTrustStorePath       Path to the network root trust store.

-certRole                        Requested cert role, it should be one of [NODE_CA, SERVICE_IDENTITY].
-
 networkRootTrustStorePassword   Network root trust store password, to be provided by the network operator. Optional, the tool will prompt for password input if not provided. 

 keyStorePassword                Generated keystore's password. Optional, the tool will prompt for password input if not provided.
@ -41,7 +39,6 @@ legalName {
 email = "test@email.com"
 compatibilityZoneURL = "http://doorman.url.com"
 networkRootTrustStorePath = "networkRootTrustStore.jks"
-certRole = "NODE_CA"

 networkRootTrustStorePassword = "password"
 keyStorePassword = "password"
--- a/network-management/registration-tool/src/main/kotlin/com/r3/corda/networkmanage/registration/KeyCopyTool.kt
+++ b/network-management/registration-tool/src/main/kotlin/com/r3/corda/networkmanage/registration/KeyCopyTool.kt
@ -24,9 +24,9 @@ fun KeyCopierOption.copyKeystore() {
    val srcPrivateKey = srcKeystore.getPrivateKey(sourceAlias)
    val srcCertChain = srcKeystore.getCertificateChain(sourceAlias)

-    X509KeyStore.fromFile(desinationFile, destinationPassword ?: readPassword("Destination key store password:")).update {
+    X509KeyStore.fromFile(destinationFile, destinationPassword ?: readPassword("Destination key store password:")).update {
        val keyAlias = destinationAlias ?: sourceAlias
        setPrivateKey(keyAlias, srcPrivateKey, srcCertChain)
-        println("Added '$keyAlias' to keystore : $desinationFile")
+        println("Added '$keyAlias' to keystore : $destinationFile")
    }
 }
--- a/network-management/registration-tool/src/main/kotlin/com/r3/corda/networkmanage/registration/Main.kt
+++ b/network-management/registration-tool/src/main/kotlin/com/r3/corda/networkmanage/registration/Main.kt
@ -88,7 +88,7 @@ private fun OptionSpecBuilder.requireOnlyIf(option: OptionSpecBuilder): OptionSp
 sealed class ToolOption {
    data class RegistrationOption(val configFile: Path) : ToolOption()
    data class KeyCopierOption(val sourceFile: Path,
-                               val desinationFile: Path,
+                               val destinationFile: Path,
                               val sourcePassword: String?,
                               val destinationPassword: String?,
                               val sourceAlias: String,
--- a/network-management/registration-tool/src/main/kotlin/com/r3/corda/networkmanage/registration/NotaryRegistrationTool.kt
+++ b/network-management/registration-tool/src/main/kotlin/com/r3/corda/networkmanage/registration/NotaryRegistrationTool.kt
@ -25,16 +25,24 @@ import java.nio.file.Path
 import java.nio.file.Paths

 fun RegistrationOption.runRegistration() {
+    println("**********************************************************")
+    println("*                                                        *")
+    println("*           Notary identity registration tool            *")
+    println("*                                                        *")
+    println("**********************************************************")
+    println()
+    println("This tool will create a notary identity certificate signing request using information found in '$configFile'")
+    println()
+
    val config = ConfigFactory.parseFile(configFile.toFile(), ConfigParseOptions.defaults().setAllowMissing(false))
            .resolve()
-            .parseAs<RegistrationConfig>()
+            .parseAs<NotaryRegistrationConfig>()

    val sslConfig = object : SSLConfiguration {
        override val keyStorePassword: String  by lazy { config.keyStorePassword ?: readPassword("Node Keystore password:") }
        override val trustStorePassword: String by lazy { config.trustStorePassword ?: readPassword("Node TrustStore password:") }
        val parent = configFile.parent
-        override val certificatesDirectory: Path = if (parent != null) parent / "certificates"
-                                                   else Paths.get("certificates")
+        override val certificatesDirectory: Path = if (parent != null) parent / "certificates" else Paths.get("certificates")
    }

    NetworkRegistrationHelper(sslConfig,
@ -42,14 +50,13 @@ fun RegistrationOption.runRegistration() {
            config.email,
            HTTPNetworkRegistrationService(config.compatibilityZoneURL),
            config.networkRootTrustStorePath,
-            config.networkRootTrustStorePassword ?: readPassword("Network trust root password:"), config.certRole).buildKeystore()
+            config.networkRootTrustStorePassword ?: readPassword("Network trust root password:"), CertRole.SERVICE_IDENTITY).buildKeystore()
 }

-data class RegistrationConfig(val legalName: CordaX500Name,
-                              val email: String,
-                              val compatibilityZoneURL: URL,
-                              val networkRootTrustStorePath: Path,
-                              val certRole: CertRole,
-                              val keyStorePassword: String?,
-                              val networkRootTrustStorePassword: String?,
-                              val trustStorePassword: String?)
+data class NotaryRegistrationConfig(val legalName: CordaX500Name,
+                                    val email: String,
+                                    val compatibilityZoneURL: URL,
+                                    val networkRootTrustStorePath: Path,
+                                    val keyStorePassword: String?,
+                                    val networkRootTrustStorePassword: String?,
+                                    val trustStorePassword: String?)
--- a/network-management/registration-tool/src/test/kotlin/com/r3/corda/networkmanage/registration/KeyCopyToolTest.kt
+++ b/network-management/registration-tool/src/test/kotlin/com/r3/corda/networkmanage/registration/KeyCopyToolTest.kt
@ -21,7 +21,7 @@ class KeyCopyToolTest {
    fun `key copy correctly`() {
        val keyCopyOption = ToolOption.KeyCopierOption(
                sourceFile = tempDir / "srcKeystore.jks",
-                desinationFile = tempDir / "destKeystore.jks",
+                destinationFile = tempDir / "destKeystore.jks",
                sourcePassword = "srctestpass",
                destinationPassword = "desttestpass",
                sourceAlias = "TestKeyAlias",
@ -34,13 +34,13 @@ class KeyCopyToolTest {
        X509KeyStore.fromFile(keyCopyOption.sourceFile, keyCopyOption.sourcePassword!!, createNew = true).update {
            setPrivateKey(keyCopyOption.sourceAlias, keyPair.private, listOf(cert))
        }
-        X509KeyStore.fromFile(keyCopyOption.desinationFile, keyCopyOption.destinationPassword!!, createNew = true)
+        X509KeyStore.fromFile(keyCopyOption.destinationFile, keyCopyOption.destinationPassword!!, createNew = true)

        // Copy private key from src keystore to dest keystore using the tool
        keyCopyOption.copyKeystore()

        // Verify key copied correctly
-        val destKeystore = X509KeyStore.fromFile(keyCopyOption.desinationFile, keyCopyOption.destinationPassword!!)
+        val destKeystore = X509KeyStore.fromFile(keyCopyOption.destinationFile, keyCopyOption.destinationPassword!!)
        assertEquals(keyPair.private, destKeystore.getPrivateKey(keyCopyOption.sourceAlias, keyCopyOption.destinationPassword!!))
        assertEquals(cert, destKeystore.getCertificate(keyCopyOption.sourceAlias))
    }
--- a/network-management/registration-tool/src/test/kotlin/com/r3/corda/networkmanage/registration/OptionParserTest.kt
+++ b/network-management/registration-tool/src/test/kotlin/com/r3/corda/networkmanage/registration/OptionParserTest.kt
@ -65,7 +65,7 @@ class OptionParserTest {
                "--destalias", "testalias2")
        assertThat(parseOptions(*keyCopyArgs)).isEqualTo(ToolOption.KeyCopierOption(
                sourceFile = tempDir / "source.jks",
-                desinationFile = tempDir / "target.jks",
+                destinationFile = tempDir / "target.jks",
                sourcePassword = "password1",
                destinationPassword = "password2",
                sourceAlias = "testalias",
@ -82,7 +82,7 @@ class OptionParserTest {
                "--srcalias", "testalias")
        assertThat(parseOptions(*keyCopyArgs)).isEqualTo(ToolOption.KeyCopierOption(
                sourceFile = tempDir / "source.jks",
-                desinationFile = tempDir / "target.jks",
+                destinationFile = tempDir / "target.jks",
                sourcePassword = null,
                destinationPassword = null,
                sourceAlias = "testalias",
--- a/network-management/registration-tool/src/test/kotlin/com/r3/corda/networkmanage/registration/RegistrationConfigTest.kt
+++ b/network-management/registration-tool/src/test/kotlin/com/r3/corda/networkmanage/registration/RegistrationConfigTest.kt
@ -20,7 +20,6 @@ import org.junit.Test
 import java.nio.file.Paths

 class RegistrationConfigTest {
-
    @Test
    fun `parse config file correctly`() {
        val testConfig = """
@ -33,7 +32,6 @@ legalName {
 email = "test@email.com"
 compatibilityZoneURL = "http://doorman.url.com"
 networkRootTrustStorePath = "networkRootTrustStore.jks"
-certRole = "NODE_CA"

 networkRootTrustStorePassword = "password"
 keyStorePassword = "password"
@ -42,9 +40,8 @@ trustStorePassword = "password"

        val config = ConfigFactory.parseString(testConfig, ConfigParseOptions.defaults().setAllowMissing(false))
                .resolve()
-                .parseAs<RegistrationConfig>()
+                .parseAs<NotaryRegistrationConfig>()

-        assertEquals(CertRole.NODE_CA, config.certRole)
        assertEquals(CordaX500Name.parse("OU=R3 Corda, O=R3 LTD, L=London, C=GB"), config.legalName)
        assertEquals("http://doorman.url.com", config.compatibilityZoneURL.toString())
        assertEquals("test@email.com", config.email)