mirror of
https://github.com/corda/corda.git
synced 2024-12-28 16:58:55 +00:00
ENT-1740 Make registration tool notary only to avoid confusion (#734)
* ENT-1740 Make registration tool notary only to avoid confusion * address PR issues
This commit is contained in:
parent
34f8719363
commit
fbdba41b07
@ -1,6 +1,6 @@
|
|||||||
#Network Registration Tool
|
#Distributed Notary Registration Tool
|
||||||
|
|
||||||
The network registration tool creates a CSR (Certificate Signing Request) and sent to compatibility zone doorman for approval.
|
The notary registration tool creates a CSR (Certificate Signing Request) with ``SERVICE_IDENTITY`` certificate role and sent to compatibility zone doorman for approval.
|
||||||
A keystore and a trust store will be created once the request is approved.
|
A keystore and a trust store will be created once the request is approved.
|
||||||
|
|
||||||
##Configuration file
|
##Configuration file
|
||||||
@ -20,8 +20,6 @@ compatibilityZoneURL Compatibility zone URL.
|
|||||||
|
|
||||||
networkRootTrustStorePath Path to the network root trust store.
|
networkRootTrustStorePath Path to the network root trust store.
|
||||||
|
|
||||||
certRole Requested cert role, it should be one of [NODE_CA, SERVICE_IDENTITY].
|
|
||||||
|
|
||||||
networkRootTrustStorePassword Network root trust store password, to be provided by the network operator. Optional, the tool will prompt for password input if not provided.
|
networkRootTrustStorePassword Network root trust store password, to be provided by the network operator. Optional, the tool will prompt for password input if not provided.
|
||||||
|
|
||||||
keyStorePassword Generated keystore's password. Optional, the tool will prompt for password input if not provided.
|
keyStorePassword Generated keystore's password. Optional, the tool will prompt for password input if not provided.
|
||||||
@ -41,7 +39,6 @@ legalName {
|
|||||||
email = "test@email.com"
|
email = "test@email.com"
|
||||||
compatibilityZoneURL = "http://doorman.url.com"
|
compatibilityZoneURL = "http://doorman.url.com"
|
||||||
networkRootTrustStorePath = "networkRootTrustStore.jks"
|
networkRootTrustStorePath = "networkRootTrustStore.jks"
|
||||||
certRole = "NODE_CA"
|
|
||||||
|
|
||||||
networkRootTrustStorePassword = "password"
|
networkRootTrustStorePassword = "password"
|
||||||
keyStorePassword = "password"
|
keyStorePassword = "password"
|
||||||
|
@ -24,9 +24,9 @@ fun KeyCopierOption.copyKeystore() {
|
|||||||
val srcPrivateKey = srcKeystore.getPrivateKey(sourceAlias)
|
val srcPrivateKey = srcKeystore.getPrivateKey(sourceAlias)
|
||||||
val srcCertChain = srcKeystore.getCertificateChain(sourceAlias)
|
val srcCertChain = srcKeystore.getCertificateChain(sourceAlias)
|
||||||
|
|
||||||
X509KeyStore.fromFile(desinationFile, destinationPassword ?: readPassword("Destination key store password:")).update {
|
X509KeyStore.fromFile(destinationFile, destinationPassword ?: readPassword("Destination key store password:")).update {
|
||||||
val keyAlias = destinationAlias ?: sourceAlias
|
val keyAlias = destinationAlias ?: sourceAlias
|
||||||
setPrivateKey(keyAlias, srcPrivateKey, srcCertChain)
|
setPrivateKey(keyAlias, srcPrivateKey, srcCertChain)
|
||||||
println("Added '$keyAlias' to keystore : $desinationFile")
|
println("Added '$keyAlias' to keystore : $destinationFile")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -88,7 +88,7 @@ private fun OptionSpecBuilder.requireOnlyIf(option: OptionSpecBuilder): OptionSp
|
|||||||
sealed class ToolOption {
|
sealed class ToolOption {
|
||||||
data class RegistrationOption(val configFile: Path) : ToolOption()
|
data class RegistrationOption(val configFile: Path) : ToolOption()
|
||||||
data class KeyCopierOption(val sourceFile: Path,
|
data class KeyCopierOption(val sourceFile: Path,
|
||||||
val desinationFile: Path,
|
val destinationFile: Path,
|
||||||
val sourcePassword: String?,
|
val sourcePassword: String?,
|
||||||
val destinationPassword: String?,
|
val destinationPassword: String?,
|
||||||
val sourceAlias: String,
|
val sourceAlias: String,
|
||||||
|
@ -25,16 +25,24 @@ import java.nio.file.Path
|
|||||||
import java.nio.file.Paths
|
import java.nio.file.Paths
|
||||||
|
|
||||||
fun RegistrationOption.runRegistration() {
|
fun RegistrationOption.runRegistration() {
|
||||||
|
println("**********************************************************")
|
||||||
|
println("* *")
|
||||||
|
println("* Notary identity registration tool *")
|
||||||
|
println("* *")
|
||||||
|
println("**********************************************************")
|
||||||
|
println()
|
||||||
|
println("This tool will create a notary identity certificate signing request using information found in '$configFile'")
|
||||||
|
println()
|
||||||
|
|
||||||
val config = ConfigFactory.parseFile(configFile.toFile(), ConfigParseOptions.defaults().setAllowMissing(false))
|
val config = ConfigFactory.parseFile(configFile.toFile(), ConfigParseOptions.defaults().setAllowMissing(false))
|
||||||
.resolve()
|
.resolve()
|
||||||
.parseAs<RegistrationConfig>()
|
.parseAs<NotaryRegistrationConfig>()
|
||||||
|
|
||||||
val sslConfig = object : SSLConfiguration {
|
val sslConfig = object : SSLConfiguration {
|
||||||
override val keyStorePassword: String by lazy { config.keyStorePassword ?: readPassword("Node Keystore password:") }
|
override val keyStorePassword: String by lazy { config.keyStorePassword ?: readPassword("Node Keystore password:") }
|
||||||
override val trustStorePassword: String by lazy { config.trustStorePassword ?: readPassword("Node TrustStore password:") }
|
override val trustStorePassword: String by lazy { config.trustStorePassword ?: readPassword("Node TrustStore password:") }
|
||||||
val parent = configFile.parent
|
val parent = configFile.parent
|
||||||
override val certificatesDirectory: Path = if (parent != null) parent / "certificates"
|
override val certificatesDirectory: Path = if (parent != null) parent / "certificates" else Paths.get("certificates")
|
||||||
else Paths.get("certificates")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
NetworkRegistrationHelper(sslConfig,
|
NetworkRegistrationHelper(sslConfig,
|
||||||
@ -42,14 +50,13 @@ fun RegistrationOption.runRegistration() {
|
|||||||
config.email,
|
config.email,
|
||||||
HTTPNetworkRegistrationService(config.compatibilityZoneURL),
|
HTTPNetworkRegistrationService(config.compatibilityZoneURL),
|
||||||
config.networkRootTrustStorePath,
|
config.networkRootTrustStorePath,
|
||||||
config.networkRootTrustStorePassword ?: readPassword("Network trust root password:"), config.certRole).buildKeystore()
|
config.networkRootTrustStorePassword ?: readPassword("Network trust root password:"), CertRole.SERVICE_IDENTITY).buildKeystore()
|
||||||
}
|
}
|
||||||
|
|
||||||
data class RegistrationConfig(val legalName: CordaX500Name,
|
data class NotaryRegistrationConfig(val legalName: CordaX500Name,
|
||||||
val email: String,
|
val email: String,
|
||||||
val compatibilityZoneURL: URL,
|
val compatibilityZoneURL: URL,
|
||||||
val networkRootTrustStorePath: Path,
|
val networkRootTrustStorePath: Path,
|
||||||
val certRole: CertRole,
|
|
||||||
val keyStorePassword: String?,
|
val keyStorePassword: String?,
|
||||||
val networkRootTrustStorePassword: String?,
|
val networkRootTrustStorePassword: String?,
|
||||||
val trustStorePassword: String?)
|
val trustStorePassword: String?)
|
@ -21,7 +21,7 @@ class KeyCopyToolTest {
|
|||||||
fun `key copy correctly`() {
|
fun `key copy correctly`() {
|
||||||
val keyCopyOption = ToolOption.KeyCopierOption(
|
val keyCopyOption = ToolOption.KeyCopierOption(
|
||||||
sourceFile = tempDir / "srcKeystore.jks",
|
sourceFile = tempDir / "srcKeystore.jks",
|
||||||
desinationFile = tempDir / "destKeystore.jks",
|
destinationFile = tempDir / "destKeystore.jks",
|
||||||
sourcePassword = "srctestpass",
|
sourcePassword = "srctestpass",
|
||||||
destinationPassword = "desttestpass",
|
destinationPassword = "desttestpass",
|
||||||
sourceAlias = "TestKeyAlias",
|
sourceAlias = "TestKeyAlias",
|
||||||
@ -34,13 +34,13 @@ class KeyCopyToolTest {
|
|||||||
X509KeyStore.fromFile(keyCopyOption.sourceFile, keyCopyOption.sourcePassword!!, createNew = true).update {
|
X509KeyStore.fromFile(keyCopyOption.sourceFile, keyCopyOption.sourcePassword!!, createNew = true).update {
|
||||||
setPrivateKey(keyCopyOption.sourceAlias, keyPair.private, listOf(cert))
|
setPrivateKey(keyCopyOption.sourceAlias, keyPair.private, listOf(cert))
|
||||||
}
|
}
|
||||||
X509KeyStore.fromFile(keyCopyOption.desinationFile, keyCopyOption.destinationPassword!!, createNew = true)
|
X509KeyStore.fromFile(keyCopyOption.destinationFile, keyCopyOption.destinationPassword!!, createNew = true)
|
||||||
|
|
||||||
// Copy private key from src keystore to dest keystore using the tool
|
// Copy private key from src keystore to dest keystore using the tool
|
||||||
keyCopyOption.copyKeystore()
|
keyCopyOption.copyKeystore()
|
||||||
|
|
||||||
// Verify key copied correctly
|
// Verify key copied correctly
|
||||||
val destKeystore = X509KeyStore.fromFile(keyCopyOption.desinationFile, keyCopyOption.destinationPassword!!)
|
val destKeystore = X509KeyStore.fromFile(keyCopyOption.destinationFile, keyCopyOption.destinationPassword!!)
|
||||||
assertEquals(keyPair.private, destKeystore.getPrivateKey(keyCopyOption.sourceAlias, keyCopyOption.destinationPassword!!))
|
assertEquals(keyPair.private, destKeystore.getPrivateKey(keyCopyOption.sourceAlias, keyCopyOption.destinationPassword!!))
|
||||||
assertEquals(cert, destKeystore.getCertificate(keyCopyOption.sourceAlias))
|
assertEquals(cert, destKeystore.getCertificate(keyCopyOption.sourceAlias))
|
||||||
}
|
}
|
||||||
|
@ -65,7 +65,7 @@ class OptionParserTest {
|
|||||||
"--destalias", "testalias2")
|
"--destalias", "testalias2")
|
||||||
assertThat(parseOptions(*keyCopyArgs)).isEqualTo(ToolOption.KeyCopierOption(
|
assertThat(parseOptions(*keyCopyArgs)).isEqualTo(ToolOption.KeyCopierOption(
|
||||||
sourceFile = tempDir / "source.jks",
|
sourceFile = tempDir / "source.jks",
|
||||||
desinationFile = tempDir / "target.jks",
|
destinationFile = tempDir / "target.jks",
|
||||||
sourcePassword = "password1",
|
sourcePassword = "password1",
|
||||||
destinationPassword = "password2",
|
destinationPassword = "password2",
|
||||||
sourceAlias = "testalias",
|
sourceAlias = "testalias",
|
||||||
@ -82,7 +82,7 @@ class OptionParserTest {
|
|||||||
"--srcalias", "testalias")
|
"--srcalias", "testalias")
|
||||||
assertThat(parseOptions(*keyCopyArgs)).isEqualTo(ToolOption.KeyCopierOption(
|
assertThat(parseOptions(*keyCopyArgs)).isEqualTo(ToolOption.KeyCopierOption(
|
||||||
sourceFile = tempDir / "source.jks",
|
sourceFile = tempDir / "source.jks",
|
||||||
desinationFile = tempDir / "target.jks",
|
destinationFile = tempDir / "target.jks",
|
||||||
sourcePassword = null,
|
sourcePassword = null,
|
||||||
destinationPassword = null,
|
destinationPassword = null,
|
||||||
sourceAlias = "testalias",
|
sourceAlias = "testalias",
|
||||||
|
@ -20,7 +20,6 @@ import org.junit.Test
|
|||||||
import java.nio.file.Paths
|
import java.nio.file.Paths
|
||||||
|
|
||||||
class RegistrationConfigTest {
|
class RegistrationConfigTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
fun `parse config file correctly`() {
|
fun `parse config file correctly`() {
|
||||||
val testConfig = """
|
val testConfig = """
|
||||||
@ -33,7 +32,6 @@ legalName {
|
|||||||
email = "test@email.com"
|
email = "test@email.com"
|
||||||
compatibilityZoneURL = "http://doorman.url.com"
|
compatibilityZoneURL = "http://doorman.url.com"
|
||||||
networkRootTrustStorePath = "networkRootTrustStore.jks"
|
networkRootTrustStorePath = "networkRootTrustStore.jks"
|
||||||
certRole = "NODE_CA"
|
|
||||||
|
|
||||||
networkRootTrustStorePassword = "password"
|
networkRootTrustStorePassword = "password"
|
||||||
keyStorePassword = "password"
|
keyStorePassword = "password"
|
||||||
@ -42,9 +40,8 @@ trustStorePassword = "password"
|
|||||||
|
|
||||||
val config = ConfigFactory.parseString(testConfig, ConfigParseOptions.defaults().setAllowMissing(false))
|
val config = ConfigFactory.parseString(testConfig, ConfigParseOptions.defaults().setAllowMissing(false))
|
||||||
.resolve()
|
.resolve()
|
||||||
.parseAs<RegistrationConfig>()
|
.parseAs<NotaryRegistrationConfig>()
|
||||||
|
|
||||||
assertEquals(CertRole.NODE_CA, config.certRole)
|
|
||||||
assertEquals(CordaX500Name.parse("OU=R3 Corda, O=R3 LTD, L=London, C=GB"), config.legalName)
|
assertEquals(CordaX500Name.parse("OU=R3 Corda, O=R3 LTD, L=London, C=GB"), config.legalName)
|
||||||
assertEquals("http://doorman.url.com", config.compatibilityZoneURL.toString())
|
assertEquals("http://doorman.url.com", config.compatibilityZoneURL.toString())
|
||||||
assertEquals("test@email.com", config.email)
|
assertEquals("test@email.com", config.email)
|
||||||
|
Loading…
Reference in New Issue
Block a user