corda

mirror of https://github.com/corda/corda.git synced 2024-12-20 05:28:21 +00:00

History

Viktor Kolomeyko 88f368134f ENT-2610: Separate passwords for store and for private keys in Corda OS. (#4090 ) * ENT-2610: Separate passwords for store and for private keys in Corda OS. When it comes to KeyStores there are 2 passwords: 1 for the keyStore as a whole and separately there is one private keys within this keyStore. Unfortunately, those 2 passwords have to be the same due to Artemis limitation, for more details please see: `org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory` where it is calling `KeyManagerFactory.init()` with store password. Before change in this PR, throughout our codebase there are multiple places where we assume that storePassword is the same as keyPassword, even in the classes that have nothing to do with Artemis. This is of course less than ideal as TLS communication may be used not only for Artemis connectivity (e.g. Bridge/Float interaction in Ent) and it is unfair to impose same passwords constraint on that communication channel. Therefore this PR is removing this limitation and properly separating storePassword from keyPassword. Linked Jira(https://r3-cev.atlassian.net/browse/ENT-2610) has for more background info. Suggest to start review from `net.corda.core.crypto.X509NameConstraintsTest` to get an idea about the nature of the changes made. * ENT-2610: Address PR input from @kchalkias * ENT-2610: Address PR input from @kchalkias, s/privateKeyPassword/entryPassword/ * ENT-2610: Address PR input from @kchalkias, s/keyPassword/entryPassword/ In the implementation of `CertificateStoreSupplier`	2018-10-22 07:11:27 +01:00
..
src/main	ENT-2610: Separate passwords for store and for private keys in Corda OS. (#4090 )	2018-10-22 07:11:27 +01:00
build.gradle	CORDA-716 Configure api scanner for test modules (#2259 )	2018-01-04 10:09:04 +00:00

Viktor Kolomeyko 88f368134f

ENT-2610: Separate passwords for store and for private keys in Corda OS. (#4090 )

* ENT-2610: Separate passwords for store and for private keys in Corda OS.

When it comes to KeyStores there are *2* passwords: 1 for the keyStore as a whole and separately there is one private keys within this keyStore.
Unfortunately, those 2 passwords have to be the same due to Artemis limitation, for more details please see:
`org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory`
where it is calling `KeyManagerFactory.init()` with store password.

Before change in this PR, throughout our codebase there are multiple places where we assume that storePassword is the same as keyPassword, even in the classes that have nothing to do with Artemis.
This is of course less than ideal as TLS communication may be used not only for Artemis connectivity (e.g. Bridge/Float interaction in Ent) and it is unfair to impose same passwords constraint on that communication channel.
Therefore this PR is removing this limitation and properly separating storePassword from keyPassword.

Linked Jira(https://r3-cev.atlassian.net/browse/ENT-2610) has for more background info.

Suggest to start review from `net.corda.core.crypto.X509NameConstraintsTest` to get an idea about the nature of the changes made.

* ENT-2610: Address PR input from @kchalkias

* ENT-2610: Address PR input from @kchalkias, s/privateKeyPassword/entryPassword/

* ENT-2610: Address PR input from @kchalkias, s/keyPassword/entryPassword/

In the implementation of `CertificateStoreSupplier`

2018-10-22 07:11:27 +01:00

src/main

ENT-2610: Separate passwords for store and for private keys in Corda OS. (#4090 )

2018-10-22 07:11:27 +01:00

build.gradle

CORDA-716 Configure api scanner for test modules (#2259 )

2018-01-04 10:09:04 +00:00