corda/docs/build/html/permissioning.html
Clinton Alexander f92ef3d9cf Regen docsite
2017-01-03 13:07:48 +00:00

384 lines
20 KiB
HTML

<!-- If you edit this, then please make the same changes to layout_for_doc_website.html, as that is used for the web
doc site generation which we put analytics tracking on to identify any potential problem pages -->
<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Network permissioning &mdash; R3 Corda latest documentation</title>
<link rel="stylesheet" href="_static/css/custom.css" type="text/css" />
<link rel="top" title="R3 Corda latest documentation" href="index.html"/>
<link rel="next" title="Writing a contract" href="tutorial-contract.html"/>
<link rel="prev" title="Node Explorer" href="node-explorer.html"/>
<script src="_static/js/modernizr.min.js"></script>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search">
<a href="index.html" class="icon icon-home"> R3 Corda
</a>
<div class="version">
latest
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
<br>
<a href="api/index.html">API reference</a>
<br>
<a href="https://discourse.corda.net">Discourse Forums</a>
<br>
<a href="http://slack.corda.net">Slack</a>
<br>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<p class="caption"><span class="caption-text">Getting started</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="inthebox.html">What&#8217;s included?</a></li>
<li class="toctree-l1"><a class="reference internal" href="getting-set-up.html">Getting set up</a></li>
<li class="toctree-l1"><a class="reference internal" href="getting-set-up-fault-finding.html">Getting set up: troubleshooting</a></li>
<li class="toctree-l1"><a class="reference internal" href="running-the-demos.html">Running the demos</a></li>
<li class="toctree-l1"><a class="reference internal" href="CLI-vs-IDE.html">CLI vs IDE</a></li>
</ul>
<p class="caption"><span class="caption-text">Key concepts</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="data-model.html">Data model</a></li>
<li class="toctree-l1"><a class="reference internal" href="transaction-data-types.html">Data types</a></li>
<li class="toctree-l1"><a class="reference internal" href="merkle-trees.html">Transaction tear-offs</a></li>
<li class="toctree-l1"><a class="reference internal" href="consensus.html">Consensus model</a></li>
<li class="toctree-l1"><a class="reference internal" href="clauses.html">Clauses key concepts</a></li>
</ul>
<p class="caption"><span class="caption-text">CorDapps</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="creating-a-cordapp.html">CorDapps Background</a></li>
<li class="toctree-l1"><a class="reference internal" href="creating-a-cordapp.html#gradle-plugins-for-cordapps">Gradle plugins for CorDapps</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-cordapp.html">The CorDapp Template</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-cordapp.html#building-the-cordapp-template">Building the CorDapp template</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-cordapp.html#running-the-cordapp-template">Running the CorDapp template</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-cordapp.html#interacting-with-the-cordapp-template">Interacting with the CorDapp template</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-cordapp.html#extending-the-cordapp-template">Extending the CorDapp template</a></li>
</ul>
<p class="caption"><span class="caption-text">The Corda node</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="clientrpc.html">Client RPC</a></li>
<li class="toctree-l1"><a class="reference internal" href="messaging.html">Networking and messaging</a></li>
<li class="toctree-l1"><a class="reference internal" href="persistence.html">Persistence</a></li>
<li class="toctree-l1"><a class="reference internal" href="node-administration.html">Node administration</a></li>
<li class="toctree-l1"><a class="reference internal" href="corda-configuration-file.html">Node configuration</a></li>
<li class="toctree-l1"><a class="reference internal" href="corda-plugins.html">The Corda plugin framework</a></li>
<li class="toctree-l1"><a class="reference internal" href="node-services.html">Brief introduction to the node services</a></li>
<li class="toctree-l1"><a class="reference internal" href="node-explorer.html">Node Explorer</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">Network permissioning</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#certificate-signing-request-utility">Certificate signing request utility</a></li>
<li class="toctree-l2"><a class="reference internal" href="#building-the-utility">Building the utility</a></li>
<li class="toctree-l2"><a class="reference internal" href="#running-the-utility">Running the utility</a></li>
</ul>
</li>
</ul>
<p class="caption"><span class="caption-text">Tutorials</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="tutorial-contract.html">Writing a contract</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-contract-clauses.html">Writing a contract using clauses</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-test-dsl.html">Writing a contract test</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-integration-testing.html">Integration Test Tutorial</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-clientrpc-api.html">Client RPC API tutorial</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-building-transactions.html">Building Transactions</a></li>
<li class="toctree-l1"><a class="reference internal" href="flow-state-machines.html">Writing flows</a></li>
<li class="toctree-l1"><a class="reference internal" href="flow-testing.html">Writing flow tests</a></li>
<li class="toctree-l1"><a class="reference internal" href="running-a-notary.html">Running a notary service</a></li>
<li class="toctree-l1"><a class="reference internal" href="using-a-notary.html">Using a notary service</a></li>
<li class="toctree-l1"><a class="reference internal" href="oracles.html">Writing oracle services</a></li>
<li class="toctree-l1"><a class="reference internal" href="oracles.html#implementing-an-oracle-with-continuously-varying-data">Implementing an oracle with continuously varying data</a></li>
<li class="toctree-l1"><a class="reference internal" href="oracles.html#using-an-oracle">Using an oracle</a></li>
<li class="toctree-l1"><a class="reference internal" href="tutorial-attachments.html">Using attachments</a></li>
<li class="toctree-l1"><a class="reference internal" href="event-scheduling.html">Event scheduling</a></li>
</ul>
<p class="caption"><span class="caption-text">Other</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="network-simulator.html">Network Simulator</a></li>
<li class="toctree-l1"><a class="reference internal" href="initial-margin-agreement.html">Initial margin agreements</a></li>
</ul>
<p class="caption"><span class="caption-text">Component library</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="contract-catalogue.html">Contract catalogue</a></li>
<li class="toctree-l1"><a class="reference internal" href="contract-irs.html">Interest rate swaps</a></li>
</ul>
<p class="caption"><span class="caption-text">Appendix</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="loadtesting.html">Load testing</a></li>
<li class="toctree-l1"><a class="reference internal" href="setting-up-a-corda-network.html">Introduction - What is a corda network?</a></li>
<li class="toctree-l1"><a class="reference internal" href="setting-up-a-corda-network.html#setting-up-your-own-network">Setting up your own network</a></li>
<li class="toctree-l1"><a class="reference internal" href="secure-coding-guidelines.html">Secure coding guidelines</a></li>
<li class="toctree-l1"><a class="reference internal" href="release-process.html">Release process</a></li>
<li class="toctree-l1"><a class="reference internal" href="release-process.html#steps-to-cut-a-release">Steps to cut a release</a></li>
<li class="toctree-l1"><a class="reference internal" href="release-notes.html">Release notes</a></li>
<li class="toctree-l1"><a class="reference internal" href="codestyle.html">Code style guide</a></li>
<li class="toctree-l1"><a class="reference internal" href="building-the-docs.html">Building the documentation</a></li>
<li class="toctree-l1"><a class="reference internal" href="publishing-corda.html">Publishing Corda</a></li>
<li class="toctree-l1"><a class="reference internal" href="azure-vm.html">Working with the Corda Demo on Azure Marketplace</a></li>
</ul>
<p class="caption"><span class="caption-text">Glossary</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="glossary.html">Glossary</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="index.html">R3 Corda</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="index.html">Docs</a> &raquo;</li>
<li>Network permissioning</li>
<li class="wy-breadcrumbs-aside">
<a href="_sources/permissioning.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<div class="section" id="network-permissioning">
<h1>Network permissioning<a class="headerlink" href="#network-permissioning" title="Permalink to this headline"></a></h1>
<p>The keystore located in <code class="docutils literal"><span class="pre">&lt;workspace&gt;/certificates/sslkeystore.jks</span></code> is required to connect to the Corda network securely.
In development mode (when <code class="docutils literal"><span class="pre">devMode</span> <span class="pre">=</span> <span class="pre">true</span></code>, see <a class="reference internal" href="corda-configuration-file.html"><span class="doc">Node configuration</span></a> for more information) a pre-configured
keystore will be used if the keystore does not exist. This is to ensure developers can get the nodes working as quickly
as possible.</p>
<p>However this is not secure for the real network. This documentation will explain the procedure of obtaining a signed
certificate for TestNet.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The TestNet has not been setup yet as of Milestone 6 release. You will not be able to connect to the
certificate signing server.</p>
</div>
<div class="section" id="certificate-signing-request-utility">
<h2>Certificate signing request utility<a class="headerlink" href="#certificate-signing-request-utility" title="Permalink to this headline"></a></h2>
<p>The utility creates certificate signing request based on node information obtained from the node configuration.
The following information from the node configuration file is needed to generate a certificate signing request.</p>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">myLegalName:</th><td class="field-body"><p class="first">Your company&#8217;s legal name. e.g. &#8220;Mega Corp LLC&#8221;. This needs to be unique on the network. If another node
has already been permissioned with this name then the permissioning server will automatically reject the request. The
request will also be rejected if the name contains a <code class="docutils literal"><span class="pre">=</span></code> or <code class="docutils literal"><span class="pre">,</span></code>.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">In a future version the uniquess requirement will be relaxed to a X.500 name. This will allow differentiation
between entities with the same name.</p>
</div>
</td>
</tr>
<tr class="field-even field"><th class="field-name">nearestCity:</th><td class="field-body"><p class="first">e.g. &#8220;London&#8221;</p>
</td>
</tr>
<tr class="field-odd field"><th class="field-name">emailAddress:</th><td class="field-body"><p class="first">e.g. &#8220;<a class="reference external" href="mailto:admin&#37;&#52;&#48;company&#46;com">admin<span>&#64;</span>company<span>&#46;</span>com</a>&#8220;</p>
</td>
</tr>
<tr class="field-even field"><th class="field-name" colspan="2">certificateSigningService:</th></tr>
<tr class="field-even field"><td>&nbsp;</td><td class="field-body"><p class="first last">Certificate signing server URL. A certificate signing server will be hosted by R3 in the near
future. e.g.&#8221;<a class="reference external" href="https://testnet.certificate.corda.net">https://testnet.certificate.corda.net</a>&#8220;</p>
</td>
</tr>
</tbody>
</table>
<p>A new pair of private and public keys will be generated by the utility and will be used to create the request.</p>
<p>The utility will submit the request to the network permissioning server and poll for a result periodically to retrieve the certificates.
Once the request has been approved and the certificates downloaded from the server, the utility will create the key store and trust store using the certificates and the generated private key.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">You can exit the utility at anytime if the approval process is taking longer then expected. The request process will resume on restart.</p>
</div>
<p>This process only needs to be done once when the node connects to the network for the first time, or when the certificate expires.</p>
</div>
<div class="section" id="building-the-utility">
<h2>Building the utility<a class="headerlink" href="#building-the-utility" title="Permalink to this headline"></a></h2>
<p>The utility will be created as part of the gradle <code class="docutils literal"><span class="pre">:node</span></code> module <code class="docutils literal"><span class="pre">buildCordaJAR</span></code> task.
You can also build the utility JAR by run the following command from the Corda project root directory.</p>
<p><strong>Windows</strong>:</p>
<div class="highlight-kotlin"><div class="highlight"><pre><span></span><span class="n">gradlew</span><span class="p">.</span><span class="n">bat</span> <span class="p">:</span><span class="n">node</span><span class="p">:</span><span class="n">buildCertSigningRequestUtilityJAR</span>
</pre></div>
</div>
<p><strong>Other</strong>:</p>
<div class="highlight-kotlin"><div class="highlight"><pre><span></span><span class="p">./</span><span class="n">gradlew</span> <span class="p">:</span><span class="n">node</span><span class="p">:</span><span class="n">buildCertSigningRequestUtilityJAR</span>
</pre></div>
</div>
<p>The utility JAR will be created in <code class="docutils literal"><span class="pre">&lt;Project</span> <span class="pre">Root</span> <span class="pre">Dir&gt;/node/build/libs/certSigningRequestUtility.jar</span></code></p>
</div>
<div class="section" id="running-the-utility">
<h2>Running the utility<a class="headerlink" href="#running-the-utility" title="Permalink to this headline"></a></h2>
<p>You will need to specify the working directory of your Corda node using <code class="docutils literal"><span class="pre">--base-dir</span></code> flag. This is defaulted to current directory if left blank.
You can also specify the location of <code class="docutils literal"><span class="pre">node.conf</span></code> with <code class="docutils literal"><span class="pre">--config-file</span></code> flag if it&#8217;s not in the working directory.</p>
<p><strong>Running the Utility</strong>:</p>
<div class="highlight-kotlin"><div class="highlight"><pre><span></span><span class="n">java</span> <span class="p">-</span><span class="n">jar</span> <span class="n">certSigningRequestUtility</span><span class="p">.</span><span class="n">jar</span> <span class="p">--</span><span class="n">base</span><span class="p">-</span><span class="n">dir</span> <span class="p">&lt;&lt;</span><span class="n">optional</span><span class="p">&gt;&gt;</span> <span class="p">--</span><span class="n">config</span><span class="p">-</span><span class="n">file</span> <span class="p">&lt;&lt;</span><span class="n">optional</span><span class="p">&gt;&gt;</span>
</pre></div>
</div>
<p>A <code class="docutils literal"><span class="pre">certificates</span></code> folder containing the keystore and trust store will be created in the base directory when the process is completed.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">The keystore is protected by the keystore password from the node configuration file. The password should kept safe to protect the private key and certificate.</p>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Password encryption in node configuration will be supported in subsequent release.</p>
</div>
</div>
</div>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="tutorial-contract.html" class="btn btn-neutral float-right" title="Writing a contract" accesskey="n">Next <span class="fa fa-arrow-circle-right"></span></a>
<a href="node-explorer.html" class="btn btn-neutral" title="Node Explorer" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
&copy; Copyright 2016, R3 Limited.
</p>
</div>
Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT:'./',
VERSION:'latest',
COLLAPSE_INDEX:false,
FILE_SUFFIX:'.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<script type="text/javascript" src="_static/js/theme.js"></script>
<script type="text/javascript">
jQuery(function () {
SphinxRtdTheme.StickyNav.enable();
});
</script>
</body>
</html>