Moved X509Utilities, and some other crypto utilities in node, into no…

…de-api so that they can be used by services outside of the node. There's also some cleanup as well.
Taburu · Nov 27, 2017 · 2ceb628 · 2ceb628
1 parent 0e37132
commit 2ceb628
Show file tree

Hide file tree

Showing 30 changed files with 248 additions and 191 deletions.
diff --git a/core/src/test/kotlin/net/corda/core/crypto/CompositeKeyTests.kt b/core/src/test/kotlin/net/corda/core/crypto/CompositeKeyTests.kt
@@ -8,7 +8,7 @@ import net.corda.core.internal.div
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.OpaqueBytes
 import net.corda.core.utilities.toBase58String
-import net.corda.node.utilities.*
+import net.corda.nodeapi.internal.crypto.*
 import net.corda.testing.kryoSpecific
 import net.corda.testing.SerializationEnvironmentRule
 import org.junit.Rule

diff --git a/core/src/test/kotlin/net/corda/core/crypto/X509NameConstraintsTest.kt b/core/src/test/kotlin/net/corda/core/crypto/X509NameConstraintsTest.kt
@@ -3,7 +3,7 @@ package net.corda.core.crypto
 import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.toTypedArray
 import net.corda.core.internal.cert
-import net.corda.node.utilities.*
+import net.corda.nodeapi.internal.crypto.*
 import org.bouncycastle.asn1.x500.X500Name
 import org.bouncycastle.asn1.x509.GeneralName
 import org.bouncycastle.asn1.x509.GeneralSubtree
@@ -50,7 +50,7 @@ class X509NameConstraintsTest {
 
         val nameConstraints = NameConstraints(acceptableNames, arrayOf())
         val pathValidator = CertPathValidator.getInstance("PKIX")
-        val certFactory = CertificateFactory.getInstance("X509")
+        val certFactory = X509CertificateFactory().delegate
 
         assertFailsWith(CertPathValidatorException::class) {
             val (keystore, trustStore) = makeKeyStores(X500Name("CN=Bank B"), nameConstraints)
@@ -85,7 +85,7 @@ class X509NameConstraintsTest {
                 .map { GeneralSubtree(GeneralName(X500Name(it))) }.toTypedArray()
 
         val nameConstraints = NameConstraints(acceptableNames, arrayOf())
-        val certFactory = CertificateFactory.getInstance("X509")
+        val certFactory = X509CertificateFactory().delegate
         Crypto.ECDSA_SECP256R1_SHA256
         val pathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME)
 

diff --git a/core/src/test/kotlin/net/corda/core/identity/PartyAndCertificateTest.kt b/core/src/test/kotlin/net/corda/core/identity/PartyAndCertificateTest.kt
@@ -4,8 +4,8 @@ import net.corda.core.crypto.entropyToKeyPair
 import net.corda.core.internal.read
 import net.corda.core.serialization.deserialize
 import net.corda.core.serialization.serialize
-import net.corda.node.utilities.KEYSTORE_TYPE
-import net.corda.node.utilities.save
+import net.corda.nodeapi.internal.crypto.KEYSTORE_TYPE
+import net.corda.nodeapi.internal.crypto.save
 import net.corda.testing.SerializationEnvironmentRule
 import net.corda.testing.getTestPartyAndCertificate
 import org.assertj.core.api.Assertions.assertThat

diff --git a/...da/node/utilities/ContentSignerBuilder.kt → ...i/internal/crypto/ContentSignerBuilder.kt b/...da/node/utilities/ContentSignerBuilder.kt → ...i/internal/crypto/ContentSignerBuilder.kt
@@ -1,4 +1,4 @@
-package net.corda.node.utilities
+package net.corda.nodeapi.internal.crypto
 
 import net.corda.core.crypto.SignatureScheme
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier

diff --git a/...corda/node/utilities/KeyStoreUtilities.kt → ...eapi/internal/crypto/KeyStoreUtilities.kt b/...corda/node/utilities/KeyStoreUtilities.kt → ...eapi/internal/crypto/KeyStoreUtilities.kt
@@ -1,19 +1,16 @@
 @file:JvmName("KeyStoreUtilities")
 
-package net.corda.node.utilities
+package net.corda.nodeapi.internal.crypto
 
 import net.corda.core.crypto.Crypto
-import net.corda.core.identity.CordaX500Name
 import net.corda.core.internal.*
 import org.bouncycastle.cert.X509CertificateHolder
 import java.io.IOException
 import java.io.InputStream
 import java.io.OutputStream
 import java.nio.file.Path
 import java.security.*
-import java.security.cert.CertPath
 import java.security.cert.Certificate
-import java.security.cert.CertificateFactory
 import java.security.cert.X509Certificate
 
 const val KEYSTORE_TYPE = "JKS"
@@ -169,44 +166,3 @@ fun KeyStore.getSupportedKey(alias: String, keyPassword: String): PrivateKey {
     val key = getKey(alias, keyPass) as PrivateKey
     return Crypto.toSupportedPrivateKey(key)
 }
-
-class KeyStoreWrapper(private val storePath: Path, private val storePassword: String) {
-    private val keyStore = storePath.read { loadKeyStore(it, storePassword) }
-
-    private fun createCertificate(serviceName: CordaX500Name, pubKey: PublicKey): CertPath {
-        val clientCertPath = keyStore.getCertificateChain(X509Utilities.CORDA_CLIENT_CA)
-        // Assume key password = store password.
-        val clientCA = certificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA)
-        // Create new keys and store in keystore.
-        val cert = X509Utilities.createCertificate(CertificateType.IDENTITY, clientCA.certificate, clientCA.keyPair, serviceName, pubKey)
-        val certPath = CertificateFactory.getInstance("X509").generateCertPath(listOf(cert.cert) + clientCertPath)
-        require(certPath.certificates.isNotEmpty()) { "Certificate path cannot be empty" }
-        // TODO: X509Utilities.validateCertificateChain()
-        return certPath
-    }
-
-    fun signAndSaveNewKeyPair(serviceName: CordaX500Name, privateKeyAlias: String, keyPair: KeyPair) {
-        val certPath = createCertificate(serviceName, keyPair.public)
-        // Assume key password = store password.
-        keyStore.addOrReplaceKey(privateKeyAlias, keyPair.private, storePassword.toCharArray(), certPath.certificates.toTypedArray())
-        keyStore.save(storePath, storePassword)
-    }
-
-    fun savePublicKey(serviceName: CordaX500Name, pubKeyAlias: String, pubKey: PublicKey) {
-        val certPath = createCertificate(serviceName, pubKey)
-        // Assume key password = store password.
-        keyStore.addOrReplaceCertificate(pubKeyAlias, certPath.certificates.first())
-        keyStore.save(storePath, storePassword)
-    }
-
-    // Delegate methods to keystore. Sadly keystore doesn't have an interface.
-    fun containsAlias(alias: String) = keyStore.containsAlias(alias)
-
-    fun getX509Certificate(alias: String) = keyStore.getX509Certificate(alias)
-
-    fun getCertificateChain(alias: String): Array<out Certificate> = keyStore.getCertificateChain(alias)
-
-    fun getCertificate(alias: String): Certificate = keyStore.getCertificate(alias)
-
-    fun certificateAndKeyPair(alias: String): CertificateAndKeyPair = keyStore.getCertificateAndKeyPair(alias, storePassword)
-}
diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/KeyStoreWrapper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/KeyStoreWrapper.kt
@@ -0,0 +1,52 @@
+package net.corda.nodeapi.internal.crypto
+
+import net.corda.core.identity.CordaX500Name
+import net.corda.core.internal.cert
+import net.corda.core.internal.read
+import java.nio.file.Path
+import java.security.KeyPair
+import java.security.PublicKey
+import java.security.cert.CertPath
+import java.security.cert.Certificate
+import java.security.cert.CertificateFactory
+
+class KeyStoreWrapper(private val storePath: Path, private val storePassword: String) {
+    private val keyStore = storePath.read { loadKeyStore(it, storePassword) }
+
+    private fun createCertificate(serviceName: CordaX500Name, pubKey: PublicKey): CertPath {
+        val clientCertPath = keyStore.getCertificateChain(X509Utilities.CORDA_CLIENT_CA)
+        // Assume key password = store password.
+        val clientCA = certificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA)
+        // Create new keys and store in keystore.
+        val cert = X509Utilities.createCertificate(CertificateType.IDENTITY, clientCA.certificate, clientCA.keyPair, serviceName, pubKey)
+        val certPath = X509CertificateFactory().delegate.generateCertPath(listOf(cert.cert) + clientCertPath)
+        require(certPath.certificates.isNotEmpty()) { "Certificate path cannot be empty" }
+        // TODO: X509Utilities.validateCertificateChain()
+        return certPath
+    }
+
+    fun signAndSaveNewKeyPair(serviceName: CordaX500Name, privateKeyAlias: String, keyPair: KeyPair) {
+        val certPath = createCertificate(serviceName, keyPair.public)
+        // Assume key password = store password.
+        keyStore.addOrReplaceKey(privateKeyAlias, keyPair.private, storePassword.toCharArray(), certPath.certificates.toTypedArray())
+        keyStore.save(storePath, storePassword)
+    }
+
+    fun savePublicKey(serviceName: CordaX500Name, pubKeyAlias: String, pubKey: PublicKey) {
+        val certPath = createCertificate(serviceName, pubKey)
+        // Assume key password = store password.
+        keyStore.addOrReplaceCertificate(pubKeyAlias, certPath.certificates.first())
+        keyStore.save(storePath, storePassword)
+    }
+
+    // Delegate methods to keystore. Sadly keystore doesn't have an interface.
+    fun containsAlias(alias: String) = keyStore.containsAlias(alias)
+
+    fun getX509Certificate(alias: String) = keyStore.getX509Certificate(alias)
+
+    fun getCertificateChain(alias: String): Array<out Certificate> = keyStore.getCertificateChain(alias)
+
+    fun getCertificate(alias: String): Certificate = keyStore.getCertificate(alias)
+
+    fun certificateAndKeyPair(alias: String): CertificateAndKeyPair = keyStore.getCertificateAndKeyPair(alias, storePassword)
+}