INFRA-505: Move integration tests to unit tests (corda#6530)

Author: yift-r3

.gitignore

@@ -103,4 +103,7 @@ virtualenv/
 # Files you may find useful to have in your working directory.
 PLAN
 NOTES
-TODO
+TODO
+
+# gradle-dependx plugin
+.dependx/

node/src/integration-test/kotlin/net/corda/node/NodeKeystoreCheckTest.kt

@@ -94,7 +94,6 @@ import net.corda.node.services.api.VaultServiceInternal
 import net.corda.node.services.api.WritableTransactionStorage
 import net.corda.node.services.attachments.NodeAttachmentTrustCalculator
 import net.corda.node.services.config.NodeConfiguration
-import net.corda.node.services.config.configureWithDevSSLCertificate
 import net.corda.node.services.config.rpc.NodeRpcOptions
 import net.corda.node.services.config.shell.determineUnsafeUsers
 import net.corda.node.services.config.shell.toShellConfig
@@ -149,8 +148,6 @@ import net.corda.nodeapi.internal.cordapp.CordappLoader
 import net.corda.nodeapi.internal.crypto.CertificateType
 import net.corda.nodeapi.internal.crypto.X509Utilities
 import net.corda.nodeapi.internal.crypto.X509Utilities.CORDA_CLIENT_CA
-import net.corda.nodeapi.internal.crypto.X509Utilities.CORDA_CLIENT_TLS
-import net.corda.nodeapi.internal.crypto.X509Utilities.CORDA_ROOT_CA
 import net.corda.nodeapi.internal.crypto.X509Utilities.DEFAULT_VALIDITY_WINDOW
 import net.corda.nodeapi.internal.crypto.X509Utilities.DISTRIBUTED_NOTARY_COMPOSITE_KEY_ALIAS
 import net.corda.nodeapi.internal.crypto.X509Utilities.DISTRIBUTED_NOTARY_KEY_ALIAS
@@ -176,10 +173,8 @@ import org.jolokia.jvmagent.JolokiaServer
 import org.jolokia.jvmagent.JolokiaServerConfig
 import org.slf4j.Logger
 import rx.Scheduler
-import java.io.IOException
 import java.lang.reflect.InvocationTargetException
 import java.security.KeyPair
-import java.security.KeyStoreException
 import java.security.cert.X509Certificate
 import java.sql.Connection
 import java.sql.Savepoint
@@ -434,18 +429,6 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         return proxies.fold(ops) { delegate, decorate -> decorate(delegate) }
     }
 
-    private fun initKeyStores(): X509Certificate {
-        if (configuration.devMode) {
-            configuration.configureWithDevSSLCertificate(cryptoService)
-            // configureWithDevSSLCertificate is a devMode process that writes directly to keystore files, so
-            // we should re-synchronise BCCryptoService with the updated keystore file.
-            if (cryptoService is BCCryptoService) {
-                cryptoService.resyncKeystore()
-            }
-        }
-        return validateKeyStores()
-    }
-
     private fun quasarExcludePackages(nodeConfiguration: NodeConfiguration) {
         val quasarInstrumentor = Retransform.getInstrumentor()
 
@@ -457,7 +440,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     open fun generateAndSaveNodeInfo(): NodeInfo {
         check(started == null) { "Node has already been started" }
         log.info("Generating nodeInfo ...")
-        val trustRoot = initKeyStores()
+        val trustRoot = configuration.initKeyStores(cryptoService)
         startDatabase()
         val (identity, identityKeyPair) = obtainIdentity()
         val nodeCa = configuration.signingCertificateStore.get()[CORDA_CLIENT_CA]
@@ -497,7 +480,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         logVendorString(database, log)
         if (allowHibernateToManageAppSchema) {
             Node.printBasicNodeInfo("Initialising CorDapps to get schemas created by hibernate")
-            val trustRoot = initKeyStores()
+            val trustRoot = configuration.initKeyStores(cryptoService)
             networkMapClient?.start(trustRoot)
             val (netParams, signedNetParams) = NetworkParametersReader(trustRoot, networkMapClient, configuration.baseDirectory).read()
             log.info("Loaded network parameters: $netParams")
@@ -536,7 +519,7 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
         nodeLifecycleEventsDistributor.distributeEvent(NodeLifecycleEvent.BeforeNodeStart(nodeServicesContext))
         log.info("Node starting up ...")
 
-        val trustRoot = initKeyStores()
+        val trustRoot = configuration.initKeyStores(cryptoService)
         initialiseJolokia()
 
         schemaService.mappedSchemasWarnings().forEach {
@@ -980,57 +963,6 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
     @VisibleForTesting
     protected open fun acceptableLiveFiberCountOnStop(): Int = 0
 
-    private fun getCertificateStores(): AllCertificateStores? {
-        return try {
-            // The following will throw IOException if key file not found or KeyStoreException if keystore password is incorrect.
-            val sslKeyStore = configuration.p2pSslOptions.keyStore.get()
-            val signingCertificateStore = configuration.signingCertificateStore.get()
-            val trustStore = configuration.p2pSslOptions.trustStore.get()
-            AllCertificateStores(trustStore, sslKeyStore, signingCertificateStore)
-        } catch (e: IOException) {
-            log.error("IO exception while trying to validate keystores and truststore", e)
-            null
-        }
-    }
-
-    private data class AllCertificateStores(val trustStore: CertificateStore, val sslKeyStore: CertificateStore, val identitiesKeyStore: CertificateStore)
-
-    private fun validateKeyStores(): X509Certificate {
-        // Step 1. Check trustStore, sslKeyStore and identitiesKeyStore exist.
-        val certStores = try {
-            requireNotNull(getCertificateStores()) {
-                "One or more keyStores (identity or TLS) or trustStore not found. " +
-                        "Please either copy your existing keys and certificates from another node, " +
-                        "or if you don't have one yet, fill out the config file and run corda.jar initial-registration."
-            }
-        } catch (e: KeyStoreException) {
-            throw IllegalArgumentException("At least one of the keystores or truststore passwords does not match configuration.")
-        }
-        // Step 2. Check that trustStore contains the correct key-alias entry.
-        require(CORDA_ROOT_CA in certStores.trustStore) {
-            "Alias for trustRoot key not found. Please ensure you have an updated trustStore file."
-        }
-        // Step 3. Check that tls keyStore contains the correct key-alias entry.
-        require(CORDA_CLIENT_TLS in certStores.sslKeyStore) {
-            "Alias for TLS key not found. Please ensure you have an updated TLS keyStore file."
-        }
-
-        // Step 4. Check that identity keyStores contain the correct key-alias entry for Node CA.
-        require(CORDA_CLIENT_CA in certStores.identitiesKeyStore) {
-            "Alias for Node CA key not found. Please ensure you have an updated identity keyStore file."
-        }
-
-        // Step 5. Check all cert paths chain to the trusted root.
-        val trustRoot = certStores.trustStore[CORDA_ROOT_CA]
-        val sslCertChainRoot = certStores.sslKeyStore.query { getCertificateChain(CORDA_CLIENT_TLS) }.last()
-        val nodeCaCertChainRoot = certStores.identitiesKeyStore.query { getCertificateChain(CORDA_CLIENT_CA) }.last()
-
-        require(sslCertChainRoot == trustRoot) { "TLS certificate must chain to the trusted root." }
-        require(nodeCaCertChainRoot == trustRoot) { "Client CA certificate must chain to the trusted root." }
-
-        return trustRoot
-    }
-
     // Specific class so that MockNode can catch it.
     class DatabaseConfigurationException(message: String) : CordaException(message)
 

node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt

@@ -0,0 +1,76 @@
+package net.corda.node.internal
+
+import net.corda.core.utilities.loggerFor
+import net.corda.node.services.config.NodeConfiguration
+import net.corda.node.services.config.configureWithDevSSLCertificate
+import net.corda.nodeapi.internal.config.CertificateStore
+import net.corda.nodeapi.internal.crypto.X509Utilities
+import net.corda.nodeapi.internal.cryptoservice.CryptoService
+import net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoService
+import java.io.IOException
+import java.security.KeyStoreException
+import java.security.cert.X509Certificate
+
+private data class AllCertificateStores(val trustStore: CertificateStore, val sslKeyStore: CertificateStore, val identitiesKeyStore: CertificateStore)
+
+
+internal fun NodeConfiguration.initKeyStores(cryptoService: CryptoService): X509Certificate {
+    if (devMode) {
+        configureWithDevSSLCertificate(cryptoService)
+        // configureWithDevSSLCertificate is a devMode process that writes directly to keystore files, so
+        // we should re-synchronise BCCryptoService with the updated keystore file.
+        if (cryptoService is BCCryptoService) {
+            cryptoService.resyncKeystore()
+        }
+    }
+    return validateKeyStores()
+}
+
+private fun NodeConfiguration.validateKeyStores(): X509Certificate {
+    // Step 1. Check trustStore, sslKeyStore and identitiesKeyStore exist.
+    val certStores = try {
+        requireNotNull(getCertificateStores()) {
+            "One or more keyStores (identity or TLS) or trustStore not found. " +
+                    "Please either copy your existing keys and certificates from another node, " +
+                    "or if you don't have one yet, fill out the config file and run corda.jar initial-registration."
+        }
+    } catch (e: KeyStoreException) {
+        throw IllegalArgumentException("At least one of the keystores or truststore passwords does not match configuration.")
+    }
+    // Step 2. Check that trustStore contains the correct key-alias entry.
+    require(X509Utilities.CORDA_ROOT_CA in certStores.trustStore) {
+        "Alias for trustRoot key not found. Please ensure you have an updated trustStore file."
+    }
+    // Step 3. Check that tls keyStore contains the correct key-alias entry.
+    require(X509Utilities.CORDA_CLIENT_TLS in certStores.sslKeyStore) {
+        "Alias for TLS key not found. Please ensure you have an updated TLS keyStore file."
+    }
+
+    // Step 4. Check that identity keyStores contain the correct key-alias entry for Node CA.
+    require(X509Utilities.CORDA_CLIENT_CA in certStores.identitiesKeyStore) {
+        "Alias for Node CA key not found. Please ensure you have an updated identity keyStore file."
+    }
+
+    // Step 5. Check all cert paths chain to the trusted root.
+    val trustRoot = certStores.trustStore[X509Utilities.CORDA_ROOT_CA]
+    val sslCertChainRoot = certStores.sslKeyStore.query { getCertificateChain(X509Utilities.CORDA_CLIENT_TLS) }.last()
+    val nodeCaCertChainRoot = certStores.identitiesKeyStore.query { getCertificateChain(X509Utilities.CORDA_CLIENT_CA) }.last()
+
+    require(sslCertChainRoot == trustRoot) { "TLS certificate must chain to the trusted root." }
+    require(nodeCaCertChainRoot == trustRoot) { "Client CA certificate must chain to the trusted root." }
+
+    return trustRoot
+}
+
+private fun NodeConfiguration.getCertificateStores(): AllCertificateStores? {
+    return try {
+        // The following will throw IOException if key file not found or KeyStoreException if keystore password is incorrect.
+        val sslKeyStore = p2pSslOptions.keyStore.get()
+        val signingCertificateStore = signingCertificateStore.get()
+        val trustStore = p2pSslOptions.trustStore.get()
+        AllCertificateStores(trustStore, sslKeyStore, signingCertificateStore)
+    } catch (e: IOException) {
+        loggerFor<NodeConfiguration>().error("IO exception while trying to validate keystores and truststore", e)
+        null
+    }
+}