Unify TlsConfiguration between SDK and canton [DPP-1113] (digital-ass…

…et#14349) * Unify TlsConfiguration between SDK and canton [DPP-1113] CHANGELOG_BEGIN CHANGELOG_END
kgeonw · Jul 14, 2022 · 2e18276 · 2e18276
1 parent 2caa581
commit 2e18276
Show file tree

Hide file tree

Showing 14 changed files with 65 additions and 62 deletions.
diff --git a/daml-script/export/src/test/scala/com/daml/script/export/ConfigSpec.scala b/daml-script/export/src/test/scala/com/daml/script/export/ConfigSpec.scala
@@ -106,10 +106,15 @@ class ConfigSpec extends AnyFreeSpec with Matchers with OptionValues {
         val crtPath = rlocation("ledger/test-common/test-certificates/client.crt")
         val args = defaultRequiredArgs ++ Array("--pem", pemPath, "--crt", crtPath)
         val optConfig = Config.parse(args)
-        assert(Files.isSameFile(optConfig.value.tlsConfig.keyFile.value.toPath, Paths.get(pemPath)))
         assert(
           Files.isSameFile(
-            optConfig.value.tlsConfig.keyCertChainFile.value.toPath,
+            optConfig.value.tlsConfig.privateKeyFile.value.toPath,
+            Paths.get(pemPath),
+          )
+        )
+        assert(
+          Files.isSameFile(
+            optConfig.value.tlsConfig.certChainFile.value.toPath,
             Paths.get(crtPath),
           )
         )

diff --git a/daml-script/test/src/com/digitalasset/daml/lf/engine/script/test/TlsIT.scala b/daml-script/test/src/com/digitalasset/daml/lf/engine/script/test/TlsIT.scala
@@ -44,9 +44,9 @@ final class TlsIT
           clients <- participantClients(
             tlsConfiguration = TlsConfiguration(
               enabled = true,
-              keyCertChainFile = clientCrt,
-              keyFile = clientPem,
-              trustCertCollectionFile = caCrt,
+              certChainFile = clientCrt,
+              privateKeyFile = clientPem,
+              trustCollectionFile = caCrt,
             )
           )
           _ <- run(

diff --git a/daml-script/test/src/test-utils/com/daml/lf/engine/script/test/MultiParticipantFixture.scala b/daml-script/test/src/test-utils/com/daml/lf/engine/script/test/MultiParticipantFixture.scala
@@ -158,9 +158,9 @@ trait MultiParticipantFixture
       params,
       tlsConfig = TlsConfiguration(
         enabled = false,
-        keyCertChainFile = None,
-        keyFile = None,
-        trustCertCollectionFile = None,
+        certChainFile = None,
+        privateKeyFile = None,
+        trustCollectionFile = None,
       ),
       maxInboundMessageSize = ScriptConfig.DefaultMaxInboundMessageSize,
     )

diff --git a/ledger-service/cli-opts/src/main/scala/ledger/api/tls/TlsConfigurationCli.scala b/ledger-service/cli-opts/src/main/scala/ledger/api/tls/TlsConfigurationCli.scala
@@ -24,7 +24,7 @@ object TlsConfigurationCli {
       .text("TLS: The pem file to be used as the private key.")
       .validate(validatePath(_, "The file specified via --pem does not exist"))
       .action { (path, c) =>
-        enableSet(_ copy (keyFile = Some(Paths.get(path).toFile)), c)
+        enableSet(_ copy (privateKeyFile = Some(Paths.get(path).toFile)), c)
       }
 
     opt[String]("crt")
@@ -35,15 +35,15 @@ object TlsConfigurationCli {
       )
       .validate(validatePath(_, "The file specified via --crt does not exist"))
       .action { (path, c) =>
-        enableSet(_ copy (keyCertChainFile = Some(Paths.get(path).toFile)), c)
+        enableSet(_ copy (certChainFile = Some(Paths.get(path).toFile)), c)
       }
 
     opt[String]("cacrt")
       .optional()
       .text("TLS: The crt file to be used as the trusted root CA.")
       .validate(validatePath(_, "The file specified via --cacrt does not exist"))
       .action { (path, c) =>
-        enableSet(_ copy (trustCertCollectionFile = Some(Paths.get(path).toFile)), c)
+        enableSet(_ copy (trustCollectionFile = Some(Paths.get(path).toFile)), c)
       }
 
     // allows you to enable tls without any special certs,

diff --git a/...r/ledger-api-common/src/main/scala/com/digitalasset/ledger/api/tls/TlsConfiguration.scala b/...r/ledger-api-common/src/main/scala/com/digitalasset/ledger/api/tls/TlsConfiguration.scala
@@ -16,9 +16,9 @@ import scala.util.control.NonFatal
 
 final case class TlsConfiguration(
     enabled: Boolean,
-    keyCertChainFile: Option[File] = None, // mutual auth is disabled if null
-    keyFile: Option[File] = None,
-    trustCertCollectionFile: Option[File] = None, // System default if null
+    certChainFile: Option[File] = None, // mutual auth is disabled if null
+    privateKeyFile: Option[File] = None,
+    trustCollectionFile: Option[File] = None, // System default if null
     secretsUrl: Option[SecretsUrl] = None,
     clientAuth: ClientAuth =
       ClientAuth.REQUIRE, // Client auth setting used by the server. This is not used in the client configuration.
@@ -39,10 +39,10 @@ final case class TlsConfiguration(
       val sslContext = GrpcSslContexts
         .forClient()
         .keyManager(
-          keyCertChainFile.orNull,
-          keyFile.orNull,
+          certChainFile.orNull,
+          privateKeyFile.orNull,
         )
-        .trustManager(trustCertCollectionFile.orNull)
+        .trustManager(trustCollectionFile.orNull)
         .protocols(enabledProtocolsNames)
         .sslProvider(SslContext.defaultClientProvider())
         .build()
@@ -102,7 +102,7 @@ final case class TlsConfiguration(
         keyCertChain,
         key,
       )
-      .trustManager(trustCertCollectionFile.orNull)
+      .trustManager(trustCollectionFile.orNull)
       .clientAuth(clientAuth)
       .protocols(protocols)
       .sslProvider(SslContext.defaultServerProvider())
@@ -148,7 +148,7 @@ final case class TlsConfiguration(
   }
 
   private[tls] def keyInputStreamOrFail: InputStream = {
-    val keyFileOrFail = keyFile.getOrElse(
+    val keyFileOrFail = privateKeyFile.getOrElse(
       throw new IllegalArgumentException(
         s"Unable to convert ${this.toString} to SSL Context: cannot create SSL context without keyFile."
       )
@@ -179,7 +179,7 @@ final case class TlsConfiguration(
   private def keyCertChainInputStreamOrFail: InputStream = {
     val msg =
       s"Unable to convert ${this.toString} to SSL Context: cannot create SSL context without keyCertChainFile."
-    val keyFile = keyCertChainFile.getOrElse(throw new IllegalStateException(msg))
+    val keyFile = certChainFile.getOrElse(throw new IllegalStateException(msg))
     new FileInputStream(keyFile)
   }
 
@@ -188,8 +188,8 @@ final case class TlsConfiguration(
 object TlsConfiguration {
   val Empty: TlsConfiguration = TlsConfiguration(
     enabled = true,
-    keyCertChainFile = None,
-    keyFile = None,
-    trustCertCollectionFile = None,
+    certChainFile = None,
+    privateKeyFile = None,
+    trustCollectionFile = None,
   )
 }
diff --git a/...pi-common/src/test/suite/scala/com/digitalasset/ledger/api/tls/TlsConfigurationTest.scala b/...pi-common/src/test/suite/scala/com/digitalasset/ledger/api/tls/TlsConfigurationTest.scala
@@ -157,9 +157,9 @@ class TlsConfigurationTest extends AnyWordSpec with Matchers with BeforeAndAfter
   private def configWithProtocols(minTls: Option[TlsVersion]): TlsConfiguration = {
     TlsConfiguration(
       enabled = true,
-      keyCertChainFile = Some(certChainFilePath),
-      keyFile = Some(privateKeyFilePath),
-      trustCertCollectionFile = Some(trustCertCollectionFilePath),
+      certChainFile = Some(certChainFilePath),
+      privateKeyFile = Some(privateKeyFilePath),
+      trustCollectionFile = Some(trustCertCollectionFilePath),
       minimumServerProtocolVersion = minTls,
     )
   }

diff --git a/ledger/ledger-api-tests/tool/BUILD.bazel b/ledger/ledger-api-tests/tool/BUILD.bazel
@@ -100,9 +100,9 @@ conformance_test(
           seeding=testing-weak
           tls {
             enabled=true
-            key-cert-chain-file=$(rootpath //ledger/test-common/test-certificates:server.crt)
-            trust-cert-collection-file=$(rootpath //ledger/test-common/test-certificates:ca.crt)
-            key-file=$(rootpath //ledger/test-common/test-certificates:server.pem.enc)
+            cert-chain-file=$(rootpath //ledger/test-common/test-certificates:server.crt)
+            trust-collection-file=$(rootpath //ledger/test-common/test-certificates:ca.crt)
+            private-key-file=$(rootpath //ledger/test-common/test-certificates:server.pem.enc)
             secrets-url="https://raw.githubusercontent.com/digital-asset/daml/main/ledger/test-common/files/server-pem-decryption-parameters.json"
             minimum-server-protocol-version=TLSv1.3
           }
@@ -137,9 +137,9 @@ conformance_test(
           seeding=testing-weak
           tls {
             enabled=true
-            key-cert-chain-file=$(rootpath //ledger/test-common/test-certificates:server.crt)
-            trust-cert-collection-file=$(rootpath //ledger/test-common/test-certificates:ca.crt)
-            key-file=$(rootpath //ledger/test-common/test-certificates:server.pem.enc)
+            cert-chain-file=$(rootpath //ledger/test-common/test-certificates:server.crt)
+            trust-collection-file=$(rootpath //ledger/test-common/test-certificates:ca.crt)
+            private-key-file=$(rootpath //ledger/test-common/test-certificates:server.pem.enc)
             secrets-url="https://raw.githubusercontent.com/digital-asset/daml/main/ledger/test-common/files/server-pem-decryption-parameters.json"
           }
         }

diff --git a/ledger/ledger-api-tests/tool/src/main/scala/com/daml/ledger/api/testtool/CliParser.scala b/ledger/ledger-api-tests/tool/src/main/scala/com/daml/ledger/api/testtool/CliParser.scala
@@ -63,7 +63,7 @@ object CliParser {
       .optional()
       .text("TLS: The pem file to be used as the private key. Applied to all endpoints.")
       .action { (path: File, config: Config) =>
-        config.withTlsConfig(_.copy(keyFile = Some(path)))
+        config.withTlsConfig(_.copy(privateKeyFile = Some(path)))
       }
 
     opt[File]("crt")
@@ -73,14 +73,14 @@ object CliParser {
           |Required if any other TLS parameters are set. Applied to all endpoints.""".stripMargin
       )
       .action { (path: File, config: Config) =>
-        config.withTlsConfig(_.copy(keyCertChainFile = Some(path)))
+        config.withTlsConfig(_.copy(certChainFile = Some(path)))
       }
 
     opt[File]("cacrt")
       .optional()
       .text("TLS: The crt file to be used as the trusted root CA. Applied to all endpoints.")
       .action { (path: File, config: Config) =>
-        config.withTlsConfig(_.copy(trustCertCollectionFile = Some(path)))
+        config.withTlsConfig(_.copy(trustCollectionFile = Some(path)))
       }
 
     opt[Double](name = "timeout-scale-factor")

diff --git a/ledger/ledger-runner-common/src/main/scala/com/daml/ledger/runner/common/CliConfig.scala b/ledger/ledger-runner-common/src/main/scala/com/daml/ledger/runner/common/CliConfig.scala
@@ -371,7 +371,7 @@ object CliConfig {
           "TLS: The pem file to be used as the private key. Use '.enc' filename suffix if the pem file is encrypted."
         )
         .action((path, config) =>
-          config.withTlsConfig(c => c.copy(keyFile = Some(new File(path))))
+          config.withTlsConfig(c => c.copy(privateKeyFile = Some(new File(path))))
         ),
       opt[String]("tls-secrets-url")
         .optional()
@@ -384,8 +384,8 @@ object CliConfig {
       checkConfig(c =>
         c.tlsConfig.fold(success) { tlsConfig =>
           if (
-            tlsConfig.keyFile.isDefined
-            && tlsConfig.keyFile.get.getName.endsWith(".enc")
+            tlsConfig.privateKeyFile.isDefined
+            && tlsConfig.privateKeyFile.get.getName.endsWith(".enc")
             && tlsConfig.secretsUrl.isEmpty
           ) {
             failure(
@@ -402,13 +402,13 @@ object CliConfig {
           "TLS: The crt file to be used as the cert chain. Required if any other TLS parameters are set."
         )
         .action((path, config) =>
-          config.withTlsConfig(c => c.copy(keyCertChainFile = Some(new File(path))))
+          config.withTlsConfig(c => c.copy(certChainFile = Some(new File(path))))
         ),
       opt[String]("cacrt")
         .optional()
         .text("TLS: The crt file to be used as the trusted root CA.")
         .action((path, config) =>
-          config.withTlsConfig(c => c.copy(trustCertCollectionFile = Some(new File(path))))
+          config.withTlsConfig(c => c.copy(trustCollectionFile = Some(new File(path))))
         ),
       opt[Boolean]("cert-revocation-checking")
         .optional()

diff --git a/ledger/ledger-runner-common/src/test/scala/com/daml/ledger/runner/common/CliConfigSpec.scala b/ledger/ledger-runner-common/src/test/scala/com/daml/ledger/runner/common/CliConfigSpec.scala
@@ -43,9 +43,9 @@ final class CliConfigSpec
       TlsConfiguration(
         enabled = true,
         secretsUrl = Some(SecretsUrl.fromString("http://aaa")),
-        keyFile = Some(new File("key.enc")),
-        keyCertChainFile = None,
-        trustCertCollectionFile = None,
+        privateKeyFile = Some(new File("key.enc")),
+        certChainFile = None,
+        trustCollectionFile = None,
       )
     )
   }
@@ -106,9 +106,9 @@ final class CliConfigSpec
       TlsConfiguration(
         enabled = true,
         secretsUrl = None,
-        keyFile = Some(new File("key.txt")),
-        keyCertChainFile = None,
-        trustCertCollectionFile = None,
+        privateKeyFile = Some(new File("key.txt")),
+        certChainFile = None,
+        trustCollectionFile = None,
       )
     )
   }

diff --git a/...er/participant-integration-api/src/test/lib/scala/platform/apiserver/tls/TlsFixture.scala b/...er/participant-integration-api/src/test/lib/scala/platform/apiserver/tls/TlsFixture.scala
@@ -58,9 +58,9 @@ case class TlsFixture(
 
   private val serverTlsConfiguration = TlsConfiguration(
     enabled = tlsEnabled,
-    keyCertChainFile = Some(serverCrt),
-    keyFile = Some(serverKey),
-    trustCertCollectionFile = Some(caCrt),
+    certChainFile = Some(serverCrt),
+    privateKeyFile = Some(serverKey),
+    trustCollectionFile = Some(caCrt),
     clientAuth = clientAuth,
     enableCertRevocationChecking = certRevocationChecking,
   )
@@ -90,9 +90,9 @@ case class TlsFixture(
   private val clientTlsConfiguration =
     TlsConfiguration(
       enabled = tlsEnabled,
-      keyCertChainFile = clientCrt,
-      keyFile = clientKey,
-      trustCertCollectionFile = Some(caCrt),
+      certChainFile = clientCrt,
+      privateKeyFile = clientKey,
+      trustCollectionFile = Some(caCrt),
     )
 
   private val ledgerClientChannelConfiguration = LedgerClientChannelConfiguration(

diff --git a/navigator/backend/src/main/scala/com/digitalasset/navigator/InfoHandler.scala b/navigator/backend/src/main/scala/com/digitalasset/navigator/InfoHandler.scala
@@ -41,11 +41,9 @@ case class DefaultInfoHandler(arguments: Arguments, platformStore: ActorRef)(imp
         .fold[JsValue](JsNull)(c =>
           JsObject(
             "enabled" -> c.enabled.toJson,
-            "keyFile" -> c.keyFile.fold[JsValue](JsNull)(f => JsString(f.toString)),
-            "keyCertChainFile" -> c.keyCertChainFile.fold[JsValue](JsNull)(f =>
-              JsString(f.toString)
-            ),
-            "trustCertCollectionFile" -> c.trustCertCollectionFile.fold[JsValue](JsNull)(f =>
+            "privateKeyFile" -> c.privateKeyFile.fold[JsValue](JsNull)(f => JsString(f.toString)),
+            "certChainFile" -> c.certChainFile.fold[JsValue](JsNull)(f => JsString(f.toString)),
+            "trustCollectionFile" -> c.trustCollectionFile.fold[JsValue](JsNull)(f =>
               JsString(f.toString)
             ),
           )

diff --git a/navigator/backend/src/main/scala/com/digitalasset/navigator/config/Arguments.scala b/navigator/backend/src/main/scala/com/digitalasset/navigator/config/Arguments.scala
@@ -72,7 +72,7 @@ object Arguments {
     arguments.copy(
       tlsConfig =
         arguments.tlsConfig.fold(Some(TlsConfiguration(true, Some(new File(path)), None, None)))(
-          c => Some(c.copy(keyCertChainFile = Some(new File(path))))
+          c => Some(c.copy(certChainFile = Some(new File(path))))
         )
     )
 
@@ -114,7 +114,7 @@ object Arguments {
           arguments.copy(tlsConfig =
             arguments.tlsConfig.fold(
               Some(TlsConfiguration(true, None, Some(new File(path)), None))
-            )(c => Some(c.copy(keyFile = Some(new File(path)))))
+            )(c => Some(c.copy(privateKeyFile = Some(new File(path)))))
           )
         )
 
@@ -132,7 +132,7 @@ object Arguments {
           arguments.copy(tlsConfig =
             arguments.tlsConfig.fold(
               Some(TlsConfiguration(true, None, None, Some(new File(path))))
-            )(c => Some(c.copy(trustCertCollectionFile = Some(new File(path)))))
+            )(c => Some(c.copy(trustCollectionFile = Some(new File(path)))))
           )
         )
 

diff --git a/...ator/backend/src/main/scala/com/digitalasset/navigator/store/platform/PlatformStore.scala b/...ator/backend/src/main/scala/com/digitalasset/navigator/store/platform/PlatformStore.scala
@@ -340,8 +340,8 @@ class PlatformStore(
         Some(
           GrpcSslContexts
             .forClient()
-            .trustManager(c.trustCertCollectionFile.orNull)
-            .keyManager(c.keyCertChainFile.orNull, c.keyFile.orNull)
+            .trustManager(c.trustCollectionFile.orNull)
+            .keyManager(c.certChainFile.orNull, c.privateKeyFile.orNull)
             .build
         )
       else None