Corda网络操作员可以定义额外的证书角色吗？

Question

默认情况下，Corda网络有七个证书角色：

1. 门卫
2. 网络地图
3. 服务身份
4. 节点证书颁发机构
5. 传输层安全(TLS)
6. 众所周知的法律身份
7. 机密法律身份

节点证书颁发机构直接创建TLS证书，但也向众所周知的合法身份颁发证书，该身份本身就是CA (因为它颁发机密的合法身份证书)。

我们要增加第八个作用。此角色将是负责颁发TLS证书的证书颁发机构。其证书将由节点证书颁发机构(不再颁发TLS证书)颁发。

是否可以以这种方式添加额外的证书角色？还是节点硬编码，只接受七个证书角色？

Answer 1

无法添加您自己的证书角色。 enum给出了七个可能的证书角色

enum class CertRole(val validParents: NonEmptySet<CertRole?>, val isIdentity: Boolean, val isWellKnown: Boolean) : ASN1Encodable {
    /** Intermediate CA (Doorman service). */
    INTERMEDIATE_CA(NonEmptySet.of(null), false, false),
    /** Signing certificate for the network map. */
    NETWORK_MAP(NonEmptySet.of(null), false, false),
    /** Well known (publicly visible) identity of a service (such as notary). */
    SERVICE_IDENTITY(NonEmptySet.of(INTERMEDIATE_CA), true, true),
    /** Node level CA from which the TLS and well known identity certificates are issued. */
    NODE_CA(NonEmptySet.of(INTERMEDIATE_CA), false, false),
    /** Transport layer security certificate for a node. */
    TLS(NonEmptySet.of(NODE_CA), false, false),
    /** Well known (publicly visible) identity of a legal entity. */
    // TODO: at the moment, Legal Identity certs are issued by Node CA only. However, [INTERMEDIATE_CA] is also added
    //      as a valid parent of [LEGAL_IDENTITY] for backwards compatibility purposes (eg. if we decide TLS has its
    //      own Root CA and Intermediate CA directly issues Legal Identities; thus, there won't be a requirement for
    //      Node CA). Consider removing [INTERMEDIATE_CA] from [validParents] when the model is finalised.
    LEGAL_IDENTITY(NonEmptySet.of(INTERMEDIATE_CA, NODE_CA), true, true),
    /** Confidential (limited visibility) identity of a legal entity. */
    CONFIDENTIAL_LEGAL_IDENTITY(NonEmptySet.of(LEGAL_IDENTITY), true, false);

如果尝试添加新的证书角色，节点将失败，因为它将尝试将证书角色解析为启动时的枚举值之一。