corda / net.corda.core.serialization / p2PKryo

p2PKryo

fun p2PKryo(): KryoPool

Serialization utilities, using the Kryo framework with a custom serialiser for immutable data classes and a dead simple, totally non-extensible binary (sub)format.

This is NOT what should be used in any final platform product, rather, the final state should be a precisely specified and standardised binary format with attention paid to anti-malleability, versioning and performance. FIX SBE is a potential candidate: it prioritises performance over convenience and was designed for HFT. Google Protocol Buffers with a minor tightening to make field reordering illegal is another possibility.

FIX SBE: https://real-logic.github.io/simple-binary-encoding/ http://mechanical-sympathy.blogspot.co.at/2014/05/simple-binary-encoding.html Protocol buffers: https://developers.google.com/protocol-buffers/

But for now we use Kryo to maximise prototyping speed.

Note that this code ignores ALL concerns beyond convenience, in particular it ignores:

This code will happily deserialise literally anything, including malicious streams that would reconstruct classes in invalid states, thus violating system invariants. It isn't designed to handle malicious streams and therefore, isn't usable beyond the prototyping stage. But that's fine: we can revisit serialisation technologies later after a formal evaluation process.

We now distinguish between internal, storage related Kryo and external, network facing Kryo. We presently use some non-whitelisted classes as part of internal storage. TODO: eliminate internal, storage related whitelist issues, such as private keys in blob storage.