*``corda-finance-contracts``, ``corda-finance-workflows`` and deprecated ``corda-finance``. Corda finance CorDapp, use contracts and flows parts respectively.
``corda-finance`` is left for backward compatibility purposes and should be replaced by former two where needed.
Only include as a ``cordaCompile`` dependency if using as a dependent Cordapp or if you need access to the Corda finance types.
Use as a ``cordapp`` dependency if using as a CorDapp dependency (see below)
The ``cordapp`` plugin can sign the generated CorDapp JAR file using `JAR signing and verification tool <https://docs.oracle.com/javase/tutorial/deployment/jar/signing.html>`_.
Signing the CorDapp enables its contract classes to use signature constraints instead of other types of the constraints,
for constraints explanation refer to :doc:`api-contract-constraints`.
By default the JAR file is signed by Corda development certificate.
The signing process can be disabled or configured to use an external keystore.
The ``signing`` entry may contain the following parameters:
*``enabled`` the control flag to enable signing process, by default is set to ``true``, set to ``false`` to disable signing
*``options`` any relevant parameters of `SignJar ANT task <https://ant.apache.org/manual/Tasks/signjar.html>`_,
by default the JAR file is signed with Corda development key, the external keystore can be specified,
the minimal list of required options is shown below, for other options referer to `SignJar task <https://ant.apache.org/manual/Tasks/signjar.html>`_:
*``keystore`` the path to the keystore file, by default *cordadevcakeys.jks* keystore is shipped with the plugin
*``alias`` the alias to sign under, the default value is *cordaintermediateca*
*``storepass`` the keystore password, the default value is *cordacadevpass*
*``keypass`` the private key password if it's different than the password for the keystore, the default value is *cordacadevkeypass*
*``storetype`` the keystore type, the default value is *JKS*
The parameters can be also set by system properties passed to Gradle build process.
The system properties should be named as the relevant option name prefixed with '*signing.*', e.g.
a value for ``alias`` can be taken from the ``signing.alias`` system property. The following system properties can be used:
If your build system post-processes the Cordapp JAR, then the modified JAR content may be out-of-date or not complete
with regards to a signature file. In this case you can sign the Cordapp as a separate step and disable the automatic signing by the ``cordapp`` plugin.
The ``cordapp`` plugin contains a standalone task ``signJar`` which uses the same ``signing`` configuration.
The task has two parameters: ``inputJars`` - to pass JAR files to be signed
and an optional ``postfix`` which is added to the name of signed JARs (it defaults to "-signed").
The signed JARs are returned as ``outputJars`` property.
For example in order to sign a JAR modified by *modifyCordapp* task,
create an instance of the ``net.corda.plugins.SignJar`` task (below named as *sign*).
The output of *modifyCordapp* task is passed to *inputJars* and the *sign* task is run after *modifyCordapp* one:
..sourcecode:: groovy
task sign(type: net.corda.plugins.SignJar) {
inputJars modifyCordapp
}
modifyCordapp.finalizedBy sign
cordapp {
signing {
enabled false
}
//..
}
The task creates a new JAR file named *\*-signed.jar* which should be used further in your build/publishing process.
Also the best practice is to disable signing by the ``cordapp`` plugin as shown in the example.
It is recommended that **contract** code (states, commands, verification logic) be packaged separately from **business flows** (and associated services).
This decoupling enables *contracts* to evolve independently from the *flows* and *services* that use them. Contracts may even be specified and implemented by different
providers (eg. Corda currently ships with a cash financial contract which in turn is used in many other flows and many other CorDapps).
As of Corda 4, CorDapps can explicitly differentiate their type by specifying the following attributes in the JAR manifest:
..sourcecode:: groovy
'Cordapp-Contract-Name'
'Cordapp-Contract-Version'
'Cordapp-Contract-Vendor'
'Cordapp-Contract-Licence'
'Cordapp-Workflow-Name'
'Cordapp-Workflow-Version'
'Cordapp-Workflow-Vendor'
'Cordapp-Workflow-Licence'
**Defaults**
``Cordapp-Contract-Name`` (optional) if specified, the following Contract related attributes are also used:
-``Cordapp-Contract-Version`` (mandatory), must be a whole number starting from 1.
-``Cordapp-Contract-Vendor`` (optional), defaults to UNKNOWN if not specified.
-``Cordapp-Contract-Licence`` (optional), defaults to UNKNOWN if not specified.
``Cordapp-Workflow-Name`` (optional) if specified, the following Workflow related attributes are also used:
-``Cordapp-Workflow-Version`` (mandatory), must be a whole number starting from 1.
-``Cordapp-Workflow-Vendor`` (optional), defaults to UNKNOWN if not specified.
-``Cordapp-Workflow-Licence`` (optional), defaults to UNKNOWN if not specified.
As with the general CorDapp attributes (minimum and target platform version), these can be specified using the Gradle `cordapp` plugin as follows:
For a contract only CorDapp we specify the `contract` tag:
..note:: It is possible, but *not recommended*, to include everything in a single CorDapp jar and use both the ``contract`` and ``workflow`` Gradle plugin tags.
.._cordapp_contract_attachments_ref:
CorDapp Contract Attachments
----------------------------
As of Corda 4, CorDapp Contract JARs must be installed on a node by a trusted uploader, either by
- installing manually as per :ref:`Installing the CorDapp JAR <cordapp_install_ref>` and re-starting the node.
- uploading the attachment JAR to the node via RPC, either programmatically (see :ref:`Connecting to a node via RPC <clientrpc_connect_ref>`)
or via the :doc:`shell` by issuing the following command:
``>>> run uploadAttachment jar: path/to/the/file.jar``
Contract attachments that are received from a peer over the p2p network are considered **untrusted** and will throw a `UntrustedAttachmentsException` exception
when processed by a listening flow that cannot resolve that attachment from its local attachment storage. The flow will be aborted and sent to the nodes flow hospital for recovery and retry.
The untrusted attachment JAR will be stored in the nodes local attachment store for review by a node operator. It can be downloaded for viewing using the following CRaSH shell command:
``>>> run openAttachment id: <hash of untrusted attachment given by `UntrustedAttachmentsException` exception``
Should the node operator deem the attachment trustworthy, they may then issue the following CRaSH shell command to reload it as trusted:
``>>> run uploadAttachment jar: path/to/the/trusted-file.jar``
and subsequently retry the failed flow (currently this requires a node re-start).
..note:: this behaviour is to protect the node from executing contract code that was not vetted. It is a temporary precaution until the
Deterministic JVM is integrated into Corda whereby execution takes place in a sandboxed environment which protects the node from malicious code.
