corda/docs/source/serialization.rst

578 lines
23 KiB
ReStructuredText
Raw Normal View History

.. highlight:: kotlin
.. raw:: html
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/codesets.js"></script>
2017-06-05 12:37:23 +00:00
Object serialization
====================
.. contents::
Introduction
------------
Object serialization is the process of converting objects into a stream of bytes and, deserialization, the reverse
process of creating objects from a stream of bytes. It takes place every time nodes pass objects to each other as
messages, when objects are sent to or from RPC clients from the node, and when we store transactions in the database.
Corda pervasively uses a custom form of type safe binary serialisation. This stands in contrast to some other systems that use
weakly or untyped string-based serialisation schemes like JSON or XML. The primary drivers for this were:
* A desire to have a schema describing what has been serialized alongside the actual data:
#. To assist with versioning, both in terms of being able to interpret data archived long ago (e.g. trades from
a decade ago, long after the code has changed) and between differing code versions.
#. To make it easier to write generic code e.g. user interfaces that can navigate the serialized form of data.
#. To support cross platform (non-JVM) interaction, where the format of a class file is not so easily interpreted.
* A desire to use a documented and static wire format that is platform independent, and is not subject to change with
3rd party library upgrades, etc.
* A desire to support open-ended polymorphism, where the number of subclasses of a superclass can expand over time
and the subclasses do not need to be defined in the schema *upfront*. This is key to many Corda concepts, such as states.
* Increased security by constructing deserialized objects through supported constructors, rather than having
data inserted directly into their fields without an opportunity to validate consistency or intercept attempts to manipulate
supposed invariants.
* Binary formats work better with digital signatures than text based formats, as there's much less scope for
changes that modify syntax but not semantics.
Whitelisting
------------
In classic Java serialization, any class on the JVM classpath can be deserialized. This has shown to be a source of exploits
and vulnerabilities by exploiting the large set of 3rd party libraries on the classpath as part of the dependencies of
a JVM application and a carefully crafted stream of bytes to be deserialized. In Corda, we prevent just any class from
being deserialized (and pro-actively during serialization) by insisting that each object's class belongs on a whitelist
of allowed classes.
Classes get onto the whitelist via one of three mechanisms:
#. Via the ``@CordaSerializable`` annotation. In order to whitelist a class, this annotation can be present on the
class itself, on any of the super classes or on any interface implemented by the class or super classes or any
interface extended by an interface implemented by the class or superclasses.
Merge release-v1 onto master (mostly documentation changes) (#1797) * Updated corda release version to 1.0.0.RC2 (#1641) * Fixed Simm Valuation Demo Test and enable serializabe java 8 lambdas. (#1655) * [CORDA-624] Node Explorer on Issuing cash throws MissingContractAttachements exception (#1656) (cherry picked from commit 27fea4d) * BIGINT fix for H2 coin selection. (#1658) * BIGINT fix for H2 coin selection. * Review feedback * CORDA-637 Node Explorer shows Network Map Service in Cash Issue dropdown (#1665) * [CORDA-637] Node Explorer shows Network Map Service in Cash Issue dropdown * add TODO to remove the hack * Declare this internal message string as "const". (#1676) * Merge "A variety of small fixes" into the 1.0 release branch (#1673) * Minor: improve javadocs in NodeInfo * Minor: use package descriptions in Kotlin build of api docs too, not just javadocs. * RPC: make RPCConnection non-internal, as it's a core API. Move docs around so they're on public API not internal API. * Add an IntelliJ scope that covers the currently supported Corda API. This is useful when used in combination with the "Highlight public declarations with missing KDoc" inspection. * Ironic: upgrade the version of the Gradle plugin that checks for upgraded versions of things. It had broken due being incompatible with the new versions of Gradle itself. * Docs: flesh out javadocs on ServiceHub * Docs: add @suppress to a few things that were polluting the Dokka docs. * Docs: mention RPC access in NodeInfo javadoc * IRS Fixes to bring UI closer to declared financial types (#1662) * Made problematic CordaRPCClient c'tor private (with internal bridge methods) and added correct c'tors for public use. (#1653) initialiseSerialization param has also been removed. * Fixing flow snapshot feature (#1685) * Fix validating notary flow to handle notary change transactions properly. (#1687) Add a notary change test for checking longer chains involving both regular and notary change transactions. * Unification of VaultQuery And VaultService APIs (into single VaultService interface) to simplify node bootstrapping and usability. (#1677) (#1688) * Identity documentation (#1620) * Sketch initial identity docs * Restructure confidential identity docs to better fit structure * Split confidential identities into API and concepts * Further expansion on basic identity conceptS * Merge Party type into api-identity.rst * Address feedback on written content * Rework inline code with literalinclude * Start addressing feedback from Richard * Clarify use of "counterparty" * Address comments on key concepts * Correct back to US english * Clarify distribution/publishing of identities * Update changelog around confidential identities * CORDA-642 Notary demo documentation fixes (#1682) * Notary demo documentation fixes. * One of the tables is prefixed. * CORDA-641: A temporary fix for contract upgrade transactions (#1700) * A temporary fix for contract upgrade transactions: during LedgerTransaction verification run the right logic based on whether it contains the UpgradeCommand. * Move ContractUpgradeFlowTest away from createSomeNodes() * Remove assembleBareTx as it's not used * Update corda version tag to 1.0.0-RC3 (#1705) * Hide SerializationContext from public API on TransactionBuilder (#1707) * Hide SerializationContext from public API on TransactionBuilder (cherry picked from commit 6ff7b7e) * Hide SerializationContext from public API on TransactionBuilder (cherry picked from commit 6ff7b7e) * Address feedback on confidential identities docs (#1701) * Address minor comments on confidential identities docs * Expand on implementation details of confidential identities * Cleanup * Clarify details of the data blob in the swap identites flow * Add that certificate path is not made public for confidential identities * FlowSession docs (#1693) * FlowSession docs (#1660) * FlowSession docs * PR comments * Milder example flow name * Fixes bugs with contract constraints (#1696) * Added schedulable flows to cordapp scanning Fixed a bug where the core flows are included in every cordapp. Added a test to prove the scheduled flows are loaded correctly. Added scheduled flow support to cordapp. Renabled broken test. Fixed test to prove cordapps aren't retreived from network. Review fixes. Fixed a test issue caused by gradle having slightly different paths to IntelliJ * Fixed test for real this time. * Consistent use of CordaException and CordaRuntimeException (#1710) * Custom exceptions in corda, should either derive from an appropriate closely related java exception, or CordaException, or CordaRuntimeException. They should not inherit just from Exception, or RuntimeException. Handle PR comments Add nicer constructors to CordaException and CordaRuntimeException * Fix ambiguous defaulted constructor * Add @suppress (#1725) * Git-ignore Node Explorer config. (#1709) * add message warning windows users they might need to manually kill explorer demo nodes started by gradle (#1717) (#1726) * Misc documentation fixes (#1694) (cherry picked from commit 592896f) * Document -parameters compiler arg for Java CorDapps. (#1712) * Correct non-anonymous two party trade flow (#1731) * Parameterize TwoPartyTradeFlowTests to confirm deanonymised functionality works. * Correct handling of counterparty using well known identity in TWoPartyTradeFlow * CORDA-594 - SIMM Demo doc update (#1723) (#1735) * CORDA-594 - SIMM Demo doc update For V1 write a series of JSON / curl commands a user can follow to run the demo * Review Comments * Updated the rationale behind as to why SIMM was introduced. * typo * Cordapps now have a name field. (#1664) Corrected cordapp name generation. Added changelog entry. * Small API fixes against M16 (#1737) * Move CompositeSignaturesWithKeys into net.corda.core.crypto package. (cherry picked from commit 8f29562) * Rename and move CordaPluginRegistry to reflect its real purpose now. Simplify serialization code a bit. (cherry picked from commit e2ecd3a) * Docs: docsite improvements * Remove discussion of webserver from 'writing a cordapp' page. * Fixup some flow docs. * Add a couple more package descriptions. (cherry picked from commit 2aedc43) * Review comments (cherry picked from commit ba1d007) * Review comments - always apply default whitelist and no longer load it via ServiceLoader (cherry picked from commit 7d4d7bb) * Added wording about renaming services resource file * Update corda version tag to 1.0.0-RC4 (#1734) * Update corda version tag to 1.0.0-RC3 * Update corda version tag to 1.0.0-RC4 * Update build.gradle * V1 tests and fixes for the ContractConstraints work (#1739) * V1 tests and fixes for the ContractConstraints work * More fixes. * Added a contract constraints section to the key concepts doc. (#1704) Documentation for contract constraints. Added to index. Review fixes round 1. More review fixes. Review fixes. Explained package contents. review fixes. Addressed RGB's final review comments. Updated source code type to 'java' * Fixes dead links. (#1749) * Update gradle plugins version to 1.0.0 (#1753) * Update Readme (#1756) * Update Readme Minor tweaks to Readme -- consistent capitalisation and more descriptive list of features (also reordered to put the important things first) * Copied master readme. * Update Readme Minor tweaks to Readme -- consistent capitalisation and more descriptive list of features (also reordered to put the important things first) * Fixes .rst formatting. (#1751) * Updates tutorials. (#1649) * Updates tutorials. * Addresses review comments. * Tutorial refresh for v1.0 and moving of code into separate files. (#1758) * Moves code sections in tutorials to code files. * Removes wallet references. * Updates repo layout doc. * Removes remaining cordapp-tutorial references, replaced with cordapp-example. * Fixes broken link. * Misc docs fixes. * Refreshes the ServiceHub and rpc ops api pages. * Updates the cheat sheet. * Updates cookbooks. * Refreshes the running-a-notary tutorial. * Updates flow-testing tutorial * Updates tear-offs tutorial. * Refreshes integration-testing tutorial. * Updates to contract tutorial and accompanying code to bring inline with V1 release. * Refreshes contract-upgrade tutorial. * Fixed broken code sample in "writing a contract" and updated contracts dsl. * Added contract ref to java code. Fixed broken rst markup. * Updates transaction-building tutorial. * Updates the client-rpc and flow-state-machines tutorials. * Updates the oracles tutorial. * Amended country in X500 names from "UK" to "GB" * Update FlowCookbook.kt * Amended cheatsheet. Minor update on contract upgrades tutoraial. * Added `extraCordappPackagesToScan` to node driver. * Changes to match new function signature. * Update to reflect change in location of cash contract name. * CORDA-670: Correct scanned packages in network visualiser (#1763) * Add CorDapp dependency of IRS to network visualiser * Set CorDapp directories * Checking out the latest milestone will no longer be required. (#1761) * Updated documentation indices (#1754) * Update documentation indices. * Reference a moveable tag for V1 docs. Remove redundant warning text. * Reverted proposed usage of new docs release tag * Minor: print a deprecation warning when the web server starts. (#1767) * Release and upgrade notes for V1.0 (#1736) * Release and upgrade notes for V1.0 * Update changelog.rst * Update changelog.rst * Formatting. * Incorporating review feedback from KB and MN. * "guarantee" instead of "promise" * Updated with final review comments from KB and RGB. * Updated upgrade notes to describe migration from removed CordaPluginRegistry. * Minor clarification. * Minor updates following final RGB feedback. * Kat's further pedantic feedback * Minor changes following feedback from KB. * Incorporating review feedback from MH. * killed 'patent-pending' * Made the visualiser into a regular JVM module - not a CorDapp. (#1771) * Docs: more package descriptions and take non-stabilised APIs out of the docs build. (#1775) * Update corda version tag to 1.0.0 * Updated release notes to fix minor typos (#1779) Fixed bold type on simplified annotation driven scanning bullet and added bold type to module name bullets * Fixed drop down.. probably. (#1780) * fixed formatting for release notes. (#1782) * Improve API page wording (#1784) * Removed "unreleased" sections from the release notes and change log. * Merge remote-tracking branch 'origin/release-V1' into colljos-merge-v1-docs # Conflicts: # build.gradle # client/jfx/src/main/kotlin/net/corda/client/jfx/model/NodeMonitorModel.kt # client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt # client/rpc/src/main/kotlin/net/corda/client/rpc/PermissionException.kt # constants.properties # core/src/main/kotlin/net/corda/core/flows/FlowSession.kt # core/src/test/kotlin/net/corda/core/contracts/DummyContractV2Tests.kt # core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt # docs/source/api-flows.rst # docs/source/api-index.rst # docs/source/changelog.rst # docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/testdsl/CommercialPaperTest.java # docs/source/example-code/src/main/kotlin/net/corda/docs/FlowCookbook.kt # docs/source/example-code/src/main/kotlin/net/corda/docs/tutorial/contract/TutorialContract.kt # docs/source/example-code/src/main/kotlin/net/corda/docs/tutorial/testdsl/TutorialTestDSL.kt # docs/source/hello-world-state.rst # docs/source/key-concepts-contract-constraints.rst # docs/source/serialization.rst # docs/source/tut-two-party-flow.rst # docs/source/tutorial-tear-offs.rst # node-api/src/main/kotlin/net/corda/nodeapi/internal/serialization/CordaClassResolver.kt # node-api/src/test/java/net/corda/nodeapi/internal/serialization/ForbiddenLambdaSerializationTests.java # node-api/src/test/java/net/corda/nodeapi/internal/serialization/LambdaCheckpointSerializationTest.java # node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt # node/src/integration-test/kotlin/net/corda/services/messaging/MQSecurityTest.kt # node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt # node/src/test/kotlin/net/corda/node/internal/cordapp/CordappLoaderTest.kt # node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt # samples/attachment-demo/src/main/kotlin/net/corda/attachmentdemo/AttachmentDemo.kt # samples/trader-demo/src/main/kotlin/net/corda/traderdemo/TraderDemo.kt # testing/node-driver/src/integration-test/kotlin/net/corda/testing/FlowStackSnapshotTest.kt # testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt # testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNode.kt # webserver/src/main/kotlin/net/corda/webserver/internal/NodeWebServer.kt
2017-10-03 16:32:11 +00:00
#. By implementing the ``SerializationWhitelist`` interface and specifying a list of `whitelist` classes.
#. Via the built in Corda whitelist (see the class ``DefaultWhitelist``). Whilst this is not user editable, it does list
common JDK classes that have been whitelisted for your convenience.
The annotation is the preferred method for whitelisting. An example is shown in :doc:`tutorial-clientrpc-api`.
It's reproduced here as an example of both ways you can do this for a couple of example classes.
.. literalinclude:: example-code/src/main/kotlin/net/corda/docs/ClientRpcTutorial.kt
:language: kotlin
:start-after: START 7
:end-before: END 7
.. note:: Several of the core interfaces at the heart of Corda are already annotated and so any classes that implement
2018-01-10 17:34:08 +00:00
them will automatically be whitelisted. This includes ``Contract``, ``ContractState`` and ``CommandData``.
.. warning:: Java 8 Lambda expressions are not serializable except in flow checkpoints, and then not by default. The syntax to declare a serializable Lambda
Merge release-v1 onto master (mostly documentation changes) (#1797) * Updated corda release version to 1.0.0.RC2 (#1641) * Fixed Simm Valuation Demo Test and enable serializabe java 8 lambdas. (#1655) * [CORDA-624] Node Explorer on Issuing cash throws MissingContractAttachements exception (#1656) (cherry picked from commit 27fea4d) * BIGINT fix for H2 coin selection. (#1658) * BIGINT fix for H2 coin selection. * Review feedback * CORDA-637 Node Explorer shows Network Map Service in Cash Issue dropdown (#1665) * [CORDA-637] Node Explorer shows Network Map Service in Cash Issue dropdown * add TODO to remove the hack * Declare this internal message string as "const". (#1676) * Merge "A variety of small fixes" into the 1.0 release branch (#1673) * Minor: improve javadocs in NodeInfo * Minor: use package descriptions in Kotlin build of api docs too, not just javadocs. * RPC: make RPCConnection non-internal, as it's a core API. Move docs around so they're on public API not internal API. * Add an IntelliJ scope that covers the currently supported Corda API. This is useful when used in combination with the "Highlight public declarations with missing KDoc" inspection. * Ironic: upgrade the version of the Gradle plugin that checks for upgraded versions of things. It had broken due being incompatible with the new versions of Gradle itself. * Docs: flesh out javadocs on ServiceHub * Docs: add @suppress to a few things that were polluting the Dokka docs. * Docs: mention RPC access in NodeInfo javadoc * IRS Fixes to bring UI closer to declared financial types (#1662) * Made problematic CordaRPCClient c'tor private (with internal bridge methods) and added correct c'tors for public use. (#1653) initialiseSerialization param has also been removed. * Fixing flow snapshot feature (#1685) * Fix validating notary flow to handle notary change transactions properly. (#1687) Add a notary change test for checking longer chains involving both regular and notary change transactions. * Unification of VaultQuery And VaultService APIs (into single VaultService interface) to simplify node bootstrapping and usability. (#1677) (#1688) * Identity documentation (#1620) * Sketch initial identity docs * Restructure confidential identity docs to better fit structure * Split confidential identities into API and concepts * Further expansion on basic identity conceptS * Merge Party type into api-identity.rst * Address feedback on written content * Rework inline code with literalinclude * Start addressing feedback from Richard * Clarify use of "counterparty" * Address comments on key concepts * Correct back to US english * Clarify distribution/publishing of identities * Update changelog around confidential identities * CORDA-642 Notary demo documentation fixes (#1682) * Notary demo documentation fixes. * One of the tables is prefixed. * CORDA-641: A temporary fix for contract upgrade transactions (#1700) * A temporary fix for contract upgrade transactions: during LedgerTransaction verification run the right logic based on whether it contains the UpgradeCommand. * Move ContractUpgradeFlowTest away from createSomeNodes() * Remove assembleBareTx as it's not used * Update corda version tag to 1.0.0-RC3 (#1705) * Hide SerializationContext from public API on TransactionBuilder (#1707) * Hide SerializationContext from public API on TransactionBuilder (cherry picked from commit 6ff7b7e) * Hide SerializationContext from public API on TransactionBuilder (cherry picked from commit 6ff7b7e) * Address feedback on confidential identities docs (#1701) * Address minor comments on confidential identities docs * Expand on implementation details of confidential identities * Cleanup * Clarify details of the data blob in the swap identites flow * Add that certificate path is not made public for confidential identities * FlowSession docs (#1693) * FlowSession docs (#1660) * FlowSession docs * PR comments * Milder example flow name * Fixes bugs with contract constraints (#1696) * Added schedulable flows to cordapp scanning Fixed a bug where the core flows are included in every cordapp. Added a test to prove the scheduled flows are loaded correctly. Added scheduled flow support to cordapp. Renabled broken test. Fixed test to prove cordapps aren't retreived from network. Review fixes. Fixed a test issue caused by gradle having slightly different paths to IntelliJ * Fixed test for real this time. * Consistent use of CordaException and CordaRuntimeException (#1710) * Custom exceptions in corda, should either derive from an appropriate closely related java exception, or CordaException, or CordaRuntimeException. They should not inherit just from Exception, or RuntimeException. Handle PR comments Add nicer constructors to CordaException and CordaRuntimeException * Fix ambiguous defaulted constructor * Add @suppress (#1725) * Git-ignore Node Explorer config. (#1709) * add message warning windows users they might need to manually kill explorer demo nodes started by gradle (#1717) (#1726) * Misc documentation fixes (#1694) (cherry picked from commit 592896f) * Document -parameters compiler arg for Java CorDapps. (#1712) * Correct non-anonymous two party trade flow (#1731) * Parameterize TwoPartyTradeFlowTests to confirm deanonymised functionality works. * Correct handling of counterparty using well known identity in TWoPartyTradeFlow * CORDA-594 - SIMM Demo doc update (#1723) (#1735) * CORDA-594 - SIMM Demo doc update For V1 write a series of JSON / curl commands a user can follow to run the demo * Review Comments * Updated the rationale behind as to why SIMM was introduced. * typo * Cordapps now have a name field. (#1664) Corrected cordapp name generation. Added changelog entry. * Small API fixes against M16 (#1737) * Move CompositeSignaturesWithKeys into net.corda.core.crypto package. (cherry picked from commit 8f29562) * Rename and move CordaPluginRegistry to reflect its real purpose now. Simplify serialization code a bit. (cherry picked from commit e2ecd3a) * Docs: docsite improvements * Remove discussion of webserver from 'writing a cordapp' page. * Fixup some flow docs. * Add a couple more package descriptions. (cherry picked from commit 2aedc43) * Review comments (cherry picked from commit ba1d007) * Review comments - always apply default whitelist and no longer load it via ServiceLoader (cherry picked from commit 7d4d7bb) * Added wording about renaming services resource file * Update corda version tag to 1.0.0-RC4 (#1734) * Update corda version tag to 1.0.0-RC3 * Update corda version tag to 1.0.0-RC4 * Update build.gradle * V1 tests and fixes for the ContractConstraints work (#1739) * V1 tests and fixes for the ContractConstraints work * More fixes. * Added a contract constraints section to the key concepts doc. (#1704) Documentation for contract constraints. Added to index. Review fixes round 1. More review fixes. Review fixes. Explained package contents. review fixes. Addressed RGB's final review comments. Updated source code type to 'java' * Fixes dead links. (#1749) * Update gradle plugins version to 1.0.0 (#1753) * Update Readme (#1756) * Update Readme Minor tweaks to Readme -- consistent capitalisation and more descriptive list of features (also reordered to put the important things first) * Copied master readme. * Update Readme Minor tweaks to Readme -- consistent capitalisation and more descriptive list of features (also reordered to put the important things first) * Fixes .rst formatting. (#1751) * Updates tutorials. (#1649) * Updates tutorials. * Addresses review comments. * Tutorial refresh for v1.0 and moving of code into separate files. (#1758) * Moves code sections in tutorials to code files. * Removes wallet references. * Updates repo layout doc. * Removes remaining cordapp-tutorial references, replaced with cordapp-example. * Fixes broken link. * Misc docs fixes. * Refreshes the ServiceHub and rpc ops api pages. * Updates the cheat sheet. * Updates cookbooks. * Refreshes the running-a-notary tutorial. * Updates flow-testing tutorial * Updates tear-offs tutorial. * Refreshes integration-testing tutorial. * Updates to contract tutorial and accompanying code to bring inline with V1 release. * Refreshes contract-upgrade tutorial. * Fixed broken code sample in "writing a contract" and updated contracts dsl. * Added contract ref to java code. Fixed broken rst markup. * Updates transaction-building tutorial. * Updates the client-rpc and flow-state-machines tutorials. * Updates the oracles tutorial. * Amended country in X500 names from "UK" to "GB" * Update FlowCookbook.kt * Amended cheatsheet. Minor update on contract upgrades tutoraial. * Added `extraCordappPackagesToScan` to node driver. * Changes to match new function signature. * Update to reflect change in location of cash contract name. * CORDA-670: Correct scanned packages in network visualiser (#1763) * Add CorDapp dependency of IRS to network visualiser * Set CorDapp directories * Checking out the latest milestone will no longer be required. (#1761) * Updated documentation indices (#1754) * Update documentation indices. * Reference a moveable tag for V1 docs. Remove redundant warning text. * Reverted proposed usage of new docs release tag * Minor: print a deprecation warning when the web server starts. (#1767) * Release and upgrade notes for V1.0 (#1736) * Release and upgrade notes for V1.0 * Update changelog.rst * Update changelog.rst * Formatting. * Incorporating review feedback from KB and MN. * "guarantee" instead of "promise" * Updated with final review comments from KB and RGB. * Updated upgrade notes to describe migration from removed CordaPluginRegistry. * Minor clarification. * Minor updates following final RGB feedback. * Kat's further pedantic feedback * Minor changes following feedback from KB. * Incorporating review feedback from MH. * killed 'patent-pending' * Made the visualiser into a regular JVM module - not a CorDapp. (#1771) * Docs: more package descriptions and take non-stabilised APIs out of the docs build. (#1775) * Update corda version tag to 1.0.0 * Updated release notes to fix minor typos (#1779) Fixed bold type on simplified annotation driven scanning bullet and added bold type to module name bullets * Fixed drop down.. probably. (#1780) * fixed formatting for release notes. (#1782) * Improve API page wording (#1784) * Removed "unreleased" sections from the release notes and change log. * Merge remote-tracking branch 'origin/release-V1' into colljos-merge-v1-docs # Conflicts: # build.gradle # client/jfx/src/main/kotlin/net/corda/client/jfx/model/NodeMonitorModel.kt # client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt # client/rpc/src/main/kotlin/net/corda/client/rpc/PermissionException.kt # constants.properties # core/src/main/kotlin/net/corda/core/flows/FlowSession.kt # core/src/test/kotlin/net/corda/core/contracts/DummyContractV2Tests.kt # core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt # docs/source/api-flows.rst # docs/source/api-index.rst # docs/source/changelog.rst # docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/testdsl/CommercialPaperTest.java # docs/source/example-code/src/main/kotlin/net/corda/docs/FlowCookbook.kt # docs/source/example-code/src/main/kotlin/net/corda/docs/tutorial/contract/TutorialContract.kt # docs/source/example-code/src/main/kotlin/net/corda/docs/tutorial/testdsl/TutorialTestDSL.kt # docs/source/hello-world-state.rst # docs/source/key-concepts-contract-constraints.rst # docs/source/serialization.rst # docs/source/tut-two-party-flow.rst # docs/source/tutorial-tear-offs.rst # node-api/src/main/kotlin/net/corda/nodeapi/internal/serialization/CordaClassResolver.kt # node-api/src/test/java/net/corda/nodeapi/internal/serialization/ForbiddenLambdaSerializationTests.java # node-api/src/test/java/net/corda/nodeapi/internal/serialization/LambdaCheckpointSerializationTest.java # node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt # node/src/integration-test/kotlin/net/corda/services/messaging/MQSecurityTest.kt # node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt # node/src/test/kotlin/net/corda/node/internal/cordapp/CordappLoaderTest.kt # node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt # samples/attachment-demo/src/main/kotlin/net/corda/attachmentdemo/AttachmentDemo.kt # samples/trader-demo/src/main/kotlin/net/corda/traderdemo/TraderDemo.kt # testing/node-driver/src/integration-test/kotlin/net/corda/testing/FlowStackSnapshotTest.kt # testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt # testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNode.kt # webserver/src/main/kotlin/net/corda/webserver/internal/NodeWebServer.kt
2017-10-03 16:32:11 +00:00
expression that will work with Corda is ``Runnable r = (Runnable & Serializable) () -> System.out.println("Hello World");``, or
``Callable<String> c = (Callable<String> & Serializable) () -> "Hello World";``.
AMQP
----
Corda uses an extended form of AMQP 1.0 as its binary wire protocol.
Corda serialisation is currently used for:
#. Peer-to-peer networking.
#. Persisted messages, like signed transactions and states.
.. note:: At present, the Kryo-based format is still used by the RPC framework on both the client and server side. However, it is planned that the RPC framework will move to the AMQP framework soon.
For the checkpointing of flows Corda uses a private scheme that is subject to change. It is currently based on the Kryo
framework, but this may not be true in future.
This separation of serialization schemes into different contexts allows us to use the most suitable framework for that context rather than
attempting to force a one-size-fits-all approach. Kryo is more suited to the serialization of a program's stack frames, as it is more flexible
than our AMQP framework in what it can construct and serialize. However, that flexibility makes it exceptionally difficult to make secure. Conversely,
our AMQP framework allows us to concentrate on a secure framework that can be reasoned about and thus made safer, with far fewer
security holes.
Selection of serialization context should, for the most part, be opaque to CorDapp developers, the Corda framework selecting
the correct context as configured.
This document describes what is currently and what will be supported in the Corda AMQP format from the perspective
of CorDapp developers, to allow CorDapps to take into consideration the future state. The AMQP serialization format will
continue to apply the whitelisting functionality that is already in place and described in :doc:`serialization`.
Core Types
----------
This section describes the classes and interfaces that the AMQP serialization format supports.
Collection Types
````````````````
The following collection types are supported. Any implementation of the following will be mapped to *an* implementation
of the interface or class on the other end. For example, if you use a Guava implementation of a collection, it will
deserialize as the primitive collection type.
The declared types of properties should only use these types, and not any concrete implementation types (e.g.
2018-01-10 17:34:08 +00:00
Guava implementations). Collections must specify their generic type, the generic type parameters will be included in
the schema, and the element's type will be checked against the generic parameters when deserialized.
::
java.util.Collection
java.util.List
java.util.Set
java.util.SortedSet
java.util.NavigableSet
java.util.NonEmptySet
java.util.Map
java.util.SortedMap
java.util.NavigableMap
However, as a convenience, we explicitly support the concrete implementation types below, and they can be used as the
declared types of properties.
::
java.util.LinkedHashMap
java.util.TreeMap
java.util.EnumSet
java.util.EnumMap (but only if there is at least one entry)
JVM primitives
``````````````
All the primitive types are supported.
::
boolean
byte
char
double
float
int
long
short
Arrays
``````
Arrays of any type are supported, primitive or otherwise.
JDK Types
`````````
The following JDK library types are supported:
::
java.io.InputStream
java.lang.Boolean
java.lang.Byte
java.lang.Character
java.lang.Class
java.lang.Double
java.lang.Float
java.lang.Integer
java.lang.Long
java.lang.Short
java.lang.StackTraceElement
java.lang.String
java.lang.StringBuffer
java.math.BigDecimal
java.security.PublicKey
java.time.DayOfWeek
java.time.Duration
java.time.Instant
java.time.LocalDate
java.time.LocalDateTime
java.time.LocalTime
java.time.Month
java.time.MonthDay
java.time.OffsetDateTime
java.time.OffsetTime
java.time.Period
java.time.YearMonth
java.time.Year
java.time.ZonedDateTime
java.time.ZonedId
java.time.ZoneOffset
java.util.BitSet
java.util.Currency
java.util.UUID
Third-Party Types
`````````````````
The following 3rd-party types are supported:
::
kotlin.Unit
kotlin.Pair
org.apache.activemq.artemis.api.core.SimpleString
Corda Types
```````````
Any classes and interfaces in the Corda codebase annotated with ``@CordaSerializable`` are supported.
All Corda exceptions that are expected to be serialized inherit from ``CordaThrowable`` via either ``CordaException`` (for
checked exceptions) or ``CordaRuntimeException`` (for unchecked exceptions). Any ``Throwable`` that is serialized but does
not conform to ``CordaThrowable`` will be converted to a ``CordaRuntimeException``, with the original exception type
and other properties retained within it.
Custom Types
------------
You own types must adhere to the following rules to be supported:
Classes
```````
General Rules
'''''''''''''
#. The class must be compiled with parameter names included in the ``.class`` file. This is the default in Kotlin
but must be turned on in Java using the ``-parameters`` command line option to ``javac``
2018-01-10 15:13:21 +00:00
.. note:: In circumstances where classes cannot be recompiled, such as when using a third-party library, a
proxy serializer can be used to avoid this problem. Details on creating such an object can be found on the
:doc:`cordapp-custom-serializers` page.
2018-01-10 15:13:21 +00:00
#. The class must be annotated with ``@CordaSerializable``
#. The declared types of constructor arguments, getters, and setters must be supported, and where generics are used, the
generic parameter must be a supported type, an open wildcard (``*``), or a bounded wildcard which is currently
widened to an open wildcard
#. Any superclass must adhere to the same rules, but can be abstract
#. Object graph cycles are not supported, so an object cannot refer to itself, directly or indirectly
Constructor Instantiation
'''''''''''''''''''''''''
The primary way Corda's AMQP serialization framework instantiates objects is via a specified constructor. This is
used to first determine which properties of an object are to be serialised, then, on deserialization, it is used to
instantiate the object with the serialized values.
It is recommended that serializable objects in Corda adhere to the following rules, as they allow immutable state
objects to be deserialised:
#. A Java Bean getter for each of the properties in the constructor, with a name of the form ``getX``. For example, for a constructor
parameter ``foo``, there must be a getter called ``getFoo()``. If ``foo`` is a boolean, the getter may
optionally be called ``isFoo()`` (this is why the class must be compiled with parameter names turned on)
#. A constructor which takes all of the properties that you wish to record in the serialized form. This is required in
order for the serialization framework to reconstruct an instance of your class
#. If more than one constructor is provided, the serialization framework needs to know which one to use. The ``@ConstructorForDeserialization``
annotation can be used to indicate which one. For a Kotlin class, without the ``@ConstructorForDeserialization`` annotation, the
*primary constructor* will be selected
In Kotlin, this maps cleanly to a data class where there getters are synthesized automatically. For example, suppose we
have the following data class:
.. container:: codeset
.. sourcecode:: kotlin
data class Example (val a: Int, val b: String)
Properties ``a`` and ``b`` will be included in the serialised form.
However, properties not mentioned in the constructor will not be serialised. For example, in the following code,
property ``c`` will not be considered part of the serialised form:
.. container:: codeset
.. sourcecode:: kotlin
data class Example (val a: Int, val b: String) {
var c: Int = 20
}
var e = Example (10, "hello")
e.c = 100;
val e2 = e.serialize().deserialize() // e2.c will be 20, not 100!!!
Setter Instantiation
''''''''''''''''''''
As an alternative to constructor-based initialisation, Corda can also determine the important elements of an
object by inspecting the getter and setter methods present on the class. If a class has **only** a default
constructor **and** properties then the serializable properties will be determined by the presence of
both a getter and setter for that property that are both publicly visible (i.e. the class adheres to
the classic *idiom* of mutable JavaBeans).
On deserialization, a default instance will first be created, and then the setters will be invoked on that object to
populate it with the correct values.
For example:
.. container:: codeset
.. sourcecode:: kotlin
class Example(var a: Int, var b: Int, var c: Int)
.. sourcecode:: java
class Example {
private int a;
private int b;
private int c;
public int getA() { return a; }
public int getB() { return b; }
public int getC() { return c; }
public void setA(int a) { this.a = a; }
public void setB(int b) { this.b = b; }
public void setC(int c) { this.c = c; }
}
.. warning:: We do not recommend this pattern! Corda tries to use immutable data structures throughout, and if you
rely heavily on mutable JavaBean style objects then you may sometimes find the API behaves in unintuitive ways.
Inaccessible Private Properties
```````````````````````````````
Whilst the Corda AMQP serialization framework supports private object properties without publicly
accessible getter methods, this development idiom is strongly discouraged.
For example.
.. container:: codeset
.. sourcecode:: kotlin
class C(val a: Int, private val b: Int)
.. sourcecode:: java
class C {
public Integer a;
private Integer b;
public C(Integer a, Integer b) {
this.a = a;
this.b = b;
}
}
When designing Corda states, it should be remembered that they are not, despite appearances, traditional
OOP style objects. They are signed over, transformed, serialised, and relationally mapped. As such,
all elements should be publicly accessible by design.
.. warning:: IDEs will indicate erroneously that properties can be given something other than public visibility. Ignore
this, as whilst it will work, as discussed above there are many reasons why this isn't a good idea.
Providing a public getter, as per the following example, is acceptable:
.. container:: codeset
.. sourcecode:: kotlin
class C(val a: Int, b: Int) {
var b: Int = b
private set
}
.. sourcecode:: java
class C {
public Integer a;
private Integer b;
C(Integer a, Integer b) {
this.a = a;
this.b = b;
}
public Integer getB() {
return b;
}
}
Mismatched Class Properties / Constructor Parameters
````````````````````````````````````````````````````
Consider an example where you wish to ensure that a property of class whose type is some form of container is always sorted using some specific criteria yet you wish to maintain the immutability of the class.
This could be codified as follows:
.. container:: codeset
.. sourcecode:: kotlin
@CordaSerializable
class ConfirmRequest(statesToConsume: List<StateRef>, val transactionId: SecureHash) {
companion object {
private val stateRefComparator = compareBy<StateRef>({ it.txhash }, { it.index })
}
private val states = statesToConsume.sortedWith(stateRefComparator)
}
The intention in the example is to always ensure that the states are stored in a specific order regardless of the ordering
of the list used to initialise instances of the class. This is achieved by using the first constructor parameter as the
basis for a private member. However, because that member is not mentioned in the constructor (whose parameters determine
what is serializable as discussed above) it would not be serialized. In addition, as there is no provided mechanism to retrieve
a value for ``statesToConsume`` we would fail to build a serializer for this Class.
In this case a secondary constructor annotated with ``@ConstructorForDeserialization`` would not be a valid solution as the
two signatures would be the same. Best practice is thus to provide a getter for the constructor parameter which explicitly
associates it with the actual member variable.
.. container:: codeset
.. sourcecode:: kotlin
@CordaSerializable
class ConfirmRequest(statesToConsume: List<StateRef>, val transactionId: SecureHash) {
companion object {
private val stateRefComparator = compareBy<StateRef>({ it.txhash }, { it.index })
}
private val states = statesToConsume.sortedWith(stateRefComparator)
//Explicit "getter" for a property identified from the constructor parameters
fun getStatesToConsume() = states
}
Mutable Containers
``````````````````
Because Java fundamentally provides no mechanism by which the mutability of a class can be determined this presents a
problem for the serialization framework. When reconstituting objects with container properties (lists, maps, etc) we
must chose whether to create mutable or immutable objects. Given the restrictions, we have decided it is better to
preserve the immutability of immutable objects rather than force mutability on presumed immutable objects.
.. note:: Whilst we could potentially infer mutability empirically, doing so exhaustively is impossible as it's a design
decision rather than something intrinsic to the JVM. At present, we defer to simply making things immutable on reconstruction
with the following workarounds provided for those who use them. In future, this may change, but for now use the following
examples as a guide.
For example, consider the following:
.. sourcecode:: kotlin
data class C(val l : MutableList<String>)
val bytes = C(mutableListOf ("a", "b", "c")).serialize()
val newC = bytes.deserialize()
newC.l.add("d")
The call to ``newC.l.add`` will throw an ``UnsupportedOperationException``.
There are several workarounds that can be used to preserve mutability on reconstituted objects. Firstly, if the class
isn't a Kotlin data class and thus isn't restricted by having to have a primary constructor.
.. sourcecode:: kotlin
class C {
val l : MutableList<String>
@Suppress("Unused")
constructor (l : MutableList<String>) {
this.l = l.toMutableList()
}
}
val bytes = C(mutableListOf ("a", "b", "c")).serialize()
val newC = bytes.deserialize()
// This time this call will succeed
newC.l.add("d")
Secondly, if the class is a Kotlin data class, a secondary constructor can be used.
.. sourcecode:: kotlin
data class C (val l : MutableList<String>){
@ConstructorForDeserialization
@Suppress("Unused")
constructor (l : Collection<String>) : this (l.toMutableList())
}
val bytes = C(mutableListOf ("a", "b", "c")).serialize()
val newC = bytes.deserialize()
// This will also work
newC.l.add("d")
Thirdly, to preserve immutability of objects (a recommend design principle - Copy on Write semantics) then mutating the
contents of the class can be done by creating a new copy of the data class with the altered list passed (in this example)
passed in as the Constructor parameter.
.. sourcecode:: kotlin
data class C(val l : List<String>)
val bytes = C(listOf ("a", "b", "c")).serialize()
val newC = bytes.deserialize()
val newC2 = newC.copy (l = (newC.l + "d"))
.. note:: If mutability isn't an issue at all then in the case of data classes a single constructor can
be used by making the property var instead of val and in the ``init`` block reassigning the property
to a mutable instance
Enums
`````
All enums are supported, provided they are annotated with ``@CordaSerializable``. Corda supports interoperability of
enumerated type versions. This allows such types to be changed over time without breaking backward (or forward)
compatibility. The rules and mechanisms for doing this are discussed in :doc:`serialization-enum-evolution`.
Exceptions
``````````
The following rules apply to supported ``Throwable`` implementations.
#. If you wish for your exception to be serializable and transported type safely it should inherit from either
``CordaException`` or ``CordaRuntimeException``
#. If not, the ``Throwable`` will deserialize to a ``CordaRuntimeException`` with the details of the original
``Throwable`` contained within it, including the class name of the original ``Throwable``
Kotlin Objects
``````````````
Kotlin's non-anonymous ``object`` s (i.e. constructs like ``object foo : Contract {...}``) are singletons and
treated differently. They are recorded into the stream with no properties, and deserialize back to the
singleton instance. Currently, the same is not true of Java singletons, which will deserialize to new instances
of the class. This is hard to fix because there's no perfectly standard idiom for Java singletons.
Kotlin's anonymous ``object`` s (i.e. constructs like ``object : Contract {...}``) are not currently supported
and will not serialize correctly. They need to be re-written as an explicit class declaration.
Class synthesis
---------------
Corda serialization supports dynamically synthesising classes from the supplied schema when deserializing,
without the supporting classes being present on the classpath. This can be useful where generic code might expect to
be able to use reflection over the deserialized data, for scripting languages that run on the JVM, and also for
ensuring classes not on the classpath can be deserialized without loading potentially malicious code.
Possible future enhancements include:
#. Java singleton support. We will add support for identifying classes which are singletons and identifying the
static method responsible for returning the singleton instance
#. Instance internalizing support. We will add support for identifying classes that should be resolved against an instances map to avoid
creating many duplicate instances that are equal (similar to ``String.intern()``)
.. Type Evolution:
Type Evolution
--------------
Type evolution is the mechanism by which classes can be altered over time yet still remain serializable and deserializable across
all versions of the class. This ensures an object serialized with an older idea of what the class "looked like" can be deserialized
and a version of the current state of the class instantiated.
More detail can be found in :doc:`serialization-default-evolution`.