CORDA-1050 docs on whitelisting CorDapps (#2671)

* CORDA-1050 docs on whitelisting CorDapps * Addressed code review notes * Addressed code review notes
2025-02-01 08:48:09 +00:00 · 2018-03-01 17:37:33 +00:00 · 2018-03-01 17:37:33 +00:00 · 06af213cdb
commit 06af213cdb
parent 08c5b72874
2 changed files with 48 additions and 0 deletions
--- a/docs/source/network-map.rst
+++ b/docs/source/network-map.rst
@ -107,6 +107,9 @@ The current set of network parameters:
 :modifiedTime: The time when the network parameters were last modified by the compatibility zone operator.
 :epoch: Version number of the network parameters. Starting from 1, this will always increment whenever any of the
        parameters change.
+:whitelistedContractImplementations: List of whitelisted versions of contract code.
+        For each contract class there is a list of hashes of the approved CorDapp jar versions containing that contract.
+        Read more about *Zone constraints* here :doc:`api-contract-constraints`

 More parameters will be added in future releases to regulate things like allowed port numbers, how long a node can be
 offline before it is evicted from the zone, whether or not IPv6 connectivity is required for zone members, required
--- a/docs/source/setting-up-a-corda-network.rst
+++ b/docs/source/setting-up-a-corda-network.rst
@ -82,6 +82,51 @@ For example running the command on a directory containing these files :

 Would generate directories containing three nodes: notary, partya and partyb.

+
+Whitelisting Contracts
+~~~~~~~~~~~~~~~~~~~~~~
+
+If you want to create a *Zone whitelist* (see :doc:`api-contract-constraints`), you can pass in a list of CorDapp jars:
+
+``java -jar network-bootstrapper.jar <nodes-root-dir> <path-to-first-corDapp> <path-to-second-corDapp> ..``
+
+The CorDapp jars will be hashed and scanned for ``Contract`` classes.
+By default the tool would generate a file named ``whitelist.txt`` containing an entry for each contract with the hash of the jar.
+
+For example:
+
+.. sourcecode:: none
+
+    net.corda.finance.contracts.asset.Obligation:decd098666b9657314870e192ced0c3519c2c9d395507a238338f8d003929de8
+    net.corda.finance.contracts.asset.Cash:decd098666b9657314870e192ced0c3519c2c9d395507a238338f8d003929de9
+
+These will be added to the ``NetworkParameters.whitelistedContractImplementations``. See :doc:`network-map`.
+
+This means that by default the Network bootstrapper tool will whitelist all contracts found in all passed CorDapps.
+
+In case there is a ``whitelist.txt`` file in the root dir already, the tool will append the new jar hashes or contracts to it.
+
+The zone operator will maintain this whitelist file, and, using the tool, will append new versions of CorDapps to it.
+
+.. warning::
+    - The zone operator must ensure that this file is *append only*.
+    - If the operator removes hashes from the list, all transactions pointing to that version will suddenly fail the constraint verification, and the entire chain is compromised.
+    - If a contract is removed from the whitelist, then all states created from that moment on will be constrained by the HashAttachmentConstraint.
+
+    Note: In future releases, we will provider a tamper-proof way of maintaining the contract whitelist.
+
+For fine-grained control of constraints, in case multiple contracts live in the same jar, the tool reads from another file:
+``exclude_whitelist.txt``, which contains a list of contracts that should not be whitelisted, and thus default to the very restrictive:
+``HashAttachmentConstraint``
+
+For example:
+
+.. sourcecode:: none
+
+    net.corda.finance.contracts.asset.Cash
+    net.corda.finance.contracts.asset.CommercialPaper
+
+
 Starting the nodes
 ~~~~~~~~~~~~~~~~~~