ENT-11055: Basic external verification (#7545)

* ENT-11055: Basic external verification Introduction of the external transaction verifier, a separate JVM process for verifying `SignedTransaction`s. The end goal is for this verifier to be built with Kotlin 1.2 so that it creates a compatible verification environment for transactions with 4.11 contracts. For now however the verifier is built against Kotlin 1.8, same as the node. External verification is enabled when the the system property `net.corda.node.verification.external` is set to `true`. When enabled, all verification requests made via `SignedTransaction.verify` are sent to the external verifier, regardless of the transaction content. It will do the vast bulk of the verification and then send the result back, namely if an exception occurred. If it did, then it's re-thrown in the node. The external verifier is a stateless process, with no connection to the node's database. All transaction resolution information needed to create the relevant ledger transaction object are made to the node, which waits in a loop servicing these requests until it receives the result. The verifier Jar is embedded in the Corda node Jar, and is extracted and run when needed for the first time. The node opens up a local port for the verifier to communicate with, which is specified to the verifier in the process command line. This all means there is no extra configuration or deployment required to support external verification. The existing code had some initial attempts and abstractions to support a future external verification feature. However, they were either incorrect or didn't quite fit. One such example was `TransactionVerifierService`. It incorrectly operated on the `LedgerTransaction` level, which doesn't work since the transaction needs to be first serialised. Instead a new abstraction, `VerificationSupport` has been introduced, which represents all the operations needed to resolve and verify a `SignedTransaction`, essentially replacing `ServicesForResolution` (a lot of the changes are due to this). The external verifier implements this with a simple RPC mechanism, whilst the node needed a new (internal) `ServiceHub` abstraction, `VerifyingServiceHub`. `ServicesForResolution` hasn't been deleted since it's public API, however all classes implementing it must also implement `VerifyingServiceHub`. This is possible to do without breaking compatibility since `ServicesForResolution` is annotated with `@DoNotImplement`. Changes to `api-current.txt` were made due to the removal of `TransactionVerifierService`, which was clearly indicated as an internal class, and returning `TransactionBuilder.toLedgerTransactionWithContext` back to an internal method. * Address review comments * One bulk load states method * Merge fix
2025-06-13 12:48:18 +00:00 · 2023-12-07 11:29:27 +00:00
parent 74ca2c6734
commit 11d0054fcc
86 changed files with 2520 additions and 2374 deletions
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/HibernateConfiguration.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence/HibernateConfiguration.kt
@ -1,6 +1,5 @@
 package net.corda.nodeapi.internal.persistence

-import com.github.benmanes.caffeine.cache.Caffeine
 import net.corda.core.internal.NamedCacheFactory
 import net.corda.core.internal.castIfPossible
 import net.corda.core.schemas.MappedSchema
@ -54,7 +53,7 @@ class HibernateConfiguration(

    val sessionFactoryFactory = findSessionFactoryFactory(jdbcUrl, customClassLoader)

-    private val sessionFactories = cacheFactory.buildNamed<Set<MappedSchema>, SessionFactory>(Caffeine.newBuilder(), "HibernateConfiguration_sessionFactories")
+    private val sessionFactories = cacheFactory.buildNamed<Set<MappedSchema>, SessionFactory>("HibernateConfiguration_sessionFactories")

    val sessionFactoryForRegisteredSchemas = schemas.let {
        logger.info("Init HibernateConfiguration for schemas: $it")
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/serialization/CustomSerializationSchemeAdapter.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/serialization/CustomSerializationSchemeAdapter.kt
@ -1,47 +0,0 @@
-package net.corda.nodeapi.internal.serialization
-
-import net.corda.core.serialization.SerializationSchemeContext
-import net.corda.core.serialization.CustomSerializationScheme
-import net.corda.core.serialization.SerializationContext
-import net.corda.core.serialization.SerializedBytes
-import net.corda.core.serialization.internal.CustomSerializationSchemeUtils.Companion.getCustomSerializationMagicFromSchemeId
-import net.corda.core.utilities.ByteSequence
-import net.corda.serialization.internal.CordaSerializationMagic
-import net.corda.serialization.internal.SerializationScheme
-import java.io.ByteArrayOutputStream
-import java.io.NotSerializableException
-
-class CustomSerializationSchemeAdapter(private val customScheme: CustomSerializationScheme): SerializationScheme {
-
-    val serializationSchemeMagic = getCustomSerializationMagicFromSchemeId(customScheme.getSchemeId())
-
-    override fun canDeserializeVersion(magic: CordaSerializationMagic, target: SerializationContext.UseCase): Boolean {
-        return magic == serializationSchemeMagic
-    }
-
-    override fun <T : Any> deserialize(byteSequence: ByteSequence, clazz: Class<T>, context: SerializationContext): T {
-        val readMagic = byteSequence.take(serializationSchemeMagic.size)
-        if (readMagic != serializationSchemeMagic) {
-            throw NotSerializableException("Scheme ${customScheme::class.java} is incompatible with blob." +
-                    " Magic from blob = $readMagic (Expected = $serializationSchemeMagic)")
-        }
-        return customScheme.deserialize(
-            byteSequence.subSequence(serializationSchemeMagic.size, byteSequence.size - serializationSchemeMagic.size),
-            clazz,
-            SerializationSchemeContextAdapter(context)
-        )
-    }
-
-    override fun <T : Any> serialize(obj: T, context: SerializationContext): SerializedBytes<T> {
-        val stream = ByteArrayOutputStream()
-        stream.write(serializationSchemeMagic.bytes)
-        stream.write(customScheme.serialize(obj, SerializationSchemeContextAdapter(context)).bytes)
-        return SerializedBytes(stream.toByteArray())
-    }
-
-    private class SerializationSchemeContextAdapter(context: SerializationContext) : SerializationSchemeContext {
-        override val deserializationClassLoader = context.deserializationClassLoader
-        override val whitelist = context.whitelist
-        override val properties = context.properties
-    }
-}
--- a/node-api/src/test/kotlin/net/corda/nodeapi/internal/serialization/CustomSerializationSchemeAdapterTests.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/serialization/CustomSerializationSchemeAdapterTests.kt
@ -4,6 +4,7 @@ import net.corda.core.serialization.SerializationSchemeContext
 import net.corda.core.serialization.CustomSerializationScheme
 import net.corda.core.utilities.ByteSequence
 import net.corda.nodeapi.internal.serialization.testutils.serializationContext
+import net.corda.serialization.internal.verifier.CustomSerializationSchemeAdapter
 import org.junit.Test
 import org.junit.jupiter.api.Assertions.assertTrue
 import java.io.NotSerializableException