Bridge to Firewall renames
More renaming Update diagrams Update changelog to point out breaking change fo the rename Address Richard's PR comments
@ -15,7 +15,7 @@ apply plugin: 'net.corda.plugins.publish-utils'
|
||||
apply plugin: 'us.kirchmeier.capsule'
|
||||
apply plugin: 'com.jfrog.artifactory'
|
||||
|
||||
description 'Corda bridge server capsule'
|
||||
description 'Corda firewall server capsule'
|
||||
|
||||
configurations {
|
||||
runtimeArtifacts
|
||||
@ -73,17 +73,17 @@ sourceCompatibility = 1.6
|
||||
targetCompatibility = 1.6
|
||||
|
||||
jar {
|
||||
baseName 'corda-bridgeserver'
|
||||
baseName 'corda-firewall'
|
||||
}
|
||||
|
||||
task buildBridgeServerJar(type: FatCapsule, dependsOn: project(':bridge').jar) {
|
||||
applicationClass 'net.corda.bridge.Bridge'
|
||||
archiveName "corda-bridgeserver-${corda_release_version}.jar"
|
||||
task buildFirewallJar(type: FatCapsule, dependsOn: project(':bridge').jar) {
|
||||
applicationClass 'net.corda.bridge.Firewall'
|
||||
archiveName "corda-firewall-${corda_release_version}.jar"
|
||||
applicationSource = files(
|
||||
project(':bridge').configurations.runtime,
|
||||
project(':bridge').jar,
|
||||
"$rootDir/config/dev/log4j2.xml",
|
||||
"$rootDir/bridge/build/resources/main/reference.conf"
|
||||
"$rootDir/bridge/build/resources/main/firewalldefault.conf"
|
||||
)
|
||||
from 'NOTICE' // Copy CDDL notice
|
||||
from configurations.capsuleRuntime.files.collect { zipTree(it) }
|
||||
@ -91,7 +91,7 @@ task buildBridgeServerJar(type: FatCapsule, dependsOn: project(':bridge').jar) {
|
||||
capsuleManifest {
|
||||
applicationVersion = corda_release_version
|
||||
javaAgents = []
|
||||
systemProperties['visualvm.display.name'] = 'Corda Bridge Server'
|
||||
systemProperties['visualvm.display.name'] = 'Corda Firewall Server'
|
||||
minJavaVersion = '1.8.0'
|
||||
minUpdateVersion['1.8'] = java8_minUpdateVersion
|
||||
caplets = []
|
||||
@ -105,8 +105,8 @@ task buildBridgeServerJar(type: FatCapsule, dependsOn: project(':bridge').jar) {
|
||||
|
||||
processSmokeTestResources {
|
||||
|
||||
from(project.tasks['buildBridgeServerJar']) {
|
||||
rename 'corda-bridgeserver-(.*)', 'corda-bridgeserver.jar'
|
||||
from(project.tasks['buildFirewallJar']) {
|
||||
rename 'corda-firewall-(.*)', 'corda-firewall.jar'
|
||||
into "net/corda/bridge/smoketest"
|
||||
}
|
||||
}
|
||||
@ -117,8 +117,8 @@ task smokeTest(type: Test) {
|
||||
}
|
||||
|
||||
artifacts {
|
||||
runtimeArtifacts buildBridgeServerJar
|
||||
publish buildBridgeServerJar {
|
||||
runtimeArtifacts buildFirewallJar
|
||||
publish buildFirewallJar {
|
||||
classifier ""
|
||||
}
|
||||
}
|
||||
|
@ -76,8 +76,8 @@ class BridgeSmokeTest {
|
||||
override val crlCheckSoftFail: Boolean = true
|
||||
}
|
||||
artemisConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
|
||||
copyBridgeResource("corda-bridgeserver.jar")
|
||||
copyBridgeResource("bridge.conf")
|
||||
copyBridgeResource("corda-firewall.jar")
|
||||
copyBridgeResource("firewall.conf")
|
||||
createNetworkParams(tempFolder.root.toPath())
|
||||
val (artemisServer, artemisClient) = createArtemis()
|
||||
val zkServer = TestingServer(11105, false)
|
||||
@ -143,7 +143,7 @@ class BridgeSmokeTest {
|
||||
val javaPath: Path = Paths.get(System.getProperty("java.home"), "bin", "java")
|
||||
val builder = ProcessBuilder()
|
||||
.command(javaPath.toString(), "-Dcapsule.log=verbose",
|
||||
"-jar", "corda-bridgeserver.jar")
|
||||
"-jar", "corda-firewall.jar")
|
||||
.directory(baseDirectory.toFile())
|
||||
.inheritIO()
|
||||
|
||||
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = SenderReceiver
|
||||
firewallMode = SenderReceiver
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
socksProxyConfig : {
|
@ -1,31 +1,27 @@
|
||||
package net.corda.bridge
|
||||
|
||||
import com.typesafe.config.ConfigFactory
|
||||
import net.corda.bridge.services.api.BridgeConfiguration
|
||||
import net.corda.bridge.services.api.FirewallConfiguration
|
||||
import net.corda.bridge.services.config.BridgeConfigHelper
|
||||
import net.corda.bridge.services.config.parseAsBridgeConfiguration
|
||||
import net.corda.bridge.services.config.parseAsFirewallConfiguration
|
||||
import net.corda.core.concurrent.CordaFuture
|
||||
import net.corda.core.crypto.SecureHash
|
||||
import net.corda.core.identity.CordaX500Name
|
||||
import net.corda.core.internal.concurrent.flatMap
|
||||
import net.corda.core.internal.concurrent.map
|
||||
import net.corda.core.internal.div
|
||||
import net.corda.core.utilities.NetworkHostAndPort
|
||||
import net.corda.core.utilities.getOrThrow
|
||||
import net.corda.nodeapi.internal.DEV_CA_KEY_STORE_PASS
|
||||
import net.corda.nodeapi.internal.crypto.X509Utilities
|
||||
import net.corda.nodeapi.internal.crypto.loadKeyStore
|
||||
import net.corda.testing.driver.NodeHandle
|
||||
import net.corda.testing.node.internal.*
|
||||
import java.io.File
|
||||
import java.nio.file.Files
|
||||
import java.nio.file.Path
|
||||
|
||||
|
||||
data class BridgeHandle(
|
||||
val baseDirectory: Path,
|
||||
val process: Process,
|
||||
val configuration: BridgeConfiguration,
|
||||
val configuration: FirewallConfiguration,
|
||||
val bridgePort: Int,
|
||||
val brokerPort: Int,
|
||||
val debugPort: Int?
|
||||
@ -33,7 +29,7 @@ data class BridgeHandle(
|
||||
|
||||
fun startBridgeProcess(bridgePath: Path, debugPort: Int?): Process {
|
||||
return ProcessUtilities.startCordaProcess(
|
||||
className = "net.corda.bridge.Bridge",
|
||||
className = "net.corda.bridge.Firewall",
|
||||
arguments = listOf("--base-directory", bridgePath.toString()),
|
||||
jdwpPort = debugPort,
|
||||
extraJvmArguments = listOf(),
|
||||
@ -47,7 +43,7 @@ fun DriverDSLImpl.startBridge(nodeName: CordaX500Name, bridgePort: Int, brokerPo
|
||||
val bridgeFolder = File("$nodeDirectory-bridge")
|
||||
bridgeFolder.mkdirs()
|
||||
createNetworkParams(bridgeFolder.toPath())
|
||||
val initialConfig = ConfigFactory.parseResources(ConfigTest::class.java, "/net/corda/bridge/singleprocess/bridge.conf")
|
||||
val initialConfig = ConfigFactory.parseResources(ConfigTest::class.java, "/net/corda/bridge/singleprocess/firewall.conf")
|
||||
val portConfig = ConfigFactory.parseMap(
|
||||
mapOf(
|
||||
"outboundConfig" to mapOf(
|
||||
@ -59,8 +55,8 @@ fun DriverDSLImpl.startBridge(nodeName: CordaX500Name, bridgePort: Int, brokerPo
|
||||
)
|
||||
)
|
||||
val config = ConfigFactory.parseMap(configOverrides).withFallback(portConfig).withFallback(initialConfig)
|
||||
writeConfig(bridgeFolder.toPath(), "bridge.conf", config)
|
||||
val bridgeConfig = BridgeConfigHelper.loadConfig(bridgeFolder.toPath()).parseAsBridgeConfiguration()
|
||||
writeConfig(bridgeFolder.toPath(), "firewall.conf", config)
|
||||
val bridgeConfig = BridgeConfigHelper.loadConfig(bridgeFolder.toPath()).parseAsFirewallConfiguration()
|
||||
val nodeCertificateDirectory = nodeDirectory / "certificates"
|
||||
val bridgeDebugPort = if (isDebug) debugPortAllocation.nextPort() else null
|
||||
return pollUntilTrue("$nodeName keystore creation") {
|
||||
|
@ -12,8 +12,8 @@ package net.corda.bridge
|
||||
|
||||
import com.nhaarman.mockito_kotlin.doReturn
|
||||
import com.nhaarman.mockito_kotlin.whenever
|
||||
import net.corda.bridge.internal.BridgeInstance
|
||||
import net.corda.bridge.services.api.BridgeMode
|
||||
import net.corda.bridge.internal.FirewallInstance
|
||||
import net.corda.bridge.services.api.FirewallMode
|
||||
import net.corda.bridge.services.config.BridgeHAConfigImpl
|
||||
import net.corda.core.internal.copyToDirectory
|
||||
import net.corda.core.internal.createDirectories
|
||||
@ -59,10 +59,10 @@ class BridgeIntegrationTest {
|
||||
|
||||
@Test
|
||||
fun `Load simple all in one bridge and stand it up`() {
|
||||
val configResource = "/net/corda/bridge/singleprocess/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/singleprocess/firewall.conf"
|
||||
createNetworkParams(tempFolder.root.toPath())
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(BridgeMode.SenderReceiver, config.bridgeMode)
|
||||
assertEquals(FirewallMode.SenderReceiver, config.firewallMode)
|
||||
assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress)
|
||||
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress)
|
||||
assertNull(config.bridgeInnerConfig)
|
||||
@ -71,7 +71,7 @@ class BridgeIntegrationTest {
|
||||
val (artemisServer, artemisClient) = createArtemis()
|
||||
try {
|
||||
installBridgeControlResponder(artemisClient)
|
||||
val bridge = BridgeInstance(config, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val bridge = FirewallInstance(config, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val stateFollower = bridge.activeChange.toBlocking().iterator
|
||||
assertEquals(false, stateFollower.next())
|
||||
assertEquals(false, bridge.active)
|
||||
@ -92,25 +92,25 @@ class BridgeIntegrationTest {
|
||||
@Test
|
||||
fun `Load bridge (bridge Inner) and float outer and stand them up`() {
|
||||
val bridgeFolder = tempFolder.root.toPath()
|
||||
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/bridge.conf"
|
||||
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/firewall.conf"
|
||||
val bridgeConfig = createAndLoadConfigFromResource(bridgeFolder, bridgeConfigResource)
|
||||
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
|
||||
createNetworkParams(bridgeFolder)
|
||||
assertEquals(BridgeMode.BridgeInner, bridgeConfig.bridgeMode)
|
||||
assertEquals(FirewallMode.BridgeInner, bridgeConfig.firewallMode)
|
||||
assertEquals(NetworkHostAndPort("localhost", 11005), bridgeConfig.outboundConfig!!.artemisBrokerAddress)
|
||||
val floatFolder = tempFolder.root.toPath() / "float"
|
||||
val floatConfigResource = "/net/corda/bridge/withfloat/float/bridge.conf"
|
||||
val floatConfigResource = "/net/corda/bridge/withfloat/float/firewall.conf"
|
||||
val floatConfig = createAndLoadConfigFromResource(floatFolder, floatConfigResource)
|
||||
floatConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
|
||||
createNetworkParams(floatFolder)
|
||||
assertEquals(BridgeMode.FloatOuter, floatConfig.bridgeMode)
|
||||
assertEquals(FirewallMode.FloatOuter, floatConfig.firewallMode)
|
||||
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), floatConfig.inboundConfig!!.listeningAddress)
|
||||
val (artemisServer, artemisClient) = createArtemis()
|
||||
try {
|
||||
installBridgeControlResponder(artemisClient)
|
||||
val bridge = BridgeInstance(bridgeConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val bridge = FirewallInstance(bridgeConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val bridgeStateFollower = bridge.activeChange.toBlocking().iterator
|
||||
val float = BridgeInstance(floatConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val float = FirewallInstance(floatConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val floatStateFollower = float.activeChange.toBlocking().iterator
|
||||
assertEquals(false, floatStateFollower.next())
|
||||
float.start()
|
||||
@ -140,7 +140,7 @@ class BridgeIntegrationTest {
|
||||
|
||||
@Test
|
||||
fun `Run HA all in one mode`() {
|
||||
val configResource = "/net/corda/bridge/hasingleprocess/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/hasingleprocess/firewall.conf"
|
||||
createNetworkParams(tempFolder.root.toPath())
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(BridgeHAConfigImpl("zk://localhost:11105,zk://localhost:11106", 10), config.haConfig)
|
||||
@ -149,7 +149,7 @@ class BridgeIntegrationTest {
|
||||
val zkServer = TestingServer(11105, false)
|
||||
try {
|
||||
installBridgeControlResponder(artemisClient)
|
||||
val bridge = BridgeInstance(config, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val bridge = FirewallInstance(config, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val stateFollower = bridge.activeChange.toBlocking().iterator
|
||||
assertEquals(false, stateFollower.next())
|
||||
assertEquals(false, bridge.active)
|
||||
@ -190,13 +190,13 @@ class BridgeIntegrationTest {
|
||||
@Test
|
||||
fun `Run HA float and bridge mode`() {
|
||||
val bridgeFolder = tempFolder.root.toPath()
|
||||
val bridgeConfigResource = "/net/corda/bridge/hawithfloat/bridge/bridge.conf"
|
||||
val bridgeConfigResource = "/net/corda/bridge/hawithfloat/bridge/firewall.conf"
|
||||
val bridgeConfig = createAndLoadConfigFromResource(bridgeFolder, bridgeConfigResource)
|
||||
assertEquals(BridgeHAConfigImpl("zk://localhost:11105", 20, "/custom/bridge/ha"), bridgeConfig.haConfig)
|
||||
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
|
||||
createNetworkParams(bridgeFolder)
|
||||
val floatFolder = tempFolder.root.toPath() / "float"
|
||||
val floatConfigResource = "/net/corda/bridge/hawithfloat/float/bridge.conf"
|
||||
val floatConfigResource = "/net/corda/bridge/hawithfloat/float/firewall.conf"
|
||||
val floatConfig = createAndLoadConfigFromResource(floatFolder, floatConfigResource)
|
||||
assertNull(floatConfig.haConfig)
|
||||
floatConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
|
||||
@ -205,9 +205,9 @@ class BridgeIntegrationTest {
|
||||
val zkServer = TestingServer(11105, false)
|
||||
try {
|
||||
installBridgeControlResponder(artemisClient)
|
||||
val bridge = BridgeInstance(bridgeConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val bridge = FirewallInstance(bridgeConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val bridgeStateFollower = bridge.activeChange.toBlocking().iterator
|
||||
val float = BridgeInstance(floatConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val float = FirewallInstance(floatConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val floatStateFollower = float.activeChange.toBlocking().iterator
|
||||
assertEquals(false, bridgeStateFollower.next())
|
||||
assertEquals(false, bridge.active)
|
||||
@ -261,10 +261,10 @@ class BridgeIntegrationTest {
|
||||
|
||||
@Test
|
||||
fun `Test artemis failover logic`() {
|
||||
val configResource = "/net/corda/bridge/artemisfailover/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/artemisfailover/firewall.conf"
|
||||
createNetworkParams(tempFolder.root.toPath())
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(BridgeMode.SenderReceiver, config.bridgeMode)
|
||||
assertEquals(FirewallMode.SenderReceiver, config.firewallMode)
|
||||
assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress)
|
||||
assertEquals(listOf(NetworkHostAndPort("localhost", 12005)), config.outboundConfig!!.alternateArtemisBrokerAddresses)
|
||||
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress)
|
||||
@ -279,7 +279,7 @@ class BridgeIntegrationTest {
|
||||
artemisClient2.start()
|
||||
installBridgeControlResponder(artemisClient)
|
||||
installBridgeControlResponder(artemisClient2)
|
||||
val bridge = BridgeInstance(config, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val bridge = FirewallInstance(config, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val stateFollower = bridge.activeChange.toBlocking().iterator
|
||||
assertEquals(false, stateFollower.next())
|
||||
assertEquals(false, bridge.active)
|
||||
@ -316,28 +316,28 @@ class BridgeIntegrationTest {
|
||||
@Test
|
||||
fun `Test artemis failover logic with float`() {
|
||||
val bridgeFolder = tempFolder.root.toPath()
|
||||
val bridgeConfigResource = "/net/corda/bridge/artemisfailoverandfloat/bridge/bridge.conf"
|
||||
val bridgeConfigResource = "/net/corda/bridge/artemisfailoverandfloat/bridge/firewall.conf"
|
||||
val bridgeConfig = createAndLoadConfigFromResource(bridgeFolder, bridgeConfigResource)
|
||||
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
|
||||
createNetworkParams(bridgeFolder)
|
||||
assertEquals(BridgeMode.BridgeInner, bridgeConfig.bridgeMode)
|
||||
assertEquals(FirewallMode.BridgeInner, bridgeConfig.firewallMode)
|
||||
assertEquals(NetworkHostAndPort("localhost", 11005), bridgeConfig.outboundConfig!!.artemisBrokerAddress)
|
||||
assertEquals(listOf(NetworkHostAndPort("localhost", 12005)), bridgeConfig.outboundConfig!!.alternateArtemisBrokerAddresses)
|
||||
val floatFolder = tempFolder.root.toPath() / "float"
|
||||
val floatConfigResource = "/net/corda/bridge/artemisfailoverandfloat/float/bridge.conf"
|
||||
val floatConfigResource = "/net/corda/bridge/artemisfailoverandfloat/float/firewall.conf"
|
||||
val floatConfig = createAndLoadConfigFromResource(floatFolder, floatConfigResource)
|
||||
floatConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
|
||||
createNetworkParams(floatFolder)
|
||||
assertEquals(BridgeMode.FloatOuter, floatConfig.bridgeMode)
|
||||
assertEquals(FirewallMode.FloatOuter, floatConfig.firewallMode)
|
||||
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), floatConfig.inboundConfig!!.listeningAddress)
|
||||
val (artemisServer, artemisClient) = createArtemis()
|
||||
val (artemisServer2, artemisClient2) = createArtemis2()
|
||||
val (artemisServer3, artemisClient3) = createDummyPeerArtemis()
|
||||
try {
|
||||
installBridgeControlResponder(artemisClient)
|
||||
val bridge = BridgeInstance(bridgeConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val bridge = FirewallInstance(bridgeConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val bridgeStateFollower = bridge.activeChange.toBlocking().iterator
|
||||
val float = BridgeInstance(floatConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val float = FirewallInstance(floatConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
|
||||
val floatStateFollower = float.activeChange.toBlocking().iterator
|
||||
assertEquals(false, floatStateFollower.next())
|
||||
float.start()
|
||||
|
@ -2,17 +2,18 @@ package net.corda.bridge
|
||||
|
||||
import co.paralleluniverse.fibers.Suspendable
|
||||
import net.corda.client.rpc.CordaRPCClient
|
||||
import net.corda.core.concurrent.CordaFuture
|
||||
import net.corda.core.flows.*
|
||||
import net.corda.core.identity.Party
|
||||
import net.corda.core.internal.concurrent.OpenFuture
|
||||
import net.corda.core.internal.concurrent.doneFuture
|
||||
import net.corda.core.internal.concurrent.openFuture
|
||||
import net.corda.core.messaging.startFlow
|
||||
import net.corda.core.utilities.getOrThrow
|
||||
import net.corda.core.utilities.unwrap
|
||||
import net.corda.node.services.Permissions
|
||||
import net.corda.testing.core.*
|
||||
import net.corda.testing.core.DUMMY_BANK_A_NAME
|
||||
import net.corda.testing.core.DUMMY_BANK_B_NAME
|
||||
import net.corda.testing.core.DUMMY_NOTARY_NAME
|
||||
import net.corda.testing.core.singleIdentity
|
||||
import net.corda.testing.internal.IntegrationTest
|
||||
import net.corda.testing.internal.IntegrationTestSchemas
|
||||
import net.corda.testing.internal.toDatabaseSchemaName
|
||||
@ -22,7 +23,6 @@ import org.junit.ClassRule
|
||||
import org.junit.Test
|
||||
import java.util.*
|
||||
import java.util.concurrent.ConcurrentHashMap
|
||||
import java.util.concurrent.CountDownLatch
|
||||
import kotlin.concurrent.thread
|
||||
import kotlin.test.assertEquals
|
||||
|
||||
|
@ -49,7 +49,7 @@ class AMQPListenerTest {
|
||||
|
||||
@Test
|
||||
fun `Basic AMPQListenerService lifecycle test`() {
|
||||
val configResource = "/net/corda/bridge/singleprocess/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/singleprocess/firewall.conf"
|
||||
val maxMessageSize = createNetworkParams(tempFolder.root.toPath())
|
||||
val bridgeConfig = createAndLoadConfigFromResource(tempFolder.root.toPath() / "listener", configResource)
|
||||
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
|
||||
@ -136,7 +136,7 @@ class AMQPListenerTest {
|
||||
|
||||
@Test
|
||||
fun `Bad certificate audit check`() {
|
||||
val configResource = "/net/corda/bridge/singleprocess/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/singleprocess/firewall.conf"
|
||||
val maxMessageSize = createNetworkParams(tempFolder.root.toPath())
|
||||
val bridgeConfig = createAndLoadConfigFromResource(tempFolder.root.toPath() / "listener", configResource)
|
||||
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
|
||||
|
@ -46,7 +46,7 @@ class ArtemisConnectionTest {
|
||||
|
||||
@Test
|
||||
fun `Basic lifecycle test`() {
|
||||
val configResource = "/net/corda/bridge/singleprocess/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/singleprocess/firewall.conf"
|
||||
createNetworkParams(tempFolder.root.toPath())
|
||||
val bridgeConfig = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
|
||||
|
@ -68,7 +68,7 @@ class TunnelControlTest {
|
||||
|
||||
@Test
|
||||
fun `Basic tunnel life cycle test`() {
|
||||
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/bridge.conf"
|
||||
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/firewall.conf"
|
||||
val bridgePath = tempFolder.root.toPath() / "bridge"
|
||||
bridgePath.createDirectories()
|
||||
val maxMessageSize = createNetworkParams(bridgePath)
|
||||
@ -89,7 +89,7 @@ class TunnelControlTest {
|
||||
haService.start()
|
||||
assertEquals(false, bridgeProxiedReceiverService.active)
|
||||
|
||||
val floatConfigResource = "/net/corda/bridge/withfloat/float/bridge.conf"
|
||||
val floatConfigResource = "/net/corda/bridge/withfloat/float/firewall.conf"
|
||||
val floatPath = tempFolder.root.toPath() / "float"
|
||||
floatPath.createDirectories()
|
||||
createNetworkParams(floatPath)
|
||||
@ -146,7 +146,7 @@ class TunnelControlTest {
|
||||
|
||||
@Test
|
||||
fun `Inbound message test`() {
|
||||
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/bridge.conf"
|
||||
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/firewall.conf"
|
||||
val bridgePath = tempFolder.root.toPath() / "bridge"
|
||||
bridgePath.createDirectories()
|
||||
val maxMessageSize = createNetworkParams(bridgePath)
|
||||
@ -170,7 +170,7 @@ class TunnelControlTest {
|
||||
haService.start()
|
||||
assertEquals(false, bridgeStateFollower.next())
|
||||
|
||||
val floatConfigResource = "/net/corda/bridge/withfloat/float/bridge.conf"
|
||||
val floatConfigResource = "/net/corda/bridge/withfloat/float/firewall.conf"
|
||||
val floatPath = tempFolder.root.toPath() / "float"
|
||||
floatPath.createDirectories()
|
||||
createNetworkParams(floatPath)
|
||||
|
@ -8,13 +8,13 @@
|
||||
* Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
*/
|
||||
|
||||
@file:JvmName("Bridge")
|
||||
@file:JvmName("Firewall")
|
||||
|
||||
package net.corda.bridge
|
||||
|
||||
import net.corda.bridge.internal.BridgeStartup
|
||||
import net.corda.bridge.internal.FirewallStartup
|
||||
import kotlin.system.exitProcess
|
||||
|
||||
fun main(args: Array<String>) {
|
||||
exitProcess(if (BridgeStartup(args).run()) 0 else 1)
|
||||
exitProcess(if (FirewallStartup(args).run()) 0 else 1)
|
||||
}
|
@ -12,9 +12,9 @@ package net.corda.bridge
|
||||
|
||||
import joptsimple.OptionParser
|
||||
import joptsimple.util.EnumConverter
|
||||
import net.corda.bridge.services.api.BridgeConfiguration
|
||||
import net.corda.bridge.services.api.FirewallConfiguration
|
||||
import net.corda.bridge.services.config.BridgeConfigHelper
|
||||
import net.corda.bridge.services.config.parseAsBridgeConfiguration
|
||||
import net.corda.bridge.services.config.parseAsFirewallConfiguration
|
||||
import net.corda.core.internal.div
|
||||
import org.slf4j.event.Level
|
||||
import java.io.PrintStream
|
||||
@ -27,13 +27,13 @@ class ArgsParser {
|
||||
// The intent of allowing a command line configurable directory and config path is to allow deployment flexibility.
|
||||
// Other general configuration should live inside the config file unless we regularly need temporary overrides on the command line
|
||||
private val baseDirectoryArg = optionParser
|
||||
.accepts("base-directory", "The bridge working directory where all the files are kept")
|
||||
.accepts("base-directory", "The firewall working directory where all the files are kept")
|
||||
.withRequiredArg()
|
||||
.defaultsTo(".")
|
||||
private val configFileArg = optionParser
|
||||
.accepts("config-file", "The path to the config file")
|
||||
.withRequiredArg()
|
||||
.defaultsTo("bridge.conf")
|
||||
.defaultsTo("firewall.conf")
|
||||
private val loggerLevel = optionParser
|
||||
.accepts("logging-level", "Enable logging at this level and higher")
|
||||
.withRequiredArg()
|
||||
@ -71,8 +71,8 @@ data class CmdLineOptions(val baseDirectory: Path,
|
||||
val loggingLevel: Level,
|
||||
val logToConsole: Boolean,
|
||||
val isVersion: Boolean) {
|
||||
fun loadConfig(): BridgeConfiguration {
|
||||
val config = BridgeConfigHelper.loadConfig(baseDirectory, configFile).parseAsBridgeConfiguration()
|
||||
fun loadConfig(): FirewallConfiguration {
|
||||
val config = BridgeConfigHelper.loadConfig(baseDirectory, configFile).parseAsFirewallConfiguration()
|
||||
return config
|
||||
}
|
||||
}
|
@ -12,17 +12,17 @@ package net.corda.bridge
|
||||
|
||||
|
||||
/**
|
||||
* Encapsulates various pieces of version information of the bridge.
|
||||
* Encapsulates various pieces of version information of the firewall.
|
||||
*/
|
||||
data class BridgeVersionInfo(
|
||||
data class FirewallVersionInfo(
|
||||
/**
|
||||
* Platform version of the bridge which is an integer value which increments on any release where any of the public
|
||||
* API of the entire Corda platform changes. This includes messaging, serialisation, bridge APIs, etc.
|
||||
* Platform version of the firewall which is an integer value which increments on any release where any of the public
|
||||
* API of the entire Corda platform changes. This includes messaging, serialisation, firewall APIs, etc.
|
||||
*/
|
||||
val platformVersion: Int,
|
||||
/** Release version string of the bridge. */
|
||||
/** Release version string of the firewall. */
|
||||
val releaseVersion: String,
|
||||
/** The exact version control commit ID of the bridge build. */
|
||||
/** The exact version control commit ID of the firewall build. */
|
||||
val revision: String,
|
||||
/** The bridge vendor */
|
||||
/** The firewall vendor */
|
||||
val vendor: String)
|
@ -10,7 +10,7 @@ import net.corda.serialization.internal.amqp.SerializerFactory
|
||||
import net.corda.serialization.internal.amqp.amqpMagic
|
||||
import java.util.concurrent.ConcurrentHashMap
|
||||
|
||||
class AMQPBridgeSerializationScheme(
|
||||
class AMQPFirewallSerializationScheme(
|
||||
cordappCustomSerializers: Set<SerializationCustomSerializer<*, *>>,
|
||||
serializerFactoriesForContexts: MutableMap<Pair<ClassWhitelist, ClassLoader>, SerializerFactory>
|
||||
) : AbstractAMQPSerializationScheme(cordappCustomSerializers, serializerFactoriesForContexts) {
|
@ -10,9 +10,9 @@
|
||||
|
||||
package net.corda.bridge.internal
|
||||
|
||||
import net.corda.bridge.BridgeVersionInfo
|
||||
import net.corda.bridge.FirewallVersionInfo
|
||||
import net.corda.bridge.services.api.*
|
||||
import net.corda.bridge.services.audit.LoggingBridgeAuditService
|
||||
import net.corda.bridge.services.audit.LoggingFirewallAuditService
|
||||
import net.corda.bridge.services.supervisors.BridgeSupervisorServiceImpl
|
||||
import net.corda.bridge.services.supervisors.FloatSupervisorServiceImpl
|
||||
import net.corda.bridge.services.util.ServiceStateCombiner
|
||||
@ -36,9 +36,9 @@ import net.corda.serialization.internal.SerializationFactoryImpl
|
||||
import rx.Subscription
|
||||
import java.util.concurrent.atomic.AtomicBoolean
|
||||
|
||||
class BridgeInstance(val conf: BridgeConfiguration,
|
||||
val versionInfo: BridgeVersionInfo,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : ServiceLifecycleSupport, ServiceStateSupport by stateHelper {
|
||||
class FirewallInstance(val conf: FirewallConfiguration,
|
||||
val versionInfo: FirewallVersionInfo,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : ServiceLifecycleSupport, ServiceStateSupport by stateHelper {
|
||||
companion object {
|
||||
val log = contextLogger()
|
||||
}
|
||||
@ -47,7 +47,7 @@ class BridgeInstance(val conf: BridgeConfiguration,
|
||||
private var shutdownHook: ShutdownHook? = null
|
||||
|
||||
private var maxMessageSize: Int = -1
|
||||
private lateinit var bridgeAuditService: BridgeAuditService
|
||||
private lateinit var firewallAuditService: FirewallAuditService
|
||||
private var bridgeSupervisorService: BridgeSupervisorService? = null
|
||||
private var floatSupervisorService: FloatSupervisorService? = null
|
||||
private var statusFollower: ServiceStateCombiner? = null
|
||||
@ -69,7 +69,7 @@ class BridgeInstance(val conf: BridgeConfiguration,
|
||||
val classloader = this.javaClass.classLoader
|
||||
nodeSerializationEnv = SerializationEnvironmentImpl(
|
||||
SerializationFactoryImpl().apply {
|
||||
registerScheme(AMQPBridgeSerializationScheme(emptyList()))
|
||||
registerScheme(AMQPFirewallSerializationScheme(emptyList()))
|
||||
},
|
||||
p2pContext = AMQP_P2P_CONTEXT.withClassLoader(classloader))
|
||||
}
|
||||
@ -101,8 +101,8 @@ class BridgeInstance(val conf: BridgeConfiguration,
|
||||
log.info("Shutdown complete")
|
||||
}
|
||||
|
||||
private val _exitFuture = openFuture<BridgeInstance>()
|
||||
val onExit: CordaFuture<BridgeInstance> get() = _exitFuture
|
||||
private val _exitFuture = openFuture<FirewallInstance>()
|
||||
val onExit: CordaFuture<FirewallInstance> get() = _exitFuture
|
||||
|
||||
private fun retrieveNetworkParameters() {
|
||||
val networkParamsFile = conf.baseDirectory / NETWORK_PARAMS_FILE_NAME
|
||||
@ -114,16 +114,16 @@ class BridgeInstance(val conf: BridgeConfiguration,
|
||||
|
||||
private fun createServices() {
|
||||
require(maxMessageSize > 0) { "maxMessageSize not initialised" }
|
||||
bridgeAuditService = LoggingBridgeAuditService(conf)
|
||||
when (conf.bridgeMode) {
|
||||
// In the SenderReceiver mode the inbound and outbound message paths are run from within a single bridge process.
|
||||
firewallAuditService = LoggingFirewallAuditService(conf)
|
||||
when (conf.firewallMode) {
|
||||
// In the SenderReceiver mode the inbound and outbound message paths are run from within a single firewall process.
|
||||
// The process thus contains components that listen for bridge control messages on Artemis.
|
||||
// The process can then initiates TLS/AMQP 1.0 connections to remote peers and transfers the outbound messages.
|
||||
// The process also runs a TLS/AMQP 1.0 server socket, which is can receive connections and messages from peers,
|
||||
// validate the messages and then forwards the packets to the Artemis inbox queue of the node.
|
||||
BridgeMode.SenderReceiver -> {
|
||||
floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService)
|
||||
bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService, floatSupervisorService!!.amqpListenerService)
|
||||
FirewallMode.SenderReceiver -> {
|
||||
floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService)
|
||||
bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService, floatSupervisorService!!.amqpListenerService)
|
||||
}
|
||||
// In the BridgeInner mode the process runs the full outbound message path as in the SenderReceiver mode, but the inbound path is split.
|
||||
// This 'Bridge Inner/Bridge Controller' process runs the more trusted portion of the inbound path.
|
||||
@ -131,8 +131,8 @@ class BridgeInstance(val conf: BridgeConfiguration,
|
||||
// Also the the 'Bridge Inner' does more complete validation of inbound messages and ensures that they correspond to legitimate
|
||||
// node inboxes, before transferring the message to Artemis. Potentially it might carry out deeper checks of received packets.
|
||||
// However, the 'Bridge Inner' is not directly exposed to the internet, or peers and does not host the TLS/AMQP 1.0 server socket.
|
||||
BridgeMode.BridgeInner -> {
|
||||
bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService, null)
|
||||
FirewallMode.BridgeInner -> {
|
||||
bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService, null)
|
||||
}
|
||||
// In the FloatOuter mode this process runs a minimal AMQP proxy that is designed to run in a DMZ zone.
|
||||
// The process holds the minimum data necessary to act as the TLS/AMQP 1.0 receiver socket and tries
|
||||
@ -146,18 +146,18 @@ class BridgeInstance(val conf: BridgeConfiguration,
|
||||
// be validated against the keys/certificates sent across the control tunnel. Inbound messages are given basic checks that do not require
|
||||
// holding potentially sensitive information and are then forwarded across the control tunnel to the 'Bridge Inner' process for more
|
||||
// complete validation checks.
|
||||
BridgeMode.FloatOuter -> {
|
||||
floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService)
|
||||
FirewallMode.FloatOuter -> {
|
||||
floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService)
|
||||
}
|
||||
}
|
||||
statusFollower = ServiceStateCombiner(listOf(bridgeAuditService, floatSupervisorService, bridgeSupervisorService).filterNotNull())
|
||||
statusFollower = ServiceStateCombiner(listOf(firewallAuditService, floatSupervisorService, bridgeSupervisorService).filterNotNull())
|
||||
statusSubscriber = statusFollower!!.activeChange.subscribe({
|
||||
stateHelper.active = it
|
||||
}, { log.error("Error in state change", it) })
|
||||
}
|
||||
|
||||
private fun startServices() {
|
||||
bridgeAuditService.start()
|
||||
firewallAuditService.start()
|
||||
bridgeSupervisorService?.start()
|
||||
floatSupervisorService?.start()
|
||||
}
|
||||
@ -166,7 +166,7 @@ class BridgeInstance(val conf: BridgeConfiguration,
|
||||
stateHelper.active = false
|
||||
floatSupervisorService?.stop()
|
||||
bridgeSupervisorService?.stop()
|
||||
bridgeAuditService.stop()
|
||||
firewallAuditService.stop()
|
||||
statusSubscriber?.unsubscribe()
|
||||
statusSubscriber = null
|
||||
statusFollower = null
|
@ -13,9 +13,9 @@ package net.corda.bridge.internal
|
||||
import com.jcabi.manifests.Manifests
|
||||
import joptsimple.OptionException
|
||||
import net.corda.bridge.ArgsParser
|
||||
import net.corda.bridge.BridgeVersionInfo
|
||||
import net.corda.bridge.CmdLineOptions
|
||||
import net.corda.bridge.services.api.BridgeConfiguration
|
||||
import net.corda.bridge.FirewallVersionInfo
|
||||
import net.corda.bridge.services.api.FirewallConfiguration
|
||||
import net.corda.core.internal.createDirectories
|
||||
import net.corda.core.internal.div
|
||||
import net.corda.core.utilities.contextLogger
|
||||
@ -29,7 +29,7 @@ import java.nio.file.Path
|
||||
import java.util.*
|
||||
import kotlin.system.exitProcess
|
||||
|
||||
class BridgeStartup(val args: Array<String>) {
|
||||
class FirewallStartup(val args: Array<String>) {
|
||||
companion object {
|
||||
// lazy init the logging, because the logging levels aren't configured until we have parsed some options.
|
||||
private val log by lazy { contextLogger() }
|
||||
@ -37,14 +37,14 @@ class BridgeStartup(val args: Array<String>) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @return true if the bridge startup was successful. This value is intended to be the exit code of the process.
|
||||
* @return true if the firewalls startup was successful. This value is intended to be the exit code of the process.
|
||||
*/
|
||||
fun run(): Boolean {
|
||||
val startTime = System.currentTimeMillis()
|
||||
val (argsParser, cmdlineOptions) = parseArguments()
|
||||
|
||||
// We do the single bridge check before we initialise logging so that in case of a double-bridge start it
|
||||
// doesn't mess with the running bridge's logs.
|
||||
// We do the single firewall check before we initialise logging so that in case of a double-firewall start it
|
||||
// doesn't mess with the running firewall's logs.
|
||||
enforceSingleBridgeIsRunning(cmdlineOptions.baseDirectory)
|
||||
|
||||
initLogging(cmdlineOptions)
|
||||
@ -66,26 +66,26 @@ class BridgeStartup(val args: Array<String>) {
|
||||
val conf = try {
|
||||
loadConfigFile(cmdlineOptions)
|
||||
} catch (e: Exception) {
|
||||
log.error("Exception during bridge configuration", e)
|
||||
log.error("Exception during firewall configuration", e)
|
||||
return false
|
||||
}
|
||||
|
||||
try {
|
||||
logStartupInfo(versionInfo, cmdlineOptions, conf)
|
||||
} catch (e: Exception) {
|
||||
log.error("Exception during bridge registration", e)
|
||||
log.error("Exception during firewall registration", e)
|
||||
return false
|
||||
}
|
||||
|
||||
val bridge = try {
|
||||
val firewall = try {
|
||||
cmdlineOptions.baseDirectory.createDirectories()
|
||||
startBridge(conf, versionInfo, startTime)
|
||||
startFirewall(conf, versionInfo, startTime)
|
||||
} catch (e: Exception) {
|
||||
if (e.message?.startsWith("Unknown named curve:") == true) {
|
||||
log.error("Exception during bridge startup - ${e.message}. " +
|
||||
log.error("Exception during firewall startup - ${e.message}. " +
|
||||
"This is a known OpenJDK issue on some Linux distributions, please use OpenJDK from zulu.org or Oracle JDK.")
|
||||
} else {
|
||||
log.error("Exception during bridge startup", e)
|
||||
log.error("Exception during firewall startup", e)
|
||||
}
|
||||
return false
|
||||
}
|
||||
@ -93,23 +93,23 @@ class BridgeStartup(val args: Array<String>) {
|
||||
if (System.getProperties().containsKey("WAIT_KEY_FOR_EXIT")) {
|
||||
System.`in`.read() // Inside IntelliJ we can't forward CTRL-C, so debugging shutdown is a nightmare. So allow -DWAIT_KEY_FOR_EXIT flag for key based quit.
|
||||
} else {
|
||||
bridge.onExit.get()
|
||||
firewall.onExit.get()
|
||||
}
|
||||
|
||||
log.info("bridge shutting down")
|
||||
bridge.stop()
|
||||
log.info("firewall shutting down")
|
||||
firewall.stop()
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
fun logStartupInfo(versionInfo: BridgeVersionInfo, cmdlineOptions: CmdLineOptions, conf: BridgeConfiguration) {
|
||||
fun logStartupInfo(versionInfo: FirewallVersionInfo, cmdlineOptions: CmdLineOptions, conf: FirewallConfiguration) {
|
||||
log.info("Vendor: ${versionInfo.vendor}")
|
||||
log.info("Release: ${versionInfo.releaseVersion}")
|
||||
log.info("Platform Version: ${versionInfo.platformVersion}")
|
||||
log.info("Revision: ${versionInfo.revision}")
|
||||
val info = ManagementFactory.getRuntimeMXBean()
|
||||
log.info("PID: ${info.name.split("@").firstOrNull()}") // TODO Java 9 has better support for this
|
||||
log.info("Main class: ${BridgeStartup::class.java.protectionDomain.codeSource.location.toURI().path}")
|
||||
log.info("Main class: ${FirewallStartup::class.java.protectionDomain.codeSource.location.toURI().path}")
|
||||
log.info("CommandLine Args: ${info.inputArguments.joinToString(" ")}")
|
||||
log.info("Application Args: ${args.joinToString(" ")}")
|
||||
log.info("bootclasspath: ${info.bootClassPath}")
|
||||
@ -121,16 +121,16 @@ class BridgeStartup(val args: Array<String>) {
|
||||
if (agentProperties.containsKey("sun.jdwp.listenerAddress")) {
|
||||
log.info("Debug port: ${agentProperties.getProperty("sun.jdwp.listenerAddress")}")
|
||||
}
|
||||
log.info("Starting as bridge mode of ${conf.bridgeMode}")
|
||||
log.info("Starting as firewall mode of ${conf.firewallMode}")
|
||||
}
|
||||
|
||||
protected fun loadConfigFile(cmdlineOptions: CmdLineOptions): BridgeConfiguration = cmdlineOptions.loadConfig()
|
||||
protected fun loadConfigFile(cmdlineOptions: CmdLineOptions): FirewallConfiguration = cmdlineOptions.loadConfig()
|
||||
|
||||
protected fun getVersionInfo(): BridgeVersionInfo {
|
||||
protected fun getVersionInfo(): FirewallVersionInfo {
|
||||
// Manifest properties are only available if running from the corda jar
|
||||
fun manifestValue(name: String): String? = if (Manifests.exists(name)) Manifests.read(name) else null
|
||||
|
||||
return BridgeVersionInfo(
|
||||
return FirewallVersionInfo(
|
||||
manifestValue("Corda-Platform-Version")?.toInt() ?: 1,
|
||||
manifestValue("Corda-Release-Version") ?: "Unknown",
|
||||
manifestValue("Corda-Revision") ?: "Unknown",
|
||||
@ -143,14 +143,14 @@ class BridgeStartup(val args: Array<String>) {
|
||||
// file that we'll do our best to delete on exit. But if we don't, it'll be overwritten next time. If it already
|
||||
// exists, we try to take the file lock first before replacing it and if that fails it means we're being started
|
||||
// twice with the same directory: that's a user error and we should bail out.
|
||||
val pidFile = (baseDirectory / "bridge-process-id").toFile()
|
||||
val pidFile = (baseDirectory / "firewall-process-id").toFile()
|
||||
pidFile.createNewFile()
|
||||
pidFile.deleteOnExit()
|
||||
val pidFileRw = RandomAccessFile(pidFile, "rw")
|
||||
val pidFileLock = pidFileRw.channel.tryLock()
|
||||
if (pidFileLock == null) {
|
||||
println("It appears there is already a bridge running with the specified data directory $baseDirectory")
|
||||
println("Shut that other bridge down and try again. It may have process ID ${pidFile.readText()}")
|
||||
println("It appears there is already a firewall running with the specified data directory $baseDirectory")
|
||||
println("Shut that other firewall down and try again. It may have process ID ${pidFile.readText()}")
|
||||
System.exit(1)
|
||||
}
|
||||
// Avoid the lock being garbage collected. We don't really need to release it as the OS will do so for us
|
||||
@ -204,11 +204,11 @@ class BridgeStartup(val args: Array<String>) {
|
||||
SLF4JBridgeHandler.install()
|
||||
}
|
||||
|
||||
fun startBridge(conf: BridgeConfiguration, versionInfo: BridgeVersionInfo, startTime: Long): BridgeInstance {
|
||||
val bridge = BridgeInstance(conf, versionInfo)
|
||||
bridge.start()
|
||||
fun startFirewall(conf: FirewallConfiguration, versionInfo: FirewallVersionInfo, startTime: Long): FirewallInstance {
|
||||
val firewall = FirewallInstance(conf, versionInfo)
|
||||
firewall.start()
|
||||
val elapsed = (System.currentTimeMillis() - startTime) / 10 / 100.0
|
||||
log.info("Bridge started up and registered in $elapsed sec")
|
||||
return bridge
|
||||
log.info("Firewall started up and registered in $elapsed sec")
|
||||
return firewall
|
||||
}
|
||||
}
|
@ -17,7 +17,7 @@ import java.security.KeyStore
|
||||
|
||||
/**
|
||||
* This service when activated via [provisionKeysAndActivate] installs an AMQP listening socket,
|
||||
* which listens on the port specified in the [BridgeConfiguration.inboundConfig] section.
|
||||
* which listens on the port specified in the [FirewallConfiguration.inboundConfig] section.
|
||||
* The service technically runs inside the 'float' portion of the bridge, so that it can be run remotely inside the DMZ.
|
||||
* As a result it reports as active, whilst not actually listening. Only when the TLS [KeyStore]s are passed to it
|
||||
* does the service become [running].
|
||||
|
@ -13,7 +13,7 @@ package net.corda.bridge.services.api
|
||||
import net.corda.nodeapi.internal.ArtemisMessagingClient
|
||||
|
||||
/**
|
||||
* This provides a service to manage connection to the local broker as defined in the [BridgeConfiguration.outboundConfig] section.
|
||||
* This provides a service to manage connection to the local broker as defined in the [FirewallConfiguration.outboundConfig] section.
|
||||
* Once started the service will repeatedly attempt to connect to the bus, signalling success by changing to the [active] state.
|
||||
*/
|
||||
interface BridgeArtemisConnectionService : ServiceLifecycleSupport {
|
||||
|
@ -11,9 +11,9 @@
|
||||
package net.corda.bridge.services.api
|
||||
|
||||
/**
|
||||
* This is the top level service representing the [BridgeMode.BridgeInner] service stack. The primary role of this component is to
|
||||
* create and wire up concrete implementations of the relevant services according to the [BridgeConfiguration] details.
|
||||
* This is the top level service representing the [FirewallMode.BridgeInner] service stack. The primary role of this component is to
|
||||
* create and wire up concrete implementations of the relevant services according to the [FirewallConfiguration] details.
|
||||
* The possibly proxied path to the [BridgeAMQPListenerService] is typically a constructor input
|
||||
* as that is a [BridgeMode.FloatOuter] component.
|
||||
* as that is a [FirewallMode.FloatOuter] component.
|
||||
*/
|
||||
interface BridgeSupervisorService : ServiceLifecycleSupport
|
@ -18,7 +18,7 @@ import java.net.InetSocketAddress
|
||||
* Currently the simple implementation just records events to log file, but future implementations may need to post
|
||||
* security data to an enterprise service.
|
||||
*/
|
||||
interface BridgeAuditService : ServiceLifecycleSupport {
|
||||
interface FirewallAuditService : ServiceLifecycleSupport {
|
||||
fun successfulConnectionEvent(inbound: Boolean, sourceIP: InetSocketAddress, certificateSubject: String, msg: String)
|
||||
fun failedConnectionEvent(inbound: Boolean, sourceIP: InetSocketAddress?, certificateSubject: String?, msg: String)
|
||||
fun packetDropEvent(packet: ReceivedMessage?, msg: String)
|
@ -17,7 +17,7 @@ import net.corda.nodeapi.internal.config.SSLConfiguration
|
||||
import net.corda.nodeapi.internal.protonwrapper.netty.SocksProxyConfig
|
||||
import java.nio.file.Path
|
||||
|
||||
enum class BridgeMode {
|
||||
enum class FirewallMode {
|
||||
/**
|
||||
* The Bridge/Float is run as a single process with both AMQP sending and receiving functionality.
|
||||
*/
|
||||
@ -71,8 +71,8 @@ interface BridgeInboundConfiguration {
|
||||
}
|
||||
|
||||
/**
|
||||
* Details of the target control ports of available [BridgeMode.FloatOuter] processes from the perspective of the [BridgeMode.BridgeInner] process.
|
||||
* Required for [BridgeMode.BridgeInner] mode.
|
||||
* Details of the target control ports of available [FirewallMode.FloatOuter] processes from the perspective of the [FirewallMode.BridgeInner] process.
|
||||
* Required for [FirewallMode.BridgeInner] mode.
|
||||
*/
|
||||
interface BridgeInnerConfiguration {
|
||||
val floatAddresses: List<NetworkHostAndPort>
|
||||
@ -91,8 +91,8 @@ interface BridgeHAConfig {
|
||||
}
|
||||
|
||||
/**
|
||||
* Details of the listening port for a [BridgeMode.FloatOuter] process and of the certificate that the [BridgeMode.BridgeInner] should present.
|
||||
* Required for [BridgeMode.FloatOuter] mode.
|
||||
* Details of the listening port for a [FirewallMode.FloatOuter] process and of the certificate that the [FirewallMode.BridgeInner] should present.
|
||||
* Required for [FirewallMode.FloatOuter] mode.
|
||||
*/
|
||||
interface FloatOuterConfiguration {
|
||||
val floatAddress: NetworkHostAndPort
|
||||
@ -101,8 +101,8 @@ interface FloatOuterConfiguration {
|
||||
val customSSLConfiguration: BridgeSSLConfiguration?
|
||||
}
|
||||
|
||||
interface BridgeConfiguration : NodeSSLConfiguration {
|
||||
val bridgeMode: BridgeMode
|
||||
interface FirewallConfiguration : NodeSSLConfiguration {
|
||||
val firewallMode: FirewallMode
|
||||
val outboundConfig: BridgeOutboundConfiguration?
|
||||
val inboundConfig: BridgeInboundConfiguration?
|
||||
val bridgeInnerConfig: BridgeInnerConfiguration?
|
@ -11,7 +11,7 @@
|
||||
package net.corda.bridge.services.api
|
||||
|
||||
/**
|
||||
* This service represent an AMQP socket listener that awaits a remote initiated connection from the [BridgeMode.BridgeInner].
|
||||
* Only one active connection is allowed at a time and it must match the configured requirements in the [BridgeConfiguration.bridgeInnerConfig].
|
||||
* This service represent an AMQP socket listener that awaits a remote initiated connection from the [FirewallMode.BridgeInner].
|
||||
* Only one active connection is allowed at a time and it must match the configured requirements in the [FirewallConfiguration.bridgeInnerConfig].
|
||||
*/
|
||||
interface FloatControlService : ServiceLifecycleSupport
|
@ -11,7 +11,7 @@
|
||||
package net.corda.bridge.services.api
|
||||
|
||||
/**
|
||||
* This is the top level service responsible for creating and managing the [BridgeMode.FloatOuter] portions of the bridge.
|
||||
* This is the top level service responsible for creating and managing the [FirewallMode.FloatOuter] portions of the bridge.
|
||||
* It exposes a possibly proxied [BridgeAMQPListenerService] component that is used in the [BridgeSupervisorService]
|
||||
* to wire up the internal portions of the AMQP peer inbound message path.
|
||||
*/
|
||||
|
@ -28,9 +28,9 @@ import rx.Subscription
|
||||
import java.lang.Long.min
|
||||
import java.util.concurrent.CountDownLatch
|
||||
|
||||
class BridgeArtemisConnectionServiceImpl(val conf: BridgeConfiguration,
|
||||
class BridgeArtemisConnectionServiceImpl(val conf: FirewallConfiguration,
|
||||
val maxMessageSize: Int,
|
||||
val auditService: BridgeAuditService,
|
||||
val auditService: FirewallAuditService,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeArtemisConnectionService, ServiceStateSupport by stateHelper {
|
||||
companion object {
|
||||
val log = contextLogger()
|
||||
|
@ -10,8 +10,8 @@
|
||||
|
||||
package net.corda.bridge.services.audit
|
||||
|
||||
import net.corda.bridge.services.api.BridgeAuditService
|
||||
import net.corda.bridge.services.api.BridgeConfiguration
|
||||
import net.corda.bridge.services.api.FirewallAuditService
|
||||
import net.corda.bridge.services.api.FirewallConfiguration
|
||||
import net.corda.bridge.services.api.ServiceStateSupport
|
||||
import net.corda.bridge.services.util.ServiceStateHelper
|
||||
import net.corda.core.utilities.contextLogger
|
||||
@ -19,8 +19,8 @@ import net.corda.core.utilities.trace
|
||||
import net.corda.nodeapi.internal.protonwrapper.messages.ReceivedMessage
|
||||
import java.net.InetSocketAddress
|
||||
|
||||
class LoggingBridgeAuditService(val conf: BridgeConfiguration,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeAuditService, ServiceStateSupport by stateHelper {
|
||||
class LoggingFirewallAuditService(val conf: FirewallConfiguration,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : FirewallAuditService, ServiceStateSupport by stateHelper {
|
||||
companion object {
|
||||
val log = contextLogger()
|
||||
}
|
@ -30,11 +30,11 @@ object BridgeConfigHelper {
|
||||
|
||||
private val log = LoggerFactory.getLogger(javaClass)
|
||||
fun loadConfig(baseDirectory: Path,
|
||||
configFile: Path = baseDirectory / "bridge.conf",
|
||||
configFile: Path = baseDirectory / "firewall.conf",
|
||||
allowMissingConfig: Boolean = false,
|
||||
configOverrides: Config = ConfigFactory.empty()): Config {
|
||||
val parseOptions = ConfigParseOptions.defaults()
|
||||
val defaultConfig = ConfigFactory.parseResources("bridgedefault.conf", parseOptions.setAllowMissing(false))
|
||||
val defaultConfig = ConfigFactory.parseResources("firewalldefault.conf", parseOptions.setAllowMissing(false))
|
||||
val appConfig = ConfigFactory.parseFile(configFile.toFile(), parseOptions.setAllowMissing(allowMissingConfig))
|
||||
val systemOverrides = systemProperties().bridgeEntriesOnly()
|
||||
val environmentOverrides = systemEnvironment().bridgeEntriesOnly()
|
||||
|
@ -23,7 +23,7 @@ import java.nio.file.Path
|
||||
import java.nio.file.Paths
|
||||
|
||||
|
||||
fun Config.parseAsBridgeConfiguration(): BridgeConfiguration = parseAs<BridgeConfigurationImpl>()
|
||||
fun Config.parseAsFirewallConfiguration(): FirewallConfiguration = parseAs<FirewallConfigurationImpl>()
|
||||
|
||||
data class BridgeSSLConfigurationImpl(override val keyStorePassword: String,
|
||||
override val trustStorePassword: String,
|
||||
@ -53,7 +53,7 @@ data class FloatOuterConfigurationImpl(override val floatAddress: NetworkHostAnd
|
||||
|
||||
data class BridgeHAConfigImpl(override val haConnectionString: String, override val haPriority: Int = 10, override val haTopic: String = "/bridge/ha") : BridgeHAConfig
|
||||
|
||||
data class BridgeConfigurationImpl(
|
||||
data class FirewallConfigurationImpl(
|
||||
override val baseDirectory: Path,
|
||||
override val certificatesDirectory: Path = baseDirectory / "certificates",
|
||||
override val sslKeystore: Path = certificatesDirectory / "sslkeystore.jks",
|
||||
@ -61,7 +61,7 @@ data class BridgeConfigurationImpl(
|
||||
override val crlCheckSoftFail: Boolean,
|
||||
override val keyStorePassword: String,
|
||||
override val trustStorePassword: String,
|
||||
override val bridgeMode: BridgeMode,
|
||||
override val firewallMode: FirewallMode,
|
||||
override val networkParametersPath: Path,
|
||||
override val outboundConfig: BridgeOutboundConfigurationImpl?,
|
||||
override val inboundConfig: BridgeInboundConfigurationImpl?,
|
||||
@ -74,13 +74,13 @@ data class BridgeConfigurationImpl(
|
||||
override val politeShutdownPeriod: Int = 1000,
|
||||
override val p2pConfirmationWindowSize: Int = 1048576,
|
||||
override val whitelistedHeaders: List<String> = ArtemisMessagingComponent.Companion.P2PMessagingHeaders.whitelistedHeaders.toList()
|
||||
) : BridgeConfiguration {
|
||||
) : FirewallConfiguration {
|
||||
init {
|
||||
if (bridgeMode == BridgeMode.SenderReceiver) {
|
||||
if (firewallMode == FirewallMode.SenderReceiver) {
|
||||
require(inboundConfig != null && outboundConfig != null) { "Missing required configuration" }
|
||||
} else if (bridgeMode == BridgeMode.BridgeInner) {
|
||||
} else if (firewallMode == FirewallMode.BridgeInner) {
|
||||
require(bridgeInnerConfig != null && outboundConfig != null) { "Missing required configuration" }
|
||||
} else if (bridgeMode == BridgeMode.FloatOuter) {
|
||||
} else if (firewallMode == FirewallMode.FloatOuter) {
|
||||
require(inboundConfig != null && floatOuterConfig != null) { "Missing required configuration" }
|
||||
}
|
||||
}
|
@ -24,8 +24,8 @@ import org.apache.activemq.artemis.api.core.client.ClientProducer
|
||||
import org.apache.activemq.artemis.api.core.client.ClientSession
|
||||
import rx.Subscription
|
||||
|
||||
class SimpleMessageFilterService(val conf: BridgeConfiguration,
|
||||
val auditService: BridgeAuditService,
|
||||
class SimpleMessageFilterService(val conf: FirewallConfiguration,
|
||||
val auditService: FirewallAuditService,
|
||||
val artemisConnectionService: BridgeArtemisConnectionService,
|
||||
val bridgeSenderService: BridgeSenderService,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : IncomingMessageFilterService, ServiceStateSupport by stateHelper {
|
||||
|
@ -10,9 +10,9 @@
|
||||
|
||||
package net.corda.bridge.services.ha
|
||||
|
||||
import net.corda.bridge.services.api.BridgeAuditService
|
||||
import net.corda.bridge.services.api.BridgeConfiguration
|
||||
import net.corda.bridge.services.api.BridgeMasterService
|
||||
import net.corda.bridge.services.api.FirewallAuditService
|
||||
import net.corda.bridge.services.api.FirewallConfiguration
|
||||
import net.corda.bridge.services.api.ServiceStateSupport
|
||||
import net.corda.bridge.services.util.ServiceStateHelper
|
||||
import net.corda.core.utilities.contextLogger
|
||||
@ -25,8 +25,8 @@ import java.util.concurrent.Executors
|
||||
import java.util.concurrent.ScheduledFuture
|
||||
import java.util.concurrent.TimeUnit
|
||||
|
||||
class ExternalMasterElectionService(val conf: BridgeConfiguration,
|
||||
val auditService: BridgeAuditService,
|
||||
class ExternalMasterElectionService(val conf: FirewallConfiguration,
|
||||
val auditService: FirewallAuditService,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeMasterService, ServiceStateSupport by stateHelper {
|
||||
|
||||
private var haElector: ZkLeader? = null
|
||||
|
@ -10,15 +10,15 @@
|
||||
|
||||
package net.corda.bridge.services.ha
|
||||
|
||||
import net.corda.bridge.services.api.BridgeAuditService
|
||||
import net.corda.bridge.services.api.BridgeConfiguration
|
||||
import net.corda.bridge.services.api.BridgeMasterService
|
||||
import net.corda.bridge.services.api.FirewallAuditService
|
||||
import net.corda.bridge.services.api.FirewallConfiguration
|
||||
import net.corda.bridge.services.api.ServiceStateSupport
|
||||
import net.corda.bridge.services.util.ServiceStateHelper
|
||||
import net.corda.core.utilities.contextLogger
|
||||
|
||||
class SingleInstanceMasterService(val conf: BridgeConfiguration,
|
||||
val auditService: BridgeAuditService,
|
||||
class SingleInstanceMasterService(val conf: FirewallConfiguration,
|
||||
val auditService: FirewallAuditService,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeMasterService, ServiceStateSupport by stateHelper {
|
||||
companion object {
|
||||
val log = contextLogger()
|
||||
|
@ -11,8 +11,8 @@
|
||||
package net.corda.bridge.services.receiver
|
||||
|
||||
import net.corda.bridge.services.api.BridgeAMQPListenerService
|
||||
import net.corda.bridge.services.api.BridgeAuditService
|
||||
import net.corda.bridge.services.api.BridgeConfiguration
|
||||
import net.corda.bridge.services.api.FirewallAuditService
|
||||
import net.corda.bridge.services.api.FirewallConfiguration
|
||||
import net.corda.bridge.services.api.ServiceStateSupport
|
||||
import net.corda.bridge.services.util.ServiceStateCombiner
|
||||
import net.corda.bridge.services.util.ServiceStateHelper
|
||||
@ -30,9 +30,9 @@ import java.io.ByteArrayInputStream
|
||||
import java.security.KeyStore
|
||||
import java.util.*
|
||||
|
||||
class BridgeAMQPListenerServiceImpl(val conf: BridgeConfiguration,
|
||||
class BridgeAMQPListenerServiceImpl(val conf: FirewallConfiguration,
|
||||
val maximumMessageSize: Int,
|
||||
val auditService: BridgeAuditService,
|
||||
val auditService: FirewallAuditService,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeAMQPListenerService, ServiceStateSupport by stateHelper {
|
||||
companion object {
|
||||
val log = contextLogger()
|
||||
|
@ -33,9 +33,9 @@ import java.util.concurrent.locks.ReentrantLock
|
||||
import kotlin.concurrent.withLock
|
||||
|
||||
|
||||
class FloatControlListenerService(val conf: BridgeConfiguration,
|
||||
class FloatControlListenerService(val conf: FirewallConfiguration,
|
||||
val maximumMessageSize: Int,
|
||||
val auditService: BridgeAuditService,
|
||||
val auditService: FirewallAuditService,
|
||||
val amqpListener: BridgeAMQPListenerService,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : FloatControlService, ServiceStateSupport by stateHelper {
|
||||
companion object {
|
||||
|
@ -19,8 +19,8 @@ import net.corda.nodeapi.internal.config.SSLConfiguration
|
||||
import net.corda.nodeapi.internal.protonwrapper.messages.ReceivedMessage
|
||||
import rx.Subscription
|
||||
|
||||
class InProcessBridgeReceiverService(val conf: BridgeConfiguration,
|
||||
val auditService: BridgeAuditService,
|
||||
class InProcessBridgeReceiverService(val conf: FirewallConfiguration,
|
||||
val auditService: FirewallAuditService,
|
||||
haService: BridgeMasterService,
|
||||
val amqpListenerService: BridgeAMQPListenerService,
|
||||
val filterService: IncomingMessageFilterService,
|
||||
|
@ -36,9 +36,9 @@ import java.security.SecureRandom
|
||||
import java.util.concurrent.TimeUnit
|
||||
import java.util.concurrent.TimeoutException
|
||||
|
||||
class TunnelingBridgeReceiverService(val conf: BridgeConfiguration,
|
||||
class TunnelingBridgeReceiverService(val conf: FirewallConfiguration,
|
||||
val maximumMessageSize: Int,
|
||||
val auditService: BridgeAuditService,
|
||||
val auditService: FirewallAuditService,
|
||||
haService: BridgeMasterService,
|
||||
val filterService: IncomingMessageFilterService,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeReceiverService, ServiceStateSupport by stateHelper {
|
||||
|
@ -20,9 +20,9 @@ import net.corda.nodeapi.internal.ArtemisSessionProvider
|
||||
import net.corda.nodeapi.internal.bridging.BridgeControlListener
|
||||
import rx.Subscription
|
||||
|
||||
class DirectBridgeSenderService(val conf: BridgeConfiguration,
|
||||
class DirectBridgeSenderService(val conf: FirewallConfiguration,
|
||||
val maxMessageSize: Int,
|
||||
val auditService: BridgeAuditService,
|
||||
val auditService: FirewallAuditService,
|
||||
haService: BridgeMasterService,
|
||||
val artemisConnectionService: BridgeArtemisConnectionService,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeSenderService, ServiceStateSupport by stateHelper {
|
||||
|
@ -24,9 +24,9 @@ import net.corda.core.utilities.contextLogger
|
||||
import org.slf4j.LoggerFactory
|
||||
import rx.Subscription
|
||||
|
||||
class BridgeSupervisorServiceImpl(val conf: BridgeConfiguration,
|
||||
class BridgeSupervisorServiceImpl(val conf: FirewallConfiguration,
|
||||
maxMessageSize: Int,
|
||||
val auditService: BridgeAuditService,
|
||||
val auditService: FirewallAuditService,
|
||||
inProcessAMQPListenerService: BridgeAMQPListenerService?,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeSupervisorService, ServiceStateSupport by stateHelper {
|
||||
companion object {
|
||||
@ -51,7 +51,7 @@ class BridgeSupervisorServiceImpl(val conf: BridgeConfiguration,
|
||||
artemisService = BridgeArtemisConnectionServiceImpl(conf, maxMessageSize, auditService)
|
||||
senderService = DirectBridgeSenderService(conf, maxMessageSize, auditService, haService, artemisService)
|
||||
filterService = SimpleMessageFilterService(conf, auditService, artemisService, senderService)
|
||||
receiverService = if (conf.bridgeMode == BridgeMode.SenderReceiver) {
|
||||
receiverService = if (conf.firewallMode == FirewallMode.SenderReceiver) {
|
||||
InProcessBridgeReceiverService(conf, auditService, haService, inProcessAMQPListenerService!!, filterService)
|
||||
} else {
|
||||
require(inProcessAMQPListenerService == null) { "Should not have an in process instance of the AMQPListenerService" }
|
||||
|
@ -19,9 +19,9 @@ import net.corda.core.utilities.contextLogger
|
||||
import org.slf4j.LoggerFactory
|
||||
import rx.Subscription
|
||||
|
||||
class FloatSupervisorServiceImpl(val conf: BridgeConfiguration,
|
||||
class FloatSupervisorServiceImpl(val conf: FirewallConfiguration,
|
||||
val maxMessageSize: Int,
|
||||
val auditService: BridgeAuditService,
|
||||
val auditService: FirewallAuditService,
|
||||
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : FloatSupervisorService, ServiceStateSupport by stateHelper {
|
||||
companion object {
|
||||
val log = contextLogger()
|
||||
@ -35,7 +35,7 @@ class FloatSupervisorServiceImpl(val conf: BridgeConfiguration,
|
||||
|
||||
init {
|
||||
amqpListenerService = BridgeAMQPListenerServiceImpl(conf, maxMessageSize, auditService)
|
||||
floatControlService = if (conf.bridgeMode == BridgeMode.FloatOuter) {
|
||||
floatControlService = if (conf.firewallMode == FirewallMode.FloatOuter) {
|
||||
require(conf.haConfig == null) { "Float process should not have HA config, that is controlled via the bridge." }
|
||||
FloatControlListenerService(conf, maxMessageSize, auditService, amqpListenerService)
|
||||
} else {
|
||||
|
@ -10,7 +10,7 @@
|
||||
|
||||
package net.corda.bridge
|
||||
|
||||
import net.corda.bridge.services.api.BridgeConfiguration
|
||||
import net.corda.bridge.services.api.FirewallConfiguration
|
||||
import net.corda.core.crypto.Crypto.generateKeyPair
|
||||
import net.corda.core.identity.CordaX500Name
|
||||
import net.corda.core.internal.createDirectories
|
||||
@ -51,7 +51,7 @@ fun createNetworkParams(baseDirectory: Path): Int {
|
||||
}
|
||||
|
||||
|
||||
fun createAndLoadConfigFromResource(baseDirectory: Path, configResource: String): BridgeConfiguration {
|
||||
fun createAndLoadConfigFromResource(baseDirectory: Path, configResource: String): FirewallConfiguration {
|
||||
val workspaceFolder = baseDirectory.normalize().toAbsolutePath()
|
||||
val args = arrayOf("--base-directory", workspaceFolder.toString())
|
||||
val argsParser = ArgsParser()
|
||||
|
@ -10,7 +10,7 @@
|
||||
|
||||
package net.corda.bridge
|
||||
|
||||
import net.corda.bridge.services.api.BridgeMode
|
||||
import net.corda.bridge.services.api.FirewallMode
|
||||
import net.corda.core.identity.CordaX500Name
|
||||
import net.corda.core.internal.div
|
||||
import net.corda.core.utilities.NetworkHostAndPort
|
||||
@ -35,9 +35,9 @@ class ConfigTest {
|
||||
|
||||
@Test
|
||||
fun `Load simple config`() {
|
||||
val configResource = "/net/corda/bridge/singleprocess/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/singleprocess/firewall.conf"
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(BridgeMode.SenderReceiver, config.bridgeMode)
|
||||
assertEquals(FirewallMode.SenderReceiver, config.firewallMode)
|
||||
assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress)
|
||||
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress)
|
||||
assertNull(config.bridgeInnerConfig)
|
||||
@ -46,9 +46,9 @@ class ConfigTest {
|
||||
|
||||
@Test
|
||||
fun `Load simple bridge config`() {
|
||||
val configResource = "/net/corda/bridge/withfloat/bridge/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/withfloat/bridge/firewall.conf"
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(BridgeMode.BridgeInner, config.bridgeMode)
|
||||
assertEquals(FirewallMode.BridgeInner, config.firewallMode)
|
||||
assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress)
|
||||
assertNull(config.inboundConfig)
|
||||
assertEquals(listOf(NetworkHostAndPort("localhost", 12005)), config.bridgeInnerConfig!!.floatAddresses)
|
||||
@ -58,9 +58,9 @@ class ConfigTest {
|
||||
|
||||
@Test
|
||||
fun `Load simple float config`() {
|
||||
val configResource = "/net/corda/bridge/withfloat/float/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/withfloat/float/firewall.conf"
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(BridgeMode.FloatOuter, config.bridgeMode)
|
||||
assertEquals(FirewallMode.FloatOuter, config.firewallMode)
|
||||
assertNull(config.outboundConfig)
|
||||
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress)
|
||||
assertNull(config.bridgeInnerConfig)
|
||||
@ -70,7 +70,7 @@ class ConfigTest {
|
||||
|
||||
@Test
|
||||
fun `Load overridden cert config`() {
|
||||
val configResource = "/net/corda/bridge/custombasecerts/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/custombasecerts/firewall.conf"
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(Paths.get("customcerts/mysslkeystore.jks"), config.sslKeystore)
|
||||
assertEquals(Paths.get("customcerts/mytruststore.jks"), config.trustStoreFile)
|
||||
@ -78,7 +78,7 @@ class ConfigTest {
|
||||
|
||||
@Test
|
||||
fun `Load custom inner certificate config`() {
|
||||
val configResource = "/net/corda/bridge/separatedwithcustomcerts/bridge/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/separatedwithcustomcerts/bridge/firewall.conf"
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(Paths.get("outboundcerts/outboundkeys.jks"), config.outboundConfig!!.customSSLConfiguration!!.sslKeystore)
|
||||
assertEquals(Paths.get("outboundcerts/outboundtrust.jks"), config.outboundConfig!!.customSSLConfiguration!!.trustStoreFile)
|
||||
@ -94,7 +94,7 @@ class ConfigTest {
|
||||
|
||||
@Test
|
||||
fun `Load custom outer certificate config`() {
|
||||
val configResource = "/net/corda/bridge/separatedwithcustomcerts/float/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/separatedwithcustomcerts/float/firewall.conf"
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(Paths.get("inboundcerts/inboundkeys.jks"), config.inboundConfig!!.customSSLConfiguration!!.sslKeystore)
|
||||
assertEquals(Paths.get("inboundcerts/inboundtrust.jks"), config.inboundConfig!!.customSSLConfiguration!!.trustStoreFile)
|
||||
@ -110,7 +110,7 @@ class ConfigTest {
|
||||
|
||||
@Test
|
||||
fun `Load config withsocks support`() {
|
||||
val configResource = "/net/corda/bridge/withsocks/bridge.conf"
|
||||
val configResource = "/net/corda/bridge/withsocks/firewall.conf"
|
||||
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
|
||||
assertEquals(SocksProxyVersion.SOCKS5, config.outboundConfig!!.socksProxyConfig!!.version)
|
||||
assertEquals(NetworkHostAndPort("localhost", 12345), config.outboundConfig!!.socksProxyConfig!!.proxyAddress)
|
||||
|
@ -13,8 +13,8 @@ package net.corda.bridge.services
|
||||
import com.nhaarman.mockito_kotlin.*
|
||||
import net.corda.bridge.createPartialMock
|
||||
import net.corda.bridge.services.api.BridgeArtemisConnectionService
|
||||
import net.corda.bridge.services.api.BridgeConfiguration
|
||||
import net.corda.bridge.services.api.BridgeSenderService
|
||||
import net.corda.bridge.services.api.FirewallConfiguration
|
||||
import net.corda.bridge.services.filter.SimpleMessageFilterService
|
||||
import net.corda.nodeapi.internal.ArtemisMessagingClient
|
||||
import net.corda.nodeapi.internal.ArtemisMessagingComponent
|
||||
@ -38,7 +38,7 @@ class FilterServiceTest {
|
||||
|
||||
@Test
|
||||
fun `Basic function tests`() {
|
||||
val conf = rigorousMock<BridgeConfiguration>().also {
|
||||
val conf = rigorousMock<FirewallConfiguration>().also {
|
||||
doReturn(ArtemisMessagingComponent.Companion.P2PMessagingHeaders.whitelistedHeaders.toList()).whenever(it).whitelistedHeaders
|
||||
}
|
||||
val auditService = TestAuditService()
|
||||
@ -109,7 +109,7 @@ class FilterServiceTest {
|
||||
|
||||
@Test
|
||||
fun `Rejection tests`() {
|
||||
val conf = rigorousMock<BridgeConfiguration>().also {
|
||||
val conf = rigorousMock<FirewallConfiguration>().also {
|
||||
doReturn(ArtemisMessagingComponent.Companion.P2PMessagingHeaders.whitelistedHeaders.toList()).whenever(it).whitelistedHeaders
|
||||
}
|
||||
val auditService = TestAuditService()
|
||||
|
@ -10,13 +10,13 @@
|
||||
|
||||
package net.corda.bridge.services
|
||||
|
||||
import net.corda.bridge.services.api.BridgeAuditService
|
||||
import net.corda.bridge.services.api.FirewallAuditService
|
||||
import net.corda.nodeapi.internal.protonwrapper.messages.ReceivedMessage
|
||||
import rx.Observable
|
||||
import rx.subjects.PublishSubject
|
||||
import java.net.InetSocketAddress
|
||||
|
||||
class TestAuditService() : BridgeAuditService, TestServiceBase() {
|
||||
class TestAuditService() : FirewallAuditService, TestServiceBase() {
|
||||
enum class AuditEvent {
|
||||
SUCCESSFUL_CONNECTION,
|
||||
FAILED_CONNECTION,
|
||||
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = SenderReceiver
|
||||
firewallMode = SenderReceiver
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
alternateArtemisBrokerAddresses = ["localhost:12005"]
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = BridgeInner
|
||||
firewallMode = BridgeInner
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
alternateArtemisBrokerAddresses = ["localhost:12005"]
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = FloatOuter
|
||||
firewallMode = FloatOuter
|
||||
inboundConfig : {
|
||||
listeningAddress = "0.0.0.0:10005"
|
||||
}
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = SenderReceiver
|
||||
firewallMode = SenderReceiver
|
||||
sslKeystore = "customcerts/mysslkeystore.jks"
|
||||
trustStoreFile = "customcerts/mytruststore.jks"
|
||||
outboundConfig : {
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = SenderReceiver
|
||||
firewallMode = SenderReceiver
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
}
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = BridgeInner
|
||||
firewallMode = BridgeInner
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
}
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = FloatOuter
|
||||
firewallMode = FloatOuter
|
||||
inboundConfig : {
|
||||
listeningAddress = "0.0.0.0:10005"
|
||||
}
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = BridgeInner
|
||||
firewallMode = BridgeInner
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
customSSLConfiguration : {
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = FloatOuter
|
||||
firewallMode = FloatOuter
|
||||
inboundConfig : {
|
||||
listeningAddress = "0.0.0.0:10005"
|
||||
customSSLConfiguration : {
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = SenderReceiver
|
||||
firewallMode = SenderReceiver
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
}
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = BridgeInner
|
||||
firewallMode = BridgeInner
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
}
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = FloatOuter
|
||||
firewallMode = FloatOuter
|
||||
inboundConfig : {
|
||||
listeningAddress = "0.0.0.0:10005"
|
||||
}
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = SenderReceiver
|
||||
firewallMode = SenderReceiver
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
socksProxyConfig : {
|
||||
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = SenderReceiver
|
||||
firewallMode = SenderReceiver
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
socksProxyConfig : {
|
||||
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = SenderReceiver
|
||||
firewallMode = SenderReceiver
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
socksProxyConfig : {
|
||||
|
@ -7,7 +7,7 @@
|
||||
//
|
||||
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
|
||||
|
||||
bridgeMode = SenderReceiver
|
||||
firewallMode = SenderReceiver
|
||||
outboundConfig : {
|
||||
artemisBrokerAddress = "localhost:11005"
|
||||
socksProxyConfig : {
|
@ -397,7 +397,7 @@ bintrayConfig {
|
||||
'corda-tools-blob-inspector',
|
||||
'corda-tools-explorer',
|
||||
'corda-tools-network-bootstrapper',
|
||||
'corda-bridgeserver',
|
||||
'corda-firewall',
|
||||
'corda-ptflows',
|
||||
'jmeter-corda',
|
||||
'tools-database-manager',
|
||||
|
@ -6,6 +6,12 @@ release, see :doc:`upgrade-notes`.
|
||||
|
||||
Unreleased
|
||||
----------
|
||||
|
||||
* The ``corda-bridgserver.jar`` has been renamed to ``corda-firewall.jar`` to be more consistent
|
||||
with marketing materials and purpose of the jar. Further to this we have also renamed ``bridge.conf`` to ``firewall.conf``
|
||||
and within that file the ``bridgeMode`` propety has been modified to ``firewallMode`` for overall consistency.
|
||||
This will be a breaking change for early adopters and their deployments, but hopefully will be more future proof.
|
||||
|
||||
* Remove all references to the out-of-process transaction verification.
|
||||
|
||||
* Introduced a hierarchy of ``DatabaseMigrationException``s, allowing ``NodeStartup`` to gracefully inform users of problems related to database migrations before exiting with a non-zero code.
|
||||
|
@ -1,12 +1,12 @@
|
||||
Bridge component overview
|
||||
=========================
|
||||
Firewall Component Overview
|
||||
===============================
|
||||
|
||||
.. contents::
|
||||
|
||||
Introduction
|
||||
------------
|
||||
The Corda bridge/float component is designed for enterprise deployments and acts as an application level
|
||||
firewall and protocol break on all internet facing endpoints. The ``corda-bridgeserver.jar`` encapsulates the peer
|
||||
The Corda Firewall (bridge/float) component is designed for enterprise deployments and acts as an application level
|
||||
firewall and protocol break on all internet facing endpoints. The ``corda-firewall.jar`` encapsulates the peer
|
||||
network functionality of the basic Corda Enterprise node, so that this can be operated separately from the security sensitive
|
||||
JVM runtime of the node. This gives separation of functionality and ensures that the legal identity keys are not
|
||||
used in the same process as the internet TLS connections. Also, it adds support for enterprise deployment requirements,
|
||||
@ -20,13 +20,13 @@ The component referred to here as the *bridge* is the library of code responsibl
|
||||
nodes and implements the AMQP 1.0 protocol over TLS 1.0 between peers to provide reliable flow message delivery. This
|
||||
component can be run as a simple integrated feature of the node. However, for enhanced security and features in Corda
|
||||
Enterprise, the in-node version should be turned off and a standalone and HA version can be run from the
|
||||
``corda-bridgeserver.jar``, possibly integrating with a SOCKS proxy.
|
||||
``corda-firewall.jar``, possibly integrating with a SOCKS proxy.
|
||||
|
||||
The *float* component refers to the inbound socket listener, packet filtering and DMZ compatible component. In the
|
||||
simple all-in-one node all inbound peer connections terminate directly onto an embedded Artemis broker component
|
||||
hosted within the node. The connection authentication and packet the filtering is managed directly via Artemis
|
||||
permission controls managed directly inside the node JVM. For Corda Enterprise deployments we provide a more
|
||||
secure and configurable isolation component that is available using code inside ``corda-bridgeserver.jar``. This
|
||||
secure and configurable isolation component that is available using code inside ``corda-firewall.jar``. This
|
||||
component is designed to provide a clear protocol break and thus prevents the node and Artemis server ever being
|
||||
directly exposed to peers. For simpler deployments with no DMZ the float and bridge logic can also be run as a
|
||||
single application behind the firewall, but still protecting the node and hosted Artemis. In future we may also host
|
||||
@ -119,9 +119,10 @@ Operating modes of the Bridge and Float
|
||||
Embedded Developer Node (node + artemis + internal bridge, no float, no DMZ)
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The simplest development deployment of the bridge is to just use the embedded Peer-to-Peer Artemis with the node as TLS endpoint
|
||||
and to have the outgoing packets use the internal bridge functionality. Typically this should only be used for easy development,
|
||||
or for organisations evaluating on Open Source Corda, where this is the only available option:
|
||||
The simplest development deployment of the node is without firewall and thus just use the embedded bridge and Peer-to-Peer
|
||||
Artemis with the node as TLS endpoint and to have the outgoing packets use the internal bridge functionality.
|
||||
Typically this should only be used for easy development, or for organisations evaluating on Open Source Corda,
|
||||
where this is the only available option:
|
||||
|
||||
.. image:: resources/bridge/node_embedded_bridge.png
|
||||
:scale: 100%
|
||||
@ -131,13 +132,13 @@ Node + Bridge (no float, no DMZ)
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The next simplest deployment is to turn off the built in bridge using the ``externalBridge`` enterprise config property
|
||||
and to run a single combined bridge/float process. This might be suitable for a test environment, to conserve VM's.
|
||||
and to run a single combined firewall process. This might be suitable for a test environment, to conserve VMs.
|
||||
|
||||
.. note:: Note that to run the bridge and the node on the same machine there could be a port conflict with a naive setup,
|
||||
.. note:: Note that to run the firewall and the node on the same machine there could be a port conflict with a naive ``node.conf`` setup,
|
||||
but by using the ``messagingServerAddress`` property to specify the bind address and port plus setting
|
||||
``messagingServerExternal = false``
|
||||
the embedded Artemis P2P broker can be set to listen on a different port rather than the advertised ``p2paddress`` port.
|
||||
Then configure an all-in-one bridge to point at this node:
|
||||
Then configure an all-in-one bridge to point at this node's ``messagingServerAddress``:
|
||||
|
||||
.. image:: resources/bridge/simple_bridge.png
|
||||
:scale: 100%
|
||||
@ -147,9 +148,10 @@ DMZ ready (node + bridge + float)
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
To familiarize oneself with the a more complete deployment including a DMZ and separated inbound and outbound paths
|
||||
the ``bridgeMode`` property in the ``bridge.conf`` should be set to ``BridgeInner`` for the bridge and
|
||||
``FloatOuter`` for the DMZ float. The diagram below shows such a non-HA deployment. This would not be recommended
|
||||
for production, unless used as part of a cold DR type standby.
|
||||
the ``firewallMode`` property in the ``firewall.conf`` should be set to ``BridgeInner`` for the bridge and
|
||||
``FloatOuter`` for the DMZ float. These mode names were chosen to remind users that the ``bridge`` should run in the trusted
|
||||
*inner* network zone and the ``float`` should run in the less trusted *outer* zone.
|
||||
The diagram below shows such a non-HA deployment. This would not be recommended for production, unless used as part of a cold DR type standby.
|
||||
|
||||
.. note:: Note that whilst the bridge needs access to the official TLS private
|
||||
key, the tunnel link should use a private set of link specific keys and certificates. The float will be provisioned
|
@ -1,12 +1,12 @@
|
||||
Corda Firewall
|
||||
==============
|
||||
|
||||
Corda Enterprise ships a component called the *Corda Firewall*. The firewall is actually made up of two separate programs,
|
||||
Corda Enterprise ships a component called the *Corda Firewall*. The firewall is actually made up of two separate modules,
|
||||
called the *bridge* and the *float*. These handle outbound and inbound connections respectively, and allow a node
|
||||
administrator to minimise the amount of code running in a network's DMZ. The firewall provides some basic protection
|
||||
features in this release: future releases may add enhanced monitoring and audit capabilities.
|
||||
|
||||
.. toctree::
|
||||
|
||||
corda-bridge-component
|
||||
bridge-configuration-file
|
||||
corda-firewall-component
|
||||
firewall-configuration-file
|
||||
|
@ -1,25 +1,25 @@
|
||||
Bridge configuration
|
||||
Firewall configuration
|
||||
====================
|
||||
|
||||
.. contents::
|
||||
|
||||
File location
|
||||
-------------
|
||||
When starting a standalone bridge, or float, the ``corda-bridgeserver.jar`` file defaults to reading the bridge's configuration from a ``bridge.conf`` file in
|
||||
When starting a standalone firewall (in bridge, or float mode), the ``corda-firewall.jar`` file defaults to reading the firewall's configuration from a ``firewall.conf`` file in
|
||||
the directory from which the command to launch the process is executed. There are two command-line options to override this
|
||||
behaviour:
|
||||
|
||||
* The ``--config-file`` command line option allows you to specify a configuration file with a different name, or at
|
||||
different file location. Paths are relative to the current working directory
|
||||
|
||||
* The ``--base-directory`` command line option allows you to specify the bridge's workspace location. A ``bridge.conf``
|
||||
* The ``--base-directory`` command line option allows you to specify the firewall's workspace location. A ``firewall.conf``
|
||||
configuration file is then expected in the root of this workspace
|
||||
|
||||
If you specify both command line arguments at the same time, the bridge will fail to start.
|
||||
If you specify both command line arguments at the same time, the firewall will fail to start.
|
||||
|
||||
Format
|
||||
------
|
||||
The Bridge configuration file uses the HOCON format which is superset of JSON. Please visit
|
||||
The firewall configuration file uses the HOCON format which is superset of JSON. Please visit
|
||||
`<https://github.com/typesafehub/config/blob/master/HOCON.md>`_ for further details.
|
||||
|
||||
.. warning:: Please do NOT use double quotes (``"``) in configuration keys.
|
||||
@ -31,40 +31,40 @@ The Bridge configuration file uses the HOCON format which is superset of JSON. P
|
||||
Defaults
|
||||
--------
|
||||
A set of default configuration options are loaded from the built-in resource file. Any options you do not specify in
|
||||
your own ``bridge.conf`` file will use these defaults:
|
||||
your own ``firewall.conf`` file will use these defaults:
|
||||
|
||||
.. literalinclude:: ../../bridge/src/main/resources/bridgedefault.conf
|
||||
.. literalinclude:: ../../bridge/src/main/resources/firewalldefault.conf
|
||||
:language: javascript
|
||||
|
||||
Bridge operating modes
|
||||
----------------------
|
||||
.. note:: By default, the Corda node assumes that it will carry out the peer-to-peer functions of the bridge internally!
|
||||
Before running a dedicated bridge process, it is essential to turn off the dev mode component by setting the
|
||||
.. note:: By default, the Corda node assumes that it will carry out the peer-to-peer functions of the ``bridge`` internally!
|
||||
Before running a dedicated firewall process, it is essential to turn off the dev mode component by setting the
|
||||
``enterpriseConfiguration.externalBridge`` property of the ``node.conf`` file to ``true``.
|
||||
If the ``externalBridge`` flag is not ``true``, there will be unexpected behaviour as the node will try to send peer-to-peer messages directly!
|
||||
|
||||
Assuming that an external bridge is to be used, the ``corda-bridgeserver.jar`` operates in one of three basic operating modes.
|
||||
The particular mode is selected via the required ``bridgeMode`` configuration property inside ``bridge.conf``:
|
||||
Assuming that an external firewall is to be used, the ``corda-firewall.jar`` operates in one of three basic operating modes.
|
||||
The particular mode is selected via the required ``firewallMode`` configuration property inside ``firewall.conf``:
|
||||
|
||||
:SenderReceiver: selects a single process bridge solution to isolate the node and Artemis broker from direct Internet contact.
|
||||
It is still assumed that the bridge process is behind a firewall, but both the message sending and receiving paths will pass via the ``bridge``.
|
||||
In this mode the ``outboundConfig`` and ``inboundConfig`` configuration sections of ``bridge.conf`` must be provided,
|
||||
:SenderReceiver: selects a single process firewall solution to isolate the node and Artemis broker from direct Internet contact.
|
||||
It is still assumed that the firewall process is behind a firewall, but both the message sending and receiving paths will pass via the ``bridge``.
|
||||
In this mode the ``outboundConfig`` and ``inboundConfig`` configuration sections of ``firewall.conf`` must be provided,
|
||||
the ``bridgeInnerConfig`` and ``floatOuterConfig`` sections should not be present.
|
||||
|
||||
:BridgeInner: mode runs this instance of the ``corda-bridgeserver.jar`` as the trusted portion of the peer-to-peer firewall float.
|
||||
:BridgeInner: mode runs this instance of the ``corda-firewall.jar`` as the trusted portion of the peer-to-peer firewall float.
|
||||
Specifically, this process runs the complete outbound message processing. For the inbound path it operates only the filtering and durable storing portions of the message processing.
|
||||
The process expects to connect through a firewall to a matched ``FloatOuter`` instance running in the DMZ as the actual ``TLS/AMQP 1.0`` termination point.
|
||||
|
||||
:FloatOuter: causes this instance of the ``corda-bridgeserver.jar`` to run as a protocol break proxy for inbound message path. The process
|
||||
:FloatOuter: causes this instance of the ``corda-firewall.jar`` to run as a protocol break proxy for inbound message path. The process
|
||||
will initialise a ``TLS`` control port and await connection from the ``BridgeInner``. Once the control connection is successful the ``BridgeInner`` will securely provision
|
||||
the ``TLS`` socket server key and certificates into the ``FloatOuter``. The process will then start listening for inbound connection from peer nodes.
|
||||
|
||||
Fields
|
||||
------
|
||||
The available config fields are listed below. ``baseDirectory`` is available as a substitution value and contains the
|
||||
absolute path to the bridge's base directory.
|
||||
absolute path to the firewall's base directory.
|
||||
|
||||
:bridgeMode: Determines operating mode of the bridge. See above.
|
||||
:firewallMode: Determines operating mode of the firewall. See above.
|
||||
|
||||
:keyStorePassword: The password to unlock the TLS KeyStore file (``<workspace>/certificates/sslkeystore.jks``) containing the
|
||||
node certificate and private key. The private key password must be the same due to limitations in the Artemis libraries.
|
||||
@ -194,7 +194,7 @@ absolute path to the bridge's base directory.
|
||||
In future it intended that other schemes such as ``etcd`` are supported.
|
||||
|
||||
:haPriority: The implementation uses a prioritise leader election algorithm, so that a preferred master instance can be set. The highest priority is 0 and larger integers have lower priority.
|
||||
At the same level of priority, it is random which instance wins the leader election. If a bridge instance dies another will have the opportunity to become master in instead.
|
||||
At the same level of priority, it is random which instance wins the leader election. If a ``bridge`` instance dies another will have the opportunity to become master in instead.
|
||||
|
||||
:haTopic: Sets the zookeeper topic prefix that the nodes used in resolving the election and must be the same for all ``bridge``
|
||||
instances competing for master status. This is available to allow a single zookeeper cluster to be reused with multiple
|
||||
@ -357,11 +357,11 @@ Typical configuration for ``nodeserver2`` would be a ``node.conf`` files contain
|
||||
devMode = false // Turn off things like key autogeneration and require proper doorman registration.
|
||||
|
||||
|
||||
Configuration in ``bridge.conf`` for ``bridgeserver1``:
|
||||
Configuration in ``firewall.conf`` for ``bridgeserver1``:
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
bridgeMode = BridgeInner // Set the mode the corda-bridgeserver.jar runs as appropriately.
|
||||
firewallMode = BridgeInner // Set the mode the corda-firewall.jar runs as appropriately.
|
||||
outboundConfig { // Required section
|
||||
artemisBrokerAddress = "nodeserver1:11005" // point at primary Artemis address in the node
|
||||
alternateArtemisBrokerAddresses = [ "nodeserver2:11005" ] // List any other HA Artemis addresses
|
||||
@ -388,11 +388,11 @@ Configuration in ``bridge.conf`` for ``bridgeserver1``:
|
||||
}
|
||||
networkParametersPath = network-parameters // The network-parameters file is expected to be copied from the node after registration and here is expected in the workspace folder.
|
||||
|
||||
Configuration in ``bridge.conf`` for ``bridgeserver2``:
|
||||
Configuration in ``firewall.conf`` for ``bridgeserver2``:
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
bridgeMode = BridgeInner // Set the mode the corda-bridgeserver.jar runs as appropriately.
|
||||
firewallMode = BridgeInner // Set the mode the corda-firewall.jar runs as appropriately.
|
||||
outboundConfig { // Required section
|
||||
artemisBrokerAddress = "nodeserver2:11005" // point at primary Artemis address in the node
|
||||
alternateArtemisBrokerAddresses = [ "nodeserver1:11005" ] // List any other HA Artemis addresses
|
||||
@ -420,11 +420,11 @@ Configuration in ``bridge.conf`` for ``bridgeserver2``:
|
||||
networkParametersPath = network-parameters // The network-parameters file is expected to be copied from the node after registration and here is expected in the workspace folder.
|
||||
|
||||
|
||||
Configuration in ``bridge.conf`` for ``floatserver1``:
|
||||
Configuration in ``firewall.conf`` for ``floatserver1``:
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
bridgeMode = FloatOuter // Set the mode the corda-bridgeserver.jar runs as appropriately.
|
||||
firewallMode = FloatOuter // Set the mode the corda-firewall.jar runs as appropriately.
|
||||
inboundConfig { // Required section
|
||||
listeningAddress = "dmzexternal1:10005" // expose the listening port on the out NIC
|
||||
}
|
||||
@ -441,11 +441,11 @@ Configuration in ``bridge.conf`` for ``floatserver1``:
|
||||
}
|
||||
networkParametersPath = network-parameters // The network-parameters file is expected to be copied from the node after registration and here is expected in the workspace folder.
|
||||
|
||||
Configuration in ``bridge.conf`` for ``floatserver2``:
|
||||
Configuration in ``firewall.conf`` for ``floatserver2``:
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
bridgeMode = FloatOuter // Set the mode the corda-bridgeserver.jar runs as appropriately.
|
||||
firewallMode = FloatOuter // Set the mode the corda-firewall.jar runs as appropriately.
|
||||
inboundConfig { // Required section
|
||||
listeningAddress = "dmzexternal2:10005" // expose the listening port on the out NIC
|
||||
}
|
Before Width: | Height: | Size: 99 KiB After Width: | Height: | Size: 99 KiB |
Before Width: | Height: | Size: 109 KiB After Width: | Height: | Size: 110 KiB |
Before Width: | Height: | Size: 278 KiB After Width: | Height: | Size: 111 KiB |
Before Width: | Height: | Size: 289 KiB After Width: | Height: | Size: 117 KiB |
Before Width: | Height: | Size: 53 KiB After Width: | Height: | Size: 52 KiB |
Before Width: | Height: | Size: 66 KiB After Width: | Height: | Size: 66 KiB |
@ -126,7 +126,7 @@ class Distribution private constructor(
|
||||
CORDA_OS(setOf("corda", "corda-webserver", "corda-finance")),
|
||||
// bridge-server not available in Enterprise Dev Previews
|
||||
// migration-tool not published in Enterprise Dev Previews
|
||||
CORDA_ENTERPRISE(setOf("corda", "corda-webserver", "corda-finance", "corda-bridgeserver", "migration-tool"))
|
||||
CORDA_ENTERPRISE(setOf("corda", "corda-webserver", "corda-finance", "corda-firewall", "migration-tool"))
|
||||
}
|
||||
|
||||
companion object {
|
||||
|