Merge branch 'release/os/4.8' into ronanb/INFRA-1697/remove-credentals-4.8

2025-01-18 18:56:28 +00:00 · 2022-05-23 17:13:23 +01:00 · 2022-05-23 17:13:23 +01:00 · 340b3199b0
commit 340b3199b0
parent 3271978361 91ef44dc12
10 changed files with 80 additions and 38 deletions
--- a/.ci/dev/regression/Jenkinsfile
+++ b/.ci/dev/regression/Jenkinsfile
@ -4,6 +4,7 @@
 * PLEASE NOTE: we DO want to run a build for each commit!!!
 */
@Library('corda-shared-build-pipeline-steps')
+
 /**
 * Sense environment
 */
@ -11,6 +12,7 @@ boolean isReleaseBranch = (env.BRANCH_NAME =~ /^release\/os\/.*/)
 boolean isReleaseTag = (env.TAG_NAME =~ /^release-.*(?<!_JDK11)$/)
 boolean isInternalRelease = (env.TAG_NAME =~ /^internal-release-.*$/)
 boolean isReleaseCandidate = (env.TAG_NAME =~ /^(release-.*(RC|HC).*(?<!_JDK11))$/)
+boolean isReleasePatch = (env.TAG_NAME =~ /^release.*([1-9]\d*|0)(\.([1-9]\d*|0)){2}$/)

 /*
 ** calculate the stage for NexusIQ evaluation
@ -40,17 +42,6 @@ def nexusIqStageChoices = [nexusDefaultIqStage].plus(
                        'operate'
                ].minus([nexusDefaultIqStage]))

-/**
- * define an empty teamsWebHookURL and if it is a Release Branch
- * then set it for the Corda 4 Jenkins Connector
- */
-def teamsWebHookURL = ""
-if (isReleaseBranch || isReleaseTag){
-    withCredentials([string(credentialsId: 'ms-teams-webhook', variable: 'webhook_url')]) {
-        teamsWebHookURL = "$webhook_url"
-    }
-}
-
 /**
 * Common Gradle arguments for all Gradle executions
 */
@ -73,18 +64,6 @@ pipeline {
        parallelsAlwaysFailFast()
        timeout(time: 6, unit: 'HOURS')
        timestamps()
-        office365ConnectorWebhooks([[
-                                            name                 : "Corda 4 Jenkins Connector",
-                                            notifyBackToNormal   : true,
-                                            startNotification    : false,
-                                            notifyFailure        : true,
-                                            notifySuccess        : true,
-                                            notifyNotBuilt       : false,
-                                            notifyAborted        : false,
-                                            notifyRepeatedFailure: true,
-                                            notifyUnstable       : true,
-                                            url                  : "${teamsWebHookURL}"
-                                    ]])
    }

    parameters {
@ -101,6 +80,7 @@ pipeline {
        CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}"
        CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}"
        DOCKER_URL = "https://index.docker.io/v1/"
+        EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
    }

    stages {
@ -330,7 +310,7 @@ pipeline {

        stage('Publish Release to Docker Hub') {
            when {
-                expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate}
+                expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate && !isReleasePatch}
            }
            steps {
                withCredentials([
@ -407,6 +387,24 @@ pipeline {
                }
            }
        }
+        success {
+            script {
+                sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications")
+            }
+        }
+        unstable {
+            script {                 
+                sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications")                      
+            }
+        }
+        failure {
+            script {
+                sendSlackNotifications("danger", "BUILD FAILURE", true, "#corda-corda4-open-source-build-notifications")
+                if (isReleaseTag || isReleaseBranch || isReleaseCandidate) {
+                    sendEmailNotifications("${env.EMAIL_RECIPIENTS}")
+                }
+            }
+        }
        cleanup {
            deleteDir() /* clean up our workspace */
        }
--- a/core/src/main/kotlin/net/corda/core/serialization/internal/AttachmentsClassLoader.kt
+++ b/core/src/main/kotlin/net/corda/core/serialization/internal/AttachmentsClassLoader.kt
@ -32,6 +32,7 @@ import net.corda.core.serialization.internal.AttachmentURLStreamHandlerFactory.t
 import net.corda.core.serialization.withWhitelist
 import net.corda.core.utilities.contextLogger
 import net.corda.core.utilities.debug
+import net.corda.core.utilities.loggerFor
 import java.io.IOException
 import java.io.InputStream
 import java.lang.ref.WeakReference
@ -470,7 +471,18 @@ interface AttachmentsClassLoaderCache {
@DeleteForDJVM
 class AttachmentsClassLoaderCacheImpl(cacheFactory: NamedCacheFactory) : SingletonSerializeAsToken(), AttachmentsClassLoaderCache {

-    private val cache: Cache<AttachmentsClassLoaderKey, SerializationContext> = cacheFactory.buildNamed(Caffeine.newBuilder(), "AttachmentsClassLoader_cache")
+    private val cache: Cache<AttachmentsClassLoaderKey, SerializationContext> = cacheFactory.buildNamed(
+        // Close deserialization classloaders when we evict them
+        // to release any resources they may be holding.
+        @Suppress("TooGenericExceptionCaught")
+        Caffeine.newBuilder().removalListener { key, context, _ ->
+            try {
+                (context?.deserializationClassLoader as? AutoCloseable)?.close()
+            } catch (e: Exception) {
+                loggerFor<AttachmentsClassLoaderCacheImpl>().warn("Error destroying serialization context for $key", e)
+            }
+        }, "AttachmentsClassLoader_cache"
+    )

    override fun computeIfAbsent(key: AttachmentsClassLoaderKey, mappingFunction: Function<in AttachmentsClassLoaderKey, out SerializationContext>): SerializationContext {
        return cache.get(key, mappingFunction)  ?: throw NullPointerException("null returned from cache mapping function")
--- a/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/bridge_ec.jks
+++ b/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/bridge_ec.jks
--- a/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/bridge_rsa.jks
+++ b/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/bridge_rsa.jks
--- a/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/float_ec.jks
+++ b/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/float_ec.jks
--- a/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/float_rsa.jks
+++ b/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/float_rsa.jks
--- a/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/gencerts.sh
+++ b/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/gencerts.sh
@ -0,0 +1,40 @@
+#!/bin/bash
+
+# These jks files have been produced with KeyTool using commands from V3 Float/Bridge setup here:
+# https://docs.corda.r3.com/bridge-configuration-file.html#complete-example
+
+# More specifically the following script can be run on mac to generate the files needed. 
+# Trust Root with EC algo
+keytool -genkeypair -keyalg EC -keysize 256 -alias floatroot -validity 3650 -dname "CN=Float Root,O=Local Only,L=London,C=GB" -ext bc:ca:true,pathlen:1 -keystore floatca.jks -storepass capass -keypass cakeypass
+
+# Bridge and Float with EC
+keytool -genkeypair -keyalg EC -keysize 256 -alias bridgecert -validity 3650 -dname "CN=Bridge Local,O=Local Only,L=London,C=GB" -ext bc:ca:false -keystore bridge_ec.jks -storepass bridgepass -keypass bridgepass
+keytool -genkeypair -keyalg EC -keysize 256 -alias floatcert -validity 3650 -dname "CN=Float Local,O=Local Only,L=London,C=GB" -ext bc:ca:false -keystore float_ec.jks -storepass floatpass -keypass floatpass
+
+# Bridge and Float with RSA
+keytool -genkeypair -keyalg RSA -keysize 1024 -alias bridgecert -validity 3650 -dname "CN=Bridge Local,O=Local Only,L=London,C=GB" -ext bc:ca:false -keystore bridge_rsa.jks -storepass bridgepass -keypass bridgepass
+keytool -genkeypair -keyalg RSA -keysize 1024 -alias floatcert -validity 3650 -dname "CN=Float Local,O=Local Only,L=London,C=GB" -ext bc:ca:false -keystore float_rsa.jks -storepass floatpass -keypass floatpass
+
+# Export Trust root for subsequent chaining
+keytool -exportcert -rfc -alias floatroot -keystore floatca.jks -storepass capass -keypass cakeypass > root.pem
+keytool -importcert -noprompt -file root.pem -alias root -keystore trust.jks -storepass trustpass
+
+# Create a chain for EC Bridge
+keytool -certreq -alias bridgecert -keystore bridge_ec.jks -storepass bridgepass -keypass bridgepass |keytool -gencert -validity 3650 -ext ku:c=dig,keyEncipherment -ext: eku:true=serverAuth,clientAuth -rfc -keystore floatca.jks -alias floatroot -storepass capass -keypass cakeypass > bridge_ec.pem
+cat root.pem bridge_ec.pem >> bridgechain_ec.pem
+keytool -importcert -noprompt -file bridgechain_ec.pem -alias bridgecert -keystore bridge_ec.jks -storepass bridgepass -keypass bridgepass
+
+# Create a chain for RSA Bridge
+keytool -certreq -alias bridgecert -keystore bridge_rsa.jks -storepass bridgepass -keypass bridgepass |keytool -gencert -validity 3650 -ext ku:c=dig,keyEncipherment -ext: eku:true=serverAuth,clientAuth -rfc -keystore floatca.jks -alias floatroot -storepass capass -keypass cakeypass > bridge_rsa.pem
+cat root.pem bridge_rsa.pem >> bridgechain_rsa.pem
+keytool -importcert -noprompt -file bridgechain_rsa.pem -alias bridgecert -keystore bridge_rsa.jks -storepass bridgepass -keypass bridgepass
+
+# Create a chain for EC Float
+keytool -certreq -alias floatcert -keystore float_ec.jks -storepass floatpass -keypass floatpass |keytool -gencert -validity 3650 -ext ku:c=dig,keyEncipherment -ext: eku::true=serverAuth,clientAuth -rfc -keystore floatca.jks -alias floatroot -storepass capass -keypass cakeypass > float_ec.pem
+cat root.pem float_ec.pem >> floatchain_ec.pem
+keytool -importcert -noprompt -file floatchain_ec.pem -alias floatcert -keystore float_ec.jks -storepass floatpass -keypass floatpass
+
+# Create a chain for RSA Float
+keytool -certreq -alias floatcert -keystore float_rsa.jks -storepass floatpass -keypass floatpass |keytool -gencert -validity 3650 -ext ku:c=dig,keyEncipherment -ext: eku::true=serverAuth,clientAuth -rfc -keystore floatca.jks -alias floatroot -storepass capass -keypass cakeypass > float_rsa.pem
+cat root.pem float_rsa.pem >> floatchain_rsa.pem
+keytool -importcert -noprompt -file floatchain_rsa.pem -alias floatcert -keystore float_rsa.jks -storepass floatpass -keypass floatpass
--- a/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/trust.jks
+++ b/node-api/src/test/resources/net/corda/nodeapi/internal/crypto/keystores/trust.jks
--- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
@ -173,13 +173,12 @@ import org.jolokia.jvmagent.JolokiaServerConfig
 import org.slf4j.Logger
 import rx.Scheduler
 import java.lang.reflect.InvocationTargetException
-import java.net.URLConnection
 import java.sql.Connection
 import java.sql.Savepoint
 import java.time.Clock
 import java.time.Duration
 import java.time.format.DateTimeParseException
-import java.util.*
+import java.util.Properties
 import java.util.concurrent.ExecutorService
 import java.util.concurrent.Executors
 import java.util.concurrent.LinkedBlockingQueue
@ -238,7 +237,6 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
        }

        quasarExcludePackages(configuration)
-        disableURLConnectionCache()

        if (allowHibernateToManageAppSchema && !configuration.devMode) {
            throw ConfigurationException("Hibernate can only be used to manage app schema in development while using dev mode. " +
@ -427,13 +425,6 @@ abstract class AbstractNode<S>(val configuration: NodeConfiguration,
        }
    }

-    private fun disableURLConnectionCache() {
-        object : URLConnection(null) {
-            override fun connect() {
-            }
-        }.defaultUseCaches = false
-    }
-
    private fun quasarExcludePackages(nodeConfiguration: NodeConfiguration) {
        val quasarInstrumentor = Retransform.getInstrumentor()

--- a/node/src/main/kotlin/net/corda/node/utilities/NodeNamedCache.kt
+++ b/node/src/main/kotlin/net/corda/node/utilities/NodeNamedCache.kt
@ -33,7 +33,8 @@ open class DefaultNamedCacheFactory protected constructor(private val metricRegi
    override fun bindWithMetrics(metricRegistry: MetricRegistry): BindableNamedCacheFactory = DefaultNamedCacheFactory(metricRegistry, this.nodeConfiguration)
    override fun bindWithConfig(nodeConfiguration: NodeConfiguration): BindableNamedCacheFactory = DefaultNamedCacheFactory(this.metricRegistry, nodeConfiguration)

-    open protected fun <K, V> configuredForNamed(caffeine: Caffeine<K, V>, name: String): Caffeine<K, V> {
+    @Suppress("ComplexMethod")
+    protected open fun <K, V> configuredForNamed(caffeine: Caffeine<K, V>, name: String): Caffeine<K, V> {
        return with(nodeConfiguration!!) {
            when {
                name.startsWith("RPCSecurityManagerShiroCache_") -> with(security?.authService?.options?.cache!!) { caffeine.maximumSize(maxEntries).expireAfterWrite(expireAfterSecs, TimeUnit.SECONDS) }
@ -84,7 +85,7 @@ open class DefaultNamedCacheFactory protected constructor(private val metricRegi
        return configuredForNamed(caffeine, name).build<K, V>(loader)
    }

-    open protected val defaultCacheSize = 1024L
+    protected open val defaultCacheSize = 1024L
    private val defaultAttachmentsClassLoaderCacheSize = defaultCacheSize / CACHE_SIZE_DENOMINATOR
 }
-private const val CACHE_SIZE_DENOMINATOR = 4L
+private const val CACHE_SIZE_DENOMINATOR = 4L