Merge remote-tracking branch 'open/master' into os-merge-2792716

2024-12-28 00:38:55 +00:00 · 2018-04-07 18:23:14 +01:00 · 2018-04-07 18:23:14 +01:00 · 3fbfd0deeb
commit 3fbfd0deeb
parent 11af3992db 2792716157
6 changed files with 127 additions and 16 deletions
--- a/docs/source/example-code/src/main/resources/example-network-map-node.conf
+++ b/docs/source/example-code/src/main/resources/example-network-map-node.conf
@ -1,4 +0,0 @@
-myLegalName : "O=Notary Service,OU=corda,L=London,C=GB"
-keyStorePassword : "cordacadevpass"
-trustStorePassword : "trustpass"
-p2pAddress : "my-network-map:10000"
--- a/docs/source/example-code/src/main/resources/example-node.conf
+++ b/docs/source/example-code/src/main/resources/example-node.conf
@ -18,4 +18,3 @@ rpcUsers : [
    { username=user1, password=letmein, permissions=[ StartFlow.net.corda.protocols.CashProtocol ] }
 ]
 devMode : true
-// certificateSigningService : "https://testnet.certificate.corda.net"
--- a/docs/source/example-code/src/test/kotlin/net/corda/docs/ExampleConfigTest.kt
+++ b/docs/source/example-code/src/test/kotlin/net/corda/docs/ExampleConfigTest.kt
@ -39,8 +39,7 @@ class ExampleConfigTest {
    fun `example node_confs parses fine`() {
        readAndCheckConfigurations<NodeConfiguration>(
                "example-node.conf",
-                "example-out-of-process-verifier-node.conf",
-                "example-network-map-node.conf"
+                "example-out-of-process-verifier-node.conf"
        ) {
            val baseDirectory = Paths.get("some-example-base-dir")
            ConfigHelper.loadConfig(
--- a/docs/source/generating-a-node.rst
+++ b/docs/source/generating-a-node.rst
@ -1,9 +1,11 @@
 Creating nodes locally
 ======================

+.. contents::
+
 Node structure
 --------------
-Each Corda node has the following structure:
+A Corda node has the following structure:

 .. sourcecode:: none

@ -23,6 +25,8 @@ In development mode (i.e. when ``devMode = true``, see :doc:`corda-configuration
 directory is filled with pre-configured keystores if the required keystores do not exist. This ensures that developers
 can get the nodes working as quickly as possible. However, these pre-configured keystores are not secure, to learn more see :doc:`permissioning`.

+.. _node_naming:
+
 Node naming
 -----------
 A node's name must be a valid X.500 distinguished name. In order to be compatible with other implementations
@ -101,7 +105,10 @@ in the `Kotlin CorDapp Template <https://github.com/corda/cordapp-template-kotli
            // The notary will offer a validating notary service.
            notary = [validating : true]
            p2pPort  10002
-            rpcPort  10003
+            rpcSettings {
+                port 10003
+                adminPort 10023
+            }
            // No webport property, so no webserver will be created.
            h2Port   10004
            // Includes the corda-finance CorDapp on our node.
@ -110,7 +117,10 @@ in the `Kotlin CorDapp Template <https://github.com/corda/cordapp-template-kotli
        node {
            name "O=PartyA,L=London,C=GB"
            p2pPort  10005
-            rpcPort  10006
+            rpcSettings {
+                port 10006
+                adminPort 10026
+            }
            webPort  10007
            h2Port   10008
            cordapps = ["$corda_release_distribution:corda-finance:$corda_release_version"]
@ -120,7 +130,10 @@ in the `Kotlin CorDapp Template <https://github.com/corda/cordapp-template-kotli
        node {
            name "O=PartyB,L=New York,C=US"
            p2pPort  10009
-            rpcPort  10010
+            rpcSettings {
+                port 10010
+                adminPort 10030
+            }
            webPort  10011
            h2Port   10012
            cordapps = ["$corda_release_distribution:corda-finance:$corda_release_version"]
@ -171,7 +184,7 @@ Following the previous example ``PartyB`` node will have additional configuratio
    }

 Specifying a custom webserver
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 By default, any node listing a webport will use the default development webserver, which is not production-ready. You
 can use your own webserver JAR instead by using the ``webserverJar`` argument in a ``Cordform`` ``node`` configuration
 block:
@ -189,8 +202,72 @@ The webserver JAR will be copied into the node's ``build`` folder with the name
 .. warning:: This is an experimental feature. There is currently no support for reading the webserver's port from the
   node's ``node.conf`` file.

-Running deployNodes
-~~~~~~~~~~~~~~~~~~~
+The Dockerform task
+-------------------
+
+The ```Dockerform``` is a sister task of ```Cordform```. It has nearly the same syntax and produces very
+similar results - enhanced by an extra file to enable easy spin up of nodes using ```docker-compose```.
+Below you can find the example task from the ```IRS Demo<https://github.com/corda/corda/blob/release-V3.0/samples/irs-demo/cordapp/build.gradle#L111>```
+included in the samples directory of main Corda GitHub repository:
+
+.. sourcecode:: groovy
+
+    def rpcUsersList = [
+        ['username' : "user",
+         'password' : "password",
+         'permissions' : [
+                 "StartFlow.net.corda.irs.flows.AutoOfferFlow\$Requester",
+                 "StartFlow.net.corda.irs.flows.UpdateBusinessDayFlow\$Broadcast",
+                 "StartFlow.net.corda.irs.api.NodeInterestRates\$UploadFixesFlow",
+                 "InvokeRpc.vaultQueryBy",
+                 "InvokeRpc.networkMapSnapshot",
+                 "InvokeRpc.currentNodeTime",
+                 "InvokeRpc.wellKnownPartyFromX500Name"
+         ]]
+    ]
+
+    // (...)
+
+    task prepareDockerNodes(type: net.corda.plugins.Dockerform, dependsOn: ['jar']) {
+
+        node {
+            name "O=Notary Service,L=Zurich,C=CH"
+            notary = [validating : true]
+            cordapps = ["${project(":finance").group}:finance:$corda_release_version"]
+            rpcUsers = rpcUsersList
+            useTestClock true
+        }
+        node {
+            name "O=Bank A,L=London,C=GB"
+            cordapps = ["${project(":finance").group}:finance:$corda_release_version"]
+            rpcUsers = rpcUsersList
+            useTestClock true
+        }
+        node {
+            name "O=Bank B,L=New York,C=US"
+            cordapps = ["${project(":finance").group}:finance:$corda_release_version"]
+            rpcUsers = rpcUsersList
+            useTestClock true
+        }
+        node {
+            name "O=Regulator,L=Moscow,C=RU"
+            cordapps = ["${project.group}:finance:$corda_release_version"]
+            rpcUsers = rpcUsersList
+            useTestClock true
+        }
+    }
+
+There is no need to specify the ports, as every node is a separated container, so no ports conflict will occur.
+Running the task will create the same folders structure as described in :ref:`The Cordform task` with an additional
+```Dockerfile`` in each node directory, and ```docker-compose.yml``` in ```build/nodes``` directory. Every node
+by default exposes port 10003 which is the default one for RPC connections.
+
+.. warning:: Webserver is not supported by this task!
+
+.. warning:: Nodes are run without the local shell enabled!
+
+Running the Cordform/Dockerform tasks
+-------------------------------------
 To create the nodes defined in our ``deployNodes`` task, run the following command in a terminal window from the root
 of the project where the ``deployNodes`` task is defined:

--- a/docs/source/permissioning.rst
+++ b/docs/source/permissioning.rst
@ -15,6 +15,8 @@ Most production deployments will use an existing certificate authority or constr
 made available in the coming months. Until then, the documentation below can be used to create your own certificate
 authority.

+.. note:: If you are looking for information on how to connect to the existing compatibility zone go to the section: `Connecting to a compatibility zone`_
+
 Certificate hierarchy
 ---------------------
 A Corda network has four types of certificate authorities (CAs):
@ -177,3 +179,39 @@ For each node, copy the following files to the node's certificate directory (``<
 1. The node's ``nodekeystore.jks`` keystore
 2. The node's ``sslkeystore.jks`` keystore
 3. The root network CA's ``truststore.jks`` keystore
+
+Connecting to a compatibility zone
+----------------------------------
+To connect to a compatibility zone you need to register with their certificate signing authority (doorman) by submitting
+a certificate signing request (CSR) to obtain a valid identity for the zone.
+
+Before you can register, you must first have received the trust store file containing the root certificate from the zone
+operator. Then run the following command:
+
+``java -jar corda.jar --initial-registration --network-root-truststore-password <trust store password>``
+
+By default it will expect the trust store file to be in the location ``certificates/network-root-truststore.jks``.
+This can be overridden with the additional ``--network-root-truststore`` flag.
+
+The certificate signing request will be created based on node information obtained from the node configuration.
+The following information from the node configuration file is needed to generate the request.
+
+:myLegalName: Your company's legal name as an X.500 string. X.500 allows differentiation between entities with the same
+          name as the legal name needs to be unique on the network. If another node has already been permissioned with this
+          name then the permissioning server will automatically reject the request. The request will also be rejected if it
+          violates legal name rules, see :ref:`node_naming` for more information.
+
+:emailAddress: e.g. "admin@company.com"
+
+:devMode: must be set to false
+
+:compatibilityZoneURL: Corda compatibility zone network management service root URL.
+
+      A new pair of private and public keys generated by the Corda node will be used to create the request.
+
+      The utility will submit the request to the doorman server and poll for a result periodically to retrieve the certificates.
+      Once the request has been approved and the certificates downloaded from the server, the node will create the keystore and trust store using the certificates and the generated private key.
+
+.. note:: You can exit the utility at any time if the approval process is taking longer than expected. The request process will resume on restart.
+
+This process only is needed when the node connects to the network for the first time, or when the certificate expires.
--- a/node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt
+++ b/node/src/integration-test/kotlin/net/corda/node/utilities/registration/NodeRegistrationTest.kt
@ -46,6 +46,8 @@ import java.security.KeyPair
 import java.security.cert.CertPath
 import java.security.cert.Certificate
 import java.security.cert.X509Certificate
+import java.util.concurrent.ConcurrentHashMap
+import java.util.concurrent.ConcurrentSkipListSet
 import java.util.zip.ZipEntry
 import java.util.zip.ZipOutputStream
 import javax.ws.rs.*
@ -132,8 +134,8 @@ class NodeRegistrationTest : IntegrationTest() {

@Path("certificate")
 class RegistrationHandler(private val rootCertAndKeyPair: CertificateAndKeyPair) {
-    private val certPaths = HashMap<String, CertPath>()
-    val idsPolled = HashSet<String>()
+    private val certPaths = ConcurrentHashMap<String, CertPath>()
+    val idsPolled = ConcurrentSkipListSet<String>()

    companion object {
        val log = loggerFor<RegistrationHandler>()