Merge pull request #583 from corda/corda/tudor-os-merge-1

2024-12-27 00:21:12 +00:00 · 2018-03-20 11:32:50 +00:00 · 2018-03-20 11:32:50 +00:00 · 8a62af57e6
commit 8a62af57e6
parent 4650d803d1 a80be413e0
4 changed files with 18 additions and 4 deletions
--- a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
+++ b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt
@ -14,6 +14,7 @@ import net.corda.core.DoNotImplement
 import net.corda.core.contracts.AlwaysAcceptAttachmentConstraint.isSatisfiedBy
 import net.corda.core.crypto.SecureHash
 import net.corda.core.internal.AttachmentWithContext
+import net.corda.core.internal.isUploaderTrusted
 import net.corda.core.serialization.CordaSerializable

 /** Constrain which contract-code-containing attachment can be used with a [ContractState]. */
@ -29,9 +30,17 @@ object AlwaysAcceptAttachmentConstraint : AttachmentConstraint {
    override fun isSatisfiedBy(attachment: Attachment) = true
 }

-/** An [AttachmentConstraint] that verifies by hash */
+/**
+ * An [AttachmentConstraint] that verifies by hash.
+ * The state protected by this constraint can only be used in a transaction created with that version of the jar.
+ * And a receiving node will only accept it if a cordapp with that hash has (is) been deployed on the node.
+ */
 data class HashAttachmentConstraint(val attachmentId: SecureHash) : AttachmentConstraint {
-    override fun isSatisfiedBy(attachment: Attachment) = attachment.id == attachmentId
+    override fun isSatisfiedBy(attachment: Attachment): Boolean {
+        return if (attachment is AttachmentWithContext) {
+            attachment.id == attachmentId && isUploaderTrusted(attachment.contractAttachment.uploader)
+        } else false
+    }
 }

 /**
--- a/core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt
+++ b/core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt
@ -30,6 +30,9 @@ const val TEST_UPLOADER = "test"
 const val P2P_UPLOADER = "p2p"
 const val UNKNOWN_UPLOADER = "unknown"

+fun isUploaderTrusted(uploader: String?) =
+        uploader?.let { it in listOf(DEPLOYED_CORDAPP_UPLOADER, RPC_UPLOADER, TEST_UPLOADER) } ?: false
+
 abstract class AbstractAttachment(dataLoader: () -> ByteArray) : Attachment {
    companion object {
        fun SerializeAsTokenContext.attachmentDataLoader(id: SecureHash): () -> ByteArray {
--- a/docs/source/shell.rst
+++ b/docs/source/shell.rst
@ -358,6 +358,8 @@ Limitations

 The shell will be enhanced over time. The currently known limitations include:

+* Flows cannot be run unless they override the progress tracker
+* If a command requires an argument of an abstract type, the command cannot be run because the concrete subclass to use cannot be specified using the YAML syntax
 * There is no command completion for flows or RPCs
 * Command history is not preserved across restarts
 * The ``jdbc`` command requires you to explicitly log into the database first
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoader.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoader.kt
@ -13,7 +13,7 @@ package net.corda.nodeapi.internal
 import net.corda.core.contracts.Attachment
 import net.corda.core.contracts.ContractAttachment
 import net.corda.core.crypto.SecureHash
-import net.corda.core.internal.DEPLOYED_CORDAPP_UPLOADER
+import net.corda.core.internal.isUploaderTrusted
 import net.corda.core.serialization.CordaSerializable
 import java.io.ByteArrayInputStream
 import java.io.ByteArrayOutputStream
@ -43,7 +43,7 @@ class AttachmentsClassLoader(attachments: List<Attachment>, parent: ClassLoader
    }

    init {
-        require(attachments.mapNotNull { it as? ContractAttachment }.none { it.uploader != DEPLOYED_CORDAPP_UPLOADER }) {
+        require(attachments.mapNotNull { it as? ContractAttachment }.all { isUploaderTrusted(it.uploader) }) {
            "Attempting to load Contract Attachments downloaded from the network"
        }