diff --git a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt index 0bc49daebc..452ec2cafd 100644 --- a/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt +++ b/core/src/main/kotlin/net/corda/core/contracts/AttachmentConstraint.kt @@ -14,6 +14,7 @@ import net.corda.core.DoNotImplement import net.corda.core.contracts.AlwaysAcceptAttachmentConstraint.isSatisfiedBy import net.corda.core.crypto.SecureHash import net.corda.core.internal.AttachmentWithContext +import net.corda.core.internal.isUploaderTrusted import net.corda.core.serialization.CordaSerializable /** Constrain which contract-code-containing attachment can be used with a [ContractState]. */ @@ -29,9 +30,17 @@ object AlwaysAcceptAttachmentConstraint : AttachmentConstraint { override fun isSatisfiedBy(attachment: Attachment) = true } -/** An [AttachmentConstraint] that verifies by hash */ +/** + * An [AttachmentConstraint] that verifies by hash. + * The state protected by this constraint can only be used in a transaction created with that version of the jar. + * And a receiving node will only accept it if a cordapp with that hash has (is) been deployed on the node. + */ data class HashAttachmentConstraint(val attachmentId: SecureHash) : AttachmentConstraint { - override fun isSatisfiedBy(attachment: Attachment) = attachment.id == attachmentId + override fun isSatisfiedBy(attachment: Attachment): Boolean { + return if (attachment is AttachmentWithContext) { + attachment.id == attachmentId && isUploaderTrusted(attachment.contractAttachment.uploader) + } else false + } } /** diff --git a/core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt b/core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt index 7b1c643f16..4627b99bd7 100644 --- a/core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt +++ b/core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt @@ -30,6 +30,9 @@ const val TEST_UPLOADER = "test" const val P2P_UPLOADER = "p2p" const val UNKNOWN_UPLOADER = "unknown" +fun isUploaderTrusted(uploader: String?) = + uploader?.let { it in listOf(DEPLOYED_CORDAPP_UPLOADER, RPC_UPLOADER, TEST_UPLOADER) } ?: false + abstract class AbstractAttachment(dataLoader: () -> ByteArray) : Attachment { companion object { fun SerializeAsTokenContext.attachmentDataLoader(id: SecureHash): () -> ByteArray { diff --git a/docs/source/shell.rst b/docs/source/shell.rst index e6214e4b60..c462e7ad33 100644 --- a/docs/source/shell.rst +++ b/docs/source/shell.rst @@ -358,6 +358,8 @@ Limitations The shell will be enhanced over time. The currently known limitations include: +* Flows cannot be run unless they override the progress tracker +* If a command requires an argument of an abstract type, the command cannot be run because the concrete subclass to use cannot be specified using the YAML syntax * There is no command completion for flows or RPCs * Command history is not preserved across restarts * The ``jdbc`` command requires you to explicitly log into the database first diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoader.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoader.kt index cb340600ec..742f0a4ec4 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoader.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/AttachmentsClassLoader.kt @@ -13,7 +13,7 @@ package net.corda.nodeapi.internal import net.corda.core.contracts.Attachment import net.corda.core.contracts.ContractAttachment import net.corda.core.crypto.SecureHash -import net.corda.core.internal.DEPLOYED_CORDAPP_UPLOADER +import net.corda.core.internal.isUploaderTrusted import net.corda.core.serialization.CordaSerializable import java.io.ByteArrayInputStream import java.io.ByteArrayOutputStream @@ -43,7 +43,7 @@ class AttachmentsClassLoader(attachments: List, parent: ClassLoader } init { - require(attachments.mapNotNull { it as? ContractAttachment }.none { it.uploader != DEPLOYED_CORDAPP_UPLOADER }) { + require(attachments.mapNotNull { it as? ContractAttachment }.all { isUploaderTrusted(it.uploader) }) { "Attempting to load Contract Attachments downloaded from the network" }