From aff5148c9b9f4959a184276c35f5c71979832c22 Mon Sep 17 00:00:00 2001 From: Patrick Kuo Date: Thu, 9 Feb 2017 17:14:31 +0000 Subject: [PATCH] Add support for contract upgrades (#165) * Add support for contract upgrades * Add interface for the upgraded contract to implement, which provides functionality for upgrading legacy states. * Add shared upgrade command and verification code for it. * Add DummyContractV2 to illustrate what an upgraded contract looks like. * Add new functions to vault service to support upgrading state objects. * Add contract upgrade flow --- .../net/corda/core/contracts/DummyContract.kt | 18 ++- .../corda/core/contracts/DummyContractV2.kt | 59 ++++++++ .../net/corda/core/contracts/Structures.kt | 25 +++- .../net/corda/core/messaging/CordaRPCOps.kt | 15 +++ .../net/corda/core/node/services/Services.kt | 21 ++- .../flows/AbstractStateReplacementFlow.kt | 33 +++-- .../net/corda/flows/ContractUpgradeFlow.kt | 83 ++++++++++++ .../net/corda/flows/NotaryChangeFlow.kt | 2 +- .../core/contracts/DummyContractV2Tests.kt | 31 +++++ .../core/flows/ContractUpgradeFlowTest.kt | 127 ++++++++++++++++++ .../core/flows/ResolveTransactionsFlowTest.kt | 2 +- docs/source/contract-upgrade.rst | 72 ++++++++++ docs/source/index.rst | 1 + .../node/services/RaftNotaryServiceTests.kt | 2 +- .../net/corda/node/internal/AbstractNode.kt | 1 + .../corda/node/internal/CordaRPCOpsImpl.kt | 3 + .../node/services/vault/NodeVaultService.kt | 31 +++-- .../corda/node/services/NotaryChangeTests.kt | 4 +- .../corda/node/services/NotaryServiceTests.kt | 2 +- .../services/ValidatingNotaryServiceTests.kt | 2 +- .../notarydemo/flows/DummyIssueAndMove.kt | 2 +- .../net/corda/vega/flows/StateRevisionFlow.kt | 2 +- 22 files changed, 496 insertions(+), 42 deletions(-) create mode 100644 core/src/main/kotlin/net/corda/core/contracts/DummyContractV2.kt create mode 100644 core/src/main/kotlin/net/corda/flows/ContractUpgradeFlow.kt create mode 100644 core/src/test/kotlin/net/corda/core/contracts/DummyContractV2Tests.kt create mode 100644 core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt create mode 100644 docs/source/contract-upgrade.rst diff --git a/core/src/main/kotlin/net/corda/core/contracts/DummyContract.kt b/core/src/main/kotlin/net/corda/core/contracts/DummyContract.kt index ac27958ec9..dd0c70e314 100644 --- a/core/src/main/kotlin/net/corda/core/contracts/DummyContract.kt +++ b/core/src/main/kotlin/net/corda/core/contracts/DummyContract.kt @@ -10,7 +10,6 @@ import net.corda.core.transactions.TransactionBuilder val DUMMY_PROGRAM_ID = DummyContract() data class DummyContract(override val legalContractReference: SecureHash = SecureHash.sha256("")) : Contract { - interface State : ContractState { val magicNumber: Int } @@ -31,8 +30,7 @@ data class DummyContract(override val legalContractReference: SecureHash = Secur data class MultiOwnerState(override val magicNumber: Int = 0, val owners: List) : ContractState, State { override val contract = DUMMY_PROGRAM_ID - override val participants: List - get() = owners + override val participants: List get() = owners } interface Commands : CommandData { @@ -46,14 +44,20 @@ data class DummyContract(override val legalContractReference: SecureHash = Secur companion object { @JvmStatic - fun generateInitial(owner: PartyAndReference, magicNumber: Int, notary: Party): TransactionBuilder { - val state = SingleOwnerState(magicNumber, owner.party.owningKey) - return TransactionType.General.Builder(notary = notary).withItems(state, Command(Commands.Create(), owner.party.owningKey)) + fun generateInitial(magicNumber: Int, notary: Party, owner: PartyAndReference, vararg otherOwners: PartyAndReference): TransactionBuilder { + val owners = listOf(owner) + otherOwners + return if (owners.size == 1) { + val state = SingleOwnerState(magicNumber, owners.first().party.owningKey) + TransactionType.General.Builder(notary = notary).withItems(state, Command(Commands.Create(), owners.first().party.owningKey)) + } else { + val state = MultiOwnerState(magicNumber, owners.map { it.party.owningKey }) + TransactionType.General.Builder(notary = notary).withItems(state, Command(Commands.Create(), owners.map { it.party.owningKey })) + } } fun move(prior: StateAndRef, newOwner: CompositeKey) = move(listOf(prior), newOwner) fun move(priors: List>, newOwner: CompositeKey): TransactionBuilder { - require(priors.size > 0) + require(priors.isNotEmpty()) val priorState = priors[0].state.data val (cmd, state) = priorState.withNewOwner(newOwner) return TransactionType.General.Builder(notary = priors[0].state.notary).withItems( diff --git a/core/src/main/kotlin/net/corda/core/contracts/DummyContractV2.kt b/core/src/main/kotlin/net/corda/core/contracts/DummyContractV2.kt new file mode 100644 index 0000000000..c4cf32b255 --- /dev/null +++ b/core/src/main/kotlin/net/corda/core/contracts/DummyContractV2.kt @@ -0,0 +1,59 @@ +package net.corda.core.contracts + +import net.corda.core.crypto.CompositeKey +import net.corda.core.crypto.SecureHash +import net.corda.core.transactions.WireTransaction +import net.corda.flows.ContractUpgradeFlow + +// The dummy contract doesn't do anything useful. It exists for testing purposes. +val DUMMY_V2_PROGRAM_ID = DummyContractV2() + +/** + * Dummy contract state for testing of the upgrade process. + */ +class DummyContractV2 : UpgradedContract { + override val legacyContract = DUMMY_PROGRAM_ID + + data class State(val magicNumber: Int = 0, val owners: List) : ContractState { + override val contract = DUMMY_V2_PROGRAM_ID + override val participants: List = owners + } + + interface Commands : CommandData { + class Create : TypeOnlyCommandData(), Commands + class Move : TypeOnlyCommandData(), Commands + } + + override fun upgrade(state: DummyContract.State): DummyContractV2.State { + return DummyContractV2.State(state.magicNumber, state.participants) + } + + override fun verify(tx: TransactionForContract) { + if (tx.commands.any { it.value is UpgradeCommand }) ContractUpgradeFlow.verify(tx) + // Other verifications. + } + + // The "empty contract" + override val legalContractReference: SecureHash = SecureHash.sha256("") + + /** + * Generate an upgrade transaction from [DummyContract]. + * + * Note: This is a convenience helper method used for testing only. + * + * @return a pair of wire transaction, and a set of those who should sign the transaction for it to be valid. + */ + fun generateUpgradeFromV1(vararg states: StateAndRef): Pair> { + val notary = states.map { it.state.notary }.single() + require(states.isNotEmpty()) + + val signees = states.flatMap { it.state.data.participants }.toSet() + return Pair(TransactionType.General.Builder(notary).apply { + states.forEach { + addInputState(it) + addOutputState(upgrade(it.state.data)) + addCommand(UpgradeCommand(DUMMY_V2_PROGRAM_ID.javaClass), signees.toList()) + } + }.toWireTransaction(), signees) + } +} diff --git a/core/src/main/kotlin/net/corda/core/contracts/Structures.kt b/core/src/main/kotlin/net/corda/core/contracts/Structures.kt index aeefce5674..3898132ee9 100644 --- a/core/src/main/kotlin/net/corda/core/contracts/Structures.kt +++ b/core/src/main/kotlin/net/corda/core/contracts/Structures.kt @@ -381,7 +381,7 @@ interface IssueCommand : CommandData { val nonce: Long } -/** A common move command for contracts which can change owner. */ +/** A common move command for contract states which can change owner. */ interface MoveCommand : CommandData { /** * Contract code the moved state(s) are for the attention of, for example to indicate that the states are moved in @@ -397,6 +397,9 @@ interface NetCommand : CommandData { val type: NetType } +/** Indicates that this transaction replaces the inputs contract state to another contract state */ +data class UpgradeCommand(val upgradedContractClass: Class>) : CommandData + /** Wraps an object that was signed by a public key, which may be a well known/recognised institutional key. */ data class AuthenticatedObject( val signers: List, @@ -445,6 +448,24 @@ interface Contract { val legalContractReference: SecureHash } +/** + * Interface which can upgrade state objects issued by a contract to a new state object issued by a different contract. + * + * @param OldState the old contract state (can be [ContractState] or other common supertype if this supports upgrading + * more than one state). + * @param NewState the upgraded contract state. + */ +interface UpgradedContract : Contract { + val legacyContract: Contract + /** + * Upgrade contract's state object to a new state object. + * + * @throws IllegalArgumentException if the given state object is not one that can be upgraded. This can be either + * that the class is incompatible, or that the data inside the state object cannot be upgraded for some reason. + */ + fun upgrade(state: OldState): NewState +} + /** * An attachment is a ZIP (or an optionally signed JAR) that contains one or more files. Attachments are meant to * contain public static data which can be referenced from transactions and utilised from contracts. Good examples @@ -480,5 +501,3 @@ interface Attachment : NamedByHash { throw FileNotFoundException() } } - - diff --git a/core/src/main/kotlin/net/corda/core/messaging/CordaRPCOps.kt b/core/src/main/kotlin/net/corda/core/messaging/CordaRPCOps.kt index aba12670e0..d72a7a8f1c 100644 --- a/core/src/main/kotlin/net/corda/core/messaging/CordaRPCOps.kt +++ b/core/src/main/kotlin/net/corda/core/messaging/CordaRPCOps.kt @@ -3,6 +3,7 @@ package net.corda.core.messaging import com.google.common.util.concurrent.ListenableFuture import net.corda.core.contracts.ContractState import net.corda.core.contracts.StateAndRef +import net.corda.core.contracts.UpgradedContract import net.corda.core.crypto.CompositeKey import net.corda.core.crypto.Party import net.corda.core.crypto.SecureHash @@ -107,6 +108,20 @@ interface CordaRPCOps : RPCOps { @Deprecated("This service will be removed in a future milestone") fun uploadFile(dataType: String, name: String?, file: InputStream): String + /** + * Authorise a contract state upgrade. + * This will store the upgrade authorisation in the vault, and will be queried by [ContractUpgradeFlow.Acceptor] during contract upgrade process. + * Invoking this method indicate the node is willing to upgrade the [state] using the [upgradedContractClass]. + * This method will NOT initiate the upgrade process. To start the upgrade process, see [ContractUpgradeFlow.Instigator]. + */ + fun authoriseContractUpgrade(state: StateAndRef<*>, upgradedContractClass: Class>) + + /** + * Authorise a contract state upgrade. + * This will remove the upgrade authorisation from the vault. + */ + fun deauthoriseContractUpgrade(state: StateAndRef<*>) + /** * Returns the node's current time. */ diff --git a/core/src/main/kotlin/net/corda/core/node/services/Services.kt b/core/src/main/kotlin/net/corda/core/node/services/Services.kt index 645dbe43ee..7c3ea19bf0 100644 --- a/core/src/main/kotlin/net/corda/core/node/services/Services.kt +++ b/core/src/main/kotlin/net/corda/core/node/services/Services.kt @@ -7,7 +7,6 @@ import net.corda.core.toFuture import net.corda.core.transactions.TransactionBuilder import net.corda.core.transactions.WireTransaction import rx.Observable -import java.io.File import java.io.InputStream import java.security.KeyPair import java.security.PrivateKey @@ -143,7 +142,7 @@ interface VaultService { fun statesForRefs(refs: List): Map?> { val refsToStates = currentVault.states.associateBy { it.ref } - return refs.associateBy({ it }, { refsToStates[it]?.state }) + return refs.associateBy({ it }) { refsToStates[it]?.state } } /** @@ -164,6 +163,24 @@ interface VaultService { return updates.filter { it.consumed.any { it.ref == ref } }.toFuture() } + /** Get contracts we would be willing to upgrade the suggested contract to. */ + // TODO: We need a better place to put business logic functions + fun getAuthorisedContractUpgrade(ref: StateRef): Class>? + + /** + * Authorise a contract state upgrade. + * This will store the upgrade authorisation in the vault, and will be queried by [ContractUpgradeFlow.Acceptor] during contract upgrade process. + * Invoking this method indicate the node is willing to upgrade the [state] using the [upgradedContractClass]. + * This method will NOT initiate the upgrade process. To start the upgrade process, see [ContractUpgradeFlow.Instigator]. + */ + fun authoriseContractUpgrade(stateAndRef: StateAndRef<*>, upgradedContractClass: Class>) + + /** + * Authorise a contract state upgrade. + * This will remove the upgrade authorisation from the vault. + */ + fun deauthoriseContractUpgrade(stateAndRef: StateAndRef<*>) + /** * Add a note to an existing [LedgerTransaction] given by its unique [SecureHash] id * Multiple notes may be attached to the same [LedgerTransaction]. diff --git a/core/src/main/kotlin/net/corda/flows/AbstractStateReplacementFlow.kt b/core/src/main/kotlin/net/corda/flows/AbstractStateReplacementFlow.kt index 8d5e520b44..f19d30b623 100644 --- a/core/src/main/kotlin/net/corda/flows/AbstractStateReplacementFlow.kt +++ b/core/src/main/kotlin/net/corda/flows/AbstractStateReplacementFlow.kt @@ -16,26 +16,35 @@ import net.corda.core.transactions.WireTransaction import net.corda.core.utilities.ProgressTracker import net.corda.core.utilities.UntrustworthyData import net.corda.core.utilities.unwrap -import net.corda.flows.AbstractStateReplacementFlow.Acceptor -import net.corda.flows.AbstractStateReplacementFlow.Instigator /** * Abstract flow to be used for replacing one state with another, for example when changing the notary of a state. * Notably this requires a one to one replacement of states, states cannot be split, merged or issued as part of these * flows. - * - * The [Instigator] assembles the transaction for state replacement and sends out change proposals to all participants - * ([Acceptor]) of that state. If participants agree to the proposed change, they each sign the transaction. - * Finally, [Instigator] sends the transaction containing all signatures back to each participant so they can record it and - * use the new updated state for future transactions. */ abstract class AbstractStateReplacementFlow { - data class Proposal(val stateRef: StateRef, val modification: T, val stx: SignedTransaction) + /** + * The [Proposal] contains the details of proposed state modification. + * This is the message sent by the [Instigator] to all participants([Acceptor]) during the state replacement process. + * + * @param M the type of a class representing proposed modification by the instigator. + */ + data class Proposal(val stateRef: StateRef, val modification: M, val stx: SignedTransaction) - abstract class Instigator( + /** + * The [Instigator] assembles the transaction for state replacement and sends out change proposals to all participants + * ([Acceptor]) of that state. If participants agree to the proposed change, they each sign the transaction. + * Finally, [Instigator] sends the transaction containing all participants' signatures to the notary for signature, and + * then back to each participant so they can record it and use the new updated state for future transactions. + * + * @param S the input contract state type + * @param T the output contract state type, this can be different from [S]. For example, in contract upgrade, the output state type can be different from the input state type after the upgrade process. + * @param M the type of a class representing proposed modification by the instigator. + */ + abstract class Instigator( val originalState: StateAndRef, - val modification: T, - override val progressTracker: ProgressTracker = tracker()) : FlowLogic>() { + val modification: M, + override val progressTracker: ProgressTracker = tracker()) : FlowLogic>() { companion object { object SIGNING : ProgressTracker.Step("Requesting signatures from other parties") object NOTARY : ProgressTracker.Step("Requesting notary signature") @@ -45,7 +54,7 @@ abstract class AbstractStateReplacementFlow { @Suspendable @Throws(StateReplacementException::class) - override fun call(): StateAndRef { + override fun call(): StateAndRef { val (stx, participants) = assembleTx() progressTracker.currentStep = SIGNING diff --git a/core/src/main/kotlin/net/corda/flows/ContractUpgradeFlow.kt b/core/src/main/kotlin/net/corda/flows/ContractUpgradeFlow.kt new file mode 100644 index 0000000000..0e945a946a --- /dev/null +++ b/core/src/main/kotlin/net/corda/flows/ContractUpgradeFlow.kt @@ -0,0 +1,83 @@ +package net.corda.flows + +import co.paralleluniverse.fibers.Suspendable +import net.corda.core.contracts.* +import net.corda.core.crypto.CompositeKey +import net.corda.core.crypto.Party +import net.corda.core.transactions.SignedTransaction +import net.corda.core.transactions.TransactionBuilder +import net.corda.flows.AbstractStateReplacementFlow.Proposal +import net.corda.flows.ContractUpgradeFlow.Acceptor +import net.corda.flows.ContractUpgradeFlow.Instigator + +/** + * A flow to be used for upgrading state objects of an old contract to a new contract. + * + * The [Instigator] assembles the transaction for contract upgrade and sends out change proposals to all participants + * ([Acceptor]) of that state. If participants agree to the proposed change, they each sign the transaction. + * Finally, [Instigator] sends the transaction containing all signatures back to each participant so they can record it and + * use the new updated state for future transactions. + */ +object ContractUpgradeFlow { + @JvmStatic + fun verify(tx: TransactionForContract) { + // Contract Upgrade transaction should have 1 input, 1 output and 1 command. + verify(tx.inputs.single(), tx.outputs.single(), tx.commands.map { Command(it.value, it.signers) }.single()) + } + + @JvmStatic + fun verify(input: ContractState, output: ContractState, commandData: Command) { + val command = commandData.value as UpgradeCommand + val participants: Set = input.participants.toSet() + val keysThatSigned: Set = commandData.signers.toSet() + val upgradedContract = command.upgradedContractClass.newInstance() as UpgradedContract + requireThat { + "The signing keys include all participant keys" by keysThatSigned.containsAll(participants) + "Inputs state reference the legacy contract" by (input.contract.javaClass == upgradedContract.legacyContract.javaClass) + "Outputs state reference the upgraded contract" by (output.contract.javaClass == command.upgradedContractClass) + "Output state must be an upgraded version of the input state" by (output == upgradedContract.upgrade(input)) + } + } + + private fun assembleBareTx( + stateRef: StateAndRef, + upgradedContractClass: Class> + ): TransactionBuilder { + val contractUpgrade = upgradedContractClass.newInstance() + return TransactionType.General.Builder(stateRef.state.notary) + .withItems(stateRef, contractUpgrade.upgrade(stateRef.state.data), Command(UpgradeCommand(contractUpgrade.javaClass), stateRef.state.data.participants)) + } + + class Instigator( + originalState: StateAndRef, + newContractClass: Class> + ) : AbstractStateReplacementFlow.Instigator>>(originalState, newContractClass) { + + override fun assembleTx(): Pair> { + val stx = assembleBareTx(originalState, modification) + .signWith(serviceHub.legalIdentityKey) + .toSignedTransaction(false) + return Pair(stx, originalState.state.data.participants) + } + } + + class Acceptor(otherSide: Party) : AbstractStateReplacementFlow.Acceptor>>(otherSide) { + @Suspendable + @Throws(StateReplacementException::class) + override fun verifyProposal(proposal: Proposal>>) { + // Retrieve signed transaction from our side, we will apply the upgrade logic to the transaction on our side, and verify outputs matches the proposed upgrade. + val stx = subFlow(FetchTransactionsFlow(setOf(proposal.stateRef.txhash), otherSide)).fromDisk.singleOrNull() + requireNotNull(stx) { "We don't have a copy of the referenced state" } + val oldStateAndRef = stx!!.tx.outRef(proposal.stateRef.index) + val authorisedUpgrade = serviceHub.vaultService.getAuthorisedContractUpgrade(oldStateAndRef.ref) ?: throw IllegalStateException("Contract state upgrade is unauthorised. State hash : ${oldStateAndRef.ref}") + val proposedTx = proposal.stx.tx + val expectedTx = assembleBareTx(oldStateAndRef, proposal.modification).toWireTransaction() + requireThat { + "The instigator is one of the participants" by oldStateAndRef.state.data.participants.contains(otherSide.owningKey) + "The proposed upgrade ${proposal.modification.javaClass} is a trusted upgrade path" by (proposal.modification == authorisedUpgrade) + "The proposed tx matches the expected tx for this upgrade" by (proposedTx == expectedTx) + } + ContractUpgradeFlow.verify(oldStateAndRef.state.data, expectedTx.outRef(0).state.data, expectedTx.commands.single()) + } + } +} diff --git a/core/src/main/kotlin/net/corda/flows/NotaryChangeFlow.kt b/core/src/main/kotlin/net/corda/flows/NotaryChangeFlow.kt index f6cbd6f175..58ab8752e6 100644 --- a/core/src/main/kotlin/net/corda/flows/NotaryChangeFlow.kt +++ b/core/src/main/kotlin/net/corda/flows/NotaryChangeFlow.kt @@ -23,7 +23,7 @@ object NotaryChangeFlow : AbstractStateReplacementFlow() { class Instigator( originalState: StateAndRef, newNotary: Party, - progressTracker: ProgressTracker = tracker()) : AbstractStateReplacementFlow.Instigator(originalState, newNotary, progressTracker) { + progressTracker: ProgressTracker = tracker()) : AbstractStateReplacementFlow.Instigator(originalState, newNotary, progressTracker) { override fun assembleTx(): Pair> { val state = originalState.state diff --git a/core/src/test/kotlin/net/corda/core/contracts/DummyContractV2Tests.kt b/core/src/test/kotlin/net/corda/core/contracts/DummyContractV2Tests.kt new file mode 100644 index 0000000000..7a99210def --- /dev/null +++ b/core/src/test/kotlin/net/corda/core/contracts/DummyContractV2Tests.kt @@ -0,0 +1,31 @@ +package net.corda.core.contracts + +import net.corda.core.crypto.SecureHash +import net.corda.core.utilities.DUMMY_NOTARY +import net.corda.testing.ALICE_PUBKEY +import org.junit.Test +import kotlin.test.assertEquals +import kotlin.test.assertTrue + +/** + * Tests for the version 2 dummy contract, to cover ensuring upgrade transactions are built correctly. + */ +class DummyContractV2Tests { + @Test + fun `upgrade from v1`() { + val contractUpgrade = DummyContractV2() + val v1State = TransactionState(DummyContract.SingleOwnerState(0, ALICE_PUBKEY), DUMMY_NOTARY) + val v1Ref = StateRef(SecureHash.randomSHA256(), 0) + val v1StateAndRef = StateAndRef(v1State, v1Ref) + val (tx, signers) = DummyContractV2().generateUpgradeFromV1(v1StateAndRef) + + assertEquals(v1Ref, tx.inputs.single()) + + val expectedOutput = TransactionState(contractUpgrade.upgrade(v1State.data), DUMMY_NOTARY) + val actualOutput = tx.outputs.single() + assertEquals(expectedOutput, actualOutput) + + val actualCommand = tx.commands.map { it.value }.single() + assertTrue((actualCommand as UpgradeCommand).upgradedContractClass == DummyContractV2::class.java) + } +} diff --git a/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt b/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt new file mode 100644 index 0000000000..d8779aaa88 --- /dev/null +++ b/core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt @@ -0,0 +1,127 @@ +package net.corda.core.flows + +import net.corda.contracts.asset.Cash +import net.corda.core.contracts.* +import net.corda.core.crypto.CompositeKey +import net.corda.core.crypto.Party +import net.corda.core.crypto.SecureHash +import net.corda.core.getOrThrow +import net.corda.core.serialization.OpaqueBytes +import net.corda.core.utilities.Emoji +import net.corda.flows.CashFlow +import net.corda.flows.ContractUpgradeFlow +import net.corda.flows.FinalityFlow +import net.corda.node.utilities.databaseTransaction +import net.corda.testing.node.MockNetwork +import org.junit.After +import org.junit.Before +import org.junit.Test +import java.util.* +import java.util.concurrent.ExecutionException +import kotlin.test.assertEquals +import kotlin.test.assertFailsWith +import kotlin.test.assertTrue + +class ContractUpgradeFlowTest { + lateinit var mockNet: MockNetwork + lateinit var a: MockNetwork.MockNode + lateinit var b: MockNetwork.MockNode + lateinit var notary: Party + + @Before + fun setup() { + mockNet = MockNetwork() + val nodes = mockNet.createSomeNodes() + a = nodes.partyNodes[0] + b = nodes.partyNodes[1] + notary = nodes.notaryNode.info.notaryIdentity + mockNet.runNetwork() + } + + @After + fun tearDown() { + mockNet.stopNodes() + } + + @Test + fun `2 parties contract upgrade`() { + // Create dummy contract. + val twoPartyDummyContract = DummyContract.generateInitial(0, notary, a.info.legalIdentity.ref(1), b.info.legalIdentity.ref(1)) + val stx = twoPartyDummyContract.signWith(a.services.legalIdentityKey) + .signWith(b.services.legalIdentityKey) + .toSignedTransaction() + + a.services.startFlow(FinalityFlow(stx, setOf(a.info.legalIdentity, b.info.legalIdentity))) + mockNet.runNetwork() + + val atx = databaseTransaction(a.database) { a.services.storageService.validatedTransactions.getTransaction(stx.id) } + val btx = databaseTransaction(b.database) { b.services.storageService.validatedTransactions.getTransaction(stx.id) } + requireNotNull(atx) + requireNotNull(btx) + + // The request is expected to be rejected because party B haven't authorise the upgrade yet. + val rejectedFuture = a.services.startFlow(ContractUpgradeFlow.Instigator(atx!!.tx.outRef(0), DUMMY_V2_PROGRAM_ID.javaClass)).resultFuture + mockNet.runNetwork() + assertFailsWith(ExecutionException::class) { rejectedFuture.get() } + + // Party B authorise the contract state upgrade. + b.services.vaultService.authoriseContractUpgrade(btx!!.tx.outRef(0), DUMMY_V2_PROGRAM_ID.javaClass) + + // Party A initiates contract upgrade flow, expected to succeed this time. + val resultFuture = a.services.startFlow(ContractUpgradeFlow.Instigator(atx.tx.outRef(0), DUMMY_V2_PROGRAM_ID.javaClass)).resultFuture + mockNet.runNetwork() + + val result = resultFuture.get() + + listOf(a, b).forEach { + val stx = databaseTransaction(a.database) { a.services.storageService.validatedTransactions.getTransaction(result.ref.txhash) } + requireNotNull(stx) + + // Verify inputs. + val input = databaseTransaction(a.database) { a.services.storageService.validatedTransactions.getTransaction(stx!!.tx.inputs.single().txhash) } + requireNotNull(input) + assertTrue(input!!.tx.outputs.single().data is DummyContract.State) + + // Verify outputs. + assertTrue(stx!!.tx.outputs.single().data is DummyContractV2.State) + } + } + + @Test + fun `upgrade Cash to v2`() { + // Create some cash. + val result = a.services.startFlow(CashFlow(CashFlow.Command.IssueCash(Amount(1000, USD), OpaqueBytes.of(1), a.info.legalIdentity, notary))).resultFuture + mockNet.runNetwork() + val stateAndRef = result.getOrThrow().tx.outRef(0) + // Starts contract upgrade flow. + a.services.startFlow(ContractUpgradeFlow.Instigator(stateAndRef, CashV2().javaClass)) + mockNet.runNetwork() + // Get contract state form the vault. + val state = databaseTransaction(a.database) { a.vault.currentVault.states } + assertTrue(state.single().state.data is CashV2.State, "Contract state is upgraded to the new version.") + assertEquals(Amount(1000000, USD).`issued by`(a.info.legalIdentity.ref(1)), (state.first().state.data as CashV2.State).amount, "Upgraded cash contain the correct amount.") + assertEquals(listOf(a.info.legalIdentity.owningKey), (state.first().state.data as CashV2.State).owners, "Upgraded cash belongs to the right owner.") + } + + class CashV2 : UpgradedContract { + override val legacyContract = Cash() + + data class State(override val amount: Amount>, val owners: List) : FungibleAsset { + override val owner: CompositeKey = owners.first() + override val exitKeys = (owners + amount.token.issuer.party.owningKey).toSet() + override val contract = CashV2() + override val participants = owners + + override fun move(newAmount: Amount>, newOwner: CompositeKey) = copy(amount = amount.copy(newAmount.quantity, amount.token), owners = listOf(newOwner)) + override fun toString() = "${Emoji.bagOfCash}New Cash($amount at ${amount.token.issuer} owned by $owner)" + override fun withNewOwner(newOwner: CompositeKey) = Pair(Cash.Commands.Move(), copy(owners = listOf(newOwner))) + } + + override fun upgrade(state: Cash.State) = CashV2.State(state.amount.times(1000), listOf(state.owner)) + + override fun verify(tx: TransactionForContract) {} + + // Dummy Cash contract for testing. + override val legalContractReference = SecureHash.sha256("") + } +} diff --git a/core/src/test/kotlin/net/corda/core/flows/ResolveTransactionsFlowTest.kt b/core/src/test/kotlin/net/corda/core/flows/ResolveTransactionsFlowTest.kt index a2c6aeadbb..51b7679474 100644 --- a/core/src/test/kotlin/net/corda/core/flows/ResolveTransactionsFlowTest.kt +++ b/core/src/test/kotlin/net/corda/core/flows/ResolveTransactionsFlowTest.kt @@ -146,7 +146,7 @@ class ResolveTransactionsFlowTest { // DOCSTART 2 private fun makeTransactions(signFirstTX: Boolean = true, withAttachment: SecureHash? = null): Pair { // Make a chain of custody of dummy states and insert into node A. - val dummy1: SignedTransaction = DummyContract.generateInitial(MEGA_CORP.ref(1), 0, notary).let { + val dummy1: SignedTransaction = DummyContract.generateInitial(0, notary, MEGA_CORP.ref(1)).let { if (withAttachment != null) it.addAttachment(withAttachment) if (signFirstTX) diff --git a/docs/source/contract-upgrade.rst b/docs/source/contract-upgrade.rst new file mode 100644 index 0000000000..f249ece091 --- /dev/null +++ b/docs/source/contract-upgrade.rst @@ -0,0 +1,72 @@ +Upgrading Contracts +=================== + +While every care is taken in development of contract code, +inevitably upgrades will be required to fix bugs (in either design or implementation). +Upgrades can involve a substitution of one version of the contract code for another or changing +to a different contract that understands how to migrate the existing state objects. State objects +refer to the contract code (by hash) they are intended for, and even where state objects can be used +with different contract versions, changing this value requires issuing a new state object. + +Workflow +-------- + +Here's the workflow for contract upgrades: + +1. Two banks, A and B negotiate a trade, off-platform + +2. Banks A and B execute a protocol to construct a state object representing the trade, using contract X, and include it in a transaction (which is then signed and sent to the Uniqueness Service). + +3. Time passes. + +4. The developer of contract X discovers a bug in the contract code, and releases a new version, contract Y. +And notify the users (e.g. via a mailing list or CorDapp store). +At this point of time all nodes should stop issuing states of contract X. + +5. Banks A and B review the new contract via standard change control processes and identify the contract states they agreed to upgrade, they can decide not to upgrade some contract states as they might be needed for other obligation contract. + +6. Banks A and B instruct their Corda nodes (via RPC) to be willing to upgrade state objects of contract X, to state objects for contract Y using agreed upgrade path. + +7. One of the parties ``Instigator`` initiates an upgrade of state objects referring to contract X, to a new state object referring to contract Y. + +8. A proposed transaction ``Proposal``, taking in the old state and outputting the reissued version, is created and signed with the node's private key. + +9. The node ``Instigator`` sends the proposed transaction, along with details of the new contract upgrade path it's proposing, to all participants of the state object. + +10. Each counterparty ``Acceptor`` verifies the proposal, signs or rejects the state reissuance accordingly, and sends a signature or rejection notification back to the initiating node. + +11. If signatures are received from all parties, the initiating node assembles the complete signed transaction and sends it to the consensus service. + + +Authorising upgrade +------------------- + +Each of the participants in the upgrading contract will have to instruct their node that they are willing to upgrade the state object before the upgrade. +Currently the vault service is used to manage the authorisation records. The administrator can use RPC to perform such instructions. + +.. container:: codeset + + .. sourcecode:: kotlin + + /** + * Authorise a contract state upgrade. + * This will store the upgrade authorisation in the vault, and will be queried by [ContractUpgradeFlow.Acceptor] during contract upgrade process. + * Invoking this method indicate the node is willing to upgrade the [state] using the [upgradedContractClass]. + * This method will NOT initiate the upgrade process. To start the upgrade process, see [ContractUpgradeFlow.Instigator]. + */ + fun authoriseContractUpgrade(state: StateAndRef<*>, upgradedContractClass: Class>) + + /** + * Authorise a contract state upgrade. + * This will remove the upgrade authorisation from the vault. + */ + fun deauthoriseContractUpgrade(state: StateAndRef<*>) + + + +Proposing an upgrade +-------------------- + +After all parties have registered the intention of upgrading the contract state, one of the contract participant can initiate the upgrade process by running the contract upgrade flow. +The Instigator will create a new state and sent to each participant for signatures, each of the participants (Acceptor) will verify and sign the proposal and returns to the instigator. +The transaction will be notarised and persisted once every participant verified and signed the upgrade proposal. diff --git a/docs/source/index.rst b/docs/source/index.rst index ae26b709a4..e9490ad7a3 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -105,6 +105,7 @@ Documentation Contents: network-simulator clauses merkle-trees + contract-upgrade .. toctree:: :maxdepth: 2 diff --git a/node/src/integration-test/kotlin/net/corda/node/services/RaftNotaryServiceTests.kt b/node/src/integration-test/kotlin/net/corda/node/services/RaftNotaryServiceTests.kt index beb04caf0d..28aee6bba3 100644 --- a/node/src/integration-test/kotlin/net/corda/node/services/RaftNotaryServiceTests.kt +++ b/node/src/integration-test/kotlin/net/corda/node/services/RaftNotaryServiceTests.kt @@ -58,7 +58,7 @@ class RaftNotaryServiceTests : NodeBasedTest() { private fun issueState(node: AbstractNode, notary: Party, notaryKey: KeyPair): StateAndRef<*> { return databaseTransaction(node.database) { - val tx = DummyContract.generateInitial(node.info.legalIdentity.ref(0), Random().nextInt(), notary) + val tx = DummyContract.generateInitial(Random().nextInt(), notary, node.info.legalIdentity.ref(0)) tx.signWith(node.services.legalIdentityKey) tx.signWith(notaryKey) val stx = tx.toSignedTransaction() diff --git a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt index b5a79865c5..0287964988 100644 --- a/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt +++ b/node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt @@ -260,6 +260,7 @@ abstract class AbstractNode(open val configuration: NodeConfiguration, false } startMessagingService(CordaRPCOpsImpl(services, smm, database)) + services.registerFlowInitiator(ContractUpgradeFlow.Instigator::class) { ContractUpgradeFlow.Acceptor(it) } runOnStop += Runnable { net.stop() } _networkMapRegistrationFuture.setFuture(registerWithNetworkMapIfConfigured()) smm.start() diff --git a/node/src/main/kotlin/net/corda/node/internal/CordaRPCOpsImpl.kt b/node/src/main/kotlin/net/corda/node/internal/CordaRPCOpsImpl.kt index 773b2c9965..b4bb235f74 100644 --- a/node/src/main/kotlin/net/corda/node/internal/CordaRPCOpsImpl.kt +++ b/node/src/main/kotlin/net/corda/node/internal/CordaRPCOpsImpl.kt @@ -2,6 +2,7 @@ package net.corda.node.internal import net.corda.core.contracts.ContractState import net.corda.core.contracts.StateAndRef +import net.corda.core.contracts.UpgradedContract import net.corda.core.crypto.CompositeKey import net.corda.core.crypto.SecureHash import net.corda.core.flows.FlowLogic @@ -102,6 +103,8 @@ class CordaRPCOpsImpl( override fun attachmentExists(id: SecureHash) = services.storageService.attachments.openAttachment(id) != null override fun uploadAttachment(jar: InputStream) = services.storageService.attachments.importAttachment(jar) + override fun authoriseContractUpgrade(state: StateAndRef<*>, upgradedContractClass: Class>) = services.vaultService.authoriseContractUpgrade(state, upgradedContractClass) + override fun deauthoriseContractUpgrade(state: StateAndRef<*>) = services.vaultService.deauthoriseContractUpgrade(state) override fun currentNodeTime(): Instant = Instant.now(services.clock) @Suppress("OverridingDeprecatedMember", "DEPRECATION") override fun uploadFile(dataType: String, name: String?, file: InputStream): String { diff --git a/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt b/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt index b0b899153b..32e7da4ecc 100644 --- a/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt +++ b/node/src/main/kotlin/net/corda/node/services/vault/NodeVaultService.kt @@ -337,14 +337,27 @@ class NodeVaultService(private val services: ServiceHub) : SingletonSerializeAsT return Vault.Update(consumedStates, ourNewStates.toHashSet()) } - private fun isRelevant(state: ContractState, ourKeys: Set): Boolean { - return if (state is OwnableState) { - state.owner.containsAny(ourKeys) - } else if (state is LinearState) { - // It's potentially of interest to the vault - state.isRelevant(ourKeys) - } else { - false + // TODO : Persists this in DB. + private val authorisedUpgrade = mutableMapOf>>() + + override fun getAuthorisedContractUpgrade(ref: StateRef) = authorisedUpgrade[ref] + + override fun authoriseContractUpgrade(stateAndRef: StateAndRef<*>, upgradedContractClass: Class>) { + val upgrade = upgradedContractClass.newInstance() + if (upgrade.legacyContract.javaClass != stateAndRef.state.data.contract.javaClass) { + throw IllegalArgumentException("The contract state cannot be upgraded using provided UpgradedContract.") } + authorisedUpgrade.put(stateAndRef.ref, upgradedContractClass) } -} + + override fun deauthoriseContractUpgrade(stateAndRef: StateAndRef<*>) { + authorisedUpgrade.remove(stateAndRef.ref) + } + + private fun isRelevant(state: ContractState, ourKeys: Set) = when (state) { + is OwnableState -> state.owner.containsAny(ourKeys) + // It's potentially of interest to the vault + is LinearState -> state.isRelevant(ourKeys) + else -> false + } +} \ No newline at end of file diff --git a/node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt b/node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt index 3aef650af2..178758757f 100644 --- a/node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt +++ b/node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt @@ -150,7 +150,7 @@ class NotaryChangeTests { } fun issueState(node: AbstractNode, notaryNode: AbstractNode): StateAndRef<*> { - val tx = DummyContract.generateInitial(node.info.legalIdentity.ref(0), Random().nextInt(), notaryNode.info.notaryIdentity) + val tx = DummyContract.generateInitial(Random().nextInt(), notaryNode.info.notaryIdentity, node.info.legalIdentity.ref(0)) val nodeKey = node.services.legalIdentityKey tx.signWith(nodeKey) val notaryKeyPair = notaryNode.services.notaryIdentityKey @@ -178,7 +178,7 @@ fun issueMultiPartyState(nodeA: AbstractNode, nodeB: AbstractNode, notaryNode: A } fun issueInvalidState(node: AbstractNode, notary: Party): StateAndRef<*> { - val tx = DummyContract.generateInitial(node.info.legalIdentity.ref(0), Random().nextInt(), notary) + val tx = DummyContract.generateInitial(Random().nextInt(), notary, node.info.legalIdentity.ref(0)) tx.setTime(Instant.now(), 30.seconds) val nodeKey = node.services.legalIdentityKey tx.signWith(nodeKey) diff --git a/node/src/test/kotlin/net/corda/node/services/NotaryServiceTests.kt b/node/src/test/kotlin/net/corda/node/services/NotaryServiceTests.kt index 619a71e0c1..233b5df2c0 100644 --- a/node/src/test/kotlin/net/corda/node/services/NotaryServiceTests.kt +++ b/node/src/test/kotlin/net/corda/node/services/NotaryServiceTests.kt @@ -140,7 +140,7 @@ class NotaryServiceTests { } fun issueState(node: AbstractNode): StateAndRef<*> { - val tx = DummyContract.generateInitial(node.info.legalIdentity.ref(0), Random().nextInt(), notaryNode.info.notaryIdentity) + val tx = DummyContract.generateInitial(Random().nextInt(), notaryNode.info.notaryIdentity, node.info.legalIdentity.ref(0)) val nodeKey = node.services.legalIdentityKey tx.signWith(nodeKey) val notaryKeyPair = notaryNode.services.notaryIdentityKey diff --git a/node/src/test/kotlin/net/corda/node/services/ValidatingNotaryServiceTests.kt b/node/src/test/kotlin/net/corda/node/services/ValidatingNotaryServiceTests.kt index 2228443f9f..17f8b9996f 100644 --- a/node/src/test/kotlin/net/corda/node/services/ValidatingNotaryServiceTests.kt +++ b/node/src/test/kotlin/net/corda/node/services/ValidatingNotaryServiceTests.kt @@ -86,7 +86,7 @@ class ValidatingNotaryServiceTests { } fun issueState(node: AbstractNode): StateAndRef<*> { - val tx = DummyContract.generateInitial(node.info.legalIdentity.ref(0), Random().nextInt(), notaryNode.info.notaryIdentity) + val tx = DummyContract.generateInitial(Random().nextInt(), notaryNode.info.notaryIdentity, node.info.legalIdentity.ref(0)) val nodeKey = node.services.legalIdentityKey tx.signWith(nodeKey) val notaryKeyPair = notaryNode.services.notaryIdentityKey diff --git a/samples/raft-notary-demo/src/main/kotlin/net/corda/notarydemo/flows/DummyIssueAndMove.kt b/samples/raft-notary-demo/src/main/kotlin/net/corda/notarydemo/flows/DummyIssueAndMove.kt index 6858396298..70a688940b 100644 --- a/samples/raft-notary-demo/src/main/kotlin/net/corda/notarydemo/flows/DummyIssueAndMove.kt +++ b/samples/raft-notary-demo/src/main/kotlin/net/corda/notarydemo/flows/DummyIssueAndMove.kt @@ -14,7 +14,7 @@ class DummyIssueAndMove(private val notary: Party, private val counterpartyNode: val random = Random() val myKeyPair = serviceHub.legalIdentityKey // Self issue an asset - val issueTx = DummyContract.generateInitial(serviceHub.myInfo.legalIdentity.ref(0), random.nextInt(), notary).apply { + val issueTx = DummyContract.generateInitial(random.nextInt(), notary, serviceHub.myInfo.legalIdentity.ref(0)).apply { signWith(myKeyPair) } serviceHub.recordTransactions(issueTx.toSignedTransaction()) diff --git a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/flows/StateRevisionFlow.kt b/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/flows/StateRevisionFlow.kt index 2da3cce5a3..417a6f1eb7 100644 --- a/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/flows/StateRevisionFlow.kt +++ b/samples/simm-valuation-demo/src/main/kotlin/net/corda/vega/flows/StateRevisionFlow.kt @@ -15,7 +15,7 @@ import net.corda.vega.contracts.RevisionedState */ object StateRevisionFlow { class Requester(curStateRef: StateAndRef>, - updatedData: T) : AbstractStateReplacementFlow.Instigator, T>(curStateRef, updatedData) { + updatedData: T) : AbstractStateReplacementFlow.Instigator, RevisionedState, T>(curStateRef, updatedData) { override fun assembleTx(): Pair> { val state = originalState.state.data val tx = state.generateRevision(originalState.state.notary, originalState, modification)