Merge pull request #1203 from corda/mnesbit-rename-to-corda-firewall

ENT-2068: Bridge to Firewall renames
This commit is contained in:
Matthew Nesbit 2018-07-05 17:08:31 +01:00 committed by GitHub
commit bfddca3580
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
70 changed files with 275 additions and 271 deletions

View File

@ -15,7 +15,7 @@ apply plugin: 'net.corda.plugins.publish-utils'
apply plugin: 'us.kirchmeier.capsule'
apply plugin: 'com.jfrog.artifactory'
description 'Corda bridge server capsule'
description 'Corda firewall server capsule'
configurations {
runtimeArtifacts
@ -73,17 +73,17 @@ sourceCompatibility = 1.6
targetCompatibility = 1.6
jar {
baseName 'corda-bridgeserver'
baseName 'corda-firewall'
}
task buildBridgeServerJar(type: FatCapsule, dependsOn: project(':bridge').jar) {
applicationClass 'net.corda.bridge.Bridge'
archiveName "corda-bridgeserver-${corda_release_version}.jar"
task buildFirewallJar(type: FatCapsule, dependsOn: project(':bridge').jar) {
applicationClass 'net.corda.bridge.Firewall'
archiveName "corda-firewall-${corda_release_version}.jar"
applicationSource = files(
project(':bridge').configurations.runtime,
project(':bridge').jar,
"$rootDir/config/dev/log4j2.xml",
"$rootDir/bridge/build/resources/main/reference.conf"
"$rootDir/bridge/build/resources/main/firewalldefault.conf"
)
from 'NOTICE' // Copy CDDL notice
from configurations.capsuleRuntime.files.collect { zipTree(it) }
@ -91,7 +91,7 @@ task buildBridgeServerJar(type: FatCapsule, dependsOn: project(':bridge').jar) {
capsuleManifest {
applicationVersion = corda_release_version
javaAgents = []
systemProperties['visualvm.display.name'] = 'Corda Bridge Server'
systemProperties['visualvm.display.name'] = 'Corda Firewall Server'
minJavaVersion = '1.8.0'
minUpdateVersion['1.8'] = java8_minUpdateVersion
caplets = []
@ -105,8 +105,8 @@ task buildBridgeServerJar(type: FatCapsule, dependsOn: project(':bridge').jar) {
processSmokeTestResources {
from(project.tasks['buildBridgeServerJar']) {
rename 'corda-bridgeserver-(.*)', 'corda-bridgeserver.jar'
from(project.tasks['buildFirewallJar']) {
rename 'corda-firewall-(.*)', 'corda-firewall.jar'
into "net/corda/bridge/smoketest"
}
}
@ -117,8 +117,8 @@ task smokeTest(type: Test) {
}
artifacts {
runtimeArtifacts buildBridgeServerJar
publish buildBridgeServerJar {
runtimeArtifacts buildFirewallJar
publish buildFirewallJar {
classifier ""
}
}

View File

@ -76,8 +76,8 @@ class BridgeSmokeTest {
override val crlCheckSoftFail: Boolean = true
}
artemisConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
copyBridgeResource("corda-bridgeserver.jar")
copyBridgeResource("bridge.conf")
copyBridgeResource("corda-firewall.jar")
copyBridgeResource("firewall.conf")
createNetworkParams(tempFolder.root.toPath())
val (artemisServer, artemisClient) = createArtemis()
val zkServer = TestingServer(11105, false)
@ -143,7 +143,7 @@ class BridgeSmokeTest {
val javaPath: Path = Paths.get(System.getProperty("java.home"), "bin", "java")
val builder = ProcessBuilder()
.command(javaPath.toString(), "-Dcapsule.log=verbose",
"-jar", "corda-bridgeserver.jar")
"-jar", "corda-firewall.jar")
.directory(baseDirectory.toFile())
.inheritIO()

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = SenderReceiver
firewallMode = SenderReceiver
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
socksProxyConfig : {

View File

@ -1,31 +1,27 @@
package net.corda.bridge
import com.typesafe.config.ConfigFactory
import net.corda.bridge.services.api.BridgeConfiguration
import net.corda.bridge.services.api.FirewallConfiguration
import net.corda.bridge.services.config.BridgeConfigHelper
import net.corda.bridge.services.config.parseAsBridgeConfiguration
import net.corda.bridge.services.config.parseAsFirewallConfiguration
import net.corda.core.concurrent.CordaFuture
import net.corda.core.crypto.SecureHash
import net.corda.core.identity.CordaX500Name
import net.corda.core.internal.concurrent.flatMap
import net.corda.core.internal.concurrent.map
import net.corda.core.internal.div
import net.corda.core.utilities.NetworkHostAndPort
import net.corda.core.utilities.getOrThrow
import net.corda.nodeapi.internal.DEV_CA_KEY_STORE_PASS
import net.corda.nodeapi.internal.crypto.X509Utilities
import net.corda.nodeapi.internal.crypto.loadKeyStore
import net.corda.testing.driver.NodeHandle
import net.corda.testing.node.internal.*
import java.io.File
import java.nio.file.Files
import java.nio.file.Path
data class BridgeHandle(
val baseDirectory: Path,
val process: Process,
val configuration: BridgeConfiguration,
val configuration: FirewallConfiguration,
val bridgePort: Int,
val brokerPort: Int,
val debugPort: Int?
@ -33,7 +29,7 @@ data class BridgeHandle(
fun startBridgeProcess(bridgePath: Path, debugPort: Int?): Process {
return ProcessUtilities.startCordaProcess(
className = "net.corda.bridge.Bridge",
className = "net.corda.bridge.Firewall",
arguments = listOf("--base-directory", bridgePath.toString()),
jdwpPort = debugPort,
extraJvmArguments = listOf(),
@ -47,7 +43,7 @@ fun DriverDSLImpl.startBridge(nodeName: CordaX500Name, bridgePort: Int, brokerPo
val bridgeFolder = File("$nodeDirectory-bridge")
bridgeFolder.mkdirs()
createNetworkParams(bridgeFolder.toPath())
val initialConfig = ConfigFactory.parseResources(ConfigTest::class.java, "/net/corda/bridge/singleprocess/bridge.conf")
val initialConfig = ConfigFactory.parseResources(ConfigTest::class.java, "/net/corda/bridge/singleprocess/firewall.conf")
val portConfig = ConfigFactory.parseMap(
mapOf(
"outboundConfig" to mapOf(
@ -59,8 +55,8 @@ fun DriverDSLImpl.startBridge(nodeName: CordaX500Name, bridgePort: Int, brokerPo
)
)
val config = ConfigFactory.parseMap(configOverrides).withFallback(portConfig).withFallback(initialConfig)
writeConfig(bridgeFolder.toPath(), "bridge.conf", config)
val bridgeConfig = BridgeConfigHelper.loadConfig(bridgeFolder.toPath()).parseAsBridgeConfiguration()
writeConfig(bridgeFolder.toPath(), "firewall.conf", config)
val bridgeConfig = BridgeConfigHelper.loadConfig(bridgeFolder.toPath()).parseAsFirewallConfiguration()
val nodeCertificateDirectory = nodeDirectory / "certificates"
val bridgeDebugPort = if (isDebug) debugPortAllocation.nextPort() else null
return pollUntilTrue("$nodeName keystore creation") {

View File

@ -12,8 +12,8 @@ package net.corda.bridge
import com.nhaarman.mockito_kotlin.doReturn
import com.nhaarman.mockito_kotlin.whenever
import net.corda.bridge.internal.BridgeInstance
import net.corda.bridge.services.api.BridgeMode
import net.corda.bridge.internal.FirewallInstance
import net.corda.bridge.services.api.FirewallMode
import net.corda.bridge.services.config.BridgeHAConfigImpl
import net.corda.core.internal.copyToDirectory
import net.corda.core.internal.createDirectories
@ -59,10 +59,10 @@ class BridgeIntegrationTest {
@Test
fun `Load simple all in one bridge and stand it up`() {
val configResource = "/net/corda/bridge/singleprocess/bridge.conf"
val configResource = "/net/corda/bridge/singleprocess/firewall.conf"
createNetworkParams(tempFolder.root.toPath())
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
assertEquals(BridgeMode.SenderReceiver, config.bridgeMode)
assertEquals(FirewallMode.SenderReceiver, config.firewallMode)
assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress)
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress)
assertNull(config.bridgeInnerConfig)
@ -71,7 +71,7 @@ class BridgeIntegrationTest {
val (artemisServer, artemisClient) = createArtemis()
try {
installBridgeControlResponder(artemisClient)
val bridge = BridgeInstance(config, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
val bridge = FirewallInstance(config, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
val stateFollower = bridge.activeChange.toBlocking().iterator
assertEquals(false, stateFollower.next())
assertEquals(false, bridge.active)
@ -92,25 +92,25 @@ class BridgeIntegrationTest {
@Test
fun `Load bridge (bridge Inner) and float outer and stand them up`() {
val bridgeFolder = tempFolder.root.toPath()
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/bridge.conf"
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/firewall.conf"
val bridgeConfig = createAndLoadConfigFromResource(bridgeFolder, bridgeConfigResource)
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
createNetworkParams(bridgeFolder)
assertEquals(BridgeMode.BridgeInner, bridgeConfig.bridgeMode)
assertEquals(FirewallMode.BridgeInner, bridgeConfig.firewallMode)
assertEquals(NetworkHostAndPort("localhost", 11005), bridgeConfig.outboundConfig!!.artemisBrokerAddress)
val floatFolder = tempFolder.root.toPath() / "float"
val floatConfigResource = "/net/corda/bridge/withfloat/float/bridge.conf"
val floatConfigResource = "/net/corda/bridge/withfloat/float/firewall.conf"
val floatConfig = createAndLoadConfigFromResource(floatFolder, floatConfigResource)
floatConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
createNetworkParams(floatFolder)
assertEquals(BridgeMode.FloatOuter, floatConfig.bridgeMode)
assertEquals(FirewallMode.FloatOuter, floatConfig.firewallMode)
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), floatConfig.inboundConfig!!.listeningAddress)
val (artemisServer, artemisClient) = createArtemis()
try {
installBridgeControlResponder(artemisClient)
val bridge = BridgeInstance(bridgeConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
val bridge = FirewallInstance(bridgeConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
val bridgeStateFollower = bridge.activeChange.toBlocking().iterator
val float = BridgeInstance(floatConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
val float = FirewallInstance(floatConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
val floatStateFollower = float.activeChange.toBlocking().iterator
assertEquals(false, floatStateFollower.next())
float.start()
@ -140,7 +140,7 @@ class BridgeIntegrationTest {
@Test
fun `Run HA all in one mode`() {
val configResource = "/net/corda/bridge/hasingleprocess/bridge.conf"
val configResource = "/net/corda/bridge/hasingleprocess/firewall.conf"
createNetworkParams(tempFolder.root.toPath())
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
assertEquals(BridgeHAConfigImpl("zk://localhost:11105,zk://localhost:11106", 10), config.haConfig)
@ -149,7 +149,7 @@ class BridgeIntegrationTest {
val zkServer = TestingServer(11105, false)
try {
installBridgeControlResponder(artemisClient)
val bridge = BridgeInstance(config, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
val bridge = FirewallInstance(config, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
val stateFollower = bridge.activeChange.toBlocking().iterator
assertEquals(false, stateFollower.next())
assertEquals(false, bridge.active)
@ -190,13 +190,13 @@ class BridgeIntegrationTest {
@Test
fun `Run HA float and bridge mode`() {
val bridgeFolder = tempFolder.root.toPath()
val bridgeConfigResource = "/net/corda/bridge/hawithfloat/bridge/bridge.conf"
val bridgeConfigResource = "/net/corda/bridge/hawithfloat/bridge/firewall.conf"
val bridgeConfig = createAndLoadConfigFromResource(bridgeFolder, bridgeConfigResource)
assertEquals(BridgeHAConfigImpl("zk://localhost:11105", 20, "/custom/bridge/ha"), bridgeConfig.haConfig)
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
createNetworkParams(bridgeFolder)
val floatFolder = tempFolder.root.toPath() / "float"
val floatConfigResource = "/net/corda/bridge/hawithfloat/float/bridge.conf"
val floatConfigResource = "/net/corda/bridge/hawithfloat/float/firewall.conf"
val floatConfig = createAndLoadConfigFromResource(floatFolder, floatConfigResource)
assertNull(floatConfig.haConfig)
floatConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
@ -205,9 +205,9 @@ class BridgeIntegrationTest {
val zkServer = TestingServer(11105, false)
try {
installBridgeControlResponder(artemisClient)
val bridge = BridgeInstance(bridgeConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
val bridge = FirewallInstance(bridgeConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
val bridgeStateFollower = bridge.activeChange.toBlocking().iterator
val float = BridgeInstance(floatConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
val float = FirewallInstance(floatConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
val floatStateFollower = float.activeChange.toBlocking().iterator
assertEquals(false, bridgeStateFollower.next())
assertEquals(false, bridge.active)
@ -261,10 +261,10 @@ class BridgeIntegrationTest {
@Test
fun `Test artemis failover logic`() {
val configResource = "/net/corda/bridge/artemisfailover/bridge.conf"
val configResource = "/net/corda/bridge/artemisfailover/firewall.conf"
createNetworkParams(tempFolder.root.toPath())
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
assertEquals(BridgeMode.SenderReceiver, config.bridgeMode)
assertEquals(FirewallMode.SenderReceiver, config.firewallMode)
assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress)
assertEquals(listOf(NetworkHostAndPort("localhost", 12005)), config.outboundConfig!!.alternateArtemisBrokerAddresses)
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress)
@ -279,7 +279,7 @@ class BridgeIntegrationTest {
artemisClient2.start()
installBridgeControlResponder(artemisClient)
installBridgeControlResponder(artemisClient2)
val bridge = BridgeInstance(config, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
val bridge = FirewallInstance(config, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
val stateFollower = bridge.activeChange.toBlocking().iterator
assertEquals(false, stateFollower.next())
assertEquals(false, bridge.active)
@ -316,28 +316,28 @@ class BridgeIntegrationTest {
@Test
fun `Test artemis failover logic with float`() {
val bridgeFolder = tempFolder.root.toPath()
val bridgeConfigResource = "/net/corda/bridge/artemisfailoverandfloat/bridge/bridge.conf"
val bridgeConfigResource = "/net/corda/bridge/artemisfailoverandfloat/bridge/firewall.conf"
val bridgeConfig = createAndLoadConfigFromResource(bridgeFolder, bridgeConfigResource)
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
createNetworkParams(bridgeFolder)
assertEquals(BridgeMode.BridgeInner, bridgeConfig.bridgeMode)
assertEquals(FirewallMode.BridgeInner, bridgeConfig.firewallMode)
assertEquals(NetworkHostAndPort("localhost", 11005), bridgeConfig.outboundConfig!!.artemisBrokerAddress)
assertEquals(listOf(NetworkHostAndPort("localhost", 12005)), bridgeConfig.outboundConfig!!.alternateArtemisBrokerAddresses)
val floatFolder = tempFolder.root.toPath() / "float"
val floatConfigResource = "/net/corda/bridge/artemisfailoverandfloat/float/bridge.conf"
val floatConfigResource = "/net/corda/bridge/artemisfailoverandfloat/float/firewall.conf"
val floatConfig = createAndLoadConfigFromResource(floatFolder, floatConfigResource)
floatConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
createNetworkParams(floatFolder)
assertEquals(BridgeMode.FloatOuter, floatConfig.bridgeMode)
assertEquals(FirewallMode.FloatOuter, floatConfig.firewallMode)
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), floatConfig.inboundConfig!!.listeningAddress)
val (artemisServer, artemisClient) = createArtemis()
val (artemisServer2, artemisClient2) = createArtemis2()
val (artemisServer3, artemisClient3) = createDummyPeerArtemis()
try {
installBridgeControlResponder(artemisClient)
val bridge = BridgeInstance(bridgeConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
val bridge = FirewallInstance(bridgeConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
val bridgeStateFollower = bridge.activeChange.toBlocking().iterator
val float = BridgeInstance(floatConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test"))
val float = FirewallInstance(floatConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test"))
val floatStateFollower = float.activeChange.toBlocking().iterator
assertEquals(false, floatStateFollower.next())
float.start()

View File

@ -2,17 +2,18 @@ package net.corda.bridge
import co.paralleluniverse.fibers.Suspendable
import net.corda.client.rpc.CordaRPCClient
import net.corda.core.concurrent.CordaFuture
import net.corda.core.flows.*
import net.corda.core.identity.Party
import net.corda.core.internal.concurrent.OpenFuture
import net.corda.core.internal.concurrent.doneFuture
import net.corda.core.internal.concurrent.openFuture
import net.corda.core.messaging.startFlow
import net.corda.core.utilities.getOrThrow
import net.corda.core.utilities.unwrap
import net.corda.node.services.Permissions
import net.corda.testing.core.*
import net.corda.testing.core.DUMMY_BANK_A_NAME
import net.corda.testing.core.DUMMY_BANK_B_NAME
import net.corda.testing.core.DUMMY_NOTARY_NAME
import net.corda.testing.core.singleIdentity
import net.corda.testing.internal.IntegrationTest
import net.corda.testing.internal.IntegrationTestSchemas
import net.corda.testing.internal.toDatabaseSchemaName
@ -22,7 +23,6 @@ import org.junit.ClassRule
import org.junit.Test
import java.util.*
import java.util.concurrent.ConcurrentHashMap
import java.util.concurrent.CountDownLatch
import kotlin.concurrent.thread
import kotlin.test.assertEquals

View File

@ -49,7 +49,7 @@ class AMQPListenerTest {
@Test
fun `Basic AMPQListenerService lifecycle test`() {
val configResource = "/net/corda/bridge/singleprocess/bridge.conf"
val configResource = "/net/corda/bridge/singleprocess/firewall.conf"
val maxMessageSize = createNetworkParams(tempFolder.root.toPath())
val bridgeConfig = createAndLoadConfigFromResource(tempFolder.root.toPath() / "listener", configResource)
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)
@ -136,7 +136,7 @@ class AMQPListenerTest {
@Test
fun `Bad certificate audit check`() {
val configResource = "/net/corda/bridge/singleprocess/bridge.conf"
val configResource = "/net/corda/bridge/singleprocess/firewall.conf"
val maxMessageSize = createNetworkParams(tempFolder.root.toPath())
val bridgeConfig = createAndLoadConfigFromResource(tempFolder.root.toPath() / "listener", configResource)
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)

View File

@ -46,7 +46,7 @@ class ArtemisConnectionTest {
@Test
fun `Basic lifecycle test`() {
val configResource = "/net/corda/bridge/singleprocess/bridge.conf"
val configResource = "/net/corda/bridge/singleprocess/firewall.conf"
createNetworkParams(tempFolder.root.toPath())
val bridgeConfig = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME)

View File

@ -68,7 +68,7 @@ class TunnelControlTest {
@Test
fun `Basic tunnel life cycle test`() {
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/bridge.conf"
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/firewall.conf"
val bridgePath = tempFolder.root.toPath() / "bridge"
bridgePath.createDirectories()
val maxMessageSize = createNetworkParams(bridgePath)
@ -89,7 +89,7 @@ class TunnelControlTest {
haService.start()
assertEquals(false, bridgeProxiedReceiverService.active)
val floatConfigResource = "/net/corda/bridge/withfloat/float/bridge.conf"
val floatConfigResource = "/net/corda/bridge/withfloat/float/firewall.conf"
val floatPath = tempFolder.root.toPath() / "float"
floatPath.createDirectories()
createNetworkParams(floatPath)
@ -146,7 +146,7 @@ class TunnelControlTest {
@Test
fun `Inbound message test`() {
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/bridge.conf"
val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/firewall.conf"
val bridgePath = tempFolder.root.toPath() / "bridge"
bridgePath.createDirectories()
val maxMessageSize = createNetworkParams(bridgePath)
@ -170,7 +170,7 @@ class TunnelControlTest {
haService.start()
assertEquals(false, bridgeStateFollower.next())
val floatConfigResource = "/net/corda/bridge/withfloat/float/bridge.conf"
val floatConfigResource = "/net/corda/bridge/withfloat/float/firewall.conf"
val floatPath = tempFolder.root.toPath() / "float"
floatPath.createDirectories()
createNetworkParams(floatPath)

View File

@ -8,13 +8,13 @@
* Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
*/
@file:JvmName("Bridge")
@file:JvmName("Firewall")
package net.corda.bridge
import net.corda.bridge.internal.BridgeStartup
import net.corda.bridge.internal.FirewallStartup
import kotlin.system.exitProcess
fun main(args: Array<String>) {
exitProcess(if (BridgeStartup(args).run()) 0 else 1)
exitProcess(if (FirewallStartup(args).run()) 0 else 1)
}

View File

@ -12,9 +12,9 @@ package net.corda.bridge
import joptsimple.OptionParser
import joptsimple.util.EnumConverter
import net.corda.bridge.services.api.BridgeConfiguration
import net.corda.bridge.services.api.FirewallConfiguration
import net.corda.bridge.services.config.BridgeConfigHelper
import net.corda.bridge.services.config.parseAsBridgeConfiguration
import net.corda.bridge.services.config.parseAsFirewallConfiguration
import net.corda.core.internal.div
import org.slf4j.event.Level
import java.io.PrintStream
@ -27,13 +27,13 @@ class ArgsParser {
// The intent of allowing a command line configurable directory and config path is to allow deployment flexibility.
// Other general configuration should live inside the config file unless we regularly need temporary overrides on the command line
private val baseDirectoryArg = optionParser
.accepts("base-directory", "The bridge working directory where all the files are kept")
.accepts("base-directory", "The firewall working directory where all the files are kept")
.withRequiredArg()
.defaultsTo(".")
private val configFileArg = optionParser
.accepts("config-file", "The path to the config file")
.withRequiredArg()
.defaultsTo("bridge.conf")
.defaultsTo("firewall.conf")
private val loggerLevel = optionParser
.accepts("logging-level", "Enable logging at this level and higher")
.withRequiredArg()
@ -71,8 +71,8 @@ data class CmdLineOptions(val baseDirectory: Path,
val loggingLevel: Level,
val logToConsole: Boolean,
val isVersion: Boolean) {
fun loadConfig(): BridgeConfiguration {
val config = BridgeConfigHelper.loadConfig(baseDirectory, configFile).parseAsBridgeConfiguration()
fun loadConfig(): FirewallConfiguration {
val config = BridgeConfigHelper.loadConfig(baseDirectory, configFile).parseAsFirewallConfiguration()
return config
}
}

View File

@ -12,17 +12,17 @@ package net.corda.bridge
/**
* Encapsulates various pieces of version information of the bridge.
* Encapsulates various pieces of version information of the firewall.
*/
data class BridgeVersionInfo(
data class FirewallVersionInfo(
/**
* Platform version of the bridge which is an integer value which increments on any release where any of the public
* API of the entire Corda platform changes. This includes messaging, serialisation, bridge APIs, etc.
* Platform version of the firewall which is an integer value which increments on any release where any of the public
* API of the entire Corda platform changes. This includes messaging, serialisation, firewall APIs, etc.
*/
val platformVersion: Int,
/** Release version string of the bridge. */
/** Release version string of the firewall. */
val releaseVersion: String,
/** The exact version control commit ID of the bridge build. */
/** The exact version control commit ID of the firewall build. */
val revision: String,
/** The bridge vendor */
/** The firewall vendor */
val vendor: String)

View File

@ -10,7 +10,7 @@ import net.corda.serialization.internal.amqp.SerializerFactory
import net.corda.serialization.internal.amqp.amqpMagic
import java.util.concurrent.ConcurrentHashMap
class AMQPBridgeSerializationScheme(
class AMQPFirewallSerializationScheme(
cordappCustomSerializers: Set<SerializationCustomSerializer<*, *>>,
serializerFactoriesForContexts: MutableMap<Pair<ClassWhitelist, ClassLoader>, SerializerFactory>
) : AbstractAMQPSerializationScheme(cordappCustomSerializers, serializerFactoriesForContexts) {

View File

@ -10,9 +10,9 @@
package net.corda.bridge.internal
import net.corda.bridge.BridgeVersionInfo
import net.corda.bridge.FirewallVersionInfo
import net.corda.bridge.services.api.*
import net.corda.bridge.services.audit.LoggingBridgeAuditService
import net.corda.bridge.services.audit.LoggingFirewallAuditService
import net.corda.bridge.services.supervisors.BridgeSupervisorServiceImpl
import net.corda.bridge.services.supervisors.FloatSupervisorServiceImpl
import net.corda.bridge.services.util.ServiceStateCombiner
@ -36,9 +36,9 @@ import net.corda.serialization.internal.SerializationFactoryImpl
import rx.Subscription
import java.util.concurrent.atomic.AtomicBoolean
class BridgeInstance(val conf: BridgeConfiguration,
val versionInfo: BridgeVersionInfo,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : ServiceLifecycleSupport, ServiceStateSupport by stateHelper {
class FirewallInstance(val conf: FirewallConfiguration,
val versionInfo: FirewallVersionInfo,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : ServiceLifecycleSupport, ServiceStateSupport by stateHelper {
companion object {
val log = contextLogger()
}
@ -47,7 +47,7 @@ class BridgeInstance(val conf: BridgeConfiguration,
private var shutdownHook: ShutdownHook? = null
private var maxMessageSize: Int = -1
private lateinit var bridgeAuditService: BridgeAuditService
private lateinit var firewallAuditService: FirewallAuditService
private var bridgeSupervisorService: BridgeSupervisorService? = null
private var floatSupervisorService: FloatSupervisorService? = null
private var statusFollower: ServiceStateCombiner? = null
@ -69,7 +69,7 @@ class BridgeInstance(val conf: BridgeConfiguration,
val classloader = this.javaClass.classLoader
nodeSerializationEnv = SerializationEnvironmentImpl(
SerializationFactoryImpl().apply {
registerScheme(AMQPBridgeSerializationScheme(emptyList()))
registerScheme(AMQPFirewallSerializationScheme(emptyList()))
},
p2pContext = AMQP_P2P_CONTEXT.withClassLoader(classloader))
}
@ -101,8 +101,8 @@ class BridgeInstance(val conf: BridgeConfiguration,
log.info("Shutdown complete")
}
private val _exitFuture = openFuture<BridgeInstance>()
val onExit: CordaFuture<BridgeInstance> get() = _exitFuture
private val _exitFuture = openFuture<FirewallInstance>()
val onExit: CordaFuture<FirewallInstance> get() = _exitFuture
private fun retrieveNetworkParameters() {
val networkParamsFile = conf.baseDirectory / NETWORK_PARAMS_FILE_NAME
@ -114,16 +114,16 @@ class BridgeInstance(val conf: BridgeConfiguration,
private fun createServices() {
require(maxMessageSize > 0) { "maxMessageSize not initialised" }
bridgeAuditService = LoggingBridgeAuditService(conf)
when (conf.bridgeMode) {
// In the SenderReceiver mode the inbound and outbound message paths are run from within a single bridge process.
firewallAuditService = LoggingFirewallAuditService(conf)
when (conf.firewallMode) {
// In the SenderReceiver mode the inbound and outbound message paths are run from within a single firewall process.
// The process thus contains components that listen for bridge control messages on Artemis.
// The process can then initiates TLS/AMQP 1.0 connections to remote peers and transfers the outbound messages.
// The process also runs a TLS/AMQP 1.0 server socket, which is can receive connections and messages from peers,
// validate the messages and then forwards the packets to the Artemis inbox queue of the node.
BridgeMode.SenderReceiver -> {
floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService)
bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService, floatSupervisorService!!.amqpListenerService)
FirewallMode.SenderReceiver -> {
floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService)
bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService, floatSupervisorService!!.amqpListenerService)
}
// In the BridgeInner mode the process runs the full outbound message path as in the SenderReceiver mode, but the inbound path is split.
// This 'Bridge Inner/Bridge Controller' process runs the more trusted portion of the inbound path.
@ -131,8 +131,8 @@ class BridgeInstance(val conf: BridgeConfiguration,
// Also the the 'Bridge Inner' does more complete validation of inbound messages and ensures that they correspond to legitimate
// node inboxes, before transferring the message to Artemis. Potentially it might carry out deeper checks of received packets.
// However, the 'Bridge Inner' is not directly exposed to the internet, or peers and does not host the TLS/AMQP 1.0 server socket.
BridgeMode.BridgeInner -> {
bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService, null)
FirewallMode.BridgeInner -> {
bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService, null)
}
// In the FloatOuter mode this process runs a minimal AMQP proxy that is designed to run in a DMZ zone.
// The process holds the minimum data necessary to act as the TLS/AMQP 1.0 receiver socket and tries
@ -146,18 +146,18 @@ class BridgeInstance(val conf: BridgeConfiguration,
// be validated against the keys/certificates sent across the control tunnel. Inbound messages are given basic checks that do not require
// holding potentially sensitive information and are then forwarded across the control tunnel to the 'Bridge Inner' process for more
// complete validation checks.
BridgeMode.FloatOuter -> {
floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService)
FirewallMode.FloatOuter -> {
floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService)
}
}
statusFollower = ServiceStateCombiner(listOf(bridgeAuditService, floatSupervisorService, bridgeSupervisorService).filterNotNull())
statusFollower = ServiceStateCombiner(listOf(firewallAuditService, floatSupervisorService, bridgeSupervisorService).filterNotNull())
statusSubscriber = statusFollower!!.activeChange.subscribe({
stateHelper.active = it
}, { log.error("Error in state change", it) })
}
private fun startServices() {
bridgeAuditService.start()
firewallAuditService.start()
bridgeSupervisorService?.start()
floatSupervisorService?.start()
}
@ -166,7 +166,7 @@ class BridgeInstance(val conf: BridgeConfiguration,
stateHelper.active = false
floatSupervisorService?.stop()
bridgeSupervisorService?.stop()
bridgeAuditService.stop()
firewallAuditService.stop()
statusSubscriber?.unsubscribe()
statusSubscriber = null
statusFollower = null

View File

@ -13,9 +13,9 @@ package net.corda.bridge.internal
import com.jcabi.manifests.Manifests
import joptsimple.OptionException
import net.corda.bridge.ArgsParser
import net.corda.bridge.BridgeVersionInfo
import net.corda.bridge.CmdLineOptions
import net.corda.bridge.services.api.BridgeConfiguration
import net.corda.bridge.FirewallVersionInfo
import net.corda.bridge.services.api.FirewallConfiguration
import net.corda.core.internal.createDirectories
import net.corda.core.internal.div
import net.corda.core.utilities.contextLogger
@ -29,7 +29,7 @@ import java.nio.file.Path
import java.util.*
import kotlin.system.exitProcess
class BridgeStartup(val args: Array<String>) {
class FirewallStartup(val args: Array<String>) {
companion object {
// lazy init the logging, because the logging levels aren't configured until we have parsed some options.
private val log by lazy { contextLogger() }
@ -37,14 +37,14 @@ class BridgeStartup(val args: Array<String>) {
}
/**
* @return true if the bridge startup was successful. This value is intended to be the exit code of the process.
* @return true if the firewalls startup was successful. This value is intended to be the exit code of the process.
*/
fun run(): Boolean {
val startTime = System.currentTimeMillis()
val (argsParser, cmdlineOptions) = parseArguments()
// We do the single bridge check before we initialise logging so that in case of a double-bridge start it
// doesn't mess with the running bridge's logs.
// We do the single firewall check before we initialise logging so that in case of a double-firewall start it
// doesn't mess with the running firewall's logs.
enforceSingleBridgeIsRunning(cmdlineOptions.baseDirectory)
initLogging(cmdlineOptions)
@ -66,26 +66,26 @@ class BridgeStartup(val args: Array<String>) {
val conf = try {
loadConfigFile(cmdlineOptions)
} catch (e: Exception) {
log.error("Exception during bridge configuration", e)
log.error("Exception during firewall configuration", e)
return false
}
try {
logStartupInfo(versionInfo, cmdlineOptions, conf)
} catch (e: Exception) {
log.error("Exception during bridge registration", e)
log.error("Exception during firewall registration", e)
return false
}
val bridge = try {
val firewall = try {
cmdlineOptions.baseDirectory.createDirectories()
startBridge(conf, versionInfo, startTime)
startFirewall(conf, versionInfo, startTime)
} catch (e: Exception) {
if (e.message?.startsWith("Unknown named curve:") == true) {
log.error("Exception during bridge startup - ${e.message}. " +
log.error("Exception during firewall startup - ${e.message}. " +
"This is a known OpenJDK issue on some Linux distributions, please use OpenJDK from zulu.org or Oracle JDK.")
} else {
log.error("Exception during bridge startup", e)
log.error("Exception during firewall startup", e)
}
return false
}
@ -93,23 +93,23 @@ class BridgeStartup(val args: Array<String>) {
if (System.getProperties().containsKey("WAIT_KEY_FOR_EXIT")) {
System.`in`.read() // Inside IntelliJ we can't forward CTRL-C, so debugging shutdown is a nightmare. So allow -DWAIT_KEY_FOR_EXIT flag for key based quit.
} else {
bridge.onExit.get()
firewall.onExit.get()
}
log.info("bridge shutting down")
bridge.stop()
log.info("firewall shutting down")
firewall.stop()
return true
}
fun logStartupInfo(versionInfo: BridgeVersionInfo, cmdlineOptions: CmdLineOptions, conf: BridgeConfiguration) {
fun logStartupInfo(versionInfo: FirewallVersionInfo, cmdlineOptions: CmdLineOptions, conf: FirewallConfiguration) {
log.info("Vendor: ${versionInfo.vendor}")
log.info("Release: ${versionInfo.releaseVersion}")
log.info("Platform Version: ${versionInfo.platformVersion}")
log.info("Revision: ${versionInfo.revision}")
val info = ManagementFactory.getRuntimeMXBean()
log.info("PID: ${info.name.split("@").firstOrNull()}") // TODO Java 9 has better support for this
log.info("Main class: ${BridgeStartup::class.java.protectionDomain.codeSource.location.toURI().path}")
log.info("Main class: ${FirewallStartup::class.java.protectionDomain.codeSource.location.toURI().path}")
log.info("CommandLine Args: ${info.inputArguments.joinToString(" ")}")
log.info("Application Args: ${args.joinToString(" ")}")
log.info("bootclasspath: ${info.bootClassPath}")
@ -121,16 +121,16 @@ class BridgeStartup(val args: Array<String>) {
if (agentProperties.containsKey("sun.jdwp.listenerAddress")) {
log.info("Debug port: ${agentProperties.getProperty("sun.jdwp.listenerAddress")}")
}
log.info("Starting as bridge mode of ${conf.bridgeMode}")
log.info("Starting as firewall mode of ${conf.firewallMode}")
}
protected fun loadConfigFile(cmdlineOptions: CmdLineOptions): BridgeConfiguration = cmdlineOptions.loadConfig()
protected fun loadConfigFile(cmdlineOptions: CmdLineOptions): FirewallConfiguration = cmdlineOptions.loadConfig()
protected fun getVersionInfo(): BridgeVersionInfo {
protected fun getVersionInfo(): FirewallVersionInfo {
// Manifest properties are only available if running from the corda jar
fun manifestValue(name: String): String? = if (Manifests.exists(name)) Manifests.read(name) else null
return BridgeVersionInfo(
return FirewallVersionInfo(
manifestValue("Corda-Platform-Version")?.toInt() ?: 1,
manifestValue("Corda-Release-Version") ?: "Unknown",
manifestValue("Corda-Revision") ?: "Unknown",
@ -143,14 +143,14 @@ class BridgeStartup(val args: Array<String>) {
// file that we'll do our best to delete on exit. But if we don't, it'll be overwritten next time. If it already
// exists, we try to take the file lock first before replacing it and if that fails it means we're being started
// twice with the same directory: that's a user error and we should bail out.
val pidFile = (baseDirectory / "bridge-process-id").toFile()
val pidFile = (baseDirectory / "firewall-process-id").toFile()
pidFile.createNewFile()
pidFile.deleteOnExit()
val pidFileRw = RandomAccessFile(pidFile, "rw")
val pidFileLock = pidFileRw.channel.tryLock()
if (pidFileLock == null) {
println("It appears there is already a bridge running with the specified data directory $baseDirectory")
println("Shut that other bridge down and try again. It may have process ID ${pidFile.readText()}")
println("It appears there is already a firewall running with the specified data directory $baseDirectory")
println("Shut that other firewall down and try again. It may have process ID ${pidFile.readText()}")
System.exit(1)
}
// Avoid the lock being garbage collected. We don't really need to release it as the OS will do so for us
@ -204,11 +204,11 @@ class BridgeStartup(val args: Array<String>) {
SLF4JBridgeHandler.install()
}
fun startBridge(conf: BridgeConfiguration, versionInfo: BridgeVersionInfo, startTime: Long): BridgeInstance {
val bridge = BridgeInstance(conf, versionInfo)
bridge.start()
fun startFirewall(conf: FirewallConfiguration, versionInfo: FirewallVersionInfo, startTime: Long): FirewallInstance {
val firewall = FirewallInstance(conf, versionInfo)
firewall.start()
val elapsed = (System.currentTimeMillis() - startTime) / 10 / 100.0
log.info("Bridge started up and registered in $elapsed sec")
return bridge
log.info("Firewall started up and registered in $elapsed sec")
return firewall
}
}

View File

@ -17,7 +17,7 @@ import java.security.KeyStore
/**
* This service when activated via [provisionKeysAndActivate] installs an AMQP listening socket,
* which listens on the port specified in the [BridgeConfiguration.inboundConfig] section.
* which listens on the port specified in the [FirewallConfiguration.inboundConfig] section.
* The service technically runs inside the 'float' portion of the bridge, so that it can be run remotely inside the DMZ.
* As a result it reports as active, whilst not actually listening. Only when the TLS [KeyStore]s are passed to it
* does the service become [running].

View File

@ -13,7 +13,7 @@ package net.corda.bridge.services.api
import net.corda.nodeapi.internal.ArtemisMessagingClient
/**
* This provides a service to manage connection to the local broker as defined in the [BridgeConfiguration.outboundConfig] section.
* This provides a service to manage connection to the local broker as defined in the [FirewallConfiguration.outboundConfig] section.
* Once started the service will repeatedly attempt to connect to the bus, signalling success by changing to the [active] state.
*/
interface BridgeArtemisConnectionService : ServiceLifecycleSupport {

View File

@ -11,9 +11,9 @@
package net.corda.bridge.services.api
/**
* This is the top level service representing the [BridgeMode.BridgeInner] service stack. The primary role of this component is to
* create and wire up concrete implementations of the relevant services according to the [BridgeConfiguration] details.
* This is the top level service representing the [FirewallMode.BridgeInner] service stack. The primary role of this component is to
* create and wire up concrete implementations of the relevant services according to the [FirewallConfiguration] details.
* The possibly proxied path to the [BridgeAMQPListenerService] is typically a constructor input
* as that is a [BridgeMode.FloatOuter] component.
* as that is a [FirewallMode.FloatOuter] component.
*/
interface BridgeSupervisorService : ServiceLifecycleSupport

View File

@ -18,7 +18,7 @@ import java.net.InetSocketAddress
* Currently the simple implementation just records events to log file, but future implementations may need to post
* security data to an enterprise service.
*/
interface BridgeAuditService : ServiceLifecycleSupport {
interface FirewallAuditService : ServiceLifecycleSupport {
fun successfulConnectionEvent(inbound: Boolean, sourceIP: InetSocketAddress, certificateSubject: String, msg: String)
fun failedConnectionEvent(inbound: Boolean, sourceIP: InetSocketAddress?, certificateSubject: String?, msg: String)
fun packetDropEvent(packet: ReceivedMessage?, msg: String)

View File

@ -17,7 +17,7 @@ import net.corda.nodeapi.internal.config.SSLConfiguration
import net.corda.nodeapi.internal.protonwrapper.netty.SocksProxyConfig
import java.nio.file.Path
enum class BridgeMode {
enum class FirewallMode {
/**
* The Bridge/Float is run as a single process with both AMQP sending and receiving functionality.
*/
@ -71,8 +71,8 @@ interface BridgeInboundConfiguration {
}
/**
* Details of the target control ports of available [BridgeMode.FloatOuter] processes from the perspective of the [BridgeMode.BridgeInner] process.
* Required for [BridgeMode.BridgeInner] mode.
* Details of the target control ports of available [FirewallMode.FloatOuter] processes from the perspective of the [FirewallMode.BridgeInner] process.
* Required for [FirewallMode.BridgeInner] mode.
*/
interface BridgeInnerConfiguration {
val floatAddresses: List<NetworkHostAndPort>
@ -91,8 +91,8 @@ interface BridgeHAConfig {
}
/**
* Details of the listening port for a [BridgeMode.FloatOuter] process and of the certificate that the [BridgeMode.BridgeInner] should present.
* Required for [BridgeMode.FloatOuter] mode.
* Details of the listening port for a [FirewallMode.FloatOuter] process and of the certificate that the [FirewallMode.BridgeInner] should present.
* Required for [FirewallMode.FloatOuter] mode.
*/
interface FloatOuterConfiguration {
val floatAddress: NetworkHostAndPort
@ -101,8 +101,8 @@ interface FloatOuterConfiguration {
val customSSLConfiguration: BridgeSSLConfiguration?
}
interface BridgeConfiguration : NodeSSLConfiguration {
val bridgeMode: BridgeMode
interface FirewallConfiguration : NodeSSLConfiguration {
val firewallMode: FirewallMode
val outboundConfig: BridgeOutboundConfiguration?
val inboundConfig: BridgeInboundConfiguration?
val bridgeInnerConfig: BridgeInnerConfiguration?

View File

@ -11,7 +11,7 @@
package net.corda.bridge.services.api
/**
* This service represent an AMQP socket listener that awaits a remote initiated connection from the [BridgeMode.BridgeInner].
* Only one active connection is allowed at a time and it must match the configured requirements in the [BridgeConfiguration.bridgeInnerConfig].
* This service represent an AMQP socket listener that awaits a remote initiated connection from the [FirewallMode.BridgeInner].
* Only one active connection is allowed at a time and it must match the configured requirements in the [FirewallConfiguration.bridgeInnerConfig].
*/
interface FloatControlService : ServiceLifecycleSupport

View File

@ -11,7 +11,7 @@
package net.corda.bridge.services.api
/**
* This is the top level service responsible for creating and managing the [BridgeMode.FloatOuter] portions of the bridge.
* This is the top level service responsible for creating and managing the [FirewallMode.FloatOuter] portions of the bridge.
* It exposes a possibly proxied [BridgeAMQPListenerService] component that is used in the [BridgeSupervisorService]
* to wire up the internal portions of the AMQP peer inbound message path.
*/

View File

@ -28,9 +28,9 @@ import rx.Subscription
import java.lang.Long.min
import java.util.concurrent.CountDownLatch
class BridgeArtemisConnectionServiceImpl(val conf: BridgeConfiguration,
class BridgeArtemisConnectionServiceImpl(val conf: FirewallConfiguration,
val maxMessageSize: Int,
val auditService: BridgeAuditService,
val auditService: FirewallAuditService,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeArtemisConnectionService, ServiceStateSupport by stateHelper {
companion object {
val log = contextLogger()

View File

@ -10,8 +10,8 @@
package net.corda.bridge.services.audit
import net.corda.bridge.services.api.BridgeAuditService
import net.corda.bridge.services.api.BridgeConfiguration
import net.corda.bridge.services.api.FirewallAuditService
import net.corda.bridge.services.api.FirewallConfiguration
import net.corda.bridge.services.api.ServiceStateSupport
import net.corda.bridge.services.util.ServiceStateHelper
import net.corda.core.utilities.contextLogger
@ -19,8 +19,8 @@ import net.corda.core.utilities.trace
import net.corda.nodeapi.internal.protonwrapper.messages.ReceivedMessage
import java.net.InetSocketAddress
class LoggingBridgeAuditService(val conf: BridgeConfiguration,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeAuditService, ServiceStateSupport by stateHelper {
class LoggingFirewallAuditService(val conf: FirewallConfiguration,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : FirewallAuditService, ServiceStateSupport by stateHelper {
companion object {
val log = contextLogger()
}

View File

@ -30,11 +30,11 @@ object BridgeConfigHelper {
private val log = LoggerFactory.getLogger(javaClass)
fun loadConfig(baseDirectory: Path,
configFile: Path = baseDirectory / "bridge.conf",
configFile: Path = baseDirectory / "firewall.conf",
allowMissingConfig: Boolean = false,
configOverrides: Config = ConfigFactory.empty()): Config {
val parseOptions = ConfigParseOptions.defaults()
val defaultConfig = ConfigFactory.parseResources("bridgedefault.conf", parseOptions.setAllowMissing(false))
val defaultConfig = ConfigFactory.parseResources("firewalldefault.conf", parseOptions.setAllowMissing(false))
val appConfig = ConfigFactory.parseFile(configFile.toFile(), parseOptions.setAllowMissing(allowMissingConfig))
val systemOverrides = systemProperties().bridgeEntriesOnly()
val environmentOverrides = systemEnvironment().bridgeEntriesOnly()

View File

@ -23,7 +23,7 @@ import java.nio.file.Path
import java.nio.file.Paths
fun Config.parseAsBridgeConfiguration(): BridgeConfiguration = parseAs<BridgeConfigurationImpl>()
fun Config.parseAsFirewallConfiguration(): FirewallConfiguration = parseAs<FirewallConfigurationImpl>()
data class BridgeSSLConfigurationImpl(override val keyStorePassword: String,
override val trustStorePassword: String,
@ -53,7 +53,7 @@ data class FloatOuterConfigurationImpl(override val floatAddress: NetworkHostAnd
data class BridgeHAConfigImpl(override val haConnectionString: String, override val haPriority: Int = 10, override val haTopic: String = "/bridge/ha") : BridgeHAConfig
data class BridgeConfigurationImpl(
data class FirewallConfigurationImpl(
override val baseDirectory: Path,
override val certificatesDirectory: Path = baseDirectory / "certificates",
override val sslKeystore: Path = certificatesDirectory / "sslkeystore.jks",
@ -61,7 +61,7 @@ data class BridgeConfigurationImpl(
override val crlCheckSoftFail: Boolean,
override val keyStorePassword: String,
override val trustStorePassword: String,
override val bridgeMode: BridgeMode,
override val firewallMode: FirewallMode,
override val networkParametersPath: Path,
override val outboundConfig: BridgeOutboundConfigurationImpl?,
override val inboundConfig: BridgeInboundConfigurationImpl?,
@ -74,13 +74,13 @@ data class BridgeConfigurationImpl(
override val politeShutdownPeriod: Int = 1000,
override val p2pConfirmationWindowSize: Int = 1048576,
override val whitelistedHeaders: List<String> = ArtemisMessagingComponent.Companion.P2PMessagingHeaders.whitelistedHeaders.toList()
) : BridgeConfiguration {
) : FirewallConfiguration {
init {
if (bridgeMode == BridgeMode.SenderReceiver) {
if (firewallMode == FirewallMode.SenderReceiver) {
require(inboundConfig != null && outboundConfig != null) { "Missing required configuration" }
} else if (bridgeMode == BridgeMode.BridgeInner) {
} else if (firewallMode == FirewallMode.BridgeInner) {
require(bridgeInnerConfig != null && outboundConfig != null) { "Missing required configuration" }
} else if (bridgeMode == BridgeMode.FloatOuter) {
} else if (firewallMode == FirewallMode.FloatOuter) {
require(inboundConfig != null && floatOuterConfig != null) { "Missing required configuration" }
}
}

View File

@ -24,8 +24,8 @@ import org.apache.activemq.artemis.api.core.client.ClientProducer
import org.apache.activemq.artemis.api.core.client.ClientSession
import rx.Subscription
class SimpleMessageFilterService(val conf: BridgeConfiguration,
val auditService: BridgeAuditService,
class SimpleMessageFilterService(val conf: FirewallConfiguration,
val auditService: FirewallAuditService,
val artemisConnectionService: BridgeArtemisConnectionService,
val bridgeSenderService: BridgeSenderService,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : IncomingMessageFilterService, ServiceStateSupport by stateHelper {

View File

@ -10,9 +10,9 @@
package net.corda.bridge.services.ha
import net.corda.bridge.services.api.BridgeAuditService
import net.corda.bridge.services.api.BridgeConfiguration
import net.corda.bridge.services.api.BridgeMasterService
import net.corda.bridge.services.api.FirewallAuditService
import net.corda.bridge.services.api.FirewallConfiguration
import net.corda.bridge.services.api.ServiceStateSupport
import net.corda.bridge.services.util.ServiceStateHelper
import net.corda.core.utilities.contextLogger
@ -25,8 +25,8 @@ import java.util.concurrent.Executors
import java.util.concurrent.ScheduledFuture
import java.util.concurrent.TimeUnit
class ExternalMasterElectionService(val conf: BridgeConfiguration,
val auditService: BridgeAuditService,
class ExternalMasterElectionService(val conf: FirewallConfiguration,
val auditService: FirewallAuditService,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeMasterService, ServiceStateSupport by stateHelper {
private var haElector: ZkLeader? = null

View File

@ -10,15 +10,15 @@
package net.corda.bridge.services.ha
import net.corda.bridge.services.api.BridgeAuditService
import net.corda.bridge.services.api.BridgeConfiguration
import net.corda.bridge.services.api.BridgeMasterService
import net.corda.bridge.services.api.FirewallAuditService
import net.corda.bridge.services.api.FirewallConfiguration
import net.corda.bridge.services.api.ServiceStateSupport
import net.corda.bridge.services.util.ServiceStateHelper
import net.corda.core.utilities.contextLogger
class SingleInstanceMasterService(val conf: BridgeConfiguration,
val auditService: BridgeAuditService,
class SingleInstanceMasterService(val conf: FirewallConfiguration,
val auditService: FirewallAuditService,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeMasterService, ServiceStateSupport by stateHelper {
companion object {
val log = contextLogger()

View File

@ -11,8 +11,8 @@
package net.corda.bridge.services.receiver
import net.corda.bridge.services.api.BridgeAMQPListenerService
import net.corda.bridge.services.api.BridgeAuditService
import net.corda.bridge.services.api.BridgeConfiguration
import net.corda.bridge.services.api.FirewallAuditService
import net.corda.bridge.services.api.FirewallConfiguration
import net.corda.bridge.services.api.ServiceStateSupport
import net.corda.bridge.services.util.ServiceStateCombiner
import net.corda.bridge.services.util.ServiceStateHelper
@ -30,9 +30,9 @@ import java.io.ByteArrayInputStream
import java.security.KeyStore
import java.util.*
class BridgeAMQPListenerServiceImpl(val conf: BridgeConfiguration,
class BridgeAMQPListenerServiceImpl(val conf: FirewallConfiguration,
val maximumMessageSize: Int,
val auditService: BridgeAuditService,
val auditService: FirewallAuditService,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeAMQPListenerService, ServiceStateSupport by stateHelper {
companion object {
val log = contextLogger()

View File

@ -33,9 +33,9 @@ import java.util.concurrent.locks.ReentrantLock
import kotlin.concurrent.withLock
class FloatControlListenerService(val conf: BridgeConfiguration,
class FloatControlListenerService(val conf: FirewallConfiguration,
val maximumMessageSize: Int,
val auditService: BridgeAuditService,
val auditService: FirewallAuditService,
val amqpListener: BridgeAMQPListenerService,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : FloatControlService, ServiceStateSupport by stateHelper {
companion object {

View File

@ -19,8 +19,8 @@ import net.corda.nodeapi.internal.config.SSLConfiguration
import net.corda.nodeapi.internal.protonwrapper.messages.ReceivedMessage
import rx.Subscription
class InProcessBridgeReceiverService(val conf: BridgeConfiguration,
val auditService: BridgeAuditService,
class InProcessBridgeReceiverService(val conf: FirewallConfiguration,
val auditService: FirewallAuditService,
haService: BridgeMasterService,
val amqpListenerService: BridgeAMQPListenerService,
val filterService: IncomingMessageFilterService,

View File

@ -36,9 +36,9 @@ import java.security.SecureRandom
import java.util.concurrent.TimeUnit
import java.util.concurrent.TimeoutException
class TunnelingBridgeReceiverService(val conf: BridgeConfiguration,
class TunnelingBridgeReceiverService(val conf: FirewallConfiguration,
val maximumMessageSize: Int,
val auditService: BridgeAuditService,
val auditService: FirewallAuditService,
haService: BridgeMasterService,
val filterService: IncomingMessageFilterService,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeReceiverService, ServiceStateSupport by stateHelper {

View File

@ -20,9 +20,9 @@ import net.corda.nodeapi.internal.ArtemisSessionProvider
import net.corda.nodeapi.internal.bridging.BridgeControlListener
import rx.Subscription
class DirectBridgeSenderService(val conf: BridgeConfiguration,
class DirectBridgeSenderService(val conf: FirewallConfiguration,
val maxMessageSize: Int,
val auditService: BridgeAuditService,
val auditService: FirewallAuditService,
haService: BridgeMasterService,
val artemisConnectionService: BridgeArtemisConnectionService,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeSenderService, ServiceStateSupport by stateHelper {

View File

@ -24,9 +24,9 @@ import net.corda.core.utilities.contextLogger
import org.slf4j.LoggerFactory
import rx.Subscription
class BridgeSupervisorServiceImpl(val conf: BridgeConfiguration,
class BridgeSupervisorServiceImpl(val conf: FirewallConfiguration,
maxMessageSize: Int,
val auditService: BridgeAuditService,
val auditService: FirewallAuditService,
inProcessAMQPListenerService: BridgeAMQPListenerService?,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeSupervisorService, ServiceStateSupport by stateHelper {
companion object {
@ -51,7 +51,7 @@ class BridgeSupervisorServiceImpl(val conf: BridgeConfiguration,
artemisService = BridgeArtemisConnectionServiceImpl(conf, maxMessageSize, auditService)
senderService = DirectBridgeSenderService(conf, maxMessageSize, auditService, haService, artemisService)
filterService = SimpleMessageFilterService(conf, auditService, artemisService, senderService)
receiverService = if (conf.bridgeMode == BridgeMode.SenderReceiver) {
receiverService = if (conf.firewallMode == FirewallMode.SenderReceiver) {
InProcessBridgeReceiverService(conf, auditService, haService, inProcessAMQPListenerService!!, filterService)
} else {
require(inProcessAMQPListenerService == null) { "Should not have an in process instance of the AMQPListenerService" }

View File

@ -19,9 +19,9 @@ import net.corda.core.utilities.contextLogger
import org.slf4j.LoggerFactory
import rx.Subscription
class FloatSupervisorServiceImpl(val conf: BridgeConfiguration,
class FloatSupervisorServiceImpl(val conf: FirewallConfiguration,
val maxMessageSize: Int,
val auditService: BridgeAuditService,
val auditService: FirewallAuditService,
private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : FloatSupervisorService, ServiceStateSupport by stateHelper {
companion object {
val log = contextLogger()
@ -35,7 +35,7 @@ class FloatSupervisorServiceImpl(val conf: BridgeConfiguration,
init {
amqpListenerService = BridgeAMQPListenerServiceImpl(conf, maxMessageSize, auditService)
floatControlService = if (conf.bridgeMode == BridgeMode.FloatOuter) {
floatControlService = if (conf.firewallMode == FirewallMode.FloatOuter) {
require(conf.haConfig == null) { "Float process should not have HA config, that is controlled via the bridge." }
FloatControlListenerService(conf, maxMessageSize, auditService, amqpListenerService)
} else {

View File

@ -10,7 +10,7 @@
package net.corda.bridge
import net.corda.bridge.services.api.BridgeConfiguration
import net.corda.bridge.services.api.FirewallConfiguration
import net.corda.core.crypto.Crypto.generateKeyPair
import net.corda.core.identity.CordaX500Name
import net.corda.core.internal.createDirectories
@ -51,7 +51,7 @@ fun createNetworkParams(baseDirectory: Path): Int {
}
fun createAndLoadConfigFromResource(baseDirectory: Path, configResource: String): BridgeConfiguration {
fun createAndLoadConfigFromResource(baseDirectory: Path, configResource: String): FirewallConfiguration {
val workspaceFolder = baseDirectory.normalize().toAbsolutePath()
val args = arrayOf("--base-directory", workspaceFolder.toString())
val argsParser = ArgsParser()

View File

@ -10,7 +10,7 @@
package net.corda.bridge
import net.corda.bridge.services.api.BridgeMode
import net.corda.bridge.services.api.FirewallMode
import net.corda.core.identity.CordaX500Name
import net.corda.core.internal.div
import net.corda.core.utilities.NetworkHostAndPort
@ -35,9 +35,9 @@ class ConfigTest {
@Test
fun `Load simple config`() {
val configResource = "/net/corda/bridge/singleprocess/bridge.conf"
val configResource = "/net/corda/bridge/singleprocess/firewall.conf"
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
assertEquals(BridgeMode.SenderReceiver, config.bridgeMode)
assertEquals(FirewallMode.SenderReceiver, config.firewallMode)
assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress)
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress)
assertNull(config.bridgeInnerConfig)
@ -46,9 +46,9 @@ class ConfigTest {
@Test
fun `Load simple bridge config`() {
val configResource = "/net/corda/bridge/withfloat/bridge/bridge.conf"
val configResource = "/net/corda/bridge/withfloat/bridge/firewall.conf"
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
assertEquals(BridgeMode.BridgeInner, config.bridgeMode)
assertEquals(FirewallMode.BridgeInner, config.firewallMode)
assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress)
assertNull(config.inboundConfig)
assertEquals(listOf(NetworkHostAndPort("localhost", 12005)), config.bridgeInnerConfig!!.floatAddresses)
@ -58,9 +58,9 @@ class ConfigTest {
@Test
fun `Load simple float config`() {
val configResource = "/net/corda/bridge/withfloat/float/bridge.conf"
val configResource = "/net/corda/bridge/withfloat/float/firewall.conf"
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
assertEquals(BridgeMode.FloatOuter, config.bridgeMode)
assertEquals(FirewallMode.FloatOuter, config.firewallMode)
assertNull(config.outboundConfig)
assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress)
assertNull(config.bridgeInnerConfig)
@ -70,7 +70,7 @@ class ConfigTest {
@Test
fun `Load overridden cert config`() {
val configResource = "/net/corda/bridge/custombasecerts/bridge.conf"
val configResource = "/net/corda/bridge/custombasecerts/firewall.conf"
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
assertEquals(Paths.get("customcerts/mysslkeystore.jks"), config.sslKeystore)
assertEquals(Paths.get("customcerts/mytruststore.jks"), config.trustStoreFile)
@ -78,7 +78,7 @@ class ConfigTest {
@Test
fun `Load custom inner certificate config`() {
val configResource = "/net/corda/bridge/separatedwithcustomcerts/bridge/bridge.conf"
val configResource = "/net/corda/bridge/separatedwithcustomcerts/bridge/firewall.conf"
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
assertEquals(Paths.get("outboundcerts/outboundkeys.jks"), config.outboundConfig!!.customSSLConfiguration!!.sslKeystore)
assertEquals(Paths.get("outboundcerts/outboundtrust.jks"), config.outboundConfig!!.customSSLConfiguration!!.trustStoreFile)
@ -94,7 +94,7 @@ class ConfigTest {
@Test
fun `Load custom outer certificate config`() {
val configResource = "/net/corda/bridge/separatedwithcustomcerts/float/bridge.conf"
val configResource = "/net/corda/bridge/separatedwithcustomcerts/float/firewall.conf"
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
assertEquals(Paths.get("inboundcerts/inboundkeys.jks"), config.inboundConfig!!.customSSLConfiguration!!.sslKeystore)
assertEquals(Paths.get("inboundcerts/inboundtrust.jks"), config.inboundConfig!!.customSSLConfiguration!!.trustStoreFile)
@ -110,7 +110,7 @@ class ConfigTest {
@Test
fun `Load config withsocks support`() {
val configResource = "/net/corda/bridge/withsocks/bridge.conf"
val configResource = "/net/corda/bridge/withsocks/firewall.conf"
val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource)
assertEquals(SocksProxyVersion.SOCKS5, config.outboundConfig!!.socksProxyConfig!!.version)
assertEquals(NetworkHostAndPort("localhost", 12345), config.outboundConfig!!.socksProxyConfig!!.proxyAddress)

View File

@ -13,8 +13,8 @@ package net.corda.bridge.services
import com.nhaarman.mockito_kotlin.*
import net.corda.bridge.createPartialMock
import net.corda.bridge.services.api.BridgeArtemisConnectionService
import net.corda.bridge.services.api.BridgeConfiguration
import net.corda.bridge.services.api.BridgeSenderService
import net.corda.bridge.services.api.FirewallConfiguration
import net.corda.bridge.services.filter.SimpleMessageFilterService
import net.corda.nodeapi.internal.ArtemisMessagingClient
import net.corda.nodeapi.internal.ArtemisMessagingComponent
@ -38,7 +38,7 @@ class FilterServiceTest {
@Test
fun `Basic function tests`() {
val conf = rigorousMock<BridgeConfiguration>().also {
val conf = rigorousMock<FirewallConfiguration>().also {
doReturn(ArtemisMessagingComponent.Companion.P2PMessagingHeaders.whitelistedHeaders.toList()).whenever(it).whitelistedHeaders
}
val auditService = TestAuditService()
@ -109,7 +109,7 @@ class FilterServiceTest {
@Test
fun `Rejection tests`() {
val conf = rigorousMock<BridgeConfiguration>().also {
val conf = rigorousMock<FirewallConfiguration>().also {
doReturn(ArtemisMessagingComponent.Companion.P2PMessagingHeaders.whitelistedHeaders.toList()).whenever(it).whitelistedHeaders
}
val auditService = TestAuditService()

View File

@ -10,13 +10,13 @@
package net.corda.bridge.services
import net.corda.bridge.services.api.BridgeAuditService
import net.corda.bridge.services.api.FirewallAuditService
import net.corda.nodeapi.internal.protonwrapper.messages.ReceivedMessage
import rx.Observable
import rx.subjects.PublishSubject
import java.net.InetSocketAddress
class TestAuditService() : BridgeAuditService, TestServiceBase() {
class TestAuditService() : FirewallAuditService, TestServiceBase() {
enum class AuditEvent {
SUCCESSFUL_CONNECTION,
FAILED_CONNECTION,

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = SenderReceiver
firewallMode = SenderReceiver
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
alternateArtemisBrokerAddresses = ["localhost:12005"]

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = BridgeInner
firewallMode = BridgeInner
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
alternateArtemisBrokerAddresses = ["localhost:12005"]

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = FloatOuter
firewallMode = FloatOuter
inboundConfig : {
listeningAddress = "0.0.0.0:10005"
}

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = SenderReceiver
firewallMode = SenderReceiver
sslKeystore = "customcerts/mysslkeystore.jks"
trustStoreFile = "customcerts/mytruststore.jks"
outboundConfig : {

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = SenderReceiver
firewallMode = SenderReceiver
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
}

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = BridgeInner
firewallMode = BridgeInner
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
}

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = FloatOuter
firewallMode = FloatOuter
inboundConfig : {
listeningAddress = "0.0.0.0:10005"
}

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = BridgeInner
firewallMode = BridgeInner
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
customSSLConfiguration : {

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = FloatOuter
firewallMode = FloatOuter
inboundConfig : {
listeningAddress = "0.0.0.0:10005"
customSSLConfiguration : {

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = SenderReceiver
firewallMode = SenderReceiver
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
}

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = BridgeInner
firewallMode = BridgeInner
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
}

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = FloatOuter
firewallMode = FloatOuter
inboundConfig : {
listeningAddress = "0.0.0.0:10005"
}

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = SenderReceiver
firewallMode = SenderReceiver
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
socksProxyConfig : {

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = SenderReceiver
firewallMode = SenderReceiver
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
socksProxyConfig : {

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = SenderReceiver
firewallMode = SenderReceiver
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
socksProxyConfig : {

View File

@ -7,7 +7,7 @@
//
// Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited.
bridgeMode = SenderReceiver
firewallMode = SenderReceiver
outboundConfig : {
artemisBrokerAddress = "localhost:11005"
socksProxyConfig : {

View File

@ -397,7 +397,7 @@ bintrayConfig {
'corda-tools-blob-inspector',
'corda-tools-explorer',
'corda-tools-network-bootstrapper',
'corda-bridgeserver',
'corda-firewall',
'corda-ptflows',
'jmeter-corda',
'tools-database-manager',

View File

@ -6,6 +6,12 @@ release, see :doc:`upgrade-notes`.
Unreleased
----------
* The ``corda-bridgserver.jar`` has been renamed to ``corda-firewall.jar`` to be more consistent
with marketing materials and purpose of the jar. Further to this we have also renamed ``bridge.conf`` to ``firewall.conf``
and within that file the ``bridgeMode`` propety has been modified to ``firewallMode`` for overall consistency.
This will be a breaking change for early adopters and their deployments, but hopefully will be more future proof.
* Remove all references to the out-of-process transaction verification.
* Introduced a hierarchy of ``DatabaseMigrationException``s, allowing ``NodeStartup`` to gracefully inform users of problems related to database migrations before exiting with a non-zero code.

View File

@ -1,12 +1,12 @@
Bridge component overview
=========================
Firewall Component Overview
===============================
.. contents::
Introduction
------------
The Corda bridge/float component is designed for enterprise deployments and acts as an application level
firewall and protocol break on all internet facing endpoints. The ``corda-bridgeserver.jar`` encapsulates the peer
The Corda Firewall (bridge/float) component is designed for enterprise deployments and acts as an application level
firewall and protocol break on all internet facing endpoints. The ``corda-firewall.jar`` encapsulates the peer
network functionality of the basic Corda Enterprise node, so that this can be operated separately from the security sensitive
JVM runtime of the node. This gives separation of functionality and ensures that the legal identity keys are not
used in the same process as the internet TLS connections. Also, it adds support for enterprise deployment requirements,
@ -20,13 +20,13 @@ The component referred to here as the *bridge* is the library of code responsibl
nodes and implements the AMQP 1.0 protocol over TLS 1.0 between peers to provide reliable flow message delivery. This
component can be run as a simple integrated feature of the node. However, for enhanced security and features in Corda
Enterprise, the in-node version should be turned off and a standalone and HA version can be run from the
``corda-bridgeserver.jar``, possibly integrating with a SOCKS proxy.
``corda-firewall.jar``, possibly integrating with a SOCKS proxy.
The *float* component refers to the inbound socket listener, packet filtering and DMZ compatible component. In the
simple all-in-one node all inbound peer connections terminate directly onto an embedded Artemis broker component
hosted within the node. The connection authentication and packet the filtering is managed directly via Artemis
permission controls managed directly inside the node JVM. For Corda Enterprise deployments we provide a more
secure and configurable isolation component that is available using code inside ``corda-bridgeserver.jar``. This
secure and configurable isolation component that is available using code inside ``corda-firewall.jar``. This
component is designed to provide a clear protocol break and thus prevents the node and Artemis server ever being
directly exposed to peers. For simpler deployments with no DMZ the float and bridge logic can also be run as a
single application behind the firewall, but still protecting the node and hosted Artemis. In future we may also host
@ -119,9 +119,10 @@ Operating modes of the Bridge and Float
Embedded Developer Node (node + artemis + internal bridge, no float, no DMZ)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The simplest development deployment of the bridge is to just use the embedded Peer-to-Peer Artemis with the node as TLS endpoint
and to have the outgoing packets use the internal bridge functionality. Typically this should only be used for easy development,
or for organisations evaluating on Open Source Corda, where this is the only available option:
The simplest development deployment of the node is without firewall and thus just use the embedded bridge and Peer-to-Peer
Artemis with the node as TLS endpoint and to have the outgoing packets use the internal bridge functionality.
Typically this should only be used for easy development, or for organisations evaluating on Open Source Corda,
where this is the only available option:
.. image:: resources/bridge/node_embedded_bridge.png
:scale: 100%
@ -131,13 +132,13 @@ Node + Bridge (no float, no DMZ)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The next simplest deployment is to turn off the built in bridge using the ``externalBridge`` enterprise config property
and to run a single combined bridge/float process. This might be suitable for a test environment, to conserve VM's.
and to run a single combined firewall process. This might be suitable for a test environment, to conserve VMs.
.. note:: Note that to run the bridge and the node on the same machine there could be a port conflict with a naive setup,
.. note:: Note that to run the firewall and the node on the same machine there could be a port conflict with a naive ``node.conf`` setup,
but by using the ``messagingServerAddress`` property to specify the bind address and port plus setting
``messagingServerExternal = false``
the embedded Artemis P2P broker can be set to listen on a different port rather than the advertised ``p2paddress`` port.
Then configure an all-in-one bridge to point at this node:
Then configure an all-in-one bridge to point at this node's ``messagingServerAddress``:
.. image:: resources/bridge/simple_bridge.png
:scale: 100%
@ -147,9 +148,10 @@ DMZ ready (node + bridge + float)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
To familiarize oneself with the a more complete deployment including a DMZ and separated inbound and outbound paths
the ``bridgeMode`` property in the ``bridge.conf`` should be set to ``BridgeInner`` for the bridge and
``FloatOuter`` for the DMZ float. The diagram below shows such a non-HA deployment. This would not be recommended
for production, unless used as part of a cold DR type standby.
the ``firewallMode`` property in the ``firewall.conf`` should be set to ``BridgeInner`` for the bridge and
``FloatOuter`` for the DMZ float. These mode names were chosen to remind users that the ``bridge`` should run in the trusted
*inner* network zone and the ``float`` should run in the less trusted *outer* zone.
The diagram below shows such a non-HA deployment. This would not be recommended for production, unless used as part of a cold DR type standby.
.. note:: Note that whilst the bridge needs access to the official TLS private
key, the tunnel link should use a private set of link specific keys and certificates. The float will be provisioned

View File

@ -1,12 +1,12 @@
Corda Firewall
==============
Corda Enterprise ships a component called the *Corda Firewall*. The firewall is actually made up of two separate programs,
Corda Enterprise ships a component called the *Corda Firewall*. The firewall is actually made up of two separate modules,
called the *bridge* and the *float*. These handle outbound and inbound connections respectively, and allow a node
administrator to minimise the amount of code running in a network's DMZ. The firewall provides some basic protection
features in this release: future releases may add enhanced monitoring and audit capabilities.
.. toctree::
corda-bridge-component
bridge-configuration-file
corda-firewall-component
firewall-configuration-file

View File

@ -1,25 +1,25 @@
Bridge configuration
Firewall configuration
====================
.. contents::
File location
-------------
When starting a standalone bridge, or float, the ``corda-bridgeserver.jar`` file defaults to reading the bridge's configuration from a ``bridge.conf`` file in
When starting a standalone firewall (in bridge, or float mode), the ``corda-firewall.jar`` file defaults to reading the firewall's configuration from a ``firewall.conf`` file in
the directory from which the command to launch the process is executed. There are two command-line options to override this
behaviour:
* The ``--config-file`` command line option allows you to specify a configuration file with a different name, or at
different file location. Paths are relative to the current working directory
* The ``--base-directory`` command line option allows you to specify the bridge's workspace location. A ``bridge.conf``
* The ``--base-directory`` command line option allows you to specify the firewall's workspace location. A ``firewall.conf``
configuration file is then expected in the root of this workspace
If you specify both command line arguments at the same time, the bridge will fail to start.
If you specify both command line arguments at the same time, the firewall will fail to start.
Format
------
The Bridge configuration file uses the HOCON format which is superset of JSON. Please visit
The firewall configuration file uses the HOCON format which is superset of JSON. Please visit
`<https://github.com/typesafehub/config/blob/master/HOCON.md>`_ for further details.
.. warning:: Please do NOT use double quotes (``"``) in configuration keys.
@ -31,40 +31,40 @@ The Bridge configuration file uses the HOCON format which is superset of JSON. P
Defaults
--------
A set of default configuration options are loaded from the built-in resource file. Any options you do not specify in
your own ``bridge.conf`` file will use these defaults:
your own ``firewall.conf`` file will use these defaults:
.. literalinclude:: ../../bridge/src/main/resources/bridgedefault.conf
.. literalinclude:: ../../bridge/src/main/resources/firewalldefault.conf
:language: javascript
Bridge operating modes
----------------------
.. note:: By default, the Corda node assumes that it will carry out the peer-to-peer functions of the bridge internally!
Before running a dedicated bridge process, it is essential to turn off the dev mode component by setting the
.. note:: By default, the Corda node assumes that it will carry out the peer-to-peer functions of the ``bridge`` internally!
Before running a dedicated firewall process, it is essential to turn off the dev mode component by setting the
``enterpriseConfiguration.externalBridge`` property of the ``node.conf`` file to ``true``.
If the ``externalBridge`` flag is not ``true``, there will be unexpected behaviour as the node will try to send peer-to-peer messages directly!
Assuming that an external bridge is to be used, the ``corda-bridgeserver.jar`` operates in one of three basic operating modes.
The particular mode is selected via the required ``bridgeMode`` configuration property inside ``bridge.conf``:
Assuming that an external firewall is to be used, the ``corda-firewall.jar`` operates in one of three basic operating modes.
The particular mode is selected via the required ``firewallMode`` configuration property inside ``firewall.conf``:
:SenderReceiver: selects a single process bridge solution to isolate the node and Artemis broker from direct Internet contact.
It is still assumed that the bridge process is behind a firewall, but both the message sending and receiving paths will pass via the ``bridge``.
In this mode the ``outboundConfig`` and ``inboundConfig`` configuration sections of ``bridge.conf`` must be provided,
:SenderReceiver: selects a single process firewall solution to isolate the node and Artemis broker from direct Internet contact.
It is still assumed that the firewall process is behind a firewall, but both the message sending and receiving paths will pass via the ``bridge``.
In this mode the ``outboundConfig`` and ``inboundConfig`` configuration sections of ``firewall.conf`` must be provided,
the ``bridgeInnerConfig`` and ``floatOuterConfig`` sections should not be present.
:BridgeInner: mode runs this instance of the ``corda-bridgeserver.jar`` as the trusted portion of the peer-to-peer firewall float.
:BridgeInner: mode runs this instance of the ``corda-firewall.jar`` as the trusted portion of the peer-to-peer firewall float.
Specifically, this process runs the complete outbound message processing. For the inbound path it operates only the filtering and durable storing portions of the message processing.
The process expects to connect through a firewall to a matched ``FloatOuter`` instance running in the DMZ as the actual ``TLS/AMQP 1.0`` termination point.
:FloatOuter: causes this instance of the ``corda-bridgeserver.jar`` to run as a protocol break proxy for inbound message path. The process
:FloatOuter: causes this instance of the ``corda-firewall.jar`` to run as a protocol break proxy for inbound message path. The process
will initialise a ``TLS`` control port and await connection from the ``BridgeInner``. Once the control connection is successful the ``BridgeInner`` will securely provision
the ``TLS`` socket server key and certificates into the ``FloatOuter``. The process will then start listening for inbound connection from peer nodes.
Fields
------
The available config fields are listed below. ``baseDirectory`` is available as a substitution value and contains the
absolute path to the bridge's base directory.
absolute path to the firewall's base directory.
:bridgeMode: Determines operating mode of the bridge. See above.
:firewallMode: Determines operating mode of the firewall. See above.
:keyStorePassword: The password to unlock the TLS KeyStore file (``<workspace>/certificates/sslkeystore.jks``) containing the
node certificate and private key. The private key password must be the same due to limitations in the Artemis libraries.
@ -194,7 +194,7 @@ absolute path to the bridge's base directory.
In future it intended that other schemes such as ``etcd`` are supported.
:haPriority: The implementation uses a prioritise leader election algorithm, so that a preferred master instance can be set. The highest priority is 0 and larger integers have lower priority.
At the same level of priority, it is random which instance wins the leader election. If a bridge instance dies another will have the opportunity to become master in instead.
At the same level of priority, it is random which instance wins the leader election. If a ``bridge`` instance dies another will have the opportunity to become master in instead.
:haTopic: Sets the zookeeper topic prefix that the nodes used in resolving the election and must be the same for all ``bridge``
instances competing for master status. This is available to allow a single zookeeper cluster to be reused with multiple
@ -357,11 +357,11 @@ Typical configuration for ``nodeserver2`` would be a ``node.conf`` files contain
devMode = false // Turn off things like key autogeneration and require proper doorman registration.
Configuration in ``bridge.conf`` for ``bridgeserver1``:
Configuration in ``firewall.conf`` for ``bridgeserver1``:
.. code-block:: javascript
bridgeMode = BridgeInner // Set the mode the corda-bridgeserver.jar runs as appropriately.
firewallMode = BridgeInner // Set the mode the corda-firewall.jar runs as appropriately.
outboundConfig { // Required section
artemisBrokerAddress = "nodeserver1:11005" // point at primary Artemis address in the node
alternateArtemisBrokerAddresses = [ "nodeserver2:11005" ] // List any other HA Artemis addresses
@ -388,11 +388,11 @@ Configuration in ``bridge.conf`` for ``bridgeserver1``:
}
networkParametersPath = network-parameters // The network-parameters file is expected to be copied from the node after registration and here is expected in the workspace folder.
Configuration in ``bridge.conf`` for ``bridgeserver2``:
Configuration in ``firewall.conf`` for ``bridgeserver2``:
.. code-block:: javascript
bridgeMode = BridgeInner // Set the mode the corda-bridgeserver.jar runs as appropriately.
firewallMode = BridgeInner // Set the mode the corda-firewall.jar runs as appropriately.
outboundConfig { // Required section
artemisBrokerAddress = "nodeserver2:11005" // point at primary Artemis address in the node
alternateArtemisBrokerAddresses = [ "nodeserver1:11005" ] // List any other HA Artemis addresses
@ -420,11 +420,11 @@ Configuration in ``bridge.conf`` for ``bridgeserver2``:
networkParametersPath = network-parameters // The network-parameters file is expected to be copied from the node after registration and here is expected in the workspace folder.
Configuration in ``bridge.conf`` for ``floatserver1``:
Configuration in ``firewall.conf`` for ``floatserver1``:
.. code-block:: javascript
bridgeMode = FloatOuter // Set the mode the corda-bridgeserver.jar runs as appropriately.
firewallMode = FloatOuter // Set the mode the corda-firewall.jar runs as appropriately.
inboundConfig { // Required section
listeningAddress = "dmzexternal1:10005" // expose the listening port on the out NIC
}
@ -441,11 +441,11 @@ Configuration in ``bridge.conf`` for ``floatserver1``:
}
networkParametersPath = network-parameters // The network-parameters file is expected to be copied from the node after registration and here is expected in the workspace folder.
Configuration in ``bridge.conf`` for ``floatserver2``:
Configuration in ``firewall.conf`` for ``floatserver2``:
.. code-block:: javascript
bridgeMode = FloatOuter // Set the mode the corda-bridgeserver.jar runs as appropriately.
firewallMode = FloatOuter // Set the mode the corda-firewall.jar runs as appropriately.
inboundConfig { // Required section
listeningAddress = "dmzexternal2:10005" // expose the listening port on the out NIC
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 99 KiB

After

Width:  |  Height:  |  Size: 99 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 109 KiB

After

Width:  |  Height:  |  Size: 110 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 278 KiB

After

Width:  |  Height:  |  Size: 111 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 289 KiB

After

Width:  |  Height:  |  Size: 117 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 53 KiB

After

Width:  |  Height:  |  Size: 52 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 66 KiB

After

Width:  |  Height:  |  Size: 66 KiB

View File

@ -126,7 +126,7 @@ class Distribution private constructor(
CORDA_OS(setOf("corda", "corda-webserver", "corda-finance")),
// bridge-server not available in Enterprise Dev Previews
// migration-tool not published in Enterprise Dev Previews
CORDA_ENTERPRISE(setOf("corda", "corda-webserver", "corda-finance", "corda-bridgeserver", "migration-tool"))
CORDA_ENTERPRISE(setOf("corda", "corda-webserver", "corda-finance", "corda-firewall", "migration-tool"))
}
companion object {