diff --git a/bridge/bridgecapsule/build.gradle b/bridge/bridgecapsule/build.gradle index 302ef05216..bb7e82f2df 100644 --- a/bridge/bridgecapsule/build.gradle +++ b/bridge/bridgecapsule/build.gradle @@ -15,7 +15,7 @@ apply plugin: 'net.corda.plugins.publish-utils' apply plugin: 'us.kirchmeier.capsule' apply plugin: 'com.jfrog.artifactory' -description 'Corda bridge server capsule' +description 'Corda firewall server capsule' configurations { runtimeArtifacts @@ -73,17 +73,17 @@ sourceCompatibility = 1.6 targetCompatibility = 1.6 jar { - baseName 'corda-bridgeserver' + baseName 'corda-firewall' } -task buildBridgeServerJar(type: FatCapsule, dependsOn: project(':bridge').jar) { - applicationClass 'net.corda.bridge.Bridge' - archiveName "corda-bridgeserver-${corda_release_version}.jar" +task buildFirewallJar(type: FatCapsule, dependsOn: project(':bridge').jar) { + applicationClass 'net.corda.bridge.Firewall' + archiveName "corda-firewall-${corda_release_version}.jar" applicationSource = files( project(':bridge').configurations.runtime, project(':bridge').jar, "$rootDir/config/dev/log4j2.xml", - "$rootDir/bridge/build/resources/main/reference.conf" + "$rootDir/bridge/build/resources/main/firewalldefault.conf" ) from 'NOTICE' // Copy CDDL notice from configurations.capsuleRuntime.files.collect { zipTree(it) } @@ -91,7 +91,7 @@ task buildBridgeServerJar(type: FatCapsule, dependsOn: project(':bridge').jar) { capsuleManifest { applicationVersion = corda_release_version javaAgents = [] - systemProperties['visualvm.display.name'] = 'Corda Bridge Server' + systemProperties['visualvm.display.name'] = 'Corda Firewall Server' minJavaVersion = '1.8.0' minUpdateVersion['1.8'] = java8_minUpdateVersion caplets = [] @@ -105,8 +105,8 @@ task buildBridgeServerJar(type: FatCapsule, dependsOn: project(':bridge').jar) { processSmokeTestResources { - from(project.tasks['buildBridgeServerJar']) { - rename 'corda-bridgeserver-(.*)', 'corda-bridgeserver.jar' + from(project.tasks['buildFirewallJar']) { + rename 'corda-firewall-(.*)', 'corda-firewall.jar' into "net/corda/bridge/smoketest" } } @@ -117,8 +117,8 @@ task smokeTest(type: Test) { } artifacts { - runtimeArtifacts buildBridgeServerJar - publish buildBridgeServerJar { + runtimeArtifacts buildFirewallJar + publish buildFirewallJar { classifier "" } } diff --git a/bridge/bridgecapsule/src/smoke-test/kotlin/net/corda/bridge/smoketest/BridgeSmokeTest.kt b/bridge/bridgecapsule/src/smoke-test/kotlin/net/corda/bridge/smoketest/BridgeSmokeTest.kt index 5f3688b48b..e327e26490 100644 --- a/bridge/bridgecapsule/src/smoke-test/kotlin/net/corda/bridge/smoketest/BridgeSmokeTest.kt +++ b/bridge/bridgecapsule/src/smoke-test/kotlin/net/corda/bridge/smoketest/BridgeSmokeTest.kt @@ -76,8 +76,8 @@ class BridgeSmokeTest { override val crlCheckSoftFail: Boolean = true } artemisConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME) - copyBridgeResource("corda-bridgeserver.jar") - copyBridgeResource("bridge.conf") + copyBridgeResource("corda-firewall.jar") + copyBridgeResource("firewall.conf") createNetworkParams(tempFolder.root.toPath()) val (artemisServer, artemisClient) = createArtemis() val zkServer = TestingServer(11105, false) @@ -143,7 +143,7 @@ class BridgeSmokeTest { val javaPath: Path = Paths.get(System.getProperty("java.home"), "bin", "java") val builder = ProcessBuilder() .command(javaPath.toString(), "-Dcapsule.log=verbose", - "-jar", "corda-bridgeserver.jar") + "-jar", "corda-firewall.jar") .directory(baseDirectory.toFile()) .inheritIO() diff --git a/bridge/bridgecapsule/src/smoke-test/resources/net/corda/bridge/smoketest/bridge.conf b/bridge/bridgecapsule/src/smoke-test/resources/net/corda/bridge/smoketest/firewall.conf similarity index 90% rename from bridge/bridgecapsule/src/smoke-test/resources/net/corda/bridge/smoketest/bridge.conf rename to bridge/bridgecapsule/src/smoke-test/resources/net/corda/bridge/smoketest/firewall.conf index e65f5eec02..7f8eff712d 100644 --- a/bridge/bridgecapsule/src/smoke-test/resources/net/corda/bridge/smoketest/bridge.conf +++ b/bridge/bridgecapsule/src/smoke-test/resources/net/corda/bridge/smoketest/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = SenderReceiver +firewallMode = SenderReceiver outboundConfig : { artemisBrokerAddress = "localhost:11005" socksProxyConfig : { diff --git a/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeDriver.kt b/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeDriver.kt index 2d006f6867..973c7b6098 100644 --- a/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeDriver.kt +++ b/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeDriver.kt @@ -1,31 +1,27 @@ package net.corda.bridge import com.typesafe.config.ConfigFactory -import net.corda.bridge.services.api.BridgeConfiguration +import net.corda.bridge.services.api.FirewallConfiguration import net.corda.bridge.services.config.BridgeConfigHelper -import net.corda.bridge.services.config.parseAsBridgeConfiguration +import net.corda.bridge.services.config.parseAsFirewallConfiguration import net.corda.core.concurrent.CordaFuture -import net.corda.core.crypto.SecureHash import net.corda.core.identity.CordaX500Name import net.corda.core.internal.concurrent.flatMap import net.corda.core.internal.concurrent.map import net.corda.core.internal.div import net.corda.core.utilities.NetworkHostAndPort -import net.corda.core.utilities.getOrThrow import net.corda.nodeapi.internal.DEV_CA_KEY_STORE_PASS import net.corda.nodeapi.internal.crypto.X509Utilities import net.corda.nodeapi.internal.crypto.loadKeyStore -import net.corda.testing.driver.NodeHandle import net.corda.testing.node.internal.* import java.io.File -import java.nio.file.Files import java.nio.file.Path data class BridgeHandle( val baseDirectory: Path, val process: Process, - val configuration: BridgeConfiguration, + val configuration: FirewallConfiguration, val bridgePort: Int, val brokerPort: Int, val debugPort: Int? @@ -33,7 +29,7 @@ data class BridgeHandle( fun startBridgeProcess(bridgePath: Path, debugPort: Int?): Process { return ProcessUtilities.startCordaProcess( - className = "net.corda.bridge.Bridge", + className = "net.corda.bridge.Firewall", arguments = listOf("--base-directory", bridgePath.toString()), jdwpPort = debugPort, extraJvmArguments = listOf(), @@ -47,7 +43,7 @@ fun DriverDSLImpl.startBridge(nodeName: CordaX500Name, bridgePort: Int, brokerPo val bridgeFolder = File("$nodeDirectory-bridge") bridgeFolder.mkdirs() createNetworkParams(bridgeFolder.toPath()) - val initialConfig = ConfigFactory.parseResources(ConfigTest::class.java, "/net/corda/bridge/singleprocess/bridge.conf") + val initialConfig = ConfigFactory.parseResources(ConfigTest::class.java, "/net/corda/bridge/singleprocess/firewall.conf") val portConfig = ConfigFactory.parseMap( mapOf( "outboundConfig" to mapOf( @@ -59,8 +55,8 @@ fun DriverDSLImpl.startBridge(nodeName: CordaX500Name, bridgePort: Int, brokerPo ) ) val config = ConfigFactory.parseMap(configOverrides).withFallback(portConfig).withFallback(initialConfig) - writeConfig(bridgeFolder.toPath(), "bridge.conf", config) - val bridgeConfig = BridgeConfigHelper.loadConfig(bridgeFolder.toPath()).parseAsBridgeConfiguration() + writeConfig(bridgeFolder.toPath(), "firewall.conf", config) + val bridgeConfig = BridgeConfigHelper.loadConfig(bridgeFolder.toPath()).parseAsFirewallConfiguration() val nodeCertificateDirectory = nodeDirectory / "certificates" val bridgeDebugPort = if (isDebug) debugPortAllocation.nextPort() else null return pollUntilTrue("$nodeName keystore creation") { diff --git a/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeIntegrationTest.kt b/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeIntegrationTest.kt index 9a52ce68a5..d13381fa21 100644 --- a/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeIntegrationTest.kt +++ b/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeIntegrationTest.kt @@ -12,8 +12,8 @@ package net.corda.bridge import com.nhaarman.mockito_kotlin.doReturn import com.nhaarman.mockito_kotlin.whenever -import net.corda.bridge.internal.BridgeInstance -import net.corda.bridge.services.api.BridgeMode +import net.corda.bridge.internal.FirewallInstance +import net.corda.bridge.services.api.FirewallMode import net.corda.bridge.services.config.BridgeHAConfigImpl import net.corda.core.internal.copyToDirectory import net.corda.core.internal.createDirectories @@ -59,10 +59,10 @@ class BridgeIntegrationTest { @Test fun `Load simple all in one bridge and stand it up`() { - val configResource = "/net/corda/bridge/singleprocess/bridge.conf" + val configResource = "/net/corda/bridge/singleprocess/firewall.conf" createNetworkParams(tempFolder.root.toPath()) val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) - assertEquals(BridgeMode.SenderReceiver, config.bridgeMode) + assertEquals(FirewallMode.SenderReceiver, config.firewallMode) assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress) assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress) assertNull(config.bridgeInnerConfig) @@ -71,7 +71,7 @@ class BridgeIntegrationTest { val (artemisServer, artemisClient) = createArtemis() try { installBridgeControlResponder(artemisClient) - val bridge = BridgeInstance(config, BridgeVersionInfo(1, "1.1", "Dummy", "Test")) + val bridge = FirewallInstance(config, FirewallVersionInfo(1, "1.1", "Dummy", "Test")) val stateFollower = bridge.activeChange.toBlocking().iterator assertEquals(false, stateFollower.next()) assertEquals(false, bridge.active) @@ -92,25 +92,25 @@ class BridgeIntegrationTest { @Test fun `Load bridge (bridge Inner) and float outer and stand them up`() { val bridgeFolder = tempFolder.root.toPath() - val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/bridge.conf" + val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/firewall.conf" val bridgeConfig = createAndLoadConfigFromResource(bridgeFolder, bridgeConfigResource) bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME) createNetworkParams(bridgeFolder) - assertEquals(BridgeMode.BridgeInner, bridgeConfig.bridgeMode) + assertEquals(FirewallMode.BridgeInner, bridgeConfig.firewallMode) assertEquals(NetworkHostAndPort("localhost", 11005), bridgeConfig.outboundConfig!!.artemisBrokerAddress) val floatFolder = tempFolder.root.toPath() / "float" - val floatConfigResource = "/net/corda/bridge/withfloat/float/bridge.conf" + val floatConfigResource = "/net/corda/bridge/withfloat/float/firewall.conf" val floatConfig = createAndLoadConfigFromResource(floatFolder, floatConfigResource) floatConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME) createNetworkParams(floatFolder) - assertEquals(BridgeMode.FloatOuter, floatConfig.bridgeMode) + assertEquals(FirewallMode.FloatOuter, floatConfig.firewallMode) assertEquals(NetworkHostAndPort("0.0.0.0", 10005), floatConfig.inboundConfig!!.listeningAddress) val (artemisServer, artemisClient) = createArtemis() try { installBridgeControlResponder(artemisClient) - val bridge = BridgeInstance(bridgeConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test")) + val bridge = FirewallInstance(bridgeConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test")) val bridgeStateFollower = bridge.activeChange.toBlocking().iterator - val float = BridgeInstance(floatConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test")) + val float = FirewallInstance(floatConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test")) val floatStateFollower = float.activeChange.toBlocking().iterator assertEquals(false, floatStateFollower.next()) float.start() @@ -140,7 +140,7 @@ class BridgeIntegrationTest { @Test fun `Run HA all in one mode`() { - val configResource = "/net/corda/bridge/hasingleprocess/bridge.conf" + val configResource = "/net/corda/bridge/hasingleprocess/firewall.conf" createNetworkParams(tempFolder.root.toPath()) val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) assertEquals(BridgeHAConfigImpl("zk://localhost:11105,zk://localhost:11106", 10), config.haConfig) @@ -149,7 +149,7 @@ class BridgeIntegrationTest { val zkServer = TestingServer(11105, false) try { installBridgeControlResponder(artemisClient) - val bridge = BridgeInstance(config, BridgeVersionInfo(1, "1.1", "Dummy", "Test")) + val bridge = FirewallInstance(config, FirewallVersionInfo(1, "1.1", "Dummy", "Test")) val stateFollower = bridge.activeChange.toBlocking().iterator assertEquals(false, stateFollower.next()) assertEquals(false, bridge.active) @@ -190,13 +190,13 @@ class BridgeIntegrationTest { @Test fun `Run HA float and bridge mode`() { val bridgeFolder = tempFolder.root.toPath() - val bridgeConfigResource = "/net/corda/bridge/hawithfloat/bridge/bridge.conf" + val bridgeConfigResource = "/net/corda/bridge/hawithfloat/bridge/firewall.conf" val bridgeConfig = createAndLoadConfigFromResource(bridgeFolder, bridgeConfigResource) assertEquals(BridgeHAConfigImpl("zk://localhost:11105", 20, "/custom/bridge/ha"), bridgeConfig.haConfig) bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME) createNetworkParams(bridgeFolder) val floatFolder = tempFolder.root.toPath() / "float" - val floatConfigResource = "/net/corda/bridge/hawithfloat/float/bridge.conf" + val floatConfigResource = "/net/corda/bridge/hawithfloat/float/firewall.conf" val floatConfig = createAndLoadConfigFromResource(floatFolder, floatConfigResource) assertNull(floatConfig.haConfig) floatConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME) @@ -205,9 +205,9 @@ class BridgeIntegrationTest { val zkServer = TestingServer(11105, false) try { installBridgeControlResponder(artemisClient) - val bridge = BridgeInstance(bridgeConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test")) + val bridge = FirewallInstance(bridgeConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test")) val bridgeStateFollower = bridge.activeChange.toBlocking().iterator - val float = BridgeInstance(floatConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test")) + val float = FirewallInstance(floatConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test")) val floatStateFollower = float.activeChange.toBlocking().iterator assertEquals(false, bridgeStateFollower.next()) assertEquals(false, bridge.active) @@ -261,10 +261,10 @@ class BridgeIntegrationTest { @Test fun `Test artemis failover logic`() { - val configResource = "/net/corda/bridge/artemisfailover/bridge.conf" + val configResource = "/net/corda/bridge/artemisfailover/firewall.conf" createNetworkParams(tempFolder.root.toPath()) val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) - assertEquals(BridgeMode.SenderReceiver, config.bridgeMode) + assertEquals(FirewallMode.SenderReceiver, config.firewallMode) assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress) assertEquals(listOf(NetworkHostAndPort("localhost", 12005)), config.outboundConfig!!.alternateArtemisBrokerAddresses) assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress) @@ -279,7 +279,7 @@ class BridgeIntegrationTest { artemisClient2.start() installBridgeControlResponder(artemisClient) installBridgeControlResponder(artemisClient2) - val bridge = BridgeInstance(config, BridgeVersionInfo(1, "1.1", "Dummy", "Test")) + val bridge = FirewallInstance(config, FirewallVersionInfo(1, "1.1", "Dummy", "Test")) val stateFollower = bridge.activeChange.toBlocking().iterator assertEquals(false, stateFollower.next()) assertEquals(false, bridge.active) @@ -316,28 +316,28 @@ class BridgeIntegrationTest { @Test fun `Test artemis failover logic with float`() { val bridgeFolder = tempFolder.root.toPath() - val bridgeConfigResource = "/net/corda/bridge/artemisfailoverandfloat/bridge/bridge.conf" + val bridgeConfigResource = "/net/corda/bridge/artemisfailoverandfloat/bridge/firewall.conf" val bridgeConfig = createAndLoadConfigFromResource(bridgeFolder, bridgeConfigResource) bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME) createNetworkParams(bridgeFolder) - assertEquals(BridgeMode.BridgeInner, bridgeConfig.bridgeMode) + assertEquals(FirewallMode.BridgeInner, bridgeConfig.firewallMode) assertEquals(NetworkHostAndPort("localhost", 11005), bridgeConfig.outboundConfig!!.artemisBrokerAddress) assertEquals(listOf(NetworkHostAndPort("localhost", 12005)), bridgeConfig.outboundConfig!!.alternateArtemisBrokerAddresses) val floatFolder = tempFolder.root.toPath() / "float" - val floatConfigResource = "/net/corda/bridge/artemisfailoverandfloat/float/bridge.conf" + val floatConfigResource = "/net/corda/bridge/artemisfailoverandfloat/float/firewall.conf" val floatConfig = createAndLoadConfigFromResource(floatFolder, floatConfigResource) floatConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME) createNetworkParams(floatFolder) - assertEquals(BridgeMode.FloatOuter, floatConfig.bridgeMode) + assertEquals(FirewallMode.FloatOuter, floatConfig.firewallMode) assertEquals(NetworkHostAndPort("0.0.0.0", 10005), floatConfig.inboundConfig!!.listeningAddress) val (artemisServer, artemisClient) = createArtemis() val (artemisServer2, artemisClient2) = createArtemis2() val (artemisServer3, artemisClient3) = createDummyPeerArtemis() try { installBridgeControlResponder(artemisClient) - val bridge = BridgeInstance(bridgeConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test")) + val bridge = FirewallInstance(bridgeConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test")) val bridgeStateFollower = bridge.activeChange.toBlocking().iterator - val float = BridgeInstance(floatConfig, BridgeVersionInfo(1, "1.1", "Dummy", "Test")) + val float = FirewallInstance(floatConfig, FirewallVersionInfo(1, "1.1", "Dummy", "Test")) val floatStateFollower = float.activeChange.toBlocking().iterator assertEquals(false, floatStateFollower.next()) float.start() diff --git a/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeRestartTest.kt b/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeRestartTest.kt index da2b0133b1..4898d2d001 100644 --- a/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeRestartTest.kt +++ b/bridge/src/integration-test/kotlin/net/corda/bridge/BridgeRestartTest.kt @@ -2,17 +2,18 @@ package net.corda.bridge import co.paralleluniverse.fibers.Suspendable import net.corda.client.rpc.CordaRPCClient -import net.corda.core.concurrent.CordaFuture import net.corda.core.flows.* import net.corda.core.identity.Party import net.corda.core.internal.concurrent.OpenFuture -import net.corda.core.internal.concurrent.doneFuture import net.corda.core.internal.concurrent.openFuture import net.corda.core.messaging.startFlow import net.corda.core.utilities.getOrThrow import net.corda.core.utilities.unwrap import net.corda.node.services.Permissions -import net.corda.testing.core.* +import net.corda.testing.core.DUMMY_BANK_A_NAME +import net.corda.testing.core.DUMMY_BANK_B_NAME +import net.corda.testing.core.DUMMY_NOTARY_NAME +import net.corda.testing.core.singleIdentity import net.corda.testing.internal.IntegrationTest import net.corda.testing.internal.IntegrationTestSchemas import net.corda.testing.internal.toDatabaseSchemaName @@ -22,7 +23,6 @@ import org.junit.ClassRule import org.junit.Test import java.util.* import java.util.concurrent.ConcurrentHashMap -import java.util.concurrent.CountDownLatch import kotlin.concurrent.thread import kotlin.test.assertEquals diff --git a/bridge/src/integration-test/kotlin/net/corda/bridge/services/AMQPListenerTest.kt b/bridge/src/integration-test/kotlin/net/corda/bridge/services/AMQPListenerTest.kt index ab95195a0f..6da81393a8 100644 --- a/bridge/src/integration-test/kotlin/net/corda/bridge/services/AMQPListenerTest.kt +++ b/bridge/src/integration-test/kotlin/net/corda/bridge/services/AMQPListenerTest.kt @@ -49,7 +49,7 @@ class AMQPListenerTest { @Test fun `Basic AMPQListenerService lifecycle test`() { - val configResource = "/net/corda/bridge/singleprocess/bridge.conf" + val configResource = "/net/corda/bridge/singleprocess/firewall.conf" val maxMessageSize = createNetworkParams(tempFolder.root.toPath()) val bridgeConfig = createAndLoadConfigFromResource(tempFolder.root.toPath() / "listener", configResource) bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME) @@ -136,7 +136,7 @@ class AMQPListenerTest { @Test fun `Bad certificate audit check`() { - val configResource = "/net/corda/bridge/singleprocess/bridge.conf" + val configResource = "/net/corda/bridge/singleprocess/firewall.conf" val maxMessageSize = createNetworkParams(tempFolder.root.toPath()) val bridgeConfig = createAndLoadConfigFromResource(tempFolder.root.toPath() / "listener", configResource) bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME) diff --git a/bridge/src/integration-test/kotlin/net/corda/bridge/services/ArtemisConnectionTest.kt b/bridge/src/integration-test/kotlin/net/corda/bridge/services/ArtemisConnectionTest.kt index 83ceb724a4..f6f462f4a0 100644 --- a/bridge/src/integration-test/kotlin/net/corda/bridge/services/ArtemisConnectionTest.kt +++ b/bridge/src/integration-test/kotlin/net/corda/bridge/services/ArtemisConnectionTest.kt @@ -46,7 +46,7 @@ class ArtemisConnectionTest { @Test fun `Basic lifecycle test`() { - val configResource = "/net/corda/bridge/singleprocess/bridge.conf" + val configResource = "/net/corda/bridge/singleprocess/firewall.conf" createNetworkParams(tempFolder.root.toPath()) val bridgeConfig = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) bridgeConfig.createBridgeKeyStores(DUMMY_BANK_A_NAME) diff --git a/bridge/src/integration-test/kotlin/net/corda/bridge/services/TunnelControlTest.kt b/bridge/src/integration-test/kotlin/net/corda/bridge/services/TunnelControlTest.kt index 60e497adab..0d93181c24 100644 --- a/bridge/src/integration-test/kotlin/net/corda/bridge/services/TunnelControlTest.kt +++ b/bridge/src/integration-test/kotlin/net/corda/bridge/services/TunnelControlTest.kt @@ -68,7 +68,7 @@ class TunnelControlTest { @Test fun `Basic tunnel life cycle test`() { - val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/bridge.conf" + val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/firewall.conf" val bridgePath = tempFolder.root.toPath() / "bridge" bridgePath.createDirectories() val maxMessageSize = createNetworkParams(bridgePath) @@ -89,7 +89,7 @@ class TunnelControlTest { haService.start() assertEquals(false, bridgeProxiedReceiverService.active) - val floatConfigResource = "/net/corda/bridge/withfloat/float/bridge.conf" + val floatConfigResource = "/net/corda/bridge/withfloat/float/firewall.conf" val floatPath = tempFolder.root.toPath() / "float" floatPath.createDirectories() createNetworkParams(floatPath) @@ -146,7 +146,7 @@ class TunnelControlTest { @Test fun `Inbound message test`() { - val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/bridge.conf" + val bridgeConfigResource = "/net/corda/bridge/withfloat/bridge/firewall.conf" val bridgePath = tempFolder.root.toPath() / "bridge" bridgePath.createDirectories() val maxMessageSize = createNetworkParams(bridgePath) @@ -170,7 +170,7 @@ class TunnelControlTest { haService.start() assertEquals(false, bridgeStateFollower.next()) - val floatConfigResource = "/net/corda/bridge/withfloat/float/bridge.conf" + val floatConfigResource = "/net/corda/bridge/withfloat/float/firewall.conf" val floatPath = tempFolder.root.toPath() / "float" floatPath.createDirectories() createNetworkParams(floatPath) diff --git a/bridge/src/main/kotlin/net/corda/bridge/Bridge.kt b/bridge/src/main/kotlin/net/corda/bridge/Firewall.kt similarity index 77% rename from bridge/src/main/kotlin/net/corda/bridge/Bridge.kt rename to bridge/src/main/kotlin/net/corda/bridge/Firewall.kt index 0a11132d5b..e7be873628 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/Bridge.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/Firewall.kt @@ -8,13 +8,13 @@ * Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. */ -@file:JvmName("Bridge") +@file:JvmName("Firewall") package net.corda.bridge -import net.corda.bridge.internal.BridgeStartup +import net.corda.bridge.internal.FirewallStartup import kotlin.system.exitProcess fun main(args: Array) { - exitProcess(if (BridgeStartup(args).run()) 0 else 1) + exitProcess(if (FirewallStartup(args).run()) 0 else 1) } diff --git a/bridge/src/main/kotlin/net/corda/bridge/BridgeArgsParser.kt b/bridge/src/main/kotlin/net/corda/bridge/FirewallArgsParser.kt similarity index 90% rename from bridge/src/main/kotlin/net/corda/bridge/BridgeArgsParser.kt rename to bridge/src/main/kotlin/net/corda/bridge/FirewallArgsParser.kt index 81256566be..0dc908cc15 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/BridgeArgsParser.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/FirewallArgsParser.kt @@ -12,9 +12,9 @@ package net.corda.bridge import joptsimple.OptionParser import joptsimple.util.EnumConverter -import net.corda.bridge.services.api.BridgeConfiguration +import net.corda.bridge.services.api.FirewallConfiguration import net.corda.bridge.services.config.BridgeConfigHelper -import net.corda.bridge.services.config.parseAsBridgeConfiguration +import net.corda.bridge.services.config.parseAsFirewallConfiguration import net.corda.core.internal.div import org.slf4j.event.Level import java.io.PrintStream @@ -27,13 +27,13 @@ class ArgsParser { // The intent of allowing a command line configurable directory and config path is to allow deployment flexibility. // Other general configuration should live inside the config file unless we regularly need temporary overrides on the command line private val baseDirectoryArg = optionParser - .accepts("base-directory", "The bridge working directory where all the files are kept") + .accepts("base-directory", "The firewall working directory where all the files are kept") .withRequiredArg() .defaultsTo(".") private val configFileArg = optionParser .accepts("config-file", "The path to the config file") .withRequiredArg() - .defaultsTo("bridge.conf") + .defaultsTo("firewall.conf") private val loggerLevel = optionParser .accepts("logging-level", "Enable logging at this level and higher") .withRequiredArg() @@ -71,8 +71,8 @@ data class CmdLineOptions(val baseDirectory: Path, val loggingLevel: Level, val logToConsole: Boolean, val isVersion: Boolean) { - fun loadConfig(): BridgeConfiguration { - val config = BridgeConfigHelper.loadConfig(baseDirectory, configFile).parseAsBridgeConfiguration() + fun loadConfig(): FirewallConfiguration { + val config = BridgeConfigHelper.loadConfig(baseDirectory, configFile).parseAsFirewallConfiguration() return config } } diff --git a/bridge/src/main/kotlin/net/corda/bridge/BridgeVersionInfo.kt b/bridge/src/main/kotlin/net/corda/bridge/FirewallVersionInfo.kt similarity index 56% rename from bridge/src/main/kotlin/net/corda/bridge/BridgeVersionInfo.kt rename to bridge/src/main/kotlin/net/corda/bridge/FirewallVersionInfo.kt index 5ac7307e05..f163551978 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/BridgeVersionInfo.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/FirewallVersionInfo.kt @@ -12,17 +12,17 @@ package net.corda.bridge /** - * Encapsulates various pieces of version information of the bridge. + * Encapsulates various pieces of version information of the firewall. */ -data class BridgeVersionInfo( +data class FirewallVersionInfo( /** - * Platform version of the bridge which is an integer value which increments on any release where any of the public - * API of the entire Corda platform changes. This includes messaging, serialisation, bridge APIs, etc. + * Platform version of the firewall which is an integer value which increments on any release where any of the public + * API of the entire Corda platform changes. This includes messaging, serialisation, firewall APIs, etc. */ val platformVersion: Int, - /** Release version string of the bridge. */ + /** Release version string of the firewall. */ val releaseVersion: String, - /** The exact version control commit ID of the bridge build. */ + /** The exact version control commit ID of the firewall build. */ val revision: String, - /** The bridge vendor */ + /** The firewall vendor */ val vendor: String) \ No newline at end of file diff --git a/bridge/src/main/kotlin/net/corda/bridge/internal/AMQPBridgeSerializationScheme.kt b/bridge/src/main/kotlin/net/corda/bridge/internal/AMQPFirewallSerializationScheme.kt similarity index 97% rename from bridge/src/main/kotlin/net/corda/bridge/internal/AMQPBridgeSerializationScheme.kt rename to bridge/src/main/kotlin/net/corda/bridge/internal/AMQPFirewallSerializationScheme.kt index 1a709bdaf8..2f172e1fe1 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/internal/AMQPBridgeSerializationScheme.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/internal/AMQPFirewallSerializationScheme.kt @@ -10,7 +10,7 @@ import net.corda.serialization.internal.amqp.SerializerFactory import net.corda.serialization.internal.amqp.amqpMagic import java.util.concurrent.ConcurrentHashMap -class AMQPBridgeSerializationScheme( +class AMQPFirewallSerializationScheme( cordappCustomSerializers: Set>, serializerFactoriesForContexts: MutableMap, SerializerFactory> ) : AbstractAMQPSerializationScheme(cordappCustomSerializers, serializerFactoriesForContexts) { diff --git a/bridge/src/main/kotlin/net/corda/bridge/internal/BridgeInstance.kt b/bridge/src/main/kotlin/net/corda/bridge/internal/FirewallInstance.kt similarity index 84% rename from bridge/src/main/kotlin/net/corda/bridge/internal/BridgeInstance.kt rename to bridge/src/main/kotlin/net/corda/bridge/internal/FirewallInstance.kt index 99b792d2a1..f08c122511 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/internal/BridgeInstance.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/internal/FirewallInstance.kt @@ -10,9 +10,9 @@ package net.corda.bridge.internal -import net.corda.bridge.BridgeVersionInfo +import net.corda.bridge.FirewallVersionInfo import net.corda.bridge.services.api.* -import net.corda.bridge.services.audit.LoggingBridgeAuditService +import net.corda.bridge.services.audit.LoggingFirewallAuditService import net.corda.bridge.services.supervisors.BridgeSupervisorServiceImpl import net.corda.bridge.services.supervisors.FloatSupervisorServiceImpl import net.corda.bridge.services.util.ServiceStateCombiner @@ -36,9 +36,9 @@ import net.corda.serialization.internal.SerializationFactoryImpl import rx.Subscription import java.util.concurrent.atomic.AtomicBoolean -class BridgeInstance(val conf: BridgeConfiguration, - val versionInfo: BridgeVersionInfo, - private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : ServiceLifecycleSupport, ServiceStateSupport by stateHelper { +class FirewallInstance(val conf: FirewallConfiguration, + val versionInfo: FirewallVersionInfo, + private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : ServiceLifecycleSupport, ServiceStateSupport by stateHelper { companion object { val log = contextLogger() } @@ -47,7 +47,7 @@ class BridgeInstance(val conf: BridgeConfiguration, private var shutdownHook: ShutdownHook? = null private var maxMessageSize: Int = -1 - private lateinit var bridgeAuditService: BridgeAuditService + private lateinit var firewallAuditService: FirewallAuditService private var bridgeSupervisorService: BridgeSupervisorService? = null private var floatSupervisorService: FloatSupervisorService? = null private var statusFollower: ServiceStateCombiner? = null @@ -69,7 +69,7 @@ class BridgeInstance(val conf: BridgeConfiguration, val classloader = this.javaClass.classLoader nodeSerializationEnv = SerializationEnvironmentImpl( SerializationFactoryImpl().apply { - registerScheme(AMQPBridgeSerializationScheme(emptyList())) + registerScheme(AMQPFirewallSerializationScheme(emptyList())) }, p2pContext = AMQP_P2P_CONTEXT.withClassLoader(classloader)) } @@ -101,8 +101,8 @@ class BridgeInstance(val conf: BridgeConfiguration, log.info("Shutdown complete") } - private val _exitFuture = openFuture() - val onExit: CordaFuture get() = _exitFuture + private val _exitFuture = openFuture() + val onExit: CordaFuture get() = _exitFuture private fun retrieveNetworkParameters() { val networkParamsFile = conf.baseDirectory / NETWORK_PARAMS_FILE_NAME @@ -114,16 +114,16 @@ class BridgeInstance(val conf: BridgeConfiguration, private fun createServices() { require(maxMessageSize > 0) { "maxMessageSize not initialised" } - bridgeAuditService = LoggingBridgeAuditService(conf) - when (conf.bridgeMode) { - // In the SenderReceiver mode the inbound and outbound message paths are run from within a single bridge process. + firewallAuditService = LoggingFirewallAuditService(conf) + when (conf.firewallMode) { + // In the SenderReceiver mode the inbound and outbound message paths are run from within a single firewall process. // The process thus contains components that listen for bridge control messages on Artemis. // The process can then initiates TLS/AMQP 1.0 connections to remote peers and transfers the outbound messages. // The process also runs a TLS/AMQP 1.0 server socket, which is can receive connections and messages from peers, // validate the messages and then forwards the packets to the Artemis inbox queue of the node. - BridgeMode.SenderReceiver -> { - floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService) - bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService, floatSupervisorService!!.amqpListenerService) + FirewallMode.SenderReceiver -> { + floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService) + bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService, floatSupervisorService!!.amqpListenerService) } // In the BridgeInner mode the process runs the full outbound message path as in the SenderReceiver mode, but the inbound path is split. // This 'Bridge Inner/Bridge Controller' process runs the more trusted portion of the inbound path. @@ -131,8 +131,8 @@ class BridgeInstance(val conf: BridgeConfiguration, // Also the the 'Bridge Inner' does more complete validation of inbound messages and ensures that they correspond to legitimate // node inboxes, before transferring the message to Artemis. Potentially it might carry out deeper checks of received packets. // However, the 'Bridge Inner' is not directly exposed to the internet, or peers and does not host the TLS/AMQP 1.0 server socket. - BridgeMode.BridgeInner -> { - bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService, null) + FirewallMode.BridgeInner -> { + bridgeSupervisorService = BridgeSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService, null) } // In the FloatOuter mode this process runs a minimal AMQP proxy that is designed to run in a DMZ zone. // The process holds the minimum data necessary to act as the TLS/AMQP 1.0 receiver socket and tries @@ -146,18 +146,18 @@ class BridgeInstance(val conf: BridgeConfiguration, // be validated against the keys/certificates sent across the control tunnel. Inbound messages are given basic checks that do not require // holding potentially sensitive information and are then forwarded across the control tunnel to the 'Bridge Inner' process for more // complete validation checks. - BridgeMode.FloatOuter -> { - floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, bridgeAuditService) + FirewallMode.FloatOuter -> { + floatSupervisorService = FloatSupervisorServiceImpl(conf, maxMessageSize, firewallAuditService) } } - statusFollower = ServiceStateCombiner(listOf(bridgeAuditService, floatSupervisorService, bridgeSupervisorService).filterNotNull()) + statusFollower = ServiceStateCombiner(listOf(firewallAuditService, floatSupervisorService, bridgeSupervisorService).filterNotNull()) statusSubscriber = statusFollower!!.activeChange.subscribe({ stateHelper.active = it }, { log.error("Error in state change", it) }) } private fun startServices() { - bridgeAuditService.start() + firewallAuditService.start() bridgeSupervisorService?.start() floatSupervisorService?.start() } @@ -166,7 +166,7 @@ class BridgeInstance(val conf: BridgeConfiguration, stateHelper.active = false floatSupervisorService?.stop() bridgeSupervisorService?.stop() - bridgeAuditService.stop() + firewallAuditService.stop() statusSubscriber?.unsubscribe() statusSubscriber = null statusFollower = null diff --git a/bridge/src/main/kotlin/net/corda/bridge/internal/BridgeStartup.kt b/bridge/src/main/kotlin/net/corda/bridge/internal/FirewallStartup.kt similarity index 80% rename from bridge/src/main/kotlin/net/corda/bridge/internal/BridgeStartup.kt rename to bridge/src/main/kotlin/net/corda/bridge/internal/FirewallStartup.kt index b18c931881..5e9e1cdb3e 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/internal/BridgeStartup.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/internal/FirewallStartup.kt @@ -13,9 +13,9 @@ package net.corda.bridge.internal import com.jcabi.manifests.Manifests import joptsimple.OptionException import net.corda.bridge.ArgsParser -import net.corda.bridge.BridgeVersionInfo import net.corda.bridge.CmdLineOptions -import net.corda.bridge.services.api.BridgeConfiguration +import net.corda.bridge.FirewallVersionInfo +import net.corda.bridge.services.api.FirewallConfiguration import net.corda.core.internal.createDirectories import net.corda.core.internal.div import net.corda.core.utilities.contextLogger @@ -29,7 +29,7 @@ import java.nio.file.Path import java.util.* import kotlin.system.exitProcess -class BridgeStartup(val args: Array) { +class FirewallStartup(val args: Array) { companion object { // lazy init the logging, because the logging levels aren't configured until we have parsed some options. private val log by lazy { contextLogger() } @@ -37,14 +37,14 @@ class BridgeStartup(val args: Array) { } /** - * @return true if the bridge startup was successful. This value is intended to be the exit code of the process. + * @return true if the firewalls startup was successful. This value is intended to be the exit code of the process. */ fun run(): Boolean { val startTime = System.currentTimeMillis() val (argsParser, cmdlineOptions) = parseArguments() - // We do the single bridge check before we initialise logging so that in case of a double-bridge start it - // doesn't mess with the running bridge's logs. + // We do the single firewall check before we initialise logging so that in case of a double-firewall start it + // doesn't mess with the running firewall's logs. enforceSingleBridgeIsRunning(cmdlineOptions.baseDirectory) initLogging(cmdlineOptions) @@ -66,26 +66,26 @@ class BridgeStartup(val args: Array) { val conf = try { loadConfigFile(cmdlineOptions) } catch (e: Exception) { - log.error("Exception during bridge configuration", e) + log.error("Exception during firewall configuration", e) return false } try { logStartupInfo(versionInfo, cmdlineOptions, conf) } catch (e: Exception) { - log.error("Exception during bridge registration", e) + log.error("Exception during firewall registration", e) return false } - val bridge = try { + val firewall = try { cmdlineOptions.baseDirectory.createDirectories() - startBridge(conf, versionInfo, startTime) + startFirewall(conf, versionInfo, startTime) } catch (e: Exception) { if (e.message?.startsWith("Unknown named curve:") == true) { - log.error("Exception during bridge startup - ${e.message}. " + + log.error("Exception during firewall startup - ${e.message}. " + "This is a known OpenJDK issue on some Linux distributions, please use OpenJDK from zulu.org or Oracle JDK.") } else { - log.error("Exception during bridge startup", e) + log.error("Exception during firewall startup", e) } return false } @@ -93,23 +93,23 @@ class BridgeStartup(val args: Array) { if (System.getProperties().containsKey("WAIT_KEY_FOR_EXIT")) { System.`in`.read() // Inside IntelliJ we can't forward CTRL-C, so debugging shutdown is a nightmare. So allow -DWAIT_KEY_FOR_EXIT flag for key based quit. } else { - bridge.onExit.get() + firewall.onExit.get() } - log.info("bridge shutting down") - bridge.stop() + log.info("firewall shutting down") + firewall.stop() return true } - fun logStartupInfo(versionInfo: BridgeVersionInfo, cmdlineOptions: CmdLineOptions, conf: BridgeConfiguration) { + fun logStartupInfo(versionInfo: FirewallVersionInfo, cmdlineOptions: CmdLineOptions, conf: FirewallConfiguration) { log.info("Vendor: ${versionInfo.vendor}") log.info("Release: ${versionInfo.releaseVersion}") log.info("Platform Version: ${versionInfo.platformVersion}") log.info("Revision: ${versionInfo.revision}") val info = ManagementFactory.getRuntimeMXBean() log.info("PID: ${info.name.split("@").firstOrNull()}") // TODO Java 9 has better support for this - log.info("Main class: ${BridgeStartup::class.java.protectionDomain.codeSource.location.toURI().path}") + log.info("Main class: ${FirewallStartup::class.java.protectionDomain.codeSource.location.toURI().path}") log.info("CommandLine Args: ${info.inputArguments.joinToString(" ")}") log.info("Application Args: ${args.joinToString(" ")}") log.info("bootclasspath: ${info.bootClassPath}") @@ -121,16 +121,16 @@ class BridgeStartup(val args: Array) { if (agentProperties.containsKey("sun.jdwp.listenerAddress")) { log.info("Debug port: ${agentProperties.getProperty("sun.jdwp.listenerAddress")}") } - log.info("Starting as bridge mode of ${conf.bridgeMode}") + log.info("Starting as firewall mode of ${conf.firewallMode}") } - protected fun loadConfigFile(cmdlineOptions: CmdLineOptions): BridgeConfiguration = cmdlineOptions.loadConfig() + protected fun loadConfigFile(cmdlineOptions: CmdLineOptions): FirewallConfiguration = cmdlineOptions.loadConfig() - protected fun getVersionInfo(): BridgeVersionInfo { + protected fun getVersionInfo(): FirewallVersionInfo { // Manifest properties are only available if running from the corda jar fun manifestValue(name: String): String? = if (Manifests.exists(name)) Manifests.read(name) else null - return BridgeVersionInfo( + return FirewallVersionInfo( manifestValue("Corda-Platform-Version")?.toInt() ?: 1, manifestValue("Corda-Release-Version") ?: "Unknown", manifestValue("Corda-Revision") ?: "Unknown", @@ -143,14 +143,14 @@ class BridgeStartup(val args: Array) { // file that we'll do our best to delete on exit. But if we don't, it'll be overwritten next time. If it already // exists, we try to take the file lock first before replacing it and if that fails it means we're being started // twice with the same directory: that's a user error and we should bail out. - val pidFile = (baseDirectory / "bridge-process-id").toFile() + val pidFile = (baseDirectory / "firewall-process-id").toFile() pidFile.createNewFile() pidFile.deleteOnExit() val pidFileRw = RandomAccessFile(pidFile, "rw") val pidFileLock = pidFileRw.channel.tryLock() if (pidFileLock == null) { - println("It appears there is already a bridge running with the specified data directory $baseDirectory") - println("Shut that other bridge down and try again. It may have process ID ${pidFile.readText()}") + println("It appears there is already a firewall running with the specified data directory $baseDirectory") + println("Shut that other firewall down and try again. It may have process ID ${pidFile.readText()}") System.exit(1) } // Avoid the lock being garbage collected. We don't really need to release it as the OS will do so for us @@ -204,11 +204,11 @@ class BridgeStartup(val args: Array) { SLF4JBridgeHandler.install() } - fun startBridge(conf: BridgeConfiguration, versionInfo: BridgeVersionInfo, startTime: Long): BridgeInstance { - val bridge = BridgeInstance(conf, versionInfo) - bridge.start() + fun startFirewall(conf: FirewallConfiguration, versionInfo: FirewallVersionInfo, startTime: Long): FirewallInstance { + val firewall = FirewallInstance(conf, versionInfo) + firewall.start() val elapsed = (System.currentTimeMillis() - startTime) / 10 / 100.0 - log.info("Bridge started up and registered in $elapsed sec") - return bridge + log.info("Firewall started up and registered in $elapsed sec") + return firewall } } \ No newline at end of file diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeAMQPListenerService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeAMQPListenerService.kt index b4eed37354..e723220812 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeAMQPListenerService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeAMQPListenerService.kt @@ -17,7 +17,7 @@ import java.security.KeyStore /** * This service when activated via [provisionKeysAndActivate] installs an AMQP listening socket, - * which listens on the port specified in the [BridgeConfiguration.inboundConfig] section. + * which listens on the port specified in the [FirewallConfiguration.inboundConfig] section. * The service technically runs inside the 'float' portion of the bridge, so that it can be run remotely inside the DMZ. * As a result it reports as active, whilst not actually listening. Only when the TLS [KeyStore]s are passed to it * does the service become [running]. diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeArtemisConnectionService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeArtemisConnectionService.kt index 7adc5f6f6f..af6cb1e3fb 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeArtemisConnectionService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeArtemisConnectionService.kt @@ -13,7 +13,7 @@ package net.corda.bridge.services.api import net.corda.nodeapi.internal.ArtemisMessagingClient /** - * This provides a service to manage connection to the local broker as defined in the [BridgeConfiguration.outboundConfig] section. + * This provides a service to manage connection to the local broker as defined in the [FirewallConfiguration.outboundConfig] section. * Once started the service will repeatedly attempt to connect to the bus, signalling success by changing to the [active] state. */ interface BridgeArtemisConnectionService : ServiceLifecycleSupport { diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeSupervisorService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeSupervisorService.kt index 3846a22e96..98d6a96502 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeSupervisorService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeSupervisorService.kt @@ -11,9 +11,9 @@ package net.corda.bridge.services.api /** - * This is the top level service representing the [BridgeMode.BridgeInner] service stack. The primary role of this component is to - * create and wire up concrete implementations of the relevant services according to the [BridgeConfiguration] details. + * This is the top level service representing the [FirewallMode.BridgeInner] service stack. The primary role of this component is to + * create and wire up concrete implementations of the relevant services according to the [FirewallConfiguration] details. * The possibly proxied path to the [BridgeAMQPListenerService] is typically a constructor input - * as that is a [BridgeMode.FloatOuter] component. + * as that is a [FirewallMode.FloatOuter] component. */ interface BridgeSupervisorService : ServiceLifecycleSupport \ No newline at end of file diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeAuditService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/api/FirewallAuditService.kt similarity index 95% rename from bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeAuditService.kt rename to bridge/src/main/kotlin/net/corda/bridge/services/api/FirewallAuditService.kt index 198677c8d0..56dc85b751 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeAuditService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/api/FirewallAuditService.kt @@ -18,7 +18,7 @@ import java.net.InetSocketAddress * Currently the simple implementation just records events to log file, but future implementations may need to post * security data to an enterprise service. */ -interface BridgeAuditService : ServiceLifecycleSupport { +interface FirewallAuditService : ServiceLifecycleSupport { fun successfulConnectionEvent(inbound: Boolean, sourceIP: InetSocketAddress, certificateSubject: String, msg: String) fun failedConnectionEvent(inbound: Boolean, sourceIP: InetSocketAddress?, certificateSubject: String?, msg: String) fun packetDropEvent(packet: ReceivedMessage?, msg: String) diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeConfiguration.kt b/bridge/src/main/kotlin/net/corda/bridge/services/api/FirewallConfiguration.kt similarity index 91% rename from bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeConfiguration.kt rename to bridge/src/main/kotlin/net/corda/bridge/services/api/FirewallConfiguration.kt index 623e1238a6..4ee993437d 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/api/BridgeConfiguration.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/api/FirewallConfiguration.kt @@ -17,7 +17,7 @@ import net.corda.nodeapi.internal.config.SSLConfiguration import net.corda.nodeapi.internal.protonwrapper.netty.SocksProxyConfig import java.nio.file.Path -enum class BridgeMode { +enum class FirewallMode { /** * The Bridge/Float is run as a single process with both AMQP sending and receiving functionality. */ @@ -71,8 +71,8 @@ interface BridgeInboundConfiguration { } /** - * Details of the target control ports of available [BridgeMode.FloatOuter] processes from the perspective of the [BridgeMode.BridgeInner] process. - * Required for [BridgeMode.BridgeInner] mode. + * Details of the target control ports of available [FirewallMode.FloatOuter] processes from the perspective of the [FirewallMode.BridgeInner] process. + * Required for [FirewallMode.BridgeInner] mode. */ interface BridgeInnerConfiguration { val floatAddresses: List @@ -91,8 +91,8 @@ interface BridgeHAConfig { } /** - * Details of the listening port for a [BridgeMode.FloatOuter] process and of the certificate that the [BridgeMode.BridgeInner] should present. - * Required for [BridgeMode.FloatOuter] mode. + * Details of the listening port for a [FirewallMode.FloatOuter] process and of the certificate that the [FirewallMode.BridgeInner] should present. + * Required for [FirewallMode.FloatOuter] mode. */ interface FloatOuterConfiguration { val floatAddress: NetworkHostAndPort @@ -101,8 +101,8 @@ interface FloatOuterConfiguration { val customSSLConfiguration: BridgeSSLConfiguration? } -interface BridgeConfiguration : NodeSSLConfiguration { - val bridgeMode: BridgeMode +interface FirewallConfiguration : NodeSSLConfiguration { + val firewallMode: FirewallMode val outboundConfig: BridgeOutboundConfiguration? val inboundConfig: BridgeInboundConfiguration? val bridgeInnerConfig: BridgeInnerConfiguration? diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/api/FloatControlService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/api/FloatControlService.kt index 6d46d61e18..52c4317e88 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/api/FloatControlService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/api/FloatControlService.kt @@ -11,7 +11,7 @@ package net.corda.bridge.services.api /** - * This service represent an AMQP socket listener that awaits a remote initiated connection from the [BridgeMode.BridgeInner]. - * Only one active connection is allowed at a time and it must match the configured requirements in the [BridgeConfiguration.bridgeInnerConfig]. + * This service represent an AMQP socket listener that awaits a remote initiated connection from the [FirewallMode.BridgeInner]. + * Only one active connection is allowed at a time and it must match the configured requirements in the [FirewallConfiguration.bridgeInnerConfig]. */ interface FloatControlService : ServiceLifecycleSupport \ No newline at end of file diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/api/FloatSupervisorService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/api/FloatSupervisorService.kt index 6ecf04b654..405093f088 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/api/FloatSupervisorService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/api/FloatSupervisorService.kt @@ -11,7 +11,7 @@ package net.corda.bridge.services.api /** - * This is the top level service responsible for creating and managing the [BridgeMode.FloatOuter] portions of the bridge. + * This is the top level service responsible for creating and managing the [FirewallMode.FloatOuter] portions of the bridge. * It exposes a possibly proxied [BridgeAMQPListenerService] component that is used in the [BridgeSupervisorService] * to wire up the internal portions of the AMQP peer inbound message path. */ diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/artemis/BridgeArtemisConnectionServiceImpl.kt b/bridge/src/main/kotlin/net/corda/bridge/services/artemis/BridgeArtemisConnectionServiceImpl.kt index 98aa534e7b..085492e801 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/artemis/BridgeArtemisConnectionServiceImpl.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/artemis/BridgeArtemisConnectionServiceImpl.kt @@ -28,9 +28,9 @@ import rx.Subscription import java.lang.Long.min import java.util.concurrent.CountDownLatch -class BridgeArtemisConnectionServiceImpl(val conf: BridgeConfiguration, +class BridgeArtemisConnectionServiceImpl(val conf: FirewallConfiguration, val maxMessageSize: Int, - val auditService: BridgeAuditService, + val auditService: FirewallAuditService, private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeArtemisConnectionService, ServiceStateSupport by stateHelper { companion object { val log = contextLogger() diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/audit/LoggingBridgeAuditService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/audit/LoggingFirewallAuditService.kt similarity index 82% rename from bridge/src/main/kotlin/net/corda/bridge/services/audit/LoggingBridgeAuditService.kt rename to bridge/src/main/kotlin/net/corda/bridge/services/audit/LoggingFirewallAuditService.kt index 0746b711cf..cf258b01ed 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/audit/LoggingBridgeAuditService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/audit/LoggingFirewallAuditService.kt @@ -10,8 +10,8 @@ package net.corda.bridge.services.audit -import net.corda.bridge.services.api.BridgeAuditService -import net.corda.bridge.services.api.BridgeConfiguration +import net.corda.bridge.services.api.FirewallAuditService +import net.corda.bridge.services.api.FirewallConfiguration import net.corda.bridge.services.api.ServiceStateSupport import net.corda.bridge.services.util.ServiceStateHelper import net.corda.core.utilities.contextLogger @@ -19,8 +19,8 @@ import net.corda.core.utilities.trace import net.corda.nodeapi.internal.protonwrapper.messages.ReceivedMessage import java.net.InetSocketAddress -class LoggingBridgeAuditService(val conf: BridgeConfiguration, - private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeAuditService, ServiceStateSupport by stateHelper { +class LoggingFirewallAuditService(val conf: FirewallConfiguration, + private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : FirewallAuditService, ServiceStateSupport by stateHelper { companion object { val log = contextLogger() } diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/config/BridgeConfigHelper.kt b/bridge/src/main/kotlin/net/corda/bridge/services/config/BridgeConfigHelper.kt index a5c452a05a..e059ac02e3 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/config/BridgeConfigHelper.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/config/BridgeConfigHelper.kt @@ -30,11 +30,11 @@ object BridgeConfigHelper { private val log = LoggerFactory.getLogger(javaClass) fun loadConfig(baseDirectory: Path, - configFile: Path = baseDirectory / "bridge.conf", + configFile: Path = baseDirectory / "firewall.conf", allowMissingConfig: Boolean = false, configOverrides: Config = ConfigFactory.empty()): Config { val parseOptions = ConfigParseOptions.defaults() - val defaultConfig = ConfigFactory.parseResources("bridgedefault.conf", parseOptions.setAllowMissing(false)) + val defaultConfig = ConfigFactory.parseResources("firewalldefault.conf", parseOptions.setAllowMissing(false)) val appConfig = ConfigFactory.parseFile(configFile.toFile(), parseOptions.setAllowMissing(allowMissingConfig)) val systemOverrides = systemProperties().bridgeEntriesOnly() val environmentOverrides = systemEnvironment().bridgeEntriesOnly() diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/config/BridgeConfigurationImpl.kt b/bridge/src/main/kotlin/net/corda/bridge/services/config/FirewallConfigurationImpl.kt similarity index 92% rename from bridge/src/main/kotlin/net/corda/bridge/services/config/BridgeConfigurationImpl.kt rename to bridge/src/main/kotlin/net/corda/bridge/services/config/FirewallConfigurationImpl.kt index 0826fe823b..ad1703bd7e 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/config/BridgeConfigurationImpl.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/config/FirewallConfigurationImpl.kt @@ -23,7 +23,7 @@ import java.nio.file.Path import java.nio.file.Paths -fun Config.parseAsBridgeConfiguration(): BridgeConfiguration = parseAs() +fun Config.parseAsFirewallConfiguration(): FirewallConfiguration = parseAs() data class BridgeSSLConfigurationImpl(override val keyStorePassword: String, override val trustStorePassword: String, @@ -53,7 +53,7 @@ data class FloatOuterConfigurationImpl(override val floatAddress: NetworkHostAnd data class BridgeHAConfigImpl(override val haConnectionString: String, override val haPriority: Int = 10, override val haTopic: String = "/bridge/ha") : BridgeHAConfig -data class BridgeConfigurationImpl( +data class FirewallConfigurationImpl( override val baseDirectory: Path, override val certificatesDirectory: Path = baseDirectory / "certificates", override val sslKeystore: Path = certificatesDirectory / "sslkeystore.jks", @@ -61,7 +61,7 @@ data class BridgeConfigurationImpl( override val crlCheckSoftFail: Boolean, override val keyStorePassword: String, override val trustStorePassword: String, - override val bridgeMode: BridgeMode, + override val firewallMode: FirewallMode, override val networkParametersPath: Path, override val outboundConfig: BridgeOutboundConfigurationImpl?, override val inboundConfig: BridgeInboundConfigurationImpl?, @@ -74,13 +74,13 @@ data class BridgeConfigurationImpl( override val politeShutdownPeriod: Int = 1000, override val p2pConfirmationWindowSize: Int = 1048576, override val whitelistedHeaders: List = ArtemisMessagingComponent.Companion.P2PMessagingHeaders.whitelistedHeaders.toList() -) : BridgeConfiguration { +) : FirewallConfiguration { init { - if (bridgeMode == BridgeMode.SenderReceiver) { + if (firewallMode == FirewallMode.SenderReceiver) { require(inboundConfig != null && outboundConfig != null) { "Missing required configuration" } - } else if (bridgeMode == BridgeMode.BridgeInner) { + } else if (firewallMode == FirewallMode.BridgeInner) { require(bridgeInnerConfig != null && outboundConfig != null) { "Missing required configuration" } - } else if (bridgeMode == BridgeMode.FloatOuter) { + } else if (firewallMode == FirewallMode.FloatOuter) { require(inboundConfig != null && floatOuterConfig != null) { "Missing required configuration" } } } diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/filter/SimpleMessageFilterService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/filter/SimpleMessageFilterService.kt index 6a9b72a790..9ae727bded 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/filter/SimpleMessageFilterService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/filter/SimpleMessageFilterService.kt @@ -24,8 +24,8 @@ import org.apache.activemq.artemis.api.core.client.ClientProducer import org.apache.activemq.artemis.api.core.client.ClientSession import rx.Subscription -class SimpleMessageFilterService(val conf: BridgeConfiguration, - val auditService: BridgeAuditService, +class SimpleMessageFilterService(val conf: FirewallConfiguration, + val auditService: FirewallAuditService, val artemisConnectionService: BridgeArtemisConnectionService, val bridgeSenderService: BridgeSenderService, private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : IncomingMessageFilterService, ServiceStateSupport by stateHelper { diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/ha/ExternalMasterElectionService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/ha/ExternalMasterElectionService.kt index adbf62ddaf..76fa760dac 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/ha/ExternalMasterElectionService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/ha/ExternalMasterElectionService.kt @@ -10,9 +10,9 @@ package net.corda.bridge.services.ha -import net.corda.bridge.services.api.BridgeAuditService -import net.corda.bridge.services.api.BridgeConfiguration import net.corda.bridge.services.api.BridgeMasterService +import net.corda.bridge.services.api.FirewallAuditService +import net.corda.bridge.services.api.FirewallConfiguration import net.corda.bridge.services.api.ServiceStateSupport import net.corda.bridge.services.util.ServiceStateHelper import net.corda.core.utilities.contextLogger @@ -25,8 +25,8 @@ import java.util.concurrent.Executors import java.util.concurrent.ScheduledFuture import java.util.concurrent.TimeUnit -class ExternalMasterElectionService(val conf: BridgeConfiguration, - val auditService: BridgeAuditService, +class ExternalMasterElectionService(val conf: FirewallConfiguration, + val auditService: FirewallAuditService, private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeMasterService, ServiceStateSupport by stateHelper { private var haElector: ZkLeader? = null diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/ha/SingleInstanceMasterService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/ha/SingleInstanceMasterService.kt index 3f978e6122..3b5eec8c99 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/ha/SingleInstanceMasterService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/ha/SingleInstanceMasterService.kt @@ -10,15 +10,15 @@ package net.corda.bridge.services.ha -import net.corda.bridge.services.api.BridgeAuditService -import net.corda.bridge.services.api.BridgeConfiguration import net.corda.bridge.services.api.BridgeMasterService +import net.corda.bridge.services.api.FirewallAuditService +import net.corda.bridge.services.api.FirewallConfiguration import net.corda.bridge.services.api.ServiceStateSupport import net.corda.bridge.services.util.ServiceStateHelper import net.corda.core.utilities.contextLogger -class SingleInstanceMasterService(val conf: BridgeConfiguration, - val auditService: BridgeAuditService, +class SingleInstanceMasterService(val conf: FirewallConfiguration, + val auditService: FirewallAuditService, private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeMasterService, ServiceStateSupport by stateHelper { companion object { val log = contextLogger() diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/BridgeAMQPListenerServiceImpl.kt b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/BridgeAMQPListenerServiceImpl.kt index f25054e05c..9160d9f930 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/BridgeAMQPListenerServiceImpl.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/BridgeAMQPListenerServiceImpl.kt @@ -11,8 +11,8 @@ package net.corda.bridge.services.receiver import net.corda.bridge.services.api.BridgeAMQPListenerService -import net.corda.bridge.services.api.BridgeAuditService -import net.corda.bridge.services.api.BridgeConfiguration +import net.corda.bridge.services.api.FirewallAuditService +import net.corda.bridge.services.api.FirewallConfiguration import net.corda.bridge.services.api.ServiceStateSupport import net.corda.bridge.services.util.ServiceStateCombiner import net.corda.bridge.services.util.ServiceStateHelper @@ -30,9 +30,9 @@ import java.io.ByteArrayInputStream import java.security.KeyStore import java.util.* -class BridgeAMQPListenerServiceImpl(val conf: BridgeConfiguration, +class BridgeAMQPListenerServiceImpl(val conf: FirewallConfiguration, val maximumMessageSize: Int, - val auditService: BridgeAuditService, + val auditService: FirewallAuditService, private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeAMQPListenerService, ServiceStateSupport by stateHelper { companion object { val log = contextLogger() diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/FloatControlListenerService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/FloatControlListenerService.kt index 383aba90fd..99476d5c19 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/FloatControlListenerService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/FloatControlListenerService.kt @@ -33,9 +33,9 @@ import java.util.concurrent.locks.ReentrantLock import kotlin.concurrent.withLock -class FloatControlListenerService(val conf: BridgeConfiguration, +class FloatControlListenerService(val conf: FirewallConfiguration, val maximumMessageSize: Int, - val auditService: BridgeAuditService, + val auditService: FirewallAuditService, val amqpListener: BridgeAMQPListenerService, private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : FloatControlService, ServiceStateSupport by stateHelper { companion object { diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/InProcessBridgeReceiverService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/InProcessBridgeReceiverService.kt index 79159be517..3a975789ae 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/InProcessBridgeReceiverService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/InProcessBridgeReceiverService.kt @@ -19,8 +19,8 @@ import net.corda.nodeapi.internal.config.SSLConfiguration import net.corda.nodeapi.internal.protonwrapper.messages.ReceivedMessage import rx.Subscription -class InProcessBridgeReceiverService(val conf: BridgeConfiguration, - val auditService: BridgeAuditService, +class InProcessBridgeReceiverService(val conf: FirewallConfiguration, + val auditService: FirewallAuditService, haService: BridgeMasterService, val amqpListenerService: BridgeAMQPListenerService, val filterService: IncomingMessageFilterService, diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/TunnelingBridgeReceiverService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/TunnelingBridgeReceiverService.kt index 52c137ccdc..31b90a6fba 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/receiver/TunnelingBridgeReceiverService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/receiver/TunnelingBridgeReceiverService.kt @@ -36,9 +36,9 @@ import java.security.SecureRandom import java.util.concurrent.TimeUnit import java.util.concurrent.TimeoutException -class TunnelingBridgeReceiverService(val conf: BridgeConfiguration, +class TunnelingBridgeReceiverService(val conf: FirewallConfiguration, val maximumMessageSize: Int, - val auditService: BridgeAuditService, + val auditService: FirewallAuditService, haService: BridgeMasterService, val filterService: IncomingMessageFilterService, private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeReceiverService, ServiceStateSupport by stateHelper { diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/sender/DirectBridgeSenderService.kt b/bridge/src/main/kotlin/net/corda/bridge/services/sender/DirectBridgeSenderService.kt index a2579a4f4b..3c0974639d 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/sender/DirectBridgeSenderService.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/sender/DirectBridgeSenderService.kt @@ -20,9 +20,9 @@ import net.corda.nodeapi.internal.ArtemisSessionProvider import net.corda.nodeapi.internal.bridging.BridgeControlListener import rx.Subscription -class DirectBridgeSenderService(val conf: BridgeConfiguration, +class DirectBridgeSenderService(val conf: FirewallConfiguration, val maxMessageSize: Int, - val auditService: BridgeAuditService, + val auditService: FirewallAuditService, haService: BridgeMasterService, val artemisConnectionService: BridgeArtemisConnectionService, private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeSenderService, ServiceStateSupport by stateHelper { diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/supervisors/BridgeSupervisorServiceImpl.kt b/bridge/src/main/kotlin/net/corda/bridge/services/supervisors/BridgeSupervisorServiceImpl.kt index 0fbf5abe1e..3971533c3a 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/supervisors/BridgeSupervisorServiceImpl.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/supervisors/BridgeSupervisorServiceImpl.kt @@ -24,9 +24,9 @@ import net.corda.core.utilities.contextLogger import org.slf4j.LoggerFactory import rx.Subscription -class BridgeSupervisorServiceImpl(val conf: BridgeConfiguration, +class BridgeSupervisorServiceImpl(val conf: FirewallConfiguration, maxMessageSize: Int, - val auditService: BridgeAuditService, + val auditService: FirewallAuditService, inProcessAMQPListenerService: BridgeAMQPListenerService?, private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : BridgeSupervisorService, ServiceStateSupport by stateHelper { companion object { @@ -51,7 +51,7 @@ class BridgeSupervisorServiceImpl(val conf: BridgeConfiguration, artemisService = BridgeArtemisConnectionServiceImpl(conf, maxMessageSize, auditService) senderService = DirectBridgeSenderService(conf, maxMessageSize, auditService, haService, artemisService) filterService = SimpleMessageFilterService(conf, auditService, artemisService, senderService) - receiverService = if (conf.bridgeMode == BridgeMode.SenderReceiver) { + receiverService = if (conf.firewallMode == FirewallMode.SenderReceiver) { InProcessBridgeReceiverService(conf, auditService, haService, inProcessAMQPListenerService!!, filterService) } else { require(inProcessAMQPListenerService == null) { "Should not have an in process instance of the AMQPListenerService" } diff --git a/bridge/src/main/kotlin/net/corda/bridge/services/supervisors/FloatSupervisorServiceImpl.kt b/bridge/src/main/kotlin/net/corda/bridge/services/supervisors/FloatSupervisorServiceImpl.kt index 84b60b83b4..fa0858bed0 100644 --- a/bridge/src/main/kotlin/net/corda/bridge/services/supervisors/FloatSupervisorServiceImpl.kt +++ b/bridge/src/main/kotlin/net/corda/bridge/services/supervisors/FloatSupervisorServiceImpl.kt @@ -19,9 +19,9 @@ import net.corda.core.utilities.contextLogger import org.slf4j.LoggerFactory import rx.Subscription -class FloatSupervisorServiceImpl(val conf: BridgeConfiguration, +class FloatSupervisorServiceImpl(val conf: FirewallConfiguration, val maxMessageSize: Int, - val auditService: BridgeAuditService, + val auditService: FirewallAuditService, private val stateHelper: ServiceStateHelper = ServiceStateHelper(log)) : FloatSupervisorService, ServiceStateSupport by stateHelper { companion object { val log = contextLogger() @@ -35,7 +35,7 @@ class FloatSupervisorServiceImpl(val conf: BridgeConfiguration, init { amqpListenerService = BridgeAMQPListenerServiceImpl(conf, maxMessageSize, auditService) - floatControlService = if (conf.bridgeMode == BridgeMode.FloatOuter) { + floatControlService = if (conf.firewallMode == FirewallMode.FloatOuter) { require(conf.haConfig == null) { "Float process should not have HA config, that is controlled via the bridge." } FloatControlListenerService(conf, maxMessageSize, auditService, amqpListenerService) } else { diff --git a/bridge/src/main/resources/bridgedefault.conf b/bridge/src/main/resources/firewalldefault.conf similarity index 100% rename from bridge/src/main/resources/bridgedefault.conf rename to bridge/src/main/resources/firewalldefault.conf diff --git a/bridge/src/test/kotlin/net/corda/bridge/BridgeTestHelper.kt b/bridge/src/test/kotlin/net/corda/bridge/BridgeTestHelper.kt index d3c691b361..2f3171c51e 100644 --- a/bridge/src/test/kotlin/net/corda/bridge/BridgeTestHelper.kt +++ b/bridge/src/test/kotlin/net/corda/bridge/BridgeTestHelper.kt @@ -10,7 +10,7 @@ package net.corda.bridge -import net.corda.bridge.services.api.BridgeConfiguration +import net.corda.bridge.services.api.FirewallConfiguration import net.corda.core.crypto.Crypto.generateKeyPair import net.corda.core.identity.CordaX500Name import net.corda.core.internal.createDirectories @@ -51,7 +51,7 @@ fun createNetworkParams(baseDirectory: Path): Int { } -fun createAndLoadConfigFromResource(baseDirectory: Path, configResource: String): BridgeConfiguration { +fun createAndLoadConfigFromResource(baseDirectory: Path, configResource: String): FirewallConfiguration { val workspaceFolder = baseDirectory.normalize().toAbsolutePath() val args = arrayOf("--base-directory", workspaceFolder.toString()) val argsParser = ArgsParser() diff --git a/bridge/src/test/kotlin/net/corda/bridge/ConfigTest.kt b/bridge/src/test/kotlin/net/corda/bridge/ConfigTest.kt index e6d31aa2e4..99e3145195 100644 --- a/bridge/src/test/kotlin/net/corda/bridge/ConfigTest.kt +++ b/bridge/src/test/kotlin/net/corda/bridge/ConfigTest.kt @@ -10,7 +10,7 @@ package net.corda.bridge -import net.corda.bridge.services.api.BridgeMode +import net.corda.bridge.services.api.FirewallMode import net.corda.core.identity.CordaX500Name import net.corda.core.internal.div import net.corda.core.utilities.NetworkHostAndPort @@ -35,9 +35,9 @@ class ConfigTest { @Test fun `Load simple config`() { - val configResource = "/net/corda/bridge/singleprocess/bridge.conf" + val configResource = "/net/corda/bridge/singleprocess/firewall.conf" val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) - assertEquals(BridgeMode.SenderReceiver, config.bridgeMode) + assertEquals(FirewallMode.SenderReceiver, config.firewallMode) assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress) assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress) assertNull(config.bridgeInnerConfig) @@ -46,9 +46,9 @@ class ConfigTest { @Test fun `Load simple bridge config`() { - val configResource = "/net/corda/bridge/withfloat/bridge/bridge.conf" + val configResource = "/net/corda/bridge/withfloat/bridge/firewall.conf" val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) - assertEquals(BridgeMode.BridgeInner, config.bridgeMode) + assertEquals(FirewallMode.BridgeInner, config.firewallMode) assertEquals(NetworkHostAndPort("localhost", 11005), config.outboundConfig!!.artemisBrokerAddress) assertNull(config.inboundConfig) assertEquals(listOf(NetworkHostAndPort("localhost", 12005)), config.bridgeInnerConfig!!.floatAddresses) @@ -58,9 +58,9 @@ class ConfigTest { @Test fun `Load simple float config`() { - val configResource = "/net/corda/bridge/withfloat/float/bridge.conf" + val configResource = "/net/corda/bridge/withfloat/float/firewall.conf" val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) - assertEquals(BridgeMode.FloatOuter, config.bridgeMode) + assertEquals(FirewallMode.FloatOuter, config.firewallMode) assertNull(config.outboundConfig) assertEquals(NetworkHostAndPort("0.0.0.0", 10005), config.inboundConfig!!.listeningAddress) assertNull(config.bridgeInnerConfig) @@ -70,7 +70,7 @@ class ConfigTest { @Test fun `Load overridden cert config`() { - val configResource = "/net/corda/bridge/custombasecerts/bridge.conf" + val configResource = "/net/corda/bridge/custombasecerts/firewall.conf" val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) assertEquals(Paths.get("customcerts/mysslkeystore.jks"), config.sslKeystore) assertEquals(Paths.get("customcerts/mytruststore.jks"), config.trustStoreFile) @@ -78,7 +78,7 @@ class ConfigTest { @Test fun `Load custom inner certificate config`() { - val configResource = "/net/corda/bridge/separatedwithcustomcerts/bridge/bridge.conf" + val configResource = "/net/corda/bridge/separatedwithcustomcerts/bridge/firewall.conf" val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) assertEquals(Paths.get("outboundcerts/outboundkeys.jks"), config.outboundConfig!!.customSSLConfiguration!!.sslKeystore) assertEquals(Paths.get("outboundcerts/outboundtrust.jks"), config.outboundConfig!!.customSSLConfiguration!!.trustStoreFile) @@ -94,7 +94,7 @@ class ConfigTest { @Test fun `Load custom outer certificate config`() { - val configResource = "/net/corda/bridge/separatedwithcustomcerts/float/bridge.conf" + val configResource = "/net/corda/bridge/separatedwithcustomcerts/float/firewall.conf" val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) assertEquals(Paths.get("inboundcerts/inboundkeys.jks"), config.inboundConfig!!.customSSLConfiguration!!.sslKeystore) assertEquals(Paths.get("inboundcerts/inboundtrust.jks"), config.inboundConfig!!.customSSLConfiguration!!.trustStoreFile) @@ -110,7 +110,7 @@ class ConfigTest { @Test fun `Load config withsocks support`() { - val configResource = "/net/corda/bridge/withsocks/bridge.conf" + val configResource = "/net/corda/bridge/withsocks/firewall.conf" val config = createAndLoadConfigFromResource(tempFolder.root.toPath(), configResource) assertEquals(SocksProxyVersion.SOCKS5, config.outboundConfig!!.socksProxyConfig!!.version) assertEquals(NetworkHostAndPort("localhost", 12345), config.outboundConfig!!.socksProxyConfig!!.proxyAddress) diff --git a/bridge/src/test/kotlin/net/corda/bridge/services/FilterServiceTest.kt b/bridge/src/test/kotlin/net/corda/bridge/services/FilterServiceTest.kt index 7763d082e2..9f9785fb16 100644 --- a/bridge/src/test/kotlin/net/corda/bridge/services/FilterServiceTest.kt +++ b/bridge/src/test/kotlin/net/corda/bridge/services/FilterServiceTest.kt @@ -13,8 +13,8 @@ package net.corda.bridge.services import com.nhaarman.mockito_kotlin.* import net.corda.bridge.createPartialMock import net.corda.bridge.services.api.BridgeArtemisConnectionService -import net.corda.bridge.services.api.BridgeConfiguration import net.corda.bridge.services.api.BridgeSenderService +import net.corda.bridge.services.api.FirewallConfiguration import net.corda.bridge.services.filter.SimpleMessageFilterService import net.corda.nodeapi.internal.ArtemisMessagingClient import net.corda.nodeapi.internal.ArtemisMessagingComponent @@ -38,7 +38,7 @@ class FilterServiceTest { @Test fun `Basic function tests`() { - val conf = rigorousMock().also { + val conf = rigorousMock().also { doReturn(ArtemisMessagingComponent.Companion.P2PMessagingHeaders.whitelistedHeaders.toList()).whenever(it).whitelistedHeaders } val auditService = TestAuditService() @@ -109,7 +109,7 @@ class FilterServiceTest { @Test fun `Rejection tests`() { - val conf = rigorousMock().also { + val conf = rigorousMock().also { doReturn(ArtemisMessagingComponent.Companion.P2PMessagingHeaders.whitelistedHeaders.toList()).whenever(it).whitelistedHeaders } val auditService = TestAuditService() diff --git a/bridge/src/test/kotlin/net/corda/bridge/services/TestAuditService.kt b/bridge/src/test/kotlin/net/corda/bridge/services/TestAuditService.kt index 12c3b91b69..96d7e8d7eb 100644 --- a/bridge/src/test/kotlin/net/corda/bridge/services/TestAuditService.kt +++ b/bridge/src/test/kotlin/net/corda/bridge/services/TestAuditService.kt @@ -10,13 +10,13 @@ package net.corda.bridge.services -import net.corda.bridge.services.api.BridgeAuditService +import net.corda.bridge.services.api.FirewallAuditService import net.corda.nodeapi.internal.protonwrapper.messages.ReceivedMessage import rx.Observable import rx.subjects.PublishSubject import java.net.InetSocketAddress -class TestAuditService() : BridgeAuditService, TestServiceBase() { +class TestAuditService() : FirewallAuditService, TestServiceBase() { enum class AuditEvent { SUCCESSFUL_CONNECTION, FAILED_CONNECTION, diff --git a/bridge/src/test/resources/net/corda/bridge/artemisfailover/bridge.conf b/bridge/src/test/resources/net/corda/bridge/artemisfailover/firewall.conf similarity index 88% rename from bridge/src/test/resources/net/corda/bridge/artemisfailover/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/artemisfailover/firewall.conf index 30d0e488a9..91723be152 100644 --- a/bridge/src/test/resources/net/corda/bridge/artemisfailover/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/artemisfailover/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = SenderReceiver +firewallMode = SenderReceiver outboundConfig : { artemisBrokerAddress = "localhost:11005" alternateArtemisBrokerAddresses = ["localhost:12005"] diff --git a/bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/bridge/bridge.conf b/bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/bridge/firewall.conf similarity index 89% rename from bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/bridge/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/bridge/firewall.conf index 69852be7df..dd27a3497f 100644 --- a/bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/bridge/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/bridge/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = BridgeInner +firewallMode = BridgeInner outboundConfig : { artemisBrokerAddress = "localhost:11005" alternateArtemisBrokerAddresses = ["localhost:12005"] diff --git a/bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/float/bridge.conf b/bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/float/firewall.conf similarity index 88% rename from bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/float/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/float/firewall.conf index 3fdf8a1cfa..25a9f61c6d 100644 --- a/bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/float/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/artemisfailoverandfloat/float/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = FloatOuter +firewallMode = FloatOuter inboundConfig : { listeningAddress = "0.0.0.0:10005" } diff --git a/bridge/src/test/resources/net/corda/bridge/custombasecerts/bridge.conf b/bridge/src/test/resources/net/corda/bridge/custombasecerts/firewall.conf similarity index 89% rename from bridge/src/test/resources/net/corda/bridge/custombasecerts/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/custombasecerts/firewall.conf index 19fe0a8c1f..40f6e45072 100644 --- a/bridge/src/test/resources/net/corda/bridge/custombasecerts/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/custombasecerts/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = SenderReceiver +firewallMode = SenderReceiver sslKeystore = "customcerts/mysslkeystore.jks" trustStoreFile = "customcerts/mytruststore.jks" outboundConfig : { diff --git a/bridge/src/test/resources/net/corda/bridge/hasingleprocess/bridge.conf b/bridge/src/test/resources/net/corda/bridge/hasingleprocess/firewall.conf similarity index 95% rename from bridge/src/test/resources/net/corda/bridge/hasingleprocess/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/hasingleprocess/firewall.conf index 500e830601..e313c89f69 100644 --- a/bridge/src/test/resources/net/corda/bridge/hasingleprocess/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/hasingleprocess/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = SenderReceiver +firewallMode = SenderReceiver outboundConfig : { artemisBrokerAddress = "localhost:11005" } diff --git a/bridge/src/test/resources/net/corda/bridge/hawithfloat/bridge/bridge.conf b/bridge/src/test/resources/net/corda/bridge/hawithfloat/bridge/firewall.conf similarity index 96% rename from bridge/src/test/resources/net/corda/bridge/hawithfloat/bridge/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/hawithfloat/bridge/firewall.conf index 8c11372741..33d364af67 100644 --- a/bridge/src/test/resources/net/corda/bridge/hawithfloat/bridge/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/hawithfloat/bridge/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = BridgeInner +firewallMode = BridgeInner outboundConfig : { artemisBrokerAddress = "localhost:11005" } diff --git a/bridge/src/test/resources/net/corda/bridge/hawithfloat/float/bridge.conf b/bridge/src/test/resources/net/corda/bridge/hawithfloat/float/firewall.conf similarity index 88% rename from bridge/src/test/resources/net/corda/bridge/hawithfloat/float/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/hawithfloat/float/firewall.conf index e18b533f07..7e5b698d56 100644 --- a/bridge/src/test/resources/net/corda/bridge/hawithfloat/float/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/hawithfloat/float/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = FloatOuter +firewallMode = FloatOuter inboundConfig : { listeningAddress = "0.0.0.0:10005" } diff --git a/bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/bridge/bridge.conf b/bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/bridge/firewall.conf similarity index 94% rename from bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/bridge/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/bridge/firewall.conf index 2751197ea0..2fe504ac62 100644 --- a/bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/bridge/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/bridge/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = BridgeInner +firewallMode = BridgeInner outboundConfig : { artemisBrokerAddress = "localhost:11005" customSSLConfiguration : { diff --git a/bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/float/bridge.conf b/bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/float/firewall.conf similarity index 94% rename from bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/float/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/float/firewall.conf index 19442ed268..7da1d2efae 100644 --- a/bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/float/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/separatedwithcustomcerts/float/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = FloatOuter +firewallMode = FloatOuter inboundConfig : { listeningAddress = "0.0.0.0:10005" customSSLConfiguration : { diff --git a/bridge/src/test/resources/net/corda/bridge/singleprocess/bridge.conf b/bridge/src/test/resources/net/corda/bridge/singleprocess/firewall.conf similarity index 87% rename from bridge/src/test/resources/net/corda/bridge/singleprocess/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/singleprocess/firewall.conf index f6101a0a72..f15658155a 100644 --- a/bridge/src/test/resources/net/corda/bridge/singleprocess/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/singleprocess/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = SenderReceiver +firewallMode = SenderReceiver outboundConfig : { artemisBrokerAddress = "localhost:11005" } diff --git a/bridge/src/test/resources/net/corda/bridge/withfloat/bridge/bridge.conf b/bridge/src/test/resources/net/corda/bridge/withfloat/bridge/firewall.conf similarity index 89% rename from bridge/src/test/resources/net/corda/bridge/withfloat/bridge/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/withfloat/bridge/firewall.conf index 7a2c6f84ae..7f39df2ac4 100644 --- a/bridge/src/test/resources/net/corda/bridge/withfloat/bridge/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/withfloat/bridge/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = BridgeInner +firewallMode = BridgeInner outboundConfig : { artemisBrokerAddress = "localhost:11005" } diff --git a/bridge/src/test/resources/net/corda/bridge/withfloat/float/bridge.conf b/bridge/src/test/resources/net/corda/bridge/withfloat/float/firewall.conf similarity index 88% rename from bridge/src/test/resources/net/corda/bridge/withfloat/float/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/withfloat/float/firewall.conf index e18b533f07..7e5b698d56 100644 --- a/bridge/src/test/resources/net/corda/bridge/withfloat/float/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/withfloat/float/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = FloatOuter +firewallMode = FloatOuter inboundConfig : { listeningAddress = "0.0.0.0:10005" } diff --git a/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/badsocksversion4.conf b/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/badsocksversion4.conf index 660a7a6618..c2b765858f 100644 --- a/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/badsocksversion4.conf +++ b/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/badsocksversion4.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = SenderReceiver +firewallMode = SenderReceiver outboundConfig : { artemisBrokerAddress = "localhost:11005" socksProxyConfig : { diff --git a/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/badsocksversion5.conf b/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/badsocksversion5.conf index 5f4d14b481..e1ed279fdf 100644 --- a/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/badsocksversion5.conf +++ b/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/badsocksversion5.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = SenderReceiver +firewallMode = SenderReceiver outboundConfig : { artemisBrokerAddress = "localhost:11005" socksProxyConfig : { diff --git a/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/socks4passwordsillegal.conf b/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/socks4passwordsillegal.conf index 58851f56ac..8844d0a3f8 100644 --- a/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/socks4passwordsillegal.conf +++ b/bridge/src/test/resources/net/corda/bridge/withsocks/badconfig/socks4passwordsillegal.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = SenderReceiver +firewallMode = SenderReceiver outboundConfig : { artemisBrokerAddress = "localhost:11005" socksProxyConfig : { diff --git a/bridge/src/test/resources/net/corda/bridge/withsocks/bridge.conf b/bridge/src/test/resources/net/corda/bridge/withsocks/firewall.conf similarity index 90% rename from bridge/src/test/resources/net/corda/bridge/withsocks/bridge.conf rename to bridge/src/test/resources/net/corda/bridge/withsocks/firewall.conf index 6592590bb9..5970dd2e77 100644 --- a/bridge/src/test/resources/net/corda/bridge/withsocks/bridge.conf +++ b/bridge/src/test/resources/net/corda/bridge/withsocks/firewall.conf @@ -7,7 +7,7 @@ // // Distribution of this file or any portion thereof via any medium without the express permission of R3 is strictly prohibited. -bridgeMode = SenderReceiver +firewallMode = SenderReceiver outboundConfig : { artemisBrokerAddress = "localhost:11005" socksProxyConfig : { diff --git a/build.gradle b/build.gradle index 565fd7bbb1..42f9185c35 100644 --- a/build.gradle +++ b/build.gradle @@ -397,7 +397,7 @@ bintrayConfig { 'corda-tools-blob-inspector', 'corda-tools-explorer', 'corda-tools-network-bootstrapper', - 'corda-bridgeserver', + 'corda-firewall', 'corda-ptflows', 'jmeter-corda', 'tools-database-manager', diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst index 66ee5645f9..615bcea4cc 100644 --- a/docs/source/changelog.rst +++ b/docs/source/changelog.rst @@ -6,6 +6,12 @@ release, see :doc:`upgrade-notes`. Unreleased ---------- + +* The ``corda-bridgserver.jar`` has been renamed to ``corda-firewall.jar`` to be more consistent + with marketing materials and purpose of the jar. Further to this we have also renamed ``bridge.conf`` to ``firewall.conf`` + and within that file the ``bridgeMode`` propety has been modified to ``firewallMode`` for overall consistency. + This will be a breaking change for early adopters and their deployments, but hopefully will be more future proof. + * Remove all references to the out-of-process transaction verification. * Introduced a hierarchy of ``DatabaseMigrationException``s, allowing ``NodeStartup`` to gracefully inform users of problems related to database migrations before exiting with a non-zero code. diff --git a/docs/source/corda-bridge-component.rst b/docs/source/corda-firewall-component.rst similarity index 88% rename from docs/source/corda-bridge-component.rst rename to docs/source/corda-firewall-component.rst index 26247af959..7d3bf7a79a 100644 --- a/docs/source/corda-bridge-component.rst +++ b/docs/source/corda-firewall-component.rst @@ -1,12 +1,12 @@ -Bridge component overview -========================= +Firewall Component Overview +=============================== .. contents:: Introduction ------------ -The Corda bridge/float component is designed for enterprise deployments and acts as an application level -firewall and protocol break on all internet facing endpoints. The ``corda-bridgeserver.jar`` encapsulates the peer +The Corda Firewall (bridge/float) component is designed for enterprise deployments and acts as an application level +firewall and protocol break on all internet facing endpoints. The ``corda-firewall.jar`` encapsulates the peer network functionality of the basic Corda Enterprise node, so that this can be operated separately from the security sensitive JVM runtime of the node. This gives separation of functionality and ensures that the legal identity keys are not used in the same process as the internet TLS connections. Also, it adds support for enterprise deployment requirements, @@ -20,13 +20,13 @@ The component referred to here as the *bridge* is the library of code responsibl nodes and implements the AMQP 1.0 protocol over TLS 1.0 between peers to provide reliable flow message delivery. This component can be run as a simple integrated feature of the node. However, for enhanced security and features in Corda Enterprise, the in-node version should be turned off and a standalone and HA version can be run from the -``corda-bridgeserver.jar``, possibly integrating with a SOCKS proxy. +``corda-firewall.jar``, possibly integrating with a SOCKS proxy. The *float* component refers to the inbound socket listener, packet filtering and DMZ compatible component. In the simple all-in-one node all inbound peer connections terminate directly onto an embedded Artemis broker component hosted within the node. The connection authentication and packet the filtering is managed directly via Artemis permission controls managed directly inside the node JVM. For Corda Enterprise deployments we provide a more -secure and configurable isolation component that is available using code inside ``corda-bridgeserver.jar``. This +secure and configurable isolation component that is available using code inside ``corda-firewall.jar``. This component is designed to provide a clear protocol break and thus prevents the node and Artemis server ever being directly exposed to peers. For simpler deployments with no DMZ the float and bridge logic can also be run as a single application behind the firewall, but still protecting the node and hosted Artemis. In future we may also host @@ -119,9 +119,10 @@ Operating modes of the Bridge and Float Embedded Developer Node (node + artemis + internal bridge, no float, no DMZ) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The simplest development deployment of the bridge is to just use the embedded Peer-to-Peer Artemis with the node as TLS endpoint -and to have the outgoing packets use the internal bridge functionality. Typically this should only be used for easy development, -or for organisations evaluating on Open Source Corda, where this is the only available option: +The simplest development deployment of the node is without firewall and thus just use the embedded bridge and Peer-to-Peer +Artemis with the node as TLS endpoint and to have the outgoing packets use the internal bridge functionality. +Typically this should only be used for easy development, or for organisations evaluating on Open Source Corda, +where this is the only available option: .. image:: resources/bridge/node_embedded_bridge.png :scale: 100% @@ -131,13 +132,13 @@ Node + Bridge (no float, no DMZ) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The next simplest deployment is to turn off the built in bridge using the ``externalBridge`` enterprise config property -and to run a single combined bridge/float process. This might be suitable for a test environment, to conserve VM's. +and to run a single combined firewall process. This might be suitable for a test environment, to conserve VMs. - .. note:: Note that to run the bridge and the node on the same machine there could be a port conflict with a naive setup, + .. note:: Note that to run the firewall and the node on the same machine there could be a port conflict with a naive ``node.conf`` setup, but by using the ``messagingServerAddress`` property to specify the bind address and port plus setting ``messagingServerExternal = false`` the embedded Artemis P2P broker can be set to listen on a different port rather than the advertised ``p2paddress`` port. - Then configure an all-in-one bridge to point at this node: + Then configure an all-in-one bridge to point at this node's ``messagingServerAddress``: .. image:: resources/bridge/simple_bridge.png :scale: 100% @@ -147,9 +148,10 @@ DMZ ready (node + bridge + float) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ To familiarize oneself with the a more complete deployment including a DMZ and separated inbound and outbound paths -the ``bridgeMode`` property in the ``bridge.conf`` should be set to ``BridgeInner`` for the bridge and -``FloatOuter`` for the DMZ float. The diagram below shows such a non-HA deployment. This would not be recommended -for production, unless used as part of a cold DR type standby. +the ``firewallMode`` property in the ``firewall.conf`` should be set to ``BridgeInner`` for the bridge and +``FloatOuter`` for the DMZ float. These mode names were chosen to remind users that the ``bridge`` should run in the trusted +*inner* network zone and the ``float`` should run in the less trusted *outer* zone. +The diagram below shows such a non-HA deployment. This would not be recommended for production, unless used as part of a cold DR type standby. .. note:: Note that whilst the bridge needs access to the official TLS private key, the tunnel link should use a private set of link specific keys and certificates. The float will be provisioned diff --git a/docs/source/corda-firewall.rst b/docs/source/corda-firewall.rst index fbdbe05128..477f8a43d4 100644 --- a/docs/source/corda-firewall.rst +++ b/docs/source/corda-firewall.rst @@ -1,12 +1,12 @@ Corda Firewall ============== -Corda Enterprise ships a component called the *Corda Firewall*. The firewall is actually made up of two separate programs, +Corda Enterprise ships a component called the *Corda Firewall*. The firewall is actually made up of two separate modules, called the *bridge* and the *float*. These handle outbound and inbound connections respectively, and allow a node administrator to minimise the amount of code running in a network's DMZ. The firewall provides some basic protection features in this release: future releases may add enhanced monitoring and audit capabilities. .. toctree:: - corda-bridge-component - bridge-configuration-file + corda-firewall-component + firewall-configuration-file diff --git a/docs/source/design/float/deployment/Bridge Configurations.pptx b/docs/source/design/float/deployment/Bridge Configurations.pptx index 7e3384621d..403e4269e8 100644 Binary files a/docs/source/design/float/deployment/Bridge Configurations.pptx and b/docs/source/design/float/deployment/Bridge Configurations.pptx differ diff --git a/docs/source/bridge-configuration-file.rst b/docs/source/firewall-configuration-file.rst similarity index 92% rename from docs/source/bridge-configuration-file.rst rename to docs/source/firewall-configuration-file.rst index 1a52079049..a96c7ed0d0 100644 --- a/docs/source/bridge-configuration-file.rst +++ b/docs/source/firewall-configuration-file.rst @@ -1,25 +1,25 @@ -Bridge configuration +Firewall configuration ==================== .. contents:: File location ------------- -When starting a standalone bridge, or float, the ``corda-bridgeserver.jar`` file defaults to reading the bridge's configuration from a ``bridge.conf`` file in +When starting a standalone firewall (in bridge, or float mode), the ``corda-firewall.jar`` file defaults to reading the firewall's configuration from a ``firewall.conf`` file in the directory from which the command to launch the process is executed. There are two command-line options to override this behaviour: * The ``--config-file`` command line option allows you to specify a configuration file with a different name, or at different file location. Paths are relative to the current working directory -* The ``--base-directory`` command line option allows you to specify the bridge's workspace location. A ``bridge.conf`` +* The ``--base-directory`` command line option allows you to specify the firewall's workspace location. A ``firewall.conf`` configuration file is then expected in the root of this workspace -If you specify both command line arguments at the same time, the bridge will fail to start. +If you specify both command line arguments at the same time, the firewall will fail to start. Format ------ -The Bridge configuration file uses the HOCON format which is superset of JSON. Please visit +The firewall configuration file uses the HOCON format which is superset of JSON. Please visit ``_ for further details. .. warning:: Please do NOT use double quotes (``"``) in configuration keys. @@ -31,40 +31,40 @@ The Bridge configuration file uses the HOCON format which is superset of JSON. P Defaults -------- A set of default configuration options are loaded from the built-in resource file. Any options you do not specify in -your own ``bridge.conf`` file will use these defaults: +your own ``firewall.conf`` file will use these defaults: -.. literalinclude:: ../../bridge/src/main/resources/bridgedefault.conf +.. literalinclude:: ../../bridge/src/main/resources/firewalldefault.conf :language: javascript Bridge operating modes ---------------------- -.. note:: By default, the Corda node assumes that it will carry out the peer-to-peer functions of the bridge internally! - Before running a dedicated bridge process, it is essential to turn off the dev mode component by setting the +.. note:: By default, the Corda node assumes that it will carry out the peer-to-peer functions of the ``bridge`` internally! + Before running a dedicated firewall process, it is essential to turn off the dev mode component by setting the ``enterpriseConfiguration.externalBridge`` property of the ``node.conf`` file to ``true``. If the ``externalBridge`` flag is not ``true``, there will be unexpected behaviour as the node will try to send peer-to-peer messages directly! -Assuming that an external bridge is to be used, the ``corda-bridgeserver.jar`` operates in one of three basic operating modes. -The particular mode is selected via the required ``bridgeMode`` configuration property inside ``bridge.conf``: +Assuming that an external firewall is to be used, the ``corda-firewall.jar`` operates in one of three basic operating modes. +The particular mode is selected via the required ``firewallMode`` configuration property inside ``firewall.conf``: -:SenderReceiver: selects a single process bridge solution to isolate the node and Artemis broker from direct Internet contact. - It is still assumed that the bridge process is behind a firewall, but both the message sending and receiving paths will pass via the ``bridge``. - In this mode the ``outboundConfig`` and ``inboundConfig`` configuration sections of ``bridge.conf`` must be provided, +:SenderReceiver: selects a single process firewall solution to isolate the node and Artemis broker from direct Internet contact. + It is still assumed that the firewall process is behind a firewall, but both the message sending and receiving paths will pass via the ``bridge``. + In this mode the ``outboundConfig`` and ``inboundConfig`` configuration sections of ``firewall.conf`` must be provided, the ``bridgeInnerConfig`` and ``floatOuterConfig`` sections should not be present. -:BridgeInner: mode runs this instance of the ``corda-bridgeserver.jar`` as the trusted portion of the peer-to-peer firewall float. +:BridgeInner: mode runs this instance of the ``corda-firewall.jar`` as the trusted portion of the peer-to-peer firewall float. Specifically, this process runs the complete outbound message processing. For the inbound path it operates only the filtering and durable storing portions of the message processing. The process expects to connect through a firewall to a matched ``FloatOuter`` instance running in the DMZ as the actual ``TLS/AMQP 1.0`` termination point. -:FloatOuter: causes this instance of the ``corda-bridgeserver.jar`` to run as a protocol break proxy for inbound message path. The process +:FloatOuter: causes this instance of the ``corda-firewall.jar`` to run as a protocol break proxy for inbound message path. The process will initialise a ``TLS`` control port and await connection from the ``BridgeInner``. Once the control connection is successful the ``BridgeInner`` will securely provision the ``TLS`` socket server key and certificates into the ``FloatOuter``. The process will then start listening for inbound connection from peer nodes. Fields ------ The available config fields are listed below. ``baseDirectory`` is available as a substitution value and contains the -absolute path to the bridge's base directory. +absolute path to the firewall's base directory. -:bridgeMode: Determines operating mode of the bridge. See above. +:firewallMode: Determines operating mode of the firewall. See above. :keyStorePassword: The password to unlock the TLS KeyStore file (``/certificates/sslkeystore.jks``) containing the node certificate and private key. The private key password must be the same due to limitations in the Artemis libraries. @@ -194,7 +194,7 @@ absolute path to the bridge's base directory. In future it intended that other schemes such as ``etcd`` are supported. :haPriority: The implementation uses a prioritise leader election algorithm, so that a preferred master instance can be set. The highest priority is 0 and larger integers have lower priority. - At the same level of priority, it is random which instance wins the leader election. If a bridge instance dies another will have the opportunity to become master in instead. + At the same level of priority, it is random which instance wins the leader election. If a ``bridge`` instance dies another will have the opportunity to become master in instead. :haTopic: Sets the zookeeper topic prefix that the nodes used in resolving the election and must be the same for all ``bridge`` instances competing for master status. This is available to allow a single zookeeper cluster to be reused with multiple @@ -357,11 +357,11 @@ Typical configuration for ``nodeserver2`` would be a ``node.conf`` files contain devMode = false // Turn off things like key autogeneration and require proper doorman registration. -Configuration in ``bridge.conf`` for ``bridgeserver1``: +Configuration in ``firewall.conf`` for ``bridgeserver1``: .. code-block:: javascript - bridgeMode = BridgeInner // Set the mode the corda-bridgeserver.jar runs as appropriately. + firewallMode = BridgeInner // Set the mode the corda-firewall.jar runs as appropriately. outboundConfig { // Required section artemisBrokerAddress = "nodeserver1:11005" // point at primary Artemis address in the node alternateArtemisBrokerAddresses = [ "nodeserver2:11005" ] // List any other HA Artemis addresses @@ -388,11 +388,11 @@ Configuration in ``bridge.conf`` for ``bridgeserver1``: } networkParametersPath = network-parameters // The network-parameters file is expected to be copied from the node after registration and here is expected in the workspace folder. -Configuration in ``bridge.conf`` for ``bridgeserver2``: +Configuration in ``firewall.conf`` for ``bridgeserver2``: .. code-block:: javascript - bridgeMode = BridgeInner // Set the mode the corda-bridgeserver.jar runs as appropriately. + firewallMode = BridgeInner // Set the mode the corda-firewall.jar runs as appropriately. outboundConfig { // Required section artemisBrokerAddress = "nodeserver2:11005" // point at primary Artemis address in the node alternateArtemisBrokerAddresses = [ "nodeserver1:11005" ] // List any other HA Artemis addresses @@ -420,11 +420,11 @@ Configuration in ``bridge.conf`` for ``bridgeserver2``: networkParametersPath = network-parameters // The network-parameters file is expected to be copied from the node after registration and here is expected in the workspace folder. -Configuration in ``bridge.conf`` for ``floatserver1``: +Configuration in ``firewall.conf`` for ``floatserver1``: .. code-block:: javascript - bridgeMode = FloatOuter // Set the mode the corda-bridgeserver.jar runs as appropriately. + firewallMode = FloatOuter // Set the mode the corda-firewall.jar runs as appropriately. inboundConfig { // Required section listeningAddress = "dmzexternal1:10005" // expose the listening port on the out NIC } @@ -441,11 +441,11 @@ Configuration in ``bridge.conf`` for ``floatserver1``: } networkParametersPath = network-parameters // The network-parameters file is expected to be copied from the node after registration and here is expected in the workspace folder. -Configuration in ``bridge.conf`` for ``floatserver2``: +Configuration in ``firewall.conf`` for ``floatserver2``: .. code-block:: javascript - bridgeMode = FloatOuter // Set the mode the corda-bridgeserver.jar runs as appropriately. + firewallMode = FloatOuter // Set the mode the corda-firewall.jar runs as appropriately. inboundConfig { // Required section listeningAddress = "dmzexternal2:10005" // expose the listening port on the out NIC } diff --git a/docs/source/resources/bridge/bridge_and_float.png b/docs/source/resources/bridge/bridge_and_float.png index c39d6fbc0d..d6684b075e 100644 Binary files a/docs/source/resources/bridge/bridge_and_float.png and b/docs/source/resources/bridge/bridge_and_float.png differ diff --git a/docs/source/resources/bridge/bridge_with_socks.png b/docs/source/resources/bridge/bridge_with_socks.png index fb83ed676d..9b2cd33feb 100644 Binary files a/docs/source/resources/bridge/bridge_with_socks.png and b/docs/source/resources/bridge/bridge_with_socks.png differ diff --git a/docs/source/resources/bridge/ha_bridge_float.png b/docs/source/resources/bridge/ha_bridge_float.png index c495851cd4..a1345022ad 100644 Binary files a/docs/source/resources/bridge/ha_bridge_float.png and b/docs/source/resources/bridge/ha_bridge_float.png differ diff --git a/docs/source/resources/bridge/ha_bridge_float_socks.png b/docs/source/resources/bridge/ha_bridge_float_socks.png index d0c679ec43..20120c7650 100644 Binary files a/docs/source/resources/bridge/ha_bridge_float_socks.png and b/docs/source/resources/bridge/ha_bridge_float_socks.png differ diff --git a/docs/source/resources/bridge/node_embedded_bridge.png b/docs/source/resources/bridge/node_embedded_bridge.png index 4c5c70a1b8..ebabac7fda 100644 Binary files a/docs/source/resources/bridge/node_embedded_bridge.png and b/docs/source/resources/bridge/node_embedded_bridge.png differ diff --git a/docs/source/resources/bridge/simple_bridge.png b/docs/source/resources/bridge/simple_bridge.png index 40024e9fc0..047b3d10d0 100644 Binary files a/docs/source/resources/bridge/simple_bridge.png and b/docs/source/resources/bridge/simple_bridge.png differ diff --git a/experimental/behave/src/main/kotlin/net/corda/behave/node/Distribution.kt b/experimental/behave/src/main/kotlin/net/corda/behave/node/Distribution.kt index 2d9ca68264..0cad7d60be 100644 --- a/experimental/behave/src/main/kotlin/net/corda/behave/node/Distribution.kt +++ b/experimental/behave/src/main/kotlin/net/corda/behave/node/Distribution.kt @@ -126,7 +126,7 @@ class Distribution private constructor( CORDA_OS(setOf("corda", "corda-webserver", "corda-finance")), // bridge-server not available in Enterprise Dev Previews // migration-tool not published in Enterprise Dev Previews - CORDA_ENTERPRISE(setOf("corda", "corda-webserver", "corda-finance", "corda-bridgeserver", "migration-tool")) + CORDA_ENTERPRISE(setOf("corda", "corda-webserver", "corda-finance", "corda-firewall", "migration-tool")) } companion object {