Merge branch 'release/os/4.5' into denis/merge_os_4.5_to_4.6

This commit is contained in:
Denis Rekalov 2020-10-02 21:43:57 +01:00
commit e837bb0ca8
5 changed files with 63 additions and 34 deletions

View File

@ -43,6 +43,7 @@ import net.corda.coretesting.internal.NettyTestServer
import net.corda.testing.internal.createDevIntermediateCaCertPath import net.corda.testing.internal.createDevIntermediateCaCertPath
import net.corda.coretesting.internal.stubs.CertificateStoreStubs import net.corda.coretesting.internal.stubs.CertificateStoreStubs
import net.corda.nodeapi.internal.crypto.CertificateType import net.corda.nodeapi.internal.crypto.CertificateType
import net.corda.nodeapi.internal.crypto.X509CertificateFactory
import net.corda.nodeapi.internal.crypto.X509Utilities import net.corda.nodeapi.internal.crypto.X509Utilities
import net.corda.nodeapi.internal.crypto.checkValidity import net.corda.nodeapi.internal.crypto.checkValidity
import net.corda.nodeapi.internal.crypto.getSupportedKey import net.corda.nodeapi.internal.crypto.getSupportedKey
@ -50,6 +51,7 @@ import net.corda.nodeapi.internal.crypto.loadOrCreateKeyStore
import net.corda.nodeapi.internal.crypto.save import net.corda.nodeapi.internal.crypto.save
import net.corda.nodeapi.internal.crypto.toBc import net.corda.nodeapi.internal.crypto.toBc
import net.corda.nodeapi.internal.crypto.x509 import net.corda.nodeapi.internal.crypto.x509
import net.corda.nodeapi.internal.crypto.x509Certificates
import net.corda.testing.internal.IS_OPENJ9 import net.corda.testing.internal.IS_OPENJ9
import net.i2p.crypto.eddsa.EdDSAPrivateKey import net.i2p.crypto.eddsa.EdDSAPrivateKey
import org.assertj.core.api.Assertions.assertThat import org.assertj.core.api.Assertions.assertThat
@ -570,4 +572,16 @@ class X509UtilitiesTest {
cert.checkValidity({ "Error text" }, { }, Date.from(today.toInstant() + 51.days)) cert.checkValidity({ "Error text" }, { }, Date.from(today.toInstant() + 51.days))
} }
} }
@Test(timeout = 300_000)
fun `check certificate serial number`() {
val keyPair = generateKeyPair()
val subject = X500Principal("CN=Test,O=R3 Ltd,L=London,C=GB")
val cert = X509Utilities.createSelfSignedCACertificate(subject, keyPair)
assertTrue(cert.serialNumber.signum() > 0)
assertEquals(127, cert.serialNumber.bitLength())
val serialized = X509Utilities.buildCertPath(cert).encoded
val deserialized = X509CertificateFactory().delegate.generateCertPath(serialized.inputStream()).x509Certificates.first()
assertEquals(cert.serialNumber, deserialized.serialNumber)
}
} }

View File

@ -2,7 +2,7 @@ package net.corda.nodeapi.internal.crypto
import net.corda.core.CordaOID import net.corda.core.CordaOID
import net.corda.core.crypto.Crypto import net.corda.core.crypto.Crypto
import net.corda.core.crypto.random63BitValue import net.corda.core.crypto.newSecureRandom
import net.corda.core.internal.* import net.corda.core.internal.*
import net.corda.core.utilities.days import net.corda.core.utilities.days
import net.corda.core.utilities.millis import net.corda.core.utilities.millis
@ -35,6 +35,8 @@ import java.time.Instant
import java.time.temporal.ChronoUnit import java.time.temporal.ChronoUnit
import java.util.* import java.util.*
import javax.security.auth.x500.X500Principal import javax.security.auth.x500.X500Principal
import kotlin.experimental.and
import kotlin.experimental.or
object X509Utilities { object X509Utilities {
// Note that this default value only applies to BCCryptoService. Other implementations of CryptoService may have to use different // Note that this default value only applies to BCCryptoService. Other implementations of CryptoService may have to use different
@ -58,6 +60,7 @@ object X509Utilities {
const val TLS_CERTIFICATE_DAYS_TO_EXPIRY_WARNING_THRESHOLD = 30 const val TLS_CERTIFICATE_DAYS_TO_EXPIRY_WARNING_THRESHOLD = 30
private const val KEY_ALIAS_REGEX = "[a-z0-9-]+" private const val KEY_ALIAS_REGEX = "[a-z0-9-]+"
private const val KEY_ALIAS_MAX_LENGTH = 100 private const val KEY_ALIAS_MAX_LENGTH = 100
private const val CERTIFICATE_SERIAL_NUMBER_LENGTH = 16
/** /**
* Checks if the provided key alias does not exceed maximum length and * Checks if the provided key alias does not exceed maximum length and
@ -184,7 +187,7 @@ object X509Utilities {
nameConstraints: NameConstraints? = null, nameConstraints: NameConstraints? = null,
crlDistPoint: String? = null, crlDistPoint: String? = null,
crlIssuer: X500Name? = null): X509v3CertificateBuilder { crlIssuer: X500Name? = null): X509v3CertificateBuilder {
val serial = BigInteger.valueOf(random63BitValue()) val serial = generateCertificateSerialNumber()
val keyPurposes = DERSequence(ASN1EncodableVector().apply { certificateType.purposes.forEach { add(it) } }) val keyPurposes = DERSequence(ASN1EncodableVector().apply { certificateType.purposes.forEach { add(it) } })
val subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(subjectPublicKey.encoded)) val subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(subjectPublicKey.encoded))
val role = certificateType.role val role = certificateType.role
@ -364,6 +367,15 @@ object X509Utilities {
builder.addExtension(Extension.cRLDistributionPoints, false, CRLDistPoint(arrayOf(distPoint))) builder.addExtension(Extension.cRLDistributionPoints, false, CRLDistPoint(arrayOf(distPoint)))
} }
} }
@Suppress("MagicNumber")
private fun generateCertificateSerialNumber(): BigInteger {
val bytes = ByteArray(CERTIFICATE_SERIAL_NUMBER_LENGTH)
newSecureRandom().nextBytes(bytes)
// Set highest byte to 01xxxxxx to ensure positive sign and constant bit length.
bytes[0] = bytes[0].and(0x3F).or(0x40)
return BigInteger(bytes)
}
} }
// Assuming cert type to role is 1:1 // Assuming cert type to role is 1:1

View File

@ -23,9 +23,9 @@ import org.junit.Before
import org.junit.Test import org.junit.Test
import org.junit.runner.RunWith import org.junit.runner.RunWith
import org.junit.runners.Parameterized import org.junit.runners.Parameterized
import java.sql.Connection
import java.sql.Statement import java.sql.Statement
import java.util.* import java.util.*
import javax.sql.DataSource
import kotlin.test.assertFailsWith import kotlin.test.assertFailsWith
/* /*
@ -34,7 +34,7 @@ import kotlin.test.assertFailsWith
*/ */
@RunWith(Parameterized::class) @RunWith(Parameterized::class)
class AuthDBTests : NodeBasedTest(cordappPackages = CORDAPPS) { class AuthDBTests : NodeBasedTest(cordappPackages = CORDAPPS) {
private lateinit var node: NodeWithInfo private var node: NodeWithInfo? = null
private lateinit var client: CordaRPCClient private lateinit var client: CordaRPCClient
private lateinit var db: UsersDB private lateinit var db: UsersDB
@ -97,9 +97,10 @@ class AuthDBTests : NodeBasedTest(cordappPackages = CORDAPPS) {
) )
) )
node = startNode(ALICE_NAME, rpcUsers = emptyList(), configOverrides = securityConfig) node = startNode(ALICE_NAME, rpcUsers = emptyList(), configOverrides = securityConfig).also { node ->
client = CordaRPCClient(node.node.configuration.rpcOptions.address) client = CordaRPCClient(node.node.configuration.rpcOptions.address)
} }
}
@Test(timeout=300_000) @Test(timeout=300_000)
fun `login with correct credentials`() { fun `login with correct credentials`() {
@ -219,6 +220,7 @@ class AuthDBTests : NodeBasedTest(cordappPackages = CORDAPPS) {
@After @After
fun tearDown() { fun tearDown() {
node?.node?.stop()
db.close() db.close()
} }
@ -232,7 +234,7 @@ private data class RoleAndPermissions(val role: String, val permissions: List<St
* Manage in-memory DB mocking a users database with the schema expected by Node's security manager * Manage in-memory DB mocking a users database with the schema expected by Node's security manager
*/ */
private class UsersDB(name: String, users: List<UserAndRoles> = emptyList(), roleAndPermissions: List<RoleAndPermissions> = emptyList()) : AutoCloseable { private class UsersDB(name: String, users: List<UserAndRoles> = emptyList(), roleAndPermissions: List<RoleAndPermissions> = emptyList()) : AutoCloseable {
val jdbcUrl = "jdbc:h2:mem:$name;DB_CLOSE_DELAY=-1" val jdbcUrl = "jdbc:h2:mem:$name"
companion object { companion object {
const val DB_CREATE_SCHEMA = """ const val DB_CREATE_SCHEMA = """
@ -273,36 +275,34 @@ private class UsersDB(name: String, users: List<UserAndRoles> = emptyList(), rol
} }
} }
private val dataSource: DataSource private val connection: Connection
private inline fun session(statement: (Statement) -> Unit) { private inline fun session(statement: (Statement) -> Unit) {
dataSource.connection.use { connection.createStatement().use(statement)
it.autoCommit = false connection.commit()
it.createStatement().use(statement)
it.commit()
}
} }
init { init {
dataSource = DataSourceFactory.createDataSource(Properties().apply { require(users.map { it.username }.toSet().size == users.size) {
"Duplicate username in input"
}
connection = DataSourceFactory.createDataSource(Properties().apply {
put("dataSourceClassName", "org.h2.jdbcx.JdbcDataSource") put("dataSourceClassName", "org.h2.jdbcx.JdbcDataSource")
put("dataSource.url", jdbcUrl) put("dataSource.url", jdbcUrl)
}, false) }, false)
.connection
.apply {
autoCommit = false
}
session { session {
it.execute(DB_CREATE_SCHEMA) it.execute(DB_CREATE_SCHEMA)
} }
require(users.map { it.username }.toSet().size == users.size) {
"Duplicate username in input"
}
users.forEach { insert(it) } users.forEach { insert(it) }
roleAndPermissions.forEach { insert(it) } roleAndPermissions.forEach { insert(it) }
} }
override fun close() { override fun close() {
dataSource.connection.use { // Close the connection, at which point the database will shut down
it.createStatement().use { connection.close()
it.execute("DROP ALL OBJECTS")
}
}
} }
} }

View File

@ -22,6 +22,7 @@ import net.corda.testing.driver.driver
import net.corda.testing.node.User import net.corda.testing.node.User
import net.corda.testing.node.internal.DUMMY_CONTRACTS_CORDAPP import net.corda.testing.node.internal.DUMMY_CONTRACTS_CORDAPP
import net.corda.testing.node.internal.enclosedCordapp import net.corda.testing.node.internal.enclosedCordapp
import org.junit.Ignore
import org.junit.Test import org.junit.Test
import kotlin.test.assertEquals import kotlin.test.assertEquals
@ -29,6 +30,7 @@ import kotlin.test.assertEquals
* Check that we can add lots of large attachments to a transaction and that it works OK, e.g. does not hit the * Check that we can add lots of large attachments to a transaction and that it works OK, e.g. does not hit the
* transaction size limit (which should only consider the hashes). * transaction size limit (which should only consider the hashes).
*/ */
@Ignore("ENT-5679: This test triggers OOM errors")
class LargeTransactionsTest { class LargeTransactionsTest {
private companion object { private companion object {
val BOB = TestIdentity(BOB_NAME, 80).party val BOB = TestIdentity(BOB_NAME, 80).party

View File

@ -52,6 +52,7 @@ import kotlin.test.assertTrue
class VaultObserverExceptionTest { class VaultObserverExceptionTest {
companion object { companion object {
val waitForFlowDuration = 45.seconds
val log = contextLogger() val log = contextLogger()
private fun testCordapps() = listOf( private fun testCordapps() = listOf(
@ -99,7 +100,7 @@ class VaultObserverExceptionTest {
"Syntax Error in Custom SQL", "Syntax Error in Custom SQL",
CreateStateFlow.errorTargetsToNum(CreateStateFlow.ErrorTarget.ServiceSqlSyntaxError) CreateStateFlow.errorTargetsToNum(CreateStateFlow.ErrorTarget.ServiceSqlSyntaxError)
).returnValue.then { testControlFuture.complete(false) } ).returnValue.then { testControlFuture.complete(false) }
val foundExpectedException = testControlFuture.getOrThrow(30.seconds) val foundExpectedException = testControlFuture.getOrThrow(waitForFlowDuration)
Assert.assertTrue(foundExpectedException) Assert.assertTrue(foundExpectedException)
} }
@ -133,7 +134,7 @@ class VaultObserverExceptionTest {
"Syntax Error in Custom SQL", "Syntax Error in Custom SQL",
CreateStateFlow.errorTargetsToNum(CreateStateFlow.ErrorTarget.ServiceSqlSyntaxError) CreateStateFlow.errorTargetsToNum(CreateStateFlow.ErrorTarget.ServiceSqlSyntaxError)
).returnValue.then { testControlFuture.complete(false) } ).returnValue.then { testControlFuture.complete(false) }
val foundExpectedException = testControlFuture.getOrThrow(30.seconds) val foundExpectedException = testControlFuture.getOrThrow(waitForFlowDuration)
Assert.assertTrue(foundExpectedException) Assert.assertTrue(foundExpectedException)
} }
@ -224,7 +225,7 @@ class VaultObserverExceptionTest {
assertFailsWith<TimeoutException>("PersistenceException") { assertFailsWith<TimeoutException>("PersistenceException") {
aliceNode.rpc.startFlow(CreateStateFlow::Initiator, "EntityManager", errorTargetsToNum( aliceNode.rpc.startFlow(CreateStateFlow::Initiator, "EntityManager", errorTargetsToNum(
CreateStateFlow.ErrorTarget.TxInvalidState)) CreateStateFlow.ErrorTarget.TxInvalidState))
.returnValue.getOrThrow(30.seconds) .returnValue.getOrThrow(waitForFlowDuration)
} }
} }
Assert.assertTrue("Flow has not been to hospital", counter > 0) Assert.assertTrue("Flow has not been to hospital", counter > 0)
@ -260,7 +261,7 @@ class VaultObserverExceptionTest {
CreateStateFlow.ErrorTarget.TxInvalidState, CreateStateFlow.ErrorTarget.TxInvalidState,
CreateStateFlow.ErrorTarget.FlowSwallowErrors)) CreateStateFlow.ErrorTarget.FlowSwallowErrors))
val flowResult = flowHandle.returnValue val flowResult = flowHandle.returnValue
assertFailsWith<TimeoutException>("PersistenceException") { flowResult.getOrThrow(30.seconds) } assertFailsWith<TimeoutException>("PersistenceException") { flowResult.getOrThrow(waitForFlowDuration) }
Assert.assertTrue("Flow has not been to hospital", counter > 0) Assert.assertTrue("Flow has not been to hospital", counter > 0)
} }
} }
@ -291,7 +292,7 @@ class VaultObserverExceptionTest {
log.info("Flow has finished") log.info("Flow has finished")
testControlFuture.set(false) testControlFuture.set(false)
} }
Assert.assertTrue("Flow has not been kept in hospital", testControlFuture.getOrThrow(30.seconds)) Assert.assertTrue("Flow has not been kept in hospital", testControlFuture.getOrThrow(waitForFlowDuration))
} }
} }
@ -310,7 +311,7 @@ class VaultObserverExceptionTest {
CreateStateFlow.ErrorTarget.ServiceSqlSyntaxError, CreateStateFlow.ErrorTarget.ServiceSqlSyntaxError,
CreateStateFlow.ErrorTarget.ServiceSwallowErrors)) CreateStateFlow.ErrorTarget.ServiceSwallowErrors))
val flowResult = flowHandle.returnValue val flowResult = flowHandle.returnValue
flowResult.getOrThrow(30.seconds) flowResult.getOrThrow(waitForFlowDuration)
} }
} }
@ -411,7 +412,7 @@ class VaultObserverExceptionTest {
testControlFuture.complete(true) testControlFuture.complete(true)
} }
startNode(providedName = ALICE_NAME, rpcUsers = listOf(aliceUser), startInSameProcess = true).getOrThrow() startNode(providedName = ALICE_NAME, rpcUsers = listOf(aliceUser), startInSameProcess = true).getOrThrow()
assert(testControlFuture.getOrThrow(30.seconds)) assert(testControlFuture.getOrThrow(waitForFlowDuration))
} else { } else {
throw IllegalStateException("Out of process node is still up and running!") throw IllegalStateException("Out of process node is still up and running!")
} }
@ -464,7 +465,7 @@ class VaultObserverExceptionTest {
CreateStateFlow::Initiator, CreateStateFlow::Initiator,
"AllGood", "AllGood",
errorTargetsToNum(CreateStateFlow.ErrorTarget.ServiceSqlSyntaxErrorOnConsumed) errorTargetsToNum(CreateStateFlow.ErrorTarget.ServiceSqlSyntaxErrorOnConsumed)
).returnValue.getOrThrow(30.seconds) ).returnValue.getOrThrow(waitForFlowDuration)
println("Created new state") println("Created new state")
@ -558,7 +559,7 @@ class VaultObserverExceptionTest {
"AllGood", "AllGood",
// should be a hospital exception // should be a hospital exception
errorTargetsToNum(CreateStateFlow.ErrorTarget.ServiceSqlSyntaxErrorOnConsumed) errorTargetsToNum(CreateStateFlow.ErrorTarget.ServiceSqlSyntaxErrorOnConsumed)
).returnValue.getOrThrow(30.seconds) ).returnValue.getOrThrow(waitForFlowDuration)
val flowHandle = aliceNode.rpc.startFlow( val flowHandle = aliceNode.rpc.startFlow(
SendStateFlow::PassErroneousOwnableState, SendStateFlow::PassErroneousOwnableState,
@ -642,7 +643,7 @@ class VaultObserverExceptionTest {
CreateStateFlow::Initiator, CreateStateFlow::Initiator,
"AllGood", "AllGood",
errorTargetsToNum(CreateStateFlow.ErrorTarget.NoError) errorTargetsToNum(CreateStateFlow.ErrorTarget.NoError)
).returnValue.getOrThrow(30.seconds) ).returnValue.getOrThrow(waitForFlowDuration)
aliceNode.rpc.startFlow( aliceNode.rpc.startFlow(
SendStateFlow::PassErroneousOwnableState, SendStateFlow::PassErroneousOwnableState,
@ -722,7 +723,7 @@ class VaultObserverExceptionTest {
CreateStateFlow::Initiator, CreateStateFlow::Initiator,
"AllGood", "AllGood",
errorTargetsToNum(CreateStateFlow.ErrorTarget.ServiceSqlSyntaxErrorOnConsumed) errorTargetsToNum(CreateStateFlow.ErrorTarget.ServiceSqlSyntaxErrorOnConsumed)
).returnValue.getOrThrow(30.seconds) ).returnValue.getOrThrow(waitForFlowDuration)
val flowHandle = aliceNode.rpc.startFlow( val flowHandle = aliceNode.rpc.startFlow(
SendStateFlow::PassErroneousOwnableState, SendStateFlow::PassErroneousOwnableState,
@ -777,7 +778,7 @@ class VaultObserverExceptionTest {
"Flow ${SubscribingRawUpdatesFlow::class.java.name} tried to access VaultService.rawUpdates " + "Flow ${SubscribingRawUpdatesFlow::class.java.name} tried to access VaultService.rawUpdates " +
"- Rx.Observables should only be accessed outside the context of a flow " "- Rx.Observables should only be accessed outside the context of a flow "
) { ) {
flowHandle.returnValue.getOrThrow(30.seconds) flowHandle.returnValue.getOrThrow(waitForFlowDuration)
} }
} }
} }