From 130b1d9325e23f67de47097cf14a716ae03559f8 Mon Sep 17 00:00:00 2001 From: Rick Parker Date: Fri, 6 Apr 2018 10:28:51 +0100 Subject: [PATCH] =?UTF-8?q?CORDA-1303=20Regression:=20Recording=20a=20dupl?= =?UTF-8?q?icate=20transaction=20attempts=20sec=E2=80=A6=20(#2935)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * CORDA-1303 Regression: Recording a duplicate transaction attempts second insert to vault. Added unit test, and merged mock and real logic. --- .../node/services/api/ServiceHubInternal.kt | 104 ++++++++++-------- .../services/vault/NodeVaultServiceTest.kt | 12 ++ .../net/corda/testing/node/MockServices.kt | 32 ++++-- 3 files changed, 90 insertions(+), 58 deletions(-) diff --git a/node/src/main/kotlin/net/corda/node/services/api/ServiceHubInternal.kt b/node/src/main/kotlin/net/corda/node/services/api/ServiceHubInternal.kt index 36374f80c9..94bca7dd04 100644 --- a/node/src/main/kotlin/net/corda/node/services/api/ServiceHubInternal.kt +++ b/node/src/main/kotlin/net/corda/node/services/api/ServiceHubInternal.kt @@ -47,6 +47,61 @@ interface NetworkMapCacheBaseInternal : NetworkMapCacheBase { interface ServiceHubInternal : ServiceHub { companion object { private val log = contextLogger() + + fun recordTransactions(statesToRecord: StatesToRecord, txs: Iterable, + validatedTransactions: WritableTransactionStorage, + stateMachineRecordedTransactionMapping: StateMachineRecordedTransactionMappingStorage, + vaultService: VaultServiceInternal) { + + require(txs.any()) { "No transactions passed in for recording" } + val recordedTransactions = txs.filter { validatedTransactions.addTransaction(it) } + val stateMachineRunId = FlowStateMachineImpl.currentStateMachine()?.id + if (stateMachineRunId != null) { + recordedTransactions.forEach { + stateMachineRecordedTransactionMapping.addMapping(stateMachineRunId, it.id) + } + } else { + log.warn("Transactions recorded from outside of a state machine") + } + + if (statesToRecord != StatesToRecord.NONE) { + // When the user has requested StatesToRecord.ALL we may end up recording and relationally mapping states + // that do not involve us and that we cannot sign for. This will break coin selection and thus a warning + // is present in the documentation for this feature (see the "Observer nodes" tutorial on docs.corda.net). + // + // The reason for this is three-fold: + // + // 1) We are putting in place the observer mode feature relatively quickly to meet specific customer + // launch target dates. + // + // 2) The right design for vaults which mix observations and relevant states isn't entirely clear yet. + // + // 3) If we get the design wrong it could create security problems and business confusions. + // + // Back in the bitcoinj days I did add support for "watching addresses" to the wallet code, which is the + // Bitcoin equivalent of observer nodes: + // + // https://bitcoinj.github.io/working-with-the-wallet#watching-wallets + // + // The ability to have a wallet containing both irrelevant and relevant states complicated everything quite + // dramatically, even methods as basic as the getBalance() API which required additional modes to let you + // query "balance I can spend" vs "balance I am observing". In the end it might have been better to just + // require the user to create an entirely separate wallet for observing with. + // + // In Corda we don't support a single node having multiple vaults (at the time of writing), and it's not + // clear that's the right way to go: perhaps adding an "origin" column to the VAULT_STATES table is a better + // solution. Then you could select subsets of states depending on where the report came from. + // + // The risk of doing this is that apps/developers may use 'canned SQL queries' not written by us that forget + // to add a WHERE clause for the origin column. Those queries will seem to work most of the time until + // they're run on an observer node and mix in irrelevant data. In the worst case this may result in + // erroneous data being reported to the user, which could cause security problems. + // + // Because the primary use case for recording irrelevant states is observer/regulator nodes, who are unlikely + // to make writes to the ledger very often or at all, we choose to punt this issue for the time being. + vaultService.notifyAll(statesToRecord, recordedTransactions.map { it.coreTransaction }) + } + } } override val vaultService: VaultServiceInternal @@ -69,54 +124,7 @@ interface ServiceHubInternal : ServiceHub { val networkMapUpdater: NetworkMapUpdater override val cordappProvider: CordappProviderInternal override fun recordTransactions(statesToRecord: StatesToRecord, txs: Iterable) { - require(txs.any()) { "No transactions passed in for recording" } - val recordedTransactions = txs.filter { validatedTransactions.addTransaction(it) } - val stateMachineRunId = FlowStateMachineImpl.currentStateMachine()?.id - if (stateMachineRunId != null) { - recordedTransactions.forEach { - stateMachineRecordedTransactionMapping.addMapping(stateMachineRunId, it.id) - } - } else { - log.warn("Transactions recorded from outside of a state machine") - } - - if (statesToRecord != StatesToRecord.NONE) { - // When the user has requested StatesToRecord.ALL we may end up recording and relationally mapping states - // that do not involve us and that we cannot sign for. This will break coin selection and thus a warning - // is present in the documentation for this feature (see the "Observer nodes" tutorial on docs.corda.net). - // - // The reason for this is three-fold: - // - // 1) We are putting in place the observer mode feature relatively quickly to meet specific customer - // launch target dates. - // - // 2) The right design for vaults which mix observations and relevant states isn't entirely clear yet. - // - // 3) If we get the design wrong it could create security problems and business confusions. - // - // Back in the bitcoinj days I did add support for "watching addresses" to the wallet code, which is the - // Bitcoin equivalent of observer nodes: - // - // https://bitcoinj.github.io/working-with-the-wallet#watching-wallets - // - // The ability to have a wallet containing both irrelevant and relevant states complicated everything quite - // dramatically, even methods as basic as the getBalance() API which required additional modes to let you - // query "balance I can spend" vs "balance I am observing". In the end it might have been better to just - // require the user to create an entirely separate wallet for observing with. - // - // In Corda we don't support a single node having multiple vaults (at the time of writing), and it's not - // clear that's the right way to go: perhaps adding an "origin" column to the VAULT_STATES table is a better - // solution. Then you could select subsets of states depending on where the report came from. - // - // The risk of doing this is that apps/developers may use 'canned SQL queries' not written by us that forget - // to add a WHERE clause for the origin column. Those queries will seem to work most of the time until - // they're run on an observer node and mix in irrelevant data. In the worst case this may result in - // erroneous data being reported to the user, which could cause security problems. - // - // Because the primary use case for recording irrelevant states is observer/regulator nodes, who are unlikely - // to make writes to the ledger very often or at all, we choose to punt this issue for the time being. - vaultService.notifyAll(statesToRecord, txs.map { it.coreTransaction }) - } + recordTransactions(statesToRecord, txs, validatedTransactions, stateMachineRecordedTransactionMapping, vaultService) } fun getFlowFactory(initiatingFlowClass: Class>): InitiatedFlowFactory<*>? diff --git a/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt b/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt index 0c513aea82..bd1904efc2 100644 --- a/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt +++ b/node/src/test/kotlin/net/corda/node/services/vault/NodeVaultServiceTest.kt @@ -130,6 +130,18 @@ class NodeVaultServiceTest { return tryLockFungibleStatesForSpending(lockId, baseCriteria, amount, Cash.State::class.java) } + @Test + fun `duplicate insert of transaction does not fail`() { + database.transaction { + val cash = Cash() + val howMuch = 100.DOLLARS + val issuance = TransactionBuilder(null as Party?) + cash.generateIssue(issuance, Amount(howMuch.quantity, Issued(DUMMY_CASH_ISSUER, howMuch.token)), services.myInfo.singleIdentity(), dummyNotary.party) + val transaction = issuerServices.signInitialTransaction(issuance, DUMMY_CASH_ISSUER.party.owningKey) + services.recordTransactions(transaction) + services.recordTransactions(transaction) + } + } @Test fun `states not local to instance`() { diff --git a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt index 7a2e3cba34..e684be9b02 100644 --- a/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt +++ b/testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt @@ -2,28 +2,26 @@ package net.corda.testing.node import com.google.common.collect.MutableClassToInstanceMap import net.corda.core.contracts.ContractClassName -import net.corda.core.contracts.ContractState -import net.corda.core.contracts.StateAndRef import net.corda.core.contracts.StateRef import net.corda.core.cordapp.CordappProvider -import net.corda.core.crypto.* +import net.corda.core.crypto.SecureHash import net.corda.core.flows.FlowLogic +import net.corda.core.flows.StateMachineRunId import net.corda.core.identity.CordaX500Name import net.corda.core.identity.PartyAndCertificate +import net.corda.core.messaging.DataFeed import net.corda.core.messaging.FlowHandle import net.corda.core.messaging.FlowProgressHandle +import net.corda.core.messaging.StateMachineTransactionMapping import net.corda.core.node.* import net.corda.core.node.services.* import net.corda.core.serialization.SerializeAsToken import net.corda.core.transactions.SignedTransaction import net.corda.core.utilities.NetworkHostAndPort -import net.corda.node.VersionInfo import net.corda.node.internal.ServicesForResolutionImpl import net.corda.node.internal.configureDatabase import net.corda.node.internal.cordapp.CordappLoader -import net.corda.node.services.api.SchemaService -import net.corda.node.services.api.VaultServiceInternal -import net.corda.node.services.api.WritableTransactionStorage +import net.corda.node.services.api.* import net.corda.node.services.identity.InMemoryIdentityService import net.corda.node.services.schema.HibernateObserver import net.corda.node.services.schema.NodeSchemaService @@ -108,9 +106,10 @@ open class MockServices private constructor( override val vaultService: VaultService = makeVaultService(database.hibernateConfig, schemaService) override fun recordTransactions(statesToRecord: StatesToRecord, txs: Iterable) { - super.recordTransactions(statesToRecord, txs) - // Refactored to use notifyAll() as we have no other unit test for that method with multiple transactions. - (vaultService as VaultServiceInternal).notifyAll(statesToRecord, txs.map { it.coreTransaction }) + ServiceHubInternal.recordTransactions(statesToRecord, txs, + validatedTransactions as WritableTransactionStorage, + mockStateMachineRecordedTransactionMappingStorage, + vaultService as VaultServiceInternal) } override fun jdbcSession(): Connection = database.createSession() @@ -126,6 +125,19 @@ open class MockServices private constructor( // compiler and then the c'tor itself. return Throwable().stackTrace[3].className.split('.').dropLast(1).joinToString(".") } + + // Because Kotlin is dumb and makes not publicly visible objects public, thus changing the public API. + private val mockStateMachineRecordedTransactionMappingStorage = MockStateMachineRecordedTransactionMappingStorage() + } + + private class MockStateMachineRecordedTransactionMappingStorage : StateMachineRecordedTransactionMappingStorage { + override fun addMapping(stateMachineRunId: StateMachineRunId, transactionId: SecureHash) { + throw UnsupportedOperationException() + } + + override fun track(): DataFeed, StateMachineTransactionMapping> { + throw UnsupportedOperationException() + } } private constructor(cordappLoader: CordappLoader, identityService: IdentityService, networkParameters: NetworkParameters,