Force certificate keys into a well known key format before comparing during path validation.
This works around Sun's X509Key class appearing in certificates, which is incomparable to other
key types (i.e. EdDSAKey).
* The fancy classloader setup in Cordform.loadCordformDefinition is defeated by certificates in 2 ways
** Class cast when creating a cert (via TestConstants) in a CordformDefinition
** Some issue when persisting a cert in ServiceIdentityGenerator
* This PR is a quickfix to get the demos working again
* Proper fix (not this PR) is to work out why it's not enough for eddsa to be in the project runtime classpath - if it can be removed from the gradle environment that ought to properly fix the above problems
Use the certificate factory directly to build paths rather than assembling them via an interim
API call. After reducing the complexity of the utility API, it's replacing two lines of code,
at which point it seems better to make the behaviour clearer rather than having a function
hide what's actually going on.
* Unify certificate path validation in identity service
* Ensure we won't accept trust root or intermediaries as owner of a transaction certificate
* Fix subject key parsing
Add extremely rough DER format encoding for CompositeKey so that they can be used in X.509 certificates,
and switch service identity generator to using the proper identity cert for signing.
* Fix BFT config that only worked with clusters of size 4
* Shutdown BFT properly so that tests can run back to back in theory
* Wait for initial connection between client and all replicas before touching it
* Add test for non-trivial BFT cluster
* Shutdown NodeBasedTest nodes in parallel, as BFT shutdown time is non-trivial
* Overlapping ports check no longer assumes all on localhost
* Fix overlapping ports test to actually check the messages
* Correct path composition in identity service tests
* Correct identity service certificate path verification to handle the owning certificate being anywhere in the path, rather than expecting it to be trust root
Correct construction of anonymous parties to use the first certificate (the target)
rather than the last (the trust root). Worked because early tests used single certificate
paths, but later work introducing multi-certificate paths reveal it's rather broken.
* Added throttling to the load test tool.
* Added stability test to the tool.
* Some refactoring to allow some configuration via vm option.
* updated doc.
* gradle now passes system parameter to load test.
* using Guava's RateLimiter instead of execute at fix rate.
* Remove unused type param
* If we drop Runnable we can use conciser syntax
* Sometimes we need the fully-fledged object, so retire separate handle class
* Implement IntelliJ suggestion
Deterministic Key Derivation for ECDSA R1/K1 and EdDSA
* DKG description and comments
* Removing a (confusing) not-required comma in comments.
* rename deterministic and generate to derive
Matching can be done with case insensitive substrings in the identity service, RPC and shell. In future cleverer matching should be possible, e.g. using Lucene or RDBMS free text search features.