Introduced DigitalSignatureWithCert and SignedDataWithCert as internal APIs, with the expectation that they will become public; renamed the network parameters end-point to network-parameters; updated the network-map.rst doc; and did some refactoring.
* Raft notaries can share a single key pair for the service identity (in contrast to a shared composite public key, and individual signing key pairs). This allows adjusting the cluster size on the fly.
Using the --just-generate-node-info flag for the notary nodes so that their identities can be submitted to the network map server, which does the network parameters generation.
With network parameters the CN is no longer needed to identify notaries. This frees it up to be used in the node's name alongside the other attributes.
Also, the identity generation logic has been simplified, removing the need to have magic string values for storing distributed identities in the keystore. Now there are just two alias prefixes: "identity" as it was previously, and "distributed-notary".
Copying of the node-info files moved out of Cordform and into NetworkParametersGenerator (which is now called NetworkBootstrapper). This class becomes an external tool to enable deployment of nodes in a test setup on a single filesystem.
* * Document TestIdentity entropy and enforce that it actually works
* Ledger/transaction DSL default notary with fresh key
* MockServices default identity with fresh key
* makeTestIdentityService now takes vararg
* Require cordappPackages for MockServices
* DSL automatic serialization init
* Improve error when two MockNetworks used
* * Make cordappPackages required by MockNetwork
* Default identity service in MockServices
* Make notarySpecs Java-friendly
* Able to send hand coded messages to an Artemis node inbox
Get startup race condition fixed. Start cleanup work.
Fixup after rebase
Remove SASL hack for now
Minor tweaks. Enable AMQP mode manually.
Add configuration control
Slight clean up
Stop timeouts that don't work with AMQP
Rename class
Get TLS constants from :node-api
Primitive integration test
Put back commented line
Session per bridge to alow rollback on remote rejects.
Add more tests and handle multiple IP adddresses
Reduce logging
Fixup after rebase
Add a test to verify the remote end AMQP rejection logic works and does cause message replay.
Allow Artemis to duplicate after session rollback
Reduce number of threads
Move legacy bridge related code over to CoreBridgeManager
Shared threadpool for bridges
Add a test to confirm that no side effects when using a shared thread pool.
Address PR comments and remove dead lines
Rebase and add some comments
Remove a couple of blank lines
Ensure AMQP bridges are used in tests
Fixup after removal of testNodeConfiguration
Add a couple of doc comments
Add a couple of doc comments
Make things internal and use CordaFuture
Address some PR comments
Change comment type
* Use Artemis 2.2 to fix AMQP problems. Add explicit test of legacy core bridges, as marking the factory class private had silently broken them.
* Fix change due to using Artemis 2.2
* Take maximum message size from network parameters
* Add epoch handling
* Add handling of network parameters mismatch
Change NetworkMapClient and updater, add handle in
AbstractNode that results in node shutdown on parameters mismatch. Later
on we should implement proper handling of parameters updates.
Add tests of NetworkParameters wiring.
When node starts with compatibilityZone url configured it takes
networkParameters from the networkMap.
* Permit only one network parameters file
On node startup network parameters are read from node's base directory,
we permit only zero or one files to be there. If network map server is
configured the parameters can be downloaded at startup (if not present
in the directory already).
* Update docs on network map endpoints
* Add support for external data source of access control data (RPC/Shell users credential and permissions), with optional in-memory caching.
* Support password encoded with Apache Shiro fully reversible Modular Crypt Format.
* Introduce 'security' field in Node configuration and related docsite page.
* JMX Jolokia instrumentation WIP (driverDSL, webserver, cordformation, hibernate statistics, access policy config file hardening)
* Cordformation changes to support jolokia agent instrumentation at JVM startup.
* Minor updates to reflect usage of Jolokia 1.3.7 (which uses slightly different .war naming)
* Use relative path reference in -javaagent to prevent problem with long path names with spaces.
* Fixed incorrect regex pattern and added assertion to test.
* Enable JMX monitoring.
* Reporting of Hibernate JMX statistics is configurable (by default, only switched on in devMode)
* Make Artemis JMX enablement configurable.
* Re-instate banning of java serialization.
* Improve JUnit.
* Fixes following rebase from master.
* Re-instated correct regex for picking up Jolokia agent jar.
* Fixed broken integration test.
* Updated documentation
* Updated following PR review feedback.
* Fixed compilation error caused by change in DriverDSL argument type.
* Fixed compilation error caused by change in DriverDSL argument type.
* Fail fast if jolokia-agent-jvm.jar is not located.
* Applied changes in cordformation following review feedback from CA.
* Remove MockServices.stateMachineRecordedTransactionMapping which does nothing
* Inline StateLoaderImpl
* Remove unused MockServices
* MockServices well-known identities not needed in a place
* A few things don't need a full-blown ServiceHub
* Generate networkParameteres for Cordformation.
Fix deployNodes task in Cordformation to generate NetworkParameters before running the nodes.
Add TestNetworkParametersGenerator utility loaded after node infos generation step.
* Get rid of bouncy castle provider dependency
For cordform-common. It caused problems with loading our custom
X509EdDSAEngine for generation of network parameters in deployNodes
task.
* new network map object for network map, and verify signature and root in Signed network map and node info
* fixup after rebase
* * added certificate and key to network map server
* move DigitalSignature.WithCert back to NetworkMap.kt, as its breaking API test, will raise another PR to move it back.
* Make DigitalSignature.WithCert not extend WithKey, as per PR discussion.
* various fixes after rebase.
* move Network map back to core/node, as its breaking API test
* revert unintended changes
* move network map objects to node-api
1. The runRPCCashIssue and runWebCashIssue gradle tasks didn't work because they were using the wrong ports
2. Notary lookup was failing because the lookup name didn't include the correct CN for the notary name (this slipped through when reverting the network parameters)
The ports change occurred in #1922 which was attempting the fix the runIssuer gradle task. This is actually a misleading and redundant task as all it does is start up the nodes, which is what the documented deployNodes already does. The ports runIssuer allocated to the nodes were different to the ones specified in deployNodes.
To make sure we have integration tests which closely match deployNodes, the BoC demo has been updated to make use of CordformDefinition. This keeps the node definitions in one place, removing the need to have disparate files in sync. runIssuer has been removed.
* make node info file copying optional by setting "compatabilityZoneURL" in driver
integration test for node using http network map using driver
some bug fixes
* rebase to feature branch and fixup
* add initialRegistration flag to driver
* remove useFileBaseNetworkMap flag, add network map server to DriverTest
* remove useFileBaseNetworkMap flag, add network map server to DriverTest
* use PortAllocation.Incremental instead of random
* * use PortAllocation.Incremental instead of random
* fix NodeInfoWatcher thread leak issue
* reset scheduler before create notary
* move port allocation out of companion object
* move port allocation out of companion object
* make node info file copier lateinit to avoid observable thread pool get created on init
* Revert "CORDA-296: added rpc that returns an observable for node state (#2004)"
This reverts commit 7d1f7ab
* Revert "CORDA-296: added rpc that returns an observable for node state (#2004)"
This reverts commit 7d1f7ab
Previously when de-anonymising a Party instance, the name of the Party was used rather than
the key, meaning a Party could be constructed with a random nonsense key and any name, and be treated as corresponding to the well known identity. This is not a security hole in itself as
in any real scenario a party shouldn't be trusted without having been registered, it creates
a significant risk of a security hole depending on how trusted the anonymous identity is, and
the returned identity is considered.
* Clean up identities in CashTests so that the mini/mega corp keys and identities are correctly
paired together throughout. Previously `miniCorpServices` presented the same key as the
MegaCorp identity, but with the name Mini Corp attached.
* Correct key/name matches in VaultWithCashTest
* Split services in CashTests to not have multiple identities per service hub
The motivation for this came with the recent change that a default notary is started by the driver, which if ignored will leak the notary process.
Also, waitForAllNodesToFinish() has been replaced by a driver parameter.
* Network map cache using Network map client instead of artemis. -- WIP
* fix up after rebase
* address PR issues, split network map update test, added todos to remove sleeps
* move jimfs and baseDir to field variable
* CORDA-296: added rpc that returns an observable for node state; used to let rpc clients know that the know is about to shut down
* replaced node shut down observation String with enum
* Extracted out ShutdownManager into its own file
* Moved RPCDriver and ProcessUtilities into internal package
* Made n.c.testing.performance package internal
network-parameters file read in by the node at startup, of which only the list of notaries is used. For now, the driver and MockNetwork have been updated to require notaries to be started first. This is so that the same set of network parameters can be defined for all the nodes.
CN in the legal name is not longer disallowed since it's no longer reserved for distributed notary names.
Single-node notaries now only have one identity, their main identity. Nodes part of a cluster continue to have two.
(Based off Kasia's work)
* [CORDA-446] Clean up other mentions of network map node and logic
* Rename AbstractNetworkMapService to NetworkMapService and remove the empty NetworkMapService
* fix build
* fix artemismessaging tests
* pr comments
Please see Jira for background info.
The change should help all the Windows developers.
Closer examination shows that in the command line we include the classpath of size ~20,000 characters twice.
Once with `-cp` option - which is fine and second time with `-Djava.class.path=` - the latter is completely unnecessary and can be eliminated shortening the command length dramatically to around: 24,000 characters which should give us some leg room for further expanding the classpath.
approach which assumes a dedicated node for observers: states that are
reported to the node will appear in the database and update feeds as
normal. Apps that expect all updates to be relevant to themselves may
need adjusting if they run on an observer node too, but this is likely
to be rare.
* [CORDA-442] make MockNetwork not start a networkmap node
Now MockNetwork will put the appropriate NodeInfos inside each running node networkMapCache.
Tests relating to networkmap node starting and interaction have been removed since they where relaying on MockNetwork
* Fix-up: Bank Of Corda sample
Use correct CorDapp packages to scan
(cherry picked from commit 2caa134)
* Set adequate permissions for the nodes such that NodeExplorer can connect
(cherry picked from commit ae88242)
* Set adequate permissions for the nodes such that NodeExplorer can connect
(cherry picked from commit ae88242)
* Correct run configuration
* Fix-up port numbers
* [CORDA-442] let Driver run without network map
- Nodes started by driver run without a networkMapNode.
- Driver does not take a networkMapStartStrategy anymore
- a new parameter in the configuration "noNetworkMapServiceMode" allows for a node not to be a networkMapNode nor to connect to one.
- Driver now waits for each node to write its own NodeInfo file to disk and then copies it into each other node.
- When driver starts a node N, it waits for every node to be have N nodes in their network map.
Note: the code to copy around the NodeInfo files was already in DemoBench, the NodeInfoFilesCopier class was just moved from DemoBench into core (I'm very open to core not being the best place, please advise)
* Attempting to make VerifierTests more stable
Main point: Alice node will always be faster to locate Alice by name than NotaryNode. Especially given that it may take some time
for Alice node to get reflected on the Notary's NetworkMap.
Also additional logging which might be helpful during debug and IntelliJ changed project structure reflection.
* Introduce a way for nodes to reliably learn about each other existence in the NetworkMap
Plus minor refactoring of the Driver code.
Rework identity usage in tests to extract identity from nodes by name, rather than just arbitrarily choosing the first identity. This better models the intended design for production (future work).
* MockNode rename overrideServices to notaryIdentity
Permit only one override of service.
* MockNetwork: force creation of NetworkMapNode
Tests cleanup: decouple normal nodes and network map. NetworkMap node is created as first.
* Rename and move CordaPluginRegistry to reflect its real purpose now.
* Docs: docsite improvements
* Remove discussion of webserver from 'writing a cordapp' page.
* Fixup some flow docs.
* Add a couple more package descriptions.
* Review comments - always apply default whitelist and no longer load it via ServiceLoader
* Added wording about renaming services resource file
Handle PR comments
Add nicer constructors to CordaException and CordaRuntimeException
(cherry picked from commit 89478c8)
Fix ambiguous defaulted constructor
(cherry picked from commit ec9bafe)
Address PR comment
Update a few more custom exceptions
Replace use of `createSomeNodes()` with creating notary and party nodes individually. This typically results in less code as the basket of nodes isn't built first then the nodes, but instead the nodes generated directly. Notably this identified issues in notary change and contract upgrade tests, which were not actually using a validating notary and therefore it had been missed that the transactions were failing validation.
Renamed nodes in tests for consistency as well, so nodes are now `aliceNode`, `bobNode`, etc. instead of `a`, `b`, or `n0`, `n1`, or other variants of those.
during LedgerTransaction verification run the right logic based on whether
it contains the UpgradeCommand.
Move ContractUpgradeFlowTest away from createSomeNodes()
Remove assembleBareTx as it's not used
The current use of SSL RPC relies on access to the node's keystore file, and further to that some uses where using the NODE_USER to login on the p2p port.
* Contract constraints and attachment loading
Fix compiler warnings.
Fixed IdentitySyncFlowTests in confidential-identities.
Fixes.
Fix AttachmentClassLoaderTests.
Added a TODO.
Renamed cordapp service.
Fix compilation error in java code.
Fix RaftNotaryServiceTests
Fix AttachmentLoadingTest
Fix DistributedServiceTests and LargeTransactionTests.
Add cordapp packages to Verifier tests.
Refactor DummyContractBackdoor back out of internal package.
Resolve compiler warnings.
Consolidate excluding `isolated` project at top-level.
Fix contract attachment serialisation for remote verifier.
Fix integration tests for client:rpc.
Contract constraints and attachment loading
Fix compiler warnings.
Fixed IdentitySyncFlowTests in confidential-identities.
Fixes.
Fix AttachmentClassLoaderTests.
Added a TODO.
Renamed cordapp service.
Fix compilation error in java code.
Fix example compilation.
Fix RaftNotaryServiceTests
Fix AttachmentLoadingTest
Fix DistributedServiceTests and LargeTransactionTests.
Add cordapp packages to Verifier tests.
Refactor DummyContractBackdoor back out of internal package.
Resolve compiler warnings.
Consolidate excluding `isolated` project at top-level.
Fix integration tests for client:rpc.
Fixed issues with node driver and differing ZIPs.
Review changes.
Refactor GeneratedAttachment into node-api module.
Merge branch 'clint/hash-constraint' of https://github.com/corda/corda into clint/hash-constraint
Fixed compile error following rebase.
wip - test to check that app code isn't loaded from attachments sent over the wire.
Use Kotlin copyTo() rather than Apache's IOUtils.
Fixes
more fixes.
Removing unconstrained output.
More fixes.
Fixed another test.
Added missing plugin definition in net.corda.core.node.CordaPluginRegistry: net.corda.finance.contracts.isolated.IsolatedPlugin
Re-added missing magic string used in unit test.
Remove unused FlowSession variable.
* Review fixes.
* More review fixes.
* Moved Cordapp implementation to an internal package.
* More JVMOverloads.
* Fix notary demo, improve error messages, unduplicate some code.
* No need to map twice.
* Single quotes around X500 names.
* More specific naming.
* Remove extremely risky refactoring.
* Remove notaryIdentityKey from ServiceHub
It was redundant, as we have notary field on a transaction. Notaries can
use this field to check if the transaction was meant for them and then
use that information while choosing a key to sign a transaction.
* Move notaryIdentityKey to NotaryService
* Address comments
* Fixes after rebase
* * generate distributed service certificate properly in keystre instead of saving key in flat file when using `generateToDisk`
* move composite key loading hack to devSSL keystore generation process.
* fix and distributed service un-ignore test
* update comment to clarify the composite key certificate creation process.
* fixup after rebase
* Remove advertisedServices from NodeInfo.
Introduce notaryIdentities in NetworkMapCache, that will be filled in
later from NetworkParameters. Clean up NetworkMapCache API. Expose
notaryIdentities through RPC. For now we assume as temporary solution
that notaries in NetworkMap have to contain "notary" in name.
* Further clean up of NetworkMapCache API
Remve partyNodes. Introduce getAllNodeInfos function
* Remove notaryIdentity from ServiceHub
* Address Shams review comments
* Address Andrius review comments
* Add comments, cleanup
* Fixes
* Address comments
* Yet another commit with comments addressed
* Move ServiceType and ServiceInfo to node-api
Add changelog entry. Address rest of comments.
* Minor comments
Updated code base to make use of these instead of chooseIdentity(). Also improved the serialisation of fiber checkpoints so that it doesn't store the entire cert parth of this identity.
* Remove node's main identitiy from NodeInfo.
Preparation for getting rid of services + supporting multiple identities
on the node.
NodeInfo keeps multiple identities as a list. For now the first one is treated as a special one.
Introduced function chooseIdentity in CoreTestUtils as a preparation for proper handling of multiple identities in the future.
Remove legalIdentityKey from ServiceHub, add extension function - chooseIdentity on ServiceHub.
Add `me` field on FlowStateMachineImplemetation, flows should know what the calling identity is.
Remove SERVICES_PREFIX in artemis messaging layer.
* Address minor comments.
* Fixes after rebase.
Remove chooseIdentity from ServiceHub
* Rename me to ourIdentity on FlowLogic
* Fixes after rebase
* Address Ross comments, fixes
* Fix after rebase
* Fix services certificate paths
Apply Patrick's patch.
* Change how NetworkHostAndPort is parsed
Change from using a global extension function to parse
NetworkHostAndPort strings, into using a function on the companion
object. This is a lot easier for Java interop and matches the common
style used elsewhere both in Corda and in Java libraries.
* Move JAR extraction into new utils file
* Move path verification function to ArtemisUtils
Move path verification function "requireOnDefaultFileSystem()" to new
ArtemisUtils.kt file, as this makes more sense from a Java interop
perspective.
* Add JvmName to AMQPSchemaExtensions
* Add JvmName to AMQPSerializationScheme
* Revert "Move JAR extraction into new utils file"
This reverts commit 1f0f41909b68ff21cc24b5efd6a1a360393a0a14.
* Reformat code
* Run formatter on ArtemisUtils
* Move DemoRunner and DemoUtils into internal
Move DemoRunner and DemoUtils into net.corda.testing.internal as they're unfinished APIs we don't want to commit to supporting, yet.
* Move classes to demorun specific subpackage
* Change to using strings in CordformContext; X500Name is an external API dependency we're trying to avoid, X500Principal rearranges the order of the elements in a way we don't want, and trying to put CordaX500Name into Groovy in the time available is impractical. As such having pre-formatted strings used in the Cordform plugin makes most sense right now.
* Remove uses of CordaX500Name.x500
* Remove old X.500 parsing tools
* Move CordaX500Name.x500 into X500NameUtils
* Move X500NameUtils into internal
* Improved support for testing custom schemas using a MockNetwork.
* Removed `requiredSchemas` from CordaPluginREgistry configuration
Custom schema registration now uses classpath scanning (CorDapps) and explicit registration (tests) following same mechanisms as flow registration.
* Updated following PR review feedback.
* Helper function to return Kotlin object instance fixed and moved to core InternalUtils class.
* Fixed auto-scanning Unit test to assert correct registration of custom schema.
* cleanup comment.
* Changes following rebase from master.
* Remove unneeded identity registrations from tests, which sometimes cause duplicated entries in the database
* Add JvmName annotations to ObservableFold and ObservableUtilities
* Move createMapChange() into ReadOnlyBackedObservableMapBase as the only place it's used, to
improve Java interop.
* Clean up Generator by moving extension functions into the class/companion class.
* Add documentation to the actual functions rather than being only on the top level class.
* Add JvmName to Generators
* Move extension functions into the classes they're used in to try supressing generation of empty RPCClientProxyHandlerKt class.
* Add JvmName to ConcurrencyUtils
* Move Iterable<ServiceInfo>.containsType() into Simulation, as it's only useful when verifying
setup of a simulated case. Resolves ServiceInfoKt class being generated.
* Move FlowHandle.notUsed() into the one place it's actually called, so Kotlin stops creating a FlowHandleKt class.
* [CORDA-303]: Add some tests that stop and start a node and check state is persistent.
* [CORDA-303]: Updated change log and added Javadocs.
* [CORDA-303]: Cleaned up test.
* [CORDA-303]: Removed blank lines after class or function declarations.
* [CORDA-303]: Wrapped multiple invocations in `with` construct.
* All Contract Upgrade functionality performed within a corresponding flow.
Removed RPC API calls for contract upgrade authorisation / de-authorisation.
Added persistence using AppendOnlyPersistentMap.
* Changed to using a PersistentMap to ensure entries can be removed (was causing failing de-authorisation tests).
Fixed all warnings.
* Added mandatory @Suspendable annotations to flows.
* Do not instantiate object unless overridden.
* Updated changelog and CordaDocs.
* Persistence simplification: only store upgrade contract class name (not serialized object)
* Remove nullability from contract_class_name DB column.
Fixup tests after rebase
Add unit tests of Persistent Identity. Fix bugs in PersistentMap.
Wrap identity and network map RPC calls in database transaction
Address PR comments