Commit Graph

230 Commits

Author SHA1 Message Date
James Brown
ee3befcc6e ENT-3543 Update okhttp dependency (#5089) 2019-05-15 10:54:44 +01:00
JamesHR3
b4e96778bf [CORDA-2517] Whitelist attachments signed by keys that already sign existing trusted attachments (#5068)
This allows a different signed version of the same CorDapp to be automatically trusted.

This reverts "[CORDA-2575] Allow users to whitelist attachments by public key config (#5035)"
2019-05-07 12:55:27 +01:00
Dan Newton
cb85dd1e92 CORDA-2477 Improve Signature Constraints documentation (#5041)
The Signature Constraint documentation in `api-contract-constraints`
was very limited and referred to the design doc for most information.
Information was extracted from the design doc and added to the main
documentation.
2019-04-30 11:50:12 +01:00
JamesHR3
efabab35c4 [CORDA-2636] Ensure states created with contract upgrades can be migrated (#4786)
* Ensure states created with contract upgrades can be migrated

* Remove line from api-current.txt representing an uncallable constructor
2019-02-19 09:48:39 +00:00
Tudor Malene
3d362e066c CORDA-2595 - check that all attachments are trusted before loading (#4763)
CORDA-2595 - Fix test and api.

CORDA-2595 add test

CORDA-2595 fix tests

CORDA-2595 fix test and address code review comments

CORDA-2595 address code review comments
2019-02-15 17:33:14 +00:00
JamesHR3
4e2a295eb6
[CORDA-2487] Provide a migration for vault states when moving from V3 to V4.1 (#4699)
* Create a new custom migration for populating the state_party table and the relevancy_status column within the vault_states table when migrating from V3 to V4.

* Add a corresponding unit test suite.

* Small refactorings to expose data required by the migration: the isRelevant function in the NodeVaultService, and the node's legal name from the configuration.
2019-02-12 15:22:15 +00:00
Mike Hearn
02645f7b9e Rework package namespace ownership check to verify every package of every class file.
Previous implementation was in LedgerTransaction and focused only on contract classes,
but every package matters.

Also fixes some exception types and does misc refactorings.
2019-02-11 17:10:50 +01:00
Shams Asari
c39c61ecab
CORDA-2467: Moved non-contract things out of finance-contracts and into finance-workflows (#4700)
This includes all of the cash selection logic, JSON support using jackson and a bunch of utilities which are not relevant to contract verification. The exception to this are Interpolator which has been moved to the IRS demo, and PhysicalLocationStructures.kt which is now in explorer.
2019-02-01 17:31:12 +00:00
josecoll
099a747ebf
CORDA-2526 Allow for duplicate signed attachments in devMode (#4691)
* Allow for duplicate (contract class, version) signed attachments in devMode.

* Code clean-up.

* Fix compilation error in test code.

* Additional gating/warning and added Unit test for development mode behaviour.
2019-01-31 14:41:23 +00:00
josecoll
100a6fcb56
CORDA-2475 Adjust attachments query logic to return correct results (#4612)
* CORDA-2475 Adjust attachments query logic to return correct results sets for signed/unsigned jars.

* Updates following PR review feedback by RP.
2019-01-22 22:57:43 +00:00
JamesHR3
6b149f8aad CORDA-2432 - Update documentation for filtering by state relevancy in vault queries (#4577)
* Update changelog with changes to vault queries

* Move choice of relevancy state to QueryCriteria

* Ensure relevancy default is correct for all query types

* Remove superfluous imports

* Update documentation for queries using state relevancy

* Fix merge damage

* Revert change to use RELEVANT as the default and update docs

* Revert missed instance of relevancy change

* Rewrite of upgrade notes for vault state query updates

* Address review comments
2019-01-16 19:53:49 +00:00
Michele Sollecito
05ffb3d101
CORDA-2403: Flagged API issues between 4.0 and 3.3. (#4541) 2019-01-15 14:27:29 +00:00
szymonsztuka
9b8fda0d6d
CORDA-2375 Ensure node has unique attachment contract classname/version from signed JARs (#4535)
Corda Node ensures a given contract class and version can be sourced from only one signed and trusted Attachment (JAR).
An attempt to import a signed JAR as a trusted uploader (or promote to be trusted) with a class and version already present in the other trusted Attachment will raise DuplicateContractClassException.

Minor fixes to Hibernate Attachment Query parser (original query to select attachment without signers would always return no attachments)
2019-01-10 14:13:00 +00:00
josecoll
4530a5e982
CORDA-2395 Add cordapp code signing dev key to production blacklist. (#4519)
* Add cordapp code signing dev key to production blacklist.

* Remove code used to generate the actual PK hash (it is now attached to the JIRA story)

* Remove wiki page reference.

* Remove the non redundant cash transfer.
2019-01-09 15:41:24 +00:00
Stefano Franz
119ed61a21 remove unused commercial paper samples 2019-01-04 17:58:43 +00:00
Stefano Franz
e98dbcc2af move back into test-utils 2019-01-04 17:58:43 +00:00
Tudor Malene
ee9251bd25
CORDA-2327 add attachments for missing dependencies (#4456)
* CORDA-2327 first draft - add attachments for missing dependencies

* CORDA-2327 draft - fix unit tests

* CORDA-2327 draft - some cleanup.

* CORDA-2327 fix test

* CORDA-2327 fix test

* CORDA-2327 fix test

* CORDA-2327 Address code review comments

* CORDA-2327 fix api

* Address code review comments

* CORDA-2327 Address code review comments

* CORDA-2327 Address code review comments

* Fix merge

* Address code review comments
2019-01-02 16:16:53 +00:00
Shams Asari
b4c3fa1948
Fixed incorrect attachment loading integration test (#4453)
* Fixed incorrect attachment loading integration test

`AttachmentLoadingTests.test that attachments retrieved over the network are not used for code` was a false-positive - it was incorrect on multiple levels. Fixing it required updating the finance:isolated CorDapp, at which point it was given the new MANIFEST metadata for V4, and moved out of the net.corda.finance namespace to avoid package sealing issues.

The new test exposed a bug in the LedgerTransaction verification logic. This was cleaned up as it was too easy to verify on the wrong instance.
2018-12-31 15:02:11 +00:00
Rick Parker
a4037b374d
ENT-2848 More contract attachment caching to avoid database queries slowing the node down (#4433) 2018-12-19 17:53:48 +00:00
Rick Parker
20e5bbf56f
ENT-2848 Add caching to contract attachment versions (#4410)
* Refactor into attachment service

Fix up mock service

First caching version, but with no invalidation currently

Set cache size

Fix up after rebase

Cache invalidation

Formatting tidy up

Sort out some nullability

Add kdocs.

Unit tests

More unit tests

Fix TODO

Unit test fixes

Unit test fixes

Fixed concurrent invalidating transaction support.

* Correct some transaction concurrency bug, including unit test.

* Added some unit tests for the method I added to persistence.

* Remove some blank lines

* Review feedback

* Fix imports
2018-12-17 15:14:14 +00:00
Shams Asari
1a065ef13d
CORDA-1942: Moved minimumPlatformVersion and targetPlatformVersion to Cordapp (#4416)
Otherwise ContractAndWorkflow ends up having these two duplicated three times.
2018-12-14 15:48:01 +00:00
josecoll
9cdda3bd77
CORDA-2149 CorDapp Contract and Workflow version identifiers (#4363)
* Implementation of Contract and Workflow attribute identifiers.

* Fixes following rebase from master.

* Fix broken JUnit test.

* Fix broken JUnit test.

* Fix broken JUnit test.

* Added missing constants.

* Further clean-up.

* Updated documentation.

* Added changelog entry.

* Updated all samples (using new Gradle Plugin 4.0.37 functionality)

* Temporarily resolve gradle plugins from latest published snapshot.

* Temporarily resolve gradle plugins from latest published snapshot.

* Updates following feedback from PR review.

* Move constants into CordappInfo companion object.

* Contract and Workflow attribute `version` to `versionId` (as version is a reserved gradle variable)

* Clarified warning message on incorrect version identifier.

* Align version identifier processing logic with gradle cordapp plugin.

* Updated comment.

* Minor fixes following rebase from master.

* Fixed broken unit test.

* Improved exception reporting.

* Update to use 4.0.37 of Gradle Plugins.

* Added support for combined Contract and Workflow CorDapp info.

* Updated following discussions with Shams + cleanup.

* Updated following Shams PR review.

* Minor API improvements.

* Added missing cordapp info causing deployNodes to fail.
2018-12-14 09:39:23 +00:00
szymonsztuka
4799df9b80
CORDA-2150 signature constraints non-downgrade rule (#4262)
Contract class version non-downgrade rule is check by LedgerTransaction.verify().
TransactionBuilder.toWireTransaction(services: ServicesForResolution) selects attachments for the transaction which obey non downgrade rule.
New ServiceHub method loadAttachmentConstraint(stateRef: StateRef, forContractClassName: ContractClassName? = null) retrieves the attachment contract related to transaction output states of given contract class name.
2018-12-11 10:23:07 +00:00
Shams Asari
426db6c2f2
CORDA-2128: Moved reference to internal NotaryService class out of public API (#4389) 2018-12-10 12:05:51 +00:00
Shams Asari
92b5900bfa
CORDA-2128: Removed SerializationEnvironmentRule.run (#4334)
It exposed the internal SerializationEnvironment class. It previously documented that the SerializationEnvironmentRule JUnit rule should be used instead.
2018-12-06 15:14:38 +00:00
szymonsztuka
d2d13c1dfc
Attachment query with contract version, related to CORDA-2150, CORDA-2157 (#4357)
TransactionBuilder loads attachment using attachment storage instead of CordappLoader,
contract class version is now Integer (format and stored in db as Integer).
2018-12-06 11:28:53 +00:00
Viktor Kolomeyko
316dc4ab92
CORDA-2157: Fix Windows build (#4361)
Or else tests:
AttachmentsClassLoaderTests.Test valid overlapping contract jar
ConstraintsPropagationTests.Happy path for Hash to Signature Constraint migration
are failing.
2018-12-05 13:33:28 +00:00
josecoll
63e326aedb
CORDA-2157 - Hash to Signature constraints migration V2 (#4261)
* Hash to signature constraints migration #1

* After rebase from Attachments Classloader commit.

* Simplified implementation without CZ whitelisting and relaxing the no-overlap rule slightly.

* Further simplification.

* Detailed implementation.

* Use fully loaded Cash contract jar for hash to signature constraints migration test.
Additional debug logging.

* Minor cleanup.

* Address PR review feedback.

* Minor fix.

* Fixes following rebase from master.

* Implemented `calculateEntriesHashes` to improve classloader validation performance.

* Address minor PR review comments.

* Added integration tests and some minor fixes.

* Minor fixes following rebase from master.

* Updates and fixes following integration testing.

* Added changelog entry.

* Fix broken unit tests.

* Fix compilation errors in DriverDSL tests after rebase from master.

* Minor fix to test cordapp jar signing using explicit keystore.

* Run hash-to-signature constraints integration test out of process using a non-validating notary.

* Address PR review feedback: contract version from database + other minor changes.

* Address final PR review feedback: remove signed attachment field from attachmentWithContext

* Resolve conflicts following rebase from master.

* Fix failing junit test.

* Fix Kryo serialization error (forgot to write new `version` identifier field)

* Removed redundant query carried over from previous commit.

* Added documentation.

* Fix test case where explicit Hash Constraint input and Signature Constraint output explicitly configured.

* Addressing PR review comments from SA.

* AttachmentQueryCriteria API: added wither methods and Java Unit tests.

* Fixed compilation error caused by Unit tests being in wrong module.

* Added @CordaInternal to canBeTransitionedFrom function.

* Minimized AttachmentClassloader overlap duplicates checking.

* Moved JarSignatureTestUtils and ContractJarTestUtils to internal pending clean-up and documentation before public release.

* Minor fix following rebase from master.

* Removed redundant checkNotNull(networkParameters) checks now that these are always passed into the main (non-deprecated) constructor.

* Remove capitalization.
2018-12-04 18:45:29 +00:00
Andrius Dagys
838c99c6e4 CORDA-2115: Notary whitelist verification changes (#4293)
* CORDA-2115: Notary whitelist verification changes

- For regular and contract upgrade transactions: check that the notary is in the network parameter whitelist
- For notary change transactions: check the the new notary is in the network parameter whitelist. This enabled support for network merging: the old notary doesn't have to be in the current network's notary whitelist for re-pointing old states to another notary.

These checks are done during transaction construction/verification and also by the non-validating notary.

* Address comments

* Remove stale todo

* Use notary whitelist of current network parameters for platform versoin 3

* Cleanup test

* Move `getHistoricNotary` to `HistoricNetworkParameterStorage` in `core.internal`

* Require `newNotary` to be notary on the network map during notary change
2018-12-04 13:54:24 +00:00
Michele Sollecito
a9ff8a0818
[CORDA-2278]: KillFlow RPC operation is not releasing soft locks. (#4332)
* [CORDA-2278]: Seems to be working. Leaving the test to ensure no future regressions.

* [CORDA-2278]: Seems to be working. Leaving the test to ensure no future regressions.

* [CORDA-2278]: Seems to be working. Leaving the test to ensure no future regressions.

* [CORDA-2278]: Seems to be working. Leaving the test to ensure no future regressions.
2018-11-30 13:10:19 +00:00
Shams Asari
9100636b8c
CORDA-2269: Removed DriverParameters.initialiseSerialization as it's not needed (#4321) 2018-11-29 13:53:22 +00:00
Katarzyna Streich
5d2ad46553
CORDA-2089 - network parameters tags - part (#4228)
* CORDA-2089 - network parameters tags - part

Data structures changes, storage and notarisation.

Tag transactions with network parameters hash that was in force when tx
was created. Add component group on all core transactions and resolved
parameters on full transactions. The hash should be always visible on
the filtered versions of transactions. Add
notarisation check that the parameters are current.
Implement network parameters storage on services for resolution.

This is only part of the work, next PR will include changes to
ResolveTransactionsFlow to make sure that parameters in the transaction
graph are ordered (this is to prevent the downgrade attack, when the
malicious notary and participants sign transaction that shouldn't be
notarised otherwise).
Probably on network services side we need the default parameters
endpoint for the
transactions that were created before this change - for now it's default
to the current ones.

* Make parameters storage agnostic to cert hierarchy

Test fixes

* Address most PR comments

* Fixes after rebase

* Fixes. Add epoch column to parameters storage.

* Address part of review comments

* Some more comments

* Hopefully fixing what I broke doing rebse

* Address Kostas comments

* Further fixes

* Save all parameters from updates to storage

* Fix integration test

* Address comments

* Fixes after rebase

* Fix test

* Fixes

* Add wrapper for filtering around parameters hash

* API stability fixes

* Add NetworkParametersStorageInternal

* Rename
2018-11-27 15:48:32 +00:00
Anthony Keenan
b7d04b1c6e
[CORDA-2235]: Add overrides for network parameters via command line and file (#4279)
* Temp commit

* Print the error message first by default, makes error output more natural.

* Polishing

* Further modifications after testing

* Documentation updates

* Couple of fixes after review

* Removing unnecessary tests

* Fix broken test

* Add interface to bootstrapper for testign

* Added unit tests

* Remove unused class

* Fix up bootstrapper unit tests and add a couple more

* Refactor the tests slightly

* Review comments

* Couple of minor tweaks
2018-11-26 17:11:05 +00:00
Dominic Fox
88fbb47f67
ENT-2320 state contract identification (#4285)
* Enforce state/contract agreement validation

* Fix some broken tests

* Ascertain targetVersion by inspecting the jar source of the ContractState

* Docs added and rebased against master

* contextLogger doesn't work here

* Java examples in docs

* Label IRSState with owning contract

* Fix rst formatting

* Add @BelongsToContract annotation to PortfolioState
2018-11-26 16:02:32 +00:00
Shams Asari
51adf9b678
LedgerTransaction no longer a data class to prevent more copy methods and fixed serialisation issue (CORDA-2231) (#4287)
LedgerTransaction is not meant to be created directly from client code, but it being a data class means we will expose new copy methods as new properties are added. The existing copy methods that we've exposed since V3 are deprecated, and equals and hashCode have been updated to be based just on id.

The primary c'tor has been clearly marked as the class' wire format, and so the internal stuff has been moved out. The references property cannot be made nullable and so DeprecatedConstructorForDeserialization is used instead.
2018-11-22 22:53:24 +00:00
Tudor Malene
4c8dabc288
ENT-2506 restore the attachment party signers (#4255)
* ENT-2506 restore the attachment party signers

* ENT-2506 restore the attachment party signers

* ENT-2506 restore the attachment party signers

* ENT-2675 Address code review changes.

* ENT-2675 Address code review changes.
2018-11-22 18:35:30 +00:00
szymonsztuka
014f71d36a
CORDA-2150 testing infrastructure for non downgrade contract version rule - TestDSL creates Jar with manifest file (#4274)
This is preliminary addition to test "Implementation-Version" entry from META-INF/MANIFEST.MF in TestDSL.kt. MockCordappProvider was creating JAR without manifest file. Added the manifest file with the obligatory (by JAR spec) attribute "Manifest-Version", other attributes can be added.
2018-11-21 18:36:30 +00:00
Thomas Schroeter
489e719b54
[CORDA-2243] Notary client should sign over NotarisationRequest serialised with object referencing turned off (#4264)
* Sign later to make sure the notary service constructs the same serialized bytes

* Add non validating notary tests

* Revert "Sign later to make sure the notary service constructs the same serialized bytes"

This reverts commit cefba5c350.

* Dereference SecureHashes before creating the notarisation request signature

* Update comment

* Address comments

* Undo accidental renaming
2018-11-21 16:50:32 +00:00
Oliver Knowles
373d99435c
CORDA-1965 Auto-accept network parameter changes (#4222)
* add auto acceptance of certain network parameters

* Remove incorrect nullification of newNetworkParameters object within NetworkMapUpdater

* Automatically update network parameters if update accepted and flag day occured

* Comment cleanup

* Add node configuration for auto accepting network parameter changes

* Remove hot swapping of network parameters

* Add docs for auto accept config flag

* Minor change to log line

* Remove unrelated fix that was corrected on master

* Minor name change within NetworkParameters class

* Minor doc rewording

* Fix typo in docs

* Address PR comments

* Add node config option to turn off network param auto-accept on a per param basis

* Address PR comments

* Fix failing Network Map update integration test
2018-11-20 09:50:42 +00:00
Tudor Malene
2d043828a0
CORDA-2083 verify transaction in AttachmentsClassloader (#4188)
CORDA-2083 fix tests

CORDA-2083 fix tests

CORDA-2083 fix tests

CORDA-2083 fix tests

CORDA-2083 fix tests

CORDA-2083 fix tests

CORDA-2083 fix tests

CORDA-2083 add support for explicit upgrade transactions

CORDA-2083 cleanup

CORDA-2083 cleanup

CORDA-2083 More cleanup

CORDA-2083 More cleanup

CORDA-2083 Clean up tests

CORDA-2083 Address code review comments

CORDA-2083 Fix merge

CORDA-2083 Fix merge

CORDA-2083 Address code review comments

revert file

CORDA-2083 Fix test

CORDA-2083 Add test

CORDA-2083 cleanup

CORDA-2083 Fix test

CORDA-2083 Address code review comments.

CORDA-2083 Remove unused functions.

CORDA-2083 Address code review comments.

CORDA-2083 Address code review comments.

CORDA-2083 Address code review comments.

CORDA-2083 Address code review comments.

CORDA-2083 Address code review comments.
2018-11-19 13:42:12 +00:00
Stefano Franz
8f463c46a9 Add message to uses of require(...) (#4192) 2018-11-16 17:13:55 +00:00
tudor.malene@gmail.com
1e27f0cbe0 Merge remote-tracking branch 'private/master' into feature/tudor_constraints
# Conflicts:
#	core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
#	core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
#	core/src/main/kotlin/net/corda/core/utilities/KotlinUtils.kt
#	node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
2018-11-14 11:50:19 +00:00
szymonsztuka
9efb4121d5
Don't check signers of META-INF/LIST.INDEX file (workaround for CORDA-2116) (#4148)
Temporally treating META-INF/INDEX.LIST as unsignable entry because java.util.jar.JarVerifier doesn't load its signers. https://r3-cev.atlassian.net/browse/CORDA-2177 for further investigation.
2018-11-06 14:34:03 +00:00
josecoll
015a36dad6
CORDA 2131 - Extend Network Bootstrapper to enable registration of Java Package Namespaces. (#4116)
* Package Ownership Network Parameters: add register / unregister CLI options to network bootstrapper.

* Fix 2 failing unit tests.

* Fix failing unit tests.

* Added changelog, documentation and cosmetic changes.

* Fixed exception message.

* Address PR review feedback.

* Fix typo.

* Resolve conflicts.

* Rebase, resolve conflicts and remove PackageOwner class.

* Address latest PR review feedback.

* Fix incorrect imports.

* Fix broken JUnit

* Add support for key store passwords including delimiter characters.

* Updated and improved documentation.

* Minor doc update.

* Documentation changes following PR review feedback

* Replace Bank Of Corda with Example CorDapp.
Remove references to locally built network bootstrapper.
2018-11-06 09:28:55 +00:00
Tudor Malene
469ffe473f Fix merge
Fix merge

Fix merge
2018-10-25 10:44:10 +01:00
tudor.malene@gmail.com
29a8c153ed Merge branch 'master' into tudor_merge_os_24_10
# Conflicts:
#	core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt
#	core/src/main/kotlin/net/corda/core/transactions/LedgerTransaction.kt
#	core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
#	core/src/main/kotlin/net/corda/core/utilities/KotlinUtils.kt
#	core/src/test/kotlin/net/corda/core/contracts/PackageOwnershipVerificationTests.kt
#	core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt
#	node/src/main/kotlin/net/corda/node/internal/cordapp/JarScanningCordappLoader.kt
#	node/src/test/kotlin/net/corda/node/services/persistence/NodeAttachmentServiceTest.kt
#	testing/test-utils/src/main/kotlin/net/corda/testing/dsl/TestDSL.kt
#	testing/test-utils/src/main/kotlin/net/corda/testing/dsl/TransactionDSLInterpreter.kt
#	testing/test-utils/src/main/kotlin/net/corda/testing/internal/MockCordappProvider.kt
2018-10-24 17:09:30 +01:00
Stefano Franz
0919b01271
ENT-2509 - Make @InitiatedBy flows overridable via node config (#3960)
* first attempt at a flowManager

fix test breakages

add testing around registering subclasses

make flowManager a param of MockNode

extract interface
rename methods

more work around overriding flows

more test fixes

add sample project showing how to use flowOverrides

rebase

* make smallest possible changes to AttachmentSerializationTest and ReceiveAllFlowTests

* add some comments about how flow manager weights flows

* address review comments
add documentation

* address more review comments
2018-10-23 16:45:07 +01:00
Viktor Kolomeyko
ce9f95ca86
ENT-2610: Correct withBaseDirectory method (#4106)
Even though it is not used in OS, it is better to keep it in sync with Ent.
2018-10-23 11:08:30 +01:00
Tudor Malene
391c6bf66f
Feature/corda 1947/add package ownership (#4097)
* Upgrade hibernate and fix tests

CORDA-1947 Address code review changes

CORDA-1947 Address code review changes

(cherry picked from commit ab98c03d1a)

* ENT-2506 Changes signers field type

ENT-2506 Clean up some docs

ENT-2506 Fix tests and api

ENT-2506 Fix compilation error

ENT-2506 Fix compilation error

(cherry picked from commit 32f279a243)

* CORDA-1947 added packageOwnership parameter

CORDA-1947 add signers field to DbAttachment. Add check when importing attachments

CORDA-1947 add signers field to DbAttachment. Add check when importing attachments

CORDA-1947 add tests

CORDA-1947 fix comment

CORDA-1947 Fix test

CORDA-1947 fix serialiser

CORDA-1947 fix tests

CORDA-1947 fix tests

CORDA-1947 fix serialiser

CORDA-1947 Address code review changes

CORDA-1947 Address code review changes

CORDA-1947 Revert test fixes

CORDA-1947 address code review comments

CORDA-1947 move verification logic to LedgerTransaction.verify

CORDA-1947 fix test

CORDA-1947 fix tests

CORDA-1947 fix tests

CORDA-1947 address code review comments

CORDA-1947 address code review comments

(cherry picked from commit 86bc0d9606)

CORDA-1947 fix merge
2018-10-22 15:00:08 +01:00
Viktor Kolomeyko
88f368134f
ENT-2610: Separate passwords for store and for private keys in Corda OS. (#4090)
* ENT-2610: Separate passwords for store and for private keys in Corda OS.

When it comes to KeyStores there are *2* passwords: 1 for the keyStore as a whole and separately there is one private keys within this keyStore.
Unfortunately, those 2 passwords have to be the same due to Artemis limitation, for more details please see:
`org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory`
where it is calling `KeyManagerFactory.init()` with store password.

Before change in this PR, throughout our codebase there are multiple places where we assume that storePassword is the same as keyPassword, even in the classes that have nothing to do with Artemis.
This is of course less than ideal as TLS communication may be used not only for Artemis connectivity (e.g. Bridge/Float interaction in Ent) and it is unfair to impose same passwords constraint on that communication channel.
Therefore this PR is removing this limitation and properly separating storePassword from keyPassword.

Linked Jira(https://r3-cev.atlassian.net/browse/ENT-2610) has for more background info.

Suggest to start review from `net.corda.core.crypto.X509NameConstraintsTest` to get an idea about the nature of the changes made.

* ENT-2610: Address PR input from @kchalkias

* ENT-2610: Address PR input from @kchalkias, s/privateKeyPassword/entryPassword/

* ENT-2610: Address PR input from @kchalkias, s/keyPassword/entryPassword/

In the implementation of `CertificateStoreSupplier`
2018-10-22 07:11:27 +01:00