* Add roles to X509 certificates so that the identity service can always determine which certificate in a hierarchy is the well known identity
* Rename CLIENT_CA certificate type to NODE_CA
* Rename DOORMAN role to INTERMEDIATE_CA
* Correct issue in CashTests where instead of providing a well known identity to generateSpend(), a confidential identity was passed in and a confidential identity generated from it.
* Enforce role hierarchy in PKI
* Enforce that party certificates must be well known or confidential identities
* Add network map certificate role
* * Document TestIdentity entropy and enforce that it actually works
* Ledger/transaction DSL default notary with fresh key
* MockServices default identity with fresh key
* makeTestIdentityService now takes vararg
* Require cordappPackages for MockServices
* DSL automatic serialization init
* Improve error when two MockNetworks used
* * Make cordappPackages required by MockNetwork
* Default identity service in MockServices
* Make notarySpecs Java-friendly
* [CORDA-442] make MockNetwork not start a networkmap node
Now MockNetwork will put the appropriate NodeInfos inside each running node networkMapCache.
Tests relating to networkmap node starting and interaction have been removed since they where relaying on MockNetwork
Move from `chooseIdentity()` to `singleIdentity()` where tests use a single identity, or to fetching by name where multiple identities are present, so we stop using the first identity as special.
Rework identity usage in tests to extract identity from nodes by name, rather than just arbitrarily choosing the first identity. This better models the intended design for production (future work).
Require a signature on a deterministic data blob (which includes X.500 name and public key) when exchanging new confidential identities, in order to ensure that the owner of the key pair wants it to represent the specified name, not just that the certificate owner states the key represents the given identity.
* MockNode rename overrideServices to notaryIdentity
Permit only one override of service.
* MockNetwork: force creation of NetworkMapNode
Tests cleanup: decouple normal nodes and network map. NetworkMap node is created as first.
Change IdentitySyncFlow to only offer confidential identities matching the identity the flow is run as. This avoids risks of nodes being convinced to include a state with a confidential identity in it, by a remote node, then feeding the well known identity to the node during identity sync.
Replace use of `createSomeNodes()` with creating notary and party nodes individually. This typically results in less code as the basket of nodes isn't built first then the nodes, but instead the nodes generated directly. Notably this identified issues in notary change and contract upgrade tests, which were not actually using a validating notary and therefore it had been missed that the transactions were failing validation.
Renamed nodes in tests for consistency as well, so nodes are now `aliceNode`, `bobNode`, etc. instead of `a`, `b`, or `n0`, `n1`, or other variants of those.
* Contract constraints and attachment loading
Fix compiler warnings.
Fixed IdentitySyncFlowTests in confidential-identities.
Fixes.
Fix AttachmentClassLoaderTests.
Added a TODO.
Renamed cordapp service.
Fix compilation error in java code.
Fix RaftNotaryServiceTests
Fix AttachmentLoadingTest
Fix DistributedServiceTests and LargeTransactionTests.
Add cordapp packages to Verifier tests.
Refactor DummyContractBackdoor back out of internal package.
Resolve compiler warnings.
Consolidate excluding `isolated` project at top-level.
Fix contract attachment serialisation for remote verifier.
Fix integration tests for client:rpc.
Contract constraints and attachment loading
Fix compiler warnings.
Fixed IdentitySyncFlowTests in confidential-identities.
Fixes.
Fix AttachmentClassLoaderTests.
Added a TODO.
Renamed cordapp service.
Fix compilation error in java code.
Fix example compilation.
Fix RaftNotaryServiceTests
Fix AttachmentLoadingTest
Fix DistributedServiceTests and LargeTransactionTests.
Add cordapp packages to Verifier tests.
Refactor DummyContractBackdoor back out of internal package.
Resolve compiler warnings.
Consolidate excluding `isolated` project at top-level.
Fix integration tests for client:rpc.
Fixed issues with node driver and differing ZIPs.
Review changes.
Refactor GeneratedAttachment into node-api module.
Merge branch 'clint/hash-constraint' of https://github.com/corda/corda into clint/hash-constraint
Fixed compile error following rebase.
wip - test to check that app code isn't loaded from attachments sent over the wire.
Use Kotlin copyTo() rather than Apache's IOUtils.
Fixes
more fixes.
Removing unconstrained output.
More fixes.
Fixed another test.
Added missing plugin definition in net.corda.core.node.CordaPluginRegistry: net.corda.finance.contracts.isolated.IsolatedPlugin
Re-added missing magic string used in unit test.
Remove unused FlowSession variable.
* Review fixes.
* More review fixes.
* Moved Cordapp implementation to an internal package.
* More JVMOverloads.
Updated code base to make use of these instead of chooseIdentity(). Also improved the serialisation of fiber checkpoints so that it doesn't store the entire cert parth of this identity.
* Move SwapIdentitiesFlow to confidential-identities module
* Clean up confidential-identities build.gradle
* Change description to include Experimental
* Move confidential-identities to a dependency of node rather than node-api