* add cmdline option for network root truststore and password, instead of using node's truststore configuration to avoid confusion.
* revert line auto format
* fix failing integration test
* address PR issue
* ENT-1403 Cache node attachments (and attachment content)
* ENT-1403 Make cache sizes configurable
* Update documentation with new config parameters
* Test that non-existence of attachments is not cached
* Remove unneeded defaults in interface
* It turned out we need the defaults on the interface in quite a few tests
* Codereview: typos, size in MB rather than bytes, charset in tests, move concurrencyLevel to a constant
* Codereview: Make the internal config value bytes again, but config file in MB
* Fix example config unit test
Changes compatible with R3.Corda (ENT-794):
1) Added Hibernate corda-wrapper-binary two to to columns.
2) Shorten names of tables in dummy schemas used in tests.
3) Undo removal of compound index of VaultTxnNote (b423fea).
4) Assertions for 2 vault tests don't rely on order of rows.
* CORDA-928 cache query results via `getPeerByLegalName` and `getNodesByIndentityKey` to avoid hitting the DB hard in RPC handling.
* Skip cache invalidation during init() - caches are still null.
* Remove registeredNodes/partyNodes caching of data feed.
Rewrite data feed to be initialised off the DB.
Add start method to trigger readyness/artemis listeners if there are nodes in the DB.
* Invalidate cache last rather than first when updating
* ENT-1383 Make the transaction cache in DBTransactionStorage memory-weight based (rather than count based) so large transactions can no longer use an undue amount of memory.
* Code review: formatting and legibility
* Fix stupid type cast error
* More formatting
Introduced DigitalSignatureWithCert and SignedDataWithCert as internal APIs, with the expectation that they will become public; renamed the network parameters end-point to network-parameters; updated the network-map.rst doc; and did some refactoring.
* Added test cases covering encrypted password usage
* Renamed UserAuthServiceTests as AuthDBTests: the integration tests checking user credentials loaded from external database (still limited to H2 in-memory for now).
* Some internal renamings
Add functions for constructing `FlowLogicRef` from class name, rather than requiring the class itself. This avoids requiring that schedulable states have access to the scheduled flow to instantiate, but instead can require it only actually scheduling the flow. This reduces the size of the JAR required to validate transactions containing these states.
Using the --just-generate-node-info flag for the notary nodes so that their identities can be submitted to the network map server, which does the network parameters generation.
With network parameters the CN is no longer needed to identify notaries. This frees it up to be used in the node's name alongside the other attributes.
Also, the identity generation logic has been simplified, removing the need to have magic string values for storing distributed identities in the keystore. Now there are just two alias prefixes: "identity" as it was previously, and "distributed-notary".
* Add roles to X509 certificates so that the identity service can always determine which certificate in a hierarchy is the well known identity
* Rename CLIENT_CA certificate type to NODE_CA
* Rename DOORMAN role to INTERMEDIATE_CA
* Correct issue in CashTests where instead of providing a well known identity to generateSpend(), a confidential identity was passed in and a confidential identity generated from it.
* Enforce role hierarchy in PKI
* Enforce that party certificates must be well known or confidential identities
* Add network map certificate role
Copying of the node-info files moved out of Cordform and into NetworkParametersGenerator (which is now called NetworkBootstrapper). This class becomes an external tool to enable deployment of nodes in a test setup on a single filesystem.
* * Document TestIdentity entropy and enforce that it actually works
* Ledger/transaction DSL default notary with fresh key
* MockServices default identity with fresh key
* makeTestIdentityService now takes vararg
* Require cordappPackages for MockServices
* DSL automatic serialization init
* Improve error when two MockNetworks used
* * Make cordappPackages required by MockNetwork
* Default identity service in MockServices
* Make notarySpecs Java-friendly
* Able to send hand coded messages to an Artemis node inbox
Get startup race condition fixed. Start cleanup work.
Fixup after rebase
Remove SASL hack for now
Minor tweaks. Enable AMQP mode manually.
Add configuration control
Slight clean up
Stop timeouts that don't work with AMQP
Rename class
Get TLS constants from :node-api
Primitive integration test
Put back commented line
Session per bridge to alow rollback on remote rejects.
Add more tests and handle multiple IP adddresses
Reduce logging
Fixup after rebase
Add a test to verify the remote end AMQP rejection logic works and does cause message replay.
Allow Artemis to duplicate after session rollback
Reduce number of threads
Move legacy bridge related code over to CoreBridgeManager
Shared threadpool for bridges
Add a test to confirm that no side effects when using a shared thread pool.
Address PR comments and remove dead lines
Rebase and add some comments
Remove a couple of blank lines
Ensure AMQP bridges are used in tests
Fixup after removal of testNodeConfiguration
Add a couple of doc comments
Add a couple of doc comments
Make things internal and use CordaFuture
Address some PR comments
Change comment type
* Use Artemis 2.2 to fix AMQP problems. Add explicit test of legacy core bridges, as marking the factory class private had silently broken them.
* Fix change due to using Artemis 2.2
* Take maximum message size from network parameters
* Add epoch handling
* Add handling of network parameters mismatch
Change NetworkMapClient and updater, add handle in
AbstractNode that results in node shutdown on parameters mismatch. Later
on we should implement proper handling of parameters updates.
Add tests of NetworkParameters wiring.
When node starts with compatibilityZone url configured it takes
networkParameters from the networkMap.
* Permit only one network parameters file
On node startup network parameters are read from node's base directory,
we permit only zero or one files to be there. If network map server is
configured the parameters can be downloaded at startup (if not present
in the directory already).
* Update docs on network map endpoints
* Extend unit test on RPCSecurityManager
* Fix corner cases in permission parsing and bug in tryAuthenticate
* Rework docsite page
* Add missing ChangeLog entry
* Add support for external data source of access control data (RPC/Shell users credential and permissions), with optional in-memory caching.
* Support password encoded with Apache Shiro fully reversible Modular Crypt Format.
* Introduce 'security' field in Node configuration and related docsite page.
* Rename certificate types
* Create separate certificate type for confidential identities
* Add name constraints to dev node CA
* Move dev node CA into getTestPartyAndCertificate()
* Remove MockServices.stateMachineRecordedTransactionMapping which does nothing
* Inline StateLoaderImpl
* Remove unused MockServices
* MockServices well-known identities not needed in a place
* A few things don't need a full-blown ServiceHub
* new network map object for network map, and verify signature and root in Signed network map and node info
* fixup after rebase
* * added certificate and key to network map server
* move DigitalSignature.WithCert back to NetworkMap.kt, as its breaking API test, will raise another PR to move it back.
* Make DigitalSignature.WithCert not extend WithKey, as per PR discussion.
* various fixes after rebase.
* move Network map back to core/node, as its breaking API test
* revert unintended changes
* move network map objects to node-api
* make node info file copying optional by setting "compatabilityZoneURL" in driver
integration test for node using http network map using driver
some bug fixes
* rebase to feature branch and fixup
* add initialRegistration flag to driver
* remove useFileBaseNetworkMap flag, add network map server to DriverTest
* remove useFileBaseNetworkMap flag, add network map server to DriverTest
* use PortAllocation.Incremental instead of random
* * use PortAllocation.Incremental instead of random
* fix NodeInfoWatcher thread leak issue
* reset scheduler before create notary
* move port allocation out of companion object
* move port allocation out of companion object
* make node info file copier lateinit to avoid observable thread pool get created on init
Previously when de-anonymising a Party instance, the name of the Party was used rather than
the key, meaning a Party could be constructed with a random nonsense key and any name, and be treated as corresponding to the well known identity. This is not a security hole in itself as
in any real scenario a party shouldn't be trusted without having been registered, it creates
a significant risk of a security hole depending on how trusted the anonymous identity is, and
the returned identity is considered.
* Clean up identities in CashTests so that the mini/mega corp keys and identities are correctly
paired together throughout. Previously `miniCorpServices` presented the same key as the
MegaCorp identity, but with the name Mini Corp attached.
* Correct key/name matches in VaultWithCashTest
* Split services in CashTests to not have multiple identities per service hub
* Removal of transaction contract state as BLOB in VaultStates table.
Transaction contract state now resolved using StateLoader (from DBTransactionStorage).
Fixed broken JUnits.
* Changes to address review comments by RP
Address logic error.
* Fixed failing JUnit (CashExitFlowTests.exit zero cash).
* Fix VaultQueryTests to respect transaction visibility boundaries.
* Adopt consistent use of "session" using DatabaseTransactionManager.
* Removed redundant transaction demarcation boundaries in Vault Query tests.
Detangle issuers in NodeVaultServiceTest, which has been using two keys on a single node, for different
issuing identities, which doesn't work right now because we don't actually have multiple identity support.
Also remove duplicate data in parameters to fillWithSomeTestCash().
* Network map cache using Network map client instead of artemis. -- WIP
* fix up after rebase
* address PR issues, split network map update test, added todos to remove sleeps
* move jimfs and baseDir to field variable
Most uses where with MockNetwork which recently got a defaultNotaryIdentity property for dealing with the default single notary case. The remaining uses where in flows.
network-parameters file read in by the node at startup, of which only the list of notaries is used. For now, the driver and MockNetwork have been updated to require notaries to be started first. This is so that the same set of network parameters can be defined for all the nodes.
CN in the legal name is not longer disallowed since it's no longer reserved for distributed notary names.
Single-node notaries now only have one identity, their main identity. Nodes part of a cluster continue to have two.
(Based off Kasia's work)
* [CORDA-446] Clean up other mentions of network map node and logic
* Rename AbstractNetworkMapService to NetworkMapService and remove the empty NetworkMapService
* fix build
* fix artemismessaging tests
* pr comments
approach which assumes a dedicated node for observers: states that are
reported to the node will appear in the database and update feeds as
normal. Apps that expect all updates to be relevant to themselves may
need adjusting if they run on an observer node too, but this is likely
to be rare.
* Standardisation of Public Keys in Schema entities. (#68)
* Standardisation in usage of Public Keys in Schema entities.
Use PK Hash where optimal, otherwise use ByteArray/LOB representation of PK.
* Redundant after rebase.
* Use .encoded and Crypto.decode<Public|Private>Key(bytes) instead of Corda serialization.
* Optimize DBPartyAndCertificate entity to store and query on ownerKeyHash.
* Updated API stability check for schema attribute change.
* [CORDA-442] make MockNetwork not start a networkmap node
Now MockNetwork will put the appropriate NodeInfos inside each running node networkMapCache.
Tests relating to networkmap node starting and interaction have been removed since they where relaying on MockNetwork
They won't be reported as properties by the introspector and thus we
will fail to find a constructor for them. This makes sense as we will be
unable to serialise an object whose members we cannot read
