Commit Graph

701 Commits

Author SHA1 Message Date
Shams Asari
900809b3d7 ENT-11090: Removed all JDK 8/11 conditional code 2024-03-05 17:10:26 +00:00
Adel El-Beik
4031c28947
ENT-11502: Upgrade platform version to 140. (#7674) 2024-03-04 12:24:15 +00:00
Shams Asari
200333b198 ENT-11355: Backwards compatibility with older nodes via new attachments component group 2024-02-19 17:19:49 +00:00
Chris Cochrane
c7514e1c60
ENT-11443 Function sig changes to support removing enterprise compiler warnings (#7671) 2024-02-07 14:46:18 +00:00
Chris Cochrane
9b794795a0
ENT-11351 - Compiler warnings pass 4 (#7663)
* Compiler warnings

* Resolve detekt errors

* Reverted code change; added warning suppression

* Address PR review comments
2024-01-29 13:49:00 +00:00
Shams Asari
a7d0684fe7
ENT-11384: Cleanup JarScanningCordappLoader (#7664)
* It uses URLs when in fact CorDapps are jar files, and so should being Path. It also does URL equality, which is not recommended
* Address (very old) TODO of removing RestrictedURL, which is not needed

Also, back-ported some minor changes from https://github.com/corda/enterprise/pull/5057.
2024-01-29 13:44:14 +00:00
Chris Cochrane
975500d878
ENT-11351 - Compiler warnings pass 3 (#7659)
* More compiler warnings fixed

* Amended deprecation suppression annotations, as per review comments
2024-01-25 10:18:58 +00:00
Adel El-Beik
3abb218bca
Merge pull request #7654 from corda/shams-external-verifier-analyse-txs
ENT-11255: Scan attachments to determine if they are Kotlin 1.2 or later
2024-01-23 16:56:47 +00:00
Balwant Kothari
5c193ce47f
ENT-11113 Uncommented ignored test cases (#7648)
ENT-11113 Uncommented ignored test cases
ENT-11113 Updated time for Flow Speed Test
2024-01-23 15:11:50 +00:00
Shams Asari
f30ba33929 ENT-11255: Scan attachments to determine if they are Kotlin 1.2 or later
The node now sends a transaction to the verifier if any of its attachments were compiled with Kotlin 1.2 (the net.corda.node.verification.external system property has been removed). It uses kotlinx-metadata to read the Kotlin metadata in the attachment to determine this. For now this scanning is done each time the attachment is loaded from the database.

The existing external verification integration tests were converted into smoke tests so that 4.11 nodes could be involved. This required various improvements to NodeProcess.Factory. A new JAVA_8_HOME environment variable, pointing to JDK 8, is required to run these tests.

There is still some follow-up work that needs to be done:

Sending transactions from a 4.11 node to a 4.12 node works, but not the other way round. A new WireTransaction component group needs to be introduced for storing 4.12 attachments so that they can be safely ignored by 4.11 nodes, and the 4.12 node needs to be able to load both 4.11 and 4.12 versions of the same contracts CorDapp so that they can be both attached to the transaction.
Even though attachments are cached when retrieved from the database, the Kotlin metadata version should be stored in the attachments db table, rather than being scanned each time.
Finally, VerificationService was refactored into NodeVerificationSupport and can be passed into SignedTransaction.verifyInternal, instead of needing the much heavier VerifyingServiceHub. This makes it easier for internal tools to verify transactions and spawn the verifier if necessary.
2024-01-22 11:31:51 +00:00
Chris Cochrane
1ff853b421
ENT-11351 - Compiler warnings pass 1 (#7652)
* Removed warnings - pass 1

* Resolve detekt errors

* Properly compare X500 distinguished names
2024-01-19 10:26:50 +00:00
Adel El-Beik
ab4a24eb98
Merge pull request #7636 from k163377/fix-kotlin-module
ENT-11325: Fixed to not use API that will be discontinued in the future
2024-01-04 15:27:20 +00:00
Shams Asari
2e63ca6264
ENT-11065: Remove the need for JVM flags in client code (#7635) 2024-01-03 11:22:03 +00:00
Shams Asari
406f7ff292
ENT-11056: Compile the external verifier using Kotlin 1.2 (#7622)
This requires Kotlin 1.2 versions of core and serialization (core-1.2 and serialization-1.2 respectively), which are just "shell" modules and which compile the existing source code with Kotlin 1.2. The 1.2 plugin does not work with the current version of Gradle and so the 1.2 compiler has to be called directly.

Now with two versions of Kotlin in the code base, each module needs to have its version manually specified to ensure a clean separation. Otherwise, the default Kotlin version can override 1.2 when needed.

Some of the code was tidied-up or improved to enable it to be cross-compiled. For post-1.2 APIs being used, they have been copied into core-1.2 with the same method signatures. OpenTelemetryComponent was moved to node-api, along with the dependency, to avoid also having a 1.2 version for the opentelemetry module.
2024-01-02 17:02:20 +00:00
wrongwrong
6b765a93b4 Fixed to not use API that will be discontinued in the future 2023-12-30 16:59:52 +09:00
Shams Asari
e2bcd0499e ENT-11263: Remove TooGenericExceptionCaught detekt rule 2023-12-07 13:36:21 +00:00
Shams Asari
11d0054fcc
ENT-11055: Basic external verification (#7545)
* ENT-11055: Basic external verification

Introduction of the external transaction verifier, a separate JVM process for verifying `SignedTransaction`s. The end goal is for this verifier to be built with Kotlin 1.2 so that it creates a compatible verification environment for transactions with 4.11 contracts. For now however the verifier is built against Kotlin 1.8, same as the node.

External verification is enabled when the the system property `net.corda.node.verification.external` is set to `true`. When enabled, all verification requests made via `SignedTransaction.verify` are sent to the external verifier, regardless of the transaction content. It will do the vast bulk of the verification and then send the result back, namely if an exception occurred. If it did, then it's re-thrown in the node.

The external verifier is a stateless process, with no connection to the node's database. All transaction resolution information needed to create the relevant ledger transaction object are made to the node, which waits in a loop servicing these requests until it receives the result. The verifier Jar is embedded in the Corda node Jar, and is extracted and run when needed for the first time. The node opens up a local port for the verifier to communicate with, which is specified to the verifier in the process command line. This all means there is no extra configuration or deployment required to support external verification.

The existing code had some initial attempts and abstractions to support a future external verification feature. However,
they were either incorrect or didn't quite fit. One such example was `TransactionVerifierService`. It incorrectly operated on the `LedgerTransaction` level, which doesn't work since the transaction needs to be first serialised. Instead a new abstraction, `VerificationSupport` has been introduced, which represents all the operations needed to resolve and verify a `SignedTransaction`, essentially replacing `ServicesForResolution` (a lot of the changes are due to this). The external verifier implements this with a simple RPC mechanism, whilst the node needed a new (internal) `ServiceHub` abstraction, `VerifyingServiceHub`. `ServicesForResolution` hasn't been deleted since it's public API, however all classes implementing it must also implement `VerifyingServiceHub`. This is possible to do without breaking compatibility since `ServicesForResolution` is annotated with  `@DoNotImplement`.

Changes to `api-current.txt` were made due to the removal of `TransactionVerifierService`, which was clearly indicated as an internal class, and returning `TransactionBuilder.toLedgerTransactionWithContext` back to an internal method.

* Address review comments

* One bulk load states method

* Merge fix
2023-12-07 11:29:27 +00:00
Balwant Kothari
74ca2c6734
ENT-10560 JDK 17 Test Cases Fixes (#7598)
* Updated mockito version and removed ignored annotation to relevant test cases

* Updated mockito version and removed ignored annotation to relevant test cases
2023-12-07 10:46:56 +00:00
Arshad Mahmood
1b4189b2b3 Added explicit publishing configuration for projects bundled as jars, this change was required when upgrading to kotlin 1.9.0 2023-11-08 10:48:10 +00:00
Arshad Mahmood
6dd33fb8f7 Upgrade to gradle 7.6, kotlin 1.8 and jdk 17
Major changes due to JDK 17:
1. JDK17 JCE Provider now has built-in support for eddsas, corda uses
   the bouncycastle (i2p) implementation. This PR removes the conflicting
   algorithms from the built-in JCE provider.

2. JavaScript scripting has been removed from the JDK, the corda log4j config was using
   scripting to conditionally output additional diagnostic info if the MDC
   was populated. This PR has removed the scripting.

3. The artifactory plug-ins used are now deprecated, this PR has removed them
   and uses the same code as Corda 5 for publishing to artifactory.

4. Javadoc generation has been modified to use the latest dokka plug-ins.

5. Gradle 7.6 has implemented an incredibly annoying change where transitive
   dependencies are not put on the compile classpath, so that they have to be
   explicitly added as dependencies to projects.

6. Mockito has been updated, which sadly meant that quite a few source files
   have to changes to use the new (org.mockito.kotlin) package name. This makes
   this PR appear much larger than it is.

7. A number of tests have been marked as ignored to get a green, broadly they fall
   into 3 classes.

   The first is related to crypto keypair tests, it appears some logic
   in the JDK prefers to use the SunJCE implementation and we prefer to use
   bouncycastle. I believe this issue can be fixed with better test setup.

   The second group is related to our use of a method called "uncheckedCast(..)",
   the purpose of this method was to get rid of the annoying unchecked cast compiler
   warning that would otherwise exist. It looks like the Kotlin 1.9 compiler type
   inference differs and at runtime sometimes the type it infers is "Void" which causes
   an exception at runtime. The simplest solution is to use an explicit cast instead of
   unchecked cast, Corda 5 have removed unchecked cast from their codebase.

   The third class are a number of ActiveMQ tests which appear to have a memory leak somewhere.
2023-11-06 10:24:17 +00:00
Shams Asari
3a6deeefa7 Merge branch 'release/os/4.9' into shams-4.10-merge-e6a80822
# Conflicts:
#	.github/workflows/check-pr-title.yml
#	.snyk
#	node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/AMQPClient.kt
#	node/src/integration-test/kotlin/net/corda/node/amqp/AMQPClientSslErrorsTest.kt
#	node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
2023-07-13 10:53:30 +01:00
Shams Asari
671ce9ef97 Merge branch 'os-4.8-merge-point' into shams-4.9-merge-0b8536b9
# Conflicts:
#	.github/workflows/check-pr-title.yml
#	node/src/main/kotlin/net/corda/node/services/messaging/NodeNettyAcceptorFactory.kt
2023-07-07 15:20:43 +01:00
Shams Asari
5b3180bf7b ENT-10016: Give all node threads descriptive names 2023-06-09 11:17:26 +01:00
Chris Cochrane
e12ab8194f
Merge branch 'release/os/4.7' into cc/merge/os-4.7-os-4.8/25-apr-2023
Fwd-merge from OS 4.7.
2023-04-25 14:54:21 +01:00
Chris Cochrane
91c38fa84b
Merge branch 'release/os/4.6' into cc/merge/os-4.6-os-4.7/24-apr-2023
Fwd-merge from OS 4.6.
2023-04-24 20:13:50 +01:00
Chris Cochrane
c58c49d27a
Upgrade corda/crash, snakeyaml 2023-04-20 14:01:20 +01:00
Chris Cochrane
c263ba7563
Updated to fix Jackson tests 2023-04-19 13:06:35 +01:00
Shams Asari
7b6fc51710 Merge branch 'release/os/4.9' into shams-4.10-fwrd-merge-ceb76c56
# Conflicts:
#	common/logging/src/main/kotlin/net/corda/common/logging/Constants.kt
#	node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/AMQPClient.kt
#	node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt
2023-04-12 16:23:59 +01:00
Shams Asari
724a4e5a36 Merge branch 'release/os/4.8' into shams-4.9-fwrd-merge-d140cb59
# Conflicts:
#	node-api/src/main/kotlin/net/corda/nodeapi/internal/ArtemisTcpTransport.kt
#	node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/AMQPChannelHandler.kt
#	node/src/integration-test/kotlin/net/corda/node/amqp/CertificateRevocationListNodeTests.kt
#	node/src/main/kotlin/net/corda/node/internal/artemis/CertificateChainCheckPolicy.kt
2023-04-11 11:54:26 +01:00
Chris Cochrane
95c4a18352
ENT-6336,ENT-6960 - upgrade snakeyaml to address security vulnerabilities 2023-04-06 19:14:30 +01:00
Shams Asari
0213861d22
ENT-9569: Apply the 60s SSL handshake timeout to the embedded Artemis server (#7315) 2023-03-22 13:22:12 +00:00
Adel El-Beik
044b83508e ENT-8823: Added copyBaggageToTags configuration option to control if baggage is copied to tags.
Switched SimplLogTelemetryComponent to info logs.
2022-12-08 16:54:38 +00:00
Adel El-Beik
e46b7bdd5a
ENT-6893: Added interface for clients to grab openetelemetry handle. (#7264)
* ENT-6893: Added interface for clients to grab openetelemetry handle.

* ENT-6893: Make detekt happy.

* ENT-6893: Fix warnings.

* ENT-6893: Make detekt happy.

* ENT-6893: Now shutdown opentelemetry when node stops or client is closed.

* ENT-6893: OpenTelemetryDriver is not not a singleton.
2022-11-24 13:34:08 +00:00
Adel El-Beik
7a133f687c
ENT-6893: First cut of telemetry integration. (#7247)
First cut of telemetry integration.

Open telemetry can be enabled in two ways, first is via an opentelemetry java agent specified on the command line. With this way you get the advantage of spans created from other libraries, like hibernate. The java agent does byte code rewriting to insert spans.
The second way is with the open telemetry driver (that links with the opentelemetry sdk). This is a fat jar provided with this project and needs to go into the node drivers directory.
2022-10-28 14:41:39 +01:00
Rick Parker
b29713d7b9
ENT-6947 Intern common types to reduce heap footprint (#7239)
ENT-6947: Implement interning for SecureHash, CordaX500Name, PublicKey, AsbtractParty and SignatureAttachmentConstraint, including automatic detection of internable types off companion objects in AMQP & Kyro deserialization.  In some cases, add new factory methods to companion objects, and make main code base use them.

Performance tested in performance cluster with no negative impact visible (so default concurrency setting seems okay).

Testing suggests 5-6x memory saving for tokens in TokensSDK in memory selector.  Should see approx. 1 million tokens per GB or better (1.5 million for the tokens we tested with).
2022-10-18 09:28:41 +01:00
Chris Cochrane
54fdd12a2d
ENT-6866 support quick RPCs that are not processed via the RPC thread pool (#7213)
* ENT-6866 support quick RPCs that are not processed via the RPC thread pool
2022-07-07 12:33:51 +01:00
Ryan Fowler
a5a0c64e2d CORDA-3918: Port of ENT-5417: Allow exceptions to propagate when shutdown commands are called (#6516) 2022-05-16 10:06:01 +01:00
Tamas Veingartner
bfcd1d8791 ENT-5379 Reconnecting RPC fixed to recognize shutdown calls and break reconnect attempts (#6316) 2022-05-16 10:06:00 +01:00
Rick Parker
1e227fdfc4
ENT-6711 - Fix for upgrade to Jackson 2.12 and beyond (actual upgrade to 2.13.1) (#7096)
* NOTICK - Don't know what the JIRA is but wanted to share.

* Updates to resolve bukld issues

* NOTICK: Fixed JDK11 version to prevent capsule version error

* ENT-6711: Added comment for use of jackson_kotlin_version.

* ENT-6711: Avoid deprecation warning, switched to the default method.

Co-authored-by: Chris Cochrane <chris.cochrane@r3.com>
Co-authored-by: Adel El-Beik <adel.el-beik@r3.com>
2022-03-07 11:08:06 +00:00
Adel El-Beik
4594c76259 ENT-6637: Targeted exclude of the jgroups dependency. 2022-03-04 11:52:14 +00:00
Chris Cochrane
9dfdd71c22
ENT-6631 - upgrade jackson version to get rid of databind vulnerability, keeping jackson-module-kotlin the same 2022-02-24 13:26:37 +00:00
Kyriakos Tharrouniatis
a02f2e9f6a
ENT-6414 reattachFlowWithClientId throws NullPointerException if user specifies non-existent client ID (#7044) 2022-01-25 14:42:45 +00:00
Viktor Kolomeyko
835321bb70
ENT-6286: OS: Upgrade version of Artemis to 2.19.1 (#6975)
Fixes DDoS attack mentioned on the Jira ticket.

PR upgrades Artemis library to version 2.19.1.
This is our own release of Apache Artemis library which has vulnerability fix for v2.20 applied.

**_Breaking changes discovered during Artemis upgrade:_**
1. When the queue is created as temporary, it needs to explicitly be specified as non-durable.
2. By default, Artemis Client performs Host DNS name check against the certificate presented by the server. Our TLS certificates fail this check and this verification has to be explicitly disabled, see use of: `TransportConstants.VERIFY_HOST_PROP_NAME`.
3. Artemis Server now caches login attempts, even unsuccessful ones. When we add RPC users dynamically via DB insert this may have an unexpected outcome if the user with the same `userName` and `password` was not available previously.
To workaround permissions changing dynamically, authorization and authentication caches had to be disabled.
4. When computing `maxMessageSize`, the size of the headers content is now taken into account as well.
5. Artemis handling of start-up errors has changed. E.g. when the port is already bound.
6. A number of deprecated APIs like: `createTemporaryQueue`, `failoverOnInitialAttempt`, `NullOutputStream`, `CoreQueueConfiguration`.
7. Log warning message is produced like: `AMQ212080: Using legacy SSL store provider value: JKS. Please use either 'keyStoreType' or 'trustStoreType' instead as appropriate.`
8. As reported by QA, Artemis now produces more audit logging more details [here](https://r3-cev.atlassian.net/browse/ENT-6540). Log configuration been adjusted to reduce such output.
2022-01-21 09:18:14 +00:00
Edoardo Ierina
82a114a329
[DRAFT] feat/CORDA-3823-hash-agility-qa-ready (#6789)
* wip

* wip

* wip (need to review IEE comments)

* wip

* wip

* Small refactoring, fixed network-verifier's TestNotaryFlow

* Added command line option to explicitly enable hash agility support

* wip-do-not-push

* wip

* wip

* wip

* aligned merkletree/transaction hash algorithms

* wip

* Added mixed algorithm support for nodes vs leaves and corrected mixed algorithm tests

* moved global computeNonce and componentHash to DigestService

* added comment for failing test to fix

* wip

* Minor cleanups, added deprecated componentHash/computeNonce

* restored exploratory changes to failing SignedTransaction test

* cleaned up and minor rafactoring

* Fixed some tests with hardcoded hash algorithm

* some changes and cleanups following code review

* WIP commit before large change

* WIP Fixed 3 tests

* WIP removed direct references to randomSHA256() and sha256()

* Updated/added liquibase migrations to support larger hash algorithms

* Reviewed, cleanups, comments, fixes

* removing direct references to sha256()

* WIP verifying obligations test errors

* reviewing obligation/attachment issues with sha3_256

* Full review before PR - intermediate commits

* Reviewed and cleaned up

* Futher cleanup

* Fixed partial tree backward compatible json and cleanups

* all tests passing

* Removed couple of unused imports

* Reworked global componentHash function to avoid deprecated warnings

* replaced SHA3s with some alternate SHA2s

* Removed SHA3-256 and SHA3-512 references

* fixed some tests using non ubiquitous hash algorithms

* Fixed ABI compatibility (not for TransactionBuilder)

* Fixed ABI compatibility to TransactionBuilder

* couple of fixes

* fixed DigestService's randomHash

* Removed constructor with loosely typed args for private constructor of LedgerTransaction class (API removal)

* re-introduced LedgerTransaction deprecated ctor for deserialization

* Add possibility to load CustomMessageDigest bypassing JCA (#6798)

* Change api-current for DigestAlgorithm

* disable flaky tests

Co-authored-by: Denis Rekalov <denis.rekalov@r3.com>
2020-11-05 22:05:29 +00:00
Denis Rekalov
551b3f0811
CORDA-4054: combine different identities of the same notary after its key rotation (#6734) 2020-10-16 13:53:04 +01:00
Ryan Fowler
ed9f6f0ce1 Merge branch 'release/os/4.6' into rfowler-os-4.6-ent-4.6-20200922 2020-09-22 11:42:00 +01:00
Dan Newton
317b59ab9d
NOTICK Fix kill flow standalone rpc client test (#6721)
Test was flaky because the flow can finish below it can be killed,
therefore failing the test. Sleep for 1 minute instead to give plenty of
time for the test.
2020-09-18 15:15:44 +01:00
Ryan Fowler
83ec8289b6
ENT-5492 Let the MissingAttachmentException through the RPC (#6719)
* CORDA-4036: Put the identity failures on the same log so they aren't missed.

* ENT-5492: Let the MissingAttachmentException propagate out
2020-09-16 16:41:11 +01:00
Dan Newton
bd7b96e816
ENT-5768 startFlowWithClientId permissions (#6708)
Do not let a user reattach to a flow started by another user.

Reattaching to a flow using startFlowWithClientId for a flow not
started by the current user throws a PermissionException

Reattaching to a flow using reattachFlowWithClientId for a flow not
started by the current user returns null.

finishedFlowsWithClientIds does not return flows started by other
users.

Normal rpc permissions around startFlowWithClientId and
startFlowDynamicWithClientId has also been added.

To allow admins to remove client ids as well as be able to see all the
client ids on the node, admin versions have been added that bypass the
user restrictions. These can be permitted via rpc to only provide
their usage to admins.
2020-09-16 16:11:06 +01:00
Kyriakos Tharrouniatis
6829be7ae9
ENT-5754 - RPC startFlow cannot reattach to existing client id flows when flows draining mode is enabled (#6707)
* Make existing client id flows re-attachable via rpc 'startFlow' when flows draining mode is enabled

* Fix detekt issue

* Remove unneeded/ unreached waiting on flow's return future
2020-09-15 09:04:17 +01:00