* Initial look at restricting artemis user based on connection port
* Consolidate RPC and RPCAdmin broker types
* First pass at consolidating into single P2P and RPC broker. Passes at least one integration test (NodeRPCTests)
* Detekt fixes
* Fix dependencies of BridgeSmokeTest
* Close RPC security manager on shared broker close
* Fix return type from authenticate method to be nullable
* Fix AuthDBTests by stopping caching of RPC users failed logins and now correct permission exception is returned by RPC when user is revoked
* Fix port binding error reporting
* Fix null user to be treated as RPC user, and changed expectation of missing queue to be a permissions failure
* Fix MQSecurityAsRPCTest to have correct expectations
* Fix detekt
* Fix RPCSecurityManagerTest for change in exception thrown
* Added new tests for RPC user deletion and password change
* New RPC test for user password change (old password fails) and reduced caching time of authentication and authorisation, from 1 hour to 10 seconds, of P2P connections now they don't check expensive CRLs.
* Confine max message size checking to P2P port only
* Upgrade to Artemis 2.37.0
* Remove issuance tests as involves no P2P
* Remove issuance tests as involves no P2P
* Upgrade Artemis MQ and Proton-J
* Appease detekt to remove magic numbers
* Fix qpid jms to be a version that is compatible with our code. No correlation with qpid version.
* Fix deprecated methods
* Revert "Appease detekt to remove magic numbers"
This reverts commit ae7942013ff3ca0f82c71d71177f8037cfeb2d66.
* Revert "Remove issuance tests as involves no P2P"
This reverts commit c5dda17bd8182ecb83dd61bfa9ff658cff114f92.
* Revert "Remove issuance tests as involves no P2P"
This reverts commit 9166541608d12952aa19e8f0c5d0cea2320da9c2.
* Add a constant for qpid version
---------
Co-authored-by: Ryan Fowler <ryan.fowler@r3.com>
* ENT-11728: Force use of LTS version of BC everywhere.
* ENT-11728: Removed extra task left in.
* ENT-11728: Revert to the now released 2.73.6 version of BC.
* ENT-11728: Switched to LTS version of BC. Also removed PQC algos as not supported in LTS.
* ENT-11728: Removed the SPHINCS PQC algorithm.
* ENT-11728: Added dependency on bcutil to fix missing class error.
The various crypto tests that were previously ignored have been re-enabled.
The abandoned i2p EdDSA library has been replaced with native support that was added in Java 15.
Java 17 (via the `SunEC` provider) does not support the secp256k1 curve (one of the two ECDSA curves supported in Corda). This would not normally have been an issue as secp256k1 is already taken care of by Bouncy Castle. However, this only works if the `Crypto` API is used or if `”BC”` is explicitly specified as the provider (e.g. `Signature.getInstance(“SHA256withECDSA”, “BC”)`). If no provider is specified, which is what is more common, and actually what the Java docs recommend, then this doesn’t work as the `SunEC` provider is selected. To resolve this, a custom provider was created, installed just in front of `SunEC`, which “augments” `SunEC` by delegating to Bouncy Castle if keys or parameters for secp256k1 are encountered.
`X509Utilities.createCertificate` now calls `X509Certificate.verify()` to verify the created certificate, rather than using the Bouncy Castle API. This is more representative of how certificates will be verified (e.g. during SSL handshake) and weeds out other issues (such as unsupported curve error for secp256k1).
`BCCryptoService` has been renamed to `DefaultCryptoService` as it no longer explicitly uses Bouncy Castle but rather uses the installed security providers. This was done to fix a failing test. Further, `BCCryptoService` was already relying on the installed providers in some places.
The hack to get Corda `SecureRandom` working was also resolved. Also, as an added bonus, tests which ignored `SPHINCS256_SHA256` have been reinstated.
Note, there is a slightly inconsistency between how EdDSA and ECDSA keys are handled (and also RSA). For the later, Bouncy Castle is preferred, and methods such as `toSupportedKey*` will convert any JDK class to Bouncy Castle. For EdDSA the preference is the JDK (`SunEC`). However, this is simply a continuation of the previous preference of the i2p library over Bouncy Castle.
"WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance." warning was being caused by log4j. Latest version fixes this issue.
This requires Kotlin 1.2 versions of core and serialization (core-1.2 and serialization-1.2 respectively), which are just "shell" modules and which compile the existing source code with Kotlin 1.2. The 1.2 plugin does not work with the current version of Gradle and so the 1.2 compiler has to be called directly.
Now with two versions of Kotlin in the code base, each module needs to have its version manually specified to ensure a clean separation. Otherwise, the default Kotlin version can override 1.2 when needed.
Some of the code was tidied-up or improved to enable it to be cross-compiled. For post-1.2 APIs being used, they have been copied into core-1.2 with the same method signatures. OpenTelemetryComponent was moved to node-api, along with the dependency, to avoid also having a 1.2 version for the opentelemetry module.
* Updated mockito version and removed ignored annotation to relevant test cases
* Updated mockito version and removed ignored annotation to relevant test cases
