* Add support for external data source of access control data (RPC/Shell users credential and permissions), with optional in-memory caching.
* Support password encoded with Apache Shiro fully reversible Modular Crypt Format.
* Introduce 'security' field in Node configuration and related docsite page.
* JMX Jolokia instrumentation WIP (driverDSL, webserver, cordformation, hibernate statistics, access policy config file hardening)
* Cordformation changes to support jolokia agent instrumentation at JVM startup.
* Minor updates to reflect usage of Jolokia 1.3.7 (which uses slightly different .war naming)
* Use relative path reference in -javaagent to prevent problem with long path names with spaces.
* Fixed incorrect regex pattern and added assertion to test.
* Enable JMX monitoring.
* Reporting of Hibernate JMX statistics is configurable (by default, only switched on in devMode)
* Make Artemis JMX enablement configurable.
* Re-instate banning of java serialization.
* Improve JUnit.
* Fixes following rebase from master.
* Re-instated correct regex for picking up Jolokia agent jar.
* Fixed broken integration test.
* Updated documentation
* Updated following PR review feedback.
* Fixed compilation error caused by change in DriverDSL argument type.
* Fixed compilation error caused by change in DriverDSL argument type.
* Fail fast if jolokia-agent-jvm.jar is not located.
* Applied changes in cordformation following review feedback from CA.
* Rename certificate types
* Create separate certificate type for confidential identities
* Add name constraints to dev node CA
* Move dev node CA into getTestPartyAndCertificate()
This removes any need for the user implement and override types from the
super class
* CORDA-786 - Docs update
* CORDA-786 - Remove unneeded second annotation on the proxy objects
* Fix merge conflicts
* Improved SQL scripts for SQL Server and Azure to drop user/permissions on class setup not on test setup
* Set Micorsoft JDBC driver as compile time dependency.
* Database testing description.
* New table node_mutual_exclusion added to SQL test setup scripts.
* Remove MockServices.stateMachineRecordedTransactionMapping which does nothing
* Inline StateLoaderImpl
* Remove unused MockServices
* MockServices well-known identities not needed in a place
* A few things don't need a full-blown ServiceHub
* Integration test are parameterised (extends IntegrationTest) to run against a remote database with 4 db scripts run @BeforeClass, @Before, @After and @AfterClass.
* SQL script for SQL Azure and SQL Server databases and templates of JDBC configuration.
Main differences preserved in Enterprise version:
* constants.properties: platform version 1 (OS has 2)
* gradle-wrapper.properties: higher Gradle version gradle-4.3.1 (OS has gradle-4.3)
* Driver.kt - setting system property "user.dir"
* Generate networkParameteres for Cordformation.
Fix deployNodes task in Cordformation to generate NetworkParameters before running the nodes.
Add TestNetworkParametersGenerator utility loaded after node infos generation step.
* Get rid of bouncy castle provider dependency
For cordform-common. It caused problems with loading our custom
X509EdDSAEngine for generation of network parameters in deployNodes
task.
* new network map object for network map, and verify signature and root in Signed network map and node info
* fixup after rebase
* * added certificate and key to network map server
* move DigitalSignature.WithCert back to NetworkMap.kt, as its breaking API test, will raise another PR to move it back.
* Make DigitalSignature.WithCert not extend WithKey, as per PR discussion.
* various fixes after rebase.
* move Network map back to core/node, as its breaking API test
* revert unintended changes
* move network map objects to node-api
1. The runRPCCashIssue and runWebCashIssue gradle tasks didn't work because they were using the wrong ports
2. Notary lookup was failing because the lookup name didn't include the correct CN for the notary name (this slipped through when reverting the network parameters)
The ports change occurred in #1922 which was attempting the fix the runIssuer gradle task. This is actually a misleading and redundant task as all it does is start up the nodes, which is what the documented deployNodes already does. The ports runIssuer allocated to the nodes were different to the ones specified in deployNodes.
To make sure we have integration tests which closely match deployNodes, the BoC demo has been updated to make use of CordformDefinition. This keeps the node definitions in one place, removing the need to have disparate files in sync. runIssuer has been removed.
* make node info file copying optional by setting "compatabilityZoneURL" in driver
integration test for node using http network map using driver
some bug fixes
* rebase to feature branch and fixup
* add initialRegistration flag to driver
* remove useFileBaseNetworkMap flag, add network map server to DriverTest
* remove useFileBaseNetworkMap flag, add network map server to DriverTest
* use PortAllocation.Incremental instead of random
* * use PortAllocation.Incremental instead of random
* fix NodeInfoWatcher thread leak issue
* reset scheduler before create notary
* move port allocation out of companion object
* move port allocation out of companion object
* make node info file copier lateinit to avoid observable thread pool get created on init
* Coin selection for SQL Server/Azure
* Transaction isolation level change for updateInfoDB in PersistentNetworkMapCache from "repeatableRead" to "readCommitted"
* Configuration option to prefix all Hibernate generated SQL with a schema name via a configuration property `database.schema`
* Fix negative value in SELECT TOP query (fix for Oracle db)
* Revert "CORDA-296: added rpc that returns an observable for node state (#2004)"
This reverts commit 7d1f7ab
* Revert "CORDA-296: added rpc that returns an observable for node state (#2004)"
This reverts commit 7d1f7ab
Previously when de-anonymising a Party instance, the name of the Party was used rather than
the key, meaning a Party could be constructed with a random nonsense key and any name, and be treated as corresponding to the well known identity. This is not a security hole in itself as
in any real scenario a party shouldn't be trusted without having been registered, it creates
a significant risk of a security hole depending on how trusted the anonymous identity is, and
the returned identity is considered.
Pass notary identity into flow in `NodeStatePersistenceTests` rather than resolving it from the network map cache, which avoids a race condition between the flow starting and the notary registration being sent to the cache.
* consistent storage of Issuer Reference using `ByteArray` Kotlin type in Schema definition and a custom Hibernate Type to map this to a VARBINARY database type.
Creation of a new Issued type now also validates maximum size permissible (512).
* Clean up identities in CashTests so that the mini/mega corp keys and identities are correctly
paired together throughout. Previously `miniCorpServices` presented the same key as the
MegaCorp identity, but with the name Mini Corp attached.
* Correct key/name matches in VaultWithCashTest
* Split services in CashTests to not have multiple identities per service hub
* Removal of transaction contract state as BLOB in VaultStates table.
Transaction contract state now resolved using StateLoader (from DBTransactionStorage).
Fixed broken JUnits.
* Changes to address review comments by RP
Address logic error.
* Fixed failing JUnit (CashExitFlowTests.exit zero cash).
* Fix VaultQueryTests to respect transaction visibility boundaries.
* Adopt consistent use of "session" using DatabaseTransactionManager.
* Removed redundant transaction demarcation boundaries in Vault Query tests.
* Added explicit table names (mostly for join tables).
* Shorten or alter name of 2 tables backing notaries.
* Change a compound index declaration to one column index.
Detangle issuers in NodeVaultServiceTest, which has been using two keys on a single node, for different
issuing identities, which doesn't work right now because we don't actually have multiple identity support.
Also remove duplicate data in parameters to fillWithSomeTestCash().
Commit 359610ff14 didn't fully covered:
* Integration tests extends IntegrationTest class which can run SQL scripts before and after a test and before and after test class.
*Driver.kt creates notaries without a table name prefixes (separation is achieved by using different user/schema).
*Revert wrongly altered H2 JDBC connection string for tests.
Full requires the command to be `closed` before it can be removed from
the log during compaction. We don't close commands, thus and retaining
the log forever, allowing users to increase the cluster size. The
downsize is the unbounded growth of the size of the log.
Cluster membership changes need testing.
* Network map cache using Network map client instead of artemis. -- WIP
* fix up after rebase
* address PR issues, split network map update test, added todos to remove sleeps
* move jimfs and baseDir to field variable
* Additional database confing and implied property ${nodeOrganizationName}.
* Integration tests extend from base class which allows to configure database connection (in-memory/remote db) and to run setup/tear down SQL scripts.
Ensure when registering identities, we store the certificate closest to the trust root, with the same name. This ensures that looking up an identity by name produces the best match, not earliest registered identity (often but not necessarily the same).
* CORDA-296: added rpc that returns an observable for node state; used to let rpc clients know that the know is about to shut down
* replaced node shut down observation String with enum
Most uses where with MockNetwork which recently got a defaultNotaryIdentity property for dealing with the default single notary case. The remaining uses where in flows.
* Extracted out ShutdownManager into its own file
* Moved RPCDriver and ProcessUtilities into internal package
* Made n.c.testing.performance package internal
network-parameters file read in by the node at startup, of which only the list of notaries is used. For now, the driver and MockNetwork have been updated to require notaries to be started first. This is so that the same set of network parameters can be defined for all the nodes.
CN in the legal name is not longer disallowed since it's no longer reserved for distributed notary names.
Single-node notaries now only have one identity, their main identity. Nodes part of a cluster continue to have two.
(Based off Kasia's work)
* [CORDA-446] Clean up other mentions of network map node and logic
* Rename AbstractNetworkMapService to NetworkMapService and remove the empty NetworkMapService
* fix build
* fix artemismessaging tests
* pr comments
approach which assumes a dedicated node for observers: states that are
reported to the node will appear in the database and update feeds as
normal. Apps that expect all updates to be relevant to themselves may
need adjusting if they run on an observer node too, but this is likely
to be rare.
* CORDA-351: force update dependencies and suppress vulnerabilities not affecting corda
* CORDA-351: force update dependencies and suppress vulnerabilities not affecting corda
* Check array size before accessing
* Review fixes
* CORDA-540: Make Verifier work in AMQP mode (#1870)
* reference to finance module via not hardcoded group ID (#1515)
* generic way to reference to group id when loading finance.jar via cordapp
* Fixed the node shell to work with the DataFeed class
* Attempt to make NodeStatePersistenceTests more stable (#1895)
By ensuring that the nodes are properly started and aware of each other before firing any flows through them.
Also minor refactoring.
* Disable unstable test on Windows (#1899)
* CORDA-530 Don't soft-lock non-fungible states (#1794)
* Don't run unlock query if nothing was locked
* Constructors should not have side-effects
* [CORDA-442] let Driver run without network map (#1890)
* [CORDA-442] let Driver run without network map
- Nodes started by driver run without a networkMapNode.
- Driver does not take a networkMapStartStrategy anymore
- a new parameter in the configuration "noNetworkMapServiceMode" allows for a node not to be a networkMapNode nor to connect to one.
- Driver now waits for each node to write its own NodeInfo file to disk and then copies it into each other node.
- When driver starts a node N, it waits for every node to be have N nodes in their network map.
Note: the code to copy around the NodeInfo files was already in DemoBench, the NodeInfoFilesCopier class was just moved from DemoBench into core (I'm very open to core not being the best place, please advise)
* Added missing cordappPackage dependencies. (#1894)
* Eliminate circular dependency of NodeSchedulerService on ServiceHub. (#1891)
* Update customSchemas documentation. (#1902)
* [CORDA-694] Commands visibility for Oracles (without sacrificing privacy) (#1835)
new checkCommandVisibility feature for Oracles
* CORDA-599 PersistentNetworkMapCache no longer circularly depends on SH (#1652)
* CORDA-725 - Change AMQP identifier to officially assigned value
This does change our header format so pre-cached test files need
regenerating
* CORDA-725 - update changelog
* CORDA-680 Update cordapp packages documentation (#1901)
* Introduce MockNetworkParameters
* Cordformation in Kotlin (#1873)
Cordformation rewritten in kotlin.
* Kotlin migration
* Review Comments
* CORDA-704: Implement `@DoNotImplement` annotation (#1903)
* Enhance the API Scanner plugin to monitor class annotations.
* Implement @DoNotImplement annotation, and apply it.
* Update API definition.
* Update API change detection to handle @DoNotImplement.
* Document the `@DoNotImplement` annotation.
* Experimental support for PostgreSQL (#1525)
* Cash selection refactoring such that 3d party DB providers are only required to implement Coin Selection SQL logic.
* Re-added debug logging statement.
* Updated to include PR review feedback from VK
* Refactoring following rebase from master.
* Fix broken JUnits following rebase.
* Use JDBC ResultSet getBlob() and added custom serializer to address concern raised by tomtau in PR.
* Fix failing JUnits.
* Experimental support for PostgreSQL: CashSelection done using window functions
* Moved postgresql version information into corda/build.gradle
* Using a PreparedStatement in CashSelectionPostgreSQLImpl
* Changed the PostgreSQL Cash Selection implementation to use the new refactored AbstractCashSelection
* * Retire MockServiceHubInternal (#1909)
* Introduce rigorousMock
* Add test-utils and node-driver to generated documentation
* Fix-up: Bank Of Corda sample (#1912)
In the previous version when running with `--role ISSUER` the application failed to start.
The reason was that in spite of `quantity` and `currency` were optional,
un-necessary `requestParams` been constructed regardless.
* move SMM
* Interface changes for multi-threading
* CORDA-351: added dependency check plugin to gradle build script (#1911)
* CORDA-351: added dependency check plugin to gradle build script
* CORDA-351: Added suppression stub file with example
* CORDA-351: added suppresionFile property
* CORDA-435 - Ensure Kryo only tests use Kryo serializatin context
Also correct lambda typos (from lamba)
* Network map service REST API wrapper (#1907)
* Network map client - WIP
* Java doc and doc for doc site
* remove javax.ws dependency
* NetworkParameter -> NetworkParameters
* move network map client to node
* Fix jetty test dependencies
* NetworkParameter -> NetworkParameters
* Address PR issues
* Address PR issues and unit test fix
* Address PR issues
* Fixing Bank-Of-Corda Demo in `master` (#1922)
* Fix-up: Bank Of Corda sample
Use correct CorDapp packages to scan
(cherry picked from commit 2caa134)
* Set adequate permissions for the nodes such that NodeExplorer can connect
(cherry picked from commit ae88242)
* Set adequate permissions for the nodes such that NodeExplorer can connect
(cherry picked from commit ae88242)
* Correct run configuration
* Fix-up port numbers
* CORDA-435 - AMQP serialisation cannot work with private vals
They won't be reported as properties by the introspector and thus we
will fail to find a constructor for them. This makes sense as we will be
unable to serialise an object whose members we cannot read
* CORDA-435 - AMQP enablement fixes
AMQP has different serialization rules than Kryo surrounding the way we
introspect objects to work out how to construct them
* [CORDA-442] make MockNetwork not start a networkmap node (#1908)
* [CORDA-442] make MockNetwork not start a networkmap node
Now MockNetwork will put the appropriate NodeInfos inside each running node networkMapCache.
Tests relating to networkmap node starting and interaction have been removed since they where relaying on MockNetwork
* Minor fix for api checker script to support macOS
* Retrofit changes from Enterprise PR #61 (#1934)
* Introduce MockNodeParameters/Args (#1923)
* CORDA-736 Add some new features to corda.jar via node.conf for testing (#1926)
* CORDA-699 Add injection or modification of memory network messages (#1920)
* Updated API stability changeset to reflect new schema attribute name.
* Standardisation of Public Keys in Schema entities. (#68)
* Standardisation in usage of Public Keys in Schema entities.
Use PK Hash where optimal, otherwise use ByteArray/LOB representation of PK.
* Redundant after rebase.
* Use .encoded and Crypto.decode<Public|Private>Key(bytes) instead of Corda serialization.
* Optimize DBPartyAndCertificate entity to store and query on ownerKeyHash.
* Updated API stability check for schema attribute change.
* [CORDA-442] make MockNetwork not start a networkmap node
Now MockNetwork will put the appropriate NodeInfos inside each running node networkMapCache.
Tests relating to networkmap node starting and interaction have been removed since they where relaying on MockNetwork
They won't be reported as properties by the introspector and thus we
will fail to find a constructor for them. This makes sense as we will be
unable to serialise an object whose members we cannot read
* Standardisation in usage of Public Keys in Schema entities.
Use PK Hash where optimal, otherwise use ByteArray/LOB representation of PK.
* Redundant after rebase.
* Use .encoded and Crypto.decode<Public|Private>Key(bytes) instead of Corda serialization.
* Optimize DBPartyAndCertificate entity to store and query on ownerKeyHash.
* Cash selection refactoring such that 3d party DB providers are only required to implement Coin Selection SQL logic.
* Re-added debug logging statement.
* Updated to include PR review feedback from VK
* Refactoring following rebase from master.
* Fix broken JUnits following rebase.
* Use JDBC ResultSet getBlob() and added custom serializer to address concern raised by tomtau in PR.
* Fix failing JUnits.
* Experimental support for PostgreSQL: CashSelection done using window functions
* Moved postgresql version information into corda/build.gradle
* Using a PreparedStatement in CashSelectionPostgreSQLImpl
* Changed the PostgreSQL Cash Selection implementation to use the new refactored AbstractCashSelection
* Enhance the API Scanner plugin to monitor class annotations.
* Implement @DoNotImplement annotation, and apply it.
* Update API definition.
* Update API change detection to handle @DoNotImplement.
* Document the `@DoNotImplement` annotation.
* [CORDA-442] let Driver run without network map
- Nodes started by driver run without a networkMapNode.
- Driver does not take a networkMapStartStrategy anymore
- a new parameter in the configuration "noNetworkMapServiceMode" allows for a node not to be a networkMapNode nor to connect to one.
- Driver now waits for each node to write its own NodeInfo file to disk and then copies it into each other node.
- When driver starts a node N, it waits for every node to be have N nodes in their network map.
Note: the code to copy around the NodeInfo files was already in DemoBench, the NodeInfoFilesCopier class was just moved from DemoBench into core (I'm very open to core not being the best place, please advise)
Move from `chooseIdentity()` to `singleIdentity()` where tests use a single identity, or to fetching by name where multiple identities are present, so we stop using the first identity as special.
* Fixed AbstractNode to load custom notary services properly.
Added a custom notary sample.
* Prevent multiple custom notaries from being loaded
* Throw if more than once custom notary service is loaded
Rework identity usage in tests to extract identity from nodes by name, rather than just arbitrarily choosing the first identity. This better models the intended design for production (future work).
Let NodeInfoWatcher create the directory it wants to poll at startup.
Also log failure in creating the directory, but don't log anything if it can be found at poll time.
Remove all the Kotlin functions with spaces in them since the Android doesn't support them.
See https://github.com/corda/corda/issues/1730 for a more in-depth discussion.