Correct behaviour of anonymousToParty() in identity API; it previously presumed any Party was a well known
identity, now it tries to look up the well known identity irrespective of whether it's been given a full
party or not.
* flows: Add StackDump, debugStackDump, test (doesnt work)
* Polishing Quasar dump feature, extending it with persisting to a file, adding integration tests
* Addressing review comments
* Addressing 2nd round of review comments
* Refactoring implementation according to Shams suggestion
* Reverting changes and restoring the feature to be the part of the core API
* Switching to ServiceLoader
*Remove dummy public keys in preference for EdDSA keys generated from fixed entropy sources, as a more accurate reflection of real uses. Also eliminates a serialization format issue with dummy keys which would have to be resolved otherwise.
* Remove deprecated 'by' keyword from contracts DSL
* Remove deprecated parts of CordaPluginRegistry
* Merge identity registration of well known and confidential identities
* Move verification logic into PartyAndCertificate from IdentityService
* Add note about why PartyAndCertificate exists
checkSignaturesAreValid() calls TransactionSignature.verify(), which throws InvalidKeyException but
checkSignaturesAreValid() did not indicate it could throw InvalidKeyException.
* Added JPA AbstractParty converter (using IdentityService to resolve anonymous parties).
* Use partyFromX500Name. Add meaningful exception messages.
* AutoApply the JPA AbstractParty converter.
* Entity attribute still needs the Convert annotation.
* Fix incorrect registration of custom attribute converter.
* Deal with non-resolvable anonymous parties (eg. store as null and ignore)
* Updates following PR review feedback.
* Added documentation.
* Added entry to changelog.
* Added code documentation as per RN PR feedback request.
* Updates required following rebase from master.
* Renamed converter for clarity.
Fixup after rebase
Fixup after rebase
Make node have only test compile dependency against finance module.
Use original query code.
Fixup after rebase
Update docs
Edit docs
Add to changelog
Follow recommendations from PR
Follow recommendations from PR
Make a re-usable helper function to create MockServices with database for tests
Tweak a few comments
Don't include tryLockFungibleStateForSpending in soft lock docs.
Respond to PR comments
Fix whitespace error
Fix compile error
Fixup after rebase
* Improvements to Vault Query Service soft locked state querying (removed old mechanism from VaultService).
* Fixed rst document formatting.
* Added additional soft locking criteria mode: all unlocked plus those locked as specified by lockId(s).
* Addressed comments from PR feedback.
* WIP - Removed data Vending services, fixed all flow test
* * separated out extra data, extra data are sent after the SendTransactionFlow if required
* New SendProposalFlow for sending TradeProposal, which contains StateAndRef.
* WIP
* * removed TradeProposal interface.
* changed SendProposalFlow to SendStateAndRefFlow, same for receive side.
* fixup after rebase.
* * undo changes in .idea folder
* * remove unintended changes
* * Addressed PR issues
* * doc changes
* * addressed pr issues
* moved ResolveTransactionsFlow to internal
* changed FlowLogic<Unit> to FlowLogic<Void?> for java use case
* * addressed PR issues
* renamed DataVendingFlow in TestUtill to TestDataVendingFlow to avoid name confusion, and moved it to core/test
* * removed reference to ResolveTransactionsFlow
* Expose a JDBC connection (session) via the ServiceHub for generic JDBC usage.
* Updated documentation.
* Fix failing JUnit following rebase from master.
* JDBC session Tutorial WIP
* Fix broken JUnits following update to consumeCash() using observable event update as return.
* Fixed broken JUnits.
* Refactoring createSession() into new CordaPersistence class following rebase from master.
* Updated fully working example.
* Minor updates following feedback from MH.
* Fixed compiler error following rebase.
* Fixes following rebase from master.
* Further updates and clarifications to documentation.
* Updated all sample code to use new Vault Query service APIs.
* Fix broken Unit test.
* Added missing transaction boundary.
* Fix broken ScheduledFlow test (caused by assertion on non-ordered collection)
* Remove redundant negative test (as new Vault Query no longer returns iterators).
* Whitespace formatting fixed following PR review from SA.
* Force query to specify a PAGE SIZE equivalent to total states to be exited (RP review comment).
* Use single (and fail fast) instead of first - when only expecting a single result.
* Demonstrate paging and sorting; failfast on single expected result.
* Enhancement: added Sorting by CommonStateAttribute (StateRef txnId and index)
* Fix: incorrect total states count.
* Fixed incorrect total states counting.
* Remove redundant filter (UNCONSUMED).
* Updated tutorial code and associated documentation (building transactions).
* Updated all vaultAndUpdates to vault[Track|Query]By.
* Temporary disable failing Vault Query tests (awaiting pagination PR fix).
* Rebase from master to pick up pagination changes/fix.
* Fixed criteria filter on track.
* Cleanup redundant print output.
* Refactor to extract common function for Vault Query paging and sorting.
* Identified problem in SimmValuation demo failing test caused by query by single participant in participants list (not yet supported in VaultQuery criteria).
* Minor fixes following rebase from master.
* Minor updates following rebase.
* Removed redundant import.
* Fixed type casting error.
* Minor fixes following rebase from master.
* VQ Fix - applied in other PR.
* Removed duplication after rebase and minor fix to failing smoke test.
* No longer create obsolete "attachments" directory
* Remove redundant NodeAttachmentService param
* Add type param to MockNetwork.Factory to eliminate casts
* Use null not -1 for unforced node ID
* Remove redundant createNode args
Swap ints to shorts for storing chars as there is no point wasting the
16 bits otherwise
Add better char tests, i.e. Unicode points that aren't going to fit into
the bottom 8 bits
This fix really only applies to the testing case where, to test the
carpenter as it integrates with the deserialzer we need classes not
found on the class path. To do this they can be created by a second
class carpenter
However, the original carpenter *always* added SimpleFieldAccess as an
interface to the class it would be creating. Under normal circumstances
that's fine as that interface wouldn't be in the list of interfaces
given to the carpenter for the class it's being asked to created.
However, if as described above the carpenter schema was synthesised from
a class that was carpented it will.
If this happens we get an error as understandably you can't have a
duplicate interface.
Fix is to simply check weather the list of interfaces the schema
describes and only add SimpleFieldAccess if it isn't on it
The recent changes that were put in to allow chars to be serialised at
all failed to take into account nullability and thus if a char was null
and that object was first serlialised then desierliased it would throw
a NPE
* Introduce new NotaryChangeWireTransaction (similar to WireTransaction and NotaryChangeTransaction (similar to LedgerTransaction) types.
Remove 'mustSign' and 'signers' fields from transactions
Deprecate the TransactionType concept. When receiving a SignedTransaction, the verification and signature checking branches out for regular and notary change transactions.
Add custom handling logic for notary change transactions to the vault
We were relying on the Java typename conversion to work for our AMQP
envelope type selection, and only special casing arrays of primitives.
However with nested arrays this breaks as the intermediate serialises
for the nested arrays still have no idea as to what the underlaying type
is as the assumption will be being made that the type is a boxed
primitive.
Solution is to compute the typename properly, walking down the nested
array chain
* Cache deserialized rather than serialized WireTransaction. Prevent repeated deserialization when adding signatures to the SignedTransaction.
* Added a test to check that stx copying and signature collection still works properly after (de)serialization
Update to use LedgerTransaction api
Push query output logic onto BaseTransaction and update usages where possible
Migrate a few more uses
Address some PR comments
Address some PR comments
Fixup after rebase
* Registering anonymous identities now takes in AnonymisedIdentity
* AnonymousParty.toString() now uses toStringShort() to match other toString() functions
* Add verifyAnonymousIdentity() function to verify without storing an identity
* Replace pathForAnonymous() with anonymousFromKey() which matches actual use-cases better
* Add unit test for fetching the anonymous identity from a key
* Update verifyAnonymousIdentity() function signature to match registerAnonymousIdentity()
* Rename AnonymisedIdentity to AnonymousPartyAndPath
* Remove certificate from AnonymousPartyAndPath as it's not actually used.
* Rename registerAnonymousIdentity() to verifyAndRegisterAnonymousIdentity()
* POMs generated by publishing are now correct. The publish extension now requires an explicit call to configure the publishing instead of waiting until after evaluation. This prevents evaluation order issues with the artifact renaming code that causes the POM to have the original, incorrect, artifact names.
* Fixed new test compile issues caused by removal of some dependencies in test utils that caused webserver code to be automatically included in any project also compiling test utils.
* Implemented Kryo custom serializers for Field and KProperty types.
* Adjusted KPropertySerializer to use kotlin member properties upon read() due to failing RPC tests.
Added additional Kotlin and Java tests (CordaRPCClient, StandaaloneCordaRPCClient)
Annotated schemas to be CordaSerializable (required when referencing as KProperty in custom queries).
Cleanup some outstanding compiler warnings.
* Added client RPC Java integration and smoke tests to build.
* Clean up compiler warnings in Java tests.
* Fixed incorrect assertion expectation.
* Backed out Field and KProperty custom serializers.
* Backed out Field and KProperty custom serializers.
* Store VaultQueryCustom custom column references as name and class (from Java Field and Kotlin KProperty1 types respectively).
Custom serialization of Field and KProperty type no longer required.
* Removed blank lines as per RP review comments.
Enable anonymisation in integration testing tutorial, and as a requirement fix a bug where the counterparty anonymous
identity was not registered by `TransactionKeyFlow`.
* Change "for who" to "for whom"
* Don't pass parties to FinalityFlow, it can derive them automatically
* Create a basket of nodes instead of individually assembling nodes
* Switch two party trade flow tests to generate a full anonymous identity
* Rename some functions to more descriptive names
* Remove some egregious whitespace
* Revert some changes that were a dangling holdover from an aborted
refactoring - put it back how it was
* Move all alterations on the amqp schema object out of the actual
amqp/Schema file and have them live in the carpenter as extension
functions
* Move carpenter exceptions to their own file
* Rename the schema name corrupter to the name mangler
* reduce whitespace
* alter comment style
Squashed commit messages:
* Nested schema creation now works with dependencies recursvly created in
the carpenter
* Remove spurious prints from tests
* Remove warnings
* Don't add cladd member dep by name
Since that's the name of the field, not the type we depend on. If we do
we'll never actually be able to craft the type as the dependency chain
will be horribly broken
Various bug fixes
* Fix merge issue where types weren't being seen as Prims
* IntelliJ auto code cleanup / reformat
* Whitespace changes
* Add comment blocking as I like seeing it in files
A complete amqp schema can now be used to generate a set of carpetner
schemas representing all of the classes not found on the deserialzing
end.
A dependency and depdendent chain is setup such that all classes are
created in the order required
Squashed commit messages:
* IntelliJ reformat of the code
* Merge the interface synthesis changes and rebase onto the tip of master
Somethign is very broken in the AMQP -> Carpenter schema code but want a
commit so I at least know the actual carpenter is merged
* Nested schema creation now works with dependencies recursvly created in
the carpenter
* Unit test fixes
* Remove spurious prints from tests
* Remove warnings
* Don't add cladd member dep by name
Since that's the name of the field, not the type we depend on. If we do
we'll never actually be able to craft the type as the dependency chain
will be horribly broken
Various bug fixes
Unit tests that pull out the envelope from a deserialsed object (which
we have already serialised) then using the AMQP schema contained within
convert that to a carpenter schema and build an object
Currently testing only simple classes with a single type member
Squashed merge commits:
* Fix for the type issue in the SerializerFactory
Needs to pull in the actual Java types otherwise we use the Kotlin types
as the map keys which will never correspond to the java types that the
wrapper wraps around the primitive before doing a map lookup
Boolean just doesn't seem to work as pulling that in starts breaking
Kotlin and Character also seems broken. There is a fix for this also on
Rick's branch so pushing this in for now and can use his actual changes
when they're available on Master
* Better tests
* Add support for sub classes known to the JVM
* Initial work towards integrating serializer with the carpenter
Unit tests that pull out the envelope from a deserialsed object (which
we have already serialized) then using the AMQP schema contained within
convert that to a carpenter schema and build an object
Currently testing only simple classes with a single type member
Pass signature as null, not empty string, otherwise the class asm isn't
correct. Using javap at the command line prior to the fix yields
public class MyClass implements
net.corda.core.serialization.carpenter.SimpleFieldAccess {
protected final java.lang.Integer a;
descriptor: Ljava/lang/Integer;
public MyClass(java.lang.Integer);
descriptor: (Ljava/lang/Integer;)V
public java.lang.Integer getA();
descriptor: ()Ljava/lang/Integer;
public java.lang.Object get(java.lang.String);
descriptor:
(Ljava/lang/String;)Ljava/lang/Object;
Error: A serious internal error has occurred: java.lang.StringIndexOutOfBoundsException: String index out of range: 0
* Switch to using anonymous party as recipient
* Enable anonymisation for issuance as well as move in issuer flows.
* Pass notary into issuer flow rather than taking a notary at random from the network map.
* Enable anonymisation in Bank of Corda RPC test
* Parameterize issuer flow tests into anonymous and deanonymised versions
For testing I need to be able to mess with the schema before it gets
added to the envelope, extract the function where that happens and make
it open so the tests can do what they want
* Pagination improvements (fail-fast on too many results without pagination specification)
* Fix incorrectly returned results count.
* Performance optimisation: only return totalStatesAvailable count on Pagination specification.
* Changed DEFAULT_PAGE_NUMBER to 1 (eg. page numbering starts from 1)
* Changed MAX_PAGE_SIZE to Int.MAX_VALUE
* Fixed compiler WARNINGs in Unit tests.
* Fixed minimum page size check (1).
* Updated API-RST docs with behavioural notes.
* Updated documentation (RST and API);
* Provide sorting by state reference (and individual constituents of: txId, index)
* Fixed formatting.
* Updated import following rebase from master.
* Updated import following rebase from master.
Name Exceptions <blah>Exception
Swap null / non null annotations onto the correct classes
Don't shadow parameters with local vars
Explicitly handle Character Type
* Partial (ie. incomplete) implementation of Aggregate Functions.
* Completed implementation of Aggregate Functions (sum, count, max, min, avg) with optional grouping.
* Completed Java DSL and associated JUnit tests.
* Added optional sorting by aggregate function.
* Added Jvm filename annotation on QueryCriteriaUtils.
* Added documentation (API and RST with code samples).
* Incorporating feedback from MH - improved readability in structuring Java and/or queries.
* Remove redundant import.
* Removed redundant commas.
* Streamlined expression parsing (in doing so, remove the ugly try-catch raised by RP in PR review comments.)
* Added JvmStatic and JvmOverloads to Java DSL; removed duplicate Kotlin DSL functions using default params; changed varargs to lists due to ambiguity
* Fix missing imports after rebase from master.
* Fix errors following rebase from master.
* Updates on expression handling following feedback from RP.
* Identities returned from TxKeyFlow were backwards, meaning keys were incorrectly assigned to the remote and local identities. Added unit test covering this case and corrected the flow logic.
* Rename TxKeyFlow to TransactionKeyFlow
* Correct registration of transaction key flows
* Move TransactionKeyFlow.Provider into CoreFlowHandlers
* Move TransactionKeyFlow.Request up to the top level class instead of being a class within an object.
* Remove AbstractIdentityFlow and move the validation logic into individual flows to make it clearer that it's registering the received identities.
* Cash flows now return the recipient identity instead of full identity lookup, as this is what
the caller actually needs and simplifies a lot of cases.
Remove prohibition against non string object classes such as arrays
Squashed Commmits:
* Tidyup whitespace
* WIP
* Review Comments
* WIP - adding concept of nullabltily into the carpenter
* Add explicit nullable and non nullable fields
* Rebase onto master, fix package names in carpenter
* Fix https://github.com/corda/corda/issues/949 by providing a default StateStatus argument to all QueryCriteria types.
* Abstracted Common Criteria into its own abstract data class + associated visitor.
* Incorporating feedback from RP PR review.
Remove use of Sun internal APIs and algorithm identifiers (which are incomplete and non-standard) in Crypto. Also eliminates uncertainty about which signature scheme is being used (and therefore iterating through several to find the correct one).
* Add functions for:
* Retrieving nodes via their legal identity
* Filtering a set of public keys down to those the node has corresponding private keys for
* Modify contract upgrade flows to handle identifying participants after an anomymisation step
* Correct terminology: "party who" -> "party which"
* Modify CashIssueFlow and CashPaymentFlow to optionally use an anonymous identity for the recipient.
* Replace kotlin Pair with DataFeed data class
* remove unintended changes
* Replace Vault.PageAndUpdates with DataFeed data class
* Remove PageAndUpdates
* First stage of changing fields in NodeInfo.
Part of work related to NetworkMapService upgrade. Create slots for
multiple IP addresses and legalIdentities per node.
* NodeInfo stores HostAndPort.
Move information specific to messaging layer away from NodeInfo.
Only HostAndPort addresses are stored. Add peer name - peer handle
mapping to MockNetwork to reflect that change.
* Enforce that the identity service must always have a root CA specified, which all identities have
certificates signed by (or intermediaries of). Also adds a certificate store to the identity service
for help building/verifying certificate paths.
* Add a certificate store for the CA certificate and intermediaries
* Use the certificate factory directly to build paths rather than assembling them via an interim
API call. After reducing the complexity of the utility API, it's replacing two lines of code,
at which point it seems better to make the behaviour clearer rather than having a function
hide what's actually going on.
Added Kotlin extension functions for ease of use in simplest case.
Added missing Java contractType class (previously was forced cast of ContractState::class)
Fixed generic typing.
Addressed items raised in SA PR review.
Removed 2 blank lines.
Fixed generics typing.
Updates RST doc and grouped API helpers accordingly.
* Vault Query Service API implementation using JPA Hibernate
Added queryBy(QueryCriteria) Vault API and Junit tests.
Minor cosmetic API changes following rebase.
Fixes following rebase from master
Upgraded to requery 1.3.1
WIP - removed 'latestOnly' from LinearStateQueryCriteria
WIP - CommercialSchemas V2, V3, V4 testing
WIP - sort out generics handling.
WIP - most general queries completed.
WIP - join queries, contractStateType derivation
WIP - refactoring Requery
WIP - refactored VaultService to extract a VaultQueryService interface (and associated Requery implementation).
WIP - HibernateVaultQuery implementation
WIP - Re-structured all Schema definitions (requery/jpa) and make Hibernate Config reusable.
WIP - Multi-version schema testing, hibernate query testing.
WIP - Custom Criteria and Fungible Criteria impl & testing.
WIP - Kotlin Comparable Generics error
WIP - Party queries all working now
WIP - All VaultQueryTests now working (refactored for AND / OR composition)
WIP - added schema registration in CordaPluginRegistry to enable custom vault queries on arbitrary schemas.
WIP - added new default Sort NULL order to be NONE + added lots more tests for Logical Operator testing.
Mostly identity fixes following rebase from master.
Exception handling and public API cleanup in prep for PR.
Additional tests for Logical Operators; additional tests for NULLS sort ordering; additional logging;
Additional parser to handle Nullable attribute values; added Unary and Collection logical expression handlers
Lots of cleanup: participants; trackBy interfaces; additional fungible tests; parser cleanup and improved support for Java
Removed all traces of Requery implementation.
Further minor cleanup and Junit test fix.
Final identity and schema related identity clean-up.
Revert unrelated changes.
PR review updates: blank lines, isRelevant.
Fixed wiring of updatesPublisher for dynamic trackBy queries.
PR review changes: multi-versioned schema samples and associated dummy contracts moved to test packages.
Fixed problem with sorted queries (not specifying any filterable criteria).
PR review: minor updates to address RP comments.
Typesafe custom query criteria
Cleanup: remove redundant tests.
Further clean-up and make all Java test work successfully.
Remove debugging print statements.
Rebased from master - changes required due to DealState module change.
fixed broken assertion caused by DealState ordering change (different package)
Fixed transaction demarcation issue causing "java.lang.IllegalStateException: Was not expecting to find existing database transaction on current strand"
trackBy() now filters on ContractType and StateStatus (CONSUMED, UNCONSUMED, ALL)
Added tests to exercise RPCOps trackBy and queryBy (RPC smoke test and CordaRPCOps)
Added additional @CordaSerializable annotations.
Updated documentation and referenced sample code.
Added deprecation annotations.
Re-added missing deprecation annotation.
Hibernate debug logging is now configurable and disabled by default.
Introduced common Sort attributes based on the node schemas.
Completely removed NULL_HANDLING sort parameter as this is not supported in JPA.
Revisited and fixed usage of @CordaSerializable.
* Minor fix following rebase from master.
* Remove blank line as per RP PR feedback request.
* Minor Java documentation and example clean-up.
* Disable BFT Notary Service tests.
* The fancy classloader setup in Cordform.loadCordformDefinition is defeated by certificates in 2 ways
** Class cast when creating a cert (via TestConstants) in a CordformDefinition
** Some issue when persisting a cert in ServiceIdentityGenerator
* This PR is a quickfix to get the demos working again
* Proper fix (not this PR) is to work out why it's not enough for eddsa to be in the project runtime classpath - if it can be removed from the gradle environment that ought to properly fix the above problems
Use the certificate factory directly to build paths rather than assembling them via an interim
API call. After reducing the complexity of the utility API, it's replacing two lines of code,
at which point it seems better to make the behaviour clearer rather than having a function
hide what's actually going on.
Add extremely rough DER format encoding for CompositeKey so that they can be used in X.509 certificates,
and switch service identity generator to using the proper identity cert for signing.
* Fix BFT config that only worked with clusters of size 4
* Shutdown BFT properly so that tests can run back to back in theory
* Wait for initial connection between client and all replicas before touching it
* Add test for non-trivial BFT cluster
* Shutdown NodeBasedTest nodes in parallel, as BFT shutdown time is non-trivial
* Overlapping ports check no longer assumes all on localhost
* Fix overlapping ports test to actually check the messages
* Correct path composition in identity service tests
* Correct identity service certificate path verification to handle the owning certificate being anywhere in the path, rather than expecting it to be trust root
Correct construction of anonymous parties to use the first certificate (the target)
rather than the last (the trust root). Worked because early tests used single certificate
paths, but later work introducing multi-certificate paths reveal it's rather broken.
* Remove unused type param
* If we drop Runnable we can use conciser syntax
* Sometimes we need the fully-fledged object, so retire separate handle class
* Implement IntelliJ suggestion
Deterministic Key Derivation for ECDSA R1/K1 and EdDSA
* DKG description and comments
* Removing a (confusing) not-required comma in comments.
* rename deterministic and generate to derive
Matching can be done with case insensitive substrings in the identity service, RPC and shell. In future cleverer matching should be possible, e.g. using Lucene or RDBMS free text search features.
Modify generateExit to return full set of signing keys in preparation for anonymity work meaning
that owner and issuer keys are typically not the same.
All references to 'parties' now refer to the inherited 'participants' attribute from ContractState.
Samples: all duplicate references to `parties` now changed to `participants`.
Clean up cash tests ahead of anonymisation work. This simplifies some boiler plate setup/teardown
and ensures idenities and flows are correctly registered.
Fixed issue where Corda services installed in unit tests were not being marked as serialise as singleton. Also the driver now automatically picks up the scanning annotations. This required moving the NodeFactory used in smoke tests into a separate module.
Core corda publications and JARs now have cord or corda at the start (excluding gradle plugins). Removed an unnecessary dependency on test-utils in node-schemas to prevent an evaluation order bug in gradle.
* Increase max network map request size so the notary can register
* Suppress oracle service installation errors in non-oracle nodes
* Make demos automatically build capsule jars
* Fix how network visualiser displays node X500 names.
* Change locations of test nodes, so when used for explorer map visualisation not all of them are stacked one on another in London.
Change PartyAndCertificate to an aggregate class instead of a subclass of Party. This reduces the changes compared to M11, as well as avoiding risk of accidental serialization of a PartyAndCertificate (which may be very large) where a Party is expected.
Cleaned up initial nodes known to the identity service, in particular mock nodes now know about themselves; previously full nodes registered themselves but mock nodes did not.
* Specifically, DriverTests and WebserverDriverTests
* RPCDriver.startRpcBroker now waits for port to be unbound, as was probably intended
* Explicitly drop network map future while ensuring the error is logged
* Fix bug in demobench. Explorer didn't show correctly location of a node.
There was no nearestCity override in config.
* Remove nearestCity from node configuration. Now information about the location is always taken from
node's legal name. If not present - exception on node startup.
* Add X500Name.locationOrNull that soft fails when location is not in X500 name. Address PR comments.
* Remove unused imports.
* Construct standard flows using PartyAndCertificate, and add support for launching
flows that are constructed with PartyAndCertificate or just Party.
* Store PartyAndCertificate in network map service
* Expand identity service to store certificates along with all identities.
This removes the need to do manual registration using the PluginServiceHub. As a result CordaPluginRegistry.servicePlugins is no longer needed. For oracles and services there is a CorDappService annotation.
I've also fixed the InitiatingFlow annotation such that client flows can be customised (sub-typed) without it breaking the flow sessions.
Replace X509Certificate with X509CertificateHolder for consistency in implementation of how X.509 certificates
are managed. Using the Java standard class entails the actual implementing class being one of several options
depending how a certificate is built, which makes serialization/deserialization with Kryo inconsistent as some
of these forms cannot be directly built from outside restricted classes.