* CORDA-3194 Relax duplicate insert flow hospital handling
Revert a previous change to now make the duplicate insert staff member to
give a diagnosis of discharge or not my speciality (previously gave
terminal).
This is to prevent duplicate insert handling from overriding finality
flow error handling.
* added the warning as a TimerTask at StaffedFlowHospital#delayedDischargeTimer
* moved the scheduling of the warning task at StaffedFlowHospital#init block. That way we ensure that the task will be scheduled only once at StaffedFlowHospital initialization.
* Corrected overnight observation warning task's logging message. Changed StaffedFlowHospital#delayedDischargeTimer to the more generic StaffedFlowHospital#hospitalJobTimer since it now schedules delayed discharges tasks as well the overnight observation warning task. Removed this from property reference
* switching to fun timerTask for the instantiation of anonymous TimerTask classes
* Correct condition to log patients who are currently in the hospital, whose last record in their medical records is Outcome.OVERNIGHT_OBSERVATION. Extended logging to include treatableSessionInits staying in the hospital
* Add not empty check for patientsUnderOvernightObservation. Correct strings.
When a flow fails to retry, it should be kept in for overnight observation and aborted.
In the future, it might be possible to retry flows again that failed during their retry, but for now keeping for observation and aborting is satisfactory.
* CORDA-3194 Remove hospitalised flows from `HospitalisingInterceptor`
Small refactor to remove some of the hospital logic out of the
`HospitalisingInterceptor` and into the `StaffedFlowHospital`.
Add some comments to help clarify the purpose of the two maps inside
of the hospital.
* CORDA-3194 When a flow fails to retry force it into observation
When a flow fails to retry, it should be kept in for overnight
observation and aborted.
In the future, it might be possible to retry flows again that failed
during their retry, but for now keeping for observation and aborting is
satisfactory.
* CORDA-3194 Test for database commit failure when retrying a flow
Failing during the database commit failure that occurs after the retry
flow action does not stop the flow from actually retrying. This test
confirms this functionality.
The retried flow gets scheduled as part of the retry action. The failure
in the commit action does not prevent this since it has already been
scheduled.
* CORDA-3194 Replay start flow events when responding flow fails initial checkpoint commit
Logic has already been added to recover from initial checkpoint commit
failures on the initiating flow side but this did not suffice for
the same failure occurring on the responding flow's side.
The same idea has been added to resolve the responding flow's issue.
`ExternalMessageEvent` now has a `flowId` that is maintained on the
event. Messages can then be replayed to start/restart the flow, while
the event provides the flow id to each flow start.
Each `ExternalMessageEvent` implementation generates a random `flowId`
when constructed.
Events are stored in Artemis. This allows the solution to recover across
node restarts as the events will be pulled from artemis again when
restarting.
In the future `flowId`s will probably moved off of the events and
generated purely on the responding flow's node.
* CORDA-3194 Add test to verify that errors removing a responding flow are recoverable
* Unwrap rx.OnErrorNotImplementedException so the hospital can handle the cause appropriately
* Add db failure cordapp
* Renamed folders to avoid ambiguity in gradle
* Add integration test for exception hospitalisation when thrown from an RX observable.
* Make the test slightly cleaner
* Fix the schema to actually match the requirements for my custom state. Thanks a bunch, H2.
* Switch test to use SqlException base class.
* Schedule error event if we detect that a commit or db flush has thrown (forcing the flow to error even if customer code then goes ahead to swallow the exception)
* Revert change to schedule extra error
* Add more tests for edge case with DB exceptions, changed CorDapp to suppor this an hook in the flow hospital
* Warning about unsubscribe
Check state transitioned from clean to error for hospital admission.
* Match the test to our actual expectations
* Revert "Revert change to schedule extra error"
This reverts commit 43d47937
* Prevent suppression of errors arising in `transaction()` and `jdbcConnection()`
* Test for SqlException caught trying to escape from recordTransaction and suppressed outside being intercepted.
* More tests for various error/catch combinations
* Clean up and comments
* Code reformat
* Fix test compilation
Wrap exceptions that occur in state machine transitions with a custom exception type which is
then handled inside of the flow hospital. As part of this change, a number of side negative side
effects have been addressed.
General summary:
- `StateTransitionException` wraps exceptions caught in `TransitionExecutorImpl`
- `StateTransitionExceptions` are handled in the flow hospital, retried 3 times and then kept in
for observation if errors persist (assuming conditions below are false)
- Exceptions that occur in `FlowAsyncOperation` events are wrapped in
`AsyncOperationTransitionException` and ignored by the flow hospital transition staff member
- `InterruptException`s are given a `TERMINAL` diagnosis by the flow hospital transition staff
member (can occur due to `killFlow`)
- Allow flows which have not persisted their original checkpoint to still retry by replaying their
start flow messages
- Swallow exceptions in `AcknowledgeMessages` actions
Detailed summary:
* CORDA-3194 Add state machine transition error handling to flow hospital
Wrap exceptions that are caught in `TransitionExecutorImpl` (coming from
new errors) with `StateTransitionException`. This exception is then
handled explicitly by the flow hospital.
Add `TransitionErrorGeneralPractitioner` to `StaffedFlowHospital`. This
staff member handles errors that mention `StateTransitionException`.
Errors are retried and then kept in the hospital if the errors persist.
* CORDA-3194 Remove a fiber from the `hospitalisedFlows` if its previous state was clean
If the fiber's previous state was clean then remove it from
`HospitalisingInterceptor.hospitalisedFlows`. This allows flows that are
being retried to clean themselves. Doing this allows them to re-enter
the flow hospital after executing the fiber's transition (if an error
occurs).
This is important for retrying a flow that has errored during a
transition.
* CORDA-3194 Set `isAnyCheckpointPersisted` to true when retrying a flow
Added to prevent a single flow from creating multiple checkpoints when
a failure occurs during `Action.AcknowledgeMessages`.
More specifically, to `isAnyCheckpointPersisted` is false when retrying
the flow, even though a checkpoint has actually been saved. Due to this
a brand new flow is started with a new flow id (causing duplication).
Setting `isAnyCheckpointPersisted` to true specifically when retrying a
flow resolves this issue.
* CORDA-3194 Add Byteman test to verify transition error handling
Add `StatemachineErrorHandlingTest` to verify transition error handling.
Byteman allows exceptions to be injected at certain points in the code's
execution. Therefore exceptions can be thrown when needed inside of the
state machine.
The current tests check errors in events:
- `InitiateFlow`
- `AcknowledgeMessages`
* CORDA-3194 Swallow all exceptions in `ActionExecutorImpl.executeAcknowledgeMessages`
Swallow the exceptions that occur in the `DeduplicationHandler`s when
inside of `ActionExecutorImpl.executeAcknowledgeMessages`.
The side effects of the failures that can happen in the handlers are
not serious enough to put the transition into a failure state.
Therefore they are now caught. This allows the transition to continue
as normal, even if an error occurs in one any of the handlers.
* CORDA-3194 Wrap unexpected exceptions thrown in async operation transitions
Exceptions thrown inside of `FlowAsyncOperation.execute` implementations
that are not returned as part of the future, are caught, wrapped and
rethrown. This prevents unexpected exceptions thrown by (most likely)
user code from being handled by the hospital by the transition
staff member.
This handling might change moving forward, but it allows the async
operation to continue working as it was before transition error handling
was added.
* CORDA-3194 Verify that errors inside of `AcknowledgeMessages` work as expected
Update `StatemachineErrorHandlingTest` to correctly test errors that
occur when executing the `AcknowledgeMessages` action.
* CORDA-3194 Retry flows that failed to persist their original checkpoint
Allow a flow that failed when creating their original checkpoint (for
example - failing to commit the db transaction) to retry.
The flow will create a brand new checkpoint (as the original did not
saved).
This required adding `flowId` to `ExternalStartFlowEvent` to allow the
event to keep a record of the flow's id. When the flow is retried, the
events are replayed which trigger a flow to be started that has the
id stored in the event.
To allow this change, code was removed from `retryFlowFromSafePoint` to
allow the function to continue, even if no checkpoint matches the passed
in flow id.
* CORDA-3194 Correct `FlowFrameworkTests` test due to error handling
Test assumed that errors in transitions are not retried, this has now
been updated so the test passes with the flow succeeding after an
exception is thrown.
* CORDA-3194 Remove unneeded import
* CORDA-3194 Make the state transition exceptions extend `CordaException`
`StateTransitionException` and `AsyncOperationTransitionException` now
extend `CordaException` instead of `Exception`.
* CORDA-3194 Improve log messages
* CORDA-3194 Remove unneeded code in `HospitalisingInterceptor`
Due to a previous change, a section of code that removes a flow id
from the `hospitalisedFlows` map is no longer required. This code has
been removed.
* CORDA-3194 Constraint violations are given `TERMINAL` diagnosis
Add `Diagnosis.TERMINAL` to `StaffedFlowHospital` to allow an error
to be ignored and left to die a quick and painful death.
`StateTransitionException` changed so it does not cause serialisation
errors when propagated from a flow.
* CORDA-3194 `InterruptedExceptions` are given `TERMINAL` diagnosis
* Add GP to flow hospital, and start working on a list of things the GP knows to be incurable.
* Only hospitalise SQL and Persistence Exceptions (let's see if that is enough?), also rename to DatabaseDentist.
* Disabled hospitalisation of SQL exceptions in flow retry tests
* Fix RPC exception handling test by not using PersistenceException
* Ignore flaky integration test
* Code review: Rename staff member and add testing annotation
* Revert compiler.xml
* Added a new way for environment variables to be loaded, which allows for underscore based separation.
* Moved test to its own kotlin file.
* Added case insensitivity support.
* The corda. prefix is now case insensitive too.
* Removed unused variable.
* Added env variables support for driverDSL. Shadowing corda. properties raises an exception.
* Driver api stability fix.
* Changed type of cordapps param to reflect the real one, rather than what IntelliJ auto completed.
* Some detekt issue fixes. Spread operator removed, baselined api stability constructors and buggy line.
* Fixed misspelled variable.
* Reverted unintentional changes.
* Added suppress instead of changing baseline.
* Reworked logic to handle previously defined CORDA_ starting properties and handle accordingly. Fixed a bug where wrong class was used for reflection walking.
* Fix for detekt issues.
* Changed message to a more understandable one.
* Changelog + doc note, console error grammar.
* Changes according to PR review.
* Fixed wrong command line. Added security policy how to.
* Elaborated on security policy to mention when it applies and when not.
* Changes according to PR review.
* Magic to get jolokia version from a single place and forwarded to the docs.
* Fix for CORDA-3315. Removed default implementation of partyFromKey and replaced with implementations in IdentityService sub-types.
* Added test.
* Added missing DB transaction to append only persistent map lookup.
* Fixed not utilising the observables being returned by stateMachines added response with a notUsed(). Opening a ticket for implementation investigation.
* stateMachinesFeed will unsubscribe on interrupt rather than remaining infinitely subscribed.
* Fixed reported detekt issues on the InteractiveShell.
* Changes according to PR review.
* Capture and log "nodeInfo" persistence failures, whilst maintaining an optimistic retry mechanism.
* Additional test cases (update and insert)
* Handle both updates and inserts consistently (single transaction for happy path)
* Fix detekt violations and update baseline with false detection.
* Streamline the code a little.
* Update baseline reporting false violation.
* O/S version of fix for slow running in 4.3
* Removal of IdentityServiceInternal from test classes
* Code review comments
* O/S version of fix for slow running in 4.3
* Removal of IdentityServiceInternal from test classes
* Code review comments
* Re-baselined Detekt
* Fixed warning
* Prevent fat packaging of platform-specific JDK tools.jar (required at compile time for Java 8).
* Catch Throwable.
* Re-instate "tools.jar" in corda.jar as JRE's do not ship with this platform dependency.
* Baseline "TooGenericExceptionCaught".
* Added general exception handler for capturing and exiting on all types of Virtual Machine errors.
* Minimize additional processing (use constant string for error message).
* Remove redundant DB specific thread termination handler.
* Incorporating PR review feedback.
* Add println before halt.
* Add println before halt ... to stderr
* CORDA-3273: Replace deprecated use of Class.newInstance() for sake of DJVM. (#5522)
* ENT-4090: move startFlow into try block so exception is caught and managed (#5519)
* CORDA-3091: Move executor thread management into CordaRPCConnection (#5491)
* CORDA-3184 - Vault Query API enhancement: strict participants matching (#5524)
* Implementation of exact participant parsing for common query criteria.
* Added more unit tests + fixed a minor bug.
* Additional clean-up.
* Add documentation and changelog entry.
* Revert debug level SQL logging.
* Fix detekt errors.
* Fix docs formatting in code samples.
* Updating baseline (false positives being reported).
* Fix "Name shadowed: subRoot" code quality check.
* Fix API stability checker failures.
* Update baseline.
* TM-43 updating code style docs to reflect the addition of Detekt (#5521)
* CORDA-3226 Fix dba migration for PostgreSQL following changes in CORDA-3009 and ENT-4192 (#5529)
* Fix dta migration for PostgreSQL following changes for CORDA-3009 Invalid hash function used for PersistentIdentity in PersistentIdentityService
and ENT-4192 Identity service refactor for confidential-identities and accounts.
* Different table definition for PostgreSQL and other dbs in one changeset instead of running generic DDL and the specifically fix table in Postgres (in relation to CORDA-3009 Invalid hash function used for PersistentIdentity in PersistentIdentityService and ENT-4192 Identity service refactor for confidential-identities and accounts).
* Fix dta migration for PostgreSQL following changes for CORDA-3009 Invalid hash function used for PersistentIdentity in PersistentIdentityService
and ENT-4192 Identity service refactor for confidential-identities and accounts.
* Different table definition for PostgreSQL and other dbs in one changeset instead of running generic DDL and the specifically fix table in Postgres (in relation to CORDA-3009 Invalid hash function used for PersistentIdentity in PersistentIdentityService and ENT-4192 Identity service refactor for confidential-identities and accounts).
NotaryFlow.Client flow assumes the passed transaction is verified, which is
the case when it's invoked as a sub-flow in FinalityFlow. However,
NotaryFlow.Client can also be called directly from any custom flow, so
we need to ensure it performs transaction verification to avoid accidentally
sending an invalid transaction to a non-validating notary.
* CORDA-3232: Make backward compatible RPC client changes
Such that it will be able to talk to new and old server versions.
* CORDA-3232: Make backward compatible RPC server changes
Such that it will be able to talk to new and old client versions.
* CORDA-3232: Trick Detekt
* CORDA-3232: Integration test for multi-interface communication.
* CORDA-3232: Add legacy mode test.
* CORDA-3232: Making Detekt happier
* CORDA-3232: Fix Detekt baseline after merge with `4.3` branch
* CORDA-3232: Incrementing Platform version
As discussed with @lockathan
* CORDA-3232: Fix legacy test post platform version increment
* CORDA-3232: Use recursive logic to establish complete population of method names
* Revert "CORDA-3232: Incrementing Platform version"
This reverts commit d75f48aa
* CORDA-3232: Remove logic that conditions on PLATFORM_VERSION
* CORDA-3232: Making Detekt happier
* CORDA-3232: Few more changes after conversation with @mnesbit
* CORDA-3232: Make a strict match to `CordaRPCOps` on client side
Or else will fail:
net.corda.tools.shell.InteractiveShellIntegrationTest.dumpCheckpoints creates zip with json file for suspended flow
Flagging that `InternalCordaRPCOps.dumpCheckpoints` cannot be called.
* CORDA-3232: Address PR comments by @rick-r3
* CORDA-3232: Address further review input from @rick-r3
* Change the way how methods stored in the map;
* Extend test to make sure that `CordaRPCOps` can indeed be mixed with other RPC interfaces.
* Generalise participant parsing code & additional test cases.
* Use a common predicate to expand the participants query (when specified more than once - eg. in fungible and linear query criteria).
* Introduce some re-usable functions.
* Additional code clean-up and improvements.
* Fix detekt MaxLineLength errors.
* Do a proper check for whether the quasar agent is active instead of sniffing JVM args
* Use JavaAgent.isActive instead of SuspendableHelper.isJavaAgentActive for clarity
* Removed IdentityServiceInternal as it is no longer used.
* Removed externalIdForPublicKey API from KMS and added it to IdentityService.
Added a registerKeyToExternalId API on IdentityService.
* Fix remaining compile errors.
* Removed "registerKeyToParty" and in its place added a new registerKey method which takes a PublicKey, Party and optionally a UUID.
Added a cache to the "PersistentIdentityService" to store other node's public keys.
Added the cache and new hibernate entity to all teh places where one needs to add them.
New keys created by teh node now automatically get associated entries in the KEY -> PARTY map and optionally the KEy -> EXT ID map.
Added a test.
* Removed old comments and TODOs.
* Fixed broken test.
Added comments/explanations for what's going on in IdentityService.
Updated kdocs.
* First try at Implementing publicKeysForExternalId.
* Fixed broken test.
* Added migration.
Amended existing persistent identity service migration to handle new migration.
Addressed some review comments.
* Fixed broken test - whoops!
* Implemented mock identity service methods.
* Added back exception when remapping a key to a different party.
* Fixed compile errors.
Fixed broken tests.
* Use set instead of first entry in ourNames.
Added logging during the processing steps of the PersistentUniqunessProvider and the RaftUniquenessProvider
Bumped up logging level of existing logging statements that occur while processing from debug to info
Added mention of txId to logging statements to enable a request to be traced through from the time it is added to the queue to the time that it is committed.
* CORDA-3200 Add postgres specific migration to change from @Lob to @Type(type = corda-blob)
* CORDA-3200 Remove unwanted changes
* CORDA-3200 Change column length to 64000 for long cert chains
* CORDA-3133 [v1]
This proposal is a little more flexible by design. It adds a property to the state pointer class, allowing them to be referenced in transactions on a per-state-pointer basis.
* CORDA-3133
- Updated `resolveAtTransaction` to `isResolved`.
- Moved `isResolved` out of the constructor into an abstract property.
- Added deprecation constructor declaration for backwards compatibility.
* CORDA-3133 (version 2)
- Added required changes to state pointers as per PR comments.
- Added unit tests to ensure isResolved can be used to configure when state pointers should be resolved to reference inputs.
* CORDA-3133 (version 2)
- fixed unit tests.
- added comment to changelog.rst.
- added helper functions to `StatePointer` to allow easier creation of static and linear pointers.
Allow node operators to blacklist signing keys (using blacklistedAttachmentSigningKeys config option). These blacklisted keys prevent attachments that are received over the network from being trusted. The docs have been updated to detail how to generate the key hashes that the config requires.
A new shell command attachments trustRoots has been added to see what attachments exist on the node along with information about their trust and where it comes from.
run dumpCheckpoints has been replaced by checkpoints dump as InternalCordaRPCOps needed to change to prevent a function that is meant to be internal from being visible on the shell.
* CORDA-3200 Use PersistentIdentityMigrationBuilder instead of schema and correctly name table using node prefix
* CORDA-3200 Remove hacky test migration from PersistentIdentityMigrationNewTable into a unit test to fix postgres failure
* Split integration tests
* add simple example of printing all methods annotated with @Test
* add docker plugin to root project
remove docker plugin from child projects
add Dockerfile for image to use when testing
add task to build testing image to root project
* add comment describing proposed testing workflow
* simple attempt at running tests in docker container
* add my first k8s interaction script
* add fabric8 as dependnency to buildSrc
* before adding classpath
* collect reports from containers and run through testReports
* re-enable kubes backed testing
* for each project
1. add a list tests task
2. use this list tests task to modify the included tests
3. add a parallel version of the test task
* tweak logic for downloading test report XML files
* use output of parallel testing tasks in report tasks to determine build resultCode
* prepare for jenkins test
* prepare for jenkins test
* make docker reg password system property
* add logging to print out docker reg creds
* enable docker build
* fix gradle build file
* gather xml files into root project
* change log level for gradle modification
* stop printing gradle docker push passwd
* tidy up report generation
* fix compilation errors
* split signature constraints test into two
* change Sig constraint tests type hierarchy
* tidy up build.gradle
* try method based test includes
* add unit test for test listing
* fix bug with test slicing
* stop filtering ignored tests to make the numbers match existing runs
* change log level to ensure print out
* move all plugin logic to buildSrc files
* tidy up test modification
add comments to explain what DistributedTesting plugin does
* move new plugins into properly named packages
* tidy up runConfigs
* fix compile errors due to merge with slow-integration-test work
* add system parameter to enable / disable build modification
* add -Dkubenetise to build command
* address review comments
* type safe declaration of parameters in KubesTest
* Added an additional property on VaultQueryCriteria to specify an externalId/accountId when performing a vault query.
Added logic in hibernate query criteria parser to handle the exernalId join and lookup.
Added a test.
* Fixed error in test.
Fixed backwards incompatible changes.
* Updated changelog.
* Updated docs to remove incorrect instructions for querying by external ID.
* Added small poc changes to accommodate requested permissions.
* Added node user that can only start flows and has the neccessary permissions.
* Fixed type in the rpc unit tests.
* Finaliase wildcard RPC permissions, remove builtin maintainer/nodeuser roles
* Tidy up
* migrate PersistentIdentityService to use key.toShortString()
update definition of PublicKeyToExternalId mapping to allow fast lookup by externalId/publicKey
* fix misspelled table name
* add test of migration script
* add design document for proposal to move IdentityService to using the correct PK.toStringShort() method for hashing a publickey
* add enterprise testing considerations to design
* address review comments
* fix compilation errors
* modify PublicKeyToOwningIdentityCache to use toStringShort() as it's lookup key
* address syzmon's code review comments
Merged release/4 (Corda OS version 4.1) into a branch created from master (Corda OS version 4.3)
Conflicts:
build.gradle
client/rpc/src/main/kotlin/net/corda/client/rpc/internal/ReconnectingCordaRPCOps.kt
common/logging/build.gradle
common/logging/src/main/kotlin/net/corda/common/logging/CordaVersion.kt
constants.properties
core-tests/src/test/kotlin/net/corda/coretests/utilities/ProgressTrackerTest.kt
core/src/main/kotlin/net/corda/core/transactions/TransactionBuilder.kt
docs/source/api-contract-constraints.rst
docs/source/api-stability-guarantees.rst
docs/source/app-upgrade-notes.rst
docs/source/changelog.rst
docs/source/clientrpc.rst
docs/source/conf.py
docs/source/corda-network/UAT.md
docs/source/getting-set-up.rst
docs/source/network-builder.rst
docs/source/upgrading-cordapps.rst
docs/source/versioning.rst
node/src/integration-test/kotlin/net/corda/node/services/rpc/RpcReconnectTests.kt
serialization/src/main/kotlin/net/corda/serialization/internal/amqp/PropertyDescriptor.kt
serialization/src/main/kotlin/net/corda/serialization/internal/model/LocalTypeInformationBuilder.kt
tools/network-builder/src/main/resources/node-Dockerfile
tools/network-builder/src/main/resources/notary-Dockerfile
- Handle errors in Jackson and checkpoint deserialisation. A file
notifying the user that the checkpoint dump failed is created when
errors occur.
- Handle message deserialisation errors. A string placeholder is used
if an error occurs.
- Add more information about subflows (include their `FlowLogic`)
- Increase clarity in checkpoint output field names
* CORDA-3904 Add `flowCallStackSummary`
Add `flowCallStackSummary` to the output which contains the same content
as `flowCallStack` minus each subflow's `FlowLogic`. The `FlowLogic`
contains a ton of info which is normally repeated in each subflow.
Adding the summary gives an overview of the steps the flow executed
and which step it is currently on.
The `suspendedOn` field is put underneath the summary and the original
call stack is moved below the suspended info.
This puts the most useful information towards the top of the json file.
* CORDA-3018 Allow loading an untrusted contract jar if another attachment exists that was signed with the same keys and uploaded by a trusted uploader
`TransactionUtils.isAttachmentTrusted` requirements have been relaxed
to allow an untrusted attachment to be loaded as long as another
attachment exists that is signed by the same keys and was uploaded
by a trusted uploader.
The requirement of containing the same contract classes has been
removed. Therefore the contents of the existing trusted attachment
no longer matters.
* CORDA-3018 Allow a subset/intersection of signers in `isAttachmentTrusted`
Allow a subset/intersection of signers to satisfy the signer
requirements of `isAttachmentTrusted`. This allows an "untrusted"
attachment that is signed by one or more keys to be "trusted" as long
as another trusted attachment already exists that is signed by at least
one of the "untrusted" attachments signers.
A cache of trusted and untrusted public keys is now held (replacing the
previous cache of `List<PublicKey>`.
Tests have been added to `NodeAttachmentServiceTest` to confirm that
an attachment query using an `EQUAL` statement will actually return
attachments that are signed by any of the keys passed into the query.
Confirming this allowed an `EQUAL` query to satisfy the search that
had to be done as part of this change.
`MockAttachmentStorage`'s query criteria was updated to better match
the real `NodeAttachmentService` implementation.
* CORDA-3018 Update cache name and kdoc on `isAttachmentTrusted`
* CORDA-3018 Verify that chains of trust do not occur
* CORDA-3018 Switch keys around to improve chain of trust tests
* [ENT-3801] Store transactions in the database during transaction resolution (#2305)
* ENT-3801: Store downloaded txns as part of the backchain resolution into the db rather than the checkpoint
It's very inefficient to store the downloaded backchain in the checkpoint as more of it downloaded. Instead, if a threshold is reached (which currently defaults at 0) then the backchain is stored in the transactions table as unverified. A new is_verified column has been added to track this. Initially testing on the OS codebase has been very promising but unfortunately this current code is not quite ready. I had to quickly port it to ENT as this is meant to be an ENT-only optimisation.
To that effect, there is a TransactionResolver abstraction with two implementations: an in-memory one which has the old behaviour, and which will be the behaviour for OS, and a db one.
DBTransactionStorage hasn't been fully updated and I had to comment out the optimistic path for now.
Most of these changes will need to be ported to OS to keep the merge conflicts in check, but obviously not DbTransactionsResolver and the "is_verified" changes in DBTransactionStorage. DBTransactionStorage does have other refactoring which will make sense to port though.
* [ENT-3801] Start work on allowing modifications in AppendOnlyPersistentMap
* [ENT-3801] Add transaction resolver tests
* [ENT-3801] Adjust suspendable annotations
* [ENT-3801] Fix the ResolveTransactionFlow tests
* [ENT-3801] Update ResolveTransactionsFlow tests
* [ENT-3801] Add a liquibase migration script for isVerified
* [ENT-3801] Ensure the migration runs in the correct place
* [ENT-3801] Handle resolution of already present transactions
* [ENT-3801] Fix compile error in performance test app
* [ENT-3801] Logging and comment updates, plus a test case
* [ENT-3801] Add a notary change resolution test
* [ENT-3801] Add a contract upgrade transaction test
* [ENT-3801] Change new column to be a character based status
* [ENT-3801] Migration script type change
* [ENT-3801] Address first round of review comments
* [ENT-3801] Update variable names in AppendOnlyPersistentMap
* [ENT-3801] Another variable name clarification
* [ENT-3801] Fix missing name changes
* [ENT-3801] Make the signature list immutable when constructing cache value
* [ENT-3801] Add a locking strategy for unverified transactions
* [ENT-3801] Address tidying up review comments
* [ENT-3801] First attempt at ensuring locks are released after commit
* [ENT-3801] Remove references to old cache name
* [ENT-3801] Update locking logic
* [ENT-3801] Fix potential deadlock with read/write transaction locks
* [ENT-3801] Remove read locks, and ensure minimal extra suspends
* [ENT-3801] Fix build issues in tests
* [ENT-3801] Use the correct clock when calculating sleep durations
* [ENT-3801] Add a pessimism flag for writing verified transactions
* [ENT-3801] Change logging statement to debug
(cherry picked from commit 8ab6a55e17)
* [NOTICK] Fix up imports for some changed files
* [NOTICK] Fix transaction resolution tests
* [NOTICK] Reinstate the DBTransactionsResolver
* [NOTICK] Add the topological sort back to recordTransactions
* [NOTICK] Adjust test case to remove dependency on query ordering
* [NOTICK] Make test code match that in ENT
* CORDA-2617: Add failover listeners to terminate node process
This is a backport of changes done in Corda Enterprise.
It will be triggered in case of:
a) Loss of connectivity to in-built Artemis for Bridge Control;
b) Loss of connectivity to in-built Artemis for P2P connectivity.
Note on merge to CE: Disregard these changes and take whatever CE already has.
* CORDA-2617: Update documentation on stability of Corda Node
* CORDA-2617: Documentation update after discussion with @mnesbit
* parallelize download of nodeInfos
* actually call new list based addNodes method
* address review comments
fix NetworkMapUpdaterTest
* ensure threadpools are shutdown after network-map download is completed
* use NamedThreadFactory instead of re-implementing it.
* fix imports after rebase
* address review comments
* remove extra whitespace
* Initial commit based on experimental kryo hook agent.
* WIP
* Added documentation.
* Additional improvements and documentation following more testing.
* Added field level instrumentation + basic type handlers for String, byteArray, charArray, primitive types.
* Working version (without array type handling)
* Missing build.gradle file.
* Handle display of Arrays and String.
Pruning output to avoid repetition (by loop depth, object count).
* Added configurable StackDepth (for display purposes) and filter out ProgressTracker stacks.
* Further array handling (Object arrays, 2D, 3D), improved display and general code cleanup.
* Various fixes and improvements following demo to RP.
* Clean-up
* Further clean-up
* Set checkpoint id before deserialization.
* Update documentation
* Final clean-up.
* Minor documentation fixes.
* Updates following PR review feedback.
* Add changelog entry.
Change to `SingleThreadedStateMachineManager`.
Instead of throwing an exception when a flow's fiber cannot be found,
just log the message at info level.
(cherry picked from commit 70b2a94fda)
Allow Hash Constraints to propagate to Signature Constraints. When
propagating, the new jar is added to the transaction instead of the
original contract attachment (jar).
The following requirements must be met to do so:
- System property "net.corda.node.disableHashConstraints" must be set
to `true`
- The min platform version must be 4 or greater
- There must be an input state with a hash constraint
- There must be no output states with a hash constraint
- The new jar must be signed
If these requirements are not met, the original Hash
Constraint will be kept and the contract attachment related to it is
also used.
This transition is done at the start of `handleContract` as it is not
the normal path a transition would follow. It is considered a backdoor
and should be treated separately from the rest of the attachment and
constraint logic. Furthermore, it will only work in private network
since all nodes must set the special `disableHashConstraints` flag.
* Fix test execution flakiness on fast hardware: set node info polling interval to 1 second in DriverDSL Node Startup (was only being set to 1 sec in Node Registration). Follow-up to https://github.com/corda/corda/pull/5240
* Diagnostics: add additional logging to NodeInfoFilersCopier.
* Diagnostics: add additional logging to NodeInfoWatcher
* Downgrade logging level severity to debug.
* Make atomic counter unique across instances.
Change to `SingleThreadedStateMachineManager`.
Instead of throwing an exception when a flow's fiber cannot be found,
just log the message at info level.
When set to true the RPC client will:
* automatically reconnect when the connection is broken
* simple RPC calls will block until connection is established
* Observables returned from RPC will automatically resubscribe on reconnect so the client continues to receive events. This doesn't guarantee that events will not be lost during the reconnect.
As a general purpose API, allPersisted should not be loading the entire contents of the database table into memory. Instead now it returns a Stream for processing of elements.
* CORDA-3028: Add Node Diagnostics Info RPC Call - Backport a diff from Corda ENT
* CORDA-3028: Add Node Diagnostics Info RPC Call - Rename a value for consistency
* CORDA-3028: Add Node Diagnostics Info RPC Call - One more change
* Moved core.flows and core.contract tests
* move internal tests
* move node, schemas and serialization tests
* Move transactions tests
* Move test access helper into test package
* Move remaining tests, and create access helpers to test internals.
* Fix test dependencies.
* Delete some cruft that flagged up on the API checker
* Add readme explaing where tests need to go.
* fix typo
* add a shared memory port allocator to allow multiple processes to share a single allocation pool
* remove dangerous reset function on port allocator
* set forkCount = 2 in node integration test
* only allow one build of a cordapp at any given time for Driver tests
* make all portallocation requests use same starting point
* globally set forks to 6
* tweak forking parameters to allow parallel builds
* tweak unit test parallelism
* 2 workers for integrationTest
* some more tweaks for parallel builds
* some more tweaks for parallel builds
* seems that 49K is not the start of ephemeral ports on all kernels
* tweak parallel settings
* try fix RPC shutdown test in parallel env
* add some logging for RPC shutdown test
* added some logging around PortAllocation tests - try figure out where they are getting stuck
* added some logging around PortAllocation tests - try figure out where they are getting stuck
* fix api-scanner tests
* minimize api changes
* revert to complying with existing API
* add the AtomicInteger for api compatibility reasons
* make sizing script executable
* address review comments pt1
* address review comments pt2
* fix compile errors after review comments
* return to using home dir as temp dir seemed to interact badly with gradle
* CORDA-3021: Introduce `SignOnlyCryptoService` and use it whenever possible
Also modify `CryptoServiceFactory` to show how sign only implementation can be created.
* CORDA-3021: Undo some of my earlier changes
Which after discussion with @dimosr and @fowlerrr proven to be contradictory.
Dumps all the node's checkpoints as JSON into a single zip file in the node's directory. The output contains:
* All the fields for the top-level flow
* The current sub-flow call stack, along with the current progress tracker step for each sub-flow
* The event that suspended the flow, which if it's a send or sendAndReceive will show the payload that was sent
* Low level information on the active sessions with other peers
* Initial commit with a test that can detect a logger that isn't initialised with by lazy that gets called during startup.
* Test improvement. Test fix for api stability.
* Added explanatory comment for the test.
* Changes according to PR review. Added empty file check to make test more robust.
Party and AnonymousParty have been retrofitted to implement this interface and are currently the only supported types. A new FlowLogic.initiateFlow(Destination) method overload to easily support the addition of new destination types in future versions.
To prevent making `dumpCheckpoints` part of the public API a new
interface, `InternalCordaRPCOps` has been created and the function
has been moved there. `InternalCordaRPCOps` inherits from
`CordaRPCOps`.
`CordaRPCOpsImpl` now implements `InternalCordaRPCOps`.
`RunShellCommand` and `StringToMethodCallParser` required additional
changes due to issues handling inherited functions. This has only been
raised now due to `InternalCordaRPCOps` inheriting from `CordaRPCOps`.
Many classes have had references to `CordaRPCOps` changed to
`InternalCordaRPCOps`.
* ENT-3642: move the crypto service builder method to node-api
* ENT-3642: add arg for different crypto services
* ENT-3642: add arg for cryptoservice config
* ENT-3642: add null check for BCC requirement
* ENT-3642: remove double-bang operator
* ENT-3642: cryptoservice factory method moved to its own class, improve API
* ENT-3642: remove import
Store the flow dump zip in the logs directory.
Only allow one dump to be created at a time. This is protected by
using a `AtomicInteger` lock and checking for the zip's existence.
* Revert usage of Gradle 5 useJUnitPlatform() which causes significant test execution performance degradation.
* Remove completely top-level Java CordaCaplet unit tests causing consistent TC failure on Azure VMs:
java.security.NoSuchAlgorithmException: no such algorithm: NONEwithEdDSA for provider BC
* Added periodic message logged from a timer which is switched on and off by the node drain events.
* Timer also spawns on start() to ensure that if a node is shutdown in draining mode and started with it, it will continue logging messages.
* Reduce test execution times by explicitly configure quasar package exclusions (using new quasar util extension introduced in Corda gradle plugins 5.0.1-SNAPSHOT).
* Remove SNAPSHOT from Corda gradle plugins version identifier.
* Incorporating PR review feedback from CR.
* Minor consolidation clean-up.
* Minor consolidation clean-up.
* Minor consolidation clean-up.
Dumps all the node's checkpoints as JSON into a single zip file in the node's directory. The output contains:
* All the fields for the top-level flow
* The current sub-flow call stack, along with the current progress tracker step for each sub-flow
* The event that suspended the flow, which if it's a send or sendAndReceive will show the payload that was sent
* Low level information on the active sessions with other peers
* CORDA-2838 Set Artemis memory config.
* CORDA-2838 Cannot have page size larger than max size.
* CORDA-2838 Use real slow consumers. Need to see if the old config settings can work with a global limit to avoid this.
* What went wrong:
Caused by: org.gradle.api.GradleException: failed to read class file /Users/josecoll/IdeaProjects/corda-jdk11/node/build/classes/java/test/net/corda/node/services/events/FlowLogicRefFromJavaTest$JavaNoArgFlowLogic.class
* Upgrade gradle wrapper to Gradle 5.0
* Upgrade to use locally deployed version of Capsule plugin (using Gradle 5.0)
* Upgrade to use Corda Gradle Plugins 5.x (inclusive of Gradle 5.0 compatibility fixes)
* Fix compile-time problems resolving log4j packages.
* Update to use Artifactory deployed version of Capsule plugin (using Gradle 5.0)
* Upgrade to use Gradle 4.2.1 (excluding default memory setting change: command line client now starts with 64MB of heap instead of 1GB.)
* Added explicit compile-time dependency on 'de.jensd:fontawesomefx-commons:8.13' (compile-time error in tools:explorer without)
* Update "wrapper" gradleVersion to 5.4.1
* Update Capsule plugin version label to reference R3 forked build.
* Commit all gradle upgrade changes following: ./gradlew wrapper --gradle-version 5.4.1
* Increase maximum heap memory for Test tasks to 1GB, and upgrade build-scan plugin to 2.2.1.
* Increase Test tasks' maximum memory to 1.5GB - what could go wrong?
* Up maxHeapSize to 2g for gradle test runner (global setting).
* Added explicit compile-time dependency on 'de.jensd:fontawesomefx-commons:8.13' (compile-time error in tools:demobench without)
* Added forkEvery for node Unit tests.
* Up :node test task 'forkEvery' to 10.
* TC test execution tuning (:core, :node => forkEvery 10, default JVM heap size)
* TC test execution tuning (bump JVM heap size up to 1g for :node)
* TC test execution tuning (bump JVM heap size up to 1.5g for :node)
* TC test execution tuning (re-instate global JVM heap size of 1Gb)
* TC test execution tuning (re-instate JVM heap size of 2Gb for :node)
* Update Corda Gradle plugins to 5.0.0
* Updated plugin resolution order + renamed artifactory URL to use "software.r3.com"
* Reorder plugin resolution such that mavenlocal() is always queried first.
This allows a different signed version of the same CorDapp to be automatically trusted.
This reverts "[CORDA-2575] Allow users to whitelist attachments by public key config (#5035)"
When a `UnexpectedFlowEndException` or a `FlowException` is received the
peer that the exception was thrown from will be added to the stacktrace.
This is due to it being easier to see and a field that developers
are much less likely to override.
A nullable field `peer` has been added to `FlowException` and
`UnexpectedFlowEndException`. This is read later on (when peer info
is not available) to append the peer info to the stacktrace.
* Initial version of new(old) dialog that won't print a stacktrace for rpc exceptions.
* Decoupled CordaVersionProvider. Moved common files to common-logging to lower dependencies on the node explorer.
* Removed unused import and duplicate documentation comment.
* Moved error code rewrite policy in the new common/logging module according to PR review.
* Removed extra line.
* Updated log4j configurations with new package name where logging policies will be contained.
* Included common-logging module with cliutils.
* setting non existant base directory now yields suitable error message
* corrections to missing base directory message and comments added for clarity
* added check for valid base directory before node loggin and bootstrapping
* removed uneeded import
* quantum computer joke back by popular demand and not back at the same time
A test was failing due to `assumeFalse` (to stop a test running on windows)
being inside of a `assertThatExceptionOfType` block. The exception it
threw was consumed by the block instead of junit.
If a single whitelisted constraint is being used by input states and the version of the cordapp changes + is signed, then the constraint will transition to a signature constraint.
When a `UnexpectedFlowEndException` or a `FlowException` is received the
peer that the exception was thrown from will be added to the stacktrace.
This is due to it being easier to see and a field that developers
are much less likely to override.
A nullable field `peer` has been added to `FlowException` and
`UnexpectedFlowEndException`. This is read later on (when peer info
is not available) to append the peer info to the stacktrace.
`ExceptionSerialisingRpcOpsProxy` was removing information about the
original exception in dev mode. This code has been removed. Although
there is no check in `ExceptionSerialisingRpcOpsProxy` for dev mode
(and also due to it being about serialising),
`ExceptionMaskingRpcOpsProxy` will handle the removal of exception data
in non dev mode (production mode).
* [CORDA-2522] Improve error reporting around failed flows (#5000)
* Improve error reporting around failed flows
* Fix an index to start from 1 when printed
* Address first set of review comments
(cherry picked from commit 24699cd7f4)
* [CORDA-2522] Follow up changes to error reporting around failed flows (#5006)
* Follow up changes to error reporting around failed flows
* Have FinalityDoctor report stack trace
* Revert changes to the DumpHistoryOnErrorInterceptor
(cherry picked from commit 2da597a5b7)
* Follow up changes to error reporting around failed flows
* Have FinalityDoctor report stack trace
* Revert changes to the DumpHistoryOnErrorInterceptor
* Initial version of new(old) dialog that won't print a stacktrace for rpc exceptions.
* Decoupled CordaVersionProvider. Moved common files to common-logging to lower dependencies on the node explorer.
* Removed unused import and duplicate documentation comment.
* Moved error code rewrite policy in the new common/logging module according to PR review.
* Removed extra line.
* Updated log4j configurations with new package name where logging policies will be contained.
* Included common-logging module with cliutils.
* setting non existant base directory now yields suitable error message
* corrections to missing base directory message and comments added for clarity
* added check for valid base directory before node loggin and bootstrapping
* removed uneeded import
* quantum computer joke back by popular demand and not back at the same time
* CORDA-2813 Add DbException handler to terminate process when the DB goes away or gives up.
Also add a helper to terminate the node and use it instead of calling Runtime.halt() in random places.
* CORDA-2813 Address threading/blocking concerns raised during review
* Tests for custom registry restrictions
* ENT-3121 restrict custom serialisation
* Remove redundant code
* Only count declared annotations
* Check annotation on superclasses, remove annotation from ByteArray
* Forbid custom serialization of primitive types
* Remove @CordaSerializable from another class that is always handled by custom serialisation
* Add log warnings to aid diagnosis of custom serialization issues
* Remove another annotation
* Remove another annotation
* Remove another annotation
* Remove another annotation
* Fixup api-current
* Fixup api-current
* KDocs on exceptions
Addressed review comments - removed nested if and added parameter name for the usage of requiresCertificates.
Removed unnecessary import and white space.
Normally, these requests are left unacknowledged in the MQ broker to allow recovery via installing the missing CorDapp. If this is not applicable then the request be dropped (and the other side informed of the error).
While the node is starting up, we now check for the presence of the certificates directory. This allows us to print out an easily understandable error message if the directory is not present. An exception is made for devMode, as devMode will result in the directory being created in any case.
* ENT-3057: Log hibernate warns and errors in different log
If a hibernate error occurs (deadlock, for example) that would cause a flow to be sent to the hospital, hibernate logs the warnings and errors before we do. This results in duplication in the logs, and pollutes the log. To solve this, we create a new log appender named diagnostic-{node-name}.log and log any org.hibernate messages of warn and above to that file. This way, messages are not lost, which means that the information can be retrieved if need be.
* Corrected indentation of comment (changed tab to space)
* Updated node-administration document to mention diagnostic logging change
* Fixed integration test. It was breaking because it was fetching the first log file in the folder, assuming there would be only one. This assumption is now invalid because the diagnostic log file that was introduced. Two tests were found that used similar logic to find a log file to examine, hence both were corrected to look for log files beginning with "node"
* Updated documentation as per review comments.
Add a cache for notary identities in the PersistentIdentityService. This
solves a reported problem where notary identity lookup fails if its network
map entry is missing, which results in an exception when trying to insert
a state into the vault after recording a transaction.
Test if we have access to the logging path (baseDirectory/logs) before attempting to write to them. This allows us to shut down gracefully with an easily understandable error message.
Without doing this, the log4j2 will attempt to access the logPath when it first uses the logger in the call() function.
* CORDA-2629: Provide a better error msg when notary type misconfig
If a notary service is misconfigured with the type (either validating or not validating) stored in the node's configuration not matching that advertised in the network map cache, the notary will throw an exception and fail on startup.
Previously, this misconfiguration would result in an exception being thrown when attempting to notarise a transaction. This change results in the exception being thrown at node startup and the node operator being aware of the misconfiguration earlier.
* Corrected exception message when the notary does not have a party
* Changed exception message to include configured and advertised values.
Fixed unit test that was failing because of the new check.
* Plumb through the crlCheckSoftFail configuration option to bridge manager
* Add crlCheckSoftFail test to bridge manager and fix equivalent proton wrapper test
* Update documentation and set the node configuration default to true
* Revert default change and clarify consequences of setting option to false
* Remove NodeConfiguration default to leave only AMQPConfiguration default
There's a bug with the ServiceLoader which leaks a file handle to the app jar on shutdown. This causes an issue if a mock node is restarted in Windows. To avoid the problem completely we no longer overwrite any existing jars, as the jar to be copied will be same anyway.
(cherry picked from commit 0038a86481)