Commit Graph

10257 Commits

Author SHA1 Message Date
Rick Parker
8bb02c63f0
ENT-1161 Notary load testing flow (#175) 2017-12-13 14:34:01 +00:00
Ross Nicoll
e309095ad4
Add sanity check that unlimited strength policy is installed (#183)
* Add sanity check that unlimited strength policy is installed
* Add HSM keys to ignore list
2017-12-13 11:21:22 +00:00
Viktor Kolomeyko
4aa2a8ea18
ENT-1240: Only add IOUView when applicable. (#189) 2017-12-13 10:30:26 +00:00
Ross Nicoll
a5ca027d54
Clean up HSM launch (#177)
* Add basedir to HSM configuration
* Add run instructions to the Readme.md
* Correct help messsage display for HSM Doorman
2017-12-13 09:54:34 +00:00
Ross Nicoll
96d8ec9640
Dynamically add BouncyCastle provider (#185) 2017-12-12 17:07:35 +00:00
Chris Rankin
2725f53ef5
ENT-1074 - Proof-of-concept ISV for SGX remote attestation (#161)
* Initial WIP.
* Configure IAS host via system properties.
* Create separate Gretty configurations for testing and for IAS.
* (WIP) Separate configuration values from WAR; Add msg3 -> msg4 handling.
* Check the IAS report's cryptographic signature.
* Accept CertPath from IAS instead of a Certificate.
* Validate the certificate chain for the IAS report.
* Refactor response handling, and add a secret to Message4.
* Append public DH keys to generated shared secret.
* Use DH secret to generate a 256 bit AES key.
* Fix runISV Gradle task so that it creates WAR file.
* Migrate MockIAS service into a separate package.
* Remove unused aesCMAC field from Message3.
* Configure HTTP sessions to expire after 10 idle minutes.
* Ensure we select the "isv" key for MTLS with Intel Attestation Service.
* Set key alias for Intel's public certificate.
* Implement GET /attest/provision endpoint.
* Use elliptic curves for Diffie-Hellman keys.
* Pass public keys as Little Endian byte arrays without ASN.1 encoding.
* Add AES-CMAC signature to Message2.
* Remove signature fields from QUOTE body for sending to IAS.
* Add a dummy AES-CMAC field to Message3 for later validation.
* Generate AEC-CMAC for Message 3, and refactor crypto functionality.
* Calculate AES-CMAC using AES/CBC/PKCS5Padding algorithm.
* Use BouncyCastle's AESCMAC algorithm for MAC calculation.
* Include standard crypto test vectors to the unit tests.
* Encrypt MSG3 secret using AES/GCM/NoPadding with 128 bit key.
* Hash shared key with Little Endian versions of public keys.
* Refactor so that hexToBytes() is a utility.
* Simplify signing of MocKIAS report.
* Separate AES/GCM authentication tag from the encrypted data.
* Create /ias/report endpoint for ISV which proxies IAS.
* Remove unnecessary @Throws from MockIAS handlers.
* Log HTTP error status from IAS.
* Replace runISV task with startISV and stopISV tasks.
* Refactor tests to use CryptoProvider @Rule instead of @Suite.
* Move Web server for integration tests to use non-production ports.
* Add proxy endpoint for IAS revocation list.
* Generate an ECDSA "service key" for signing (gb|ga).
* Generate a persistent key-pair for the ISV to sign with.
* Verify the (Gb|Ga) signature from Message2.
* Add debugging aids.
* Fix Gradle warning.
* Remove TLV header from Platform Info Body for MSG4.
* Small tidy-up.
* Use SPID "as-is" when calculating CMAC for MSG2.
* Add DEBUG messages for MSG2's KDK and SMK values (AES-CMAC).
* Add DEBUG logging for ECDH shared secret.
* More DEBUG logging.
* The ECDH shared secret *is* the x-coordinate: no need to subrange.
* Adjust MockIAS to return an empty revocationList for GID 0000000b.
* Fix ArrayOutOfBoundsException for "small" integer values.
* Test MSG1 with empty revocation list.
* Add extra logging for IAS report request.
* ReportResponse object cannot be null.
* Fix misreading of spec - don't remove quote's signature when requesting report from IAS.
* Log invalid contents of X-IAS-Report-Signing-Certificate HTTP header.
* Build CertPath for IAS from explicit list of Certificates.
* Rename quote fields on IAS ReportResponse to match Intel.
* Log report ID and quote status from IAS.
* Add a revocation list checker to the certificate path validator.
* Tweak revocation list options, depending on IAS vs MockIAS.
* Extract Intel's certificate specifically by alias for PKIX.
* Tune quote body returned by MockIAS.
* Add AES-CMAC field to Message4 for validation.
* Increase GCM authentication tag to 128 bits.
* Receive platformInfoBlob from IAS as hexadecimal string.
* Generate secret encryption key using KDK and SK values.
* Marshall platformInfoBlob between Base16 string and ByteArray.
* Interpret status results from IAS as enums.
* Use lateinit for HttpServletRequest field.
* Refactor ExceptionHandler out of messages package.
* Alias is for ISV, so rename it.
* Refactor classes into more correct packages.
* Use random 96 bit IV for GCM encryption.
* Parameterise HTTP/HTTPS ports via Gradle.
* Do not forward a securityManifest containing only zeros to IAS.
* Address review comments.
* Review comment: Use NativePRNGNonBlocking for SecureRandom.
* Rename isv.pfx to isv-svc.pfx
* Rename keystore to isv.pfx, for clarity.
* Update scripts so that they no longer require user input.
* Generate isv.pfx from the key and certificates.
* Remove private key from repository.
* Declare an empty PSE Manifest to be invalid.
* Generate keystores "on the fly".
* Rename integration tests to end in "IT" instead of "Test".
* Add README
* Turn remote-attestation into a separate Gradle project.
2017-12-12 13:34:26 +00:00
szymonsztuka
1fc200efa7 Add db integration to new tests (#180) 2017-12-12 10:17:07 +00:00
josecoll
3dd524c6fd
Merge pull request #170 from corda/colljos-os-hc01-merge-111217
Merge OS->Enterprise for HC01
2017-12-11 14:17:36 +00:00
josecoll
bc488cc254 Fix broken integration test in Samples. 2017-12-11 13:27:38 +00:00
josecoll
26829b9202 Remove Doorman and its dependency on OS branch. 2017-12-11 12:49:34 +00:00
josecoll
16ef2df1d5 Added missing RigourousMock assertions. 2017-12-11 12:23:14 +00:00
josecoll
d984b4722e Re-enable perftestcordapp and jmeter - fix compilation errors caused by MockServices and DriverDSL refactoring. 2017-12-11 11:42:53 +00:00
josecoll
da4d64048f Temporarily remove JMeter module. 2017-12-11 11:06:52 +00:00
josecoll
120fd8fdd9 Fixed compilation errors following DriverDSL refactor. 2017-12-11 11:04:40 +00:00
Patrick Kuo
8af7dc977f
Doorman refactoring and improve UX (#160)
* * change corda dependencies to 3.0-NETWORKMAP_SNAPSHOT
* packages move fix

* address PR issues

* * refactorings
* cleaned up network management server start up code.
* renamed a few classes
* segregate doorman and network map config and startup code.
* make `config-file` optional, default to ./networkManagement.conf

* readme.md and UX changes

* added dependency on rpc for the serilization env

* move init serilization env to main method to avoid interfering with test

* move cert path check to the storage, and remove redundant checks in NodeInfoWebService.

* minor fix

* some refactoring

* fix broken test and added steps to start the network

* address PR issues

* write root cert to pem file

* address PR issues
fix bugs in doorman where it try to transit jira ticket to done multiple times

* address PR issue

* approve request no longer throws exception when approve again, it will simply ignore, test is no longer relevant
2017-12-11 10:06:29 +00:00
josecoll
6456aec9ce Fixes following merge from OS for HC01.
Disabled "pertestcordapp" due to continuous conflict problem upon merge.
2017-12-11 09:56:44 +00:00
josecoll
8a6e9c52f3 Merge remote-tracking branch 'open-hc01/master' into colljos-os-hc01-merge-111217 2017-12-11 09:21:52 +00:00
igor nitto
da38e6f673
Configurable authorization/authentication data sources [CORDA-827] (#2145)
* Add support for external data source of access control data (RPC/Shell users credential and permissions), with optional in-memory caching.
* Support password encoded with Apache Shiro fully reversible Modular Crypt Format.
* Introduce 'security' field in Node configuration and related docsite page.
2017-12-11 08:39:09 +00:00
igor nitto
991c59e753
Stop granting NODE_USER full RPC permissions (#2098) 2017-12-08 18:03:57 +00:00
Patrick Kuo
92efd82fab
Fix broken test (#2218) 2017-12-08 17:27:23 +00:00
Joel Dudley
0129bbe071
Minor corrections to the V2 cheatsheet. 2017-12-08 17:00:31 +00:00
Joel Dudley
6c02c91ec7
Removes old network diagram. Consolidates two sections on node naming. Moves contract constraints to API section. 2017-12-08 17:00:08 +00:00
Clinton
b1bac9e103
ENT-1216: Various fixes to the doorman publishing that allows doorman (#164)
* Added corda release bucket to allow resolving gradle plugins from teamcity.
* Fixed the classifiers for doorman jar to ensure the correct one is published.
2017-12-08 16:28:28 +00:00
josecoll
4762569200
CORDA-822 - JMX Jolokia instrumentation (#2197)
* JMX Jolokia instrumentation WIP (driverDSL, webserver, cordformation, hibernate statistics, access policy config file hardening)

* Cordformation changes to support jolokia agent instrumentation at JVM startup.

* Minor updates to reflect usage of Jolokia 1.3.7 (which uses slightly different .war naming)

* Use relative path reference in -javaagent to prevent problem with long path names with spaces.

* Fixed incorrect regex pattern and added assertion to test.

* Enable JMX monitoring.

* Reporting of Hibernate JMX statistics is configurable (by default, only switched on in devMode)

* Make Artemis JMX enablement configurable.

* Re-instate banning of java serialization.

* Improve JUnit.

* Fixes following rebase from master.

* Re-instated correct regex for picking up Jolokia agent jar.

* Fixed broken integration test.

* Updated documentation

* Updated following PR review feedback.

* Fixed compilation error caused by change in DriverDSL argument type.

* Fixed compilation error caused by change in DriverDSL argument type.

* Fail fast if jolokia-agent-jvm.jar is not located.

* Applied changes in cordformation following review feedback from CA.
2017-12-08 16:27:12 +00:00
Katelyn Baker
75ea23d193
Merge pull request #2212 from corda/smallFixs
Code tidy up, auto reformat, IntelliJ suggestions
2017-12-08 15:44:06 +00:00
Patrick Kuo
9b097aa988
CORDA-819 Add checks to ensure TLS and Client CA cert chains to the same trusted root (#2149)
* testnet bad node info bug fix

* address PR issues

* fix PR issues

* remove TODO for checking validation logic
2017-12-08 14:35:49 +00:00
Katelyn Baker
afdf5fb717 Code tidy up, auto reformat, IntelliJ suggestions 2017-12-08 14:21:30 +00:00
Alberto Arri
7c5a328cc1
Create a single NodeInfo (#2174) 2017-12-08 14:16:06 +00:00
Ross Nicoll
e6adbe7137
CORDA-831: Add confidential identity certificate type (#2198)
* Rename certificate types
* Create separate certificate type for confidential identities
* Add name constraints to dev node CA
* Move dev node CA into getTestPartyAndCertificate()
2017-12-08 13:17:29 +00:00
Andrzej Cichocki
32ea59d085
Inline some DUMMY constants. (#2200) 2017-12-08 10:45:22 +00:00
Andras Slemmer
c794f8418c
Merge pull request #162 from corda/aslemmer-fix-netty-buffer-leak
Aslemmer fix netty buffer leak
2017-12-08 10:12:35 +00:00
Ross Nicoll
ce859178eb
Correct identities passed to generateSpend (#2199)
Pass well known identities instead of confidential into `generateSpend()`
2017-12-07 18:12:25 +00:00
Clinton
1375084936
CORDA-840: Gradle plugins are now able to be published to artifactory. (#2203)
Gradle plugins are now able to be published to artifactory.
2017-12-07 17:22:22 +00:00
Joel Dudley
e0abcda13b
Makes it clearer how to build a JAR. Removes ambiguous deployNodes content. 2017-12-07 16:39:52 +00:00
szymonsztuka
737cd7edba
Improved SQL test setup for Azure SQL and SQL Server (#152)
* Improved SQL scripts for SQL Server and Azure to drop user/permissions on class setup not on test setup
* Set Micorsoft JDBC driver as compile time dependency.
* Database testing description.
* New table node_mutual_exclusion added to SQL test setup scripts.
2017-12-07 16:26:17 +00:00
Andras Slemmer
bb5d5d6944 Various modifications to debugging tools 2017-12-07 15:35:28 +00:00
Andras Slemmer
fcdb669042 Fix leak by executing acks on the messaging executor 2017-12-07 15:35:28 +00:00
Patrick Kuo
b3ca36132f
Use network map objects from corda instead of stubs (#146)
* * change corda dependencies to 3.0-NETWORKMAP_SNAPSHOT
* packages move fix

* fix up after rebase

* rename test

* address PR issues

* address PR issues

* fix failing test
2017-12-07 13:22:41 +00:00
Andrzej Cichocki
c36bea3af5
CORDA-654 MockServices no longer has hard-coded identities (#2192)
* Resurrect a test
* Fix a broken test
* Pass in the initial identity
* Make IdentityService easier to mock
2017-12-07 11:55:18 +00:00
Alberto Arri
eb3b816d90
Rename NetworkisRegistrationHelperTest to NetworkRegistrationHelperTest (#2185) 2017-12-06 14:36:09 +00:00
szymonsztuka
60fca0bf16
Merge Open Source to Enterprise 2017-12-06 11:44:58 +00:00
szymonsztuka
57c6460ddc Fixes after merge Open Source into Enterprise. 2017-12-06 10:43:09 +00:00
Shams Asari
8461837f1a Cleaned up Driver.kt so that only the relevant bits are exposed as public API 2017-12-05 23:52:15 +00:00
szymonsztuka
cb43091ff8 Merge Open Source into Enterprise
# Resolved conflicts:
#	core/src/main/kotlin/net/corda/core/node/services/TransactionStorage.kt
#	node/src/integration-test/kotlin/net/corda/node/BootTests.kt
#	node/src/integration-test/kotlin/net/corda/node/CordappScanningDriverTest.kt
#	node/src/integration-test/kotlin/net/corda/node/NodePerformanceTests.kt
#	node/src/integration-test/kotlin/net/corda/node/SSHServerTest.kt
#	node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
#	node/src/integration-test/kotlin/net/corda/test/node/NodeStatePersistenceTests.kt
#	node/src/main/kotlin/net/corda/node/Corda.kt
#	node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt
#	node/src/main/kotlin/net/corda/node/internal/StartedNode.kt
#	node/src/test/kotlin/net/corda/node/services/events/NodeSchedulerServiceTest.kt
#	samples/attachment-demo/src/integration-test/kotlin/net/corda/attachmentdemo/AttachmentDemoTest.kt
#	samples/trader-demo/src/integration-test/kotlin/net/corda/traderdemo/TraderDemoTest.kt
#	testing/node-driver/src/main/kotlin/net/corda/testing/NodeTestUtils.kt
#	testing/node-driver/src/main/kotlin/net/corda/testing/internal/NodeBasedTest.kt
#	testing/node-driver/src/main/kotlin/net/corda/testing/node/MockServices.kt
2017-12-05 17:35:54 +00:00
Andrzej Cichocki
b0ebf3d7e0
CORDA-654 Various MockServices refactorings (#2167)
* Remove MockServices.stateMachineRecordedTransactionMapping which does nothing
* Inline StateLoaderImpl
* Remove unused MockServices
* MockServices well-known identities not needed in a place
* A few things don't need a full-blown ServiceHub
2017-12-05 16:22:53 +00:00
Rick Parker
bc630a0381 Local perftestcordapp cluster using driver (#154)
* Issue and pay sampler now allows to bypass coin selection.

* Local driver based launch of nodes running perftestcordapp

* Fixed comments.
2017-12-05 15:39:08 +00:00
Andrzej Cichocki
e4d76204c1
Pass some key constants into MockServices. (#2173) 2017-12-05 14:50:56 +00:00
cburlinchon
c87f37af3e
ENT-1127 mutual exclusion so a node cannot start if another is running (#111)
* Dont lock row
* Add config for RunOnceService
* Don't invalidate Hibernate L2 cache on native queries
* Change column names to avoid name clash
2017-12-05 14:46:35 +00:00
Alberto Arri
0c667fe9d3
Renable doorman test (#156)
Re-enable doorman tests
2017-12-05 14:40:32 +00:00
Joel Dudley
9adf4bfc57
Removes the maxWidth parameter that caused the docsite to not use the full screen width. 2017-12-05 14:23:41 +00:00