* ENT-1403 Cache node attachments (and attachment content)
* ENT-1403 Make cache sizes configurable
* Update documentation with new config parameters
* Test that non-existence of attachments is not cached
* Remove unneeded defaults in interface
* It turned out we need the defaults on the interface in quite a few tests
* Codereview: typos, size in MB rather than bytes, charset in tests, move concurrencyLevel to a constant
* Codereview: Make the internal config value bytes again, but config file in MB
* Fix example config unit test
Changes compatible with R3.Corda (ENT-794):
1) Added Hibernate corda-wrapper-binary two to to columns.
2) Shorten names of tables in dummy schemas used in tests.
3) Undo removal of compound index of VaultTxnNote (b423fea).
4) Assertions for 2 vault tests don't rely on order of rows.
* Test for node restart
* Executor gets shutdown on stop, make sure we have one on start
* Reset shutdown otherwise AbstractNode.stop never gets called
* CORDA-928 cache query results via `getPeerByLegalName` and `getNodesByIndentityKey` to avoid hitting the DB hard in RPC handling.
* Skip cache invalidation during init() - caches are still null.
* Remove registeredNodes/partyNodes caching of data feed.
Rewrite data feed to be initialised off the DB.
Add start method to trigger readyness/artemis listeners if there are nodes in the DB.
* Invalidate cache last rather than first when updating
* ENT-1383 Make the transaction cache in DBTransactionStorage memory-weight based (rather than count based) so large transactions can no longer use an undue amount of memory.
* Code review: formatting and legibility
* Fix stupid type cast error
* More formatting
* [ENT-1330]: Tool to generate migration files for CorDapps
* [ENT-1330]: cleanups
* [ENT-1330]: cleanups
* [ENT-1330]: added test to check if a migration file is properly generated and picked up
Introduced DigitalSignatureWithCert and SignedDataWithCert as internal APIs, with the expectation that they will become public; renamed the network parameters end-point to network-parameters; updated the network-map.rst doc; and did some refactoring.
* Enforce Unicode settings for SQL server (#311)
* Enforce correct unicode setting in the JDBC Url for SQL server
* Avoid cast/null check
* Fixed wrong string literal and added test to check the literal matches what Hikari expects
* Optimise Imports
* Constant for config tag and minor test improvement.
* Constant and case insensitive check
* Import and Capitalisation
* Missed curly brace
* add foreign key names and move the participants mapping to the subclass so that the table name can be configured
* update api-current file
* fix compilation errors
* PR changes
* PR changes
* [ENT-1281]: set database.runMigration=false by default and add state check at startup
* [ENT-1281]: attempt to fix tests
* [ENT-1281]: attempt to fix tests
* [ENT-1281]: set runMigration=true in the cordformation plugin
* [ENT-1281]: attempt to fix tests
* [ENT-1281]: attempt to fix tests
* [ENT-1281]: attempt to fix tests
* [ENT-1281]: fix formatting
* [ENT-1281]: typo and javadocs
* [ENT-1281]: small refactoring and added test for SchemaMigration
* [ENT-1281]: update documentation to reflect changes
* [ENT-1281]: fix tests after merge
* [ENT-1339]: for h2, allow schemas without migrations to run (#294)
* [ENT-1339]: for h2, allow schemas without migrations to run
* [ENT-1339]: fix various migration issues and change author name
* [ENT-1339]: add naming convention for migrations
* [ENT-1339]: change naming convention to use hyphens
* [ENT-1339]: change mapping of participants to be able to control the table name
* [ENT-1339]: change FK names to <=30 for oracle 11g compatibility
* [ENT-1339]: cmd line argument for migrations made consistent
* [ENT-1339]: revert abstract state superclasses
* Update db integration test setup - new tables.
* Update db integration test setup - new tables.
* [ENT-1339]: remove final from participants to allow table name config
* [ENT-1339]: shortened pk
* [ENT-1339]: revert constructor
* [ENT-1339]: change getMigrationResource api to Nullable
* fix compile error
* [ENT-1281]: fix tests after merge
* [ENT-1281]: fix tests after merge
* Added NotaryService schema to database setup for two integration tests.
* SQL Server setup scripts - create Login only if not preset (as it's done for Azure SQL).
* Oracle database drivers ojdbc7.jar and ojdbc8.jar use deserialisation which is disabled by the default in Corda. Added an Oracle package to serialFilter when the node uses Oracle database.
* Default autoCommit to false, remove setting of autocommit and only set isolationLevel if it's changed.
* Set default transaction isolation from database config
* [ENT-1339]: for h2, allow schemas without migrations to run (#294)
* [ENT-1339]: for h2, allow schemas without migrations to run
* [ENT-1339]: fix various migration issues and change author name
* [ENT-1339]: add naming convention for migrations
* [ENT-1339]: change naming convention to use hyphens
* [ENT-1339]: change mapping of participants to be able to control the table name
* [ENT-1339]: change FK names to <=30 for oracle 11g compatibility
* [ENT-1339]: cmd line argument for migrations made consistent
* [ENT-1339]: revert abstract state superclasses
* Update db integration test setup - new tables.
* Update db integration test setup - new tables.
* [ENT-1339]: remove final from participants to allow table name config
* [ENT-1339]: shortened pk
* [ENT-1339]: revert constructor
* [ENT-1339]: change getMigrationResource api to Nullable
* Raft notaries can share a single key pair for the service identity (in contrast to a shared composite public key, and individual signing key pairs). This allows adjusting the cluster size on the fly.
* Added test cases covering encrypted password usage
* Renamed UserAuthServiceTests as AuthDBTests: the integration tests checking user credentials loaded from external database (still limited to H2 in-memory for now).
* Some internal renamings
Add functions for constructing `FlowLogicRef` from class name, rather than requiring the class itself. This avoids requiring that schedulable states have access to the scheduled flow to instantiate, but instead can require it only actually scheduling the flow. This reduces the size of the JAR required to validate transactions containing these states.
Using the --just-generate-node-info flag for the notary nodes so that their identities can be submitted to the network map server, which does the network parameters generation.
* ENT-1291 Switch liquibase changelogs to use nvarchar instead of varchar
* Configure Hibernate to use nationalised strings
* Configure Hibernate to use nationalised strings
* Change schema so that UUIDs are varchars
* Update schema certificate signing request status is not unicode
* Upper case suffix for audit tables
* nvarchar -> varchar for status in the audit table
* Capitalisation
* Capitalisation
* Force hibernate to use unicode columns on SQL server
* Force hibernate to use unicode columns on SQL server
* Schema change to make PostgreSql happy
* SQL files to initialise the perfcluster db for SQL server and PostgreSql
* Code ordering and extra comment
* BFTNotaryServiceTests.kt - instantiate MockServices before each test, not at the class level - to allow database integration test clean database before each test.
* MySQLNotaryServiceTests.kt - use H2 datasource for the notary in database integration tests (and as it was before during standard integration tests)
* Revert Enterprise way of makeTestDataSourceProperties MockNode.kt.
* Minor attempt to refactor Enterprise only parts of reading database config and make it less error prone during OS->Enterprise merge.
* Tentative API and implementation.
* Tests completed. API update needed.
* Updated api-current.txt. Some previous changes hadn't been reflected and now they are.
* Improved the tests.
* Some code review changes.
* Merge branch 'master' into features/ENT-850
# Conflicts:
# .ci/api-current.txt
* Code review changes.
* Code review changes.
* Override Liquibase default schema by one from the node configuration (database.schema) if they are different. This allows database tables be created within a correct schema when no default schema is set at database level.
* Pass in the databaseConfig.schema for network manager (for Liquibase schema migration).
With network parameters the CN is no longer needed to identify notaries. This frees it up to be used in the node's name alongside the other attributes.
Also, the identity generation logic has been simplified, removing the need to have magic string values for storing distributed identities in the keystore. Now there are just two alias prefixes: "identity" as it was previously, and "distributed-notary".
* Add roles to X509 certificates so that the identity service can always determine which certificate in a hierarchy is the well known identity
* Rename CLIENT_CA certificate type to NODE_CA
* Rename DOORMAN role to INTERMEDIATE_CA
* Correct issue in CashTests where instead of providing a well known identity to generateSpend(), a confidential identity was passed in and a confidential identity generated from it.
* Enforce role hierarchy in PKI
* Enforce that party certificates must be well known or confidential identities
* Add network map certificate role
Copying of the node-info files moved out of Cordform and into NetworkParametersGenerator (which is now called NetworkBootstrapper). This class becomes an external tool to enable deployment of nodes in a test setup on a single filesystem.
* * Document TestIdentity entropy and enforce that it actually works
* Ledger/transaction DSL default notary with fresh key
* MockServices default identity with fresh key
* makeTestIdentityService now takes vararg
* Require cordappPackages for MockServices
* DSL automatic serialization init
* Improve error when two MockNetworks used
* * Make cordappPackages required by MockNetwork
* Default identity service in MockServices
* Make notarySpecs Java-friendly
* Able to send hand coded messages to an Artemis node inbox
Get startup race condition fixed. Start cleanup work.
Fixup after rebase
Remove SASL hack for now
Minor tweaks. Enable AMQP mode manually.
Add configuration control
Slight clean up
Stop timeouts that don't work with AMQP
Rename class
Get TLS constants from :node-api
Primitive integration test
Put back commented line
Session per bridge to alow rollback on remote rejects.
Add more tests and handle multiple IP adddresses
Reduce logging
Fixup after rebase
Add a test to verify the remote end AMQP rejection logic works and does cause message replay.
Allow Artemis to duplicate after session rollback
Reduce number of threads
Move legacy bridge related code over to CoreBridgeManager
Shared threadpool for bridges
Add a test to confirm that no side effects when using a shared thread pool.
Address PR comments and remove dead lines
Rebase and add some comments
Remove a couple of blank lines
Ensure AMQP bridges are used in tests
Fixup after removal of testNodeConfiguration
Add a couple of doc comments
Add a couple of doc comments
Make things internal and use CordaFuture
Address some PR comments
Change comment type
* Use Artemis 2.2 to fix AMQP problems. Add explicit test of legacy core bridges, as marking the factory class private had silently broken them.
* Fix change due to using Artemis 2.2
* A VaultQuery test involving a time window fails against Azure SQL on TC, the timeout value has been increased from 3 to 6 seconds.
* Add missing schema in Azure master db setup.
* Take maximum message size from network parameters
* Add epoch handling
* Add handling of network parameters mismatch
Change NetworkMapClient and updater, add handle in
AbstractNode that results in node shutdown on parameters mismatch. Later
on we should implement proper handling of parameters updates.
Add tests of NetworkParameters wiring.
When node starts with compatibilityZone url configured it takes
networkParameters from the networkMap.
* Permit only one network parameters file
On node startup network parameters are read from node's base directory,
we permit only zero or one files to be there. If network map server is
configured the parameters can be downloaded at startup (if not present
in the directory already).
* Update docs on network map endpoints
* Added db test setup for NetworkMapTest and NodeRegistrationTest.
* Removed database.serverNameTablePrefix property setup for notaries in DriveDSL (after rebase from OS)
* Add missing schemas for Azure master database setup.
* SignedNetworkMap verification fix
SignedNetworkMap verification should also include cert path validation,
which was probably moved away by accident, because docs say about the
exception CertPathValidatorException.
* Extend unit test on RPCSecurityManager
* Fix corner cases in permission parsing and bug in tryAuthenticate
* Rework docsite page
* Add missing ChangeLog entry
* Add support for external data source of access control data (RPC/Shell users credential and permissions), with optional in-memory caching.
* Support password encoded with Apache Shiro fully reversible Modular Crypt Format.
* Introduce 'security' field in Node configuration and related docsite page.
* JMX Jolokia instrumentation WIP (driverDSL, webserver, cordformation, hibernate statistics, access policy config file hardening)
* Cordformation changes to support jolokia agent instrumentation at JVM startup.
* Minor updates to reflect usage of Jolokia 1.3.7 (which uses slightly different .war naming)
* Use relative path reference in -javaagent to prevent problem with long path names with spaces.
* Fixed incorrect regex pattern and added assertion to test.
* Enable JMX monitoring.
* Reporting of Hibernate JMX statistics is configurable (by default, only switched on in devMode)
* Make Artemis JMX enablement configurable.
* Re-instate banning of java serialization.
* Improve JUnit.
* Fixes following rebase from master.
* Re-instated correct regex for picking up Jolokia agent jar.
* Fixed broken integration test.
* Updated documentation
* Updated following PR review feedback.
* Fixed compilation error caused by change in DriverDSL argument type.
* Fixed compilation error caused by change in DriverDSL argument type.
* Fail fast if jolokia-agent-jvm.jar is not located.
* Applied changes in cordformation following review feedback from CA.
* Rename certificate types
* Create separate certificate type for confidential identities
* Add name constraints to dev node CA
* Move dev node CA into getTestPartyAndCertificate()
This removes any need for the user implement and override types from the
super class
* CORDA-786 - Docs update
* CORDA-786 - Remove unneeded second annotation on the proxy objects
* Fix merge conflicts
* Improved SQL scripts for SQL Server and Azure to drop user/permissions on class setup not on test setup
* Set Micorsoft JDBC driver as compile time dependency.
* Database testing description.
* New table node_mutual_exclusion added to SQL test setup scripts.
* Remove MockServices.stateMachineRecordedTransactionMapping which does nothing
* Inline StateLoaderImpl
* Remove unused MockServices
* MockServices well-known identities not needed in a place
* A few things don't need a full-blown ServiceHub
* Integration test are parameterised (extends IntegrationTest) to run against a remote database with 4 db scripts run @BeforeClass, @Before, @After and @AfterClass.
* SQL script for SQL Azure and SQL Server databases and templates of JDBC configuration.
Main differences preserved in Enterprise version:
* constants.properties: platform version 1 (OS has 2)
* gradle-wrapper.properties: higher Gradle version gradle-4.3.1 (OS has gradle-4.3)
* Driver.kt - setting system property "user.dir"
* Generate networkParameteres for Cordformation.
Fix deployNodes task in Cordformation to generate NetworkParameters before running the nodes.
Add TestNetworkParametersGenerator utility loaded after node infos generation step.
* Get rid of bouncy castle provider dependency
For cordform-common. It caused problems with loading our custom
X509EdDSAEngine for generation of network parameters in deployNodes
task.
* new network map object for network map, and verify signature and root in Signed network map and node info
* fixup after rebase
* * added certificate and key to network map server
* move DigitalSignature.WithCert back to NetworkMap.kt, as its breaking API test, will raise another PR to move it back.
* Make DigitalSignature.WithCert not extend WithKey, as per PR discussion.
* various fixes after rebase.
* move Network map back to core/node, as its breaking API test
* revert unintended changes
* move network map objects to node-api
1. The runRPCCashIssue and runWebCashIssue gradle tasks didn't work because they were using the wrong ports
2. Notary lookup was failing because the lookup name didn't include the correct CN for the notary name (this slipped through when reverting the network parameters)
The ports change occurred in #1922 which was attempting the fix the runIssuer gradle task. This is actually a misleading and redundant task as all it does is start up the nodes, which is what the documented deployNodes already does. The ports runIssuer allocated to the nodes were different to the ones specified in deployNodes.
To make sure we have integration tests which closely match deployNodes, the BoC demo has been updated to make use of CordformDefinition. This keeps the node definitions in one place, removing the need to have disparate files in sync. runIssuer has been removed.
* make node info file copying optional by setting "compatabilityZoneURL" in driver
integration test for node using http network map using driver
some bug fixes
* rebase to feature branch and fixup
* add initialRegistration flag to driver
* remove useFileBaseNetworkMap flag, add network map server to DriverTest
* remove useFileBaseNetworkMap flag, add network map server to DriverTest
* use PortAllocation.Incremental instead of random
* * use PortAllocation.Incremental instead of random
* fix NodeInfoWatcher thread leak issue
* reset scheduler before create notary
* move port allocation out of companion object
* move port allocation out of companion object
* make node info file copier lateinit to avoid observable thread pool get created on init
* Coin selection for SQL Server/Azure
* Transaction isolation level change for updateInfoDB in PersistentNetworkMapCache from "repeatableRead" to "readCommitted"
* Configuration option to prefix all Hibernate generated SQL with a schema name via a configuration property `database.schema`
* Fix negative value in SELECT TOP query (fix for Oracle db)
* Revert "CORDA-296: added rpc that returns an observable for node state (#2004)"
This reverts commit 7d1f7ab
* Revert "CORDA-296: added rpc that returns an observable for node state (#2004)"
This reverts commit 7d1f7ab
Previously when de-anonymising a Party instance, the name of the Party was used rather than
the key, meaning a Party could be constructed with a random nonsense key and any name, and be treated as corresponding to the well known identity. This is not a security hole in itself as
in any real scenario a party shouldn't be trusted without having been registered, it creates
a significant risk of a security hole depending on how trusted the anonymous identity is, and
the returned identity is considered.
Pass notary identity into flow in `NodeStatePersistenceTests` rather than resolving it from the network map cache, which avoids a race condition between the flow starting and the notary registration being sent to the cache.
* consistent storage of Issuer Reference using `ByteArray` Kotlin type in Schema definition and a custom Hibernate Type to map this to a VARBINARY database type.
Creation of a new Issued type now also validates maximum size permissible (512).