Commit Graph

3316 Commits

Author SHA1 Message Date
Shams Asari
900809b3d7 ENT-11090: Removed all JDK 8/11 conditional code 2024-03-05 17:10:26 +00:00
Shams Asari
0091807c2f ENT-11101: Fix all crypto issues introduced by Java 17 upgrade
The various crypto tests that were previously ignored have been re-enabled.

The abandoned i2p EdDSA library has been replaced with native support that was added in Java 15.

Java 17 (via the `SunEC` provider) does not support the secp256k1 curve (one of the two ECDSA curves supported in Corda). This would not normally have been an issue as secp256k1 is already taken care of by Bouncy Castle. However, this only works if the `Crypto` API is used or if `”BC”` is explicitly specified as the provider (e.g. `Signature.getInstance(“SHA256withECDSA”, “BC”)`). If no provider is specified, which is what is more common, and actually what the Java docs recommend, then this doesn’t work as the `SunEC` provider is selected. To resolve this, a custom provider was created, installed just in front of `SunEC`, which “augments” `SunEC` by delegating to Bouncy Castle if keys or parameters for secp256k1 are encountered.

`X509Utilities.createCertificate` now calls `X509Certificate.verify()` to verify the created certificate, rather than using the Bouncy Castle API. This is more representative of how certificates will be verified (e.g. during SSL handshake) and weeds out other issues (such as unsupported curve error for secp256k1).

`BCCryptoService` has been renamed to `DefaultCryptoService` as it no longer explicitly uses Bouncy Castle but rather uses the installed security providers. This was done to fix a failing test. Further, `BCCryptoService` was already relying on the installed providers in some places.

The hack to get Corda `SecureRandom` working was also resolved. Also, as an added bonus, tests which ignored `SPHINCS256_SHA256` have been reinstated.

Note, there is a slightly inconsistency between how EdDSA and ECDSA keys are handled (and also RSA). For the later, Bouncy Castle is preferred, and methods such as `toSupportedKey*` will convert any JDK class to Bouncy Castle. For EdDSA the preference is the JDK (`SunEC`). However, this is simply a continuation of the previous preference of the i2p library over Bouncy Castle.
2024-03-04 13:29:49 +00:00
Adel El-Beik
6dfbed572e
ENT-11522: Unignored flow tests and updated artemis mq filter to check for null property. (#7679) 2024-03-04 12:25:37 +00:00
Adel El-Beik
4031c28947
ENT-11502: Upgrade platform version to 140. (#7674) 2024-03-04 12:24:15 +00:00
Adel El-Beik
0000c75391 ENT-11504: Bind to the same address that the server socket created. 2024-02-22 12:52:11 +00:00
Shams Asari
200333b198 ENT-11355: Backwards compatibility with older nodes via new attachments component group 2024-02-19 17:19:49 +00:00
Shams Asari
8fd3139df1 ENT-11355: Cleanup of TransactionBuilder and CorDapp loading
This is code refactoring and cleanup that is required to add a new WireTransaction component group for 4.12+ attachments, and for supporting legacy (4.11 or older) contract CorDapps in the node.
2024-02-12 14:27:07 +00:00
Chris Cochrane
c7514e1c60
ENT-11443 Function sig changes to support removing enterprise compiler warnings (#7671) 2024-02-07 14:46:18 +00:00
Suhas Krishna Srivastava
a95b854b1e
ENT-11386: Using NodeAttachmentService instead of fat interface ServiceHub. (#7670) 2024-02-01 11:49:52 +00:00
Chris Cochrane
9b794795a0
ENT-11351 - Compiler warnings pass 4 (#7663)
* Compiler warnings

* Resolve detekt errors

* Reverted code change; added warning suppression

* Address PR review comments
2024-01-29 13:49:00 +00:00
Shams Asari
a7d0684fe7
ENT-11384: Cleanup JarScanningCordappLoader (#7664)
* It uses URLs when in fact CorDapps are jar files, and so should being Path. It also does URL equality, which is not recommended
* Address (very old) TODO of removing RestrictedURL, which is not needed

Also, back-ported some minor changes from https://github.com/corda/enterprise/pull/5057.
2024-01-29 13:44:14 +00:00
Adel El-Beik
d642ebfbd7
Merge pull request #7662 from corda/arshadm/ent-6914-disable-node-metadata
ENT-6914 Disabled module metadata generation for the node capsule
2024-01-25 14:10:38 +00:00
Shams Asari
63f8e220c8
ENT-11251: Upgrade to Kotlin language version 1.9 (#7660) 2024-01-25 13:51:19 +00:00
Arshad Mahmood
4ea42c4d75 ENT-6914 Disabled module metadata generation for the node capsule as it was generating invalid json 2024-01-25 12:11:47 +00:00
Chris Cochrane
975500d878
ENT-11351 - Compiler warnings pass 3 (#7659)
* More compiler warnings fixed

* Amended deprecation suppression annotations, as per review comments
2024-01-25 10:18:58 +00:00
Adel El-Beik
3abb218bca
Merge pull request #7654 from corda/shams-external-verifier-analyse-txs
ENT-11255: Scan attachments to determine if they are Kotlin 1.2 or later
2024-01-23 16:56:47 +00:00
Chris Cochrane
f15e6ec56a
ENT-11351 - Compiler warnings pass 2 (#7655)
* Addressed compiler warnings

* Removed unchecked cast fixes - not for this PR

* Sorted out detekt issues
2024-01-23 10:19:03 +00:00
Shams Asari
f30ba33929 ENT-11255: Scan attachments to determine if they are Kotlin 1.2 or later
The node now sends a transaction to the verifier if any of its attachments were compiled with Kotlin 1.2 (the net.corda.node.verification.external system property has been removed). It uses kotlinx-metadata to read the Kotlin metadata in the attachment to determine this. For now this scanning is done each time the attachment is loaded from the database.

The existing external verification integration tests were converted into smoke tests so that 4.11 nodes could be involved. This required various improvements to NodeProcess.Factory. A new JAVA_8_HOME environment variable, pointing to JDK 8, is required to run these tests.

There is still some follow-up work that needs to be done:

Sending transactions from a 4.11 node to a 4.12 node works, but not the other way round. A new WireTransaction component group needs to be introduced for storing 4.12 attachments so that they can be safely ignored by 4.11 nodes, and the 4.12 node needs to be able to load both 4.11 and 4.12 versions of the same contracts CorDapp so that they can be both attached to the transaction.
Even though attachments are cached when retrieved from the database, the Kotlin metadata version should be stored in the attachments db table, rather than being scanned each time.
Finally, VerificationService was refactored into NodeVerificationSupport and can be passed into SignedTransaction.verifyInternal, instead of needing the much heavier VerifyingServiceHub. This makes it easier for internal tools to verify transactions and spawn the verifier if necessary.
2024-01-22 11:31:51 +00:00
Arshad Mahmood
e5355d9e75 ENT-6914 Fix generated pom 2024-01-22 10:22:08 +00:00
Chris Cochrane
1ff853b421
ENT-11351 - Compiler warnings pass 1 (#7652)
* Removed warnings - pass 1

* Resolve detekt errors

* Properly compare X500 distinguished names
2024-01-19 10:26:50 +00:00
Balwant Kothari
795e61807d
ENT-11113 Fixed review comments 2024-01-18 00:34:59 +05:30
Balwant Kothari
13e13fd236
ENT-11113 Updating test case to user overrridden Sysout instead of mock 2024-01-18 00:15:46 +05:30
Balwant Kothari
49f35aa5ea
ENT-11113 Updating test case for accessing modifier as per JDK17 compatibility 2024-01-15 15:26:10 +05:30
Adel El-Beik
d9e0172bf7
Merge pull request #7643 from corda/bk/os_fixes_412
ENT-11113 Update instant time resolution in test cases
2024-01-12 18:26:25 +00:00
Balwant Kothari
22e96f1bda
ENT-11113 Instant default time resolution is nano but HashedDistributionList.PublicHeader default derialisation happens at millis resolution to passing time in millis resolution as input 2024-01-11 18:15:19 +05:30
Shams Asari
ccc605493d WIP 2024-01-10 10:47:32 +00:00
Shams Asari
2e63ca6264
ENT-11065: Remove the need for JVM flags in client code (#7635) 2024-01-03 11:22:03 +00:00
Shams Asari
406f7ff292
ENT-11056: Compile the external verifier using Kotlin 1.2 (#7622)
This requires Kotlin 1.2 versions of core and serialization (core-1.2 and serialization-1.2 respectively), which are just "shell" modules and which compile the existing source code with Kotlin 1.2. The 1.2 plugin does not work with the current version of Gradle and so the 1.2 compiler has to be called directly.

Now with two versions of Kotlin in the code base, each module needs to have its version manually specified to ensure a clean separation. Otherwise, the default Kotlin version can override 1.2 when needed.

Some of the code was tidied-up or improved to enable it to be cross-compiled. For post-1.2 APIs being used, they have been copied into core-1.2 with the same method signatures. OpenTelemetryComponent was moved to node-api, along with the dependency, to avoid also having a 1.2 version for the opentelemetry module.
2024-01-02 17:02:20 +00:00
Adel El-Beik
4791f0d84f
Merge pull request #7630 from corda/merge-release/os/4.11-release/os/4.12-2023-12-21-86
ENT-11118: Merging forward updates from release/os/4.11 to release/os/4.12 - 2023-12-21
2023-12-22 12:23:02 +00:00
Arshad Mahmood
26861ffd05 ENT-11295 ActiveMQ behaviour has changed so that CREATE_ADDRESS is perforned before CREATE_DURABLE_QUEUE in this situation 2023-12-21 15:03:09 +00:00
Balwant Kothari
d235e887fe
ENT-11113 Ignored JDK 17 related fixes for byteman related issues (#7626)
* Updated mockito version and removed ignored annotation to relevant test cases
2023-12-21 11:11:55 +00:00
r3-build
2eb1e9f426 Merging forward updates from release/os/4.11 to release/os/4.12 - 2023-12-21 2023-12-21 03:50:35 +00:00
Adel El-Beik
e815b381ef
Merge pull request #7617 from corda/merge-release/os/4.11-release/os/4.12-2023-12-15-79
ENT-11281: Merging forward updates from release/os/4.11 to release/os/4.12 - 2023-12-15
2023-12-19 13:15:51 +00:00
Adel El-Beik
7cbfc71a74
Merge pull request #7621 from corda/feature/arshad/ent-11294-fix-checkpoint-failing-test
ENT-11294  Fix failing tests in - FlowCheckpointVersionNodeStartupCheckTest
2023-12-19 11:26:10 +00:00
Jose Coll
5a807e1eed Detekt. 2023-12-19 09:25:43 +00:00
Jose Coll
b47d5ec5c7 Merge branch 'release/os/4.12' into merge-release/os/4.11-release/os/4.12-2023-12-15-79 2023-12-19 08:46:52 +00:00
Jose Coll
c1fe0e739a Resolve conflicts. 2023-12-19 08:46:26 +00:00
Arshad Mahmood
2a149e3aee ENT-11294 Handle kryo exception wrapped in KryoException 2023-12-18 16:12:34 +00:00
Adel El-Beik
422786dccc
Merge pull request #7608 from corda/shams-verification-service
ENT-11267: Introducing VerificationService, which implements VerificationSupport in terms of node-based services
2023-12-18 13:47:32 +00:00
Shams Asari
61a05a90eb
ENT-11155: Remove internal Kotlin utilities which have since been added after 1.2 (#7585)
This is mostly the `Path` extension functions in `PathUtils.kt`.
2023-12-18 12:05:08 +00:00
r3-build
16ade601ad Merging forward updates from release/os/4.10 to release/os/4.11 - 2023-12-16 2023-12-16 19:18:14 +00:00
r3-build
1cf66d4a8f Merging forward updates from release/os/4.9 to release/os/4.10 - 2023-12-15 2023-12-15 20:02:41 +00:00
Tom Stark
71e187dddb ENT-11118: Netty SSL handshake fix (#5028)
* ENT-11118: Added fix for netty SSL handshake fail
2023-12-15 17:16:15 +00:00
Shams Asari
a34932e887 ENT-11267: Introducing VerificationService, which implements VerificationSupport in terms of node-based services 2023-12-12 15:01:48 +00:00
Arshad Mahmood
c94f1d730c ENT-11271 Publish dependencies in the maven pom.xml 2023-12-12 13:24:15 +00:00
Adel El-Beik
6c4ab9a440
Merge pull request #7575 from corda/merge-release/os/4.11-release/os/4.12-2023-11-14-36
ENT-11130: Merging forward updates from release/os/4.11 to release/os/4.12 - 2023-11-14
2023-12-07 17:54:21 +00:00
Shams Asari
e2bcd0499e ENT-11263: Remove TooGenericExceptionCaught detekt rule 2023-12-07 13:36:21 +00:00
Shams Asari
11d0054fcc
ENT-11055: Basic external verification (#7545)
* ENT-11055: Basic external verification

Introduction of the external transaction verifier, a separate JVM process for verifying `SignedTransaction`s. The end goal is for this verifier to be built with Kotlin 1.2 so that it creates a compatible verification environment for transactions with 4.11 contracts. For now however the verifier is built against Kotlin 1.8, same as the node.

External verification is enabled when the the system property `net.corda.node.verification.external` is set to `true`. When enabled, all verification requests made via `SignedTransaction.verify` are sent to the external verifier, regardless of the transaction content. It will do the vast bulk of the verification and then send the result back, namely if an exception occurred. If it did, then it's re-thrown in the node.

The external verifier is a stateless process, with no connection to the node's database. All transaction resolution information needed to create the relevant ledger transaction object are made to the node, which waits in a loop servicing these requests until it receives the result. The verifier Jar is embedded in the Corda node Jar, and is extracted and run when needed for the first time. The node opens up a local port for the verifier to communicate with, which is specified to the verifier in the process command line. This all means there is no extra configuration or deployment required to support external verification.

The existing code had some initial attempts and abstractions to support a future external verification feature. However,
they were either incorrect or didn't quite fit. One such example was `TransactionVerifierService`. It incorrectly operated on the `LedgerTransaction` level, which doesn't work since the transaction needs to be first serialised. Instead a new abstraction, `VerificationSupport` has been introduced, which represents all the operations needed to resolve and verify a `SignedTransaction`, essentially replacing `ServicesForResolution` (a lot of the changes are due to this). The external verifier implements this with a simple RPC mechanism, whilst the node needed a new (internal) `ServiceHub` abstraction, `VerifyingServiceHub`. `ServicesForResolution` hasn't been deleted since it's public API, however all classes implementing it must also implement `VerifyingServiceHub`. This is possible to do without breaking compatibility since `ServicesForResolution` is annotated with  `@DoNotImplement`.

Changes to `api-current.txt` were made due to the removal of `TransactionVerifierService`, which was clearly indicated as an internal class, and returning `TransactionBuilder.toLedgerTransactionWithContext` back to an internal method.

* Address review comments

* One bulk load states method

* Merge fix
2023-12-07 11:29:27 +00:00
Balwant Kothari
74ca2c6734
ENT-10560 JDK 17 Test Cases Fixes (#7598)
* Updated mockito version and removed ignored annotation to relevant test cases

* Updated mockito version and removed ignored annotation to relevant test cases
2023-12-07 10:46:56 +00:00
Shams Asari
199e167639
ENT-11192: Migrate usage of @Test.expected annotation parameter (#7593)
Replaced usage of `@Test.expected` annotation parameter with more specific exception assertions. This is also needed to migrate away from the explicit timeouts in every tests.
2023-12-06 16:45:51 +00:00