* CORDA-866: Implement removal of stale nodes from network
Backported
* Implement removal of stale nodes from network
Add eventHorizon to NetworkParameters structure. Add republishing of
node info on 1 day intervals - it is treated by network map as heartbeat from node indicating if it's alive or not. Add removal of old node infos on network map signing.
* Add copy method to NetworkParameters data class
Add JvmOverloads annotation to the constructor, because it's data class
exposed in API
* Fix test
* Pagination relies on a recursive call to count total results, this sub-query should NOT perform pagination checks.
* Fix using defaulted parameter.
* Make internal method private.
* CORDA-1001 - Remove peristent map in NodeSchedulerService (#763)
* Add scheduled flow test that uses multithreaded node
* Replace use of PersistentMap in NodeSchedulerService
* Correct class name and remove duplicate test
* Address initial PR comments
* Remove debugging code
* Remove acidentally added line
* Move Scheduled State contracts to internal module
* Put things in the right places
* Add changelog message
* Fix countdown issue
* Addressing PR comments
* Remove unused class
Vault queries: 'order by' function aggregation e.g. 'order by sum(col)' is replaced by the position of the selected column (e.g. 'order by 1').
Rationale: A database may be unable to support aggregation function in order by clause e.g. 'order by (sum col_x)' and Hibernate can't produce alias in this case e.g. ' select sum(col_x) as alias_x... order by also_x ...', the best universal solution is to use positional parameter e.g. 'select sum(col_x) as alias_x... order by 1 ...'
(cherry picked from commit 416d4ec)
Just as we did for the RPC CLient, refactor kryo specific elements into
their own sub module. Also move kryo specific components out of generic
RPC files.
Thus, adding AMQP support will be a much smoother operation
* Move notary service related classes and interfaces in core to internal, since we won't be able to stabilise the APIs for writing custom notary services any time soon (the docs already mention it). I left out the wire protocol related classes so we don't accidentally break it.
* fix a bug where registration tool will refuse to register for a service identity if the keystore contain NODE_CA key already.
some refactoring
(cherry picked from commit 5ed60ab)
* ENT-1540: Make sure transactions with "expired" time windows get re-notarised correctly.
Currently the time window is checked before states are being passed to a uniqueness provider. If the time window is
invalid, the transaction will be rejected even if it has already been notarised, which violated idempotency.
For this reason the time window verification was moved alongside state conflict checks.
* Update API - this only affects custom notary interfaces
VaultQuery tests wrapped inside transaction which gets rolled back rather then recreating DB from scratch for each test
Moved Missing schema test to separate class, as it modifies global test class state
* CORDA-1335: Scan attachment Jar only to speed-up the process.
* CORDA-1335: Explicitly mention other types of contracts to scan.
* CORDA-1335: Refactor to eliminate listing different subclasses of Contract in two separate places.
* ENT-1323 Network map service to check all identities in submitted node info
* fixup after rebase
* address PR issues, refactored createValidNodeInfo
* address PR issues
(cherry picked from commit f9ed55b)
Change conversion to toStringShort() instead of toBase58String() - as done for H2 Cash Selection.
Fix withIssuerRefs case - iterate via list of IssuerRefs and setBytes instead of setArray of BYTEA.
Add test for Cash Selection with issuerRef.
Since we are running web-server and different handling methods will be called from
different threads, it is more appropriate to use concurrent data structures
for exchanging information between threads.
Prior to this change I observed the following exception which is likely to be due `certPaths` not synchronized between threads:
```
Caused by: kotlin.KotlinNullPointerException
at net.corda.node.utilities.registration.RegistrationHandler$reply$1.invoke(NodeRegistrationTest.kt:151) ~[integrationTest/:?]
at net.corda.node.utilities.registration.RegistrationHandler$reply$1.invoke(NodeRegistrationTest.kt:122) ~[integrationTest/:?]
at net.corda.core.internal.InternalUtils.logElapsedTime(InternalUtils.kt:221) ~[corda-core-corda-4.0-snapshot.jar:?]
at net.corda.core.internal.InternalUtils.logElapsedTime(InternalUtils.kt:213) ~[corda-core-corda-4.0-snapshot.jar:?]
at net.corda.node.utilities.registration.RegistrationHandler.reply(NodeRegistrationTest.kt:149) ~[integrationTest/:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_161]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_161]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_161]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_161]
```
Packages re-jig was meant to reduce the size of the jars that are being produced by the
node driver. E.g. previously `MessageState` was in package `net.corda` which resulted in jar file
of around 2MB to be created. Same for `NodeStatePersistenceTests` which was in `net.corda.node`
* Improve logging for NetworkMap requests
* Allow interrupt in polling if the process started successfully
* Put `advertiseNewParameters` back
* Additional log line to indicate when all the nodes are started
* Improve logging and use concurrent map since it is updated from multiple threads
* Change NetworkMap response validity duration and rename parameter accordingly
* Changes following code review from @shamsasari
* Making Corda's JPA classes non-final and Serializable.
* Making Corda's JPA classes non-final and Serializable.
* Making Corda's JPA classes non-final and Serializable.
* Making Corda's JPA classes non-final and Serializable.
* CORDA-1208: Notary service should persist the notarisation request signature along with the committed input states.
This required modifying the uniqueness provider interface to accept the signature in addition to input states.
Until now the committed state log used to be stored as a map of (state reference -> (tranasction id, consuming party)).
Adding the serialized signature would mean inflating each state entry by around 700 bytes, which would be grossly inefficient.
Instead, two tables are now used: one for storing (state referece -> transaction id) map, and another for storing the notarisation
request details (transaction id, consuming party, date, signature).
* Update api - all of these changes are only related to custom notaries
Old code failed with:
```
11:34:01.536 [main] ERROR net.corda.node.internal.Node - Exception during node startup
java.nio.file.InvalidPathException: Illegal char <:> at index 2: /C:/Program%20Files/JetBrains/IntelliJ%20IDEA%20Community%20Edition%202017.3.1/lib/idea_rt.jar
at sun.nio.fs.WindowsPathParser.normalize(WindowsPathParser.java:182) ~[?:1.8.0_144]
at sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:153) ~[?:1.8.0_144]
at sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:77) ~[?:1.8.0_144]
at sun.nio.fs.WindowsPath.parse(WindowsPath.java:94) ~[?:1.8.0_144]
at sun.nio.fs.WindowsFileSystem.getPath(WindowsFileSystem.java:255) ~[?:1.8.0_144]
at java.nio.file.Paths.get(Paths.java:84) ~[?:1.8.0_144]
at net.corda.node.utilities.JVMAgentRegistry.resolveAgentJar(JVMAgentRegistry.kt:46) ~[classes/:?]
at net.corda.node.internal.AbstractNode.initialiseJVMAgents(AbstractNode.kt:785) ~[classes/:?]
at net.corda.node.internal.AbstractNode.start(AbstractNode.kt:199) ~[classes/:?]
at net.corda.node.internal.Node.start(Node.kt:335) ~[classes/:?]
at net.corda.node.internal.NodeStartup.startNode(NodeStartup.kt:146) ~[classes/:?]
at net.corda.node.internal.NodeStartup.run(NodeStartup.kt:120) [classes/:?]
at net.corda.node.Corda.main(Corda.kt:16) [classes/:?]
```
The problem with the previous implementation is that the transaction would be deserialized with the schema specified
in the serialized form, but the calculation of the id would involve re-serializing properties using a local serialization context
which might produce a different result.
- Existing embedded Shell connects via RPC including checking RPC user credentials (before was a direct use of CordaRPCOps): in dev mode when console terminal is enabled, node created `shell` user.
- New Standalone Shell app with the same functionalities as Shell: connects to a node via RPC Client, can use SSL and run SSH server.
* Fix another non-serializable exception, add docs, fix a possible security issue.
* Update API definition to reflect methods added to make more exceptions serializable
This was achieved by having the hash in the node-info file to be just of the node's X.500 name. This also solves existing duplicate node-info file issues that we've been having.
Also updated the docsite.
* CORDA-1122 Switch AMQP bridge to use auto-commit sends and acks
* CORDA-1122 Codereview: Add comment for extra commit to rollback and add better message sequence logging to tricky test
* CORDA-986 and CORDA-985 CompositeKey and Signature verification performance fixes (#2467)
* CORDA-696: Create separate transaction types for contract upgrade transactions.
Add rationale around upgrade transactions
Move contract upgrade transaction resolution logic into internal until it's stabilised.
Throw a better exception when contract attachment not found
Default legacy contract constraint to always accepting - needs to be changed to whitelist constraint before merging
Introduce a new upgraded contract interface that allows specifying the legacy constraint.
Remove StateLoader, make all tx resolution functions take in ServicesForResolution
Contract upgrade transactions can handle whitelist by zone constraints
When creating a contract upgrade transaction, make sure the attachment of the old cordapp gets attached when using hash constraints.
Attachment lookup for a given contract class name only scans currently loaded cordapps, and we don't load old versions of cordapps.
CORDA-696: Update upgrade docs
* CORDA-1096 - Performance when loading multiple states from the vault (#2609)
* Provide efficient `loadStates()` implementation
* Replace loops using `loadState` with calls to `loadStates`
* Replace `map`/`flatMap` with just a single `flatMap`
* ENT-1443 Add cert role to CSR and doorman issue cert according to the cert role (#431)
* Doorman and HSM create certificate base on requested cert role specified in the certificate signing request.
(cherry picked from commit 94f7392)
* remove R3 corda code
CORDA-1010: Notary flow - clients now send a signature over a notarisation
request in addition to the transaction. This will be logged by the notary
to be able to prove that a particular party has requested the consumption
of a particular state.
* Jolokia agents are loaded dynamically if configured
* Renamed exportJmxTo (never used) to jmxMonitoringHttpPort and take it from config
* Updated documentation and tests
Further, the look up of the node's own node-info from its database has been tightened to ensure there isn't more than one.
Also fixed some brittle code which was assuming exactly one address rather than at least one.
* Update check api changes to look for internals
* Update several more uses of internal
* Make check-api-changes script filter out internal class usages
* Make CordaClock part of API
* Update api-current.txt
* Remove exclusion of nodeapi.internal
* Remove access to CordaPersistence from public api
* Don't expose DB Connection from StartedMockNode and remove unnecessary transaction from CustomVaultQueryTest
* Make internal tests that use need db access use InternalMockNetwork
* Make test certificates internal
* Address further review comments
* Revert some accidental changes to api-current.txt
* Address Shams' review comments
* Update Api Scanner to filter out CordaInternal attribute
* Update api-current.txt
* Remove superfluous brackets
* Add transaction to StartedMockNode
* More leaky transaction fixes
* Added per-cordapp configuration
* Added new API for Cordformation cordapp declarations to support per-cordapp configuration
* Added a cordapp configuration sample
* Remove sslConfiguration from public constructor of CordaRPCClient
* Address review comments
* Update api-current.txt
* sslConfiguration doesn't need to be a property
* Don't expose StartedNode via Node Driver
* Dont expose StartedNode/Abstract Node via MockNetwork
* Remove internal var from constructor as it doesn't hide from public api and change to internal initialisation method
* Update api
* Rename MockNode to StartedMockNode to avoid confusion
Update documentation
Update api-current.txt
* Fix typo
* Fix test failure
* Modify flow tests to use internal mock network and remove additional internal exposures from StartedMockNode
* Fix api-current
* Change InProcess and OutOfProcess to interfaces
* Explicitly declare MockNetwork parameters
Dont expose StateMachineManager
Move affected tests to use internal mock network
* Fix api-current
* Changes requested via review
* Fix IRS Demo address
* Fix api
* Remove internal attribute from classes in internal package
* Remove accidentally added code
* Move useHttps into NodeHandleInternal
* Remove duplicated code
* Update api-current
* Make webAddress internal on NodeHandle
* Make sure parameters in public api are explicitly specified
* Use correct address in IRS Demo
* Get webaddress from webserver handle
* Update api-current
* wire up and enforce max transaction size
* fixup after rebase
moved network parameter from AbstractNode to NodeProperties
* removed TODO
* fix broken import
* address PR issues
* remove API breaking change
address PR issue
* added max transaction size to driver and mock network.
address PR issues
* fix failing test
* added TODO
* fix verifier test
* fix spring driver build error
* Network parameters updates
Add two RPC methods networkParametersFeed and
acceptNewNetworkParameters. Implementation of client handling of network
parameters update event. Partial implementation of accepting new
parameters and installing them on the node as well as node startup with
updated parameters.
Move reading of network parameters on startup to separate
NetworkParametersReader class. Add tests.
Move NetworkParameters and NotaryInfo classes to core.
* Ignore evolvability test - to be fixed later
* Add documentation on update process
* Create CordaInternal attribute for properties on public classes that are not part of the api and apply to FlowLogic.stateMachine
* Remove startFlow from public test api and replace with startFlowAndReturnFuture
* Update api-current with changed signature
* Change test used in documentation to use public test methods
* Remove the rest of the unneccessary usages of the startFlow test utility
* Remove extra whitespace
* Rename startFlowAndReturnFuture back to startFlow
* Update api
* The annotation doesn't appear unless its marked as on the actual getter and setter
* Updated docs and removed pointless attribute
* Deleted whitespace
Minor tweaks to the invocation context code.
1) Un-deprecate FlowInitiator, move the deprecation to the field. This
eliminates large numbers of warnings and means developers are warned
only once in the place where they obtain one.
2) Add documentation for StateMachineInfo and create a type alias to give
it a better name in an ABI compatible way.
3) Improve markup on InvocationContext
4) Rename field from just "context" to "invocationContext" (Context is vague)
* set network registration poll interval via http cache control header from the server side
* default poll interval to 10 seconds if cache header not found
* address PR issues
* address PR issues
(cherry picked from commit dca8699)
* add cmdline option for network root truststore and password, instead of using node's truststore configuration to avoid confusion.
* revert line auto format
* fix failing integration test
* address PR issue
* Make notary service return the current time and the transaction time window
along with the TimeWindowInvalid error.
Deprecate TimeWindowChecker.
Add a static method for validating transaction time window to reduce code duplication.
* ENT-1403 Cache node attachments (and attachment content)
* ENT-1403 Make cache sizes configurable
* Update documentation with new config parameters
* Test that non-existence of attachments is not cached
* Remove unneeded defaults in interface
* It turned out we need the defaults on the interface in quite a few tests
* Codereview: typos, size in MB rather than bytes, charset in tests, move concurrencyLevel to a constant
* Codereview: Make the internal config value bytes again, but config file in MB
* Fix example config unit test
Changes compatible with R3.Corda (ENT-794):
1) Added Hibernate corda-wrapper-binary two to to columns.
2) Shorten names of tables in dummy schemas used in tests.
3) Undo removal of compound index of VaultTxnNote (b423fea).
4) Assertions for 2 vault tests don't rely on order of rows.
* Test for node restart
* Executor gets shutdown on stop, make sure we have one on start
* Reset shutdown otherwise AbstractNode.stop never gets called
* CORDA-928 cache query results via `getPeerByLegalName` and `getNodesByIndentityKey` to avoid hitting the DB hard in RPC handling.
* Skip cache invalidation during init() - caches are still null.
* Remove registeredNodes/partyNodes caching of data feed.
Rewrite data feed to be initialised off the DB.
Add start method to trigger readyness/artemis listeners if there are nodes in the DB.
* Invalidate cache last rather than first when updating
* ENT-1383 Make the transaction cache in DBTransactionStorage memory-weight based (rather than count based) so large transactions can no longer use an undue amount of memory.
* Code review: formatting and legibility
* Fix stupid type cast error
* More formatting
Introduced DigitalSignatureWithCert and SignedDataWithCert as internal APIs, with the expectation that they will become public; renamed the network parameters end-point to network-parameters; updated the network-map.rst doc; and did some refactoring.
* add foreign key names and move the participants mapping to the subclass so that the table name can be configured
* update api-current file
* fix compilation errors
* PR changes
* PR changes
* Raft notaries can share a single key pair for the service identity (in contrast to a shared composite public key, and individual signing key pairs). This allows adjusting the cluster size on the fly.
* Added test cases covering encrypted password usage
* Renamed UserAuthServiceTests as AuthDBTests: the integration tests checking user credentials loaded from external database (still limited to H2 in-memory for now).
* Some internal renamings
Add functions for constructing `FlowLogicRef` from class name, rather than requiring the class itself. This avoids requiring that schedulable states have access to the scheduled flow to instantiate, but instead can require it only actually scheduling the flow. This reduces the size of the JAR required to validate transactions containing these states.
Using the --just-generate-node-info flag for the notary nodes so that their identities can be submitted to the network map server, which does the network parameters generation.
With network parameters the CN is no longer needed to identify notaries. This frees it up to be used in the node's name alongside the other attributes.
Also, the identity generation logic has been simplified, removing the need to have magic string values for storing distributed identities in the keystore. Now there are just two alias prefixes: "identity" as it was previously, and "distributed-notary".
* Add roles to X509 certificates so that the identity service can always determine which certificate in a hierarchy is the well known identity
* Rename CLIENT_CA certificate type to NODE_CA
* Rename DOORMAN role to INTERMEDIATE_CA
* Correct issue in CashTests where instead of providing a well known identity to generateSpend(), a confidential identity was passed in and a confidential identity generated from it.
* Enforce role hierarchy in PKI
* Enforce that party certificates must be well known or confidential identities
* Add network map certificate role
Copying of the node-info files moved out of Cordform and into NetworkParametersGenerator (which is now called NetworkBootstrapper). This class becomes an external tool to enable deployment of nodes in a test setup on a single filesystem.
* * Document TestIdentity entropy and enforce that it actually works
* Ledger/transaction DSL default notary with fresh key
* MockServices default identity with fresh key
* makeTestIdentityService now takes vararg
* Require cordappPackages for MockServices
* DSL automatic serialization init
* Improve error when two MockNetworks used
* * Make cordappPackages required by MockNetwork
* Default identity service in MockServices
* Make notarySpecs Java-friendly
* Able to send hand coded messages to an Artemis node inbox
Get startup race condition fixed. Start cleanup work.
Fixup after rebase
Remove SASL hack for now
Minor tweaks. Enable AMQP mode manually.
Add configuration control
Slight clean up
Stop timeouts that don't work with AMQP
Rename class
Get TLS constants from :node-api
Primitive integration test
Put back commented line
Session per bridge to alow rollback on remote rejects.
Add more tests and handle multiple IP adddresses
Reduce logging
Fixup after rebase
Add a test to verify the remote end AMQP rejection logic works and does cause message replay.
Allow Artemis to duplicate after session rollback
Reduce number of threads
Move legacy bridge related code over to CoreBridgeManager
Shared threadpool for bridges
Add a test to confirm that no side effects when using a shared thread pool.
Address PR comments and remove dead lines
Rebase and add some comments
Remove a couple of blank lines
Ensure AMQP bridges are used in tests
Fixup after removal of testNodeConfiguration
Add a couple of doc comments
Add a couple of doc comments
Make things internal and use CordaFuture
Address some PR comments
Change comment type
* Use Artemis 2.2 to fix AMQP problems. Add explicit test of legacy core bridges, as marking the factory class private had silently broken them.
* Fix change due to using Artemis 2.2
* Take maximum message size from network parameters
* Add epoch handling
* Add handling of network parameters mismatch
Change NetworkMapClient and updater, add handle in
AbstractNode that results in node shutdown on parameters mismatch. Later
on we should implement proper handling of parameters updates.
Add tests of NetworkParameters wiring.
When node starts with compatibilityZone url configured it takes
networkParameters from the networkMap.
* Permit only one network parameters file
On node startup network parameters are read from node's base directory,
we permit only zero or one files to be there. If network map server is
configured the parameters can be downloaded at startup (if not present
in the directory already).
* Update docs on network map endpoints
* SignedNetworkMap verification fix
SignedNetworkMap verification should also include cert path validation,
which was probably moved away by accident, because docs say about the
exception CertPathValidatorException.
* Extend unit test on RPCSecurityManager
* Fix corner cases in permission parsing and bug in tryAuthenticate
* Rework docsite page
* Add missing ChangeLog entry
* Add support for external data source of access control data (RPC/Shell users credential and permissions), with optional in-memory caching.
* Support password encoded with Apache Shiro fully reversible Modular Crypt Format.
* Introduce 'security' field in Node configuration and related docsite page.
* JMX Jolokia instrumentation WIP (driverDSL, webserver, cordformation, hibernate statistics, access policy config file hardening)
* Cordformation changes to support jolokia agent instrumentation at JVM startup.
* Minor updates to reflect usage of Jolokia 1.3.7 (which uses slightly different .war naming)
* Use relative path reference in -javaagent to prevent problem with long path names with spaces.
* Fixed incorrect regex pattern and added assertion to test.
* Enable JMX monitoring.
* Reporting of Hibernate JMX statistics is configurable (by default, only switched on in devMode)
* Make Artemis JMX enablement configurable.
* Re-instate banning of java serialization.
* Improve JUnit.
* Fixes following rebase from master.
* Re-instated correct regex for picking up Jolokia agent jar.
* Fixed broken integration test.
* Updated documentation
* Updated following PR review feedback.
* Fixed compilation error caused by change in DriverDSL argument type.
* Fixed compilation error caused by change in DriverDSL argument type.
* Fail fast if jolokia-agent-jvm.jar is not located.
* Applied changes in cordformation following review feedback from CA.