* CORDA-2089 - network parameters tags - part
Data structures changes, storage and notarisation.
Tag transactions with network parameters hash that was in force when tx
was created. Add component group on all core transactions and resolved
parameters on full transactions. The hash should be always visible on
the filtered versions of transactions. Add
notarisation check that the parameters are current.
Implement network parameters storage on services for resolution.
This is only part of the work, next PR will include changes to
ResolveTransactionsFlow to make sure that parameters in the transaction
graph are ordered (this is to prevent the downgrade attack, when the
malicious notary and participants sign transaction that shouldn't be
notarised otherwise).
Probably on network services side we need the default parameters
endpoint for the
transactions that were created before this change - for now it's default
to the current ones.
* Make parameters storage agnostic to cert hierarchy
Test fixes
* Address most PR comments
* Fixes after rebase
* Fixes. Add epoch column to parameters storage.
* Address part of review comments
* Some more comments
* Hopefully fixing what I broke doing rebse
* Address Kostas comments
* Further fixes
* Save all parameters from updates to storage
* Fix integration test
* Address comments
* Fixes after rebase
* Fix test
* Fixes
* Add wrapper for filtering around parameters hash
* API stability fixes
* Add NetworkParametersStorageInternal
* Rename
* Temp commit
* Print the error message first by default, makes error output more natural.
* Polishing
* Further modifications after testing
* Documentation updates
* Couple of fixes after review
* Removing unnecessary tests
* Fix broken test
* Add interface to bootstrapper for testign
* Added unit tests
* Remove unused class
* Fix up bootstrapper unit tests and add a couple more
* Refactor the tests slightly
* Review comments
* Couple of minor tweaks
* ENT-2610: Separate passwords for store and for private keys in Corda OS.
When it comes to KeyStores there are *2* passwords: 1 for the keyStore as a whole and separately there is one private keys within this keyStore.
Unfortunately, those 2 passwords have to be the same due to Artemis limitation, for more details please see:
`org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory`
where it is calling `KeyManagerFactory.init()` with store password.
Before change in this PR, throughout our codebase there are multiple places where we assume that storePassword is the same as keyPassword, even in the classes that have nothing to do with Artemis.
This is of course less than ideal as TLS communication may be used not only for Artemis connectivity (e.g. Bridge/Float interaction in Ent) and it is unfair to impose same passwords constraint on that communication channel.
Therefore this PR is removing this limitation and properly separating storePassword from keyPassword.
Linked Jira(https://r3-cev.atlassian.net/browse/ENT-2610) has for more background info.
Suggest to start review from `net.corda.core.crypto.X509NameConstraintsTest` to get an idea about the nature of the changes made.
* ENT-2610: Address PR input from @kchalkias
* ENT-2610: Address PR input from @kchalkias, s/privateKeyPassword/entryPassword/
* ENT-2610: Address PR input from @kchalkias, s/keyPassword/entryPassword/
In the implementation of `CertificateStoreSupplier`
The entry point to the API has been simplified to just requireing a list of packages to scan, with sensible defaults provided for the metadata. Because of the wither methods, having parameters for the metadata (with default values) seems unnecessary. Also the ability to scan just individual classes has been made internal, as it seems unlikely app developers would need that level of control when testing their apps.
TestCordappImpl is a data class and thus acts as a natural key for the Jar caching, where previously the key was the package names. This fixes an issue where it was not possible to create two CorDapp Jars of the same package but different metadata.
* Provide an optional configuration setting to specify the minimum platform version to use in the network params file.
* Leave Cordform signature intact.
* Leave previous Gradle Plugin called signature intact.
* Incorporating feedback from PR review.
* Added minimum platform version validation check.
* Removed final 2 references to "default"
* Added changelog entry.
* Add test for SNI header to prevent changing it accidentally.
* added hardcoded values test to ensure hashing function and corda x500 name format can't be changed
* Create constraint, extract Jar signature collection
* Extract JarSignatureCollector into its own file
* Jar signature collection throws exception if signatures are inconsistent
* Focus testing in Jar signature collection
* Extract some helper functions in test
* Patch tests with mock attachment storage
* Assert that generated constraint is satisfied by signed attachment
* Clarify constraint selection logic
* Explicit return types on extension methods
* Link to docsite Signature Contrainsts documentation
* Fix issue with shared JAR reading buffer
Moved start up logic of the various node components out of their c’tors and into “start” methods, which are called from Node.start(). The components themselves are created in the Node’s c’tor with minimal initialisation logic.
Certain things are not immediately available at construction time, which are instead given to the components at start time in an orderly fashion:
* Certs from the node’s key store and trust store
* The network parameters, and thus access to things like maxMessageSize and the contracts whitelist
* A running database - several components were doing database stuff their c’tors
* The node’s NodeInfo, and thus access to things like identities and addresses
The messaging service couldn’t be created in the Node’s c’tor due to initialisation issues with MockNode. This should be fixed in a later commit.
* CORDA-1661 Reverting DEV certificates
* Addressing review comments
* Removed the intermediate certificate from the trust store and added some test cases for the revocation check
The list of CorDapps jars is no longer passed in via the cmd line but is now expected to be placed in the bootstrapped directory.
Ended up being a bit of a refactor to cater for unit testing, and also tidied up the bootstrapper docs.
node-api now depends on this module and upcoming changes will use this as well rather than having to depend on node-api.
EnumEvolveTests.deserializeWithRename and EnumEvolveTests.multiOperations are temporarily ignored since their test resources can't be regenerated due to bugs.
It's no longer used as we've switched over to AMQP for RPC calls so
remove it from everywhere and only use it for checkpointing
* Wire up demo bench post Kryo removal
* Test Fixes
* rebase and fix tests
* Test Fix
* wip
* revert changes to api now we don't need to add annotations
* Client and server support for amqp
* Observable (and supporting) serialisers
Unit Tests
* Fixing tests
* Test fixes
* CORDA-847 - Update api doc with additon of @CordaSerializable annotation
* TestFixes
* review comments
* TestFixes
* Test Fix
* Test Fix
* Test Fix
* Test Fix
* Test Fix
* Test Fix
* TestFix
* Test Fix
* Review Comments
* Prepare node-api for determination.
* Disentangle Kryo and AMQP classes.
* Add version properties for fast-classpath-scanner, proton-j and snappy.
* Remove String.jvm extension function.
* Refactor Cordapp reference out of AMQP serialisers' primary constructors.
* CORDA-847 - Pass serialization context down serialization call stack
Needed for later work on AMQP RPC where we need to set per-thread
elements on a context. Could use some magic thread local but I'd rather
it was explicit on the stack and thus easier to reason about.
Additionally, now we're passing this around we can make better use of it
in the future
* Test Fix
* Test fixes
* REVIEW COMMENTS / CODE FORMAT
* Fix build issues
Just as we did for the RPC CLient, refactor kryo specific elements into
their own sub module. Also move kryo specific components out of generic
RPC files.
Thus, adding AMQP support will be a much smoother operation
