* Initial look at restricting artemis user based on connection port
* Consolidate RPC and RPCAdmin broker types
* First pass at consolidating into single P2P and RPC broker. Passes at least one integration test (NodeRPCTests)
* Detekt fixes
* Fix dependencies of BridgeSmokeTest
* Close RPC security manager on shared broker close
* Fix return type from authenticate method to be nullable
* Fix AuthDBTests by stopping caching of RPC users failed logins and now correct permission exception is returned by RPC when user is revoked
* Fix port binding error reporting
* Fix null user to be treated as RPC user, and changed expectation of missing queue to be a permissions failure
* Fix MQSecurityAsRPCTest to have correct expectations
* Fix detekt
* Fix RPCSecurityManagerTest for change in exception thrown
* Added new tests for RPC user deletion and password change
* New RPC test for user password change (old password fails) and reduced caching time of authentication and authorisation, from 1 hour to 10 seconds, of P2P connections now they don't check expensive CRLs.
* Confine max message size checking to P2P port only
* Upgrade to Artemis 2.37.0
* Remove issuance tests as involves no P2P
* Remove issuance tests as involves no P2P
* Upgrade Artemis MQ and Proton-J
* Appease detekt to remove magic numbers
* Fix qpid jms to be a version that is compatible with our code. No correlation with qpid version.
* Fix deprecated methods
* Revert "Appease detekt to remove magic numbers"
This reverts commit ae7942013ff3ca0f82c71d71177f8037cfeb2d66.
* Revert "Remove issuance tests as involves no P2P"
This reverts commit c5dda17bd8182ecb83dd61bfa9ff658cff114f92.
* Revert "Remove issuance tests as involves no P2P"
This reverts commit 9166541608d12952aa19e8f0c5d0cea2320da9c2.
* Add a constant for qpid version
---------
Co-authored-by: Ryan Fowler <ryan.fowler@r3.com>
* ENT-12366 ExternalVerifier no longer needs legacy contracts folder, and can derive everything it needs from attachments.
* ENT-12366 Fix compiler warnings
* Revert "ENT-12366 Fix compiler warnings"
This reverts commit 4e884a551986e9f499891091a3ff301bb17fc091.
* ENT-12366 Attempt to appease warnings in both 1.2 and 1.9 compilers
* ENT-12366: External verifier now sets appclassloader to legacy contracts directory instead of the cordapps directory.
* ENT-12366: Now check legacy-contracts exists before start external verifier.
Nodes currently will try and resolve network parameters from the network map and fail if it not available, rather than preferring the availability of a node they are currently interacting with.
A migrated notary identity could not be resolved on new nodes added post-migration, but the old identity is available in the network parameter notary whitelist.
Added a test that covers both bugs in a single reproduction test that simulates the scenario in which both were uncovered.
* ENT-11728: Switched to LTS version of BC. Also removed PQC algos as not supported in LTS.
* ENT-11728: Removed the SPHINCS PQC algorithm.
* ENT-11728: Added dependency on bcutil to fix missing class error.
It was previously generating TLS keys, which seems to have been an oversight.
Using EdDSA also has a slight performance edge, as there's some mutex contention when ECDSA keys are used.
It turns out the JDK implementation (`SunEC` provider) of Ed25519 signature verification is quite slow, slower than the abandoned library (i2p) it replaced. This has been replaced by Bouncy Castle, whereby the `EDDSA_ED25519_SHA512` signature scheme uses it. `SunEC` still remains the default implementation. `Crypto.toSupportedPublicKey` (and `toSupportedPrivateKey`) were tweaked to make sure any `SunEC` keys are converted to Bouncy Castle. The presence of two different `EdECPublicKey` implementations for the same key causes cache misses in `BasicHSMKeyManagementService`, resulting in another performance degradation.
The `TransactionBuilder` has been updated to look for any missing dependencies to legacy contract attachments, in the same way it does for missing dependencies for CorDapps in the "cordapps" directory,
Since `TransactionBuilder` does verification on the `WireTransaction` and not a `SignedTransaction`, much of the verification logic in `SignedTransaction` had to moved to `WireTransaction` to allow the external verifier to be involved. The external verifier receives a `CoreTransaction` to verify instead of a `SignedTransaction`. `SignedTransaction.verify` does the signature checks first in-process, before then delegating the reset of the verification to the `CoreTransaction`.
A legacy contract dependency is defined as an attachment containing the missing class which isn't also a non-legacy Cordapp (i.e. a CorDapp which isn't in the "cordapp" directory).
