* Design doc (unfinished).
* Design doc, requirements completed.
* Design doc, more content and the diagram.
* Design doc, more content.
* Design doc, minor changes.
* Changes following review from @davidleeuk
* Changes following review from @gendal
* Changes following review from @shamsasari
* R3NET-546: Re-arrange independent flows into separate packages. Functionally this is a NOP change.
* R3NET-546: Start BNO as a separate Corda node and improve GUI experience for IOU.
* R3NET-546: Move all the membership checks to the Business Network Owner node side, creating "InitiatedBy" flows as necessary.
* R3NET-546: Make MembershipViolationException AMQP serializable.
* R3NET-546: Improve GUI error reporting in case of membership violation.
* R3NET-546: Code changes following review by: @shamsasari
* R3NET-546: Code changes following review by: @shamsasari
* R3NET-546: Added a dedicated InvalidMembershipListNameException.
* CORDA-876 MockNetwork no longer leaks serialization env if init fails (#2272)
* Removed all remaining special treatment of the X500 common name.
* Move unspecifiedCountry to internal. (#2274)
* Merge fixes, which includes fixing the doorman tests and updating the doorman to not set a CN in the CSR responses
* Quick fixes
* Fix SignedNodeInfo
Introduce network-management schema changes to reflect that NodeInfos
can have multiple signatures.
* Address Shams comments
Store SignedNodeInfo as a blob for network management tool.
* Add more detail to HSM doorman outputs
* Remove duplicate display of defaults, add default value where it was only set in text, and show the actual names of the authentication modes.
* Add instructions for getting command line help
* Change error display to use System.err
* ENT-1012 - Use non-privileged user
* ENT-1012 - Build and run containerised tests from IntelliJ
* ENT-1012 - Remove trusty source in container
* ENT-1012 - Make debug target toggleable
* ENT-1012 - Inform when ready to attach debugger
* ENT-1012 - Update reference to user home folder
With network parameters the CN is no longer needed to identify notaries. This frees it up to be used in the node's name alongside the other attributes.
Also, the identity generation logic has been simplified, removing the need to have magic string values for storing distributed identities in the keystore. Now there are just two alias prefixes: "identity" as it was previously, and "distributed-notary".
* Add roles to X509 certificates so that the identity service can always determine which certificate in a hierarchy is the well known identity
* Rename CLIENT_CA certificate type to NODE_CA
* Rename DOORMAN role to INTERMEDIATE_CA
* Correct issue in CashTests where instead of providing a well known identity to generateSpend(), a confidential identity was passed in and a confidential identity generated from it.
* Enforce role hierarchy in PKI
* Enforce that party certificates must be well known or confidential identities
* Add network map certificate role