Basic pieces of bridge, still very rough
Work in progress
Fixes after rebase
Primitive float tunnel implementation
Put explanatory comments on the interfaces. Add support for different SSL KeyStores for the different connections to/from the bridge and float.
Add a couple more comments
Cleanup
Fix some issues
Use a new custom header to relay the login identity from bridges. (Will add more security to this shortly)
Make key protection logic a bit clearer in the comments
Create some basic test and integrationTests
Add a couple of tests of the BridgeAMQPListenerService
Add some basic tests
Correct comment
Fixup after rebase
Fixup after rebase
Fixup after rebase
Explicit parameter types to work on build box.
Address PR comments
Address some of Mike's PR comments.
Re-enable test on enterprise.
Don't sweep up node default config
Remove obsolete config entry
Correct merge mistake
Configurable whitelist headers on bridge
Don't access primary artemis session from different threads used by inbound packet pathway.
Fix unit test
- Existing embedded Shell connects via RPC including checking RPC user credentials (before was a direct use of CordaRPCOps): in dev mode when console terminal is enabled, node created `shell` user.
- New Standalone Shell app with the same functionalities as Shell: connects to a node via RPC Client, can use SSL and run SSH server.
* Added per-cordapp configuration
* Added new API for Cordformation cordapp declarations to support per-cordapp configuration
* Added a cordapp configuration sample
* ENT-1282: add standalone db migration tool that works with both the node and the doorman
* ENT-1282: remove cmd line args during node startup
* ENT-1282: more clear message
* ENT-1282: fix integration test
* ENT-1282: more fixes and cleanup code
* ENT-1282: address PR comments
* ENT-1282: more fixes and refactoring
* ENT-1282: more classloader fixes
* ENT-1282: changes after demo feedback
* ENT-1282: update API
* ENT-1282: update documentation
* ENT-1282: formatting
* ENT-1282: added CONSOLE option for dry-run and logging
* ENT-1282: documentation changes
* ENT-1282: remove getMigrationResource from the public API
* ENT-1282: removed dependency on network-manager, added release-lock
* ENT-1282: Update documentation
* Initial implementation of the certificate generation tool
* Adding trust store persisting
* Addressing review comments
* Adding certificate type to the certificate generation process.
* Addressing review comments
* Fixing typos
* Changing keyOverride to 0 in examples and tests
* Addressing review comments + rebasing
* Adding CRL information to the certificate generation process
* Generation tool refactoring
* Addressing review comments
* Quick fixes
* Fix SignedNodeInfo
Introduce network-management schema changes to reflect that NodeInfos
can have multiple signatures.
* Address Shams comments
Store SignedNodeInfo as a blob for network management tool.
Copying of the node-info files moved out of Cordform and into NetworkParametersGenerator (which is now called NetworkBootstrapper). This class becomes an external tool to enable deployment of nodes in a test setup on a single filesystem.
* Initial WIP.
* Configure IAS host via system properties.
* Create separate Gretty configurations for testing and for IAS.
* (WIP) Separate configuration values from WAR; Add msg3 -> msg4 handling.
* Check the IAS report's cryptographic signature.
* Accept CertPath from IAS instead of a Certificate.
* Validate the certificate chain for the IAS report.
* Refactor response handling, and add a secret to Message4.
* Append public DH keys to generated shared secret.
* Use DH secret to generate a 256 bit AES key.
* Fix runISV Gradle task so that it creates WAR file.
* Migrate MockIAS service into a separate package.
* Remove unused aesCMAC field from Message3.
* Configure HTTP sessions to expire after 10 idle minutes.
* Ensure we select the "isv" key for MTLS with Intel Attestation Service.
* Set key alias for Intel's public certificate.
* Implement GET /attest/provision endpoint.
* Use elliptic curves for Diffie-Hellman keys.
* Pass public keys as Little Endian byte arrays without ASN.1 encoding.
* Add AES-CMAC signature to Message2.
* Remove signature fields from QUOTE body for sending to IAS.
* Add a dummy AES-CMAC field to Message3 for later validation.
* Generate AEC-CMAC for Message 3, and refactor crypto functionality.
* Calculate AES-CMAC using AES/CBC/PKCS5Padding algorithm.
* Use BouncyCastle's AESCMAC algorithm for MAC calculation.
* Include standard crypto test vectors to the unit tests.
* Encrypt MSG3 secret using AES/GCM/NoPadding with 128 bit key.
* Hash shared key with Little Endian versions of public keys.
* Refactor so that hexToBytes() is a utility.
* Simplify signing of MocKIAS report.
* Separate AES/GCM authentication tag from the encrypted data.
* Create /ias/report endpoint for ISV which proxies IAS.
* Remove unnecessary @Throws from MockIAS handlers.
* Log HTTP error status from IAS.
* Replace runISV task with startISV and stopISV tasks.
* Refactor tests to use CryptoProvider @Rule instead of @Suite.
* Move Web server for integration tests to use non-production ports.
* Add proxy endpoint for IAS revocation list.
* Generate an ECDSA "service key" for signing (gb|ga).
* Generate a persistent key-pair for the ISV to sign with.
* Verify the (Gb|Ga) signature from Message2.
* Add debugging aids.
* Fix Gradle warning.
* Remove TLV header from Platform Info Body for MSG4.
* Small tidy-up.
* Use SPID "as-is" when calculating CMAC for MSG2.
* Add DEBUG messages for MSG2's KDK and SMK values (AES-CMAC).
* Add DEBUG logging for ECDH shared secret.
* More DEBUG logging.
* The ECDH shared secret *is* the x-coordinate: no need to subrange.
* Adjust MockIAS to return an empty revocationList for GID 0000000b.
* Fix ArrayOutOfBoundsException for "small" integer values.
* Test MSG1 with empty revocation list.
* Add extra logging for IAS report request.
* ReportResponse object cannot be null.
* Fix misreading of spec - don't remove quote's signature when requesting report from IAS.
* Log invalid contents of X-IAS-Report-Signing-Certificate HTTP header.
* Build CertPath for IAS from explicit list of Certificates.
* Rename quote fields on IAS ReportResponse to match Intel.
* Log report ID and quote status from IAS.
* Add a revocation list checker to the certificate path validator.
* Tweak revocation list options, depending on IAS vs MockIAS.
* Extract Intel's certificate specifically by alias for PKIX.
* Tune quote body returned by MockIAS.
* Add AES-CMAC field to Message4 for validation.
* Increase GCM authentication tag to 128 bits.
* Receive platformInfoBlob from IAS as hexadecimal string.
* Generate secret encryption key using KDK and SK values.
* Marshall platformInfoBlob between Base16 string and ByteArray.
* Interpret status results from IAS as enums.
* Use lateinit for HttpServletRequest field.
* Refactor ExceptionHandler out of messages package.
* Alias is for ISV, so rename it.
* Refactor classes into more correct packages.
* Use random 96 bit IV for GCM encryption.
* Parameterise HTTP/HTTPS ports via Gradle.
* Do not forward a securityManifest containing only zeros to IAS.
* Address review comments.
* Review comment: Use NativePRNGNonBlocking for SecureRandom.
* Rename isv.pfx to isv-svc.pfx
* Rename keystore to isv.pfx, for clarity.
* Update scripts so that they no longer require user input.
* Generate isv.pfx from the key and certificates.
* Remove private key from repository.
* Declare an empty PSE Manifest to be invalid.
* Generate keystores "on the fly".
* Rename integration tests to end in "IT" instead of "Test".
* Add README
* Turn remote-attestation into a separate Gradle project.
* First working version of RPC & JMeter
* Remote JMeter working from single JAR.
* Some clean up. Remote slave via capsule is working.
* Full config of capsule launched JMeter server (was missing functions previously).
* SSH tunnelling utility. Property files per remote host.
* Rename jar to make easier to deploy with wildcard filters.
* Easy all in one launch of UI + SSH tunnels.
* Comment out parties.
* Work around for notary.
* Clean up, renaming etc
* Add some comments and clean up.
* Add some comments and clean up.
* README and fixes.
* Redirect search_paths into a file since it so long and doesn't work on the command line in Windows.
* First working version of RPC & JMeter
* Remote JMeter working from single JAR.
* Some clean up. Remote slave via capsule is working.
* Full config of capsule launched JMeter server (was missing functions previously).
* SSH tunnelling utility. Property files per remote host.
* Easy all in one launch of UI + SSH tunnels.
* Comment out parties.
* Work around for notary.
* Clean up, renaming etc
* Add some comments and clean up.
* Add some comments and clean up.
* README and fixes.
* Reduce the dependencies of the JMeter project by copying (#118)
one function and listing required explicit dependencies
instead of depending on loadtest
* Tidy up
* Fix ssh for windows (#121)
* Make ssh tunnels work with Pageant on windows and allow specifying explicit
ssh remote user
* Update comments
* Merging signing service and doorman
* Addressing review comments
* Removing redundant package name space from method call
* Adding description field to gradle
* Adding a new service for CSR signing
* Adding a new service for CSR signing
* Removing rejection option
* Adding CSR log and removing rejection option
* Addressing review comments
* Move SwapIdentitiesFlow to confidential-identities module
* Clean up confidential-identities build.gradle
* Change description to include Experimental
* Move confidential-identities to a dependency of node rather than node-api
