Commit Graph

2295 Commits

Author SHA1 Message Date
jakub.zadroga
83a7f28c67 Add bcutil dependency for BC 2024-11-21 18:41:24 +07:00
Adel El-Beik
194d50071b Merge branch 'release/os/4.12' into merge-release/os/4.11-release/os/4.12-2024-11-07-445 2024-11-08 11:06:08 +00:00
r3-build
b6dbd51326 Merging forward updates from release/os/4.10 to release/os/4.11 - 2024-11-07 2024-11-07 11:08:57 +00:00
r3-build
e34d019f85 Merging forward updates from release/os/4.9 to release/os/4.10 - 2024-11-06 2024-11-06 09:46:41 +00:00
Adel El-Beik
8d9120713c ENT-12314: Dont display warning for sig constraint fail if checking for rotated keys after. 2024-11-05 18:17:58 +00:00
Adel El-Beik
7c591de607
Merge pull request from corda/adel/ENT-12373
ENT-12373: Can now cope with diff input states from diff rotated CorDapps.
2024-11-05 17:34:50 +00:00
Adel El-Beik
f0c73cc95f ENT-12373: Can now cope with diff input states from diff rotated CorDapps. 2024-11-04 19:44:25 +00:00
Rick Parker
d3b847aa8e
ENT-12395: Stop warning about failed verification when resolving missing dependencies in TransactionBuilder ()
* Stop warning about failed verification when resolving missing dependencies in TransactionBuilder

* Stop warning about failed verification when resolving missing dependencies in TransactionBuilder
2024-11-04 13:06:22 +00:00
Rick Parker
436eca1524
ENT-12366 ExternalVerifier no longer needs legacy contracts folder, and can derive everything it needs from attachments. ()
* ENT-12366 ExternalVerifier no longer needs legacy contracts folder, and can derive everything it needs from attachments.

* ENT-12366 Fix compiler warnings

* Revert "ENT-12366 Fix compiler warnings"

This reverts commit 4e884a5519.

* ENT-12366 Attempt to appease warnings in both 1.2 and 1.9 compilers
2024-11-01 16:27:36 +00:00
Adel El-Beik
a67e6cdb1e
Merge pull request from corda/merge-release/os/4.11-release/os/4.12-2024-10-29-432
ENT-11275: Merging forward updates from release/os/4.11 to release/os/4.12 - 2024-10-29
2024-10-31 14:18:47 +00:00
Adel El-Beik
8a3ac3882c
Merge pull request from corda/parkri/legacy-min-platform-version
ENT-11479 TransactionBuilder will not add legacy attachments once minimum platform version reaches 140 (4.12)
2024-10-31 14:17:33 +00:00
rick.parker
33592910ee ENT-11479 TransactionBuilder will not add legacy attachments once minimum platform version reaches 140 (4.12) 2024-10-30 18:05:13 +00:00
Adel El-Beik
06e24e2a3b
Merge branch 'release/os/4.12' into merge-release/os/4.11-release/os/4.12-2024-10-29-432 2024-10-29 17:06:05 +00:00
Adel El-Beik
33cf48e04b
ENT-12366: External verifier now sets appclassloader to legacy contra… ()
* ENT-12366: External verifier now sets appclassloader to legacy contracts directory instead of the cordapps directory.
* ENT-12366: Now check legacy-contracts exists before start external verifier.
2024-10-28 15:28:50 +00:00
Adel El-Beik
8edfbb792c ENT-11275: Removing obsolete DJVM stuff. 2024-10-28 14:11:19 +00:00
r3-build
3fb3917695 Merging forward updates from release/os/4.10 to release/os/4.11 - 2024-10-23 2024-10-23 07:59:33 +00:00
Adel El-Beik
1022d1ec97
ENT-11275: Added span to multi send and receive calls. ()
* ENT-12275: Added spans around multi send & receive.
2024-10-23 08:58:40 +01:00
Adel El-Beik
a3519d9fd0 ENT-12314: Updated signature attachment constraint warning message to mention the key may be a rotated key. 2024-10-18 13:55:43 +01:00
Adel El-Beik
98d9263aba ENT-11975: Fixed merge errors. 2024-10-15 17:38:56 +01:00
Adel El-Beik
5b812a56c2 Merge branch 'release/os/4.11' into merge-release/os/4.10-release/os/4.11-2024-10-14-372 2024-10-15 16:33:13 +01:00
Adel El-Beik
3bf717a747 Merge branch 'release/os/4.10' into merge-release/os/4.9-release/os/4.10-2024-10-10-367 2024-10-14 16:11:30 +01:00
Adel El-Beik
4c0aa16f1e ENT-12291: RotatedKeys can be retrieved from MockServices. 2024-10-10 12:49:46 +01:00
Adel El-Beik
a2537d59f5 ENT-12291: Removed from rotated keys from public api. 2024-10-09 17:16:04 +01:00
Adel El-Beik
828066a646 Backport contract key rotation to 4.9. 2024-10-09 14:46:57 +01:00
Adel El-Beik
282ee95188 ENT-11975: Contract key rotation ()
ENT-11975: Contract key rotation implementation.
2024-10-07 16:55:50 +01:00
Adel El-Beik
6f4ec5d9e5
ENT-11975: Contract key rotation ()
ENT-11975: Contract key rotation implementation.
2024-10-02 12:53:11 +01:00
r3-build
5a94803222 Merging forward updates from release/os/4.11 to release/os/4.12 - 2024-08-15 2024-08-15 06:08:14 +00:00
Rick Parker
cc44c77ed4
ENT-12108 ReceiveFinalityFlow returns a transaction that is not signed by the notary () 2024-08-15 07:06:58 +01:00
rick.parker
967402122c Merge branch 'release/os/4.12' into merge-release/os/4.11-release/os/4.12-2024-08-13-341
# Conflicts:
#	docker/src/docker/DockerfileAL
#	node/src/integration-test/kotlin/net/corda/node/services/identity/NotaryCertificateRotationTest.kt
2024-08-13 17:26:41 +01:00
rick.parker
237d0032ea Merge branch 'release/os/4.11' into merge-release/os/4.10-release/os/4.11-2024-08-12-297
# Conflicts:
#	constants.properties
#	core-deterministic/build.gradle
#	core/src/main/kotlin/net/corda/core/flows/ReceiveTransactionFlow.kt
#	serialization-djvm/src/test/kotlin/net/corda/serialization/djvm/DeserializePublicKeyTest.kt
2024-08-13 10:22:05 +01:00
Rick Parker
ed3875c8b7
Merge branch 'release/os/4.10' into merge-release/os/4.9-release/os/4.10-2024-08-12-297 2024-08-12 19:27:12 +01:00
Rick Parker
38f24d33ba
ENT-12072 ENT-12073: Check notary whitelist when resolving old identities and don't depend on network map availability first for old network parameters ()
Nodes currently will try and resolve network parameters from the network map and fail if it not available, rather than preferring the availability of a node they are currently interacting with.

A migrated notary identity could not be resolved on new nodes added post-migration, but the old identity is available in the network parameter notary whitelist.

Added a test that covers both bugs in a single reproduction test that simulates the scenario in which both were uncovered.
2024-08-12 19:19:30 +01:00
chriscochrane
4b90f93f77
Updates for security issues 2024-07-18 14:23:16 +01:00
Adel El-Beik
0f713aaa44
ENT-11003: Upgraded Jetty and Jersey. ()
* ENT-11003: Upgraded jetty and jersey. Fixed up simm valuation demo.
2024-04-18 09:40:42 +01:00
Adel El-Beik
72778b7fb0
ENT-11728: Switched to LTS version of BC. Also removed PQC algos as n… ()
* ENT-11728: Switched to LTS version of BC. Also removed PQC algos as not supported in LTS.
* ENT-11728: Removed the SPHINCS PQC algorithm.
* ENT-11728: Added dependency on bcutil to fix missing class error.
2024-04-03 11:14:19 +01:00
Shams Asari
af62c36986
ENT-11458: Make sure external verifier is involved when verifying transactions in collect signatures flow ()
* ENT-11458: Make sure external verifier is involved when verifying transactions in collect signatures flow

* Using SignedTransaction.verify(checkSufficientSignatures = false) after the observation that the current check for notSigned is effectively the same as just calling with checkSufficientSignatures = false.
2024-04-02 16:56:09 +01:00
Shams Asari
d576588676 ENT-11717: Re-enable warnings as errors on Jenkins 2024-03-27 11:21:43 +00:00
Shams Asari
9955dcd6af ENT-11448: Better error message if transaction has missing legacy attachments
Especially if the transaction has multiple contracts and one of them doesn't have a legacy attachment whilst the others do.
2024-03-21 15:08:43 +00:00
Shams Asari
2d83ff27b3 ENT-11679: Reverted changes to internal APIs used by legacy token SDK contracts 2024-03-20 17:11:05 +00:00
Adel El-Beik
a2ab283f4f
Merge pull request from corda/shams-thread-safe-random
ENT-11678: Mark Corda `SecureRandom` as thread safe
2024-03-20 14:58:49 +00:00
Adel El-Beik
6e3374c2c8
Merge pull request from corda/shams-legacy-contract-deps
ENT-11445: Support legacy contract CorDapp dependencies
2024-03-20 12:10:35 +00:00
Shams Asari
1356cbf10e ENT-11678: Mark Corda SecureRandom as thread safe
This avoids a mutex contention as the JDK assumes it’s not thread safe.
2024-03-20 10:49:08 +00:00
Shams Asari
9d57caebed ENT-11661: Replaced SunEC Ed25519 implementation with Bouncy Castle
It turns out the JDK implementation (`SunEC` provider) of Ed25519 signature verification is quite slow, slower than the abandoned library (i2p) it replaced. This has been replaced by Bouncy Castle, whereby the `EDDSA_ED25519_SHA512` signature scheme uses it. `SunEC` still remains the default implementation. `Crypto.toSupportedPublicKey` (and `toSupportedPrivateKey`) were tweaked to make sure any `SunEC` keys are converted to Bouncy Castle. The presence of two different `EdECPublicKey` implementations for the same key causes cache misses in `BasicHSMKeyManagementService`, resulting in another performance degradation.
2024-03-19 07:48:22 +00:00
Adel El-Beik
769aac11f2
Merge pull request from racerole/release/os/4.12
ENT-11581: fix some typos
2024-03-13 11:05:41 +00:00
Shams Asari
b3265314ce ENT-11445: Support legacy contract CorDapp dependencies
The `TransactionBuilder` has been updated to look for any missing dependencies to legacy contract attachments, in the same way it does for missing dependencies for CorDapps in the "cordapps" directory,

Since `TransactionBuilder` does verification on the `WireTransaction` and not a `SignedTransaction`, much of the verification logic in `SignedTransaction` had to moved to `WireTransaction` to allow the external verifier to be involved. The external verifier receives a `CoreTransaction` to verify instead of a `SignedTransaction`. `SignedTransaction.verify` does the signature checks first in-process, before then delegating the reset of the verification to the `CoreTransaction`.

A legacy contract dependency is defined as an attachment containing the missing class which isn't also a non-legacy Cordapp (i.e. a CorDapp which isn't in the "cordapp" directory).
2024-03-13 10:58:11 +00:00
Adel El-Beik
5b8fc6f503
Merge pull request from corda/shams-signers-component-group
ENT-9659: Using signers component group for `WireTransaction.requiredSigningKeys`
2024-03-07 20:03:47 +00:00
Shams Asari
47a57285fb ENT-9659: Using signers component group for WireTransaction.requiredSigningKeys
The previous solution of using `Command.signers` has the risk of not being deserialisable if the correct CorDapp is not installed on the node.
2024-03-07 10:24:38 +00:00
racerole
4d1d1b0c9c fix some typos
Signed-off-by: racerole <jiangyifeng@outlook.com>
2024-03-06 11:06:13 +08:00
Shams Asari
900809b3d7 ENT-11090: Removed all JDK 8/11 conditional code 2024-03-05 17:10:26 +00:00
Shams Asari
0091807c2f ENT-11101: Fix all crypto issues introduced by Java 17 upgrade
The various crypto tests that were previously ignored have been re-enabled.

The abandoned i2p EdDSA library has been replaced with native support that was added in Java 15.

Java 17 (via the `SunEC` provider) does not support the secp256k1 curve (one of the two ECDSA curves supported in Corda). This would not normally have been an issue as secp256k1 is already taken care of by Bouncy Castle. However, this only works if the `Crypto` API is used or if `”BC”` is explicitly specified as the provider (e.g. `Signature.getInstance(“SHA256withECDSA”, “BC”)`). If no provider is specified, which is what is more common, and actually what the Java docs recommend, then this doesn’t work as the `SunEC` provider is selected. To resolve this, a custom provider was created, installed just in front of `SunEC`, which “augments” `SunEC` by delegating to Bouncy Castle if keys or parameters for secp256k1 are encountered.

`X509Utilities.createCertificate` now calls `X509Certificate.verify()` to verify the created certificate, rather than using the Bouncy Castle API. This is more representative of how certificates will be verified (e.g. during SSL handshake) and weeds out other issues (such as unsupported curve error for secp256k1).

`BCCryptoService` has been renamed to `DefaultCryptoService` as it no longer explicitly uses Bouncy Castle but rather uses the installed security providers. This was done to fix a failing test. Further, `BCCryptoService` was already relying on the installed providers in some places.

The hack to get Corda `SecureRandom` working was also resolved. Also, as an added bonus, tests which ignored `SPHINCS256_SHA256` have been reinstated.

Note, there is a slightly inconsistency between how EdDSA and ECDSA keys are handled (and also RSA). For the later, Bouncy Castle is preferred, and methods such as `toSupportedKey*` will convert any JDK class to Bouncy Castle. For EdDSA the preference is the JDK (`SunEC`). However, this is simply a continuation of the previous preference of the i2p library over Bouncy Castle.
2024-03-04 13:29:49 +00:00