Commit Graph

648 Commits

Author SHA1 Message Date
Shams Asari
900809b3d7 ENT-11090: Removed all JDK 8/11 conditional code 2024-03-05 17:10:26 +00:00
Shams Asari
0091807c2f ENT-11101: Fix all crypto issues introduced by Java 17 upgrade
The various crypto tests that were previously ignored have been re-enabled.

The abandoned i2p EdDSA library has been replaced with native support that was added in Java 15.

Java 17 (via the `SunEC` provider) does not support the secp256k1 curve (one of the two ECDSA curves supported in Corda). This would not normally have been an issue as secp256k1 is already taken care of by Bouncy Castle. However, this only works if the `Crypto` API is used or if `”BC”` is explicitly specified as the provider (e.g. `Signature.getInstance(“SHA256withECDSA”, “BC”)`). If no provider is specified, which is what is more common, and actually what the Java docs recommend, then this doesn’t work as the `SunEC` provider is selected. To resolve this, a custom provider was created, installed just in front of `SunEC`, which “augments” `SunEC` by delegating to Bouncy Castle if keys or parameters for secp256k1 are encountered.

`X509Utilities.createCertificate` now calls `X509Certificate.verify()` to verify the created certificate, rather than using the Bouncy Castle API. This is more representative of how certificates will be verified (e.g. during SSL handshake) and weeds out other issues (such as unsupported curve error for secp256k1).

`BCCryptoService` has been renamed to `DefaultCryptoService` as it no longer explicitly uses Bouncy Castle but rather uses the installed security providers. This was done to fix a failing test. Further, `BCCryptoService` was already relying on the installed providers in some places.

The hack to get Corda `SecureRandom` working was also resolved. Also, as an added bonus, tests which ignored `SPHINCS256_SHA256` have been reinstated.

Note, there is a slightly inconsistency between how EdDSA and ECDSA keys are handled (and also RSA). For the later, Bouncy Castle is preferred, and methods such as `toSupportedKey*` will convert any JDK class to Bouncy Castle. For EdDSA the preference is the JDK (`SunEC`). However, this is simply a continuation of the previous preference of the i2p library over Bouncy Castle.
2024-03-04 13:29:49 +00:00
Shams Asari
63f8e220c8
ENT-11251: Upgrade to Kotlin language version 1.9 (#7660) 2024-01-25 13:51:19 +00:00
Shams Asari
2e63ca6264
ENT-11065: Remove the need for JVM flags in client code (#7635) 2024-01-03 11:22:03 +00:00
Shams Asari
406f7ff292
ENT-11056: Compile the external verifier using Kotlin 1.2 (#7622)
This requires Kotlin 1.2 versions of core and serialization (core-1.2 and serialization-1.2 respectively), which are just "shell" modules and which compile the existing source code with Kotlin 1.2. The 1.2 plugin does not work with the current version of Gradle and so the 1.2 compiler has to be called directly.

Now with two versions of Kotlin in the code base, each module needs to have its version manually specified to ensure a clean separation. Otherwise, the default Kotlin version can override 1.2 when needed.

Some of the code was tidied-up or improved to enable it to be cross-compiled. For post-1.2 APIs being used, they have been copied into core-1.2 with the same method signatures. OpenTelemetryComponent was moved to node-api, along with the dependency, to avoid also having a 1.2 version for the opentelemetry module.
2024-01-02 17:02:20 +00:00
Arshad Mahmood
b7de1dcd23 ENT-11253 Publish sources and javadoc 2023-12-13 16:26:23 +00:00
Shams Asari
11d0054fcc
ENT-11055: Basic external verification (#7545)
* ENT-11055: Basic external verification

Introduction of the external transaction verifier, a separate JVM process for verifying `SignedTransaction`s. The end goal is for this verifier to be built with Kotlin 1.2 so that it creates a compatible verification environment for transactions with 4.11 contracts. For now however the verifier is built against Kotlin 1.8, same as the node.

External verification is enabled when the the system property `net.corda.node.verification.external` is set to `true`. When enabled, all verification requests made via `SignedTransaction.verify` are sent to the external verifier, regardless of the transaction content. It will do the vast bulk of the verification and then send the result back, namely if an exception occurred. If it did, then it's re-thrown in the node.

The external verifier is a stateless process, with no connection to the node's database. All transaction resolution information needed to create the relevant ledger transaction object are made to the node, which waits in a loop servicing these requests until it receives the result. The verifier Jar is embedded in the Corda node Jar, and is extracted and run when needed for the first time. The node opens up a local port for the verifier to communicate with, which is specified to the verifier in the process command line. This all means there is no extra configuration or deployment required to support external verification.

The existing code had some initial attempts and abstractions to support a future external verification feature. However,
they were either incorrect or didn't quite fit. One such example was `TransactionVerifierService`. It incorrectly operated on the `LedgerTransaction` level, which doesn't work since the transaction needs to be first serialised. Instead a new abstraction, `VerificationSupport` has been introduced, which represents all the operations needed to resolve and verify a `SignedTransaction`, essentially replacing `ServicesForResolution` (a lot of the changes are due to this). The external verifier implements this with a simple RPC mechanism, whilst the node needed a new (internal) `ServiceHub` abstraction, `VerifyingServiceHub`. `ServicesForResolution` hasn't been deleted since it's public API, however all classes implementing it must also implement `VerifyingServiceHub`. This is possible to do without breaking compatibility since `ServicesForResolution` is annotated with  `@DoNotImplement`.

Changes to `api-current.txt` were made due to the removal of `TransactionVerifierService`, which was clearly indicated as an internal class, and returning `TransactionBuilder.toLedgerTransactionWithContext` back to an internal method.

* Address review comments

* One bulk load states method

* Merge fix
2023-12-07 11:29:27 +00:00
Shams Asari
4cf5fe55dd
ENT-11099: Update Java compile source & target to 17 (#7594)
And removed unused `jdkClassifier` in build files.
2023-12-06 09:46:29 +00:00
Arshad Mahmood
6dd33fb8f7 Upgrade to gradle 7.6, kotlin 1.8 and jdk 17
Major changes due to JDK 17:
1. JDK17 JCE Provider now has built-in support for eddsas, corda uses
   the bouncycastle (i2p) implementation. This PR removes the conflicting
   algorithms from the built-in JCE provider.

2. JavaScript scripting has been removed from the JDK, the corda log4j config was using
   scripting to conditionally output additional diagnostic info if the MDC
   was populated. This PR has removed the scripting.

3. The artifactory plug-ins used are now deprecated, this PR has removed them
   and uses the same code as Corda 5 for publishing to artifactory.

4. Javadoc generation has been modified to use the latest dokka plug-ins.

5. Gradle 7.6 has implemented an incredibly annoying change where transitive
   dependencies are not put on the compile classpath, so that they have to be
   explicitly added as dependencies to projects.

6. Mockito has been updated, which sadly meant that quite a few source files
   have to changes to use the new (org.mockito.kotlin) package name. This makes
   this PR appear much larger than it is.

7. A number of tests have been marked as ignored to get a green, broadly they fall
   into 3 classes.

   The first is related to crypto keypair tests, it appears some logic
   in the JDK prefers to use the SunJCE implementation and we prefer to use
   bouncycastle. I believe this issue can be fixed with better test setup.

   The second group is related to our use of a method called "uncheckedCast(..)",
   the purpose of this method was to get rid of the annoying unchecked cast compiler
   warning that would otherwise exist. It looks like the Kotlin 1.9 compiler type
   inference differs and at runtime sometimes the type it infers is "Void" which causes
   an exception at runtime. The simplest solution is to use an explicit cast instead of
   unchecked cast, Corda 5 have removed unchecked cast from their codebase.

   The third class are a number of ActiveMQ tests which appear to have a memory leak somewhere.
2023-11-06 10:24:17 +00:00
Jose Coll
5c32d3dec4
ENT-11073 Checkpoint agent: update java assist version. (#7554) 2023-11-02 17:46:29 +00:00
Ronan Browne
91d2ae9364 ES-1140: Merging forward updates from 4.10 to 4.11 (2023-08-24) 2023-08-24 19:50:24 +01:00
Ronan Browne
2691ecd5fa ENT-10606: Merging forward updates from 4.9 to 4.10 (2023-08-24) 2023-08-24 16:48:04 +01:00
Ronan Browne
a104923cd6
ENT-10606: fix shell artifact resolution (#7458) 2023-08-24 16:44:35 +01:00
Shams Asari
e0e4f51ba2
ENT-10285: Remove experimental DJVM support (#7442) 2023-08-09 08:44:32 +01:00
Connel McGovern
52f2e8e2e6 ES-853: Correcting forward merge 2023-07-14 18:23:17 +01:00
Connel McGovern
b01f85fb11 Merge branch 'release/os/4.9' into connelm/merge-4.9-4.10-2023-07-14
# Conflicts:
#	build.gradle
2023-07-14 18:19:55 +01:00
Ronan Browne
befae353ac ES-853: Merging forward updates from 4.8 to 4.9 (2023-07-13) 2023-07-13 15:25:55 +01:00
Ronan Browne
6bcc843f19 ES-853: Merging forward updates from 4.7 to 4.8 (2023-07-13) 2023-07-13 07:07:17 +01:00
Ronan Browne
010a9a6c08 ES-853: Merging forward updates from 4.6 to 4.7 (2023-07-12) 2023-07-12 20:02:32 +01:00
Ronan Browne
b410cd2a5d
ES-853: update Artifactory refrences to new public location (#7416)
* ES-853: update artifactory references to new public location
2023-07-12 17:36:57 +01:00
Chris Cochrane
e100bee4f1
ENT-10076,ENT-10080 - Security Vulnerabilities (#7405)
* Updated dependencies

* Address compiler checks
2023-06-28 13:20:58 +01:00
Chris Cochrane
d02f6ff68c
ENT-10048,ENT-10050 - Security vulnerabilities (#7397)
* Updated netty and tcnative
2023-06-27 13:29:28 +01:00
Chris Cochrane
89b2deebe3
Upgraded tcnative, for nett (previous commit) 2023-06-15 16:56:42 +01:00
Chris Cochrane
40f928da50
Upgrade netty 2023-06-15 14:35:49 +01:00
Chris Cochrane
0ba1cef49d
Bumped up Jackson; removed unwanted gradle task 2023-04-27 17:00:08 +01:00
Chris Cochrane
2f53e8115f
Fwd-merge from OS 4.9 2023-04-27 16:45:16 +01:00
Chris Cochrane
c61ea7de81
Fixed bracketing issue after merge 2023-04-27 02:44:30 +01:00
Chris Cochrane
34d4a5f667
Fwd-merge from OS 4.8 2023-04-26 22:54:20 +01:00
Chris Cochrane
e12ab8194f
Merge branch 'release/os/4.7' into cc/merge/os-4.7-os-4.8/25-apr-2023
Fwd-merge from OS 4.7.
2023-04-25 14:54:21 +01:00
Chris Cochrane
91c38fa84b
Merge branch 'release/os/4.6' into cc/merge/os-4.6-os-4.7/24-apr-2023
Fwd-merge from OS 4.6.
2023-04-24 20:13:50 +01:00
Chris Cochrane
fc758ab766
Update build.gradle
Co-authored-by: Viktor Kolomeyko <viktor.kolomeyko@r3.com>
2023-04-20 17:14:23 +01:00
Chris Cochrane
c58c49d27a
Upgrade corda/crash, snakeyaml 2023-04-20 14:01:20 +01:00
Chris Cochrane
641a47bf32
Upgraded shiro to address security issues 2023-04-20 07:37:00 +01:00
Chris Cochrane
c263ba7563
Updated to fix Jackson tests 2023-04-19 13:06:35 +01:00
Chris Cochrane
dfbfda5520
Upgrade corda/crash 2023-04-18 19:30:22 +01:00
Chris Cochrane
95c4a18352
ENT-6336,ENT-6960 - upgrade snakeyaml to address security vulnerabilities 2023-04-06 19:14:30 +01:00
Adel El-Beik
e46b7bdd5a
ENT-6893: Added interface for clients to grab openetelemetry handle. (#7264)
* ENT-6893: Added interface for clients to grab openetelemetry handle.

* ENT-6893: Make detekt happy.

* ENT-6893: Fix warnings.

* ENT-6893: Make detekt happy.

* ENT-6893: Now shutdown opentelemetry when node stops or client is closed.

* ENT-6893: OpenTelemetryDriver is not not a singleton.
2022-11-24 13:34:08 +00:00
Adel El-Beik
7a133f687c
ENT-6893: First cut of telemetry integration. (#7247)
First cut of telemetry integration.

Open telemetry can be enabled in two ways, first is via an opentelemetry java agent specified on the command line. With this way you get the advantage of spans created from other libraries, like hibernate. The java agent does byte code rewriting to insert spans.
The second way is with the open telemetry driver (that links with the opentelemetry sdk). This is a fat jar provided with this project and needs to go into the node drivers directory.
2022-10-28 14:41:39 +01:00
Chris Cochrane
0997b49b24
Upgraded shiro and commons-text to address security issues 2022-10-19 10:48:27 +01:00
Chris Cochrane
64d31d3fb3
Upgraded shiro and apache commons-text, to address security issues. 2022-10-17 17:44:32 +01:00
Chris Cochrane
0ab4ac94c8
ENT-6903 - address security issues reported by Snyk (#7244)
ENT-6903: Update versions of BC, Shiro, Netty okhttp
Also updated platform version to 12.
2022-09-30 17:49:21 +01:00
Chris Cochrane
877e00f8d3
Fwd-merge from OS-4.9 2022-08-01 13:00:57 +01:00
Chris Cochrane
878f0bba8b
ENT-6885: Added build option to specify the version of Apache commons-configuration2 (#7224)
Added a build.gradle option to specify the version of Apache commons-configuration2 to build with, overriding whatever version is pulled in by Artemis Server.
This is to address Nexus security vulnerability reported for Apache commons-configuration2 v2.7.

This change was previously applied in Ent-4.9 and was shown to remove the critical security issues reported by Nexus. See [PR-4652](https://github.com/corda/enterprise/pull/4562) for more info about that.

The Corda jar was built locally and then scrutinised, revealing that it had Apache commons-configuration2 v2.8.0 included within.
2022-07-29 17:33:13 +01:00
Adel El-Beik
ffc843b64d
ENT-6882: Upgraded shiro-core to 1.9.1. (#7217) 2022-07-13 14:40:55 +01:00
Adel El-Beik
c23e8b49d4 ENT-6847: Updated shiro and netty version. 2022-06-30 12:15:31 +01:00
Waldemar Zurowski
ec14f9ccba NOTICK: Merging forward updates from OS 4.7 to OS 4.8 (2022-05-26) 2022-05-26 14:13:33 +02:00
Waldemar Zurowski
0336c938a6 NOTICK: Merging forward updates from OS 4.6 to OS 4.7 (2022-05-25)
Conflicts:
* .ci/dev/regression/Jenkinsfile
*
core/src/main/kotlin/net/corda/core/internal/PlatformVersionSwitches.kt
2022-05-25 19:07:45 +02:00
Waldemar Zurowski
ef76ae0973 NOTICK: Merging forward updates from OS 4.5 to OS 4.6 (2022-05-25)
Conflicts:
*
client/rpc/src/integration-test/kotlin/net/corda/client/rpcreconnect/CordaRPCClientReconnectionTest.kt
*
client/rpc/src/main/kotlin/net/corda/client/rpc/internal/ReconnectingCordaRPCOps.kt
* constants.properties
* gradle/wrapper/gradle-wrapper.properties
* tools/shell/src/main/kotlin/net/corda/tools/shell/InteractiveShell.kt
2022-05-25 10:14:38 +02:00
Adel El-Beik
81348de000 ENT-6802: Upgrade Jackson to 2.13.3 2022-05-24 20:02:15 +01:00
Viktor Kolomeyko
355411b195 Merge remote-tracking branch 'origin/release/os/4.9' into vkolomeyko/cc4.9-cc4.10-merge
# Conflicts:
#	.ci/dev/regression/Jenkinsfile
#	build.gradle
2022-05-18 15:27:44 +01:00