* CORDA-2115: Notary whitelist verification changes
- For regular and contract upgrade transactions: check that the notary is in the network parameter whitelist
- For notary change transactions: check the the new notary is in the network parameter whitelist. This enabled support for network merging: the old notary doesn't have to be in the current network's notary whitelist for re-pointing old states to another notary.
These checks are done during transaction construction/verification and also by the non-validating notary.
* Address comments
* Remove stale todo
* Use notary whitelist of current network parameters for platform versoin 3
* Cleanup test
* Move `getHistoricNotary` to `HistoricNetworkParameterStorage` in `core.internal`
* Require `newNotary` to be notary on the network map during notary change
* [CORDA-2278]: Seems to be working. Leaving the test to ensure no future regressions.
* [CORDA-2278]: Seems to be working. Leaving the test to ensure no future regressions.
* [CORDA-2278]: Seems to be working. Leaving the test to ensure no future regressions.
* [CORDA-2278]: Seems to be working. Leaving the test to ensure no future regressions.
* Replace error code generation technique with custom event re-writer.
Switch to RandomAccessFile appenders because they supposedly give higher throughput.
* Review feedback
* ENT-2610: Separate passwords for store and for private keys in Corda OS.
When it comes to KeyStores there are *2* passwords: 1 for the keyStore as a whole and separately there is one private keys within this keyStore.
Unfortunately, those 2 passwords have to be the same due to Artemis limitation, for more details please see:
`org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory`
where it is calling `KeyManagerFactory.init()` with store password.
Before change in this PR, throughout our codebase there are multiple places where we assume that storePassword is the same as keyPassword, even in the classes that have nothing to do with Artemis.
This is of course less than ideal as TLS communication may be used not only for Artemis connectivity (e.g. Bridge/Float interaction in Ent) and it is unfair to impose same passwords constraint on that communication channel.
Therefore this PR is removing this limitation and properly separating storePassword from keyPassword.
Linked Jira(https://r3-cev.atlassian.net/browse/ENT-2610) has for more background info.
Suggest to start review from `net.corda.core.crypto.X509NameConstraintsTest` to get an idea about the nature of the changes made.
* ENT-2610: Address PR input from @kchalkias
* ENT-2610: Address PR input from @kchalkias, s/privateKeyPassword/entryPassword/
* ENT-2610: Address PR input from @kchalkias, s/keyPassword/entryPassword/
In the implementation of `CertificateStoreSupplier`
* CORDA-866: Implement removal of stale nodes from network
Backported
* Implement removal of stale nodes from network
Add eventHorizon to NetworkParameters structure. Add republishing of
node info on 1 day intervals - it is treated by network map as heartbeat from node indicating if it's alive or not. Add removal of old node infos on network map signing.
* Add copy method to NetworkParameters data class
Add JvmOverloads annotation to the constructor, because it's data class
exposed in API
* Fix test
- Existing embedded Shell connects via RPC including checking RPC user credentials (before was a direct use of CordaRPCOps): in dev mode when console terminal is enabled, node created `shell` user.
- New Standalone Shell app with the same functionalities as Shell: connects to a node via RPC Client, can use SSL and run SSH server.
* wire up and enforce max transaction size
* fixup after rebase
moved network parameter from AbstractNode to NodeProperties
* removed TODO
* fix broken import
* address PR issues
* remove API breaking change
address PR issue
* added max transaction size to driver and mock network.
address PR issues
* fix failing test
* added TODO
* fix verifier test
* fix spring driver build error
* Network parameters updates
Add two RPC methods networkParametersFeed and
acceptNewNetworkParameters. Implementation of client handling of network
parameters update event. Partial implementation of accepting new
parameters and installing them on the node as well as node startup with
updated parameters.
Move reading of network parameters on startup to separate
NetworkParametersReader class. Add tests.
Move NetworkParameters and NotaryInfo classes to core.
* Ignore evolvability test - to be fixed later
* Add documentation on update process
Copying of the node-info files moved out of Cordform and into NetworkParametersGenerator (which is now called NetworkBootstrapper). This class becomes an external tool to enable deployment of nodes in a test setup on a single filesystem.
* Take maximum message size from network parameters
* Add epoch handling
* Add handling of network parameters mismatch
Change NetworkMapClient and updater, add handle in
AbstractNode that results in node shutdown on parameters mismatch. Later
on we should implement proper handling of parameters updates.
Add tests of NetworkParameters wiring.
When node starts with compatibilityZone url configured it takes
networkParameters from the networkMap.
* Permit only one network parameters file
On node startup network parameters are read from node's base directory,
we permit only zero or one files to be there. If network map server is
configured the parameters can be downloaded at startup (if not present
in the directory already).
* Update docs on network map endpoints
* Generate networkParameteres for Cordformation.
Fix deployNodes task in Cordformation to generate NetworkParameters before running the nodes.
Add TestNetworkParametersGenerator utility loaded after node infos generation step.
* Get rid of bouncy castle provider dependency
For cordform-common. It caused problems with loading our custom
X509EdDSAEngine for generation of network parameters in deployNodes
task.
* new network map object for network map, and verify signature and root in Signed network map and node info
* fixup after rebase
* * added certificate and key to network map server
* move DigitalSignature.WithCert back to NetworkMap.kt, as its breaking API test, will raise another PR to move it back.
* Make DigitalSignature.WithCert not extend WithKey, as per PR discussion.
* various fixes after rebase.
* move Network map back to core/node, as its breaking API test
* revert unintended changes
* move network map objects to node-api
network-parameters file read in by the node at startup, of which only the list of notaries is used. For now, the driver and MockNetwork have been updated to require notaries to be started first. This is so that the same set of network parameters can be defined for all the nodes.
CN in the legal name is not longer disallowed since it's no longer reserved for distributed notary names.
Single-node notaries now only have one identity, their main identity. Nodes part of a cluster continue to have two.
(Based off Kasia's work)