Commit Graph

1390 Commits

Author SHA1 Message Date
igor nitto
da38e6f673
Configurable authorization/authentication data sources [CORDA-827] (#2145)
* Add support for external data source of access control data (RPC/Shell users credential and permissions), with optional in-memory caching.
* Support password encoded with Apache Shiro fully reversible Modular Crypt Format.
* Introduce 'security' field in Node configuration and related docsite page.
2017-12-11 08:39:09 +00:00
igor nitto
991c59e753
Stop granting NODE_USER full RPC permissions (#2098) 2017-12-08 18:03:57 +00:00
Patrick Kuo
92efd82fab
Fix broken test (#2218) 2017-12-08 17:27:23 +00:00
josecoll
4762569200
CORDA-822 - JMX Jolokia instrumentation (#2197)
* JMX Jolokia instrumentation WIP (driverDSL, webserver, cordformation, hibernate statistics, access policy config file hardening)

* Cordformation changes to support jolokia agent instrumentation at JVM startup.

* Minor updates to reflect usage of Jolokia 1.3.7 (which uses slightly different .war naming)

* Use relative path reference in -javaagent to prevent problem with long path names with spaces.

* Fixed incorrect regex pattern and added assertion to test.

* Enable JMX monitoring.

* Reporting of Hibernate JMX statistics is configurable (by default, only switched on in devMode)

* Make Artemis JMX enablement configurable.

* Re-instate banning of java serialization.

* Improve JUnit.

* Fixes following rebase from master.

* Re-instated correct regex for picking up Jolokia agent jar.

* Fixed broken integration test.

* Updated documentation

* Updated following PR review feedback.

* Fixed compilation error caused by change in DriverDSL argument type.

* Fixed compilation error caused by change in DriverDSL argument type.

* Fail fast if jolokia-agent-jvm.jar is not located.

* Applied changes in cordformation following review feedback from CA.
2017-12-08 16:27:12 +00:00
Patrick Kuo
9b097aa988
CORDA-819 Add checks to ensure TLS and Client CA cert chains to the same trusted root (#2149)
* testnet bad node info bug fix

* address PR issues

* fix PR issues

* remove TODO for checking validation logic
2017-12-08 14:35:49 +00:00
Alberto Arri
7c5a328cc1
Create a single NodeInfo (#2174) 2017-12-08 14:16:06 +00:00
Ross Nicoll
e6adbe7137
CORDA-831: Add confidential identity certificate type (#2198)
* Rename certificate types
* Create separate certificate type for confidential identities
* Add name constraints to dev node CA
* Move dev node CA into getTestPartyAndCertificate()
2017-12-08 13:17:29 +00:00
Andrzej Cichocki
32ea59d085
Inline some DUMMY constants. (#2200) 2017-12-08 10:45:22 +00:00
Ross Nicoll
ce859178eb
Correct identities passed to generateSpend (#2199)
Pass well known identities instead of confidential into `generateSpend()`
2017-12-07 18:12:25 +00:00
Andrzej Cichocki
c36bea3af5
CORDA-654 MockServices no longer has hard-coded identities (#2192)
* Resurrect a test
* Fix a broken test
* Pass in the initial identity
* Make IdentityService easier to mock
2017-12-07 11:55:18 +00:00
Alberto Arri
eb3b816d90
Rename NetworkisRegistrationHelperTest to NetworkRegistrationHelperTest (#2185) 2017-12-06 14:36:09 +00:00
Shams Asari
8461837f1a Cleaned up Driver.kt so that only the relevant bits are exposed as public API 2017-12-05 23:52:15 +00:00
Andrzej Cichocki
b0ebf3d7e0
CORDA-654 Various MockServices refactorings (#2167)
* Remove MockServices.stateMachineRecordedTransactionMapping which does nothing
* Inline StateLoaderImpl
* Remove unused MockServices
* MockServices well-known identities not needed in a place
* A few things don't need a full-blown ServiceHub
2017-12-05 16:22:53 +00:00
Andrzej Cichocki
e4d76204c1
Pass some key constants into MockServices. (#2173) 2017-12-05 14:50:56 +00:00
Alberto Arri
b6427a3128
remove calls to exitnodes from NodeStartup (#2080) 2017-12-04 15:44:18 +00:00
Andrzej Cichocki
d2f66acff7
Use non-static Rx pool when testing. (#2165) 2017-12-04 12:41:43 +00:00
Shams Asari
5264072752 Renamed n.c.nodeapi.config to n.c.nodeapi.internal.config as that config code is not public API. For the same reason, also moved User into the same internal package. 2017-12-03 17:20:30 +00:00
Andrzej Cichocki
15f677a2fb
Make rigorousMock callRealMethod by default for concrete methods. (#2159) 2017-12-01 10:10:27 +00:00
Andrzej Cichocki
10e686bc82
Inline DriverConstants. (#2156) 2017-11-30 16:28:58 +00:00
Andrzej Cichocki
a314a6a125
CORDA-654 Simplify TransactionDSL API (#2152) 2017-11-30 16:28:44 +00:00
igor nitto
0db7dce985
Dynamic registration of RPC users security roles in ArtemisMessagingS… (#2140)
Dynamic registration of RPC users security roles in ArtemisMessagingServer [ENT-1000]
2017-11-30 15:06:53 +00:00
Shams Asari
286ff65e60
Merge pull request #2147 from corda/shams-doorman-node-persistence-deps
Moved CordaPersistence and dependent classes into internal package in…
2017-11-29 17:51:35 +00:00
Andrzej Cichocki
3c31fdf31d
CORDA-806 Remove initialiseSerialization from rpcDriver (#2084)
and fix a leak or two
2017-11-29 17:42:39 +00:00
Shams Asari
b638b30d2a Moved CordaPersistence and dependent classes into internal package in node-api. This is so that the doorman can make use of them without needing a compile dependency to node. 2017-11-29 17:14:05 +00:00
Shams Asari
5c53a91785 Overhaul of the Bank of Corda demo to fix two problems it had:
1. The runRPCCashIssue and runWebCashIssue gradle tasks didn't work because they were using the wrong ports
2. Notary lookup was failing because the lookup name didn't include the correct CN for the notary name (this slipped through when reverting the network parameters)

The ports change occurred in #1922 which was attempting the fix the runIssuer gradle task. This is actually a misleading and redundant task as all it does is start up the nodes, which is what the documented deployNodes already does. The ports runIssuer allocated to the nodes were different to the ones specified in deployNodes.

To make sure we have integration tests which closely match deployNodes, the BoC demo has been updated to make use of CordformDefinition. This keeps the node definitions in one place, removing the need to have disparate files in sync. runIssuer has been removed.
2017-11-29 14:48:05 +00:00
Andrzej Cichocki
b45d9e957b
CORDA-654 Pass key constants into VaultFiller (#2118) 2017-11-29 12:51:01 +00:00
Andrzej Cichocki
dbe2dca7b9
CORDA-654 Make VaultFiller a class so I can change its hardcoded bits (#2141) 2017-11-29 09:49:34 +00:00
Michele Sollecito
cb1fa2e017
Corda now works with H2 without the need to allow Hibernate to create the database automatically. (#2124)
[CORDA-815]: Corda now instructs Hibernate to either adjust or validate the schema based on `devMode` property.

Also renamed property `database.initDatabase` to `database.createSchemaAutomatically`.

* [CORDA-815]: Renamed database.initDatabase to database.adjustSchemas.

* Code review changes: removed property `database.initDatabase` altogether.

* Code review changes: removed property `database.initDatabase` altogether.

* Code review changes: removed property `database.initDatabase` altogether.

* Code review changes: removed property `database.initDatabase` altogether.
2017-11-28 17:33:02 +00:00
Andrzej Cichocki
ff9e7474b1
CORDA-654 Make MOCK_IDENTITIES less special (#2114)
* Make rigorousMock usable from Java
* Show args in mock failure message
2017-11-28 11:35:59 +00:00
bpaunescu
614779d4ec
ENT-1128 fix node restarts when using AzureSQLServer (#2139) 2017-11-28 10:32:30 +00:00
Andrzej Cichocki
4bd6fef0f9
StateMachineManager is no longer lateinit. (#2123) 2017-11-27 17:55:08 +00:00
Shams Asari
4ca54b73fe Added tests to make sure the platform version is correctly available 2017-11-27 17:04:19 +00:00
Shams Asari
2ceb6283af Moved X509Utilities, and some other crypto utilities in node, into node-api so that they can be used by services outside of the node.
There's also some cleanup as well.
2017-11-27 15:49:33 +00:00
Shams Asari
1705df4d1f Made the database config option typesafe, rather than relying on String properties 2017-11-27 13:51:53 +00:00
Andrzej Cichocki
449155cea3
IdentityService is no longer obtained lazily. (#2130) 2017-11-27 12:34:33 +00:00
Maksymilian Pawlak
ce9b6c1f18
CORDA-311-post PR merged fixes (#2106)
* SSH server integration
2017-11-23 16:34:57 +00:00
Konstantinos Chalkias
502d0df630
Mutual TLS auth - mixed RSA and ECDSA keys (#2095) 2017-11-23 16:07:08 +00:00
Andrzej Cichocki
288eb5fcc4
CORDA-716 Call stop on InMemoryMessagingNetwork (#2077)
* Inline code used by only 1 test
* Remove superfluous interface
* Warnings crusade
* Inline Builder, remove unused method
* Remove stop from interface
* Register stops up-front
2017-11-21 12:49:21 +00:00
bpaunescu
15dbbb2de9
remove NodeState and nodeStateObservable remnants (#2102) 2017-11-21 12:03:51 +00:00
szymonsztuka
ad9f335dde
Consistent database columns naming convention. (#2097) 2017-11-21 09:57:38 +00:00
bpaunescu
c467a056ae
Revert CORDA-296: added rpc that returns an observable for node state (#2091)
* Revert "CORDA-296: added rpc that returns an observable for node state (#2004)"

This reverts commit 7d1f7ab

* Revert "CORDA-296: added rpc that returns an observable for node state (#2004)"

This reverts commit 7d1f7ab
2017-11-21 09:52:17 +00:00
Maksymilian Pawlak
e63b6d1386
CORDA-311 Shell via SSH server (#2087)
* SSH server integration
2017-11-20 17:41:38 +00:00
Rick Parker
6a2c170b82
Additional index to vault_states table to stop a table scan. (#2093) 2017-11-20 16:49:17 +00:00
Richard Green
d84e9aab7b Added exception if same attachment uploaded. Added test 2017-11-20 16:41:41 +00:00
Andrzej Cichocki
f26aa33553
Introduce contextLogger (#2085)
* Revert with comment, probably lazy for a reason.
2017-11-20 11:31:08 +00:00
Alberto Arri
273965f17a
remove cordacon code (#2082) 2017-11-20 11:24:19 +00:00
Mike Hearn
49cdad58c7 Minor: Add a brief comment to the RPC role setup code that explains the security justification for it. 2017-11-20 11:54:23 +01:00
Andrzej Cichocki
55e4688cc5
CORDA-787 Split NodeMessagingClient into 3 (#2063) 2017-11-20 10:33:13 +00:00
Ross Nicoll
8e7165db41
CORDA-759: Enforce key checks on identity de-anonymisation (#1993)
Previously when de-anonymising a Party instance, the name of the Party was used rather than
the key, meaning a Party could be constructed with a random nonsense key and any name, and be treated as corresponding to the well known identity. This is not a security hole in itself as
in any real scenario a party shouldn't be trusted without having been registered, it creates
a significant risk of a security hole depending on how trusted the anonymous identity is, and
the returned identity is considered.
2017-11-17 18:13:35 +00:00
Ross Nicoll
1f98293377
Stabilise NodeStatePersistenceTests (#2079)
Pass notary identity into flow in `NodeStatePersistenceTests` rather than resolving it from the network map cache, which avoids a race condition between the flow starting and the notary registration being sent to the cache.
2017-11-17 18:13:10 +00:00