Force certificate keys into a well known key format before comparing during path validation.
This works around Sun's X509Key class appearing in certificates, which is incomparable to other
key types (i.e. EdDSAKey).
* The fancy classloader setup in Cordform.loadCordformDefinition is defeated by certificates in 2 ways
** Class cast when creating a cert (via TestConstants) in a CordformDefinition
** Some issue when persisting a cert in ServiceIdentityGenerator
* This PR is a quickfix to get the demos working again
* Proper fix (not this PR) is to work out why it's not enough for eddsa to be in the project runtime classpath - if it can be removed from the gradle environment that ought to properly fix the above problems
Use the certificate factory directly to build paths rather than assembling them via an interim
API call. After reducing the complexity of the utility API, it's replacing two lines of code,
at which point it seems better to make the behaviour clearer rather than having a function
hide what's actually going on.
* Unify certificate path validation in identity service
* Ensure we won't accept trust root or intermediaries as owner of a transaction certificate
* Fix subject key parsing
Add extremely rough DER format encoding for CompositeKey so that they can be used in X.509 certificates,
and switch service identity generator to using the proper identity cert for signing.
* Fix BFT config that only worked with clusters of size 4
* Shutdown BFT properly so that tests can run back to back in theory
* Wait for initial connection between client and all replicas before touching it
* Add test for non-trivial BFT cluster
* Shutdown NodeBasedTest nodes in parallel, as BFT shutdown time is non-trivial
* Overlapping ports check no longer assumes all on localhost
* Fix overlapping ports test to actually check the messages
* Correct path composition in identity service tests
* Correct identity service certificate path verification to handle the owning certificate being anywhere in the path, rather than expecting it to be trust root
* Remove unused type param
* If we drop Runnable we can use conciser syntax
* Sometimes we need the fully-fledged object, so retire separate handle class
* Implement IntelliJ suggestion
Matching can be done with case insensitive substrings in the identity service, RPC and shell. In future cleverer matching should be possible, e.g. using Lucene or RDBMS free text search features.
Fixed issue where Corda services installed in unit tests were not being marked as serialise as singleton. Also the driver now automatically picks up the scanning annotations. This required moving the NodeFactory used in smoke tests into a separate module.
* Increase max network map request size so the notary can register
* Suppress oracle service installation errors in non-oracle nodes
* Make demos automatically build capsule jars
Change PartyAndCertificate to an aggregate class instead of a subclass of Party. This reduces the changes compared to M11, as well as avoiding risk of accidental serialization of a PartyAndCertificate (which may be very large) where a Party is expected.
Cleaned up initial nodes known to the identity service, in particular mock nodes now know about themselves; previously full nodes registered themselves but mock nodes did not.
* Specifically, DriverTests and WebserverDriverTests
* RPCDriver.startRpcBroker now waits for port to be unbound, as was probably intended
* Explicitly drop network map future while ensuring the error is logged
* Fix bug in demobench. Explorer didn't show correctly location of a node.
There was no nearestCity override in config.
* Remove nearestCity from node configuration. Now information about the location is always taken from
node's legal name. If not present - exception on node startup.
* Add X500Name.locationOrNull that soft fails when location is not in X500 name. Address PR comments.
* Remove unused imports.
* Construct standard flows using PartyAndCertificate, and add support for launching
flows that are constructed with PartyAndCertificate or just Party.
* Store PartyAndCertificate in network map service
* Expand identity service to store certificates along with all identities.
This removes the need to do manual registration using the PluginServiceHub. As a result CordaPluginRegistry.servicePlugins is no longer needed. For oracles and services there is a CorDappService annotation.
I've also fixed the InitiatingFlow annotation such that client flows can be customised (sub-typed) without it breaking the flow sessions.
Replace X509Certificate with X509CertificateHolder for consistency in implementation of how X.509 certificates
are managed. Using the Java standard class entails the actual implementing class being one of several options
depending how a certificate is built, which makes serialization/deserialization with Kryo inconsistent as some
of these forms cannot be directly built from outside restricted classes.
* De-anonymise parties in AbstractStateReplacementFlow flows
* Convert transaction key negotiation to a subflow instead of utility functions
* Add serialization support for CertPath
* Restructure cash flows so that a counterparty flow can be added later
* Rename raft-notary-demo project to notary-demo
* Refactor serialisation filtering to allow BFT SMaRt to work, it no longer relies on the jdk.serialFilter system property
* In NodeBasedTest remove whitespace in node directory names for consistency with cordform and driver
Remove mock identity service and merge it with the in memory identity service. The two services
provide extremely similar functionality, and having two different version for production/test
risks subtle implementation differences. On that note, this patch includes changes to a number
of tests which worked only with mock identity service.
Fixup after rebase
Restore original key property names
Fixup after rebase
Undo extra import that IntelliJ keeps erroneously adding.
Add comments and fix docs for transaction signing.
Fixes after rebase
More fixes after rebase
Address PR requests
Address PR requests
* Raft notary demo now defined in one place that both IntelliJ/driver and gradle/runnodes can run
* New module cordform-common for code common to cordformation and corda
* Add single notary demo
Switch to using AbstractParty as the standard identifier for parties in
states, so that full parties can be used during construction of
transactions and anonymised parties when the transaction is being added
to the ledger.
* Fix: Add missing @StartableByRPC to fix the Raft notary demo
* Make loadConfig take a Config object, for cordformation Node
* Unduplicate User.toMap
* Unduplicate WHITESPACE regex, choose possessive form
* Use slash to make a Path
* Remove Companion where redundant
* Remove unused code
* If the p2pAddress provided by the configuration is not public, the node tries to discover the public IP:
- First by checking the network interfaces
- If not found, sends a request to the network map service
* Enable initial connection retry
* Improve error handling
* Update docs
Specifically, make the IDE/driver and gradle/NodeRunner methods of launching the demo behave more similarly, with a view to configuring them the same way.
* Add option to driver to nominate a node as network map, so that the driver-based demo doesn't run an additional node
* Change gradle ports to match those chosen by driver
Add functionality for generating certificate paths from identity
certificates to transaction certificates, validating, storing and
retrieving those certificate paths.
Move AbstractParty, AnonymousParty and Party into a new net.corda.core.identity package,
as they're not really cryptography tools, and in preparation for further code coming in
for identity.
Optimize imports on many files to clean up the resulting refactor.
Mark several functions in X509Utilities as @JvmStatic so they're readily accessible from Java.
Add functions for modifying common name of an X.500 name, either direct replacement or adding a postfix.
This removes the need for the shareParentSessions parameter of FlowLogic.subFlow. It also has the flow's version number so FlowVersion is now no longer needed.
Change the legal name of parties to be an X500 name. This ensures that we aren't converting between
common names and X500 names in various places, eliminating substantial scope for error in the conversion
process. As a result, all node names must now be full X500 names, which has impact on most configurations.
* Added queryBy(QueryCriteria) Vault API and Junit tests.
* Minor fix following rebase.
* Spit out Vault Query tests into separate source file.
* WIP
* Enable composition of QueryCriteria specifications.
Additional JUnit test cases to validate API.
* Added Deprecating annotations.
Added QueryCriteria for set of contractStateTypes
* Minor tweaks and additional JUnit test cases (chain of linear id)
* Added Java Junit tests and QueryCriteria builder support.
* Added API documentation (including coding snippets and examples).
* Added @JvmOverloads to QueryCriteria classes for easy of use from Java.
* Refactored QueryCriteria API to use composition via sealed data classes.
* Enable infix notation.
* Fixed typo.
* Clarified future work to enforce DB level permissioning.
* Moved PageSpec and Order from QueryCriteria to become parameters of Query itself.
* Moved PageSpec and Order from QueryCriteria to become parameters of Query itself.
* TokenType now specified as set of <Class> (was non extensible enum).
* Exposed new Vault Query API functions via RPC.
* Fixed compiler error in java test.
* Addressed a couple of minor PR review scomments from MH.
* Major updates following PR discussion and recommendations.
* All pagination and sorting arguments are optional (and constructed with sensible defaults).
Added Java helper functions for queryBy and trackBy interfaces.
Added Java trackBy unit tests.
Miscellaneous cleanup.
* Added Generic Index schema mapping and query support.
* Query criteria referencing Party now references a String (until Identity framework built out).
Added participants attribute to general query criteria.
* Fleshed our IndexCriteria including PR recommendation to define column aliases for index mappings.
* Removed all directly exposed API dependencies on requery.
* Updated documentation.
* Provide sensible defaults for all Query arguments.
Add RPC Java helpers and increase range of Vault Service helpers.
* Further improvements (upgrading notes) and updates to documentation.
* RST documentation updates.
* Updates to address RP latest set of review comments.
* Updates to address MH latest set of review comments.
* Updated to highlight use of VaultIndexQueryCriteria to directly reference a JPA-annotated entity (versus the indirect, explicitly mapped attribute to GenericIndexSchema approach)
* Aesthetic updates requested by MH
* Reverted Indexing approach: removed all references to VaultIndexedQueryCriteria and GenericVaultIndexSchemaV1 scheme.
* Final clean-up and minor updates prior to merge.
* Fixed compiler warnings (except deprecation warnings)
* Reverted all changes to Vault Schemas (except simple illustrative VaultLinearState used in VaultQueryTests)
* Reverted all changes to Vault Schemas (except simple illustrative VaultLinearState used in VaultQueryTests)
* Commented out @Deprecated annotations (as a hedge against us releasing M12 with the work half-done)
* Renamed RPC JavaHelper functions as RPCDispatcher does not allow more than one method with same name.
This is an intermediary step to introducing X500Names in all Party instances, which adds:
* Party constructor which accepts X500Name and then converts it to string.
* startNode() function which takes in X500Name instead of String
* Numerous legal name fixes to use full distinguished names
Core flows, which are baked into the platform, are also versioned using the platform version of the node. Several core flows, such as the data vending ones, which were provided via plugins are now instead baked into the node.
BFTNotaryServiceTests generates a master node independently of the cluster nodes, so it can put it
at the end of the list of nodes. The calling function however treats the first node in the list as
the master, not the last node. This simplifies the code while maintaining the same behaviour.
* Add information on why state machine was removed from StateMachineManager.
There are two cases: normal end of flow or error.
Return flow result as part of state machine remove data.
Make Change a sealed class with Add and Remove.
fiber.actionOnEnd takes ErrorOr<R> parameter.
* Remove unnecessary fields from StateMachineManager.Change.
* Add information on who started flow on a node with name where possible.
Add sealed class holding information on different ways of starting a flow: RPC, peer, shell, scheduled.
* Remove invokeFlowAsync from ServiceHub, move it to ServiceHubInternal.
We shouldn't be able to start new state machines from inside flows.
Move functions for generating transactions into OnLedgerAsset from various locations in
the code (VaultService, AbstractConserveAmount, etc.) to unify the code paths and reduce
duplication.
* Remove progress Observable from FlowHandle, unless explicitly requested.
* Refactor FlowHandle creation into FlowStateMachine.
* Prevent server-side queue subscription for dummy Observable.
* Refactor so that RPC client does not receive any unused progress Observables. This is the simplest way of ensuring we have no dangling "hot" Observables when the RPC client closes.
* Test flow has correct handle.
* Resolve some compiler warnings.
* Document how starting a flow does not involve progress tracking by default.
* Update changelog and release notes for RPC API.
* Rename new RPC API to startTrackedFlow().
* Remove optimisation because of its affect on the client-side.
* Update documentation.
This introduces new functions for fetching parties by their X.500 name, Kryo serialization support for X500Name objects, an X500Name generator and some X509 utility support in preparation for full X.500 name support.
Add CompositeSignature and CompositeSignatureWithKeys classes as part of preliminary work to make CompositeKey signature validation compatible with java.security classes, so that these keys and signatures can be used readily in X.509 certificates.
Standaridise the identity names of Alice, Bob and Charlie, notary, map service, etc. in order
to ensure consistency across the code base and reduce number of places that have to be changed
to introduce proper X.500 names.
Move Alice, Bob & Charlie identities into the utilities package so they can be used in demos
* Make CompositeKey implement PublicKey
The initial implementation of composite keys as their own distinct class separate from PublicKey
means that the keys cannot be used on standard classes such as Certificate. This work is a beginning
to modifying CompositeKey to being a PublicKey implementation, although significant further work
is required to integrate this properly with the standard Java APIs, especially around verifying
signatures using the new key type.
* First stage of making CompositeKey implement PublicKey interface. Revert to using PublicKey everywhere we expect a key.
* Move algorithm and format into companion object (#432)
Move algorithm and format into companion object so that they can be referenced from other
classes (i.e. the upcoming signature class).
* Add simple invariants to construction of CompositeKey.
Builder emits CompositeKeys in simplified normalised form. Forbid keys with single child node, force ordering on children and forbid duplicates on the same level. It's not full semantical normalisation.
* Make constructor of CompositeKey private, move NodeWeight inside the class.
Add utility function for Kryo deserialization to read list with length constraints.
Add tests for CashIssueFlow, CashPaymentFlow and CashExitFlow. While these were mostly covered by other tests
already, CashExistFlow was not, and any bugs would be harder to identify because they are mixed in with other
functionality (i.e. vault tests)
* Fixed bug whereby Cash Exit was not taking into account the issuer reference.
Added additional JUnit tests for coin selection by issuer.
Added some trace logging in AbstractConserveAmount.
* PR review: added additional state with 3rd issuer reference in test.
Clarify exceptions thrown from loading a key store as a general cleanup. Also tightens the
exceptions caught when loading key stores from AbstractNode, so in case of an unexpected error
we don't silently drop the exception.
This eliminates JIT java compilation and the consequent need for
tools.jar (which doesn't get shipped in DemoBench). It also makes
development more pleasant by avoiding weird IDE integration issues
that came from having java-in-resources.
* Reduce warning and info messages in node log files (Artemis)
Add an additional lof message for conflicting states identified by the Notary.
* Upgraded severity of user login message from trace to debug.
* Suppress Artemis log4j WARNING's for core.server.checkDeadLetterAddressAndExpiryAddress
* Test SELECT WHERE IN composite key using requery 1.2.0
Upgraded Vault Service code to use Requery 1.2.0 SELECT .. WHERE IN
Updated generated schema code with Requery 1.2.0
Upgrade to Requery 1.2.1
Upgrade to Requery 1.2.1 - converted to use update DSL with composite key
Removed redundant JDBC SQL test cases.
Minor updates following PR review comments from RP.
* Streamline companion object initialisation.
* Display Corda node legal name in JVisualVM Console for MockNode testing.
* Removed dash in displayed corda node name.
* Reinstated the dash in displayed corda node name (as JVisualVM does not parse the space correctly)
Fix broken IssuerFlowTest
Fix IssuerFlowTests after rebase.
Resolve conflicts after rebase.
Soft locking converted to use persistent store.
Added additional optional 'includeLockStates' parameter in VaultService states API call.
Added Vault softLocked states query API call.
Fixed commercial paper failing test.
Improved exception handling on soft locking UPDATE statement.
Using SELECT FOR UPDATE to ensure correct soft locking data visibility.
Db query operations moved out of mutex code (as locking managed by underlying DB)
Adjusted logging severity levels.
Adjusted logging severity levels.
GenerateSpending now performing fine grained query for unconsumed states by joining with contract_cash_states table.
Using H2 proprietary cummulative counting feature (using sessioni SET variables)
Refactored and simplified HibernateObserver constructor to enable usage in JUnit tests.
Event generator issues larger random amounts (10,000..1,000,000) to those than are spent (0..10,000)
Adjusted Issue (5:1) and Exit (10:1) generation frequency vs spending.
Minor fixes: added optional lockid into select for spending criteria, set notary, additional trace logging.
Generate Cash Schema by default upon node start-up (as part of NodeSchemaService initialisation).
Explicitly close JDBC statements in finally() blocks.
Tightened HibernateObserver constructor.
Fix CommercialPaper test (was missing auto-generation of CONTRACT_CASH table)
Revert default JVM size back to 200Mb.
Revert default number of iterations in Explorer Node Simulation mode (back to 10000 with .5 sec sleep interval).
Remove redundant setter function.
Added TODO messages indicating Requery / H2 restrictions & caveats.
Consumed states lock updates now performed in general consumed state Update.
Updated/added Soft Locking documentation.
Addressed initial PR comments: use THREAD_LOCAL_KRYO, use AbstractParty, extract helper method, improve readability, address some doc typos
Addressed PR comment: removed lockId from WireTransaction.
Fixed soft locking UPDATE statements.
Improvements to VaultSoftLockManager for auto-registration of soft locks for flows with spendable states (as notifications from vault).
Other optimisations (IssuerFlow no longer explicitly reserve/release issued state) and improvements (soft lock release management of soft locks, docs update)
Performance update: now using Requery for UPDATE in release soft locking (non-composite key statement)
Removed redundant TODO messages (TODO: revisit Kryo bug when using THREAD_LOCAL_KYRO)
Minor fixes following rebase
Fixed failing JUnit following rebase
Addressed MH PR review items (1st pass)
Fix broken JUnit
Significant changes to RDBMS operations within coin selection and soft locking as requested by PR review.
(Removed SELECT FOR UPDATE; added RETRY upon coin selection; reverting partial soft locks)
Addressed a number of PR review requests added by MH (comments/spelling, lockID instantiation, HibernateObserver instantiation, cash schema white-listing usage)
Addressed latest PR review comments from RP.
Minor fixes following rebase from master.
Fixed final failing JUnit (issuer flow concurrent).
Updated TraderDemo to trigger concurrent issuance of cash.
Fixed compiler warning on lockId null check.
Fixed subtle bug in coin selection intermittently surfaced in IntegrationTestTutorial.
Fixed small memory leak.
Removed stray } in logger trace message.
Slight rewording of description of Soft Locking in docs.
Renamed NoStatesAvailableException to StatesNotAvailableException.
generateSpend is now Suspendable (calls sleep method on flow upon coin selection retry).
Added companion function to enable a Strand to sleep but without locking transactional context.
Improved logging, changed to StateNotAvailableException, using Flow sleep upon retry, tweaked SELECT criteria in coin selection, fixed bug when insufficient states selectable, generateSpend is now @suspendable
Improved handling and logging of flow results in Simulation Mode.
Fixed minor error in sleep when not an active flow.
Retry coin selection when unavailable states (as these may become available as new states).
Additional debug logging to highlight and identify H2 coin selection sporadic bug.
Inlined sleep method due to intermittent Quasar error.
Re-introduce selection clause that prevents selection and temporary locking of already locked states (by other flows).
Improved trace logging for coin selection (SQL row level info).
Correctly calling FlowStateMachineImpl sleep (now inlined and working correctly)
Fixed rebase error.
Remove redundant TODO message.
RBS report problems with multiple nodes being able to find each other in the identity service. This extends the name
lookup test case to try three nodes, to check all of the stored values, and to use random keys rather than static.
Add trace log of identity registrations to aid with tracking state.
The shell is embedded in the node and offers the ability to monitor
and control the node via the launching terminal.
Still to do:
* Switch to a fork of CRaSH that we can maintain ourselves, and merge in Marek's SSH patch so we can enable SSH access.
* Add persistent command history that survives restarts.
* Tab completion for the 'flow' and 'run' commands.
* Remove the 'jul' command and replace it with a command that lets you see and tail the log4j logs instead.
* Fix or remove the other crash commands that have bitrotted since 2015.
* Record a metric for the duration and rate of execution for every flow. This is useful for task intense scenarios to detect performance degradation.
* Measure both successful and failed flow durations
* CORDA-305: Refactor CordaRPCClient into :client:rpc module
* CORDA-305: Remove the Kotlin test framework from the artifacts.
* CORDA-305: Migrate serialisation whitelist into node-api module.
* CORDA-305: Clean up unused RPC observables.
* CORDA-305: Add :client:rpc module to documentation tasks.
* CORDA-305: Include :finance into :client:rpc for its serialisable classes.
* CORDA-305: Move test classes into the correct directory.
* CORDA-305: Migrate :finance dependency from :client:rpc into DemoBench.
* CORDA-305: Update wording of TODO about handling Observables.
* CORDA-304: Refactor :client modules into :client:javafx and :client:mock.
* CORDA-304: Add :client:mock to Dokka tasks, and remove unused integrationTest task.
* CORDA-304: Migrate DriverBasedTest from node into test-utils.
* CORDA-304: Rename .fx. package to .jfx. to prevent confusion with "exchange rate".
* CORDA-304: Rename module to ':client:jfx'.
* We were leaving trailing attachmentStorage on pooled kryo instances after some tests. Changed attachment storage logic to make it impossible to leave it behind.
* Some low level tests corrupt the Kryo config, so do not return to pool when this is the case. Also, we discovered that Kryo is caching class name to class resolution. We don't want to do this where attachments are involved. The errors raised highlighted a class missing from the whitelist. Need to write a unit test to test the class loader issue.
* Unit test for attachment class loading with kryo.
* Non-ssl artemis acceptor for RPC connection. (#271)
* New non-ssl acceptor in artemis server for RPC connection.
* Rename artemisAddress with messagingAddress
Rename artemisAddress with messagingAddress so that the node configuration file properties match
the code variable names.
Rename artemisPort to messagingPort in Gradle configuration to match node configuration naming.
* Add rpcPort configuration option for Gradle
* Update docs to reflect changes to RPC port configuration
* Renumber ports in example CorDapp to match numbering used elsewhere
* Restructure upgrade guide
* added config file checks on corda startup to make the upgrade path a bit smoother.
Convert NodeVaultService states to return Iterable (backed by Sequence) Vs the old way using a List. Worth noting this relieves memory pressure as the number of vault states grows.
* remove toList in ContractUpgradeFlowTest
Basic crypto API to support 5 signature schemes and MetaData-ed signatures.
Supported schemes: (1) RSA_SHA256, (2) ECDSA_SECP256K1_SHA256, (3) ECDSA_SECP256R1_SHA256, (4) EDDSA_ED25519_SHA512, (5) SPHINCS-256_SHA512.
To sign a transaction, a signer should create a MetaData wrapper that contains transaction's merkle root and some extra information, such as signer's public key, timestamp and visibleInputs. Actually, MetaData is utilised to support a practical partial, blind and extra-data attached signature model.
When a MetaData object is signed, the signer sends a TransactionSignature object that contains the signed output and the corresponding MetaData object.
Remarks:
This is an temporary solution for signature algorithmic agility. Further development is required for a robust and extensible Crypto Manager/Provider PKI that will support certificate creation, key generation, signing/verifying, deterministic key derivation, encoding formats, SGX/HSM support, identity and key management, versioning, revocation, asynchronicity, metadata, partial sig. policies etc.
* QueuedObservable could not leak due to hard references. Have made it weak referenced but also had to reference count a hard reference to prevent early GC. Explained in comments.
* Improved comments.
* Fixed typo
* Fixed another typo
* CORDA-265: Implement "ALL" permission for RPC users. Users with this permission in node.conf can use any flow.
* CORDA-265: Ensure that we always close the RPC proxy object after each test.
* CORDA-265: Refactor construction of dummy RPC client into an abstract base class.
* CORDA-265: Document RPC "ALL" permission.
* BFT notary prototype: add a non-validating service.
Each replica now validates the transaction timestamp and returns an individual signature to the BFT client. The client then returns a list of signatures back to the notary service flow.
The validating variant is still incomplete - it requires the ability to suspend flows on arbitrary function calls.
Make notary flow return a collection of signatures to support the BFT notary. For a single-node or RAFT notary it would just contain a single signature.