Major changes due to JDK 17:
1. JDK17 JCE Provider now has built-in support for eddsas, corda uses
the bouncycastle (i2p) implementation. This PR removes the conflicting
algorithms from the built-in JCE provider.
2. JavaScript scripting has been removed from the JDK, the corda log4j config was using
scripting to conditionally output additional diagnostic info if the MDC
was populated. This PR has removed the scripting.
3. The artifactory plug-ins used are now deprecated, this PR has removed them
and uses the same code as Corda 5 for publishing to artifactory.
4. Javadoc generation has been modified to use the latest dokka plug-ins.
5. Gradle 7.6 has implemented an incredibly annoying change where transitive
dependencies are not put on the compile classpath, so that they have to be
explicitly added as dependencies to projects.
6. Mockito has been updated, which sadly meant that quite a few source files
have to changes to use the new (org.mockito.kotlin) package name. This makes
this PR appear much larger than it is.
7. A number of tests have been marked as ignored to get a green, broadly they fall
into 3 classes.
The first is related to crypto keypair tests, it appears some logic
in the JDK prefers to use the SunJCE implementation and we prefer to use
bouncycastle. I believe this issue can be fixed with better test setup.
The second group is related to our use of a method called "uncheckedCast(..)",
the purpose of this method was to get rid of the annoying unchecked cast compiler
warning that would otherwise exist. It looks like the Kotlin 1.9 compiler type
inference differs and at runtime sometimes the type it infers is "Void" which causes
an exception at runtime. The simplest solution is to use an explicit cast instead of
unchecked cast, Corda 5 have removed unchecked cast from their codebase.
The third class are a number of ActiveMQ tests which appear to have a memory leak somewhere.
* ENT-6893: Added interface for clients to grab openetelemetry handle.
* ENT-6893: Make detekt happy.
* ENT-6893: Fix warnings.
* ENT-6893: Make detekt happy.
* ENT-6893: Now shutdown opentelemetry when node stops or client is closed.
* ENT-6893: OpenTelemetryDriver is not not a singleton.
First cut of telemetry integration.
Open telemetry can be enabled in two ways, first is via an opentelemetry java agent specified on the command line. With this way you get the advantage of spans created from other libraries, like hibernate. The java agent does byte code rewriting to insert spans.
The second way is with the open telemetry driver (that links with the opentelemetry sdk). This is a fat jar provided with this project and needs to go into the node drivers directory.
ENT-6947: Implement interning for SecureHash, CordaX500Name, PublicKey, AsbtractParty and SignatureAttachmentConstraint, including automatic detection of internable types off companion objects in AMQP & Kyro deserialization. In some cases, add new factory methods to companion objects, and make main code base use them.
Performance tested in performance cluster with no negative impact visible (so default concurrency setting seems okay).
Testing suggests 5-6x memory saving for tokens in TokensSDK in memory selector. Should see approx. 1 million tokens per GB or better (1.5 million for the tokens we tested with).
Fixes DDoS attack mentioned on the Jira ticket.
PR upgrades Artemis library to version 2.19.1.
This is our own release of Apache Artemis library which has vulnerability fix for v2.20 applied.
**_Breaking changes discovered during Artemis upgrade:_**
1. When the queue is created as temporary, it needs to explicitly be specified as non-durable.
2. By default, Artemis Client performs Host DNS name check against the certificate presented by the server. Our TLS certificates fail this check and this verification has to be explicitly disabled, see use of: `TransportConstants.VERIFY_HOST_PROP_NAME`.
3. Artemis Server now caches login attempts, even unsuccessful ones. When we add RPC users dynamically via DB insert this may have an unexpected outcome if the user with the same `userName` and `password` was not available previously.
To workaround permissions changing dynamically, authorization and authentication caches had to be disabled.
4. When computing `maxMessageSize`, the size of the headers content is now taken into account as well.
5. Artemis handling of start-up errors has changed. E.g. when the port is already bound.
6. A number of deprecated APIs like: `createTemporaryQueue`, `failoverOnInitialAttempt`, `NullOutputStream`, `CoreQueueConfiguration`.
7. Log warning message is produced like: `AMQ212080: Using legacy SSL store provider value: JKS. Please use either 'keyStoreType' or 'trustStoreType' instead as appropriate.`
8. As reported by QA, Artemis now produces more audit logging more details [here](https://r3-cev.atlassian.net/browse/ENT-6540). Log configuration been adjusted to reduce such output.
Test was flaky because the flow can finish below it can be killed,
therefore failing the test. Sleep for 1 minute instead to give plenty of
time for the test.
Do not let a user reattach to a flow started by another user.
Reattaching to a flow using startFlowWithClientId for a flow not
started by the current user throws a PermissionException
Reattaching to a flow using reattachFlowWithClientId for a flow not
started by the current user returns null.
finishedFlowsWithClientIds does not return flows started by other
users.
Normal rpc permissions around startFlowWithClientId and
startFlowDynamicWithClientId has also been added.
To allow admins to remove client ids as well as be able to see all the
client ids on the node, admin versions have been added that bypass the
user restrictions. These can be permitted via rpc to only provide
their usage to admins.
* Make existing client id flows re-attachable via rpc 'startFlow' when flows draining mode is enabled
* Fix detekt issue
* Remove unneeded/ unreached waiting on flow's return future
* CORDA-3960: Port MultiRPCClient to OS
* CORDA-3960: Carefully restore serialisation environment in `MultiRpcClientTest` to eliminate side effects on other tests
* CORDA-3960: Move ThreadDumpUtils.kt to `core-utils`
* Draft version of integrating start flow with client id with reconnecting rpc client
* Add recursive reconnect
* Execute 'doInvoke' on a different thread, fixes hanging
* Tidy up code and add explanatory comment
* Add test timeout
* Add test asserting 'removeClientId' does retry to connect if the node is down
* Modify test to not create a new node on node restart
* Add test asserting 'reattachFlowWithClientId' tries to reconnect if the node is down
* Add test asserting returned flow exception future continue working on node restart
* Add assertions for reconnecting future callbacks
* Remove unused import
* Remove unused local var
* Remove unneeded line breaks
* Remove unneeded parentheses
* Amend existing test; assert flow result reconnectable future returned from 'reattachFlowWithClientId' works
* Update test names
* Add explanatory comment
* Minor comment update
* Fix accidental methods moved
* Update obsolete comment
* INFRA-438 Handle observers not having error handling
When the RPC client connection is closed, it notifies observers using onError(), which may not be the correct approach (TBD) but changing this is a much more invasive change. Where observers do not subscribe to error notifications, this is reflected to the calling client by an exception thrown.
This change catches that exception and lots it as debug rather an error level.
In enterprise, `AuthDBTests` picked up a schema from a unit test and
included it in the cordapp it builds. This schema does not have a
migration and therefore fails the integration tests.
`NodeBasedTest` now lets cordapps to be defined and passed in to avoid
this issue. It defaults to making a cordapp from the tests base
directory if none are provided.
* ENT-5420 stop reconnecting when RejectedCommandException occurs.
* change to store last exception and return quietly
* changed to rethrow exception. Test added
* NOTICK Ignore JUnit time threads in `RPCStabilityTests`
* NOTICK - Ignore ForkJoinPool.commonPool as it's not related to our test
Co-authored-by: LankyDan <danknewton@hotmail.com>
* Remove unused dependencies from test-common
* Explicit imports and formatting
* Add core-test-utils project
* Add dependency
* Move Kryo serialization context to node-api (not serialization as we do not want to pull kryo into the serialization lib)
* Move AMQP server serialization scheme to node api
* Move serialization tests to node-api
* Move internal test helpers without further dependencies.
* Move out some types from RPCClientProxyHandler to node-api in preparation for moving the AMQP scheme
* Move client AMQP context to node-api so we can move the test serialization rule out.
* Move InternalSerializationTestHelpers to core-test-utils
* Moved testing.core to core-test-utils
* Make detekt happy
* Add api-scanner to core-test-utils
* Remove inlined package names introduced by IntelliJ refactoring
* Update api-current.txt to account for reordering.
* Add core-test-utils to list of published artifacts.
* Add missing import
* Location of things in api text has moved again (publish name of artefact?)
* Revert all additions to the API, leaving just the reordering
* Code review: fix up core-test-utils build.gradle and introduce kryo version constant.
* Remove OpenSsl flag from ssl config stub (can't be used from node-api)
* Suppress detekt warning
* Move core test util tests to the right module
* Expose kotlin test as a transient dependency - projects have come to rely on that.
* Fix typo in package name
* [NOTICK] Add a custom detekt rule for tests with no timeout, and fix remaining missing timeouts
* [NOTICK] Add a test for custom detekt rules and tidying
* add timeout annotation to new test
Co-authored-by: Stefano Franz <roastario@gmail.com>
