* Added per-cordapp configuration
* Added new API for Cordformation cordapp declarations to support per-cordapp configuration
* Added a cordapp configuration sample
* ENT-1282: add standalone db migration tool that works with both the node and the doorman
* ENT-1282: remove cmd line args during node startup
* ENT-1282: more clear message
* ENT-1282: fix integration test
* ENT-1282: more fixes and cleanup code
* ENT-1282: address PR comments
* ENT-1282: more fixes and refactoring
* ENT-1282: more classloader fixes
* ENT-1282: changes after demo feedback
* ENT-1282: update API
* ENT-1282: update documentation
* ENT-1282: formatting
* ENT-1282: added CONSOLE option for dry-run and logging
* ENT-1282: documentation changes
* ENT-1282: remove getMigrationResource from the public API
* ENT-1282: removed dependency on network-manager, added release-lock
* ENT-1282: Update documentation
* Initial implementation of the certificate generation tool
* Adding trust store persisting
* Addressing review comments
* Adding certificate type to the certificate generation process.
* Addressing review comments
* Fixing typos
* Changing keyOverride to 0 in examples and tests
* Addressing review comments + rebasing
* Adding CRL information to the certificate generation process
* Generation tool refactoring
* Addressing review comments
* Quick fixes
* Fix SignedNodeInfo
Introduce network-management schema changes to reflect that NodeInfos
can have multiple signatures.
* Address Shams comments
Store SignedNodeInfo as a blob for network management tool.
Copying of the node-info files moved out of Cordform and into NetworkParametersGenerator (which is now called NetworkBootstrapper). This class becomes an external tool to enable deployment of nodes in a test setup on a single filesystem.
* Initial WIP.
* Configure IAS host via system properties.
* Create separate Gretty configurations for testing and for IAS.
* (WIP) Separate configuration values from WAR; Add msg3 -> msg4 handling.
* Check the IAS report's cryptographic signature.
* Accept CertPath from IAS instead of a Certificate.
* Validate the certificate chain for the IAS report.
* Refactor response handling, and add a secret to Message4.
* Append public DH keys to generated shared secret.
* Use DH secret to generate a 256 bit AES key.
* Fix runISV Gradle task so that it creates WAR file.
* Migrate MockIAS service into a separate package.
* Remove unused aesCMAC field from Message3.
* Configure HTTP sessions to expire after 10 idle minutes.
* Ensure we select the "isv" key for MTLS with Intel Attestation Service.
* Set key alias for Intel's public certificate.
* Implement GET /attest/provision endpoint.
* Use elliptic curves for Diffie-Hellman keys.
* Pass public keys as Little Endian byte arrays without ASN.1 encoding.
* Add AES-CMAC signature to Message2.
* Remove signature fields from QUOTE body for sending to IAS.
* Add a dummy AES-CMAC field to Message3 for later validation.
* Generate AEC-CMAC for Message 3, and refactor crypto functionality.
* Calculate AES-CMAC using AES/CBC/PKCS5Padding algorithm.
* Use BouncyCastle's AESCMAC algorithm for MAC calculation.
* Include standard crypto test vectors to the unit tests.
* Encrypt MSG3 secret using AES/GCM/NoPadding with 128 bit key.
* Hash shared key with Little Endian versions of public keys.
* Refactor so that hexToBytes() is a utility.
* Simplify signing of MocKIAS report.
* Separate AES/GCM authentication tag from the encrypted data.
* Create /ias/report endpoint for ISV which proxies IAS.
* Remove unnecessary @Throws from MockIAS handlers.
* Log HTTP error status from IAS.
* Replace runISV task with startISV and stopISV tasks.
* Refactor tests to use CryptoProvider @Rule instead of @Suite.
* Move Web server for integration tests to use non-production ports.
* Add proxy endpoint for IAS revocation list.
* Generate an ECDSA "service key" for signing (gb|ga).
* Generate a persistent key-pair for the ISV to sign with.
* Verify the (Gb|Ga) signature from Message2.
* Add debugging aids.
* Fix Gradle warning.
* Remove TLV header from Platform Info Body for MSG4.
* Small tidy-up.
* Use SPID "as-is" when calculating CMAC for MSG2.
* Add DEBUG messages for MSG2's KDK and SMK values (AES-CMAC).
* Add DEBUG logging for ECDH shared secret.
* More DEBUG logging.
* The ECDH shared secret *is* the x-coordinate: no need to subrange.
* Adjust MockIAS to return an empty revocationList for GID 0000000b.
* Fix ArrayOutOfBoundsException for "small" integer values.
* Test MSG1 with empty revocation list.
* Add extra logging for IAS report request.
* ReportResponse object cannot be null.
* Fix misreading of spec - don't remove quote's signature when requesting report from IAS.
* Log invalid contents of X-IAS-Report-Signing-Certificate HTTP header.
* Build CertPath for IAS from explicit list of Certificates.
* Rename quote fields on IAS ReportResponse to match Intel.
* Log report ID and quote status from IAS.
* Add a revocation list checker to the certificate path validator.
* Tweak revocation list options, depending on IAS vs MockIAS.
* Extract Intel's certificate specifically by alias for PKIX.
* Tune quote body returned by MockIAS.
* Add AES-CMAC field to Message4 for validation.
* Increase GCM authentication tag to 128 bits.
* Receive platformInfoBlob from IAS as hexadecimal string.
* Generate secret encryption key using KDK and SK values.
* Marshall platformInfoBlob between Base16 string and ByteArray.
* Interpret status results from IAS as enums.
* Use lateinit for HttpServletRequest field.
* Refactor ExceptionHandler out of messages package.
* Alias is for ISV, so rename it.
* Refactor classes into more correct packages.
* Use random 96 bit IV for GCM encryption.
* Parameterise HTTP/HTTPS ports via Gradle.
* Do not forward a securityManifest containing only zeros to IAS.
* Address review comments.
* Review comment: Use NativePRNGNonBlocking for SecureRandom.
* Rename isv.pfx to isv-svc.pfx
* Rename keystore to isv.pfx, for clarity.
* Update scripts so that they no longer require user input.
* Generate isv.pfx from the key and certificates.
* Remove private key from repository.
* Declare an empty PSE Manifest to be invalid.
* Generate keystores "on the fly".
* Rename integration tests to end in "IT" instead of "Test".
* Add README
* Turn remote-attestation into a separate Gradle project.
* First working version of RPC & JMeter
* Remote JMeter working from single JAR.
* Some clean up. Remote slave via capsule is working.
* Full config of capsule launched JMeter server (was missing functions previously).
* SSH tunnelling utility. Property files per remote host.
* Rename jar to make easier to deploy with wildcard filters.
* Easy all in one launch of UI + SSH tunnels.
* Comment out parties.
* Work around for notary.
* Clean up, renaming etc
* Add some comments and clean up.
* Add some comments and clean up.
* README and fixes.
* Redirect search_paths into a file since it so long and doesn't work on the command line in Windows.
* First working version of RPC & JMeter
* Remote JMeter working from single JAR.
* Some clean up. Remote slave via capsule is working.
* Full config of capsule launched JMeter server (was missing functions previously).
* SSH tunnelling utility. Property files per remote host.
* Easy all in one launch of UI + SSH tunnels.
* Comment out parties.
* Work around for notary.
* Clean up, renaming etc
* Add some comments and clean up.
* Add some comments and clean up.
* README and fixes.
* Reduce the dependencies of the JMeter project by copying (#118)
one function and listing required explicit dependencies
instead of depending on loadtest
* Tidy up
* Fix ssh for windows (#121)
* Make ssh tunnels work with Pageant on windows and allow specifying explicit
ssh remote user
* Update comments
* Merging signing service and doorman
* Addressing review comments
* Removing redundant package name space from method call
* Adding description field to gradle
* Adding a new service for CSR signing
* Adding a new service for CSR signing
* Removing rejection option
* Adding CSR log and removing rejection option
* Addressing review comments
* Move SwapIdentitiesFlow to confidential-identities module
* Clean up confidential-identities build.gradle
* Change description to include Experimental
* Move confidential-identities to a dependency of node rather than node-api
* Removed Requery object relational mapping usage (and associated schemas including node-schemas module)
* Fixed issues with NodeAttachmentService tests.
Cannot use JPA custom converters with Primary Key fields.
Hibernate entities require explicit call to flush() to persist to disk.
* Removed redundant requery converters (equivalents not even required in Hibernate).
* Removed remaining gradle requery dependency definitions.
* Fixed broken tests.
* Fixes for failing NodeVaultService tests:
- Dynamic SQL updates (in soft locking code)
- Explicit request by session to participate in transaction (causing "TransactionRequiredException" Executing an update/delete query)
- Explicit flush() required to persist to disk
* Updated changelog.
Fixed compiler warning.
* Fixed WHERE clause AND/OR condition.
Enforced immediate data visibility through transaction commit.
* Final fixes to address failing tests.
* Deferred all hibernate session/txn management to DatabaseTransactionManager.
* Fixed transaction boundaries in failing Cash tests.
* Fixes to address failing tests (transaction boundaries, merge detached object, config clean-up).
* Final adjustment to transaction boundaries in JUnit tests.
* Refactored AttachmentSchemaV1 into NodeAttachmentService itself and referenced from NodeServicesV1.
* Refactored HSQL UPDATE statements to use CriteriaUpdate API.
* Updated all criteria API getters to reference attribute names by type.
* Remove redundant VaultSchema entity name (required when previously using HSQL UPDATE syntax)
* Fix compiler warnings.
* Minor changes following rebase from master.
* Fixed suppress warning type.
