Basic crypto API to support 5 signature schemes and MetaData-ed signatures.
Supported schemes: (1) RSA_SHA256, (2) ECDSA_SECP256K1_SHA256, (3) ECDSA_SECP256R1_SHA256, (4) EDDSA_ED25519_SHA512, (5) SPHINCS-256_SHA512.
To sign a transaction, a signer should create a MetaData wrapper that contains transaction's merkle root and some extra information, such as signer's public key, timestamp and visibleInputs. Actually, MetaData is utilised to support a practical partial, blind and extra-data attached signature model.
When a MetaData object is signed, the signer sends a TransactionSignature object that contains the signed output and the corresponding MetaData object.
Remarks:
This is an temporary solution for signature algorithmic agility. Further development is required for a robust and extensible Crypto Manager/Provider PKI that will support certificate creation, key generation, signing/verifying, deterministic key derivation, encoding formats, SGX/HSM support, identity and key management, versioning, revocation, asynchronicity, metadata, partial sig. policies etc.
* QueuedObservable could not leak due to hard references. Have made it weak referenced but also had to reference count a hard reference to prevent early GC. Explained in comments.
* Improved comments.
* Fixed typo
* Fixed another typo
* CORDA-265: Implement "ALL" permission for RPC users. Users with this permission in node.conf can use any flow.
* CORDA-265: Ensure that we always close the RPC proxy object after each test.
* CORDA-265: Refactor construction of dummy RPC client into an abstract base class.
* CORDA-265: Document RPC "ALL" permission.
There is (as of October 2016 at least) no supported option for running Kapt from IntelliJ, which means IntelliJ builds
break due to missing classes. This adds in the generated code pending a better solution. Building from Gradle will
automatically regenerate the files still, while building from IntelliJ will use the provided defaults.
* BFT notary prototype: add a non-validating service.
Each replica now validates the transaction timestamp and returns an individual signature to the BFT client. The client then returns a list of signatures back to the notary service flow.
The validating variant is still incomplete - it requires the ability to suspend flows on arbitrary function calls.
* Exclude old version of Javassist in favour of Hibernate's version.
* Comment why we are excluding javassist:javassist, and add TODO for when junit-quickcheck 0.8 is released.
CORPRIV-702: Sign the DMG with a 'Mac Developer' certificate.
* CORPRIV-702: Sign the DMG with a 'Mac Developer' certificate.
* CORPRIV-702: Use "Developer ID Application" certificate instead. And now JavaPackager signs the application, which means that we only need to resign our embedded JVM.
* CORPRIV-702: Update comment better to explain why JRE must be resigned.
Approved-by: Mike Hearn