By default Cordaps build by corda-gradle-plugins are signed by Corda development key.
In dev mode any key can be used to sign Cordapp JAR .
In production node Corda dev keys were forbidden. This code change allows to opt-out by setting node option cordappSignerKeyFingerprintBlacklist=[] or specify more public keys to blacklist.
The option is used in production only mode.
* ENT-1394: artemis locators for HA bases on configuration
* ENT-1394: bridge artemis connection service with HA impl
* ENT-1394: added own round robin logic for artemis client connections
* ENT-1394: added support for external clustered artemis to internal RPC client
* ENT-1394: added failover listener to internal rpc client, some cleanup
* ENT-1394: remove unused import
* ENT-1394: refactored after rebasing
* ENT-1394: refactored after rebasing, addressed PR comments
* ENT-1394: got rid of HA connection service in favor of a simple check inside current one
* ENT-1394: ha locator gets its own thread to handle failover that happens behind the scenes
* ENT-1394: move ha artemis flag in the outboundConfig
* ENT-1394: haArtemis flag has default value in constructor
* ENT-1394: address PR comment, handle status change during failover
* ENT-1394: reverted usage of ha locator
* ENT-1394: ensure that on failover the p2pclient sends a fresh snapshot to the bridge
* ENT-2636: Introduce ModeSelectingChannel
Next step: Add an integration test.
* ENT-2636: Explicitly retain/release ByteBuf
* ENT-2636: Use ByteBuf API and stop using `java.nio.ByteBuffer`
* ENT-2636: Add new optional FirewallConfiguration parameter
* ENT-2636: Simplify implementation of ModeSelectingChannel
* ENT-2610: Create integration test to check response on TCP call and fixes to ModeSelectingChannel
* ENT-2610: Extend integration test fixes to ModeSelectingChannel
Doesn't currently work well for longer messages.
* ENT-2610: Extend integration test fixes to ModeSelectingChannel
Doesn't currently work well for longer messages.
* ENT-2610: Fixes to ModeSelectingChannel so it works well for longer messages.
* ENT-2610: Reflect `healthCheckPhrase` from `FirewallConfiguration` onto `AMQPConfiguration`
* ENT-2610: Incorporate review comments by @mnesbit
* ENT-2636: Extend the test to drip feed bytes one-by-one.
Also remove TRACE level packet logging for speed and log space reduction.
Logging-wise the following printed into the log every time TCP echo performed:
```
[INFO] 11:03:16,016 [nioEventLoopGroup-5-1] logging.LoggingHandler.info - [id: 0x202c2137, L:/0:0:0:0:0:0:0:0:10001] READ: [id: 0x073fda76, L:/10.18.1.203:10001 - R:/10.18.1.203:59274]
[INFO] 11:03:16,016 [nioEventLoopGroup-5-1] logging.LoggingHandler.info - [id: 0x202c2137, L:/0:0:0:0:0:0:0:0:10001] READ COMPLETE
[INFO] 11:03:16,018 [nioEventLoopGroup-6-4] netty.AMQPChannelHandler.invoke - New client connection 073fda76 from /10.18.1.203:59274 to /10.18.1.203:10001 {allowedRemoteLegalNames=null, localCert=null, remoteAddress=/10.18.1.203:59274, remoteCert=null, serverMode=true}
```
* Tidy up
* Add install-shell-extensions command
* Make cli tests use same version of picocli as everything else
* Remove initLogging from NodeStartup, it is ran earlier by CordaCLIWrapper
* Use picocli snapshot for testing
* Use RunLast() parser to invoke correct subcommands
* Deprecate old clear-network-map-cache parameter
* Restructure NodeStartup for commands
* Get rid of -c option since the flag method has been deprecated and that didn't exist in last release
* Update documentation
* Update backwards compatibility test
* Get all subcommands working
* Refactor sub commands into seperate classes
* Update docs and fix some tests
* Docs changes
* Fix merge conflicts with master
* Fix renamed parameters
* Fix test failure
* Fix compatibility tests
* Add missing compatibility test for blob inspector
* Remove blob inspector compatibility test as there are import conflicts
* Assorted doc fixes
* Addressing review comments
* More review comments
* Couple more bits
* Fix broken tests
* Fix compilation error
* More merge conflicts
* Make startup logging function a bit more sensible
* Fix broken shell extensions
* Make shell extensions work with subcommands
* Make sure parameters for deprecated options are carried through
* More review comments
* Adding some s's
* One last go
* Fix compilation error on Windows
* Revert logging changes
* Revert docs back to their original imperatively moody state
Related to CORDA-1915 Signing CorDapp JARs - Corda node rejects CorDapps signed by our development keys when running in production mode. This prevents Cordapps signed by our dev key (by default) running in production (node devMode=false).
* ENT-2610: Documentation update to include optional `keyStorePrivateKeyPassword`.
* ENT-2610: Documentation update to include optional `keyStorePrivateKeyPassword`.
* ENT-2610: Disruptive change to `CertificateStore` (will cause compilation failures)
* ENT-2610: Address compilation failures caused by separation of `storePassword` and `keyPassword` e.g. in `X509KeyStore`
* ENT-2610: Docs update to flag that passwords have to be the same due to Artemis limitations.
* ENT-2610: Make changes to `bridge` module.
Make private key password optional in `BridgeSSLConfigurationImpl` and extend `ConfigTest`.
Also improve exception reporting when necessary option is missing.
* ENT-2610: Fixes to `bridge` integration tests.
* ENT-2610: Whenever it comes to Dev node certificates ensure that private key password is the same as store password
or else Artemis is not going to accept that, see comment in DevIdentityGenerator.
* ENT-2610: More unit test fixes
* ENT-2610: More integration tests fixes
* ENT-2610: Fix netty code to use `privateKeyPassword` where necessary
* ENT-2610: Remove the use of `keyPassword` for `trustStore`
* ENT-2610: Compilation fixes after merge from `master`
* ENT-2610: Add an integration test which proves that diff. passwords work
The configuration objects for specific notary implementations have been replaced
by a single untyped "extraConfig" Config object that is left to the notary service
itself to parse.
* Remove the raft bootstrapping command from node, we'll need a different
mechanism for that.
* Remove pre-generated identity config value.
* Split up obtainIdentity() in AbstractNode to make it easier to read.
* A temporary workaround for the bootstrapper tool to support BFT notaries.
* Update docs
* Add upgrade notes
* Fix rebase issue
* Add a config diff for the bft notary as well
* ENT-2610: Separate passwords for store and for private keys in Corda OS.
When it comes to KeyStores there are *2* passwords: 1 for the keyStore as a whole and separately there is one private keys within this keyStore.
Unfortunately, those 2 passwords have to be the same due to Artemis limitation, for more details please see:
`org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.loadKeyManagerFactory`
where it is calling `KeyManagerFactory.init()` with store password.
Before change in this PR, throughout our codebase there are multiple places where we assume that storePassword is the same as keyPassword, even in the classes that have nothing to do with Artemis.
This is of course less than ideal as TLS communication may be used not only for Artemis connectivity (e.g. Bridge/Float interaction in Ent) and it is unfair to impose same passwords constraint on that communication channel.
Therefore this PR is removing this limitation and properly separating storePassword from keyPassword.
Linked Jira(https://r3-cev.atlassian.net/browse/ENT-2610) has for more background info.
Suggest to start review from `net.corda.core.crypto.X509NameConstraintsTest` to get an idea about the nature of the changes made.
* ENT-2610: Address PR input from @kchalkias
* ENT-2610: Address PR input from @kchalkias, s/privateKeyPassword/entryPassword/
* ENT-2610: Address PR input from @kchalkias, s/keyPassword/entryPassword/
In the implementation of `CertificateStoreSupplier`
The entry point to the API has been simplified to just requireing a list of packages to scan, with sensible defaults provided for the metadata. Because of the wither methods, having parameters for the metadata (with default values) seems unnecessary. Also the ability to scan just individual classes has been made internal, as it seems unlikely app developers would need that level of control when testing their apps.
TestCordappImpl is a data class and thus acts as a natural key for the Jar caching, where previously the key was the package names. This fixes an issue where it was not possible to create two CorDapp Jars of the same package but different metadata.
* ENT-2295: added SNI support to bridge
* ENT-2295: removed unused method args, adde new line
* ENT-2295: fix checking for existing bridges
* ENT-2295: fix AMQPBridgeTest(included source x500 name in messages)
* ENT-2295: fix ProtonWrapperTests (added source id and only check for SNI if bridge is shared)
* ENT-2295: fixed issue with artemis round robin not working when autogrouping was on
* ENT-2295: adapt to use openSSL, added SNI tests
* ENT-2295: server side openSSL now uses SniHandler magic
* ENT-2295: service queues are not exclusive
* ENT-2295: remove check for nodes sharing artemis when resolving targets
* ENT-2516 SNI - Log the requested server name (if any) in the AMQPServer (#1454)
* WIP
* log server name in ssl handshake
* big fix
* handle nullable sslParameters
* ENT-2295: address PR comments
* ENT-2295: remove unused imports
* ENT-2295: fix warnings
* ENT-2295: address PR comments
* ENT-2295: added node to node intergration tests, added openssl dep to bridge capsule
* ENT-2295: message group id is unique for service queues
* ENT-2295: address PR comment
* Provide an optional configuration setting to specify the minimum platform version to use in the network params file.
* Leave Cordform signature intact.
* Leave previous Gradle Plugin called signature intact.
* Incorporating feedback from PR review.
* Added minimum platform version validation check.
* Removed final 2 references to "default"
* Added changelog entry.
* Add test for SNI header to prevent changing it accidentally.
* added hardcoded values test to ensure hashing function and corda x500 name format can't be changed
The cordapp and cordformation plugins (from v4.0.30) are going to have ability to sign JARs (in cordformation signing will be by default), to enable signature constraints to work out of box Network Bootstrapper will not whitelist contracts form signed JARs.
For unsigned JARs the Network Bootstrapper behaviour is unchanged.
* Add documentation for the useOpenSsl flag
* Use delegation for wrapping unchanged methods (removing actual and potential bugs)
* Replace reflective shorthands with proper argument names in wrappers.
* Mention default for useOpenSsl in documentation
* BoringSsl dependency
* Merge over boring_ssl changes
* Merge over boring_ssl changes
* Upgrade netty-tcnative (and netty to compatible version)
* Add openSSL flag to SSLConfiguration and implementations.
* Make SSL implementation switchable for Artemis
* Parameterize AMQP bridge tests on use of openSSL
* Plumb through open SSL flag to AMQP client/server.
* Add open ssl flag to reference.conf
* Slight clean-up
* Add LoggingTrustManagerWrapper for OpenSsl contexts
* Remove unneeded lazy and check for double wrapping
* Fix TrustMangerWrapper and test, clean-up
* Add key factory wrapper to get the current certificate chain out.
* Use cert chain returning key mananager factory to get local cert
* Force consistent netty-tcnative version across all dependencies
* Make proton wrapper tests check all combinations of client/server native/java SSL
* Add test netty server/client to run SSL tests with
* Simplify usage of test netty components and clean up
* Improve exception handling in NettyTestHandler
* Add openSSL test for X509UtilitiesTests
* Expose engine for test usage
* Add the X509 peer chain check from the socket based test
* Port of TLSAuthenticationTests to use Netty so we can use different SSL providers, add boringSSL tests
* Adapt tests to new config structure
* Readd `useOpenSsl` configuration
* Readd `useOpenSsl` configuration
* Fix up ArtemisTransport for OpenSSL plus tests
* Adapt auth tests
* Formatting
* Remove obsolte file
* Fix config misnomer
* Add SNI host logic to OpenSSL execution branch
* Remove TLS_DHE_RSA tests
* Make exception handling in the netty test infra deterministic
Fix Liquibase quoting strategy for PostgreSQL to follow Corda convention.
In Liquibase for Postgres if schema name has uppercase or lowercase characters only then Liquibase would send it without double quotes and effectively make them lowercase.
Alter Postgres Liquibase dialect to wrap schema names in double quotes. This allows e.g. schemaName=ALICE be send as "ALICE" by Liquibase.
Corda persistence was already wrapping with double quotes, but certain cases in Liquibase were not following this. The result was that SQL run by Liquibase couldn't find schema (e.g. select ALICE.tablename ... in Postgres matched alice schema name not ALICE one).
The fix enables one integration test to be run now against standalone databases.
