ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-19 13:08:04 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
bd53a22efa
corda/docs/source/serialization.rst
josecoll dd3d8ba626 Merge release-v1 onto master (mostly documentation changes) (#1797) 
* Updated corda release version to 1.0.0.RC2 (#1641)

* Fixed Simm Valuation Demo Test and enable serializabe java 8 lambdas. (#1655)

* [CORDA-624] Node Explorer on Issuing cash throws MissingContractAttachements exception (#1656)

(cherry picked from commit 27fea4d)

* BIGINT fix for H2 coin selection. (#1658)

* BIGINT fix for H2 coin selection.

* Review feedback

* CORDA-637 Node Explorer shows Network Map Service in Cash Issue dropdown (#1665)

* [CORDA-637] Node Explorer shows Network Map Service in Cash Issue dropdown

* add TODO to remove the hack

* Declare this internal message string as "const". (#1676)

* Merge "A variety of small fixes" into the 1.0 release branch (#1673)

* Minor: improve javadocs in NodeInfo

* Minor: use package descriptions in Kotlin build of api docs too, not just javadocs.

* RPC: make RPCConnection non-internal, as it's a core API. Move docs around so they're on public API not internal API.

* Add an IntelliJ scope that covers the currently supported Corda API.

This is useful when used in combination with the "Highlight public
declarations with missing KDoc" inspection.

* Ironic: upgrade the version of the Gradle plugin that checks for upgraded versions of things.

It had broken due being incompatible with the new versions of Gradle
itself.

* Docs: flesh out javadocs on ServiceHub

* Docs: add @suppress to a few things that were polluting the Dokka docs.

* Docs: mention RPC access in NodeInfo javadoc

* IRS Fixes to bring UI closer to declared financial types (#1662)

* Made problematic CordaRPCClient c'tor private (with internal bridge methods) and added correct c'tors for public use. (#1653)

initialiseSerialization param has also been removed.

* Fixing flow snapshot feature (#1685)

* Fix validating notary flow to handle notary change transactions properly. (#1687)

Add a notary change test for checking longer chains involving both regular and notary change transactions.

* Unification of VaultQuery And VaultService APIs (into single VaultService interface) to simplify node bootstrapping and usability. (#1677) (#1688)

* Identity documentation (#1620)

* Sketch initial identity docs

* Restructure confidential identity docs to better fit structure

* Split confidential identities into API and concepts

* Further expansion on basic identity conceptS

* Merge Party type into api-identity.rst

* Address feedback on written content

* Rework inline code with literalinclude

* Start addressing feedback from Richard

* Clarify use of "counterparty"

* Address comments on key concepts

* Correct back to US english

* Clarify distribution/publishing of identities

* Update changelog around confidential identities

* CORDA-642 Notary demo documentation fixes (#1682)

* Notary demo documentation fixes.

* One of the tables is prefixed.

* CORDA-641: A temporary fix for contract upgrade transactions (#1700)

* A temporary fix for contract upgrade transactions:
during LedgerTransaction verification run the right logic based on whether
it contains the UpgradeCommand.

* Move ContractUpgradeFlowTest away from createSomeNodes()

* Remove assembleBareTx as it's not used

* Update corda version tag to 1.0.0-RC3 (#1705)

* Hide SerializationContext from public API on TransactionBuilder (#1707)

* Hide SerializationContext from public API on TransactionBuilder

(cherry picked from commit 6ff7b7e)

* Hide SerializationContext from public API on TransactionBuilder

(cherry picked from commit 6ff7b7e)

* Address feedback on confidential identities docs (#1701)

* Address minor comments on confidential identities docs

* Expand on implementation details of confidential identities

* Cleanup

* Clarify details of the data blob in the swap identites flow

* Add that certificate path is not made public for confidential identities

* FlowSession docs (#1693)

* FlowSession docs (#1660)

* FlowSession docs

* PR comments

* Milder example flow name

* Fixes bugs with contract constraints (#1696)

* Added schedulable flows to cordapp scanning

Fixed a bug where the core flows are included in every cordapp. Added a test to prove the scheduled flows are loaded correctly. Added scheduled flow support to cordapp.

Renabled broken test.

Fixed test to prove cordapps aren't retreived from network.

Review fixes.

Fixed a test issue caused by gradle having slightly different paths to IntelliJ

* Fixed test for real this time.

* Consistent use of CordaException and CordaRuntimeException (#1710)

* Custom exceptions in corda, should either derive from an appropriate closely related java exception, or CordaException, or CordaRuntimeException. They should not inherit just from Exception, or RuntimeException.

Handle PR comments

Add nicer constructors to CordaException and CordaRuntimeException

* Fix ambiguous defaulted constructor

* Add @suppress (#1725)

* Git-ignore Node Explorer config. (#1709)

* add message warning windows users they might need to manually kill explorer demo nodes started by gradle (#1717) (#1726)

* Misc documentation fixes (#1694)

(cherry picked from commit 592896f)

* Document -parameters compiler arg for Java CorDapps. (#1712)

* Correct non-anonymous two party trade flow (#1731)

* Parameterize TwoPartyTradeFlowTests to confirm deanonymised functionality works.
* Correct handling of counterparty using well known identity in TWoPartyTradeFlow

* CORDA-594 - SIMM Demo doc update (#1723) (#1735)

* CORDA-594 - SIMM Demo doc update

For V1 write a series of JSON / curl commands a user can follow to run
the demo

* Review Comments

* Updated the rationale behind as to why SIMM was introduced.

* typo

* Cordapps now have a name field. (#1664)

Corrected cordapp name generation.

Added changelog entry.

* Small API fixes against M16 (#1737)

* Move CompositeSignaturesWithKeys into net.corda.core.crypto package.

(cherry picked from commit 8f29562)

* Rename and move CordaPluginRegistry to reflect its real purpose now.
Simplify serialization code a bit.

(cherry picked from commit e2ecd3a)

* Docs: docsite improvements

* Remove discussion of webserver from 'writing a cordapp' page.
* Fixup some flow docs.
* Add a couple more package descriptions.

(cherry picked from commit 2aedc43)

* Review comments

(cherry picked from commit ba1d007)

* Review comments - always apply default whitelist and no longer load it via ServiceLoader

(cherry picked from commit 7d4d7bb)

* Added wording about renaming services resource file

* Update corda version tag to 1.0.0-RC4 (#1734)

* Update corda version tag to 1.0.0-RC3

* Update corda version tag to 1.0.0-RC4

* Update build.gradle

* V1 tests and fixes for the ContractConstraints work (#1739)

* V1 tests and fixes for the ContractConstraints work

* More fixes.

* Added a contract constraints section to the key concepts doc. (#1704)

Documentation for contract constraints.

Added to index.

Review fixes round 1.

More review fixes.

Review fixes.

Explained package contents.

review fixes.

Addressed RGB's final review comments.

Updated source code type to 'java'

* Fixes dead links. (#1749)

* Update gradle plugins version to 1.0.0 (#1753)

* Update Readme (#1756)

* Update Readme

Minor tweaks to Readme -- consistent capitalisation and more descriptive list of features (also reordered to put the important things first)

* Copied master readme.

* Update Readme

Minor tweaks to Readme -- consistent capitalisation and more descriptive list of features (also reordered to put the important things first)

* Fixes .rst formatting. (#1751)

* Updates tutorials. (#1649)

* Updates tutorials.

* Addresses review comments.

* Tutorial refresh for v1.0 and moving of code into separate files. (#1758)

* Moves code sections in tutorials to code files.

* Removes wallet references.

* Updates repo layout doc.

* Removes remaining cordapp-tutorial references, replaced with cordapp-example.

* Fixes broken link.

* Misc docs fixes.

* Refreshes the ServiceHub and rpc ops api pages.

* Updates the cheat sheet.

* Updates cookbooks.

* Refreshes the running-a-notary tutorial.

* Updates flow-testing tutorial

* Updates tear-offs tutorial.

* Refreshes integration-testing tutorial.

* Updates to contract tutorial and accompanying code to bring inline with V1 release.

* Refreshes contract-upgrade tutorial.

* Fixed broken code sample in "writing a contract" and updated contracts dsl.

* Added contract ref to java code. Fixed broken rst markup.

* Updates transaction-building tutorial.

* Updates the client-rpc and flow-state-machines tutorials.

* Updates the oracles tutorial.

* Amended country in X500 names from "UK" to "GB"

* Update FlowCookbook.kt

* Amended cheatsheet. Minor update on contract upgrades tutoraial.

* Added `extraCordappPackagesToScan` to node driver.

* Changes to match new function signature.

* Update to reflect change in location of cash contract name.

* CORDA-670: Correct scanned packages in network visualiser (#1763)

* Add CorDapp dependency of IRS to network visualiser

* Set CorDapp directories

* Checking out the latest milestone will no longer be required. (#1761)

* Updated documentation indices (#1754)

* Update documentation indices.

* Reference a moveable tag for V1 docs.
Remove redundant warning text.

* Reverted proposed usage of new docs release tag

* Minor: print a deprecation warning when the web server starts. (#1767)

* Release and upgrade notes for V1.0 (#1736)

* Release and upgrade notes for V1.0

* Update changelog.rst

* Update changelog.rst

* Formatting.

* Incorporating review feedback from KB and MN.

* "guarantee" instead of "promise"

* Updated with final review comments from KB and RGB.

* Updated upgrade notes to describe migration from removed CordaPluginRegistry.

* Minor clarification.

* Minor updates following final RGB feedback.

* Kat's further pedantic feedback

* Minor changes following feedback from KB.

* Incorporating review feedback from MH.

* killed 'patent-pending'

* Made the visualiser into a regular JVM module - not a CorDapp. (#1771)

* Docs: more package descriptions and take non-stabilised APIs out of the docs build. (#1775)

* Update corda version tag to 1.0.0

* Updated release notes to fix minor typos (#1779)

Fixed bold type on simplified annotation driven scanning bullet and added bold type to module name bullets

* Fixed drop down.. probably. (#1780)

* fixed formatting for release notes. (#1782)

* Improve API page wording (#1784)

* Removed "unreleased" sections from the release notes and change log.

* Merge remote-tracking branch 'origin/release-V1' into colljos-merge-v1-docs

# Conflicts:
#	build.gradle
#	client/jfx/src/main/kotlin/net/corda/client/jfx/model/NodeMonitorModel.kt
#	client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt
#	client/rpc/src/main/kotlin/net/corda/client/rpc/PermissionException.kt
#	constants.properties
#	core/src/main/kotlin/net/corda/core/flows/FlowSession.kt
#	core/src/test/kotlin/net/corda/core/contracts/DummyContractV2Tests.kt
#	core/src/test/kotlin/net/corda/core/flows/ContractUpgradeFlowTest.kt
#	docs/source/api-flows.rst
#	docs/source/api-index.rst
#	docs/source/changelog.rst
#	docs/source/example-code/src/main/java/net/corda/docs/java/tutorial/testdsl/CommercialPaperTest.java
#	docs/source/example-code/src/main/kotlin/net/corda/docs/FlowCookbook.kt
#	docs/source/example-code/src/main/kotlin/net/corda/docs/tutorial/contract/TutorialContract.kt
#	docs/source/example-code/src/main/kotlin/net/corda/docs/tutorial/testdsl/TutorialTestDSL.kt
#	docs/source/hello-world-state.rst
#	docs/source/key-concepts-contract-constraints.rst
#	docs/source/serialization.rst
#	docs/source/tut-two-party-flow.rst
#	docs/source/tutorial-tear-offs.rst
#	node-api/src/main/kotlin/net/corda/nodeapi/internal/serialization/CordaClassResolver.kt
#	node-api/src/test/java/net/corda/nodeapi/internal/serialization/ForbiddenLambdaSerializationTests.java
#	node-api/src/test/java/net/corda/nodeapi/internal/serialization/LambdaCheckpointSerializationTest.java
#	node/src/integration-test/kotlin/net/corda/node/services/AttachmentLoadingTests.kt
#	node/src/integration-test/kotlin/net/corda/services/messaging/MQSecurityTest.kt
#	node/src/main/kotlin/net/corda/node/internal/NodeStartup.kt
#	node/src/test/kotlin/net/corda/node/internal/cordapp/CordappLoaderTest.kt
#	node/src/test/kotlin/net/corda/node/services/NotaryChangeTests.kt
#	samples/attachment-demo/src/main/kotlin/net/corda/attachmentdemo/AttachmentDemo.kt
#	samples/trader-demo/src/main/kotlin/net/corda/traderdemo/TraderDemo.kt
#	testing/node-driver/src/integration-test/kotlin/net/corda/testing/FlowStackSnapshotTest.kt
#	testing/node-driver/src/main/kotlin/net/corda/testing/driver/Driver.kt
#	testing/node-driver/src/main/kotlin/net/corda/testing/node/MockNode.kt
#	webserver/src/main/kotlin/net/corda/webserver/internal/NodeWebServer.kt
2017-10-03 17:32:11 +01:00

13 KiB
Raw Blame History

Object serialization

What is serialization (and deserialization)?

Object serialization is the process of converting objects into a stream of bytes and, deserialization, the reverse process of creating objects from a stream of bytes. It takes place every time nodes pass objects to each other as messages, when objects are sent to or from RPC clients from the node, and when we store transactions in the database.

Whitelisting

In classic Java serialization, any class on the JVM classpath can be deserialized. This has shown to be a source of exploits and vulnerabilities by exploiting the large set of 3rd party libraries on the classpath as part of the dependencies of a JVM application and a carefully crafted stream of bytes to be deserialized. In Corda, we prevent just any class from being deserialized (and pro-actively during serialization) by insisting that each object's class belongs on a whitelist of allowed classes.

Classes get onto the whitelist via one of three mechanisms:

  1. Via the @CordaSerializable annotation. In order to whitelist a class, this annotation can be present on the class itself, on any of the super classes or on any interface implemented by the class or super classes or any interface extended by an interface implemented by the class or superclasses.
  2. By implementing the SerializationWhitelist interface and specifying a list of whitelist classes. See writing-cordapps.
  3. Via the built in Corda whitelist (see the class DefaultWhitelist). Whilst this is not user editable, it does list common JDK classes that have been whitelisted for your convenience.

The annotation is the preferred method for whitelisting. An example is shown in tutorial-clientrpc-api. It's reproduced here as an example of both ways you can do this for a couple of example classes.

example-code/src/main/kotlin/net/corda/docs/ClientRpcTutorial.kt

Note

Several of the core interfaces at the heart of Corda are already annotated and so any classes that implement them will automatically be whitelisted. This includes Contract, ContractState and CommandData.

Warning

Java 8 Lambda expressions are not serializable except in flow checkpoints, and then not by default. The syntax to declare a serializable Lambda expression that will work with Corda is Runnable r = (Runnable & Serializable) () -> System.out.println("Hello World");, or Callable<String> c = (Callable<String> & Serializable) () -> "Hello World";.

Warning

We will be replacing the use of Kryo in the serialization framework and so additional changes here are likely.

AMQP

Note

AMQP serialization is not currently live and will be turned on in a future release.

The long term goal is to migrate the current serialization format for everything except checkpoints away from the current Kryo-based format to a more sustainable, self-describing and controllable format based on AMQP 1.0. The primary drivers for that move are:

  1. A desire to have a schema describing what has been serialized along-side the actual data:
    1. To assist with versioning, both in terms of being able to interpret long ago archived data (e.g. trades from a decade ago, long after the code has changed) and between differing code versions.
    2. To make it easier to write user interfaces that can navigate the serialized form of data.
    3. To support cross platform (non-JVM) interaction, where the format of a class file is not so easily interpreted.
  2. A desire to use a documented and static wire format that is platform independent, and is not subject to change with 3rd party library upgrades etc.
  3. A desire to support open-ended polymorphism, where the number of subclasses of a superclass can expand over time and do not need to be defined in the schema upfront, which is key to many Corda concepts, such as contract states.
  4. Increased security from deserialized objects being constructed through supported constructors rather than having data poked directy into their fields without an opportunity to validate consistency or intercept attempts to manipulate supposed invariants.

Documentation on that format, and how JVM classes are translated to AMQP, will be linked here when it is available.

We describe here what is and will be supported in the Corda AMQP format from the perspective of CorDapp developers, to allow for CorDapps to take into consideration the future state. The AMQP serialization format will of course continue to apply the whitelisting functionality that is already in place and described in serialization.

Core Types

Here we describe the classes and interfaces that the AMQP serialization format will support.

Collection Types

The following collection types are supported. Any implementation of the following will be mapped to an implementation of the interface or class on the other end. e.g. If you, for example, use a Guava implementation of a collection it will deserialize as a different implementation, but will continue to adhere to the most specific of any of the following interfaces. You should use only these types as the declared types of fields and properties, and not the concrete implementation types. Collections must be used in their generic form, the generic type parameters will be included in the schema, and the elements type checked against the generic parameters when deserialized.

java.util.Collection
java.util.List
java.util.Set
java.util.SortedSet
java.util.NavigableSet
java.util.NonEmptySet
java.util.Map
java.util.SortedMap
java.util.NavigableMap

However, we will support the concrete implementation types below explicitly and also as the declared type of a field, as a convenience.

java.util.LinkedHashMap
java.util.TreeMap
java.util.EnumSet
java.util.EnumMap (but only if there is at least one entry)

JVM primitives

All the primitive types are supported.

boolean
byte
char
double
float
int
long
short

Arrays

We also support arrays of any supported type, primitive or otherwise.

JDK Types

The following types are supported from the JDK libraries.

java.io.InputStream

java.lang.Boolean
java.lang.Byte
java.lang.Character
java.lang.Class
java.lang.Double
java.lang.Float
java.lang.Integer
java.lang.Long
java.lang.Short
java.lang.StackTraceElement
java.lang.String
java.lang.StringBuffer

java.math.BigDecimal

java.security.PublicKey

java.time.DayOfWeek
java.time.Duration
java.time.Instant
java.time.LocalDate
java.time.LocalDateTime
java.time.LocalTime
java.time.Month
java.time.MonthDay
java.time.OffsetDateTime
java.time.OffsetTime
java.time.Period
java.time.YearMonth
java.time.Year
java.time.ZonedDateTime
java.time.ZonedId
java.time.ZoneOffset

java.util.BitSet
java.util.Currency
java.util.UUID

Third Party Types

The following 3rd party types are supported.

kotlin.Unit
kotlin.Pair

org.apache.activemq.artemis.api.core.SimpleString

org.bouncycastle.asn1.x500.X500Name
org.bouncycastle.cert.X509CertificateHolder

Corda Types

Classes and interfaces in the Corda codebase annotated with @CordaSerializable are of course supported.

All Corda exceptions that are expected to be serialized inherit from CordaThrowable via either CordaException, for checked exceptions, or CordaRuntimeException, for unchecked exceptions. Any Throwable that is serialized but does not conform to CordaThrowable will be converted to a CordaRuntimeException with the original exception type and other properties retained within it.

Custom Types

Here are the rules to adhere to for support of your own types:

Classes

  1. A constructor which takes all of the properties that you wish to record in the serialized form. This is required in order for the serialization framework to reconstruct an instance of your class.
  2. If more than one constructor is provided, the serialization framework needs to know which one to use. The @ConstructorForDeserialization annotation can be used to indicate which one. For a Kotlin class, without the @ConstructorForDeserialization annotation, the primary constructor will be selected.
  3. The class must be compiled with parameter names included in the .class file. This is the default in Kotlin but must be turned on in Java (-parameters command line option to javac).
  4. A Java Bean getter for each of the properties in the constructor, with the names matching up. For example, for a constructor parameter foo, there must be a getter called getFoo(). If the type of foo is boolean, the getter may optionally be called isFoo(). This is why the class must be compiled with parameter names turned on.
  5. The class is annotated with @CordaSerializable.
  6. The declared types of constructor arguments / getters must be supported, and where generics are used the generic parameter must be a supported type, an open wildcard (*), or a bounded wildcard which is currently widened to an open wildcard.
  7. Any superclass must adhere to the same rules, but can be abstract.
  8. Object graph cycles are not supported, so an object cannot refer to itself, directly or indirectly.

Enums

  1. All enums are supported, provided they are annotated with @CordaSerializable.

Warning

Use of enums in CorDapps requires potentially deeper consideration than in other application environments due to the challenges of simultaneously upgrading the code on all nodes. It is therefore important to consider the code evolution perspective, since an older version of the enum code cannot accommodate a newly added element of the enum in a new version of the enum code. See Type Evolution. Hence, enums are a good fit for genuinely static data that will never change. e.g. Days of the week is not going to be extended any time soon and is indeed an enum in the Java library. A Buy or Sell indicator is another. However, something like Trade Type or Currency Code is likely not, since who's to say a new trade type or currency will not come along soon. For those it is better to choose another representation: perhaps just a string.

Exceptions

The following rules apply to supported Throwable implementations.

  1. If you wish for your exception to be serializable and transported type safely it should inherit from either CordaException or CordaRuntimeException.
  2. If not, the Throwable will deserialize to a CordaRuntimeException with the details of the original Throwable contained within it, including the class name of the original Throwable.

Kotlin Objects

  1. Kotlin object s are singletons and treated differently. They are recorded into the stream with no properties and deserialize back to the singleton instance.

Currently, the same is not true of Java singletons, and they will deserialize to new instances of the class.

The Carpenter

We will support a class carpenter that can dynamically manufacture classes from the supplied schema when deserializing in the JVM without the supporting classes on the classpath. This can be useful where other components might expect to be able to use reflection over the deserialized data, and also for ensuring classes not on the classpath can be deserialized without loading potentially malicious code dynamically without security review outside of a fully sandboxed environment. A more detailed discussion of the carpenter will be provided in a future update to the documentation.

Future Enhancements

  1. Java singleton support. We will add support for identifying classes which are singletons and identifying the static method responsible for returning the singleton instance.
  2. Instance internalizing support. We will add support for identifying classes that should be resolved against an instances map to avoid creating many duplicate instances that are equal. Similar to String.intern().
  3. Enum evolution support. We may introduce an annotation that can be applied to an enum element to indicate that if an unrecognised enum entry is deserialized from a newer version of the code, it should be converted to that element in the older version of the code. This is dependent on identifying a suitable use case, since it does mutate the data when transported to another node, which could be considered hazardous.

Type Evolution

When we move to AMQP as the serialization format, we will be adding explicit support for interoperability of different versions of the same code. We will describe here the rules and features for evolvability as part of a future update to the documentation.