Merge branch 'release/os/5.3' into CORE-20756/update-regex

corda · Jul 4, 2024 · 2a0ca43 · 2a0ca43
2 parents 96c9b38 + 90e35e8
commit 2a0ca43
Show file tree

Hide file tree

Showing 26 changed files with 308 additions and 5 deletions.
diff --git a/.ci/JenkinsfileStaticAnalysis b/.ci/JenkinsfileStaticAnalysis
@@ -0,0 +1,5 @@
+@Library('[email protected]') _
+
+staticCodeAnalysisPipeline(
+    snykCodeEnabled : true
+)
diff --git a/...ain/resources/avro/net/corda/data/membership/db/request/MembershipPersistenceRequest.avsc b/...ain/resources/avro/net/corda/data/membership/db/request/MembershipPersistenceRequest.avsc
@@ -40,7 +40,8 @@
         "net.corda.data.membership.db.request.query.MutualTlsListAllowedCertificates",
         "net.corda.data.membership.db.request.query.QueryApprovalRules",
         "net.corda.data.membership.db.request.query.QueryPreAuthToken",
-        "net.corda.data.membership.db.request.query.QueryStaticNetworkInfo"
+        "net.corda.data.membership.db.request.query.QueryStaticNetworkInfo",
+        "net.corda.data.membership.db.request.command.PersistHostedIdentity"
       ],
       "doc": "Request's payload, depends on the requested operation."
     }

diff --git a/...in/resources/avro/net/corda/data/membership/db/request/command/PersistHostedIdentity.avsc b/...in/resources/avro/net/corda/data/membership/db/request/command/PersistHostedIdentity.avsc
@@ -0,0 +1,26 @@
+{
+  "type": "record",
+  "name": "PersistHostedIdentity",
+  "namespace": "net.corda.data.membership.db.request.command",
+  "doc": "Persist a locally-hosted identity.",
+  "fields": [
+    {
+      "name": "tlsCertificateAlias",
+      "doc": "Alias of the TLS certificate chain.",
+      "type": "string"
+    },
+    {
+      "name": "useClusterLevelTls",
+      "doc": "Specifies whether the cluster-level P2P TLS certificate type and key should be used, or the virtual node certificate and key.",
+      "type": "boolean"
+    },
+    {
+      "name": "sessionKeysAndCertificates",
+      "doc": "List of session keys and certificates.",
+      "type": {
+        "type": "array",
+        "items": "net.corda.data.membership.db.request.command.SessionKeyAndCertificate"
+      }
+    }
+  ]
+}
diff --git a/...resources/avro/net/corda/data/membership/db/request/command/SessionKeyAndCertificate.avsc b/...resources/avro/net/corda/data/membership/db/request/command/SessionKeyAndCertificate.avsc
@@ -0,0 +1,23 @@
+{
+  "type": "record",
+  "name": "SessionKeyAndCertificate",
+  "namespace": "net.corda.data.membership.db.request.command",
+  "doc": "Session key and certificate for a locally-hosted identity.",
+  "fields": [
+    {
+      "name": "sessionKeyId",
+      "doc": "Session key identifier.",
+      "type": "string"
+    },
+    {
+      "name": "certificateAlias",
+      "doc": "The certificate chain alias of the session key. Null if no PKI is used for sessions.",
+      "type": ["null", "string"]
+    },
+    {
+      "name": "isPreferred",
+      "doc": "True if this key is the preferred key.",
+      "type": "boolean"
+    }
+  ]
+}
diff --git a/...n/resources/avro/net/corda/data/membership/db/response/MembershipPersistenceResponse.avsc b/...n/resources/avro/net/corda/data/membership/db/response/MembershipPersistenceResponse.avsc
@@ -29,7 +29,8 @@
         "net.corda.data.membership.db.response.query.GroupPolicyQueryResponse",
         "net.corda.data.membership.db.response.query.ApprovalRulesQueryResponse",
         "net.corda.data.membership.db.response.query.PreAuthTokenQueryResponse",
-        "net.corda.data.membership.db.response.query.StaticNetworkInfoQueryResponse"
+        "net.corda.data.membership.db.response.query.StaticNetworkInfoQueryResponse",
+        "net.corda.data.membership.db.response.command.PersistHostedIdentityResponse"
       ],
       "doc": "Response payload which depends on the requested operation."
     }

diff --git a/...ces/avro/net/corda/data/membership/db/response/command/PersistHostedIdentityResponse.avsc b/...ces/avro/net/corda/data/membership/db/response/command/PersistHostedIdentityResponse.avsc
@@ -0,0 +1,13 @@
+{
+  "type": "record",
+  "name": "PersistHostedIdentityResponse",
+  "namespace": "net.corda.data.membership.db.response.command",
+  "doc": "Response to a persist hosted identity request.",
+  "fields": [
+    {
+      "name": "version",
+      "doc": "Version of the newly persisted hosted identity.",
+      "type": "int"
+    }
+  ]
+}
diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/HostedIdentityEntry.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/HostedIdentityEntry.avsc
@@ -33,6 +33,12 @@
          "type": "array",
          "items": "HostedIdentitySessionKeyAndCert"
        }
-     }
+     },
+    {
+      "doc": "Version of the hosted identity",
+      "name": "version",
+      "type": ["null", "int"],
+      "default": null
+    }
   ]
 }
diff --git a/...ain/resources/avro/net/corda/data/permissions/management/PermissionManagementRequest.avsc b/...ain/resources/avro/net/corda/data/permissions/management/PermissionManagementRequest.avsc
@@ -19,10 +19,17 @@
     {
       "name": "request",
       "type": [
+        "net.corda.data.permissions.management.group.AddRoleToGroupRequest",
+        "net.corda.data.permissions.management.group.ChangeGroupParentIdRequest",
+        "net.corda.data.permissions.management.group.CreateGroupRequest",
+        "net.corda.data.permissions.management.group.DeleteGroupRequest",
+        "net.corda.data.permissions.management.group.RemoveRoleFromGroupRequest",
         "net.corda.data.permissions.management.user.CreateUserRequest",
+        "net.corda.data.permissions.management.user.ChangeUserParentGroupIdRequest",
         "net.corda.data.permissions.management.user.ChangeUserPasswordRequest",
         "net.corda.data.permissions.management.user.AddRoleToUserRequest",
         "net.corda.data.permissions.management.user.RemoveRoleFromUserRequest",
+        "net.corda.data.permissions.management.user.DeleteUserRequest",
         "net.corda.data.permissions.management.role.CreateRoleRequest",
         "net.corda.data.permissions.management.permission.CreatePermissionRequest",
         "net.corda.data.permissions.management.permission.BulkCreatePermissionsRequest",

diff --git a/...in/resources/avro/net/corda/data/permissions/management/PermissionManagementResponse.avsc b/...in/resources/avro/net/corda/data/permissions/management/PermissionManagementResponse.avsc
@@ -9,6 +9,7 @@
         "boolean",
         "net.corda.data.ExceptionEnvelope",
         "net.corda.data.permissions.User",
+        "net.corda.data.permissions.Group",
         "net.corda.data.permissions.Role",
         "net.corda.data.permissions.Permission",
         "net.corda.data.permissions.management.permission.BulkCreatePermissionsResponse"

diff --git a/...ain/resources/avro/net/corda/data/permissions/management/group/AddRoleToGroupRequest.avsc b/...ain/resources/avro/net/corda/data/permissions/management/group/AddRoleToGroupRequest.avsc
@@ -0,0 +1,15 @@
+{
+  "type": "record",
+  "name": "AddRoleToGroupRequest",
+  "namespace": "net.corda.data.permissions.management.group",
+  "fields": [
+    {
+      "name": "groupId",
+      "type": "string"
+    },
+    {
+      "name": "roleId",
+      "type": "string"
+    }
+  ]
+}
diff --git a/...esources/avro/net/corda/data/permissions/management/group/ChangeGroupParentIdRequest.avsc b/...esources/avro/net/corda/data/permissions/management/group/ChangeGroupParentIdRequest.avsc
@@ -0,0 +1,15 @@
+{
+  "type": "record",
+  "name": "ChangeGroupParentIdRequest",
+  "namespace": "net.corda.data.permissions.management.group",
+  "fields": [
+    {
+      "name": "groupId",
+      "type": "string"
+    },
+    {
+      "name": "newParentGroupId",
+      "type": [ "null", "string" ]
+    }
+  ]
+}
diff --git a/...c/main/resources/avro/net/corda/data/permissions/management/group/CreateGroupRequest.avsc b/...c/main/resources/avro/net/corda/data/permissions/management/group/CreateGroupRequest.avsc
@@ -0,0 +1,15 @@
+{
+  "type": "record",
+  "name": "CreateGroupRequest",
+  "namespace": "net.corda.data.permissions.management.group",
+  "fields": [
+    {
+      "name": "groupName",
+      "type": "string"
+    },
+    {
+      "name": "parentGroupId",
+      "type": [ "null", "string" ]
+    }
+  ]
+}
diff --git a/...c/main/resources/avro/net/corda/data/permissions/management/group/DeleteGroupRequest.avsc b/...c/main/resources/avro/net/corda/data/permissions/management/group/DeleteGroupRequest.avsc
@@ -0,0 +1,11 @@
+{
+  "type": "record",
+  "name": "DeleteGroupRequest",
+  "namespace": "net.corda.data.permissions.management.group",
+  "fields": [
+    {
+      "name": "groupId",
+      "type": "string"
+    }
+  ]
+}
diff --git a/...esources/avro/net/corda/data/permissions/management/group/RemoveRoleFromGroupRequest.avsc b/...esources/avro/net/corda/data/permissions/management/group/RemoveRoleFromGroupRequest.avsc
@@ -0,0 +1,15 @@
+{
+  "type": "record",
+  "name": "RemoveRoleFromGroupRequest",
+  "namespace": "net.corda.data.permissions.management.group",
+  "fields": [
+    {
+      "name": "groupId",
+      "type": "string"
+    },
+    {
+      "name": "roleId",
+      "type": "string"
+    }
+  ]
+}
diff --git a/...urces/avro/net/corda/data/permissions/management/user/ChangeUserParentGroupIdRequest.avsc b/...urces/avro/net/corda/data/permissions/management/user/ChangeUserParentGroupIdRequest.avsc
@@ -0,0 +1,15 @@
+{
+  "type": "record",
+  "name": "ChangeUserParentGroupIdRequest",
+  "namespace": "net.corda.data.permissions.management.user",
+  "fields": [
+    {
+      "name": "userId",
+      "type": "string"
+    },
+    {
+      "name": "newParentGroupId",
+      "type": [ "null", "string" ]
+    }
+  ]
+}
diff --git a/...src/main/resources/avro/net/corda/data/permissions/management/user/DeleteUserRequest.avsc b/...src/main/resources/avro/net/corda/data/permissions/management/user/DeleteUserRequest.avsc
@@ -0,0 +1,11 @@
+{
+  "type": "record",
+  "name": "DeleteUserRequest",
+  "namespace": "net.corda.data.permissions.management.user",
+  "fields": [
+    {
+      "name": "loginName",
+      "type": "string"
+    }
+  ]
+}
diff --git a/data/avro-schema/src/test/kotlin/net/corda/data/p2p/HostedIdentityEntryCompatibilityTest.kt b/data/avro-schema/src/test/kotlin/net/corda/data/p2p/HostedIdentityEntryCompatibilityTest.kt
@@ -0,0 +1,64 @@
+package net.corda.data.p2p
+
+import net.corda.data.identity.HoldingIdentity
+import org.apache.avro.Schema
+import org.apache.avro.SchemaCompatibility
+import org.junit.jupiter.api.Assertions.assertEquals
+import org.junit.jupiter.api.Test
+
+class HostedIdentityEntryCompatibilityTest {
+    @Test
+    fun `check HostedIdentityEntry schema changes between Corda 5_2 and 5_2_1 are compatible`() {
+        val schemaV52Json = """
+            {
+              "type": "record",
+              "name": "HostedIdentityEntry",
+              "namespace": "net.corda.data.p2p",
+              "fields": [
+                {
+                  "doc": "The Holding identity hosted in this node",
+                  "name": "holdingIdentity",
+                  "type": "net.corda.data.identity.HoldingIdentity"
+                },
+                {
+                  "doc": "The tenant ID under which the TLS key is stored",
+                  "name": "tlsTenantId",
+                  "type": "string"
+                },
+                {
+                  "doc": "The TLS certificates (in PEM format)",
+                  "name": "tlsCertificates",
+                  "type": {
+                    "type": "array",
+                    "items": "string"
+                  }
+                },
+                {
+                  "doc": "The preferred session initiation key and certificate",
+                  "name": "preferredSessionKeyAndCert",
+                  "type": "HostedIdentitySessionKeyAndCert"
+                },
+                {
+                  "doc": "Alternative session initiation keys and certificates",
+                  "name": "alternativeSessionKeysAndCerts",
+                   "type": {
+                     "type": "array",
+                     "items": "HostedIdentitySessionKeyAndCert"
+                   }
+                 }
+              ]
+            }
+        """.trimIndent()
+
+        val schemaV52 = Schema.Parser().addTypes(
+            mapOf(
+                HoldingIdentity::class.java.name to HoldingIdentity.`SCHEMA$`,
+                HostedIdentitySessionKeyAndCert::class.java.name to HostedIdentitySessionKeyAndCert.`SCHEMA$`
+            )
+        ).parse(schemaV52Json)
+        val schemaV521 = HostedIdentityEntry.`SCHEMA$`
+
+        val compatibility = SchemaCompatibility.checkReaderWriterCompatibility(schemaV521, schemaV52)
+        assertEquals(compatibility.type, SchemaCompatibility.SchemaCompatibilityType.COMPATIBLE)
+    }
+}
diff --git a/data/config-schema/src/main/java/net/corda/schema/configuration/ReconciliationConfig.java b/data/config-schema/src/main/java/net/corda/schema/configuration/ReconciliationConfig.java
@@ -12,6 +12,7 @@ private ReconciliationConfig() {
     public static final String RECONCILIATION_VNODE_INFO_INTERVAL_MS ="vnodeInfoIntervalMs";
     public static final String RECONCILIATION_GROUP_PARAMS_INTERVAL_MS = "groupParamsIntervalMs";
     public static final String RECONCILIATION_MTLS_MGM_ALLOWED_LIST_INTERVAL_MS = "mtlsMgmAllowedCertificateSubjectsIntervalMs";
+    public static final String RECONCILIATION_HOSTED_IDENTITY_INTERVAL_MS = "hostedIdentityIntervalMs";
 
     public static final String RECONCILIATION_MEMBER_INFO_INTERVAL_MS = "memberInfoIntervalMs";
 }
diff --git a/...ain/resources/net/corda/schema/configuration/reconciliation/1.0/corda.reconciliation.json b/...ain/resources/net/corda/schema/configuration/reconciliation/1.0/corda.reconciliation.json
@@ -61,6 +61,13 @@
       "minimum": 5000,
       "maximum": 2147483647,
       "default": 120000
+    },
+    "hostedIdentityIntervalMs": {
+      "description": "The interval in milliseconds between aligning the Kafka Hosted Identity with the DB Hosted Identity.",
+      "type": "integer",
+      "minimum": 5000,
+      "maximum": 2147483647,
+      "default": 120000
     }
   }
 }
diff --git a/data/db-schema/src/main/java/net/corda/db/schema/DbSchema.java b/data/db-schema/src/main/java/net/corda/db/schema/DbSchema.java
@@ -39,6 +39,8 @@ private DbSchema() {
     public static final String VNODE_GROUP_APPROVAL_RULES = "vnode_group_approval_rules";
     public static final String VNODE_PRE_AUTH_TOKENS = "vnode_pre_auth_tokens";
     public static final String VNODE_PERSISTENCE_REQUEST_ID_TABLE = "vnode_persistence_request_id";
+    public static final String HOSTED_IDENTITY = "hosted_identity";
+    public static final String HOSTED_IDENTITY_SESSION_KEY_INFO = "hosted_identity_session_key_info";
 
     public static final String LEDGER_CONSENSUAL_TRANSACTION_TABLE = "consensual_transaction";
     public static final String LEDGER_CONSENSUAL_TRANSACTION_STATUS_TABLE = "consensual_transaction_status";

diff --git a/data/db-schema/src/main/resources/net/corda/db/schema/config/db.changelog-master.xml b/data/db-schema/src/main/resources/net/corda/db/schema/config/db.changelog-master.xml
@@ -11,4 +11,6 @@
     <include file="net/corda/db/schema/config/migration/scheduler-creation-v5.1.xml"/>
 
     <include file="net/corda/db/schema/config/migration/config-creation-v5.2.xml"/>
+
+    <include file="net/corda/db/schema/config/migration/hosted-identity-creation-v5.2.1.xml"/>
 </databaseChangeLog>
diff --git a/...c/main/resources/net/corda/db/schema/config/migration/hosted-identity-creation-v5.2.1.xml b/...c/main/resources/net/corda/db/schema/config/migration/hosted-identity-creation-v5.2.1.xml
@@ -0,0 +1,43 @@
+<?xml version="1.1" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.3.xsd">
+
+    <changeSet author="R3.Corda" id="hosted-identity-creation-v5.2.1">
+        <createTable tableName="hosted_identity_session_key_info">
+            <column name="holding_identity_id" type="VARCHAR(12)">
+                <constraints nullable="false"/>
+            </column>
+            <!-- short hash (first 12 hex chars of SHA256) of the public key -->
+            <column name="session_key_id" type="CHAR(12)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="session_certificate_alias" type="VARCHAR(255)">
+                <constraints nullable="true"/>
+            </column>
+        </createTable>
+        <addPrimaryKey tableName="hosted_identity_session_key_info" columnNames="holding_identity_id,session_key_id"
+                       constraintName="hosted_identity_session_key_info_pk"/>
+
+        <createTable tableName="hosted_identity">
+            <column name="holding_identity_id" type="VARCHAR(12)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="preferred_session_key_id" type="CHAR(12)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="tls_certificate_alias" type="VARCHAR(64)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="use_cluster_level_tls" type="BOOLEAN">
+                <constraints nullable="false"/>
+            </column>
+            <column name="version" type="INT">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <addPrimaryKey tableName="hosted_identity" columnNames="holding_identity_id"
+                       constraintName="hosted_identity_pk"/>
+    </changeSet>
+
+</databaseChangeLog>