Merge branch 'release/os/4.9' into shams-4.10-merge-e6a80822

# Conflicts:
#	.github/workflows/check-pr-title.yml
#	.snyk
#	node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/AMQPClient.kt
#	node/src/integration-test/kotlin/net/corda/node/amqp/AMQPClientSslErrorsTest.kt
#	node/src/main/kotlin/net/corda/node/internal/AbstractNode.kt

Author: shamsasari

.github/workflows/check-pr-title.yml

@@ -9,6 +9,6 @@ jobs:
     steps:
       - uses: morrisoncole/pr-lint-action@v1.6.1
         with:
-          title-regex: '^((CORDA|AG|EG|ENT|INFRA|NAAS|ES)-\d+|NOTICK)(.*)'
+          title-regex: '^((CORDA|AG|EG|ENT|INFRA|ES)-\d+|NOTICK)(.*)'
           on-failed-regex-comment: "PR title failed to match regex -> `%regex%`"
           repo-token: "${{ secrets.GITHUB_TOKEN }}"

.snyk

@@ -159,7 +159,7 @@ ignore:
           assessment. Liquibase is used to apply the database migration changes.
           XML files are used here to define the changes not YAML and therefore
           the Corda node itself is not exposed to this deserialisation
-          vulnerability. 
+          vulnerability.
         expires: 2023-07-12T17:00:51.957Z
         created: 2022-12-29T17:00:51.970Z
   SNYK-JAVA-ORGYAML-3016889:
@@ -180,7 +180,7 @@ ignore:
     - '*':
         reason: >-
           H2 console is not enabled for any of the applications we are running.
-          When it comes to DB connectivity parameters, we do not allow changing 
+          When it comes to DB connectivity parameters, we do not allow changing
           them as they are supplied by Corda Node configuration file.
         expires: 2023-07-28T11:36:39.068Z
         created: 2022-12-29T11:36:39.089Z

client/rpc/src/main/kotlin/net/corda/client/rpc/CordaRPCClient.kt

@@ -1,5 +1,6 @@
 package net.corda.client.rpc
 
+import io.netty.util.concurrent.DefaultThreadFactory
 import net.corda.client.rpc.internal.RPCClient
 import net.corda.client.rpc.internal.ReconnectingCordaRPCOps
 import net.corda.client.rpc.internal.SerializationEnvironmentHelper
@@ -52,7 +53,7 @@ class CordaRPCConnection private constructor(
                 sslConfiguration: ClientRpcSslOptions? = null,
                 classLoader: ClassLoader? = null
         ): CordaRPCConnection {
-            val observersPool: ExecutorService = Executors.newCachedThreadPool()
+            val observersPool: ExecutorService = Executors.newCachedThreadPool(DefaultThreadFactory("RPCObserver"))
             return CordaRPCConnection(null, observersPool, ReconnectingCordaRPCOps(
                     addresses,
                     username,

client/rpc/src/main/kotlin/net/corda/client/rpc/internal/ReconnectingCordaRPCOps.kt

@@ -1,5 +1,6 @@
 package net.corda.client.rpc.internal
 
+import io.netty.util.concurrent.DefaultThreadFactory
 import net.corda.client.rpc.ConnectionFailureException
 import net.corda.client.rpc.CordaRPCClient
 import net.corda.client.rpc.CordaRPCClientConfiguration
@@ -99,7 +100,8 @@ class ReconnectingCordaRPCOps private constructor(
                     ErrorInterceptingHandler(reconnectingRPCConnection)) as CordaRPCOps
         }
     }
-    private val retryFlowsPool = Executors.newScheduledThreadPool(1)
+    private val retryFlowsPool = Executors.newScheduledThreadPool(1, DefaultThreadFactory("FlowRetry"))
+
     /**
      * This function runs a flow and retries until it completes successfully.
      *

core-tests/src/test/kotlin/net/corda/coretests/crypto/internal/ProviderMapTest.kt

@@ -0,0 +1,29 @@
+package net.corda.coretests.crypto.internal
+
+import net.corda.coretesting.internal.DEV_ROOT_CA
+import net.corda.testing.core.createCRL
+import org.assertj.core.api.Assertions.assertThatIllegalArgumentException
+import org.junit.Test
+
+class ProviderMapTest {
+    // https://github.com/corda/corda/pull/3997
+    @Test(timeout = 300_000)
+    fun `verify CRL algorithms`() {
+        val crl = createCRL(
+                issuer = DEV_ROOT_CA,
+                revokedCerts = emptyList(),
+                signatureAlgorithm = "SHA256withECDSA"
+        )
+        // This should pass.
+        crl.verify(DEV_ROOT_CA.keyPair.public)
+
+        // Try changing the algorithm to EC will fail.
+        assertThatIllegalArgumentException().isThrownBy {
+            createCRL(
+                    issuer = DEV_ROOT_CA,
+                    revokedCerts = emptyList(),
+                    signatureAlgorithm = "EC"
+            )
+        }.withMessage("Unknown signature type requested: EC")
+    }
+}

core/src/main/kotlin/net/corda/core/node/ServiceHub.kt

@@ -65,7 +65,7 @@ interface ServicesForResolution {
     /**
      * Given a [Set] of [StateRef]'s loads the referenced transaction and looks up the specified output [ContractState].
      *
-     * @throws TransactionResolutionException if [stateRef] points to a non-existent transaction.
+     * @throws TransactionResolutionException if any of the [stateRefs] point to a non-existent transaction.
      */
     // TODO: future implementation to use a Vault state ref -> contract state BLOB table and perform single query bulk load
     // as the existing transaction store will become encrypted at some point

core/src/main/kotlin/net/corda/core/node/services/VaultService.kt

@@ -1,3 +1,5 @@
+@file:Suppress("LongParameterList")
+
 package net.corda.core.node.services
 
 import co.paralleluniverse.fibers.Suspendable
@@ -197,8 +199,7 @@ class Vault<out T : ContractState>(val states: Iterable<StateAndRef<T>>) {
      *  4) Status types used in this query: [StateStatus.UNCONSUMED], [StateStatus.CONSUMED], [StateStatus.ALL].
      *  5) Other results as a [List] of any type (eg. aggregate function results with/without group by).
      *
-     *  Note: currently otherResults are used only for Aggregate Functions (in which case, the states and statesMetadata
-     *  results will be empty).
+     *  Note: currently [otherResults] is used only for aggregate functions (in which case, [states] and [statesMetadata] will be empty).
      */
     @CordaSerializable
     data class Page<out T : ContractState>(val states: List<StateAndRef<T>>,
@@ -213,19 +214,19 @@ class Vault<out T : ContractState>(val states: Iterable<StateAndRef<T>>) {
             val contractStateClassName: String,
             val recordedTime: Instant,
             val consumedTime: Instant?,
-            val status: Vault.StateStatus,
+            val status: StateStatus,
             val notary: AbstractParty?,
             val lockId: String?,
             val lockUpdateTime: Instant?,
-            val relevancyStatus: Vault.RelevancyStatus? = null,
+            val relevancyStatus: RelevancyStatus? = null,
             val constraintInfo: ConstraintInfo? = null
     ) {
         fun copy(
                 ref: StateRef = this.ref,
                 contractStateClassName: String = this.contractStateClassName,
                 recordedTime: Instant = this.recordedTime,
                 consumedTime: Instant? = this.consumedTime,
-                status: Vault.StateStatus = this.status,
+                status: StateStatus = this.status,
                 notary: AbstractParty? = this.notary,
                 lockId: String? = this.lockId,
                 lockUpdateTime: Instant? = this.lockUpdateTime
@@ -237,21 +238,21 @@ class Vault<out T : ContractState>(val states: Iterable<StateAndRef<T>>) {
                 contractStateClassName: String = this.contractStateClassName,
                 recordedTime: Instant = this.recordedTime,
                 consumedTime: Instant? = this.consumedTime,
-                status: Vault.StateStatus = this.status,
+                status: StateStatus = this.status,
                 notary: AbstractParty? = this.notary,
                 lockId: String? = this.lockId,
                 lockUpdateTime: Instant? = this.lockUpdateTime,
-                relevancyStatus: Vault.RelevancyStatus?
+                relevancyStatus: RelevancyStatus?
         ): StateMetadata {
             return StateMetadata(ref, contractStateClassName, recordedTime, consumedTime, status, notary, lockId, lockUpdateTime, relevancyStatus, ConstraintInfo(AlwaysAcceptAttachmentConstraint))
         }
     }
 
     companion object {
         @Deprecated("No longer used. The vault does not emit empty updates")
-        val NoUpdate = Update(emptySet(), emptySet(), type = Vault.UpdateType.GENERAL, references = emptySet())
+        val NoUpdate = Update(emptySet(), emptySet(), type = UpdateType.GENERAL, references = emptySet())
         @Deprecated("No longer used. The vault does not emit empty updates")
-        val NoNotaryUpdate = Vault.Update(emptySet(), emptySet(), type = Vault.UpdateType.NOTARY_CHANGE, references = emptySet())
+        val NoNotaryUpdate = Update(emptySet(), emptySet(), type = UpdateType.NOTARY_CHANGE, references = emptySet())
     }
 }
 
@@ -302,7 +303,7 @@ interface VaultService {
     fun whenConsumed(ref: StateRef): CordaFuture<Vault.Update<ContractState>> {
         val query = QueryCriteria.VaultQueryCriteria(
                 stateRefs = listOf(ref),
-                status = Vault.StateStatus.CONSUMED
+                status = StateStatus.CONSUMED
         )
         val result = trackBy<ContractState>(query)
         val snapshot = result.snapshot.states
@@ -358,8 +359,8 @@ interface VaultService {
     /**
      * Helper function to determine spendable states and soft locking them.
      * Currently performance will be worse than for the hand optimised version in
-     * [Cash.unconsumedCashStatesForSpending]. However, this is fully generic and can operate with custom [FungibleState]
-     * and [FungibleAsset] states.
+     * [net.corda.finance.workflows.asset.selection.AbstractCashSelection.unconsumedCashStatesForSpending]. However, this is fully generic
+     * and can operate with custom [FungibleState] and [FungibleAsset] states.
      * @param lockId The [FlowLogic.runId]'s [UUID] of the current flow used to soft lock the states.
      * @param eligibleStatesQuery A custom query object that selects down to the appropriate subset of all states of the
      * [contractStateType]. e.g. by selecting on account, issuer, etc. The query is internally augmented with the

node-api-tests/src/test/kotlin/net/corda/nodeapitests/internal/crypto/X509UtilitiesTest.kt

@@ -21,41 +21,47 @@ import net.corda.core.serialization.deserialize
 import net.corda.core.serialization.serialize
 import net.corda.core.utilities.days
 import net.corda.core.utilities.hours
-import net.corda.nodeapi.internal.serialization.amqp.AMQPServerSerializationScheme
-import net.corda.nodeapi.internal.config.MutualSslConfiguration
-import net.corda.nodeapi.internal.createDevNodeCa
-import net.corda.nodeapi.internal.crypto.X509Utilities.DEFAULT_IDENTITY_SIGNATURE_SCHEME
-import net.corda.nodeapi.internal.crypto.X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME
-import net.corda.nodeapi.internal.installDevNodeCaCertPath
-import net.corda.nodeapi.internal.protonwrapper.netty.init
-import net.corda.nodeapi.internal.registerDevP2pCertificates
-import net.corda.serialization.internal.AllWhitelist
-import net.corda.serialization.internal.SerializationContextImpl
-import net.corda.serialization.internal.SerializationFactoryImpl
-import net.corda.serialization.internal.amqp.amqpMagic
-import net.corda.testing.core.ALICE_NAME
-import net.corda.testing.core.BOB_NAME
-import net.corda.testing.core.TestIdentity
-import net.corda.testing.driver.internal.incrementalPortAllocation
 import net.corda.coretesting.internal.NettyTestClient
 import net.corda.coretesting.internal.NettyTestHandler
 import net.corda.coretesting.internal.NettyTestServer
-import net.corda.testing.internal.createDevIntermediateCaCertPath
 import net.corda.coretesting.internal.stubs.CertificateStoreStubs
+import net.corda.nodeapi.internal.config.MutualSslConfiguration
+import net.corda.nodeapi.internal.createDevNodeCa
 import net.corda.nodeapi.internal.crypto.CertificateType
 import net.corda.nodeapi.internal.crypto.X509CertificateFactory
 import net.corda.nodeapi.internal.crypto.X509Utilities
+import net.corda.nodeapi.internal.crypto.X509Utilities.DEFAULT_IDENTITY_SIGNATURE_SCHEME
+import net.corda.nodeapi.internal.crypto.X509Utilities.DEFAULT_TLS_SIGNATURE_SCHEME
 import net.corda.nodeapi.internal.crypto.checkValidity
 import net.corda.nodeapi.internal.crypto.getSupportedKey
 import net.corda.nodeapi.internal.crypto.loadOrCreateKeyStore
 import net.corda.nodeapi.internal.crypto.save
 import net.corda.nodeapi.internal.crypto.toBc
 import net.corda.nodeapi.internal.crypto.x509
 import net.corda.nodeapi.internal.crypto.x509Certificates
+import net.corda.nodeapi.internal.installDevNodeCaCertPath
+import net.corda.nodeapi.internal.protonwrapper.netty.keyManagerFactory
+import net.corda.nodeapi.internal.protonwrapper.netty.trustManagerFactory
+import net.corda.nodeapi.internal.registerDevP2pCertificates
+import net.corda.nodeapi.internal.serialization.amqp.AMQPServerSerializationScheme
+import net.corda.serialization.internal.AllWhitelist
+import net.corda.serialization.internal.SerializationContextImpl
+import net.corda.serialization.internal.SerializationFactoryImpl
+import net.corda.serialization.internal.amqp.amqpMagic
+import net.corda.testing.core.ALICE_NAME
+import net.corda.testing.core.BOB_NAME
+import net.corda.testing.core.TestIdentity
+import net.corda.testing.driver.internal.incrementalPortAllocation
 import net.corda.testing.internal.IS_OPENJ9
+import net.corda.testing.internal.createDevIntermediateCaCertPath
 import net.i2p.crypto.eddsa.EdDSAPrivateKey
 import org.assertj.core.api.Assertions.assertThat
-import org.bouncycastle.asn1.x509.*
+import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier
+import org.bouncycastle.asn1.x509.BasicConstraints
+import org.bouncycastle.asn1.x509.CRLDistPoint
+import org.bouncycastle.asn1.x509.Extension
+import org.bouncycastle.asn1.x509.KeyUsage
+import org.bouncycastle.asn1.x509.SubjectKeyIdentifier
 import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPrivateKey
 import org.bouncycastle.pqc.jcajce.provider.sphincs.BCSphincs256PrivateKey
 import org.junit.Assume
@@ -74,10 +80,19 @@ import java.security.PrivateKey
 import java.security.cert.CertPath
 import java.security.cert.X509Certificate
 import java.util.*
-import javax.net.ssl.*
+import javax.net.ssl.SSLContext
+import javax.net.ssl.SSLParameters
+import javax.net.ssl.SSLServerSocket
+import javax.net.ssl.SSLSocket
 import javax.security.auth.x500.X500Principal
 import kotlin.concurrent.thread
-import kotlin.test.*
+import kotlin.test.assertEquals
+import kotlin.test.assertFailsWith
+import kotlin.test.assertFalse
+import kotlin.test.assertNotNull
+import kotlin.test.assertNull
+import kotlin.test.assertTrue
+import kotlin.test.fail
 
 class X509UtilitiesTest {
     private companion object {
@@ -295,15 +310,10 @@ class X509UtilitiesTest {
         sslConfig.keyStore.get(true).registerDevP2pCertificates(MEGA_CORP.name, rootCa.certificate, intermediateCa)
         sslConfig.createTrustStore(rootCa.certificate)
 
-        val keyStore = sslConfig.keyStore.get()
-        val trustStore = sslConfig.trustStore.get()
-
         val context = SSLContext.getInstance("TLS")
-        val keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
-        keyManagerFactory.init(keyStore)
+        val keyManagerFactory = keyManagerFactory(sslConfig.keyStore.get())
         val keyManagers = keyManagerFactory.keyManagers
-        val trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
-        trustMgrFactory.init(trustStore)
+        val trustMgrFactory = trustManagerFactory(sslConfig.trustStore.get())
         val trustManagers = trustMgrFactory.trustManagers
         context.init(keyManagers, trustManagers, newSecureRandom())
 
@@ -388,15 +398,8 @@ class X509UtilitiesTest {
         sslConfig.keyStore.get(true).registerDevP2pCertificates(MEGA_CORP.name, rootCa.certificate, intermediateCa)
         sslConfig.createTrustStore(rootCa.certificate)
 
-        val keyStore = sslConfig.keyStore.get()
-        val trustStore = sslConfig.trustStore.get()
-
-        val keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
-        keyManagerFactory.init(keyStore)
-
-        val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
-        trustManagerFactory.init(trustStore)
-
+        val keyManagerFactory = keyManagerFactory(sslConfig.keyStore.get())
+        val trustManagerFactory = trustManagerFactory(sslConfig.trustStore.get())
 
         val sslServerContext = SslContextBuilder
                 .forServer(keyManagerFactory)

node-api/src/main/kotlin/net/corda/nodeapi/internal/ArtemisMessagingClient.kt

@@ -42,8 +42,8 @@ class ArtemisMessagingClient(private val config: MutualSslConfiguration,
     override fun start(): Started = synchronized(this) {
         check(started == null) { "start can't be called twice" }
         val tcpTransport = p2pConnectorTcpTransport(serverAddress, config, threadPoolName = threadPoolName, trace = trace)
-        val backupTransports = backupServerAddressPool.map {
-            p2pConnectorTcpTransport(it, config, threadPoolName = threadPoolName, trace = trace)
+        val backupTransports = backupServerAddressPool.mapIndexed { index, address ->
+            p2pConnectorTcpTransport(address, config, threadPoolName = "$threadPoolName-backup${index+1}", trace = trace)
         }
 
         log.info("Connecting to message broker: $serverAddress")