I have a Corda Infrastructure with some nodes and a (not validating) notary. They're all using a Network Map for the compatibility zone, and all the corda nodes, including the notary, download the same network-parameters file.
When executing a flow, Corda gives me an Exception because the Notary is not on the network parameters whitelist. I cannot find anything anything about that on R3 Documentation.
java.lang.IllegalStateException: Notary [O=Notary, L=Cosenza, C=IT (owningKey = DLAdtNkbnrjn6FGwzE4sCaiDS3tRgMw3KhZfA7bD3icYK1)] specified by the transaction is not on the network parameter whitelist: []
at net.corda.core.internal.TransactionUtilsKt.checkNotaryWhitelisted(TransactionUtils.kt:257) ~[corda-core-4.8.jar:?]
Note that I'm using a fixed Notary X500 Name in the Flow code instead of "preferredNotary" because it won't be found. I think it is because of the same problem.
Do I have to do something explicit to add Notary in network parameters whitelist?
Do I have to do something explicit to add Notary in network parameters whitelist?
Yeah you do. Since you are using a network-map-service your node will get its network-parameters from there.
What you'll have to do then is
delete your current network-parameters for every Node.
whitelist your Notary Node into your network-map-service
restart all your Nodes so they can retrieve the new network-parameters from the network-map-service where the new Notary is assigned as such
I don't know which network-map-service exactly you use but i assume its nms by cordite. You can read up on how to whitelist a Notary here: https://gitlab.com/cordite/network-map-service/-/blob/master/FAQ.md#14-start-the-notary-node
Related
We have downloaded 4 pre-configured Corda nodes from https://testnet.corda.network.
These nodes have X.500 distinguished names containing subparts - Organization, Location and Country.
Question 1: Can we replace the values in the above subparts of the X.500 distinguished name with our definitions?
Question 2: Can we add "organizationUnit" in the above X.500 name?
The Testnet was built for the community to experience the Corda network.
It is a pathway to the Corda Network (TCN) run by the Corda Foundation, an independent council which runs the TCN.
I will log your requests with the testnet team as a function enhancement request, but they will probably need more information from you & your team to make any further changes to the testnet.
You can reach me at http://slack.corda.net. We can resume the conversation there.
Yes, every node specifies its own X500 name. This is done in the node.conf using the myLegalName field: https://docs.corda.net/corda-configuration-file.html#configuration-file-fields This field is used during initial registration on the node's first startup to register with the network's identity service https://docs.corda.r3.com/node-commandline.html#sub-commands
The X500 name for a name of a node is extremely important as it represents the identity that a node uses when signing transaction. Because of this the X500 identity rules vary by network.
Testnet
The onboarding tool pre-generates an X500 for you based on your marketplace account. Your account is automatically built into a generated node.conf whichinstall.sh downloads for your node.
In Testnet there are no restrictions on identity and all registration requests are automatically approved. Therefore anyone can specify any identity they would like which is why Testnet must never be used for real financial transactions.
UAT
X500 names must followed a specific set of rules to be approved. Guidelines on how to select an X500 are here: https://corda.network/participation/distinguishedname.html
Examples of real world identity selection is here: https://corda.network/participation/legalentity.html
In UAT registration requests are all manually approved by the Corda Network Foundation. Follows the steps outlined here to onboard your node: https://uat.network.r3.com/pages/joining/joining.html
The Corda Network (tCN)
The production Corda Network follows the same guidelines for X500 names.
The onboarding process for nodes is also the same with different urls: https://corda.network/participation/index.html
We are building a POC using Corda and Springboot web server.
Following are the versions of Corda platform, Springboot server, and other essential dependencies used for building the POC-
cordaReleaseGroup=net.corda
cordaVersion=4.0
gradlePluginsVersion=4.0.45
kotlinVersion=1.2.71
junitVersion=4.12
quasarVersion=0.7.10
spring_version = '4.3.11.RELEASE'
spring_boot_version = '2.0.2.RELEASE'
spring_boot_gradle_plugin_version = '2.1.1.RELEASE'
jvmTarget = "1.8"
log4jVersion =2.11.2
platformVersion=4
slf4jVersion=1.7.25
nettyVersion=4.1.22.Final
The CorDapp developed for POC has four nodes -
Notary Node
Provider Company Node
Consumer Company 1 Node
Consumer Company 1 Sub Contact Node
The POC is running in dev mode in our local network.
We require to test the POC in the Corda Testnet.
We went through the following documentation on Corda Testnet -
1: Join Corda TestNet
URL : https://docs.corda.net/releases/release-V4.0/corda-testnet-intro.html?highlight=joining%20corda%20testnet
2: Deploying Corda to Corda Testnet from your local environment
https://docs.corda.net/releases/release-V4.0/deploy-locally.html?highlight=deploying%20corda%20corda%20testnet%20from%20your%20local%20environment
We understood from the above documentation that we can download only one "Corda node" using one registration. Will we have to join the Corda Testnet using four different accounts in order to download four Corda nodes?
Is our understanding correct?
As per my understanding you can spin up multiple nodes with a refresh of the Testnet node installation page, or by creating a node and then clicking 'next', which should take you back to the node list and present a button to allow creation of another node.
It should provide you with a unique ONE_TIME_DOWNLOAD_KEY each time, and automatically assign you a randomised alphanumeric O (organisation) value to use within the nodes configuration file, helping the network map (and thus other nodes on the network) to distinguish your nodes individually.
Make sure you don't unintentionally run copies of the same node with the same identity, otherwise the network map will just assume there has been a change in the address of the original node and route P2P traffic to the newest instance.
Take a look at the node.conf docs to understand node configuration further:
https://docs.corda.net/corda-configuration-file.html
As mentioned in the docs on performing flow upgrades, all you need to do is basically shut down the node, replace JAR, and start the node back up. When I do this, when my upgraded flow is run the next time, I get the following error:
net.corda.core.contracts.TransactionVerificationException$ContractConstraintRejection: Contract constraints failed for com.company.project.contract.MyContract, transaction: ABCDEFG
And the flow does not complete as a result. What am I doing wrong?
As my experience it seem like Corda flow upgrade not update network parameter (state still belong to old hash, old contract). Then when replace with new contract it will be contract constraint.
So I think you have 3 way to manage this
For local network bootstrap, update network parameter before doing flow upgrade (I use network-bootstrap.jar for copy new contract to cordapp folder, then it will append new contract hash immediately)
For Corda network, you must contact network operator for update new hash.
Use SignatureConstraint of Corda4 (they claim that it's upgrade easier but I didn't try yet)
Hope this help
When I follow the directions in https://docs.corda.r3.com/running-a-notary-cluster/installing-the-notary-service-bootstrapper.html
I get the error shown below. This happens both when I try using just “generate_node_info” as well as the general bootstrapper command. The reason is that I already have the O=Notary name registered as the notary and its certificate is in the *.jks file in the certificates directory. What I need is to get the worker nodes registered. That does not seem to work. It expects the name to already match what is in the certificates.
[1;31m[ERROR] 17:51:20-0500 [main] internal.Node.run - Exception during node startup
[m net.corda.node.internal.ConfigurationException: The name 'O=Notary-1, L=London, C=GB' for identity doesn't match what's in the key store: O=Notary, L=London, C=GB
at net.corda.node.internal.AbstractNode.obtainIdentity(AbstractNode.kt:945) ~[corda-node-3.2.jar:?]
at net.corda.node.internal.AbstractNode.generateAndSaveNodeInfo(AbstractNode.kt:213) ~[corda-node-3.2.jar:?]
For anyone coming up to this question, it falls under the same umbrella as most Corda enterprise issues where they're so specific that you're better off contacting R3 enterprise support.
This particular question I believe is being handled by the support team so if you're using Corda Enterprise you'd be better off doing the same thing.
Best of luck and thanks.
In one test, I got
Input state requires notary "C=GB,L=London,O=Mock Company 1" which does not match the transaction notary "C=GB,L=London,O=Mock Company 1,CN=corda.notary.validating".
They should be the same one. The only difference is CN which is optional.
How can I avoid the error?
\Sean
How are you getting the notary? Each node has a main identity, as well as an optional notary identity. Is it possible that you're retrieving the former, rather than the latter?
To get the notary, you should be using NetworkMapCache.getNotary, which takes a CordaX500Name and only searches for notary identities with this name.