fix(corda): com.github.bft-smart:library:master-v1.1-beta-g6215ec8-87…

… not found

Primary Changes:
-----------------

1. Spring Boot had to be updated from v3.3.1 to v3.4.2. This then set off a chain
reaction of a several other cascading problems but once all of them got rolled updated
the build and the test itself started passing again.
2. Upgraded from Corda v4.12.0 to v4.12.5 which no longer has any HIGH/CRITICAL severity
vulnerabilities in the trivy database anymore. This also allowed us to stop overriding some
of the dependency versions through the gradle build process.
3. We had to remove the logic in Application.kt which was overriding the
poolSize of the ThreadPoolTaskScheduler's because it wouldn't compile with
newer versions of Spring Boot. It was complaining about missing methods at
runtime (it was trying to call the methods through reflection)
4. The gradle version for both the ADVANCED_NEGOTIATION and ADVANCED_OBLIGATION
sample cordapps had to be fixed to 7.6.3 instead of the looser 7.6 because this
was causing build issues with the cordapps within the AIO container.
This is accomplished by `sed` during the AIO container image's build.
5. The transitive dependency "com.github.bft-smart" library's version had to be
overridden within the gradle build of both cordapp sample apps ADVANCED_NEGOTIATION and
ADVANCED_OBLIGATION because the version that the corda was pinning to earlier disappeared
from the internet (specifically from JitPack).
6. The kotlin version had to be bumped from v1.9.x to v2.1.0 in the gradle builds across
the board.

The test case in
  packages/cactus-plugin-ledger-connector-corda/src/test/typescript/
  integration/corda-v4-deploy-and-invoke-contract.test.ts
is now passing as seen below:

```sh
$ yarn test:jest:all 'packages/cactus-plugin-ledger-connector-corda/src/test/
typescript/integration/corda-v4-deploy-and-invoke-contract.test.ts'

PASS packages/cactus-plugin-ledger-connector-corda/src/test/typescript/
integration/corda-v4-deploy-and-invoke-contract.test.ts (201.97 s, 139 MB heap size)
  Corda V4 Connector
    ✓ Runs listFlowsV1() (36 ms)
    ✓ Runs diagnoseNodeV1() (84 ms)
    ✓ Runs deployContractJarsV1() - ADVANCED_NEGOTIATION (59004 ms)
    ✓ Validates Requests: - deployContractJarsV1 - not sending all required parameters (73 ms)
    ✓ Validates Requests: - diagnoseNodeV1 - sending invalid parameters (14 ms)
    ✓ Validates Requests: - invokeContractV1 - not sending all required parameters (87 ms)
    ✓ Validates Requests: - deployContractJarsV1 - sending invalid parameters - rpcCredentials
    ✓ Validates Requests: - deployContractJarsV1 - sending invalid parameters - sshCredentials
    ✓ Validates Requests: - listFlowsV1 - sending invalid parameters (12 ms)
    ✓ Validates Requests: - invokeContractV1 - sending invalid parameters (23 ms)
    ✓ Runs invokeContractV1() - net.corda.samples.negotiation.flows.ProposalFlow$Initiator
    ✓ Runs deployContractJarsV1() - ADVANCED_OBLIGATION (84192 ms)
    ✓ Runs invokeContractV1() - net.corda.samples.obligation.flows.IOUIssueFlow (6009 ms)

Test Suites: 1 passed, 1 total
Tests:       13 passed, 13 total
Snapshots:   0 total
Time:        202 s, estimated 435 s
Ran all test suites matching /packages\/cactus-plugin-ledger-connector-corda\/src\/test\
/typescript\/integration\/corda-v4-deploy-and-invoke-contract.test.ts/i.
```

Fixes #3722

Signed-off-by: Peter Somogyvari <[email protected]>

packages/cactus-plugin-ledger-connector-corda/README.md

@@ -577,7 +577,7 @@ DOCKER_BUILDKIT=1 docker build \
   --progress=plain \
   --tag cccs \
   --tag cccs:latest \
-  --tag "ghcr.io/hyperledger/cactus-connector-corda-server:$(date +%F)-$(git rev-parse --symbolic-full-name --abbrev-ref HEAD)-$(git rev-parse --short HEAD)"
+  --tag "ghcr.io/hyperledger-cacti/cacti-connector-corda-server:$(date -u +"%Y-%m-%dT%H-%M-%SZ")-$(git describe --contains --all HEAD | sed -r 's,/,-,g')_$(git rev-parse --short HEAD)"
 ```
 
 ## Scan The Locally Built Container Image for Vulnerabilities with Trivy

packages/cactus-plugin-ledger-connector-corda/src/main-server/Dockerfile

@@ -1,4 +1,4 @@
-FROM gradle:8.1.1-jdk17-jammy as builder
+FROM gradle:8.12.1-jdk17-jammy as builder
 
 WORKDIR /
 COPY ./kotlin/gen/kotlin-spring /kotlin-spring/

packages/cactus-plugin-ledger-connector-corda/src/main-server/kotlin/gen/kotlin-spring/build.gradle.kts

@@ -5,9 +5,9 @@ version = project.properties["version"]!!
 
 val corda_release_group = "net.corda"
 val corda_core_release_group =  "net.corda"
-val corda_release_version = "4.12"
-val corda_core_release_version = "4.12"
-val spring_boot_version = "3.3.1"
+val corda_release_version = "4.12.5"
+val corda_core_release_version = "4.12.5"
+val spring_boot_version = "3.4.2"
 val jackson_version = "2.16.1"
 
 tasks.named<Test>("test") {
@@ -36,9 +36,9 @@ tasks.withType<KotlinCompile> {
 }
 
 plugins {
-    val kotlinVersion = "1.9.24"
+    val kotlinVersion = "2.1.0"
     id("org.jetbrains.kotlin.jvm") version kotlinVersion
-    id("org.springframework.boot") version "3.3.1"
+    id("org.springframework.boot") version "3.4.2"
 }
 
 dependencies {
@@ -77,25 +77,11 @@ configurations {
     all {
         exclude(group = "junit", module = "junit")
         exclude(group = "org.junit.vintage", module = "junit-vintage-engine")
-
-        resolutionStrategy.eachDependency {
-            if (requested.group == "org.yaml" && requested.name == "snakeyaml") {
-                useVersion("2.+")
-                because("CVE-2022-1471, CVE-2022-25857, CVE-2022-1471 - SnakeYaml: Constructor Deserialization Remote Code Execution, snakeyaml: Denial of Service due to missing nested depth limitation for collections")
-            } else if (requested.group == "org.springframework" && requested.name == "spring-web") {
-                useVersion("[6.0.0,99[")
-                because("CVE-2016-1000027 - https://avd.aquasec.com/nvd/cve-2016-1000027 spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization")
-            } else if (requested.group == "org.apache.commons" && requested.name == "commons-configuration2") {
-                useVersion("[2.8.0,99[")
-                because("CVE-2022-33980 - CRITICAL - https://avd.aquasec.com/nvd/cve-2022-33980 - apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults")
-            }
-        }
     }
 }
 
 repositories {
 	maven { url = uri("https://repo1.maven.org/maven2") }
-	maven { url = uri("https://repo.spring.io/snapshot") }
 	maven { url = uri("https://repo.spring.io/milestone") }
 
     mavenLocal()

packages/cactus-plugin-ledger-connector-corda/src/main-server/kotlin/gen/kotlin-spring/gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.12.1-bin.zip
 networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

packages/cactus-plugin-ledger-connector-corda/src/main-server/kotlin/gen/kotlin-spring/src/main/kotlin/org/hyperledger/cactus/plugin/ledger/connector/corda/server/Application.kt

@@ -14,9 +14,7 @@ import org.springframework.context.ApplicationContext
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.ComponentScan
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter
-import org.springframework.scheduling.TaskScheduler
 import org.springframework.scheduling.annotation.EnableScheduling
-import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler
 
 private const val ThreadPoolCount = "cactus.threadCount"
 private const val ThreadPoolCountDefault = "3"
@@ -39,13 +37,6 @@ open class Application(@Value("\${$ThreadPoolCount:$ThreadPoolCountDefault}") va
         return converter
     }
 
-    @Bean
-    open fun taskScheduler(): TaskScheduler? {
-        val taskScheduler = ThreadPoolTaskScheduler()
-        taskScheduler.poolSize = this.threadCount
-        return taskScheduler
-    }
-
     @Bean
 	open fun commandLineRunner(ctx: ApplicationContext): CommandLineRunner {
 		return object : CommandLineRunner {

tools/docker/corda-all-in-one/corda-v4_12/Dockerfile

@@ -27,11 +27,11 @@ RUN mkdir /var/run/sshd
 WORKDIR /
 
 
-# The image has a bleeding edge version of corda baked in for testing conveniece
+# The image has a bleeding edge version of corda baked in for testing convenience
 RUN mkdir -p /opt/bin/
 COPY --from=builder /opt/corda/node/capsule/build/libs/corda-4.12-SNAPSHOT.jar /opt/bin/corda.jar
 
-# Make the "corda-shell" alias avaialble on the terminal
+# Make the "corda-shell" alias available on the terminal
 RUN java -jar /opt/bin/corda.jar install-shell-extensions
 
 RUN git clone https://github.com/corda/samples-kotlin.git
@@ -47,10 +47,16 @@ ARG SAMPLES_KOTLIN_CORDAPP_SUB_DIR_PATH="./Advanced/negotiation-cordapp/"
 WORKDIR /samples-kotlin/${SAMPLES_KOTLIN_CORDAPP_SUB_DIR_PATH}
 
 COPY ./negotiation-cordapp/build.gradle /samples-kotlin/Advanced/negotiation-cordapp/build.gradle
+COPY ./obligation-cordapp/build.gradle /samples-kotlin/Advanced/obligation-cordapp/build.gradle
 COPY ./negotiation-cordapp/contracts/build.gradle /samples-kotlin/Advanced/negotiation-cordapp/contracts/build.gradle
 COPY ./negotiation-cordapp/workflows/build.gradle /samples-kotlin/Advanced/negotiation-cordapp/workflows/build.gradle
 COPY ./constants.properties /samples-kotlin/Advanced/constants.properties
 
+# The kotlin-samples repo defines the gradle version as 7.6 not 7.6.3 and 
+# the build was failing wit ha message claiming that it needs exactly 7.6.3 so here it is.
+RUN sed -i 's|distributionUrl=.*|distributionUrl=https\://services.gradle.org/distributions/gradle-7.6.3-bin.zip|' /samples-kotlin/Advanced/negotiation-cordapp/gradle/wrapper/gradle-wrapper.properties
+RUN sed -i 's|distributionUrl=.*|distributionUrl=https\://services.gradle.org/distributions/gradle-7.6.3-bin.zip|' /samples-kotlin/Advanced/obligation-cordapp/gradle/wrapper/gradle-wrapper.properties
+
 RUN ./gradlew build deployNodes -x test
 
 WORKDIR /

tools/docker/corda-all-in-one/corda-v4_12/constants.properties

@@ -4,7 +4,7 @@ cordaVersion=4.12
 cordaCoreVersion=4.12
 cordaShellVersion=4.12
 gradlePluginsVersion=5.1.1
-kotlinVersion=1.9.20
+kotlinVersion=2.1.0
 junitVersion=4.12
 quasarVersion=0.9.0_r3
 log4jVersion=2.23.1

tools/docker/corda-all-in-one/corda-v4_12/negotiation-cordapp/build.gradle

@@ -77,6 +77,15 @@ allprojects { //Properties that you need to compile your project (The applicatio
         preserveFileTimestamps = false
         reproducibleFileOrder = true
     }
+
+    configurations.all {
+        resolutionStrategy.eachDependency { details ->
+            if (details.requested.group == "com.github.bft-smart" &&
+                details.requested.name == "library") {
+                details.useVersion "v1.2"
+            }
+        }
+    }
 }
 
 apply plugin: 'net.corda.plugins.cordapp'
@@ -141,7 +150,7 @@ task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
             address("0.0.0.0:10006")
             adminAddress("0.0.0.0:10046")
         }
-        rpcUsers = [[ user: "user1", "password": "test", "permissions": ["ALL"]]]
+        rpcUsers = [[user: "user1", password: "test", permissions: ["ALL"]]]
     }
     node {
         name "O=PartyB,L=New York,C=US"

tools/docker/corda-all-in-one/corda-v4_12/obligation-cordapp/build.gradle

@@ -0,0 +1,222 @@
+import static org.jetbrains.kotlin.gradle.dsl.JvmTarget.JVM_17
+import static org.jetbrains.kotlin.gradle.dsl.KotlinVersion.KOTLIN_1_9
+
+buildscript {
+    Properties constants = new Properties()
+    file("$projectDir/../constants.properties").withInputStream { constants.load(it) }
+
+    ext {
+        corda_release_group = constants.getProperty("cordaReleaseGroup")
+        corda_core_release_group =  constants.getProperty("cordaCoreReleaseGroup")
+        corda_release_version = constants.getProperty("cordaVersion")
+        corda_core_release_version = constants.getProperty("cordaCoreVersion")
+        corda_gradle_plugins_version = constants.getProperty("gradlePluginsVersion")
+        kotlin_version = constants.getProperty("kotlinVersion")
+        junit_version = constants.getProperty("junitVersion")
+        quasar_version = constants.getProperty("quasarVersion")
+        quasar_exclusions = [
+                'co.paralleluniverse**',
+                'groovy**',
+                'com.esotericsoftware.**',
+                'jdk**',
+                'junit**',
+                'kotlin**',
+                'net.rubygrapefruit.**',
+                'org.gradle.**',
+                'org.apache.**',
+                'org.jacoco.**',
+                'org.junit**',
+                'org.slf4j**',
+                'worker.org.gradle.**',
+                'org.mockito.kotlin**',
+                'org.assertj**',
+                'org.hamcrest**',
+                'org.mockito**',
+                'org.opentest4j**',
+                'org.springframework**'
+        ]
+        log4j_version = constants.getProperty("log4jVersion")
+        slf4j_version = constants.getProperty("slf4jVersion")
+        corda_platform_version = constants.getProperty("platformVersion").toInteger()
+        rxjava_version = constants.getProperty("rxJavaVersion")
+        snappy_version = constants.getProperty("snappyVersion")
+        //springboot
+        spring_boot_version = '3.2.5'
+        spring_boot_gradle_plugin_version = '3.2.5'
+
+        testJvmArgs = ['--add-opens', 'java.base/java.time=ALL-UNNAMED', '--add-opens', 'java.base/java.io=ALL-UNNAMED',
+                       '--add-opens', 'java.base/java.util=ALL-UNNAMED', '--add-opens', 'java.base/java.net=ALL-UNNAMED',
+                       '--add-opens', 'java.base/java.nio=ALL-UNNAMED', '--add-opens', 'java.base/java.lang.invoke=ALL-UNNAMED',
+                       '--add-opens', 'java.base/java.security.cert=ALL-UNNAMED', '--add-opens', 'java.base/java.security=ALL-UNNAMED',
+                       '--add-opens', 'java.base/javax.net.ssl=ALL-UNNAMED', '--add-opens', 'java.base/java.lang=ALL-UNNAMED',
+                       '--add-opens', 'java.base/java.util.concurrent=ALL-UNNAMED', '--add-opens', 'java.sql/java.sql=ALL-UNNAMED',]
+    }
+
+    repositories {
+        mavenLocal()
+        mavenCentral()
+
+        maven { url 'https://download.corda.net/maven/corda-releases' }
+    }
+
+    dependencies {
+        classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
+        classpath "net.corda.plugins:cordapp:$corda_gradle_plugins_version"
+        classpath "net.corda.plugins:cordformation:$corda_gradle_plugins_version"
+        classpath "net.corda.plugins:quasar-utils:$corda_gradle_plugins_version"
+        classpath "org.springframework.boot:spring-boot-gradle-plugin:$spring_boot_gradle_plugin_version"
+    }
+}
+
+allprojects {
+    apply from: "${rootProject.projectDir}/repositories.gradle"
+    apply plugin: 'org.jetbrains.kotlin.jvm'
+
+    tasks.withType(Test) {
+        jvmArgs = rootProject.ext.testJvmArgs
+    }
+
+    repositories {
+        mavenLocal()
+
+        mavenCentral()
+        maven { url 'https://download.corda.net/maven/corda-releases' }
+        maven { url 'https://download.corda.net/maven/corda-dependencies' }
+        // Can be removed post-release - used to get nightly snapshot build.
+        maven { url 'https://download.corda.net/maven/corda-lib' }
+        maven { url 'https://download.corda.net/maven/corda-lib-dev' }
+        maven { url 'https://jitpack.io' }
+        maven { url "https://repo.gradle.org/gradle/libs-releases-local" }
+    }
+
+    tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile) {
+        compilerOptions {
+            languageVersion = KOTLIN_1_9
+            apiVersion = KOTLIN_1_9
+            jvmTarget = JVM_17
+            javaParameters = true   // Useful for reflection.
+        }
+    }
+
+    jar {
+        // This makes the JAR's SHA-256 hash repeatable.
+        preserveFileTimestamps = false
+        reproducibleFileOrder = true
+    }
+
+    configurations.all {
+        resolutionStrategy.eachDependency { details ->
+            if (details.requested.group == "com.github.bft-smart" &&
+                details.requested.name == "library") {
+                details.useVersion "v1.2"
+            }
+        }
+    }
+}
+
+apply plugin: 'net.corda.plugins.cordapp'
+apply plugin: 'net.corda.plugins.cordformation'
+apply plugin: 'net.corda.plugins.quasar-utils'
+
+sourceSets {
+    main {
+        resources {
+            srcDir rootProject.file("config/dev")
+        }
+    }
+}
+
+dependencies {
+    // Corda dependencies.
+    cordaProvided "$corda_core_release_group:corda-core:$corda_core_release_version"
+    cordaProvided "$corda_release_group:corda-finance-contracts:$corda_release_version"
+    cordaProvided "$corda_release_group:corda-finance-workflows:$corda_release_version"
+
+    cordaBootstrapper "org.slf4j:slf4j-simple:$slf4j_version"
+    cordaBootstrapper "$corda_release_group:corda-node-api:$corda_release_version"
+
+    cordaProvided "$corda_release_group:corda-node-api:$corda_release_version"
+    corda  "$corda_release_group:corda:$corda_release_version"
+
+    // CorDapp dependencies.
+    cordapp project(":workflows")
+    cordapp project(":contracts")
+    cordapp "$corda_release_group:corda-finance-contracts:$corda_release_version"
+    cordapp "$corda_release_group:corda-finance-workflows:$corda_release_version"
+    cordapp "$corda_release_group:corda-confidential-identities:$corda_release_version"
+
+
+    cordaProvided "org.apache.logging.log4j:log4j-slf4j2-impl:${log4j_version}"
+    cordaProvided "org.apache.logging.log4j:log4j-web:${log4j_version}"
+    cordaProvided "org.slf4j:jul-to-slf4j:$slf4j_version"
+    cordaDriver "net.corda:corda-shell:$corda_release_version"
+}
+
+cordapp {
+    targetPlatformVersion corda_platform_version.toInteger()
+    minimumPlatformVersion corda_platform_version.toInteger()
+}
+
+task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
+    nodeDefaults {
+        projectCordapp {
+            deploy = false
+        }
+        cordapp project(':contracts')
+        cordapp project(':workflows')
+        cordapp("$corda_release_group:corda-finance-contracts:$corda_release_version")
+        cordapp("$corda_release_group:corda-finance-workflows:$corda_release_version")
+        cordapp("$corda_release_group:corda-confidential-identities:$corda_release_version")
+        rpcUsers = [[ user: "user1", "password": "password", "permissions": ["ALL"]]]
+        runSchemaMigration = true
+    }
+    node {
+        name "O=Notary,L=London,C=GB"
+        notary = [validating: false]
+        p2pPort 10002
+        rpcSettings {
+            useSsl false
+            standAloneBroker false
+            address "0.0.0.0:10003"
+            adminAddress "0.0.0.0:10103"
+        }
+    }
+    node {
+        name "O=ParticipantA,L=London,C=GB"
+        p2pPort 10007
+        rpcSettings {
+            useSsl false
+            standAloneBroker false
+            address "0.0.0.0:10008"
+            adminAddress "0.0.0.0:10108"
+        }
+    }
+    node {
+        name "O=ParticipantB,L=New York,C=US"
+        p2pPort 10010
+        rpcSettings {
+            useSsl false
+            standAloneBroker false
+            address "0.0.0.0:10011"
+            adminAddress "0.0.0.0:10111"
+        }
+    }
+    node {
+        name "O=ParticipantC,L=Paris,C=FR"
+        p2pPort 10013
+        rpcSettings {
+            useSsl false
+            standAloneBroker false
+            address "0.0.0.0:10014"
+            adminAddress "0.0.0.0:10114"
+        }
+    }
+}
+
+task installQuasar(type: Copy) {
+    destinationDir rootProject.file("lib")
+    from(configurations.quasar) {
+        rename 'quasar-core(.*).jar', 'quasar.jar'
+    }
+}
+