Tessera - Enterprise Implementation of Quorum's transaction manager

Overview

Build Status codecov Docker Pulls

Important: If using version 21.4.1 and earlier
Tessera is now released as a zipped distribution instead of an uber jar. If using version 21.4.1 and earlier, see the previous README.

Tessera is a stateless Java system that is used to enable the encryption, decryption, and distribution of private transactions for Quorum and/or Besu

Each Tessera node:

  • Generates and maintains a number of private/public key pairs

  • Self manages and discovers all nodes in the network (i.e. their public keys) by connecting to as few as one other node

  • Provides Private and Public API interfaces for communication:

    • Private API - This is used for communication with Quorum
    • Public API - This is used for communication between Tessera peer nodes
  • Provides two way SSL using TLS certificates and various trust models like Trust On First Use (TOFU), whitelist, certificate authority, etc.

  • Supports IP whitelist

  • Connects to any SQL DB which supports the JDBC client

Documentation

Docs

Artefacts

Runnable distributions

Tessera

Remote Enclave Server

Optional Artefacts

The following artefacts can be added to a distribution to provide additional functionality.

Key Vaults

  • Azure: Add support for key pairs stored in Azure Key Vault
  • AWS: Add support for key pairs stored in AWS Secret Store
  • Hashicorp: Add support for key pairs stored in Hashicorp Vault

Encryptors

  • jnacl: (already included in Tessera and Remote Enclave Server distributions) Add support for NaCl key pairs using jnacl library
  • Elliptical Curve: Add support for elliptic curve key pairs
  • kalium: Add support for NaCl key pairs using kalium library

Prerequisites

  • Java

    • Java 11+ (tested up to Java 14), code source is Java 11.
  • Optional: Gradle

    • If you want to use a locally installed Gradle rather than the included wrapper. Note: wrapper currently uses Gradle 7.0.2.

Building Tessera from source

To build and install Tessera:

  1. Clone this repo
  2. Build using the included Gradle Wrapper file
    ./gradlew build   
    

Installing Tessera

Download and unpack distribution:

$ tar xvf tessera-[version].tar
$ tree tessera-[version]
tessera-[version]
├── bin
│   ├── tessera
│   └── tessera.bat
└── lib
    ├── HikariCP-3.2.0.jar
    ...

Run Tessera (use correct /bin script for your system):

./tessera-[version]/bin/tessera help

Supplementing the distribution

Additional functionality can be added to a distribution by adding .jar files to the /lib directory.

Adding Tessera artefacts

Download and unpack the artefact:

$ tar xvf aws-key-vault-[version].tar
$ tree aws-key-vault-[version]
aws-key-vault-[version].tar
└── lib
    ├── annotations-2.10.25.jar
    ...

Copy the contents of the artefact's /lib into the distribution /lib (make sure to resolve any version conflicts/duplicated .jar files introduced during the copy):

 cp -a aws-key-vault-[version]/lib/. tessera-[version]/lib/

Supporting alternate databases

By default, Tessera uses an H2 database. To use an alternative database, add the necessary drivers to the lib/ dir:

For example, to use Oracle database:

cp ojdbc7.jar tessera-[version]/lib/

DDLs have been provided to help with defining these databases.

Since Tessera 0.7 a timestamp is recorded with each encrypted transaction stored in the Tessera DB. To update an existing DB to work with Tessera 0.7+, execute one of the provided alter scripts.

Docker images

Configuration

Config File

A configuration file detailing database, server and network peer information must be provided using the -configfile command line property.

An in-depth look at configuring Tessera can be found in the Tessera Documentation and includes details on all aspects of configuration including:

  • Cryptographic key config:
    • Using existing private/public key pairs with Tessera
    • How to use Tessera to generate new key pairs
  • TLS config
    • How to enable TLS
    • Choosing a trust mode

Obfuscate database password in config file

Certain entries in Tessera config file must be obfuscated in order to prevent any attempts from attackers to gain access to critical part of the application (i.e. database). For the time being, Tessera users have the ability to enable encryption for database password to avoid it being exposed as plain text in the configuration file.

In Tessera, jasypt library was used together with its Jaxb integration to encrypt/decrypt config values.

To enable this feature, simply replace your plain-text database password with its encrypted value and wrap it inside an ENC() function.

    "jdbc": {
        "username": "sa",
        "password": "ENC(ujMeokIQ9UFHSuBYetfRjQTpZASgaua3)",
        "url": "jdbc:h2:/qdata/c1/db1",
        "autoCreateTables": true
    }

Being a Password-Based Encryptor, Jasypt requires a secret key (password) and a configured algorithm to encrypt/decrypt this config entry. This password can either be loaded into Tessera from file system or user input. For file system input, the location of this secret file needs to be set in Environment Variable TESSERA_CONFIG_SECRET

If the database password is not being wrapped inside ENC() function, Tessera will simply treat it as a plain-text password however this approach is not recommended for production environment.

  • Please note at the moment jasypt encryption is only enabled on jdbc.password field.
Encrypt database password

Download and unzip the jasypt package. Redirect to bin directory and the follow commands can be used to encrypt a string

bash-3.2$ ./encrypt.sh input=dbpassword password=quorum

----ENVIRONMENT-----------------

Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.171-b11



----ARGUMENTS-------------------

input: dbpassword
password: quorum



----OUTPUT----------------------

rJ70hNidkrpkTwHoVn2sGSp3h3uBWxjb

Pick up this output and wrap it inside ENC() function, we should have the following ENC(rJ70hNidkrpkTwHoVn2sGSp3h3uBWxjb) in the config json file.

Further reading

  • The Tessera Documentation provides additional information on how Tessera works, migrating from Constellation to Tessera, configuration details, and more.
  • Quorum is an Ethereum-based distributed ledger protocol that uses Tessera to provide transaction privacy.
  • Follow the Quorum Examples to see Tessera in action in a demo Quorum network.

Reporting Security Bugs

Security is part of our commitment to our users. At Quorum we have a close relationship with the security community, we understand the realm, and encourage security researchers to become part of our mission of building secure reliable software. This section explains how to submit security bugs, and what to expect in return.

All security bugs in Quorum and its ecosystem (Tessera, Constellation, Cakeshop, ..etc) should be reported by email to [email protected]. Please use the prefix [security] in your subject. This email is delivered to Quorum security team. Your email will be acknowledged, and you'll receive a more detailed response to your email as soon as possible indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement.

If you have not received a reply to your email or you have not heard from the security team please contact any team member through Quorum slack security channel. Please note that Quorum slack channels are public discussion forum. When escalating to this medium, please do not disclose the details of the issue. Simply state that you're trying to reach a member of the security team.

Responsible Disclosure Process

Quorum project uses the following responsible disclosure process:

Once the security report is received it is assigned a primary handler. This person coordinates the fix and release process. The issue is confirmed and a list of affected software is determined. Code is audited to find any potential similar problems. If it is determined, in consultation with the submitter, that a CVE-ID is required, the primary handler will trigger the process. Fixes are applied to the public repository and a new release is issued. On the date that the fixes are applied, announcements are sent to Quorum-announce. At this point you would be able to disclose publicly your finding.

Note: This process can take some time. Every effort will be made to handle the security bug in as timely a manner as possible, however it's important that we follow the process described above to ensure that disclosures are handled consistently.

Receiving Security Updates

The best way to receive security announcements is to subscribe to the Quorum-announce mailing list/channel. Any messages pertaining to a security issue will be prefixed with [security].

Comments on This Policy If you have any suggestions to improve this policy, please send an email to [email protected] for discussion.

Contributing

Tessera is built open source and we welcome external contribution on features and enhancements. Upon review you will be required to complete a Contributor License Agreement (CLA) before we are able to merge. If you have any questions about the contribution process, please feel free to send an email to [email protected]. Please see the Contributors guide for more information about the process.

Getting Help

Stuck at some step? Please join our slack community for support.

Issues
  • Fail during mvn install

    Fail during mvn install

    Hello. I was trying install and compile tessera.

    1. $ java -version java version "1.8.0_181" Java(TM) SE Runtime Environment (build 1.8.0_181-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

    2. $ mvn --version Apache Maven 3.3.9 Maven home: /usr/share/maven Java version: 1.8.0_181, vendor: Oracle Corporation Java home: /usr/lib/jvm/java-8-oracle/jre Default locale: en_US, platform encoding: UTF-8 OS name: "linux", version: "4.15.0-1022-azure", arch: "amd64", family: "unix"

    3. Apache Tomcat/9.0.11

    I cloned this repo, switch folder and tried run mvn install but got error: screen shot 2018-09-10 at 15 28 41

    I used basic config.json screen shot 2018-09-10 at 15 29 43

    What did I do wrong?

    opened by alexsplashex 27
  • Clarify peer discovery behaviour

    Clarify peer discovery behaviour

    Tessera Peer discovery docs here - https://docs.tessera.consensys.net/en/stable/HowTo/Configure/Peer-discovery/ Besu Multi-tenancy https://besu.hyperledger.org/en/stable/Tutorials/Privacy/Configuring-Multi-Tenancy/ (multiple tessera keys) GoQuorum multi-tenancy https://consensys.net/docs/goquorum/en/latest/concepts/multi-tenancy/ (this adds the "multiple private states" config)

    further context - https://github.com/ConsenSys/quorum/issues/1278

    Success criteria answers to these questions

    • [x] Basic peer discovery - if I have tessera nodes A and B, and then add node C to node A's config (peer section), do nodes B and C discover each other? (this can be verified without multi-tenancy just with multiple nodes)
    • [x] With Besu multi-tenancy - when I add another key to a tenant in tessera should it get propagated to other peers when peer discovery is on?
    • [x] Is this different with GoQuorum multi-tenancy (multiple private states)?
    • [x] clarifying updates to docs - in whatever format makes sense (eg gdoc writeup, raise a docs PR or create a docs ticket with relevant info)
    TeamRevenant 
    opened by macfarla 23
  • Memory Leak?

    Memory Leak?

    Hi!! I got the OOM(Out of Memory) error yesterday. So, I did add APM agent for heap monitoring to Tessera.

    I found the memory leak as below link. (sample..) (I'm sorry. I can't post the real graph because the company policy)

    Heap memory usage is increasing gradually after GC on all node. https://i.stack.imgur.com/NlsbR.jpg

    Heap memory is increased 130MB for 8 hours.

    Thank you.

    review 
    opened by yunhochung 21
  • Issue with tessera in k8s

    Issue with tessera in k8s

    Hy there I use your quorum and tessera as a private blockchain network. When working in the docker composite, everything works fine. However, at the start of 2 pods of tessera in the Kubernetes, a problem arose. Services normally start and see each other only when using internal IP docker addresses

    cat tessera-config.json:

    .....
       "peer": [
         {
           "url": "http://172.17.0.5:9000"
         }
    

    ...

    15:43:42.658 [grizzly-http-server-0] INFO  c.q.tessera.api.filter.LoggingFilter - Enter Request : POST : /resend
    15:43:42.759 [grizzly-http-server-0] INFO  c.q.t.t.EncryptedTransactionDAOImpl - Fetching all EncryptedTransaction database rows
    15:43:42.964 [grizzly-http-server-0] INFO  c.q.tessera.api.filter.LoggingFilter - Exit Request : POST : /resend
    15:43:42.965 [grizzly-http-server-0] INFO  c.q.tessera.api.filter.LoggingFilter - Response for resend : 200 OK
    15:43:42.975 [grizzly-http-server-1] INFO  c.q.tessera.api.filter.LoggingFilter - Enter Request : POST : /resend
    15:43:42.978 [grizzly-http-server-1] INFO  c.q.t.t.EncryptedTransactionDAOImpl - Fetching all EncryptedTransaction database rows
    15:43:42.979 [grizzly-http-server-1] INFO  c.q.tessera.api.filter.LoggingFilter - Exit Request : POST : /resend
    15:43:42.979 [grizzly-http-server-1] INFO  c.q.tessera.api.filter.LoggingFilter - Response for resend : 200 OK
    

    If you use the Kubernetes services:

    cat tessera-config.json:

    tessera-config.json:
      "peer": [
         {
           "url": "http: // tessera-1-ip-service: 9000"
         }
    

    Tessera starts, but do not see each other.

    15:45:40.282 [main] INFO  o.g.g.http.server.NetworkListener - Started listener bound to [0.0.0.0:9000]
    15:45:40.284 [main] INFO  o.g.grizzly.http.server.HttpServer - [HttpServer] Started.
    15:45:40.286 [main] INFO  c.quorum.tessera.server.JerseyServer - Started http://0.0.0.0:9000
    15:45:40.286 [main] INFO  c.quorum.tessera.server.JerseyServer - WADL http://0.0.0.0:9000/application.wadl
    15:47:52.016 [pool-3-thread-1] WARN  com.quorum.tessera.sync.SyncPoller - Server error java.net.ConnectException: Connection timed out (Connection timed out) when connecting to http://tessera-1-ip-service:9000
    15:47:52.016 [pool-1-thread-1] WARN  c.q.tessera.node.PartyInfoPoller - Server error java.net.ConnectException: Connection timed out (Connection timed out) when connecting to http://tessera-1-ip-service:9000
    

    The network is configured correctly, the port is open

    [email protected]:/opt/tessera# nc -vz tessera-1-ip-service 9000
    tessera-1-ip-service.default.svc.cluster.local [10.101.33.216] 9000 (?) open
    

    This behavior does not allow to switch to the use of tessera in Kubernetes, since when POD restarting, its internal IP can change and there is no possibility to make it static. The use of a single tessera is undesirable since it will make impossible scaling and reduce the fault tolerance of the service.

    ┆Issue is synchronized with this Trello card

    bug in progress 
    opened by alexsplashex 15
  • Added CLI options to output server URIs to file.

    Added CLI options to output server URIs to file.

    Added a CLI option to write server URIs to a specified directory. The use case for this change is to enable an external process to locate running Tessera servers, without requiring foreknowledge of the Tessera configuration.

    opened by mark-terry 14
  • Error: EOF undefined while trying to transact privately between 2 peers

    Error: EOF undefined while trying to transact privately between 2 peers

    Geth version: 1.8.18-stable Quorum version: 2.2.3 Go:1.10.3 Tessera version: 0.9

    I have used the latest tessera docs https://goquorum.readthedocs.io/en/latest/Privacy/Tessera/Configuration/Configuration%20Overview/

    To set up 3 peers. Below is the tessera-config.json for node 1(similar for node 2 and node 3 with only changes in ip):

    { "useWhiteList": false, "jdbc": { "username": "sa", "password": "", "url": "jdbc:h2:/home/ubuntu/node/db;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0", "autoCreateTables": true }, "serverConfigs": [ { "app": "P2P", "enabled": true, "serverAddress": "http://ip1:9001", "bindingAddress": "http://0.0.0.0:9001", "sslConfig": { "tls": "OFF" }, "communicationType": "REST" }, { "app": "Q2T", "enabled": true, "serverAddress": "unix:/home/ubuntu/node/datadir/tm.ipc", "communicationType": "REST" } ],

    "peer": [
     {
    "url": "http://ip1:9001"
    

    }, { "url": "http://ip2:9001" }, { "url": "http://ip3:9001" } ], "keys": { "passwords": [], "keyData": [ { "privateKeyPath": "/home/ubuntu/node/tessera-key-pair/node.key", "publicKeyPath": "/home/ubuntu/node/tessera-key-pair/node.pub" } ] },

    "alwaysSendTo": [],
    
    "unixSocketFile": "/home/ubuntu/node/datadir/tm.ipc"
    

    I have also put the below commands to turn up geth(similar for node 2 and node 3):

    ARGS="--nodiscover --verbosity 5 --raft --rpc --rpcaddr 0.0.0.0 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,raft --emitcheckpoints" PRIVATE_CONFIG=datadir/tm.ipc nohup geth --datadir datadir $ARGS --raftport 50401 --rpcport 22000 --port 21000 --identity 'QUORUM01' --unlock 0 --password passwords.txt 2>>datadir/logs/node.log &

    I have also did admin.addPeer() from node 1 using node 2 and node 3 enode. Now the problem is I am not able to transact private transactions from geth console with passing "privateFor:[public key of node 2]" from node 1. However I am able to successfully transact public transactions from all the peers.

    Please help!!!!

    status:inactive 
    opened by subhasisbanik 13
  • How to add mysql to 7nodes example?

    How to add mysql to 7nodes example?

    I have installed mysql on local machine I have downloaded the jar(version 8.0.12) about mysql jdbc and saved at /home/vagrant/tessera/mysql.jar I have run the ddl(https://github.com/jpmorganchase/tessera/blob/master/ddls/mysql-ddl.sql) of mysql

    I modify the tessera-init.sh as follwoing and change the jdbc url to mysql

    #!/usr/bin/env bash echo "[*] Initialising Tessera configuration"

    currentDir=$(pwd) for i in {1..7} do DDIR="qdata/c$i" mkdir -p ${DDIR} mkdir -p qdata/logs cp "keys/tm$i.pub" "${DDIR}/tm.pub" cp "keys/tm$i.key" "${DDIR}/tm.key" rm -f "${DDIR}/tm.ipc" #change tls to "strict" to enable it (don't forget to also change http -> https) cat < ${DDIR}/tessera-config${i}.json { "useWhiteList": false, "jdbc": { "username": "root", "password": "123456", "url": "jdbc:mysql//127.0.0.1:3306/quorum?useSSL=false" }, "server": { "port": 900${i}, "hostName": "http://localhost", "sslConfig": { "tls": "OFF", "generateKeyStoreIfNotExisted": true, "serverKeyStore": "${currentDir}/qdata/c${i}/server${i}-keystore", "serverKeyStorePassword": "quorum", "serverTrustStore": "${currentDir}/qdata/c${i}/server-truststore", "serverTrustStorePassword": "quorum", "serverTrustMode": "TOFU", "knownClientsFile": "${currentDir}/qdata/c${i}/knownClients", "clientKeyStore": "${currentDir}/qdata/c${i}/client${i}-keystore", "clientKeyStorePassword": "quorum", "clientTrustStore": "${currentDir}/qdata/c${i}/client-truststore", "clientTrustStorePassword": "quorum", "clientTrustMode": "TOFU", "knownServersFile": "${currentDir}/qdata/c${i}/knownServers" } }, "peer": [ { "url": "http://localhost:9001" }, { "url": "http://localhost:9002" }, { "url": "http://localhost:9003" }, { "url": "http://localhost:9004" }, { "url": "http://localhost:9005" }, { "url": "http://localhost:9006" }, { "url": "http://localhost:9007" } ], "keys": { "passwords": [], "keyData": [ { "config": $(cat ${currentDir}/qdata/c${i}/tm.key), "publicKey": "$(cat ${currentDir}/qdata/c${i}/tm.pub)" } ] }, "alwaysSendTo": [], "unixSocketFile": "${currentDir}/qdata/c${i}/tm.ipc" } EOF done

    opened by matrixoneken 12
  • ThirdParty server hangup problem with 7nodes example

    ThirdParty server hangup problem with 7nodes example

    follow the suggest on https://github.com/jpmorganchase/tessera/issues/954. i use the latest realease of qurom and tessera deploy quorum-examples with 7 nodes. but ThirdParty server 9081-9087 port hangup again. this is my deploy and test steps, maybe can help reappear the bug.

    1、prepare host server, operate system version:CentOS Linux release 7.3.1611 x86_64 2、download geth_v2.4.0_linux_amd64.tar.gz, url:https://github.com/jpmorganchase/quorum/releases 3、download tessera-app-0.10.2-app.jar,url:https://oss.sonatype.org/service/local/repositories/releases/content/com/jpmorgan/quorum/tessera-app/0.10.2/tessera-app-0.10.2-app.jar 4、download quorum-examples-master.zip,url: https://codeload.github.com/jpmorganchase/quorum-examples/zip/master 5、mkdir -p /home/cpap/app/blockchain/lib cp tessera-app-0.10.2-app.jar /home/cpap/app/blockchain/lib cp geth_v2.4.0_linux_amd64.tar.gz /home/cpap/app/blockchain/lib cd /home/cpap/app/blockchain/lib tar -xvf geth_v2.4.0_linux_amd64.tar.gz cp geth /usr/local/bin chmod 777 /usr/local/bin/geth [[email protected] lib] geth --version Incorrect Usage. flag provided but not defined: -version NAME: geth - the go-ethereum command line interface Copyright 2013-2018 The go-ethereum Authors USAGE: geth [options] command [command options] [arguments...] VERSION: 1.8.18-stable-20c95e5d QUORUM OPTIONS: --permissioned If enabled, the node will allow only a defined list of nodes to connect ... 6、mkdir -p /home/cpap/app/blockchain cp quorum-examples-master.zip /home/cpap/app/blockchain cd /home/cpap/app/blockchain unzip quorum-examples-master.zip cd quorum-examples-master/examples/7nodes/ vi ./tessera-init.sh delete the cros config of P2P server in tessera-config-09-${i}.json,because tessera-app-0.10.2 only can config cros on the ThirdParty Server

    7、start 7nodes ./raft-init.sh ./raft-start.sh tessera --tesseraOptions "--tesseraJar /home/cpap/app/blockchain/lib/tessera-app-0.10.2-app.jar" ... All nodes configured. See 'qdata/logs' for logs, and run e.g. 'geth attach qdata/dd1/geth.ipc' to attach to the first Geth node. To test sending a private transaction from Node 1 to Node 7, run './runscript.sh private-contract.js'

    8、test 9081 port on 7nodes, every 10 minutes

    first try everything is ok [[email protected] 7nodes] curl -s http://localhost:9081/upcheck curl -s http://localhost:9082/upcheck I'm up![[email protected] 7nodes] curl -s http://localhost:9082/upcheck I'm up![[email protected] 7nodes] curl -s http://localhost:9083/upcheck I'm up![[email protected] 7nodes] curl -s http://localhost:9084/upcheck I'm up![[email protected] 7nodes] curl -s http://localhost:9085/upcheck I'm up![[email protected] 7nodes] curl -s http://localhost:9086/upcheck I'm up![[email protected] 7nodes] curl -s http://localhost:9087/upcheck I'm up![[email protected] 7nodes] date 2020-01-08 13:03:36 CST

    the second try 9081-9087 hangup [[email protected] 7nodes]# curl -s http://localhost:9081/upcheck curl -s http://localhost:9082/upcheck curl -s http://localhost:9083/upcheck curl -s http://localhost:9084/upcheck curl -s http://localhost:9085/upcheck curl -s http://localhost:9086/upcheck curl -s http://localhost:9087/upcheck ^C [[email protected] 7nodes]# date 2020-01-08 13:15:17

    2020-01-08 13:15:17 bug reappear !!!

    dependencies 0.10.3 
    opened by bigstar119 11
  • Tests are making the installation to loop forever

    Tests are making the installation to loop forever

    When I tried to install the project using maven 3.6 with the command mvn install at some point the installation kind of "stopped" without proceeding for about 7 hours. After that I stopped it manually. When providing the clean install with no tests - mvn clean install -DskipTests=true it was installed successfully.

    testing 
    opened by xxLestadxx 11
  • Tessera process continue to throw exceptions and private transactions don't go through on distributed node/+ tessera setup

    Tessera process continue to throw exceptions and private transactions don't go through on distributed node/+ tessera setup

    System information Geth version: 1.8.18-stable Quorum version:quorum-v2.2.3 Tessera version: quorumengineering/tessera:0.9.1 OS & Version: Linux/OSX Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-47-generic x86_64)

    We have Geth+Tessera nodes deployed on distributed machines. Peer tessera nodes are mentioned in the peer list of tessera-config.json of each tessera node. The issue is, the tessera node discovers peer nodes outside the specified peer network too. If the discovered peer list seems to have an issue with connectivity, it throws exceptions and it continues.

    {"log":"06:50:22.272 [pool-1-thread-1] ERROR c.q.t.t.TesseraScheduledExecutor - Error when executing action PartyInfoPoller\n","stream":"stdout","time":"2019-05-09T06:50:22.272856945Z"}
    {"log":"06:50:22.272 [pool-1-thread-1] ERROR c.q.t.t.TesseraScheduledExecutor - Error when executing action\n","stream":"stdout","time":"2019-05-09T06:50:22.272869291Z"}
    {"log":"javax.ws.rs.ProcessingException: java.net.NoRouteToHostException: Host is unreachable (Host unreachable)\n","stream":"stdout","time":"2019-05-09T06:50:22.272872429Z"}
    {"log":"\u0009at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:284) ~[tessera-app.jar:na]\n","stream":"stdout","time":"2019-05-09T06:50:22.272892301Z"}
    {"log":"\u0009at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:278) ~[tessera-app.jar:na]\n","stream":"stdout","time":"2019-05-09T06:50:22.272895579Z"}
    {"log":"\u0009at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$0(JerseyInvocation.java:753) ~[tessera-app.jar:na]\n","stream":"stdout","time":"2019-05-09T06:50:22.272897997Z"}
    {"log":"\u0009at org.glassfish.jersey.internal.Errors.process(Errors.java:316) ~[tessera-app.jar:na]\n","stream":"stdout","time":"2019-05-09T06:50:22.272900301Z"}
    {"log":"\u0009at org.glassfish.jersey.internal.Errors.process(Errors.java:298) ~[tessera-app.jar:na]\n","stream":"stdout","time":"2019-05-09T06:50:22.272902551Z"}
    ```
    Tessera should have mechanism to filter out unreachable nodes. 
    
    Subsequently, we can not execute any private transactions on such tessera nodes.
    feature 
    opened by golashr 11
  • Query on constellation to tessera migration

    Query on constellation to tessera migration

    We have existing instances running on constellation with Quorum.

    Future Roadmap

    QuorumConstellationTessera
    Since inceptionver. 2.0.1ver. 0.3.2-
    May 2019ver. 2.2.1ver. 0.3.2-
    Future releasever. 2.2.1-ver. 0.9

    We have completed a POC for migration from constellation to tessera and have found that the blockNumber changes from the earlier number e.g. 2012 to 1. The old transactions are present and seems that a new leveldb file was created.

    Is this the expected behavior. Should the block number not be retained correctly. Please advise.

    bug 
    opened by saikatsain 11
  • Use upcoming azure-core-http-jdk-httpclient instead of netty

    Use upcoming azure-core-http-jdk-httpclient instead of netty

    Netty introduces several CVE dependency advisories to the azure-key-vault module. An azure client using the JDK HttpClient is currently being worked on (current ETA June 2022) and for our simple usage will be more than enough. Switch to using this client when available.

    Documentation already available: https://docs.microsoft.com/en-us/azure/developer/java/sdk/http-client-pipeline

    Tracking issue: https://github.com/Azure/azure-sdk-for-java/issues/27065

    Version as of 6 June: 1.0.0-beta.1 https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/core/azure-core-http-jdk-httpclient

    opened by chris-j-h 0
  • update jackson databind

    update jackson databind

    Signed-off-by: Sally MacFarlane [email protected]

    Update jackson and jackson-databind versions

    Documentation

    • [ ] I thought about documentation and added the doc-change-required label to this PR if updates are required.

    Changelog

    • [ ] I thought about adding a changelog entry, and added one if I deemed necessary.
    opened by macfarla 0
  • update sqlite version

    update sqlite version

    Signed-off-by: Sally MacFarlane [email protected]

    Update sqlite-jdbc version

    Documentation

    • [x] I thought about documentation and added the doc-change-required label to this PR if updates are required.

    Changelog

    • [x] I thought about adding a changelog entry, and added one if I deemed necessary.
    opened by macfarla 0
  • update CI to include arm build

    update CI to include arm build

    ubuntu base now supports arm but we only publish the amd64 images. eg see besu PR https://github.com/hyperledger/besu/pull/2954 Since besu now supports M1, we can update the quorum-dev-quickstart and if we can include Tessera on M1, the privacy examples would also work.

    opened by macfarla 0
  • Several vulnerabilities in the shared library which data-migration depends on. Could you help upgrade to patch versions?

    Several vulnerabilities in the shared library which data-migration depends on. Could you help upgrade to patch versions?

    Hi, @melowe , @namtruong , I'd like to report a vulnerability issue in com.jpmorgan.quorum:data-migration:0.11.

    Issue Description

    com.jpmorgan.quorum:data-migration:0.11 directly or transitively depends on 30 C libraries (.so) cross many platforms(such as x86-64, x86, arm64, armhf). However, I noticed that one C library is vulnerable, containing the following CVEs:

    libsqlitejdbc.so from C project sqlite(version:3.23.1) exposed 3 vulnerabilities: CVE-2019-19646, CVE-2019-19645, CVE-2019-8457

    Suggested Vulnerability Patch Versions

    sqlite has fixed the vulnerabilities in versions >=3.37.0

    Java build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Java projects. Could you please upgrade the above shared libraries to their patch versions?

    Thanks for your help~ Best regards, Helen Parr

    opened by HelenParr 1
  • Add support for overrides in config module

    Add support for overrides in config module

    OverrideUtilTest

    https://github.com/ConsenSys/tessera/blob/095ab4fee41d13bb914b10b366ab8ecc6c6018da/cli/config-cli/src/test/java/com/quorum/tessera/config/cli/OverrideUtilTest.java#L273

    opened by macfarla 0
Releases(tessera-22.1.3)
Owner
ConsenSys Software
ConsenSys is the software engineering leader of the blockchain space. Our full-stack Ethereum products help developers build next-generation networks.
ConsenSys Software
ConsenSys Software 8 Jan 18, 2022
Transaction processor for the Elrond Blockchain

Elrond Ledger Transactions Processor Elrond Ledger Transactions Processor processes transactions block by block on the Elrond ledger. This codebase is

TheFabric.IO 2 Feb 16, 2022
Api for getting blockchain block and transaction details in Go.

Getting Blockchain Data Api for getting blockchain block and transaction details Things you need Go: brew install go Install docker Setup go folder in

Hasan 0 Dec 14, 2021
Signature-server - stores transaction blobs and uses predefined secret key to sign and verify those transactions

Signature Server Signature server stores transaction blobs and uses predefined s

Rezoan Tamal 0 Feb 14, 2022
Go language implementation of a blockchain based on the BDLS BFT protocol. The implementation was adapted from Ethereum and Sperax implementation

BDLS protocol based PoS Blockchain Most functionalities of this client is similar to the Ethereum golang implementation. If you do not find your quest

Yongge Wang 0 Jan 1, 2022
A simple and lightweight encrypted password manager written in Go.

Osiris Password Manager A simple and lightweight encrypted password manager written in Go

null 32 Jun 16, 2022
Minilotus - A simple wallet manager of lotus

A simple wallet manager of lotus. Refer to https://github.com/filecoin-project/l

null 0 Jan 5, 2022
Arche - Smart Hybrid Workforce Manager: A system that aims to provide companies an easy to use platform for managing company resources by allowing employees to book company spaces and resources.

Description Smart Hybrid Workforce Manager is a system that aims to provide companies an easy to use system for managing company resources by allowing

COS 301 - 2022 11 Jun 9, 2022
Go implementation of BLAKE2 (b) cryptographic hash function (optimized for 64-bit platforms).

Go implementation of BLAKE2b collision-resistant cryptographic hash function created by Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, an

Dmitry Chestnykh 89 May 1, 2022
An implementation of JOSE standards (JWE, JWS, JWT) in Go

Go JOSE Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSO

Square 1.9k Jun 27, 2022
Go implementation of SipHash-2-4, a fast short-input PRF created by Jean-Philippe Aumasson and Daniel J. Bernstein.

SipHash (Go) Go implementation of SipHash-2-4, a fast short-input PRF created by Jean-Philippe Aumasson and Daniel J. Bernstein (http://131002.net/sip

Dmitry Chestnykh 239 Jun 27, 2022
A simplified blockchain implementation in Golang

A simplified blockchain implementation in Golang

Ivan Kuznetsov 3.4k Jun 28, 2022
A full node Bitcoin (BSV) implementation written in Go

bsvd bsvd is a full node Bitcoin (BSV) implementation written in Go (golang). This project is a port of the bchd codebase to Bitcoin (BSV). It provide

null 41 Feb 7, 2022
Merchant API reference implementation

mAPI More details available in the BRFC Spec for Merchant API. The old golang (v1.1) implementation is no longer being maintained and has been moved t

Bitcoin SV 20 Jun 17, 2022
`age-plugin-yubikey` implementation, encrypt things with a Yubikey/any PIV card

This is an age plugin for PIV cards/Yubikey. Your secret is kept safe on the tamperproof hardware, while letting you use the age command-line.

Tv 20 Dec 10, 2021
Interblockchain communication protocol (IBC) implementation in Golang.

ibc-go Interblockchain communication protocol (IBC) implementation in Golang built as a SDK module. Components Core The core/ directory contains the S

COSMOS 214 Jun 25, 2022
Implementation of the Filecoin protocol, written in Go

Project Lotus - 莲 Lotus is an implementation of the Filecoin Distributed Storage Network. For more details about Filecoin, check out the Filecoin Spec

Filecoin 2.3k Jun 30, 2022
Go implementation of Ethereum proof of stake

Prysm: An Ethereum Consensus Implementation Written in Go This is the core repository for Prysm, a Golang implementation of the Ethereum Consensus spe

Prysmatic Labs 2.6k Jun 22, 2022
Pure Go implementation of the NaCL set of API's

go-nacl This is a pure Go implementation of the API's available in NaCL: https://nacl.cr.yp.to. Compared with the implementation in golang.org/x/crypt

Kevin Burke 522 Apr 30, 2022