When building CorDapp using cordapp/cordformation plugins, the CorDapp JAR file is signed by default with Corda development certificate.
This allows to use signature constrains for contrast from the CorDapp out-of-box to facilitate testing/developement
Network Bootstarper does not whitelist contracts from signed CorDapp JARs
Corda Node in production mode (devMode=false) will not load any CorDapp signed by Corda development certificate
The specific additions to plugins:
Cordapp plugin - sign the generated CorDapp by default with Corda dev certificate, to configure/disable signing use
signing entry with:
options - any relevant task parameters as for https://ant.apache.org/manual/Tasks/signjar.html, an external keyStore can be specified, especially for production deployment
enabled - the control flag, set to true (by default) will run JAR signing
Example configuration to use external keyStore with properties provided to Gradle via '-D' properties:
Signs all Cordapp JARs inside cordapps directory with Corda dev certificate, to configure/disable signing use
signing entry with:
options - any relevant task parameters as for https://ant.apache.org/manual/Tasks/genkey.html and https://ant.apache.org/manual/Tasks/signjar.html.
enabled - the control flag, set to true (default) will run Cordapps signing
all - if true(default) all Cordapps inside 'cordapp' subdirectory will be signed, otherwise only the generated
generateKeystore - by default set to false, as the development KeyStore is used, if ad-hoc custom keyStore/key needs to be set up enable the flag and provide relevant options, this option may be confusing as out-of-box Corda dev certificate is used, oversize a location/passooerd to user external keyStore can be provided, so there is less need to ad-hoc generate keyStore.
Example of the config which will create ad-hock key in jarSignKeystore.p12 keyStore:
List of PRs:
Network Bootstarper: https://github.com/corda/corda/pull/4008
Corda Node https://github.com/corda/corda/pull/4041