Merge pull request #46 from corda/due-diligence-app

add Due diligence app

Author: peterli-r3

Advanced/README.md

@@ -9,6 +9,8 @@ and [OwnableState](https://docs.corda.net/docs/corda-os/api-states.html#ownables
   <img src="./auction-cordapp/snaps/setup.png" alt="Corda" width="600">
 </p>
 
+### [Due Diligence Cordapp](./duediligence-cordapp):
+An capital market themed app that depicts an ideal shareable due diligence process between banks. It uses advance feature attachment functionality to whitelist the trusted auditors.
 
 ### [Negotiation Cordapp](./negotiation-cordapp):
 An application that depicts the businsess negotiation and communication process over a distributed ledger system.
@@ -21,6 +23,10 @@ A simple i-owe-you application illustrates all of the steps of creating an oblig
 This is an imlementation of Secret Santa using Corda as a tool to store multiple game states.It has a material-ui frontend that lets users create and self-service their own secret santa games. The frontend is implemented in ReactJS and the backend is implemented with a Spring Boot server and some corda flows. It is also equipped with an external emailing package(sendgrid), which you can utilze and turn the app into a live app and send the secret santa assignments to your friends'
 emails.
 
+<p align="center">
+  <img src="./secretsanta-cordapp/clients/src/main/webapp/src/Components/img/secret_corda.png" alt="Corda" width="200">
+</p>
+
 ### [Snake and Ladder Game Cordapp](./snakesandladders-cordapp):
 This sample implements a simple Snakes And Ladder Game on Corda. This cordapp demonstrate the use of multiple features, including Corda Account Library and Oracle service.
 <p align="center">

Advanced/duediligence-cordapp/LICENCE

@@ -0,0 +1,13 @@
+  Copyright 2016, R3 Limited.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

Advanced/duediligence-cordapp/README.md

@@ -0,0 +1,66 @@
+# Due Diligence Cordapp
+
+This cordapp is an example of how blockchain can work in the capital market industry. Due diligence is commonly the first step of any action in the capital market. In many of the industry, it is also required by the regulators to prevent fraudulent and risky transactions. Each firm will have its own due-diligence process and standards, but at the same time, the cost of executing due diligence is also bared by them individually.
+
+## App Design
+
+
+The above picture is a high level mock overview of a shareable due diligence DLT app. BankA will initiate the original Corporate Records auditing with an autitor. Then it will share the auditiing report with BankB to save BankB's cost on getting the same report. Wise versa, BankB can work with a different auditor and produce a different report and share with BankA. In the implmentation of this sample cordapp, we will only cover one type of the file auditing. 
+
+Notes: another key feature of this app is whitlisting trusted auditors. It is done by utilizing attachment function in Corda. More samples on how to use attachment can be found in the [Features samples folder](../../Features)
+
+
+## Pre-running the app
+
+Deploying nodes: `./gradlew clean deployNodes`
+
+Starting the nodes: `./build/nodes/runnodes`
+
+Uploading whitelisted Auditors: `./gradlew uploadWhitelists`
+
+
+
+## Running the Cordapp
+Step #1: At PartyA, file the original Corporate Records auditing process with Auditor(Trusted Auditor)
+```
+flow start RequestToValidateCorporateRecordsInitiator validater: Trusted Auditor, numberOfFiles: 10
+```
+
+Step #2: Go to the Trusted Auditor Node, validate the auditing request(This step symbolize the auditing process by this third party auditor). Put in the linearId which was returned in Step #1.
+```
+flow start ValidateCorporateRecordsInitiator linearId: <XXXX-XXX-XXXX-XXXXX-XXXXXX>
+```
+
+Step #3: Go to PartyA, Do a query to confirm that the request has been validated. You should see the variable `qualification=true`.
+
+```
+run vaultQuery contractStateType: net.corda.samples.duediligence.states.CorporateRecordsAuditRequest
+```
+Then, we will instruct PartyA to share a copy of the auditing result with PartyB: (Again, You would need put in the linearId returned from Step #1). The parameter `trustedAuditorAttachment` is a jar file which records the trusted auditors. If PartyA used an untrusted auditor to accquire the corporate records auditing report. He will be prohibited to share with anyone because it is valueless effort(in this business use case, Of course you can modify the business use cases).
+```
+flow start ShareAuditingResultInitiator AuditingResultID: <XXXX-XXX-XXXX-XXXXX-XXXXXX>, sendTo: BankB, trustedAuditorAttachment: "8DF3275D80B26B9A45AB022F2FDA4A2ED996449B425F8F2245FA5BCF7D1AC587"
+```
+This flow will return the LinearId of the copy of auditing report, you would need this in Step #6.
+
+Step #4: Go to PartyB, do a query to confirm the delievery of copy of the Auditing Report.
+```
+run vaultQuery contractStateType: net.corda.samples.duediligence.states.CopyOfCoporateRecordsAuditRequest
+```
+As of now, the sharing of the trusted auditing report is done. What left now for both PartyA and PartyB in this use case is to upload the Corporate Records auditing report into a due-diligence list, which they can share with a regulator.(You can again alter this step to suit any other use cases).
+
+
+Step #5: Go to PartyA, Attach the Corporate Records auditing report into a due-diligence checklist and report to the Regulator. Again, the approvalId is the linearId returned in Step #1.
+```
+flow start CreateCheckListAndAddApprovalInitiator reportTo: Regulator, approvalId: <XXXX-XXX-XXXX-XXXXX-XXXXXX>
+
+```
+Step #6: Go to PartyB, Attach the copy of the Corporate Records auditing report into a due-diligence checklist and report to the Regulator. You would need the linearId that is return from Step #5
+```
+flow start CreateCheckListAndAddApprovalInitiator reportTo: Regulator, approvalId: <XXXX-XXX-XXXX-XXXXX-XXXXXX-Returned-From-Step #5>
+```
+Step #7: Go to Regulator, do a query on reported due-diligence checklists. You will be able to see both PartyA and PartyB had filed a due-diligence checklist.
+```
+run vaultQuery contractStateType: net.corda.samples.duediligence.states.DueDChecklist
+
+```
+This use of Distributed technology Corda helped PartyB saved the cost of go through corporate records due-diligence process while still reaching a trusted auditing report. 

Advanced/duediligence-cordapp/TRADEMARK

@@ -0,0 +1,4 @@
+Corda and the Corda logo are trademarks of R3CEV LLC and its affiliates. All rights reserved.
+
+For R3CEV LLC's trademark and logo usage information, please consult our Trademark Usage Policy at
+https://www.r3.com/trademark-policy/.

Advanced/duediligence-cordapp/build.gradle

@@ -0,0 +1,152 @@
+buildscript {//properties that you need to build the project
+    Properties constants = new Properties()
+    file("$projectDir/../constants.properties").withInputStream { constants.load(it) }
+
+    ext {
+        corda_release_group = constants.getProperty("cordaReleaseGroup")
+        corda_core_release_group =  constants.getProperty("cordaCoreReleaseGroup")
+        corda_release_version = constants.getProperty("cordaVersion")
+        corda_core_release_version = constants.getProperty("cordaCoreVersion")
+        corda_gradle_plugins_version = constants.getProperty("gradlePluginsVersion")
+        kotlin_version = constants.getProperty("kotlinVersion")
+        junit_version = constants.getProperty("junitVersion")
+        quasar_version = constants.getProperty("quasarVersion")
+        log4j_version = constants.getProperty("log4jVersion")
+        slf4j_version = constants.getProperty("slf4jVersion")
+        corda_platform_version = constants.getProperty("platformVersion").toInteger()
+        //springboot
+        spring_boot_version = '2.0.2.RELEASE'
+        spring_boot_gradle_plugin_version = '2.0.2.RELEASE'
+    }
+
+    repositories {
+        mavenLocal()
+        mavenCentral()
+        jcenter()
+        maven { url 'https://software.r3.com/artifactory/corda-releases' }
+    }
+
+    dependencies {
+        classpath "net.corda.plugins:cordapp:$corda_gradle_plugins_version"
+        classpath "net.corda.plugins:cordformation:$corda_gradle_plugins_version"
+        classpath "net.corda.plugins:quasar-utils:$corda_gradle_plugins_version"
+        classpath "org.springframework.boot:spring-boot-gradle-plugin:$spring_boot_gradle_plugin_version"
+    }
+}
+
+allprojects {//Properties that you need to compile your project (The application)
+    apply from: "${rootProject.projectDir}/repositories.gradle"
+    apply plugin: 'java'
+
+    repositories {
+        mavenLocal()
+        jcenter()
+        mavenCentral()
+        maven { url 'https://software.r3.com/artifactory/corda' }
+        maven { url 'https://jitpack.io' }
+    }
+
+    tasks.withType(JavaCompile) {
+        options.compilerArgs << "-parameters" // Required by Corda's serialisation framework.
+    }
+
+    jar {
+        // This makes the JAR's SHA-256 hash repeatable.
+        preserveFileTimestamps = false
+        reproducibleFileOrder = true
+        duplicatesStrategy = DuplicatesStrategy.EXCLUDE
+    }
+}
+
+apply plugin: 'net.corda.plugins.cordapp'
+apply plugin: 'net.corda.plugins.cordformation'
+apply plugin: 'net.corda.plugins.quasar-utils'
+
+sourceSets {
+    main {
+        resources {
+            srcDir rootProject.file("config/dev")
+        }
+    }
+}
+//Module dependencis
+dependencies {
+    // Corda dependencies.
+    cordaCompile "$corda_core_release_group:corda-core:$corda_core_release_version"
+    cordaCompile "$corda_release_group:corda-node-api:$corda_release_version"
+    cordaRuntime "$corda_release_group:corda:$corda_release_version"
+
+    // CorDapp dependencies.
+    cordapp project(":workflows")
+    cordapp project(":contracts")
+
+    cordaCompile "org.apache.logging.log4j:log4j-slf4j-impl:${log4j_version}"
+    cordaCompile "org.apache.logging.log4j:log4j-web:${log4j_version}"
+    cordaCompile "org.slf4j:jul-to-slf4j:$slf4j_version"
+}
+
+
+//Task to deploy the nodes in order to bootstrap a network
+task deployNodes(type: net.corda.plugins.Cordform, dependsOn: ['jar']) {
+
+    /* This property will load the CorDapps to each of the node by default, including the Notary. You can find them
+     * in the cordapps folder of the node at build/nodes/Notary/cordapps. However, the notary doesn't really understand
+     * the notion of cordapps. In production, Notary does not need cordapps as well. This is just a short cut to load
+     * the Corda network bootstrapper.
+     */
+    nodeDefaults {
+        projectCordapp {
+            deploy = false
+        }
+        cordapp project(':contracts')
+        cordapp project(':workflows')
+        runSchemaMigration = true //This configuration is for any CorDapps with custom schema, We will leave this as true to avoid
+        //problems for developers who are not familiar with Corda. If you are not using custom schemas, you can change
+        //it to false for quicker project compiling time.
+    }
+    node {
+        name "O=Notary,L=London,C=GB"
+        notary = [validating : false]
+        p2pPort 10002
+        rpcSettings {
+            address("localhost:10003")
+            adminAddress("localhost:10043")
+        }
+    }
+    node {
+        name "O=BankA,L=London,C=GB"
+        p2pPort 10005
+        rpcSettings {
+            address("localhost:10006")
+            adminAddress("localhost:10046")
+        }
+        rpcUsers = [[ user: "user1", "password": "test", "permissions": ["ALL"]]]
+    }
+    node {
+        name "O=BankB,L=New York,C=US"
+        p2pPort 10008
+        rpcSettings {
+            address("localhost:10009")
+            adminAddress("localhost:10049")
+        }
+        rpcUsers = [[ user: "user1", "password": "test", "permissions": ["ALL"]]]
+    }
+    node {
+        name "O=Trusted Auditor,L=New York,C=US"
+        p2pPort 10011
+        rpcSettings {
+            address("localhost:10012")
+            adminAddress("localhost:10052")
+        }
+        rpcUsers = [[ user: "user1", "password": "test", "permissions": ["ALL"]]]
+    }
+    node {
+        name "O=Regulator,L=New York,C=US"
+        p2pPort 10014
+        rpcSettings {
+            address("localhost:10015")
+            adminAddress("localhost:10055")
+        }
+        rpcUsers = [[ user: "user1", "password": "test", "permissions": ["ALL"]]]
+    }
+}

Advanced/duediligence-cordapp/clients/build.gradle

@@ -0,0 +1,31 @@
+apply plugin: 'org.springframework.boot'
+
+sourceSets {
+    main {
+        resources {
+            srcDir rootProject.file("config/dev")
+        }
+    }
+}
+
+dependencies {
+    // Corda dependencies.
+    compile "$corda_release_group:corda-rpc:$corda_release_version"
+
+    // CorDapp dependencies.
+    compile project(":contracts")
+    compile project(":workflows")
+    compile("org.springframework.boot:spring-boot-starter-websocket:$spring_boot_version") {
+        exclude group: "org.springframework.boot", module: "spring-boot-starter-logging"
+    }
+    compile "org.apache.logging.log4j:log4j-slf4j-impl:${log4j_version}"
+    compile "org.apache.logging.log4j:log4j-web:${log4j_version}"
+    compile "org.slf4j:jul-to-slf4j:$slf4j_version"
+}
+
+
+task uploadWhitelists(type: JavaExec, dependsOn: assemble) {
+    classpath = sourceSets.main.runtimeClasspath
+    main = 'net.corda.samples.duediligence.client.Client'
+    args 'localhost:10006', 'localhost:10009', 'localhost:10012'
+}

Advanced/duediligence-cordapp/clients/src/main/java/net/corda/samples/duediligence/client/Client.java

@@ -0,0 +1,96 @@
+package net.corda.samples.duediligence.client;
+
+import com.google.common.base.Charsets;
+import net.corda.client.rpc.CordaRPCClient;
+import net.corda.client.rpc.CordaRPCConnection;
+import net.corda.core.crypto.SecureHash;
+import net.corda.core.messaging.CordaRPCOps;
+import net.corda.core.utilities.NetworkHostAndPort;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import net.corda.samples.duediligence.Constants;
+
+import java.io.*;
+import java.nio.file.FileAlreadyExistsException;
+import java.util.List;
+import java.util.jar.JarInputStream;
+import java.util.stream.Collectors;
+
+public class Client {
+
+    private static class Companion {
+        static Logger logger = LoggerFactory.getLogger(Client.class);
+    }
+
+    /**
+     * Uploads the jar of blacklisted counterparties with whom agreements cannot be struck to the node.
+     */
+    public static void main(String[] args) throws IOException {
+        if (args.length == 0) {
+            String message = "Usage: uploadBlacklist <node address 1> <node address 2> ...";
+            throw new IllegalArgumentException(message.toString());
+        }
+
+        for (String arg : args) {
+            NetworkHostAndPort nodeAddress = NetworkHostAndPort.parse(arg);
+            CordaRPCConnection rpcConnection = new CordaRPCClient(nodeAddress).start("user1", "test");
+            CordaRPCOps proxy = rpcConnection.getProxy();
+
+            SecureHash attachmentHash = Constants.CORPORATE_JAR_HASH;
+
+            // take relative path using substring of constant BLACKLIST_JAR_PATH, check if node contains blacklist already
+            if (!proxy.attachmentExists(attachmentHash)) {
+                System.out.println("Working Directory = " +
+                        System.getProperty("user.dir"));
+                attachmentHash = uploadAttachment(proxy, Constants.CORPORATE_JAR_PATH);
+                Companion.logger.info("Corporate Auditor List uploaded to node at " + nodeAddress);
+            } else {
+                Companion.logger.info("Node already contains Corporate Auditor List, skipping upload at " + nodeAddress);
+            }
+
+            JarInputStream attachmentJar = downloadAttachment(proxy, attachmentHash);
+            Companion.logger.info("Corporate Auditor List downloaded from node at " + nodeAddress);
+
+            checkAttachment(attachmentJar, Constants.CORPORATE_ATTACTMENT_FILE_NAME, Constants.CORPORATE_ATTACHMENT_EXPECTED_CONTENTS);
+            Companion.logger.info("Attachment contents checked on node at " + nodeAddress);
+        }
+
+    }
+
+    /**
+     * Uploads the attachment at [attachmentPath] to the node.
+     */
+    private static SecureHash uploadAttachment(CordaRPCOps proxy, String attachmentPath) throws FileNotFoundException, FileAlreadyExistsException {
+        FileInputStream attachmentUploadInputStream = new FileInputStream(new File(attachmentPath));
+        return proxy.uploadAttachment(attachmentUploadInputStream);
+    }
+
+    /**
+     * Downloads the attachment with hash [attachmentHash] from the node.
+     */
+    private static JarInputStream downloadAttachment(CordaRPCOps proxy, SecureHash attachmentHash) throws IOException {
+        InputStream attachmentDownloadInputStream = proxy.openAttachment(attachmentHash);
+        return new JarInputStream(attachmentDownloadInputStream);
+    }
+
+    /**
+     * Checks the [expectedFileName] and [expectedContents] of the downloaded [attachmentJar].
+     */
+    private static void checkAttachment(JarInputStream attachmentJar, String expectedFileName, List<String> expectedContents) throws IOException {
+        String name = attachmentJar.getNextEntry().getName();
+        while (!name.equals(expectedFileName)) {
+            name = attachmentJar.getNextEntry().getName();
+        }
+
+        BufferedInputStream bisAttachmentJar = new BufferedInputStream(attachmentJar, (8 * 1024));
+        InputStreamReader isrAttachmentJar = new InputStreamReader(bisAttachmentJar, Charsets.UTF_8);
+        BufferedReader brAttachmentJar = new BufferedReader(isrAttachmentJar);
+
+        List<String> contents = brAttachmentJar.lines().collect(Collectors.toList());
+
+        if (!contents.equals(expectedContents)) {
+            throw new IllegalArgumentException("Downloaded JAR did not have the expected contents.");
+        }
+
+    }
+}