corda / net.corda.core.contracts

Package net.corda.core.contracts



An AttachmentConstraint where isSatisfiedBy always returns true.

object AlwaysAcceptAttachmentConstraint : AttachmentConstraint


Amount represents a positive quantity of some token (currency, asset, etc.), measured in quantity of the smallest representable units. The nominal quantity represented by each individual token is equal to the displayTokenSize. The scale property of the displayTokenSize should correctly reflect the displayed decimal places and is used when rounding conversions from indicative/displayed amounts in BigDecimal to Amount occur via the Amount.fromDecimal method.

data class Amount<T : Any> : Comparable<Amount<T>>


This class represents a possibly negative transfer of tokens from one vault state to another, possibly at a future date.

class AmountTransfer<T : Any, P : Any>


An attachment is a ZIP (or an optionally signed JAR) that contains one or more files. Attachments are meant to contain public static data which can be referenced from transactions and utilised from contracts. Good examples of how attachments are meant to be used include:

interface Attachment : NamedByHash


Constrain which contract-code-containing attachment can be used with a Contract.

interface AttachmentConstraint


object AutomaticHashConstraint : AttachmentConstraint


This AttachmentConstraint is a convenience class that acts as a placeholder and will be automatically resolved by the platform when set on an output state. It is the default constraint of all output states.

object AutomaticPlaceholderConstraint : AttachmentConstraint


Command data/content plus pubkey pair: the signature is stored at the end of the serialized bytes

data class Command<T : CommandData>


Return structure for OwnableState.withNewOwner

data class CommandAndState


Marker interface for classes that represent commands

interface CommandData


A Command where the signing parties have been looked up if they have a well known/recognised institutional key.

data class CommandWithParties<out T : CommandData>


An enum, for which each property corresponds to a transaction component group. The position in the enum class declaration (ordinal) is used for component-leaf ordering when computing the Merkle tree.

enum class ComponentGroupEnum


Implemented by a program that implements business logic on the shared ledger. All participants run this code for every net.corda.core.transactions.LedgerTransaction they see on the network, for every input and output state. All contracts must accept the transaction for it to be accepted: failure of any aborts the entire thing. The time is taken from a trusted time-window attached to the transaction itself i.e. it is NOT necessarily the current time.

interface Contract


An Attachment which represents a contract JAR.

class ContractAttachment : Attachment


typealias ContractClassName = String


A contract state (or just "state") contains opaque data used by a contract program. It can be thought of as a disk file that the program can use to persist data across transactions. States are immutable: once created they are never updated, instead, any changes must generate a new successor state. States can be updated (consumed) only once: the notary is responsible for ensuring there is no "double spending" by only signing a transaction if the input states are all free.

interface ContractState


Interface for contract states representing assets which are fungible, countable and issued by a specific party. States contain assets which are equivalent (such as cash of the same currency), so records of their existence can be merged or split as needed where the issuer is the same. For instance, dollars issued by the Fed are fungible and countable (in cents), barrels of West Texas crude are fungible and countable (oil from two small containers can be poured into one large container), shares of the same class in a specific company are fungible and countable, and so on.

interface FungibleAsset<T : Any> : FungibleState<Issued<T>>, OwnableState


Interface to represent things which are fungible, this means that there is an expectation that these things can be split and merged. That's the only assumption made by this interface.

interface FungibleState<T : Any> : ContractState


An AttachmentConstraint that verifies by hash. The state protected by this constraint can only be used in a transaction created with that version of the jar. And a receiving node will only accept it if a cordapp with that hash has (is) been deployed on the node.

data class HashAttachmentConstraint : AttachmentConstraint


The Issued data class holds the details of an on ledger digital asset. In particular it gives the public credentials of the entity that created these digital tokens and the particular product represented.

data class Issued<out P : Any>


LinearPointer allows a ContractState to "point" to another LinearState creating a "many-to-one" relationship between all the states containing the pointer to a particular LinearState and the LinearState being pointed to. Using the LinearPointer is useful when one state depends on the data contained within another state that evolves independently. When using LinearPointer it is worth noting:

class LinearPointer<T : LinearState> : StatePointer<T>


A state that evolves by superseding itself, all of which share the common "linearId".

interface LinearState : ContractState


A common move command for contract states which can change owner.

interface MoveCommand : CommandData


Implemented by anything that can be named by a secure hash value (e.g. transactions, attachments).

interface NamedByHash


A contract state that can have a single owner.

interface OwnableState : ContractState


Reference to something being stored or issued by a party e.g. in a vault or (more likely) on their normal ledger. The reference is intended to be encrypted so it's meaningless to anyone other than the party.

data class PartyAndReference


A privacy salt is required to compute nonces per transaction component in order to ensure that an adversary cannot use brute force techniques and reveal the content of a Merkle-leaf hashed value. Because this salt serves the role of the seed to compute nonces, its size and entropy should be equal to the underlying hash function used for Merkle tree generation, currently SecureHash.SHA256, which has an output of 32 bytes. There are two constructors, one that generates a new 32-bytes random salt, and another that takes a ByteArray input. The latter is required in cases where the salt value needs to be pre-generated (agreed between transacting parties), but it is highlighted that one should always ensure it has sufficient entropy.

class PrivacySalt : OpaqueBytes


A wrapper for a StateAndRef indicating that it should be added to a transaction as a reference input state.

data class ReferencedStateAndRef<out T : ContractState>


Defines a simple domain specific language for the specification of financial contracts. Currently covers:

object Requirements


interface SchedulableState : ContractState


Something which is scheduled to happen at a point in time.

interface Scheduled


This class represents the lifecycle activity that a contract state of type LinearState would like to perform at a given point in time. e.g. run a fixing flow.

data class ScheduledActivity : Scheduled


Represents a contract state (unconsumed output) of type LinearState and a point in time that a lifecycle event is expected to take place for that contract state.

data class ScheduledStateRef : Scheduled


An AttachmentConstraint that verifies that the attachment has signers that fulfil the provided PublicKey. See: Signature Constraints

data class SignatureAttachmentConstraint : AttachmentConstraint


Simple data class to associate the origin, owner, or holder of a particular Amount object.

data class SourceAndAmount<T : Any, out P : Any>


A convenience class for passing around a state and it's contract

data class StateAndContract


A StateAndRef is simply a (state, ref) pair. For instance, a vault (which holds available assets) contains these.

data class StateAndRef<out T : ContractState>


A StatePointer contains a pointer to a ContractState. The StatePointer can be included in a ContractState or included in an off-ledger data structure. StatePointers can be resolved to a StateAndRef by performing a vault query. There are two types of pointers; linear and static. LinearPointers are for use with LinearStates. StaticPointers are for use with any type of ContractState.

sealed class StatePointer<T : ContractState>


A stateref is a pointer (reference) to a state, this is an equivalent of an "outpoint" in Bitcoin. It records which transaction defined the state and where in that transaction it was.

data class StateRef


A StaticPointer contains a pointer to a specific StateRef and can be resolved by looking up the StateRef via ServiceHub. There are a number of things to keep in mind when using StaticPointers:

class StaticPointer<T : ContractState> : StatePointer<T>


An interval on the time-line; not a single instantaneous point.

abstract class TimeWindow


This interface is used by Amount to determine the conversion ratio from indicative/displayed asset amounts in BigDecimal to fungible tokens represented by Amount objects.

interface TokenizableAssetInfo


A wrapper for ContractState containing additional platform-level state information and contract information. This is the definitive state that is stored on the ledger and used in transaction outputs.

data class TransactionState<out T : ContractState>


Commands that inherit from this are intended to have no data items: it's only their presence that matters.

abstract class TypeOnlyCommandData : CommandData


This class provides a truly unique identifier of a trade, state, or other business object, bound to any existing external ID. Equality and comparison are based on the unique ID only; if two states somehow have the same UUID but different external IDs, it would indicate a problem with handling of IDs.

data class UniqueIdentifier : Comparable<UniqueIdentifier>


Interface which can upgrade state objects issued by a contract to a new state object issued by a different contract. The upgraded contract should specify the legacy contract class name, and provide an upgrade function that will convert legacy contract states into states defined by this contract.

interface UpgradedContract<in OldState : ContractState, out NewState : ContractState> : Contract


This interface allows specifying a custom legacy contract constraint for upgraded contracts. The default for UpgradedContract is WhitelistedByZoneAttachmentConstraint.

interface UpgradedContractWithLegacyConstraint<in OldState : ContractState, out NewState : ContractState> : UpgradedContract<OldState, NewState>


An AttachmentConstraint that verifies that the hash of the attachment is in the network parameters whitelist. See: net.corda.core.node.NetworkParameters.whitelistedContractImplementations It allows for centralized control over the cordapps that can be used.

object WhitelistedByZoneAttachmentConstraint : AttachmentConstraint



This annotation is required by any ContractState which needs to ensure that it is only ever processed as part of a TransactionState referencing the specified Contract. It may be omitted in the case that the ContractState class is defined as an inner class of its owning Contract class, in which case the "X belongs to Y" relationship is taken to be implicitly declared.

annotation class BelongsToContract


The annotated Contract implements the legal prose identified by the given URI.

annotation class LegalProseReference


This annotation should only be added to Contract classes. If the annotation is present, then we assume that Contract.verify will ensure that the output states have an acceptable constraint. If the annotation is missing, then the default - secure - constraint propagation logic is enforced by the platform.

annotation class NoConstraintPropagation



The node asked a remote peer for the attachment identified by hash because it is a dependency of a transaction being resolved, but the remote peer would not provide it.

class AttachmentResolutionException : FlowException


A non-specific exception for the attachment identified by attachmentId. The context for this error is provided via the message and cause.

class BrokenAttachmentException : FlowException


Thrown if a request is made to spend an amount of a FungibleAsset but there aren't enough tokens in the vault.

class InsufficientBalanceException : FlowException


The node asked a remote peer for the transaction identified by hash because it is a dependency of a transaction being resolved, but the remote peer would not provide it.

open class TransactionResolutionException : FlowException


Indicates that some aspect of the transaction named by txId violates the platform rules. The exact type of failure is expressed using a subclass. TransactionVerificationException is a FlowException and thus when thrown inside a flow, the details of the failure will be serialised, propagated to the peer and rethrown.

abstract class TransactionVerificationException : FlowException

Extensions for External Classes





The maximum permissible size of an issuer reference.

const val MAX_ISSUER_REF_SIZE: Int



Returns the SHA-256 hash of the serialised contents of this state (not cached!)

fun ContractState.hash(): SecureHash

Returns the hash of the serialised contents of this state (not cached!)

fun ContractState.hash(algorithm: String): SecureHash


fun <R> requireThat(body: Requirements.() -> R): R


Simple functionality for verifying a move command. Verifies that each input has a signature from its owning key.

fun <T : MoveCommand> verifyMoveCommand(inputs: List<OwnableState>, commands: List<CommandWithParties<CommandData>>): MoveCommand


Strips the issuer and returns an Amount of the raw token directly. This is useful when you are mixing code that cares about specific issuers with code that will accept any, or which is imposing issuer constraints via some other mechanism and the additional type safety is not wanted.

fun <T : Any> Amount<Issued<T>>.withoutIssuer(): Amount<T>