All Types


Initiates a flow that produces an Issue/Move or Exit Cash transaction.


An AbstractParty contains the common elements of Party and AnonymousParty, specifically the owning key of the party. In most cases Party or AnonymousParty should be used, depending on use-case.


Abstract flow to be used for replacing one state with another, for example when changing the notary of a state. Notably this requires a one to one replacement of states, states cannot be split, merged or issued as part of these flows.

Simple enum for returning accurals adjusted or unadjusted. We don't actually do anything with this yet though, so it's ignored for now.

A special base class for the set of all possible recipients, without having to identify who they all are.


An AttachmentConstraint where isSatisfiedBy always returns true.


Amount represents a positive quantity of some token (currency, asset, etc.), measured in quantity of the smallest representable units. The nominal quantity represented by each individual token is equal to the displayTokenSize. The scale property of the displayTokenSize should correctly reflect the displayed decimal places and is used when rounding conversions from indicative/displayed amounts in BigDecimal to Amount occur via the Amount.fromDecimal method.


This class represents a possibly negative transfer of tokens from one vault state to another, possibly at a future date.


The AnonymousParty class contains enough information to uniquely identify a Party while excluding private information such as name. It is intended to represent a party on the distributed ledger.


An attachment is a ZIP (or an optionally signed JAR) that contains one or more files. Attachments are meant to contain public static data which can be referenced from transactions and utilised from contracts. Good examples of how attachments are meant to be used include:


Constrain which contract-code-containing attachment can be used with a ContractState.

An attachment store records potentially large binary objects, identified by their hash.


This AttachmentConstraint is a convenience class that will be automatically resolved to a HashAttachmentConstraint. The resolution occurs in TransactionBuilder.toWireTransaction and uses the TransactionState.contract value to find a corresponding loaded Cordapp that contains such a contract, and then uses that Cordapp as the Attachment.


An abstract class defining fields shared by all transaction types in the system.

Subset of state, containing the elements which must match for two obligation transactions to be nettable. If two obligation state objects produce equal bilateral net states, they are considered safe to net directly. Bilateral states are used in close-out netting.

Interface for state objects that support being netted with other state objects.

A business calendar performs date calculations that take into account national holidays and weekends. This is a typical feature of financial contracts, in which a business may not want a payment event to fall on a day when no staff are around to handle problems.
kotlin.ByteArray (extensions in package net.corda.core.crypto)
kotlin.ByteArray (extensions in package net.corda.core.serialization)
kotlin.ByteArray (extensions in package net.corda.core.utilities) (extensions in package net.corda.core.internal)

An abstraction of a byte array, with offset and size that does no copying of bytes unless asked to.

A cash transaction may split and merge money represented by a set of (issuer, depositRef) pairs, across multiple input and output states. Imagine a Bitcoin transaction but in which all UTXOs had a colour (a blend of issuer+depositRef) and you couldn't merge outputs of two colours together, but you COULD put them in the same transaction.

Flow to obtain cash cordapp app configuration.

Initiates a flow that produces an cash exit transaction.

Initiates a flow that self-issues cash (which should then be sent to recipient(s) using a payment transaction).

Initiates a flow that self-issues cash (which should then be sent to recipient(s) using a payment transaction).

Initiates a flow that sends cash to a recipient.

An object used to fully qualify the CashSchema family name (i.e. independent of version).

First version of a cash contract ORM schema that maps all fields of the Cash contract state as it stood at the time of writing.

Pluggable interface to allow for different cash selection provider implementations Default implementation CashSelectionH2Impl uses H2 database and a custom function within H2 to perform aggregation. Custom implementations must implement this interface and declare their implementation in META-INF/services/net.corda.contracts.asset.CashSelection (extensions in package net.corda.core.internal)

A simple lookup table of city names to their coordinates. Lookups are case insensitive.

java.lang.Class (extensions in package net.corda.core.internal)

Get and check the required signature.


The CollectSignaturesFlow is used to automate the collection of counter-party signatures for a given transaction.

kotlin.collections.Collection (extensions in package net.corda.core.contracts)
kotlin.collections.Collection (extensions in package net.corda.core.internal.concurrent)
kotlin.collections.Collection (extensions in package net.corda.core.utilities)

Command data/content plus pubkey pair: the signature is stored at the end of the serialized bytes


Return structure for OwnableState.withNewOwner


Marker interface for classes that represent commands


A Command where the signing parties have been looked up if they have a well known/recognised institutional key.

An object used to fully qualify the CommercialPaperSchema family name (i.e. independent of version).

First version of a commercial paper contract ORM schema that maps all fields of the CommercialPaper contract state as it stood at the time of writing.

Class representing a commodity, as an equivalent to the Currency class. This exists purely to enable the CommodityContract contract, and is likely to change in future.

A commodity contract represents an amount of some commodity, tracked on a distributed ledger. The design of this contract is intentionally similar to the Cash contract, and the same commands (issue, move, exit) apply, the differences are in representation of the underlying commodity. Issuer in this context means the party who has the commodity, or is otherwise responsible for delivering the commodity on demand, and the deposit reference is use for internal accounting by the issuer (it might be, for example, a warehouse and/or location within a warehouse).


JPA representation of the common schema entities


First version of the Vault ORM schema


A ComponentGroup is used to store the full list of transaction components of the same type in serialised form. Practically, a group per component type of a transaction is required; thus, there will be a group for input states, a group for all attachments (if there are any) etc.


An enum, for which each property corresponds to a transaction component group. The position in the enum class declaration (ordinal) is used for component-leaf ordering when computing the Merkle tree.


Thrown when checking for visibility of all-components in a group in FilteredTransaction.checkAllComponentsVisible.


A tree data structure that enables the representation of composite public keys, which are used to represent the signing requirements for multisignature scenarios such as RAFT notary services. A composite key is a list of leaf keys and their contributing weight, and each leaf can be a conventional single key or a composite key. Keys contribute their weight to the total if they are matched by the signature.


Factory for generating composite keys from ASN.1 format key specifications. This is used by CordaSecurityProvider.


Dedicated class for storing a set of signatures that comprise CompositeKey.


Custom class for holding signature data. This exists for later extension work to provide a standardised cross-platform serialization format.


Implemented by a program that implements business logic on the shared ledger. All participants run this code for every net.corda.core.transactions.LedgerTransaction they see on the network, for every input and output state. All contracts must accept the transaction for it to be accepted: failure of any aborts the entire thing. The time is taken from a trusted time-window attached to the transaction itself i.e. it is NOT necessarily the current time.


Wrap an attachment in this if it is to be used as an executable contract attachment


A contract state (or just "state") contains opaque data used by a contract program. It can be thought of as a disk file that the program can use to persist data across transactions. States are immutable: once created they are never updated, instead, any changes must generate a new successor state. States can be updated (consumed) only once: the notary is responsible for ensuring there is no "double spending" by only signing a transaction if the input states are all free.


A flow to be used for authorising and upgrading state objects of an old contract to a new contract.

The ContractUpgradeService is responsible for securely upgrading contract state objects according to a specified and mutually agreed (amongst participants) contract version. See also ContractUpgradeFlow to understand the workflow associated with contract upgrades.


Same as Future with additional methods to provide some of the features of java.util.concurrent.CompletableFuture while minimising the API surface area. In Kotlin, to avoid compile errors, whenever CordaFuture is used in a parameter or extension method receiver type, its type parameter should be specified with out variance.


An RPC client connects to the specified server and allows you to make calls to the server that perform various useful tasks. Please see the Client RPC section of to learn more about how this API works. A brief description is provided here.


Can be used to configure the RPC client connection.


This class is essentially just a wrapper for an RPCConnection and can be treated identically.


RPC operations that the node exposes to clients.


This annotation is a marker to indicate that a class is permitted and intended to be serialized as part of Node messaging.

Annotate any class that needs to be a long-lived service within the node, such as an oracle, with this annotation. Such a class needs to have a constructor with a single parameter of type ServiceHub. This constructor will be invoked during node start to initialise the service. The service hub provided can be used to get information about the node that may be necessary for the service. Corda services are created as singletons within the node and are available to flows via ServiceHub.cordaService.


X.500 distinguished name data type customised to how Corda uses names. This restricts the attributes to those Corda supports, and requires that organsation, locality and country attributes are specified. See also RFC 4519 for the underlying attribute type definitions


Represents a cordapp by registering the JAR that contains it and all important classes for Corda. Instances of this class are generated automatically at startup of a node and can get retrieved from CordappProvider.getAppContext from the CordappContext it returns.


An app context provides information about where an app was loaded from, access to its classloader, and (in the included Cordapp object) lists of annotated classes discovered via scanning the JAR.


Provides access to what the node knows about loaded applications.


A transaction with the minimal amount of information required to compute the unique transaction id, and resolve a FullTransaction. This type of transaction, wrapped in SignedTransaction, gets transferred across the wire and recorded to storage.

This object controls and provides the available and supported signature schemes for Corda. Any implemented SignatureScheme should be strictly defined here. However, only the schemes returned by {@link #listSupportedSignatureSchemes()} are supported. Note that Corda currently supports the following signature schemes by their code names:

Interpolates values between the given data points using a SplineFunction.

java.util.Currency (extensions in package

The Data feed contains a snapshot of the requested data and an Observable of future updates.


This reflects what happens if a date on which a business event is supposed to happen actually falls upon a non-working day. Depending on the accounting requirement, we can move forward until we get to a business day, or backwards. There are some additional rules which are explained in the individual cases below.

This is utilised in the DateRollConvention class to determine which way we should initially step when finding a business day.

This forms the day part of the "Day Count Basis" used for interest calculation. Note that the first character cannot be a number (enum naming constraints), so we drop that in the toString lest some people get confused.

This forms the year part of the "Day Count Basis" used for interest calculation.

Interface representing an agreement that exposes various attributes that are common. Implementing it simplifies implementation of general flows that manipulate many agreement types.


A simple wrapper around a Field object providing type safe read and write access using value, ignoring the field's visibility.


This annotation is a marker to indicate which secondary constructors should be considered, and in which order, for evolving objects during their deserialisation.


A wrapper around a digital signature.

kotlin.Double (extensions in package
java.time.Duration (extensions in package net.corda.core.internal)

A simple wrapper class that contains icons and support for printing them only when we're connected to a terminal.
java.util.concurrent.Executor (extensions in package net.corda.core.internal.concurrent)

Represents a textual expression of e.g. a formula

Given a set of hashes either loads from from local storage or requests them from the other peer. Downloaded attachments are saved to local storage automatically.


An abstract flow for fetching typed data from a remote peer.


Given a set of tx hashes (IDs), either loads them from local disk or asks the remote peer to provide them.


A FilteredComponentGroup is used to store the filtered list of transaction components of the same type in serialised form. This is similar to ComponentGroup, but it also includes the corresponding nonce per component.


Class representing merkleized filtered transaction.


Thrown when FilteredTransaction.verify fails.


Verifies the given transaction, then sends it to the named notary. If the notary agrees that the transaction is acceptable then it is from that point onwards committed to the ledger, and will be written through to the vault. Additionally it will be distributed to the parties reflected in the participants list of the states.

A Fix represents a named interest rate, on a given day, for a given duration. It can be embedded in a tx.

A FixOf identifies the question side of a fix: what day, tenor and type of fix ("LIBOR", "EURIBOR" etc)

Interface adding fixing specific methods.


Exception which can be thrown by a FlowLogic at any point in its logic to unexpectedly bring it to a permanent end. The exception will propagate to all counterparty flows and will be thrown on their end the next time they wait on a FlowSession.receive or FlowSession.sendAndReceive. Any flow which no longer needs to do a receive, or has already ended, will not receive the exception (if this is required then have them wait for a confirmation message).


FlowHandle is a serialisable handle for the started flow, parameterised by the type of the flow's return value.


Version and name of the CorDapp hosting the other side of the flow.


FlowInitiator holds information on who started the flow. We have different ways of doing that: via RPC FlowInitiator.RPC, communication started by peer node FlowInitiator.Peer, scheduled flows FlowInitiator.Scheduled or via the Corda Shell FlowInitiator.Shell.


A sub-class of FlowLogic implements a flow using direct, straight line blocking code. Thus you can write complex flow logic in an ordinary fashion, without having to think about callbacks, restarting after a node crash, how many instances of your flow there are running and so on.


A handle interface representing a FlowLogic instance which would be possible to safely pass out of the contract sandbox. Use FlowLogicRefFactory to construct a concrete security checked instance.


The public factory interface for creating validated FlowLogicRef instances as part of the scheduling framework. Typically this would be used from within the nextScheduledActivity method of a QueryableState to specify the flow to run at the scheduled time.


FlowProgressHandle is a serialisable handle for the started flow, parameterised by the type of the flow's return value.


A FlowSession is a handle on a communication sequence between two paired flows, possibly running on separate nodes. It is used to send and receive messages between the flows as well as to query information about the counter-flow.


Main data object representing snapshot of the flow stack, extracted from the Quasar stack.


This is an internal interface that is implemented by code in the node module. You should look at FlowLogic.

Frequency at which an event occurs - the enumerator also casts to an integer specifying the number of times per year that would divide into (eg annually = 1, semiannual = 2, monthly = 12 etc).


A transaction with fully resolved components, such as input states.


Interface for contract states representing assets which are fungible, countable and issued by a specific party. States contain assets which are equivalent (such as cash of the same currency), so records of their existence can be merged or split as needed where the issuer is the same. For instance, dollars issued by the Fed are fungible and countable (in cents), barrels of West Texas crude are fungible and countable (oil from two small containers can be poured into one large container), shares of the same class in a specific company are fungible and countable, and so on.

java.util.concurrent.Future (extensions in package net.corda.core.concurrent)
java.util.concurrent.Future (extensions in package net.corda.core.utilities)

An AttachmentConstraint that verifies by hash

An identity service maintains a directory of parties by their associated distinguished name/public keys and thus supports lookup of a party given its key, or name. The service also manages the certificates linking confidential identities back to the well known identity (i.e. the identity in the network map) of a party.


This annotation is required by any FlowLogic that is designed to be initiated by a counterparty flow. The class must have at least a constructor which takes in a single net.corda.core.identity.Party parameter which represents the initiating counterparty. The FlowLogic that does the initiating is specified by the value property and itself must be annotated with InitiatingFlow.


This annotation is required by any FlowLogic which has been designated to initiate communication with a counterparty and request they start their side of the flow communication. (extensions in package net.corda.core.internal)
kotlin.Int (extensions in package net.corda.core.utilities)
kotlin.Int (extensions in package
kotlin.collections.IntIterator (extensions in package net.corda.core.internal)
kotlin.ranges.IntProgression (extensions in package net.corda.core.internal)

The Issued data class holds the details of an on ledger digital asset. In particular it gives the public credentials of the entity that created these digital tokens and the particular product represented.

kotlin.collections.Iterable (extensions in package net.corda.core.contracts)
kotlin.collections.Iterable (extensions in package net.corda.core.crypto)
kotlin.collections.Iterable (extensions in package net.corda.core.internal)
kotlin.collections.Iterable (extensions in package

Utilities and serialisers for working with JSON representations of basic types. This adds Jackson support for the java.time API, some core types, and Kotlin data classes.

java.util.jar.JarInputStream (extensions in package net.corda.core.internal)
kotlin.reflect.KClass (extensions in package net.corda.core.internal)

The KMS is responsible for storing and using private keys to sign things. An implementation of this may, for example, call out to a hardware security module that enforces various auditing and frequency-of-use requirements. (extensions in package net.corda.core.crypto)

A lazy pool of resources A.


A LazyStickyPool is a lazy pool of resources where a borrow may "stick" the borrowed instance to an object. Any subsequent borrows using the same object will return the same pooled instance.


A LedgerTransaction is derived from a WireTransaction. It is the result of doing the following operations:


The annotated Contract implements the legal prose identified by the given URI.


This class provides simple tracking of the lifecycle of a service-type object. S is an enum enumerating the possible states the service can be in.

Interpolates values between the given data points using straight lines.


A state that evolves by superseding itself, all of which share the common "linearId".

kotlin.collections.List (extensions in package net.corda.core.internal)
org.slf4j.Logger (extensions in package net.corda.core.internal)
org.slf4j.Logger (extensions in package net.corda.core.utilities)
kotlin.Long (extensions in package net.corda.core.utilities)

A database schema that might be configured for this node. As well as a name and version for identifying the schema, also list the classes that may be used in the generated object graph in order to configure the ORM tool.


Creation and verification of a Merkle tree for a WireTransaction.


A base class for a set of recipients specifically identified by the sender.


The interface for a group of message recipients (which may contain only one recipient)


Thrown during deserialisation to indicate that an attachment needed to construct the WireTransaction is not found.


A contract attachment was missing when trying to automatically attach all known contract attachments


A common move command for contract states which can change owner.

Subset of state, containing the elements which must match for two or more obligation transactions to be candidates for netting (this does not include the checks to enforce that everyone's amounts received are the same at the end, which is handled under the verify() function). In comparison to BilateralNetState, this doesn't include the parties' keys, as ensuring balances match on input and output is handled elsewhere. Used in cases where all parties (or their proxies) are signing, such as central clearing.

Interface for state objects that support being netted with other state objects.


Implemented by anything that can be named by a secure hash value (e.g. transactions, attachments).

A common netting command for contracts whose states can be netted.

Common interface for the state subsets used when determining nettability of two or more states. Exposes the underlying issued thing.

Enum for the types of netting that can be applied to state objects. Exact behaviour for each type of netting is left to the contract to determine.

Tuple of host and port. Use NetworkHostAndPort.parse on untrusted data.

A network map contains lists of nodes on the network along with information about their identity keys, services they provide and host names or IP addresses where they can be connected to. The cache wraps around a map fetched from an authoritative service, and adds easy lookup of the data stored within it. Generally it would be initialised with a specified network map service, which it fetches data from and then subscribes to updates of.


Information about a network node that acts on behalf of some party. NodeInfos can be found via the network map cache, accessible from a They are also available via RPC using the net.corda.core.messaging.CordaRPCOps.networkMapSnapshot method.


An immutable ordered non-empty set.


A flow to be used for changing a state's Notary. This is required since all input states to a transaction must point to the same notary.


A notary change transaction with fully resolved inputs and signatures. In contrast with a regular transaction, signatures are checked against the signers specified by input states' participants fields, so full resolution is needed for signature verification.


A special transaction for changing the notary of a state. It only needs specifying the state(s) as input(s), old and new notaries. Output states can be computed by applying the notary modification to corresponding inputs on the fly.


An obligation contract commits the obligor to delivering a specified amount of a fungible asset (for example the Cash contract) at a specified future point in time. Settlement transactions may split and merge contracts across multiple input and output states. The goal of this design is to handle amounts owed, and these contracts are expected to be netted/merged, with settlement only for any remainder amount.

rx.Observable (extensions in package net.corda.core.internal)
rx.Observable (extensions in package net.corda.core)
rx.Observable (extensions in package net.corda.client.rpc)

Holds a context available during Kryo deserialisation of messages that are expected to contain Observables.

rx.Observer (extensions in package net.corda.core.internal)

An asset transaction may split and merge assets represented by a set of (issuer, depositRef) pairs, across multiple input and output states. Imagine a Bitcoin transaction but in which all UTXOs had a colour (a blend of issuer+depositRef) and you couldn't merge outputs of two colours together, but you COULD put them in the same transaction.


A simple class that wraps a byte array and makes the equals/hashCode/toString methods work as you actually expect. In an ideal JVM this would be a value type and be completely overhead free. Project Valhalla is adding such functionality to Java, but it won't arrive for a few years yet!


Class is public for serialization purposes


A CordaFuture with additional methods to complete it with a value, exception or the outcome of another future.

A contract state that can have a single owner.

PageSpecification allows specification of a page number (starting from DEFAULT_PAGE_NUM) and page size (defaulting to DEFAULT_PAGE_SIZE with a maximum page size of MAX_PAGE_SIZE) Note: we default the page number to DEFAULT_PAGE_SIZE to enable queries without requiring a page specification but enabling detection of large results sets that fall out of the DEFAULT_PAGE_SIZE requirement. MAX_PAGE_SIZE should be used with extreme caution as results may exceed your JVM memory footprint.


Building and verification of Partial Merkle Tree. Partial Merkle Tree is a minimal tree needed to check that a given set of leaves belongs to a full Merkle Tree.


The Party class represents an entity on the network, which is typically identified by a legal name and public key that it can sign transactions under. As parties may use multiple keys for signing and, for example, have offline backup keys, the "public key" of a party can be represented by a composite construct – a CompositeKey, which combines multiple cryptographic public key primitives into a tree structure.

A simple holder for a (possibly anonymous) AbstractParty and a quantity of tokens


A full party plus the X.509 certificate and path linking the party back to a trust root. Equality of PartyAndCertificate instances is based on the party only, as certificate and path are data associated with the party, not part of the identifier themselves.


Reference to something being stored or issued by a party e.g. in a vault or (more likely) on their normal ledger. The reference is intended to be encrypted so it's meaningless to anyone other than the party.

Holds information about a Party, which may refer to either a specific node or a service.

java.nio.file.Path (extensions in package net.corda.core.internal)

Whether the payment should be made before the due date, or after it.


Thrown to indicate that the calling user does not have permission for something they have requested (for example calling a method).


A super class for all mapped states exported to a schema that ensures the StateRef appears on the database row. The StateRef will be set to the correct value by the framework (there's no need to set during mapping generation by the state itself).


Embedded StateRef representation used in state mapping.

Represents a polynomial function of arbitrary degree.


A privacy salt is required to compute nonces per transaction component in order to ensure that an adversary cannot use brute force techniques and reveal the content of a Merkle-leaf hashed value. Because this salt serves the role of the seed to compute nonces, its size and entropy should be equal to the underlying hash function used for Merkle tree generation, currently SecureHash.SHA256, which has an output of 32 bytes. There are two constructors, one that generates a new 32-bytes random salt, and another that takes a ByteArray input. The latter is required in cases where the salt value needs to be pre-generated (agreed between transacting parties), but it is highlighted that one should always ensure it has sufficient entropy. (extensions in package net.corda.core.crypto)

A progress tracker helps surface information about the progress of an operation to a user interface or API of some kind. It lets you define a set of steps that represent an operation. A step is represented by an object (typically a singleton).


Simple interface encapsulating the implicit Kotlin contract for immutable property delegates. (extensions in package net.corda.core.crypto) (extensions in package net.corda.core.utilities)

Indexing assumptions: QueryCriteria assumes underlying schema tables are correctly indexed for performance.


A contract state that may be mapped to database schemas configured for this node to support querying for, or filtering of, states.


This configuration may be used to tweak the internals of the RPC client.


This class provides a proxy implementation of an RPC interface for RPC clients. It translates API calls to lower-level RPC protocol messages. For this protocol see RPCApi.


Holds a proxy object implementing I that forwards requests to the RPC server. The server version can be queried via this interface.


Thrown to indicate a fatal error in the RPC system itself, as opposed to an error generated by the invoked method.


Base interface that all RPC servers must implement. Note: in Corda there's only one RPC interface. This base interface is here in case we split the RPC system out into a separate library one day.


If an RPC is tagged with this annotation it may return one or more observables anywhere in its response graph. Calling such a method comes with consequences: it's slower, and consumes server side resources as observations will buffer up on the server until they're consumed by the client.


Records the protocol version in which this RPC was added.


The ReceiveStateAndRefFlow should be called in response to the SendStateAndRefFlow.


The ReceiveTransactionFlow should be called in response to the SendTransactionFlow.


Defines a simple domain specific language for the specification of financial contracts. Currently covers:


Resolves transactions for the specified txHashes along with their full history (dependency graph) from otherSide. Each retrieved transaction is validated and inserted into the local transaction storage.


A Serializer to deserialise Observables once the corresponding Kryo instance has been provided with an ObservableContext.


Any FlowLogic which is schedulable and is designed to be invoked by a net.corda.core.contracts.SchedulableState must have this annotation. If it's missing FlowLogicRefFactory.create will throw an exception when it comes time to schedule the next activity in net.corda.core.contracts.SchedulableState.nextScheduledActivity.


Something which is scheduled to happen at a point in time.


This class represents the lifecycle activity that a contract state of type LinearState would like to perform at a given point in time. e.g. run a fixing flow.


Represents a contract state (unconsumed output) of type LinearState and a point in time that a lifecycle event is expected to take place for that contract state.

Container for a cryptographically secure hash value. Provides utilities for generating a cryptographic hash using different algorithms (currently only SHA-256 supported).


The SendStateAndRefFlow should be used to send a list of input StateAndRef to another peer that wishes to verify the input's integrity by resolving and checking the dependencies as well. The other side should invoke ReceiveStateAndRefFlow at the right point in the conversation to receive the input state and ref and perform the resolution back-and-forth required to check the dependencies.


The SendTransactionFlow should be used to send a transaction to another peer that wishes to verify that transaction's integrity by resolving and checking the dependencies as well. The other side should invoke ReceiveTransactionFlow at the right point in the conversation to receive the sent transaction and perform the resolution back-and-forth required to check the dependencies and download any missing attachments.


Parameters to serialization and deserialization.


Global singletons to be used as defaults that are injected elsewhere (generally, in the node or in RPC client).


An abstraction for serializing and deserializing objects, with support for versioning of the wire format via a header / prefix in the bytes.


This represents a token in the serialized stream for an instance of a type that implements SerializeAsToken.


Provide a subclass of this via the java.util.ServiceLoader mechanism to be able to whitelist types for serialisation that you cannot otherwise annotate. The name of the class must appear in a text file on the classpath under the path META-INF/services/net.corda.core.serialization.SerializationWhitelist


This interface should be implemented by classes that want to substitute a token representation of themselves if they are serialized because they have a lot of internal state that does not serialize (well).


A context for mapping SerializationTokens to/from SerializeAsTokens.


A type safe wrapper around a byte array that contains a serialised object. You can call SerializedBytes.deserialize to get the original object back.


A service hub is the starting point for most operations you can do inside the node. You are provided with one when a class annotated with CordaService is constructed, and you have access to one inside flows. Most RPCs simply forward to the services found here after some access checking.


Subset of node services that are used for loading transactions from the wire into fully resolved, looked up forms ready for verification.


The SignTransactionFlow should be called in response to the CollectSignaturesFlow. It automates the signing of a transaction providing the transaction:


A SignableData object is the packet actually signed. It works as a wrapper over transaction id and signature metadata.


SignatureMeta is required to add extra meta-data to a transaction's signature. It currently supports platformVersion only, but it can be extended to support a universal digital signature model enabling partial signatures and attaching extra information, such as a user's timestamp or other application-specific fields.


This class is used to define a digital signature scheme.


A serialized piece of data and its signature. Enforces signature validity in order to deserialize the data contained within.


SignedTransaction wraps a serialized WireTransaction. It contains one or more signatures, each one for a public key (including composite keys) that is mentioned inside a transaction command. SignedTransaction is the top level transaction type and the type most frequently passed around the network and stored. The identity of a transaction is the hash of Merkle root of a WireTransaction, therefore if you are storing data keyed by WT hash be aware that multiple different STs may map to the same key (and they could be different in important ways, like validity!). The signatures on a SignedTransaction might be invalid or missing: the type does not imply validity. A transaction ID should be the hash of the WireTransaction Merkle tree root. Thus adding or removing a signature does not change it.


A base class for the case of point-to-point messages


A class representing a SerializationToken for some object that is not serializable but can be looked up (when deserialized) via just the class name.


A base class for implementing large objects / components / services that need to serialize themselves to a string token to indicate which instance the token is a serialized form of.

Sort allows specification of a set of entity attribute names and their associated directionality and null handling, to be applied upon processing a query specification.

Simple data class to associate the origin, owner, or holder of a particular Amount object.

A spline is function piecewise-defined by polynomial functions. Points at which polynomial pieces connect are known as knots.


Token class, used to indicate stack presence of the corda internal data. Since this data is of no use for a CordApp developer, it is skipped from serialisation and its presence is only marked by this token.


Any FlowLogic which is to be started by the RPC interface (net.corda.core.messaging.CordaRPCOps.startFlowDynamic and net.corda.core.messaging.CordaRPCOps.startTrackedFlowDynamic) must have this annotation. If it's missing the flow will not be allowed to start and an exception will be thrown.


A convenience class for passing around a state and it's contract


A StateAndRef is simply a (state, ref) pair. For instance, a vault (which holds available assets) contains these.


A unique identifier for a single state machine run, valid across node restarts. Note that a single run always has at least one flow, but that flow may also invoke sub-flows: they all share the same run id.


Marker interface to denote a persistable Corda state entity that will always have a transaction id and index


A stateref is a pointer (reference) to a state, this is an equivalent of an "outpoint" in Bitcoin. It records which transaction defined the state and where in that transaction it was.

net.corda.core.flows.StateReplacementException (extensions in package net.corda.core.internal)
kotlin.String (extensions in package net.corda.core.internal)
kotlin.String (extensions in package net.corda.core.utilities)

This class parses strings in a format designed for human usability into ParsedMethodCall objects representing a ready-to-invoke call on the given target object. The strings accepted by this class are a minor variant of Yaml and can be easily typed at a command line. Intended use cases include things like the Corda shell, text-based RPC dispatch, simple scripting and so on.

java.time.temporal.Temporal (extensions in package net.corda.core.internal)

Placeholder class for the Tenor datatype - which is a standardised duration of time until maturity


A threadbox is a simple utility that makes it harder to forget to take a lock before accessing some shared state. Simply define a private class to hold the data that must be grouped under the same lock, and then pass the only instance to the ThreadBox constructor. You can now use the locked method with a lambda to take the lock in a way that ensures it'll be released if there's an exception.

kotlin.Throwable (extensions in package net.corda.core.internal)

An interval on the time-line; not a single instantaneous point.

Checks if the current instant provided by the input clock falls within the provided time-window.


This interface is used by Amount to determine the conversion ratio from indicative/displayed asset amounts in BigDecimal to fungible tokens represented by Amount objects.


A TransactionBuilder is a transaction class that's mutable (unlike the others which are all immutable). It is intended to be passed around contracts that may edit it by adding new states/commands. Then once the states and commands are right, this class can be used as a holding bucket to gather signatures from multiple parties.


The minimum amount of information needed to notarise a transaction. Note that this does not include any sensitive transaction details.


A wrapper over the signature output accompanied by signer's public key and signature metadata. This is similar to DigitalSignature.WithKey, but targeted to DLT transaction signatures.


A wrapper for ContractState containing additional platform-level state information and contract information. This is the definitive state that is stored on the ledger and used in transaction outputs.

Thread-safe storage of transactions.


An interface for transactions containing signatures, with logic for signature verification


Implemented by WireTransaction and FilteredTransaction. A TraversableTransaction allows you to iterate over the flattened components of the underlying transaction structure, taking into account that some may be missing in the case of this representing a "torn" transaction. Please see the user guide section "Transaction tear-offs" to learn more about this feature.

A base notary service implementation that provides functionality for cases where a signature by a single member of the cluster is sufficient for transaction notarisation. For example, a single-node or a Raft notary.


Representation of an operation that has either succeeded with a result (represented by Success) or failed with an exception (represented by Failure).

Classes for manipulating a two party deal or agreement.

This asset trading flow implements a "delivery vs payment" type swap. It has two parties (B and S for buyer and seller) and the following steps:


Commands that inherit from this are intended to have no data items: it's only their presence that matters.


Thrown when a flow session ends unexpectedly due to a type mismatch (the other side sent an object of a type that we were not expecting), or the other side had an internal error, or the other side terminated when we were waiting for a response.


This class provides a truly unique identifier of a trade, state, or other business object, bound to any existing external ID. Equality and comparison are based on the unique ID only; if two states somehow have the same UUID but different external IDs, it would indicate a problem with handling of IDs.

A service that records input states of the given transaction and provides conflict information if any of the inputs have already been used in another transaction.

A small utility to approximate taint tracking: if a method gives you back one of these, it means the data came from a remote source that may be incentivised to pass us junk that violates basic assumptions and thus must be checked first. The wrapper helps you to avoid forgetting this vital step. Things you might want to check are:


Indicates that this transaction replaces the inputs contract state to another contract state


Interface which can upgrade state objects issued by a contract to a new state object issued by a different contract.


The contravariant members of OpenFuture.


Simple interface encapsulating the implicit Kotlin contract for mutable property delegates.

A vault (name may be temporary) wraps a set of states that are useful for us to keep track of, for instance, because we own them. This class represents an immutable, stable state of a vault: it is guaranteed not to change out from underneath you, even though the canonical currently-best-known vault may change as we learn about new transactions from our peers and generate new transactions that consume states ourselves.

A VaultService is responsible for securely and safely persisting the current state of a vault to storage. The vault service vends immutable snapshots of the current vault for working with: if you build a transaction based on a vault that isn't current, be aware that it may end up being invalid if the states that were used have been consumed by someone else first!


The annotated object would have a more restricted visibility were it not needed in tests.


A transaction ready for serialisation, without any signatures attached. A WireTransaction is usually wrapped by a SignedTransaction that carries the signatures over this payload. The identity of the transaction is the Merkle tree root of its components (see MerkleTree).

A latitude/longitude pair.

A labelled WorldCoordinate, where the label is human meaningful. For example, the name of the nearest city. Labels should not refer to non-landmarks, for example, they should not contain the names of organisations. The countryCode field is a two letter ISO country code.


A write-once property to be used as delegate for Kotlin var properties. The expectation is that this is initialised prior to the spawning of any threads that may access it and so there's no need for it to be volatile.

org.bouncycastle.asn1.x500.X500Name (extensions in package net.corda.core.internal)
org.bouncycastle.cert.X509CertificateHolder (extensions in package net.corda.core.internal)

Wrapper around EdDSAEngine which can intelligently rewrite X509Keys to a EdDSAPublicKey. This is a temporary solution until this is integrated upstream and/or a custom certificate factory implemented to force the correct key type. Only intercepts public keys passed into engineInitVerify, as there is no equivalent issue with private keys.