update canton to 20241118.14506.v84c5dbb1 (#20307)

update canton to 20241118.14506.v84c5dbb1 Co-authored-by: Dylan Thinnes <[email protected]> Co-authored-by: Paul Brauner <[email protected]> Co-authored-by: Rafael Guglielmetti <[email protected]>
digital-asset · Nov 18, 2024 · 58f5117 · 58f5117
1 parent ecaedd4
commit 58f5117
Show file tree

Hide file tree

Showing 390 changed files with 15,804 additions and 7,101 deletions.
diff --git a/sdk/canton/BUILD.bazel b/sdk/canton/BUILD.bazel
@@ -43,11 +43,11 @@ cat << EOF > $@
 package com.digitalasset.canton.buildinfo
 
 case object BuildInfo {{
-  val version: String = "3.0.0-SNAPSHOT"
+  val version: String = "3.2.0-SNAPSHOT"
   val scalaVersion: String = "{scala_version}"
   val sbtVersion: String = "bazel"
   val damlLibrariesVersion: String = "{sdk_version}"
-  val stableProtocolVersions = List()
+  val stableProtocolVersions = List("32")
   val betaProtocolVersions = List()
   override val toString: String = {{
      "version: %s, scalaVersion: %s, sbtVersion: %s, damlLibrariesVersion: %s, stableProtocolVersions: %s, betaProtocolVersions: %s".format(
@@ -713,7 +713,6 @@ scala_library(
     ],
     deps = [
         ":bindings-java",
-        ":community_admin-api",
         ":community_base",
         ":community_common",
         ":community_ledger_ledger-common",
@@ -767,8 +766,6 @@ scala_library(
         "@maven//:com_typesafe_scala_logging_scala_logging_2_13",
         "@maven//:com_typesafe_slick_slick_2_13",
         "@maven//:com_zaxxer_HikariCP",
-        "@maven//:dev_optics_monocle_core_2_13",
-        "@maven//:dev_optics_monocle_macro_2_13",
         "@maven//:io_circe_circe_core_2_13",
         "@maven//:io_grpc_grpc_api",
         "@maven//:io_grpc_grpc_netty",
@@ -1036,25 +1033,10 @@ proto_gen(
     ],
 )
 
-genrule(
+copy_file(
     name = "community_participant_admin-workflows_dar",
-    srcs = glob(["community/participant/src/main/daml/**/*"]) + [
-        "//daml-script/daml3:daml3-script-2.1.dar",
-    ],
-    outs = ["AdminWorkflows.dar"],
-    cmd = """
-            set -euo pipefail
-            project_dir=$$(dirname $(location community/participant/src/main/daml/daml.yaml))
-            tmpdir=$$(mktemp -d)
-            trap "rm -rf $$tmpdir" EXIT
-            cp -r $$project_dir/* $$tmpdir
-            cp $(location //daml-script/daml3:daml3-script-2.1.dar) $$tmpdir
-            sed -i 's/sdk-version:.*/sdk-version: {sdk_version}/' $$tmpdir/daml.yaml
-            sed -i 's/daml3-script/daml3-script-2.1.dar/' $$tmpdir/daml.yaml
-            $(location //compiler/damlc) build --project-root=$$tmpdir --ghc-option=-Werror -o $$PWD/$@
-            """.format(sdk_version = sdk_version),
-    tools = ["//compiler/damlc"],
-    visibility = ["//visibility:public"],
+    src = "community/participant/src/main/resources/dar/AdminWorkflows.dar",
+    out = "dar/AdminWorkflows.dar",
 )
 
 dar_to_java(

diff --git a/...api/src/main/protobuf/com/digitalasset/canton/admin/participant/v30/active_contract.proto b/...api/src/main/protobuf/com/digitalasset/canton/admin/participant/v30/active_contract.proto
@@ -11,7 +11,7 @@ import "scalapb/scalapb.proto";
 
 // Schema definition for the exported ACS snapshot
 message ActiveContract {
-  option (scalapb.message).companion_extends = "com.digitalasset.canton.version.AlphaProtoVersion";
+  option (scalapb.message).companion_extends = "com.digitalasset.canton.version.StableProtoVersion";
 
   // The ID of the domain where the contract was assigned at the time of the export
   // Required

diff --git a/.../src/main/protobuf/com/digitalasset/canton/admin/participant/v30/inspection_service.proto b/.../src/main/protobuf/com/digitalasset/canton/admin/participant/v30/inspection_service.proto
@@ -79,7 +79,7 @@ message OpenCommitment {
 // Contract ids (cids) need to be authenticated, otherwise the cid does not uniquely identify the stakeholders and
 // the contract hash
 message CommitmentContractMeta {
-  option (scalapb.message).companion_extends = "com.digitalasset.canton.version.AlphaProtoVersion";
+  option (scalapb.message).companion_extends = "com.digitalasset.canton.version.StableProtoVersion";
   bytes cid = 1;
   int64 reassignment_counter = 2;
 }
@@ -97,7 +97,7 @@ message InspectCommitmentContracts {
 }
 
 message CommitmentContract {
-  option (scalapb.message).companion_extends = "com.digitalasset.canton.version.AlphaProtoVersion";
+  option (scalapb.message).companion_extends = "com.digitalasset.canton.version.StableProtoVersion";
   Contract serialized_contract = 1;
   bytes creating_tx_id = 2;
 }

diff --git a/.../src/main/scala/com/digitalasset/canton/admin/api/client/commands/LedgerApiCommands.scala b/.../src/main/scala/com/digitalasset/canton/admin/api/client/commands/LedgerApiCommands.scala
@@ -81,15 +81,17 @@ import com.daml.ledger.api.v2.event_query_service.{
   GetEventsByContractIdRequest,
   GetEventsByContractIdResponse,
 }
-import com.daml.ledger.api.v2.interactive_submission_data.PreparedTransaction
-import com.daml.ledger.api.v2.interactive_submission_service.InteractiveSubmissionServiceGrpc.InteractiveSubmissionServiceStub
-import com.daml.ledger.api.v2.interactive_submission_service.{
+import com.daml.ledger.api.v2.interactive.interactive_submission_service.InteractiveSubmissionServiceGrpc.InteractiveSubmissionServiceStub
+import com.daml.ledger.api.v2.interactive.interactive_submission_service.{
   ExecuteSubmissionRequest,
   ExecuteSubmissionResponse,
+  HashingSchemeVersion,
   InteractiveSubmissionServiceGrpc,
+  MinLedgerTime,
   PartySignatures,
   PrepareSubmissionRequest,
   PrepareSubmissionResponse,
+  PreparedTransaction,
   SinglePartySignatures,
 }
 import com.daml.ledger.api.v2.reassignment.{AssignedEvent, Reassignment, UnassignedEvent}
@@ -1378,6 +1380,7 @@ object LedgerApiCommands {
         domainId: Option[DomainId],
         applicationId: String,
         packageIdSelectionPreference: Seq[LfPackageId],
+        verboseHashing: Boolean,
     ) extends BaseCommand[
           PrepareSubmissionRequest,
           PrepareSubmissionResponse,
@@ -1390,13 +1393,16 @@ object LedgerApiCommands {
             applicationId = applicationId,
             commandId = commandId,
             commands = commands,
-            minLedgerTimeAbs =
-              minLedgerTimeAbs.map(ProtoConverter.InstantConverter.toProtoPrimitive),
+            minLedgerTime = minLedgerTimeAbs
+              .map(ProtoConverter.InstantConverter.toProtoPrimitive)
+              .map(MinLedgerTime.Time.MinLedgerTimeAbs.apply)
+              .map(MinLedgerTime(_)),
             actAs = actAs,
             readAs = readAs,
             disclosedContracts = disclosedContracts,
             domainId = domainId.map(_.toProtoPrimitive).getOrElse(""),
             packageIdSelectionPreference = packageIdSelectionPreference,
+            verboseHashing = verboseHashing,
           )
         )
 
@@ -1420,8 +1426,9 @@ object LedgerApiCommands {
         transactionSignatures: Map[PartyId, Seq[Signature]],
         submissionId: String,
         applicationId: String,
-        workflowId: String,
+        minLedgerTimeAbs: Option[Instant],
         deduplicationPeriod: Option[DeduplicationPeriod],
+        hashingSchemeVersion: HashingSchemeVersion,
     ) extends BaseCommand[
           ExecuteSubmissionRequest,
           ExecuteSubmissionResponse,
@@ -1430,7 +1437,7 @@ object LedgerApiCommands {
 
       import com.digitalasset.canton.crypto.LedgerApiCryptoConversions.*
       import io.scalaland.chimney.dsl.*
-      import com.daml.ledger.api.v2.interactive_submission_service as iss
+      import com.daml.ledger.api.v2.interactive.interactive_submission_service as iss
 
       private def makePartySignatures: PartySignatures = PartySignatures(
         transactionSignatures.map { case (party, signatures) =>
@@ -1460,11 +1467,15 @@ object LedgerApiCommands {
         Right(
           ExecuteSubmissionRequest(
             preparedTransaction = Some(preparedTransaction),
+            partySignatures = Some(makePartySignatures),
             submissionId = submissionId,
-            partiesSignatures = Some(makePartySignatures),
             applicationId = applicationId,
-            workflowId = workflowId,
+            minLedgerTime = minLedgerTimeAbs
+              .map(ProtoConverter.InstantConverter.toProtoPrimitive)
+              .map(MinLedgerTime.Time.MinLedgerTimeAbs.apply)
+              .map(MinLedgerTime(_)),
             deduplicationPeriod = serializeDeduplicationPeriod(deduplicationPeriod),
+            hashingSchemeVersion = hashingSchemeVersion,
           )
         )
 

diff --git a/...src/main/scala/com/digitalasset/canton/admin/api/client/commands/VaultAdminCommands.scala b/...src/main/scala/com/digitalasset/canton/admin/api/client/commands/VaultAdminCommands.scala
@@ -133,7 +133,7 @@ object VaultAdminCommands {
   final case class GenerateSigningKey(
       name: String,
       usage: NonEmpty[Set[SigningKeyUsage]],
-      schemeO: Option[SigningKeyScheme],
+      keySpec: Option[SigningKeySpec],
   ) extends BaseVaultAdminCommand[
         v30.GenerateSigningKeyRequest,
         v30.GenerateSigningKeyResponse,
@@ -145,7 +145,9 @@ object VaultAdminCommands {
         v30.GenerateSigningKeyRequest(
           name = name,
           usage = usage.map(_.toProtoEnum).toSeq,
-          keyScheme = SigningKeyScheme.toProtoEnumOpt(schemeO),
+          keySpec = keySpec.fold[cryptoproto.SigningKeySpec](
+            cryptoproto.SigningKeySpec.SIGNING_KEY_SPEC_UNSPECIFIED
+          )(_.toProtoEnum),
         )
       )
 

diff --git a/...-base/src/main/scala/com/digitalasset/canton/admin/api/client/data/DomainParameters.scala b/...-base/src/main/scala/com/digitalasset/canton/admin/api/client/data/DomainParameters.scala
@@ -10,7 +10,7 @@ import com.digitalasset.canton.admin.api.client.data.crypto.{
   CryptoKeyFormat,
   HashAlgorithm,
   RequiredEncryptionSpecs,
-  SigningKeyScheme,
+  RequiredSigningSpecs,
   SymmetricKeyScheme,
 }
 import com.digitalasset.canton.config.RequireTypes.NonNegativeInt
@@ -46,7 +46,7 @@ import io.scalaland.chimney.dsl.*
 import scala.Ordering.Implicits.*
 
 final case class StaticDomainParameters(
-    requiredSigningKeySchemes: NonEmpty[Set[SigningKeyScheme]],
+    requiredSigningSpecs: RequiredSigningSpecs,
     requiredEncryptionSpecs: RequiredEncryptionSpecs,
     requiredSymmetricKeySchemes: NonEmpty[Set[SymmetricKeyScheme]],
     requiredHashAlgorithms: NonEmpty[Set[HashAlgorithm]],
@@ -122,7 +122,7 @@ object StaticDomainParameters {
       domainParametersP: v30.StaticDomainParameters
   ): ParsingResult[StaticDomainParameters] = {
     val v30.StaticDomainParameters(
-      requiredSigningKeySchemesP,
+      requiredSigningSpecsOP,
       requiredEncryptionSpecsOP,
       requiredSymmetricKeySchemesP,
       requiredHashAlgorithmsP,
@@ -131,46 +131,56 @@ object StaticDomainParameters {
     ) = domainParametersP
 
     for {
-      requiredSigningKeySchemes <- requiredKeySchemes(
-        "requiredSigningKeySchemes",
-        requiredSigningKeySchemesP,
-        DomainCrypto.SigningKeyScheme.fromProtoEnum,
+      requiredSigningSpecsP <- requiredSigningSpecsOP.toRight(
+        ProtoDeserializationError.FieldNotSet(
+          "required_signing_specs"
+        )
+      )
+      requiredSigningAlgorithmSpecs <- requiredKeySchemes(
+        "required_signing_algorithm_specs",
+        requiredSigningSpecsP.algorithms,
+        DomainCrypto.SigningAlgorithmSpec.fromProtoEnum,
+      )
+      requiredSigningKeySpecs <- requiredKeySchemes(
+        "required_signing_key_specs",
+        requiredSigningSpecsP.keys,
+        DomainCrypto.SigningKeySpec.fromProtoEnum,
       )
       requiredEncryptionSpecsP <- requiredEncryptionSpecsOP.toRight(
         ProtoDeserializationError.FieldNotSet(
           "required_encryption_specs"
         )
       )
       requiredEncryptionAlgorithmSpecs <- requiredKeySchemes(
-        "requiredEncryptionAlgorithmSpecs",
+        "required_encryption_algorithm_specs",
         requiredEncryptionSpecsP.algorithms,
         DomainCrypto.EncryptionAlgorithmSpec.fromProtoEnum,
       )
       requiredEncryptionKeySpecs <- requiredKeySchemes(
-        "requiredEncryptionKeySpecs",
+        "required_encryption_key_specs",
         requiredEncryptionSpecsP.keys,
         DomainCrypto.EncryptionKeySpec.fromProtoEnum,
       )
       requiredSymmetricKeySchemes <- requiredKeySchemes(
-        "requiredSymmetricKeySchemes",
+        "required_symmetric_key_schemes",
         requiredSymmetricKeySchemesP,
         DomainCrypto.SymmetricKeyScheme.fromProtoEnum,
       )
       requiredHashAlgorithms <- requiredKeySchemes(
-        "requiredHashAlgorithms",
+        "required_hash_algorithms",
         requiredHashAlgorithmsP,
         DomainCrypto.HashAlgorithm.fromProtoEnum,
       )
       requiredCryptoKeyFormats <- requiredKeySchemes(
-        "requiredCryptoKeyFormats",
+        "required_crypto_key_formats",
         requiredCryptoKeyFormatsP,
         DomainCrypto.CryptoKeyFormat.fromProtoEnum,
       )
       // Data in the console is not really validated, so we allow for deleted
       protocolVersion <- ProtocolVersion.fromProtoPrimitive(protocolVersionP, allowDeleted = true)
     } yield StaticDomainParameters(
       StaticDomainParametersInternal(
-        requiredSigningKeySchemes,
+        DomainCrypto.RequiredSigningSpecs(requiredSigningAlgorithmSpecs, requiredSigningKeySpecs),
         DomainCrypto
           .RequiredEncryptionSpecs(requiredEncryptionAlgorithmSpecs, requiredEncryptionKeySpecs),
         requiredSymmetricKeySchemes,
@@ -197,6 +207,7 @@ final case class DynamicDomainParameters(
     onboardingRestriction: OnboardingRestriction,
     acsCommitmentsCatchUpConfig: Option[AcsCommitmentsCatchUpConfig],
     participantDomainLimits: ParticipantDomainLimits,
+    submissionTimeRecordTimeTolerance: NonNegativeFiniteDuration,
 ) {
 
   def decisionTimeout: config.NonNegativeFiniteDuration =
@@ -205,21 +216,23 @@ final case class DynamicDomainParameters(
   @inline def confirmationRequestsMaxRate: NonNegativeInt =
     participantDomainLimits.confirmationRequestsMaxRate
 
-  if (ledgerTimeRecordTimeTolerance * 2 > mediatorDeduplicationTimeout)
+  if (submissionTimeRecordTimeTolerance * 2 > mediatorDeduplicationTimeout)
     throw new InvalidDynamicDomainParameters(
-      s"The ledgerTimeRecordTimeTolerance ($ledgerTimeRecordTimeTolerance) must be at most half of the " +
+      s"The submissionTimeRecordTimeTolerance ($submissionTimeRecordTimeTolerance) must be at most half of the " +
         s"mediatorDeduplicationTimeout ($mediatorDeduplicationTimeout)."
     )
 
   // https://docs.google.com/document/d/1tpPbzv2s6bjbekVGBn6X5VZuw0oOTHek5c30CBo4UkI/edit#bookmark=id.1dzc6dxxlpca
-  private[canton] def compatibleWithNewLedgerTimeRecordTimeTolerance(
-      newLedgerTimeRecordTimeTolerance: NonNegativeFiniteDuration
+  // Originally the validation was done on ledgerTimeRecordTimeTolerance, but was moved to submissionTimeRecordTimeTolerance
+  // instead when the parameter was introduced
+  private[canton] def compatibleWithNewSubmissionTimeRecordTimeTolerance(
+      newSubmissionTimeRecordTimeTolerance: NonNegativeFiniteDuration
   ): Boolean =
-    // If false, a new request may receive the same ledger time as a previous request and the previous
+    // If false, a new request may receive the same submission time as a previous request and the previous
     // request may be evicted too early from the mediator's deduplication store.
     // Thus, an attacker may assign the same UUID to both requests.
     // See i9028 for a detailed design. (This is the second clause of item 2 of Lemma 2).
-    ledgerTimeRecordTimeTolerance + newLedgerTimeRecordTimeTolerance <= mediatorDeduplicationTimeout
+    submissionTimeRecordTimeTolerance + newSubmissionTimeRecordTimeTolerance <= mediatorDeduplicationTimeout
 
   def update(
       confirmationResponseTimeout: NonNegativeFiniteDuration = confirmationResponseTimeout,
@@ -235,7 +248,10 @@ final case class DynamicDomainParameters(
         sequencerAggregateSubmissionTimeout,
       trafficControlParameters: Option[TrafficControlParameters] = trafficControlParameters,
       onboardingRestriction: OnboardingRestriction = onboardingRestriction,
-      acsCommitmentsCatchUpConfig: Option[AcsCommitmentsCatchUpConfig] = acsCommitmentsCatchUpConfig,
+      acsCommitmentsCatchUpConfig: Option[AcsCommitmentsCatchUpConfig] =
+        acsCommitmentsCatchUpConfig,
+      submissionTimeRecordTimeTolerance: NonNegativeFiniteDuration =
+        submissionTimeRecordTimeTolerance,
   ): DynamicDomainParameters = this.copy(
     confirmationResponseTimeout = confirmationResponseTimeout,
     mediatorReactionTimeout = mediatorReactionTimeout,
@@ -250,6 +266,7 @@ final case class DynamicDomainParameters(
     onboardingRestriction = onboardingRestriction,
     acsCommitmentsCatchUpConfig = acsCommitmentsCatchUpConfig,
     participantDomainLimits = ParticipantDomainLimits(confirmationRequestsMaxRate),
+    submissionTimeRecordTimeTolerance = submissionTimeRecordTimeTolerance,
   )
 
   private[canton] def toInternal: Either[String, DynamicDomainParametersInternal] =
@@ -277,6 +294,8 @@ final case class DynamicDomainParameters(
           onboardingRestriction = onboardingRestriction,
           acsCommitmentsCatchUpConfigParameter = acsCommitmentsCatchUpConfig,
           participantDomainLimits = participantDomainLimits.toInternal,
+          submissionTimeRecordTimeTolerance =
+            InternalNonNegativeFiniteDuration.fromConfig(submissionTimeRecordTimeTolerance),
         )(rpv)
       }
 }