update canton to 20241022.12306.0.vf46f94c8/2.10.0-snapshot.20241022.…

…12306.0.vf46f94c8 in main-2.x (#20157)

* update canton to 20241022.12306.0.vf46f94c8/2.10.0-snapshot.20241022.12306.0.vf46f94c8 in main-2.x
* add packageName to the ArchivedEvent contractor
* Add choicePackageId to ExercisedEvent
* Improve terminology in upgrades error messages (backport #20053) (#20105)
* Improve terminology in upgrades error messages (#20053)
* Drop unused NewVariant errors, add NotAtEnd errors, improve messages
* Refactor error printing slightly
* Update error message expectations in lsp-tests & damlc-upgrades
* Add metadata to pkg IDs & drop upgrading/upgraded in upgrade err msgs
* Replace "Variant" with "Constructor" where appropriate
* lint
* Adjust filepaths, expectations for Variant -> Constructor rename
* Fixes for field names and test expectations given added metadata
* Increase grpc message max log length
* lint
* Move & rename PkgIdWithMeta, make name/version non-optional
* Use shared variable instead of calling PkgIdWithNameAndVersion thrice
* lint
* lint
* put the package name into both parts of the generated ArchivedEvents
* put the choice package id into both parts of the generated ExercisedEvents

---------
Co-authored-by: Azure Pipelines Daml Build <[email protected]>
Co-authored-by: = <=>
Co-authored-by: oliverse-da <[email protected]>
Co-authored-by: dylant-da <[email protected]>

sdk/canton/community/app-base/src/main/scala/com/digitalasset/canton/console/InstanceReference.scala

@@ -44,7 +44,7 @@ trait InstanceReferenceCommon
     with PrettyPrinting {
 
   val name: String
-  protected val instanceType: String
+  protected[canton] val instanceType: String
 
   protected[canton] def executionContext: ExecutionContext
 
@@ -237,7 +237,7 @@ trait DomainReference
   val consoleEnvironment: ConsoleEnvironment
   val name: String
 
-  override protected val instanceType: String = DomainReference.InstanceType
+  override protected[canton] val instanceType: String = DomainReference.InstanceType
 
   override type Status = DomainNodeStatus
 
@@ -488,7 +488,7 @@ abstract class ParticipantReference(
 
   protected def runner: AdminCommandRunner = this
 
-  override protected val instanceType: String = ParticipantReference.InstanceType
+  override protected[canton] val instanceType: String = ParticipantReference.InstanceType
 
   @Help.Summary("Health and diagnostic related commands")
   @Help.Group("Health")

sdk/canton/community/app-base/src/main/scala/com/digitalasset/canton/console/commands/VaultAdministration.scala

@@ -132,7 +132,7 @@ class SecretKeyAdministration(
       adminCommand(VaultAdminCommands.RegisterKmsEncryptionKey(kmsKeyId, name))
     }
 
-  private def findPublicKey(
+  protected def findPublicKey(
       fingerprint: String,
       topologyAdmin: TopologyAdministrationGroupCommon,
       owner: KeyOwner,
@@ -148,7 +148,7 @@ class SecretKeyAdministration(
   @Help.Summary("Rotate a given node's keypair with a new pre-generated KMS keypair")
   @Help.Description(
     """Rotates an existing encryption or signing key stored externally in a KMS with a pre-generated
-      key.
+      key. For a sequencer or mediator node use `rotate_kms_node_key` with a domain manager reference as an argument.
       |The fingerprint of the key we want to rotate.
       |The id of the new KMS key (e.g. Resource Name)."""
   )
@@ -175,22 +175,18 @@ class SecretKeyAdministration(
   @Help.Summary("Rotate a node's public/private key pair")
   @Help.Description(
     """Rotates an existing encryption or signing key. NOTE: A namespace root or intermediate
-      signing key CANNOT be rotated by this command.
+      signing key CANNOT be rotated by this command. For a sequencer or mediator node use `rotate_kms_node_key` with
+      a domain manager reference as an argument.
       |The fingerprint of the key we want to rotate."""
   )
   def rotate_node_key(fingerprint: String, name: Option[String] = None): PublicKey = {
     val owner = instance.id.keyOwner
 
     val currentKey = findPublicKey(fingerprint, instance.topology, owner)
 
-    val newKey = name match {
-      case Some(_) => regenerateKey(currentKey, name)
-      case None =>
-        regenerateKey(
-          currentKey,
-          generateNewNameForRotatedKey(fingerprint, consoleEnvironment.environment.clock),
-        )
-    }
+    val newName =
+      name.orElse(generateNewNameForRotatedKey(fingerprint, consoleEnvironment.environment.clock))
+    val newKey = regenerateKey(currentKey, newName)
 
     // Rotate the key for the node in the topology management
     instance.topology.owner_to_key_mappings.rotate_key(

sdk/canton/community/app/src/pack/examples/06-messaging/contact/daml.yaml

@@ -1,4 +1,4 @@
-sdk-version: 2.10.0-snapshot.20241015.13009.0.v19d1b665
+sdk-version: 2.10.0-snapshot.20241021.13017.0.vfac10709
 sandbox-options: 
 - --wall-clock-time
 name: contact

sdk/canton/community/app/src/pack/examples/06-messaging/message/daml.yaml

@@ -1,4 +1,4 @@
-sdk-version: 2.10.0-snapshot.20241015.13009.0.v19d1b665
+sdk-version: 2.10.0-snapshot.20241021.13017.0.vfac10709
 sandbox-options: 
 - --wall-clock-time
 name: message

sdk/canton/community/base/src/main/scala/com/digitalasset/canton/crypto/store/CryptoPrivateStoreExtended.scala

@@ -172,7 +172,7 @@ trait CryptoPrivateStoreExtended extends CryptoPrivateStore { this: NamedLogging
         )
       )
         .map { _ =>
-          signingKeyMap.put(key.id, SigningPrivateKeyWithName(key, name)).discard
+          signingKeyMap.putIfAbsent(key.id, SigningPrivateKeyWithName(key, name)).discard
         }
     } yield ()
 
@@ -211,7 +211,7 @@ trait CryptoPrivateStoreExtended extends CryptoPrivateStore { this: NamedLogging
         )
       )
         .map { _ =>
-          decryptionKeyMap.put(key.id, EncryptionPrivateKeyWithName(key, name)).discard
+          decryptionKeyMap.putIfAbsent(key.id, EncryptionPrivateKeyWithName(key, name)).discard
         }
     } yield ()
 

sdk/canton/community/base/src/main/scala/com/digitalasset/canton/crypto/store/CryptoPublicStore.scala

@@ -109,7 +109,7 @@ trait CryptoPublicStore extends AutoCloseable {
       traceContext: TraceContext
   ): Future[Unit] =
     writeSigningKey(key, name).map { _ =>
-      signingKeyMap.put(key.id, SigningPublicKeyWithName(key, name)).discard
+      signingKeyMap.putIfAbsent(key.id, SigningPublicKeyWithName(key, name)).discard
     }
 
   def encryptionKey(encryptionKeyId: Fingerprint)(implicit
@@ -131,7 +131,7 @@ trait CryptoPublicStore extends AutoCloseable {
   ): Future[Unit] =
     writeEncryptionKey(key, name)
       .map { _ =>
-        encryptionKeyMap.put(key.id, EncryptionPublicKeyWithName(key, name)).discard
+        encryptionKeyMap.putIfAbsent(key.id, EncryptionPublicKeyWithName(key, name)).discard
       }
 
   protected def deleteKeyInternal(keyId: Fingerprint)(implicit

sdk/canton/community/base/src/main/scala/com/digitalasset/canton/crypto/store/db/DbCryptoPrivateStore.scala

@@ -104,12 +104,10 @@ class DbCryptoPrivateStore(
     def equalKeys(existingKey: StoredPrivateKey, newKey: StoredPrivateKey): Boolean =
       if (existingKey.wrapperKeyId.isEmpty) {
         existingKey.data == newKey.data &&
-        existingKey.name == newKey.name &&
         existingKey.purpose == newKey.purpose
       } else {
         // in the encrypted case we cannot compare the contents of data directly, we simply do not allow
-        // keys having the same name and purpose
-        existingKey.name == newKey.name &&
+        // keys having the same purpose
         existingKey.purpose == newKey.purpose
       }
 
@@ -122,7 +120,7 @@ class DbCryptoPrivateStore(
           // If no key was inserted by the insert query, check that the existing value matches
           storage
             .querySingle(queryKey(key.id, key.purpose), functionFullName)
-            // If we don't find the duplicate key, it may have been concurrently deleted and we could retry to insert it.
+            // If we don't find the duplicate key, it may have been concurrently deleted, and we could retry to insert it.
             .toRight(
               CryptoPrivateStoreError
                 .FailedToInsertKey(key.id, "No key inserted and no key found")

sdk/canton/community/base/src/main/scala/com/digitalasset/canton/crypto/store/db/DbCryptoPublicStore.scala

@@ -74,7 +74,8 @@ class DbCryptoPublicStore(
         sql"crypto_public_keys (key_id, purpose, data, name) values (${key.id}, ${key.purpose}, $key, $name)",
         queryKey(key.id, key.purpose),
       )(
-        existingKey => existingKey.publicKey == key && existingKey.name == name,
+        // An error is thrown if, and only if, the key we want to insert has the same id but different key payloads.
+        existingKey => existingKey.publicKey == key,
         _ => s"Existing public key for ${key.id} is different than inserted key",
       ),
       functionFullName,

sdk/canton/community/base/src/main/scala/com/digitalasset/canton/crypto/store/memory/InMemoryCryptoPrivateStore.scala

@@ -64,8 +64,10 @@ class InMemoryCryptoPrivateStore(
       keyId: Fingerprint,
       oldKey: K,
       newKey: K,
-  ): CryptoPrivateStoreError =
-    CryptoPrivateStoreError.KeyAlreadyExists(keyId, oldKey.name.map(_.unwrap))
+  ): Either[CryptoPrivateStoreError, Unit] =
+    if (oldKey.privateKey != newKey.privateKey)
+      Left(CryptoPrivateStoreError.KeyAlreadyExists(keyId, oldKey.name.map(_.unwrap)))
+    else Right(())
 
   private[crypto] def readPrivateKey(keyId: Fingerprint, purpose: KeyPurpose)(implicit
       traceContext: TraceContext
@@ -101,11 +103,11 @@ class InMemoryCryptoPrivateStore(
         buildKeyWithNameFunc: (A, Option[KeyName]) => B,
     ): EitherT[Future, CryptoPrivateStoreError, Unit] =
       TrieMapUtil
-        .insertIfAbsent(
+        .insertIfAbsentE(
           cache,
           key.id,
           buildKeyWithNameFunc(pk, key.name),
-          errorDuplicate[B] _,
+          errorDuplicate[B],
         )
         .toEitherT
 

sdk/canton/community/base/src/main/scala/com/digitalasset/canton/crypto/store/memory/InMemoryCryptoPublicStore.scala

@@ -28,20 +28,23 @@ class InMemoryCryptoPublicStore(override protected val loggerFactory: NamedLogge
       keyId: Fingerprint,
       oldKey: K,
       newKey: K,
-  ): CryptoPublicStoreError =
-    CryptoPublicStoreError.KeyAlreadyExists(keyId, oldKey, newKey)
+  ): Either[CryptoPublicStoreError, Unit] =
+    if (oldKey.publicKey != newKey.publicKey)
+      Left(CryptoPublicStoreError.KeyAlreadyExists(keyId, oldKey, newKey))
+    else Right(())
 
   override protected def writeSigningKey(key: SigningPublicKey, name: Option[KeyName])(implicit
       traceContext: TraceContext
   ): Future[Unit] =
     Future {
       TrieMapUtil
-        .insertIfAbsent(
+        .insertIfAbsentE(
           storedSigningKeyMap,
           key.id,
           SigningPublicKeyWithName(key, name),
-          errorKeyDuplicate[SigningPublicKeyWithName] _,
+          errorKeyDuplicate[SigningPublicKeyWithName],
         )
+        // An error is thrown if, and only if, the key we want to insert has the same id but different key payloads.
         .valueOr { err =>
           ErrorUtil.invalidState(
             s"Existing public key for ${key.id} is different than inserted key: $err"
@@ -64,15 +67,16 @@ class InMemoryCryptoPublicStore(override protected val loggerFactory: NamedLogge
   ): Future[Unit] =
     Future {
       TrieMapUtil
-        .insertIfAbsent(
+        .insertIfAbsentE(
           storedEncryptionKeyMap,
           key.id,
           EncryptionPublicKeyWithName(key, name),
-          errorKeyDuplicate[EncryptionPublicKeyWithName] _,
+          errorKeyDuplicate[EncryptionPublicKeyWithName],
         )
-        .valueOr { _ =>
+        // An error is thrown if, and only if, the key we want to insert has the same id but different key payloads.
+        .valueOr { err =>
           ErrorUtil.invalidState(
-            s"Existing public key for ${key.id} is different than inserted key"
+            s"Existing public key for ${key.id} is different than inserted key: $err"
           )
         }
     }

sdk/canton/community/base/src/main/scala/com/digitalasset/canton/util/TrieMapUtil.scala

@@ -27,6 +27,19 @@ object TrieMapUtil {
         Either.cond(oldValue == newValue, (), errorFn(key, oldValue, newValue))
     }
 
+  def insertIfAbsentE[K, V, E](
+      map: TrieMap[K, V],
+      key: K,
+      newValue: V,
+      duplicateFn: (K, V, V) => Either[E, Unit],
+  ): Either[E, Unit] =
+    map.putIfAbsent(key, newValue) match {
+      case None => Right(())
+      case Some(oldValue) =>
+        if (oldValue == newValue) Right(())
+        else duplicateFn(key, oldValue, newValue)
+    }
+
   def insertIfAbsent[K, V, E](
       map: TrieMap[K, V],
       key: K,

sdk/canton/community/bindings-java/src/main/java/com/daml/ledger/javaapi/data/ArchivedEvent.java

@@ -4,8 +4,10 @@
 package com.daml.ledger.javaapi.data;
 
 import com.daml.ledger.api.v1.EventOuterClass;
+import com.google.protobuf.StringValue;
 import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
 import org.checkerframework.checker.nullness.qual.NonNull;
 
 public final class ArchivedEvent implements Event {
@@ -18,15 +20,19 @@ public final class ArchivedEvent implements Event {
 
   private final String contractId;
 
+  private final Optional<String> packageName;
+
   public ArchivedEvent(
       @NonNull List<@NonNull String> witnessParties,
       @NonNull String eventId,
       @NonNull Identifier templateId,
-      @NonNull String contractId) {
+      @NonNull String contractId,
+      @NonNull Optional<String> packageName) {
     this.witnessParties = witnessParties;
     this.eventId = eventId;
     this.templateId = templateId;
     this.contractId = contractId;
+    this.packageName = packageName;
   }
 
   @NonNull
@@ -53,6 +59,11 @@ public String getContractId() {
     return contractId;
   }
 
+  @NonNull
+  public Optional<String> getPackageName() {
+    return packageName;
+  }
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;
@@ -61,13 +72,14 @@ public boolean equals(Object o) {
     return Objects.equals(witnessParties, that.witnessParties)
         && Objects.equals(eventId, that.eventId)
         && Objects.equals(templateId, that.templateId)
-        && Objects.equals(contractId, that.contractId);
+        && Objects.equals(contractId, that.contractId)
+        && Objects.equals(packageName, that.packageName);
   }
 
   @Override
   public int hashCode() {
 
-    return Objects.hash(witnessParties, eventId, templateId, contractId);
+    return Objects.hash(witnessParties, eventId, templateId, contractId, packageName);
   }
 
   @Override
@@ -83,23 +95,28 @@ public String toString() {
         + ", contractId='"
         + contractId
         + '\''
+        + ", packageName="
+        + packageName
         + '}';
   }
 
   public EventOuterClass.ArchivedEvent toProto() {
-    return EventOuterClass.ArchivedEvent.newBuilder()
+    EventOuterClass.ArchivedEvent.Builder builder = EventOuterClass.ArchivedEvent.newBuilder()
         .setContractId(getContractId())
         .setEventId(getEventId())
         .setTemplateId(getTemplateId().toProto())
-        .addAllWitnessParties(this.getWitnessParties())
-        .build();
+        .addAllWitnessParties(this.getWitnessParties());
+    packageName.ifPresent(a -> builder.setPackageName(StringValue.of(a)));
+    return builder.build();
   }
 
   public static ArchivedEvent fromProto(EventOuterClass.ArchivedEvent archivedEvent) {
     return new ArchivedEvent(
         archivedEvent.getWitnessPartiesList(),
         archivedEvent.getEventId(),
         Identifier.fromProto(archivedEvent.getTemplateId()),
-        archivedEvent.getContractId());
+        archivedEvent.getContractId(),
+        archivedEvent.hasPackageName() ? Optional.of(archivedEvent.getPackageName().getValue()) : Optional.empty()
+    );
   }
 }