hyperledger-labs
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 14 additions & 0 deletions b/‎.github/workflows/build.yml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎TESTING.md‎
Lines changed: 5 additions & 0 deletions b/‎TESTING.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/EnvironmentDefinition.scala‎
Lines changed: 17 additions & 0 deletions b/‎apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/EnvironmentDefinition.scala‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/BootstrapPackageConfigDarUploadIntegrationTest.scala‎
Lines changed: 1 addition & 13 deletions b/‎apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/BootstrapPackageConfigDarUploadIntegrationTest.scala‎
Lines changed: 1 addition & 13 deletions
diff --git a/‎apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/ManualSignatureIntegrationTest.scala‎
Lines changed: 112 additions & 0 deletions b/‎apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/ManualSignatureIntegrationTest.scala‎
Lines changed: 112 additions & 0 deletions
diff --git a/‎apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/offlinekey/ValidatorOfflineRootNamespaceKeyIntegrationTest.scala‎
Lines changed: 1 addition & 13 deletions b/‎apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/offlinekey/ValidatorOfflineRootNamespaceKeyIntegrationTest.scala‎
Lines changed: 1 addition & 13 deletions
diff --git a/‎apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/TopologyAdminConnection.scala‎
Lines changed: 2 additions & 2 deletions b/‎apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/TopologyAdminConnection.scala‎
Lines changed: 2 additions & 2 deletions
@@ -158,6 +158,20 @@ jobs:
       daml_base_version: ${{ inputs.daml_base_version }}
     secrets: inherit
 
+  scala_test_signatures:
+    uses: ./.github/workflows/build.scala_test.yml
+    with:
+      runs_on: self-hosted-k8s-small
+      test_names_file: 'test-full-class-names-signatures.log'
+      start_canton_options: -B "scripts/bootstrap/bootstrap-canton-with-deprecated-keys.sc"
+      parallelism: 1
+      test_name: signatures
+      with_gcp_creds: false
+      commit_sha: ${{ inputs.commit_sha }}
+      daml_base_version: ${{ inputs.daml_base_version }}
+      oss_only: ${{ inputs.oss_only }}
+    secrets: inherit
+
   scala_test_wall_clock_time:
     uses: ./.github/workflows/build.scala_test.yml
     with:
 
@@ -23,6 +23,7 @@
     - [Handling Errors in Integration Tests](#handling-errors-in-integration-tests)
     - [Connecting external tools to the shared Canton instances](#connecting-external-tools-to-the-shared-canton-instances)
     - [Testing App Upgrades](#testing-app-upgrades)
+    - [Testing from a custom canton instance]
   - [Deployment Tests](#deployment-tests)
 - [CI Without Approval](#ci-without-approval)
 
@@ -403,6 +404,10 @@ PRs/commits that include `[breaking]` in their commit message, or that bump the
 The test spins up a full network in the source version, creates some activity, then gradually upgrades several of the components (SVs and validators)
 one-by-one to the current commit's version.
 
+### Testing from a custom canton instance
+
+If you need a custom canton instance to run your test, use `./start-canton.sh -B scripts/bootstrap/<your-script>`.
+
 ## Deployment Tests
 
 Static deployment tests are run on every commit to `main` and on every PR tagged with `[static]` or `[ci]`.
 
@@ -2,6 +2,7 @@ package org.lfdecentralizedtrust.splice.integration
 
 import better.files.{File, Resource}
 import com.digitalasset.canton.admin.api.client.data.User
+import com.digitalasset.canton.config.CantonRequireTypes.InstanceName
 import com.digitalasset.canton.config.RequireTypes.{NonNegativeLong, NonNegativeNumeric}
 import com.digitalasset.canton.config.{
   ClockConfig,
@@ -358,6 +359,22 @@ case class EnvironmentDefinition(
       )(config)
     )
 
+  def withoutAliceValidatorConnectingToSplitwell: EnvironmentDefinition = {
+    this
+      .addConfigTransform((_, conf) =>
+        conf.copy(validatorApps =
+          conf.validatorApps.updatedWith(InstanceName.tryCreate("aliceValidator")) {
+            _.map { aliceValidatorConfig =>
+              val withoutExtraDomains = aliceValidatorConfig.domains.copy(extra = Seq.empty)
+              aliceValidatorConfig.copy(
+                domains = withoutExtraDomains
+              )
+            }
+          }
+        )
+      )
+  }
+
   def clearConfigTransforms(): EnvironmentDefinition =
     copy(configTransformsWithContext = _ => Seq())
 
 
@@ -3,7 +3,6 @@
 
 package org.lfdecentralizedtrust.splice.integration.tests
 
-import com.digitalasset.canton.config.CantonRequireTypes.InstanceName
 import com.digitalasset.canton.topology.SynchronizerId
 import com.digitalasset.canton.topology.transaction.VettedPackage
 import com.digitalasset.daml.lf.data.Ref.{PackageName, PackageVersion}
@@ -48,18 +47,7 @@ class BootstrapPackageConfigDarUploadIntegrationTest
           _.copy(initialPackageConfig = initialPackageConfig)
         )(config)
       )
-      .addConfigTransform((_, conf) =>
-        conf.copy(validatorApps =
-          conf.validatorApps.updatedWith(InstanceName.tryCreate("aliceValidator")) {
-            _.map { aliceValidatorConfig =>
-              val withoutExtraSynchronizers = aliceValidatorConfig.domains.copy(extra = Seq.empty)
-              aliceValidatorConfig.copy(
-                domains = withoutExtraSynchronizers
-              )
-            }
-          }
-        )
-      )
+      .withoutAliceValidatorConnectingToSplitwell
       .withCantonNodeNameSuffix("BootstrapDsoPackageConfig")
       .withManualStart
 
 
@@ -0,0 +1,112 @@
+package org.lfdecentralizedtrust.splice.integration.tests
+
+import com.digitalasset.canton.HasExecutionContext
+import com.digitalasset.canton.admin.api.client.data.topology.ListOwnerToKeyMappingResult
+import com.digitalasset.canton.crypto.SigningPublicKey
+import com.digitalasset.canton.topology.Namespace
+import com.digitalasset.canton.topology.admin.grpc.TopologyStoreId
+import com.digitalasset.canton.topology.store.TimeQuery
+import org.lfdecentralizedtrust.splice.integration.EnvironmentDefinition
+import org.lfdecentralizedtrust.splice.integration.tests.SpliceTests.IntegrationTestWithSharedEnvironment
+import org.lfdecentralizedtrust.splice.util.WalletTestUtil
+
+import scala.concurrent.duration.DurationInt
+
+class ManualSignatureIntegrationTest
+    extends IntegrationTestWithSharedEnvironment
+    with HasExecutionContext
+    with WalletTestUtil
+    with WalletTxLogTestUtil {
+
+  override def environmentDefinition: EnvironmentDefinition = {
+    EnvironmentDefinition
+      .simpleTopology1Sv(this.getClass.getSimpleName)
+      .withManualStart
+      .withoutAliceValidatorConnectingToSplitwell
+      .withSequencerConnectionsFromScanDisabled()
+  }
+
+  "synchronizer" should {
+    def checkLatestOTKKeysAreSigned(
+        otks: Seq[ListOwnerToKeyMappingResult],
+        namespace: Namespace,
+    ): Unit = {
+      val otksForNs = otks
+        .filter(_.item.member.namespace == namespace)
+      val latestKeys = otksForNs
+        .maxBy(_.context.serial)
+        .item
+        .keys
+        .filter {
+          case _: SigningPublicKey => true
+          case _ => false
+        }
+        .map(_.id)
+        .distinct
+      val signatures = otksForNs.flatMap(_.context.signedBy).distinct
+      latestKeys.diff(signatures) shouldBe empty
+    }
+
+    "rotate SV' OTK mapping keys that are not signed." in { implicit env =>
+      clue("sv1 starts.") {
+        sv1Backend.startSync()
+      }
+
+      eventuallySucceeds() {
+        val synchronizerId = sv1Backend.participantClientWithAdminToken.synchronizers.id_of(
+          sv1Backend.config.domains.global.alias
+        )
+        val store = TopologyStoreId.Synchronizer(synchronizerId)
+        val otks = sv1Backend.participantClientWithAdminToken.topology.owner_to_key_mappings
+          .list(store = Some(store), timeQuery = TimeQuery.Range(None, None))
+
+        clue("keys are rotated for sv1's sequencer.") {
+          checkLatestOTKKeysAreSigned(otks, sv1Backend.sequencerClient.namespace)
+        }
+        clue("keys are rotated for sv1's mediator.") {
+          checkLatestOTKKeysAreSigned(otks, sv1Backend.mediatorClient.namespace)
+        }
+        clue("keys are rotated for sv1's participant.") {
+          checkLatestOTKKeysAreSigned(otks, sv1Backend.participantClient.namespace)
+        }
+      }
+
+      clue("sv1 shuts down.") {
+        eventuallySucceeds() {
+          sv1Backend.stop()
+        }
+      }
+    }
+
+    "rotate validators' OTK mapping keys that are not signed." in { implicit env =>
+      clue("Initialize the DSO") {
+        initDsoWithSv1Only()
+      }
+      clue("Alice validator starts.") {
+        aliceValidatorBackend.start()
+      }
+
+      eventuallySucceeds(40.seconds) {
+        val synchronizerId =
+          aliceValidatorBackend.participantClientWithAdminToken.synchronizers.id_of(
+            aliceValidatorBackend.config.domains.global.alias
+          )
+        val store = TopologyStoreId.Synchronizer(synchronizerId)
+        val otks =
+          aliceValidatorBackend.participantClientWithAdminToken.topology.owner_to_key_mappings
+            .list(store = Some(store), timeQuery = TimeQuery.Range(None, None))
+
+        clue("keys are rotated for alice validator's participant.") {
+          checkLatestOTKKeysAreSigned(otks, aliceValidatorBackend.participantClient.namespace)
+        }
+      }
+
+      clue("Alice validator and sv1 shut down.") {
+        eventuallySucceeds() {
+          aliceValidatorBackend.stop()
+          sv1Backend.stop()
+        }
+      }
+    }
+  }
+}
@@ -1,6 +1,5 @@
 package org.lfdecentralizedtrust.splice.integration.tests.offlinekey
 
-import com.digitalasset.canton.config.CantonRequireTypes.InstanceName
 import com.digitalasset.canton.crypto.SigningKeyUsage
 import com.digitalasset.canton.topology.admin.grpc.TopologyStoreId
 import com.digitalasset.canton.topology.transaction.DelegationRestriction
@@ -45,18 +44,7 @@ class ValidatorOfflineRootNamespaceKeyIntegrationTest
           ConfigTransforms.bumpSomeWalletClientPortsBy(22_000, Seq("aliceWallet"))(config),
       )
       // By default, alice validator connects to the splitwell domain. This test doesn't start the splitwell node.
-      .addConfigTransform((_, conf) =>
-        conf.copy(validatorApps =
-          conf.validatorApps.updatedWith(InstanceName.tryCreate("aliceValidator")) {
-            _.map { aliceValidatorConfig =>
-              val withoutExtraDomains = aliceValidatorConfig.domains.copy(extra = Seq.empty)
-              aliceValidatorConfig.copy(
-                domains = withoutExtraDomains
-              )
-            }
-          }
-        )
-      )
+      .withoutAliceValidatorConnectingToSplitwell
       .withTrafficTopupsDisabled
       .withManualStart
 
 
@@ -512,15 +512,15 @@ abstract class TopologyAdminConnection(
       forceChanges = ForceFlags.none,
     )
 
-  def listOwnerToKeyMapping(member: Member)(implicit
+  def listOwnerToKeyMapping(member: Member, timeQuery: TimeQuery = TimeQuery.HeadState)(implicit
       traceContext: TraceContext
   ): Future[Seq[TopologyResult[OwnerToKeyMapping]]] =
     runCmd(
       TopologyAdminCommands.Read.ListOwnerToKeyMapping(
         BaseQuery(
           store = AuthorizedStore,
           proposals = false,
-          timeQuery = TimeQuery.HeadState,
+          timeQuery = timeQuery,
           ops = None,
           filterSigningKey = "",
           protocolVersion = None,