From 361168a64d30564a634e3f93292118e34c9ed7af Mon Sep 17 00:00:00 2001 From: Abdulbois Date: Thu, 11 Jan 2024 18:22:53 +0500 Subject: [PATCH] #519 Query PAA certificates with subjectKeyId Enable querying certs with subjectKeyId Add migration flow (from 2 to 3 version of `pki` module) Signed-off-by: Abdulbois Signed-off-by: Abdulbois --- app/app.go | 7 + docs/static/openapi.yml | 233 +++ docs/transactions.md | 7 +- integration_tests/run-all.sh | 47 +- .../upgrade/add-new-node-after-upgrade.sh | 124 +- ...upgrade.sh => test-upgrade-0.12-to-1.2.sh} | 41 +- .../upgrade/test-upgrade-1.2-to-1.3.sh | 1660 +++++++++++++++++ ...roved_certificates_by_subject_key_id.proto | 11 + proto/pki/genesis.proto | 4 +- proto/pki/query.proto | 1 + .../index.ts | 4 +- .../module/rest.ts | 1 + ...approved_certificates_by_subject_key_id.ts | 100 + .../module/types/pki/genesis.ts | 30 +- .../module/types/pki/query.ts | 20 +- x/compliance/module.go | 1 + x/dclauth/types/account.pb.go | 3 +- x/model/module.go | 1 + .../client/cli/query_approved_certificates.go | 5 +- x/pki/genesis.go | 5 + x/pki/genesis_test.go | 9 + x/pki/handler_test.go | 87 +- ...approved_certificates_by_subject_key_id.go | 98 + ...ved_certificates_by_subject_key_id_test.go | 65 + x/pki/keeper/approved_certificates_test.go | 4 + x/pki/keeper/child_certificates.go | 3 + .../grpc_query_approved_certificates.go | 49 +- .../grpc_query_approved_certificates_test.go | 15 +- x/pki/keeper/migrations.go | 28 + x/pki/keeper/migrations_test.go | 45 + x/pki/keeper/msg_server_add_x_509_cert.go | 3 + .../msg_server_approve_add_x_509_root_cert.go | 3 + ...g_server_approve_revoke_x_509_root_cert.go | 3 + x/pki/keeper/msg_server_revoke_x_509_cert.go | 3 + x/pki/module.go | 6 +- ...roved_certificates_by_subject_key_id.pb.go | 385 ++++ x/pki/types/genesis.go | 11 + x/pki/types/genesis.pb.go | 146 +- ...approved_certificates_by_subject_key_id.go | 23 + x/pki/types/query.pb.go | 259 +-- 40 files changed, 3252 insertions(+), 298 deletions(-) rename integration_tests/upgrade/{test-upgrade.sh => test-upgrade-0.12-to-1.2.sh} (98%) create mode 100755 integration_tests/upgrade/test-upgrade-1.2-to-1.3.sh create mode 100644 proto/pki/approved_certificates_by_subject_key_id.proto create mode 100644 vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/approved_certificates_by_subject_key_id.ts create mode 100644 x/pki/keeper/approved_certificates_by_subject_key_id.go create mode 100644 x/pki/keeper/approved_certificates_by_subject_key_id_test.go create mode 100644 x/pki/keeper/migrations.go create mode 100644 x/pki/keeper/migrations_test.go create mode 100644 x/pki/types/approved_certificates_by_subject_key_id.pb.go create mode 100644 x/pki/types/key_approved_certificates_by_subject_key_id.go diff --git a/app/app.go b/app/app.go index 5396f1770..d50b4dc3d 100644 --- a/app/app.go +++ b/app/app.go @@ -624,6 +624,13 @@ func New( }, ) + app.UpgradeKeeper.SetUpgradeHandler( + "v1.3", + func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + return app.mm.RunMigrations(ctx, cfg, fromVM) + }, + ) + return app } diff --git a/docs/static/openapi.yml b/docs/static/openapi.yml index 8bb0aae3e..a0178d443 100644 --- a/docs/static/openapi.yml +++ b/docs/static/openapi.yml @@ -1493,6 +1493,17 @@ paths: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 pagination: type: object properties: @@ -2220,6 +2231,17 @@ paths: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 default: description: An unexpected error response. schema: @@ -2668,6 +2690,17 @@ paths: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 pagination: type: object properties: @@ -3193,6 +3226,17 @@ paths: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 default: description: An unexpected error response. schema: @@ -4168,6 +4212,17 @@ paths: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 pagination: type: object properties: @@ -4693,6 +4748,17 @@ paths: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 default: description: An unexpected error response. schema: @@ -5141,6 +5207,17 @@ paths: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 revokeApprovals: type: array items: @@ -5684,6 +5761,17 @@ paths: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 revokeApprovals: type: array items: @@ -8951,6 +9039,10 @@ paths: in: query required: false type: boolean + - name: subjectKeyId + in: query + required: false + type: string tags: - Query /dcl/pki/certificates/{subject}: @@ -15192,6 +15284,15 @@ definitions: this type for additional functionality (e.g. vesting). + zigbeealliance.distributedcomplianceledger.common.Uint16Range: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 zigbeealliance.distributedcomplianceledger.dclauth.Account: type: object properties: @@ -15415,6 +15516,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 zigbeealliance.distributedcomplianceledger.dclauth.AccountStat: type: object properties: @@ -15663,6 +15775,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 zigbeealliance.distributedcomplianceledger.dclauth.PendingAccountRevocation: type: object properties: @@ -15918,6 +16041,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 pagination: type: object properties: @@ -16186,6 +16320,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 pagination: type: object properties: @@ -16501,6 +16646,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 pagination: type: object properties: @@ -16769,6 +16925,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 revokeApprovals: type: array items: @@ -17044,6 +17211,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 zigbeealliance.distributedcomplianceledger.dclauth.QueryGetAccountStatResponse: type: object properties: @@ -17292,6 +17470,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 zigbeealliance.distributedcomplianceledger.dclauth.QueryGetPendingAccountRevocationResponse: type: object properties: @@ -17551,6 +17740,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 zigbeealliance.distributedcomplianceledger.dclauth.QueryGetRevokedAccountResponse: type: object properties: @@ -17790,6 +17990,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 revokeApprovals: type: array items: @@ -18040,6 +18251,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 zigbeealliance.distributedcomplianceledger.dclauth.RevokedAccount: type: object properties: @@ -18272,6 +18494,17 @@ definitions: format: int64 info: type: string + productIDs: + type: array + items: + type: object + properties: + min: + type: integer + format: int32 + max: + type: integer + format: int32 revokeApprovals: type: array items: diff --git a/docs/transactions.md b/docs/transactions.md index b9a8e7ca8..14eb36904 100644 --- a/docs/transactions.md +++ b/docs/transactions.md @@ -1245,7 +1245,7 @@ If a Revocation Distribution Point (such as RFC5280 Certificate Revocation List) **Status: Implemented** -Gets all certificates (root, intermediate and leaf). +Gets all certificates (root, intermediate and leaf). If the optional `subjectKeyId` parameter is provided, the list will be filtered by that `subjectKeyId` Revoked certificates are not returned. Use `GET_ALL_REVOKED_X509_CERTS` to get a list of all revoked certificates. @@ -1254,10 +1254,11 @@ Should be sent to trusted nodes only. - Parameters: - Common pagination parameters (see [pagination-params](#common-pagination-parameters)) + - subject_key_id: `string` (optional parameter to filter `certificates`) - certificates's `Subject Key Id` in hex string format, e.g: `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB` - CLI command: - - `dcld query pki all-x509-certs` + - `dcld query pki all-x509-certs --subject-key-id=` - REST API: - - GET `/dcl/pki/certificates` + - GET `/dcl/pki/certificates?subjectKeyId={subjectKeyId}` ### GET_ALL_REVOKED_X509_CERTS diff --git a/integration_tests/run-all.sh b/integration_tests/run-all.sh index 809de7599..84841e0a5 100755 --- a/integration_tests/run-all.sh +++ b/integration_tests/run-all.sh @@ -131,12 +131,12 @@ if [[ $TESTS_TO_RUN =~ "all" || $TESTS_TO_RUN =~ "light" ]]; then CLI_SHELL_TESTS=$(find integration_tests/light_client_proxy -type f -name '*.sh' -not -name "common.sh") for CLI_SHELL_TEST in ${CLI_SHELL_TESTS}; do - init_pool + init_pool log "*****************************************************************************************" log "Running $CLI_SHELL_TEST" log "*****************************************************************************************" - + if bash "$CLI_SHELL_TEST" &>${DETAILED_OUTPUT_TARGET}; then log "$CLI_SHELL_TEST finished successfully" else @@ -185,39 +185,24 @@ if [[ $TESTS_TO_RUN =~ "all" || $TESTS_TO_RUN =~ "deploy" ]]; then fi fi -test_add_new_node_after_upgrade() { - ADD_NEW_NODE_AFTER_UPGRADE="./integration_tests/upgrade/add-new-node-after-upgrade.sh" - - log "*****************************************************************************************" - log "Running $ADD_NEW_NODE_AFTER_UPGRADE" - log "*****************************************************************************************" - - if bash "$ADD_NEW_NODE_AFTER_UPGRADE" &>${DETAILED_OUTPUT_TARGET}; then - log "$ADD_NEW_NODE_AFTER_UPGRADE finished successfully" - else - log "$ADD_NEW_NODE_AFTER_UPGRADE failed" - exit 1 - fi -} - # Upgrade procedure tests if [[ $TESTS_TO_RUN =~ "all" || $TESTS_TO_RUN =~ "upgrade" ]]; then - UPGRADE_SHELL_TEST="./integration_tests/upgrade/test-upgrade.sh" + UPGRADE_SHELL_TESTS=$(find integration_tests/upgrade -type f -name '*.sh' -not -name "add-new-node-after-upgrade.sh" | sort) - init_pool "" "localnet_init_latest_stable_release" + for UPGRADE_SHELL_TEST in ${UPGRADE_SHELL_TESTS}; do - log "*****************************************************************************************" - log "Running $UPGRADE_SHELL_TEST" - log "*****************************************************************************************" + log "*****************************************************************************************" + log "Running $UPGRADE_SHELL_TEST" + log "*****************************************************************************************" - if bash "$UPGRADE_SHELL_TEST" &>${DETAILED_OUTPUT_TARGET}; then - rm dcld_mainnet_stable - log "$UPGRADE_SHELL_TEST finished successfully" - test_add_new_node_after_upgrade - else - log "$UPGRADE_SHELL_TEST failed" - exit 1 - fi + if bash "$UPGRADE_SHELL_TEST" &>${DETAILED_OUTPUT_TARGET}; then + log "$UPGRADE_SHELL_TEST finished successfully" + else + log "$UPGRADE_SHELL_TEST failed" + exit 1 + fi + + cleanup_pool + done - cleanup_pool fi \ No newline at end of file diff --git a/integration_tests/upgrade/add-new-node-after-upgrade.sh b/integration_tests/upgrade/add-new-node-after-upgrade.sh index cb1352dd7..98b3e4804 100644 --- a/integration_tests/upgrade/add-new-node-after-upgrade.sh +++ b/integration_tests/upgrade/add-new-node-after-upgrade.sh @@ -4,8 +4,6 @@ set +euo pipefail localnet_dir=".localnet" dcl_user_home="/var/lib/dcl" DCL_DIR="$dcl_user_home/.dcl" -mainnet_stable_version="0.12.1" -latest_release_binary_version="1.2.2" node_name="new-observer" node_p2p_port=26570 @@ -47,85 +45,91 @@ cleanup() { docker container rm -f "$node_name" fi } + trap cleanup EXIT -cleanup +check_adding_new_node() { + local stable_binary_version="${$1:-0.12.1}" + local latest_binary_version="${$2:-1.3.0-dev1}" + + echo "1. run $node_name container" + docker run -d --name $node_name --ip $ip -p "$node_p2p_port-$node_client_port:26656-26657" --network $docker_network -i dcledger -echo "1. run $node_name container" -docker run -d --name $node_name --ip $ip -p "$node_p2p_port-$node_client_port:26656-26657" --network $docker_network -i dcledger + test_divider -test_divider + echo "2. install dcld v$stable_binary_version to $node_name" + wget "https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/v$stable_binary_version/dcld" + chmod ugo+x dcld + docker cp ./dcld "$node_name":"$dcl_user_home"/ + rm -f ./dcld -echo "2. install dcld v$mainnet_stable_version to $node_name" -wget "https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/v$mainnet_stable_version/dcld" -chmod ugo+x dcld -docker cp ./dcld "$node_name":"$dcl_user_home"/ -rm -f ./dcld + test_divider -test_divider + echo "3. Set up configuration files for $node_name" + docker exec $node_name ./dcld init $node_name --chain-id $chain_id + docker cp "$localnet_dir/node0/config/genesis.json" $node_name:$DCL_DIR/config + peers="$(cat "$localnet_dir/node0/config/config.toml" | grep -o -E "persistent_peers = \".*\"")" + docker exec $node_name sed -i "s/persistent_peers = \"\"/$peers/g" $DCL_DIR/config/config.toml + docker exec $node_name sed -i 's/laddr = "tcp:\/\/127.0.0.1:26657"/laddr = "tcp:\/\/0.0.0.0:26657"/g' $DCL_DIR/config/config.toml -echo "3. Set up configuration files for $node_name" -docker exec $node_name ./dcld init $node_name --chain-id $chain_id -docker cp "$localnet_dir/node0/config/genesis.json" $node_name:$DCL_DIR/config -peers="$(cat "$localnet_dir/node0/config/config.toml" | grep -o -E "persistent_peers = \".*\"")" -docker exec $node_name sed -i "s/persistent_peers = \"\"/$peers/g" $DCL_DIR/config/config.toml -docker exec $node_name sed -i 's/laddr = "tcp:\/\/127.0.0.1:26657"/laddr = "tcp:\/\/0.0.0.0:26657"/g' $DCL_DIR/config/config.toml + test_divider -test_divider + echo "4. Locate the app to $DCL_DIR/cosmovisor/genesis/bin directory in $node_name" + docker exec $node_name mkdir -p "$DCL_DIR"/cosmovisor/genesis/bin + docker exec $node_name cp -f ./dcld "$DCL_DIR"/cosmovisor/genesis/bin/ -echo "4. Locate the app to $DCL_DIR/cosmovisor/genesis/bin directory in $node_name" -docker exec $node_name mkdir -p "$DCL_DIR"/cosmovisor/genesis/bin -docker exec $node_name cp -f ./dcld "$DCL_DIR"/cosmovisor/genesis/bin/ + test_divider -test_divider + echo "5. Start Node \"$node_name\"" + docker exec -d $node_name cosmovisor start -echo "5. Start Node \"$node_name\"" -docker exec -d $node_name cosmovisor start + test_divider -test_divider + echo "6. Check dcld version == $stable_binary_version in $node_name" + dcld_version=$(docker exec $node_name dcld version) + echo "dcld_version = $dcld_version" + if [ "$dcld_version" != $stable_binary_version ]; then + echo "installed dcld version $dcld_version != dcld mainnet version $stable_binary_version" + exit 1 + fi -echo "6. Check dcld version == $mainnet_stable_version in $node_name" -dcld_version=$(docker exec $node_name dcld version) -echo "dcld_version = $dcld_version" -if [ "$dcld_version" != $mainnet_stable_version ]; then - echo "installed dcld version $dcld_version != dcld mainnet version $mainnet_stable_version" - exit 1 -fi + test_divider -test_divider + sleep_time_sec=1 + overall_ping_time_sec=200 + echo "7. Check node $node_name for START catching up process pinging it every $sleep_time_sec second for $overall_ping_time_sec seconds" -sleep_time_sec=1 -overall_ping_time_sec=200 -echo "7. Check node $node_name for START catching up process pinging it every $sleep_time_sec second for $overall_ping_time_sec seconds" + check_expected_catching_up_status_for_interval true $overall_ping_time_sec $sleep_time_sec + is_catching_up=$? -check_expected_catching_up_status_for_interval true $overall_ping_time_sec $sleep_time_sec -is_catching_up=$? + if [ $is_catching_up == 0 ] ; then + echo "Catch-up procedure does not started" + exit 1 + fi -if [ $is_catching_up == 0 ] ; then - echo "Catch-up procedure does not started" - exit 1 -fi + test_divider -test_divider + echo "8. Check node $node_name for FINISH catching up process pinging it every $sleep_time_sec second for $overall_ping_time_sec seconds" -echo "8. Check node $node_name for FINISH catching up process pinging it every $sleep_time_sec second for $overall_ping_time_sec seconds" + check_expected_catching_up_status_for_interval false $overall_ping_time_sec $sleep_time_sec + is_not_catching_up=$? -check_expected_catching_up_status_for_interval false $overall_ping_time_sec $sleep_time_sec -is_not_catching_up=$? + if [ $is_not_catching_up == 0 ] ; then + echo "Catch-up procedure does not finished" + exit 1 + fi -if [ $is_not_catching_up == 0 ] ; then - echo "Catch-up procedure does not finished" - exit 1 -fi + test_divider -test_divider + echo "9. Check node $node_name dcld updated to version $latest_binary_version" + dcld_version=$(docker exec $node_name dcld version) + echo "dcld_version = $dcld_version" + if [ "$dcld_version" != "$latest_binary_version" ]; then + echo "installed dcld version $dcld_version != dcld expected version $latest_binary_version" + exit 1 + fi -echo "9. Check node $node_name dcld updated to version $latest_release_binary_version" -dcld_version=$(docker exec $node_name dcld version) -echo "dcld_version = $dcld_version" -if [ "$dcld_version" != "$latest_release_binary_version" ]; then - echo "installed dcld version $dcld_version != dcld expected version $latest_release_binary_version" - exit 1 -fi + echo "PASSED" -echo "PASSED" + cleanup +} \ No newline at end of file diff --git a/integration_tests/upgrade/test-upgrade.sh b/integration_tests/upgrade/test-upgrade-0.12-to-1.2.sh similarity index 98% rename from integration_tests/upgrade/test-upgrade.sh rename to integration_tests/upgrade/test-upgrade-0.12-to-1.2.sh index 4b4a66ec3..ef9cd2dd7 100755 --- a/integration_tests/upgrade/test-upgrade.sh +++ b/integration_tests/upgrade/test-upgrade-0.12-to-1.2.sh @@ -16,8 +16,17 @@ set -euo pipefail source integration_tests/cli/common.sh -DCLD_BIN_OLD="./dcld_mainnet_stable" -DCLD_BIN_NEW="dcld" +binary_version_old="v0.12.0" +binary_version_new="v1.2.2" + +wget -O dcld_old "https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/$binary_version_old/dcld" +chmod ugo+x dcld_old + +wget -O dcld_new "https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/$binary_version_new/dcld" +chmod ugo+x dcld_new + +DCLD_BIN_OLD="./dcld_old" +DCLD_BIN_NEW="./dcld_new" DETAILED_OUTPUT=true @@ -56,19 +65,13 @@ patch_consensus_config() { done } -init_pool() { - local _patch_config="${1:-yes}"; - local _localnet_init_target=${2:-localnet_init} - +start_pool() { log "Setting up pool" log "-> Generating network configuration" >${DETAILED_OUTPUT_TARGET} - make ${_localnet_init_target} &>${DETAILED_OUTPUT_TARGET} + make localnet_init_latest_stable_release MAINNET_STABLE_VERSION=$binary_version_old &>${DETAILED_OUTPUT_TARGET} - if [ "$_patch_config" = "yes" ]; - then - patch_consensus_config - fi; + patch_consensus_config log "-> Running pool" >${DETAILED_OUTPUT_TARGET} make localnet_start &>${DETAILED_OUTPUT_TARGET} @@ -196,6 +199,8 @@ cleanup # Preparation +start_pool + # constants trustee_account_1="jack" trustee_account_2="alice" @@ -203,7 +208,6 @@ trustee_account_3="bob" vendor_account="vendor_account" plan_name="v1.2" -binary_version="v1.2.2" upgrade_checksum="sha256:3f2b2a98b7572c6598383f7798c6bc16b4e432ae5cfd9dc8e84105c3d53b5026" vid=1 pid_1=1 @@ -293,7 +297,7 @@ trustee_4_pubkey=$(echo $passphrase | $DCLD_BIN_OLD keys show $trustee_account_4 trustee_5_address=$(echo $passphrase | $DCLD_BIN_OLD keys show $trustee_account_5 -a) trustee_5_pubkey=$(echo $passphrase | $DCLD_BIN_OLD keys show $trustee_account_5 -p) - + echo "Jack proposes account for trustee \"$trustee_account_4\"" result=$(echo $passphrase | $DCLD_BIN_OLD tx auth propose-add-account --address="$trustee_4_address" --pubkey="$trustee_4_pubkey" --roles=Trustee --from jack --yes) check_response "$result" "\"code\": 0" @@ -616,8 +620,8 @@ plan_height=$(expr $current_height \+ 20) test_divider echo "Propose upgrade $plan_name at height $plan_height" -echo "https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/$binary_version/dcld?checksum=$upgrade_checksum" -result=$(echo $passphrase | $DCLD_BIN_OLD tx dclupgrade propose-upgrade --name=$plan_name --upgrade-height=$plan_height --upgrade-info="{\"binaries\":{\"linux/amd64\":\"https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/$binary_version/dcld?checksum=$upgrade_checksum\"}}" --from $trustee_account_1 --yes) +echo "https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/$binary_version_new/dcld?checksum=$upgrade_checksum" +result=$(echo $passphrase | $DCLD_BIN_OLD tx dclupgrade propose-upgrade --name=$plan_name --upgrade-height=$plan_height --upgrade-info="{\"binaries\":{\"linux/amd64\":\"https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/$binary_version_new/dcld?checksum=$upgrade_checksum\"}}" --from $trustee_account_1 --yes) echo "$result" check_response "$result" "\"code\": 0" @@ -1603,4 +1607,11 @@ echo "Get node" result=$(docker exec "$container" /bin/sh -c "echo test1234 | dcld query validator all-nodes") check_response "$result" "\"owner\": \"$validator_address\"" +echo "Check adding new node(with stable version) after upgrade" +source integration_tests/upgrade/add-new-node-after-upgrade.sh +check_adding_new_node $binary_version_old $binary_version_new + echo "PASSED" + +rm -f $DCLD_BIN_OLD +rm -f $DCLD_BIN_NEW \ No newline at end of file diff --git a/integration_tests/upgrade/test-upgrade-1.2-to-1.3.sh b/integration_tests/upgrade/test-upgrade-1.2-to-1.3.sh new file mode 100755 index 000000000..d579f0494 --- /dev/null +++ b/integration_tests/upgrade/test-upgrade-1.2-to-1.3.sh @@ -0,0 +1,1660 @@ +#!/bin/bash +# Copyright 2020 DSR Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -euo pipefail +source integration_tests/cli/common.sh + +binary_version_old="v1.2.2" +binary_version_new="v1.3.0-dev1" + +wget -O dcld_old "https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/$binary_version_old/dcld" +chmod ugo+x dcld_old + +wget -O dcld_new "https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/$binary_version_new/dcld" +chmod ugo+x dcld_new + +# FIXME: Binary version should be replaced after publishing release +wget -O dcld_new "https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/v1.3.0-dev1/dcld" +chmod ugo+x dcld_new + +DCLD_BIN_OLD="./dcld_old" +DCLD_BIN_NEW="./dcld_new" + +DETAILED_OUTPUT=true + +LOCALNET_DIR=".localnet" + +LOG_PREFIX="[run all] " +SED_EXT= +if [ "$(uname)" == "Darwin" ]; then + # Mac OS X sed needs the file extension when -i flag is used. Keeping it empty as we don't need backupfile + SED_EXT="''" +fi + +if ${DETAILED_OUTPUT}; then + DETAILED_OUTPUT_TARGET=/dev/stdout +else + DETAILED_OUTPUT_TARGET=/dev/null +fi + +source integration_tests/cli/common.sh + +log() { + echo "${LOG_PREFIX}$1" +} + + # patch configs properly by having all values >= 1 sec, otherwise headers may start having time from the future and light client verification will fail + # if we patch config to have new blocks created in less than 1 sec, the min time in a time header is still 1 sec. + # So, new blocks started to be from the future. +patch_consensus_config() { + local NODE_CONFIGS="$(find "$LOCALNET_DIR" -type f -name "config.toml" -wholename "*node*")" + + for NODE_CONFIG in ${NODE_CONFIGS}; do + sed -i $SED_EXT 's/timeout_propose = "3s"/timeout_propose = "1s"/g' "${NODE_CONFIG}" + #sed -i $SED_EXT 's/timeout_prevote = "1s"/timeout_prevote = "1s"/g' "${NODE_CONFIG}" + #sed -i $SED_EXT 's/timeout_precommit = "1s"/timeout_precommit = "1s"/g' "${NODE_CONFIG}" + sed -i $SED_EXT 's/timeout_commit = "5s"/timeout_commit = "1s"/g' "${NODE_CONFIG}" + done +} + +start_pool() { + log "Setting up pool" + + log "-> Generating network configuration" >${DETAILED_OUTPUT_TARGET} + make localnet_init_latest_stable_release MAINNET_STABLE_VERSION=$binary_version_old &>${DETAILED_OUTPUT_TARGET} + + patch_consensus_config + + log "-> Running pool" >${DETAILED_OUTPUT_TARGET} + make localnet_start &>${DETAILED_OUTPUT_TARGET} + + log "-> Waiting for the second block (needed to request proofs)" >${DETAILED_OUTPUT_TARGET} + wait_for_height 2 20 +} + +container="validator-demo" +add_validator_node() { + # FIXME: as it's called before upgrade, mainnet stable version of dcld needs to be used (not the latest master) + # FIXME: check adding new node after upgrade as well + random_string account + address="" + LOCALNET_DIR=".localnet" + DCL_USER_HOME="/var/lib/dcl" + DCL_DIR="$DCL_USER_HOME/.dcl" + + node_name="node-demo" + node_p2p_port=26670 + node_client_port=26671 + chain_id="dclchain" + ip="192.167.10.6" + node0conn="tcp://192.167.10.2:26657" + passphrase="test1234" + docker_network="distributed-compliance-ledger_localnet" + + docker build -f Dockerfile-build -t dcld-build . + docker container create --name dcld-build-inst dcld-build + docker cp dcld-build-inst:/go/bin/dcld ./ + docker rm dcld-build-inst + + docker run -d --name $container --ip $ip -p "$node_p2p_port-$node_client_port:26656-26657" --network $docker_network -i dcledger + + docker cp ./dcld "$container":"$DCL_USER_HOME"/ + rm -f ./dcld + + test_divider + + echo "$account Configure CLI" + docker exec $container /bin/sh -c " + ./dcld config chain-id dclchain && + ./dcld config output json && + ./dcld config node $node0conn && + ./dcld config keyring-backend test && + ./dcld config broadcast-mode block" + + test_divider + + echo "$account Prepare Node configuration files" + docker exec $container ./dcld init $node_name --chain-id $chain_id + docker cp "$LOCALNET_DIR/node0/config/genesis.json" $container:$DCL_DIR/config + peers="$(cat "$LOCALNET_DIR/node0/config/config.toml" | grep -o -E "persistent_peers = \".*\"")" + docker exec $container sed -i "s/persistent_peers = \"\"/$peers/g" $DCL_DIR/config/config.toml + docker exec $container sed -i 's/laddr = "tcp:\/\/127.0.0.1:26657"/laddr = "tcp:\/\/0.0.0.0:26657"/g' $DCL_DIR/config/config.toml + + test_divider + + echo "Generate keys for $account" + cmd="(echo $passphrase; echo $passphrase) | ./dcld keys add $account" + docker exec $container /bin/sh -c "$cmd" + + address="$(docker exec $container /bin/sh -c "echo $passphrase | ./dcld keys show $account -a")" + pubkey="$(docker exec $container /bin/sh -c "echo $passphrase | ./dcld keys show $account -p")" + alice_address="$(dcld keys show alice -a)" + bob_address="$(dcld keys show bob -a)" + jack_address="$(dcld keys show jack -a)" + + echo "Create account for $account and Assign NodeAdmin role" + echo $passphrase | dcld tx auth propose-add-account --address="$address" --pubkey="$pubkey" --roles="NodeAdmin" --from jack --yes + echo $passphrase | dcld tx auth approve-add-account --address="$address" --from alice --yes + echo $passphrase | dcld tx auth approve-add-account --address="$address" --from bob --yes + echo $passphrase | dcld tx auth approve-add-account --address="$address" --from $trustee_4_address --yes + + test_divider + vaddress=$(docker exec $container ./dcld tendermint show-address) + vpubkey=$(docker exec $container ./dcld tendermint show-validator) + + echo "Check pool response for yet unknown node \"$node_name\"" + result=$(dcld query validator node --address "$address") + check_response "$result" "Not Found" + echo "$result" + result=$(dcld query validator last-power --address "$address") + check_response "$result" "Not Found" + echo "$result" + + echo "$account Add Node \"$node_name\" to validator set" + + ! read -r -d '' _script << EOF + set -eu; echo test1234 | dcld tx validator add-node --pubkey='$vpubkey' --moniker="$node_name" --from="$account" --yes +EOF + result="$(docker exec "$container" /bin/sh -c "echo test1234 | ./dcld tx validator add-node --pubkey='$vpubkey' --moniker="$node_name" --from="$account" --yes")" + check_response "$result" "\"code\": 0" + echo "$result" + + + test_divider + + + echo "Locating the app to $DCL_DIR/cosmovisor/genesis/bin directory" + docker exec $container mkdir -p "$DCL_DIR"/cosmovisor/genesis/bin + docker exec $container cp -f ./dcld "$DCL_DIR"/cosmovisor/genesis/bin/ + + echo "$account Start Node \"$node_name\"" + docker exec -d $container cosmovisor start + sleep 10 + + result=$(dcld query validator node --address "$address") + validator_address=$(echo "$result" | jq -r '.owner') + echo "$result" +} + +cleanup() { + if docker container ls -a | grep -q $container; then + if docker container inspect $container | grep -q '"Status": "running"'; then + echo "Stopping container" + docker container kill $container + fi + + echo "Removing container" + docker container rm -f "$container" + fi +} +trap cleanup EXIT + +cleanup + +# Preparation + +start_pool + +# constants +trustee_account_1="jack" +trustee_account_2="alice" +trustee_account_3="bob" +vendor_account="vendor_account" + +plan_name="v1.3" +binary_version="v1.3.0-dev1" +upgrade_checksum="sha256:598ab1c985c2a3ac06f9cab4ac8ae91da3ad12c1c372855e0aee2427e57e7ee0" +vid=1 +pid_1=1 +pid_2=2 +pid_3=3 +pid_4=4 +device_type_id=12345 +product_name="ProductName" +product_label="ProductLabel" +part_number="RCU2205A" +software_version=1 +software_version_string="1.0" +cd_version_number=312 +min_applicable_software_version=1 +max_applicable_software_version=1000 + +certification_type="zigbee" +certification_date="2020-01-01T00:00:00Z" +provisional_date="2019-12-12T00:00:00Z" +cd_certificate_id="15DEXF" + +root_cert_path="integration_tests/constants/root_cert" +root_cert_subject="MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh" +root_cert_subject_key_id="5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB" +root_cert_serial_number="442314047376310867378175982234956458728610743315" +root_cert_subject_as_text="O=root-ca,ST=some-state,C=AU" + +test_root_cert_path="integration_tests/constants/test_root_cert" +test_root_cert_subject="MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBDEyNUQ=" +test_root_cert_subject_key_id="E2:90:8D:36:9C:3C:A3:C1:13:BB:09:E2:4D:C1:CC:C5:A6:66:91:D4" +test_root_cert_serial_number="1647312298631" +test_root_cert_subject_as_text="CN=Matter Test PAA,vid=0x125D" +test_root_cert_vid=4701 + +google_root_cert_path="integration_tests/constants/google_root_cert" +google_root_cert_subject="MEsxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKDAZHb29nbGUxFTATBgNVBAMMDE1hdHRlciBQQUEgMTEUMBIGCisGAQQBgqJ8AgEMBDYwMDY=" +google_root_cert_subject_key_id="B0:00:56:81:B8:88:62:89:62:80:E1:21:18:A1:A8:BE:09:DE:93:21" +google_cert_serial_number="1" +google_cert_subject_as_text="CN=Matter PAA 1,O=Google,C=US,vid=0x6006" +google_root_cert_vid=24582 + +intermediate_cert_path="integration_tests/constants/intermediate_cert" +intermediate_cert_subject="MDwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRgwFgYDVQQKDA9pbnRlcm1lZGlhdGUtY2E=" +intermediate_cert_subject_key_id="4E:3B:73:F4:70:4D:C2:98:0D:DB:C8:5A:5F:02:3B:BF:86:25:56:2B" + +vendor_name="VendorName" +company_legal_name="LegalCompanyName" +company_preferred_name="CompanyPreferredName" +vendor_landing_page_url="https://www.example.com" + +random_string user_1 +echo "$user_1 generates keys" +cmd="(echo $passphrase; echo $passphrase) | $DCLD_BIN_OLD keys add $user_1" +result="$(bash -c "$cmd")" +user_1_address=$(echo $passphrase | $DCLD_BIN_OLD keys show $user_1 -a) +user_1_pubkey=$(echo $passphrase | $DCLD_BIN_OLD keys show $user_1 -p) + +random_string user_2 +echo "$user_2 generates keys" +cmd="(echo $passphrase; echo $passphrase) | $DCLD_BIN_OLD keys add $user_2" +result="$(bash -c "$cmd")" +user_2_address=$(echo $passphrase | $DCLD_BIN_OLD keys show $user_2 -a) +user_2_pubkey=$(echo $passphrase | $DCLD_BIN_OLD keys show $user_2 -p) + +random_string user_3 +echo "$user_3 generates keys" +cmd="(echo $passphrase; echo $passphrase) | $DCLD_BIN_OLD keys add $user_3" +result="$(bash -c "$cmd")" +user_3_address=$(echo $passphrase | $DCLD_BIN_OLD keys show $user_3 -a) +user_3_pubkey=$(echo $passphrase | $DCLD_BIN_OLD keys show $user_3 -p) + +echo "Create Vendor account $vendor_account" +create_new_vendor_account $vendor_account $vid + +echo "Create CertificationCenter account" +create_new_account certification_center_account "CertificationCenter" + +random_string trustee_account_4 +random_string trustee_account_5 + +echo "Generate key for $trustee_account_4" +(echo $passphrase; echo $passphrase) | $DCLD_BIN_OLD keys add "$trustee_account_4" + +echo "Generate key for $trustee_account_5" +(echo $passphrase; echo $passphrase) | $DCLD_BIN_OLD keys add "$trustee_account_5" + +trustee_4_address=$(echo $passphrase | $DCLD_BIN_OLD keys show $trustee_account_4 -a) +trustee_4_pubkey=$(echo $passphrase | $DCLD_BIN_OLD keys show $trustee_account_4 -p) + +trustee_5_address=$(echo $passphrase | $DCLD_BIN_OLD keys show $trustee_account_5 -a) +trustee_5_pubkey=$(echo $passphrase | $DCLD_BIN_OLD keys show $trustee_account_5 -p) + +echo "Jack proposes account for trustee \"$trustee_account_4\"" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth propose-add-account --address="$trustee_4_address" --pubkey="$trustee_4_pubkey" --roles=Trustee --from jack --yes) +check_response "$result" "\"code\": 0" + +echo "Alice approves account for trustee \"$trustee_account_4\"" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth approve-add-account --address="$trustee_4_address" --from alice --yes) +check_response "$result" "\"code\": 0" + +echo "Jack proposes account for trustee \"$trustee_account_5\"" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth propose-add-account --address="$trustee_5_address" --pubkey="$trustee_5_pubkey" --roles=Trustee --from jack --yes) +check_response "$result" "\"code\": 0" + +echo "Alice approves account for trustee \"$trustee_account_5\"" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth approve-add-account --address="$trustee_5_address" --from alice --yes) +check_response "$result" "\"code\": 0" + +echo "$trustee_account_4 approves account for trustee \"$trustee_account_5\"" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth approve-add-account --address="$trustee_5_address" --from $trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# Body +echo "send all ledger update transactions before upgrade" + +# VENDOR_INFO +echo "Add vendor $vendor_name" +result=$(echo $passphrase | $DCLD_BIN_OLD tx vendorinfo add-vendor --vid=$vid --vendorName=$vendor_name --companyLegalName=$company_legal_name --companyPreferredName=$company_preferred_name --vendorLandingPageURL=$vendor_landing_page_url --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# MODEL and MODEL_VERSION + +echo "Add model vid=$vid pid=$pid_1" +result=$(echo $passphrase | $DCLD_BIN_OLD tx model add-model --vid=$vid --pid=$pid_1 --deviceTypeID=$device_type_id --productName=$product_name --productLabel=$product_label --partNumber=$part_number --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model version vid=$vid pid=$pid_1" +result=$(echo $passphrase | $DCLD_BIN_OLD tx model add-model-version --vid=$vid --pid=$pid_1 --softwareVersion=$software_version --softwareVersionString=$software_version_string --cdVersionNumber=$cd_version_number --minApplicableSoftwareVersion=$min_applicable_software_version --maxApplicableSoftwareVersion=$max_applicable_software_version --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model vid=$vid pid=$pid_2" +result=$(echo $passphrase | $DCLD_BIN_OLD tx model add-model --vid=$vid --pid=$pid_2 --deviceTypeID=$device_type_id --productName=$product_name --productLabel=$product_label --partNumber=$part_number --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model version vid=$vid pid=$pid_2" +result=$(echo $passphrase | $DCLD_BIN_OLD tx model add-model-version --vid=$vid --pid=$pid_2 --softwareVersion=$software_version --softwareVersionString=$software_version_string --cdVersionNumber=$cd_version_number --minApplicableSoftwareVersion=$min_applicable_software_version --maxApplicableSoftwareVersion=$max_applicable_software_version --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model vid=$vid pid=$pid_3" +result=$(echo $passphrase | $DCLD_BIN_OLD tx model add-model --vid=$vid --pid=$pid_3 --deviceTypeID=$device_type_id --productName=$product_name --productLabel=$product_label --partNumber=$part_number --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model version vid=$vid pid=$pid_3" +result=$(echo $passphrase | $DCLD_BIN_OLD tx model add-model-version --vid=$vid --pid=$pid_3 --softwareVersion=$software_version --softwareVersionString=$software_version_string --cdVersionNumber=$cd_version_number --minApplicableSoftwareVersion=$min_applicable_software_version --maxApplicableSoftwareVersion=$max_applicable_software_version --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model vid=$vid pid=$pid_4" +result=$(echo $passphrase | $DCLD_BIN_OLD tx model add-model --vid=$vid --pid=$pid_4 --deviceTypeID=$device_type_id --productName=$product_name --productLabel=$product_label --partNumber=$part_number --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model version vid=$vid pid=$pid_4" +result=$(echo $passphrase | $DCLD_BIN_OLD tx model add-model-version --vid=$vid --pid=$pid_4 --softwareVersion=$software_version --softwareVersionString=$software_version_string --cdVersionNumber=$cd_version_number --minApplicableSoftwareVersion=$min_applicable_software_version --maxApplicableSoftwareVersion=$max_applicable_software_version --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Delete model vid=$vid pid=$pid_3" +result=$(echo $passphrase | $DCLD_BIN_OLD tx model delete-model --vid=$vid --pid=$pid_3 --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# CERTIFY_DEVICE_COMPLIANCE + +echo "Certify model vid=$vid pid=$pid_1" +result=$(echo $passphrase | $DCLD_BIN_OLD tx compliance certify-model --vid=$vid --pid=$pid_1 --softwareVersion=$software_version --softwareVersionString=$software_version_string --cdVersionNumber=$cd_version_number --certificationType=$certification_type --certificationDate=$certification_date --cdCertificateId=$cd_certificate_id --from=$certification_center_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Revoke model certification vid=$vid pid=$pid_2" +result=$(echo $passphrase | $DCLD_BIN_OLD tx compliance revoke-model --vid=$vid --pid=$pid_2 --softwareVersion=$software_version --softwareVersionString=$software_version_string --cdVersionNumber=$cd_version_number --certificationType=$certification_type --revocationDate=$certification_date --from=$certification_center_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +test_divider + +echo "Provision model vid=$vid pid=$pid_4" +result=$(echo $passphrase | $DCLD_BIN_OLD tx compliance provision-model --vid=$vid --pid=$pid_4 --softwareVersion=$software_version --softwareVersionString=$software_version_string --cdVersionNumber=$cd_version_number --certificationType=$certification_type --provisionalDate=$provisional_date --cdCertificateId=$cd_certificate_id --from=$certification_center_account --yes) + +check_response "$result" "\"code\": 0" + +test_divider + +# X509 PKI + +echo "Propose add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki propose-add-x509-root-cert --certificate="$root_cert_path" --vid="1234" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki approve-add-x509-root-cert --subject="$root_cert_subject" --subject-key-id=$root_cert_subject_key_id --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki approve-add-x509-root-cert --subject="$root_cert_subject" --subject-key-id=$root_cert_subject_key_id --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki approve-add-x509-root-cert --subject="$root_cert_subject" --subject-key-id=$root_cert_subject_key_id --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose add test_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki propose-add-x509-root-cert --certificate="$test_root_cert_path" --vid=$test_root_cert_vid --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add test_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki approve-add-x509-root-cert --subject="$test_root_cert_subject" --subject-key-id=$test_root_cert_subject_key_id --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve add test_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki approve-add-x509-root-cert --subject="$test_root_cert_subject" --subject-key-id=$test_root_cert_subject_key_id --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki approve-add-x509-root-cert --subject="$test_root_cert_subject" --subject-key-id=$test_root_cert_subject_key_id --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose add google_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki propose-add-x509-root-cert --certificate="$google_root_cert_path" --vid=$google_root_cert_vid --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Reject add google_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki reject-add-x509-root-cert --subject="$google_root_cert_subject" --subject-key-id=$google_root_cert_subject_key_id --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add intermediate_cert" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki add-x509-cert --certificate="$intermediate_cert_path" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose revoke root_certificate" +result=$(echo "$passphrase" | $DCLD_BIN_OLD tx pki propose-revoke-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --from="$trustee_account_1" --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve revoke root_certificate" +result=$(echo "$passphrase" | $DCLD_BIN_OLD tx pki approve-revoke-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --from="$trustee_account_2" --yes) +check_response "$result" "\"code\": 0" + +echo "Approve revoke root_certificate" +result=$(echo "$passphrase" | $DCLD_BIN_OLD tx pki approve-revoke-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --from="$trustee_account_3" --yes) +check_response "$result" "\"code\": 0" + +echo "Approve revoke root_certificate" +result=$(echo "$passphrase" | $DCLD_BIN_OLD tx pki approve-revoke-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --from="$trustee_account_4" --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose revoke test_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_OLD tx pki propose-revoke-x509-root-cert --subject="$test_root_cert_subject" --subject-key-id="$test_root_cert_subject_key_id" --from $trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# AUTH + +echo "Propose add account $user_1_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth propose-add-account --address="$user_1_address" --pubkey="$user_1_pubkey" --roles="CertificationCenter" --from="$trustee_account_1" --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add account $user_1_address" +result=$($DCLD_BIN_OLD tx auth approve-add-account --address="$user_1_address" --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add account $user_1_address" +result=$($DCLD_BIN_OLD tx auth approve-add-account --address="$user_1_address" --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve add account $user_1_address" +result=$($DCLD_BIN_OLD tx auth approve-add-account --address="$user_1_address" --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose add account $user_2_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth propose-add-account --address="$user_2_address" --pubkey=$user_2_pubkey --roles=CertificationCenter --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add account $user_2_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth approve-add-account --address="$user_2_address" --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve add account $user_2_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth approve-add-account --address="$user_2_address" --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve add account $user_2_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth approve-add-account --address="$user_2_address" --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose add account $user_3_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth propose-add-account --address="$user_3_address" --pubkey=$user_3_pubkey --roles=CertificationCenter --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose revoke account $user_1_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth propose-revoke-account --address="$user_1_address" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve revoke account $user_1_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth approve-revoke-account --address="$user_1_address" --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve revoke account $user_1_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth approve-revoke-account --address="$user_1_address" --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve revoke account $user_1_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth approve-revoke-account --address="$user_1_address" --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose revoke account $user_2_address" +result=$(echo $passphrase | $DCLD_BIN_OLD tx auth propose-revoke-account --address="$user_2_address" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# VALIDATOR_NODE + +echo "Add new validator node" +add_validator_node + +test_divider + +echo "Disable node" +# FIXME: use proper binary (not dcld but $DCLD_BIN_OLD) +result=$(docker exec "$container" /bin/sh -c "echo test1234 | dcld tx validator disable-node --from=$account --yes") +check_response "$result" "\"code\": 0" + +test_divider + +echo "Enable node" +# FIXME: use proper binary (not dcld but $DCLD_BIN_OLD) +result=$(docker exec "$container" /bin/sh -c "echo test1234 | dcld tx validator enable-node --from=$account --yes") +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose disable node" +result=$(echo $passphrase | $DCLD_BIN_OLD tx validator propose-disable-node --address=$validator_address --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve disable node" +result=$(echo $passphrase | $DCLD_BIN_OLD tx validator approve-disable-node --address=$validator_address --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve disable node" +result=$(echo $passphrase | $DCLD_BIN_OLD tx validator approve-disable-node --address=$validator_address --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +echo "Approve disable node" +result=$(echo $passphrase | $DCLD_BIN_OLD tx validator approve-disable-node --address=$validator_address --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Enable node" +# FIXME: use proper binary (not dcld but $DCLD_BIN_OLD) +result=$(docker exec "$container" /bin/sh -c "echo test1234 | dcld tx validator enable-node --from=$account --yes") +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose disable node" +result=$(echo $passphrase | $DCLD_BIN_OLD tx validator propose-disable-node --address=$validator_address --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Get x509 root certificates" +result=$($DCLD_BIN_OLD query pki x509-cert --subject="$test_root_cert_subject" --subject-key-id="$test_root_cert_subject_key_id") +echo $result | jq +check_response "$result" "\"subject\": \"$test_root_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$test_root_cert_serial_number\"" +check_response "$result" "\"subjectAsText\": \"$test_root_cert_subject_as_text\"" + +echo "Get x509 proposed root certificates" +result=$($DCLD_BIN_OLD query pki proposed-x509-root-cert --subject="$google_root_cert_subject" --subject-key-id="$google_root_cert_subject_key_id") +echo $result | jq +check_response "$result" "\"subject\": \"$google_root_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$google_root_cert_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$google_cert_serial_number\"" +check_response "$result" "\"subjectAsText\": \"$google_cert_subject_as_text\"" + +get_height current_height +echo "Current height is $current_height" + +plan_height=$(expr $current_height \+ 20) + +test_divider + +echo "Propose upgrade $plan_name at height $plan_height" +echo "https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/$binary_version/dcld?checksum=$upgrade_checksum" +result=$(echo $passphrase | $DCLD_BIN_OLD tx dclupgrade propose-upgrade --name=$plan_name --upgrade-height=$plan_height --upgrade-info="{\"binaries\":{\"linux/amd64\":\"https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/$binary_version/dcld?checksum=$upgrade_checksum\"}}" --from $trustee_account_1 --yes) +echo "$result" +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve upgrade $plan_name" +result=$(echo $passphrase | $DCLD_BIN_OLD tx dclupgrade approve-upgrade --name $plan_name --from $trustee_account_2 --yes) +echo "$result" +check_response "$result" "\"code\": 0" + +echo "Approve upgrade $plan_name" +result=$(echo $passphrase | $DCLD_BIN_OLD tx dclupgrade approve-upgrade --name $plan_name --from $trustee_account_3 --yes) +echo "$result" +check_response "$result" "\"code\": 0" + +echo "Approve upgrade $plan_name" +result=$(echo $passphrase | $DCLD_BIN_OLD tx dclupgrade approve-upgrade --name $plan_name --from $trustee_account_4 --yes) +echo "$result" +check_response "$result" "\"code\": 0" + +test_divider + +echo "Wait for block height to become greater than upgrade $plan_name plan height" +wait_for_height $(expr $plan_height + 1) 300 outage-safe + +test_divider + +echo "Verify that no upgrade has been scheduled anymore" +result=$($DCLD_BIN_NEW query upgrade plan 2>&1) || true +check_response_and_report "$result" "no upgrade scheduled" raw + +test_divider + +echo "Verify that upgrade is applied" +result=$($DCLD_BIN_NEW query upgrade applied $plan_name) +echo "$result" + +test_divider + +echo "Verify that old data is not corrupted" + +# VENDORINFO + +echo "Verify if VendorInfo Record for VID: $vid is present or not" +result=$($DCLD_BIN_NEW query vendorinfo vendor --vid=$vid) +check_response "$result" "\"vendorID\": $vid" +check_response "$result" "\"companyLegalName\": \"$company_legal_name\"" +check_response "$result" "\"vendorName\": \"$vendor_name\"" + +echo "Request all vendor infos" +result=$($DCLD_BIN_NEW query vendorinfo all-vendors) +check_response "$result" "\"vendorID\": $vid" +check_response "$result" "\"companyLegalName\": \"$company_legal_name\"" +check_response "$result" "\"vendorName\": \"$vendor_name\"" + +test_divider + +# MODEL + +echo "Get Model with VID: $vid PID: $pid_1" +result=$($DCLD_BIN_NEW query model get-model --vid=$vid --pid=$pid_1) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_1" +check_response "$result" "\"productLabel\": \"$product_label\"" + +echo "Get Model with VID: $vid PID: $pid_2" +result=$($DCLD_BIN_NEW query model get-model --vid=$vid --pid=$pid_2) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_2" +check_response "$result" "\"productLabel\": \"$product_label\"" + +echo "Get all models" +result=$($DCLD_BIN_NEW query model all-models) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_1" +check_response "$result" "\"pid\": $pid_2" + +echo "Get Vendor Models with VID: ${vid}" +result=$($DCLD_BIN_NEW query model vendor-models --vid=$vid) +check_response "$result" "\"pid\": $pid_1" +check_response "$result" "\"pid\": $pid_2" + +echo "Get model version VID: $vid PID: $pid_1" +result=$($DCLD_BIN_NEW query model model-version --vid=$vid --pid=$pid_1 --softwareVersion=$software_version) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_1" +check_response "$result" "\"softwareVersion\": $software_version" + +echo "Get model version VID: $vid PID: $pid_2" +result=$($DCLD_BIN_NEW query model model-version --vid=$vid --pid=$pid_2 --softwareVersion=$software_version) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_2" +check_response "$result" "\"softwareVersion\": $software_version" + +test_divider + +# COMPLIANCE + +echo "Get certified model vid=$vid pid=$pid_1" +result=$($DCLD_BIN_NEW query compliance certified-model --vid=$vid --pid=$pid_1 --softwareVersion=$software_version --certificationType=$certification_type) +check_response "$result" "\"value\": true" +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_1" +check_response "$result" "\"softwareVersion\": $software_version" +check_response "$result" "\"certificationType\": \"$certification_type\"" + +echo "Get revoked Model with VID: $vid PID: $pid_2" +result=$($DCLD_BIN_NEW query compliance revoked-model --vid=$vid --pid=$pid_2 --softwareVersion=$software_version --certificationType=$certification_type) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_2" + +echo "Get provisional model with VID: $vid PID: $pid_4" +result=$($DCLD_BIN_NEW query compliance provisional-model --vid=$vid --pid=$pid_4 --softwareVersion=$software_version --certificationType=$certification_type) +check_response "$result" "\"value\": true" +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_4" + +echo "Get compliance-info model with VID: $vid PID: $pid_1" +result=$($DCLD_BIN_NEW query compliance compliance-info --vid=$vid --pid=$pid_1 --softwareVersion=$software_version --certificationType=$certification_type) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_1" +check_response "$result" "\"softwareVersion\": $software_version" +check_response "$result" "\"certificationType\": \"$certification_type\"" + +echo "Get compliance-info model with VID: $vid PID: $pid_2" +result=$($DCLD_BIN_NEW query compliance compliance-info --vid=$vid --pid=$pid_2 --softwareVersion=$software_version --certificationType=$certification_type) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_2" +check_response "$result" "\"softwareVersion\": $software_version" +check_response "$result" "\"certificationType\": \"$certification_type\"" + +echo "Get device software compliance cDCertificateId=$cd_certificate_id" +result=$($DCLD_BIN_NEW query compliance device-software-compliance --cdCertificateId=$cd_certificate_id) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_1" + +echo "Get all certified models" +result=$($DCLD_BIN_NEW query compliance all-certified-models) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_1" + +echo "Get all provisional models" +result=$($DCLD_BIN_NEW query compliance all-provisional-models) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_4" + +echo "Get all revoked models" +result=$($DCLD_BIN_NEW query compliance all-revoked-models) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_2" + +echo "Get all compliance infos" +result=$($DCLD_BIN_NEW query compliance all-compliance-info) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_1" +check_response "$result" "\"pid\": $pid_2" + +echo "Get all device software compliances" +result=$($DCLD_BIN_NEW query compliance all-device-software-compliance) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_1" +check_response "$result" "\"cDCertificateId\": \"$cd_certificate_id\"" + +test_divider + +# PKI + +echo "Get all x509 root certificates" +result=$($DCLD_BIN_NEW query pki all-x509-root-certs) +check_response "$result" "\"subject\": \"$test_root_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id\"" + +echo "Get all x509 certificates by subjectKeyId $test_root_cert_subject_key_id" +result=$($DCLD_BIN_NEW query pki all-x509-certs --subject-key-id="$test_root_cert_subject_key_id") +check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id\"" + +echo "Get all revoked x509 root certificates" +result=$($DCLD_BIN_NEW query pki all-revoked-x509-root-certs) +check_response "$result" "\"subject\": \"$root_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$root_cert_subject_key_id\"" + +echo "Get all proposed x509 root certificates" +result=$($DCLD_BIN_NEW query pki all-proposed-x509-root-certs) +check_response "$result" "\"subject\": \"$google_root_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$google_root_cert_subject_key_id\"" + +echo "Get all proposed x509 root certificates" +result=$($DCLD_BIN_NEW query pki all-proposed-x509-root-certs-to-revoke) +check_response "$result" "\"subject\": \"$test_root_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id\"" + +echo "Get x509 root certificates" +result=$($DCLD_BIN_NEW query pki x509-cert --subject="$test_root_cert_subject" --subject-key-id="$test_root_cert_subject_key_id") +echo $result | jq +check_response "$result" "\"subject\": \"$test_root_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$test_root_cert_serial_number\"" +check_response "$result" "\"subjectAsText\": \"$test_root_cert_subject_as_text\"" + +echo "Get x509 proposed root certificates" +result=$($DCLD_BIN_NEW query pki proposed-x509-root-cert --subject="$google_root_cert_subject" --subject-key-id="$google_root_cert_subject_key_id") +echo $result | jq +check_response "$result" "\"subject\": \"$google_root_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$google_root_cert_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$google_cert_serial_number\"" +check_response "$result" "\"subjectAsText\": \"$google_cert_subject_as_text\"" + +test_divider + +# AUTH + +echo "Get all accounts" +result=$($DCLD_BIN_NEW query auth all-accounts) +check_response "$result" "\"address\": \"$user_2_address\"" + +echo "Get all proposed accounts" +result=$($DCLD_BIN_NEW query auth all-proposed-accounts) +check_response "$result" "\"address\": \"$user_3_address\"" + +echo "Get all proposed accounts to revoke" +result=$($DCLD_BIN_NEW query auth all-proposed-accounts-to-revoke) +check_response "$result" "\"address\": \"$user_2_address\"" + +echo "Get all revoked accounts" +result=$($DCLD_BIN_NEW query auth all-revoked-accounts) +check_response "$result" "\"address\": \"$user_1_address\"" + +test_divider + +# Validator + +echo "Get proposed node to disable" +# FIXME: use proper binary (not dcld but $DCLD_BIN_OLD) +result=$(docker exec "$container" /bin/sh -c "echo test1234 | dcld query validator proposed-disable-node --address="$address"") +check_response "$result" "\"address\": \"$validator_address\"" + +test_divider + +######################################################################################## + +# after upgrade constatnts + +vid_new=4701 +pid_1_new=11 +pid_2_new=22 +pid_3_new=33 +device_type_id_new=1234 +product_name_new="ProductNameNew" +product_label_new="ProductLabelNew" +part_number_new="RCU2205B" +software_version_new=2 +software_version_string_new="2.0" +cd_version_number_new=313 +min_applicable_software_version_new=2 +max_applicable_software_version_new=2000 + +certification_type_new="matter" +certification_date_new="2021-01-01T00:00:00Z" +provisional_date_new="2010-12-12T00:00:00Z" +cd_certificate_id_new="15DEXC" + +root_cert_path_new="integration_tests/constants/google_root_cert_gsr4" +root_cert_subject_new="MFAxJDAiBgNVBAsTG0dsb2JhbFNpZ24gRUNDIFJvb3QgQ0EgLSBSNDETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbg==" +root_cert_subject_key_id_new="54:B0:7B:AD:45:B8:E2:40:7F:FB:0A:6E:FB:BE:33:C9:3C:A3:84:D5" +root_cert_path_new_random_vid="1234" + +test_root_cert_path_new="integration_tests/constants/paa_cert_numeric_vid" +test_root_cert_subject_new="MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=" +test_root_cert_subject_key_id_new="6A:FD:22:77:1F:51:1F:EC:BF:16:41:97:67:10:DC:DC:31:A1:71:7E" +test_root_cert_path_new_vid="65521" + +google_root_cert_path_new="integration_tests/constants/google_root_cert_r2" +google_root_cert_subject_new="MEcxCzAJBgNVBAYTAlVTMSIwIAYDVQQKExlHb29nbGUgVHJ1c3QgU2VydmljZXMgTExDMRQwEgYDVQQDEwtHVFMgUm9vdCBSMg==" +google_root_cert_subject_key_id_new="BB:FF:CA:8E:23:9F:4F:99:CA:DB:E2:68:A6:A5:15:27:17:1E:D9:0E" +google_root_cert_path_new_random_vid="1234" + +intermediate_cert_path_new="integration_tests/constants/intermediate_cert_gsr4" +intermediate_cert_subject_new="MEYxCzAJBgNVBAYTAlVTMSIwIAYDVQQKExlHb29nbGUgVHJ1c3QgU2VydmljZXMgTExDMRMwEQYDVQQDEwpHVFMgQ0EgMkQ0" +intermediate_cert_subject_key_id_new="A8:88:D9:8A:39:AC:65:D5:82:4B:37:A8:95:6C:65:43:CD:44:01:E0" + +test_data_url="https://url.data.dclmodel" +issuer_subject_key_id="5A880E6C3653D07FB08971A3F473790930E62BDB" + +vendor_name_new="VendorNameNew" +company_legal_name_new="LegalCompanyNameNew" +company_preferred_name_new="CompanyPreferredNameNew" +vendor_landing_page_url_new="https://www.newexample.com" + +vendor_account_new="vendor_account_new" +vendor_admin_account="vendor_admin_account" +certification_center_account_new="certification_center_account_new" + +echo "Create Vendor account $vendor_account_new" + +result="$(echo $passphrase | $DCLD_BIN_NEW keys add "$vendor_account_new")" +_address=$(echo $passphrase | $DCLD_BIN_NEW keys show $vendor_account_new -a) +_pubkey=$(echo $passphrase | $DCLD_BIN_NEW keys show $vendor_account_new -p) +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth propose-add-account --address="$_address" --pubkey="$_pubkey" --vid="$vid_new" --roles="Vendor" --from "$trustee_account_1" --yes)" +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-add-account --address="$_address" --from "$trustee_account_2" --yes)" +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-add-account --address="$_address" --from "$trustee_account_3" --yes)" +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-add-account --address="$_address" --from "$trustee_account_4" --yes)" + +echo "Create CertificationCenter account" + +result="$(echo $passphrase | $DCLD_BIN_NEW keys add "$certification_center_account_new")" +_address=$(echo $passphrase | $DCLD_BIN_NEW keys show $certification_center_account_new -a) +_pubkey=$(echo $passphrase | $DCLD_BIN_NEW keys show $certification_center_account_new -p) +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth propose-add-account --address="$_address" --pubkey="$_pubkey" --roles="CertificationCenter" --from "$trustee_account_1" --yes)" +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-add-account --address="$_address" --from "$trustee_account_2" --yes)" +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-add-account --address="$_address" --from "$trustee_account_3" --yes)" +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-add-account --address="$_address" --from "$trustee_account_4" --yes)" + +echo "Create VendorAdmin account" + +result="$(echo $passphrase | $DCLD_BIN_NEW keys add "$vendor_admin_account")" +_address=$(echo $passphrase | $DCLD_BIN_NEW keys show $vendor_admin_account -a) +_pubkey=$(echo $passphrase | $DCLD_BIN_NEW keys show $vendor_admin_account -p) +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth propose-add-account --address="$_address" --pubkey="$_pubkey" --roles="VendorAdmin" --from "$trustee_account_1" --yes)" +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-add-account --address="$_address" --from "$trustee_account_2" --yes)" +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-add-account --address="$_address" --from "$trustee_account_3" --yes)" +result="$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-add-account --address="$_address" --from "$trustee_account_4" --yes)" + +random_string user_4 +echo "$user_4 generates keys" +cmd="(echo $passphrase; echo $passphrase) | $DCLD_BIN_NEW keys add $user_4" +result="$(bash -c "$cmd")" +user_4_address=$(echo $passphrase | $DCLD_BIN_NEW keys show $user_4 -a) +user_4_pubkey=$(echo $passphrase | $DCLD_BIN_NEW keys show $user_4 -p) + +random_string user_5 +echo "$user_5 generates keys" +cmd="(echo $passphrase; echo $passphrase) | $DCLD_BIN_NEW keys add $user_5" +result="$(bash -c "$cmd")" +user_5_address=$(echo $passphrase | $DCLD_BIN_NEW keys show $user_5 -a) +user_5_pubkey=$(echo $passphrase | $DCLD_BIN_NEW keys show $user_5 -p) + +random_string user_6 +echo "$user_6 generates keys" +cmd="(echo $passphrase; echo $passphrase) | $DCLD_BIN_NEW keys add $user_6" +result="$(bash -c "$cmd")" +user_6_address=$(echo $passphrase | $DCLD_BIN_NEW keys show $user_6 -a) +user_6_pubkey=$(echo $passphrase | $DCLD_BIN_NEW keys show $user_6 -p) + +# send all ledger update transactions after upgrade + +# VENDOR_INFO +echo "Add vendor $vendor_name_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx vendorinfo add-vendor --vid=$vid_new --vendorName=$vendor_name_new --companyLegalName=$company_legal_name_new --companyPreferredName=$company_preferred_name_new --vendorLandingPageURL=$vendor_landing_page_url_new --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Update vendor $vendor_name" +result=$(echo $passphrase | $DCLD_BIN_NEW tx vendorinfo update-vendor --vid=$vid --vendorName=$vendor_name --companyLegalName=$company_legal_name --companyPreferredName=$company_preferred_name_new --vendorLandingPageURL=$vendor_landing_page_url_new --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# MODEL and MODEL_VERSION + +echo "Add model vid=$vid_new pid=$pid_1_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx model add-model --vid=$vid_new --pid=$pid_1_new --deviceTypeID=$device_type_id_new --productName=$product_name_new --productLabel=$product_label_new --partNumber=$part_number_new --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model version vid=$vid_new pid=$pid_1_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx model add-model-version --vid=$vid_new --pid=$pid_1_new --softwareVersion=$software_version_new --softwareVersionString=$software_version_string_new --cdVersionNumber=$cd_version_number_new --minApplicableSoftwareVersion=$min_applicable_software_version_new --maxApplicableSoftwareVersion=$max_applicable_software_version_new --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model vid=$vid_new pid=$pid_2_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx model add-model --vid=$vid_new --pid=$pid_2_new --deviceTypeID=$device_type_id_new --productName=$product_name_new --productLabel=$product_label_new --partNumber=$part_number_new --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model version vid=$vid_new pid=$pid_2_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx model add-model-version --vid=$vid_new --pid=$pid_2_new --softwareVersion=$software_version_new --softwareVersionString=$software_version_string_new --cdVersionNumber=$cd_version_number_new --minApplicableSoftwareVersion=$min_applicable_software_version_new --maxApplicableSoftwareVersion=$max_applicable_software_version_new --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add model vid=$vid_new pid=$pid_3_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx model add-model --vid=$vid_new --pid=$pid_3_new --deviceTypeID=$device_type_id_new --productName=$product_name_new --productLabel=$product_label_new --partNumber=$part_number_new --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +echo "Add model version vid=$vid_new pid=$pid_3_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx model add-model-version --vid=$vid_new --pid=$pid_3_new --softwareVersion=$software_version_new --softwareVersionString=$software_version_string_new --cdVersionNumber=$cd_version_number_new --minApplicableSoftwareVersion=$min_applicable_software_version_new --maxApplicableSoftwareVersion=$max_applicable_software_version_new --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Delete model vid=$vid_new pid=$pid_3_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx model delete-model --vid=$vid_new --pid=$pid_3_new --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Update model vid=$vid pid=$pid_2" +result=$(echo $passphrase | $DCLD_BIN_NEW tx model update-model --vid=$vid --pid=$pid_2 --productName=$product_name --productLabel=$product_label_new --partNumber=$part_number_new --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Update model version vid=$vid pid=$pid_2" +result=$(echo $passphrase | $DCLD_BIN_NEW tx model update-model-version --vid=$vid --pid=$pid_2 --softwareVersion=$software_version --minApplicableSoftwareVersion=$min_applicable_software_version_new --maxApplicableSoftwareVersion=$max_applicable_software_version_new --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# CERTIFY_DEVICE_COMPLIANCE + +echo "Certify model vid=$vid_new pid=$pid_1_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx compliance certify-model --vid=$vid_new --pid=$pid_1_new --softwareVersion=$software_version_new --softwareVersionString=$software_version_string_new --certificationType=$certification_type_new --certificationDate=$certification_date_new --cdCertificateId=$cd_certificate_id_new --from=$certification_center_account_new --cdVersionNumber=$cd_version_number_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Provision model vid=$vid_new pid=$pid_2_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx compliance provision-model --vid=$vid_new --pid=$pid_2_new --softwareVersion=$software_version_new --softwareVersionString=$software_version_string_new --certificationType=$certification_type_new --provisionalDate=$provisional_date_new --cdCertificateId=$cd_certificate_id_new --from=$certification_center_account_new --cdVersionNumber=$cd_version_number_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Certify model vid=$vid_new pid=$pid_2_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx compliance certify-model --vid=$vid_new --pid=$pid_2_new --softwareVersion=$software_version_new --softwareVersionString=$software_version_string_new --certificationType=$certification_type_new --certificationDate=$certification_date_new --cdCertificateId=$cd_certificate_id_new --from=$certification_center_account_new --cdVersionNumber=$cd_version_number_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Revoke model certification vid=$vid_new pid=$pid_2_new" +result=$(echo $passphrase | $DCLD_BIN_NEW tx compliance revoke-model --vid=$vid_new --pid=$pid_2_new --softwareVersion=$software_version_new --softwareVersionString=$software_version_string_new --certificationType=$certification_type_new --revocationDate=$certification_date_new --from=$certification_center_account_new --cdVersionNumber=$cd_version_number_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# X509 PKI + +echo "Verify that vid is assigned to test_root_certificate" +result=$($DCLD_BIN_NEW query pki x509-cert --subject="$test_root_cert_subject" --subject-key-id="$test_root_cert_subject_key_id") +echo $result | jq +check_response "$result" "\"subject\": \"$test_root_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id\"" +check_response "$result" "\"vid\": $test_root_cert_vid" + +test_divider + +echo "Propose add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki propose-add-x509-root-cert --certificate="$root_cert_path_new" --vid="$root_cert_path_new_random_vid" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki approve-add-x509-root-cert --subject="$root_cert_subject_new" --subject-key-id=$root_cert_subject_key_id_new --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "reject add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki reject-add-x509-root-cert --subject="$root_cert_subject_new" --subject-key-id=$root_cert_subject_key_id_new --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki approve-add-x509-root-cert --subject="$root_cert_subject_new" --subject-key-id=$root_cert_subject_key_id_new --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki approve-add-x509-root-cert --subject="$root_cert_subject_new" --subject-key-id=$root_cert_subject_key_id_new --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki approve-add-x509-root-cert --subject="$root_cert_subject_new" --subject-key-id=$root_cert_subject_key_id_new --from=$trustee_account_5 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose add test_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki propose-add-x509-root-cert --certificate="$test_root_cert_path_new" --vid="$test_root_cert_path_new_vid" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add test_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki approve-add-x509-root-cert --subject="$test_root_cert_subject_new" --subject-key-id=$test_root_cert_subject_key_id_new --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add test_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki approve-add-x509-root-cert --subject="$test_root_cert_subject_new" --subject-key-id=$test_root_cert_subject_key_id_new --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add test_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki approve-add-x509-root-cert --subject="$test_root_cert_subject_new" --subject-key-id=$test_root_cert_subject_key_id_new --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose add google_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki propose-add-x509-root-cert --certificate="$google_root_cert_path_new" --vid="$google_root_cert_path_new_random_vid" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add intermediate_cert" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki add-x509-cert --certificate="$intermediate_cert_path_new" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Get all x509 certificates by subjectKeyId $intermediate_cert_subject_key_id_new" +result=$($DCLD_BIN_NEW query pki all-x509-certs --subject-key-id="$intermediate_cert_subject_key_id_new") +check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id_new\"" + +test_divider + +echo "Revoke intermediate_cert" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki revoke-x509-cert --subject="$intermediate_cert_subject_new" --subject-key-id="$intermediate_cert_subject_key_id_new" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose revoke root_certificate" +result=$(echo "$passphrase" | $DCLD_BIN_NEW tx pki propose-revoke-x509-root-cert --subject="$root_cert_subject_new" --subject-key-id="$root_cert_subject_key_id_new" --from="$trustee_account_1" --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve revoke root_certificate" +result=$(echo "$passphrase" | $DCLD_BIN_NEW tx pki approve-revoke-x509-root-cert --subject="$root_cert_subject_new" --subject-key-id="$root_cert_subject_key_id_new" --from="$trustee_account_2" --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve revoke root_certificate" +result=$(echo "$passphrase" | $DCLD_BIN_NEW tx pki approve-revoke-x509-root-cert --subject="$root_cert_subject_new" --subject-key-id="$root_cert_subject_key_id_new" --from="$trustee_account_3" --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve revoke root_certificate" +result=$(echo "$passphrase" | $DCLD_BIN_NEW tx pki approve-revoke-x509-root-cert --subject="$root_cert_subject_new" --subject-key-id="$root_cert_subject_key_id_new" --from="$trustee_account_4" --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose revoke test_root_certificate" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki propose-revoke-x509-root-cert --subject="$test_root_cert_subject_new" --subject-key-id="$test_root_cert_subject_key_id_new" --from $trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# PKI Revocation point + +echo "Add new revocation point for" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki add-revocation-point --vid=$vid_new --revocation-type=1 --is-paa="true" --certificate="$test_root_cert_path" --label="$product_label" --data-url="$test_data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + + +echo "Update revocation point" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki update-revocation-point --vid=$vid_new --certificate="$test_root_cert_path" --label="$product_label" --data-url="$test_data_url/new" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Delete revocation point" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki delete-revocation-point --vid=$vid_new --label="$product_label" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Add new revocation point" +result=$(echo $passphrase | $DCLD_BIN_NEW tx pki add-revocation-point --vid=$vid_new --revocation-type=1 --is-paa="true" --certificate="$test_root_cert_path" --label="$product_label_new" --data-url="$test_data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_new --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# AUTH + +echo "Propose add account $user_4_address" +result=$(echo $passphrase | $DCLD_BIN_NEW tx auth propose-add-account --address="$user_4_address" --pubkey="$user_4_pubkey" --roles="CertificationCenter" --from="$trustee_account_1" --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add account $user_4_address" +result=$($DCLD_BIN_NEW tx auth approve-add-account --address="$user_4_address" --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add account $user_4_address" +result=$($DCLD_BIN_NEW tx auth approve-add-account --address="$user_4_address" --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add account $user_4_address" +result=$($DCLD_BIN_NEW tx auth approve-add-account --address="$user_4_address" --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose add account $user_5_address" +result=$(echo $passphrase | $DCLD_BIN_NEW tx auth propose-add-account --address="$user_5_address" --pubkey=$user_5_pubkey --roles=CertificationCenter --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add account $user_5_address" +result=$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-add-account --address="$user_5_address" --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add account $user_5_address" +result=$($DCLD_BIN_NEW tx auth approve-add-account --address="$user_5_address" --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve add account $user_5_address" +result=$($DCLD_BIN_NEW tx auth approve-add-account --address="$user_5_address" --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose add account $user_6_address" +result=$(echo $passphrase | $DCLD_BIN_NEW tx auth propose-add-account --address="$user_6_address" --pubkey=$user_6_pubkey --roles=CertificationCenter --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose revoke account $user_4_address" +result=$(echo $passphrase | $DCLD_BIN_NEW tx auth propose-revoke-account --address="$user_4_address" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve revoke account $user_4_address" +result=$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-revoke-account --address="$user_4_address" --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve revoke account $user_4_address" +result=$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-revoke-account --address="$user_4_address" --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve revoke account $user_4_address" +result=$(echo $passphrase | $DCLD_BIN_NEW tx auth approve-revoke-account --address="$user_4_address" --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Propose revoke account $user_5_address" +result=$(echo $passphrase | $DCLD_BIN_NEW tx auth propose-revoke-account --address="$user_5_address" --from=$trustee_account_1 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +# VALIDATOR_NODE +echo "Disable node" +# FIXME: use proper binary (not dcld but $DCLD_BIN_OLD) +result=$(docker exec "$container" /bin/sh -c "echo test1234 | dcld tx validator disable-node --from=$account --yes") +check_response "$result" "\"code\": 0" + +test_divider + +echo "Enable node" +# FIXME: use proper binary (not dcld but $DCLD_BIN_OLD) +result=$(docker exec "$container" /bin/sh -c "echo test1234 | dcld tx validator enable-node --from=$account --yes") +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve disable node" +result=$(echo $passphrase | $DCLD_BIN_NEW tx validator approve-disable-node --address=$validator_address --from=$trustee_account_2 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve disable node" +result=$(echo $passphrase | $DCLD_BIN_NEW tx validator approve-disable-node --address=$validator_address --from=$trustee_account_3 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Approve disable node" +result=$(echo $passphrase | $DCLD_BIN_NEW tx validator approve-disable-node --address=$validator_address --from=$trustee_account_4 --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Enable node" +# FIXME: use proper binary (not dcld but $DCLD_BIN_OLD) +result=$(docker exec "$container" /bin/sh -c "echo test1234 | dcld tx validator enable-node --from=$account --yes") +check_response "$result" "\"code\": 0" + +test_divider + +echo "Verify that new data is not corrupted" + +test_divider + +# VENDORINFO + +echo "Verify if VendorInfo Record for VID: $vid_new is present or not" +result=$($DCLD_BIN_NEW query vendorinfo vendor --vid=$vid_new) +check_response "$result" "\"vendorID\": $vid_new" +check_response "$result" "\"companyLegalName\": \"$company_legal_name_new\"" + +echo "Verify if VendorInfo Record for VID: $vid updated or not" +result=$($DCLD_BIN_NEW query vendorinfo vendor --vid=$vid) +check_response "$result" "\"vendorID\": $vid" +check_response "$result" "\"vendorName\": \"$vendor_name\"" +check_response "$result" "\"companyPreferredName\": \"$company_preferred_name_new\"" +check_response "$result" "\"vendorLandingPageURL\": \"$vendor_landing_page_url_new\"" + +echo "Request all vendor infos" +result=$($DCLD_BIN_NEW query vendorinfo all-vendors) +check_response "$result" "\"vendorID\": $vid_new" +check_response "$result" "\"companyLegalName\": \"$company_legal_name_new\"" +check_response "$result" "\"vendorName\": \"$vendor_name_new\"" + +test_divider + +# MODEL + +echo "Get Model with VID: $vid_new PID: $pid_1_new" +result=$($DCLD_BIN_NEW query model get-model --vid=$vid_new --pid=$pid_1_new) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" +check_response "$result" "\"productLabel\": \"$product_label_new\"" + +echo "Get Model with VID: $vid_new PID: $pid_2_new" +result=$($DCLD_BIN_NEW query model get-model --vid=$vid_new --pid=$pid_2_new) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_2_new" +check_response "$result" "\"productLabel\": \"$product_label_new\"" + +echo "Check Model with VID: $vid_new PID: $pid_2_new updated" +result=$($DCLD_BIN_NEW query model get-model --vid=$vid --pid=$pid_2) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_2" +check_response "$result" "\"productLabel\": \"$product_label_new\"" +check_response "$result" "\"partNumber\": \"$part_number_new\"" + +echo "Check Model version with VID: $vid_new PID: $pid_2_new updated" +result=$($DCLD_BIN_NEW query model model-version --vid=$vid --pid=$pid_2 --softwareVersion=$software_version) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_2" +check_response "$result" "\"minApplicableSoftwareVersion\": $min_applicable_software_version_new" +check_response "$result" "\"maxApplicableSoftwareVersion\": $max_applicable_software_version_new" + +echo "Get all models" +result=$($DCLD_BIN_NEW query model all-models) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" +check_response "$result" "\"pid\": $pid_2_new" + +echo "Get all model versions" +result=$($DCLD_BIN_NEW query model all-model-versions --vid=$vid_new --pid=$pid_1_new) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" + +echo "Get Vendor Models with VID: ${vid_new}" +result=$($DCLD_BIN_NEW query model vendor-models --vid=$vid_new) +check_response "$result" "\"pid\": $pid_1_new" +check_response "$result" "\"pid\": $pid_2_new" + +echo "Get model version VID: $vid_new PID: $pid_1_new" +result=$($DCLD_BIN_NEW query model model-version --vid=$vid_new --pid=$pid_1_new --softwareVersion=$software_version_new) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" +check_response "$result" "\"softwareVersion\": $software_version_new" + +echo "Get model version VID: $vid_new PID: $pid_2_new" +result=$($DCLD_BIN_NEW query model model-version --vid=$vid_new --pid=$pid_2_new --softwareVersion=$software_version_new) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_2_new" +check_response "$result" "\"softwareVersion\": $software_version_new" + +test_divider + +# COMPLIANCE + +echo "Get certified model vid=$vid_new pid=$pid_1_new" +result=$($DCLD_BIN_NEW query compliance certified-model --vid=$vid_new --pid=$pid_1_new --softwareVersion=$software_version_new --certificationType=$certification_type_new) +check_response "$result" "\"value\": true" +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" +check_response "$result" "\"softwareVersion\": $software_version_new" +check_response "$result" "\"certificationType\": \"$certification_type_new\"" + +echo "Get revoked Model with VID: $vid_new PID: $pid_2_new" +result=$($DCLD_BIN_NEW query compliance revoked-model --vid=$vid_new --pid=$pid_2_new --softwareVersion=$software_version_new --certificationType=$certification_type_new) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_2_new" + +echo "Get certified model with VID: $vid_new PID: $pid_1_new" +result=$($DCLD_BIN_NEW query compliance certified-model --vid=$vid_new --pid=$pid_1_new --softwareVersion=$software_version_new --certificationType=$certification_type_new) +check_response "$result" "\"value\": true" +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" + +echo "Get provisional model with VID: $vid_new PID: $pid_2_new" +result=$($DCLD_BIN_NEW query compliance provisional-model --vid=$vid_new --pid=$pid_2_new --softwareVersion=$software_version_new --certificationType=$certification_type_new) +check_response "$result" "\"value\": false" +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_2_new" + +echo "Get compliance-info model with VID: $vid_new PID: $pid_1_new" +result=$($DCLD_BIN_NEW query compliance compliance-info --vid=$vid_new --pid=$pid_1_new --softwareVersion=$software_version_new --certificationType=$certification_type_new) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" +check_response "$result" "\"softwareVersion\": $software_version_new" +check_response "$result" "\"certificationType\": \"$certification_type_new\"" + +echo "Get compliance-info model with VID: $vid_new PID: $pid_2_new" +result=$($DCLD_BIN_NEW query compliance compliance-info --vid=$vid_new --pid=$pid_2_new --softwareVersion=$software_version_new --certificationType=$certification_type_new) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_2_new" +check_response "$result" "\"softwareVersion\": $software_version_new" +check_response "$result" "\"certificationType\": \"$certification_type_new\"" + +echo "Get device software compliance cDCertificateId=$cd_certificate_id_new" +result=$($DCLD_BIN_NEW query compliance device-software-compliance --cdCertificateId=$cd_certificate_id_new) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" + +echo "Get all certified models" +result=$($DCLD_BIN_NEW query compliance all-certified-models) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" + +echo "Get all provisional models" +result=$($DCLD_BIN_NEW query compliance all-provisional-models) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"pid\": $pid_4" + +echo "Get all revoked models" +result=$($DCLD_BIN_NEW query compliance all-revoked-models) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_2_new" + +echo "Get all compliance infos" +result=$($DCLD_BIN_NEW query compliance all-compliance-info) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" +check_response "$result" "\"pid\": $pid_2_new" + +echo "Get all device software compliances" +result=$($DCLD_BIN_NEW query compliance all-device-software-compliance) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"pid\": $pid_1_new" +check_response "$result" "\"cDCertificateId\": \"$cd_certificate_id_new\"" + +test_divider + +# PKI + +echo "Get x509 root certificate" +result=$($DCLD_BIN_NEW query pki x509-cert --subject=$test_root_cert_subject_new --subject-key-id=$test_root_cert_subject_key_id_new) +check_response "$result" "\"subject\": \"$test_root_cert_subject_new\"" +check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id_new\"" +check_response "$result" "\"vid\": $test_root_cert_path_new_vid" + +echo "Get all subject x509 root certificates" +result=$($DCLD_BIN_NEW query pki all-subject-x509-certs --subject=$test_root_cert_subject_new) +check_response "$result" "\"subject\": \"$test_root_cert_subject_new\"" +check_response "$result" "$test_root_cert_subject_key_id_new" + +echo "Get proposed x509 root certificate" +result=$($DCLD_BIN_NEW query pki proposed-x509-root-cert --subject=$google_root_cert_subject_new --subject-key-id=$google_root_cert_subject_key_id_new) +check_response "$result" "\"subject\": \"$google_root_cert_subject_new\"" +check_response "$result" "\"subjectKeyId\": \"$google_root_cert_subject_key_id_new\"" +check_response "$result" "\"vid\": $google_root_cert_path_new_random_vid" + +echo "Get revoked x509 certificate" +result=$($DCLD_BIN_NEW query pki revoked-x509-cert --subject=$intermediate_cert_subject_new --subject-key-id=$intermediate_cert_subject_key_id_new) +check_response "$result" "\"subject\": \"$intermediate_cert_subject_new\"" +check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id_new\"" + +echo "Get proposed x509 root certificate to revoke" +result=$($DCLD_BIN_NEW query pki proposed-x509-root-cert-to-revoke --subject=$test_root_cert_subject_new --subject-key-id=$test_root_cert_subject_key_id_new) +check_response "$result" "\"subject\": \"$test_root_cert_subject_new\"" +check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id_new\"" + +echo "Get revocation point" +result=$($DCLD_BIN_NEW query pki revocation-point --vid=$vid_new --label=$product_label_new --issuer-subject-key-id=$issuer_subject_key_id) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\"" +check_response "$result" "\"label\": \"$product_label_new\"" +check_response "$result" "\"dataURL\": \"$test_data_url\"" + +echo "Get revocation points by issuer subject key id" +result=$($DCLD_BIN_NEW query pki revocation-points --issuer-subject-key-id=$issuer_subject_key_id) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\"" +check_response "$result" "\"label\": \"$product_label_new\"" +check_response "$result" "\"dataURL\": \"$test_data_url\"" + +echo "Get all proposed x509 root certificates" +result=$($DCLD_BIN_NEW query pki all-proposed-x509-root-certs) +check_response "$result" "\"subject\": \"$google_root_cert_subject_new\"" +check_response "$result" "\"subjectKeyId\": \"$google_root_cert_subject_key_id_new\"" + +echo "Get all revoked x509 root certificates" +result=$($DCLD_BIN_NEW query pki all-revoked-x509-root-certs) +check_response "$result" "\"subject\": \"$root_cert_subject_new\"" +check_response "$result" "\"subjectKeyId\": \"$root_cert_subject_key_id_new\"" + +echo "Get all proposed x509 root certificates to revoke" +result=$($DCLD_BIN_NEW query pki all-proposed-x509-root-certs-to-revoke) +check_response "$result" "\"subject\": \"$test_root_cert_subject_new\"" +check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id_new\"" + +echo "Get all x509 certificates" +result=$($DCLD_BIN_NEW query pki all-x509-certs) +check_response "$result" "\"subject\": \"$test_root_cert_subject_new\"" +check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id_new\"" + +echo "Get all revocation points" +result=$($DCLD_BIN_NEW query pki all-revocation-points) +check_response "$result" "\"vid\": $vid_new" +check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\"" +check_response "$result" "\"label\": \"$product_label_new\"" +check_response "$result" "\"dataURL\": \"$test_data_url\"" + +test_divider + +# AUTH + +echo "Get all accounts" +result=$($DCLD_BIN_NEW query auth all-accounts) +check_response "$result" "\"address\": \"$user_5_address\"" + +echo "Get account" +result=$($DCLD_BIN_NEW query auth account --address=$user_5_address) +check_response "$result" "\"address\": \"$user_5_address\"" + +echo "Get all proposed accounts" +result=$($DCLD_BIN_NEW query auth all-proposed-accounts) +check_response "$result" "\"address\": \"$user_6_address\"" + +echo "Get proposed account" +result=$($DCLD_BIN_NEW query auth proposed-account --address=$user_6_address) +check_response "$result" "\"address\": \"$user_6_address\"" + +echo "Get all proposed accounts to revoke" +result=$($DCLD_BIN_NEW query auth all-proposed-accounts-to-revoke) +check_response "$result" "\"address\": \"$user_5_address\"" + +echo "Get proposed account to revoke" +result=$($DCLD_BIN_NEW query auth proposed-account-to-revoke --address=$user_5_address) +check_response "$result" "\"address\": \"$user_5_address\"" + +echo "Get all revoked accounts" +result=$($DCLD_BIN_NEW query auth all-revoked-accounts) +check_response "$result" "\"address\": \"$user_4_address\"" + +echo "Get revoked account" +result=$($DCLD_BIN_NEW query auth revoked-account --address=$user_4_address) +check_response "$result" "\"address\": \"$user_4_address\"" + +test_divider + +# Validator + +echo "Get node" +# FIXME: use proper binary (not dcld but $DCLD_BIN_OLD) +result=$(docker exec "$container" /bin/sh -c "echo test1234 | dcld query validator all-nodes") +check_response "$result" "\"owner\": \"$validator_address\"" + +echo "Check adding new node(with stable version) after upgrade" +source integration_tests/upgrade/add-new-node-after-upgrade.sh +check_adding_new_node $binary_version_old $binary_version_new + +echo "PASSED" + +rm -f $DCLD_BIN_OLD +rm -f $DCLD_BIN_NEW \ No newline at end of file diff --git a/proto/pki/approved_certificates_by_subject_key_id.proto b/proto/pki/approved_certificates_by_subject_key_id.proto new file mode 100644 index 000000000..82486062d --- /dev/null +++ b/proto/pki/approved_certificates_by_subject_key_id.proto @@ -0,0 +1,11 @@ +syntax = "proto3"; +package zigbeealliance.distributedcomplianceledger.pki; + +option go_package = "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types"; + +import "pki/certificate.proto"; + +message ApprovedCertificatesBySubjectKeyId { + string subjectKeyId = 1; + repeated Certificate certs = 2; +} diff --git a/proto/pki/genesis.proto b/proto/pki/genesis.proto index c9b0a7ee5..02b63170b 100644 --- a/proto/pki/genesis.proto +++ b/proto/pki/genesis.proto @@ -13,6 +13,7 @@ import "pki/approved_certificates_by_subject.proto"; import "pki/rejected_certificate.proto"; import "pki/pki_revocation_distribution_point.proto"; import "pki/pki_revocation_distribution_points_by_issuer_subject_key_id.proto"; +import "pki/approved_certificates_by_subject_key_id.proto"; // this line is used by starport scaffolding # genesis/proto/import import "gogoproto/gogo.proto"; @@ -20,7 +21,7 @@ option go_package = "github.com/zigbee-alliance/distributed-compliance-ledger/x/ // GenesisState defines the pki module's genesis state. message GenesisState { - repeated ApprovedCertificates approvedCertificatesList = 1 [(gogoproto.nullable) = false]; + repeated ApprovedCertificates approvedCertificatesList = 1 [(gogoproto.nullable) = false]; repeated ProposedCertificate proposedCertificateList = 2 [(gogoproto.nullable) = false]; repeated ChildCertificates childCertificatesList = 3 [(gogoproto.nullable) = false]; repeated ProposedCertificateRevocation proposedCertificateRevocationList = 4 [(gogoproto.nullable) = false]; @@ -32,5 +33,6 @@ message GenesisState { repeated RejectedCertificate rejectedCertificateList = 10 [(gogoproto.nullable) = false]; repeated PkiRevocationDistributionPoint PkiRevocationDistributionPointList = 11 [(gogoproto.nullable) = false]; repeated PkiRevocationDistributionPointsByIssuerSubjectKeyID PkiRevocationDistributionPointsByIssuerSubjectKeyIDList = 12 [(gogoproto.nullable) = false]; + repeated ApprovedCertificatesBySubjectKeyId approvedCertificatesBySubjectKeyIdList = 13 [(gogoproto.nullable) = false]; // this line is used by starport scaffolding # genesis/proto/state } diff --git a/proto/pki/query.proto b/proto/pki/query.proto index 7bd79d5b6..4c99abd33 100644 --- a/proto/pki/query.proto +++ b/proto/pki/query.proto @@ -124,6 +124,7 @@ message QueryGetApprovedCertificatesResponse { message QueryAllApprovedCertificatesRequest { cosmos.base.query.v1beta1.PageRequest pagination = 1; + string subjectKeyId = 2; } message QueryAllApprovedCertificatesResponse { diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts index d09311dc2..101c74603 100755 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts @@ -4,6 +4,7 @@ import { SpVuexError } from '@starport/vuex' import { ApprovedCertificates } from "./module/types/pki/approved_certificates" import { ApprovedCertificatesBySubject } from "./module/types/pki/approved_certificates_by_subject" +import { ApprovedCertificatesBySubjectKeyId } from "./module/types/pki/approved_certificates_by_subject_key_id" import { ApprovedRootCertificates } from "./module/types/pki/approved_root_certificates" import { Certificate } from "./module/types/pki/certificate" import { CertificateIdentifier } from "./module/types/pki/certificate_identifier" @@ -19,7 +20,7 @@ import { RevokedRootCertificates } from "./module/types/pki/revoked_root_certifi import { UniqueCertificate } from "./module/types/pki/unique_certificate" -export { ApprovedCertificates, ApprovedCertificatesBySubject, ApprovedRootCertificates, Certificate, CertificateIdentifier, ChildCertificates, Grant, PkiRevocationDistributionPoint, PkiRevocationDistributionPointsByIssuerSubjectKeyID, ProposedCertificate, ProposedCertificateRevocation, RejectedCertificate, RevokedCertificates, RevokedRootCertificates, UniqueCertificate }; +export { ApprovedCertificates, ApprovedCertificatesBySubject, ApprovedCertificatesBySubjectKeyId, ApprovedRootCertificates, Certificate, CertificateIdentifier, ChildCertificates, Grant, PkiRevocationDistributionPoint, PkiRevocationDistributionPointsByIssuerSubjectKeyID, ProposedCertificate, ProposedCertificateRevocation, RejectedCertificate, RevokedCertificates, RevokedRootCertificates, UniqueCertificate }; async function initTxClient(vuexGetters) { return await txClient(vuexGetters['common/wallet/signer'], { @@ -78,6 +79,7 @@ const getDefaultState = () => { _Structure: { ApprovedCertificates: getStructure(ApprovedCertificates.fromPartial({})), ApprovedCertificatesBySubject: getStructure(ApprovedCertificatesBySubject.fromPartial({})), + ApprovedCertificatesBySubjectKeyId: getStructure(ApprovedCertificatesBySubjectKeyId.fromPartial({})), ApprovedRootCertificates: getStructure(ApprovedRootCertificates.fromPartial({})), Certificate: getStructure(Certificate.fromPartial({})), CertificateIdentifier: getStructure(CertificateIdentifier.fromPartial({})), diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts index f4304c806..0c9e9c6e1 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts @@ -568,6 +568,7 @@ export class Api extends HttpClient diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/approved_certificates_by_subject_key_id.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/approved_certificates_by_subject_key_id.ts new file mode 100644 index 000000000..75263df65 --- /dev/null +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/approved_certificates_by_subject_key_id.ts @@ -0,0 +1,100 @@ +/* eslint-disable */ +import { Certificate } from '../pki/certificate' +import { Writer, Reader } from 'protobufjs/minimal' + +export const protobufPackage = 'zigbeealliance.distributedcomplianceledger.pki' + +export interface ApprovedCertificatesBySubjectKeyId { + subjectKeyId: string + certs: Certificate[] +} + +const baseApprovedCertificatesBySubjectKeyId: object = { subjectKeyId: '' } + +export const ApprovedCertificatesBySubjectKeyId = { + encode(message: ApprovedCertificatesBySubjectKeyId, writer: Writer = Writer.create()): Writer { + if (message.subjectKeyId !== '') { + writer.uint32(10).string(message.subjectKeyId) + } + for (const v of message.certs) { + Certificate.encode(v!, writer.uint32(18).fork()).ldelim() + } + return writer + }, + + decode(input: Reader | Uint8Array, length?: number): ApprovedCertificatesBySubjectKeyId { + const reader = input instanceof Uint8Array ? new Reader(input) : input + let end = length === undefined ? reader.len : reader.pos + length + const message = { ...baseApprovedCertificatesBySubjectKeyId } as ApprovedCertificatesBySubjectKeyId + message.certs = [] + while (reader.pos < end) { + const tag = reader.uint32() + switch (tag >>> 3) { + case 1: + message.subjectKeyId = reader.string() + break + case 2: + message.certs.push(Certificate.decode(reader, reader.uint32())) + break + default: + reader.skipType(tag & 7) + break + } + } + return message + }, + + fromJSON(object: any): ApprovedCertificatesBySubjectKeyId { + const message = { ...baseApprovedCertificatesBySubjectKeyId } as ApprovedCertificatesBySubjectKeyId + message.certs = [] + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = String(object.subjectKeyId) + } else { + message.subjectKeyId = '' + } + if (object.certs !== undefined && object.certs !== null) { + for (const e of object.certs) { + message.certs.push(Certificate.fromJSON(e)) + } + } + return message + }, + + toJSON(message: ApprovedCertificatesBySubjectKeyId): unknown { + const obj: any = {} + message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId) + if (message.certs) { + obj.certs = message.certs.map((e) => (e ? Certificate.toJSON(e) : undefined)) + } else { + obj.certs = [] + } + return obj + }, + + fromPartial(object: DeepPartial): ApprovedCertificatesBySubjectKeyId { + const message = { ...baseApprovedCertificatesBySubjectKeyId } as ApprovedCertificatesBySubjectKeyId + message.certs = [] + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = object.subjectKeyId + } else { + message.subjectKeyId = '' + } + if (object.certs !== undefined && object.certs !== null) { + for (const e of object.certs) { + message.certs.push(Certificate.fromPartial(e)) + } + } + return message + } +} + +type Builtin = Date | Function | Uint8Array | string | number | undefined +export type DeepPartial = T extends Builtin + ? T + : T extends Array + ? Array> + : T extends ReadonlyArray + ? ReadonlyArray> + : T extends {} + ? { [K in keyof T]?: DeepPartial } + : Partial diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts index b582c9b32..807cfe740 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts @@ -11,6 +11,7 @@ import { ApprovedCertificatesBySubject } from '../pki/approved_certificates_by_s import { RejectedCertificate } from '../pki/rejected_certificate' import { PkiRevocationDistributionPoint } from '../pki/pki_revocation_distribution_point' import { PkiRevocationDistributionPointsByIssuerSubjectKeyID } from '../pki/pki_revocation_distribution_points_by_issuer_subject_key_id' +import { ApprovedCertificatesBySubjectKeyId } from '../pki/approved_certificates_by_subject_key_id' import { Writer, Reader } from 'protobufjs/minimal' export const protobufPackage = 'zigbeealliance.distributedcomplianceledger.pki' @@ -28,8 +29,9 @@ export interface GenesisState { approvedCertificatesBySubjectList: ApprovedCertificatesBySubject[] rejectedCertificateList: RejectedCertificate[] PkiRevocationDistributionPointList: PkiRevocationDistributionPoint[] - /** this line is used by starport scaffolding # genesis/proto/state */ pkiRevocationDistributionPointsByIssuerSubjectKeyIDList: PkiRevocationDistributionPointsByIssuerSubjectKeyID[] + approvedCertificatesBySubjectKeyIdList: ApprovedCertificatesBySubjectKeyId[] + /** this line is used by starport scaffolding # genesis/proto/state */ } const baseGenesisState: object = {} @@ -72,6 +74,9 @@ export const GenesisState = { for (const v of message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList) { PkiRevocationDistributionPointsByIssuerSubjectKeyID.encode(v!, writer.uint32(98).fork()).ldelim() } + for (const v of message.approvedCertificatesBySubjectKeyIdList) { + ApprovedCertificatesBySubjectKeyId.encode(v!, writer.uint32(106).fork()).ldelim() + } return writer }, @@ -89,6 +94,7 @@ export const GenesisState = { message.rejectedCertificateList = [] message.PkiRevocationDistributionPointList = [] message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList = [] + message.approvedCertificatesBySubjectKeyIdList = [] while (reader.pos < end) { const tag = reader.uint32() switch (tag >>> 3) { @@ -130,6 +136,9 @@ export const GenesisState = { PkiRevocationDistributionPointsByIssuerSubjectKeyID.decode(reader, reader.uint32()) ) break + case 13: + message.approvedCertificatesBySubjectKeyIdList.push(ApprovedCertificatesBySubjectKeyId.decode(reader, reader.uint32())) + break default: reader.skipType(tag & 7) break @@ -150,6 +159,7 @@ export const GenesisState = { message.rejectedCertificateList = [] message.PkiRevocationDistributionPointList = [] message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList = [] + message.approvedCertificatesBySubjectKeyIdList = [] if (object.approvedCertificatesList !== undefined && object.approvedCertificatesList !== null) { for (const e of object.approvedCertificatesList) { message.approvedCertificatesList.push(ApprovedCertificates.fromJSON(e)) @@ -213,6 +223,11 @@ export const GenesisState = { message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList.push(PkiRevocationDistributionPointsByIssuerSubjectKeyID.fromJSON(e)) } } + if (object.approvedCertificatesBySubjectKeyIdList !== undefined && object.approvedCertificatesBySubjectKeyIdList !== null) { + for (const e of object.approvedCertificatesBySubjectKeyIdList) { + message.approvedCertificatesBySubjectKeyIdList.push(ApprovedCertificatesBySubjectKeyId.fromJSON(e)) + } + } return message }, @@ -274,6 +289,13 @@ export const GenesisState = { } else { obj.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList = [] } + if (message.approvedCertificatesBySubjectKeyIdList) { + obj.approvedCertificatesBySubjectKeyIdList = message.approvedCertificatesBySubjectKeyIdList.map((e) => + e ? ApprovedCertificatesBySubjectKeyId.toJSON(e) : undefined + ) + } else { + obj.approvedCertificatesBySubjectKeyIdList = [] + } return obj }, @@ -289,6 +311,7 @@ export const GenesisState = { message.rejectedCertificateList = [] message.PkiRevocationDistributionPointList = [] message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList = [] + message.approvedCertificatesBySubjectKeyIdList = [] if (object.approvedCertificatesList !== undefined && object.approvedCertificatesList !== null) { for (const e of object.approvedCertificatesList) { message.approvedCertificatesList.push(ApprovedCertificates.fromPartial(e)) @@ -352,6 +375,11 @@ export const GenesisState = { message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList.push(PkiRevocationDistributionPointsByIssuerSubjectKeyID.fromPartial(e)) } } + if (object.approvedCertificatesBySubjectKeyIdList !== undefined && object.approvedCertificatesBySubjectKeyIdList !== null) { + for (const e of object.approvedCertificatesBySubjectKeyIdList) { + message.approvedCertificatesBySubjectKeyIdList.push(ApprovedCertificatesBySubjectKeyId.fromPartial(e)) + } + } return message } } diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts index b8ea9571a..7dc9bbf0d 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts @@ -26,6 +26,7 @@ export interface QueryGetApprovedCertificatesResponse { export interface QueryAllApprovedCertificatesRequest { pagination: PageRequest | undefined + subjectKeyId: string } export interface QueryAllApprovedCertificatesResponse { @@ -289,13 +290,16 @@ export const QueryGetApprovedCertificatesResponse = { } } -const baseQueryAllApprovedCertificatesRequest: object = {} +const baseQueryAllApprovedCertificatesRequest: object = { subjectKeyId: '' } export const QueryAllApprovedCertificatesRequest = { encode(message: QueryAllApprovedCertificatesRequest, writer: Writer = Writer.create()): Writer { if (message.pagination !== undefined) { PageRequest.encode(message.pagination, writer.uint32(10).fork()).ldelim() } + if (message.subjectKeyId !== '') { + writer.uint32(18).string(message.subjectKeyId) + } return writer }, @@ -309,6 +313,9 @@ export const QueryAllApprovedCertificatesRequest = { case 1: message.pagination = PageRequest.decode(reader, reader.uint32()) break + case 2: + message.subjectKeyId = reader.string() + break default: reader.skipType(tag & 7) break @@ -324,12 +331,18 @@ export const QueryAllApprovedCertificatesRequest = { } else { message.pagination = undefined } + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = String(object.subjectKeyId) + } else { + message.subjectKeyId = '' + } return message }, toJSON(message: QueryAllApprovedCertificatesRequest): unknown { const obj: any = {} message.pagination !== undefined && (obj.pagination = message.pagination ? PageRequest.toJSON(message.pagination) : undefined) + message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId) return obj }, @@ -340,6 +353,11 @@ export const QueryAllApprovedCertificatesRequest = { } else { message.pagination = undefined } + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = object.subjectKeyId + } else { + message.subjectKeyId = '' + } return message } } diff --git a/x/compliance/module.go b/x/compliance/module.go index baeaf9b2e..f1e53d9a1 100644 --- a/x/compliance/module.go +++ b/x/compliance/module.go @@ -130,6 +130,7 @@ func (am AppModule) LegacyQuerierHandler(legacyQuerierCdc *codec.LegacyAmino) sd func (am AppModule) RegisterServices(cfg module.Configurator) { types.RegisterMsgServer(cfg.MsgServer(), keeper.NewMsgServerImpl(am.keeper)) types.RegisterQueryServer(cfg.QueryServer(), am.keeper) + _ = cfg.RegisterMigration(types.ModuleName, 1, func(s sdk.Context) error { return nil }) } // RegisterInvariants registers the capability module's invariants. diff --git a/x/dclauth/types/account.pb.go b/x/dclauth/types/account.pb.go index 168ce01b3..cf99f42ad 100644 --- a/x/dclauth/types/account.pb.go +++ b/x/dclauth/types/account.pb.go @@ -8,11 +8,10 @@ import ( types "github.com/cosmos/cosmos-sdk/x/auth/types" _ "github.com/gogo/protobuf/gogoproto" proto "github.com/gogo/protobuf/proto" + types1 "github.com/zigbee-alliance/distributed-compliance-ledger/x/common/types" io "io" math "math" math_bits "math/bits" - - types1 "github.com/zigbee-alliance/distributed-compliance-ledger/x/common/types" ) // Reference imports to suppress errors if they are not otherwise used. diff --git a/x/model/module.go b/x/model/module.go index 673f7fae2..96deba49d 100644 --- a/x/model/module.go +++ b/x/model/module.go @@ -132,6 +132,7 @@ func (am AppModule) LegacyQuerierHandler(legacyQuerierCdc *codec.LegacyAmino) sd func (am AppModule) RegisterServices(cfg module.Configurator) { types.RegisterMsgServer(cfg.MsgServer(), keeper.NewMsgServerImpl(am.keeper)) types.RegisterQueryServer(cfg.QueryServer(), am.keeper) + _ = cfg.RegisterMigration(types.ModuleName, 1, func(s sdk.Context) error { return nil }) } // RegisterInvariants registers the capability module's invariants. diff --git a/x/pki/client/cli/query_approved_certificates.go b/x/pki/client/cli/query_approved_certificates.go index 7bdd1fa9b..04401aa2e 100644 --- a/x/pki/client/cli/query_approved_certificates.go +++ b/x/pki/client/cli/query_approved_certificates.go @@ -12,6 +12,7 @@ import ( ) func CmdListApprovedCertificates() *cobra.Command { + var subjectKeyID string cmd := &cobra.Command{ Use: "all-x509-certs", Short: "Gets all certificates (root, intermediate and leaf)", @@ -26,7 +27,8 @@ func CmdListApprovedCertificates() *cobra.Command { queryClient := types.NewQueryClient(clientCtx) params := &types.QueryAllApprovedCertificatesRequest{ - Pagination: pageReq, + Pagination: pageReq, + SubjectKeyId: subjectKeyID, } res, err := queryClient.ApprovedCertificatesAll(context.Background(), params) @@ -42,6 +44,7 @@ func CmdListApprovedCertificates() *cobra.Command { } flags.AddPaginationFlagsToCmd(cmd, cmd.Use) + cmd.Flags().StringVarP(&subjectKeyID, FlagSubjectKeyID, FlagSubjectKeyIDShortcut, "", "Certificate's subject key id (hex)") flags.AddQueryFlagsToCmd(cmd) return cmd diff --git a/x/pki/genesis.go b/x/pki/genesis.go index a69921d6b..c3e2fecc1 100644 --- a/x/pki/genesis.go +++ b/x/pki/genesis.go @@ -57,6 +57,10 @@ func InitGenesis(ctx sdk.Context, k keeper.Keeper, genState types.GenesisState) for _, elem := range genState.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList { k.SetPkiRevocationDistributionPointsByIssuerSubjectKeyID(ctx, elem) } + // Set all the approvedCertificatesBySubjectKeyId + for _, elem := range genState.ApprovedCertificatesBySubjectKeyIdList { + k.SetApprovedCertificatesBySubjectKeyID(ctx, elem) + } // this line is used by starport scaffolding # genesis/module/init } @@ -84,6 +88,7 @@ func ExportGenesis(ctx sdk.Context, k keeper.Keeper) *types.GenesisState { genesis.RejectedCertificateList = k.GetAllRejectedCertificate(ctx) genesis.PkiRevocationDistributionPointList = k.GetAllPkiRevocationDistributionPoint(ctx) genesis.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList = k.GetAllPkiRevocationDistributionPointsByIssuerSubjectKeyID(ctx) + genesis.ApprovedCertificatesBySubjectKeyIdList = k.GetAllApprovedCertificatesBySubjectKeyID(ctx) // this line is used by starport scaffolding # genesis/module/export return genesis diff --git a/x/pki/genesis_test.go b/x/pki/genesis_test.go index c44526b28..dbe733e8c 100644 --- a/x/pki/genesis_test.go +++ b/x/pki/genesis_test.go @@ -126,6 +126,14 @@ func TestGenesis(t *testing.T) { IssuerSubjectKeyID: "1", }, }, + ApprovedCertificatesBySubjectKeyIdList: []types.ApprovedCertificatesBySubjectKeyId{ + { + SubjectKeyId: "0", + }, + { + SubjectKeyId: "1", + }, + }, // this line is used by starport scaffolding # genesis/test/state } @@ -146,5 +154,6 @@ func TestGenesis(t *testing.T) { require.ElementsMatch(t, genesisState.RejectedCertificateList, got.RejectedCertificateList) require.ElementsMatch(t, genesisState.PkiRevocationDistributionPointList, got.PkiRevocationDistributionPointList) require.ElementsMatch(t, genesisState.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList, got.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList) + require.ElementsMatch(t, genesisState.ApprovedCertificatesBySubjectKeyIdList, got.ApprovedCertificatesBySubjectKeyIdList) // this line is used by starport scaffolding # genesis/test/assert } diff --git a/x/pki/handler_test.go b/x/pki/handler_test.go index 4e94e2cc0..1d7a25ebe 100644 --- a/x/pki/handler_test.go +++ b/x/pki/handler_test.go @@ -412,11 +412,20 @@ func TestHandler_ApproveAddX509RootCert_ForNotEnoughApprovals(t *testing.T) { // query approved certificate and we should get one back approvedCertificate, _ := querySingleApprovedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, testconstants.RootIssuer, approvedCertificate.Subject) - require.Equal(t, testconstants.RootSerialNumber, approvedCertificate.SerialNumber) - require.True(t, approvedCertificate.IsRoot) - require.True(t, approvedCertificate.HasApprovalFrom(setup.Trustee1.String())) - require.True(t, approvedCertificate.HasApprovalFrom(setup.Trustee2.String())) + aprCerts, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.RootSubjectKeyID) + require.Equal(t, 1, len(aprCerts)) + require.Equal(t, 1, len(aprCerts[0].Certs)) + + certs := make([]*types.Certificate, 0) + certs = append(certs, approvedCertificate, aprCerts[0].Certs[0]) + for _, cert := range certs { + // check + require.Equal(t, testconstants.RootIssuer, cert.Subject) + require.Equal(t, testconstants.RootSerialNumber, cert.SerialNumber) + require.True(t, cert.IsRoot) + require.True(t, cert.HasApprovalFrom(setup.Trustee1.String())) + require.True(t, cert.HasApprovalFrom(setup.Trustee2.String())) + } } func TestHandler_TwoThirdApprovalsNeededForAddingRootCertification(t *testing.T) { @@ -658,7 +667,7 @@ func TestHandler_AddX509Cert(t *testing.T) { rootCertificate := rootCertificate(setup.Trustee1) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - for _, role := range []dclauthtypes.AccountRole{ + for i, role := range []dclauthtypes.AccountRole{ dclauthtypes.Vendor, dclauthtypes.CertificationCenter, dclauthtypes.Trustee, @@ -676,17 +685,25 @@ func TestHandler_AddX509Cert(t *testing.T) { certificate, _ := querySingleApprovedCertificate( setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - // check - require.Equal(t, addX509Cert.Cert, certificate.PemCert) - require.Equal(t, addX509Cert.Signer, certificate.Owner) - require.Equal(t, testconstants.IntermediateSubject, certificate.Subject) - require.Equal(t, testconstants.IntermediateSubjectKeyID, certificate.SubjectKeyId) - require.Equal(t, testconstants.IntermediateSerialNumber, certificate.SerialNumber) - require.False(t, certificate.IsRoot) - require.Equal(t, testconstants.IntermediateIssuer, certificate.Issuer) - require.Equal(t, testconstants.IntermediateAuthorityKeyID, certificate.AuthorityKeyId) - require.Equal(t, testconstants.RootSubject, certificate.RootSubject) - require.Equal(t, testconstants.RootSubjectKeyID, certificate.RootSubjectKeyId) + certificateBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) + require.Equal(t, 1, len(certificateBySubjectKeyID)) + require.Equal(t, i+1, len(certificateBySubjectKeyID[0].Certs)) + + certs := make([]*types.Certificate, 0) + certs = append(certs, certificate, certificateBySubjectKeyID[0].Certs[i]) + for _, cert := range certs { + // check + require.Equal(t, addX509Cert.Cert, cert.PemCert) + require.Equal(t, addX509Cert.Signer, cert.Owner) + require.Equal(t, testconstants.IntermediateSubject, cert.Subject) + require.Equal(t, testconstants.IntermediateSubjectKeyID, cert.SubjectKeyId) + require.Equal(t, testconstants.IntermediateSerialNumber, cert.SerialNumber) + require.False(t, cert.IsRoot) + require.Equal(t, testconstants.IntermediateIssuer, cert.Issuer) + require.Equal(t, testconstants.IntermediateAuthorityKeyID, cert.AuthorityKeyId) + require.Equal(t, testconstants.RootSubject, cert.RootSubject) + require.Equal(t, testconstants.RootSubjectKeyID, cert.RootSubjectKeyId) + } // check that unique certificate key is registered require.True(t, setup.Keeper.IsUniqueCertificatePresent( @@ -1415,6 +1432,9 @@ func TestHandler_RevokeX509Cert(t *testing.T) { _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) + // get intermediate certificate by subject-key-id + certsBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) + require.Equal(t, 1, len(certsBySubjectKeyID)) // get certificate for further comparison certificateBeforeRevocation, _ := querySingleApprovedCertificate( setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) @@ -1440,6 +1460,10 @@ func TestHandler_RevokeX509Cert(t *testing.T) { require.Equal(t, testconstants.IntermediateSubject, allRevokedCertificates[0].Subject) require.Equal(t, testconstants.IntermediateSubjectKeyID, allRevokedCertificates[0].SubjectKeyId) + // check that intermediate certificate removed from subject-key-id -> certs map + certsBySubjectKeyID, _ = queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) + require.Equal(t, 0, len(certsBySubjectKeyID)) + // check that no proposed certificate revocations have been created allProposedCertificateRevocations, _ := queryAllProposedCertificateRevocations(setup) require.NoError(t, err) @@ -1529,6 +1553,12 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { _, err = setup.Handler(setup.Ctx, addLeafX509Cert) require.NoError(t, err) + // check that intermediate nd leaf certificates removed from subject-key-id -> certs map + certs, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) + require.Equal(t, 1, len(certs)) + certs, _ = queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.LeafSubjectKeyID) + require.Equal(t, 1, len(certs)) + // revoke x509 certificate revokeX509Cert := types.NewMsgRevokeX509Cert( setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.Info) @@ -1552,6 +1582,15 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { require.Equal(t, 1, len(allApprovedCertificates)) require.Equal(t, testconstants.RootSubject, allApprovedCertificates[0].Subject) require.Equal(t, testconstants.RootSubjectKeyID, allApprovedCertificates[0].SubjectKeyId) + // check that root certificate(by subject key id) stays approved + allApprovedCertificates, _ = queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.RootSubjectKeyID) + require.Equal(t, 1, len(allApprovedCertificates)) + require.Equal(t, testconstants.RootSubjectKeyID, allApprovedCertificates[0].SubjectKeyId) + // check that intermediate and leaf certificates removed from subject-key-id -> certs map + allApprovedCertificates, _ = queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) + require.Equal(t, 0, len(allApprovedCertificates)) + allApprovedCertificates, _ = queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.LeafSubjectKeyID) + require.Equal(t, 0, len(allApprovedCertificates)) // check that no proposed certificate revocations have been created allProposedCertificateRevocations, _ := queryAllProposedCertificateRevocations(setup) @@ -2278,7 +2317,19 @@ func queryProposedCertificate( func queryAllApprovedCertificates(setup *TestSetup) ([]types.ApprovedCertificates, error) { // query all certificates - req := &types.QueryAllApprovedCertificatesRequest{} + return _queryAllApprovedCertificates(setup, "") +} + +func queryAllApprovedCertificatesBySubjectKeyID(setup *TestSetup, subjectKeyID string) ([]types.ApprovedCertificates, error) { + // query all certificates + return _queryAllApprovedCertificates(setup, subjectKeyID) +} + +func _queryAllApprovedCertificates(setup *TestSetup, subjectKeyID string) ([]types.ApprovedCertificates, error) { + // query all certificates + req := &types.QueryAllApprovedCertificatesRequest{ + SubjectKeyId: subjectKeyID, + } resp, err := setup.Keeper.ApprovedCertificatesAll(setup.Wctx, req) if err != nil { diff --git a/x/pki/keeper/approved_certificates_by_subject_key_id.go b/x/pki/keeper/approved_certificates_by_subject_key_id.go new file mode 100644 index 000000000..86ea1c9ce --- /dev/null +++ b/x/pki/keeper/approved_certificates_by_subject_key_id.go @@ -0,0 +1,98 @@ +package keeper + +import ( + "github.com/cosmos/cosmos-sdk/store/prefix" + sdk "github.com/cosmos/cosmos-sdk/types" + + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// SetApprovedCertificatesBySubjectKeyID set a specific approvedCertificatesBySubjectKeyId in the store from its index. +func (k Keeper) SetApprovedCertificatesBySubjectKeyID(ctx sdk.Context, approvedCertificatesBySubjectKeyID types.ApprovedCertificatesBySubjectKeyId) { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyIDKeyPrefix)) + b := k.cdc.MustMarshal(&approvedCertificatesBySubjectKeyID) + store.Set(types.ApprovedCertificatesBySubjectKeyIDKey( + approvedCertificatesBySubjectKeyID.SubjectKeyId, + ), b) +} + +// Add an approved certificate to the list of approved certificates with the subjectKeyId map. +func (k Keeper) AddApprovedCertificateBySubjectKeyID(ctx sdk.Context, certificate types.Certificate) { + k.addApprovedCertificates(ctx, certificate.SubjectKeyId, []*types.Certificate{&certificate}) +} + +// Add an approved certificates list to approved certificates with the subjectKeyId map. +func (k Keeper) AddApprovedCertificatesBySubjectKeyID(ctx sdk.Context, approvedCertificate types.ApprovedCertificates) { + k.addApprovedCertificates(ctx, approvedCertificate.SubjectKeyId, approvedCertificate.Certs) +} + +func (k Keeper) addApprovedCertificates(ctx sdk.Context, subjectKeyID string, certs []*types.Certificate) { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyIDKeyPrefix)) + + approvedCertificatesBytes := store.Get(types.ApprovedCertificatesBySubjectKey( + subjectKeyID, + )) + var approvedCertificates types.ApprovedCertificatesBySubjectKeyId + + if approvedCertificatesBytes == nil { + approvedCertificates = types.ApprovedCertificatesBySubjectKeyId{ + SubjectKeyId: subjectKeyID, + Certs: []*types.Certificate{}, + } + } else { + k.cdc.MustUnmarshal(approvedCertificatesBytes, &approvedCertificates) + } + + approvedCertificates.Certs = append(approvedCertificates.Certs, certs...) + + k.SetApprovedCertificatesBySubjectKeyID(ctx, approvedCertificates) +} + +// GetApprovedCertificatesBySubjectKeyID returns a approvedCertificatesBySubjectKeyId from its index. +func (k Keeper) GetApprovedCertificatesBySubjectKeyID( + ctx sdk.Context, + subjectKeyID string, + +) (val types.ApprovedCertificatesBySubjectKeyId, found bool) { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyIDKeyPrefix)) + + b := store.Get(types.ApprovedCertificatesBySubjectKeyIDKey( + subjectKeyID, + )) + if b == nil { + return val, false + } + + k.cdc.MustUnmarshal(b, &val) + + return val, true +} + +// RemoveApprovedCertificatesBySubjectKeyID removes a approvedCertificatesBySubjectKeyId from the store. +func (k Keeper) RemoveApprovedCertificatesBySubjectKeyID( + ctx sdk.Context, + subjectKeyID string, + +) { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyIDKeyPrefix)) + store.Delete(types.ApprovedCertificatesBySubjectKeyIDKey( + subjectKeyID, + )) +} + +// GetAllApprovedCertificatesBySubjectKeyID returns all approvedCertificatesBySubjectKeyId. +func (k Keeper) GetAllApprovedCertificatesBySubjectKeyID(ctx sdk.Context) (list []types.ApprovedCertificatesBySubjectKeyId) { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyIDKeyPrefix)) + iterator := sdk.KVStorePrefixIterator(store, []byte{}) + + defer iterator.Close() + + for ; iterator.Valid(); iterator.Next() { + var val types.ApprovedCertificatesBySubjectKeyId + k.cdc.MustUnmarshal(iterator.Value(), &val) + list = append(list, val) + } + + return +} diff --git a/x/pki/keeper/approved_certificates_by_subject_key_id_test.go b/x/pki/keeper/approved_certificates_by_subject_key_id_test.go new file mode 100644 index 000000000..ba3bd1edd --- /dev/null +++ b/x/pki/keeper/approved_certificates_by_subject_key_id_test.go @@ -0,0 +1,65 @@ +package keeper_test + +import ( + "strconv" + "testing" + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/stretchr/testify/require" + + keepertest "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/keeper" + "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/nullify" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/keeper" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// Prevent strconv unused error. +var _ = strconv.IntSize + +func createApprovedCertificatesBySubjectKeyID(keeper *keeper.Keeper, ctx sdk.Context, n int) []types.ApprovedCertificatesBySubjectKeyId { + items := make([]types.ApprovedCertificatesBySubjectKeyId, n) + for i := range items { + items[i].SubjectKeyId = strconv.Itoa(i) + + keeper.SetApprovedCertificatesBySubjectKeyID(ctx, items[i]) + } + + return items +} + +func TestApprovedCertificatesBySubjectKeyIdGet(t *testing.T) { + keeper, ctx := keepertest.PkiKeeper(t, nil) + items := createApprovedCertificatesBySubjectKeyID(keeper, ctx, 10) + for _, item := range items { + rst, found := keeper.GetApprovedCertificatesBySubjectKeyID(ctx, + item.SubjectKeyId, + ) + require.True(t, found) + require.Equal(t, + nullify.Fill(&item), + nullify.Fill(&rst), + ) + } +} +func TestApprovedCertificatesBySubjectKeyIdRemove(t *testing.T) { + keeper, ctx := keepertest.PkiKeeper(t, nil) + items := createApprovedCertificatesBySubjectKeyID(keeper, ctx, 10) + for _, item := range items { + keeper.RemoveApprovedCertificatesBySubjectKeyID(ctx, + item.SubjectKeyId, + ) + _, found := keeper.GetApprovedCertificatesBySubjectKeyID(ctx, + item.SubjectKeyId, + ) + require.False(t, found) + } +} + +func TestApprovedCertificatesBySubjectKeyIdGetAll(t *testing.T) { + keeper, ctx := keepertest.PkiKeeper(t, nil) + items := createApprovedCertificatesBySubjectKeyID(keeper, ctx, 10) + require.ElementsMatch(t, + nullify.Fill(items), + nullify.Fill(keeper.GetAllApprovedCertificatesBySubjectKeyID(ctx)), + ) +} diff --git a/x/pki/keeper/approved_certificates_test.go b/x/pki/keeper/approved_certificates_test.go index 29eb2af09..11fce9f76 100644 --- a/x/pki/keeper/approved_certificates_test.go +++ b/x/pki/keeper/approved_certificates_test.go @@ -22,6 +22,10 @@ func createNApprovedCertificates(keeper *keeper.Keeper, ctx sdk.Context, n int) items[i].SubjectKeyId = strconv.Itoa(i) keeper.SetApprovedCertificates(ctx, items[i]) + keeper.SetApprovedCertificatesBySubjectKeyID(ctx, types.ApprovedCertificatesBySubjectKeyId{ + SubjectKeyId: items[i].SubjectKeyId, + Certs: items[i].Certs, + }) } return items diff --git a/x/pki/keeper/child_certificates.go b/x/pki/keeper/child_certificates.go index 5044326c7..d76782b7f 100644 --- a/x/pki/keeper/child_certificates.go +++ b/x/pki/keeper/child_certificates.go @@ -116,6 +116,9 @@ func (k msgServer) RevokeChildCertificates(ctx sdk.Context, issuer string, autho // remove from subject -> subject key ID map k.RemoveApprovedCertificateBySubject(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId) + // remove from subject key ID -> certificates map + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, certIdentifier.SubjectKeyId) + // Process child certificates recursively k.RevokeChildCertificates(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId) } diff --git a/x/pki/keeper/grpc_query_approved_certificates.go b/x/pki/keeper/grpc_query_approved_certificates.go index 0b7d11e0e..291b9efa7 100644 --- a/x/pki/keeper/grpc_query_approved_certificates.go +++ b/x/pki/keeper/grpc_query_approved_certificates.go @@ -3,13 +3,15 @@ package keeper import ( "context" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "github.com/cosmos/cosmos-sdk/store/prefix" sdk "github.com/cosmos/cosmos-sdk/types" "github.com/cosmos/cosmos-sdk/types/query" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) func (k Keeper) ApprovedCertificatesAll(c context.Context, req *types.QueryAllApprovedCertificatesRequest) (*types.QueryAllApprovedCertificatesResponse, error) { @@ -17,24 +19,43 @@ func (k Keeper) ApprovedCertificatesAll(c context.Context, req *types.QueryAllAp return nil, status.Error(codes.InvalidArgument, "invalid request") } - var approvedCertificatess []types.ApprovedCertificates + var ( + approvedCertificatess []types.ApprovedCertificates + pageRes *query.PageResponse + err error + ) ctx := sdk.UnwrapSDKContext(c) - store := ctx.KVStore(k.storeKey) - approvedCertificatesStore := prefix.NewStore(store, pkitypes.KeyPrefix(types.ApprovedCertificatesKeyPrefix)) + if req.SubjectKeyId != "" { + aprCerts, found := k.GetApprovedCertificatesBySubjectKeyID( + ctx, + req.SubjectKeyId, + ) - pageRes, err := query.Paginate(approvedCertificatesStore, req.Pagination, func(key []byte, value []byte) error { - var approvedCertificates types.ApprovedCertificates - if err := k.cdc.Unmarshal(value, &approvedCertificates); err != nil { - return err + if found { + approvedCertificatess = append(approvedCertificatess, types.ApprovedCertificates{ + SubjectKeyId: aprCerts.SubjectKeyId, + Certs: aprCerts.Certs, + }) } + pageRes = &query.PageResponse{Total: 1} + } else { + store := ctx.KVStore(k.storeKey) + approvedCertificatesStore := prefix.NewStore(store, pkitypes.KeyPrefix(types.ApprovedCertificatesKeyPrefix)) - approvedCertificatess = append(approvedCertificatess, approvedCertificates) + pageRes, err = query.Paginate(approvedCertificatesStore, req.Pagination, func(key []byte, value []byte) error { + var approvedCertificates types.ApprovedCertificates + if err := k.cdc.Unmarshal(value, &approvedCertificates); err != nil { + return err + } - return nil - }) - if err != nil { - return nil, status.Error(codes.Internal, err.Error()) + approvedCertificatess = append(approvedCertificatess, approvedCertificates) + + return nil + }) + if err != nil { + return nil, status.Error(codes.Internal, err.Error()) + } } return &types.QueryAllApprovedCertificatesResponse{ApprovedCertificates: approvedCertificatess, Pagination: pageRes}, nil diff --git a/x/pki/keeper/grpc_query_approved_certificates_test.go b/x/pki/keeper/grpc_query_approved_certificates_test.go index 75a1a4f09..90e177182 100644 --- a/x/pki/keeper/grpc_query_approved_certificates_test.go +++ b/x/pki/keeper/grpc_query_approved_certificates_test.go @@ -76,7 +76,7 @@ func TestApprovedCertificatesQueryPaginated(t *testing.T) { wctx := sdk.WrapSDKContext(ctx) msgs := createNApprovedCertificates(keeper, ctx, 5) - request := func(next []byte, offset, limit uint64, total bool) *types.QueryAllApprovedCertificatesRequest { + request := func(next []byte, offset, limit uint64, total bool, subjectKeyId string) *types.QueryAllApprovedCertificatesRequest { return &types.QueryAllApprovedCertificatesRequest{ Pagination: &query.PageRequest{ Key: next, @@ -84,12 +84,13 @@ func TestApprovedCertificatesQueryPaginated(t *testing.T) { Limit: limit, CountTotal: total, }, + SubjectKeyId: subjectKeyId, } } t.Run("ByOffset", func(t *testing.T) { step := 2 for i := 0; i < len(msgs); i += step { - resp, err := keeper.ApprovedCertificatesAll(wctx, request(nil, uint64(i), uint64(step), false)) + resp, err := keeper.ApprovedCertificatesAll(wctx, request(nil, uint64(i), uint64(step), false, "")) require.NoError(t, err) require.LessOrEqual(t, len(resp.ApprovedCertificates), step) require.Subset(t, @@ -102,7 +103,7 @@ func TestApprovedCertificatesQueryPaginated(t *testing.T) { step := 2 var next []byte for i := 0; i < len(msgs); i += step { - resp, err := keeper.ApprovedCertificatesAll(wctx, request(next, 0, uint64(step), false)) + resp, err := keeper.ApprovedCertificatesAll(wctx, request(next, 0, uint64(step), false, "")) require.NoError(t, err) require.LessOrEqual(t, len(resp.ApprovedCertificates), step) require.Subset(t, @@ -113,7 +114,7 @@ func TestApprovedCertificatesQueryPaginated(t *testing.T) { } }) t.Run("Total", func(t *testing.T) { - resp, err := keeper.ApprovedCertificatesAll(wctx, request(nil, 0, 0, true)) + resp, err := keeper.ApprovedCertificatesAll(wctx, request(nil, 0, 0, true, "")) require.NoError(t, err) require.Equal(t, len(msgs), int(resp.Pagination.Total)) require.ElementsMatch(t, @@ -121,6 +122,12 @@ func TestApprovedCertificatesQueryPaginated(t *testing.T) { nullify.Fill(resp.ApprovedCertificates), ) }) + t.Run("By subjectkey-id", func(t *testing.T) { + resp, err := keeper.ApprovedCertificatesAll(wctx, request(nil, 0, 0, true, "0")) + require.NoError(t, err) + require.Equal(t, 1, len(resp.ApprovedCertificates)) + require.Equal(t, msgs[0].SubjectKeyId, resp.ApprovedCertificates[0].SubjectKeyId) + }) t.Run("InvalidRequest", func(t *testing.T) { _, err := keeper.ApprovedCertificatesAll(wctx, nil) require.ErrorIs(t, err, status.Error(codes.InvalidArgument, "invalid request")) diff --git a/x/pki/keeper/migrations.go b/x/pki/keeper/migrations.go new file mode 100644 index 000000000..6d8eb9592 --- /dev/null +++ b/x/pki/keeper/migrations.go @@ -0,0 +1,28 @@ +package keeper + +import ( + sdk "github.com/cosmos/cosmos-sdk/types" +) + +// Migrator is a struct for handling in-place store migrations. +type Migrator struct { + keeper Keeper +} + +// NewMigrator returns a new Migrator. +func NewMigrator(keeper Keeper) Migrator { + return Migrator{keeper: keeper} +} + +// Migrate1to2 migrates from version 1 to 2. +func (m Migrator) Migrate1to2(_ sdk.Context) error { return nil } + +// Migrate2to3 migrates from version 2 to 3. +func (m Migrator) Migrate2to3(ctx sdk.Context) error { + approvedCertificates := m.keeper.GetAllApprovedCertificates(ctx) + for _, cert := range approvedCertificates { + m.keeper.AddApprovedCertificatesBySubjectKeyID(ctx, cert) + } + + return nil +} diff --git a/x/pki/keeper/migrations_test.go b/x/pki/keeper/migrations_test.go new file mode 100644 index 000000000..7928794e3 --- /dev/null +++ b/x/pki/keeper/migrations_test.go @@ -0,0 +1,45 @@ +package keeper_test + +import ( + "strconv" + "testing" + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/stretchr/testify/require" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" + + keepertest "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/keeper" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/keeper" +) + +// Prevent strconv unused error. +var _ = strconv.IntSize + +func _createNApprovedCertificates(keeper *keeper.Keeper, ctx sdk.Context, n int) []types.ApprovedCertificates { + items := make([]types.ApprovedCertificates, n) + for i := range items { + items[i].Subject = strconv.Itoa(i) + items[i].SubjectKeyId = strconv.Itoa(i) + items[i].Certs = []*types.Certificate{{SubjectKeyId: strconv.Itoa(i)}} + keeper.SetApprovedCertificates(ctx, items[i]) + } + + return items +} + +func TestMigrator_Migrate2to3(t *testing.T) { + _keeper, ctx := keepertest.PkiKeeper(t, nil) + msg := _createNApprovedCertificates(_keeper, ctx, 5) + + migrator := keeper.NewMigrator(*_keeper) + err := migrator.Migrate2to3(ctx) + require.NoError(t, err) + + subjectKeyID := "0" + list, found := _keeper.GetApprovedCertificatesBySubjectKeyID(ctx, subjectKeyID) + require.True(t, found) + + require.Equal(t, 1, len(list.Certs)) + require.Equal(t, subjectKeyID, list.SubjectKeyId) + require.Equal(t, msg[0].Certs, list.Certs) +} diff --git a/x/pki/keeper/msg_server_add_x_509_cert.go b/x/pki/keeper/msg_server_add_x_509_cert.go index 4a4d790bd..b5f13fc8f 100644 --- a/x/pki/keeper/msg_server_add_x_509_cert.go +++ b/x/pki/keeper/msg_server_add_x_509_cert.go @@ -99,5 +99,8 @@ func (k msgServer) AddX509Cert(goCtx context.Context, msg *types.MsgAddX509Cert) // add to subject -> subject key ID map k.AddApprovedCertificateBySubject(ctx, certificate.Subject, certificate.SubjectKeyId) + // add to subject key ID -> certificates map + k.AddApprovedCertificateBySubjectKeyID(ctx, certificate) + return &types.MsgAddX509CertResponse{}, nil } diff --git a/x/pki/keeper/msg_server_approve_add_x_509_root_cert.go b/x/pki/keeper/msg_server_approve_add_x_509_root_cert.go index c7d5c1ba6..346bf8389 100644 --- a/x/pki/keeper/msg_server_approve_add_x_509_root_cert.go +++ b/x/pki/keeper/msg_server_approve_add_x_509_root_cert.go @@ -89,6 +89,9 @@ func (k msgServer) ApproveAddX509RootCert(goCtx context.Context, msg *types.MsgA // add to subject -> subject key ID map k.AddApprovedCertificateBySubject(ctx, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // add to subject key ID -> certificates map + k.AddApprovedCertificateBySubjectKeyID(ctx, rootCertificate) } else { // update proposed certificate k.SetProposedCertificate(ctx, proposedCertificate) diff --git a/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go b/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go index 220772bbd..4470ed670 100644 --- a/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go +++ b/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go @@ -75,6 +75,9 @@ func (k msgServer) ApproveRevokeX509RootCert(goCtx context.Context, msg *types.M // remove from subject -> subject key ID map k.RemoveApprovedCertificateBySubject(ctx, msg.Subject, msg.SubjectKeyId) + + // remove from subject key ID -> certificates map + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, msg.SubjectKeyId) } else { k.SetProposedCertificateRevocation(ctx, revocation) } diff --git a/x/pki/keeper/msg_server_revoke_x_509_cert.go b/x/pki/keeper/msg_server_revoke_x_509_cert.go index 6e8baf0a9..e7a9c6a63 100644 --- a/x/pki/keeper/msg_server_revoke_x_509_cert.go +++ b/x/pki/keeper/msg_server_revoke_x_509_cert.go @@ -49,5 +49,8 @@ func (k msgServer) RevokeX509Cert(goCtx context.Context, msg *types.MsgRevokeX50 // remove from subject -> subject key ID map k.RemoveApprovedCertificateBySubject(ctx, msg.Subject, msg.SubjectKeyId) + // remove from subject key ID -> certificates map + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, msg.SubjectKeyId) + return &types.MsgRevokeX509CertResponse{}, nil } diff --git a/x/pki/module.go b/x/pki/module.go index 5149c5d31..8044b600f 100644 --- a/x/pki/module.go +++ b/x/pki/module.go @@ -131,6 +131,10 @@ func (am AppModule) LegacyQuerierHandler(legacyQuerierCdc *codec.LegacyAmino) sd func (am AppModule) RegisterServices(cfg module.Configurator) { types.RegisterMsgServer(cfg.MsgServer(), keeper.NewMsgServerImpl(am.keeper)) types.RegisterQueryServer(cfg.QueryServer(), am.keeper) + + m := keeper.NewMigrator(am.keeper) + _ = cfg.RegisterMigration(pkitypes.ModuleName, 1, m.Migrate1to2) + _ = cfg.RegisterMigration(pkitypes.ModuleName, 2, m.Migrate2to3) } // RegisterInvariants registers the pki module's invariants. @@ -156,7 +160,7 @@ func (am AppModule) ExportGenesis(ctx sdk.Context, cdc codec.JSONCodec) json.Raw } // ConsensusVersion implements ConsensusVersion. -func (AppModule) ConsensusVersion() uint64 { return 2 } +func (AppModule) ConsensusVersion() uint64 { return 3 } // BeginBlock executes all ABCI BeginBlock logic respective to the pki module. func (am AppModule) BeginBlock(_ sdk.Context, _ abci.RequestBeginBlock) {} diff --git a/x/pki/types/approved_certificates_by_subject_key_id.pb.go b/x/pki/types/approved_certificates_by_subject_key_id.pb.go new file mode 100644 index 000000000..03a9017b4 --- /dev/null +++ b/x/pki/types/approved_certificates_by_subject_key_id.pb.go @@ -0,0 +1,385 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: pki/approved_certificates_by_subject_key_id.proto + +package types + +import ( + fmt "fmt" + proto "github.com/gogo/protobuf/proto" + io "io" + math "math" + math_bits "math/bits" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +type ApprovedCertificatesBySubjectKeyId struct { + SubjectKeyId string `protobuf:"bytes,1,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty"` + Certs []*Certificate `protobuf:"bytes,2,rep,name=certs,proto3" json:"certs,omitempty"` +} + +func (m *ApprovedCertificatesBySubjectKeyId) Reset() { *m = ApprovedCertificatesBySubjectKeyId{} } +func (m *ApprovedCertificatesBySubjectKeyId) String() string { return proto.CompactTextString(m) } +func (*ApprovedCertificatesBySubjectKeyId) ProtoMessage() {} +func (*ApprovedCertificatesBySubjectKeyId) Descriptor() ([]byte, []int) { + return fileDescriptor_3c174758e89e6673, []int{0} +} +func (m *ApprovedCertificatesBySubjectKeyId) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ApprovedCertificatesBySubjectKeyId) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ApprovedCertificatesBySubjectKeyId.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ApprovedCertificatesBySubjectKeyId) XXX_Merge(src proto.Message) { + xxx_messageInfo_ApprovedCertificatesBySubjectKeyId.Merge(m, src) +} +func (m *ApprovedCertificatesBySubjectKeyId) XXX_Size() int { + return m.Size() +} +func (m *ApprovedCertificatesBySubjectKeyId) XXX_DiscardUnknown() { + xxx_messageInfo_ApprovedCertificatesBySubjectKeyId.DiscardUnknown(m) +} + +var xxx_messageInfo_ApprovedCertificatesBySubjectKeyId proto.InternalMessageInfo + +func (m *ApprovedCertificatesBySubjectKeyId) GetSubjectKeyId() string { + if m != nil { + return m.SubjectKeyId + } + return "" +} + +func (m *ApprovedCertificatesBySubjectKeyId) GetCerts() []*Certificate { + if m != nil { + return m.Certs + } + return nil +} + +func init() { + proto.RegisterType((*ApprovedCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.ApprovedCertificatesBySubjectKeyId") +} + +func init() { + proto.RegisterFile("pki/approved_certificates_by_subject_key_id.proto", fileDescriptor_3c174758e89e6673) +} + +var fileDescriptor_3c174758e89e6673 = []byte{ + // 258 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0xd0, 0x31, 0x4b, 0xc4, 0x30, + 0x18, 0xc6, 0xf1, 0x46, 0x51, 0xb0, 0x3a, 0x15, 0x84, 0xc3, 0x21, 0x1c, 0x9d, 0x6e, 0x69, 0x8a, + 0x3a, 0x3a, 0x79, 0xba, 0x88, 0x93, 0xe7, 0xe6, 0x60, 0x69, 0x92, 0xd7, 0xfa, 0xda, 0x9e, 0x0d, + 0x49, 0x2a, 0xc6, 0x4f, 0xe1, 0xee, 0x17, 0x72, 0xbc, 0xd1, 0x51, 0xda, 0x2f, 0x22, 0x35, 0x8a, + 0x71, 0xbc, 0x31, 0xef, 0xf0, 0xff, 0x85, 0x27, 0x3e, 0x54, 0x35, 0xe6, 0xa5, 0x52, 0xba, 0x7d, + 0x02, 0x59, 0x08, 0xd0, 0x16, 0xef, 0x50, 0x94, 0x16, 0x4c, 0xc1, 0x5d, 0x61, 0x3a, 0xfe, 0x00, + 0xc2, 0x16, 0x35, 0xb8, 0x02, 0x25, 0x53, 0xba, 0xb5, 0x6d, 0xc2, 0x5e, 0xb0, 0xe2, 0x00, 0x65, + 0xd3, 0x60, 0xf9, 0x28, 0x80, 0x49, 0x34, 0x56, 0x23, 0xef, 0x2c, 0x48, 0xd1, 0x2e, 0x95, 0xbf, + 0x36, 0x20, 0x2b, 0xd0, 0x4c, 0xd5, 0x78, 0xb0, 0x3f, 0x12, 0x41, 0xd9, 0x67, 0xd2, 0x37, 0x12, + 0xa7, 0xa7, 0x3f, 0xf0, 0x59, 0xe0, 0xce, 0xdd, 0xb5, 0x57, 0x2f, 0xc1, 0x5d, 0xc8, 0x24, 0x8d, + 0xf7, 0x4c, 0xf0, 0x9e, 0x90, 0x29, 0x99, 0xed, 0x2c, 0xfe, 0xdd, 0x92, 0xab, 0x78, 0x6b, 0xec, + 0x9b, 0xc9, 0xc6, 0x74, 0x73, 0xb6, 0x7b, 0x74, 0xb2, 0xe6, 0x0f, 0x59, 0xc0, 0x2f, 0x7c, 0x69, + 0x7e, 0xfb, 0xde, 0x53, 0xb2, 0xea, 0x29, 0xf9, 0xec, 0x29, 0x79, 0x1d, 0x68, 0xb4, 0x1a, 0x68, + 0xf4, 0x31, 0xd0, 0xe8, 0xe6, 0xbc, 0x42, 0x7b, 0xdf, 0x71, 0x26, 0xda, 0x65, 0xee, 0x9d, 0xec, + 0x17, 0xca, 0x03, 0x28, 0xfb, 0x93, 0x32, 0x4f, 0xe5, 0xcf, 0xf9, 0xb8, 0x84, 0x75, 0x0a, 0x0c, + 0xdf, 0xfe, 0x1e, 0xe1, 0xf8, 0x2b, 0x00, 0x00, 0xff, 0xff, 0x29, 0xe4, 0x03, 0x2a, 0x80, 0x01, + 0x00, 0x00, +} + +func (m *ApprovedCertificatesBySubjectKeyId) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ApprovedCertificatesBySubjectKeyId) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ApprovedCertificatesBySubjectKeyId) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Certs) > 0 { + for iNdEx := len(m.Certs) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Certs[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintApprovedCertificatesBySubjectKeyId(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + if len(m.SubjectKeyId) > 0 { + i -= len(m.SubjectKeyId) + copy(dAtA[i:], m.SubjectKeyId) + i = encodeVarintApprovedCertificatesBySubjectKeyId(dAtA, i, uint64(len(m.SubjectKeyId))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func encodeVarintApprovedCertificatesBySubjectKeyId(dAtA []byte, offset int, v uint64) int { + offset -= sovApprovedCertificatesBySubjectKeyId(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *ApprovedCertificatesBySubjectKeyId) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.SubjectKeyId) + if l > 0 { + n += 1 + l + sovApprovedCertificatesBySubjectKeyId(uint64(l)) + } + if len(m.Certs) > 0 { + for _, e := range m.Certs { + l = e.Size() + n += 1 + l + sovApprovedCertificatesBySubjectKeyId(uint64(l)) + } + } + return n +} + +func sovApprovedCertificatesBySubjectKeyId(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozApprovedCertificatesBySubjectKeyId(x uint64) (n int) { + return sovApprovedCertificatesBySubjectKeyId(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *ApprovedCertificatesBySubjectKeyId) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApprovedCertificatesBySubjectKeyId + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyId: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyId: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubjectKeyId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApprovedCertificatesBySubjectKeyId + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApprovedCertificatesBySubjectKeyId + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApprovedCertificatesBySubjectKeyId + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubjectKeyId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Certs", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApprovedCertificatesBySubjectKeyId + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthApprovedCertificatesBySubjectKeyId + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthApprovedCertificatesBySubjectKeyId + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Certs = append(m.Certs, &Certificate{}) + if err := m.Certs[len(m.Certs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipApprovedCertificatesBySubjectKeyId(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthApprovedCertificatesBySubjectKeyId + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipApprovedCertificatesBySubjectKeyId(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowApprovedCertificatesBySubjectKeyId + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowApprovedCertificatesBySubjectKeyId + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowApprovedCertificatesBySubjectKeyId + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if length < 0 { + return 0, ErrInvalidLengthApprovedCertificatesBySubjectKeyId + } + iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupApprovedCertificatesBySubjectKeyId + } + depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + if iNdEx < 0 { + return 0, ErrInvalidLengthApprovedCertificatesBySubjectKeyId + } + if depth == 0 { + return iNdEx, nil + } + } + return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthApprovedCertificatesBySubjectKeyId = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowApprovedCertificatesBySubjectKeyId = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupApprovedCertificatesBySubjectKeyId = fmt.Errorf("proto: unexpected end of group") +) diff --git a/x/pki/types/genesis.go b/x/pki/types/genesis.go index f39102bb6..5284cce0c 100644 --- a/x/pki/types/genesis.go +++ b/x/pki/types/genesis.go @@ -22,6 +22,7 @@ func DefaultGenesis() *GenesisState { RejectedCertificateList: []RejectedCertificate{}, PkiRevocationDistributionPointList: []PkiRevocationDistributionPoint{}, PkiRevocationDistributionPointsByIssuerSubjectKeyIDList: []PkiRevocationDistributionPointsByIssuerSubjectKeyID{}, + ApprovedCertificatesBySubjectKeyIdList: []ApprovedCertificatesBySubjectKeyId{}, // this line is used by starport scaffolding # genesis/types/default } } @@ -131,6 +132,16 @@ func (gs GenesisState) Validate() error { } pkiRevocationDistributionPointsByIssuerSubjectKeyIDIndexMap[index] = struct{}{} } + // Check for duplicated index in approvedCertificatesBySubjectKeyId + approvedCertificatesBySubjectKeyIDIndexMap := make(map[string]struct{}) + + for _, elem := range gs.ApprovedCertificatesBySubjectKeyIdList { + index := string(ApprovedCertificatesBySubjectKeyIDKey(elem.SubjectKeyId)) + if _, ok := approvedCertificatesBySubjectKeyIDIndexMap[index]; ok { + return fmt.Errorf("duplicated index for approvedCertificatesBySubjectKeyId") + } + approvedCertificatesBySubjectKeyIDIndexMap[index] = struct{}{} + } // this line is used by starport scaffolding # genesis/types/validate return nil diff --git a/x/pki/types/genesis.pb.go b/x/pki/types/genesis.pb.go index 2ea0ee92c..ef282c952 100644 --- a/x/pki/types/genesis.pb.go +++ b/x/pki/types/genesis.pb.go @@ -37,6 +37,7 @@ type GenesisState struct { RejectedCertificateList []RejectedCertificate `protobuf:"bytes,10,rep,name=rejectedCertificateList,proto3" json:"rejectedCertificateList"` PkiRevocationDistributionPointList []PkiRevocationDistributionPoint `protobuf:"bytes,11,rep,name=PkiRevocationDistributionPointList,proto3" json:"PkiRevocationDistributionPointList"` PkiRevocationDistributionPointsByIssuerSubjectKeyIDList []PkiRevocationDistributionPointsByIssuerSubjectKeyID `protobuf:"bytes,12,rep,name=PkiRevocationDistributionPointsByIssuerSubjectKeyIDList,proto3" json:"PkiRevocationDistributionPointsByIssuerSubjectKeyIDList"` + ApprovedCertificatesBySubjectKeyIdList []ApprovedCertificatesBySubjectKeyId `protobuf:"bytes,13,rep,name=approvedCertificatesBySubjectKeyIdList,proto3" json:"approvedCertificatesBySubjectKeyIdList"` } func (m *GenesisState) Reset() { *m = GenesisState{} } @@ -156,6 +157,13 @@ func (m *GenesisState) GetPkiRevocationDistributionPointsByIssuerSubjectKeyIDLis return nil } +func (m *GenesisState) GetApprovedCertificatesBySubjectKeyIdList() []ApprovedCertificatesBySubjectKeyId { + if m != nil { + return m.ApprovedCertificatesBySubjectKeyIdList + } + return nil +} + func init() { proto.RegisterType((*GenesisState)(nil), "zigbeealliance.distributedcomplianceledger.pki.GenesisState") } @@ -163,47 +171,49 @@ func init() { func init() { proto.RegisterFile("pki/genesis.proto", fileDescriptor_9478608499b59120) } var fileDescriptor_9478608499b59120 = []byte{ - // 638 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x95, 0x4f, 0x6f, 0xd3, 0x30, - 0x18, 0xc6, 0x1b, 0x36, 0x06, 0x64, 0x13, 0x12, 0x11, 0x88, 0x6a, 0x42, 0xd9, 0x18, 0x1c, 0x06, - 0xa8, 0x89, 0x34, 0x0e, 0x9c, 0xfb, 0x07, 0x8d, 0x89, 0x3f, 0xaa, 0x3a, 0x71, 0xe1, 0x40, 0x94, - 0xa4, 0x26, 0x33, 0xe9, 0x6a, 0x13, 0x3b, 0x13, 0x41, 0xe2, 0x80, 0x40, 0x70, 0xe5, 0x2b, 0x20, - 0xf1, 0x61, 0x76, 0xdc, 0x91, 0x13, 0x42, 0xed, 0x17, 0x41, 0x7e, 0xe3, 0xac, 0x69, 0xe3, 0x74, - 0x6b, 0xb4, 0x5b, 0xeb, 0x38, 0xcf, 0xf3, 0x7b, 0xfd, 0x3e, 0xaf, 0xa3, 0xdf, 0xa0, 0x21, 0xb6, - 0x03, 0x34, 0x44, 0x0c, 0x33, 0x8b, 0x46, 0x84, 0x13, 0xc3, 0xfa, 0x84, 0x03, 0x0f, 0x21, 0x77, - 0x30, 0xc0, 0xee, 0xd0, 0x47, 0x56, 0x1f, 0x33, 0x1e, 0x61, 0x2f, 0xe6, 0xa8, 0xef, 0x93, 0x43, - 0x9a, 0xae, 0x0e, 0x50, 0x3f, 0x40, 0x91, 0x45, 0x43, 0xbc, 0xbe, 0x21, 0x24, 0x5c, 0x4a, 0x23, - 0x72, 0x84, 0xfa, 0x8e, 0x8f, 0x22, 0x8e, 0xdf, 0x61, 0xdf, 0xe5, 0x48, 0x0a, 0xae, 0x9b, 0x62, - 0x03, 0x8d, 0x08, 0x25, 0x6c, 0x7a, 0x83, 0x7c, 0x7e, 0x47, 0x3c, 0xf7, 0x0f, 0xf0, 0x40, 0xf9, - 0xf6, 0x83, 0xb2, 0xb7, 0x9d, 0x08, 0x1d, 0x11, 0xdf, 0xe5, 0x98, 0x0c, 0xf3, 0x46, 0x62, 0x35, - 0x54, 0x83, 0x80, 0x51, 0x3c, 0xc4, 0x1f, 0x62, 0xa4, 0xc0, 0xb8, 0x3f, 0x55, 0x47, 0x44, 0x08, - 0x57, 0x69, 0xdc, 0xcb, 0x7b, 0x94, 0x6d, 0x7a, 0x58, 0x7a, 0x24, 0x8e, 0x97, 0x38, 0x2c, 0xf6, - 0xde, 0x23, 0x9f, 0x4f, 0x43, 0x8b, 0x15, 0xe5, 0xe9, 0x3c, 0x82, 0xfa, 0x43, 0x9c, 0x2b, 0xd7, - 0x39, 0x6d, 0x89, 0xf8, 0x43, 0x09, 0x1e, 0x66, 0x62, 0x4f, 0xcf, 0xb5, 0x19, 0x28, 0x30, 0x63, - 0x31, 0x8a, 0x32, 0x18, 0x27, 0x44, 0x89, 0x83, 0xfb, 0x52, 0xe6, 0x66, 0x40, 0x02, 0x02, 0x3f, - 0x6d, 0xf1, 0x2b, 0x5d, 0xdd, 0xfa, 0x71, 0x5d, 0x5f, 0xdb, 0x4d, 0xa3, 0xb2, 0xcf, 0x5d, 0x8e, - 0x8c, 0xef, 0x9a, 0x5e, 0xcf, 0xaa, 0x6c, 0xe7, 0x8a, 0x7c, 0x81, 0x19, 0xaf, 0x6b, 0x9b, 0x4b, - 0xdb, 0xab, 0x3b, 0x9d, 0x05, 0xd3, 0x64, 0x35, 0x15, 0x7a, 0xad, 0xe5, 0xe3, 0xbf, 0x1b, 0xb5, - 0x5e, 0xa9, 0x97, 0xf1, 0x55, 0xd3, 0x6f, 0x67, 0x11, 0xc9, 0x3d, 0x04, 0x8e, 0x4b, 0xc0, 0xd1, - 0x5e, 0x94, 0xa3, 0x5b, 0x94, 0x93, 0x18, 0x65, 0x4e, 0xc6, 0x67, 0xfd, 0x16, 0xa4, 0xb8, 0x70, - 0x14, 0x4b, 0x80, 0xd0, 0x5c, 0x14, 0xa1, 0x3d, 0x2b, 0x26, 0x01, 0xd4, 0x2e, 0xc6, 0x2f, 0x4d, - 0xbf, 0xab, 0x40, 0xeb, 0x9d, 0x26, 0x01, 0x58, 0x96, 0x81, 0xe5, 0xe5, 0x05, 0x1c, 0xc7, 0x44, - 0x58, 0x72, 0x9d, 0xed, 0x0e, 0x8d, 0x92, 0xc3, 0x53, 0x38, 0xa5, 0xcb, 0xd5, 0x1a, 0xd5, 0x2b, - 0xca, 0x65, 0x8d, 0x2a, 0x71, 0x12, 0x8d, 0x4a, 0x6f, 0x81, 0xd9, 0xac, 0xac, 0x54, 0x6b, 0xd4, - 0xeb, 0x59, 0xb1, 0xac, 0x51, 0x4a, 0x17, 0xe3, 0x5b, 0x6e, 0x6c, 0x7a, 0x84, 0xf0, 0x3c, 0x5f, - 0xfd, 0xca, 0xa6, 0xb6, 0xbd, 0xba, 0xf3, 0xac, 0xea, 0xd8, 0xcc, 0xea, 0xf5, 0x4a, 0x9d, 0x8c, - 0x2f, 0x93, 0x5e, 0x14, 0x28, 0xae, 0x02, 0xc5, 0x6e, 0xc5, 0x5e, 0x14, 0x20, 0xca, 0x7c, 0x20, - 0xb3, 0xaa, 0xa9, 0x6e, 0x25, 0xfb, 0xe9, 0xbd, 0x04, 0x6d, 0xb9, 0x56, 0x2d, 0xb3, 0xcd, 0x79, - 0xc2, 0x59, 0x66, 0xcf, 0x74, 0x97, 0x99, 0x4d, 0xef, 0xe7, 0xd9, 0xc0, 0xe8, 0x55, 0x33, 0x5b, - 0x90, 0x9b, 0x64, 0x56, 0xe9, 0x64, 0xfc, 0xd6, 0xf4, 0xad, 0x6e, 0x88, 0x27, 0xf3, 0xd4, 0xc9, - 0x5d, 0xeb, 0x5d, 0x71, 0xab, 0x03, 0xd0, 0x2a, 0x00, 0xbd, 0x5a, 0x78, 0xbc, 0xe7, 0x2a, 0x4b, - 0xb6, 0x73, 0xf8, 0x1b, 0x63, 0x4d, 0x7f, 0x32, 0x7f, 0x1b, 0x6b, 0x25, 0x7b, 0xf0, 0xe9, 0x91, - 0x67, 0xfc, 0x1c, 0x25, 0x7b, 0x1d, 0x60, 0x5f, 0x03, 0x76, 0xff, 0x62, 0xd9, 0x95, 0x76, 0xb2, - 0xa0, 0xaa, 0xa4, 0xad, 0xb7, 0xc7, 0x23, 0x53, 0x3b, 0x19, 0x99, 0xda, 0xbf, 0x91, 0xa9, 0xfd, - 0x1c, 0x9b, 0xb5, 0x93, 0xb1, 0x59, 0xfb, 0x33, 0x36, 0x6b, 0x6f, 0x3a, 0x01, 0xe6, 0x07, 0xb1, - 0x67, 0xf9, 0xe4, 0xd0, 0x4e, 0xeb, 0x68, 0x64, 0x85, 0xd8, 0xb9, 0x42, 0x1a, 0x93, 0x4a, 0x1a, - 0x69, 0x29, 0xf6, 0x47, 0xf1, 0xdd, 0xb6, 0x79, 0x42, 0x11, 0xf3, 0x56, 0xe0, 0x83, 0xfb, 0xf8, - 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x07, 0x57, 0xbb, 0x31, 0x9e, 0x09, 0x00, 0x00, + // 669 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0xcb, 0x6e, 0xd3, 0x40, + 0x14, 0x86, 0x63, 0x5a, 0x0a, 0xb8, 0x45, 0x08, 0x0b, 0x44, 0x54, 0x21, 0xb7, 0x14, 0x84, 0x0a, + 0x28, 0xb6, 0x28, 0x0b, 0xd6, 0xb9, 0xa0, 0x52, 0x71, 0x51, 0xe4, 0x8a, 0x0d, 0x0b, 0x2c, 0x5f, + 0x06, 0x77, 0x70, 0x9a, 0x31, 0xf6, 0xb8, 0xc2, 0x48, 0x2c, 0x10, 0x88, 0x35, 0xaf, 0x80, 0xc4, + 0x03, 0xb0, 0xe6, 0x09, 0xba, 0xec, 0x92, 0x15, 0x42, 0xc9, 0x8b, 0xa0, 0x39, 0x1e, 0x37, 0x4e, + 0x3c, 0x4e, 0x13, 0x2b, 0xbb, 0x64, 0x3c, 0xfe, 0xff, 0xef, 0xcc, 0xf9, 0x8f, 0x6d, 0xf9, 0x6a, + 0xe0, 0x63, 0xdd, 0x43, 0x7d, 0x14, 0xe1, 0x48, 0x0b, 0x42, 0x42, 0x89, 0xa2, 0x7d, 0xc4, 0x9e, + 0x8d, 0x90, 0xd5, 0xeb, 0x61, 0xab, 0xef, 0x20, 0xcd, 0xc5, 0x11, 0x0d, 0xb1, 0x1d, 0x53, 0xe4, + 0x3a, 0xe4, 0x30, 0x48, 0x57, 0x7b, 0xc8, 0xf5, 0x50, 0xa8, 0x05, 0x3e, 0x5e, 0xdf, 0x60, 0x12, + 0x56, 0x10, 0x84, 0xe4, 0x08, 0xb9, 0xa6, 0x83, 0x42, 0x8a, 0xdf, 0x62, 0xc7, 0xa2, 0x88, 0x0b, + 0xae, 0xab, 0x6c, 0x43, 0x10, 0x92, 0x80, 0x44, 0xe3, 0x1b, 0xf8, 0xf5, 0x9b, 0xec, 0xba, 0x73, + 0x80, 0x7b, 0xc2, 0xbb, 0xef, 0x95, 0xdd, 0x6d, 0x86, 0xe8, 0x88, 0x38, 0x16, 0xc5, 0xa4, 0x9f, + 0x37, 0x62, 0xab, 0xbe, 0x18, 0x04, 0x8c, 0xe2, 0x3e, 0x7e, 0x1f, 0x23, 0x01, 0xc6, 0x9d, 0xb1, + 0x3a, 0x42, 0x42, 0xa8, 0x48, 0xe3, 0x76, 0xde, 0xa3, 0x6c, 0xd3, 0xfd, 0xd2, 0x23, 0x31, 0xed, + 0xc4, 0x8c, 0x62, 0xfb, 0x1d, 0x72, 0xe8, 0x38, 0x34, 0x5b, 0x11, 0x9e, 0xce, 0x03, 0xa8, 0xdf, + 0xc7, 0xb9, 0x72, 0xcd, 0xd3, 0x96, 0xb0, 0x3f, 0x01, 0xc1, 0xfd, 0x4c, 0xec, 0xc9, 0x4c, 0x9b, + 0x81, 0x02, 0x47, 0x51, 0x8c, 0xc2, 0x0c, 0xc6, 0xf4, 0x51, 0x62, 0x62, 0x97, 0xcb, 0x3c, 0x9c, + 0x85, 0x7f, 0xfc, 0x96, 0x6b, 0x1e, 0xf1, 0x08, 0xfc, 0xd4, 0xd9, 0xaf, 0x74, 0x75, 0xeb, 0xf7, + 0x15, 0x79, 0x6d, 0x37, 0x4d, 0xd7, 0x3e, 0xb5, 0x28, 0x52, 0xbe, 0x49, 0x72, 0x3d, 0x13, 0x6e, + 0xe7, 0x74, 0x9f, 0xe3, 0x88, 0xd6, 0xa5, 0xcd, 0xa5, 0xed, 0xd5, 0x9d, 0xce, 0x9c, 0x01, 0xd4, + 0x9a, 0x02, 0xbd, 0xd6, 0xf2, 0xf1, 0xdf, 0x8d, 0x9a, 0x51, 0xea, 0xa5, 0x7c, 0x91, 0xe4, 0x1b, + 0x59, 0xaa, 0x72, 0x17, 0x81, 0xe3, 0x1c, 0x70, 0xb4, 0xe7, 0xe5, 0xe8, 0x16, 0xe5, 0x38, 0x46, + 0x99, 0x93, 0xf2, 0x49, 0xbe, 0x0e, 0xc1, 0x2f, 0x1c, 0xc5, 0x12, 0x20, 0x34, 0xe7, 0x45, 0x68, + 0x4f, 0x8a, 0x71, 0x00, 0xb1, 0x8b, 0xf2, 0x43, 0x92, 0x6f, 0x09, 0xd0, 0x8c, 0xd3, 0xf0, 0x00, + 0xcb, 0x32, 0xb0, 0xbc, 0x58, 0xc0, 0x71, 0x8c, 0x84, 0x39, 0xd7, 0xd9, 0xee, 0xd0, 0x28, 0x3e, + 0x6f, 0x85, 0x53, 0x3a, 0x5f, 0xad, 0x51, 0x46, 0x51, 0x2e, 0x6b, 0x54, 0x89, 0x13, 0x6b, 0x54, + 0xfa, 0xe0, 0x98, 0xcc, 0xca, 0x4a, 0xb5, 0x46, 0xbd, 0x9a, 0x14, 0xcb, 0x1a, 0x25, 0x74, 0x51, + 0xbe, 0xe6, 0xc6, 0xc6, 0x20, 0x84, 0xe6, 0xf9, 0xea, 0x17, 0x36, 0xa5, 0xed, 0xd5, 0x9d, 0xa7, + 0x55, 0xc7, 0x66, 0x52, 0xcf, 0x28, 0x75, 0x52, 0x3e, 0x8f, 0x7a, 0x51, 0xa0, 0xb8, 0x08, 0x14, + 0xbb, 0x15, 0x7b, 0x51, 0x80, 0x28, 0xf3, 0x81, 0xcc, 0x8a, 0xa6, 0xba, 0x95, 0xec, 0xa7, 0xcf, + 0x25, 0x68, 0xcb, 0xa5, 0x6a, 0x99, 0x6d, 0x4e, 0x13, 0xce, 0x32, 0x7b, 0xa6, 0x3b, 0xcf, 0x6c, + 0xfa, 0x48, 0x9f, 0x0c, 0x8c, 0x5c, 0x35, 0xb3, 0x05, 0xb9, 0x51, 0x66, 0x85, 0x4e, 0xca, 0x4f, + 0x49, 0xde, 0xea, 0xfa, 0x78, 0x34, 0x4f, 0x9d, 0xdc, 0x9b, 0xa0, 0xcb, 0x5e, 0x04, 0x00, 0xb4, + 0x0a, 0x40, 0x2f, 0xe7, 0x1e, 0xef, 0xa9, 0xca, 0x9c, 0x6d, 0x06, 0x7f, 0x65, 0x28, 0xc9, 0x8f, + 0xa7, 0x6f, 0x8b, 0x5a, 0xc9, 0x1e, 0xbc, 0xad, 0xf8, 0x19, 0x3f, 0x43, 0xc9, 0x5e, 0x07, 0xd8, + 0xd7, 0x80, 0xdd, 0x59, 0x2c, 0xbb, 0xd0, 0x8e, 0x17, 0x54, 0x95, 0x54, 0xf9, 0x25, 0xc9, 0x77, + 0xa7, 0x06, 0x87, 0x6d, 0x75, 0xa1, 0xa8, 0xcb, 0x50, 0x94, 0xb1, 0xd0, 0xec, 0x82, 0x3a, 0xaf, + 0x61, 0x46, 0x8e, 0xd6, 0x9b, 0xe3, 0x81, 0x2a, 0x9d, 0x0c, 0x54, 0xe9, 0xdf, 0x40, 0x95, 0xbe, + 0x0f, 0xd5, 0xda, 0xc9, 0x50, 0xad, 0xfd, 0x19, 0xaa, 0xb5, 0xd7, 0x1d, 0x0f, 0xd3, 0x83, 0xd8, + 0xd6, 0x1c, 0x72, 0xa8, 0xa7, 0x94, 0x8d, 0x0c, 0x53, 0xcf, 0x61, 0x36, 0x46, 0x9c, 0x8d, 0x14, + 0x54, 0xff, 0xc0, 0xbe, 0x4e, 0x74, 0x9a, 0x04, 0x28, 0xb2, 0x57, 0xe0, 0x1b, 0xe1, 0xd1, 0xff, + 0x00, 0x00, 0x00, 0xff, 0xff, 0xcd, 0xae, 0x7b, 0x69, 0x84, 0x0a, 0x00, 0x00, } func (m *GenesisState) Marshal() (dAtA []byte, err error) { @@ -226,6 +236,20 @@ func (m *GenesisState) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.ApprovedCertificatesBySubjectKeyIdList) > 0 { + for iNdEx := len(m.ApprovedCertificatesBySubjectKeyIdList) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.ApprovedCertificatesBySubjectKeyIdList[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenesis(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x6a + } + } if len(m.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList) > 0 { for iNdEx := len(m.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList) - 1; iNdEx >= 0; iNdEx-- { { @@ -478,6 +502,12 @@ func (m *GenesisState) Size() (n int) { n += 1 + l + sovGenesis(uint64(l)) } } + if len(m.ApprovedCertificatesBySubjectKeyIdList) > 0 { + for _, e := range m.ApprovedCertificatesBySubjectKeyIdList { + l = e.Size() + n += 1 + l + sovGenesis(uint64(l)) + } + } return n } @@ -928,6 +958,40 @@ func (m *GenesisState) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ApprovedCertificatesBySubjectKeyIdList", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenesis + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenesis + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenesis + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ApprovedCertificatesBySubjectKeyIdList = append(m.ApprovedCertificatesBySubjectKeyIdList, ApprovedCertificatesBySubjectKeyId{}) + if err := m.ApprovedCertificatesBySubjectKeyIdList[len(m.ApprovedCertificatesBySubjectKeyIdList)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenesis(dAtA[iNdEx:]) diff --git a/x/pki/types/key_approved_certificates_by_subject_key_id.go b/x/pki/types/key_approved_certificates_by_subject_key_id.go new file mode 100644 index 000000000..587098470 --- /dev/null +++ b/x/pki/types/key_approved_certificates_by_subject_key_id.go @@ -0,0 +1,23 @@ +package types + +import "encoding/binary" + +var _ binary.ByteOrder + +const ( + // ApprovedCertificatesBySubjectKeyIDKeyPrefix is the prefix to retrieve all ApprovedCertificatesBySubjectKeyId. + ApprovedCertificatesBySubjectKeyIDKeyPrefix = "ApprovedCertificatesBySubjectKeyId/value/" +) + +// ApprovedCertificatesBySubjectKeyIDKey returns the store key to retrieve a ApprovedCertificatesBySubjectKeyId from the index fields. +func ApprovedCertificatesBySubjectKeyIDKey( + subjectKeyID string, +) []byte { + var key []byte + + subjectKeyIDBytes := []byte(subjectKeyID) + key = append(key, subjectKeyIDBytes...) + key = append(key, []byte("/")...) + + return key +} diff --git a/x/pki/types/query.pb.go b/x/pki/types/query.pb.go index e48a6cd31..09c416583 100644 --- a/x/pki/types/query.pb.go +++ b/x/pki/types/query.pb.go @@ -128,7 +128,8 @@ func (m *QueryGetApprovedCertificatesResponse) GetApprovedCertificates() Approve } type QueryAllApprovedCertificatesRequest struct { - Pagination *query.PageRequest `protobuf:"bytes,1,opt,name=pagination,proto3" json:"pagination,omitempty"` + Pagination *query.PageRequest `protobuf:"bytes,1,opt,name=pagination,proto3" json:"pagination,omitempty"` + SubjectKeyId string `protobuf:"bytes,2,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty"` } func (m *QueryAllApprovedCertificatesRequest) Reset() { *m = QueryAllApprovedCertificatesRequest{} } @@ -171,6 +172,13 @@ func (m *QueryAllApprovedCertificatesRequest) GetPagination() *query.PageRequest return nil } +func (m *QueryAllApprovedCertificatesRequest) GetSubjectKeyId() string { + if m != nil { + return m.SubjectKeyId + } + return "" +} + type QueryAllApprovedCertificatesResponse struct { ApprovedCertificates []ApprovedCertificates `protobuf:"bytes,1,rep,name=approvedCertificates,proto3" json:"approvedCertificates"` Pagination *query.PageResponse `protobuf:"bytes,2,opt,name=pagination,proto3" json:"pagination,omitempty"` @@ -1719,110 +1727,110 @@ func init() { func init() { proto.RegisterFile("pki/query.proto", fileDescriptor_62972e0134af9ed2) } var fileDescriptor_62972e0134af9ed2 = []byte{ - // 1640 bytes of a gzipped FileDescriptorProto + // 1646 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x5a, 0xcf, 0x6f, 0xdc, 0xc4, - 0x17, 0xcf, 0x78, 0xbf, 0xed, 0x57, 0x0c, 0x08, 0xe8, 0x34, 0x34, 0x61, 0xd5, 0x6c, 0x52, 0xb7, - 0xa4, 0xbf, 0xc8, 0x9a, 0xb4, 0xa2, 0x85, 0x43, 0xa9, 0xf2, 0xa3, 0xb4, 0x05, 0x81, 0xd2, 0x0d, - 0xa2, 0x08, 0x95, 0xae, 0xbc, 0x5e, 0xb3, 0x35, 0x71, 0x76, 0x5c, 0xdb, 0x1b, 0x58, 0xa2, 0x45, - 0x02, 0x09, 0x2a, 0x71, 0x42, 0xc0, 0x01, 0x10, 0x27, 0x2a, 0x55, 0xdc, 0x39, 0xf0, 0x2f, 0x54, - 0xe2, 0x40, 0x25, 0x0e, 0x20, 0x21, 0x21, 0xd4, 0x70, 0x00, 0x15, 0x09, 0xb8, 0x80, 0xb8, 0x00, - 0xf2, 0xf8, 0x39, 0xf6, 0xae, 0xc7, 0xb3, 0x5e, 0xc7, 0xdb, 0xde, 0xd6, 0x9e, 0xf1, 0x7b, 0xf3, - 0xf9, 0xbc, 0x37, 0x6f, 0xde, 0x7c, 0x12, 0x7c, 0x9f, 0xb5, 0x62, 0x28, 0x97, 0x5b, 0xba, 0xdd, - 0x2e, 0x5b, 0x36, 0x75, 0x29, 0x29, 0xbf, 0x6e, 0x34, 0x6a, 0xba, 0xae, 0x9a, 0xa6, 0xa1, 0x36, - 0x35, 0xbd, 0x5c, 0x37, 0x1c, 0xd7, 0x36, 0x6a, 0x2d, 0x57, 0xaf, 0x6b, 0x74, 0xd5, 0xf2, 0xdf, - 0x9a, 0x7a, 0xbd, 0xa1, 0xdb, 0x65, 0x6b, 0xc5, 0x28, 0xee, 0x6e, 0x50, 0xda, 0x30, 0x75, 0x45, - 0xb5, 0x0c, 0x45, 0x6d, 0x36, 0xa9, 0xab, 0xba, 0x06, 0x6d, 0x3a, 0xbe, 0xb5, 0xe2, 0x21, 0x8d, - 0x3a, 0xab, 0xd4, 0x51, 0x6a, 0xaa, 0xa3, 0xfb, 0x6e, 0x94, 0xb5, 0xd9, 0x9a, 0xee, 0xaa, 0xb3, - 0x8a, 0xa5, 0x36, 0x8c, 0x26, 0x9b, 0x0c, 0x73, 0x27, 0xbd, 0xa5, 0xa8, 0x96, 0x65, 0xd3, 0x35, - 0xbd, 0x5e, 0xd5, 0x74, 0xdb, 0x35, 0x5e, 0x36, 0x34, 0xd5, 0xd5, 0x03, 0x63, 0x25, 0x6f, 0x82, - 0x65, 0x53, 0x8b, 0x3a, 0xdd, 0x13, 0x60, 0x7c, 0xb7, 0x37, 0xae, 0x5d, 0x32, 0x4c, 0xee, 0xd7, - 0x07, 0x93, 0xbe, 0xae, 0xda, 0xfa, 0x1a, 0xd5, 0xa2, 0x2b, 0x61, 0x8e, 0xbc, 0xb7, 0x2b, 0xfc, - 0x85, 0xec, 0xeb, 0x5a, 0xa9, 0x4d, 0xa9, 0xcb, 0x9b, 0xb5, 0x37, 0x6a, 0x25, 0x69, 0xd2, 0xa1, - 0x44, 0xd0, 0xd5, 0x5a, 0xbb, 0xea, 0xb4, 0x6a, 0xaf, 0xe8, 0x9a, 0xdb, 0xbd, 0x2c, 0xef, 0x0d, - 0x17, 0xff, 0x61, 0x86, 0x70, 0xc5, 0x88, 0x00, 0xaa, 0x6e, 0x86, 0xcf, 0x7b, 0xb0, 0xa8, 0xd1, - 0x0c, 0x8c, 0x9d, 0x4a, 0x35, 0x99, 0xad, 0xc2, 0x70, 0x9c, 0x96, 0x6e, 0x07, 0x8b, 0xa9, 0xae, - 0xe8, 0xed, 0xaa, 0x51, 0x07, 0x33, 0xa3, 0x0d, 0xda, 0xa0, 0xec, 0xa7, 0xe2, 0xfd, 0x82, 0xb7, - 0x0f, 0xfa, 0x61, 0xaf, 0xfa, 0x03, 0xfe, 0x83, 0x3f, 0x24, 0x6b, 0x78, 0xef, 0x39, 0x2f, 0x0f, - 0x4e, 0xeb, 0xee, 0x1c, 0xc0, 0x5e, 0x88, 0xa0, 0xae, 0xe8, 0x97, 0x5b, 0xba, 0xe3, 0x92, 0x71, - 0xfc, 0x7f, 0xf0, 0x37, 0x8e, 0xa6, 0xd0, 0x81, 0xbb, 0x2a, 0xc1, 0x23, 0x91, 0xf1, 0x3d, 0xf0, - 0xf3, 0x69, 0xbd, 0x7d, 0xb6, 0x3e, 0x2e, 0xb1, 0xe1, 0xae, 0x77, 0xf2, 0x35, 0x84, 0xf7, 0x89, - 0xbd, 0x38, 0x16, 0x6d, 0x3a, 0x3a, 0x79, 0x03, 0x8f, 0xaa, 0x9c, 0x71, 0xe6, 0xf3, 0xee, 0x23, - 0x8b, 0x03, 0x6e, 0x86, 0x32, 0xcf, 0xd7, 0xfc, 0xff, 0xae, 0xff, 0x30, 0x39, 0x52, 0xe1, 0xfa, - 0x91, 0x57, 0x81, 0x8d, 0x39, 0xd3, 0x14, 0xb1, 0xf1, 0x24, 0xc6, 0xe1, 0x76, 0x81, 0xc5, 0x4d, - 0x97, 0x81, 0x57, 0x6f, 0x6f, 0x95, 0xfd, 0x2d, 0x0c, 0x7b, 0xab, 0xbc, 0xa4, 0x36, 0x74, 0xf8, - 0xb6, 0x12, 0xf9, 0x52, 0xfe, 0x2d, 0xe0, 0x25, 0xd1, 0x5f, 0x5f, 0x5e, 0x0a, 0xb7, 0x83, 0x17, - 0x72, 0xba, 0x0b, 0xb0, 0xc4, 0x00, 0xef, 0xef, 0x0b, 0xd8, 0x5f, 0x7c, 0x17, 0xe2, 0x1a, 0x96, - 0x83, 0x44, 0x58, 0x82, 0xbd, 0x1f, 0x71, 0x94, 0x4f, 0xb6, 0x7d, 0x86, 0xc2, 0x9c, 0xe6, 0x3a, - 0x01, 0x52, 0xd7, 0xf1, 0x4e, 0x2b, 0x3e, 0x0c, 0xe1, 0x5c, 0x18, 0x94, 0x53, 0x8e, 0x27, 0xa0, - 0x94, 0xe7, 0x45, 0x36, 0x81, 0x88, 0x39, 0xd3, 0x14, 0x10, 0x91, 0x57, 0xa2, 0xdd, 0x42, 0x61, - 0x62, 0x67, 0xa2, 0xa4, 0x30, 0x7c, 0x4a, 0xf2, 0x4c, 0xb2, 0xa9, 0x20, 0xfe, 0x0b, 0xde, 0xf1, - 0xc3, 0xdb, 0xc2, 0xbb, 0xf0, 0x76, 0xbf, 0x8e, 0x42, 0x86, 0xc1, 0x13, 0x99, 0xc6, 0xf7, 0xaa, - 0x2d, 0xf7, 0x12, 0xb5, 0x0d, 0xb7, 0x1d, 0x4d, 0xb1, 0x9e, 0xb7, 0xf2, 0x27, 0x08, 0xef, 0x11, - 0x38, 0x01, 0x3e, 0x5b, 0x78, 0x87, 0xd6, 0x3b, 0x08, 0x61, 0x9c, 0x1b, 0x94, 0xcd, 0x98, 0x17, - 0xe0, 0x32, 0xee, 0x41, 0x36, 0xf1, 0xc3, 0xc2, 0x0d, 0x10, 0x9c, 0x30, 0xf9, 0xec, 0xb7, 0xaf, - 0x10, 0x9e, 0x49, 0xe9, 0x0e, 0x68, 0xf9, 0x18, 0xe1, 0x09, 0x4b, 0x34, 0x13, 0x38, 0x7a, 0x26, - 0x87, 0x8c, 0x0b, 0x8d, 0x02, 0x5f, 0x62, 0xcf, 0xf2, 0x1a, 0x70, 0x97, 0xb4, 0x53, 0x7a, 0xb9, - 0xcb, 0x6b, 0x8b, 0x7e, 0x28, 0x01, 0x8b, 0xfd, 0x1d, 0x0f, 0xc0, 0x62, 0xe1, 0xce, 0xb0, 0x38, - 0x94, 0x03, 0xa3, 0xe2, 0xf7, 0x6e, 0xf9, 0xb7, 0x27, 0xd1, 0x03, 0x83, 0xeb, 0x24, 0xac, 0x8e, - 0x76, 0x7c, 0x38, 0xeb, 0x81, 0xc1, 0xf1, 0x14, 0x54, 0x47, 0x8e, 0x97, 0xe8, 0x81, 0x21, 0x20, - 0x62, 0x18, 0x07, 0x46, 0x26, 0x4a, 0x0a, 0xc3, 0xa7, 0x24, 0xbf, 0x24, 0x3b, 0x88, 0xf7, 0xf7, - 0xb6, 0xa7, 0x15, 0x4a, 0x5d, 0x0e, 0xc1, 0xf2, 0x97, 0x08, 0x1f, 0xe8, 0x3f, 0x17, 0xd8, 0x79, - 0x17, 0xe1, 0x71, 0x35, 0x61, 0x12, 0x04, 0xe7, 0x4c, 0xd6, 0xde, 0xad, 0xd7, 0x1e, 0x10, 0x95, - 0xe8, 0x4f, 0x3e, 0x80, 0xa7, 0x7b, 0x92, 0x3c, 0x09, 0xe3, 0x17, 0x28, 0xe4, 0x23, 0x71, 0x2a, - 0x40, 0xbc, 0x82, 0xf0, 0x98, 0xcd, 0x9f, 0x03, 0x08, 0x4f, 0x67, 0xcc, 0x82, 0x04, 0x80, 0x49, - 0xde, 0xe4, 0x33, 0xe1, 0xa1, 0xc7, 0xed, 0x6f, 0xdb, 0xcb, 0xfe, 0x9e, 0xef, 0x5b, 0x33, 0xba, - 0x0e, 0xb4, 0x3e, 0xa6, 0x22, 0xa5, 0x58, 0x15, 0xcd, 0xcc, 0x7a, 0xa0, 0x09, 0xdd, 0x07, 0xa5, - 0x58, 0xe8, 0x39, 0x7a, 0xc3, 0xab, 0xc0, 0x65, 0x35, 0xff, 0x12, 0x7a, 0x35, 0x72, 0xc3, 0xe3, - 0x7b, 0x89, 0x16, 0x8c, 0xd8, 0x78, 0xf6, 0x1a, 0x1a, 0x33, 0x15, 0x16, 0x8c, 0xd8, 0x50, 0xf4, - 0x7a, 0x27, 0xa2, 0x22, 0xaf, 0x22, 0xfa, 0x6b, 0xe4, 0x7a, 0x97, 0x8d, 0x94, 0xc2, 0xf0, 0x49, - 0xc9, 0xaf, 0x8a, 0x5e, 0x89, 0xf6, 0x81, 0x2b, 0x46, 0xd8, 0x0d, 0x2c, 0x46, 0x74, 0x8c, 0x25, - 0x6a, 0x34, 0x37, 0xb7, 0xe0, 0xfd, 0xb8, 0xb0, 0x66, 0xd4, 0x19, 0xc3, 0xdb, 0x2a, 0xde, 0x4f, - 0x32, 0x8a, 0xb7, 0x99, 0x6a, 0x4d, 0x37, 0x21, 0xc9, 0xfc, 0x07, 0x52, 0xc6, 0xc4, 0x6f, 0xcf, - 0x97, 0xc3, 0x9c, 0x5b, 0x1c, 0x2f, 0xb0, 0x29, 0x9c, 0x11, 0xf9, 0x6b, 0x84, 0xcb, 0x69, 0x57, - 0x02, 0x21, 0xf8, 0x14, 0xe1, 0x92, 0x78, 0x2a, 0x24, 0xc2, 0xb3, 0x03, 0x77, 0x53, 0x42, 0xab, - 0x10, 0x99, 0x3e, 0xbe, 0xe5, 0x57, 0x23, 0xcd, 0x61, 0x2a, 0x6a, 0xf3, 0xca, 0xe1, 0x8f, 0x24, - 0xa0, 0x32, 0x85, 0xe7, 0x41, 0xa8, 0x2c, 0xdc, 0x29, 0x2a, 0xf3, 0xcb, 0x77, 0x17, 0xcf, 0xa7, - 0x4b, 0x32, 0x67, 0xbe, 0x7d, 0x36, 0x96, 0xa4, 0x41, 0xa0, 0xf8, 0xb9, 0x8d, 0x12, 0x73, 0xfb, - 0xaa, 0x84, 0x17, 0xb6, 0xe4, 0x16, 0xa2, 0xf4, 0x3d, 0xc2, 0x47, 0xad, 0xc1, 0xbf, 0x87, 0x54, - 0xd2, 0xf2, 0x0d, 0x1d, 0xd7, 0x15, 0xc4, 0x33, 0xcb, 0x2a, 0x8f, 0xfc, 0x2e, 0xe3, 0x6d, 0x8c, - 0x25, 0xf2, 0x37, 0xc2, 0xa3, 0xbc, 0x53, 0x94, 0x2c, 0x0f, 0x0a, 0x21, 0x85, 0x4e, 0x5a, 0x7c, - 0x2e, 0x5f, 0xa3, 0x7e, 0xac, 0xe4, 0x63, 0x6f, 0x7d, 0xf3, 0xd3, 0x07, 0xd2, 0x23, 0xa4, 0xac, - 0xd4, 0x35, 0x53, 0x61, 0xb2, 0x7a, 0x64, 0x9a, 0xb2, 0x0e, 0x47, 0x71, 0x67, 0xf3, 0x17, 0x3b, - 0x94, 0x3b, 0x64, 0x03, 0xe1, 0x31, 0x9e, 0xe1, 0x39, 0xd3, 0xcc, 0x08, 0x5f, 0x2c, 0x8c, 0x66, - 0x84, 0xdf, 0x47, 0xfd, 0x94, 0x27, 0x18, 0xfc, 0x31, 0xf2, 0x00, 0x17, 0x3e, 0xf9, 0x17, 0xe1, - 0x9d, 0x9c, 0x2b, 0x2b, 0xa9, 0x64, 0x8d, 0x45, 0xb2, 0x20, 0x57, 0x5c, 0xce, 0xd5, 0x26, 0xe0, - 0x3b, 0xc9, 0xf0, 0x3d, 0x4e, 0x8e, 0x6f, 0xe2, 0x0b, 0x2e, 0xd7, 0x33, 0xe9, 0xe2, 0xfc, 0x0b, - 0xc2, 0xbb, 0x38, 0x0e, 0xbc, 0x30, 0x57, 0xb2, 0x46, 0x24, 0x77, 0x12, 0xc4, 0xd2, 0xa3, 0x3c, - 0xcd, 0x48, 0x98, 0x22, 0x25, 0x31, 0x09, 0xe4, 0x2f, 0x84, 0x77, 0xc4, 0xa4, 0x30, 0xb2, 0x94, - 0x35, 0x2e, 0x49, 0x02, 0x61, 0xf1, 0x5c, 0x8e, 0x16, 0x01, 0xe2, 0x09, 0x06, 0xf1, 0x38, 0x79, - 0x34, 0xcc, 0x63, 0x6f, 0x6e, 0x4f, 0x90, 0xfd, 0x9a, 0xdf, 0x51, 0xd6, 0xbb, 0x15, 0xc7, 0x0e, - 0xf9, 0x5c, 0xc2, 0x13, 0x42, 0x69, 0x86, 0x5c, 0xc8, 0x35, 0x3b, 0x7b, 0x94, 0xae, 0xe2, 0x4b, - 0x43, 0xb2, 0x0e, 0xec, 0x3c, 0xc5, 0xd8, 0x59, 0x24, 0xf3, 0xf1, 0x04, 0x08, 0xff, 0x26, 0x96, - 0x72, 0x43, 0xbc, 0x2f, 0xe1, 0x29, 0xa1, 0x57, 0x6f, 0x6b, 0x5c, 0xc8, 0x35, 0x8d, 0xf3, 0x61, - 0x2b, 0xad, 0xf8, 0x27, 0xcf, 0x32, 0xb6, 0x0e, 0x93, 0x83, 0xa9, 0xd9, 0x22, 0xff, 0x20, 0xbc, - 0x93, 0xa3, 0xb0, 0x64, 0xaf, 0x93, 0xc9, 0x3a, 0x54, 0xf6, 0x3a, 0x29, 0x10, 0x9b, 0xe4, 0x27, - 0x18, 0xe6, 0xc7, 0xc8, 0xb1, 0x4d, 0xcc, 0xa0, 0x05, 0xa4, 0xcc, 0x8a, 0x9f, 0x11, 0xde, 0xc5, - 0xb1, 0xbf, 0xa5, 0x32, 0x99, 0x3b, 0x07, 0x62, 0xc1, 0x4d, 0x7e, 0x88, 0x71, 0x30, 0x49, 0x26, - 0x84, 0x1c, 0x90, 0x3f, 0x10, 0x1e, 0x4f, 0x52, 0x8a, 0xc8, 0xf9, 0xad, 0x36, 0x29, 0x09, 0xc2, - 0x51, 0xf1, 0x85, 0xfc, 0x0d, 0x03, 0x6c, 0x99, 0xc1, 0xde, 0x4d, 0x8a, 0x21, 0x6c, 0x4a, 0xdd, - 0x6e, 0xcc, 0x7f, 0x22, 0x3c, 0x96, 0xa0, 0x1d, 0x91, 0xe7, 0xb7, 0x98, 0x8f, 0x49, 0x88, 0xcf, - 0xe7, 0x6e, 0x17, 0x00, 0x1f, 0x62, 0x80, 0xf7, 0x11, 0x39, 0x16, 0xe7, 0x38, 0xf0, 0xb7, 0x25, - 0x3c, 0x21, 0x14, 0x8a, 0xb2, 0x1f, 0x0c, 0x69, 0x94, 0xb4, 0xec, 0x07, 0x43, 0x2a, 0x71, 0x4d, - 0xde, 0xcf, 0xa8, 0xd8, 0x43, 0x26, 0xfb, 0x74, 0xbf, 0xe4, 0x4d, 0xc9, 0x2b, 0x70, 0x71, 0x85, - 0x63, 0x0b, 0xc5, 0x28, 0x51, 0x24, 0xca, 0xde, 0xe9, 0x8b, 0x94, 0x20, 0x4e, 0x2b, 0x18, 0x48, - 0x36, 0x29, 0x6b, 0xdc, 0x2d, 0x56, 0xe3, 0x62, 0x1e, 0xb6, 0xd4, 0xf1, 0xe7, 0x4f, 0x43, 0x1f, - 0x41, 0x8c, 0xd3, 0x0c, 0x72, 0x69, 0x20, 0xd7, 0xa4, 0x7e, 0x52, 0x03, 0xc9, 0xde, 0xb5, 0xa4, - 0xd1, 0x59, 0x8a, 0x17, 0x87, 0x65, 0x1e, 0x98, 0x38, 0xc5, 0x98, 0x38, 0x49, 0x4e, 0x74, 0xd5, - 0x01, 0x38, 0xde, 0xfd, 0xff, 0x09, 0x0a, 0x5a, 0xc6, 0xe8, 0x05, 0xb8, 0xa3, 0xac, 0xaf, 0x19, - 0xf5, 0x8e, 0xb2, 0xce, 0x04, 0xb4, 0x0e, 0x79, 0x47, 0xc2, 0x7b, 0xc4, 0x1e, 0xbd, 0x0c, 0xc9, - 0xde, 0xb3, 0x0c, 0x91, 0xab, 0xd4, 0xc2, 0x13, 0xef, 0x90, 0xe8, 0xe5, 0x8a, 0x7c, 0x2b, 0xe1, - 0xa3, 0x19, 0xb4, 0x08, 0x62, 0x0f, 0x27, 0xce, 0x22, 0x69, 0xa8, 0xe8, 0xdc, 0x56, 0x9f, 0x40, - 0xe2, 0x71, 0x46, 0xe2, 0x2c, 0x51, 0x06, 0x4c, 0xb8, 0xf9, 0x8b, 0xd7, 0x6f, 0x96, 0xd0, 0x8d, - 0x9b, 0x25, 0xf4, 0xe3, 0xcd, 0x12, 0x7a, 0x6f, 0xa3, 0x34, 0x72, 0x63, 0xa3, 0x34, 0xf2, 0xdd, - 0x46, 0x69, 0xe4, 0xc5, 0xc5, 0x86, 0xe1, 0x5e, 0x6a, 0xd5, 0xca, 0x1a, 0x5d, 0x55, 0x7c, 0x44, - 0x33, 0x01, 0x24, 0x25, 0x02, 0x69, 0x26, 0xc4, 0x34, 0xe3, 0x83, 0x52, 0x5e, 0x63, 0x0b, 0x70, - 0xdb, 0x96, 0xee, 0xd4, 0xb6, 0xb3, 0x7f, 0x58, 0x3b, 0xfa, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, - 0x0a, 0x9f, 0x39, 0x84, 0x23, 0x29, 0x00, 0x00, + 0x17, 0xcf, 0x78, 0xbf, 0xed, 0x57, 0xdf, 0xf9, 0x22, 0xa0, 0xd3, 0xd0, 0x84, 0x55, 0xb3, 0x49, + 0xa7, 0x25, 0xfd, 0x45, 0xd6, 0xa4, 0x15, 0x2d, 0x1c, 0x4a, 0x95, 0x1f, 0xa5, 0x2d, 0x08, 0x94, + 0x6e, 0x10, 0x45, 0xa8, 0x74, 0xe5, 0xf5, 0x9a, 0xad, 0x89, 0xb3, 0xe3, 0xda, 0xde, 0xc0, 0x12, + 0x2d, 0x12, 0x48, 0x50, 0x89, 0x13, 0xbf, 0x0e, 0x80, 0x38, 0x51, 0xa9, 0xe2, 0xce, 0x81, 0x7f, + 0xa1, 0x12, 0x07, 0x2a, 0x71, 0x00, 0x09, 0x09, 0xa1, 0x86, 0x03, 0xa8, 0x48, 0xc0, 0x05, 0xc4, + 0x05, 0x90, 0xc7, 0xcf, 0xb1, 0x77, 0x3d, 0xf6, 0x7a, 0x1d, 0x6f, 0x7b, 0xb3, 0x3d, 0xe3, 0xf7, + 0xe6, 0xf3, 0x79, 0x6f, 0xde, 0x3c, 0x7f, 0x76, 0xf1, 0x3d, 0xe6, 0x8a, 0x2e, 0x5f, 0x6e, 0x69, + 0x56, 0xbb, 0x6c, 0x5a, 0xcc, 0x61, 0xa4, 0xfc, 0xaa, 0xde, 0xa8, 0x69, 0x9a, 0x62, 0x18, 0xba, + 0xd2, 0x54, 0xb5, 0x72, 0x5d, 0xb7, 0x1d, 0x4b, 0xaf, 0xb5, 0x1c, 0xad, 0xae, 0xb2, 0x55, 0xd3, + 0x7b, 0x6a, 0x68, 0xf5, 0x86, 0x66, 0x95, 0xcd, 0x15, 0xbd, 0xb8, 0xbb, 0xc1, 0x58, 0xc3, 0xd0, + 0x64, 0xc5, 0xd4, 0x65, 0xa5, 0xd9, 0x64, 0x8e, 0xe2, 0xe8, 0xac, 0x69, 0x7b, 0xd6, 0x8a, 0x87, + 0x54, 0x66, 0xaf, 0x32, 0x5b, 0xae, 0x29, 0xb6, 0xe6, 0xb9, 0x91, 0xd7, 0x66, 0x6b, 0x9a, 0xa3, + 0xcc, 0xca, 0xa6, 0xd2, 0xd0, 0x9b, 0x7c, 0x32, 0xcc, 0x9d, 0x74, 0x97, 0xa2, 0x98, 0xa6, 0xc5, + 0xd6, 0xb4, 0x7a, 0x55, 0xd5, 0x2c, 0x47, 0x7f, 0x51, 0x57, 0x15, 0x47, 0xf3, 0x8d, 0x95, 0xdc, + 0x09, 0xa6, 0xc5, 0x4c, 0x66, 0x77, 0x4f, 0x80, 0xf1, 0xdd, 0xee, 0xb8, 0x7a, 0x49, 0x37, 0x84, + 0x6f, 0x1f, 0x8c, 0x7b, 0xbb, 0x6a, 0x69, 0x6b, 0x4c, 0x0d, 0xaf, 0x84, 0x3b, 0x72, 0x9f, 0xae, + 0x88, 0x17, 0xb2, 0xaf, 0x6b, 0xa5, 0x16, 0x63, 0x8e, 0x68, 0xd6, 0xde, 0xb0, 0x95, 0xb8, 0x49, + 0x87, 0x62, 0x41, 0x57, 0x6b, 0xed, 0xaa, 0xdd, 0xaa, 0xbd, 0xa4, 0xa9, 0x4e, 0xf7, 0xb2, 0xdc, + 0x27, 0x42, 0xfc, 0x87, 0x39, 0xc2, 0x15, 0x3d, 0x04, 0xa8, 0xba, 0x19, 0x3e, 0xf7, 0xc6, 0x64, + 0x7a, 0xd3, 0x37, 0x76, 0x2a, 0xd5, 0x64, 0xbe, 0x0a, 0xdd, 0xb6, 0x5b, 0x9a, 0xe5, 0x2f, 0xa6, + 0xba, 0xa2, 0xb5, 0xab, 0x7a, 0x1d, 0xcc, 0x8c, 0x36, 0x58, 0x83, 0xf1, 0x4b, 0xd9, 0xbd, 0x82, + 0xa7, 0xf7, 0x7b, 0x61, 0xaf, 0x7a, 0x03, 0xde, 0x8d, 0x37, 0x44, 0x55, 0xbc, 0xf7, 0x9c, 0x9b, + 0x07, 0xa7, 0x35, 0x67, 0x0e, 0x60, 0x2f, 0x84, 0x50, 0x57, 0xb4, 0xcb, 0x2d, 0xcd, 0x76, 0xc8, + 0x38, 0xfe, 0x2f, 0xf8, 0x1b, 0x47, 0x53, 0xe8, 0xc0, 0xff, 0x2a, 0xfe, 0x2d, 0xa1, 0xf8, 0x2e, + 0xb8, 0x7c, 0x52, 0x6b, 0x9f, 0xad, 0x8f, 0x4b, 0x7c, 0xb8, 0xeb, 0x19, 0xbd, 0x86, 0xf0, 0xbe, + 0x64, 0x2f, 0xb6, 0xc9, 0x9a, 0xb6, 0x46, 0x5e, 0xc3, 0xa3, 0x8a, 0x60, 0x9c, 0xfb, 0xfc, 0xff, + 0x91, 0xc5, 0x01, 0x37, 0x43, 0x59, 0xe4, 0x6b, 0xfe, 0x3f, 0xd7, 0xbf, 0x9f, 0x1c, 0xa9, 0x08, + 0xfd, 0xd0, 0x77, 0x11, 0xd0, 0x31, 0x67, 0x18, 0x49, 0x74, 0x3c, 0x8e, 0x71, 0xb0, 0x5f, 0x60, + 0x75, 0xd3, 0x65, 0x20, 0xd6, 0xdd, 0x5c, 0x65, 0x6f, 0x0f, 0xc3, 0xe6, 0x2a, 0x2f, 0x29, 0x0d, + 0x0d, 0xde, 0xad, 0x84, 0xde, 0x4c, 0x45, 0xde, 0xaf, 0x3e, 0x79, 0xb1, 0x6b, 0xea, 0x4b, 0x5e, + 0xe1, 0x76, 0x90, 0x47, 0x4e, 0x77, 0x91, 0x22, 0x71, 0x52, 0xf6, 0xf7, 0x25, 0xc5, 0x5b, 0x7c, + 0x98, 0x15, 0x5a, 0xc3, 0xd4, 0xcf, 0x96, 0x25, 0x28, 0x10, 0x21, 0x47, 0xf9, 0xa4, 0xe4, 0xa7, + 0x28, 0x48, 0x7c, 0xa1, 0x13, 0x20, 0x75, 0x1d, 0xef, 0x34, 0xa3, 0xc3, 0x10, 0xf2, 0x85, 0x41, + 0x39, 0x15, 0x78, 0x02, 0x4a, 0x45, 0x5e, 0xa8, 0x01, 0x44, 0xcc, 0x19, 0x46, 0x02, 0x11, 0x39, + 0x25, 0x23, 0xbd, 0x15, 0x4a, 0xfe, 0x4c, 0x94, 0x14, 0x86, 0x4f, 0x49, 0x9e, 0x49, 0x36, 0xe5, + 0xc7, 0x7f, 0xc1, 0x3d, 0xa3, 0x44, 0xdb, 0x7c, 0x17, 0xde, 0xee, 0x15, 0x5b, 0xc8, 0x30, 0xb8, + 0x23, 0xd3, 0xf8, 0x6e, 0xa5, 0xe5, 0x5c, 0x62, 0x96, 0xee, 0xb4, 0xc3, 0x29, 0xd6, 0xf3, 0x94, + 0x7e, 0x8c, 0xf0, 0x9e, 0x04, 0x27, 0xc0, 0x67, 0x0b, 0xef, 0x50, 0x7b, 0x07, 0x21, 0x8c, 0x73, + 0x83, 0xb2, 0x19, 0xf1, 0x02, 0x5c, 0x46, 0x3d, 0x50, 0x03, 0x3f, 0x98, 0xb8, 0x01, 0xfc, 0x63, + 0x28, 0x9f, 0xfd, 0xf6, 0x25, 0xc2, 0x33, 0x29, 0xdd, 0x01, 0x2d, 0x1f, 0x21, 0x3c, 0x61, 0x26, + 0xcd, 0x04, 0x8e, 0x9e, 0xca, 0x21, 0xe3, 0x02, 0xa3, 0xc0, 0x57, 0xb2, 0x67, 0xba, 0x06, 0xdc, + 0xc5, 0xed, 0x94, 0x5e, 0xee, 0xf2, 0xda, 0xa2, 0x1f, 0x48, 0xc0, 0x62, 0x7f, 0xc7, 0x03, 0xb0, + 0x58, 0xb8, 0x33, 0x2c, 0x0e, 0xe5, 0xc0, 0xa8, 0x78, 0x0d, 0x5e, 0xfe, 0x3d, 0x4c, 0xf8, 0xc0, + 0x10, 0x3a, 0x09, 0xaa, 0xa3, 0x15, 0x1d, 0xce, 0x7a, 0x60, 0x08, 0x3c, 0xf9, 0xd5, 0x51, 0xe0, + 0x25, 0x7c, 0x60, 0x24, 0x10, 0x31, 0x8c, 0x03, 0x23, 0x13, 0x25, 0x85, 0xe1, 0x53, 0x92, 0x5f, + 0x92, 0x1d, 0xc4, 0xfb, 0x7b, 0x7b, 0xd8, 0x0a, 0x63, 0x8e, 0x80, 0x60, 0xfa, 0x05, 0xc2, 0x07, + 0xfa, 0xcf, 0x05, 0x76, 0xde, 0x46, 0x78, 0x5c, 0x89, 0x99, 0x04, 0xc1, 0x39, 0x93, 0xb5, 0x77, + 0xeb, 0xb5, 0x07, 0x44, 0xc5, 0xfa, 0xa3, 0x07, 0xf0, 0x74, 0x4f, 0x92, 0xc7, 0x61, 0xfc, 0x1c, + 0x05, 0x7c, 0xc4, 0x4e, 0x05, 0x88, 0x57, 0x10, 0x1e, 0xb3, 0xc4, 0x73, 0x00, 0xe1, 0xe9, 0x8c, + 0x59, 0x10, 0x03, 0x30, 0xce, 0x1b, 0x3d, 0x13, 0x1c, 0x7a, 0xc2, 0xfe, 0xb6, 0xbd, 0xec, 0xed, + 0xf9, 0xbe, 0x35, 0xa3, 0xeb, 0x40, 0xeb, 0x63, 0x2a, 0x54, 0x8a, 0x95, 0xa4, 0x99, 0x59, 0x0f, + 0xb4, 0x44, 0xf7, 0x7e, 0x29, 0x4e, 0xf4, 0x1c, 0xfe, 0x0c, 0xac, 0xc0, 0x17, 0x6d, 0xfe, 0x25, + 0xf4, 0x6a, 0xe8, 0x33, 0x50, 0xec, 0x25, 0x5c, 0x30, 0x22, 0xe3, 0xd9, 0x6b, 0x68, 0xc4, 0x54, + 0x50, 0x30, 0x22, 0x43, 0x74, 0x35, 0x5c, 0xd4, 0xe2, 0xa9, 0xc8, 0xab, 0x88, 0xfe, 0x12, 0xfa, + 0xbc, 0xcb, 0x46, 0x4a, 0x61, 0xf8, 0xa4, 0xe4, 0x57, 0x45, 0xaf, 0x84, 0xfb, 0xc0, 0x15, 0x3d, + 0xe8, 0x06, 0x16, 0x43, 0x62, 0xc7, 0x12, 0xd3, 0x9b, 0x9b, 0x5b, 0xf0, 0x5e, 0x5c, 0x58, 0xd3, + 0xeb, 0x9c, 0xe1, 0x6d, 0x15, 0xf7, 0x92, 0x8c, 0xe2, 0x6d, 0x86, 0x52, 0xd3, 0x0c, 0x48, 0x32, + 0xef, 0x86, 0x94, 0x31, 0xf1, 0xda, 0xf3, 0xe5, 0x20, 0xe7, 0x16, 0xc7, 0x0b, 0x7c, 0x8a, 0x60, + 0x84, 0x7e, 0x85, 0x70, 0x39, 0xed, 0x4a, 0x20, 0x04, 0x9f, 0x20, 0x5c, 0x4a, 0x9e, 0x0a, 0x89, + 0xf0, 0xf4, 0xc0, 0xdd, 0x54, 0xa2, 0x55, 0x88, 0x4c, 0x1f, 0xdf, 0xf4, 0xe5, 0x50, 0x73, 0x98, + 0x8a, 0xda, 0xbc, 0x72, 0xf8, 0x43, 0x09, 0xa8, 0x4c, 0xe1, 0x79, 0x10, 0x2a, 0x0b, 0x77, 0x8a, + 0xca, 0xfc, 0xf2, 0xdd, 0xc1, 0xf3, 0xe9, 0x92, 0xcc, 0x9e, 0x6f, 0x9f, 0x8d, 0x24, 0xa9, 0x1f, + 0x28, 0x71, 0x6e, 0xa3, 0xd8, 0xdc, 0xbe, 0x2a, 0xe1, 0x85, 0x2d, 0xb9, 0x85, 0x28, 0x7d, 0x87, + 0xf0, 0x51, 0x73, 0xf0, 0xf7, 0x21, 0x95, 0xd4, 0x7c, 0x43, 0x27, 0x74, 0x05, 0xf1, 0xcc, 0xb2, + 0xca, 0x23, 0xbf, 0x51, 0xbc, 0x8d, 0xb3, 0x44, 0xfe, 0x42, 0x78, 0x54, 0x74, 0x8a, 0x92, 0xe5, + 0x41, 0x21, 0xa4, 0x10, 0x53, 0x8b, 0xcf, 0xe4, 0x6b, 0xd4, 0x8b, 0x15, 0x3d, 0xf6, 0xc6, 0xd7, + 0x3f, 0xbe, 0x2f, 0x3d, 0x44, 0xca, 0x72, 0x5d, 0x35, 0x64, 0xae, 0xbd, 0x87, 0xa6, 0xc9, 0xeb, + 0x70, 0x14, 0x77, 0x36, 0xaf, 0xf8, 0xa1, 0xdc, 0x21, 0x1b, 0x08, 0x8f, 0x89, 0x0c, 0xcf, 0x19, + 0x46, 0x46, 0xf8, 0xc9, 0xe2, 0x69, 0x46, 0xf8, 0x7d, 0xd4, 0x4f, 0x3a, 0xc1, 0xe1, 0x8f, 0x91, + 0xfb, 0x84, 0xf0, 0xc9, 0x3f, 0x08, 0xef, 0x14, 0x7c, 0xb2, 0x92, 0x4a, 0xd6, 0x58, 0xc4, 0x0b, + 0x72, 0xc5, 0xe5, 0x5c, 0x6d, 0x02, 0xbe, 0x93, 0x1c, 0xdf, 0xa3, 0xe4, 0xf8, 0x26, 0x3e, 0xff, + 0xe3, 0x7a, 0x26, 0x5d, 0x9c, 0x7f, 0x46, 0x78, 0x97, 0xc0, 0x81, 0x1b, 0xe6, 0x4a, 0xd6, 0x88, + 0xe4, 0x4e, 0x42, 0xb2, 0xf4, 0x48, 0xa7, 0x39, 0x09, 0x53, 0xa4, 0x94, 0x4c, 0x02, 0xf9, 0x13, + 0xe1, 0x1d, 0x11, 0x29, 0x8c, 0x2c, 0x65, 0x8d, 0x4b, 0x9c, 0x40, 0x58, 0x3c, 0x97, 0xa3, 0x45, + 0x80, 0x78, 0x82, 0x43, 0x3c, 0x4e, 0x1e, 0x0e, 0xf2, 0xd8, 0x9d, 0xdb, 0x13, 0x64, 0xaf, 0xe6, + 0x77, 0xe4, 0xf5, 0x6e, 0xc5, 0xb1, 0x43, 0x3e, 0x93, 0xf0, 0x44, 0xa2, 0x34, 0x43, 0x2e, 0xe4, + 0x9a, 0x9d, 0x3d, 0x4a, 0x57, 0xf1, 0x85, 0x21, 0x59, 0x07, 0x76, 0x9e, 0xe0, 0xec, 0x2c, 0x92, + 0xf9, 0x68, 0x02, 0x04, 0x3f, 0x9c, 0xa5, 0xdc, 0x10, 0xef, 0x49, 0x78, 0x2a, 0xd1, 0xab, 0xbb, + 0x35, 0x2e, 0xe4, 0x9a, 0xc6, 0xf9, 0xb0, 0x95, 0x56, 0xfc, 0xa3, 0xb3, 0x9c, 0xad, 0xc3, 0xe4, + 0x60, 0x6a, 0xb6, 0xc8, 0xdf, 0x08, 0xef, 0x14, 0x28, 0x2c, 0xd9, 0xeb, 0x64, 0xbc, 0x0e, 0x95, + 0xbd, 0x4e, 0x26, 0x88, 0x4d, 0xf4, 0x31, 0x8e, 0xf9, 0x11, 0x72, 0x6c, 0x13, 0x33, 0x68, 0x01, + 0x29, 0xb3, 0xe2, 0x27, 0x84, 0x77, 0x09, 0xec, 0x6f, 0xa9, 0x4c, 0xe6, 0xce, 0x41, 0xb2, 0xe0, + 0x46, 0x1f, 0xe0, 0x1c, 0x4c, 0x92, 0x89, 0x44, 0x0e, 0xc8, 0xef, 0x08, 0x8f, 0xc7, 0x29, 0x45, + 0xe4, 0xfc, 0x56, 0x9b, 0x94, 0x18, 0xe1, 0xa8, 0xf8, 0x5c, 0xfe, 0x86, 0x01, 0x36, 0xe5, 0xb0, + 0x77, 0x93, 0x62, 0x00, 0x9b, 0x31, 0xa7, 0x1b, 0xf3, 0x1f, 0x08, 0x8f, 0xc5, 0x68, 0x47, 0xe4, + 0xd9, 0x2d, 0xe6, 0x63, 0x1c, 0xe2, 0xf3, 0xb9, 0xdb, 0x05, 0xc0, 0x87, 0x38, 0xe0, 0x7d, 0x84, + 0x46, 0xe2, 0x1c, 0x05, 0xfe, 0xa6, 0x84, 0x27, 0x12, 0x85, 0xa2, 0xec, 0x07, 0x43, 0x1a, 0x25, + 0x2d, 0xfb, 0xc1, 0x90, 0x4a, 0x5c, 0xa3, 0xfb, 0x39, 0x15, 0x7b, 0xc8, 0x64, 0x9f, 0xee, 0x97, + 0xbc, 0x2e, 0xb9, 0x05, 0x2e, 0xaa, 0x70, 0x6c, 0xa1, 0x18, 0xc5, 0x8a, 0x44, 0xd9, 0x3b, 0xfd, + 0x24, 0x25, 0x48, 0xd0, 0x0a, 0xfa, 0x92, 0x4d, 0xca, 0x1a, 0x77, 0x8b, 0xd7, 0xb8, 0x88, 0x87, + 0x2d, 0x75, 0xfc, 0xf9, 0xd3, 0xd0, 0x47, 0x10, 0x13, 0x34, 0x83, 0x42, 0x1a, 0xc8, 0x35, 0xa9, + 0x9f, 0xd4, 0x40, 0xb2, 0x77, 0x2d, 0x69, 0x74, 0x96, 0xe2, 0xc5, 0x61, 0x99, 0x07, 0x26, 0x4e, + 0x71, 0x26, 0x4e, 0x92, 0x13, 0x5d, 0x75, 0x00, 0x8e, 0x77, 0xef, 0x8f, 0x43, 0x7e, 0xcb, 0x18, + 0xfe, 0x00, 0xee, 0xc8, 0xeb, 0x6b, 0x7a, 0xbd, 0x23, 0xaf, 0x73, 0x01, 0xad, 0x43, 0xde, 0x92, + 0xf0, 0x9e, 0x64, 0x8f, 0x6e, 0x86, 0x64, 0xef, 0x59, 0x86, 0xc8, 0x55, 0x6a, 0xe1, 0x49, 0x74, + 0x48, 0xf4, 0x72, 0x45, 0xbe, 0x91, 0xf0, 0xd1, 0x0c, 0x5a, 0x04, 0xb1, 0x86, 0x13, 0xe7, 0x24, + 0x69, 0xa8, 0x68, 0xdf, 0x56, 0x9f, 0x40, 0xe2, 0x71, 0x4e, 0xe2, 0x2c, 0x91, 0x07, 0x4c, 0xb8, + 0xf9, 0x8b, 0xd7, 0x6f, 0x96, 0xd0, 0x8d, 0x9b, 0x25, 0xf4, 0xc3, 0xcd, 0x12, 0x7a, 0x67, 0xa3, + 0x34, 0x72, 0x63, 0xa3, 0x34, 0xf2, 0xed, 0x46, 0x69, 0xe4, 0xf9, 0xc5, 0x86, 0xee, 0x5c, 0x6a, + 0xd5, 0xca, 0x2a, 0x5b, 0x95, 0x3d, 0x44, 0x33, 0x3e, 0x24, 0x39, 0x04, 0x69, 0x26, 0xc0, 0x34, + 0xe3, 0x81, 0x92, 0x5f, 0xe1, 0x0b, 0x70, 0xda, 0xa6, 0x66, 0xd7, 0xb6, 0xf3, 0x7f, 0xb5, 0x1d, + 0xfd, 0x37, 0x00, 0x00, 0xff, 0xff, 0x44, 0x5c, 0xcd, 0xf0, 0x48, 0x29, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2605,6 +2613,13 @@ func (m *QueryAllApprovedCertificatesRequest) MarshalToSizedBuffer(dAtA []byte) _ = i var l int _ = l + if len(m.SubjectKeyId) > 0 { + i -= len(m.SubjectKeyId) + copy(dAtA[i:], m.SubjectKeyId) + i = encodeVarintQuery(dAtA, i, uint64(len(m.SubjectKeyId))) + i-- + dAtA[i] = 0x12 + } if m.Pagination != nil { { size, err := m.Pagination.MarshalToSizedBuffer(dAtA[:i]) @@ -3801,6 +3816,10 @@ func (m *QueryAllApprovedCertificatesRequest) Size() (n int) { l = m.Pagination.Size() n += 1 + l + sovQuery(uint64(l)) } + l = len(m.SubjectKeyId) + if l > 0 { + n += 1 + l + sovQuery(uint64(l)) + } return n } @@ -4510,6 +4529,38 @@ func (m *QueryAllApprovedCertificatesRequest) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubjectKeyId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthQuery + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthQuery + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubjectKeyId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipQuery(dAtA[iNdEx:])