From 419447e331772a49cf9bab31dc38de31ab0384af Mon Sep 17 00:00:00 2001 From: Abdulbois Date: Mon, 12 Feb 2024 16:31:02 +0500 Subject: [PATCH] #535 Enable providing serial number while revoking x509 certs Signed-off-by: Abdulbois Signed-off-by: Abdulbois --- docs/static/openapi.yml | 14 + docs/transactions.md | 6 +- .../cli/pki-revocation-with-serial-number.sh | 141 +++++++++ integration_tests/constants/constants.go | 99 ++++++ .../intermediate_with_same_subject_and_skid_1 | 21 ++ .../intermediate_with_same_subject_and_skid_2 | 21 ++ .../root_with_same_subject_and_skid_1 | 23 ++ .../root_with_same_subject_and_skid_2 | 23 ++ integration_tests/grpc_rest/pki/helpers.go | 162 +++++++++- .../pki/proposed_certificate_revocation.proto | 3 +- proto/pki/query.proto | 4 +- proto/pki/tx.proto | 3 + types/pki/errors.go | 7 + .../module/rest.ts | 23 +- .../pki/proposed_certificate_revocation.ts | 20 +- .../module/types/pki/query.ts | 20 +- .../module/types/pki/tx.ts | 60 +++- x/pki/client/cli/flags.go | 2 + .../query_proposed_certificate_revocation.go | 4 +- .../cli/tx_approve_revoke_x_509_root_cert.go | 3 + .../cli/tx_propose_revoke_x_509_root_cert.go | 3 + x/pki/client/cli/tx_revoke_x_509_cert.go | 3 + x/pki/handler_test.go | 257 +++++++++++++-- x/pki/handler_update_revocation_test.go | 4 +- x/pki/keeper/approved_certificates.go | 40 +++ ...c_query_proposed_certificate_revocation.go | 1 + ...g_server_approve_revoke_x_509_root_cert.go | 70 ++++- ...g_server_propose_revoke_x_509_root_cert.go | 20 +- x/pki/keeper/msg_server_revoke_x_509_cert.go | 65 +++- .../keeper/proposed_certificate_revocation.go | 7 + .../proposed_certificate_revocation_test.go | 3 + x/pki/types/genesis.go | 2 +- .../key_proposed_certificate_revocation.go | 7 + .../message_approve_revoke_x_509_root_cert.go | 3 +- .../message_propose_revoke_x_509_root_cert.go | 3 +- x/pki/types/message_revoke_x_509_cert.go | 3 +- .../proposed_certificate_revocation.pb.go | 92 ++++-- x/pki/types/query.pb.go | 260 +++++++++------ x/pki/types/query.pb.gw.go | 18 ++ x/pki/types/tx.pb.go | 297 +++++++++++++----- 40 files changed, 1539 insertions(+), 278 deletions(-) create mode 100755 integration_tests/cli/pki-revocation-with-serial-number.sh create mode 100644 integration_tests/constants/intermediate_with_same_subject_and_skid_1 create mode 100644 integration_tests/constants/intermediate_with_same_subject_and_skid_2 create mode 100644 integration_tests/constants/root_with_same_subject_and_skid_1 create mode 100644 integration_tests/constants/root_with_same_subject_and_skid_2 diff --git a/docs/static/openapi.yml b/docs/static/openapi.yml index a0178d443..3427efa2d 100644 --- a/docs/static/openapi.yml +++ b/docs/static/openapi.yml @@ -9536,6 +9536,8 @@ paths: type: string subjectAsText: type: string + serialNumber: + type: string pagination: type: object properties: @@ -9675,6 +9677,8 @@ paths: type: string subjectAsText: type: string + serialNumber: + type: string default: description: An unexpected error response. schema: @@ -9706,6 +9710,10 @@ paths: in: path required: true type: string + - name: serialNumber + in: query + required: false + type: string tags: - Query /dcl/pki/rejected-certificates: @@ -20763,6 +20771,8 @@ definitions: type: string subjectAsText: type: string + serialNumber: + type: string zigbeealliance.distributedcomplianceledger.pki.QueryAllApprovedCertificatesResponse: type: object properties: @@ -21012,6 +21022,8 @@ definitions: type: string subjectAsText: type: string + serialNumber: + type: string pagination: type: object properties: @@ -21471,6 +21483,8 @@ definitions: type: string subjectAsText: type: string + serialNumber: + type: string zigbeealliance.distributedcomplianceledger.pki.QueryGetRejectedCertificatesResponse: type: object properties: diff --git a/docs/transactions.md b/docs/transactions.md index b774b5e8b..5cecff887 100644 --- a/docs/transactions.md +++ b/docs/transactions.md @@ -942,6 +942,7 @@ Root certificates can not be revoked this way, use `PROPOSE_X509_CERT_REVOC` an - Parameters: - subject: `string` - certificates's `Subject` is base64 encoded subject DER sequence bytes - subject_key_id: `string` - certificates's `Subject Key Id` in hex string format, e.g: `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB` + - serial-number: `optional(string)` - certificate's serial number - info: `optional(string)` - information/notes for the revocation - time: `optional(int64)` - revocation time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field. - In State: `pki/RevokedCertificates/value//` @@ -967,6 +968,7 @@ then the certificate will be in a pending state until sufficient number of other - Parameters: - subject: `string` - certificates's `Subject` is base64 encoded subject DER sequence bytes - subject_key_id: `string` - certificates's `Subject Key Id` in hex string format, e.g: `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB` + - serial-number: `optional(string)` - certificate's serial number - info: `optional(string)` - information/notes for the revocation proposal - time: `optional(int64)` - revocation proposal time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field. - In State: `pki/ProposedCertificateRevocation/value//` @@ -990,6 +992,7 @@ The revocation is not applied until sufficient number of Trustees approve it. - Parameters: - subject: `string` - certificates's `Subject` is base64 encoded subject DER sequence bytes - subject_key_id: `string` - certificates's `Subject Key Id` in hex string format, e.g: `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB` + - serial-number: `optional(string)` - certificate's serial number - info: `optional(string)` - information/notes for the revocation approval - time: `optional(int64)` - revocation approval time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field. - In State: `pki/RevokedCertificates/value//` @@ -1222,10 +1225,11 @@ If a Revocation Distribution Point (such as RFC5280 Certificate Revocation List) - Parameters: - subject: `string` - certificates's `Subject` is base64 encoded subject DER sequence bytes - subject_key_id: `string` - certificates's `Subject Key Id` in hex string format, e.g: `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB` + - serial-number: `optional(string)` - certificate's serial number - CLI command: - `dcld query pki proposed-x509-root-cert-to-revoke --subject= --subject-key-id=` - REST API: - - GET `/dcl/pki/proposed-revocation-certificates/{subject}/{subject_key_id}` + - GET `/dcl/pki/proposed-revocation-certificates/{subject}/{subject_key_id}?serialnumber={serialnumber}` ### GET_ALL_X509_ROOT_CERTS diff --git a/integration_tests/cli/pki-revocation-with-serial-number.sh b/integration_tests/cli/pki-revocation-with-serial-number.sh new file mode 100755 index 000000000..36409c07c --- /dev/null +++ b/integration_tests/cli/pki-revocation-with-serial-number.sh @@ -0,0 +1,141 @@ +set -euo pipefail +source integration_tests/cli/common.sh + +root_cert_1_path="integration_tests/constants/root_with_same_subject_and_skid_1" +root_cert_1_serial_number="1" +root_cert_2_path="integration_tests/constants/root_with_same_subject_and_skid_2" +root_cert_2_serial_number="2" +root_cert_vid=65521 +intermediate_cert_1_path="integration_tests/constants/intermediate_with_same_subject_and_skid_1" +intermediate_cert_1_serial_number="3" +intermediate_cert_2_path="integration_tests/constants/intermediate_with_same_subject_and_skid_2" +intermediate_cert_2_serial_number="4" +root_cert_subject="MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ==" +root_cert_subject_key_id="33:5E:0C:07:44:F8:B5:9C:CD:55:01:9B:6D:71:23:83:6F:D0:D4:BE" +intermediate_cert_subject="MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQ=" +intermediate_cert_subject_key_id="2E:13:3B:44:52:2C:30:E9:EC:FB:45:FA:5D:E5:04:0A:C1:C6:E6:B9" + +trustee_account="jack" +second_trustee_account="alice" + +echo "Create a VendorAdmin Account" +create_new_account vendor_admin_account "VendorAdmin" + +test_divider + +echo "REVOKE CERTIFICATES BY SPECIFYING SERIAL NUMBER" + +echo "Propose and approve root certificate 1" +result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$root_cert_1_path" --vid "$root_cert_vid" --from $trustee_account --yes) +check_response "$result" "\"code\": 0" +result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --from $second_trustee_account --yes) +check_response "$result" "\"code\": 0" + +echo "Propose and approve root certificate 2" +result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$root_cert_2_path" --vid "$root_cert_vid" --from $trustee_account --yes) +check_response "$result" "\"code\": 0" +result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --from $second_trustee_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add an intermediate certificate with serialNumber 3" +result=$(echo "$passphrase" | dcld tx pki add-x509-cert --certificate="$intermediate_cert_1_path" --from $trustee_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add an intermediate certificate with serialNumber 4" +result=$(echo "$passphrase" | dcld tx pki add-x509-cert --certificate="$intermediate_cert_2_path" --from $trustee_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all approved root certificates." +result=$(dcld query pki all-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$root_cert_subject\"" +check_response "$result" "\"subject\": \"$intermediate_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$root_cert_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$intermediate_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$root_cert_2_serial_number\"" +check_response "$result" "\"serialNumber\": \"$intermediate_cert_2_serial_number\"" + +echo "Revoke intermediate certificate with serialNumber 3" +result=$(echo "$passphrase" | dcld tx pki revoke-x509-cert --subject="$intermediate_cert_subject" --subject-key-id="$intermediate_cert_subject_key_id" --serial-number="$intermediate_cert_1_serial_number" --from=$trustee_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should contain one intermediate certificate with serialNumber 3" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$intermediate_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$intermediate_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$intermediate_cert_2_serial_number\"" + +echo "Request all approved intermediate certificates should contain only one certificate with serialNumber 4" +result=$(dcld query pki x509-cert --subject="$intermediate_cert_subject" --subject-key-id="$intermediate_cert_subject_key_id") +echo $result | jq +check_response "$result" "\"subject\": \"$intermediate_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$intermediate_cert_2_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$intermediate_cert_1_serial_number\"" + +echo "$trustee_account (Trustee) proposes to revoke Root certificate with serialNumber 1" +result=$(echo "$passphrase" | dcld tx pki propose-revoke-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --serial-number="$root_cert_1_serial_number" --from $trustee_account --yes) +check_response "$result" "\"code\": 0" + +echo "$second_trustee_account (Second Trustee) approves to revoke Root certificate with serialNumber 1" +result=$(echo "$passphrase" | dcld tx pki approve-revoke-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --serial-number="$root_cert_1_serial_number" --from $second_trustee_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should contain one root certificate with serialNumber 1" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$root_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$root_cert_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$root_cert_2_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$intermediate_cert_2_serial_number" + +echo "Request all approved certificates should contain one root certificate with serialNumber 2 and one intermediate with serialNumber 4" +result=$(dcld query pki all-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$root_cert_subject\"" +check_response "$result" "\"subject\": \"$intermediate_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$root_cert_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id" +check_response "$result" "\"serialNumber\": \"$root_cert_2_serial_number\"" +check_response "$result" "\"serialNumber\": \"$intermediate_cert_2_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$intermediate_cert_1_serial_number\"" + +echo "$trustee_account (Trustee) proposes to revoke Root certificate with serialNumber 2" +result=$(echo "$passphrase" | dcld tx pki propose-revoke-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --serial-number="$root_cert_2_serial_number" --from $trustee_account --yes) +check_response "$result" "\"code\": 0" + +echo "$second_trustee_account (Second Trustee) approves to revoke Root certificate with serialNumber 2" +result=$(echo "$passphrase" | dcld tx pki approve-revoke-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --serial-number="$root_cert_2_serial_number" --from $second_trustee_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should contain two root and intermediate certificates" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$root_cert_subject\"" +check_response "$result" "\"subject\": \"$intermediate_cert_subject\"" +check_response "$result" "\"subjectKeyId\": \"$root_cert_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$intermediate_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$root_cert_2_serial_number\"" +check_response "$result" "\"serialNumber\": \"$intermediate_cert_2_serial_number\"" + +echo "Request all approved root certificates should be empty" +result=$(dcld query pki all-x509-root-certs) +echo $result | jq +response_does_not_contain "$result" "\"subject\": \"$root_cert_subject\"" +response_does_not_contain "$result" "\"subject\": \"$intermediate_cert_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$root_cert_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$intermediate_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$root_cert_2_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$intermediate_cert_2_serial_number\"" + +test_divider diff --git a/integration_tests/constants/constants.go b/integration_tests/constants/constants.go index 3f827fc92..7423fcb78 100644 --- a/integration_tests/constants/constants.go +++ b/integration_tests/constants/constants.go @@ -414,6 +414,95 @@ IBHlx8AWzAuLUwHE7hqnYz3ROq+u3idJMgUJtIQrXWqq9oqOl6VP1WC6e/RLmN36 a0u7AgG5ftl0Qx8nqht2Qdr+fIPivdR9JFweH/irVgTjgAo4Tj/0okgWdjS/qfIx 41rK5Rk4u875N8SOyJIU+DPbh7+bGV6QwX35aoPckfz12nC1uwDJ1SuLI55qy1cx KER9kcWhvxgD0H/rtNnFVgbvQw== +-----END CERTIFICATE-----` + + RootCertWithSameSubjectAndSKID1 = `-----BEGIN CERTIFICATE----- +MIID0TCCArmgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP +RXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMjQwMjEzMTYzNDIzWhcNMjQwMzE0MTYz +NDIzWjCBgjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQH +DAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBU +ZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL92i9Xid1CbBC8fGOpP2wj5xRxyDE +UdgKcXaL920m9tKnUwm/7S2xjcXssJQF5mZ2Owo0WxDz3U7mczcvapttDEV/qAmm +KPcrMlmRlbr13tvjGv3A+BIqlHrQfSLWA35/R0NOMADCLp7bDbrTkhgJnggLZAiA +kbKEhAlr9DrFRRbLcITTkoCKuAfNGIANmF+KewAtiyMU42eMfEMJjhZ2gzFyLRvw +HdZPmxGAbfx8D56uSUdB6Xcf2ivwr2m8/hQ/ctDocMvA4Gr/QY6Vqr/IoWR56wid +n93HFNA48VcDoi9yg65UOyMuZNm8WI3bwPBZr6uEYGJvfY+Cwoq9DPeXAgMBAAGj +UDBOMB0GA1UdDgQWBBQzXgwHRPi1nM1VAZttcSODb9DUvjAfBgNVHSMEGDAWgBQz +XgwHRPi1nM1VAZttcSODb9DUvjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4IBAQCkR4RtJ5mAWaWOWEKQIEIyLWZRAuzE5Qv7od6y5yjM0AOBaFp+UGApD/Wn +Y7leHT1EFYMcOtzb8/XZBT9kXxyKGU76jwuYBGU1fMpdYQpzzmtvQexV/nLUp5SX +mwWZqoaowcR5mz0S42CAe6zFixDuzQXEMfQFmIlPH863hys6kCjQ4193TeK6thjo +c2cEiuBm3NIleFUeE2gHllWeyljTcCuUUt80XtAGmXd4wWszz1vUeEq7eE0pxpIu +Mp/lJn1fRESSDTLVe2jtbGxKtXyCCIV8Q84a/Pguv4TVDxK6xnn3NH43wqGYnPJM +5sWvPsbKv+3rRyO7jRAcpcxxknes +-----END CERTIFICATE-----` + RootCertWithSameSubjectAndSKID2 = `-----BEGIN CERTIFICATE----- +MIID0TCCArmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP +RXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMjQwMjEzMTYzNDE2WhcNMjQwMzE0MTYz +NDE2WjCBgjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQH +DAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBU +ZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL92i9Xid1CbBC8fGOpP2wj5xRxyDE +UdgKcXaL920m9tKnUwm/7S2xjcXssJQF5mZ2Owo0WxDz3U7mczcvapttDEV/qAmm +KPcrMlmRlbr13tvjGv3A+BIqlHrQfSLWA35/R0NOMADCLp7bDbrTkhgJnggLZAiA +kbKEhAlr9DrFRRbLcITTkoCKuAfNGIANmF+KewAtiyMU42eMfEMJjhZ2gzFyLRvw +HdZPmxGAbfx8D56uSUdB6Xcf2ivwr2m8/hQ/ctDocMvA4Gr/QY6Vqr/IoWR56wid +n93HFNA48VcDoi9yg65UOyMuZNm8WI3bwPBZr6uEYGJvfY+Cwoq9DPeXAgMBAAGj +UDBOMB0GA1UdDgQWBBQzXgwHRPi1nM1VAZttcSODb9DUvjAfBgNVHSMEGDAWgBQz +XgwHRPi1nM1VAZttcSODb9DUvjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4IBAQB9gWev8y+D2KcbRXDdJbv+K9lfp6tuTJlSNMEdl86T+NkGT29GsyRsuEEE +eBrVs5BsyHtqF75Dq6SSXELprq+IGZDb+fKHHfpCBKPoZEUi7SD7ISHcq/wRVpE1 +eb9Xfj0fwajAj09zz1pW5Kmu7fks1dciWJxnak2yFzlWdMB943aemfDzwoh4mCJb +LO8iEAupSWRzDyuAHY0sabA1dkuY08JcafPancFYBeZ0XS1oD0Wr/0WOaR2pYTDw +pH5PjknPesccf6wijlr5EhU+o+dKr7iGv8TvjGGpsnFWNJj9CFRdzsnzN14KKWqi +2DdfIdsq/TWk5YQEALPM4RrHaiFD +-----END CERTIFICATE-----` + IntermediateWithSameSubjectAndSKID1 = `-----BEGIN CERTIFICATE----- +MIIDhTCCAm2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP +RXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMjQwMjEzMTYzNjMzWhcNMjQwMzE0MTYz +NjMzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE +CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA5nb5LLPX4ezUVTQCm67fc0XkzVMDLFMX+q8r3qTVMRHOqGxg +0vMrp0vUFaan/QVUHzNLQs63sIn9RA3rXT2CDJwvaN+JxdPef+BOb/mqCmm8xsLs +omyo7SlUpfnctKeNlCbUnMM2Uai1yGcYZnn4dgmU+KvRbOMtqpwgbRamlgk6E63D +VgEDQWdBOktmbpcV7HTKDhieImD4wIakm3o3KzdDHAbnWKve6bxCJxtx28l9qCBr +Wc5xrcBt9upfUleDr5qH8a7y44cf5zmrkgW2yXD1sty9dBVg2WdofHXab8eiOqAn +6mETTKrAz33e3moGwzmzAKYLoUNR5etDSVtigQIDAQABo0IwQDAdBgNVHQ4EFgQU +LhM7RFIsMOns+0X6XeUECsHG5rkwHwYDVR0jBBgwFoAUM14MB0T4tZzNVQGbbXEj +g2/Q1L4wDQYJKoZIhvcNAQELBQADggEBAICo5SSVI40cXRjBExMPSTRTetuKcbwy +5h2kvCkh8y9EwGUFAUB1cXNjlbR3Fd+dCxv7oAWy+3+dxqihugrSOQj9zaTn9z9e ++VSZLXK/hvnDh50xnkicaQ5xOIcNFflU8Ac2GUO+OgL+MyxN3RIDND6ZPLc0r3mw +kERjtALektNzuRrKCzlQmgBoiY+clgwobpj0XimjXHrqmD6qYzg6DaxvXdBmqsRd +XuMrdXdRNWEeJwb5/GTDNmcK5+2XgVxGEyBUhxgHdC/R2Dn6QJ7gGtbIscbi7CS4 +kCuTwsLuk4/fFqWhGYjimvQlDtOUm2tqbeua6/3LCQA/49My2FBKUDM= +-----END CERTIFICATE-----` + IntermediateWithSameSubjectAndSKID2 = `-----BEGIN CERTIFICATE----- +MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP +RXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMjQwMjEzMTYzNjU3WhcNMjQwMzE0MTYz +NjU3WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE +CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA5nb5LLPX4ezUVTQCm67fc0XkzVMDLFMX+q8r3qTVMRHOqGxg +0vMrp0vUFaan/QVUHzNLQs63sIn9RA3rXT2CDJwvaN+JxdPef+BOb/mqCmm8xsLs +omyo7SlUpfnctKeNlCbUnMM2Uai1yGcYZnn4dgmU+KvRbOMtqpwgbRamlgk6E63D +VgEDQWdBOktmbpcV7HTKDhieImD4wIakm3o3KzdDHAbnWKve6bxCJxtx28l9qCBr +Wc5xrcBt9upfUleDr5qH8a7y44cf5zmrkgW2yXD1sty9dBVg2WdofHXab8eiOqAn +6mETTKrAz33e3moGwzmzAKYLoUNR5etDSVtigQIDAQABo0IwQDAdBgNVHQ4EFgQU +LhM7RFIsMOns+0X6XeUECsHG5rkwHwYDVR0jBBgwFoAUM14MB0T4tZzNVQGbbXEj +g2/Q1L4wDQYJKoZIhvcNAQELBQADggEBAIk2ltezJCcoVq3zgwHL2okpkkoK9nNt +1DYSnwMbunib/B6QvG1p5WarSoiiAFitIP8byCGgRRd9POHm19tuY3Yt0Aep2BpE +tzDEqLG8i2kcQQOk/A+Tkz2gUr2MLt2dNl+dli7vcZQ+2NKKmR3Gfnsol3fNWtpy ++QvMNaUiYfzUasVbH5vUgq2nd/txa8pKNqntW8ZhShnHQZc5olfXduykZHGF4InQ +FN+rzuVtQPNNe2mLkJVHT6Ye9L+L77fVjmMzLxqJVibmpWnW/heqCibobt4tBh+p +eIZG4xQ2BF7dwdKsZU40aBFIgCnR58qzQVoukmct3VxkcKPlOWO8J+U= -----END CERTIFICATE-----` RootIssuer = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh" @@ -422,6 +511,16 @@ KER9kcWhvxgD0H/rtNnFVgbvQw== RootSubjectKeyID = "5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB" RootSerialNumber = "442314047376310867378175982234956458728610743315" + RootCertWithSameSubjectAndSKIDSubject = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ==" + RootCertWithSameSubjectAndSKIDSubjectKeyID = "33:5E:0C:07:44:F8:B5:9C:CD:55:01:9B:6D:71:23:83:6F:D0:D4:BE" + RootCertWithSameSubjectAndSKID1SerialNumber = "1" + RootCertWithSameSubjectAndSKID2SerialNumber = "2" + IntermediateCertWithSameSubjectAndSKIDSubject = "MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQ=" + + IntermediateCertWithSameSubjectAndSKIDSubjectKeyID = "2E:13:3B:44:52:2C:30:E9:EC:FB:45:FA:5D:E5:04:0A:C1:C6:E6:B9" + IntermediateCertWithSameSubjectAndSKID1SerialNumber = "3" + IntermediateCertWithSameSubjectAndSKID2SerialNumber = "4" + IntermediateIssuer = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh" IntermediateAuthorityKeyID = "5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB" IntermediateSubject = "MDwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRgwFgYDVQQKDA9pbnRlcm1lZGlhdGUtY2E=" diff --git a/integration_tests/constants/intermediate_with_same_subject_and_skid_1 b/integration_tests/constants/intermediate_with_same_subject_and_skid_1 new file mode 100644 index 000000000..13bd71061 --- /dev/null +++ b/integration_tests/constants/intermediate_with_same_subject_and_skid_1 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhTCCAm2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP +RXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMjQwMjEzMTYzNjMzWhcNMjQwMzE0MTYz +NjMzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE +CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA5nb5LLPX4ezUVTQCm67fc0XkzVMDLFMX+q8r3qTVMRHOqGxg +0vMrp0vUFaan/QVUHzNLQs63sIn9RA3rXT2CDJwvaN+JxdPef+BOb/mqCmm8xsLs +omyo7SlUpfnctKeNlCbUnMM2Uai1yGcYZnn4dgmU+KvRbOMtqpwgbRamlgk6E63D +VgEDQWdBOktmbpcV7HTKDhieImD4wIakm3o3KzdDHAbnWKve6bxCJxtx28l9qCBr +Wc5xrcBt9upfUleDr5qH8a7y44cf5zmrkgW2yXD1sty9dBVg2WdofHXab8eiOqAn +6mETTKrAz33e3moGwzmzAKYLoUNR5etDSVtigQIDAQABo0IwQDAdBgNVHQ4EFgQU +LhM7RFIsMOns+0X6XeUECsHG5rkwHwYDVR0jBBgwFoAUM14MB0T4tZzNVQGbbXEj +g2/Q1L4wDQYJKoZIhvcNAQELBQADggEBAICo5SSVI40cXRjBExMPSTRTetuKcbwy +5h2kvCkh8y9EwGUFAUB1cXNjlbR3Fd+dCxv7oAWy+3+dxqihugrSOQj9zaTn9z9e ++VSZLXK/hvnDh50xnkicaQ5xOIcNFflU8Ac2GUO+OgL+MyxN3RIDND6ZPLc0r3mw +kERjtALektNzuRrKCzlQmgBoiY+clgwobpj0XimjXHrqmD6qYzg6DaxvXdBmqsRd +XuMrdXdRNWEeJwb5/GTDNmcK5+2XgVxGEyBUhxgHdC/R2Dn6QJ7gGtbIscbi7CS4 +kCuTwsLuk4/fFqWhGYjimvQlDtOUm2tqbeua6/3LCQA/49My2FBKUDM= +-----END CERTIFICATE----- diff --git a/integration_tests/constants/intermediate_with_same_subject_and_skid_2 b/integration_tests/constants/intermediate_with_same_subject_and_skid_2 new file mode 100644 index 000000000..53dce5873 --- /dev/null +++ b/integration_tests/constants/intermediate_with_same_subject_and_skid_2 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP +RXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMjQwMjEzMTYzNjU3WhcNMjQwMzE0MTYz +NjU3WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE +CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA5nb5LLPX4ezUVTQCm67fc0XkzVMDLFMX+q8r3qTVMRHOqGxg +0vMrp0vUFaan/QVUHzNLQs63sIn9RA3rXT2CDJwvaN+JxdPef+BOb/mqCmm8xsLs +omyo7SlUpfnctKeNlCbUnMM2Uai1yGcYZnn4dgmU+KvRbOMtqpwgbRamlgk6E63D +VgEDQWdBOktmbpcV7HTKDhieImD4wIakm3o3KzdDHAbnWKve6bxCJxtx28l9qCBr +Wc5xrcBt9upfUleDr5qH8a7y44cf5zmrkgW2yXD1sty9dBVg2WdofHXab8eiOqAn +6mETTKrAz33e3moGwzmzAKYLoUNR5etDSVtigQIDAQABo0IwQDAdBgNVHQ4EFgQU +LhM7RFIsMOns+0X6XeUECsHG5rkwHwYDVR0jBBgwFoAUM14MB0T4tZzNVQGbbXEj +g2/Q1L4wDQYJKoZIhvcNAQELBQADggEBAIk2ltezJCcoVq3zgwHL2okpkkoK9nNt +1DYSnwMbunib/B6QvG1p5WarSoiiAFitIP8byCGgRRd9POHm19tuY3Yt0Aep2BpE +tzDEqLG8i2kcQQOk/A+Tkz2gUr2MLt2dNl+dli7vcZQ+2NKKmR3Gfnsol3fNWtpy ++QvMNaUiYfzUasVbH5vUgq2nd/txa8pKNqntW8ZhShnHQZc5olfXduykZHGF4InQ +FN+rzuVtQPNNe2mLkJVHT6Ye9L+L77fVjmMzLxqJVibmpWnW/heqCibobt4tBh+p +eIZG4xQ2BF7dwdKsZU40aBFIgCnR58qzQVoukmct3VxkcKPlOWO8J+U= +-----END CERTIFICATE----- diff --git a/integration_tests/constants/root_with_same_subject_and_skid_1 b/integration_tests/constants/root_with_same_subject_and_skid_1 new file mode 100644 index 000000000..93bd385a1 --- /dev/null +++ b/integration_tests/constants/root_with_same_subject_and_skid_1 @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0TCCArmgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP +RXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMjQwMjEzMTYzNDIzWhcNMjQwMzE0MTYz +NDIzWjCBgjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQH +DAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBU +ZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL92i9Xid1CbBC8fGOpP2wj5xRxyDE +UdgKcXaL920m9tKnUwm/7S2xjcXssJQF5mZ2Owo0WxDz3U7mczcvapttDEV/qAmm +KPcrMlmRlbr13tvjGv3A+BIqlHrQfSLWA35/R0NOMADCLp7bDbrTkhgJnggLZAiA +kbKEhAlr9DrFRRbLcITTkoCKuAfNGIANmF+KewAtiyMU42eMfEMJjhZ2gzFyLRvw +HdZPmxGAbfx8D56uSUdB6Xcf2ivwr2m8/hQ/ctDocMvA4Gr/QY6Vqr/IoWR56wid +n93HFNA48VcDoi9yg65UOyMuZNm8WI3bwPBZr6uEYGJvfY+Cwoq9DPeXAgMBAAGj +UDBOMB0GA1UdDgQWBBQzXgwHRPi1nM1VAZttcSODb9DUvjAfBgNVHSMEGDAWgBQz +XgwHRPi1nM1VAZttcSODb9DUvjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4IBAQCkR4RtJ5mAWaWOWEKQIEIyLWZRAuzE5Qv7od6y5yjM0AOBaFp+UGApD/Wn +Y7leHT1EFYMcOtzb8/XZBT9kXxyKGU76jwuYBGU1fMpdYQpzzmtvQexV/nLUp5SX +mwWZqoaowcR5mz0S42CAe6zFixDuzQXEMfQFmIlPH863hys6kCjQ4193TeK6thjo +c2cEiuBm3NIleFUeE2gHllWeyljTcCuUUt80XtAGmXd4wWszz1vUeEq7eE0pxpIu +Mp/lJn1fRESSDTLVe2jtbGxKtXyCCIV8Q84a/Pguv4TVDxK6xnn3NH43wqGYnPJM +5sWvPsbKv+3rRyO7jRAcpcxxknes +-----END CERTIFICATE----- diff --git a/integration_tests/constants/root_with_same_subject_and_skid_2 b/integration_tests/constants/root_with_same_subject_and_skid_2 new file mode 100644 index 000000000..392906f5f --- /dev/null +++ b/integration_tests/constants/root_with_same_subject_and_skid_2 @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID0TCCArmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwP +RXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMjQwMjEzMTYzNDE2WhcNMjQwMzE0MTYz +NDE2WjCBgjELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQH +DAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBU +ZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL92i9Xid1CbBC8fGOpP2wj5xRxyDE +UdgKcXaL920m9tKnUwm/7S2xjcXssJQF5mZ2Owo0WxDz3U7mczcvapttDEV/qAmm +KPcrMlmRlbr13tvjGv3A+BIqlHrQfSLWA35/R0NOMADCLp7bDbrTkhgJnggLZAiA +kbKEhAlr9DrFRRbLcITTkoCKuAfNGIANmF+KewAtiyMU42eMfEMJjhZ2gzFyLRvw +HdZPmxGAbfx8D56uSUdB6Xcf2ivwr2m8/hQ/ctDocMvA4Gr/QY6Vqr/IoWR56wid +n93HFNA48VcDoi9yg65UOyMuZNm8WI3bwPBZr6uEYGJvfY+Cwoq9DPeXAgMBAAGj +UDBOMB0GA1UdDgQWBBQzXgwHRPi1nM1VAZttcSODb9DUvjAfBgNVHSMEGDAWgBQz +XgwHRPi1nM1VAZttcSODb9DUvjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4IBAQB9gWev8y+D2KcbRXDdJbv+K9lfp6tuTJlSNMEdl86T+NkGT29GsyRsuEEE +eBrVs5BsyHtqF75Dq6SSXELprq+IGZDb+fKHHfpCBKPoZEUi7SD7ISHcq/wRVpE1 +eb9Xfj0fwajAj09zz1pW5Kmu7fks1dciWJxnak2yFzlWdMB943aemfDzwoh4mCJb +LO8iEAupSWRzDyuAHY0sabA1dkuY08JcafPancFYBeZ0XS1oD0Wr/0WOaR2pYTDw +pH5PjknPesccf6wijlr5EhU+o+dKr7iGv8TvjGGpsnFWNJj9CFRdzsnzN14KKWqi +2DdfIdsq/TWk5YQEALPM4RrHaiFD +-----END CERTIFICATE----- diff --git a/integration_tests/grpc_rest/pki/helpers.go b/integration_tests/grpc_rest/pki/helpers.go index fed97a57f..1da3185ca 100644 --- a/integration_tests/grpc_rest/pki/helpers.go +++ b/integration_tests/grpc_rest/pki/helpers.go @@ -264,13 +264,21 @@ func GetAllProposedRevocationX509Certs(suite *utils.TestSuite) (res []pkitypes.P } func GetProposedRevocationX509Cert(suite *utils.TestSuite, subject string, subjectKeyID string) (*pkitypes.ProposedCertificateRevocation, error) { + return getProposedRevocationX509Cert(suite, subject, subjectKeyID, "") +} + +func GetProposedRevocationX509CertBySerialNumber(suite *utils.TestSuite, subject string, subjectKeyID string, serialNumber string) (*pkitypes.ProposedCertificateRevocation, error) { + return getProposedRevocationX509Cert(suite, subject, subjectKeyID, serialNumber) +} + +func getProposedRevocationX509Cert(suite *utils.TestSuite, subject string, subjectKeyID string, serialNumber string) (*pkitypes.ProposedCertificateRevocation, error) { var res pkitypes.ProposedCertificateRevocation if suite.Rest { var resp pkitypes.QueryGetProposedCertificateRevocationResponse err := suite.QueryREST( fmt.Sprintf( - "/dcl/pki/proposed-revocation-certificates/%s/%s", - url.QueryEscape(subject), url.QueryEscape(subjectKeyID), + "/dcl/pki/proposed-revocation-certificates/%s/%s?serialNumber=%s", + url.QueryEscape(subject), url.QueryEscape(subjectKeyID), url.QueryEscape(serialNumber), ), &resp, ) @@ -289,6 +297,7 @@ func GetProposedRevocationX509Cert(suite *utils.TestSuite, subject string, subje &pkitypes.QueryGetProposedCertificateRevocationRequest{ Subject: subject, SubjectKeyId: subjectKeyID, + SerialNumber: serialNumber, }, ) if err != nil { @@ -1650,4 +1659,153 @@ func Demo(suite *utils.TestSuite) { revDistPoints, _ = GetAllPkiRevocationDistributionPoints(suite) require.Equal(suite.T, 1, len(revDistPoints)) + + // Revoke certificates by serialNumber + + // Add root certificates + msgProposeAddX509RootCert = pkitypes.MsgProposeAddX509RootCert{ + Cert: testconstants.RootCertWithSameSubjectAndSKID1, + Vid: 65521, + Signer: aliceAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgProposeAddX509RootCert}, aliceName, aliceAccount) + require.NoError(suite.T, err) + + msgApproveAddX509RootCert = pkitypes.MsgApproveAddX509RootCert{ + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyId: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + Signer: jackAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgApproveAddX509RootCert}, jackName, jackAccount) + require.NoError(suite.T, err) + + msgProposeAddX509RootCert = pkitypes.MsgProposeAddX509RootCert{ + Cert: testconstants.RootCertWithSameSubjectAndSKID2, + Vid: 65521, + Signer: aliceAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgProposeAddX509RootCert}, aliceName, aliceAccount) + require.NoError(suite.T, err) + + msgApproveAddX509RootCert = pkitypes.MsgApproveAddX509RootCert{ + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyId: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + Signer: jackAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgApproveAddX509RootCert}, jackName, jackAccount) + require.NoError(suite.T, err) + + // Add intermediate certificates + msgAddX509Cert = pkitypes.MsgAddX509Cert{ + Cert: testconstants.IntermediateWithSameSubjectAndSKID1, + Signer: aliceAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgAddX509Cert}, aliceName, aliceAccount) + require.NoError(suite.T, err) + + msgAddX509Cert = pkitypes.MsgAddX509Cert{ + Cert: testconstants.IntermediateWithSameSubjectAndSKID2, + Signer: aliceAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgAddX509Cert}, aliceName, aliceAccount) + require.NoError(suite.T, err) + + // Check approved certificate + certs, _ := GetX509Cert(suite, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID) + require.Equal(suite.T, 2, len(certs.Certs)) + certs, _ = GetX509Cert(suite, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) + require.Equal(suite.T, 2, len(certs.Certs)) + + // Revoke intermediate certificate with serialNumber 1 + msgRevokeX509Cert = pkitypes.MsgRevokeX509Cert{ + Subject: testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, + SubjectKeyId: testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, + SerialNumber: testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, + Signer: aliceAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgRevokeX509Cert}, aliceName, aliceAccount) + require.NoError(suite.T, err) + + // Request revoked certificate with serialNumber 3 + revokedCertificate, _ = GetRevokedX509Cert(suite, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) + require.Equal(suite.T, 2, len(revokedCertificate.Certs)) + require.Equal(suite.T, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, revokedCertificate.Subject) + require.Equal(suite.T, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, revokedCertificate.SubjectKeyId) + require.Equal(suite.T, testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, revokedCertificate.Certs[1].SerialNumber) + + // Check approved certificate + certs, _ = GetX509Cert(suite, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) + require.Equal(suite.T, 1, len(certs.Certs)) + require.Equal(suite.T, testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, certs.Certs[0].SerialNumber) + + // Revoke Root certificate with serialNumber 1 + msgProposeRevokeX509RootCert = pkitypes.MsgProposeRevokeX509RootCert{ + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyId: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + SerialNumber: testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, + Signer: jackAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgProposeRevokeX509RootCert}, jackName, jackAccount) + require.NoError(suite.T, err) + + proposedCertificateRevocation, _ = GetProposedRevocationX509CertBySerialNumber(suite, msgProposeRevokeX509RootCert.Subject, msgProposeRevokeX509RootCert.SubjectKeyId, msgProposeRevokeX509RootCert.SerialNumber) + require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKIDSubject, proposedCertificateRevocation.Subject) + require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, proposedCertificateRevocation.SubjectKeyId) + require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, proposedCertificateRevocation.SerialNumber) + + msgApproveRevokeX509RootCert = pkitypes.MsgApproveRevokeX509RootCert{ + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyId: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + SerialNumber: testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, + Signer: aliceAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgApproveRevokeX509RootCert}, aliceName, aliceAccount) + require.NoError(suite.T, err) + + // Request revoked Root certificate with serialNumber 1 + revokedCertificate, _ = GetRevokedX509Cert(suite, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID) + require.Equal(suite.T, 1, len(revokedCertificate.Certs)) + require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKIDSubject, revokedCertificate.Subject) + require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, revokedCertificate.SubjectKeyId) + require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, revokedCertificate.Certs[0].SerialNumber) + require.True(suite.T, revokedCertificate.Certs[0].IsRoot) + + // Check approved certificate + certs, _ = GetX509Cert(suite, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID) + require.Equal(suite.T, 1, len(certs.Certs)) + require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, certs.Certs[0].SerialNumber) + + certs, _ = GetX509Cert(suite, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) + require.Equal(suite.T, 1, len(certs.Certs)) + require.Equal(suite.T, testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, certs.Certs[0].SerialNumber) + + // Revoke Root certificate with serialNumber 2 + msgProposeRevokeX509RootCert = pkitypes.MsgProposeRevokeX509RootCert{ + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyId: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + SerialNumber: testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, + Signer: jackAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgProposeRevokeX509RootCert}, jackName, jackAccount) + require.NoError(suite.T, err) + + msgApproveRevokeX509RootCert = pkitypes.MsgApproveRevokeX509RootCert{ + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyId: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + SerialNumber: testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, + Signer: aliceAccount.Address, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgApproveRevokeX509RootCert}, aliceName, aliceAccount) + require.NoError(suite.T, err) + + // Request revoked Root certificate with serialNumber 2 + revokedCertificate, _ = GetRevokedX509Cert(suite, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID) + require.Equal(suite.T, 2, len(revokedCertificate.Certs)) + require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKIDSubject, revokedCertificate.Subject) + require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, revokedCertificate.SubjectKeyId) + require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, revokedCertificate.Certs[1].SerialNumber) + require.True(suite.T, revokedCertificate.Certs[1].IsRoot) + + _, err = GetX509Cert(suite, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID) + suite.AssertNotFound(err) } diff --git a/proto/pki/proposed_certificate_revocation.proto b/proto/pki/proposed_certificate_revocation.proto index b1588ef94..b74907a97 100644 --- a/proto/pki/proposed_certificate_revocation.proto +++ b/proto/pki/proposed_certificate_revocation.proto @@ -9,6 +9,7 @@ message ProposedCertificateRevocation { string subject = 1; string subjectKeyId = 2; repeated Grant approvals = 3; - string subjectAsText = 4; + string subjectAsText = 4; + string serialNumber = 5; } diff --git a/proto/pki/query.proto b/proto/pki/query.proto index 4c99abd33..7cb5fe9e8 100644 --- a/proto/pki/query.proto +++ b/proto/pki/query.proto @@ -162,9 +162,9 @@ message QueryGetChildCertificatesResponse { } message QueryGetProposedCertificateRevocationRequest { - string subject = 1; + string subject = 1; string subjectKeyId = 2; - + string serialNumber = 3; } message QueryGetProposedCertificateRevocationResponse { diff --git a/proto/pki/tx.proto b/proto/pki/tx.proto index d69827353..c5aee66bf 100644 --- a/proto/pki/tx.proto +++ b/proto/pki/tx.proto @@ -62,6 +62,7 @@ message MsgProposeRevokeX509RootCert { string subjectKeyId = 3 [(gogoproto.moretags) = "validate:\"required,max=256\""]; string info = 4 [(gogoproto.moretags) = "validate:\"max=4096\""]; int64 time = 5; + string serialNumber = 6; } message MsgProposeRevokeX509RootCertResponse { @@ -73,6 +74,7 @@ message MsgApproveRevokeX509RootCert { string subjectKeyId = 3 [(gogoproto.moretags) = "validate:\"required,max=256\""]; string info = 5 [(gogoproto.moretags) = "validate:\"max=4096\""]; int64 time = 6; + string serialNumber = 7; } message MsgApproveRevokeX509RootCertResponse { @@ -84,6 +86,7 @@ message MsgRevokeX509Cert { string subjectKeyId = 3 [(gogoproto.moretags) = "validate:\"required,max=256\""]; string info = 4 [(gogoproto.moretags) = "validate:\"max=4096\""]; int64 time = 5; + string serialNumber = 6; } message MsgRevokeX509CertResponse { diff --git a/types/pki/errors.go b/types/pki/errors.go index 9ca238801..843ed6490 100644 --- a/types/pki/errors.go +++ b/types/pki/errors.go @@ -87,6 +87,13 @@ func NewErrCertificateDoesNotExist(subject string, subjectKeyID string) error { subject, subjectKeyID) } +func NewErrCertificateBySerialNumberDoesNotExist(subject string, subjectKeyID string, serialNumber string) error { + return sdkerrors.Wrapf(ErrCertificateDoesNotExist, + "No X509 certificate associated with the "+ + "combination of subject=%v, subjectKeyID=%v and serialNumber=%v on the ledger", + subject, subjectKeyID, serialNumber) +} + func NewErrRootCertificateDoesNotExist(subject string, subjectKeyID string) error { return sdkerrors.Wrapf(ErrCertificateDoesNotExist, "No X509 root certificate associated with the "+ diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts index 0c9e9c6e1..25ce651e6 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts @@ -24,6 +24,20 @@ export interface PkiApprovedRootCertificates { certs?: PkiCertificateIdentifier[]; } +export interface PkiProposedCertificate { + subject?: string; + subjectKeyId?: string; + pemCert?: string; + serialNumber?: string; + owner?: string; + approvals?: PkiGrant[]; + subjectAsText?: string; + rejects?: PkiGrant[]; + + /** @format int32 */ + vid?: number; +} + export interface PkiCertificate { pemCert?: string; serialNumber?: string; @@ -129,6 +143,7 @@ export interface PkiProposedCertificate { export interface PkiProposedCertificateRevocation { subject?: string; subjectKeyId?: string; + serialNumber?: string; approvals?: PkiGrant[]; subjectAsText?: string; } @@ -704,10 +719,16 @@ export class Api extends HttpClient + queryProposedCertificateRevocation = ( + subject: string, + subjectKeyId: string, + query?: { serialNumber?: string }, + params: RequestParams = {}, + ) => this.request({ path: `/dcl/pki/proposed-revocation-certificates/${subject}/${subjectKeyId}`, method: "GET", + query: query, format: "json", ...params, }); diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/proposed_certificate_revocation.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/proposed_certificate_revocation.ts index 9195e4c52..a48e7d251 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/proposed_certificate_revocation.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/proposed_certificate_revocation.ts @@ -9,9 +9,10 @@ export interface ProposedCertificateRevocation { subjectKeyId: string approvals: Grant[] subjectAsText: string + serialNumber: string } -const baseProposedCertificateRevocation: object = { subject: '', subjectKeyId: '', subjectAsText: '' } +const baseProposedCertificateRevocation: object = { subject: '', subjectKeyId: '', subjectAsText: '', serialNumber: '' } export const ProposedCertificateRevocation = { encode(message: ProposedCertificateRevocation, writer: Writer = Writer.create()): Writer { @@ -27,6 +28,9 @@ export const ProposedCertificateRevocation = { if (message.subjectAsText !== '') { writer.uint32(34).string(message.subjectAsText) } + if (message.serialNumber !== '') { + writer.uint32(42).string(message.serialNumber) + } return writer }, @@ -50,6 +54,9 @@ export const ProposedCertificateRevocation = { case 4: message.subjectAsText = reader.string() break + case 5: + message.serialNumber = reader.string() + break default: reader.skipType(tag & 7) break @@ -81,6 +88,11 @@ export const ProposedCertificateRevocation = { } else { message.subjectAsText = '' } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = String(object.serialNumber) + } else { + message.serialNumber = '' + } return message }, @@ -94,6 +106,7 @@ export const ProposedCertificateRevocation = { obj.approvals = [] } message.subjectAsText !== undefined && (obj.subjectAsText = message.subjectAsText) + message.serialNumber !== undefined && (obj.serialNumber = message.serialNumber) return obj }, @@ -120,6 +133,11 @@ export const ProposedCertificateRevocation = { } else { message.subjectAsText = '' } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = object.serialNumber + } else { + message.serialNumber = '' + } return message } } diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts index 7dc9bbf0d..6b7904687 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts @@ -64,6 +64,7 @@ export interface QueryGetChildCertificatesResponse { export interface QueryGetProposedCertificateRevocationRequest { subject: string subjectKeyId: string + serialNumber: string } export interface QueryGetProposedCertificateRevocationResponse { @@ -831,7 +832,7 @@ export const QueryGetChildCertificatesResponse = { } } -const baseQueryGetProposedCertificateRevocationRequest: object = { subject: '', subjectKeyId: '' } +const baseQueryGetProposedCertificateRevocationRequest: object = { subject: '', subjectKeyId: '', serialNumber: '' } export const QueryGetProposedCertificateRevocationRequest = { encode(message: QueryGetProposedCertificateRevocationRequest, writer: Writer = Writer.create()): Writer { @@ -841,6 +842,9 @@ export const QueryGetProposedCertificateRevocationRequest = { if (message.subjectKeyId !== '') { writer.uint32(18).string(message.subjectKeyId) } + if (message.serialNumber !== '') { + writer.uint32(26).string(message.serialNumber) + } return writer }, @@ -857,6 +861,9 @@ export const QueryGetProposedCertificateRevocationRequest = { case 2: message.subjectKeyId = reader.string() break + case 3: + message.serialNumber = reader.string() + break default: reader.skipType(tag & 7) break @@ -877,6 +884,11 @@ export const QueryGetProposedCertificateRevocationRequest = { } else { message.subjectKeyId = '' } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = String(object.serialNumber) + } else { + message.serialNumber = '' + } return message }, @@ -884,6 +896,7 @@ export const QueryGetProposedCertificateRevocationRequest = { const obj: any = {} message.subject !== undefined && (obj.subject = message.subject) message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId) + message.serialNumber !== undefined && (obj.serialNumber = message.serialNumber) return obj }, @@ -899,6 +912,11 @@ export const QueryGetProposedCertificateRevocationRequest = { } else { message.subjectKeyId = '' } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = object.serialNumber + } else { + message.serialNumber = '' + } return message } } diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts index 6963245a2..b0834fbbb 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts @@ -39,6 +39,7 @@ export interface MsgProposeRevokeX509RootCert { subjectKeyId: string info: string time: number + serialNumber: string } export interface MsgProposeRevokeX509RootCertResponse {} @@ -49,6 +50,7 @@ export interface MsgApproveRevokeX509RootCert { subjectKeyId: string info: string time: number + serialNumber: string } export interface MsgApproveRevokeX509RootCertResponse {} @@ -59,6 +61,7 @@ export interface MsgRevokeX509Cert { subjectKeyId: string info: string time: number + serialNumber: string } export interface MsgRevokeX509CertResponse {} @@ -588,7 +591,7 @@ export const MsgAddX509CertResponse = { } } -const baseMsgProposeRevokeX509RootCert: object = { signer: '', subject: '', subjectKeyId: '', info: '', time: 0 } +const baseMsgProposeRevokeX509RootCert: object = { signer: '', subject: '', subjectKeyId: '', info: '', time: 0, serialNumber: '' } export const MsgProposeRevokeX509RootCert = { encode(message: MsgProposeRevokeX509RootCert, writer: Writer = Writer.create()): Writer { @@ -607,6 +610,9 @@ export const MsgProposeRevokeX509RootCert = { if (message.time !== 0) { writer.uint32(40).int64(message.time) } + if (message.serialNumber !== '') { + writer.uint32(50).string(message.serialNumber) + } return writer }, @@ -632,6 +638,9 @@ export const MsgProposeRevokeX509RootCert = { case 5: message.time = longToNumber(reader.int64() as Long) break + case 6: + message.serialNumber = reader.string() + break default: reader.skipType(tag & 7) break @@ -667,6 +676,11 @@ export const MsgProposeRevokeX509RootCert = { } else { message.time = 0 } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = String(object.serialNumber) + } else { + message.serialNumber = '' + } return message }, @@ -677,6 +691,7 @@ export const MsgProposeRevokeX509RootCert = { message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId) message.info !== undefined && (obj.info = message.info) message.time !== undefined && (obj.time = message.time) + message.serialNumber !== undefined && (obj.serialNumber = message.serialNumber) return obj }, @@ -707,6 +722,11 @@ export const MsgProposeRevokeX509RootCert = { } else { message.time = 0 } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = object.serialNumber + } else { + message.serialNumber = '' + } return message } } @@ -749,7 +769,7 @@ export const MsgProposeRevokeX509RootCertResponse = { } } -const baseMsgApproveRevokeX509RootCert: object = { signer: '', subject: '', subjectKeyId: '', info: '', time: 0 } +const baseMsgApproveRevokeX509RootCert: object = { signer: '', subject: '', subjectKeyId: '', info: '', time: 0, serialNumber: '' } export const MsgApproveRevokeX509RootCert = { encode(message: MsgApproveRevokeX509RootCert, writer: Writer = Writer.create()): Writer { @@ -768,6 +788,9 @@ export const MsgApproveRevokeX509RootCert = { if (message.time !== 0) { writer.uint32(48).int64(message.time) } + if (message.serialNumber !== '') { + writer.uint32(58).string(message.serialNumber) + } return writer }, @@ -793,6 +816,9 @@ export const MsgApproveRevokeX509RootCert = { case 6: message.time = longToNumber(reader.int64() as Long) break + case 7: + message.serialNumber = reader.string() + break default: reader.skipType(tag & 7) break @@ -828,6 +854,11 @@ export const MsgApproveRevokeX509RootCert = { } else { message.time = 0 } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = String(object.serialNumber) + } else { + message.serialNumber = '' + } return message }, @@ -838,6 +869,7 @@ export const MsgApproveRevokeX509RootCert = { message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId) message.info !== undefined && (obj.info = message.info) message.time !== undefined && (obj.time = message.time) + message.serialNumber !== undefined && (obj.serialNumber = message.serialNumber) return obj }, @@ -868,6 +900,11 @@ export const MsgApproveRevokeX509RootCert = { } else { message.time = 0 } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = object.serialNumber + } else { + message.serialNumber = '' + } return message } } @@ -910,7 +947,7 @@ export const MsgApproveRevokeX509RootCertResponse = { } } -const baseMsgRevokeX509Cert: object = { signer: '', subject: '', subjectKeyId: '', info: '', time: 0 } +const baseMsgRevokeX509Cert: object = { signer: '', subject: '', subjectKeyId: '', info: '', time: 0, serialNumber: '' } export const MsgRevokeX509Cert = { encode(message: MsgRevokeX509Cert, writer: Writer = Writer.create()): Writer { @@ -929,6 +966,9 @@ export const MsgRevokeX509Cert = { if (message.time !== 0) { writer.uint32(40).int64(message.time) } + if (message.serialNumber !== '') { + writer.uint32(50).string(message.serialNumber) + } return writer }, @@ -954,6 +994,9 @@ export const MsgRevokeX509Cert = { case 5: message.time = longToNumber(reader.int64() as Long) break + case 6: + message.serialNumber = reader.string() + break default: reader.skipType(tag & 7) break @@ -989,6 +1032,11 @@ export const MsgRevokeX509Cert = { } else { message.time = 0 } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = String(object.serialNumber) + } else { + message.serialNumber = '' + } return message }, @@ -999,6 +1047,7 @@ export const MsgRevokeX509Cert = { message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId) message.info !== undefined && (obj.info = message.info) message.time !== undefined && (obj.time = message.time) + message.serialNumber !== undefined && (obj.serialNumber = message.serialNumber) return obj }, @@ -1029,6 +1078,11 @@ export const MsgRevokeX509Cert = { } else { message.time = 0 } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = object.serialNumber + } else { + message.serialNumber = '' + } return message } } diff --git a/x/pki/client/cli/flags.go b/x/pki/client/cli/flags.go index 4636ec08f..29cff681d 100644 --- a/x/pki/client/cli/flags.go +++ b/x/pki/client/cli/flags.go @@ -7,6 +7,8 @@ const ( FlagSubjectShortcut = "u" FlagSubjectKeyID = "subject-key-id" FlagSubjectKeyIDShortcut = "k" + FlagSerialNumber = "serial-number" + FlagSerialNumberShortcut = "n" FlagRootSubject = "root-subject" FlagRootSubjectShortcut = "r" FlagRootSubjectKeyID = "root-subject-key-id" diff --git a/x/pki/client/cli/query_proposed_certificate_revocation.go b/x/pki/client/cli/query_proposed_certificate_revocation.go index 7f1cc338f..68ccf31b1 100644 --- a/x/pki/client/cli/query_proposed_certificate_revocation.go +++ b/x/pki/client/cli/query_proposed_certificate_revocation.go @@ -51,6 +51,7 @@ func CmdShowProposedCertificateRevocation() *cobra.Command { var ( subject string subjectKeyID string + serialNumber string ) cmd := &cobra.Command{ @@ -66,7 +67,7 @@ func CmdShowProposedCertificateRevocation() *cobra.Command { clientCtx, pkitypes.StoreKey, types.ProposedCertificateRevocationKeyPrefix, - types.ProposedCertificateRevocationKey(subject, subjectKeyID), + types.ProposedCertificateRevocationKey(subject, subjectKeyID, serialNumber), &res, ) }, @@ -74,6 +75,7 @@ func CmdShowProposedCertificateRevocation() *cobra.Command { cmd.Flags().StringVarP(&subject, FlagSubject, FlagSubjectShortcut, "", "Certificate's subject") cmd.Flags().StringVarP(&subjectKeyID, FlagSubjectKeyID, FlagSubjectKeyIDShortcut, "", "Certificate's subject key id (hex)") + cmd.Flags().StringVarP(&serialNumber, FlagSerialNumber, FlagSerialNumberShortcut, "", "Certificate's serial number") flags.AddQueryFlagsToCmd(cmd) _ = cmd.MarkFlagRequired(FlagSubject) diff --git a/x/pki/client/cli/tx_approve_revoke_x_509_root_cert.go b/x/pki/client/cli/tx_approve_revoke_x_509_root_cert.go index 349739541..00adc0dd4 100644 --- a/x/pki/client/cli/tx_approve_revoke_x_509_root_cert.go +++ b/x/pki/client/cli/tx_approve_revoke_x_509_root_cert.go @@ -29,11 +29,13 @@ func CmdApproveRevokeX509RootCert() *cobra.Command { subject := viper.GetString(FlagSubject) subjectKeyID := viper.GetString(FlagSubjectKeyID) info := viper.GetString(FlagInfo) + serialNumber := viper.GetString(FlagSerialNumber) msg := types.NewMsgApproveRevokeX509RootCert( clientCtx.GetFromAddress().String(), subject, subjectKeyID, + serialNumber, info, ) // validate basic will be called in GenerateOrBroadcastTxCLI @@ -48,6 +50,7 @@ func CmdApproveRevokeX509RootCert() *cobra.Command { cmd.Flags().StringP(FlagSubject, FlagSubjectShortcut, "", "Certificate's subject") cmd.Flags().StringP(FlagSubjectKeyID, FlagSubjectKeyIDShortcut, "", "Certificate's subject key id (hex)") + cmd.Flags().StringP(FlagSerialNumber, FlagSerialNumberShortcut, "", "Certificate's serial number") cmd.Flags().String(FlagInfo, "", FlagInfoUsage) cli.AddTxFlagsToCmd(cmd) diff --git a/x/pki/client/cli/tx_propose_revoke_x_509_root_cert.go b/x/pki/client/cli/tx_propose_revoke_x_509_root_cert.go index 3704da232..16448c29d 100644 --- a/x/pki/client/cli/tx_propose_revoke_x_509_root_cert.go +++ b/x/pki/client/cli/tx_propose_revoke_x_509_root_cert.go @@ -29,11 +29,13 @@ func CmdProposeRevokeX509RootCert() *cobra.Command { subject := viper.GetString(FlagSubject) subjectKeyID := viper.GetString(FlagSubjectKeyID) info := viper.GetString(FlagInfo) + serialNumber := viper.GetString(FlagSerialNumber) msg := types.NewMsgProposeRevokeX509RootCert( clientCtx.GetFromAddress().String(), subject, subjectKeyID, + serialNumber, info, ) // validate basic will be called in GenerateOrBroadcastTxCLI @@ -48,6 +50,7 @@ func CmdProposeRevokeX509RootCert() *cobra.Command { cmd.Flags().StringP(FlagSubject, FlagSubjectShortcut, "", "Certificate's subject") cmd.Flags().StringP(FlagSubjectKeyID, FlagSubjectKeyIDShortcut, "", "Certificate's subject key id (hex)") + cmd.Flags().StringP(FlagSerialNumber, FlagSerialNumberShortcut, "", "Certificate's serial number") cmd.Flags().String(FlagInfo, "", FlagInfoUsage) cli.AddTxFlagsToCmd(cmd) diff --git a/x/pki/client/cli/tx_revoke_x_509_cert.go b/x/pki/client/cli/tx_revoke_x_509_cert.go index 6a3d55d7f..df1bdab63 100644 --- a/x/pki/client/cli/tx_revoke_x_509_cert.go +++ b/x/pki/client/cli/tx_revoke_x_509_cert.go @@ -28,6 +28,7 @@ func CmdRevokeX509Cert() *cobra.Command { subject := viper.GetString(FlagSubject) subjectKeyID := viper.GetString(FlagSubjectKeyID) + serialNumber := viper.GetString(FlagSerialNumber) infoArg := viper.GetString(FlagInfo) @@ -35,6 +36,7 @@ func CmdRevokeX509Cert() *cobra.Command { clientCtx.GetFromAddress().String(), subject, subjectKeyID, + serialNumber, infoArg, ) // validate basic will be called in GenerateOrBroadcastTxCLI @@ -49,6 +51,7 @@ func CmdRevokeX509Cert() *cobra.Command { cmd.Flags().StringP(FlagSubject, FlagSubjectShortcut, "", "Certificate's subject") cmd.Flags().StringP(FlagSubjectKeyID, FlagSubjectKeyIDShortcut, "", "Certificate's subject key id (hex)") + cmd.Flags().StringP(FlagSerialNumber, FlagSerialNumberShortcut, "", "Certificate's serial number") cmd.Flags().String(FlagInfo, "", FlagInfoUsage) cli.AddTxFlagsToCmd(cmd) diff --git a/x/pki/handler_test.go b/x/pki/handler_test.go index 752e5d81a..45e742d9c 100644 --- a/x/pki/handler_test.go +++ b/x/pki/handler_test.go @@ -518,7 +518,7 @@ func TestHandler_TwoThirdApprovalsNeededForRevokingRootCertification(t *testing. // Trustee1 proposes to revoke the certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) @@ -527,7 +527,7 @@ func TestHandler_TwoThirdApprovalsNeededForRevokingRootCertification(t *testing. for i := 1; i < twoThirds-1; i++ { // approve the revocation approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - trusteeAccounts[i].String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + trusteeAccounts[i].String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.NoError(t, err) @@ -540,7 +540,7 @@ func TestHandler_TwoThirdApprovalsNeededForRevokingRootCertification(t *testing. // One more revoke will revoke the certificate approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.NoError(t, err) @@ -1045,12 +1045,12 @@ func TestHandler_ProposeRevokeX509RootCert_ByTrusteeOwner(t *testing.T) { // propose revocation of x509 root certificate by `setup.Trustee` proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) // query and check proposed certificate revocation - proposedRevocation, _ := queryProposedCertificateRevocation(setup) + proposedRevocation, _ := queryProposedCertificateRevocation(setup, testconstants.RootSerialNumber) require.Equal(t, testconstants.RootSubject, proposedRevocation.Subject) require.Equal(t, testconstants.RootSubjectKeyID, proposedRevocation.SubjectKeyId) require.True(t, proposedRevocation.HasRevocationFrom(setup.Trustee1.String())) @@ -1082,12 +1082,12 @@ func TestHandler_ProposeRevokeX509RootCert_ByTrusteeNotOwner(t *testing.T) { // propose revocation of x509 root certificate by new trustee proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - anotherTrustee.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + anotherTrustee.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) // query and check proposed certificate revocation - proposedRevocation, _ := queryProposedCertificateRevocation(setup) + proposedRevocation, _ := queryProposedCertificateRevocation(setup, testconstants.RootSerialNumber) require.Equal(t, testconstants.RootSubject, proposedRevocation.Subject) require.Equal(t, testconstants.RootSubjectKeyID, proposedRevocation.SubjectKeyId) require.True(t, proposedRevocation.HasRevocationFrom(anotherTrustee.String())) @@ -1123,7 +1123,7 @@ func TestHandler_ProposeRevokeX509RootCert_ByNotTrustee(t *testing.T) { // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - accAddress.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + accAddress.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) @@ -1135,7 +1135,7 @@ func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExist(t *testing.T) // propose revocation of not existing certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -1155,7 +1155,7 @@ func TestHandler_ProposeRevokeX509RootCert_ForProposedCertificate(t *testing.T) // propose revocation of proposed root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -1170,7 +1170,7 @@ func TestHandler_ProposeRevokeX509RootCert_ProposedRevocationAlreadyExists(t *te // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) @@ -1180,7 +1180,7 @@ func TestHandler_ProposeRevokeX509RootCert_ProposedRevocationAlreadyExists(t *te // propose revocation of the same x509 root certificate again proposeRevokeX509RootCert = types.NewMsgProposeRevokeX509RootCert( - anotherTrustee.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + anotherTrustee.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrProposedCertificateRevocationAlreadyExists.Is(err)) @@ -1200,7 +1200,7 @@ func TestHandler_ProposeRevokeX509RootCert_ForNonRootCertificate(t *testing.T) { // propose revocation of x509 intermediate certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) @@ -1219,18 +1219,18 @@ func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) // approve approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.NoError(t, err) // query and check proposed certificate revocation - proposedRevocation, _ := queryProposedCertificateRevocation(setup) + proposedRevocation, _ := queryProposedCertificateRevocation(setup, testconstants.RootSerialNumber) require.Equal(t, testconstants.RootSubject, proposedRevocation.Subject) require.Equal(t, testconstants.RootSubjectKeyID, proposedRevocation.SubjectKeyId) require.True(t, proposedRevocation.HasRevocationFrom(setup.Trustee1.String())) @@ -1259,7 +1259,7 @@ func TestHandler_ApproveRevokeX509RootCert_ForEnoughApprovals(t *testing.T) { // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) @@ -1269,12 +1269,12 @@ func TestHandler_ApproveRevokeX509RootCert_ForEnoughApprovals(t *testing.T) { // approve approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.NoError(t, err) // check that proposed certificate revocation does not exist anymore - _, err = queryProposedCertificateRevocation(setup) + _, err = queryProposedCertificateRevocation(setup, testconstants.RootSerialNumber) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) @@ -1292,6 +1292,94 @@ func TestHandler_ApproveRevokeX509RootCert_ForEnoughApprovals(t *testing.T) { setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) } +func TestHandler_ApproveRevokeX509RootCert_BySerialNumber(t *testing.T) { + setup := Setup(t) + + rootCertOpt := &rootCertOptions{ + pemCert: testconstants.RootCertWithSameSubjectAndSKID1, + subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + subjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + info: testconstants.Info, + vid: testconstants.Vid, + } + proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOpt) + rootCertOpt.pemCert = testconstants.RootCertWithSameSubjectAndSKID2 + proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOpt) + rootSubject := rootCertOpt.subject + rootSubjectKeyID := rootCertOpt.subjectKeyID + // Add an intermediate certificate + addIntermediateX509Cert := types.NewMsgAddX509Cert(setup.Trustee1.String(), testconstants.IntermediateWithSameSubjectAndSKID1) + _, err := setup.Handler(setup.Ctx, addIntermediateX509Cert) + require.NoError(t, err) + intermediateSubject := testconstants.IntermediateCertWithSameSubjectAndSKIDSubject + intermediateSubjectKeyID := testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID + + // get certificates for further comparison + certsBeforeRevocation := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) + require.NotNil(t, certsBeforeRevocation) + require.Equal(t, 2, len(certsBeforeRevocation)) + require.Equal(t, 3, len(certsBeforeRevocation[0].Certs)+len(certsBeforeRevocation[1].Certs)) + + // propose revocation of root certificate with serial number "1" + proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( + setup.Trustee1.String(), rootSubject, rootSubjectKeyID, "1", testconstants.Info) + _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + require.NoError(t, err) + + // approve + approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( + setup.Trustee2.String(), rootSubject, rootSubjectKeyID, "1", testconstants.Info) + _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) + require.NoError(t, err) + + // check that proposed certificate revocation does not exist anymore + _, err = queryProposedCertificateRevocation(setup, "1") + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // check that only two approved certificates exists(root and child certificates) + rootCerts, _ := queryApprovedRootCertificates(setup, rootSubject, rootSubjectKeyID) + require.Equal(t, 1, len(rootCerts)) + require.Equal(t, "2", rootCerts[0].SerialNumber) + certificates, err := queryApprovedCertificates(setup, intermediateSubject, intermediateSubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(certificates.Certs)) + + // query and check revoked certificate + revokedCertificate, _ := querySingleRevokedCertificate(setup, rootSubject, rootSubjectKeyID) + require.NotNil(t, revokedCertificate) + require.Equal(t, "1", revokedCertificate.SerialNumber) + + // propose revocation of root certificate with serial number "2" + proposeRevokeX509RootCert = types.NewMsgProposeRevokeX509RootCert( + setup.Trustee1.String(), rootSubject, rootSubjectKeyID, "2", testconstants.Info) + _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + require.NoError(t, err) + + // approve + approveRevokeX509RootCert = types.NewMsgApproveRevokeX509RootCert( + setup.Trustee2.String(), rootSubject, rootSubjectKeyID, "2", testconstants.Info) + _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) + require.NoError(t, err) + + // check that proposed certificate revocation does not exist anymore + _, err = queryProposedCertificateRevocation(setup, "2") + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // check that approved certificates does not exist anymore + certsAfterRevocation := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) + require.Equal(t, 0, len(certsAfterRevocation)) + certsAfterRevocationBySubjectID := setup.Keeper.GetAllApprovedCertificatesBySubjectKeyID(setup.Ctx) + require.Equal(t, 0, len(certsAfterRevocationBySubjectID)) + + // query and check revoked certificate + revokedCerts, _ := queryRevokedCertificates(setup, rootSubject, rootSubjectKeyID) + require.Equal(t, 2, len(revokedCerts.Certs)) + require.Equal(t, rootSubject, revokedCerts.Subject) + require.Equal(t, rootSubjectKeyID, revokedCerts.SubjectKeyId) +} + func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { setup := Setup(t) @@ -1301,7 +1389,7 @@ func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) @@ -1315,7 +1403,7 @@ func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { // approve approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - accAddress.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + accAddress.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) @@ -1331,7 +1419,7 @@ func TestHandler_ApproveRevokeX509RootCert_ProposedRevocationDoesNotExist(t *tes // approve revocation of x509 root certificate approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrProposedCertificateRevocationDoesNotExist.Is(err)) @@ -1346,13 +1434,13 @@ func TestHandler_ApproveRevokeX509RootCert_Twice(t *testing.T) { // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) // approve revocation by the same trustee approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) @@ -1377,13 +1465,13 @@ func TestHandler_ApproveRevokeX509RootCert_ForTree(t *testing.T) { // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) // approve approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.NoError(t, err) @@ -1466,7 +1554,7 @@ func TestHandler_RevokeX509Cert(t *testing.T) { // revoke x509 certificate revokeX509Cert := types.NewMsgRevokeX509Cert( - accAddress.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.Info) + accAddress.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, "", testconstants.Info) _, err = setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) @@ -1510,6 +1598,84 @@ func TestHandler_RevokeX509Cert(t *testing.T) { } } +func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { + setup := Setup(t) + // propose and approve x509 root certificate + rootCertOptions := createTestRootCertOptions() + proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + + // Add two intermediate certificates + addIntermediateX509Cert := types.NewMsgAddX509Cert(setup.Trustee1.String(), testconstants.IntermediateCertPem) + _, err := setup.Handler(setup.Ctx, addIntermediateX509Cert) + require.NoError(t, err) + intermediateCertificate := intermediateCertificate(setup.Trustee1) + intermediateCertificate.SerialNumber = SerialNumber + setup.Keeper.AddApprovedCertificate(setup.Ctx, intermediateCertificate) + setup.Keeper.AddApprovedCertificateBySubjectKeyID(setup.Ctx, intermediateCertificate) + setup.Keeper.SetUniqueCertificate( + setup.Ctx, + uniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), + ) + // Add a leaf certificate + addLeafX509Cert := types.NewMsgAddX509Cert(setup.Trustee1.String(), testconstants.LeafCertPem) + _, err = setup.Handler(setup.Ctx, addLeafX509Cert) + require.NoError(t, err) + + // get certificates for further comparison + allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) + require.NotNil(t, allCerts) + require.Equal(t, 3, len(allCerts)) + require.Equal(t, 4, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) + + // revoke intermediate certificate + revokeX509Cert := types.NewMsgRevokeX509Cert( + setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.IntermediateSerialNumber, testconstants.Info) + _, err = setup.Handler(setup.Ctx, revokeX509Cert) + require.NoError(t, err) + + // check that proposed certificate revocation does not exist anymore + _, err = queryProposedCertificateRevocation(setup, testconstants.IntermediateSerialNumber) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // check that only root and two intermediate certificates exists + allCerts, _ = queryAllApprovedCertificates(setup) + require.Equal(t, 3, len(allCerts)) + require.Equal(t, 3, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) + intermediateCerts, _ := queryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + require.Equal(t, 1, len(intermediateCerts.Certs)) + require.Equal(t, SerialNumber, intermediateCerts.Certs[0].SerialNumber) + + // query and check revoked certificate + revokedCertificate, _ := querySingleRevokedCertificate(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + require.NotNil(t, revokedCertificate) + require.Equal(t, testconstants.IntermediateSubject, revokedCertificate.Subject) + require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCertificate.SubjectKeyId) + require.Equal(t, testconstants.IntermediateSerialNumber, revokedCertificate.SerialNumber) + + // revoke intermediate certificate + revokeX509Cert = types.NewMsgRevokeX509Cert( + setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.IntermediateSerialNumber, testconstants.Info) + _, err = setup.Handler(setup.Ctx, revokeX509Cert) + require.NoError(t, err) + + _, err = queryProposedCertificateRevocation(setup, testconstants.IntermediateSerialNumber) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // check that only root certificate exists + certsAfterRevocation := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) + require.Equal(t, 1, len(certsAfterRevocation)) + require.Equal(t, 1, len(certsAfterRevocation[0].Certs)) + require.Equal(t, testconstants.RootSerialNumber, certsAfterRevocation[0].Certs[0].SerialNumber) + + // query and check revoked certificate + revokedCerts, _ := queryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + require.Equal(t, 2, len(revokedCerts.Certs)) + require.Equal(t, testconstants.IntermediateSubject, revokedCerts.Subject) + require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCerts.SubjectKeyId) +} + func TestHandler_RevokeX509RootCertsBySubjectKeyId(t *testing.T) { setup := Setup(t) @@ -1528,12 +1694,12 @@ func TestHandler_RevokeX509RootCertsBySubjectKeyId(t *testing.T) { // revoke certificate revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.PAACertWithSameSubjectID1Subject, testconstants.PAACertWithSameSubjectIDSubjectID, testconstants.Info) + setup.Trustee1.String(), testconstants.PAACertWithSameSubjectID1Subject, testconstants.PAACertWithSameSubjectIDSubjectID, "", testconstants.Info) _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) aprRevokeX509Cert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), testconstants.PAACertWithSameSubjectID1Subject, testconstants.PAACertWithSameSubjectIDSubjectID, testconstants.Info) + setup.Trustee2.String(), testconstants.PAACertWithSameSubjectID1Subject, testconstants.PAACertWithSameSubjectIDSubjectID, "", testconstants.Info) _, err = setup.Handler(setup.Ctx, aprRevokeX509Cert) require.NoError(t, err) @@ -1560,7 +1726,7 @@ func TestHandler_RevokeX509Cert_CertificateDoesNotExist(t *testing.T) { // revoke x509 certificate revokeX509Cert := types.NewMsgRevokeX509Cert( - setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.IntermediateSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -1575,7 +1741,7 @@ func TestHandler_RevokeX509Cert_ForRootCertificate(t *testing.T) { // revoke x509 root certificate revokeX509Cert := types.NewMsgRevokeX509Cert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) @@ -1599,7 +1765,7 @@ func TestHandler_RevokeX509Cert_ByNotOwner(t *testing.T) { // revoke x509 certificate by another account revokeX509Cert := types.NewMsgRevokeX509Cert( - anotherTrustee.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.Info) + anotherTrustee.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.IntermediateSerialNumber, testconstants.Info) _, err = setup.Handler(setup.Ctx, revokeX509Cert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) @@ -1630,7 +1796,7 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { // revoke x509 certificate revokeX509Cert := types.NewMsgRevokeX509Cert( - setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, "", testconstants.Info) _, err = setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) @@ -1996,7 +2162,7 @@ func proposeAndApproveRootCertificate(setup *TestSetup, ownerTrustee sdk.AccAddr require.NoError(setup.T, err) // check that root certificate has been approved - approvedCertificate, err := querySingleApprovedCertificate( + approvedCertificate, err := queryApprovedCertificates( setup, options.subject, options.subjectKeyID) require.NoError(setup.T, err) require.NotNil(setup.T, approvedCertificate) @@ -2452,6 +2618,27 @@ func queryApprovedCertificates( return &resp.ApprovedCertificates, nil } +func queryApprovedRootCertificates( + setup *TestSetup, + subject string, + subjectKeyID string, +) ([]*types.Certificate, error) { + resp, err := queryApprovedCertificates(setup, subject, subjectKeyID) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + var list []*types.Certificate + for _, cert := range resp.Certs { + if cert.IsRoot { + list = append(list, cert) + } + } + + return list, nil +} + func queryAllProposedCertificateRevocations(setup *TestSetup) ([]types.ProposedCertificateRevocation, error) { // query all proposed certificate revocations req := &types.QueryAllProposedCertificateRevocationRequest{} @@ -2470,11 +2657,13 @@ func queryAllProposedCertificateRevocations(setup *TestSetup) ([]types.ProposedC func queryProposedCertificateRevocation( setup *TestSetup, + serialNumber string, ) (*types.ProposedCertificateRevocation, error) { // query proposed certificate revocation req := &types.QueryGetProposedCertificateRevocationRequest{ Subject: testconstants.RootSubject, SubjectKeyId: testconstants.RootSubjectKeyID, + SerialNumber: serialNumber, } resp, err := setup.Keeper.ProposedCertificateRevocation(setup.Wctx, req) diff --git a/x/pki/handler_update_revocation_test.go b/x/pki/handler_update_revocation_test.go index efb28c739..44079a1f1 100644 --- a/x/pki/handler_update_revocation_test.go +++ b/x/pki/handler_update_revocation_test.go @@ -274,12 +274,12 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAI_NotChainedOnLedger(t * _, err := setup.Handler(setup.Ctx, addPkiRevocationDistributionPoint) require.NoError(t, err) - proposeRevokeRootCert := types.NewMsgProposeRevokeX509RootCert(setup.Trustee1.String(), testconstants.PAACertWithNumericVidSubject, testconstants.PAACertWithNumericVidSubjectKeyID, testconstants.Info) + proposeRevokeRootCert := types.NewMsgProposeRevokeX509RootCert(setup.Trustee1.String(), testconstants.PAACertWithNumericVidSubject, testconstants.PAACertWithNumericVidSubjectKeyID, "", testconstants.Info) _, err = setup.Handler(setup.Ctx, proposeRevokeRootCert) require.NoError(t, err) approveRevokeRootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), testconstants.PAACertWithNumericVidSubject, testconstants.PAACertWithNumericVidSubjectKeyID, testconstants.Info) + setup.Trustee2.String(), testconstants.PAACertWithNumericVidSubject, testconstants.PAACertWithNumericVidSubjectKeyID, "", testconstants.Info) _, err = setup.Handler(setup.Ctx, approveRevokeRootCert) require.NoError(t, err) diff --git a/x/pki/keeper/approved_certificates.go b/x/pki/keeper/approved_certificates.go index 9090bfde0..80e658695 100644 --- a/x/pki/keeper/approved_certificates.go +++ b/x/pki/keeper/approved_certificates.go @@ -41,6 +41,26 @@ func (k Keeper) GetApprovedCertificates( return val, true } +func (k Keeper) GetApprovedCertificateBySerialNumber( + ctx sdk.Context, + subject string, + subjectKeyID string, + serialNumber string, +) (val types.Certificate, found bool) { + certs, found := k.GetApprovedCertificates(ctx, subject, subjectKeyID) + if !found { + return val, false + } + + for _, cert := range certs.Certs { + if cert.SerialNumber == serialNumber { + return *cert, true + } + } + + return val, false +} + // RemoveApprovedCertificates removes a approvedCertificates from the store. func (k Keeper) RemoveApprovedCertificates( ctx sdk.Context, @@ -54,6 +74,26 @@ func (k Keeper) RemoveApprovedCertificates( )) } +func (k Keeper) removeCertFromList(serialNumber string, certs *types.ApprovedCertificates) { + certIndex := -1 + + for i, cert := range certs.Certs { + if cert.SerialNumber == serialNumber { + certIndex = i + + break + } + } + if certIndex == -1 { + return + } + if certIndex == len(certs.Certs)-1 { + certs.Certs = certs.Certs[:certIndex] + } else { + certs.Certs = append(certs.Certs[:certIndex], certs.Certs[certIndex+1:]...) + } +} + // GetAllApprovedCertificates returns all approvedCertificates. func (k Keeper) GetAllApprovedCertificates(ctx sdk.Context) (list []types.ApprovedCertificates) { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesKeyPrefix)) diff --git a/x/pki/keeper/grpc_query_proposed_certificate_revocation.go b/x/pki/keeper/grpc_query_proposed_certificate_revocation.go index 5ccdab20e..f8a2c11e8 100644 --- a/x/pki/keeper/grpc_query_proposed_certificate_revocation.go +++ b/x/pki/keeper/grpc_query_proposed_certificate_revocation.go @@ -50,6 +50,7 @@ func (k Keeper) ProposedCertificateRevocation(c context.Context, req *types.Quer ctx, req.Subject, req.SubjectKeyId, + req.SerialNumber, ) if !found { return nil, status.Error(codes.NotFound, "not found") diff --git a/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go b/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go index 6f757ba61..611879fa2 100644 --- a/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go +++ b/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go @@ -26,7 +26,7 @@ func (k msgServer) ApproveRevokeX509RootCert(goCtx context.Context, msg *types.M } // get proposed certificate revocation - revocation, found := k.GetProposedCertificateRevocation(ctx, msg.Subject, msg.SubjectKeyId) + revocation, found := k.GetProposedCertificateRevocation(ctx, msg.Subject, msg.SubjectKeyId, msg.SerialNumber) if !found { return nil, pkitypes.NewErrProposedCertificateRevocationDoesNotExist(msg.Subject, msg.SubjectKeyId) } @@ -49,38 +49,74 @@ func (k msgServer) ApproveRevokeX509RootCert(goCtx context.Context, msg *types.M revocation.Approvals = append(revocation.Approvals, &grant) // check if proposed certificate revocation has enough approvals - if len(revocation.Approvals) >= k.CertificateApprovalsCount(ctx, k.dclauthKeeper) { + if len(revocation.Approvals) >= k.CertificateApprovalsCount(ctx, k.dclauthKeeper) { //nolint:nestif certificates, found := k.GetApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId) + if !found { + return nil, pkitypes.NewErrCertificateDoesNotExist(msg.Subject, msg.SubjectKeyId) + } + + var certBySerialNumber *types.Certificate // Assign the approvals to the root certificate for _, cert := range certificates.Certs { if cert.IsRoot { cert.Approvals = revocation.Approvals } - } - if !found { - return nil, pkitypes.NewErrCertificateDoesNotExist(msg.Subject, msg.SubjectKeyId) - } - k.AddRevokedCertificates(ctx, certificates) - k.RemoveApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId) - k.RevokeChildCertificates(ctx, msg.Subject, msg.SubjectKeyId) - k.RemoveProposedCertificateRevocation(ctx, msg.Subject, msg.SubjectKeyId) + if msg.SerialNumber != "" && cert.SerialNumber == msg.SerialNumber { + certBySerialNumber = cert - // remove from root certs index, add to revoked root certs + break + } + } certID := types.CertificateIdentifier{ Subject: msg.Subject, SubjectKeyId: msg.SubjectKeyId, } - k.RemoveApprovedRootCertificate(ctx, certID) + k.RemoveProposedCertificateRevocation(ctx, msg.Subject, msg.SubjectKeyId, msg.SerialNumber) k.AddRevokedRootCertificate(ctx, certID) - // remove from subject -> subject key ID map - k.RemoveApprovedCertificateBySubject(ctx, msg.Subject, msg.SubjectKeyId) - - // remove from subject key ID -> certificates map - k.RemoveApprovedCertificatesBySubjectKeyID(ctx, msg.Subject, msg.SubjectKeyId) + if certBySerialNumber != nil { + k._removeAndRevokeBySerialNumber(ctx, certBySerialNumber, certID, certificates) + } else { + k._removeAndRevoke(ctx, certID, certificates) + } } else { k.SetProposedCertificateRevocation(ctx, revocation) } return &types.MsgApproveRevokeX509RootCertResponse{}, nil } + +func (k msgServer) _removeAndRevoke(ctx sdk.Context, certID types.CertificateIdentifier, certificates types.ApprovedCertificates) { + k.AddRevokedCertificates(ctx, certificates) + k.RemoveApprovedCertificates(ctx, certID.Subject, certID.SubjectKeyId) + k.RevokeChildCertificates(ctx, certID.Subject, certID.SubjectKeyId) + + // remove from root certs index, add to revoked root certs + k.RemoveApprovedRootCertificate(ctx, certID) + // remove from subject -> subject key ID map + k.RemoveApprovedCertificateBySubject(ctx, certID.Subject, certID.SubjectKeyId) + // remove from subject key ID -> certificates map + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, certID.Subject, certID.SubjectKeyId) +} +func (k msgServer) _removeAndRevokeBySerialNumber(ctx sdk.Context, cert *types.Certificate, certID types.CertificateIdentifier, certificates types.ApprovedCertificates) { + k.AddRevokedCertificates(ctx, + types.ApprovedCertificates{ + Subject: cert.Subject, + SubjectKeyId: cert.SubjectKeyId, + Certs: []*types.Certificate{cert}, + }) + k.removeCertFromList(cert.SerialNumber, &certificates) + if len(certificates.Certs) == 0 { + k.RemoveApprovedCertificates(ctx, cert.Subject, cert.SubjectKeyId) + k.RevokeChildCertificates(ctx, cert.Subject, cert.SubjectKeyId) + k.RemoveApprovedRootCertificate(ctx, certID) + k.RemoveApprovedCertificateBySubject(ctx, cert.Subject, cert.SubjectKeyId) + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, cert.Subject, cert.SubjectKeyId) + } else { + k.SetApprovedCertificates(ctx, certificates) + k.SetApprovedCertificatesBySubjectKeyID( + ctx, + types.ApprovedCertificatesBySubjectKeyId{SubjectKeyId: cert.SubjectKeyId, Certs: certificates.Certs}, + ) + } +} diff --git a/x/pki/keeper/msg_server_propose_revoke_x_509_root_cert.go b/x/pki/keeper/msg_server_propose_revoke_x_509_root_cert.go index 105b834c5..fad5772ec 100644 --- a/x/pki/keeper/msg_server_propose_revoke_x_509_root_cert.go +++ b/x/pki/keeper/msg_server_propose_revoke_x_509_root_cert.go @@ -27,7 +27,7 @@ func (k msgServer) ProposeRevokeX509RootCert(goCtx context.Context, msg *types.M } // check that proposed certificate revocation does not exist yet - if k.IsProposedCertificateRevocationPresent(ctx, msg.Subject, msg.SubjectKeyId) { + if k.IsProposedCertificateRevocationPresent(ctx, msg.Subject, msg.SubjectKeyId, msg.SerialNumber) { return nil, pkitypes.NewErrProposedCertificateRevocationAlreadyExists(msg.Subject, msg.SubjectKeyId) } @@ -44,6 +44,23 @@ func (k msgServer) ProposeRevokeX509RootCert(goCtx context.Context, msg *types.M "is not a root certificate.", msg.Subject, msg.SubjectKeyId), ) } + // fail if cert with serial number does not exist + if msg.SerialNumber != "" { + found := false + for _, cert := range certificates.Certs { + if cert.SerialNumber == msg.SerialNumber { + found = true + + break + } + } + if !found { + return nil, pkitypes.NewErrInvalidCertificate( + fmt.Sprintf("Invalid Certificate: Certificate with subject=%v, subjectKeyID=%v and serialNumber=%v "+ + "does not exist.", msg.Subject, msg.SubjectKeyId, msg.SerialNumber), + ) + } + } // create new proposed certificate revocation with approval from signer grant := types.Grant{ @@ -54,6 +71,7 @@ func (k msgServer) ProposeRevokeX509RootCert(goCtx context.Context, msg *types.M revocation := types.ProposedCertificateRevocation{ Subject: msg.Subject, SubjectKeyId: msg.SubjectKeyId, + SerialNumber: msg.SerialNumber, Approvals: []*types.Grant{&grant}, } diff --git a/x/pki/keeper/msg_server_revoke_x_509_cert.go b/x/pki/keeper/msg_server_revoke_x_509_cert.go index 7dd41ba40..9e8966264 100644 --- a/x/pki/keeper/msg_server_revoke_x_509_cert.go +++ b/x/pki/keeper/msg_server_revoke_x_509_cert.go @@ -32,25 +32,66 @@ func (k msgServer) RevokeX509Cert(goCtx context.Context, msg *types.MsgRevokeX50 ) } - // Revoke certificates with given subject/subjectKeyID - k.AddRevokedCertificates(ctx, certificates) - k.RemoveApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId) - - // Remove certificate identifier from issuer's ChildCertificates record certIdentifier := types.CertificateIdentifier{ Subject: msg.Subject, SubjectKeyId: msg.SubjectKeyId, } - k.RemoveChildCertificate(ctx, certificates.Certs[0].Issuer, certificates.Certs[0].AuthorityKeyId, certIdentifier) + var certBySerialNumber *types.Certificate - // revoke all child certificates - k.RevokeChildCertificates(ctx, msg.Subject, msg.SubjectKeyId) + if msg.SerialNumber != "" { + for _, cert := range certificates.Certs { + if cert.SerialNumber == msg.SerialNumber { + certBySerialNumber = cert - // remove from subject -> subject key ID map - k.RemoveApprovedCertificateBySubject(ctx, msg.Subject, msg.SubjectKeyId) + break + } + } + } - // remove from subject key ID -> certificates map - k.RemoveApprovedCertificatesBySubjectKeyID(ctx, msg.Subject, msg.SubjectKeyId) + if certBySerialNumber != nil { + k._removeAndRevokeX509CertBySerialNumber(ctx, certBySerialNumber, certIdentifier, certificates) + } else { + k._removeAndRevokeX509Cert(ctx, certIdentifier, certificates) + } return &types.MsgRevokeX509CertResponse{}, nil } + +func (k msgServer) _removeAndRevokeX509Cert(ctx sdk.Context, certID types.CertificateIdentifier, certificates types.ApprovedCertificates) { + // Revoke certificates with given subject/subjectKeyID + k.AddRevokedCertificates(ctx, certificates) + k.RemoveApprovedCertificates(ctx, certID.Subject, certID.SubjectKeyId) + // Remove certificate identifier from issuer's ChildCertificates record + k.RevokeChildCertificates(ctx, certID.Subject, certID.SubjectKeyId) + // Remove certificate identifier from issuer's ChildCertificates record + k.RemoveChildCertificate(ctx, certificates.Certs[0].Issuer, certificates.Certs[0].AuthorityKeyId, certID) + // remove from subject -> subject key ID map + k.RemoveApprovedCertificateBySubject(ctx, certID.Subject, certID.SubjectKeyId) + // remove from subject key ID -> certificates map + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, certID.Subject, certID.SubjectKeyId) +} +func (k msgServer) _removeAndRevokeX509CertBySerialNumber(ctx sdk.Context, cert *types.Certificate, certID types.CertificateIdentifier, certificates types.ApprovedCertificates) { + k.AddRevokedCertificates(ctx, + types.ApprovedCertificates{ + Subject: cert.Subject, + SubjectKeyId: cert.SubjectKeyId, + Certs: []*types.Certificate{cert}, + }) + k.removeCertFromList(cert.SerialNumber, &certificates) + if len(certificates.Certs) == 0 { + k.RemoveApprovedCertificates(ctx, cert.Subject, cert.SubjectKeyId) + // Remove certificate identifier from issuer's ChildCertificates record + k.RevokeChildCertificates(ctx, cert.Subject, cert.SubjectKeyId) + // Remove certificate identifier from issuer's ChildCertificates record + k.RemoveChildCertificate(ctx, certificates.Certs[0].Issuer, certificates.Certs[0].AuthorityKeyId, certID) + + k.RemoveApprovedCertificateBySubject(ctx, cert.Subject, cert.SubjectKeyId) + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, cert.Subject, cert.SubjectKeyId) + } else { + k.SetApprovedCertificates(ctx, certificates) + k.SetApprovedCertificatesBySubjectKeyID( + ctx, + types.ApprovedCertificatesBySubjectKeyId{SubjectKeyId: cert.SubjectKeyId, Certs: certificates.Certs}, + ) + } +} diff --git a/x/pki/keeper/proposed_certificate_revocation.go b/x/pki/keeper/proposed_certificate_revocation.go index f357d0771..0bb292d15 100644 --- a/x/pki/keeper/proposed_certificate_revocation.go +++ b/x/pki/keeper/proposed_certificate_revocation.go @@ -14,6 +14,7 @@ func (k Keeper) SetProposedCertificateRevocation(ctx sdk.Context, proposedCertif store.Set(types.ProposedCertificateRevocationKey( proposedCertificateRevocation.Subject, proposedCertificateRevocation.SubjectKeyId, + proposedCertificateRevocation.SerialNumber, ), b) } @@ -22,12 +23,14 @@ func (k Keeper) GetProposedCertificateRevocation( ctx sdk.Context, subject string, subjectKeyID string, + serialNumber string, ) (val types.ProposedCertificateRevocation, found bool) { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ProposedCertificateRevocationKeyPrefix)) b := store.Get(types.ProposedCertificateRevocationKey( subject, subjectKeyID, + serialNumber, )) if b == nil { return val, false @@ -43,11 +46,13 @@ func (k Keeper) RemoveProposedCertificateRevocation( ctx sdk.Context, subject string, subjectKeyID string, + serialNumber string, ) { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ProposedCertificateRevocationKeyPrefix)) store.Delete(types.ProposedCertificateRevocationKey( subject, subjectKeyID, + serialNumber, )) } @@ -73,11 +78,13 @@ func (k Keeper) IsProposedCertificateRevocationPresent( ctx sdk.Context, subject string, subjectKeyID string, + serialNumber string, ) bool { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ProposedCertificateRevocationKeyPrefix)) return store.Has(types.ProposedCertificateRevocationKey( subject, subjectKeyID, + serialNumber, )) } diff --git a/x/pki/keeper/proposed_certificate_revocation_test.go b/x/pki/keeper/proposed_certificate_revocation_test.go index d0943db2f..1e66c2168 100644 --- a/x/pki/keeper/proposed_certificate_revocation_test.go +++ b/x/pki/keeper/proposed_certificate_revocation_test.go @@ -34,6 +34,7 @@ func TestProposedCertificateRevocationGet(t *testing.T) { rst, found := keeper.GetProposedCertificateRevocation(ctx, item.Subject, item.SubjectKeyId, + item.SerialNumber, ) require.True(t, found) require.Equal(t, @@ -50,10 +51,12 @@ func TestProposedCertificateRevocationRemove(t *testing.T) { keeper.RemoveProposedCertificateRevocation(ctx, item.Subject, item.SubjectKeyId, + item.SerialNumber, ) _, found := keeper.GetProposedCertificateRevocation(ctx, item.Subject, item.SubjectKeyId, + item.SerialNumber, ) require.False(t, found) } diff --git a/x/pki/types/genesis.go b/x/pki/types/genesis.go index 5284cce0c..91a526e94 100644 --- a/x/pki/types/genesis.go +++ b/x/pki/types/genesis.go @@ -66,7 +66,7 @@ func (gs GenesisState) Validate() error { proposedCertificateRevocationIndexMap := make(map[string]struct{}) for _, elem := range gs.ProposedCertificateRevocationList { - index := string(ProposedCertificateRevocationKey(elem.Subject, elem.SubjectKeyId)) + index := string(ProposedCertificateRevocationKey(elem.Subject, elem.SubjectKeyId, elem.SerialNumber)) if _, ok := proposedCertificateRevocationIndexMap[index]; ok { return fmt.Errorf("duplicated index for proposedCertificateRevocation") } diff --git a/x/pki/types/key_proposed_certificate_revocation.go b/x/pki/types/key_proposed_certificate_revocation.go index 5f478b2d5..4c4879f2c 100644 --- a/x/pki/types/key_proposed_certificate_revocation.go +++ b/x/pki/types/key_proposed_certificate_revocation.go @@ -13,6 +13,7 @@ const ( func ProposedCertificateRevocationKey( subject string, subjectKeyID string, + serialNumber string, ) []byte { var key []byte @@ -24,5 +25,11 @@ func ProposedCertificateRevocationKey( key = append(key, subjectKeyIDBytes...) key = append(key, []byte("/")...) + if serialNumber != "" { + serialNumberBytes := []byte(serialNumber) + key = append(key, serialNumberBytes...) + key = append(key, []byte("/")...) + } + return key } diff --git a/x/pki/types/message_approve_revoke_x_509_root_cert.go b/x/pki/types/message_approve_revoke_x_509_root_cert.go index aeaa07c36..569aa2c8f 100644 --- a/x/pki/types/message_approve_revoke_x_509_root_cert.go +++ b/x/pki/types/message_approve_revoke_x_509_root_cert.go @@ -13,12 +13,13 @@ const TypeMsgApproveRevokeX509RootCert = "approve_revoke_x_509_root_cert" var _ sdk.Msg = &MsgApproveRevokeX509RootCert{} -func NewMsgApproveRevokeX509RootCert(signer string, subject string, subjectKeyID string, info string) *MsgApproveRevokeX509RootCert { +func NewMsgApproveRevokeX509RootCert(signer string, subject string, subjectKeyID string, serialNumber string, info string) *MsgApproveRevokeX509RootCert { return &MsgApproveRevokeX509RootCert{ Signer: signer, Subject: subject, SubjectKeyId: subjectKeyID, Info: info, + SerialNumber: serialNumber, Time: time.Now().Unix(), } } diff --git a/x/pki/types/message_propose_revoke_x_509_root_cert.go b/x/pki/types/message_propose_revoke_x_509_root_cert.go index dec750f7b..54987fffd 100644 --- a/x/pki/types/message_propose_revoke_x_509_root_cert.go +++ b/x/pki/types/message_propose_revoke_x_509_root_cert.go @@ -13,11 +13,12 @@ const TypeMsgProposeRevokeX509RootCert = "propose_revoke_x_509_root_cert" var _ sdk.Msg = &MsgProposeRevokeX509RootCert{} -func NewMsgProposeRevokeX509RootCert(signer string, subject string, subjectKeyID string, info string) *MsgProposeRevokeX509RootCert { +func NewMsgProposeRevokeX509RootCert(signer string, subject string, subjectKeyID string, serialNumber, info string) *MsgProposeRevokeX509RootCert { return &MsgProposeRevokeX509RootCert{ Signer: signer, Subject: subject, SubjectKeyId: subjectKeyID, + SerialNumber: serialNumber, Info: info, Time: time.Now().Unix(), } diff --git a/x/pki/types/message_revoke_x_509_cert.go b/x/pki/types/message_revoke_x_509_cert.go index 5c28cad8a..9c05a58c1 100644 --- a/x/pki/types/message_revoke_x_509_cert.go +++ b/x/pki/types/message_revoke_x_509_cert.go @@ -13,11 +13,12 @@ const TypeMsgRevokeX509Cert = "revoke_x_509_cert" var _ sdk.Msg = &MsgRevokeX509Cert{} -func NewMsgRevokeX509Cert(signer string, subject string, subjectKeyID string, info string) *MsgRevokeX509Cert { +func NewMsgRevokeX509Cert(signer string, subject string, subjectKeyID string, serialNumber string, info string) *MsgRevokeX509Cert { return &MsgRevokeX509Cert{ Signer: signer, Subject: subject, SubjectKeyId: subjectKeyID, + SerialNumber: serialNumber, Info: info, Time: time.Now().Unix(), } diff --git a/x/pki/types/proposed_certificate_revocation.pb.go b/x/pki/types/proposed_certificate_revocation.pb.go index 5028764d0..2b7be48c5 100644 --- a/x/pki/types/proposed_certificate_revocation.pb.go +++ b/x/pki/types/proposed_certificate_revocation.pb.go @@ -27,6 +27,7 @@ type ProposedCertificateRevocation struct { SubjectKeyId string `protobuf:"bytes,2,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty"` Approvals []*Grant `protobuf:"bytes,3,rep,name=approvals,proto3" json:"approvals,omitempty"` SubjectAsText string `protobuf:"bytes,4,opt,name=subjectAsText,proto3" json:"subjectAsText,omitempty"` + SerialNumber string `protobuf:"bytes,5,opt,name=serialNumber,proto3" json:"serialNumber,omitempty"` } func (m *ProposedCertificateRevocation) Reset() { *m = ProposedCertificateRevocation{} } @@ -90,6 +91,13 @@ func (m *ProposedCertificateRevocation) GetSubjectAsText() string { return "" } +func (m *ProposedCertificateRevocation) GetSerialNumber() string { + if m != nil { + return m.SerialNumber + } + return "" +} + func init() { proto.RegisterType((*ProposedCertificateRevocation)(nil), "zigbeealliance.distributedcomplianceledger.pki.ProposedCertificateRevocation") } @@ -99,26 +107,27 @@ func init() { } var fileDescriptor_24b0dc6e71a9ad57 = []byte{ - // 290 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x90, 0x4d, 0x4b, 0xc3, 0x30, - 0x1c, 0xc6, 0x1b, 0x27, 0xca, 0xa2, 0x22, 0xf4, 0x54, 0x04, 0xc3, 0x18, 0x1e, 0xe6, 0xa1, 0x29, - 0x28, 0x7e, 0x00, 0x5f, 0x40, 0xc4, 0x8b, 0x54, 0x4f, 0x1e, 0x1c, 0x69, 0xfa, 0xb7, 0xc6, 0x75, - 0x4d, 0x48, 0xd2, 0xb1, 0xf9, 0x29, 0xfc, 0x58, 0x1e, 0x77, 0xdc, 0x51, 0xda, 0x2f, 0x22, 0x7d, - 0x99, 0x75, 0x47, 0x6f, 0xc9, 0xf3, 0x87, 0xe7, 0xf7, 0xe3, 0xc1, 0xa7, 0x6a, 0x22, 0x02, 0xa5, - 0xa5, 0x92, 0x06, 0xe2, 0x31, 0x07, 0x6d, 0xc5, 0xab, 0xe0, 0xcc, 0xc2, 0x58, 0xc3, 0x4c, 0x72, - 0x66, 0x85, 0xcc, 0xa8, 0xd2, 0xd2, 0x4a, 0x97, 0x7e, 0x88, 0x24, 0x02, 0x60, 0x69, 0x2a, 0x58, - 0xc6, 0x81, 0xc6, 0xc2, 0x58, 0x2d, 0xa2, 0xdc, 0x42, 0xcc, 0xe5, 0x54, 0x35, 0x69, 0x0a, 0x71, - 0x02, 0x9a, 0xaa, 0x89, 0x38, 0x3a, 0xac, 0xaa, 0x13, 0xcd, 0x32, 0xdb, 0x14, 0x0c, 0x57, 0x08, - 0x1f, 0x3f, 0xb4, 0xa8, 0xeb, 0x8e, 0x14, 0xfe, 0x82, 0x5c, 0x0f, 0xef, 0x9a, 0x3c, 0x7a, 0x07, - 0x6e, 0x3d, 0x34, 0x40, 0xa3, 0x7e, 0xb8, 0xfe, 0xba, 0x43, 0xbc, 0xdf, 0x3e, 0xef, 0x61, 0x71, - 0x17, 0x7b, 0x5b, 0xf5, 0x79, 0x23, 0x73, 0x1f, 0x71, 0x9f, 0x29, 0xa5, 0xe5, 0x8c, 0xa5, 0xc6, - 0xeb, 0x0d, 0x7a, 0xa3, 0xbd, 0xb3, 0x8b, 0x7f, 0x4a, 0xd3, 0xdb, 0xca, 0x37, 0xec, 0x7a, 0xdc, - 0x13, 0x7c, 0xd0, 0x42, 0x2e, 0xcd, 0x13, 0xcc, 0xad, 0xb7, 0x5d, 0x93, 0x37, 0xc3, 0xab, 0x97, - 0xaf, 0x82, 0xa0, 0x65, 0x41, 0xd0, 0x77, 0x41, 0xd0, 0x67, 0x49, 0x9c, 0x65, 0x49, 0x9c, 0x55, - 0x49, 0x9c, 0xe7, 0x9b, 0x44, 0xd8, 0xb7, 0x3c, 0xa2, 0x5c, 0x4e, 0x83, 0xc6, 0xc5, 0x5f, 0xcb, - 0x04, 0x7f, 0x64, 0xfc, 0xce, 0xc6, 0x6f, 0x74, 0x82, 0x79, 0x50, 0x0d, 0x68, 0x17, 0x0a, 0x4c, - 0xb4, 0x53, 0x2f, 0x78, 0xfe, 0x13, 0x00, 0x00, 0xff, 0xff, 0x43, 0x2d, 0x6b, 0x9b, 0xaf, 0x01, - 0x00, 0x00, + // 308 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x90, 0xcd, 0x4a, 0x33, 0x31, + 0x18, 0x85, 0x9b, 0xaf, 0x9f, 0x4a, 0xa3, 0x22, 0xcc, 0x2a, 0x08, 0x86, 0x52, 0x5c, 0xd4, 0x45, + 0x33, 0xa0, 0x78, 0x01, 0xfe, 0x80, 0x88, 0x20, 0x52, 0x5d, 0xb9, 0xb0, 0x24, 0x99, 0xd7, 0x31, + 0x76, 0xda, 0x84, 0x24, 0x53, 0x5a, 0xaf, 0xc2, 0xcb, 0x72, 0xd9, 0xa5, 0x4b, 0xe9, 0xdc, 0x86, + 0x0b, 0x99, 0x9f, 0x3a, 0xed, 0xd2, 0x5d, 0x72, 0x5e, 0x38, 0xcf, 0xc3, 0xc1, 0x47, 0x66, 0xa8, + 0x42, 0x63, 0xb5, 0xd1, 0x0e, 0xa2, 0x81, 0x04, 0xeb, 0xd5, 0xb3, 0x92, 0xdc, 0xc3, 0xc0, 0xc2, + 0x44, 0x4b, 0xee, 0x95, 0x1e, 0x33, 0x63, 0xb5, 0xd7, 0x01, 0x7b, 0x53, 0xb1, 0x00, 0xe0, 0x49, + 0xa2, 0xf8, 0x58, 0x02, 0x8b, 0x94, 0xf3, 0x56, 0x89, 0xd4, 0x43, 0x24, 0xf5, 0xc8, 0x94, 0x69, + 0x02, 0x51, 0x0c, 0x96, 0x99, 0xa1, 0xda, 0xdf, 0xcb, 0xab, 0x63, 0xcb, 0xc7, 0xbe, 0x2c, 0xe8, + 0x7c, 0x23, 0x7c, 0x70, 0x57, 0xa1, 0x2e, 0x6a, 0x52, 0xff, 0x17, 0x14, 0x10, 0xbc, 0xe5, 0x52, + 0xf1, 0x0a, 0xd2, 0x13, 0xd4, 0x46, 0xdd, 0x56, 0x7f, 0xf9, 0x0d, 0x3a, 0x78, 0xa7, 0x7a, 0xde, + 0xc0, 0xec, 0x3a, 0x22, 0xff, 0x8a, 0xf3, 0x5a, 0x16, 0xdc, 0xe3, 0x16, 0x37, 0xc6, 0xea, 0x09, + 0x4f, 0x1c, 0x69, 0xb6, 0x9b, 0xdd, 0xed, 0xe3, 0xd3, 0x3f, 0x4a, 0xb3, 0xab, 0xdc, 0xb7, 0x5f, + 0xf7, 0x04, 0x87, 0x78, 0xb7, 0x82, 0x9c, 0xb9, 0x07, 0x98, 0x7a, 0xf2, 0xbf, 0x20, 0xaf, 0x87, + 0x85, 0x1e, 0x58, 0xc5, 0x93, 0xdb, 0x74, 0x24, 0xc0, 0x92, 0x8d, 0x4a, 0x6f, 0x25, 0x3b, 0x7f, + 0xfa, 0x58, 0x50, 0x34, 0x5f, 0x50, 0xf4, 0xb5, 0xa0, 0xe8, 0x3d, 0xa3, 0x8d, 0x79, 0x46, 0x1b, + 0x9f, 0x19, 0x6d, 0x3c, 0x5e, 0xc6, 0xca, 0xbf, 0xa4, 0x82, 0x49, 0x3d, 0x0a, 0x4b, 0xdf, 0xde, + 0x52, 0x38, 0x5c, 0x11, 0xee, 0xd5, 0xc6, 0xbd, 0x52, 0x39, 0x9c, 0x86, 0xf9, 0xc8, 0x7e, 0x66, + 0xc0, 0x89, 0xcd, 0x62, 0xe5, 0x93, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xfb, 0x89, 0xcd, 0xdd, + 0xd3, 0x01, 0x00, 0x00, } func (m *ProposedCertificateRevocation) Marshal() (dAtA []byte, err error) { @@ -141,6 +150,13 @@ func (m *ProposedCertificateRevocation) MarshalToSizedBuffer(dAtA []byte) (int, _ = i var l int _ = l + if len(m.SerialNumber) > 0 { + i -= len(m.SerialNumber) + copy(dAtA[i:], m.SerialNumber) + i = encodeVarintProposedCertificateRevocation(dAtA, i, uint64(len(m.SerialNumber))) + i-- + dAtA[i] = 0x2a + } if len(m.SubjectAsText) > 0 { i -= len(m.SubjectAsText) copy(dAtA[i:], m.SubjectAsText) @@ -214,6 +230,10 @@ func (m *ProposedCertificateRevocation) Size() (n int) { if l > 0 { n += 1 + l + sovProposedCertificateRevocation(uint64(l)) } + l = len(m.SerialNumber) + if l > 0 { + n += 1 + l + sovProposedCertificateRevocation(uint64(l)) + } return n } @@ -382,6 +402,38 @@ func (m *ProposedCertificateRevocation) Unmarshal(dAtA []byte) error { } m.SubjectAsText = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SerialNumber", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProposedCertificateRevocation + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProposedCertificateRevocation + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthProposedCertificateRevocation + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SerialNumber = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipProposedCertificateRevocation(dAtA[iNdEx:]) diff --git a/x/pki/types/query.pb.go b/x/pki/types/query.pb.go index 09c416583..eb9a997f5 100644 --- a/x/pki/types/query.pb.go +++ b/x/pki/types/query.pb.go @@ -522,6 +522,7 @@ func (m *QueryGetChildCertificatesResponse) GetChildCertificates() ChildCertific type QueryGetProposedCertificateRevocationRequest struct { Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"` SubjectKeyId string `protobuf:"bytes,2,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty"` + SerialNumber string `protobuf:"bytes,3,opt,name=serialNumber,proto3" json:"serialNumber,omitempty"` } func (m *QueryGetProposedCertificateRevocationRequest) Reset() { @@ -575,6 +576,13 @@ func (m *QueryGetProposedCertificateRevocationRequest) GetSubjectKeyId() string return "" } +func (m *QueryGetProposedCertificateRevocationRequest) GetSerialNumber() string { + if m != nil { + return m.SerialNumber + } + return "" +} + type QueryGetProposedCertificateRevocationResponse struct { ProposedCertificateRevocation ProposedCertificateRevocation `protobuf:"bytes,1,opt,name=proposedCertificateRevocation,proto3" json:"proposedCertificateRevocation"` } @@ -1727,110 +1735,111 @@ func init() { func init() { proto.RegisterFile("pki/query.proto", fileDescriptor_62972e0134af9ed2) } var fileDescriptor_62972e0134af9ed2 = []byte{ - // 1646 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x5a, 0xcf, 0x6f, 0xdc, 0xc4, - 0x17, 0xcf, 0x78, 0xbf, 0xed, 0x57, 0xdf, 0xf9, 0x22, 0xa0, 0xd3, 0xd0, 0x84, 0x55, 0xb3, 0x49, - 0xa7, 0x25, 0xfd, 0x45, 0xd6, 0xa4, 0x15, 0x2d, 0x1c, 0x4a, 0x95, 0x1f, 0xa5, 0x2d, 0x08, 0x94, - 0x6e, 0x10, 0x45, 0xa8, 0x74, 0xe5, 0xf5, 0x9a, 0xad, 0x89, 0xb3, 0xe3, 0xda, 0xde, 0xc0, 0x12, - 0x2d, 0x12, 0x48, 0x50, 0x89, 0x13, 0xbf, 0x0e, 0x80, 0x38, 0x51, 0xa9, 0xe2, 0xce, 0x81, 0x7f, - 0xa1, 0x12, 0x07, 0x2a, 0x71, 0x00, 0x09, 0x09, 0xa1, 0x86, 0x03, 0xa8, 0x48, 0xc0, 0x05, 0xc4, - 0x05, 0x90, 0xc7, 0xcf, 0xb1, 0x77, 0x3d, 0xf6, 0x7a, 0x1d, 0x6f, 0x7b, 0xb3, 0x3d, 0xe3, 0xf7, - 0xe6, 0xf3, 0x79, 0x6f, 0xde, 0x3c, 0x7f, 0x76, 0xf1, 0x3d, 0xe6, 0x8a, 0x2e, 0x5f, 0x6e, 0x69, - 0x56, 0xbb, 0x6c, 0x5a, 0xcc, 0x61, 0xa4, 0xfc, 0xaa, 0xde, 0xa8, 0x69, 0x9a, 0x62, 0x18, 0xba, - 0xd2, 0x54, 0xb5, 0x72, 0x5d, 0xb7, 0x1d, 0x4b, 0xaf, 0xb5, 0x1c, 0xad, 0xae, 0xb2, 0x55, 0xd3, - 0x7b, 0x6a, 0x68, 0xf5, 0x86, 0x66, 0x95, 0xcd, 0x15, 0xbd, 0xb8, 0xbb, 0xc1, 0x58, 0xc3, 0xd0, - 0x64, 0xc5, 0xd4, 0x65, 0xa5, 0xd9, 0x64, 0x8e, 0xe2, 0xe8, 0xac, 0x69, 0x7b, 0xd6, 0x8a, 0x87, - 0x54, 0x66, 0xaf, 0x32, 0x5b, 0xae, 0x29, 0xb6, 0xe6, 0xb9, 0x91, 0xd7, 0x66, 0x6b, 0x9a, 0xa3, - 0xcc, 0xca, 0xa6, 0xd2, 0xd0, 0x9b, 0x7c, 0x32, 0xcc, 0x9d, 0x74, 0x97, 0xa2, 0x98, 0xa6, 0xc5, - 0xd6, 0xb4, 0x7a, 0x55, 0xd5, 0x2c, 0x47, 0x7f, 0x51, 0x57, 0x15, 0x47, 0xf3, 0x8d, 0x95, 0xdc, - 0x09, 0xa6, 0xc5, 0x4c, 0x66, 0x77, 0x4f, 0x80, 0xf1, 0xdd, 0xee, 0xb8, 0x7a, 0x49, 0x37, 0x84, - 0x6f, 0x1f, 0x8c, 0x7b, 0xbb, 0x6a, 0x69, 0x6b, 0x4c, 0x0d, 0xaf, 0x84, 0x3b, 0x72, 0x9f, 0xae, - 0x88, 0x17, 0xb2, 0xaf, 0x6b, 0xa5, 0x16, 0x63, 0x8e, 0x68, 0xd6, 0xde, 0xb0, 0x95, 0xb8, 0x49, - 0x87, 0x62, 0x41, 0x57, 0x6b, 0xed, 0xaa, 0xdd, 0xaa, 0xbd, 0xa4, 0xa9, 0x4e, 0xf7, 0xb2, 0xdc, - 0x27, 0x42, 0xfc, 0x87, 0x39, 0xc2, 0x15, 0x3d, 0x04, 0xa8, 0xba, 0x19, 0x3e, 0xf7, 0xc6, 0x64, - 0x7a, 0xd3, 0x37, 0x76, 0x2a, 0xd5, 0x64, 0xbe, 0x0a, 0xdd, 0xb6, 0x5b, 0x9a, 0xe5, 0x2f, 0xa6, - 0xba, 0xa2, 0xb5, 0xab, 0x7a, 0x1d, 0xcc, 0x8c, 0x36, 0x58, 0x83, 0xf1, 0x4b, 0xd9, 0xbd, 0x82, - 0xa7, 0xf7, 0x7b, 0x61, 0xaf, 0x7a, 0x03, 0xde, 0x8d, 0x37, 0x44, 0x55, 0xbc, 0xf7, 0x9c, 0x9b, - 0x07, 0xa7, 0x35, 0x67, 0x0e, 0x60, 0x2f, 0x84, 0x50, 0x57, 0xb4, 0xcb, 0x2d, 0xcd, 0x76, 0xc8, - 0x38, 0xfe, 0x2f, 0xf8, 0x1b, 0x47, 0x53, 0xe8, 0xc0, 0xff, 0x2a, 0xfe, 0x2d, 0xa1, 0xf8, 0x2e, - 0xb8, 0x7c, 0x52, 0x6b, 0x9f, 0xad, 0x8f, 0x4b, 0x7c, 0xb8, 0xeb, 0x19, 0xbd, 0x86, 0xf0, 0xbe, - 0x64, 0x2f, 0xb6, 0xc9, 0x9a, 0xb6, 0x46, 0x5e, 0xc3, 0xa3, 0x8a, 0x60, 0x9c, 0xfb, 0xfc, 0xff, - 0x91, 0xc5, 0x01, 0x37, 0x43, 0x59, 0xe4, 0x6b, 0xfe, 0x3f, 0xd7, 0xbf, 0x9f, 0x1c, 0xa9, 0x08, - 0xfd, 0xd0, 0x77, 0x11, 0xd0, 0x31, 0x67, 0x18, 0x49, 0x74, 0x3c, 0x8e, 0x71, 0xb0, 0x5f, 0x60, - 0x75, 0xd3, 0x65, 0x20, 0xd6, 0xdd, 0x5c, 0x65, 0x6f, 0x0f, 0xc3, 0xe6, 0x2a, 0x2f, 0x29, 0x0d, - 0x0d, 0xde, 0xad, 0x84, 0xde, 0x4c, 0x45, 0xde, 0xaf, 0x3e, 0x79, 0xb1, 0x6b, 0xea, 0x4b, 0x5e, - 0xe1, 0x76, 0x90, 0x47, 0x4e, 0x77, 0x91, 0x22, 0x71, 0x52, 0xf6, 0xf7, 0x25, 0xc5, 0x5b, 0x7c, - 0x98, 0x15, 0x5a, 0xc3, 0xd4, 0xcf, 0x96, 0x25, 0x28, 0x10, 0x21, 0x47, 0xf9, 0xa4, 0xe4, 0xa7, - 0x28, 0x48, 0x7c, 0xa1, 0x13, 0x20, 0x75, 0x1d, 0xef, 0x34, 0xa3, 0xc3, 0x10, 0xf2, 0x85, 0x41, - 0x39, 0x15, 0x78, 0x02, 0x4a, 0x45, 0x5e, 0xa8, 0x01, 0x44, 0xcc, 0x19, 0x46, 0x02, 0x11, 0x39, - 0x25, 0x23, 0xbd, 0x15, 0x4a, 0xfe, 0x4c, 0x94, 0x14, 0x86, 0x4f, 0x49, 0x9e, 0x49, 0x36, 0xe5, - 0xc7, 0x7f, 0xc1, 0x3d, 0xa3, 0x44, 0xdb, 0x7c, 0x17, 0xde, 0xee, 0x15, 0x5b, 0xc8, 0x30, 0xb8, - 0x23, 0xd3, 0xf8, 0x6e, 0xa5, 0xe5, 0x5c, 0x62, 0x96, 0xee, 0xb4, 0xc3, 0x29, 0xd6, 0xf3, 0x94, - 0x7e, 0x8c, 0xf0, 0x9e, 0x04, 0x27, 0xc0, 0x67, 0x0b, 0xef, 0x50, 0x7b, 0x07, 0x21, 0x8c, 0x73, - 0x83, 0xb2, 0x19, 0xf1, 0x02, 0x5c, 0x46, 0x3d, 0x50, 0x03, 0x3f, 0x98, 0xb8, 0x01, 0xfc, 0x63, - 0x28, 0x9f, 0xfd, 0xf6, 0x25, 0xc2, 0x33, 0x29, 0xdd, 0x01, 0x2d, 0x1f, 0x21, 0x3c, 0x61, 0x26, - 0xcd, 0x04, 0x8e, 0x9e, 0xca, 0x21, 0xe3, 0x02, 0xa3, 0xc0, 0x57, 0xb2, 0x67, 0xba, 0x06, 0xdc, - 0xc5, 0xed, 0x94, 0x5e, 0xee, 0xf2, 0xda, 0xa2, 0x1f, 0x48, 0xc0, 0x62, 0x7f, 0xc7, 0x03, 0xb0, - 0x58, 0xb8, 0x33, 0x2c, 0x0e, 0xe5, 0xc0, 0xa8, 0x78, 0x0d, 0x5e, 0xfe, 0x3d, 0x4c, 0xf8, 0xc0, - 0x10, 0x3a, 0x09, 0xaa, 0xa3, 0x15, 0x1d, 0xce, 0x7a, 0x60, 0x08, 0x3c, 0xf9, 0xd5, 0x51, 0xe0, - 0x25, 0x7c, 0x60, 0x24, 0x10, 0x31, 0x8c, 0x03, 0x23, 0x13, 0x25, 0x85, 0xe1, 0x53, 0x92, 0x5f, - 0x92, 0x1d, 0xc4, 0xfb, 0x7b, 0x7b, 0xd8, 0x0a, 0x63, 0x8e, 0x80, 0x60, 0xfa, 0x05, 0xc2, 0x07, - 0xfa, 0xcf, 0x05, 0x76, 0xde, 0x46, 0x78, 0x5c, 0x89, 0x99, 0x04, 0xc1, 0x39, 0x93, 0xb5, 0x77, - 0xeb, 0xb5, 0x07, 0x44, 0xc5, 0xfa, 0xa3, 0x07, 0xf0, 0x74, 0x4f, 0x92, 0xc7, 0x61, 0xfc, 0x1c, - 0x05, 0x7c, 0xc4, 0x4e, 0x05, 0x88, 0x57, 0x10, 0x1e, 0xb3, 0xc4, 0x73, 0x00, 0xe1, 0xe9, 0x8c, - 0x59, 0x10, 0x03, 0x30, 0xce, 0x1b, 0x3d, 0x13, 0x1c, 0x7a, 0xc2, 0xfe, 0xb6, 0xbd, 0xec, 0xed, - 0xf9, 0xbe, 0x35, 0xa3, 0xeb, 0x40, 0xeb, 0x63, 0x2a, 0x54, 0x8a, 0x95, 0xa4, 0x99, 0x59, 0x0f, - 0xb4, 0x44, 0xf7, 0x7e, 0x29, 0x4e, 0xf4, 0x1c, 0xfe, 0x0c, 0xac, 0xc0, 0x17, 0x6d, 0xfe, 0x25, - 0xf4, 0x6a, 0xe8, 0x33, 0x50, 0xec, 0x25, 0x5c, 0x30, 0x22, 0xe3, 0xd9, 0x6b, 0x68, 0xc4, 0x54, - 0x50, 0x30, 0x22, 0x43, 0x74, 0x35, 0x5c, 0xd4, 0xe2, 0xa9, 0xc8, 0xab, 0x88, 0xfe, 0x12, 0xfa, - 0xbc, 0xcb, 0x46, 0x4a, 0x61, 0xf8, 0xa4, 0xe4, 0x57, 0x45, 0xaf, 0x84, 0xfb, 0xc0, 0x15, 0x3d, - 0xe8, 0x06, 0x16, 0x43, 0x62, 0xc7, 0x12, 0xd3, 0x9b, 0x9b, 0x5b, 0xf0, 0x5e, 0x5c, 0x58, 0xd3, - 0xeb, 0x9c, 0xe1, 0x6d, 0x15, 0xf7, 0x92, 0x8c, 0xe2, 0x6d, 0x86, 0x52, 0xd3, 0x0c, 0x48, 0x32, - 0xef, 0x86, 0x94, 0x31, 0xf1, 0xda, 0xf3, 0xe5, 0x20, 0xe7, 0x16, 0xc7, 0x0b, 0x7c, 0x8a, 0x60, - 0x84, 0x7e, 0x85, 0x70, 0x39, 0xed, 0x4a, 0x20, 0x04, 0x9f, 0x20, 0x5c, 0x4a, 0x9e, 0x0a, 0x89, - 0xf0, 0xf4, 0xc0, 0xdd, 0x54, 0xa2, 0x55, 0x88, 0x4c, 0x1f, 0xdf, 0xf4, 0xe5, 0x50, 0x73, 0x98, - 0x8a, 0xda, 0xbc, 0x72, 0xf8, 0x43, 0x09, 0xa8, 0x4c, 0xe1, 0x79, 0x10, 0x2a, 0x0b, 0x77, 0x8a, - 0xca, 0xfc, 0xf2, 0xdd, 0xc1, 0xf3, 0xe9, 0x92, 0xcc, 0x9e, 0x6f, 0x9f, 0x8d, 0x24, 0xa9, 0x1f, - 0x28, 0x71, 0x6e, 0xa3, 0xd8, 0xdc, 0xbe, 0x2a, 0xe1, 0x85, 0x2d, 0xb9, 0x85, 0x28, 0x7d, 0x87, - 0xf0, 0x51, 0x73, 0xf0, 0xf7, 0x21, 0x95, 0xd4, 0x7c, 0x43, 0x27, 0x74, 0x05, 0xf1, 0xcc, 0xb2, - 0xca, 0x23, 0xbf, 0x51, 0xbc, 0x8d, 0xb3, 0x44, 0xfe, 0x42, 0x78, 0x54, 0x74, 0x8a, 0x92, 0xe5, - 0x41, 0x21, 0xa4, 0x10, 0x53, 0x8b, 0xcf, 0xe4, 0x6b, 0xd4, 0x8b, 0x15, 0x3d, 0xf6, 0xc6, 0xd7, - 0x3f, 0xbe, 0x2f, 0x3d, 0x44, 0xca, 0x72, 0x5d, 0x35, 0x64, 0xae, 0xbd, 0x87, 0xa6, 0xc9, 0xeb, - 0x70, 0x14, 0x77, 0x36, 0xaf, 0xf8, 0xa1, 0xdc, 0x21, 0x1b, 0x08, 0x8f, 0x89, 0x0c, 0xcf, 0x19, - 0x46, 0x46, 0xf8, 0xc9, 0xe2, 0x69, 0x46, 0xf8, 0x7d, 0xd4, 0x4f, 0x3a, 0xc1, 0xe1, 0x8f, 0x91, - 0xfb, 0x84, 0xf0, 0xc9, 0x3f, 0x08, 0xef, 0x14, 0x7c, 0xb2, 0x92, 0x4a, 0xd6, 0x58, 0xc4, 0x0b, - 0x72, 0xc5, 0xe5, 0x5c, 0x6d, 0x02, 0xbe, 0x93, 0x1c, 0xdf, 0xa3, 0xe4, 0xf8, 0x26, 0x3e, 0xff, - 0xe3, 0x7a, 0x26, 0x5d, 0x9c, 0x7f, 0x46, 0x78, 0x97, 0xc0, 0x81, 0x1b, 0xe6, 0x4a, 0xd6, 0x88, - 0xe4, 0x4e, 0x42, 0xb2, 0xf4, 0x48, 0xa7, 0x39, 0x09, 0x53, 0xa4, 0x94, 0x4c, 0x02, 0xf9, 0x13, - 0xe1, 0x1d, 0x11, 0x29, 0x8c, 0x2c, 0x65, 0x8d, 0x4b, 0x9c, 0x40, 0x58, 0x3c, 0x97, 0xa3, 0x45, - 0x80, 0x78, 0x82, 0x43, 0x3c, 0x4e, 0x1e, 0x0e, 0xf2, 0xd8, 0x9d, 0xdb, 0x13, 0x64, 0xaf, 0xe6, - 0x77, 0xe4, 0xf5, 0x6e, 0xc5, 0xb1, 0x43, 0x3e, 0x93, 0xf0, 0x44, 0xa2, 0x34, 0x43, 0x2e, 0xe4, - 0x9a, 0x9d, 0x3d, 0x4a, 0x57, 0xf1, 0x85, 0x21, 0x59, 0x07, 0x76, 0x9e, 0xe0, 0xec, 0x2c, 0x92, - 0xf9, 0x68, 0x02, 0x04, 0x3f, 0x9c, 0xa5, 0xdc, 0x10, 0xef, 0x49, 0x78, 0x2a, 0xd1, 0xab, 0xbb, - 0x35, 0x2e, 0xe4, 0x9a, 0xc6, 0xf9, 0xb0, 0x95, 0x56, 0xfc, 0xa3, 0xb3, 0x9c, 0xad, 0xc3, 0xe4, - 0x60, 0x6a, 0xb6, 0xc8, 0xdf, 0x08, 0xef, 0x14, 0x28, 0x2c, 0xd9, 0xeb, 0x64, 0xbc, 0x0e, 0x95, - 0xbd, 0x4e, 0x26, 0x88, 0x4d, 0xf4, 0x31, 0x8e, 0xf9, 0x11, 0x72, 0x6c, 0x13, 0x33, 0x68, 0x01, - 0x29, 0xb3, 0xe2, 0x27, 0x84, 0x77, 0x09, 0xec, 0x6f, 0xa9, 0x4c, 0xe6, 0xce, 0x41, 0xb2, 0xe0, - 0x46, 0x1f, 0xe0, 0x1c, 0x4c, 0x92, 0x89, 0x44, 0x0e, 0xc8, 0xef, 0x08, 0x8f, 0xc7, 0x29, 0x45, - 0xe4, 0xfc, 0x56, 0x9b, 0x94, 0x18, 0xe1, 0xa8, 0xf8, 0x5c, 0xfe, 0x86, 0x01, 0x36, 0xe5, 0xb0, - 0x77, 0x93, 0x62, 0x00, 0x9b, 0x31, 0xa7, 0x1b, 0xf3, 0x1f, 0x08, 0x8f, 0xc5, 0x68, 0x47, 0xe4, - 0xd9, 0x2d, 0xe6, 0x63, 0x1c, 0xe2, 0xf3, 0xb9, 0xdb, 0x05, 0xc0, 0x87, 0x38, 0xe0, 0x7d, 0x84, - 0x46, 0xe2, 0x1c, 0x05, 0xfe, 0xa6, 0x84, 0x27, 0x12, 0x85, 0xa2, 0xec, 0x07, 0x43, 0x1a, 0x25, - 0x2d, 0xfb, 0xc1, 0x90, 0x4a, 0x5c, 0xa3, 0xfb, 0x39, 0x15, 0x7b, 0xc8, 0x64, 0x9f, 0xee, 0x97, - 0xbc, 0x2e, 0xb9, 0x05, 0x2e, 0xaa, 0x70, 0x6c, 0xa1, 0x18, 0xc5, 0x8a, 0x44, 0xd9, 0x3b, 0xfd, - 0x24, 0x25, 0x48, 0xd0, 0x0a, 0xfa, 0x92, 0x4d, 0xca, 0x1a, 0x77, 0x8b, 0xd7, 0xb8, 0x88, 0x87, - 0x2d, 0x75, 0xfc, 0xf9, 0xd3, 0xd0, 0x47, 0x10, 0x13, 0x34, 0x83, 0x42, 0x1a, 0xc8, 0x35, 0xa9, - 0x9f, 0xd4, 0x40, 0xb2, 0x77, 0x2d, 0x69, 0x74, 0x96, 0xe2, 0xc5, 0x61, 0x99, 0x07, 0x26, 0x4e, - 0x71, 0x26, 0x4e, 0x92, 0x13, 0x5d, 0x75, 0x00, 0x8e, 0x77, 0xef, 0x8f, 0x43, 0x7e, 0xcb, 0x18, - 0xfe, 0x00, 0xee, 0xc8, 0xeb, 0x6b, 0x7a, 0xbd, 0x23, 0xaf, 0x73, 0x01, 0xad, 0x43, 0xde, 0x92, - 0xf0, 0x9e, 0x64, 0x8f, 0x6e, 0x86, 0x64, 0xef, 0x59, 0x86, 0xc8, 0x55, 0x6a, 0xe1, 0x49, 0x74, - 0x48, 0xf4, 0x72, 0x45, 0xbe, 0x91, 0xf0, 0xd1, 0x0c, 0x5a, 0x04, 0xb1, 0x86, 0x13, 0xe7, 0x24, - 0x69, 0xa8, 0x68, 0xdf, 0x56, 0x9f, 0x40, 0xe2, 0x71, 0x4e, 0xe2, 0x2c, 0x91, 0x07, 0x4c, 0xb8, - 0xf9, 0x8b, 0xd7, 0x6f, 0x96, 0xd0, 0x8d, 0x9b, 0x25, 0xf4, 0xc3, 0xcd, 0x12, 0x7a, 0x67, 0xa3, - 0x34, 0x72, 0x63, 0xa3, 0x34, 0xf2, 0xed, 0x46, 0x69, 0xe4, 0xf9, 0xc5, 0x86, 0xee, 0x5c, 0x6a, - 0xd5, 0xca, 0x2a, 0x5b, 0x95, 0x3d, 0x44, 0x33, 0x3e, 0x24, 0x39, 0x04, 0x69, 0x26, 0xc0, 0x34, - 0xe3, 0x81, 0x92, 0x5f, 0xe1, 0x0b, 0x70, 0xda, 0xa6, 0x66, 0xd7, 0xb6, 0xf3, 0x7f, 0xb5, 0x1d, - 0xfd, 0x37, 0x00, 0x00, 0xff, 0xff, 0x44, 0x5c, 0xcd, 0xf0, 0x48, 0x29, 0x00, 0x00, + // 1661 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x5a, 0xcd, 0x6f, 0x1b, 0x45, + 0x14, 0xcf, 0xd8, 0xb4, 0x88, 0x01, 0x01, 0x9d, 0x86, 0x26, 0x58, 0x8d, 0x93, 0x4e, 0x4b, 0xfa, + 0x45, 0xbc, 0xa4, 0x15, 0x2d, 0x1c, 0x4a, 0x95, 0x8f, 0xd2, 0x16, 0x44, 0x95, 0x3a, 0x88, 0x22, + 0x54, 0x6a, 0xad, 0xed, 0xc1, 0x5d, 0xb2, 0xf1, 0x6c, 0x77, 0xd7, 0x01, 0x13, 0x05, 0x09, 0x24, + 0xa8, 0xc4, 0xa9, 0x7c, 0x1c, 0x00, 0x71, 0xa2, 0x52, 0xc5, 0x9d, 0x03, 0xff, 0x42, 0x25, 0x0e, + 0x54, 0xe2, 0x00, 0x12, 0x12, 0x42, 0x0d, 0x07, 0x50, 0x91, 0x80, 0x0b, 0x88, 0x0b, 0xa0, 0x9d, + 0x7d, 0x9b, 0x5d, 0x7b, 0x67, 0xd7, 0xeb, 0xcd, 0xba, 0xbd, 0xd9, 0x3b, 0xcf, 0xef, 0xcd, 0xef, + 0xf7, 0xde, 0xbc, 0x79, 0xfb, 0x4b, 0xf0, 0x03, 0xc6, 0x92, 0xa6, 0x5c, 0x6a, 0x31, 0xb3, 0x5d, + 0x32, 0x4c, 0x6e, 0x73, 0x52, 0x7a, 0x43, 0x6b, 0x54, 0x19, 0x53, 0x75, 0x5d, 0x53, 0x9b, 0x35, + 0x56, 0xaa, 0x6b, 0x96, 0x6d, 0x6a, 0xd5, 0x96, 0xcd, 0xea, 0x35, 0xbe, 0x6c, 0xb8, 0x4f, 0x75, + 0x56, 0x6f, 0x30, 0xb3, 0x64, 0x2c, 0x69, 0x85, 0x9d, 0x0d, 0xce, 0x1b, 0x3a, 0x53, 0x54, 0x43, + 0x53, 0xd4, 0x66, 0x93, 0xdb, 0xaa, 0xad, 0xf1, 0xa6, 0xe5, 0x7a, 0x2b, 0x1c, 0xa8, 0x71, 0x6b, + 0x99, 0x5b, 0x4a, 0x55, 0xb5, 0x98, 0x1b, 0x46, 0x59, 0x99, 0xae, 0x32, 0x5b, 0x9d, 0x56, 0x0c, + 0xb5, 0xa1, 0x35, 0x85, 0x31, 0xd8, 0x8e, 0x3b, 0x5b, 0x51, 0x0d, 0xc3, 0xe4, 0x2b, 0xac, 0x5e, + 0xa9, 0x31, 0xd3, 0xd6, 0x5e, 0xd1, 0x6a, 0xaa, 0xcd, 0x3c, 0x67, 0x45, 0xc7, 0xc0, 0x30, 0xb9, + 0xc1, 0xad, 0x4e, 0x03, 0x58, 0xdf, 0xe9, 0xac, 0xd7, 0x2e, 0x6a, 0xba, 0xf4, 0xd7, 0xfb, 0xa3, + 0x7e, 0x5d, 0x31, 0xd9, 0x0a, 0xaf, 0x05, 0x77, 0x22, 0x02, 0x39, 0x4f, 0x97, 0xe4, 0x1b, 0xd9, + 0xd3, 0xb1, 0x53, 0x93, 0x73, 0x5b, 0x66, 0xb5, 0x3b, 0xe8, 0x25, 0xca, 0xe8, 0x40, 0x24, 0xe8, + 0x4a, 0xb5, 0x5d, 0xb1, 0x5a, 0xd5, 0x57, 0x59, 0xcd, 0xee, 0xdc, 0x96, 0xf3, 0x44, 0x8a, 0xff, + 0xa0, 0x40, 0xb8, 0xa4, 0x05, 0x00, 0x55, 0x36, 0xd2, 0xe7, 0x7c, 0x31, 0xb8, 0xd6, 0xf4, 0x9c, + 0x9d, 0x48, 0x64, 0x2c, 0x76, 0xa1, 0x59, 0x56, 0x8b, 0x99, 0xde, 0x66, 0x2a, 0x4b, 0xac, 0x5d, + 0xd1, 0xea, 0xe0, 0x66, 0xb8, 0xc1, 0x1b, 0x5c, 0x7c, 0x54, 0x9c, 0x4f, 0xf0, 0xf4, 0x61, 0x37, + 0xed, 0x15, 0x77, 0xc1, 0xfd, 0xe2, 0x2e, 0xd1, 0x1a, 0xde, 0x7d, 0xd6, 0xa9, 0x83, 0x93, 0xcc, + 0x9e, 0x01, 0xd8, 0x73, 0x01, 0xd4, 0x65, 0x76, 0xa9, 0xc5, 0x2c, 0x9b, 0x8c, 0xe2, 0xbb, 0x21, + 0xde, 0x28, 0x9a, 0x40, 0xfb, 0xee, 0x29, 0x7b, 0x5f, 0x09, 0xc5, 0xf7, 0xc1, 0xc7, 0x67, 0x59, + 0xfb, 0x74, 0x7d, 0x34, 0x27, 0x96, 0x3b, 0x9e, 0xd1, 0x6b, 0x08, 0xef, 0x89, 0x8f, 0x62, 0x19, + 0xbc, 0x69, 0x31, 0xf2, 0x26, 0x1e, 0x56, 0x25, 0xeb, 0x22, 0xe6, 0xbd, 0x87, 0xe6, 0xfb, 0x3c, + 0x0c, 0x25, 0x59, 0xac, 0xd9, 0xbb, 0xae, 0xff, 0x38, 0x3e, 0x54, 0x96, 0xc6, 0xa1, 0xef, 0x23, + 0xa0, 0x63, 0x46, 0xd7, 0xe3, 0xe8, 0x78, 0x1a, 0x63, 0xff, 0xbc, 0xc0, 0xee, 0x26, 0x4b, 0x40, + 0xac, 0x73, 0xb8, 0x4a, 0xee, 0x19, 0x86, 0xc3, 0x55, 0x5a, 0x50, 0x1b, 0x0c, 0x7e, 0x5b, 0x0e, + 0xfc, 0x32, 0x11, 0x79, 0xbf, 0x7b, 0xe4, 0x45, 0xee, 0xa9, 0x27, 0x79, 0xf9, 0xdb, 0x41, 0x1e, + 0x39, 0xd9, 0x41, 0x4a, 0x4e, 0x90, 0xb2, 0xb7, 0x27, 0x29, 0xee, 0xe6, 0x83, 0xac, 0xd0, 0x2a, + 0xa6, 0x5e, 0xb5, 0x2c, 0x40, 0x83, 0x08, 0x04, 0xca, 0xa6, 0x24, 0x3f, 0x47, 0x7e, 0xe1, 0x4b, + 0x83, 0x00, 0xa9, 0xab, 0x78, 0xbb, 0x11, 0x5e, 0x86, 0x94, 0xcf, 0xf5, 0xcb, 0xa9, 0x24, 0x12, + 0x50, 0x2a, 0x8b, 0x42, 0x75, 0x20, 0x62, 0x46, 0xd7, 0x63, 0x88, 0xc8, 0xa8, 0x18, 0xe9, 0xad, + 0x40, 0xf1, 0xa7, 0xa2, 0x24, 0x3f, 0x78, 0x4a, 0xb2, 0x2c, 0xb2, 0x09, 0x2f, 0xff, 0x73, 0xce, + 0x1d, 0x25, 0x3b, 0xe6, 0x3b, 0xf0, 0x56, 0xb7, 0xd9, 0x42, 0x85, 0xc1, 0x37, 0x32, 0x89, 0xef, + 0x57, 0x5b, 0xf6, 0x45, 0x6e, 0x6a, 0x76, 0x3b, 0x58, 0x62, 0x5d, 0x4f, 0xe9, 0xa7, 0x08, 0xef, + 0x8a, 0x09, 0x02, 0x7c, 0xb6, 0xf0, 0xb6, 0x5a, 0xf7, 0x22, 0xa4, 0x71, 0xa6, 0x5f, 0x36, 0x43, + 0x51, 0x80, 0xcb, 0x70, 0x04, 0x7a, 0x05, 0xe1, 0x47, 0x63, 0x4f, 0x80, 0x77, 0x0f, 0x65, 0x72, + 0xe0, 0x84, 0x0d, 0x33, 0x35, 0x55, 0x3f, 0xd3, 0x5a, 0xae, 0x32, 0x73, 0x34, 0x0f, 0x36, 0x81, + 0x67, 0xf4, 0x6b, 0x84, 0xa7, 0x12, 0x6e, 0x09, 0xb8, 0xfb, 0x04, 0xe1, 0x31, 0x23, 0xce, 0x12, + 0x88, 0x7c, 0x2e, 0x83, 0xb2, 0xf4, 0x9d, 0x02, 0xa9, 0xf1, 0x91, 0xe9, 0x0a, 0xf0, 0x1b, 0x75, + 0x9c, 0xba, 0xf9, 0xcd, 0xea, 0x1c, 0x7f, 0x94, 0x03, 0x16, 0x7b, 0x07, 0xee, 0x83, 0xc5, 0xfc, + 0x9d, 0x61, 0x71, 0x20, 0xb7, 0x4a, 0xd9, 0x9d, 0x02, 0xb3, 0x1f, 0x74, 0x82, 0xb7, 0x8a, 0x34, + 0x88, 0xdf, 0x42, 0xcd, 0xf0, 0x72, 0xda, 0x5b, 0x45, 0x12, 0xc9, 0x6b, 0xa1, 0x92, 0x28, 0xc1, + 0x5b, 0x25, 0x86, 0x88, 0x41, 0xdc, 0x2a, 0xa9, 0x28, 0xc9, 0x0f, 0x9e, 0x92, 0xec, 0x8a, 0x6c, + 0x3f, 0xde, 0xdb, 0x3d, 0xe8, 0x96, 0x39, 0xb7, 0x25, 0x04, 0xd3, 0xaf, 0x10, 0xde, 0xd7, 0xdb, + 0x16, 0xd8, 0x79, 0x0f, 0xe1, 0x51, 0x35, 0xc2, 0x08, 0x92, 0x73, 0x2a, 0xed, 0x80, 0xd7, 0xed, + 0x0f, 0x88, 0x8a, 0x8c, 0x47, 0xf7, 0xe1, 0xc9, 0xae, 0x22, 0x8f, 0xc2, 0xf8, 0x25, 0xf2, 0xf9, + 0x88, 0x34, 0x05, 0x88, 0x97, 0x11, 0x1e, 0x31, 0xe5, 0x36, 0x80, 0xf0, 0x64, 0xca, 0x2a, 0x88, + 0x00, 0x18, 0x15, 0x8d, 0x9e, 0xf2, 0x2f, 0x46, 0xe9, 0x10, 0xdc, 0x5e, 0x74, 0xcf, 0x7c, 0xcf, + 0x9e, 0xd1, 0x71, 0xa1, 0xf5, 0x70, 0x15, 0x68, 0xc5, 0x6a, 0x9c, 0x65, 0xda, 0x0b, 0x2d, 0x36, + 0xbc, 0xd7, 0x8a, 0x63, 0x23, 0x07, 0xdf, 0x15, 0xcb, 0xf0, 0xda, 0x9b, 0x7d, 0x0b, 0xbd, 0x1a, + 0x78, 0x57, 0x94, 0x47, 0x09, 0x36, 0x8c, 0xd0, 0x7a, 0xfa, 0x1e, 0x1a, 0x72, 0xe5, 0x37, 0x8c, + 0xd0, 0x12, 0x5d, 0x0e, 0x36, 0xb5, 0x68, 0x2a, 0xb2, 0x6a, 0xa2, 0xbf, 0x05, 0xde, 0x01, 0xd3, + 0x91, 0x92, 0x1f, 0x3c, 0x29, 0xd9, 0x75, 0xd1, 0xcb, 0xc1, 0x39, 0x70, 0x49, 0xf3, 0xa7, 0x81, + 0xf9, 0x80, 0x22, 0xb2, 0xc0, 0xb5, 0xe6, 0xc6, 0x11, 0x7c, 0x10, 0xe7, 0x57, 0xb4, 0xba, 0x60, + 0x78, 0x4b, 0xd9, 0xf9, 0x48, 0x86, 0xf1, 0x16, 0x5d, 0xad, 0x32, 0x1d, 0x8a, 0xcc, 0xfd, 0x42, + 0x4a, 0x98, 0xb8, 0x33, 0xfc, 0xa2, 0x5f, 0x73, 0xf3, 0x30, 0x8b, 0x4a, 0x56, 0xe8, 0x37, 0x08, + 0x97, 0x92, 0xee, 0x04, 0x52, 0xf0, 0x19, 0xc2, 0xc5, 0x78, 0x53, 0x28, 0x84, 0x33, 0x7d, 0x4f, + 0x53, 0xb1, 0x5e, 0x21, 0x33, 0x3d, 0x62, 0xd3, 0xd7, 0x02, 0xc3, 0x61, 0x22, 0x6a, 0xb3, 0xaa, + 0xe1, 0x8f, 0x73, 0x40, 0x65, 0x82, 0xc8, 0xfd, 0x50, 0x99, 0xbf, 0x53, 0x54, 0x66, 0x57, 0xef, + 0x36, 0x9e, 0x4d, 0x56, 0x64, 0xd6, 0x6c, 0xfb, 0x74, 0xa8, 0x48, 0xbd, 0x44, 0xc9, 0x6b, 0x1b, + 0x45, 0xd6, 0xf6, 0xd5, 0x1c, 0x9e, 0xdb, 0x54, 0x58, 0xc8, 0xd2, 0x0f, 0x08, 0x1f, 0x36, 0xfa, + 0xff, 0x3d, 0x94, 0x52, 0x2d, 0xdb, 0xd4, 0x49, 0x43, 0x41, 0x3e, 0xd3, 0xec, 0xf2, 0xd0, 0x1f, + 0x14, 0x6f, 0x11, 0x2c, 0x91, 0x7f, 0x10, 0x1e, 0x96, 0xdd, 0xa2, 0x64, 0xb1, 0x5f, 0x08, 0x09, + 0x14, 0xd7, 0xc2, 0xf3, 0xd9, 0x3a, 0x75, 0x73, 0x45, 0x8f, 0xbc, 0xfd, 0xed, 0xcf, 0x1f, 0xe6, + 0x1e, 0x23, 0x25, 0xa5, 0x5e, 0xd3, 0x15, 0x21, 0xd0, 0x07, 0xcc, 0x94, 0x55, 0xb8, 0x8a, 0xd7, + 0x36, 0x3e, 0x89, 0x4b, 0x79, 0x8d, 0xac, 0x23, 0x3c, 0x22, 0x73, 0x3c, 0xa3, 0xeb, 0x29, 0xe1, + 0xc7, 0x2b, 0xac, 0x29, 0xe1, 0xf7, 0x90, 0x48, 0xe9, 0x98, 0x80, 0x3f, 0x42, 0x1e, 0x92, 0xc2, + 0x27, 0xff, 0x21, 0xbc, 0x5d, 0xf2, 0xca, 0x4a, 0xca, 0x69, 0x73, 0x11, 0xad, 0xda, 0x15, 0x16, + 0x33, 0xf5, 0x09, 0xf8, 0x8e, 0x0b, 0x7c, 0x4f, 0x92, 0xa3, 0x1b, 0xf8, 0xbc, 0x97, 0xeb, 0xa9, + 0x64, 0x79, 0xfe, 0x15, 0xe1, 0x1d, 0x92, 0x00, 0x4e, 0x9a, 0xcb, 0x69, 0x33, 0x92, 0x39, 0x09, + 0xf1, 0xfa, 0x24, 0x9d, 0x14, 0x24, 0x4c, 0x90, 0x62, 0x3c, 0x09, 0xe4, 0x6f, 0x84, 0xb7, 0x85, + 0xf4, 0x32, 0xb2, 0x90, 0x36, 0x2f, 0x51, 0x2a, 0x62, 0xe1, 0x6c, 0x86, 0x1e, 0x01, 0xe2, 0x31, + 0x01, 0xf1, 0x28, 0x79, 0xdc, 0xaf, 0x63, 0xc7, 0xb6, 0x2b, 0xc9, 0x6e, 0xcf, 0x5f, 0x53, 0x56, + 0x3b, 0x65, 0xc9, 0x35, 0xf2, 0x45, 0x0e, 0x8f, 0xc5, 0x4a, 0x33, 0xe4, 0x7c, 0xa6, 0xd5, 0xd9, + 0xa5, 0x74, 0x15, 0x5e, 0x1e, 0x90, 0x77, 0x60, 0xe7, 0x19, 0xc1, 0xce, 0x3c, 0x99, 0x0d, 0x17, + 0x80, 0xff, 0xd7, 0xb5, 0x84, 0x07, 0xe2, 0x83, 0x1c, 0x9e, 0x88, 0x8d, 0xea, 0x1c, 0x8d, 0xf3, + 0x99, 0x96, 0x71, 0x36, 0x6c, 0x25, 0x15, 0xff, 0xe8, 0xb4, 0x60, 0xeb, 0x20, 0xd9, 0x9f, 0x98, + 0x2d, 0xf2, 0x2f, 0xc2, 0xdb, 0x25, 0x0a, 0x4b, 0xfa, 0x3e, 0x19, 0xad, 0x43, 0xa5, 0xef, 0x93, + 0x31, 0x62, 0x13, 0x7d, 0x4a, 0x60, 0x7e, 0x82, 0x1c, 0xd9, 0xc0, 0x0c, 0x5a, 0x40, 0xc2, 0xaa, + 0xf8, 0x05, 0xe1, 0x1d, 0x12, 0xff, 0x9b, 0x6a, 0x93, 0x99, 0x73, 0x10, 0x2f, 0xb8, 0xd1, 0x47, + 0x04, 0x07, 0xe3, 0x64, 0x2c, 0x96, 0x03, 0xf2, 0x27, 0xc2, 0xa3, 0x51, 0x4a, 0x11, 0x39, 0xb7, + 0xd9, 0x21, 0x25, 0x42, 0x38, 0x2a, 0xbc, 0x98, 0xbd, 0x63, 0x80, 0x4d, 0x05, 0xec, 0x9d, 0xa4, + 0xe0, 0xc3, 0xe6, 0xdc, 0xee, 0xc4, 0xfc, 0x17, 0xc2, 0x23, 0x11, 0xda, 0x11, 0x79, 0x61, 0x93, + 0xf5, 0x18, 0x85, 0xf8, 0x5c, 0xe6, 0x7e, 0x01, 0xf0, 0x01, 0x01, 0x78, 0x0f, 0xa1, 0xa1, 0x3c, + 0x87, 0x81, 0xbf, 0x93, 0xc3, 0x63, 0xb1, 0x42, 0x51, 0xfa, 0x8b, 0x21, 0x89, 0x92, 0x96, 0xfe, + 0x62, 0x48, 0x24, 0xae, 0xd1, 0xbd, 0x82, 0x8a, 0x5d, 0x64, 0xbc, 0xc7, 0xf4, 0x4b, 0xde, 0xca, + 0x39, 0x0d, 0x2e, 0xac, 0x70, 0x6c, 0xa2, 0x19, 0x45, 0x8a, 0x44, 0xe9, 0x27, 0xfd, 0x38, 0x25, + 0x48, 0x32, 0x0a, 0x7a, 0x92, 0x4d, 0xc2, 0x1e, 0x77, 0x4b, 0xf4, 0xb8, 0x50, 0x84, 0x4d, 0x4d, + 0xfc, 0xd9, 0xd3, 0xd0, 0x43, 0x10, 0x93, 0x0c, 0x83, 0x52, 0x1a, 0xc8, 0xb5, 0x5c, 0x2f, 0xa9, + 0x81, 0xa4, 0x9f, 0x5a, 0x92, 0xe8, 0x2c, 0x85, 0x0b, 0x83, 0x72, 0x0f, 0x4c, 0x9c, 0x10, 0x4c, + 0x1c, 0x27, 0xc7, 0x3a, 0xfa, 0x00, 0x5c, 0xef, 0xee, 0x7f, 0x17, 0x79, 0x23, 0x63, 0xf0, 0x05, + 0x78, 0x4d, 0x59, 0x5d, 0xd1, 0xea, 0x6b, 0xca, 0xaa, 0x10, 0xd0, 0xd6, 0xc8, 0xbb, 0x39, 0xbc, + 0x2b, 0x3e, 0xa2, 0x53, 0x21, 0xe9, 0x67, 0x96, 0x01, 0x72, 0x95, 0x58, 0x78, 0x92, 0x5d, 0x12, + 0xdd, 0x5c, 0x91, 0xef, 0x72, 0xf8, 0x70, 0x0a, 0x2d, 0x82, 0x98, 0x83, 0xc9, 0x73, 0x9c, 0x34, + 0x54, 0xb0, 0x6e, 0x6b, 0x4c, 0x20, 0xf1, 0xa8, 0x20, 0x71, 0x9a, 0x28, 0x7d, 0x16, 0xdc, 0xec, + 0x85, 0xeb, 0x37, 0x8b, 0xe8, 0xc6, 0xcd, 0x22, 0xfa, 0xe9, 0x66, 0x11, 0x5d, 0x59, 0x2f, 0x0e, + 0xdd, 0x58, 0x2f, 0x0e, 0x7d, 0xbf, 0x5e, 0x1c, 0x7a, 0x69, 0xbe, 0xa1, 0xd9, 0x17, 0x5b, 0xd5, + 0x52, 0x8d, 0x2f, 0x2b, 0x2e, 0xa2, 0x29, 0x0f, 0x92, 0x12, 0x80, 0x34, 0xe5, 0x63, 0x9a, 0x72, + 0x41, 0x29, 0xaf, 0x8b, 0x0d, 0xd8, 0x6d, 0x83, 0x59, 0xd5, 0xad, 0xe2, 0x5f, 0xdf, 0x0e, 0xff, + 0x1f, 0x00, 0x00, 0xff, 0xff, 0x6f, 0xb9, 0x8c, 0x69, 0x6d, 0x29, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2928,6 +2937,13 @@ func (m *QueryGetProposedCertificateRevocationRequest) MarshalToSizedBuffer(dAtA _ = i var l int _ = l + if len(m.SerialNumber) > 0 { + i -= len(m.SerialNumber) + copy(dAtA[i:], m.SerialNumber) + i = encodeVarintQuery(dAtA, i, uint64(len(m.SerialNumber))) + i-- + dAtA[i] = 0x1a + } if len(m.SubjectKeyId) > 0 { i -= len(m.SubjectKeyId) copy(dAtA[i:], m.SubjectKeyId) @@ -3944,6 +3960,10 @@ func (m *QueryGetProposedCertificateRevocationRequest) Size() (n int) { if l > 0 { n += 1 + l + sovQuery(uint64(l)) } + l = len(m.SerialNumber) + if l > 0 { + n += 1 + l + sovQuery(uint64(l)) + } return n } @@ -5395,6 +5415,38 @@ func (m *QueryGetProposedCertificateRevocationRequest) Unmarshal(dAtA []byte) er } m.SubjectKeyId = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SerialNumber", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthQuery + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthQuery + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SerialNumber = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipQuery(dAtA[iNdEx:]) diff --git a/x/pki/types/query.pb.gw.go b/x/pki/types/query.pb.gw.go index 84d899b34..ade275a57 100644 --- a/x/pki/types/query.pb.gw.go +++ b/x/pki/types/query.pb.gw.go @@ -333,6 +333,10 @@ func local_request_Query_ChildCertificates_0(ctx context.Context, marshaler runt } +var ( + filter_Query_ProposedCertificateRevocation_0 = &utilities.DoubleArray{Encoding: map[string]int{"subject": 0, "subjectKeyId": 1}, Base: []int{1, 1, 2, 0, 0}, Check: []int{0, 1, 1, 2, 3}} +) + func request_Query_ProposedCertificateRevocation_0(ctx context.Context, marshaler runtime.Marshaler, client QueryClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq QueryGetProposedCertificateRevocationRequest var metadata runtime.ServerMetadata @@ -366,6 +370,13 @@ func request_Query_ProposedCertificateRevocation_0(ctx context.Context, marshale return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "subjectKeyId", err) } + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Query_ProposedCertificateRevocation_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + msg, err := client.ProposedCertificateRevocation(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) return msg, metadata, err @@ -404,6 +415,13 @@ func local_request_Query_ProposedCertificateRevocation_0(ctx context.Context, ma return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "subjectKeyId", err) } + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Query_ProposedCertificateRevocation_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + msg, err := server.ProposedCertificateRevocation(ctx, &protoReq) return msg, metadata, err diff --git a/x/pki/types/tx.pb.go b/x/pki/types/tx.pb.go index c0731c952..4812fdb4a 100644 --- a/x/pki/types/tx.pb.go +++ b/x/pki/types/tx.pb.go @@ -363,6 +363,7 @@ type MsgProposeRevokeX509RootCert struct { SubjectKeyId string `protobuf:"bytes,3,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty" validate:"required,max=256"` Info string `protobuf:"bytes,4,opt,name=info,proto3" json:"info,omitempty" validate:"max=4096"` Time int64 `protobuf:"varint,5,opt,name=time,proto3" json:"time,omitempty"` + SerialNumber string `protobuf:"bytes,6,opt,name=serialNumber,proto3" json:"serialNumber,omitempty"` } func (m *MsgProposeRevokeX509RootCert) Reset() { *m = MsgProposeRevokeX509RootCert{} } @@ -433,6 +434,13 @@ func (m *MsgProposeRevokeX509RootCert) GetTime() int64 { return 0 } +func (m *MsgProposeRevokeX509RootCert) GetSerialNumber() string { + if m != nil { + return m.SerialNumber + } + return "" +} + type MsgProposeRevokeX509RootCertResponse struct { } @@ -475,6 +483,7 @@ type MsgApproveRevokeX509RootCert struct { SubjectKeyId string `protobuf:"bytes,3,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty" validate:"required,max=256"` Info string `protobuf:"bytes,5,opt,name=info,proto3" json:"info,omitempty" validate:"max=4096"` Time int64 `protobuf:"varint,6,opt,name=time,proto3" json:"time,omitempty"` + SerialNumber string `protobuf:"bytes,7,opt,name=serialNumber,proto3" json:"serialNumber,omitempty"` } func (m *MsgApproveRevokeX509RootCert) Reset() { *m = MsgApproveRevokeX509RootCert{} } @@ -545,6 +554,13 @@ func (m *MsgApproveRevokeX509RootCert) GetTime() int64 { return 0 } +func (m *MsgApproveRevokeX509RootCert) GetSerialNumber() string { + if m != nil { + return m.SerialNumber + } + return "" +} + type MsgApproveRevokeX509RootCertResponse struct { } @@ -587,6 +603,7 @@ type MsgRevokeX509Cert struct { SubjectKeyId string `protobuf:"bytes,3,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty" validate:"required,max=256"` Info string `protobuf:"bytes,4,opt,name=info,proto3" json:"info,omitempty" validate:"max=4096"` Time int64 `protobuf:"varint,5,opt,name=time,proto3" json:"time,omitempty"` + SerialNumber string `protobuf:"bytes,6,opt,name=serialNumber,proto3" json:"serialNumber,omitempty"` } func (m *MsgRevokeX509Cert) Reset() { *m = MsgRevokeX509Cert{} } @@ -657,6 +674,13 @@ func (m *MsgRevokeX509Cert) GetTime() int64 { return 0 } +func (m *MsgRevokeX509Cert) GetSerialNumber() string { + if m != nil { + return m.SerialNumber + } + return "" +} + type MsgRevokeX509CertResponse struct { } @@ -1369,79 +1393,81 @@ func init() { func init() { proto.RegisterFile("pki/tx.proto", fileDescriptor_badfdb2b39855d16) } var fileDescriptor_badfdb2b39855d16 = []byte{ - // 1149 bytes of a gzipped FileDescriptorProto + // 1176 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x59, 0xdf, 0x6f, 0xdb, 0x54, 0x14, 0xae, 0xf3, 0xa3, 0x3f, 0xce, 0x4a, 0x05, 0x97, 0xd2, 0xb9, 0x6e, 0x95, 0x64, 0x5e, 0xb5, - 0x55, 0xa2, 0x4d, 0xd2, 0xae, 0x29, 0xeb, 0x44, 0x41, 0xe9, 0xa2, 0x8d, 0x6a, 0xad, 0x54, 0xdc, - 0x0e, 0x10, 0x42, 0x4c, 0x4e, 0x7c, 0x67, 0x2e, 0x75, 0x72, 0x8d, 0xaf, 0x53, 0xb5, 0xfb, 0x27, - 0x40, 0x42, 0xbc, 0x00, 0xda, 0x1b, 0x48, 0x3c, 0x83, 0x78, 0xe5, 0x95, 0xc7, 0x09, 0x21, 0xc1, - 0x53, 0x34, 0xb5, 0xff, 0x41, 0xde, 0x91, 0x90, 0xed, 0xc4, 0xae, 0x5b, 0x3b, 0x4d, 0xdc, 0xf4, - 0x81, 0xd2, 0x37, 0xfb, 0xe6, 0x7e, 0xdf, 0x39, 0xe7, 0x3b, 0x9f, 0xe3, 0x7b, 0x12, 0x18, 0xd5, - 0x77, 0x49, 0xce, 0xdc, 0xcf, 0xea, 0x06, 0x35, 0x29, 0xca, 0x3e, 0x23, 0x6a, 0x19, 0x63, 0x59, - 0xd3, 0x88, 0x5c, 0xab, 0xe0, 0xac, 0x42, 0x98, 0x69, 0x90, 0x72, 0xdd, 0xc4, 0x4a, 0x85, 0x56, - 0x75, 0x67, 0x55, 0xc3, 0x8a, 0x8a, 0x8d, 0xac, 0xbe, 0x4b, 0x84, 0xc9, 0x0a, 0x65, 0x55, 0xca, - 0x9e, 0xd8, 0xe8, 0x9c, 0x73, 0xe3, 0x50, 0x09, 0xe3, 0x2a, 0x55, 0xa9, 0xb3, 0x6e, 0x5d, 0x39, - 0xab, 0xe2, 0xb7, 0x31, 0x98, 0xdc, 0x64, 0xea, 0x96, 0x41, 0x75, 0xca, 0x70, 0x51, 0x51, 0x3e, - 0x2a, 0xe4, 0x57, 0x24, 0x4a, 0xcd, 0xfb, 0xd8, 0x30, 0xd1, 0x43, 0x18, 0x64, 0x44, 0xad, 0x61, - 0x83, 0xe7, 0x32, 0xdc, 0xec, 0xc8, 0x5a, 0xae, 0xd9, 0x48, 0xbf, 0xbe, 0x27, 0x6b, 0x44, 0x91, - 0x4d, 0x7c, 0x4f, 0x34, 0xf0, 0x17, 0x75, 0x62, 0x60, 0x45, 0xfc, 0xe3, 0x97, 0xf9, 0xf1, 0x56, - 0xb0, 0xa2, 0xa2, 0x18, 0x98, 0xb1, 0x6d, 0xd3, 0x20, 0x35, 0x55, 0x6a, 0xc1, 0xd1, 0x5d, 0x48, - 0x54, 0xb0, 0x61, 0xf2, 0x31, 0x9b, 0x66, 0xa6, 0xd9, 0x48, 0x67, 0x4e, 0xd3, 0xcc, 0x55, 0xe5, - 0xfd, 0xd5, 0x85, 0xfc, 0xd2, 0xdd, 0xc2, 0x5b, 0xcb, 0x79, 0x51, 0xb2, 0x11, 0xe8, 0x4d, 0x48, - 0x90, 0xda, 0x53, 0xca, 0xc7, 0x6d, 0xe4, 0x75, 0x7f, 0x02, 0x16, 0x60, 0x29, 0xbf, 0xb2, 0x2c, - 0x4a, 0xf6, 0x26, 0x84, 0x20, 0x61, 0x92, 0x2a, 0xe6, 0x13, 0x19, 0x6e, 0x36, 0x2e, 0xd9, 0xd7, - 0x68, 0x05, 0xe2, 0x7b, 0x44, 0xe1, 0x93, 0x19, 0x6e, 0x36, 0xb9, 0x76, 0xbb, 0xd9, 0x48, 0xdf, - 0xf4, 0xf0, 0xaa, 0x89, 0x57, 0x17, 0xe6, 0x34, 0x13, 0xaf, 0x2e, 0x17, 0x0a, 0x77, 0x0a, 0x73, - 0x6e, 0x41, 0x92, 0x85, 0x11, 0x6f, 0xc2, 0x8d, 0x50, 0x6d, 0x24, 0xcc, 0x74, 0x5a, 0x63, 0x58, - 0xfc, 0xd1, 0x51, 0xb0, 0xa8, 0xeb, 0x06, 0xdd, 0xbb, 0x38, 0x05, 0xef, 0xc1, 0x10, 0xab, 0x97, - 0x3f, 0xc7, 0x95, 0xb6, 0x88, 0x99, 0x66, 0x23, 0x3d, 0x1d, 0x2a, 0xe2, 0xe2, 0x92, 0x28, 0xb5, - 0x01, 0xe8, 0x3e, 0x8c, 0xb6, 0x2e, 0x1f, 0xe1, 0x83, 0x75, 0xa5, 0xa5, 0x65, 0xba, 0xd9, 0x48, - 0x4f, 0x85, 0x10, 0x2c, 0x16, 0x96, 0x45, 0xc9, 0x07, 0x72, 0x1b, 0x91, 0xe8, 0xa5, 0x11, 0x49, - 0xaf, 0x11, 0x2d, 0x35, 0x83, 0x75, 0x72, 0xd5, 0xfc, 0x93, 0x83, 0x31, 0x6b, 0x97, 0xf3, 0xf1, - 0x65, 0x31, 0xa1, 0xc8, 0xc3, 0x84, 0xbf, 0x2a, 0xb7, 0xe0, 0x9f, 0x62, 0x30, 0xed, 0x99, 0x4c, - 0xc2, 0x7b, 0x74, 0x17, 0x5f, 0x39, 0x28, 0xd8, 0x41, 0xb7, 0x60, 0xa6, 0x93, 0x54, 0x27, 0x35, - 0x6d, 0x59, 0xed, 0x7f, 0xa1, 0x69, 0xb2, 0x17, 0x4d, 0x07, 0x4f, 0x69, 0x1a, 0x2a, 0x95, 0xab, - 0xe9, 0xf3, 0x18, 0xbc, 0xb6, 0xc9, 0x54, 0x6f, 0xc7, 0x95, 0x39, 0xfd, 0xe6, 0x9c, 0xb2, 0x5f, - 0x03, 0x7e, 0x7d, 0x5c, 0xf5, 0x7e, 0x88, 0x01, 0x6f, 0x7f, 0x6a, 0x05, 0xbc, 0x7a, 0x47, 0x84, - 0x8a, 0x28, 0x42, 0x26, 0x4c, 0x26, 0x57, 0xcb, 0xef, 0x92, 0x8e, 0x65, 0x15, 0x65, 0x6b, 0x97, - 0x58, 0x7a, 0x57, 0x64, 0x93, 0xd0, 0x5a, 0xa9, 0x7d, 0x34, 0x22, 0xb4, 0xb6, 0x45, 0x49, 0xad, - 0x8f, 0xba, 0xb6, 0x8e, 0x10, 0xb1, 0xde, 0x8f, 0x10, 0x28, 0x0f, 0x71, 0x9d, 0x38, 0x6a, 0x26, - 0xd7, 0x52, 0xcd, 0x46, 0x5a, 0xf0, 0x43, 0xf3, 0x1e, 0x54, 0x94, 0xac, 0xad, 0x68, 0x1c, 0x92, - 0x84, 0x6d, 0x15, 0x8b, 0xb6, 0x88, 0xc3, 0x92, 0x73, 0x83, 0xe6, 0x21, 0xa9, 0xc9, 0x65, 0xac, - 0x05, 0x3f, 0xe8, 0x5e, 0x50, 0x67, 0x17, 0x7a, 0x04, 0xe3, 0x15, 0x43, 0xdb, 0xb6, 0xd3, 0xb7, - 0xc4, 0x23, 0x4f, 0x49, 0x45, 0x36, 0x9d, 0x27, 0xbf, 0x03, 0x3a, 0x10, 0x84, 0x1e, 0x02, 0x22, - 0x8c, 0xd5, 0xb1, 0xb1, 0xed, 0xf5, 0xba, 0xc4, 0x0f, 0x75, 0xa6, 0x0a, 0x80, 0xa0, 0x02, 0x0c, - 0x29, 0xb2, 0x29, 0x3f, 0x96, 0x36, 0xf8, 0x61, 0x1b, 0x3d, 0xd5, 0x6c, 0xa4, 0xaf, 0x07, 0xd8, - 0xab, 0x6e, 0x68, 0xa2, 0xd4, 0xde, 0x8b, 0x44, 0x18, 0xb5, 0x2e, 0x1f, 0x10, 0x0d, 0x6f, 0x93, - 0x67, 0x98, 0x1f, 0xc9, 0x70, 0xb3, 0x09, 0xc9, 0xb7, 0x86, 0x52, 0x00, 0xd6, 0x7d, 0x89, 0xa8, - 0x98, 0x99, 0x3c, 0x58, 0xec, 0xd2, 0xb1, 0x15, 0x74, 0x0b, 0xc6, 0xbc, 0xbb, 0x9d, 0x03, 0x1d, - 0xf3, 0xd7, 0x32, 0xdc, 0xec, 0x2b, 0xd2, 0x89, 0x55, 0xf4, 0x2e, 0x8c, 0x19, 0xae, 0xa5, 0xec, - 0x7d, 0xa3, 0xd6, 0xbe, 0xf0, 0x3a, 0x4f, 0x6c, 0x17, 0xb3, 0x30, 0xd7, 0x8d, 0x39, 0x5d, 0x37, - 0xff, 0x13, 0x87, 0xdb, 0x9b, 0x4c, 0x7d, 0xac, 0x5b, 0xc4, 0xff, 0x01, 0x43, 0xbb, 0x46, 0x8c, - 0x77, 0x65, 0xc4, 0xc5, 0x10, 0x23, 0xda, 0xdf, 0x10, 0x3d, 0xf9, 0x2d, 0xd9, 0xbb, 0xdf, 0x96, - 0x3d, 0xbf, 0x39, 0xc6, 0x9f, 0x6e, 0x36, 0xd2, 0xbc, 0x87, 0xa6, 0x55, 0x62, 0xe2, 0xaa, 0x6e, - 0x1e, 0x9c, 0x61, 0xb8, 0xa1, 0x33, 0x0d, 0x37, 0xdc, 0x85, 0xe1, 0x46, 0x82, 0x0c, 0x27, 0x2e, - 0x40, 0xae, 0xcb, 0xf6, 0x1f, 0x7f, 0x99, 0x58, 0x96, 0x29, 0x61, 0x0d, 0x5f, 0x46, 0xcb, 0x04, - 0xb7, 0x3f, 0xd1, 0x73, 0xfb, 0x5b, 0xd2, 0x76, 0x23, 0x93, 0x2b, 0xed, 0xd7, 0x31, 0x18, 0xb5, - 0x1e, 0x5f, 0x66, 0x55, 0xfd, 0x01, 0x51, 0x2e, 0xd1, 0xbb, 0xb9, 0xd5, 0xc0, 0x44, 0x84, 0x39, - 0x78, 0x02, 0xc6, 0x8f, 0x8b, 0xd2, 0x56, 0x6b, 0xf1, 0xfb, 0x57, 0x21, 0xbe, 0xc9, 0x54, 0xf4, - 0x2b, 0x07, 0x13, 0x21, 0xbf, 0x20, 0xac, 0xf7, 0xf8, 0x0b, 0x46, 0x36, 0x74, 0xe0, 0x16, 0xde, - 0xef, 0x1b, 0x55, 0xbb, 0x00, 0x3b, 0xf1, 0x90, 0xc1, 0x3d, 0x4a, 0xe2, 0xc1, 0x54, 0x91, 0x12, - 0xef, 0x3c, 0x26, 0xa3, 0x6f, 0x38, 0xb8, 0x76, 0x7c, 0x46, 0x7e, 0x27, 0x4a, 0x08, 0x0f, 0x2f, - 0x3c, 0x38, 0x1f, 0xde, 0xcd, 0xeb, 0x37, 0x0e, 0x26, 0xc3, 0x47, 0xd9, 0x8d, 0xe8, 0x1d, 0x3c, - 0xcd, 0x26, 0xec, 0xf4, 0x93, 0xcd, 0x57, 0x41, 0xf8, 0xe0, 0xb8, 0x11, 0xbd, 0x95, 0x7d, 0xaa, - 0xe0, 0xcc, 0x49, 0x0d, 0x3d, 0xe7, 0x60, 0xec, 0xc4, 0x98, 0x56, 0x8c, 0x10, 0xc8, 0x4f, 0x21, - 0xac, 0x9f, 0x9b, 0xc2, 0x4d, 0xf0, 0x67, 0x0e, 0xde, 0x08, 0x9e, 0x84, 0xde, 0x8b, 0x14, 0x24, - 0x80, 0x49, 0xd8, 0xea, 0x17, 0x93, 0x9b, 0xf5, 0x5f, 0x1c, 0xdc, 0x38, 0x7b, 0xe6, 0xd8, 0x89, - 0xf6, 0x20, 0x75, 0x66, 0x15, 0x3e, 0xb9, 0x08, 0x56, 0xb7, 0xb2, 0x97, 0x1c, 0xcc, 0x74, 0x75, - 0xfe, 0xfc, 0x30, 0x42, 0x1a, 0xdd, 0x10, 0x0b, 0x4f, 0x2e, 0x88, 0xd8, 0x57, 0x62, 0x57, 0xe7, - 0xa5, 0x28, 0x25, 0x76, 0x43, 0x1c, 0xa9, 0xc4, 0x5e, 0x8e, 0x2e, 0xe8, 0x4b, 0x0e, 0x46, 0xbc, - 0x73, 0xcb, 0xdb, 0x51, 0x1c, 0xd3, 0x46, 0x0b, 0xa5, 0xf3, 0xa0, 0xdb, 0x19, 0xad, 0x7d, 0xfa, - 0xfb, 0x61, 0x8a, 0x7b, 0x71, 0x98, 0xe2, 0x5e, 0x1e, 0xa6, 0xb8, 0xaf, 0x8e, 0x52, 0x03, 0x2f, - 0x8e, 0x52, 0x03, 0x7f, 0x1f, 0xa5, 0x06, 0x3e, 0x2e, 0xa9, 0xc4, 0xfc, 0xac, 0x5e, 0xce, 0x56, - 0x68, 0x35, 0xe7, 0x44, 0x9a, 0x6f, 0x87, 0xca, 0x1d, 0x0b, 0x35, 0xef, 0xc5, 0x9a, 0x77, 0x82, - 0xe5, 0xf6, 0x73, 0xf6, 0xff, 0x23, 0x07, 0x3a, 0x66, 0xe5, 0x41, 0xfb, 0x2f, 0x8c, 0x3b, 0xff, - 0x06, 0x00, 0x00, 0xff, 0xff, 0xd7, 0xa4, 0x88, 0x75, 0x33, 0x19, 0x00, 0x00, + 0x55, 0xa2, 0x4d, 0xd2, 0xae, 0x29, 0xeb, 0x44, 0x41, 0xe9, 0xa2, 0x8d, 0x6a, 0x2d, 0x2a, 0x6e, + 0x07, 0x08, 0x21, 0x26, 0x27, 0xbe, 0x33, 0x97, 0x3a, 0xb9, 0xc6, 0xd7, 0xa9, 0xda, 0xfd, 0x13, + 0x20, 0x21, 0x5e, 0x00, 0xf1, 0x06, 0xff, 0x00, 0x88, 0x57, 0x24, 0x9e, 0x78, 0x41, 0x9a, 0x10, + 0x12, 0x3c, 0x45, 0x53, 0xfb, 0x1f, 0xe4, 0x1d, 0x09, 0xd9, 0x4e, 0xec, 0xba, 0xb3, 0xd3, 0xc4, + 0x4d, 0x1f, 0xe8, 0xfa, 0x66, 0xdf, 0xdc, 0xef, 0xbb, 0xe7, 0x7c, 0xe7, 0xb3, 0xef, 0x3d, 0x0e, + 0x8c, 0xea, 0xbb, 0x24, 0x67, 0xee, 0x67, 0x75, 0x83, 0x9a, 0x14, 0x65, 0x9f, 0x10, 0xb5, 0x8c, + 0xb1, 0xac, 0x69, 0x44, 0xae, 0x55, 0x70, 0x56, 0x21, 0xcc, 0x34, 0x48, 0xb9, 0x6e, 0x62, 0xa5, + 0x42, 0xab, 0xba, 0x33, 0xaa, 0x61, 0x45, 0xc5, 0x46, 0x56, 0xdf, 0x25, 0xc2, 0x64, 0x85, 0xb2, + 0x2a, 0x65, 0x8f, 0x6c, 0x74, 0xce, 0xb9, 0x71, 0xa8, 0x84, 0x71, 0x95, 0xaa, 0xd4, 0x19, 0xb7, + 0xae, 0x9c, 0x51, 0xf1, 0x9b, 0x18, 0x4c, 0x6e, 0x32, 0x75, 0xcb, 0xa0, 0x3a, 0x65, 0xb8, 0xa8, + 0x28, 0x1f, 0x16, 0xf2, 0x2b, 0x12, 0xa5, 0xe6, 0x5d, 0x6c, 0x98, 0xe8, 0x3e, 0x0c, 0x32, 0xa2, + 0xd6, 0xb0, 0xc1, 0x73, 0x19, 0x6e, 0x76, 0x64, 0x2d, 0xd7, 0x6c, 0xa4, 0x5f, 0xdd, 0x93, 0x35, + 0xa2, 0xc8, 0x26, 0xbe, 0x23, 0x1a, 0xf8, 0xf3, 0x3a, 0x31, 0xb0, 0x22, 0xfe, 0xf9, 0xf3, 0xfc, + 0x78, 0x6b, 0xb1, 0xa2, 0xa2, 0x18, 0x98, 0xb1, 0x6d, 0xd3, 0x20, 0x35, 0x55, 0x6a, 0xc1, 0xd1, + 0x6d, 0x48, 0x54, 0xb0, 0x61, 0xf2, 0x31, 0x9b, 0x66, 0xa6, 0xd9, 0x48, 0x67, 0x9e, 0xa7, 0x99, + 0xab, 0xca, 0xfb, 0xab, 0x0b, 0xf9, 0xa5, 0xdb, 0x85, 0x37, 0x96, 0xf3, 0xa2, 0x64, 0x23, 0xd0, + 0xeb, 0x90, 0x20, 0xb5, 0xc7, 0x94, 0x8f, 0xdb, 0xc8, 0xab, 0xfe, 0x00, 0x2c, 0xc0, 0x52, 0x7e, + 0x65, 0x59, 0x94, 0xec, 0x49, 0x08, 0x41, 0xc2, 0x24, 0x55, 0xcc, 0x27, 0x32, 0xdc, 0x6c, 0x5c, + 0xb2, 0xaf, 0xd1, 0x0a, 0xc4, 0xf7, 0x88, 0xc2, 0x27, 0x33, 0xdc, 0x6c, 0x72, 0xed, 0x66, 0xb3, + 0x91, 0xbe, 0xee, 0xe1, 0x55, 0x13, 0xaf, 0x2e, 0xcc, 0x69, 0x26, 0x5e, 0x5d, 0x2e, 0x14, 0x6e, + 0x15, 0xe6, 0xdc, 0x84, 0x24, 0x0b, 0x23, 0x5e, 0x87, 0x6b, 0xa1, 0xda, 0x48, 0x98, 0xe9, 0xb4, + 0xc6, 0xb0, 0xf8, 0xa3, 0xa3, 0x60, 0x51, 0xd7, 0x0d, 0xba, 0x77, 0x7e, 0x0a, 0xde, 0x81, 0x21, + 0x56, 0x2f, 0x7f, 0x86, 0x2b, 0x6d, 0x11, 0x33, 0xcd, 0x46, 0x7a, 0x3a, 0x54, 0xc4, 0xc5, 0x25, + 0x51, 0x6a, 0x03, 0xd0, 0x5d, 0x18, 0x6d, 0x5d, 0x3e, 0xc0, 0x07, 0xeb, 0x4a, 0x4b, 0xcb, 0x74, + 0xb3, 0x91, 0x9e, 0x0a, 0x21, 0x58, 0x2c, 0x2c, 0x8b, 0x92, 0x0f, 0xe4, 0x16, 0x22, 0xd1, 0x4b, + 0x21, 0x92, 0x5e, 0x21, 0x5a, 0x6a, 0x06, 0xeb, 0xe4, 0xaa, 0xf9, 0x17, 0x07, 0x63, 0xd6, 0x2c, + 0xe7, 0xe7, 0x8b, 0x62, 0x42, 0x91, 0x87, 0x09, 0x7f, 0x56, 0x6e, 0xc2, 0x7f, 0xc4, 0x60, 0xda, + 0x33, 0x99, 0x84, 0xf7, 0xe8, 0x2e, 0xbe, 0x74, 0x50, 0xa0, 0x83, 0x90, 0x08, 0xa3, 0x0c, 0x1b, + 0x44, 0xd6, 0xde, 0xad, 0x57, 0xcb, 0xd8, 0xe0, 0x07, 0x2d, 0x22, 0xc9, 0x37, 0x26, 0xde, 0x80, + 0x99, 0x4e, 0x72, 0x9e, 0xd4, 0xbd, 0x65, 0xc7, 0x17, 0x42, 0xf7, 0x64, 0x2f, 0xba, 0x0f, 0x76, + 0xd0, 0x7d, 0x28, 0x54, 0xf7, 0x50, 0x39, 0x5d, 0xdd, 0x7f, 0x8b, 0xc1, 0x2b, 0x9b, 0x4c, 0xf5, + 0x66, 0x5c, 0x9a, 0xbc, 0x77, 0x93, 0x4f, 0xd9, 0x5b, 0x8e, 0x5f, 0x43, 0x57, 0xe1, 0x1f, 0x62, + 0xc0, 0xdb, 0xbf, 0x5a, 0x41, 0x5d, 0xee, 0x47, 0xa1, 0xfb, 0x91, 0x08, 0x99, 0x30, 0x99, 0x5c, + 0x2d, 0xbf, 0x4d, 0x3a, 0xb6, 0x56, 0x94, 0xad, 0x5d, 0x62, 0xe9, 0x5d, 0x91, 0x4d, 0x42, 0x6b, + 0xa5, 0xf6, 0x31, 0x8c, 0xd0, 0xda, 0x16, 0x25, 0xb5, 0x3e, 0xea, 0xda, 0x3a, 0xae, 0xc4, 0x7a, + 0x3f, 0xae, 0xa0, 0x3c, 0xc4, 0x75, 0xe2, 0xa8, 0x99, 0x5c, 0x4b, 0x35, 0x1b, 0x69, 0xc1, 0x0f, + 0xcd, 0x7b, 0x50, 0x51, 0xb2, 0xa6, 0xa2, 0x71, 0x48, 0x12, 0xb6, 0x55, 0x2c, 0xda, 0x22, 0x0e, + 0x4b, 0xce, 0x0d, 0x9a, 0x87, 0xa4, 0x26, 0x97, 0xb1, 0x16, 0xfc, 0xc2, 0xf0, 0x16, 0x75, 0x66, + 0xa1, 0x07, 0x30, 0x5e, 0x31, 0xb4, 0x6d, 0x3b, 0x7c, 0x4b, 0x3c, 0xf2, 0x98, 0x54, 0x64, 0xd3, + 0x79, 0x83, 0x74, 0x40, 0x07, 0x82, 0xd0, 0x7d, 0x40, 0x84, 0xb1, 0x3a, 0x36, 0xb6, 0xbd, 0x5a, + 0x97, 0x9c, 0x17, 0x4e, 0x38, 0x55, 0x00, 0x04, 0x15, 0x60, 0x48, 0x91, 0x4d, 0xf9, 0xa1, 0xb4, + 0xc1, 0x0f, 0xdb, 0xe8, 0xa9, 0x66, 0x23, 0x7d, 0x35, 0xc0, 0x5e, 0x75, 0x43, 0x13, 0xa5, 0xf6, + 0x5c, 0xeb, 0xe9, 0xb3, 0x2e, 0xef, 0x11, 0x0d, 0x6f, 0x93, 0x27, 0x98, 0x1f, 0xc9, 0x70, 0xb3, + 0x09, 0xc9, 0x37, 0x86, 0x52, 0x00, 0xd6, 0x7d, 0x89, 0xa8, 0x98, 0x99, 0x3c, 0xd8, 0xcf, 0xe7, + 0xb1, 0x11, 0x74, 0x03, 0xc6, 0xbc, 0xbb, 0x9d, 0x03, 0x1d, 0xf3, 0x57, 0x32, 0xdc, 0xec, 0x4b, + 0xd2, 0x89, 0x51, 0xf4, 0x36, 0x8c, 0x19, 0xae, 0xa5, 0xec, 0x79, 0xa3, 0xd6, 0xbc, 0xf0, 0x3c, + 0x4f, 0x4c, 0x17, 0xb3, 0x30, 0xd7, 0x8d, 0x39, 0x5d, 0x37, 0xff, 0x1b, 0x87, 0x9b, 0x9b, 0x4c, + 0x7d, 0xa8, 0x5b, 0xc4, 0xff, 0x03, 0x43, 0xbb, 0x46, 0x8c, 0x77, 0x65, 0xc4, 0xc5, 0x10, 0x23, + 0xda, 0x6f, 0x88, 0x9e, 0xfc, 0x96, 0xec, 0xdd, 0x6f, 0xcb, 0x9e, 0xdf, 0x1c, 0xe3, 0x4f, 0x37, + 0x1b, 0x69, 0xde, 0x43, 0xd3, 0x2a, 0x31, 0x71, 0x55, 0x37, 0x0f, 0x4e, 0x31, 0xdc, 0xd0, 0xa9, + 0x86, 0x1b, 0xee, 0xc2, 0x70, 0x23, 0x41, 0x86, 0x13, 0x17, 0x20, 0xd7, 0x65, 0xf9, 0x8f, 0x6f, + 0x26, 0x96, 0x65, 0x4a, 0x58, 0xc3, 0x17, 0xd1, 0x32, 0xc1, 0xe5, 0x4f, 0xf4, 0x5c, 0xfe, 0x96, + 0xb4, 0xdd, 0xc8, 0xe4, 0x4a, 0xfb, 0x55, 0x0c, 0x46, 0xad, 0xc7, 0x97, 0x59, 0x59, 0xbf, 0x4f, + 0x94, 0x0b, 0xb4, 0x37, 0xb7, 0x0a, 0x98, 0x88, 0xd0, 0x73, 0x4f, 0xc0, 0xf8, 0x71, 0x51, 0xda, + 0x6a, 0x2d, 0x7e, 0xf7, 0x32, 0xc4, 0x37, 0x99, 0x8a, 0x7e, 0xe1, 0x60, 0x22, 0xe4, 0x6b, 0xc5, + 0x7a, 0x8f, 0x5f, 0x4b, 0xb2, 0xa1, 0xcd, 0xbd, 0xf0, 0x5e, 0xdf, 0xa8, 0xda, 0x09, 0xd8, 0x81, + 0x87, 0x7c, 0x24, 0x88, 0x12, 0x78, 0x30, 0x55, 0xa4, 0xc0, 0x3b, 0xb7, 0xe4, 0xe8, 0x6b, 0x0e, + 0xae, 0x1c, 0xef, 0xc7, 0xdf, 0x8a, 0xb2, 0x84, 0x87, 0x17, 0xee, 0x9d, 0x0d, 0xef, 0xc6, 0xf5, + 0x2b, 0x07, 0x93, 0xe1, 0x6d, 0xf3, 0x46, 0xf4, 0x0a, 0x3e, 0xcf, 0x26, 0xec, 0xf4, 0x93, 0xcd, + 0x97, 0x41, 0x78, 0x03, 0xba, 0x11, 0xbd, 0x94, 0x7d, 0xca, 0xe0, 0xd4, 0x6e, 0x0e, 0x7d, 0xcf, + 0xc1, 0xd8, 0x89, 0x56, 0xae, 0x18, 0x61, 0x21, 0x3f, 0x85, 0xb0, 0x7e, 0x66, 0x0a, 0x37, 0xc0, + 0x9f, 0x38, 0x78, 0x2d, 0xb8, 0x13, 0x7a, 0x27, 0xd2, 0x22, 0x01, 0x4c, 0xc2, 0x56, 0xbf, 0x98, + 0xdc, 0xa8, 0xff, 0xe6, 0xe0, 0xda, 0xe9, 0x3d, 0xc7, 0x4e, 0xb4, 0x07, 0xa9, 0x33, 0xab, 0xf0, + 0xf1, 0x79, 0xb0, 0xba, 0x99, 0x3d, 0xe3, 0x60, 0xa6, 0xab, 0xf3, 0xe7, 0x07, 0x11, 0xc2, 0xe8, + 0x86, 0x58, 0x78, 0x74, 0x4e, 0xc4, 0xbe, 0x14, 0xbb, 0x3a, 0x2f, 0x45, 0x49, 0xb1, 0x1b, 0xe2, + 0x48, 0x29, 0xf6, 0x72, 0x74, 0x41, 0x5f, 0x70, 0x30, 0xe2, 0x9d, 0x5b, 0xde, 0x8c, 0xe2, 0x98, + 0x36, 0x5a, 0x28, 0x9d, 0x05, 0xdd, 0x8e, 0x68, 0xed, 0x93, 0xdf, 0x0f, 0x53, 0xdc, 0xd3, 0xc3, + 0x14, 0xf7, 0xec, 0x30, 0xc5, 0x7d, 0x79, 0x94, 0x1a, 0x78, 0x7a, 0x94, 0x1a, 0xf8, 0xe7, 0x28, + 0x35, 0xf0, 0x51, 0x49, 0x25, 0xe6, 0xa7, 0xf5, 0x72, 0xb6, 0x42, 0xab, 0x39, 0x67, 0xa5, 0xf9, + 0xf6, 0x52, 0xb9, 0x63, 0x4b, 0xcd, 0x7b, 0x6b, 0xcd, 0x3b, 0x8b, 0xe5, 0xf6, 0x73, 0xf6, 0x7f, + 0x31, 0x07, 0x3a, 0x66, 0xe5, 0x41, 0xfb, 0xef, 0x92, 0x5b, 0xff, 0x05, 0x00, 0x00, 0xff, 0xff, + 0xda, 0x6b, 0x4c, 0x0a, 0x9f, 0x19, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2132,6 +2158,13 @@ func (m *MsgProposeRevokeX509RootCert) MarshalToSizedBuffer(dAtA []byte) (int, e _ = i var l int _ = l + if len(m.SerialNumber) > 0 { + i -= len(m.SerialNumber) + copy(dAtA[i:], m.SerialNumber) + i = encodeVarintTx(dAtA, i, uint64(len(m.SerialNumber))) + i-- + dAtA[i] = 0x32 + } if m.Time != 0 { i = encodeVarintTx(dAtA, i, uint64(m.Time)) i-- @@ -2211,6 +2244,13 @@ func (m *MsgApproveRevokeX509RootCert) MarshalToSizedBuffer(dAtA []byte) (int, e _ = i var l int _ = l + if len(m.SerialNumber) > 0 { + i -= len(m.SerialNumber) + copy(dAtA[i:], m.SerialNumber) + i = encodeVarintTx(dAtA, i, uint64(len(m.SerialNumber))) + i-- + dAtA[i] = 0x3a + } if m.Time != 0 { i = encodeVarintTx(dAtA, i, uint64(m.Time)) i-- @@ -2290,6 +2330,13 @@ func (m *MsgRevokeX509Cert) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.SerialNumber) > 0 { + i -= len(m.SerialNumber) + copy(dAtA[i:], m.SerialNumber) + i = encodeVarintTx(dAtA, i, uint64(len(m.SerialNumber))) + i-- + dAtA[i] = 0x32 + } if m.Time != 0 { i = encodeVarintTx(dAtA, i, uint64(m.Time)) i-- @@ -2940,6 +2987,10 @@ func (m *MsgProposeRevokeX509RootCert) Size() (n int) { if m.Time != 0 { n += 1 + sovTx(uint64(m.Time)) } + l = len(m.SerialNumber) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } return n } @@ -2977,6 +3028,10 @@ func (m *MsgApproveRevokeX509RootCert) Size() (n int) { if m.Time != 0 { n += 1 + sovTx(uint64(m.Time)) } + l = len(m.SerialNumber) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } return n } @@ -3014,6 +3069,10 @@ func (m *MsgRevokeX509Cert) Size() (n int) { if m.Time != 0 { n += 1 + sovTx(uint64(m.Time)) } + l = len(m.SerialNumber) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } return n } @@ -4118,6 +4177,38 @@ func (m *MsgProposeRevokeX509RootCert) Unmarshal(dAtA []byte) error { break } } + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SerialNumber", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SerialNumber = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTx(dAtA[iNdEx:]) @@ -4365,6 +4456,38 @@ func (m *MsgApproveRevokeX509RootCert) Unmarshal(dAtA []byte) error { break } } + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SerialNumber", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SerialNumber = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTx(dAtA[iNdEx:]) @@ -4612,6 +4735,38 @@ func (m *MsgRevokeX509Cert) Unmarshal(dAtA []byte) error { break } } + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SerialNumber", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SerialNumber = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTx(dAtA[iNdEx:])