Merge pull request #573 from zigbee-alliance/add-schemaVersion-into-N…

…OC-models

Add schemaVersion field into NOC/ICA and auxiliary models

docs/transactions.md

@@ -850,8 +850,7 @@ The PAA certificate is immutable. It can only be revoked by either the owner or
   - info: `optional(string)` - information/notes for the proposal. Can contain up to 4096 characters.
   - time: `optional(int64)` - proposal time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field.
   - vid: `uint16` -  Vendor ID (positive non-zero). Must be equal to the Certificate's `vid` field for VID-scoped PAA.
-  - certificate-schema-version: `optional(uint16)` - Certificate's schema version to support backward/forward compatability(default 0)
-  - schemaVersion: `optional(uint16)` - Schema version to support backward/forward compatability(default 0)
+  - schemaVersion: `optional(uint16)` - Certificate's schema version to support backward/forward compatability(default 0)
 - In State: `pki/ProposedCertificate/value/<Certificate's Subject>/<Certificate's Subject Key ID>`
 - CLI command:
   - `dcld tx pki propose-add-x509-root-cert --certificate=<string-or-path> --from=<account>`
@@ -908,7 +907,6 @@ The certificate is not reject until sufficient number of Trustees reject it.
   `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB`
   - info: `optional(string)` - information/notes for the reject. Can contain up to 4096 characters.
   - time: `optional(int64)` - reject time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field.
-  - schemaVersion: `optional(uint16)` - Schema version to support backward/forward compatability(default 0)
 - In State: `pki/RejectedCertificates/value/<Certificate's Subject>/<Certificate's Subject Key ID>`
 - Number of required rejects:
   - more than 1/3 of Trustees
@@ -943,7 +941,6 @@ then the certificate will be in a pending state until sufficient number of other
   - revoke-child: `optional(bool)`  - to revoke child certificates in the chain - default is false.
   - info: `optional(string)` - information/notes for the revocation proposal. Can contain up to 4096 characters.
   - time: `optional(int64)` - revocation proposal time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field.
-  - schemaVersion: `optional(uint16)` - Schema version to support backward/forward compatability(default 0)
 - In State: `pki/ProposedCertificateRevocation/value/<Certificate's Subject>/<Certificate's Subject Key ID>`
 - CLI command:
   - `dcld tx pki propose-revoke-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> --from=<account>`
@@ -1101,7 +1098,6 @@ Adds a PAI (intermediate certificate) signed by a chain of certificates which mu
 - Parameters:
   - cert: `string` - PEM encoded certificate. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data.
   - certificate-schema-version: `optional(uint16)` - Certificate's schema version to support backward/forward compatability(default 0)
-  - schemaVersion: `optional(uint16)` - Schema version to support backward/forward compatability(default 0)
 - In State:
   - `pki/ApprovedCertificates/value/<Certificate's Subject>/<Certificate's Subject Key ID>`
   - `pki/ChildCertificates/value/<Certificate's Subject>/<Certificate's Subject Key ID>`
@@ -1153,7 +1149,6 @@ Root certificates can not be revoked this way, use  [PROPOSE_REVOKE_PAA](#propos
   - revoke-child: `optional(bool)` - to revoke child certificates in the chain - default is false.
   - info: `optional(string)` - information/notes for the revocation. Can contain up to 4096 characters.
   - time: `optional(int64)` - revocation time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field.
-  - schemaVersion: `optional(uint16)` - Schema version to support backward/forward compatability(default 0)
 - In State: `pki/RevokedCertificates/value/<Certificate's Subject>/<Certificate's Subject Key ID>`
 - CLI command:
   - `dcld tx pki revoke-x509-cert --subject=<base64 string> --subject-key-id=<hex string> --from=<account>`
@@ -1359,8 +1354,7 @@ This transaction adds a NOC root certificate owned by the Vendor.
   - Vendor account
 - Parameters:
   - cert: `string` - The NOC Root Certificate, encoded in X.509v3 PEM format. Can be a PEM string or a file path.
-  - certificate-schema-version: `optional(uint16)` - Certificate's schema version to support backward/forward compatability(default 0)
-  - schemaVersion: `optional(uint16)` - Schema version to support backward/forward compatability(default 0)
+  - schemaVersion: `optional(uint16)` - Certificate's schema version to support backward/forward compatability(default 0)
 - In State:
   - `pki/ApprovedCertificates/value/<Subject>/<SubjectKeyID>`
   - `pki/ApprovedCertificatesBySubject/value/<Subject>`
@@ -1397,7 +1391,6 @@ Revoked certificates can be retrieved by using the [GET_REVOKED_CERT](#get_revok
   - revoke-child: `optional(bool)` - if true, then all certificates in the chain signed by the revoked certificate (intermediate, leaf) are revoked as well. If false, only the current root cert is revoked (default: false).
   - info: `optional(string)` - information/notes for the revocation. Can contain up to 4096 characters.
   - time: `optional(int64)` - revocation time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field.
-  - schemaVersion: `optional(uint16)` - Schema version to support backward/forward compatability(default 0)
 - In State:
   - `pki/RevokedCertificates/value/<Certificate's Subject>/<Certificate's Subject Key ID>`
   - `pki/RevokedNocRootCertificates/value/<Certificate's Subject>/<Certificate's Subject Key ID>`
@@ -1449,7 +1442,6 @@ already present on the ledger.
 - Parameters:
   - cert: `string` - The NOC non-root Certificate, encoded in X.509v3 PEM format. Can be a PEM string or a file path.
   - certificate-schema-version: `optional(uint16)` - Certificate's schema version to support backward/forward compatability(default 0)
-  - schemaVersion: `optional(uint16)` - Schema version to support backward/forward compatability(default 0)
 - In State:
   - `pki/ApprovedCertificates/value/<Subject>/<SubjectKeyID>`
   - `pki/ApprovedCertificatesBySubject/value/<Subject>`
@@ -1480,7 +1472,6 @@ Revoked certificates can be retrieved by using the [GET_REVOKED_CERT](#get_revok
   - revoke-child: `optional(bool)` - if true, then all certificates in the chain signed by the revoked certificate (leaf) are revoked as well. If false, only the current cert is revoked (default: false).
   - info: `optional(string)` - information/notes for the revocation. Can contain up to 4096 characters.
   - time: `optional(int64)` - revocation time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field.
-  - schemaVersion: `optional(uint16)` - Schema version to support backward/forward compatability(default 0)
 - In State:
   - `pki/RevokedCertificates/value/<Certificate's Subject>/<Certificate's Subject Key ID>`
 - CLI command:

integration_tests/cli/pki-demo.sh

@@ -188,13 +188,13 @@ test_divider
 echo "$user_account (Not Trustee) propose Root certificate"
 root_path="integration_tests/constants/root_cert"
 cert_schema_version_1=1
-schema_version_2=2
+schema_version_0=0
 result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$root_path" --from $user_account --vid $vid --yes)
 result=$(get_txn_result "$result")
 response_does_not_contain "$result" "\"code\": 0"
 
 echo "$trustee_account (Trustee) propose Root certificate"
-result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$root_path" --certificate-schema-version=$cert_schema_version_1 --schemaVersion=$schema_version_2 --from $trustee_account   --vid $vid --yes)
+result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$root_path" --schemaVersion=$cert_schema_version_1 --from $trustee_account   --vid $vid --yes)
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 0"
 
@@ -206,7 +206,7 @@ echo $result | jq
 check_response "$result" "\"subject\": \"$root_cert_subject\""
 check_response "$result" "\"subjectKeyId\": \"$root_cert_subject_key_id\""
 check_response "$result" "\"certSchemaVersion\": $cert_schema_version_1"
-check_response "$result" "\"schemaVersion\": $schema_version_2"
+check_response "$result" "\"schemaVersion\": $schema_version_0"
 
 test_divider
 
@@ -390,7 +390,7 @@ test_divider
 
 echo "$vendor_account adds Intermediate certificate"
 intermediate_path="integration_tests/constants/intermediate_cert"
-result=$(echo "$passphrase" | dcld tx pki add-x509-cert --certificate="$intermediate_path" --certificate-schema-version=$cert_schema_version_1 --schemaVersion=$schema_version_2 --from $vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki add-x509-cert --certificate="$intermediate_path" --schemaVersion=$cert_schema_version_1 --from $vendor_account --yes)
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 0"
 
@@ -405,7 +405,7 @@ check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id\
 check_response "$result" "\"serialNumber\": \"$intermediate_cert_serial_number\""
 check_response "$result" "\"subjectAsText\": \"$intermediate_cert_subject_as_text\""
 check_response "$result" "\"schemaVersion\": $cert_schema_version_1"
-check_response "$result" "\"schemaVersion\": $schema_version_2"
+check_response "$result" "\"schemaVersion\": 0"
 check_response "$result" "\"approvals\": \\[\\]"
 
 echo "Request Intermediate certificate by subjectKeyId - There are no approvals for Intermidiate Certificates"
@@ -680,9 +680,8 @@ result=$(echo "$passphrase" | dcld tx pki revoke-x509-cert --subject="$intermedi
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 4"
 
-revoke_schema_version_3=3
 echo "$vendor_account (Not Trustee) revokes only Intermediate certificate. This must not revoke its child - Leaf certificate."
-result=$(echo "$passphrase" | dcld tx pki revoke-x509-cert --subject="$intermediate_cert_subject" --subject-key-id="$intermediate_cert_subject_key_id" --schemaVersion=$revoke_schema_version_3 --from=$vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki revoke-x509-cert --subject="$intermediate_cert_subject" --subject-key-id="$intermediate_cert_subject_key_id" --from=$vendor_account --yes)
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 0"
 
@@ -712,7 +711,6 @@ result=$(dcld query pki all-revoked-x509-certs)
 echo $result | jq
 check_response "$result" "\"subject\": \"$intermediate_cert_subject\""
 check_response "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id\""
-check_response "$result" "\"schemaVersion\": $revoke_schema_version_3"
 response_does_not_contain "$result" "\"subject\": \"$leaf_cert_subject\""
 response_does_not_contain "$result" "\"subjectKeyId\": \"$leaf_cert_subject_key_id\""
 response_does_not_contain "$result" "\"subject\": \"$root_cert_subject\""
@@ -822,9 +820,8 @@ test_divider
 echo "7. PROPOSE REVOCATION OF ROOT CERT"
 test_divider
 
-revoke_schema_version_4=4
 echo "$trustee_account (Trustee) proposes to revoke only Root certificate(child certificates should not be revoked)"
-result=$(echo "$passphrase" | dcld tx pki propose-revoke-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --schemaVersion=$revoke_schema_version_4 --from $trustee_account --yes)
+result=$(echo "$passphrase" | dcld tx pki propose-revoke-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --from $trustee_account --yes)
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 0"
 
@@ -842,7 +839,6 @@ result=$(dcld query pki all-proposed-x509-root-certs-to-revoke)
 echo $result | jq
 check_response "$result" "\"subject\": \"$root_cert_subject\""
 check_response "$result" "\"subjectKeyId\": \"$root_cert_subject_key_id\""
-check_response "$result" "\"schemaVersion\": $revoke_schema_version_4"
 response_does_not_contain "$result" "\"subject\": \"$intermediate_cert_subject\""
 response_does_not_contain "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id\""
 response_does_not_contain "$result" "\"subject\": \"$leaf_cert_subject\""
@@ -1689,9 +1685,8 @@ response_does_not_contain "$result" "\"subjectAsText\": \"$test_cert_subject_as_
 
 test_divider
 
-reject_schema_version_4=4
 echo "$second_trustee_account (Second Trustee) rejects Root certificate"
-result=$(echo "$passphrase" | dcld tx pki reject-add-x509-root-cert --subject="$test_cert_subject" --subject-key-id="$test_cert_subject_key_id" --schemaVersion=$reject_schema_version_4 --from $second_trustee_account --yes)
+result=$(echo "$passphrase" | dcld tx pki reject-add-x509-root-cert --subject="$test_cert_subject" --subject-key-id="$test_cert_subject_key_id" --from $second_trustee_account --yes)
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 0"
 
@@ -1722,7 +1717,7 @@ check_response "$result" "\"serialNumber\": \"$test_cert_serial_number\""
 check_response "$result" "\"subjectAsText\": \"$test_cert_subject_as_text\""
 check_response "$result" "\"address\": \"$trustee_account_address\""
 check_response "$result" "\"address\": \"$second_trustee_account_address\""
-check_response "$result" "\"schemaVersion\": $reject_schema_version_4"
+check_response "$result" "\"schemaVersion\": $schema_version_0"
 
 test_divider
 

integration_tests/cli/pki-noc-certs.sh

@@ -153,9 +153,8 @@ result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 414"
 
 cert_schema_version_1=1
-schema_version_2=2
 echo "Add first NOC root certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="$noc_root_cert_1_path" --certificate-schema-version=$cert_schema_version_1 --schemaVersion=$schema_version_2 --from $vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="$noc_root_cert_1_path" --schemaVersion=$cert_schema_version_1 --from $vendor_account --yes)
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 0"
 
@@ -186,6 +185,7 @@ check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\""
 check_response "$result" "\"subjectAsText\": \"$noc_root_cert_2_subject_as_text\""
 check_response "$result" "\"schemaVersion\": $cert_schema_version_0"
 check_response "$result" "\"schemaVersion\": $cert_schema_version_1"
+check_response "$result" "\"schemaVersion\": $schema_version_0"
 check_response "$result" "\"vid\": $vid"
 
 test_divider
@@ -292,9 +292,8 @@ check_response "$result" "\"code\": 439"
 test_divider
 
 cert_schema_version_3=3
-schema_version_4=4
 echo "Add second NOC certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_cert_2_path" --certificate-schema-version=$cert_schema_version_3 --schemaVersion=$schema_version_4 --from $vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_cert_2_path" --schemaVersion=$cert_schema_version_3 --from $vendor_account --yes)
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 0"
 
@@ -316,6 +315,7 @@ check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\""
 check_response "$result" "\"vid\": $vid"
 check_response "$result" "\"schemaVersion\": $cert_schema_version_0"
 check_response "$result" "\"schemaVersion\": $cert_schema_version_3"
+check_response "$result" "\"schemaVersion\": $schema_version_0"
 
 
 echo "Request all approved certificates"
@@ -364,9 +364,8 @@ result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 439"
 
-revoke_schema_version_5=5
 echo "$vendor_account Vendor revokes only root certificate, it should not revoke intermediate certificates"
-result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id" --schemaVersion=$revoke_schema_version_5 --from=$vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id" --from=$vendor_account --yes)
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 0"
 
@@ -377,7 +376,7 @@ check_response "$result" "\"subject\": \"$noc_root_cert_1_subject"
 check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
 check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\""
 check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\""
-check_response "$result" "\"schemaVersion\": $revoke_schema_version_5"
+check_response "$result" "\"schemaVersion\": $schema_version_0"
 response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\""
 response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\""
 
@@ -490,9 +489,8 @@ result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-ica-cert --subject="$n
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 439"
 
-revoke_schema_version_6=6
 echo "$vendor_account Vendor revokes only NOC certificates, it should not revoke leaf certificates"
-result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-ica-cert --subject="$noc_cert_1_subject" --subject-key-id="$noc_cert_1_subject_key_id" --schemaVersion=$revoke_schema_version_6 --from=$vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-ica-cert --subject="$noc_cert_1_subject" --subject-key-id="$noc_cert_1_subject_key_id" --from=$vendor_account --yes)
 result=$(get_txn_result "$result")
 check_response "$result" "\"code\": 0"
 
@@ -506,7 +504,7 @@ check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_numbe
 check_response "$result" "\"subject\": \"$noc_cert_1_subject\""
 check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\""
 check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number"
-check_response "$result" "\"schemaVersion\": $revoke_schema_version_6"
+check_response "$result" "\"schemaVersion\": $schema_version_0"
 response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\""
 response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\""
 response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number"

integration_tests/grpc_rest/pki/noc_cert_helpers.go

@@ -282,8 +282,10 @@ func NocCertDemo(suite *utils.TestSuite) {
 	require.Equal(suite.T, 2, len(nocCertificates.Certs))
 	require.Equal(suite.T, testconstants.NocRootCert1Subject, nocCertificates.Certs[0].Subject)
 	require.Equal(suite.T, testconstants.NocRootCert1SubjectKeyID, nocCertificates.Certs[0].SubjectKeyId)
+	require.Equal(suite.T, testconstants.SchemaVersion, nocCertificates.Certs[0].SchemaVersion)
 	require.Equal(suite.T, testconstants.NocRootCert2Subject, nocCertificates.Certs[1].Subject)
 	require.Equal(suite.T, testconstants.NocRootCert2SubjectKeyID, nocCertificates.Certs[1].SubjectKeyId)
+	require.Equal(suite.T, testconstants.SchemaVersion, nocCertificates.SchemaVersion)
 
 	// Request NOC root certificate by VID1 and SKID1
 	nocCertificatesByVidAndSkid, _ := GetNocX509RootCertsByVidAndSkid(suite, vid1, testconstants.NocRootCert1SubjectKeyID)

proto/zigbeealliance/distributedcomplianceledger/compliance/certified_model.proto

@@ -8,7 +8,7 @@ message CertifiedModel {
   int32 pid = 2; 
   uint32 softwareVersion = 3; 
   string certificationType = 4; 
-  bool value = 5; 
-
+  bool value = 5;
+  uint32 schemaVersion = 6;
 }
 

proto/zigbeealliance/distributedcomplianceledger/compliance/compliance_history_item.proto

@@ -8,5 +8,6 @@ message ComplianceHistoryItem {
   uint32 softwareVersionCertificationStatus = 1; 
   string date = 2; 
   string reason = 3; 
-  uint32 cDVersionNumber = 4; 
+  uint32 cDVersionNumber = 4;
+  uint32 schemaVersion = 5;
 }

proto/zigbeealliance/distributedcomplianceledger/compliance/device_software_compliance.proto

@@ -8,4 +8,5 @@ import "zigbeealliance/distributedcomplianceledger/compliance/compliance_info.pr
 message DeviceSoftwareCompliance {
   string cDCertificateId = 1; 
   repeated ComplianceInfo complianceInfo = 2;
+  uint32 schemaVersion = 3;
 }

proto/zigbeealliance/distributedcomplianceledger/compliance/provisional_model.proto

@@ -8,7 +8,7 @@ message ProvisionalModel {
   int32 pid = 2; 
   uint32 softwareVersion = 3; 
   string certificationType = 4; 
-  bool value = 5; 
-
+  bool value = 5;
+  uint32 schemaVersion = 6;
 }