Merge branch 'master' into #531-Publish-PAI-certificates-for-CRLSigne…

…rCertificate-verification # Conflicts: # docs/transactions.md # vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts # x/pki/types/tx.pb.go
zigbee-alliance · Apr 10, 2024 · a093608 · a093608
2 parents a1b9a20 + 1933bad
commit a093608
Show file tree

Hide file tree

Showing 57 changed files with 2,173 additions and 2,072 deletions.
diff --git a/docs/static/openapi.yml b/docs/static/openapi.yml
@@ -9297,17 +9297,17 @@ paths:
           type: string
       tags:
         - Query
-  /dcl/pki/noc-certificates:
+  /dcl/pki/noc-ica-certificates:
     get:
-      summary: Queries a list of NocCertificates items.
-      operationId: NocCertificatesAll
+      summary: Queries a list of NocIcaCertificates items.
+      operationId: NocIcaCertificatesAll
       responses:
         '200':
           description: A successful response.
           schema:
             type: object
             properties:
-              nocCertificates:
+              nocIcaCertificates:
                 type: array
                 items:
                   type: object
@@ -9482,17 +9482,17 @@ paths:
           type: boolean
       tags:
         - Query
-  /dcl/pki/noc-certificates/{vid}:
+  /dcl/pki/noc-ica-certificates/{vid}:
     get:
-      summary: Queries a NocCertificates by index.
-      operationId: NocCertificates
+      summary: Queries a NocIcaCertificates by index.
+      operationId: NocIcaCertificates
       responses:
         '200':
           description: A successful response.
           schema:
             type: object
             properties:
-              nocCertificates:
+              nocIcaCertificates:
                 type: object
                 properties:
                   vid:
@@ -21684,7 +21684,7 @@ definitions:
         format: int64
       info:
         type: string
-  zigbeealliance.distributedcomplianceledger.pki.NocCertificates:
+  zigbeealliance.distributedcomplianceledger.pki.NocIcaCertificates:
     type: object
     properties:
       vid:
@@ -22066,10 +22066,10 @@ definitions:
                    repeated Bar results = 1;
                    PageResponse page = 2;
            }
-  zigbeealliance.distributedcomplianceledger.pki.QueryAllNocCertificatesResponse:
+  zigbeealliance.distributedcomplianceledger.pki.QueryAllNocIcaCertificatesResponse:
     type: object
     properties:
-      nocCertificates:
+      nocIcaCertificates:
         type: array
         items:
           type: object
@@ -22869,10 +22869,10 @@ definitions:
                   type: string
                 subjectKeyId:
                   type: string
-  zigbeealliance.distributedcomplianceledger.pki.QueryGetNocCertificatesResponse:
+  zigbeealliance.distributedcomplianceledger.pki.QueryGetNocIcaCertificatesResponse:
     type: object
     properties:
-      nocCertificates:
+      nocIcaCertificates:
         type: object
         properties:
           vid:

diff --git a/docs/transactions.md b/docs/transactions.md
diff --git a/integration_tests/cli/pki-noc-certs.sh b/integration_tests/cli/pki-noc-certs.sh
@@ -200,12 +200,12 @@ check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
 check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\""
 check_response "$result" "\"subjectAsText\": \"$noc_root_cert_1_subject_as_text\""
 
-echo "Add first NOC certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_1_path" --from $vendor_account --yes)
+echo "Add first intermidiate NOC certificate by vendor with VID = $vid"
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_cert_1_path" --from $vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
-echo "Request NOC certificate by VID = $vid"
-result=$(dcld query pki noc-x509-certs --vid="$vid")
+echo "Request intermidiate NOC certificate by VID = $vid"
+result=$(dcld query pki noc-x509-ica-certs --vid="$vid")
 echo $result | jq
 check_response "$result" "\"subject\": \"$noc_cert_1_subject\""
 check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\""
@@ -221,23 +221,23 @@ check_response "$result" "\"subject\": \"$noc_cert_1_subject\""
 check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\""
 
 echo "Try to add intermediate with different VID = $vid_2"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_2_path" --from $vendor_account_2 --yes)
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_cert_2_path" --from $vendor_account_2 --yes)
 check_response "$result" "\"code\": 439"
 
 test_divider
 
 cert_schema_version_3=3
 schema_version_4=4
 echo "Add second NOC certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_2_path" --certificate-schema-version=$cert_schema_version_3 --schemaVersion=$schema_version_4 --from $vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_cert_2_path" --certificate-schema-version=$cert_schema_version_3 --schemaVersion=$schema_version_4 --from $vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
 echo "Add third NOC certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_1_copy_path" --from $vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_cert_1_copy_path" --from $vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
 echo "Request all NOC certificates"
-result=$(dcld query pki all-noc-x509-certs)
+result=$(dcld query pki all-noc-x509-ica-certs)
 echo $result | jq
 check_response "$result" "\"subject\": \"$noc_cert_1_subject\""
 check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\""
@@ -272,7 +272,7 @@ result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="
 check_response "$result" "\"code\": 0"
 
 echo "Add NOC leaf certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_leaf_cert_1_path" --from $vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_leaf_cert_1_path" --from $vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
 echo "Request All NOC root certificate"
@@ -283,7 +283,7 @@ check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_numbe
 check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\""
 
 echo "Request all NOC certificates"
-result=$(dcld query pki all-noc-x509-certs)
+result=$(dcld query pki all-noc-x509-ica-certs)
 echo $result | jq
 check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\""
 check_response "$result" "\"serialNumber\": \"$noc_cert_1_copy_serial_number\""
@@ -365,7 +365,7 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_s
 echo $result | jq
 
 echo "Request NOC certificate by VID = $vid should contain intermediate and leaf certificates"
-result=$(dcld query pki noc-x509-certs --vid="$vid")
+result=$(dcld query pki noc-x509-ica-certs --vid="$vid")
 echo $result | jq
 check_response "$result" "\"subject\": \"$noc_cert_1_subject\""
 check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\""
@@ -395,12 +395,12 @@ test_divider
 echo "REVOCATION OF NON-ROOT NOC CERTIFICATES"
 
 echo "Try to revoke NOC certificate with different VID = $vid_2"
-result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-cert --subject="$noc_cert_1_subject" --subject-key-id="$noc_cert_1_subject_key_id" --from $vendor_account_2 --yes)
+result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-ica-cert --subject="$noc_cert_1_subject" --subject-key-id="$noc_cert_1_subject_key_id" --from $vendor_account_2 --yes)
 check_response "$result" "\"code\": 439"
 
 revoke_schema_version_6=6
 echo "$vendor_account Vendor revokes only NOC certificates, it should not revoke leaf certificates"
-result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-cert --subject="$noc_cert_1_subject" --subject-key-id="$noc_cert_1_subject_key_id" --schemaVersion=$revoke_schema_version_6 --from=$vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-ica-cert --subject="$noc_cert_1_subject" --subject-key-id="$noc_cert_1_subject_key_id" --schemaVersion=$revoke_schema_version_6 --from=$vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
 echo "Request all revoked certificates should not contain leaf certificate"
@@ -440,7 +440,7 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_copy_serial
 echo $result | jq
 
 echo "Request NOC certificate by VID = $vid should contain one leaf certificate"
-result=$(dcld query pki noc-x509-certs --vid="$vid")
+result=$(dcld query pki noc-x509-ica-certs --vid="$vid")
 echo $result | jq
 check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\""
 check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\""

diff --git a/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh b/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh
@@ -57,11 +57,11 @@ result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="
 check_response "$result" "\"code\": 0"
 
 echo "Add first NOC certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_1_path" --from $vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_cert_1_path" --from $vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
 echo "Add NOC leaf certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_leaf_cert_1_path" --from $vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_leaf_cert_1_path" --from $vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
 test_divider
@@ -73,7 +73,7 @@ check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\""
 check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\""
 
 echo "Request all NOC certificates"
-result=$(dcld query pki all-noc-x509-certs)
+result=$(dcld query pki all-noc-x509-ica-certs)
 echo $result | jq
 check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\""
 check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\""
@@ -146,7 +146,7 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial
 echo $result | jq
 
 echo "Request NOC certificate by VID = $vid should be empty"
-result=$(dcld query pki noc-x509-certs --vid="$vid")
+result=$(dcld query pki noc-x509-ica-certs --vid="$vid")
 echo $result | jq
 check_response "$result" "Not Found"
 response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\""
@@ -180,32 +180,32 @@ echo "Add NOC root certificate by vendor with VID = $vid"
 result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="$noc_root_cert_2_path" --from $vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
-echo "Add NOC certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_2_path" --from $vendor_account --yes)
+echo "Add intermidiate NOC certificate by vendor with VID = $vid"
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_cert_2_path" --from $vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
-echo "Add second NOC certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_2_copy_path" --from $vendor_account --yes)
+echo "Add second intermidiate NOC certificate by vendor with VID = $vid"
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_cert_2_copy_path" --from $vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
 echo "Add leaf certificate by vendor with VID = $vid"
-result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_leaf_cert_2_path" --from $vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki add-noc-x509-ica-cert --certificate="$noc_leaf_cert_2_path" --from $vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
 echo "Request All NOC root certificate"
 result=$(dcld query pki all-noc-x509-root-certs)
 echo $result | jq
 check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\""
 
-echo "Request all NOC certificates"
-result=$(dcld query pki all-noc-x509-certs)
+echo "Request all intermidiate NOC certificates"
+result=$(dcld query pki all-noc-x509-ica-certs)
 echo $result | jq
 check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\""
 check_response "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\""
 check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_2_serial_number\""
 
 echo "$vendor_account Vendor revokes non-root NOC certificate by setting \"revoke-child\" flag to true, it should revoke child certificates too"
-result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-cert --subject="$noc_cert_2_subject" --subject-key-id="$noc_cert_2_subject_key_id" --revoke-child=true --from=$vendor_account --yes)
+result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-ica-cert --subject="$noc_cert_2_subject" --subject-key-id="$noc_cert_2_subject_key_id" --revoke-child=true --from=$vendor_account --yes)
 check_response "$result" "\"code\": 0"
 
 echo "Request all revoked certificates should two intermediate and one leaf certificates"
@@ -239,7 +239,7 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial
 echo $result | jq
 
 echo "Request NOC certificate by VID = $vid should not contain intermediate and leaf certificates"
-result=$(dcld query pki noc-x509-certs --vid="$vid")
+result=$(dcld query pki noc-x509-ica-certs --vid="$vid")
 echo $result | jq
 response_does_not_contain "$result" "\"subject\": \"$noc_cert_2_subject\""
 response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_2_subject\""