From a4f6a9966a7a8dda67dd32a343a290ddcdc2df1d Mon Sep 17 00:00:00 2001 From: Abdulbois Date: Wed, 13 Mar 2024 17:56:53 +0500 Subject: [PATCH] #524 Enable revocation of NOC certificates Signed-off-by: Abdulbois Signed-off-by: Abdulbois --- docs/transactions.md | 23 + integration_tests/cli/pki-noc-certs.sh | 83 +- .../pki-noc-revocation-with-revoking-child.sh | 108 +++ .../pki-noc-revocation-with-serial-number.sh | 163 ++++ integration_tests/constants/noc_cert_1_copy | 15 + integration_tests/constants/noc_cert_2_copy | 15 + integration_tests/constants/noc_constants.go | 22 + integration_tests/constants/noc_leaf_cert_2 | 15 + proto/pki/tx.proto | 14 + scripts/starport/upgrade-0.44/07.pki_types.sh | 1 + types/pki/errors.go | 2 +- .../index.ts | 528 ++++++------ .../module/index.ts | 3 + .../module/rest.ts | 2 + .../module/types/pki/tx.ts | 214 +++++ x/pki/client/cli/tx.go | 1 + x/pki/client/cli/tx_revoke_noc_x_509_cert.go | 67 ++ x/pki/handler.go | 4 + x/pki/handler_revoke_noc_cert_test.go | 547 ++++++++++++ x/pki/keeper/msg_server_remove_x_509_cert.go | 2 +- .../msg_server_revoke_noc_x_509_cert.go | 112 +++ x/pki/keeper/msg_server_revoke_x_509_cert.go | 2 +- x/pki/keeper/noc_certificates.go | 24 +- x/pki/module_simulation.go | 15 + x/pki/simulation/revoke_noc_x_509_cert.go | 29 + x/pki/types/codec.go | 4 + x/pki/types/message_revoke_noc_x_509_cert.go | 63 ++ .../message_revoke_noc_x_509_cert_test.go | 127 +++ x/pki/types/tx.pb.go | 780 ++++++++++++++++-- 29 files changed, 2638 insertions(+), 347 deletions(-) create mode 100644 integration_tests/constants/noc_cert_1_copy create mode 100644 integration_tests/constants/noc_cert_2_copy create mode 100644 integration_tests/constants/noc_leaf_cert_2 create mode 100644 x/pki/client/cli/tx_revoke_noc_x_509_cert.go create mode 100644 x/pki/handler_revoke_noc_cert_test.go create mode 100644 x/pki/keeper/msg_server_revoke_noc_x_509_cert.go create mode 100644 x/pki/simulation/revoke_noc_x_509_cert.go create mode 100644 x/pki/types/message_revoke_noc_x_509_cert.go create mode 100644 x/pki/types/message_revoke_noc_x_509_cert_test.go diff --git a/docs/transactions.md b/docs/transactions.md index da8f5a1b2..9d6ca2030 100644 --- a/docs/transactions.md +++ b/docs/transactions.md @@ -1208,6 +1208,29 @@ Revoked NOC root certificates can be re-added using the `ADD_NOC_X509_ROOT_CERTI - CLI command: - `dcld tx pki revoke-noc-x509-root-cert --subject= --subject-key-id= --serial-number= --info= --time= --revoke-child= --from=` +### REVOKE_NOC_X509_CERT + +**Status: Implemented** + +This transaction revokes a NOC non-root certificate owned by the Vendor. +Revoked NOC non-root certificates can be re-added using the `ADD_NOC_X509_CERTIFICATE` transaction. + +- Who can send: Vendor account + - Vid field associated with the corresponding NOC certificate on the ledger must be equal to the Vendor account's VID. +- Validation: + - a NOC Certificate with the provided `subject` and `subject_key_id` must exist in the ledger. +- Parameters: + - subject: `string` - base64 encoded subject DER sequence bytes of the certificate. + - subject_key_id: `string` - certificate's `Subject Key Id` in hex string format, e.g., `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB`. + - serial_number: `optional(string)` - certificate's serial number. If not provided, the transaction will revoke all certificates that match the given `subject` and `subject_key_id` combination. + - revoke-child: `optional(bool)` - if true, then all certificates in the chain signed by the revoked certificate (leaf) are revoked as well. If false, only the current cert is revoked (default: false). + - info: `optional(string)` - information/notes for the revocation + - time: `optional(int64)` - revocation time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field. +- In State: + - `pki/RevokedCertificates/value//` +- CLI command: + - `dcld tx pki revoke-noc-x509-cert --subject= --subject-key-id= --serial-number= --info= --time= --revoke-child= --from=` + ### GET_X509_CERT **Status: Implemented** diff --git a/integration_tests/cli/pki-noc-certs.sh b/integration_tests/cli/pki-noc-certs.sh index 4fe99d3fb..286723fb9 100755 --- a/integration_tests/cli/pki-noc-certs.sh +++ b/integration_tests/cli/pki-noc-certs.sh @@ -27,6 +27,9 @@ noc_cert_1_subject="MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UE noc_cert_1_subject_key_id="02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3" noc_cert_1_serial_number="631388393741945881054190991612463928825155142122" +noc_cert_1_copy_path="integration_tests/constants/noc_cert_1_copy" +noc_cert_1_copy_serial_number="169445068204646961882009388640343665944683778293" + noc_cert_2_path="integration_tests/constants/noc_cert_2" noc_cert_2_subject="MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg==" noc_cert_2_subject_key_id="87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD" @@ -221,12 +224,17 @@ echo "Add second NOC certificate by vendor with VID = $vid" result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_2_path" --from $vendor_account --yes) check_response "$result" "\"code\": 0" +echo "Add third NOC certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_1_copy_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + echo "Request all NOC certificates" result=$(dcld query pki all-noc-x509-certs) echo $result | jq check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_copy_serial_number\"" check_response "$result" "\"subject\": \"$noc_cert_2_subject\"" check_response "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" @@ -240,6 +248,7 @@ check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_copy_serial_number\"" check_response "$result" "\"subject\": \"$noc_cert_2_subject\"" check_response "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" @@ -266,10 +275,11 @@ echo "Request all NOC certificates" result=$(dcld query pki all-noc-x509-certs) echo $result | jq check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_copy_serial_number\"" check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" -echo "Try to revoke intermediate with different VID = $vid_2" +echo "Try to revoke NOC root certificate with different VID = $vid_2" result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id" --from $vendor_account_2 --yes) check_response "$result" "\"code\": 439" @@ -349,6 +359,7 @@ check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_copy_serial_number\"" check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" echo "Request all approved certificates should not contain revoked NOC root certificates" @@ -356,6 +367,7 @@ result=$(dcld query pki all-x509-certs) check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_copy_serial_number\"" check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" @@ -365,4 +377,71 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" echo $result | jq -test_divider \ No newline at end of file +test_divider + +echo "REVOCATION OF NON-ROOT NOC CERTIFICATES" + +echo "Try to revoke NOC certificate with different VID = $vid_2" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-cert --subject="$noc_cert_1_subject" --subject-key-id="$noc_cert_1_subject_key_id" --from $vendor_account_2 --yes) +check_response "$result" "\"code\": 439" + +echo "$vendor_account Vendor revokes only NOC certificates, it should not revoke leaf certificates" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-cert --subject="$noc_cert_1_subject" --subject-key-id="$noc_cert_1_subject_key_id" --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should not contain leaf certificate" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number" + +echo "Request all revoked noc root certificates should not contain non-root NOC certificates" +result=$(dcld query pki all-revoked-noc-x509-root-certs) +echo $result | jq +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" + +echo "Request all certificates by subject must be empty" +result=$(dcld query pki all-subject-x509-certs --subject="$noc_cert_1_subject") +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +echo $result | jq + +echo "Request all certificates by subjectKeyId must be empty" +result=$(dcld query pki x509-cert --subject-key-id="$noc_cert_1_subject_key_id") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_copy_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID = $vid should contain ony leaf certificate" +result=$(dcld query pki noc-x509-certs --vid="$vid") +echo $result | jq +check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" + +echo "Request all approved certificates should not contain revoked NOC certificates" +result=$(dcld query pki all-x509-certs) +check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +echo $result | jq diff --git a/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh b/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh index 63b43162c..3768890a3 100755 --- a/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh +++ b/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh @@ -6,6 +6,11 @@ noc_root_cert_1_subject="MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwY noc_root_cert_1_subject_key_id="44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:2B:B9:83:26" noc_root_cert_1_serial_number="47211865327720222621302679792296833381734533449" +noc_root_cert_2_path="integration_tests/constants/noc_root_cert_2" +noc_root_cert_2_subject="MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMg==" +noc_root_cert_2_subject_key_id="CF:E6:DD:37:2B:4C:B2:B9:A9:F2:75:30:1C:AA:B1:37:1B:11:7F:1B" +noc_root_cert_2_serial_number="332802481233145945539125204504842614737181725760" + noc_root_cert_1_copy_path="integration_tests/constants/noc_root_cert_1_copy" noc_root_cert_1_copy_serial_number="460647353168152946606945669687905527879095841977" @@ -19,9 +24,24 @@ noc_leaf_cert_1_subject="MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBE noc_leaf_cert_1_subject_key_id="77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01" noc_leaf_cert_1_serial_number="281347277961838999749763518155363401757954575313" +noc_cert_2_path="integration_tests/constants/noc_cert_2" +noc_cert_2_subject="MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg==" +noc_cert_2_subject_key_id="87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD" +noc_cert_2_serial_number="361372967010167010646904372658654439710639340814" + +noc_cert_2_copy_path="integration_tests/constants/noc_cert_2_copy" +noc_cert_2_copy_serial_number="157351092243199289154908179633004790674818411696" + +noc_leaf_cert_2_path="integration_tests/constants/noc_leaf_cert_2" +noc_leaf_cert_2_subject="MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0y" +noc_leaf_cert_2_subject_key_id="F7:2D:E5:60:05:1E:06:45:E6:17:09:DE:1A:0C:B7:AE:19:66:EA:D5" +noc_leaf_cert_2_serial_number="628585745496304216074570439204763956375973944746" + vid_in_hex_format=0x6006 vid=24582 +echo "REVOCATION OF NOC ROOT CERTIFICATES" + vendor_account=vendor_account_$vid_in_hex_format echo "Create Vendor account - $vendor_account" create_new_vendor_account $vendor_account $vid_in_hex_format @@ -152,4 +172,92 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_serial_numb response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" echo $result | jq +test_divider + +echo "REVOCATION OF NOC NON-ROOT CERTIFICATES" + +echo "Add NOC root certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="$noc_root_cert_2_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add NOC certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_2_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add second NOC certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_2_copy_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add leaf certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_leaf_cert_2_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request All NOC root certificate" +result=$(dcld query pki all-noc-x509-root-certs) +echo $result | jq +check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\"" + +echo "Request all NOC certificates" +result=$(dcld query pki all-noc-x509-certs) +echo $result | jq +check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_2_serial_number\"" + +echo "$vendor_account Vendor revokes root NOC certificate by setting \"revoke-child\" flag to true, it should revoke child certificates too" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-cert --subject="$noc_cert_2_subject" --subject-key-id="$noc_cert_2_subject_key_id" --revoke-child=true --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should two intermediate and one leaf certificates" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_cert_2_subject\"" +check_response "$result" "\"subject\": \"$noc_leaf_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_2_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_2_subject" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\"" + +echo "Request all certificates by NOC certificate's subject should be empty" +result=$(dcld query pki all-subject-x509-certs --subject="$noc_cert_2_subject") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"$noc_cert_1_subject_key_id\"" +echo $result | jq + +echo "Request all certificates by NOC certificate's subjectKeyId should be empty" +result=$(dcld query pki x509-cert --subject-key-id="$noc_cert_2_subject_key_id") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_2_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID = $vid should not contain intermediate and leaf certificates" +result=$(dcld query pki noc-x509-certs --vid="$vid") +echo $result | jq +response_does_not_contain "$result" "\"subject\": \"$noc_cert_2_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_2_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_2_subject_key_id\"" + +echo "Request all approved certificates should not contain intermediate and leaf certificates" +result=$(dcld query pki all-x509-certs) +check_response "$result" "\"subject\": \"$noc_root_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_2_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_2_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_2_serial_number\"" +echo $result | jq + test_divider \ No newline at end of file diff --git a/integration_tests/cli/pki-noc-revocation-with-serial-number.sh b/integration_tests/cli/pki-noc-revocation-with-serial-number.sh index 5dc2de123..66aed7ddc 100755 --- a/integration_tests/cli/pki-noc-revocation-with-serial-number.sh +++ b/integration_tests/cli/pki-noc-revocation-with-serial-number.sh @@ -6,6 +6,11 @@ noc_root_cert_1_subject="MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwY noc_root_cert_1_subject_key_id="44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:2B:B9:83:26" noc_root_cert_1_serial_number="47211865327720222621302679792296833381734533449" +noc_root_cert_2_path="integration_tests/constants/noc_root_cert_2" +noc_root_cert_2_subject="MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMg==" +noc_root_cert_2_subject_key_id="CF:E6:DD:37:2B:4C:B2:B9:A9:F2:75:30:1C:AA:B1:37:1B:11:7F:1B" +noc_root_cert_2_serial_number="332802481233145945539125204504842614737181725760" + noc_root_cert_1_copy_path="integration_tests/constants/noc_root_cert_1_copy" noc_root_cert_1_copy_serial_number="460647353168152946606945669687905527879095841977" @@ -19,9 +24,24 @@ noc_leaf_cert_1_subject="MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBE noc_leaf_cert_1_subject_key_id="77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01" noc_leaf_cert_1_serial_number="281347277961838999749763518155363401757954575313" +noc_cert_2_path="integration_tests/constants/noc_cert_2" +noc_cert_2_subject="MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg==" +noc_cert_2_subject_key_id="87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD" +noc_cert_2_serial_number="361372967010167010646904372658654439710639340814" + +noc_cert_2_copy_path="integration_tests/constants/noc_cert_2_copy" +noc_cert_2_copy_serial_number="157351092243199289154908179633004790674818411696" + +noc_leaf_cert_2_path="integration_tests/constants/noc_leaf_cert_2" +noc_leaf_cert_2_subject="MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0y" +noc_leaf_cert_2_subject_key_id="F7:2D:E5:60:05:1E:06:45:E6:17:09:DE:1A:0C:B7:AE:19:66:EA:D5" +noc_leaf_cert_2_serial_number="628585745496304216074570439204763956375973944746" + vid_in_hex_format=0x6006 vid=24582 +echo "REVOCATION OF NOC ROOT CERTIFICATES" + vendor_account=vendor_account_$vid_in_hex_format echo "Create Vendor account - $vendor_account" create_new_vendor_account $vendor_account $vid_in_hex_format @@ -244,4 +264,147 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_serial_numb response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" echo $result | jq +test_divider + +echo "REVOCATION OF NOC NON-ROOT CERTIFICATES" + +echo "Add NOC root certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="$noc_root_cert_2_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add NOC certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_2_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add second NOC certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_2_copy_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add leaf certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_leaf_cert_2_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request All NOC root certificate" +result=$(dcld query pki all-noc-x509-root-certs) +echo $result | jq +check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\"" + +echo "Request all NOC certificates" +result=$(dcld query pki all-noc-x509-certs) +echo $result | jq +check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_2_serial_number\"" + +echo "Try to revoke intermediate with invalid serialNumber" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-cert --subject="$noc_cert_2_subject" --subject-key-id="$noc_cert_2_subject_key_id" --serial-number="invalid" --from $vendor_account --yes) +check_response "$result" "\"code\": 404" + +echo "$vendor_account Vendor revokes NOC certificate with serialNumber=$noc_cert_2_serial_number only, it should not revoke child certificates" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-cert --subject="$noc_cert_2_subject" --subject-key-id="$noc_cert_2_subject_key_id" --serial-number="$noc_cert_2_serial_number" --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should contain one intermediate certificate only" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_2_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_2_serial_number\"" + +echo "Request all certificates by NOC certificate's subject should not be empty" +result=$(dcld query pki all-subject-x509-certs --subject="$noc_cert_2_subject") +check_response "$result" "\"$noc_cert_2_subject\"" +check_response "$result" "\"$noc_cert_2_subject_key_id\"" +echo $result | jq + +echo "Request all certificates by NOC certificate's subjectKeyId should not be empty" +result=$(dcld query pki x509-cert --subject-key-id="$noc_cert_2_subject_key_id") +check_response "$result" "\"subject\": \"$noc_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID = $vid should contain one intermediate and leaf certificates" +result=$(dcld query pki noc-x509-certs --vid="$vid") +echo $result | jq +check_response "$result" "\"subject\": \"$noc_cert_2_subject\"" +check_response "$result" "\"subject\": \"$noc_leaf_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" + +echo "Request all approved certificates should contain one intermediate and leaf certificates" +result=$(dcld query pki all-x509-certs) +check_response "$result" "\"subject\": \"$noc_root_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\"" +check_response "$result" "\"subject\": \"$noc_cert_2_subject\"" +check_response "$result" "\"subject\": \"$noc_leaf_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_2_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +echo $result | jq + +echo "$vendor_account Vendor revokes NOC certificate with serialNumber=$noc_cert_2_serial_number with \"revoke-child\" flag set to true, it should revoke child certificates too" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-cert --subject="$noc_cert_2_subject" --subject-key-id="$noc_cert_2_subject_key_id" --serial-number="$noc_cert_2_copy_serial_number" --revoke-child=true --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should contain two intermediate and one leaf certificates" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +check_response "$result" "\"subject\": \"$noc_leaf_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_2_serial_number\"" + +echo "Request all certificates by NOC certificate's subject should be empty" +result=$(dcld query pki all-subject-x509-certs --subject="$noc_cert_2_subject") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"$noc_cert_2_subject\"" +response_does_not_contain "$result" "\"$noc_cert_2_subject_key_id\"" +echo $result | jq + +echo "Request all certificates by NOC certificate's subjectKeyId should be empty" +result=$(dcld query pki x509-cert --subject-key-id="$noc_cert_2_subject_key_id") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_2_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID = $vid should be empty" +result=$(dcld query pki noc-x509-certs --vid="$vid") +echo $result | jq +response_does_not_contain "$result" "\"subject\": \"$noc_cert_2_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_2_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_copy_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" + +echo "Request all approved certificates should contain only one root certificate" +result=$(dcld query pki all-x509-certs) +check_response "$result" "\"subject\": \"$noc_root_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_2_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_2_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_2_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_2_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +echo $result | jq + test_divider \ No newline at end of file diff --git a/integration_tests/constants/noc_cert_1_copy b/integration_tests/constants/noc_cert_1_copy new file mode 100644 index 000000000..87515c300 --- /dev/null +++ b/integration_tests/constants/noc_cert_1_copy @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUTCCAfegAwIBAgIUHa4t/R+Gtf/22F5T6n+f6zfGkPUwCgYIKoZIzj0EAwIw +ejELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3RhdGUxETAPBgNVBAcMCFRh +c2hrZW50MRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3Rp +bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0xMCAXDTI0MDMxMzE2NDIwM1oYDzMw +MjMwNzE1MTY0MjAzWjCBgjELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3Rh +dGUxEzARBgNVBAcMClNvbWUgU3RhdGUxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFu +eTEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEUMBIGA1UEAwwLTk9DLWNoaWxk +LTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATOPY6vbvv8no8NcIdfa/MbkJep +FkUcfOYym0gajL2yph8a/wk0RpYqL+M+KJ4oja70oKK/igBmEitRD4VB3mXQo1Aw +TjAdBgNVHQ4EFgQUAnJuvLvv1r2Nm0Ku1DzAVV9mOrMwHwYDVR0jBBgwFoAUROtM +YmslSM2isxyHQVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNIADBF +AiEA7Z1xDQHO2B0kFC5rdVuXGzH150tJEoCwZMohKpnK+kUCIBzFXAoaURzHVyTG +oB0TJHTlKONyyEXKnHf8pJedjOq4 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/integration_tests/constants/noc_cert_2_copy b/integration_tests/constants/noc_cert_2_copy new file mode 100644 index 000000000..7edc4830a --- /dev/null +++ b/integration_tests/constants/noc_cert_2_copy @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAfegAwIBAgIUG4/d9BGpkAUXpvcsTyJwjlLtLLAwCgYIKoZIzj0EAwIw +ejELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3RhdGUxETAPBgNVBAcMCFRh +c2hrZW50MRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3Rp +bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0yMCAXDTI0MDMxNTA3MDUzMFoYDzMw +MjMwNzE3MDcwNTMwWjCBgjELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3Rh +dGUxEzARBgNVBAcMClNvbWUgU3RhdGUxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFu +eTEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEUMBIGA1UEAwwLTk9DLWNoaWxk +LTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT5HyWO2u+fC+hEv1kUzmzj+lro +RTN6WZOytOr439wO9nAAIx20PlvLsxbRZkLDZ61wXESG9uimTCxnUTFlr9m9o1Aw +TjAdBgNVHQ4EFgQUh0iiMxIfUVyT5pBASiyrntYZ5a0wHwYDVR0jBBgwFoAUz+bd +NytMsrmp8nUwHKqxNxsRfxswDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBG +AiEA4LL93dIFS7sPuhMOliT0UZoSYTGTMhDNqmD1IAmkRScCIQDvVJYzz/EOnSZF +qWJNPFkcK2YqnpFH41djNyrckQkj3g== +-----END CERTIFICATE----- diff --git a/integration_tests/constants/noc_constants.go b/integration_tests/constants/noc_constants.go index 937995d4d..1d2c96e0c 100644 --- a/integration_tests/constants/noc_constants.go +++ b/integration_tests/constants/noc_constants.go @@ -79,6 +79,22 @@ TjAdBgNVHQ4EFgQUAnJuvLvv1r2Nm0Ku1DzAVV9mOrMwHwYDVR0jBBgwFoAUROtM YmslSM2isxyHQVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBG AiEAzUSg9uY1+hn4Xe5ZyxmhEe5ycTtA7o94jA3x1ygGXcECIQD8mYhLsOss/API /xNPu7fcgPAwhltZAf6Cf9QVxRme/Q== +-----END CERTIFICATE-----` + + NocCert1Copy = `-----BEGIN CERTIFICATE----- +MIICUTCCAfegAwIBAgIUHa4t/R+Gtf/22F5T6n+f6zfGkPUwCgYIKoZIzj0EAwIw +ejELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3RhdGUxETAPBgNVBAcMCFRh +c2hrZW50MRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3Rp +bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0xMCAXDTI0MDMxMzE2NDIwM1oYDzMw +MjMwNzE1MTY0MjAzWjCBgjELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3Rh +dGUxEzARBgNVBAcMClNvbWUgU3RhdGUxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFu +eTEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEUMBIGA1UEAwwLTk9DLWNoaWxk +LTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATOPY6vbvv8no8NcIdfa/MbkJep +FkUcfOYym0gajL2yph8a/wk0RpYqL+M+KJ4oja70oKK/igBmEitRD4VB3mXQo1Aw +TjAdBgNVHQ4EFgQUAnJuvLvv1r2Nm0Ku1DzAVV9mOrMwHwYDVR0jBBgwFoAUROtM +YmslSM2isxyHQVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNIADBF +AiEA7Z1xDQHO2B0kFC5rdVuXGzH150tJEoCwZMohKpnK+kUCIBzFXAoaURzHVyTG +oB0TJHTlKONyyEXKnHf8pJedjOq4 -----END CERTIFICATE-----` NocCert2 = `-----BEGIN CERTIFICATE----- @@ -139,6 +155,12 @@ zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj NocCert1SerialNumber = "631388393741945881054190991612463928825155142122" NocCert1SubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" + NocCert1CopySubject = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ==" + NocCert1CopyIssuer = NocRootCert1Subject + NocCert1CopySubjectKeyID = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3" + NocCert1CopySerialNumber = "169445068204646961882009388640343665944683778293" + NocCert1CopySubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" + NocCert2Subject = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg==" NocCert2Issuer = NocRootCert2Subject NocCert2SubjectKeyID = "87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD" diff --git a/integration_tests/constants/noc_leaf_cert_2 b/integration_tests/constants/noc_leaf_cert_2 new file mode 100644 index 000000000..20bdeadda --- /dev/null +++ b/integration_tests/constants/noc_leaf_cert_2 @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWTCCAf+gAwIBAgIUbhrCehiGowhCA5eTCcpVem/iXaowCgYIKoZIzj0EAwIw +gYIxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMRMwEQYDVQQHDApT +b21lIFN0YXRlMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRl +c3RpbmcgRGl2aXNpb24xFDASBgNVBAMMC05PQy1jaGlsZC0yMCAXDTI0MDMxNTA2 +MzQxNVoYDzMwMjMwNzE3MDYzNDE1WjCBgTELMAkGA1UEBhMCVVoxEzARBgNVBAgM +ClNvbWUgU3RhdGUxEzARBgNVBAcMClNvbWUgU3RhdGUxGDAWBgNVBAoMD0V4YW1w +bGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjETMBEGA1UEAwwK +Tk9DLWxlYWYtMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDz7QnENi9fRjJxS +cK0aKhMNnIjEjFzM2RIT14XuWxf15ndpGibm5qDRQHNPuwpDChP55SgL6KiyGQS4 +94AkjYSjUDBOMB0GA1UdDgQWBBT3LeVgBR4GReYXCd4aDLeuGWbq1TAfBgNVHSME +GDAWgBSHSKIzEh9RXJPmkEBKLKue1hnlrTAMBgNVHRMEBTADAQH/MAoGCCqGSM49 +BAMCA0gAMEUCIQDNjO+BQ0+9+Tl8mkHBsc+jjz7XyYD5Acqpcp2YsEp/pgIgScQF +1wqmM37VLfJ+IprgAucY716SXA3I/0gTOzaP1eI= +-----END CERTIFICATE----- diff --git a/proto/pki/tx.proto b/proto/pki/tx.proto index e1e3f6975..6b72a046d 100644 --- a/proto/pki/tx.proto +++ b/proto/pki/tx.proto @@ -25,6 +25,7 @@ service Msg { rpc RemoveX509Cert(MsgRemoveX509Cert) returns (MsgRemoveX509CertResponse); rpc AddNocX509Cert(MsgAddNocX509Cert) returns (MsgAddNocX509CertResponse); rpc RevokeNocRootX509Cert(MsgRevokeNocRootX509Cert) returns (MsgRevokeNocRootX509CertResponse); + rpc RevokeNocX509Cert(MsgRevokeNocX509Cert) returns (MsgRevokeNocX509CertResponse); // this line is used by starport scaffolding # proto/tx/rpc } @@ -201,4 +202,17 @@ message MsgRevokeNocRootX509Cert { message MsgRevokeNocRootX509CertResponse { } +message MsgRevokeNocX509Cert { + string signer = 1 [(cosmos_proto.scalar) = "cosmos.AddressString", (gogoproto.moretags) = "validate:\"required\""]; + string subject = 2 [(gogoproto.moretags) = "validate:\"required,max=1024\""]; + string subjectKeyId = 3 [(gogoproto.moretags) = "validate:\"required,max=256\""]; + string serialNumber = 4; + string info = 5 [(gogoproto.moretags) = "validate:\"max=4096\""]; + int64 time = 6; + bool revokeChild = 7; +} + +message MsgRevokeNocX509CertResponse { +} + // this line is used by starport scaffolding # proto/tx/message \ No newline at end of file diff --git a/scripts/starport/upgrade-0.44/07.pki_types.sh b/scripts/starport/upgrade-0.44/07.pki_types.sh index f07298ed1..17823e9c2 100755 --- a/scripts/starport/upgrade-0.44/07.pki_types.sh +++ b/scripts/starport/upgrade-0.44/07.pki_types.sh @@ -20,6 +20,7 @@ starport scaffold --module pki message delete-pki-revocation-distribution-point starport scaffold --module pki message AddNocX509RootCert cert --signer signer starport scaffold --module pki message AddNocX509Cert cert --signer signer starport scaffold --module pki message RevokeNocRootX509Cert subject subjectKeyId serialNumber info time:uint revokeChild:bool --signer signer +starport scaffold --module pki message RevokeNocX509Cert subject subjectKeyId serialNumber info time:uint revokeChild:bool --signer signer # CRUD data types starport scaffold --module pki map ApprovedCertificates certs:strings --index subject,subjectKeyId --no-message diff --git a/types/pki/errors.go b/types/pki/errors.go index 620b7a188..407128a66 100644 --- a/types/pki/errors.go +++ b/types/pki/errors.go @@ -351,7 +351,7 @@ func NewErrMessageVidNotEqualAccountVid(msgVid int32, accountVid int32) error { return sdkerrors.Wrapf(ErrMessageVidNotEqualAccountVid, "Message vid=%d is not equal to account vid=%d", msgVid, accountVid) } -func NewErrMessageRemoveRoot(subject string, subjectKeyID string) error { +func NewErrMessageExpectedNonRoot(subject string, subjectKeyID string) error { return sdkerrors.Wrapf(ErrInappropriateCertificateType, "Inappropriate Certificate Type: Certificate with subject=%s and subjectKeyID=%s "+ "is a root certificate.", subject, subjectKeyID, ) diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts index 559308ac0..fbfff76c5 100755 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts @@ -84,7 +84,7 @@ const getDefaultState = () => { NocCertificatesAll: {}, RevokedNocRootCertificates: {}, RevokedNocRootCertificatesAll: {}, - + _Structure: { ApprovedCertificates: getStructure(ApprovedCertificates.fromPartial({})), ApprovedCertificatesBySubject: getStructure(ApprovedCertificatesBySubject.fromPartial({})), @@ -105,7 +105,7 @@ const getDefaultState = () => { RevokedNocRootCertificates: getStructure(RevokedNocRootCertificates.fromPartial({})), RevokedRootCertificates: getStructure(RevokedRootCertificates.fromPartial({})), UniqueCertificate: getStructure(UniqueCertificate.fromPartial({})), - + }, _Registry: registry, _Subscriptions: new Set(), @@ -271,7 +271,7 @@ export default { } return state.RevokedNocRootCertificatesAll[JSON.stringify(params)] ?? {} }, - + getTypeStructure: (state) => (type) => { return state._Structure[type].fields }, @@ -304,41 +304,41 @@ export default { } }) }, - - - - - - + + + + + + async QueryApprovedCertificates({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryApprovedCertificates( key.subject, key.subjectKeyId)).data - - + + commit('QUERY', { query: 'ApprovedCertificates', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryApprovedCertificates', payload: { options: { all }, params: {...key},query }}) return getters['getApprovedCertificates']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryApprovedCertificates', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryApprovedCertificatesAll({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryApprovedCertificatesAll(query)).data - - + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { let next_values=(await queryClient.queryApprovedCertificatesAll({...query, 'pagination.key':( value).pagination.next_key})).data value = mergeResults(value, next_values); @@ -348,45 +348,45 @@ export default { return getters['getApprovedCertificatesAll']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryApprovedCertificatesAll', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryProposedCertificate({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryProposedCertificate( key.subject, key.subjectKeyId)).data - - + + commit('QUERY', { query: 'ProposedCertificate', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryProposedCertificate', payload: { options: { all }, params: {...key},query }}) return getters['getProposedCertificate']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryProposedCertificate', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryProposedCertificateAll({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryProposedCertificateAll(query)).data - - + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { let next_values=(await queryClient.queryProposedCertificateAll({...query, 'pagination.key':( value).pagination.next_key})).data value = mergeResults(value, next_values); @@ -396,45 +396,45 @@ export default { return getters['getProposedCertificateAll']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryProposedCertificateAll', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryChildCertificates({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryChildCertificates( key.issuer, key.authorityKeyId)).data - - + + commit('QUERY', { query: 'ChildCertificates', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryChildCertificates', payload: { options: { all }, params: {...key},query }}) return getters['getChildCertificates']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryChildCertificates', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryProposedCertificateRevocation({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryProposedCertificateRevocation( key.subject, key.subjectKeyId, query)).data - - + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { let next_values=(await queryClient.queryProposedCertificateRevocation( key.subject, key.subjectKeyId, {...query, 'pagination.key':( value).pagination.next_key})).data value = mergeResults(value, next_values); @@ -444,23 +444,23 @@ export default { return getters['getProposedCertificateRevocation']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryProposedCertificateRevocation', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryProposedCertificateRevocationAll({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryProposedCertificateRevocationAll(query)).data - - + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { let next_values=(await queryClient.queryProposedCertificateRevocationAll({...query, 'pagination.key':( value).pagination.next_key})).data value = mergeResults(value, next_values); @@ -470,45 +470,45 @@ export default { return getters['getProposedCertificateRevocationAll']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryProposedCertificateRevocationAll', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryRevokedCertificates({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryRevokedCertificates( key.subject, key.subjectKeyId)).data - - + + commit('QUERY', { query: 'RevokedCertificates', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryRevokedCertificates', payload: { options: { all }, params: {...key},query }}) return getters['getRevokedCertificates']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryRevokedCertificates', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryRevokedCertificatesAll({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryRevokedCertificatesAll(query)).data - - + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { let next_values=(await queryClient.queryRevokedCertificatesAll({...query, 'pagination.key':( value).pagination.next_key})).data value = mergeResults(value, next_values); @@ -518,111 +518,111 @@ export default { return getters['getRevokedCertificatesAll']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryRevokedCertificatesAll', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryApprovedRootCertificates({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryApprovedRootCertificates()).data - - + + commit('QUERY', { query: 'ApprovedRootCertificates', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryApprovedRootCertificates', payload: { options: { all }, params: {...key},query }}) return getters['getApprovedRootCertificates']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryApprovedRootCertificates', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryRevokedRootCertificates({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryRevokedRootCertificates()).data - - + + commit('QUERY', { query: 'RevokedRootCertificates', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryRevokedRootCertificates', payload: { options: { all }, params: {...key},query }}) return getters['getRevokedRootCertificates']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryRevokedRootCertificates', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryApprovedCertificatesBySubject({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryApprovedCertificatesBySubject( key.subject)).data - - + + commit('QUERY', { query: 'ApprovedCertificatesBySubject', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryApprovedCertificatesBySubject', payload: { options: { all }, params: {...key},query }}) return getters['getApprovedCertificatesBySubject']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryApprovedCertificatesBySubject', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryRejectedCertificate({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryRejectedCertificate( key.subject, key.subjectKeyId)).data - - + + commit('QUERY', { query: 'RejectedCertificate', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryRejectedCertificate', payload: { options: { all }, params: {...key},query }}) return getters['getRejectedCertificate']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryRejectedCertificate', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryRejectedCertificateAll({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryRejectedCertificateAll(query)).data - - + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { let next_values=(await queryClient.queryRejectedCertificateAll({...query, 'pagination.key':( value).pagination.next_key})).data value = mergeResults(value, next_values); @@ -632,45 +632,45 @@ export default { return getters['getRejectedCertificateAll']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryRejectedCertificateAll', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryPkiRevocationDistributionPoint({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryPkiRevocationDistributionPoint( key.issuerSubjectKeyID, key.vid, key.label)).data - - + + commit('QUERY', { query: 'PkiRevocationDistributionPoint', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryPkiRevocationDistributionPoint', payload: { options: { all }, params: {...key},query }}) return getters['getPkiRevocationDistributionPoint']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryPkiRevocationDistributionPoint', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryPkiRevocationDistributionPointAll({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryPkiRevocationDistributionPointAll(query)).data - - + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { let next_values=(await queryClient.queryPkiRevocationDistributionPointAll({...query, 'pagination.key':( value).pagination.next_key})).data value = mergeResults(value, next_values); @@ -680,67 +680,67 @@ export default { return getters['getPkiRevocationDistributionPointAll']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryPkiRevocationDistributionPointAll', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryPkiRevocationDistributionPointsByIssuerSubjectKeyID({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryPkiRevocationDistributionPointsByIssuerSubjectKeyID( key.issuerSubjectKeyID)).data - - + + commit('QUERY', { query: 'PkiRevocationDistributionPointsByIssuerSubjectKeyID', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryPkiRevocationDistributionPointsByIssuerSubjectKeyID', payload: { options: { all }, params: {...key},query }}) return getters['getPkiRevocationDistributionPointsByIssuerSubjectKeyID']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryPkiRevocationDistributionPointsByIssuerSubjectKeyID', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryNocRootCertificates({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryNocRootCertificates( key.vid)).data - - + + commit('QUERY', { query: 'NocRootCertificates', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryNocRootCertificates', payload: { options: { all }, params: {...key},query }}) return getters['getNocRootCertificates']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryNocRootCertificates', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryNocRootCertificatesAll({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryNocRootCertificatesAll(query)).data - - + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { let next_values=(await queryClient.queryNocRootCertificatesAll({...query, 'pagination.key':( value).pagination.next_key})).data value = mergeResults(value, next_values); @@ -750,45 +750,45 @@ export default { return getters['getNocRootCertificatesAll']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryNocRootCertificatesAll', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryNocCertificates({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryNocCertificates( key.vid)).data - - + + commit('QUERY', { query: 'NocCertificates', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryNocCertificates', payload: { options: { all }, params: {...key},query }}) return getters['getNocCertificates']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryNocCertificates', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryNocCertificatesAll({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryNocCertificatesAll(query)).data - - + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { let next_values=(await queryClient.queryNocCertificatesAll({...query, 'pagination.key':( value).pagination.next_key})).data value = mergeResults(value, next_values); @@ -798,45 +798,45 @@ export default { return getters['getNocCertificatesAll']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryNocCertificatesAll', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryRevokedNocRootCertificates({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryRevokedNocRootCertificates( key.subject, key.subjectKeyId)).data - - + + commit('QUERY', { query: 'RevokedNocRootCertificates', key: { params: {...key}, query}, value }) if (subscribe) commit('SUBSCRIBE', { action: 'QueryRevokedNocRootCertificates', payload: { options: { all }, params: {...key},query }}) return getters['getRevokedNocRootCertificates']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryRevokedNocRootCertificates', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - - - - - - - + + + + + + + async QueryRevokedNocRootCertificatesAll({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { try { const key = params ?? {}; const queryClient=await initQueryClient(rootGetters) let value= (await queryClient.queryRevokedNocRootCertificatesAll(query)).data - - + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { let next_values=(await queryClient.queryRevokedNocRootCertificatesAll({...query, 'pagination.key':( value).pagination.next_key})).data value = mergeResults(value, next_values); @@ -846,16 +846,16 @@ export default { return getters['getRevokedNocRootCertificatesAll']( { params: {...key}, query}) ?? {} } catch (e) { throw new SpVuexError('QueryClient:QueryRevokedNocRootCertificatesAll', 'API Node Unavailable. Could not perform query: ' + e.message) - + } }, - + async sendMsgAddNocX509Cert({ rootGetters }, { value, fee = [], memo = '' }) { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgRejectAddX509RootCert(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -870,7 +870,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgAssignVid(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -885,7 +885,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgDeletePkiRevocationDistributionPoint(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -900,7 +900,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgRevokeX509Cert(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -911,11 +911,41 @@ export default { } } }, + async sendMsgRevokeNocRootX509Cert({ rootGetters }, { value, fee = [], memo = '' }) { + try { + const txClient=await initTxClient(rootGetters) + const msg = await txClient.msgRevokeNocRootX509Cert(value) + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + gas: "200000" }, memo}) + return result + } catch (e) { + if (e == MissingWalletError) { + throw new SpVuexError('TxClient:MsgRevokeNocRootX509Cert:Init', 'Could not initialize signing client. Wallet is required.') + }else{ + throw new SpVuexError('TxClient:MsgRevokeNocRootX509Cert:Send', 'Could not broadcast Tx: '+ e.message) + } + } + }, + async sendMsgRevokeNocX509Cert({ rootGetters }, { value, fee = [], memo = '' }) { + try { + const txClient=await initTxClient(rootGetters) + const msg = await txClient.msgRevokeNocX509Cert(value) + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + gas: "200000" }, memo}) + return result + } catch (e) { + if (e == MissingWalletError) { + throw new SpVuexError('TxClient:MsgRevokeNocX509Cert:Init', 'Could not initialize signing client. Wallet is required.') + }else{ + throw new SpVuexError('TxClient:MsgRevokeNocX509Cert:Send', 'Could not broadcast Tx: '+ e.message) + } + } + }, async sendMsgProposeAddX509RootCert({ rootGetters }, { value, fee = [], memo = '' }) { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgProposeAddX509RootCert(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -931,7 +961,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgAddNocX509Cert(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -946,7 +976,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgApproveAddX509RootCert(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -961,7 +991,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgUpdatePkiRevocationDistributionPoint(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -976,7 +1006,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgAddPkiRevocationDistributionPoint(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -991,7 +1021,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgAddX509Cert(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -1006,7 +1036,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgApproveRevokeX509RootCert(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -1021,7 +1051,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgProposeRevokeX509RootCert(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -1036,7 +1066,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgAddNocX509RootCert(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -1051,7 +1081,7 @@ export default { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgRemoveX509Cert(value) - const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, + const result = await txClient.signAndBroadcast([msg], {fee: { amount: fee, gas: "200000" }, memo}) return result } catch (e) { @@ -1062,7 +1092,7 @@ export default { } } }, - + async MsgProposeAddX509RootCert({ rootGetters }, { value }) { try { const txClient=await initTxClient(rootGetters) @@ -1232,6 +1262,6 @@ export default { } } }, - + } } diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/index.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/index.ts index 153c381fc..51cf18b47 100755 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/index.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/index.ts @@ -19,6 +19,7 @@ import { MsgProposeRevokeX509RootCert } from "./types/pki/tx"; import { MsgRemoveX509Cert } from "./types/pki/tx"; import { MsgAddNocX509Cert } from "./types/pki/tx"; import { MsgRevokeNocRootX509Cert } from "./types/pki/tx"; +import { MsgRevokeNocX509Cert } from "./types/pki/tx"; const types = [ @@ -37,6 +38,7 @@ const types = [ ["/zigbeealliance.distributedcomplianceledger.pki.MsgRemoveX509Cert", MsgRemoveX509Cert], ["/zigbeealliance.distributedcomplianceledger.pki.MsgAddNocX509Cert", MsgAddNocX509Cert], ["/zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocRootX509Cert", MsgRevokeNocRootX509Cert], + ["/zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocX509Cert", MsgRevokeNocX509Cert], ]; export const MissingWalletError = new Error("wallet is required"); @@ -83,6 +85,7 @@ const txClient = async (wallet: OfflineSigner, { addr: addr }: TxClientOptions = msgRemoveX509Cert: (data: MsgRemoveX509Cert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgRemoveX509Cert", value: MsgRemoveX509Cert.fromPartial( data ) }), msgAddNocX509Cert: (data: MsgAddNocX509Cert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgAddNocX509Cert", value: MsgAddNocX509Cert.fromPartial( data ) }), msgRevokeNocRootX509Cert: (data: MsgRevokeNocRootX509Cert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocRootX509Cert", value: MsgRevokeNocRootX509Cert.fromPartial( data ) }), + msgRevokeNocX509Cert: (data: MsgRevokeNocX509Cert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocX509Cert", value: MsgRevokeNocX509Cert.fromPartial( data ) }), }; }; diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts index d3fc7dcaa..af5d83960 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts @@ -107,6 +107,8 @@ export type PkiMsgRemoveX509CertResponse = object; export type PkiMsgRevokeNocRootX509CertResponse = object; +export type PkiMsgRevokeNocX509CertResponse = object; + export type PkiMsgRevokeX509CertResponse = object; export type PkiMsgUpdatePkiRevocationDistributionPointResponse = object; diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts index 957e0390d..ee423a7fe 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts @@ -162,6 +162,18 @@ export interface MsgRevokeNocRootX509Cert { export interface MsgRevokeNocRootX509CertResponse {} +export interface MsgRevokeNocX509Cert { + signer: string + subject: string + subjectKeyId: string + serialNumber: string + info: string + time: number + revokeChild: boolean +} + +export interface MsgRevokeNocX509CertResponse {} + const baseMsgProposeAddX509RootCert: object = { signer: '', cert: '', info: '', time: 0, vid: 0 } export const MsgProposeAddX509RootCert = { @@ -2736,6 +2748,201 @@ export const MsgRevokeNocRootX509CertResponse = { } } +const baseMsgRevokeNocX509Cert: object = { signer: '', subject: '', subjectKeyId: '', serialNumber: '', info: '', time: 0, revokeChild: false } + +export const MsgRevokeNocX509Cert = { + encode(message: MsgRevokeNocX509Cert, writer: Writer = Writer.create()): Writer { + if (message.signer !== '') { + writer.uint32(10).string(message.signer) + } + if (message.subject !== '') { + writer.uint32(18).string(message.subject) + } + if (message.subjectKeyId !== '') { + writer.uint32(26).string(message.subjectKeyId) + } + if (message.serialNumber !== '') { + writer.uint32(34).string(message.serialNumber) + } + if (message.info !== '') { + writer.uint32(42).string(message.info) + } + if (message.time !== 0) { + writer.uint32(48).int64(message.time) + } + if (message.revokeChild === true) { + writer.uint32(56).bool(message.revokeChild) + } + return writer + }, + + decode(input: Reader | Uint8Array, length?: number): MsgRevokeNocX509Cert { + const reader = input instanceof Uint8Array ? new Reader(input) : input + let end = length === undefined ? reader.len : reader.pos + length + const message = { ...baseMsgRevokeNocX509Cert } as MsgRevokeNocX509Cert + while (reader.pos < end) { + const tag = reader.uint32() + switch (tag >>> 3) { + case 1: + message.signer = reader.string() + break + case 2: + message.subject = reader.string() + break + case 3: + message.subjectKeyId = reader.string() + break + case 4: + message.serialNumber = reader.string() + break + case 5: + message.info = reader.string() + break + case 6: + message.time = longToNumber(reader.int64() as Long) + break + case 7: + message.revokeChild = reader.bool() + break + default: + reader.skipType(tag & 7) + break + } + } + return message + }, + + fromJSON(object: any): MsgRevokeNocX509Cert { + const message = { ...baseMsgRevokeNocX509Cert } as MsgRevokeNocX509Cert + if (object.signer !== undefined && object.signer !== null) { + message.signer = String(object.signer) + } else { + message.signer = '' + } + if (object.subject !== undefined && object.subject !== null) { + message.subject = String(object.subject) + } else { + message.subject = '' + } + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = String(object.subjectKeyId) + } else { + message.subjectKeyId = '' + } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = String(object.serialNumber) + } else { + message.serialNumber = '' + } + if (object.info !== undefined && object.info !== null) { + message.info = String(object.info) + } else { + message.info = '' + } + if (object.time !== undefined && object.time !== null) { + message.time = Number(object.time) + } else { + message.time = 0 + } + if (object.revokeChild !== undefined && object.revokeChild !== null) { + message.revokeChild = Boolean(object.revokeChild) + } else { + message.revokeChild = false + } + return message + }, + + toJSON(message: MsgRevokeNocX509Cert): unknown { + const obj: any = {} + message.signer !== undefined && (obj.signer = message.signer) + message.subject !== undefined && (obj.subject = message.subject) + message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId) + message.serialNumber !== undefined && (obj.serialNumber = message.serialNumber) + message.info !== undefined && (obj.info = message.info) + message.time !== undefined && (obj.time = message.time) + message.revokeChild !== undefined && (obj.revokeChild = message.revokeChild) + return obj + }, + + fromPartial(object: DeepPartial): MsgRevokeNocX509Cert { + const message = { ...baseMsgRevokeNocX509Cert } as MsgRevokeNocX509Cert + if (object.signer !== undefined && object.signer !== null) { + message.signer = object.signer + } else { + message.signer = '' + } + if (object.subject !== undefined && object.subject !== null) { + message.subject = object.subject + } else { + message.subject = '' + } + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = object.subjectKeyId + } else { + message.subjectKeyId = '' + } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = object.serialNumber + } else { + message.serialNumber = '' + } + if (object.info !== undefined && object.info !== null) { + message.info = object.info + } else { + message.info = '' + } + if (object.time !== undefined && object.time !== null) { + message.time = object.time + } else { + message.time = 0 + } + if (object.revokeChild !== undefined && object.revokeChild !== null) { + message.revokeChild = object.revokeChild + } else { + message.revokeChild = false + } + return message + } +} + +const baseMsgRevokeNocX509CertResponse: object = {} + +export const MsgRevokeNocX509CertResponse = { + encode(_: MsgRevokeNocX509CertResponse, writer: Writer = Writer.create()): Writer { + return writer + }, + + decode(input: Reader | Uint8Array, length?: number): MsgRevokeNocX509CertResponse { + const reader = input instanceof Uint8Array ? new Reader(input) : input + let end = length === undefined ? reader.len : reader.pos + length + const message = { ...baseMsgRevokeNocX509CertResponse } as MsgRevokeNocX509CertResponse + while (reader.pos < end) { + const tag = reader.uint32() + switch (tag >>> 3) { + default: + reader.skipType(tag & 7) + break + } + } + return message + }, + + fromJSON(_: any): MsgRevokeNocX509CertResponse { + const message = { ...baseMsgRevokeNocX509CertResponse } as MsgRevokeNocX509CertResponse + return message + }, + + toJSON(_: MsgRevokeNocX509CertResponse): unknown { + const obj: any = {} + return obj + }, + + fromPartial(_: DeepPartial): MsgRevokeNocX509CertResponse { + const message = { ...baseMsgRevokeNocX509CertResponse } as MsgRevokeNocX509CertResponse + return message + } +} + /** Msg defines the Msg service. */ export interface Msg { ProposeAddX509RootCert(request: MsgProposeAddX509RootCert): Promise @@ -2754,6 +2961,7 @@ export interface Msg { AddNocX509Cert(request: MsgAddNocX509Cert): Promise RevokeNocRootX509Cert(request: MsgRevokeNocRootX509Cert): Promise /** this line is used by starport scaffolding # proto/tx/rpc */ + RevokeNocX509Cert(request: MsgRevokeNocX509Cert): Promise } export class MsgClientImpl implements Msg { @@ -2850,6 +3058,12 @@ export class MsgClientImpl implements Msg { const promise = this.rpc.request('zigbeealliance.distributedcomplianceledger.pki.Msg', 'RevokeNocRootX509Cert', data) return promise.then((data) => MsgRevokeNocRootX509CertResponse.decode(new Reader(data))) } + + RevokeNocX509Cert(request: MsgRevokeNocX509Cert): Promise { + const data = MsgRevokeNocX509Cert.encode(request).finish() + const promise = this.rpc.request('zigbeealliance.distributedcomplianceledger.pki.Msg', 'RevokeNocX509Cert', data) + return promise.then((data) => MsgRevokeNocX509CertResponse.decode(new Reader(data))) + } } interface Rpc { diff --git a/x/pki/client/cli/tx.go b/x/pki/client/cli/tx.go index 3eed0aeb3..5e68100ed 100644 --- a/x/pki/client/cli/tx.go +++ b/x/pki/client/cli/tx.go @@ -37,6 +37,7 @@ func GetTxCmd() *cobra.Command { cmd.AddCommand(CmdRemoveX509Cert()) cmd.AddCommand(CmdAddNocX509Cert()) cmd.AddCommand(CmdRevokeNocRootX509Cert()) + cmd.AddCommand(CmdRevokeNocX509Cert()) // this line is used by starport scaffolding # 1 return cmd diff --git a/x/pki/client/cli/tx_revoke_noc_x_509_cert.go b/x/pki/client/cli/tx_revoke_noc_x_509_cert.go new file mode 100644 index 000000000..83a565d7a --- /dev/null +++ b/x/pki/client/cli/tx_revoke_noc_x_509_cert.go @@ -0,0 +1,67 @@ +package cli + +import ( + "strconv" + + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/tx" + "github.com/spf13/cobra" + "github.com/spf13/viper" + + "github.com/zigbee-alliance/distributed-compliance-ledger/utils/cli" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +var _ = strconv.Itoa(0) + +func CmdRevokeNocX509Cert() *cobra.Command { + cmd := &cobra.Command{ + Use: "revoke-noc-x509-cert", + Short: "Revokes the given NOC intermediate or leaf certificate. " + + "If revoke-child flag is set to true then all the certificates in the subtree signed by the revoked " + + "certificate will be revoked as well.", + Args: cobra.ExactArgs(0), + RunE: func(cmd *cobra.Command, args []string) (err error) { + clientCtx, err := client.GetClientTxContext(cmd) + if err != nil { + return err + } + + subject := viper.GetString(FlagSubject) + subjectKeyID := viper.GetString(FlagSubjectKeyID) + serialNumber := viper.GetString(FlagSerialNumber) + revokeChild := viper.GetBool(FlagRevokeChild) + infoArg := viper.GetString(FlagInfo) + + msg := types.NewMsgRevokeNocX509Cert( + clientCtx.GetFromAddress().String(), + subject, + subjectKeyID, + serialNumber, + infoArg, + revokeChild, + ) + // validate basic will be called in GenerateOrBroadcastTxCLI + err = tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg) + if cli.IsWriteInsteadReadRPCError(err) { + return clientCtx.PrintString(cli.LightClientProxyForWriteRequests) + } + + return err + }, + } + + cmd.Flags().StringP(FlagSubject, FlagSubjectShortcut, "", "Certificate's subject") + cmd.Flags().StringP(FlagSubjectKeyID, FlagSubjectKeyIDShortcut, "", "Certificate's subject key id (hex)") + cmd.Flags().StringP(FlagSerialNumber, FlagSerialNumberShortcut, "", "Certificate's serial number") + cmd.Flags().StringP(FlagRevokeChild, FlagRevokeChildShortcut, "", "If flag is true then all the certificates in the subtree will be revoked as well - default is false") + cmd.Flags().String(FlagInfo, "", FlagInfoUsage) + cli.AddTxFlagsToCmd(cmd) + + _ = cmd.MarkFlagRequired(FlagSubject) + _ = cmd.MarkFlagRequired(FlagSubjectKeyID) + _ = cmd.MarkFlagRequired(flags.FlagFrom) + + return cmd +} diff --git a/x/pki/handler.go b/x/pki/handler.go index 2d1eb4f97..a44cc8b52 100644 --- a/x/pki/handler.go +++ b/x/pki/handler.go @@ -78,6 +78,10 @@ func NewHandler(k keeper.Keeper) sdk.Handler { case *types.MsgRevokeNocRootX509Cert: res, err := msgServer.RevokeNocRootX509Cert(sdk.WrapSDKContext(ctx), msg) + return sdk.WrapServiceResult(ctx, res, err) + case *types.MsgRevokeNocX509Cert: + res, err := msgServer.RevokeNocX509Cert(sdk.WrapSDKContext(ctx), msg) + return sdk.WrapServiceResult(ctx, res, err) // this line is used by starport scaffolding # 1 default: diff --git a/x/pki/handler_revoke_noc_cert_test.go b/x/pki/handler_revoke_noc_cert_test.go new file mode 100644 index 000000000..258b27de9 --- /dev/null +++ b/x/pki/handler_revoke_noc_cert_test.go @@ -0,0 +1,547 @@ +package pki + +import ( + "testing" + + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func TestHandler_RevokeNocX509Cert_SenderNotVendor(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the new NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + revokeCert := types.NewMsgRevokeNocRootX509Cert( + setup.Trustee1.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + testconstants.NocCert1SerialNumber, + "", + false, + ) + _, err = setup.Handler(setup.Ctx, revokeCert) + + require.Error(t, err) + require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) +} + +func TestHandler_RevokeNocX509Cert_CertificateDoesNotExist(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + revokeCert := types.NewMsgRevokeNocX509Cert( + accAddress.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + testconstants.NocCert1SerialNumber, + "", + false, + ) + _, err := setup.Handler(setup.Ctx, revokeCert) + + require.Error(t, err) + require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist) +} + +func TestHandler_RevokeNocX509Cert_CertificateExists(t *testing.T) { + accAddress := GenerateAccAddress() + + cases := []struct { + name string + existingCert *types.Certificate + nocRoorCert string + err error + }{ + { + name: "ExistingRootCert", + existingCert: &types.Certificate{ + Issuer: testconstants.NocCert1Subject, + Subject: testconstants.NocCert1Subject, + SubjectAsText: testconstants.NocCert1SubjectAsText, + SubjectKeyId: testconstants.NocCert1SubjectKeyID, + SerialNumber: testconstants.NocCert1SerialNumber, + IsRoot: true, + IsNoc: true, + Vid: testconstants.Vid, + }, + nocRoorCert: testconstants.NocRootCert1, + err: pkitypes.ErrInappropriateCertificateType, + }, + { + name: "ExistingNotNocCert", + existingCert: &types.Certificate{ + Issuer: testconstants.NocCert1Subject, + Subject: testconstants.NocCert1Subject, + SubjectAsText: testconstants.NocCert1SubjectAsText, + SubjectKeyId: testconstants.NocCert1SubjectKeyID, + SerialNumber: testconstants.NocCert1SerialNumber, + IsRoot: true, + IsNoc: false, + Vid: testconstants.Vid, + }, + nocRoorCert: testconstants.NocCert1, + err: pkitypes.ErrInappropriateCertificateType, + }, + { + name: "ExistingCertWithDifferentVid", + existingCert: &types.Certificate{ + Issuer: testconstants.NocCert1Subject, + Subject: testconstants.NocCert1Subject, + SubjectAsText: testconstants.NocCert1SubjectAsText, + SubjectKeyId: testconstants.NocCert1SubjectKeyID, + SerialNumber: testconstants.NocCert1SerialNumber, + IsRoot: false, + IsNoc: true, + Vid: testconstants.VendorID1, + }, + nocRoorCert: testconstants.NocCert1, + err: pkitypes.ErrCertVidNotEqualAccountVid, + }, + { + name: "ExistingCertWithDifferentSerialNumber", + existingCert: &types.Certificate{ + Issuer: testconstants.NocCert1Subject, + Subject: testconstants.NocCert1Subject, + SubjectAsText: testconstants.NocCert1SubjectAsText, + SubjectKeyId: testconstants.NocCert1SubjectKeyID, + SerialNumber: "1234567", + IsRoot: false, + IsNoc: true, + Vid: testconstants.Vid, + }, + nocRoorCert: testconstants.NocCert1, + err: pkitypes.ErrCertificateDoesNotExist, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + setup := Setup(t) + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the existing certificate + setup.Keeper.AddApprovedCertificate(setup.Ctx, *tc.existingCert) + uniqueCertificate := types.UniqueCertificate{ + Issuer: tc.existingCert.Issuer, + SerialNumber: tc.existingCert.SerialNumber, + Present: true, + } + setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) + + revokeCert := types.NewMsgRevokeNocX509Cert( + accAddress.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + testconstants.NocCert1SerialNumber, + "", + false, + ) + _, err := setup.Handler(setup.Ctx, revokeCert) + require.ErrorIs(t, err, tc.err) + }) + } +} + +func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the first NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the first NOC non-root certificate + addNocX509Cert := types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // add the second NOC non-root certificate + addNocX509Cert = types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1Copy) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // add the NOC leaf certificate + addNocX509Cert = types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocLeafCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // Revoke NOC with subject and subject key id only + revokeCert := types.NewMsgRevokeNocX509Cert( + accAddress.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + "", + testconstants.Info, + false, + ) + _, err = setup.Handler(setup.Ctx, revokeCert) + require.NoError(t, err) + + revokedNocCerts, err := queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 2, len(revokedNocCerts.Certs)) + require.Equal(t, testconstants.NocCert1Subject, revokedNocCerts.Subject) + require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) + + revokedCerts, err := queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 2, len(revokedCerts.Certs)) + require.Equal(t, testconstants.NocCert1Subject, revokedCerts.Subject) + require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedCerts.SubjectKeyId) + + // query noc certificate by Subject + _, err = queryApprovedCertificatesBySubject(setup, testconstants.NocCert1Subject) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query noc certificate by Subject Key ID + aprCertsBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) + require.Equal(t, 0, len(aprCertsBySubjectKeyID)) + + // query noc certificate by VID + nocCerts, err := queryNocCertificates(setup, testconstants.Vid) + require.NoError(t, err) + require.Equal(t, 1, len(nocCerts.Certs)) + require.Equal(t, testconstants.NocLeafCert1SubjectKeyID, nocCerts.Certs[0].SubjectKeyId) + + // Child certificate should not be revoked + _, err = queryRevokedCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query all certs + certs, err := queryAllApprovedCertificates(setup) + require.NoError(t, err) + require.Equal(t, 2, len(certs)) + require.NotEqual(t, testconstants.NocCert1SubjectKeyID, certs[0].SubjectKeyId) + require.NotEqual(t, testconstants.NocCert1SubjectKeyID, certs[1].SubjectKeyId) + + // query child of revoked certificate, they should not be revoked + childCerts, _ := queryApprovedCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + require.Equal(t, 1, len(childCerts.Certs)) + require.Equal(t, testconstants.NocLeafCert1SubjectKeyID, childCerts.SubjectKeyId) + + // check that child cert is not removed + nocCerts, err = queryNocCertificates(setup, testconstants.Vid) + require.NoError(t, err) + require.Equal(t, 1, len(nocCerts.Certs)) + require.Equal(t, testconstants.NocLeafCert1SubjectKeyID, nocCerts.Certs[0].SubjectKeyId) + + // check that unique certificate key is removed + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1SerialNumber)) + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1CopySerialNumber)) +} + +func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the first NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the first NOC non-root certificate + addNocX509Cert := types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // add the second NOC non-root certificate + addNocX509Cert = types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1Copy) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // add the NOC leaf certificate + addNocX509Cert = types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocLeafCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // Revoke noc with subject and subject key id and its child too + revokeCert := types.NewMsgRevokeNocX509Cert( + accAddress.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + "", + testconstants.Info, + true, + ) + _, err = setup.Handler(setup.Ctx, revokeCert) + require.NoError(t, err) + + allRevokedCerts, err := queryAllRevokedCertificates(setup) + require.NoError(t, err) + require.Equal(t, 2, len(allRevokedCerts)) + require.Equal(t, 3, len(allRevokedCerts[0].Certs)+len(allRevokedCerts[1].Certs)) + + revokedNocCerts, err := queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 2, len(revokedNocCerts.Certs)) + require.Equal(t, testconstants.NocCert1Subject, revokedNocCerts.Subject) + require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) + + // query all certs + certs, err := queryAllApprovedCertificates(setup) + require.NoError(t, err) + require.Equal(t, 1, len(certs)) + require.Equal(t, testconstants.NocRootCert1SubjectKeyID, certs[0].SubjectKeyId) + + // query NOC cert by subject and subject key id + _, err = queryApprovedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1CopySubjectKeyID) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query NOC certificate by Subject + _, err = queryApprovedCertificatesBySubject(setup, testconstants.NocCert1Subject) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + _, err = queryApprovedCertificatesBySubject(setup, testconstants.NocLeafCert1Subject) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query NOC certificate by Subject Key ID + aprCertsBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) + require.Equal(t, 0, len(aprCertsBySubjectKeyID)) + + aprCertsBySubjectKeyID, _ = queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocLeafCert1SubjectKeyID) + require.Equal(t, 0, len(aprCertsBySubjectKeyID)) + + // query noc certificate by VID + _, err = queryNocCertificates(setup, testconstants.Vid) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // Child certificate should be revoked as well + revokedLeafCerts, err := queryRevokedCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedLeafCerts.Certs)) + require.Equal(t, testconstants.NocLeafCert1SubjectKeyID, revokedLeafCerts.SubjectKeyId) + + // query child of revoked certificate, they should be revoked + _, err = queryApprovedCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // check that unique certificate key is removed + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1SerialNumber)) + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1CopySerialNumber)) + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocLeafCert1, testconstants.NocLeafCert1SerialNumber)) +} + +func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the first NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the first NOC non-root certificate + addNocX509Cert := types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // add the second NOC non-root certificate + addNocX509Cert = types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1Copy) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // add the NOC leaf certificate + addNocX509Cert = types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocLeafCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // Revoke NOC by serial number only + revokeCert := types.NewMsgRevokeNocX509Cert( + accAddress.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + testconstants.NocCert1SerialNumber, + testconstants.Info, + false, + ) + _, err = setup.Handler(setup.Ctx, revokeCert) + require.NoError(t, err) + + revokedNocCerts, err := queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedNocCerts.Certs)) + require.Equal(t, testconstants.NocCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) + + revokedCerts, err := queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedCerts.Certs)) + require.Equal(t, testconstants.NocCert1SerialNumber, revokedCerts.Certs[0].SerialNumber) + + // Child certificate should not be revoked + _, err = queryRevokedCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query NOC certificate by Subject + certsBySubject, err := queryApprovedCertificatesBySubject(setup, testconstants.NocCert1Subject) + require.NoError(t, err) + require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) + + // query NOC certificate by Subject Key ID + aprCertsBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) + require.Equal(t, 1, len(aprCertsBySubjectKeyID)) + require.Equal(t, 1, len(aprCertsBySubjectKeyID[0].Certs)) + require.Equal(t, testconstants.NocCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) + + // query noc certificate by VID + nocCerts, err := queryNocCertificates(setup, testconstants.Vid) + require.NoError(t, err) + require.Equal(t, 2, len(nocCerts.Certs)) + require.NotEqual(t, testconstants.NocCert1SerialNumber, nocCerts.Certs[0].SerialNumber) + require.NotEqual(t, testconstants.NocCert1SerialNumber, nocCerts.Certs[1].SerialNumber) + + // query all certs + certs, err := queryAllApprovedCertificates(setup) + require.NoError(t, err) + require.Equal(t, 3, len(certs)) + require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[0].Certs[0].SerialNumber) + require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[1].Certs[0].SerialNumber) + require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[2].Certs[0].SerialNumber) + + // query approved certificate, cert with different serial number should not be removed + approvedCerts, _ := queryApprovedCertificates(setup, testconstants.NocCert1CopySubject, testconstants.NocCert1CopySubjectKeyID) + require.Equal(t, 1, len(approvedCerts.Certs)) + require.Equal(t, testconstants.NocCert1CopySerialNumber, approvedCerts.Certs[0].SerialNumber) + + // query child certificate, they should not be removed + childCerts, _ := queryApprovedCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + require.Equal(t, 1, len(childCerts.Certs)) + require.Equal(t, testconstants.NocLeafCert1SubjectKeyID, childCerts.SubjectKeyId) + + // check that unique certificate key is removed + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1SerialNumber)) +} + +func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the first NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the first NOC non-root certificate + addNocX509Cert := types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // add the second NOC non-root certificate + addNocX509Cert = types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1Copy) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // add the NOC leaf certificate + addNocX509Cert = types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocLeafCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // Revoke NOC with subject and subject key id and its child too + revokeCert := types.NewMsgRevokeNocX509Cert( + accAddress.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + testconstants.NocCert1SerialNumber, + testconstants.Info, + true, + ) + _, err = setup.Handler(setup.Ctx, revokeCert) + require.NoError(t, err) + + allRevokedCerts, err := queryAllRevokedCertificates(setup) + require.NoError(t, err) + require.Equal(t, 2, len(allRevokedCerts)) + require.Equal(t, 2, len(allRevokedCerts[0].Certs)+len(allRevokedCerts[1].Certs)) + + revokedNocCerts, err := queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedNocCerts.Certs)) + require.Equal(t, testconstants.NocCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) + + // Child certificate should be revoked + revokedNocCerts, err = queryRevokedCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedNocCerts.Certs)) + require.Equal(t, testconstants.NocLeafCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) + + // query child of revoked certificate, they should be revoked + _, err = queryApprovedCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query all certs + certs, err := queryAllApprovedCertificates(setup) + require.NoError(t, err) + require.Equal(t, 2, len(certs)) + require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[0].Certs[0].SerialNumber) + require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[1].Certs[0].SerialNumber) + + // query approved certificates + aprCerts, err := queryApprovedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1CopySubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(aprCerts.Certs)) + require.Equal(t, testconstants.NocCert1CopySerialNumber, aprCerts.Certs[0].SerialNumber) + + // query noc certificate by Subject + certsBySubject, err := queryApprovedCertificatesBySubject(setup, testconstants.NocCert1Subject) + require.NoError(t, err) + require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) + + certsBySubject, err = queryApprovedCertificatesBySubject(setup, testconstants.NocLeafCert1Subject) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query noc certificate by Subject Key ID + aprCertsBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) + require.Equal(t, 1, len(aprCertsBySubjectKeyID)) + require.Equal(t, testconstants.NocCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) + + aprCertsBySubjectKeyID, _ = queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocLeafCert1SubjectKeyID) + require.Equal(t, 0, len(aprCertsBySubjectKeyID)) + + // query noc certificate by VID + nocCerts, err := queryNocCertificates(setup, testconstants.Vid) + require.NoError(t, err) + require.Equal(t, 1, len(nocCerts.Certs)) + require.Equal(t, testconstants.NocCert1CopySerialNumber, nocCerts.Certs[0].SerialNumber) + + // check that unique certificate key is removed + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1SerialNumber)) +} diff --git a/x/pki/keeper/msg_server_remove_x_509_cert.go b/x/pki/keeper/msg_server_remove_x_509_cert.go index 0c8fefb46..3aec721b0 100644 --- a/x/pki/keeper/msg_server_remove_x_509_cert.go +++ b/x/pki/keeper/msg_server_remove_x_509_cert.go @@ -32,7 +32,7 @@ func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX50 } if certificates[0].IsRoot { - return nil, pkitypes.NewErrMessageRemoveRoot(msg.Subject, msg.SubjectKeyId) + return nil, pkitypes.NewErrMessageExpectedNonRoot(msg.Subject, msg.SubjectKeyId) } if err := k.EnsureVidMatches(ctx, certificates[0].Owner, msg.Signer); err != nil { diff --git a/x/pki/keeper/msg_server_revoke_noc_x_509_cert.go b/x/pki/keeper/msg_server_revoke_noc_x_509_cert.go new file mode 100644 index 000000000..3e4334f52 --- /dev/null +++ b/x/pki/keeper/msg_server_revoke_noc_x_509_cert.go @@ -0,0 +1,112 @@ +package keeper + +import ( + "context" + + sdk "github.com/cosmos/cosmos-sdk/types" + + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func (k msgServer) RevokeNocX509Cert(goCtx context.Context, msg *types.MsgRevokeNocX509Cert) (*types.MsgRevokeNocX509CertResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + + signerAddr, err := sdk.AccAddressFromBech32(msg.Signer) + if err != nil { + return nil, pkitypes.NewErrInvalidAddress(err) + } + // check if signer has vendor role + if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) { + return nil, pkitypes.NewErrUnauthorizedRole("MsgRevokeNocX509Cert", dclauthtypes.Vendor) + } + + certificates, _ := k.GetApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId) + if len(certificates.Certs) == 0 { + return nil, pkitypes.NewErrCertificateDoesNotExist(msg.Subject, msg.SubjectKeyId) + } + + cert := certificates.Certs[0] + if cert.IsRoot { + return nil, pkitypes.NewErrMessageExpectedNonRoot(msg.Subject, msg.SubjectKeyId) + } + // Existing certificate must be NOC certificate + if !cert.IsNoc { + return nil, pkitypes.NewErrProvidedNocCertButExistingNotNoc(cert.Subject, cert.SubjectKeyId) + } + + signerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, signerAddr) + signerVid := signerAccount.VendorID + // signer VID must be same as VID of existing certificates + if signerVid != cert.Vid { + return nil, pkitypes.NewErrRootCertVidNotEqualToAccountVid(cert.Vid, signerVid) + } + + if msg.SerialNumber != "" { + err = k._revokeNocCertificate(ctx, msg.SerialNumber, certificates, cert.Vid) + if err != nil { + return nil, err + } + } else { + k._revokeNocCertificates(ctx, certificates, cert.Vid) + } + + if msg.RevokeChild { + // Remove certificate identifier from issuer's ChildCertificates record + k.RevokeChildCertificates(ctx, msg.Subject, msg.SubjectKeyId) + } + + return &types.MsgRevokeNocX509CertResponse{}, nil +} + +func (k msgServer) _revokeNocCertificate( + ctx sdk.Context, + serialNumber string, + certificates types.ApprovedCertificates, + vid int32, +) error { + cert, found := findCertificate(serialNumber, &certificates.Certs) + if !found { + return pkitypes.NewErrCertificateBySerialNumberDoesNotExist( + certificates.Subject, certificates.SubjectKeyId, serialNumber, + ) + } + + revCerts := types.ApprovedCertificates{ + Subject: cert.Subject, + SubjectKeyId: cert.SubjectKeyId, + Certs: []*types.Certificate{cert}, + } + k.AddRevokedCertificates(ctx, revCerts) + + k.removeCertFromList(cert.Issuer, cert.SerialNumber, &certificates) + if len(certificates.Certs) == 0 { + k.RemoveNocCertificate(ctx, certificates.Subject, certificates.SubjectKeyId, vid) + k.RemoveApprovedCertificates(ctx, cert.Subject, cert.SubjectKeyId) + k.RemoveApprovedCertificateBySubject(ctx, cert.Subject, cert.SubjectKeyId) + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, cert.Subject, cert.SubjectKeyId) + } else { + k.RemoveNocCertificateBySerialNumber(ctx, vid, cert.Subject, cert.SubjectKeyId, serialNumber) + k.SetApprovedCertificatesBySubjectKeyID( + ctx, + types.ApprovedCertificatesBySubjectKeyId{SubjectKeyId: cert.SubjectKeyId, Certs: certificates.Certs}, + ) + k.SetApprovedCertificates(ctx, certificates) + } + + return nil +} + +func (k msgServer) _revokeNocCertificates(ctx sdk.Context, certificates types.ApprovedCertificates, vid int32) { + // Add certs into revoked lists + k.AddRevokedCertificates(ctx, certificates) + // remove cert from NOC certs list + k.RemoveNocCertificate(ctx, certificates.Subject, certificates.SubjectKeyId, vid) + // remove cert from approved certs list + k.RemoveApprovedCertificates(ctx, certificates.Subject, certificates.SubjectKeyId) + // remove from subject -> subject key ID map + k.RemoveApprovedCertificateBySubject(ctx, certificates.Subject, certificates.SubjectKeyId) + // remove from subject key ID -> certificates map + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, certificates.Subject, certificates.SubjectKeyId) +} diff --git a/x/pki/keeper/msg_server_revoke_x_509_cert.go b/x/pki/keeper/msg_server_revoke_x_509_cert.go index a8c32e53b..99c2ad0a0 100644 --- a/x/pki/keeper/msg_server_revoke_x_509_cert.go +++ b/x/pki/keeper/msg_server_revoke_x_509_cert.go @@ -28,7 +28,7 @@ func (k msgServer) RevokeX509Cert(goCtx context.Context, msg *types.MsgRevokeX50 } if certificates.Certs[0].IsRoot { - return nil, pkitypes.NewErrMessageRemoveRoot(msg.Subject, msg.SubjectKeyId) + return nil, pkitypes.NewErrMessageExpectedNonRoot(msg.Subject, msg.SubjectKeyId) } if err := k.EnsureVidMatches(ctx, certificates.Certs[0].Owner, msg.Signer); err != nil { diff --git a/x/pki/keeper/noc_certificates.go b/x/pki/keeper/noc_certificates.go index 2149820f2..225a3421c 100644 --- a/x/pki/keeper/noc_certificates.go +++ b/x/pki/keeper/noc_certificates.go @@ -60,11 +60,7 @@ func (k Keeper) AddNocCertificate(ctx sdk.Context, nocCertificate types.Certific } // RemoveNocCertificates removes a nocCertificates from the store. -func (k Keeper) RemoveNocCertificates( - ctx sdk.Context, - vid int32, - -) { +func (k Keeper) RemoveNocCertificates(ctx sdk.Context, vid int32) { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.NocCertificatesKeyPrefix)) store.Delete(types.NocCertificatesKey( vid, @@ -72,13 +68,27 @@ func (k Keeper) RemoveNocCertificates( } func (k Keeper) RemoveNocCertificate(ctx sdk.Context, subject, subjectKeyID string, vid int32) { + k._removeNocCertificates(ctx, vid, func(cert *types.Certificate) bool { + return cert.Subject == subject && cert.SubjectKeyId == subjectKeyID + }) +} + +func (k Keeper) RemoveNocCertificateBySerialNumber(ctx sdk.Context, vid int32, subject, subjectKeyID, serialNumber string) { + k._removeNocCertificates(ctx, vid, func(cert *types.Certificate) bool { + return cert.Subject == subject && cert.SubjectKeyId == subjectKeyID && cert.SerialNumber == serialNumber + }) +} + +func (k Keeper) _removeNocCertificates(ctx sdk.Context, vid int32, filter func(cert *types.Certificate) bool) { certs, found := k.GetNocCertificates(ctx, vid) if !found { return } + numCertsBefore := len(certs.Certs) for i := 0; i < len(certs.Certs); { - if certs.Certs[i].Subject == subject && certs.Certs[i].SubjectKeyId == subjectKeyID { + cert := certs.Certs[i] + if filter(cert) { certs.Certs = append(certs.Certs[:i], certs.Certs[i+1:]...) } else { i++ @@ -87,7 +97,7 @@ func (k Keeper) RemoveNocCertificate(ctx sdk.Context, subject, subjectKeyID stri if len(certs.Certs) == 0 { k.RemoveNocCertificates(ctx, vid) - } else { + } else if numCertsBefore > len(certs.Certs) { // Update state only if any certificate is removed k.SetNocCertificates(ctx, certs) } } diff --git a/x/pki/module_simulation.go b/x/pki/module_simulation.go index fb2dc087c..b13082f41 100644 --- a/x/pki/module_simulation.go +++ b/x/pki/module_simulation.go @@ -85,6 +85,10 @@ const ( // TODO: Determine the simulation weight value. defaultWeightMsgRevokeNocRootX509Cert int = 100 + opWeightMsgRevokeNocX509Cert = "op_weight_msg_create_chain" + // TODO: Determine the simulation weight value. + defaultWeightMsgRevokeNocX509Cert int = 100 + // this line is used by starport scaffolding # simapp/module/const. ) @@ -283,6 +287,17 @@ func (am AppModule) WeightedOperations(simState module.SimulationState) []simtyp pkisimulation.SimulateMsgRevokeNocRootX509Cert(am.keeper), )) + var weightMsgRevokeNocX509Cert int + simState.AppParams.GetOrGenerate(simState.Cdc, opWeightMsgRevokeNocX509Cert, &weightMsgRevokeNocX509Cert, nil, + func(_ *rand.Rand) { + weightMsgRevokeNocX509Cert = defaultWeightMsgRevokeNocX509Cert + }, + ) + operations = append(operations, simulation.NewWeightedOperation( + weightMsgRevokeNocX509Cert, + pkisimulation.SimulateMsgRevokeNocX509Cert(am.keeper), + )) + // this line is used by starport scaffolding # simapp/module/operation return operations diff --git a/x/pki/simulation/revoke_noc_x_509_cert.go b/x/pki/simulation/revoke_noc_x_509_cert.go new file mode 100644 index 000000000..59012c208 --- /dev/null +++ b/x/pki/simulation/revoke_noc_x_509_cert.go @@ -0,0 +1,29 @@ +package simulation + +import ( + "math/rand" + + "github.com/cosmos/cosmos-sdk/baseapp" + sdk "github.com/cosmos/cosmos-sdk/types" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/keeper" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func SimulateMsgRevokeNocX509Cert( + k keeper.Keeper, +) simtypes.Operation { + return func(r *rand.Rand, app *baseapp.BaseApp, ctx sdk.Context, accs []simtypes.Account, chainID string, + ) (simtypes.OperationMsg, []simtypes.FutureOperation, error) { + simAccount, _ := simtypes.RandomAcc(r, accs) + msg := &types.MsgRevokeNocX509Cert{ + Signer: simAccount.Address.String(), + } + + // TODO: Handling the RevokeNocX509Cert simulation + + return simtypes.NoOpMsg(pkitypes.ModuleName, msg.Type(), "RevokeNocX509Cert simulation not implemented"), nil, nil + } +} diff --git a/x/pki/types/codec.go b/x/pki/types/codec.go index b3446d39c..a4819d3a2 100644 --- a/x/pki/types/codec.go +++ b/x/pki/types/codec.go @@ -23,6 +23,7 @@ func RegisterCodec(cdc *codec.LegacyAmino) { cdc.RegisterConcrete(&MsgRemoveX509Cert{}, "pki/RemoveX509Cert", nil) cdc.RegisterConcrete(&MsgAddNocX509Cert{}, "pki/AddNocX509Cert", nil) cdc.RegisterConcrete(&MsgRevokeNocRootX509Cert{}, "pki/RevokeNocRootX509Cert", nil) + cdc.RegisterConcrete(&MsgRevokeNocX509Cert{}, "pki/RevokeNocX509Cert", nil) // this line is used by starport scaffolding # 2 } @@ -72,6 +73,9 @@ func RegisterInterfaces(registry cdctypes.InterfaceRegistry) { registry.RegisterImplementations((*sdk.Msg)(nil), &MsgRevokeNocRootX509Cert{}, ) + registry.RegisterImplementations((*sdk.Msg)(nil), + &MsgRevokeNocX509Cert{}, + ) // this line is used by starport scaffolding # 3 msgservice.RegisterMsgServiceDesc(registry, &_Msg_serviceDesc) diff --git a/x/pki/types/message_revoke_noc_x_509_cert.go b/x/pki/types/message_revoke_noc_x_509_cert.go new file mode 100644 index 000000000..fee7261de --- /dev/null +++ b/x/pki/types/message_revoke_noc_x_509_cert.go @@ -0,0 +1,63 @@ +package types + +import ( + "time" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + "github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator" +) + +const TypeMsgRevokeNocX509Cert = "revoke_noc_x_509_cert" + +var _ sdk.Msg = &MsgRevokeNocX509Cert{} + +func NewMsgRevokeNocX509Cert(signer, subject, subjectKeyID, serialNumber, info string, revokeChild bool) *MsgRevokeNocX509Cert { + return &MsgRevokeNocX509Cert{ + Signer: signer, + Subject: subject, + SubjectKeyId: subjectKeyID, + SerialNumber: serialNumber, + Info: info, + Time: time.Now().Unix(), + RevokeChild: revokeChild, + } +} + +func (msg *MsgRevokeNocX509Cert) Route() string { + return pkitypes.RouterKey +} + +func (msg *MsgRevokeNocX509Cert) Type() string { + return TypeMsgRevokeNocX509Cert +} + +func (msg *MsgRevokeNocX509Cert) GetSigners() []sdk.AccAddress { + signer, err := sdk.AccAddressFromBech32(msg.Signer) + if err != nil { + panic(err) + } + + return []sdk.AccAddress{signer} +} + +func (msg *MsgRevokeNocX509Cert) GetSignBytes() []byte { + bz := ModuleCdc.MustMarshalJSON(msg) + + return sdk.MustSortJSON(bz) +} + +func (msg *MsgRevokeNocX509Cert) ValidateBasic() error { + _, err := sdk.AccAddressFromBech32(msg.Signer) + if err != nil { + return sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid signer address (%s)", err) + } + + err = validator.Validate(msg) + if err != nil { + return err + } + + return nil +} diff --git a/x/pki/types/message_revoke_noc_x_509_cert_test.go b/x/pki/types/message_revoke_noc_x_509_cert_test.go new file mode 100644 index 000000000..a8c0d030d --- /dev/null +++ b/x/pki/types/message_revoke_noc_x_509_cert_test.go @@ -0,0 +1,127 @@ +package types + +import ( + "testing" + + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/stretchr/testify/require" + tmrand "github.com/tendermint/tendermint/libs/rand" + + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/sample" + "github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator" +) + +func TestMsgRevokeNocX509Cert_ValidateBasic(t *testing.T) { + negativeTests := []struct { + name string + msg MsgRevokeNocX509Cert + err error + }{ + { + name: "invalid address", + msg: MsgRevokeNocX509Cert{ + Signer: "invalid_address", + }, + err: sdkerrors.ErrInvalidAddress, + }, + { + name: "empty subject", + msg: MsgRevokeNocX509Cert{ + Signer: sample.AccAddress(), + Subject: "", + SubjectKeyId: testconstants.NocCert1SubjectKeyID, + }, + err: validator.ErrRequiredFieldMissing, + }, + { + name: "empty SubjectKeyId", + msg: MsgRevokeNocX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.NocCert1Subject, + SubjectKeyId: "", + }, + err: validator.ErrRequiredFieldMissing, + }, + { + name: "subject len > 1024 (1 KB)", + msg: MsgRevokeNocX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.NocCert1Subject + tmrand.Str(1025-len(testconstants.NocCert1Subject)), + SubjectKeyId: testconstants.NocCert1SubjectKeyID, + }, + err: validator.ErrFieldMaxLengthExceeded, + }, + { + name: "subject key id len > 256", + msg: MsgRevokeNocX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.NocCert1Subject, + SubjectKeyId: testconstants.NocCert1SubjectKeyID + tmrand.Str(257-len(testconstants.NocCert1SubjectKeyID)), + }, + err: validator.ErrFieldMaxLengthExceeded, + }, + { + name: "info len > 4096", + msg: MsgRevokeNocX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.NocCert1Subject, + SubjectKeyId: testconstants.NocCert1SubjectKeyID, + Info: tmrand.Str(4097), + }, + err: validator.ErrFieldMaxLengthExceeded, + }, + } + positiveTests := []struct { + name string + msg MsgRevokeNocX509Cert + }{ + { + name: "valid revoke x509cert msg", + msg: MsgRevokeNocX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.NocCert1Subject, + SubjectKeyId: testconstants.NocCert1SubjectKeyID, + SerialNumber: testconstants.NocCert1SerialNumber, + Info: testconstants.Info, + Time: 12345, + }, + }, + { + name: "valid revoke x509cert msg with revokeChild true flag", + msg: MsgRevokeNocX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.NocCert1Subject, + SubjectKeyId: testconstants.NocCert1SubjectKeyID, + SerialNumber: testconstants.NocCert1SerialNumber, + Info: testconstants.Info, + Time: 12345, + RevokeChild: true, + }, + }, + { + name: "info field is 4096 characters long", + msg: MsgRevokeNocX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.NocCert1Subject, + SubjectKeyId: testconstants.NocCert1SubjectKeyID, + Info: tmrand.Str(4096), + }, + }, + } + + for _, tt := range negativeTests { + t.Run(tt.name, func(t *testing.T) { + err := tt.msg.ValidateBasic() + require.Error(t, err) + require.ErrorIs(t, err, tt.err) + }) + } + + for _, tt := range positiveTests { + t.Run(tt.name, func(t *testing.T) { + err := tt.msg.ValidateBasic() + require.NoError(t, err) + }) + } +} diff --git a/x/pki/types/tx.pb.go b/x/pki/types/tx.pb.go index c424abf4e..086435ce5 100644 --- a/x/pki/types/tx.pb.go +++ b/x/pki/types/tx.pb.go @@ -1789,6 +1789,134 @@ func (m *MsgRevokeNocRootX509CertResponse) XXX_DiscardUnknown() { var xxx_messageInfo_MsgRevokeNocRootX509CertResponse proto.InternalMessageInfo +type MsgRevokeNocX509Cert struct { + Signer string `protobuf:"bytes,1,opt,name=signer,proto3" json:"signer,omitempty" validate:"required"` + Subject string `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty" validate:"required,max=1024"` + SubjectKeyId string `protobuf:"bytes,3,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty" validate:"required,max=256"` + SerialNumber string `protobuf:"bytes,4,opt,name=serialNumber,proto3" json:"serialNumber,omitempty"` + Info string `protobuf:"bytes,5,opt,name=info,proto3" json:"info,omitempty" validate:"max=4096"` + Time int64 `protobuf:"varint,6,opt,name=time,proto3" json:"time,omitempty"` + RevokeChild bool `protobuf:"varint,7,opt,name=revokeChild,proto3" json:"revokeChild,omitempty"` +} + +func (m *MsgRevokeNocX509Cert) Reset() { *m = MsgRevokeNocX509Cert{} } +func (m *MsgRevokeNocX509Cert) String() string { return proto.CompactTextString(m) } +func (*MsgRevokeNocX509Cert) ProtoMessage() {} +func (*MsgRevokeNocX509Cert) Descriptor() ([]byte, []int) { + return fileDescriptor_badfdb2b39855d16, []int{30} +} +func (m *MsgRevokeNocX509Cert) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *MsgRevokeNocX509Cert) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgRevokeNocX509Cert.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *MsgRevokeNocX509Cert) XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgRevokeNocX509Cert.Merge(m, src) +} +func (m *MsgRevokeNocX509Cert) XXX_Size() int { + return m.Size() +} +func (m *MsgRevokeNocX509Cert) XXX_DiscardUnknown() { + xxx_messageInfo_MsgRevokeNocX509Cert.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgRevokeNocX509Cert proto.InternalMessageInfo + +func (m *MsgRevokeNocX509Cert) GetSigner() string { + if m != nil { + return m.Signer + } + return "" +} + +func (m *MsgRevokeNocX509Cert) GetSubject() string { + if m != nil { + return m.Subject + } + return "" +} + +func (m *MsgRevokeNocX509Cert) GetSubjectKeyId() string { + if m != nil { + return m.SubjectKeyId + } + return "" +} + +func (m *MsgRevokeNocX509Cert) GetSerialNumber() string { + if m != nil { + return m.SerialNumber + } + return "" +} + +func (m *MsgRevokeNocX509Cert) GetInfo() string { + if m != nil { + return m.Info + } + return "" +} + +func (m *MsgRevokeNocX509Cert) GetTime() int64 { + if m != nil { + return m.Time + } + return 0 +} + +func (m *MsgRevokeNocX509Cert) GetRevokeChild() bool { + if m != nil { + return m.RevokeChild + } + return false +} + +type MsgRevokeNocX509CertResponse struct { +} + +func (m *MsgRevokeNocX509CertResponse) Reset() { *m = MsgRevokeNocX509CertResponse{} } +func (m *MsgRevokeNocX509CertResponse) String() string { return proto.CompactTextString(m) } +func (*MsgRevokeNocX509CertResponse) ProtoMessage() {} +func (*MsgRevokeNocX509CertResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_badfdb2b39855d16, []int{31} +} +func (m *MsgRevokeNocX509CertResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *MsgRevokeNocX509CertResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgRevokeNocX509CertResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *MsgRevokeNocX509CertResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgRevokeNocX509CertResponse.Merge(m, src) +} +func (m *MsgRevokeNocX509CertResponse) XXX_Size() int { + return m.Size() +} +func (m *MsgRevokeNocX509CertResponse) XXX_DiscardUnknown() { + xxx_messageInfo_MsgRevokeNocX509CertResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgRevokeNocX509CertResponse proto.InternalMessageInfo + func init() { proto.RegisterType((*MsgProposeAddX509RootCert)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgProposeAddX509RootCert") proto.RegisterType((*MsgProposeAddX509RootCertResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgProposeAddX509RootCertResponse") @@ -1820,97 +1948,102 @@ func init() { proto.RegisterType((*MsgAddNocX509CertResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgAddNocX509CertResponse") proto.RegisterType((*MsgRevokeNocRootX509Cert)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocRootX509Cert") proto.RegisterType((*MsgRevokeNocRootX509CertResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocRootX509CertResponse") + proto.RegisterType((*MsgRevokeNocX509Cert)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocX509Cert") + proto.RegisterType((*MsgRevokeNocX509CertResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocX509CertResponse") } func init() { proto.RegisterFile("pki/tx.proto", fileDescriptor_badfdb2b39855d16) } var fileDescriptor_badfdb2b39855d16 = []byte{ - // 1360 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5a, 0xdf, 0x6f, 0xdb, 0xd4, - 0x17, 0x9f, 0xf3, 0xa3, 0x3f, 0x4e, 0xfb, 0xad, 0xf4, 0xbd, 0xb4, 0x9d, 0xeb, 0x96, 0x24, 0xf3, - 0xaa, 0x2d, 0x12, 0x6d, 0x92, 0x76, 0x4d, 0x59, 0x27, 0x0a, 0x4a, 0x1b, 0xb6, 0x55, 0x6b, 0xab, - 0xe2, 0x76, 0x80, 0x10, 0x62, 0x4a, 0xe2, 0x3b, 0xef, 0x52, 0x27, 0x36, 0xb6, 0x53, 0xb5, 0x7b, - 0xe3, 0x2f, 0x00, 0x09, 0xc1, 0xc3, 0x90, 0x78, 0x83, 0x07, 0x5e, 0x41, 0xbc, 0x22, 0xde, 0x78, - 0x41, 0x9a, 0x10, 0x12, 0x3c, 0x45, 0x53, 0xcb, 0x1b, 0x0f, 0x48, 0x79, 0x47, 0x42, 0xb6, 0x63, - 0x3b, 0x4e, 0xed, 0x34, 0x71, 0x53, 0x69, 0x74, 0x7d, 0xb3, 0x6f, 0xee, 0xf9, 0xdc, 0x73, 0x3e, - 0xe7, 0xe3, 0x7b, 0xcf, 0x3d, 0x0a, 0x0c, 0xcb, 0xbb, 0x24, 0xad, 0xed, 0xa7, 0x64, 0x45, 0xd2, - 0x24, 0x94, 0x7a, 0x4c, 0x84, 0x22, 0xc6, 0x05, 0x51, 0x24, 0x85, 0x4a, 0x09, 0xa7, 0x78, 0xa2, - 0x6a, 0x0a, 0x29, 0x56, 0x35, 0xcc, 0x97, 0xa4, 0xb2, 0x6c, 0x8e, 0x8a, 0x98, 0x17, 0xb0, 0x92, - 0x92, 0x77, 0x09, 0x33, 0x51, 0x92, 0xd4, 0xb2, 0xa4, 0x3e, 0x30, 0xac, 0xd3, 0xe6, 0x8b, 0x09, - 0xc5, 0x8c, 0x0a, 0x92, 0x20, 0x99, 0xe3, 0xfa, 0x93, 0x39, 0xca, 0x3e, 0x09, 0xc1, 0xc4, 0x86, - 0x2a, 0x6c, 0x29, 0x92, 0x2c, 0xa9, 0x38, 0xc7, 0xf3, 0xef, 0x66, 0x33, 0x4b, 0x9c, 0x24, 0x69, - 0xab, 0x58, 0xd1, 0xd0, 0x1d, 0xe8, 0x53, 0x89, 0x50, 0xc1, 0x0a, 0x4d, 0x25, 0xa8, 0xe4, 0xe0, - 0x4a, 0xba, 0x5e, 0x8b, 0xbf, 0xb4, 0x57, 0x10, 0x09, 0x5f, 0xd0, 0xf0, 0x2d, 0x56, 0xc1, 0x1f, - 0x55, 0x89, 0x82, 0x79, 0xf6, 0xd7, 0xef, 0x67, 0x47, 0x1b, 0x8b, 0xe5, 0x78, 0x5e, 0xc1, 0xaa, - 0xba, 0xad, 0x29, 0xa4, 0x22, 0x70, 0x0d, 0x73, 0x74, 0x13, 0x22, 0x25, 0xac, 0x68, 0x74, 0xc8, - 0x80, 0x99, 0xae, 0xd7, 0xe2, 0x89, 0xe3, 0x30, 0x33, 0xe5, 0xc2, 0xfe, 0xf2, 0x5c, 0x66, 0xe1, - 0x66, 0xf6, 0xd5, 0xc5, 0x0c, 0xcb, 0x19, 0x16, 0xe8, 0x15, 0x88, 0x90, 0xca, 0x43, 0x89, 0x0e, - 0x1b, 0x96, 0x97, 0xdd, 0x0e, 0xe8, 0x06, 0x0b, 0x99, 0xa5, 0x45, 0x96, 0x33, 0x26, 0x21, 0x04, - 0x11, 0x8d, 0x94, 0x31, 0x1d, 0x49, 0x50, 0xc9, 0x30, 0x67, 0x3c, 0xa3, 0x25, 0x08, 0xef, 0x11, - 0x9e, 0x8e, 0x26, 0xa8, 0x64, 0x74, 0xe5, 0x7a, 0xbd, 0x16, 0xbf, 0xea, 0xd8, 0x0b, 0x1a, 0x5e, - 0x9e, 0x9b, 0x11, 0x35, 0xbc, 0xbc, 0x98, 0xcd, 0xde, 0xc8, 0xce, 0xd8, 0x01, 0x71, 0xba, 0x0d, - 0x7b, 0x15, 0xae, 0xf8, 0x72, 0xc3, 0x61, 0x55, 0x96, 0x2a, 0x2a, 0x66, 0xbf, 0x31, 0x19, 0xcc, - 0xc9, 0xb2, 0x22, 0xed, 0x9d, 0x1d, 0x83, 0xb7, 0xa0, 0x5f, 0xad, 0x16, 0x3f, 0xc4, 0x25, 0x8b, - 0xc4, 0x44, 0xbd, 0x16, 0x9f, 0xf2, 0x25, 0x71, 0x7e, 0x81, 0xe5, 0x2c, 0x03, 0xb4, 0x0a, 0xc3, - 0x8d, 0xc7, 0x7b, 0xf8, 0x60, 0x8d, 0x6f, 0x70, 0x19, 0xaf, 0xd7, 0xe2, 0x93, 0x3e, 0x00, 0xf3, - 0xd9, 0x45, 0x96, 0x73, 0x19, 0xd9, 0x89, 0x88, 0x74, 0x93, 0x88, 0xa8, 0x93, 0x88, 0x06, 0x9b, - 0xde, 0x3c, 0xd9, 0x6c, 0xfe, 0x46, 0xc1, 0x88, 0x3e, 0xcb, 0xfc, 0xf9, 0xbc, 0x88, 0x90, 0xa5, - 0x61, 0xdc, 0x1d, 0x95, 0x1d, 0xf0, 0xdf, 0x21, 0x98, 0x72, 0x44, 0xc6, 0xe1, 0x3d, 0x69, 0x17, - 0x5f, 0x28, 0xc8, 0x53, 0x41, 0x88, 0x85, 0x61, 0x15, 0x2b, 0xa4, 0x20, 0x6e, 0x56, 0xcb, 0x45, - 0xac, 0xd0, 0x7d, 0x3a, 0x10, 0xe7, 0x1a, 0x43, 0x09, 0x18, 0x52, 0x0c, 0x12, 0x57, 0x1f, 0x11, - 0x91, 0xa7, 0xfb, 0x13, 0x54, 0x72, 0x80, 0x6b, 0x1e, 0x62, 0xaf, 0xc1, 0x74, 0x3b, 0xc2, 0xed, - 0xcc, 0xfc, 0x62, 0x66, 0xa6, 0x21, 0xd8, 0x17, 0x22, 0x33, 0xd1, 0x6e, 0x32, 0xd3, 0xd7, 0x26, - 0x33, 0xfd, 0xc7, 0x33, 0xd3, 0xe0, 0xdd, 0x97, 0x4e, 0x9b, 0xf7, 0x3f, 0x43, 0xf0, 0xff, 0x0d, - 0x55, 0x70, 0x66, 0x5c, 0x7c, 0x06, 0x67, 0xf1, 0x19, 0x4c, 0x1a, 0xc7, 0x96, 0x9b, 0x65, 0x3b, - 0x07, 0x5f, 0x87, 0x80, 0x36, 0x7e, 0xd5, 0xdd, 0xbe, 0x38, 0xd3, 0x7c, 0xcf, 0x34, 0x16, 0x12, - 0x7e, 0x34, 0xd9, 0x5c, 0x7e, 0x19, 0x35, 0x85, 0xcf, 0xf3, 0x5b, 0xbb, 0x44, 0xe7, 0xbb, 0x54, - 0xd0, 0x88, 0x54, 0xc9, 0x5b, 0xa5, 0x1c, 0x91, 0x2a, 0x5b, 0x12, 0xa9, 0xf4, 0x90, 0xd7, 0x46, - 0xc9, 0x13, 0xea, 0xbe, 0xe4, 0x41, 0x19, 0x08, 0xcb, 0xc4, 0x64, 0x33, 0xba, 0x12, 0xab, 0xd7, - 0xe2, 0x8c, 0xdb, 0x34, 0xe3, 0x98, 0xb2, 0x9c, 0x3e, 0x15, 0x8d, 0x42, 0x94, 0xa8, 0x5b, 0xb9, - 0x9c, 0x41, 0xe2, 0x00, 0x67, 0xbe, 0xa0, 0x59, 0x88, 0x8a, 0x85, 0x22, 0x16, 0xbd, 0xb7, 0x14, - 0x67, 0x51, 0x73, 0x16, 0xba, 0x07, 0xa3, 0x25, 0x45, 0xdc, 0x36, 0xdc, 0xd7, 0xc9, 0x23, 0x0f, - 0x49, 0xa9, 0xa0, 0x99, 0x7b, 0x4c, 0x1b, 0x6b, 0x4f, 0x23, 0x74, 0x07, 0x10, 0x51, 0xd5, 0x2a, - 0x56, 0xb6, 0x9d, 0x5c, 0xe7, 0xcd, 0x2d, 0xc9, 0x1f, 0xca, 0xc3, 0x04, 0x65, 0xa1, 0x9f, 0x2f, - 0x68, 0x85, 0xfb, 0xdc, 0x3a, 0x3d, 0x60, 0x58, 0x4f, 0xd6, 0x6b, 0xf1, 0xcb, 0x1e, 0xf2, 0xaa, - 0x2a, 0x22, 0xcb, 0x59, 0x73, 0xf5, 0xef, 0x53, 0x7f, 0xbc, 0x4d, 0x44, 0xbc, 0x4d, 0x1e, 0x63, - 0x7a, 0x30, 0x41, 0x25, 0x23, 0x9c, 0x6b, 0x0c, 0xc5, 0x00, 0xf4, 0xf7, 0x3c, 0x11, 0xb0, 0xaa, - 0xd1, 0x60, 0x7c, 0xc1, 0x4d, 0x23, 0xe8, 0x1a, 0x8c, 0x38, 0x6f, 0x3b, 0x07, 0x32, 0xa6, 0x87, - 0x12, 0x54, 0xf2, 0x7f, 0x5c, 0xcb, 0x28, 0x7a, 0x03, 0x46, 0x14, 0x5b, 0x52, 0xc6, 0xbc, 0x61, - 0x7d, 0x9e, 0x7f, 0x9c, 0x2d, 0xd3, 0xd9, 0x14, 0xcc, 0x74, 0x22, 0x4e, 0x5b, 0xcd, 0xff, 0x84, - 0xe1, 0xfa, 0x86, 0x2a, 0xdc, 0x97, 0x75, 0xe0, 0xff, 0x80, 0xa0, 0x6d, 0x21, 0x86, 0x3b, 0x12, - 0xe2, 0xbc, 0x8f, 0x10, 0x8d, 0x1d, 0xa2, 0x2b, 0xbd, 0x45, 0xbb, 0xd7, 0xdb, 0xa2, 0xa3, 0x37, - 0x53, 0xf8, 0x53, 0xf5, 0x5a, 0x9c, 0x76, 0xac, 0xa5, 0x32, 0xd1, 0x70, 0x59, 0xd6, 0x0e, 0x4e, - 0x10, 0x5c, 0xff, 0x89, 0x82, 0x1b, 0xe8, 0x40, 0x70, 0x83, 0x5e, 0x82, 0x63, 0xe7, 0x20, 0xdd, - 0x61, 0xfa, 0x9b, 0x0f, 0x13, 0x5d, 0x32, 0x79, 0x2c, 0xe2, 0xf3, 0x28, 0x19, 0xef, 0xf4, 0x47, - 0xba, 0x4e, 0x7f, 0x83, 0xda, 0x4e, 0x68, 0xb2, 0xa9, 0xfd, 0x2c, 0x04, 0xc3, 0xfa, 0xe7, 0xab, - 0xea, 0x51, 0xbf, 0x4d, 0xf8, 0x73, 0x74, 0x36, 0x37, 0x12, 0x18, 0x09, 0x70, 0x6f, 0x1f, 0x87, - 0xd1, 0x66, 0x52, 0x6c, 0xb6, 0x9e, 0x50, 0x30, 0x66, 0x6e, 0x76, 0x9b, 0x52, 0xe9, 0x39, 0x6b, - 0x74, 0xb0, 0x71, 0x78, 0xd9, 0xd3, 0x37, 0xdb, 0xfb, 0x8f, 0xad, 0xba, 0xb8, 0x2c, 0xed, 0x9d, - 0xc7, 0xba, 0xb8, 0xb5, 0xac, 0x8d, 0x78, 0xdc, 0x21, 0xac, 0xa2, 0xb5, 0x99, 0x02, 0x9b, 0xa0, - 0x2f, 0x28, 0x83, 0x20, 0x87, 0xc2, 0xe7, 0x25, 0xb5, 0xa6, 0xd7, 0x6e, 0xbf, 0x6c, 0xaf, 0xff, - 0xb2, 0x4a, 0x6d, 0xbd, 0x10, 0xdf, 0x94, 0x4a, 0x7a, 0xde, 0x5f, 0xcc, 0xec, 0x9e, 0xfe, 0x1a, - 0x7a, 0xf2, 0xad, 0xc7, 0x2a, 0xd8, 0x3d, 0xc8, 0xb6, 0x32, 0x32, 0xff, 0xd3, 0x18, 0x84, 0x37, - 0x54, 0x01, 0xfd, 0x40, 0xc1, 0xb8, 0x4f, 0x63, 0x74, 0xad, 0xcb, 0xc6, 0x6c, 0xca, 0xb7, 0x8f, - 0xc8, 0xbc, 0xd5, 0x33, 0x28, 0x2b, 0x00, 0xc3, 0x71, 0x9f, 0x7e, 0x64, 0x10, 0xc7, 0xbd, 0xa1, - 0x02, 0x39, 0xde, 0xbe, 0xfb, 0x87, 0x3e, 0xa7, 0x60, 0xa8, 0xb9, 0xf5, 0xf7, 0x7a, 0x90, 0x25, - 0x1c, 0x7b, 0xe6, 0xf6, 0xe9, 0xec, 0x6d, 0xbf, 0x7e, 0xa4, 0x60, 0xc2, 0xbf, 0x43, 0xb7, 0x1e, - 0x3c, 0x83, 0xc7, 0xd1, 0x98, 0x9d, 0x5e, 0xa2, 0xb9, 0x22, 0xf0, 0xef, 0x64, 0xad, 0x07, 0x4f, - 0x65, 0x8f, 0x22, 0x38, 0xb1, 0x2d, 0x84, 0xbe, 0xa2, 0x60, 0xa4, 0xa5, 0x27, 0x94, 0x0b, 0xb0, - 0x90, 0x1b, 0x82, 0x59, 0x3b, 0x35, 0x84, 0xed, 0xe0, 0x77, 0x14, 0x8c, 0x79, 0x37, 0x4c, 0xee, - 0x06, 0x5a, 0xc4, 0x03, 0x89, 0xd9, 0xea, 0x15, 0x92, 0xed, 0xf5, 0xef, 0x14, 0x5c, 0x39, 0xb9, - 0x35, 0xb1, 0x13, 0xec, 0x43, 0x6a, 0x8f, 0xca, 0xbc, 0x7f, 0x16, 0xa8, 0x76, 0x64, 0xcf, 0x28, - 0x98, 0xee, 0xe8, 0x9a, 0xfa, 0x4e, 0x00, 0x37, 0x3a, 0x01, 0x66, 0x1e, 0x9c, 0x11, 0xb0, 0x2b, - 0xc4, 0x8e, 0xae, 0x55, 0x41, 0x42, 0xec, 0x04, 0x38, 0x50, 0x88, 0xdd, 0xdc, 0x70, 0xd0, 0x27, - 0x14, 0x0c, 0x3a, 0xd7, 0x9b, 0xd7, 0x82, 0x28, 0xc6, 0xb2, 0x66, 0xf2, 0xa7, 0xb1, 0xb6, 0x3d, - 0xfa, 0x96, 0x02, 0xe4, 0x71, 0x85, 0x78, 0x33, 0x98, 0x98, 0x5b, 0x60, 0x98, 0x8d, 0x9e, 0xc0, - 0xb4, 0xec, 0x9a, 0xae, 0x1b, 0x43, 0xb0, 0x5d, 0xb3, 0x19, 0x22, 0xe0, 0xae, 0xe9, 0x55, 0xb4, - 0x1b, 0x0e, 0xb6, 0x54, 0xec, 0xb9, 0x53, 0x51, 0x10, 0xd8, 0x41, 0xef, 0xfa, 0xbc, 0xb1, 0xad, - 0x7b, 0x15, 0xe7, 0x77, 0x03, 0x9f, 0x1d, 0x2d, 0x48, 0x01, 0xb7, 0xf5, 0x36, 0x35, 0xec, 0xca, - 0x07, 0x3f, 0x1f, 0xc6, 0xa8, 0xa7, 0x87, 0x31, 0xea, 0xd9, 0x61, 0x8c, 0xfa, 0xf4, 0x28, 0x76, - 0xe9, 0xe9, 0x51, 0xec, 0xd2, 0x1f, 0x47, 0xb1, 0x4b, 0xef, 0xe5, 0x05, 0xa2, 0x3d, 0xaa, 0x16, - 0x53, 0x25, 0xa9, 0x9c, 0x36, 0x57, 0x9d, 0xb5, 0x96, 0x4d, 0x37, 0x2d, 0x3b, 0xeb, 0xac, 0x3b, - 0x6b, 0x2e, 0x9c, 0xde, 0x4f, 0x1b, 0xff, 0x4d, 0x38, 0x90, 0xb1, 0x5a, 0xec, 0x33, 0xfe, 0x3e, - 0x70, 0xe3, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8f, 0x58, 0xd1, 0xc0, 0xaf, 0x20, 0x00, 0x00, + // 1397 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5a, 0xdd, 0x6f, 0xdb, 0x54, + 0x14, 0x9f, 0xf3, 0xd1, 0x8f, 0xb3, 0x52, 0x69, 0x97, 0xae, 0xf3, 0xbc, 0x91, 0x64, 0xde, 0xb4, + 0x45, 0xa2, 0x4d, 0xb2, 0x6e, 0x29, 0xdb, 0xc4, 0x40, 0xe9, 0xc2, 0x3e, 0xb4, 0xb6, 0x2a, 0x6e, + 0x07, 0x08, 0x21, 0xa6, 0x24, 0xbe, 0xf3, 0x2e, 0x75, 0x62, 0x63, 0x3b, 0x55, 0xbb, 0x37, 0xfe, + 0x02, 0x90, 0x10, 0x3c, 0x0c, 0x89, 0x37, 0x40, 0xe2, 0x15, 0xc4, 0x2b, 0xaf, 0xbc, 0x20, 0x4d, + 0x08, 0x09, 0x9e, 0xa2, 0xa9, 0x45, 0xe2, 0x61, 0x0f, 0x48, 0x79, 0x47, 0x42, 0xb6, 0xe3, 0xeb, + 0x38, 0xb5, 0xd3, 0xc4, 0x49, 0xa5, 0xd1, 0xf5, 0xcd, 0xbe, 0xb9, 0xe7, 0x77, 0xcf, 0xf9, 0x9d, + 0x9f, 0xef, 0xbd, 0xe7, 0x28, 0x30, 0xa1, 0xae, 0x93, 0xac, 0xb1, 0x99, 0x51, 0x35, 0xc5, 0x50, + 0x50, 0xe6, 0x11, 0x91, 0xca, 0x18, 0x97, 0x64, 0x99, 0x94, 0x6a, 0x15, 0x9c, 0x11, 0x89, 0x6e, + 0x68, 0xa4, 0x5c, 0x37, 0xb0, 0x58, 0x51, 0xaa, 0xaa, 0x3d, 0x2a, 0x63, 0x51, 0xc2, 0x5a, 0x46, + 0x5d, 0x27, 0xdc, 0xc9, 0x8a, 0xa2, 0x57, 0x15, 0xfd, 0xbe, 0x65, 0x9d, 0xb5, 0x5f, 0x6c, 0x28, + 0x6e, 0x4a, 0x52, 0x24, 0xc5, 0x1e, 0x37, 0x9f, 0xec, 0x51, 0xfe, 0x71, 0x04, 0x4e, 0x2e, 0xe9, + 0xd2, 0x8a, 0xa6, 0xa8, 0x8a, 0x8e, 0x0b, 0xa2, 0xf8, 0x5e, 0x3e, 0x77, 0x55, 0x50, 0x14, 0xe3, + 0x06, 0xd6, 0x0c, 0x74, 0x0b, 0x46, 0x74, 0x22, 0xd5, 0xb0, 0xc6, 0x32, 0x29, 0x26, 0x3d, 0xbe, + 0x90, 0x6d, 0x36, 0x92, 0x2f, 0x6f, 0x94, 0x64, 0x22, 0x96, 0x0c, 0x7c, 0x8d, 0xd7, 0xf0, 0xc7, + 0x75, 0xa2, 0x61, 0x91, 0xff, 0xed, 0xc7, 0xd9, 0xa9, 0xd6, 0x62, 0x05, 0x51, 0xd4, 0xb0, 0xae, + 0xaf, 0x1a, 0x1a, 0xa9, 0x49, 0x42, 0xcb, 0x1c, 0x5d, 0x81, 0x58, 0x05, 0x6b, 0x06, 0x1b, 0xb1, + 0x60, 0xce, 0x35, 0x1b, 0xc9, 0xd4, 0x6e, 0x98, 0x99, 0x6a, 0x69, 0xf3, 0xfa, 0xc5, 0xdc, 0xe5, + 0x2b, 0xf9, 0xd7, 0xe6, 0x73, 0xbc, 0x60, 0x59, 0xa0, 0x57, 0x21, 0x46, 0x6a, 0x0f, 0x14, 0x36, + 0x6a, 0x59, 0x9e, 0xf0, 0x3a, 0x60, 0x1a, 0x5c, 0xce, 0x5d, 0x9d, 0xe7, 0x05, 0x6b, 0x12, 0x42, + 0x10, 0x33, 0x48, 0x15, 0xb3, 0xb1, 0x14, 0x93, 0x8e, 0x0a, 0xd6, 0x33, 0xba, 0x0a, 0xd1, 0x0d, + 0x22, 0xb2, 0xf1, 0x14, 0x93, 0x8e, 0x2f, 0x5c, 0x68, 0x36, 0x92, 0x67, 0x5d, 0x7b, 0xc9, 0xc0, + 0xd7, 0x2f, 0xce, 0xc8, 0x06, 0xbe, 0x3e, 0x9f, 0xcf, 0x5f, 0xca, 0xcf, 0xd0, 0x80, 0x04, 0xd3, + 0x86, 0x3f, 0x0b, 0x67, 0x02, 0xb9, 0x11, 0xb0, 0xae, 0x2a, 0x35, 0x1d, 0xf3, 0xdf, 0xda, 0x0c, + 0x16, 0x54, 0x55, 0x53, 0x36, 0xf6, 0x8f, 0xc1, 0x6b, 0x30, 0xaa, 0xd7, 0xcb, 0x1f, 0xe1, 0x8a, + 0x43, 0x62, 0xaa, 0xd9, 0x48, 0x9e, 0x0e, 0x24, 0x71, 0xee, 0x32, 0x2f, 0x38, 0x06, 0xe8, 0x06, + 0x4c, 0xb4, 0x1e, 0xef, 0xe2, 0xad, 0x3b, 0x62, 0x8b, 0xcb, 0x64, 0xb3, 0x91, 0x3c, 0x15, 0x00, + 0x30, 0x97, 0x9f, 0xe7, 0x05, 0x8f, 0x11, 0x4d, 0x44, 0xac, 0x9f, 0x44, 0xc4, 0xdd, 0x44, 0xb4, + 0xd8, 0xf4, 0xe7, 0x89, 0xb2, 0xf9, 0x3b, 0x03, 0x93, 0xe6, 0x2c, 0xfb, 0xe7, 0x83, 0x22, 0x42, + 0x9e, 0x85, 0x69, 0x6f, 0x54, 0x34, 0xe0, 0x7f, 0x22, 0x70, 0xda, 0x15, 0x99, 0x80, 0x37, 0x94, + 0x75, 0x7c, 0xa8, 0x20, 0x5f, 0x05, 0x21, 0x1e, 0x26, 0x74, 0xac, 0x91, 0x92, 0xbc, 0x5c, 0xaf, + 0x96, 0xb1, 0xc6, 0x8e, 0x98, 0x40, 0x82, 0x67, 0x0c, 0xa5, 0xe0, 0xa8, 0x66, 0x91, 0x78, 0xe3, + 0x21, 0x91, 0x45, 0x76, 0x34, 0xc5, 0xa4, 0xc7, 0x84, 0xf6, 0x21, 0xfe, 0x3c, 0x9c, 0xeb, 0x46, + 0x38, 0xcd, 0xcc, 0xaf, 0x76, 0x66, 0x5a, 0x82, 0x7d, 0x21, 0x32, 0x13, 0xef, 0x27, 0x33, 0x23, + 0x5d, 0x32, 0x33, 0xba, 0x3b, 0x33, 0x2d, 0xde, 0x03, 0xe9, 0xa4, 0xbc, 0xff, 0x15, 0x81, 0x63, + 0x4b, 0xba, 0xe4, 0xce, 0x38, 0xfc, 0x0c, 0xf6, 0xe3, 0x33, 0x38, 0x65, 0x1d, 0x5b, 0x5e, 0x96, + 0x69, 0x0e, 0xbe, 0x89, 0x00, 0x6b, 0xfd, 0x6a, 0xba, 0x7d, 0x78, 0xa6, 0x05, 0x9e, 0x69, 0x3c, + 0xa4, 0x82, 0x68, 0xa2, 0x5c, 0x7e, 0x15, 0xb7, 0x85, 0x2f, 0x8a, 0x2b, 0xeb, 0xc4, 0xe4, 0xbb, + 0x52, 0x32, 0x88, 0x52, 0x2b, 0x3a, 0x57, 0x39, 0xa2, 0xd4, 0x56, 0x14, 0x52, 0x1b, 0x22, 0xaf, + 0xad, 0x2b, 0x4f, 0xa4, 0xff, 0x2b, 0x0f, 0xca, 0x41, 0x54, 0x25, 0x36, 0x9b, 0xf1, 0x85, 0x44, + 0xb3, 0x91, 0xe4, 0xbc, 0xa6, 0x39, 0xd7, 0x94, 0x17, 0xcc, 0xa9, 0x68, 0x0a, 0xe2, 0x44, 0x5f, + 0x29, 0x14, 0x2c, 0x12, 0xc7, 0x04, 0xfb, 0x05, 0xcd, 0x42, 0x5c, 0x2e, 0x95, 0xb1, 0xec, 0xbf, + 0xa5, 0xb8, 0x8b, 0xda, 0xb3, 0xd0, 0x5d, 0x98, 0xaa, 0x68, 0xf2, 0xaa, 0xe5, 0xbe, 0x49, 0x1e, + 0x79, 0x40, 0x2a, 0x25, 0xc3, 0xde, 0x63, 0xba, 0x58, 0xfb, 0x1a, 0xa1, 0x5b, 0x80, 0x88, 0xae, + 0xd7, 0xb1, 0xb6, 0xea, 0xe6, 0xba, 0x68, 0x6f, 0x49, 0xc1, 0x50, 0x3e, 0x26, 0x28, 0x0f, 0xa3, + 0x62, 0xc9, 0x28, 0xdd, 0x13, 0x16, 0xd9, 0x31, 0xcb, 0xfa, 0x54, 0xb3, 0x91, 0x3c, 0xe1, 0x23, + 0xaf, 0xba, 0x26, 0xf3, 0x82, 0x33, 0xd7, 0xfc, 0x3e, 0xcd, 0xc7, 0x9b, 0x44, 0xc6, 0xab, 0xe4, + 0x11, 0x66, 0xc7, 0x53, 0x4c, 0x3a, 0x26, 0x78, 0xc6, 0x50, 0x02, 0xc0, 0x7c, 0x2f, 0x12, 0x09, + 0xeb, 0x06, 0x0b, 0xd6, 0x17, 0xdc, 0x36, 0x82, 0xce, 0xc3, 0xa4, 0xfb, 0xb6, 0xb6, 0xa5, 0x62, + 0xf6, 0x68, 0x8a, 0x49, 0xbf, 0x24, 0x74, 0x8c, 0xa2, 0x37, 0x61, 0x52, 0xa3, 0x92, 0xb2, 0xe6, + 0x4d, 0x98, 0xf3, 0x82, 0xe3, 0xec, 0x98, 0xce, 0x67, 0x60, 0xa6, 0x17, 0x71, 0x52, 0x35, 0xff, + 0x1b, 0x85, 0x0b, 0x4b, 0xba, 0x74, 0x4f, 0x35, 0x81, 0xff, 0x07, 0x82, 0xa6, 0x42, 0x8c, 0xf6, + 0x24, 0xc4, 0xb9, 0x00, 0x21, 0x5a, 0x3b, 0x44, 0x5f, 0x7a, 0x8b, 0xf7, 0xaf, 0xb7, 0x79, 0x57, + 0x6f, 0xb6, 0xf0, 0x4f, 0x37, 0x1b, 0x49, 0xd6, 0xb5, 0x56, 0xaa, 0xc4, 0xc0, 0x55, 0xd5, 0xd8, + 0xda, 0x43, 0x70, 0xa3, 0x7b, 0x0a, 0x6e, 0xac, 0x07, 0xc1, 0x8d, 0xfb, 0x09, 0x8e, 0xbf, 0x08, + 0xd9, 0x1e, 0xd3, 0xdf, 0x7e, 0x98, 0x98, 0x92, 0x29, 0x62, 0x19, 0x1f, 0x44, 0xc9, 0xf8, 0xa7, + 0x3f, 0xd6, 0x77, 0xfa, 0x5b, 0xd4, 0xf6, 0x42, 0x13, 0xa5, 0xf6, 0xf3, 0x08, 0x4c, 0x98, 0x9f, + 0xaf, 0x6e, 0x46, 0xfd, 0x0e, 0x11, 0x0f, 0xd0, 0xd9, 0xdc, 0x4a, 0x60, 0x2c, 0x44, 0xdd, 0x3e, + 0x0d, 0x53, 0xed, 0xa4, 0x50, 0xb6, 0x1e, 0x33, 0x70, 0xdc, 0xde, 0xec, 0x96, 0x95, 0xca, 0x73, + 0xd6, 0xe8, 0xe0, 0x93, 0xf0, 0x8a, 0xaf, 0x6f, 0xd4, 0xfb, 0x4f, 0x9c, 0x7b, 0x71, 0x55, 0xd9, + 0x38, 0x88, 0xf7, 0xe2, 0xce, 0x6b, 0x6d, 0xcc, 0xa7, 0x86, 0x70, 0x2e, 0xad, 0xed, 0x14, 0x50, + 0x82, 0xbe, 0x64, 0x2c, 0x82, 0x5c, 0x0a, 0x9f, 0x97, 0xd4, 0xda, 0x5e, 0x7b, 0xfd, 0xa2, 0x5e, + 0x3f, 0x73, 0xae, 0xda, 0xe6, 0x45, 0x7c, 0x59, 0xa9, 0x98, 0x79, 0x7f, 0x31, 0xb3, 0x3b, 0x78, + 0x19, 0xba, 0x77, 0xd5, 0xe3, 0x5c, 0xd8, 0x7d, 0xc8, 0xa6, 0x19, 0xf9, 0x3b, 0x62, 0xed, 0x1f, + 0x74, 0xd2, 0x61, 0x36, 0xf6, 0x2b, 0x1b, 0x09, 0xab, 0xc3, 0xb2, 0x8b, 0x68, 0x27, 0x13, 0x73, + 0xcf, 0xa6, 0x21, 0xba, 0xa4, 0x4b, 0xe8, 0x27, 0x06, 0xa6, 0x03, 0x5a, 0xd4, 0x77, 0xfa, 0x6c, + 0x91, 0x67, 0x02, 0x3b, 0xba, 0xdc, 0xdb, 0x43, 0x83, 0x72, 0x02, 0xb0, 0x1c, 0x0f, 0xe8, 0x0c, + 0x87, 0x71, 0xdc, 0x1f, 0x2a, 0x94, 0xe3, 0xdd, 0xfb, 0xb0, 0xe8, 0x0b, 0x06, 0x8e, 0xb6, 0x37, + 0x61, 0xdf, 0x08, 0xb3, 0x84, 0x6b, 0xcf, 0xdd, 0x1c, 0xcc, 0x9e, 0xfa, 0xf5, 0x33, 0x03, 0x27, + 0x83, 0x7b, 0xa5, 0x8b, 0xe1, 0x33, 0xb8, 0x1b, 0x8d, 0x5b, 0x1b, 0x26, 0x9a, 0x27, 0x82, 0xe0, + 0x9e, 0xe2, 0x62, 0xf8, 0x54, 0x0e, 0x29, 0x82, 0x3d, 0x1b, 0x74, 0xe8, 0x6b, 0x06, 0x26, 0x3b, + 0xba, 0x73, 0x85, 0x10, 0x0b, 0x79, 0x21, 0xb8, 0x3b, 0x03, 0x43, 0x50, 0x07, 0x7f, 0x60, 0xe0, + 0xb8, 0x7f, 0xeb, 0xea, 0x76, 0xa8, 0x45, 0x7c, 0x90, 0xb8, 0x95, 0x61, 0x21, 0x51, 0xaf, 0xff, + 0x60, 0xe0, 0xcc, 0xde, 0x4d, 0xa2, 0xb5, 0x70, 0x1f, 0x52, 0x77, 0x54, 0xee, 0x83, 0xfd, 0x40, + 0xa5, 0x91, 0x3d, 0x65, 0xe0, 0x5c, 0x4f, 0x0d, 0x83, 0x77, 0x43, 0xb8, 0xd1, 0x0b, 0x30, 0x77, + 0x7f, 0x9f, 0x80, 0x3d, 0x21, 0xf6, 0x54, 0xe0, 0x86, 0x09, 0xb1, 0x17, 0xe0, 0x50, 0x21, 0xf6, + 0x53, 0x6b, 0xa2, 0x4f, 0x19, 0x18, 0x77, 0x0b, 0xcd, 0xd7, 0xc3, 0x28, 0xc6, 0xb1, 0xe6, 0x8a, + 0x83, 0x58, 0x53, 0x8f, 0xbe, 0x67, 0x00, 0xf9, 0x14, 0x73, 0x6f, 0x85, 0x13, 0x73, 0x07, 0x0c, + 0xb7, 0x34, 0x14, 0x98, 0x8e, 0x5d, 0xd3, 0x53, 0xbb, 0x85, 0xdb, 0x35, 0xdb, 0x21, 0x42, 0xee, + 0x9a, 0x7e, 0xe5, 0x93, 0xe5, 0x60, 0x47, 0xed, 0x54, 0x18, 0x88, 0x82, 0xd0, 0x0e, 0xfa, 0x57, + 0x4a, 0xad, 0x6d, 0xdd, 0xaf, 0x4c, 0xba, 0x1d, 0xfa, 0xec, 0xe8, 0x40, 0x0a, 0xb9, 0xad, 0x77, + 0xa9, 0x26, 0xd0, 0x77, 0x0c, 0x1c, 0xdb, 0x5d, 0x4a, 0x14, 0x07, 0x59, 0x87, 0x7a, 0xbb, 0x38, + 0x0c, 0x14, 0xc7, 0xd3, 0x85, 0x0f, 0x7f, 0xd9, 0x4e, 0x30, 0x4f, 0xb6, 0x13, 0xcc, 0xd3, 0xed, + 0x04, 0xf3, 0xd9, 0x4e, 0xe2, 0xc8, 0x93, 0x9d, 0xc4, 0x91, 0x3f, 0x77, 0x12, 0x47, 0xde, 0x2f, + 0x4a, 0xc4, 0x78, 0x58, 0x2f, 0x67, 0x2a, 0x4a, 0x35, 0x6b, 0xaf, 0x38, 0xeb, 0x2c, 0x99, 0x6d, + 0x5b, 0x72, 0xd6, 0x5d, 0x73, 0xd6, 0x5e, 0x34, 0xbb, 0x99, 0xb5, 0xfe, 0xcf, 0xb2, 0xa5, 0x62, + 0xbd, 0x3c, 0x62, 0xfd, 0xe5, 0xe4, 0xd2, 0x7f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xe5, 0xfe, 0x7a, + 0xee, 0xe3, 0x22, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1940,6 +2073,7 @@ type MsgClient interface { RemoveX509Cert(ctx context.Context, in *MsgRemoveX509Cert, opts ...grpc.CallOption) (*MsgRemoveX509CertResponse, error) AddNocX509Cert(ctx context.Context, in *MsgAddNocX509Cert, opts ...grpc.CallOption) (*MsgAddNocX509CertResponse, error) RevokeNocRootX509Cert(ctx context.Context, in *MsgRevokeNocRootX509Cert, opts ...grpc.CallOption) (*MsgRevokeNocRootX509CertResponse, error) + RevokeNocX509Cert(ctx context.Context, in *MsgRevokeNocX509Cert, opts ...grpc.CallOption) (*MsgRevokeNocX509CertResponse, error) } type msgClient struct { @@ -2085,6 +2219,15 @@ func (c *msgClient) RevokeNocRootX509Cert(ctx context.Context, in *MsgRevokeNocR return out, nil } +func (c *msgClient) RevokeNocX509Cert(ctx context.Context, in *MsgRevokeNocX509Cert, opts ...grpc.CallOption) (*MsgRevokeNocX509CertResponse, error) { + out := new(MsgRevokeNocX509CertResponse) + err := c.cc.Invoke(ctx, "/zigbeealliance.distributedcomplianceledger.pki.Msg/RevokeNocX509Cert", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // MsgServer is the server API for Msg service. type MsgServer interface { ProposeAddX509RootCert(context.Context, *MsgProposeAddX509RootCert) (*MsgProposeAddX509RootCertResponse, error) @@ -2102,6 +2245,7 @@ type MsgServer interface { RemoveX509Cert(context.Context, *MsgRemoveX509Cert) (*MsgRemoveX509CertResponse, error) AddNocX509Cert(context.Context, *MsgAddNocX509Cert) (*MsgAddNocX509CertResponse, error) RevokeNocRootX509Cert(context.Context, *MsgRevokeNocRootX509Cert) (*MsgRevokeNocRootX509CertResponse, error) + RevokeNocX509Cert(context.Context, *MsgRevokeNocX509Cert) (*MsgRevokeNocX509CertResponse, error) } // UnimplementedMsgServer can be embedded to have forward compatible implementations. @@ -2153,6 +2297,9 @@ func (*UnimplementedMsgServer) AddNocX509Cert(ctx context.Context, req *MsgAddNo func (*UnimplementedMsgServer) RevokeNocRootX509Cert(ctx context.Context, req *MsgRevokeNocRootX509Cert) (*MsgRevokeNocRootX509CertResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method RevokeNocRootX509Cert not implemented") } +func (*UnimplementedMsgServer) RevokeNocX509Cert(ctx context.Context, req *MsgRevokeNocX509Cert) (*MsgRevokeNocX509CertResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method RevokeNocX509Cert not implemented") +} func RegisterMsgServer(s grpc1.Server, srv MsgServer) { s.RegisterService(&_Msg_serviceDesc, srv) @@ -2428,6 +2575,24 @@ func _Msg_RevokeNocRootX509Cert_Handler(srv interface{}, ctx context.Context, de return interceptor(ctx, in, info, handler) } +func _Msg_RevokeNocX509Cert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(MsgRevokeNocX509Cert) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(MsgServer).RevokeNocX509Cert(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/zigbeealliance.distributedcomplianceledger.pki.Msg/RevokeNocX509Cert", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(MsgServer).RevokeNocX509Cert(ctx, req.(*MsgRevokeNocX509Cert)) + } + return interceptor(ctx, in, info, handler) +} + var _Msg_serviceDesc = grpc.ServiceDesc{ ServiceName: "zigbeealliance.distributedcomplianceledger.pki.Msg", HandlerType: (*MsgServer)(nil), @@ -2492,6 +2657,10 @@ var _Msg_serviceDesc = grpc.ServiceDesc{ MethodName: "RevokeNocRootX509Cert", Handler: _Msg_RevokeNocRootX509Cert_Handler, }, + { + MethodName: "RevokeNocX509Cert", + Handler: _Msg_RevokeNocX509Cert_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "pki/tx.proto", @@ -3742,6 +3911,102 @@ func (m *MsgRevokeNocRootX509CertResponse) MarshalToSizedBuffer(dAtA []byte) (in return len(dAtA) - i, nil } +func (m *MsgRevokeNocX509Cert) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *MsgRevokeNocX509Cert) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgRevokeNocX509Cert) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.RevokeChild { + i-- + if m.RevokeChild { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x38 + } + if m.Time != 0 { + i = encodeVarintTx(dAtA, i, uint64(m.Time)) + i-- + dAtA[i] = 0x30 + } + if len(m.Info) > 0 { + i -= len(m.Info) + copy(dAtA[i:], m.Info) + i = encodeVarintTx(dAtA, i, uint64(len(m.Info))) + i-- + dAtA[i] = 0x2a + } + if len(m.SerialNumber) > 0 { + i -= len(m.SerialNumber) + copy(dAtA[i:], m.SerialNumber) + i = encodeVarintTx(dAtA, i, uint64(len(m.SerialNumber))) + i-- + dAtA[i] = 0x22 + } + if len(m.SubjectKeyId) > 0 { + i -= len(m.SubjectKeyId) + copy(dAtA[i:], m.SubjectKeyId) + i = encodeVarintTx(dAtA, i, uint64(len(m.SubjectKeyId))) + i-- + dAtA[i] = 0x1a + } + if len(m.Subject) > 0 { + i -= len(m.Subject) + copy(dAtA[i:], m.Subject) + i = encodeVarintTx(dAtA, i, uint64(len(m.Subject))) + i-- + dAtA[i] = 0x12 + } + if len(m.Signer) > 0 { + i -= len(m.Signer) + copy(dAtA[i:], m.Signer) + i = encodeVarintTx(dAtA, i, uint64(len(m.Signer))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *MsgRevokeNocX509CertResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *MsgRevokeNocX509CertResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgRevokeNocX509CertResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + return len(dAtA) - i, nil +} + func encodeVarintTx(dAtA []byte, offset int, v uint64) int { offset -= sovTx(v) base := offset @@ -4332,6 +4597,50 @@ func (m *MsgRevokeNocRootX509CertResponse) Size() (n int) { return n } +func (m *MsgRevokeNocX509Cert) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Signer) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } + l = len(m.Subject) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } + l = len(m.SubjectKeyId) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } + l = len(m.SerialNumber) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } + l = len(m.Info) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } + if m.Time != 0 { + n += 1 + sovTx(uint64(m.Time)) + } + if m.RevokeChild { + n += 2 + } + return n +} + +func (m *MsgRevokeNocX509CertResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + return n +} + func sovTx(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -8199,6 +8508,305 @@ func (m *MsgRevokeNocRootX509CertResponse) Unmarshal(dAtA []byte) error { } return nil } +func (m *MsgRevokeNocX509Cert) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgRevokeNocX509Cert: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgRevokeNocX509Cert: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Signer", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Signer = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Subject", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Subject = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubjectKeyId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubjectKeyId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SerialNumber", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SerialNumber = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Info", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Info = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Time", wireType) + } + m.Time = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Time |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RevokeChild", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.RevokeChild = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *MsgRevokeNocX509CertResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgRevokeNocX509CertResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgRevokeNocX509CertResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func skipTx(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0