#535 Add new txn to remove non-root certificates

Signed-off-by: Abdulbois <abdulbois.tursunov@dsr-corporation.com> Signed-off-by: Abdulbois <abdulbois123@gmail.com>
zigbee-alliance · Feb 15, 2024 · d51cc66 · d51cc66
1 parent 1bac3fe
commit d51cc66
Show file tree

Hide file tree

Showing 15 changed files with 1,029 additions and 78 deletions.
diff --git a/proto/pki/tx.proto b/proto/pki/tx.proto
@@ -21,6 +21,7 @@ service Msg {
   rpc UpdatePkiRevocationDistributionPoint(MsgUpdatePkiRevocationDistributionPoint) returns (MsgUpdatePkiRevocationDistributionPointResponse);
   rpc DeletePkiRevocationDistributionPoint(MsgDeletePkiRevocationDistributionPoint) returns (MsgDeletePkiRevocationDistributionPointResponse);
   rpc AssignVid(MsgAssignVid) returns (MsgAssignVidResponse);
+  rpc RemoveX509Cert(MsgRemoveX509Cert) returns (MsgRemoveX509CertResponse);
 // this line is used by starport scaffolding # proto/tx/rpc
 }
 
@@ -156,4 +157,14 @@ message MsgAssignVid {
 message MsgAssignVidResponse {
 }
 
+message MsgRemoveX509Cert {
+  string signer = 1 [(cosmos_proto.scalar) = "cosmos.AddressString", (gogoproto.moretags) = "validate:\"required\""];
+  string subject = 2 [(gogoproto.moretags) = "validate:\"required,max=1024\""];
+  string subjectKeyId = 3 [(gogoproto.moretags) = "validate:\"required,max=256\""];
+  string serialNumber = 4;
+}
+
+message MsgRemoveX509CertResponse {
+}
+
 // this line is used by starport scaffolding # proto/tx/message
diff --git a/scripts/starport/upgrade-0.44/07.pki_types.sh b/scripts/starport/upgrade-0.44/07.pki_types.sh
@@ -12,6 +12,7 @@ starport scaffold --module pki message AddX509Cert cert --signer signer
 starport scaffold --module pki message ProposeRevokeX509RootCert subject subjectKeyId --signer signer
 starport scaffold --module pki message ApproveRevokeX509RootCert subject subjectKeyId --signer signer
 starport scaffold --module pki message RevokeX509Cert subject subjectKeyId --signer signer
+starport scaffold --module pki message RemoveX509Cert subject subjectKeyId serialNumber --signer signer
 starport scaffold --module pki message RejectAddX509RootCert cert --signer signer
 starport scaffold --module pki message add-pki-revocation-distribution-point vid:uint pid:uint isPAA:bool label crlSignerCertificate issuerSubjectKeyID dataURL dataFileSize:uint dataDigest dataDigestType:uint revocationType:uint --signer signer
 starport scaffold --module pki message update-pki-revocation-distribution-point vid:uint label crlSignerCertificate issuerSubjectKeyID dataURL dataFileSize:uint dataDigest dataDigestType:uint --signer signer

diff --git a/...tributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/index.ts b/...tributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/index.ts
@@ -15,6 +15,7 @@ import { MsgAddPkiRevocationDistributionPoint } from "./types/pki/tx";
 import { MsgAddX509Cert } from "./types/pki/tx";
 import { MsgApproveRevokeX509RootCert } from "./types/pki/tx";
 import { MsgProposeRevokeX509RootCert } from "./types/pki/tx";
+import { MsgRemoveX509Cert } from "./types/pki/tx";
 
 
 const types = [
@@ -29,7 +30,7 @@ const types = [
   ["/zigbeealliance.distributedcomplianceledger.pki.MsgAddX509Cert", MsgAddX509Cert],
   ["/zigbeealliance.distributedcomplianceledger.pki.MsgApproveRevokeX509RootCert", MsgApproveRevokeX509RootCert],
   ["/zigbeealliance.distributedcomplianceledger.pki.MsgProposeRevokeX509RootCert", MsgProposeRevokeX509RootCert],
-
+  ["/zigbeealliance.distributedcomplianceledger.pki.MsgRemoveX509Cert", MsgRemoveX509Cert],
 ];
 export const MissingWalletError = new Error("wallet is required");
 
@@ -72,7 +73,7 @@ const txClient = async (wallet: OfflineSigner, { addr: addr }: TxClientOptions =
     msgAddX509Cert: (data: MsgAddX509Cert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgAddX509Cert", value: MsgAddX509Cert.fromPartial( data ) }),
     msgApproveRevokeX509RootCert: (data: MsgApproveRevokeX509RootCert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgApproveRevokeX509RootCert", value: MsgApproveRevokeX509RootCert.fromPartial( data ) }),
     msgProposeRevokeX509RootCert: (data: MsgProposeRevokeX509RootCert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgProposeRevokeX509RootCert", value: MsgProposeRevokeX509RootCert.fromPartial( data ) }),
-
+    msgRemoveX509Cert: (data: MsgRemoveX509Cert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgRemoveX509Cert", value: MsgRemoveX509Cert.fromPartial( data ) }),
   };
 };
 

diff --git a/...stributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts b/...stributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts
@@ -94,6 +94,8 @@ export type PkiMsgProposeRevokeX509RootCertResponse = object;
 
 export type PkiMsgRejectAddX509RootCertResponse = object;
 
+export type PkiMsgRemoveX509CertResponse = object;
+
 export type PkiMsgRevokeX509CertResponse = object;
 
 export type PkiMsgUpdatePkiRevocationDistributionPointResponse = object;

diff --git a/...d-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts b/...d-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts
@@ -125,6 +125,15 @@ export interface MsgAssignVid {
 
 export interface MsgAssignVidResponse {}
 
+export interface MsgRemoveX509Cert {
+  signer: string
+  subject: string
+  subjectKeyId: string
+  serialNumber: string
+}
+
+export interface MsgRemoveX509CertResponse {}
+
 const baseMsgProposeAddX509RootCert: object = { signer: '', cert: '', info: '', time: 0, vid: 0 }
 
 export const MsgProposeAddX509RootCert = {
@@ -2106,6 +2115,150 @@ export const MsgAssignVidResponse = {
   }
 }
 
+const baseMsgRemoveX509Cert: object = { signer: '', subject: '', subjectKeyId: '', serialNumber: '' }
+
+export const MsgRemoveX509Cert = {
+  encode(message: MsgRemoveX509Cert, writer: Writer = Writer.create()): Writer {
+    if (message.signer !== '') {
+      writer.uint32(10).string(message.signer)
+    }
+    if (message.subject !== '') {
+      writer.uint32(18).string(message.subject)
+    }
+    if (message.subjectKeyId !== '') {
+      writer.uint32(26).string(message.subjectKeyId)
+    }
+    if (message.serialNumber !== '') {
+      writer.uint32(34).string(message.serialNumber)
+    }
+    return writer
+  },
+
+  decode(input: Reader | Uint8Array, length?: number): MsgRemoveX509Cert {
+    const reader = input instanceof Uint8Array ? new Reader(input) : input
+    let end = length === undefined ? reader.len : reader.pos + length
+    const message = { ...baseMsgRemoveX509Cert } as MsgRemoveX509Cert
+    while (reader.pos < end) {
+      const tag = reader.uint32()
+      switch (tag >>> 3) {
+        case 1:
+          message.signer = reader.string()
+          break
+        case 2:
+          message.subject = reader.string()
+          break
+        case 3:
+          message.subjectKeyId = reader.string()
+          break
+        case 4:
+          message.serialNumber = reader.string()
+          break
+        default:
+          reader.skipType(tag & 7)
+          break
+      }
+    }
+    return message
+  },
+
+  fromJSON(object: any): MsgRemoveX509Cert {
+    const message = { ...baseMsgRemoveX509Cert } as MsgRemoveX509Cert
+    if (object.signer !== undefined && object.signer !== null) {
+      message.signer = String(object.signer)
+    } else {
+      message.signer = ''
+    }
+    if (object.subject !== undefined && object.subject !== null) {
+      message.subject = String(object.subject)
+    } else {
+      message.subject = ''
+    }
+    if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) {
+      message.subjectKeyId = String(object.subjectKeyId)
+    } else {
+      message.subjectKeyId = ''
+    }
+    if (object.serialNumber !== undefined && object.serialNumber !== null) {
+      message.serialNumber = String(object.serialNumber)
+    } else {
+      message.serialNumber = ''
+    }
+    return message
+  },
+
+  toJSON(message: MsgRemoveX509Cert): unknown {
+    const obj: any = {}
+    message.signer !== undefined && (obj.signer = message.signer)
+    message.subject !== undefined && (obj.subject = message.subject)
+    message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId)
+    message.serialNumber !== undefined && (obj.serialNumber = message.serialNumber)
+    return obj
+  },
+
+  fromPartial(object: DeepPartial<MsgRemoveX509Cert>): MsgRemoveX509Cert {
+    const message = { ...baseMsgRemoveX509Cert } as MsgRemoveX509Cert
+    if (object.signer !== undefined && object.signer !== null) {
+      message.signer = object.signer
+    } else {
+      message.signer = ''
+    }
+    if (object.subject !== undefined && object.subject !== null) {
+      message.subject = object.subject
+    } else {
+      message.subject = ''
+    }
+    if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) {
+      message.subjectKeyId = object.subjectKeyId
+    } else {
+      message.subjectKeyId = ''
+    }
+    if (object.serialNumber !== undefined && object.serialNumber !== null) {
+      message.serialNumber = object.serialNumber
+    } else {
+      message.serialNumber = ''
+    }
+    return message
+  }
+}
+
+const baseMsgRemoveX509CertResponse: object = {}
+
+export const MsgRemoveX509CertResponse = {
+  encode(_: MsgRemoveX509CertResponse, writer: Writer = Writer.create()): Writer {
+    return writer
+  },
+
+  decode(input: Reader | Uint8Array, length?: number): MsgRemoveX509CertResponse {
+    const reader = input instanceof Uint8Array ? new Reader(input) : input
+    let end = length === undefined ? reader.len : reader.pos + length
+    const message = { ...baseMsgRemoveX509CertResponse } as MsgRemoveX509CertResponse
+    while (reader.pos < end) {
+      const tag = reader.uint32()
+      switch (tag >>> 3) {
+        default:
+          reader.skipType(tag & 7)
+          break
+      }
+    }
+    return message
+  },
+
+  fromJSON(_: any): MsgRemoveX509CertResponse {
+    const message = { ...baseMsgRemoveX509CertResponse } as MsgRemoveX509CertResponse
+    return message
+  },
+
+  toJSON(_: MsgRemoveX509CertResponse): unknown {
+    const obj: any = {}
+    return obj
+  },
+
+  fromPartial(_: DeepPartial<MsgRemoveX509CertResponse>): MsgRemoveX509CertResponse {
+    const message = { ...baseMsgRemoveX509CertResponse } as MsgRemoveX509CertResponse
+    return message
+  }
+}
+
 /** Msg defines the Msg service. */
 export interface Msg {
   ProposeAddX509RootCert(request: MsgProposeAddX509RootCert): Promise<MsgProposeAddX509RootCertResponse>
@@ -2118,8 +2271,8 @@ export interface Msg {
   AddPkiRevocationDistributionPoint(request: MsgAddPkiRevocationDistributionPoint): Promise<MsgAddPkiRevocationDistributionPointResponse>
   UpdatePkiRevocationDistributionPoint(request: MsgUpdatePkiRevocationDistributionPoint): Promise<MsgUpdatePkiRevocationDistributionPointResponse>
   DeletePkiRevocationDistributionPoint(request: MsgDeletePkiRevocationDistributionPoint): Promise<MsgDeletePkiRevocationDistributionPointResponse>
-  /** this line is used by starport scaffolding # proto/tx/rpc */
   AssignVid(request: MsgAssignVid): Promise<MsgAssignVidResponse>
+  RemoveX509Cert(request: MsgRemoveX509Cert): Promise<MsgRemoveX509CertResponse>
 }
 
 export class MsgClientImpl implements Msg {
@@ -2192,6 +2345,12 @@ export class MsgClientImpl implements Msg {
     const promise = this.rpc.request('zigbeealliance.distributedcomplianceledger.pki.Msg', 'AssignVid', data)
     return promise.then((data) => MsgAssignVidResponse.decode(new Reader(data)))
   }
+
+  RemoveX509Cert(request: MsgRemoveX509Cert): Promise<MsgRemoveX509CertResponse> {
+    const data = MsgRemoveX509Cert.encode(request).finish()
+    const promise = this.rpc.request('zigbeealliance.distributedcomplianceledger.pki.Msg', 'RemoveX509Cert', data)
+    return promise.then((data) => MsgRemoveX509CertResponse.decode(new Reader(data)))
+  }
 }
 
 interface Rpc {

diff --git a/x/pki/client/cli/tx.go b/x/pki/client/cli/tx.go
@@ -33,6 +33,7 @@ func GetTxCmd() *cobra.Command {
 	cmd.AddCommand(CmdUpdatePkiRevocationDistributionPoint())
 	cmd.AddCommand(CmdDeletePkiRevocationDistributionPoint())
 	cmd.AddCommand(CmdAssignVid())
+	cmd.AddCommand(CmdRemoveX509Cert())
 	// this line is used by starport scaffolding # 1
 
 	return cmd

diff --git a/x/pki/client/cli/tx_remove_x_509_cert.go b/x/pki/client/cli/tx_remove_x_509_cert.go
@@ -0,0 +1,46 @@
+package cli
+
+import (
+	"strconv"
+
+	"github.com/cosmos/cosmos-sdk/client"
+	"github.com/cosmos/cosmos-sdk/client/flags"
+	"github.com/cosmos/cosmos-sdk/client/tx"
+	"github.com/spf13/cobra"
+	"github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types"
+)
+
+var _ = strconv.Itoa(0)
+
+func CmdRemoveX509Cert() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "remove-x-509-cert [subject] [subject-key-id] [serial-number]",
+		Short: "Broadcast message RemoveX509Cert",
+		Args:  cobra.ExactArgs(3),
+		RunE: func(cmd *cobra.Command, args []string) (err error) {
+			argSubject := args[0]
+			argSubjectKeyId := args[1]
+			argSerialNumber := args[2]
+
+			clientCtx, err := client.GetClientTxContext(cmd)
+			if err != nil {
+				return err
+			}
+
+			msg := types.NewMsgRemoveX509Cert(
+				clientCtx.GetFromAddress().String(),
+				argSubject,
+				argSubjectKeyId,
+				argSerialNumber,
+			)
+			if err := msg.ValidateBasic(); err != nil {
+				return err
+			}
+			return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg)
+		},
+	}
+
+	flags.AddTxFlagsToCmd(cmd)
+
+	return cmd
+}
diff --git a/x/pki/handler.go b/x/pki/handler.go
@@ -63,6 +63,9 @@ func NewHandler(k keeper.Keeper) sdk.Handler {
 			res, err := msgServer.AssignVid(sdk.WrapSDKContext(ctx), msg)
 
 			return sdk.WrapServiceResult(ctx, res, err)
+		case *types.MsgRemoveX509Cert:
+			res, err := msgServer.RemoveX509Cert(sdk.WrapSDKContext(ctx), msg)
+			return sdk.WrapServiceResult(ctx, res, err)
 			// this line is used by starport scaffolding # 1
 		default:
 			errMsg := fmt.Sprintf("unrecognized %s message type: %T", pkitypes.ModuleName, msg)

diff --git a/x/pki/keeper/msg_server_remove_x_509_cert.go b/x/pki/keeper/msg_server_remove_x_509_cert.go
@@ -0,0 +1,37 @@
+package keeper
+
+import (
+	"context"
+	"fmt"
+
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
+
+	pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki"
+	"github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types"
+)
+
+func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX509Cert) (*types.MsgRemoveX509CertResponse, error) {
+	ctx := sdk.UnwrapSDKContext(goCtx)
+
+	certificates, found := k.GetApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId)
+	if !found {
+		return nil, pkitypes.NewErrCertificateDoesNotExist(msg.Subject, msg.SubjectKeyId)
+	}
+
+	if certificates.Certs[0].IsRoot {
+		return nil, pkitypes.NewErrInappropriateCertificateType(
+			fmt.Sprintf("Inappropriate Certificate Type: Certificate with subject=%v and subjectKeyID=%v "+
+				"is a root certificate. To propose revocation of a root certificate please use "+
+				"`PROPOSE_REVOKE_X509_ROOT_CERT` transaction.", msg.Subject, msg.SubjectKeyId),
+		)
+	}
+
+	if msg.Signer != certificates.Certs[0].Owner {
+		return nil, sdkerrors.Wrapf(sdkerrors.ErrUnauthorized,
+			"Only owner can revoke certificate using `REVOKE_X509_CERT`",
+		)
+	}
+
+	return &types.MsgRemoveX509CertResponse{}, nil
+}
diff --git a/x/pki/module_simulation.go b/x/pki/module_simulation.go
@@ -69,6 +69,10 @@ const (
 	// TODO: Determine the simulation weight value.
 	defaultWeightMsgAssignVid int = 100
 
+	opWeightMsgRemoveX509Cert = "op_weight_msg_create_chain"
+	// TODO: Determine the simulation weight value
+	defaultWeightMsgRemoveX509Cert int = 100
+
 	// this line is used by starport scaffolding # simapp/module/const.
 )
 
@@ -223,6 +227,17 @@ func (am AppModule) WeightedOperations(simState module.SimulationState) []simtyp
 		pkisimulation.SimulateMsgAssignVid(am.keeper),
 	))
 
+	var weightMsgRemoveX509Cert int
+	simState.AppParams.GetOrGenerate(simState.Cdc, opWeightMsgRemoveX509Cert, &weightMsgRemoveX509Cert, nil,
+		func(_ *rand.Rand) {
+			weightMsgRemoveX509Cert = defaultWeightMsgRemoveX509Cert
+		},
+	)
+	operations = append(operations, simulation.NewWeightedOperation(
+		weightMsgRemoveX509Cert,
+		pkisimulation.SimulateMsgRemoveX509Cert(am.keeper),
+	))
+
 	// this line is used by starport scaffolding # simapp/module/operation
 
 	return operations