Fix typo and naming

akarabashov · akarabashov · commit 01f4501eda21 · 2024-03-07T15:25:41.000+05:00
diff --git a/integration_tests/cli/pki-demo.sh b/integration_tests/cli/pki-demo.sh
@@ -658,7 +658,7 @@ test_divider
 echo "6. REVOKE INTERMEDIATE (AND HENCE  LEAF) CERTS - No Approvals needed"
 test_divider
 
-echo "Try to revoke the intermediate certificate using an account that does not have vendor role"
+echo "Try to revoke the intermediate certificate when sender is not Vendor account"
 result=$(echo "$passphrase" | dcld tx pki revoke-x509-cert --subject="$intermediate_cert_subject" --subject-key-id="$intermediate_cert_subject_key_id" --from=$user_account --yes)
 check_response "$result" "\"code\": 4"
 
diff --git a/integration_tests/cli/pki-remove-x509-certificates.sh b/integration_tests/cli/pki-remove-x509-certificates.sh
@@ -79,7 +79,7 @@ echo "Remove intermediate certificate with invalid serialNumber"
 result=$(echo "$passphrase" | dcld tx pki remove-x509-cert --subject="$intermediate_cert_subject" --subject-key-id="$intermediate_cert_subject_key_id" --serial-number="invalid" --from=$vendor_account_65521 --yes)
 check_response "$result" "\"code\": 404"
 
-echo "Try to remove the intermediate certificate using an account that does not have vendor role"
+echo "Try to remove the intermediate certificate when sender is not Vendor account"
 result=$(echo "$passphrase" | dcld tx pki remove-x509-cert --subject="$intermediate_cert_subject" --subject-key-id="$intermediate_cert_subject_key_id" --serial-number="$intermediate_cert_1_serial_number" --from=$trustee_account --yes)
 check_response "$result" "\"code\": 4"
 
diff --git a/types/pki/errors.go b/types/pki/errors.go
@@ -188,11 +188,11 @@ func NewErrUnauthorizedCertOwner(subject string, subjectKeyID string) error {
 		subject, subjectKeyID)
 }
 
-func NewErrUnauthorizedCertVendor(subject string, subjectKeyID string, ownerVid int32) error {
+func NewErrUnauthorizedCertVendor(ownerVid int32) error {
 	return sdkerrors.Wrapf(sdkerrors.ErrUnauthorized,
 		"Only the vendor accounts with vid=%d, has the authority "+
-			"to add, remove, or revoke a certificate with subject=%v and subjectKeyID=%v",
-		ownerVid, subject, subjectKeyID)
+			"to add, remove, or revoke a certificate with provided subject and subjectKeyID",
+		ownerVid)
 }
 
 func NewErrProvidedNocCertButExistingNotNoc(subject string, subjectKeyID string) error {
@@ -226,7 +226,7 @@ func NewErrRootCertVidNotEqualToCertVid(rootVID int32, certVID int32) error {
 
 func NewErrRootCertVidNotEqualToAccountVid(rootVID int32, accountVID int32) error {
 	return sdkerrors.Wrapf(ErrCertVidNotEqualAccountVid,
-		"Only a Vendor associated with root certificate VID can add a child certificate: "+
+		"Only a Vendor associated with VID of root certificate can add a child certificate: "+
 			"Root certificate's VID = %v, Account VID = %v",
 		rootVID, accountVID)
 }
diff --git a/x/pki/handler_add_non_root_cert_test.go b/x/pki/handler_add_non_root_cert_test.go
@@ -134,7 +134,7 @@ func TestHandler_AddX509Cert_ForExistingNocCertificate(t *testing.T) {
 	nocCertificate.IsNoc = true
 
 	setup.Keeper.AddApprovedCertificate(setup.Ctx, nocCertificate)
-	// TODO: add the certificate to the ICA store after the store is implemented
+	setup.Keeper.AddNocCertificate(setup.Ctx, nocCertificate)
 	uniqueCertificate := types.UniqueCertificate{
 		Issuer:       nocCertificate.Issuer,
 		SerialNumber: nocCertificate.SerialNumber,
diff --git a/x/pki/handler_test.go b/x/pki/handler_test.go
@@ -752,7 +752,7 @@ func TestHandler_ProposeRevokeX509RootCert_ByTrusteeNotOwner(t *testing.T) {
 	rootCertOptions := createTestRootCertOptions()
 	proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions)
 
-	// store another trustee
+	// add another trustee
 	anotherTrustee := GenerateAccAddress()
 	setup.AddAccount(anotherTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1)
 
@@ -1211,7 +1211,7 @@ func TestHandler_ApproveRevokeX509RootCert_ForTree(t *testing.T) {
 	require.Equal(t, 1, len(allRevokedCertificates[2].Certs))
 	require.Equal(t, testconstants.IntermediateCertPem, allRevokedCertificates[2].Certs[0].PemCert)
 
-	// check that no certificates stays approved
+	// check that approved certs list is empty
 	allApprovedCertificates, err := queryAllApprovedCertificates(setup)
 	require.NoError(t, err)
 	require.Equal(t, 0, len(allApprovedCertificates))
diff --git a/x/pki/keeper/keeper.go b/x/pki/keeper/keeper.go
@@ -51,7 +51,7 @@ func (k Keeper) CertificateRejectApprovalsCount(ctx sdk.Context, authKeeper type
 	return authKeeper.CountAccountsWithRole(ctx, authTypes.Trustee) - k.CertificateApprovalsCount(ctx, authKeeper) + 1
 }
 
-func (k Keeper) EnsureSenderAndOwnerVidMatch(ctx sdk.Context, certificate *types.Certificate, signer string) error {
+func (k Keeper) EnsureVidMatches(ctx sdk.Context, owner string, signer string) error {
 	// get signer VID
 	signerAddr, err := sdk.AccAddressFromBech32(signer)
 	if err != nil {
@@ -62,7 +62,7 @@ func (k Keeper) EnsureSenderAndOwnerVidMatch(ctx sdk.Context, certificate *types
 	signerVid := signerAccount.VendorID
 
 	// get owner VID
-	ownerAddr, err := sdk.AccAddressFromBech32(certificate.Owner)
+	ownerAddr, err := sdk.AccAddressFromBech32(owner)
 	if err != nil {
 		return pkitypes.NewErrInvalidAddress(err)
 	}
@@ -71,7 +71,7 @@ func (k Keeper) EnsureSenderAndOwnerVidMatch(ctx sdk.Context, certificate *types
 	ownerVid := ownerAccount.VendorID
 
 	if signerVid != ownerVid {
-		return pkitypes.NewErrUnauthorizedCertVendor(certificate.Subject, certificate.SubjectKeyId, ownerVid)
+		return pkitypes.NewErrUnauthorizedCertVendor(ownerVid)
 	}
 
 	return nil
diff --git a/x/pki/keeper/msg_server_add_noc_x_509_cert.go b/x/pki/keeper/msg_server_add_noc_x_509_cert.go
@@ -62,11 +62,7 @@ func (k msgServer) AddNocX509Cert(goCtx context.Context, msg *types.MsgAddNocX50
 
 		// signer VID must be same as VID of existing certificates
 		if accountVid != existingCertificate.Vid {
-			return nil, pkitypes.NewErrUnauthorizedCertVendor(
-				x509Certificate.Subject,
-				x509Certificate.SubjectKeyID,
-				existingCertificate.Vid,
-			)
+			return nil, pkitypes.NewErrUnauthorizedCertVendor(existingCertificate.Vid)
 		}
 	}
 	// Valid certificate chain must be built for new certificate
diff --git a/x/pki/keeper/msg_server_add_noc_x_509_root_cert.go b/x/pki/keeper/msg_server_add_noc_x_509_root_cert.go
@@ -68,11 +68,7 @@ func (k msgServer) AddNocX509RootCert(goCtx context.Context, msg *types.MsgAddNo
 
 		// signer VID must be same as VID of existing certificates
 		if signerVid != existingCertificate.Vid {
-			return nil, pkitypes.NewErrUnauthorizedCertVendor(
-				x509Certificate.Subject,
-				x509Certificate.SubjectKeyID,
-				existingCertificate.Vid,
-			)
+			return nil, pkitypes.NewErrUnauthorizedCertVendor(existingCertificate.Vid)
 		}
 	}
 
diff --git a/x/pki/keeper/msg_server_add_x_509_cert.go b/x/pki/keeper/msg_server_add_x_509_cert.go
@@ -21,7 +21,7 @@ func (k msgServer) AddX509Cert(goCtx context.Context, msg *types.MsgAddX509Cert)
 
 	// check if signer has vendor role
 	if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) {
-		return nil, pkitypes.NewErrUnauthorizedRole("MsgAddNocX509RootCert", dclauthtypes.Vendor)
+		return nil, pkitypes.NewErrUnauthorizedRole("MsgAddX509Cert", dclauthtypes.Vendor)
 	}
 
 	// decode pem certificate
@@ -58,7 +58,7 @@ func (k msgServer) AddX509Cert(goCtx context.Context, msg *types.MsgAddX509Cert)
 			return nil, pkitypes.NewErrProvidedNotNocCertButExistingNoc(x509Certificate.Subject, x509Certificate.SubjectKeyID)
 		}
 
-		if err = k.EnsureSenderAndOwnerVidMatch(ctx, existingCertificate, msg.Signer); err != nil {
+		if err = k.EnsureVidMatches(ctx, existingCertificate.Owner, msg.Signer); err != nil {
 			return nil, err
 		}
 	}
@@ -81,8 +81,8 @@ func (k msgServer) AddX509Cert(goCtx context.Context, msg *types.MsgAddX509Cert)
 		return nil, pkitypes.NewErrProvidedNotNocCertButRootIsNoc()
 	}
 
-	// Provided certificate, root certificate and account VID must match
-	if err = k.ensureCertsAndSenderVidMatch(ctx, rootCert, x509Certificate, signerAddr); err != nil {
+	// VID of account must match to VID of root and provided child certificates
+	if err = k.ensureVidMatches(ctx, rootCert, x509Certificate, signerAddr); err != nil {
 		return nil, err
 	}
 
@@ -127,7 +127,7 @@ func (k msgServer) AddX509Cert(goCtx context.Context, msg *types.MsgAddX509Cert)
 	return &types.MsgAddX509CertResponse{}, nil
 }
 
-func (k msgServer) ensureCertsAndSenderVidMatch(
+func (k msgServer) ensureVidMatches(
 	ctx sdk.Context,
 	rootCert *types.Certificate,
 	childCert *x509.Certificate,
diff --git a/x/pki/keeper/msg_server_remove_x_509_cert.go b/x/pki/keeper/msg_server_remove_x_509_cert.go
@@ -20,7 +20,7 @@ func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX50
 
 	// check if signer has vendor role
 	if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) {
-		return nil, pkitypes.NewErrUnauthorizedRole("MsgAddNocX509RootCert", dclauthtypes.Vendor)
+		return nil, pkitypes.NewErrUnauthorizedRole("MsgRemoveX509Cert", dclauthtypes.Vendor)
 	}
 
 	aprCerts, foundApproved := k.GetApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId)
@@ -35,7 +35,7 @@ func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX50
 		return nil, pkitypes.NewErrMessageRemoveRoot(msg.Subject, msg.SubjectKeyId)
 	}
 
-	if err := k.EnsureSenderAndOwnerVidMatch(ctx, certificates[0], msg.Signer); err != nil {
+	if err := k.EnsureVidMatches(ctx, certificates[0].Owner, msg.Signer); err != nil {
 		return nil, err
 	}
 
diff --git a/x/pki/keeper/msg_server_revoke_x_509_cert.go b/x/pki/keeper/msg_server_revoke_x_509_cert.go
@@ -19,7 +19,7 @@ func (k msgServer) RevokeX509Cert(goCtx context.Context, msg *types.MsgRevokeX50
 
 	// check if signer has vendor role
 	if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) {
-		return nil, pkitypes.NewErrUnauthorizedRole("MsgAddNocX509RootCert", dclauthtypes.Vendor)
+		return nil, pkitypes.NewErrUnauthorizedRole("MsgRevokeX509Cert", dclauthtypes.Vendor)
 	}
 
 	certificates, _ := k.GetApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId)
@@ -31,7 +31,7 @@ func (k msgServer) RevokeX509Cert(goCtx context.Context, msg *types.MsgRevokeX50
 		return nil, pkitypes.NewErrMessageRemoveRoot(msg.Subject, msg.SubjectKeyId)
 	}
 
-	if err := k.EnsureSenderAndOwnerVidMatch(ctx, certificates.Certs[0], msg.Signer); err != nil {
+	if err := k.EnsureVidMatches(ctx, certificates.Certs[0].Owner, msg.Signer); err != nil {
 		return nil, err
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -62,11 +62,7 @@ func (k msgServer) AddNocX509Cert(goCtx context.Context, msg *types.MsgAddNocX50`
`62`	`62`
`63`	`63`	`// signer VID must be same as VID of existing certificates`
`64`	`64`	`if accountVid != existingCertificate.Vid {`
`65`		`- return nil, pkitypes.NewErrUnauthorizedCertVendor(`
`66`		`- x509Certificate.Subject,`
`67`		`- x509Certificate.SubjectKeyID,`
`68`		`- existingCertificate.Vid,`
`69`		`- )`
	`65`	`+ return nil, pkitypes.NewErrUnauthorizedCertVendor(existingCertificate.Vid)`
`70`	`66`	`}`
`71`	`67`	`}`
`72`	`68`	`// Valid certificate chain must be built for new certificate`
Original file line number	Diff line number	Diff line change
`@@ -68,11 +68,7 @@ func (k msgServer) AddNocX509RootCert(goCtx context.Context, msg *types.MsgAddNo`
`68`	`68`
`69`	`69`	`// signer VID must be same as VID of existing certificates`
`70`	`70`	`if signerVid != existingCertificate.Vid {`
`71`		`- return nil, pkitypes.NewErrUnauthorizedCertVendor(`
`72`		`- x509Certificate.Subject,`
`73`		`- x509Certificate.SubjectKeyID,`
`74`		`- existingCertificate.Vid,`
`75`		`- )`
	`71`	`+ return nil, pkitypes.NewErrUnauthorizedCertVendor(existingCertificate.Vid)`
`76`	`72`	`}`
`77`	`73`	`}`
`78`	`74`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ func (k msgServer) AddX509Cert(goCtx context.Context, msg *types.MsgAddX509Cert)`
`21`	`21`
`22`	`22`	`// check if signer has vendor role`
`23`	`23`	`if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) {`
`24`		`- return nil, pkitypes.NewErrUnauthorizedRole("MsgAddNocX509RootCert", dclauthtypes.Vendor)`
	`24`	`+ return nil, pkitypes.NewErrUnauthorizedRole("MsgAddX509Cert", dclauthtypes.Vendor)`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`// decode pem certificate`
`@@ -58,7 +58,7 @@ func (k msgServer) AddX509Cert(goCtx context.Context, msg *types.MsgAddX509Cert)`
`58`	`58`	`return nil, pkitypes.NewErrProvidedNotNocCertButExistingNoc(x509Certificate.Subject, x509Certificate.SubjectKeyID)`
`59`	`59`	`}`
`60`	`60`
`61`		`- if err = k.EnsureSenderAndOwnerVidMatch(ctx, existingCertificate, msg.Signer); err != nil {`
	`61`	`+ if err = k.EnsureVidMatches(ctx, existingCertificate.Owner, msg.Signer); err != nil {`
`62`	`62`	`return nil, err`
`63`	`63`	`}`
`64`	`64`	`}`
`@@ -81,8 +81,8 @@ func (k msgServer) AddX509Cert(goCtx context.Context, msg *types.MsgAddX509Cert)`
`81`	`81`	`return nil, pkitypes.NewErrProvidedNotNocCertButRootIsNoc()`
`82`	`82`	`}`
`83`	`83`
`84`		`- // Provided certificate, root certificate and account VID must match`
`85`		`- if err = k.ensureCertsAndSenderVidMatch(ctx, rootCert, x509Certificate, signerAddr); err != nil {`
	`84`	`+ // VID of account must match to VID of root and provided child certificates`
	`85`	`+ if err = k.ensureVidMatches(ctx, rootCert, x509Certificate, signerAddr); err != nil {`
`86`	`86`	`return nil, err`
`87`	`87`	`}`
`88`	`88`
`@@ -127,7 +127,7 @@ func (k msgServer) AddX509Cert(goCtx context.Context, msg *types.MsgAddX509Cert)`
`127`	`127`	`return &types.MsgAddX509CertResponse{}, nil`
`128`	`128`	`}`
`129`	`129`
`130`		`-func (k msgServer) ensureCertsAndSenderVidMatch(`
	`130`	`+func (k msgServer) ensureVidMatches(`
`131`	`131`	`ctx sdk.Context,`
`132`	`132`	`rootCert *types.Certificate,`
`133`	`133`	`childCert *x509.Certificate,`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX50`
`20`	`20`
`21`	`21`	`// check if signer has vendor role`
`22`	`22`	`if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) {`
`23`		`- return nil, pkitypes.NewErrUnauthorizedRole("MsgAddNocX509RootCert", dclauthtypes.Vendor)`
	`23`	`+ return nil, pkitypes.NewErrUnauthorizedRole("MsgRemoveX509Cert", dclauthtypes.Vendor)`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`aprCerts, foundApproved := k.GetApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId)`
`@@ -35,7 +35,7 @@ func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX50`
`35`	`35`	`return nil, pkitypes.NewErrMessageRemoveRoot(msg.Subject, msg.SubjectKeyId)`
`36`	`36`	`}`
`37`	`37`
`38`		`- if err := k.EnsureSenderAndOwnerVidMatch(ctx, certificates[0], msg.Signer); err != nil {`
	`38`	`+ if err := k.EnsureVidMatches(ctx, certificates[0].Owner, msg.Signer); err != nil {`
`39`	`39`	`return nil, err`
`40`	`40`	`}`
`41`	`41`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ func (k msgServer) RevokeX509Cert(goCtx context.Context, msg *types.MsgRevokeX50`
`19`	`19`
`20`	`20`	`// check if signer has vendor role`
`21`	`21`	`if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) {`
`22`		`- return nil, pkitypes.NewErrUnauthorizedRole("MsgAddNocX509RootCert", dclauthtypes.Vendor)`
	`22`	`+ return nil, pkitypes.NewErrUnauthorizedRole("MsgRevokeX509Cert", dclauthtypes.Vendor)`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`certificates, _ := k.GetApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId)`
`@@ -31,7 +31,7 @@ func (k msgServer) RevokeX509Cert(goCtx context.Context, msg *types.MsgRevokeX50`
`31`	`31`	`return nil, pkitypes.NewErrMessageRemoveRoot(msg.Subject, msg.SubjectKeyId)`
`32`	`32`	`}`
`33`	`33`
`34`		`- if err := k.EnsureSenderAndOwnerVidMatch(ctx, certificates.Certs[0], msg.Signer); err != nil {`
	`34`	`+ if err := k.EnsureVidMatches(ctx, certificates.Certs[0].Owner, msg.Signer); err != nil {`
`35`	`35`	`return nil, err`
`36`	`36`	`}`
`37`	`37`