Merge branch 'master' into #303-Upgrade-Cosmos-SDK

Signed-off-by: Abdulbois <abdulbois123@gmail.com>

# Conflicts:
#	integration_tests/cli/compliance-demo.sh
#	integration_tests/cli/compliance-provisioning.sh
#	integration_tests/cli/compliance-revocation.sh
#	integration_tests/cli/model-demo.sh
#	integration_tests/cli/modelversion-demo.sh
#	integration_tests/cli/pki-demo.sh
#	integration_tests/cli/pki-revocation-points.sh
#	integration_tests/cli/vendorinfo-demo.sh
#	integration_tests/light_client_proxy/pki.sh
#	proto/zigbeealliance/distributedcomplianceledger/pki/approved_certificates.proto
#	proto/zigbeealliance/distributedcomplianceledger/pki/genesis.proto
#	proto/zigbeealliance/distributedcomplianceledger/pki/noc_certificates.proto
#	proto/zigbeealliance/distributedcomplianceledger/pki/noc_root_certificates.proto
#	proto/zigbeealliance/distributedcomplianceledger/pki/query.proto
#	proto/zigbeealliance/distributedcomplianceledger/pki/revoked_noc_root_certificates.proto
#	types/pki/errors.go
#	x/compliance/types/compliance_info.pb.go
#	x/compliance/types/device_software_compliance.pb.go
#	x/compliance/types/genesis.pb.go
#	x/compliance/types/tx.pb.go
#	x/model/types/model.pb.go
#	x/model/types/model_version.pb.go
#	x/model/types/tx.pb.go
#	x/pki/keeper/msg_server_add_x_509_cert.go
#	x/pki/keeper/msg_server_propose_add_x_509_root_cert.go
#	x/pki/keeper/msg_server_revoke_x_509_cert.go
#	x/pki/types/approved_certificates.pb.go
#	x/pki/types/certificate.pb.go
#	x/pki/types/genesis.pb.go
#	x/pki/types/pki_revocation_distribution_point.pb.go
#	x/pki/types/proposed_certificate.pb.go
#	x/pki/types/proposed_certificate_revocation.pb.go
#	x/pki/types/query.pb.go
#	x/pki/types/rejected_certificate.pb.go
#	x/pki/types/revoked_certificates.pb.go
#	x/pki/types/tx.pb.go
#	x/vendorinfo/types/tx.pb.go
#	x/vendorinfo/types/vendor_info.pb.go

Author: Abdulbois

.golangci.yml

@@ -55,6 +55,10 @@ linters:
     - godot
     - inamedparam
     - goconst
+    - nosnakecase
+    - perfsprint
+    - unparam
+    - revive
 
 issues:
   exclude-rules:

config.yml

@@ -22,8 +22,12 @@ faucet:
   - 100000stake
   host: 0.0.0.0:4500
 client:
+  typescript:
+    path: ts-client
   vuex:
     path: vue/src/store
+  composables:
+    path: vue/src/composables
 validators:
 - name: alice
   bonded: 100000000stake

docker-compose.yml

@@ -122,4 +122,4 @@ networks:
     ipam:
       driver: default
       config:
-        - subnet: 192.167.10.0/16
+        - subnet: 192.167.10.0/24

docs/design/noc-root-cert-design.md

@@ -21,7 +21,6 @@ To distinguesh NOC root certificates from others, an `isNOC` boolean field will
 This transaction adds a NOC root certificate owned by the Vendor.
 
 - Who can send: Vendor account
-   - `vid` field in the transaction (`VendorID`) must be equal to the Vendor account's VID
 - Validation:
   - The provided certificate must be a root certificate:
     - `Issuer` == `Subject`
@@ -33,7 +32,6 @@ This transaction adds a NOC root certificate owned by the Vendor.
   - The signature (self-signature) and expiration date must be valid.
 - Parameters:
   - cert: `string` - The NOC Root Certificate, encoded in X.509v3 PEM format. Can be a PEM string or a file path.
-  - vid: `uint16` - Vendor ID (positive non-zero)
 - In State:
   - `pki/ApprovedCertificates/value/<Subject>/<SubjectKeyID>`
   - `pki/ApprovedCertificatesBySubject/value/<Subject>`
@@ -52,24 +50,35 @@ Revoked NOC root certificates can be re-added using the `ADD_NOC_X509_ROOT_CERTI
 - Parameters:
   - subject: `string` - Base64 encoded subject DER sequence bytes of the certificate.
   - subject_key_id: `string` - Certificate's `Subject Key Id` in hex string format, e.g., `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB`.
+  - serial_number: `optional(string)` - Certificate's serial number. If not provided, the transaction will revoke all certificates that match the given `subject` and `subject_key_id` combination.
+  - info: `optional(string)` - Information/notes for the revocation.
+  - time: `optional(int64)` - Revocation time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field.
+  - revokeChild: `optional(bool)` - If true, then all certificates in the chain signed by the revoked certificate (intermediate, leaf) are revoked as well. If false, only the current root cert is revoked (default: false).
 - In State:
   - `pki/RevokedCertificates/value/<subject>/<subject_key_id>`
+  - `pki/RevokedNOCRootCertificates/value/<subject>/<subject_key_id>`
 - CLI Command:
-  - `dcld tx pki revoke-noc-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> --from=<account>`
+  - `dcld tx pki revoke-noc-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> --serial-number=<string> --info=<string> --time=<int64> --revokeChild=<bool> --from=<account>`
 
 ### 3. REMOVE_NOC_X509_ROOT_CERTIFICATE
 This transaction completely removes a NOC root certificate owned by the Vendor. 
 Removed NOC root certificates can be re-added using the `ADD_NOC_X509_ROOT_CERTIFICATE` transaction.
 
+Revoked certificates that match the specified parameters will also be removed.
+
+The certificates in the chain signed by the removed certificate (intermediate, leaf) will not be removed.
+
 - Who can send: Vendor account
   - Vid field associated with the corresponding NOC root certificate on the ledger must be equal to the Vendor account's VID.
 - Validation:
   - A NOC root certificate with the provided `subject` and `subject_key_id` must exist in the ledger.
 - Parameters:
   - subject: `string` - Base64 encoded subject DER sequence bytes of the certificate.
   - subject_key_id: `string` - Certificate's `Subject Key Id` in hex string format, e.g., `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB`.
+  - serial_number: `optional(string)` - Certificate's serial number. If not provided, the transaction will remove all certificates that match the given `subject` and `subject_key_id` combination.
+  - info: `optional(string)` - Information/notes for the removal.
 - CLI Command:
-  - `dcld tx pki remove-noc-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> --from=<account>`
+  - `dcld tx pki remove-noc-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> --serial-number=<string> --info=<string>  --from=<account>`
 
 ## Query
 
@@ -97,14 +106,18 @@ Retrieve a list of all of NOC root certificates
 - Parameters:
   - Common pagination parameters
 - CLI Command:
-  - `dcld query pki get_all_noc_x509_root_certs
+  - `dcld query pki get_all_noc_x509_root_certs`
 - REST API:
   - GET `/dcl/pki/noc-root-certificates`
 
-## Questions
-- Should a vendor be able to add multiple NOC root certificates with the same Subject and Subject Key Identifier combinations? If so, the vendor may want to remove a specific certificate from the list of certificates with the same Subject and Subject Key Identifier combinations.
-- Should the VID parameter be added to the `ADD_NOC_X509_ROOT_CERTIFICATE` transaction?
-- How should NOC root certificate be renewed with a new one?
-- Should the `REMOVE_NOC_X509_ROOT_CERTIFICATE` transaction also delete revoked certificates?
-- Should a user be able to retrieve all revoked NOC root certificates using the `GET_ALL_REVOKED_X509_NOC_ROOT_CERTS` transaction?
-- In the `Joint Fabric Proposal` document, the concept of a `Trust Quotient (TQ)` is introduced as a future consideration. This concept requires adding `Add Trust` and `Revoke Trust` requests for NOCs in the DCL. Should the implementation of these requests be included in the scope of the current task?
+### GET_ALL_REVOKED_NOC_X509_ROOT_CERTS
+
+Gets all revoked NOC root certificates.
+
+- Who can send: Any account
+- Parameters:
+  - Common pagination parameters
+- CLI command:
+  - `dcld query pki all-revoked-noc-x509-root-certs`
+- REST API:
+  - GET `/dcl/pki/revoked-noc-root-certificates`

docs/design/schema-compatibility.md

@@ -0,0 +1,120 @@
+# Support for forward and backward compatibility in DCL schemes
+
+Schema changes can cover a wide range of modifications with varying impacts on application compatibility and data integrity. Below are use cases with strategies to manage schema changes and ensure compatibility.
+
+## I. Multiple versions can live in parallel
+
+### 1. Strategy for Compatible Changes
+
+For changes that are backward-compatible, such as adding optional fields or extending enumerations.
+
+#### Option A: Add an optional version field to all DCL schema
+
+**Description:**
+Implement an optional version field in all DCL schemas to track the schema version. This approach is simple and quick to execute, suitable primarily for compatible updates.
+
+**Strategy steps:**
+
+- One time actions:
+  - Add an optional version field to all DCL schema
+- For each update:
+  - Update the schema by introducing compatible changes (such as adding a new optional field).
+  - Update transactions and queries if needed.
+  - DCL doesn't fulfill the Schema version automatically
+  - It will be up to the transaction submitter (Vendor) to specify a correct Schema version
+  - If Schema Version is not set - then the initial version (version 0 or 1) is assumed
+  - It will be up to the client application to process the Schema version
+
+### 2. Strategy for Non-Compatible Changes
+
+For significant changes that directly impact compatibility, such as adding mandatory fields or removing fields, splitting or merging schemas, changing enumerations.
+
+#### Option B: Separate Schemas for Each Version
+
+**Description:**
+Each version has its distinct schema, state and its own queries/requests. This strategy eliminates the need for data migration and allows different schema versions to coexist seamlessly.
+
+**Strategy steps:**
+
+- For each update:
+  - Create a new version of a Schema and state (a new .proto file)
+  - Implement transactions and queries for the new schema version.
+
+#### Option C: Generic Schema Storage (Not Recommended for Production)
+
+**Description:**
+Implement a flexible, generic schema structure that can support a wide range of data formats.
+
+While offering a robust solution for handling radical changes, this method requires careful planning and development, which can potentially take a significant amount of time.
+
+**Strategy steps:**
+
+- One time actions:
+  - Create a more flexible, generic schema structure to hold a wide range of data formats (Can be used [Any](https://github.com/protocolbuffers/protobuf/blob/main/src/google/protobuf/any.proto) as described in [ADR-19](https://docs.cosmos.network/v0.47/build/architecture/adr-019-protobuf-state-encoding#usage-of-any-to-encode-interfaces))
+  - Migrate old states to the newer, generic schema.
+  - Remove the states associated with the older schema versions.
+  - Optioanlly can be implemented queries for requesting schemas with any return type
+- For each update:
+  - Create a new Schema version (a new .proto file)
+  - Implement transactions and queries that can handle data according to its version, including mechanisms for converting generic values into the corresponding schema version.
+
+## II. New version replaces the legacy one (V2 replaces V1)
+
+### 1. Strategy for Compatible or Convertible changes
+
+For changes that are backward-compatible, such as adding optional or mandatory fields or extending enumerations
+
+#### Option D: Not keeping backward compatibility in API
+
+**Description:**
+This strategy focuses on updating the schema without ensuring backward compatibility at the API level. Since the schemas are compatible, there will likely be no need for migration.
+
+**Strategy steps:**
+
+- For each update:
+  - Update the schema by introducing compatible changes (such as adding a new optional field).
+  - Migrate old states to the newer if needed.
+  - Update transactions and queries if needed.
+
+#### Option E: Keeping backward compatibility in API
+
+**Description:**
+The main idea of this strategy is the dynamically converting newer schemas into older ones. However, this method is only possible if there is compatibility between the newer and legacy schemas, allowing them to be converted to each other. Due to the on-the-fly data conversion, this approach does not support the Light Client in legacy APIs because the converted data is not stored in the state, preventing the generation of proofs.
+
+**Strategy steps:**
+
+- For each update:
+  - Create a new version of a Schema and state (a new .proto file)
+  - Migrate older states to newer schema version.
+  - Remove the states associated with the older schema versions.
+  - Implement transactions and queries for the new schema version.
+  - Update older transactions and queries to converting data between the latest and older schema version,  ensuring backward compatibility.
+  - There will be separated API for each version of the schema, for example::
+    - models/vid/pid
+    - modelsV2/vid/pid
+    - modelsV3/vid/pid
+
+### 2. Strategy for Non-Compatible changes
+
+For significant changes that directly impact compatibility, such as adding mandatory fields or removing fields, splitting or merging schemas, changing enumerations.
+
+#### Optiona F: Not keeping backward compatibility in API
+
+**Description:**
+This strategy focuses on updating the schema without ensuring backward compatibility at the API level. Since the schemas are not compatible, migration is carried out manually through a special transaction.
+
+**Strategy steps:**
+
+- For each update:
+  - Update the schema by introducing changes.
+  - Update transactions and queries if needed.
+  - Add a new transaction to fulfill new required fields (essentially this is a manual migration via transactions)
+
+#### Option G: Keeping backward compatibility in API
+
+**Description:**
+It's not possible to replace an old version here. [Multiple versions can live in parallel: Strategy for Non-Compatible Changes](#2-strategy-for-non-compatible-changes) options should be used instead.
+
+## Conclusion
+
+To lay the foundation for future compatibility improvements, it's a good idea to start by adding a version field to each schema. For subsequent changes, we will then select the most appropriate strategy based on the nature of these changes.