Refactored PKI module

Author: Artemkaaas

x/pki/keeper/approved_root_certificates.go

@@ -56,7 +56,16 @@ func (k Keeper) AddApprovedRootCertificate(ctx sdk.Context, certificate types.Ce
 }
 
 // Remove root certificate from the list.
-func (k Keeper) RemoveApprovedRootCertificate(ctx sdk.Context, certID types.CertificateIdentifier) {
+func (k Keeper) RemoveApprovedRootCertificate(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+) {
+	certID := types.CertificateIdentifier{
+		Subject:      subject,
+		SubjectKeyId: subjectKeyID,
+	}
+
 	rootCertificates, _ := k.GetApprovedRootCertificates(ctx)
 
 	certIDIndex := -1

x/pki/keeper/certificate_helpers.go

@@ -0,0 +1,257 @@
+package keeper
+
+import (
+	"math"
+
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki"
+	authTypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types"
+	"github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types"
+)
+
+func (k Keeper) CertificateApprovalsCount(ctx sdk.Context, authKeeper types.DclauthKeeper) int {
+	return int(math.Ceil(types.RootCertificateApprovalsPercent *
+		float64(authKeeper.CountAccountsWithRole(ctx, authTypes.Trustee))))
+}
+
+func (k Keeper) CertificateRejectApprovalsCount(ctx sdk.Context, authKeeper types.DclauthKeeper) int {
+	return authKeeper.CountAccountsWithRole(ctx, authTypes.Trustee) - k.CertificateApprovalsCount(ctx, authKeeper) + 1
+}
+
+func (k Keeper) EnsureVidMatches(ctx sdk.Context, owner string, signer string) error {
+	// get signer VID
+	signerAddr, err := sdk.AccAddressFromBech32(signer)
+	if err != nil {
+		return pkitypes.NewErrInvalidAddress(err)
+	}
+
+	signerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, signerAddr)
+	signerVid := signerAccount.VendorID
+
+	// get owner VID
+	ownerAddr, err := sdk.AccAddressFromBech32(owner)
+	if err != nil {
+		return pkitypes.NewErrInvalidAddress(err)
+	}
+
+	ownerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, ownerAddr)
+	ownerVid := ownerAccount.VendorID
+
+	if signerVid != ownerVid {
+		return pkitypes.NewErrUnauthorizedCertVendor(ownerVid)
+	}
+
+	return nil
+}
+
+func RemoveCertFromList(issuer string, serialNumber string, certs *[]*types.Certificate) {
+	certIndex := -1
+
+	for i, cert := range *certs {
+		if cert.SerialNumber == serialNumber && cert.Issuer == issuer {
+			certIndex = i
+
+			break
+		}
+	}
+	if certIndex == -1 {
+		return
+	}
+	*certs = append((*certs)[:certIndex], (*certs)[certIndex+1:]...)
+}
+
+func FindCertificateInList(serialNumber string, certificates *[]*types.Certificate) (*types.Certificate, bool) {
+	for _, cert := range *certificates {
+		if cert.SerialNumber == serialNumber {
+			return cert, true
+		}
+	}
+
+	return nil, false
+}
+
+func FilterCertificateList(certificates *[]*types.Certificate, predicate CertificatePredicate) []*types.Certificate {
+	var result []*types.Certificate
+
+	for _, s := range *certificates {
+		if predicate(s) {
+			result = append(result, s)
+		}
+	}
+
+	return result
+}
+
+func (k msgServer) AddCertificateToGlobalCertificateIndexes(
+	ctx sdk.Context,
+	certificate types.Certificate,
+) {
+	// add to the global list of certificates
+	k.AddAllCertificate(ctx, certificate)
+	// add to the global list of certificates indexed by subject key id
+	k.AddAllCertificateBySubjectKeyID(ctx, certificate)
+	// add to the global list of certificates indexed by subject
+	k.AddAllCertificateBySubject(ctx, certificate.Subject, certificate.SubjectKeyId)
+}
+
+func (k msgServer) RemoveCertificateFromGlobalCertificateIndexes(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+) {
+	// remove from the global list of certificates
+	k.RemoveAllCertificates(ctx, subject, subjectKeyID)
+	// remove from the global list of certificates indexed by subject key id
+	k.RemoveAllCertificatesBySubjectKeyID(ctx, subject, subjectKeyID)
+	// remove from the global list of certificates indexed by subject
+	k.RemoveAllCertificateBySubject(ctx, subject, subjectKeyID)
+}
+
+func (k msgServer) StoreDaCertificate(
+	ctx sdk.Context,
+	certificate types.Certificate,
+	isRoot bool,
+) {
+	// add to Global certificates indexes
+	k.AddCertificateToGlobalCertificateIndexes(ctx, certificate)
+
+	// add to list of certificates with the same Subject/SubjectKeyID combination and store updated list
+	k.AddApprovedCertificate(ctx, certificate)
+
+	// add to list of certificates indexed by subject
+	k.AddApprovedCertificateBySubject(ctx, certificate.Subject, certificate.SubjectKeyId)
+
+	// add to list of certificates indexed by subject key id
+	k.AddApprovedCertificateBySubjectKeyID(ctx, certificate)
+
+	if isRoot {
+		// add to root certificates index
+		k.AddApprovedRootCertificate(ctx, certificate)
+	} else {
+		// add the certificate identifier to the issuer's Child Certificates record
+		k.AddChildCertificate(ctx, certificate)
+	}
+}
+
+func (k msgServer) RemoveDaCertificate(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+	isRoot bool,
+) {
+	// remove from global list
+	k.RemoveCertificateFromGlobalCertificateIndexes(ctx, subject, subjectKeyID)
+	// remove from approved certificates map
+	k.RemoveApprovedCertificates(ctx, subject, subjectKeyID)
+	// remove from subject -> subject key ID map
+	k.RemoveApprovedCertificateBySubject(ctx, subject, subjectKeyID)
+	// remove from subject key ID -> certificates map
+	k.RemoveApprovedCertificatesBySubjectKeyID(ctx, subject, subjectKeyID)
+	if isRoot {
+		k.RemoveApprovedRootCertificate(ctx, subject, subjectKeyID)
+	}
+}
+
+func (k msgServer) RemoveDaCertificateBySerialNumber(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+	certificates *types.ApprovedCertificates,
+	serialNumber string,
+	issuer string,
+) {
+	RemoveCertFromList(issuer, serialNumber, &certificates.Certs)
+
+	if len(certificates.Certs) == 0 {
+		k.RemoveDaCertificate(ctx, subject, subjectKeyID, false)
+	} else {
+		k.RemoveAllCertificatesBySerialNumber(ctx, subject, subjectKeyID, serialNumber)
+		k.RemoveAllCertificatesBySubjectKeyIDBySerialNumber(ctx, subject, subjectKeyID, serialNumber)
+		k.RemoveApprovedCertificatesBySerialNumber(ctx, subject, subjectKeyID, serialNumber)
+		k.RemoveApprovedCertificatesBySubjectKeyIDBySerialNumber(ctx, subject, subjectKeyID, serialNumber)
+	}
+}
+
+func (k msgServer) StoreNocCertificate(
+	ctx sdk.Context,
+	certificate types.Certificate,
+	isRoot bool) {
+	// add to Global certificates indexes
+	k.AddCertificateToGlobalCertificateIndexes(ctx, certificate)
+
+	// add to the list of all NOC certificates
+	k.AddNocCertificate(ctx, certificate)
+
+	// add to certificates map indexed by vid/skid
+	k.AddNocCertificateByVidAndSkid(ctx, certificate)
+
+	// add to certificates map indexed by subject
+	k.AddNocCertificateBySubject(ctx, certificate)
+
+	// add to certificates map indexed by subject key id
+	k.AddNocCertificateBySubjectKeyID(ctx, certificate)
+
+	if isRoot {
+		// add to the list of NOC root certificates with the same VID
+		k.AddNocRootCertificate(ctx, certificate)
+	} else {
+		// add to the list of NOC ica certificates with the same VID
+		k.AddNocIcaCertificate(ctx, certificate)
+		// add the certificate identifier to the issuer's Child Certificates record
+		k.AddChildCertificate(ctx, certificate)
+	}
+}
+
+func (k msgServer) RemoveNocCertificate(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+	accountVid int32,
+	isRoot bool,
+) {
+	// remove from global list
+	k.RemoveCertificateFromGlobalCertificateIndexes(ctx, subject, subjectKeyID)
+	// remove from noc certificates map
+	k.RemoveNocCertificates(ctx, subject, subjectKeyID)
+	// remove from vid, subject key id map
+	k.RemoveNocCertificatesByVidAndSkid(ctx, accountVid, subjectKeyID)
+	// remove from subject -> subject key ID map
+	k.RemoveNocCertificateBySubject(ctx, subject, subjectKeyID)
+	// remove from subject key ID -> certificates map
+	k.RemoveNocCertificatesBySubjectAndSubjectKeyID(ctx, subject, subjectKeyID)
+	if isRoot {
+		// remove from noc root certificates map
+		k.RemoveNocRootCertificate(ctx, subject, subjectKeyID, accountVid)
+	} else {
+		// remove from noc ica certificates map
+		k.RemoveNocIcaCertificate(ctx, subject, subjectKeyID, accountVid)
+	}
+}
+
+func (k msgServer) RemoveNocCertBySerialNumber(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+	certificates *types.NocCertificates,
+	accountVid int32,
+	serialNumber string,
+	issuer string,
+	isRoot bool,
+) {
+	RemoveCertFromList(issuer, serialNumber, &certificates.Certs)
+
+	if len(certificates.Certs) == 0 {
+		k.RemoveNocCertificate(ctx, subject, subjectKeyID, accountVid, isRoot)
+	} else {
+		k.RemoveAllCertificatesBySerialNumber(ctx, subject, subjectKeyID, serialNumber)
+		k.RemoveAllCertificatesBySubjectKeyIDBySerialNumber(ctx, subject, subjectKeyID, serialNumber)
+		k.RemoveNocCertificatesBySerialNumber(ctx, subject, subjectKeyID, serialNumber)
+		k.RemoveNocCertificatesBySubjectKeyIDBySerialNumber(ctx, subject, subjectKeyID, serialNumber)
+		k.RemoveNocCertificatesByVidAndSkidBySerialNumber(ctx, accountVid, subject, subjectKeyID, serialNumber)
+		if isRoot {
+			k.RemoveNocRootCertificateBySerialNumber(ctx, subject, subjectKeyID, accountVid, serialNumber)
+		} else {
+			k.RemoveNocIcaCertificateBySerialNumber(ctx, subject, subjectKeyID, accountVid, serialNumber)
+		}
+	}
+}

x/pki/keeper/child_certificates.go

@@ -113,18 +113,13 @@ func (k msgServer) RevokeApprovedChildCertificates(ctx sdk.Context, issuer strin
 
 	// For each child certificate subject/subjectKeyID combination
 	for _, certIdentifier := range childCertificates.CertIds {
-		// Revoke certificates with this subject/subjectKeyID combination
+		// Add revoked certificates with this subject/subjectKeyID combination
 		certificates, _ := k.GetApprovedCertificates(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId)
 		k.AddRevokedCertificates(ctx, types.RevokedCertificates(certificates))
-
-		// Remove certificate from global list
-		k.RemoveCertificateFromAllCertificateIndexes(ctx, *certIdentifier)
-
 		// Remove certificate from da list
-		k.RemoveCertificateFromDaCertificateIndexes(ctx, *certIdentifier, false)
-
+		k.RemoveDaCertificate(ctx, certificates.Subject, certificates.SubjectKeyId, false)
 		// Process child certificates recursively
-		k.RevokeApprovedChildCertificates(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId)
+		k.RevokeApprovedChildCertificates(ctx, certificates.Subject, certificates.SubjectKeyId)
 	}
 
 	// Delete entire ChildCertificates record of issuer
@@ -137,30 +132,27 @@ func (k msgServer) RevokeNocChildCertificates(ctx sdk.Context, issuer string, au
 
 	// For each child certificate subject/subjectKeyID combination
 	for _, certIdentifier := range childCertificates.CertIds {
-		// Revoke certificates with this subject/subjectKeyID combination
+		// Add revoked certificates with this subject/subjectKeyID combination
 		certificates, _ := k.GetNocCertificates(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId)
-
 		k.AddRevokedNocIcaCertificates(ctx, types.RevokedNocIcaCertificates{
 			Subject:      certificates.Subject,
 			SubjectKeyId: certificates.SubjectKeyId,
 			Certs:        certificates.Certs,
 		})
-
-		// Remove certificate from global list
-		k.RemoveCertificateFromAllCertificateIndexes(ctx, *certIdentifier)
-
 		// Remove certificate from da list
-		k.RemoveCertificateFromNocCertificateIndexes(ctx, *certIdentifier, certificates.Certs[0].Vid, false)
-
+		k.RemoveNocCertificate(ctx, certificates.Subject, certificates.SubjectKeyId, certificates.Certs[0].Vid, false)
 		// Process child certificates recursively
-		k.RevokeNocChildCertificates(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId)
+		k.RevokeNocChildCertificates(ctx, certificates.Subject, certificates.SubjectKeyId)
 	}
 
 	// Delete entire ChildCertificates record of issuer
 	k.RemoveChildCertificates(ctx, issuer, authorityKeyID)
 }
 
-func (k msgServer) RemoveChildCertificate(ctx sdk.Context, issuer string, authorityKeyID string,
+func (k msgServer) RemoveChildCertificate(
+	ctx sdk.Context,
+	issuer string,
+	authorityKeyID string,
 	certIdentifier types.CertificateIdentifier,
 ) {
 	childCertificates, _ := k.GetChildCertificates(ctx, issuer, authorityKeyID)

x/pki/keeper/keeper.go

@@ -2,14 +2,13 @@ package keeper
 
 import (
 	"fmt"
-	"math"
 
 	"github.com/cometbft/cometbft/libs/log"
 	"github.com/cosmos/cosmos-sdk/codec"
 	storetypes "github.com/cosmos/cosmos-sdk/store/types"
 	sdk "github.com/cosmos/cosmos-sdk/types"
+
 	pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki"
-	authTypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types"
 	"github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types"
 )
 
@@ -43,221 +42,3 @@ func NewKeeper(
 func (k Keeper) Logger(ctx sdk.Context) log.Logger {
 	return ctx.Logger().With("module", fmt.Sprintf("x/%s", pkitypes.ModuleName))
 }
-
-func (k Keeper) CertificateApprovalsCount(ctx sdk.Context, authKeeper types.DclauthKeeper) int {
-	return int(math.Ceil(types.RootCertificateApprovalsPercent *
-		float64(authKeeper.CountAccountsWithRole(ctx, authTypes.Trustee))))
-}
-
-func (k Keeper) CertificateRejectApprovalsCount(ctx sdk.Context, authKeeper types.DclauthKeeper) int {
-	return authKeeper.CountAccountsWithRole(ctx, authTypes.Trustee) - k.CertificateApprovalsCount(ctx, authKeeper) + 1
-}
-
-func (k Keeper) EnsureVidMatches(ctx sdk.Context, owner string, signer string) error {
-	// get signer VID
-	signerAddr, err := sdk.AccAddressFromBech32(signer)
-	if err != nil {
-		return pkitypes.NewErrInvalidAddress(err)
-	}
-
-	signerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, signerAddr)
-	signerVid := signerAccount.VendorID
-
-	// get owner VID
-	ownerAddr, err := sdk.AccAddressFromBech32(owner)
-	if err != nil {
-		return pkitypes.NewErrInvalidAddress(err)
-	}
-
-	ownerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, ownerAddr)
-	ownerVid := ownerAccount.VendorID
-
-	if signerVid != ownerVid {
-		return pkitypes.NewErrUnauthorizedCertVendor(ownerVid)
-	}
-
-	return nil
-}
-
-func removeCertFromList(issuer string, serialNumber string, certs *[]*types.Certificate) {
-	certIndex := -1
-
-	for i, cert := range *certs {
-		if cert.SerialNumber == serialNumber && cert.Issuer == issuer {
-			certIndex = i
-
-			break
-		}
-	}
-	if certIndex == -1 {
-		return
-	}
-	*certs = append((*certs)[:certIndex], (*certs)[certIndex+1:]...)
-}
-
-func findCertificate(serialNumber string, certificates *[]*types.Certificate) (*types.Certificate, bool) {
-	for _, cert := range *certificates {
-		if cert.SerialNumber == serialNumber {
-			return cert, true
-		}
-	}
-
-	return nil, false
-}
-
-func filterCertificates(certificates *[]*types.Certificate, predicate CertificatePredicate) []*types.Certificate {
-	var result []*types.Certificate
-
-	for _, s := range *certificates {
-		if predicate(s) {
-			result = append(result, s)
-		}
-	}
-
-	return result
-}
-
-func (k msgServer) AddCertificateToAllCertificateIndexes(ctx sdk.Context, certificate types.Certificate) {
-	// Add to the global list of certificates
-	k.AddAllCertificate(ctx, certificate)
-
-	// append to global list of certificates indexed by subject
-	k.AddAllCertificateBySubject(ctx, certificate.Subject, certificate.SubjectKeyId)
-}
-
-func (k msgServer) AddCertificateToDaCertificateIndexes(
-	ctx sdk.Context,
-	certificate types.Certificate,
-	isRoot bool) {
-	// append new certificate to list of certificates with the same Subject/SubjectKeyID combination and store updated list
-	k.AddApprovedCertificate(ctx, certificate)
-
-	// add to subject -> subject key ID map
-	k.AddApprovedCertificateBySubject(ctx, certificate.Subject, certificate.SubjectKeyId)
-
-	// add to subject key ID -> certificates map
-	k.AddApprovedCertificateBySubjectKeyID(ctx, certificate)
-
-	if isRoot {
-		// add to root certificates index
-		k.AddApprovedRootCertificate(ctx, certificate)
-	} else {
-		// add the certificate identifier to the issuer's Child Certificates record
-		k.AddChildCertificate(ctx, certificate)
-	}
-}
-
-func (k msgServer) AddCertificateToNocCertificateIndexes(
-	ctx sdk.Context,
-	certificate types.Certificate,
-	isRoot bool) {
-	// Add to the list of all NOC certificates
-	k.AddNocCertificate(ctx, certificate)
-
-	// add to certificates map indexed by { vid, subject key id }
-	k.AddNocCertificateByVidAndSkid(ctx, certificate)
-
-	// add to certificates map indexed by { subject }
-	k.AddNocCertificateBySubject(ctx, certificate)
-
-	// add to certificates map indexed by { subject key id }
-	k.AddNocCertificateBySubjectKeyID(ctx, certificate)
-
-	if isRoot {
-		// Add to the list of NOC root certificates with the same VID
-		k.AddNocRootCertificate(ctx, certificate)
-	} else {
-		// Add to the list of NOC ica certificates with the same VID
-		k.AddNocIcaCertificate(ctx, certificate)
-		// add the certificate identifier to the issuer's Child Certificates record
-		k.AddChildCertificate(ctx, certificate)
-	}
-}
-
-func (k msgServer) RemoveCertificateFromAllCertificateIndexes(ctx sdk.Context, certID types.CertificateIdentifier) {
-	// remove from global certificates map
-	k.RemoveAllCertificates(ctx, certID.Subject, certID.SubjectKeyId)
-	// remove from global subject -> subject key ID map
-	k.RemoveAllCertificateBySubject(ctx, certID.Subject, certID.SubjectKeyId)
-}
-
-func (k msgServer) RemoveCertificateFromDaCertificateIndexes(
-	ctx sdk.Context,
-	certID types.CertificateIdentifier,
-	isRoot bool) {
-	// remove from approved certificates map
-	k.RemoveApprovedCertificates(ctx, certID.Subject, certID.SubjectKeyId)
-	// remove from subject -> subject key ID map
-	k.RemoveApprovedCertificateBySubject(ctx, certID.Subject, certID.SubjectKeyId)
-	// remove from subject key ID -> certificates map
-	k.RemoveApprovedCertificatesBySubjectKeyID(ctx, certID.Subject, certID.SubjectKeyId)
-	if isRoot {
-		k.RemoveApprovedRootCertificate(ctx, certID)
-	}
-}
-
-func (k msgServer) RemoveCertificateFromNocCertificateIndexes(
-	ctx sdk.Context,
-	certID types.CertificateIdentifier,
-	accountVid int32,
-	isRoot bool) {
-	// remove from noc certificates map
-	k.RemoveNocCertificates(ctx, certID.Subject, certID.SubjectKeyId)
-	// remove from vid, subject key id map
-	k.RemoveNocCertificatesByVidAndSkid(ctx, accountVid, certID.SubjectKeyId)
-	// remove from subject -> subject key ID map
-	k.RemoveNocCertificateBySubject(ctx, certID.Subject, certID.SubjectKeyId)
-	// remove from subject key ID -> certificates map
-	k.RemoveNocCertificatesBySubjectAndSubjectKeyID(ctx, certID.Subject, certID.SubjectKeyId)
-	if isRoot {
-		// remove from noc root certificates map
-		k.RemoveNocRootCertificate(ctx, certID.Subject, certID.SubjectKeyId, accountVid)
-	} else {
-		// remove from noc ica certificates map
-		k.RemoveNocIcaCertificate(ctx, certID.Subject, certID.SubjectKeyId, accountVid)
-	}
-}
-
-func (k msgServer) removeDaX509Cert(
-	ctx sdk.Context,
-	certID types.CertificateIdentifier,
-	certificates *types.ApprovedCertificates,
-	serialNumber string) {
-	if len(certificates.Certs) == 0 {
-		// remove from global certificates map
-		k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
-		// remove from noc certificates map
-		k.RemoveCertificateFromDaCertificateIndexes(ctx, certID, false)
-	} else {
-		k.RemoveAllCertificatesBySerialNumber(ctx, certID.Subject, certID.SubjectKeyId, serialNumber)
-		k.RemoveApprovedCertificatesBySerialNumber(ctx, certID.Subject, certID.SubjectKeyId, serialNumber)
-		k.RemoveApprovedCertificatesBySubjectKeyIDBySerialNumber(ctx, certID.Subject, certID.SubjectKeyId, serialNumber)
-	}
-}
-
-func (k msgServer) removeNocX509Cert(
-	ctx sdk.Context,
-	certID types.CertificateIdentifier,
-	certificates *types.NocCertificates,
-	accountVid int32,
-	serialNumber string,
-	isRoot bool,
-) {
-	if len(certificates.Certs) == 0 { //nolint:nestif
-		// remove from global certificates map
-		k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
-		// remove from noc certificates map
-		k.RemoveCertificateFromNocCertificateIndexes(ctx, certID, accountVid, isRoot)
-	} else {
-		k.RemoveAllCertificatesBySerialNumber(ctx, certID.Subject, certID.SubjectKeyId, serialNumber)
-		k.RemoveNocCertificatesBySerialNumber(ctx, certID.Subject, certID.SubjectKeyId, serialNumber)
-		k.RemoveNocCertificatesBySubjectKeyIDBySerialNumber(ctx, certID.Subject, certID.SubjectKeyId, serialNumber)
-		k.RemoveNocCertificatesByVidAndSkidBySerialNumber(ctx, accountVid, certID.Subject, certID.SubjectKeyId, serialNumber)
-
-		if isRoot {
-			k.RemoveNocRootCertificateBySerialNumber(ctx, certID.Subject, certID.SubjectKeyId, accountVid, serialNumber)
-		} else {
-			k.RemoveNocIcaCertificateBySerialNumber(ctx, certID.Subject, certID.SubjectKeyId, accountVid, serialNumber)
-		}
-	}
-}

x/pki/keeper/msg_server_add_noc_x_509_ica_cert.go

@@ -104,18 +104,10 @@ func (k msgServer) AddNocX509IcaCert(goCtx context.Context, msg *types.MsgAddNoc
 	)
 
 	// register the unique certificate key
-	uniqueCertificate := types.UniqueCertificate{
-		Issuer:       x509Certificate.Issuer,
-		SerialNumber: x509Certificate.SerialNumber,
-		Present:      true,
-	}
-	k.SetUniqueCertificate(ctx, uniqueCertificate)
-
-	// Add to the indexes for global certificates list
-	k.AddCertificateToAllCertificateIndexes(ctx, certificate)
+	k.SetUniqueX509Certificate(ctx, x509Certificate)
 
-	// Add to the indexes for noc certificates list
-	k.AddCertificateToNocCertificateIndexes(ctx, certificate, false)
+	// store Noc certificate in indexes
+	k.StoreNocCertificate(ctx, certificate, false)
 
 	return &types.MsgAddNocX509IcaCertResponse{}, nil
 }

x/pki/keeper/msg_server_add_noc_x_509_root_cert.go

@@ -85,18 +85,10 @@ func (k msgServer) AddNocX509RootCert(goCtx context.Context, msg *types.MsgAddNo
 	)
 
 	// register the unique certificate key
-	uniqueCertificate := types.UniqueCertificate{
-		Issuer:       x509Certificate.Issuer,
-		SerialNumber: x509Certificate.SerialNumber,
-		Present:      true,
-	}
-	k.SetUniqueCertificate(ctx, uniqueCertificate)
-
-	// Add to the indexes for global certificates list
-	k.AddCertificateToAllCertificateIndexes(ctx, certificate)
+	k.SetUniqueX509Certificate(ctx, x509Certificate)
 
-	// Add to the indexes for noc certificates list
-	k.AddCertificateToNocCertificateIndexes(ctx, certificate, true)
+	// store Noc certificate in indexes
+	k.StoreNocCertificate(ctx, certificate, true)
 
 	return &types.MsgAddNocX509RootCertResponse{}, nil
 }

x/pki/keeper/msg_server_add_x_509_cert.go

@@ -108,18 +108,10 @@ func (k msgServer) AddX509Cert(goCtx context.Context, msg *types.MsgAddX509Cert)
 	)
 
 	// register the unique certificate key
-	uniqueCertificate := types.UniqueCertificate{
-		Issuer:       x509Certificate.Issuer,
-		SerialNumber: x509Certificate.SerialNumber,
-		Present:      true,
-	}
-	k.SetUniqueCertificate(ctx, uniqueCertificate)
-
-	// Add to the indexes for global certificates list
-	k.AddCertificateToAllCertificateIndexes(ctx, certificate)
+	k.SetUniqueX509Certificate(ctx, x509Certificate)
 
-	// Add to the indexes for DA certificates list
-	k.AddCertificateToDaCertificateIndexes(ctx, certificate, false)
+	// store DA certificate in indexes
+	k.StoreDaCertificate(ctx, certificate, false)
 
 	return &types.MsgAddX509CertResponse{}, nil
 }

x/pki/keeper/msg_server_approve_add_x_509_root_cert.go

@@ -79,11 +79,8 @@ func (k msgServer) ApproveAddX509RootCert(goCtx context.Context, msg *types.MsgA
 		// delete proposed certificate
 		k.RemoveProposedCertificate(ctx, msg.Subject, msg.SubjectKeyId)
 
-		// Add to the indexes for global certificates list
-		k.AddCertificateToAllCertificateIndexes(ctx, rootCertificate)
-
-		// Add to the indexes for DA certificates list
-		k.AddCertificateToDaCertificateIndexes(ctx, rootCertificate, true)
+		// store DA certificate in indexes
+		k.StoreDaCertificate(ctx, rootCertificate, true)
 	} else {
 		// update proposed certificate
 		k.SetProposedCertificate(ctx, proposedCertificate)

x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go

@@ -65,9 +65,12 @@ func (k msgServer) ApproveRevokeX509RootCert(goCtx context.Context, msg *types.M
 		k.RemoveProposedCertificateRevocation(ctx, msg.Subject, msg.SubjectKeyId, msg.SerialNumber)
 
 		if msg.SerialNumber != "" {
-			k._revokeRootCertificateBySerialNumber(ctx, revocation.Approvals, msg.SerialNumber, certificates, revocation.SchemaVersion)
+			err := k.revokeRootCertificateBySerialNumber(ctx, revocation.Approvals, msg.SerialNumber, certificates)
+			if err != nil {
+				return nil, err
+			}
 		} else {
-			k._revokeRootCertificates(ctx, revocation.Approvals, certificates, revocation.SchemaVersion)
+			k.revokeRootCertificate(ctx, revocation.Approvals, certificates, revocation.SchemaVersion)
 		}
 
 		if revocation.RevokeChild {
@@ -80,7 +83,7 @@ func (k msgServer) ApproveRevokeX509RootCert(goCtx context.Context, msg *types.M
 	return &types.MsgApproveRevokeX509RootCertResponse{}, nil
 }
 
-func (k msgServer) _revokeRootCertificates(
+func (k msgServer) revokeRootCertificate(
 	ctx sdk.Context,
 	approvals []*types.Grant,
 	certificates types.ApprovedCertificates,
@@ -92,29 +95,23 @@ func (k msgServer) _revokeRootCertificates(
 			cert.Approvals = approvals
 		}
 	}
-	certID := types.CertificateIdentifier{
-		Subject:      certificates.Subject,
-		SubjectKeyId: certificates.SubjectKeyId,
-	}
 
 	// remove from root certs index, add to revoked root certs
 	k.AddRevokedCertificates(ctx, types.RevokedCertificates(certificates))
-
-	// Remove certificate from global list
-	k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
-
-	// Remove certificate from da list
-	k.RemoveCertificateFromDaCertificateIndexes(ctx, certID, true)
+	// remove certificate from da list
+	k.RemoveDaCertificate(ctx, certificates.Subject, certificates.SubjectKeyId, true)
 }
 
-func (k msgServer) _revokeRootCertificateBySerialNumber(
+func (k msgServer) revokeRootCertificateBySerialNumber(
 	ctx sdk.Context,
 	approvals []*types.Grant,
 	serialNumber string,
 	certificates types.ApprovedCertificates,
-	schemaVersion uint32,
-) {
-	cert, _ := findCertificate(serialNumber, &certificates.Certs)
+) error {
+	cert, found := FindCertificateInList(serialNumber, &certificates.Certs)
+	if !found {
+		return pkitypes.NewErrCertificateBySerialNumberDoesNotExist(certificates.Subject, certificates.SubjectKeyId, serialNumber)
+	}
 	cert.Approvals = approvals
 	revCert := types.RevokedCertificates{
 		Subject:       cert.Subject,
@@ -126,22 +123,15 @@ func (k msgServer) _revokeRootCertificateBySerialNumber(
 	// remove from root certs index, add to revoked root certs
 	k.AddRevokedCertificates(ctx, revCert)
 
-	removeCertFromList(cert.Issuer, cert.SerialNumber, &certificates.Certs)
-
-	if len(certificates.Certs) == 0 {
-		certID := types.CertificateIdentifier{
-			Subject:      certificates.Subject,
-			SubjectKeyId: certificates.SubjectKeyId,
-		}
-
-		// Remove certificate from global list
-		k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
-
-		// Remove certificate from da list
-		k.RemoveCertificateFromDaCertificateIndexes(ctx, certID, true)
-	} else {
-		k.SetApprovedCertificates(ctx, certificates)
-		k.RemoveAllCertificatesBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, serialNumber)
-		k.RemoveApprovedCertificatesBySubjectKeyIDBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, serialNumber)
-	}
+	// remove from certificate indexes
+	k.RemoveDaCertificateBySerialNumber(
+		ctx,
+		cert.Subject,
+		cert.SubjectKeyId,
+		&certificates,
+		cert.SerialNumber,
+		cert.Issuer,
+	)
+
+	return nil
 }

x/pki/keeper/msg_server_propose_add_x_509_root_cert.go

@@ -109,12 +109,7 @@ func (k msgServer) ProposeAddX509RootCert(goCtx context.Context, msg *types.MsgP
 	}
 
 	// register the unique certificate key
-	uniqueCertificate := types.UniqueCertificate{
-		Issuer:       x509Certificate.Issuer,
-		SerialNumber: x509Certificate.SerialNumber,
-		Present:      true,
-	}
-	k.SetUniqueCertificate(ctx, uniqueCertificate)
+	k.SetUniqueX509Certificate(ctx, x509Certificate)
 
 	return &types.MsgProposeAddX509RootCertResponse{}, nil
 }

x/pki/keeper/msg_server_propose_revoke_x_509_root_cert.go

@@ -47,7 +47,7 @@ func (k msgServer) ProposeRevokeX509RootCert(goCtx context.Context, msg *types.M
 	}
 	// fail if cert with serial number does not exist
 	if msg.SerialNumber != "" {
-		_, found = findCertificate(msg.SerialNumber, &certificates.Certs)
+		_, found = FindCertificateInList(msg.SerialNumber, &certificates.Certs)
 		if !found {
 			return nil, pkitypes.NewErrCertificateBySerialNumberDoesNotExist(
 				msg.Subject, msg.SubjectKeyId, msg.SerialNumber,

x/pki/keeper/msg_server_remove_noc_x_509_ica_cert.go

@@ -60,7 +60,7 @@ func (k msgServer) RemoveNocX509IcaCert(goCtx context.Context, msg *types.MsgRem
 	}
 
 	if msg.SerialNumber != "" {
-		certBySerialNumber, found := findCertificate(msg.SerialNumber, &certificates)
+		certBySerialNumber, found := FindCertificateInList(msg.SerialNumber, &certificates)
 		if !found {
 			return nil, pkitypes.NewErrCertificateBySerialNumberDoesNotExist(msg.Subject, msg.SubjectKeyId, msg.SerialNumber)
 		}
@@ -70,22 +70,27 @@ func (k msgServer) RemoveNocX509IcaCert(goCtx context.Context, msg *types.MsgRem
 
 		if foundActive {
 			// Remove from certificates lists
-			removeCertFromList(certBySerialNumber.Issuer, certBySerialNumber.SerialNumber, &icaCerts.Certs)
-			k.removeNocX509Cert(ctx, certID, &icaCerts, accountVid, msg.SerialNumber, false)
+			k.RemoveNocCertBySerialNumber(
+				ctx,
+				certBySerialNumber.Subject,
+				certBySerialNumber.SubjectKeyId,
+				&icaCerts,
+				accountVid,
+				certBySerialNumber.SerialNumber,
+				certBySerialNumber.Issuer,
+				false,
+			)
 		}
 
 		if foundRevoked {
-			removeCertFromList(certBySerialNumber.Issuer, certBySerialNumber.SerialNumber, &revCerts.Certs)
+			RemoveCertFromList(certBySerialNumber.Issuer, certBySerialNumber.SerialNumber, &revCerts.Certs)
 			k.removeRevokedNocX509IcaCert(ctx, certID, &revCerts)
 		}
 	} else {
-		// remove from global certificates map
-		k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
-		// remove from noc certificates map
-		k.RemoveCertificateFromNocCertificateIndexes(ctx, certID, accountVid, false)
 		// remove from revoked list
 		k.RemoveRevokedNocIcaCertificates(ctx, certID.Subject, certID.SubjectKeyId)
-
+		// remove from noc certificates map
+		k.RemoveNocCertificate(ctx, cert.Subject, cert.SubjectKeyId, accountVid, false)
 		// remove from subject with serialNumber map
 		for _, cert := range certificates {
 			k.RemoveUniqueCertificate(ctx, cert.Issuer, cert.SerialNumber)

x/pki/keeper/msg_server_remove_noc_x_509_root_cert.go

@@ -56,7 +56,7 @@ func (k msgServer) RemoveNocX509RootCert(goCtx context.Context, msg *types.MsgRe
 	}
 
 	if msg.SerialNumber != "" {
-		certBySerialNumber, found := findCertificate(msg.SerialNumber, &certificates)
+		certBySerialNumber, found := FindCertificateInList(msg.SerialNumber, &certificates)
 		if !found {
 			return nil, pkitypes.NewErrCertificateBySerialNumberDoesNotExist(msg.Subject, msg.SubjectKeyId, msg.SerialNumber)
 		}
@@ -66,21 +66,27 @@ func (k msgServer) RemoveNocX509RootCert(goCtx context.Context, msg *types.MsgRe
 
 		if foundActive {
 			// Remove from lists
-			removeCertFromList(certBySerialNumber.Issuer, certBySerialNumber.SerialNumber, &nocCerts.Certs)
-			k.removeNocX509Cert(ctx, certID, &nocCerts, accountVid, msg.SerialNumber, true)
+			k.RemoveNocCertBySerialNumber(
+				ctx,
+				certBySerialNumber.Subject,
+				certBySerialNumber.SubjectKeyId,
+				&nocCerts,
+				accountVid,
+				msg.SerialNumber,
+				cert.Issuer,
+				true,
+			)
 		}
 
 		if foundRevoked {
-			removeCertFromList(certBySerialNumber.Issuer, certBySerialNumber.SerialNumber, &revCerts.Certs)
+			RemoveCertFromList(certBySerialNumber.Issuer, certBySerialNumber.SerialNumber, &revCerts.Certs)
 			k.removeRevokedNocX509RootCert(ctx, certID, &revCerts)
 		}
 	} else {
-		// remove from global certificates map
-		k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
-		// remove from noc certificates map
-		k.RemoveCertificateFromNocCertificateIndexes(ctx, certID, accountVid, true)
 		// remove from revoked noc root certs
 		k.RemoveRevokedNocRootCertificates(ctx, certID.Subject, certID.SubjectKeyId)
+		// remove from noc certificates map
+		k.RemoveNocCertificate(ctx, cert.Subject, cert.SubjectKeyId, accountVid, true)
 		// remove from subject with serialNumber map
 		for _, cert := range certificates {
 			k.RemoveUniqueCertificate(ctx, cert.Subject, cert.SerialNumber)

x/pki/keeper/msg_server_remove_x_509_cert.go

@@ -44,13 +44,8 @@ func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX50
 		return nil, err
 	}
 
-	certID := types.CertificateIdentifier{
-		Subject:      msg.Subject,
-		SubjectKeyId: msg.SubjectKeyId,
-	}
-
 	if msg.SerialNumber != "" {
-		certBySerialNumber, found := findCertificate(msg.SerialNumber, &certificates)
+		certBySerialNumber, found := FindCertificateInList(msg.SerialNumber, &certificates)
 		if !found {
 			return nil, pkitypes.NewErrCertificateBySerialNumberDoesNotExist(msg.Subject, msg.SubjectKeyId, msg.SerialNumber)
 		}
@@ -59,26 +54,37 @@ func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX50
 		k.RemoveUniqueCertificate(ctx, certBySerialNumber.Issuer, certBySerialNumber.SerialNumber)
 
 		if foundApproved {
-			removeCertFromList(certBySerialNumber.Issuer, certBySerialNumber.SerialNumber, &aprCerts.Certs)
-			k.removeDaX509Cert(ctx, certID, &aprCerts, msg.SerialNumber)
+			k.RemoveDaCertificateBySerialNumber(
+				ctx,
+				certBySerialNumber.Subject,
+				certBySerialNumber.SubjectKeyId,
+				&aprCerts,
+				certBySerialNumber.SerialNumber,
+				certBySerialNumber.Issuer,
+			)
 		}
 		if foundRevoked {
-			removeCertFromList(certBySerialNumber.Issuer, certBySerialNumber.SerialNumber, &revCerts.Certs)
-			k.removeOrUpdateRevokedX509Cert(ctx, certID, &revCerts)
+			RemoveCertFromList(certBySerialNumber.Issuer, certBySerialNumber.SerialNumber, &revCerts.Certs)
+			k.removeOrUpdateRevokedX509Cert(ctx, msg.Subject, msg.SubjectKeyId, &revCerts)
 		}
 	} else {
-		// remove from global certificates map
-		k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
-		// remove from noc certificates map
-		k.RemoveCertificateFromDaCertificateIndexes(ctx, certID, false)
-		// remove from revoked list
-		k.RemoveRevokedCertificates(ctx, certID.Subject, certID.SubjectKeyId)
-
-		// remove from subject with serialNumber map
-		for _, cert := range certificates {
-			k.RemoveUniqueCertificate(ctx, cert.Issuer, cert.SerialNumber)
-		}
+		k.revokeCertificate(ctx, aprCerts)
 	}
 
 	return &types.MsgRemoveX509CertResponse{}, nil
 }
+
+func (k msgServer) revokeCertificate(
+	ctx sdk.Context,
+	certificates types.ApprovedCertificates,
+) {
+	// remove from noc certificates map
+	k.RemoveDaCertificate(ctx, certificates.Subject, certificates.SubjectKeyId, false)
+	// remove from revoked list
+	k.RemoveRevokedCertificates(ctx, certificates.Subject, certificates.SubjectKeyId)
+
+	// remove from subject with serialNumber map
+	for _, cert := range certificates.Certs {
+		k.RemoveUniqueCertificate(ctx, cert.Issuer, cert.SerialNumber)
+	}
+}

x/pki/keeper/msg_server_revoke_noc_x_509_ica_cert.go

@@ -44,12 +44,12 @@ func (k msgServer) RevokeNocX509IcaCert(goCtx context.Context, msg *types.MsgRev
 	}
 
 	if msg.SerialNumber != "" {
-		err = k._revokeNocCertificate(ctx, msg.SerialNumber, certificates, cert.Vid)
+		err = k.revokeNocIcaCertificateBySerialNumber(ctx, msg.SerialNumber, certificates, cert.Vid)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		k._revokeNocIcaCertificates(ctx, certificates, cert.Vid)
+		k.revokeNocIcaCertificate(ctx, certificates, cert.Vid)
 	}
 
 	if msg.RevokeChild {
@@ -60,68 +60,59 @@ func (k msgServer) RevokeNocX509IcaCert(goCtx context.Context, msg *types.MsgRev
 	return &types.MsgRevokeNocX509IcaCertResponse{}, nil
 }
 
-func (k msgServer) _revokeNocCertificate(
+func (k msgServer) revokeNocIcaCertificateBySerialNumber(
 	ctx sdk.Context,
 	serialNumber string,
 	certificates types.NocCertificates,
 	vid int32,
 ) error {
-	cert, found := findCertificate(serialNumber, &certificates.Certs)
+	cert, found := FindCertificateInList(serialNumber, &certificates.Certs)
 	if !found {
 		return pkitypes.NewErrCertificateBySerialNumberDoesNotExist(
 			certificates.Subject, certificates.SubjectKeyId, serialNumber,
 		)
 	}
 
-	revCerts := types.RevokedNocIcaCertificates{
+	k.AddRevokedNocIcaCertificates(ctx, types.RevokedNocIcaCertificates{
 		Subject:      cert.Subject,
 		SubjectKeyId: cert.SubjectKeyId,
 		Certs:        []*types.Certificate{cert},
-	}
-	k.AddRevokedNocIcaCertificates(ctx, revCerts)
+	})
 
-	removeCertFromList(cert.Issuer, cert.SerialNumber, &certificates.Certs)
-
-	certID := types.CertificateIdentifier{
-		Subject:      certificates.Subject,
-		SubjectKeyId: certificates.SubjectKeyId,
-	}
+	k.RemoveNocCertBySerialNumber(
+		ctx,
+		cert.Subject,
+		cert.SubjectKeyId,
+		&certificates,
+		vid,
+		cert.SerialNumber,
+		cert.Issuer,
+		false,
+	)
 
 	if len(certificates.Certs) == 0 {
-		// Remove certificate from global list
-		k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
-		// Remove certificate from noc list
-		k.RemoveCertificateFromNocCertificateIndexes(ctx, certID, vid, false)
-	} else {
-		k.RemoveAllCertificatesBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, serialNumber)
-		k.RemoveNocCertificatesBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, serialNumber)
-		k.RemoveNocIcaCertificateBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, vid, serialNumber)
-		k.RemoveNocCertificatesByVidAndSkidBySerialNumber(ctx, vid, cert.Subject, cert.SubjectKeyId, serialNumber)
-		k.RemoveNocCertificatesBySubjectKeyIDBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, serialNumber)
+		k.RemoveChildCertificate(ctx, cert.Issuer, cert.AuthorityKeyId, types.CertificateIdentifier{
+			Subject:      certificates.Subject,
+			SubjectKeyId: certificates.SubjectKeyId,
+		})
 	}
 
 	return nil
 }
 
-func (k msgServer) _revokeNocIcaCertificates(ctx sdk.Context, certificates types.NocCertificates, vid int32) {
+func (k msgServer) revokeNocIcaCertificate(ctx sdk.Context, certificates types.NocCertificates, vid int32) {
+	certID := types.CertificateIdentifier{
+		Subject:      certificates.Subject,
+		SubjectKeyId: certificates.SubjectKeyId,
+	}
 	// Add certs into revoked lists
 	k.AddRevokedNocIcaCertificates(ctx, types.RevokedNocIcaCertificates{
 		Subject:      certificates.Subject,
 		SubjectKeyId: certificates.SubjectKeyId,
 		Certs:        certificates.Certs,
 	})
-	// remove cert from global certs list
-	k.RemoveAllCertificates(ctx, certificates.Subject, certificates.SubjectKeyId)
-	// remove cert from global certs list -> subject key ID map
-	k.RemoveAllCertificateBySubject(ctx, certificates.Subject, certificates.SubjectKeyId)
-	// remove cert from NOC certs list
-	k.RemoveNocCertificates(ctx, certificates.Subject, certificates.SubjectKeyId)
-	// remove cert from NOC ica certs list
-	k.RemoveNocIcaCertificate(ctx, certificates.Subject, certificates.SubjectKeyId, vid)
-	// remove from subject -> subject key ID map
-	k.RemoveNocCertificateBySubject(ctx, certificates.Subject, certificates.SubjectKeyId)
-	// remove from subject key ID -> certificates map
-	k.RemoveNocCertificatesBySubjectAndSubjectKeyID(ctx, certificates.Subject, certificates.SubjectKeyId)
-	// remove from vid, subject key ID -> certificates map
-	k.RemoveNocCertificateByVidSubjectAndSkid(ctx, vid, certificates.Subject, certificates.SubjectKeyId)
+	// Remove certificate from noc list
+	k.RemoveNocCertificate(ctx, certificates.Subject, certificates.SubjectKeyId, vid, false)
+	// Remove certificate identifier from issuer's ChildCertificates record
+	k.RemoveChildCertificate(ctx, certificates.Certs[0].Issuer, certificates.Certs[0].AuthorityKeyId, certID)
 }

x/pki/keeper/msg_server_revoke_noc_x_509_root_cert.go

@@ -45,83 +45,62 @@ func (k msgServer) RevokeNocX509RootCert(goCtx context.Context, msg *types.MsgRe
 	}
 
 	if msg.SerialNumber != "" {
-		err = k._revokeNocRootCertificateBySerialNumber(ctx, msg.SerialNumber, certificates, cert.Vid)
+		err = k.revokeNocRootCertificateBySerialNumber(ctx, msg.SerialNumber, certificates, cert.Vid)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		k._revokeNocRootCertificates(ctx, certificates, cert.Vid)
+		k.revokeNocRootCertificate(ctx, certificates, cert.Vid)
 	}
 
 	if msg.RevokeChild {
-		certID := types.CertificateIdentifier{
-			Subject:      msg.Subject,
-			SubjectKeyId: msg.SubjectKeyId,
-		}
 		// Remove certificate identifier from issuer's ChildCertificates record
-		k.RevokeNocChildCertificates(ctx, certID.Subject, certID.SubjectKeyId)
+		k.RevokeNocChildCertificates(ctx, msg.Subject, msg.SubjectKeyId)
 	}
 
 	return &types.MsgRevokeNocX509RootCertResponse{}, nil
 }
 
-func (k msgServer) _revokeNocRootCertificateBySerialNumber(
+func (k msgServer) revokeNocRootCertificateBySerialNumber(
 	ctx sdk.Context,
 	serialNumber string,
 	certificates types.NocCertificates,
 	vid int32,
 ) error {
-	cert, found := findCertificate(serialNumber, &certificates.Certs)
+	cert, found := FindCertificateInList(serialNumber, &certificates.Certs)
 	if !found {
 		return pkitypes.NewErrCertificateBySerialNumberDoesNotExist(
 			certificates.Subject, certificates.SubjectKeyId, serialNumber,
 		)
 	}
 
-	revNocCerts := types.RevokedNocRootCertificates{
+	k.AddRevokedNocRootCertificates(ctx, types.RevokedNocRootCertificates{
 		Subject:      certificates.Subject,
 		SubjectKeyId: certificates.SubjectKeyId,
 		Certs:        []*types.Certificate{cert},
-	}
-	k.AddRevokedNocRootCertificates(ctx, revNocCerts)
-
-	removeCertFromList(cert.Issuer, cert.SerialNumber, &certificates.Certs)
-
-	certID := types.CertificateIdentifier{
-		Subject:      cert.Subject,
-		SubjectKeyId: cert.SubjectKeyId,
-	}
+	})
 
-	if len(certificates.Certs) == 0 {
-		// Remove certificate from global list
-		k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
-		// Remove certificate from noc list
-		k.RemoveCertificateFromNocCertificateIndexes(ctx, certID, vid, true)
-	} else {
-		k.RemoveAllCertificatesBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, serialNumber)
-		k.RemoveNocCertificatesBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, serialNumber)
-		k.RemoveNocRootCertificateBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, vid, serialNumber)
-		k.RemoveNocCertificatesByVidAndSkidBySerialNumber(ctx, vid, cert.Subject, cert.SubjectKeyId, serialNumber)
-		k.RemoveNocCertificatesBySubjectKeyIDBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, serialNumber)
-	}
+	k.RemoveNocCertBySerialNumber(
+		ctx,
+		cert.Subject,
+		cert.SubjectKeyId,
+		&certificates,
+		vid,
+		serialNumber,
+		cert.Issuer,
+		true,
+	)
 
 	return nil
 }
 
-func (k msgServer) _revokeNocRootCertificates(ctx sdk.Context, certificates types.NocCertificates, vid int32) {
+func (k msgServer) revokeNocRootCertificate(ctx sdk.Context, certificates types.NocCertificates, vid int32) {
 	// Add certs into revoked lists
 	k.AddRevokedNocRootCertificates(ctx, types.RevokedNocRootCertificates{
 		Subject:      certificates.Subject,
 		SubjectKeyId: certificates.SubjectKeyId,
 		Certs:        certificates.Certs,
 	})
-
-	certID := types.CertificateIdentifier{
-		Subject:      certificates.Subject,
-		SubjectKeyId: certificates.SubjectKeyId,
-	}
-	// Remove certificate from global list
-	k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
 	// Remove certificate from noc list
-	k.RemoveCertificateFromNocCertificateIndexes(ctx, certID, vid, true)
+	k.RemoveNocCertificate(ctx, certificates.Subject, certificates.SubjectKeyId, vid, true)
 }

x/pki/keeper/msg_server_revoke_x_509_cert.go

@@ -41,14 +41,12 @@ func (k msgServer) RevokeX509Cert(goCtx context.Context, msg *types.MsgRevokeX50
 	}
 
 	if msg.SerialNumber != "" {
-		certBySerialNumber, found := findCertificate(msg.SerialNumber, &certificates.Certs)
-		if !found {
-			return nil, pkitypes.NewErrCertificateBySerialNumberDoesNotExist(msg.Subject, msg.SubjectKeyId, msg.SerialNumber)
+		err = k.revokeDaCertificateBySerialNumber(ctx, msg.SerialNumber, certificates)
+		if err != nil {
+			return nil, err
 		}
-
-		k._revokeX509Certificate(ctx, certBySerialNumber, certIdentifier, certificates)
 	} else {
-		k._revokeX509Certificates(ctx, certIdentifier, certificates)
+		k.revokeDaCertificate(ctx, certIdentifier, certificates)
 	}
 
 	if msg.RevokeChild {
@@ -59,40 +57,47 @@ func (k msgServer) RevokeX509Cert(goCtx context.Context, msg *types.MsgRevokeX50
 	return &types.MsgRevokeX509CertResponse{}, nil
 }
 
-func (k msgServer) _revokeX509Certificates(ctx sdk.Context, certID types.CertificateIdentifier, certificates types.ApprovedCertificates) {
+func (k msgServer) revokeDaCertificate(ctx sdk.Context, certID types.CertificateIdentifier, certificates types.ApprovedCertificates) {
 	// Revoke certificates with given subject/subjectKeyID
 	k.AddRevokedCertificates(ctx, types.RevokedCertificates(certificates))
-
-	// Remove certificate from global list
-	k.RemoveCertificateFromAllCertificateIndexes(ctx, certID)
-
 	// Remove certificate from da list
-	k.RemoveCertificateFromDaCertificateIndexes(ctx, certID, false)
-
+	k.RemoveDaCertificate(ctx, certID.Subject, certID.SubjectKeyId, false)
 	// Remove certificate identifier from issuer's ChildCertificates record
 	k.RemoveChildCertificate(ctx, certificates.Certs[0].Issuer, certificates.Certs[0].AuthorityKeyId, certID)
 }
 
-func (k msgServer) _revokeX509Certificate(ctx sdk.Context, cert *types.Certificate, certID types.CertificateIdentifier, certificates types.ApprovedCertificates) {
-	revCerts := types.RevokedCertificates{
+func (k msgServer) revokeDaCertificateBySerialNumber(
+	ctx sdk.Context,
+	serialNumber string,
+	certificates types.ApprovedCertificates,
+) error {
+	cert, found := FindCertificateInList(serialNumber, &certificates.Certs)
+	if !found {
+		return pkitypes.NewErrCertificateBySerialNumberDoesNotExist(certificates.Subject, certificates.SubjectKeyId, serialNumber)
+	}
+
+	k.AddRevokedCertificates(ctx, types.RevokedCertificates{
 		Subject:       cert.Subject,
 		SubjectKeyId:  cert.SubjectKeyId,
 		Certs:         []*types.Certificate{cert},
 		SchemaVersion: cert.SchemaVersion,
-	}
-	k.AddRevokedCertificates(ctx, revCerts)
+	})
+
+	k.RemoveDaCertificateBySerialNumber(
+		ctx,
+		certificates.Subject,
+		certificates.SubjectKeyId,
+		&certificates,
+		cert.SerialNumber,
+		cert.Issuer,
+	)
 
-	removeCertFromList(cert.Issuer, cert.SerialNumber, &certificates.Certs)
 	if len(certificates.Certs) == 0 {
-		k.RemoveAllCertificates(ctx, cert.Subject, cert.SubjectKeyId)
-		k.RemoveAllCertificateBySubject(ctx, cert.Subject, cert.SubjectKeyId)
-		k.RemoveApprovedCertificates(ctx, cert.Subject, cert.SubjectKeyId)
-		k.RemoveApprovedCertificateBySubject(ctx, cert.Subject, cert.SubjectKeyId)
-		k.RemoveApprovedCertificatesBySubjectKeyID(ctx, cert.Subject, cert.SubjectKeyId)
-		k.RemoveChildCertificate(ctx, cert.Issuer, cert.AuthorityKeyId, certID)
-	} else {
-		k.RemoveAllCertificatesBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, cert.SerialNumber)
-		k.RemoveApprovedCertificatesBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, cert.SerialNumber)
-		k.RemoveApprovedCertificatesBySubjectKeyIDBySerialNumber(ctx, cert.Subject, cert.SubjectKeyId, cert.SerialNumber)
+		k.RemoveChildCertificate(ctx, cert.Issuer, cert.AuthorityKeyId, types.CertificateIdentifier{
+			Subject:      certificates.Subject,
+			SubjectKeyId: certificates.SubjectKeyId,
+		})
 	}
+
+	return nil
 }

x/pki/keeper/noc_certificates_by_vid_and_skid.go

@@ -120,7 +120,7 @@ func (k Keeper) _filterAndSetNocCertificateByVidAndSkid(
 	predicate CertificatePredicate,
 ) {
 	nocCertificates, _ := k.GetNocCertificatesByVidAndSkid(ctx, vid, subjectKeyID)
-	filteredCertificates := filterCertificates(&nocCertificates.Certs, predicate)
+	filteredCertificates := FilterCertificateList(&nocCertificates.Certs, predicate)
 
 	if len(filteredCertificates) > 0 {
 		nocCertificates.Certs = filteredCertificates

x/pki/keeper/revoked_certificates.go

@@ -96,9 +96,13 @@ func (k Keeper) AddRevokedCertificates(ctx sdk.Context, approvedCertificates typ
 	), b)
 }
 
-func (k msgServer) removeOrUpdateRevokedX509Cert(ctx sdk.Context, certID types.CertificateIdentifier, certificates *types.RevokedCertificates) {
+func (k msgServer) removeOrUpdateRevokedX509Cert(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+	certificates *types.RevokedCertificates) {
 	if len(certificates.Certs) == 0 {
-		k.RemoveRevokedCertificates(ctx, certID.Subject, certID.SubjectKeyId)
+		k.RemoveRevokedCertificates(ctx, subject, subjectKeyID)
 	} else {
 		k.SetRevokedCertificates(
 			ctx,

x/pki/keeper/unique_certificate.go

@@ -5,6 +5,7 @@ import (
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki"
 	"github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types"
+	"github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/x509"
 )
 
 // SetUniqueCertificate set a specific uniqueCertificate in the store from its index.
@@ -17,6 +18,16 @@ func (k Keeper) SetUniqueCertificate(ctx sdk.Context, uniqueCertificate types.Un
 	), b)
 }
 
+// SetUniqueX509Certificate set a specific x509 certificate in the store from its index.
+func (k Keeper) SetUniqueX509Certificate(ctx sdk.Context, x509Certificate *x509.Certificate) {
+	uniqueCertificate := types.UniqueCertificate{
+		Issuer:       x509Certificate.Issuer,
+		SerialNumber: x509Certificate.SerialNumber,
+		Present:      true,
+	}
+	k.SetUniqueCertificate(ctx, uniqueCertificate)
+}
+
 // GetUniqueCertificate returns a uniqueCertificate from its index.
 func (k Keeper) GetUniqueCertificate(
 	ctx sdk.Context,