Error messages improvements

Abdulbois · Abdulbois · commit 0753e5f21098 · 2024-05-02T14:44:46.000+05:00
Signed-off-by: Abdulbois &lt;abdulbois.tursunov@dsr-corporation.com&gt;
Signed-off-by: Abdulbois &lt;abdulbois123@gmail.com&gt;
diff --git a/types/pki/errors.go b/types/pki/errors.go
@@ -75,7 +75,7 @@ func NewErrProposedCertificateDoesNotExist(subject string, subjectKeyID string)
 	return errors.Wrapf(ErrProposedCertificateDoesNotExist,
 		"No proposed X509 root certificate associated "+
 			"with the combination of subject=%v and subjectKeyID=%v on the ledger. "+
-			"The cerificate either does not exists or already approved.",
+			"The certificate either does not exists, already approved or rejected",
 		subject, subjectKeyID)
 }
 
@@ -115,11 +115,15 @@ func NewErrProposedCertificateRevocationAlreadyExists(subject string, subjectKey
 		subject, subjectKeyID)
 }
 
-func NewErrProposedCertificateRevocationDoesNotExist(subject string, subjectKeyID string) error {
+func NewErrProposedCertificateRevocationDoesNotExist(subject string, subjectKeyID string, serialNumber string) error {
+	if serialNumber != "" {
+		serialNumber = " and serialNumber=" + serialNumber
+	}
+
 	return errors.Wrapf(ErrProposedCertificateRevocationDoesNotExist,
 		"No proposed X509 root certificate revocation associated "+
-			"with the combination of subject=%v and subjectKeyID=%v on the ledger.",
-		subject, subjectKeyID)
+			"with the combination of subject=%v, subjectKeyID=%v%v on the ledger.",
+		subject, subjectKeyID, serialNumber)
 }
 
 func NewErrRevokedCertificateDoesNotExist(subject string, subjectKeyID string) error {
@@ -235,6 +239,20 @@ func NewErrRootCertVidNotEqualToAccountVid(rootVID int32, accountVID int32) erro
 		rootVID, accountVID)
 }
 
+func NewErrRevokeRootCertVidNotEqualToAccountVid(rootVID int32, accountVID int32) error {
+	return errors.Wrapf(ErrCertVidNotEqualAccountVid,
+		"Only a Vendor associated with VID of root certificate can revoke certificate: "+
+			"Root certificate's VID = %v, Account VID = %v",
+		rootVID, accountVID)
+}
+
+func NewErrRevokeCertVidNotEqualToAccountVid(rootVID int32, accountVID int32) error {
+	return errors.Wrapf(ErrCertVidNotEqualAccountVid,
+		"Only a Vendor associated with VID of certificate can revoke certificate: "+
+			"Certificate's VID = %v, Account VID = %v",
+		rootVID, accountVID)
+}
+
 func NewErrCRLSignerCertificateInvalidFormat(description string) error {
 	return errors.Wrapf(
 		ErrCRLSignerCertificateInvalidFormat, "Invalid CRL Signer Certificate format: %v",
diff --git a/x/pki/handler_add_noc_cert_test.go b/x/pki/handler_add_noc_cert_test.go
@@ -224,7 +224,7 @@ func TestHandler_AddXNoc509Cert_WhenNocRootCertIsAbsent(t *testing.T) {
 	addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion, testconstants.SchemaVersion)
 	_, err := setup.Handler(setup.Ctx, addNocX509Cert)
 
-	require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate)
+	require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist)
 }
 
 func TestHandler_AddNocX509Cert_CertificateExist(t *testing.T) {
diff --git a/x/pki/handler_add_non_root_cert_test.go b/x/pki/handler_add_non_root_cert_test.go
@@ -235,7 +235,7 @@ func TestHandler_AddX509Cert_ForAbsentDirectParentCert(t *testing.T) {
 	// add intermediate x509 certificate
 	addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion, testconstants.SchemaVersion)
 	_, err := setup.Handler(setup.Ctx, addX509Cert)
-	require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate)
+	require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist)
 }
 
 func TestHandler_AddX509Cert_ForFailedCertificateVerification(t *testing.T) {
diff --git a/x/pki/keeper/approved_certificates.go b/x/pki/keeper/approved_certificates.go
@@ -129,9 +129,7 @@ func (k Keeper) verifyCertificate(ctx sdk.Context,
 	} else {
 		parentCertificates, found := k.GetApprovedCertificates(ctx, x509Certificate.Issuer, x509Certificate.AuthorityKeyID)
 		if !found {
-			return nil, pkitypes.NewErrInvalidCertificate(
-				fmt.Sprintf("Certificate verification failed for certificate with subject=%v and subjectKeyID=%v",
-					x509Certificate.Subject, x509Certificate.SubjectKeyID))
+			return nil, pkitypes.NewErrRootCertificateDoesNotExist(x509Certificate.Issuer, x509Certificate.AuthorityKeyID)
 		}
 
 		for _, cert := range parentCertificates.Certs {
diff --git a/x/pki/keeper/msg_server_add_noc_x_509_ica_cert.go b/x/pki/keeper/msg_server_add_noc_x_509_ica_cert.go
@@ -82,7 +82,7 @@ func (k msgServer) AddNocX509IcaCert(goCtx context.Context, msg *types.MsgAddNoc
 	}
 	// Check VID scoping
 	if nocRootCert.Vid != accountVid {
-		return nil, pkitypes.NewErrRootCertVidNotEqualToAccountVid(accountVid, nocRootCert.Vid)
+		return nil, pkitypes.NewErrRootCertVidNotEqualToAccountVid(nocRootCert.Vid, accountVid)
 	}
 
 	// create new certificate
diff --git a/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go b/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go
@@ -29,7 +29,7 @@ func (k msgServer) ApproveRevokeX509RootCert(goCtx context.Context, msg *types.M
 	// get proposed certificate revocation
 	revocation, found := k.GetProposedCertificateRevocation(ctx, msg.Subject, msg.SubjectKeyId, msg.SerialNumber)
 	if !found {
-		return nil, pkitypes.NewErrProposedCertificateRevocationDoesNotExist(msg.Subject, msg.SubjectKeyId)
+		return nil, pkitypes.NewErrProposedCertificateRevocationDoesNotExist(msg.Subject, msg.SubjectKeyId, msg.SerialNumber)
 	}
 
 	// check if proposed certificate revocation already has approval form signer
diff --git a/x/pki/keeper/msg_server_revoke_noc_x_509_ica_cert.go b/x/pki/keeper/msg_server_revoke_noc_x_509_ica_cert.go
@@ -40,7 +40,7 @@ func (k msgServer) RevokeNocX509IcaCert(goCtx context.Context, msg *types.MsgRev
 	signerVid := signerAccount.VendorID
 	// signer VID must be same as VID of existing certificates
 	if signerVid != cert.Vid {
-		return nil, pkitypes.NewErrRootCertVidNotEqualToAccountVid(cert.Vid, signerVid)
+		return nil, pkitypes.NewErrRevokeCertVidNotEqualToAccountVid(cert.Vid, signerVid)
 	}
 
 	if msg.SerialNumber != "" {
diff --git a/x/pki/keeper/msg_server_revoke_noc_x_509_root_cert.go b/x/pki/keeper/msg_server_revoke_noc_x_509_root_cert.go
@@ -41,7 +41,7 @@ func (k msgServer) RevokeNocX509RootCert(goCtx context.Context, msg *types.MsgRe
 	signerVid := signerAccount.VendorID
 	// signer VID must be same as VID of existing certificates
 	if signerVid != cert.Vid {
-		return nil, pkitypes.NewErrRootCertVidNotEqualToAccountVid(cert.Vid, signerVid)
+		return nil, pkitypes.NewErrRevokeRootCertVidNotEqualToAccountVid(cert.Vid, signerVid)
 	}
 
 	if msg.SerialNumber != "" {

Original file line number	Diff line number	Diff line change
`@@ -224,7 +224,7 @@ func TestHandler_AddXNoc509Cert_WhenNocRootCertIsAbsent(t *testing.T) {`
`224`	`224`	`addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion, testconstants.SchemaVersion)`
`225`	`225`	`_, err := setup.Handler(setup.Ctx, addNocX509Cert)`
`226`	`226`
`227`		`- require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate)`
	`227`	`+ require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist)`
`228`	`228`	`}`
`229`	`229`
`230`	`230`	`func TestHandler_AddNocX509Cert_CertificateExist(t *testing.T) {`
Original file line number	Diff line number	Diff line change
`@@ -235,7 +235,7 @@ func TestHandler_AddX509Cert_ForAbsentDirectParentCert(t *testing.T) {`
`235`	`235`	`// add intermediate x509 certificate`
`236`	`236`	`addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion, testconstants.SchemaVersion)`
`237`	`237`	`_, err := setup.Handler(setup.Ctx, addX509Cert)`
`238`		`- require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate)`
	`238`	`+ require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist)`
`239`	`239`	`}`
`240`	`240`
`241`	`241`	`func TestHandler_AddX509Cert_ForFailedCertificateVerification(t *testing.T) {`
Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,7 @@ func (k msgServer) AddNocX509IcaCert(goCtx context.Context, msg *types.MsgAddNoc`
`82`	`82`	`}`
`83`	`83`	`// Check VID scoping`
`84`	`84`	`if nocRootCert.Vid != accountVid {`
`85`		`- return nil, pkitypes.NewErrRootCertVidNotEqualToAccountVid(accountVid, nocRootCert.Vid)`
	`85`	`+ return nil, pkitypes.NewErrRootCertVidNotEqualToAccountVid(nocRootCert.Vid, accountVid)`
`86`	`86`	`}`
`87`	`87`
`88`	`88`	`// create new certificate`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func (k msgServer) ApproveRevokeX509RootCert(goCtx context.Context, msg *types.M`
`29`	`29`	`// get proposed certificate revocation`
`30`	`30`	`revocation, found := k.GetProposedCertificateRevocation(ctx, msg.Subject, msg.SubjectKeyId, msg.SerialNumber)`
`31`	`31`	`if !found {`
`32`		`- return nil, pkitypes.NewErrProposedCertificateRevocationDoesNotExist(msg.Subject, msg.SubjectKeyId)`
	`32`	`+ return nil, pkitypes.NewErrProposedCertificateRevocationDoesNotExist(msg.Subject, msg.SubjectKeyId, msg.SerialNumber)`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`// check if proposed certificate revocation already has approval form signer`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ func (k msgServer) RevokeNocX509IcaCert(goCtx context.Context, msg *types.MsgRev`
`40`	`40`	`signerVid := signerAccount.VendorID`
`41`	`41`	`// signer VID must be same as VID of existing certificates`
`42`	`42`	`if signerVid != cert.Vid {`
`43`		`- return nil, pkitypes.NewErrRootCertVidNotEqualToAccountVid(cert.Vid, signerVid)`
	`43`	`+ return nil, pkitypes.NewErrRevokeCertVidNotEqualToAccountVid(cert.Vid, signerVid)`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`if msg.SerialNumber != "" {`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ func (k msgServer) RevokeNocX509RootCert(goCtx context.Context, msg *types.MsgRe`
`41`	`41`	`signerVid := signerAccount.VendorID`
`42`	`42`	`// signer VID must be same as VID of existing certificates`
`43`	`43`	`if signerVid != cert.Vid {`
`44`		`- return nil, pkitypes.NewErrRootCertVidNotEqualToAccountVid(cert.Vid, signerVid)`
	`44`	`+ return nil, pkitypes.NewErrRevokeRootCertVidNotEqualToAccountVid(cert.Vid, signerVid)`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`if msg.SerialNumber != "" {`