Skip to content

Commit 16db1df

Browse files
ArtemkaaasArtemkaaas
committed
PKI API Compatibility Fixes
1 parent 5a379a7 commit 16db1df

File tree

93 files changed

+14520
-4652
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

93 files changed

+14520
-4652
lines changed

docs/transactions.md

+223-99
Large diffs are not rendered by default.

integration_tests/cli/pki-combine-certs.sh

+361
Large diffs are not rendered by default.

integration_tests/cli/pki-noc-certs.sh

+36-29
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@ echo $result | jq
116116
test_divider
117117

118118
echo "Request approved certificate must be empty"
119-
result=$(dcld query pki x509-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id")
119+
result=$(dcld query pki noc-x509-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id")
120120
check_response "$result" "Not Found"
121121
response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\""
122122
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
@@ -127,7 +127,7 @@ echo $result | jq
127127
test_divider
128128

129129
echo "Request all certificates by subject must be empty"
130-
result=$(dcld query pki all-subject-x509-certs --subject="$noc_root_cert_1_subject")
130+
result=$(dcld query pki all-noc-subject-x509-certs --subject="$noc_root_cert_1_subject")
131131
check_response "$result" "Not Found"
132132
response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\""
133133
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
@@ -136,7 +136,7 @@ echo $result | jq
136136
test_divider
137137

138138
echo "Request all certificates by subjectKeyId must be empty"
139-
result=$(dcld query pki x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id")
139+
result=$(dcld query pki noc-x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id")
140140
check_response "$result" "Not Found"
141141
response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\""
142142
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
@@ -235,8 +235,17 @@ check_response "$result" "\"vid\": $vid_2"
235235

236236
test_divider
237237

238-
echo "Request NOC root certificate by Subject and SubjectKeyID"
239-
result=$(dcld query pki x509-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id")
238+
echo "Request NOC root certificate by Subject and SubjectKeyID (using noc-x509-cert command)"
239+
result=$(dcld query pki noc-x509-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id")
240+
echo $result | jq
241+
check_response "$result" "\"subject\": \"$noc_root_cert_1_subject\""
242+
check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
243+
check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\""
244+
check_response "$result" "\"subjectAsText\": \"$noc_root_cert_1_subject_as_text\""
245+
check_response "$result" "\"approvals\": \\[\\]"
246+
247+
echo "Request NOC root certificate by Subject and SubjectKeyID (using cert command)"
248+
result=$(dcld query pki cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id")
240249
echo $result | jq
241250
check_response "$result" "\"subject\": \"$noc_root_cert_1_subject\""
242251
check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
@@ -246,16 +255,16 @@ check_response "$result" "\"approvals\": \\[\\]"
246255

247256
test_divider
248257

249-
echo "Request NOC root certificate by Subject"
250-
result=$(dcld query pki all-subject-x509-certs --subject="$noc_root_cert_1_subject")
258+
echo "Request NOC root certificate by Subject "
259+
result=$(dcld query pki all-noc-subject-x509-certs --subject="$noc_root_cert_1_subject")
251260
echo $result | jq
252261
check_response "$result" "\"$noc_root_cert_1_subject\""
253262
check_response "$result" "\"$noc_root_cert_1_subject_key_id\""
254263

255264
test_divider
256265

257266
echo "Request NOC root certificate by SubjectKeyID"
258-
result=$(dcld query pki x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id")
267+
result=$(dcld query pki noc-x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id")
259268
echo $result | jq
260269
check_response "$result" "\"subject\": \"$noc_root_cert_1_subject\""
261270
check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
@@ -315,9 +324,18 @@ check_response "$result" "\"schemaVersion\": $cert_schema_version_0"
315324
check_response "$result" "\"schemaVersion\": $cert_schema_version_0"
316325
check_response "$result" "\"schemaVersion\": $schema_version_0"
317326

318-
319-
echo "Request all approved certificates"
327+
echo "Request all approved certificates (Must be empty)"
320328
result=$(dcld query pki all-x509-certs)
329+
check_response "$result" "\[\]"
330+
response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\""
331+
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
332+
response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\""
333+
response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\""
334+
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\""
335+
response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\""
336+
337+
echo "Request all Noc certificates"
338+
result=$(dcld query pki all-noc-x509-certs)
321339
check_response "$result" "\"subject\": \"$noc_root_cert_1_subject\""
322340
check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
323341
check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\""
@@ -367,17 +385,6 @@ result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$
367385
result=$(get_txn_result "$result")
368386
check_response "$result" "\"code\": 0"
369387

370-
echo "Request all revoked certificates should contain two root certificates only"
371-
result=$(dcld query pki all-revoked-x509-certs)
372-
echo $result | jq
373-
check_response "$result" "\"subject\": \"$noc_root_cert_1_subject"
374-
check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
375-
check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\""
376-
check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\""
377-
check_response "$result" "\"schemaVersion\": $schema_version_0"
378-
response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\""
379-
response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\""
380-
381388
echo "Request all revoked noc root certificates should contain two root certificates"
382389
result=$(dcld query pki all-revoked-noc-x509-root-certs)
383390
echo $result | jq
@@ -438,13 +445,13 @@ check_response "$result" "\"tq\": 1"
438445
echo $result | jq
439446

440447
echo "Request all certificates by subject must be empty"
441-
result=$(dcld query pki all-subject-x509-certs --subject="$noc_root_cert_1_subject")
448+
result=$(dcld query pki all-noc-subject-x509-certs --subject="$noc_root_cert_1_subject")
442449
response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\""
443450
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
444451
echo $result | jq
445452

446453
echo "Request all certificates by subjectKeyId must be empty"
447-
result=$(dcld query pki x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id")
454+
result=$(dcld query pki noc-x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id")
448455
check_response "$result" "Not Found"
449456
response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\""
450457
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
@@ -463,8 +470,8 @@ check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\""
463470
check_response "$result" "\"serialNumber\": \"$noc_cert_1_copy_serial_number\""
464471
check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\""
465472

466-
echo "Request all approved certificates should not contain revoked NOC root certificates"
467-
result=$(dcld query pki all-x509-certs)
473+
echo "Request all noc certificates should not contain revoked NOC root certificates"
474+
result=$(dcld query pki all-noc-x509-certs)
468475
check_response "$result" "\"subject\": \"$noc_cert_1_subject\""
469476
check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\""
470477
check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\""
@@ -493,7 +500,7 @@ result=$(get_txn_result "$result")
493500
check_response "$result" "\"code\": 0"
494501

495502
echo "Request all revoked certificates should not contain leaf certificate"
496-
result=$(dcld query pki all-revoked-x509-certs)
503+
result=$(dcld query pki all-revoked-noc-x509-ica-certs)
497504
echo $result | jq
498505
check_response "$result" "\"subject\": \"$noc_root_cert_1_subject"
499506
check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
@@ -514,13 +521,13 @@ response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key
514521
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\""
515522

516523
echo "Request all certificates by subject must be empty"
517-
result=$(dcld query pki all-subject-x509-certs --subject="$noc_cert_1_subject")
524+
result=$(dcld query pki all-noc-subject-x509-certs --subject="$noc_cert_1_subject")
518525
response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\""
519526
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\""
520527
echo $result | jq
521528

522529
echo "Request all certificates by subjectKeyId must be empty"
523-
result=$(dcld query pki x509-cert --subject-key-id="$noc_cert_1_subject_key_id")
530+
result=$(dcld query pki noc-x509-cert --subject-key-id="$noc_cert_1_subject_key_id")
524531
check_response "$result" "Not Found"
525532
response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\""
526533
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\""
@@ -548,7 +555,7 @@ check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\""
548555
check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\""
549556

550557
echo "Request all approved certificates should not contain revoked NOC certificates"
551-
result=$(dcld query pki all-x509-certs)
558+
result=$(dcld query pki all-noc-x509-certs)
552559
check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\""
553560
check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\""
554561
check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\""

integration_tests/cli/pki-noc-revocation-with-revoking-child.sh

+16-20
Original file line numberDiff line numberDiff line change
@@ -87,28 +87,24 @@ result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$
8787
result=$(get_txn_result "$result")
8888
check_response "$result" "\"code\": 0"
8989

90-
echo "Request all revoked certificates should contain two root, one intermediate and one leaf certificates"
91-
result=$(dcld query pki all-revoked-x509-certs)
90+
echo "Request all revoked NOC root certificates should contain two root certificates"
91+
result=$(dcld query pki all-revoked-noc-x509-root-certs)
9292
echo $result | jq
9393
check_response "$result" "\"subject\": \"$noc_root_cert_1_subject"
94+
check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
95+
check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\""
96+
check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\""
97+
98+
echo "Request all revoked NOC ica certificates should contain one intermediate and one leaf certificates"
99+
result=$(dcld query pki all-revoked-noc-x509-ica-certs)
100+
echo $result | jq
94101
check_response "$result" "\"subject\": \"$noc_cert_1_subject\""
95102
check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\""
96-
check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
97103
check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\""
98104
check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\""
99-
check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\""
100-
check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\""
101105
check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\""
102106
check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\""
103107

104-
echo "Request all revoked NOC root certificates should contain two root certificates"
105-
result=$(dcld query pki all-revoked-noc-x509-root-certs)
106-
echo $result | jq
107-
check_response "$result" "\"subject\": \"$noc_root_cert_1_subject"
108-
check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
109-
check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\""
110-
check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\""
111-
112108
echo "Request revoked NOC root certificate by subject and subjectKeyId should contain two root certificates"
113109
result=$(dcld query pki revoked-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id")
114110
echo $result | jq
@@ -135,14 +131,14 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_s
135131
echo $result | jq
136132

137133
echo "Request all certificates by NOC root certificate's subject should be empty"
138-
result=$(dcld query pki all-subject-x509-certs --subject="$noc_root_cert_1_subject")
134+
result=$(dcld query pki all-noc-subject-x509-certs --subject="$noc_root_cert_1_subject")
139135
check_response "$result" "Not Found"
140136
response_does_not_contain "$result" "\"$noc_root_cert_1_subject\""
141137
response_does_not_contain "$result" "\"$noc_root_cert_1_subject_key_id\""
142138
echo $result | jq
143139

144140
echo "Request all certificates by NOC root certificate's subjectKeyId should be empty"
145-
result=$(dcld query pki x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id")
141+
result=$(dcld query pki noc-x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id")
146142
check_response "$result" "Not Found"
147143
response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\""
148144
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\""
@@ -228,7 +224,7 @@ result=$(get_txn_result "$result")
228224
check_response "$result" "\"code\": 0"
229225

230226
echo "Request all revoked certificates should two intermediate and one leaf certificates"
231-
result=$(dcld query pki all-revoked-x509-certs)
227+
result=$(dcld query pki all-revoked-noc-x509-ica-certs)
232228
echo $result | jq
233229
check_response "$result" "\"subject\": \"$noc_cert_2_subject\""
234230
check_response "$result" "\"subject\": \"$noc_leaf_cert_2_subject\""
@@ -242,14 +238,14 @@ response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_2_subjec
242238
response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\""
243239

244240
echo "Request all certificates by NOC certificate's subject should be empty"
245-
result=$(dcld query pki all-subject-x509-certs --subject="$noc_cert_2_subject")
241+
result=$(dcld query pki all-noc-subject-x509-certs --subject="$noc_cert_2_subject")
246242
check_response "$result" "Not Found"
247243
response_does_not_contain "$result" "\"$noc_cert_1_subject\""
248244
response_does_not_contain "$result" "\"$noc_cert_1_subject_key_id\""
249245
echo $result | jq
250246

251247
echo "Request all certificates by NOC certificate's subjectKeyId should be empty"
252-
result=$(dcld query pki x509-cert --subject-key-id="$noc_cert_2_subject_key_id")
248+
result=$(dcld query pki noc-x509-cert --subject-key-id="$noc_cert_2_subject_key_id")
253249
check_response "$result" "Not Found"
254250
response_does_not_contain "$result" "\"subject\": \"$noc_cert_2_subject\""
255251
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\""
@@ -265,8 +261,8 @@ response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_2_subject\""
265261
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\""
266262
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_2_subject_key_id\""
267263

268-
echo "Request all approved certificates should not contain intermediate and leaf certificates"
269-
result=$(dcld query pki all-x509-certs)
264+
echo "Request all noc certificates should not contain intermediate and leaf certificates"
265+
result=$(dcld query pki all-noc-x509-certs)
270266
check_response "$result" "\"subject\": \"$noc_root_cert_2_subject\""
271267
check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_2_subject_key_id\""
272268
check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\""

0 commit comments

Comments
 (0)