#535 Add new txn to remove non-root certificates

Fix linter error

Signed-off-by: Abdulbois <abdulbois.tursunov@dsr-corporation.com>
Signed-off-by: Abdulbois <abdulbois123@gmail.com>

Author: Abdulbois

integration_tests/cli/pki-remove-x509-certificates.sh

@@ -112,7 +112,7 @@ response_does_not_contain "$result" "\"serialNumber\": \"$intermediate_cert_1_se
 echo "Request all revoked certificates should be empty"
 result=$(dcld query pki all-revoked-x509-certs)
 echo $result | jq
-check_response "$result" "Not Found"
+check_response "$result" "\[\]"
 response_does_not_contain "$result" "\"subject\": \"$intermediate_cert_subject\""
 response_does_not_contain "$result" "\"subjectKeyId\": \"$intermediate_cert_subject_key_id\""
 response_does_not_contain "$result" "\"serialNumber\": \"$intermediate_cert_1_serial_number\""

integration_tests/grpc_rest/pki/helpers.go

@@ -1789,36 +1789,6 @@ func Demo(suite *utils.TestSuite) {
 	require.Equal(suite.T, 1, len(certs.Certs))
 	require.Equal(suite.T, testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, certs.Certs[0].SerialNumber)
 
-	// Revoke Root certificate with serialNumber 2
-	msgProposeRevokeX509RootCert = pkitypes.MsgProposeRevokeX509RootCert{
-		Subject:      testconstants.RootCertWithSameSubjectAndSKIDSubject,
-		SubjectKeyId: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID,
-		SerialNumber: testconstants.RootCertWithSameSubjectAndSKID2SerialNumber,
-		Signer:       jackAccount.Address,
-	}
-	_, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgProposeRevokeX509RootCert}, jackName, jackAccount)
-	require.NoError(suite.T, err)
-
-	msgApproveRevokeX509RootCert = pkitypes.MsgApproveRevokeX509RootCert{
-		Subject:      testconstants.RootCertWithSameSubjectAndSKIDSubject,
-		SubjectKeyId: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID,
-		SerialNumber: testconstants.RootCertWithSameSubjectAndSKID2SerialNumber,
-		Signer:       aliceAccount.Address,
-	}
-	_, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgApproveRevokeX509RootCert}, aliceName, aliceAccount)
-	require.NoError(suite.T, err)
-
-	// Request revoked Root certificate with serialNumber 2
-	revokedCertificate, _ = GetRevokedX509Cert(suite, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID)
-	require.Equal(suite.T, 2, len(revokedCertificate.Certs))
-	require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKIDSubject, revokedCertificate.Subject)
-	require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, revokedCertificate.SubjectKeyId)
-	require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, revokedCertificate.Certs[1].SerialNumber)
-	require.True(suite.T, revokedCertificate.Certs[1].IsRoot)
-
-	_, err = GetX509Cert(suite, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID)
-	suite.AssertNotFound(err)
-
 	// Remove x509 certificate with invalid serialNumber
 	msgRemoveX509Cert := pkitypes.MsgRemoveX509Cert{
 		Subject:      testconstants.IntermediateCertWithSameSubjectAndSKIDSubject,
@@ -1837,7 +1807,7 @@ func Demo(suite *utils.TestSuite) {
 	}
 	_, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgRemoveX509Cert}, aliceName, aliceAccount)
 	require.NoError(suite.T, err)
-	// Check that it's removed from revoked list
+	// Check that two intermediate certificates removed
 	_, err = GetRevokedX509Cert(suite, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID)
 	suite.AssertNotFound(err)
 	_, err = GetX509Cert(suite, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID)
@@ -1896,7 +1866,7 @@ func Demo(suite *utils.TestSuite) {
 
 	_, err = GetX509Cert(suite, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID)
 	suite.AssertNotFound(err)
-	certs, _ = GetX509Cert(suite, testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber)
+	certs, _ = GetX509Cert(suite, testconstants.LeafCertWithSameSubjectAndSKIDSubject, testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID)
 	require.Equal(suite.T, 1, len(certs.Certs))
 	require.Equal(suite.T, testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, certs.Certs[0].SerialNumber)
 
@@ -1909,6 +1879,36 @@ func Demo(suite *utils.TestSuite) {
 	_, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgRemoveX509Cert}, aliceName, aliceAccount)
 	require.NoError(suite.T, err)
 
-	_, err = GetX509Cert(suite, testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber)
+	_, err = GetX509Cert(suite, testconstants.LeafCertWithSameSubjectAndSKIDSubject, testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID)
+	suite.AssertNotFound(err)
+
+	// Revoke Root certificate with serialNumber 2
+	msgProposeRevokeX509RootCert = pkitypes.MsgProposeRevokeX509RootCert{
+		Subject:      testconstants.RootCertWithSameSubjectAndSKIDSubject,
+		SubjectKeyId: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID,
+		SerialNumber: testconstants.RootCertWithSameSubjectAndSKID2SerialNumber,
+		Signer:       jackAccount.Address,
+	}
+	_, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgProposeRevokeX509RootCert}, jackName, jackAccount)
+	require.NoError(suite.T, err)
+
+	msgApproveRevokeX509RootCert = pkitypes.MsgApproveRevokeX509RootCert{
+		Subject:      testconstants.RootCertWithSameSubjectAndSKIDSubject,
+		SubjectKeyId: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID,
+		SerialNumber: testconstants.RootCertWithSameSubjectAndSKID2SerialNumber,
+		Signer:       aliceAccount.Address,
+	}
+	_, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgApproveRevokeX509RootCert}, aliceName, aliceAccount)
+	require.NoError(suite.T, err)
+
+	// Request revoked Root certificate with serialNumber 2
+	revokedCertificate, _ = GetRevokedX509Cert(suite, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID)
+	require.Equal(suite.T, 2, len(revokedCertificate.Certs))
+	require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKIDSubject, revokedCertificate.Subject)
+	require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, revokedCertificate.SubjectKeyId)
+	require.Equal(suite.T, testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, revokedCertificate.Certs[1].SerialNumber)
+	require.True(suite.T, revokedCertificate.Certs[1].IsRoot)
+
+	_, err = GetX509Cert(suite, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID)
 	suite.AssertNotFound(err)
 }

x/pki/handler_test.go

@@ -1723,6 +1723,12 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID(t *testing.T) {
 	require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs))
 	_, err = queryApprovedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID)
 	require.Equal(t, codes.NotFound, status.Code(err))
+	// check that unique certificates does not exists
+	found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber)
+	require.Equal(t, false, found)
+	found = setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber)
+	require.Equal(t, false, found)
+
 	leafCerts, _ := queryApprovedCertificates(setup, testconstants.LeafCertWithSameSubjectAndSKIDSubject, testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID)
 	require.Equal(t, 1, len(leafCerts.Certs))
 	require.Equal(t, testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, leafCerts.Certs[0].SerialNumber)
@@ -1796,6 +1802,12 @@ func TestHandler_RemoveX509Cert_BySerialNumber(t *testing.T) {
 	_, err = queryApprovedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID)
 	require.Equal(t, codes.NotFound, status.Code(err))
 
+	// check that unique certificates does not exists
+	found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber)
+	require.Equal(t, false, found)
+	found = setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber)
+	require.Equal(t, false, found)
+
 	leafCerts, _ = queryApprovedCertificates(setup, testconstants.LeafCertWithSameSubjectAndSKIDSubject, testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID)
 	require.Equal(t, 1, len(leafCerts.Certs))
 }
@@ -1862,6 +1874,12 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) {
 	require.Equal(t, codes.NotFound, status.Code(err))
 	_, err = queryRevokedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID)
 	require.Equal(t, codes.NotFound, status.Code(err))
+
+	// check that unique certificates does not exists
+	found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber)
+	require.Equal(t, false, found)
+	found = setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber)
+	require.Equal(t, false, found)
 }
 
 func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) {
@@ -1923,6 +1941,10 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) {
 	require.Equal(t, codes.NotFound, status.Code(err))
 	_, err = queryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID)
 	require.Equal(t, codes.NotFound, status.Code(err))
+
+	// check that unique certificate does not exists
+	found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.IntermediateIssuer, testconstants.IntermediateSerialNumber)
+	require.Equal(t, false, found)
 }
 
 func TestHandler_RemoveX509Cert_CertificateDoesNotExist(t *testing.T) {

x/pki/keeper/msg_server_remove_x_509_cert.go

@@ -14,7 +14,7 @@ func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX50
 
 	aprCerts, foundApproved := k.GetApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId)
 	revCerts, foundRevoked := k.GetRevokedCertificates(ctx, msg.Subject, msg.SubjectKeyId)
-	certificates := append(aprCerts.Certs, revCerts.Certs...)
+	certificates := append(aprCerts.Certs, revCerts.Certs...) //nolint:gocritic
 	if len(certificates) == 0 {
 		return nil, pkitypes.NewErrCertificateDoesNotExist(msg.Subject, msg.SubjectKeyId)
 	}