Refactoring PKI unit tests

Author: Artemkaaas

x/pki/keeper/all_certificates_by_subject_key_id.go

@@ -8,7 +8,7 @@ import (
 	"github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types"
 )
 
-// SetAllCertificatesBySubjectKeyID set a specific AllCertificatesBySubjectKeyId in the store from its index.
+// SetAllCertificatesBySubjectKeyID set a specific AllCertificatesBySubjectKeyID in the store from its index.
 func (k Keeper) SetAllCertificatesBySubjectKeyID(ctx sdk.Context, allCertificatesBySubjectKeyID types.AllCertificatesBySubjectKeyId) {
 	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix))
 	b := k.cdc.MustMarshal(&allCertificatesBySubjectKeyID)
@@ -49,7 +49,7 @@ func (k Keeper) addAllCertificatesBySubjectKeyID(ctx sdk.Context, subjectKeyID s
 	k.SetAllCertificatesBySubjectKeyID(ctx, AllCertificates)
 }
 
-// GetAllCertificatesBySubjectKeyID returns a AllCertificatesBySubjectKeyId from its index.
+// GetAllCertificatesBySubjectKeyID returns a AllCertificatesBySubjectKeyID from its index.
 func (k Keeper) GetAllCertificatesBySubjectKeyID(
 	ctx sdk.Context,
 	subjectKeyID string,
@@ -69,7 +69,7 @@ func (k Keeper) GetAllCertificatesBySubjectKeyID(
 	return val, true
 }
 
-// RemoveAllCertificatesBySubjectKeyID removes a AllCertificatesBySubjectKeyId from the store.
+// RemoveAllCertificatesBySubjectKeyID removes a AllCertificatesBySubjectKeyID from the store.
 func (k Keeper) RemoveAllCertificatesBySubjectKeyID(
 	ctx sdk.Context,
 	subject string,
@@ -104,7 +104,7 @@ func (k Keeper) RemoveAllCertificatesBySubjectKeyIDBySerialNumber(ctx sdk.Contex
 	})
 }
 
-// GetAllAllCertificatesBySubjectKeyID returns all AllCertificatesBySubjectKeyId.
+// GetAllAllCertificatesBySubjectKeyID returns all AllCertificatesBySubjectKeyID.
 func (k Keeper) GetAllAllCertificatesBySubjectKeyID(ctx sdk.Context) (list []types.AllCertificatesBySubjectKeyId) {
 	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix))
 	iterator := sdk.KVStorePrefixIterator(store, []byte{})
@@ -145,15 +145,3 @@ func (k Keeper) _removeAllCertificatesFromSubjectKeyIDState(ctx sdk.Context, sub
 		k.SetAllCertificatesBySubjectKeyID(ctx, certs)
 	}
 }
-
-// IsCertificatesBySubjectKeyIdPresent Check if the Certificate By Subject Key ID is present in the store.
-func (k Keeper) IsCertificatesBySubjectKeyIdPresent(
-	ctx sdk.Context,
-	subjectKeyID string,
-) bool {
-	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix))
-
-	return store.Has(types.AllCertificatesBySubjectKeyIDKey(
-		subjectKeyID,
-	))
-}

x/pki/keeper/approved_certificates_by_subject_key_id.go

@@ -145,15 +145,3 @@ func (k Keeper) _removeApprovedCertificatesFromSubjectKeyIDState(ctx sdk.Context
 		k.SetApprovedCertificatesBySubjectKeyID(ctx, certs)
 	}
 }
-
-// IsApprovedCertificatesBySubjectKeyIdPresent Check if the Approved Certificate By Subject Key ID is present in the store.
-func (k Keeper) IsApprovedCertificatesBySubjectKeyIdPresent(
-	ctx sdk.Context,
-	subjectKeyID string,
-) bool {
-	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyIDKeyPrefix))
-
-	return store.Has(types.ApprovedCertificatesBySubjectKeyIDKey(
-		subjectKeyID,
-	))
-}

x/pki/tests/handler_add_noc_ica_cert_test.go

@@ -21,107 +21,88 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) {
 	accAddress := setup.CreateVendorAccount(testconstants.Vid)
 
 	// add NOC root certificate
-	utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1)
+	rootCertificate := utils.CreateTestNocRoot1Cert()
+	utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM)
 
 	// add NOC ICA certificate
 	icaCertificate := utils.CreateTestNocIca1Cert()
-	utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1)
+	utils.AddNocIntermediateCertificate(setup, accAddress, icaCertificate.PEM)
 
 	// Check indexes
-	indexes := []utils.TestIndex{
-		{Key: types.AllCertificatesKeyPrefix, Exist: true},
-		{Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true},
-		{Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true},
-		{Key: types.NocCertificatesKeyPrefix, Exist: true},
-		{Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true},
-		{Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true},
-		{Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true},
-		{Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // we create root certificate as well but ica should not get there
-		{Key: types.NocIcaCertificatesKeyPrefix, Exist: true},
-		{Key: types.UniqueCertificateKeyPrefix, Exist: true},
-		{Key: types.ChildCertificatesKeyPrefix, Exist: true},
-		{Key: types.ProposedCertificateKeyPrefix, Exist: false},
-		{Key: types.ApprovedCertificatesKeyPrefix, Exist: false},
-		{Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false},
-		{Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false},
-		{Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false},
+	indexes := utils.TestIndexes{
+		Present: []utils.TestIndex{
+			{Key: types.AllCertificatesKeyPrefix},
+			{Key: types.AllCertificatesBySubjectKeyPrefix},
+			{Key: types.AllCertificatesBySubjectKeyIDKeyPrefix},
+			{Key: types.NocCertificatesKeyPrefix},
+			{Key: types.NocCertificatesBySubjectKeyPrefix},
+			{Key: types.NocCertificatesBySubjectKeyIDKeyPrefix},
+			{Key: types.NocCertificatesByVidAndSkidKeyPrefix},
+			{Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there
+			{Key: types.NocIcaCertificatesKeyPrefix},
+			{Key: types.UniqueCertificateKeyPrefix},
+			{Key: types.ChildCertificatesKeyPrefix},
+		},
+		Missing: []utils.TestIndex{
+			{Key: types.ProposedCertificateKeyPrefix},
+			{Key: types.ApprovedCertificatesKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix},
+			{Key: types.ApprovedRootCertificatesKeyPrefix},
+		},
 	}
 	utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes)
 }
 
 // Extra cases
 
-func TestHandler_AddNocX509Cert_Renew(t *testing.T) {
+func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) {
 	setup := utils.Setup(t)
 
-	accAddress := utils.GenerateAccAddress()
-	vid := testconstants.Vid
-	setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid)
+	accAddress := setup.CreateVendorAccount(testconstants.Vid)
 
 	// add NOC root certificate
-	utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1)
+	rootCertificate := utils.CreateTestNocRoot1Cert()
+	utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM)
 
 	// Store the NOC certificate
-	newNocCertificate := types.NewNocCertificate(
-		testconstants.NocCert1,
-		testconstants.NocCert1Subject,
-		testconstants.NocCert1SubjectAsText,
-		testconstants.NocCert1SubjectKeyID,
-		testconstants.NocCert1SerialNumber,
-		testconstants.NocRootCert1Subject,
-		testconstants.NocRootCert1SubjectKeyID,
-		testconstants.NocRootCert1Subject,
-		testconstants.NocRootCert1SubjectKeyID,
-		accAddress.String(),
-		vid,
-		testconstants.SchemaVersion,
-	)
-	newNocCertificate.SerialNumber = testconstants.TestSerialNumber
-
-	setup.Keeper.AddAllCertificate(setup.Ctx, newNocCertificate)
-	setup.Keeper.AddNocCertificate(setup.Ctx, newNocCertificate)
-	setup.Keeper.AddNocCertificateBySubjectKeyID(setup.Ctx, newNocCertificate)
-	setup.Keeper.AddNocCertificateBySubject(setup.Ctx, newNocCertificate)
-	setup.Keeper.AddNocIcaCertificate(setup.Ctx, newNocCertificate)
-	uniqueCertificate := types.UniqueCertificate{
-		Issuer:       newNocCertificate.Issuer,
-		SerialNumber: newNocCertificate.SerialNumber,
-		Present:      true,
-	}
-	setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate)
+	icaCertificate := utils.CreateTestNocIca1Cert()
+	intermediateCertificate := utils.NocIntermediateCertificate(accAddress)
+	intermediateCertificate.SerialNumber = testconstants.TestSerialNumber
+	utils.AddMokedNocCertificate(setup, intermediateCertificate, false)
 
 	// add the new NOC certificate
-	addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion)
+	addNocX509Cert := types.NewMsgAddNocX509IcaCert(
+		accAddress.String(),
+		icaCertificate.PEM,
+		testconstants.CertSchemaVersion)
 	_, err := setup.Handler(setup.Ctx, addNocX509Cert)
 	require.NoError(t, err)
 
 	// query noc certificate by Subject and SKID
-	nocCertificates, err := utils.QueryNocCertificates(setup, newNocCertificate.Subject, newNocCertificate.SubjectKeyId)
-	require.NoError(t, err)
-	require.Equal(t, len(nocCertificates.Certs), 2)
-	require.Equal(t, &newNocCertificate, nocCertificates.Certs[0])
-
-	// query noc certificate by Subject
-	nocCertificatesBySubject, err := utils.QueryNocCertificatesBySubject(setup, newNocCertificate.Subject)
-	require.NoError(t, err)
-	require.Equal(t, 1, len(nocCertificatesBySubject.SubjectKeyIds))
-
-	// query noc certificate by SKID
-	nocCertificatesBySubjectKeyID, err := utils.QueryNocCertificatesBySubjectKeyID(setup, newNocCertificate.SubjectKeyId)
-	require.NoError(t, err)
-	require.Equal(t, 1, len(nocCertificatesBySubjectKeyID))
-	require.Equal(t, 2, len(nocCertificatesBySubjectKeyID[0].Certs))
-	require.Equal(t, testconstants.NocCert1Subject, nocCertificatesBySubjectKeyID[0].Certs[0].Subject)
-	require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCertificatesBySubjectKeyID[0].Certs[0].SubjectKeyId)
-	require.Equal(t, vid, nocCertificatesBySubjectKeyID[0].Certs[0].Vid)
-
-	// query noc certificate by VID
-	nocCertificatesByVid, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid)
-	require.NoError(t, err)
-	require.Equal(t, len(nocCertificatesByVid.Certs), 2)
-	require.Equal(t, testconstants.NocCert1Subject, nocCertificatesByVid.Certs[0].Subject)
-	require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCertificatesByVid.Certs[0].SubjectKeyId)
-	require.Equal(t, vid, nocCertificatesByVid.Certs[0].Vid)
+	indexes := utils.TestIndexes{
+		Present: []utils.TestIndex{
+			{Key: types.AllCertificatesKeyPrefix, Count: 2},
+			{Key: types.AllCertificatesBySubjectKeyPrefix},
+			{Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2},
+			{Key: types.NocCertificatesKeyPrefix, Count: 2},
+			{Key: types.NocCertificatesBySubjectKeyPrefix},
+			{Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2},
+			{Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 2},
+			{Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there
+			{Key: types.NocIcaCertificatesKeyPrefix, Count: 2},
+			{Key: types.UniqueCertificateKeyPrefix},
+			{Key: types.ChildCertificatesKeyPrefix},
+		},
+		Missing: []utils.TestIndex{
+			{Key: types.ProposedCertificateKeyPrefix},
+			{Key: types.ApprovedCertificatesKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix},
+			{Key: types.ApprovedRootCertificatesKeyPrefix},
+		},
+	}
+	utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes)
 }
 
 // Error cases

x/pki/tests/handler_add_noc_root_cert_test.go

@@ -21,96 +21,76 @@ func TestHandler_AddNocRootCert(t *testing.T) {
 
 	// add NOC root certificate
 	rootCertificate := utils.CreateTestNocRoot1Cert()
-	utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1)
+	utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM)
 
 	// Check indexes
-	indexes := []utils.TestIndex{
-		{Key: types.AllCertificatesKeyPrefix, Exist: true},
-		{Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true},
-		{Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true},
-		{Key: types.NocCertificatesKeyPrefix, Exist: true},
-		{Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true},
-		{Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true},
-		{Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true},
-		{Key: types.NocRootCertificatesKeyPrefix, Exist: true},
-		{Key: types.NocIcaCertificatesKeyPrefix, Exist: false},
-		{Key: types.UniqueCertificateKeyPrefix, Exist: true},
-		{Key: types.ProposedCertificateKeyPrefix, Exist: false},
-		{Key: types.ApprovedCertificatesKeyPrefix, Exist: false},
-		{Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false},
-		{Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false},
-		{Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false},
+	indexes := utils.TestIndexes{
+		Present: []utils.TestIndex{
+			{Key: types.AllCertificatesKeyPrefix},
+			{Key: types.AllCertificatesBySubjectKeyPrefix},
+			{Key: types.AllCertificatesBySubjectKeyIDKeyPrefix},
+			{Key: types.NocCertificatesKeyPrefix},
+			{Key: types.NocCertificatesBySubjectKeyPrefix},
+			{Key: types.NocCertificatesBySubjectKeyIDKeyPrefix},
+			{Key: types.NocCertificatesByVidAndSkidKeyPrefix},
+			{Key: types.NocRootCertificatesKeyPrefix},
+			{Key: types.UniqueCertificateKeyPrefix},
+		},
+		Missing: []utils.TestIndex{
+			{Key: types.NocIcaCertificatesKeyPrefix},
+			{Key: types.ProposedCertificateKeyPrefix},
+			{Key: types.ApprovedCertificatesKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix},
+			{Key: types.ApprovedRootCertificatesKeyPrefix},
+		},
 	}
 	utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes)
 }
 
 // Extra cases
 
-func TestHandler_AddNocX509RootCert_Renew(t *testing.T) {
+func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) {
 	setup := utils.Setup(t)
 
-	accAddress := utils.GenerateAccAddress()
-	setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid)
+	accAddress := setup.CreateVendorAccount(testconstants.Vid)
 
 	// Store the NOC root certificate
-	nocRootCertificate := utils.RootCertificate(accAddress)
-	nocRootCertificate.SerialNumber = testconstants.TestSerialNumber
-	nocRootCertificate.CertificateType = types.CertificateType_OperationalPKI
-	nocRootCertificate.Approvals = nil
-	nocRootCertificate.Rejects = nil
-
-	setup.Keeper.AddAllCertificate(setup.Ctx, nocRootCertificate)
-	setup.Keeper.AddNocCertificate(setup.Ctx, nocRootCertificate)
-	setup.Keeper.AddNocRootCertificate(setup.Ctx, nocRootCertificate)
-	setup.Keeper.AddNocCertificateBySubject(setup.Ctx, nocRootCertificate)
-
-	uniqueCertificate := types.UniqueCertificate{
-		Issuer:       nocRootCertificate.Issuer,
-		SerialNumber: nocRootCertificate.SerialNumber,
-		Present:      true,
-	}
-	setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate)
-
-	// new NOC root certificate
-	newNocCertificate := utils.RootCertificate(accAddress)
-	newNocCertificate.CertificateType = types.CertificateType_OperationalPKI
-	newNocCertificate.Approvals = nil
-	newNocCertificate.Rejects = nil
+	rootCertificate1 := utils.CreateTestNocRoot1Cert()
+	utils.AddNocRootCertificate(setup, accAddress, rootCertificate1.PEM)
 
 	// add the new NOC root certificate
-	addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), newNocCertificate.PemCert, testconstants.CertSchemaVersion)
+	rootCertificate2 := utils.CreateTestNocRoot2Cert()
+	addNocX509RootCert := types.NewMsgAddNocX509RootCert(
+		accAddress.String(),
+		rootCertificate2.PEM,
+		testconstants.CertSchemaVersion)
 	_, err := setup.Handler(setup.Ctx, addNocX509RootCert)
 	require.NoError(t, err)
 
-	// query noc root certificate by Subject and SKID
-	nocCertificates, err := utils.QueryNocCertificates(setup, newNocCertificate.Subject, newNocCertificate.SubjectKeyId)
-	require.NoError(t, err)
-	require.Equal(t, len(nocCertificates.Certs), 2)
-	require.Equal(t, &newNocCertificate, nocCertificates.Certs[1])
-
-	// query noc root certificate by Subject
-	nocCertificatesBySubject, err := utils.QueryNocCertificatesBySubject(setup, newNocCertificate.Subject)
-	require.NoError(t, err)
-	require.Equal(t, 1, len(nocCertificatesBySubject.SubjectKeyIds))
-	require.Equal(t, newNocCertificate.SubjectKeyId, nocCertificatesBySubject.SubjectKeyIds[0])
-
-	// query noc root certificate by SKID
-	nocCertificatesBySubjectKeyID, err := utils.QueryNocCertificatesBySubjectKeyID(setup, newNocCertificate.SubjectKeyId)
-	require.NoError(t, err)
-	require.Equal(t, 1, len(nocCertificatesBySubjectKeyID))
-	require.Equal(t, 1, len(nocCertificatesBySubjectKeyID[0].Certs))
-	require.Equal(t, &newNocCertificate, nocCertificatesBySubjectKeyID[0].Certs[0])
-
-	// query noc root certificate by VID
-	nocRootCertificates, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid)
-	require.NoError(t, err)
-	require.Equal(t, len(nocRootCertificates.Certs), 2)
-	require.Equal(t, &newNocCertificate, nocRootCertificates.Certs[1])
-
-	// query noc root certificate by VID and SKID
-	renewedNocRootCertificate, err := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, newNocCertificate.SubjectKeyId)
-	require.NoError(t, err)
-	require.Equal(t, &newNocCertificate, renewedNocRootCertificate.Certs[0])
+	// check indexes
+	indexes := utils.TestIndexes{
+		Present: []utils.TestIndex{
+			{Key: types.AllCertificatesKeyPrefix, Count: 2},
+			{Key: types.AllCertificatesBySubjectKeyPrefix},
+			{Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2},
+			{Key: types.NocCertificatesKeyPrefix, Count: 2},
+			{Key: types.NocCertificatesBySubjectKeyPrefix},
+			{Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2},
+			{Key: types.NocRootCertificatesKeyPrefix, Count: 2},
+			{Key: types.UniqueCertificateKeyPrefix},
+		},
+		Missing: []utils.TestIndex{
+			{Key: types.NocIcaCertificatesKeyPrefix},
+			{Key: types.ProposedCertificateKeyPrefix},
+			{Key: types.ApprovedCertificatesKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix},
+			{Key: types.ApprovedRootCertificatesKeyPrefix},
+		},
+	}
+	utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes)
+	utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes)
 }
 
 // Error cases