Added design for unit test

Author: Artemkaaas

integration_tests/constants/noc_constants.go

@@ -129,6 +129,7 @@ BAMCA0kAMEYCIQDzsjB569j1SsltNIP8CMTD4kRsTulqSp+O7JbQdWyzPAIhAODV
 zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj
 -----END CERTIFICATE-----`
 
+	NocRootCert1Issuer        = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ=="
 	NocRootCert1Subject       = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ=="
 	NocRootCert1SubjectKeyID  = "44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:2B:B9:83:26"
 	NocRootCert1SerialNumber  = "47211865327720222621302679792296833381734533449"
@@ -149,11 +150,12 @@ zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj
 	NocRootCert3SerialNumber  = "38457288443253426021793906708335409501754677187"
 	NocRootCert3SubjectAsText = "CN=NOC-3,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU"
 
-	NocCert1Subject       = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ=="
-	NocCert1Issuer        = NocRootCert1Subject
-	NocCert1SubjectKeyID  = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3"
-	NocCert1SerialNumber  = "631388393741945881054190991612463928825155142122"
-	NocCert1SubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
+	NocCert1Subject        = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ=="
+	NocCert1Issuer         = NocRootCert1Subject
+	NocCert1AuthorityKeyID = NocRootCert1SubjectKeyID
+	NocCert1SubjectKeyID   = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3"
+	NocCert1SerialNumber   = "631388393741945881054190991612463928825155142122"
+	NocCert1SubjectAsText  = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
 
 	NocCert1CopySubject       = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ=="
 	NocCert1CopyIssuer        = NocRootCert1Subject

x/pki/keeper/child_certificates.go

@@ -178,3 +178,17 @@ func (k msgServer) RemoveChildCertificate(
 		k.RemoveChildCertificates(ctx, issuer, authorityKeyID)
 	}
 }
+
+// IsChildCertificatePresent Check if the Child Certificate is present in the store.
+func (k Keeper) IsChildCertificatePresent(
+	ctx sdk.Context,
+	issuer string,
+	authorityKeyID string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ChildCertificatesKeyPrefix))
+
+	return store.Has(types.ChildCertificatesKey(
+		issuer,
+		authorityKeyID,
+	))
+}

x/pki/keeper/grpc_query_revoked_certificates.go

@@ -57,3 +57,17 @@ func (k Keeper) RevokedCertificates(c context.Context, req *types.QueryGetRevoke
 
 	return &types.QueryGetRevokedCertificatesResponse{RevokedCertificates: val}, nil
 }
+
+// IsRevokedCertificatePresent Check if the Revoked Certificate is present in the store.
+func (k Keeper) IsRevokedCertificatePresent(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedCertificatesKeyPrefix))
+
+	return store.Has(types.RevokedCertificatesKey(
+		subject,
+		subjectKeyID,
+	))
+}

x/pki/keeper/msg_server_remove_noc_x_509_ica_cert.go

@@ -59,7 +59,7 @@ func (k msgServer) RemoveNocX509IcaCert(goCtx context.Context, msg *types.MsgRem
 		SubjectKeyId: msg.SubjectKeyId,
 	}
 
-	if msg.SerialNumber != "" {
+	if msg.SerialNumber != "" { //nolint:nestif
 		certBySerialNumber, found := FindCertificateInList(msg.SerialNumber, &certificates)
 		if !found {
 			return nil, pkitypes.NewErrCertificateBySerialNumberDoesNotExist(msg.Subject, msg.SubjectKeyId, msg.SerialNumber)
@@ -80,6 +80,12 @@ func (k msgServer) RemoveNocX509IcaCert(goCtx context.Context, msg *types.MsgRem
 				certBySerialNumber.Issuer,
 				false,
 			)
+			if len(icaCerts.Certs) == 0 {
+				k.RemoveChildCertificate(ctx, certBySerialNumber.Issuer, certBySerialNumber.AuthorityKeyId, types.CertificateIdentifier{
+					Subject:      icaCerts.Subject,
+					SubjectKeyId: icaCerts.SubjectKeyId,
+				})
+			}
 		}
 
 		if foundRevoked {
@@ -91,6 +97,8 @@ func (k msgServer) RemoveNocX509IcaCert(goCtx context.Context, msg *types.MsgRem
 		k.RemoveRevokedNocIcaCertificates(ctx, certID.Subject, certID.SubjectKeyId)
 		// remove from noc certificates map
 		k.RemoveNocCertificate(ctx, cert.Subject, cert.SubjectKeyId, accountVid, false)
+		// Remove certificate identifier from issuer's ChildCertificates record
+		k.RemoveChildCertificate(ctx, certificates[0].Issuer, certificates[0].AuthorityKeyId, certID)
 		// remove from subject with serialNumber map
 		for _, cert := range certificates {
 			k.RemoveUniqueCertificate(ctx, cert.Issuer, cert.SerialNumber)

x/pki/keeper/msg_server_remove_x_509_cert.go

@@ -44,7 +44,7 @@ func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX50
 		return nil, err
 	}
 
-	if msg.SerialNumber != "" {
+	if msg.SerialNumber != "" { //nolint:nestif
 		certBySerialNumber, found := FindCertificateInList(msg.SerialNumber, &certificates)
 		if !found {
 			return nil, pkitypes.NewErrCertificateBySerialNumberDoesNotExist(msg.Subject, msg.SubjectKeyId, msg.SerialNumber)
@@ -63,16 +63,28 @@ func (k msgServer) RemoveX509Cert(goCtx context.Context, msg *types.MsgRemoveX50
 				certBySerialNumber.Issuer,
 				false,
 			)
+			if len(aprCerts.Certs) == 0 {
+				k.RemoveChildCertificate(ctx, certBySerialNumber.Issuer, certBySerialNumber.AuthorityKeyId, types.CertificateIdentifier{
+					Subject:      aprCerts.Subject,
+					SubjectKeyId: aprCerts.SubjectKeyId,
+				})
+			}
 		}
 		if foundRevoked {
 			RemoveCertFromList(certBySerialNumber.Issuer, certBySerialNumber.SerialNumber, &revCerts.Certs)
 			k.removeOrUpdateRevokedX509Cert(ctx, msg.Subject, msg.SubjectKeyId, &revCerts)
 		}
 	} else {
-		// remove from noc certificates map
+		certIdentifier := types.CertificateIdentifier{
+			Subject:      msg.Subject,
+			SubjectKeyId: msg.SubjectKeyId,
+		}
+		// remove from da certificates map
 		k.RemoveDaCertificate(ctx, msg.Subject, msg.SubjectKeyId, false)
 		// remove from revoked list
 		k.RemoveRevokedCertificates(ctx, msg.Subject, msg.SubjectKeyId)
+		// Remove certificate identifier from issuer's ChildCertificates record
+		k.RemoveChildCertificate(ctx, certificates[0].Issuer, certificates[0].AuthorityKeyId, certIdentifier)
 		// remove from subject with serialNumber map
 		for _, cert := range certificates {
 			k.RemoveUniqueCertificate(ctx, cert.Issuer, cert.SerialNumber)

x/pki/keeper/proposed_certificate.go

@@ -67,8 +67,7 @@ func (k Keeper) GetAllProposedCertificate(ctx sdk.Context) (list []types.Propose
 	return
 }
 
-// Check if the Proposed Certificate record associated with a
-// Subject/SubjectKeyID combination is present in the store.
+// IsProposedCertificatePresent Check if the Proposed Certificate record associated with a Subject/SubjectKeyID combination is present in the store.
 func (k Keeper) IsProposedCertificatePresent(
 	ctx sdk.Context,
 	subject string,

x/pki/keeper/revoked_noc_ica_certificates.go

@@ -97,3 +97,17 @@ func (k Keeper) GetAllRevokedNocIcaCertificates(ctx sdk.Context) (list []types.R
 
 	return
 }
+
+// IsRevokedNocIcaCertificatePresent Check if the Revoked Noc ICA Certificate record associated with a Subject/SubjectKeyID combination is present in the store.
+func (k Keeper) IsRevokedNocIcaCertificatePresent(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedNocIcaCertificatesKeyPrefix))
+
+	return store.Has(types.RevokedNocIcaCertificatesKey(
+		subject,
+		subjectKeyID,
+	))
+}

x/pki/keeper/revoked_noc_root_certificates.go

@@ -97,3 +97,17 @@ func (k Keeper) GetAllRevokedNocRootCertificates(ctx sdk.Context) (list []types.
 
 	return
 }
+
+// IsRevokedNocRootCertificatePresent Check if the Revoked Noc Root Certificate record associated with a Subject/SubjectKeyID combination is present in the store.
+func (k Keeper) IsRevokedNocRootCertificatePresent(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedNocRootCertificatesKeyPrefix))
+
+	return store.Has(types.RevokedNocRootCertificatesKey(
+		subject,
+		subjectKeyID,
+	))
+}

x/pki/tests/handler_add_noc_ica_cert_test.go

@@ -27,6 +27,7 @@ func TestHandler_AddNocX509Cert_AddNewIca(t *testing.T) {
 	// add NOC ICA certificate
 	addNocIcaCertificate(setup, accAddress, testconstants.NocCert1)
 
+	// Check: Noc + All + UniqueCertificate
 	ensureNocIcaCertificateExist(
 		t,
 		setup,

x/pki/tests/handler_add_noc_root_cert_test.go

@@ -23,6 +23,7 @@ func TestHandler_AddNocX509Cert_AddNewRoot(t *testing.T) {
 	// add NOC root certificate
 	addNocRootCertificate(setup, accAddress, testconstants.NocRootCert1)
 
+	// Check: Noc + All + UniqueCertificate
 	ensureNocRootCertificateExist(
 		t,
 		setup,

x/pki/tests/handler_remove_noc_ica_cert_test.go

@@ -15,6 +15,63 @@ import (
 
 // Main
 
+func TestHandler_RemoveNocX509IcaCert(t *testing.T) {
+	setup := Setup(t)
+
+	// Add vendor account
+	vid := testconstants.Vid
+	vendorAccAddress := GenerateAccAddress()
+	setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid)
+
+	// add NOC root certificate
+	addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1)
+
+	// add intermediate certificate
+	addNocIcaCertificate(setup, vendorAccAddress, testconstants.NocCert1)
+
+	// remove intermediate certificate
+	removeIcaCert := types.NewMsgRemoveNocX509IcaCert(
+		vendorAccAddress.String(),
+		testconstants.NocCert1Subject,
+		testconstants.NocCert1SubjectKeyID,
+		"",
+	)
+	_, err := setup.Handler(setup.Ctx, removeIcaCert)
+	require.NoError(t, err)
+
+	// Check: Noc - missing
+	ensureCertificateNotPresentInNocCertificateIndexes(
+		t,
+		setup,
+		testconstants.NocCert1Subject,
+		testconstants.NocCert1SubjectKeyID,
+		testconstants.Vid,
+		false,
+		false,
+	)
+
+	// Check: All - missing
+	ensureCertificateNotPresentInGlobalCertificateIndexes(
+		t,
+		setup,
+		testconstants.NocCert1Subject,
+		testconstants.NocCert1SubjectKeyID,
+		false,
+	)
+
+	// Check: UniqueCertificate - missing
+	found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1Issuer, testconstants.NocCert1SerialNumber)
+	require.False(t, found)
+
+	// Check: RevokedCertificates (ica) - missing
+	found = setup.Keeper.IsRevokedNocIcaCertificatePresent(setup.Ctx, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID)
+	require.False(t, found)
+
+	// Check: child certificate  - missing
+	found = setup.Keeper.IsChildCertificatePresent(setup.Ctx, testconstants.NocCert1Issuer, testconstants.NocCert1AuthorityKeyID)
+	require.False(t, found)
+}
+
 func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) {
 	setup := Setup(t)
 

x/pki/tests/handler_remove_noc_root_cert_test.go

@@ -15,6 +15,56 @@ import (
 
 // Main
 
+func TestHandler_RemoveNocX509RootCert(t *testing.T) {
+	setup := Setup(t)
+
+	// Add vendor account
+	vid := testconstants.Vid
+	vendorAccAddress := GenerateAccAddress()
+	setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid)
+
+	// add NOC root certificates
+	addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1)
+
+	// remove noc root  certificate
+	removeIcaCert := types.NewMsgRemoveNocX509RootCert(
+		vendorAccAddress.String(),
+		testconstants.NocRootCert1Subject,
+		testconstants.NocRootCert1SubjectKeyID,
+		"",
+	)
+	_, err := setup.Handler(setup.Ctx, removeIcaCert)
+	require.NoError(t, err)
+
+	// Check: Noc - missing
+	ensureCertificateNotPresentInNocCertificateIndexes(
+		t,
+		setup,
+		testconstants.NocRootCert1Subject,
+		testconstants.NocRootCert1SubjectKeyID,
+		testconstants.Vid,
+		true,
+		false,
+	)
+
+	// Check: All - missing
+	ensureCertificateNotPresentInGlobalCertificateIndexes(
+		t,
+		setup,
+		testconstants.NocRootCert1Subject,
+		testconstants.NocRootCert1SubjectKeyID,
+		false,
+	)
+
+	// Check: UniqueCertificate - missing
+	found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1Issuer, testconstants.NocRootCert1SerialNumber)
+	require.False(t, found)
+
+	// Check: RevokedCertificates (root) - missing
+	found = setup.Keeper.IsRevokedNocRootCertificatePresent(setup.Ctx, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID)
+	require.False(t, found)
+}
+
 func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) {
 	setup := Setup(t)