Refactoring PKI unit tests

Author: Artemkaaas

types/pki/keys.go

@@ -21,11 +21,6 @@ func KeyPrefix(p string) []byte {
 	return []byte(p)
 }
 
-const (
-	ApprovedRootCertificatesKeyPrefix = "ApprovedRootCertificates/value/"
-	RevokedRootCertificatesKeyPrefix  = "RevokedRootCertificates/value/"
-)
-
 var (
 	ApprovedRootCertificatesKey = []byte{0}
 	RevokedRootCertificatesKey  = []byte{0}

x/pki/client/cli/query_approved_root_certificates.go

@@ -24,7 +24,7 @@ func CmdShowApprovedRootCertificates() *cobra.Command {
 			return cli.QueryWithProofList(
 				clientCtx,
 				pkitypes.StoreKey,
-				pkitypes.ApprovedRootCertificatesKeyPrefix,
+				types.ApprovedRootCertificatesKeyPrefix,
 				pkitypes.ApprovedRootCertificatesKey,
 				&res,
 			)

x/pki/client/cli/query_revoked_root_certificates.go

@@ -24,7 +24,7 @@ func CmdShowRevokedRootCertificates() *cobra.Command {
 			return cli.QueryWithProofList(
 				clientCtx,
 				pkitypes.StoreKey,
-				pkitypes.RevokedRootCertificatesKeyPrefix,
+				types.RevokedRootCertificatesKeyPrefix,
 				pkitypes.RevokedRootCertificatesKey,
 				&res,
 			)

x/pki/keeper/approved_root_certificates.go

@@ -9,14 +9,14 @@ import (
 
 // SetApprovedRootCertificates set approvedRootCertificates in the store.
 func (k Keeper) SetApprovedRootCertificates(ctx sdk.Context, approvedRootCertificates types.ApprovedRootCertificates) {
-	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.ApprovedRootCertificatesKeyPrefix))
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedRootCertificatesKeyPrefix))
 	b := k.cdc.MustMarshal(&approvedRootCertificates)
 	store.Set(pkitypes.ApprovedRootCertificatesKey, b)
 }
 
 // GetApprovedRootCertificates returns approvedRootCertificates.
 func (k Keeper) GetApprovedRootCertificates(ctx sdk.Context) (val types.ApprovedRootCertificates, found bool) {
-	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.ApprovedRootCertificatesKeyPrefix))
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedRootCertificatesKeyPrefix))
 
 	b := store.Get(pkitypes.ApprovedRootCertificatesKey)
 	if b == nil {
@@ -30,7 +30,7 @@ func (k Keeper) GetApprovedRootCertificates(ctx sdk.Context) (val types.Approved
 
 // RemoveApprovedRootCertificates removes approvedRootCertificates from the store.
 func (k Keeper) RemoveApprovedRootCertificates(ctx sdk.Context) {
-	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.ApprovedRootCertificatesKeyPrefix))
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedRootCertificatesKeyPrefix))
 	store.Delete(pkitypes.ApprovedRootCertificatesKey)
 }
 

x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go

@@ -18,6 +18,7 @@ func (k msgServer) ApproveRevokeX509RootCert(goCtx context.Context, msg *types.M
 	if err != nil {
 		return nil, errors.Wrapf(sdkerrors.ErrInvalidAddress, "Invalid Address: (%s)", err)
 	}
+
 	if !k.dclauthKeeper.HasRole(ctx, signerAddr, types.RootCertificateApprovalRole) {
 		return nil, errors.Wrapf(sdkerrors.ErrUnauthorized,
 			"MsgApproveRevokeX509RootCert transaction should be signed by "+

x/pki/keeper/msg_server_propose_revoke_x_509_root_cert.go

@@ -19,6 +19,7 @@ func (k msgServer) ProposeRevokeX509RootCert(goCtx context.Context, msg *types.M
 	if err != nil {
 		return nil, errors.Wrapf(sdkerrors.ErrInvalidAddress, "Invalid Address: (%s)", err)
 	}
+
 	if !k.dclauthKeeper.HasRole(ctx, signerAddr, types.RootCertificateApprovalRole) {
 		return nil, errors.Wrapf(sdkerrors.ErrUnauthorized,
 			"MsgProposeRevokeX509RootCert transaction should be signed by "+

x/pki/keeper/revoked_root_certificates.go

@@ -9,14 +9,14 @@ import (
 
 // SetRevokedRootCertificates set revokedRootCertificates in the store.
 func (k Keeper) SetRevokedRootCertificates(ctx sdk.Context, revokedRootCertificates types.RevokedRootCertificates) {
-	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.RevokedRootCertificatesKeyPrefix))
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedRootCertificatesKeyPrefix))
 	b := k.cdc.MustMarshal(&revokedRootCertificates)
 	store.Set(pkitypes.RevokedRootCertificatesKey, b)
 }
 
 // GetRevokedRootCertificates returns revokedRootCertificates.
 func (k Keeper) GetRevokedRootCertificates(ctx sdk.Context) (val types.RevokedRootCertificates, found bool) {
-	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.RevokedRootCertificatesKeyPrefix))
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedRootCertificatesKeyPrefix))
 
 	b := store.Get(pkitypes.RevokedRootCertificatesKey)
 	if b == nil {
@@ -30,7 +30,7 @@ func (k Keeper) GetRevokedRootCertificates(ctx sdk.Context) (val types.RevokedRo
 
 // RemoveRevokedRootCertificates removes revokedRootCertificates from the store.
 func (k Keeper) RemoveRevokedRootCertificates(ctx sdk.Context) {
-	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.RevokedRootCertificatesKeyPrefix))
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedRootCertificatesKeyPrefix))
 	store.Delete(pkitypes.RevokedRootCertificatesKey)
 }
 

x/pki/tests/handler_add_noc_ica_cert_test.go

@@ -52,8 +52,6 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) {
 	utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes)
 }
 
-// Extra cases
-
 func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) {
 	setup := utils.Setup(t)
 
@@ -96,18 +94,68 @@ func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber
 	utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes)
 }
 
+func TestHandler_AddNocIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) {
+	setup := utils.Setup(t)
+
+	// add two vendors with the same VID
+	vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid)
+	vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid)
+
+	// add NOC root certificate
+	rootCertificate := utils.RootNocCertificate1(vendorAccAddress1)
+	utils.AddNocRootCertificate(setup, rootCertificate)
+
+	// add the new NOC certificate by first vendor
+	icaCertificate := utils.IntermediateNocCertificate1(vendorAccAddress1)
+	utils.AddNocIntermediateCertificate(setup, icaCertificate)
+
+	// add the new NOC certificate by second vendor
+	icaCertificate2 := utils.IntermediateNocCertificate1Copy(vendorAccAddress2)
+	utils.AddNocIntermediateCertificate(setup, icaCertificate2)
+
+	// Check state indexes
+	indexes := utils.TestIndexes{
+		Present: []utils.TestIndex{
+			{Key: types.AllCertificatesKeyPrefix, Count: 2},
+			{Key: types.AllCertificatesBySubjectKeyPrefix},
+			{Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2},
+			{Key: types.NocCertificatesKeyPrefix, Count: 2},
+			{Key: types.NocCertificatesBySubjectKeyPrefix},
+			{Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2},
+			{Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 2},
+			{Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there
+			{Key: types.NocIcaCertificatesKeyPrefix, Count: 2},
+			{Key: types.UniqueCertificateKeyPrefix},
+			{Key: types.ChildCertificatesKeyPrefix},
+		},
+		Missing: []utils.TestIndex{
+			{Key: types.ProposedCertificateKeyPrefix},
+			{Key: types.ApprovedCertificatesKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix},
+			{Key: types.ApprovedRootCertificatesKeyPrefix},
+		},
+	}
+	utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes)
+	utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes)
+}
+
 // Error cases
 
-func TestHandler_AddNocX509Cert_SenderNotVendor(t *testing.T) {
+func TestHandler_AddNocIntermediateCert_SenderNotVendor(t *testing.T) {
 	setup := utils.Setup(t)
 
+	// add NOC root certificate
+	rootCertificate := utils.RootNocCertificate1(setup.Vendor1)
+	utils.AddNocRootCertificate(setup, rootCertificate)
+
 	addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Trustee1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion)
 	_, err := setup.Handler(setup.Ctx, addNocX509Cert)
 
 	require.ErrorIs(t, err, sdkerrors.ErrUnauthorized)
 }
 
-func TestHandler_AddNocX509Cert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing.T) {
+func TestHandler_AddNocIntermediateCert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing.T) {
 	setup := utils.Setup(t)
 
 	// add NOC root certificate
@@ -122,7 +170,7 @@ func TestHandler_AddNocX509Cert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing
 	require.ErrorIs(t, err, pkitypes.ErrCertVidNotEqualAccountVid)
 }
 
-func TestHandler_AddNocX509Cert_ForInvalidCertificate(t *testing.T) {
+func TestHandler_AddNocIntermediateCert_ForInvalidCertificate(t *testing.T) {
 	setup := utils.Setup(t)
 
 	// add x509 certificate
@@ -131,7 +179,7 @@ func TestHandler_AddNocX509Cert_ForInvalidCertificate(t *testing.T) {
 	require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate)
 }
 
-func TestHandler_AddXNoc509Cert_ForNocRootCertificate(t *testing.T) {
+func TestHandler_AddNocIntermediateCert_ForNocRootCertificate(t *testing.T) {
 	setup := utils.Setup(t)
 
 	// try to add root certificate x509 certificate
@@ -140,11 +188,10 @@ func TestHandler_AddXNoc509Cert_ForNocRootCertificate(t *testing.T) {
 	require.ErrorIs(t, err, pkitypes.ErrNonRootCertificateSelfSigned)
 }
 
-func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) {
+func TestHandler_AddNocIntermediateCert_ForRootNonNocCertificate(t *testing.T) {
 	setup := utils.Setup(t)
 
 	// store root certificate
-
 	rootCert := utils.RootDaCertificateWithVid(setup.Trustee1)
 	utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert)
 
@@ -154,7 +201,7 @@ func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) {
 	require.ErrorIs(t, err, pkitypes.ErrInappropriateCertificateType)
 }
 
-func TestHandler_AddXNoc509Cert_WhenNocRootCertIsAbsent(t *testing.T) {
+func TestHandler_AddNocIntermediateCert_WhenNocRootCertIsAbsent(t *testing.T) {
 	setup := utils.Setup(t)
 
 	// add the new NOC certificate
@@ -164,7 +211,7 @@ func TestHandler_AddXNoc509Cert_WhenNocRootCertIsAbsent(t *testing.T) {
 	require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist)
 }
 
-func TestHandler_AddNocX509Cert_CertificateExist(t *testing.T) {
+func TestHandler_AddNocIntermediateCert_CertificateExist(t *testing.T) {
 	accAddress := utils.GenerateAccAddress()
 
 	cases := []struct {

x/pki/tests/handler_add_noc_root_cert_test.go

@@ -46,8 +46,6 @@ func TestHandler_AddNocRootCert(t *testing.T) {
 	utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes)
 }
 
-// Extra cases
-
 func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) {
 	setup := utils.Setup(t)
 
@@ -84,19 +82,62 @@ func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *test
 	utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes)
 }
 
+func TestHandler_AddNocRootCert_ByNotOwnerButSameVendor(t *testing.T) {
+	setup := utils.Setup(t)
+
+	// add two vendors with the same VID
+	vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid)
+	vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid)
+
+	// add NOC root certificate
+	rootCertificate1 := utils.RootNocCertificate1(vendorAccAddress1)
+	utils.AddNocRootCertificate(setup, rootCertificate1)
+
+	// add NOC root certificate
+	rootCertificate2 := utils.RootNocCertificate1Copy(vendorAccAddress2)
+	utils.AddNocRootCertificate(setup, rootCertificate2)
+
+	// Check state indexes
+	indexes := utils.TestIndexes{
+		Present: []utils.TestIndex{
+			{Key: types.AllCertificatesKeyPrefix, Count: 2},
+			{Key: types.AllCertificatesBySubjectKeyPrefix},
+			{Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2},
+			{Key: types.NocCertificatesKeyPrefix, Count: 2},
+			{Key: types.NocCertificatesBySubjectKeyPrefix},
+			{Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2},
+			{Key: types.NocRootCertificatesKeyPrefix, Count: 2},
+			{Key: types.UniqueCertificateKeyPrefix},
+		},
+		Missing: []utils.TestIndex{
+			{Key: types.NocIcaCertificatesKeyPrefix},
+			{Key: types.ProposedCertificateKeyPrefix},
+			{Key: types.ApprovedCertificatesKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyPrefix},
+			{Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix},
+			{Key: types.ApprovedRootCertificatesKeyPrefix},
+		},
+	}
+	utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes)
+	utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes)
+}
+
 // Error cases
 
-func TestHandler_AddNocX509RootCert_SenderNotVendor(t *testing.T) {
+func TestHandler_AddNocRootCert_SenderNotVendor(t *testing.T) {
 	setup := utils.Setup(t)
 
-	addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.CertSchemaVersion)
+	addNocX509RootCert := types.NewMsgAddNocX509RootCert(
+		setup.Trustee1.String(),
+		testconstants.RootCertPem,
+		testconstants.CertSchemaVersion)
 	_, err := setup.Handler(setup.Ctx, addNocX509RootCert)
 
 	require.Error(t, err)
 	require.True(t, sdkerrors.ErrUnauthorized.Is(err))
 }
 
-func TestHandler_AddNocX509RootCert_InvalidCertificate(t *testing.T) {
+func TestHandler_AddNocRootCert_InvalidCertificate(t *testing.T) {
 	accAddress := utils.GenerateAccAddress()
 
 	cases := []struct {
@@ -141,7 +182,7 @@ func TestHandler_AddNocX509RootCert_InvalidCertificate(t *testing.T) {
 	}
 }
 
-func TestHandler_AddNocX509RootCert_CertificateExist(t *testing.T) {
+func TestHandler_AddNocRootCert_CertificateExist(t *testing.T) {
 	accAddress := utils.GenerateAccAddress()
 
 	cases := []struct {