Refactoring PKI unit tests

Author: Artemkaaas

integration_tests/constants/constants.go

@@ -19,7 +19,6 @@ import (
 	cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	"github.com/cosmos/cosmos-sdk/types/module/testutil"
-
 	"github.com/zigbee-alliance/distributed-compliance-ledger/x/common/types"
 )
 
@@ -125,7 +124,9 @@ var (
 	ProgramType                        = "Some Program Type"
 	ProgramTypeVersion                 = "Some Program Type Version"
 	Transport                          = "Some Transport"
-	SoftwareVersionCertificationStatus = uint32(3)
+	SoftwareVersionCertificationStatus = uint32(
+		3,
+	)
 	ParentChild1                       = "parent"
 	ParentChild2                       = "child"
 	CertificationIDOfSoftwareComponent = "some certification ID of software component"
@@ -709,13 +710,16 @@ eujhLsD51w==
 	IntermediateCertWithSameSubjectAndSKIDSubject = "MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQ="
 
 	IntermediateCertWithSameSubjectIssuer               = RootCertWithSameSubjectAndSKIDSubject
+	IntermediateCertWithSameSubjectAuthorityKeyID       = RootCertWithSameSubjectAndSKIDSubjectKeyID
 	IntermediateCertWithSameSubjectAndSKIDSubjectKeyID  = "2E:13:3B:44:52:2C:30:E9:EC:FB:45:FA:5D:E5:04:0A:C1:C6:E6:B9"
 	IntermediateCertWithSameSubjectAndSKIDIssuer        = RootCertWithSameSubjectAndSKIDSubject
 	IntermediateCertWithSameSubjectAndSKID1SerialNumber = "3"
 	IntermediateCertWithSameSubjectAndSKID2SerialNumber = "4"
 	LeafCertWithSameSubjectAndSKIDSubject               = "MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQ="
 	LeafCertWithSameSubjectAndSKIDSubjectKeyID          = "12:16:55:8E:5E:2A:DF:04:D7:E6:FE:D1:53:69:61:98:EF:17:2F:03"
 	LeafCertWithSameSubjectAndSKIDSerialNumber          = "5"
+	LeafCertWithSameSubjectIssuer                       = IntermediateCertWithSameSubjectAndSKIDSubject
+	LeafCertWithSameSubjectAuthorityKeyID               = IntermediateCertWithSameSubjectAndSKIDSubjectKeyID
 
 	IntermediateIssuer                     = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"
 	IntermediateAuthorityKeyID             = "5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB"
@@ -725,8 +729,8 @@ eujhLsD51w==
 	IntermediateSubjectKeyIDWithoutColumns = "4E3B73F4704DC2980DDBC85A5F023BBF8625562B"
 	IntermediateSerialNumber               = "169917617234879872371588777545667947720450185023"
 
-	LeafIssuer         = "MDwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRgwFgYDVQQKDA9pbnRlcm1lZGlhdGUtY2E="
-	LeafAuthorityKeyID = "4E:3B:73:F4:70:4D:C2:98:D:DB:C8:5A:5F:02:3B:BF:86:25:56:2B"
+	LeafIssuer         = IntermediateSubject
+	LeafAuthorityKeyID = IntermediateSubjectKeyID
 	LeafSubject        = "MDExCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMQ0wCwYDVQQKDARsZWFm"
 	LeafSubjectAsText  = "O=leaf,ST=some-state,C=AU"
 	LeafSubjectKeyID   = "30:F4:65:75:14:20:B2:AF:3D:14:71:17:AC:49:90:93:3E:24:A0:1F"

integration_tests/constants/noc_constants.go

@@ -139,6 +139,7 @@ zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj
 	NocRootCert1CopySubjectKeyID  = "44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:2B:B9:83:26"
 	NocRootCert1CopySerialNumber  = "460647353168152946606945669687905527879095841977"
 	NocRootCert1CopySubjectAsText = "CN=NOC-1,OU=Testing Division,O=Example Company,L=Tashkent,ST=Some State,C=UZ"
+	NocRootCert1CopyIssuer        = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ=="
 
 	NocRootCert2Subject       = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMg=="
 	NocRootCert2SubjectKeyID  = "CF:E6:DD:37:2B:4C:B2:B9:A9:F2:75:30:1C:AA:B1:37:1B:11:7F:1B"
@@ -157,21 +158,23 @@ zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj
 	NocCert1SerialNumber   = "631388393741945881054190991612463928825155142122"
 	NocCert1SubjectAsText  = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
 
-	NocCert1CopySubject       = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ=="
-	NocCert1CopyIssuer        = NocRootCert1Subject
-	NocCert1CopySubjectKeyID  = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3"
-	NocCert1CopySerialNumber  = "169445068204646961882009388640343665944683778293"
-	NocCert1CopySubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
+	NocCert1CopySubject        = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ=="
+	NocCert1CopyIssuer         = NocRootCert1Subject
+	NocCert1CopySubjectKeyID   = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3"
+	NocCert1CopySerialNumber   = "169445068204646961882009388640343665944683778293"
+	NocCert1CopyAuthorityKeyID = NocCert1AuthorityKeyID
+	NocCert1CopySubjectAsText  = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
 
 	NocCert2Subject       = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg=="
 	NocCert2Issuer        = NocRootCert2Subject
 	NocCert2SubjectKeyID  = "87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD"
 	NocCert2SerialNumber  = "361372967010167010646904372658654439710639340814"
 	NocCert2SubjectAsText = "CN=NOC-child-2,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
 
-	NocLeafCert1Subject       = "MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0x"
-	NocLeafCert1Issuer        = NocCert1Subject
-	NocLeafCert1SubjectKeyID  = "77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01"
-	NocLeafCert1SerialNumber  = "281347277961838999749763518155363401757954575313"
-	NocLeafCert1SubjectAsText = "CN=NOC-leaf-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
+	NocLeafCert1Subject        = "MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0x"
+	NocLeafCert1Issuer         = NocCert1Subject
+	NocLeafCert1SubjectKeyID   = "77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01"
+	NocLeafCert1SerialNumber   = "281347277961838999749763518155363401757954575313"
+	NocLeafCert1AuthorityKeyID = NocCert1SubjectKeyID
+	NocLeafCert1SubjectAsText  = "CN=NOC-leaf-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
 )

x/pki/keeper/all_certificates.go

@@ -179,3 +179,17 @@ func (k Keeper) verifyCertificate(ctx sdk.Context,
 		fmt.Sprintf("Certificate verification failed for certificate with subject=%v and subjectKeyID=%v",
 			x509Certificate.Subject, x509Certificate.SubjectKeyID))
 }
+
+// IsAllCertificatePresent Check if the All Certificate is present in the store.
+func (k Keeper) IsAllCertificatePresent(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesKeyPrefix))
+
+	return store.Has(types.AllCertificatesKey(
+		subject,
+		subjectKeyID,
+	))
+}

x/pki/keeper/all_certificates_by_subject.go

@@ -128,3 +128,15 @@ func (k Keeper) GetAllAllCertificatesBySubject(ctx sdk.Context) (list []types.Al
 
 	return
 }
+
+// IsCertificatesBySubjectPresent Check if the Certificate By Subject is present in the store.
+func (k Keeper) IsCertificatesBySubjectPresent(
+	ctx sdk.Context,
+	subject string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyPrefix))
+
+	return store.Has(types.AllCertificatesBySubjectKey(
+		subject,
+	))
+}

x/pki/keeper/all_certificates_by_subject_key_id.go

@@ -145,3 +145,15 @@ func (k Keeper) _removeAllCertificatesFromSubjectKeyIDState(ctx sdk.Context, sub
 		k.SetAllCertificatesBySubjectKeyID(ctx, certs)
 	}
 }
+
+// IsCertificatesBySubjectKeyIdPresent Check if the Certificate By Subject Key ID is present in the store.
+func (k Keeper) IsCertificatesBySubjectKeyIdPresent(
+	ctx sdk.Context,
+	subjectKeyID string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix))
+
+	return store.Has(types.AllCertificatesBySubjectKeyIDKey(
+		subjectKeyID,
+	))
+}

x/pki/keeper/approved_certificates.go

@@ -128,3 +128,17 @@ func (k Keeper) AddApprovedCertificate(ctx sdk.Context, approvedCertificate type
 		approvedCertificates.SubjectKeyId,
 	), b)
 }
+
+// IsApprovedCertificatesPresent Check if the Approved Certificate is present in the store.
+func (k Keeper) IsApprovedCertificatesPresent(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesKeyPrefix))
+
+	return store.Has(types.ApprovedCertificatesKey(
+		subject,
+		subjectKeyID,
+	))
+}

x/pki/keeper/approved_certificates_by_subject.go

@@ -103,3 +103,15 @@ func (k Keeper) RemoveApprovedCertificateBySubject(ctx sdk.Context, subject stri
 		k.RemoveApprovedCertificatesBySubject(ctx, subject)
 	}
 }
+
+// IsApprovedCertificatesBySubjectPresent Check if the Approved Certificate By Subject is present in the store.
+func (k Keeper) IsApprovedCertificatesBySubjectPresent(
+	ctx sdk.Context,
+	subject string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyPrefix))
+
+	return store.Has(types.ApprovedCertificatesBySubjectKey(
+		subject,
+	))
+}

x/pki/keeper/approved_certificates_by_subject_key_id.go

@@ -145,3 +145,15 @@ func (k Keeper) _removeApprovedCertificatesFromSubjectKeyIDState(ctx sdk.Context
 		k.SetApprovedCertificatesBySubjectKeyID(ctx, certs)
 	}
 }
+
+// IsApprovedCertificatesBySubjectKeyIdPresent Check if the Approved Certificate By Subject Key ID is present in the store.
+func (k Keeper) IsApprovedCertificatesBySubjectKeyIdPresent(
+	ctx sdk.Context,
+	subjectKeyID string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyIDKeyPrefix))
+
+	return store.Has(types.ApprovedCertificatesBySubjectKeyIDKey(
+		subjectKeyID,
+	))
+}

x/pki/keeper/approved_root_certificates.go

@@ -85,3 +85,15 @@ func (k Keeper) RemoveApprovedRootCertificate(
 
 	k.SetApprovedRootCertificates(ctx, rootCertificates)
 }
+
+// IsApprovedRootCertificatePresent Check if the Approved Root Certificate is present in the store.
+func (k Keeper) IsApprovedRootCertificatePresent(
+	ctx sdk.Context,
+	subjectKeyID string,
+) bool {
+	store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.ApprovedRootCertificatesKeyPrefix))
+
+	return store.Has(types.ApprovedCertificatesBySubjectKeyIDKey(
+		subjectKeyID,
+	))
+}

x/pki/tests/handler_add_noc_ica_cert_test.go

@@ -24,29 +24,29 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) {
 	utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1)
 
 	// add NOC ICA certificate
+	icaCertificate := utils.CreateTestNocIca1Cert()
 	utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1)
 
-	// Check: Noc + All + UniqueCertificate
-	utils.EnsureNocIntermediateCertificateExist(
-		t,
-		setup,
-		testconstants.NocCert1Subject,
-		testconstants.NocCert1SubjectKeyID,
-		testconstants.NocCert1Issuer,
-		testconstants.NocCert1SerialNumber,
-		testconstants.Vid,
-		false,
-	)
-
-	// ChildCertificates: check that child certificates of issuer contains certificate identifier
-	utils.EnsureChildCertificateExist(
-		t,
-		setup,
-		testconstants.NocRootCert1Subject,
-		testconstants.NocRootCert1SubjectKeyID,
-		testconstants.NocCert1Subject,
-		testconstants.NocCert1SubjectKeyID,
-	)
+	// Check indexes
+	indexes := []utils.TestIndex{
+		{Key: types.AllCertificatesKeyPrefix, Exist: true},
+		{Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true},
+		{Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true},
+		{Key: types.NocCertificatesKeyPrefix, Exist: true},
+		{Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true},
+		{Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true},
+		{Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true},
+		{Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // we create root certificate as well but ica should not get there
+		{Key: types.NocIcaCertificatesKeyPrefix, Exist: true},
+		{Key: types.UniqueCertificateKeyPrefix, Exist: true},
+		{Key: types.ChildCertificatesKeyPrefix, Exist: true},
+		{Key: types.ProposedCertificateKeyPrefix, Exist: false},
+		{Key: types.ApprovedCertificatesKeyPrefix, Exist: false},
+		{Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false},
+		{Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false},
+		{Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false},
+	}
+	utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes)
 }
 
 // Extra cases

x/pki/tests/handler_add_noc_root_cert_test.go

@@ -20,17 +20,28 @@ func TestHandler_AddNocRootCert(t *testing.T) {
 	accAddress := setup.CreateVendorAccount(testconstants.Vid)
 
 	// add NOC root certificate
+	rootCertificate := utils.CreateTestNocRoot1Cert()
 	utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1)
 
-	// Check: Noc + All + UniqueCertificate
-	utils.EnsureNocRootCertificateExist(
-		t,
-		setup,
-		testconstants.NocRootCert1Subject,
-		testconstants.NocRootCert1SubjectKeyID,
-		testconstants.NocCert1Issuer,
-		testconstants.NocRootCert1SerialNumber,
-		testconstants.Vid)
+	// Check indexes
+	indexes := []utils.TestIndex{
+		{Key: types.AllCertificatesKeyPrefix, Exist: true},
+		{Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true},
+		{Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true},
+		{Key: types.NocCertificatesKeyPrefix, Exist: true},
+		{Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true},
+		{Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true},
+		{Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true},
+		{Key: types.NocRootCertificatesKeyPrefix, Exist: true},
+		{Key: types.NocIcaCertificatesKeyPrefix, Exist: false},
+		{Key: types.UniqueCertificateKeyPrefix, Exist: true},
+		{Key: types.ProposedCertificateKeyPrefix, Exist: false},
+		{Key: types.ApprovedCertificatesKeyPrefix, Exist: false},
+		{Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false},
+		{Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false},
+		{Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false},
+	}
+	utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes)
 }
 
 // Extra cases
@@ -91,7 +102,7 @@ func TestHandler_AddNocX509RootCert_Renew(t *testing.T) {
 	require.Equal(t, &newNocCertificate, nocCertificatesBySubjectKeyID[0].Certs[0])
 
 	// query noc root certificate by VID
-	nocRootCertificates, err := utils.QueryNocRootCertificates(setup, testconstants.Vid)
+	nocRootCertificates, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid)
 	require.NoError(t, err)
 	require.Equal(t, len(nocRootCertificates.Certs), 2)
 	require.Equal(t, &newNocCertificate, nocRootCertificates.Certs[1])