@@ -7,6 +7,9 @@ noc_root_cert_1_subject_key_id="44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:
77noc_root_cert_1_serial_number=" 47211865327720222621302679792296833381734533449"
88noc_root_cert_1_subject_as_text=" CN=NOC-1,OU=Testing Division,O=Example Company,L=Tashkent,ST=Some State,C=UZ"
99
10+ noc_root_cert_1_copy_path=" integration_tests/constants/noc_root_cert_1_copy"
11+ noc_root_cert_1_copy_serial_number=" 460647353168152946606945669687905527879095841977"
12+
1013noc_root_cert_2_path=" integration_tests/constants/noc_root_cert_2"
1114noc_root_cert_2_subject=" MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMg=="
1215noc_root_cert_2_subject_key_id=" CF:E6:DD:37:2B:4C:B2:B9:A9:F2:75:30:1C:AA:B1:37:1B:11:7F:1B"
@@ -22,13 +25,18 @@ noc_root_cert_3_subject_as_text="CN=NOC-3,O=Internet Widgits Pty Ltd,ST=Some-Sta
2225noc_cert_1_path=" integration_tests/constants/noc_cert_1"
2326noc_cert_1_subject=" MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ=="
2427noc_cert_1_subject_key_id=" 02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3"
25- noc_cert_1_serial_number=" 674670448117546613288490437900193266085116131998 "
28+ noc_cert_1_serial_number=" 631388393741945881054190991612463928825155142122 "
2629
2730noc_cert_2_path=" integration_tests/constants/noc_cert_2"
2831noc_cert_2_subject=" MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg=="
2932noc_cert_2_subject_key_id=" 87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD"
3033noc_cert_2_serial_number=" 361372967010167010646904372658654439710639340814"
3134
35+ noc_leaf_cert_1_path=" integration_tests/constants/noc_leaf_cert_1"
36+ noc_leaf_cert_1_subject=" MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0x"
37+ noc_leaf_cert_1_subject_key_id=" 77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01"
38+ noc_leaf_cert_1_serial_number=" 281347277961838999749763518155363401757954575313"
39+
3240trustee_account=" jack"
3341second_trustee_account=" alice"
3442
@@ -237,4 +245,122 @@ check_response "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\""
237245check_response " $result " " \" serialNumber\" : \" $noc_cert_2_serial_number \" "
238246echo $result | jq
239247
248+ test_divider
249+
250+ echo " Add third NOC root certificate by vendor with VID = $vid "
251+ result=$( echo " $passphrase " | dcld tx pki add-noc-x509-root-cert --certificate=" $noc_root_cert_1_copy_path " $vendor_account --yes)
252+ check_response " $result " " \" code\" : 0"
253+
254+ echo " Add NOC leaf certificate by vendor with VID = $vid "
255+ result=$( echo " $passphrase " | dcld tx pki add-noc-x509-cert --certificate=" $noc_leaf_cert_1_path " $vendor_account --yes)
256+ check_response " $result " " \" code\" : 0"
257+
258+ echo " Request All NOC root certificate"
259+ result=$( dcld query pki all-noc-x509-root-certs)
260+ echo $result | jq
261+ check_response " $result " " \" serialNumber\" : \" $noc_root_cert_1_serial_number \" "
262+ check_response " $result " " \" serialNumber\" : \" $noc_root_cert_1_copy_serial_number \" "
263+ check_response " $result " " \" serialNumber\" : \" $noc_root_cert_2_serial_number \" "
264+
265+ echo " Request all NOC certificates"
266+ result=$( dcld query pki all-noc-x509-certs)
267+ echo $result | jq
268+ check_response " $result " " \" serialNumber\" : \" $noc_cert_1_serial_number \" "
269+ check_response " $result " " \" serialNumber\" : \" $noc_cert_2_serial_number \" "
270+ check_response " $result " " \" serialNumber\" : \" $noc_leaf_cert_1_serial_number \" "
271+
272+ echo " Try to revoke intermediate with different VID = $vid_2 "
273+ result=$( echo " $passphrase " | dcld tx pki revoke-noc-x509-root-cert --subject=" $noc_root_cert_1_subject " " $noc_root_cert_1_subject_key_id " $vendor_account_2 --yes)
274+ check_response " $result " " \" code\" : 439"
275+
276+ echo " $vendor_account Vendor revokes only root certificate, it should not revoke intermediate certificates"
277+ result=$( echo " $passphrase " | dcld tx pki revoke-noc-x509-root-cert --subject=" $noc_root_cert_1_subject " " $noc_root_cert_1_subject_key_id " $vendor_account --yes)
278+ check_response " $result " " \" code\" : 0"
279+
280+ echo " Request all revoked certificates should contain two root certificates only"
281+ result=$( dcld query pki all-revoked-x509-certs)
282+ echo $result | jq
283+ check_response " $result " " \" subject\" : \" $noc_root_cert_1_subject "
284+ check_response " $result " " \" subjectKeyId\" : \" $noc_root_cert_1_subject_key_id \" "
285+ check_response " $result " " \" serialNumber\" : \" $noc_root_cert_1_serial_number \" "
286+ check_response " $result " " \" serialNumber\" : \" $noc_root_cert_1_copy_serial_number \" "
287+ response_does_not_contain " $result " " \" subject\" : \" $noc_cert_1_subject \" "
288+ response_does_not_contain " $result " " \" subject\" : \" $noc_leaf_cert_1_subject \" "
289+
290+ echo " Request all revoked noc root certificates should contain two root certificates"
291+ result=$( dcld query pki all-revoked-noc-x509-root-certs)
292+ echo $result | jq
293+ check_response " $result " " \" subject\" : \" $noc_root_cert_1_subject "
294+ check_response " $result " " \" subjectKeyId\" : \" $noc_root_cert_1_subject_key_id \" "
295+ check_response " $result " " \" serialNumber\" : \" $noc_root_cert_1_serial_number \" "
296+ check_response " $result " " \" serialNumber\" : \" $noc_root_cert_1_copy_serial_number \" "
297+ response_does_not_contain " $result " " \" subject\" : \" $noc_cert_1_subject \" "
298+ response_does_not_contain " $result " " \" subject\" : \" $noc_leaf_cert_1_subject \" "
299+
300+ echo " Request revoked noc root certificate by subject and subjectKeyId should contain two root certificates"
301+ result=$( dcld query pki revoked-noc-x509-root-cert --subject=" $noc_root_cert_1_subject " " $noc_root_cert_1_subject_key_id " )
302+ echo $result | jq
303+ check_response " $result " " \" subject\" : \" $noc_root_cert_1_subject "
304+ check_response " $result " " \" subjectKeyId\" : \" $noc_root_cert_1_subject_key_id \" "
305+ check_response " $result " " \" serialNumber\" : \" $noc_root_cert_1_serial_number \" "
306+ check_response " $result " " \" serialNumber\" : \" $noc_root_cert_1_copy_serial_number \" "
307+ response_does_not_contain " $result " " \" subject\" : \" $noc_root_cert_2_subject \" "
308+ response_does_not_contain " $result " " \" subject\" : \" $noc_root_cert_3_subject \" "
309+
310+ echo " Request all x509 root revoked certificates should not contain revoked NOC root certificates"
311+ result=$( dcld query pki all-revoked-x509-root-certs)
312+ response_does_not_contain " $result " " \" subject\" : \" $noc_root_cert_1_subject \" "
313+ response_does_not_contain " $result " " \" subjectKeyId\" : \" $noc_root_cert_1_subject_key_id \" "
314+ response_does_not_contain " $result " " \" serialNumber\" : \" $noc_root_cert_1_serial_number \" "
315+ response_does_not_contain " $result " " \" serialNumber\" : \" $noc_root_cert_1_copy_serial_number \" "
316+ echo $result | jq
317+
318+ echo " Request NOC certificate by VID must not contain revoked root certificates"
319+ result=$( dcld query pki noc-x509-root-certs --vid=" $vid " )
320+ check_response " $result " " Not Found"
321+ response_does_not_contain " $result " " \" subject\" : \" $noc_root_cert_1_subject \" "
322+ response_does_not_contain " $result " " \" subjectKeyId\" : \" $noc_root_cert_1_subject_key_id \" "
323+ response_does_not_contain " $result " " \" serialNumber\" : \" $noc_root_cert_1_serial_number \" "
324+ response_does_not_contain " $result " " \" serialNumber\" : \" $noc_root_cert_1_copy_serial_number \" "
325+ echo $result | jq
326+
327+ echo " Request all certificates by subject must be empty"
328+ result=$( dcld query pki all-subject-x509-certs --subject=" $noc_root_cert_1_subject " )
329+ response_does_not_contain " $result " " \" subject\" : \" $noc_root_cert_1_subject \" "
330+ response_does_not_contain " $result " " \" subjectKeyId\" : \" $noc_root_cert_1_subject_key_id \" "
331+ echo $result | jq
332+
333+ echo " Request all certificates by subjectKeyId must be empty"
334+ result=$( dcld query pki x509-cert --subject-key-id=" $noc_root_cert_1_subject_key_id " )
335+ check_response " $result " " Not Found"
336+ response_does_not_contain " $result " " \" subject\" : \" $noc_root_cert_1_subject \" "
337+ response_does_not_contain " $result " " \" subjectKeyId\" : \" $noc_root_cert_1_subject_key_id \" "
338+ response_does_not_contain " $result " " \" serialNumber\" : \" $noc_root_cert_1_serial_number \" "
339+ response_does_not_contain " $result " " \" serialNumber\" : \" $noc_root_cert_1_copy_serial_number \" "
340+ echo $result | jq
341+
342+ echo " Request NOC certificate by VID = $vid should contain intermediate and leaf certificates"
343+ result=$( dcld query pki noc-x509-certs --vid=" $vid " )
344+ echo $result | jq
345+ check_response " $result " " \" subject\" : \" $noc_cert_1_subject \" "
346+ check_response " $result " " \" subject\" : \" $noc_leaf_cert_1_subject \" "
347+ check_response " $result " " \" subjectKeyId\" : \" $noc_cert_1_subject_key_id \" "
348+ check_response " $result " " \" subjectKeyId\" : \" $noc_leaf_cert_1_subject_key_id \" "
349+ check_response " $result " " \" serialNumber\" : \" $noc_cert_1_serial_number \" "
350+ check_response " $result " " \" serialNumber\" : \" $noc_leaf_cert_1_serial_number \" "
351+
352+ echo " Request all approved certificates should not contain revoked NOC root certificates"
353+ result=$( dcld query pki all-x509-certs)
354+ check_response " $result " " \" subject\" : \" $noc_cert_1_subject \" "
355+ check_response " $result " " \" subjectKeyId\" : \" $noc_cert_1_subject_key_id \" "
356+ check_response " $result " " \" serialNumber\" : \" $noc_cert_1_serial_number \" "
357+ check_response " $result " " \" subject\" : \" $noc_leaf_cert_1_subject \" "
358+ check_response " $result " " \" subjectKeyId\" : \" $noc_leaf_cert_1_subject_key_id \" "
359+ check_response " $result " " \" serialNumber\" : \" $noc_leaf_cert_1_serial_number \" "
360+ response_does_not_contain " $result " " \" subject\" : \" $noc_root_cert_1_subject \" "
361+ response_does_not_contain " $result " " \" subjectKeyId\" : \" $noc_root_cert_1_subject_key_id \" "
362+ response_does_not_contain " $result " " \" serialNumber\" : \" $noc_root_cert_1_serial_number \" "
363+ response_does_not_contain " $result " " \" serialNumber\" : \" $noc_root_cert_1_copy_serial_number \" "
364+ echo $result | jq
365+
240366test_divider
0 commit comments