Skip to content

Commit c76de5c

Browse files
ashcherbakovashcherbakov
authored
Merge pull request #617 from zigbee-alliance/certificates-by-skid
Added index for all certificates by subject key id
2 parents d2a1af3 + 8eac7f5 commit c76de5c

File tree

56 files changed

+1956
-840
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

56 files changed

+1956
-840
lines changed

docs/static/openapi.yml

+4
Original file line numberDiff line numberDiff line change
@@ -9435,6 +9435,10 @@ paths:
94359435
in: query
94369436
required: false
94379437
type: boolean
9438+
- name: subjectKeyId
9439+
in: query
9440+
required: false
9441+
type: string
94389442
tags:
94399443
- Query
94409444
/dcl/pki/all-certificates/{subject}:

docs/transactions.md

+2-1
Original file line numberDiff line numberDiff line change
@@ -170,7 +170,8 @@ Please make sure that TLS is enabled in gRPC, REST or Light Client Proxy for sec
170170
| **GLOBAL - Work for all certificate types (DA, NOC)** | |
171171
| [GET_CERT](transactions/pki.md#get_cert) <br><br> Gets a certificate (PAA, PAI, RCAC, ICAC) | CLI `dcld query pki cert --subject=<base64 string> --subject-key-id=<hex string>` <br><br> GET `/dcl/pki/all-certificates/{subject}/{subject_key_id}` |
172172
| [GET_ALL_CERTS](transactions/pki.md#get_all_certs) <br><br> Gets all certificates (PAA, PAI, RCAC, ICAC) | CLI `dcld query pki all-certs` <br><br> GET `/dcl/pki/all-certificates` |
173-
| [GET_ALL_CERTS_BY_SUBJECT](transactions/pki.md#get_all_certs_by_subject) <br><br> | CLI `dcld query pki all-subject-certs --subject=<base64 string>` <br><br> GET `/dcl/pki/all-certificates/{subject}` |
173+
| [GET_ALL_CERTS_BY_SUBJECT](transactions/pki.md#get_all_certs_by_subject) <br><br> Gets all certificates associated with a subject (PAA, PAI, RCAC, ICAC) | CLI `dcld query pki all-subject-certs --subject=<base64 string>` <br><br> GET `/dcl/pki/all-certificates/{subject}` |
174+
| [GET_ALL_CERTS_BY_SKID](transactions/pki.md#get_all_certs_by_skid) <br><br> Gets all certificates by the given subject key ID (PAA, PAI, RCAC, ICAC) | CLI `dcld query pki cert --subject-key-id=<hex string>` <br><br> GET `/dcl/pki/all-certificates?subjectKeyId={subjectKeyId}` |
174175
| [GET_CHILD_CERTS](transactions/pki.md#get_child_certs) <br><br> Gets all child certificates for the given certificate (PAA, PAI, RCAC, ICAC) | CLI `dcld query pki all-child-x509-certs --subject=<base64 string> --subject-key-id=<hex string>` <br><br> GET `/dcl/pki/child-certificates/{subject}/{subject_key_id}` |
175176
| **DA - Work for DA certificate types (PAA, PAI)** | |
176177
| [PROPOSE_ADD_PAA](transactions/pki.md#propose_add_paa) <br><br> Proposes a new PAA (self-signed root certificate) | CLI `dcld tx pki propose-add-x509-root-cert --certificate=<string-or-path>` <br><br> POST `/cosmos/tx/v1beta1/txs`([MsgProposeAddX509RootCert](https://github.com/zigbee-alliance/distributed-compliance-ledger/blob/master/proto/zigbeealliance/distributedcomplianceledger/pki/tx.proto#L34)) |

docs/transactions/pki.md

+18
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,24 @@ Use [GET_ALL_REVOKED_NOC_ICA_CERTS](#get_all_revoked_noc_ica-icacs) to get a lis
6767
- REST API:
6868
- GET `/dcl/pki/all-certificates/{subject}`
6969

70+
#### GET_ALL_CERTS_BY_SKID
71+
72+
**Status: Implemented**
73+
74+
Gets all certificates by the given subject key ID attribute. This query works for all types certificates (PAA, PAI, RCAC, ICAC).
75+
76+
Revoked certificates are not returned.
77+
Use [GET_ALL_REVOKED_DA_CERTS](#get_all_revoked_da_certs) to get a list of all revoked DA certificates.
78+
Use [GET_ALL_REVOKED_NOC_ROOT_CERTS](#get_all_revoked_noc_root-rcacs) to get a list of all revoked Noc Root certificates.
79+
Use [GET_ALL_REVOKED_NOC_ICA_CERTS](#get_all_revoked_noc_ica-icacs) to get a list of all revoked Noc ICA certificates.
80+
81+
- Parameters:
82+
- subject_key_id: `string` - certificates's `Subject Key Id` in hex string format, e.g: `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB`
83+
- CLI command:
84+
- `dcld query pki cert --subject-key-id=<hex string>`
85+
- REST API:
86+
- GET `/dcl/pki/all-certificates?subjectKeyId={subjectKeyId}`
87+
7088
#### GET_CHILD_CERTS
7189

7290
**Status: Implemented**

integration_tests/cli/pki-combine-certs.sh

+35
Original file line numberDiff line numberDiff line change
@@ -283,6 +283,41 @@ response_does_not_contain "$result" "\"subjectKeyId\": \"$da_root_subject_key_id
283283

284284
test_divider
285285

286+
echo "Request certificates by subject key id"
287+
echo "Request DA certificate using global command"
288+
result=$(dcld query pki cert --subject-key-id="$da_root_subject_key_id")
289+
echo $result | jq
290+
check_response "$result" "\"subjectKeyId\": \"$da_root_subject_key_id\""
291+
292+
echo "Request NOC certificate using global command"
293+
result=$(dcld query pki cert --subject-key-id="$noc_root_subject_key_id")
294+
echo $result | jq
295+
check_response "$result" "\"subjectKeyId\": \"$noc_root_subject_key_id\""
296+
297+
echo "Request DA certificate"
298+
result=$(dcld query pki x509-cert --subject-key-id="$da_root_subject_key_id")
299+
echo $result | jq
300+
check_response "$result" "\"subjectKeyId\": \"$da_root_subject_key_id\""
301+
302+
echo "Request NOC certificate using DA command (must be empty)"
303+
result=$(dcld query pki x509-cert --subject="$noc_root_subject" --subject-key-id="$noc_root_subject_key_id")
304+
echo $result | jq
305+
check_response "$result" "Not Found"
306+
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_subject_key_id\""
307+
308+
echo "Request NOC Root certificate"
309+
result=$(dcld query pki noc-x509-cert --subject="$noc_root_subject" --subject-key-id="$noc_root_subject_key_id")
310+
echo $result | jq
311+
check_response "$result" "\"subjectKeyId\": \"$noc_root_subject_key_id\""
312+
313+
echo "Request DA certificate using NOC command (must be empty)"
314+
result=$(dcld query pki noc-x509-cert --subject="$da_root_subject" --subject-key-id="$da_root_subject_key_id")
315+
echo $result | jq
316+
check_response "$result" "Not Found"
317+
response_does_not_contain "$result" "\"subjectKeyId\": \"$da_root_subject_key_id\""
318+
319+
test_divider
320+
286321
echo "Request DA certificates by subject using global command"
287322
result=$(dcld query pki all-subject-certs --subject=$da_root_subject)
288323
echo $result | jq

0 commit comments

Comments
 (0)