Finalized all certs by SKID

zigbee-alliance · ashcherbakov · Nov 19, 2024 · Nov 13, 2024 · Nov 18, 2024 · Nov 18, 2024
commit 7268e3ce321c67a5bdc9a425bdc074885ee154b0
diff --git a/docs/transactions.md b/docs/transactions.md
@@ -170,7 +170,8 @@ Please make sure that TLS is enabled in gRPC, REST or Light Client Proxy for sec
 | **GLOBAL - Work for all certificate types (DA, NOC)**                                                                                                                               |                                                                                                                                                                                                                                                                                                                                           |
 | [GET_CERT](transactions/pki.md#get_cert) <br><br> Gets a certificate (PAA, PAI, RCAC, ICAC)                                                                                         | CLI `dcld query pki cert --subject=<base64 string> --subject-key-id=<hex string>` <br><br> GET `/dcl/pki/all-certificates/{subject}/{subject_key_id}`                                                                                                                                                                                     |
 | [GET_ALL_CERTS](transactions/pki.md#get_all_certs) <br><br> Gets all certificates (PAA, PAI, RCAC, ICAC)                                                                            | CLI `dcld query pki all-certs`  <br><br> GET `/dcl/pki/all-certificates`                                                                                                                                                                                                                                                                  |
-| [GET_ALL_CERTS_BY_SUBJECT](transactions/pki.md#get_all_certs_by_subject) <br><br>                                                                                                   | CLI `dcld query pki all-subject-certs --subject=<base64 string>`  <br><br> GET `/dcl/pki/all-certificates/{subject}`                                                                                                                                                                                                                      |
+| [GET_ALL_CERTS_BY_SUBJECT](transactions/pki.md#get_all_certs_by_subject) <br><br> Gets all certificates associated with a subject (PAA, PAI, RCAC, ICAC)                            | CLI `dcld query pki all-subject-certs --subject=<base64 string>`  <br><br> GET `/dcl/pki/all-certificates/{subject}`                                                                                                                                                                                                                      |
+| [GET_ALL_CERTS_BY_SKID](transactions/pki.md#get_all_certs_by_skid) <br><br> Gets all certificates by the given subject key ID (PAA, PAI, RCAC, ICAC)                                | CLI `dcld query pki cert --subject-key-id=<hex string>`  <br><br> GET `/dcl/pki/all-certificates?subjectKeyId={subjectKeyId}`                                                                                                                                                                                                             |
 | [GET_CHILD_CERTS](transactions/pki.md#get_child_certs) <br><br> Gets all child certificates for the given certificate (PAA, PAI, RCAC, ICAC)                                        | CLI `dcld query pki all-child-x509-certs --subject=<base64 string> --subject-key-id=<hex string>`  <br><br> GET `/dcl/pki/child-certificates/{subject}/{subject_key_id}`                                                                                                                                                                  |
 | **DA - Work for DA certificate types (PAA, PAI)**                                                                                                                                   |                                                                                                                                                                                                                                                                                                                                           |
 | [PROPOSE_ADD_PAA](transactions/pki.md#propose_add_paa) <br><br> Proposes a new PAA (self-signed root certificate)                                                                   | CLI `dcld tx pki propose-add-x509-root-cert --certificate=<string-or-path>` <br><br> POST `/cosmos/tx/v1beta1/txs`([MsgProposeAddX509RootCert](https://github.com/zigbee-alliance/distributed-compliance-ledger/blob/master/proto/zigbeealliance/distributedcomplianceledger/pki/tx.proto#L34))                                           |

diff --git a/docs/transactions/pki.md b/docs/transactions/pki.md
@@ -67,6 +67,24 @@ Use [GET_ALL_REVOKED_NOC_ICA_CERTS](#get_all_revoked_noc_ica-icacs) to get a lis
 - REST API:
   - GET `/dcl/pki/all-certificates/{subject}`
 
+#### GET_ALL_CERTS_BY_SKID
+
+**Status: Implemented**
+
+Gets all certificates by the given subject key ID attribute. This query works for all types certificates (PAA, PAI, RCAC, ICAC).
+
+Revoked certificates are not returned.
+Use [GET_ALL_REVOKED_DA_CERTS](#get_all_revoked_da_certs) to get a list of all revoked DA certificates.
+Use [GET_ALL_REVOKED_NOC_ROOT_CERTS](#get_all_revoked_noc_root-rcacs) to get a list of all revoked Noc Root certificates.
+Use [GET_ALL_REVOKED_NOC_ICA_CERTS](#get_all_revoked_noc_ica-icacs) to get a list of all revoked Noc ICA certificates.
+
+- Parameters:
+  - subject_key_id: `string`  - certificates's `Subject Key Id` in hex string format, e.g: `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB`
+- CLI command:
+  - `dcld query pki cert --subject-key-id=<hex string>`
+- REST API:
+  - GET `/dcl/pki/all-certificates?subjectKeyId={subjectKeyId}`
+
 #### GET_CHILD_CERTS
 
 **Status: Implemented**

diff --git a/integration_tests/cli/pki-combine-certs.sh b/integration_tests/cli/pki-combine-certs.sh
@@ -285,12 +285,12 @@ test_divider
 
 echo "Request certificates by subject key id"
 echo "Request DA certificate using global command"
-result=$(dcld query pki certs --subject-key-id="$da_root_subject_key_id")
+result=$(dcld query pki cert --subject-key-id="$da_root_subject_key_id")
 echo $result | jq
 check_response "$result" "\"subjectKeyId\": \"$da_root_subject_key_id\""
 
 echo "Request NOC certificate using global command"
-result=$(dcld query pki certs --subject-key-id="$noc_root_subject_key_id")
+result=$(dcld query pki cert --subject-key-id="$noc_root_subject_key_id")
 echo $result | jq
 check_response "$result" "\"subjectKeyId\": \"$noc_root_subject_key_id\""
 

diff --git a/integration_tests/grpc_rest/pki/helpers.go b/integration_tests/grpc_rest/pki/helpers.go
diff --git a/x/pki/handler_test.go b/x/pki/handler_test.go
@@ -949,7 +949,7 @@ func ensureCertificateNotPresentInGlobalCertificateIndexes(
 	_, err := querySingleCertificateFromAllCertificatesIndex(setup, subject, subjectKeyID)
 	require.Equal(t, codes.NotFound, status.Code(err))
 
-	// DaCertificates: SubjectKeyID
+	// AllCertificate: SKID
 	certificatesBySubjectKeyID, _ := queryAllCertificatesBySubjectKeyID(setup, subjectKeyID)
 	require.Empty(t, certificatesBySubjectKeyID)