From e46ead6e55e565e1f0fd2a69452788392f791186 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Fri, 22 Nov 2024 17:13:40 +0300 Subject: [PATCH 01/11] Refactoring unit tests for PKI module --- integration_tests/constants/constants.go | 12 +- x/pki/tests/handler_add_noc_ica_cert_test.go | 71 +- x/pki/tests/handler_add_noc_root_cert_test.go | 38 +- x/pki/tests/handler_add_paa_cert_test.go | 211 +-- x/pki/tests/handler_add_pai_cert_test.go | 227 +-- x/pki/tests/handler_add_revocation_test.go | 71 +- x/pki/tests/handler_assign_vid_test.go | 101 +- x/pki/tests/handler_delete_revocation_test.go | 43 +- .../tests/handler_remove_noc_ica_cert_test.go | 176 ++- .../handler_remove_noc_root_cert_test.go | 176 ++- x/pki/tests/handler_remove_pai_cert_test.go | 221 +-- .../tests/handler_revoke_noc_ica_cert_test.go | 126 +- .../handler_revoke_noc_root_cert_test.go | 124 +- x/pki/tests/handler_revoke_paa_cert_test.go | 754 +++++---- x/pki/tests/handler_revoke_pai_cert_test.go | 159 +- x/pki/tests/handler_test.go | 1403 ----------------- x/pki/tests/handler_update_revocation_test.go | 149 +- x/pki/tests/test-design.md | 7 +- x/pki/tests/utils/account.go | 86 + .../tests/utils/certificate_assertions_da.go | 169 ++ .../utils/certificate_assertions_global.go | 119 ++ .../tests/utils/certificate_assertions_noc.go | 197 +++ x/pki/tests/utils/certificate_queries_da.go | 277 ++++ .../tests/utils/certificate_queries_global.go | 90 ++ x/pki/tests/utils/certificate_queries_noc.go | 242 +++ x/pki/tests/utils/data.go | 87 + x/pki/tests/utils/helpers.go | 65 + x/pki/tests/utils/setup.go | 60 + 28 files changed, 2834 insertions(+), 2627 deletions(-) delete mode 100644 x/pki/tests/handler_test.go create mode 100644 x/pki/tests/utils/account.go create mode 100644 x/pki/tests/utils/certificate_assertions_da.go create mode 100644 x/pki/tests/utils/certificate_assertions_global.go create mode 100644 x/pki/tests/utils/certificate_assertions_noc.go create mode 100644 x/pki/tests/utils/certificate_queries_da.go create mode 100644 x/pki/tests/utils/certificate_queries_global.go create mode 100644 x/pki/tests/utils/certificate_queries_noc.go create mode 100644 x/pki/tests/utils/data.go create mode 100644 x/pki/tests/utils/helpers.go create mode 100644 x/pki/tests/utils/setup.go diff --git a/integration_tests/constants/constants.go b/integration_tests/constants/constants.go index 530df62bb..ab8acfc3d 100644 --- a/integration_tests/constants/constants.go +++ b/integration_tests/constants/constants.go @@ -703,6 +703,8 @@ eujhLsD51w== RootCertWithSameSubjectAndSKIDSubjectKeyID = "33:5E:0C:07:44:F8:B5:9C:CD:55:01:9B:6D:71:23:83:6F:D0:D4:BE" RootCertWithSameSubjectAndSKID1SerialNumber = "1" RootCertWithSameSubjectAndSKID2SerialNumber = "2" + RootCertWithSameSubjectAndSKID1Issuer = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ==" + RootCertWithSameSubjectAndSKID2Issuer = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ==" IntermediateCertWithSameSubjectAndSKIDSubject = "MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQ=" IntermediateCertWithSameSubjectIssuer = RootCertWithSameSubjectAndSKIDSubject @@ -744,9 +746,13 @@ eujhLsD51w== TestSubjectKeyID = "E2:90:8D:36:9C:3C:A3:C1:13:BB:09:E2:4D:C1:CC:C5:A6:66:91:D4" TestSerialNumber = "1647312298631" - PAACertWithSameSubjectID1Subject = "MFoxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxCzAJBgNVBAsMAkRDMQ8wDQYDVQQDDAZNQVRURVI=" - PAACertWithSameSubjectID2Subject = "MGAxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxEDAOBgNVBAsMB01BVFRFUjIxEDAOBgNVBAMMB01BVFRFUjI=" - PAACertWithSameSubjectIDSubjectID = "7F:C5:4C:61:A7:2A:40:02:DA:B3:73:FB:A8:A0:AC:42:2C:44:77:05" + PAACertWithSameSubjectID1Subject = "MFoxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxCzAJBgNVBAsMAkRDMQ8wDQYDVQQDDAZNQVRURVI=" + PAACertWithSameSubjectID2Subject = "MGAxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxEDAOBgNVBAsMB01BVFRFUjIxEDAOBgNVBAMMB01BVFRFUjI=" + PAACertWithSameSubjectIDSubjectID = "7F:C5:4C:61:A7:2A:40:02:DA:B3:73:FB:A8:A0:AC:42:2C:44:77:05" + PAACertWithSameSubjectIssuer = "MFoxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxCzAJBgNVBAsMAkRDMQ8wDQYDVQQDDAZNQVRURVI=" + PAACertWithSameSubjectSerialNumber = "52395954309929518473720319596322683729415766451" + PAACertWithSameSubject2Issuer = "MGAxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxEDAOBgNVBAsMB01BVFRFUjIxEDAOBgNVBAMMB01BVFRFUjI=" + PAACertWithSameSubject2SerialNumber = "619677517297003610282920732322368299925590816980" TestVID1String = "0xA13" TestPID1String = "0xA11" diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 482be236d..8e1261c73 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -15,18 +16,18 @@ import ( // Main func TestHandler_AddNocIntermediateCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) accAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - addNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // add NOC ICA certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) // Check: Noc + All + UniqueCertificate - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocCert1Subject, @@ -38,7 +39,7 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { ) // ChildCertificates: check that child certificates of issuer contains certificate identifier - ensureChildCertificateExist( + utils.EnsureChildCertificateExist( t, setup, testconstants.NocRootCert1Subject, @@ -51,14 +52,14 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { // Extra cases func TestHandler_AddNocX509Cert_Renew(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() vid := testconstants.Vid setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add NOC root certificate - addNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // Store the NOC certificate newNocCertificate := types.NewNocCertificate( @@ -95,18 +96,18 @@ func TestHandler_AddNocX509Cert_Renew(t *testing.T) { require.NoError(t, err) // query noc certificate by Subject and SKID - nocCertificates, err := queryNocCertificates(setup, newNocCertificate.Subject, newNocCertificate.SubjectKeyId) + nocCertificates, err := utils.QueryNocCertificates(setup, newNocCertificate.Subject, newNocCertificate.SubjectKeyId) require.NoError(t, err) require.Equal(t, len(nocCertificates.Certs), 2) require.Equal(t, &newNocCertificate, nocCertificates.Certs[0]) // query noc certificate by Subject - nocCertificatesBySubject, err := queryNocCertificatesBySubject(setup, newNocCertificate.Subject) + nocCertificatesBySubject, err := utils.QueryNocCertificatesBySubject(setup, newNocCertificate.Subject) require.NoError(t, err) require.Equal(t, 1, len(nocCertificatesBySubject.SubjectKeyIds)) // query noc certificate by SKID - nocCertificatesBySubjectKeyID, err := queryAllNocCertificatesBySubjectKeyID(setup, newNocCertificate.SubjectKeyId) + nocCertificatesBySubjectKeyID, err := utils.QueryNocCertificatesBySubjectKeyID(setup, newNocCertificate.SubjectKeyId) require.NoError(t, err) require.Equal(t, 1, len(nocCertificatesBySubjectKeyID)) require.Equal(t, 2, len(nocCertificatesBySubjectKeyID[0].Certs)) @@ -115,7 +116,7 @@ func TestHandler_AddNocX509Cert_Renew(t *testing.T) { require.Equal(t, vid, nocCertificatesBySubjectKeyID[0].Certs[0].Vid) // query noc certificate by VID - nocCertificatesByVid, err := queryNocIcaCertificatesByVid(setup, testconstants.Vid) + nocCertificatesByVid, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, len(nocCertificatesByVid.Certs), 2) require.Equal(t, testconstants.NocCert1Subject, nocCertificatesByVid.Certs[0].Subject) @@ -126,7 +127,7 @@ func TestHandler_AddNocX509Cert_Renew(t *testing.T) { // Error cases func TestHandler_AddNocX509Cert_SenderNotVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Trustee1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509Cert) @@ -135,16 +136,16 @@ func TestHandler_AddNocX509Cert_SenderNotVendor(t *testing.T) { } func TestHandler_AddNocX509Cert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() vid := testconstants.Vid setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) - newAccAddress := GenerateAccAddress() + newAccAddress := utils.GenerateAccAddress() setup.AddAccount(newAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 1111) // try to add NOC certificate @@ -154,9 +155,9 @@ func TestHandler_AddNocX509Cert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing } func TestHandler_AddNocX509Cert_ForInvalidCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() vid := testconstants.Vid setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) @@ -167,9 +168,9 @@ func TestHandler_AddNocX509Cert_ForInvalidCertificate(t *testing.T) { } func TestHandler_AddXNoc509Cert_ForNocRootCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() vid := testconstants.Vid setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) @@ -180,21 +181,21 @@ func TestHandler_AddXNoc509Cert_ForNocRootCertificate(t *testing.T) { } func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() vid := testconstants.Vid setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // store root certificate - rootCertOptions := &rootCertOptions{ - pemCert: testconstants.RootCertWithVid, - info: testconstants.Info, - subject: testconstants.RootCertWithVidSubject, - subjectKeyID: testconstants.RootCertWithVidSubjectKeyID, - vid: testconstants.RootCertWithVidVid, + rootCertOptions := &utils.RootCertOptions{ + PemCert: testconstants.RootCertWithVid, + Info: testconstants.Info, + Subject: testconstants.RootCertWithVidSubject, + SubjectKeyID: testconstants.RootCertWithVidSubjectKeyID, + Vid: testconstants.RootCertWithVidVid, } - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // try to add root certificate x509 certificate addX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) @@ -203,9 +204,9 @@ func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) { } func TestHandler_AddXNoc509Cert_WhenNocRootCertIsAbsent(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() vid := testconstants.Vid setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) @@ -217,7 +218,7 @@ func TestHandler_AddXNoc509Cert_WhenNocRootCertIsAbsent(t *testing.T) { } func TestHandler_AddNocX509Cert_CertificateExist(t *testing.T) { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() cases := []struct { name string @@ -325,12 +326,12 @@ func TestHandler_AddNocX509Cert_CertificateExist(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) vid := testconstants.Vid setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // add the existing certificate setup.Keeper.AddAllCertificate(setup.Ctx, *tc.existingCert) diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index 46b78b1a4..44934f77e 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -14,15 +15,15 @@ import ( // Main func TestHandler_AddNocRootCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) accAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - addNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // Check: Noc + All + UniqueCertificate - ensureNocRootCertificateExist( + utils.EnsureNocRootCertificateExist( t, setup, testconstants.NocRootCert1Subject, @@ -35,13 +36,13 @@ func TestHandler_AddNocRootCert(t *testing.T) { // Extra cases func TestHandler_AddNocX509RootCert_Renew(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // Store the NOC root certificate - nocRootCertificate := rootCertificate(accAddress) + nocRootCertificate := utils.RootCertificate(accAddress) nocRootCertificate.SerialNumber = testconstants.TestSerialNumber nocRootCertificate.CertificateType = types.CertificateType_OperationalPKI nocRootCertificate.Approvals = nil @@ -60,7 +61,7 @@ func TestHandler_AddNocX509RootCert_Renew(t *testing.T) { setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) // new NOC root certificate - newNocCertificate := rootCertificate(accAddress) + newNocCertificate := utils.RootCertificate(accAddress) newNocCertificate.CertificateType = types.CertificateType_OperationalPKI newNocCertificate.Approvals = nil newNocCertificate.Rejects = nil @@ -71,41 +72,40 @@ func TestHandler_AddNocX509RootCert_Renew(t *testing.T) { require.NoError(t, err) // query noc root certificate by Subject and SKID - nocCertificates, err := queryNocCertificates(setup, newNocCertificate.Subject, newNocCertificate.SubjectKeyId) + nocCertificates, err := utils.QueryNocCertificates(setup, newNocCertificate.Subject, newNocCertificate.SubjectKeyId) require.NoError(t, err) require.Equal(t, len(nocCertificates.Certs), 2) require.Equal(t, &newNocCertificate, nocCertificates.Certs[1]) // query noc root certificate by Subject - nocCertificatesBySubject, err := queryNocCertificatesBySubject(setup, newNocCertificate.Subject) + nocCertificatesBySubject, err := utils.QueryNocCertificatesBySubject(setup, newNocCertificate.Subject) require.NoError(t, err) require.Equal(t, 1, len(nocCertificatesBySubject.SubjectKeyIds)) require.Equal(t, newNocCertificate.SubjectKeyId, nocCertificatesBySubject.SubjectKeyIds[0]) // query noc root certificate by SKID - nocCertificatesBySubjectKeyID, err := queryAllNocCertificatesBySubjectKeyID(setup, newNocCertificate.SubjectKeyId) + nocCertificatesBySubjectKeyID, err := utils.QueryNocCertificatesBySubjectKeyID(setup, newNocCertificate.SubjectKeyId) require.NoError(t, err) require.Equal(t, 1, len(nocCertificatesBySubjectKeyID)) require.Equal(t, 1, len(nocCertificatesBySubjectKeyID[0].Certs)) require.Equal(t, &newNocCertificate, nocCertificatesBySubjectKeyID[0].Certs[0]) // query noc root certificate by VID - nocRootCertificates, err := queryNocRootCertificates(setup, testconstants.Vid) + nocRootCertificates, err := utils.QueryNocRootCertificates(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, len(nocRootCertificates.Certs), 2) require.Equal(t, &newNocCertificate, nocRootCertificates.Certs[1]) // query noc root certificate by VID and SKID - renewedNocRootCertificate, tq, err := querySingleNocCertificateByVidAndSkid(setup, testconstants.Vid, newNocCertificate.SubjectKeyId) + renewedNocRootCertificate, err := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, newNocCertificate.SubjectKeyId) require.NoError(t, err) - require.Equal(t, &newNocCertificate, renewedNocRootCertificate) - require.Equal(t, float32(1), tq) + require.Equal(t, &newNocCertificate, renewedNocRootCertificate.Certs[0]) } // Error cases func TestHandler_AddNocX509RootCert_SenderNotVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) @@ -115,7 +115,7 @@ func TestHandler_AddNocX509RootCert_SenderNotVendor(t *testing.T) { } func TestHandler_AddNocX509RootCert_InvalidCertificate(t *testing.T) { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() cases := []struct { name string @@ -149,7 +149,7 @@ func TestHandler_AddNocX509RootCert_InvalidCertificate(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(accAddress, []dclauthtypes.AccountRole{tc.accountRole}, tc.accountVid) addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), tc.nocRoorCert, testconstants.CertSchemaVersion) @@ -160,7 +160,7 @@ func TestHandler_AddNocX509RootCert_InvalidCertificate(t *testing.T) { } func TestHandler_AddNocX509RootCert_CertificateExist(t *testing.T) { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() cases := []struct { name string @@ -232,7 +232,7 @@ func TestHandler_AddNocX509RootCert_CertificateExist(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the existing certificate diff --git a/x/pki/tests/handler_add_paa_cert_test.go b/x/pki/tests/handler_add_paa_cert_test.go index e68a07987..66087d74f 100644 --- a/x/pki/tests/handler_add_paa_cert_test.go +++ b/x/pki/tests/handler_add_paa_cert_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "math" "math/rand" "testing" @@ -19,7 +20,7 @@ import ( // Main func TestHandler_ProposeAddDaRootCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose DA root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( @@ -33,7 +34,7 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { require.NoError(t, err) // Check: ProposedCertificate - present - proposedCertificate, _ := queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) require.Equal(t, proposeAddX509RootCert.Signer, proposedCertificate.Owner) require.Equal(t, testconstants.RootSubject, proposedCertificate.Subject) @@ -50,27 +51,29 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID)) // Check: Approved DA - empty - ensureCertificateNotPresentInDaCertificateIndexes( + utils.EnsureCertificateNotPresentInDaCertificateIndexes( t, setup, testconstants.RootSubject, testconstants.RootSubjectKeyID, true, false, + false, ) // Check: Global - empty - ensureGlobalCertificateNotExist( + utils.EnsureGlobalCertificateNotExist( t, setup, testconstants.RootSubject, testconstants.RootSubjectKeyID, false, + false, ) } func TestHandler_AddDaRootCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose add x509 root certificate by trustee proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( @@ -102,7 +105,7 @@ func TestHandler_AddDaRootCert(t *testing.T) { setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) // Check: DA + All + UniqueCertificate - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootSubject, @@ -112,7 +115,7 @@ func TestHandler_AddDaRootCert(t *testing.T) { } func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose x509 root certificate by account without trustee role proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( @@ -128,7 +131,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { // Create an array of trustee account from 1 to 50 trusteeAccounts := make([]sdk.AccAddress, 50) for i := 0; i < 50; i++ { - trusteeAccounts[i] = GenerateAccAddress() + trusteeAccounts[i] = utils.GenerateAccAddress() } totalAdditionalTrustees := rand.Intn(50) @@ -150,7 +153,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - _, err = querySingleApprovedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) } @@ -170,7 +173,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) // Check: DA + All + UniqueCertificate - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootSubject, @@ -180,29 +183,29 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { ) // Check: Approvals - approvedCertificate, _ := querySingleApprovedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + approvedCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Equal(t, testconstants.RootIssuer, approvedCertificate.Subject) - require.Equal(t, testconstants.RootSerialNumber, approvedCertificate.SerialNumber) - require.True(t, approvedCertificate.IsRoot) + require.Equal(t, testconstants.RootSerialNumber, approvedCertificate.Certs[0].SerialNumber) + require.True(t, approvedCertificate.Certs[0].IsRoot) // Check all approvals are present for i := 1; i < twoThirds-1; i++ { - require.Equal(t, approvedCertificate.HasApprovalFrom(trusteeAccounts[i].String()), true) + require.Equal(t, approvedCertificate.Certs[0].HasApprovalFrom(trusteeAccounts[i].String()), true) } - require.Equal(t, approvedCertificate.HasApprovalFrom(setup.Trustee1.String()), true) - require.Equal(t, approvedCertificate.HasApprovalFrom(setup.Trustee2.String()), true) + require.Equal(t, approvedCertificate.Certs[0].HasApprovalFrom(setup.Trustee1.String()), true) + require.Equal(t, approvedCertificate.Certs[0].HasApprovalFrom(setup.Trustee2.String()), true) } func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // we have 5 trustees: 1 approval comes from propose => we need 3 more approvals // store 4th trustee - fourthTrustee := GenerateAccAddress() + fourthTrustee := utils.GenerateAccAddress() setup.AddAccount(fourthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // store 5th trustee - fifthTrustee := GenerateAccAddress() + fifthTrustee := utils.GenerateAccAddress() setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account Trustee1 @@ -269,7 +272,7 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) // Check: DA + All + UniqueCertificate - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootSubject, @@ -281,14 +284,14 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) // Extra cases func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate with different serial number - rootCertificate := rootCertificate(setup.Trustee1) - rootCertificate.SerialNumber = SerialNumber + rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate.SerialNumber = utils.SerialNumber setup.Keeper.SetUniqueCertificate( setup.Ctx, - uniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), + utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), ) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) @@ -298,35 +301,35 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { require.NoError(t, err) // check - certificate, _ := querySingleApprovedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.True(t, certificate.IsRoot) - require.Equal(t, testconstants.RootIssuer, certificate.Subject) - require.Equal(t, SerialNumber, certificate.SerialNumber) + certificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + require.True(t, certificate.Certs[0].IsRoot) + require.Equal(t, testconstants.RootIssuer, certificate.Certs[0].Subject) + require.Equal(t, utils.SerialNumber, certificate.Certs[0].SerialNumber) - proposedCertificate, _ := queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Equal(t, testconstants.RootIssuer, proposedCertificate.Subject) require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) - require.NotEqual(t, certificate.SerialNumber, proposedCertificate.SerialNumber) + require.NotEqual(t, certificate.Certs[0].SerialNumber, proposedCertificate.SerialNumber) } func TestHandler_AddX509RootCertsBySubjectKeyId(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // add root certificates - rootCertOptions := &rootCertOptions{ - pemCert: testconstants.PAACertWithSameSubjectID1, - subject: testconstants.PAACertWithSameSubjectID1Subject, - subjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, - info: testconstants.Info, - vid: testconstants.Vid, + rootCertOptions := &utils.RootCertOptions{ + PemCert: testconstants.PAACertWithSameSubjectID1, + Subject: testconstants.PAACertWithSameSubjectID1Subject, + SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, + Info: testconstants.Info, + Vid: testconstants.Vid, } - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - rootCertOptions.pemCert = testconstants.PAACertWithSameSubjectID2 - rootCertOptions.subject = testconstants.PAACertWithSameSubjectID2Subject - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions.PemCert = testconstants.PAACertWithSameSubjectID2 + rootCertOptions.Subject = testconstants.PAACertWithSameSubjectID2Subject + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - approvedCertificates, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.PAACertWithSameSubjectIDSubjectID) + approvedCertificates, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.PAACertWithSameSubjectIDSubjectID) require.Equal(t, 1, len(approvedCertificates)) require.Equal(t, 2, len(approvedCertificates[0].Certs)) require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, approvedCertificates[0].SubjectKeyId) @@ -335,7 +338,7 @@ func TestHandler_AddX509RootCertsBySubjectKeyId(t *testing.T) { } func TestHandler_RejectAddDaRootCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose x509 root certificate by account Trustee1 proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -348,7 +351,7 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { require.NoError(t, err) // certificate should be in the entity , because we haven't enough reject approvals - proposedCertificate, err := queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + proposedCertificate, err := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NoError(t, err) // check proposed certificate @@ -368,14 +371,15 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { require.NoError(t, err) // certificate should not be in the entity , because we have enough reject approvals - _, err = queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Error(t, err) // certificate should be in the entity , because we have enough rejected approvals - rejectedCertificate, err := queryRejectedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + rejectedCertificates, err := utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NoError(t, err) // check rejected certificate + rejectedCertificate := rejectedCertificates.Certs[0] require.Equal(t, proposeAddX509RootCert.Cert, rejectedCertificate.PemCert) require.Equal(t, proposeAddX509RootCert.Signer, rejectedCertificate.Owner) require.Equal(t, testconstants.RootSubject, rejectedCertificate.Subject) @@ -389,7 +393,7 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { require.Equal(t, testconstants.Info, rejectedCertificate.Rejects[1].Info) // Check: Global + Approved DA + UniqueCertificate - missing - ensureDaRootCertificateNotExist( + utils.EnsureDaRootCertificateNotExist( t, setup, testconstants.RootSubject, @@ -400,7 +404,7 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { } func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose add x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) @@ -409,7 +413,7 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Trustee, } { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // approve x509 root certificate by account Trustee2 @@ -433,7 +437,7 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * } func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose add x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) @@ -442,7 +446,7 @@ func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t * for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Trustee, } { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // reject x509 root certificate by account Trustee2 @@ -466,16 +470,16 @@ func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t * } func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // we have 5 trustees: 1 approval comes from propose => we need 2 rejects to make certificate rejected // store 4th trustee - fourthTrustee := GenerateAccAddress() + fourthTrustee := utils.GenerateAccAddress() setup.AddAccount(fourthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // store 5th trustee - fifthTrustee := GenerateAccAddress() + fifthTrustee := utils.GenerateAccAddress() setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account Trustee1 @@ -489,7 +493,7 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * require.NoError(t, err) // certificate should be in the entity , because we haven't enough reject approvals - proposedCertificate, err := queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + proposedCertificate, err := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NoError(t, err) // check proposed certificate @@ -505,10 +509,11 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * require.NoError(t, err) // certificate should be in the entity , because we have enough rejected approvals - rejectedCertificate, err := queryRejectedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + rejectedCertificates, err := utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NoError(t, err) // check rejected certificate + rejectedCertificate := rejectedCertificates.Certs[0] require.Equal(t, proposeAddX509RootCert.Cert, rejectedCertificate.PemCert) require.Equal(t, proposeAddX509RootCert.Signer, rejectedCertificate.Owner) require.Equal(t, testconstants.RootSubject, rejectedCertificate.Subject) @@ -517,7 +522,7 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * } func TestHandler_ProposeAddAndRejectX509RootCert_ByTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -537,7 +542,7 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByTrustee(t *testing.T) { } func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -550,7 +555,7 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) require.NoError(t, err) // query proposed certificate - proposedCertificate, _ := queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) // check proposed certificate require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) @@ -566,9 +571,9 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) } func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -587,7 +592,7 @@ func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testin require.NoError(t, err) // query proposed certificate - proposedCertificate, _ := queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) // check proposed certificate require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) @@ -606,14 +611,14 @@ func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testin // Error cases func TestHandler_ProposeAddX509RootCert_ByNotTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Vendor, dclauthtypes.CertificationCenter, dclauthtypes.NodeAdmin, } { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // propose x509 root certificate @@ -624,7 +629,7 @@ func TestHandler_ProposeAddX509RootCert_ByNotTrustee(t *testing.T) { } func TestHandler_ProposeAddX509RootCert_ForInvalidCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.StubCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -634,7 +639,7 @@ func TestHandler_ProposeAddX509RootCert_ForInvalidCertificate(t *testing.T) { } func TestHandler_ProposeAddX509RootCert_ForNonRootCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose x509 leaf certificate as root proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.LeafCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -644,7 +649,7 @@ func TestHandler_ProposeAddX509RootCert_ForNonRootCertificate(t *testing.T) { } func TestHandler_ProposeAddX509RootCert_ProposedCertificateAlreadyExists(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose adding of x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -652,7 +657,7 @@ func TestHandler_ProposeAddX509RootCert_ProposedCertificateAlreadyExists(t *test require.NoError(t, err) // store another account - anotherAccount := GenerateAccAddress() + anotherAccount := utils.GenerateAccAddress() setup.AddAccount(anotherAccount, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose adding of the same x509 root certificate again @@ -663,13 +668,13 @@ func TestHandler_ProposeAddX509RootCert_ProposedCertificateAlreadyExists(t *test } func TestHandler_ProposeAddX509RootCert_CertificateAlreadyExists(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store x509 root certificate - rootCertificate := rootCertificate(testconstants.Address1) + rootCertificate := utils.RootCertificate(testconstants.Address1) setup.Keeper.SetUniqueCertificate( setup.Ctx, - uniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), + utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), ) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) @@ -681,13 +686,13 @@ func TestHandler_ProposeAddX509RootCert_CertificateAlreadyExists(t *testing.T) { } func TestHandler_ProposeAddX509RootCert_ForNocCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Store the NOC root certificate - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - nocRootCertificate := rootCertificate(vendorAccAddress) + nocRootCertificate := utils.RootCertificate(vendorAccAddress) nocRootCertificate.SerialNumber = testconstants.TestSerialNumber nocRootCertificate.CertificateType = types.CertificateType_OperationalPKI nocRootCertificate.Approvals = nil @@ -710,14 +715,14 @@ func TestHandler_ProposeAddX509RootCert_ForNocCertificate(t *testing.T) { } func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumberDifferentSigner(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate with different serial number - rootCertificate := rootCertificate(testconstants.Address1) - rootCertificate.SerialNumber = SerialNumber + rootCertificate := utils.RootCertificate(testconstants.Address1) + rootCertificate.SerialNumber = utils.SerialNumber setup.Keeper.SetUniqueCertificate( setup.Ctx, - uniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), + utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), ) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) @@ -730,10 +735,10 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumberDifferentSigner( } func TestHandler_ApproveAddX509RootCert_ForNotEnoughApprovals(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store account without trustee role - nonTrustee := GenerateAccAddress() + nonTrustee := utils.GenerateAccAddress() setup.AddAccount(nonTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account without trustee role @@ -748,12 +753,12 @@ func TestHandler_ApproveAddX509RootCert_ForNotEnoughApprovals(t *testing.T) { require.NoError(t, err) // query certificate - proposedCertificate, _ := queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) require.True(t, proposedCertificate.HasApprovalFrom(setup.Trustee1.String())) // query approved certificate - _, err = querySingleApprovedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) @@ -764,14 +769,8 @@ func TestHandler_ApproveAddX509RootCert_ForNotEnoughApprovals(t *testing.T) { require.NoError(t, err) // query approved certificate and we should get one back - approvedCertificate, _ := querySingleApprovedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - aprCerts, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.RootSubjectKeyID) - require.Equal(t, 1, len(aprCerts)) - require.Equal(t, 1, len(aprCerts[0].Certs)) - - certs := make([]*types.Certificate, 0) - certs = append(certs, approvedCertificate, aprCerts[0].Certs[0]) - for _, cert := range certs { + approvedCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + for _, cert := range approvedCertificate.Certs { // check require.Equal(t, testconstants.RootIssuer, cert.Subject) require.Equal(t, testconstants.RootSerialNumber, cert.SerialNumber) @@ -782,7 +781,7 @@ func TestHandler_ApproveAddX509RootCert_ForNotEnoughApprovals(t *testing.T) { } func TestHandler_ApproveAddX509RootCert_ForUnknownProposedCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // approve approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( @@ -793,7 +792,7 @@ func TestHandler_ApproveAddX509RootCert_ForUnknownProposedCertificate(t *testing } func TestHandler_ApproveAddX509RootCert_ByNotTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose add x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -805,7 +804,7 @@ func TestHandler_ApproveAddX509RootCert_ByNotTrustee(t *testing.T) { dclauthtypes.CertificationCenter, dclauthtypes.NodeAdmin, } { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // approve @@ -818,10 +817,10 @@ func TestHandler_ApproveAddX509RootCert_ByNotTrustee(t *testing.T) { } func TestHandler_ApproveAddX509RootCert_Twice(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store account without Trustee role - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose add x509 root certificate @@ -842,7 +841,7 @@ func TestHandler_ApproveAddX509RootCert_Twice(t *testing.T) { } func TestHandler_RejectX509RootCert_ByNotTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose add x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -854,7 +853,7 @@ func TestHandler_RejectX509RootCert_ByNotTrustee(t *testing.T) { dclauthtypes.CertificationCenter, dclauthtypes.NodeAdmin, } { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // reject x509 root certificate @@ -871,7 +870,7 @@ func TestHandler_RejectX509RootCert_ByNotTrustee(t *testing.T) { } func TestHandler_Duplicate_RejectX509RootCert_FromTheSameTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose add x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -890,7 +889,7 @@ func TestHandler_Duplicate_RejectX509RootCert_FromTheSameTrustee(t *testing.T) { } func TestHandler_DoubleTimeRejectX509RootCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose x509 root certificate by account Trustee1 proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -903,7 +902,7 @@ func TestHandler_DoubleTimeRejectX509RootCert(t *testing.T) { require.NoError(t, err) // certificate should be in the entity , because we haven't enough reject approvals - proposedCertificate, err := queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + proposedCertificate, err := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NoError(t, err) // check proposed certificate @@ -923,14 +922,15 @@ func TestHandler_DoubleTimeRejectX509RootCert(t *testing.T) { require.NoError(t, err) // certificate should not be in the entity , because we have enough reject approvals - _, err = queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Error(t, err) // certificate should be in the entity , because we have enough rejected approvals - rejectedCertificate, err := queryRejectedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + rejectedCertificates, err := utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NoError(t, err) // check rejected certificate + rejectedCertificate := rejectedCertificates.Certs[0] require.Equal(t, proposeAddX509RootCert.Cert, rejectedCertificate.PemCert) require.Equal(t, proposeAddX509RootCert.Signer, rejectedCertificate.Owner) require.Equal(t, testconstants.RootSubject, rejectedCertificate.Subject) @@ -949,11 +949,11 @@ func TestHandler_DoubleTimeRejectX509RootCert(t *testing.T) { require.NoError(t, err) // certificate should be in the entity , because we haven't enough reject approvals - _, err = queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NoError(t, err) // certificate should not be in the entity , because we have propose that certificate - _, err = queryRejectedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Error(t, err) // reject x509 root certificate by account Trustee3 @@ -967,10 +967,11 @@ func TestHandler_DoubleTimeRejectX509RootCert(t *testing.T) { require.NoError(t, err) // certificate should be in the entity , because we have enough rejected approvals - rejectedCertificate, err = queryRejectedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + rejectedCertificates, err = utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NoError(t, err) // check rejected certificate + rejectedCertificate = rejectedCertificates.Certs[0] require.Equal(t, proposeAddX509RootCert.Cert, rejectedCertificate.PemCert) require.Equal(t, proposeAddX509RootCert.Signer, rejectedCertificate.Owner) require.Equal(t, testconstants.RootSubject, rejectedCertificate.Subject) diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index fb6a6beb9..dd363d476 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -16,13 +17,13 @@ import ( // Main func TestHandler_AddDaIntermediateCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) accAddress := setup.CreateVendorAccount(testconstants.Vid) // add DA root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add DA PAI certificate addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) @@ -30,7 +31,7 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { require.NoError(t, err) // Check: DA + All + UniqueCertificate - ensureDaIntermediateCertificateExist( + utils.EnsureDaIntermediateCertificateExist( t, setup, testconstants.IntermediateSubject, @@ -40,7 +41,7 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { false) // ChildCertificates: check that child certificates of issuer contains certificate identifier - ensureChildCertificateExist( + utils.EnsureChildCertificateExist( t, setup, testconstants.IntermediateIssuer, @@ -57,13 +58,13 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { // Extra cases func TestHandler_AddX509Cert_VIDScoped(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // store root certificate - rootCertOptions := createPAACertWithNumericVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add x509 certificate addX509Cert := types.NewMsgAddX509Cert( @@ -74,7 +75,7 @@ func TestHandler_AddX509Cert_VIDScoped(t *testing.T) { require.NoError(t, err) // query certificate - intermediateCerts, _ := queryApprovedCertificates(setup, testconstants.PAICertWithNumericPidVidSubject, testconstants.PAICertWithNumericPidVidSubjectKeyID) + intermediateCerts, _ := utils.QueryApprovedCertificates(setup, testconstants.PAICertWithNumericPidVidSubject, testconstants.PAICertWithNumericPidVidSubjectKeyID) require.Equal(t, 1, len(intermediateCerts.Certs)) require.Equal(t, testconstants.PAICertWithNumericPidVidSubject, intermediateCerts.Certs[0].Subject) require.Equal(t, testconstants.PAICertWithNumericPidVidSubjectKeyID, intermediateCerts.Certs[0].SubjectKeyId) @@ -82,22 +83,22 @@ func TestHandler_AddX509Cert_VIDScoped(t *testing.T) { } func TestHandler_AddX509Cert_ForDifferentSerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // store intermediate certificate with different serial number - intermediateCertificate := intermediateCertificateNoVid(vendorAccAddress) - intermediateCertificate.SerialNumber = SerialNumber + intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) + intermediateCertificate.SerialNumber = utils.SerialNumber setup.Keeper.SetUniqueCertificate( setup.Ctx, - uniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), + utils.UniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), ) setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, intermediateCertificate) @@ -108,7 +109,7 @@ func TestHandler_AddX509Cert_ForDifferentSerialNumber(t *testing.T) { require.NoError(t, err) // query certificate - certificates, _ := queryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + certificates, _ := utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) // check require.Equal(t, 2, len(certificates.Certs)) @@ -128,13 +129,13 @@ func TestHandler_AddX509Cert_ForDifferentSerialNumber(t *testing.T) { } func TestHandler_AddX509Cert_ForTree(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // add root x509 certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add intermediate x509 certificate @@ -148,36 +149,36 @@ func TestHandler_AddX509Cert_ForTree(t *testing.T) { require.NoError(t, err) // query root certificate - rootCertificate, _ := querySingleApprovedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, testconstants.RootCertPem, rootCertificate.PemCert) + rootCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + require.Equal(t, testconstants.RootCertPem, rootCertificate.Certs[0].PemCert) // check child certificate identifiers of root certificate - rootCertChildren, _ := queryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + rootCertChildren, _ := utils.QueryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Equal(t, 1, len(rootCertChildren.CertIds)) require.Equal(t, - certificateIdentifier(testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID), + utils.CertificateIdentifier(testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID), *rootCertChildren.CertIds[0]) // query intermediate certificate - intermediateCertificate, _ := querySingleApprovedCertificate(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, testconstants.IntermediateCertPem, intermediateCertificate.PemCert) + intermediateCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + require.Equal(t, testconstants.IntermediateCertPem, intermediateCertificate.Certs[0].PemCert) // check child certificate identifiers of intermediate certificate - intermediateCertChildren, _ := queryChildCertificates( + intermediateCertChildren, _ := utils.QueryChildCertificates( setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Equal(t, 1, len(intermediateCertChildren.CertIds)) require.Equal(t, - certificateIdentifier(testconstants.LeafSubject, testconstants.LeafSubjectKeyID), + utils.CertificateIdentifier(testconstants.LeafSubject, testconstants.LeafSubjectKeyID), *intermediateCertChildren.CertIds[0]) // query leaf certificate - leafCertificate, _ := querySingleApprovedCertificate(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) - require.Equal(t, testconstants.LeafCertPem, leafCertificate.PemCert) + leafCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) + require.Equal(t, testconstants.LeafCertPem, leafCertificate.Certs[0].PemCert) // check child certificate identifiers of leaf certificate - leafCertChildren, err := queryChildCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) + leafCertChildren, err := utils.QueryChildCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) require.Nil(t, leafCertChildren) @@ -185,38 +186,38 @@ func TestHandler_AddX509Cert_ForTree(t *testing.T) { //nolint:funlen func TestHandler_AddX509Cert_EachChildCertRefersToTwoParentCerts(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCert := rootCertificate(setup.Trustee1) + rootCert := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCert) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCert) - setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate(rootCert.Subject, rootCert.SerialNumber)) + setup.Keeper.SetUniqueCertificate(setup.Ctx, utils.UniqueCertificate(rootCert.Subject, rootCert.SerialNumber)) // store second root certificate - rootCert = rootCertificate(setup.Trustee1) - rootCert.SerialNumber = SerialNumber + rootCert = utils.RootCertificate(setup.Trustee1) + rootCert.SerialNumber = utils.SerialNumber setup.Keeper.AddAllCertificate(setup.Ctx, rootCert) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCert) - setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate(rootCert.Subject, rootCert.SerialNumber)) + setup.Keeper.SetUniqueCertificate(setup.Ctx, utils.UniqueCertificate(rootCert.Subject, rootCert.SerialNumber)) - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // store intermediate certificate (it refers to two parent certificates) - intermediateCertificate := intermediateCertificateNoVid(vendorAccAddress) - intermediateCertificate.SerialNumber = SerialNumber + intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) + intermediateCertificate.SerialNumber = utils.SerialNumber setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, intermediateCertificate) setup.Keeper.SetUniqueCertificate( setup.Ctx, - uniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), + utils.UniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), ) - childCertID := certificateIdentifier(intermediateCertificate.Subject, intermediateCertificate.SubjectKeyId) + childCertID := utils.CertificateIdentifier(intermediateCertificate.Subject, intermediateCertificate.SubjectKeyId) rootChildCertificates := types.ChildCertificates{ Issuer: intermediateCertificate.Issuer, AuthorityKeyId: intermediateCertificate.AuthorityKeyId, @@ -235,65 +236,65 @@ func TestHandler_AddX509Cert_EachChildCertRefersToTwoParentCerts(t *testing.T) { require.NoError(t, err) // query root certificate - rootCertificates, _ := queryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + rootCertificates, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Equal(t, 2, len(rootCertificates.Certs)) // check child certificate identifiers of root certificate - rootCertChildren, _ := queryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + rootCertChildren, _ := utils.QueryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Equal(t, 1, len(rootCertChildren.CertIds)) require.Equal(t, - certificateIdentifier(testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID), + utils.CertificateIdentifier(testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID), *rootCertChildren.CertIds[0]) // query intermediate certificate - intermediateCertificates, _ := queryApprovedCertificates( + intermediateCertificates, _ := utils.QueryApprovedCertificates( setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Equal(t, 2, len(intermediateCertificates.Certs)) // check child certificate identifiers of intermediate certificate - intermediateCertChildren, _ := queryChildCertificates( + intermediateCertChildren, _ := utils.QueryChildCertificates( setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Equal(t, 1, len(intermediateCertChildren.CertIds)) require.Equal(t, - certificateIdentifier(testconstants.LeafSubject, testconstants.LeafSubjectKeyID), + utils.CertificateIdentifier(testconstants.LeafSubject, testconstants.LeafSubjectKeyID), *intermediateCertChildren.CertIds[0]) // query leaf certificate - leafCertificates, _ := queryApprovedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) + leafCertificates, _ := utils.QueryApprovedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) require.Equal(t, 1, len(leafCertificates.Certs)) // check child certificate identifiers of intermediate certificate - leafCertChildren, err := queryChildCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) + leafCertChildren, err := utils.QueryChildCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) require.Nil(t, leafCertChildren) } func TestHandler_AddX509Cert_ByNotOwnerButSameVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) // add first vendor account with VID = 1 - vendorAccAddress1 := GenerateAccAddress() + vendorAccAddress1 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // Store an intermediate certificate with the first vendor account as the owner - intermediateCertificate := intermediateCertificateNoVid(vendorAccAddress1) - intermediateCertificate.SerialNumber = SerialNumber + intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress1) + intermediateCertificate.SerialNumber = utils.SerialNumber setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) setup.Keeper.AddApprovedCertificateBySubjectKeyID(setup.Ctx, intermediateCertificate) setup.Keeper.SetUniqueCertificate( setup.Ctx, - uniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), + utils.UniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), ) // add second vendor account with VID = 1 - vendorAccAddress2 := GenerateAccAddress() + vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add an intermediate certificate with the same subject and SKID by second vendor account @@ -303,13 +304,13 @@ func TestHandler_AddX509Cert_ByNotOwnerButSameVendor(t *testing.T) { } func TestHandler_AddX509Cert_VIDScopedRoot(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertOptions := createPAACertWithNumericVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) // add x509 certificate @@ -318,20 +319,20 @@ func TestHandler_AddX509Cert_VIDScopedRoot(t *testing.T) { require.NoError(t, err) // query certificate - certs, _ := queryAllApprovedCertificates(setup) + certs, _ := utils.QueryAllApprovedCertificates(setup) require.Equal(t, 2, len(certs)) - intermediateCerts, _ := queryApprovedCertificates(setup, testconstants.PAICertWithNumericPidVidSubject, testconstants.PAICertWithNumericPidVidSubjectKeyID) + intermediateCerts, _ := utils.QueryApprovedCertificates(setup, testconstants.PAICertWithNumericPidVidSubject, testconstants.PAICertWithNumericPidVidSubjectKeyID) require.Equal(t, 1, len(intermediateCerts.Certs)) require.Equal(t, testconstants.PAICertWithNumericPidVidSubject, intermediateCerts.Certs[0].Subject) require.Equal(t, testconstants.PAICertWithNumericPidVidSubjectKeyID, intermediateCerts.Certs[0].SubjectKeyId) } func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() cases := []struct { name string - rootCertOptions *rootCertOptions + rootCertOptions *utils.RootCertOptions childCert string childCertSubject string childCertSubjectKeyID string @@ -339,7 +340,7 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { }{ { name: "VidScopedChild", - rootCertOptions: createPAACertNoVidOptions(testconstants.PAICertWithVidVid), + rootCertOptions: utils.CreatePAACertNoVidOptions(testconstants.PAICertWithVidVid), childCert: testconstants.PAICertWithNumericVid, childCertSubject: testconstants.PAICertWithNumericVidSubject, childCertSubjectKeyID: testconstants.PAICertWithNumericVidSubjectKeyID, @@ -347,7 +348,7 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { }, { name: "NonVidScopedChild", - rootCertOptions: createTestRootCertOptions(), + rootCertOptions: utils.CreateTestRootCertOptions(), childCert: testconstants.IntermediateCertPem, childCertSubject: testconstants.IntermediateSubject, childCertSubjectKeyID: testconstants.IntermediateSubjectKeyID, @@ -357,9 +358,9 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - proposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) // add vendor account setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.accountVid) @@ -370,9 +371,9 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { require.NoError(t, err) // query certificate - certs, _ := queryAllApprovedCertificates(setup) + certs, _ := utils.QueryAllApprovedCertificates(setup) require.Equal(t, 2, len(certs)) - intermediateCerts, _ := queryApprovedCertificates(setup, tc.childCertSubject, tc.childCertSubjectKeyID) + intermediateCerts, _ := utils.QueryApprovedCertificates(setup, tc.childCertSubject, tc.childCertSubjectKeyID) require.Equal(t, 1, len(intermediateCerts.Certs)) require.Equal(t, tc.childCertSubject, intermediateCerts.Certs[0].Subject) require.Equal(t, tc.childCertSubjectKeyID, intermediateCerts.Certs[0].SubjectKeyId) @@ -383,9 +384,9 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { // Error cases func TestHandler_AddX509Cert_ForInvalidCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 1) // add x509 certificate @@ -395,9 +396,9 @@ func TestHandler_AddX509Cert_ForInvalidCertificate(t *testing.T) { } func TestHandler_AddX509Cert_ForRootCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 1) // add root certificate as leaf x509 certificate @@ -407,13 +408,13 @@ func TestHandler_AddX509Cert_ForRootCertificate(t *testing.T) { } func TestHandler_AddX509Cert_ForDuplicate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 1) // store intermediate certificate @@ -427,17 +428,17 @@ func TestHandler_AddX509Cert_ForDuplicate(t *testing.T) { } func TestHandler_AddX509Cert_ForExistingNocCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // Store the NOC certificate - nocCertificate := intermediateCertificateNoVid(vendorAccAddress) + nocCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) nocCertificate.SerialNumber = testconstants.TestSerialNumber nocCertificate.CertificateType = types.CertificateType_OperationalPKI @@ -457,13 +458,13 @@ func TestHandler_AddX509Cert_ForExistingNocCertificate(t *testing.T) { } func TestHandler_AddX509Cert_NoRootCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add intermediate certificate - intermediateCertificate := intermediateCertificateNoVid(vendorAccAddress) + intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) // add leaf x509 certificate @@ -473,9 +474,9 @@ func TestHandler_AddX509Cert_NoRootCert(t *testing.T) { } func TestHandler_AddX509Cert_RootIsNoc(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.IntermediateCertWithVid1Vid) // Add NOC root certificate @@ -490,9 +491,9 @@ func TestHandler_AddX509Cert_RootIsNoc(t *testing.T) { } func TestHandler_AddX509Cert_ForAbsentDirectParentCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add intermediate x509 certificate @@ -502,7 +503,7 @@ func TestHandler_AddX509Cert_ForAbsentDirectParentCert(t *testing.T) { } func TestHandler_AddX509Cert_ForFailedCertificateVerification(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // add invalid root invalidRootCertificate := types.NewRootCertificate(testconstants.StubCertPem, @@ -510,7 +511,7 @@ func TestHandler_AddX509Cert_ForFailedCertificateVerification(t *testing.T) { testconstants.RootSerialNumber, setup.Trustee1.String(), []*types.Grant{}, []*types.Grant{}, testconstants.Vid, testconstants.SchemaVersion) setup.Keeper.AddAllCertificate(setup.Ctx, invalidRootCertificate) - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add intermediate x509 certificate @@ -520,28 +521,28 @@ func TestHandler_AddX509Cert_ForFailedCertificateVerification(t *testing.T) { } func TestHandler_AddX509Cert_ByOtherVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) // add first vendor account with VID = 1 - vendorAccAddress1 := GenerateAccAddress() + vendorAccAddress1 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // Store an intermediate certificate with the first vendor account as the owner - intermediateCertificate := intermediateCertificateNoVid(vendorAccAddress1) - intermediateCertificate.SerialNumber = SerialNumber + intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress1) + intermediateCertificate.SerialNumber = utils.SerialNumber setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) setup.Keeper.AddApprovedCertificateBySubjectKeyID(setup.Ctx, intermediateCertificate) setup.Keeper.SetUniqueCertificate( setup.Ctx, - uniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), + utils.UniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), ) // add seconf vendor account with VID = 1000 - vendorAccAddress2 := GenerateAccAddress() + vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) // add an intermediate certificate with the same subject and SKID by second vendor account @@ -551,11 +552,11 @@ func TestHandler_AddX509Cert_ByOtherVendor(t *testing.T) { } func TestHandler_AddX509Cert_SenderNotVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertOptions := createRootWithVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateRootWithVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add x509 certificate addX509Cert := types.NewMsgAddX509Cert(setup.Trustee1.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) @@ -564,25 +565,25 @@ func TestHandler_AddX509Cert_SenderNotVendor(t *testing.T) { } func TestHandler_AddX509Cert_VIDScopedRoot_NegativeCases(t *testing.T) { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() cases := []struct { name string - rootCertOptions *rootCertOptions + rootCertOptions *utils.RootCertOptions childCert string accountVid int32 err error }{ { name: "IncorrectChildVid", - rootCertOptions: createRootWithVidOptions(), + rootCertOptions: utils.CreateRootWithVidOptions(), childCert: testconstants.IntermediateCertWithVid2, accountVid: testconstants.RootCertWithVidVid, err: pkitypes.ErrCertVidNotEqualToRootVid, }, { name: "IncorrectAccountVid", - rootCertOptions: createRootWithVidOptions(), + rootCertOptions: utils.CreateRootWithVidOptions(), childCert: testconstants.IntermediateCertWithVid1, accountVid: testconstants.Vid, err: pkitypes.ErrCertVidNotEqualAccountVid, @@ -591,9 +592,9 @@ func TestHandler_AddX509Cert_VIDScopedRoot_NegativeCases(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - proposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) // add vendor account setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.accountVid) @@ -607,25 +608,25 @@ func TestHandler_AddX509Cert_VIDScopedRoot_NegativeCases(t *testing.T) { } func TestHandler_AddX509Cert_NonVIDScopedRoot_NegativeCases(t *testing.T) { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() cases := []struct { name string - rootCertOptions *rootCertOptions + rootCertOptions *utils.RootCertOptions childCert string accountVid int32 err error }{ { name: "IncorrectChildVid", - rootCertOptions: createPAACertNoVidOptions(testconstants.Vid), + rootCertOptions: utils.CreatePAACertNoVidOptions(testconstants.Vid), childCert: testconstants.PAICertWithNumericVid, accountVid: testconstants.Vid, err: pkitypes.ErrCertVidNotEqualToRootVid, }, { name: "IncorrectAccountVid", - rootCertOptions: createPAACertNoVidOptions(testconstants.PAICertWithVidVid), + rootCertOptions: utils.CreatePAACertNoVidOptions(testconstants.PAICertWithVidVid), childCert: testconstants.PAICertWithNumericVid, accountVid: testconstants.Vid, err: pkitypes.ErrCertVidNotEqualAccountVid, @@ -634,9 +635,9 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot_NegativeCases(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - proposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) // add vendor account setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.accountVid) diff --git a/x/pki/tests/handler_add_revocation_test.go b/x/pki/tests/handler_add_revocation_test.go index 37ba9801d..61228c345 100644 --- a/x/pki/tests/handler_add_revocation_test.go +++ b/x/pki/tests/handler_add_revocation_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -12,13 +13,13 @@ import ( ) func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() cases := []struct { name string accountVid int32 accountRole dclauthtypes.AccountRole - rootCertOptions *rootCertOptions + rootCertOptions *utils.RootCertOptions addRevocation *types.MsgAddPkiRevocationDistributionPoint err error }{ @@ -79,7 +80,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { name: "PAANotOnLedger", accountVid: testconstants.PAACertWithNumericVidVid, accountRole: dclauthtypes.Vendor, - rootCertOptions: createTestRootCertOptions(), + rootCertOptions: utils.CreateTestRootCertOptions(), addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(accAddress.String()), err: pkitypes.ErrCertificateDoesNotExist, }, @@ -87,7 +88,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { name: "PAANoVid_LedgerPAANoVid", accountVid: testconstants.Vid, accountRole: dclauthtypes.Vendor, - rootCertOptions: createPAACertNoVidOptions(testconstants.VendorID1), + rootCertOptions: utils.CreatePAACertNoVidOptions(testconstants.VendorID1), addRevocation: createAddRevocationMessageWithPAACertNoVid(accAddress.String(), testconstants.Vid), err: pkitypes.ErrMessageVidNotEqualRootCertVid, }, @@ -95,12 +96,12 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { name: "PAANoVid_WrongVID", accountVid: testconstants.Vid, accountRole: dclauthtypes.Vendor, - rootCertOptions: &rootCertOptions{ - pemCert: testconstants.PAACertNoVid, - info: testconstants.Info, - subject: testconstants.PAACertNoVidSubject, - subjectKeyID: testconstants.PAACertNoVidSubjectKeyID, - vid: testconstants.VendorID1, + rootCertOptions: &utils.RootCertOptions{ + PemCert: testconstants.PAACertNoVid, + Info: testconstants.Info, + Subject: testconstants.PAACertNoVidSubject, + SubjectKeyID: testconstants.PAACertNoVidSubjectKeyID, + Vid: testconstants.VendorID1, }, addRevocation: createAddRevocationMessageWithPAACertNoVid(accAddress.String(), testconstants.Vid), err: pkitypes.ErrMessageVidNotEqualRootCertVid, @@ -109,7 +110,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { name: "Invalid PAI Delegator certificate", accountVid: testconstants.LeafCertWithVidVid, accountRole: dclauthtypes.Vendor, - rootCertOptions: createRootWithVidOptions(), + rootCertOptions: utils.CreateRootWithVidOptions(), addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ Signer: accAddress.String(), Vid: testconstants.LeafCertWithVidVid, @@ -129,7 +130,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { name: "CRL Signer Certificate is not chained back to Delegator PAI certificate", accountVid: testconstants.LeafCertWithVidVid, accountRole: dclauthtypes.Vendor, - rootCertOptions: createRootWithVidOptions(), + rootCertOptions: utils.CreateRootWithVidOptions(), addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ Signer: accAddress.String(), Vid: testconstants.LeafCertWithVidVid, @@ -149,7 +150,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { name: "Delegated CRL Signer Certificate is not chained back to root certificate on DCL", accountVid: testconstants.LeafCertWithVidVid, accountRole: dclauthtypes.Vendor, - rootCertOptions: createTestRootCertOptions(), + rootCertOptions: utils.CreateTestRootCertOptions(), addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ Signer: accAddress.String(), Vid: testconstants.LeafCertWithVidVid, @@ -169,12 +170,12 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(accAddress, []dclauthtypes.AccountRole{tc.accountRole}, tc.accountVid) if tc.rootCertOptions != nil { - proposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) } _, err := setup.Handler(setup.Ctx, tc.addRevocation) @@ -184,14 +185,14 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { } func TestHandler_AddPkiRevocationDistributionPoint_PAAAlreadyExists(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) // propose and approve x509 root certificate - rootCertOptions := createPAACertWithNumericVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAACertWithNumericVid(accAddress.String()) @@ -203,41 +204,41 @@ func TestHandler_AddPkiRevocationDistributionPoint_PAAAlreadyExists(t *testing.T } func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) { - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() cases := []struct { name string - rootCertOptions *rootCertOptions + rootCertOptions *utils.RootCertOptions addRevocation *types.MsgAddPkiRevocationDistributionPoint SchemaVersion uint32 }{ { name: "PAAWithVid", - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()), SchemaVersion: 0, }, { name: "PAIWithNumericVidPid", - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()), SchemaVersion: 0, }, { name: "PAIWithStringVidPid", - rootCertOptions: createPAACertNoVidOptions(testconstants.PAICertWithPidVidVid), + rootCertOptions: utils.CreatePAACertNoVidOptions(testconstants.PAICertWithPidVidVid), addRevocation: createAddRevocationMessageWithPAICertWithVidPid(vendorAcc.String()), SchemaVersion: 0, }, { name: "PAANoVid", - rootCertOptions: createPAACertNoVidOptions(testconstants.VendorID1), + rootCertOptions: utils.CreatePAACertNoVidOptions(testconstants.VendorID1), addRevocation: createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.VendorID1), SchemaVersion: 0, }, { name: "PAIWithVid", - rootCertOptions: createPAACertNoVidOptions(testconstants.PAICertWithVidVid), + rootCertOptions: utils.CreatePAACertNoVidOptions(testconstants.PAICertWithVidVid), addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ Signer: vendorAcc.String(), Vid: testconstants.PAICertWithVidVid, @@ -254,7 +255,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) { }, { name: "CrlSignerDelegatedByPAI", - rootCertOptions: createTestRootCertOptions(), + rootCertOptions: utils.CreateTestRootCertOptions(), addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ Signer: vendorAcc.String(), Vid: 65522, @@ -272,7 +273,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) { }, { name: "CrlSignerDelegatedByPAA", - rootCertOptions: createTestRootCertOptions(), + rootCertOptions: utils.CreateTestRootCertOptions(), addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ Signer: vendorAcc.String(), Vid: 65522, @@ -291,10 +292,10 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.addRevocation.Vid) - proposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) tc.addRevocation.SchemaVersion = tc.SchemaVersion _, err := setup.Handler(setup.Ctx, tc.addRevocation) require.NoError(t, err) @@ -311,17 +312,17 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) { } func TestHandler_AddPkiRevocationDistributionPoint_DataURLNotUnique(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAICertWithPidVidVid) - baseVendorAcc := GenerateAccAddress() + baseVendorAcc := utils.GenerateAccAddress() setup.AddAccount(baseVendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // propose and approve root certificate - rootCertOptions := createPAACertNoVidOptions(testconstants.Vid) - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.Vid) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAICertWithVidPid(vendorAcc.String()) _, err := setup.Handler(setup.Ctx, addPkiRevocationDistributionPoint) diff --git a/x/pki/tests/handler_assign_vid_test.go b/x/pki/tests/handler_assign_vid_test.go index 31b148079..f0e419140 100644 --- a/x/pki/tests/handler_assign_vid_test.go +++ b/x/pki/tests/handler_assign_vid_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -14,20 +15,20 @@ import ( // Main func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - rootCertOptions.vid = 0 - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + rootCertOptions.Vid = 0 + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) assignVid := types.MsgAssignVid{ Signer: vendorAcc.String(), - Subject: rootCertOptions.subject, - SubjectKeyId: rootCertOptions.subjectKeyID, + Subject: rootCertOptions.Subject, + SubjectKeyId: rootCertOptions.SubjectKeyID, Vid: testconstants.Vid, } @@ -37,11 +38,11 @@ func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { // DA certificates indexes checks // DaCertificates: Subject and SKID - approvedCertificate, _ := querySingleApprovedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, testconstants.Vid, approvedCertificate.Vid) + approvedCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + require.Equal(t, testconstants.Vid, approvedCertificate.Certs[0].Vid) // DaCertificates: SKID - certificateBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.RootSubjectKeyID) + certificateBySubjectKeyID, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.RootSubjectKeyID) require.Equal(t, 1, len(certificateBySubjectKeyID)) require.Equal(t, 1, len(certificateBySubjectKeyID[0].Certs)) require.Equal(t, testconstants.Vid, certificateBySubjectKeyID[0].Certs[0].Vid) @@ -49,26 +50,31 @@ func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { // All certificates indexes checks // AllCertificate: Subject and SKID - allCertificate, err := querySingleCertificateFromAllCertificatesIndex(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + allCertificate, err := utils.QueryAllCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NoError(t, err) - require.Equal(t, testconstants.Vid, allCertificate.Vid) + require.Equal(t, testconstants.Vid, allCertificate.Certs[0].Vid) + + // AllCertificate: SKID + allCertificateBySkid, err := utils.QueryAllCertificatesBySubjectKeyID(setup, testconstants.RootSubjectKeyID) + require.NoError(t, err) + require.Equal(t, testconstants.Vid, allCertificateBySkid[0].Certs[0].Vid) } func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) // propose and approve x509 root certificate - rootCertOptions := createPAACertWithNumericVidOptions() - rootCertOptions.vid = 0 - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + rootCertOptions.Vid = 0 + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) assignVid := types.MsgAssignVid{ Signer: vendorAcc.String(), - Subject: rootCertOptions.subject, - SubjectKeyId: rootCertOptions.subjectKeyID, + Subject: rootCertOptions.Subject, + SubjectKeyId: rootCertOptions.SubjectKeyID, Vid: testconstants.PAACertWithNumericVidVid, } @@ -78,11 +84,11 @@ func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { // DA certificates indexes checks // DaCertificates: Subject and SKID - approvedCertificate, _ := querySingleApprovedCertificate(setup, rootCertOptions.subject, rootCertOptions.subjectKeyID) - require.Equal(t, testconstants.PAACertWithNumericVidVid, approvedCertificate.Vid) + approvedCertificate, _ := utils.QueryApprovedCertificates(setup, rootCertOptions.Subject, rootCertOptions.SubjectKeyID) + require.Equal(t, testconstants.PAACertWithNumericVidVid, approvedCertificate.Certs[0].Vid) // DaCertificates: SKID - certificateBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, rootCertOptions.subjectKeyID) + certificateBySubjectKeyID, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, rootCertOptions.SubjectKeyID) require.Equal(t, 1, len(certificateBySubjectKeyID)) require.Equal(t, 1, len(certificateBySubjectKeyID[0].Certs)) require.Equal(t, testconstants.PAACertWithNumericVidVid, certificateBySubjectKeyID[0].Certs[0].Vid) @@ -90,9 +96,14 @@ func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { // All certificates indexes checks // AllCertificate: Subject and SKID - allCertificate, err := querySingleCertificateFromAllCertificatesIndex(setup, rootCertOptions.subject, rootCertOptions.subjectKeyID) + allCertificate, err := utils.QueryAllCertificates(setup, rootCertOptions.Subject, rootCertOptions.SubjectKeyID) + require.NoError(t, err) + require.Equal(t, testconstants.PAACertWithNumericVidVid, allCertificate.Certs[0].Vid) + + // AllCertificate: SKID + allCertificateBySkid, err := utils.QueryAllCertificatesBySubjectKeyID(setup, rootCertOptions.SubjectKeyID) require.NoError(t, err) - require.Equal(t, testconstants.PAACertWithNumericVidVid, allCertificate.Vid) + require.Equal(t, testconstants.PAACertWithNumericVidVid, allCertificateBySkid[0].Certs[0].Vid) } // Extra cases @@ -100,7 +111,7 @@ func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { // Error cases func TestHandler_AssignVid_SenderNotVendorAdmin(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) assignVid := types.MsgAssignVid{ Signer: setup.Trustee1.String(), @@ -114,9 +125,9 @@ func TestHandler_AssignVid_SenderNotVendorAdmin(t *testing.T) { } func TestHandler_AssignVid_CertificateDoesNotExist(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) assignVid := types.MsgAssignVid{ @@ -131,17 +142,17 @@ func TestHandler_AssignVid_CertificateDoesNotExist(t *testing.T) { } func TestHandler_AssignVid_ForNonRootCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add x509 intermediate certificate @@ -161,19 +172,19 @@ func TestHandler_AssignVid_ForNonRootCertificate(t *testing.T) { } func TestHandler_AssignVid_CertificateAlreadyHasVid(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) // propose and approve x509 root certificate - rootCertOptions := createPAACertWithNumericVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) assignVid := types.MsgAssignVid{ Signer: vendorAcc.String(), - Subject: rootCertOptions.subject, - SubjectKeyId: rootCertOptions.subjectKeyID, + Subject: rootCertOptions.Subject, + SubjectKeyId: rootCertOptions.SubjectKeyID, Vid: testconstants.PAACertWithNumericVidVid, } @@ -182,20 +193,20 @@ func TestHandler_AssignVid_CertificateAlreadyHasVid(t *testing.T) { } func TestHandler_AssignVid_MessageVidAndCertificateVidNotEqual(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) // propose and approve x509 root certificate - rootCertOptions := createPAACertWithNumericVidOptions() - rootCertOptions.vid = 0 - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + rootCertOptions.Vid = 0 + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) assignVid := types.MsgAssignVid{ Signer: vendorAcc.String(), - Subject: rootCertOptions.subject, - SubjectKeyId: rootCertOptions.subjectKeyID, + Subject: rootCertOptions.Subject, + SubjectKeyId: rootCertOptions.SubjectKeyID, Vid: 1, } diff --git a/x/pki/tests/handler_delete_revocation_test.go b/x/pki/tests/handler_delete_revocation_test.go index 908af4135..44d5a923d 100644 --- a/x/pki/tests/handler_delete_revocation_test.go +++ b/x/pki/tests/handler_delete_revocation_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -12,15 +13,15 @@ import ( ) func TestHandler_DeletePkiRevocationDistributionPoint_NegativeCases(t *testing.T) { - accAddress := GenerateAccAddress() - vendorAcc := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() cases := []struct { name string accountVid int32 accountRole dclauthtypes.AccountRole vendorAccVid int32 - rootCertOptions *rootCertOptions + rootCertOptions *utils.RootCertOptions addRevocation *types.MsgAddPkiRevocationDistributionPoint deleteRevocation *types.MsgDeletePkiRevocationDistributionPoint err error @@ -30,7 +31,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_NegativeCases(t *testing.T accountVid: testconstants.PAACertWithNumericVidVid, accountRole: dclauthtypes.CertificationCenter, vendorAccVid: testconstants.PAACertWithNumericVidVid, - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()), deleteRevocation: &types.MsgDeletePkiRevocationDistributionPoint{ Signer: accAddress.String(), @@ -45,7 +46,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_NegativeCases(t *testing.T accountVid: testconstants.PAACertWithNumericVidVid, accountRole: dclauthtypes.CertificationCenter, vendorAccVid: testconstants.PAACertWithNumericVidVid, - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()), deleteRevocation: &types.MsgDeletePkiRevocationDistributionPoint{ Signer: accAddress.String(), @@ -71,7 +72,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_NegativeCases(t *testing.T accountVid: testconstants.VendorID1, accountRole: dclauthtypes.Vendor, vendorAccVid: testconstants.PAACertWithNumericVidVid, - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()), deleteRevocation: &types.MsgDeletePkiRevocationDistributionPoint{ Signer: accAddress.String(), @@ -86,7 +87,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_NegativeCases(t *testing.T accountVid: testconstants.VendorID1, accountRole: dclauthtypes.Vendor, vendorAccVid: testconstants.PAICertWithNumericPidVidVid, - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()), deleteRevocation: &types.MsgDeletePkiRevocationDistributionPoint{ Signer: accAddress.String(), @@ -100,13 +101,13 @@ func TestHandler_DeletePkiRevocationDistributionPoint_NegativeCases(t *testing.T for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(accAddress, []dclauthtypes.AccountRole{tc.accountRole}, tc.accountVid) setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.vendorAccVid) if tc.rootCertOptions != nil { - proposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) } if tc.addRevocation != nil { @@ -121,17 +122,17 @@ func TestHandler_DeletePkiRevocationDistributionPoint_NegativeCases(t *testing.T } func TestHandler_DeletePkiRevocationDistributionPoint_PositiveCases(t *testing.T) { - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() cases := []struct { name string - rootCertOptions *rootCertOptions + rootCertOptions *utils.RootCertOptions addRevocation *types.MsgAddPkiRevocationDistributionPoint deleteRevocation *types.MsgDeletePkiRevocationDistributionPoint }{ { name: "PAA", - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()), deleteRevocation: &types.MsgDeletePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -142,7 +143,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_PositiveCases(t *testing.T }, { name: "PAI", - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()), deleteRevocation: &types.MsgDeletePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -155,11 +156,11 @@ func TestHandler_DeletePkiRevocationDistributionPoint_PositiveCases(t *testing.T for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.deleteRevocation.Vid) - proposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) _, err := setup.Handler(setup.Ctx, tc.addRevocation) require.NoError(t, err) @@ -177,18 +178,18 @@ func TestHandler_DeletePkiRevocationDistributionPoint_PositiveCases(t *testing.T } func TestHandler_DeletePkiRevocationDistributionPoint_Multiple_SameIssuerSubjectKeyId(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) // add PAA NOVID - rootCertOptions := createPAACertNoVidOptions(testconstants.PAACertWithNumericVidVid) - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.PAACertWithNumericVidVid) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add PAA VID - rootCertOptions = createPAACertWithNumericVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions = utils.CreatePAACertWithNumericVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add Revocation Point PAA NOVID addRevocationPAANoVid := createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.PAACertWithNumericVidVid) diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index 258a4cdee..2923aa273 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -16,16 +17,16 @@ import ( // Main func TestHandler_RemoveNocIntermediateCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // add intermediate certificate - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // remove intermediate certificate removeIcaCert := types.NewMsgRemoveNocX509IcaCert( @@ -38,7 +39,7 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { require.NoError(t, err) // Check: Noc - missing - ensureCertificateNotPresentInNocCertificateIndexes( + utils.EnsureCertificateNotPresentInNocCertificateIndexes( t, setup, testconstants.NocCert1Subject, @@ -49,12 +50,13 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { ) // Check: All - missing - ensureGlobalCertificateNotExist( + utils.EnsureGlobalCertificateNotExist( t, setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, false, + false, ) // Check: UniqueCertificate - missing @@ -80,20 +82,20 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { } func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // add two intermediate certificates - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocLeafCert1) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -112,7 +114,7 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { require.NoError(t, err) // Check that intermediate certificates does not exist - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1Subject, @@ -123,7 +125,7 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { true, // leaf certificate with the same vid exists false) - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1CopySubject, @@ -135,7 +137,7 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { false) // Check that leaf certificate exists - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocLeafCert1Subject, @@ -146,7 +148,7 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { false) // Check that root certificate exists - ensureNocRootCertificateExist( + utils.EnsureNocRootCertificateExist( t, setup, testconstants.NocRootCert1Subject, @@ -156,12 +158,12 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { vid) // Check that only 2 certificates exists - nocCerts, _ = queryAllNocCertificates(setup) + nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 2, len(nocCerts)) require.Equal(t, 2, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) // query noc certificate by VID - nocCertificates, err := queryNocIcaCertificatesByVid(setup, vid) + nocCertificates, err := utils.QueryNocIcaCertificatesByVid(setup, vid) require.NoError(t, err) require.Equal(t, len(nocCertificates.Certs), 1) require.Equal(t, testconstants.NocLeafCert1Subject, nocCertificates.Certs[0].Subject) @@ -169,27 +171,27 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { } func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // Add ICA certificates - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // Add ICA certificates with sam subject and SKID but different serial number - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) // Add a leaf certificate - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocLeafCert1) // get certificates for further comparison - intermediateCerts, _ := queryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + intermediateCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, 2, len(intermediateCerts.Certs)) require.Equal(t, testconstants.NocCert1Subject, intermediateCerts.Certs[0].Subject) require.Equal(t, testconstants.NocCert1SubjectKeyID, intermediateCerts.Certs[0].SubjectKeyId) @@ -205,19 +207,19 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { require.NoError(t, err) // Check that only one intermediate certificate exists - intermediateCerts, _ = queryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + intermediateCerts, _ = utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(intermediateCerts.Certs)) - globalIntermediateCerts, _ := queryCertificatesFromAllCertificatesIndex(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + globalIntermediateCerts, _ := utils.QueryAllCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(globalIntermediateCerts.Certs)) // check that 3 certificates exists - allCerts, _ := queryAllNocCertificates(setup) + allCerts, _ := utils.QueryAllNocCertificates(setup) require.Equal(t, 3, len(allCerts)) require.Equal(t, 3, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) // Check that intermediate certificates with NocCert1CopySerialNumber exist - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocCert1CopySubject, @@ -228,7 +230,7 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { true) // Check that leaf certificate exists - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocLeafCert1Subject, @@ -239,7 +241,7 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { true) // Check that root certificate exists - ensureNocRootCertificateExist( + utils.EnsureNocRootCertificateExist( t, setup, testconstants.NocRootCert1Subject, @@ -259,12 +261,12 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { require.NoError(t, err) // check that 2 certificates exists - allCerts, _ = queryAllNocCertificates(setup) + allCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 2, len(allCerts)) require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) // Check that intermediate certificates with NocCert1SerialNumber does not exist - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1Subject, @@ -276,7 +278,7 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { false) // Check that intermediate certificates with NocCert1CopySerialNumber does not exist - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1CopySubject, @@ -288,7 +290,7 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { false) // Check that leaf certificate exists - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocLeafCert1Subject, @@ -299,7 +301,7 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { false) // Check that root certificate exists - ensureNocRootCertificateExist( + utils.EnsureNocRootCertificateExist( t, setup, testconstants.NocRootCert1Subject, @@ -309,7 +311,7 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { vid) // query noc certificate by VID - nocCertificates, err := queryNocIcaCertificatesByVid(setup, vid) + nocCertificates, err := utils.QueryNocIcaCertificatesByVid(setup, vid) require.NoError(t, err) require.Equal(t, len(nocCertificates.Certs), 1) require.Equal(t, testconstants.NocLeafCert1Subject, nocCertificates.Certs[0].Subject) @@ -317,21 +319,21 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { } func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // Add an intermediate certificate - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // Check that certificate exists - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocCert1Subject, @@ -354,7 +356,7 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { require.NoError(t, err) // Check that certificate does not exist - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1Subject, @@ -366,7 +368,7 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { true) // Check that revoked certificate exists - revokedCerts, _ := queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + revokedCerts, _ := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(revokedCerts.Certs)) require.Equal(t, testconstants.NocCert1Subject, revokedCerts.Certs[0].Subject) require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedCerts.Certs[0].SubjectKeyId) @@ -382,12 +384,12 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { require.NoError(t, err) // only one root certificate exist - allCerts, _ := queryAllNocCertificates(setup) + allCerts, _ := utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(allCerts)) require.Equal(t, true, allCerts[0].Certs[0].IsRoot) // Check that certificate does not exist - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1Subject, @@ -399,7 +401,7 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { false) // Check that revoked certificate does not exist - _, err = queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + _, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificate does not exists @@ -410,21 +412,21 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { // Extra cases func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // Add an intermediate certificate - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // Check that certificate exists - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocCert1Subject, @@ -447,7 +449,7 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) require.NoError(t, err) // Check that certificate does not exist - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1Subject, @@ -459,19 +461,19 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) true) // revocation does not remove uniqueness identifier // Check that revoked certificate exists - revokedNocCerts, err := queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + revokedNocCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(revokedNocCerts.Certs)) // Add an intermediate certificate with new serial number - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) // Ensure that only 1 certificate exists - intermediateCerts, _ := queryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + intermediateCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(intermediateCerts.Certs)) // Check that certificate exists (with new serial number) - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocCert1CopySubject, @@ -492,12 +494,12 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) require.NoError(t, err) // check that only root certificates exists - allCerts, _ := queryAllNocCertificates(setup) + allCerts, _ := utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(allCerts)) require.Equal(t, true, allCerts[0].Certs[0].IsRoot) // Check that certificate does not exist - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1CopySubject, @@ -509,23 +511,23 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) false) // Check that revoked certificate does not exist - _, err = queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + _, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) } func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // add first vendor account with VID = 1 - vendorAccAddress1 := GenerateAccAddress() + vendorAccAddress1 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add ICA certificate by fist vendor account @@ -534,7 +536,7 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { require.NoError(t, err) // add second vendor account with VID = 1 - vendorAccAddress2 := GenerateAccAddress() + vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // remove x509 certificate by second vendor account @@ -548,22 +550,22 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { require.NoError(t, err) // check that certificate removed from 'noc certificates' list - _, err = queryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + _, err = utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that certificate removed from 'noc certificates by subject' list - _, err = queryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) + _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that certificate removed from 'noc certificates by SKID' list - nocCerts, err := queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) + nocCerts, err := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 0, len(nocCerts)) // query noc certificate by VID - _, err = queryNocIcaCertificatesByVid(setup, vid) + _, err = utils.QueryNocIcaCertificatesByVid(setup, vid) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificate key is not registered @@ -571,7 +573,7 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { testconstants.NocCert1Issuer, testconstants.NocCert1SerialNumber)) // check that intermediate certificate can not be queried by vid+skid - _, err = queryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocCert1SubjectKeyID) + _, err = utils.QueryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocCert1SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) } @@ -579,11 +581,11 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { // Error cases func TestHandler_RemoveNocX509IcaCert_CertificateDoesNotExist(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) removeIcaCert := types.NewMsgRemoveNocX509IcaCert( @@ -594,15 +596,15 @@ func TestHandler_RemoveNocX509IcaCert_CertificateDoesNotExist(t *testing.T) { } func TestHandler_RemoveNocX509IcaCert_EmptyCertificatesList(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) setup.Keeper.SetNocIcaCertificates( setup.Ctx, @@ -619,18 +621,18 @@ func TestHandler_RemoveNocX509IcaCert_EmptyCertificatesList(t *testing.T) { } func TestHandler_RemoveNocX509IcaCert_ByOtherVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // add fist vendor account with VID = 1 - vendorAccAddress1 := GenerateAccAddress() + vendorAccAddress1 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add x509 certificate by `setup.Trustee` @@ -639,7 +641,7 @@ func TestHandler_RemoveNocX509IcaCert_ByOtherVendor(t *testing.T) { require.NoError(t, err) // add second vendor account with VID = 1000 - vendorAccAddress2 := GenerateAccAddress() + vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) // remove ICA certificate by second vendor account @@ -651,15 +653,15 @@ func TestHandler_RemoveNocX509IcaCert_ByOtherVendor(t *testing.T) { } func TestHandler_RemoveNocX509IcaCert_SenderNotVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // add x509 certificate addX509Cert := types.NewMsgAddNocX509IcaCert(vendorAccAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) @@ -674,10 +676,10 @@ func TestHandler_RemoveNocX509IcaCert_SenderNotVendor(t *testing.T) { } func TestHandler_RemoveNocX509IcaCert_ForNonIcaCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) setup.Keeper.SetRevokedCertificates( @@ -699,15 +701,15 @@ func TestHandler_RemoveNocX509IcaCert_ForNonIcaCertificate(t *testing.T) { } func TestHandler_RemoveNocX509IcaCert_InvalidSerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) addX509Cert := types.NewMsgAddNocX509IcaCert(vendorAccAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index 891e7d33b..4fac2f008 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -16,13 +17,13 @@ import ( // Main func TestHandler_RemoveNocRootCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificates - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // remove noc root certificate removeIcaCert := types.NewMsgRemoveNocX509RootCert( @@ -35,7 +36,7 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { require.NoError(t, err) // Check: Noc - missing - ensureCertificateNotPresentInNocCertificateIndexes( + utils.EnsureCertificateNotPresentInNocCertificateIndexes( t, setup, testconstants.NocRootCert1Subject, @@ -46,12 +47,13 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { ) // Check: All - missing - ensureGlobalCertificateNotExist( + utils.EnsureGlobalCertificateNotExist( t, setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, false, + false, ) // Check: UniqueCertificate - missing @@ -70,19 +72,19 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { } func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificates - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) // Add intermediate certificate - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -101,13 +103,13 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { require.NoError(t, err) // check that only IAC certificate exists - nocCerts, _ = queryAllNocCertificates(setup) + nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(nocCerts)) require.Equal(t, 1, len(nocCerts[0].Certs)) require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) // Check that root certificates does not exist - ensureNocRootCertificateNotExist( + utils.EnsureNocRootCertificateNotExist( t, setup, testconstants.NocRootCert1Subject, @@ -119,7 +121,7 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { false) // Check that root copy certificates does not exist - ensureNocRootCertificateNotExist( + utils.EnsureNocRootCertificateNotExist( t, setup, testconstants.NocRootCert1CopySubject, @@ -131,7 +133,7 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { false) // Check that intermediate certificates does not exist - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocCert1Subject, @@ -143,19 +145,19 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { } func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificates - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) // Add ICA certificates - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // remove NOC root certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509RootCert( @@ -167,16 +169,20 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - nocCerts, _ := queryAllNocCertificates(setup) + nocCerts, _ := utils.QueryAllNocCertificates(setup) require.Equal(t, 2, len(nocCerts)) // NocCertificates: Subject and SKID - nocCertificates, err := queryNocCertificates(setup, testconstants.NocRootCert1CopySubject, testconstants.NocRootCert1CopySubjectKeyID) + nocCertificates, err := utils.QueryNocCertificates( + setup, + testconstants.NocRootCert1CopySubject, + testconstants.NocRootCert1CopySubjectKeyID, + ) require.NoError(t, err) require.Equal(t, 1, len(nocCertificates.Certs)) // Check that root copy certificates does not exist - ensureNocRootCertificateExist( + utils.EnsureNocRootCertificateExist( t, setup, testconstants.NocRootCert1CopySubject, @@ -186,7 +192,7 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { vid) // Check that intermediate certificates does not exist - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocCert1Subject, @@ -206,13 +212,13 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { _, err = setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - nocCerts, _ = queryAllNocCertificates(setup) + nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(nocCerts)) require.Equal(t, 1, len(nocCerts[0].Certs)) require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) // Check that root certificates does not exist - ensureNocRootCertificateNotExist( + utils.EnsureNocRootCertificateNotExist( t, setup, testconstants.NocRootCert1Subject, @@ -224,7 +230,7 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { false) // Check that root copy certificates does not exist - ensureNocRootCertificateNotExist( + utils.EnsureNocRootCertificateNotExist( t, setup, testconstants.NocRootCert1CopySubject, @@ -236,7 +242,7 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { false) // Check that intermediate certificates does not exist - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocCert1Subject, @@ -248,19 +254,19 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { } func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) // Add an intermediate certificate - addNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // revoke NOC root certificates revokeX509Cert := types.NewMsgRevokeNocX509RootCert( @@ -275,7 +281,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { require.NoError(t, err) // Check that root copy certificates does not exist - ensureNocRootCertificateNotExist( + utils.EnsureNocRootCertificateNotExist( t, setup, testconstants.NocRootCert1Subject, @@ -287,7 +293,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { true) // Check that root copy certificates does not exist - ensureNocRootCertificateNotExist( + utils.EnsureNocRootCertificateNotExist( t, setup, testconstants.NocRootCert1CopySubject, @@ -298,7 +304,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { true, // intermediate certificate with the same vid exists true) - revokedCerts, _ := queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + revokedCerts, _ := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, 2, len(revokedCerts.Certs)) require.Equal(t, testconstants.NocRootCert1Subject, revokedCerts.Certs[0].Subject) require.Equal(t, testconstants.NocRootCert1SubjectKeyID, revokedCerts.Certs[0].SubjectKeyId) @@ -306,7 +312,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { require.Equal(t, testconstants.NocRootCert1CopySubjectKeyID, revokedCerts.Certs[1].SubjectKeyId) // Check that intermediate certificates does not exist - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocCert1Subject, @@ -326,12 +332,12 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { _, err = setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - allCerts, _ := queryAllNocCertificates(setup) + allCerts, _ := utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(allCerts)) require.Equal(t, testconstants.NocCert1SerialNumber, allCerts[0].Certs[0].SerialNumber) // Check that intermediate certificates does not exist - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocCert1Subject, @@ -342,7 +348,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { false) // Check that root copy certificates does not exist - ensureNocRootCertificateNotExist( + utils.EnsureNocRootCertificateNotExist( t, setup, testconstants.NocRootCert1Subject, @@ -354,7 +360,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { true) // Check that root copy certificates does not exist - ensureNocRootCertificateNotExist( + utils.EnsureNocRootCertificateNotExist( t, setup, testconstants.NocRootCert1CopySubject, @@ -366,22 +372,22 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { true) // Check that revoked certificate does not exist - _, err = queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + _, err = utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) } // Extra cases func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // Add an intermediate certificate addIcaCert := types.NewMsgAddNocX509IcaCert(vendorAccAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) @@ -406,9 +412,9 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) require.NoError(t, err) // Add NOC root certificate with new serial number - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) - certs, _ := queryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + certs, _ := utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, 1, len(certs.Certs)) require.Equal(t, testconstants.NocRootCert1CopySerialNumber, certs.Certs[0].SerialNumber) @@ -423,15 +429,15 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) require.NoError(t, err) // check that only one root and IAC certificates exists - nocCerts, _ = queryAllNocCertificates(setup) + nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 2, len(nocCerts)) - certs, _ = queryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + certs, _ = utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, testconstants.NocRootCert1CopySerialNumber, certs.Certs[0].SerialNumber) - certs, _ = queryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + certs, _ = utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(certs.Certs)) - _, err = queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + _, err = utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificates does not exists @@ -441,15 +447,15 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) require.Equal(t, true, found) // query noc certificate by VID - nocCertificates, err := queryNocIcaCertificatesByVid(setup, vid) + nocCertificates, err := utils.QueryNocIcaCertificatesByVid(setup, vid) require.NoError(t, err) require.Equal(t, len(nocCertificates.Certs), 1) require.Equal(t, testconstants.NocCert1SerialNumber, nocCertificates.Certs[0].SerialNumber) // Add NOC root certificate with new serial number - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) - certs, _ = queryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + certs, _ = utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, 2, len(certs.Certs)) // remove NOC root certificates @@ -462,31 +468,33 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) _, err = setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - nocCerts, _ = queryAllNocCertificates(setup) + nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(nocCerts)) require.Equal(t, 1, len(nocCerts[0].Certs)) require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) - nocCertificates, err = queryNocIcaCertificatesByVid(setup, vid) + nocCertificates, err = utils.QueryNocIcaCertificatesByVid(setup, vid) require.NoError(t, err) require.Equal(t, len(nocCertificates.Certs), 1) require.Equal(t, testconstants.NocCert1SerialNumber, nocCertificates.Certs[0].SerialNumber) // check that IAC certificates can be queried by vid+skid - certsByVidSkid, _ := queryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocCert1SubjectKeyID) + certsByVidSkid, _ := utils.QueryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(certsByVidSkid.Certs)) require.Equal(t, testconstants.NocCert1SerialNumber, certsByVidSkid.Certs[0].SerialNumber) // check that root certs removed - _, err = queryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + _, err = utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) - _, err = queryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) + _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) require.Equal(t, codes.NotFound, status.Code(err)) - certsBySKID, _ := queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) + certsBySKID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) require.Empty(t, certsBySKID) - _, err = queryNocRootCertificates(setup, vid) + _, err = utils.QueryNocRootCertificates(setup, vid) + require.Equal(t, codes.NotFound, status.Code(err)) + _, err = utils.QueryNocRootCertificates(setup, vid) require.Equal(t, codes.NotFound, status.Code(err)) - _, err = queryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocRootCert1SubjectKeyID) + _, err = utils.QueryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificates does not exists @@ -497,22 +505,22 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) } func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // add first vendor account with VID = 1 - vendorAccAddress1 := GenerateAccAddress() + vendorAccAddress1 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add second vendor account with VID = 1 - vendorAccAddress2 := GenerateAccAddress() + vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // remove x509 certificate by second vendor account @@ -526,22 +534,22 @@ func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { require.NoError(t, err) // check that certificate removed from 'noc certificates' list - _, err = queryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + _, err = utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that certificate removed from 'noc certificates by subject' list - _, err = queryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) + _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that certificate removed from 'noc certificates by SKID' list - nocCerts, err := queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) + nocCerts, err := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 0, len(nocCerts)) // query noc certificate by VID - _, err = queryNocRootCertificates(setup, vid) + _, err = utils.QueryNocRootCertificates(setup, vid) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificate key is not registered @@ -551,11 +559,11 @@ func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { // Error cases func TestHandler_RemoveNocX509RootCert_CertificateDoesNotExist(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) removeIcaCert := types.NewMsgRemoveNocX509RootCert( @@ -566,11 +574,11 @@ func TestHandler_RemoveNocX509RootCert_CertificateDoesNotExist(t *testing.T) { } func TestHandler_RemoveNocX509RootCert_EmptyCertificatesList(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) setup.Keeper.SetNocRootCertificates( @@ -588,22 +596,22 @@ func TestHandler_RemoveNocX509RootCert_EmptyCertificatesList(t *testing.T) { } func TestHandler_RemoveNocX509RootCert_ByOtherVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // add fist vendor account with VID = 1 - vendorAccAddress1 := GenerateAccAddress() + vendorAccAddress1 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add second vendor account with VID = 1000 - vendorAccAddress2 := GenerateAccAddress() + vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) // remove ICA certificate by second vendor account @@ -615,15 +623,15 @@ func TestHandler_RemoveNocX509RootCert_ByOtherVendor(t *testing.T) { } func TestHandler_RemoveNocX509RootCert_SenderNotVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) removeIcaCert := types.NewMsgRemoveNocX509RootCert( setup.Trustee1.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, "") @@ -633,15 +641,15 @@ func TestHandler_RemoveNocX509RootCert_SenderNotVendor(t *testing.T) { } func TestHandler_RemoveNocX509RootCert_InvalidSerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) removeX509Cert := types.NewMsgRemoveNocX509RootCert( vendorAccAddress.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, "invalid") diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index d9c3f6446..4323a46ed 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -16,23 +17,23 @@ import ( // Main func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCertOptions := &rootCertOptions{ - pemCert: testconstants.RootCertWithSameSubjectAndSKID1, - subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - subjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - info: testconstants.Info, - vid: testconstants.RootCertWithVidVid, + rootCertOptions := &utils.RootCertOptions{ + PemCert: testconstants.RootCertWithSameSubjectAndSKID1, + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + Info: testconstants.Info, + Vid: testconstants.RootCertWithVidVid, } - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add intermediate certificates - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) // Remove intermediate certificate removeX509Cert := types.NewMsgRemoveX509Cert( @@ -45,7 +46,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { require.NoError(t, err) // Check: only one certificate exists - allCerts, _ := queryAllApprovedCertificates(setup) + allCerts, _ := utils.QueryAllApprovedCertificates(setup) require.Equal(t, 1, len(allCerts)) // Check: UniqueCertificate - missing @@ -66,22 +67,24 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { require.False(t, found) // Check: All - missing - ensureGlobalCertificateNotExist( + utils.EnsureGlobalCertificateNotExist( t, setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, false, + false, ) // Check: DA - missing - ensureCertificateNotPresentInDaCertificateIndexes( + utils.EnsureCertificateNotPresentInDaCertificateIndexes( t, setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, false, false, + false, ) // Check: child certificate - missing @@ -92,7 +95,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { require.False(t, found) // Check: root exists - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootCertWithSameSubjectAndSKIDSubject, @@ -102,28 +105,28 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { } func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCertOptions := &rootCertOptions{ - pemCert: testconstants.RootCertWithSameSubjectAndSKID1, - subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - subjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - info: testconstants.Info, - vid: testconstants.RootCertWithVidVid, + rootCertOptions := &utils.RootCertOptions{ + PemCert: testconstants.RootCertWithSameSubjectAndSKID1, + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + Info: testconstants.Info, + Vid: testconstants.RootCertWithVidVid, } - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add two intermediate certificates - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID2) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID2) // Add a leaf certificate - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertWithSameSubjectAndSKID) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertWithSameSubjectAndSKID) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) @@ -142,12 +145,12 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { require.NoError(t, err) // check that only two certificates exists - allCerts, _ = queryAllApprovedCertificates(setup) + allCerts, _ = utils.QueryAllApprovedCertificates(setup) require.Equal(t, 2, len(allCerts)) require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) // Check that intermediate certificates does not exist - ensureDaIntermediateCertificateNotExist( + utils.EnsureDaIntermediateCertificateNotExist( t, setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, @@ -157,7 +160,7 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { false, true) // leaf has same subject - ensureDaIntermediateCertificateNotExist( + utils.EnsureDaIntermediateCertificateNotExist( t, setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, @@ -168,7 +171,7 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { true) // leaf has same subject // check that leaf certificate exists - ensureDaIntermediateCertificateExist( + utils.EnsureDaIntermediateCertificateExist( t, setup, testconstants.LeafCertWithSameSubjectAndSKIDSubject, @@ -178,7 +181,7 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { false) // check that root certificate exists - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootCertWithSameSubjectAndSKIDSubject, @@ -188,28 +191,28 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { } func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCertOptions := &rootCertOptions{ - pemCert: testconstants.RootCertWithSameSubjectAndSKID1, - subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - subjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - info: testconstants.Info, - vid: testconstants.RootCertWithVidVid, + rootCertOptions := &utils.RootCertOptions{ + PemCert: testconstants.RootCertWithSameSubjectAndSKID1, + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + Info: testconstants.Info, + Vid: testconstants.RootCertWithVidVid, } - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add intermediate certificates - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID2) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID2) // Add a leaf certificate - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertWithSameSubjectAndSKID) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertWithSameSubjectAndSKID) // remove intermediate certificate by serial number removeX509Cert := types.NewMsgRemoveX509Cert( @@ -222,12 +225,12 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { require.NoError(t, err) // check that only root, intermediate(with serial number 3) and leaf certificates exists - allCerts, _ := queryAllApprovedCertificates(setup) + allCerts, _ := utils.QueryAllApprovedCertificates(setup) require.Equal(t, 3, len(allCerts)) require.Equal(t, 3, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) // Check that intermediate certificates exist - ensureDaIntermediateCertificateExist( + utils.EnsureDaIntermediateCertificateExist( t, setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, @@ -237,7 +240,7 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { true) // check that leaf certificate exists - ensureDaIntermediateCertificateExist( + utils.EnsureDaIntermediateCertificateExist( t, setup, testconstants.LeafCertWithSameSubjectAndSKIDSubject, @@ -247,7 +250,7 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { true) // check that root certificate exists - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootCertWithSameSubjectAndSKIDSubject, @@ -265,12 +268,12 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { _, err = setup.Handler(setup.Ctx, removeX509Cert) require.NoError(t, err) - allCerts, _ = queryAllApprovedCertificates(setup) + allCerts, _ = utils.QueryAllApprovedCertificates(setup) require.Equal(t, 2, len(allCerts)) require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) // Check that intermediate certificates does not exist - ensureDaIntermediateCertificateNotExist( + utils.EnsureDaIntermediateCertificateNotExist( t, setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, @@ -280,7 +283,7 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { false, true) // leaf has same subject - ensureDaIntermediateCertificateNotExist( + utils.EnsureDaIntermediateCertificateNotExist( t, setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, @@ -291,7 +294,7 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { true) // leaf has same subject // check that leaf certificate exists - ensureDaIntermediateCertificateExist( + utils.EnsureDaIntermediateCertificateExist( t, setup, testconstants.LeafCertWithSameSubjectAndSKIDSubject, @@ -301,7 +304,7 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { true) // check that root certificate exists - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootCertWithSameSubjectAndSKIDSubject, @@ -311,24 +314,24 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { } func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCertOptions := &rootCertOptions{ - pemCert: testconstants.RootCertPem, - subject: testconstants.RootSubject, - subjectKeyID: testconstants.RootSubjectKeyID, - info: testconstants.Info, - vid: testconstants.RootCertWithVidVid, + rootCertOptions := &utils.RootCertOptions{ + PemCert: testconstants.RootCertPem, + Subject: testconstants.RootSubject, + SubjectKeyID: testconstants.RootSubjectKeyID, + Info: testconstants.Info, + Vid: testconstants.RootCertWithVidVid, } - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add two intermediate certificates again - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) // revoke intermediate certificate by serial number revokeX509Cert := types.NewMsgRevokeX509Cert( @@ -342,10 +345,10 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) - _, err = queryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + _, err = utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) - revokedCerts, _ := queryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + revokedCerts, _ := utils.QueryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Equal(t, 1, len(revokedCerts.Certs)) require.Equal(t, testconstants.IntermediateSubject, revokedCerts.Certs[0].Subject) require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCerts.Certs[0].SubjectKeyId) @@ -360,7 +363,7 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { _, err = setup.Handler(setup.Ctx, removeX509Cert) require.NoError(t, err) - ensureDaIntermediateCertificateNotExist( + utils.EnsureDaIntermediateCertificateNotExist( t, setup, testconstants.IntermediateSubject, @@ -371,26 +374,26 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { false) // check that revoked certificate exists - _, err = queryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + _, err = utils.QueryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) } // Extra cases func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := &rootCertOptions{ - pemCert: testconstants.RootCertWithSameSubjectAndSKID1, - subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - subjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - info: testconstants.Info, - vid: testconstants.RootCertWithVidVid, + rootCertOptions := &utils.RootCertOptions{ + PemCert: testconstants.RootCertWithSameSubjectAndSKID1, + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + Info: testconstants.Info, + Vid: testconstants.RootCertWithVidVid, } - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) // Add an intermediate certificate @@ -419,7 +422,7 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { _, err = setup.Handler(setup.Ctx, addIntermediateX509Cert) require.NoError(t, err) - intermediateCerts, _ := queryApprovedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) + intermediateCerts, _ := utils.QueryApprovedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) require.Equal(t, 1, len(intermediateCerts.Certs)) require.Equal(t, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, intermediateCerts.Certs[0].Subject) require.Equal(t, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, intermediateCerts.Certs[0].SubjectKeyId) @@ -436,12 +439,12 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { require.NoError(t, err) // check that only root and leaf certificates exists - allCerts, _ = queryAllApprovedCertificates(setup) + allCerts, _ = utils.QueryAllApprovedCertificates(setup) require.Equal(t, 1, len(allCerts)) require.Equal(t, true, allCerts[0].Certs[0].IsRoot) - _, err = queryApprovedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) + _, err = utils.QueryApprovedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) - _, err = queryRevokedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) + _, err = utils.QueryRevokedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificates does not exists @@ -452,15 +455,15 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { } func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) // add first vendor account with VID = 1 - vendorAccAddress1 := GenerateAccAddress() + vendorAccAddress1 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add x509 certificate by fist vendor account @@ -469,7 +472,7 @@ func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { require.NoError(t, err) // add second vendor account with VID = 1 - vendorAccAddress2 := GenerateAccAddress() + vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // remove x509 certificate by second vendor account @@ -483,17 +486,17 @@ func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { require.NoError(t, err) // check that certificate removed from 'approved certificates' list - _, err = queryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + _, err = utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that certificate removed from 'approved certificates by subject' list - _, err = queryApprovedCertificatesBySubject(setup, testconstants.IntermediateSubject) + _, err = utils.QueryApprovedCertificatesBySubject(setup, testconstants.IntermediateSubject) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that certificate removed from 'approved certificates by SKID' list - approvedCerts, err := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) + approvedCerts, err := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) require.NoError(t, err) require.Equal(t, 0, len(approvedCerts)) @@ -505,10 +508,10 @@ func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { // Error cases func TestHandler_RemoveX509Cert_CertificateDoesNotExist(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) removeX509Cert := types.NewMsgRemoveX509Cert( @@ -519,13 +522,13 @@ func TestHandler_RemoveX509Cert_CertificateDoesNotExist(t *testing.T) { } func TestHandler_RemoveX509Cert_EmptyCertificatesList(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) setup.Keeper.SetApprovedCertificates( @@ -544,15 +547,15 @@ func TestHandler_RemoveX509Cert_EmptyCertificatesList(t *testing.T) { } func TestHandler_RemoveX509Cert_ByOtherVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) // add fist vendor account with VID = 1 - vendorAccAddress1 := GenerateAccAddress() + vendorAccAddress1 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add x509 certificate by `setup.Trustee` @@ -561,7 +564,7 @@ func TestHandler_RemoveX509Cert_ByOtherVendor(t *testing.T) { require.NoError(t, err) // add scond vendor account with VID = 1000 - vendorAccAddress2 := GenerateAccAddress() + vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) // revoke x509 certificate by second vendor account @@ -573,14 +576,14 @@ func TestHandler_RemoveX509Cert_ByOtherVendor(t *testing.T) { } func TestHandler_RemoveX509Cert_SenderNotVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertOptions := createRootWithVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateRootWithVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) // add x509 certificate @@ -596,13 +599,13 @@ func TestHandler_RemoveX509Cert_SenderNotVendor(t *testing.T) { } func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) removeX509Cert := types.NewMsgRemoveX509Cert( @@ -613,13 +616,13 @@ func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { } func TestHandler_RemoveX509Cert_InvalidSerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) @@ -634,15 +637,15 @@ func TestHandler_RemoveX509Cert_InvalidSerialNumber(t *testing.T) { } func TestHandler_RemoveX509Cert_ForNocIcaCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vid := testconstants.Vid - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - addNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // Add ICA certificate addX509Cert := types.NewMsgAddNocX509IcaCert(vendorAccAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index 852f9bd37..cee637663 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -17,15 +18,15 @@ import ( // Main func TestHandler_RevokeNocIntermediateCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) accAddress := setup.CreateVendorAccount(testconstants.Vid) // add the first NOC root certificate - addNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // add the NOC non-root certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) // Revoke NOC with subject and subject key id only revokeCert := types.NewMsgRevokeNocX509IcaCert( @@ -40,7 +41,7 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { require.NoError(t, err) // Check: Noc - missing - ensureCertificateNotPresentInNocCertificateIndexes( + utils.EnsureCertificateNotPresentInNocCertificateIndexes( t, setup, testconstants.NocCert1Subject, @@ -51,12 +52,13 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { ) // Check: All - missing - ensureGlobalCertificateNotExist( + utils.EnsureGlobalCertificateNotExist( t, setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, false, + false, ) // Check: UniqueCertificate - present @@ -89,22 +91,22 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { } func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the first NOC root certificate - addNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // add the first NOC non-root certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) // add the second NOC non-root certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) // add the NOC leaf certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) // Revoke NOC with subject and subject key id only revokeCert := types.NewMsgRevokeNocX509IcaCert( @@ -119,14 +121,14 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { require.NoError(t, err) // Check that revoked certificates exist - revokedNocCerts, err := queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + revokedNocCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 2, len(revokedNocCerts.Certs)) require.Equal(t, testconstants.NocCert1Subject, revokedNocCerts.Subject) require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) // Check that intermediate certificates does not exist - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1Subject, @@ -137,7 +139,7 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { true, // leaf certificate with the same vid exists true) - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1CopySubject, @@ -149,7 +151,7 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { true) // Check that leaf certificate exists - ensureNocIntermediateCertificateExist( + utils.EnsureNocIntermediateCertificateExist( t, setup, testconstants.NocLeafCert1Subject, @@ -161,22 +163,22 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { } func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the first NOC root certificate - addNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // add the first NOC non-root certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) // add the second NOC non-root certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) // add the NOC leaf certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) // Revoke noc with subject and subject key id and its child too revokeCert := types.NewMsgRevokeNocX509IcaCert( @@ -190,25 +192,25 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { _, err := setup.Handler(setup.Ctx, revokeCert) require.NoError(t, err) - allRevokedCerts, err := queryAllRevokedNocIcaCertificates(setup) + allRevokedCerts, err := utils.QueryAllNocRevokedIcaCertificates(setup) require.NoError(t, err) require.Equal(t, 2, len(allRevokedCerts)) require.Equal(t, 3, len(allRevokedCerts[0].Certs)+len(allRevokedCerts[1].Certs)) - revokedNocCerts, err := queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + revokedNocCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 2, len(revokedNocCerts.Certs)) require.Equal(t, testconstants.NocCert1Subject, revokedNocCerts.Subject) require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) // query all certs - certs, err := queryAllNocCertificates(setup) + certs, err := utils.QueryAllNocCertificates(setup) require.NoError(t, err) require.Equal(t, 1, len(certs)) require.Equal(t, testconstants.NocRootCert1SubjectKeyID, certs[0].SubjectKeyId) // Check that intermediate certificates does not exist - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1Subject, @@ -219,7 +221,7 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { false, true) - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocCert1CopySubject, @@ -231,7 +233,7 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { true) // Check that leaf certificate exists - ensureNocIntermediateCertificateNotExist( + utils.EnsureNocIntermediateCertificateNotExist( t, setup, testconstants.NocLeafCert1Subject, @@ -244,22 +246,22 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { } func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the first NOC root certificate - addNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // add the first NOC non-root certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) // add the second NOC non-root certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) // add the NOC leaf certificate - addNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) // Revoke NOC by serial number only revokeCert := types.NewMsgRevokeNocX509IcaCert( @@ -273,35 +275,35 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { _, err := setup.Handler(setup.Ctx, revokeCert) require.NoError(t, err) - revokedNocCerts, err := queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + revokedNocCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(revokedNocCerts.Certs)) require.Equal(t, testconstants.NocCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) // Child certificate should not be revoked - _, err = queryRevokedNocIcaCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + _, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) // query NOC certificate by Subject - certsBySubject, err := queryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) + certsBySubject, err := utils.QueryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) require.NoError(t, err) require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) // query NOC certificate by Subject Key ID - aprCertsBySubjectKeyID, _ := queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) + aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(aprCertsBySubjectKeyID)) require.Equal(t, 1, len(aprCertsBySubjectKeyID[0].Certs)) require.Equal(t, testconstants.NocCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) // query noc certificate by VID - nocCerts, err := queryNocIcaCertificatesByVid(setup, testconstants.Vid) + nocCerts, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, 2, len(nocCerts.Certs)) require.NotEqual(t, testconstants.NocCert1SerialNumber, nocCerts.Certs[0].SerialNumber) require.NotEqual(t, testconstants.NocCert1SerialNumber, nocCerts.Certs[1].SerialNumber) // query all certs - certs, err := queryAllNocCertificates(setup) + certs, err := utils.QueryAllNocCertificates(setup) require.NoError(t, err) require.Equal(t, 3, len(certs)) require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[0].Certs[0].SerialNumber) @@ -309,17 +311,17 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[2].Certs[0].SerialNumber) // query noc certificate, cert with different serial number should not be removed - noccCerts, _ := queryNocCertificates(setup, testconstants.NocCert1CopySubject, testconstants.NocCert1CopySubjectKeyID) + noccCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocCert1CopySubject, testconstants.NocCert1CopySubjectKeyID) require.Equal(t, 1, len(noccCerts.Certs)) require.Equal(t, testconstants.NocCert1CopySerialNumber, noccCerts.Certs[0].SerialNumber) // query child certificate, they should not be removed - childCerts, _ := queryNocCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + childCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) require.Equal(t, 1, len(childCerts.Certs)) require.Equal(t, testconstants.NocLeafCert1SubjectKeyID, childCerts.SubjectKeyId) // check that leaf certificate can be queried by vid+skid - certsByVidSkid, _ := queryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocLeafCert1SubjectKeyID) + certsByVidSkid, _ := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocLeafCert1SubjectKeyID) require.Equal(t, 1, len(certsByVidSkid.Certs)) require.Equal(t, testconstants.NocLeafCert1SerialNumber, certsByVidSkid.Certs[0].SerialNumber) @@ -329,9 +331,9 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { } func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the first NOC root certificate @@ -366,65 +368,65 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T _, err = setup.Handler(setup.Ctx, revokeCert) require.NoError(t, err) - allRevokedCerts, err := queryAllRevokedNocIcaCertificates(setup) + allRevokedCerts, err := utils.QueryAllNocRevokedIcaCertificates(setup) require.NoError(t, err) require.Equal(t, 2, len(allRevokedCerts)) require.Equal(t, 2, len(allRevokedCerts[0].Certs)+len(allRevokedCerts[1].Certs)) - revokedNocCerts, err := queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + revokedNocCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(revokedNocCerts.Certs)) require.Equal(t, testconstants.NocCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) // Child certificate should be revoked - revokedNocCerts, err = queryRevokedNocIcaCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + revokedNocCerts, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(revokedNocCerts.Certs)) require.Equal(t, testconstants.NocLeafCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) // query child of revoked certificate, they should be revoked - _, err = queryNocCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) + _, err = utils.QueryNocCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // query all certs - certs, err := queryAllNocCertificates(setup) + certs, err := utils.QueryAllNocCertificates(setup) require.NoError(t, err) require.Equal(t, 2, len(certs)) require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[0].Certs[0].SerialNumber) require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[1].Certs[0].SerialNumber) // query noc certificates - aprCerts, err := queryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1CopySubjectKeyID) + aprCerts, err := utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1CopySubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(aprCerts.Certs)) require.Equal(t, testconstants.NocCert1CopySerialNumber, aprCerts.Certs[0].SerialNumber) // query noc certificate by Subject - certsBySubject, err := queryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) + certsBySubject, err := utils.QueryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) require.NoError(t, err) require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) - _, err = queryNocCertificatesBySubject(setup, testconstants.NocLeafCert1Subject) + _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocLeafCert1Subject) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // query noc certificate by Subject Key ID - aprCertsBySubjectKeyID, _ := queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) + aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(aprCertsBySubjectKeyID)) require.Equal(t, testconstants.NocCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) - aprCertsBySubjectKeyID, _ = queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocLeafCert1SubjectKeyID) + aprCertsBySubjectKeyID, _ = utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocLeafCert1SubjectKeyID) require.Equal(t, 0, len(aprCertsBySubjectKeyID)) // query noc certificate by VID - nocCerts, err := queryNocIcaCertificatesByVid(setup, testconstants.Vid) + nocCerts, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, 1, len(nocCerts.Certs)) require.Equal(t, testconstants.NocCert1CopySerialNumber, nocCerts.Certs[0].SerialNumber) // check that leaf certificate can be queried by vid+skid - certsByVidSkid, _ := queryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocCert1SubjectKeyID) + certsByVidSkid, _ := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(certsByVidSkid.Certs)) require.Equal(t, testconstants.NocCert1CopySerialNumber, certsByVidSkid.Certs[0].SerialNumber) @@ -438,9 +440,9 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T // Error cases func TestHandler_RevokeNocX509Cert_SenderNotVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the new NOC root certificate @@ -463,9 +465,9 @@ func TestHandler_RevokeNocX509Cert_SenderNotVendor(t *testing.T) { } func TestHandler_RevokeNocX509Cert_CertificateDoesNotExist(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) revokeCert := types.NewMsgRevokeNocX509IcaCert( @@ -483,7 +485,7 @@ func TestHandler_RevokeNocX509Cert_CertificateDoesNotExist(t *testing.T) { } func TestHandler_RevokeNocX509Cert_CertificateExists(t *testing.T) { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() cases := []struct { name string @@ -555,7 +557,7 @@ func TestHandler_RevokeNocX509Cert_CertificateExists(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the existing certificate diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index efa6caec2..4fcef9950 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -17,7 +18,7 @@ import ( // Main func TestHandler_RevokeNoRootCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) accAddress := setup.CreateVendorAccount(testconstants.Vid) @@ -42,7 +43,7 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { require.NoError(t, err) // Check: Noc - missing - ensureCertificateNotPresentInNocCertificateIndexes( + utils.EnsureCertificateNotPresentInNocCertificateIndexes( t, setup, testconstants.NocRootCert1Subject, @@ -53,12 +54,13 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { ) // Check: All - missing - ensureGlobalCertificateNotExist( + utils.EnsureGlobalCertificateNotExist( t, setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, false, + false, ) // Check: UniqueCertificate - present @@ -84,9 +86,9 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { } func TestHandler_RevokeNocX509RootCert_RevokeDefault(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the first NOC root certificate @@ -127,60 +129,60 @@ func TestHandler_RevokeNocX509RootCert_RevokeDefault(t *testing.T) { require.NoError(t, err) // query all certs - certs, err := queryAllNocCertificates(setup) + certs, err := utils.QueryAllNocCertificates(setup) require.NoError(t, err) require.Equal(t, 3, len(certs)) require.NotEqual(t, testconstants.NocRootCert1SubjectKeyID, certs[0].SubjectKeyId) require.NotEqual(t, testconstants.NocRootCert1SubjectKeyID, certs[1].SubjectKeyId) require.NotEqual(t, testconstants.NocRootCert1SubjectKeyID, certs[2].SubjectKeyId) - revokedNocCerts, err := queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + revokedNocCerts, err := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 2, len(revokedNocCerts.Certs)) require.Equal(t, testconstants.NocRootCert1Subject, revokedNocCerts.Subject) require.Equal(t, testconstants.NocRootCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) // query that noc root certificate is not added to x509 revoked root certs - revokedRootCerts, _ := queryRevokedRootCertificates(setup) + revokedRootCerts, _ := utils.QueryRevokedRootCertificates(setup) require.Equal(t, 0, len(revokedRootCerts.Certs)) // query noc root certificate by Subject - _, err = queryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) + _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // query noc root certificate by Subject Key ID - aprCertsBySubjectKeyID, _ := queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) + aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, 0, len(aprCertsBySubjectKeyID)) // query noc root certificate by VID - nocRootCerts, err := queryNocRootCertificates(setup, testconstants.Vid) + nocRootCerts, err := utils.QueryNocRootCertificates(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, 1, len(nocRootCerts.Certs)) require.Equal(t, testconstants.NocRootCert2SubjectKeyID, nocRootCerts.Certs[0].SubjectKeyId) // query noc certificate by VID and SKID - _, err = queryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) + _, err = utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) - nocCertificatesByVidAndSkid, err := queryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert2SubjectKeyID) + nocCertificatesByVidAndSkid, err := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert2SubjectKeyID) require.NoError(t, err) require.Equal(t, testconstants.NocRootCert2SubjectKeyID, nocCertificatesByVidAndSkid.SubjectKeyId) require.Equal(t, 1, len(nocRootCerts.Certs)) require.Equal(t, float32(1), nocCertificatesByVidAndSkid.Tq) // Child certificate should not be revoked - _, err = queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + _, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) // query child of revoked certificate, they should not be revoked - childCerts, _ := queryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + childCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(childCerts.Certs)) require.Equal(t, testconstants.NocCert1SubjectKeyID, childCerts.SubjectKeyId) // check that child cert is not removed - nocCerts, err := queryNocIcaCertificatesByVid(setup, testconstants.Vid) + nocCerts, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, 2, len(nocCerts.Certs)) require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCerts.Certs[0].SubjectKeyId) @@ -193,9 +195,9 @@ func TestHandler_RevokeNocX509RootCert_RevokeDefault(t *testing.T) { } func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the first NOC root certificate @@ -226,60 +228,60 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { require.NoError(t, err) // query all certs - certs, err := queryAllNocCertificates(setup) + certs, err := utils.QueryAllNocCertificates(setup) require.NoError(t, err) require.Equal(t, 0, len(certs)) - revokedNocCerts, err := queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + revokedNocCerts, err := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 2, len(revokedNocCerts.Certs)) require.Equal(t, testconstants.NocRootCert1Subject, revokedNocCerts.Subject) require.Equal(t, testconstants.NocRootCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) // query that noc root certificate is not added to x509 revoked root certs - revokedRootCerts, _ := queryRevokedRootCertificates(setup) + revokedRootCerts, _ := utils.QueryRevokedRootCertificates(setup) require.Equal(t, 0, len(revokedRootCerts.Certs)) // query noc root certificate by Subject - _, err = queryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) + _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // query child noc certificate by Subject - _, err = queryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) + _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // query noc root certificate by VID - _, err = queryNocRootCertificates(setup, testconstants.Vid) + _, err = utils.QueryNocRootCertificates(setup, testconstants.Vid) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // query noc certificate by VID and SKID - _, err = queryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) + _, err = utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // query noc root certificate by Subject Key ID - aprCertsBySubjectKeyID, _ := queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) + aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, 0, len(aprCertsBySubjectKeyID)) // Child certificate should be revoked as well - revokedChildCerts, err := queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + revokedChildCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(revokedChildCerts.Certs)) require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedChildCerts.SubjectKeyId) // query child noc certificate by Subject Key ID - aprCertsBySubjectKeyID, _ = queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) + aprCertsBySubjectKeyID, _ = utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) require.Equal(t, 0, len(aprCertsBySubjectKeyID)) - _, err = queryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + _, err = utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that child noc cert also removed - _, err = queryNocIcaCertificatesByVid(setup, testconstants.Vid) + _, err = utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) @@ -295,9 +297,9 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { } func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the first NOC root certificate @@ -328,39 +330,39 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { require.NoError(t, err) // Check that cert is added to revoked lists - revokedNocCerts, err := queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + revokedNocCerts, err := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(revokedNocCerts.Certs)) require.Equal(t, testconstants.NocRootCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) // query that noc root certificate is not added to x509 revoked root certs - revokedRootCerts, _ := queryRevokedRootCertificates(setup) + revokedRootCerts, _ := utils.QueryRevokedRootCertificates(setup) require.Equal(t, 0, len(revokedRootCerts.Certs)) // Check that cert is removed from noc lists - rootCerts, err := queryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + rootCerts, err := utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(rootCerts.Certs)) require.Equal(t, testconstants.NocRootCert1CopySerialNumber, rootCerts.Certs[0].SerialNumber) // Check that root with different serial number still exits - certsBySubject, err := queryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) + certsBySubject, err := utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) require.NoError(t, err) require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) require.Equal(t, testconstants.NocRootCert1Subject, certsBySubject.Subject) - aprCertsBySubjectKeyID, _ := queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) + aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, 1, len(aprCertsBySubjectKeyID)) require.Equal(t, testconstants.NocRootCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) // query noc root certificate by VID should return only one root cert - revNocRoot, err := queryNocRootCertificates(setup, testconstants.Vid) + revNocRoot, err := utils.QueryNocRootCertificates(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, 1, len(revNocRoot.Certs)) require.Equal(t, testconstants.NocRootCert1CopySerialNumber, revNocRoot.Certs[0].SerialNumber) // query noc certificate by VID and SKID - nocCertificatesByVidAndSkid, err := queryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) + nocCertificatesByVidAndSkid, err := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, testconstants.NocRootCert1SubjectKeyID, nocCertificatesByVidAndSkid.SubjectKeyId) require.Equal(t, 1, len(revNocRoot.Certs)) @@ -368,16 +370,16 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { require.Equal(t, testconstants.NocRootCert1CopySerialNumber, nocCertificatesByVidAndSkid.Certs[0].SerialNumber) // Child certificate should not be revoked - _, err = queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + _, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) // query child of revoked certificate, they should not be revoked - childCerts, _ := queryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + childCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(childCerts.Certs)) require.Equal(t, testconstants.NocCert1SubjectKeyID, childCerts.SubjectKeyId) // check that child cert is not removed - nocCerts, err := queryNocIcaCertificatesByVid(setup, testconstants.Vid) + nocCerts, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, 1, len(nocCerts.Certs)) require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCerts.Certs[0].SubjectKeyId) @@ -388,9 +390,9 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { } func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the first NOC root certificate @@ -421,53 +423,53 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing require.NoError(t, err) // Check that cert is added to revoked lists - revokedNocCerts, err := queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + revokedNocCerts, err := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(revokedNocCerts.Certs)) require.Equal(t, testconstants.NocRootCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) // query that noc root certificate is not added to x509 revoked root certs - revokedRootCerts, _ := queryRevokedRootCertificates(setup) + revokedRootCerts, _ := utils.QueryRevokedRootCertificates(setup) require.Equal(t, 0, len(revokedRootCerts.Certs)) // Check that root with different serial number still exits - rootCerts, err := queryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + rootCerts, err := utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(rootCerts.Certs)) require.Equal(t, testconstants.NocRootCert1CopySerialNumber, rootCerts.Certs[0].SerialNumber) - certsBySubject, err := queryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) + certsBySubject, err := utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) require.NoError(t, err) require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) require.Equal(t, testconstants.NocRootCert1Subject, certsBySubject.Subject) - aprCertsBySubjectKeyID, _ := queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) + aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, 1, len(aprCertsBySubjectKeyID)) require.Equal(t, testconstants.NocRootCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) // query noc root certificate by VID should return only one root cert - revNocRoot, err := queryNocRootCertificates(setup, testconstants.Vid) + revNocRoot, err := utils.QueryNocRootCertificates(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, 1, len(revNocRoot.Certs)) require.Equal(t, testconstants.NocRootCert1CopySerialNumber, revNocRoot.Certs[0].SerialNumber) // Child certificate should be revoked as well - revokedCerts, err := queryRevokedNocIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + revokedCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.NoError(t, err) require.Equal(t, 1, len(revokedCerts.Certs)) require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedCerts.SubjectKeyId) // query child of revoked certificate, they should be removed as well - _, err = queryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + _, err = utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) - _, err = queryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) + _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) require.Equal(t, codes.NotFound, status.Code(err)) - aprCertsBySubjectKeyID, _ = queryAllNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1Subject) + aprCertsBySubjectKeyID, _ = utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1Subject) require.Equal(t, 0, len(aprCertsBySubjectKeyID)) - _, err = queryNocIcaCertificatesByVid(setup, testconstants.Vid) + _, err = utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificate key is removed @@ -482,9 +484,9 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing // Error cases func TestHandler_RevokeNocX509RootCert_SenderNotVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the new NOC root certificate @@ -507,9 +509,9 @@ func TestHandler_RevokeNocX509RootCert_SenderNotVendor(t *testing.T) { } func TestHandler_RevokeNocX509RootCert_CertificateDoesNotExist(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) revokeCert := types.NewMsgRevokeNocX509RootCert( @@ -527,7 +529,7 @@ func TestHandler_RevokeNocX509RootCert_CertificateDoesNotExist(t *testing.T) { } func TestHandler_RevokeNocX509RootCert_CertificateExists(t *testing.T) { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() cases := []struct { name string @@ -599,7 +601,7 @@ func TestHandler_RevokeNocX509RootCert_CertificateExists(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add the existing certificate diff --git a/x/pki/tests/handler_revoke_paa_cert_test.go b/x/pki/tests/handler_revoke_paa_cert_test.go index 5d98bb878..1364886b9 100644 --- a/x/pki/tests/handler_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_revoke_paa_cert_test.go @@ -11,6 +11,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -18,12 +19,14 @@ import ( // Main +// Propose + func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // propose revocation of x509 root certificate by `setup.Trustee` proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -36,42 +39,255 @@ func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) - // Check: ProposedCertificateRevocation - present - proposedRevocation, _ := queryProposedCertificateRevocation(setup, testconstants.RootSerialNumber) - require.Equal(t, testconstants.RootSubject, proposedRevocation.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedRevocation.SubjectKeyId) - require.True(t, proposedRevocation.HasRevocationFrom(setup.Trustee1.String())) + // Check: Certificate is proposed to revoke + ensureDaRootCertificateIsProposedToRevoked( + t, + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + testconstants.RootIssuer, + setup.Trustee1.String(), + ) +} - // Check: DA + All + UniqueCertificate - ensureDaRootCertificateExist( +func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { + setup := utils.Setup(t) + + // propose x509 root certificate by `setup.Trustee` and approve by another trustee + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + + // add another trustee + anotherTrustee := utils.GenerateAccAddress() + setup.AddAccount(anotherTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + + // propose revocation of x509 root certificate by new trustee + proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( + anotherTrustee.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + false, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + require.NoError(t, err) + + // Check: Certificate is proposed to revoke + ensureDaRootCertificateIsProposedToRevoked( t, setup, testconstants.RootSubject, testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, testconstants.RootIssuer, - testconstants.RootSerialNumber) + anotherTrustee.String(), + ) +} - // check that revoked certificate does not exist - require.False(t, setup.Keeper.IsRevokedCertificatePresent( - setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID)) +// Propose + Approve + +func TestHandler_RevokeDaRootCert(t *testing.T) { + setup := utils.Setup(t) + + // propose x509 root certificate by `setup.Trustee` and approve by another trustee + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + + // revoke certificate + proposeAndApproveCertificateRevocation( + t, + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + "", + ) + + // Check: Certificate is revoked + ensureDaRootCertificateIsRevoked( + t, + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + testconstants.RootIssuer, + true, + false, + false, + ) } -func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { - setup := Setup(t) +func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist(t *testing.T) { + setup := utils.Setup(t) - // propose x509 root certificate by account without trustee role - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + // add root certificates + rootCert1Options := &utils.RootCertOptions{ + PemCert: testconstants.PAACertWithSameSubjectID1, + Subject: testconstants.PAACertWithSameSubjectID1Subject, + SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, + Info: testconstants.Info, + Vid: testconstants.Vid, + } + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert1Options) + + rootCert2Options := &utils.RootCertOptions{ + PemCert: testconstants.PAACertWithSameSubjectID2, + Subject: testconstants.PAACertWithSameSubjectID2Subject, + SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, + Info: testconstants.Info, + Vid: testconstants.Vid, + } + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert2Options) - // Approve the certificate from Trustee2 - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) + // revoke Certificate1 certificate + proposeAndApproveCertificateRevocation( + t, + setup, + testconstants.PAACertWithSameSubjectID1Subject, + testconstants.PAACertWithSameSubjectIDSubjectID, + "", + ) + + // Check: Certificate1 is revoked + ensureDaRootCertificateIsRevoked( + t, + setup, + testconstants.PAACertWithSameSubjectID1Subject, + testconstants.PAACertWithSameSubjectIDSubjectID, + testconstants.PAACertWithSameSubjectSerialNumber, + testconstants.PAACertWithSameSubjectIssuer, + true, + false, + true, + ) + + // Check: Certificate2 exist + utils.EnsureDaRootCertificateExist( + t, + setup, + testconstants.PAACertWithSameSubjectID2Subject, + testconstants.PAACertWithSameSubjectIDSubjectID, + testconstants.PAACertWithSameSubject2Issuer, + testconstants.PAACertWithSameSubject2SerialNumber) +} + +func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndSkidExist(t *testing.T) { + setup := utils.Setup(t) + + rootCert1Opt := &utils.RootCertOptions{ + PemCert: testconstants.RootCertWithSameSubjectAndSKID1, + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + Info: testconstants.Info, + Vid: testconstants.Vid, + } + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert1Opt) + + rootCert2Opt := &utils.RootCertOptions{ + PemCert: testconstants.RootCertWithSameSubjectAndSKID2, + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + Info: testconstants.Info, + Vid: testconstants.Vid, + } + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert2Opt) + + // revoke Certificate1 certificate + proposeAndApproveCertificateRevocation( + t, + setup, + testconstants.RootCertWithSameSubjectAndSKIDSubject, + testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, + ) + + // Check: Certificate1 - RevokedCertificates - present + found := setup.Keeper.IsRevokedCertificatePresent( + setup.Ctx, + testconstants.RootCertWithSameSubjectAndSKIDSubject, + testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + ) + require.True(t, found) + + // Check: Certificate1 - RevokedRootCertificates - present + found = utils.IsRevokedRootCertificatePresent( + setup, + testconstants.RootCertWithSameSubjectAndSKIDSubject, + testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + ) + require.True(t, found) + + // Check: Certificate1 - UniqueCertificate - present + found = setup.Keeper.IsUniqueCertificatePresent( + setup.Ctx, + testconstants.RootCertWithSameSubjectAndSKID1Issuer, + testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, + ) + require.True(t, found) + + // Check: Certificate2 - DA + All + UniqueCertificate - present + utils.EnsureDaRootCertificateExist( + t, + setup, + testconstants.RootCertWithSameSubjectAndSKIDSubject, + testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + testconstants.RootCertWithSameSubjectAndSKID2Issuer, + testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, + ) + + // DA Approved certificates - only Certificate2 + approvedCertificates, _ := utils.QueryApprovedCertificates( + setup, + testconstants.RootCertWithSameSubjectAndSKIDSubject, + testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID) + require.Len(t, approvedCertificates.Certs, 1) + require.Equal(t, testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, approvedCertificates.Certs[0].SerialNumber) + + // revoke Certificate2 certificate + proposeAndApproveCertificateRevocation( + t, + setup, + testconstants.RootCertWithSameSubjectAndSKIDSubject, + testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, + ) + + // Check: Certificate1 is revoked + ensureDaRootCertificateIsRevoked( + t, + setup, + testconstants.RootCertWithSameSubjectAndSKIDSubject, + testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, + testconstants.RootCertWithSameSubjectAndSKID1Issuer, + true, + false, + false, + ) + + // Check: Certificate2 is revoked + ensureDaRootCertificateIsRevoked( + t, + setup, + testconstants.RootCertWithSameSubjectAndSKIDSubject, + testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, + testconstants.RootCertWithSameSubjectAndSKID2Issuer, + true, + false, + false, + ) +} + +func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { + setup := utils.Setup(t) + + // add root x509 certificate + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Check: DA + All + UniqueCertificate - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootSubject, @@ -82,7 +298,7 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { // Create an array of trustee account from 1 to 50 trusteeAccounts := make([]sdk.AccAddress, 50) for i := 0; i < 50; i++ { - trusteeAccounts[i] = GenerateAccAddress() + trusteeAccounts[i] = utils.GenerateAccAddress() } totalAdditionalTrustees := rand.Intn(50) @@ -101,7 +317,7 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { testconstants.RootSerialNumber, false, testconstants.Info) - _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) // Until we hit 2/3 of the total number of Trustees, we should not be able to revoke the certificate @@ -118,7 +334,7 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { require.NoError(t, err) // check that the certificate is still not revoked - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootSubject, @@ -138,22 +354,24 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { require.NoError(t, err) // Check: DA - missing - ensureCertificateNotPresentInDaCertificateIndexes( + utils.EnsureCertificateNotPresentInDaCertificateIndexes( t, setup, testconstants.RootSubject, testconstants.RootSubjectKeyID, true, false, + false, ) // Check: All - missing - ensureGlobalCertificateNotExist( + utils.EnsureGlobalCertificateNotExist( t, setup, testconstants.RootSubject, testconstants.RootSubjectKeyID, false, + false, ) // Check: ProposedCertificateRevocation - missing @@ -170,83 +388,37 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { require.True(t, found) // Check: Revoked - present - revokedCertificate, err := querySingleRevokedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + revokedCertificate, err := utils.QueryRevokedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NoError(t, err) - require.Equal(t, testconstants.RootIssuer, revokedCertificate.Subject) - require.Equal(t, testconstants.RootSerialNumber, revokedCertificate.SerialNumber) - require.True(t, revokedCertificate.IsRoot) + require.Equal(t, testconstants.RootIssuer, revokedCertificate.Certs[0].Subject) + require.Equal(t, testconstants.RootSerialNumber, revokedCertificate.Certs[0].SerialNumber) + require.True(t, revokedCertificate.Certs[0].IsRoot) + // Make sure all the approvals are present for i := 1; i < twoThirds-1; i++ { - require.Equal(t, revokedCertificate.HasApprovalFrom(trusteeAccounts[i].String()), true) + require.Equal(t, revokedCertificate.Certs[0].HasApprovalFrom(trusteeAccounts[i].String()), true) } - require.Equal(t, revokedCertificate.HasApprovalFrom(setup.Trustee1.String()), true) - require.Equal(t, revokedCertificate.HasApprovalFrom(setup.Trustee2.String()), true) -} - -func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { - setup := Setup(t) - - // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - - // add another trustee - anotherTrustee := GenerateAccAddress() - setup.AddAccount(anotherTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) - - // propose revocation of x509 root certificate by new trustee - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - anotherTrustee.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - false, - testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) - - // query and check proposed certificate revocation - proposedRevocation, _ := queryProposedCertificateRevocation(setup, testconstants.RootSerialNumber) - require.Equal(t, testconstants.RootSubject, proposedRevocation.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedRevocation.SubjectKeyId) - require.True(t, proposedRevocation.HasRevocationFrom(anotherTrustee.String())) - - // check that approved certificate still exists - ensureDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootIssuer, - testconstants.RootSerialNumber) - - // check that revoked certificate does not exist - _, err = queryRevokedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that unique certificate key stays registered - require.True(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) + require.Equal(t, revokedCertificate.Certs[0].HasApprovalFrom(setup.Trustee1.String()), true) + require.Equal(t, revokedCertificate.Certs[0].HasApprovalFrom(setup.Trustee2.String()), true) } //nolint:funlen -func TestHandler_ApproveRevokeX509RootCert_ForTree(t *testing.T) { - setup := Setup(t) +func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { + setup := utils.Setup(t) // add root x509 certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add intermediate x509 certificate - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) // add leaf x509 certificate - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -261,7 +433,7 @@ func TestHandler_ApproveRevokeX509RootCert_ForTree(t *testing.T) { require.NoError(t, err) // check that root, intermediate and leaf certificates have been revoked - allRevokedCertificates, _ := queryAllRevokedCertificates(setup) + allRevokedCertificates, _ := utils.QueryAllRevokedCertificates(setup) require.Equal(t, 3, len(allRevokedCertificates)) require.Equal(t, testconstants.LeafSubject, allRevokedCertificates[0].Subject) require.Equal(t, testconstants.LeafSubjectKeyID, allRevokedCertificates[0].SubjectKeyId) @@ -277,38 +449,38 @@ func TestHandler_ApproveRevokeX509RootCert_ForTree(t *testing.T) { require.Equal(t, testconstants.IntermediateCertPem, allRevokedCertificates[2].Certs[0].PemCert) // check that approved certs list is empty - allApprovedCertificates, err := queryAllApprovedCertificates(setup) + allApprovedCertificates, err := utils.QueryAllApprovedCertificates(setup) require.NoError(t, err) require.Equal(t, 0, len(allApprovedCertificates)) // check that no proposed certificate revocations exist - allProposedCertificateRevocations, err := queryAllProposedCertificateRevocations(setup) + allProposedCertificateRevocations, err := utils.QueryAllProposedCertificateRevocations(setup) require.NoError(t, err) require.Equal(t, 0, len(allProposedCertificateRevocations)) // check that no child certificate identifiers are registered for revoked root certificate - rootCertChildren, err := queryChildCertificates( + rootCertChildren, err := utils.QueryChildCertificates( setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) require.Nil(t, rootCertChildren) // check that no child certificate identifiers are registered for revoked intermediate certificate - intermediateCertChildren, err := queryChildCertificates( + intermediateCertChildren, err := utils.QueryChildCertificates( setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) require.Nil(t, intermediateCertChildren) // check that no child certificate identifiers are registered for revoked leaf certificate - leafCertChildren, err := queryChildCertificates( + leafCertChildren, err := utils.QueryChildCertificates( setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) require.Nil(t, leafCertChildren) // check that root certificate does not exist - ensureDaRootCertificateNotExist( + utils.EnsureDaRootCertificateNotExist( t, setup, testconstants.RootSubject, @@ -318,7 +490,7 @@ func TestHandler_ApproveRevokeX509RootCert_ForTree(t *testing.T) { true) // check that intermediate certificate does not exist - ensureDaIntermediateCertificateNotExist( + utils.EnsureDaIntermediateCertificateNotExist( t, setup, testconstants.IntermediateSubject, @@ -329,7 +501,7 @@ func TestHandler_ApproveRevokeX509RootCert_ForTree(t *testing.T) { false) // check that intermediate certificate does not exist - ensureDaIntermediateCertificateNotExist( + utils.EnsureDaIntermediateCertificateNotExist( t, setup, testconstants.LeafSubject, @@ -340,62 +512,17 @@ func TestHandler_ApproveRevokeX509RootCert_ForTree(t *testing.T) { false) } -func TestHandler_RevokeX509RootCertsBySubjectKeyId(t *testing.T) { - setup := Setup(t) - - // add root certificates - rootCertOptions := &rootCertOptions{ - pemCert: testconstants.PAACertWithSameSubjectID1, - subject: testconstants.PAACertWithSameSubjectID1Subject, - subjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, - info: testconstants.Info, - vid: testconstants.Vid, - } - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - rootCertOptions.pemCert = testconstants.PAACertWithSameSubjectID2 - rootCertOptions.subject = testconstants.PAACertWithSameSubjectID2Subject - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - - // revoke certificate - revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.PAACertWithSameSubjectID1Subject, testconstants.PAACertWithSameSubjectIDSubjectID, "", false, testconstants.Info) - _, err := setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) - - aprRevokeX509Cert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), testconstants.PAACertWithSameSubjectID1Subject, testconstants.PAACertWithSameSubjectIDSubjectID, "", testconstants.Info) - _, err = setup.Handler(setup.Ctx, aprRevokeX509Cert) - require.NoError(t, err) - - // check that root certificate has been revoked - approvedCertificates, _ := queryApprovedCertificates(setup, testconstants.PAACertWithSameSubjectID2Subject, testconstants.PAACertWithSameSubjectIDSubjectID) - require.Equal(t, 1, len(approvedCertificates.Certs)) - require.Equal(t, testconstants.PAACertWithSameSubjectID2Subject, approvedCertificates.Certs[0].Subject) - require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, approvedCertificates.SubjectKeyId) - - certsBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.PAACertWithSameSubjectIDSubjectID) - require.Equal(t, 1, len(certsBySubjectKeyID)) - require.Equal(t, 1, len(certsBySubjectKeyID[0].Certs)) - require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, certsBySubjectKeyID[0].SubjectKeyId) - require.Equal(t, testconstants.PAACertWithSameSubjectID2Subject, certsBySubjectKeyID[0].Certs[0].Subject) - - // check that no proposed certificate revocations have been created - allProposedCertificateRevocations, _ := queryAllProposedCertificateRevocations(setup) - require.NoError(t, err) - require.Equal(t, 0, len(allProposedCertificateRevocations)) -} - // Extra cases func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add 1 more trustee (this will bring the total trustee's to 4) - anotherTrustee := GenerateAccAddress() + anotherTrustee := utils.GenerateAccAddress() setup.AddAccount(anotherTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose revocation of x509 root certificate @@ -411,18 +538,23 @@ func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { require.NoError(t, err) // query and check proposed certificate revocation - proposedRevocation, _ := queryProposedCertificateRevocation(setup, testconstants.RootSerialNumber) + proposedRevocation, _ := utils.QueryProposedCertificateRevocation( + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + ) require.Equal(t, testconstants.RootSubject, proposedRevocation.Subject) require.Equal(t, testconstants.RootSubjectKeyID, proposedRevocation.SubjectKeyId) require.True(t, proposedRevocation.HasRevocationFrom(setup.Trustee1.String())) require.True(t, proposedRevocation.HasRevocationFrom(setup.Trustee2.String())) // check that approved certificate still exists - certificate, _ := querySingleApprovedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + certificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NotNil(t, certificate) // check that revoked certificate does not exist - _, err = queryRevokedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryRevokedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) @@ -432,11 +564,11 @@ func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { } func TestHandler_ApproveRevokeX509RootCert_ForEnoughApprovals(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -445,7 +577,7 @@ func TestHandler_ApproveRevokeX509RootCert_ForEnoughApprovals(t *testing.T) { require.NoError(t, err) // get certificate for further comparison - certificateBeforeRevocation, _ := querySingleApprovedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + certificateBeforeRevocation, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NotNil(t, certificateBeforeRevocation) // approve @@ -455,142 +587,44 @@ func TestHandler_ApproveRevokeX509RootCert_ForEnoughApprovals(t *testing.T) { require.NoError(t, err) // check that proposed certificate revocation does not exist anymore - _, err = queryProposedCertificateRevocation(setup, testconstants.RootSerialNumber) + _, err = utils.QueryProposedCertificateRevocation( + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + ) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that approved certificate does not exist anymore - _, err = queryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // query and check revoked certificate - revokedCertificate, _ := querySingleRevokedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, certificateBeforeRevocation, revokedCertificate) + revokedCertificates, _ := utils.QueryRevokedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + require.Equal(t, certificateBeforeRevocation.Certs, revokedCertificates.Certs) // check that unique certificate key stays registered require.True(t, setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) } -func TestHandler_ApproveRevokeX509RootCert_BySerialNumber(t *testing.T) { - setup := Setup(t) - - rootCertOpt := &rootCertOptions{ - pemCert: testconstants.RootCertWithSameSubjectAndSKID1, - subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - subjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - info: testconstants.Info, - vid: testconstants.Vid, - } - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOpt) - rootCertOpt.pemCert = testconstants.RootCertWithSameSubjectAndSKID2 - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOpt) - rootSubject := rootCertOpt.subject - rootSubjectKeyID := rootCertOpt.subjectKeyID - - // Add vendor account - vendorAccAddress := GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - - // Add an intermediate certificate - addIntermediateX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateWithSameSubjectAndSKID1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addIntermediateX509Cert) - require.NoError(t, err) - - intermediateSubject := testconstants.IntermediateCertWithSameSubjectAndSKIDSubject - intermediateSubjectKeyID := testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID - - // get certificates for further comparison - certsBeforeRevocation := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) - require.NotNil(t, certsBeforeRevocation) - require.Equal(t, 2, len(certsBeforeRevocation)) - require.Equal(t, 3, len(certsBeforeRevocation[0].Certs)+len(certsBeforeRevocation[1].Certs)) - - // propose revocation of root certificate with serial number "1" - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), rootSubject, rootSubjectKeyID, "1", false, testconstants.Info) - _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) - - // approve - approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), rootSubject, rootSubjectKeyID, "1", testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.NoError(t, err) - - // check that proposed certificate revocation does not exist anymore - _, err = queryProposedCertificateRevocation(setup, "1") - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that only two approved certificates exists(root and child certificates) - rootCerts, _ := queryApprovedRootCertificates(setup, rootSubject, rootSubjectKeyID) - require.Equal(t, 1, len(rootCerts)) - require.Equal(t, "2", rootCerts[0].SerialNumber) - certificates, err := queryApprovedCertificates(setup, intermediateSubject, intermediateSubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(certificates.Certs)) - - // query and check revoked certificate - revokedCertificate, _ := querySingleRevokedCertificate(setup, rootSubject, rootSubjectKeyID) - require.NotNil(t, revokedCertificate) - require.Equal(t, "1", revokedCertificate.SerialNumber) - - // propose revocation of root certificate with serial number "2" - proposeRevokeX509RootCert = types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), rootSubject, rootSubjectKeyID, "2", true, testconstants.Info) - _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) - - // approve - approveRevokeX509RootCert = types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), rootSubject, rootSubjectKeyID, "2", testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.NoError(t, err) - - // check that proposed certificate revocation does not exist anymore - _, err = queryProposedCertificateRevocation(setup, "2") - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that approved certificates does not exist anymore - certsAfterRevocation := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) - require.Equal(t, 0, len(certsAfterRevocation)) - certsAfterRevocationBySubjectID := setup.Keeper.GetAllApprovedCertificatesBySubjectKeyID(setup.Ctx) - require.Equal(t, 0, len(certsAfterRevocationBySubjectID)) - - // query all revoked certificates - allRevokedCerts, _ := queryAllRevokedCertificates(setup) - require.Equal(t, 2, len(allRevokedCerts)) - - // query and check revoked root certificates - revokedCerts, _ := queryRevokedCertificates(setup, rootSubject, rootSubjectKeyID) - require.Equal(t, 2, len(revokedCerts.Certs)) - require.Equal(t, rootSubject, revokedCerts.Subject) - require.Equal(t, rootSubjectKeyID, revokedCerts.SubjectKeyId) - // query and check revoked intermediate certificate - revokedCerts, _ = queryRevokedCertificates(setup, intermediateSubject, intermediateSubjectKeyID) - require.Equal(t, 1, len(revokedCerts.Certs)) - require.Equal(t, intermediateSubject, revokedCerts.Subject) - require.Equal(t, intermediateSubjectKeyID, revokedCerts.SubjectKeyId) -} - // Error cases func TestHandler_ProposeRevokeX509RootCert_ByNotTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Vendor, dclauthtypes.CertificationCenter, dclauthtypes.NodeAdmin, } { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // propose revocation of x509 root certificate @@ -603,7 +637,7 @@ func TestHandler_ProposeRevokeX509RootCert_ByNotTrustee(t *testing.T) { } func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExist(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose revocation of not existing certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -614,10 +648,10 @@ func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExist(t *testing.T) } func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExistBySerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // revoke x509 certificate revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( @@ -634,7 +668,7 @@ func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExistBySerialNumber } func TestHandler_ProposeRevokeX509RootCert_ForProposedCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -642,7 +676,7 @@ func TestHandler_ProposeRevokeX509RootCert_ForProposedCertificate(t *testing.T) require.NoError(t, err) // check that proposed certificate is present - proposedCertificate, _ := queryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.NotNil(t, proposedCertificate) // propose revocation of proposed root certificate @@ -654,11 +688,11 @@ func TestHandler_ProposeRevokeX509RootCert_ForProposedCertificate(t *testing.T) } func TestHandler_ProposeRevokeX509RootCert_ProposedRevocationAlreadyExists(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -667,7 +701,7 @@ func TestHandler_ProposeRevokeX509RootCert_ProposedRevocationAlreadyExists(t *te require.NoError(t, err) // store another trustee - anotherTrustee := GenerateAccAddress() + anotherTrustee := utils.GenerateAccAddress() setup.AddAccount(anotherTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose revocation of the same x509 root certificate again @@ -679,15 +713,15 @@ func TestHandler_ProposeRevokeX509RootCert_ProposedRevocationAlreadyExists(t *te } func TestHandler_ProposeRevokeX509RootCert_ForNonRootCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store x509 root certificate - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // store x509 intermediate certificate @@ -704,11 +738,11 @@ func TestHandler_ProposeRevokeX509RootCert_ForNonRootCertificate(t *testing.T) { } func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -721,7 +755,7 @@ func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { dclauthtypes.CertificationCenter, dclauthtypes.NodeAdmin, } { - accAddress := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // approve @@ -734,11 +768,11 @@ func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { } func TestHandler_ApproveRevokeX509RootCert_ProposedRevocationDoesNotExist(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // approve revocation of x509 root certificate approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( @@ -749,11 +783,11 @@ func TestHandler_ApproveRevokeX509RootCert_ProposedRevocationDoesNotExist(t *tes } func TestHandler_ApproveRevokeX509RootCert_Twice(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -770,9 +804,9 @@ func TestHandler_ApproveRevokeX509RootCert_Twice(t *testing.T) { } func TestHandler_RevocationPointsByIssuerSubjectKeyID(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 65521) // propose x509 root certificate by account Trustee1 @@ -859,9 +893,9 @@ func TestHandler_RevocationPointsByIssuerSubjectKeyID(t *testing.T) { } func TestHandler_AddRevocationPointForSameCertificateWithDifferentWhitespaces(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 65521) // propose x509 root certificate by account Trustee1 @@ -896,9 +930,9 @@ func TestHandler_AddRevocationPointForSameCertificateWithDifferentWhitespaces(t } func TestHandler_UpdateRevocationPointForSameCertificateWithDifferentWhitespaces(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 65521) // propose x509 root certificate by account Trustee1 @@ -947,3 +981,129 @@ func TestHandler_UpdateRevocationPointForSameCertificateWithDifferentWhitespaces require.Equal(t, revocationPointBySubjectKeyID.Points[0].CrlSignerCertificate, updatePkiRevocationDistributionPoint.CrlSignerCertificate) require.Equal(t, revocationPointBySubjectKeyID.Points[0].DataURL, updatePkiRevocationDistributionPoint.DataURL) } + +func proposeAndApproveCertificateRevocation( + t *testing.T, + setup *utils.TestSetup, + subject string, + subjectKeyID string, + serialNumber string, +) { + // revoke certificate + revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( + setup.Trustee1.String(), + subject, + subjectKeyID, + serialNumber, + false, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, revokeX509Cert) + require.NoError(t, err) + + aprRevokeX509Cert := types.NewMsgApproveRevokeX509RootCert( + setup.Trustee2.String(), + subject, + subjectKeyID, + serialNumber, + testconstants.Info) + _, err = setup.Handler(setup.Ctx, aprRevokeX509Cert) + require.NoError(t, err) +} + +func ensureDaRootCertificateIsProposedToRevoked( + t *testing.T, + setup *utils.TestSetup, + subject string, + subjectKeyID string, + serialNumber string, + issuer string, + revokedBy string, +) { + // Check: ProposedCertificateRevocation - present + proposedRevocation, _ := utils.QueryProposedCertificateRevocation( + setup, + subject, + subjectKeyID, + serialNumber, + ) + require.True(t, proposedRevocation.HasRevocationFrom(revokedBy)) + + // Check: DA + All + UniqueCertificate - present + utils.EnsureDaRootCertificateExist( + t, + setup, + subject, + subjectKeyID, + issuer, + serialNumber, + ) + + // Check: RevokedCertificates - missing + require.False(t, setup.Keeper.IsRevokedCertificatePresent(setup.Ctx, subject, subjectKeyID)) +} + +func ensureDaRootCertificateIsRevoked( + t *testing.T, + setup *utils.TestSetup, + subject string, + subjectKeyID string, + serialNumber string, + issuer string, + isRoot bool, + skipCheckBySubject bool, + skipCheckBySkid bool, +) { + // Check: RevokedCertificates - present + found := setup.Keeper.IsRevokedCertificatePresent( + setup.Ctx, + subject, + subjectKeyID, + ) + require.True(t, found) + + // Check: RevokedRootCertificates - present + found = utils.IsRevokedRootCertificatePresent( + setup, + subject, + subjectKeyID, + ) + require.True(t, found) + + // Check: UniqueCertificate - present + found = setup.Keeper.IsUniqueCertificatePresent( + setup.Ctx, + issuer, + serialNumber, + ) + require.True(t, found) + + // Check: DA - missing + utils.EnsureCertificateNotPresentInDaCertificateIndexes( + t, + setup, + subject, + subjectKeyID, + isRoot, + skipCheckBySubject, + skipCheckBySkid, + ) + + // Check: All - missing + utils.EnsureGlobalCertificateNotExist( + t, + setup, + subject, + subjectKeyID, + skipCheckBySubject, + skipCheckBySkid, + ) + + // Check: ProposedCertificateRevocation - missing + found = setup.Keeper.IsProposedCertificateRevocationPresent( + setup.Ctx, + subject, + subjectKeyID, + serialNumber, + ) + require.False(t, found) +} diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index 8c7bcc451..ca618ff9b 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -16,23 +17,23 @@ import ( // Main func TestHandler_RevokeDaIntermediateCert(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCertOptions := &rootCertOptions{ - pemCert: testconstants.RootCertPem, - subject: testconstants.RootSubject, - subjectKeyID: testconstants.RootSubjectKeyID, - info: testconstants.Info, - vid: testconstants.RootCertWithVidVid, + rootCertOptions := &utils.RootCertOptions{ + PemCert: testconstants.RootCertPem, + Subject: testconstants.RootSubject, + SubjectKeyID: testconstants.RootSubjectKeyID, + Info: testconstants.Info, + Vid: testconstants.RootCertWithVidVid, } - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add intermediate certificate - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) // revoke intermediate certificate revokeX509Cert := types.NewMsgRevokeX509Cert( @@ -47,7 +48,7 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { require.NoError(t, err) // Check: Revoked - present - allRevokedCertificates, _ := queryAllRevokedCertificates(setup) + allRevokedCertificates, _ := utils.QueryAllRevokedCertificates(setup) require.Equal(t, 1, len(allRevokedCertificates)) require.Equal(t, testconstants.IntermediateSubject, allRevokedCertificates[0].Subject) require.Equal(t, testconstants.IntermediateSubjectKeyID, allRevokedCertificates[0].SubjectKeyId) @@ -67,22 +68,24 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { require.False(t, found) // Check: All - missing - ensureGlobalCertificateNotExist( + utils.EnsureGlobalCertificateNotExist( t, setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, false, + false, ) // Check: DA - missing - ensureCertificateNotPresentInDaCertificateIndexes( + utils.EnsureCertificateNotPresentInDaCertificateIndexes( t, setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, false, false, + false, ) // Check: child certificate - missing @@ -93,7 +96,7 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { require.False(t, found) // Check: Root stays approved - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootSubject, @@ -103,20 +106,20 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { } func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add root x509 certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add intermediate x509 certificate - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) // add leaf x509 certificate - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) // revoke x509 certificate revokeX509Cert := types.NewMsgRevokeX509Cert( @@ -131,7 +134,7 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { require.NoError(t, err) // check that intermediate certificate has been revoked - allRevokedCertificates, _ := queryAllRevokedCertificates(setup) + allRevokedCertificates, _ := utils.QueryAllRevokedCertificates(setup) require.Equal(t, 2, len(allRevokedCertificates)) require.Equal(t, testconstants.LeafSubject, allRevokedCertificates[0].Subject) require.Equal(t, testconstants.LeafSubjectKeyID, allRevokedCertificates[0].SubjectKeyId) @@ -143,7 +146,7 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { require.Equal(t, testconstants.IntermediateCertPem, allRevokedCertificates[1].Certs[0].PemCert) // check that root certificate stays approved - ensureDaRootCertificateExist( + utils.EnsureDaRootCertificateExist( t, setup, testconstants.RootSubject, @@ -152,52 +155,52 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { testconstants.RootSerialNumber) // check that no proposed certificate revocations have been created - allProposedCertificateRevocations, _ := queryAllProposedCertificateRevocations(setup) + allProposedCertificateRevocations, _ := utils.QueryAllProposedCertificateRevocations(setup) require.NoError(t, err) require.Equal(t, 0, len(allProposedCertificateRevocations)) // check that no child certificate identifiers are now registered for root certificate - _, err = queryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that no child certificate identifiers are registered for revoked intermediate certificate - _, err = queryChildCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + _, err = utils.QueryChildCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that no child certificate identifiers are registered for revoked leaf certificate - _, err = queryChildCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) + _, err = utils.QueryChildCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) } func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add two intermediate certificates - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) - intermediateCertificate := intermediateCertificateNoVid(vendorAccAddress) - intermediateCertificate.SerialNumber = SerialNumber + intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) + intermediateCertificate.SerialNumber = utils.SerialNumber setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, intermediateCertificate) setup.Keeper.AddApprovedCertificateBySubjectKeyID(setup.Ctx, intermediateCertificate) setup.Keeper.SetUniqueCertificate( setup.Ctx, - uniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), + utils.UniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), ) // Add a leaf certificate - addDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) @@ -218,43 +221,53 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { require.NoError(t, err) // check that proposed certificate revocation does not exist anymore - _, err = queryProposedCertificateRevocation(setup, testconstants.IntermediateSerialNumber) + _, err = utils.QueryProposedCertificateRevocation( + setup, + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID, + testconstants.IntermediateSerialNumber, + ) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that only root, intermediate and leaf certificates exists - allCerts, _ = queryAllApprovedCertificates(setup) + allCerts, _ = utils.QueryAllApprovedCertificates(setup) require.Equal(t, 3, len(allCerts)) require.Equal(t, 3, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) - intermediateCerts, _ := queryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + intermediateCerts, _ := utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Equal(t, 1, len(intermediateCerts.Certs)) - require.Equal(t, SerialNumber, intermediateCerts.Certs[0].SerialNumber) + require.Equal(t, utils.SerialNumber, intermediateCerts.Certs[0].SerialNumber) - leafCerts, _ := queryApprovedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) + leafCerts, _ := utils.QueryApprovedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) require.Equal(t, 1, len(leafCerts.Certs)) require.Equal(t, testconstants.LeafSerialNumber, leafCerts.Certs[0].SerialNumber) // query and check revoked certificate - revokedCertificate, _ := querySingleRevokedCertificate(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + revokedCertificate, _ := utils.QueryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.NotNil(t, revokedCertificate) - require.Equal(t, testconstants.IntermediateSubject, revokedCertificate.Subject) - require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCertificate.SubjectKeyId) - require.Equal(t, testconstants.IntermediateSerialNumber, revokedCertificate.SerialNumber) + require.Equal(t, testconstants.IntermediateSubject, revokedCertificate.Certs[0].Subject) + require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCertificate.Certs[0].SubjectKeyId) + require.Equal(t, testconstants.IntermediateSerialNumber, revokedCertificate.Certs[0].SerialNumber) // revoke intermediate and leaf certificates revokeX509Cert = types.NewMsgRevokeX509Cert( vendorAccAddress.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, - SerialNumber, + utils.SerialNumber, true, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) - _, err = queryProposedCertificateRevocation(setup, testconstants.IntermediateSerialNumber) + _, err = utils.QueryProposedCertificateRevocation( + setup, + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID, + testconstants.IntermediateSerialNumber, + ) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) @@ -265,13 +278,13 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { require.Equal(t, testconstants.RootSerialNumber, certsAfterRevocation[0].Certs[0].SerialNumber) // query and check revoked certificate - revokedCerts, _ := queryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + revokedCerts, _ := utils.QueryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Equal(t, 2, len(revokedCerts.Certs)) require.Equal(t, testconstants.IntermediateSubject, revokedCerts.Subject) require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCerts.SubjectKeyId) // query and check revoked certificate - revokedCerts, _ = queryRevokedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) + revokedCerts, _ = utils.QueryRevokedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) require.Equal(t, 1, len(revokedCerts.Certs)) require.Equal(t, testconstants.LeafSubject, revokedCerts.Subject) require.Equal(t, testconstants.LeafSubjectKeyID, revokedCerts.SubjectKeyId) @@ -280,15 +293,15 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { // Extra cases func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) // add first vendor account with VID = 1 - vendorAccAddress1 := GenerateAccAddress() + vendorAccAddress1 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add x509 certificate by first vendor account @@ -297,7 +310,7 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { require.NoError(t, err) // add second vendor account with VID = 1 - vendorAccAddress2 := GenerateAccAddress() + vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // revoke x509 certificate by second vendor account @@ -313,24 +326,24 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { require.NoError(t, err) // check that intermediate certificate has been added to revoked list - revokedCertificates, _ := queryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + revokedCertificates, _ := utils.QueryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Equal(t, testconstants.IntermediateSubject, revokedCertificates.Subject) require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCertificates.SubjectKeyId) require.Equal(t, 1, len(revokedCertificates.Certs)) - require.Equal(t, intermediateCertificateNoVid(vendorAccAddress1), *revokedCertificates.Certs[0]) + require.Equal(t, utils.IntermediateCertificateNoVid(vendorAccAddress1), *revokedCertificates.Certs[0]) // check that revoked certificate removed from approved certificates list - _, err = queryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) + _, err = utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that revoked certificate removed from 'approved certificates' by subject list - _, err = queryApprovedCertificatesBySubject(setup, testconstants.IntermediateSubject) + _, err = utils.QueryApprovedCertificatesBySubject(setup, testconstants.IntermediateSubject) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) // check that revoked certificate removed from 'approved certificates' by SKID list - approvedCerts, err := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) + approvedCerts, err := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) require.NoError(t, err) require.Equal(t, 0, len(approvedCerts)) @@ -342,10 +355,10 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { // Error cases func TestHandler_RevokeX509Cert_CertificateDoesNotExist(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // revoke x509 certificate @@ -363,13 +376,13 @@ func TestHandler_RevokeX509Cert_CertificateDoesNotExist(t *testing.T) { } func TestHandler_RevokeX509Cert_CertificateDoesNotExistBySerialNumber(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // Add intermediate certificate @@ -392,14 +405,14 @@ func TestHandler_RevokeX509Cert_CertificateDoesNotExistBySerialNumber(t *testing } func TestHandler_RevokeX509Cert_ForRootCertificate(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := createTestRootCertOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // revoke x509 root certificate @@ -417,15 +430,15 @@ func TestHandler_RevokeX509Cert_ForRootCertificate(t *testing.T) { } func TestHandler_RevokeX509Cert_ByOtherVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertificate := rootCertificate(setup.Trustee1) + rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) // add first vendor account with VID = 1 - vendorAccAddress1 := GenerateAccAddress() + vendorAccAddress1 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // add x509 certificate by first vendor account @@ -434,7 +447,7 @@ func TestHandler_RevokeX509Cert_ByOtherVendor(t *testing.T) { require.NoError(t, err) // add second vendor account with VID = 1000 - vendorAccAddress2 := GenerateAccAddress() + vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) // revoke x509 certificate by second vendor account @@ -452,14 +465,14 @@ func TestHandler_RevokeX509Cert_ByOtherVendor(t *testing.T) { } func TestHandler_RevokeX509Cert_SenderNotVendor(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) // store root certificate - rootCertOptions := createRootWithVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateRootWithVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := GenerateAccAddress() + vendorAccAddress := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) // add x509 certificate diff --git a/x/pki/tests/handler_test.go b/x/pki/tests/handler_test.go deleted file mode 100644 index 93dcb902a..000000000 --- a/x/pki/tests/handler_test.go +++ /dev/null @@ -1,1403 +0,0 @@ -package tests - -import ( - "context" - "testing" - - "github.com/cosmos/cosmos-sdk/testutil/testdata" - sdk "github.com/cosmos/cosmos-sdk/types" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - - testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" - testkeeper "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/keeper" - dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/keeper" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" -) - -const SerialNumber = "12345678" - -type DclauthKeeperMock struct { - mock.Mock -} - -func (m *DclauthKeeperMock) HasRole( - ctx sdk.Context, - addr sdk.AccAddress, - roleToCheck dclauthtypes.AccountRole, -) bool { - args := m.Called(ctx, addr, roleToCheck) - - return args.Bool(0) -} - -func (m *DclauthKeeperMock) CountAccountsWithRole(ctx sdk.Context, roleToCount dclauthtypes.AccountRole) int { - args := m.Called(ctx, roleToCount) - - return args.Int(0) -} - -func (m *DclauthKeeperMock) GetAccountO( - ctx sdk.Context, - address sdk.AccAddress, -) (val dclauthtypes.Account, found bool) { - args := m.Called(ctx, address) - - return args.Get(0).(dclauthtypes.Account), args.Bool(1) -} - -var _ types.DclauthKeeper = &DclauthKeeperMock{} - -type TestSetup struct { - T *testing.T - // Cdc *amino.Codec - Ctx sdk.Context - Wctx context.Context - Keeper *keeper.Keeper - DclauthKeeper *DclauthKeeperMock - Handler sdk.Handler - // Querier sdk.Querier - Trustee1 sdk.AccAddress - Trustee2 sdk.AccAddress - Trustee3 sdk.AccAddress -} - -// Remove a item from ExpectedCalls Array and return it. -func removeItemFromExpectedCalls(expectedCalls []*mock.Call, methodName string) { - for i, call := range expectedCalls { - if call.Method == methodName { - expectedCalls = append(expectedCalls[:i], expectedCalls[i+1:]...) - } - } -} - -func (setup *TestSetup) CreateVendorAccount(vid int32) sdk.AccAddress { - accAddress := GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - - return accAddress -} - -func (setup *TestSetup) AddAccount( - accAddress sdk.AccAddress, - roles []dclauthtypes.AccountRole, - vid int32, -) { - dclauthKeeper := setup.DclauthKeeper - currentTrusteeCount := 0 - // if the CountAccountsWithRole is present get the value from the mock call - for _, expectedCall := range dclauthKeeper.ExpectedCalls { - if expectedCall.Method == "CountAccountsWithRole" { - currentTrusteeCount = dclauthKeeper.CountAccountsWithRole(setup.Ctx, dclauthtypes.Trustee) - } - } - - for _, role := range roles { - dclauthKeeper.On("HasRole", mock.Anything, accAddress, role).Return(true) - if role == dclauthtypes.Trustee { - currentTrusteeCount++ - // We remove the call to CountAccountsWithRole from the expected calls and add it back with the new value - removeItemFromExpectedCalls(dclauthKeeper.ExpectedCalls, "CountAccountsWithRole") - dclauthKeeper.On("CountAccountsWithRole", setup.Ctx, dclauthtypes.Trustee).Return(currentTrusteeCount) - } - } - - dclauthKeeper.On("GetAccountO", setup.Ctx, accAddress).Return(dclauthtypes.Account{VendorID: vid}, true) - dclauthKeeper.On("HasRole", mock.Anything, accAddress, mock.Anything).Return(false) -} - -func GenerateAccAddress() sdk.AccAddress { - _, _, accAddress := testdata.KeyTestPubAddr() - - return accAddress -} - -func Setup(t *testing.T) *TestSetup { - t.Helper() - dclauthKeeper := &DclauthKeeperMock{} - keeper, ctx := testkeeper.PkiKeeper(t, dclauthKeeper) - - setup := &TestSetup{ - T: t, - Ctx: ctx, - Wctx: sdk.WrapSDKContext(ctx), - Keeper: keeper, - DclauthKeeper: dclauthKeeper, - Handler: pki.NewHandler(*keeper), - Trustee1: GenerateAccAddress(), - Trustee2: GenerateAccAddress(), - Trustee3: GenerateAccAddress(), - } - - setup.AddAccount(setup.Trustee1, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 65521) - setup.AddAccount(setup.Trustee2, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) - setup.AddAccount(setup.Trustee3, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 2) - - return setup -} - -type rootCertOptions struct { - pemCert string - info string - subject string - subjectKeyID string - vid int32 -} - -func createTestRootCertOptions() *rootCertOptions { - return &rootCertOptions{ - pemCert: testconstants.RootCertPem, - info: testconstants.Info, - subject: testconstants.RootSubject, - subjectKeyID: testconstants.RootSubjectKeyID, - vid: testconstants.Vid, - } -} - -func createRootWithVidOptions() *rootCertOptions { - return &rootCertOptions{ - pemCert: testconstants.RootCertWithVid, - info: testconstants.Info, - subject: testconstants.RootCertWithVidSubject, - subjectKeyID: testconstants.RootCertWithVidSubjectKeyID, - vid: testconstants.RootCertWithVidVid, - } -} - -func createPAACertWithNumericVidOptions() *rootCertOptions { - return &rootCertOptions{ - pemCert: testconstants.PAACertWithNumericVid, - info: testconstants.Info, - subject: testconstants.PAACertWithNumericVidSubject, - subjectKeyID: testconstants.PAACertWithNumericVidSubjectKeyID, - vid: testconstants.PAACertWithNumericVidVid, - } -} - -func createPAACertNoVidOptions(vid int32) *rootCertOptions { - return &rootCertOptions{ - pemCert: testconstants.PAACertNoVid, - info: testconstants.Info, - subject: testconstants.PAACertNoVidSubject, - subjectKeyID: testconstants.PAACertNoVidSubjectKeyID, - vid: vid, - } -} - -func proposeAndApproveRootCertificate(setup *TestSetup, ownerTrustee sdk.AccAddress, options *rootCertOptions) { - // ensure that `ownerTrustee` is trustee to eventually have enough approvals - require.True(setup.T, setup.DclauthKeeper.HasRole(setup.Ctx, ownerTrustee, types.RootCertificateApprovalRole)) - - // propose x509 root certificate by `ownerTrustee` - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(ownerTrustee.String(), options.pemCert, options.info, options.vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(setup.T, err) - - // approve x509 root certificate by another trustee - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), options.subject, options.subjectKeyID, options.info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(setup.T, err) - - // check that root certificate has been approved - approvedCertificate, err := queryApprovedCertificates( - setup, options.subject, options.subjectKeyID) - require.NoError(setup.T, err) - require.NotNil(setup.T, approvedCertificate) -} - -func queryProposedCertificate( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.ProposedCertificate, error) { - // query proposed certificate - req := &types.QueryGetProposedCertificateRequest{ - Subject: subject, - SubjectKeyId: subjectKeyID, - } - - resp, err := setup.Keeper.ProposedCertificate(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.ProposedCertificate, nil -} - -func queryAllNocCertificates(setup *TestSetup) ([]types.NocCertificates, error) { - // query all certificates - return _queryAllNocCertificates(setup, "") -} - -func queryAllApprovedCertificates(setup *TestSetup) ([]types.ApprovedCertificates, error) { - // query all certificates - return _queryAllApprovedCertificates(setup, "") -} - -func queryAllApprovedCertificatesBySubjectKeyID(setup *TestSetup, subjectKeyID string) ([]types.ApprovedCertificates, error) { - // query all certificates - return _queryAllApprovedCertificates(setup, subjectKeyID) -} - -func _queryAllApprovedCertificates(setup *TestSetup, subjectKeyID string) ([]types.ApprovedCertificates, error) { - // query all certificates - req := &types.QueryAllApprovedCertificatesRequest{ - SubjectKeyId: subjectKeyID, - } - - resp, err := setup.Keeper.ApprovedCertificatesAll(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return resp.ApprovedCertificates, nil -} - -func querySingleApprovedCertificate( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.Certificate, error) { - certificates, err := queryApprovedCertificates(setup, subject, subjectKeyID) - if err != nil { - return nil, err - } - - if len(certificates.Certs) > 1 { - require.Fail(setup.T, "More than 1 certificate returned") - } - - return certificates.Certs[0], nil -} - -func querySingleApprovedRootCertificate( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.Certificate, error) { - certificates, err := queryApprovedRootCertificates(setup, subject, subjectKeyID) - if err != nil { - return nil, err - } - - if len(certificates) > 1 { - require.Fail(setup.T, "More than 1 certificate returned") - } - - return certificates[0], nil -} - -func queryApprovedCertificates( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.ApprovedCertificates, error) { - // query certificate - req := &types.QueryGetApprovedCertificatesRequest{ - Subject: subject, - SubjectKeyId: subjectKeyID, - } - - resp, err := setup.Keeper.ApprovedCertificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.ApprovedCertificates, nil -} - -func queryApprovedCertificatesBySubject( - setup *TestSetup, - subject string, -) (*types.ApprovedCertificatesBySubject, error) { - // query certificate - req := &types.QueryGetApprovedCertificatesBySubjectRequest{ - Subject: subject, - } - - resp, err := setup.Keeper.ApprovedCertificatesBySubject(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.ApprovedCertificatesBySubject, nil -} - -func queryApprovedRootCertificates( - setup *TestSetup, - subject string, - subjectKeyID string, -) ([]*types.Certificate, error) { - resp, err := queryApprovedCertificates(setup, subject, subjectKeyID) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - var list []*types.Certificate - for _, cert := range resp.Certs { - if cert.IsRoot { - list = append(list, cert) - } - } - - return list, nil -} - -func queryAllProposedCertificateRevocations(setup *TestSetup) ([]types.ProposedCertificateRevocation, error) { - // query all proposed certificate revocations - req := &types.QueryAllProposedCertificateRevocationRequest{} - - resp, err := setup.Keeper.ProposedCertificateRevocationAll(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return resp.ProposedCertificateRevocation, nil -} - -func queryProposedCertificateRevocation( - setup *TestSetup, - serialNumber string, -) (*types.ProposedCertificateRevocation, error) { - // query proposed certificate revocation - req := &types.QueryGetProposedCertificateRevocationRequest{ - Subject: testconstants.RootSubject, - SubjectKeyId: testconstants.RootSubjectKeyID, - SerialNumber: serialNumber, - } - - resp, err := setup.Keeper.ProposedCertificateRevocation(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.ProposedCertificateRevocation, nil -} - -func queryAllRevokedCertificates(setup *TestSetup) ([]types.RevokedCertificates, error) { - // query all revoked certificates - req := &types.QueryAllRevokedCertificatesRequest{} - - resp, err := setup.Keeper.RevokedCertificatesAll(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return resp.RevokedCertificates, nil -} - -func querySingleRevokedCertificate( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.Certificate, error) { - certificates, err := queryRevokedCertificates(setup, subject, subjectKeyID) - if err != nil { - return nil, err - } - - if len(certificates.Certs) > 1 { - require.Fail(setup.T, "More than 1 certificate returned") - } - - return certificates.Certs[0], nil -} - -func queryRevokedCertificates( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.RevokedCertificates, error) { - // query revoked certificate - req := &types.QueryGetRevokedCertificatesRequest{ - Subject: subject, - SubjectKeyId: subjectKeyID, - } - - resp, err := setup.Keeper.RevokedCertificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.RevokedCertificates, nil -} - -func queryRevokedRootCertificates(setup *TestSetup) (*types.RevokedRootCertificates, error) { - // query revoked root certificate - req := &types.QueryGetRevokedRootCertificatesRequest{} - - resp, err := setup.Keeper.RevokedRootCertificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.RevokedRootCertificates, nil -} - -func queryChildCertificates( - setup *TestSetup, - issuer string, - authorityKeyID string, -) (*types.ChildCertificates, error) { - // query certificate - req := &types.QueryGetChildCertificatesRequest{ - Issuer: issuer, - AuthorityKeyId: authorityKeyID, - } - - resp, err := setup.Keeper.ChildCertificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.ChildCertificates, nil -} - -//nolint:unparam -func queryRejectedCertificate( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.Certificate, error) { - certificates, err := queryRejectedCertificates(setup, subject, subjectKeyID) - if err != nil { - return nil, err - } - - if len(certificates.Certs) > 1 { - require.Fail(setup.T, "More than 1 certificate returned") - } - - return certificates.Certs[0], nil -} - -func queryRejectedCertificates( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.RejectedCertificate, error) { - req := &types.QueryGetRejectedCertificatesRequest{ - Subject: subject, - SubjectKeyId: subjectKeyID, - } - - resp, err := setup.Keeper.RejectedCertificate(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.RejectedCertificate, nil -} - -func queryAllNocCertificatesBySubjectKeyID(setup *TestSetup, subjectKeyID string) ([]types.NocCertificates, error) { - // query all noc certificates - return _queryAllNocCertificates(setup, subjectKeyID) -} - -func _queryAllNocCertificates(setup *TestSetup, subjectKeyID string) ([]types.NocCertificates, error) { - // query all certificates - req := &types.QueryNocCertificatesRequest{ - SubjectKeyId: subjectKeyID, - } - - resp, err := setup.Keeper.NocCertificatesAll(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return resp.NocCertificates, nil -} - -func querySingleNocCertificate( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.Certificate, error) { - certificates, err := queryNocCertificates(setup, subject, subjectKeyID) - if err != nil { - return nil, err - } - - if len(certificates.Certs) > 1 { - require.Fail(setup.T, "More than 1 certificate returned") - } - - return certificates.Certs[0], nil -} - -func querySingleNocRootCertificateByVid( - setup *TestSetup, - vid int32, -) (*types.Certificate, error) { - certificates, err := queryNocRootCertificatesByVid(setup, vid) - if err != nil { - return nil, err - } - - if len(certificates.Certs) > 1 { - require.Fail(setup.T, "More than 1 certificate returned") - } - - return certificates.Certs[0], nil -} - -func queryNocRootCertificatesByVid( - setup *TestSetup, - vid int32, -) (*types.NocRootCertificates, error) { - // query certificate - req := &types.QueryGetNocRootCertificatesRequest{Vid: vid} - - resp, err := setup.Keeper.NocRootCertificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.NocRootCertificates, nil -} - -func querySingleNocIcaCertificateByVid( - setup *TestSetup, - vid int32, -) (*types.Certificate, error) { - certificates, err := queryNocIcaCertificatesByVid(setup, vid) - if err != nil { - return nil, err - } - - if len(certificates.Certs) > 1 { - require.Fail(setup.T, "More than 1 certificate returned") - } - - return certificates.Certs[0], nil -} - -func queryNocIcaCertificatesByVid( - setup *TestSetup, - vid int32, -) (*types.NocIcaCertificates, error) { - // query certificate - req := &types.QueryGetNocIcaCertificatesRequest{Vid: vid} - - resp, err := setup.Keeper.NocIcaCertificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.NocIcaCertificates, nil -} - -func queryNocCertificates( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.NocCertificates, error) { - // query certificate - req := &types.QueryGetNocCertificatesRequest{ - Subject: subject, - SubjectKeyId: subjectKeyID, - } - - resp, err := setup.Keeper.NocCertificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.NocCertificates, nil -} - -func queryNocCertificatesBySubject( - setup *TestSetup, - subject string, -) (*types.NocCertificatesBySubject, error) { - // query certificate - req := &types.QueryGetNocCertificatesBySubjectRequest{ - Subject: subject, - } - - resp, err := setup.Keeper.NocCertificatesBySubject(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.NocCertificatesBySubject, nil -} - -func querySingleNocCertificateByVidAndSkid( - setup *TestSetup, - vid int32, - subjectKeyID string, -) (*types.Certificate, float32, error) { - certificates, err := queryNocCertificatesByVidAndSkid(setup, vid, subjectKeyID) - if err != nil { - return nil, 0, err - } - - if len(certificates.Certs) > 1 { - require.Fail(setup.T, "More than 1 certificate returned") - } - - return certificates.Certs[0], certificates.Tq, nil -} - -func queryNocCertificatesByVidAndSkid( - setup *TestSetup, - vid int32, - subjectKeyID string, -) (*types.NocCertificatesByVidAndSkid, error) { - // query certificate - req := &types.QueryGetNocCertificatesByVidAndSkidRequest{Vid: vid, SubjectKeyId: subjectKeyID} - - resp, err := setup.Keeper.NocCertificatesByVidAndSkid(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.NocCertificatesByVidAndSkid, nil -} - -func queryNocRootCertificates( - setup *TestSetup, - vid int32, -) (*types.NocRootCertificates, error) { - // query certificate - req := &types.QueryGetNocRootCertificatesRequest{Vid: vid} - - resp, err := setup.Keeper.NocRootCertificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.NocRootCertificates, nil -} - -func queryRevokedNocRootCertificates(setup *TestSetup, subject, subjectKeyID string) (*types.RevokedNocRootCertificates, error) { //nolint:unparam - // query certificate - req := &types.QueryGetRevokedNocRootCertificatesRequest{Subject: subject, SubjectKeyId: subjectKeyID} - - resp, err := setup.Keeper.RevokedNocRootCertificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.RevokedNocRootCertificates, nil -} - -func queryAllRevokedNocIcaCertificates(setup *TestSetup) ([]types.RevokedNocIcaCertificates, error) { //nolint:unparam - // query certificate - req := &types.QueryAllRevokedNocIcaCertificatesRequest{} - - resp, err := setup.Keeper.RevokedNocIcaCertificatesAll(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return resp.RevokedNocIcaCertificates, nil -} - -func queryRevokedNocIcaCertificates(setup *TestSetup, subject, subjectKeyID string) (*types.RevokedNocIcaCertificates, error) { //nolint:unparam - // query certificate - req := &types.QueryGetRevokedNocIcaCertificatesRequest{Subject: subject, SubjectKeyId: subjectKeyID} - - resp, err := setup.Keeper.RevokedNocIcaCertificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.RevokedNocIcaCertificates, nil -} - -func queryAllCertificatesBySubjectKeyID(setup *TestSetup, subjectKeyID string) ([]types.AllCertificates, error) { - // query all certificates - return _queryAllCertificates(setup, subjectKeyID) -} - -func _queryAllCertificates(setup *TestSetup, subjectKeyID string) ([]types.AllCertificates, error) { - // query all certificates - req := &types.QueryAllCertificatesRequest{ - SubjectKeyId: subjectKeyID, - } - - resp, err := setup.Keeper.CertificatesAll(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return resp.Certificates, nil -} - -func queryCertificatesFromAllCertificatesIndex( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.AllCertificates, error) { - // query certificate - req := &types.QueryGetCertificatesRequest{ - Subject: subject, - SubjectKeyId: subjectKeyID, - } - - resp, err := setup.Keeper.Certificates(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.Certificates, nil -} - -func querySingleCertificateFromAllCertificatesIndex( - setup *TestSetup, - subject string, - subjectKeyID string, -) (*types.Certificate, error) { - certificates, err := queryCertificatesFromAllCertificatesIndex(setup, subject, subjectKeyID) - if err != nil { - return nil, err - } - - if len(certificates.Certs) > 1 { - require.Fail(setup.T, "More than 1 certificate returned") - } - - return certificates.Certs[0], nil -} - -func queryCertificatesBySubjectFromAllCertificatesIndex( - setup *TestSetup, - subject string, -) (*types.AllCertificatesBySubject, error) { - // query certificate - req := &types.QueryGetAllCertificatesBySubjectRequest{ - Subject: subject, - } - - resp, err := setup.Keeper.AllCertificatesBySubject(setup.Wctx, req) - if err != nil { - require.Nil(setup.T, resp) - - return nil, err - } - - require.NotNil(setup.T, resp) - - return &resp.AllCertificatesBySubject, nil -} - -func rootCertificate(address sdk.AccAddress) types.Certificate { - return types.NewRootCertificate( - testconstants.RootCertPem, - testconstants.RootSubject, - testconstants.RootSubjectAsText, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - address.String(), - []*types.Grant{}, - []*types.Grant{}, - testconstants.Vid, - testconstants.SchemaVersion, - ) -} - -func intermediateCertificateNoVid(address sdk.AccAddress) types.Certificate { - return types.NewNonRootCertificate( - testconstants.IntermediateCertPem, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectAsText, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, - testconstants.IntermediateIssuer, - testconstants.IntermediateAuthorityKeyID, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - address.String(), - 0, - testconstants.SchemaVersion, - ) -} - -func uniqueCertificate(issuer string, serialNumber string) types.UniqueCertificate { - return types.UniqueCertificate{ - Issuer: issuer, - SerialNumber: serialNumber, - Present: true, - } -} - -func certificateIdentifier(subject string, subjectKeyID string) types.CertificateIdentifier { - return types.CertificateIdentifier{ - Subject: subject, - SubjectKeyId: subjectKeyID, - } -} - -func ensureUniqueCertificateCertificateExist( - t *testing.T, - setup *TestSetup, - issuer string, - serialNumber string, -) { - t.Helper() - - // UniqueCertificate: check that unique certificate key registered - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, issuer, serialNumber)) -} - -func ensureUniqueCertificateCertificateNotExist( - t *testing.T, - setup *TestSetup, - issuer string, - serialNumber string, - skipCheck bool, -) { - t.Helper() - - if !skipCheck { - // UniqueCertificate: check that unique certificate key registered - found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, issuer, serialNumber) - require.False(t, found) - } -} - -func ensureGlobalCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - serialNumber string, - skipCheckForSubject bool, // TODO: FIX constants and eliminate this condition -) { - t.Helper() - - // AllCertificate: Subject and SKID - allCertificate, err := querySingleCertificateFromAllCertificatesIndex(setup, subject, subjectKeyID) - require.NoError(t, err) - require.Equal(t, subject, allCertificate.Subject) - require.Equal(t, subjectKeyID, allCertificate.SubjectKeyId) - require.Equal(t, serialNumber, allCertificate.SerialNumber) - - // AllCertificate: SKID - certificateBySubjectKeyID, _ := queryAllCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Len(t, certificateBySubjectKeyID, 1) - require.Len(t, certificateBySubjectKeyID[0].Certs, 1) - - if !skipCheckForSubject { - // AllCertificate: Subject - allCertificatesBySubject, err := queryCertificatesBySubjectFromAllCertificatesIndex(setup, subject) - require.NoError(t, err) - require.Len(t, allCertificatesBySubject.SubjectKeyIds, 1) - require.Equal(t, subjectKeyID, allCertificatesBySubject.SubjectKeyIds[0]) - } -} - -func ensureGlobalCertificateNotExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - skipCheckForSubject bool, // TODO: FIX constants and eliminate this condition -) { - t.Helper() - - // All certificates indexes checks - - // AllCertificate: Subject and SKID - _, err := querySingleCertificateFromAllCertificatesIndex(setup, subject, subjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // AllCertificate: SKID - certificatesBySubjectKeyID, _ := queryAllCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - - if !skipCheckForSubject { - // AllCertificate: Subject - _, err = queryCertificatesBySubjectFromAllCertificatesIndex(setup, subject) - require.Equal(t, codes.NotFound, status.Code(err)) - } -} - -func ensureCertificatePresentInDaCertificateIndexes( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - serialNumber string, - isRoot bool, - skipCheckForSubject bool, // TODO: FIX constants and eliminate this condition -) { - t.Helper() - - // DaCertificates: Subject and SKID - approvedCertificate, _ := querySingleApprovedCertificate(setup, subject, subjectKeyID) - require.Equal(t, subject, approvedCertificate.Subject) - require.Equal(t, subjectKeyID, approvedCertificate.SubjectKeyId) - require.Equal(t, serialNumber, approvedCertificate.SerialNumber) - require.Equal(t, isRoot, approvedCertificate.IsRoot) - - if isRoot { - // DaCertificates: Root Subject and SKID - approvedRootCertificate, _ := querySingleApprovedRootCertificate(setup, subject, subjectKeyID) - require.Equal(t, subject, approvedRootCertificate.Subject) - require.Equal(t, subjectKeyID, approvedRootCertificate.SubjectKeyId) - require.Equal(t, serialNumber, approvedRootCertificate.SerialNumber) - require.Equal(t, isRoot, approvedRootCertificate.IsRoot) - } - - // DaCertificates: SKID - certificateBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Len(t, certificateBySubjectKeyID, 1) - require.Len(t, certificateBySubjectKeyID[0].Certs, 1) - - if !skipCheckForSubject { - // DACertificates: Subject - certificatesBySubject, err := queryApprovedCertificatesBySubject(setup, subject) - require.NoError(t, err) - require.Len(t, certificatesBySubject.SubjectKeyIds, 1) - require.Equal(t, subjectKeyID, certificatesBySubject.SubjectKeyIds[0]) - } -} - -func ensureCertificateNotPresentInDaCertificateIndexes( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - isRoot bool, - skipCheckForSubject bool, // TODO: FIX constants and eliminate this condition -) { - t.Helper() - - // DA certificates indexes checks - - // DaCertificates: Subject and SKID - _, err := querySingleApprovedCertificate(setup, subject, subjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - if isRoot { - // DaCertificates: Root Subject and SKID - _, err := querySingleApprovedRootCertificate(setup, subject, subjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } - - // DaCertificates: SubjectKeyID - certificatesBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - - if !skipCheckForSubject { - // NocCertificates: Subject - _, err = queryApprovedCertificatesBySubject(setup, subject) - require.Equal(t, codes.NotFound, status.Code(err)) - } -} - -func ensureCertificatePresentInNocCertificateIndexes( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - serialNumber string, - vid int32, - isRoot bool, - skipCheckByVid bool, -) { - t.Helper() - - // Noc certificates indexes checks - - // NocCertificates: Subject and SKID - nocCertificate, err := querySingleNocCertificate(setup, subject, subjectKeyID) - require.NoError(t, err) - require.Equal(t, subject, nocCertificate.Subject) - require.Equal(t, subjectKeyID, nocCertificate.SubjectKeyId) - require.Equal(t, serialNumber, nocCertificate.SerialNumber) - require.Equal(t, testconstants.SchemaVersion, nocCertificate.SchemaVersion) - - // NocCertificates: SubjectKeyID - nocCertificatesBySubjectKeyID, err := queryAllNocCertificatesBySubjectKeyID(setup, subjectKeyID) - require.NoError(t, err) - require.Len(t, nocCertificatesBySubjectKeyID, 1) - require.Len(t, nocCertificatesBySubjectKeyID[0].Certs, 1) - require.Equal(t, serialNumber, nocCertificatesBySubjectKeyID[0].Certs[0].SerialNumber) - - // NocCertificates: Subject - nocCertificatesBySubject, err := queryNocCertificatesBySubject(setup, subject) - require.NoError(t, err) - require.Len(t, nocCertificatesBySubject.SubjectKeyIds, 1) - require.Equal(t, subjectKeyID, nocCertificatesBySubject.SubjectKeyIds[0]) - - // NocCertificates: VID and SKID - nocCertificateByVidAndSkid, _, err := querySingleNocCertificateByVidAndSkid(setup, vid, subjectKeyID) - require.NoError(t, err) - require.Equal(t, subject, nocCertificateByVidAndSkid.Subject) - require.Equal(t, subjectKeyID, nocCertificateByVidAndSkid.SubjectKeyId) - require.Equal(t, serialNumber, nocCertificateByVidAndSkid.SerialNumber) - - if skipCheckByVid { - return - } - - // NocCertificates: VID - if isRoot { - nocRootCertificate, err := querySingleNocRootCertificateByVid(setup, vid) - require.NoError(t, err) - require.Equal(t, serialNumber, nocRootCertificate.SerialNumber) - } else { - nocRootCertificate, err := querySingleNocIcaCertificateByVid(setup, vid) - require.NoError(t, err) - require.Equal(t, serialNumber, nocRootCertificate.SerialNumber) - } -} - -func ensureCertificateNotPresentInNocCertificateIndexes( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - vid int32, - isRoot bool, - skipCheckByVid bool, -) { - t.Helper() - - // Noc certificates indexes checks - - // NocCertificates: Subject and SKID - _, err := querySingleNocCertificate(setup, subject, subjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // NocCertificates: SubjectKeyID - certificatesBySubjectKeyID, _ := queryAllNocCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - - // NocCertificates: Subject - _, err = queryNocCertificatesBySubject(setup, subject) - require.Equal(t, codes.NotFound, status.Code(err)) - - // NocCertificates: VID and SKID - _, err = queryNocCertificatesByVidAndSkid(setup, vid, subjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // NocCertificates: VID - if skipCheckByVid { - return - } - - if isRoot { - _, err = querySingleNocRootCertificateByVid(setup, vid) - require.Equal(t, codes.NotFound, status.Code(err)) - } else { - _, err = querySingleNocIcaCertificateByVid(setup, vid) - require.Equal(t, codes.NotFound, status.Code(err)) - } -} - -func ensureDaRootCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, -) { - t.Helper() - - // DA certificates indexes checks - ensureCertificatePresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, true, false) - - // All certificates indexes checks - ensureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, false) - - // UniqueCertificate: check that unique certificate key registered - ensureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) -} - -func ensureDaIntermediateCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - skipCheckForSubject bool, -) { - t.Helper() - - // DA certificates indexes checks - ensureCertificatePresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, false, skipCheckForSubject) - - // All certificates indexes checks - ensureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, skipCheckForSubject) - - // UniqueCertificate: check that unique certificate key registered - ensureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) -} - -func ensureDaRootCertificateNotExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - isRevoked bool, -) { - t.Helper() - - // DA certificates indexes checks - ensureCertificateNotPresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, true, false) - - // All certificates indexes checks - ensureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, false) - - // UniqueCertificate: check that unique certificate key registered - ensureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, isRevoked) -} - -func ensureDaIntermediateCertificateNotExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - skipCheckForUniqueness bool, - skipCheckForSubject bool, -) { - t.Helper() - - // DA certificates indexes checks - ensureCertificateNotPresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, false, skipCheckForSubject) - - // All certificates indexes checks - ensureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, skipCheckForSubject) - - // UniqueCertificate: check that unique certificate key registered - ensureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, skipCheckForUniqueness) -} - -func ensureNocRootCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - vid int32, -) { - t.Helper() - - // Noc certificates indexes checks - ensureCertificatePresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, vid, true, false) - - // All certificates indexes checks - ensureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, false) - - // UniqueCertificate: check that unique certificate key registered - ensureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) -} - -func ensureNocIntermediateCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - vid int32, - skipCheckByVid bool, -) { - t.Helper() - - // Noc certificates indexes checks - ensureCertificatePresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, vid, false, skipCheckByVid) - - // All certificates indexes checks - ensureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, false) - - // UniqueCertificate: check that unique certificate key registered - ensureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) -} - -func ensureNocIntermediateCertificateNotExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - vid int32, - skipCheckByVid bool, - skipCheckForUniqueness bool, -) { - t.Helper() - - // Noc certificates indexes checks - ensureCertificateNotPresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, vid, false, skipCheckByVid) - - // All certificates indexes checks - ensureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, false) - - // UniqueCertificate: check that unique certificate key registered - ensureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, skipCheckForUniqueness) -} - -func ensureNocRootCertificateNotExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - vid int32, - skipCheckByVid bool, - skipCheckForUniqueness bool, -) { - t.Helper() - - // Noc certificates indexes checks - ensureCertificateNotPresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, vid, true, skipCheckByVid) - - // All certificates indexes checks - ensureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, false) - - // UniqueCertificate: check that unique certificate key registered - ensureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, skipCheckForUniqueness) -} - -func ensureChildCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - authorityKeyId string, -) { - t.Helper() - - issuerChildren, _ := queryChildCertificates(setup, subject, subjectKeyID) - require.Equal(t, 1, len(issuerChildren.CertIds)) - - certID := types.CertificateIdentifier{ - Subject: issuer, - SubjectKeyId: authorityKeyId, - } - require.Equal(t, &certID, issuerChildren.CertIds[0]) -} - -func addDaIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) { - addX509Cert := types.NewMsgAddX509Cert(address.String(), pemCert, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(setup.T, err) -} - -func addNocRootCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) { - // add the new NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(address.String(), pemCert, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(setup.T, err) -} - -func addNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) { - // add the new NOC root certificate - nocX509Cert := types.NewMsgAddNocX509IcaCert(address.String(), pemCert, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, nocX509Cert) - require.NoError(setup.T, err) -} diff --git a/x/pki/tests/handler_update_revocation_test.go b/x/pki/tests/handler_update_revocation_test.go index bb6af8de4..18da54373 100644 --- a/x/pki/tests/handler_update_revocation_test.go +++ b/x/pki/tests/handler_update_revocation_test.go @@ -1,6 +1,7 @@ package tests import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -12,15 +13,15 @@ import ( ) func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T) { - accAddress := GenerateAccAddress() - vendorAcc := GenerateAccAddress() + accAddress := utils.GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() cases := []struct { name string accountVid int32 accountRole dclauthtypes.AccountRole vendorAccVid int32 - rootCertOptions *rootCertOptions + rootCertOptions *utils.RootCertOptions addRevocation *types.MsgAddPkiRevocationDistributionPoint updatedRevocation *types.MsgUpdatePkiRevocationDistributionPoint err error @@ -30,7 +31,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T accountVid: testconstants.PAACertWithNumericVidVid, accountRole: dclauthtypes.CertificationCenter, vendorAccVid: testconstants.PAACertWithNumericVidVid, - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()), updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: accAddress.String(), @@ -48,7 +49,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T accountVid: testconstants.PAACertWithNumericVidVid, accountRole: dclauthtypes.CertificationCenter, vendorAccVid: testconstants.PAACertWithNumericVidVid, - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()), updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: accAddress.String(), @@ -66,7 +67,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T accountVid: testconstants.VendorID1, accountRole: dclauthtypes.Vendor, vendorAccVid: testconstants.PAACertWithNumericVidVid, - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()), updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: accAddress.String(), @@ -84,7 +85,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T accountVid: testconstants.VendorID1, accountRole: dclauthtypes.Vendor, vendorAccVid: testconstants.PAICertWithPidVidVid, - rootCertOptions: createPAACertNoVidOptions(testconstants.PAICertWithPidVidVid), + rootCertOptions: utils.CreatePAACertNoVidOptions(testconstants.PAICertWithPidVidVid), addRevocation: createAddRevocationMessageWithPAICertWithVidPid(vendorAcc.String()), updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: accAddress.String(), @@ -100,7 +101,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T { name: "PAIPidNotFound", vendorAccVid: testconstants.PAICertWithPidVidVid, - rootCertOptions: createPAACertNoVidOptions(testconstants.PAICertWithPidVidVid), + rootCertOptions: utils.CreatePAACertNoVidOptions(testconstants.PAICertWithPidVidVid), addRevocation: createAddRevocationMessageWithPAICertWithVidPid(vendorAcc.String()), updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -130,7 +131,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T { name: "PAANewCertificateNotPAA", vendorAccVid: testconstants.PAACertWithNumericVidVid, - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()), updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -146,7 +147,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T { name: "PAANotOnLedger", vendorAccVid: testconstants.PAACertWithNumericVidVid, - rootCertOptions: createPAACertNoVidOptions(testconstants.PAACertWithNumericVidVid), + rootCertOptions: utils.CreatePAACertNoVidOptions(testconstants.PAACertWithNumericVidVid), addRevocation: createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.PAACertWithNumericVidVid), updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -162,7 +163,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T { name: "DataFieldsProvidedWhenRevocationType1", vendorAccVid: testconstants.PAACertWithNumericVidVid, - rootCertOptions: createPAACertWithNumericVidOptions(), + rootCertOptions: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()), updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -182,7 +183,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T accountVid: testconstants.LeafCertWithVidVid, vendorAccVid: testconstants.LeafCertWithVidVid, accountRole: dclauthtypes.Vendor, - rootCertOptions: createRootWithVidOptions(), + rootCertOptions: utils.CreateRootWithVidOptions(), addRevocation: createAddRevocationMessageWithLeafCertWithVid(vendorAcc.String()), updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -201,7 +202,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T accountVid: testconstants.LeafCertWithVidVid, vendorAccVid: testconstants.LeafCertWithVidVid, accountRole: dclauthtypes.Vendor, - rootCertOptions: createRootWithVidOptions(), + rootCertOptions: utils.CreateRootWithVidOptions(), addRevocation: createAddRevocationMessageWithLeafCertWithVid(vendorAcc.String()), updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -219,13 +220,13 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(accAddress, []dclauthtypes.AccountRole{tc.accountRole}, tc.accountVid) setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.vendorAccVid) if tc.rootCertOptions != nil { - proposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) } if tc.addRevocation != nil { @@ -240,14 +241,14 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T } func TestHandler_UpdatePkiRevocationDistributionPoint_NotUniqueDataURLForIssuer(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) // propose and approve root certificate - rootCertOptions := createPAACertWithNumericVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint1 := createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()) addPkiRevocationDistributionPoint1.Label += "-1" @@ -274,17 +275,17 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NotUniqueDataURLForIssuer( } func TestHandler_UpdatePkiRevocationDistributionPoint_DataURLNotUnique(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 65522) - baseVendorAcc := GenerateAccAddress() + baseVendorAcc := utils.GenerateAccAddress() setup.AddAccount(baseVendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // propose and approve root certificate - rootCertOptions := createPAACertNoVidOptions(testconstants.Vid) - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.Vid) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint1 := createAddRevocationMessageWithPAICertWithVidPid(vendorAcc.String()) addPkiRevocationDistributionPoint1.DataURL += "/1" @@ -310,14 +311,14 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_DataURLNotUnique(t *testin } func TestHandler_UpdatePkiRevocationDistributionPoint_PAI_NotChainedOnLedger(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) // propose and approve root certificate - rootCertOptions := createPAACertWithNumericVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()) _, err := setup.Handler(setup.Ctx, addPkiRevocationDistributionPoint) @@ -346,19 +347,19 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAI_NotChainedOnLedger(t * } func TestHandler_UpdatePkiRevocationDistributionPoint_PAI_VID_TO_PAI_NOVID(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) // add PAA for PAI_VID - rootCertOptions := createPAACertWithNumericVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add PAA for PAI_NOVID - rootCertOptions = createTestRootCertOptions() - rootCertOptions.vid = testconstants.PAACertWithNumericVidVid - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions = utils.CreateTestRootCertOptions() + rootCertOptions.Vid = testconstants.PAACertWithNumericVidVid + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add Revocation Point PAI_VID addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()) @@ -379,19 +380,19 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAI_VID_TO_PAI_NOVID(t *te } func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_NOVID_DifferentVID(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) // add PAA NOVID 1 with VendorID1 - rootCertOptions := createPAACertNoVidOptions(testconstants.VendorID1) - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.VendorID1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add PAA NOVID 2 with VendorID2 - rootCertOptions = createTestRootCertOptions() - rootCertOptions.vid = testconstants.VendorID2 - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions = utils.CreateTestRootCertOptions() + rootCertOptions.Vid = testconstants.VendorID2 + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add Revocation Point PAA NOVID 1 addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.VendorID1) @@ -413,7 +414,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_NOVID_DifferentVID(t * func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_VID(t *testing.T) { var err error - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() addedRevocation := createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()) cases := []struct { name string @@ -460,12 +461,12 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_VID(t *testing.T) { } for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, addedRevocation.Vid) // propose and approve root certificate - rootCertOptions := createPAACertWithNumericVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add revocation if addedRevocation != nil { @@ -496,7 +497,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_VID(t *testing.T) { func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_NOVID(t *testing.T) { var err error - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() addedRevocation := createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.VendorID1) cases := []struct { name string @@ -539,12 +540,12 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_NOVID(t *testing.T) { } for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) // propose x509 root certificate by account Trustee1 - rootCertOptions := createPAACertNoVidOptions(addedRevocation.Vid) - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertNoVidOptions(addedRevocation.Vid) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add revocation if addedRevocation != nil { @@ -574,7 +575,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_NOVID(t *testing.T) { func TestHandler_UpdatePkiRevocationDistributionPoint_PAI_VIDPID(t *testing.T) { var err error - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() addedRevocation := createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()) cases := []struct { name string @@ -617,12 +618,12 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAI_VIDPID(t *testing.T) { } for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, addedRevocation.Vid) // propose and approve root certificate - rootCertOptions := createPAACertWithNumericVidOptions() - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertWithNumericVidOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add revocation if addedRevocation != nil { @@ -669,14 +670,14 @@ func compareUpdatedIntFields(t *testing.T, oldValue int, newValue int, updatedVa } func TestHandler_UpdatePkiRevocationDistributionPoint_PAIWithoutPid(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAICertWithPidVidVid) // propose x509 root certificate by account Trustee1 - rootCertOptions := createPAACertNoVidOptions(testconstants.Vid) - proposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.Vid) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAICertWithVidPid(vendorAcc.String()) addPkiRevocationDistributionPoint.Pid = 0 @@ -697,19 +698,19 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAIWithoutPid(t *testing.T } func TestHandler_UpdatePkiRevocationDistributionPoint_CrlSignerCertificateField(t *testing.T) { - vendorAcc := GenerateAccAddress() + vendorAcc := utils.GenerateAccAddress() cases := []struct { name string - rootCertOptions1 *rootCertOptions - rootCertOptions2 *rootCertOptions + rootCertOptions1 *utils.RootCertOptions + rootCertOptions2 *utils.RootCertOptions addRevocation *types.MsgAddPkiRevocationDistributionPoint updateRevocation *types.MsgUpdatePkiRevocationDistributionPoint }{ { name: "PAA_NOVID_TO_PAA_NOVID", - rootCertOptions1: createPAACertNoVidOptions(testconstants.Vid), - rootCertOptions2: createTestRootCertOptions(), + rootCertOptions1: utils.CreatePAACertNoVidOptions(testconstants.Vid), + rootCertOptions2: utils.CreateTestRootCertOptions(), addRevocation: createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.Vid), updateRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -722,8 +723,8 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_CrlSignerCertificateField( }, { name: "PAA_NOVID_TO_PAA_VID", - rootCertOptions1: createPAACertNoVidOptions(testconstants.PAACertWithNumericVidVid), - rootCertOptions2: createPAACertWithNumericVidOptions(), + rootCertOptions1: utils.CreatePAACertNoVidOptions(testconstants.PAACertWithNumericVidVid), + rootCertOptions2: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()), updateRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -736,8 +737,8 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_CrlSignerCertificateField( }, { name: "PAA_VID_TO_PAA_NOVID", - rootCertOptions1: createPAACertNoVidOptions(testconstants.PAACertWithNumericVidVid), - rootCertOptions2: createPAACertWithNumericVidOptions(), + rootCertOptions1: utils.CreatePAACertNoVidOptions(testconstants.PAACertWithNumericVidVid), + rootCertOptions2: utils.CreatePAACertWithNumericVidOptions(), addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()), updateRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -750,8 +751,8 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_CrlSignerCertificateField( }, { name: "CrlSignerDelegatedByPAI", - rootCertOptions1: createTestRootCertOptions(), - rootCertOptions2: createRootWithVidOptions(), + rootCertOptions1: utils.CreateTestRootCertOptions(), + rootCertOptions2: utils.CreateRootWithVidOptions(), addRevocation: createAddRevocationMessageWithLeafCertWithVid(vendorAcc.String()), updateRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ Signer: vendorAcc.String(), @@ -766,8 +767,8 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_CrlSignerCertificateField( }, { name: "CrlSignerDelegatedByPAA", - rootCertOptions1: createTestRootCertOptions(), - rootCertOptions2: createRootWithVidOptions(), + rootCertOptions1: utils.CreateTestRootCertOptions(), + rootCertOptions2: utils.CreateRootWithVidOptions(), addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ Signer: vendorAcc.String(), IsPAA: true, @@ -791,12 +792,12 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_CrlSignerCertificateField( for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { - setup := Setup(t) + setup := utils.Setup(t) setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.addRevocation.Vid) - proposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions1) - proposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions2) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions2) _, err := setup.Handler(setup.Ctx, tc.addRevocation) require.NoError(t, err) diff --git a/x/pki/tests/test-design.md b/x/pki/tests/test-design.md index 6fb04fdfb..d21bd5694 100644 --- a/x/pki/tests/test-design.md +++ b/x/pki/tests/test-design.md @@ -93,6 +93,7 @@ Indexes to check: * `DA Certificates`: Subject+SKID (approved), Subject+SKID (root), SKID, Subject * Missing: * `RevokedCertificates` + * `RevokedRootCertificates` Test cases: @@ -108,6 +109,7 @@ Indexes: * Present: * `RevokedCertificates` + * `RevokedRootCertificates` * `UniqueCertificate` * Missing: * `ProposedCertificateRevocation` @@ -117,7 +119,10 @@ Indexes: Test cases: * Positive: - * Propose and approve revocation of DA root certificate: `TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded` + * Propose and approve revocation of DA root certificate by Subject/SKID: `TestHandler_RevokeDaRootCert`, + `TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded` + * Revoke DA root certificate by Subject/SKID when two certs with the same SKID exist: + `TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist` * Negative: * TBD diff --git a/x/pki/tests/utils/account.go b/x/pki/tests/utils/account.go new file mode 100644 index 000000000..310c6d9c4 --- /dev/null +++ b/x/pki/tests/utils/account.go @@ -0,0 +1,86 @@ +package utils + +import ( + "github.com/cosmos/cosmos-sdk/testutil/testdata" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/stretchr/testify/mock" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func (m *DclauthKeeperMock) HasRole( + ctx sdk.Context, + addr sdk.AccAddress, + roleToCheck dclauthtypes.AccountRole, +) bool { + args := m.Called(ctx, addr, roleToCheck) + + return args.Bool(0) +} + +func (m *DclauthKeeperMock) CountAccountsWithRole(ctx sdk.Context, roleToCount dclauthtypes.AccountRole) int { + args := m.Called(ctx, roleToCount) + + return args.Int(0) +} + +func (m *DclauthKeeperMock) GetAccountO( + ctx sdk.Context, + address sdk.AccAddress, +) (val dclauthtypes.Account, found bool) { + args := m.Called(ctx, address) + + return args.Get(0).(dclauthtypes.Account), args.Bool(1) +} + +var _ types.DclauthKeeper = &DclauthKeeperMock{} + +func (setup *TestSetup) CreateVendorAccount(vid int32) sdk.AccAddress { + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + + return accAddress +} + +func (setup *TestSetup) AddAccount( + accAddress sdk.AccAddress, + roles []dclauthtypes.AccountRole, + vid int32, +) { + dclauthKeeper := setup.DclauthKeeper + currentTrusteeCount := 0 + // if the CountAccountsWithRole is present get the value from the mock call + for _, expectedCall := range dclauthKeeper.ExpectedCalls { + if expectedCall.Method == "CountAccountsWithRole" { + currentTrusteeCount = dclauthKeeper.CountAccountsWithRole(setup.Ctx, dclauthtypes.Trustee) + } + } + + for _, role := range roles { + dclauthKeeper.On("HasRole", mock.Anything, accAddress, role).Return(true) + if role == dclauthtypes.Trustee { + currentTrusteeCount++ + // We remove the call to CountAccountsWithRole from the expected calls and add it back with the new value + RemoveItemFromExpectedCalls(dclauthKeeper.ExpectedCalls, "CountAccountsWithRole") + dclauthKeeper.On("CountAccountsWithRole", setup.Ctx, dclauthtypes.Trustee).Return(currentTrusteeCount) + } + } + + dclauthKeeper.On("GetAccountO", setup.Ctx, accAddress).Return(dclauthtypes.Account{VendorID: vid}, true) + dclauthKeeper.On("HasRole", mock.Anything, accAddress, mock.Anything).Return(false) +} + +func GenerateAccAddress() sdk.AccAddress { + _, _, accAddress := testdata.KeyTestPubAddr() + + return accAddress +} + +// Remove a item from ExpectedCalls Array and return it. +func RemoveItemFromExpectedCalls(expectedCalls []*mock.Call, methodName string) { + for i, call := range expectedCalls { + if call.Method == methodName { + expectedCalls = append(expectedCalls[:i], expectedCalls[i+1:]...) + } + } +} diff --git a/x/pki/tests/utils/certificate_assertions_da.go b/x/pki/tests/utils/certificate_assertions_da.go new file mode 100644 index 000000000..5ac558c84 --- /dev/null +++ b/x/pki/tests/utils/certificate_assertions_da.go @@ -0,0 +1,169 @@ +package utils + +import ( + "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "testing" +) + +func EnsureCertificatePresentInDaCertificateIndexes( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + serialNumber string, + isRoot bool, + skipCheckForSubject bool, +) { + t.Helper() + + // DaCertificates: Subject and SKID + approvedCertificates, _ := QueryApprovedCertificates(setup, subject, subjectKeyID) + require.Equal(t, subject, approvedCertificates.Subject) + require.Equal(t, subjectKeyID, approvedCertificates.SubjectKeyId) + require.Len(t, approvedCertificates.Certs, 1) + require.Equal(t, serialNumber, approvedCertificates.Certs[0].SerialNumber) + require.Equal(t, isRoot, approvedCertificates.Certs[0].IsRoot) + + if isRoot { + // DaCertificates: Root Subject and SKID + approvedRootCertificate, _ := QueryApprovedRootCertificates(setup, subject, subjectKeyID) + require.Equal(t, subject, approvedRootCertificate.Subject) + require.Equal(t, subjectKeyID, approvedRootCertificate.SubjectKeyId) + } + + // DaCertificates: SKID + certificateBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, subjectKeyID) + require.Len(t, certificateBySubjectKeyID, 1) + require.Len(t, certificateBySubjectKeyID[0].Certs, 1) + require.Equal(t, serialNumber, certificateBySubjectKeyID[0].Certs[0].SerialNumber) + require.Equal(t, isRoot, certificateBySubjectKeyID[0].Certs[0].IsRoot) + + if !skipCheckForSubject { + // DACertificates: Subject + certificatesBySubject, _ := QueryApprovedCertificatesBySubject(setup, subject) + require.Len(t, certificatesBySubject.SubjectKeyIds, 1) + require.Equal(t, subjectKeyID, certificatesBySubject.SubjectKeyIds[0]) + } +} + +func EnsureCertificateNotPresentInDaCertificateIndexes( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + isRoot bool, + skipCheckBySubject bool, // TODO: FIX constants and eliminate this condition + skipCheckBySkid bool, +) { + t.Helper() + + // DA certificates indexes checks + + // DaCertificates: Subject and SKID + _, err := QueryApprovedCertificates(setup, subject, subjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + + if isRoot { + // DaCertificates: Root Subject and SKID + _, err := QueryApprovedRootCertificates(setup, subject, subjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + + if !skipCheckBySkid { + // DaCertificates: SubjectKeyID + certificatesBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, subjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + + if !skipCheckBySubject { + // NocCertificates: Subject + _, err = QueryApprovedCertificatesBySubject(setup, subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } +} + +func EnsureDaRootCertificateExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + issuer string, + serialNumber string, +) { + t.Helper() + + // DA certificates indexes checks + EnsureCertificatePresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, true, false) + + // All certificates indexes checks + EnsureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, false) + + // UniqueCertificate: check that unique certificate key registered + EnsureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) +} + +func EnsureDaIntermediateCertificateExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + issuer string, + serialNumber string, + skipCheckForSubject bool, +) { + t.Helper() + + // DA certificates indexes checks + EnsureCertificatePresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, false, skipCheckForSubject) + + // All certificates indexes checks + EnsureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, skipCheckForSubject) + + // UniqueCertificate: check that unique certificate key registered + EnsureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) +} + +func EnsureDaRootCertificateNotExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + issuer string, + serialNumber string, + isRevoked bool, +) { + t.Helper() + + // DA certificates indexes checks + EnsureCertificateNotPresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, true, false, false) + + // All certificates indexes checks + EnsureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, false, false) + + // UniqueCertificate: check that unique certificate key registered + EnsureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, isRevoked) +} + +func EnsureDaIntermediateCertificateNotExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + issuer string, + serialNumber string, + skipCheckForUniqueness bool, + skipCheckForSubject bool, +) { + t.Helper() + + // DA certificates indexes checks + EnsureCertificateNotPresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, false, skipCheckForSubject, false) + + // All certificates indexes checks + EnsureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, skipCheckForSubject, false) + + // UniqueCertificate: check that unique certificate key registered + EnsureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, skipCheckForUniqueness) +} diff --git a/x/pki/tests/utils/certificate_assertions_global.go b/x/pki/tests/utils/certificate_assertions_global.go new file mode 100644 index 000000000..c079b9371 --- /dev/null +++ b/x/pki/tests/utils/certificate_assertions_global.go @@ -0,0 +1,119 @@ +package utils + +import ( + "github.com/stretchr/testify/require" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "testing" +) + +func EnsureUniqueCertificateCertificateExist( + t *testing.T, + setup *TestSetup, + issuer string, + serialNumber string, +) { + t.Helper() + + // UniqueCertificate: check that unique certificate key registered + require.True(t, setup.Keeper.IsUniqueCertificatePresent( + setup.Ctx, issuer, serialNumber)) +} + +func EnsureUniqueCertificateCertificateNotExist( + t *testing.T, + setup *TestSetup, + issuer string, + serialNumber string, + skipCheck bool, +) { + t.Helper() + + if !skipCheck { + // UniqueCertificate: check that unique certificate key registered + found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, issuer, serialNumber) + require.False(t, found) + } +} + +func EnsureGlobalCertificateExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + serialNumber string, + skipCheckForSubject bool, // TODO: FIX constants and eliminate this condition +) { + t.Helper() + + // AllCertificate: Subject and SKID + allCertificate, err := QueryAllCertificates(setup, subject, subjectKeyID) + require.NoError(t, err) + require.Equal(t, subject, allCertificate.Subject) + require.Equal(t, subjectKeyID, allCertificate.SubjectKeyId) + require.Len(t, allCertificate.Certs, 1) + require.Equal(t, serialNumber, allCertificate.Certs[0].SerialNumber) + + // AllCertificate: SKID + certificateBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, subjectKeyID) + require.Len(t, certificateBySubjectKeyID, 1) + require.Len(t, certificateBySubjectKeyID[0].Certs, 1) + require.Equal(t, serialNumber, certificateBySubjectKeyID[0].Certs[0].SerialNumber) + + if !skipCheckForSubject { + // AllCertificate: Subject + certificatesBySubject, _ := QueryAllCertificatesBySubject(setup, subject) + require.Len(t, certificatesBySubject.SubjectKeyIds, 1) + require.Equal(t, subjectKeyID, certificatesBySubject.SubjectKeyIds[0]) + } +} + +func EnsureGlobalCertificateNotExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + skipCheckForSubject bool, // TODO: FIX constants and eliminate this condition + skipCheckForSkid bool, +) { + t.Helper() + + // All certificates indexes checks + + // AllCertificate: Subject and SKID + _, err := QueryAllCertificates(setup, subject, subjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + + if !skipCheckForSkid { + // AllCertificate: SKID + certificatesBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, subjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + + if !skipCheckForSubject { + // AllCertificate: Subject + _, err = QueryAllCertificatesBySubject(setup, subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } +} + +func EnsureChildCertificateExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + issuer string, + authorityKeyId string, +) { + t.Helper() + + issuerChildren, _ := QueryChildCertificates(setup, subject, subjectKeyID) + require.Equal(t, 1, len(issuerChildren.CertIds)) + + certID := types.CertificateIdentifier{ + Subject: issuer, + SubjectKeyId: authorityKeyId, + } + require.Equal(t, &certID, issuerChildren.CertIds[0]) +} diff --git a/x/pki/tests/utils/certificate_assertions_noc.go b/x/pki/tests/utils/certificate_assertions_noc.go new file mode 100644 index 000000000..acf2a5b24 --- /dev/null +++ b/x/pki/tests/utils/certificate_assertions_noc.go @@ -0,0 +1,197 @@ +package utils + +import ( + "github.com/stretchr/testify/require" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "testing" +) + +func EnsureCertificatePresentInNocCertificateIndexes( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + serialNumber string, + vid int32, + isRoot bool, + skipCheckByVid bool, +) { + t.Helper() + + // Noc certificates indexes checks + + // NocCertificates: Subject and SKID + nocCertificate, _ := QueryNocCertificates(setup, subject, subjectKeyID) + require.Equal(t, subject, nocCertificate.Subject) + require.Equal(t, subjectKeyID, nocCertificate.SubjectKeyId) + require.Equal(t, testconstants.SchemaVersion, nocCertificate.SchemaVersion) + require.Len(t, nocCertificate.Certs, 1) + require.Equal(t, serialNumber, nocCertificate.Certs[0].SerialNumber) + + // NocCertificates: SubjectKeyID + nocCertificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, subjectKeyID) + require.Len(t, nocCertificatesBySubjectKeyID, 1) + require.Len(t, nocCertificatesBySubjectKeyID[0].Certs, 1) + require.Equal(t, serialNumber, nocCertificatesBySubjectKeyID[0].Certs[0].SerialNumber) + + // NocCertificates: Subject + nocCertificatesBySubject, _ := QueryNocCertificatesBySubject(setup, subject) + require.Equal(t, subject, nocCertificatesBySubject.Subject) + require.Len(t, nocCertificatesBySubject.SubjectKeyIds, 1) + require.Equal(t, subjectKeyID, nocCertificatesBySubject.SubjectKeyIds[0]) + + // NocCertificates: VID and SKID + nocCertificateByVidAndSkid, _ := QueryNocCertificatesByVidAndSkid(setup, vid, subjectKeyID) + require.Equal(t, vid, nocCertificateByVidAndSkid.Vid) + require.Len(t, nocCertificateByVidAndSkid.Certs, 1) + require.Equal(t, subjectKeyID, nocCertificateByVidAndSkid.SubjectKeyId) + + if skipCheckByVid { + return + } + + // NocCertificates: VID + if isRoot { + nocRootCertificate, _ := QueryNocRootCertificates(setup, vid) + require.Equal(t, vid, nocRootCertificate.Vid) + require.Len(t, nocRootCertificate.Certs, 1) + } else { + nocIcaCertificate, _ := QueryNocIcaCertificatesByVid(setup, vid) + require.Equal(t, vid, nocIcaCertificate.Vid) + require.Len(t, nocIcaCertificate.Certs, 1) + } +} + +func EnsureCertificateNotPresentInNocCertificateIndexes( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + vid int32, + isRoot bool, + skipCheckByVid bool, +) { + t.Helper() + + // Noc certificates indexes checks + + // NocCertificates: Subject and SKID + _, err := QueryNocCertificates(setup, subject, subjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + + // NocCertificates: SubjectKeyID + certificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, subjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + + // NocCertificates: Subject + _, err = QueryNocCertificatesBySubject(setup, subject) + require.Equal(t, codes.NotFound, status.Code(err)) + + // NocCertificates: VID and SKID + _, err = QueryNocCertificatesByVidAndSkid(setup, vid, subjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + + // NocCertificates: VID + if skipCheckByVid { + return + } + + if isRoot { + _, err = QueryNocRootCertificates(setup, vid) + require.Equal(t, codes.NotFound, status.Code(err)) + } else { + _, err = QueryNocIcaCertificatesByVid(setup, vid) + require.Equal(t, codes.NotFound, status.Code(err)) + } +} + +func EnsureNocRootCertificateExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + issuer string, + serialNumber string, + vid int32, +) { + t.Helper() + + // Noc certificates indexes checks + EnsureCertificatePresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, vid, true, false) + + // All certificates indexes checks + EnsureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, false) + + // UniqueCertificate: check that unique certificate key registered + EnsureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) +} + +func EnsureNocIntermediateCertificateExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + issuer string, + serialNumber string, + vid int32, + skipCheckByVid bool, +) { + t.Helper() + + // Noc certificates indexes checks + EnsureCertificatePresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, vid, false, skipCheckByVid) + + // All certificates indexes checks + EnsureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, false) + + // UniqueCertificate: check that unique certificate key registered + EnsureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) +} + +func EnsureNocIntermediateCertificateNotExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + issuer string, + serialNumber string, + vid int32, + skipCheckByVid bool, + skipCheckForUniqueness bool, +) { + t.Helper() + + // Noc certificates indexes checks + EnsureCertificateNotPresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, vid, false, skipCheckByVid) + + // All certificates indexes checks + EnsureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, false, false) + + // UniqueCertificate: check that unique certificate key registered + EnsureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, skipCheckForUniqueness) +} + +func EnsureNocRootCertificateNotExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + issuer string, + serialNumber string, + vid int32, + skipCheckByVid bool, + skipCheckForUniqueness bool, +) { + t.Helper() + + // Noc certificates indexes checks + EnsureCertificateNotPresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, vid, true, skipCheckByVid) + + // All certificates indexes checks + EnsureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, false, false) + + // UniqueCertificate: check that unique certificate key registered + EnsureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, skipCheckForUniqueness) +} diff --git a/x/pki/tests/utils/certificate_queries_da.go b/x/pki/tests/utils/certificate_queries_da.go new file mode 100644 index 000000000..ae6c890e5 --- /dev/null +++ b/x/pki/tests/utils/certificate_queries_da.go @@ -0,0 +1,277 @@ +package utils + +import ( + "github.com/stretchr/testify/require" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" +) + +func QueryProposedCertificate( + setup *TestSetup, + subject string, + subjectKeyID string, +) (*types.ProposedCertificate, error) { + req := &types.QueryGetProposedCertificateRequest{ + Subject: subject, + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.ProposedCertificate(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.ProposedCertificate, nil +} + +func QueryApprovedCertificates( + setup *TestSetup, + subject string, + subjectKeyID string, +) (*types.ApprovedCertificates, error) { + req := &types.QueryGetApprovedCertificatesRequest{ + Subject: subject, + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.ApprovedCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.ApprovedCertificates, nil +} + +func QueryApprovedCertificatesBySubject( + setup *TestSetup, + subject string, +) (*types.ApprovedCertificatesBySubject, error) { + req := &types.QueryGetApprovedCertificatesBySubjectRequest{ + Subject: subject, + } + + resp, err := setup.Keeper.ApprovedCertificatesBySubject(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.ApprovedCertificatesBySubject, nil +} + +func QueryApprovedCertificatesBySubjectKeyID( + setup *TestSetup, + subjectKeyID string, +) ([]types.ApprovedCertificates, error) { + req := &types.QueryAllApprovedCertificatesRequest{ + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.ApprovedCertificatesAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.ApprovedCertificates, nil +} + +func QueryApprovedRootCertificates( + setup *TestSetup, + subject string, + subjectKeyID string, +) (*types.CertificateIdentifier, error) { + req := &types.QueryGetApprovedRootCertificatesRequest{} + + resp, err := setup.Keeper.ApprovedRootCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + for _, cert := range resp.ApprovedRootCertificates.Certs { + if cert.Subject == subject && cert.SubjectKeyId == subjectKeyID { + return cert, nil + } + } + + return nil, status.Error(codes.NotFound, "not found") +} + +func QueryProposedCertificateRevocation( + setup *TestSetup, + subject string, + subjectKeyID string, + serialNumber string, +) (*types.ProposedCertificateRevocation, error) { + // query proposed certificate revocation + req := &types.QueryGetProposedCertificateRevocationRequest{ + Subject: subject, + SubjectKeyId: subjectKeyID, + SerialNumber: serialNumber, + } + + resp, err := setup.Keeper.ProposedCertificateRevocation(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.ProposedCertificateRevocation, nil +} + +func QueryRevokedCertificates( + setup *TestSetup, + subject string, + subjectKeyID string, +) (*types.RevokedCertificates, error) { + req := &types.QueryGetRevokedCertificatesRequest{ + Subject: subject, + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.RevokedCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.RevokedCertificates, nil +} + +func QueryRevokedRootCertificates(setup *TestSetup) (*types.RevokedRootCertificates, error) { + req := &types.QueryGetRevokedRootCertificatesRequest{} + + resp, err := setup.Keeper.RevokedRootCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.RevokedRootCertificates, nil +} + +func QueryRejectedCertificates( + setup *TestSetup, + subject string, + subjectKeyID string, +) (*types.RejectedCertificate, error) { + req := &types.QueryGetRejectedCertificatesRequest{ + Subject: subject, + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.RejectedCertificate(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.RejectedCertificate, nil +} + +func QueryAllApprovedCertificates( + setup *TestSetup, +) ([]types.ApprovedCertificates, error) { + req := &types.QueryAllApprovedCertificatesRequest{} + + resp, err := setup.Keeper.ApprovedCertificatesAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.ApprovedCertificates, nil +} + +func QueryAllRevokedCertificates( + setup *TestSetup, +) ([]types.RevokedCertificates, error) { + req := &types.QueryAllRevokedCertificatesRequest{} + + resp, err := setup.Keeper.RevokedCertificatesAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.RevokedCertificates, nil +} + +func QueryAllProposedCertificateRevocations( + setup *TestSetup, +) ([]types.ProposedCertificateRevocation, error) { + req := &types.QueryAllProposedCertificateRevocationRequest{} + + resp, err := setup.Keeper.ProposedCertificateRevocationAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.ProposedCertificateRevocation, nil +} + +func IsRevokedRootCertificatePresent( + setup *TestSetup, + subject string, + subjectKeyID string, +) bool { + req := &types.QueryGetRevokedRootCertificatesRequest{} + + resp, err := setup.Keeper.RevokedRootCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return false + } + + require.NotNil(setup.T, resp) + + for _, cert := range resp.RevokedRootCertificates.Certs { + if cert.Subject == subject && cert.SubjectKeyId == subjectKeyID { + return true + } + } + + return false +} diff --git a/x/pki/tests/utils/certificate_queries_global.go b/x/pki/tests/utils/certificate_queries_global.go new file mode 100644 index 000000000..2ab922889 --- /dev/null +++ b/x/pki/tests/utils/certificate_queries_global.go @@ -0,0 +1,90 @@ +package utils + +import ( + "github.com/stretchr/testify/require" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func QueryAllCertificates( + setup *TestSetup, + subject string, + subjectKeyID string, +) (*types.AllCertificates, error) { + req := &types.QueryGetCertificatesRequest{ + Subject: subject, + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.Certificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.Certificates, nil +} + +func QueryAllCertificatesBySubject( + setup *TestSetup, + subject string, +) (*types.AllCertificatesBySubject, error) { + req := &types.QueryGetAllCertificatesBySubjectRequest{ + Subject: subject, + } + + resp, err := setup.Keeper.AllCertificatesBySubject(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.AllCertificatesBySubject, nil +} + +func QueryAllCertificatesBySubjectKeyID( + setup *TestSetup, + subjectKeyID string, +) ([]types.AllCertificates, error) { + req := &types.QueryAllCertificatesRequest{ + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.CertificatesAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.Certificates, nil +} + +func QueryChildCertificates( + setup *TestSetup, + issuer string, + authorityKeyID string, +) (*types.ChildCertificates, error) { + req := &types.QueryGetChildCertificatesRequest{ + Issuer: issuer, + AuthorityKeyId: authorityKeyID, + } + + resp, err := setup.Keeper.ChildCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.ChildCertificates, nil +} diff --git a/x/pki/tests/utils/certificate_queries_noc.go b/x/pki/tests/utils/certificate_queries_noc.go new file mode 100644 index 000000000..0d5813090 --- /dev/null +++ b/x/pki/tests/utils/certificate_queries_noc.go @@ -0,0 +1,242 @@ +package utils + +import ( + "github.com/stretchr/testify/require" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func QueryNocCertificates( + setup *TestSetup, + subject string, + subjectKeyID string, +) (*types.NocCertificates, error) { + req := &types.QueryGetNocCertificatesRequest{ + Subject: subject, + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.NocCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.NocCertificates, nil +} + +func QueryNocCertificatesByVidAndSkid( + setup *TestSetup, + vid int32, + subjectKeyID string, +) (*types.NocCertificatesByVidAndSkid, error) { + req := &types.QueryGetNocCertificatesByVidAndSkidRequest{ + Vid: vid, + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.NocCertificatesByVidAndSkid(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.NocCertificatesByVidAndSkid, nil +} + +func QueryNocCertificatesBySubject( + setup *TestSetup, + subject string, +) (*types.NocCertificatesBySubject, error) { + req := &types.QueryGetNocCertificatesBySubjectRequest{ + Subject: subject, + } + + resp, err := setup.Keeper.NocCertificatesBySubject(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.NocCertificatesBySubject, nil +} + +func QueryNocCertificatesBySubjectKeyID( + setup *TestSetup, + subjectKeyID string, +) ([]types.NocCertificates, error) { + req := &types.QueryNocCertificatesRequest{ + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.NocCertificatesAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.NocCertificates, nil +} + +func QueryNocRootCertificates( + setup *TestSetup, + vid int32, +) (*types.NocRootCertificates, error) { + req := &types.QueryGetNocRootCertificatesRequest{ + Vid: vid, + } + + resp, err := setup.Keeper.NocRootCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.NocRootCertificates, nil +} + +func QueryNocIcaCertificatesByVid( + setup *TestSetup, + vid int32, +) (*types.NocIcaCertificates, error) { + req := &types.QueryGetNocIcaCertificatesRequest{ + Vid: vid, + } + + resp, err := setup.Keeper.NocIcaCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.NocIcaCertificates, nil +} + +func QueryAllNocCertificates( + setup *TestSetup, +) ([]types.NocCertificates, error) { + req := &types.QueryNocCertificatesRequest{} + + resp, err := setup.Keeper.NocCertificatesAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.NocCertificates, nil +} + +func QueryAllNocRootCertificates( + setup *TestSetup, +) ([]types.NocRootCertificates, error) { + req := &types.QueryAllNocRootCertificatesRequest{} + + resp, err := setup.Keeper.NocRootCertificatesAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.NocRootCertificates, nil +} + +func QueryAllNocIcaCertificates( + setup *TestSetup, +) ([]types.NocIcaCertificates, error) { + req := &types.QueryAllNocIcaCertificatesRequest{} + + resp, err := setup.Keeper.NocIcaCertificatesAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.NocIcaCertificates, nil +} + +func QueryNocRevokedRootCertificates( + setup *TestSetup, + subject string, + subjectKeyID string, +) (*types.RevokedNocRootCertificates, error) { + req := &types.QueryGetRevokedNocRootCertificatesRequest{ + Subject: subject, + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.RevokedNocRootCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.RevokedNocRootCertificates, nil +} + +func QueryNocRevokedIcaCertificates( + setup *TestSetup, + subject string, + subjectKeyID string, +) (*types.RevokedNocIcaCertificates, error) { + req := &types.QueryGetRevokedNocIcaCertificatesRequest{ + Subject: subject, + SubjectKeyId: subjectKeyID, + } + + resp, err := setup.Keeper.RevokedNocIcaCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.RevokedNocIcaCertificates, nil +} + +func QueryAllNocRevokedIcaCertificates( + setup *TestSetup, +) ([]types.RevokedNocIcaCertificates, error) { + req := &types.QueryAllRevokedNocIcaCertificatesRequest{} + + resp, err := setup.Keeper.RevokedNocIcaCertificatesAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.RevokedNocIcaCertificates, nil +} diff --git a/x/pki/tests/utils/data.go b/x/pki/tests/utils/data.go new file mode 100644 index 000000000..7310b99ba --- /dev/null +++ b/x/pki/tests/utils/data.go @@ -0,0 +1,87 @@ +package utils + +import ( + sdk "github.com/cosmos/cosmos-sdk/types" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +type RootCertOptions struct { + PemCert string + Info string + Subject string + SubjectKeyID string + Vid int32 +} + +func CreateTestRootCertOptions() *RootCertOptions { + return &RootCertOptions{ + PemCert: testconstants.RootCertPem, + Info: testconstants.Info, + Subject: testconstants.RootSubject, + SubjectKeyID: testconstants.RootSubjectKeyID, + Vid: testconstants.Vid, + } +} + +func CreateRootWithVidOptions() *RootCertOptions { + return &RootCertOptions{ + PemCert: testconstants.RootCertWithVid, + Info: testconstants.Info, + Subject: testconstants.RootCertWithVidSubject, + SubjectKeyID: testconstants.RootCertWithVidSubjectKeyID, + Vid: testconstants.RootCertWithVidVid, + } +} + +func CreatePAACertWithNumericVidOptions() *RootCertOptions { + return &RootCertOptions{ + PemCert: testconstants.PAACertWithNumericVid, + Info: testconstants.Info, + Subject: testconstants.PAACertWithNumericVidSubject, + SubjectKeyID: testconstants.PAACertWithNumericVidSubjectKeyID, + Vid: testconstants.PAACertWithNumericVidVid, + } +} + +func CreatePAACertNoVidOptions(vid int32) *RootCertOptions { + return &RootCertOptions{ + PemCert: testconstants.PAACertNoVid, + Info: testconstants.Info, + Subject: testconstants.PAACertNoVidSubject, + SubjectKeyID: testconstants.PAACertNoVidSubjectKeyID, + Vid: vid, + } +} + +func RootCertificate(address sdk.AccAddress) types.Certificate { + return types.NewRootCertificate( + testconstants.RootCertPem, + testconstants.RootSubject, + testconstants.RootSubjectAsText, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + address.String(), + []*types.Grant{}, + []*types.Grant{}, + testconstants.Vid, + testconstants.SchemaVersion, + ) +} + +func IntermediateCertificateNoVid(address sdk.AccAddress) types.Certificate { + return types.NewNonRootCertificate( + testconstants.IntermediateCertPem, + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectAsText, + testconstants.IntermediateSubjectKeyID, + testconstants.IntermediateSerialNumber, + testconstants.IntermediateIssuer, + testconstants.IntermediateAuthorityKeyID, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + address.String(), + 0, + testconstants.SchemaVersion, + ) +} diff --git a/x/pki/tests/utils/helpers.go b/x/pki/tests/utils/helpers.go new file mode 100644 index 000000000..066ef725a --- /dev/null +++ b/x/pki/tests/utils/helpers.go @@ -0,0 +1,65 @@ +package utils + +import ( + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/stretchr/testify/require" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func ProposeAndApproveRootCertificate(setup *TestSetup, ownerTrustee sdk.AccAddress, options *RootCertOptions) { + // ensure that `ownerTrustee` is trustee to eventually have enough approvals + require.True(setup.T, setup.DclauthKeeper.HasRole(setup.Ctx, ownerTrustee, types.RootCertificateApprovalRole)) + + // propose x509 root certificate by `ownerTrustee` + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(ownerTrustee.String(), options.PemCert, options.Info, options.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(setup.T, err) + + // approve x509 root certificate by another trustee + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee2.String(), options.Subject, options.SubjectKeyID, options.Info) + _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + require.NoError(setup.T, err) + + // check that root certificate has been approved + approvedCertificate, err := QueryApprovedCertificates( + setup, options.Subject, options.SubjectKeyID) + require.NoError(setup.T, err) + require.NotNil(setup.T, approvedCertificate) +} + +func UniqueCertificate(issuer string, serialNumber string) types.UniqueCertificate { + return types.UniqueCertificate{ + Issuer: issuer, + SerialNumber: serialNumber, + Present: true, + } +} + +func CertificateIdentifier(subject string, subjectKeyID string) types.CertificateIdentifier { + return types.CertificateIdentifier{ + Subject: subject, + SubjectKeyId: subjectKeyID, + } +} + +func AddDaIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) { + addX509Cert := types.NewMsgAddX509Cert(address.String(), pemCert, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, addX509Cert) + require.NoError(setup.T, err) +} + +func AddNocRootCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) { + // add the new NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(address.String(), pemCert, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(setup.T, err) +} + +func AddNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) { + // add the new NOC root certificate + nocX509Cert := types.NewMsgAddNocX509IcaCert(address.String(), pemCert, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, nocX509Cert) + require.NoError(setup.T, err) +} diff --git a/x/pki/tests/utils/setup.go b/x/pki/tests/utils/setup.go new file mode 100644 index 000000000..41f51b2ee --- /dev/null +++ b/x/pki/tests/utils/setup.go @@ -0,0 +1,60 @@ +package utils + +import ( + "context" + "testing" + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/stretchr/testify/mock" + testkeeper "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/keeper" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/keeper" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +const SerialNumber = "12345678" + +type DclauthKeeperMock struct { + mock.Mock +} + +var _ types.DclauthKeeper = &DclauthKeeperMock{} + +type TestSetup struct { + T *testing.T + // Cdc *amino.Codec + Ctx sdk.Context + Wctx context.Context + Keeper *keeper.Keeper + DclauthKeeper *DclauthKeeperMock + Handler sdk.Handler + // Querier sdk.Querier + Trustee1 sdk.AccAddress + Trustee2 sdk.AccAddress + Trustee3 sdk.AccAddress +} + +func Setup(t *testing.T) *TestSetup { + t.Helper() + dclauthKeeper := &DclauthKeeperMock{} + keeper, ctx := testkeeper.PkiKeeper(t, dclauthKeeper) + + setup := &TestSetup{ + T: t, + Ctx: ctx, + Wctx: sdk.WrapSDKContext(ctx), + Keeper: keeper, + DclauthKeeper: dclauthKeeper, + Handler: pki.NewHandler(*keeper), + Trustee1: GenerateAccAddress(), + Trustee2: GenerateAccAddress(), + Trustee3: GenerateAccAddress(), + } + + setup.AddAccount(setup.Trustee1, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 65521) + setup.AddAccount(setup.Trustee2, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + setup.AddAccount(setup.Trustee3, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 2) + + return setup +} From 95bfb6554fa60c5c1dcc35d7edaf67c919876c85 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Mon, 25 Nov 2024 13:55:32 +0300 Subject: [PATCH 02/11] Refactoring unit tests for PKI module --- integration_tests/constants/constants.go | 1 + x/pki/keeper/certificate_helpers.go | 16 +- x/pki/tests/handler_add_noc_ica_cert_test.go | 2 +- x/pki/tests/handler_add_noc_root_cert_test.go | 2 +- x/pki/tests/handler_add_paa_cert_test.go | 155 ++++++----- x/pki/tests/handler_add_pai_cert_test.go | 251 ++++++++++-------- x/pki/tests/handler_add_revocation_test.go | 2 +- x/pki/tests/handler_assign_vid_test.go | 2 +- x/pki/tests/handler_delete_revocation_test.go | 2 +- .../tests/handler_remove_noc_ica_cert_test.go | 2 +- .../handler_remove_noc_root_cert_test.go | 2 +- x/pki/tests/handler_remove_pai_cert_test.go | 2 +- .../tests/handler_revoke_noc_ica_cert_test.go | 2 +- .../handler_revoke_noc_root_cert_test.go | 2 +- x/pki/tests/handler_revoke_paa_cert_test.go | 6 + x/pki/tests/handler_revoke_pai_cert_test.go | 2 +- x/pki/tests/handler_update_revocation_test.go | 2 +- x/pki/tests/test-design.md | 13 +- x/pki/tests/utils/account.go | 17 ++ .../tests/utils/certificate_assertions_da.go | 53 +++- .../utils/certificate_assertions_global.go | 9 +- .../tests/utils/certificate_assertions_noc.go | 3 +- x/pki/tests/utils/certificate_helpers_da.go | 39 +++ .../tests/utils/certificate_queries_global.go | 17 ++ x/pki/tests/utils/helpers.go | 22 -- 25 files changed, 402 insertions(+), 224 deletions(-) create mode 100644 x/pki/tests/utils/certificate_helpers_da.go diff --git a/integration_tests/constants/constants.go b/integration_tests/constants/constants.go index ab8acfc3d..65de00cef 100644 --- a/integration_tests/constants/constants.go +++ b/integration_tests/constants/constants.go @@ -352,6 +352,7 @@ i+oDPOUDAiAlVJQ75X1T1sR199I+v8/CA2zSm6Y5PsfvrYcUq3GCGQ== PAICertWithNumericPidVidSubjectKeyID = "AF:42:B7:09:4D:EB:D5:15:EC:6E:CF:33:B8:11:15:22:5F:32:52:88" PAICertWithNumericPidVidVid = 65521 PAICertWithNumericPidVidPid = 32768 + PAICertWithNumericPidVidSerialNumber = "4498223361705918669" PAICertWithPidVid = ` -----BEGIN CERTIFICATE----- diff --git a/x/pki/keeper/certificate_helpers.go b/x/pki/keeper/certificate_helpers.go index 6e1601465..582fcb926 100644 --- a/x/pki/keeper/certificate_helpers.go +++ b/x/pki/keeper/certificate_helpers.go @@ -82,7 +82,7 @@ func FilterCertificateList(certificates *[]*types.Certificate, predicate Certifi return result } -func (k msgServer) AddCertificateToGlobalCertificateIndexes( +func (k Keeper) AddCertificateToGlobalCertificateIndexes( ctx sdk.Context, certificate types.Certificate, ) { @@ -94,7 +94,7 @@ func (k msgServer) AddCertificateToGlobalCertificateIndexes( k.AddAllCertificateBySubject(ctx, certificate.Subject, certificate.SubjectKeyId) } -func (k msgServer) RemoveCertificateFromGlobalCertificateIndexes( +func (k Keeper) RemoveCertificateFromGlobalCertificateIndexes( ctx sdk.Context, subject string, subjectKeyID string, @@ -107,7 +107,7 @@ func (k msgServer) RemoveCertificateFromGlobalCertificateIndexes( k.RemoveAllCertificateBySubject(ctx, subject, subjectKeyID) } -func (k msgServer) StoreDaCertificate( +func (k Keeper) StoreDaCertificate( ctx sdk.Context, certificate types.Certificate, isRoot bool, @@ -133,7 +133,7 @@ func (k msgServer) StoreDaCertificate( } } -func (k msgServer) RemoveDaCertificate( +func (k Keeper) RemoveDaCertificate( ctx sdk.Context, subject string, subjectKeyID string, @@ -152,7 +152,7 @@ func (k msgServer) RemoveDaCertificate( } } -func (k msgServer) RemoveDaCertificateBySerialNumber( +func (k Keeper) RemoveDaCertificateBySerialNumber( ctx sdk.Context, subject string, subjectKeyID string, @@ -173,7 +173,7 @@ func (k msgServer) RemoveDaCertificateBySerialNumber( } } -func (k msgServer) StoreNocCertificate( +func (k Keeper) StoreNocCertificate( ctx sdk.Context, certificate types.Certificate, isRoot bool) { @@ -203,7 +203,7 @@ func (k msgServer) StoreNocCertificate( } } -func (k msgServer) RemoveNocCertificate( +func (k Keeper) RemoveNocCertificate( ctx sdk.Context, subject string, subjectKeyID string, @@ -229,7 +229,7 @@ func (k msgServer) RemoveNocCertificate( } } -func (k msgServer) RemoveNocCertBySerialNumber( +func (k Keeper) RemoveNocCertBySerialNumber( ctx sdk.Context, subject string, subjectKeyID string, diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 8e1261c73..01dffd258 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -10,6 +9,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index 44934f77e..c16d54b3c 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -9,6 +8,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) diff --git a/x/pki/tests/handler_add_paa_cert_test.go b/x/pki/tests/handler_add_paa_cert_test.go index 66087d74f..6e9fc2b0a 100644 --- a/x/pki/tests/handler_add_paa_cert_test.go +++ b/x/pki/tests/handler_add_paa_cert_test.go @@ -1,17 +1,15 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "math" - "math/rand" "testing" - sdk "github.com/cosmos/cosmos-sdk/types" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" "github.com/stretchr/testify/require" testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -34,12 +32,14 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { require.NoError(t, err) // Check: ProposedCertificate - present - proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + proposedCertificate := utils.EnsureProposedDaRootCertificateExist( + t, + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + ) require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, proposedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, proposedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) require.True(t, proposedCertificate.HasApprovalFrom(proposeAddX509RootCert.Signer)) // Check: UniqueCertificate - present @@ -129,15 +129,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { require.NoError(t, err) // Create an array of trustee account from 1 to 50 - trusteeAccounts := make([]sdk.AccAddress, 50) - for i := 0; i < 50; i++ { - trusteeAccounts[i] = utils.GenerateAccAddress() - } - - totalAdditionalTrustees := rand.Intn(50) - for i := 0; i < totalAdditionalTrustees; i++ { - setup.AddAccount(trusteeAccounts[i], []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) - } + trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() // We have 3 Trustees in test setup. twoThirds := int(math.Ceil(types.RootCertificateApprovalsPercent * float64(3+totalAdditionalTrustees))) @@ -289,34 +281,42 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { // store root certificate with different serial number rootCertificate := utils.RootCertificate(setup.Trustee1) rootCertificate.SerialNumber = utils.SerialNumber - setup.Keeper.SetUniqueCertificate( - setup.Ctx, - utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), - ) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) + utils.AddMokedDaCertificate(setup, rootCertificate, true) // propose second root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + testconstants.RootCertPem, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) - // check - certificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.True(t, certificate.Certs[0].IsRoot) - require.Equal(t, testconstants.RootIssuer, certificate.Certs[0].Subject) - require.Equal(t, utils.SerialNumber, certificate.Certs[0].SerialNumber) - - proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, testconstants.RootIssuer, proposedCertificate.Subject) - require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) + // Check: Approved certificate exist in all indexes + approvedCertificate := utils.EnsureDaRootCertificateExist( + t, + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootIssuer, + utils.SerialNumber) + require.Len(t, approvedCertificate.Certs, 1) - require.NotEqual(t, certificate.Certs[0].SerialNumber, proposedCertificate.SerialNumber) + // Checked proposed certificate exist + proposedCertificate := utils.EnsureProposedDaRootCertificateExist( + t, + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber) + require.True(t, proposedCertificate.HasApprovalFrom(proposeAddX509RootCert.Signer)) } -func TestHandler_AddX509RootCertsBySubjectKeyId(t *testing.T) { +func TestHandler_AddDaRootCerts_SameSubjectButDifferentSubjectKeyId(t *testing.T) { setup := utils.Setup(t) - // add root certificates + // add Certificate1 rootCertOptions := &utils.RootCertOptions{ PemCert: testconstants.PAACertWithSameSubjectID1, Subject: testconstants.PAACertWithSameSubjectID1Subject, @@ -325,48 +325,82 @@ func TestHandler_AddX509RootCertsBySubjectKeyId(t *testing.T) { Vid: testconstants.Vid, } utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + + // add Certificate2 rootCertOptions.PemCert = testconstants.PAACertWithSameSubjectID2 rootCertOptions.Subject = testconstants.PAACertWithSameSubjectID2Subject utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - approvedCertificates, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.PAACertWithSameSubjectIDSubjectID) - require.Equal(t, 1, len(approvedCertificates)) - require.Equal(t, 2, len(approvedCertificates[0].Certs)) - require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, approvedCertificates[0].SubjectKeyId) - require.Equal(t, testconstants.PAACertWithSameSubjectID1Subject, approvedCertificates[0].Certs[0].Subject) - require.Equal(t, testconstants.PAACertWithSameSubjectID2Subject, approvedCertificates[0].Certs[1].Subject) + // Check indexes by subject key id + approvedCertificatesBySubjectKeyId, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.PAACertWithSameSubjectIDSubjectID) + require.Equal(t, 1, len(approvedCertificatesBySubjectKeyId)) + require.Equal(t, 2, len(approvedCertificatesBySubjectKeyId[0].Certs)) + require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, approvedCertificatesBySubjectKeyId[0].SubjectKeyId) + require.Equal(t, testconstants.PAACertWithSameSubjectID1Subject, approvedCertificatesBySubjectKeyId[0].Certs[0].Subject) + require.Equal(t, testconstants.PAACertWithSameSubjectID2Subject, approvedCertificatesBySubjectKeyId[0].Certs[1].Subject) + + allCertificatesBySubjectKeyId, _ := utils.QueryAllCertificatesBySubjectKeyID(setup, testconstants.PAACertWithSameSubjectIDSubjectID) + require.Equal(t, 1, len(allCertificatesBySubjectKeyId)) + require.Equal(t, 2, len(allCertificatesBySubjectKeyId[0].Certs)) + require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, allCertificatesBySubjectKeyId[0].SubjectKeyId) + require.Equal(t, testconstants.PAACertWithSameSubjectID1Subject, allCertificatesBySubjectKeyId[0].Certs[0].Subject) + require.Equal(t, testconstants.PAACertWithSameSubjectID2Subject, allCertificatesBySubjectKeyId[0].Certs[1].Subject) + + // Check indexes by subject + subject key id + allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) + require.Equal(t, 2, len(allApprovedCertificates)) + + allCertificates, _ := utils.QueryAllCertificatesAll(setup) + require.Equal(t, 2, len(allCertificates)) + + // Check indexes by subject + subject key id + approvedCertificatesBySubject, _ := utils.QueryApprovedCertificatesBySubject(setup, testconstants.PAACertWithSameSubjectID1Subject) + require.Equal(t, 1, len(approvedCertificatesBySubject.SubjectKeyIds)) + + allCertificatesBySubject, _ := utils.QueryAllCertificatesBySubject(setup, testconstants.PAACertWithSameSubjectID2Subject) + require.Equal(t, 1, len(allCertificatesBySubject.SubjectKeyIds)) } func TestHandler_RejectAddDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + testconstants.RootCertPem, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee2.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) // certificate should be in the entity , because we haven't enough reject approvals - proposedCertificate, err := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - - // check proposed certificate - require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, proposedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, proposedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) + proposedCertificate := utils.EnsureProposedDaRootCertificateExist( + t, + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber) require.Equal(t, setup.Trustee1.String(), proposedCertificate.Approvals[0].Address) require.Equal(t, testconstants.Info, proposedCertificate.Approvals[0].Info) require.Equal(t, setup.Trustee2.String(), proposedCertificate.Rejects[0].Address) require.Equal(t, testconstants.Info, proposedCertificate.Rejects[0].Info) // reject x509 root certificate by account Trustee3 - rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert(setup.Trustee3.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert( + setup.Trustee3.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) @@ -375,16 +409,11 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { require.Error(t, err) // certificate should be in the entity , because we have enough rejected approvals - rejectedCertificates, err := utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - - // check rejected certificate - rejectedCertificate := rejectedCertificates.Certs[0] - require.Equal(t, proposeAddX509RootCert.Cert, rejectedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, rejectedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, rejectedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, rejectedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, rejectedCertificate.SerialNumber) + rejectedCertificate := utils.EnsureRejectedDaRootCertificateExist( + t, + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID) require.Equal(t, setup.Trustee1.String(), rejectedCertificate.Approvals[0].Address) require.Equal(t, testconstants.Info, rejectedCertificate.Approvals[0].Info) require.Equal(t, setup.Trustee2.String(), rejectedCertificate.Rejects[0].Address) diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index dd363d476..3eeda3ff6 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -9,6 +8,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -26,7 +26,10 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add DA PAI certificate - addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert( + accAddress.String(), + testconstants.IntermediateCertPem, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) @@ -57,7 +60,7 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { // Extra cases -func TestHandler_AddX509Cert_VIDScoped(t *testing.T) { +func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { setup := utils.Setup(t) accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) @@ -74,109 +77,155 @@ func TestHandler_AddX509Cert_VIDScoped(t *testing.T) { _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) - // query certificate - intermediateCerts, _ := utils.QueryApprovedCertificates(setup, testconstants.PAICertWithNumericPidVidSubject, testconstants.PAICertWithNumericPidVidSubjectKeyID) - require.Equal(t, 1, len(intermediateCerts.Certs)) - require.Equal(t, testconstants.PAICertWithNumericPidVidSubject, intermediateCerts.Certs[0].Subject) - require.Equal(t, testconstants.PAICertWithNumericPidVidSubjectKeyID, intermediateCerts.Certs[0].SubjectKeyId) - require.Equal(t, int32(testconstants.PAICertWithNumericPidVidVid), intermediateCerts.Certs[0].Vid) + // Check: DA + All + UniqueCertificate + intermediateCert := utils.EnsureDaIntermediateCertificateExist( + t, + setup, + testconstants.PAICertWithNumericPidVidSubject, + testconstants.PAICertWithNumericPidVidSubjectKeyID, + testconstants.PAACertWithNumericVidSubject, + testconstants.PAICertWithNumericPidVidSerialNumber, + false) + require.Equal(t, int32(testconstants.PAICertWithNumericPidVidVid), intermediateCert.Certs[0].Vid) + + // ChildCertificates: check that child certificates of issuer contains certificate identifier + utils.EnsureChildCertificateExist( + t, + setup, + testconstants.PAACertWithNumericVidSubject, + testconstants.PAACertWithNumericVidSubjectKeyID, + testconstants.PAICertWithNumericPidVidSubject, + testconstants.PAICertWithNumericPidVidSubjectKeyID, + ) + + // Check: ProposedCertificate - empty + require.False(t, setup.Keeper.IsProposedCertificatePresent( + setup.Ctx, testconstants.PAICertWithNumericPidVidSubject, testconstants.PAICertWithNumericPidVidSubjectKeyID)) } -func TestHandler_AddX509Cert_ForDifferentSerialNumber(t *testing.T) { +func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - // store root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + // store root certificate + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // store intermediate certificate with different serial number intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) intermediateCertificate.SerialNumber = utils.SerialNumber - setup.Keeper.SetUniqueCertificate( - setup.Ctx, - utils.UniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), - ) - setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, intermediateCertificate) + utils.AddMokedDaCertificate(setup, intermediateCertificate, false) // store intermediate certificate second time - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert( + vendorAccAddress.String(), + testconstants.IntermediateCertPem, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) - // query certificate - certificates, _ := utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - - // check - require.Equal(t, 2, len(certificates.Certs)) - require.NotEqual(t, certificates.Certs[0].SerialNumber, certificates.Certs[1].SerialNumber) - - for _, certificate := range certificates.Certs { - require.Equal(t, addX509Cert.Cert, certificate.PemCert) - require.Equal(t, addX509Cert.Signer, certificate.Owner) - require.Equal(t, testconstants.IntermediateSubject, certificate.Subject) - require.Equal(t, testconstants.IntermediateSubjectKeyID, certificate.SubjectKeyId) - require.False(t, certificate.IsRoot) - require.Equal(t, testconstants.RootSubject, certificate.RootSubject) - require.Equal(t, testconstants.RootSubjectKeyID, certificate.RootSubjectKeyId) - require.Equal(t, testconstants.IntermediateIssuer, certificate.Issuer) - require.Equal(t, testconstants.IntermediateAuthorityKeyID, certificate.AuthorityKeyId) - } + // query All approved certificate + allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) + require.Equal(t, 2, len(allApprovedCertificates)) // root + intermediate + + // query All certificate + allCertificates, _ := utils.QueryAllCertificatesAll(setup) + require.Equal(t, 2, len(allCertificates)) // root + intermediate + + // check approved certificate + certificate, _ := utils.QueryApprovedCertificates(setup, + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID) + require.Equal(t, 2, len(certificate.Certs)) // two intermediates + require.NotEqual(t, certificate.Certs[0].SerialNumber, certificate.Certs[1].SerialNumber) + + // check global certificate + globalCertificate, _ := utils.QueryAllCertificates(setup, + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID) + require.Equal(t, 2, len(globalCertificate.Certs)) // two intermediates + require.NotEqual(t, globalCertificate.Certs[0].SerialNumber, globalCertificate.Certs[1].SerialNumber) + + // Check indexes by subject key id + approvedCertificatesBySubjectKeyId, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) + require.Equal(t, 1, len(approvedCertificatesBySubjectKeyId)) + require.Equal(t, 2, len(approvedCertificatesBySubjectKeyId[0].Certs)) + + allCertificatesBySubjectKeyId, _ := utils.QueryAllCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) + require.Equal(t, 1, len(allCertificatesBySubjectKeyId)) + require.Equal(t, 2, len(allCertificatesBySubjectKeyId[0].Certs)) } -func TestHandler_AddX509Cert_ForTree(t *testing.T) { +func TestHandler_AddDaCert_ForTree(t *testing.T) { setup := utils.Setup(t) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) + // add root x509 certificate rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add intermediate x509 certificate - addIntermediateX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addIntermediateX509Cert := types.NewMsgAddX509Cert( + vendorAccAddress.String(), + testconstants.IntermediateCertPem, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addIntermediateX509Cert) require.NoError(t, err) // add leaf x509 certificate - addLeafX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.LeafCertPem, testconstants.CertSchemaVersion) + addLeafX509Cert := types.NewMsgAddX509Cert( + vendorAccAddress.String(), + testconstants.LeafCertPem, + testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addLeafX509Cert) require.NoError(t, err) - // query root certificate - rootCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, testconstants.RootCertPem, rootCertificate.Certs[0].PemCert) + // ensure root certificate exist + utils.EnsureDaRootCertificateExist( + t, + setup, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootIssuer, + testconstants.RootSerialNumber) - // check child certificate identifiers of root certificate - rootCertChildren, _ := utils.QueryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + // ensure intermediate certificate exist + utils.EnsureDaIntermediateCertificateExist( + t, + setup, + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID, + testconstants.IntermediateIssuer, + testconstants.IntermediateSerialNumber, + false) + // ensure leaf certificate exist + utils.EnsureDaIntermediateCertificateExist( + t, + setup, + testconstants.LeafSubject, + testconstants.LeafSubjectKeyID, + testconstants.LeafIssuer, + testconstants.LeafSerialNumber, + false) + + // check ChildCertificate - root + rootCertChildren, _ := utils.QueryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) require.Equal(t, 1, len(rootCertChildren.CertIds)) require.Equal(t, utils.CertificateIdentifier(testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID), *rootCertChildren.CertIds[0]) - // query intermediate certificate - intermediateCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, testconstants.IntermediateCertPem, intermediateCertificate.Certs[0].PemCert) - - // check child certificate identifiers of intermediate certificate + // check ChildCertificate - intermediate intermediateCertChildren, _ := utils.QueryChildCertificates( setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, 1, len(intermediateCertChildren.CertIds)) require.Equal(t, utils.CertificateIdentifier(testconstants.LeafSubject, testconstants.LeafSubjectKeyID), *intermediateCertChildren.CertIds[0]) - // query leaf certificate - leafCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) - require.Equal(t, testconstants.LeafCertPem, leafCertificate.Certs[0].PemCert) - // check child certificate identifiers of leaf certificate leafCertChildren, err := utils.QueryChildCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) require.Error(t, err) @@ -188,42 +237,21 @@ func TestHandler_AddX509Cert_ForTree(t *testing.T) { func TestHandler_AddX509Cert_EachChildCertRefersToTwoParentCerts(t *testing.T) { setup := utils.Setup(t) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) + // store root certificate rootCert := utils.RootCertificate(setup.Trustee1) - - setup.Keeper.AddAllCertificate(setup.Ctx, rootCert) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCert) - setup.Keeper.SetUniqueCertificate(setup.Ctx, utils.UniqueCertificate(rootCert.Subject, rootCert.SerialNumber)) + utils.AddMokedDaCertificate(setup, rootCert, true) // store second root certificate rootCert = utils.RootCertificate(setup.Trustee1) rootCert.SerialNumber = utils.SerialNumber - - setup.Keeper.AddAllCertificate(setup.Ctx, rootCert) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCert) - setup.Keeper.SetUniqueCertificate(setup.Ctx, utils.UniqueCertificate(rootCert.Subject, rootCert.SerialNumber)) - - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + utils.AddMokedDaCertificate(setup, rootCert, true) // store intermediate certificate (it refers to two parent certificates) intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) intermediateCertificate.SerialNumber = utils.SerialNumber - - setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, intermediateCertificate) - setup.Keeper.SetUniqueCertificate( - setup.Ctx, - utils.UniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), - ) - - childCertID := utils.CertificateIdentifier(intermediateCertificate.Subject, intermediateCertificate.SubjectKeyId) - rootChildCertificates := types.ChildCertificates{ - Issuer: intermediateCertificate.Issuer, - AuthorityKeyId: intermediateCertificate.AuthorityKeyId, - CertIds: []*types.CertificateIdentifier{&childCertID}, - } - setup.Keeper.SetChildCertificates(setup.Ctx, rootChildCertificates) + utils.AddMokedDaCertificate(setup, intermediateCertificate, true) // store second intermediate certificate (it refers to two parent certificates) addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) @@ -272,35 +300,46 @@ func TestHandler_AddX509Cert_EachChildCertRefersToTwoParentCerts(t *testing.T) { require.Nil(t, leafCertChildren) } -func TestHandler_AddX509Cert_ByNotOwnerButSameVendor(t *testing.T) { +func TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) - // store root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) + // add two vendors with the same VID + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) + vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) - // add first vendor account with VID = 1 - vendorAccAddress1 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + // store root certificate + rootCertOptions := utils.CreateTestRootCertOptions() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Store an intermediate certificate with the first vendor account as the owner intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress1) intermediateCertificate.SerialNumber = utils.SerialNumber - setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) - setup.Keeper.AddApprovedCertificateBySubjectKeyID(setup.Ctx, intermediateCertificate) - setup.Keeper.SetUniqueCertificate( - setup.Ctx, - utils.UniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), - ) - - // add second vendor account with VID = 1 - vendorAccAddress2 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + utils.AddMokedDaCertificate(setup, intermediateCertificate, false) // add an intermediate certificate with the same subject and SKID by second vendor account - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress2.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert( + vendorAccAddress2.String(), + testconstants.IntermediateCertPem, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) + + // ensure intermediate certificate exist + // check list of certificates + allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) + require.Equal(t, 2, len(allApprovedCertificates)) // root + intermediate + + // check approved certificate + certificate, _ := utils.QueryApprovedCertificates(setup, + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID) + require.Equal(t, 2, len(certificate.Certs)) // two intermediates + require.NotEqual(t, certificate.Certs[0].SerialNumber, certificate.Certs[1].SerialNumber) + + // Check indexes by subject key id + approvedCertificatesBySubjectKeyId, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) + require.Equal(t, 1, len(approvedCertificatesBySubjectKeyId)) + require.Equal(t, 2, len(approvedCertificatesBySubjectKeyId[0].Certs)) } func TestHandler_AddX509Cert_VIDScopedRoot(t *testing.T) { diff --git a/x/pki/tests/handler_add_revocation_test.go b/x/pki/tests/handler_add_revocation_test.go index 61228c345..b32e562ac 100644 --- a/x/pki/tests/handler_add_revocation_test.go +++ b/x/pki/tests/handler_add_revocation_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -9,6 +8,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) diff --git a/x/pki/tests/handler_assign_vid_test.go b/x/pki/tests/handler_assign_vid_test.go index f0e419140..daadd5de2 100644 --- a/x/pki/tests/handler_assign_vid_test.go +++ b/x/pki/tests/handler_assign_vid_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -9,6 +8,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) diff --git a/x/pki/tests/handler_delete_revocation_test.go b/x/pki/tests/handler_delete_revocation_test.go index 44d5a923d..f57b8306b 100644 --- a/x/pki/tests/handler_delete_revocation_test.go +++ b/x/pki/tests/handler_delete_revocation_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -9,6 +8,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index 2923aa273..8ca89f340 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -9,6 +8,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index 4fac2f008..1256b037a 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -9,6 +8,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index 4323a46ed..d12c8592b 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -9,6 +8,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index cee637663..6b531d6b8 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -1,11 +1,11 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" "github.com/stretchr/testify/require" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index 4fcef9950..76064e810 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -1,11 +1,11 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" "github.com/stretchr/testify/require" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" diff --git a/x/pki/tests/handler_revoke_paa_cert_test.go b/x/pki/tests/handler_revoke_paa_cert_test.go index 1364886b9..ded50360d 100644 --- a/x/pki/tests/handler_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_revoke_paa_cert_test.go @@ -989,6 +989,8 @@ func proposeAndApproveCertificateRevocation( subjectKeyID string, serialNumber string, ) { + t.Helper() + // revoke certificate revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( setup.Trustee1.String(), @@ -1019,6 +1021,8 @@ func ensureDaRootCertificateIsProposedToRevoked( issuer string, revokedBy string, ) { + t.Helper() + // Check: ProposedCertificateRevocation - present proposedRevocation, _ := utils.QueryProposedCertificateRevocation( setup, @@ -1053,6 +1057,8 @@ func ensureDaRootCertificateIsRevoked( skipCheckBySubject bool, skipCheckBySkid bool, ) { + t.Helper() + // Check: RevokedCertificates - present found := setup.Keeper.IsRevokedCertificatePresent( setup.Ctx, diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index ca618ff9b..17f93ba37 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -9,6 +8,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" diff --git a/x/pki/tests/handler_update_revocation_test.go b/x/pki/tests/handler_update_revocation_test.go index 18da54373..8c0308efc 100644 --- a/x/pki/tests/handler_update_revocation_test.go +++ b/x/pki/tests/handler_update_revocation_test.go @@ -1,7 +1,6 @@ package tests import ( - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -9,6 +8,7 @@ import ( testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) diff --git a/x/pki/tests/test-design.md b/x/pki/tests/test-design.md index d21bd5694..60fdc5c2f 100644 --- a/x/pki/tests/test-design.md +++ b/x/pki/tests/test-design.md @@ -36,9 +36,11 @@ Indexes: Test cases: * Positive: - * Propose add approve adding of DA root certificate: `TestHandler_AddDaRootCert`, + * Add DA root certificate: `TestHandler_AddDaRootCert`, `TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded`, `TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees` + * Add two DA root certificates with same subject but different SKID: + `TestHandler_AddDaRootCerts_SameSubjectButDifferentSubjectKeyId` * Negative: * TBD @@ -76,7 +78,14 @@ Indexes to check: Test cases: * Positive: - * Add DA intermediate certificate: `TestHandler_AddDaIntermediateCert` + * Add DA intermediate certificate: `TestHandler_AddDaIntermediateCert`, + `TestHandler_AddDaIntermediateCert_VidScoped` + * Add two DA intermediate certificates with same Subject/SKID but different Serial Number: + `TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber` + * Add tree of DA certificates (root, intermediate, leaf): + `TestHandler_AddDaCert_ForTree` + * Add intermediate DA certificate but other Vendor with the same VID: + `TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor` * Negative: * TBD diff --git a/x/pki/tests/utils/account.go b/x/pki/tests/utils/account.go index 310c6d9c4..3cb9bb8d9 100644 --- a/x/pki/tests/utils/account.go +++ b/x/pki/tests/utils/account.go @@ -1,6 +1,8 @@ package utils import ( + "math/rand" + "github.com/cosmos/cosmos-sdk/testutil/testdata" sdk "github.com/cosmos/cosmos-sdk/types" "github.com/stretchr/testify/mock" @@ -84,3 +86,18 @@ func RemoveItemFromExpectedCalls(expectedCalls []*mock.Call, methodName string) } } } + +func (setup *TestSetup) CreateNTrusteeAccounts() ([]sdk.AccAddress, int) { + // Create an array of trustee account from 1 to 50 + trusteeAccounts := make([]sdk.AccAddress, 50) + for i := 0; i < 50; i++ { + trusteeAccounts[i] = GenerateAccAddress() + } + + totalAdditionalTrustees := rand.Intn(50) + for i := 0; i < totalAdditionalTrustees; i++ { + setup.AddAccount(trusteeAccounts[i], []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + } + + return trusteeAccounts, totalAdditionalTrustees +} diff --git a/x/pki/tests/utils/certificate_assertions_da.go b/x/pki/tests/utils/certificate_assertions_da.go index 5ac558c84..daf6dc67a 100644 --- a/x/pki/tests/utils/certificate_assertions_da.go +++ b/x/pki/tests/utils/certificate_assertions_da.go @@ -1,10 +1,12 @@ package utils import ( + "testing" + "github.com/stretchr/testify/require" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - "testing" ) func EnsureCertificatePresentInDaCertificateIndexes( @@ -15,7 +17,7 @@ func EnsureCertificatePresentInDaCertificateIndexes( serialNumber string, isRoot bool, skipCheckForSubject bool, -) { +) *types.ApprovedCertificates { t.Helper() // DaCertificates: Subject and SKID @@ -46,6 +48,8 @@ func EnsureCertificatePresentInDaCertificateIndexes( require.Len(t, certificatesBySubject.SubjectKeyIds, 1) require.Equal(t, subjectKeyID, certificatesBySubject.SubjectKeyIds[0]) } + + return approvedCertificates } func EnsureCertificateNotPresentInDaCertificateIndexes( @@ -91,17 +95,19 @@ func EnsureDaRootCertificateExist( subjectKeyID string, issuer string, serialNumber string, -) { +) *types.ApprovedCertificates { t.Helper() // DA certificates indexes checks - EnsureCertificatePresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, true, false) + certificate := EnsureCertificatePresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, true, false) // All certificates indexes checks EnsureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, false) // UniqueCertificate: check that unique certificate key registered EnsureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) + + return certificate } func EnsureDaIntermediateCertificateExist( @@ -112,17 +118,19 @@ func EnsureDaIntermediateCertificateExist( issuer string, serialNumber string, skipCheckForSubject bool, -) { +) *types.ApprovedCertificates { t.Helper() // DA certificates indexes checks - EnsureCertificatePresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, false, skipCheckForSubject) + certificate := EnsureCertificatePresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, false, skipCheckForSubject) // All certificates indexes checks EnsureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, skipCheckForSubject) // UniqueCertificate: check that unique certificate key registered EnsureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) + + return certificate } func EnsureDaRootCertificateNotExist( @@ -167,3 +175,36 @@ func EnsureDaIntermediateCertificateNotExist( // UniqueCertificate: check that unique certificate key registered EnsureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, skipCheckForUniqueness) } + +func EnsureProposedDaRootCertificateExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, + serialNumber string, +) *types.ProposedCertificate { + t.Helper() + + proposedCertificate, _ := QueryProposedCertificate(setup, subject, subjectKeyID) + require.Equal(t, subject, proposedCertificate.Subject) + require.Equal(t, subjectKeyID, proposedCertificate.SubjectKeyId) + require.Equal(t, serialNumber, proposedCertificate.SerialNumber) + + return proposedCertificate +} + +func EnsureRejectedDaRootCertificateExist( + t *testing.T, + setup *TestSetup, + subject string, + subjectKeyID string, +) *types.Certificate { + t.Helper() + + proposedCertificate, _ := QueryRejectedCertificates(setup, subject, subjectKeyID) + require.Equal(t, subject, proposedCertificate.Subject) + require.Equal(t, subjectKeyID, proposedCertificate.SubjectKeyId) + require.Len(t, proposedCertificate.Certs, 1) + + return proposedCertificate.Certs[0] +} diff --git a/x/pki/tests/utils/certificate_assertions_global.go b/x/pki/tests/utils/certificate_assertions_global.go index c079b9371..c149438e6 100644 --- a/x/pki/tests/utils/certificate_assertions_global.go +++ b/x/pki/tests/utils/certificate_assertions_global.go @@ -1,11 +1,12 @@ package utils import ( + "testing" + "github.com/stretchr/testify/require" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - "testing" ) func EnsureUniqueCertificateCertificateExist( @@ -104,16 +105,16 @@ func EnsureChildCertificateExist( subject string, subjectKeyID string, issuer string, - authorityKeyId string, + authorityKeyID string, ) { t.Helper() issuerChildren, _ := QueryChildCertificates(setup, subject, subjectKeyID) - require.Equal(t, 1, len(issuerChildren.CertIds)) + require.Len(t, issuerChildren.CertIds, 1) certID := types.CertificateIdentifier{ Subject: issuer, - SubjectKeyId: authorityKeyId, + SubjectKeyId: authorityKeyID, } require.Equal(t, &certID, issuerChildren.CertIds[0]) } diff --git a/x/pki/tests/utils/certificate_assertions_noc.go b/x/pki/tests/utils/certificate_assertions_noc.go index acf2a5b24..357606c7a 100644 --- a/x/pki/tests/utils/certificate_assertions_noc.go +++ b/x/pki/tests/utils/certificate_assertions_noc.go @@ -1,11 +1,12 @@ package utils import ( + "testing" + "github.com/stretchr/testify/require" testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - "testing" ) func EnsureCertificatePresentInNocCertificateIndexes( diff --git a/x/pki/tests/utils/certificate_helpers_da.go b/x/pki/tests/utils/certificate_helpers_da.go new file mode 100644 index 000000000..e7ed225c8 --- /dev/null +++ b/x/pki/tests/utils/certificate_helpers_da.go @@ -0,0 +1,39 @@ +package utils + +import ( + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/stretchr/testify/require" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func ProposeAndApproveRootCertificate(setup *TestSetup, ownerTrustee sdk.AccAddress, options *RootCertOptions) { + // ensure that `ownerTrustee` is trustee to eventually have enough approvals + require.True(setup.T, setup.DclauthKeeper.HasRole(setup.Ctx, ownerTrustee, types.RootCertificateApprovalRole)) + + // propose x509 root certificate by `ownerTrustee` + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(ownerTrustee.String(), options.PemCert, options.Info, options.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(setup.T, err) + + // approve x509 root certificate by another trustee + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee2.String(), options.Subject, options.SubjectKeyID, options.Info) + _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + require.NoError(setup.T, err) + + // check that root certificate has been approved + approvedCertificate, err := QueryApprovedCertificates( + setup, options.Subject, options.SubjectKeyID) + require.NoError(setup.T, err) + require.NotNil(setup.T, approvedCertificate) +} + +func AddMokedDaCertificate( + setup *TestSetup, + certificate types.Certificate, + isRoot bool, +) { + setup.Keeper.SetUniqueCertificate(setup.Ctx, UniqueCertificate(certificate.Subject, certificate.SerialNumber)) + setup.Keeper.StoreDaCertificate(setup.Ctx, certificate, isRoot) +} diff --git a/x/pki/tests/utils/certificate_queries_global.go b/x/pki/tests/utils/certificate_queries_global.go index 2ab922889..9eac6f834 100644 --- a/x/pki/tests/utils/certificate_queries_global.go +++ b/x/pki/tests/utils/certificate_queries_global.go @@ -5,6 +5,23 @@ import ( "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) +func QueryAllCertificatesAll( + setup *TestSetup, +) ([]types.AllCertificates, error) { + req := &types.QueryAllCertificatesRequest{} + + resp, err := setup.Keeper.CertificatesAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.Certificates, nil +} + func QueryAllCertificates( setup *TestSetup, subject string, diff --git a/x/pki/tests/utils/helpers.go b/x/pki/tests/utils/helpers.go index 066ef725a..9acae4622 100644 --- a/x/pki/tests/utils/helpers.go +++ b/x/pki/tests/utils/helpers.go @@ -7,28 +7,6 @@ import ( "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) -func ProposeAndApproveRootCertificate(setup *TestSetup, ownerTrustee sdk.AccAddress, options *RootCertOptions) { - // ensure that `ownerTrustee` is trustee to eventually have enough approvals - require.True(setup.T, setup.DclauthKeeper.HasRole(setup.Ctx, ownerTrustee, types.RootCertificateApprovalRole)) - - // propose x509 root certificate by `ownerTrustee` - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(ownerTrustee.String(), options.PemCert, options.Info, options.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(setup.T, err) - - // approve x509 root certificate by another trustee - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), options.Subject, options.SubjectKeyID, options.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(setup.T, err) - - // check that root certificate has been approved - approvedCertificate, err := QueryApprovedCertificates( - setup, options.Subject, options.SubjectKeyID) - require.NoError(setup.T, err) - require.NotNil(setup.T, approvedCertificate) -} - func UniqueCertificate(issuer string, serialNumber string) types.UniqueCertificate { return types.UniqueCertificate{ Issuer: issuer, From 7d6ceafd7f5e9aeceb202330983758480370a8d0 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Wed, 27 Nov 2024 13:47:00 +0300 Subject: [PATCH 03/11] Refactoring PKI unit tests --- integration_tests/constants/constants.go | 12 +- integration_tests/constants/noc_constants.go | 23 +- x/pki/keeper/all_certificates.go | 14 + x/pki/keeper/all_certificates_by_subject.go | 12 + .../all_certificates_by_subject_key_id.go | 12 + x/pki/keeper/approved_certificates.go | 14 + .../approved_certificates_by_subject.go | 12 + ...approved_certificates_by_subject_key_id.go | 12 + x/pki/keeper/approved_root_certificates.go | 12 + x/pki/tests/handler_add_noc_ica_cert_test.go | 42 +- x/pki/tests/handler_add_noc_root_cert_test.go | 31 +- x/pki/tests/handler_add_paa_cert_test.go | 349 ++++++----- x/pki/tests/handler_add_pai_cert_test.go | 224 ++++--- x/pki/tests/handler_assign_vid_test.go | 44 +- .../tests/handler_remove_noc_ica_cert_test.go | 537 +++++++---------- .../handler_remove_noc_root_cert_test.go | 417 +++++++------ x/pki/tests/handler_remove_pai_cert_test.go | 356 +++++------ .../tests/handler_revoke_noc_ica_cert_test.go | 224 +++---- .../handler_revoke_noc_root_cert_test.go | 72 +-- x/pki/tests/handler_revoke_paa_cert_test.go | 562 +++++++----------- x/pki/tests/handler_revoke_pai_cert_test.go | 165 +++-- x/pki/tests/test-design.md | 4 +- x/pki/tests/utils/certificate_assertions.go | 286 +++++++++ .../tests/utils/certificate_assertions_da.go | 210 ------- .../utils/certificate_assertions_global.go | 120 ---- .../tests/utils/certificate_assertions_noc.go | 198 ------ ...e_helpers_da.go => certificate_helpers.go} | 2 +- x/pki/tests/utils/certificate_queries_noc.go | 2 +- x/pki/tests/utils/data.go | 179 ++++++ x/pki/types/key_approved_root_certificates.go | 10 + x/pki/types/key_revoked_root_certificates.go | 10 + 31 files changed, 1902 insertions(+), 2265 deletions(-) create mode 100644 x/pki/tests/utils/certificate_assertions.go delete mode 100644 x/pki/tests/utils/certificate_assertions_da.go delete mode 100644 x/pki/tests/utils/certificate_assertions_global.go delete mode 100644 x/pki/tests/utils/certificate_assertions_noc.go rename x/pki/tests/utils/{certificate_helpers_da.go => certificate_helpers.go} (97%) create mode 100644 x/pki/types/key_approved_root_certificates.go create mode 100644 x/pki/types/key_revoked_root_certificates.go diff --git a/integration_tests/constants/constants.go b/integration_tests/constants/constants.go index 65de00cef..ce3a1ca2c 100644 --- a/integration_tests/constants/constants.go +++ b/integration_tests/constants/constants.go @@ -19,7 +19,6 @@ import ( cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" sdk "github.com/cosmos/cosmos-sdk/types" "github.com/cosmos/cosmos-sdk/types/module/testutil" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/common/types" ) @@ -125,7 +124,9 @@ var ( ProgramType = "Some Program Type" ProgramTypeVersion = "Some Program Type Version" Transport = "Some Transport" - SoftwareVersionCertificationStatus = uint32(3) + SoftwareVersionCertificationStatus = uint32( + 3, + ) ParentChild1 = "parent" ParentChild2 = "child" CertificationIDOfSoftwareComponent = "some certification ID of software component" @@ -709,6 +710,7 @@ eujhLsD51w== IntermediateCertWithSameSubjectAndSKIDSubject = "MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQ=" IntermediateCertWithSameSubjectIssuer = RootCertWithSameSubjectAndSKIDSubject + IntermediateCertWithSameSubjectAuthorityKeyID = RootCertWithSameSubjectAndSKIDSubjectKeyID IntermediateCertWithSameSubjectAndSKIDSubjectKeyID = "2E:13:3B:44:52:2C:30:E9:EC:FB:45:FA:5D:E5:04:0A:C1:C6:E6:B9" IntermediateCertWithSameSubjectAndSKIDIssuer = RootCertWithSameSubjectAndSKIDSubject IntermediateCertWithSameSubjectAndSKID1SerialNumber = "3" @@ -716,6 +718,8 @@ eujhLsD51w== LeafCertWithSameSubjectAndSKIDSubject = "MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQ=" LeafCertWithSameSubjectAndSKIDSubjectKeyID = "12:16:55:8E:5E:2A:DF:04:D7:E6:FE:D1:53:69:61:98:EF:17:2F:03" LeafCertWithSameSubjectAndSKIDSerialNumber = "5" + LeafCertWithSameSubjectIssuer = IntermediateCertWithSameSubjectAndSKIDSubject + LeafCertWithSameSubjectAuthorityKeyID = IntermediateCertWithSameSubjectAndSKIDSubjectKeyID IntermediateIssuer = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh" IntermediateAuthorityKeyID = "5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB" @@ -725,8 +729,8 @@ eujhLsD51w== IntermediateSubjectKeyIDWithoutColumns = "4E3B73F4704DC2980DDBC85A5F023BBF8625562B" IntermediateSerialNumber = "169917617234879872371588777545667947720450185023" - LeafIssuer = "MDwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRgwFgYDVQQKDA9pbnRlcm1lZGlhdGUtY2E=" - LeafAuthorityKeyID = "4E:3B:73:F4:70:4D:C2:98:D:DB:C8:5A:5F:02:3B:BF:86:25:56:2B" + LeafIssuer = IntermediateSubject + LeafAuthorityKeyID = IntermediateSubjectKeyID LeafSubject = "MDExCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMQ0wCwYDVQQKDARsZWFm" LeafSubjectAsText = "O=leaf,ST=some-state,C=AU" LeafSubjectKeyID = "30:F4:65:75:14:20:B2:AF:3D:14:71:17:AC:49:90:93:3E:24:A0:1F" diff --git a/integration_tests/constants/noc_constants.go b/integration_tests/constants/noc_constants.go index f114171ff..8554b7f71 100644 --- a/integration_tests/constants/noc_constants.go +++ b/integration_tests/constants/noc_constants.go @@ -139,6 +139,7 @@ zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj NocRootCert1CopySubjectKeyID = "44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:2B:B9:83:26" NocRootCert1CopySerialNumber = "460647353168152946606945669687905527879095841977" NocRootCert1CopySubjectAsText = "CN=NOC-1,OU=Testing Division,O=Example Company,L=Tashkent,ST=Some State,C=UZ" + NocRootCert1CopyIssuer = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ==" NocRootCert2Subject = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMg==" NocRootCert2SubjectKeyID = "CF:E6:DD:37:2B:4C:B2:B9:A9:F2:75:30:1C:AA:B1:37:1B:11:7F:1B" @@ -157,11 +158,12 @@ zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj NocCert1SerialNumber = "631388393741945881054190991612463928825155142122" NocCert1SubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" - NocCert1CopySubject = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ==" - NocCert1CopyIssuer = NocRootCert1Subject - NocCert1CopySubjectKeyID = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3" - NocCert1CopySerialNumber = "169445068204646961882009388640343665944683778293" - NocCert1CopySubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" + NocCert1CopySubject = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ==" + NocCert1CopyIssuer = NocRootCert1Subject + NocCert1CopySubjectKeyID = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3" + NocCert1CopySerialNumber = "169445068204646961882009388640343665944683778293" + NocCert1CopyAuthorityKeyID = NocCert1AuthorityKeyID + NocCert1CopySubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" NocCert2Subject = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg==" NocCert2Issuer = NocRootCert2Subject @@ -169,9 +171,10 @@ zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj NocCert2SerialNumber = "361372967010167010646904372658654439710639340814" NocCert2SubjectAsText = "CN=NOC-child-2,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" - NocLeafCert1Subject = "MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0x" - NocLeafCert1Issuer = NocCert1Subject - NocLeafCert1SubjectKeyID = "77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01" - NocLeafCert1SerialNumber = "281347277961838999749763518155363401757954575313" - NocLeafCert1SubjectAsText = "CN=NOC-leaf-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" + NocLeafCert1Subject = "MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0x" + NocLeafCert1Issuer = NocCert1Subject + NocLeafCert1SubjectKeyID = "77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01" + NocLeafCert1SerialNumber = "281347277961838999749763518155363401757954575313" + NocLeafCert1AuthorityKeyID = NocCert1SubjectKeyID + NocLeafCert1SubjectAsText = "CN=NOC-leaf-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" ) diff --git a/x/pki/keeper/all_certificates.go b/x/pki/keeper/all_certificates.go index 178a385ce..98133cfdf 100644 --- a/x/pki/keeper/all_certificates.go +++ b/x/pki/keeper/all_certificates.go @@ -179,3 +179,17 @@ func (k Keeper) verifyCertificate(ctx sdk.Context, fmt.Sprintf("Certificate verification failed for certificate with subject=%v and subjectKeyID=%v", x509Certificate.Subject, x509Certificate.SubjectKeyID)) } + +// IsAllCertificatePresent Check if the All Certificate is present in the store. +func (k Keeper) IsAllCertificatePresent( + ctx sdk.Context, + subject string, + subjectKeyID string, +) bool { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesKeyPrefix)) + + return store.Has(types.AllCertificatesKey( + subject, + subjectKeyID, + )) +} diff --git a/x/pki/keeper/all_certificates_by_subject.go b/x/pki/keeper/all_certificates_by_subject.go index 6ea63c6a6..fdf02acca 100644 --- a/x/pki/keeper/all_certificates_by_subject.go +++ b/x/pki/keeper/all_certificates_by_subject.go @@ -128,3 +128,15 @@ func (k Keeper) GetAllAllCertificatesBySubject(ctx sdk.Context) (list []types.Al return } + +// IsCertificatesBySubjectPresent Check if the Certificate By Subject is present in the store. +func (k Keeper) IsCertificatesBySubjectPresent( + ctx sdk.Context, + subject string, +) bool { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyPrefix)) + + return store.Has(types.AllCertificatesBySubjectKey( + subject, + )) +} diff --git a/x/pki/keeper/all_certificates_by_subject_key_id.go b/x/pki/keeper/all_certificates_by_subject_key_id.go index 84c19a2fe..93384e4c1 100644 --- a/x/pki/keeper/all_certificates_by_subject_key_id.go +++ b/x/pki/keeper/all_certificates_by_subject_key_id.go @@ -145,3 +145,15 @@ func (k Keeper) _removeAllCertificatesFromSubjectKeyIDState(ctx sdk.Context, sub k.SetAllCertificatesBySubjectKeyID(ctx, certs) } } + +// IsCertificatesBySubjectKeyIdPresent Check if the Certificate By Subject Key ID is present in the store. +func (k Keeper) IsCertificatesBySubjectKeyIdPresent( + ctx sdk.Context, + subjectKeyID string, +) bool { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix)) + + return store.Has(types.AllCertificatesBySubjectKeyIDKey( + subjectKeyID, + )) +} diff --git a/x/pki/keeper/approved_certificates.go b/x/pki/keeper/approved_certificates.go index 9307ab6c3..01d3aba54 100644 --- a/x/pki/keeper/approved_certificates.go +++ b/x/pki/keeper/approved_certificates.go @@ -128,3 +128,17 @@ func (k Keeper) AddApprovedCertificate(ctx sdk.Context, approvedCertificate type approvedCertificates.SubjectKeyId, ), b) } + +// IsApprovedCertificatesPresent Check if the Approved Certificate is present in the store. +func (k Keeper) IsApprovedCertificatesPresent( + ctx sdk.Context, + subject string, + subjectKeyID string, +) bool { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesKeyPrefix)) + + return store.Has(types.ApprovedCertificatesKey( + subject, + subjectKeyID, + )) +} diff --git a/x/pki/keeper/approved_certificates_by_subject.go b/x/pki/keeper/approved_certificates_by_subject.go index 4be88d743..1c4e894ae 100644 --- a/x/pki/keeper/approved_certificates_by_subject.go +++ b/x/pki/keeper/approved_certificates_by_subject.go @@ -103,3 +103,15 @@ func (k Keeper) RemoveApprovedCertificateBySubject(ctx sdk.Context, subject stri k.RemoveApprovedCertificatesBySubject(ctx, subject) } } + +// IsApprovedCertificatesBySubjectPresent Check if the Approved Certificate By Subject is present in the store. +func (k Keeper) IsApprovedCertificatesBySubjectPresent( + ctx sdk.Context, + subject string, +) bool { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyPrefix)) + + return store.Has(types.ApprovedCertificatesBySubjectKey( + subject, + )) +} diff --git a/x/pki/keeper/approved_certificates_by_subject_key_id.go b/x/pki/keeper/approved_certificates_by_subject_key_id.go index 5d8336606..bd02c92e3 100644 --- a/x/pki/keeper/approved_certificates_by_subject_key_id.go +++ b/x/pki/keeper/approved_certificates_by_subject_key_id.go @@ -145,3 +145,15 @@ func (k Keeper) _removeApprovedCertificatesFromSubjectKeyIDState(ctx sdk.Context k.SetApprovedCertificatesBySubjectKeyID(ctx, certs) } } + +// IsApprovedCertificatesBySubjectKeyIdPresent Check if the Approved Certificate By Subject Key ID is present in the store. +func (k Keeper) IsApprovedCertificatesBySubjectKeyIdPresent( + ctx sdk.Context, + subjectKeyID string, +) bool { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyIDKeyPrefix)) + + return store.Has(types.ApprovedCertificatesBySubjectKeyIDKey( + subjectKeyID, + )) +} diff --git a/x/pki/keeper/approved_root_certificates.go b/x/pki/keeper/approved_root_certificates.go index ec5ab5f74..03016b027 100644 --- a/x/pki/keeper/approved_root_certificates.go +++ b/x/pki/keeper/approved_root_certificates.go @@ -85,3 +85,15 @@ func (k Keeper) RemoveApprovedRootCertificate( k.SetApprovedRootCertificates(ctx, rootCertificates) } + +// IsApprovedRootCertificatePresent Check if the Approved Root Certificate is present in the store. +func (k Keeper) IsApprovedRootCertificatePresent( + ctx sdk.Context, + subjectKeyID string, +) bool { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.ApprovedRootCertificatesKeyPrefix)) + + return store.Has(types.ApprovedCertificatesBySubjectKeyIDKey( + subjectKeyID, + )) +} diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 01dffd258..3ba9fc317 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -24,29 +24,29 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // add NOC ICA certificate + icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) - // Check: Noc + All + UniqueCertificate - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - testconstants.Vid, - false, - ) - - // ChildCertificates: check that child certificates of issuer contains certificate identifier - utils.EnsureChildCertificateExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - ) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // we create root certificate as well but ica should not get there + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } // Extra cases diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index c16d54b3c..dfc882d23 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -20,17 +20,28 @@ func TestHandler_AddNocRootCert(t *testing.T) { accAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate + rootCertificate := utils.CreateTestNocRoot1Cert() utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) - // Check: Noc + All + UniqueCertificate - utils.EnsureNocRootCertificateExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocRootCert1SerialNumber, - testconstants.Vid) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } // Extra cases @@ -91,7 +102,7 @@ func TestHandler_AddNocX509RootCert_Renew(t *testing.T) { require.Equal(t, &newNocCertificate, nocCertificatesBySubjectKeyID[0].Certs[0]) // query noc root certificate by VID - nocRootCertificates, err := utils.QueryNocRootCertificates(setup, testconstants.Vid) + nocRootCertificates, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, len(nocRootCertificates.Certs), 2) require.Equal(t, &newNocCertificate, nocRootCertificates.Certs[1]) diff --git a/x/pki/tests/handler_add_paa_cert_test.go b/x/pki/tests/handler_add_paa_cert_test.go index 6e9fc2b0a..516d514fd 100644 --- a/x/pki/tests/handler_add_paa_cert_test.go +++ b/x/pki/tests/handler_add_paa_cert_test.go @@ -20,6 +20,8 @@ import ( func TestHandler_ProposeAddDaRootCert(t *testing.T) { setup := utils.Setup(t) + rootCertificate := utils.CreateTestRootCert() + // propose DA root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), @@ -31,50 +33,31 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) - // Check: ProposedCertificate - present - proposedCertificate := utils.EnsureProposedDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - ) - require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.True(t, proposedCertificate.HasApprovalFrom(proposeAddX509RootCert.Signer)) - - // Check: UniqueCertificate - present - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) - - // Check: RejectedCertificate - empty - require.False(t, setup.Keeper.IsRejectedCertificatePresent( - setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID)) - - // Check: Approved DA - empty - utils.EnsureCertificateNotPresentInDaCertificateIndexes( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - true, - false, - false, - ) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // Check: Global - empty - utils.EnsureGlobalCertificateNotExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - false, - false, - ) + // additional checks + require.Equal(t, proposeAddX509RootCert.Cert, resolvedCertificates.ProposedCertificate.PemCert) + require.True(t, resolvedCertificates.ProposedCertificate.HasApprovalFrom(proposeAddX509RootCert.Signer)) } func TestHandler_AddDaRootCert(t *testing.T) { setup := utils.Setup(t) + rootCertificate := utils.CreateTestRootCert() + // propose add x509 root certificate by trustee proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), @@ -96,27 +79,27 @@ func TestHandler_AddDaRootCert(t *testing.T) { _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - // Check: ProposedCertificate - empty - require.False(t, setup.Keeper.IsProposedCertificatePresent( - setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID)) - - // Check: UniqueCertificate - present - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) - - // Check: DA + All + UniqueCertificate - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootIssuer, - testconstants.RootSerialNumber) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup := utils.Setup(t) + rootCertificate := utils.CreateTestRootCert() + // propose x509 root certificate by account without trustee role proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), @@ -156,40 +139,34 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - // Check: ProposedCertificate - empty - require.False(t, setup.Keeper.IsProposedCertificatePresent( - setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID)) - - // Check: UniqueCertificate - present - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) - - // Check: DA + All + UniqueCertificate - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootIssuer, - testconstants.RootSerialNumber, - ) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // Check: Approvals - approvedCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, testconstants.RootIssuer, approvedCertificate.Subject) - require.Equal(t, testconstants.RootSerialNumber, approvedCertificate.Certs[0].SerialNumber) - require.True(t, approvedCertificate.Certs[0].IsRoot) - // Check all approvals are present + // Additional check: Check all approvals are present for i := 1; i < twoThirds-1; i++ { - require.Equal(t, approvedCertificate.Certs[0].HasApprovalFrom(trusteeAccounts[i].String()), true) + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(trusteeAccounts[i].String()), true) } - require.Equal(t, approvedCertificate.Certs[0].HasApprovalFrom(setup.Trustee1.String()), true) - require.Equal(t, approvedCertificate.Certs[0].HasApprovalFrom(setup.Trustee2.String()), true) + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(setup.Trustee1.String()), true) + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(setup.Trustee2.String()), true) } func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) { setup := utils.Setup(t) + rootCertificate := utils.CreateTestRootCert() + // we have 5 trustees: 1 approval comes from propose => we need 3 more approvals // store 4th trustee @@ -242,8 +219,10 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) require.NoError(t, err) // Check: ProposedCertificate - present because we haven't enough approvals - require.True(t, setup.Keeper.IsProposedCertificatePresent( - setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID)) + indexes := []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // approve x509 root certificate by account Trustee5 approveAddX509RootCert = types.NewMsgApproveAddX509RootCert( @@ -255,22 +234,20 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - // Check: ProposedCertificate - empty - require.False(t, setup.Keeper.IsProposedCertificatePresent( - setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID)) - - // Check: UniqueCertificate - present - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) - - // Check: DA + All + UniqueCertificate - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootIssuer, - testconstants.RootSerialNumber) + // Check indexes + indexes = []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } // Extra cases @@ -278,6 +255,9 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) + testRootCertificate := utils.CreateTestRootCert() + testRootCertificate.SerialNumber = utils.SerialNumber + // store root certificate with different serial number rootCertificate := utils.RootCertificate(setup.Trustee1) rootCertificate.SerialNumber = utils.SerialNumber @@ -293,29 +273,31 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) - // Check: Approved certificate exist in all indexes - approvedCertificate := utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootIssuer, - utils.SerialNumber) - require.Len(t, approvedCertificate.Certs, 1) - - // Checked proposed certificate exist - proposedCertificate := utils.EnsureProposedDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber) - require.True(t, proposedCertificate.HasApprovalFrom(proposeAddX509RootCert.Signer)) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix, Exist: true}, // we have both: Proposed and Approved + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true, Count: 1}, // single approved + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + + // additional check + require.Equal(t, testconstants.RootSerialNumber, resolvedCertificates.ProposedCertificate.SerialNumber) } -func TestHandler_AddDaRootCerts_SameSubjectButDifferentSubjectKeyId(t *testing.T) { +func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T) { setup := utils.Setup(t) + testRootCertificate := utils.CreateTestRootCertWithSameSubject() + testRootCertificate2 := utils.CreateTestRootCertWithSameSubject2() + // add Certificate1 rootCertOptions := &utils.RootCertOptions{ PemCert: testconstants.PAACertWithSameSubjectID1, @@ -327,24 +309,14 @@ func TestHandler_AddDaRootCerts_SameSubjectButDifferentSubjectKeyId(t *testing.T utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add Certificate2 - rootCertOptions.PemCert = testconstants.PAACertWithSameSubjectID2 - rootCertOptions.Subject = testconstants.PAACertWithSameSubjectID2Subject - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - - // Check indexes by subject key id - approvedCertificatesBySubjectKeyId, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.PAACertWithSameSubjectIDSubjectID) - require.Equal(t, 1, len(approvedCertificatesBySubjectKeyId)) - require.Equal(t, 2, len(approvedCertificatesBySubjectKeyId[0].Certs)) - require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, approvedCertificatesBySubjectKeyId[0].SubjectKeyId) - require.Equal(t, testconstants.PAACertWithSameSubjectID1Subject, approvedCertificatesBySubjectKeyId[0].Certs[0].Subject) - require.Equal(t, testconstants.PAACertWithSameSubjectID2Subject, approvedCertificatesBySubjectKeyId[0].Certs[1].Subject) - - allCertificatesBySubjectKeyId, _ := utils.QueryAllCertificatesBySubjectKeyID(setup, testconstants.PAACertWithSameSubjectIDSubjectID) - require.Equal(t, 1, len(allCertificatesBySubjectKeyId)) - require.Equal(t, 2, len(allCertificatesBySubjectKeyId[0].Certs)) - require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, allCertificatesBySubjectKeyId[0].SubjectKeyId) - require.Equal(t, testconstants.PAACertWithSameSubjectID1Subject, allCertificatesBySubjectKeyId[0].Certs[0].Subject) - require.Equal(t, testconstants.PAACertWithSameSubjectID2Subject, allCertificatesBySubjectKeyId[0].Certs[1].Subject) + rootCert2Options := &utils.RootCertOptions{ + PemCert: testconstants.PAACertWithSameSubjectID2, + Subject: testconstants.PAACertWithSameSubjectID2Subject, + SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, + Info: testconstants.Info, + Vid: testconstants.Vid, + } + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert2Options) // Check indexes by subject + subject key id allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) @@ -353,17 +325,35 @@ func TestHandler_AddDaRootCerts_SameSubjectButDifferentSubjectKeyId(t *testing.T allCertificates, _ := utils.QueryAllCertificatesAll(setup) require.Equal(t, 2, len(allCertificates)) - // Check indexes by subject + subject key id - approvedCertificatesBySubject, _ := utils.QueryApprovedCertificatesBySubject(setup, testconstants.PAACertWithSameSubjectID1Subject) - require.Equal(t, 1, len(approvedCertificatesBySubject.SubjectKeyIds)) - - allCertificatesBySubject, _ := utils.QueryAllCertificatesBySubject(setup, testconstants.PAACertWithSameSubjectID2Subject) - require.Equal(t, 1, len(allCertificatesBySubject.SubjectKeyIds)) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + } + // check for first + utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + // check for second + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate2, indexes) + + // Additional checks + require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, resolvedCertificates.AllCertificatesBySubjectKeyId[0].SubjectKeyId) + require.Equal(t, testconstants.PAACertWithSameSubjectID1Subject, resolvedCertificates.AllCertificatesBySubjectKeyId[0].Certs[0].Subject) + require.Equal(t, testconstants.PAACertWithSameSubjectID2Subject, resolvedCertificates.AllCertificatesBySubjectKeyId[0].Certs[1].Subject) } func TestHandler_RejectAddDaRootCert(t *testing.T) { setup := utils.Setup(t) + testRootCertificate := utils.CreateTestRootCert() + // propose x509 root certificate by account Trustee1 proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), @@ -384,16 +374,26 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { require.NoError(t, err) // certificate should be in the entity , because we haven't enough reject approvals - proposedCertificate := utils.EnsureProposedDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber) - require.Equal(t, setup.Trustee1.String(), proposedCertificate.Approvals[0].Address) - require.Equal(t, testconstants.Info, proposedCertificate.Approvals[0].Info) - require.Equal(t, setup.Trustee2.String(), proposedCertificate.Rejects[0].Address) - require.Equal(t, testconstants.Info, proposedCertificate.Rejects[0].Info) + indexes := []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + } + // check certificate state indexes + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + + // additional checks + require.Equal(t, setup.Trustee1.String(), resolvedCertificates.ProposedCertificate.Approvals[0].Address) + require.Equal(t, testconstants.Info, resolvedCertificates.ProposedCertificate.Approvals[0].Info) + require.Equal(t, setup.Trustee2.String(), resolvedCertificates.ProposedCertificate.Rejects[0].Address) + require.Equal(t, testconstants.Info, resolvedCertificates.ProposedCertificate.Rejects[0].Info) // reject x509 root certificate by account Trustee3 rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert( @@ -405,31 +405,28 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { require.NoError(t, err) // certificate should not be in the entity , because we have enough reject approvals - _, err = utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Error(t, err) - - // certificate should be in the entity , because we have enough rejected approvals - rejectedCertificate := utils.EnsureRejectedDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID) - require.Equal(t, setup.Trustee1.String(), rejectedCertificate.Approvals[0].Address) - require.Equal(t, testconstants.Info, rejectedCertificate.Approvals[0].Info) - require.Equal(t, setup.Trustee2.String(), rejectedCertificate.Rejects[0].Address) - require.Equal(t, testconstants.Info, rejectedCertificate.Rejects[0].Info) - require.Equal(t, setup.Trustee3.String(), rejectedCertificate.Rejects[1].Address) - require.Equal(t, testconstants.Info, rejectedCertificate.Rejects[1].Info) - - // Check: Global + Approved DA + UniqueCertificate - missing - utils.EnsureDaRootCertificateNotExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSubject, - testconstants.RootSerialNumber, - false) + indexes = []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + } + // check certificate state indexes + resolvedCertificates = utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + + // additional checks + require.Equal(t, setup.Trustee1.String(), resolvedCertificates.RejectedCertificate.Certs[0].Approvals[0].Address) + require.Equal(t, testconstants.Info, resolvedCertificates.RejectedCertificate.Certs[0].Approvals[0].Info) + require.Equal(t, setup.Trustee2.String(), resolvedCertificates.RejectedCertificate.Certs[0].Rejects[0].Address) + require.Equal(t, testconstants.Info, resolvedCertificates.RejectedCertificate.Certs[0].Rejects[0].Info) + require.Equal(t, setup.Trustee3.String(), resolvedCertificates.RejectedCertificate.Certs[0].Rejects[1].Address) + require.Equal(t, testconstants.Info, resolvedCertificates.RejectedCertificate.Certs[0].Rejects[1].Info) } func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t *testing.T) { diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index 3eeda3ff6..b8e9e0b31 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -26,6 +26,8 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add DA PAI certificate + testIntermediateCertificate := utils.CreateTestIntermediateCert() + addX509Cert := types.NewMsgAddX509Cert( accAddress.String(), testconstants.IntermediateCertPem, @@ -33,29 +35,21 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) - // Check: DA + All + UniqueCertificate - utils.EnsureDaIntermediateCertificateExist( - t, - setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateIssuer, - testconstants.IntermediateSerialNumber, - false) - - // ChildCertificates: check that child certificates of issuer contains certificate identifier - utils.EnsureChildCertificateExist( - t, - setup, - testconstants.IntermediateIssuer, - testconstants.IntermediateAuthorityKeyID, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - ) - - // Check: ProposedCertificate - empty - require.False(t, setup.Keeper.IsProposedCertificatePresent( - setup.Ctx, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID)) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } // Extra cases @@ -69,7 +63,9 @@ func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { rootCertOptions := utils.CreatePAACertWithNumericVidOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - // add x509 certificate + // add intermediate certificate + testIntermediateCertificate := utils.CreateTestIntermediateVidScopedCert() + addX509Cert := types.NewMsgAddX509Cert( accAddress.String(), testconstants.PAICertWithNumericPidVid, @@ -77,30 +73,21 @@ func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) - // Check: DA + All + UniqueCertificate - intermediateCert := utils.EnsureDaIntermediateCertificateExist( - t, - setup, - testconstants.PAICertWithNumericPidVidSubject, - testconstants.PAICertWithNumericPidVidSubjectKeyID, - testconstants.PAACertWithNumericVidSubject, - testconstants.PAICertWithNumericPidVidSerialNumber, - false) - require.Equal(t, int32(testconstants.PAICertWithNumericPidVidVid), intermediateCert.Certs[0].Vid) - - // ChildCertificates: check that child certificates of issuer contains certificate identifier - utils.EnsureChildCertificateExist( - t, - setup, - testconstants.PAACertWithNumericVidSubject, - testconstants.PAACertWithNumericVidSubjectKeyID, - testconstants.PAICertWithNumericPidVidSubject, - testconstants.PAICertWithNumericPidVidSubjectKeyID, - ) - - // Check: ProposedCertificate - empty - require.False(t, setup.Keeper.IsProposedCertificatePresent( - setup.Ctx, testconstants.PAICertWithNumericPidVidSubject, testconstants.PAICertWithNumericPidVidSubjectKeyID)) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { @@ -113,6 +100,10 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // store intermediate certificate with different serial number + testIntermediateCertificate1 := utils.CreateTestIntermediateCert() + testIntermediateCertificate2 := utils.CreateTestIntermediateCert() + testIntermediateCertificate2.SerialNumber = utils.SerialNumber + intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) intermediateCertificate.SerialNumber = utils.SerialNumber utils.AddMokedDaCertificate(setup, intermediateCertificate, false) @@ -133,28 +124,34 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( allCertificates, _ := utils.QueryAllCertificatesAll(setup) require.Equal(t, 2, len(allCertificates)) // root + intermediate - // check approved certificate - certificate, _ := utils.QueryApprovedCertificates(setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID) - require.Equal(t, 2, len(certificate.Certs)) // two intermediates - require.NotEqual(t, certificate.Certs[0].SerialNumber, certificate.Certs[1].SerialNumber) + // Check indexes for certificate1 + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true, Count: 2}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true, Count: 1}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) - // check global certificate - globalCertificate, _ := utils.QueryAllCertificates(setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID) - require.Equal(t, 2, len(globalCertificate.Certs)) // two intermediates - require.NotEqual(t, globalCertificate.Certs[0].SerialNumber, globalCertificate.Certs[1].SerialNumber) + // additional checks + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].SerialNumber, testIntermediateCertificate2.SerialNumber) + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[1].SerialNumber, testIntermediateCertificate1.SerialNumber) + require.NotEqual( + t, + resolvedCertificates.ApprovedCertificates.Certs[0].SerialNumber, + resolvedCertificates.ApprovedCertificates.Certs[1].SerialNumber, + ) - // Check indexes by subject key id - approvedCertificatesBySubjectKeyId, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) - require.Equal(t, 1, len(approvedCertificatesBySubjectKeyId)) - require.Equal(t, 2, len(approvedCertificatesBySubjectKeyId[0].Certs)) + // Check indexes for certificate2 + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) - allCertificatesBySubjectKeyId, _ := utils.QueryAllCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) - require.Equal(t, 1, len(allCertificatesBySubjectKeyId)) - require.Equal(t, 2, len(allCertificatesBySubjectKeyId[0].Certs)) } func TestHandler_AddDaCert_ForTree(t *testing.T) { @@ -162,6 +159,10 @@ func TestHandler_AddDaCert_ForTree(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) + testRootCertificate := utils.CreateTestRootCert() + testIntermediateCertificate := utils.CreateTestIntermediateCert() + testLeafCertificate := utils.CreateTestLeafCert() + // add root x509 certificate rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) @@ -182,55 +183,46 @@ func TestHandler_AddDaCert_ForTree(t *testing.T) { _, err = setup.Handler(setup.Ctx, addLeafX509Cert) require.NoError(t, err) - // ensure root certificate exist - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootIssuer, - testconstants.RootSerialNumber) - - // ensure intermediate certificate exist - utils.EnsureDaIntermediateCertificateExist( - t, - setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateIssuer, - testconstants.IntermediateSerialNumber, - false) - - // ensure leaf certificate exist - utils.EnsureDaIntermediateCertificateExist( - t, - setup, - testconstants.LeafSubject, - testconstants.LeafSubjectKeyID, - testconstants.LeafIssuer, - testconstants.LeafSerialNumber, - false) - - // check ChildCertificate - root - rootCertChildren, _ := utils.QueryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, 1, len(rootCertChildren.CertIds)) - require.Equal(t, - utils.CertificateIdentifier(testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID), - *rootCertChildren.CertIds[0]) - - // check ChildCertificate - intermediate - intermediateCertChildren, _ := utils.QueryChildCertificates( - setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, 1, len(intermediateCertChildren.CertIds)) - require.Equal(t, - utils.CertificateIdentifier(testconstants.LeafSubject, testconstants.LeafSubjectKeyID), - *intermediateCertChildren.CertIds[0]) - - // check child certificate identifiers of leaf certificate - leafCertChildren, err := utils.QueryChildCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - require.Nil(t, leafCertChildren) + // Check indexes for root + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + + // Check indexes for intermediate + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true, Count: 1}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) + + // Check indexes for leaf + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true, Count: 1}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } //nolint:funlen diff --git a/x/pki/tests/handler_assign_vid_test.go b/x/pki/tests/handler_assign_vid_test.go index daadd5de2..40a8913be 100644 --- a/x/pki/tests/handler_assign_vid_test.go +++ b/x/pki/tests/handler_assign_vid_test.go @@ -21,6 +21,7 @@ func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) // propose and approve x509 root certificate + rootCertificate := utils.CreateTestRootCert() rootCertOptions := utils.CreateTestRootCertOptions() rootCertOptions.Vid = 0 utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) @@ -36,28 +37,25 @@ func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { require.NoError(t, err) // DA certificates indexes checks + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // DaCertificates: Subject and SKID - approvedCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, testconstants.Vid, approvedCertificate.Certs[0].Vid) - - // DaCertificates: SKID - certificateBySubjectKeyID, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.RootSubjectKeyID) - require.Equal(t, 1, len(certificateBySubjectKeyID)) - require.Equal(t, 1, len(certificateBySubjectKeyID[0].Certs)) - require.Equal(t, testconstants.Vid, certificateBySubjectKeyID[0].Certs[0].Vid) - - // All certificates indexes checks - - // AllCertificate: Subject and SKID - allCertificate, err := utils.QueryAllCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - require.Equal(t, testconstants.Vid, allCertificate.Certs[0].Vid) - - // AllCertificate: SKID - allCertificateBySkid, err := utils.QueryAllCertificatesBySubjectKeyID(setup, testconstants.RootSubjectKeyID) - require.NoError(t, err) - require.Equal(t, testconstants.Vid, allCertificateBySkid[0].Certs[0].Vid) + // Check VID is assigned + require.Equal(t, testconstants.Vid, resolvedCertificates.ApprovedCertificates.Certs[0].Vid) + require.Equal(t, testconstants.Vid, resolvedCertificates.ApprovedCertificatesBySubjectKeyId[0].Certs[0].Vid) + require.Equal(t, testconstants.Vid, resolvedCertificates.AllCertificates.Certs[0].Vid) + require.Equal(t, testconstants.Vid, resolvedCertificates.AllCertificatesBySubjectKeyId[0].Certs[0].Vid) } func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { @@ -95,12 +93,12 @@ func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { // All certificates indexes checks - // AllCertificate: Subject and SKID + // AllCertificates: Subject and SKID allCertificate, err := utils.QueryAllCertificates(setup, rootCertOptions.Subject, rootCertOptions.SubjectKeyID) require.NoError(t, err) require.Equal(t, testconstants.PAACertWithNumericVidVid, allCertificate.Certs[0].Vid) - // AllCertificate: SKID + // AllCertificates: SKID allCertificateBySkid, err := utils.QueryAllCertificatesBySubjectKeyID(setup, rootCertOptions.SubjectKeyID) require.NoError(t, err) require.Equal(t, testconstants.PAACertWithNumericVidVid, allCertificateBySkid[0].Certs[0].Vid) diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index 8ca89f340..f2f689daa 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -26,6 +26,7 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // add intermediate certificate + icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // remove intermediate certificate @@ -38,47 +39,24 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - // Check: Noc - missing - utils.EnsureCertificateNotPresentInNocCertificateIndexes( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.Vid, - false, - false, - ) - - // Check: All - missing - utils.EnsureGlobalCertificateNotExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - false, - false, - ) - - // Check: UniqueCertificate - missing - found := setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber) - require.False(t, found) - - // Check: RevokedCertificates (ica) - missing - found = setup.Keeper.IsRevokedNocIcaCertificatePresent( - setup.Ctx, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID) - require.False(t, found) - - // Check: child certificate - missing - found = setup.Keeper.IsChildCertificatePresent( - setup.Ctx, - testconstants.NocCert1Issuer, - testconstants.NocCert1AuthorityKeyID) - require.False(t, found) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { @@ -93,8 +71,14 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // add two intermediate certificates + icaCertificate1 := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + + icaCertificate2 := utils.CreateTestNocIca1CertCopy() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) + + // add leaf certificate + leafCertificate := utils.CreateTestNocLeafCert() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocLeafCert1) // get certificates for further comparison @@ -103,6 +87,20 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, 3, len(nocCerts)) require.Equal(t, 4, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)+len(nocCerts[2].Certs)) + // Check indexes for intermediate certificates before removing + indexes := []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 3}, // 2 inter + leaf certs exist + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + // remove all intermediate certificates but leave leaf certificate (NocCert1 and NocCert1Copy) removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), @@ -113,61 +111,51 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - // Check that intermediate certificates does not exist - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - true, // leaf certificate with the same vid exists - false) - - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1CopySubject, - testconstants.NocCert1CopySubjectKeyID, - testconstants.NocCert1CopyIssuer, - testconstants.NocCert1CopySerialNumber, - vid, - true, // leaf certificate with the same vid exists - false) - - // Check that leaf certificate exists - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocLeafCert1Subject, - testconstants.NocLeafCert1SubjectKeyID, - testconstants.NocLeafCert1Issuer, - testconstants.NocLeafCert1SerialNumber, - vid, - false) - - // Check that root certificate exists - utils.EnsureNocRootCertificateExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SerialNumber, - vid) + // Check indexes for intermediate certificates + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 1}, // leaf cert with same vid exist + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + + // Check indexes + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 1}, // only leaf exits + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) // Check that only 2 certificates exists nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 2, len(nocCerts)) - require.Equal(t, 2, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) - - // query noc certificate by VID - nocCertificates, err := utils.QueryNocIcaCertificatesByVid(setup, vid) - require.NoError(t, err) - require.Equal(t, len(nocCertificates.Certs), 1) - require.Equal(t, testconstants.NocLeafCert1Subject, nocCertificates.Certs[0].Subject) - require.Equal(t, testconstants.NocLeafCert1SubjectKeyID, nocCertificates.Certs[0].SubjectKeyId) + require.Equal(t, 2, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) // root + leaf } func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { @@ -182,19 +170,30 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // Add ICA certificates + icaCertificate1 := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // Add ICA certificates with sam subject and SKID but different serial number + icaCertificate2 := utils.CreateTestNocIca1CertCopy() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) // Add a leaf certificate + leafCertificate := utils.CreateTestNocLeafCert() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocLeafCert1) - // get certificates for further comparison - intermediateCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 2, len(intermediateCerts.Certs)) - require.Equal(t, testconstants.NocCert1Subject, intermediateCerts.Certs[0].Subject) - require.Equal(t, testconstants.NocCert1SubjectKeyID, intermediateCerts.Certs[0].SubjectKeyId) + // Check indexes for intermediate certificates before removing + indexes := []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 3}, // 2 inter + leaf certs exist + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // remove ICA certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509IcaCert( @@ -206,116 +205,46 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - // Check that only one intermediate certificate exists - intermediateCerts, _ = utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(intermediateCerts.Certs)) - - globalIntermediateCerts, _ := utils.QueryAllCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(globalIntermediateCerts.Certs)) - - // check that 3 certificates exists - allCerts, _ := utils.QueryAllNocCertificates(setup) - require.Equal(t, 3, len(allCerts)) - require.Equal(t, 3, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) - - // Check that intermediate certificates with NocCert1CopySerialNumber exist - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocCert1CopySubject, - testconstants.NocCert1CopySubjectKeyID, - testconstants.NocCert1CopyIssuer, - testconstants.NocCert1CopySerialNumber, - vid, - true) - - // Check that leaf certificate exists - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocLeafCert1Subject, - testconstants.NocLeafCert1SubjectKeyID, - testconstants.NocLeafCert1Issuer, - testconstants.NocLeafCert1SerialNumber, - vid, - true) - - // Check that root certificate exists - utils.EnsureNocRootCertificateExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SerialNumber, - vid) - - // remove intermediate certificate by serial number and check that leaf cert is not removed - removeIcaCert = types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1CopySerialNumber, - ) - _, err = setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) - - // check that 2 certificates exists - allCerts, _ = utils.QueryAllNocCertificates(setup) - require.Equal(t, 2, len(allCerts)) - require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) - - // Check that intermediate certificates with NocCert1SerialNumber does not exist - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - true, // leaf certificate with the same vid exists - false) - - // Check that intermediate certificates with NocCert1CopySerialNumber does not exist - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1CopySubject, - testconstants.NocCert1CopySubjectKeyID, - testconstants.NocCert1CopyIssuer, - testconstants.NocCert1CopySerialNumber, - vid, - true, // leaf certificate with the same vid exists - false) - - // Check that leaf certificate exists - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocLeafCert1Subject, - testconstants.NocLeafCert1SubjectKeyID, - testconstants.NocLeafCert1Issuer, - testconstants.NocLeafCert1SerialNumber, - vid, - false) - - // Check that root certificate exists - utils.EnsureNocRootCertificateExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SerialNumber, - vid) - - // query noc certificate by VID - nocCertificates, err := utils.QueryNocIcaCertificatesByVid(setup, vid) - require.NoError(t, err) - require.Equal(t, len(nocCertificates.Certs), 1) - require.Equal(t, testconstants.NocLeafCert1Subject, nocCertificates.Certs[0].Subject) - require.Equal(t, testconstants.NocLeafCert1SubjectKeyID, nocCertificates.Certs[0].SubjectKeyId) + // Check indexes for first certificate (second ica exist) + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 2}, // ica and leaf cert with same vid exist + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, // removed + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + + // Check indexes for second certificate (all same as for ica1 but also UniqueCertificate exists) + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 2}, // ica and leaf cert with same vid exist + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, // all same as for ica1 but also UniqueCertificate exists + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + + // Check indexes for leaf certificate (all same as for ica2) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { @@ -330,19 +259,9 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // Add an intermediate certificate + icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) - // Check that certificate exists - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - false) - // revoke intermediate certificate by serial number revokeX509Cert := types.NewMsgRevokeNocX509IcaCert( vendorAccAddress.String(), @@ -355,23 +274,23 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) - // Check that certificate does not exist - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - false, - true) - - // Check that revoked certificate exists - revokedCerts, _ := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(revokedCerts.Certs)) - require.Equal(t, testconstants.NocCert1Subject, revokedCerts.Certs[0].Subject) - require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedCerts.Certs[0].SubjectKeyId) + // Check indexes after revocation + indexes := []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // remove intermediate certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509IcaCert( @@ -383,30 +302,22 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { _, err = setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - // only one root certificate exist - allCerts, _ := utils.QueryAllNocCertificates(setup) - require.Equal(t, 1, len(allCerts)) - require.Equal(t, true, allCerts[0].Certs[0].IsRoot) - - // Check that certificate does not exist - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - false, - false) - - // Check that revoked certificate does not exist - _, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that unique certificate does not exists - found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1Issuer, testconstants.NocCert1SerialNumber) - require.Equal(t, false, found) + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } // Extra cases @@ -423,19 +334,9 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // Add an intermediate certificate + icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) - // Check that certificate exists - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - false) - // revoke an intermediate certificate revokeX509Cert := types.NewMsgRevokeNocX509IcaCert( vendorAccAddress.String(), @@ -448,40 +349,44 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) - // Check that certificate does not exist - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - false, - true) // revocation does not remove uniqueness identifier - - // Check that revoked certificate exists - revokedNocCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(revokedNocCerts.Certs)) + // Check indexes after revocation + indexes := []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // Add an intermediate certificate with new serial number + icaCertificate2 := utils.CreateTestNocIca1CertCopy() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) - // Ensure that only 1 certificate exists - intermediateCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(intermediateCerts.Certs)) - - // Check that certificate exists (with new serial number) - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocCert1CopySubject, - testconstants.NocCert1CopySubjectKeyID, - testconstants.NocCert1CopyIssuer, - testconstants.NocCert1CopySerialNumber, - vid, - false) + // Check indexes + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // we create root certificate as well but ica should not get there + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, // we have evoked cert with same id + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // remove an intermediate certificate removeIcaCert := types.NewMsgRemoveNocX509IcaCert( @@ -498,21 +403,23 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) require.Equal(t, 1, len(allCerts)) require.Equal(t, true, allCerts[0].Certs[0].IsRoot) - // Check that certificate does not exist - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1CopySubject, - testconstants.NocCert1CopySubjectKeyID, - testconstants.NocCert1CopyIssuer, - testconstants.NocCert1CopySerialNumber, - vid, - false, - false) - - // Check that revoked certificate does not exist - _, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) } func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index 1256b037a..e8054f6f5 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -23,52 +23,37 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificates + rootCertificate := utils.CreateTestNocRoot1Cert() utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) // remove noc root certificate removeIcaCert := types.NewMsgRemoveNocX509RootCert( vendorAccAddress.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, "", ) _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - // Check: Noc - missing - utils.EnsureCertificateNotPresentInNocCertificateIndexes( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.Vid, - true, - false, - ) - - // Check: All - missing - utils.EnsureGlobalCertificateNotExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - false, - false, - ) - - // Check: UniqueCertificate - missing - found := setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, - testconstants.NocRootCert1Issuer, - testconstants.NocRootCert1SerialNumber) - require.False(t, found) - - // Check: RevokedCertificates (root) - missing - found = setup.Keeper.IsRevokedNocRootCertificatePresent( - setup.Ctx, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID) - require.False(t, found) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { @@ -76,14 +61,17 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { // Add vendor account vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(vid) // add NOC root certificates + rootCertificate1 := utils.CreateTestNocRoot1Cert() utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + + rootCertificate2 := utils.CreateTestNocRoot2Cert() utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) // Add intermediate certificate + icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // get certificates for further comparison @@ -95,8 +83,8 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { // remove all root nOC certificates but IAC certificate removeIcaCert := types.NewMsgRemoveNocX509RootCert( vendorAccAddress.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyID, "", ) _, err := setup.Handler(setup.Ctx, removeIcaCert) @@ -108,40 +96,38 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, 1, len(nocCerts[0].Certs)) require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) - // Check that root certificates does not exist - utils.EnsureNocRootCertificateNotExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocRootCert1SerialNumber, - vid, - true, // intermediate certificate with the same vid exists - false) - - // Check that root copy certificates does not exist - utils.EnsureNocRootCertificateNotExist( - t, - setup, - testconstants.NocRootCert1CopySubject, - testconstants.NocRootCert1CopySubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocRootCert1CopySerialNumber, - vid, - true, // intermediate certificate with the same vid exists - false) - - // Check that intermediate certificates does not exist - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - false) + // Check indexes for root certificates + indexes := []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) + + // Check indexes for intermediate certificates + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { @@ -153,18 +139,22 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificates + rootCertificate1 := utils.CreateTestNocRoot1Cert() utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + + rootCertificate2 := utils.CreateTestNocRoot2Cert() utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) // Add ICA certificates + icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // remove NOC root certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509RootCert( vendorAccAddress.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1SerialNumber, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyID, + rootCertificate1.SerialNumber, ) _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) @@ -181,33 +171,42 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { require.NoError(t, err) require.Equal(t, 1, len(nocCertificates.Certs)) - // Check that root copy certificates does not exist - utils.EnsureNocRootCertificateExist( - t, - setup, - testconstants.NocRootCert1CopySubject, - testconstants.NocRootCert1CopySubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocRootCert1CopySerialNumber, - vid) - - // Check that intermediate certificates does not exist - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - false) + // Check indexes for root certificates + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) // remove NOC root certificate by serial number and check that IAC cert is not removed removeIcaCert = types.NewMsgRemoveNocX509RootCert( vendorAccAddress.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1CopySerialNumber, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyID, + rootCertificate2.SerialNumber, ) _, err = setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) @@ -217,62 +216,62 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { require.Equal(t, 1, len(nocCerts[0].Certs)) require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) - // Check that root certificates does not exist - utils.EnsureNocRootCertificateNotExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocRootCert1SerialNumber, - vid, - true, // intermediate certificate with the same vid exists - false) - - // Check that root copy certificates does not exist - utils.EnsureNocRootCertificateNotExist( - t, - setup, - testconstants.NocRootCert1CopySubject, - testconstants.NocRootCert1CopySubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocRootCert1CopySerialNumber, - vid, - true, // intermediate certificate with the same vid exists - false) - - // Check that intermediate certificates does not exist - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - false) + // Check indexes for root certificates + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) + + // Check indexes for intermediate certificates + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate + rootCertificate1 := utils.CreateTestNocRoot1Cert() utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + + rootCertificate2 := utils.CreateTestNocRoot2Cert() utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) // Add an intermediate certificate + icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) // revoke NOC root certificates revokeX509Cert := types.NewMsgRevokeNocX509RootCert( vendorAccAddress.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyID, "", testconstants.Info, false, @@ -280,53 +279,44 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) - // Check that root copy certificates does not exist - utils.EnsureNocRootCertificateNotExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocRootCert1SerialNumber, - vid, - true, // intermediate certificate with the same vid exists - true) - - // Check that root copy certificates does not exist - utils.EnsureNocRootCertificateNotExist( - t, - setup, - testconstants.NocRootCert1CopySubject, - testconstants.NocRootCert1CopySubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocRootCert1CopySerialNumber, - vid, - true, // intermediate certificate with the same vid exists - true) + // Check indexes for root certificates + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) revokedCerts, _ := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, 2, len(revokedCerts.Certs)) - require.Equal(t, testconstants.NocRootCert1Subject, revokedCerts.Certs[0].Subject) - require.Equal(t, testconstants.NocRootCert1SubjectKeyID, revokedCerts.Certs[0].SubjectKeyId) - require.Equal(t, testconstants.NocRootCert1CopySubject, revokedCerts.Certs[1].Subject) - require.Equal(t, testconstants.NocRootCert1CopySubjectKeyID, revokedCerts.Certs[1].SubjectKeyId) // Check that intermediate certificates does not exist - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - false) + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // remove NOC root certificates removeIcaCert := types.NewMsgRemoveNocX509RootCert( vendorAccAddress.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyID, "", ) _, err = setup.Handler(setup.Ctx, removeIcaCert) @@ -336,44 +326,35 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { require.Equal(t, 1, len(allCerts)) require.Equal(t, testconstants.NocCert1SerialNumber, allCerts[0].Certs[0].SerialNumber) - // Check that intermediate certificates does not exist - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - vid, - false) - - // Check that root copy certificates does not exist - utils.EnsureNocRootCertificateNotExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocRootCert1SerialNumber, - vid, - true, // intermediate certificate with the same vid exists - true) - - // Check that root copy certificates does not exist - utils.EnsureNocRootCertificateNotExist( - t, - setup, - testconstants.NocRootCert1CopySubject, - testconstants.NocRootCert1CopySubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocRootCert1CopySerialNumber, - vid, - true, // intermediate certificate with the same vid exists - true) - - // Check that revoked certificate does not exist - _, err = utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) + // Check indexes for root certificates + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) + + // Check that intermediate certificates still exist + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } // Extra cases @@ -490,9 +471,9 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) require.Equal(t, codes.NotFound, status.Code(err)) certsBySKID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) require.Empty(t, certsBySKID) - _, err = utils.QueryNocRootCertificates(setup, vid) + _, err = utils.QueryNocRootCertificatesByVid(setup, vid) require.Equal(t, codes.NotFound, status.Code(err)) - _, err = utils.QueryNocRootCertificates(setup, vid) + _, err = utils.QueryNocRootCertificatesByVid(setup, vid) require.Equal(t, codes.NotFound, status.Code(err)) _, err = utils.QueryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) @@ -549,7 +530,7 @@ func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { require.Equal(t, 0, len(nocCerts)) // query noc certificate by VID - _, err = utils.QueryNocRootCertificates(setup, vid) + _, err = utils.QueryNocRootCertificatesByVid(setup, vid) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificate key is not registered diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index d12c8592b..d5d0f481f 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -20,88 +20,44 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // propose and approve x509 root certificate - rootCertOptions := &utils.RootCertOptions{ - PemCert: testconstants.RootCertWithSameSubjectAndSKID1, - Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - Info: testconstants.Info, - Vid: testconstants.RootCertWithVidVid, - } + rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add intermediate certificates - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) + testIntermediateCertificate := utils.CreateTestIntermediateCert() + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) // Remove intermediate certificate removeX509Cert := types.NewMsgRemoveX509Cert( vendorAccAddress.String(), - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyID, "", ) _, err := setup.Handler(setup.Ctx, removeX509Cert) require.NoError(t, err) - // Check: only one certificate exists + // Check: only one certificate exists - root allCerts, _ := utils.QueryAllApprovedCertificates(setup) require.Equal(t, 1, len(allCerts)) - // Check: UniqueCertificate - missing - found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber) - require.False(t, found) - - // Check: RevokedCertificates - missing - found = setup.Keeper.IsProposedCertificatePresent(setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.False(t, found) - - // Check: ProposedCertificateRevocation - missing - found = setup.Keeper.IsProposedCertificateRevocationPresent( - setup.Ctx, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, - ) - require.False(t, found) - - // Check: All - missing - utils.EnsureGlobalCertificateNotExist( - t, - setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - false, - false, - ) - - // Check: DA - missing - utils.EnsureCertificateNotPresentInDaCertificateIndexes( - t, - setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - false, - false, - false, - ) - - // Check: child certificate - missing - found = setup.Keeper.IsChildCertificatePresent( - setup.Ctx, - testconstants.IntermediateIssuer, - testconstants.IntermediateAuthorityKeyID) - require.False(t, found) - - // Check: root exists - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKID1SerialNumber) + // Check indexes for intermediate certificate + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { @@ -122,10 +78,14 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add two intermediate certificates + testIntermediateCertificate1 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID1() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) + + testIntermediateCertificate2 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID2() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID2) // Add a leaf certificate + testLeafCertificate := utils.CreateTestLeafCertWithSameSubjectAndSKID() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertWithSameSubjectAndSKID) // get certificates for further comparison @@ -137,8 +97,8 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { // remove all intermediate certificates but leave leaf certificate removeX509Cert := types.NewMsgRemoveX509Cert( vendorAccAddress.String(), - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, + testIntermediateCertificate1.Subject, + testIntermediateCertificate1.SubjectKeyID, "", ) _, err := setup.Handler(setup.Ctx, removeX509Cert) @@ -149,45 +109,36 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { require.Equal(t, 2, len(allCerts)) require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) - // Check that intermediate certificates does not exist - utils.EnsureDaIntermediateCertificateNotExist( - t, - setup, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.IntermediateIssuer, - testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, - false, - true) // leaf has same subject - - utils.EnsureDaIntermediateCertificateNotExist( - t, - setup, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.IntermediateIssuer, - testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, - false, - true) // leaf has same subject + // Check indexes for intermediate certificate + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + //{Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, // leaf cert has same subject + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + //{Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, // leaf cert has same subject + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) // check that leaf certificate exists - utils.EnsureDaIntermediateCertificateExist( - t, - setup, - testconstants.LeafCertWithSameSubjectAndSKIDSubject, - testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.LeafCertWithSameSubjectAndSKIDSubject, - testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, - false) - - // check that root certificate exists - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKID1SerialNumber) + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { @@ -208,18 +159,22 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add intermediate certificates + testIntermediateCertificate1 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID1() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) + + testIntermediateCertificate2 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID2() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID2) // Add a leaf certificate + testLeafCertificate := utils.CreateTestLeafCertWithSameSubjectAndSKID() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertWithSameSubjectAndSKID) // remove intermediate certificate by serial number removeX509Cert := types.NewMsgRemoveX509Cert( vendorAccAddress.String(), - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, + testIntermediateCertificate1.Subject, + testIntermediateCertificate1.SubjectKeyID, + testIntermediateCertificate1.SerialNumber, ) _, err := setup.Handler(setup.Ctx, removeX509Cert) require.NoError(t, err) @@ -229,41 +184,49 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { require.Equal(t, 3, len(allCerts)) require.Equal(t, 3, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) - // Check that intermediate certificates exist - utils.EnsureDaIntermediateCertificateExist( - t, - setup, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.IntermediateCertWithSameSubjectAndSKIDIssuer, - testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, - true) - - // check that leaf certificate exists - utils.EnsureDaIntermediateCertificateExist( - t, - setup, - testconstants.LeafCertWithSameSubjectAndSKIDSubject, - testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.LeafCertWithSameSubjectAndSKIDSubject, - testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, - true) - - // check that root certificate exists - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKID1SerialNumber) + // Check indexes for intermediate certificate 1 + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + + // Check indexes for intermediate certificate 2 (all the same but also UniqueCertificate exists) + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + + // check that leaf certificate exists (same as for intermediate 2, skip check by subject) + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + } + utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) // remove intermediate certificate by serial number and check that leaf cert is not removed removeX509Cert = types.NewMsgRemoveX509Cert( vendorAccAddress.String(), - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, + testIntermediateCertificate2.Subject, + testIntermediateCertificate2.SubjectKeyID, + testIntermediateCertificate2.SerialNumber, ) _, err = setup.Handler(setup.Ctx, removeX509Cert) require.NoError(t, err) @@ -272,53 +235,39 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { require.Equal(t, 2, len(allCerts)) require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) - // Check that intermediate certificates does not exist - utils.EnsureDaIntermediateCertificateNotExist( - t, - setup, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.IntermediateCertWithSameSubjectAndSKIDIssuer, - testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, - false, - true) // leaf has same subject - - utils.EnsureDaIntermediateCertificateNotExist( - t, - setup, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.IntermediateCertWithSameSubjectAndSKIDIssuer, - testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, - false, - true) // leaf has same subject + // Check indexes for intermediate certificates + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) // check that leaf certificate exists - utils.EnsureDaIntermediateCertificateExist( - t, - setup, - testconstants.LeafCertWithSameSubjectAndSKIDSubject, - testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.LeafCertWithSameSubjectAndSKIDSubject, - testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, - true) - - // check that root certificate exists - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKID1SerialNumber) + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate rootCertOptions := &utils.RootCertOptions{ @@ -331,27 +280,34 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add two intermediate certificates again + testIntermediateCertificate := utils.CreateTestIntermediateCert() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) // revoke intermediate certificate by serial number revokeX509Cert := types.NewMsgRevokeX509Cert( vendorAccAddress.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyID, + testIntermediateCertificate.SerialNumber, false, testconstants.Info, ) _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) - _, err = utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - revokedCerts, _ := utils.QueryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, 1, len(revokedCerts.Certs)) - require.Equal(t, testconstants.IntermediateSubject, revokedCerts.Certs[0].Subject) - require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCerts.Certs[0].SubjectKeyId) + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) // remove intermediate certificate by serial number removeX509Cert := types.NewMsgRemoveX509Cert( @@ -363,19 +319,19 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { _, err = setup.Handler(setup.Ctx, removeX509Cert) require.NoError(t, err) - utils.EnsureDaIntermediateCertificateNotExist( - t, - setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateIssuer, - testconstants.IntermediateSerialNumber, - false, - false) - - // check that revoked certificate exists - _, err = utils.QueryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } // Extra cases diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index 6b531d6b8..40a941a1f 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -26,13 +26,14 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // add the NOC non-root certificate + icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) // Revoke NOC with subject and subject key id only revokeCert := types.NewMsgRevokeNocX509IcaCert( accAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, "", testconstants.Info, false, @@ -40,54 +41,24 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { _, err := setup.Handler(setup.Ctx, revokeCert) require.NoError(t, err) - // Check: Noc - missing - utils.EnsureCertificateNotPresentInNocCertificateIndexes( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.Vid, - false, - false, - ) - - // Check: All - missing - utils.EnsureGlobalCertificateNotExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - false, - false, - ) - - // Check: UniqueCertificate - present - found := setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber) - require.True(t, found) - - // Check: RevokedCertificates (ica) - present - found = setup.Keeper.IsRevokedNocIcaCertificatePresent( - setup.Ctx, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID) - require.True(t, found) - - // Check: RevokedCertificates (root) - missing - found = setup.Keeper.IsRevokedNocRootCertificatePresent( - setup.Ctx, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID) - require.False(t, found) - - // Check: child certificate - missing - found = setup.Keeper.IsChildCertificatePresent( - setup.Ctx, - testconstants.NocCert1Issuer, - testconstants.NocCert1AuthorityKeyID) - require.False(t, found) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { @@ -100,19 +71,22 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // add the first NOC non-root certificate + icaCertificate1 := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) // add the second NOC non-root certificate + icaCertificate2 := utils.CreateTestNocIca1CertCopy() utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) // add the NOC leaf certificate + leafCertificate := utils.CreateTestNocLeafCert() utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) // Revoke NOC with subject and subject key id only revokeCert := types.NewMsgRevokeNocX509IcaCert( accAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyID, "", testconstants.Info, false, @@ -127,39 +101,46 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { require.Equal(t, testconstants.NocCert1Subject, revokedNocCerts.Subject) require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) - // Check that intermediate certificates does not exist - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - testconstants.Vid, - true, // leaf certificate with the same vid exists - true) - - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1CopySubject, - testconstants.NocCert1CopySubjectKeyID, - testconstants.NocCert1CopyIssuer, - testconstants.NocCert1CopySerialNumber, - testconstants.Vid, - true, // leaf certificate with the same vid exists - true) - - // Check that leaf certificate exists - utils.EnsureNocIntermediateCertificateExist( - t, - setup, - testconstants.NocLeafCert1Subject, - testconstants.NocLeafCert1SubjectKeyID, - testconstants.NocLeafCert1Issuer, - testconstants.NocLeafCert1SerialNumber, - testconstants.Vid, - false) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true, Count: 2}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, // leaf still exists + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + + // Check indexes for leaf + indexes = []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 1}, // only leaf exits + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { @@ -172,19 +153,22 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) // add the first NOC non-root certificate + icaCertificate1 := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) // add the second NOC non-root certificate + icaCertificate2 := utils.CreateTestNocIca1CertCopy() utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) // add the NOC leaf certificate + leafCertificate := utils.CreateTestNocLeafCert() utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) // Revoke noc with subject and subject key id and its child too revokeCert := types.NewMsgRevokeNocX509IcaCert( accAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyID, "", testconstants.Info, true, @@ -197,52 +181,26 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { require.Equal(t, 2, len(allRevokedCerts)) require.Equal(t, 3, len(allRevokedCerts[0].Certs)+len(allRevokedCerts[1].Certs)) - revokedNocCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 2, len(revokedNocCerts.Certs)) - require.Equal(t, testconstants.NocCert1Subject, revokedNocCerts.Subject) - require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) - - // query all certs - certs, err := utils.QueryAllNocCertificates(setup) - require.NoError(t, err) - require.Equal(t, 1, len(certs)) - require.Equal(t, testconstants.NocRootCert1SubjectKeyID, certs[0].SubjectKeyId) - - // Check that intermediate certificates does not exist - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1Issuer, - testconstants.NocCert1SerialNumber, - testconstants.Vid, - false, - true) - - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocCert1CopySubject, - testconstants.NocCert1CopySubjectKeyID, - testconstants.NocCert1CopyIssuer, - testconstants.NocCert1CopySerialNumber, - testconstants.Vid, - false, - true) - - // Check that leaf certificate exists - utils.EnsureNocIntermediateCertificateNotExist( - t, - setup, - testconstants.NocLeafCert1Subject, - testconstants.NocLeafCert1SubjectKeyID, - testconstants.NocLeafCert1Issuer, - testconstants.NocLeafCert1SerialNumber, - testconstants.Vid, - false, - true) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index 76064e810..9da35f4d8 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -23,6 +23,7 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { accAddress := setup.CreateVendorAccount(testconstants.Vid) // add the first NOC root certificate + rootCertificate := utils.CreateTestNocRoot1Cert() addNocX509RootCert := types.NewMsgAddNocX509RootCert( accAddress.String(), testconstants.NocRootCert1, @@ -33,8 +34,8 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { // Revoke NOC root with subject and subject key id only revokeCert := types.NewMsgRevokeNocX509RootCert( accAddress.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, "", testconstants.Info, false, @@ -42,47 +43,24 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { _, err = setup.Handler(setup.Ctx, revokeCert) require.NoError(t, err) - // Check: Noc - missing - utils.EnsureCertificateNotPresentInNocCertificateIndexes( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.Vid, - true, - false, - ) - - // Check: All - missing - utils.EnsureGlobalCertificateNotExist( - t, - setup, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - false, - false, - ) - - // Check: UniqueCertificate - present - found := setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, - testconstants.NocRootCert1Issuer, - testconstants.NocRootCert1SerialNumber) - require.True(t, found) - - // Check: RevokedCertificates (root) - present - found = setup.Keeper.IsRevokedNocRootCertificatePresent( - setup.Ctx, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID) - require.True(t, found) - - // Check: RevokedCertificates (ica) - missing - found = setup.Keeper.IsRevokedNocIcaCertificatePresent( - setup.Ctx, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID) - require.False(t, found) + // Check indexes + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, + {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_RevokeNocX509RootCert_RevokeDefault(t *testing.T) { @@ -156,7 +134,7 @@ func TestHandler_RevokeNocX509RootCert_RevokeDefault(t *testing.T) { require.Equal(t, 0, len(aprCertsBySubjectKeyID)) // query noc root certificate by VID - nocRootCerts, err := utils.QueryNocRootCertificates(setup, testconstants.Vid) + nocRootCerts, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, 1, len(nocRootCerts.Certs)) require.Equal(t, testconstants.NocRootCert2SubjectKeyID, nocRootCerts.Certs[0].SubjectKeyId) @@ -253,7 +231,7 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { require.Equal(t, codes.NotFound, status.Code(err)) // query noc root certificate by VID - _, err = utils.QueryNocRootCertificates(setup, testconstants.Vid) + _, err = utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) @@ -356,7 +334,7 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { require.Equal(t, testconstants.NocRootCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) // query noc root certificate by VID should return only one root cert - revNocRoot, err := utils.QueryNocRootCertificates(setup, testconstants.Vid) + revNocRoot, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, 1, len(revNocRoot.Certs)) require.Equal(t, testconstants.NocRootCert1CopySerialNumber, revNocRoot.Certs[0].SerialNumber) @@ -448,7 +426,7 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing require.Equal(t, testconstants.NocRootCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) // query noc root certificate by VID should return only one root cert - revNocRoot, err := utils.QueryNocRootCertificates(setup, testconstants.Vid) + revNocRoot, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, 1, len(revNocRoot.Certs)) require.Equal(t, testconstants.NocRootCert1CopySerialNumber, revNocRoot.Certs[0].SerialNumber) diff --git a/x/pki/tests/handler_revoke_paa_cert_test.go b/x/pki/tests/handler_revoke_paa_cert_test.go index ded50360d..718722815 100644 --- a/x/pki/tests/handler_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_revoke_paa_cert_test.go @@ -25,36 +25,47 @@ func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by `setup.Trustee` and approve by another trustee + rootCertificate := utils.CreateTestRootCert() rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // propose revocation of x509 root certificate by `setup.Trustee` proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( setup.Trustee1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber, false, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) // Check: Certificate is proposed to revoke - ensureDaRootCertificateIsProposedToRevoked( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - testconstants.RootIssuer, - setup.Trustee1.String(), - ) + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // additional check + require.True(t, resolvedCertificates.ProposedRevocation.HasRevocationFrom(setup.Trustee1.String())) } func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by `setup.Trustee` and approve by another trustee + rootCertificate := utils.CreateTestRootCert() rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) @@ -65,24 +76,33 @@ func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { // propose revocation of x509 root certificate by new trustee proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( anotherTrustee.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber, false, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) // Check: Certificate is proposed to revoke - ensureDaRootCertificateIsProposedToRevoked( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - testconstants.RootIssuer, - anotherTrustee.String(), - ) + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // additional check + require.True(t, resolvedCertificates.ProposedRevocation.HasRevocationFrom(anotherTrustee.String())) } // Propose + Approve @@ -91,6 +111,7 @@ func TestHandler_RevokeDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by `setup.Trustee` and approve by another trustee + rootCertificate := utils.CreateTestRootCert() rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) @@ -98,29 +119,34 @@ func TestHandler_RevokeDaRootCert(t *testing.T) { proposeAndApproveCertificateRevocation( t, setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, "", ) - // Check: Certificate is revoked - ensureDaRootCertificateIsRevoked( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - testconstants.RootIssuer, - true, - false, - false, - ) + // Check state indexes + indexes := []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist(t *testing.T) { setup := utils.Setup(t) // add root certificates + rootCertificate1 := utils.CreateTestRootCertWithSameSubject() rootCert1Options := &utils.RootCertOptions{ PemCert: testconstants.PAACertWithSameSubjectID1, Subject: testconstants.PAACertWithSameSubjectID1Subject, @@ -130,6 +156,7 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist } utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert1Options) + rootCertificate2 := utils.CreateTestRootCertWithSameSubject2() rootCert2Options := &utils.RootCertOptions{ PemCert: testconstants.PAACertWithSameSubjectID2, Subject: testconstants.PAACertWithSameSubjectID2Subject, @@ -143,37 +170,48 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist proposeAndApproveCertificateRevocation( t, setup, - testconstants.PAACertWithSameSubjectID1Subject, - testconstants.PAACertWithSameSubjectIDSubjectID, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyID, "", ) - // Check: Certificate1 is revoked - ensureDaRootCertificateIsRevoked( - t, - setup, - testconstants.PAACertWithSameSubjectID1Subject, - testconstants.PAACertWithSameSubjectIDSubjectID, - testconstants.PAACertWithSameSubjectSerialNumber, - testconstants.PAACertWithSameSubjectIssuer, - true, - false, - true, - ) - - // Check: Certificate2 exist - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.PAACertWithSameSubjectID2Subject, - testconstants.PAACertWithSameSubjectIDSubjectID, - testconstants.PAACertWithSameSubject2Issuer, - testconstants.PAACertWithSameSubject2SerialNumber) + // Check state indexes + indexes := []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, // another cert with same SKID exists + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, // another cert with same SKID exist + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + + // second still exists + indexes = []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndSkidExist(t *testing.T) { setup := utils.Setup(t) + rootCertificate1 := utils.CreateTestRootCertWithSameSubjectAndSkid1() rootCert1Opt := &utils.RootCertOptions{ PemCert: testconstants.RootCertWithSameSubjectAndSKID1, Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, @@ -183,6 +221,7 @@ func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndS } utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert1Opt) + rootCertificate2 := utils.CreateTestRootCertWithSameSubjectAndSkid2() rootCert2Opt := &utils.RootCertOptions{ PemCert: testconstants.RootCertWithSameSubjectAndSKID2, Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, @@ -202,98 +241,72 @@ func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndS ) // Check: Certificate1 - RevokedCertificates - present - found := setup.Keeper.IsRevokedCertificatePresent( - setup.Ctx, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - ) - require.True(t, found) - - // Check: Certificate1 - RevokedRootCertificates - present - found = utils.IsRevokedRootCertificatePresent( - setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - ) - require.True(t, found) - - // Check: Certificate1 - UniqueCertificate - present - found = setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, - testconstants.RootCertWithSameSubjectAndSKID1Issuer, - testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, - ) - require.True(t, found) - - // Check: Certificate2 - DA + All + UniqueCertificate - present - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.RootCertWithSameSubjectAndSKID2Issuer, - testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, - ) - - // DA Approved certificates - only Certificate2 - approvedCertificates, _ := utils.QueryApprovedCertificates( - setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID) - require.Len(t, approvedCertificates.Certs, 1) - require.Equal(t, testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, approvedCertificates.Certs[0].SerialNumber) + indexes := []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true, Count: 1}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) // revoke Certificate2 certificate proposeAndApproveCertificateRevocation( t, setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyID, + rootCertificate2.SerialNumber, ) // Check: Certificate1 is revoked - ensureDaRootCertificateIsRevoked( - t, - setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, - testconstants.RootCertWithSameSubjectAndSKID1Issuer, - true, - false, - false, - ) - - // Check: Certificate2 is revoked - ensureDaRootCertificateIsRevoked( - t, - setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, - testconstants.RootCertWithSameSubjectAndSKID2Issuer, - true, - false, - false, - ) + indexes = []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup := utils.Setup(t) // add root x509 certificate + rootCertificate := utils.CreateTestRootCert() rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - // Check: DA + All + UniqueCertificate - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootIssuer, - testconstants.RootSerialNumber) + // root exists + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // Create an array of trustee account from 1 to 50 trusteeAccounts := make([]sdk.AccAddress, 50) @@ -334,13 +347,7 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { require.NoError(t, err) // check that the certificate is still not revoked - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootIssuer, - testconstants.RootSerialNumber) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } // One more revoke will revoke the certificate @@ -353,39 +360,22 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.NoError(t, err) - // Check: DA - missing - utils.EnsureCertificateNotPresentInDaCertificateIndexes( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - true, - false, - false, - ) - - // Check: All - missing - utils.EnsureGlobalCertificateNotExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - false, - false, - ) - - // Check: ProposedCertificateRevocation - missing - found := setup.Keeper.IsProposedCertificateRevocationPresent( - setup.Ctx, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - ) - require.False(t, found) - - // Check: UniqueCertificate - present - found = setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber) - require.True(t, found) + indexes = []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, + {Key: types.RevokedRootCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // Check: Revoked - present revokedCertificate, err := utils.QueryRevokedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) @@ -406,110 +396,60 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { setup := utils.Setup(t) + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) + // add root x509 certificate + rootCertificate := utils.CreateTestRootCert() rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add intermediate x509 certificate + intermediateCertificate := utils.CreateTestIntermediateCert() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) // add leaf x509 certificate + leafCertificate := utils.CreateTestLeafCert() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, "", true, testconstants.Info) + setup.Trustee1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + "", + true, + testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) // approve approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, "", testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.NoError(t, err) - - // check that root, intermediate and leaf certificates have been revoked - allRevokedCertificates, _ := utils.QueryAllRevokedCertificates(setup) - require.Equal(t, 3, len(allRevokedCertificates)) - require.Equal(t, testconstants.LeafSubject, allRevokedCertificates[0].Subject) - require.Equal(t, testconstants.LeafSubjectKeyID, allRevokedCertificates[0].SubjectKeyId) - require.Equal(t, 1, len(allRevokedCertificates[0].Certs)) - require.Equal(t, testconstants.LeafCertPem, allRevokedCertificates[0].Certs[0].PemCert) - require.Equal(t, testconstants.RootSubject, allRevokedCertificates[1].Subject) - require.Equal(t, testconstants.RootSubjectKeyID, allRevokedCertificates[1].SubjectKeyId) - require.Equal(t, 1, len(allRevokedCertificates[1].Certs)) - require.Equal(t, testconstants.RootCertPem, allRevokedCertificates[1].Certs[0].PemCert) - require.Equal(t, testconstants.IntermediateSubject, allRevokedCertificates[2].Subject) - require.Equal(t, testconstants.IntermediateSubjectKeyID, allRevokedCertificates[2].SubjectKeyId) - require.Equal(t, 1, len(allRevokedCertificates[2].Certs)) - require.Equal(t, testconstants.IntermediateCertPem, allRevokedCertificates[2].Certs[0].PemCert) - - // check that approved certs list is empty - allApprovedCertificates, err := utils.QueryAllApprovedCertificates(setup) - require.NoError(t, err) - require.Equal(t, 0, len(allApprovedCertificates)) - - // check that no proposed certificate revocations exist - allProposedCertificateRevocations, err := utils.QueryAllProposedCertificateRevocations(setup) - require.NoError(t, err) - require.Equal(t, 0, len(allProposedCertificateRevocations)) - - // check that no child certificate identifiers are registered for revoked root certificate - rootCertChildren, err := utils.QueryChildCertificates( - setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - require.Nil(t, rootCertChildren) - - // check that no child certificate identifiers are registered for revoked intermediate certificate - intermediateCertChildren, err := utils.QueryChildCertificates( - setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - require.Nil(t, intermediateCertChildren) - - // check that no child certificate identifiers are registered for revoked leaf certificate - leafCertChildren, err := utils.QueryChildCertificates( - setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - require.Nil(t, leafCertChildren) - - // check that root certificate does not exist - utils.EnsureDaRootCertificateNotExist( - t, - setup, + setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, - testconstants.RootSubject, - testconstants.RootSerialNumber, - true) - - // check that intermediate certificate does not exist - utils.EnsureDaIntermediateCertificateNotExist( - t, - setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateIssuer, - testconstants.IntermediateSerialNumber, - true, - false) + "", + testconstants.Info) + _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) + require.NoError(t, err) - // check that intermediate certificate does not exist - utils.EnsureDaIntermediateCertificateNotExist( - t, - setup, - testconstants.LeafSubject, - testconstants.LeafSubjectKeyID, - testconstants.LeafIssuer, - testconstants.LeafSerialNumber, - true, - false) + indexes := []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } // Extra cases @@ -1011,105 +951,3 @@ func proposeAndApproveCertificateRevocation( _, err = setup.Handler(setup.Ctx, aprRevokeX509Cert) require.NoError(t, err) } - -func ensureDaRootCertificateIsProposedToRevoked( - t *testing.T, - setup *utils.TestSetup, - subject string, - subjectKeyID string, - serialNumber string, - issuer string, - revokedBy string, -) { - t.Helper() - - // Check: ProposedCertificateRevocation - present - proposedRevocation, _ := utils.QueryProposedCertificateRevocation( - setup, - subject, - subjectKeyID, - serialNumber, - ) - require.True(t, proposedRevocation.HasRevocationFrom(revokedBy)) - - // Check: DA + All + UniqueCertificate - present - utils.EnsureDaRootCertificateExist( - t, - setup, - subject, - subjectKeyID, - issuer, - serialNumber, - ) - - // Check: RevokedCertificates - missing - require.False(t, setup.Keeper.IsRevokedCertificatePresent(setup.Ctx, subject, subjectKeyID)) -} - -func ensureDaRootCertificateIsRevoked( - t *testing.T, - setup *utils.TestSetup, - subject string, - subjectKeyID string, - serialNumber string, - issuer string, - isRoot bool, - skipCheckBySubject bool, - skipCheckBySkid bool, -) { - t.Helper() - - // Check: RevokedCertificates - present - found := setup.Keeper.IsRevokedCertificatePresent( - setup.Ctx, - subject, - subjectKeyID, - ) - require.True(t, found) - - // Check: RevokedRootCertificates - present - found = utils.IsRevokedRootCertificatePresent( - setup, - subject, - subjectKeyID, - ) - require.True(t, found) - - // Check: UniqueCertificate - present - found = setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, - issuer, - serialNumber, - ) - require.True(t, found) - - // Check: DA - missing - utils.EnsureCertificateNotPresentInDaCertificateIndexes( - t, - setup, - subject, - subjectKeyID, - isRoot, - skipCheckBySubject, - skipCheckBySkid, - ) - - // Check: All - missing - utils.EnsureGlobalCertificateNotExist( - t, - setup, - subject, - subjectKeyID, - skipCheckBySubject, - skipCheckBySkid, - ) - - // Check: ProposedCertificateRevocation - missing - found = setup.Keeper.IsProposedCertificateRevocationPresent( - setup.Ctx, - subject, - subjectKeyID, - serialNumber, - ) - require.False(t, found) -} diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index 17f93ba37..0a2fde3f2 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -23,6 +23,7 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate + rootCertificate := utils.CreateTestRootCert() rootCertOptions := &utils.RootCertOptions{ PemCert: testconstants.RootCertPem, Subject: testconstants.RootSubject, @@ -33,13 +34,14 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add intermediate certificate + intermediateCertificate := utils.CreateTestIntermediateCert() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) // revoke intermediate certificate revokeX509Cert := types.NewMsgRevokeX509Cert( vendorAccAddress.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, + intermediateCertificate.Subject, + intermediateCertificate.SubjectKeyID, "", false, testconstants.Info, @@ -47,62 +49,36 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) - // Check: Revoked - present - allRevokedCertificates, _ := utils.QueryAllRevokedCertificates(setup) - require.Equal(t, 1, len(allRevokedCertificates)) - require.Equal(t, testconstants.IntermediateSubject, allRevokedCertificates[0].Subject) - require.Equal(t, testconstants.IntermediateSubjectKeyID, allRevokedCertificates[0].SubjectKeyId) - require.Equal(t, 1, len(allRevokedCertificates[0].Certs)) - - // Check: UniqueCertificate - present - found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber) - require.True(t, found) - - // Check: ProposedCertificateRevocation - missing - found = setup.Keeper.IsProposedCertificateRevocationPresent( - setup.Ctx, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, - ) - require.False(t, found) - - // Check: All - missing - utils.EnsureGlobalCertificateNotExist( - t, - setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - false, - false, - ) - - // Check: DA - missing - utils.EnsureCertificateNotPresentInDaCertificateIndexes( - t, - setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - false, - false, - false, - ) - - // Check: child certificate - missing - found = setup.Keeper.IsChildCertificatePresent( - setup.Ctx, - testconstants.IntermediateIssuer, - testconstants.IntermediateAuthorityKeyID) - require.False(t, found) + // Check: Certificate is revoked + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) // Check: Root stays approved - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSubject, - testconstants.RootSerialNumber) + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { @@ -112,20 +88,23 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add root x509 certificate + rootCertificate := utils.CreateTestRootCert() rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add intermediate x509 certificate + intermediateCertificate := utils.CreateTestIntermediateCert() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) // add leaf x509 certificate + leafCertificate := utils.CreateTestLeafCert() utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) // revoke x509 certificate revokeX509Cert := types.NewMsgRevokeX509Cert( vendorAccAddress.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, + intermediateCertificate.Subject, + intermediateCertificate.SubjectKeyID, "", true, testconstants.Info, @@ -133,46 +112,36 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) - // check that intermediate certificate has been revoked - allRevokedCertificates, _ := utils.QueryAllRevokedCertificates(setup) - require.Equal(t, 2, len(allRevokedCertificates)) - require.Equal(t, testconstants.LeafSubject, allRevokedCertificates[0].Subject) - require.Equal(t, testconstants.LeafSubjectKeyID, allRevokedCertificates[0].SubjectKeyId) - require.Equal(t, 1, len(allRevokedCertificates[0].Certs)) - require.Equal(t, testconstants.LeafCertPem, allRevokedCertificates[0].Certs[0].PemCert) - require.Equal(t, testconstants.IntermediateSubject, allRevokedCertificates[1].Subject) - require.Equal(t, testconstants.IntermediateSubjectKeyID, allRevokedCertificates[1].SubjectKeyId) - require.Equal(t, 1, len(allRevokedCertificates[1].Certs)) - require.Equal(t, testconstants.IntermediateCertPem, allRevokedCertificates[1].Certs[0].PemCert) - - // check that root certificate stays approved - utils.EnsureDaRootCertificateExist( - t, - setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSubject, - testconstants.RootSerialNumber) - - // check that no proposed certificate revocations have been created - allProposedCertificateRevocations, _ := utils.QueryAllProposedCertificateRevocations(setup) - require.NoError(t, err) - require.Equal(t, 0, len(allProposedCertificateRevocations)) - - // check that no child certificate identifiers are now registered for root certificate - _, err = utils.QueryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that no child certificate identifiers are registered for revoked intermediate certificate - _, err = utils.QueryChildCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that no child certificate identifiers are registered for revoked leaf certificate - _, err = utils.QueryChildCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) + // root stays approved + indexes := []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // intermediate and leaf are revoked + indexes = []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix, Exist: true}, + {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, + {Key: types.AllCertificatesKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + } + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { diff --git a/x/pki/tests/test-design.md b/x/pki/tests/test-design.md index 60fdc5c2f..585c9359b 100644 --- a/x/pki/tests/test-design.md +++ b/x/pki/tests/test-design.md @@ -39,8 +39,8 @@ Test cases: * Add DA root certificate: `TestHandler_AddDaRootCert`, `TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded`, `TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees` - * Add two DA root certificates with same subject but different SKID: - `TestHandler_AddDaRootCerts_SameSubjectButDifferentSubjectKeyId` + * Add two DA root certificates with same SKID but different subject: + `TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject` * Negative: * TBD diff --git a/x/pki/tests/utils/certificate_assertions.go b/x/pki/tests/utils/certificate_assertions.go new file mode 100644 index 000000000..45cfa1fea --- /dev/null +++ b/x/pki/tests/utils/certificate_assertions.go @@ -0,0 +1,286 @@ +package utils + +import ( + "testing" + + "github.com/stretchr/testify/require" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" +) + +type TestIndex struct { + Key string + Exist bool + Count int +} + +type TestCertificate struct { + Subject string + SubjectKeyID string + Issuer string + AuthorityKeyID string + SerialNumber string + VID int32 + IsRoot bool +} + +type ResolvedCertificate struct { + AllCertificates *types.AllCertificates + AllCertificatesBySubject *types.AllCertificatesBySubject + AllCertificatesBySubjectKeyId []types.AllCertificates + ApprovedCertificates *types.ApprovedCertificates + ApprovedCertificatesBySubject *types.ApprovedCertificatesBySubject + ApprovedCertificatesBySubjectKeyId []types.ApprovedCertificates + ApprovedRootCertificates *types.CertificateIdentifier + ProposedCertificate *types.ProposedCertificate + RejectedCertificate *types.RejectedCertificate + ChildCertificates *types.ChildCertificates + NocCertificates *types.NocCertificates + NocCertificatesBySubject *types.NocCertificatesBySubject + NocCertificatesBySubjectKeyId []types.NocCertificates + ProposedRevocation *types.ProposedCertificateRevocation +} + +func CheckCertificateStateIndexes( + t *testing.T, + setup *TestSetup, + certificate TestCertificate, + indexes []TestIndex, +) ResolvedCertificate { + var resolvedCertificate ResolvedCertificate + + for _, index := range indexes { + if index.Key == types.AllCertificatesKeyPrefix { + if index.Exist { + certificates, _ := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, certificates.Subject) + require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Len(t, certificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) + resolvedCertificate.AllCertificates = certificates + } else { + _, err := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.AllCertificatesBySubjectKeyPrefix { + if index.Exist { + certificatesBySubject, _ := QueryAllCertificatesBySubject(setup, certificate.Subject) + require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) + resolvedCertificate.AllCertificatesBySubject = certificatesBySubject + } else { + _, err := QueryAllCertificatesBySubject(setup, certificate.Subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.AllCertificatesBySubjectKeyIDKeyPrefix { + if index.Exist { + certificateBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Len(t, certificateBySubjectKeyID[0].Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, certificateBySubjectKeyID[0].Certs[0].IsRoot) + resolvedCertificate.AllCertificatesBySubjectKeyId = certificateBySubjectKeyID + } else { + certificatesBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + } + if index.Key == types.ApprovedCertificatesKeyPrefix { + if index.Exist { + certificates, _ := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, certificates.Subject) + require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Len(t, certificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) + resolvedCertificate.ApprovedCertificates = certificates + } else { + _, err := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.ApprovedCertificatesBySubjectKeyPrefix { + if index.Exist { + certificatesBySubject, _ := QueryApprovedCertificatesBySubject(setup, certificate.Subject) + require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) + resolvedCertificate.ApprovedCertificatesBySubject = certificatesBySubject + } else { + _, err := QueryApprovedCertificatesBySubject(setup, certificate.Subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.ApprovedCertificatesBySubjectKeyIDKeyPrefix { + if index.Exist { + approvedCertificatesBySkid, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Len(t, approvedCertificatesBySkid, 1) + require.Len(t, approvedCertificatesBySkid[0].Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, approvedCertificatesBySkid[0].Certs[0].IsRoot) + resolvedCertificate.ApprovedCertificatesBySubjectKeyId = approvedCertificatesBySkid + } else { + certificatesBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + } + if index.Key == types.ApprovedRootCertificatesKeyPrefix { + if index.Exist { + approvedRootCertificate, _ := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, approvedRootCertificate.Subject) + require.Equal(t, certificate.SubjectKeyID, approvedRootCertificate.SubjectKeyId) + resolvedCertificate.ApprovedRootCertificates = approvedRootCertificate + } else { + _, err := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.ProposedCertificateKeyPrefix { + if index.Exist { + proposedCertificate, _ := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, proposedCertificate.Subject) + require.Equal(t, certificate.SubjectKeyID, proposedCertificate.SubjectKeyId) + resolvedCertificate.ProposedCertificate = proposedCertificate + } else { + _, err := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.RejectedCertificateKeyPrefix { + if index.Exist { + rejectedCertificate, _ := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, rejectedCertificate.Subject) + require.Equal(t, certificate.SubjectKeyID, rejectedCertificate.SubjectKeyId) + require.Len(t, rejectedCertificate.Certs, GetExpectedCount(index)) + resolvedCertificate.RejectedCertificate = rejectedCertificate + } else { + _, err := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.ChildCertificatesKeyPrefix { + if index.Exist { + issuerChildren, _ := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) + require.Len(t, issuerChildren.CertIds, GetExpectedCount(index)) + certID := types.CertificateIdentifier{ + Subject: certificate.Subject, + SubjectKeyId: certificate.SubjectKeyID, + } + require.Equal(t, &certID, issuerChildren.CertIds[0]) + resolvedCertificate.ChildCertificates = issuerChildren + } else { + _, err := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.UniqueCertificateKeyPrefix { + require.Equal(t, index.Exist, setup.Keeper.IsUniqueCertificatePresent( + setup.Ctx, certificate.Issuer, certificate.SerialNumber)) + } + if index.Key == types.NocCertificatesKeyPrefix { + if index.Exist { + certificates, _ := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, certificates.Subject) + require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Len(t, certificates.Certs, GetExpectedCount(index)) + resolvedCertificate.NocCertificates = certificates + } else { + _, err := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.NocCertificatesBySubjectKeyIDKeyPrefix { + if index.Exist { + nocCertificatesBySkid, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Len(t, nocCertificatesBySkid, 1) + require.Len(t, nocCertificatesBySkid[0].Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, nocCertificatesBySkid[0].Certs[0].IsRoot) + resolvedCertificate.NocCertificatesBySubjectKeyId = nocCertificatesBySkid + } else { + certificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + } + if index.Key == types.NocCertificatesBySubjectKeyPrefix { + if index.Exist { + nocCertificatesBySubject, _ := QueryNocCertificatesBySubject(setup, certificate.Subject) + require.Len(t, nocCertificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, nocCertificatesBySubject.SubjectKeyIds[0]) + resolvedCertificate.NocCertificatesBySubject = nocCertificatesBySubject + } else { + _, err := QueryNocCertificatesBySubject(setup, certificate.Subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.NocCertificatesByVidAndSkidKeyPrefix { + if index.Exist { + nocCertificatesByVidAndSkid, _ := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) + require.Equal(t, certificate.VID, nocCertificatesByVidAndSkid.Vid) + require.Len(t, nocCertificatesByVidAndSkid.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, nocCertificatesByVidAndSkid.SubjectKeyId) + } else { + _, err := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.NocRootCertificatesKeyPrefix { + if index.Exist { + nocRootCertificatesByVid, _ := QueryNocRootCertificatesByVid(setup, certificate.VID) + require.Equal(t, certificate.VID, nocRootCertificatesByVid.Vid) + require.Len(t, nocRootCertificatesByVid.Certs, GetExpectedCount(index)) + } else { + _, err := QueryNocRootCertificatesByVid(setup, certificate.VID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.NocIcaCertificatesKeyPrefix { + if index.Exist { + nocIcaCertificatesBy, _ := QueryNocIcaCertificatesByVid(setup, certificate.VID) + require.Equal(t, certificate.VID, nocIcaCertificatesBy.Vid) + require.Len(t, nocIcaCertificatesBy.Certs, GetExpectedCount(index)) + } else { + _, err := QueryNocIcaCertificatesByVid(setup, certificate.VID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + if index.Key == types.RevokedNocIcaCertificatesKeyPrefix { + require.Equal(t, index.Exist, setup.Keeper.IsRevokedNocIcaCertificatePresent( + setup.Ctx, certificate.Subject, certificate.SubjectKeyID)) + } + if index.Key == types.RevokedNocRootCertificatesKeyPrefix { + require.Equal(t, index.Exist, setup.Keeper.IsRevokedNocRootCertificatePresent( + setup.Ctx, certificate.Subject, certificate.SubjectKeyID)) + } + if index.Key == types.RevokedCertificatesKeyPrefix { + require.Equal(t, index.Exist, setup.Keeper.IsRevokedCertificatePresent( + setup.Ctx, certificate.Subject, certificate.SubjectKeyID)) + } + if index.Key == types.ProposedCertificateRevocationKeyPrefix { + if index.Exist { + proposedRevocation, _ := QueryProposedCertificateRevocation( + setup, + certificate.Subject, + certificate.SubjectKeyID, + certificate.SerialNumber, + ) + resolvedCertificate.ProposedRevocation = proposedRevocation + } else { + _, err := QueryProposedCertificateRevocation( + setup, + certificate.Subject, + certificate.SubjectKeyID, + certificate.SerialNumber, + ) + require.Equal(t, codes.NotFound, status.Code(err)) + } + } + } + + return resolvedCertificate +} + +func GetExpectedCount(index TestIndex) int { + count := index.Count + if index.Count == 0 { + count = 1 + } + return count +} diff --git a/x/pki/tests/utils/certificate_assertions_da.go b/x/pki/tests/utils/certificate_assertions_da.go deleted file mode 100644 index daf6dc67a..000000000 --- a/x/pki/tests/utils/certificate_assertions_da.go +++ /dev/null @@ -1,210 +0,0 @@ -package utils - -import ( - "testing" - - "github.com/stretchr/testify/require" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" -) - -func EnsureCertificatePresentInDaCertificateIndexes( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - serialNumber string, - isRoot bool, - skipCheckForSubject bool, -) *types.ApprovedCertificates { - t.Helper() - - // DaCertificates: Subject and SKID - approvedCertificates, _ := QueryApprovedCertificates(setup, subject, subjectKeyID) - require.Equal(t, subject, approvedCertificates.Subject) - require.Equal(t, subjectKeyID, approvedCertificates.SubjectKeyId) - require.Len(t, approvedCertificates.Certs, 1) - require.Equal(t, serialNumber, approvedCertificates.Certs[0].SerialNumber) - require.Equal(t, isRoot, approvedCertificates.Certs[0].IsRoot) - - if isRoot { - // DaCertificates: Root Subject and SKID - approvedRootCertificate, _ := QueryApprovedRootCertificates(setup, subject, subjectKeyID) - require.Equal(t, subject, approvedRootCertificate.Subject) - require.Equal(t, subjectKeyID, approvedRootCertificate.SubjectKeyId) - } - - // DaCertificates: SKID - certificateBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Len(t, certificateBySubjectKeyID, 1) - require.Len(t, certificateBySubjectKeyID[0].Certs, 1) - require.Equal(t, serialNumber, certificateBySubjectKeyID[0].Certs[0].SerialNumber) - require.Equal(t, isRoot, certificateBySubjectKeyID[0].Certs[0].IsRoot) - - if !skipCheckForSubject { - // DACertificates: Subject - certificatesBySubject, _ := QueryApprovedCertificatesBySubject(setup, subject) - require.Len(t, certificatesBySubject.SubjectKeyIds, 1) - require.Equal(t, subjectKeyID, certificatesBySubject.SubjectKeyIds[0]) - } - - return approvedCertificates -} - -func EnsureCertificateNotPresentInDaCertificateIndexes( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - isRoot bool, - skipCheckBySubject bool, // TODO: FIX constants and eliminate this condition - skipCheckBySkid bool, -) { - t.Helper() - - // DA certificates indexes checks - - // DaCertificates: Subject and SKID - _, err := QueryApprovedCertificates(setup, subject, subjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - if isRoot { - // DaCertificates: Root Subject and SKID - _, err := QueryApprovedRootCertificates(setup, subject, subjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } - - if !skipCheckBySkid { - // DaCertificates: SubjectKeyID - certificatesBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - } - - if !skipCheckBySubject { - // NocCertificates: Subject - _, err = QueryApprovedCertificatesBySubject(setup, subject) - require.Equal(t, codes.NotFound, status.Code(err)) - } -} - -func EnsureDaRootCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, -) *types.ApprovedCertificates { - t.Helper() - - // DA certificates indexes checks - certificate := EnsureCertificatePresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, true, false) - - // All certificates indexes checks - EnsureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, false) - - // UniqueCertificate: check that unique certificate key registered - EnsureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) - - return certificate -} - -func EnsureDaIntermediateCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - skipCheckForSubject bool, -) *types.ApprovedCertificates { - t.Helper() - - // DA certificates indexes checks - certificate := EnsureCertificatePresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, false, skipCheckForSubject) - - // All certificates indexes checks - EnsureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, skipCheckForSubject) - - // UniqueCertificate: check that unique certificate key registered - EnsureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) - - return certificate -} - -func EnsureDaRootCertificateNotExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - isRevoked bool, -) { - t.Helper() - - // DA certificates indexes checks - EnsureCertificateNotPresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, true, false, false) - - // All certificates indexes checks - EnsureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, false, false) - - // UniqueCertificate: check that unique certificate key registered - EnsureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, isRevoked) -} - -func EnsureDaIntermediateCertificateNotExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - skipCheckForUniqueness bool, - skipCheckForSubject bool, -) { - t.Helper() - - // DA certificates indexes checks - EnsureCertificateNotPresentInDaCertificateIndexes(t, setup, subject, subjectKeyID, false, skipCheckForSubject, false) - - // All certificates indexes checks - EnsureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, skipCheckForSubject, false) - - // UniqueCertificate: check that unique certificate key registered - EnsureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, skipCheckForUniqueness) -} - -func EnsureProposedDaRootCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - serialNumber string, -) *types.ProposedCertificate { - t.Helper() - - proposedCertificate, _ := QueryProposedCertificate(setup, subject, subjectKeyID) - require.Equal(t, subject, proposedCertificate.Subject) - require.Equal(t, subjectKeyID, proposedCertificate.SubjectKeyId) - require.Equal(t, serialNumber, proposedCertificate.SerialNumber) - - return proposedCertificate -} - -func EnsureRejectedDaRootCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, -) *types.Certificate { - t.Helper() - - proposedCertificate, _ := QueryRejectedCertificates(setup, subject, subjectKeyID) - require.Equal(t, subject, proposedCertificate.Subject) - require.Equal(t, subjectKeyID, proposedCertificate.SubjectKeyId) - require.Len(t, proposedCertificate.Certs, 1) - - return proposedCertificate.Certs[0] -} diff --git a/x/pki/tests/utils/certificate_assertions_global.go b/x/pki/tests/utils/certificate_assertions_global.go deleted file mode 100644 index c149438e6..000000000 --- a/x/pki/tests/utils/certificate_assertions_global.go +++ /dev/null @@ -1,120 +0,0 @@ -package utils - -import ( - "testing" - - "github.com/stretchr/testify/require" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" -) - -func EnsureUniqueCertificateCertificateExist( - t *testing.T, - setup *TestSetup, - issuer string, - serialNumber string, -) { - t.Helper() - - // UniqueCertificate: check that unique certificate key registered - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, issuer, serialNumber)) -} - -func EnsureUniqueCertificateCertificateNotExist( - t *testing.T, - setup *TestSetup, - issuer string, - serialNumber string, - skipCheck bool, -) { - t.Helper() - - if !skipCheck { - // UniqueCertificate: check that unique certificate key registered - found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, issuer, serialNumber) - require.False(t, found) - } -} - -func EnsureGlobalCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - serialNumber string, - skipCheckForSubject bool, // TODO: FIX constants and eliminate this condition -) { - t.Helper() - - // AllCertificate: Subject and SKID - allCertificate, err := QueryAllCertificates(setup, subject, subjectKeyID) - require.NoError(t, err) - require.Equal(t, subject, allCertificate.Subject) - require.Equal(t, subjectKeyID, allCertificate.SubjectKeyId) - require.Len(t, allCertificate.Certs, 1) - require.Equal(t, serialNumber, allCertificate.Certs[0].SerialNumber) - - // AllCertificate: SKID - certificateBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Len(t, certificateBySubjectKeyID, 1) - require.Len(t, certificateBySubjectKeyID[0].Certs, 1) - require.Equal(t, serialNumber, certificateBySubjectKeyID[0].Certs[0].SerialNumber) - - if !skipCheckForSubject { - // AllCertificate: Subject - certificatesBySubject, _ := QueryAllCertificatesBySubject(setup, subject) - require.Len(t, certificatesBySubject.SubjectKeyIds, 1) - require.Equal(t, subjectKeyID, certificatesBySubject.SubjectKeyIds[0]) - } -} - -func EnsureGlobalCertificateNotExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - skipCheckForSubject bool, // TODO: FIX constants and eliminate this condition - skipCheckForSkid bool, -) { - t.Helper() - - // All certificates indexes checks - - // AllCertificate: Subject and SKID - _, err := QueryAllCertificates(setup, subject, subjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - if !skipCheckForSkid { - // AllCertificate: SKID - certificatesBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - } - - if !skipCheckForSubject { - // AllCertificate: Subject - _, err = QueryAllCertificatesBySubject(setup, subject) - require.Equal(t, codes.NotFound, status.Code(err)) - } -} - -func EnsureChildCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - authorityKeyID string, -) { - t.Helper() - - issuerChildren, _ := QueryChildCertificates(setup, subject, subjectKeyID) - require.Len(t, issuerChildren.CertIds, 1) - - certID := types.CertificateIdentifier{ - Subject: issuer, - SubjectKeyId: authorityKeyID, - } - require.Equal(t, &certID, issuerChildren.CertIds[0]) -} diff --git a/x/pki/tests/utils/certificate_assertions_noc.go b/x/pki/tests/utils/certificate_assertions_noc.go deleted file mode 100644 index 357606c7a..000000000 --- a/x/pki/tests/utils/certificate_assertions_noc.go +++ /dev/null @@ -1,198 +0,0 @@ -package utils - -import ( - "testing" - - "github.com/stretchr/testify/require" - testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" -) - -func EnsureCertificatePresentInNocCertificateIndexes( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - serialNumber string, - vid int32, - isRoot bool, - skipCheckByVid bool, -) { - t.Helper() - - // Noc certificates indexes checks - - // NocCertificates: Subject and SKID - nocCertificate, _ := QueryNocCertificates(setup, subject, subjectKeyID) - require.Equal(t, subject, nocCertificate.Subject) - require.Equal(t, subjectKeyID, nocCertificate.SubjectKeyId) - require.Equal(t, testconstants.SchemaVersion, nocCertificate.SchemaVersion) - require.Len(t, nocCertificate.Certs, 1) - require.Equal(t, serialNumber, nocCertificate.Certs[0].SerialNumber) - - // NocCertificates: SubjectKeyID - nocCertificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Len(t, nocCertificatesBySubjectKeyID, 1) - require.Len(t, nocCertificatesBySubjectKeyID[0].Certs, 1) - require.Equal(t, serialNumber, nocCertificatesBySubjectKeyID[0].Certs[0].SerialNumber) - - // NocCertificates: Subject - nocCertificatesBySubject, _ := QueryNocCertificatesBySubject(setup, subject) - require.Equal(t, subject, nocCertificatesBySubject.Subject) - require.Len(t, nocCertificatesBySubject.SubjectKeyIds, 1) - require.Equal(t, subjectKeyID, nocCertificatesBySubject.SubjectKeyIds[0]) - - // NocCertificates: VID and SKID - nocCertificateByVidAndSkid, _ := QueryNocCertificatesByVidAndSkid(setup, vid, subjectKeyID) - require.Equal(t, vid, nocCertificateByVidAndSkid.Vid) - require.Len(t, nocCertificateByVidAndSkid.Certs, 1) - require.Equal(t, subjectKeyID, nocCertificateByVidAndSkid.SubjectKeyId) - - if skipCheckByVid { - return - } - - // NocCertificates: VID - if isRoot { - nocRootCertificate, _ := QueryNocRootCertificates(setup, vid) - require.Equal(t, vid, nocRootCertificate.Vid) - require.Len(t, nocRootCertificate.Certs, 1) - } else { - nocIcaCertificate, _ := QueryNocIcaCertificatesByVid(setup, vid) - require.Equal(t, vid, nocIcaCertificate.Vid) - require.Len(t, nocIcaCertificate.Certs, 1) - } -} - -func EnsureCertificateNotPresentInNocCertificateIndexes( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - vid int32, - isRoot bool, - skipCheckByVid bool, -) { - t.Helper() - - // Noc certificates indexes checks - - // NocCertificates: Subject and SKID - _, err := QueryNocCertificates(setup, subject, subjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // NocCertificates: SubjectKeyID - certificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, subjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - - // NocCertificates: Subject - _, err = QueryNocCertificatesBySubject(setup, subject) - require.Equal(t, codes.NotFound, status.Code(err)) - - // NocCertificates: VID and SKID - _, err = QueryNocCertificatesByVidAndSkid(setup, vid, subjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // NocCertificates: VID - if skipCheckByVid { - return - } - - if isRoot { - _, err = QueryNocRootCertificates(setup, vid) - require.Equal(t, codes.NotFound, status.Code(err)) - } else { - _, err = QueryNocIcaCertificatesByVid(setup, vid) - require.Equal(t, codes.NotFound, status.Code(err)) - } -} - -func EnsureNocRootCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - vid int32, -) { - t.Helper() - - // Noc certificates indexes checks - EnsureCertificatePresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, vid, true, false) - - // All certificates indexes checks - EnsureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, false) - - // UniqueCertificate: check that unique certificate key registered - EnsureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) -} - -func EnsureNocIntermediateCertificateExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - vid int32, - skipCheckByVid bool, -) { - t.Helper() - - // Noc certificates indexes checks - EnsureCertificatePresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, serialNumber, vid, false, skipCheckByVid) - - // All certificates indexes checks - EnsureGlobalCertificateExist(t, setup, subject, subjectKeyID, serialNumber, false) - - // UniqueCertificate: check that unique certificate key registered - EnsureUniqueCertificateCertificateExist(t, setup, issuer, serialNumber) -} - -func EnsureNocIntermediateCertificateNotExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - vid int32, - skipCheckByVid bool, - skipCheckForUniqueness bool, -) { - t.Helper() - - // Noc certificates indexes checks - EnsureCertificateNotPresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, vid, false, skipCheckByVid) - - // All certificates indexes checks - EnsureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, false, false) - - // UniqueCertificate: check that unique certificate key registered - EnsureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, skipCheckForUniqueness) -} - -func EnsureNocRootCertificateNotExist( - t *testing.T, - setup *TestSetup, - subject string, - subjectKeyID string, - issuer string, - serialNumber string, - vid int32, - skipCheckByVid bool, - skipCheckForUniqueness bool, -) { - t.Helper() - - // Noc certificates indexes checks - EnsureCertificateNotPresentInNocCertificateIndexes(t, setup, subject, subjectKeyID, vid, true, skipCheckByVid) - - // All certificates indexes checks - EnsureGlobalCertificateNotExist(t, setup, subject, subjectKeyID, false, false) - - // UniqueCertificate: check that unique certificate key registered - EnsureUniqueCertificateCertificateNotExist(t, setup, issuer, serialNumber, skipCheckForUniqueness) -} diff --git a/x/pki/tests/utils/certificate_helpers_da.go b/x/pki/tests/utils/certificate_helpers.go similarity index 97% rename from x/pki/tests/utils/certificate_helpers_da.go rename to x/pki/tests/utils/certificate_helpers.go index e7ed225c8..3e1f824da 100644 --- a/x/pki/tests/utils/certificate_helpers_da.go +++ b/x/pki/tests/utils/certificate_helpers.go @@ -34,6 +34,6 @@ func AddMokedDaCertificate( certificate types.Certificate, isRoot bool, ) { - setup.Keeper.SetUniqueCertificate(setup.Ctx, UniqueCertificate(certificate.Subject, certificate.SerialNumber)) + setup.Keeper.SetUniqueCertificate(setup.Ctx, UniqueCertificate(certificate.Issuer, certificate.SerialNumber)) setup.Keeper.StoreDaCertificate(setup.Ctx, certificate, isRoot) } diff --git a/x/pki/tests/utils/certificate_queries_noc.go b/x/pki/tests/utils/certificate_queries_noc.go index 0d5813090..50cc074b9 100644 --- a/x/pki/tests/utils/certificate_queries_noc.go +++ b/x/pki/tests/utils/certificate_queries_noc.go @@ -89,7 +89,7 @@ func QueryNocCertificatesBySubjectKeyID( return resp.NocCertificates, nil } -func QueryNocRootCertificates( +func QueryNocRootCertificatesByVid( setup *TestSetup, vid int32, ) (*types.NocRootCertificates, error) { diff --git a/x/pki/tests/utils/data.go b/x/pki/tests/utils/data.go index 7310b99ba..787a12c97 100644 --- a/x/pki/tests/utils/data.go +++ b/x/pki/tests/utils/data.go @@ -85,3 +85,182 @@ func IntermediateCertificateNoVid(address sdk.AccAddress) types.Certificate { testconstants.SchemaVersion, ) } + +func CreateTestRootCert() TestCertificate { + return TestCertificate{ + Subject: testconstants.RootSubject, + SubjectKeyID: testconstants.RootSubjectKeyID, + SerialNumber: testconstants.RootSerialNumber, + Issuer: testconstants.RootIssuer, + AuthorityKeyID: testconstants.RootSubjectKeyID, + IsRoot: true, + } +} + +func CreateTestRootCertWithSameSubject() TestCertificate { + return TestCertificate{ + Subject: testconstants.PAACertWithSameSubjectID1Subject, + SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, + SerialNumber: testconstants.PAACertWithSameSubjectSerialNumber, + Issuer: testconstants.PAACertWithSameSubjectIssuer, + IsRoot: true, + } +} + +func CreateTestRootCertWithSameSubject2() TestCertificate { + return TestCertificate{ + Subject: testconstants.PAACertWithSameSubjectID2Subject, + SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, + SerialNumber: testconstants.PAACertWithSameSubject2SerialNumber, + Issuer: testconstants.PAACertWithSameSubject2Issuer, + IsRoot: true, + } +} + +func CreateTestRootCertWithSameSubjectAndSkid1() TestCertificate { + return TestCertificate{ + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + SerialNumber: testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, + Issuer: testconstants.RootCertWithSameSubjectAndSKID1Issuer, + AuthorityKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubject, + IsRoot: true, + } +} + +func CreateTestRootCertWithSameSubjectAndSkid2() TestCertificate { + return TestCertificate{ + Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + SerialNumber: testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, + Issuer: testconstants.RootCertWithSameSubjectAndSKID2Issuer, + AuthorityKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubject, + IsRoot: true, + } +} + +func CreateTestIntermediateCert() TestCertificate { + return TestCertificate{ + Subject: testconstants.IntermediateSubject, + SubjectKeyID: testconstants.IntermediateSubjectKeyID, + SerialNumber: testconstants.IntermediateSerialNumber, + Issuer: testconstants.IntermediateIssuer, + AuthorityKeyID: testconstants.IntermediateAuthorityKeyID, + IsRoot: false, + } +} + +func CreateTestIntermediateVidScopedCert() TestCertificate { + return TestCertificate{ + Subject: testconstants.PAICertWithNumericPidVidSubject, + SubjectKeyID: testconstants.PAICertWithNumericPidVidSubjectKeyID, + SerialNumber: testconstants.PAICertWithNumericPidVidSerialNumber, + Issuer: testconstants.PAACertWithNumericVidSubject, + AuthorityKeyID: testconstants.PAACertWithNumericVidSubjectKeyID, + IsRoot: false, + } +} + +func CreateTestIntermediateCertWithSameSubjectAndSKID1() TestCertificate { + return TestCertificate{ + Subject: testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, + SerialNumber: testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, + Issuer: testconstants.IntermediateCertWithSameSubjectIssuer, + AuthorityKeyID: testconstants.IntermediateCertWithSameSubjectAuthorityKeyID, + IsRoot: false, + } +} + +func CreateTestIntermediateCertWithSameSubjectAndSKID2() TestCertificate { + return TestCertificate{ + Subject: testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, + SerialNumber: testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, + Issuer: testconstants.IntermediateCertWithSameSubjectIssuer, + AuthorityKeyID: testconstants.IntermediateCertWithSameSubjectAuthorityKeyID, + IsRoot: false, + } +} + +func CreateTestLeafCertWithSameSubjectAndSKID() TestCertificate { + return TestCertificate{ + Subject: testconstants.LeafCertWithSameSubjectAndSKIDSubject, + SubjectKeyID: testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID, + SerialNumber: testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, + Issuer: testconstants.LeafCertWithSameSubjectIssuer, + AuthorityKeyID: testconstants.LeafCertWithSameSubjectAuthorityKeyID, + IsRoot: false, + } +} + +func CreateTestLeafCert() TestCertificate { + return TestCertificate{ + Subject: testconstants.LeafSubject, + SubjectKeyID: testconstants.LeafSubjectKeyID, + SerialNumber: testconstants.LeafSerialNumber, + Issuer: testconstants.LeafIssuer, + AuthorityKeyID: testconstants.LeafAuthorityKeyID, + IsRoot: false, + } +} + +func CreateTestNocRoot1Cert() TestCertificate { + return TestCertificate{ + Subject: testconstants.NocRootCert1Subject, + SubjectKeyID: testconstants.NocRootCert1SubjectKeyID, + SerialNumber: testconstants.NocRootCert1SerialNumber, + Issuer: testconstants.NocRootCert1Issuer, + AuthorityKeyID: testconstants.NocRootCert1SubjectKeyID, + VID: testconstants.Vid, + IsRoot: true, + } +} + +func CreateTestNocRoot2Cert() TestCertificate { + return TestCertificate{ + Subject: testconstants.NocRootCert1CopySubject, + SubjectKeyID: testconstants.NocRootCert1CopySubjectKeyID, + SerialNumber: testconstants.NocRootCert1CopySerialNumber, + Issuer: testconstants.NocRootCert1CopyIssuer, + AuthorityKeyID: testconstants.NocRootCert1CopySubjectKeyID, + VID: testconstants.Vid, + IsRoot: true, + } +} + +func CreateTestNocIca1Cert() TestCertificate { + return TestCertificate{ + Subject: testconstants.NocCert1Subject, + SubjectKeyID: testconstants.NocCert1SubjectKeyID, + SerialNumber: testconstants.NocCert1SerialNumber, + Issuer: testconstants.NocCert1Issuer, + AuthorityKeyID: testconstants.NocCert1AuthorityKeyID, + VID: testconstants.Vid, + IsRoot: false, + } +} + +func CreateTestNocIca1CertCopy() TestCertificate { + return TestCertificate{ + Subject: testconstants.NocCert1CopySubject, + SubjectKeyID: testconstants.NocCert1CopySubjectKeyID, + SerialNumber: testconstants.NocCert1CopySerialNumber, + Issuer: testconstants.NocCert1CopyIssuer, + AuthorityKeyID: testconstants.NocCert1CopyAuthorityKeyID, + VID: testconstants.Vid, + IsRoot: false, + } +} + +func CreateTestNocLeafCert() TestCertificate { + return TestCertificate{ + Subject: testconstants.NocLeafCert1Subject, + SubjectKeyID: testconstants.NocLeafCert1SubjectKeyID, + SerialNumber: testconstants.NocLeafCert1SerialNumber, + Issuer: testconstants.NocLeafCert1Issuer, + AuthorityKeyID: testconstants.NocLeafCert1AuthorityKeyID, + VID: testconstants.Vid, + IsRoot: false, + } +} diff --git a/x/pki/types/key_approved_root_certificates.go b/x/pki/types/key_approved_root_certificates.go new file mode 100644 index 000000000..60c5c08a8 --- /dev/null +++ b/x/pki/types/key_approved_root_certificates.go @@ -0,0 +1,10 @@ +package types + +import "encoding/binary" + +var _ binary.ByteOrder + +const ( + // ApprovedRootCertificatesKeyPrefix is the prefix to retrieve all ApprovedRootCertificates + ApprovedRootCertificatesKeyPrefix = "ApprovedRootCertificates/value/" +) diff --git a/x/pki/types/key_revoked_root_certificates.go b/x/pki/types/key_revoked_root_certificates.go new file mode 100644 index 000000000..300ee3a58 --- /dev/null +++ b/x/pki/types/key_revoked_root_certificates.go @@ -0,0 +1,10 @@ +package types + +import "encoding/binary" + +var _ binary.ByteOrder + +const ( + // RevokedRootCertificatesKeyPrefix is the prefix to retrieve all RevokedRootCertificates + RevokedRootCertificatesKeyPrefix = "RevokedRootCertificates/value/" +) From 6feaedad9300b244a4da821029c08941c14044ac Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Mon, 2 Dec 2024 11:19:26 +0300 Subject: [PATCH 04/11] Refactoring PKI unit tests --- .../all_certificates_by_subject_key_id.go | 20 +- ...approved_certificates_by_subject_key_id.go | 12 - x/pki/tests/handler_add_noc_ica_cert_test.go | 137 ++--- x/pki/tests/handler_add_noc_root_cert_test.go | 126 ++-- x/pki/tests/handler_add_paa_cert_test.go | 562 +++++++++++------- x/pki/tests/handler_add_pai_cert_test.go | 151 ++--- x/pki/tests/handler_assign_vid_test.go | 28 +- .../tests/handler_remove_noc_ica_cert_test.go | 467 ++++++++------- .../handler_remove_noc_root_cert_test.go | 316 +++++----- x/pki/tests/handler_remove_pai_cert_test.go | 231 ++++--- .../tests/handler_revoke_noc_ica_cert_test.go | 161 +++-- .../handler_revoke_noc_root_cert_test.go | 34 +- x/pki/tests/handler_revoke_paa_cert_test.go | 294 +++++---- x/pki/tests/handler_revoke_pai_cert_test.go | 106 ++-- x/pki/tests/test-design.md | 4 + x/pki/tests/utils/account.go | 2 +- x/pki/tests/utils/certificate_assertions.go | 388 ++++++------ x/pki/tests/utils/certificate_helpers.go | 9 + x/pki/tests/utils/data.go | 33 + .../all_certificates_by_subject_key_id.pb.go | 6 +- ...roved_certificates_by_subject_key_id.pb.go | 6 +- x/pki/types/genesis_test.go | 8 +- .../key_all_certificates_by_subject_key_id.go | 2 +- ...approved_certificates_by_subject_key_id.go | 2 +- 24 files changed, 1745 insertions(+), 1360 deletions(-) diff --git a/x/pki/keeper/all_certificates_by_subject_key_id.go b/x/pki/keeper/all_certificates_by_subject_key_id.go index 93384e4c1..92f383438 100644 --- a/x/pki/keeper/all_certificates_by_subject_key_id.go +++ b/x/pki/keeper/all_certificates_by_subject_key_id.go @@ -8,7 +8,7 @@ import ( "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) -// SetAllCertificatesBySubjectKeyID set a specific AllCertificatesBySubjectKeyId in the store from its index. +// SetAllCertificatesBySubjectKeyID set a specific AllCertificatesBySubjectKeyID in the store from its index. func (k Keeper) SetAllCertificatesBySubjectKeyID(ctx sdk.Context, allCertificatesBySubjectKeyID types.AllCertificatesBySubjectKeyId) { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix)) b := k.cdc.MustMarshal(&allCertificatesBySubjectKeyID) @@ -49,7 +49,7 @@ func (k Keeper) addAllCertificatesBySubjectKeyID(ctx sdk.Context, subjectKeyID s k.SetAllCertificatesBySubjectKeyID(ctx, AllCertificates) } -// GetAllCertificatesBySubjectKeyID returns a AllCertificatesBySubjectKeyId from its index. +// GetAllCertificatesBySubjectKeyID returns a AllCertificatesBySubjectKeyID from its index. func (k Keeper) GetAllCertificatesBySubjectKeyID( ctx sdk.Context, subjectKeyID string, @@ -69,7 +69,7 @@ func (k Keeper) GetAllCertificatesBySubjectKeyID( return val, true } -// RemoveAllCertificatesBySubjectKeyID removes a AllCertificatesBySubjectKeyId from the store. +// RemoveAllCertificatesBySubjectKeyID removes a AllCertificatesBySubjectKeyID from the store. func (k Keeper) RemoveAllCertificatesBySubjectKeyID( ctx sdk.Context, subject string, @@ -104,7 +104,7 @@ func (k Keeper) RemoveAllCertificatesBySubjectKeyIDBySerialNumber(ctx sdk.Contex }) } -// GetAllAllCertificatesBySubjectKeyID returns all AllCertificatesBySubjectKeyId. +// GetAllAllCertificatesBySubjectKeyID returns all AllCertificatesBySubjectKeyID. func (k Keeper) GetAllAllCertificatesBySubjectKeyID(ctx sdk.Context) (list []types.AllCertificatesBySubjectKeyId) { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix)) iterator := sdk.KVStorePrefixIterator(store, []byte{}) @@ -145,15 +145,3 @@ func (k Keeper) _removeAllCertificatesFromSubjectKeyIDState(ctx sdk.Context, sub k.SetAllCertificatesBySubjectKeyID(ctx, certs) } } - -// IsCertificatesBySubjectKeyIdPresent Check if the Certificate By Subject Key ID is present in the store. -func (k Keeper) IsCertificatesBySubjectKeyIdPresent( - ctx sdk.Context, - subjectKeyID string, -) bool { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix)) - - return store.Has(types.AllCertificatesBySubjectKeyIDKey( - subjectKeyID, - )) -} diff --git a/x/pki/keeper/approved_certificates_by_subject_key_id.go b/x/pki/keeper/approved_certificates_by_subject_key_id.go index bd02c92e3..5d8336606 100644 --- a/x/pki/keeper/approved_certificates_by_subject_key_id.go +++ b/x/pki/keeper/approved_certificates_by_subject_key_id.go @@ -145,15 +145,3 @@ func (k Keeper) _removeApprovedCertificatesFromSubjectKeyIDState(ctx sdk.Context k.SetApprovedCertificatesBySubjectKeyID(ctx, certs) } } - -// IsApprovedCertificatesBySubjectKeyIdPresent Check if the Approved Certificate By Subject Key ID is present in the store. -func (k Keeper) IsApprovedCertificatesBySubjectKeyIdPresent( - ctx sdk.Context, - subjectKeyID string, -) bool { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyIDKeyPrefix)) - - return store.Has(types.ApprovedCertificatesBySubjectKeyIDKey( - subjectKeyID, - )) -} diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 3ba9fc317..8ade55b79 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -21,107 +21,88 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { accAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM) // add NOC ICA certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, accAddress, icaCertificate.PEM) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // we create root certificate as well but ica should not get there - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } // Extra cases -func TestHandler_AddNocX509Cert_Renew(t *testing.T) { +func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - vid := testconstants.Vid - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + accAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM) // Store the NOC certificate - newNocCertificate := types.NewNocCertificate( - testconstants.NocCert1, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectAsText, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - accAddress.String(), - vid, - testconstants.SchemaVersion, - ) - newNocCertificate.SerialNumber = testconstants.TestSerialNumber - - setup.Keeper.AddAllCertificate(setup.Ctx, newNocCertificate) - setup.Keeper.AddNocCertificate(setup.Ctx, newNocCertificate) - setup.Keeper.AddNocCertificateBySubjectKeyID(setup.Ctx, newNocCertificate) - setup.Keeper.AddNocCertificateBySubject(setup.Ctx, newNocCertificate) - setup.Keeper.AddNocIcaCertificate(setup.Ctx, newNocCertificate) - uniqueCertificate := types.UniqueCertificate{ - Issuer: newNocCertificate.Issuer, - SerialNumber: newNocCertificate.SerialNumber, - Present: true, - } - setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) + icaCertificate := utils.CreateTestNocIca1Cert() + intermediateCertificate := utils.NocIntermediateCertificate(accAddress) + intermediateCertificate.SerialNumber = testconstants.TestSerialNumber + utils.AddMokedNocCertificate(setup, intermediateCertificate, false) // add the new NOC certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addNocX509Cert := types.NewMsgAddNocX509IcaCert( + accAddress.String(), + icaCertificate.PEM, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509Cert) require.NoError(t, err) // query noc certificate by Subject and SKID - nocCertificates, err := utils.QueryNocCertificates(setup, newNocCertificate.Subject, newNocCertificate.SubjectKeyId) - require.NoError(t, err) - require.Equal(t, len(nocCertificates.Certs), 2) - require.Equal(t, &newNocCertificate, nocCertificates.Certs[0]) - - // query noc certificate by Subject - nocCertificatesBySubject, err := utils.QueryNocCertificatesBySubject(setup, newNocCertificate.Subject) - require.NoError(t, err) - require.Equal(t, 1, len(nocCertificatesBySubject.SubjectKeyIds)) - - // query noc certificate by SKID - nocCertificatesBySubjectKeyID, err := utils.QueryNocCertificatesBySubjectKeyID(setup, newNocCertificate.SubjectKeyId) - require.NoError(t, err) - require.Equal(t, 1, len(nocCertificatesBySubjectKeyID)) - require.Equal(t, 2, len(nocCertificatesBySubjectKeyID[0].Certs)) - require.Equal(t, testconstants.NocCert1Subject, nocCertificatesBySubjectKeyID[0].Certs[0].Subject) - require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCertificatesBySubjectKeyID[0].Certs[0].SubjectKeyId) - require.Equal(t, vid, nocCertificatesBySubjectKeyID[0].Certs[0].Vid) - - // query noc certificate by VID - nocCertificatesByVid, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, len(nocCertificatesByVid.Certs), 2) - require.Equal(t, testconstants.NocCert1Subject, nocCertificatesByVid.Certs[0].Subject) - require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCertificatesByVid.Certs[0].SubjectKeyId) - require.Equal(t, vid, nocCertificatesByVid.Certs[0].Vid) + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } // Error cases diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index dfc882d23..5b3705550 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -21,96 +21,76 @@ func TestHandler_AddNocRootCert(t *testing.T) { // add NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } // Extra cases -func TestHandler_AddNocX509RootCert_Renew(t *testing.T) { +func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + accAddress := setup.CreateVendorAccount(testconstants.Vid) // Store the NOC root certificate - nocRootCertificate := utils.RootCertificate(accAddress) - nocRootCertificate.SerialNumber = testconstants.TestSerialNumber - nocRootCertificate.CertificateType = types.CertificateType_OperationalPKI - nocRootCertificate.Approvals = nil - nocRootCertificate.Rejects = nil - - setup.Keeper.AddAllCertificate(setup.Ctx, nocRootCertificate) - setup.Keeper.AddNocCertificate(setup.Ctx, nocRootCertificate) - setup.Keeper.AddNocRootCertificate(setup.Ctx, nocRootCertificate) - setup.Keeper.AddNocCertificateBySubject(setup.Ctx, nocRootCertificate) - - uniqueCertificate := types.UniqueCertificate{ - Issuer: nocRootCertificate.Issuer, - SerialNumber: nocRootCertificate.SerialNumber, - Present: true, - } - setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) - - // new NOC root certificate - newNocCertificate := utils.RootCertificate(accAddress) - newNocCertificate.CertificateType = types.CertificateType_OperationalPKI - newNocCertificate.Approvals = nil - newNocCertificate.Rejects = nil + rootCertificate1 := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, accAddress, rootCertificate1.PEM) // add the new NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), newNocCertificate.PemCert, testconstants.CertSchemaVersion) + rootCertificate2 := utils.CreateTestNocRoot2Cert() + addNocX509RootCert := types.NewMsgAddNocX509RootCert( + accAddress.String(), + rootCertificate2.PEM, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) - // query noc root certificate by Subject and SKID - nocCertificates, err := utils.QueryNocCertificates(setup, newNocCertificate.Subject, newNocCertificate.SubjectKeyId) - require.NoError(t, err) - require.Equal(t, len(nocCertificates.Certs), 2) - require.Equal(t, &newNocCertificate, nocCertificates.Certs[1]) - - // query noc root certificate by Subject - nocCertificatesBySubject, err := utils.QueryNocCertificatesBySubject(setup, newNocCertificate.Subject) - require.NoError(t, err) - require.Equal(t, 1, len(nocCertificatesBySubject.SubjectKeyIds)) - require.Equal(t, newNocCertificate.SubjectKeyId, nocCertificatesBySubject.SubjectKeyIds[0]) - - // query noc root certificate by SKID - nocCertificatesBySubjectKeyID, err := utils.QueryNocCertificatesBySubjectKeyID(setup, newNocCertificate.SubjectKeyId) - require.NoError(t, err) - require.Equal(t, 1, len(nocCertificatesBySubjectKeyID)) - require.Equal(t, 1, len(nocCertificatesBySubjectKeyID[0].Certs)) - require.Equal(t, &newNocCertificate, nocCertificatesBySubjectKeyID[0].Certs[0]) - - // query noc root certificate by VID - nocRootCertificates, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, len(nocRootCertificates.Certs), 2) - require.Equal(t, &newNocCertificate, nocRootCertificates.Certs[1]) - - // query noc root certificate by VID and SKID - renewedNocRootCertificate, err := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, newNocCertificate.SubjectKeyId) - require.NoError(t, err) - require.Equal(t, &newNocCertificate, renewedNocRootCertificate.Certs[0]) + // check indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } // Error cases diff --git a/x/pki/tests/handler_add_paa_cert_test.go b/x/pki/tests/handler_add_paa_cert_test.go index 516d514fd..666057fa8 100644 --- a/x/pki/tests/handler_add_paa_cert_test.go +++ b/x/pki/tests/handler_add_paa_cert_test.go @@ -25,7 +25,7 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { // propose DA root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + rootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion, @@ -34,17 +34,21 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -61,7 +65,7 @@ func TestHandler_AddDaRootCert(t *testing.T) { // propose add x509 root certificate by trustee proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + rootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion, @@ -72,25 +76,29 @@ func TestHandler_AddDaRootCert(t *testing.T) { // approve by second trustee approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( setup.Trustee2.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } @@ -103,7 +111,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { // propose x509 root certificate by account without trustee role proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + rootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion, @@ -121,36 +129,40 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { for i := 1; i < twoThirds-1; i++ { approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( trusteeAccounts[i].String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - _, err = utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryApprovedCertificates(setup, rootCertificate.Subject, rootCertificate.SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) } // One more approval will move this to approved state from pending approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee2.String(), rootCertificate.Subject, rootCertificate.SubjectKeyID, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -180,7 +192,7 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) // propose x509 root certificate by account Trustee1 proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + rootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion, @@ -191,8 +203,8 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) // approve x509 root certificate by account Trustee2 approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( setup.Trustee2.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) @@ -201,8 +213,8 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) // approve x509 root certificate by account Trustee3 approveAddX509RootCert = types.NewMsgApproveAddX509RootCert( setup.Trustee3.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) @@ -211,41 +223,48 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) // reject x509 root certificate by account Trustee4 rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( fourthTrustee.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) // Check: ProposedCertificate - present because we haven't enough approvals - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // approve x509 root certificate by account Trustee5 approveAddX509RootCert = types.NewMsgApproveAddX509RootCert( fifthTrustee.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) // Check indexes - indexes = []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } @@ -255,18 +274,16 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - testRootCertificate := utils.CreateTestRootCert() - testRootCertificate.SerialNumber = utils.SerialNumber - // store root certificate with different serial number rootCertificate := utils.RootCertificate(setup.Trustee1) rootCertificate.SerialNumber = utils.SerialNumber utils.AddMokedDaCertificate(setup, rootCertificate, true) // propose second root certificate + testRootCertificate := utils.CreateTestRootCert() proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + testRootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -274,22 +291,26 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: true}, // we have both: Proposed and Approved - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true, Count: 1}, // single approved - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, // we have both: Proposed and Approved + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 1}, // single approved + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) // additional check - require.Equal(t, testconstants.RootSerialNumber, resolvedCertificates.ProposedCertificate.SerialNumber) + require.Equal(t, testRootCertificate.SerialNumber, resolvedCertificates.ProposedCertificate.SerialNumber) } func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T) { @@ -300,9 +321,9 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T // add Certificate1 rootCertOptions := &utils.RootCertOptions{ - PemCert: testconstants.PAACertWithSameSubjectID1, - Subject: testconstants.PAACertWithSameSubjectID1Subject, - SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, + PemCert: testRootCertificate.PEM, + Subject: testRootCertificate.Subject, + SubjectKeyID: testRootCertificate.SubjectKeyID, Info: testconstants.Info, Vid: testconstants.Vid, } @@ -310,9 +331,9 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T // add Certificate2 rootCert2Options := &utils.RootCertOptions{ - PemCert: testconstants.PAACertWithSameSubjectID2, - Subject: testconstants.PAACertWithSameSubjectID2Subject, - SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, + PemCert: testRootCertificate2.PEM, + Subject: testRootCertificate2.Subject, + SubjectKeyID: testRootCertificate2.SubjectKeyID, Info: testconstants.Info, Vid: testconstants.Vid, } @@ -326,17 +347,21 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T require.Equal(t, 2, len(allCertificates)) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } // check for first utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) @@ -344,9 +369,9 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate2, indexes) // Additional checks - require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, resolvedCertificates.AllCertificatesBySubjectKeyId[0].SubjectKeyId) - require.Equal(t, testconstants.PAACertWithSameSubjectID1Subject, resolvedCertificates.AllCertificatesBySubjectKeyId[0].Certs[0].Subject) - require.Equal(t, testconstants.PAACertWithSameSubjectID2Subject, resolvedCertificates.AllCertificatesBySubjectKeyId[0].Certs[1].Subject) + require.Equal(t, testRootCertificate.SubjectKeyID, resolvedCertificates.AllCertificatesBySubjectKeyID[0].SubjectKeyId) + require.Equal(t, testRootCertificate.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[0].Subject) + require.Equal(t, testRootCertificate2.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[1].Subject) } func TestHandler_RejectAddDaRootCert(t *testing.T) { @@ -357,7 +382,7 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { // propose x509 root certificate by account Trustee1 proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + testRootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -367,24 +392,28 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { // reject x509 root certificate by account Trustee2 rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( setup.Trustee2.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + testRootCertificate.Subject, + testRootCertificate.SubjectKeyID, testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) // certificate should be in the entity , because we haven't enough reject approvals - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } // check certificate state indexes resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) @@ -398,24 +427,28 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { // reject x509 root certificate by account Trustee3 rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert( setup.Trustee3.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + testRootCertificate.Subject, + testRootCertificate.SubjectKeyID, testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) // certificate should not be in the entity , because we have enough reject approvals - indexes = []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } // check certificate state indexes resolvedCertificates = utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) @@ -431,8 +464,15 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t *testing.T) { setup := utils.Setup(t) + + rootCertificate := utils.CreateTestRootCert() + // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) @@ -443,19 +483,31 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // approve x509 root certificate by account Trustee2 - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - pendingCert, _ := setup.Keeper.GetProposedCertificate(setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID) + pendingCert, _ := setup.Keeper.GetProposedCertificate( + setup.Ctx, + rootCertificate.Subject, + rootCertificate.SubjectKeyID) prevRejectsLen := len(pendingCert.Rejects) prevApprovalsLen := len(pendingCert.Approvals) // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) - pendingCert, found := setup.Keeper.GetProposedCertificate(setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID) + pendingCert, found := setup.Keeper.GetProposedCertificate(setup.Ctx, + rootCertificate.Subject, + rootCertificate.SubjectKeyID) require.True(t, found) require.Equal(t, len(pendingCert.Rejects), prevRejectsLen+1) require.Equal(t, len(pendingCert.Approvals), prevApprovalsLen-1) @@ -464,8 +516,16 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t *testing.T) { setup := utils.Setup(t) + + rootCertificate := utils.CreateTestRootCert() + // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) @@ -476,19 +536,34 @@ func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t * setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) - pendingCert, _ := setup.Keeper.GetProposedCertificate(setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID) + pendingCert, _ := setup.Keeper.GetProposedCertificate( + setup.Ctx, + rootCertificate.Subject, + rootCertificate.SubjectKeyID) prevRejectsLen := len(pendingCert.Rejects) prevApprovalsLen := len(pendingCert.Approvals) + // approve x509 root certificate by account Trustee2 - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - pendingCert, found := setup.Keeper.GetProposedCertificate(setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID) + pendingCert, found := setup.Keeper.GetProposedCertificate( + setup.Ctx, + rootCertificate.Subject, + rootCertificate.SubjectKeyID) require.True(t, found) require.Equal(t, len(pendingCert.Rejects), prevRejectsLen-1) require.Equal(t, len(pendingCert.Approvals), prevApprovalsLen+1) @@ -509,91 +584,155 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + rootCertificate := utils.CreateTestRootCert() + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) - // certificate should be in the entity , because we haven't enough reject approvals - proposedCertificate, err := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - - // check proposed certificate - require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, proposedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, proposedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, // not rejected yet + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // reject x509 root certificate by account Trustee3 - rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert(setup.Trustee3.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert( + setup.Trustee3.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) - // certificate should be in the entity , because we have enough rejected approvals - rejectedCertificates, err := utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - - // check rejected certificate - rejectedCertificate := rejectedCertificates.Certs[0] - require.Equal(t, proposeAddX509RootCert.Cert, rejectedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, rejectedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, rejectedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, rejectedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, rejectedCertificate.SerialNumber) + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, // certificate is rejected now + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_ProposeAddAndRejectX509RootCert_ByTrustee(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + rootCertificate := utils.CreateTestRootCert() + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) // reject x509 root certificate - rejectX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectX509RootCert) require.NoError(t, err) - require.False(t, setup.Keeper.IsProposedCertificatePresent(setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) - - // check that unique certificate key is registered - require.False(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) + // check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, // certificates do not get into rejected collection because there were no approvals before + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + rootCertificate := utils.CreateTestRootCert() + + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) // reject x509 root certificate - rejectX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectX509RootCert) require.NoError(t, err) - // query proposed certificate - proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - - // check proposed certificate - require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, proposedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, proposedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) - require.True(t, proposedCertificate.HasApprovalFrom(setup.Trustee1.String())) - - // check that unique certificate key is registered - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) + // check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testing.T) { @@ -601,37 +740,58 @@ func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testin accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + rootCertificate := utils.CreateTestRootCert() + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) // approve approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) // reject x509 root certificate - rejectX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectX509RootCert) require.NoError(t, err) - // query proposed certificate - proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - - // check proposed certificate - require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, proposedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, proposedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) - require.True(t, proposedCertificate.HasRejectFrom(setup.Trustee1.String())) - require.True(t, proposedCertificate.HasApprovalFrom(setup.Trustee2.String())) + // check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // check that unique certificate key is registered - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) + // additional checks + require.True(t, resolvedCertificates.ProposedCertificate.HasRejectFrom(setup.Trustee1.String())) + require.True(t, resolvedCertificates.ProposedCertificate.HasApprovalFrom(setup.Trustee2.String())) } // Error cases diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index b8e9e0b31..651e80e41 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -30,24 +30,28 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { addX509Cert := types.NewMsgAddX509Cert( accAddress.String(), - testconstants.IntermediateCertPem, + testIntermediateCertificate.PEM, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } @@ -68,24 +72,28 @@ func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { addX509Cert := types.NewMsgAddX509Cert( accAddress.String(), - testconstants.PAICertWithNumericPidVid, + testIntermediateCertificate.PEM, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } @@ -111,7 +119,7 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( // store intermediate certificate second time addX509Cert := types.NewMsgAddX509Cert( vendorAccAddress.String(), - testconstants.IntermediateCertPem, + testIntermediateCertificate1.PEM, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) @@ -125,18 +133,22 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( require.Equal(t, 2, len(allCertificates)) // root + intermediate // Check indexes for certificate1 - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ChildCertificatesKeyPrefix, Count: 1}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) @@ -151,7 +163,6 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( // Check indexes for certificate2 utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) - } func TestHandler_AddDaCert_ForTree(t *testing.T) { @@ -170,7 +181,7 @@ func TestHandler_AddDaCert_ForTree(t *testing.T) { // add intermediate x509 certificate addIntermediateX509Cert := types.NewMsgAddX509Cert( vendorAccAddress.String(), - testconstants.IntermediateCertPem, + testIntermediateCertificate.PEM, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addIntermediateX509Cert) require.NoError(t, err) @@ -178,50 +189,46 @@ func TestHandler_AddDaCert_ForTree(t *testing.T) { // add leaf x509 certificate addLeafX509Cert := types.NewMsgAddX509Cert( vendorAccAddress.String(), - testconstants.LeafCertPem, + testLeafCertificate.PEM, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addLeafX509Cert) require.NoError(t, err) // Check indexes for root - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) // Check indexes for intermediate - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix, Count: 1}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) // Check indexes for leaf - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - } utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } diff --git a/x/pki/tests/handler_assign_vid_test.go b/x/pki/tests/handler_assign_vid_test.go index 40a8913be..fa03d7217 100644 --- a/x/pki/tests/handler_assign_vid_test.go +++ b/x/pki/tests/handler_assign_vid_test.go @@ -38,24 +38,28 @@ func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { // DA certificates indexes checks // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // Check VID is assigned require.Equal(t, testconstants.Vid, resolvedCertificates.ApprovedCertificates.Certs[0].Vid) - require.Equal(t, testconstants.Vid, resolvedCertificates.ApprovedCertificatesBySubjectKeyId[0].Certs[0].Vid) + require.Equal(t, testconstants.Vid, resolvedCertificates.ApprovedCertificatesBySubjectKeyID[0].Certs[0].Vid) require.Equal(t, testconstants.Vid, resolvedCertificates.AllCertificates.Certs[0].Vid) - require.Equal(t, testconstants.Vid, resolvedCertificates.AllCertificatesBySubjectKeyId[0].Certs[0].Vid) + require.Equal(t, testconstants.Vid, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[0].Vid) } func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index f2f689daa..a5ad4649a 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -32,29 +32,34 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { // remove intermediate certificate removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, "", ) _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } @@ -68,18 +73,19 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // add two intermediate certificates icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate1.PEM) icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate2.PEM) // add leaf certificate leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, leafCertificate.PEM) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -88,15 +94,19 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, 4, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)+len(nocCerts[2].Certs)) // Check indexes for intermediate certificates before removing - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 3}, // 2 inter + leaf certs exist + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 3}, // 2 inter + leaf certs exist + + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) @@ -104,51 +114,60 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { // remove all intermediate certificates but leave leaf certificate (NocCert1 and NocCert1Copy) removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyID, "", ) _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) // Check indexes for intermediate certificates - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 1}, // leaf cert with same vid exist - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, // leaf cert with same vid exist + + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // Check indexes - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 1}, // only leaf exits - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, // only leaf exits + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) @@ -162,35 +181,38 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // Add ICA certificates icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate1.PEM) // Add ICA certificates with sam subject and SKID but different serial number icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate2.PEM) // Add a leaf certificate leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, leafCertificate.PEM) // Check indexes for intermediate certificates before removing - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 3}, // 2 inter + leaf certs exist + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 3}, // 2 inter + leaf certs exist + + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) @@ -198,48 +220,56 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { // remove ICA certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyID, + icaCertificate1.SerialNumber, ) _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) // Check indexes for first certificate (second ica exist) - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 2}, // ica and leaf cert with same vid exist - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, // removed - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // ica and leaf cert with same vid exist + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, // removed + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) // Check indexes for second certificate (all same as for ica1 but also UniqueCertificate exists) - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 2}, // ica and leaf cert with same vid exist - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, // all same as for ica1 but also UniqueCertificate exists - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // ica and leaf cert with same vid exist + {Key: types.UniqueCertificateKeyPrefix}, // all same as for ica1 but also UniqueCertificate exists + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) @@ -251,23 +281,22 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // Add an intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) // revoke intermediate certificate by serial number revokeX509Cert := types.NewMsgRevokeNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, + icaCertificate.SerialNumber, testconstants.Info, false, ) @@ -275,47 +304,54 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { require.NoError(t, err) // Check indexes after revocation - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // remove intermediate certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, + icaCertificate.SerialNumber, ) _, err = setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } @@ -326,23 +362,22 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // Add an intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) // revoke an intermediate certificate revokeX509Cert := types.NewMsgRevokeNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, + icaCertificate.SerialNumber, testconstants.Info, false, ) @@ -350,49 +385,56 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) require.NoError(t, err) // Check indexes after revocation - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // Add an intermediate certificate with new serial number icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate2.PEM) // Check indexes - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // we create root certificate as well but ica should not get there - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, // we have evoked cert with same id + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not get there + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, // we have evoked cert with same id + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // remove an intermediate certificate removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, "", ) _, err = setup.Handler(setup.Ctx, removeIcaCert) @@ -403,20 +445,23 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) require.Equal(t, 1, len(allCerts)) require.Equal(t, true, allCerts[0].Certs[0].IsRoot) - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) @@ -426,16 +471,14 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // add first vendor account with VID = 1 - vendorAccAddress1 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) // add ICA certificate by fist vendor account addIcaCert := types.NewMsgAddNocX509IcaCert(vendorAccAddress1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) @@ -472,7 +515,7 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { require.Equal(t, 0, len(nocCerts)) // query noc certificate by VID - _, err = utils.QueryNocIcaCertificatesByVid(setup, vid) + _, err = utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificate key is not registered @@ -480,7 +523,7 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { testconstants.NocCert1Issuer, testconstants.NocCert1SerialNumber)) // check that intermediate certificate can not be queried by vid+skid - _, err = utils.QueryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocCert1SubjectKeyID) + _, err = utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocCert1SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) } diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index e8054f6f5..41a60d77b 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -24,7 +24,7 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { // add NOC root certificates rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // remove noc root certificate removeIcaCert := types.NewMsgRemoveNocX509RootCert( @@ -37,21 +37,24 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } @@ -60,19 +63,18 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := setup.CreateVendorAccount(vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificates rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate1.PEM) rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate2.PEM) // Add intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -97,35 +99,41 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) // Check indexes for root certificates - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) // Check indexes for intermediate certificates - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } @@ -134,20 +142,18 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificates rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate1.PEM) rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate2.PEM) // Add ICA certificates icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) // remove NOC root certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509RootCert( @@ -165,39 +171,46 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { // NocCertificates: Subject and SKID nocCertificates, err := utils.QueryNocCertificates( setup, - testconstants.NocRootCert1CopySubject, - testconstants.NocRootCert1CopySubjectKeyID, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyID, ) require.NoError(t, err) require.Equal(t, 1, len(nocCertificates.Certs)) // Check indexes for root certificates - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) @@ -217,35 +230,41 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) // Check indexes for root certificates - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) // Check indexes for intermediate certificates - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } @@ -280,16 +299,20 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { require.NoError(t, err) // Check indexes for root certificates - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 2}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) @@ -298,17 +321,20 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { require.Equal(t, 2, len(revokedCerts.Certs)) // Check that intermediate certificates does not exist - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) @@ -327,32 +353,38 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { require.Equal(t, testconstants.NocCert1SerialNumber, allCerts[0].Certs[0].SerialNumber) // Check indexes for root certificates - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) // Check that intermediate certificates still exist - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index d5d0f481f..b23a81854 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -45,17 +45,20 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, 1, len(allCerts)) // Check indexes for intermediate certificate - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } @@ -110,33 +113,41 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) // Check indexes for intermediate certificate - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - //{Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, // leaf cert has same subject - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - //{Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, // leaf cert has same subject - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + // {Key: types.AllCertificatesBySubjectKeyPrefix}, // leaf cert has same subject + // {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, // leaf cert has same subject + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) // check that leaf certificate exists - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } @@ -185,39 +196,49 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { require.Equal(t, 3, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) // Check indexes for intermediate certificate 1 - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) // Check indexes for intermediate certificate 2 (all the same but also UniqueCertificate exists) - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) // check that leaf certificate exists (same as for intermediate 2, skip check by subject) - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) @@ -236,29 +257,36 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) // Check indexes for intermediate certificates - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) // check that leaf certificate exists - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } @@ -295,17 +323,21 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) @@ -319,17 +351,20 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { _, err = setup.Handler(setup.Ctx, removeX509Cert) require.NoError(t, err) - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index 40a941a1f..c8242549a 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -42,21 +42,25 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } @@ -102,43 +106,51 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, // leaf still exists - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix}, // leaf still exists + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // Check indexes for leaf - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 1}, // only leaf exits - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, // only leaf exits + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } @@ -182,24 +194,49 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { require.Equal(t, 3, len(allRevokedCerts[0].Certs)+len(allRevokedCerts[1].Certs)) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index 9da35f4d8..5670eff45 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -44,21 +44,25 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } diff --git a/x/pki/tests/handler_revoke_paa_cert_test.go b/x/pki/tests/handler_revoke_paa_cert_test.go index 718722815..3b0280b75 100644 --- a/x/pki/tests/handler_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_revoke_paa_cert_test.go @@ -41,19 +41,23 @@ func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { require.NoError(t, err) // Check: Certificate is proposed to revoke - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -85,19 +89,23 @@ func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { require.NoError(t, err) // Check: Certificate is proposed to revoke - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -125,19 +133,23 @@ func TestHandler_RevokeDaRootCert(t *testing.T) { ) // Check state indexes - indexes := []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } @@ -176,34 +188,42 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist ) // Check state indexes - indexes := []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, // another cert with same SKID exists - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, // another cert with same SKID exist - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, // another cert with same SKID exists + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, // another cert with same SKID exist + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) // second still exists - indexes = []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } @@ -241,18 +261,22 @@ func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndS ) // Check: Certificate1 - RevokedCertificates - present - indexes := []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 1}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) @@ -267,18 +291,22 @@ func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndS ) // Check: Certificate1 is revoked - indexes = []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } @@ -292,19 +320,23 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // root exists - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -360,20 +392,24 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.NoError(t, err) - indexes = []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.RevokedRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -433,19 +469,23 @@ func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.NoError(t, err) - indexes := []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index 0a2fde3f2..cee318fd2 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -50,33 +50,41 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { require.NoError(t, err) // Check: Certificate is revoked - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) // Check: Root stays approved - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } @@ -113,32 +121,40 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { require.NoError(t, err) // root stays approved - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // intermediate and leaf are revoked - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) diff --git a/x/pki/tests/test-design.md b/x/pki/tests/test-design.md index 585c9359b..39022d17a 100644 --- a/x/pki/tests/test-design.md +++ b/x/pki/tests/test-design.md @@ -191,6 +191,8 @@ Test cases: * Positive: * Add Noc root certificate: `TestHandler_AddNocRootCert` + * Add two Noc root certificates with same subject/skid but different serial number: + `TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber` * Negative: * TBD @@ -210,6 +212,8 @@ Test cases: * Positive: * Add Noc intermediate certificate: `TestHandler_AddNocIntermediateCert` + * Add two Noc intermediate certificates with same subject/skid but different serial number: + `TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber` * Negative: * TBD diff --git a/x/pki/tests/utils/account.go b/x/pki/tests/utils/account.go index 3cb9bb8d9..9c2a30cfe 100644 --- a/x/pki/tests/utils/account.go +++ b/x/pki/tests/utils/account.go @@ -51,7 +51,7 @@ func (setup *TestSetup) AddAccount( ) { dclauthKeeper := setup.DclauthKeeper currentTrusteeCount := 0 - // if the CountAccountsWithRole is present get the value from the mock call + // if the CountAccountsWithRole is Present get the value from the mock call for _, expectedCall := range dclauthKeeper.ExpectedCalls { if expectedCall.Method == "CountAccountsWithRole" { currentTrusteeCount = dclauthKeeper.CountAccountsWithRole(setup.Ctx, dclauthtypes.Trustee) diff --git a/x/pki/tests/utils/certificate_assertions.go b/x/pki/tests/utils/certificate_assertions.go index 45cfa1fea..213735c4a 100644 --- a/x/pki/tests/utils/certificate_assertions.go +++ b/x/pki/tests/utils/certificate_assertions.go @@ -15,7 +15,13 @@ type TestIndex struct { Count int } +type TestIndexes struct { + Present []TestIndex + Missing []TestIndex +} + type TestCertificate struct { + PEM string Subject string SubjectKeyID string Issuer string @@ -28,249 +34,266 @@ type TestCertificate struct { type ResolvedCertificate struct { AllCertificates *types.AllCertificates AllCertificatesBySubject *types.AllCertificatesBySubject - AllCertificatesBySubjectKeyId []types.AllCertificates + AllCertificatesBySubjectKeyID []types.AllCertificates ApprovedCertificates *types.ApprovedCertificates ApprovedCertificatesBySubject *types.ApprovedCertificatesBySubject - ApprovedCertificatesBySubjectKeyId []types.ApprovedCertificates + ApprovedCertificatesBySubjectKeyID []types.ApprovedCertificates ApprovedRootCertificates *types.CertificateIdentifier ProposedCertificate *types.ProposedCertificate RejectedCertificate *types.RejectedCertificate ChildCertificates *types.ChildCertificates NocCertificates *types.NocCertificates NocCertificatesBySubject *types.NocCertificatesBySubject - NocCertificatesBySubjectKeyId []types.NocCertificates + NocCertificatesBySubjectKeyID []types.NocCertificates ProposedRevocation *types.ProposedCertificateRevocation + RevokedCertificates *types.RevokedCertificates + RevokedNocIcaCertificates *types.RevokedNocIcaCertificates + RevokedNocRootCertificates *types.RevokedNocRootCertificates } +//nolint:gocyclo func CheckCertificateStateIndexes( t *testing.T, setup *TestSetup, certificate TestCertificate, - indexes []TestIndex, + indexes TestIndexes, ) ResolvedCertificate { + t.Helper() + var resolvedCertificate ResolvedCertificate - for _, index := range indexes { + for _, index := range indexes.Present { if index.Key == types.AllCertificatesKeyPrefix { - if index.Exist { - certificates, _ := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, certificates.Subject) - require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) - require.Len(t, certificates.Certs, GetExpectedCount(index)) - require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) - resolvedCertificate.AllCertificates = certificates - } else { - _, err := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + certificates, _ := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, certificates.Subject) + require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Len(t, certificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) + resolvedCertificate.AllCertificates = certificates } if index.Key == types.AllCertificatesBySubjectKeyPrefix { - if index.Exist { - certificatesBySubject, _ := QueryAllCertificatesBySubject(setup, certificate.Subject) - require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) - resolvedCertificate.AllCertificatesBySubject = certificatesBySubject - } else { - _, err := QueryAllCertificatesBySubject(setup, certificate.Subject) - require.Equal(t, codes.NotFound, status.Code(err)) - } + certificatesBySubject, _ := QueryAllCertificatesBySubject(setup, certificate.Subject) + require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) + resolvedCertificate.AllCertificatesBySubject = certificatesBySubject } if index.Key == types.AllCertificatesBySubjectKeyIDKeyPrefix { - if index.Exist { - certificateBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Len(t, certificateBySubjectKeyID[0].Certs, GetExpectedCount(index)) - require.Equal(t, certificate.IsRoot, certificateBySubjectKeyID[0].Certs[0].IsRoot) - resolvedCertificate.AllCertificatesBySubjectKeyId = certificateBySubjectKeyID - } else { - certificatesBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - } + certificateBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Len(t, certificateBySubjectKeyID[0].Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, certificateBySubjectKeyID[0].Certs[0].IsRoot) + resolvedCertificate.AllCertificatesBySubjectKeyID = certificateBySubjectKeyID } if index.Key == types.ApprovedCertificatesKeyPrefix { - if index.Exist { - certificates, _ := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, certificates.Subject) - require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) - require.Len(t, certificates.Certs, GetExpectedCount(index)) - require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) - resolvedCertificate.ApprovedCertificates = certificates - } else { - _, err := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + certificates, _ := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, certificates.Subject) + require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Len(t, certificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) + resolvedCertificate.ApprovedCertificates = certificates } if index.Key == types.ApprovedCertificatesBySubjectKeyPrefix { - if index.Exist { - certificatesBySubject, _ := QueryApprovedCertificatesBySubject(setup, certificate.Subject) - require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) - resolvedCertificate.ApprovedCertificatesBySubject = certificatesBySubject - } else { - _, err := QueryApprovedCertificatesBySubject(setup, certificate.Subject) - require.Equal(t, codes.NotFound, status.Code(err)) - } + certificatesBySubject, _ := QueryApprovedCertificatesBySubject(setup, certificate.Subject) + require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) + resolvedCertificate.ApprovedCertificatesBySubject = certificatesBySubject } if index.Key == types.ApprovedCertificatesBySubjectKeyIDKeyPrefix { - if index.Exist { - approvedCertificatesBySkid, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Len(t, approvedCertificatesBySkid, 1) - require.Len(t, approvedCertificatesBySkid[0].Certs, GetExpectedCount(index)) - require.Equal(t, certificate.IsRoot, approvedCertificatesBySkid[0].Certs[0].IsRoot) - resolvedCertificate.ApprovedCertificatesBySubjectKeyId = approvedCertificatesBySkid - } else { - certificatesBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - } + approvedCertificatesBySkid, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Len(t, approvedCertificatesBySkid, 1) + require.Len(t, approvedCertificatesBySkid[0].Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, approvedCertificatesBySkid[0].Certs[0].IsRoot) + resolvedCertificate.ApprovedCertificatesBySubjectKeyID = approvedCertificatesBySkid } if index.Key == types.ApprovedRootCertificatesKeyPrefix { - if index.Exist { - approvedRootCertificate, _ := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, approvedRootCertificate.Subject) - require.Equal(t, certificate.SubjectKeyID, approvedRootCertificate.SubjectKeyId) - resolvedCertificate.ApprovedRootCertificates = approvedRootCertificate - } else { - _, err := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + approvedRootCertificate, _ := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, approvedRootCertificate.Subject) + require.Equal(t, certificate.SubjectKeyID, approvedRootCertificate.SubjectKeyId) + resolvedCertificate.ApprovedRootCertificates = approvedRootCertificate } if index.Key == types.ProposedCertificateKeyPrefix { - if index.Exist { - proposedCertificate, _ := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, proposedCertificate.Subject) - require.Equal(t, certificate.SubjectKeyID, proposedCertificate.SubjectKeyId) - resolvedCertificate.ProposedCertificate = proposedCertificate - } else { - _, err := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + proposedCertificate, _ := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, proposedCertificate.Subject) + require.Equal(t, certificate.SubjectKeyID, proposedCertificate.SubjectKeyId) + resolvedCertificate.ProposedCertificate = proposedCertificate } if index.Key == types.RejectedCertificateKeyPrefix { - if index.Exist { - rejectedCertificate, _ := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, rejectedCertificate.Subject) - require.Equal(t, certificate.SubjectKeyID, rejectedCertificate.SubjectKeyId) - require.Len(t, rejectedCertificate.Certs, GetExpectedCount(index)) - resolvedCertificate.RejectedCertificate = rejectedCertificate - } else { - _, err := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + rejectedCertificate, _ := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, rejectedCertificate.Subject) + require.Equal(t, certificate.SubjectKeyID, rejectedCertificate.SubjectKeyId) + require.Len(t, rejectedCertificate.Certs, GetExpectedCount(index)) + resolvedCertificate.RejectedCertificate = rejectedCertificate } if index.Key == types.ChildCertificatesKeyPrefix { - if index.Exist { - issuerChildren, _ := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) - require.Len(t, issuerChildren.CertIds, GetExpectedCount(index)) - certID := types.CertificateIdentifier{ - Subject: certificate.Subject, - SubjectKeyId: certificate.SubjectKeyID, - } - require.Equal(t, &certID, issuerChildren.CertIds[0]) - resolvedCertificate.ChildCertificates = issuerChildren - } else { - _, err := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) + issuerChildren, _ := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) + require.Len(t, issuerChildren.CertIds, GetExpectedCount(index)) + certID := types.CertificateIdentifier{ + Subject: certificate.Subject, + SubjectKeyId: certificate.SubjectKeyID, } + require.Equal(t, &certID, issuerChildren.CertIds[0]) + resolvedCertificate.ChildCertificates = issuerChildren } if index.Key == types.UniqueCertificateKeyPrefix { - require.Equal(t, index.Exist, setup.Keeper.IsUniqueCertificatePresent( + require.True(t, setup.Keeper.IsUniqueCertificatePresent( setup.Ctx, certificate.Issuer, certificate.SerialNumber)) } if index.Key == types.NocCertificatesKeyPrefix { - if index.Exist { - certificates, _ := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, certificates.Subject) - require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) - require.Len(t, certificates.Certs, GetExpectedCount(index)) - resolvedCertificate.NocCertificates = certificates - } else { - _, err := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + certificates, _ := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, certificates.Subject) + require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Len(t, certificates.Certs, GetExpectedCount(index)) + resolvedCertificate.NocCertificates = certificates } if index.Key == types.NocCertificatesBySubjectKeyIDKeyPrefix { - if index.Exist { - nocCertificatesBySkid, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Len(t, nocCertificatesBySkid, 1) - require.Len(t, nocCertificatesBySkid[0].Certs, GetExpectedCount(index)) - require.Equal(t, certificate.IsRoot, nocCertificatesBySkid[0].Certs[0].IsRoot) - resolvedCertificate.NocCertificatesBySubjectKeyId = nocCertificatesBySkid - } else { - certificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - } + nocCertificatesBySkid, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Len(t, nocCertificatesBySkid, 1) + require.Len(t, nocCertificatesBySkid[0].Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, nocCertificatesBySkid[0].Certs[0].IsRoot) + resolvedCertificate.NocCertificatesBySubjectKeyID = nocCertificatesBySkid } if index.Key == types.NocCertificatesBySubjectKeyPrefix { - if index.Exist { - nocCertificatesBySubject, _ := QueryNocCertificatesBySubject(setup, certificate.Subject) - require.Len(t, nocCertificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, nocCertificatesBySubject.SubjectKeyIds[0]) - resolvedCertificate.NocCertificatesBySubject = nocCertificatesBySubject - } else { - _, err := QueryNocCertificatesBySubject(setup, certificate.Subject) - require.Equal(t, codes.NotFound, status.Code(err)) - } + nocCertificatesBySubject, _ := QueryNocCertificatesBySubject(setup, certificate.Subject) + require.Len(t, nocCertificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, nocCertificatesBySubject.SubjectKeyIds[0]) + resolvedCertificate.NocCertificatesBySubject = nocCertificatesBySubject } if index.Key == types.NocCertificatesByVidAndSkidKeyPrefix { - if index.Exist { - nocCertificatesByVidAndSkid, _ := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) - require.Equal(t, certificate.VID, nocCertificatesByVidAndSkid.Vid) - require.Len(t, nocCertificatesByVidAndSkid.Certs, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, nocCertificatesByVidAndSkid.SubjectKeyId) - } else { - _, err := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + nocCertificatesByVidAndSkid, _ := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) + require.Equal(t, certificate.VID, nocCertificatesByVidAndSkid.Vid) + require.Len(t, nocCertificatesByVidAndSkid.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, nocCertificatesByVidAndSkid.SubjectKeyId) } if index.Key == types.NocRootCertificatesKeyPrefix { - if index.Exist { - nocRootCertificatesByVid, _ := QueryNocRootCertificatesByVid(setup, certificate.VID) - require.Equal(t, certificate.VID, nocRootCertificatesByVid.Vid) - require.Len(t, nocRootCertificatesByVid.Certs, GetExpectedCount(index)) - } else { - _, err := QueryNocRootCertificatesByVid(setup, certificate.VID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + nocRootCertificatesByVid, _ := QueryNocRootCertificatesByVid(setup, certificate.VID) + require.Equal(t, certificate.VID, nocRootCertificatesByVid.Vid) + require.Len(t, nocRootCertificatesByVid.Certs, GetExpectedCount(index)) } if index.Key == types.NocIcaCertificatesKeyPrefix { - if index.Exist { - nocIcaCertificatesBy, _ := QueryNocIcaCertificatesByVid(setup, certificate.VID) - require.Equal(t, certificate.VID, nocIcaCertificatesBy.Vid) - require.Len(t, nocIcaCertificatesBy.Certs, GetExpectedCount(index)) - } else { - _, err := QueryNocIcaCertificatesByVid(setup, certificate.VID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + nocIcaCertificatesBy, _ := QueryNocIcaCertificatesByVid(setup, certificate.VID) + require.Equal(t, certificate.VID, nocIcaCertificatesBy.Vid) + require.Len(t, nocIcaCertificatesBy.Certs, GetExpectedCount(index)) } if index.Key == types.RevokedNocIcaCertificatesKeyPrefix { - require.Equal(t, index.Exist, setup.Keeper.IsRevokedNocIcaCertificatePresent( - setup.Ctx, certificate.Subject, certificate.SubjectKeyID)) + revokedNocIcaCertificates, _ := QueryNocRevokedIcaCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Len(t, revokedNocIcaCertificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.Subject, revokedNocIcaCertificates.Subject) + require.Equal(t, certificate.SubjectKeyID, revokedNocIcaCertificates.SubjectKeyId) + resolvedCertificate.RevokedNocIcaCertificates = revokedNocIcaCertificates } if index.Key == types.RevokedNocRootCertificatesKeyPrefix { - require.Equal(t, index.Exist, setup.Keeper.IsRevokedNocRootCertificatePresent( - setup.Ctx, certificate.Subject, certificate.SubjectKeyID)) + revokedNocRootCertificates, _ := QueryNocRevokedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Len(t, revokedNocRootCertificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.Subject, revokedNocRootCertificates.Subject) + require.Equal(t, certificate.SubjectKeyID, revokedNocRootCertificates.SubjectKeyId) + resolvedCertificate.RevokedNocRootCertificates = revokedNocRootCertificates } if index.Key == types.RevokedCertificatesKeyPrefix { - require.Equal(t, index.Exist, setup.Keeper.IsRevokedCertificatePresent( - setup.Ctx, certificate.Subject, certificate.SubjectKeyID)) + revokedCertificates, _ := QueryRevokedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Len(t, revokedCertificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.Subject, revokedCertificates.Subject) + require.Equal(t, certificate.SubjectKeyID, revokedCertificates.SubjectKeyId) + resolvedCertificate.RevokedCertificates = revokedCertificates } if index.Key == types.ProposedCertificateRevocationKeyPrefix { - if index.Exist { - proposedRevocation, _ := QueryProposedCertificateRevocation( - setup, - certificate.Subject, - certificate.SubjectKeyID, - certificate.SerialNumber, - ) - resolvedCertificate.ProposedRevocation = proposedRevocation - } else { - _, err := QueryProposedCertificateRevocation( - setup, - certificate.Subject, - certificate.SubjectKeyID, - certificate.SerialNumber, - ) - require.Equal(t, codes.NotFound, status.Code(err)) - } + proposedRevocation, _ := QueryProposedCertificateRevocation( + setup, + certificate.Subject, + certificate.SubjectKeyID, + certificate.SerialNumber, + ) + resolvedCertificate.ProposedRevocation = proposedRevocation + } + } + + for _, index := range indexes.Missing { + if index.Key == types.AllCertificatesKeyPrefix { + _, err := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.AllCertificatesBySubjectKeyPrefix { + _, err := QueryAllCertificatesBySubject(setup, certificate.Subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.AllCertificatesBySubjectKeyIDKeyPrefix { + certificatesBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + if index.Key == types.ApprovedCertificatesKeyPrefix { + _, err := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.ApprovedCertificatesBySubjectKeyPrefix { + _, err := QueryApprovedCertificatesBySubject(setup, certificate.Subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.ApprovedCertificatesBySubjectKeyIDKeyPrefix { + certificatesBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + if index.Key == types.ApprovedRootCertificatesKeyPrefix { + _, err := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.ProposedCertificateKeyPrefix { + _, err := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.RejectedCertificateKeyPrefix { + _, err := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.ChildCertificatesKeyPrefix { + _, err := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.UniqueCertificateKeyPrefix { + require.False(t, setup.Keeper.IsUniqueCertificatePresent( + setup.Ctx, certificate.Issuer, certificate.SerialNumber)) + } + if index.Key == types.NocCertificatesKeyPrefix { + _, err := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.NocCertificatesBySubjectKeyIDKeyPrefix { + certificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + if index.Key == types.NocCertificatesBySubjectKeyPrefix { + _, err := QueryNocCertificatesBySubject(setup, certificate.Subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.NocCertificatesByVidAndSkidKeyPrefix { + _, err := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.NocRootCertificatesKeyPrefix { + _, err := QueryNocRootCertificatesByVid(setup, certificate.VID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.NocIcaCertificatesKeyPrefix { + _, err := QueryNocIcaCertificatesByVid(setup, certificate.VID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.RevokedNocIcaCertificatesKeyPrefix { + _, err := QueryNocRevokedIcaCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.RevokedNocRootCertificatesKeyPrefix { + _, err := QueryNocRevokedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.RevokedCertificatesKeyPrefix { + _, err := QueryRevokedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.ProposedCertificateRevocationKeyPrefix { + _, err := QueryProposedCertificateRevocation( + setup, + certificate.Subject, + certificate.SubjectKeyID, + certificate.SerialNumber, + ) + require.Equal(t, codes.NotFound, status.Code(err)) } } @@ -282,5 +305,6 @@ func GetExpectedCount(index TestIndex) int { if index.Count == 0 { count = 1 } + return count } diff --git a/x/pki/tests/utils/certificate_helpers.go b/x/pki/tests/utils/certificate_helpers.go index 3e1f824da..95e4501a5 100644 --- a/x/pki/tests/utils/certificate_helpers.go +++ b/x/pki/tests/utils/certificate_helpers.go @@ -37,3 +37,12 @@ func AddMokedDaCertificate( setup.Keeper.SetUniqueCertificate(setup.Ctx, UniqueCertificate(certificate.Issuer, certificate.SerialNumber)) setup.Keeper.StoreDaCertificate(setup.Ctx, certificate, isRoot) } + +func AddMokedNocCertificate( + setup *TestSetup, + certificate types.Certificate, + isRoot bool, +) { + setup.Keeper.SetUniqueCertificate(setup.Ctx, UniqueCertificate(certificate.Issuer, certificate.SerialNumber)) + setup.Keeper.StoreNocCertificate(setup.Ctx, certificate, isRoot) +} diff --git a/x/pki/tests/utils/data.go b/x/pki/tests/utils/data.go index 787a12c97..b9ce9ded8 100644 --- a/x/pki/tests/utils/data.go +++ b/x/pki/tests/utils/data.go @@ -86,8 +86,26 @@ func IntermediateCertificateNoVid(address sdk.AccAddress) types.Certificate { ) } +func NocIntermediateCertificate(address sdk.AccAddress) types.Certificate { + return types.NewNocCertificate( + testconstants.NocCert1, + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectAsText, + testconstants.NocCert1SubjectKeyID, + testconstants.NocCert1SerialNumber, + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + address.String(), + testconstants.Vid, + testconstants.SchemaVersion, + ) +} + func CreateTestRootCert() TestCertificate { return TestCertificate{ + PEM: testconstants.RootCertPem, Subject: testconstants.RootSubject, SubjectKeyID: testconstants.RootSubjectKeyID, SerialNumber: testconstants.RootSerialNumber, @@ -99,6 +117,7 @@ func CreateTestRootCert() TestCertificate { func CreateTestRootCertWithSameSubject() TestCertificate { return TestCertificate{ + PEM: testconstants.PAACertWithSameSubjectID1, Subject: testconstants.PAACertWithSameSubjectID1Subject, SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, SerialNumber: testconstants.PAACertWithSameSubjectSerialNumber, @@ -109,6 +128,7 @@ func CreateTestRootCertWithSameSubject() TestCertificate { func CreateTestRootCertWithSameSubject2() TestCertificate { return TestCertificate{ + PEM: testconstants.PAACertWithSameSubjectID2, Subject: testconstants.PAACertWithSameSubjectID2Subject, SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, SerialNumber: testconstants.PAACertWithSameSubject2SerialNumber, @@ -119,6 +139,7 @@ func CreateTestRootCertWithSameSubject2() TestCertificate { func CreateTestRootCertWithSameSubjectAndSkid1() TestCertificate { return TestCertificate{ + PEM: testconstants.RootCertWithSameSubjectAndSKID1, Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, SerialNumber: testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, @@ -130,6 +151,7 @@ func CreateTestRootCertWithSameSubjectAndSkid1() TestCertificate { func CreateTestRootCertWithSameSubjectAndSkid2() TestCertificate { return TestCertificate{ + PEM: testconstants.RootCertWithSameSubjectAndSKID2, Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, SerialNumber: testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, @@ -141,6 +163,7 @@ func CreateTestRootCertWithSameSubjectAndSkid2() TestCertificate { func CreateTestIntermediateCert() TestCertificate { return TestCertificate{ + PEM: testconstants.IntermediateCertPem, Subject: testconstants.IntermediateSubject, SubjectKeyID: testconstants.IntermediateSubjectKeyID, SerialNumber: testconstants.IntermediateSerialNumber, @@ -152,6 +175,7 @@ func CreateTestIntermediateCert() TestCertificate { func CreateTestIntermediateVidScopedCert() TestCertificate { return TestCertificate{ + PEM: testconstants.PAICertWithNumericPidVid, Subject: testconstants.PAICertWithNumericPidVidSubject, SubjectKeyID: testconstants.PAICertWithNumericPidVidSubjectKeyID, SerialNumber: testconstants.PAICertWithNumericPidVidSerialNumber, @@ -163,6 +187,7 @@ func CreateTestIntermediateVidScopedCert() TestCertificate { func CreateTestIntermediateCertWithSameSubjectAndSKID1() TestCertificate { return TestCertificate{ + PEM: testconstants.IntermediateWithSameSubjectAndSKID1, Subject: testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, SubjectKeyID: testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, SerialNumber: testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, @@ -174,6 +199,7 @@ func CreateTestIntermediateCertWithSameSubjectAndSKID1() TestCertificate { func CreateTestIntermediateCertWithSameSubjectAndSKID2() TestCertificate { return TestCertificate{ + PEM: testconstants.IntermediateWithSameSubjectAndSKID2, Subject: testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, SubjectKeyID: testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, SerialNumber: testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, @@ -185,6 +211,7 @@ func CreateTestIntermediateCertWithSameSubjectAndSKID2() TestCertificate { func CreateTestLeafCertWithSameSubjectAndSKID() TestCertificate { return TestCertificate{ + PEM: testconstants.LeafCertWithSameSubjectAndSKID, Subject: testconstants.LeafCertWithSameSubjectAndSKIDSubject, SubjectKeyID: testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID, SerialNumber: testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, @@ -196,6 +223,7 @@ func CreateTestLeafCertWithSameSubjectAndSKID() TestCertificate { func CreateTestLeafCert() TestCertificate { return TestCertificate{ + PEM: testconstants.LeafCertPem, Subject: testconstants.LeafSubject, SubjectKeyID: testconstants.LeafSubjectKeyID, SerialNumber: testconstants.LeafSerialNumber, @@ -207,6 +235,7 @@ func CreateTestLeafCert() TestCertificate { func CreateTestNocRoot1Cert() TestCertificate { return TestCertificate{ + PEM: testconstants.NocRootCert1, Subject: testconstants.NocRootCert1Subject, SubjectKeyID: testconstants.NocRootCert1SubjectKeyID, SerialNumber: testconstants.NocRootCert1SerialNumber, @@ -219,6 +248,7 @@ func CreateTestNocRoot1Cert() TestCertificate { func CreateTestNocRoot2Cert() TestCertificate { return TestCertificate{ + PEM: testconstants.NocRootCert1Copy, Subject: testconstants.NocRootCert1CopySubject, SubjectKeyID: testconstants.NocRootCert1CopySubjectKeyID, SerialNumber: testconstants.NocRootCert1CopySerialNumber, @@ -231,6 +261,7 @@ func CreateTestNocRoot2Cert() TestCertificate { func CreateTestNocIca1Cert() TestCertificate { return TestCertificate{ + PEM: testconstants.NocCert1, Subject: testconstants.NocCert1Subject, SubjectKeyID: testconstants.NocCert1SubjectKeyID, SerialNumber: testconstants.NocCert1SerialNumber, @@ -243,6 +274,7 @@ func CreateTestNocIca1Cert() TestCertificate { func CreateTestNocIca1CertCopy() TestCertificate { return TestCertificate{ + PEM: testconstants.NocCert1Copy, Subject: testconstants.NocCert1CopySubject, SubjectKeyID: testconstants.NocCert1CopySubjectKeyID, SerialNumber: testconstants.NocCert1CopySerialNumber, @@ -255,6 +287,7 @@ func CreateTestNocIca1CertCopy() TestCertificate { func CreateTestNocLeafCert() TestCertificate { return TestCertificate{ + PEM: testconstants.NocLeafCert1, Subject: testconstants.NocLeafCert1Subject, SubjectKeyID: testconstants.NocLeafCert1SubjectKeyID, SerialNumber: testconstants.NocLeafCert1SerialNumber, diff --git a/x/pki/types/all_certificates_by_subject_key_id.pb.go b/x/pki/types/all_certificates_by_subject_key_id.pb.go index fa3ddff29..b0332ef84 100644 --- a/x/pki/types/all_certificates_by_subject_key_id.pb.go +++ b/x/pki/types/all_certificates_by_subject_key_id.pb.go @@ -83,7 +83,7 @@ func (m *AllCertificatesBySubjectKeyId) GetSchemaVersion() uint32 { } func init() { - proto.RegisterType((*AllCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.AllCertificatesBySubjectKeyId") + proto.RegisterType((*AllCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.AllCertificatesBySubjectKeyID") } func init() { @@ -223,10 +223,10 @@ func (m *AllCertificatesBySubjectKeyId) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AllCertificatesBySubjectKeyId: wiretype end group for non-group") + return fmt.Errorf("proto: AllCertificatesBySubjectKeyID: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AllCertificatesBySubjectKeyId: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AllCertificatesBySubjectKeyID: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: diff --git a/x/pki/types/approved_certificates_by_subject_key_id.pb.go b/x/pki/types/approved_certificates_by_subject_key_id.pb.go index 4aebcf970..65df87141 100644 --- a/x/pki/types/approved_certificates_by_subject_key_id.pb.go +++ b/x/pki/types/approved_certificates_by_subject_key_id.pb.go @@ -83,7 +83,7 @@ func (m *ApprovedCertificatesBySubjectKeyId) GetSchemaVersion() uint32 { } func init() { - proto.RegisterType((*ApprovedCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.ApprovedCertificatesBySubjectKeyId") + proto.RegisterType((*ApprovedCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.ApprovedCertificatesBySubjectKeyID") } func init() { @@ -223,10 +223,10 @@ func (m *ApprovedCertificatesBySubjectKeyId) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyId: wiretype end group for non-group") + return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyID: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyId: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyID: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: diff --git a/x/pki/types/genesis_test.go b/x/pki/types/genesis_test.go index d3ca9d7e9..24d0867c3 100644 --- a/x/pki/types/genesis_test.go +++ b/x/pki/types/genesis_test.go @@ -218,7 +218,7 @@ AllCertificatesBySubjectList: []types.AllCertificatesBySubject{ Subject: "1", }, }, -AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ +AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ { SubjectKeyId: "0", }, @@ -226,7 +226,7 @@ AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ SubjectKeyId: "1", }, }, -AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ +AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ { SubjectKeyId: "0", }, @@ -551,7 +551,7 @@ SubjectKeyID: "0", { desc: "duplicated allCertificatesBySubjectKeyId", genState: &types.GenesisState{ - AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ + AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ { SubjectKeyId: "0", }, @@ -565,7 +565,7 @@ SubjectKeyID: "0", { desc: "duplicated allCertificatesBySubjectKeyId", genState: &types.GenesisState{ - AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ + AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ { SubjectKeyId: "0", }, diff --git a/x/pki/types/key_all_certificates_by_subject_key_id.go b/x/pki/types/key_all_certificates_by_subject_key_id.go index f04b2fb9e..6ab7d33c2 100644 --- a/x/pki/types/key_all_certificates_by_subject_key_id.go +++ b/x/pki/types/key_all_certificates_by_subject_key_id.go @@ -6,7 +6,7 @@ var _ binary.ByteOrder const ( // AllCertificatesBySubjectKeyIDKeyPrefix is the prefix to retrieve all AllCertificatesBySubjectKeyId - AllCertificatesBySubjectKeyIDKeyPrefix = "AllCertificatesBySubjectKeyId/value/" + AllCertificatesBySubjectKeyIDKeyPrefix = "AllCertificatesBySubjectKeyID/value/" ) // AllCertificatesBySubjectKeyIDKey returns the store key to retrieve a AllCertificatesBySubjectKeyId from the index fields diff --git a/x/pki/types/key_approved_certificates_by_subject_key_id.go b/x/pki/types/key_approved_certificates_by_subject_key_id.go index 587098470..34e842edf 100644 --- a/x/pki/types/key_approved_certificates_by_subject_key_id.go +++ b/x/pki/types/key_approved_certificates_by_subject_key_id.go @@ -6,7 +6,7 @@ var _ binary.ByteOrder const ( // ApprovedCertificatesBySubjectKeyIDKeyPrefix is the prefix to retrieve all ApprovedCertificatesBySubjectKeyId. - ApprovedCertificatesBySubjectKeyIDKeyPrefix = "ApprovedCertificatesBySubjectKeyId/value/" + ApprovedCertificatesBySubjectKeyIDKeyPrefix = "ApprovedCertificatesBySubjectKeyID/value/" ) // ApprovedCertificatesBySubjectKeyIDKey returns the store key to retrieve a ApprovedCertificatesBySubjectKeyId from the index fields. From 28470dd1c9f1e42c23c8e709310f1a2dc3746737 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Mon, 2 Dec 2024 16:33:31 +0300 Subject: [PATCH 05/11] Refactoring PKI unit tests --- x/pki/keeper/all_certificates.go | 14 - x/pki/keeper/all_certificates_by_subject.go | 12 - x/pki/keeper/approved_certificates.go | 14 - .../approved_certificates_by_subject.go | 12 - x/pki/keeper/approved_root_certificates.go | 12 - x/pki/tests/handler_add_noc_ica_cert_test.go | 58 +--- x/pki/tests/handler_add_noc_root_cert_test.go | 10 +- x/pki/tests/handler_add_paa_cert_test.go | 305 ++++-------------- x/pki/tests/handler_add_pai_cert_test.go | 114 ++----- x/pki/tests/handler_add_revocation_test.go | 10 +- x/pki/tests/handler_assign_vid_test.go | 18 +- x/pki/tests/handler_delete_revocation_test.go | 3 +- .../tests/handler_remove_noc_ica_cert_test.go | 176 ++++------ .../handler_remove_noc_root_cert_test.go | 187 ++++------- x/pki/tests/handler_remove_pai_cert_test.go | 84 ++--- .../tests/handler_revoke_noc_ica_cert_test.go | 70 ++-- .../handler_revoke_noc_root_cert_test.go | 64 ++-- x/pki/tests/handler_revoke_paa_cert_test.go | 100 ++++-- x/pki/tests/handler_revoke_pai_cert_test.go | 62 ++-- x/pki/tests/utils/account.go | 14 + x/pki/tests/utils/certificate_assertions.go | 1 - x/pki/tests/utils/certificate_helpers.go | 135 ++++++++ x/pki/tests/utils/helpers.go | 43 --- x/pki/tests/utils/setup.go | 4 + 24 files changed, 546 insertions(+), 976 deletions(-) delete mode 100644 x/pki/tests/utils/helpers.go diff --git a/x/pki/keeper/all_certificates.go b/x/pki/keeper/all_certificates.go index 98133cfdf..178a385ce 100644 --- a/x/pki/keeper/all_certificates.go +++ b/x/pki/keeper/all_certificates.go @@ -179,17 +179,3 @@ func (k Keeper) verifyCertificate(ctx sdk.Context, fmt.Sprintf("Certificate verification failed for certificate with subject=%v and subjectKeyID=%v", x509Certificate.Subject, x509Certificate.SubjectKeyID)) } - -// IsAllCertificatePresent Check if the All Certificate is present in the store. -func (k Keeper) IsAllCertificatePresent( - ctx sdk.Context, - subject string, - subjectKeyID string, -) bool { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesKeyPrefix)) - - return store.Has(types.AllCertificatesKey( - subject, - subjectKeyID, - )) -} diff --git a/x/pki/keeper/all_certificates_by_subject.go b/x/pki/keeper/all_certificates_by_subject.go index fdf02acca..6ea63c6a6 100644 --- a/x/pki/keeper/all_certificates_by_subject.go +++ b/x/pki/keeper/all_certificates_by_subject.go @@ -128,15 +128,3 @@ func (k Keeper) GetAllAllCertificatesBySubject(ctx sdk.Context) (list []types.Al return } - -// IsCertificatesBySubjectPresent Check if the Certificate By Subject is present in the store. -func (k Keeper) IsCertificatesBySubjectPresent( - ctx sdk.Context, - subject string, -) bool { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyPrefix)) - - return store.Has(types.AllCertificatesBySubjectKey( - subject, - )) -} diff --git a/x/pki/keeper/approved_certificates.go b/x/pki/keeper/approved_certificates.go index 01d3aba54..9307ab6c3 100644 --- a/x/pki/keeper/approved_certificates.go +++ b/x/pki/keeper/approved_certificates.go @@ -128,17 +128,3 @@ func (k Keeper) AddApprovedCertificate(ctx sdk.Context, approvedCertificate type approvedCertificates.SubjectKeyId, ), b) } - -// IsApprovedCertificatesPresent Check if the Approved Certificate is present in the store. -func (k Keeper) IsApprovedCertificatesPresent( - ctx sdk.Context, - subject string, - subjectKeyID string, -) bool { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesKeyPrefix)) - - return store.Has(types.ApprovedCertificatesKey( - subject, - subjectKeyID, - )) -} diff --git a/x/pki/keeper/approved_certificates_by_subject.go b/x/pki/keeper/approved_certificates_by_subject.go index 1c4e894ae..4be88d743 100644 --- a/x/pki/keeper/approved_certificates_by_subject.go +++ b/x/pki/keeper/approved_certificates_by_subject.go @@ -103,15 +103,3 @@ func (k Keeper) RemoveApprovedCertificateBySubject(ctx sdk.Context, subject stri k.RemoveApprovedCertificatesBySubject(ctx, subject) } } - -// IsApprovedCertificatesBySubjectPresent Check if the Approved Certificate By Subject is present in the store. -func (k Keeper) IsApprovedCertificatesBySubjectPresent( - ctx sdk.Context, - subject string, -) bool { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyPrefix)) - - return store.Has(types.ApprovedCertificatesBySubjectKey( - subject, - )) -} diff --git a/x/pki/keeper/approved_root_certificates.go b/x/pki/keeper/approved_root_certificates.go index 03016b027..ec5ab5f74 100644 --- a/x/pki/keeper/approved_root_certificates.go +++ b/x/pki/keeper/approved_root_certificates.go @@ -85,15 +85,3 @@ func (k Keeper) RemoveApprovedRootCertificate( k.SetApprovedRootCertificates(ctx, rootCertificates) } - -// IsApprovedRootCertificatePresent Check if the Approved Root Certificate is present in the store. -func (k Keeper) IsApprovedRootCertificatePresent( - ctx sdk.Context, - subjectKeyID string, -) bool { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.ApprovedRootCertificatesKeyPrefix)) - - return store.Has(types.ApprovedCertificatesBySubjectKeyIDKey( - subjectKeyID, - )) -} diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 8ade55b79..402c1dfee 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -18,15 +18,13 @@ import ( func TestHandler_AddNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) - accAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // add NOC ICA certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, accAddress, icaCertificate.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // Check indexes indexes := utils.TestIndexes{ @@ -38,7 +36,7 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we created root certificate with same vid {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, @@ -59,25 +57,18 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - accAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) - // Store the NOC certificate - icaCertificate := utils.CreateTestNocIca1Cert() - intermediateCertificate := utils.NocIntermediateCertificate(accAddress) + // Store the NOC certificate with different serial number + intermediateCertificate := utils.NocIntermediateCertificate(setup.Vendor1) intermediateCertificate.SerialNumber = testconstants.TestSerialNumber utils.AddMokedNocCertificate(setup, intermediateCertificate, false) // add the new NOC certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert( - accAddress.String(), - icaCertificate.PEM, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509Cert) - require.NoError(t, err) + icaCertificate := utils.CreateTestNocIca1Cert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // query noc certificate by Subject and SKID indexes := utils.TestIndexes{ @@ -119,15 +110,10 @@ func TestHandler_AddNocX509Cert_SenderNotVendor(t *testing.T) { func TestHandler_AddNocX509Cert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - vid := testconstants.Vid - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) - newAccAddress := utils.GenerateAccAddress() - setup.AddAccount(newAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 1111) + newAccAddress := setup.CreateVendorAccount(1111) // try to add NOC certificate nocX509Cert := types.NewMsgAddNocX509IcaCert(newAccAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) @@ -138,12 +124,8 @@ func TestHandler_AddNocX509Cert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing func TestHandler_AddNocX509Cert_ForInvalidCertificate(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - vid := testconstants.Vid - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add x509 certificate - addX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.StubCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.StubCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate) } @@ -151,12 +133,8 @@ func TestHandler_AddNocX509Cert_ForInvalidCertificate(t *testing.T) { func TestHandler_AddXNoc509Cert_ForNocRootCertificate(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - vid := testconstants.Vid - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // try to add root certificate x509 certificate - addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrNonRootCertificateSelfSigned) } @@ -164,10 +142,6 @@ func TestHandler_AddXNoc509Cert_ForNocRootCertificate(t *testing.T) { func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - vid := testconstants.Vid - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // store root certificate rootCertOptions := &utils.RootCertOptions{ PemCert: testconstants.RootCertWithVid, @@ -179,7 +153,7 @@ func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // try to add root certificate x509 certificate - addX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrInappropriateCertificateType) } @@ -187,12 +161,8 @@ func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) { func TestHandler_AddXNoc509Cert_WhenNocRootCertIsAbsent(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - vid := testconstants.Vid - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add the new NOC certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509Cert) require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist) diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index 5b3705550..0f624f47b 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -17,11 +17,9 @@ import ( func TestHandler_AddNocRootCert(t *testing.T) { setup := utils.Setup(t) - accAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // Check indexes indexes := utils.TestIndexes{ @@ -53,16 +51,14 @@ func TestHandler_AddNocRootCert(t *testing.T) { func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - accAddress := setup.CreateVendorAccount(testconstants.Vid) - // Store the NOC root certificate rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, accAddress, rootCertificate1.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PEM) // add the new NOC root certificate rootCertificate2 := utils.CreateTestNocRoot2Cert() addNocX509RootCert := types.NewMsgAddNocX509RootCert( - accAddress.String(), + setup.Vendor1.String(), rootCertificate2.PEM, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) diff --git a/x/pki/tests/handler_add_paa_cert_test.go b/x/pki/tests/handler_add_paa_cert_test.go index 666057fa8..49cb0dd22 100644 --- a/x/pki/tests/handler_add_paa_cert_test.go +++ b/x/pki/tests/handler_add_paa_cert_test.go @@ -23,15 +23,7 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { rootCertificate := utils.CreateTestRootCert() // propose DA root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion, - ) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // Check indexes indexes := utils.TestIndexes{ @@ -63,25 +55,10 @@ func TestHandler_AddDaRootCert(t *testing.T) { rootCertificate := utils.CreateTestRootCert() // propose add x509 root certificate by trustee - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion, - ) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // approve by second trustee - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info, - ) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) // Check indexes indexes := utils.TestIndexes{ @@ -109,15 +86,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { rootCertificate := utils.CreateTestRootCert() // propose x509 root certificate by account without trustee role - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion, - ) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // Create an array of trustee account from 1 to 50 trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() @@ -127,25 +96,30 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { // Until we hit 2/3 of the total number of Trustees, we should not be able to approve the certificate for i := 1; i < twoThirds-1; i++ { - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - trusteeAccounts[i].String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info, - ) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) - - _, err = utils.QueryApprovedCertificates(setup, rootCertificate.Subject, rootCertificate.SubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) + utils.ApproveDaRootCertificate(setup, trusteeAccounts[i], rootCertificate.Subject, rootCertificate.SubjectKeyID) + + // Check indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } // One more approval will move this to approved state from pending - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), rootCertificate.Subject, rootCertificate.SubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) // Check indexes indexes := utils.TestIndexes{ @@ -190,45 +164,16 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion, - ) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // approve x509 root certificate by account Trustee2 - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info, - ) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) // approve x509 root certificate by account Trustee3 - approveAddX509RootCert = types.NewMsgApproveAddX509RootCert( - setup.Trustee3.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info, - ) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) + utils.ApproveDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyID) // reject x509 root certificate by account Trustee4 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( - fourthTrustee.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info, - ) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) + utils.RejectDaRootCertificate(setup, fourthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyID) // Check: ProposedCertificate - present because we haven't enough approvals indexes := utils.TestIndexes{ @@ -240,14 +185,7 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // approve x509 root certificate by account Trustee5 - approveAddX509RootCert = types.NewMsgApproveAddX509RootCert( - fifthTrustee.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info, - ) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) + utils.ApproveDaRootCertificate(setup, fifthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyID) // Check indexes indexes = utils.TestIndexes{ @@ -281,14 +219,7 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { // propose second root certificate testRootCertificate := utils.CreateTestRootCert() - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - testRootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, testRootCertificate.PEM) // Check indexes indexes := utils.TestIndexes{ @@ -380,23 +311,10 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { testRootCertificate := utils.CreateTestRootCert() // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - testRootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, testRootCertificate.PEM) // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( - setup.Trustee2.String(), - testRootCertificate.Subject, - testRootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) + utils.RejectDaRootCertificate(setup, setup.Trustee2, testRootCertificate.Subject, testRootCertificate.SubjectKeyID) // certificate should be in the entity , because we haven't enough reject approvals indexes := utils.TestIndexes{ @@ -425,13 +343,7 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { require.Equal(t, testconstants.Info, resolvedCertificates.ProposedCertificate.Rejects[0].Info) // reject x509 root certificate by account Trustee3 - rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert( - setup.Trustee3.String(), - testRootCertificate.Subject, - testRootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) + utils.RejectDaRootCertificate(setup, setup.Trustee3, testRootCertificate.Subject, testRootCertificate.SubjectKeyID) // certificate should not be in the entity , because we have enough reject approvals indexes = utils.TestIndexes{ @@ -468,13 +380,7 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * rootCertificate := utils.CreateTestRootCert() // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), - rootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Trustee, @@ -483,13 +389,7 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // approve x509 root certificate by account Trustee2 - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) pendingCert, _ := setup.Keeper.GetProposedCertificate( setup.Ctx, @@ -497,13 +397,9 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * rootCertificate.SubjectKeyID) prevRejectsLen := len(pendingCert.Rejects) prevApprovalsLen := len(pendingCert.Approvals) + // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) pendingCert, found := setup.Keeper.GetProposedCertificate(setup.Ctx, rootCertificate.Subject, @@ -520,14 +416,7 @@ func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t * rootCertificate := utils.CreateTestRootCert() // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Trustee, @@ -536,13 +425,7 @@ func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t * setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( - setup.Trustee2.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) pendingCert, _ := setup.Keeper.GetProposedCertificate( setup.Ctx, @@ -552,13 +435,7 @@ func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t * prevApprovalsLen := len(pendingCert.Approvals) // approve x509 root certificate by account Trustee2 - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) pendingCert, found := setup.Keeper.GetProposedCertificate( setup.Ctx, @@ -585,23 +462,10 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * // propose x509 root certificate by account Trustee1 rootCertificate := utils.CreateTestRootCert() - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( - setup.Trustee2.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) indexes := utils.TestIndexes{ Present: []utils.TestIndex{ @@ -622,13 +486,7 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // reject x509 root certificate by account Trustee3 - rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert( - setup.Trustee3.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) + utils.RejectDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyID) indexes = utils.TestIndexes{ Present: []utils.TestIndex{ @@ -654,23 +512,10 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByTrustee(t *testing.T) { // propose x509 root certificate rootCertificate := utils.CreateTestRootCert() - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // reject x509 root certificate - rejectX509RootCert := types.NewMsgRejectAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectX509RootCert) - require.NoError(t, err) + utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyID) // check state indexes indexes := utils.TestIndexes{ @@ -696,24 +541,10 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) // propose x509 root certificate rootCertificate := utils.CreateTestRootCert() - - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // reject x509 root certificate - rejectX509RootCert := types.NewMsgRejectAddX509RootCert( - setup.Trustee2.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectX509RootCert) - require.NoError(t, err) + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) // check state indexes indexes := utils.TestIndexes{ @@ -738,37 +569,18 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + // add another trustee + setup.CreateTrusteeAccount(1) // propose x509 root certificate rootCertificate := utils.CreateTestRootCert() - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.PEM, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // approve - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) // reject x509 root certificate - rejectX509RootCert := types.NewMsgRejectAddX509RootCert( - setup.Trustee1.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectX509RootCert) - require.NoError(t, err) + utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyID) // check state indexes indexes := utils.TestIndexes{ @@ -875,10 +687,7 @@ func TestHandler_ProposeAddX509RootCert_ForNocCertificate(t *testing.T) { setup := utils.Setup(t) // Store the NOC root certificate - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - - nocRootCertificate := utils.RootCertificate(vendorAccAddress) + nocRootCertificate := utils.RootCertificate(setup.Vendor1) nocRootCertificate.SerialNumber = testconstants.TestSerialNumber nocRootCertificate.CertificateType = types.CertificateType_OperationalPKI nocRootCertificate.Approvals = nil @@ -924,8 +733,7 @@ func TestHandler_ApproveAddX509RootCert_ForNotEnoughApprovals(t *testing.T) { setup := utils.Setup(t) // store account without trustee role - nonTrustee := utils.GenerateAccAddress() - setup.AddAccount(nonTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + nonTrustee := setup.CreateTrusteeAccount(1) // propose x509 root certificate by account without trustee role proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(nonTrustee.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -1006,8 +814,7 @@ func TestHandler_ApproveAddX509RootCert_Twice(t *testing.T) { setup := utils.Setup(t) // store account without Trustee role - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + accAddress := setup.CreateTrusteeAccount(1) // propose add x509 root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(accAddress.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index 651e80e41..6a2bc2783 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -19,21 +19,13 @@ import ( func TestHandler_AddDaIntermediateCert(t *testing.T) { setup := utils.Setup(t) - accAddress := setup.CreateVendorAccount(testconstants.Vid) - // add DA root certificate rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add DA PAI certificate testIntermediateCertificate := utils.CreateTestIntermediateCert() - - addX509Cert := types.NewMsgAddX509Cert( - accAddress.String(), - testIntermediateCertificate.PEM, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) // Check indexes indexes := utils.TestIndexes{ @@ -69,13 +61,7 @@ func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { // add intermediate certificate testIntermediateCertificate := utils.CreateTestIntermediateVidScopedCert() - - addX509Cert := types.NewMsgAddX509Cert( - accAddress.String(), - testIntermediateCertificate.PEM, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + utils.AddDaIntermediateCertificate(setup, accAddress, testIntermediateCertificate.PEM) // Check indexes indexes := utils.TestIndexes{ @@ -101,8 +87,6 @@ func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // store root certificate rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) @@ -112,17 +96,12 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( testIntermediateCertificate2 := utils.CreateTestIntermediateCert() testIntermediateCertificate2.SerialNumber = utils.SerialNumber - intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) + intermediateCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) intermediateCertificate.SerialNumber = utils.SerialNumber utils.AddMokedDaCertificate(setup, intermediateCertificate, false) // store intermediate certificate second time - addX509Cert := types.NewMsgAddX509Cert( - vendorAccAddress.String(), - testIntermediateCertificate1.PEM, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate1.PEM) // query All approved certificate allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) @@ -168,8 +147,6 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( func TestHandler_AddDaCert_ForTree(t *testing.T) { setup := utils.Setup(t) - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - testRootCertificate := utils.CreateTestRootCert() testIntermediateCertificate := utils.CreateTestIntermediateCert() testLeafCertificate := utils.CreateTestLeafCert() @@ -179,20 +156,10 @@ func TestHandler_AddDaCert_ForTree(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add intermediate x509 certificate - addIntermediateX509Cert := types.NewMsgAddX509Cert( - vendorAccAddress.String(), - testIntermediateCertificate.PEM, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addIntermediateX509Cert) - require.NoError(t, err) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) // add leaf x509 certificate - addLeafX509Cert := types.NewMsgAddX509Cert( - vendorAccAddress.String(), - testLeafCertificate.PEM, - testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addLeafX509Cert) - require.NoError(t, err) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testLeafCertificate.PEM) // Check indexes for root indexes := utils.TestIndexes{ @@ -236,8 +203,6 @@ func TestHandler_AddDaCert_ForTree(t *testing.T) { func TestHandler_AddX509Cert_EachChildCertRefersToTwoParentCerts(t *testing.T) { setup := utils.Setup(t) - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // store root certificate rootCert := utils.RootCertificate(setup.Trustee1) utils.AddMokedDaCertificate(setup, rootCert, true) @@ -248,19 +213,15 @@ func TestHandler_AddX509Cert_EachChildCertRefersToTwoParentCerts(t *testing.T) { utils.AddMokedDaCertificate(setup, rootCert, true) // store intermediate certificate (it refers to two parent certificates) - intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) + intermediateCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) intermediateCertificate.SerialNumber = utils.SerialNumber utils.AddMokedDaCertificate(setup, intermediateCertificate, true) // store second intermediate certificate (it refers to two parent certificates) - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.IntermediateCertPem) // store leaf certificate (it refers to two parent certificates) - addX509Cert = types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.LeafCertPem, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.LeafCertPem) // query root certificate rootCertificates, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) @@ -316,12 +277,7 @@ func TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { utils.AddMokedDaCertificate(setup, intermediateCertificate, false) // add an intermediate certificate with the same subject and SKID by second vendor account - addX509Cert := types.NewMsgAddX509Cert( - vendorAccAddress2.String(), - testconstants.IntermediateCertPem, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress2, testconstants.IntermediateCertPem) // ensure intermediate certificate exist // check list of certificates @@ -348,13 +304,10 @@ func TestHandler_AddX509Cert_VIDScopedRoot(t *testing.T) { rootCertOptions := utils.CreatePAACertWithNumericVidOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) + accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // add x509 certificate - addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.PAICertWithNumericPidVid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + utils.AddDaIntermediateCertificate(setup, accAddress, testconstants.PAICertWithNumericPidVid) // query certificate certs, _ := utils.QueryAllApprovedCertificates(setup) @@ -404,9 +357,7 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.accountVid) // add x509 certificate - addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), tc.childCert, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + utils.AddDaIntermediateCertificate(setup, accAddress, tc.childCert) // query certificate certs, _ := utils.QueryAllApprovedCertificates(setup) @@ -424,8 +375,7 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { func TestHandler_AddX509Cert_ForInvalidCertificate(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 1) + accAddress := setup.CreateVendorAccount(1) // add x509 certificate addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.StubCertPem, testconstants.CertSchemaVersion) @@ -436,8 +386,7 @@ func TestHandler_AddX509Cert_ForInvalidCertificate(t *testing.T) { func TestHandler_AddX509Cert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 1) + accAddress := setup.CreateVendorAccount(1) // add root certificate as leaf x509 certificate addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.RootCertPem, testconstants.CertSchemaVersion) @@ -452,8 +401,7 @@ func TestHandler_AddX509Cert_ForDuplicate(t *testing.T) { rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 1) + accAddress := setup.CreateVendorAccount(1) // store intermediate certificate addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) @@ -472,11 +420,8 @@ func TestHandler_AddX509Cert_ForExistingNocCertificate(t *testing.T) { rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // Store the NOC certificate - nocCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) + nocCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) nocCertificate.SerialNumber = testconstants.TestSerialNumber nocCertificate.CertificateType = types.CertificateType_OperationalPKI @@ -490,7 +435,7 @@ func TestHandler_AddX509Cert_ForExistingNocCertificate(t *testing.T) { setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) // store intermediate certificate - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrInappropriateCertificateType) } @@ -498,15 +443,12 @@ func TestHandler_AddX509Cert_ForExistingNocCertificate(t *testing.T) { func TestHandler_AddX509Cert_NoRootCert(t *testing.T) { setup := utils.Setup(t) - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add intermediate certificate - intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) + intermediateCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) // add leaf x509 certificate - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.LeafCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.LeafCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate) } @@ -514,8 +456,7 @@ func TestHandler_AddX509Cert_NoRootCert(t *testing.T) { func TestHandler_AddX509Cert_RootIsNoc(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.IntermediateCertWithVid1Vid) + accAddress := setup.CreateVendorAccount(testconstants.IntermediateCertWithVid1Vid) // Add NOC root certificate addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.RootCertPem, testconstants.CertSchemaVersion) @@ -531,11 +472,8 @@ func TestHandler_AddX509Cert_RootIsNoc(t *testing.T) { func TestHandler_AddX509Cert_ForAbsentDirectParentCert(t *testing.T) { setup := utils.Setup(t) - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add intermediate x509 certificate - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist) } @@ -549,11 +487,8 @@ func TestHandler_AddX509Cert_ForFailedCertificateVerification(t *testing.T) { testconstants.RootSerialNumber, setup.Trustee1.String(), []*types.Grant{}, []*types.Grant{}, testconstants.Vid, testconstants.SchemaVersion) setup.Keeper.AddAllCertificate(setup.Ctx, invalidRootCertificate) - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add intermediate x509 certificate - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate) } @@ -566,8 +501,7 @@ func TestHandler_AddX509Cert_ByOtherVendor(t *testing.T) { setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) // add first vendor account with VID = 1 - vendorAccAddress1 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) // Store an intermediate certificate with the first vendor account as the owner intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress1) diff --git a/x/pki/tests/handler_add_revocation_test.go b/x/pki/tests/handler_add_revocation_test.go index b32e562ac..a0add09ed 100644 --- a/x/pki/tests/handler_add_revocation_test.go +++ b/x/pki/tests/handler_add_revocation_test.go @@ -187,8 +187,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { func TestHandler_AddPkiRevocationDistributionPoint_PAAAlreadyExists(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) + accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // propose and approve x509 root certificate rootCertOptions := utils.CreatePAACertWithNumericVidOptions() @@ -314,11 +313,8 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) { func TestHandler_AddPkiRevocationDistributionPoint_DataURLNotUnique(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAICertWithPidVidVid) - - baseVendorAcc := utils.GenerateAccAddress() - setup.AddAccount(baseVendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAcc := setup.CreateVendorAccount(testconstants.PAICertWithPidVidVid) + baseVendorAcc := setup.CreateVendorAccount(testconstants.Vid) // propose and approve root certificate rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.Vid) diff --git a/x/pki/tests/handler_assign_vid_test.go b/x/pki/tests/handler_assign_vid_test.go index fa03d7217..40858c471 100644 --- a/x/pki/tests/handler_assign_vid_test.go +++ b/x/pki/tests/handler_assign_vid_test.go @@ -17,8 +17,7 @@ import ( func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) + vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate rootCertificate := utils.CreateTestRootCert() @@ -65,8 +64,7 @@ func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) + vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate rootCertOptions := utils.CreatePAACertWithNumericVidOptions() @@ -129,8 +127,7 @@ func TestHandler_AssignVid_SenderNotVendorAdmin(t *testing.T) { func TestHandler_AssignVid_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) + vendorAcc := setup.CreateVendorAdminAccount(0) assignVid := types.MsgAssignVid{ Signer: vendorAcc.String(), @@ -146,8 +143,7 @@ func TestHandler_AssignVid_CertificateDoesNotExist(t *testing.T) { func TestHandler_AssignVid_ForNonRootCertificate(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) + vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate rootCertOptions := utils.CreateTestRootCertOptions() @@ -176,8 +172,7 @@ func TestHandler_AssignVid_ForNonRootCertificate(t *testing.T) { func TestHandler_AssignVid_CertificateAlreadyHasVid(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) + vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate rootCertOptions := utils.CreatePAACertWithNumericVidOptions() @@ -197,8 +192,7 @@ func TestHandler_AssignVid_CertificateAlreadyHasVid(t *testing.T) { func TestHandler_AssignVid_MessageVidAndCertificateVidNotEqual(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, 0) + vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate rootCertOptions := utils.CreatePAACertWithNumericVidOptions() diff --git a/x/pki/tests/handler_delete_revocation_test.go b/x/pki/tests/handler_delete_revocation_test.go index f57b8306b..eaf2f43a2 100644 --- a/x/pki/tests/handler_delete_revocation_test.go +++ b/x/pki/tests/handler_delete_revocation_test.go @@ -180,8 +180,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_PositiveCases(t *testing.T func TestHandler_DeletePkiRevocationDistributionPoint_Multiple_SameIssuerSubjectKeyId(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) + vendorAcc := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // add PAA NOVID rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.PAACertWithNumericVidVid) diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index a5ad4649a..d1b1147bb 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -19,25 +19,15 @@ import ( func TestHandler_RemoveNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) // remove intermediate certificate - removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress.String(), - icaCertificate.Subject, - icaCertificate.SubjectKeyID, - "", - ) - _, err := setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) + utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyID, "") // Check indexes indexes := utils.TestIndexes{ @@ -67,25 +57,20 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // add two intermediate certificates icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate1.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PEM) icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate2.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) // add leaf certificate leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, leafCertificate.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -112,14 +97,7 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // remove all intermediate certificates but leave leaf certificate (NocCert1 and NocCert1Copy) - removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress.String(), - icaCertificate1.Subject, - icaCertificate1.SubjectKeyID, - "", - ) - _, err := setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) + utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.Subject, icaCertificate1.SubjectKeyID, "") // Check indexes for intermediate certificates indexes = utils.TestIndexes{ @@ -180,24 +158,21 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // Add ICA certificates icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate1.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PEM) // Add ICA certificates with sam subject and SKID but different serial number icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate2.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) // Add a leaf certificate leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, leafCertificate.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) // Check indexes for intermediate certificates before removing indexes := utils.TestIndexes{ @@ -218,14 +193,12 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // remove ICA certificate by serial number - removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress.String(), + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, icaCertificate1.Subject, icaCertificate1.SubjectKeyID, - icaCertificate1.SerialNumber, - ) - _, err := setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) + icaCertificate1.SerialNumber) // Check indexes for first certificate (second ica exist) indexes = utils.TestIndexes{ @@ -280,28 +253,23 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // Add an intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // revoke intermediate certificate by serial number - revokeX509Cert := types.NewMsgRevokeNocX509IcaCert( - vendorAccAddress.String(), + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyID, icaCertificate.SerialNumber, - testconstants.Info, false, ) - _, err := setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) // Check indexes after revocation indexes := utils.TestIndexes{ @@ -326,14 +294,13 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // remove intermediate certificate by serial number - removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress.String(), + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyID, icaCertificate.SerialNumber, ) - _, err = setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) indexes = utils.TestIndexes{ Present: []utils.TestIndex{}, @@ -361,28 +328,23 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // Add an intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // revoke an intermediate certificate - revokeX509Cert := types.NewMsgRevokeNocX509IcaCert( - vendorAccAddress.String(), + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyID, icaCertificate.SerialNumber, - testconstants.Info, false, ) - _, err := setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) // Check indexes after revocation indexes := utils.TestIndexes{ @@ -408,7 +370,7 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) // Add an intermediate certificate with new serial number icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate2.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) // Check indexes indexes = utils.TestIndexes{ @@ -431,14 +393,13 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // remove an intermediate certificate - removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress.String(), + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyID, "", ) - _, err = setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) // check that only root certificates exists allCerts, _ := utils.QueryAllNocCertificates(setup) @@ -470,12 +431,9 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // add first vendor account with VID = 1 vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) @@ -533,13 +491,11 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { func TestHandler_RemoveNocX509IcaCert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress.String(), testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, testconstants.NocCert1SerialNumber) + setup.Vendor1.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + testconstants.NocCert1SerialNumber) _, err := setup.Handler(setup.Ctx, removeIcaCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -548,23 +504,21 @@ func TestHandler_RemoveNocX509IcaCert_CertificateDoesNotExist(t *testing.T) { func TestHandler_RemoveNocX509IcaCert_EmptyCertificatesList(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) setup.Keeper.SetNocIcaCertificates( setup.Ctx, types.NocIcaCertificates{ - Vid: vid, + Vid: testconstants.Vid, }, ) removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress.String(), testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, "") + setup.Vendor1.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + "") _, err := setup.Handler(setup.Ctx, removeIcaCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -573,17 +527,11 @@ func TestHandler_RemoveNocX509IcaCert_EmptyCertificatesList(t *testing.T) { func TestHandler_RemoveNocX509IcaCert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add fist vendor account with VID = 1 - vendorAccAddress1 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) // add x509 certificate by `setup.Trustee` addX509Cert := types.NewMsgAddNocX509IcaCert(vendorAccAddress1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) @@ -605,16 +553,11 @@ func TestHandler_RemoveNocX509IcaCert_ByOtherVendor(t *testing.T) { func TestHandler_RemoveNocX509IcaCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add x509 certificate - addX509Cert := types.NewMsgAddNocX509IcaCert(vendorAccAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) @@ -628,10 +571,6 @@ func TestHandler_RemoveNocX509IcaCert_SenderNotVendor(t *testing.T) { func TestHandler_RemoveNocX509IcaCert_ForNonIcaCertificate(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - setup.Keeper.SetRevokedCertificates( setup.Ctx, types.RevokedCertificates{ @@ -644,7 +583,10 @@ func TestHandler_RemoveNocX509IcaCert_ForNonIcaCertificate(t *testing.T) { ) removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, "") + setup.Vendor1.String(), + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID, + "") _, err := setup.Handler(setup.Ctx, removeIcaCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -653,20 +595,18 @@ func TestHandler_RemoveNocX509IcaCert_ForNonIcaCertificate(t *testing.T) { func TestHandler_RemoveNocX509IcaCert_InvalidSerialNumber(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) - addX509Cert := types.NewMsgAddNocX509IcaCert(vendorAccAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) removeX509Cert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress.String(), testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, "invalid") + setup.Vendor1.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + "invalid") _, err = setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index 41a60d77b..990ef7dd7 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -19,22 +19,12 @@ import ( func TestHandler_RemoveNocRootCert(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificates rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) - // remove noc root certificate - removeIcaCert := types.NewMsgRemoveNocX509RootCert( - vendorAccAddress.String(), - rootCertificate.Subject, - rootCertificate.SubjectKeyID, - "", - ) - _, err := setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) + // remove noc root certificate + utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate.Subject, rootCertificate.SubjectKeyID, "") // Check indexes indexes := utils.TestIndexes{ @@ -62,19 +52,16 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificates rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate1.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PEM) rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate2.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) // Add intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -83,14 +70,7 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, 3, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) // remove all root nOC certificates but IAC certificate - removeIcaCert := types.NewMsgRemoveNocX509RootCert( - vendorAccAddress.String(), - rootCertificate1.Subject, - rootCertificate1.SubjectKeyID, - "", - ) - _, err := setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) + utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate1.Subject, rootCertificate1.SubjectKeyID, "") // check that only IAC certificate exists nocCerts, _ = utils.QueryAllNocCertificates(setup) @@ -141,29 +121,19 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificates rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate1.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PEM) rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate2.PEM) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) // Add ICA certificates icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // remove NOC root certificate by serial number - removeIcaCert := types.NewMsgRemoveNocX509RootCert( - vendorAccAddress.String(), - rootCertificate1.Subject, - rootCertificate1.SubjectKeyID, - rootCertificate1.SerialNumber, - ) - _, err := setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) + utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate1.Subject, rootCertificate1.SubjectKeyID, rootCertificate1.SerialNumber) nocCerts, _ := utils.QueryAllNocCertificates(setup) require.Equal(t, 2, len(nocCerts)) @@ -215,14 +185,7 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) // remove NOC root certificate by serial number and check that IAC cert is not removed - removeIcaCert = types.NewMsgRemoveNocX509RootCert( - vendorAccAddress.String(), - rootCertificate2.Subject, - rootCertificate2.SubjectKeyID, - rootCertificate2.SerialNumber, - ) - _, err = setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) + utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate2.Subject, rootCertificate2.SubjectKeyID, rootCertificate2.SerialNumber) nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(nocCerts)) @@ -272,31 +235,26 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add NOC root certificate rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1Copy) // Add an intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) // revoke NOC root certificates - revokeX509Cert := types.NewMsgRevokeNocX509RootCert( - vendorAccAddress.String(), - rootCertificate1.Subject, - rootCertificate1.SubjectKeyID, + utils.RevokeNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyID, "", - testconstants.Info, false, ) - _, err := setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) // Check indexes for root certificates indexes := utils.TestIndexes{ @@ -339,14 +297,13 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // remove NOC root certificates - removeIcaCert := types.NewMsgRemoveNocX509RootCert( - vendorAccAddress.String(), - rootCertificate1.Subject, - rootCertificate1.SubjectKeyID, + utils.RemoveNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyID, "", ) - _, err = setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) allCerts, _ := utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(allCerts)) @@ -394,16 +351,11 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // Add an intermediate certificate - addIcaCert := types.NewMsgAddNocX509IcaCert(vendorAccAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addIcaCert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addIcaCert) require.NoError(t, err) @@ -413,19 +365,17 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) require.Equal(t, 2, len(nocCerts)) // revoke an intermediate certificate - revokeX509Cert := types.NewMsgRevokeNocX509RootCert( - vendorAccAddress.String(), + utils.RevokeNocRootCertificate( + setup, + setup.Vendor1, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, testconstants.NocRootCert1SerialNumber, - testconstants.Info, false, ) - _, err = setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) // Add NOC root certificate with new serial number - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1Copy) certs, _ := utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, 1, len(certs.Certs)) @@ -433,7 +383,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) // remove NOC root certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509RootCert( - vendorAccAddress.String(), + setup.Vendor1.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, testconstants.NocRootCert1SerialNumber, @@ -460,20 +410,20 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) require.Equal(t, true, found) // query noc certificate by VID - nocCertificates, err := utils.QueryNocIcaCertificatesByVid(setup, vid) + nocCertificates, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, len(nocCertificates.Certs), 1) require.Equal(t, testconstants.NocCert1SerialNumber, nocCertificates.Certs[0].SerialNumber) // Add NOC root certificate with new serial number - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) certs, _ = utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, 2, len(certs.Certs)) // remove NOC root certificates removeIcaCert = types.NewMsgRemoveNocX509RootCert( - vendorAccAddress.String(), + setup.Vendor1.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, "", @@ -486,13 +436,13 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) require.Equal(t, 1, len(nocCerts[0].Certs)) require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) - nocCertificates, err = utils.QueryNocIcaCertificatesByVid(setup, vid) + nocCertificates, err = utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.NoError(t, err) require.Equal(t, len(nocCertificates.Certs), 1) require.Equal(t, testconstants.NocCert1SerialNumber, nocCertificates.Certs[0].SerialNumber) // check that IAC certificates can be queried by vid+skid - certsByVidSkid, _ := utils.QueryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocCert1SubjectKeyID) + certsByVidSkid, _ := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocCert1SubjectKeyID) require.Equal(t, 1, len(certsByVidSkid.Certs)) require.Equal(t, testconstants.NocCert1SerialNumber, certsByVidSkid.Certs[0].SerialNumber) @@ -503,11 +453,11 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) require.Equal(t, codes.NotFound, status.Code(err)) certsBySKID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) require.Empty(t, certsBySKID) - _, err = utils.QueryNocRootCertificatesByVid(setup, vid) + _, err = utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) require.Equal(t, codes.NotFound, status.Code(err)) - _, err = utils.QueryNocRootCertificatesByVid(setup, vid) + _, err = utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) require.Equal(t, codes.NotFound, status.Code(err)) - _, err = utils.QueryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocRootCert1SubjectKeyID) + _, err = utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificates does not exists @@ -520,13 +470,8 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add first vendor account with VID = 1 vendorAccAddress1 := utils.GenerateAccAddress() @@ -562,7 +507,7 @@ func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { require.Equal(t, 0, len(nocCerts)) // query noc certificate by VID - _, err = utils.QueryNocRootCertificatesByVid(setup, vid) + _, err = utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificate key is not registered @@ -574,13 +519,11 @@ func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { func TestHandler_RemoveNocX509RootCert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - removeIcaCert := types.NewMsgRemoveNocX509RootCert( - vendorAccAddress.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, testconstants.NocRootCert1SerialNumber) + setup.Vendor1.String(), + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + testconstants.NocRootCert1SerialNumber) _, err := setup.Handler(setup.Ctx, removeIcaCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -589,20 +532,18 @@ func TestHandler_RemoveNocX509RootCert_CertificateDoesNotExist(t *testing.T) { func TestHandler_RemoveNocX509RootCert_EmptyCertificatesList(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - setup.Keeper.SetNocRootCertificates( setup.Ctx, types.NocRootCertificates{ - Vid: vid, + Vid: testconstants.Vid, }, ) removeIcaCert := types.NewMsgRemoveNocX509RootCert( - vendorAccAddress.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, "") + setup.Vendor1.String(), + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + "") _, err := setup.Handler(setup.Ctx, removeIcaCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -611,13 +552,8 @@ func TestHandler_RemoveNocX509RootCert_EmptyCertificatesList(t *testing.T) { func TestHandler_RemoveNocX509RootCert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add fist vendor account with VID = 1 vendorAccAddress1 := utils.GenerateAccAddress() @@ -638,13 +574,8 @@ func TestHandler_RemoveNocX509RootCert_ByOtherVendor(t *testing.T) { func TestHandler_RemoveNocX509RootCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) removeIcaCert := types.NewMsgRemoveNocX509RootCert( setup.Trustee1.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, "") @@ -656,16 +587,14 @@ func TestHandler_RemoveNocX509RootCert_SenderNotVendor(t *testing.T) { func TestHandler_RemoveNocX509RootCert_InvalidSerialNumber(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) removeX509Cert := types.NewMsgRemoveNocX509RootCert( - vendorAccAddress.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, "invalid") + setup.Vendor1.String(), + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + "invalid") _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index b23a81854..21a4dcc1b 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -7,7 +7,6 @@ import ( "github.com/stretchr/testify/require" testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" - dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" "google.golang.org/grpc/codes" @@ -19,20 +18,17 @@ import ( func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // propose and approve x509 root certificate rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add intermediate certificates testIntermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.IntermediateCertPem) // Remove intermediate certificate removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), + setup.Vendor1.String(), testIntermediateCertificate.Subject, testIntermediateCertificate.SubjectKeyID, "", @@ -67,8 +63,7 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate rootCertOptions := &utils.RootCertOptions{ @@ -156,8 +151,7 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate rootCertOptions := &utils.RootCertOptions{ @@ -384,8 +378,7 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // Add an intermediate certificate addIntermediateX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateWithSameSubjectAndSKID1, testconstants.CertSchemaVersion) @@ -454,8 +447,7 @@ func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) // add first vendor account with VID = 1 - vendorAccAddress1 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) // add x509 certificate by fist vendor account addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) @@ -463,8 +455,7 @@ func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { require.NoError(t, err) // add second vendor account with VID = 1 - vendorAccAddress2 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) // remove x509 certificate by second vendor account removeX509Cert := types.NewMsgRemoveX509Cert( @@ -501,12 +492,11 @@ func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { func TestHandler_RemoveX509Cert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.IntermediateSerialNumber) + setup.Vendor1.String(), + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID, + testconstants.IntermediateSerialNumber) _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -518,10 +508,6 @@ func TestHandler_RemoveX509Cert_EmptyCertificatesList(t *testing.T) { rootCertificate := utils.RootCertificate(setup.Trustee1) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - setup.Keeper.SetApprovedCertificates( setup.Ctx, types.ApprovedCertificates{ @@ -531,7 +517,10 @@ func TestHandler_RemoveX509Cert_EmptyCertificatesList(t *testing.T) { ) removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, "") + setup.Vendor1.String(), + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID, + "") _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -546,8 +535,7 @@ func TestHandler_RemoveX509Cert_ByOtherVendor(t *testing.T) { setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) // add fist vendor account with VID = 1 - vendorAccAddress1 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) // add x509 certificate by `setup.Trustee` addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) @@ -555,8 +543,7 @@ func TestHandler_RemoveX509Cert_ByOtherVendor(t *testing.T) { require.NoError(t, err) // add scond vendor account with VID = 1000 - vendorAccAddress2 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) + vendorAccAddress2 := setup.CreateVendorAccount(testconstants.VendorID1) // revoke x509 certificate by second vendor account removeX509Cert := types.NewMsgRemoveX509Cert( @@ -574,8 +561,7 @@ func TestHandler_RemoveX509Cert_SenderNotVendor(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // add x509 certificate addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) @@ -595,12 +581,11 @@ func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber) + setup.Vendor1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber) _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) @@ -612,16 +597,15 @@ func TestHandler_RemoveX509Cert_InvalidSerialNumber(t *testing.T) { rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, "invalid") + setup.Vendor1.String(), + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID, + "invalid") _, err = setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -630,21 +614,19 @@ func TestHandler_RemoveX509Cert_InvalidSerialNumber(t *testing.T) { func TestHandler_RemoveX509Cert_ForNocIcaCertificate(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) - // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // Add ICA certificate - addX509Cert := types.NewMsgAddNocX509IcaCert(vendorAccAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, testconstants.NocCert1SerialNumber) + setup.Vendor1.String(), + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectKeyID, + testconstants.NocCert1SerialNumber) _, err = setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index c8242549a..0ab5f209b 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -20,18 +20,16 @@ import ( func TestHandler_RevokeNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) - accAddress := setup.CreateVendorAccount(testconstants.Vid) - // add the first NOC root certificate - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add the NOC non-root certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) // Revoke NOC with subject and subject key id only revokeCert := types.NewMsgRevokeNocX509IcaCert( - accAddress.String(), + setup.Vendor1.String(), icaCertificate.Subject, icaCertificate.SubjectKeyID, "", @@ -68,27 +66,24 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add the first NOC root certificate - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add the first NOC non-root certificate icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) // add the second NOC non-root certificate icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1Copy) // add the NOC leaf certificate leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocLeafCert1) // Revoke NOC with subject and subject key id only revokeCert := types.NewMsgRevokeNocX509IcaCert( - accAddress.String(), + setup.Vendor1.String(), icaCertificate1.Subject, icaCertificate1.SubjectKeyID, "", @@ -158,27 +153,24 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add the first NOC root certificate - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add the first NOC non-root certificate icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) // add the second NOC non-root certificate icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1Copy) // add the NOC leaf certificate leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocLeafCert1) // Revoke noc with subject and subject key id and its child too revokeCert := types.NewMsgRevokeNocX509IcaCert( - accAddress.String(), + setup.Vendor1.String(), icaCertificate1.Subject, icaCertificate1.SubjectKeyID, "", @@ -243,24 +235,21 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add the first NOC root certificate - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add the first NOC non-root certificate - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) // add the second NOC non-root certificate - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1Copy) // add the NOC leaf certificate - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocLeafCert1) // Revoke NOC by serial number only revokeCert := types.NewMsgRevokeNocX509IcaCert( - accAddress.String(), + setup.Vendor1.String(), testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, testconstants.NocCert1SerialNumber, @@ -328,32 +317,29 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add the first NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1, testconstants.SchemaVersion) + addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.SchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) // add the first NOC non-root certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.SchemaVersion) + addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.SchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509Cert) require.NoError(t, err) // add the second NOC non-root certificate - addNocX509Cert = types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1Copy, testconstants.SchemaVersion) + addNocX509Cert = types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1Copy, testconstants.SchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509Cert) require.NoError(t, err) // add the NOC leaf certificate - addNocX509Cert = types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocLeafCert1, testconstants.SchemaVersion) + addNocX509Cert = types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocLeafCert1, testconstants.SchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509Cert) require.NoError(t, err) // Revoke NOC with subject and subject key id and its child too revokeCert := types.NewMsgRevokeNocX509IcaCert( - accAddress.String(), + setup.Vendor1.String(), testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, testconstants.NocCert1SerialNumber, @@ -437,11 +423,8 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T func TestHandler_RevokeNocX509Cert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add the new NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) + addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) @@ -462,11 +445,8 @@ func TestHandler_RevokeNocX509Cert_SenderNotVendor(t *testing.T) { func TestHandler_RevokeNocX509Cert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - revokeCert := types.NewMsgRevokeNocX509IcaCert( - accAddress.String(), + setup.Vendor1.String(), testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, testconstants.NocCert1SerialNumber, diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index 5670eff45..dfc477177 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -20,12 +20,10 @@ import ( func TestHandler_RevokeNoRootCert(t *testing.T) { setup := utils.Setup(t) - accAddress := setup.CreateVendorAccount(testconstants.Vid) - // add the first NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() addNocX509RootCert := types.NewMsgAddNocX509RootCert( - accAddress.String(), + setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) @@ -33,7 +31,7 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { // Revoke NOC root with subject and subject key id only revokeCert := types.NewMsgRevokeNocX509RootCert( - accAddress.String(), + setup.Vendor1.String(), rootCertificate.Subject, rootCertificate.SubjectKeyID, "", @@ -70,37 +68,34 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { func TestHandler_RevokeNocX509RootCert_RevokeDefault(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add the first NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) + addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) // add the second NOC root certificate - addNocX509RootCert = types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) + addNocX509RootCert = types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) // add the third NOC root certificate - addNocX509RootCert = types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert2, testconstants.CertSchemaVersion) + addNocX509RootCert = types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert2, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) // add the first NOC non-root certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509Cert) require.NoError(t, err) // add the second NOC non-root certificate - addNocX509Cert = types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert2, testconstants.CertSchemaVersion) + addNocX509Cert = types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert2, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509Cert) require.NoError(t, err) // Revoke NOC root with subject and subject key id only revokeCert := types.NewMsgRevokeNocX509RootCert( - accAddress.String(), + setup.Vendor1.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, "", @@ -179,27 +174,24 @@ func TestHandler_RevokeNocX509RootCert_RevokeDefault(t *testing.T) { func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add the first NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) + addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) // add the second NOC root certificate - addNocX509RootCert = types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) + addNocX509RootCert = types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) // add the first NOC non-root certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509Cert) require.NoError(t, err) // Revoke NOC root with subject and subject key id and its child too revokeCert := types.NewMsgRevokeNocX509RootCert( - accAddress.String(), + setup.Vendor1.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, "", @@ -281,27 +273,24 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add the first NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) + addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) // add the second NOC root certificate - addNocX509RootCert = types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) + addNocX509RootCert = types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) // add the first NOC non-root certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509Cert) require.NoError(t, err) // Revoke NOC root with subject and subject key id by serial number revokeCert := types.NewMsgRevokeNocX509RootCert( - accAddress.String(), + setup.Vendor1.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, testconstants.NocRootCert1SerialNumber, @@ -374,27 +363,24 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add the first NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) + addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) // add the second NOC root certificate - addNocX509RootCert = types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) + addNocX509RootCert = types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) // add the first NOC non-root certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addNocX509Cert) require.NoError(t, err) // Revoke NOC root with subject and subject key id by serial number revokeCert := types.NewMsgRevokeNocX509RootCert( - accAddress.String(), + setup.Vendor1.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, testconstants.NocRootCert1SerialNumber, @@ -468,11 +454,8 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing func TestHandler_RevokeNocX509RootCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add the new NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) + addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) @@ -493,11 +476,8 @@ func TestHandler_RevokeNocX509RootCert_SenderNotVendor(t *testing.T) { func TestHandler_RevokeNocX509RootCert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - revokeCert := types.NewMsgRevokeNocX509RootCert( - accAddress.String(), + setup.Vendor1.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, testconstants.NocRootCert1SerialNumber, diff --git a/x/pki/tests/handler_revoke_paa_cert_test.go b/x/pki/tests/handler_revoke_paa_cert_test.go index 3b0280b75..62546ad4f 100644 --- a/x/pki/tests/handler_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_revoke_paa_cert_test.go @@ -74,8 +74,7 @@ func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // add another trustee - anotherTrustee := utils.GenerateAccAddress() - setup.AddAccount(anotherTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + anotherTrustee := setup.CreateTrusteeAccount(1) // propose revocation of x509 root certificate by new trustee proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -432,9 +431,6 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add root x509 certificate rootCertificate := utils.CreateTestRootCert() rootCertOptions := utils.CreateTestRootCertOptions() @@ -442,11 +438,11 @@ func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { // add intermediate x509 certificate intermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.IntermediateCertPem) // add leaf x509 certificate leafCertificate := utils.CreateTestLeafCert() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.LeafCertPem) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -502,8 +498,7 @@ func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add 1 more trustee (this will bring the total trustee's to 4) - anotherTrustee := utils.GenerateAccAddress() - setup.AddAccount(anotherTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + setup.CreateTrusteeAccount(1) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -621,7 +616,12 @@ func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExist(t *testing.T) // propose revocation of not existing certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, false, testconstants.Info) + setup.Trustee1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + false, + testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -651,7 +651,12 @@ func TestHandler_ProposeRevokeX509RootCert_ForProposedCertificate(t *testing.T) setup := utils.Setup(t) // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + testconstants.RootCertPem, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) @@ -661,7 +666,12 @@ func TestHandler_ProposeRevokeX509RootCert_ForProposedCertificate(t *testing.T) // propose revocation of proposed root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, false, testconstants.Info) + setup.Trustee1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + false, + testconstants.Info) _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) @@ -681,8 +691,7 @@ func TestHandler_ProposeRevokeX509RootCert_ProposedRevocationAlreadyExists(t *te require.NoError(t, err) // store another trustee - anotherTrustee := utils.GenerateAccAddress() - setup.AddAccount(anotherTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + anotherTrustee := setup.CreateTrusteeAccount(1) // propose revocation of the same x509 root certificate again proposeRevokeX509RootCert = types.NewMsgProposeRevokeX509RootCert( @@ -701,8 +710,7 @@ func TestHandler_ProposeRevokeX509RootCert_ForNonRootCertificate(t *testing.T) { setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // store x509 intermediate certificate addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) @@ -711,7 +719,12 @@ func TestHandler_ProposeRevokeX509RootCert_ForNonRootCertificate(t *testing.T) { // propose revocation of x509 intermediate certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.RootSerialNumber, false, testconstants.Info) + setup.Trustee1.String(), + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectKeyID, + testconstants.RootSerialNumber, + false, + testconstants.Info) _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) @@ -726,7 +739,12 @@ func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, false, testconstants.Info) + setup.Trustee1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + false, + testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) @@ -740,7 +758,11 @@ func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { // approve approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - accAddress.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) + accAddress.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + testconstants.Info) _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) @@ -756,7 +778,11 @@ func TestHandler_ApproveRevokeX509RootCert_ProposedRevocationDoesNotExist(t *tes // approve revocation of x509 root certificate approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) + setup.Trustee1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + testconstants.Info) _, err := setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrProposedCertificateRevocationDoesNotExist.Is(err)) @@ -771,13 +797,22 @@ func TestHandler_ApproveRevokeX509RootCert_Twice(t *testing.T) { // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, false, testconstants.Info) + setup.Trustee1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + false, + testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(t, err) // approve revocation by the same trustee approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) + setup.Trustee1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + testconstants.Info) _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) @@ -786,17 +821,24 @@ func TestHandler_ApproveRevokeX509RootCert_Twice(t *testing.T) { func TestHandler_RevocationPointsByIssuerSubjectKeyID(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 65521) + vendorAcc := setup.CreateVendorAccount(65521) // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.PAACertWithNumericVid, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + testconstants.PAACertWithNumericVid, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) // approve approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), testconstants.PAACertWithNumericVidSubject, testconstants.PAACertWithNumericVidSubjectKeyID, testconstants.Info) + setup.Trustee2.String(), + testconstants.PAACertWithNumericVidSubject, + testconstants.PAACertWithNumericVidSubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) @@ -875,8 +917,7 @@ func TestHandler_RevocationPointsByIssuerSubjectKeyID(t *testing.T) { func TestHandler_AddRevocationPointForSameCertificateWithDifferentWhitespaces(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 65521) + vendorAcc := setup.CreateVendorAccount(65521) // propose x509 root certificate by account Trustee1 proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.PAACertWithNumericVid, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -912,8 +953,7 @@ func TestHandler_AddRevocationPointForSameCertificateWithDifferentWhitespaces(t func TestHandler_UpdateRevocationPointForSameCertificateWithDifferentWhitespaces(t *testing.T) { setup := utils.Setup(t) - vendorAcc := utils.GenerateAccAddress() - setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, 65521) + vendorAcc := setup.CreateVendorAccount(65521) // propose x509 root certificate by account Trustee1 proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.PAACertWithNumericVid, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index cee318fd2..2916b81f6 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -92,9 +92,6 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - // add root x509 certificate rootCertificate := utils.CreateTestRootCert() rootCertOptions := utils.CreateTestRootCertOptions() @@ -102,15 +99,15 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { // add intermediate x509 certificate intermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.IntermediateCertPem) // add leaf x509 certificate leafCertificate := utils.CreateTestLeafCert() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.LeafCertPem) // revoke x509 certificate revokeX509Cert := types.NewMsgRevokeX509Cert( - vendorAccAddress.String(), + setup.Vendor1.String(), intermediateCertificate.Subject, intermediateCertificate.SubjectKeyID, "", @@ -163,18 +160,14 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // propose and approve x509 root certificate rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add two intermediate certificates - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.IntermediateCertPem) - intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress) + intermediateCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) intermediateCertificate.SerialNumber = utils.SerialNumber setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, intermediateCertificate) @@ -185,7 +178,7 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { ) // Add a leaf certificate - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.LeafCertPem) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) @@ -195,7 +188,7 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { // revoke only an intermediate certificate revokeX509Cert := types.NewMsgRevokeX509Cert( - vendorAccAddress.String(), + setup.Vendor1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.IntermediateSerialNumber, @@ -237,7 +230,7 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { // revoke intermediate and leaf certificates revokeX509Cert = types.NewMsgRevokeX509Cert( - vendorAccAddress.String(), + setup.Vendor1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, utils.SerialNumber, @@ -286,8 +279,7 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) // add first vendor account with VID = 1 - vendorAccAddress1 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) // add x509 certificate by first vendor account addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) @@ -295,8 +287,7 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { require.NoError(t, err) // add second vendor account with VID = 1 - vendorAccAddress2 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) // revoke x509 certificate by second vendor account revokeX509Cert := types.NewMsgRevokeX509Cert( @@ -342,13 +333,9 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { func TestHandler_RevokeX509Cert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // revoke x509 certificate revokeX509Cert := types.NewMsgRevokeX509Cert( - vendorAccAddress.String(), + setup.Vendor1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.IntermediateSerialNumber, @@ -362,22 +349,22 @@ func TestHandler_RevokeX509Cert_CertificateDoesNotExist(t *testing.T) { func TestHandler_RevokeX509Cert_CertificateDoesNotExistBySerialNumber(t *testing.T) { setup := utils.Setup(t) + // propose and approve x509 root certificate rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // Add intermediate certificate - addIntermediateX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addIntermediateX509Cert := types.NewMsgAddX509Cert( + setup.Vendor1.String(), + testconstants.IntermediateCertPem, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addIntermediateX509Cert) require.NoError(t, err) // revoke x509 certificate revokeX509Cert := types.NewMsgRevokeX509Cert( - vendorAccAddress.String(), + setup.Vendor1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, "invalid", @@ -396,13 +383,9 @@ func TestHandler_RevokeX509Cert_ForRootCertificate(t *testing.T) { rootCertOptions := utils.CreateTestRootCertOptions() utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // revoke x509 root certificate revokeX509Cert := types.NewMsgRevokeX509Cert( - vendorAccAddress.String(), + setup.Vendor1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, @@ -422,12 +405,8 @@ func TestHandler_RevokeX509Cert_ByOtherVendor(t *testing.T) { setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - // add first vendor account with VID = 1 - vendorAccAddress1 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // add x509 certificate by first vendor account - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) @@ -457,8 +436,7 @@ func TestHandler_RevokeX509Cert_SenderNotVendor(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.RootCertWithVidVid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // add x509 certificate addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) diff --git a/x/pki/tests/utils/account.go b/x/pki/tests/utils/account.go index 9c2a30cfe..a0e24148b 100644 --- a/x/pki/tests/utils/account.go +++ b/x/pki/tests/utils/account.go @@ -44,6 +44,20 @@ func (setup *TestSetup) CreateVendorAccount(vid int32) sdk.AccAddress { return accAddress } +func (setup *TestSetup) CreateVendorAdminAccount(vid int32) sdk.AccAddress { + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.VendorAdmin}, vid) + + return accAddress +} + +func (setup *TestSetup) CreateTrusteeAccount(vid int32) sdk.AccAddress { + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, vid) + + return accAddress +} + func (setup *TestSetup) AddAccount( accAddress sdk.AccAddress, roles []dclauthtypes.AccountRole, diff --git a/x/pki/tests/utils/certificate_assertions.go b/x/pki/tests/utils/certificate_assertions.go index 213735c4a..faa24186d 100644 --- a/x/pki/tests/utils/certificate_assertions.go +++ b/x/pki/tests/utils/certificate_assertions.go @@ -11,7 +11,6 @@ import ( type TestIndex struct { Key string - Exist bool Count int } diff --git a/x/pki/tests/utils/certificate_helpers.go b/x/pki/tests/utils/certificate_helpers.go index 95e4501a5..98689cf3e 100644 --- a/x/pki/tests/utils/certificate_helpers.go +++ b/x/pki/tests/utils/certificate_helpers.go @@ -46,3 +46,138 @@ func AddMokedNocCertificate( setup.Keeper.SetUniqueCertificate(setup.Ctx, UniqueCertificate(certificate.Issuer, certificate.SerialNumber)) setup.Keeper.StoreNocCertificate(setup.Ctx, certificate, isRoot) } + +func UniqueCertificate(issuer string, serialNumber string) types.UniqueCertificate { + return types.UniqueCertificate{ + Issuer: issuer, + SerialNumber: serialNumber, + Present: true, + } +} + +func CertificateIdentifier(subject string, subjectKeyID string) types.CertificateIdentifier { + return types.CertificateIdentifier{ + Subject: subject, + SubjectKeyId: subjectKeyID, + } +} + +func ProposeDaRootCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) *types.MsgProposeAddX509RootCert { + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + address.String(), + pemCert, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion, + ) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(setup.T, err) + + return proposeAddX509RootCert +} + +func ApproveDaRootCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string) *types.MsgApproveAddX509RootCert { + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + address.String(), + subject, + subjectKeyID, + testconstants.Info, + ) + _, err := setup.Handler(setup.Ctx, approveAddX509RootCert) + require.NoError(setup.T, err) + + return approveAddX509RootCert +} + +func RejectDaRootCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string) *types.MsgRejectAddX509RootCert { + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( + address.String(), + subject, + subjectKeyID, + testconstants.Info, + ) + _, err := setup.Handler(setup.Ctx, rejectAddX509RootCert) + require.NoError(setup.T, err) + + return rejectAddX509RootCert +} + +func AddDaIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) *types.MsgAddX509Cert { + addX509Cert := types.NewMsgAddX509Cert(address.String(), pemCert, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, addX509Cert) + require.NoError(setup.T, err) + + return addX509Cert +} + +func AddNocRootCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) *types.MsgAddNocX509RootCert { + addNocX509RootCert := types.NewMsgAddNocX509RootCert(address.String(), pemCert, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(setup.T, err) + + return addNocX509RootCert +} + +func AddNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) *types.MsgAddNocX509IcaCert { + nocX509Cert := types.NewMsgAddNocX509IcaCert(address.String(), pemCert, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, nocX509Cert) + require.NoError(setup.T, err) + + return nocX509Cert +} + +func RemoveNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string, serialNumber string) *types.MsgRemoveNocX509IcaCert { + removeIcaCert := types.NewMsgRemoveNocX509IcaCert( + address.String(), + subject, + subjectKeyID, + serialNumber, + ) + _, err := setup.Handler(setup.Ctx, removeIcaCert) + require.NoError(setup.T, err) + + return removeIcaCert +} + +func RevokeNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string, serialNumber string, revokedChild bool) *types.MsgRevokeNocX509IcaCert { + revokeX509Cert := types.NewMsgRevokeNocX509IcaCert( + address.String(), + subject, + subjectKeyID, + serialNumber, + testconstants.Info, + revokedChild, + ) + _, err := setup.Handler(setup.Ctx, revokeX509Cert) + require.NoError(setup.T, err) + + return revokeX509Cert +} + +func RemoveNocRootCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string, serialNumber string) *types.MsgRemoveNocX509RootCert { + removeRootCert := types.NewMsgRemoveNocX509RootCert( + address.String(), + subject, + subjectKeyID, + serialNumber, + ) + _, err := setup.Handler(setup.Ctx, removeRootCert) + require.NoError(setup.T, err) + + return removeRootCert +} + +func RevokeNocRootCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string, serialNumber string, revokedChild bool) *types.MsgRevokeNocX509RootCert { + revokeX509Cert := types.NewMsgRevokeNocX509RootCert( + address.String(), + subject, + subjectKeyID, + serialNumber, + testconstants.Info, + revokedChild, + ) + _, err := setup.Handler(setup.Ctx, revokeX509Cert) + require.NoError(setup.T, err) + + return revokeX509Cert +} diff --git a/x/pki/tests/utils/helpers.go b/x/pki/tests/utils/helpers.go deleted file mode 100644 index 9acae4622..000000000 --- a/x/pki/tests/utils/helpers.go +++ /dev/null @@ -1,43 +0,0 @@ -package utils - -import ( - sdk "github.com/cosmos/cosmos-sdk/types" - "github.com/stretchr/testify/require" - testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" -) - -func UniqueCertificate(issuer string, serialNumber string) types.UniqueCertificate { - return types.UniqueCertificate{ - Issuer: issuer, - SerialNumber: serialNumber, - Present: true, - } -} - -func CertificateIdentifier(subject string, subjectKeyID string) types.CertificateIdentifier { - return types.CertificateIdentifier{ - Subject: subject, - SubjectKeyId: subjectKeyID, - } -} - -func AddDaIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) { - addX509Cert := types.NewMsgAddX509Cert(address.String(), pemCert, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(setup.T, err) -} - -func AddNocRootCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) { - // add the new NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(address.String(), pemCert, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(setup.T, err) -} - -func AddNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) { - // add the new NOC root certificate - nocX509Cert := types.NewMsgAddNocX509IcaCert(address.String(), pemCert, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, nocX509Cert) - require.NoError(setup.T, err) -} diff --git a/x/pki/tests/utils/setup.go b/x/pki/tests/utils/setup.go index 41f51b2ee..204faa49c 100644 --- a/x/pki/tests/utils/setup.go +++ b/x/pki/tests/utils/setup.go @@ -6,6 +6,7 @@ import ( sdk "github.com/cosmos/cosmos-sdk/types" "github.com/stretchr/testify/mock" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" testkeeper "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/keeper" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki" @@ -33,6 +34,7 @@ type TestSetup struct { Trustee1 sdk.AccAddress Trustee2 sdk.AccAddress Trustee3 sdk.AccAddress + Vendor1 sdk.AccAddress } func Setup(t *testing.T) *TestSetup { @@ -50,11 +52,13 @@ func Setup(t *testing.T) *TestSetup { Trustee1: GenerateAccAddress(), Trustee2: GenerateAccAddress(), Trustee3: GenerateAccAddress(), + Vendor1: GenerateAccAddress(), } setup.AddAccount(setup.Trustee1, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 65521) setup.AddAccount(setup.Trustee2, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) setup.AddAccount(setup.Trustee3, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 2) + setup.AddAccount(setup.Vendor1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) return setup } From bf7a652b444aa0d46d0a18324de22cdd8704923e Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Wed, 4 Dec 2024 12:24:46 +0300 Subject: [PATCH 06/11] Refactoring PKI unit tests --- integration_tests/constants/constants.go | 1 + integration_tests/constants/noc_constants.go | 11 +- x/pki/tests/handler_add_noc_ica_cert_test.go | 15 +- x/pki/tests/handler_add_noc_root_cert_test.go | 11 +- x/pki/tests/handler_add_paa_cert_test.go | 79 ++- x/pki/tests/handler_add_pai_cert_test.go | 124 ++-- x/pki/tests/handler_add_revocation_test.go | 11 +- x/pki/tests/handler_assign_vid_test.go | 101 ++-- x/pki/tests/handler_delete_revocation_test.go | 10 +- .../tests/handler_remove_noc_ica_cert_test.go | 87 ++- .../handler_remove_noc_root_cert_test.go | 382 +++++++----- x/pki/tests/handler_remove_pai_cert_test.go | 321 +++++----- .../tests/handler_revoke_noc_ica_cert_test.go | 323 +++++----- .../handler_revoke_noc_root_cert_test.go | 558 +++++++----------- x/pki/tests/handler_revoke_paa_cert_test.go | 294 +++------ x/pki/tests/handler_revoke_pai_cert_test.go | 312 +++++----- x/pki/tests/handler_update_revocation_test.go | 30 +- x/pki/tests/utils/certificate_helpers.go | 204 ++++++- x/pki/tests/utils/data.go | 57 ++ 19 files changed, 1433 insertions(+), 1498 deletions(-) diff --git a/integration_tests/constants/constants.go b/integration_tests/constants/constants.go index ce3a1ca2c..cd4759e9c 100644 --- a/integration_tests/constants/constants.go +++ b/integration_tests/constants/constants.go @@ -285,6 +285,7 @@ mUkpxyqvChVI1A0DTVFLJd4= -----END CERTIFICATE-----` PAACertWithNumericVidSubject = "MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=" PAACertWithNumericVidSubjectKeyID = "6A:FD:22:77:1F:51:1F:EC:BF:16:41:97:67:10:DC:DC:31:A1:71:7E" + PAACertWithNumericVidSerialNumber = "4ea8e83182d41c1c" PAACertWithNumericVidVid int32 = 65521 PAACertWithNumericVidDifferentWhitespaces = ` -----BEGIN CERTIFICATE----- diff --git a/integration_tests/constants/noc_constants.go b/integration_tests/constants/noc_constants.go index 8554b7f71..064b706ed 100644 --- a/integration_tests/constants/noc_constants.go +++ b/integration_tests/constants/noc_constants.go @@ -165,11 +165,12 @@ zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj NocCert1CopyAuthorityKeyID = NocCert1AuthorityKeyID NocCert1CopySubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" - NocCert2Subject = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg==" - NocCert2Issuer = NocRootCert2Subject - NocCert2SubjectKeyID = "87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD" - NocCert2SerialNumber = "361372967010167010646904372658654439710639340814" - NocCert2SubjectAsText = "CN=NOC-child-2,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" + NocCert2Subject = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg==" + NocCert2Issuer = NocRootCert2Subject + NocCert2AuthorityKeyID = NocRootCert2SubjectKeyID + NocCert2SubjectKeyID = "87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD" + NocCert2SerialNumber = "361372967010167010646904372658654439710639340814" + NocCert2SubjectAsText = "CN=NOC-child-2,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" NocLeafCert1Subject = "MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0x" NocLeafCert1Issuer = NocCert1Subject diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 402c1dfee..21727fb2a 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -26,7 +26,7 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -70,7 +70,7 @@ func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) - // query noc certificate by Subject and SKID + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix, Count: 2}, @@ -143,14 +143,9 @@ func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertOptions := &utils.RootCertOptions{ - PemCert: testconstants.RootCertWithVid, - Info: testconstants.Info, - Subject: testconstants.RootCertWithVidSubject, - SubjectKeyID: testconstants.RootCertWithVidSubjectKeyID, - Vid: testconstants.RootCertWithVidVid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + + rootCert := utils.CreateTestRootCertWithVid() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // try to add root certificate x509 certificate addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index 0f624f47b..ddaa0f91c 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -21,7 +21,7 @@ func TestHandler_AddNocRootCert(t *testing.T) { rootCertificate := utils.CreateTestNocRoot1Cert() utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -57,14 +57,9 @@ func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *test // add the new NOC root certificate rootCertificate2 := utils.CreateTestNocRoot2Cert() - addNocX509RootCert := types.NewMsgAddNocX509RootCert( - setup.Vendor1.String(), - rootCertificate2.PEM, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) - // check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix, Count: 2}, diff --git a/x/pki/tests/handler_add_paa_cert_test.go b/x/pki/tests/handler_add_paa_cert_test.go index 49cb0dd22..061ae4725 100644 --- a/x/pki/tests/handler_add_paa_cert_test.go +++ b/x/pki/tests/handler_add_paa_cert_test.go @@ -25,7 +25,7 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { // propose DA root certificate proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, @@ -52,15 +52,14 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { func TestHandler_AddDaRootCert(t *testing.T) { setup := utils.Setup(t) - rootCertificate := utils.CreateTestRootCert() - // propose add x509 root certificate by trustee + rootCertificate := utils.CreateTestRootCert() utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // approve by second trustee utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -83,9 +82,8 @@ func TestHandler_AddDaRootCert(t *testing.T) { func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup := utils.Setup(t) - rootCertificate := utils.CreateTestRootCert() - // propose x509 root certificate by account without trustee role + rootCertificate := utils.CreateTestRootCert() utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // Create an array of trustee account from 1 to 50 @@ -98,7 +96,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { for i := 1; i < twoThirds-1; i++ { utils.ApproveDaRootCertificate(setup, trusteeAccounts[i], rootCertificate.Subject, rootCertificate.SubjectKeyID) - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -121,7 +119,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { // One more approval will move this to approved state from pending utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -140,7 +138,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // Additional check: Check all approvals are present + // Additional checks for i := 1; i < twoThirds-1; i++ { require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(trusteeAccounts[i].String()), true) } @@ -151,8 +149,6 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) { setup := utils.Setup(t) - rootCertificate := utils.CreateTestRootCert() - // we have 5 trustees: 1 approval comes from propose => we need 3 more approvals // store 4th trustee @@ -164,6 +160,7 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account Trustee1 + rootCertificate := utils.CreateTestRootCert() utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) // approve x509 root certificate by account Trustee2 @@ -175,19 +172,29 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) // reject x509 root certificate by account Trustee4 utils.RejectDaRootCertificate(setup, fourthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyID) - // Check: ProposedCertificate - present because we haven't enough approvals + // Check state indexes - certificate is in proposed state indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, }, - Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // approve x509 root certificate by account Trustee5 utils.ApproveDaRootCertificate(setup, fifthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyID) - // Check indexes + // Check state indexes indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -221,7 +228,7 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { testRootCertificate := utils.CreateTestRootCert() utils.ProposeDaRootCertificate(setup, setup.Trustee1, testRootCertificate.PEM) - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, // we have both: Proposed and Approved @@ -247,28 +254,13 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T) { setup := utils.Setup(t) - testRootCertificate := utils.CreateTestRootCertWithSameSubject() - testRootCertificate2 := utils.CreateTestRootCertWithSameSubject2() - // add Certificate1 - rootCertOptions := &utils.RootCertOptions{ - PemCert: testRootCertificate.PEM, - Subject: testRootCertificate.Subject, - SubjectKeyID: testRootCertificate.SubjectKeyID, - Info: testconstants.Info, - Vid: testconstants.Vid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + testRootCertificate := utils.CreateTestRootCertWithSameSubject() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate) // add Certificate2 - rootCert2Options := &utils.RootCertOptions{ - PemCert: testRootCertificate2.PEM, - Subject: testRootCertificate2.Subject, - SubjectKeyID: testRootCertificate2.SubjectKeyID, - Info: testconstants.Info, - Vid: testconstants.Vid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert2Options) + testRootCertificate2 := utils.CreateTestRootCertWithSameSubject2() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate2) // Check indexes by subject + subject key id allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) @@ -277,7 +269,7 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T allCertificates, _ := utils.QueryAllCertificatesAll(setup) require.Equal(t, 2, len(allCertificates)) - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -308,9 +300,8 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T func TestHandler_RejectAddDaRootCert(t *testing.T) { setup := utils.Setup(t) - testRootCertificate := utils.CreateTestRootCert() - // propose x509 root certificate by account Trustee1 + testRootCertificate := utils.CreateTestRootCert() utils.ProposeDaRootCertificate(setup, setup.Trustee1, testRootCertificate.PEM) // reject x509 root certificate by account Trustee2 @@ -377,9 +368,8 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t *testing.T) { setup := utils.Setup(t) - rootCertificate := utils.CreateTestRootCert() - // propose add x509 root certificate + rootCertificate := utils.CreateTestRootCert() utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) for _, role := range []dclauthtypes.AccountRole{ @@ -413,9 +403,8 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t *testing.T) { setup := utils.Setup(t) - rootCertificate := utils.CreateTestRootCert() - // propose add x509 root certificate + rootCertificate := utils.CreateTestRootCert() utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) for _, role := range []dclauthtypes.AccountRole{ @@ -467,6 +456,7 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * // reject x509 root certificate by account Trustee2 utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, @@ -488,6 +478,7 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * // reject x509 root certificate by account Trustee3 utils.RejectDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyID) + // Check state indexes indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.RejectedCertificateKeyPrefix}, // certificate is rejected now @@ -517,7 +508,7 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByTrustee(t *testing.T) { // reject x509 root certificate utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyID) - // check state indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ @@ -546,7 +537,7 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) // reject x509 root certificate utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) - // check state indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -582,7 +573,7 @@ func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testin // reject x509 root certificate utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyID) - // check state indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index 6a2bc2783..f1085a9ee 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -20,14 +20,14 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add DA root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + testRootCertificate := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate) // add DA PAI certificate testIntermediateCertificate := utils.CreateTestIntermediateCert() utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -56,14 +56,14 @@ func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // store root certificate - rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + testRootCertificate := utils.CreateTestPAACertWithNumericVid() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate) // add intermediate certificate testIntermediateCertificate := utils.CreateTestIntermediateVidScopedCert() utils.AddDaIntermediateCertificate(setup, accAddress, testIntermediateCertificate.PEM) - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -88,19 +88,18 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( setup := utils.Setup(t) // store root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertOptions) // store intermediate certificate with different serial number - testIntermediateCertificate1 := utils.CreateTestIntermediateCert() - testIntermediateCertificate2 := utils.CreateTestIntermediateCert() - testIntermediateCertificate2.SerialNumber = utils.SerialNumber - intermediateCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) intermediateCertificate.SerialNumber = utils.SerialNumber + testIntermediateCertificate2 := utils.CreateTestIntermediateCert() + testIntermediateCertificate2.SerialNumber = utils.SerialNumber utils.AddMokedDaCertificate(setup, intermediateCertificate, false) // store intermediate certificate second time + testIntermediateCertificate1 := utils.CreateTestIntermediateCert() utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate1.PEM) // query All approved certificate @@ -147,18 +146,16 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( func TestHandler_AddDaCert_ForTree(t *testing.T) { setup := utils.Setup(t) - testRootCertificate := utils.CreateTestRootCert() - testIntermediateCertificate := utils.CreateTestIntermediateCert() - testLeafCertificate := utils.CreateTestLeafCert() - // add root x509 certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + testRootCertificate := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate) // add intermediate x509 certificate + testIntermediateCertificate := utils.CreateTestIntermediateCert() utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) // add leaf x509 certificate + testLeafCertificate := utils.CreateTestLeafCert() utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testLeafCertificate.PEM) // Check indexes for root @@ -268,8 +265,8 @@ func TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) // store root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + testRootCertificate := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate) // Store an intermediate certificate with the first vendor account as the owner intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress1) @@ -277,45 +274,62 @@ func TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { utils.AddMokedDaCertificate(setup, intermediateCertificate, false) // add an intermediate certificate with the same subject and SKID by second vendor account - utils.AddDaIntermediateCertificate(setup, vendorAccAddress2, testconstants.IntermediateCertPem) - - // ensure intermediate certificate exist - // check list of certificates - allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) - require.Equal(t, 2, len(allApprovedCertificates)) // root + intermediate + testIntermediateCertificate := utils.CreateTestIntermediateCert() + utils.AddDaIntermediateCertificate(setup, vendorAccAddress2, testIntermediateCertificate.PEM) - // check approved certificate - certificate, _ := utils.QueryApprovedCertificates(setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID) - require.Equal(t, 2, len(certificate.Certs)) // two intermediates - require.NotEqual(t, certificate.Certs[0].SerialNumber, certificate.Certs[1].SerialNumber) - - // Check indexes by subject key id - approvedCertificatesBySubjectKeyId, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) - require.Equal(t, 1, len(approvedCertificatesBySubjectKeyId)) - require.Equal(t, 2, len(approvedCertificatesBySubjectKeyId[0].Certs)) + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ChildCertificatesKeyPrefix, Count: 1}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } func TestHandler_AddX509Cert_VIDScopedRoot(t *testing.T) { setup := utils.Setup(t) - // store root certificate - rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) + // store root certificate + rootCert := utils.CreateTestPAACertWithNumericVid() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + // add x509 certificate - utils.AddDaIntermediateCertificate(setup, accAddress, testconstants.PAICertWithNumericPidVid) - - // query certificate - certs, _ := utils.QueryAllApprovedCertificates(setup) - require.Equal(t, 2, len(certs)) - intermediateCerts, _ := utils.QueryApprovedCertificates(setup, testconstants.PAICertWithNumericPidVidSubject, testconstants.PAICertWithNumericPidVidSubjectKeyID) - require.Equal(t, 1, len(intermediateCerts.Certs)) - require.Equal(t, testconstants.PAICertWithNumericPidVidSubject, intermediateCerts.Certs[0].Subject) - require.Equal(t, testconstants.PAICertWithNumericPidVidSubjectKeyID, intermediateCerts.Certs[0].SubjectKeyId) + testIntermediateCertificate := utils.CreateTestIntermediateVidScopedCert() + utils.AddDaIntermediateCertificate(setup, accAddress, testIntermediateCertificate.PEM) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { @@ -351,7 +365,7 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { t.Run(tc.name, func(t *testing.T) { setup := utils.Setup(t) // store root certificate - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions) // add vendor account setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.accountVid) @@ -527,8 +541,8 @@ func TestHandler_AddX509Cert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertOptions := utils.CreateRootWithVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCertWithVid() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // add x509 certificate addX509Cert := types.NewMsgAddX509Cert(setup.Trustee1.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) @@ -566,7 +580,7 @@ func TestHandler_AddX509Cert_VIDScopedRoot_NegativeCases(t *testing.T) { t.Run(tc.name, func(t *testing.T) { setup := utils.Setup(t) // store root certificate - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions) // add vendor account setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.accountVid) @@ -609,7 +623,7 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot_NegativeCases(t *testing.T) { t.Run(tc.name, func(t *testing.T) { setup := utils.Setup(t) // store root certificate - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions) // add vendor account setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.accountVid) diff --git a/x/pki/tests/handler_add_revocation_test.go b/x/pki/tests/handler_add_revocation_test.go index a0add09ed..531897b00 100644 --- a/x/pki/tests/handler_add_revocation_test.go +++ b/x/pki/tests/handler_add_revocation_test.go @@ -175,7 +175,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { setup.AddAccount(accAddress, []dclauthtypes.AccountRole{tc.accountRole}, tc.accountVid) if tc.rootCertOptions != nil { - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions) } _, err := setup.Handler(setup.Ctx, tc.addRevocation) @@ -190,8 +190,8 @@ func TestHandler_AddPkiRevocationDistributionPoint_PAAAlreadyExists(t *testing.T accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // propose and approve x509 root certificate - rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestPAACertWithNumericVid() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAACertWithNumericVid(accAddress.String()) @@ -294,7 +294,8 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) { setup := utils.Setup(t) setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.addRevocation.Vid) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions) + tc.addRevocation.SchemaVersion = tc.SchemaVersion _, err := setup.Handler(setup.Ctx, tc.addRevocation) require.NoError(t, err) @@ -318,7 +319,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_DataURLNotUnique(t *testing.T // propose and approve root certificate rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.Vid) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAICertWithVidPid(vendorAcc.String()) _, err := setup.Handler(setup.Ctx, addPkiRevocationDistributionPoint) diff --git a/x/pki/tests/handler_assign_vid_test.go b/x/pki/tests/handler_assign_vid_test.go index 40858c471..b73632f69 100644 --- a/x/pki/tests/handler_assign_vid_test.go +++ b/x/pki/tests/handler_assign_vid_test.go @@ -21,22 +21,13 @@ func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { // propose and approve x509 root certificate rootCertificate := utils.CreateTestRootCert() - rootCertOptions := utils.CreateTestRootCertOptions() - rootCertOptions.Vid = 0 - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertificate.VID = 0 + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) - assignVid := types.MsgAssignVid{ - Signer: vendorAcc.String(), - Subject: rootCertOptions.Subject, - SubjectKeyId: rootCertOptions.SubjectKeyID, - Vid: testconstants.Vid, - } + // assign Vid + utils.AssignCertificateVid(setup, vendorAcc, rootCertificate.Subject, rootCertificate.SubjectKeyID, testconstants.Vid) - _, err := setup.Handler(setup.Ctx, &assignVid) - require.NoError(t, err) - - // DA certificates indexes checks - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -67,43 +58,35 @@ func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - rootCertOptions.Vid = 0 - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - - assignVid := types.MsgAssignVid{ - Signer: vendorAcc.String(), - Subject: rootCertOptions.Subject, - SubjectKeyId: rootCertOptions.SubjectKeyID, - Vid: testconstants.PAACertWithNumericVidVid, - } - - _, err := setup.Handler(setup.Ctx, &assignVid) - require.NoError(t, err) + rootCertificate := utils.CreateTestPAACertWithNumericVid() + rootCertificate.VID = 0 + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) - // DA certificates indexes checks + // assign Vid + utils.AssignCertificateVid(setup, vendorAcc, rootCertificate.Subject, rootCertificate.SubjectKeyID, testconstants.PAACertWithNumericVidVid) - // DaCertificates: Subject and SKID - approvedCertificate, _ := utils.QueryApprovedCertificates(setup, rootCertOptions.Subject, rootCertOptions.SubjectKeyID) - require.Equal(t, testconstants.PAACertWithNumericVidVid, approvedCertificate.Certs[0].Vid) - - // DaCertificates: SKID - certificateBySubjectKeyID, _ := utils.QueryApprovedCertificatesBySubjectKeyID(setup, rootCertOptions.SubjectKeyID) - require.Equal(t, 1, len(certificateBySubjectKeyID)) - require.Equal(t, 1, len(certificateBySubjectKeyID[0].Certs)) - require.Equal(t, testconstants.PAACertWithNumericVidVid, certificateBySubjectKeyID[0].Certs[0].Vid) - - // All certificates indexes checks - - // AllCertificates: Subject and SKID - allCertificate, err := utils.QueryAllCertificates(setup, rootCertOptions.Subject, rootCertOptions.SubjectKeyID) - require.NoError(t, err) - require.Equal(t, testconstants.PAACertWithNumericVidVid, allCertificate.Certs[0].Vid) + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + }, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // AllCertificates: SKID - allCertificateBySkid, err := utils.QueryAllCertificatesBySubjectKeyID(setup, rootCertOptions.SubjectKeyID) - require.NoError(t, err) - require.Equal(t, testconstants.PAACertWithNumericVidVid, allCertificateBySkid[0].Certs[0].Vid) + // Check VID is assigned + require.Equal(t, testconstants.PAACertWithNumericVidVid, resolvedCertificates.ApprovedCertificates.Certs[0].Vid) + require.Equal(t, testconstants.PAACertWithNumericVidVid, resolvedCertificates.ApprovedCertificatesBySubjectKeyID[0].Certs[0].Vid) + require.Equal(t, testconstants.PAACertWithNumericVidVid, resolvedCertificates.AllCertificates.Certs[0].Vid) + require.Equal(t, testconstants.PAACertWithNumericVidVid, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[0].Vid) } // Extra cases @@ -146,8 +129,8 @@ func TestHandler_AssignVid_ForNonRootCertificate(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // Add vendor account vendorAccAddress := utils.GenerateAccAddress() @@ -175,13 +158,13 @@ func TestHandler_AssignVid_CertificateAlreadyHasVid(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestPAACertWithNumericVid() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) assignVid := types.MsgAssignVid{ Signer: vendorAcc.String(), - Subject: rootCertOptions.Subject, - SubjectKeyId: rootCertOptions.SubjectKeyID, + Subject: rootCert.Subject, + SubjectKeyId: rootCert.SubjectKeyID, Vid: testconstants.PAACertWithNumericVidVid, } @@ -195,14 +178,14 @@ func TestHandler_AssignVid_MessageVidAndCertificateVidNotEqual(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - rootCertOptions.Vid = 0 - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestPAACertWithNumericVid() + rootCert.VID = 0 + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) assignVid := types.MsgAssignVid{ Signer: vendorAcc.String(), - Subject: rootCertOptions.Subject, - SubjectKeyId: rootCertOptions.SubjectKeyID, + Subject: rootCert.Subject, + SubjectKeyId: rootCert.SubjectKeyID, Vid: 1, } diff --git a/x/pki/tests/handler_delete_revocation_test.go b/x/pki/tests/handler_delete_revocation_test.go index eaf2f43a2..7650733f6 100644 --- a/x/pki/tests/handler_delete_revocation_test.go +++ b/x/pki/tests/handler_delete_revocation_test.go @@ -107,7 +107,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_NegativeCases(t *testing.T setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.vendorAccVid) if tc.rootCertOptions != nil { - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions) } if tc.addRevocation != nil { @@ -160,7 +160,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_PositiveCases(t *testing.T setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.deleteRevocation.Vid) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions) _, err := setup.Handler(setup.Ctx, tc.addRevocation) require.NoError(t, err) @@ -184,11 +184,11 @@ func TestHandler_DeletePkiRevocationDistributionPoint_Multiple_SameIssuerSubject // add PAA NOVID rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.PAACertWithNumericVidVid) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) // add PAA VID - rootCertOptions = utils.CreatePAACertWithNumericVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestPAACertWithNumericVid() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // add Revocation Point PAA NOVID addRevocationPAANoVid := createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.PAACertWithNumericVidVid) diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index d1b1147bb..85e3f4072 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -10,8 +10,6 @@ import ( dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) // Main @@ -20,16 +18,17 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // add intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // remove intermediate certificate utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyID, "") - // Check indexes + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits @@ -72,11 +71,9 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { leafCertificate := utils.CreateTestNocLeafCert() utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) - // get certificates for further comparison + // check total number of certificates nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) - require.NotNil(t, nocCerts) require.Equal(t, 3, len(nocCerts)) - require.Equal(t, 4, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)+len(nocCerts[2].Certs)) // Check indexes for intermediate certificates before removing indexes := utils.TestIndexes{ @@ -104,7 +101,6 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { Present: []utils.TestIndex{ {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, // leaf cert with same vid exist - }, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -124,7 +120,7 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) - // Check indexes + // Check indexes for leaf certificate indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -152,7 +148,6 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { // Check that only 2 certificates exists nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 2, len(nocCerts)) - require.Equal(t, 2, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) // root + leaf } func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { @@ -404,8 +399,8 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) // check that only root certificates exists allCerts, _ := utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(allCerts)) - require.Equal(t, true, allCerts[0].Certs[0].IsRoot) + // check state indexes for intermediate certificates indexes = utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ @@ -435,55 +430,43 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { rootCertificate := utils.CreateTestNocRoot1Cert() utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) - // add first vendor account with VID = 1 - vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) - // add ICA certificate by fist vendor account - addIcaCert := types.NewMsgAddNocX509IcaCert(vendorAccAddress1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addIcaCert) - require.NoError(t, err) + icaCertificate := utils.CreateTestNocIca1Cert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // add second vendor account with VID = 1 vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) // remove x509 certificate by second vendor account - removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress2.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, + utils.RemoveNocIntermediateCertificate( + setup, + vendorAccAddress2, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, + icaCertificate.SerialNumber, ) - _, err = setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) - - // check that certificate removed from 'noc certificates' list - _, err = utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that certificate removed from 'noc certificates by subject' list - _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that certificate removed from 'noc certificates by SKID' list - nocCerts, err := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 0, len(nocCerts)) - - // query noc certificate by VID - _, err = utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.Equal(t, codes.NotFound, status.Code(err)) - // check that unique certificate key is not registered - require.False(t, setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, - testconstants.NocCert1Issuer, testconstants.NocCert1SerialNumber)) - - // check that intermediate certificate can not be queried by vid+skid - _, err = utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocCert1SubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) + // check state indexes for intermediate certificates + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } // Error cases diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index 990ef7dd7..02e2e906d 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -10,8 +10,6 @@ import ( dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) // Main @@ -69,14 +67,13 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, 2, len(nocCerts)) require.Equal(t, 3, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) - // remove all root nOC certificates but IAC certificate + // remove all root noc root certificates utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate1.Subject, rootCertificate1.SubjectKeyID, "") // check that only IAC certificate exists nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(nocCerts)) require.Equal(t, 1, len(nocCerts[0].Certs)) - require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) // Check indexes for root certificates indexes := utils.TestIndexes{ @@ -132,20 +129,24 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { icaCertificate := utils.CreateTestNocIca1Cert() utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) - // remove NOC root certificate by serial number - utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate1.Subject, rootCertificate1.SubjectKeyID, rootCertificate1.SerialNumber) - - nocCerts, _ := utils.QueryAllNocCertificates(setup) + // get certificates for further comparison + nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) + require.NotNil(t, nocCerts) require.Equal(t, 2, len(nocCerts)) + require.Equal(t, 3, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) - // NocCertificates: Subject and SKID - nocCertificates, err := utils.QueryNocCertificates( + // remove NOC root certificate by serial number + utils.RemoveNocRootCertificate( setup, - rootCertificate2.Subject, - rootCertificate2.SubjectKeyID, - ) - require.NoError(t, err) - require.Equal(t, 1, len(nocCertificates.Certs)) + setup.Vendor1, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyID, + rootCertificate1.SerialNumber) + + // check total + nocCerts, _ = utils.QueryAllNocCertificates(setup) + require.Equal(t, 2, len(nocCerts)) + require.Equal(t, 2, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) // Check indexes for root certificates indexes := utils.TestIndexes{ @@ -166,6 +167,7 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + // same but unique does not exist indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -185,12 +187,17 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) // remove NOC root certificate by serial number and check that IAC cert is not removed - utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate2.Subject, rootCertificate2.SubjectKeyID, rootCertificate2.SerialNumber) + utils.RemoveNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyID, + rootCertificate2.SerialNumber) + // check total nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 1, len(nocCerts)) require.Equal(t, 1, len(nocCerts[0].Certs)) - require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) // Check indexes for root certificates indexes = utils.TestIndexes{ @@ -240,11 +247,11 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) // Add an intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // revoke NOC root certificates utils.RevokeNocRootCertificate( @@ -275,10 +282,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) - revokedCerts, _ := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, 2, len(revokedCerts.Certs)) - - // Check that intermediate certificates does not exist + // Check indexes for intermediate certificate indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -305,10 +309,6 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { "", ) - allCerts, _ := utils.QueryAllNocCertificates(setup) - require.Equal(t, 1, len(allCerts)) - require.Equal(t, testconstants.NocCert1SerialNumber, allCerts[0].Certs[0].SerialNumber) - // Check indexes for root certificates indexes = utils.TestIndexes{ Present: []utils.TestIndex{}, @@ -346,173 +346,245 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } -// Extra cases - -func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) { +func TestHandler_RemoveNocX509RootCert_RevokedWithChildCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // Add an intermediate certificate - addIcaCert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addIcaCert) - require.NoError(t, err) - - // get certificates for further comparison - nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) - require.NotNil(t, nocCerts) - require.Equal(t, 2, len(nocCerts)) + icaCertificate := utils.CreateTestNocIca1Cert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) - // revoke an intermediate certificate + // revoke NOC root certificates utils.RevokeNocRootCertificate( setup, setup.Vendor1, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1SerialNumber, - false, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + "", + true, ) - // Add NOC root certificate with new serial number - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1Copy) + // Check indexes for root certificates + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - certs, _ := utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, 1, len(certs.Certs)) - require.Equal(t, testconstants.NocRootCert1CopySerialNumber, certs.Certs[0].SerialNumber) + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) - // remove NOC root certificate by serial number - removeIcaCert := types.NewMsgRemoveNocX509RootCert( - setup.Vendor1.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1SerialNumber, + // remove NOC root certificates + utils.RemoveNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + "", ) - _, err = setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) - // check that only one root and IAC certificates exists - nocCerts, _ = utils.QueryAllNocCertificates(setup) - require.Equal(t, 2, len(nocCerts)) + // Check indexes for root certificates + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // Check that intermediate certificates still is revoked + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) +} - certs, _ = utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, testconstants.NocRootCert1CopySerialNumber, certs.Certs[0].SerialNumber) - certs, _ = utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(certs.Certs)) +// Extra cases - _, err = utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) +func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) { + setup := utils.Setup(t) - // check that unique certificates does not exists - found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SerialNumber) - require.Equal(t, false, found) - found = setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1Subject, testconstants.NocRootCert1CopySerialNumber) - require.Equal(t, true, found) + // add NOC root certificate + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) - // query noc certificate by VID - nocCertificates, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, len(nocCertificates.Certs), 1) - require.Equal(t, testconstants.NocCert1SerialNumber, nocCertificates.Certs[0].SerialNumber) + // Add an intermediate certificate + icaCertificate := utils.CreateTestNocIca1Cert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + + // revoke an intermediate certificate + utils.RevokeNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber, + false, + ) // Add NOC root certificate with new serial number - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate2 := utils.CreateTestNocRoot2Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) + + // remove NOC root certificate by serial number + utils.RemoveNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber, + ) + + // Check indexes for re-activated root certificates + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) - certs, _ = utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, 2, len(certs.Certs)) + // Check indexes for deleted root certificates + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // remove NOC root certificates - removeIcaCert = types.NewMsgRemoveNocX509RootCert( - setup.Vendor1.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, + utils.RemoveNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyID, "", ) - _, err = setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) - nocCerts, _ = utils.QueryAllNocCertificates(setup) - require.Equal(t, 1, len(nocCerts)) - require.Equal(t, 1, len(nocCerts[0].Certs)) - require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) - - nocCertificates, err = utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, len(nocCertificates.Certs), 1) - require.Equal(t, testconstants.NocCert1SerialNumber, nocCertificates.Certs[0].SerialNumber) - - // check that IAC certificates can be queried by vid+skid - certsByVidSkid, _ := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(certsByVidSkid.Certs)) - require.Equal(t, testconstants.NocCert1SerialNumber, certsByVidSkid.Certs[0].SerialNumber) - - // check that root certs removed - _, err = utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) - require.Equal(t, codes.NotFound, status.Code(err)) - certsBySKID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) - require.Empty(t, certsBySKID) - _, err = utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) - require.Equal(t, codes.NotFound, status.Code(err)) - _, err = utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) - require.Equal(t, codes.NotFound, status.Code(err)) - _, err = utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that unique certificates does not exists - found = setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SerialNumber) - require.Equal(t, false, found) - found = setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1Subject, testconstants.NocRootCert1CopySerialNumber) - require.Equal(t, false, found) + // Check indexes for root certificates (after deletion re-activated) + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) - - // add first vendor account with VID = 1 - vendorAccAddress1 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // add second vendor account with VID = 1 - vendorAccAddress2 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) // remove x509 certificate by second vendor account - removeIcaCert := types.NewMsgRemoveNocX509RootCert( - vendorAccAddress2.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1SerialNumber, + utils.RemoveNocRootCertificate( + setup, + vendorAccAddress2, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber, ) - _, err := setup.Handler(setup.Ctx, removeIcaCert) - require.NoError(t, err) - // check that certificate removed from 'noc certificates' list - _, err = utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that certificate removed from 'noc certificates by subject' list - _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that certificate removed from 'noc certificates by SKID' list - nocCerts, err := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 0, len(nocCerts)) - - // query noc certificate by VID - _, err = utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that unique certificate key is not registered - require.False(t, setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, - testconstants.NocRootCert1Subject, testconstants.NocRootCert1SerialNumber)) + // Check indexes for root certificates + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } // Error cases diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index 21a4dcc1b..641e82f60 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -9,8 +9,6 @@ import ( pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) // Main @@ -19,22 +17,20 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // Add intermediate certificates testIntermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) // Remove intermediate certificate - removeX509Cert := types.NewMsgRemoveX509Cert( - setup.Vendor1.String(), + utils.RemoveDaIntermediateCertificate( + setup, + setup.Vendor1, testIntermediateCertificate.Subject, testIntermediateCertificate.SubjectKeyID, - "", - ) - _, err := setup.Handler(setup.Ctx, removeX509Cert) - require.NoError(t, err) + "") // Check: only one certificate exists - root allCerts, _ := utils.QueryAllApprovedCertificates(setup) @@ -66,25 +62,19 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCertOptions := &utils.RootCertOptions{ - PemCert: testconstants.RootCertWithSameSubjectAndSKID1, - Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - Info: testconstants.Info, - Vid: testconstants.RootCertWithVidVid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCertWithSameSubjectAndSkid1() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // Add two intermediate certificates testIntermediateCertificate1 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID1() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PEM) testIntermediateCertificate2 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID2() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID2) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PEM) // Add a leaf certificate testLeafCertificate := utils.CreateTestLeafCertWithSameSubjectAndSKID() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertWithSameSubjectAndSKID) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PEM) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) @@ -93,14 +83,12 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { require.Equal(t, 4, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) // remove all intermediate certificates but leave leaf certificate - removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), + utils.RemoveDaIntermediateCertificate( + setup, + vendorAccAddress, testIntermediateCertificate1.Subject, testIntermediateCertificate1.SubjectKeyID, - "", - ) - _, err := setup.Handler(setup.Ctx, removeX509Cert) - require.NoError(t, err) + "") // check that only two certificates exists allCerts, _ = utils.QueryAllApprovedCertificates(setup) @@ -154,35 +142,27 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCertOptions := &utils.RootCertOptions{ - PemCert: testconstants.RootCertWithSameSubjectAndSKID1, - Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - Info: testconstants.Info, - Vid: testconstants.RootCertWithVidVid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCertWithSameSubjectAndSkid1() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // Add intermediate certificates testIntermediateCertificate1 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID1() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID1) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PEM) testIntermediateCertificate2 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID2() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateWithSameSubjectAndSKID2) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PEM) // Add a leaf certificate testLeafCertificate := utils.CreateTestLeafCertWithSameSubjectAndSKID() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.LeafCertWithSameSubjectAndSKID) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PEM) // remove intermediate certificate by serial number - removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), + utils.RemoveDaIntermediateCertificate( + setup, + vendorAccAddress, testIntermediateCertificate1.Subject, testIntermediateCertificate1.SubjectKeyID, - testIntermediateCertificate1.SerialNumber, - ) - _, err := setup.Handler(setup.Ctx, removeX509Cert) - require.NoError(t, err) + testIntermediateCertificate1.SerialNumber) // check that only root, intermediate(with serial number 3) and leaf certificates exists allCerts, _ := utils.QueryAllApprovedCertificates(setup) @@ -237,14 +217,12 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) // remove intermediate certificate by serial number and check that leaf cert is not removed - removeX509Cert = types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), + utils.RemoveDaIntermediateCertificate( + setup, + vendorAccAddress, testIntermediateCertificate2.Subject, testIntermediateCertificate2.SubjectKeyID, - testIntermediateCertificate2.SerialNumber, - ) - _, err = setup.Handler(setup.Ctx, removeX509Cert) - require.NoError(t, err) + testIntermediateCertificate2.SerialNumber) allCerts, _ = utils.QueryAllApprovedCertificates(setup) require.Equal(t, 2, len(allCerts)) @@ -288,34 +266,22 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate - rootCertOptions := &utils.RootCertOptions{ - PemCert: testconstants.RootCertPem, - Subject: testconstants.RootSubject, - SubjectKeyID: testconstants.RootSubjectKeyID, - Info: testconstants.Info, - Vid: testconstants.RootCertWithVidVid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // Add two intermediate certificates again testIntermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) // revoke intermediate certificate by serial number - revokeX509Cert := types.NewMsgRevokeX509Cert( - vendorAccAddress.String(), + utils.RevokeDaIntermediateCertificate( + setup, + setup.Vendor1, testIntermediateCertificate.Subject, testIntermediateCertificate.SubjectKeyID, testIntermediateCertificate.SerialNumber, - false, - testconstants.Info, - ) - _, err := setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) + false) indexes := utils.TestIndexes{ Present: []utils.TestIndex{ @@ -336,14 +302,12 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) // remove intermediate certificate by serial number - removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, - ) - _, err = setup.Handler(setup.Ctx, removeX509Cert) - require.NoError(t, err) + utils.RemoveDaIntermediateCertificate( + setup, + setup.Vendor1, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyID, + testIntermediateCertificate.SerialNumber) indexes = utils.TestIndexes{ Present: []utils.TestIndex{}, @@ -367,124 +331,139 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate - rootCertOptions := &utils.RootCertOptions{ - PemCert: testconstants.RootCertWithSameSubjectAndSKID1, - Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - Info: testconstants.Info, - Vid: testconstants.RootCertWithVidVid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + // propose and approve x509 root certificate + rootCert := utils.CreateTestRootCertWithSameSubjectAndSkid1() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + // Add an intermediate certificate - addIntermediateX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateWithSameSubjectAndSKID1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addIntermediateX509Cert) - require.NoError(t, err) + testIntermediateCertificate := utils.CreateTestIntermediateCertWithSameSubjectAndSKID1() + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate.PEM) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) - require.NotNil(t, allCerts) require.Equal(t, 2, len(allCerts)) - require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) // revoke an intermediate certificate - revokeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, - ) - _, err = setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) + utils.RevokeDaIntermediateCertificate( + setup, + vendorAccAddress, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyID, + testIntermediateCertificate.SerialNumber, + false) // Add an intermediate certificate with new serial number - addIntermediateX509Cert = types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateWithSameSubjectAndSKID2, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addIntermediateX509Cert) - require.NoError(t, err) + testIntermediateCertificate2 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID2() + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PEM) - intermediateCerts, _ := utils.QueryApprovedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) - require.Equal(t, 1, len(intermediateCerts.Certs)) - require.Equal(t, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, intermediateCerts.Certs[0].Subject) - require.Equal(t, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, intermediateCerts.Certs[0].SubjectKeyId) - require.Equal(t, testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, intermediateCerts.Certs[0].SerialNumber) + // check that intermediate certificate 2 exists + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + + // check that intermediate certificate 1 exists but revoked + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) // remove an intermediate certificate - removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress.String(), - testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, - ) - _, err = setup.Handler(setup.Ctx, removeX509Cert) - require.NoError(t, err) + utils.RemoveDaIntermediateCertificate( + setup, + vendorAccAddress, + testIntermediateCertificate2.Subject, + testIntermediateCertificate2.SubjectKeyID, + "") - // check that only root and leaf certificates exists - allCerts, _ = utils.QueryAllApprovedCertificates(setup) - require.Equal(t, 1, len(allCerts)) - require.Equal(t, true, allCerts[0].Certs[0].IsRoot) - _, err = utils.QueryApprovedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - _, err = utils.QueryRevokedCertificates(setup, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that unique certificates does not exists - found := setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber) - require.Equal(t, false, found) - found = setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootCertWithSameSubjectAndSKIDSubject, testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber) - require.Equal(t, false, found) + // check indexes after removing re-activated certificate + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - - // add first vendor account with VID = 1 - vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // add x509 certificate by fist vendor account - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + testIntermediateCertificate := utils.CreateTestIntermediateCert() + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) // add second vendor account with VID = 1 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) // remove x509 certificate by second vendor account - removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress2.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, - ) - _, err = setup.Handler(setup.Ctx, removeX509Cert) - require.NoError(t, err) - - // check that certificate removed from 'approved certificates' list - _, err = utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that certificate removed from 'approved certificates by subject' list - _, err = utils.QueryApprovedCertificatesBySubject(setup, testconstants.IntermediateSubject) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that certificate removed from 'approved certificates by SKID' list - approvedCerts, err := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) - require.NoError(t, err) - require.Equal(t, 0, len(approvedCerts)) + utils.RemoveDaIntermediateCertificate( + setup, + vendorAccAddress2, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyID, + testIntermediateCertificate.SerialNumber) - // check that unique certificate key is not registered - require.False(t, setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, - testconstants.IntermediateIssuer, testconstants.IntermediateSerialNumber)) + // check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } // Error cases @@ -557,8 +536,8 @@ func TestHandler_RemoveX509Cert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertOptions := utils.CreateRootWithVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCertWithVid() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) @@ -578,8 +557,8 @@ func TestHandler_RemoveX509Cert_SenderNotVendor(t *testing.T) { func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) removeX509Cert := types.NewMsgRemoveX509Cert( setup.Vendor1.String(), @@ -594,8 +573,8 @@ func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { func TestHandler_RemoveX509Cert_InvalidSerialNumber(t *testing.T) { setup := utils.Setup(t) - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index 0ab5f209b..5fc287304 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -5,13 +5,10 @@ import ( sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" "github.com/stretchr/testify/require" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) @@ -21,23 +18,21 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // add the NOC non-root certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // Revoke NOC with subject and subject key id only - revokeCert := types.NewMsgRevokeNocX509IcaCert( - setup.Vendor1.String(), + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyID, "", - testconstants.Info, - false, - ) - _, err := setup.Handler(setup.Ctx, revokeCert) - require.NoError(t, err) + false) // Check indexes indexes := utils.TestIndexes{ @@ -82,23 +77,13 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocLeafCert1) // Revoke NOC with subject and subject key id only - revokeCert := types.NewMsgRevokeNocX509IcaCert( - setup.Vendor1.String(), + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, icaCertificate1.Subject, icaCertificate1.SubjectKeyID, "", - testconstants.Info, - false, - ) - _, err := setup.Handler(setup.Ctx, revokeCert) - require.NoError(t, err) - - // Check that revoked certificates exist - revokedNocCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 2, len(revokedNocCerts.Certs)) - require.Equal(t, testconstants.NocCert1Subject, revokedNocCerts.Subject) - require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) + false) // Check indexes indexes := utils.TestIndexes{ @@ -158,32 +143,27 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { // add the first NOC non-root certificate icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PEM) // add the second NOC non-root certificate icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) // add the NOC leaf certificate leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) // Revoke noc with subject and subject key id and its child too - revokeCert := types.NewMsgRevokeNocX509IcaCert( - setup.Vendor1.String(), + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, icaCertificate1.Subject, icaCertificate1.SubjectKeyID, "", - testconstants.Info, - true, - ) - _, err := setup.Handler(setup.Ctx, revokeCert) - require.NoError(t, err) + true) - allRevokedCerts, err := utils.QueryAllNocRevokedIcaCertificates(setup) - require.NoError(t, err) + allRevokedCerts, _ := utils.QueryAllNocRevokedIcaCertificates(setup) require.Equal(t, 2, len(allRevokedCerts)) - require.Equal(t, 3, len(allRevokedCerts[0].Certs)+len(allRevokedCerts[1].Certs)) // Check indexes indexes := utils.TestIndexes{ @@ -239,181 +219,142 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add the first NOC non-root certificate - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) + icaCertificate1 := utils.CreateTestNocIca1Cert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PEM) // add the second NOC non-root certificate - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1Copy) + icaCertificate2 := utils.CreateTestNocIca1CertCopy() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) // add the NOC leaf certificate - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocLeafCert1) + leafCertificate := utils.CreateTestNocLeafCert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) // Revoke NOC by serial number only - revokeCert := types.NewMsgRevokeNocX509IcaCert( - setup.Vendor1.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, - testconstants.Info, - false, - ) - _, err := setup.Handler(setup.Ctx, revokeCert) - require.NoError(t, err) - - revokedNocCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(revokedNocCerts.Certs)) - require.Equal(t, testconstants.NocCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) - - // Child certificate should not be revoked - _, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // query NOC certificate by Subject - certsBySubject, err := utils.QueryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) - require.NoError(t, err) - require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) - - // query NOC certificate by Subject Key ID - aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(aprCertsBySubjectKeyID)) - require.Equal(t, 1, len(aprCertsBySubjectKeyID[0].Certs)) - require.Equal(t, testconstants.NocCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyID, + icaCertificate1.SerialNumber, + false) - // query noc certificate by VID - nocCerts, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, 2, len(nocCerts.Certs)) - require.NotEqual(t, testconstants.NocCert1SerialNumber, nocCerts.Certs[0].SerialNumber) - require.NotEqual(t, testconstants.NocCert1SerialNumber, nocCerts.Certs[1].SerialNumber) + // Check indexes for intermediate after revocation + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // intermediate + leaf + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) - // query all certs - certs, err := utils.QueryAllNocCertificates(setup) - require.NoError(t, err) - require.Equal(t, 3, len(certs)) - require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[0].Certs[0].SerialNumber) - require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[1].Certs[0].SerialNumber) - require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[2].Certs[0].SerialNumber) - - // query noc certificate, cert with different serial number should not be removed - noccCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocCert1CopySubject, testconstants.NocCert1CopySubjectKeyID) - require.Equal(t, 1, len(noccCerts.Certs)) - require.Equal(t, testconstants.NocCert1CopySerialNumber, noccCerts.Certs[0].SerialNumber) - - // query child certificate, they should not be removed - childCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) - require.Equal(t, 1, len(childCerts.Certs)) - require.Equal(t, testconstants.NocLeafCert1SubjectKeyID, childCerts.SubjectKeyId) - - // check that leaf certificate can be queried by vid+skid - certsByVidSkid, _ := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocLeafCert1SubjectKeyID) - require.Equal(t, 1, len(certsByVidSkid.Certs)) - require.Equal(t, testconstants.NocLeafCert1SerialNumber, certsByVidSkid.Certs[0].SerialNumber) - - // check that unique certificate key is removed - require.False(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1SerialNumber)) + // Check indexes for leaf + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // inter + leaf + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.SchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add the first NOC non-root certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.SchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509Cert) - require.NoError(t, err) + icaCertificate1 := utils.CreateTestNocIca1Cert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PEM) // add the second NOC non-root certificate - addNocX509Cert = types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1Copy, testconstants.SchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509Cert) - require.NoError(t, err) + icaCertificate2 := utils.CreateTestNocIca1CertCopy() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) // add the NOC leaf certificate - addNocX509Cert = types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocLeafCert1, testconstants.SchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509Cert) - require.NoError(t, err) + leafCertificate := utils.CreateTestNocLeafCert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) // Revoke NOC with subject and subject key id and its child too - revokeCert := types.NewMsgRevokeNocX509IcaCert( - setup.Vendor1.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, - testconstants.Info, - true, - ) - _, err = setup.Handler(setup.Ctx, revokeCert) - require.NoError(t, err) - - allRevokedCerts, err := utils.QueryAllNocRevokedIcaCertificates(setup) - require.NoError(t, err) - require.Equal(t, 2, len(allRevokedCerts)) - require.Equal(t, 2, len(allRevokedCerts[0].Certs)+len(allRevokedCerts[1].Certs)) - - revokedNocCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(revokedNocCerts.Certs)) - require.Equal(t, testconstants.NocCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) - - // Child certificate should be revoked - revokedNocCerts, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(revokedNocCerts.Certs)) - require.Equal(t, testconstants.NocLeafCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) - - // query child of revoked certificate, they should be revoked - _, err = utils.QueryNocCertificates(setup, testconstants.NocLeafCert1Subject, testconstants.NocLeafCert1SubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // query all certs - certs, err := utils.QueryAllNocCertificates(setup) - require.NoError(t, err) - require.Equal(t, 2, len(certs)) - require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[0].Certs[0].SerialNumber) - require.NotEqual(t, testconstants.NocCert1SerialNumber, certs[1].Certs[0].SerialNumber) - - // query noc certificates - aprCerts, err := utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1CopySubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(aprCerts.Certs)) - require.Equal(t, testconstants.NocCert1CopySerialNumber, aprCerts.Certs[0].SerialNumber) - - // query noc certificate by Subject - certsBySubject, err := utils.QueryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) - require.NoError(t, err) - require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) - - _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocLeafCert1Subject) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // query noc certificate by Subject Key ID - aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(aprCertsBySubjectKeyID)) - require.Equal(t, testconstants.NocCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) - - aprCertsBySubjectKeyID, _ = utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocLeafCert1SubjectKeyID) - require.Equal(t, 0, len(aprCertsBySubjectKeyID)) - - // query noc certificate by VID - nocCerts, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, 1, len(nocCerts.Certs)) - require.Equal(t, testconstants.NocCert1CopySerialNumber, nocCerts.Certs[0].SerialNumber) + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyID, + icaCertificate1.SerialNumber, + true) - // check that leaf certificate can be queried by vid+skid - certsByVidSkid, _ := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(certsByVidSkid.Certs)) - require.Equal(t, testconstants.NocCert1CopySerialNumber, certsByVidSkid.Certs[0].SerialNumber) + // Check indexes certificates + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) - // check that unique certificate key is removed - require.False(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1SerialNumber)) + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, // inter exists + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } // Extra cases diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index dfc477177..95dabc267 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -5,13 +5,10 @@ import ( sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" "github.com/stretchr/testify/require" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) @@ -22,24 +19,17 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { // add the first NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - addNocX509RootCert := types.NewMsgAddNocX509RootCert( - setup.Vendor1.String(), - testconstants.NocRootCert1, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // Revoke NOC root with subject and subject key id only - revokeCert := types.NewMsgRevokeNocX509RootCert( - setup.Vendor1.String(), + utils.RevokeNocRootCertificate( + setup, + setup.Vendor1, rootCertificate.Subject, rootCertificate.SubjectKeyID, "", - testconstants.Info, false, ) - _, err = setup.Handler(setup.Ctx, revokeCert) - require.NoError(t, err) // Check indexes indexes := utils.TestIndexes{ @@ -65,386 +55,288 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } -func TestHandler_RevokeNocX509RootCert_RevokeDefault(t *testing.T) { +func TestHandler_RevokeNocX509RootCert_TwoCerts(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // add the second NOC root certificate - addNocX509RootCert = types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) - - // add the third NOC root certificate - addNocX509RootCert = types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert2, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + rootCertificate2 := utils.CreateTestNocRoot2Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) // add the first NOC non-root certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509Cert) - require.NoError(t, err) - - // add the second NOC non-root certificate - addNocX509Cert = types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert2, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509Cert) - require.NoError(t, err) + icaCertificate := utils.CreateTestNocIca1Cert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // Revoke NOC root with subject and subject key id only - revokeCert := types.NewMsgRevokeNocX509RootCert( - setup.Vendor1.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, + utils.RevokeNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, "", - testconstants.Info, false, ) - _, err = setup.Handler(setup.Ctx, revokeCert) - require.NoError(t, err) - - // query all certs - certs, err := utils.QueryAllNocCertificates(setup) - require.NoError(t, err) - require.Equal(t, 3, len(certs)) - require.NotEqual(t, testconstants.NocRootCert1SubjectKeyID, certs[0].SubjectKeyId) - require.NotEqual(t, testconstants.NocRootCert1SubjectKeyID, certs[1].SubjectKeyId) - require.NotEqual(t, testconstants.NocRootCert1SubjectKeyID, certs[2].SubjectKeyId) - - revokedNocCerts, err := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 2, len(revokedNocCerts.Certs)) - require.Equal(t, testconstants.NocRootCert1Subject, revokedNocCerts.Subject) - require.Equal(t, testconstants.NocRootCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) - - // query that noc root certificate is not added to x509 revoked root certs - revokedRootCerts, _ := utils.QueryRevokedRootCertificates(setup) - require.Equal(t, 0, len(revokedRootCerts.Certs)) - - // query noc root certificate by Subject - _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // query noc root certificate by Subject Key ID - aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, 0, len(aprCertsBySubjectKeyID)) - - // query noc root certificate by VID - nocRootCerts, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, 1, len(nocRootCerts.Certs)) - require.Equal(t, testconstants.NocRootCert2SubjectKeyID, nocRootCerts.Certs[0].SubjectKeyId) - - // query noc certificate by VID and SKID - _, err = utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - nocCertificatesByVidAndSkid, err := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert2SubjectKeyID) - require.NoError(t, err) - require.Equal(t, testconstants.NocRootCert2SubjectKeyID, nocCertificatesByVidAndSkid.SubjectKeyId) - require.Equal(t, 1, len(nocRootCerts.Certs)) - require.Equal(t, float32(1), nocCertificatesByVidAndSkid.Tq) - // Child certificate should not be revoked - _, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // query child of revoked certificate, they should not be revoked - childCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(childCerts.Certs)) - require.Equal(t, testconstants.NocCert1SubjectKeyID, childCerts.SubjectKeyId) + // Check indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 2}, + {Key: types.NocIcaCertificatesKeyPrefix}, // inter exists + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // check that child cert is not removed - nocCerts, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, 2, len(nocCerts.Certs)) - require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCerts.Certs[0].SubjectKeyId) - - // check that unique certificate key is removed - require.False(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1SerialNumber)) - require.False(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1CopySerialNumber)) + // Check indexes + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // add the second NOC root certificate - addNocX509RootCert = types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + rootCertificate2 := utils.CreateTestNocRoot2Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) // add the first NOC non-root certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509Cert) - require.NoError(t, err) + icaCertificate := utils.CreateTestNocIca1Cert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) - // Revoke NOC root with subject and subject key id and its child too - revokeCert := types.NewMsgRevokeNocX509RootCert( - setup.Vendor1.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, + // Revoke NOC root with subject and subject key id only + utils.RevokeNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, "", - testconstants.Info, true, ) - _, err = setup.Handler(setup.Ctx, revokeCert) - require.NoError(t, err) - - // query all certs - certs, err := utils.QueryAllNocCertificates(setup) - require.NoError(t, err) - require.Equal(t, 0, len(certs)) - - revokedNocCerts, err := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 2, len(revokedNocCerts.Certs)) - require.Equal(t, testconstants.NocRootCert1Subject, revokedNocCerts.Subject) - require.Equal(t, testconstants.NocRootCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) - - // query that noc root certificate is not added to x509 revoked root certs - revokedRootCerts, _ := utils.QueryRevokedRootCertificates(setup) - require.Equal(t, 0, len(revokedRootCerts.Certs)) - - // query noc root certificate by Subject - _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // query child noc certificate by Subject - _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // query noc root certificate by VID - _, err = utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // query noc certificate by VID and SKID - _, err = utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - // query noc root certificate by Subject Key ID - aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, 0, len(aprCertsBySubjectKeyID)) - - // Child certificate should be revoked as well - revokedChildCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(revokedChildCerts.Certs)) - require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedChildCerts.SubjectKeyId) - - // query child noc certificate by Subject Key ID - aprCertsBySubjectKeyID, _ = utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 0, len(aprCertsBySubjectKeyID)) - - _, err = utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that child noc cert also removed - _, err = utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that unique certificate key is removed - require.False(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1SerialNumber)) - require.False(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1CopySerialNumber)) + // Check indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 2}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // check that unique child certificate key is removed - require.False(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1SerialNumber)) + // Check indexes + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // add the second NOC root certificate - addNocX509RootCert = types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + rootCertificate2 := utils.CreateTestNocRoot2Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) // add the first NOC non-root certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509Cert) - require.NoError(t, err) + icaCertificate := utils.CreateTestNocIca1Cert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // Revoke NOC root with subject and subject key id by serial number - revokeCert := types.NewMsgRevokeNocX509RootCert( - setup.Vendor1.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1SerialNumber, - testconstants.Info, + utils.RevokeNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber, false, ) - _, err = setup.Handler(setup.Ctx, revokeCert) - require.NoError(t, err) - - // Check that cert is added to revoked lists - revokedNocCerts, err := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(revokedNocCerts.Certs)) - require.Equal(t, testconstants.NocRootCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) - // query that noc root certificate is not added to x509 revoked root certs - revokedRootCerts, _ := utils.QueryRevokedRootCertificates(setup) - require.Equal(t, 0, len(revokedRootCerts.Certs)) - - // Check that cert is removed from noc lists - rootCerts, err := utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(rootCerts.Certs)) - require.Equal(t, testconstants.NocRootCert1CopySerialNumber, rootCerts.Certs[0].SerialNumber) - - // Check that root with different serial number still exits - certsBySubject, err := utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) - require.NoError(t, err) - require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) - require.Equal(t, testconstants.NocRootCert1Subject, certsBySubject.Subject) - - aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, 1, len(aprCertsBySubjectKeyID)) - require.Equal(t, testconstants.NocRootCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) - - // query noc root certificate by VID should return only one root cert - revNocRoot, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, 1, len(revNocRoot.Certs)) - require.Equal(t, testconstants.NocRootCert1CopySerialNumber, revNocRoot.Certs[0].SerialNumber) - - // query noc certificate by VID and SKID - nocCertificatesByVidAndSkid, err := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocRootCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, testconstants.NocRootCert1SubjectKeyID, nocCertificatesByVidAndSkid.SubjectKeyId) - require.Equal(t, 1, len(revNocRoot.Certs)) - require.Equal(t, float32(1), nocCertificatesByVidAndSkid.Tq) - require.Equal(t, testconstants.NocRootCert1CopySerialNumber, nocCertificatesByVidAndSkid.Certs[0].SerialNumber) - - // Child certificate should not be revoked - _, err = utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - // query child of revoked certificate, they should not be revoked - childCerts, _ := utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, 1, len(childCerts.Certs)) - require.Equal(t, testconstants.NocCert1SubjectKeyID, childCerts.SubjectKeyId) - - // check that child cert is not removed - nocCerts, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, 1, len(nocCerts.Certs)) - require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCerts.Certs[0].SubjectKeyId) + // Check indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 1}, + {Key: types.NocIcaCertificatesKeyPrefix}, // inter exists + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) - // check that unique certificate key is removed - require.False(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1SerialNumber)) + // Check indexes + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) // add the second NOC root certificate - addNocX509RootCert = types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1Copy, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + rootCertificate2 := utils.CreateTestNocRoot2Cert() + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) // add the first NOC non-root certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, addNocX509Cert) - require.NoError(t, err) + icaCertificate := utils.CreateTestNocIca1Cert() + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) // Revoke NOC root with subject and subject key id by serial number - revokeCert := types.NewMsgRevokeNocX509RootCert( - setup.Vendor1.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1SerialNumber, - testconstants.Info, + utils.RevokeNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber, true, ) - _, err = setup.Handler(setup.Ctx, revokeCert) - require.NoError(t, err) - // Check that cert is added to revoked lists - revokedNocCerts, err := utils.QueryNocRevokedRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(revokedNocCerts.Certs)) - require.Equal(t, testconstants.NocRootCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) - - // query that noc root certificate is not added to x509 revoked root certs - revokedRootCerts, _ := utils.QueryRevokedRootCertificates(setup) - require.Equal(t, 0, len(revokedRootCerts.Certs)) - - // Check that root with different serial number still exits - rootCerts, err := utils.QueryNocCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(rootCerts.Certs)) - require.Equal(t, testconstants.NocRootCert1CopySerialNumber, rootCerts.Certs[0].SerialNumber) - - certsBySubject, err := utils.QueryNocCertificatesBySubject(setup, testconstants.NocRootCert1Subject) - require.NoError(t, err) - require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) - require.Equal(t, testconstants.NocRootCert1Subject, certsBySubject.Subject) - - aprCertsBySubjectKeyID, _ := utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) - require.Equal(t, 1, len(aprCertsBySubjectKeyID)) - require.Equal(t, testconstants.NocRootCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) - - // query noc root certificate by VID should return only one root cert - revNocRoot, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, 1, len(revNocRoot.Certs)) - require.Equal(t, testconstants.NocRootCert1CopySerialNumber, revNocRoot.Certs[0].SerialNumber) - - // Child certificate should be revoked as well - revokedCerts, err := utils.QueryNocRevokedIcaCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.NoError(t, err) - require.Equal(t, 1, len(revokedCerts.Certs)) - require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedCerts.SubjectKeyId) - - // query child of revoked certificate, they should be removed as well - _, err = utils.QueryNocCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - - _, err = utils.QueryNocCertificatesBySubject(setup, testconstants.NocCert1Subject) - require.Equal(t, codes.NotFound, status.Code(err)) - - aprCertsBySubjectKeyID, _ = utils.QueryNocCertificatesBySubjectKeyID(setup, testconstants.NocCert1Subject) - require.Equal(t, 0, len(aprCertsBySubjectKeyID)) - - _, err = utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.Equal(t, codes.NotFound, status.Code(err)) + // Check indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 1}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) - // check that unique certificate key is removed - require.False(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1SerialNumber)) - require.False(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1SerialNumber)) + // Check indexes + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } // Extra cases diff --git a/x/pki/tests/handler_revoke_paa_cert_test.go b/x/pki/tests/handler_revoke_paa_cert_test.go index 62546ad4f..46ef90c11 100644 --- a/x/pki/tests/handler_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_revoke_paa_cert_test.go @@ -2,10 +2,8 @@ package tests import ( "math" - "math/rand" "testing" - sdk "github.com/cosmos/cosmos-sdk/types" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" "github.com/stretchr/testify/require" testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" @@ -13,8 +11,6 @@ import ( dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) // Main @@ -26,19 +22,16 @@ func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { // propose x509 root certificate by `setup.Trustee` and approve by another trustee rootCertificate := utils.CreateTestRootCert() - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) // propose revocation of x509 root certificate by `setup.Trustee` - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyID, rootCertificate.SerialNumber, - false, - testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) + false) // Check: Certificate is proposed to revoke indexes := utils.TestIndexes{ @@ -70,22 +63,19 @@ func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { // propose x509 root certificate by `setup.Trustee` and approve by another trustee rootCertificate := utils.CreateTestRootCert() - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) // add another trustee anotherTrustee := setup.CreateTrusteeAccount(1) // propose revocation of x509 root certificate by new trustee - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - anotherTrustee.String(), + utils.ProposeRevokeDaRootCertificate( + setup, + anotherTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyID, rootCertificate.SerialNumber, - false, - testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) + false) // Check: Certificate is proposed to revoke indexes := utils.TestIndexes{ @@ -119,8 +109,7 @@ func TestHandler_RevokeDaRootCert(t *testing.T) { // propose x509 root certificate by `setup.Trustee` and approve by another trustee rootCertificate := utils.CreateTestRootCert() - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) // revoke certificate proposeAndApproveCertificateRevocation( @@ -158,24 +147,10 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist // add root certificates rootCertificate1 := utils.CreateTestRootCertWithSameSubject() - rootCert1Options := &utils.RootCertOptions{ - PemCert: testconstants.PAACertWithSameSubjectID1, - Subject: testconstants.PAACertWithSameSubjectID1Subject, - SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, - Info: testconstants.Info, - Vid: testconstants.Vid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert1Options) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate1) rootCertificate2 := utils.CreateTestRootCertWithSameSubject2() - rootCert2Options := &utils.RootCertOptions{ - PemCert: testconstants.PAACertWithSameSubjectID2, - Subject: testconstants.PAACertWithSameSubjectID2Subject, - SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, - Info: testconstants.Info, - Vid: testconstants.Vid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert2Options) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate2) // revoke Certificate1 certificate proposeAndApproveCertificateRevocation( @@ -231,24 +206,10 @@ func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndS setup := utils.Setup(t) rootCertificate1 := utils.CreateTestRootCertWithSameSubjectAndSkid1() - rootCert1Opt := &utils.RootCertOptions{ - PemCert: testconstants.RootCertWithSameSubjectAndSKID1, - Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - Info: testconstants.Info, - Vid: testconstants.Vid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert1Opt) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate1) rootCertificate2 := utils.CreateTestRootCertWithSameSubjectAndSkid2() - rootCert2Opt := &utils.RootCertOptions{ - PemCert: testconstants.RootCertWithSameSubjectAndSKID2, - Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - Info: testconstants.Info, - Vid: testconstants.Vid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert2Opt) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate2) // revoke Certificate1 certificate proposeAndApproveCertificateRevocation( @@ -315,8 +276,7 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { // add root x509 certificate rootCertificate := utils.CreateTestRootCert() - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) // root exists indexes := utils.TestIndexes{ @@ -340,56 +300,42 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // Create an array of trustee account from 1 to 50 - trusteeAccounts := make([]sdk.AccAddress, 50) - for i := 0; i < 50; i++ { - trusteeAccounts[i] = utils.GenerateAccAddress() - } - - totalAdditionalTrustees := rand.Intn(50) - for i := 0; i < totalAdditionalTrustees; i++ { - setup.AddAccount(trusteeAccounts[i], []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) - } + trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() // We have 3 Trustees in test setup. twoThirds := int(math.Ceil(types.RootCertificateApprovalsPercent * float64(3+totalAdditionalTrustees))) // Trustee1 proposes to revoke the certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - false, - testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber, + false) // Until we hit 2/3 of the total number of Trustees, we should not be able to revoke the certificate // We start the counter from 2 as the proposer is a trustee as well for i := 1; i < twoThirds-1; i++ { // approve the revocation - approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - trusteeAccounts[i].String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.NoError(t, err) + utils.ApproveRevokeDaRootCertificate( + setup, + trusteeAccounts[i], + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber) // check that the certificate is still not revoked utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } // One more revoke will revoke the certificate - approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.NoError(t, err) + utils.ApproveRevokeDaRootCertificate( + setup, + setup.Trustee2, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber) indexes = utils.TestIndexes{ Present: []utils.TestIndex{ @@ -433,37 +379,32 @@ func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { // add root x509 certificate rootCertificate := utils.CreateTestRootCert() - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) // add intermediate x509 certificate intermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PEM) // add leaf x509 certificate leafCertificate := utils.CreateTestLeafCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.LeafCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) // propose revocation of x509 root certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, "", - true, - testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) + true) // approve - approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - "", - testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.NoError(t, err) + utils.ApproveRevokeDaRootCertificate( + setup, + setup.Trustee2, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + "") indexes := utils.TestIndexes{ Present: []utils.TestIndex{ @@ -494,95 +435,46 @@ func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertificate := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) // Add 1 more trustee (this will bring the total trustee's to 4) setup.CreateTrusteeAccount(1) // propose revocation of x509 root certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, false, testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) - - // approve - approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.NoError(t, err) - - // query and check proposed certificate revocation - proposedRevocation, _ := utils.QueryProposedCertificateRevocation( + utils.ProposeRevokeDaRootCertificate( setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - ) - require.Equal(t, testconstants.RootSubject, proposedRevocation.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedRevocation.SubjectKeyId) - require.True(t, proposedRevocation.HasRevocationFrom(setup.Trustee1.String())) - require.True(t, proposedRevocation.HasRevocationFrom(setup.Trustee2.String())) - - // check that approved certificate still exists - certificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NotNil(t, certificate) - - // check that revoked certificate does not exist - _, err = utils.QueryRevokedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that unique certificate key stays registered - require.True(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) -} - -func TestHandler_ApproveRevokeX509RootCert_ForEnoughApprovals(t *testing.T) { - setup := utils.Setup(t) - - // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - - // propose revocation of x509 root certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, false, testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) - - // get certificate for further comparison - certificateBeforeRevocation, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NotNil(t, certificateBeforeRevocation) + setup.Trustee1, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber, + false) // approve - approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.NoError(t, err) - - // check that proposed certificate revocation does not exist anymore - _, err = utils.QueryProposedCertificateRevocation( + utils.ApproveRevokeDaRootCertificate( setup, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - ) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that approved certificate does not exist anymore - _, err = utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // query and check revoked certificate - revokedCertificates, _ := utils.QueryRevokedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, certificateBeforeRevocation.Certs, revokedCertificates.Certs) + setup.Trustee2, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + rootCertificate.SerialNumber) - // check that unique certificate key stays registered - require.True(t, - setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } // Error cases @@ -591,8 +483,8 @@ func TestHandler_ProposeRevokeX509RootCert_ByNotTrustee(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Vendor, @@ -630,8 +522,8 @@ func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExist(t *testing.T) func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExistBySerialNumber(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // revoke x509 certificate revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( @@ -681,8 +573,8 @@ func TestHandler_ProposeRevokeX509RootCert_ProposedRevocationAlreadyExists(t *te setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -734,8 +626,8 @@ func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -773,8 +665,8 @@ func TestHandler_ApproveRevokeX509RootCert_ProposedRevocationDoesNotExist(t *tes setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // approve revocation of x509 root certificate approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( @@ -792,8 +684,8 @@ func TestHandler_ApproveRevokeX509RootCert_Twice(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index 2916b81f6..972fe142b 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -10,8 +10,6 @@ import ( dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) // Main @@ -19,35 +17,22 @@ import ( func TestHandler_RevokeDaIntermediateCert(t *testing.T) { setup := utils.Setup(t) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate rootCertificate := utils.CreateTestRootCert() - rootCertOptions := &utils.RootCertOptions{ - PemCert: testconstants.RootCertPem, - Subject: testconstants.RootSubject, - SubjectKeyID: testconstants.RootSubjectKeyID, - Info: testconstants.Info, - Vid: testconstants.RootCertWithVidVid, - } - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) // Add intermediate certificate intermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PEM) // revoke intermediate certificate - revokeX509Cert := types.NewMsgRevokeX509Cert( - vendorAccAddress.String(), + utils.RevokeDaIntermediateCertificate( + setup, + setup.Vendor1, intermediateCertificate.Subject, intermediateCertificate.SubjectKeyID, "", - false, - testconstants.Info, - ) - _, err := setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) + false) // Check: Certificate is revoked indexes := utils.TestIndexes{ @@ -94,28 +79,24 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { // add root x509 certificate rootCertificate := utils.CreateTestRootCert() - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) // add intermediate x509 certificate intermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PEM) // add leaf x509 certificate leafCertificate := utils.CreateTestLeafCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.LeafCertPem) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) // revoke x509 certificate - revokeX509Cert := types.NewMsgRevokeX509Cert( - setup.Vendor1.String(), + utils.RevokeDaIntermediateCertificate( + setup, + setup.Vendor1, intermediateCertificate.Subject, intermediateCertificate.SubjectKeyID, "", - true, - testconstants.Info, - ) - _, err := setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) + true) // root stays approved indexes := utils.TestIndexes{ @@ -160,112 +141,113 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) - - // Add two intermediate certificates - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.IntermediateCertPem) - - intermediateCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) - intermediateCertificate.SerialNumber = utils.SerialNumber - setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, intermediateCertificate) - setup.Keeper.AddApprovedCertificateBySubjectKeyID(setup.Ctx, intermediateCertificate) - setup.Keeper.SetUniqueCertificate( - setup.Ctx, - utils.UniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), - ) + rootCert := utils.CreateTestRootCertWithSameSubjectAndSkid1() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + + // Add intermediate certificates + testIntermediateCertificate1 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID1() + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PEM) + + testIntermediateCertificate2 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID2() + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PEM) // Add a leaf certificate - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.LeafCertPem) + testLeafCertificate := utils.CreateTestLeafCertWithSameSubjectAndSKID() + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PEM) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) - require.NotNil(t, allCerts) require.Equal(t, 3, len(allCerts)) require.Equal(t, 4, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) // revoke only an intermediate certificate - revokeX509Cert := types.NewMsgRevokeX509Cert( - setup.Vendor1.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, - false, - testconstants.Info, - ) - _, err := setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) - - // check that proposed certificate revocation does not exist anymore - _, err = utils.QueryProposedCertificateRevocation( + utils.RevokeDaIntermediateCertificate( setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, - ) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that only root, intermediate and leaf certificates exists - allCerts, _ = utils.QueryAllApprovedCertificates(setup) - require.Equal(t, 3, len(allCerts)) - require.Equal(t, 3, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) + vendorAccAddress, + testIntermediateCertificate1.Subject, + testIntermediateCertificate1.SubjectKeyID, + testIntermediateCertificate1.SerialNumber, + false) - intermediateCerts, _ := utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, 1, len(intermediateCerts.Certs)) - require.Equal(t, utils.SerialNumber, intermediateCerts.Certs[0].SerialNumber) - - leafCerts, _ := utils.QueryApprovedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) - require.Equal(t, 1, len(leafCerts.Certs)) - require.Equal(t, testconstants.LeafSerialNumber, leafCerts.Certs[0].SerialNumber) + // check indexes for intermediate certificates + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + }, + Missing: []utils.TestIndex{}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) - // query and check revoked certificate - revokedCertificate, _ := utils.QueryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.NotNil(t, revokedCertificate) - require.Equal(t, testconstants.IntermediateSubject, revokedCertificate.Certs[0].Subject) - require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCertificate.Certs[0].SubjectKeyId) - require.Equal(t, testconstants.IntermediateSerialNumber, revokedCertificate.Certs[0].SerialNumber) + // check indexes for leaf + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) // revoke intermediate and leaf certificates - revokeX509Cert = types.NewMsgRevokeX509Cert( - setup.Vendor1.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - utils.SerialNumber, - true, - testconstants.Info, - ) - _, err = setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) - - _, err = utils.QueryProposedCertificateRevocation( + utils.RevokeDaIntermediateCertificate( setup, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, - ) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that only root certificate exists - certsAfterRevocation := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) - require.Equal(t, 1, len(certsAfterRevocation)) - require.Equal(t, 1, len(certsAfterRevocation[0].Certs)) - require.Equal(t, testconstants.RootSerialNumber, certsAfterRevocation[0].Certs[0].SerialNumber) - - // query and check revoked certificate - revokedCerts, _ := utils.QueryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, 2, len(revokedCerts.Certs)) - require.Equal(t, testconstants.IntermediateSubject, revokedCerts.Subject) - require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCerts.SubjectKeyId) - - // query and check revoked certificate - revokedCerts, _ = utils.QueryRevokedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) - require.Equal(t, 1, len(revokedCerts.Certs)) - require.Equal(t, testconstants.LeafSubject, revokedCerts.Subject) - require.Equal(t, testconstants.LeafSubjectKeyID, revokedCerts.SubjectKeyId) + vendorAccAddress, + testIntermediateCertificate2.Subject, + testIntermediateCertificate2.SubjectKeyID, + testIntermediateCertificate2.SerialNumber, + true) + + // intermediate and leaf are revoked + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + + // intermediate and leaf are revoked + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix, Count: 1}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } // Extra cases @@ -274,58 +256,44 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - - // add first vendor account with VID = 1 - vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // add x509 certificate by first vendor account - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + intermediateCertificate := utils.CreateTestIntermediateCert() + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PEM) // add second vendor account with VID = 1 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) // revoke x509 certificate by second vendor account - revokeX509Cert := types.NewMsgRevokeX509Cert( - vendorAccAddress2.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, - false, - testconstants.Info, - ) - _, err = setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) - - // check that intermediate certificate has been added to revoked list - revokedCertificates, _ := utils.QueryRevokedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, testconstants.IntermediateSubject, revokedCertificates.Subject) - require.Equal(t, testconstants.IntermediateSubjectKeyID, revokedCertificates.SubjectKeyId) - require.Equal(t, 1, len(revokedCertificates.Certs)) - require.Equal(t, utils.IntermediateCertificateNoVid(vendorAccAddress1), *revokedCertificates.Certs[0]) - - // check that revoked certificate removed from approved certificates list - _, err = utils.QueryApprovedCertificates(setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that revoked certificate removed from 'approved certificates' by subject list - _, err = utils.QueryApprovedCertificatesBySubject(setup, testconstants.IntermediateSubject) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // check that revoked certificate removed from 'approved certificates' by SKID list - approvedCerts, err := utils.QueryApprovedCertificatesBySubjectKeyID(setup, testconstants.IntermediateSubjectKeyID) - require.NoError(t, err) - require.Equal(t, 0, len(approvedCerts)) + utils.RevokeDaIntermediateCertificate( + setup, + vendorAccAddress2, + intermediateCertificate.Subject, + intermediateCertificate.SubjectKeyID, + intermediateCertificate.SerialNumber, + false) - // check that unique certificate key stays registered - require.True(t, setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, - testconstants.IntermediateIssuer, testconstants.IntermediateSerialNumber)) + // Check: Certificate is revoked + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) } // Error cases @@ -351,8 +319,8 @@ func TestHandler_RevokeX509Cert_CertificateDoesNotExistBySerialNumber(t *testing setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // Add intermediate certificate addIntermediateX509Cert := types.NewMsgAddX509Cert( @@ -380,8 +348,8 @@ func TestHandler_RevokeX509Cert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertOptions := utils.CreateTestRootCertOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCert() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // revoke x509 root certificate revokeX509Cert := types.NewMsgRevokeX509Cert( @@ -432,8 +400,8 @@ func TestHandler_RevokeX509Cert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertOptions := utils.CreateRootWithVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCert := utils.CreateTestRootCertWithVid() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) diff --git a/x/pki/tests/handler_update_revocation_test.go b/x/pki/tests/handler_update_revocation_test.go index 8c0308efc..10a5ecbb0 100644 --- a/x/pki/tests/handler_update_revocation_test.go +++ b/x/pki/tests/handler_update_revocation_test.go @@ -226,7 +226,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.vendorAccVid) if tc.rootCertOptions != nil { - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions) } if tc.addRevocation != nil { @@ -247,8 +247,8 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NotUniqueDataURLForIssuer( setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) // propose and approve root certificate - rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + rootCertOptions := utils.CreateTestPAACertWithNumericVid() + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertOptions) addPkiRevocationDistributionPoint1 := createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()) addPkiRevocationDistributionPoint1.Label += "-1" @@ -285,7 +285,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_DataURLNotUnique(t *testin // propose and approve root certificate rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.Vid) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint1 := createAddRevocationMessageWithPAICertWithVidPid(vendorAcc.String()) addPkiRevocationDistributionPoint1.DataURL += "/1" @@ -318,7 +318,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAI_NotChainedOnLedger(t * // propose and approve root certificate rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()) _, err := setup.Handler(setup.Ctx, addPkiRevocationDistributionPoint) @@ -354,12 +354,12 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAI_VID_TO_PAI_NOVID(t *te // add PAA for PAI_VID rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) // add PAA for PAI_NOVID rootCertOptions = utils.CreateTestRootCertOptions() rootCertOptions.Vid = testconstants.PAACertWithNumericVidVid - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) // add Revocation Point PAI_VID addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAICertWithNumericVidPid(vendorAcc.String()) @@ -387,12 +387,12 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_NOVID_DifferentVID(t * // add PAA NOVID 1 with VendorID1 rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.VendorID1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) // add PAA NOVID 2 with VendorID2 rootCertOptions = utils.CreateTestRootCertOptions() rootCertOptions.Vid = testconstants.VendorID2 - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) // add Revocation Point PAA NOVID 1 addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.VendorID1) @@ -466,7 +466,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_VID(t *testing.T) { // propose and approve root certificate rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) // add revocation if addedRevocation != nil { @@ -545,7 +545,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAA_NOVID(t *testing.T) { // propose x509 root certificate by account Trustee1 rootCertOptions := utils.CreatePAACertNoVidOptions(addedRevocation.Vid) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) // add revocation if addedRevocation != nil { @@ -623,7 +623,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAI_VIDPID(t *testing.T) { // propose and approve root certificate rootCertOptions := utils.CreatePAACertWithNumericVidOptions() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) // add revocation if addedRevocation != nil { @@ -677,7 +677,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_PAIWithoutPid(t *testing.T // propose x509 root certificate by account Trustee1 rootCertOptions := utils.CreatePAACertNoVidOptions(testconstants.Vid) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAICertWithVidPid(vendorAcc.String()) addPkiRevocationDistributionPoint.Pid = 0 @@ -796,8 +796,8 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_CrlSignerCertificateField( setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.addRevocation.Vid) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, tc.rootCertOptions2) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions1) + utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions2) _, err := setup.Handler(setup.Ctx, tc.addRevocation) require.NoError(t, err) diff --git a/x/pki/tests/utils/certificate_helpers.go b/x/pki/tests/utils/certificate_helpers.go index 98689cf3e..802bafd38 100644 --- a/x/pki/tests/utils/certificate_helpers.go +++ b/x/pki/tests/utils/certificate_helpers.go @@ -7,26 +7,44 @@ import ( "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) -func ProposeAndApproveRootCertificate(setup *TestSetup, ownerTrustee sdk.AccAddress, options *RootCertOptions) { +func ProposeAndApproveRootCertificateByOptions( + setup *TestSetup, + ownerTrustee sdk.AccAddress, + certificate *RootCertOptions, +) { // ensure that `ownerTrustee` is trustee to eventually have enough approvals require.True(setup.T, setup.DclauthKeeper.HasRole(setup.Ctx, ownerTrustee, types.RootCertificateApprovalRole)) // propose x509 root certificate by `ownerTrustee` - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(ownerTrustee.String(), options.PemCert, options.Info, options.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(ownerTrustee.String(), certificate.PemCert, testconstants.Info, certificate.Vid, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(setup.T, err) // approve x509 root certificate by another trustee approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), options.Subject, options.SubjectKeyID, options.Info) + setup.Trustee2.String(), certificate.Subject, certificate.SubjectKeyID, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(setup.T, err) +} + +func ProposeAndApproveRootCertificate( + setup *TestSetup, + ownerTrustee sdk.AccAddress, + certificate *TestCertificate, +) { + // ensure that `ownerTrustee` is trustee to eventually have enough approvals + require.True(setup.T, setup.DclauthKeeper.HasRole(setup.Ctx, ownerTrustee, types.RootCertificateApprovalRole)) + + // propose x509 root certificate by `ownerTrustee` + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(ownerTrustee.String(), certificate.PEM, testconstants.Info, certificate.VID, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(setup.T, err) - // check that root certificate has been approved - approvedCertificate, err := QueryApprovedCertificates( - setup, options.Subject, options.SubjectKeyID) + // approve x509 root certificate by another trustee + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee2.String(), certificate.Subject, certificate.SubjectKeyID, testconstants.Info) + _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(setup.T, err) - require.NotNil(setup.T, approvedCertificate) } func AddMokedDaCertificate( @@ -62,7 +80,11 @@ func CertificateIdentifier(subject string, subjectKeyID string) types.Certificat } } -func ProposeDaRootCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) *types.MsgProposeAddX509RootCert { +func ProposeDaRootCertificate( + setup *TestSetup, + address sdk.AccAddress, + pemCert string, +) *types.MsgProposeAddX509RootCert { proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( address.String(), pemCert, @@ -76,7 +98,12 @@ func ProposeDaRootCertificate(setup *TestSetup, address sdk.AccAddress, pemCert return proposeAddX509RootCert } -func ApproveDaRootCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string) *types.MsgApproveAddX509RootCert { +func ApproveDaRootCertificate( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, +) *types.MsgApproveAddX509RootCert { approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( address.String(), subject, @@ -89,7 +116,12 @@ func ApproveDaRootCertificate(setup *TestSetup, address sdk.AccAddress, subject return approveAddX509RootCert } -func RejectDaRootCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string) *types.MsgRejectAddX509RootCert { +func RejectDaRootCertificate( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, +) *types.MsgRejectAddX509RootCert { rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( address.String(), subject, @@ -102,7 +134,11 @@ func RejectDaRootCertificate(setup *TestSetup, address sdk.AccAddress, subject s return rejectAddX509RootCert } -func AddDaIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) *types.MsgAddX509Cert { +func AddDaIntermediateCertificate( + setup *TestSetup, + address sdk.AccAddress, + pemCert string, +) *types.MsgAddX509Cert { addX509Cert := types.NewMsgAddX509Cert(address.String(), pemCert, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(setup.T, err) @@ -110,7 +146,92 @@ func AddDaIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemC return addX509Cert } -func AddNocRootCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) *types.MsgAddNocX509RootCert { +func ProposeRevokeDaRootCertificate( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, + serialNumber string, + revokedChild bool, +) *types.MsgProposeRevokeX509RootCert { + proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( + address.String(), + subject, + subjectKeyID, + serialNumber, + revokedChild, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + require.NoError(setup.T, err) + + return proposeRevokeX509RootCert +} + +func ApproveRevokeDaRootCertificate( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, + serialNumber string, +) *types.MsgApproveRevokeX509RootCert { + approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( + address.String(), + subject, + subjectKeyID, + serialNumber, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, approveRevokeX509RootCert) + require.NoError(setup.T, err) + + return approveRevokeX509RootCert +} + +func RemoveDaIntermediateCertificate( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, + serialNumber string, +) *types.MsgRemoveX509Cert { + removeCert := types.NewMsgRemoveX509Cert( + address.String(), + subject, + subjectKeyID, + serialNumber, + ) + _, err := setup.Handler(setup.Ctx, removeCert) + require.NoError(setup.T, err) + + return removeCert +} + +func RevokeDaIntermediateCertificate( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, + serialNumber string, + revokedChild bool, +) *types.MsgRevokeX509Cert { + revokeX509Cert := types.NewMsgRevokeX509Cert( + address.String(), + subject, + subjectKeyID, + serialNumber, + revokedChild, + testconstants.Info, + ) + _, err := setup.Handler(setup.Ctx, revokeX509Cert) + require.NoError(setup.T, err) + + return revokeX509Cert +} + +func AddNocRootCertificate( + setup *TestSetup, + address sdk.AccAddress, + pemCert string, +) *types.MsgAddNocX509RootCert { addNocX509RootCert := types.NewMsgAddNocX509RootCert(address.String(), pemCert, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(setup.T, err) @@ -118,7 +239,11 @@ func AddNocRootCertificate(setup *TestSetup, address sdk.AccAddress, pemCert str return addNocX509RootCert } -func AddNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pemCert string) *types.MsgAddNocX509IcaCert { +func AddNocIntermediateCertificate( + setup *TestSetup, + address sdk.AccAddress, + pemCert string, +) *types.MsgAddNocX509IcaCert { nocX509Cert := types.NewMsgAddNocX509IcaCert(address.String(), pemCert, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, nocX509Cert) require.NoError(setup.T, err) @@ -126,7 +251,13 @@ func AddNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, pem return nocX509Cert } -func RemoveNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string, serialNumber string) *types.MsgRemoveNocX509IcaCert { +func RemoveNocIntermediateCertificate( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, + serialNumber string, +) *types.MsgRemoveNocX509IcaCert { removeIcaCert := types.NewMsgRemoveNocX509IcaCert( address.String(), subject, @@ -139,7 +270,14 @@ func RemoveNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, return removeIcaCert } -func RevokeNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string, serialNumber string, revokedChild bool) *types.MsgRevokeNocX509IcaCert { +func RevokeNocIntermediateCertificate( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, + serialNumber string, + revokedChild bool, +) *types.MsgRevokeNocX509IcaCert { revokeX509Cert := types.NewMsgRevokeNocX509IcaCert( address.String(), subject, @@ -154,7 +292,13 @@ func RevokeNocIntermediateCertificate(setup *TestSetup, address sdk.AccAddress, return revokeX509Cert } -func RemoveNocRootCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string, serialNumber string) *types.MsgRemoveNocX509RootCert { +func RemoveNocRootCertificate( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, + serialNumber string, +) *types.MsgRemoveNocX509RootCert { removeRootCert := types.NewMsgRemoveNocX509RootCert( address.String(), subject, @@ -167,7 +311,14 @@ func RemoveNocRootCertificate(setup *TestSetup, address sdk.AccAddress, subject return removeRootCert } -func RevokeNocRootCertificate(setup *TestSetup, address sdk.AccAddress, subject string, subjectKeyID string, serialNumber string, revokedChild bool) *types.MsgRevokeNocX509RootCert { +func RevokeNocRootCertificate( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, + serialNumber string, + revokedChild bool, +) *types.MsgRevokeNocX509RootCert { revokeX509Cert := types.NewMsgRevokeNocX509RootCert( address.String(), subject, @@ -181,3 +332,22 @@ func RevokeNocRootCertificate(setup *TestSetup, address sdk.AccAddress, subject return revokeX509Cert } + +func AssignCertificateVid( + setup *TestSetup, + address sdk.AccAddress, + subject string, + subjectKeyID string, + vid int32, +) *types.MsgAssignVid { + assignVid := types.NewMsgAssignVid( + address.String(), + subject, + subjectKeyID, + vid, + ) + _, err := setup.Handler(setup.Ctx, assignVid) + require.NoError(setup.T, err) + + return assignVid +} diff --git a/x/pki/tests/utils/data.go b/x/pki/tests/utils/data.go index b9ce9ded8..33fc0497d 100644 --- a/x/pki/tests/utils/data.go +++ b/x/pki/tests/utils/data.go @@ -111,6 +111,33 @@ func CreateTestRootCert() TestCertificate { SerialNumber: testconstants.RootSerialNumber, Issuer: testconstants.RootIssuer, AuthorityKeyID: testconstants.RootSubjectKeyID, + VID: testconstants.Vid, + IsRoot: true, + } +} + +func CreateTestRootCertWithVid() TestCertificate { + return TestCertificate{ + PEM: testconstants.RootCertWithVid, + Subject: testconstants.RootCertWithVidSubject, + SubjectKeyID: testconstants.RootCertWithVidSubjectKeyID, + SerialNumber: testconstants.RootCertWithVidSerialNumber, + Issuer: testconstants.RootCertWithVidSubject, + AuthorityKeyID: testconstants.RootCertWithVidSubjectKeyID, + VID: testconstants.RootCertWithVidVid, + IsRoot: true, + } +} + +func CreateTestPAACertWithNumericVid() TestCertificate { + return TestCertificate{ + PEM: testconstants.PAACertWithNumericVid, + Subject: testconstants.PAACertWithNumericVidSubject, + SubjectKeyID: testconstants.PAACertWithNumericVidSubjectKeyID, + SerialNumber: testconstants.PAACertWithNumericVidSerialNumber, + Issuer: testconstants.PAACertWithNumericVidSubject, + AuthorityKeyID: testconstants.PAACertWithNumericVidSubjectKeyID, + VID: testconstants.PAACertWithNumericVidVid, IsRoot: true, } } @@ -122,6 +149,7 @@ func CreateTestRootCertWithSameSubject() TestCertificate { SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, SerialNumber: testconstants.PAACertWithSameSubjectSerialNumber, Issuer: testconstants.PAACertWithSameSubjectIssuer, + VID: testconstants.Vid, IsRoot: true, } } @@ -133,6 +161,7 @@ func CreateTestRootCertWithSameSubject2() TestCertificate { SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, SerialNumber: testconstants.PAACertWithSameSubject2SerialNumber, Issuer: testconstants.PAACertWithSameSubject2Issuer, + VID: testconstants.Vid, IsRoot: true, } } @@ -145,6 +174,7 @@ func CreateTestRootCertWithSameSubjectAndSkid1() TestCertificate { SerialNumber: testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, Issuer: testconstants.RootCertWithSameSubjectAndSKID1Issuer, AuthorityKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubject, + VID: testconstants.RootCertWithVidVid, IsRoot: true, } } @@ -193,6 +223,7 @@ func CreateTestIntermediateCertWithSameSubjectAndSKID1() TestCertificate { SerialNumber: testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, Issuer: testconstants.IntermediateCertWithSameSubjectIssuer, AuthorityKeyID: testconstants.IntermediateCertWithSameSubjectAuthorityKeyID, + VID: testconstants.RootCertWithVidVid, IsRoot: false, } } @@ -259,6 +290,19 @@ func CreateTestNocRoot2Cert() TestCertificate { } } +func CreateTestNoc2RootCert() TestCertificate { + return TestCertificate{ + PEM: testconstants.NocRootCert2, + Subject: testconstants.NocRootCert2Subject, + SubjectKeyID: testconstants.NocRootCert2SubjectKeyID, + SerialNumber: testconstants.NocRootCert2SerialNumber, + Issuer: testconstants.NocRootCert2Subject, + AuthorityKeyID: testconstants.NocRootCert2SubjectKeyID, + VID: testconstants.Vid, + IsRoot: true, + } +} + func CreateTestNocIca1Cert() TestCertificate { return TestCertificate{ PEM: testconstants.NocCert1, @@ -285,6 +329,19 @@ func CreateTestNocIca1CertCopy() TestCertificate { } } +func CreateTestNocIca2Cert() TestCertificate { + return TestCertificate{ + PEM: testconstants.NocCert2, + Subject: testconstants.NocCert2Subject, + SubjectKeyID: testconstants.NocCert2SubjectKeyID, + SerialNumber: testconstants.NocCert2SerialNumber, + Issuer: testconstants.NocCert2Issuer, + AuthorityKeyID: testconstants.NocCert2AuthorityKeyID, + VID: testconstants.Vid, + IsRoot: false, + } +} + func CreateTestNocLeafCert() TestCertificate { return TestCertificate{ PEM: testconstants.NocLeafCert1, From df955b961a499575f1d5eca0a4618810c0be053d Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Wed, 4 Dec 2024 17:41:00 +0300 Subject: [PATCH 07/11] Refactoring PKI unit tests --- integration_tests/constants/constants.go | 45 +- x/pki/tests/handler_add_noc_ica_cert_test.go | 22 +- x/pki/tests/handler_add_noc_root_cert_test.go | 12 +- x/pki/tests/handler_add_paa_cert_test.go | 104 ++-- x/pki/tests/handler_add_pai_cert_test.go | 74 ++- x/pki/tests/handler_add_revocation_test.go | 4 +- x/pki/tests/handler_assign_vid_test.go | 34 +- x/pki/tests/handler_delete_revocation_test.go | 4 +- .../tests/handler_remove_noc_ica_cert_test.go | 84 +-- .../handler_remove_noc_root_cert_test.go | 88 ++-- x/pki/tests/handler_remove_pai_cert_test.go | 98 ++-- .../tests/handler_revoke_noc_ica_cert_test.go | 60 +-- .../handler_revoke_noc_root_cert_test.go | 62 +-- x/pki/tests/handler_revoke_paa_cert_test.go | 96 ++-- x/pki/tests/handler_revoke_pai_cert_test.go | 66 +-- x/pki/tests/handler_update_revocation_test.go | 4 +- x/pki/tests/utils/certificate_assertions.go | 122 +++-- x/pki/tests/utils/certificate_helpers.go | 6 +- x/pki/tests/utils/data.go | 497 +++++++++--------- 19 files changed, 755 insertions(+), 727 deletions(-) diff --git a/integration_tests/constants/constants.go b/integration_tests/constants/constants.go index cd4759e9c..50f5fb0e4 100644 --- a/integration_tests/constants/constants.go +++ b/integration_tests/constants/constants.go @@ -284,6 +284,7 @@ qoAC9NkyqaAFOPZTaK0P/8jvu8m+t9pWmDXPmqdRDgIgI7rI/g8j51RFtlM5CBpH mUkpxyqvChVI1A0DTVFLJd4= -----END CERTIFICATE-----` PAACertWithNumericVidSubject = "MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=" + PAACertWithNumericVidSubjectAsText = "CN=Matter Test PAA,1.3.6.1.4.1.37244.2.1=FFF1" PAACertWithNumericVidSubjectKeyID = "6A:FD:22:77:1F:51:1F:EC:BF:16:41:97:67:10:DC:DC:31:A1:71:7E" PAACertWithNumericVidSerialNumber = "4ea8e83182d41c1c" PAACertWithNumericVidVid int32 = 65521 @@ -350,11 +351,12 @@ cX4wCgYIKoZIzj0EAwIDSAAwRQIhAJbJyM8uAYhgBdj1vHLAe3X9mldpWsSRETET i+oDPOUDAiAlVJQ75X1T1sR199I+v8/CA2zSm6Y5PsfvrYcUq3GCGQ== -----END CERTIFICATE-----` - PAICertWithNumericPidVidSubject = "MEYxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBSTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDAQ4MDAw" - PAICertWithNumericPidVidSubjectKeyID = "AF:42:B7:09:4D:EB:D5:15:EC:6E:CF:33:B8:11:15:22:5F:32:52:88" - PAICertWithNumericPidVidVid = 65521 - PAICertWithNumericPidVidPid = 32768 - PAICertWithNumericPidVidSerialNumber = "4498223361705918669" + PAICertWithNumericPidVidSubject = "MEYxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBSTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDAQ4MDAw" + PAICertWithNumericPidVidSubjectAsText = "CN=Matter Test PAI,1.3.6.1.4.1.37244.2.1=FFF1,1.3.6.1.4.1.37244.2.2=8000" + PAICertWithNumericPidVidSubjectKeyID = "AF:42:B7:09:4D:EB:D5:15:EC:6E:CF:33:B8:11:15:22:5F:32:52:88" + PAICertWithNumericPidVidVid = 65521 + PAICertWithNumericPidVidPid = 32768 + PAICertWithNumericPidVidSerialNumber = "4498223361705918669" PAICertWithPidVid = ` -----BEGIN CERTIFICATE----- @@ -702,13 +704,15 @@ eujhLsD51w== RootSubjectKeyIDWithoutColumns = "5A880E6C3653D07FB08971A3F473790930E62BDB" RootSerialNumber = "442314047376310867378175982234956458728610743315" - RootCertWithSameSubjectAndSKIDSubject = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ==" - RootCertWithSameSubjectAndSKIDSubjectKeyID = "33:5E:0C:07:44:F8:B5:9C:CD:55:01:9B:6D:71:23:83:6F:D0:D4:BE" - RootCertWithSameSubjectAndSKID1SerialNumber = "1" - RootCertWithSameSubjectAndSKID2SerialNumber = "2" - RootCertWithSameSubjectAndSKID1Issuer = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ==" - RootCertWithSameSubjectAndSKID2Issuer = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ==" - IntermediateCertWithSameSubjectAndSKIDSubject = "MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQ=" + RootCertWithSameSubjectAndSKIDSubject = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ==" + RootCertWithSameSubjectAndSKIDSubjectAsText = "C=US,ST=New York,L=New York,O=Example Company,OU=Testing Division,CN=www.example.com" + RootCertWithSameSubjectAndSKIDSubjectKeyID = "33:5E:0C:07:44:F8:B5:9C:CD:55:01:9B:6D:71:23:83:6F:D0:D4:BE" + RootCertWithSameSubjectAndSKID1SerialNumber = "1" + RootCertWithSameSubjectAndSKID2SerialNumber = "2" + RootCertWithSameSubjectAndSKID1Issuer = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ==" + RootCertWithSameSubjectAndSKID2Issuer = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ==" + IntermediateCertWithSameSubjectAndSKIDSubject = "MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQ=" + IntermediateCertWithSameSubjectAndSKIDSubjectAsText = "C=AU,ST=Some-State,O=Internet Widgits Pty Ltd" IntermediateCertWithSameSubjectIssuer = RootCertWithSameSubjectAndSKIDSubject IntermediateCertWithSameSubjectAuthorityKeyID = RootCertWithSameSubjectAndSKIDSubjectKeyID @@ -717,6 +721,7 @@ eujhLsD51w== IntermediateCertWithSameSubjectAndSKID1SerialNumber = "3" IntermediateCertWithSameSubjectAndSKID2SerialNumber = "4" LeafCertWithSameSubjectAndSKIDSubject = "MEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQ=" + LeafCertWithSameSubjectAndSKIDSubjectAsText = "C=AU,ST=Some-State,O=Internet Widgits Pty Ltd" LeafCertWithSameSubjectAndSKIDSubjectKeyID = "12:16:55:8E:5E:2A:DF:04:D7:E6:FE:D1:53:69:61:98:EF:17:2F:03" LeafCertWithSameSubjectAndSKIDSerialNumber = "5" LeafCertWithSameSubjectIssuer = IntermediateCertWithSameSubjectAndSKIDSubject @@ -752,13 +757,14 @@ eujhLsD51w== TestSubjectKeyID = "E2:90:8D:36:9C:3C:A3:C1:13:BB:09:E2:4D:C1:CC:C5:A6:66:91:D4" TestSerialNumber = "1647312298631" - PAACertWithSameSubjectID1Subject = "MFoxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxCzAJBgNVBAsMAkRDMQ8wDQYDVQQDDAZNQVRURVI=" - PAACertWithSameSubjectID2Subject = "MGAxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxEDAOBgNVBAsMB01BVFRFUjIxEDAOBgNVBAMMB01BVFRFUjI=" - PAACertWithSameSubjectIDSubjectID = "7F:C5:4C:61:A7:2A:40:02:DA:B3:73:FB:A8:A0:AC:42:2C:44:77:05" - PAACertWithSameSubjectIssuer = "MFoxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxCzAJBgNVBAsMAkRDMQ8wDQYDVQQDDAZNQVRURVI=" - PAACertWithSameSubjectSerialNumber = "52395954309929518473720319596322683729415766451" - PAACertWithSameSubject2Issuer = "MGAxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxEDAOBgNVBAsMB01BVFRFUjIxEDAOBgNVBAMMB01BVFRFUjI=" - PAACertWithSameSubject2SerialNumber = "619677517297003610282920732322368299925590816980" + PAACertWithSameSubjectID1Subject = "MFoxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxCzAJBgNVBAsMAkRDMQ8wDQYDVQQDDAZNQVRURVI=" + PAACertWithSameSubjectID1SubjectAsText = "C=UZ,ST=TSH,L=TASHKENT,O=DSR,OU=DC,CN=MATTER" + PAACertWithSameSubjectID2Subject = "MGAxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxEDAOBgNVBAsMB01BVFRFUjIxEDAOBgNVBAMMB01BVFRFUjI=" + PAACertWithSameSubjectIDSubjectID = "7F:C5:4C:61:A7:2A:40:02:DA:B3:73:FB:A8:A0:AC:42:2C:44:77:05" + PAACertWithSameSubjectIssuer = "MFoxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxCzAJBgNVBAsMAkRDMQ8wDQYDVQQDDAZNQVRURVI=" + PAACertWithSameSubjectSerialNumber = "52395954309929518473720319596322683729415766451" + PAACertWithSameSubject2Issuer = "MGAxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxEDAOBgNVBAsMB01BVFRFUjIxEDAOBgNVBAMMB01BVFRFUjI=" + PAACertWithSameSubject2SerialNumber = "619677517297003610282920732322368299925590816980" TestVID1String = "0xA13" TestPID1String = "0xA11" @@ -772,6 +778,7 @@ eujhLsD51w== TestCertPemVid = 4701 RootCertWithVidSubject = "MIGYMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=" + RootCertWithVidSubjectSubjectAsText = "C=US,ST=New York,L=New York,O=Example Company,OU=Testing " RootCertWithVidSubjectKeyID = "CE:A8:92:66:EA:E0:80:BD:2B:B5:68:E4:0B:07:C4:FA:2C:34:6D:31" RootCertWithVidSubjectKeyIDWithoutColumns = "CEA89266EAE080BD2BB568E40B07C4FA2C346D31" RootCertWithVidVid = 65521 diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 21727fb2a..042c1b428 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -19,12 +19,12 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // add NOC ICA certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // Check state indexes indexes := utils.TestIndexes{ @@ -58,17 +58,17 @@ func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // Store the NOC certificate with different serial number - intermediateCertificate := utils.NocIntermediateCertificate(setup.Vendor1) + intermediateCertificate := utils.NocCertIca1(setup.Vendor1) intermediateCertificate.SerialNumber = testconstants.TestSerialNumber utils.AddMokedNocCertificate(setup, intermediateCertificate, false) // add the new NOC certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // Check state indexes indexes := utils.TestIndexes{ @@ -144,8 +144,8 @@ func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) { // store root certificate - rootCert := utils.CreateTestRootCertWithVid() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertWithVid(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // try to add root certificate x509 certificate addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index ddaa0f91c..2269d217f 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -18,8 +18,8 @@ func TestHandler_AddNocRootCert(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // Check state indexes indexes := utils.TestIndexes{ @@ -52,12 +52,12 @@ func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *test setup := utils.Setup(t) // Store the NOC root certificate - rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PEM) + rootCertificate1 := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PemCert) // add the new NOC root certificate - rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) + rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) // Check state indexes indexes := utils.TestIndexes{ diff --git a/x/pki/tests/handler_add_paa_cert_test.go b/x/pki/tests/handler_add_paa_cert_test.go index 061ae4725..de27df772 100644 --- a/x/pki/tests/handler_add_paa_cert_test.go +++ b/x/pki/tests/handler_add_paa_cert_test.go @@ -20,10 +20,10 @@ import ( func TestHandler_ProposeAddDaRootCert(t *testing.T) { setup := utils.Setup(t) - rootCertificate := utils.CreateTestRootCert() + rootCertificate := utils.RootCertificate(setup.Trustee1) // propose DA root certificate - proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) + proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) // Check state indexes indexes := utils.TestIndexes{ @@ -53,11 +53,11 @@ func TestHandler_AddDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose add x509 root certificate by trustee - rootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) // approve by second trustee - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes indexes := utils.TestIndexes{ @@ -83,8 +83,8 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by account without trustee role - rootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) // Create an array of trustee account from 1 to 50 trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() @@ -94,7 +94,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { // Until we hit 2/3 of the total number of Trustees, we should not be able to approve the certificate for i := 1; i < twoThirds-1; i++ { - utils.ApproveDaRootCertificate(setup, trusteeAccounts[i], rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.ApproveDaRootCertificate(setup, trusteeAccounts[i], rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes indexes := utils.TestIndexes{ @@ -117,7 +117,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { } // One more approval will move this to approved state from pending - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes indexes := utils.TestIndexes{ @@ -160,17 +160,17 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account Trustee1 - rootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) // approve x509 root certificate by account Trustee2 - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) // approve x509 root certificate by account Trustee3 - utils.ApproveDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.ApproveDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyId) // reject x509 root certificate by account Trustee4 - utils.RejectDaRootCertificate(setup, fourthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.RejectDaRootCertificate(setup, fourthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes - certificate is in proposed state indexes := utils.TestIndexes{ @@ -192,7 +192,7 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // approve x509 root certificate by account Trustee5 - utils.ApproveDaRootCertificate(setup, fifthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.ApproveDaRootCertificate(setup, fifthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes indexes = utils.TestIndexes{ @@ -225,8 +225,8 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { utils.AddMokedDaCertificate(setup, rootCertificate, true) // propose second root certificate - testRootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, testRootCertificate.PEM) + testRootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, testRootCertificate.PemCert) // Check state indexes indexes := utils.TestIndexes{ @@ -255,12 +255,12 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T setup := utils.Setup(t) // add Certificate1 - testRootCertificate := utils.CreateTestRootCertWithSameSubject() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate) + testRootCertificate := utils.PAACertWithSameSubjectID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) // add Certificate2 - testRootCertificate2 := utils.CreateTestRootCertWithSameSubject2() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate2) + testRootCertificate2 := utils.PAACertWithSameSubjectID2(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate2) // Check indexes by subject + subject key id allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) @@ -292,7 +292,7 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate2, indexes) // Additional checks - require.Equal(t, testRootCertificate.SubjectKeyID, resolvedCertificates.AllCertificatesBySubjectKeyID[0].SubjectKeyId) + require.Equal(t, testRootCertificate.SubjectKeyId, resolvedCertificates.AllCertificatesBySubjectKeyID[0].SubjectKeyId) require.Equal(t, testRootCertificate.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[0].Subject) require.Equal(t, testRootCertificate2.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[1].Subject) } @@ -301,11 +301,11 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by account Trustee1 - testRootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, testRootCertificate.PEM) + testRootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, testRootCertificate.PemCert) // reject x509 root certificate by account Trustee2 - utils.RejectDaRootCertificate(setup, setup.Trustee2, testRootCertificate.Subject, testRootCertificate.SubjectKeyID) + utils.RejectDaRootCertificate(setup, setup.Trustee2, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) // certificate should be in the entity , because we haven't enough reject approvals indexes := utils.TestIndexes{ @@ -334,7 +334,7 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { require.Equal(t, testconstants.Info, resolvedCertificates.ProposedCertificate.Rejects[0].Info) // reject x509 root certificate by account Trustee3 - utils.RejectDaRootCertificate(setup, setup.Trustee3, testRootCertificate.Subject, testRootCertificate.SubjectKeyID) + utils.RejectDaRootCertificate(setup, setup.Trustee3, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) // certificate should not be in the entity , because we have enough reject approvals indexes = utils.TestIndexes{ @@ -369,8 +369,8 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * setup := utils.Setup(t) // propose add x509 root certificate - rootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Trustee, @@ -379,21 +379,21 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // approve x509 root certificate by account Trustee2 - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) pendingCert, _ := setup.Keeper.GetProposedCertificate( setup.Ctx, rootCertificate.Subject, - rootCertificate.SubjectKeyID) + rootCertificate.SubjectKeyId) prevRejectsLen := len(pendingCert.Rejects) prevApprovalsLen := len(pendingCert.Approvals) // reject x509 root certificate by account Trustee2 - utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) pendingCert, found := setup.Keeper.GetProposedCertificate(setup.Ctx, rootCertificate.Subject, - rootCertificate.SubjectKeyID) + rootCertificate.SubjectKeyId) require.True(t, found) require.Equal(t, len(pendingCert.Rejects), prevRejectsLen+1) require.Equal(t, len(pendingCert.Approvals), prevApprovalsLen-1) @@ -404,8 +404,8 @@ func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t * setup := utils.Setup(t) // propose add x509 root certificate - rootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Trustee, @@ -414,22 +414,22 @@ func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t * setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // reject x509 root certificate by account Trustee2 - utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) pendingCert, _ := setup.Keeper.GetProposedCertificate( setup.Ctx, rootCertificate.Subject, - rootCertificate.SubjectKeyID) + rootCertificate.SubjectKeyId) prevRejectsLen := len(pendingCert.Rejects) prevApprovalsLen := len(pendingCert.Approvals) // approve x509 root certificate by account Trustee2 - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) pendingCert, found := setup.Keeper.GetProposedCertificate( setup.Ctx, rootCertificate.Subject, - rootCertificate.SubjectKeyID) + rootCertificate.SubjectKeyId) require.True(t, found) require.Equal(t, len(pendingCert.Rejects), prevRejectsLen-1) require.Equal(t, len(pendingCert.Approvals), prevApprovalsLen+1) @@ -450,11 +450,11 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account Trustee1 - rootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) // reject x509 root certificate by account Trustee2 - utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes indexes := utils.TestIndexes{ @@ -476,7 +476,7 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // reject x509 root certificate by account Trustee3 - utils.RejectDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.RejectDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes indexes = utils.TestIndexes{ @@ -502,11 +502,11 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByTrustee(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate - rootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) // reject x509 root certificate - utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes indexes := utils.TestIndexes{ @@ -531,11 +531,11 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) setup := utils.Setup(t) // propose x509 root certificate - rootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) // reject x509 root certificate - utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes indexes := utils.TestIndexes{ @@ -564,14 +564,14 @@ func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testin setup.CreateTrusteeAccount(1) // propose x509 root certificate - rootCertificate := utils.CreateTestRootCert() - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PEM) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) // approve - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) // reject x509 root certificate - utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyID) + utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes indexes := utils.TestIndexes{ diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index f1085a9ee..b4219fa8f 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -20,12 +20,12 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add DA root certificate - testRootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // add DA PAI certificate - testIntermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) + testIntermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PemCert) // Check state indexes indexes := utils.TestIndexes{ @@ -56,12 +56,12 @@ func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // store root certificate - testRootCertificate := utils.CreateTestPAACertWithNumericVid() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate) + testRootCertificate := utils.PAACertWithNumericVid(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) // add intermediate certificate - testIntermediateCertificate := utils.CreateTestIntermediateVidScopedCert() - utils.AddDaIntermediateCertificate(setup, accAddress, testIntermediateCertificate.PEM) + testIntermediateCertificate := utils.PAICertWithNumericPidVid(accAddress) + utils.AddDaIntermediateCertificate(setup, accAddress, testIntermediateCertificate.PemCert) // Check state indexes indexes := utils.TestIndexes{ @@ -88,19 +88,17 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( setup := utils.Setup(t) // store root certificate - rootCertOptions := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertOptions) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // store intermediate certificate with different serial number - intermediateCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) + intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) intermediateCertificate.SerialNumber = utils.SerialNumber - testIntermediateCertificate2 := utils.CreateTestIntermediateCert() - testIntermediateCertificate2.SerialNumber = utils.SerialNumber utils.AddMokedDaCertificate(setup, intermediateCertificate, false) // store intermediate certificate second time - testIntermediateCertificate1 := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate1.PEM) + testIntermediateCertificate1 := utils.IntermediateCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate1.PemCert) // query All approved certificate allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) @@ -131,7 +129,7 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) // additional checks - require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].SerialNumber, testIntermediateCertificate2.SerialNumber) + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].SerialNumber, intermediateCertificate.SerialNumber) require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[1].SerialNumber, testIntermediateCertificate1.SerialNumber) require.NotEqual( t, @@ -140,23 +138,23 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( ) // Check indexes for certificate2 - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) } func TestHandler_AddDaCert_ForTree(t *testing.T) { setup := utils.Setup(t) // add root x509 certificate - testRootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate) + testRootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) // add intermediate x509 certificate - testIntermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) + testIntermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PemCert) // add leaf x509 certificate - testLeafCertificate := utils.CreateTestLeafCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testLeafCertificate.PEM) + testLeafCertificate := utils.LeafCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testLeafCertificate.PemCert) // Check indexes for root indexes := utils.TestIndexes{ @@ -210,7 +208,7 @@ func TestHandler_AddX509Cert_EachChildCertRefersToTwoParentCerts(t *testing.T) { utils.AddMokedDaCertificate(setup, rootCert, true) // store intermediate certificate (it refers to two parent certificates) - intermediateCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) + intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) intermediateCertificate.SerialNumber = utils.SerialNumber utils.AddMokedDaCertificate(setup, intermediateCertificate, true) @@ -265,17 +263,17 @@ func TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) // store root certificate - testRootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &testRootCertificate) + testRootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) // Store an intermediate certificate with the first vendor account as the owner - intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress1) + intermediateCertificate := utils.IntermediateCertPem(vendorAccAddress1) intermediateCertificate.SerialNumber = utils.SerialNumber utils.AddMokedDaCertificate(setup, intermediateCertificate, false) // add an intermediate certificate with the same subject and SKID by second vendor account - testIntermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress2, testIntermediateCertificate.PEM) + testIntermediateCertificate := utils.IntermediateCertPem(vendorAccAddress2) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress2, testIntermediateCertificate.PemCert) // Check state indexes indexes := utils.TestIndexes{ @@ -304,12 +302,12 @@ func TestHandler_AddX509Cert_VIDScopedRoot(t *testing.T) { accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // store root certificate - rootCert := utils.CreateTestPAACertWithNumericVid() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.PAACertWithNumericVid(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // add x509 certificate - testIntermediateCertificate := utils.CreateTestIntermediateVidScopedCert() - utils.AddDaIntermediateCertificate(setup, accAddress, testIntermediateCertificate.PEM) + testIntermediateCertificate := utils.PAICertWithNumericPidVid(accAddress) + utils.AddDaIntermediateCertificate(setup, accAddress, testIntermediateCertificate.PemCert) // Check state indexes indexes := utils.TestIndexes{ @@ -435,7 +433,7 @@ func TestHandler_AddX509Cert_ForExistingNocCertificate(t *testing.T) { setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) // Store the NOC certificate - nocCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) + nocCertificate := utils.IntermediateCertPem(setup.Vendor1) nocCertificate.SerialNumber = testconstants.TestSerialNumber nocCertificate.CertificateType = types.CertificateType_OperationalPKI @@ -458,7 +456,7 @@ func TestHandler_AddX509Cert_NoRootCert(t *testing.T) { setup := utils.Setup(t) // add intermediate certificate - intermediateCertificate := utils.IntermediateCertificateNoVid(setup.Vendor1) + intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) // add leaf x509 certificate @@ -518,7 +516,7 @@ func TestHandler_AddX509Cert_ByOtherVendor(t *testing.T) { vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) // Store an intermediate certificate with the first vendor account as the owner - intermediateCertificate := utils.IntermediateCertificateNoVid(vendorAccAddress1) + intermediateCertificate := utils.IntermediateCertPem(vendorAccAddress1) intermediateCertificate.SerialNumber = utils.SerialNumber setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) setup.Keeper.AddApprovedCertificateBySubjectKeyID(setup.Ctx, intermediateCertificate) @@ -541,8 +539,8 @@ func TestHandler_AddX509Cert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.CreateTestRootCertWithVid() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertWithVid(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // add x509 certificate addX509Cert := types.NewMsgAddX509Cert(setup.Trustee1.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) diff --git a/x/pki/tests/handler_add_revocation_test.go b/x/pki/tests/handler_add_revocation_test.go index 531897b00..4e105edbc 100644 --- a/x/pki/tests/handler_add_revocation_test.go +++ b/x/pki/tests/handler_add_revocation_test.go @@ -190,8 +190,8 @@ func TestHandler_AddPkiRevocationDistributionPoint_PAAAlreadyExists(t *testing.T accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // propose and approve x509 root certificate - rootCert := utils.CreateTestPAACertWithNumericVid() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.PAACertWithNumericVid(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAACertWithNumericVid(accAddress.String()) diff --git a/x/pki/tests/handler_assign_vid_test.go b/x/pki/tests/handler_assign_vid_test.go index b73632f69..5d2592598 100644 --- a/x/pki/tests/handler_assign_vid_test.go +++ b/x/pki/tests/handler_assign_vid_test.go @@ -20,12 +20,12 @@ func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCertificate := utils.CreateTestRootCert() - rootCertificate.VID = 0 - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) + rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate.Vid = 0 + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // assign Vid - utils.AssignCertificateVid(setup, vendorAcc, rootCertificate.Subject, rootCertificate.SubjectKeyID, testconstants.Vid) + utils.AssignCertificateVid(setup, vendorAcc, rootCertificate.Subject, rootCertificate.SubjectKeyId, testconstants.Vid) // Check state indexes indexes := utils.TestIndexes{ @@ -58,12 +58,12 @@ func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCertificate := utils.CreateTestPAACertWithNumericVid() - rootCertificate.VID = 0 - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) + rootCertificate := utils.PAACertWithNumericVid(setup.Trustee1) + rootCertificate.Vid = 0 + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // assign Vid - utils.AssignCertificateVid(setup, vendorAcc, rootCertificate.Subject, rootCertificate.SubjectKeyID, testconstants.PAACertWithNumericVidVid) + utils.AssignCertificateVid(setup, vendorAcc, rootCertificate.Subject, rootCertificate.SubjectKeyId, testconstants.PAACertWithNumericVidVid) // Check state indexes indexes := utils.TestIndexes{ @@ -129,8 +129,8 @@ func TestHandler_AssignVid_ForNonRootCertificate(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add vendor account vendorAccAddress := utils.GenerateAccAddress() @@ -158,13 +158,13 @@ func TestHandler_AssignVid_CertificateAlreadyHasVid(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCert := utils.CreateTestPAACertWithNumericVid() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.PAACertWithNumericVid(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) assignVid := types.MsgAssignVid{ Signer: vendorAcc.String(), Subject: rootCert.Subject, - SubjectKeyId: rootCert.SubjectKeyID, + SubjectKeyId: rootCert.SubjectKeyId, Vid: testconstants.PAACertWithNumericVidVid, } @@ -178,14 +178,14 @@ func TestHandler_AssignVid_MessageVidAndCertificateVidNotEqual(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCert := utils.CreateTestPAACertWithNumericVid() - rootCert.VID = 0 - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.PAACertWithNumericVid(setup.Trustee1) + rootCert.Vid = 0 + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) assignVid := types.MsgAssignVid{ Signer: vendorAcc.String(), Subject: rootCert.Subject, - SubjectKeyId: rootCert.SubjectKeyID, + SubjectKeyId: rootCert.SubjectKeyId, Vid: 1, } diff --git a/x/pki/tests/handler_delete_revocation_test.go b/x/pki/tests/handler_delete_revocation_test.go index 7650733f6..cd8bf1dc3 100644 --- a/x/pki/tests/handler_delete_revocation_test.go +++ b/x/pki/tests/handler_delete_revocation_test.go @@ -187,8 +187,8 @@ func TestHandler_DeletePkiRevocationDistributionPoint_Multiple_SameIssuerSubject utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) // add PAA VID - rootCert := utils.CreateTestPAACertWithNumericVid() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.PAACertWithNumericVid(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // add Revocation Point PAA NOVID addRevocationPAANoVid := createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.PAACertWithNumericVidVid) diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index 85e3f4072..3d6f492b7 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -18,15 +18,15 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // add intermediate certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // remove intermediate certificate - utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyID, "") + utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyId, "") // Check state indexes indexes := utils.TestIndexes{ @@ -57,19 +57,19 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // add two intermediate certificates - icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PEM) + icaCertificate1 := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PemCert) - icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) + icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) // add leaf certificate - leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) + leafCertificate := utils.NocLeafCert1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) // check total number of certificates nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -94,7 +94,7 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // remove all intermediate certificates but leave leaf certificate (NocCert1 and NocCert1Copy) - utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.Subject, icaCertificate1.SubjectKeyID, "") + utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.Subject, icaCertificate1.SubjectKeyId, "") // Check indexes for intermediate certificates indexes = utils.TestIndexes{ @@ -154,20 +154,20 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // Add ICA certificates - icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PEM) + icaCertificate1 := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PemCert) // Add ICA certificates with sam subject and SKID but different serial number - icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) + icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) // Add a leaf certificate - leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) + leafCertificate := utils.NocLeafCert1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) // Check indexes for intermediate certificates before removing indexes := utils.TestIndexes{ @@ -192,7 +192,7 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { setup, setup.Vendor1, icaCertificate1.Subject, - icaCertificate1.SubjectKeyID, + icaCertificate1.SubjectKeyId, icaCertificate1.SerialNumber) // Check indexes for first certificate (second ica exist) @@ -249,19 +249,19 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // Add an intermediate certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // revoke intermediate certificate by serial number utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, icaCertificate.Subject, - icaCertificate.SubjectKeyID, + icaCertificate.SubjectKeyId, icaCertificate.SerialNumber, false, ) @@ -293,7 +293,7 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { setup, setup.Vendor1, icaCertificate.Subject, - icaCertificate.SubjectKeyID, + icaCertificate.SubjectKeyId, icaCertificate.SerialNumber, ) @@ -324,19 +324,19 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // Add an intermediate certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // revoke an intermediate certificate utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, icaCertificate.Subject, - icaCertificate.SubjectKeyID, + icaCertificate.SubjectKeyId, icaCertificate.SerialNumber, false, ) @@ -364,8 +364,8 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // Add an intermediate certificate with new serial number - icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) + icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) // Check indexes indexes = utils.TestIndexes{ @@ -392,7 +392,7 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) setup, setup.Vendor1, icaCertificate.Subject, - icaCertificate.SubjectKeyID, + icaCertificate.SubjectKeyId, "", ) @@ -427,12 +427,12 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // add ICA certificate by fist vendor account - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // add second vendor account with VID = 1 vendorAccAddress2 := utils.GenerateAccAddress() @@ -443,7 +443,7 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { setup, vendorAccAddress2, icaCertificate.Subject, - icaCertificate.SubjectKeyID, + icaCertificate.SubjectKeyId, icaCertificate.SerialNumber, ) diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index 02e2e906d..bb8be46af 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -18,11 +18,11 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { setup := utils.Setup(t) // add NOC root certificates - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // remove noc root certificate - utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate.Subject, rootCertificate.SubjectKeyID, "") + utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate.Subject, rootCertificate.SubjectKeyId, "") // Check indexes indexes := utils.TestIndexes{ @@ -51,15 +51,15 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // add NOC root certificates - rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PEM) + rootCertificate1 := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PemCert) - rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) + rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) // Add intermediate certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -68,7 +68,7 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, 3, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) // remove all root noc root certificates - utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate1.Subject, rootCertificate1.SubjectKeyID, "") + utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate1.Subject, rootCertificate1.SubjectKeyId, "") // check that only IAC certificate exists nocCerts, _ = utils.QueryAllNocCertificates(setup) @@ -119,15 +119,15 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // add NOC root certificates - rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PEM) + rootCertificate1 := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PemCert) - rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) + rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) // Add ICA certificates - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -140,7 +140,7 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { setup, setup.Vendor1, rootCertificate1.Subject, - rootCertificate1.SubjectKeyID, + rootCertificate1.SubjectKeyId, rootCertificate1.SerialNumber) // check total @@ -191,7 +191,7 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { setup, setup.Vendor1, rootCertificate2.Subject, - rootCertificate2.SubjectKeyID, + rootCertificate2.SubjectKeyId, rootCertificate2.SerialNumber) // check total @@ -243,22 +243,22 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate1 := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PemCert) - rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) + rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) // Add an intermediate certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // revoke NOC root certificates utils.RevokeNocRootCertificate( setup, setup.Vendor1, rootCertificate2.Subject, - rootCertificate2.SubjectKeyID, + rootCertificate2.SubjectKeyId, "", false, ) @@ -305,7 +305,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { setup, setup.Vendor1, rootCertificate2.Subject, - rootCertificate2.SubjectKeyID, + rootCertificate2.SubjectKeyId, "", ) @@ -350,19 +350,19 @@ func TestHandler_RemoveNocX509RootCert_RevokedWithChildCertificate(t *testing.T) setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // Add an intermediate certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // revoke NOC root certificates utils.RevokeNocRootCertificate( setup, setup.Vendor1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, "", true, ) @@ -409,7 +409,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedWithChildCertificate(t *testing.T) setup, setup.Vendor1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, "", ) @@ -456,33 +456,33 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // Add an intermediate certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // revoke an intermediate certificate utils.RevokeNocRootCertificate( setup, setup.Vendor1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber, false, ) // Add NOC root certificate with new serial number - rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) + rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) // remove NOC root certificate by serial number utils.RemoveNocRootCertificate( setup, setup.Vendor1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber, ) @@ -527,7 +527,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) setup, setup.Vendor1, rootCertificate2.Subject, - rootCertificate2.SubjectKeyID, + rootCertificate2.SubjectKeyId, "", ) @@ -554,8 +554,8 @@ func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // add second vendor account with VID = 1 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) @@ -565,7 +565,7 @@ func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { setup, vendorAccAddress2, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber, ) diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index 641e82f60..503935b24 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -17,19 +17,19 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add intermediate certificates - testIntermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) + testIntermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PemCert) // Remove intermediate certificate utils.RemoveDaIntermediateCertificate( setup, setup.Vendor1, testIntermediateCertificate.Subject, - testIntermediateCertificate.SubjectKeyID, + testIntermediateCertificate.SubjectKeyId, "") // Check: only one certificate exists - root @@ -62,19 +62,19 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCertWithSameSubjectAndSkid1() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add two intermediate certificates - testIntermediateCertificate1 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID1() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PEM) + testIntermediateCertificate1 := utils.IntermediateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PemCert) - testIntermediateCertificate2 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID2() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PEM) + testIntermediateCertificate2 := utils.IntermediateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PemCert) // Add a leaf certificate - testLeafCertificate := utils.CreateTestLeafCertWithSameSubjectAndSKID() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PEM) + testLeafCertificate := utils.LeafCertWithSameSubjectAndSKID(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PemCert) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) @@ -87,7 +87,7 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { setup, vendorAccAddress, testIntermediateCertificate1.Subject, - testIntermediateCertificate1.SubjectKeyID, + testIntermediateCertificate1.SubjectKeyId, "") // check that only two certificates exists @@ -142,26 +142,26 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCertWithSameSubjectAndSkid1() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add intermediate certificates - testIntermediateCertificate1 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID1() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PEM) + testIntermediateCertificate1 := utils.IntermediateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PemCert) - testIntermediateCertificate2 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID2() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PEM) + testIntermediateCertificate2 := utils.IntermediateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PemCert) // Add a leaf certificate - testLeafCertificate := utils.CreateTestLeafCertWithSameSubjectAndSKID() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PEM) + testLeafCertificate := utils.LeafCertWithSameSubjectAndSKID(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PemCert) // remove intermediate certificate by serial number utils.RemoveDaIntermediateCertificate( setup, vendorAccAddress, testIntermediateCertificate1.Subject, - testIntermediateCertificate1.SubjectKeyID, + testIntermediateCertificate1.SubjectKeyId, testIntermediateCertificate1.SerialNumber) // check that only root, intermediate(with serial number 3) and leaf certificates exists @@ -221,7 +221,7 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { setup, vendorAccAddress, testIntermediateCertificate2.Subject, - testIntermediateCertificate2.SubjectKeyID, + testIntermediateCertificate2.SubjectKeyId, testIntermediateCertificate2.SerialNumber) allCerts, _ = utils.QueryAllApprovedCertificates(setup) @@ -267,19 +267,19 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add two intermediate certificates again - testIntermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) + testIntermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PemCert) // revoke intermediate certificate by serial number utils.RevokeDaIntermediateCertificate( setup, setup.Vendor1, testIntermediateCertificate.Subject, - testIntermediateCertificate.SubjectKeyID, + testIntermediateCertificate.SubjectKeyId, testIntermediateCertificate.SerialNumber, false) @@ -306,7 +306,7 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { setup, setup.Vendor1, testIntermediateCertificate.Subject, - testIntermediateCertificate.SubjectKeyID, + testIntermediateCertificate.SubjectKeyId, testIntermediateCertificate.SerialNumber) indexes = utils.TestIndexes{ @@ -336,12 +336,12 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCertWithSameSubjectAndSkid1() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add an intermediate certificate - testIntermediateCertificate := utils.CreateTestIntermediateCertWithSameSubjectAndSKID1() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate.PEM) + testIntermediateCertificate := utils.IntermediateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate.PemCert) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) @@ -352,13 +352,13 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { setup, vendorAccAddress, testIntermediateCertificate.Subject, - testIntermediateCertificate.SubjectKeyID, + testIntermediateCertificate.SubjectKeyId, testIntermediateCertificate.SerialNumber, false) // Add an intermediate certificate with new serial number - testIntermediateCertificate2 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID2() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PEM) + testIntermediateCertificate2 := utils.IntermediateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PemCert) // check that intermediate certificate 2 exists indexes := utils.TestIndexes{ @@ -402,7 +402,7 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { setup, vendorAccAddress, testIntermediateCertificate2.Subject, - testIntermediateCertificate2.SubjectKeyID, + testIntermediateCertificate2.SubjectKeyId, "") // check indexes after removing re-activated certificate @@ -429,12 +429,12 @@ func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // add x509 certificate by fist vendor account - testIntermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PEM) + testIntermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PemCert) // add second vendor account with VID = 1 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) @@ -444,7 +444,7 @@ func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { setup, vendorAccAddress2, testIntermediateCertificate.Subject, - testIntermediateCertificate.SubjectKeyID, + testIntermediateCertificate.SubjectKeyId, testIntermediateCertificate.SerialNumber) // check state indexes @@ -536,8 +536,8 @@ func TestHandler_RemoveX509Cert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.CreateTestRootCertWithVid() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertWithVid(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) @@ -557,8 +557,8 @@ func TestHandler_RemoveX509Cert_SenderNotVendor(t *testing.T) { func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) removeX509Cert := types.NewMsgRemoveX509Cert( setup.Vendor1.String(), @@ -573,8 +573,8 @@ func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { func TestHandler_RemoveX509Cert_InvalidSerialNumber(t *testing.T) { setup := utils.Setup(t) - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index 5fc287304..dac81e93a 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -18,19 +18,19 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // add the NOC non-root certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // Revoke NOC with subject and subject key id only utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, icaCertificate.Subject, - icaCertificate.SubjectKeyID, + icaCertificate.SubjectKeyId, "", false) @@ -65,15 +65,15 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add the first NOC non-root certificate - icaCertificate1 := utils.CreateTestNocIca1Cert() + icaCertificate1 := utils.NocCertIca1(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) // add the second NOC non-root certificate - icaCertificate2 := utils.CreateTestNocIca1CertCopy() + icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1Copy) // add the NOC leaf certificate - leafCertificate := utils.CreateTestNocLeafCert() + leafCertificate := utils.NocLeafCert1(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocLeafCert1) // Revoke NOC with subject and subject key id only @@ -81,7 +81,7 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { setup, setup.Vendor1, icaCertificate1.Subject, - icaCertificate1.SubjectKeyID, + icaCertificate1.SubjectKeyId, "", false) @@ -142,23 +142,23 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add the first NOC non-root certificate - icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PEM) + icaCertificate1 := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PemCert) // add the second NOC non-root certificate - icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) + icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) // add the NOC leaf certificate - leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) + leafCertificate := utils.NocLeafCert1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) // Revoke noc with subject and subject key id and its child too utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, icaCertificate1.Subject, - icaCertificate1.SubjectKeyID, + icaCertificate1.SubjectKeyId, "", true) @@ -219,23 +219,23 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add the first NOC non-root certificate - icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PEM) + icaCertificate1 := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PemCert) // add the second NOC non-root certificate - icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) + icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) // add the NOC leaf certificate - leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) + leafCertificate := utils.NocLeafCert1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) // Revoke NOC by serial number only utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, icaCertificate1.Subject, - icaCertificate1.SubjectKeyID, + icaCertificate1.SubjectKeyId, icaCertificate1.SerialNumber, false) @@ -292,23 +292,23 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) // add the first NOC non-root certificate - icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PEM) + icaCertificate1 := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PemCert) // add the second NOC non-root certificate - icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PEM) + icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) // add the NOC leaf certificate - leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) + leafCertificate := utils.NocLeafCert1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) // Revoke NOC with subject and subject key id and its child too utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, icaCertificate1.Subject, - icaCertificate1.SubjectKeyID, + icaCertificate1.SubjectKeyId, icaCertificate1.SerialNumber, true) diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index 95dabc267..fd1639be2 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -18,15 +18,15 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // Revoke NOC root with subject and subject key id only utils.RevokeNocRootCertificate( setup, setup.Vendor1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, "", false, ) @@ -59,23 +59,23 @@ func TestHandler_RevokeNocX509RootCert_TwoCerts(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // add the second NOC root certificate - rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) + rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) // add the first NOC non-root certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // Revoke NOC root with subject and subject key id only utils.RevokeNocRootCertificate( setup, setup.Vendor1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, "", false, ) @@ -130,23 +130,23 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // add the second NOC root certificate - rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) + rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) // add the first NOC non-root certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // Revoke NOC root with subject and subject key id only utils.RevokeNocRootCertificate( setup, setup.Vendor1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, "", true, ) @@ -200,23 +200,23 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // add the second NOC root certificate - rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) + rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) // add the first NOC non-root certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // Revoke NOC root with subject and subject key id by serial number utils.RevokeNocRootCertificate( setup, setup.Vendor1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber, false, ) @@ -272,23 +272,23 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PEM) + rootCertificate := utils.NocRootCert1(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) // add the second NOC root certificate - rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PEM) + rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) // add the first NOC non-root certificate - icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PEM) + icaCertificate := utils.NocCertIca1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) // Revoke NOC root with subject and subject key id by serial number utils.RevokeNocRootCertificate( setup, setup.Vendor1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber, true, ) diff --git a/x/pki/tests/handler_revoke_paa_cert_test.go b/x/pki/tests/handler_revoke_paa_cert_test.go index 46ef90c11..3026e09fb 100644 --- a/x/pki/tests/handler_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_revoke_paa_cert_test.go @@ -21,15 +21,15 @@ func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // propose revocation of x509 root certificate by `setup.Trustee` utils.ProposeRevokeDaRootCertificate( setup, setup.Trustee1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber, false) @@ -62,8 +62,8 @@ func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // add another trustee anotherTrustee := setup.CreateTrusteeAccount(1) @@ -73,7 +73,7 @@ func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { setup, anotherTrustee, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber, false) @@ -108,15 +108,15 @@ func TestHandler_RevokeDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // revoke certificate proposeAndApproveCertificateRevocation( t, setup, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, "", ) @@ -146,18 +146,18 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist setup := utils.Setup(t) // add root certificates - rootCertificate1 := utils.CreateTestRootCertWithSameSubject() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate1) + rootCertificate1 := utils.PAACertWithSameSubjectID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) - rootCertificate2 := utils.CreateTestRootCertWithSameSubject2() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate2) + rootCertificate2 := utils.PAACertWithSameSubjectID2(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) // revoke Certificate1 certificate proposeAndApproveCertificateRevocation( t, setup, rootCertificate1.Subject, - rootCertificate1.SubjectKeyID, + rootCertificate1.SubjectKeyId, "", ) @@ -205,11 +205,11 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndSkidExist(t *testing.T) { setup := utils.Setup(t) - rootCertificate1 := utils.CreateTestRootCertWithSameSubjectAndSkid1() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate1) + rootCertificate1 := utils.RootCertWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) - rootCertificate2 := utils.CreateTestRootCertWithSameSubjectAndSkid2() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate2) + rootCertificate2 := utils.RootCertWithSameSubjectAndSKID2(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) // revoke Certificate1 certificate proposeAndApproveCertificateRevocation( @@ -246,7 +246,7 @@ func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndS t, setup, rootCertificate2.Subject, - rootCertificate2.SubjectKeyID, + rootCertificate2.SubjectKeyId, rootCertificate2.SerialNumber, ) @@ -275,8 +275,8 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup := utils.Setup(t) // add root x509 certificate - rootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // root exists indexes := utils.TestIndexes{ @@ -310,7 +310,7 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup, setup.Trustee1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber, false) @@ -322,7 +322,7 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup, trusteeAccounts[i], rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber) // check that the certificate is still not revoked @@ -334,7 +334,7 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup, setup.Trustee2, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber) indexes = utils.TestIndexes{ @@ -378,23 +378,23 @@ func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { setup := utils.Setup(t) // add root x509 certificate - rootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // add intermediate x509 certificate - intermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PEM) + intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PemCert) // add leaf x509 certificate - leafCertificate := utils.CreateTestLeafCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) + leafCertificate := utils.LeafCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) // propose revocation of x509 root certificate utils.ProposeRevokeDaRootCertificate( setup, setup.Trustee1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, "", true) @@ -403,7 +403,7 @@ func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { setup, setup.Trustee2, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, "") indexes := utils.TestIndexes{ @@ -435,8 +435,8 @@ func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // Add 1 more trustee (this will bring the total trustee's to 4) setup.CreateTrusteeAccount(1) @@ -446,7 +446,7 @@ func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { setup, setup.Trustee1, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber, false) @@ -455,7 +455,7 @@ func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { setup, setup.Trustee2, rootCertificate.Subject, - rootCertificate.SubjectKeyID, + rootCertificate.SubjectKeyId, rootCertificate.SerialNumber) indexes := utils.TestIndexes{ @@ -483,8 +483,8 @@ func TestHandler_ProposeRevokeX509RootCert_ByNotTrustee(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Vendor, @@ -522,8 +522,8 @@ func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExist(t *testing.T) func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExistBySerialNumber(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // revoke x509 certificate revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( @@ -573,8 +573,8 @@ func TestHandler_ProposeRevokeX509RootCert_ProposedRevocationAlreadyExists(t *te setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -626,8 +626,8 @@ func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( @@ -665,8 +665,8 @@ func TestHandler_ApproveRevokeX509RootCert_ProposedRevocationDoesNotExist(t *tes setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // approve revocation of x509 root certificate approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( @@ -684,8 +684,8 @@ func TestHandler_ApproveRevokeX509RootCert_Twice(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // propose revocation of x509 root certificate proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index 972fe142b..d8430d605 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -18,19 +18,19 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // Add intermediate certificate - intermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PEM) + intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PemCert) // revoke intermediate certificate utils.RevokeDaIntermediateCertificate( setup, setup.Vendor1, intermediateCertificate.Subject, - intermediateCertificate.SubjectKeyID, + intermediateCertificate.SubjectKeyId, "", false) @@ -78,23 +78,23 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { setup := utils.Setup(t) // add root x509 certificate - rootCertificate := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertificate) + rootCertificate := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // add intermediate x509 certificate - intermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PEM) + intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PemCert) // add leaf x509 certificate - leafCertificate := utils.CreateTestLeafCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PEM) + leafCertificate := utils.LeafCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) // revoke x509 certificate utils.RevokeDaIntermediateCertificate( setup, setup.Vendor1, intermediateCertificate.Subject, - intermediateCertificate.SubjectKeyID, + intermediateCertificate.SubjectKeyId, "", true) @@ -145,19 +145,19 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCertWithSameSubjectAndSkid1() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add intermediate certificates - testIntermediateCertificate1 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID1() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PEM) + testIntermediateCertificate1 := utils.IntermediateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PemCert) - testIntermediateCertificate2 := utils.CreateTestIntermediateCertWithSameSubjectAndSKID2() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PEM) + testIntermediateCertificate2 := utils.IntermediateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PemCert) // Add a leaf certificate - testLeafCertificate := utils.CreateTestLeafCertWithSameSubjectAndSKID() - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PEM) + testLeafCertificate := utils.LeafCertWithSameSubjectAndSKID(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PemCert) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) @@ -169,7 +169,7 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { setup, vendorAccAddress, testIntermediateCertificate1.Subject, - testIntermediateCertificate1.SubjectKeyID, + testIntermediateCertificate1.SubjectKeyId, testIntermediateCertificate1.SerialNumber, false) @@ -210,7 +210,7 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { setup, vendorAccAddress, testIntermediateCertificate2.Subject, - testIntermediateCertificate2.SubjectKeyID, + testIntermediateCertificate2.SubjectKeyId, testIntermediateCertificate2.SerialNumber, true) @@ -256,12 +256,12 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // add x509 certificate by first vendor account - intermediateCertificate := utils.CreateTestIntermediateCert() - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PEM) + intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PemCert) // add second vendor account with VID = 1 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) @@ -271,7 +271,7 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { setup, vendorAccAddress2, intermediateCertificate.Subject, - intermediateCertificate.SubjectKeyID, + intermediateCertificate.SubjectKeyId, intermediateCertificate.SerialNumber, false) @@ -319,8 +319,8 @@ func TestHandler_RevokeX509Cert_CertificateDoesNotExistBySerialNumber(t *testing setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add intermediate certificate addIntermediateX509Cert := types.NewMsgAddX509Cert( @@ -348,8 +348,8 @@ func TestHandler_RevokeX509Cert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.CreateTestRootCert() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // revoke x509 root certificate revokeX509Cert := types.NewMsgRevokeX509Cert( @@ -400,8 +400,8 @@ func TestHandler_RevokeX509Cert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.CreateTestRootCertWithVid() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCert) + rootCert := utils.RootCertWithVid(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) diff --git a/x/pki/tests/handler_update_revocation_test.go b/x/pki/tests/handler_update_revocation_test.go index 10a5ecbb0..b307f56ba 100644 --- a/x/pki/tests/handler_update_revocation_test.go +++ b/x/pki/tests/handler_update_revocation_test.go @@ -247,8 +247,8 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NotUniqueDataURLForIssuer( setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) // propose and approve root certificate - rootCertOptions := utils.CreateTestPAACertWithNumericVid() - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, &rootCertOptions) + rootCertOptions := utils.PAACertWithNumericVid(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint1 := createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()) addPkiRevocationDistributionPoint1.Label += "-1" diff --git a/x/pki/tests/utils/certificate_assertions.go b/x/pki/tests/utils/certificate_assertions.go index faa24186d..fcd383b96 100644 --- a/x/pki/tests/utils/certificate_assertions.go +++ b/x/pki/tests/utils/certificate_assertions.go @@ -54,7 +54,7 @@ type ResolvedCertificate struct { func CheckCertificateStateIndexes( t *testing.T, setup *TestSetup, - certificate TestCertificate, + certificate types.Certificate, indexes TestIndexes, ) ResolvedCertificate { t.Helper() @@ -63,9 +63,9 @@ func CheckCertificateStateIndexes( for _, index := range indexes.Present { if index.Key == types.AllCertificatesKeyPrefix { - certificates, _ := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + certificates, _ := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, certificate.Subject, certificates.Subject) - require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Equal(t, certificate.SubjectKeyId, certificates.SubjectKeyId) require.Len(t, certificates.Certs, GetExpectedCount(index)) require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) resolvedCertificate.AllCertificates = certificates @@ -73,19 +73,19 @@ func CheckCertificateStateIndexes( if index.Key == types.AllCertificatesBySubjectKeyPrefix { certificatesBySubject, _ := QueryAllCertificatesBySubject(setup, certificate.Subject) require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) + require.Equal(t, certificate.SubjectKeyId, certificatesBySubject.SubjectKeyIds[0]) resolvedCertificate.AllCertificatesBySubject = certificatesBySubject } if index.Key == types.AllCertificatesBySubjectKeyIDKeyPrefix { - certificateBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + certificateBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyId) require.Len(t, certificateBySubjectKeyID[0].Certs, GetExpectedCount(index)) require.Equal(t, certificate.IsRoot, certificateBySubjectKeyID[0].Certs[0].IsRoot) resolvedCertificate.AllCertificatesBySubjectKeyID = certificateBySubjectKeyID } if index.Key == types.ApprovedCertificatesKeyPrefix { - certificates, _ := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + certificates, _ := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, certificate.Subject, certificates.Subject) - require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Equal(t, certificate.SubjectKeyId, certificates.SubjectKeyId) require.Len(t, certificates.Certs, GetExpectedCount(index)) require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) resolvedCertificate.ApprovedCertificates = certificates @@ -93,58 +93,63 @@ func CheckCertificateStateIndexes( if index.Key == types.ApprovedCertificatesBySubjectKeyPrefix { certificatesBySubject, _ := QueryApprovedCertificatesBySubject(setup, certificate.Subject) require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) + require.Equal(t, certificate.SubjectKeyId, certificatesBySubject.SubjectKeyIds[0]) resolvedCertificate.ApprovedCertificatesBySubject = certificatesBySubject } if index.Key == types.ApprovedCertificatesBySubjectKeyIDKeyPrefix { - approvedCertificatesBySkid, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + approvedCertificatesBySkid, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyId) require.Len(t, approvedCertificatesBySkid, 1) require.Len(t, approvedCertificatesBySkid[0].Certs, GetExpectedCount(index)) require.Equal(t, certificate.IsRoot, approvedCertificatesBySkid[0].Certs[0].IsRoot) resolvedCertificate.ApprovedCertificatesBySubjectKeyID = approvedCertificatesBySkid } if index.Key == types.ApprovedRootCertificatesKeyPrefix { - approvedRootCertificate, _ := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + approvedRootCertificate, _ := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, certificate.Subject, approvedRootCertificate.Subject) - require.Equal(t, certificate.SubjectKeyID, approvedRootCertificate.SubjectKeyId) + require.Equal(t, certificate.SubjectKeyId, approvedRootCertificate.SubjectKeyId) resolvedCertificate.ApprovedRootCertificates = approvedRootCertificate } if index.Key == types.ProposedCertificateKeyPrefix { - proposedCertificate, _ := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) + proposedCertificate, _ := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, certificate.Subject, proposedCertificate.Subject) - require.Equal(t, certificate.SubjectKeyID, proposedCertificate.SubjectKeyId) + require.Equal(t, certificate.SubjectKeyId, proposedCertificate.SubjectKeyId) resolvedCertificate.ProposedCertificate = proposedCertificate } if index.Key == types.RejectedCertificateKeyPrefix { - rejectedCertificate, _ := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + rejectedCertificate, _ := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, certificate.Subject, rejectedCertificate.Subject) - require.Equal(t, certificate.SubjectKeyID, rejectedCertificate.SubjectKeyId) + require.Equal(t, certificate.SubjectKeyId, rejectedCertificate.SubjectKeyId) require.Len(t, rejectedCertificate.Certs, GetExpectedCount(index)) resolvedCertificate.RejectedCertificate = rejectedCertificate } if index.Key == types.ChildCertificatesKeyPrefix { - issuerChildren, _ := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) + issuerChildren, _ := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyId) require.Len(t, issuerChildren.CertIds, GetExpectedCount(index)) certID := types.CertificateIdentifier{ Subject: certificate.Subject, - SubjectKeyId: certificate.SubjectKeyID, + SubjectKeyId: certificate.SubjectKeyId, } require.Equal(t, &certID, issuerChildren.CertIds[0]) resolvedCertificate.ChildCertificates = issuerChildren } if index.Key == types.UniqueCertificateKeyPrefix { - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, certificate.Issuer, certificate.SerialNumber)) + if certificate.IsRoot { + require.True(t, setup.Keeper.IsUniqueCertificatePresent( + setup.Ctx, certificate.Subject, certificate.SerialNumber)) + } else { + require.True(t, setup.Keeper.IsUniqueCertificatePresent( + setup.Ctx, certificate.Issuer, certificate.SerialNumber)) + } } if index.Key == types.NocCertificatesKeyPrefix { - certificates, _ := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + certificates, _ := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, certificate.Subject, certificates.Subject) - require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Equal(t, certificate.SubjectKeyId, certificates.SubjectKeyId) require.Len(t, certificates.Certs, GetExpectedCount(index)) resolvedCertificate.NocCertificates = certificates } if index.Key == types.NocCertificatesBySubjectKeyIDKeyPrefix { - nocCertificatesBySkid, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + nocCertificatesBySkid, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyId) require.Len(t, nocCertificatesBySkid, 1) require.Len(t, nocCertificatesBySkid[0].Certs, GetExpectedCount(index)) require.Equal(t, certificate.IsRoot, nocCertificatesBySkid[0].Certs[0].IsRoot) @@ -153,51 +158,51 @@ func CheckCertificateStateIndexes( if index.Key == types.NocCertificatesBySubjectKeyPrefix { nocCertificatesBySubject, _ := QueryNocCertificatesBySubject(setup, certificate.Subject) require.Len(t, nocCertificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, nocCertificatesBySubject.SubjectKeyIds[0]) + require.Equal(t, certificate.SubjectKeyId, nocCertificatesBySubject.SubjectKeyIds[0]) resolvedCertificate.NocCertificatesBySubject = nocCertificatesBySubject } if index.Key == types.NocCertificatesByVidAndSkidKeyPrefix { - nocCertificatesByVidAndSkid, _ := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) - require.Equal(t, certificate.VID, nocCertificatesByVidAndSkid.Vid) + nocCertificatesByVidAndSkid, _ := QueryNocCertificatesByVidAndSkid(setup, certificate.Vid, certificate.SubjectKeyId) + require.Equal(t, certificate.Vid, nocCertificatesByVidAndSkid.Vid) require.Len(t, nocCertificatesByVidAndSkid.Certs, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, nocCertificatesByVidAndSkid.SubjectKeyId) + require.Equal(t, certificate.SubjectKeyId, nocCertificatesByVidAndSkid.SubjectKeyId) } if index.Key == types.NocRootCertificatesKeyPrefix { - nocRootCertificatesByVid, _ := QueryNocRootCertificatesByVid(setup, certificate.VID) - require.Equal(t, certificate.VID, nocRootCertificatesByVid.Vid) + nocRootCertificatesByVid, _ := QueryNocRootCertificatesByVid(setup, certificate.Vid) + require.Equal(t, certificate.Vid, nocRootCertificatesByVid.Vid) require.Len(t, nocRootCertificatesByVid.Certs, GetExpectedCount(index)) } if index.Key == types.NocIcaCertificatesKeyPrefix { - nocIcaCertificatesBy, _ := QueryNocIcaCertificatesByVid(setup, certificate.VID) - require.Equal(t, certificate.VID, nocIcaCertificatesBy.Vid) + nocIcaCertificatesBy, _ := QueryNocIcaCertificatesByVid(setup, certificate.Vid) + require.Equal(t, certificate.Vid, nocIcaCertificatesBy.Vid) require.Len(t, nocIcaCertificatesBy.Certs, GetExpectedCount(index)) } if index.Key == types.RevokedNocIcaCertificatesKeyPrefix { - revokedNocIcaCertificates, _ := QueryNocRevokedIcaCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + revokedNocIcaCertificates, _ := QueryNocRevokedIcaCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Len(t, revokedNocIcaCertificates.Certs, GetExpectedCount(index)) require.Equal(t, certificate.Subject, revokedNocIcaCertificates.Subject) - require.Equal(t, certificate.SubjectKeyID, revokedNocIcaCertificates.SubjectKeyId) + require.Equal(t, certificate.SubjectKeyId, revokedNocIcaCertificates.SubjectKeyId) resolvedCertificate.RevokedNocIcaCertificates = revokedNocIcaCertificates } if index.Key == types.RevokedNocRootCertificatesKeyPrefix { - revokedNocRootCertificates, _ := QueryNocRevokedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + revokedNocRootCertificates, _ := QueryNocRevokedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Len(t, revokedNocRootCertificates.Certs, GetExpectedCount(index)) require.Equal(t, certificate.Subject, revokedNocRootCertificates.Subject) - require.Equal(t, certificate.SubjectKeyID, revokedNocRootCertificates.SubjectKeyId) + require.Equal(t, certificate.SubjectKeyId, revokedNocRootCertificates.SubjectKeyId) resolvedCertificate.RevokedNocRootCertificates = revokedNocRootCertificates } if index.Key == types.RevokedCertificatesKeyPrefix { - revokedCertificates, _ := QueryRevokedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + revokedCertificates, _ := QueryRevokedCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Len(t, revokedCertificates.Certs, GetExpectedCount(index)) require.Equal(t, certificate.Subject, revokedCertificates.Subject) - require.Equal(t, certificate.SubjectKeyID, revokedCertificates.SubjectKeyId) + require.Equal(t, certificate.SubjectKeyId, revokedCertificates.SubjectKeyId) resolvedCertificate.RevokedCertificates = revokedCertificates } if index.Key == types.ProposedCertificateRevocationKeyPrefix { proposedRevocation, _ := QueryProposedCertificateRevocation( setup, certificate.Subject, - certificate.SubjectKeyID, + certificate.SubjectKeyId, certificate.SerialNumber, ) resolvedCertificate.ProposedRevocation = proposedRevocation @@ -206,7 +211,7 @@ func CheckCertificateStateIndexes( for _, index := range indexes.Missing { if index.Key == types.AllCertificatesKeyPrefix { - _, err := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + _, err := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.AllCertificatesBySubjectKeyPrefix { @@ -214,11 +219,11 @@ func CheckCertificateStateIndexes( require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.AllCertificatesBySubjectKeyIDKeyPrefix { - certificatesBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + certificatesBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyId) require.Empty(t, certificatesBySubjectKeyID) } if index.Key == types.ApprovedCertificatesKeyPrefix { - _, err := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + _, err := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.ApprovedCertificatesBySubjectKeyPrefix { @@ -226,35 +231,40 @@ func CheckCertificateStateIndexes( require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.ApprovedCertificatesBySubjectKeyIDKeyPrefix { - certificatesBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + certificatesBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyId) require.Empty(t, certificatesBySubjectKeyID) } if index.Key == types.ApprovedRootCertificatesKeyPrefix { - _, err := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + _, err := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.ProposedCertificateKeyPrefix { - _, err := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) + _, err := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.RejectedCertificateKeyPrefix { - _, err := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + _, err := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.ChildCertificatesKeyPrefix { - _, err := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) + _, err := QueryChildCertificates(setup, certificate.Issuer, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.UniqueCertificateKeyPrefix { - require.False(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, certificate.Issuer, certificate.SerialNumber)) + if certificate.IsRoot { + require.False(t, setup.Keeper.IsUniqueCertificatePresent( + setup.Ctx, certificate.Subject, certificate.SerialNumber)) + } else { + require.False(t, setup.Keeper.IsUniqueCertificatePresent( + setup.Ctx, certificate.Issuer, certificate.SerialNumber)) + } } if index.Key == types.NocCertificatesKeyPrefix { - _, err := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + _, err := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.NocCertificatesBySubjectKeyIDKeyPrefix { - certificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + certificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyId) require.Empty(t, certificatesBySubjectKeyID) } if index.Key == types.NocCertificatesBySubjectKeyPrefix { @@ -262,34 +272,34 @@ func CheckCertificateStateIndexes( require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.NocCertificatesByVidAndSkidKeyPrefix { - _, err := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) + _, err := QueryNocCertificatesByVidAndSkid(setup, certificate.Vid, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.NocRootCertificatesKeyPrefix { - _, err := QueryNocRootCertificatesByVid(setup, certificate.VID) + _, err := QueryNocRootCertificatesByVid(setup, certificate.Vid) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.NocIcaCertificatesKeyPrefix { - _, err := QueryNocIcaCertificatesByVid(setup, certificate.VID) + _, err := QueryNocIcaCertificatesByVid(setup, certificate.Vid) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.RevokedNocIcaCertificatesKeyPrefix { - _, err := QueryNocRevokedIcaCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + _, err := QueryNocRevokedIcaCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.RevokedNocRootCertificatesKeyPrefix { - _, err := QueryNocRevokedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + _, err := QueryNocRevokedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.RevokedCertificatesKeyPrefix { - _, err := QueryRevokedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + _, err := QueryRevokedCertificates(setup, certificate.Subject, certificate.SubjectKeyId) require.Equal(t, codes.NotFound, status.Code(err)) } if index.Key == types.ProposedCertificateRevocationKeyPrefix { _, err := QueryProposedCertificateRevocation( setup, certificate.Subject, - certificate.SubjectKeyID, + certificate.SubjectKeyId, certificate.SerialNumber, ) require.Equal(t, codes.NotFound, status.Code(err)) diff --git a/x/pki/tests/utils/certificate_helpers.go b/x/pki/tests/utils/certificate_helpers.go index 802bafd38..fbcea90f0 100644 --- a/x/pki/tests/utils/certificate_helpers.go +++ b/x/pki/tests/utils/certificate_helpers.go @@ -30,19 +30,19 @@ func ProposeAndApproveRootCertificateByOptions( func ProposeAndApproveRootCertificate( setup *TestSetup, ownerTrustee sdk.AccAddress, - certificate *TestCertificate, + certificate types.Certificate, ) { // ensure that `ownerTrustee` is trustee to eventually have enough approvals require.True(setup.T, setup.DclauthKeeper.HasRole(setup.Ctx, ownerTrustee, types.RootCertificateApprovalRole)) // propose x509 root certificate by `ownerTrustee` - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(ownerTrustee.String(), certificate.PEM, testconstants.Info, certificate.VID, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(ownerTrustee.String(), certificate.PemCert, testconstants.Info, certificate.Vid, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(setup.T, err) // approve x509 root certificate by another trustee approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), certificate.Subject, certificate.SubjectKeyID, testconstants.Info) + setup.Trustee2.String(), certificate.Subject, certificate.SubjectKeyId, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(setup.T, err) } diff --git a/x/pki/tests/utils/data.go b/x/pki/tests/utils/data.go index 33fc0497d..c4f29da64 100644 --- a/x/pki/tests/utils/data.go +++ b/x/pki/tests/utils/data.go @@ -69,288 +69,301 @@ func RootCertificate(address sdk.AccAddress) types.Certificate { ) } -func IntermediateCertificateNoVid(address sdk.AccAddress) types.Certificate { - return types.NewNonRootCertificate( - testconstants.IntermediateCertPem, - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectAsText, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, - testconstants.IntermediateIssuer, - testconstants.IntermediateAuthorityKeyID, - testconstants.RootSubject, - testconstants.RootSubjectKeyID, +func RootCertWithVid(address sdk.AccAddress) types.Certificate { + return types.NewRootCertificate( + testconstants.RootCertWithVid, + testconstants.RootCertWithVidSubject, + testconstants.RootCertWithVidSubjectSubjectAsText, + testconstants.RootCertWithVidSubjectKeyID, + testconstants.RootCertWithVidSerialNumber, address.String(), - 0, + []*types.Grant{}, + []*types.Grant{}, + testconstants.RootCertWithVidVid, testconstants.SchemaVersion, ) } -func NocIntermediateCertificate(address sdk.AccAddress) types.Certificate { - return types.NewNocCertificate( - testconstants.NocCert1, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectAsText, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, +func PAACertWithNumericVid(address sdk.AccAddress) types.Certificate { + return types.NewRootCertificate( + testconstants.PAACertWithNumericVid, + testconstants.PAACertWithNumericVidSubject, + testconstants.PAACertWithNumericVidSubjectAsText, + testconstants.PAACertWithNumericVidSubjectKeyID, + testconstants.PAACertWithNumericVidSerialNumber, address.String(), - testconstants.Vid, + []*types.Grant{}, + []*types.Grant{}, + testconstants.PAACertWithNumericVidVid, testconstants.SchemaVersion, ) } -func CreateTestRootCert() TestCertificate { - return TestCertificate{ - PEM: testconstants.RootCertPem, - Subject: testconstants.RootSubject, - SubjectKeyID: testconstants.RootSubjectKeyID, - SerialNumber: testconstants.RootSerialNumber, - Issuer: testconstants.RootIssuer, - AuthorityKeyID: testconstants.RootSubjectKeyID, - VID: testconstants.Vid, - IsRoot: true, - } -} - -func CreateTestRootCertWithVid() TestCertificate { - return TestCertificate{ - PEM: testconstants.RootCertWithVid, - Subject: testconstants.RootCertWithVidSubject, - SubjectKeyID: testconstants.RootCertWithVidSubjectKeyID, - SerialNumber: testconstants.RootCertWithVidSerialNumber, - Issuer: testconstants.RootCertWithVidSubject, - AuthorityKeyID: testconstants.RootCertWithVidSubjectKeyID, - VID: testconstants.RootCertWithVidVid, - IsRoot: true, - } -} - -func CreateTestPAACertWithNumericVid() TestCertificate { - return TestCertificate{ - PEM: testconstants.PAACertWithNumericVid, - Subject: testconstants.PAACertWithNumericVidSubject, - SubjectKeyID: testconstants.PAACertWithNumericVidSubjectKeyID, - SerialNumber: testconstants.PAACertWithNumericVidSerialNumber, - Issuer: testconstants.PAACertWithNumericVidSubject, - AuthorityKeyID: testconstants.PAACertWithNumericVidSubjectKeyID, - VID: testconstants.PAACertWithNumericVidVid, - IsRoot: true, - } -} - -func CreateTestRootCertWithSameSubject() TestCertificate { - return TestCertificate{ - PEM: testconstants.PAACertWithSameSubjectID1, - Subject: testconstants.PAACertWithSameSubjectID1Subject, - SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, - SerialNumber: testconstants.PAACertWithSameSubjectSerialNumber, - Issuer: testconstants.PAACertWithSameSubjectIssuer, - VID: testconstants.Vid, - IsRoot: true, - } +func PAACertWithSameSubjectID1(address sdk.AccAddress) types.Certificate { + return types.NewRootCertificate( + testconstants.PAACertWithSameSubjectID1, + testconstants.PAACertWithSameSubjectID1Subject, + testconstants.PAACertWithSameSubjectID1SubjectAsText, + testconstants.PAACertWithSameSubjectIDSubjectID, + testconstants.PAACertWithSameSubjectSerialNumber, + address.String(), + []*types.Grant{}, + []*types.Grant{}, + testconstants.Vid, + testconstants.SchemaVersion, + ) } -func CreateTestRootCertWithSameSubject2() TestCertificate { - return TestCertificate{ - PEM: testconstants.PAACertWithSameSubjectID2, - Subject: testconstants.PAACertWithSameSubjectID2Subject, - SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, - SerialNumber: testconstants.PAACertWithSameSubject2SerialNumber, - Issuer: testconstants.PAACertWithSameSubject2Issuer, - VID: testconstants.Vid, - IsRoot: true, - } +func PAACertWithSameSubjectID2(address sdk.AccAddress) types.Certificate { + return types.NewRootCertificate( + testconstants.PAACertWithSameSubjectID2, + testconstants.PAACertWithSameSubjectID2Subject, + testconstants.PAACertWithSameSubjectID1SubjectAsText, + testconstants.PAACertWithSameSubjectIDSubjectID, + testconstants.PAACertWithSameSubject2SerialNumber, + address.String(), + []*types.Grant{}, + []*types.Grant{}, + testconstants.Vid, + testconstants.SchemaVersion, + ) } -func CreateTestRootCertWithSameSubjectAndSkid1() TestCertificate { - return TestCertificate{ - PEM: testconstants.RootCertWithSameSubjectAndSKID1, - Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - SerialNumber: testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, - Issuer: testconstants.RootCertWithSameSubjectAndSKID1Issuer, - AuthorityKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubject, - VID: testconstants.RootCertWithVidVid, - IsRoot: true, - } +func RootCertWithSameSubjectAndSKID1(address sdk.AccAddress) types.Certificate { + return types.NewRootCertificate( + testconstants.RootCertWithSameSubjectAndSKID1, + testconstants.RootCertWithSameSubjectAndSKIDSubject, + testconstants.RootCertWithSameSubjectAndSKIDSubjectAsText, + testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, + address.String(), + []*types.Grant{}, + []*types.Grant{}, + testconstants.RootCertWithVidVid, + testconstants.SchemaVersion, + ) } -func CreateTestRootCertWithSameSubjectAndSkid2() TestCertificate { - return TestCertificate{ - PEM: testconstants.RootCertWithSameSubjectAndSKID2, - Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - SerialNumber: testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, - Issuer: testconstants.RootCertWithSameSubjectAndSKID2Issuer, - AuthorityKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubject, - IsRoot: true, - } +func RootCertWithSameSubjectAndSKID2(address sdk.AccAddress) types.Certificate { + return types.NewRootCertificate( + testconstants.RootCertWithSameSubjectAndSKID2, + testconstants.RootCertWithSameSubjectAndSKIDSubject, + testconstants.RootCertWithSameSubjectAndSKIDSubjectAsText, + testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, + testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, + address.String(), + []*types.Grant{}, + []*types.Grant{}, + testconstants.RootCertWithVidVid, + testconstants.SchemaVersion, + ) } -func CreateTestIntermediateCert() TestCertificate { - return TestCertificate{ - PEM: testconstants.IntermediateCertPem, - Subject: testconstants.IntermediateSubject, - SubjectKeyID: testconstants.IntermediateSubjectKeyID, - SerialNumber: testconstants.IntermediateSerialNumber, - Issuer: testconstants.IntermediateIssuer, - AuthorityKeyID: testconstants.IntermediateAuthorityKeyID, - IsRoot: false, - } +func IntermediateCertPem(address sdk.AccAddress) types.Certificate { + return types.NewNonRootCertificate( + testconstants.IntermediateCertPem, + testconstants.IntermediateSubject, + testconstants.IntermediateSubjectAsText, + testconstants.IntermediateSubjectKeyID, + testconstants.IntermediateSerialNumber, + testconstants.IntermediateIssuer, + testconstants.IntermediateAuthorityKeyID, + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + address.String(), + 0, + testconstants.SchemaVersion, + ) } -func CreateTestIntermediateVidScopedCert() TestCertificate { - return TestCertificate{ - PEM: testconstants.PAICertWithNumericPidVid, - Subject: testconstants.PAICertWithNumericPidVidSubject, - SubjectKeyID: testconstants.PAICertWithNumericPidVidSubjectKeyID, - SerialNumber: testconstants.PAICertWithNumericPidVidSerialNumber, - Issuer: testconstants.PAACertWithNumericVidSubject, - AuthorityKeyID: testconstants.PAACertWithNumericVidSubjectKeyID, - IsRoot: false, - } +func PAICertWithNumericPidVid(address sdk.AccAddress) types.Certificate { + return types.NewNonRootCertificate( + testconstants.PAICertWithNumericPidVid, + testconstants.PAICertWithNumericPidVidSubject, + testconstants.PAICertWithNumericPidVidSubjectAsText, + testconstants.PAICertWithNumericPidVidSubjectKeyID, + testconstants.PAICertWithNumericPidVidSerialNumber, + testconstants.PAACertWithNumericVidSubject, + testconstants.PAACertWithNumericVidSubjectKeyID, + testconstants.PAACertWithNumericVidSubject, + testconstants.PAACertWithNumericVidSubjectKeyID, + address.String(), + 0, + testconstants.SchemaVersion, + ) } -func CreateTestIntermediateCertWithSameSubjectAndSKID1() TestCertificate { - return TestCertificate{ - PEM: testconstants.IntermediateWithSameSubjectAndSKID1, - Subject: testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - SerialNumber: testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, - Issuer: testconstants.IntermediateCertWithSameSubjectIssuer, - AuthorityKeyID: testconstants.IntermediateCertWithSameSubjectAuthorityKeyID, - VID: testconstants.RootCertWithVidVid, - IsRoot: false, - } +func IntermediateWithSameSubjectAndSKID1(address sdk.AccAddress) types.Certificate { + return types.NewNonRootCertificate( + testconstants.IntermediateWithSameSubjectAndSKID1, + testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, + testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectAsText, + testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, + testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, + testconstants.IntermediateCertWithSameSubjectIssuer, + testconstants.IntermediateCertWithSameSubjectAuthorityKeyID, + testconstants.IntermediateCertWithSameSubjectIssuer, + testconstants.IntermediateCertWithSameSubjectAuthorityKeyID, + address.String(), + testconstants.RootCertWithVidVid, + testconstants.SchemaVersion, + ) } -func CreateTestIntermediateCertWithSameSubjectAndSKID2() TestCertificate { - return TestCertificate{ - PEM: testconstants.IntermediateWithSameSubjectAndSKID2, - Subject: testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, - SerialNumber: testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, - Issuer: testconstants.IntermediateCertWithSameSubjectIssuer, - AuthorityKeyID: testconstants.IntermediateCertWithSameSubjectAuthorityKeyID, - IsRoot: false, - } +func IntermediateWithSameSubjectAndSKID2(address sdk.AccAddress) types.Certificate { + return types.NewNonRootCertificate( + testconstants.IntermediateWithSameSubjectAndSKID2, + testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, + testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectAsText, + testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, + testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, + testconstants.IntermediateCertWithSameSubjectIssuer, + testconstants.IntermediateCertWithSameSubjectAuthorityKeyID, + testconstants.IntermediateCertWithSameSubjectIssuer, + testconstants.IntermediateCertWithSameSubjectAuthorityKeyID, + address.String(), + testconstants.RootCertWithVidVid, + testconstants.SchemaVersion, + ) } -func CreateTestLeafCertWithSameSubjectAndSKID() TestCertificate { - return TestCertificate{ - PEM: testconstants.LeafCertWithSameSubjectAndSKID, - Subject: testconstants.LeafCertWithSameSubjectAndSKIDSubject, - SubjectKeyID: testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID, - SerialNumber: testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, - Issuer: testconstants.LeafCertWithSameSubjectIssuer, - AuthorityKeyID: testconstants.LeafCertWithSameSubjectAuthorityKeyID, - IsRoot: false, - } +func LeafCertWithSameSubjectAndSKID(address sdk.AccAddress) types.Certificate { + return types.NewNonRootCertificate( + testconstants.LeafCertWithSameSubjectAndSKID, + testconstants.LeafCertWithSameSubjectAndSKIDSubject, + testconstants.LeafCertWithSameSubjectAndSKIDSubjectAsText, + testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID, + testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, + testconstants.LeafCertWithSameSubjectIssuer, + testconstants.LeafCertWithSameSubjectAuthorityKeyID, + testconstants.IntermediateCertWithSameSubjectIssuer, + testconstants.IntermediateCertWithSameSubjectAuthorityKeyID, + address.String(), + testconstants.RootCertWithVidVid, + testconstants.SchemaVersion, + ) } -func CreateTestLeafCert() TestCertificate { - return TestCertificate{ - PEM: testconstants.LeafCertPem, - Subject: testconstants.LeafSubject, - SubjectKeyID: testconstants.LeafSubjectKeyID, - SerialNumber: testconstants.LeafSerialNumber, - Issuer: testconstants.LeafIssuer, - AuthorityKeyID: testconstants.LeafAuthorityKeyID, - IsRoot: false, - } +func LeafCertPem(address sdk.AccAddress) types.Certificate { + return types.NewNonRootCertificate( + testconstants.LeafCertPem, + testconstants.LeafSubject, + testconstants.LeafSubjectAsText, + testconstants.LeafSubjectKeyID, + testconstants.LeafSerialNumber, + testconstants.LeafIssuer, + testconstants.LeafAuthorityKeyID, + testconstants.IntermediateIssuer, + testconstants.IntermediateAuthorityKeyID, + address.String(), + 0, + testconstants.SchemaVersion, + ) } -func CreateTestNocRoot1Cert() TestCertificate { - return TestCertificate{ - PEM: testconstants.NocRootCert1, - Subject: testconstants.NocRootCert1Subject, - SubjectKeyID: testconstants.NocRootCert1SubjectKeyID, - SerialNumber: testconstants.NocRootCert1SerialNumber, - Issuer: testconstants.NocRootCert1Issuer, - AuthorityKeyID: testconstants.NocRootCert1SubjectKeyID, - VID: testconstants.Vid, - IsRoot: true, - } +func NocRootCert1(address sdk.AccAddress) types.Certificate { + return types.NewNocRootCertificate( + testconstants.NocRootCert1, + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectAsText, + testconstants.NocRootCert1SubjectKeyID, + testconstants.NocRootCert1SerialNumber, + address.String(), + testconstants.Vid, + testconstants.SchemaVersion, + ) } -func CreateTestNocRoot2Cert() TestCertificate { - return TestCertificate{ - PEM: testconstants.NocRootCert1Copy, - Subject: testconstants.NocRootCert1CopySubject, - SubjectKeyID: testconstants.NocRootCert1CopySubjectKeyID, - SerialNumber: testconstants.NocRootCert1CopySerialNumber, - Issuer: testconstants.NocRootCert1CopyIssuer, - AuthorityKeyID: testconstants.NocRootCert1CopySubjectKeyID, - VID: testconstants.Vid, - IsRoot: true, - } +func NocRootCert1Copy(address sdk.AccAddress) types.Certificate { + return types.NewNocRootCertificate( + testconstants.NocRootCert1Copy, + testconstants.NocRootCert1CopySubject, + testconstants.NocRootCert1CopySubjectAsText, + testconstants.NocRootCert1CopySubjectKeyID, + testconstants.NocRootCert1CopySerialNumber, + address.String(), + testconstants.Vid, + testconstants.SchemaVersion, + ) } -func CreateTestNoc2RootCert() TestCertificate { - return TestCertificate{ - PEM: testconstants.NocRootCert2, - Subject: testconstants.NocRootCert2Subject, - SubjectKeyID: testconstants.NocRootCert2SubjectKeyID, - SerialNumber: testconstants.NocRootCert2SerialNumber, - Issuer: testconstants.NocRootCert2Subject, - AuthorityKeyID: testconstants.NocRootCert2SubjectKeyID, - VID: testconstants.Vid, - IsRoot: true, - } +func NocRootCert2(address sdk.AccAddress) types.Certificate { + return types.NewNocRootCertificate( + testconstants.NocRootCert2, + testconstants.NocRootCert2Subject, + testconstants.NocRootCert2SubjectAsText, + testconstants.NocRootCert2SubjectKeyID, + testconstants.NocRootCert2SerialNumber, + address.String(), + testconstants.Vid, + testconstants.SchemaVersion, + ) } -func CreateTestNocIca1Cert() TestCertificate { - return TestCertificate{ - PEM: testconstants.NocCert1, - Subject: testconstants.NocCert1Subject, - SubjectKeyID: testconstants.NocCert1SubjectKeyID, - SerialNumber: testconstants.NocCert1SerialNumber, - Issuer: testconstants.NocCert1Issuer, - AuthorityKeyID: testconstants.NocCert1AuthorityKeyID, - VID: testconstants.Vid, - IsRoot: false, - } +func NocCertIca1(address sdk.AccAddress) types.Certificate { + return types.NewNocCertificate( + testconstants.NocCert1, + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectAsText, + testconstants.NocCert1SubjectKeyID, + testconstants.NocCert1SerialNumber, + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + address.String(), + testconstants.Vid, + testconstants.SchemaVersion, + ) } -func CreateTestNocIca1CertCopy() TestCertificate { - return TestCertificate{ - PEM: testconstants.NocCert1Copy, - Subject: testconstants.NocCert1CopySubject, - SubjectKeyID: testconstants.NocCert1CopySubjectKeyID, - SerialNumber: testconstants.NocCert1CopySerialNumber, - Issuer: testconstants.NocCert1CopyIssuer, - AuthorityKeyID: testconstants.NocCert1CopyAuthorityKeyID, - VID: testconstants.Vid, - IsRoot: false, - } +func NocCert1Copy(address sdk.AccAddress) types.Certificate { + return types.NewNocCertificate( + testconstants.NocCert1Copy, + testconstants.NocCert1CopySubject, + testconstants.NocCert1CopySubjectAsText, + testconstants.NocCert1CopySubjectKeyID, + testconstants.NocCert1CopySerialNumber, + testconstants.NocRootCert1CopySubject, + testconstants.NocRootCert1CopySubjectKeyID, + testconstants.NocRootCert1CopySubject, + testconstants.NocRootCert1CopySubjectKeyID, + address.String(), + testconstants.Vid, + testconstants.SchemaVersion, + ) } -func CreateTestNocIca2Cert() TestCertificate { - return TestCertificate{ - PEM: testconstants.NocCert2, - Subject: testconstants.NocCert2Subject, - SubjectKeyID: testconstants.NocCert2SubjectKeyID, - SerialNumber: testconstants.NocCert2SerialNumber, - Issuer: testconstants.NocCert2Issuer, - AuthorityKeyID: testconstants.NocCert2AuthorityKeyID, - VID: testconstants.Vid, - IsRoot: false, - } +func NocCert2(address sdk.AccAddress) types.Certificate { + return types.NewNocCertificate( + testconstants.NocCert2, + testconstants.NocCert2Subject, + testconstants.NocCert2SubjectAsText, + testconstants.NocCert2SubjectKeyID, + testconstants.NocCert2SerialNumber, + testconstants.NocRootCert2Subject, + testconstants.NocRootCert2SubjectKeyID, + testconstants.NocRootCert2Subject, + testconstants.NocRootCert2SubjectKeyID, + address.String(), + testconstants.Vid, + testconstants.SchemaVersion, + ) } -func CreateTestNocLeafCert() TestCertificate { - return TestCertificate{ - PEM: testconstants.NocLeafCert1, - Subject: testconstants.NocLeafCert1Subject, - SubjectKeyID: testconstants.NocLeafCert1SubjectKeyID, - SerialNumber: testconstants.NocLeafCert1SerialNumber, - Issuer: testconstants.NocLeafCert1Issuer, - AuthorityKeyID: testconstants.NocLeafCert1AuthorityKeyID, - VID: testconstants.Vid, - IsRoot: false, - } +func NocLeafCert1(address sdk.AccAddress) types.Certificate { + return types.NewNocCertificate( + testconstants.NocLeafCert1, + testconstants.NocLeafCert1Subject, + testconstants.NocLeafCert1SubjectAsText, + testconstants.NocLeafCert1SubjectKeyID, + testconstants.NocLeafCert1SerialNumber, + testconstants.NocLeafCert1Issuer, + testconstants.NocLeafCert1AuthorityKeyID, + testconstants.NocRootCert2Subject, + testconstants.NocRootCert2SubjectKeyID, + address.String(), + testconstants.Vid, + testconstants.SchemaVersion, + ) } From 42b837ea0df93dc1451738db7e2897c4d39c442a Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Wed, 4 Dec 2024 19:21:17 +0300 Subject: [PATCH 08/11] Refactoring PKI unit tests --- integration_tests/constants/constants.go | 2 +- x/pki/tests/handler_add_noc_ica_cert_test.go | 28 ++++--- x/pki/tests/handler_add_noc_root_cert_test.go | 12 +-- x/pki/tests/handler_add_paa_cert_test.go | 63 +++++++------- x/pki/tests/handler_add_pai_cert_test.go | 83 ++++++++++--------- x/pki/tests/handler_add_revocation_test.go | 2 +- x/pki/tests/handler_assign_vid_test.go | 10 +-- x/pki/tests/handler_delete_revocation_test.go | 2 +- .../tests/handler_remove_noc_ica_cert_test.go | 82 +++++++++--------- .../handler_remove_noc_root_cert_test.go | 73 ++++++++-------- x/pki/tests/handler_remove_pai_cert_test.go | 69 +++++++-------- .../tests/handler_revoke_noc_ica_cert_test.go | 68 ++++++++------- .../handler_revoke_noc_root_cert_test.go | 52 ++++++------ x/pki/tests/handler_revoke_paa_cert_test.go | 42 +++++----- x/pki/tests/handler_revoke_pai_cert_test.go | 44 +++++----- x/pki/tests/handler_update_revocation_test.go | 2 +- x/pki/tests/utils/certificate_helpers.go | 28 +++---- x/pki/tests/utils/data.go | 44 +++++----- 18 files changed, 358 insertions(+), 348 deletions(-) diff --git a/integration_tests/constants/constants.go b/integration_tests/constants/constants.go index 50f5fb0e4..627359599 100644 --- a/integration_tests/constants/constants.go +++ b/integration_tests/constants/constants.go @@ -760,7 +760,7 @@ eujhLsD51w== PAACertWithSameSubjectID1Subject = "MFoxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxCzAJBgNVBAsMAkRDMQ8wDQYDVQQDDAZNQVRURVI=" PAACertWithSameSubjectID1SubjectAsText = "C=UZ,ST=TSH,L=TASHKENT,O=DSR,OU=DC,CN=MATTER" PAACertWithSameSubjectID2Subject = "MGAxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxEDAOBgNVBAsMB01BVFRFUjIxEDAOBgNVBAMMB01BVFRFUjI=" - PAACertWithSameSubjectIDSubjectID = "7F:C5:4C:61:A7:2A:40:02:DA:B3:73:FB:A8:A0:AC:42:2C:44:77:05" + PAACertWithSameSubjectIDSubjectKeyID = "7F:C5:4C:61:A7:2A:40:02:DA:B3:73:FB:A8:A0:AC:42:2C:44:77:05" PAACertWithSameSubjectIssuer = "MFoxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxCzAJBgNVBAsMAkRDMQ8wDQYDVQQDDAZNQVRURVI=" PAACertWithSameSubjectSerialNumber = "52395954309929518473720319596322683729415766451" PAACertWithSameSubject2Issuer = "MGAxCzAJBgNVBAYTAlVaMQwwCgYDVQQIDANUU0gxETAPBgNVBAcMCFRBU0hLRU5UMQwwCgYDVQQKDANEU1IxEDAOBgNVBAsMB01BVFRFUjIxEDAOBgNVBAMMB01BVFRFUjI=" diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 042c1b428..1bea55baf 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -19,12 +19,12 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add NOC ICA certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // Check state indexes indexes := utils.TestIndexes{ @@ -58,17 +58,17 @@ func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // Store the NOC certificate with different serial number - intermediateCertificate := utils.NocCertIca1(setup.Vendor1) + intermediateCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) intermediateCertificate.SerialNumber = testconstants.TestSerialNumber - utils.AddMokedNocCertificate(setup, intermediateCertificate, false) + utils.AddMokedNocCertificate(setup, intermediateCertificate) // add the new NOC certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // Check state indexes indexes := utils.TestIndexes{ @@ -111,7 +111,8 @@ func TestHandler_AddNocX509Cert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) newAccAddress := setup.CreateVendorAccount(1111) @@ -144,7 +145,7 @@ func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) { // store root certificate - rootCert := utils.RootCertWithVid(setup.Trustee1) + rootCert := utils.RootDaCertificateWithVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // try to add root certificate x509 certificate @@ -277,7 +278,8 @@ func TestHandler_AddNocX509Cert_CertificateExist(t *testing.T) { setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(accAddress) + utils.AddNocRootCertificate(setup, rootCertificate) // add the existing certificate setup.Keeper.AddAllCertificate(setup.Ctx, *tc.existingCert) diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index 2269d217f..a19d7ffd4 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -18,8 +18,8 @@ func TestHandler_AddNocRootCert(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // Check state indexes indexes := utils.TestIndexes{ @@ -52,12 +52,12 @@ func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *test setup := utils.Setup(t) // Store the NOC root certificate - rootCertificate1 := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PemCert) + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) // add the new NOC root certificate - rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) // Check state indexes indexes := utils.TestIndexes{ diff --git a/x/pki/tests/handler_add_paa_cert_test.go b/x/pki/tests/handler_add_paa_cert_test.go index de27df772..dc7e221d1 100644 --- a/x/pki/tests/handler_add_paa_cert_test.go +++ b/x/pki/tests/handler_add_paa_cert_test.go @@ -20,10 +20,9 @@ import ( func TestHandler_ProposeAddDaRootCert(t *testing.T) { setup := utils.Setup(t) - rootCertificate := utils.RootCertificate(setup.Trustee1) - // propose DA root certificate - proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, rootCertificate) // Check state indexes indexes := utils.TestIndexes{ @@ -53,8 +52,8 @@ func TestHandler_AddDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose add x509 root certificate by trustee - rootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) // approve by second trustee utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) @@ -83,8 +82,8 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by account without trustee role - rootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) // Create an array of trustee account from 1 to 50 trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() @@ -160,8 +159,8 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account Trustee1 - rootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) // approve x509 root certificate by account Trustee2 utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) @@ -220,13 +219,13 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) // store root certificate with different serial number - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) rootCertificate.SerialNumber = utils.SerialNumber - utils.AddMokedDaCertificate(setup, rootCertificate, true) + utils.AddMokedDaCertificate(setup, rootCertificate) // propose second root certificate - testRootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, testRootCertificate.PemCert) + testRootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, testRootCertificate) // Check state indexes indexes := utils.TestIndexes{ @@ -255,11 +254,11 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T setup := utils.Setup(t) // add Certificate1 - testRootCertificate := utils.PAACertWithSameSubjectID1(setup.Trustee1) + testRootCertificate := utils.RootDaCertWithSameSubjectKeyID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) // add Certificate2 - testRootCertificate2 := utils.PAACertWithSameSubjectID2(setup.Trustee1) + testRootCertificate2 := utils.RootDaCertificateWithSameSubjectKeyID2(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate2) // Check indexes by subject + subject key id @@ -301,8 +300,8 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by account Trustee1 - testRootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, testRootCertificate.PemCert) + testRootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, testRootCertificate) // reject x509 root certificate by account Trustee2 utils.RejectDaRootCertificate(setup, setup.Trustee2, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) @@ -369,8 +368,8 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * setup := utils.Setup(t) // propose add x509 root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Trustee, @@ -404,8 +403,8 @@ func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t * setup := utils.Setup(t) // propose add x509 root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Trustee, @@ -450,8 +449,8 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account Trustee1 - rootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) // reject x509 root certificate by account Trustee2 utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) @@ -502,8 +501,8 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByTrustee(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) // reject x509 root certificate utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyId) @@ -531,8 +530,8 @@ func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) setup := utils.Setup(t) // propose x509 root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) // reject x509 root certificate utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) @@ -564,8 +563,8 @@ func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testin setup.CreateTrusteeAccount(1) // propose x509 root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, setup.Trustee1, rootCertificate.PemCert) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) // approve utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) @@ -660,7 +659,7 @@ func TestHandler_ProposeAddX509RootCert_CertificateAlreadyExists(t *testing.T) { setup := utils.Setup(t) // store x509 root certificate - rootCertificate := utils.RootCertificate(testconstants.Address1) + rootCertificate := utils.RootDaCertificate(testconstants.Address1) setup.Keeper.SetUniqueCertificate( setup.Ctx, utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), @@ -678,7 +677,7 @@ func TestHandler_ProposeAddX509RootCert_ForNocCertificate(t *testing.T) { setup := utils.Setup(t) // Store the NOC root certificate - nocRootCertificate := utils.RootCertificate(setup.Vendor1) + nocRootCertificate := utils.RootDaCertificate(setup.Vendor1) nocRootCertificate.SerialNumber = testconstants.TestSerialNumber nocRootCertificate.CertificateType = types.CertificateType_OperationalPKI nocRootCertificate.Approvals = nil @@ -704,7 +703,7 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumberDifferentSigner( setup := utils.Setup(t) // store root certificate with different serial number - rootCertificate := utils.RootCertificate(testconstants.Address1) + rootCertificate := utils.RootDaCertificate(testconstants.Address1) rootCertificate.SerialNumber = utils.SerialNumber setup.Keeper.SetUniqueCertificate( setup.Ctx, diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index b4219fa8f..68f44a7ab 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -20,12 +20,12 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add DA root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // add DA PAI certificate - testIntermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PemCert) + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) // Check state indexes indexes := utils.TestIndexes{ @@ -56,12 +56,12 @@ func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // store root certificate - testRootCertificate := utils.PAACertWithNumericVid(setup.Trustee1) + testRootCertificate := utils.RootDaCertificateWithNumericVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) // add intermediate certificate - testIntermediateCertificate := utils.PAICertWithNumericPidVid(accAddress) - utils.AddDaIntermediateCertificate(setup, accAddress, testIntermediateCertificate.PemCert) + testIntermediateCertificate := utils.IntermediateDaCertificateWithNumericPidVid(accAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) // Check state indexes indexes := utils.TestIndexes{ @@ -88,17 +88,17 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( setup := utils.Setup(t) // store root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // store intermediate certificate with different serial number - intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) intermediateCertificate.SerialNumber = utils.SerialNumber - utils.AddMokedDaCertificate(setup, intermediateCertificate, false) + utils.AddMokedDaCertificate(setup, intermediateCertificate) // store intermediate certificate second time - testIntermediateCertificate1 := utils.IntermediateCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate1.PemCert) + testIntermediateCertificate1 := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) // query All approved certificate allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) @@ -145,16 +145,16 @@ func TestHandler_AddDaCert_ForTree(t *testing.T) { setup := utils.Setup(t) // add root x509 certificate - testRootCertificate := utils.RootCertificate(setup.Trustee1) + testRootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) // add intermediate x509 certificate - testIntermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PemCert) + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) // add leaf x509 certificate - testLeafCertificate := utils.LeafCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testLeafCertificate.PemCert) + testLeafCertificate := utils.LeafCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testLeafCertificate) // Check indexes for root indexes := utils.TestIndexes{ @@ -199,24 +199,25 @@ func TestHandler_AddX509Cert_EachChildCertRefersToTwoParentCerts(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.RootCertificate(setup.Trustee1) - utils.AddMokedDaCertificate(setup, rootCert, true) + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.AddMokedDaCertificate(setup, rootCert) // store second root certificate - rootCert = utils.RootCertificate(setup.Trustee1) + rootCert = utils.RootDaCertificate(setup.Trustee1) rootCert.SerialNumber = utils.SerialNumber - utils.AddMokedDaCertificate(setup, rootCert, true) + utils.AddMokedDaCertificate(setup, rootCert) // store intermediate certificate (it refers to two parent certificates) - intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) intermediateCertificate.SerialNumber = utils.SerialNumber - utils.AddMokedDaCertificate(setup, intermediateCertificate, true) + utils.AddMokedDaCertificate(setup, intermediateCertificate) // store second intermediate certificate (it refers to two parent certificates) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.IntermediateCertPem) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) // store leaf certificate (it refers to two parent certificates) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testconstants.LeafCertPem) + leafCertificate := utils.LeafCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, leafCertificate) // query root certificate rootCertificates, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) @@ -263,17 +264,17 @@ func TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) // store root certificate - testRootCertificate := utils.RootCertificate(setup.Trustee1) + testRootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) // Store an intermediate certificate with the first vendor account as the owner - intermediateCertificate := utils.IntermediateCertPem(vendorAccAddress1) + intermediateCertificate := utils.IntermediateDaCertificate(vendorAccAddress1) intermediateCertificate.SerialNumber = utils.SerialNumber - utils.AddMokedDaCertificate(setup, intermediateCertificate, false) + utils.AddMokedDaCertificate(setup, intermediateCertificate) // add an intermediate certificate with the same subject and SKID by second vendor account - testIntermediateCertificate := utils.IntermediateCertPem(vendorAccAddress2) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress2, testIntermediateCertificate.PemCert) + testIntermediateCertificate := utils.IntermediateDaCertificate(vendorAccAddress2) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) // Check state indexes indexes := utils.TestIndexes{ @@ -302,12 +303,12 @@ func TestHandler_AddX509Cert_VIDScopedRoot(t *testing.T) { accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // store root certificate - rootCert := utils.PAACertWithNumericVid(setup.Trustee1) + rootCert := utils.RootDaCertificateWithNumericVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // add x509 certificate - testIntermediateCertificate := utils.PAICertWithNumericPidVid(accAddress) - utils.AddDaIntermediateCertificate(setup, accAddress, testIntermediateCertificate.PemCert) + testIntermediateCertificate := utils.IntermediateDaCertificateWithNumericPidVid(accAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) // Check state indexes indexes := utils.TestIndexes{ @@ -369,7 +370,9 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.accountVid) // add x509 certificate - utils.AddDaIntermediateCertificate(setup, accAddress, tc.childCert) + addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), tc.childCert, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, addX509Cert) + require.NoError(setup.T, err) // query certificate certs, _ := utils.QueryAllApprovedCertificates(setup) @@ -410,7 +413,7 @@ func TestHandler_AddX509Cert_ForDuplicate(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) accAddress := setup.CreateVendorAccount(1) @@ -429,11 +432,11 @@ func TestHandler_AddX509Cert_ForExistingNocCertificate(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) // Store the NOC certificate - nocCertificate := utils.IntermediateCertPem(setup.Vendor1) + nocCertificate := utils.IntermediateDaCertificate(setup.Vendor1) nocCertificate.SerialNumber = testconstants.TestSerialNumber nocCertificate.CertificateType = types.CertificateType_OperationalPKI @@ -456,7 +459,7 @@ func TestHandler_AddX509Cert_NoRootCert(t *testing.T) { setup := utils.Setup(t) // add intermediate certificate - intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) // add leaf x509 certificate @@ -509,14 +512,14 @@ func TestHandler_AddX509Cert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) // add first vendor account with VID = 1 vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) // Store an intermediate certificate with the first vendor account as the owner - intermediateCertificate := utils.IntermediateCertPem(vendorAccAddress1) + intermediateCertificate := utils.IntermediateDaCertificate(vendorAccAddress1) intermediateCertificate.SerialNumber = utils.SerialNumber setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) setup.Keeper.AddApprovedCertificateBySubjectKeyID(setup.Ctx, intermediateCertificate) @@ -539,7 +542,7 @@ func TestHandler_AddX509Cert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.RootCertWithVid(setup.Trustee1) + rootCert := utils.RootDaCertificateWithVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // add x509 certificate diff --git a/x/pki/tests/handler_add_revocation_test.go b/x/pki/tests/handler_add_revocation_test.go index 4e105edbc..c0e8c7e5b 100644 --- a/x/pki/tests/handler_add_revocation_test.go +++ b/x/pki/tests/handler_add_revocation_test.go @@ -190,7 +190,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_PAAAlreadyExists(t *testing.T accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) // propose and approve x509 root certificate - rootCert := utils.PAACertWithNumericVid(setup.Trustee1) + rootCert := utils.RootDaCertificateWithNumericVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) addPkiRevocationDistributionPoint := createAddRevocationMessageWithPAACertWithNumericVid(accAddress.String()) diff --git a/x/pki/tests/handler_assign_vid_test.go b/x/pki/tests/handler_assign_vid_test.go index 5d2592598..f35d748a5 100644 --- a/x/pki/tests/handler_assign_vid_test.go +++ b/x/pki/tests/handler_assign_vid_test.go @@ -20,7 +20,7 @@ func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) rootCertificate.Vid = 0 utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) @@ -58,7 +58,7 @@ func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCertificate := utils.PAACertWithNumericVid(setup.Trustee1) + rootCertificate := utils.RootDaCertificateWithNumericVid(setup.Trustee1) rootCertificate.Vid = 0 utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) @@ -129,7 +129,7 @@ func TestHandler_AssignVid_ForNonRootCertificate(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add vendor account @@ -158,7 +158,7 @@ func TestHandler_AssignVid_CertificateAlreadyHasVid(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCert := utils.PAACertWithNumericVid(setup.Trustee1) + rootCert := utils.RootDaCertificateWithNumericVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) assignVid := types.MsgAssignVid{ @@ -178,7 +178,7 @@ func TestHandler_AssignVid_MessageVidAndCertificateVidNotEqual(t *testing.T) { vendorAcc := setup.CreateVendorAdminAccount(0) // propose and approve x509 root certificate - rootCert := utils.PAACertWithNumericVid(setup.Trustee1) + rootCert := utils.RootDaCertificateWithNumericVid(setup.Trustee1) rootCert.Vid = 0 utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) diff --git a/x/pki/tests/handler_delete_revocation_test.go b/x/pki/tests/handler_delete_revocation_test.go index cd8bf1dc3..c7468ef3b 100644 --- a/x/pki/tests/handler_delete_revocation_test.go +++ b/x/pki/tests/handler_delete_revocation_test.go @@ -187,7 +187,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_Multiple_SameIssuerSubject utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, rootCertOptions) // add PAA VID - rootCert := utils.PAACertWithNumericVid(setup.Trustee1) + rootCert := utils.RootDaCertificateWithNumericVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // add Revocation Point PAA NOVID diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index 3d6f492b7..42c0c5de9 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -18,12 +18,12 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add intermediate certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // remove intermediate certificate utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyId, "") @@ -57,19 +57,19 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add two intermediate certificates - icaCertificate1 := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PemCert) + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) - icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) // add leaf certificate - leafCertificate := utils.NocLeafCert1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) // check total number of certificates nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -93,7 +93,7 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) - // remove all intermediate certificates but leave leaf certificate (NocCert1 and NocCert1Copy) + // remove all intermediate certificates but leave leaf certificate (NocCert1 and IntermediateNocCertificate1Copy) utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.Subject, icaCertificate1.SubjectKeyId, "") // Check indexes for intermediate certificates @@ -154,20 +154,20 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // Add ICA certificates - icaCertificate1 := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PemCert) + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) // Add ICA certificates with sam subject and SKID but different serial number - icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) // Add a leaf certificate - leafCertificate := utils.NocLeafCert1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) // Check indexes for intermediate certificates before removing indexes := utils.TestIndexes{ @@ -249,12 +249,12 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // Add an intermediate certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // revoke intermediate certificate by serial number utils.RevokeNocIntermediateCertificate( @@ -324,12 +324,12 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // Add an intermediate certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // revoke an intermediate certificate utils.RevokeNocIntermediateCertificate( @@ -364,8 +364,8 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // Add an intermediate certificate with new serial number - icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) // Check indexes indexes = utils.TestIndexes{ @@ -427,12 +427,12 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add ICA certificate by fist vendor account - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // add second vendor account with VID = 1 vendorAccAddress2 := utils.GenerateAccAddress() @@ -488,7 +488,8 @@ func TestHandler_RemoveNocX509IcaCert_EmptyCertificatesList(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) setup.Keeper.SetNocIcaCertificates( setup.Ctx, @@ -511,7 +512,8 @@ func TestHandler_RemoveNocX509IcaCert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add fist vendor account with VID = 1 vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) @@ -537,7 +539,8 @@ func TestHandler_RemoveNocX509IcaCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add x509 certificate addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) @@ -579,7 +582,8 @@ func TestHandler_RemoveNocX509IcaCert_InvalidSerialNumber(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index bb8be46af..a1be40019 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -18,8 +18,8 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { setup := utils.Setup(t) // add NOC root certificates - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // remove noc root certificate utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate.Subject, rootCertificate.SubjectKeyId, "") @@ -51,15 +51,15 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // add NOC root certificates - rootCertificate1 := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PemCert) + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) - rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) // Add intermediate certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -119,15 +119,15 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // add NOC root certificates - rootCertificate1 := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PemCert) + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) - rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) // Add ICA certificates - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -243,15 +243,15 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate1 := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate1.PemCert) + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) - rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) // Add an intermediate certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // revoke NOC root certificates utils.RevokeNocRootCertificate( @@ -350,12 +350,12 @@ func TestHandler_RemoveNocX509RootCert_RevokedWithChildCertificate(t *testing.T) setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // Add an intermediate certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // revoke NOC root certificates utils.RevokeNocRootCertificate( @@ -456,12 +456,12 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // Add an intermediate certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // revoke an intermediate certificate utils.RevokeNocRootCertificate( @@ -474,8 +474,8 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) ) // Add NOC root certificate with new serial number - rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) // remove NOC root certificate by serial number utils.RemoveNocRootCertificate( @@ -554,8 +554,8 @@ func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add second vendor account with VID = 1 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) @@ -625,7 +625,8 @@ func TestHandler_RemoveNocX509RootCert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add fist vendor account with VID = 1 vendorAccAddress1 := utils.GenerateAccAddress() @@ -647,7 +648,8 @@ func TestHandler_RemoveNocX509RootCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) removeIcaCert := types.NewMsgRemoveNocX509RootCert( setup.Trustee1.String(), testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID, "") @@ -660,7 +662,8 @@ func TestHandler_RemoveNocX509RootCert_InvalidSerialNumber(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) removeX509Cert := types.NewMsgRemoveNocX509RootCert( setup.Vendor1.String(), diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index 503935b24..4318f87a6 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -17,12 +17,12 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add intermediate certificates - testIntermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PemCert) + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) // Remove intermediate certificate utils.RemoveDaIntermediateCertificate( @@ -62,19 +62,19 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCert := utils.RootCertWithSameSubjectAndSKID1(setup.Trustee1) + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add two intermediate certificates - testIntermediateCertificate1 := utils.IntermediateWithSameSubjectAndSKID1(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PemCert) + testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) - testIntermediateCertificate2 := utils.IntermediateWithSameSubjectAndSKID2(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PemCert) + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) // Add a leaf certificate - testLeafCertificate := utils.LeafCertWithSameSubjectAndSKID(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PemCert) + testLeafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testLeafCertificate) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) @@ -142,19 +142,19 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCert := utils.RootCertWithSameSubjectAndSKID1(setup.Trustee1) + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add intermediate certificates - testIntermediateCertificate1 := utils.IntermediateWithSameSubjectAndSKID1(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PemCert) + testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) - testIntermediateCertificate2 := utils.IntermediateWithSameSubjectAndSKID2(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PemCert) + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) // Add a leaf certificate - testLeafCertificate := utils.LeafCertWithSameSubjectAndSKID(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PemCert) + testLeafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testLeafCertificate) // remove intermediate certificate by serial number utils.RemoveDaIntermediateCertificate( @@ -267,12 +267,12 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add two intermediate certificates again - testIntermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PemCert) + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) // revoke intermediate certificate by serial number utils.RevokeDaIntermediateCertificate( @@ -336,12 +336,12 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCert := utils.RootCertWithSameSubjectAndSKID1(setup.Trustee1) + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add an intermediate certificate - testIntermediateCertificate := utils.IntermediateWithSameSubjectAndSKID1(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate.PemCert) + testIntermediateCertificate := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) @@ -357,8 +357,8 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { false) // Add an intermediate certificate with new serial number - testIntermediateCertificate2 := utils.IntermediateWithSameSubjectAndSKID2(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PemCert) + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) // check that intermediate certificate 2 exists indexes := utils.TestIndexes{ @@ -429,12 +429,12 @@ func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // add x509 certificate by fist vendor account - testIntermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, testIntermediateCertificate.PemCert) + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) // add second vendor account with VID = 1 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) @@ -484,7 +484,7 @@ func TestHandler_RemoveX509Cert_CertificateDoesNotExist(t *testing.T) { func TestHandler_RemoveX509Cert_EmptyCertificatesList(t *testing.T) { setup := utils.Setup(t) - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) setup.Keeper.SetApprovedCertificates( @@ -509,7 +509,7 @@ func TestHandler_RemoveX509Cert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) @@ -536,7 +536,7 @@ func TestHandler_RemoveX509Cert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.RootCertWithVid(setup.Trustee1) + rootCert := utils.RootDaCertificateWithVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add vendor account @@ -557,7 +557,7 @@ func TestHandler_RemoveX509Cert_SenderNotVendor(t *testing.T) { func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) removeX509Cert := types.NewMsgRemoveX509Cert( @@ -573,7 +573,7 @@ func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { func TestHandler_RemoveX509Cert_InvalidSerialNumber(t *testing.T) { setup := utils.Setup(t) - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) @@ -594,7 +594,8 @@ func TestHandler_RemoveX509Cert_ForNocIcaCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // Add ICA certificate addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index dac81e93a..21c3ccc39 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -18,12 +18,12 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add the NOC non-root certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // Revoke NOC with subject and subject key id only utils.RevokeNocIntermediateCertificate( @@ -62,19 +62,20 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add the first NOC non-root certificate - icaCertificate1 := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1) + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) // add the second NOC non-root certificate - icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocCert1Copy) + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) // add the NOC leaf certificate - leafCertificate := utils.NocLeafCert1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, testconstants.NocLeafCert1) + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) // Revoke NOC with subject and subject key id only utils.RevokeNocIntermediateCertificate( @@ -139,19 +140,20 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add the first NOC non-root certificate - icaCertificate1 := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PemCert) + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) // add the second NOC non-root certificate - icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) // add the NOC leaf certificate - leafCertificate := utils.NocLeafCert1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) // Revoke noc with subject and subject key id and its child too utils.RevokeNocIntermediateCertificate( @@ -216,19 +218,20 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add the first NOC non-root certificate - icaCertificate1 := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PemCert) + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) // add the second NOC non-root certificate - icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) // add the NOC leaf certificate - leafCertificate := utils.NocLeafCert1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) // Revoke NOC by serial number only utils.RevokeNocIntermediateCertificate( @@ -289,19 +292,20 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T setup := utils.Setup(t) // add the first NOC root certificate - utils.AddNocRootCertificate(setup, setup.Vendor1, testconstants.NocRootCert1) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add the first NOC non-root certificate - icaCertificate1 := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.PemCert) + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) // add the second NOC non-root certificate - icaCertificate2 := utils.NocCert1Copy(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate2.PemCert) + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) // add the NOC leaf certificate - leafCertificate := utils.NocLeafCert1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) // Revoke NOC with subject and subject key id and its child too utils.RevokeNocIntermediateCertificate( diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index fd1639be2..bbc6f5b25 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -18,8 +18,8 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // Revoke NOC root with subject and subject key id only utils.RevokeNocRootCertificate( @@ -59,16 +59,16 @@ func TestHandler_RevokeNocX509RootCert_TwoCerts(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add the second NOC root certificate - rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) // add the first NOC non-root certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // Revoke NOC root with subject and subject key id only utils.RevokeNocRootCertificate( @@ -130,16 +130,16 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add the second NOC root certificate - rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) // add the first NOC non-root certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // Revoke NOC root with subject and subject key id only utils.RevokeNocRootCertificate( @@ -200,16 +200,16 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add the second NOC root certificate - rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) // add the first NOC non-root certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // Revoke NOC root with subject and subject key id by serial number utils.RevokeNocRootCertificate( @@ -272,16 +272,16 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.NocRootCert1(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate.PemCert) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) // add the second NOC root certificate - rootCertificate2 := utils.NocRootCert1Copy(setup.Vendor1) - utils.AddNocRootCertificate(setup, setup.Vendor1, rootCertificate2.PemCert) + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) // add the first NOC non-root certificate - icaCertificate := utils.NocCertIca1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.PemCert) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) // Revoke NOC root with subject and subject key id by serial number utils.RevokeNocRootCertificate( diff --git a/x/pki/tests/handler_revoke_paa_cert_test.go b/x/pki/tests/handler_revoke_paa_cert_test.go index 3026e09fb..be1972bf9 100644 --- a/x/pki/tests/handler_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_revoke_paa_cert_test.go @@ -21,7 +21,7 @@ func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // propose revocation of x509 root certificate by `setup.Trustee` @@ -62,7 +62,7 @@ func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // add another trustee @@ -108,7 +108,7 @@ func TestHandler_RevokeDaRootCert(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // revoke certificate @@ -146,10 +146,10 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist setup := utils.Setup(t) // add root certificates - rootCertificate1 := utils.PAACertWithSameSubjectID1(setup.Trustee1) + rootCertificate1 := utils.RootDaCertWithSameSubjectKeyID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) - rootCertificate2 := utils.PAACertWithSameSubjectID2(setup.Trustee1) + rootCertificate2 := utils.RootDaCertificateWithSameSubjectKeyID2(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) // revoke Certificate1 certificate @@ -205,10 +205,10 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndSkidExist(t *testing.T) { setup := utils.Setup(t) - rootCertificate1 := utils.RootCertWithSameSubjectAndSKID1(setup.Trustee1) + rootCertificate1 := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) - rootCertificate2 := utils.RootCertWithSameSubjectAndSKID2(setup.Trustee1) + rootCertificate2 := utils.RootDaCertificateWithSameSubjectAndSKID2(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) // revoke Certificate1 certificate @@ -275,7 +275,7 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup := utils.Setup(t) // add root x509 certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // root exists @@ -378,16 +378,16 @@ func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { setup := utils.Setup(t) // add root x509 certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // add intermediate x509 certificate - intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PemCert) + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) // add leaf x509 certificate - leafCertificate := utils.LeafCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) + leafCertificate := utils.LeafCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, leafCertificate) // propose revocation of x509 root certificate utils.ProposeRevokeDaRootCertificate( @@ -435,7 +435,7 @@ func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // Add 1 more trustee (this will bring the total trustee's to 4) @@ -483,7 +483,7 @@ func TestHandler_ProposeRevokeX509RootCert_ByNotTrustee(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) for _, role := range []dclauthtypes.AccountRole{ @@ -522,7 +522,7 @@ func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExist(t *testing.T) func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExistBySerialNumber(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // revoke x509 certificate @@ -573,7 +573,7 @@ func TestHandler_ProposeRevokeX509RootCert_ProposedRevocationAlreadyExists(t *te setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // propose revocation of x509 root certificate @@ -597,7 +597,7 @@ func TestHandler_ProposeRevokeX509RootCert_ForNonRootCertificate(t *testing.T) { setup := utils.Setup(t) // store x509 root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) @@ -626,7 +626,7 @@ func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // propose revocation of x509 root certificate @@ -665,7 +665,7 @@ func TestHandler_ApproveRevokeX509RootCert_ProposedRevocationDoesNotExist(t *tes setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // approve revocation of x509 root certificate @@ -684,7 +684,7 @@ func TestHandler_ApproveRevokeX509RootCert_Twice(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // propose revocation of x509 root certificate diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index d8430d605..24af4d42d 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -18,12 +18,12 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // Add intermediate certificate - intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PemCert) + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) // revoke intermediate certificate utils.RevokeDaIntermediateCertificate( @@ -78,16 +78,16 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { setup := utils.Setup(t) // add root x509 certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) // add intermediate x509 certificate - intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PemCert) + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) // add leaf x509 certificate - leafCertificate := utils.LeafCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, leafCertificate.PemCert) + leafCertificate := utils.LeafCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, leafCertificate) // revoke x509 certificate utils.RevokeDaIntermediateCertificate( @@ -145,19 +145,19 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) // propose and approve x509 root certificate - rootCert := utils.RootCertWithSameSubjectAndSKID1(setup.Trustee1) + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add intermediate certificates - testIntermediateCertificate1 := utils.IntermediateWithSameSubjectAndSKID1(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate1.PemCert) + testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) - testIntermediateCertificate2 := utils.IntermediateWithSameSubjectAndSKID2(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testIntermediateCertificate2.PemCert) + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) // Add a leaf certificate - testLeafCertificate := utils.LeafCertWithSameSubjectAndSKID(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, vendorAccAddress, testLeafCertificate.PemCert) + testLeafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testLeafCertificate) // get certificates for further comparison allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) @@ -256,12 +256,12 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // add x509 certificate by first vendor account - intermediateCertificate := utils.IntermediateCertPem(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, setup.Vendor1, intermediateCertificate.PemCert) + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) // add second vendor account with VID = 1 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) @@ -319,7 +319,7 @@ func TestHandler_RevokeX509Cert_CertificateDoesNotExistBySerialNumber(t *testing setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add intermediate certificate @@ -348,7 +348,7 @@ func TestHandler_RevokeX509Cert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate - rootCert := utils.RootCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // revoke x509 root certificate @@ -369,7 +369,7 @@ func TestHandler_RevokeX509Cert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCertificate := utils.RootCertificate(setup.Trustee1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) @@ -400,7 +400,7 @@ func TestHandler_RevokeX509Cert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.RootCertWithVid(setup.Trustee1) + rootCert := utils.RootDaCertificateWithVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add vendor account diff --git a/x/pki/tests/handler_update_revocation_test.go b/x/pki/tests/handler_update_revocation_test.go index b307f56ba..dd3638097 100644 --- a/x/pki/tests/handler_update_revocation_test.go +++ b/x/pki/tests/handler_update_revocation_test.go @@ -247,7 +247,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NotUniqueDataURLForIssuer( setup.AddAccount(vendorAcc, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.PAACertWithNumericVidVid) // propose and approve root certificate - rootCertOptions := utils.PAACertWithNumericVid(setup.Trustee1) + rootCertOptions := utils.RootDaCertificateWithNumericVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) addPkiRevocationDistributionPoint1 := createAddRevocationMessageWithPAACertWithNumericVid(vendorAcc.String()) diff --git a/x/pki/tests/utils/certificate_helpers.go b/x/pki/tests/utils/certificate_helpers.go index fbcea90f0..e47bea40f 100644 --- a/x/pki/tests/utils/certificate_helpers.go +++ b/x/pki/tests/utils/certificate_helpers.go @@ -50,19 +50,17 @@ func ProposeAndApproveRootCertificate( func AddMokedDaCertificate( setup *TestSetup, certificate types.Certificate, - isRoot bool, ) { setup.Keeper.SetUniqueCertificate(setup.Ctx, UniqueCertificate(certificate.Issuer, certificate.SerialNumber)) - setup.Keeper.StoreDaCertificate(setup.Ctx, certificate, isRoot) + setup.Keeper.StoreDaCertificate(setup.Ctx, certificate, certificate.IsRoot) } func AddMokedNocCertificate( setup *TestSetup, certificate types.Certificate, - isRoot bool, ) { setup.Keeper.SetUniqueCertificate(setup.Ctx, UniqueCertificate(certificate.Issuer, certificate.SerialNumber)) - setup.Keeper.StoreNocCertificate(setup.Ctx, certificate, isRoot) + setup.Keeper.StoreNocCertificate(setup.Ctx, certificate, certificate.IsRoot) } func UniqueCertificate(issuer string, serialNumber string) types.UniqueCertificate { @@ -82,12 +80,11 @@ func CertificateIdentifier(subject string, subjectKeyID string) types.Certificat func ProposeDaRootCertificate( setup *TestSetup, - address sdk.AccAddress, - pemCert string, + certificate types.Certificate, ) *types.MsgProposeAddX509RootCert { proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - address.String(), - pemCert, + certificate.Owner, + certificate.PemCert, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion, @@ -136,10 +133,9 @@ func RejectDaRootCertificate( func AddDaIntermediateCertificate( setup *TestSetup, - address sdk.AccAddress, - pemCert string, + certificate types.Certificate, ) *types.MsgAddX509Cert { - addX509Cert := types.NewMsgAddX509Cert(address.String(), pemCert, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(certificate.Owner, certificate.PemCert, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(setup.T, err) @@ -229,10 +225,9 @@ func RevokeDaIntermediateCertificate( func AddNocRootCertificate( setup *TestSetup, - address sdk.AccAddress, - pemCert string, + certificate types.Certificate, ) *types.MsgAddNocX509RootCert { - addNocX509RootCert := types.NewMsgAddNocX509RootCert(address.String(), pemCert, testconstants.CertSchemaVersion) + addNocX509RootCert := types.NewMsgAddNocX509RootCert(certificate.Owner, certificate.PemCert, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(setup.T, err) @@ -241,10 +236,9 @@ func AddNocRootCertificate( func AddNocIntermediateCertificate( setup *TestSetup, - address sdk.AccAddress, - pemCert string, + certificate types.Certificate, ) *types.MsgAddNocX509IcaCert { - nocX509Cert := types.NewMsgAddNocX509IcaCert(address.String(), pemCert, testconstants.CertSchemaVersion) + nocX509Cert := types.NewMsgAddNocX509IcaCert(certificate.Owner, certificate.PemCert, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, nocX509Cert) require.NoError(setup.T, err) diff --git a/x/pki/tests/utils/data.go b/x/pki/tests/utils/data.go index c4f29da64..72fb516f6 100644 --- a/x/pki/tests/utils/data.go +++ b/x/pki/tests/utils/data.go @@ -54,7 +54,7 @@ func CreatePAACertNoVidOptions(vid int32) *RootCertOptions { } } -func RootCertificate(address sdk.AccAddress) types.Certificate { +func RootDaCertificate(address sdk.AccAddress) types.Certificate { return types.NewRootCertificate( testconstants.RootCertPem, testconstants.RootSubject, @@ -69,7 +69,7 @@ func RootCertificate(address sdk.AccAddress) types.Certificate { ) } -func RootCertWithVid(address sdk.AccAddress) types.Certificate { +func RootDaCertificateWithVid(address sdk.AccAddress) types.Certificate { return types.NewRootCertificate( testconstants.RootCertWithVid, testconstants.RootCertWithVidSubject, @@ -84,7 +84,7 @@ func RootCertWithVid(address sdk.AccAddress) types.Certificate { ) } -func PAACertWithNumericVid(address sdk.AccAddress) types.Certificate { +func RootDaCertificateWithNumericVid(address sdk.AccAddress) types.Certificate { return types.NewRootCertificate( testconstants.PAACertWithNumericVid, testconstants.PAACertWithNumericVidSubject, @@ -99,12 +99,12 @@ func PAACertWithNumericVid(address sdk.AccAddress) types.Certificate { ) } -func PAACertWithSameSubjectID1(address sdk.AccAddress) types.Certificate { +func RootDaCertWithSameSubjectKeyID1(address sdk.AccAddress) types.Certificate { return types.NewRootCertificate( testconstants.PAACertWithSameSubjectID1, testconstants.PAACertWithSameSubjectID1Subject, testconstants.PAACertWithSameSubjectID1SubjectAsText, - testconstants.PAACertWithSameSubjectIDSubjectID, + testconstants.PAACertWithSameSubjectIDSubjectKeyID, testconstants.PAACertWithSameSubjectSerialNumber, address.String(), []*types.Grant{}, @@ -114,12 +114,12 @@ func PAACertWithSameSubjectID1(address sdk.AccAddress) types.Certificate { ) } -func PAACertWithSameSubjectID2(address sdk.AccAddress) types.Certificate { +func RootDaCertificateWithSameSubjectKeyID2(address sdk.AccAddress) types.Certificate { return types.NewRootCertificate( testconstants.PAACertWithSameSubjectID2, testconstants.PAACertWithSameSubjectID2Subject, testconstants.PAACertWithSameSubjectID1SubjectAsText, - testconstants.PAACertWithSameSubjectIDSubjectID, + testconstants.PAACertWithSameSubjectIDSubjectKeyID, testconstants.PAACertWithSameSubject2SerialNumber, address.String(), []*types.Grant{}, @@ -129,7 +129,7 @@ func PAACertWithSameSubjectID2(address sdk.AccAddress) types.Certificate { ) } -func RootCertWithSameSubjectAndSKID1(address sdk.AccAddress) types.Certificate { +func RootDaCertificateWithSameSubjectAndSKID1(address sdk.AccAddress) types.Certificate { return types.NewRootCertificate( testconstants.RootCertWithSameSubjectAndSKID1, testconstants.RootCertWithSameSubjectAndSKIDSubject, @@ -144,7 +144,7 @@ func RootCertWithSameSubjectAndSKID1(address sdk.AccAddress) types.Certificate { ) } -func RootCertWithSameSubjectAndSKID2(address sdk.AccAddress) types.Certificate { +func RootDaCertificateWithSameSubjectAndSKID2(address sdk.AccAddress) types.Certificate { return types.NewRootCertificate( testconstants.RootCertWithSameSubjectAndSKID2, testconstants.RootCertWithSameSubjectAndSKIDSubject, @@ -159,7 +159,7 @@ func RootCertWithSameSubjectAndSKID2(address sdk.AccAddress) types.Certificate { ) } -func IntermediateCertPem(address sdk.AccAddress) types.Certificate { +func IntermediateDaCertificate(address sdk.AccAddress) types.Certificate { return types.NewNonRootCertificate( testconstants.IntermediateCertPem, testconstants.IntermediateSubject, @@ -176,7 +176,7 @@ func IntermediateCertPem(address sdk.AccAddress) types.Certificate { ) } -func PAICertWithNumericPidVid(address sdk.AccAddress) types.Certificate { +func IntermediateDaCertificateWithNumericPidVid(address sdk.AccAddress) types.Certificate { return types.NewNonRootCertificate( testconstants.PAICertWithNumericPidVid, testconstants.PAICertWithNumericPidVidSubject, @@ -193,7 +193,7 @@ func PAICertWithNumericPidVid(address sdk.AccAddress) types.Certificate { ) } -func IntermediateWithSameSubjectAndSKID1(address sdk.AccAddress) types.Certificate { +func IntermediateDaCertificateWithSameSubjectAndSKID1(address sdk.AccAddress) types.Certificate { return types.NewNonRootCertificate( testconstants.IntermediateWithSameSubjectAndSKID1, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, @@ -210,7 +210,7 @@ func IntermediateWithSameSubjectAndSKID1(address sdk.AccAddress) types.Certifica ) } -func IntermediateWithSameSubjectAndSKID2(address sdk.AccAddress) types.Certificate { +func IntermediateDaCertificateWithSameSubjectAndSKID2(address sdk.AccAddress) types.Certificate { return types.NewNonRootCertificate( testconstants.IntermediateWithSameSubjectAndSKID2, testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, @@ -227,7 +227,7 @@ func IntermediateWithSameSubjectAndSKID2(address sdk.AccAddress) types.Certifica ) } -func LeafCertWithSameSubjectAndSKID(address sdk.AccAddress) types.Certificate { +func LeafDaCertificateWithSameSubjectAndSKID(address sdk.AccAddress) types.Certificate { return types.NewNonRootCertificate( testconstants.LeafCertWithSameSubjectAndSKID, testconstants.LeafCertWithSameSubjectAndSKIDSubject, @@ -244,7 +244,7 @@ func LeafCertWithSameSubjectAndSKID(address sdk.AccAddress) types.Certificate { ) } -func LeafCertPem(address sdk.AccAddress) types.Certificate { +func LeafCertificate(address sdk.AccAddress) types.Certificate { return types.NewNonRootCertificate( testconstants.LeafCertPem, testconstants.LeafSubject, @@ -261,7 +261,7 @@ func LeafCertPem(address sdk.AccAddress) types.Certificate { ) } -func NocRootCert1(address sdk.AccAddress) types.Certificate { +func RootNocCertificate1(address sdk.AccAddress) types.Certificate { return types.NewNocRootCertificate( testconstants.NocRootCert1, testconstants.NocRootCert1Subject, @@ -274,7 +274,7 @@ func NocRootCert1(address sdk.AccAddress) types.Certificate { ) } -func NocRootCert1Copy(address sdk.AccAddress) types.Certificate { +func RootNocCertificate1Copy(address sdk.AccAddress) types.Certificate { return types.NewNocRootCertificate( testconstants.NocRootCert1Copy, testconstants.NocRootCert1CopySubject, @@ -287,7 +287,7 @@ func NocRootCert1Copy(address sdk.AccAddress) types.Certificate { ) } -func NocRootCert2(address sdk.AccAddress) types.Certificate { +func RootNocCertificate2(address sdk.AccAddress) types.Certificate { return types.NewNocRootCertificate( testconstants.NocRootCert2, testconstants.NocRootCert2Subject, @@ -300,7 +300,7 @@ func NocRootCert2(address sdk.AccAddress) types.Certificate { ) } -func NocCertIca1(address sdk.AccAddress) types.Certificate { +func IntermediateNocCertificate1(address sdk.AccAddress) types.Certificate { return types.NewNocCertificate( testconstants.NocCert1, testconstants.NocCert1Subject, @@ -317,7 +317,7 @@ func NocCertIca1(address sdk.AccAddress) types.Certificate { ) } -func NocCert1Copy(address sdk.AccAddress) types.Certificate { +func IntermediateNocCertificate1Copy(address sdk.AccAddress) types.Certificate { return types.NewNocCertificate( testconstants.NocCert1Copy, testconstants.NocCert1CopySubject, @@ -334,7 +334,7 @@ func NocCert1Copy(address sdk.AccAddress) types.Certificate { ) } -func NocCert2(address sdk.AccAddress) types.Certificate { +func IntermediateNocCertificate2(address sdk.AccAddress) types.Certificate { return types.NewNocCertificate( testconstants.NocCert2, testconstants.NocCert2Subject, @@ -351,7 +351,7 @@ func NocCert2(address sdk.AccAddress) types.Certificate { ) } -func NocLeafCert1(address sdk.AccAddress) types.Certificate { +func LeafNocCertificate1(address sdk.AccAddress) types.Certificate { return types.NewNocCertificate( testconstants.NocLeafCert1, testconstants.NocLeafCert1Subject, From 7b61f2fe481fcaf99cadf6920622702aa8d45484 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Tue, 17 Dec 2024 19:17:23 +0300 Subject: [PATCH 09/11] Refactoring PKI unit tests --- types/pki/keys.go | 5 - .../cli/query_approved_root_certificates.go | 2 +- .../cli/query_revoked_root_certificates.go | 2 +- x/pki/keeper/approved_root_certificates.go | 6 +- ...g_server_approve_revoke_x_509_root_cert.go | 1 + ...g_server_propose_revoke_x_509_root_cert.go | 1 + x/pki/keeper/revoked_root_certificates.go | 6 +- x/pki/tests/handler_add_noc_ica_cert_test.go | 67 +- x/pki/tests/handler_add_noc_root_cert_test.go | 53 +- x/pki/tests/handler_add_paa_cert_test.go | 969 ------------------ x/pki/tests/handler_add_pai_cert_test.go | 192 +--- x/pki/tests/handler_add_revocation_test.go | 132 +++ .../handler_approve_add_paa_cert_test.go | 359 +++++++ .../handler_approve_revoke_paa_cert_test.go | 551 ++++++++++ x/pki/tests/handler_propose_paa_cert_test.go | 300 ++++++ .../handler_propose_revoke_paa_cert_test.go | 386 +++++++ .../tests/handler_reject_add_paa_cert_test.go | 323 ++++++ .../tests/handler_remove_noc_ica_cert_test.go | 580 ++++++++--- .../handler_remove_noc_root_cert_test.go | 415 +++----- x/pki/tests/handler_remove_pai_cert_test.go | 571 +++++++---- .../tests/handler_revoke_noc_ica_cert_test.go | 310 ++++-- .../handler_revoke_noc_root_cert_test.go | 297 +++--- x/pki/tests/handler_revoke_paa_cert_test.go | 925 ----------------- x/pki/tests/handler_revoke_pai_cert_test.go | 437 +++++--- x/pki/tests/handler_update_revocation_test.go | 52 + x/pki/tests/test-design.md | 298 +++++- x/pki/tests/utils/certificate_assertions.go | 2 + x/pki/tests/utils/certificate_helpers.go | 31 +- x/pki/tests/utils/certificate_queries_da.go | 17 + 29 files changed, 4120 insertions(+), 3170 deletions(-) delete mode 100644 x/pki/tests/handler_add_paa_cert_test.go create mode 100644 x/pki/tests/handler_approve_add_paa_cert_test.go create mode 100644 x/pki/tests/handler_approve_revoke_paa_cert_test.go create mode 100644 x/pki/tests/handler_propose_paa_cert_test.go create mode 100644 x/pki/tests/handler_propose_revoke_paa_cert_test.go create mode 100644 x/pki/tests/handler_reject_add_paa_cert_test.go delete mode 100644 x/pki/tests/handler_revoke_paa_cert_test.go diff --git a/types/pki/keys.go b/types/pki/keys.go index b9e495f2c..77f6b16ec 100644 --- a/types/pki/keys.go +++ b/types/pki/keys.go @@ -21,11 +21,6 @@ func KeyPrefix(p string) []byte { return []byte(p) } -const ( - ApprovedRootCertificatesKeyPrefix = "ApprovedRootCertificates/value/" - RevokedRootCertificatesKeyPrefix = "RevokedRootCertificates/value/" -) - var ( ApprovedRootCertificatesKey = []byte{0} RevokedRootCertificatesKey = []byte{0} diff --git a/x/pki/client/cli/query_approved_root_certificates.go b/x/pki/client/cli/query_approved_root_certificates.go index a5f04fa0b..6eecff08c 100644 --- a/x/pki/client/cli/query_approved_root_certificates.go +++ b/x/pki/client/cli/query_approved_root_certificates.go @@ -24,7 +24,7 @@ func CmdShowApprovedRootCertificates() *cobra.Command { return cli.QueryWithProofList( clientCtx, pkitypes.StoreKey, - pkitypes.ApprovedRootCertificatesKeyPrefix, + types.ApprovedRootCertificatesKeyPrefix, pkitypes.ApprovedRootCertificatesKey, &res, ) diff --git a/x/pki/client/cli/query_revoked_root_certificates.go b/x/pki/client/cli/query_revoked_root_certificates.go index b943694c1..2e2cecb51 100644 --- a/x/pki/client/cli/query_revoked_root_certificates.go +++ b/x/pki/client/cli/query_revoked_root_certificates.go @@ -24,7 +24,7 @@ func CmdShowRevokedRootCertificates() *cobra.Command { return cli.QueryWithProofList( clientCtx, pkitypes.StoreKey, - pkitypes.RevokedRootCertificatesKeyPrefix, + types.RevokedRootCertificatesKeyPrefix, pkitypes.RevokedRootCertificatesKey, &res, ) diff --git a/x/pki/keeper/approved_root_certificates.go b/x/pki/keeper/approved_root_certificates.go index ec5ab5f74..215c1435c 100644 --- a/x/pki/keeper/approved_root_certificates.go +++ b/x/pki/keeper/approved_root_certificates.go @@ -9,14 +9,14 @@ import ( // SetApprovedRootCertificates set approvedRootCertificates in the store. func (k Keeper) SetApprovedRootCertificates(ctx sdk.Context, approvedRootCertificates types.ApprovedRootCertificates) { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.ApprovedRootCertificatesKeyPrefix)) + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedRootCertificatesKeyPrefix)) b := k.cdc.MustMarshal(&approvedRootCertificates) store.Set(pkitypes.ApprovedRootCertificatesKey, b) } // GetApprovedRootCertificates returns approvedRootCertificates. func (k Keeper) GetApprovedRootCertificates(ctx sdk.Context) (val types.ApprovedRootCertificates, found bool) { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.ApprovedRootCertificatesKeyPrefix)) + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedRootCertificatesKeyPrefix)) b := store.Get(pkitypes.ApprovedRootCertificatesKey) if b == nil { @@ -30,7 +30,7 @@ func (k Keeper) GetApprovedRootCertificates(ctx sdk.Context) (val types.Approved // RemoveApprovedRootCertificates removes approvedRootCertificates from the store. func (k Keeper) RemoveApprovedRootCertificates(ctx sdk.Context) { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.ApprovedRootCertificatesKeyPrefix)) + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedRootCertificatesKeyPrefix)) store.Delete(pkitypes.ApprovedRootCertificatesKey) } diff --git a/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go b/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go index f0c51889e..f6abb916b 100644 --- a/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go +++ b/x/pki/keeper/msg_server_approve_revoke_x_509_root_cert.go @@ -18,6 +18,7 @@ func (k msgServer) ApproveRevokeX509RootCert(goCtx context.Context, msg *types.M if err != nil { return nil, errors.Wrapf(sdkerrors.ErrInvalidAddress, "Invalid Address: (%s)", err) } + if !k.dclauthKeeper.HasRole(ctx, signerAddr, types.RootCertificateApprovalRole) { return nil, errors.Wrapf(sdkerrors.ErrUnauthorized, "MsgApproveRevokeX509RootCert transaction should be signed by "+ diff --git a/x/pki/keeper/msg_server_propose_revoke_x_509_root_cert.go b/x/pki/keeper/msg_server_propose_revoke_x_509_root_cert.go index 85f4c6fdd..67c065333 100644 --- a/x/pki/keeper/msg_server_propose_revoke_x_509_root_cert.go +++ b/x/pki/keeper/msg_server_propose_revoke_x_509_root_cert.go @@ -19,6 +19,7 @@ func (k msgServer) ProposeRevokeX509RootCert(goCtx context.Context, msg *types.M if err != nil { return nil, errors.Wrapf(sdkerrors.ErrInvalidAddress, "Invalid Address: (%s)", err) } + if !k.dclauthKeeper.HasRole(ctx, signerAddr, types.RootCertificateApprovalRole) { return nil, errors.Wrapf(sdkerrors.ErrUnauthorized, "MsgProposeRevokeX509RootCert transaction should be signed by "+ diff --git a/x/pki/keeper/revoked_root_certificates.go b/x/pki/keeper/revoked_root_certificates.go index e1a212b25..794b1b510 100644 --- a/x/pki/keeper/revoked_root_certificates.go +++ b/x/pki/keeper/revoked_root_certificates.go @@ -9,14 +9,14 @@ import ( // SetRevokedRootCertificates set revokedRootCertificates in the store. func (k Keeper) SetRevokedRootCertificates(ctx sdk.Context, revokedRootCertificates types.RevokedRootCertificates) { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.RevokedRootCertificatesKeyPrefix)) + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedRootCertificatesKeyPrefix)) b := k.cdc.MustMarshal(&revokedRootCertificates) store.Set(pkitypes.RevokedRootCertificatesKey, b) } // GetRevokedRootCertificates returns revokedRootCertificates. func (k Keeper) GetRevokedRootCertificates(ctx sdk.Context) (val types.RevokedRootCertificates, found bool) { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.RevokedRootCertificatesKeyPrefix)) + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedRootCertificatesKeyPrefix)) b := store.Get(pkitypes.RevokedRootCertificatesKey) if b == nil { @@ -30,7 +30,7 @@ func (k Keeper) GetRevokedRootCertificates(ctx sdk.Context) (val types.RevokedRo // RemoveRevokedRootCertificates removes revokedRootCertificates from the store. func (k Keeper) RemoveRevokedRootCertificates(ctx sdk.Context) { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(pkitypes.RevokedRootCertificatesKeyPrefix)) + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedRootCertificatesKeyPrefix)) store.Delete(pkitypes.RevokedRootCertificatesKey) } diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 1bea55baf..06d34281a 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -52,8 +52,6 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } -// Extra cases - func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) @@ -96,18 +94,68 @@ func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } +func TestHandler_AddNocIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { + setup := utils.Setup(t) + + // add two vendors with the same VID + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) + vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) + + // add NOC root certificate + rootCertificate := utils.RootNocCertificate1(vendorAccAddress1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // add the new NOC certificate by first vendor + icaCertificate := utils.IntermediateNocCertificate1(vendorAccAddress1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) + + // add the new NOC certificate by second vendor + icaCertificate2 := utils.IntermediateNocCertificate1Copy(vendorAccAddress2) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) +} + // Error cases -func TestHandler_AddNocX509Cert_SenderNotVendor(t *testing.T) { +func TestHandler_AddNocIntermediateCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) + // add NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + addNocX509Cert := types.NewMsgAddNocX509IcaCert(setup.Trustee1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509Cert) require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) } -func TestHandler_AddNocX509Cert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing.T) { +func TestHandler_AddNocIntermediateCert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate @@ -122,7 +170,7 @@ func TestHandler_AddNocX509Cert_Root_VID_Does_Not_Equal_To_AccountVID(t *testing require.ErrorIs(t, err, pkitypes.ErrCertVidNotEqualAccountVid) } -func TestHandler_AddNocX509Cert_ForInvalidCertificate(t *testing.T) { +func TestHandler_AddNocIntermediateCert_ForInvalidCertificate(t *testing.T) { setup := utils.Setup(t) // add x509 certificate @@ -131,7 +179,7 @@ func TestHandler_AddNocX509Cert_ForInvalidCertificate(t *testing.T) { require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate) } -func TestHandler_AddXNoc509Cert_ForNocRootCertificate(t *testing.T) { +func TestHandler_AddNocIntermediateCert_ForNocRootCertificate(t *testing.T) { setup := utils.Setup(t) // try to add root certificate x509 certificate @@ -140,11 +188,10 @@ func TestHandler_AddXNoc509Cert_ForNocRootCertificate(t *testing.T) { require.ErrorIs(t, err, pkitypes.ErrNonRootCertificateSelfSigned) } -func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) { +func TestHandler_AddNocIntermediateCert_ForRootNonNocCertificate(t *testing.T) { setup := utils.Setup(t) // store root certificate - rootCert := utils.RootDaCertificateWithVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -154,7 +201,7 @@ func TestHandler_AddXNoc509Cert_ForRootNonNocCertificate(t *testing.T) { require.ErrorIs(t, err, pkitypes.ErrInappropriateCertificateType) } -func TestHandler_AddXNoc509Cert_WhenNocRootCertIsAbsent(t *testing.T) { +func TestHandler_AddNocIntermediateCert_WhenNocRootCertIsAbsent(t *testing.T) { setup := utils.Setup(t) // add the new NOC certificate @@ -164,7 +211,7 @@ func TestHandler_AddXNoc509Cert_WhenNocRootCertIsAbsent(t *testing.T) { require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist) } -func TestHandler_AddNocX509Cert_CertificateExist(t *testing.T) { +func TestHandler_AddNocIntermediateCert_CertificateExist(t *testing.T) { accAddress := utils.GenerateAccAddress() cases := []struct { diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index a19d7ffd4..f56b00539 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -46,8 +46,6 @@ func TestHandler_AddNocRootCert(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } -// Extra cases - func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) @@ -84,19 +82,62 @@ func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *test utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } +func TestHandler_AddNocRootCert_ByNotOwnerButSameVendor(t *testing.T) { + setup := utils.Setup(t) + + // add two vendors with the same VID + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) + vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) + + // add NOC root certificate + rootCertificate1 := utils.RootNocCertificate1(vendorAccAddress1) + utils.AddNocRootCertificate(setup, rootCertificate1) + + // add NOC root certificate + rootCertificate2 := utils.RootNocCertificate1Copy(vendorAccAddress2) + utils.AddNocRootCertificate(setup, rootCertificate2) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) +} + // Error cases -func TestHandler_AddNocX509RootCert_SenderNotVendor(t *testing.T) { +func TestHandler_AddNocRootCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) - addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.CertSchemaVersion) + addNocX509RootCert := types.NewMsgAddNocX509RootCert( + setup.Trustee1.String(), + testconstants.RootCertPem, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) } -func TestHandler_AddNocX509RootCert_InvalidCertificate(t *testing.T) { +func TestHandler_AddNocRootCert_InvalidCertificate(t *testing.T) { accAddress := utils.GenerateAccAddress() cases := []struct { @@ -141,7 +182,7 @@ func TestHandler_AddNocX509RootCert_InvalidCertificate(t *testing.T) { } } -func TestHandler_AddNocX509RootCert_CertificateExist(t *testing.T) { +func TestHandler_AddNocRootCert_CertificateExist(t *testing.T) { accAddress := utils.GenerateAccAddress() cases := []struct { diff --git a/x/pki/tests/handler_add_paa_cert_test.go b/x/pki/tests/handler_add_paa_cert_test.go deleted file mode 100644 index dc7e221d1..000000000 --- a/x/pki/tests/handler_add_paa_cert_test.go +++ /dev/null @@ -1,969 +0,0 @@ -package tests - -import ( - "math" - "testing" - - sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" - "github.com/stretchr/testify/require" - testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" - pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" - dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" -) - -// Main - -func TestHandler_ProposeAddDaRootCert(t *testing.T) { - setup := utils.Setup(t) - - // propose DA root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, rootCertificate) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - } - resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // additional checks - require.Equal(t, proposeAddX509RootCert.Cert, resolvedCertificates.ProposedCertificate.PemCert) - require.True(t, resolvedCertificates.ProposedCertificate.HasApprovalFrom(proposeAddX509RootCert.Signer)) -} - -func TestHandler_AddDaRootCert(t *testing.T) { - setup := utils.Setup(t) - - // propose add x509 root certificate by trustee - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, rootCertificate) - - // approve by second trustee - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.RejectedCertificateKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) -} - -func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 root certificate by account without trustee role - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, rootCertificate) - - // Create an array of trustee account from 1 to 50 - trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() - - // We have 3 Trustees in test setup. - twoThirds := int(math.Ceil(types.RootCertificateApprovalsPercent * float64(3+totalAdditionalTrustees))) - - // Until we hit 2/3 of the total number of Trustees, we should not be able to approve the certificate - for i := 1; i < twoThirds-1; i++ { - utils.ApproveDaRootCertificate(setup, trusteeAccounts[i], rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - } - - // One more approval will move this to approved state from pending - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.RejectedCertificateKeyPrefix}, - }, - } - resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // Additional checks - for i := 1; i < twoThirds-1; i++ { - require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(trusteeAccounts[i].String()), true) - } - require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(setup.Trustee1.String()), true) - require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(setup.Trustee2.String()), true) -} - -func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) { - setup := utils.Setup(t) - - // we have 5 trustees: 1 approval comes from propose => we need 3 more approvals - - // store 4th trustee - fourthTrustee := utils.GenerateAccAddress() - setup.AddAccount(fourthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) - - // store 5th trustee - fifthTrustee := utils.GenerateAccAddress() - setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) - - // propose x509 root certificate by account Trustee1 - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, rootCertificate) - - // approve x509 root certificate by account Trustee2 - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // approve x509 root certificate by account Trustee3 - utils.ApproveDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // reject x509 root certificate by account Trustee4 - utils.RejectDaRootCertificate(setup, fourthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // Check state indexes - certificate is in proposed state - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // approve x509 root certificate by account Trustee5 - utils.ApproveDaRootCertificate(setup, fifthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // Check state indexes - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.RejectedCertificateKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) -} - -// Extra cases - -func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { - setup := utils.Setup(t) - - // store root certificate with different serial number - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - rootCertificate.SerialNumber = utils.SerialNumber - utils.AddMokedDaCertificate(setup, rootCertificate) - - // propose second root certificate - testRootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, testRootCertificate) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, // we have both: Proposed and Approved - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix, Count: 1}, // single approved - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, - }, - } - resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) - - // additional check - require.Equal(t, testRootCertificate.SerialNumber, resolvedCertificates.ProposedCertificate.SerialNumber) -} - -func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T) { - setup := utils.Setup(t) - - // add Certificate1 - testRootCertificate := utils.RootDaCertWithSameSubjectKeyID1(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) - - // add Certificate2 - testRootCertificate2 := utils.RootDaCertificateWithSameSubjectKeyID2(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate2) - - // Check indexes by subject + subject key id - allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) - require.Equal(t, 2, len(allApprovedCertificates)) - - allCertificates, _ := utils.QueryAllCertificatesAll(setup) - require.Equal(t, 2, len(allCertificates)) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.RejectedCertificateKeyPrefix}, - }, - } - // check for first - utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) - // check for second - resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate2, indexes) - - // Additional checks - require.Equal(t, testRootCertificate.SubjectKeyId, resolvedCertificates.AllCertificatesBySubjectKeyID[0].SubjectKeyId) - require.Equal(t, testRootCertificate.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[0].Subject) - require.Equal(t, testRootCertificate2.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[1].Subject) -} - -func TestHandler_RejectAddDaRootCert(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 root certificate by account Trustee1 - testRootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, testRootCertificate) - - // reject x509 root certificate by account Trustee2 - utils.RejectDaRootCertificate(setup, setup.Trustee2, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) - - // certificate should be in the entity , because we haven't enough reject approvals - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - } - // check certificate state indexes - resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) - - // additional checks - require.Equal(t, setup.Trustee1.String(), resolvedCertificates.ProposedCertificate.Approvals[0].Address) - require.Equal(t, testconstants.Info, resolvedCertificates.ProposedCertificate.Approvals[0].Info) - require.Equal(t, setup.Trustee2.String(), resolvedCertificates.ProposedCertificate.Rejects[0].Address) - require.Equal(t, testconstants.Info, resolvedCertificates.ProposedCertificate.Rejects[0].Info) - - // reject x509 root certificate by account Trustee3 - utils.RejectDaRootCertificate(setup, setup.Trustee3, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) - - // certificate should not be in the entity , because we have enough reject approvals - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - } - // check certificate state indexes - resolvedCertificates = utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) - - // additional checks - require.Equal(t, setup.Trustee1.String(), resolvedCertificates.RejectedCertificate.Certs[0].Approvals[0].Address) - require.Equal(t, testconstants.Info, resolvedCertificates.RejectedCertificate.Certs[0].Approvals[0].Info) - require.Equal(t, setup.Trustee2.String(), resolvedCertificates.RejectedCertificate.Certs[0].Rejects[0].Address) - require.Equal(t, testconstants.Info, resolvedCertificates.RejectedCertificate.Certs[0].Rejects[0].Info) - require.Equal(t, setup.Trustee3.String(), resolvedCertificates.RejectedCertificate.Certs[0].Rejects[1].Address) - require.Equal(t, testconstants.Info, resolvedCertificates.RejectedCertificate.Certs[0].Rejects[1].Info) -} - -func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t *testing.T) { - setup := utils.Setup(t) - - // propose add x509 root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, rootCertificate) - - for _, role := range []dclauthtypes.AccountRole{ - dclauthtypes.Trustee, - } { - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) - - // approve x509 root certificate by account Trustee2 - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - pendingCert, _ := setup.Keeper.GetProposedCertificate( - setup.Ctx, - rootCertificate.Subject, - rootCertificate.SubjectKeyId) - prevRejectsLen := len(pendingCert.Rejects) - prevApprovalsLen := len(pendingCert.Approvals) - - // reject x509 root certificate by account Trustee2 - utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - pendingCert, found := setup.Keeper.GetProposedCertificate(setup.Ctx, - rootCertificate.Subject, - rootCertificate.SubjectKeyId) - require.True(t, found) - require.Equal(t, len(pendingCert.Rejects), prevRejectsLen+1) - require.Equal(t, len(pendingCert.Approvals), prevApprovalsLen-1) - } -} - -func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t *testing.T) { - setup := utils.Setup(t) - - // propose add x509 root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, rootCertificate) - - for _, role := range []dclauthtypes.AccountRole{ - dclauthtypes.Trustee, - } { - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) - - // reject x509 root certificate by account Trustee2 - utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - pendingCert, _ := setup.Keeper.GetProposedCertificate( - setup.Ctx, - rootCertificate.Subject, - rootCertificate.SubjectKeyId) - prevRejectsLen := len(pendingCert.Rejects) - prevApprovalsLen := len(pendingCert.Approvals) - - // approve x509 root certificate by account Trustee2 - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - pendingCert, found := setup.Keeper.GetProposedCertificate( - setup.Ctx, - rootCertificate.Subject, - rootCertificate.SubjectKeyId) - require.True(t, found) - require.Equal(t, len(pendingCert.Rejects), prevRejectsLen-1) - require.Equal(t, len(pendingCert.Approvals), prevApprovalsLen+1) - } -} - -func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t *testing.T) { - setup := utils.Setup(t) - - // we have 5 trustees: 1 approval comes from propose => we need 2 rejects to make certificate rejected - - // store 4th trustee - fourthTrustee := utils.GenerateAccAddress() - setup.AddAccount(fourthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) - - // store 5th trustee - fifthTrustee := utils.GenerateAccAddress() - setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) - - // propose x509 root certificate by account Trustee1 - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, rootCertificate) - - // reject x509 root certificate by account Trustee2 - utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, // not rejected yet - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // reject x509 root certificate by account Trustee3 - utils.RejectDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // Check state indexes - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, // certificate is rejected now - }, - Missing: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) -} - -func TestHandler_ProposeAddAndRejectX509RootCert_ByTrustee(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, rootCertificate) - - // reject x509 root certificate - utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{}, - Missing: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, // certificates do not get into rejected collection because there were no approvals before - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) -} - -func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, rootCertificate) - - // reject x509 root certificate - utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) -} - -func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testing.T) { - setup := utils.Setup(t) - - // add another trustee - setup.CreateTrusteeAccount(1) - - // propose x509 root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeDaRootCertificate(setup, rootCertificate) - - // approve - utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // reject x509 root certificate - utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyId) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - } - resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // additional checks - require.True(t, resolvedCertificates.ProposedCertificate.HasRejectFrom(setup.Trustee1.String())) - require.True(t, resolvedCertificates.ProposedCertificate.HasApprovalFrom(setup.Trustee2.String())) -} - -// Error cases - -func TestHandler_ProposeAddX509RootCert_ByNotTrustee(t *testing.T) { - setup := utils.Setup(t) - - for _, role := range []dclauthtypes.AccountRole{ - dclauthtypes.Vendor, - dclauthtypes.CertificationCenter, - dclauthtypes.NodeAdmin, - } { - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) - - // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(accAddress.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) - } -} - -func TestHandler_ProposeAddX509RootCert_ForInvalidCertificate(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.StubCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.Error(t, err) - require.True(t, pkitypes.ErrInvalidCertificate.Is(err)) -} - -func TestHandler_ProposeAddX509RootCert_ForNonRootCertificate(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 leaf certificate as root - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.LeafCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.Error(t, err) - require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) -} - -func TestHandler_ProposeAddX509RootCert_ProposedCertificateAlreadyExists(t *testing.T) { - setup := utils.Setup(t) - - // propose adding of x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - // store another account - anotherAccount := utils.GenerateAccAddress() - setup.AddAccount(anotherAccount, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) - - // propose adding of the same x509 root certificate again - proposeAddX509RootCert = types.NewMsgProposeAddX509RootCert(anotherAccount.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.Error(t, err) - require.True(t, pkitypes.ErrProposedCertificateAlreadyExists.Is(err)) -} - -func TestHandler_ProposeAddX509RootCert_CertificateAlreadyExists(t *testing.T) { - setup := utils.Setup(t) - - // store x509 root certificate - rootCertificate := utils.RootDaCertificate(testconstants.Address1) - setup.Keeper.SetUniqueCertificate( - setup.Ctx, - utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), - ) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - - // propose adding of the same x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.Error(t, err) - require.True(t, pkitypes.ErrCertificateAlreadyExists.Is(err)) -} - -func TestHandler_ProposeAddX509RootCert_ForNocCertificate(t *testing.T) { - setup := utils.Setup(t) - - // Store the NOC root certificate - nocRootCertificate := utils.RootDaCertificate(setup.Vendor1) - nocRootCertificate.SerialNumber = testconstants.TestSerialNumber - nocRootCertificate.CertificateType = types.CertificateType_OperationalPKI - nocRootCertificate.Approvals = nil - nocRootCertificate.Rejects = nil - - setup.Keeper.AddAllCertificate(setup.Ctx, nocRootCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, nocRootCertificate) - setup.Keeper.AddNocRootCertificate(setup.Ctx, nocRootCertificate) - uniqueCertificate := types.UniqueCertificate{ - Issuer: nocRootCertificate.Issuer, - SerialNumber: nocRootCertificate.SerialNumber, - Present: true, - } - setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) - - // propose a new root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) -} - -func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumberDifferentSigner(t *testing.T) { - setup := utils.Setup(t) - - // store root certificate with different serial number - rootCertificate := utils.RootDaCertificate(testconstants.Address1) - rootCertificate.SerialNumber = utils.SerialNumber - setup.Keeper.SetUniqueCertificate( - setup.Ctx, - utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), - ) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - - // propose second root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.Error(t, err) - require.True(t, sdkerrors.ErrUnauthorized.Is(err)) -} - -func TestHandler_ApproveAddX509RootCert_ForNotEnoughApprovals(t *testing.T) { - setup := utils.Setup(t) - - // store account without trustee role - nonTrustee := setup.CreateTrusteeAccount(1) - - // propose x509 root certificate by account without trustee role - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(nonTrustee.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - // approve - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) - - // query certificate - proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.True(t, proposedCertificate.HasApprovalFrom(setup.Trustee1.String())) - - // query approved certificate - _, err = utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - - // approve again from secondTrustee (That makes is 2 trustee's from a total of 3) - approveAddX509RootCert = types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) - - // query approved certificate and we should get one back - approvedCertificate, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - for _, cert := range approvedCertificate.Certs { - // check - require.Equal(t, testconstants.RootIssuer, cert.Subject) - require.Equal(t, testconstants.RootSerialNumber, cert.SerialNumber) - require.True(t, cert.IsRoot) - require.True(t, cert.HasApprovalFrom(setup.Trustee1.String())) - require.True(t, cert.HasApprovalFrom(setup.Trustee2.String())) - } -} - -func TestHandler_ApproveAddX509RootCert_ForUnknownProposedCertificate(t *testing.T) { - setup := utils.Setup(t) - - // approve - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err := setup.Handler(setup.Ctx, approveAddX509RootCert) - require.Error(t, err) - require.True(t, pkitypes.ErrProposedCertificateDoesNotExist.Is(err)) -} - -func TestHandler_ApproveAddX509RootCert_ByNotTrustee(t *testing.T) { - setup := utils.Setup(t) - - // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - for _, role := range []dclauthtypes.AccountRole{ - dclauthtypes.Vendor, - dclauthtypes.CertificationCenter, - dclauthtypes.NodeAdmin, - } { - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) - - // approve - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - accAddress.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.Error(t, err) - require.True(t, sdkerrors.ErrUnauthorized.Is(err)) - } -} - -func TestHandler_ApproveAddX509RootCert_Twice(t *testing.T) { - setup := utils.Setup(t) - - // store account without Trustee role - accAddress := setup.CreateTrusteeAccount(1) - - // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(accAddress.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - // approve - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) - - // approve second time - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.Error(t, err) - require.True(t, sdkerrors.ErrUnauthorized.Is(err)) -} - -func TestHandler_RejectX509RootCert_ByNotTrustee(t *testing.T) { - setup := utils.Setup(t) - - // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - for _, role := range []dclauthtypes.AccountRole{ - dclauthtypes.Vendor, - dclauthtypes.CertificationCenter, - dclauthtypes.NodeAdmin, - } { - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) - - // reject x509 root certificate - approveAddX509RootCert := types.NewMsgRejectAddX509RootCert( - accAddress.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.Info, - ) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.Error(t, err) - require.True(t, sdkerrors.ErrUnauthorized.Is(err)) - } -} - -func TestHandler_Duplicate_RejectX509RootCert_FromTheSameTrustee(t *testing.T) { - setup := utils.Setup(t) - - // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) - - // second time reject x509 root certificate by account Trustee2 - rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) -} - -func TestHandler_DoubleTimeRejectX509RootCert(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) - - // certificate should be in the entity , because we haven't enough reject approvals - proposedCertificate, err := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - - // check proposed certificate - require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, proposedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, proposedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) - require.Equal(t, setup.Trustee1.String(), proposedCertificate.Approvals[0].Address) - require.Equal(t, testconstants.Info, proposedCertificate.Approvals[0].Info) - require.Equal(t, setup.Trustee2.String(), proposedCertificate.Rejects[0].Address) - require.Equal(t, testconstants.Info, proposedCertificate.Rejects[0].Info) - - // reject x509 root certificate by account Trustee3 - rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert(setup.Trustee3.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) - - // certificate should not be in the entity , because we have enough reject approvals - _, err = utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Error(t, err) - - // certificate should be in the entity , because we have enough rejected approvals - rejectedCertificates, err := utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - - // check rejected certificate - rejectedCertificate := rejectedCertificates.Certs[0] - require.Equal(t, proposeAddX509RootCert.Cert, rejectedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, rejectedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, rejectedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, rejectedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, rejectedCertificate.SerialNumber) - require.Equal(t, setup.Trustee1.String(), rejectedCertificate.Approvals[0].Address) - require.Equal(t, testconstants.Info, rejectedCertificate.Approvals[0].Info) - require.Equal(t, setup.Trustee2.String(), rejectedCertificate.Rejects[0].Address) - require.Equal(t, testconstants.Info, rejectedCertificate.Rejects[0].Info) - require.Equal(t, setup.Trustee3.String(), rejectedCertificate.Rejects[1].Address) - require.Equal(t, testconstants.Info, rejectedCertificate.Rejects[1].Info) - - // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert = types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err = setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - // certificate should be in the entity , because we haven't enough reject approvals - _, err = utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - - // certificate should not be in the entity , because we have propose that certificate - _, err = utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Error(t, err) - - // reject x509 root certificate by account Trustee3 - rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert(setup.Trustee3.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) - - // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) - require.NoError(t, err) - - // certificate should be in the entity , because we have enough rejected approvals - rejectedCertificates, err = utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - - // check rejected certificate - rejectedCertificate = rejectedCertificates.Certs[0] - require.Equal(t, proposeAddX509RootCert.Cert, rejectedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, rejectedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, rejectedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, rejectedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, rejectedCertificate.SerialNumber) - require.Equal(t, setup.Trustee1.String(), rejectedCertificate.Approvals[0].Address) - require.Equal(t, testconstants.Info, rejectedCertificate.Approvals[0].Info) - require.Equal(t, setup.Trustee3.String(), rejectedCertificate.Rejects[0].Address) - require.Equal(t, testconstants.Info, rejectedCertificate.Rejects[0].Info) - require.Equal(t, setup.Trustee2.String(), rejectedCertificate.Rejects[1].Address) - require.Equal(t, testconstants.Info, rejectedCertificate.Rejects[1].Info) -} diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index 68f44a7ab..e745e9ade 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -10,8 +10,6 @@ import ( dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) // Main @@ -48,8 +46,6 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } -// Extra cases - func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { setup := utils.Setup(t) @@ -141,7 +137,7 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) } -func TestHandler_AddDaCert_ForTree(t *testing.T) { +func TestHandler_AddDaIntermediateCert_ForTree(t *testing.T) { setup := utils.Setup(t) // add root x509 certificate @@ -194,68 +190,6 @@ func TestHandler_AddDaCert_ForTree(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } -//nolint:funlen -func TestHandler_AddX509Cert_EachChildCertRefersToTwoParentCerts(t *testing.T) { - setup := utils.Setup(t) - - // store root certificate - rootCert := utils.RootDaCertificate(setup.Trustee1) - utils.AddMokedDaCertificate(setup, rootCert) - - // store second root certificate - rootCert = utils.RootDaCertificate(setup.Trustee1) - rootCert.SerialNumber = utils.SerialNumber - utils.AddMokedDaCertificate(setup, rootCert) - - // store intermediate certificate (it refers to two parent certificates) - intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) - intermediateCertificate.SerialNumber = utils.SerialNumber - utils.AddMokedDaCertificate(setup, intermediateCertificate) - - // store second intermediate certificate (it refers to two parent certificates) - utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - - // store leaf certificate (it refers to two parent certificates) - leafCertificate := utils.LeafCertificate(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, leafCertificate) - - // query root certificate - rootCertificates, _ := utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.Equal(t, 2, len(rootCertificates.Certs)) - - // check child certificate identifiers of root certificate - rootCertChildren, _ := utils.QueryChildCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - - require.Equal(t, 1, len(rootCertChildren.CertIds)) - require.Equal(t, - utils.CertificateIdentifier(testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID), - *rootCertChildren.CertIds[0]) - - // query intermediate certificate - intermediateCertificates, _ := utils.QueryApprovedCertificates( - setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - require.Equal(t, 2, len(intermediateCertificates.Certs)) - - // check child certificate identifiers of intermediate certificate - intermediateCertChildren, _ := utils.QueryChildCertificates( - setup, testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID) - - require.Equal(t, 1, len(intermediateCertChildren.CertIds)) - require.Equal(t, - utils.CertificateIdentifier(testconstants.LeafSubject, testconstants.LeafSubjectKeyID), - *intermediateCertChildren.CertIds[0]) - - // query leaf certificate - leafCertificates, _ := utils.QueryApprovedCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) - require.Equal(t, 1, len(leafCertificates.Certs)) - - // check child certificate identifiers of intermediate certificate - leafCertChildren, err := utils.QueryChildCertificates(setup, testconstants.LeafSubject, testconstants.LeafSubjectKeyID) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - require.Nil(t, leafCertChildren) -} - func TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) @@ -297,7 +231,7 @@ func TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } -func TestHandler_AddX509Cert_VIDScopedRoot(t *testing.T) { +func TestHandler_AddDaIntermediateCert_VIDScopedRoot(t *testing.T) { setup := utils.Setup(t) accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) @@ -331,7 +265,7 @@ func TestHandler_AddX509Cert_VIDScopedRoot(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } -func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { +func TestHandler_AddDaIntermediateCert_NonVIDScopedRoot(t *testing.T) { accAddress := utils.GenerateAccAddress() cases := []struct { @@ -387,39 +321,33 @@ func TestHandler_AddX509Cert_NonVIDScopedRoot(t *testing.T) { // Error cases -func TestHandler_AddX509Cert_ForInvalidCertificate(t *testing.T) { +func TestHandler_AddDaIntermediateCert_ForInvalidCertificate(t *testing.T) { setup := utils.Setup(t) - accAddress := setup.CreateVendorAccount(1) - // add x509 certificate - addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.StubCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.StubCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate) } -func TestHandler_AddX509Cert_ForRootCertificate(t *testing.T) { +func TestHandler_AddDaIntermediateCert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) - accAddress := setup.CreateVendorAccount(1) - // add root certificate as leaf x509 certificate - addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.RootCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.RootCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrNonRootCertificateSelfSigned) } -func TestHandler_AddX509Cert_ForDuplicate(t *testing.T) { +func TestHandler_AddDaIntermediateCert_ForDuplicate(t *testing.T) { setup := utils.Setup(t) // store root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - accAddress := setup.CreateVendorAccount(1) - // store intermediate certificate - addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) @@ -428,47 +356,7 @@ func TestHandler_AddX509Cert_ForDuplicate(t *testing.T) { require.ErrorIs(t, err, pkitypes.ErrCertificateAlreadyExists) } -func TestHandler_AddX509Cert_ForExistingNocCertificate(t *testing.T) { - setup := utils.Setup(t) - - // store root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - - // Store the NOC certificate - nocCertificate := utils.IntermediateDaCertificate(setup.Vendor1) - nocCertificate.SerialNumber = testconstants.TestSerialNumber - nocCertificate.CertificateType = types.CertificateType_OperationalPKI - - setup.Keeper.AddAllCertificate(setup.Ctx, nocCertificate) - setup.Keeper.AddNocIcaCertificate(setup.Ctx, nocCertificate) - uniqueCertificate := types.UniqueCertificate{ - Issuer: nocCertificate.Issuer, - SerialNumber: nocCertificate.SerialNumber, - Present: true, - } - setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) - - // store intermediate certificate - addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.ErrorIs(t, err, pkitypes.ErrInappropriateCertificateType) -} - -func TestHandler_AddX509Cert_NoRootCert(t *testing.T) { - setup := utils.Setup(t) - - // add intermediate certificate - intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) - setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) - - // add leaf x509 certificate - addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.LeafCertPem, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate) -} - -func TestHandler_AddX509Cert_RootIsNoc(t *testing.T) { +func TestHandler_AddDaIntermediateCert_RootIsNoc(t *testing.T) { setup := utils.Setup(t) accAddress := setup.CreateVendorAccount(testconstants.IntermediateCertWithVid1Vid) @@ -484,7 +372,7 @@ func TestHandler_AddX509Cert_RootIsNoc(t *testing.T) { require.ErrorIs(t, err, pkitypes.ErrInappropriateCertificateType) } -func TestHandler_AddX509Cert_ForAbsentDirectParentCert(t *testing.T) { +func TestHandler_AddDaIntermediateCert_ForAbsentDirectParentCert(t *testing.T) { setup := utils.Setup(t) // add intermediate x509 certificate @@ -493,52 +381,34 @@ func TestHandler_AddX509Cert_ForAbsentDirectParentCert(t *testing.T) { require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist) } -func TestHandler_AddX509Cert_ForFailedCertificateVerification(t *testing.T) { +func TestHandler_AddDaIntermediateCert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) - // add invalid root - invalidRootCertificate := types.NewRootCertificate(testconstants.StubCertPem, - testconstants.RootSubject, testconstants.RootSubjectAsText, testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, setup.Trustee1.String(), []*types.Grant{}, []*types.Grant{}, testconstants.Vid, testconstants.SchemaVersion) - setup.Keeper.AddAllCertificate(setup.Ctx, invalidRootCertificate) + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // add intermediate x509 certificate - addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.ErrorIs(t, err, pkitypes.ErrInvalidCertificate) -} - -func TestHandler_AddX509Cert_ByOtherVendor(t *testing.T) { - setup := utils.Setup(t) - - // store root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - - // add first vendor account with VID = 1 - vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Store an intermediate certificate with the first vendor account as the owner - intermediateCertificate := utils.IntermediateDaCertificate(vendorAccAddress1) - intermediateCertificate.SerialNumber = utils.SerialNumber - setup.Keeper.AddAllCertificate(setup.Ctx, intermediateCertificate) - setup.Keeper.AddApprovedCertificateBySubjectKeyID(setup.Ctx, intermediateCertificate) - setup.Keeper.SetUniqueCertificate( - setup.Ctx, - utils.UniqueCertificate(intermediateCertificate.Issuer, intermediateCertificate.SerialNumber), - ) + // Add intermediate certificate + testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) - // add seconf vendor account with VID = 1000 - vendorAccAddress2 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) + // add second vendor account with VID = 1000 + vendorAccAddress2 := setup.CreateVendorAdminAccount(testconstants.VendorID1) - // add an intermediate certificate with the same subject and SKID by second vendor account - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress2.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + // add second intermediate certificates with same Subject/SKID + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress2) + addX509Cert := types.NewMsgAddX509Cert( + vendorAccAddress2.String(), + testIntermediateCertificate2.PemCert, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) } -func TestHandler_AddX509Cert_SenderNotVendor(t *testing.T) { +func TestHandler_AddDaIntermediateCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate @@ -551,7 +421,7 @@ func TestHandler_AddX509Cert_SenderNotVendor(t *testing.T) { require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) } -func TestHandler_AddX509Cert_VIDScopedRoot_NegativeCases(t *testing.T) { +func TestHandler_AddDaIntermediateCert_VIDScopedRoot_NegativeCases(t *testing.T) { accAddress := utils.GenerateAccAddress() cases := []struct { @@ -594,7 +464,7 @@ func TestHandler_AddX509Cert_VIDScopedRoot_NegativeCases(t *testing.T) { } } -func TestHandler_AddX509Cert_NonVIDScopedRoot_NegativeCases(t *testing.T) { +func TestHandler_AddDaIntermediateCert_NonVIDScopedRoot_NegativeCases(t *testing.T) { accAddress := utils.GenerateAccAddress() cases := []struct { diff --git a/x/pki/tests/handler_add_revocation_test.go b/x/pki/tests/handler_add_revocation_test.go index c0e8c7e5b..33a0daddd 100644 --- a/x/pki/tests/handler_add_revocation_test.go +++ b/x/pki/tests/handler_add_revocation_test.go @@ -12,6 +12,138 @@ import ( "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) +func TestHandler_RevocationPointsByIssuerSubjectKeyID(t *testing.T) { + setup := utils.Setup(t) + + vendorAcc := setup.CreateVendorAccount(65521) + + // propose x509 root certificate by account Trustee1 + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + testconstants.PAACertWithNumericVid, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(t, err) + + // approve + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee2.String(), + testconstants.PAACertWithNumericVidSubject, + testconstants.PAACertWithNumericVidSubjectKeyID, + testconstants.Info) + _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + require.NoError(t, err) + + revocationPointBySubjectKeyID, isFound := setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) + require.False(t, isFound) + require.Equal(t, len(revocationPointBySubjectKeyID.Points), 0) + + addPkiRevocationDistributionPoint := types.MsgAddPkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: testconstants.PAACertWithNumericVidVid, + IsPAA: true, + Pid: 8, + CrlSignerCertificate: testconstants.PAACertWithNumericVid, + Label: "label", + DataURL: testconstants.DataURL + "/1", + IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + RevocationType: 1, + } + _, err = setup.Handler(setup.Ctx, &addPkiRevocationDistributionPoint) + require.NoError(t, err) + + revocationPointBySubjectKeyID, isFound = setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) + require.True(t, isFound) + require.Equal(t, len(revocationPointBySubjectKeyID.Points), 1) + + addPkiRevocationDistributionPoint = types.MsgAddPkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: testconstants.PAACertWithNumericVidVid, + IsPAA: true, + Pid: 8, + CrlSignerCertificate: testconstants.PAACertWithNumericVid, + Label: "label1", + DataURL: testconstants.DataURL + "/2", + IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + RevocationType: 1, + } + _, err = setup.Handler(setup.Ctx, &addPkiRevocationDistributionPoint) + require.NoError(t, err) + + revocationPointBySubjectKeyID, isFound = setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) + require.True(t, isFound) + require.Equal(t, len(revocationPointBySubjectKeyID.Points), 2) + + dataURLNew := testconstants.DataURL + "/new" + updatePkiRevocationDistributionPoint := types.MsgUpdatePkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: testconstants.PAACertWithNumericVidVid, + CrlSignerCertificate: testconstants.PAACertWithNumericVid, + Label: "label", + DataURL: dataURLNew, + IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + } + _, err = setup.Handler(setup.Ctx, &updatePkiRevocationDistributionPoint) + require.NoError(t, err) + + revocationPointBySubjectKeyID, isFound = setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) + require.True(t, isFound) + require.Equal(t, len(revocationPointBySubjectKeyID.Points), 2) + require.Equal(t, revocationPointBySubjectKeyID.Points[0].CrlSignerCertificate, updatePkiRevocationDistributionPoint.CrlSignerCertificate) + require.Equal(t, revocationPointBySubjectKeyID.Points[0].DataURL, updatePkiRevocationDistributionPoint.DataURL) + + deletePkiRevocationDistributionPoint := types.MsgDeletePkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: 65521, + Label: "label", + IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + } + _, err = setup.Handler(setup.Ctx, &deletePkiRevocationDistributionPoint) + require.NoError(t, err) + + revocationPointBySubjectKeyID, isFound = setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) + require.True(t, isFound) + require.Equal(t, len(revocationPointBySubjectKeyID.Points), 1) +} + +func TestHandler_AddRevocationPointForSameCertificateWithDifferentWhitespaces(t *testing.T) { + setup := utils.Setup(t) + + vendorAcc := setup.CreateVendorAccount(65521) + + // propose x509 root certificate by account Trustee1 + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.PAACertWithNumericVid, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(t, err) + + // approve + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee2.String(), testconstants.PAACertWithNumericVidSubject, testconstants.PAACertWithNumericVidSubjectKeyID, testconstants.Info) + _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + require.NoError(t, err) + + addPkiRevocationDistributionPoint := types.MsgAddPkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: testconstants.PAACertWithNumericVidVid, + IsPAA: true, + Pid: 8, + CrlSignerCertificate: testconstants.PAACertWithNumericVidDifferentWhitespaces, + Label: "label", + DataURL: testconstants.DataURL + "/1", + IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + RevocationType: 1, + } + _, err = setup.Handler(setup.Ctx, &addPkiRevocationDistributionPoint) + require.NoError(t, err) + + revocationPointBySubjectKeyID, isFound := setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) + require.True(t, isFound) + require.Equal(t, len(revocationPointBySubjectKeyID.Points), 1) + require.Equal(t, revocationPointBySubjectKeyID.Points[0].CrlSignerCertificate, addPkiRevocationDistributionPoint.CrlSignerCertificate) +} + func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { accAddress := utils.GenerateAccAddress() diff --git a/x/pki/tests/handler_approve_add_paa_cert_test.go b/x/pki/tests/handler_approve_add_paa_cert_test.go new file mode 100644 index 000000000..1f700d1ac --- /dev/null +++ b/x/pki/tests/handler_approve_add_paa_cert_test.go @@ -0,0 +1,359 @@ +package tests + +import ( + "math" + "testing" + + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/stretchr/testify/require" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// Main + +func TestHandler_AddDaRootCert(t *testing.T) { + setup := utils.Setup(t) + + // propose add x509 root certificate by trustee + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) + + // approve by second trustee + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) +} + +func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { + setup := utils.Setup(t) + + // propose x509 root certificate by account without trustee role + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) + + // Create an array of trustee account from 1 to 50 + trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() + + // We have 3 Trustees in test setup. + twoThirds := int(math.Ceil(types.RootCertificateApprovalsPercent * float64(3+totalAdditionalTrustees))) + + // Until we hit 2/3 of the total number of Trustees, we should not be able to approve the certificate + for i := 1; i < twoThirds-1; i++ { + utils.ApproveDaRootCertificate(setup, trusteeAccounts[i], rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + } + + // One more approval will move this to approved state from pending + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // Additional checks + for i := 1; i < twoThirds-1; i++ { + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(trusteeAccounts[i].String()), true) + } + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(setup.Trustee1.String()), true) + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(setup.Trustee2.String()), true) +} + +func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) { + setup := utils.Setup(t) + + // we have 5 trustees: 1 approval comes from propose => we need 3 more approvals + + // store 4th trustee + fourthTrustee := utils.GenerateAccAddress() + setup.AddAccount(fourthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + + // store 5th trustee + fifthTrustee := utils.GenerateAccAddress() + setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + + // propose x509 root certificate by account Trustee1 + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) + + // approve x509 root certificate by account Trustee2 + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // approve x509 root certificate by account Trustee3 + utils.ApproveDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // reject x509 root certificate by account Trustee4 + utils.RejectDaRootCertificate(setup, fourthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // Check state indexes - certificate is in proposed state + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // approve x509 root certificate by account Trustee5 + utils.ApproveDaRootCertificate(setup, fifthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // Check state indexes + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) +} + +func TestHandler_AddDaRootCert_SameSkid_DifferentSubject(t *testing.T) { + setup := utils.Setup(t) + + // add Certificate1 + testRootCertificate := utils.RootDaCertWithSameSubjectKeyID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) + + // add Certificate2 + testRootCertificate2 := utils.RootDaCertificateWithSameSubjectKeyID2(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate2) + + // Check indexes by subject + subject key id + allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) + require.Equal(t, 2, len(allApprovedCertificates)) + + allCertificates, _ := utils.QueryAllCertificatesAll(setup) + require.Equal(t, 2, len(allCertificates)) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, + } + // check for first + utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + // check for second + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate2, indexes) + + // Additional checks + require.Equal(t, testRootCertificate.SubjectKeyId, resolvedCertificates.AllCertificatesBySubjectKeyID[0].SubjectKeyId) + require.Equal(t, testRootCertificate.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[0].Subject) + require.Equal(t, testRootCertificate2.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[1].Subject) +} + +func TestHandler_AddDaRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { + setup := utils.Setup(t) + + rootCertificate1 := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) + + rootCertificate2 := utils.RootDaCertificateWithSameSubjectAndSKID2(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) + + // Check: + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) +} + +func TestHandler_ApproveAddDaRootCert_PreviouslyRejectedByCurrentTrustee(t *testing.T) { + setup := utils.Setup(t) + + // Add one more Trustee + setup.CreateTrusteeAccount(testconstants.Vid) + + // propose add x509 root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) + + // reject x509 root certificate by account Trustee2 + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // approve x509 root certificate by account Trustee2 + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + // check certificate state indexes + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + require.Len(t, resolvedCertificates.ProposedCertificate.Approvals, 2) + require.Len(t, resolvedCertificates.ProposedCertificate.Rejects, 0) + require.Equal(t, setup.Trustee1.String(), resolvedCertificates.ProposedCertificate.Approvals[0].Address) + require.Equal(t, setup.Trustee2.String(), resolvedCertificates.ProposedCertificate.Approvals[1].Address) +} + +// Error cases + +func TestHandler_ApproveAddDaRootCert_ForUnknownProposedCertificate(t *testing.T) { + setup := utils.Setup(t) + + // approve + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + _, err := setup.Handler(setup.Ctx, approveAddX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrProposedCertificateDoesNotExist.Is(err)) +} + +func TestHandler_ApproveAddDaRootCert_ByNotTrustee(t *testing.T) { + setup := utils.Setup(t) + + // propose add x509 root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(t, err) + + for _, role := range []dclauthtypes.AccountRole{ + dclauthtypes.Vendor, + dclauthtypes.CertificationCenter, + dclauthtypes.NodeAdmin, + } { + accAddress := utils.GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) + + // approve + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + accAddress.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + require.Error(t, err) + require.True(t, sdkerrors.ErrUnauthorized.Is(err)) + } +} + +func TestHandler_ApproveAddDaRootCert_Twice(t *testing.T) { + setup := utils.Setup(t) + + // store account without Trustee role + accAddress := setup.CreateTrusteeAccount(1) + + // propose add x509 root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(accAddress.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(t, err) + + // approve + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + require.NoError(t, err) + + // approve second time + _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + require.Error(t, err) + require.True(t, sdkerrors.ErrUnauthorized.Is(err)) +} diff --git a/x/pki/tests/handler_approve_revoke_paa_cert_test.go b/x/pki/tests/handler_approve_revoke_paa_cert_test.go new file mode 100644 index 000000000..971292336 --- /dev/null +++ b/x/pki/tests/handler_approve_revoke_paa_cert_test.go @@ -0,0 +1,551 @@ +package tests + +import ( + "math" + "testing" + + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/stretchr/testify/require" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// Main + +func TestHandler_ApproveRevokeDaRootCert_NotEnoughApprovals(t *testing.T) { + setup := utils.Setup(t) + + // propose and approve x509 root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // Add 1 more trustee (this will bring the total trustee's to 4) + setup.CreateTrusteeAccount(1) + + // propose revocation of x509 root certificate + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber, + false) + + // approve + utils.ApproveRevokeDaRootCertificate( + setup, + setup.Trustee2, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber) + + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) +} + +func TestHandler_RevokeDaRootCert_BySubjectAndSKID(t *testing.T) { + setup := utils.Setup(t) + + rootCertificate1 := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) + + rootCertificate2 := utils.RootDaCertificateWithSameSubjectAndSKID2(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) + + // revoke Certificate1 certificate + utils.ProposeAndApproveCertificateRevocation( + setup, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, + "", + ) + + // Check: Certificate1 is revoked + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) +} + +func TestHandler_RevokeDaRootCert_BySerialNumber(t *testing.T) { + setup := utils.Setup(t) + + rootCertificate1 := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) + + rootCertificate2 := utils.RootDaCertificateWithSameSubjectAndSKID2(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) + + // revoke Certificate1 certificate + utils.ProposeAndApproveCertificateRevocation( + setup, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, + rootCertificate1.SerialNumber, + ) + + // Check: Certificate1 - RevokedCertificates - present + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 1}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) + + // revoke Certificate2 certificate + utils.ProposeAndApproveCertificateRevocation( + setup, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyId, + rootCertificate2.SerialNumber, + ) + + // Check: Certificate1 is revoked + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) +} + +func TestHandler_RevokeDaRootCert_RevokeChild(t *testing.T) { + setup := utils.Setup(t) + + // add root x509 certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // add intermediate x509 certificate + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) + + // propose revocation of x509 root certificate + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber, + true) + + // approve + utils.ApproveRevokeDaRootCertificate( + setup, + setup.Trustee2, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber) + + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) +} + +func TestHandler_RevokeDaRootCert_KeepChild(t *testing.T) { + setup := utils.Setup(t) + + // add root x509 certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // add intermediate x509 certificate + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) + + // propose revocation of x509 root certificate + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber, + false) + + // approve + utils.ApproveRevokeDaRootCertificate( + setup, + setup.Trustee2, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber) + + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) +} + +func TestHandler_RevokeDaRootCert_BySubjectAndSkid_TwoCertificatesWithSameSkid(t *testing.T) { + setup := utils.Setup(t) + + // add root certificates + rootCertificate1 := utils.RootDaCertWithSameSubjectKeyID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) + + rootCertificate2 := utils.RootDaCertificateWithSameSubjectKeyID2(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) + + // revoke Certificate1 certificate + utils.ProposeAndApproveCertificateRevocation( + setup, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, + "", + ) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, // another cert with same SKID exists + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, // another cert with same SKID exist + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + + // second still exists + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) +} + +func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { + setup := utils.Setup(t) + + // add root x509 certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // Create an array of trustee account from 1 to 50 + trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() + + // We have 3 Trustees in test setup. + twoThirds := int(math.Ceil(types.RootCertificateApprovalsPercent * float64(3+totalAdditionalTrustees))) + + // Trustee1 proposes to revoke the certificate + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber, + false) + + // Until we hit 2/3 of the total number of Trustees, we should not be able to revoke the certificate + // We start the counter from 2 as the proposer is a trustee as well + for i := 1; i < twoThirds-1; i++ { + // approve the revocation + utils.ApproveRevokeDaRootCertificate( + setup, + trusteeAccounts[i], + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber) + + // check that the certificate is still not revoked + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + } + + // One more revoke will revoke the certificate + utils.ApproveRevokeDaRootCertificate( + setup, + setup.Trustee2, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber) + + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.RevokedRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // Make sure all the approvals are present + for i := 1; i < twoThirds-1; i++ { + require.Equal(t, resolvedCertificates.RevokedCertificates.Certs[0].HasApprovalFrom(trusteeAccounts[i].String()), true) + } + require.Equal(t, resolvedCertificates.RevokedCertificates.Certs[0].HasApprovalFrom(setup.Trustee1.String()), true) + require.Equal(t, resolvedCertificates.RevokedCertificates.Certs[0].HasApprovalFrom(setup.Trustee2.String()), true) +} + +// Error cases + +func TestHandler_ApproveRevokeDaRootCert_ByNotTrustee(t *testing.T) { + setup := utils.Setup(t) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // propose revocation of x509 root certificate + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCert.Subject, + rootCert.SubjectKeyId, + "", + false) + + for _, role := range []dclauthtypes.AccountRole{ + dclauthtypes.Vendor, + dclauthtypes.CertificationCenter, + dclauthtypes.NodeAdmin, + } { + accAddress := utils.GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) + + // approve + approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( + accAddress.String(), + rootCert.Subject, + rootCert.SubjectKeyId, + rootCert.SerialNumber, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, approveRevokeX509RootCert) + require.Error(t, err) + require.True(t, sdkerrors.ErrUnauthorized.Is(err)) + } +} + +func TestHandler_ApproveRevokeDaRootCert_ProposedRevocationDoesNotExist(t *testing.T) { + setup := utils.Setup(t) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // approve revocation of x509 root certificate + approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( + setup.Trustee1.String(), + rootCert.Subject, + rootCert.SubjectKeyId, + rootCert.SerialNumber, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, approveRevokeX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrProposedCertificateRevocationDoesNotExist.Is(err)) +} + +func TestHandler_ApproveRevokeDaRootCert_BySerialNumber_ProposedRevocationDoesNotExist(t *testing.T) { + setup := utils.Setup(t) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // propose certificate revocation + utils.ProposeAndApproveCertificateRevocation( + setup, + rootCert.Subject, + rootCert.SubjectKeyId, + "", + ) + + // approve revocation of x509 root certificate + approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( + setup.Trustee1.String(), + rootCert.Subject, + rootCert.SubjectKeyId, + "invalid", + testconstants.Info) + _, err := setup.Handler(setup.Ctx, approveRevokeX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrProposedCertificateRevocationDoesNotExist.Is(err)) +} + +func TestHandler_ApproveRevokeDaRootCert_Twice(t *testing.T) { + setup := utils.Setup(t) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // propose revocation of x509 root certificate + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCert.Subject, + rootCert.SubjectKeyId, + rootCert.SerialNumber, + false, + ) + + // approve revocation by the same trustee + approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( + setup.Trustee1.String(), + rootCert.Subject, + rootCert.SubjectKeyId, + rootCert.SerialNumber, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, approveRevokeX509RootCert) + require.Error(t, err) + require.True(t, sdkerrors.ErrUnauthorized.Is(err)) +} diff --git a/x/pki/tests/handler_propose_paa_cert_test.go b/x/pki/tests/handler_propose_paa_cert_test.go new file mode 100644 index 000000000..c840764de --- /dev/null +++ b/x/pki/tests/handler_propose_paa_cert_test.go @@ -0,0 +1,300 @@ +package tests + +import ( + "testing" + + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/stretchr/testify/require" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// Main + +func TestHandler_ProposeAddDaRootCert(t *testing.T) { + setup := utils.Setup(t) + + // propose DA root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, rootCertificate) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + require.Equal(t, proposeAddX509RootCert.Cert, resolvedCertificates.ProposedCertificate.PemCert) + require.True(t, resolvedCertificates.ProposedCertificate.HasApprovalFrom(proposeAddX509RootCert.Signer)) +} + +func TestHandler_ProposeAddDaRootCert_SameSkidButDifferentSubject(t *testing.T) { + setup := utils.Setup(t) + + // add Certificate1 + testRootCertificate := utils.RootDaCertWithSameSubjectKeyID1(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, testRootCertificate) + + // add Certificate2 + testRootCertificate2 := utils.RootDaCertificateWithSameSubjectKeyID2(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, testRootCertificate2) + + // Check indexes by subject + subject key id + allApprovedCertificates, _ := utils.QueryAllProposedCertificates(setup) + require.Equal(t, 2, len(allApprovedCertificates)) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + // check for first + utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, testRootCertificate2, indexes) +} + +func TestHandler_ProposeAddDaRootCert_DifferentSerialNumber(t *testing.T) { + setup := utils.Setup(t) + + // store root certificate with different serial number + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + rootCertificate.SerialNumber = utils.SerialNumber + utils.AddMokedDaCertificate(setup, rootCertificate) + + // propose second root certificate + testRootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, testRootCertificate) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, // we have both: Proposed and Approved + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 1}, // single approved + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + }, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + + // additional check + require.Equal(t, testRootCertificate.SerialNumber, resolvedCertificates.ProposedCertificate.SerialNumber) +} + +func TestHandler_ProposeAddDaRootCert_PreviouslyRejected(t *testing.T) { + setup := utils.Setup(t) + + // propose x509 root certificate by account Trustee1 + testRootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, testRootCertificate) + + // reject x509 root certificate by account Trustee2 + rejectAddX509RootCert1 := utils.RejectDaRootCertificate(setup, setup.Trustee2, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) + + // reject x509 root certificate by account Trustee3 + rejectAddX509RootCert2 := utils.RejectDaRootCertificate(setup, setup.Trustee3, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) + + // Check state indexes - rejected + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + + // propose again + proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, testRootCertificate) + + // Check state indexes - proposed + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + + require.Equal(t, proposeAddX509RootCert.Cert, resolvedCertificates.ProposedCertificate.PemCert) + require.True(t, resolvedCertificates.ProposedCertificate.HasApprovalFrom(proposeAddX509RootCert.Signer)) + require.False(t, resolvedCertificates.ProposedCertificate.HasRejectFrom(rejectAddX509RootCert1.Signer)) + require.False(t, resolvedCertificates.ProposedCertificate.HasRejectFrom(rejectAddX509RootCert2.Signer)) +} + +// Error cases + +func TestHandler_ProposeAddDaRootCert_ByNotTrustee(t *testing.T) { + setup := utils.Setup(t) + + for _, role := range []dclauthtypes.AccountRole{ + dclauthtypes.Vendor, + dclauthtypes.CertificationCenter, + dclauthtypes.NodeAdmin, + } { + accAddress := utils.GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) + + // propose x509 root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(accAddress.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) + } +} + +func TestHandler_ProposeAddDaRootCert_ForInvalidCertificate(t *testing.T) { + setup := utils.Setup(t) + + // propose x509 root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.StubCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrInvalidCertificate.Is(err)) +} + +func TestHandler_ProposeAddDaRootCert_ForNonRootCertificate(t *testing.T) { + setup := utils.Setup(t) + + // propose x509 leaf certificate as root + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.LeafCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) +} + +func TestHandler_ProposeAddDaRootCert_ProposedCertificateAlreadyExists(t *testing.T) { + setup := utils.Setup(t) + + // propose adding of x509 root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(t, err) + + // store another account + anotherAccount := utils.GenerateAccAddress() + setup.AddAccount(anotherAccount, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + + // propose adding of the same x509 root certificate again + proposeAddX509RootCert = types.NewMsgProposeAddX509RootCert(anotherAccount.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err = setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrProposedCertificateAlreadyExists.Is(err)) +} + +func TestHandler_ProposeAddDaRootCert_CertificateAlreadyExists(t *testing.T) { + setup := utils.Setup(t) + + // store x509 root certificate + rootCertificate := utils.RootDaCertificate(testconstants.Address1) + setup.Keeper.SetUniqueCertificate( + setup.Ctx, + utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), + ) + setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) + + // propose adding of the same x509 root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrCertificateAlreadyExists.Is(err)) +} + +func TestHandler_ProposeAddDaRootCert_ForNocCertificate(t *testing.T) { + setup := utils.Setup(t) + + // Store the NOC root certificate + nocRootCertificate := utils.RootDaCertificate(setup.Vendor1) + nocRootCertificate.SerialNumber = testconstants.TestSerialNumber + nocRootCertificate.CertificateType = types.CertificateType_OperationalPKI + nocRootCertificate.Approvals = nil + nocRootCertificate.Rejects = nil + + setup.Keeper.AddAllCertificate(setup.Ctx, nocRootCertificate) + setup.Keeper.AddApprovedCertificate(setup.Ctx, nocRootCertificate) + setup.Keeper.AddNocRootCertificate(setup.Ctx, nocRootCertificate) + uniqueCertificate := types.UniqueCertificate{ + Issuer: nocRootCertificate.Issuer, + SerialNumber: nocRootCertificate.SerialNumber, + Present: true, + } + setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) + + // propose a new root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) +} + +func TestHandler_ProposeAddDaRootCert_ForDifferentSigner(t *testing.T) { + setup := utils.Setup(t) + + // store root certificate with different serial number + rootCertificate := utils.RootDaCertificate(testconstants.Address1) + rootCertificate.SerialNumber = utils.SerialNumber + setup.Keeper.SetUniqueCertificate( + setup.Ctx, + utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), + ) + setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) + setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) + + // propose second root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.Error(t, err) + require.True(t, sdkerrors.ErrUnauthorized.Is(err)) +} diff --git a/x/pki/tests/handler_propose_revoke_paa_cert_test.go b/x/pki/tests/handler_propose_revoke_paa_cert_test.go new file mode 100644 index 000000000..9821d8d07 --- /dev/null +++ b/x/pki/tests/handler_propose_revoke_paa_cert_test.go @@ -0,0 +1,386 @@ +package tests + +import ( + "testing" + + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/stretchr/testify/require" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// Main + +func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { + setup := utils.Setup(t) + + // propose x509 root certificate by `setup.Trustee` and approve by another trustee + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // propose revocation of x509 root certificate by `setup.Trustee` + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber, + false) + + // Check: Certificate is proposed to revoke + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // additional check + require.True(t, resolvedCertificates.ProposedRevocation.HasRevocationFrom(setup.Trustee1.String())) +} + +func TestHandler_ProposeRevokeDaRootCert_TwoCertificates(t *testing.T) { + setup := utils.Setup(t) + + rootCertificate1 := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) + + rootCertificate2 := utils.RootDaCertificateWithSameSubjectAndSKID2(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) + + // propose revocation of first certificate by `setup.Trustee` + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, + rootCertificate1.SerialNumber, + false) + + // Check: Certificate1 is proposed to revoke + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + + // Check: Certificate2 is not proposed to revoke + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) +} + +func TestHandler_ProposeRevokeDaRootCert_KeepChild(t *testing.T) { + setup := utils.Setup(t) + + // add root x509 certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // add intermediate x509 certificate + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) + + // propose revocation of x509 root certificate by new trustee + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber, + false) + + // Check: Intermediate is approved state + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) +} + +func TestHandler_ProposeRevokeDaRootCert_RevokeChild(t *testing.T) { + setup := utils.Setup(t) + + // add root x509 certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // add intermediate x509 certificate + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) + + // propose revocation of x509 root certificate by new trustee + utils.ProposeRevokeDaRootCertificate( + setup, + setup.Trustee1, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber, + true) + + // Check: Intermediate is approved state - not affected at propose step + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) +} + +func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { + setup := utils.Setup(t) + + // propose x509 root certificate by `setup.Trustee` and approve by another trustee + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // add another trustee + anotherTrustee := setup.CreateTrusteeAccount(1) + + // propose revocation of x509 root certificate by new trustee + utils.ProposeRevokeDaRootCertificate( + setup, + anotherTrustee, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber, + false) + + // Check: Certificate is proposed to revoke + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // additional check + require.True(t, resolvedCertificates.ProposedRevocation.HasRevocationFrom(anotherTrustee.String())) +} + +// Error cases + +func TestHandler_ProposeRevokeDaRootCert_ByNotTrustee(t *testing.T) { + setup := utils.Setup(t) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + for _, role := range []dclauthtypes.AccountRole{ + dclauthtypes.Vendor, + dclauthtypes.CertificationCenter, + dclauthtypes.NodeAdmin, + } { + accAddress := utils.GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) + + // propose revocation of x509 root certificate + proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( + accAddress.String(), + rootCert.Subject, + rootCert.SubjectKeyId, + rootCert.SerialNumber, + false, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + require.Error(t, err) + require.True(t, sdkerrors.ErrUnauthorized.Is(err)) + } +} + +func TestHandler_ProposeRevokeDaRootCert_CertificateDoesNotExist(t *testing.T) { + setup := utils.Setup(t) + + // propose revocation of not existing certificate + proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( + setup.Trustee1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.RootSerialNumber, + false, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) +} + +func TestHandler_ProposeRevokeDaRootCert_CertificateDoesNotExistBySerialNumber(t *testing.T) { + setup := utils.Setup(t) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // revoke x509 certificate + revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( + setup.Trustee1.String(), + rootCert.Subject, + rootCert.RootSubjectKeyId, + "invalid", + false, + testconstants.Info, + ) + _, err := setup.Handler(setup.Ctx, revokeX509Cert) + require.Error(t, err) + require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) +} + +func TestHandler_ProposeRevokeDaRootCert_ForProposedCertificate(t *testing.T) { + setup := utils.Setup(t) + + // propose x509 root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) + + // propose revocation of proposed root certificate + proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( + setup.Trustee1.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber, + false, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) +} + +func TestHandler_ProposeRevokeDaRootCert_ProposedRevocationAlreadyExists(t *testing.T) { + setup := utils.Setup(t) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // propose revocation of x509 root certificate + proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( + setup.Trustee1.String(), + rootCert.Subject, + rootCert.SubjectKeyId, + rootCert.SerialNumber, + false, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + require.NoError(t, err) + + // propose revocation of the same x509 root certificate again + proposeRevokeX509RootCert = types.NewMsgProposeRevokeX509RootCert( + setup.Trustee2.String(), + rootCert.Subject, + rootCert.SubjectKeyId, + rootCert.SerialNumber, + false, + testconstants.Info) + _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrProposedCertificateRevocationAlreadyExists.Is(err)) +} + +func TestHandler_ProposeRevokeDaRootCert_ForNonRootCertificate(t *testing.T) { + setup := utils.Setup(t) + + // add DA root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // add DA PAI certificate + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) + + // propose revocation of x509 intermediate certificate + proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( + setup.Trustee1.String(), + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyId, + testIntermediateCertificate.SerialNumber, + false, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) +} diff --git a/x/pki/tests/handler_reject_add_paa_cert_test.go b/x/pki/tests/handler_reject_add_paa_cert_test.go new file mode 100644 index 000000000..9654e54cc --- /dev/null +++ b/x/pki/tests/handler_reject_add_paa_cert_test.go @@ -0,0 +1,323 @@ +package tests + +import ( + "testing" + + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/stretchr/testify/require" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// Main + +func TestHandler_RejectAddDaRootCert(t *testing.T) { + setup := utils.Setup(t) + + // propose x509 root certificate by account Trustee1 + testRootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, testRootCertificate) + + // reject x509 root certificate by account Trustee2 + utils.RejectDaRootCertificate(setup, setup.Trustee2, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) + + // certificate should be in the entity , because we haven't enough reject approvals + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + // check certificate state indexes + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + + // additional checks + require.Equal(t, setup.Trustee1.String(), resolvedCertificates.ProposedCertificate.Approvals[0].Address) + require.Equal(t, testconstants.Info, resolvedCertificates.ProposedCertificate.Approvals[0].Info) + require.Equal(t, setup.Trustee2.String(), resolvedCertificates.ProposedCertificate.Rejects[0].Address) + require.Equal(t, testconstants.Info, resolvedCertificates.ProposedCertificate.Rejects[0].Info) + + // reject x509 root certificate by account Trustee3 + utils.RejectDaRootCertificate(setup, setup.Trustee3, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) + + // certificate should not be in the entity , because we have enough reject approvals + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + // check certificate state indexes + resolvedCertificates = utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + + // additional checks + require.Equal(t, setup.Trustee1.String(), resolvedCertificates.RejectedCertificate.Certs[0].Approvals[0].Address) + require.Equal(t, testconstants.Info, resolvedCertificates.RejectedCertificate.Certs[0].Approvals[0].Info) + require.Equal(t, setup.Trustee2.String(), resolvedCertificates.RejectedCertificate.Certs[0].Rejects[0].Address) + require.Equal(t, testconstants.Info, resolvedCertificates.RejectedCertificate.Certs[0].Rejects[0].Info) + require.Equal(t, setup.Trustee3.String(), resolvedCertificates.RejectedCertificate.Certs[0].Rejects[1].Address) + require.Equal(t, testconstants.Info, resolvedCertificates.RejectedCertificate.Certs[0].Rejects[1].Info) +} + +func TestHandler_RejectAddDaRootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t *testing.T) { + setup := utils.Setup(t) + + // we have 5 trustees: 1 approval comes from propose => we need 2 rejects to make certificate rejected + + // store 4th trustee + setup.CreateTrusteeAccount(testconstants.Vid) + + // store 5th trustee + setup.CreateTrusteeAccount(testconstants.Vid) + + // propose x509 root certificate by account Trustee1 + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) + + // reject x509 root certificate by account Trustee2 + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // Check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, // not rejected yet + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // reject x509 root certificate by account Trustee3 + utils.RejectDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // Check state indexes + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, // certificate is rejected now + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) +} + +func TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateHasOtherApproval(t *testing.T) { + setup := utils.Setup(t) + + // Add one more Trustee + setup.CreateTrusteeAccount(testconstants.Vid) + + // propose add x509 root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) + + // approve x509 root certificate by account Trustee2 + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // reject x509 root certificate by account Trustee2 + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + // check certificate state indexes + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + require.Len(t, resolvedCertificates.ProposedCertificate.Approvals, 1) + require.Len(t, resolvedCertificates.ProposedCertificate.Rejects, 1) + require.Equal(t, setup.Trustee1.String(), resolvedCertificates.ProposedCertificate.Approvals[0].Address) + require.Equal(t, setup.Trustee2.String(), resolvedCertificates.ProposedCertificate.Rejects[0].Address) +} + +func TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateHasOtherReject(t *testing.T) { + setup := utils.Setup(t) + + // Add two more Trustee + setup.CreateTrusteeAccount(testconstants.Vid) + setup.CreateTrusteeAccount(testconstants.Vid) + setup.CreateTrusteeAccount(testconstants.Vid) + + // propose add x509 root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) + + // approve x509 root certificate by account Trustee2 + utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // reject x509 root certificate by account Trustee1 + utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // reject x509 root certificate by account Trustee2 + utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + // check certificate state indexes + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + require.Len(t, resolvedCertificates.ProposedCertificate.Approvals, 0) + require.Len(t, resolvedCertificates.ProposedCertificate.Rejects, 2) + require.Equal(t, setup.Trustee1.String(), resolvedCertificates.ProposedCertificate.Rejects[0].Address) + require.Equal(t, setup.Trustee2.String(), resolvedCertificates.ProposedCertificate.Rejects[1].Address) +} + +func TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateNotHasOtherApproval(t *testing.T) { + setup := utils.Setup(t) + + // propose add x509 root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) + + // reject x509 root certificate by account Trustee1 (who proposed) + utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyId) + + // check certificate state indexes - certificate removed + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) +} + +// Error cases + +func TestHandler_RejectAddDaRootCert_ForUnknownProposedCertificate(t *testing.T) { + setup := utils.Setup(t) + + // approve + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, rejectAddX509RootCert) + require.Error(t, err) + require.True(t, pkitypes.ErrProposedCertificateDoesNotExist.Is(err)) +} + +func TestHandler_RejectAddDaRootCert_ByNotTrustee(t *testing.T) { + setup := utils.Setup(t) + + // propose add x509 root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(t, err) + + for _, role := range []dclauthtypes.AccountRole{ + dclauthtypes.Vendor, + dclauthtypes.CertificationCenter, + dclauthtypes.NodeAdmin, + } { + accAddress := utils.GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) + + // reject x509 root certificate + approveAddX509RootCert := types.NewMsgRejectAddX509RootCert( + accAddress.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.Info, + ) + _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + require.Error(t, err) + require.True(t, sdkerrors.ErrUnauthorized.Is(err)) + } +} + +func TestHandler_RejectX509RootCert_TwiceFromTheSameTrustee(t *testing.T) { + setup := utils.Setup(t) + + // propose add x509 root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(t, err) + + // reject x509 root certificate by account Trustee2 + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) + require.NoError(t, err) + + // second time reject x509 root certificate by account Trustee2 + rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) + require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) +} diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index 42c0c5de9..44e5cc2c5 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -14,25 +14,37 @@ import ( // Main -func TestHandler_RemoveNocIntermediateCert(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate rootCertificate := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate) - // add intermediate certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) + // add two intermediate certificates + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) - // remove intermediate certificate - utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate.Subject, icaCertificate.SubjectKeyId, "") + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) - // Check state indexes + // check total number of certificates + nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) + require.Equal(t, 2, len(nocCerts)) + + // remove all intermediate certificates + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + "", + ) + + // Check indexes for intermediate certificates indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits - }, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -41,8 +53,8 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { {Key: types.NocCertificatesKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, {Key: types.RevokedNocIcaCertificatesKeyPrefix}, @@ -50,59 +62,118 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + + // Check that only 1 certificate exists (root) + nocCerts, _ = utils.QueryAllNocCertificates(setup) + require.Equal(t, 1, len(nocCerts)) } -func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate rootCertificate := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate) - // add two intermediate certificates + // Add ICA certificates icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, icaCertificate1) + // Add ICA certificates with sam subject and SKID but different serial number icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, icaCertificate2) - // add leaf certificate - leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, leafCertificate) - - // check total number of certificates - nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) - require.Equal(t, 3, len(nocCerts)) + // remove ICA certificate by serial number + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + icaCertificate1.SerialNumber) - // Check indexes for intermediate certificates before removing + // Check indexes for first certificate (second ica exist) indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesKeyPrefix, Count: 1}, {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, - {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesKeyPrefix, Count: 1}, {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 1}, {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Count: 3}, // 2 inter + leaf certs exist - + {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, // removed + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, }, - Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) - // remove all intermediate certificates but leave leaf certificate (NocCert1 and IntermediateNocCertificate1Copy) - utils.RemoveNocIntermediateCertificate(setup, setup.Vendor1, icaCertificate1.Subject, icaCertificate1.SubjectKeyId, "") - - // Check indexes for intermediate certificates + // Check indexes for second certificate (all same as for ica1 but also UniqueCertificate exists) indexes = utils.TestIndexes{ Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, // all same as for ica1 but also UniqueCertificate exists + {Key: types.AllCertificatesKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 1}, {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, // leaf cert with same vid exist + {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, + {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) +} + +func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_ParentExist(t *testing.T) { + setup := utils.Setup(t) + + // add NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // add two intermediate certificates + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) + + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) + + // add leaf certificate + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) + + // check total number of certificates + nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) + require.Equal(t, 3, len(nocCerts)) + + // remove all intermediate certificates but leave leaf certificate (NocCert1 and IntermediateNocCertificate1Copy) + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + "", + ) + + // Check indexes for root certificate + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -110,18 +181,108 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, + {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + + // Check that only 2 certificates exists + nocCerts, _ = utils.QueryAllNocCertificates(setup) + require.Equal(t, 2, len(nocCerts)) +} + +func TestHandler_RemoveNocIntermediateCert_BySerialNumber_ParentExist(t *testing.T) { + setup := utils.Setup(t) + + // add NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // Add ICA certificates + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) + + // Add ICA certificates with sam subject and SKID but different serial number + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) + + // Add a leaf certificate + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) + + // remove ICA certificate by serial number + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + icaCertificate1.SerialNumber) + + // Check indexes for leaf certificate (all same as for ica1 but also UniqueCertificate exists) + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // root and leaf cert with same vid exist + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.RevokedNocRootCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) +} + +func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_ApprovedChildExist(t *testing.T) { + setup := utils.Setup(t) + + // add NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // add two intermediate certificates + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) + + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) + + // add leaf certificate + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) + + // check total number of certificates + nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) + require.Equal(t, 3, len(nocCerts)) + + // remove all intermediate certificates but leave leaf certificate (NocCert1 and IntermediateNocCertificate1Copy) + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + "", + ) // Check indexes for leaf certificate - indexes = utils.TestIndexes{ + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, @@ -150,7 +311,7 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, 2, len(nocCerts)) } -func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_BySerialNumber_ApprovedChildExist(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate @@ -169,24 +330,6 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, leafCertificate) - // Check indexes for intermediate certificates before removing - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, - {Key: types.NocCertificatesKeyPrefix, Count: 2}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Count: 3}, // 2 inter + leaf certs exist - - }, - Missing: []utils.TestIndex{}, - } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) - // remove ICA certificate by serial number utils.RemoveNocIntermediateCertificate( setup, @@ -195,8 +338,8 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { icaCertificate1.SubjectKeyId, icaCertificate1.SerialNumber) - // Check indexes for first certificate (second ica exist) - indexes = utils.TestIndexes{ + // Check indexes for leaf certificate (all same as for ica1 but also UniqueCertificate exists) + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix, Count: 1}, {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, @@ -207,45 +350,141 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 1}, {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // ica and leaf cert with same vid exist + {Key: types.UniqueCertificateKeyPrefix}, // all same as for ica1 but also UniqueCertificate exists {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, // removed {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.RevokedNocRootCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) +} - // Check indexes for second certificate (all same as for ica1 but also UniqueCertificate exists) - indexes = utils.TestIndexes{ +func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_RevokedChildExist(t *testing.T) { + setup := utils.Setup(t) + + // add NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // add two intermediate certificates + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) + + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) + + // add leaf certificate + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) + + // check total number of certificates + nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) + require.Equal(t, 3, len(nocCerts)) + + // revoke leaf certificate + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, + leafCertificate.Subject, + leafCertificate.SubjectKeyId, + "", + false, + ) + + // remove all intermediate certificates but leave leaf certificate (NocCert1 and IntermediateNocCertificate1Copy) + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + "", + ) + + // Check indexes for leaf certificate + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, - {Key: types.NocCertificatesKeyPrefix, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 1}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // ica and leaf cert with same vid exist - {Key: types.UniqueCertificateKeyPrefix}, // all same as for ica1 but also UniqueCertificate exists - {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) +} + +func TestHandler_RemoveNocIntermediateCert_BySerialNumber_RevokedChildExist(t *testing.T) { + setup := utils.Setup(t) + + // add NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // Add ICA certificates + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) - // Check indexes for leaf certificate (all same as for ica2) + // Add ICA certificates with sam subject and SKID but different serial number + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) + + // Add a leaf certificate + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) + + // revoke leaf certificate + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, + leafCertificate.Subject, + leafCertificate.SubjectKeyId, + "", + false, + ) + + // remove ICA certificate by serial number + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + icaCertificate1.SerialNumber) + + // Check indexes for leaf certificate + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix}, // single intermediate exists + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + } utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } -func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate @@ -253,16 +492,20 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { utils.AddNocRootCertificate(setup, rootCertificate) // Add an intermediate certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) + + // Add an intermediate certificate + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) // revoke intermediate certificate by serial number utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, - icaCertificate.Subject, - icaCertificate.SubjectKeyId, - icaCertificate.SerialNumber, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + "", false, ) @@ -270,7 +513,7 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 2}, }, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -286,20 +529,40 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) +} - // remove intermediate certificate by serial number - utils.RemoveNocIntermediateCertificate( +func TestHandler_RemoveNocIntermediateCert_BySerialNumber_RevokedCertificate(t *testing.T) { + setup := utils.Setup(t) + + // add NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // Add an intermediate certificate + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) + + // Add an intermediate certificate + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) + + // revoke intermediate certificate by serial number + utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, - icaCertificate.Subject, - icaCertificate.SubjectKeyId, - icaCertificate.SerialNumber, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + icaCertificate1.SerialNumber, + false, ) - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{}, - Missing: []utils.TestIndex{ + // Check indexes after revocation + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -308,19 +571,18 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, {Key: types.NocIcaCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ {Key: types.RevokedNocRootCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) } -// Extra cases - -func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_RevokedAndActiveCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate @@ -423,7 +685,7 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) } -func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate @@ -471,7 +733,7 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { // Error cases -func TestHandler_RemoveNocX509IcaCert_CertificateDoesNotExist(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) removeIcaCert := types.NewMsgRemoveNocX509IcaCert( @@ -484,117 +746,107 @@ func TestHandler_RemoveNocX509IcaCert_CertificateDoesNotExist(t *testing.T) { require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) } -func TestHandler_RemoveNocX509IcaCert_EmptyCertificatesList(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate rootCertificate := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate) - setup.Keeper.SetNocIcaCertificates( - setup.Ctx, - types.NocIcaCertificates{ - Vid: testconstants.Vid, - }, - ) - - removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - setup.Vendor1.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - "") - _, err := setup.Handler(setup.Ctx, removeIcaCert) - require.Error(t, err) - require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) -} - -func TestHandler_RemoveNocX509IcaCert_ByOtherVendor(t *testing.T) { - setup := utils.Setup(t) - - // add NOC root certificate - rootCertificate := utils.RootNocCertificate1(setup.Vendor1) - utils.AddNocRootCertificate(setup, rootCertificate) + // add two intermediate certificates + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) // add fist vendor account with VID = 1 - vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) - - // add x509 certificate by `setup.Trustee` - addX509Cert := types.NewMsgAddNocX509IcaCert(vendorAccAddress1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) - - // add second vendor account with VID = 1000 - vendorAccAddress2 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.VendorID1) // remove ICA certificate by second vendor account removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - vendorAccAddress2.String(), testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, testconstants.NocCert1SerialNumber) - _, err = setup.Handler(setup.Ctx, removeIcaCert) + vendorAccAddress1.String(), + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + icaCertificate1.SerialNumber) + _, err := setup.Handler(setup.Ctx, removeIcaCert) require.Error(t, err) require.True(t, pkitypes.ErrCertVidNotEqualAccountVid.Is(err)) } -func TestHandler_RemoveNocX509IcaCert_SenderNotVendor(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate rootCertificate := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate) - // add x509 certificate - addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + // add two intermediate certificates + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) removeIcaCert := types.NewMsgRemoveNocX509IcaCert( - setup.Trustee1.String(), testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID, "") - _, err = setup.Handler(setup.Ctx, removeIcaCert) + setup.Trustee1.String(), + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + "") + _, err := setup.Handler(setup.Ctx, removeIcaCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) } -func TestHandler_RemoveNocX509IcaCert_ForNonIcaCertificate(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_ForNonIcaCertificate(t *testing.T) { setup := utils.Setup(t) - setup.Keeper.SetRevokedCertificates( - setup.Ctx, - types.RevokedCertificates{ - Subject: testconstants.IntermediateSubject, - SubjectKeyId: testconstants.IntermediateSubjectKeyID, - Certs: []*types.Certificate{{ - CertificateType: types.CertificateType_DeviceAttestationPKI, - }}, - }, - ) + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // Add intermediate certificates + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) removeIcaCert := types.NewMsgRemoveNocX509IcaCert( setup.Vendor1.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyId, "") _, err := setup.Handler(setup.Ctx, removeIcaCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) } -func TestHandler_RemoveNocX509IcaCert_InvalidSerialNumber(t *testing.T) { +func TestHandler_RemoveNocIntermediateCert_InvalidSerialNumber(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate rootCertificate := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate) - addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + // add two intermediate certificates + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) removeX509Cert := types.NewMsgRemoveNocX509IcaCert( setup.Vendor1.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, "invalid") - _, err = setup.Handler(setup.Ctx, removeX509Cert) + _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) } + +func TestHandler_RemoveNocIntermediateCert_ForRoot(t *testing.T) { + setup := utils.Setup(t) + + // add NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + removeX509Cert := types.NewMsgRemoveNocX509IcaCert( + setup.Vendor1.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + "") + _, err := setup.Handler(setup.Ctx, removeX509Cert) + require.Error(t, err) + require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) +} diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index a1be40019..c45ddef7a 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -14,40 +14,7 @@ import ( // Main -func TestHandler_RemoveNocRootCert(t *testing.T) { - setup := utils.Setup(t) - - // add NOC root certificates - rootCertificate := utils.RootNocCertificate1(setup.Vendor1) - utils.AddNocRootCertificate(setup, rootCertificate) - - // remove noc root certificate - utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate.Subject, rootCertificate.SubjectKeyId, "") - - // Check indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{}, - Missing: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) -} - -func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { +func TestHandler_RemoveNocRootCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // add NOC root certificates @@ -57,23 +24,23 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate2) - // Add intermediate certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) - // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) require.NotNil(t, nocCerts) - require.Equal(t, 2, len(nocCerts)) - require.Equal(t, 3, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) + require.Equal(t, 1, len(nocCerts)) // remove all root noc root certificates - utils.RemoveNocRootCertificate(setup, setup.Vendor1, rootCertificate1.Subject, rootCertificate1.SubjectKeyId, "") + utils.RemoveNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, + "", + ) // check that only IAC certificate exists nocCerts, _ = utils.QueryAllNocCertificates(setup) - require.Equal(t, 1, len(nocCerts)) - require.Equal(t, 1, len(nocCerts[0].Certs)) + require.Equal(t, 0, len(nocCerts)) // Check indexes for root certificates indexes := utils.TestIndexes{ @@ -95,27 +62,9 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) - - // Check indexes for intermediate certificates - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{}, - } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } -func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { +func TestHandler_RemoveNocRootCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // add NOC root certificates @@ -125,15 +74,10 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate2) - // Add ICA certificates - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) - // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) require.NotNil(t, nocCerts) - require.Equal(t, 2, len(nocCerts)) - require.Equal(t, 3, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) + require.Equal(t, 1, len(nocCerts)) // remove NOC root certificate by serial number utils.RemoveNocRootCertificate( @@ -143,11 +87,6 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { rootCertificate1.SubjectKeyId, rootCertificate1.SerialNumber) - // check total - nocCerts, _ = utils.QueryAllNocCertificates(setup) - require.Equal(t, 2, len(nocCerts)) - require.Equal(t, 2, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)) - // Check indexes for root certificates indexes := utils.TestIndexes{ Present: []utils.TestIndex{ @@ -158,11 +97,11 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) @@ -177,11 +116,11 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.UniqueCertificateKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) @@ -196,8 +135,7 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { // check total nocCerts, _ = utils.QueryAllNocCertificates(setup) - require.Equal(t, 1, len(nocCerts)) - require.Equal(t, 1, len(nocCerts[0].Certs)) + require.Equal(t, 0, len(nocCerts)) // Check indexes for root certificates indexes = utils.TestIndexes{ @@ -219,9 +157,38 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) +} + +func TestHandler_RemoveNocRootCert_BySubjectAndSKID_ChildExist(t *testing.T) { + setup := utils.Setup(t) + + // add NOC root certificates + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) + + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) + + // Add intermediate certificate + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) + + // remove all root noc root certificates + utils.RemoveNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, + "", + ) + + // check that only IAC certificate exists + nocCerts, _ := utils.QueryAllNocCertificates(setup) + require.Equal(t, 1, len(nocCerts)) + require.Equal(t, 1, len(nocCerts[0].Certs)) // Check indexes for intermediate certificates - indexes = utils.TestIndexes{ + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, @@ -239,51 +206,34 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } -func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { +func TestHandler_RemoveNocRootCert_BySerialNumber_ChildExist(t *testing.T) { setup := utils.Setup(t) - // add NOC root certificate + // add NOC root certificates rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate1) rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate2) - // Add an intermediate certificate + // Add ICA certificates icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, icaCertificate) - // revoke NOC root certificates - utils.RevokeNocRootCertificate( + // remove NOC root certificate by serial number + utils.RemoveNocRootCertificate( setup, setup.Vendor1, - rootCertificate2.Subject, - rootCertificate2.SubjectKeyId, - "", - false, - ) + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, + rootCertificate1.SerialNumber) - // Check indexes for root certificates - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 2}, - }, - Missing: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) + // check total + nocCerts, _ := utils.QueryAllNocCertificates(setup) + require.Equal(t, 2, len(nocCerts)) - // Check indexes for intermediate certificate - indexes = utils.TestIndexes{ + // Check indexes for intermediate certificates + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, @@ -300,34 +250,20 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) - // remove NOC root certificates + // remove NOC root certificate by serial number and check that IAC cert is not removed utils.RemoveNocRootCertificate( setup, setup.Vendor1, rootCertificate2.Subject, rootCertificate2.SubjectKeyId, - "", - ) + rootCertificate2.SerialNumber) - // Check indexes for root certificates - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{}, - Missing: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) + // check total + nocCerts, _ = utils.QueryAllNocCertificates(setup) + require.Equal(t, 1, len(nocCerts)) + require.Equal(t, 1, len(nocCerts[0].Certs)) - // Check that intermediate certificates still exist + // Check indexes for intermediate certificates indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -346,52 +282,40 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } -func TestHandler_RemoveNocX509RootCert_RevokedWithChildCertificate(t *testing.T) { +func TestHandler_RemoveNocRootCert_BySubjectAndSKID_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate - rootCertificate := utils.RootNocCertificate1(setup.Vendor1) - utils.AddNocRootCertificate(setup, rootCertificate) + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) - // Add an intermediate certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) // revoke NOC root certificates utils.RevokeNocRootCertificate( setup, setup.Vendor1, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyId, + "", + false, + ) + + // remove NOC root certificates + utils.RemoveNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyId, "", - true, ) // Check indexes for root certificates indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - }, + Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -402,22 +326,46 @@ func TestHandler_RemoveNocX509RootCert_RevokedWithChildCertificate(t *testing.T) {Key: types.RevokedNocRootCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) +} + +func TestHandler_RemoveNocRootCert_BySerialNumber_RevokedCertificate(t *testing.T) { + setup := utils.Setup(t) + + // add NOC root certificate + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) + + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) + + // revoke NOC root certificates + utils.RevokeNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyId, + "", + false, + ) // remove NOC root certificates utils.RemoveNocRootCertificate( setup, setup.Vendor1, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - "", + rootCertificate2.Subject, + rootCertificate2.SubjectKeyId, + rootCertificate2.SerialNumber, ) // Check indexes for root certificates - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{}, - Missing: []utils.TestIndex{ + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -425,16 +373,14 @@ func TestHandler_RemoveNocX509RootCert_RevokedWithChildCertificate(t *testing.T) {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) - // Check that intermediate certificates still is revoked indexes = utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + // another root with same vid exists + {Key: types.RevokedNocRootCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -444,25 +390,19 @@ func TestHandler_RemoveNocX509RootCert_RevokedWithChildCertificate(t *testing.T) {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } -// Extra cases - -func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) { +func TestHandler_RemoveNocRootCert_BySubjectAndSKID_RevokedAndActiveCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate rootCertificate := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate) - // Add an intermediate certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) - // revoke an intermediate certificate utils.RevokeNocRootCertificate( setup, @@ -483,56 +423,11 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) setup.Vendor1, rootCertificate.Subject, rootCertificate.SubjectKeyId, - rootCertificate.SerialNumber, - ) - - // Check indexes for re-activated root certificates - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) - - // Check indexes for deleted root certificates - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // remove NOC root certificates - utils.RemoveNocRootCertificate( - setup, - setup.Vendor1, - rootCertificate2.Subject, - rootCertificate2.SubjectKeyId, "", ) // Check indexes for root certificates (after deletion re-activated) - indexes = utils.TestIndexes{ + indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -550,7 +445,7 @@ func TestHandler_RemoveNocX509RootCert_RevokedAndActiveCertificate(t *testing.T) utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } -func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { +func TestHandler_RemoveNocRootCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate @@ -588,7 +483,7 @@ func TestHandler_RemoveNocX509RootCert_ByNotOwnerButSameVendor(t *testing.T) { } // Error cases -func TestHandler_RemoveNocX509RootCert_CertificateDoesNotExist(t *testing.T) { +func TestHandler_RemoveNocRootCert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) removeIcaCert := types.NewMsgRemoveNocX509RootCert( @@ -601,27 +496,7 @@ func TestHandler_RemoveNocX509RootCert_CertificateDoesNotExist(t *testing.T) { require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) } -func TestHandler_RemoveNocX509RootCert_EmptyCertificatesList(t *testing.T) { - setup := utils.Setup(t) - - setup.Keeper.SetNocRootCertificates( - setup.Ctx, - types.NocRootCertificates{ - Vid: testconstants.Vid, - }, - ) - - removeIcaCert := types.NewMsgRemoveNocX509RootCert( - setup.Vendor1.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - "") - _, err := setup.Handler(setup.Ctx, removeIcaCert) - require.Error(t, err) - require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) -} - -func TestHandler_RemoveNocX509RootCert_ByOtherVendor(t *testing.T) { +func TestHandler_RemoveNocRootCert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate @@ -644,7 +519,7 @@ func TestHandler_RemoveNocX509RootCert_ByOtherVendor(t *testing.T) { require.True(t, pkitypes.ErrCertVidNotEqualAccountVid.Is(err)) } -func TestHandler_RemoveNocX509RootCert_SenderNotVendor(t *testing.T) { +func TestHandler_RemoveNocRootCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate @@ -658,7 +533,7 @@ func TestHandler_RemoveNocX509RootCert_SenderNotVendor(t *testing.T) { require.True(t, sdkerrors.ErrUnauthorized.Is(err)) } -func TestHandler_RemoveNocX509RootCert_InvalidSerialNumber(t *testing.T) { +func TestHandler_RemoveNocRootCert_InvalidSerialNumber(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate @@ -674,3 +549,41 @@ func TestHandler_RemoveNocX509RootCert_InvalidSerialNumber(t *testing.T) { require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) } + +func TestHandler_RemoveNocRootCert_IntermediateCertificate(t *testing.T) { + setup := utils.Setup(t) + + // add NOC root certificates + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) + + // Add ICA certificates + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) + + removeX509Cert := types.NewMsgRemoveNocX509RootCert( + setup.Vendor1.String(), + icaCertificate.Subject, + icaCertificate.SubjectKeyId, + "") + _, err := setup.Handler(setup.Ctx, removeX509Cert) + require.Error(t, err) + require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) +} + +func TestHandler_RemoveNocRootCert_DaCertificate(t *testing.T) { + setup := utils.Setup(t) + + // add DA root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + removeX509Cert := types.NewMsgRemoveNocX509RootCert( + setup.Vendor1.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + "") + _, err := setup.Handler(setup.Ctx, removeX509Cert) + require.Error(t, err) + require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) +} diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index 4318f87a6..5df99173c 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -16,26 +16,28 @@ import ( func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + // propose and approve x509 root certificate - rootCert := utils.RootDaCertificate(setup.Trustee1) + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Add intermediate certificates - testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) + // Add two intermediate certificates + testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) + + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) - // Remove intermediate certificate + // remove all intermediate certificates but leave leaf certificate utils.RemoveDaIntermediateCertificate( setup, - setup.Vendor1, - testIntermediateCertificate.Subject, - testIntermediateCertificate.SubjectKeyId, + vendorAccAddress, + testIntermediateCertificate1.Subject, + testIntermediateCertificate1.SubjectKeyId, "") - // Check: only one certificate exists - root - allCerts, _ := utils.QueryAllApprovedCertificates(setup) - require.Equal(t, 1, len(allCerts)) - // Check indexes for intermediate certificate indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, @@ -52,10 +54,11 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { {Key: types.ProposedCertificateKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) } -func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // Add vendor account @@ -72,51 +75,75 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) - // Add a leaf certificate - testLeafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, testLeafCertificate) - - // get certificates for further comparison - allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) - require.NotNil(t, allCerts) - require.Equal(t, 3, len(allCerts)) - require.Equal(t, 4, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) - - // remove all intermediate certificates but leave leaf certificate + // remove intermediate certificate by serial number utils.RemoveDaIntermediateCertificate( setup, vendorAccAddress, testIntermediateCertificate1.Subject, testIntermediateCertificate1.SubjectKeyId, - "") - - // check that only two certificates exists - allCerts, _ = utils.QueryAllApprovedCertificates(setup) - require.Equal(t, 2, len(allCerts)) - require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) + testIntermediateCertificate1.SerialNumber) - // Check indexes for intermediate certificate + // Check indexes for intermediate certificate 1 indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - // {Key: types.AllCertificatesBySubjectKeyPrefix}, // leaf cert has same subject - // {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, // leaf cert has same subject + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + + // Check indexes for intermediate certificate 2 (all the same but also UniqueCertificate exists) + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, }, + Missing: []utils.TestIndex{}, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) +} - // check that leaf certificate exists - indexes = utils.TestIndexes{ +func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_ParentExist(t *testing.T) { + setup := utils.Setup(t) + + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // Add two intermediate certificates + testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) + + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) + + // remove all intermediate certificates but leave leaf certificate + utils.RemoveDaIntermediateCertificate( + setup, + vendorAccAddress, + testIntermediateCertificate1.Subject, + testIntermediateCertificate1.SubjectKeyId, + "") + + // Check state indexes for parent + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, @@ -125,17 +152,17 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { {Key: types.ApprovedCertificatesKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ - {Key: types.ApprovedRootCertificatesKeyPrefix}, {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCert, indexes) } -func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_BySerialNumber_ParentExist(t *testing.T) { setup := utils.Setup(t) // Add vendor account @@ -145,17 +172,13 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Add intermediate certificates + // Add two intermediate certificates testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) - // Add a leaf certificate - testLeafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, testLeafCertificate) - // remove intermediate certificate by serial number utils.RemoveDaIntermediateCertificate( setup, @@ -164,88 +187,161 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { testIntermediateCertificate1.SubjectKeyId, testIntermediateCertificate1.SerialNumber) - // check that only root, intermediate(with serial number 3) and leaf certificates exists - allCerts, _ := utils.QueryAllApprovedCertificates(setup) - require.Equal(t, 3, len(allCerts)) - require.Equal(t, 3, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) - - // Check indexes for intermediate certificate 1 + // Check state indexes for parent indexes := utils.TestIndexes{ Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCert, indexes) +} - // Check indexes for intermediate certificate 2 (all the same but also UniqueCertificate exists) - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ +func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedCertificate(t *testing.T) { + setup := utils.Setup(t) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // Add two intermediate certificates again + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) + + // revoke intermediate certificate by serial number + utils.RevokeDaIntermediateCertificate( + setup, + setup.Vendor1, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyId, + "", + false) + + // remove intermediate certificate by serial number + utils.RemoveDaIntermediateCertificate( + setup, + setup.Vendor1, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyId, + testIntermediateCertificate.SerialNumber) + + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, }, - Missing: []utils.TestIndex{}, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) +} - // check that leaf certificate exists (same as for intermediate 2, skip check by subject) - indexes = utils.TestIndexes{ +func TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedCertificate(t *testing.T) { + setup := utils.Setup(t) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // Add two intermediate certificates again + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) + + // revoke intermediate certificate by serial number + utils.RevokeDaIntermediateCertificate( + setup, + setup.Vendor1, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyId, + testIntermediateCertificate.SerialNumber, + false) + + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, }, - Missing: []utils.TestIndex{}, } - utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) - // remove intermediate certificate by serial number and check that leaf cert is not removed + // remove intermediate certificate by serial number utils.RemoveDaIntermediateCertificate( setup, - vendorAccAddress, - testIntermediateCertificate2.Subject, - testIntermediateCertificate2.SubjectKeyId, - testIntermediateCertificate2.SerialNumber) - - allCerts, _ = utils.QueryAllApprovedCertificates(setup) - require.Equal(t, 2, len(allCerts)) - require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) + setup.Vendor1, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyId, + testIntermediateCertificate.SerialNumber) - // Check indexes for intermediate certificates indexes = utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) +} + +func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_ApprovedChildExist(t *testing.T) { + setup := utils.Setup(t) + + // add root x509 certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // add intermediate x509 certificate + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) + + // add leaf x509 certificate + leafCertificate := utils.LeafCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, leafCertificate) + + // revoke x509 certificate + utils.RemoveDaIntermediateCertificate( + setup, + setup.Vendor1, + intermediateCertificate.Subject, + intermediateCertificate.SubjectKeyId, + "") // check that leaf certificate exists - indexes = utils.TestIndexes{ + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, @@ -257,32 +353,89 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, {Key: types.ProposedCertificateKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } -func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_BySerialNumber_ApprovedChildExist(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate - rootCert := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + // add root x509 certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // Add two intermediate certificates again - testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) + // add intermediate x509 certificate + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // revoke intermediate certificate by serial number + // add leaf x509 certificate + leafCertificate := utils.LeafCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, leafCertificate) + + // revoke x509 certificate + utils.RemoveDaIntermediateCertificate( + setup, + setup.Vendor1, + intermediateCertificate.Subject, + intermediateCertificate.SubjectKeyId, + intermediateCertificate.SerialNumber) + + // check that leaf certificate exists + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) +} + +func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedChildExist(t *testing.T) { + setup := utils.Setup(t) + + // add root x509 certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // add intermediate x509 certificate + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) + + // add leaf x509 certificate + leafCertificate := utils.LeafCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, leafCertificate) + + // revoke leaf certificate utils.RevokeDaIntermediateCertificate( setup, setup.Vendor1, - testIntermediateCertificate.Subject, - testIntermediateCertificate.SubjectKeyId, - testIntermediateCertificate.SerialNumber, - false) + leafCertificate.Subject, + leafCertificate.SubjectKeyId, + "", + true) + + // revoke intermediate certificate + utils.RemoveDaIntermediateCertificate( + setup, + setup.Vendor1, + intermediateCertificate.Subject, + intermediateCertificate.SubjectKeyId, + "") + // check that leaf certificate exists indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -295,41 +448,66 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { {Key: types.ApprovedCertificatesKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) +} - // remove intermediate certificate by serial number +func TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedChildExist(t *testing.T) { + setup := utils.Setup(t) + + // add root x509 certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // add intermediate x509 certificate + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) + + // add leaf x509 certificate + leafCertificate := utils.LeafCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, leafCertificate) + + // revoke x509 certificate + utils.RevokeDaIntermediateCertificate( + setup, + setup.Vendor1, + leafCertificate.Subject, + leafCertificate.SubjectKeyId, + "", + true) + + // revoke x509 certificate utils.RemoveDaIntermediateCertificate( setup, setup.Vendor1, - testIntermediateCertificate.Subject, - testIntermediateCertificate.SubjectKeyId, - testIntermediateCertificate.SerialNumber) + intermediateCertificate.Subject, + intermediateCertificate.SubjectKeyId, + intermediateCertificate.SerialNumber) - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{}, - Missing: []utils.TestIndex{ + // check that leaf certificate exists + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } -// Extra cases - -func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedAndActiveCertificate(t *testing.T) { setup := utils.Setup(t) // Add vendor account @@ -343,9 +521,9 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { testIntermediateCertificate := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) - // get certificates for further comparison - allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) - require.Equal(t, 2, len(allCerts)) + // Add an intermediate certificate with new serial number + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) // revoke an intermediate certificate utils.RevokeDaIntermediateCertificate( @@ -356,13 +534,10 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { testIntermediateCertificate.SerialNumber, false) - // Add an intermediate certificate with new serial number - testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) - - // check that intermediate certificate 2 exists + // check that intermediate certificate 1 exists but revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, @@ -376,9 +551,9 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { {Key: types.ProposedCertificateKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) - // check that intermediate certificate 1 exists but revoked + // check that intermediate certificate 2 exists indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -389,43 +564,15 @@ func TestHandler_RemoveX509Cert_RevokedAndApprovedCertificate(t *testing.T) { {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) - - // remove an intermediate certificate - utils.RemoveDaIntermediateCertificate( - setup, - vendorAccAddress, - testIntermediateCertificate2.Subject, - testIntermediateCertificate2.SubjectKeyId, - "") - - // check indexes after removing re-activated certificate - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{}, - Missing: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } -func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate @@ -468,93 +615,89 @@ func TestHandler_RemoveX509Cert_ByNotOwnerButSameVendor(t *testing.T) { // Error cases -func TestHandler_RemoveX509Cert_CertificateDoesNotExist(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) removeX509Cert := types.NewMsgRemoveX509Cert( setup.Vendor1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber) + "") _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) } -func TestHandler_RemoveX509Cert_EmptyCertificatesList(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_InvalidSerialNumber(t *testing.T) { setup := utils.Setup(t) - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - setup.Keeper.SetApprovedCertificates( - setup.Ctx, - types.ApprovedCertificates{ - Subject: testconstants.IntermediateSubject, - SubjectKeyId: testconstants.IntermediateSubjectKeyID, - }, - ) + // Add intermediate certificates + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) + // remove intermediate certificate removeX509Cert := types.NewMsgRemoveX509Cert( setup.Vendor1.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - "") + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyId, + "invalid") _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) } -func TestHandler_RemoveX509Cert_ByOtherVendor(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) - // store root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - - // add fist vendor account with VID = 1 - vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // add x509 certificate by `setup.Trustee` - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + // Add intermediate certificates + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) - // add scond vendor account with VID = 1000 + // add second vendor account with VID = 1000 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.VendorID1) // revoke x509 certificate by second vendor account removeX509Cert := types.NewMsgRemoveX509Cert( - vendorAccAddress2.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, testconstants.IntermediateSerialNumber) - _, err = setup.Handler(setup.Ctx, removeX509Cert) + vendorAccAddress2.String(), + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyId, + testIntermediateCertificate.SerialNumber, + ) + _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) } -func TestHandler_RemoveX509Cert_SenderNotVendor(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) - // store root certificate - rootCert := utils.RootDaCertificateWithVid(setup.Trustee1) + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - - // add x509 certificate - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + // Add intermediate certificates + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) removeX509Cert := types.NewMsgRemoveX509Cert( - setup.Trustee1.String(), testconstants.IntermediateSubject, testconstants.IntermediateSubjectKeyID, "invalid") - _, err = setup.Handler(setup.Ctx, removeX509Cert) + setup.Trustee1.String(), + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyId, + "invalid") + _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) } -func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) rootCert := utils.RootDaCertificate(setup.Trustee1) @@ -562,35 +705,15 @@ func TestHandler_RemoveX509Cert_ForRootCertificate(t *testing.T) { removeX509Cert := types.NewMsgRemoveX509Cert( setup.Vendor1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber) + rootCert.Subject, + rootCert.SubjectKeyId, + rootCert.SerialNumber) _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) } -func TestHandler_RemoveX509Cert_InvalidSerialNumber(t *testing.T) { - setup := utils.Setup(t) - - rootCert := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - - addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) - - removeX509Cert := types.NewMsgRemoveX509Cert( - setup.Vendor1.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - "invalid") - _, err = setup.Handler(setup.Ctx, removeX509Cert) - require.Error(t, err) - require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) -} - -func TestHandler_RemoveX509Cert_ForNocIcaCertificate(t *testing.T) { +func TestHandler_RemoveDaIntermediateCert_ForNocIcaCertificate(t *testing.T) { setup := utils.Setup(t) // add NOC root certificate @@ -598,16 +721,16 @@ func TestHandler_RemoveX509Cert_ForNocIcaCertificate(t *testing.T) { utils.AddNocRootCertificate(setup, rootCertificate) // Add ICA certificate - addX509Cert := types.NewMsgAddNocX509IcaCert(setup.Vendor1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) + // Try to remove NOC ICA certificate removeX509Cert := types.NewMsgRemoveX509Cert( setup.Vendor1.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber) - _, err = setup.Handler(setup.Ctx, removeX509Cert) + icaCertificate.Subject, + icaCertificate.SubjectKeyId, + icaCertificate.SerialNumber) + _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) } diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index 21c3ccc39..c8cb3ecb8 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -14,23 +14,27 @@ import ( // Main -func TestHandler_RevokeNocIntermediateCert(t *testing.T) { +func TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate rootCertificate := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate) - // add the NOC non-root certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) + // add the first NOC non-root certificate + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) + + // add the second NOC non-root certificate + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) // Revoke NOC with subject and subject key id only utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, - icaCertificate.Subject, - icaCertificate.SubjectKeyId, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, "", false) @@ -38,7 +42,7 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 2}, {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits }, Missing: []utils.TestIndex{ @@ -55,10 +59,11 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) } -func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { +func TestHandler_RevokeNocIntermediateCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate @@ -73,28 +78,20 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, icaCertificate2) - // add the NOC leaf certificate - leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, leafCertificate) - - // Revoke NOC with subject and subject key id only + // Revoke NOC by serial number only utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, icaCertificate1.Subject, icaCertificate1.SubjectKeyId, - "", + icaCertificate1.SerialNumber, false) - // Check indexes + // Check indexes for intermediate after revocation indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 2}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix}, // leaf still exists - }, - Missing: []utils.TestIndex{ + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -102,16 +99,40 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, // other intermediate exist {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ {Key: types.RevokedNocRootCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) +} + +func TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID_ParentExist(t *testing.T) { + setup := utils.Setup(t) + + // add the first NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // add the NOC non-root certificate + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) - // Check indexes for leaf - indexes = utils.TestIndexes{ + // Revoke NOC with subject and subject key id only + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate.Subject, + icaCertificate.SubjectKeyId, + "", + false) + + // Check state indexes for root + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, @@ -120,12 +141,11 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, // only leaf exits + {Key: types.NocRootCertificatesKeyPrefix}, {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ + {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.ProposedCertificateKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, @@ -133,10 +153,55 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) +} + +func TestHandler_RevokeNocIntermediateCert_BySerialNumber_ParentExist(t *testing.T) { + setup := utils.Setup(t) + + // add the first NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // add the NOC non-root certificate + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) + + // Revoke NOC with subject and subject key id only + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate.Subject, + icaCertificate.SubjectKeyId, + icaCertificate.SerialNumber, + false) + + // Check state indexes for root + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } -func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { +func TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID_KeepChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate @@ -155,26 +220,18 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, leafCertificate) - // Revoke noc with subject and subject key id and its child too + // Revoke NOC with subject and subject key id only utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, icaCertificate1.Subject, icaCertificate1.SubjectKeyId, "", - true) - - allRevokedCerts, _ := utils.QueryAllNocRevokedIcaCertificates(setup) - require.Equal(t, 2, len(allRevokedCerts)) + false) - // Check indexes + // Check state indexes for leaf indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 2}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits - }, - Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -182,39 +239,23 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we created root certificate with same vid {Key: types.NocIcaCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) - - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 1}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } -func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { +func TestHandler_RevokeNocIntermediateCert_BySerialNumber_KeepChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate @@ -242,11 +283,9 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { icaCertificate1.SerialNumber, false) - // Check indexes for intermediate after revocation + // Check state indexes for leaf indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -254,20 +293,58 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // intermediate + leaf + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we created root certificate with same vid + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // intermediate + leaf + {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) +} - // Check indexes for leaf - indexes = utils.TestIndexes{ +func TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID_RevokeChild(t *testing.T) { + setup := utils.Setup(t) + + // add the first NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // add the first NOC non-root certificate + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) + + // add the second NOC non-root certificate + icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate2) + + // add the NOC leaf certificate + leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, leafCertificate) + + // Revoke noc with subject and subject key id and its child too + utils.RevokeNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + "", + true) + + // Check indexes for child + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + }, + Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -275,12 +352,8 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // inter + leaf + {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.RevokedNocRootCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, }, @@ -288,7 +361,7 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumber(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } -func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T) { +func TestHandler_RevokeNocIntermediateCert_BySerialNumber_RevokeChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate @@ -307,7 +380,7 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T leafCertificate := utils.LeafNocCertificate1(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, leafCertificate) - // Revoke NOC with subject and subject key id and its child too + // Revoke noc with subject and subject key id and its child too utils.RevokeNocIntermediateCertificate( setup, setup.Vendor1, @@ -316,11 +389,18 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T icaCertificate1.SerialNumber, true) - // Check indexes certificates + allRevokedCerts, _ := utils.QueryAllNocRevokedIcaCertificates(setup) + require.Equal(t, 2, len(allRevokedCerts)) + + // Check indexes for child indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix}, // inter with same vid exists + }, + Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -328,22 +408,43 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ {Key: types.RevokedNocRootCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) +} + +func TestHandler_RevokeNocIntermediateCert_ByOtherVendor(t *testing.T) { + setup := utils.Setup(t) + + // add vendor with same vid + otherVendor := setup.CreateVendorAccount(testconstants.Vid) + + // add the first NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // add the NOC non-root certificate + icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate) + + // Revoke NOC with subject and subject key id only + utils.RevokeNocIntermediateCertificate( + setup, + otherVendor, + icaCertificate.Subject, + icaCertificate.SubjectKeyId, + "", + false) - indexes = utils.TestIndexes{ + // Check indexes for intermediate + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, // inter exists + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits }, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -353,41 +454,42 @@ func TestHandler_RevokeNocX509Cert_RevokeBySerialNumberAndWithChild(t *testing.T {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, {Key: types.RevokedNocRootCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } -// Extra cases - // Error cases -func TestHandler_RevokeNocX509Cert_SenderNotVendor(t *testing.T) { +func TestHandler_RevokeNocIntermediateCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) - // add the new NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + // add the first NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // add the first NOC non-root certificate + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) revokeCert := types.NewMsgRevokeNocX509RootCert( setup.Trustee1.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + icaCertificate1.SerialNumber, "", false, ) - _, err = setup.Handler(setup.Ctx, revokeCert) - + _, err := setup.Handler(setup.Ctx, revokeCert) require.Error(t, err) require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) } -func TestHandler_RevokeNocX509Cert_CertificateDoesNotExist(t *testing.T) { +func TestHandler_RevokeNocIntermediateCert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) revokeCert := types.NewMsgRevokeNocX509IcaCert( @@ -404,7 +506,7 @@ func TestHandler_RevokeNocX509Cert_CertificateDoesNotExist(t *testing.T) { require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist) } -func TestHandler_RevokeNocX509Cert_CertificateExists(t *testing.T) { +func TestHandler_RevokeNocIntermediateCert_CertificateExists(t *testing.T) { accAddress := utils.GenerateAccAddress() cases := []struct { diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index bbc6f5b25..79103dcb2 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -7,20 +7,23 @@ import ( "github.com/stretchr/testify/require" testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" - dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) // Main -func TestHandler_RevokeNoRootCert(t *testing.T) { +func TestHandler_RevokeNocRootCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate rootCertificate := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate) + // add the second NOC root certificate + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) + // Revoke NOC root with subject and subject key id only utils.RevokeNocRootCertificate( setup, @@ -35,7 +38,7 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 2}, }, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -46,16 +49,15 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, {Key: types.NocRootCertificatesKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } -func TestHandler_RevokeNocX509RootCert_TwoCerts(t *testing.T) { +func TestHandler_RevokeNocRootCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate @@ -66,28 +68,19 @@ func TestHandler_RevokeNocX509RootCert_TwoCerts(t *testing.T) { rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate2) - // add the first NOC non-root certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) - - // Revoke NOC root with subject and subject key id only + // Revoke NOC root with subject and subject key id by serial number utils.RevokeNocRootCertificate( setup, setup.Vendor1, rootCertificate.Subject, rootCertificate.SubjectKeyId, - "", + rootCertificate.SerialNumber, false, ) // Check indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 2}, - {Key: types.NocIcaCertificatesKeyPrefix}, // inter exists - }, - Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -96,68 +89,46 @@ func TestHandler_RevokeNocX509RootCert_TwoCerts(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, {Key: types.NocRootCertificatesKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // Check indexes - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 1}, }, Missing: []utils.TestIndex{ - {Key: types.NocRootCertificatesKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } -func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { +func TestHandler_RevokeNocRootCert_BySubjectAndSKID_KeepChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.RootNocCertificate1(setup.Vendor1) - utils.AddNocRootCertificate(setup, rootCertificate) + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) // add the second NOC root certificate rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate2) // add the first NOC non-root certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) - // Revoke NOC root with subject and subject key id only + // Revoke NOC with subject and subject key id only utils.RevokeNocRootCertificate( setup, setup.Vendor1, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, "", - true, - ) + false) - // Check indexes + // Check state indexes for intermediate certificate indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 2}, - }, - Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -165,63 +136,47 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, {Key: types.NocIcaCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // Check indexes - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, {Key: types.NocRootCertificatesKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) } -func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { +func TestHandler_RevokeNocRootCert_BySerialNumber_KeepChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.RootNocCertificate1(setup.Vendor1) - utils.AddNocRootCertificate(setup, rootCertificate) + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) // add the second NOC root certificate rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate2) // add the first NOC non-root certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) - // Revoke NOC root with subject and subject key id by serial number + // Revoke NOC with subject and subject key id only utils.RevokeNocRootCertificate( setup, setup.Vendor1, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - rootCertificate.SerialNumber, - false, - ) + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, + rootCertificate1.SerialNumber, + false) - // Check indexes + // Check state indexes for intermediate certificate indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -231,23 +186,53 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we created root certificate with same vid + {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 1}, - {Key: types.NocIcaCertificatesKeyPrefix}, // inter exists + {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) +} - // Check indexes - indexes = utils.TestIndexes{ +func TestHandler_RevokeNocRootCert_BySubjectAndSKID_RevokeChild(t *testing.T) { + setup := utils.Setup(t) + + // add the first NOC root certificate + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) + + // the second NOC root certificate + rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate2) + + // add the NOC intermediate certificate + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) + + // Revoke noc with subject and subject key id and its child too + utils.RevokeNocRootCertificate( + setup, + setup.Vendor1, + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, + "", + true) + + // Check indexes for ica + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 1}, + }, + Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -257,45 +242,46 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ {Key: types.RevokedNocRootCertificatesKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) } -func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing.T) { +func TestHandler_RevokeNocRootCert_BySerialNumber_RevokeChild(t *testing.T) { setup := utils.Setup(t) // add the first NOC root certificate - rootCertificate := utils.RootNocCertificate1(setup.Vendor1) - utils.AddNocRootCertificate(setup, rootCertificate) + rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate1) - // add the second NOC root certificate + // the second NOC root certificate rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate2) - // add the first NOC non-root certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) + // add the NOC intermediate certificate + icaCertificate1 := utils.IntermediateNocCertificate1(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, icaCertificate1) - // Revoke NOC root with subject and subject key id by serial number + // Revoke noc with subject and subject key id and its child too utils.RevokeNocRootCertificate( setup, setup.Vendor1, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - rootCertificate.SerialNumber, - true, - ) + rootCertificate1.Subject, + rootCertificate1.SubjectKeyId, + rootCertificate1.SerialNumber, + true) - // Check indexes + // Check indexes for ica indexes := utils.TestIndexes{ Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + }, + Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -303,25 +289,39 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 1}, - }, - Missing: []utils.TestIndex{ - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) +} + +func TestHandler_RevokeNocRootCert_OtherVendor(t *testing.T) { + setup := utils.Setup(t) + + otherVendorAddress := setup.CreateVendorAccount(testconstants.Vid) + + // add the first NOC root certificate + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) + + // Revoke NOC root with subject and subject key id only + utils.RevokeNocRootCertificate( + setup, + otherVendorAddress, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + "", + false, + ) // Check indexes - indexes = utils.TestIndexes{ + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -331,41 +331,39 @@ func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } -// Extra cases - // Error cases -func TestHandler_RevokeNocX509RootCert_SenderNotVendor(t *testing.T) { +func TestHandler_RevokeNocRootCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) // add the new NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(setup.Vendor1.String(), testconstants.NocRootCert1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.NoError(t, err) + rootCertificate := utils.RootNocCertificate1(setup.Vendor1) + utils.AddNocRootCertificate(setup, rootCertificate) revokeCert := types.NewMsgRevokeNocX509RootCert( setup.Trustee1.String(), - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1SerialNumber, + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + rootCertificate.SerialNumber, "", false, ) - _, err = setup.Handler(setup.Ctx, revokeCert) - + _, err := setup.Handler(setup.Ctx, revokeCert) require.Error(t, err) require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) } -func TestHandler_RevokeNocX509RootCert_CertificateDoesNotExist(t *testing.T) { +func TestHandler_RevokeNocRootCert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) revokeCert := types.NewMsgRevokeNocX509RootCert( @@ -382,9 +380,7 @@ func TestHandler_RevokeNocX509RootCert_CertificateDoesNotExist(t *testing.T) { require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist) } -func TestHandler_RevokeNocX509RootCert_CertificateExists(t *testing.T) { - accAddress := utils.GenerateAccAddress() - +func TestHandler_RevokeNocRootCert_CertificateExists(t *testing.T) { cases := []struct { name string existingCert *types.Certificate @@ -456,16 +452,11 @@ func TestHandler_RevokeNocX509RootCert_CertificateExists(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { setup := utils.Setup(t) - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + accAddress := setup.CreateVendorAccount(testconstants.Vid) // add the existing certificate - setup.Keeper.AddNocCertificate(setup.Ctx, *tc.existingCert) - uniqueCertificate := types.UniqueCertificate{ - Issuer: tc.existingCert.Issuer, - SerialNumber: tc.existingCert.SerialNumber, - Present: true, - } - setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) + utils.AddMokedNocCertificate(setup, *tc.existingCert) revokeCert := types.NewMsgRevokeNocX509RootCert( accAddress.String(), diff --git a/x/pki/tests/handler_revoke_paa_cert_test.go b/x/pki/tests/handler_revoke_paa_cert_test.go deleted file mode 100644 index be1972bf9..000000000 --- a/x/pki/tests/handler_revoke_paa_cert_test.go +++ /dev/null @@ -1,925 +0,0 @@ -package tests - -import ( - "math" - "testing" - - sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" - "github.com/stretchr/testify/require" - testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" - pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" - dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" - "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" -) - -// Main - -// Propose - -func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - - // propose revocation of x509 root certificate by `setup.Trustee` - utils.ProposeRevokeDaRootCertificate( - setup, - setup.Trustee1, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - rootCertificate.SerialNumber, - false) - - // Check: Certificate is proposed to revoke - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - }, - } - resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // additional check - require.True(t, resolvedCertificates.ProposedRevocation.HasRevocationFrom(setup.Trustee1.String())) -} - -func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - - // add another trustee - anotherTrustee := setup.CreateTrusteeAccount(1) - - // propose revocation of x509 root certificate by new trustee - utils.ProposeRevokeDaRootCertificate( - setup, - anotherTrustee, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - rootCertificate.SerialNumber, - false) - - // Check: Certificate is proposed to revoke - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - }, - } - resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // additional check - require.True(t, resolvedCertificates.ProposedRevocation.HasRevocationFrom(anotherTrustee.String())) -} - -// Propose + Approve - -func TestHandler_RevokeDaRootCert(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 root certificate by `setup.Trustee` and approve by another trustee - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - - // revoke certificate - proposeAndApproveCertificateRevocation( - t, - setup, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - "", - ) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) -} - -func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist(t *testing.T) { - setup := utils.Setup(t) - - // add root certificates - rootCertificate1 := utils.RootDaCertWithSameSubjectKeyID1(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) - - rootCertificate2 := utils.RootDaCertificateWithSameSubjectKeyID2(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) - - // revoke Certificate1 certificate - proposeAndApproveCertificateRevocation( - t, - setup, - rootCertificate1.Subject, - rootCertificate1.SubjectKeyId, - "", - ) - - // Check state indexes - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, // another cert with same SKID exists - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, // another cert with same SKID exist - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) - - // second still exists - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) -} - -func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndSkidExist(t *testing.T) { - setup := utils.Setup(t) - - rootCertificate1 := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) - - rootCertificate2 := utils.RootDaCertificateWithSameSubjectAndSKID2(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) - - // revoke Certificate1 certificate - proposeAndApproveCertificateRevocation( - t, - setup, - testconstants.RootCertWithSameSubjectAndSKIDSubject, - testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, - testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, - ) - - // Check: Certificate1 - RevokedCertificates - present - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, - {Key: types.ApprovedCertificatesKeyPrefix, Count: 1}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 1}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) - - // revoke Certificate2 certificate - proposeAndApproveCertificateRevocation( - t, - setup, - rootCertificate2.Subject, - rootCertificate2.SubjectKeyId, - rootCertificate2.SerialNumber, - ) - - // Check: Certificate1 is revoked - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) -} - -func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { - setup := utils.Setup(t) - - // add root x509 certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - - // root exists - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // Create an array of trustee account from 1 to 50 - trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() - - // We have 3 Trustees in test setup. - twoThirds := int(math.Ceil(types.RootCertificateApprovalsPercent * float64(3+totalAdditionalTrustees))) - - // Trustee1 proposes to revoke the certificate - utils.ProposeRevokeDaRootCertificate( - setup, - setup.Trustee1, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - rootCertificate.SerialNumber, - false) - - // Until we hit 2/3 of the total number of Trustees, we should not be able to revoke the certificate - // We start the counter from 2 as the proposer is a trustee as well - for i := 1; i < twoThirds-1; i++ { - // approve the revocation - utils.ApproveRevokeDaRootCertificate( - setup, - trusteeAccounts[i], - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - rootCertificate.SerialNumber) - - // check that the certificate is still not revoked - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - } - - // One more revoke will revoke the certificate - utils.ApproveRevokeDaRootCertificate( - setup, - setup.Trustee2, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - rootCertificate.SerialNumber) - - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.RevokedRootCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - - // Check: Revoked - present - revokedCertificate, err := utils.QueryRevokedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - require.Equal(t, testconstants.RootIssuer, revokedCertificate.Certs[0].Subject) - require.Equal(t, testconstants.RootSerialNumber, revokedCertificate.Certs[0].SerialNumber) - require.True(t, revokedCertificate.Certs[0].IsRoot) - - // Make sure all the approvals are present - for i := 1; i < twoThirds-1; i++ { - require.Equal(t, revokedCertificate.Certs[0].HasApprovalFrom(trusteeAccounts[i].String()), true) - } - require.Equal(t, revokedCertificate.Certs[0].HasApprovalFrom(setup.Trustee1.String()), true) - require.Equal(t, revokedCertificate.Certs[0].HasApprovalFrom(setup.Trustee2.String()), true) -} - -//nolint:funlen -func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { - setup := utils.Setup(t) - - // add root x509 certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - - // add intermediate x509 certificate - intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - - // add leaf x509 certificate - leafCertificate := utils.LeafCertificate(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, leafCertificate) - - // propose revocation of x509 root certificate - utils.ProposeRevokeDaRootCertificate( - setup, - setup.Trustee1, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - "", - true) - - // approve - utils.ApproveRevokeDaRootCertificate( - setup, - setup.Trustee2, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - "") - - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) - utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) -} - -// Extra cases - -func TestHandler_ApproveRevokeX509RootCert_ForNotEnoughApprovals(t *testing.T) { - setup := utils.Setup(t) - - // propose and approve x509 root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - - // Add 1 more trustee (this will bring the total trustee's to 4) - setup.CreateTrusteeAccount(1) - - // propose revocation of x509 root certificate - utils.ProposeRevokeDaRootCertificate( - setup, - setup.Trustee1, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - rootCertificate.SerialNumber, - false) - - // approve - utils.ApproveRevokeDaRootCertificate( - setup, - setup.Trustee2, - rootCertificate.Subject, - rootCertificate.SubjectKeyId, - rootCertificate.SerialNumber) - - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - {Key: types.ProposedCertificateRevocationKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) -} - -// Error cases - -func TestHandler_ProposeRevokeX509RootCert_ByNotTrustee(t *testing.T) { - setup := utils.Setup(t) - - // propose and approve x509 root certificate - rootCert := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - - for _, role := range []dclauthtypes.AccountRole{ - dclauthtypes.Vendor, - dclauthtypes.CertificationCenter, - dclauthtypes.NodeAdmin, - } { - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) - - // propose revocation of x509 root certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - accAddress.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, false, testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.Error(t, err) - require.True(t, sdkerrors.ErrUnauthorized.Is(err)) - } -} - -func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExist(t *testing.T) { - setup := utils.Setup(t) - - // propose revocation of not existing certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - false, - testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.Error(t, err) - require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) -} - -func TestHandler_ProposeRevokeX509RootCert_CertificateDoesNotExistBySerialNumber(t *testing.T) { - setup := utils.Setup(t) - // propose and approve x509 root certificate - rootCert := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - - // revoke x509 certificate - revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - "invalid", - false, - testconstants.Info, - ) - _, err := setup.Handler(setup.Ctx, revokeX509Cert) - require.Error(t, err) - require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) -} - -func TestHandler_ProposeRevokeX509RootCert_ForProposedCertificate(t *testing.T) { - setup := utils.Setup(t) - - // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - testconstants.RootCertPem, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - // check that proposed certificate is present - proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NotNil(t, proposedCertificate) - - // propose revocation of proposed root certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - false, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.Error(t, err) - require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) -} - -func TestHandler_ProposeRevokeX509RootCert_ProposedRevocationAlreadyExists(t *testing.T) { - setup := utils.Setup(t) - - // propose and approve x509 root certificate - rootCert := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - - // propose revocation of x509 root certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, false, testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) - - // store another trustee - anotherTrustee := setup.CreateTrusteeAccount(1) - - // propose revocation of the same x509 root certificate again - proposeRevokeX509RootCert = types.NewMsgProposeRevokeX509RootCert( - anotherTrustee.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.RootSerialNumber, false, testconstants.Info) - _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.Error(t, err) - require.True(t, pkitypes.ErrProposedCertificateRevocationAlreadyExists.Is(err)) -} - -func TestHandler_ProposeRevokeX509RootCert_ForNonRootCertificate(t *testing.T) { - setup := utils.Setup(t) - - // store x509 root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) - - // store x509 intermediate certificate - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) - - // propose revocation of x509 intermediate certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.RootSerialNumber, - false, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.Error(t, err) - require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) -} - -func TestHandler_ApproveRevokeX509RootCert_ByNotTrustee(t *testing.T) { - setup := utils.Setup(t) - - // propose and approve x509 root certificate - rootCert := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - - // propose revocation of x509 root certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - false, - testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) - - for _, role := range []dclauthtypes.AccountRole{ - dclauthtypes.Vendor, - dclauthtypes.CertificationCenter, - dclauthtypes.NodeAdmin, - } { - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) - - // approve - approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - accAddress.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.Error(t, err) - require.True(t, sdkerrors.ErrUnauthorized.Is(err)) - } -} - -func TestHandler_ApproveRevokeX509RootCert_ProposedRevocationDoesNotExist(t *testing.T) { - setup := utils.Setup(t) - - // propose and approve x509 root certificate - rootCert := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - - // approve revocation of x509 root certificate - approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - testconstants.Info) - _, err := setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.Error(t, err) - require.True(t, pkitypes.ErrProposedCertificateRevocationDoesNotExist.Is(err)) -} - -func TestHandler_ApproveRevokeX509RootCert_Twice(t *testing.T) { - setup := utils.Setup(t) - - // propose and approve x509 root certificate - rootCert := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - - // propose revocation of x509 root certificate - proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - false, - testconstants.Info) - _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) - require.NoError(t, err) - - // approve revocation by the same trustee - approveRevokeX509RootCert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) - require.Error(t, err) - require.True(t, sdkerrors.ErrUnauthorized.Is(err)) -} - -func TestHandler_RevocationPointsByIssuerSubjectKeyID(t *testing.T) { - setup := utils.Setup(t) - - vendorAcc := setup.CreateVendorAccount(65521) - - // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( - setup.Trustee1.String(), - testconstants.PAACertWithNumericVid, - testconstants.Info, - testconstants.Vid, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - // approve - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), - testconstants.PAACertWithNumericVidSubject, - testconstants.PAACertWithNumericVidSubjectKeyID, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) - - revocationPointBySubjectKeyID, isFound := setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) - require.False(t, isFound) - require.Equal(t, len(revocationPointBySubjectKeyID.Points), 0) - - addPkiRevocationDistributionPoint := types.MsgAddPkiRevocationDistributionPoint{ - Signer: vendorAcc.String(), - Vid: testconstants.PAACertWithNumericVidVid, - IsPAA: true, - Pid: 8, - CrlSignerCertificate: testconstants.PAACertWithNumericVid, - Label: "label", - DataURL: testconstants.DataURL + "/1", - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, - RevocationType: 1, - } - _, err = setup.Handler(setup.Ctx, &addPkiRevocationDistributionPoint) - require.NoError(t, err) - - revocationPointBySubjectKeyID, isFound = setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) - require.True(t, isFound) - require.Equal(t, len(revocationPointBySubjectKeyID.Points), 1) - - addPkiRevocationDistributionPoint = types.MsgAddPkiRevocationDistributionPoint{ - Signer: vendorAcc.String(), - Vid: testconstants.PAACertWithNumericVidVid, - IsPAA: true, - Pid: 8, - CrlSignerCertificate: testconstants.PAACertWithNumericVid, - Label: "label1", - DataURL: testconstants.DataURL + "/2", - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, - RevocationType: 1, - } - _, err = setup.Handler(setup.Ctx, &addPkiRevocationDistributionPoint) - require.NoError(t, err) - - revocationPointBySubjectKeyID, isFound = setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) - require.True(t, isFound) - require.Equal(t, len(revocationPointBySubjectKeyID.Points), 2) - - dataURLNew := testconstants.DataURL + "/new" - updatePkiRevocationDistributionPoint := types.MsgUpdatePkiRevocationDistributionPoint{ - Signer: vendorAcc.String(), - Vid: testconstants.PAACertWithNumericVidVid, - CrlSignerCertificate: testconstants.PAACertWithNumericVid, - Label: "label", - DataURL: dataURLNew, - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, - } - _, err = setup.Handler(setup.Ctx, &updatePkiRevocationDistributionPoint) - require.NoError(t, err) - - revocationPointBySubjectKeyID, isFound = setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) - require.True(t, isFound) - require.Equal(t, len(revocationPointBySubjectKeyID.Points), 2) - require.Equal(t, revocationPointBySubjectKeyID.Points[0].CrlSignerCertificate, updatePkiRevocationDistributionPoint.CrlSignerCertificate) - require.Equal(t, revocationPointBySubjectKeyID.Points[0].DataURL, updatePkiRevocationDistributionPoint.DataURL) - - deletePkiRevocationDistributionPoint := types.MsgDeletePkiRevocationDistributionPoint{ - Signer: vendorAcc.String(), - Vid: 65521, - Label: "label", - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, - } - _, err = setup.Handler(setup.Ctx, &deletePkiRevocationDistributionPoint) - require.NoError(t, err) - - revocationPointBySubjectKeyID, isFound = setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) - require.True(t, isFound) - require.Equal(t, len(revocationPointBySubjectKeyID.Points), 1) -} - -func TestHandler_AddRevocationPointForSameCertificateWithDifferentWhitespaces(t *testing.T) { - setup := utils.Setup(t) - - vendorAcc := setup.CreateVendorAccount(65521) - - // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.PAACertWithNumericVid, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - // approve - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), testconstants.PAACertWithNumericVidSubject, testconstants.PAACertWithNumericVidSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) - - addPkiRevocationDistributionPoint := types.MsgAddPkiRevocationDistributionPoint{ - Signer: vendorAcc.String(), - Vid: testconstants.PAACertWithNumericVidVid, - IsPAA: true, - Pid: 8, - CrlSignerCertificate: testconstants.PAACertWithNumericVidDifferentWhitespaces, - Label: "label", - DataURL: testconstants.DataURL + "/1", - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, - RevocationType: 1, - } - _, err = setup.Handler(setup.Ctx, &addPkiRevocationDistributionPoint) - require.NoError(t, err) - - revocationPointBySubjectKeyID, isFound := setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) - require.True(t, isFound) - require.Equal(t, len(revocationPointBySubjectKeyID.Points), 1) - require.Equal(t, revocationPointBySubjectKeyID.Points[0].CrlSignerCertificate, addPkiRevocationDistributionPoint.CrlSignerCertificate) -} - -func TestHandler_UpdateRevocationPointForSameCertificateWithDifferentWhitespaces(t *testing.T) { - setup := utils.Setup(t) - - vendorAcc := setup.CreateVendorAccount(65521) - - // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.PAACertWithNumericVid, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) - - // approve - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), testconstants.PAACertWithNumericVidSubject, testconstants.PAACertWithNumericVidSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) - require.NoError(t, err) - - addPkiRevocationDistributionPoint := types.MsgAddPkiRevocationDistributionPoint{ - Signer: vendorAcc.String(), - Vid: testconstants.PAACertWithNumericVidVid, - IsPAA: true, - Pid: 8, - CrlSignerCertificate: testconstants.PAACertWithNumericVid, - Label: "label", - DataURL: testconstants.DataURL + "/1", - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, - RevocationType: 1, - } - _, err = setup.Handler(setup.Ctx, &addPkiRevocationDistributionPoint) - require.NoError(t, err) - - revocationPointBySubjectKeyID, isFound := setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) - require.True(t, isFound) - require.Equal(t, len(revocationPointBySubjectKeyID.Points), 1) - - dataURLNew := testconstants.DataURL + "/new" - updatePkiRevocationDistributionPoint := types.MsgUpdatePkiRevocationDistributionPoint{ - Signer: vendorAcc.String(), - Vid: testconstants.PAACertWithNumericVidVid, - CrlSignerCertificate: testconstants.PAACertWithNumericVidDifferentWhitespaces, - Label: "label", - DataURL: dataURLNew, - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, - } - _, err = setup.Handler(setup.Ctx, &updatePkiRevocationDistributionPoint) - require.NoError(t, err) - - revocationPointBySubjectKeyID, isFound = setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) - require.True(t, isFound) - require.Equal(t, revocationPointBySubjectKeyID.Points[0].CrlSignerCertificate, updatePkiRevocationDistributionPoint.CrlSignerCertificate) - require.Equal(t, revocationPointBySubjectKeyID.Points[0].DataURL, updatePkiRevocationDistributionPoint.DataURL) -} - -func proposeAndApproveCertificateRevocation( - t *testing.T, - setup *utils.TestSetup, - subject string, - subjectKeyID string, - serialNumber string, -) { - t.Helper() - - // revoke certificate - revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( - setup.Trustee1.String(), - subject, - subjectKeyID, - serialNumber, - false, - testconstants.Info) - _, err := setup.Handler(setup.Ctx, revokeX509Cert) - require.NoError(t, err) - - aprRevokeX509Cert := types.NewMsgApproveRevokeX509RootCert( - setup.Trustee2.String(), - subject, - subjectKeyID, - serialNumber, - testconstants.Info) - _, err = setup.Handler(setup.Ctx, aprRevokeX509Cert) - require.NoError(t, err) -} diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index 24af4d42d..21887b45a 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -7,98 +7,159 @@ import ( "github.com/stretchr/testify/require" testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" - dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/tests/utils" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) // Main -func TestHandler_RevokeDaIntermediateCert(t *testing.T) { +func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + // propose and approve x509 root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Add intermediate certificate - intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, intermediateCertificate) + // Add intermediate certificates + testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) - // revoke intermediate certificate + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) + + // revoke only an intermediate certificate utils.RevokeDaIntermediateCertificate( setup, - setup.Vendor1, - intermediateCertificate.Subject, - intermediateCertificate.SubjectKeyId, + vendorAccAddress, + testIntermediateCertificate1.Subject, + testIntermediateCertificate1.SubjectKeyId, "", false) - // Check: Certificate is revoked + // intermediate and leaf are revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, }, Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateRevocationKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) +} - // Check: Root stays approved - indexes = utils.TestIndexes{ +func TestHandler_RevokeDaIntermediateCert_BySerialNumber(t *testing.T) { + setup := utils.Setup(t) + + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // Add intermediate certificates + testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) + + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) + + // revoke only an intermediate certificate + utils.RevokeDaIntermediateCertificate( + setup, + vendorAccAddress, + testIntermediateCertificate1.Subject, + testIntermediateCertificate1.SubjectKeyId, + testIntermediateCertificate1.SerialNumber, + false) + + // check indexes for intermediate certificates + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, + } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + + // revoke intermediate and leaf certificates + utils.RevokeDaIntermediateCertificate( + setup, + vendorAccAddress, + testIntermediateCertificate2.Subject, + testIntermediateCertificate2.SubjectKeyId, + testIntermediateCertificate2.SerialNumber, + false) + + // intermediate and leaf are revoked + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, }, Missing: []utils.TestIndex{ - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) } -func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { +func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_KeepChild(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // add intermediate x509 certificate - intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) - utils.AddDaIntermediateCertificate(setup, intermediateCertificate) + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // Add intermediate certificates + intermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate1) + + intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) // add leaf x509 certificate - leafCertificate := utils.LeafCertificate(setup.Vendor1) + leafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, leafCertificate) // revoke x509 certificate utils.RevokeDaIntermediateCertificate( setup, - setup.Vendor1, - intermediateCertificate.Subject, - intermediateCertificate.SubjectKeyId, + vendorAccAddress, + intermediateCertificate1.Subject, + intermediateCertificate1.SubjectKeyId, "", - true) + false) - // root stays approved + // leaf stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -108,37 +169,65 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { {Key: types.ApprovedCertificatesKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.ChildCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) +} - // intermediate and leaf are revoked - indexes = utils.TestIndexes{ +func TestHandler_RevokeDaIntermediateCert_BySerialNumber_KeepChild(t *testing.T) { + setup := utils.Setup(t) + + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // Add intermediate certificates + intermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate1) + + intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) + + // add leaf x509 certificate + leafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, leafCertificate) + + // revoke x509 certificate + utils.RevokeDaIntermediateCertificate( + setup, + vendorAccAddress, + intermediateCertificate1.Subject, + intermediateCertificate1.SubjectKeyId, + intermediateCertificate1.SerialNumber, + false) + + // leaf stays approved + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, + // {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + // {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } -func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { +func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_RevokeChild(t *testing.T) { setup := utils.Setup(t) // Add vendor account @@ -149,78 +238,123 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add intermediate certificates - testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) + intermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate1) - testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) - - // Add a leaf certificate - testLeafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) - utils.AddDaIntermediateCertificate(setup, testLeafCertificate) + intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) - // get certificates for further comparison - allCerts := setup.Keeper.GetAllApprovedCertificates(setup.Ctx) - require.Equal(t, 3, len(allCerts)) - require.Equal(t, 4, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) + // add leaf x509 certificate + leafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, leafCertificate) - // revoke only an intermediate certificate + // revoke x509 certificate utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress, - testIntermediateCertificate1.Subject, - testIntermediateCertificate1.SubjectKeyId, - testIntermediateCertificate1.SerialNumber, - false) + intermediateCertificate1.Subject, + intermediateCertificate1.SubjectKeyId, + "", + true) - // check indexes for intermediate certificates + // leaf stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, }, - Missing: []utils.TestIndex{}, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) +} - // check indexes for leaf - indexes = utils.TestIndexes{ +func TestHandler_RevokeDaIntermediateCert_BySerialNumber_RevokeChild(t *testing.T) { + setup := utils.Setup(t) + + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // Add intermediate certificates + intermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate1) + + intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) + + // add leaf x509 certificate + leafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, leafCertificate) + + // revoke x509 certificate + utils.RevokeDaIntermediateCertificate( + setup, + vendorAccAddress, + intermediateCertificate1.Subject, + intermediateCertificate1.SubjectKeyId, + intermediateCertificate1.SerialNumber, + true) + + // leaf stays approved + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, + // {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, + // {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, }, - Missing: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix}, - }, } - utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) +} - // revoke intermediate and leaf certificates +func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_ParentExist(t *testing.T) { + setup := utils.Setup(t) + + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // Add intermediate certificates + intermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate1) + + intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) + + // revoke x509 certificate utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress, - testIntermediateCertificate2.Subject, - testIntermediateCertificate2.SubjectKeyId, - testIntermediateCertificate2.SerialNumber, - true) + intermediateCertificate1.Subject, + intermediateCertificate1.SubjectKeyId, + "", + false) - // intermediate and leaf are revoked - indexes = utils.TestIndexes{ + // leaf stays approved + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, - }, - Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -228,17 +362,44 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCert, indexes) +} - // intermediate and leaf are revoked - indexes = utils.TestIndexes{ +func TestHandler_RevokeDaIntermediateCert_BySerialNumber_ParentExist(t *testing.T) { + setup := utils.Setup(t) + + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) + + // Add intermediate certificates + intermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate1) + + intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) + + // revoke x509 certificate + utils.RevokeDaIntermediateCertificate( + setup, + vendorAccAddress, + intermediateCertificate1.Subject, + intermediateCertificate1.SubjectKeyId, + intermediateCertificate1.SerialNumber, + false) + + // leaf stays approved + indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix, Count: 1}, - }, - Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -246,13 +407,15 @@ func TestHandler_RevokeX509Cert_BySerialNumber(t *testing.T) { {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } - utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCert, indexes) } -// Extra cases - -func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { +func TestHandler_RevokeDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // store root certificate @@ -298,7 +461,7 @@ func TestHandler_RevokeX509Cert_ByNotOwnerButSameVendor(t *testing.T) { // Error cases -func TestHandler_RevokeX509Cert_CertificateDoesNotExist(t *testing.T) { +func TestHandler_RevokeDaIntermediateCert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) // revoke x509 certificate @@ -315,7 +478,7 @@ func TestHandler_RevokeX509Cert_CertificateDoesNotExist(t *testing.T) { require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) } -func TestHandler_RevokeX509Cert_CertificateDoesNotExistBySerialNumber(t *testing.T) { +func TestHandler_RevokeDaIntermediateCert_CertificateDoesNotExistBySerialNumber(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate @@ -323,28 +486,24 @@ func TestHandler_RevokeX509Cert_CertificateDoesNotExistBySerialNumber(t *testing utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) // Add intermediate certificate - addIntermediateX509Cert := types.NewMsgAddX509Cert( - setup.Vendor1.String(), - testconstants.IntermediateCertPem, - testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addIntermediateX509Cert) - require.NoError(t, err) + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) // revoke x509 certificate revokeX509Cert := types.NewMsgRevokeX509Cert( setup.Vendor1.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, + intermediateCertificate.Subject, + intermediateCertificate.SubjectKeyId, "invalid", false, testconstants.Info, ) - _, err = setup.Handler(setup.Ctx, revokeX509Cert) + _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateDoesNotExist.Is(err)) } -func TestHandler_RevokeX509Cert_ForRootCertificate(t *testing.T) { +func TestHandler_RevokeDaIntermediateCert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) // propose and approve x509 root certificate @@ -354,9 +513,9 @@ func TestHandler_RevokeX509Cert_ForRootCertificate(t *testing.T) { // revoke x509 root certificate revokeX509Cert := types.NewMsgRevokeX509Cert( setup.Vendor1.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, - testconstants.RootSerialNumber, + rootCert.Subject, + rootCert.SubjectKeyId, + rootCert.SerialNumber, false, testconstants.Info, ) @@ -365,61 +524,55 @@ func TestHandler_RevokeX509Cert_ForRootCertificate(t *testing.T) { require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) } -func TestHandler_RevokeX509Cert_ByOtherVendor(t *testing.T) { +func TestHandler_RevokeDaIntermediateCert_ByVendorWithOtherVid(t *testing.T) { setup := utils.Setup(t) - // store root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // add x509 certificate by first vendor account - addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + // Add intermediate certificate + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) // add second vendor account with VID = 1000 - vendorAccAddress2 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.VendorID1) + vendorAccAddress2 := setup.CreateVendorAccount(testconstants.VendorID1) // revoke x509 certificate by second vendor account revokeX509Cert := types.NewMsgRevokeX509Cert( vendorAccAddress2.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, + intermediateCertificate.Subject, + intermediateCertificate.SubjectKeyId, + intermediateCertificate.SerialNumber, false, testconstants.Info, ) - _, err = setup.Handler(setup.Ctx, revokeX509Cert) + _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) } -func TestHandler_RevokeX509Cert_SenderNotVendor(t *testing.T) { +func TestHandler_RevokeDaIntermediateCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) - // store root certificate - rootCert := utils.RootDaCertificateWithVid(setup.Trustee1) + // propose and approve x509 root certificate + rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Add vendor account - vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - - // add x509 certificate - addX509Cert := types.NewMsgAddX509Cert(vendorAccAddress.String(), testconstants.IntermediateCertWithVid1, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, addX509Cert) - require.NoError(t, err) + // Add intermediate certificate + intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + utils.AddDaIntermediateCertificate(setup, intermediateCertificate) + // Try to revoke By Trustee removeX509Cert := types.NewMsgRevokeX509Cert( setup.Trustee1.String(), - testconstants.IntermediateSubject, - testconstants.IntermediateSubjectKeyID, - testconstants.IntermediateSerialNumber, + intermediateCertificate.Subject, + intermediateCertificate.SubjectKeyId, + intermediateCertificate.SerialNumber, false, testconstants.Info, ) - _, err = setup.Handler(setup.Ctx, removeX509Cert) + _, err := setup.Handler(setup.Ctx, removeX509Cert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) } diff --git a/x/pki/tests/handler_update_revocation_test.go b/x/pki/tests/handler_update_revocation_test.go index dd3638097..b252f0f0c 100644 --- a/x/pki/tests/handler_update_revocation_test.go +++ b/x/pki/tests/handler_update_revocation_test.go @@ -12,6 +12,58 @@ import ( "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) +func TestHandler_UpdateRevocationPointForSameCertificateWithDifferentWhitespaces(t *testing.T) { + setup := utils.Setup(t) + + vendorAcc := setup.CreateVendorAccount(65521) + + // propose x509 root certificate by account Trustee1 + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.PAACertWithNumericVid, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) + require.NoError(t, err) + + // approve + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee2.String(), testconstants.PAACertWithNumericVidSubject, testconstants.PAACertWithNumericVidSubjectKeyID, testconstants.Info) + _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + require.NoError(t, err) + + addPkiRevocationDistributionPoint := types.MsgAddPkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: testconstants.PAACertWithNumericVidVid, + IsPAA: true, + Pid: 8, + CrlSignerCertificate: testconstants.PAACertWithNumericVid, + Label: "label", + DataURL: testconstants.DataURL + "/1", + IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + RevocationType: 1, + } + _, err = setup.Handler(setup.Ctx, &addPkiRevocationDistributionPoint) + require.NoError(t, err) + + revocationPointBySubjectKeyID, isFound := setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) + require.True(t, isFound) + require.Equal(t, len(revocationPointBySubjectKeyID.Points), 1) + + dataURLNew := testconstants.DataURL + "/new" + updatePkiRevocationDistributionPoint := types.MsgUpdatePkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: testconstants.PAACertWithNumericVidVid, + CrlSignerCertificate: testconstants.PAACertWithNumericVidDifferentWhitespaces, + Label: "label", + DataURL: dataURLNew, + IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + } + _, err = setup.Handler(setup.Ctx, &updatePkiRevocationDistributionPoint) + require.NoError(t, err) + + revocationPointBySubjectKeyID, isFound = setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) + require.True(t, isFound) + require.Equal(t, revocationPointBySubjectKeyID.Points[0].CrlSignerCertificate, updatePkiRevocationDistributionPoint.CrlSignerCertificate) + require.Equal(t, revocationPointBySubjectKeyID.Points[0].DataURL, updatePkiRevocationDistributionPoint.DataURL) +} + func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T) { accAddress := utils.GenerateAccAddress() vendorAcc := utils.GenerateAccAddress() diff --git a/x/pki/tests/test-design.md b/x/pki/tests/test-design.md index 39022d17a..486023b3b 100644 --- a/x/pki/tests/test-design.md +++ b/x/pki/tests/test-design.md @@ -15,14 +15,26 @@ Indexes to check: Test cases: * Positive: - * Propose adding of DA root certificate: `TestHandler_ProposeAddDaRootCert` - * Propose adding of previously rejected DA root certificate: ? - * Propose adding of DA root certificate with same Subject/SKID as existing Approved certificate but different Serial - Number: `TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber` (need to rewrite) + * Propose single certificate: `TestHandler_ProposeAddDaRootCert` + * Propose two certificates with same SKID but different Subject: + `TestHandler_ProposeAddDaRootCert_SameSkidButDifferentSubject` + * Propose certificate with Subject/SKID same as existing Approved certificate, but different SerialNumber: + `TestHandler_ProposeAddDaRootCert_DifferentSerialNumber` + * Propose adding of previously rejected certificate: `TestHandler_ProposeAddDaRootCert_PreviouslyRejected` * Negative: - * TBD - -### Propose and approve adding of DA root certificate + * Propose by not Trustee: `TestHandler_ProposeAddDaRootCert_ByNotTrustee` + * Propose invalid certificate: `TestHandler_ProposeAddDaRootCert_ForInvalidCertificate` + * Propose with existing proposed certificate (Subject/SKID): + `TestHandler_ProposeAddDaRootCert_ProposedCertificateAlreadyExists` + * Propose with existing approved certificate (Subject/SKID/SerialNumber): + `TestHandler_ProposeAddDaRootCert_CertificateAlreadyExists` + * Propose not self-signed certificate: `TestHandler_ProposeAddDaRootCert_ForNonRootCertificate` + * Propose not root certificate: `TestHandler_ProposeAddDaRootCert_ForNonRootCertificate` + * Propose NOC root certificate: `TestHandler_ProposeAddDaRootCert_ForNocCertificate` + * Propose with existing approved subject/SKID where signer is not owner of active: + `TestHandler_ProposeAddDaRootCert_ForDifferentSigner` + +### Approve adding of DA root certificate Indexes: @@ -36,15 +48,23 @@ Indexes: Test cases: * Positive: - * Add DA root certificate: `TestHandler_AddDaRootCert`, + * Add certificate: `TestHandler_AddDaRootCert`, `TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded`, `TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees` - * Add two DA root certificates with same SKID but different subject: - `TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject` + * Add two certificates with same SKID but different Subject: + `TestHandler_AddDaRootCert_SameSkid_DifferentSubject` + * Add two certificates with same Subject but different SKID: + * Add two certificates with same Subject and SKID: + `TestHandler_AddDaRootCert_SameSubjectAndSkid_DifferentSerialNumber` + * Approve certificate for not enough approvals: `TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded` + * Approve certificate which was previously rejected by the current user: + `TestHandler_ApproveAddDaRootCert_PreviouslyRejectedByCurrentTrustee` * Negative: - * TBD + * Approve by not Trustee: `TestHandler_ApproveAddDaRootCert_ByNotTrustee` + * Approve of non-existing proposed certificate: `TestHandler_ApproveAddDaRootCert_ForUnknownProposedCertificate` + * Approve certificate already approved by the current user: `TestHandler_ApproveAddDaRootCert_Twice` -### Propose and reject adding of DA root certificate +### Reject adding of DA root certificate Indexes: @@ -60,8 +80,23 @@ Test cases: * Positive: * Propose add reject adding of DA root certificate: `TestHandler_RejectAddDaRootCert`, + `TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees` + * Reject adding of DA root certificate for not enough rejects: `TestHandler_RejectAddDaRootCert`, + `TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees` + * Reject DA root certificate which was previously approved by the current user and certificate has other + approval: + `TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateHasOtherApproval` + * Reject DA root certificate which was previously approved by the current user and certificate has other + rejects: + `TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateHasOtherReject` + * Reject DA root certificate which was previously approved by the current user (and certificate does not have other + rejects/approvals): + `TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateNotHasOtherApproval` * Negative: - * TBD + * Reject by not Trustee: `TestHandler_RejectAddDaRootCert_ByNotTrustee` + * Reject of non-existing proposed certificate: `TestHandler_RejectAddDaRootCert_ForUnknownProposedCertificate` + * Reject certificate already rejected by the current user: + `TestHandler_RejectX509RootCert_TwiceFromTheSameTrustee` ## [Add DA Intermediate](./handler_add_pai_cert_test.go) @@ -78,16 +113,25 @@ Indexes to check: Test cases: * Positive: - * Add DA intermediate certificate: `TestHandler_AddDaIntermediateCert`, + * Add intermediate certificate: `TestHandler_AddDaIntermediateCert`, `TestHandler_AddDaIntermediateCert_VidScoped` - * Add two DA intermediate certificates with same Subject/SKID but different Serial Number: + * Add two certificates with same Subject/SKID but different SerialNumber: `TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber` - * Add tree of DA certificates (root, intermediate, leaf): - `TestHandler_AddDaCert_ForTree` - * Add intermediate DA certificate but other Vendor with the same VID: + * Add two certificates with same Subject but different SKID: ? + * Add two certificates with same SKID but different Subject: ? + * Add tree of certificates (root, intermediate, leaf): `TestHandler_AddDaIntermediateCert_ForTree` + * Add intermediate certificate but other Vendor with the same VID: `TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor` * Negative: - * TBD + * Add by not Vendor: `TestHandler_AddDaIntermediateCert_SenderNotVendor` + * Add invalid certificate: `TestHandler_AddDaIntermediateCert_ForInvalidCertificate` + * Add self-signed certificate: `TestHandler_AddDaIntermediateCert_ForRootCertificate` + * Add with existing issuer/serial number: `TestHandler_AddDaIntermediateCert_ForDuplicate` + * Add for root certificate: `TestHandler_AddDaIntermediateCert_ForRootCertificate` + * Add for root NOC certificate: `TestHandler_AddDaIntermediateCert_RootIsNoc` + * Add NOC certificate: TBD + * Add with different VID: `TestHandler_AddDaIntermediateCert_ByOtherVendor` + * Add with invalid chain: `TestHandler_AddDaIntermediateCert_ForAbsentDirectParentCert` ## [Revoke DA Root](./handler_revoke_paa_cert_test.go) @@ -107,12 +151,24 @@ Indexes to check: Test cases: * Positive: - * Propose revocation of DA root certificate: `TestHandler_ProposeRevokeDaRootCert` - * Propose revocation of DA root certificate by not owner: `TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner` + * Propose revocation by Subject/SKID/SerialNumber - single certificate: `TestHandler_ProposeRevokeDaRootCert` + * Propose revocation by Subject/SKID/SerialNumber - two certificates: + `TestHandler_ProposeRevokeDaRootCert_TwoCertificates` + * Propose revocation by Subject/SKID/SerialNumber - revoke child: `TestHandler_ProposeRevokeDaRootCert_RevokeChild` + * Propose revocation by Subject/SKID/SerialNumber - keep child: `TestHandler_ProposeRevokeDaRootCert_KeepChild` + * Propose revocation by other Vendor with the same VID: `TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner` * Negative: - * TBD - -### Propose and approve revocation of DA root certificate + * Propose revocation by not Trustee: `TestHandler_ProposeRevokeDaRootCert_ByNotTrustee` + * Propose revocation of already proposed for revocation: + `TestHandler_ProposeRevokeDaRootCert_ProposedRevocationAlreadyExists` + * Propose revocation of not existing approved certificate (Subject/SKID): + `TestHandler_ProposeRevokeDaRootCert_CertificateDoesNotExist`, + `TestHandler_ProposeRevokeDaRootCert_ForProposedCertificate` + * Propose revocation of not existing approved certificate (Subject/SKID + SerialNumber): + `TestHandler_ProposeRevokeDaRootCert_CertificateDoesNotExistBySerialNumber` + * Propose revocation of not root certificate: `TestHandler_ProposeRevokeDaRootCert_ForNonRootCertificate` + +### Approve revocation of DA root certificate Indexes: @@ -128,12 +184,23 @@ Indexes: Test cases: * Positive: - * Propose and approve revocation of DA root certificate by Subject/SKID: `TestHandler_RevokeDaRootCert`, + * Approve revocation DA root certificate when not enough approvals: + `TestHandler_ApproveRevokeDaRootCert_NotEnoughApprovals` + * Revoke by Subject/SKID: `TestHandler_RevokeDaRootCert_BySubjectAndSKID`, `TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded` - * Revoke DA root certificate by Subject/SKID when two certs with the same SKID exist: - `TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist` + * Revoke by Subject/SKID/SerialNumber: `TestHandler_RevokeDaRootCert_BySerialNumber` + * Revoke by Subject/SKID/SerialNumber - revoke child: `TestHandler_RevokeDaRootCert_RevokeChild` + * Revoke by Subject/SKID/SerialNumber - keep child: `TestHandler_RevokeDaRootCert_KeepChild` + * Revoke by Subject/SKID when two certs with the same SKID exist: + `TestHandler_RevokeDaRootCert_BySubjectAndSkid_TwoCertificatesWithSameSkid` + * Revoke by Subject/SKID when two certs with the same Subject exist: ? * Negative: - * TBD + * Approve revocation by not Trustee: `TestHandler_ApproveRevokeDaRootCert_ByNotTrustee` + * Approve revocation of not existing certificate (Subject/SKID): + `TestHandler_ApproveRevokeDaRootCert_ProposedRevocationDoesNotExist` + * Approve certificate revocation by not existing serial number (Subject/SKID + SerialNumber): + `TestHandler_ApproveRevokeDaRootCert_BySerialNumber_ProposedRevocationDoesNotExist` + * Approve certificate revocation twice by the same user: `TestHandler_ApproveRevokeDaRootCert_Twice` ## [Revoke DA Intermediate](./handler_revoke_pai_cert_test.go) @@ -152,9 +219,26 @@ Indexes to check: Test cases: * Positive: - * Revoke DA intermediate certificate: `TestHandler_RevokeDaIntermediateCert` + * Revoke by Subject/SKID: `TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID` + * Revoke by Subject/SKID/SerialNumber: `TestHandler_RevokeDaIntermediateCert_BySerialNumber` + * Revoke by Subject/SKID - revoke child: `TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_RevokeChild` + * Revoke by Subject/SKID/SerialNumber - revoke child: + `TestHandler_RevokeDaIntermediateCert_BySerialNumber_RevokeChild` + * Revoke by Subject/SKID - keep child: `TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_KeepChild` + * Revoke by Subject/SKID/SerialNumber - keep child: `TestHandler_RevokeDaIntermediateCert_BySerialNumber_KeepChild` + * Revoke by Subject/SKID - parent not affected: `TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_ParentExist` + * Revoke by Subject/SKID/SerialNumber - parent not affected: + `TestHandler_RevokeDaIntermediateCert_BySerialNumber_ParentExist` + * Revoke by Subject/SKID - another certificate with same Subject exist: ? + * Revoke by Subject/SKID - another certificate with same SKID exist: ? + * Revoke by other Vendor with the same VID: `TestHandler_RevokeDaIntermediateCert_ByNotOwnerButSameVendor` * Negative: - * TBD + * Revoke by not Vendor: `TestHandler_RevokeDaIntermediateCert_SenderNotVendor` + * Revoke root certificate: `TestHandler_RevokeDaIntermediateCert_ForRootCertificate` + * Revoke by Vendor with different VID: `TestHandler_RevokeDaIntermediateCert_ByVendorWithOtherVid` + * Revoke not existing certificate (Subject/SKID): `TestHandler_RevokeDaIntermediateCert_CertificateDoesNotExist` + * Revoke not existing certificate by SerialNumber (Subject/SKID + SerialNumber): + `TestHandler_RevokeDaIntermediateCert_CertificateDoesNotExistBySerialNumber` ## [Remove DA Intermediate](./handler_remove_pai_cert_test.go) @@ -172,9 +256,36 @@ Indexes to check: Test cases: * Positive: - * Remove DA intermediate certificate: `TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID` + * Remove by Subject/SKID: `TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID` + * Remove by Subject/SKID/SerialNumber: `TestHandler_RemoveDaIntermediateCert_BySerialNumber` + * Remove by Subject/SKID - parent exist: `TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_ParentExist` + * Remove by Subject/SKID/SerialNumber - parent exist: + `TestHandler_RemoveDaIntermediateCert_BySerialNumber_ParentExist` + * Remove by Subject/SKID - approved child exist: + `TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_ApprovedChildExist` + * Remove by Subject/SKID/SerialNumber - approved child exist: + `TestHandler_RemoveDaIntermediateCert_BySerialNumber_ApprovedChildExist` + * Remove by Subject/SKID - approved child exist: + `TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedChildExist` + * Remove by Subject/SKID/SerialNumber - approved child exist: + `TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedChildExist` + * Remove by Subject/SKID - revoked certificate: + `TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedCertificate` + * Remove by Subject/SKID/SerialNumber - revoked certificate: + `TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedCertificate` + * Remove by Subject/SKID - revoked and active certificates: + `TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedAndActiveCertificate` + * Remove by Subject/SKID - another certificate with same Subject exist: ? + * Remove by Subject/SKID - another certificate with same SKID exist: ? + * Remove by other Vendor with the same VID: `TestHandler_RemoveDaIntermediateCert_ByNotOwnerButSameVendor` * Negative: - * TBD + * Remove by not Vendor: `TestHandler_RemoveDaIntermediateCert_SenderNotVendor` + * Remove not existing certificated (Subject/SKID): `TestHandler_RemoveDaIntermediateCert_CertificateDoesNotExist` + * Remove not existing certificated (Subject/SKID + SerialNumber): + `TestHandler_RemoveDaIntermediateCert_InvalidSerialNumber` + * Remove root certificate: `TestHandler_RemoveDaIntermediateCert_ForRootCertificate` + * Remove NOC certificate: `TestHandler_RemoveDaIntermediateCert_ForNocIcaCertificate` + * Remove by other Vendor with different VID: `TestHandler_RemoveDaIntermediateCert_ByOtherVendor` ## [Add Noc Root](./handler_add_noc_root_cert_test.go) @@ -190,11 +301,19 @@ Indexes to check: Test cases: * Positive: - * Add Noc root certificate: `TestHandler_AddNocRootCert` - * Add two Noc root certificates with same subject/skid but different serial number: + * Add certificate: `TestHandler_AddNocRootCert` + * Add two certificates with same Subject/SKID but different SerialNumber: `TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber` + * Add certificates with same Subject but different SKID: ? + * Add two certificates with same SKID but different Subject: ? + * Add two certificates but different Vendors with same VID: `TestHandler_AddNocRootCert_ByNotOwnerButSameVendor` * Negative: - * TBD + * Add by not Vendor: `TestHandler_AddNocRootCert_SenderNotVendor` + * Add invalid certificate: `TestHandler_AddNocRootCert_InvalidCertificate:NotValidPemCertificate` + * Add not root: `TestHandler_AddNocRootCert_InvalidCertificate:NonRootCertificate` + * Add with existing Issuer/SerialNumber: `TestHandler_AddNocRootCert_CertificateExist:Duplicate` + * Add DA certificate: `TestHandler_AddNocRootCert_CertificateExist:ExistingNotNocCert` + * Add by Vendor with different VID: `TestHandler_AddNocRootCert_CertificateExist:ExistingCertWithDifferentVid` ## [Add Noc Intermediate](./handler_add_noc_ica_cert_test.go) @@ -211,11 +330,21 @@ Indexes to check: Test cases: * Positive: - * Add Noc intermediate certificate: `TestHandler_AddNocIntermediateCert` - * Add two Noc intermediate certificates with same subject/skid but different serial number: + * Add certificate: `TestHandler_AddNocIntermediateCert` + * Add two certificates with same Subject/SKID but different SerialNumber: `TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber` + * Add two certificates with same Subject but different SKID: ? + * Add two certificates with same SKID but different Subject: ? + * Add two certificates but different Vendors with same VID: + `TestHandler_AddNocIntermediateCert_ByNotOwnerButSameVendor` * Negative: - * TBD + * Add by not Vendor: `TestHandler_AddNocIntermediateCert_SenderNotVendor` + * Add invalid certificate: `TestHandler_AddNocIntermediateCert_ForInvalidCertificate` + * Add NOC root: `TestHandler_AddNocIntermediateCert_ForNocRootCertificate` + * Add with existing Issuer/SerialNumber: `TestHandler_AddNocIntermediateCert_CertificateExist` + * Add for invalid chain of parent certificates: `TestHandler_AddNocIntermediateCert_WhenNocRootCertIsAbsent` + * Add DA certificate: `TestHandler_AddNocIntermediateCert_ForRootNonNocCertificate` + * Add by Vendor with different VID: `TestHandler_AddNocIntermediateCert_Root_VID_Does_Not_Equal_To_AccountVID` ## [Revoke Noc Root](./handler_revoke_noc_root_cert_test.go) @@ -230,9 +359,23 @@ Indexes: * `Noc Certificates`: Subject+SKID, SKID, Subject, VID (root), VID+SKID * Positive: - * Revoke Noc root certificate: `TestHandler_RevokeNoRootCert` + * Revoke by Subject/SKID: `TestHandler_RevokeNocRootCert_BySubjectAndSKID` + * Revoke by Subject/SKID/SerialNumber: `TestHandler_RevokeNocRootCert_BySerialNumber` + * Revoke by Subject/SKID - revoke child: `TestHandler_RevokeNocRootCert_BySubjectAndSKID_RevokeChild` + * Revoke by Subject/SKID/SerialNumber - revoke child: `TestHandler_RevokeNocRootCert_BySerialNumber_RevokeChild` + * Revoke by Subject/SKID - keep child: `TestHandler_RevokeNocRootCert_BySubjectAndSKID_KeepChild` + * Revoke by Subject/SKID/SerialNumber - keep child: `TestHandler_RevokeNocRootCert_BySerialNumber_KeepChild` + * Revoke by Subject/SKID - another certificate with same Subject exist: ? + * Revoke by Subject/SKID - another certificate with same SKID exist: ? + * Revoke by other Vendor with the same VID: `TestHandler_RevokeNocRootCert_OtherVendor` * Negative: - * TBD + * Revoke by not Vendor: `TestHandler_RevokeNocRootCert_SenderNotVendor` + * Revoke not existing certificate (Subject/SKID): `TestHandler_RevokeNocRootCert_CertificateDoesNotExist` + * Revoke not existing certificate by SerialNumber (Subject/SKID + SerialNumber): + `TestHandler_RevokeNocRootCert_CertificateExists` + * Revoke not root certificate: `TestHandler_RevokeNocRootCert_CertificateExists` + * Revoke not NOC certificate: `TestHandler_RevokeNocRootCert_CertificateExists` + * Revoke by Vendor with different VID: `TestHandler_RevokeNocRootCert_CertificateExists` ## [Revoke Noc Ica](./handler_revoke_noc_ica_cert_test.go) @@ -250,9 +393,27 @@ Indexes: Test cases: * Positive: - * Revoke Noc ica certificate: `TestHandler_RevokeNocIntermediateCert` + * Revoke by Subject/SKID: `TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID` + * Revoke by Subject/SKID/SerialNumber: `TestHandler_RevokeNocIntermediateCert_BySerialNumber` + * Revoke by Subject/SKID - revoke child: `TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID_RevokeChild` + * Revoke by Subject/SKID/SerialNumber - revoke child: + `TestHandler_RevokeNocIntermediateCert_BySerialNumber_RevokehChild` + * Revoke by Subject/SKID - keep child: `TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID_KeepChild` + * Revoke by Subject/SKID/SerialNumber - keep child: `TestHandler_RevokeNocIntermediateCert_BySerialNumber_KeepChild` + * Revoke by Subject/SKID - parent not affected: `TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID_ParentExist` + * Revoke by Subject/SKID/SerialNumber - parent not affected: + `TestHandler_RevokeNocIntermediateCert_BySerialNumber_ParentExist` + * Revoke by Subject/SKID - another certificate with same Subject exist: ? + * Revoke by Subject/SKID - another certificate with same SKID exist: ? + * Revoke by other Vendor with the same VID: `TestHandler_RevokeNocIntermediateCert_ByOtherVendor` * Negative: - * TBD + * Revoke by not Vendor: `TestHandler_RevokeNocIntermediateCert_SenderNotVendor` + * Revoke not existing certificate by Subject/SKID: `TestHandler_RevokeNocIntermediateCert_CertificateDoesNotExist` + * Revoke not existing certificate by Subject/SKID/SerialNumber: + `TestHandler_RevokeNocIntermediateCert_CertificateExists` + * Revoke root certificate: `TestHandler_RevokeNocIntermediateCert_CertificateExists` + * Revoke root DA certificate: `TestHandler_RevokeNocIntermediateCert_CertificateExists` + * Revoke by Vendor with different VID: `TestHandler_RevokeNocIntermediateCert_CertificateExists` ## [Remove Noc Root](./handler_remove_noc_root_cert_test.go) @@ -269,9 +430,27 @@ Indexes to check: Test cases: * Positive: - * Remove Noc root certificate by Subject/SKID: `TestHandler_RemoveNocRootCert` + * Remove by Subject/SKID: `TestHandler_RemoveNocRootCert_BySubjectAndSKID` + * Remove by Subject/SKID/SerialNumber: `TestHandler_RemoveNocRootCert_BySerialNumber` + * Remove by Subject/SKID - child exist: `TestHandler_RemoveNocRootCert_BySubjectAndSKID_ChildExist` + * Remove by Subject/SKID/SerialNumber - child exist: `TestHandler_RemoveNocRootCert_BySerialNumber_ChildExist` + * Remove by Subject/SKID - revoked certificate: + `TestHandler_RemoveNocRootCert_BySubjectAndSKID_RevokedCertificate` + * Remove by Subject/SKID/SerialNumber - revoked certificate: + `TestHandler_RemoveNocRootCert_BySerialNumber_RevokedCertificate` + * Remove by Subject/SKID - revoked and active certificates: + `TestHandler_RemoveNocRootCert_BySubjectAndSKID_RevokedAndActiveCertificate` + * Remove by Subject/SKID - another certificate with same Subject exist: ? + * Remove by Subject/SKID - another certificate with same SKID exist: ? + * Remove by other Vendor with the same VID: `TestHandler_RemoveNocRootCert_ByNotOwnerButSameVendor` * Negative: - * TBD + * Remove by not Vendor: `TestHandler_RemoveNocRootCert_SenderNotVendor` + * Remove not existing certificated (Subject/SKID): `TestHandler_RemoveNocRootCert_CertificateDoesNotExist` + * Remove not existing certificated (Subject/SKID + SerialNumber): + `TestHandler_RemoveNocRootCert_InvalidSerialNumber` + * Remove intermediate certificate: `TestHandler_RemoveNocRootCert_IntermediateCertificate` + * Remove DA certificate: `TestHandler_RemoveNocRootCert_DaCertificate` + * Remove by other Vendor with different VID: `TestHandler_RemoveNocRootCert_ByOtherVendor` ## [Remove Noc Intermediate](./handler_remove_noc_ica_cert_test.go) @@ -289,6 +468,33 @@ Indexes to check: Test cases: * Positive: - * Remove Noc ica certificate by Subject/SKID: `TestHandler_RemoveNocIntermediateCert` + * Remove by Subject/SKID: `TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID` + * Remove by Subject/SKID/SerialNumber: `TestHandler_RemoveNocIntermediateCert_BySerialNumber` + * Remove by Subject/SKID - parent exist: `TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_ParentExist` + * Remove by Subject/SKID/SerialNumber - parent exist: + `TestHandler_RemoveNocIntermediateCert_BySerialNumber_ParentExist` + * Remove by Subject/SKID - approved child exist: + `TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_ApprovedChildExist` + * Remove by Subject/SKID/SerialNumber - approved child exist: + `TestHandler_RemoveNocIntermediateCert_BySerialNumber_ApprovedChildExist` + * Remove by Subject/SKID - revoked child exist: + `TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_RevokedChildExist` + * Remove by Subject/SKID/SerialNumber - revoked child exist: + `TestHandler_RemoveNocIntermediateCert_BySerialNumber_RevokedChildExist` + * Remove by Subject/SKID - revoked certificate: + `TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_RevokedCertificate` + * Remove by Subject/SKID/SerialNumber - revoked certificate: + `TestHandler_RemoveNocIntermediateCert_BySerialNumber_RevokedCertificate` + * Remove by Subject/SKID - revoked and active certificates: + `TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_RevokedAndActiveCertificate` + * Remove by Subject/SKID - another certificate with same Subject exist: ? + * Remove by Subject/SKID - another certificate with same SKID exist: ? + * Remove by other Vendor with the same VID: `TestHandler_RemoveNocIntermediateCert_ByNotOwnerButSameVendor` * Negative: - * TBD \ No newline at end of file + * Remove by not Vendor: `TestHandler_RemoveNocIntermediateCert_SenderNotVendor` + * Remove not existing certificated (Subject/SKID): `TestHandler_RemoveNocIntermediateCert_CertificateDoesNotExist` + * Remove not existing certificated (Subject/SKID + SerialNumber): + `TestHandler_RemoveNocIntermediateCert_InvalidSerialNumber` + * Remove NOC root certificate: `TestHandler_RemoveNocIntermediateCert_ForRoot` + * Remove DA certificate: `TestHandler_RemoveNocIntermediateCert_ForDaCertificate` + * Remove by other Vendor with different VID: `TestHandler_RemoveNocIntermediateCert_ByOtherVendor` \ No newline at end of file diff --git a/x/pki/tests/utils/certificate_assertions.go b/x/pki/tests/utils/certificate_assertions.go index fcd383b96..f84e45e68 100644 --- a/x/pki/tests/utils/certificate_assertions.go +++ b/x/pki/tests/utils/certificate_assertions.go @@ -205,6 +205,8 @@ func CheckCertificateStateIndexes( certificate.SubjectKeyId, certificate.SerialNumber, ) + require.Equal(t, certificate.Subject, proposedRevocation.Subject) + require.Equal(t, certificate.SubjectKeyId, proposedRevocation.SubjectKeyId) resolvedCertificate.ProposedRevocation = proposedRevocation } } diff --git a/x/pki/tests/utils/certificate_helpers.go b/x/pki/tests/utils/certificate_helpers.go index e47bea40f..a43bab701 100644 --- a/x/pki/tests/utils/certificate_helpers.go +++ b/x/pki/tests/utils/certificate_helpers.go @@ -47,6 +47,33 @@ func ProposeAndApproveRootCertificate( require.NoError(setup.T, err) } +func ProposeAndApproveCertificateRevocation( + setup *TestSetup, + subject string, + subjectKeyID string, + serialNumber string, +) { + // revoke certificate + revokeX509Cert := types.NewMsgProposeRevokeX509RootCert( + setup.Trustee1.String(), + subject, + subjectKeyID, + serialNumber, + false, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, revokeX509Cert) + require.NoError(setup.T, err) + + aprRevokeX509Cert := types.NewMsgApproveRevokeX509RootCert( + setup.Trustee2.String(), + subject, + subjectKeyID, + serialNumber, + testconstants.Info) + _, err = setup.Handler(setup.Ctx, aprRevokeX509Cert) + require.NoError(setup.T, err) +} + func AddMokedDaCertificate( setup *TestSetup, certificate types.Certificate, @@ -148,14 +175,14 @@ func ProposeRevokeDaRootCertificate( subject string, subjectKeyID string, serialNumber string, - revokedChild bool, + revokeChild bool, ) *types.MsgProposeRevokeX509RootCert { proposeRevokeX509RootCert := types.NewMsgProposeRevokeX509RootCert( address.String(), subject, subjectKeyID, serialNumber, - revokedChild, + revokeChild, testconstants.Info) _, err := setup.Handler(setup.Ctx, proposeRevokeX509RootCert) require.NoError(setup.T, err) diff --git a/x/pki/tests/utils/certificate_queries_da.go b/x/pki/tests/utils/certificate_queries_da.go index ae6c890e5..5b8f0e2e8 100644 --- a/x/pki/tests/utils/certificate_queries_da.go +++ b/x/pki/tests/utils/certificate_queries_da.go @@ -200,6 +200,23 @@ func QueryRejectedCertificates( return &resp.RejectedCertificate, nil } +func QueryAllProposedCertificates( + setup *TestSetup, +) ([]types.ProposedCertificate, error) { + req := &types.QueryAllProposedCertificateRequest{} + + resp, err := setup.Keeper.ProposedCertificateAll(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return resp.ProposedCertificate, nil +} + func QueryAllApprovedCertificates( setup *TestSetup, ) ([]types.ApprovedCertificates, error) { From e265085c6b4a78943178b218111c3cb7f3fd8ee9 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Wed, 18 Dec 2024 11:44:26 +0300 Subject: [PATCH 10/11] Refactoring PKI unit tests --- x/pki/tests/handler_add_noc_ica_cert_test.go | 14 +- x/pki/tests/handler_add_noc_root_cert_test.go | 11 +- x/pki/tests/handler_add_pai_cert_test.go | 120 ++++++------ .../handler_approve_add_paa_cert_test.go | 107 ++++++----- .../handler_approve_revoke_paa_cert_test.go | 108 +++++------ x/pki/tests/handler_propose_paa_cert_test.go | 177 ++++++++++-------- .../handler_propose_revoke_paa_cert_test.go | 64 +++---- .../tests/handler_reject_add_paa_cert_test.go | 97 +++++----- .../tests/handler_remove_noc_ica_cert_test.go | 115 ++++++------ .../handler_remove_noc_root_cert_test.go | 25 +-- x/pki/tests/handler_remove_pai_cert_test.go | 153 +++++++-------- .../tests/handler_revoke_noc_ica_cert_test.go | 20 +- .../handler_revoke_noc_root_cert_test.go | 18 +- x/pki/tests/handler_revoke_pai_cert_test.go | 98 +++++----- x/pki/tests/test-design.md | 61 +++--- 15 files changed, 592 insertions(+), 596 deletions(-) diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 06d34281a..9fda61ca7 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -36,7 +36,7 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we created root certificate with same vid + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root certificate with same vid exists {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, @@ -61,12 +61,11 @@ func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber // Store the NOC certificate with different serial number intermediateCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - intermediateCertificate.SerialNumber = testconstants.TestSerialNumber utils.AddMokedNocCertificate(setup, intermediateCertificate) // add the new NOC certificate - icaCertificate := utils.IntermediateNocCertificate1(setup.Vendor1) - utils.AddNocIntermediateCertificate(setup, icaCertificate) + intermediateCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) + utils.AddNocIntermediateCertificate(setup, intermediateCertificate2) // Check state indexes indexes := utils.TestIndexes{ @@ -78,7 +77,7 @@ func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 2}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root certificate with same vid exists {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, @@ -91,7 +90,8 @@ func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate2, indexes) } func TestHandler_AddNocIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { @@ -123,7 +123,7 @@ func TestHandler_AddNocIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 2}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root certificate with same vid exists {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index f56b00539..b4039c635 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -21,7 +21,7 @@ func TestHandler_AddNocRootCert(t *testing.T) { rootCertificate := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate) - // Check state indexes + // check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -53,7 +53,7 @@ func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *test rootCertificate1 := utils.RootNocCertificate1(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate1) - // add the new NOC root certificate + // add second NOC root certificate rootCertificate2 := utils.RootNocCertificate1Copy(setup.Vendor1) utils.AddNocRootCertificate(setup, rootCertificate2) @@ -93,7 +93,7 @@ func TestHandler_AddNocRootCert_ByNotOwnerButSameVendor(t *testing.T) { rootCertificate1 := utils.RootNocCertificate1(vendorAccAddress1) utils.AddNocRootCertificate(setup, rootCertificate1) - // add NOC root certificate + // add second NOC root certificate by other vendor rootCertificate2 := utils.RootNocCertificate1Copy(vendorAccAddress2) utils.AddNocRootCertificate(setup, rootCertificate2) @@ -101,10 +101,10 @@ func TestHandler_AddNocRootCert_ByNotOwnerButSameVendor(t *testing.T) { indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, {Key: types.NocCertificatesKeyPrefix, Count: 2}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, {Key: types.NocRootCertificatesKeyPrefix, Count: 2}, {Key: types.UniqueCertificateKeyPrefix}, @@ -132,7 +132,6 @@ func TestHandler_AddNocRootCert_SenderNotVendor(t *testing.T) { testconstants.RootCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) - require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) } diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index e745e9ade..e9eb82796 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -17,11 +17,11 @@ import ( func TestHandler_AddDaIntermediateCert(t *testing.T) { setup := utils.Setup(t) - // add DA root certificate + // Add DA root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // add DA PAI certificate + // Add DA PAI certificate testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) @@ -41,6 +41,10 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { {Key: types.ApprovedRootCertificatesKeyPrefix}, {Key: types.ProposedCertificateKeyPrefix}, {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) @@ -49,13 +53,14 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { setup := utils.Setup(t) + // Add vendor accAddress := setup.CreateVendorAccount(testconstants.PAACertWithNumericVidVid) - // store root certificate + // Store root certificate testRootCertificate := utils.RootDaCertificateWithNumericVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) - // add intermediate certificate + // Add intermediate certificate testIntermediateCertificate := utils.IntermediateDaCertificateWithNumericPidVid(accAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) @@ -83,28 +88,28 @@ func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - // store root certificate - rootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + // Add vendor account + vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // store intermediate certificate with different serial number - intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) - intermediateCertificate.SerialNumber = utils.SerialNumber - utils.AddMokedDaCertificate(setup, intermediateCertificate) + // add root certificate + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // store intermediate certificate second time - testIntermediateCertificate1 := utils.IntermediateDaCertificate(setup.Vendor1) + // Add intermediate certificates + testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) - // query All approved certificate + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) + + // check count of certificates allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) require.Equal(t, 2, len(allApprovedCertificates)) // root + intermediate - // query All certificate allCertificates, _ := utils.QueryAllCertificatesAll(setup) require.Equal(t, 2, len(allCertificates)) // root + intermediate - // Check indexes for certificate1 + // Check state indexes for intermediate certificates indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -123,36 +128,34 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) - // additional checks - require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].SerialNumber, intermediateCertificate.SerialNumber) - require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[1].SerialNumber, testIntermediateCertificate1.SerialNumber) + // additional checks - serial numbers + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].SerialNumber, testIntermediateCertificate1.SerialNumber) + require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[1].SerialNumber, testIntermediateCertificate2.SerialNumber) require.NotEqual( t, resolvedCertificates.ApprovedCertificates.Certs[0].SerialNumber, resolvedCertificates.ApprovedCertificates.Certs[1].SerialNumber, ) - - // Check indexes for certificate2 - utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) } func TestHandler_AddDaIntermediateCert_ForTree(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate + // add root certificate testRootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) - // add intermediate x509 certificate + // add intermediate certificate testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) - // add leaf x509 certificate + // add leaf certificate testLeafCertificate := utils.LeafCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, testLeafCertificate) - // Check indexes for root + // Check state indexes - root indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -168,7 +171,7 @@ func TestHandler_AddDaIntermediateCert_ForTree(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) - // Check indexes for intermediate + // Check state indexes - intermediate indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -186,7 +189,7 @@ func TestHandler_AddDaIntermediateCert_ForTree(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) - // Check indexes for leaf + // Check state indexes - leaf (all the same as for intermediate) utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } @@ -194,33 +197,32 @@ func TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // add two vendors with the same VID - vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) - vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) + vendorAccAddress2 := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // store root certificate - testRootCertificate := utils.RootDaCertificate(setup.Trustee1) - utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) + // add root certificate + rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Store an intermediate certificate with the first vendor account as the owner - intermediateCertificate := utils.IntermediateDaCertificate(vendorAccAddress1) - intermediateCertificate.SerialNumber = utils.SerialNumber - utils.AddMokedDaCertificate(setup, intermediateCertificate) + // Add first intermediate certificates by vendor1 + testIntermediateCertificate1 := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress1) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate1) - // add an intermediate certificate with the same subject and SKID by second vendor account - testIntermediateCertificate := utils.IntermediateDaCertificate(vendorAccAddress2) - utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) + // Add second intermediate certificates by vendor2 + testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress2) + utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, {Key: types.ApprovedCertificatesKeyPrefix, Count: 2}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, - {Key: types.ChildCertificatesKeyPrefix, Count: 1}, + {Key: types.ChildCertificatesKeyPrefix, Count: 1}, // by serial number }, Missing: []utils.TestIndex{ {Key: types.ApprovedRootCertificatesKeyPrefix}, @@ -228,7 +230,8 @@ func TestHandler_AddDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { {Key: types.RejectedCertificateKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) } func TestHandler_AddDaIntermediateCert_VIDScopedRoot(t *testing.T) { @@ -240,7 +243,7 @@ func TestHandler_AddDaIntermediateCert_VIDScopedRoot(t *testing.T) { rootCert := utils.RootDaCertificateWithNumericVid(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // add x509 certificate + // add certificate testIntermediateCertificate := utils.IntermediateDaCertificateWithNumericPidVid(accAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) @@ -297,13 +300,14 @@ func TestHandler_AddDaIntermediateCert_NonVIDScopedRoot(t *testing.T) { for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { setup := utils.Setup(t) + // store root certificate utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions) // add vendor account setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, tc.accountVid) - // add x509 certificate + // add certificate addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), tc.childCert, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(setup.T, err) @@ -311,6 +315,7 @@ func TestHandler_AddDaIntermediateCert_NonVIDScopedRoot(t *testing.T) { // query certificate certs, _ := utils.QueryAllApprovedCertificates(setup) require.Equal(t, 2, len(certs)) + intermediateCerts, _ := utils.QueryApprovedCertificates(setup, tc.childCertSubject, tc.childCertSubjectKeyID) require.Equal(t, 1, len(intermediateCerts.Certs)) require.Equal(t, tc.childCertSubject, intermediateCerts.Certs[0].Subject) @@ -333,7 +338,7 @@ func TestHandler_AddDaIntermediateCert_ForInvalidCertificate(t *testing.T) { func TestHandler_AddDaIntermediateCert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) - // add root certificate as leaf x509 certificate + // add root certificate as leaf addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.RootCertPem, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrNonRootCertificateSelfSigned) @@ -347,7 +352,11 @@ func TestHandler_AddDaIntermediateCert_ForDuplicate(t *testing.T) { setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) // store intermediate certificate - addX509Cert := types.NewMsgAddX509Cert(setup.Vendor1.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) + addX509Cert := types.NewMsgAddX509Cert( + setup.Vendor1.String(), + testIntermediateCertificate.PemCert, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) @@ -359,15 +368,19 @@ func TestHandler_AddDaIntermediateCert_ForDuplicate(t *testing.T) { func TestHandler_AddDaIntermediateCert_RootIsNoc(t *testing.T) { setup := utils.Setup(t) - accAddress := setup.CreateVendorAccount(testconstants.IntermediateCertWithVid1Vid) - // Add NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.RootCertPem, testconstants.CertSchemaVersion) + addNocX509RootCert := types.NewMsgAddNocX509RootCert( + setup.Vendor1.String(), + testconstants.RootCertPem, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) - // add x509 certificate - addX509Cert := types.NewMsgAddX509Cert(accAddress.String(), testconstants.IntermediateCertPem, testconstants.CertSchemaVersion) + // add intermediate certificate + addX509Cert := types.NewMsgAddX509Cert( + setup.Vendor1.String(), + testconstants.IntermediateCertPem, + testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addX509Cert) require.ErrorIs(t, err, pkitypes.ErrInappropriateCertificateType) } @@ -450,6 +463,7 @@ func TestHandler_AddDaIntermediateCert_VIDScopedRoot_NegativeCases(t *testing.T) for _, tc := range cases { t.Run(tc.name, func(t *testing.T) { setup := utils.Setup(t) + // store root certificate utils.ProposeAndApproveRootCertificateByOptions(setup, setup.Trustee1, tc.rootCertOptions) diff --git a/x/pki/tests/handler_approve_add_paa_cert_test.go b/x/pki/tests/handler_approve_add_paa_cert_test.go index 1f700d1ac..609281847 100644 --- a/x/pki/tests/handler_approve_add_paa_cert_test.go +++ b/x/pki/tests/handler_approve_add_paa_cert_test.go @@ -18,11 +18,11 @@ import ( func TestHandler_AddDaRootCert(t *testing.T) { setup := utils.Setup(t) - // propose add x509 root certificate by trustee + // Propose add x509 root certificate by trustee rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, rootCertificate) - // approve by second trustee + // Approve by second trustee utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes @@ -40,6 +40,10 @@ func TestHandler_AddDaRootCert(t *testing.T) { Missing: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -48,11 +52,11 @@ func TestHandler_AddDaRootCert(t *testing.T) { func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup := utils.Setup(t) - // propose x509 root certificate by account without trustee role + // propose root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, rootCertificate) - // Create an array of trustee account from 1 to 50 + // create an array of trustee account from 1 to 50 trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() // We have 3 Trustees in test setup. @@ -62,7 +66,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { for i := 1; i < twoThirds-1; i++ { utils.ApproveDaRootCertificate(setup, trusteeAccounts[i], rootCertificate.Subject, rootCertificate.SubjectKeyId) - // Check state indexes + // check state indexes - certificate stays proposed indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -85,7 +89,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { // One more approval will move this to approved state from pending utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - // Check state indexes + // Check state indexes - certificate approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -112,30 +116,28 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { require.Equal(t, resolvedCertificates.ApprovedCertificates.Certs[0].HasApprovalFrom(setup.Trustee2.String()), true) } -func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) { +func TestHandler_AddDaRootCert_FourOfFiveApprovalsAreNeeded(t *testing.T) { setup := utils.Setup(t) // we have 5 trustees: 1 approval comes from propose => we need 3 more approvals // store 4th trustee - fourthTrustee := utils.GenerateAccAddress() - setup.AddAccount(fourthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + fourthTrustee := setup.CreateTrusteeAccount(1) // store 5th trustee - fifthTrustee := utils.GenerateAccAddress() - setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + fifthTrustee := setup.CreateTrusteeAccount(1) - // propose x509 root certificate by account Trustee1 + // propose root certificate by account Trustee1 rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, rootCertificate) - // approve x509 root certificate by account Trustee2 + // approve root certificate by account Trustee2 utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - // approve x509 root certificate by account Trustee3 + // approve root certificate by account Trustee3 utils.ApproveDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyId) - // reject x509 root certificate by account Trustee4 + // reject root certificate by account Trustee4 utils.RejectDaRootCertificate(setup, fourthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyId) // Check state indexes - certificate is in proposed state @@ -157,10 +159,10 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // approve x509 root certificate by account Trustee5 + // approve root certificate by account Trustee5 utils.ApproveDaRootCertificate(setup, fifthTrustee, rootCertificate.Subject, rootCertificate.SubjectKeyId) - // Check state indexes + // Check state indexes - approved indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -183,15 +185,15 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) func TestHandler_AddDaRootCert_SameSkid_DifferentSubject(t *testing.T) { setup := utils.Setup(t) - // add Certificate1 + // add root certificate1 testRootCertificate := utils.RootDaCertWithSameSubjectKeyID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate) - // add Certificate2 + // add root certificate2 testRootCertificate2 := utils.RootDaCertificateWithSameSubjectKeyID2(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, testRootCertificate2) - // Check indexes by subject + subject key id + // Check total number of approved certificates allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) require.Equal(t, 2, len(allApprovedCertificates)) @@ -215,13 +217,10 @@ func TestHandler_AddDaRootCert_SameSkid_DifferentSubject(t *testing.T) { {Key: types.RejectedCertificateKeyPrefix}, }, } - // check for first utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) - // check for second resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate2, indexes) // Additional checks - require.Equal(t, testRootCertificate.SubjectKeyId, resolvedCertificates.AllCertificatesBySubjectKeyID[0].SubjectKeyId) require.Equal(t, testRootCertificate.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[0].Subject) require.Equal(t, testRootCertificate2.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[1].Subject) } @@ -229,26 +228,28 @@ func TestHandler_AddDaRootCert_SameSkid_DifferentSubject(t *testing.T) { func TestHandler_AddDaRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) + // add root certificate1 rootCertificate1 := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) + // add root certificate2 rootCertificate2 := utils.RootDaCertificateWithSameSubjectAndSKID2(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) - // Check: + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix, Count: 1}, {Key: types.AllCertificatesKeyPrefix, Count: 2}, {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, {Key: types.ApprovedCertificatesKeyPrefix, Count: 2}, {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Count: 1}, }, Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, }, } @@ -262,16 +263,17 @@ func TestHandler_ApproveAddDaRootCert_PreviouslyRejectedByCurrentTrustee(t *test // Add one more Trustee setup.CreateTrusteeAccount(testconstants.Vid) - // propose add x509 root certificate + // propose add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, rootCertificate) - // reject x509 root certificate by account Trustee2 + // reject root certificate by account Trustee2 utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - // approve x509 root certificate by account Trustee2 + // approve root certificate by account Trustee2 utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + // check certificate state indexes - stay proposed indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, @@ -288,9 +290,9 @@ func TestHandler_ApproveAddDaRootCert_PreviouslyRejectedByCurrentTrustee(t *test {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - // check certificate state indexes resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + // additional checks - approvals and rejects require.Len(t, resolvedCertificates.ProposedCertificate.Approvals, 2) require.Len(t, resolvedCertificates.ProposedCertificate.Rejects, 0) require.Equal(t, setup.Trustee1.String(), resolvedCertificates.ProposedCertificate.Approvals[0].Address) @@ -299,12 +301,15 @@ func TestHandler_ApproveAddDaRootCert_PreviouslyRejectedByCurrentTrustee(t *test // Error cases -func TestHandler_ApproveAddDaRootCert_ForUnknownProposedCertificate(t *testing.T) { +func TestHandler_ApproveAddDaRootCert_UnknownProposedCertificate(t *testing.T) { setup := utils.Setup(t) // approve approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee1.String(), + testconstants.RootSubject, + testconstants.RootSubjectKeyID, + testconstants.Info) _, err := setup.Handler(setup.Ctx, approveAddX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrProposedCertificateDoesNotExist.Is(err)) @@ -313,10 +318,9 @@ func TestHandler_ApproveAddDaRootCert_ForUnknownProposedCertificate(t *testing.T func TestHandler_ApproveAddDaRootCert_ByNotTrustee(t *testing.T) { setup := utils.Setup(t) - // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + // propose add root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Vendor, @@ -328,8 +332,11 @@ func TestHandler_ApproveAddDaRootCert_ByNotTrustee(t *testing.T) { // approve approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - accAddress.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + accAddress.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, approveAddX509RootCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) } @@ -338,21 +345,23 @@ func TestHandler_ApproveAddDaRootCert_ByNotTrustee(t *testing.T) { func TestHandler_ApproveAddDaRootCert_Twice(t *testing.T) { setup := utils.Setup(t) - // store account without Trustee role - accAddress := setup.CreateTrusteeAccount(1) + // create one more trustee + trustee := setup.CreateTrusteeAccount(1) - // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(accAddress.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + // propose root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, rootCertificate) - // approve + // approve root certificate by Trustee2 approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + trustee.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyId, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - // approve second time + // approve root certificate second time by Trustee2 _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) diff --git a/x/pki/tests/handler_approve_revoke_paa_cert_test.go b/x/pki/tests/handler_approve_revoke_paa_cert_test.go index 971292336..0bd18bef3 100644 --- a/x/pki/tests/handler_approve_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_approve_revoke_paa_cert_test.go @@ -18,14 +18,11 @@ import ( func TestHandler_ApproveRevokeDaRootCert_NotEnoughApprovals(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // Add 1 more trustee (this will bring the total trustee's to 4) - setup.CreateTrusteeAccount(1) - - // propose revocation of x509 root certificate + // propose revocation of root certificate utils.ProposeRevokeDaRootCertificate( setup, setup.Trustee1, @@ -34,7 +31,10 @@ func TestHandler_ApproveRevokeDaRootCert_NotEnoughApprovals(t *testing.T) { rootCertificate.SerialNumber, false) - // approve + // Add 1 more trustee (this will bring the total trustee's to 4) + setup.CreateTrusteeAccount(1) + + // approve revocation utils.ApproveRevokeDaRootCertificate( setup, setup.Trustee2, @@ -42,8 +42,10 @@ func TestHandler_ApproveRevokeDaRootCert_NotEnoughApprovals(t *testing.T) { rootCertificate.SubjectKeyId, rootCertificate.SerialNumber) + // check state indexes - certificate is proposed for revocation (stays approved) indexes := utils.TestIndexes{ Present: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, @@ -52,10 +54,10 @@ func TestHandler_ApproveRevokeDaRootCert_NotEnoughApprovals(t *testing.T) { {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedRootCertificatesKeyPrefix}, - {Key: types.ProposedCertificateRevocationKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.RevokedRootCertificatesKeyPrefix}, }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -64,13 +66,14 @@ func TestHandler_ApproveRevokeDaRootCert_NotEnoughApprovals(t *testing.T) { func TestHandler_RevokeDaRootCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) + // add two root certificates rootCertificate1 := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) rootCertificate2 := utils.RootDaCertificateWithSameSubjectAndSKID2(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) - // revoke Certificate1 certificate + // revoke certificate1 utils.ProposeAndApproveCertificateRevocation( setup, rootCertificate1.Subject, @@ -78,7 +81,7 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSKID(t *testing.T) { "", ) - // Check: Certificate1 is revoked + // Check state indexes - certificates are revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, @@ -103,13 +106,14 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSKID(t *testing.T) { func TestHandler_RevokeDaRootCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) + // add two root certificates rootCertificate1 := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) rootCertificate2 := utils.RootDaCertificateWithSameSubjectAndSKID2(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) - // revoke Certificate1 certificate + // revoke certificate1 by serial number utils.ProposeAndApproveCertificateRevocation( setup, rootCertificate1.Subject, @@ -117,18 +121,19 @@ func TestHandler_RevokeDaRootCert_BySerialNumber(t *testing.T) { rootCertificate1.SerialNumber, ) - // Check: Certificate1 - RevokedCertificates - present + // Check state indexes: exists both revoked + approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix, Count: 1}, + {Key: types.RevokedRootCertificatesKeyPrefix, Count: 1}, + {Key: types.UniqueCertificateKeyPrefix, Count: 1}, {Key: types.AllCertificatesKeyPrefix, Count: 1}, {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, {Key: types.ApprovedCertificatesKeyPrefix, Count: 1}, {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Count: 1}, }, Missing: []utils.TestIndex{ {Key: types.ProposedCertificateRevocationKeyPrefix}, @@ -137,48 +142,20 @@ func TestHandler_RevokeDaRootCert_BySerialNumber(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) - - // revoke Certificate2 certificate - utils.ProposeAndApproveCertificateRevocation( - setup, - rootCertificate2.Subject, - rootCertificate2.SubjectKeyId, - rootCertificate2.SerialNumber, - ) - - // Check: Certificate1 is revoked - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, - {Key: types.UniqueCertificateKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } func TestHandler_RevokeDaRootCert_RevokeChild(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // add intermediate x509 certificate + // add intermediate certificate intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // propose revocation of x509 root certificate + // propose revocation of root certificate utils.ProposeRevokeDaRootCertificate( setup, setup.Trustee1, @@ -187,7 +164,7 @@ func TestHandler_RevokeDaRootCert_RevokeChild(t *testing.T) { rootCertificate.SerialNumber, true) - // approve + // approve revocation utils.ApproveRevokeDaRootCertificate( setup, setup.Trustee2, @@ -195,6 +172,7 @@ func TestHandler_RevokeDaRootCert_RevokeChild(t *testing.T) { rootCertificate.SubjectKeyId, rootCertificate.SerialNumber) + // check state indexes - both certificates are revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.RevokedCertificatesKeyPrefix}, @@ -220,15 +198,15 @@ func TestHandler_RevokeDaRootCert_RevokeChild(t *testing.T) { func TestHandler_RevokeDaRootCert_KeepChild(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // add intermediate x509 certificate + // add intermediate certificate intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // propose revocation of x509 root certificate + // propose revocation of root certificate utils.ProposeRevokeDaRootCertificate( setup, setup.Trustee1, @@ -237,7 +215,7 @@ func TestHandler_RevokeDaRootCert_KeepChild(t *testing.T) { rootCertificate.SerialNumber, false) - // approve + // approve revocation utils.ApproveRevokeDaRootCertificate( setup, setup.Trustee2, @@ -245,6 +223,7 @@ func TestHandler_RevokeDaRootCert_KeepChild(t *testing.T) { rootCertificate.SubjectKeyId, rootCertificate.SerialNumber) + // check state indexes - root is revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.RevokedCertificatesKeyPrefix}, @@ -265,6 +244,7 @@ func TestHandler_RevokeDaRootCert_KeepChild(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + // check state indexes - child stays approved indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -277,6 +257,7 @@ func TestHandler_RevokeDaRootCert_KeepChild(t *testing.T) { {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, {Key: types.ApprovedRootCertificatesKeyPrefix}, {Key: types.ProposedCertificateKeyPrefix}, {Key: types.RejectedCertificateKeyPrefix}, @@ -288,14 +269,14 @@ func TestHandler_RevokeDaRootCert_KeepChild(t *testing.T) { func TestHandler_RevokeDaRootCert_BySubjectAndSkid_TwoCertificatesWithSameSkid(t *testing.T) { setup := utils.Setup(t) - // add root certificates + // add two root certificates rootCertificate1 := utils.RootDaCertWithSameSubjectKeyID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) rootCertificate2 := utils.RootDaCertificateWithSameSubjectKeyID2(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate2) - // revoke Certificate1 certificate + // revoke certificate1 utils.ProposeAndApproveCertificateRevocation( setup, rootCertificate1.Subject, @@ -303,7 +284,7 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_TwoCertificatesWithSameSkid(t "", ) - // Check state indexes + // Check state indexes - certificate1 is revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.RevokedCertificatesKeyPrefix}, @@ -323,7 +304,7 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_TwoCertificatesWithSameSkid(t } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) - // second still exists + // Check state indexes - certificate2 stays approved indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -347,16 +328,10 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_TwoCertificatesWithSameSkid(t func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // Create an array of trustee account from 1 to 50 - trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() - - // We have 3 Trustees in test setup. - twoThirds := int(math.Ceil(types.RootCertificateApprovalsPercent * float64(3+totalAdditionalTrustees))) - // Trustee1 proposes to revoke the certificate utils.ProposeRevokeDaRootCertificate( setup, @@ -366,6 +341,12 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { rootCertificate.SerialNumber, false) + // Create an array of trustee account from 1 to 50 + trusteeAccounts, totalAdditionalTrustees := setup.CreateNTrusteeAccounts() + + // We have 3 Trustees in test setup. + twoThirds := int(math.Ceil(types.RootCertificateApprovalsPercent * float64(3+totalAdditionalTrustees))) + // Until we hit 2/3 of the total number of Trustees, we should not be able to revoke the certificate // We start the counter from 2 as the proposer is a trustee as well for i := 1; i < twoThirds-1; i++ { @@ -377,11 +358,11 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { rootCertificate.SubjectKeyId, rootCertificate.SerialNumber) - // check that the certificate is still not revoked + // check that the certificate is still not revoked (proposed to revoke) indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -407,6 +388,7 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { rootCertificate.SubjectKeyId, rootCertificate.SerialNumber) + // check state indexes - certificate is revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.RevokedCertificatesKeyPrefix}, diff --git a/x/pki/tests/handler_propose_paa_cert_test.go b/x/pki/tests/handler_propose_paa_cert_test.go index c840764de..92f578f75 100644 --- a/x/pki/tests/handler_propose_paa_cert_test.go +++ b/x/pki/tests/handler_propose_paa_cert_test.go @@ -17,7 +17,7 @@ import ( func TestHandler_ProposeAddDaRootCert(t *testing.T) { setup := utils.Setup(t) - // propose DA root certificate + // Propose DA root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, rootCertificate) @@ -47,19 +47,22 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { func TestHandler_ProposeAddDaRootCert_SameSkidButDifferentSubject(t *testing.T) { setup := utils.Setup(t) - // add Certificate1 + // Add root certificate1 testRootCertificate := utils.RootDaCertWithSameSubjectKeyID1(setup.Trustee1) utils.ProposeDaRootCertificate(setup, testRootCertificate) - // add Certificate2 + // Add root certificate2 testRootCertificate2 := utils.RootDaCertificateWithSameSubjectKeyID2(setup.Trustee1) utils.ProposeDaRootCertificate(setup, testRootCertificate2) - // Check indexes by subject + subject key id - allApprovedCertificates, _ := utils.QueryAllProposedCertificates(setup) - require.Equal(t, 2, len(allApprovedCertificates)) + // Check total count of proposed and active certificates + allProposedCertificates, _ := utils.QueryAllProposedCertificates(setup) + require.Equal(t, 2, len(allProposedCertificates)) - // Check state indexes + allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) + require.Equal(t, 0, len(allApprovedCertificates)) + + // Check state indexes for root certificates indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, @@ -76,7 +79,6 @@ func TestHandler_ProposeAddDaRootCert_SameSkidButDifferentSubject(t *testing.T) {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - // check for first utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) utils.CheckCertificateStateIndexes(t, setup, testRootCertificate2, indexes) } @@ -84,19 +86,26 @@ func TestHandler_ProposeAddDaRootCert_SameSkidButDifferentSubject(t *testing.T) func TestHandler_ProposeAddDaRootCert_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - // store root certificate with different serial number + // Store root certificate with different serial number rootCertificate := utils.RootDaCertificate(setup.Trustee1) rootCertificate.SerialNumber = utils.SerialNumber utils.AddMokedDaCertificate(setup, rootCertificate) - // propose second root certificate + // Propose second root certificate testRootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, testRootCertificate) + // Check total counts of proposed and approved certificates + allProposedCertificates, _ := utils.QueryAllProposedCertificates(setup) + require.Equal(t, 1, len(allProposedCertificates)) + + allApprovedCertificates, _ := utils.QueryAllApprovedCertificates(setup) + require.Equal(t, 1, len(allApprovedCertificates)) + // Check state indexes indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, // we have both: Proposed and Approved + {Key: types.ProposedCertificateKeyPrefix}, // have both - Proposed and Approved {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, @@ -112,22 +121,30 @@ func TestHandler_ProposeAddDaRootCert_DifferentSerialNumber(t *testing.T) { } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) - // additional check + // Additional check require.Equal(t, testRootCertificate.SerialNumber, resolvedCertificates.ProposedCertificate.SerialNumber) } func TestHandler_ProposeAddDaRootCert_PreviouslyRejected(t *testing.T) { setup := utils.Setup(t) - // propose x509 root certificate by account Trustee1 + // Propose root certificate by account Trustee1 testRootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, testRootCertificate) - // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert1 := utils.RejectDaRootCertificate(setup, setup.Trustee2, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) + // Reject root certificate by account Trustee2 + rejectAddX509RootCert1 := utils.RejectDaRootCertificate( + setup, + setup.Trustee2, + testRootCertificate.Subject, + testRootCertificate.SubjectKeyId) - // reject x509 root certificate by account Trustee3 - rejectAddX509RootCert2 := utils.RejectDaRootCertificate(setup, setup.Trustee3, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) + // Reject root certificate by account Trustee3 + rejectAddX509RootCert2 := utils.RejectDaRootCertificate( + setup, + setup.Trustee3, + testRootCertificate.Subject, + testRootCertificate.SubjectKeyId) // Check state indexes - rejected indexes := utils.TestIndexes{ @@ -148,7 +165,7 @@ func TestHandler_ProposeAddDaRootCert_PreviouslyRejected(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) - // propose again + // Propose certificate again proposeAddX509RootCert := utils.ProposeDaRootCertificate(setup, testRootCertificate) // Check state indexes - proposed @@ -170,6 +187,7 @@ func TestHandler_ProposeAddDaRootCert_PreviouslyRejected(t *testing.T) { } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) + // Additional checks require.Equal(t, proposeAddX509RootCert.Cert, resolvedCertificates.ProposedCertificate.PemCert) require.True(t, resolvedCertificates.ProposedCertificate.HasApprovalFrom(proposeAddX509RootCert.Signer)) require.False(t, resolvedCertificates.ProposedCertificate.HasRejectFrom(rejectAddX509RootCert1.Signer)) @@ -190,7 +208,12 @@ func TestHandler_ProposeAddDaRootCert_ByNotTrustee(t *testing.T) { setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(accAddress.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + accAddress.String(), + testconstants.RootCertPem, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) } @@ -200,7 +223,12 @@ func TestHandler_ProposeAddDaRootCert_ForInvalidCertificate(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.StubCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + testconstants.StubCertPem, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrInvalidCertificate.Is(err)) @@ -209,27 +237,38 @@ func TestHandler_ProposeAddDaRootCert_ForInvalidCertificate(t *testing.T) { func TestHandler_ProposeAddDaRootCert_ForNonRootCertificate(t *testing.T) { setup := utils.Setup(t) - // propose x509 leaf certificate as root - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.LeafCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + // propose leaf certificate as root + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + testconstants.LeafCertPem, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) } -func TestHandler_ProposeAddDaRootCert_ProposedCertificateAlreadyExists(t *testing.T) { +func TestHandler_ProposeAddDaRootCert_Duplicate(t *testing.T) { setup := utils.Setup(t) - // propose adding of x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + // propose adding of root certificate by Trustee1 + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + testconstants.RootCertPem, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) - // store another account - anotherAccount := utils.GenerateAccAddress() - setup.AddAccount(anotherAccount, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) - - // propose adding of the same x509 root certificate again - proposeAddX509RootCert = types.NewMsgProposeAddX509RootCert(anotherAccount.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + // propose adding of the same root certificate again by Trustee2 + proposeAddX509RootCert = types.NewMsgProposeAddX509RootCert( + setup.Trustee2.String(), + testconstants.RootCertPem, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, proposeAddX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrProposedCertificateAlreadyExists.Is(err)) @@ -238,62 +277,52 @@ func TestHandler_ProposeAddDaRootCert_ProposedCertificateAlreadyExists(t *testin func TestHandler_ProposeAddDaRootCert_CertificateAlreadyExists(t *testing.T) { setup := utils.Setup(t) - // store x509 root certificate - rootCertificate := utils.RootDaCertificate(testconstants.Address1) - setup.Keeper.SetUniqueCertificate( - setup.Ctx, - utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), - ) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) - - // propose adding of the same x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + // store root certificate + rootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) + + // propose adding of the same root certificate + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PemCert, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.Error(t, err) require.True(t, pkitypes.ErrCertificateAlreadyExists.Is(err)) } -func TestHandler_ProposeAddDaRootCert_ForNocCertificate(t *testing.T) { - setup := utils.Setup(t) - - // Store the NOC root certificate - nocRootCertificate := utils.RootDaCertificate(setup.Vendor1) - nocRootCertificate.SerialNumber = testconstants.TestSerialNumber - nocRootCertificate.CertificateType = types.CertificateType_OperationalPKI - nocRootCertificate.Approvals = nil - nocRootCertificate.Rejects = nil - - setup.Keeper.AddAllCertificate(setup.Ctx, nocRootCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, nocRootCertificate) - setup.Keeper.AddNocRootCertificate(setup.Ctx, nocRootCertificate) - uniqueCertificate := types.UniqueCertificate{ - Issuer: nocRootCertificate.Issuer, - SerialNumber: nocRootCertificate.SerialNumber, - Present: true, - } - setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) - - // propose a new root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) -} +//func TestHandler_ProposeAddDaRootCert_ForNocCertificate(t *testing.T) { +// setup := utils.Setup(t) +// +// // propose a new root certificate +// rootNocCertificate := utils.RootNocCertificate1(setup.Vendor1) +// proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( +// setup.Trustee1.String(), +// rootNocCertificate.PemCert, +// testconstants.Info, +// testconstants.Vid, +// testconstants.CertSchemaVersion) +// _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) +// require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) +//} func TestHandler_ProposeAddDaRootCert_ForDifferentSigner(t *testing.T) { setup := utils.Setup(t) // store root certificate with different serial number - rootCertificate := utils.RootDaCertificate(testconstants.Address1) + rootCertificate := utils.RootDaCertificate(setup.Trustee1) rootCertificate.SerialNumber = utils.SerialNumber - setup.Keeper.SetUniqueCertificate( - setup.Ctx, - utils.UniqueCertificate(rootCertificate.Subject, rootCertificate.SerialNumber), - ) - setup.Keeper.AddAllCertificate(setup.Ctx, rootCertificate) - setup.Keeper.AddApprovedCertificate(setup.Ctx, rootCertificate) + utils.AddMokedDaCertificate(setup, rootCertificate) // propose second root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.PemCert, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) diff --git a/x/pki/tests/handler_propose_revoke_paa_cert_test.go b/x/pki/tests/handler_propose_revoke_paa_cert_test.go index 9821d8d07..6ae5e0e9b 100644 --- a/x/pki/tests/handler_propose_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_propose_revoke_paa_cert_test.go @@ -17,11 +17,11 @@ import ( func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { setup := utils.Setup(t) - // propose x509 root certificate by `setup.Trustee` and approve by another trustee + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // propose revocation of x509 root certificate by `setup.Trustee` + // propose revocation of root certificate by the same trustee utils.ProposeRevokeDaRootCertificate( setup, setup.Trustee1, @@ -30,11 +30,11 @@ func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { rootCertificate.SerialNumber, false) - // Check: Certificate is proposed to revoke + // Check state indexes - certificate is proposed to revoke (but stays approved) indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -47,17 +47,19 @@ func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { {Key: types.ChildCertificatesKeyPrefix}, {Key: types.ProposedCertificateKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.RevokedRootCertificatesKeyPrefix}, }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // additional check + // additional check - revocation approval exists require.True(t, resolvedCertificates.ProposedRevocation.HasRevocationFrom(setup.Trustee1.String())) } func TestHandler_ProposeRevokeDaRootCert_TwoCertificates(t *testing.T) { setup := utils.Setup(t) + // add two root certificates rootCertificate1 := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate1) @@ -73,38 +75,39 @@ func TestHandler_ProposeRevokeDaRootCert_TwoCertificates(t *testing.T) { rootCertificate1.SerialNumber, false) - // Check: Certificate1 is proposed to revoke + // Check state indexes - certificate1 is proposed to revoke (but stays approved) indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.ProposedCertificateRevocationKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix, Count: 1}, + {Key: types.UniqueCertificateKeyPrefix, Count: 1}, {Key: types.AllCertificatesKeyPrefix, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, {Key: types.ApprovedCertificatesKeyPrefix, Count: 2}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Count: 1}, }, Missing: []utils.TestIndex{ {Key: types.ChildCertificatesKeyPrefix}, {Key: types.ProposedCertificateKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.RevokedRootCertificatesKeyPrefix}, }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) - // Check: Certificate2 is not proposed to revoke + // Check state indexes - certificate2 is not proposed to revoke indexes = utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix, Count: 1}, {Key: types.AllCertificatesKeyPrefix, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, {Key: types.ApprovedCertificatesKeyPrefix, Count: 2}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 1}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, - {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix, Count: 1}, }, Missing: []utils.TestIndex{ {Key: types.ProposedCertificateRevocationKeyPrefix}, @@ -119,15 +122,15 @@ func TestHandler_ProposeRevokeDaRootCert_TwoCertificates(t *testing.T) { func TestHandler_ProposeRevokeDaRootCert_KeepChild(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // add intermediate x509 certificate + // add intermediate certificate intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // propose revocation of x509 root certificate by new trustee + // propose revocation of root certificate utils.ProposeRevokeDaRootCertificate( setup, setup.Trustee1, @@ -136,7 +139,7 @@ func TestHandler_ProposeRevokeDaRootCert_KeepChild(t *testing.T) { rootCertificate.SerialNumber, false) - // Check: Intermediate is approved state + // Check state indexes - intermediate certificates stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -160,15 +163,15 @@ func TestHandler_ProposeRevokeDaRootCert_KeepChild(t *testing.T) { func TestHandler_ProposeRevokeDaRootCert_RevokeChild(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // add intermediate x509 certificate + // add intermediate certificate intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // propose revocation of x509 root certificate by new trustee + // propose revocation of root certificate utils.ProposeRevokeDaRootCertificate( setup, setup.Trustee1, @@ -177,7 +180,7 @@ func TestHandler_ProposeRevokeDaRootCert_RevokeChild(t *testing.T) { rootCertificate.SerialNumber, true) - // Check: Intermediate is approved state - not affected at propose step + // Check state indexes - intermediate stays approved - not affected at propose step indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -201,27 +204,24 @@ func TestHandler_ProposeRevokeDaRootCert_RevokeChild(t *testing.T) { func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { setup := utils.Setup(t) - // propose x509 root certificate by `setup.Trustee` and approve by another trustee + // propose root certificate by `setup.Trustee` rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // add another trustee - anotherTrustee := setup.CreateTrusteeAccount(1) - // propose revocation of x509 root certificate by new trustee utils.ProposeRevokeDaRootCertificate( setup, - anotherTrustee, + setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyId, rootCertificate.SerialNumber, false) - // Check: Certificate is proposed to revoke + // Check state indexes - certificate is proposed to revoke indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -239,7 +239,7 @@ func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // additional check - require.True(t, resolvedCertificates.ProposedRevocation.HasRevocationFrom(anotherTrustee.String())) + require.True(t, resolvedCertificates.ProposedRevocation.HasRevocationFrom(setup.Trustee3.String())) } // Error cases diff --git a/x/pki/tests/handler_reject_add_paa_cert_test.go b/x/pki/tests/handler_reject_add_paa_cert_test.go index 9654e54cc..87a4925de 100644 --- a/x/pki/tests/handler_reject_add_paa_cert_test.go +++ b/x/pki/tests/handler_reject_add_paa_cert_test.go @@ -17,14 +17,14 @@ import ( func TestHandler_RejectAddDaRootCert(t *testing.T) { setup := utils.Setup(t) - // propose x509 root certificate by account Trustee1 + // propose root certificate by account Trustee1 testRootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, testRootCertificate) - // reject x509 root certificate by account Trustee2 + // reject root certificate by account Trustee2 utils.RejectDaRootCertificate(setup, setup.Trustee2, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) - // certificate should be in the entity , because we haven't enough reject approvals + // check state indexes - certificate is proposed indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, @@ -41,10 +41,9 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - // check certificate state indexes resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) - // additional checks + // additional checks - approvals and rejects require.Equal(t, setup.Trustee1.String(), resolvedCertificates.ProposedCertificate.Approvals[0].Address) require.Equal(t, testconstants.Info, resolvedCertificates.ProposedCertificate.Approvals[0].Info) require.Equal(t, setup.Trustee2.String(), resolvedCertificates.ProposedCertificate.Rejects[0].Address) @@ -53,7 +52,7 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { // reject x509 root certificate by account Trustee3 utils.RejectDaRootCertificate(setup, setup.Trustee3, testRootCertificate.Subject, testRootCertificate.SubjectKeyId) - // certificate should not be in the entity , because we have enough reject approvals + // check state indexes - certificate is rejected indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.RejectedCertificateKeyPrefix}, @@ -70,10 +69,9 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - // check certificate state indexes resolvedCertificates = utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) - // additional checks + // additional checks - approvals and rejects require.Equal(t, setup.Trustee1.String(), resolvedCertificates.RejectedCertificate.Certs[0].Approvals[0].Address) require.Equal(t, testconstants.Info, resolvedCertificates.RejectedCertificate.Certs[0].Approvals[0].Info) require.Equal(t, setup.Trustee2.String(), resolvedCertificates.RejectedCertificate.Certs[0].Rejects[0].Address) @@ -93,21 +91,21 @@ func TestHandler_RejectAddDaRootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t // store 5th trustee setup.CreateTrusteeAccount(testconstants.Vid) - // propose x509 root certificate by account Trustee1 + // propose root certificate by account Trustee1 rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, rootCertificate) - // reject x509 root certificate by account Trustee2 + // reject root certificate by account Trustee2 utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - // Check state indexes + // Check state indexes - certificate is proposed indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, {Key: types.UniqueCertificateKeyPrefix}, }, Missing: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, // not rejected yet + {Key: types.RejectedCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -119,13 +117,13 @@ func TestHandler_RejectAddDaRootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // reject x509 root certificate by account Trustee3 + // reject root certificate by account Trustee3 utils.RejectDaRootCertificate(setup, setup.Trustee3, rootCertificate.Subject, rootCertificate.SubjectKeyId) - // Check state indexes + // Check state indexes - certificate is rejected indexes = utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix}, // certificate is rejected now + {Key: types.RejectedCertificateKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -142,22 +140,23 @@ func TestHandler_RejectAddDaRootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } -func TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateHasOtherApproval(t *testing.T) { +func TestHandler_RejectAddDaRootCert_CertificateHasOtherApproval(t *testing.T) { setup := utils.Setup(t) - // Add one more Trustee + // add one more Trustee setup.CreateTrusteeAccount(testconstants.Vid) - // propose add x509 root certificate + // propose add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, rootCertificate) - // approve x509 root certificate by account Trustee2 + // approve root certificate by account Trustee2 utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - // reject x509 root certificate by account Trustee2 + // reject root certificate by account Trustee2 utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + // check state indexes - certificate is proposed indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, @@ -174,36 +173,37 @@ func TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_Certific {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - // check certificate state indexes resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + // additional check - approvals and rejects require.Len(t, resolvedCertificates.ProposedCertificate.Approvals, 1) require.Len(t, resolvedCertificates.ProposedCertificate.Rejects, 1) require.Equal(t, setup.Trustee1.String(), resolvedCertificates.ProposedCertificate.Approvals[0].Address) require.Equal(t, setup.Trustee2.String(), resolvedCertificates.ProposedCertificate.Rejects[0].Address) } -func TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateHasOtherReject(t *testing.T) { +func TestHandler_RejectAddDaRootCert_CertificateHasOtherReject(t *testing.T) { setup := utils.Setup(t) - // Add two more Trustee + // Add more Trustees setup.CreateTrusteeAccount(testconstants.Vid) setup.CreateTrusteeAccount(testconstants.Vid) setup.CreateTrusteeAccount(testconstants.Vid) - // propose add x509 root certificate + // propose add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, rootCertificate) - // approve x509 root certificate by account Trustee2 + // approve root certificate by account Trustee2 utils.ApproveDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) - // reject x509 root certificate by account Trustee1 + // reject root certificate by account Trustee1 utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyId) - // reject x509 root certificate by account Trustee2 + // reject root certificate by account Trustee2 utils.RejectDaRootCertificate(setup, setup.Trustee2, rootCertificate.Subject, rootCertificate.SubjectKeyId) + // check state indexes - certificate is proposed indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, @@ -220,23 +220,23 @@ func TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_Certific {Key: types.ApprovedRootCertificatesKeyPrefix}, }, } - // check certificate state indexes resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) + // additional check - approvals and rejects require.Len(t, resolvedCertificates.ProposedCertificate.Approvals, 0) require.Len(t, resolvedCertificates.ProposedCertificate.Rejects, 2) require.Equal(t, setup.Trustee1.String(), resolvedCertificates.ProposedCertificate.Rejects[0].Address) require.Equal(t, setup.Trustee2.String(), resolvedCertificates.ProposedCertificate.Rejects[1].Address) } -func TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateNotHasOtherApproval(t *testing.T) { +func TestHandler_RejectAddDaRootCert_CertificateNotHasOtherApprovalAndRejects(t *testing.T) { setup := utils.Setup(t) - // propose add x509 root certificate + // propose add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeDaRootCertificate(setup, rootCertificate) - // reject x509 root certificate by account Trustee1 (who proposed) + // reject root certificate by account Trustee1 (who proposed) utils.RejectDaRootCertificate(setup, setup.Trustee1, rootCertificate.Subject, rootCertificate.SubjectKeyId) // check certificate state indexes - certificate removed @@ -260,7 +260,7 @@ func TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_Certific // Error cases -func TestHandler_RejectAddDaRootCert_ForUnknownProposedCertificate(t *testing.T) { +func TestHandler_RejectAddDaRootCert_UnknownProposedCertificate(t *testing.T) { setup := utils.Setup(t) // approve @@ -278,9 +278,8 @@ func TestHandler_RejectAddDaRootCert_ByNotTrustee(t *testing.T) { setup := utils.Setup(t) // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + testRootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, testRootCertificate) for _, role := range []dclauthtypes.AccountRole{ dclauthtypes.Vendor, @@ -293,31 +292,33 @@ func TestHandler_RejectAddDaRootCert_ByNotTrustee(t *testing.T) { // reject x509 root certificate approveAddX509RootCert := types.NewMsgRejectAddX509RootCert( accAddress.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + testRootCertificate.Subject, + testRootCertificate.SubjectKeyId, testconstants.Info, ) - _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) + _, err := setup.Handler(setup.Ctx, approveAddX509RootCert) require.Error(t, err) require.True(t, sdkerrors.ErrUnauthorized.Is(err)) } } -func TestHandler_RejectX509RootCert_TwiceFromTheSameTrustee(t *testing.T) { +func TestHandler_RejectAddDaRootCert_Twice(t *testing.T) { setup := utils.Setup(t) - // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) - _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) - require.NoError(t, err) + // propose add root certificate + testRootCertificate := utils.RootDaCertificate(setup.Trustee1) + utils.ProposeDaRootCertificate(setup, testRootCertificate) - // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) - _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) + // reject root certificate by account Trustee2 + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee2.String(), + testRootCertificate.Subject, + testRootCertificate.SubjectKeyId, + testconstants.Info) + _, err := setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) - // second time reject x509 root certificate by account Trustee2 - rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + // second time reject root certificate by account Trustee2 _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) } diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index 44e5cc2c5..7e48c618e 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -41,7 +41,7 @@ func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID(t *testing.T) { "", ) - // Check indexes for intermediate certificates + // Check indexes for intermediate certificates - removed indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits @@ -93,7 +93,7 @@ func TestHandler_RemoveNocIntermediateCert_BySerialNumber(t *testing.T) { icaCertificate1.SubjectKeyId, icaCertificate1.SerialNumber) - // Check indexes for first certificate (second ica exist) + // Check indexes for first certificate - removed (no exist in unique index, but second approved ica exist) indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix, Count: 1}, @@ -171,7 +171,7 @@ func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_ParentExist(t *testi "", ) - // Check indexes for root certificate + // Check indexes for root certificate - approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -227,7 +227,7 @@ func TestHandler_RemoveNocIntermediateCert_BySerialNumber_ParentExist(t *testing icaCertificate1.SubjectKeyId, icaCertificate1.SerialNumber) - // Check indexes for leaf certificate (all same as for ica1 but also UniqueCertificate exists) + // Check indexes for root certificate - approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix, Count: 1}, @@ -281,7 +281,7 @@ func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_ApprovedChildExist(t "", ) - // Check indexes for leaf certificate + // Check indexes for leaf certificate - approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -338,7 +338,7 @@ func TestHandler_RemoveNocIntermediateCert_BySerialNumber_ApprovedChildExist(t * icaCertificate1.SubjectKeyId, icaCertificate1.SerialNumber) - // Check indexes for leaf certificate (all same as for ica1 but also UniqueCertificate exists) + // Check indexes for leaf certificate - approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix, Count: 1}, @@ -350,7 +350,7 @@ func TestHandler_RemoveNocIntermediateCert_BySerialNumber_ApprovedChildExist(t * {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 1}, {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // ica and leaf cert with same vid exist - {Key: types.UniqueCertificateKeyPrefix}, // all same as for ica1 but also UniqueCertificate exists + {Key: types.UniqueCertificateKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ @@ -403,7 +403,7 @@ func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_RevokedChildExist(t "", ) - // Check indexes for leaf certificate + // Check indexes for leaf certificate - revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -462,7 +462,7 @@ func TestHandler_RemoveNocIntermediateCert_BySerialNumber_RevokedChildExist(t *t icaCertificate1.SubjectKeyId, icaCertificate1.SerialNumber) - // Check indexes for leaf certificate + // Check indexes for leaf certificate- revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -509,13 +509,20 @@ func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_RevokedCertificate(t false, ) - // Check indexes after revocation + // remove ICA certificate by serial number + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + "") + + // Check indexes after revocation - removed indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 2}, - }, + Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -558,11 +565,40 @@ func TestHandler_RemoveNocIntermediateCert_BySerialNumber_RevokedCertificate(t * false, ) - // Check indexes after revocation + // remove ICA certificate by serial number + utils.RemoveNocIntermediateCertificate( + setup, + setup.Vendor1, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyId, + icaCertificate1.SerialNumber) + + // Check indexes for certificate 1 - removed (unique does not exist but another approved exists) indexes := utils.TestIndexes{ Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) + + // Check indexes for certificate 1 - approved + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -578,7 +614,6 @@ func TestHandler_RemoveNocIntermediateCert_BySerialNumber_RevokedCertificate(t * {Key: types.RevokedCertificatesKeyPrefix}, }, } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) } @@ -603,52 +638,10 @@ func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_RevokedAndActiveCert false, ) - // Check indexes after revocation - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.RevokedNocRootCertificatesKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) - // Add an intermediate certificate with new serial number icaCertificate2 := utils.IntermediateNocCertificate1Copy(setup.Vendor1) utils.AddNocIntermediateCertificate(setup, icaCertificate2) - // Check indexes - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyPrefix}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not get there - {Key: types.NocIcaCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix}, // we have evoked cert with same id - }, - Missing: []utils.TestIndex{}, - } - utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) - // remove an intermediate certificate utils.RemoveNocIntermediateCertificate( setup, @@ -663,7 +656,7 @@ func TestHandler_RemoveNocIntermediateCert_BySubjectAndSKID_RevokedAndActiveCert require.Equal(t, 1, len(allCerts)) // check state indexes for intermediate certificates - indexes = utils.TestIndexes{ + indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -700,7 +693,7 @@ func TestHandler_RemoveNocIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) vendorAccAddress2 := utils.GenerateAccAddress() setup.AddAccount(vendorAccAddress2, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) - // remove x509 certificate by second vendor account + // remove certificate by second vendor account utils.RemoveNocIntermediateCertificate( setup, vendorAccAddress2, @@ -709,7 +702,7 @@ func TestHandler_RemoveNocIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) icaCertificate.SerialNumber, ) - // check state indexes for intermediate certificates + // check state indexes for intermediate certificates - removed indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index c45ddef7a..bdc99a6df 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -42,7 +42,7 @@ func TestHandler_RemoveNocRootCert_BySubjectAndSKID(t *testing.T) { nocCerts, _ = utils.QueryAllNocCertificates(setup) require.Equal(t, 0, len(nocCerts)) - // Check indexes for root certificates + // Check indexes for root certificates - all removed indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ @@ -87,7 +87,7 @@ func TestHandler_RemoveNocRootCert_BySerialNumber(t *testing.T) { rootCertificate1.SubjectKeyId, rootCertificate1.SerialNumber) - // Check indexes for root certificates + // Check indexes for root certificate1 - unique does not exist (another approved exists) indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -106,9 +106,10 @@ func TestHandler_RemoveNocRootCert_BySerialNumber(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) - // same but unique does not exist + // Check indexes for root certificate2 - approved indexes = utils.TestIndexes{ Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -116,7 +117,6 @@ func TestHandler_RemoveNocRootCert_BySerialNumber(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.RevokedNocRootCertificatesKeyPrefix}, @@ -125,7 +125,7 @@ func TestHandler_RemoveNocRootCert_BySerialNumber(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) - // remove NOC root certificate by serial number and check that IAC cert is not removed + // remove second NOC root certificate by serial number and check that IAC cert is not removed utils.RemoveNocRootCertificate( setup, setup.Vendor1, @@ -187,7 +187,7 @@ func TestHandler_RemoveNocRootCert_BySubjectAndSKID_ChildExist(t *testing.T) { require.Equal(t, 1, len(nocCerts)) require.Equal(t, 1, len(nocCerts[0].Certs)) - // Check indexes for intermediate certificates + // Check state indexes for intermediate certificates - approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -232,7 +232,7 @@ func TestHandler_RemoveNocRootCert_BySerialNumber_ChildExist(t *testing.T) { nocCerts, _ := utils.QueryAllNocCertificates(setup) require.Equal(t, 2, len(nocCerts)) - // Check indexes for intermediate certificates + // Check indexes for intermediate certificates - approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -263,7 +263,7 @@ func TestHandler_RemoveNocRootCert_BySerialNumber_ChildExist(t *testing.T) { require.Equal(t, 1, len(nocCerts)) require.Equal(t, 1, len(nocCerts[0].Certs)) - // Check indexes for intermediate certificates + // Check indexes for intermediate certificates - approved indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -311,7 +311,7 @@ func TestHandler_RemoveNocRootCert_BySubjectAndSKID_RevokedCertificate(t *testin "", ) - // Check indexes for root certificates + // Check indexes for root certificates - removed indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ @@ -359,7 +359,7 @@ func TestHandler_RemoveNocRootCert_BySerialNumber_RevokedCertificate(t *testing. rootCertificate2.SerialNumber, ) - // Check indexes for root certificates + // Check indexes for root certificate1 - revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -377,6 +377,7 @@ func TestHandler_RemoveNocRootCert_BySerialNumber_RevokedCertificate(t *testing. } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + // Check indexes for root certificate2 - removed indexes = utils.TestIndexes{ Present: []utils.TestIndex{ // another root with same vid exists @@ -426,7 +427,7 @@ func TestHandler_RemoveNocRootCert_BySubjectAndSKID_RevokedAndActiveCertificate( "", ) - // Check indexes for root certificates (after deletion re-activated) + // Check indexes for root certificates - removed indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ @@ -464,7 +465,7 @@ func TestHandler_RemoveNocRootCert_ByNotOwnerButSameVendor(t *testing.T) { rootCertificate.SerialNumber, ) - // Check indexes for root certificates + // Check indexes for root certificates - removed indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index 5df99173c..059822f46 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -19,7 +19,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -30,7 +30,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) - // remove all intermediate certificates but leave leaf certificate + // remove all intermediate certificates utils.RemoveDaIntermediateCertificate( setup, vendorAccAddress, @@ -38,7 +38,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { testIntermediateCertificate1.SubjectKeyId, "") - // Check indexes for intermediate certificate + // Check state indexes - intermediate certificate are removed indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ @@ -64,7 +64,7 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber(t *testing.T) { // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -75,7 +75,7 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber(t *testing.T) { testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) - // remove intermediate certificate by serial number + // remove intermediate certificate by serial number utils.RemoveDaIntermediateCertificate( setup, vendorAccAddress, @@ -83,7 +83,7 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber(t *testing.T) { testIntermediateCertificate1.SubjectKeyId, testIntermediateCertificate1.SerialNumber) - // Check indexes for intermediate certificate 1 + // Check state indexes - intermediate certificate1 removed but there is another approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -100,7 +100,7 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber(t *testing.T) { } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) - // Check indexes for intermediate certificate 2 (all the same but also UniqueCertificate exists) + // Check state indexes - intermediate certificate2 approved (all the same but also UniqueCertificate exists) indexes = utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -123,7 +123,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_ParentExist(t *testin // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -134,7 +134,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_ParentExist(t *testin testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) - // remove all intermediate certificates but leave leaf certificate + // remove all intermediate certificates utils.RemoveDaIntermediateCertificate( setup, vendorAccAddress, @@ -142,7 +142,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_ParentExist(t *testin testIntermediateCertificate1.SubjectKeyId, "") - // Check state indexes for parent + // Check state indexes - parent stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -168,7 +168,7 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_ParentExist(t *testing. // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -179,7 +179,7 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_ParentExist(t *testing. testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) - // remove intermediate certificate by serial number + // remove intermediate certificate by serial number utils.RemoveDaIntermediateCertificate( setup, vendorAccAddress, @@ -187,7 +187,7 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_ParentExist(t *testing. testIntermediateCertificate1.SubjectKeyId, testIntermediateCertificate1.SerialNumber) - // Check state indexes for parent + // Check state indexes - parent stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -210,15 +210,15 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_ParentExist(t *testing. func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Add two intermediate certificates again + // Add intermediate certificates testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) - // revoke intermediate certificate by serial number + // Revoke intermediate certificate utils.RevokeDaIntermediateCertificate( setup, setup.Vendor1, @@ -227,7 +227,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedCertificate(t "", false) - // remove intermediate certificate by serial number + // Remove intermediate certificate utils.RemoveDaIntermediateCertificate( setup, setup.Vendor1, @@ -235,6 +235,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedCertificate(t testIntermediateCertificate.SubjectKeyId, testIntermediateCertificate.SerialNumber) + // Check state indexes - certificate is removed indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ @@ -256,11 +257,11 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedCertificate(t func TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Add two intermediate certificates again + // Add intermediate certificates again testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) @@ -273,24 +274,6 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedCertificate(t *t testIntermediateCertificate.SerialNumber, false) - indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - {Key: types.ProposedCertificateKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) - // remove intermediate certificate by serial number utils.RemoveDaIntermediateCertificate( setup, @@ -299,7 +282,8 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedCertificate(t *t testIntermediateCertificate.SubjectKeyId, testIntermediateCertificate.SerialNumber) - indexes = utils.TestIndexes{ + // Check state indexes - certificate is removed + indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -320,19 +304,19 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedCertificate(t *t func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_ApprovedChildExist(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // add intermediate x509 certificate + // add intermediate certificate intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // add leaf x509 certificate + // add leaf certificate leafCertificate := utils.LeafCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, leafCertificate) - // revoke x509 certificate + // revoke intermediate certificate utils.RemoveDaIntermediateCertificate( setup, setup.Vendor1, @@ -340,7 +324,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_ApprovedChildExist(t intermediateCertificate.SubjectKeyId, "") - // check that leaf certificate exists + // check state indexes - leaf stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -363,19 +347,19 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_ApprovedChildExist(t func TestHandler_RemoveDaIntermediateCert_BySerialNumber_ApprovedChildExist(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // add intermediate x509 certificate + // add intermediate certificate intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // add leaf x509 certificate + // add leaf certificate leafCertificate := utils.LeafCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, leafCertificate) - // revoke x509 certificate + // revoke intermediate certificate utils.RemoveDaIntermediateCertificate( setup, setup.Vendor1, @@ -383,7 +367,7 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_ApprovedChildExist(t *t intermediateCertificate.SubjectKeyId, intermediateCertificate.SerialNumber) - // check that leaf certificate exists + // check state indexes - leaf stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -406,15 +390,15 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_ApprovedChildExist(t *t func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedChildExist(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // add intermediate x509 certificate + // add intermediate certificate intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // add leaf x509 certificate + // add leaf certificate leafCertificate := utils.LeafCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, leafCertificate) @@ -435,7 +419,7 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedChildExist(t * intermediateCertificate.SubjectKeyId, "") - // check that leaf certificate exists + // check state indexes - leaf certificate stays revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -458,19 +442,19 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedChildExist(t * func TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedChildExist(t *testing.T) { setup := utils.Setup(t) - // add root x509 certificate + // add root certificate rootCertificate := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertificate) - // add intermediate x509 certificate + // add intermediate certificate intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // add leaf x509 certificate + // add leaf certificate leafCertificate := utils.LeafCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, leafCertificate) - // revoke x509 certificate + // revoke certificate utils.RevokeDaIntermediateCertificate( setup, setup.Vendor1, @@ -479,7 +463,7 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedChildExist(t *te "", true) - // revoke x509 certificate + // revoke certificate utils.RemoveDaIntermediateCertificate( setup, setup.Vendor1, @@ -487,7 +471,7 @@ func TestHandler_RemoveDaIntermediateCert_BySerialNumber_RevokedChildExist(t *te intermediateCertificate.SubjectKeyId, intermediateCertificate.SerialNumber) - // check that leaf certificate exists + // check state indexes - leaf certificate stays revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -513,15 +497,14 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedAndActiveCerti // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Add an intermediate certificate + // Add two intermediate certificate testIntermediateCertificate := utils.IntermediateDaCertificateWithSameSubjectAndSKID1(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) - // Add an intermediate certificate with new serial number testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) @@ -534,28 +517,18 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedAndActiveCerti testIntermediateCertificate.SerialNumber, false) - // check that intermediate certificate 1 exists but revoked + // revoke certificate + utils.RemoveDaIntermediateCertificate( + setup, + vendorAccAddress, + testIntermediateCertificate.Subject, + testIntermediateCertificate.SubjectKeyId, + "") + + // check state indexes - both certificates removed indexes := utils.TestIndexes{ - Present: []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.AllCertificatesKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyPrefix}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ApprovedCertificatesKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, - {Key: types.ChildCertificatesKeyPrefix}, - }, + Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix}, - }, - } - utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) - - // check that intermediate certificate 2 exists - indexes = utils.TestIndexes{ - Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, @@ -564,11 +537,10 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID_RevokedAndActiveCerti {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, - }, - Missing: []utils.TestIndex{ {Key: types.ProposedCertificateKeyPrefix}, }, } + utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) } @@ -579,14 +551,14 @@ func TestHandler_RemoveDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // add x509 certificate by fist vendor account + // add certificate by fist vendor account testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) // add second vendor account with VID = 1 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) - // remove x509 certificate by second vendor account + // remove certificate by second vendor account utils.RemoveDaIntermediateCertificate( setup, vendorAccAddress2, @@ -594,7 +566,7 @@ func TestHandler_RemoveDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) testIntermediateCertificate.SubjectKeyId, testIntermediateCertificate.SerialNumber) - // check state indexes + // check state indexes - certificate is removed indexes := utils.TestIndexes{ Present: []utils.TestIndex{}, Missing: []utils.TestIndex{ @@ -653,11 +625,11 @@ func TestHandler_RemoveDaIntermediateCert_InvalidSerialNumber(t *testing.T) { func TestHandler_RemoveDaIntermediateCert_ByOtherVendor(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate + // add root certificate rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Add intermediate certificates + // add intermediate certificates testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) @@ -679,11 +651,11 @@ func TestHandler_RemoveDaIntermediateCert_ByOtherVendor(t *testing.T) { func TestHandler_RemoveDaIntermediateCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate + // add root certificate rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // Add intermediate certificates + // add intermediate certificates testIntermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate) @@ -700,6 +672,7 @@ func TestHandler_RemoveDaIntermediateCert_SenderNotVendor(t *testing.T) { func TestHandler_RemoveDaIntermediateCert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) + // add intermediate certificates rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index c8cb3ecb8..ad86c2d42 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -38,7 +38,7 @@ func TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID(t *testing.T) { "", false) - // Check indexes + // Check indexes - both intermediate are revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -87,7 +87,7 @@ func TestHandler_RevokeNocIntermediateCert_BySerialNumber(t *testing.T) { icaCertificate1.SerialNumber, false) - // Check indexes for intermediate after revocation + // Check state indexes for intermediate - revoked and approved exist indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -99,7 +99,7 @@ func TestHandler_RevokeNocIntermediateCert_BySerialNumber(t *testing.T) { {Key: types.NocCertificatesBySubjectKeyPrefix}, {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, - {Key: types.NocIcaCertificatesKeyPrefix}, // other intermediate exist + {Key: types.NocIcaCertificatesKeyPrefix}, {Key: types.ChildCertificatesKeyPrefix}, }, Missing: []utils.TestIndex{ @@ -131,7 +131,7 @@ func TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID_ParentExist(t *testi "", false) - // Check state indexes for root + // Check state indexes for root - approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -176,7 +176,7 @@ func TestHandler_RevokeNocIntermediateCert_BySerialNumber_ParentExist(t *testing icaCertificate.SerialNumber, false) - // Check state indexes for root + // Check state indexes for root - approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -229,7 +229,7 @@ func TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID_KeepChild(t *testing "", false) - // Check state indexes for leaf + // Check state indexes for leaf - approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -283,7 +283,7 @@ func TestHandler_RevokeNocIntermediateCert_BySerialNumber_KeepChild(t *testing.T icaCertificate1.SerialNumber, false) - // Check state indexes for leaf + // Check state indexes for leaf - approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -337,7 +337,7 @@ func TestHandler_RevokeNocIntermediateCert_BySubjectAndSKID_RevokeChild(t *testi "", true) - // Check indexes for child + // Check indexes for child - revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -392,7 +392,7 @@ func TestHandler_RevokeNocIntermediateCert_BySerialNumber_RevokeChild(t *testing allRevokedCerts, _ := utils.QueryAllNocRevokedIcaCertificates(setup) require.Equal(t, 2, len(allRevokedCerts)) - // Check indexes for child + // Check indexes for child - revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -439,7 +439,7 @@ func TestHandler_RevokeNocIntermediateCert_ByOtherVendor(t *testing.T) { "", false) - // Check indexes for intermediate + // Check indexes for intermediate - revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index 79103dcb2..420ec77d0 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -34,7 +34,7 @@ func TestHandler_RevokeNocRootCert_BySubjectAndSKID(t *testing.T) { false, ) - // Check indexes + // Check indexes - both revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -78,7 +78,7 @@ func TestHandler_RevokeNocRootCert_BySerialNumber(t *testing.T) { false, ) - // Check indexes + // Check indexes - both approved and revoked exist indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -126,7 +126,7 @@ func TestHandler_RevokeNocRootCert_BySubjectAndSKID_KeepChild(t *testing.T) { "", false) - // Check state indexes for intermediate certificate + // Check state indexes for intermediate certificate - stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -176,7 +176,7 @@ func TestHandler_RevokeNocRootCert_BySerialNumber_KeepChild(t *testing.T) { rootCertificate1.SerialNumber, false) - // Check state indexes for intermediate certificate + // Check state indexes for intermediate certificate - stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -226,7 +226,7 @@ func TestHandler_RevokeNocRootCert_BySubjectAndSKID_RevokeChild(t *testing.T) { "", true) - // Check indexes for ica + // Check indexes for intermediate certificate - revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -244,7 +244,7 @@ func TestHandler_RevokeNocRootCert_BySubjectAndSKID_RevokeChild(t *testing.T) { {Key: types.ChildCertificatesKeyPrefix}, {Key: types.RevokedNocRootCertificatesKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocRootCertificatesKeyPrefix}, // root also revoked }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) @@ -274,12 +274,12 @@ func TestHandler_RevokeNocRootCert_BySerialNumber_RevokeChild(t *testing.T) { rootCertificate1.SerialNumber, true) - // Check indexes for ica + // Check indexes for intermediate certificates - revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 1}, - {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root with same vid still exits }, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -317,7 +317,7 @@ func TestHandler_RevokeNocRootCert_OtherVendor(t *testing.T) { false, ) - // Check indexes + // Check state indexes - intermediate certificate revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index 21887b45a..1a111e017 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -19,7 +19,7 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID(t *testing.T) { // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -39,10 +39,10 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID(t *testing.T) { "", false) - // intermediate and leaf are revoked + // Check state indexes - both certificates are revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix, Count: 1}, {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, }, Missing: []utils.TestIndex{ @@ -64,7 +64,7 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber(t *testing.T) { // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -75,7 +75,7 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber(t *testing.T) { testIntermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, testIntermediateCertificate2) - // revoke only an intermediate certificate + // revoke only first intermediate certificate utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress, @@ -84,11 +84,11 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber(t *testing.T) { testIntermediateCertificate1.SerialNumber, false) - // check indexes for intermediate certificates + // Check state indexes - both revoked and active exist indexes := utils.TestIndexes{ Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Count: 1}, {Key: types.UniqueCertificateKeyPrefix}, - {Key: types.RevokedCertificatesKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyPrefix}, {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, @@ -101,7 +101,7 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber(t *testing.T) { utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) - // revoke intermediate and leaf certificates + // revoke intermediate certificates2 utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress, @@ -110,11 +110,11 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber(t *testing.T) { testIntermediateCertificate2.SerialNumber, false) - // intermediate and leaf are revoked + // Check state indexes - both revoked indexes = utils.TestIndexes{ Present: []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix}, {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, }, Missing: []utils.TestIndex{ {Key: types.AllCertificatesKeyPrefix}, @@ -135,7 +135,7 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_KeepChild(t *testing. // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -146,11 +146,11 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_KeepChild(t *testing. intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) - // add leaf x509 certificate + // Add leaf certificate leafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, leafCertificate) - // revoke x509 certificate + // revoke intermediate certificate utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress, @@ -159,7 +159,7 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_KeepChild(t *testing. "", false) - // leaf stays approved + // Checks tate indexes - leaf stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -184,7 +184,7 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_KeepChild(t *testing.T) // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -195,11 +195,11 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_KeepChild(t *testing.T) intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) - // add leaf x509 certificate + // Add leaf certificate leafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, leafCertificate) - // revoke x509 certificate + // revoke intermediate certificate utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress, @@ -208,15 +208,15 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_KeepChild(t *testing.T) intermediateCertificate1.SerialNumber, false) - // leaf stays approved + // Check state indexes - leaf stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, - // {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, + // {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, // inter with same subject exists {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, - // {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, + // {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, // inter with same subject exists {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, }, Missing: []utils.TestIndex{ @@ -233,7 +233,7 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_RevokeChild(t *testin // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -244,11 +244,11 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_RevokeChild(t *testin intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) - // add leaf x509 certificate + // Add leaf certificate leafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, leafCertificate) - // revoke x509 certificate + // revoke intermediate certificate utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress, @@ -257,7 +257,7 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_RevokeChild(t *testin "", true) - // leaf stays approved + // Check state indexes - leaf is revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -282,7 +282,7 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_RevokeChild(t *testing. // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -293,11 +293,11 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_RevokeChild(t *testing. intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) - // add leaf x509 certificate + //Aad leaf certificate leafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, leafCertificate) - // revoke x509 certificate + // Revoke intermediate certificate utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress, @@ -306,7 +306,7 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_RevokeChild(t *testing. intermediateCertificate1.SerialNumber, true) - // leaf stays approved + // Check state indexes - leaf is revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -315,10 +315,10 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_RevokeChild(t *testing. Missing: []utils.TestIndex{ {Key: types.ChildCertificatesKeyPrefix}, {Key: types.AllCertificatesKeyPrefix}, - // {Key: types.AllCertificatesBySubjectKeyPrefix}, + // {Key: types.AllCertificatesBySubjectKeyPrefix}, // intermediate with same subject exists {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, {Key: types.ApprovedCertificatesKeyPrefix}, - // {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + // {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, // intermediate with same subject exists {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, }, } @@ -331,7 +331,7 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_ParentExist(t *testin // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -342,7 +342,7 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_ParentExist(t *testin intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) - // revoke x509 certificate + // Revoke intermediate certificate utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress, @@ -351,7 +351,7 @@ func TestHandler_RevokeDaIntermediateCert_BySubjectAndSKID_ParentExist(t *testin "", false) - // leaf stays approved + // Check state indexes - parent stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -376,7 +376,7 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_ParentExist(t *testing. // Add vendor account vendorAccAddress := setup.CreateVendorAccount(testconstants.RootCertWithVidVid) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificateWithSameSubjectAndSKID1(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -387,7 +387,7 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_ParentExist(t *testing. intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) - // revoke x509 certificate + // Revoke intermediate certificate utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress, @@ -396,7 +396,7 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_ParentExist(t *testing. intermediateCertificate1.SerialNumber, false) - // leaf stays approved + // Check state indexes - parent stays approved indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -418,18 +418,18 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_ParentExist(t *testing. func TestHandler_RevokeDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) - // store root certificate + // Add root certificate rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // add x509 certificate by first vendor account + // Add certificate by first vendor account intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // add second vendor account with VID = 1 + // Add second vendor account with VID = 1 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.Vid) - // revoke x509 certificate by second vendor account + // Revoke certificate by second vendor account utils.RevokeDaIntermediateCertificate( setup, vendorAccAddress2, @@ -438,7 +438,7 @@ func TestHandler_RevokeDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) intermediateCertificate.SerialNumber, false) - // Check: Certificate is revoked + // Check state indexes - certificate is revoked indexes := utils.TestIndexes{ Present: []utils.TestIndex{ {Key: types.UniqueCertificateKeyPrefix}, @@ -464,7 +464,7 @@ func TestHandler_RevokeDaIntermediateCert_ByNotOwnerButSameVendor(t *testing.T) func TestHandler_RevokeDaIntermediateCert_CertificateDoesNotExist(t *testing.T) { setup := utils.Setup(t) - // revoke x509 certificate + // revoke certificate revokeX509Cert := types.NewMsgRevokeX509Cert( setup.Vendor1.String(), testconstants.IntermediateSubject, @@ -481,7 +481,7 @@ func TestHandler_RevokeDaIntermediateCert_CertificateDoesNotExist(t *testing.T) func TestHandler_RevokeDaIntermediateCert_CertificateDoesNotExistBySerialNumber(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -489,7 +489,7 @@ func TestHandler_RevokeDaIntermediateCert_CertificateDoesNotExistBySerialNumber( intermediateCertificate := utils.IntermediateDaCertificate(setup.Vendor1) utils.AddDaIntermediateCertificate(setup, intermediateCertificate) - // revoke x509 certificate + // revoke intermediate certificate revokeX509Cert := types.NewMsgRevokeX509Cert( setup.Vendor1.String(), intermediateCertificate.Subject, @@ -506,11 +506,11 @@ func TestHandler_RevokeDaIntermediateCert_CertificateDoesNotExistBySerialNumber( func TestHandler_RevokeDaIntermediateCert_ForRootCertificate(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) - // revoke x509 root certificate + // Revoke root certificate revokeX509Cert := types.NewMsgRevokeX509Cert( setup.Vendor1.String(), rootCert.Subject, @@ -527,7 +527,7 @@ func TestHandler_RevokeDaIntermediateCert_ForRootCertificate(t *testing.T) { func TestHandler_RevokeDaIntermediateCert_ByVendorWithOtherVid(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) @@ -538,7 +538,7 @@ func TestHandler_RevokeDaIntermediateCert_ByVendorWithOtherVid(t *testing.T) { // add second vendor account with VID = 1000 vendorAccAddress2 := setup.CreateVendorAccount(testconstants.VendorID1) - // revoke x509 certificate by second vendor account + // revoke intermediate certificate by second vendor account revokeX509Cert := types.NewMsgRevokeX509Cert( vendorAccAddress2.String(), intermediateCertificate.Subject, @@ -555,7 +555,7 @@ func TestHandler_RevokeDaIntermediateCert_ByVendorWithOtherVid(t *testing.T) { func TestHandler_RevokeDaIntermediateCert_SenderNotVendor(t *testing.T) { setup := utils.Setup(t) - // propose and approve x509 root certificate + // Add root certificate rootCert := utils.RootDaCertificate(setup.Trustee1) utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCert) diff --git a/x/pki/tests/test-design.md b/x/pki/tests/test-design.md index 486023b3b..8680554ec 100644 --- a/x/pki/tests/test-design.md +++ b/x/pki/tests/test-design.md @@ -1,6 +1,6 @@ -## [Add DA Root](./handler_add_paa_cert_test.go) +## Add DA Root -### Propose adding of DA root certificate +### [Propose adding of DA root certificate](./handler_propose_paa_cert_test.go) Indexes to check: @@ -24,17 +24,16 @@ Test cases: * Negative: * Propose by not Trustee: `TestHandler_ProposeAddDaRootCert_ByNotTrustee` * Propose invalid certificate: `TestHandler_ProposeAddDaRootCert_ForInvalidCertificate` - * Propose with existing proposed certificate (Subject/SKID): - `TestHandler_ProposeAddDaRootCert_ProposedCertificateAlreadyExists` + * Propose with existing proposed certificate (Subject/SKID): `TestHandler_ProposeAddDaRootCert_Duplicate` * Propose with existing approved certificate (Subject/SKID/SerialNumber): `TestHandler_ProposeAddDaRootCert_CertificateAlreadyExists` * Propose not self-signed certificate: `TestHandler_ProposeAddDaRootCert_ForNonRootCertificate` * Propose not root certificate: `TestHandler_ProposeAddDaRootCert_ForNonRootCertificate` - * Propose NOC root certificate: `TestHandler_ProposeAddDaRootCert_ForNocCertificate` + * Propose NOC root certificate: can we check it? `TestHandler_ProposeAddDaRootCert_ForNocCertificate` - wrong test. * Propose with existing approved subject/SKID where signer is not owner of active: `TestHandler_ProposeAddDaRootCert_ForDifferentSigner` -### Approve adding of DA root certificate +### [Approve adding of DA root certificate](handler_approve_add_paa_cert_test.go) Indexes: @@ -48,23 +47,23 @@ Indexes: Test cases: * Positive: - * Add certificate: `TestHandler_AddDaRootCert`, - `TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded`, - `TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees` - * Add two certificates with same SKID but different Subject: - `TestHandler_AddDaRootCert_SameSkid_DifferentSubject` - * Add two certificates with same Subject but different SKID: - * Add two certificates with same Subject and SKID: - `TestHandler_AddDaRootCert_SameSubjectAndSkid_DifferentSerialNumber` * Approve certificate for not enough approvals: `TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded` - * Approve certificate which was previously rejected by the current user: - `TestHandler_ApproveAddDaRootCert_PreviouslyRejectedByCurrentTrustee` + * Add certificate: `TestHandler_AddDaRootCert`, + `TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded`, + `TestHandler_AddDaRootCert_FourOfFiveApprovalsAreNeeded` + * Add two certificates with same SKID but different Subject: + `TestHandler_AddDaRootCert_SameSkid_DifferentSubject` + * Add two certificates with same Subject but different SKID: + * Add two certificates with same Subject and SKID: + `TestHandler_AddDaRootCert_SameSubjectAndSkid_DifferentSerialNumber` + * Approve certificate which was previously rejected by the current user: + `TestHandler_ApproveAddDaRootCert_PreviouslyRejectedByCurrentTrustee` * Negative: * Approve by not Trustee: `TestHandler_ApproveAddDaRootCert_ByNotTrustee` - * Approve of non-existing proposed certificate: `TestHandler_ApproveAddDaRootCert_ForUnknownProposedCertificate` + * Approve of non-existing proposed certificate: `TestHandler_ApproveAddDaRootCert_UnknownProposedCertificate` * Approve certificate already approved by the current user: `TestHandler_ApproveAddDaRootCert_Twice` -### Reject adding of DA root certificate +### [Reject adding of DA root certificate](handler_reject_add_paa_cert_test.go) Indexes: @@ -83,20 +82,16 @@ Test cases: `TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees` * Reject adding of DA root certificate for not enough rejects: `TestHandler_RejectAddDaRootCert`, `TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees` - * Reject DA root certificate which was previously approved by the current user and certificate has other - approval: - `TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateHasOtherApproval` - * Reject DA root certificate which was previously approved by the current user and certificate has other - rejects: - `TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateHasOtherReject` - * Reject DA root certificate which was previously approved by the current user (and certificate does not have other - rejects/approvals): - `TestHandler_RejectAddDaRootCert_PreviouslyApprovedByCurrentTrustee_CertificateNotHasOtherApproval` + * Reject DA root certificate - certificate still has other approval (certificates must be proposed): + `TestHandler_RejectAddDaRootCert_CertificateHasOtherApproval` + * Reject DA root certificate - certificate still has other reject (certificates must be proposed): + `TestHandler_RejectAddDaRootCert_CertificateHasOtherReject` + * Reject DA root certificate - certificate does not have other rejects/approvals (certificates must be removed): + `TestHandler_RejectAddDaRootCert_CertificateNotHasOtherApprovalAndRejects` * Negative: * Reject by not Trustee: `TestHandler_RejectAddDaRootCert_ByNotTrustee` - * Reject of non-existing proposed certificate: `TestHandler_RejectAddDaRootCert_ForUnknownProposedCertificate` - * Reject certificate already rejected by the current user: - `TestHandler_RejectX509RootCert_TwiceFromTheSameTrustee` + * Reject of non-existing proposed certificate: `TestHandler_RejectAddDaRootCert_UnknownProposedCertificate` + * Reject certificate already rejected by the current user: `TestHandler_RejectAddDaRootCert_Twice` ## [Add DA Intermediate](./handler_add_pai_cert_test.go) @@ -133,9 +128,9 @@ Test cases: * Add with different VID: `TestHandler_AddDaIntermediateCert_ByOtherVendor` * Add with invalid chain: `TestHandler_AddDaIntermediateCert_ForAbsentDirectParentCert` -## [Revoke DA Root](./handler_revoke_paa_cert_test.go) +## Revoke DA Root -### Propose revocation of DA root certificate +### [Propose revocation of DA root certificate](handler_propose_revoke_paa_cert_test.go) Indexes to check: @@ -168,7 +163,7 @@ Test cases: `TestHandler_ProposeRevokeDaRootCert_CertificateDoesNotExistBySerialNumber` * Propose revocation of not root certificate: `TestHandler_ProposeRevokeDaRootCert_ForNonRootCertificate` -### Approve revocation of DA root certificate +### [Approve revocation of DA root certificate](handler_approve_revoke_paa_cert_test.go) Indexes: From b88f32a59841002f55422364abe44bf873b785e6 Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Wed, 18 Dec 2024 12:03:40 +0300 Subject: [PATCH 11/11] Fixed linter errors --- x/pki/tests/handler_propose_paa_cert_test.go | 4 ++-- x/pki/tests/handler_revoke_pai_cert_test.go | 2 +- x/pki/types/all_certificates_by_subject_key_id.pb.go | 6 +++--- x/pki/types/approved_certificates_by_subject_key_id.pb.go | 6 +++--- x/pki/types/genesis_test.go | 6 +++--- x/pki/types/key_all_certificates_by_subject_key_id.go | 2 +- x/pki/types/key_approved_certificates_by_subject_key_id.go | 2 +- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/x/pki/tests/handler_propose_paa_cert_test.go b/x/pki/tests/handler_propose_paa_cert_test.go index 92f578f75..bb1ea9095 100644 --- a/x/pki/tests/handler_propose_paa_cert_test.go +++ b/x/pki/tests/handler_propose_paa_cert_test.go @@ -293,7 +293,7 @@ func TestHandler_ProposeAddDaRootCert_CertificateAlreadyExists(t *testing.T) { require.True(t, pkitypes.ErrCertificateAlreadyExists.Is(err)) } -//func TestHandler_ProposeAddDaRootCert_ForNocCertificate(t *testing.T) { +// func TestHandler_ProposeAddDaRootCert_ForNocCertificate(t *testing.T) { // setup := utils.Setup(t) // // // propose a new root certificate @@ -306,7 +306,7 @@ func TestHandler_ProposeAddDaRootCert_CertificateAlreadyExists(t *testing.T) { // testconstants.CertSchemaVersion) // _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) // require.True(t, pkitypes.ErrInappropriateCertificateType.Is(err)) -//} +// } func TestHandler_ProposeAddDaRootCert_ForDifferentSigner(t *testing.T) { setup := utils.Setup(t) diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index 1a111e017..e50f48778 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -293,7 +293,7 @@ func TestHandler_RevokeDaIntermediateCert_BySerialNumber_RevokeChild(t *testing. intermediateCertificate2 := utils.IntermediateDaCertificateWithSameSubjectAndSKID2(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, intermediateCertificate2) - //Aad leaf certificate + // Aad leaf certificate leafCertificate := utils.LeafDaCertificateWithSameSubjectAndSKID(vendorAccAddress) utils.AddDaIntermediateCertificate(setup, leafCertificate) diff --git a/x/pki/types/all_certificates_by_subject_key_id.pb.go b/x/pki/types/all_certificates_by_subject_key_id.pb.go index b0332ef84..fa3ddff29 100644 --- a/x/pki/types/all_certificates_by_subject_key_id.pb.go +++ b/x/pki/types/all_certificates_by_subject_key_id.pb.go @@ -83,7 +83,7 @@ func (m *AllCertificatesBySubjectKeyId) GetSchemaVersion() uint32 { } func init() { - proto.RegisterType((*AllCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.AllCertificatesBySubjectKeyID") + proto.RegisterType((*AllCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.AllCertificatesBySubjectKeyId") } func init() { @@ -223,10 +223,10 @@ func (m *AllCertificatesBySubjectKeyId) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AllCertificatesBySubjectKeyID: wiretype end group for non-group") + return fmt.Errorf("proto: AllCertificatesBySubjectKeyId: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AllCertificatesBySubjectKeyID: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AllCertificatesBySubjectKeyId: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: diff --git a/x/pki/types/approved_certificates_by_subject_key_id.pb.go b/x/pki/types/approved_certificates_by_subject_key_id.pb.go index 65df87141..4aebcf970 100644 --- a/x/pki/types/approved_certificates_by_subject_key_id.pb.go +++ b/x/pki/types/approved_certificates_by_subject_key_id.pb.go @@ -83,7 +83,7 @@ func (m *ApprovedCertificatesBySubjectKeyId) GetSchemaVersion() uint32 { } func init() { - proto.RegisterType((*ApprovedCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.ApprovedCertificatesBySubjectKeyID") + proto.RegisterType((*ApprovedCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.ApprovedCertificatesBySubjectKeyId") } func init() { @@ -223,10 +223,10 @@ func (m *ApprovedCertificatesBySubjectKeyId) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyID: wiretype end group for non-group") + return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyId: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyID: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyId: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: diff --git a/x/pki/types/genesis_test.go b/x/pki/types/genesis_test.go index 24d0867c3..a19a0df8b 100644 --- a/x/pki/types/genesis_test.go +++ b/x/pki/types/genesis_test.go @@ -218,7 +218,7 @@ AllCertificatesBySubjectList: []types.AllCertificatesBySubject{ Subject: "1", }, }, -AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ +AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ { SubjectKeyId: "0", }, @@ -551,7 +551,7 @@ SubjectKeyID: "0", { desc: "duplicated allCertificatesBySubjectKeyId", genState: &types.GenesisState{ - AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ + AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ { SubjectKeyId: "0", }, @@ -565,7 +565,7 @@ SubjectKeyID: "0", { desc: "duplicated allCertificatesBySubjectKeyId", genState: &types.GenesisState{ - AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ + AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ { SubjectKeyId: "0", }, diff --git a/x/pki/types/key_all_certificates_by_subject_key_id.go b/x/pki/types/key_all_certificates_by_subject_key_id.go index 6ab7d33c2..f04b2fb9e 100644 --- a/x/pki/types/key_all_certificates_by_subject_key_id.go +++ b/x/pki/types/key_all_certificates_by_subject_key_id.go @@ -6,7 +6,7 @@ var _ binary.ByteOrder const ( // AllCertificatesBySubjectKeyIDKeyPrefix is the prefix to retrieve all AllCertificatesBySubjectKeyId - AllCertificatesBySubjectKeyIDKeyPrefix = "AllCertificatesBySubjectKeyID/value/" + AllCertificatesBySubjectKeyIDKeyPrefix = "AllCertificatesBySubjectKeyId/value/" ) // AllCertificatesBySubjectKeyIDKey returns the store key to retrieve a AllCertificatesBySubjectKeyId from the index fields diff --git a/x/pki/types/key_approved_certificates_by_subject_key_id.go b/x/pki/types/key_approved_certificates_by_subject_key_id.go index 34e842edf..587098470 100644 --- a/x/pki/types/key_approved_certificates_by_subject_key_id.go +++ b/x/pki/types/key_approved_certificates_by_subject_key_id.go @@ -6,7 +6,7 @@ var _ binary.ByteOrder const ( // ApprovedCertificatesBySubjectKeyIDKeyPrefix is the prefix to retrieve all ApprovedCertificatesBySubjectKeyId. - ApprovedCertificatesBySubjectKeyIDKeyPrefix = "ApprovedCertificatesBySubjectKeyID/value/" + ApprovedCertificatesBySubjectKeyIDKeyPrefix = "ApprovedCertificatesBySubjectKeyId/value/" ) // ApprovedCertificatesBySubjectKeyIDKey returns the store key to retrieve a ApprovedCertificatesBySubjectKeyId from the index fields.