#524 Enable revocation of NOC certificates

Signed-off-by: Abdulbois <[email protected]>
Signed-off-by: Abdulbois <[email protected]>

integration_tests/constants/noc_cert_1_copy

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUTCCAfegAwIBAgIUHa4t/R+Gtf/22F5T6n+f6zfGkPUwCgYIKoZIzj0EAwIw
+ejELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3RhdGUxETAPBgNVBAcMCFRh
+c2hrZW50MRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3Rp
+bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0xMCAXDTI0MDMxMzE2NDIwM1oYDzMw
+MjMwNzE1MTY0MjAzWjCBgjELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3Rh
+dGUxEzARBgNVBAcMClNvbWUgU3RhdGUxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFu
+eTEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEUMBIGA1UEAwwLTk9DLWNoaWxk
+LTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATOPY6vbvv8no8NcIdfa/MbkJep
+FkUcfOYym0gajL2yph8a/wk0RpYqL+M+KJ4oja70oKK/igBmEitRD4VB3mXQo1Aw
+TjAdBgNVHQ4EFgQUAnJuvLvv1r2Nm0Ku1DzAVV9mOrMwHwYDVR0jBBgwFoAUROtM
+YmslSM2isxyHQVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNIADBF
+AiEA7Z1xDQHO2B0kFC5rdVuXGzH150tJEoCwZMohKpnK+kUCIBzFXAoaURzHVyTG
+oB0TJHTlKONyyEXKnHf8pJedjOq4
+-----END CERTIFICATE-----

integration_tests/constants/noc_constants.go

@@ -79,6 +79,22 @@ TjAdBgNVHQ4EFgQUAnJuvLvv1r2Nm0Ku1DzAVV9mOrMwHwYDVR0jBBgwFoAUROtM
 YmslSM2isxyHQVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBG
 AiEAzUSg9uY1+hn4Xe5ZyxmhEe5ycTtA7o94jA3x1ygGXcECIQD8mYhLsOss/API
 /xNPu7fcgPAwhltZAf6Cf9QVxRme/Q==
+-----END CERTIFICATE-----`
+
+	NocCert1Copy = `-----BEGIN CERTIFICATE-----
+MIICUTCCAfegAwIBAgIUHa4t/R+Gtf/22F5T6n+f6zfGkPUwCgYIKoZIzj0EAwIw
+ejELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3RhdGUxETAPBgNVBAcMCFRh
+c2hrZW50MRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3Rp
+bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0xMCAXDTI0MDMxMzE2NDIwM1oYDzMw
+MjMwNzE1MTY0MjAzWjCBgjELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3Rh
+dGUxEzARBgNVBAcMClNvbWUgU3RhdGUxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFu
+eTEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEUMBIGA1UEAwwLTk9DLWNoaWxk
+LTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATOPY6vbvv8no8NcIdfa/MbkJep
+FkUcfOYym0gajL2yph8a/wk0RpYqL+M+KJ4oja70oKK/igBmEitRD4VB3mXQo1Aw
+TjAdBgNVHQ4EFgQUAnJuvLvv1r2Nm0Ku1DzAVV9mOrMwHwYDVR0jBBgwFoAUROtM
+YmslSM2isxyHQVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNIADBF
+AiEA7Z1xDQHO2B0kFC5rdVuXGzH150tJEoCwZMohKpnK+kUCIBzFXAoaURzHVyTG
+oB0TJHTlKONyyEXKnHf8pJedjOq4
 -----END CERTIFICATE-----`
 
 	NocCert2 = `-----BEGIN CERTIFICATE-----
@@ -139,6 +155,12 @@ zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj
 	NocCert1SerialNumber  = "631388393741945881054190991612463928825155142122"
 	NocCert1SubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
 
+	NocCert1CopySubject       = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ=="
+	NocCert1CopyIssuer        = NocRootCert1Subject
+	NocCert1CopySubjectKeyID  = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3"
+	NocCert1CopySerialNumber  = "169445068204646961882009388640343665944683778293"
+	NocCert1CopySubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
+
 	NocCert2Subject       = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg=="
 	NocCert2Issuer        = NocRootCert2Subject
 	NocCert2SubjectKeyID  = "87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD"

proto/pki/tx.proto

@@ -25,6 +25,7 @@ service Msg {
   rpc RemoveX509Cert(MsgRemoveX509Cert) returns (MsgRemoveX509CertResponse);
   rpc AddNocX509Cert(MsgAddNocX509Cert) returns (MsgAddNocX509CertResponse);
   rpc RevokeNocRootX509Cert(MsgRevokeNocRootX509Cert) returns (MsgRevokeNocRootX509CertResponse);
+  rpc RevokeNocX509Cert(MsgRevokeNocX509Cert) returns (MsgRevokeNocX509CertResponse);
 // this line is used by starport scaffolding # proto/tx/rpc
 }
 
@@ -201,4 +202,17 @@ message MsgRevokeNocRootX509Cert {
 message MsgRevokeNocRootX509CertResponse {
 }
 
+message MsgRevokeNocX509Cert {
+  string signer = 1 [(cosmos_proto.scalar) = "cosmos.AddressString", (gogoproto.moretags) = "validate:\"required\""];
+  string subject = 2 [(gogoproto.moretags) = "validate:\"required,max=1024\""];
+  string subjectKeyId = 3 [(gogoproto.moretags) = "validate:\"required,max=256\""];
+  string serialNumber = 4;
+  string info = 5 [(gogoproto.moretags) = "validate:\"max=4096\""];
+  int64 time = 6;
+  bool revokeChild = 7;
+}
+
+message MsgRevokeNocX509CertResponse {
+}
+
 // this line is used by starport scaffolding # proto/tx/message

scripts/starport/upgrade-0.44/07.pki_types.sh

@@ -20,6 +20,7 @@ starport scaffold --module pki message delete-pki-revocation-distribution-point
 starport scaffold --module pki message AddNocX509RootCert  cert --signer signer
 starport scaffold --module pki message AddNocX509Cert  cert --signer signer
 starport scaffold --module pki message RevokeNocRootX509Cert subject subjectKeyId serialNumber info time:uint revokeChild:bool --signer signer
+starport scaffold --module pki message RevokeNocX509Cert subject subjectKeyId serialNumber info time:uint revokeChild:bool --signer signer
 
 # CRUD data types
 starport scaffold --module pki map ApprovedCertificates certs:strings --index subject,subjectKeyId --no-message

types/pki/errors.go

@@ -351,7 +351,7 @@ func NewErrMessageVidNotEqualAccountVid(msgVid int32, accountVid int32) error {
 	return sdkerrors.Wrapf(ErrMessageVidNotEqualAccountVid, "Message vid=%d is not equal to account vid=%d", msgVid, accountVid)
 }
 
-func NewErrMessageRemoveRoot(subject string, subjectKeyID string) error {
+func NewErrMessageExpectedNonRoot(subject string, subjectKeyID string) error {
 	return sdkerrors.Wrapf(ErrInappropriateCertificateType, "Inappropriate Certificate Type: Certificate with subject=%s and subjectKeyID=%s "+
 		"is a root certificate.", subject, subjectKeyID,
 	)