From bd7df9093355f1ad065fb1d77f38ea4e8646293b Mon Sep 17 00:00:00 2001 From: Abdulbois Date: Wed, 6 Mar 2024 20:50:14 +0500 Subject: [PATCH 1/2] #524 Revocation of NOC root certificates Enable revoking NOC Root certs Signed-off-by: Abdulbois Signed-off-by: Abdulbois --- docs/static/openapi.yml | 511 +++++++ docs/transactions.md | 50 + integration_tests/cli/pki-noc-certs.sh | 128 +- .../pki-noc-revocation-with-revoking-child.sh | 155 +++ .../pki-noc-revocation-with-serial-number.sh | 247 ++++ integration_tests/constants/noc_cert_1 | 16 +- integration_tests/constants/noc_constants.go | 65 +- integration_tests/constants/noc_leaf_cert_1 | 15 + .../constants/noc_root_cert_1_copy | 15 + .../grpc_rest/pki/noc_cert_helper.go | 45 + proto/pki/genesis.proto | 2 + proto/pki/query.proto | 29 + proto/pki/revoked_noc_root_certificates.proto | 12 + proto/pki/tx.proto | 14 + scripts/starport/upgrade-0.44/07.pki_types.sh | 2 + .../index.ts | 68 +- .../module/index.ts | 3 + .../module/rest.ts | 68 + .../module/types/pki/genesis.ts | 28 +- .../module/types/pki/query.ts | 297 ++++ .../pki/revoked_noc_root_certificates.ts | 118 ++ .../module/types/pki/tx.ts | 216 ++- x/pki/client/cli/query.go | 2 + .../query_revoked_noc_root_certificates.go | 84 ++ ...uery_revoked_noc_root_certificates_test.go | 172 +++ x/pki/client/cli/tx.go | 1 + .../cli/tx_revoke_noc_root_x_509_cert.go | 67 + x/pki/genesis.go | 5 + x/pki/genesis_test.go | 11 + x/pki/handler.go | 4 + x/pki/handler_revoke_noc_root_cert_test.go | 566 ++++++++ x/pki/handler_test.go | 16 + ...approved_certificates_by_subject_key_id.go | 17 +- x/pki/keeper/child_certificates.go | 5 + x/pki/keeper/grpc_query_noc_certificates.go | 2 +- .../grpc_query_noc_certificates_test.go | 2 +- ...rpc_query_revoked_noc_root_certificates.go | 61 + ...uery_revoked_noc_root_certificates_test.go | 129 ++ .../msg_server_revoke_noc_root_x_509_cert.go | 129 ++ x/pki/keeper/revoked_noc_root_certificates.go | 99 ++ .../revoked_noc_root_certificates_test.go | 68 + x/pki/module_simulation.go | 15 + .../simulation/revoke_noc_root_x_509_cert.go | 29 + x/pki/types/codec.go | 4 + x/pki/types/genesis.go | 11 + x/pki/types/genesis.pb.go | 158 ++- x/pki/types/genesis_test.go | 26 + .../key_revoked_noc_root_certificates.go | 28 + .../message_revoke_noc_root_x_509_cert.go | 63 + ...message_revoke_noc_root_x_509_cert_test.go | 127 ++ x/pki/types/query.pb.go | 1223 ++++++++++++++--- x/pki/types/query.pb.gw.go | 206 +++ .../types/revoked_noc_root_certificates.pb.go | 436 ++++++ x/pki/types/tx.pb.go | 774 +++++++++-- 54 files changed, 6323 insertions(+), 321 deletions(-) create mode 100755 integration_tests/cli/pki-noc-revocation-with-revoking-child.sh create mode 100755 integration_tests/cli/pki-noc-revocation-with-serial-number.sh create mode 100644 integration_tests/constants/noc_leaf_cert_1 create mode 100644 integration_tests/constants/noc_root_cert_1_copy create mode 100644 proto/pki/revoked_noc_root_certificates.proto create mode 100644 vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/revoked_noc_root_certificates.ts create mode 100644 x/pki/client/cli/query_revoked_noc_root_certificates.go create mode 100644 x/pki/client/cli/query_revoked_noc_root_certificates_test.go create mode 100644 x/pki/client/cli/tx_revoke_noc_root_x_509_cert.go create mode 100644 x/pki/handler_revoke_noc_root_cert_test.go create mode 100644 x/pki/keeper/grpc_query_revoked_noc_root_certificates.go create mode 100644 x/pki/keeper/grpc_query_revoked_noc_root_certificates_test.go create mode 100644 x/pki/keeper/msg_server_revoke_noc_root_x_509_cert.go create mode 100644 x/pki/keeper/revoked_noc_root_certificates.go create mode 100644 x/pki/keeper/revoked_noc_root_certificates_test.go create mode 100644 x/pki/simulation/revoke_noc_root_x_509_cert.go create mode 100644 x/pki/types/key_revoked_noc_root_certificates.go create mode 100644 x/pki/types/message_revoke_noc_root_x_509_cert.go create mode 100644 x/pki/types/message_revoke_noc_root_x_509_cert_test.go create mode 100644 x/pki/types/revoked_noc_root_certificates.pb.go diff --git a/docs/static/openapi.yml b/docs/static/openapi.yml index eb09da0db..1653e8baa 100644 --- a/docs/static/openapi.yml +++ b/docs/static/openapi.yml @@ -11174,6 +11174,295 @@ paths: type: string tags: - Query + /dcl/pki/revoked-noc-root-certificates: + get: + summary: Queries a list of RevokedNocRootCertificates items. + operationId: RevokedNocRootCertificatesAll + responses: + '200': + description: A successful response. + schema: + type: object + properties: + revokedNocRootCertificates: + type: array + items: + type: object + properties: + subject: + type: string + subjectKeyId: + type: string + certs: + type: array + items: + type: object + properties: + pemCert: + type: string + serialNumber: + type: string + issuer: + type: string + authorityKeyId: + type: string + rootSubject: + type: string + rootSubjectKeyId: + type: string + isRoot: + type: boolean + owner: + type: string + subject: + type: string + subjectKeyId: + type: string + approvals: + type: array + items: + type: object + properties: + address: + type: string + time: + type: string + format: int64 + info: + type: string + subjectAsText: + type: string + rejects: + type: array + items: + type: object + properties: + address: + type: string + time: + type: string + format: int64 + info: + type: string + vid: + type: integer + format: int32 + isNoc: + type: boolean + pagination: + type: object + properties: + next_key: + type: string + format: byte + title: |- + next_key is the key to be passed to PageRequest.key to + query the next page most efficiently + total: + type: string + format: uint64 + title: >- + total is total number of results available if + PageRequest.count_total + + was set, its value is undefined otherwise + description: >- + PageResponse is to be embedded in gRPC response messages where + the + + corresponding request message has used PageRequest. + + message SomeResponse { + repeated Bar results = 1; + PageResponse page = 2; + } + default: + description: An unexpected error response. + schema: + type: object + properties: + error: + type: string + code: + type: integer + format: int32 + message: + type: string + details: + type: array + items: + type: object + properties: + type_url: + type: string + value: + type: string + format: byte + parameters: + - name: pagination.key + description: |- + key is a value returned in PageResponse.next_key to begin + querying the next page most efficiently. Only one of offset or key + should be set. + in: query + required: false + type: string + format: byte + - name: pagination.offset + description: >- + offset is a numeric offset that can be used when key is unavailable. + + It is less efficient than using key. Only one of offset or key + should + + be set. + in: query + required: false + type: string + format: uint64 + - name: pagination.limit + description: >- + limit is the total number of results to be returned in the result + page. + + If left empty it will default to a value to be set by each app. + in: query + required: false + type: string + format: uint64 + - name: pagination.count_total + description: >- + count_total is set to true to indicate that the result set should + include + + a count of the total number of items available for pagination in + UIs. + + count_total is only respected when offset is used. It is ignored + when key + + is set. + in: query + required: false + type: boolean + - name: pagination.reverse + description: >- + reverse is set to true if results are to be returned in the + descending order. + + + Since: cosmos-sdk 0.43 + in: query + required: false + type: boolean + tags: + - Query + /dcl/pki/revoked-noc-root-certificates/{subject}/{subjectKeyId}: + get: + summary: Queries a RevokedNocRootCertificates by index. + operationId: RevokedNocRootCertificates + responses: + '200': + description: A successful response. + schema: + type: object + properties: + revokedNocRootCertificates: + type: object + properties: + subject: + type: string + subjectKeyId: + type: string + certs: + type: array + items: + type: object + properties: + pemCert: + type: string + serialNumber: + type: string + issuer: + type: string + authorityKeyId: + type: string + rootSubject: + type: string + rootSubjectKeyId: + type: string + isRoot: + type: boolean + owner: + type: string + subject: + type: string + subjectKeyId: + type: string + approvals: + type: array + items: + type: object + properties: + address: + type: string + time: + type: string + format: int64 + info: + type: string + subjectAsText: + type: string + rejects: + type: array + items: + type: object + properties: + address: + type: string + time: + type: string + format: int64 + info: + type: string + vid: + type: integer + format: int32 + isNoc: + type: boolean + default: + description: An unexpected error response. + schema: + type: object + properties: + error: + type: string + code: + type: integer + format: int32 + message: + type: string + details: + type: array + items: + type: object + properties: + type_url: + type: string + value: + type: string + format: byte + parameters: + - name: subject + in: path + required: true + type: string + - name: subjectKeyId + in: path + required: true + type: string + tags: + - Query /dcl/pki/revoked-root-certificates: get: summary: Queries a RevokedRootCertificates by index. @@ -22137,6 +22426,99 @@ definitions: repeated Bar results = 1; PageResponse page = 2; } + zigbeealliance.distributedcomplianceledger.pki.QueryAllRevokedNocRootCertificatesResponse: + type: object + properties: + revokedNocRootCertificates: + type: array + items: + type: object + properties: + subject: + type: string + subjectKeyId: + type: string + certs: + type: array + items: + type: object + properties: + pemCert: + type: string + serialNumber: + type: string + issuer: + type: string + authorityKeyId: + type: string + rootSubject: + type: string + rootSubjectKeyId: + type: string + isRoot: + type: boolean + owner: + type: string + subject: + type: string + subjectKeyId: + type: string + approvals: + type: array + items: + type: object + properties: + address: + type: string + time: + type: string + format: int64 + info: + type: string + subjectAsText: + type: string + rejects: + type: array + items: + type: object + properties: + address: + type: string + time: + type: string + format: int64 + info: + type: string + vid: + type: integer + format: int32 + isNoc: + type: boolean + pagination: + type: object + properties: + next_key: + type: string + format: byte + title: |- + next_key is the key to be passed to PageRequest.key to + query the next page most efficiently + total: + type: string + format: uint64 + title: >- + total is total number of results available if + PageRequest.count_total + + was set, its value is undefined otherwise + description: |- + PageResponse is to be embedded in gRPC response messages where the + corresponding request message has used PageRequest. + + message SomeResponse { + repeated Bar results = 1; + PageResponse page = 2; + } zigbeealliance.distributedcomplianceledger.pki.QueryGetApprovedCertificatesBySubjectResponse: type: object properties: @@ -22657,6 +23039,72 @@ definitions: format: int32 isNoc: type: boolean + zigbeealliance.distributedcomplianceledger.pki.QueryGetRevokedNocRootCertificatesResponse: + type: object + properties: + revokedNocRootCertificates: + type: object + properties: + subject: + type: string + subjectKeyId: + type: string + certs: + type: array + items: + type: object + properties: + pemCert: + type: string + serialNumber: + type: string + issuer: + type: string + authorityKeyId: + type: string + rootSubject: + type: string + rootSubjectKeyId: + type: string + isRoot: + type: boolean + owner: + type: string + subject: + type: string + subjectKeyId: + type: string + approvals: + type: array + items: + type: object + properties: + address: + type: string + time: + type: string + format: int64 + info: + type: string + subjectAsText: + type: string + rejects: + type: array + items: + type: object + properties: + address: + type: string + time: + type: string + format: int64 + info: + type: string + vid: + type: integer + format: int32 + isNoc: + type: boolean zigbeealliance.distributedcomplianceledger.pki.QueryGetRevokedRootCertificatesResponse: type: object properties: @@ -22798,6 +23246,69 @@ definitions: format: int32 isNoc: type: boolean + zigbeealliance.distributedcomplianceledger.pki.RevokedNocRootCertificates: + type: object + properties: + subject: + type: string + subjectKeyId: + type: string + certs: + type: array + items: + type: object + properties: + pemCert: + type: string + serialNumber: + type: string + issuer: + type: string + authorityKeyId: + type: string + rootSubject: + type: string + rootSubjectKeyId: + type: string + isRoot: + type: boolean + owner: + type: string + subject: + type: string + subjectKeyId: + type: string + approvals: + type: array + items: + type: object + properties: + address: + type: string + time: + type: string + format: int64 + info: + type: string + subjectAsText: + type: string + rejects: + type: array + items: + type: object + properties: + address: + type: string + time: + type: string + format: int64 + info: + type: string + vid: + type: integer + format: int32 + isNoc: + type: boolean zigbeealliance.distributedcomplianceledger.pki.RevokedRootCertificates: type: object properties: diff --git a/docs/transactions.md b/docs/transactions.md index 5b5f1ca36..da8f5a1b2 100644 --- a/docs/transactions.md +++ b/docs/transactions.md @@ -1184,6 +1184,30 @@ already present on the ledger. - CLI Command: - `dcld tx pki add-noc-x509-cert --certificate= --from=` +### REVOKE_NOC_X509_ROOT_CERT + +**Status: Implemented** + +This transaction revokes a NOC root certificate owned by the Vendor. +Revoked NOC root certificates can be re-added using the `ADD_NOC_X509_ROOT_CERTIFICATE` transaction. + +- Who can send: Vendor account + - Vid field associated with the corresponding NOC root certificate on the ledger must be equal to the Vendor account's VID. +- Validation: + - a NOC Root Certificate with the provided `subject` and `subject_key_id` must exist in the ledger. +- Parameters: + - subject: `string` - base64 encoded subject DER sequence bytes of the certificate. + - subject_key_id: `string` - certificate's `Subject Key Id` in hex string format, e.g., `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB`. + - serial_number: `optional(string)` - certificate's serial number. If not provided, the transaction will revoke all certificates that match the given `subject` and `subject_key_id` combination. + - revoke-child: `optional(bool)` - if true, then all certificates in the chain signed by the revoked certificate (intermediate, leaf) are revoked as well. If false, only the current root cert is revoked (default: false). + - info: `optional(string)` - information/notes for the revocation + - time: `optional(int64)` - revocation time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field. +- In State: + - `pki/RevokedCertificates/value//` + - `pki/RevokedNOCRootCertificates/value//` +- CLI command: + - `dcld tx pki revoke-noc-x509-root-cert --subject= --subject-key-id= --serial-number= --info= --time= --revoke-child= --from=` + ### GET_X509_CERT **Status: Implemented** @@ -1524,6 +1548,32 @@ Retrieve a list of all of NOC non-root certificates - REST API: - GET `/dcl/pki/noc-certificates` +### GET_ALL_REVOKED_NOC_X509_ROOT_CERTS + +Gets all revoked NOC root certificates. + +- Who can send: Any account +- Parameters: + - Common pagination parameters +- CLI command: + - `dcld query pki all-revoked-noc-x509-root-certs` +- REST API: + - GET `/dcl/pki/revoked-noc-root-certificates` + +### GET_REVOKED_NOC_X509_ROOT_CERT + +**Status: Implemented** + +Gets a revoked NOC root certificate by the given subject and subject key ID attributes. + +- Parameters: + - subject: `string` - Base64 encoded subject DER sequence bytes of the certificate. + - subject_key_id: `string` - Certificate's `Subject Key Id` in hex string format, e.g., `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB`. +- CLI command: + - `dcld query pki revoked-noc-x509-root-cert --subject= --subject-key-id=` +- REST API: + - GET `/dcl/pki/revoked-noc-root-certificates/{subject}/{subject_key_id}` + ## AUTH ### PROPOSE_ADD_ACCOUNT diff --git a/integration_tests/cli/pki-noc-certs.sh b/integration_tests/cli/pki-noc-certs.sh index 1f1e29993..b083c7e14 100755 --- a/integration_tests/cli/pki-noc-certs.sh +++ b/integration_tests/cli/pki-noc-certs.sh @@ -7,6 +7,9 @@ noc_root_cert_1_subject_key_id="44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7: noc_root_cert_1_serial_number="47211865327720222621302679792296833381734533449" noc_root_cert_1_subject_as_text="CN=NOC-1,OU=Testing Division,O=Example Company,L=Tashkent,ST=Some State,C=UZ" +noc_root_cert_1_copy_path="integration_tests/constants/noc_root_cert_1_copy" +noc_root_cert_1_copy_serial_number="460647353168152946606945669687905527879095841977" + noc_root_cert_2_path="integration_tests/constants/noc_root_cert_2" noc_root_cert_2_subject="MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMg==" noc_root_cert_2_subject_key_id="CF:E6:DD:37:2B:4C:B2:B9:A9:F2:75:30:1C:AA:B1:37:1B:11:7F:1B" @@ -22,13 +25,18 @@ noc_root_cert_3_subject_as_text="CN=NOC-3,O=Internet Widgits Pty Ltd,ST=Some-Sta noc_cert_1_path="integration_tests/constants/noc_cert_1" noc_cert_1_subject="MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ==" noc_cert_1_subject_key_id="02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3" -noc_cert_1_serial_number="674670448117546613288490437900193266085116131998" +noc_cert_1_serial_number="631388393741945881054190991612463928825155142122" noc_cert_2_path="integration_tests/constants/noc_cert_2" noc_cert_2_subject="MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg==" noc_cert_2_subject_key_id="87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD" noc_cert_2_serial_number="361372967010167010646904372658654439710639340814" +noc_leaf_cert_1_path="integration_tests/constants/noc_leaf_cert_1" +noc_leaf_cert_1_subject="MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0x" +noc_leaf_cert_1_subject_key_id="77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01" +noc_leaf_cert_1_serial_number="281347277961838999749763518155363401757954575313" + trustee_account="jack" second_trustee_account="alice" @@ -237,4 +245,122 @@ check_response "$result" "\"subjectKeyId\": \"$noc_cert_2_subject_key_id\"" check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" echo $result | jq +test_divider + +echo "Add third NOC root certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="$noc_root_cert_1_copy_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add NOC leaf certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_leaf_cert_1_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request All NOC root certificate" +result=$(dcld query pki all-noc-x509-root-certs) +echo $result | jq +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\"" + +echo "Request all NOC certificates" +result=$(dcld query pki all-noc-x509-certs) +echo $result | jq +check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_2_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" + +echo "Try to revoke intermediate with different VID = $vid_2" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id" --from $vendor_account_2 --yes) +check_response "$result" "\"code\": 439" + +echo "$vendor_account Vendor revokes only root certificate, it should not revoke intermediate certificates" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id" --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should contain two root certificates only" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" + +echo "Request all revoked noc root certificates should contain two root certificates" +result=$(dcld query pki all-revoked-noc-x509-root-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" + +echo "Request revoked noc root certificate by subject and subjectKeyId should contain two root certificates" +result=$(dcld query pki revoked-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id") +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_2_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_3_subject\"" + +echo "Request all x509 root revoked certificates should not contain revoked NOC root certificates" +result=$(dcld query pki all-revoked-x509-root-certs) +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID must not contain revoked root certificates" +result=$(dcld query pki noc-x509-root-certs --vid="$vid") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +echo $result | jq + +echo "Request all certificates by subject must be empty" +result=$(dcld query pki all-subject-x509-certs --subject="$noc_root_cert_1_subject") +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +echo $result | jq + +echo "Request all certificates by subjectKeyId must be empty" +result=$(dcld query pki x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID = $vid should contain intermediate and leaf certificates" +result=$(dcld query pki noc-x509-certs --vid="$vid") +echo $result | jq +check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" +check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" + +echo "Request all approved certificates should not contain revoked NOC root certificates" +result=$(dcld query pki all-x509-certs) +check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +echo $result | jq + test_divider \ No newline at end of file diff --git a/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh b/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh new file mode 100755 index 000000000..b17e1ebce --- /dev/null +++ b/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh @@ -0,0 +1,155 @@ +set -euo pipefail +source integration_tests/cli/common.sh + +noc_root_cert_1_path="integration_tests/constants/noc_root_cert_1" +noc_root_cert_1_subject="MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ==" +noc_root_cert_1_subject_key_id="44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:2B:B9:83:26" +noc_root_cert_1_serial_number="47211865327720222621302679792296833381734533449" + +noc_root_cert_1_copy_path="integration_tests/constants/noc_root_cert_1_copy" +noc_root_cert_1_copy_serial_number="460647353168152946606945669687905527879095841977" + +noc_cert_1_path="integration_tests/constants/noc_cert_1" +noc_cert_1_subject="MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ==" +noc_cert_1_subject_key_id="02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3" +noc_cert_1_serial_number="631388393741945881054190991612463928825155142122" + +noc_leaf_cert_1_path="integration_tests/constants/noc_leaf_cert_1" +noc_leaf_cert_1_subject="MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0x" +noc_leaf_cert_1_subject_key_id="77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01" +noc_leaf_cert_1_serial_number="281347277961838999749763518155363401757954575313" + +vid_in_hex_format=0x6006 +vid=24582 + +vendor_account=vendor_account_$vid_in_hex_format +echo "Create Vendor account - $vendor_account" +create_new_vendor_account $vendor_account $vid_in_hex_format + +test_divider + +echo "Add first NOC root certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="$noc_root_cert_1_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add second NOC root certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="$noc_root_cert_1_copy_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add first NOC certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_1_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add NOC leaf certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_leaf_cert_1_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Request All NOC root certificate" +result=$(dcld query pki all-noc-x509-root-certs) +echo $result | jq +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" + +echo "Request all NOC certificates" +result=$(dcld query pki all-noc-x509-certs) +echo $result | jq +check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" + +echo "$vendor_account Vendor revokes root NOC certificate by setting \"revoke-child\" flag to true, it should revoke child certificates too" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id" --revoke-child=true --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should contain two root, one intermediate and one leaf certificates" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" +check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" + +echo "Request all revoked NOC root certificates should contain two root certificates" +result=$(dcld query pki all-revoked-noc-x509-root-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" + +echo "Request revoked NOC root certificate by subject and subjectKeyId should contain two root certificates" +result=$(dcld query pki revoked-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id") +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" + +echo "Request all x509 root revoked certificates should not contain revoked NOC root certificates" +result=$(dcld query pki all-revoked-x509-root-certs) +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID should be empty" +result=$(dcld query pki noc-x509-root-certs --vid="$vid") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +echo $result | jq + +echo "Request all certificates by subject should be empty" +result=$(dcld query pki all-subject-x509-certs --subject="$noc_root_cert_1_subject") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"$noc_root_cert_1_subject_key_id\"" +echo $result | jq + +echo "Request all certificates by subjectKeyId should be empty" +result=$(dcld query pki x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID = $vid should be empty" +result=$(dcld query pki noc-x509-certs --vid="$vid") +echo $result | jq +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" + +echo "Request all approved certificates should be empty" +result=$(dcld query pki all-x509-certs) +check_response "$result" "\[\]" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" +echo $result | jq + +test_divider \ No newline at end of file diff --git a/integration_tests/cli/pki-noc-revocation-with-serial-number.sh b/integration_tests/cli/pki-noc-revocation-with-serial-number.sh new file mode 100755 index 000000000..89a0ad125 --- /dev/null +++ b/integration_tests/cli/pki-noc-revocation-with-serial-number.sh @@ -0,0 +1,247 @@ +set -euo pipefail +source integration_tests/cli/common.sh + +noc_root_cert_1_path="integration_tests/constants/noc_root_cert_1" +noc_root_cert_1_subject="MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ==" +noc_root_cert_1_subject_key_id="44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:2B:B9:83:26" +noc_root_cert_1_serial_number="47211865327720222621302679792296833381734533449" + +noc_root_cert_1_copy_path="integration_tests/constants/noc_root_cert_1_copy" +noc_root_cert_1_copy_serial_number="460647353168152946606945669687905527879095841977" + +noc_cert_1_path="integration_tests/constants/noc_cert_1" +noc_cert_1_subject="MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ==" +noc_cert_1_subject_key_id="02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3" +noc_cert_1_serial_number="631388393741945881054190991612463928825155142122" + +noc_leaf_cert_1_path="integration_tests/constants/noc_leaf_cert_1" +noc_leaf_cert_1_subject="MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0x" +noc_leaf_cert_1_subject_key_id="77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01" +noc_leaf_cert_1_serial_number="281347277961838999749763518155363401757954575313" + +vid_in_hex_format=0x6006 +vid=24582 + +vendor_account=vendor_account_$vid_in_hex_format +echo "Create Vendor account - $vendor_account" +create_new_vendor_account $vendor_account $vid_in_hex_format + +test_divider + +echo "Add first NOC root certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="$noc_root_cert_1_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add second NOC root certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-root-cert --certificate="$noc_root_cert_1_copy_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add first NOC certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_cert_1_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add NOC leaf certificate by vendor with VID = $vid" +result=$(echo "$passphrase" | dcld tx pki add-noc-x509-cert --certificate="$noc_leaf_cert_1_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +test_divider + +echo "Request All NOC root certificate" +result=$(dcld query pki all-noc-x509-root-certs) +echo $result | jq +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" + +echo "Request all NOC certificates" +result=$(dcld query pki all-noc-x509-certs) +echo $result | jq +check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" + +echo "Try to revoke intermediate with invalid serialNumber" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id" --serial-number="invalid" --from $vendor_account --yes) +check_response "$result" "\"code\": 404" + +echo "$vendor_account Vendor revokes root NOC certificate with serialNumber=$noc_root_cert_1_serial_number only, it should not revoke child certificates" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id" --serial-number="$noc_root_cert_1_serial_number" --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should contain root certificate with serialNumber=$noc_root_cert_1_serial_number" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" + +echo "Request all revoked NOC root certificates should contain root certificate with serialNumber=$noc_root_cert_1_serial_number" +result=$(dcld query pki all-revoked-noc-x509-root-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" + +echo "Request revoked NOC root certificate by subject and subjectKeyId should contain root certificate with serialNumber=$noc_root_cert_1_serial_number" +result=$(dcld query pki revoked-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id") +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" + +echo "Request all x509 root revoked certificates should not contain revoked NOC root certificates" +result=$(dcld query pki all-revoked-x509-root-certs) +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID should contain only one root certificate with serialNumber=$noc_root_cert_1_copy_serial_number" +result=$(dcld query pki noc-x509-root-certs --vid="$vid") +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +echo $result | jq + +echo "Request all certificates by subject should not be empty" +result=$(dcld query pki all-subject-x509-certs --subject="$noc_root_cert_1_subject") +check_response "$result" "\"$noc_root_cert_1_subject\"" +check_response "$result" "\"$noc_root_cert_1_subject_key_id\"" +echo $result | jq + +echo "Request all certificates by subjectKeyId should contain only one root certificate with serialNumber=$noc_root_cert_1_copy_serial_number" +result=$(dcld query pki x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id") +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID = $vid should contain intermediate and leaf certificates" +result=$(dcld query pki noc-x509-certs --vid="$vid") +echo $result | jq +check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" +check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" +check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" + +echo "Request all approved certificates should not contain revoked NOC root certificate" +result=$(dcld query pki all-x509-certs) +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" +check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +echo $result | jq + +test_divider + +echo "$vendor_account Vendor revokes second root NOC certificate by serialNumber with \"revoke-child\" flag set to true, it should remove child certificates too" +result=$(echo "$passphrase" | dcld tx pki revoke-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id" --serial-number="$noc_root_cert_1_copy_serial_number" --revoke-child=true --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Request all revoked certificates should contain two root, one intermediate and one leaf certificates" +result=$(dcld query pki all-revoked-x509-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subject\": \"$noc_cert_1_subject\"" +check_response "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +check_response "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" + +echo "Request all revoked NOC root certificates should contain two root certificates" +result=$(dcld query pki all-revoked-noc-x509-root-certs) +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" + +echo "Request revoked NOC root certificate by subject and subjectKeyId should contain two root certificates" +result=$(dcld query pki revoked-noc-x509-root-cert --subject="$noc_root_cert_1_subject" --subject-key-id="$noc_root_cert_1_subject_key_id") +echo $result | jq +check_response "$result" "\"subject\": \"$noc_root_cert_1_subject" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" + +echo "Request all x509 root revoked certificates should not contain revoked NOC root certificates" +result=$(dcld query pki all-revoked-x509-root-certs) +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID should be empty" +result=$(dcld query pki noc-x509-root-certs --vid="$vid") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +echo $result | jq + +echo "Request all certificates by subject should be empty" +result=$(dcld query pki all-subject-x509-certs --subject="$noc_root_cert_1_subject") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"$noc_root_cert_1_subject_key_id\"" +echo $result | jq + +echo "Request all certificates by subjectKeyId should be empty" +result=$(dcld query pki x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id") +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +echo $result | jq + +echo "Request NOC certificate by VID = $vid should be empty" +result=$(dcld query pki noc-x509-certs --vid="$vid") +echo $result | jq +check_response "$result" "Not Found" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" + +echo "Request all approved certificates should be empty" +result=$(dcld query pki all-x509-certs) +check_response "$result" "\[\]" +response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_cert_1_subject\"" +response_does_not_contain "$result" "\"subject\": \"$noc_leaf_cert_1_subject\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_leaf_cert_1_subject_key_id\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_cert_1_serial_number\"" +response_does_not_contain "$result" "\"serialNumber\": \"$noc_leaf_cert_1_serial_number\"" +echo $result | jq + +test_divider \ No newline at end of file diff --git a/integration_tests/constants/noc_cert_1 b/integration_tests/constants/noc_cert_1 index 0e34c9347..1923394bc 100644 --- a/integration_tests/constants/noc_cert_1 +++ b/integration_tests/constants/noc_cert_1 @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICQzCCAemgAwIBAgIUdi1E6xKBzdiOtwcjbQ/7wusqOp4wCgYIKoZIzj0EAwIw +MIICUjCCAfegAwIBAgIUbphvTQvJM1AaArsW9AbHWp7fweowCgYIKoZIzj0EAwIw ejELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3RhdGUxETAPBgNVBAcMCFRh c2hrZW50MRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3Rp -bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0xMCAXDTI0MDMwNTA2Mjg1NVoYDzMw -MjMwNzA3MDYyODU1WjCBgjELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3Rh +bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0xMCAXDTI0MDMxMjExMDYyOFoYDzMw +MjMwNzE0MTEwNjI4WjCBgjELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3Rh dGUxEzARBgNVBAcMClNvbWUgU3RhdGUxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFu eTEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEUMBIGA1UEAwwLTk9DLWNoaWxk LTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATOPY6vbvv8no8NcIdfa/MbkJep -FkUcfOYym0gajL2yph8a/wk0RpYqL+M+KJ4oja70oKK/igBmEitRD4VB3mXQo0Iw -QDAdBgNVHQ4EFgQUAnJuvLvv1r2Nm0Ku1DzAVV9mOrMwHwYDVR0jBBgwFoAUROtM -YmslSM2isxyHQVoI5yu5gyYwCgYIKoZIzj0EAwIDSAAwRQIhAOhW3b4ekIdwqn0R -olz9kHN89goHOoRGTXAXUDkWptO1AiAbh5P/xEJZDKZbsUM9IFUyzG2xAk3+GOFQ -LhNMpjD/KQ== +FkUcfOYym0gajL2yph8a/wk0RpYqL+M+KJ4oja70oKK/igBmEitRD4VB3mXQo1Aw +TjAdBgNVHQ4EFgQUAnJuvLvv1r2Nm0Ku1DzAVV9mOrMwHwYDVR0jBBgwFoAUROtM +YmslSM2isxyHQVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBG +AiEAzUSg9uY1+hn4Xe5ZyxmhEe5ycTtA7o94jA3x1ygGXcECIQD8mYhLsOss/API +/xNPu7fcgPAwhltZAf6Cf9QVxRme/Q== -----END CERTIFICATE----- \ No newline at end of file diff --git a/integration_tests/constants/noc_constants.go b/integration_tests/constants/noc_constants.go index 5b95b9056..937995d4d 100644 --- a/integration_tests/constants/noc_constants.go +++ b/integration_tests/constants/noc_constants.go @@ -15,6 +15,22 @@ FgQUROtMYmslSM2isxyHQVoI5yu5gyYwHwYDVR0jBBgwFoAUROtMYmslSM2isxyH QVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAuieAwmim npvmoTg56q4mrS0P8OywMwpdoKalWTyiaJICIQDoeyqpCZA8E6GpudrsBk4oiNOQ v2eIe9+M9tp4hvDATQ== +-----END CERTIFICATE-----` + + NocRootCert1Copy = `-----BEGIN CERTIFICATE----- +MIICRzCCAe6gAwIBAgIUULAkR20O0d0hLOesMcEm8O40dLkwCgYIKoZIzj0EAwIw +ejELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3RhdGUxETAPBgNVBAcMCFRh +c2hrZW50MRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3Rp +bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0xMCAXDTI0MDMxMjA2MjAwNVoYDzMw +MjMwNzE0MDYyMDA1WjB6MQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0 +ZTERMA8GA1UEBwwIVGFzaGtlbnQxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZ +MBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEOMAwGA1UEAwwFTk9DLTEwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAQKxbUDnEpO/ipt9SxSnvhtA2WQlXoZkvn1v4+C +ovKrs/U8y0krcvs2aKxS92xPV1ivWwzMMQrpm5qOSmQh95Xeo1AwTjAdBgNVHQ4E +FgQUROtMYmslSM2isxyHQVoI5yu5gyYwHwYDVR0jBBgwFoAUROtMYmslSM2isxyH +QVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAyBxbQmr+E +2/0pq+oIW95kG4U+PKmq3hIYRncm+m/z9gIgBDJzAN68hvnHg0inVYrg2MN5axao +tWtwwBf6dHZ91KU= -----END CERTIFICATE-----` NocRootCert2 = `-----BEGIN CERTIFICATE----- @@ -50,19 +66,19 @@ F5UqAiEAshHfXxUpdfxqiLoTjQjkNf0AHVYBFhLdB+iIFspwTyg= ` NocCert1 = `-----BEGIN CERTIFICATE----- -MIICQzCCAemgAwIBAgIUdi1E6xKBzdiOtwcjbQ/7wusqOp4wCgYIKoZIzj0EAwIw +MIICUjCCAfegAwIBAgIUbphvTQvJM1AaArsW9AbHWp7fweowCgYIKoZIzj0EAwIw ejELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3RhdGUxETAPBgNVBAcMCFRh c2hrZW50MRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3Rp -bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0xMCAXDTI0MDMwNTA2Mjg1NVoYDzMw -MjMwNzA3MDYyODU1WjCBgjELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3Rh +bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0xMCAXDTI0MDMxMjExMDYyOFoYDzMw +MjMwNzE0MTEwNjI4WjCBgjELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3Rh dGUxEzARBgNVBAcMClNvbWUgU3RhdGUxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFu eTEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEUMBIGA1UEAwwLTk9DLWNoaWxk LTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATOPY6vbvv8no8NcIdfa/MbkJep -FkUcfOYym0gajL2yph8a/wk0RpYqL+M+KJ4oja70oKK/igBmEitRD4VB3mXQo0Iw -QDAdBgNVHQ4EFgQUAnJuvLvv1r2Nm0Ku1DzAVV9mOrMwHwYDVR0jBBgwFoAUROtM -YmslSM2isxyHQVoI5yu5gyYwCgYIKoZIzj0EAwIDSAAwRQIhAOhW3b4ekIdwqn0R -olz9kHN89goHOoRGTXAXUDkWptO1AiAbh5P/xEJZDKZbsUM9IFUyzG2xAk3+GOFQ -LhNMpjD/KQ== +FkUcfOYym0gajL2yph8a/wk0RpYqL+M+KJ4oja70oKK/igBmEitRD4VB3mXQo1Aw +TjAdBgNVHQ4EFgQUAnJuvLvv1r2Nm0Ku1DzAVV9mOrMwHwYDVR0jBBgwFoAUROtM +YmslSM2isxyHQVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBG +AiEAzUSg9uY1+hn4Xe5ZyxmhEe5ycTtA7o94jA3x1ygGXcECIQD8mYhLsOss/API +/xNPu7fcgPAwhltZAf6Cf9QVxRme/Q== -----END CERTIFICATE-----` NocCert2 = `-----BEGIN CERTIFICATE----- @@ -79,6 +95,22 @@ QDAdBgNVHQ4EFgQUh0iiMxIfUVyT5pBASiyrntYZ5a0wHwYDVR0jBBgwFoAUz+bd NytMsrmp8nUwHKqxNxsRfxswCgYIKoZIzj0EAwIDSAAwRQIgV9R3OgmjB/YTFk2N 6ojiUIh8+OjlGca5B//lyzaq/0ICIQDGB7S1/LrmDdN1OJBUYrwFhEcJMl2cdvcW BQTbJS3ZSQ== +-----END CERTIFICATE-----` + + NocLeafCert1 = `-----BEGIN CERTIFICATE----- +MIICWjCCAf+gAwIBAgIUMUgMW6iOeiqCuProDLAW/Wnui9EwCgYIKoZIzj0EAwIw +gYIxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMRMwEQYDVQQHDApT +b21lIFN0YXRlMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRl +c3RpbmcgRGl2aXNpb24xFDASBgNVBAMMC05PQy1jaGlsZC0xMCAXDTI0MDMxMjEx +MDgzMVoYDzMwMjMwNzE0MTEwODMxWjCBgTELMAkGA1UEBhMCVVoxEzARBgNVBAgM +ClNvbWUgU3RhdGUxEzARBgNVBAcMClNvbWUgU3RhdGUxGDAWBgNVBAoMD0V4YW1w +bGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjETMBEGA1UEAwwK +Tk9DLWxlYWYtMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABImxHSKEsY2bvle9 +o4FwLOaRYswT+M4K6X5vHrIzvRKi436vWt1P+YjyjmPnytl+4y8ZXjAmuvTk2OOy +Z1Y7yuejUDBOMB0GA1UdDgQWBBR3H9vETLEpfjzrPtgqOAtjBgcAATAfBgNVHSME +GDAWgBQCcm68u+/WvY2bQq7UPMBVX2Y6szAMBgNVHRMEBTADAQH/MAoGCCqGSM49 +BAMCA0kAMEYCIQDzsjB569j1SsltNIP8CMTD4kRsTulqSp+O7JbQdWyzPAIhAODV +zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj -----END CERTIFICATE-----` NocRootCert1Subject = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ==" @@ -86,6 +118,11 @@ BQTbJS3ZSQ== NocRootCert1SerialNumber = "47211865327720222621302679792296833381734533449" NocRootCert1SubjectAsText = "CN=NOC-1,OU=Testing Division,O=Example Company,L=Tashkent,ST=Some State,C=UZ" + NocRootCert1CopySubject = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ==" + NocRootCert1CopySubjectKeyID = "44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:2B:B9:83:26" + NocRootCert1CopySerialNumber = "460647353168152946606945669687905527879095841977" + NocRootCert1CopySubjectAsText = "CN=NOC-1,OU=Testing Division,O=Example Company,L=Tashkent,ST=Some State,C=UZ" + NocRootCert2Subject = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMg==" NocRootCert2SubjectKeyID = "CF:E6:DD:37:2B:4C:B2:B9:A9:F2:75:30:1C:AA:B1:37:1B:11:7F:1B" NocRootCert2SerialNumber = "332802481233145945539125204504842614737181725760" @@ -97,14 +134,20 @@ BQTbJS3ZSQ== NocRootCert3SubjectAsText = "CN=NOC-3,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU" NocCert1Subject = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ==" - NocCert1Issuer = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ==" + NocCert1Issuer = NocRootCert1Subject NocCert1SubjectKeyID = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3" - NocCert1SerialNumber = "674670448117546613288490437900193266085116131998" + NocCert1SerialNumber = "631388393741945881054190991612463928825155142122" NocCert1SubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" NocCert2Subject = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMg==" - NocCert2Issuer = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMg==" + NocCert2Issuer = NocRootCert2Subject NocCert2SubjectKeyID = "87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD" NocCert2SerialNumber = "361372967010167010646904372658654439710639340814" NocCert2SubjectAsText = "CN=NOC-child-2,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" + + NocLeafCert1Subject = "MIGBMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRMwEQYDVQQDDApOT0MtbGVhZi0x" + NocLeafCert1Issuer = NocCert1Subject + NocLeafCert1SubjectKeyID = "77:1F:DB:C4:4C:B1:29:7E:3C:EB:3E:D8:2A:38:0B:63:06:07:00:01" + NocLeafCert1SerialNumber = "281347277961838999749763518155363401757954575313" + NocLeafCert1SubjectAsText = "CN=NOC-leaf-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ" ) diff --git a/integration_tests/constants/noc_leaf_cert_1 b/integration_tests/constants/noc_leaf_cert_1 new file mode 100644 index 000000000..7f52896a4 --- /dev/null +++ b/integration_tests/constants/noc_leaf_cert_1 @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWjCCAf+gAwIBAgIUMUgMW6iOeiqCuProDLAW/Wnui9EwCgYIKoZIzj0EAwIw +gYIxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMRMwEQYDVQQHDApT +b21lIFN0YXRlMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRl +c3RpbmcgRGl2aXNpb24xFDASBgNVBAMMC05PQy1jaGlsZC0xMCAXDTI0MDMxMjEx +MDgzMVoYDzMwMjMwNzE0MTEwODMxWjCBgTELMAkGA1UEBhMCVVoxEzARBgNVBAgM +ClNvbWUgU3RhdGUxEzARBgNVBAcMClNvbWUgU3RhdGUxGDAWBgNVBAoMD0V4YW1w +bGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjETMBEGA1UEAwwK +Tk9DLWxlYWYtMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABImxHSKEsY2bvle9 +o4FwLOaRYswT+M4K6X5vHrIzvRKi436vWt1P+YjyjmPnytl+4y8ZXjAmuvTk2OOy +Z1Y7yuejUDBOMB0GA1UdDgQWBBR3H9vETLEpfjzrPtgqOAtjBgcAATAfBgNVHSME +GDAWgBQCcm68u+/WvY2bQq7UPMBVX2Y6szAMBgNVHRMEBTADAQH/MAoGCCqGSM49 +BAMCA0kAMEYCIQDzsjB569j1SsltNIP8CMTD4kRsTulqSp+O7JbQdWyzPAIhAODV +zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj +-----END CERTIFICATE----- \ No newline at end of file diff --git a/integration_tests/constants/noc_root_cert_1_copy b/integration_tests/constants/noc_root_cert_1_copy new file mode 100644 index 000000000..824441be9 --- /dev/null +++ b/integration_tests/constants/noc_root_cert_1_copy @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICRzCCAe6gAwIBAgIUULAkR20O0d0hLOesMcEm8O40dLkwCgYIKoZIzj0EAwIw +ejELMAkGA1UEBhMCVVoxEzARBgNVBAgMClNvbWUgU3RhdGUxETAPBgNVBAcMCFRh +c2hrZW50MRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3Rp +bmcgRGl2aXNpb24xDjAMBgNVBAMMBU5PQy0xMCAXDTI0MDMxMjA2MjAwNVoYDzMw +MjMwNzE0MDYyMDA1WjB6MQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0 +ZTERMA8GA1UEBwwIVGFzaGtlbnQxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZ +MBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEOMAwGA1UEAwwFTk9DLTEwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAQKxbUDnEpO/ipt9SxSnvhtA2WQlXoZkvn1v4+C +ovKrs/U8y0krcvs2aKxS92xPV1ivWwzMMQrpm5qOSmQh95Xeo1AwTjAdBgNVHQ4E +FgQUROtMYmslSM2isxyHQVoI5yu5gyYwHwYDVR0jBBgwFoAUROtMYmslSM2isxyH +QVoI5yu5gyYwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAyBxbQmr+E +2/0pq+oIW95kG4U+PKmq3hIYRncm+m/z9gIgBDJzAN68hvnHg0inVYrg2MN5axao +tWtwwBf6dHZ91KU= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/integration_tests/grpc_rest/pki/noc_cert_helper.go b/integration_tests/grpc_rest/pki/noc_cert_helper.go index ab1608646..05900c4ff 100644 --- a/integration_tests/grpc_rest/pki/noc_cert_helper.go +++ b/integration_tests/grpc_rest/pki/noc_cert_helper.go @@ -336,4 +336,49 @@ func NocCertDemo(suite *utils.TestSuite) { require.Equal(suite.T, testconstants.NocCert2, certs.Certs[0].PemCert) require.Equal(suite.T, vendor1Account.Address, certs.Certs[0].Owner) require.False(suite.T, certs.Certs[0].IsRoot) + + // Check Revocation + // Add NOC root certificate with same subject and skid as testconstants.NocCert1 cert + msgAddNocRootCert := pkitypes.MsgAddNocX509RootCert{ + Signer: vendor1Account.Address, + Cert: testconstants.NocRootCert1Copy, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgAddNocRootCert}, vendor1Name, vendor1Account) + require.NoError(suite.T, err) + + // Request NOC root certificate by VID1 + nocCertificates, _ = GetNocX509RootCerts(suite, vid1) + require.Equal(suite.T, 3, len(nocCertificates.Certs)) + + // Add NOC leaf certificate + msgAddNocCert := pkitypes.MsgAddNocX509Cert{ + Signer: vendor1Account.Address, + Cert: testconstants.NocLeafCert1, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgAddNocCert}, vendor1Name, vendor1Account) + require.NoError(suite.T, err) + + nocCerts, _ = GetAllNocX509Certs(suite) + require.Equal(suite.T, 1, len(nocCerts)) + require.Equal(suite.T, 3, len(nocCerts[0].Certs)) + + // Try to revoke NOC 1 root with different serial number + msgRevokeNocRootCert := pkitypes.MsgRevokeNocRootX509Cert{ + Signer: vendor1Account.Address, + Subject: testconstants.NocRootCert1Subject, + SubjectKeyId: testconstants.NocRootCert1SubjectKeyID, + SerialNumber: "1234", + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgRevokeNocRootCert}, vendor1Name, vendor1Account) + require.Error(suite.T, err) + + // Try to revoke NOC 1 root with another Vendor Account + msgRevokeNocRootCert = pkitypes.MsgRevokeNocRootX509Cert{ + Signer: vendor2Account.Address, + Subject: testconstants.NocRootCert1Subject, + SubjectKeyId: testconstants.NocRootCert1SubjectKeyID, + } + _, err = suite.BuildAndBroadcastTx([]sdk.Msg{&msgRevokeNocRootCert}, vendor1Name, vendor1Account) + require.Error(suite.T, err) + // TODO: Fill with the positive cases after enabling removing of NOC certs } diff --git a/proto/pki/genesis.proto b/proto/pki/genesis.proto index f32cc26ba..26c944186 100644 --- a/proto/pki/genesis.proto +++ b/proto/pki/genesis.proto @@ -16,6 +16,7 @@ import "pki/pki_revocation_distribution_points_by_issuer_subject_key_id.proto"; import "pki/approved_certificates_by_subject_key_id.proto"; import "pki/noc_root_certificates.proto"; import "pki/noc_certificates.proto"; +import "pki/revoked_noc_root_certificates.proto"; // this line is used by starport scaffolding # genesis/proto/import import "gogoproto/gogo.proto"; @@ -38,5 +39,6 @@ message GenesisState { repeated ApprovedCertificatesBySubjectKeyId approvedCertificatesBySubjectKeyIdList = 13 [(gogoproto.nullable) = false]; repeated NocRootCertificates nocRootCertificatesList = 14 [(gogoproto.nullable) = false]; repeated NocCertificates nocCertificatesList = 15 [(gogoproto.nullable) = false]; + repeated RevokedNocRootCertificates revokedNocRootCertificatesList = 16 [(gogoproto.nullable) = false]; // this line is used by starport scaffolding # genesis/proto/state } diff --git a/proto/pki/query.proto b/proto/pki/query.proto index f8b438860..7acd22849 100644 --- a/proto/pki/query.proto +++ b/proto/pki/query.proto @@ -16,6 +16,7 @@ import "pki/pki_revocation_distribution_point.proto"; import "pki/pki_revocation_distribution_points_by_issuer_subject_key_id.proto"; import "pki/noc_root_certificates.proto"; import "pki/noc_certificates.proto"; +import "pki/revoked_noc_root_certificates.proto"; // this line is used by starport scaffolding # 1 import "gogoproto/gogo.proto"; @@ -131,6 +132,16 @@ service Query { option (google.api.http).get = "/dcl/pki/noc-certificates"; } +// Queries a RevokedNocRootCertificates by index. + rpc RevokedNocRootCertificates(QueryGetRevokedNocRootCertificatesRequest) returns (QueryGetRevokedNocRootCertificatesResponse) { + option (google.api.http).get = "/dcl/pki/revoked-noc-root-certificates/{subject}/{subjectKeyId}"; + } + + // Queries a list of RevokedNocRootCertificates items. + rpc RevokedNocRootCertificatesAll(QueryAllRevokedNocRootCertificatesRequest) returns (QueryAllRevokedNocRootCertificatesResponse) { + option (google.api.http).get = "/dcl/pki/revoked-noc-root-certificates"; + } + // this line is used by starport scaffolding # 2 } @@ -323,4 +334,22 @@ message QueryAllNocCertificatesResponse { cosmos.base.query.v1beta1.PageResponse pagination = 2; } +message QueryGetRevokedNocRootCertificatesRequest { + string subject = 1; + string subjectKeyId = 2; +} + +message QueryGetRevokedNocRootCertificatesResponse { + RevokedNocRootCertificates revokedNocRootCertificates = 1 [(gogoproto.nullable) = false]; +} + +message QueryAllRevokedNocRootCertificatesRequest { + cosmos.base.query.v1beta1.PageRequest pagination = 1; +} + +message QueryAllRevokedNocRootCertificatesResponse { + repeated RevokedNocRootCertificates revokedNocRootCertificates = 1 [(gogoproto.nullable) = false]; + cosmos.base.query.v1beta1.PageResponse pagination = 2; +} + // this line is used by starport scaffolding # 3 diff --git a/proto/pki/revoked_noc_root_certificates.proto b/proto/pki/revoked_noc_root_certificates.proto new file mode 100644 index 000000000..66ff441f4 --- /dev/null +++ b/proto/pki/revoked_noc_root_certificates.proto @@ -0,0 +1,12 @@ +syntax = "proto3"; +package zigbeealliance.distributedcomplianceledger.pki; + +option go_package = "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types"; + +import "pki/certificate.proto"; + +message RevokedNocRootCertificates { + string subject = 1; + string subjectKeyId = 2; + repeated Certificate certs = 3; +} diff --git a/proto/pki/tx.proto b/proto/pki/tx.proto index a6d687277..e1e3f6975 100644 --- a/proto/pki/tx.proto +++ b/proto/pki/tx.proto @@ -24,6 +24,7 @@ service Msg { rpc AddNocX509RootCert(MsgAddNocX509RootCert) returns (MsgAddNocX509RootCertResponse); rpc RemoveX509Cert(MsgRemoveX509Cert) returns (MsgRemoveX509CertResponse); rpc AddNocX509Cert(MsgAddNocX509Cert) returns (MsgAddNocX509CertResponse); + rpc RevokeNocRootX509Cert(MsgRevokeNocRootX509Cert) returns (MsgRevokeNocRootX509CertResponse); // this line is used by starport scaffolding # proto/tx/rpc } @@ -187,4 +188,17 @@ message MsgAddNocX509Cert { message MsgAddNocX509CertResponse { } +message MsgRevokeNocRootX509Cert { + string signer = 1 [(cosmos_proto.scalar) = "cosmos.AddressString", (gogoproto.moretags) = "validate:\"required\""]; + string subject = 2 [(gogoproto.moretags) = "validate:\"required,max=1024\""]; + string subjectKeyId = 3 [(gogoproto.moretags) = "validate:\"required,max=256\""]; + string serialNumber = 4; + string info = 5 [(gogoproto.moretags) = "validate:\"max=4096\""]; + int64 time = 6; + bool revokeChild = 7; +} + +message MsgRevokeNocRootX509CertResponse { +} + // this line is used by starport scaffolding # proto/tx/message \ No newline at end of file diff --git a/scripts/starport/upgrade-0.44/07.pki_types.sh b/scripts/starport/upgrade-0.44/07.pki_types.sh index 4eda7e98f..f07298ed1 100755 --- a/scripts/starport/upgrade-0.44/07.pki_types.sh +++ b/scripts/starport/upgrade-0.44/07.pki_types.sh @@ -19,6 +19,7 @@ starport scaffold --module pki message update-pki-revocation-distribution-point starport scaffold --module pki message delete-pki-revocation-distribution-point vid:uint label issuerSubjectKeyID --signer signer starport scaffold --module pki message AddNocX509RootCert cert --signer signer starport scaffold --module pki message AddNocX509Cert cert --signer signer +starport scaffold --module pki message RevokeNocRootX509Cert subject subjectKeyId serialNumber info time:uint revokeChild:bool --signer signer # CRUD data types starport scaffold --module pki map ApprovedCertificates certs:strings --index subject,subjectKeyId --no-message @@ -37,6 +38,7 @@ starport scaffold --module pki map RejectedCertificate pemCert serialNumber owne #starport scaffold --module pki map AllProposedCertificates --index subject,subjectKeyId --no-message starport scaffold --module pki map NocRootCertificates certs:strings --index vid:uint --no-message starport scaffold --module pki map NocCertificates certs:strings --index vid:uint --no-message +starport scaffold --module pki map RevokedNocRootCertificates certs:strings --index subject,subjectKeyId --no-message # Allow colons (:) in subject ID part in REST URLs # TODO: need to copy the generated query.pb.gw.go into the correct folder diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts index b68eb5c97..559308ac0 100755 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/index.ts @@ -18,11 +18,12 @@ import { ProposedCertificate } from "./module/types/pki/proposed_certificate" import { ProposedCertificateRevocation } from "./module/types/pki/proposed_certificate_revocation" import { RejectedCertificate } from "./module/types/pki/rejected_certificate" import { RevokedCertificates } from "./module/types/pki/revoked_certificates" +import { RevokedNocRootCertificates } from "./module/types/pki/revoked_noc_root_certificates" import { RevokedRootCertificates } from "./module/types/pki/revoked_root_certificates" import { UniqueCertificate } from "./module/types/pki/unique_certificate" -export { ApprovedCertificates, ApprovedCertificatesBySubject, ApprovedCertificatesBySubjectKeyId, ApprovedRootCertificates, Certificate, CertificateIdentifier, ChildCertificates, Grant, NocCertificates, NocRootCertificates, PkiRevocationDistributionPoint, PkiRevocationDistributionPointsByIssuerSubjectKeyID, ProposedCertificate, ProposedCertificateRevocation, RejectedCertificate, RevokedCertificates, RevokedRootCertificates, UniqueCertificate }; +export { ApprovedCertificates, ApprovedCertificatesBySubject, ApprovedCertificatesBySubjectKeyId, ApprovedRootCertificates, Certificate, CertificateIdentifier, ChildCertificates, Grant, NocCertificates, NocRootCertificates, PkiRevocationDistributionPoint, PkiRevocationDistributionPointsByIssuerSubjectKeyID, ProposedCertificate, ProposedCertificateRevocation, RejectedCertificate, RevokedCertificates, RevokedNocRootCertificates, RevokedRootCertificates, UniqueCertificate }; async function initTxClient(vuexGetters) { return await txClient(vuexGetters['common/wallet/signer'], { @@ -81,6 +82,8 @@ const getDefaultState = () => { NocRootCertificatesAll: {}, NocCertificates: {}, NocCertificatesAll: {}, + RevokedNocRootCertificates: {}, + RevokedNocRootCertificatesAll: {}, _Structure: { ApprovedCertificates: getStructure(ApprovedCertificates.fromPartial({})), @@ -99,6 +102,7 @@ const getDefaultState = () => { ProposedCertificateRevocation: getStructure(ProposedCertificateRevocation.fromPartial({})), RejectedCertificate: getStructure(RejectedCertificate.fromPartial({})), RevokedCertificates: getStructure(RevokedCertificates.fromPartial({})), + RevokedNocRootCertificates: getStructure(RevokedNocRootCertificates.fromPartial({})), RevokedRootCertificates: getStructure(RevokedRootCertificates.fromPartial({})), UniqueCertificate: getStructure(UniqueCertificate.fromPartial({})), @@ -255,6 +259,18 @@ export default { } return state.NocCertificatesAll[JSON.stringify(params)] ?? {} }, + getRevokedNocRootCertificates: (state) => (params = { params: {}}) => { + if (!( params).query) { + ( params).query=null + } + return state.RevokedNocRootCertificates[JSON.stringify(params)] ?? {} + }, + getRevokedNocRootCertificatesAll: (state) => (params = { params: {}}) => { + if (!( params).query) { + ( params).query=null + } + return state.RevokedNocRootCertificatesAll[JSON.stringify(params)] ?? {} + }, getTypeStructure: (state) => (type) => { return state._Structure[type].fields @@ -787,7 +803,55 @@ export default { }, - async sendMsgRevokeX509Cert({ rootGetters }, { value, fee = [], memo = '' }) { + + + + + + async QueryRevokedNocRootCertificates({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { + try { + const key = params ?? {}; + const queryClient=await initQueryClient(rootGetters) + let value= (await queryClient.queryRevokedNocRootCertificates( key.subject, key.subjectKeyId)).data + + + commit('QUERY', { query: 'RevokedNocRootCertificates', key: { params: {...key}, query}, value }) + if (subscribe) commit('SUBSCRIBE', { action: 'QueryRevokedNocRootCertificates', payload: { options: { all }, params: {...key},query }}) + return getters['getRevokedNocRootCertificates']( { params: {...key}, query}) ?? {} + } catch (e) { + throw new SpVuexError('QueryClient:QueryRevokedNocRootCertificates', 'API Node Unavailable. Could not perform query: ' + e.message) + + } + }, + + + + + + + + async QueryRevokedNocRootCertificatesAll({ commit, rootGetters, getters }, { options: { subscribe, all} = { subscribe:false, all:false}, params, query=null }) { + try { + const key = params ?? {}; + const queryClient=await initQueryClient(rootGetters) + let value= (await queryClient.queryRevokedNocRootCertificatesAll(query)).data + + + while (all && ( value).pagination && ( value).pagination.next_key!=null) { + let next_values=(await queryClient.queryRevokedNocRootCertificatesAll({...query, 'pagination.key':( value).pagination.next_key})).data + value = mergeResults(value, next_values); + } + commit('QUERY', { query: 'RevokedNocRootCertificatesAll', key: { params: {...key}, query}, value }) + if (subscribe) commit('SUBSCRIBE', { action: 'QueryRevokedNocRootCertificatesAll', payload: { options: { all }, params: {...key},query }}) + return getters['getRevokedNocRootCertificatesAll']( { params: {...key}, query}) ?? {} + } catch (e) { + throw new SpVuexError('QueryClient:QueryRevokedNocRootCertificatesAll', 'API Node Unavailable. Could not perform query: ' + e.message) + + } + }, + + + async sendMsgAddNocX509Cert({ rootGetters }, { value, fee = [], memo = '' }) { try { const txClient=await initTxClient(rootGetters) const msg = await txClient.msgRejectAddX509RootCert(value) diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/index.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/index.ts index 69eb33aa3..153c381fc 100755 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/index.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/index.ts @@ -18,6 +18,7 @@ import { MsgApproveRevokeX509RootCert } from "./types/pki/tx"; import { MsgProposeRevokeX509RootCert } from "./types/pki/tx"; import { MsgRemoveX509Cert } from "./types/pki/tx"; import { MsgAddNocX509Cert } from "./types/pki/tx"; +import { MsgRevokeNocRootX509Cert } from "./types/pki/tx"; const types = [ @@ -35,6 +36,7 @@ const types = [ ["/zigbeealliance.distributedcomplianceledger.pki.MsgProposeRevokeX509RootCert", MsgProposeRevokeX509RootCert], ["/zigbeealliance.distributedcomplianceledger.pki.MsgRemoveX509Cert", MsgRemoveX509Cert], ["/zigbeealliance.distributedcomplianceledger.pki.MsgAddNocX509Cert", MsgAddNocX509Cert], + ["/zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocRootX509Cert", MsgRevokeNocRootX509Cert], ]; export const MissingWalletError = new Error("wallet is required"); @@ -80,6 +82,7 @@ const txClient = async (wallet: OfflineSigner, { addr: addr }: TxClientOptions = msgProposeRevokeX509RootCert: (data: MsgProposeRevokeX509RootCert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgProposeRevokeX509RootCert", value: MsgProposeRevokeX509RootCert.fromPartial( data ) }), msgRemoveX509Cert: (data: MsgRemoveX509Cert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgRemoveX509Cert", value: MsgRemoveX509Cert.fromPartial( data ) }), msgAddNocX509Cert: (data: MsgAddNocX509Cert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgAddNocX509Cert", value: MsgAddNocX509Cert.fromPartial( data ) }), + msgRevokeNocRootX509Cert: (data: MsgRevokeNocRootX509Cert): EncodeObject => ({ typeUrl: "/zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocRootX509Cert", value: MsgRevokeNocRootX509Cert.fromPartial( data ) }), }; }; diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts index 119fbaecb..d3fc7dcaa 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts @@ -36,6 +36,12 @@ export interface PkiNocCertificates { certs?: PkiCertificate[]; } +export interface PkiRevokedNocRootCertificates { + subject?: string; + subjectKeyId?: string; + certs?: PkiCertificate[]; +} + export interface PkiCertificate { pemCert?: string; serialNumber?: string; @@ -99,6 +105,8 @@ export type PkiMsgRejectAddX509RootCertResponse = object; export type PkiMsgRemoveX509CertResponse = object; +export type PkiMsgRevokeNocRootX509CertResponse = object; + export type PkiMsgRevokeX509CertResponse = object; export type PkiMsgUpdatePkiRevocationDistributionPointResponse = object; @@ -274,6 +282,21 @@ export interface PkiQueryAllRevokedCertificatesResponse { pagination?: V1Beta1PageResponse; } +export interface PkiQueryAllRevokedNocRootCertificatesResponse { + revokedNocRootCertificates?: PkiRevokedNocRootCertificates[]; + + /** + * PageResponse is to be embedded in gRPC response messages where the + * corresponding request message has used PageRequest. + * + * message SomeResponse { + * repeated Bar results = 1; + * PageResponse page = 2; + * } + */ + pagination?: V1Beta1PageResponse; +} + export interface PkiQueryGetApprovedCertificatesBySubjectResponse { approvedCertificatesBySubject?: PkiApprovedCertificatesBySubject; } @@ -294,6 +317,9 @@ export interface PkiQueryGetNocRootCertificatesResponse { nocRootCertificates?: PkiNocRootCertificates; } +export interface PkiQueryGetRevokedNocRootCertificatesResponse { + revokedNocRootCertificates?: PkiRevokedNocRootCertificates; +} export interface PkiQueryGetNocCertificatesResponse { nocCertificates?: PkiNocRootCertificates; } @@ -1008,6 +1034,48 @@ export class Api extends HttpClient + this.request({ + path: `/dcl/pki/revoked-noc-root-certificates`, + method: "GET", + query: query, + format: "json", + ...params, + }); + + /** + * No description + * + * @tags Query + * @name QueryRevokedNocRootCertificates + * @summary Queries a RevokedNocRootCertificates by index. + * @request GET:/dcl/pki/revoked-noc-root-certificates/{subject}/{subjectKeyId} + */ + queryRevokedNocRootCertificates = (subject: string, subjectKeyId: string, params: RequestParams = {}) => + this.request({ + path: `/dcl/pki/revoked-noc-root-certificates/${subject}/${subjectKeyId}`, + method: "GET", + format: "json", + ...params, + }); + /** * No description * diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts index 1a0e50af0..7520cecde 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts @@ -14,6 +14,7 @@ import { PkiRevocationDistributionPointsByIssuerSubjectKeyID } from '../pki/pki_ import { ApprovedCertificatesBySubjectKeyId } from '../pki/approved_certificates_by_subject_key_id' import { NocRootCertificates } from '../pki/noc_root_certificates' import { NocCertificates } from '../pki/noc_certificates' +import { RevokedNocRootCertificates } from '../pki/revoked_noc_root_certificates' import { Writer, Reader } from 'protobufjs/minimal' export const protobufPackage = 'zigbeealliance.distributedcomplianceledger.pki' @@ -34,8 +35,9 @@ export interface GenesisState { pkiRevocationDistributionPointsByIssuerSubjectKeyIDList: PkiRevocationDistributionPointsByIssuerSubjectKeyID[] approvedCertificatesBySubjectKeyIdList: ApprovedCertificatesBySubjectKeyId[] nocRootCertificatesList: NocRootCertificates[] - /** this line is used by starport scaffolding # genesis/proto/state */ nocCertificatesList: NocCertificates[] + revokedNocRootCertificatesList: RevokedNocRootCertificates[] + /** this line is used by starport scaffolding # genesis/proto/state */ } const baseGenesisState: object = {} @@ -87,6 +89,9 @@ export const GenesisState = { for (const v of message.nocCertificatesList) { NocCertificates.encode(v!, writer.uint32(122).fork()).ldelim() } + for (const v of message.revokedNocRootCertificatesList) { + RevokedNocRootCertificates.encode(v!, writer.uint32(130).fork()).ldelim() + } return writer }, @@ -107,6 +112,7 @@ export const GenesisState = { message.approvedCertificatesBySubjectKeyIdList = [] message.nocRootCertificatesList = [] message.nocCertificatesList = [] + message.revokedNocRootCertificatesList = [] while (reader.pos < end) { const tag = reader.uint32() switch (tag >>> 3) { @@ -157,6 +163,9 @@ export const GenesisState = { case 15: message.nocCertificatesList.push(NocCertificates.decode(reader, reader.uint32())) break + case 16: + message.revokedNocRootCertificatesList.push(RevokedNocRootCertificates.decode(reader, reader.uint32())) + break default: reader.skipType(tag & 7) break @@ -180,6 +189,7 @@ export const GenesisState = { message.approvedCertificatesBySubjectKeyIdList = [] message.nocRootCertificatesList = [] message.nocCertificatesList = [] + message.revokedNocRootCertificatesList = [] if (object.approvedCertificatesList !== undefined && object.approvedCertificatesList !== null) { for (const e of object.approvedCertificatesList) { message.approvedCertificatesList.push(ApprovedCertificates.fromJSON(e)) @@ -258,6 +268,11 @@ export const GenesisState = { message.nocCertificatesList.push(NocCertificates.fromJSON(e)) } } + if (object.revokedNocRootCertificatesList !== undefined && object.revokedNocRootCertificatesList !== null) { + for (const e of object.revokedNocRootCertificatesList) { + message.revokedNocRootCertificatesList.push(RevokedNocRootCertificates.fromJSON(e)) + } + } return message }, @@ -336,6 +351,11 @@ export const GenesisState = { } else { obj.nocCertificatesList = [] } + if (message.revokedNocRootCertificatesList) { + obj.revokedNocRootCertificatesList = message.revokedNocRootCertificatesList.map((e) => (e ? RevokedNocRootCertificates.toJSON(e) : undefined)) + } else { + obj.revokedNocRootCertificatesList = [] + } return obj }, @@ -354,6 +374,7 @@ export const GenesisState = { message.approvedCertificatesBySubjectKeyIdList = [] message.nocRootCertificatesList = [] message.nocCertificatesList = [] + message.revokedNocRootCertificatesList = [] if (object.approvedCertificatesList !== undefined && object.approvedCertificatesList !== null) { for (const e of object.approvedCertificatesList) { message.approvedCertificatesList.push(ApprovedCertificates.fromPartial(e)) @@ -432,6 +453,11 @@ export const GenesisState = { message.nocCertificatesList.push(NocCertificates.fromPartial(e)) } } + if (object.revokedNocRootCertificatesList !== undefined && object.revokedNocRootCertificatesList !== null) { + for (const e of object.revokedNocRootCertificatesList) { + message.revokedNocRootCertificatesList.push(RevokedNocRootCertificates.fromPartial(e)) + } + } return message } } diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts index ba30e1a5c..3575dbc02 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts @@ -14,6 +14,7 @@ import { PkiRevocationDistributionPoint } from '../pki/pki_revocation_distributi import { PkiRevocationDistributionPointsByIssuerSubjectKeyID } from '../pki/pki_revocation_distribution_points_by_issuer_subject_key_id' import { NocRootCertificates } from '../pki/noc_root_certificates' import { NocCertificates } from '../pki/noc_certificates' +import { RevokedNocRootCertificates } from '../pki/revoked_noc_root_certificates' export const protobufPackage = 'zigbeealliance.distributedcomplianceledger.pki' @@ -199,6 +200,24 @@ export interface QueryAllNocCertificatesResponse { pagination: PageResponse | undefined } +export interface QueryGetRevokedNocRootCertificatesRequest { + subject: string + subjectKeyId: string +} + +export interface QueryGetRevokedNocRootCertificatesResponse { + revokedNocRootCertificates: RevokedNocRootCertificates | undefined +} + +export interface QueryAllRevokedNocRootCertificatesRequest { + pagination: PageRequest | undefined +} + +export interface QueryAllRevokedNocRootCertificatesResponse { + revokedNocRootCertificates: RevokedNocRootCertificates[] + pagination: PageResponse | undefined +} + const baseQueryGetApprovedCertificatesRequest: object = { subject: '', subjectKeyId: '' } export const QueryGetApprovedCertificatesRequest = { @@ -2877,6 +2896,268 @@ export const QueryAllNocCertificatesResponse = { } } +const baseQueryGetRevokedNocRootCertificatesRequest: object = { subject: '', subjectKeyId: '' } + +export const QueryGetRevokedNocRootCertificatesRequest = { + encode(message: QueryGetRevokedNocRootCertificatesRequest, writer: Writer = Writer.create()): Writer { + if (message.subject !== '') { + writer.uint32(10).string(message.subject) + } + if (message.subjectKeyId !== '') { + writer.uint32(18).string(message.subjectKeyId) + } + return writer + }, + + decode(input: Reader | Uint8Array, length?: number): QueryGetRevokedNocRootCertificatesRequest { + const reader = input instanceof Uint8Array ? new Reader(input) : input + let end = length === undefined ? reader.len : reader.pos + length + const message = { ...baseQueryGetRevokedNocRootCertificatesRequest } as QueryGetRevokedNocRootCertificatesRequest + while (reader.pos < end) { + const tag = reader.uint32() + switch (tag >>> 3) { + case 1: + message.subject = reader.string() + break + case 2: + message.subjectKeyId = reader.string() + break + default: + reader.skipType(tag & 7) + break + } + } + return message + }, + + fromJSON(object: any): QueryGetRevokedNocRootCertificatesRequest { + const message = { ...baseQueryGetRevokedNocRootCertificatesRequest } as QueryGetRevokedNocRootCertificatesRequest + if (object.subject !== undefined && object.subject !== null) { + message.subject = String(object.subject) + } else { + message.subject = '' + } + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = String(object.subjectKeyId) + } else { + message.subjectKeyId = '' + } + return message + }, + + toJSON(message: QueryGetRevokedNocRootCertificatesRequest): unknown { + const obj: any = {} + message.subject !== undefined && (obj.subject = message.subject) + message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId) + return obj + }, + + fromPartial(object: DeepPartial): QueryGetRevokedNocRootCertificatesRequest { + const message = { ...baseQueryGetRevokedNocRootCertificatesRequest } as QueryGetRevokedNocRootCertificatesRequest + if (object.subject !== undefined && object.subject !== null) { + message.subject = object.subject + } else { + message.subject = '' + } + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = object.subjectKeyId + } else { + message.subjectKeyId = '' + } + return message + } +} + +const baseQueryGetRevokedNocRootCertificatesResponse: object = {} + +export const QueryGetRevokedNocRootCertificatesResponse = { + encode(message: QueryGetRevokedNocRootCertificatesResponse, writer: Writer = Writer.create()): Writer { + if (message.revokedNocRootCertificates !== undefined) { + RevokedNocRootCertificates.encode(message.revokedNocRootCertificates, writer.uint32(10).fork()).ldelim() + } + return writer + }, + + decode(input: Reader | Uint8Array, length?: number): QueryGetRevokedNocRootCertificatesResponse { + const reader = input instanceof Uint8Array ? new Reader(input) : input + let end = length === undefined ? reader.len : reader.pos + length + const message = { ...baseQueryGetRevokedNocRootCertificatesResponse } as QueryGetRevokedNocRootCertificatesResponse + while (reader.pos < end) { + const tag = reader.uint32() + switch (tag >>> 3) { + case 1: + message.revokedNocRootCertificates = RevokedNocRootCertificates.decode(reader, reader.uint32()) + break + default: + reader.skipType(tag & 7) + break + } + } + return message + }, + + fromJSON(object: any): QueryGetRevokedNocRootCertificatesResponse { + const message = { ...baseQueryGetRevokedNocRootCertificatesResponse } as QueryGetRevokedNocRootCertificatesResponse + if (object.revokedNocRootCertificates !== undefined && object.revokedNocRootCertificates !== null) { + message.revokedNocRootCertificates = RevokedNocRootCertificates.fromJSON(object.revokedNocRootCertificates) + } else { + message.revokedNocRootCertificates = undefined + } + return message + }, + + toJSON(message: QueryGetRevokedNocRootCertificatesResponse): unknown { + const obj: any = {} + message.revokedNocRootCertificates !== undefined && + (obj.revokedNocRootCertificates = message.revokedNocRootCertificates ? RevokedNocRootCertificates.toJSON(message.revokedNocRootCertificates) : undefined) + return obj + }, + + fromPartial(object: DeepPartial): QueryGetRevokedNocRootCertificatesResponse { + const message = { ...baseQueryGetRevokedNocRootCertificatesResponse } as QueryGetRevokedNocRootCertificatesResponse + if (object.revokedNocRootCertificates !== undefined && object.revokedNocRootCertificates !== null) { + message.revokedNocRootCertificates = RevokedNocRootCertificates.fromPartial(object.revokedNocRootCertificates) + } else { + message.revokedNocRootCertificates = undefined + } + return message + } +} + +const baseQueryAllRevokedNocRootCertificatesRequest: object = {} + +export const QueryAllRevokedNocRootCertificatesRequest = { + encode(message: QueryAllRevokedNocRootCertificatesRequest, writer: Writer = Writer.create()): Writer { + if (message.pagination !== undefined) { + PageRequest.encode(message.pagination, writer.uint32(10).fork()).ldelim() + } + return writer + }, + + decode(input: Reader | Uint8Array, length?: number): QueryAllRevokedNocRootCertificatesRequest { + const reader = input instanceof Uint8Array ? new Reader(input) : input + let end = length === undefined ? reader.len : reader.pos + length + const message = { ...baseQueryAllRevokedNocRootCertificatesRequest } as QueryAllRevokedNocRootCertificatesRequest + while (reader.pos < end) { + const tag = reader.uint32() + switch (tag >>> 3) { + case 1: + message.pagination = PageRequest.decode(reader, reader.uint32()) + break + default: + reader.skipType(tag & 7) + break + } + } + return message + }, + + fromJSON(object: any): QueryAllRevokedNocRootCertificatesRequest { + const message = { ...baseQueryAllRevokedNocRootCertificatesRequest } as QueryAllRevokedNocRootCertificatesRequest + if (object.pagination !== undefined && object.pagination !== null) { + message.pagination = PageRequest.fromJSON(object.pagination) + } else { + message.pagination = undefined + } + return message + }, + + toJSON(message: QueryAllRevokedNocRootCertificatesRequest): unknown { + const obj: any = {} + message.pagination !== undefined && (obj.pagination = message.pagination ? PageRequest.toJSON(message.pagination) : undefined) + return obj + }, + + fromPartial(object: DeepPartial): QueryAllRevokedNocRootCertificatesRequest { + const message = { ...baseQueryAllRevokedNocRootCertificatesRequest } as QueryAllRevokedNocRootCertificatesRequest + if (object.pagination !== undefined && object.pagination !== null) { + message.pagination = PageRequest.fromPartial(object.pagination) + } else { + message.pagination = undefined + } + return message + } +} + +const baseQueryAllRevokedNocRootCertificatesResponse: object = {} + +export const QueryAllRevokedNocRootCertificatesResponse = { + encode(message: QueryAllRevokedNocRootCertificatesResponse, writer: Writer = Writer.create()): Writer { + for (const v of message.revokedNocRootCertificates) { + RevokedNocRootCertificates.encode(v!, writer.uint32(10).fork()).ldelim() + } + if (message.pagination !== undefined) { + PageResponse.encode(message.pagination, writer.uint32(18).fork()).ldelim() + } + return writer + }, + + decode(input: Reader | Uint8Array, length?: number): QueryAllRevokedNocRootCertificatesResponse { + const reader = input instanceof Uint8Array ? new Reader(input) : input + let end = length === undefined ? reader.len : reader.pos + length + const message = { ...baseQueryAllRevokedNocRootCertificatesResponse } as QueryAllRevokedNocRootCertificatesResponse + message.revokedNocRootCertificates = [] + while (reader.pos < end) { + const tag = reader.uint32() + switch (tag >>> 3) { + case 1: + message.revokedNocRootCertificates.push(RevokedNocRootCertificates.decode(reader, reader.uint32())) + break + case 2: + message.pagination = PageResponse.decode(reader, reader.uint32()) + break + default: + reader.skipType(tag & 7) + break + } + } + return message + }, + + fromJSON(object: any): QueryAllRevokedNocRootCertificatesResponse { + const message = { ...baseQueryAllRevokedNocRootCertificatesResponse } as QueryAllRevokedNocRootCertificatesResponse + message.revokedNocRootCertificates = [] + if (object.revokedNocRootCertificates !== undefined && object.revokedNocRootCertificates !== null) { + for (const e of object.revokedNocRootCertificates) { + message.revokedNocRootCertificates.push(RevokedNocRootCertificates.fromJSON(e)) + } + } + if (object.pagination !== undefined && object.pagination !== null) { + message.pagination = PageResponse.fromJSON(object.pagination) + } else { + message.pagination = undefined + } + return message + }, + + toJSON(message: QueryAllRevokedNocRootCertificatesResponse): unknown { + const obj: any = {} + if (message.revokedNocRootCertificates) { + obj.revokedNocRootCertificates = message.revokedNocRootCertificates.map((e) => (e ? RevokedNocRootCertificates.toJSON(e) : undefined)) + } else { + obj.revokedNocRootCertificates = [] + } + message.pagination !== undefined && (obj.pagination = message.pagination ? PageResponse.toJSON(message.pagination) : undefined) + return obj + }, + + fromPartial(object: DeepPartial): QueryAllRevokedNocRootCertificatesResponse { + const message = { ...baseQueryAllRevokedNocRootCertificatesResponse } as QueryAllRevokedNocRootCertificatesResponse + message.revokedNocRootCertificates = [] + if (object.revokedNocRootCertificates !== undefined && object.revokedNocRootCertificates !== null) { + for (const e of object.revokedNocRootCertificates) { + message.revokedNocRootCertificates.push(RevokedNocRootCertificates.fromPartial(e)) + } + } + if (object.pagination !== undefined && object.pagination !== null) { + message.pagination = PageResponse.fromPartial(object.pagination) + } else { + message.pagination = undefined + } + return message + } +} + /** Query defines the gRPC querier service. */ export interface Query { /** Queries a ApprovedCertificates by index. */ @@ -2923,6 +3204,10 @@ export interface Query { NocCertificates(request: QueryGetNocCertificatesRequest): Promise /** Queries a list of NocCertificates items. */ NocCertificatesAll(request: QueryAllNocCertificatesRequest): Promise + /** Queries a RevokedNocRootCertificates by index. */ + RevokedNocRootCertificates(request: QueryGetRevokedNocRootCertificatesRequest): Promise + /** Queries a list of RevokedNocRootCertificates items. */ + RevokedNocRootCertificatesAll(request: QueryAllRevokedNocRootCertificatesRequest): Promise } export class QueryClientImpl implements Query { @@ -3057,6 +3342,18 @@ export class QueryClientImpl implements Query { const promise = this.rpc.request('zigbeealliance.distributedcomplianceledger.pki.Query', 'NocCertificatesAll', data) return promise.then((data) => QueryAllNocCertificatesResponse.decode(new Reader(data))) } + + RevokedNocRootCertificates(request: QueryGetRevokedNocRootCertificatesRequest): Promise { + const data = QueryGetRevokedNocRootCertificatesRequest.encode(request).finish() + const promise = this.rpc.request('zigbeealliance.distributedcomplianceledger.pki.Query', 'RevokedNocRootCertificates', data) + return promise.then((data) => QueryGetRevokedNocRootCertificatesResponse.decode(new Reader(data))) + } + + RevokedNocRootCertificatesAll(request: QueryAllRevokedNocRootCertificatesRequest): Promise { + const data = QueryAllRevokedNocRootCertificatesRequest.encode(request).finish() + const promise = this.rpc.request('zigbeealliance.distributedcomplianceledger.pki.Query', 'RevokedNocRootCertificatesAll', data) + return promise.then((data) => QueryAllRevokedNocRootCertificatesResponse.decode(new Reader(data))) + } } interface Rpc { diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/revoked_noc_root_certificates.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/revoked_noc_root_certificates.ts new file mode 100644 index 000000000..0d47847b9 --- /dev/null +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/revoked_noc_root_certificates.ts @@ -0,0 +1,118 @@ +/* eslint-disable */ +import { Certificate } from '../pki/certificate' +import { Writer, Reader } from 'protobufjs/minimal' + +export const protobufPackage = 'zigbeealliance.distributedcomplianceledger.pki' + +export interface RevokedNocRootCertificates { + subject: string + subjectKeyId: string + certs: Certificate[] +} + +const baseRevokedNocRootCertificates: object = { subject: '', subjectKeyId: '' } + +export const RevokedNocRootCertificates = { + encode(message: RevokedNocRootCertificates, writer: Writer = Writer.create()): Writer { + if (message.subject !== '') { + writer.uint32(10).string(message.subject) + } + if (message.subjectKeyId !== '') { + writer.uint32(18).string(message.subjectKeyId) + } + for (const v of message.certs) { + Certificate.encode(v!, writer.uint32(26).fork()).ldelim() + } + return writer + }, + + decode(input: Reader | Uint8Array, length?: number): RevokedNocRootCertificates { + const reader = input instanceof Uint8Array ? new Reader(input) : input + let end = length === undefined ? reader.len : reader.pos + length + const message = { ...baseRevokedNocRootCertificates } as RevokedNocRootCertificates + message.certs = [] + while (reader.pos < end) { + const tag = reader.uint32() + switch (tag >>> 3) { + case 1: + message.subject = reader.string() + break + case 2: + message.subjectKeyId = reader.string() + break + case 3: + message.certs.push(Certificate.decode(reader, reader.uint32())) + break + default: + reader.skipType(tag & 7) + break + } + } + return message + }, + + fromJSON(object: any): RevokedNocRootCertificates { + const message = { ...baseRevokedNocRootCertificates } as RevokedNocRootCertificates + message.certs = [] + if (object.subject !== undefined && object.subject !== null) { + message.subject = String(object.subject) + } else { + message.subject = '' + } + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = String(object.subjectKeyId) + } else { + message.subjectKeyId = '' + } + if (object.certs !== undefined && object.certs !== null) { + for (const e of object.certs) { + message.certs.push(Certificate.fromJSON(e)) + } + } + return message + }, + + toJSON(message: RevokedNocRootCertificates): unknown { + const obj: any = {} + message.subject !== undefined && (obj.subject = message.subject) + message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId) + if (message.certs) { + obj.certs = message.certs.map((e) => (e ? Certificate.toJSON(e) : undefined)) + } else { + obj.certs = [] + } + return obj + }, + + fromPartial(object: DeepPartial): RevokedNocRootCertificates { + const message = { ...baseRevokedNocRootCertificates } as RevokedNocRootCertificates + message.certs = [] + if (object.subject !== undefined && object.subject !== null) { + message.subject = object.subject + } else { + message.subject = '' + } + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = object.subjectKeyId + } else { + message.subjectKeyId = '' + } + if (object.certs !== undefined && object.certs !== null) { + for (const e of object.certs) { + message.certs.push(Certificate.fromPartial(e)) + } + } + return message + } +} + +type Builtin = Date | Function | Uint8Array | string | number | undefined +export type DeepPartial = T extends Builtin + ? T + : T extends Array + ? Array> + : T extends ReadonlyArray + ? ReadonlyArray> + : T extends {} + ? { [K in keyof T]?: DeepPartial } + : Partial diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts index 0c0fe02d0..957e0390d 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts @@ -150,6 +150,18 @@ export interface MsgAddNocX509Cert { export interface MsgAddNocX509CertResponse {} +export interface MsgRevokeNocRootX509Cert { + signer: string + subject: string + subjectKeyId: string + serialNumber: string + info: string + time: number + revokeChild: boolean +} + +export interface MsgRevokeNocRootX509CertResponse {} + const baseMsgProposeAddX509RootCert: object = { signer: '', cert: '', info: '', time: 0, vid: 0 } export const MsgProposeAddX509RootCert = { @@ -2529,6 +2541,201 @@ export const MsgAddNocX509CertResponse = { } } +const baseMsgRevokeNocRootX509Cert: object = { signer: '', subject: '', subjectKeyId: '', serialNumber: '', info: '', time: 0, revokeChild: false } + +export const MsgRevokeNocRootX509Cert = { + encode(message: MsgRevokeNocRootX509Cert, writer: Writer = Writer.create()): Writer { + if (message.signer !== '') { + writer.uint32(10).string(message.signer) + } + if (message.subject !== '') { + writer.uint32(18).string(message.subject) + } + if (message.subjectKeyId !== '') { + writer.uint32(26).string(message.subjectKeyId) + } + if (message.serialNumber !== '') { + writer.uint32(34).string(message.serialNumber) + } + if (message.info !== '') { + writer.uint32(42).string(message.info) + } + if (message.time !== 0) { + writer.uint32(48).int64(message.time) + } + if (message.revokeChild === true) { + writer.uint32(56).bool(message.revokeChild) + } + return writer + }, + + decode(input: Reader | Uint8Array, length?: number): MsgRevokeNocRootX509Cert { + const reader = input instanceof Uint8Array ? new Reader(input) : input + let end = length === undefined ? reader.len : reader.pos + length + const message = { ...baseMsgRevokeNocRootX509Cert } as MsgRevokeNocRootX509Cert + while (reader.pos < end) { + const tag = reader.uint32() + switch (tag >>> 3) { + case 1: + message.signer = reader.string() + break + case 2: + message.subject = reader.string() + break + case 3: + message.subjectKeyId = reader.string() + break + case 4: + message.serialNumber = reader.string() + break + case 5: + message.info = reader.string() + break + case 6: + message.time = longToNumber(reader.int64() as Long) + break + case 7: + message.revokeChild = reader.bool() + break + default: + reader.skipType(tag & 7) + break + } + } + return message + }, + + fromJSON(object: any): MsgRevokeNocRootX509Cert { + const message = { ...baseMsgRevokeNocRootX509Cert } as MsgRevokeNocRootX509Cert + if (object.signer !== undefined && object.signer !== null) { + message.signer = String(object.signer) + } else { + message.signer = '' + } + if (object.subject !== undefined && object.subject !== null) { + message.subject = String(object.subject) + } else { + message.subject = '' + } + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = String(object.subjectKeyId) + } else { + message.subjectKeyId = '' + } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = String(object.serialNumber) + } else { + message.serialNumber = '' + } + if (object.info !== undefined && object.info !== null) { + message.info = String(object.info) + } else { + message.info = '' + } + if (object.time !== undefined && object.time !== null) { + message.time = Number(object.time) + } else { + message.time = 0 + } + if (object.revokeChild !== undefined && object.revokeChild !== null) { + message.revokeChild = Boolean(object.revokeChild) + } else { + message.revokeChild = false + } + return message + }, + + toJSON(message: MsgRevokeNocRootX509Cert): unknown { + const obj: any = {} + message.signer !== undefined && (obj.signer = message.signer) + message.subject !== undefined && (obj.subject = message.subject) + message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId) + message.serialNumber !== undefined && (obj.serialNumber = message.serialNumber) + message.info !== undefined && (obj.info = message.info) + message.time !== undefined && (obj.time = message.time) + message.revokeChild !== undefined && (obj.revokeChild = message.revokeChild) + return obj + }, + + fromPartial(object: DeepPartial): MsgRevokeNocRootX509Cert { + const message = { ...baseMsgRevokeNocRootX509Cert } as MsgRevokeNocRootX509Cert + if (object.signer !== undefined && object.signer !== null) { + message.signer = object.signer + } else { + message.signer = '' + } + if (object.subject !== undefined && object.subject !== null) { + message.subject = object.subject + } else { + message.subject = '' + } + if (object.subjectKeyId !== undefined && object.subjectKeyId !== null) { + message.subjectKeyId = object.subjectKeyId + } else { + message.subjectKeyId = '' + } + if (object.serialNumber !== undefined && object.serialNumber !== null) { + message.serialNumber = object.serialNumber + } else { + message.serialNumber = '' + } + if (object.info !== undefined && object.info !== null) { + message.info = object.info + } else { + message.info = '' + } + if (object.time !== undefined && object.time !== null) { + message.time = object.time + } else { + message.time = 0 + } + if (object.revokeChild !== undefined && object.revokeChild !== null) { + message.revokeChild = object.revokeChild + } else { + message.revokeChild = false + } + return message + } +} + +const baseMsgRevokeNocRootX509CertResponse: object = {} + +export const MsgRevokeNocRootX509CertResponse = { + encode(_: MsgRevokeNocRootX509CertResponse, writer: Writer = Writer.create()): Writer { + return writer + }, + + decode(input: Reader | Uint8Array, length?: number): MsgRevokeNocRootX509CertResponse { + const reader = input instanceof Uint8Array ? new Reader(input) : input + let end = length === undefined ? reader.len : reader.pos + length + const message = { ...baseMsgRevokeNocRootX509CertResponse } as MsgRevokeNocRootX509CertResponse + while (reader.pos < end) { + const tag = reader.uint32() + switch (tag >>> 3) { + default: + reader.skipType(tag & 7) + break + } + } + return message + }, + + fromJSON(_: any): MsgRevokeNocRootX509CertResponse { + const message = { ...baseMsgRevokeNocRootX509CertResponse } as MsgRevokeNocRootX509CertResponse + return message + }, + + toJSON(_: MsgRevokeNocRootX509CertResponse): unknown { + const obj: any = {} + return obj + }, + + fromPartial(_: DeepPartial): MsgRevokeNocRootX509CertResponse { + const message = { ...baseMsgRevokeNocRootX509CertResponse } as MsgRevokeNocRootX509CertResponse + return message + } +} + /** Msg defines the Msg service. */ export interface Msg { ProposeAddX509RootCert(request: MsgProposeAddX509RootCert): Promise @@ -2545,7 +2752,8 @@ export interface Msg { AddNocX509RootCert(request: MsgAddNocX509RootCert): Promise RemoveX509Cert(request: MsgRemoveX509Cert): Promise AddNocX509Cert(request: MsgAddNocX509Cert): Promise - /** this line is used by starport scaffolding # proto/tx/rpc */ + RevokeNocRootX509Cert(request: MsgRevokeNocRootX509Cert): Promise + /** this line is used by starport scaffolding # proto/tx/rpc */ } export class MsgClientImpl implements Msg { @@ -2636,6 +2844,12 @@ export class MsgClientImpl implements Msg { const promise = this.rpc.request('zigbeealliance.distributedcomplianceledger.pki.Msg', 'AddNocX509Cert', data) return promise.then((data) => MsgAddNocX509CertResponse.decode(new Reader(data))) } + + RevokeNocRootX509Cert(request: MsgRevokeNocRootX509Cert): Promise { + const data = MsgRevokeNocRootX509Cert.encode(request).finish() + const promise = this.rpc.request('zigbeealliance.distributedcomplianceledger.pki.Msg', 'RevokeNocRootX509Cert', data) + return promise.then((data) => MsgRevokeNocRootX509CertResponse.decode(new Reader(data))) + } } interface Rpc { diff --git a/x/pki/client/cli/query.go b/x/pki/client/cli/query.go index a94064d9e..e466157b9 100644 --- a/x/pki/client/cli/query.go +++ b/x/pki/client/cli/query.go @@ -43,6 +43,8 @@ func GetQueryCmd(queryRoute string) *cobra.Command { cmd.AddCommand(CmdShowNocRootCertificates()) cmd.AddCommand(CmdListNocCertificates()) cmd.AddCommand(CmdShowNocCertificates()) + cmd.AddCommand(CmdListRevokedNocRootCertificates()) + cmd.AddCommand(CmdShowRevokedNocRootCertificates()) // this line is used by starport scaffolding # 1 return cmd diff --git a/x/pki/client/cli/query_revoked_noc_root_certificates.go b/x/pki/client/cli/query_revoked_noc_root_certificates.go new file mode 100644 index 000000000..9174ea1b9 --- /dev/null +++ b/x/pki/client/cli/query_revoked_noc_root_certificates.go @@ -0,0 +1,84 @@ +package cli + +import ( + "context" + + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/spf13/cobra" + + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + "github.com/zigbee-alliance/distributed-compliance-ledger/utils/cli" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func CmdListRevokedNocRootCertificates() *cobra.Command { + cmd := &cobra.Command{ + Use: "all-revoked-noc-x509-root-certs", + Short: "Gets all revoked noc root certificates", + RunE: func(cmd *cobra.Command, args []string) error { + clientCtx := client.GetClientContextFromCmd(cmd) + + pageReq, err := client.ReadPageRequest(cmd.Flags()) + if err != nil { + return err + } + + queryClient := types.NewQueryClient(clientCtx) + + params := &types.QueryAllRevokedNocRootCertificatesRequest{ + Pagination: pageReq, + } + + res, err := queryClient.RevokedNocRootCertificatesAll(context.Background(), params) + if cli.IsKeyNotFoundRPCError(err) { + return clientCtx.PrintString(cli.LightClientProxyForListQueries) + } + if err != nil { + return err + } + + return clientCtx.PrintProto(res) + }, + } + + flags.AddPaginationFlagsToCmd(cmd, cmd.Use) + flags.AddQueryFlagsToCmd(cmd) + + return cmd +} + +func CmdShowRevokedNocRootCertificates() *cobra.Command { + var ( + subject string + subjectKeyID string + ) + + cmd := &cobra.Command{ + Use: "revoked-noc-x509-root-cert", + Short: "Gets revoked noc root certificates " + + "by the given combination of subject and subject-key-id", + Args: cobra.ExactArgs(0), + RunE: func(cmd *cobra.Command, args []string) (err error) { + clientCtx := client.GetClientContextFromCmd(cmd) + var res types.RevokedNocRootCertificates + + return cli.QueryWithProof( + clientCtx, + pkitypes.StoreKey, + types.RevokedNocRootCertificatesKeyPrefix, + types.RevokedNocRootCertificatesKey(subject, subjectKeyID), + &res, + ) + }, + } + + cmd.Flags().StringVarP(&subject, FlagSubject, FlagSubjectShortcut, "", "Certificate's subject") + cmd.Flags().StringVarP(&subjectKeyID, FlagSubjectKeyID, FlagSubjectKeyIDShortcut, "", "Certificate's subject key id (hex)") + flags.AddQueryFlagsToCmd(cmd) + + _ = cmd.MarkFlagRequired(FlagSubject) + _ = cmd.MarkFlagRequired(FlagSubjectKeyID) + + return cmd +} diff --git a/x/pki/client/cli/query_revoked_noc_root_certificates_test.go b/x/pki/client/cli/query_revoked_noc_root_certificates_test.go new file mode 100644 index 000000000..cf13d77ac --- /dev/null +++ b/x/pki/client/cli/query_revoked_noc_root_certificates_test.go @@ -0,0 +1,172 @@ +package cli_test + +/* TODO issue #197 +import ( + "fmt" + "strconv" + "testing" + + "github.com/cosmos/cosmos-sdk/client/flags" + clitestutil "github.com/cosmos/cosmos-sdk/testutil/cli" + "github.com/stretchr/testify/require" + tmcli "github.com/tendermint/tendermint/libs/cli" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/network" + "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/nullify" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/client/cli" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// Prevent strconv unused error. +var _ = strconv.IntSize + +func networkWithRevokedNocRootCertificatesObjects(t *testing.T, n int) (*network.Network, []types.RevokedNocRootCertificates) { + t.Helper() + cfg := network.DefaultConfig() + state := types.GenesisState{} + require.NoError(t, cfg.Codec.UnmarshalJSON(cfg.GenesisState[pkitypes.ModuleName], &state)) + + for i := 0; i < n; i++ { + revokedNocRootCertificates := types.RevokedNocRootCertificates{ + Subject: strconv.Itoa(i), + SubjectKeyId: strconv.Itoa(i), + } + nullify.Fill(&revokedNocRootCertificates) + state.RevokedNocRootCertificatesList = append(state.RevokedNocRootCertificatesList, revokedNocRootCertificates) + } + buf, err := cfg.Codec.MarshalJSON(&state) + require.NoError(t, err) + cfg.GenesisState[pkitypes.ModuleName] = buf + + return network.New(t, cfg), state.RevokedNocRootCertificatesList +} + +func TestShowRevokedNocRootCertificates(t *testing.T) { + net, objs := networkWithRevokedNocRootCertificatesObjects(t, 2) + + ctx := net.Validators[0].ClientCtx + common := []string{ + fmt.Sprintf("--%s=json", tmcli.OutputFlag), + } + for _, tc := range []struct { + desc string + idSubject string + idSubjectKeyID string + + args []string + err error + obj types.RevokedNocRootCertificates + }{ + { + desc: "found", + idSubject: objs[0].Subject, + idSubjectKeyID: objs[0].SubjectKeyId, + + args: common, + obj: objs[0], + }, + { + desc: "not found", + idSubject: strconv.Itoa(100000), + idSubjectKeyID: strconv.Itoa(100000), + + args: common, + err: status.Error(codes.InvalidArgument, "not found"), + }, + } { + tc := tc + t.Run(tc.desc, func(t *testing.T) { + args := []string{ + tc.idSubject, + tc.idSubjectKeyID, + } + args = append(args, tc.args...) + out, err := clitestutil.ExecTestCLICmd(ctx, cli.CmdShowRevokedNocRootCertificates(), args) + if tc.err != nil { + stat, ok := status.FromError(tc.err) + require.True(t, ok) + require.ErrorIs(t, stat.Err(), tc.err) + } else { + require.NoError(t, err) + var resp types.QueryGetRevokedNocRootCertificatesResponse + require.NoError(t, net.Config.Codec.UnmarshalJSON(out.Bytes(), &resp)) + require.NotNil(t, resp.RevokedNocRootCertificates) + require.Equal(t, + nullify.Fill(&tc.obj), + nullify.Fill(&resp.RevokedNocRootCertificates), + ) + } + }) + } +} + +func TestListRevokedNocRootCertificates(t *testing.T) { + net, objs := networkWithRevokedNocRootCertificatesObjects(t, 5) + + ctx := net.Validators[0].ClientCtx + request := func(next []byte, offset, limit uint64, total bool) []string { + args := []string{ + fmt.Sprintf("--%s=json", tmcli.OutputFlag), + } + if next == nil { + args = append(args, fmt.Sprintf("--%s=%d", flags.FlagOffset, offset)) + } else { + args = append(args, fmt.Sprintf("--%s=%s", flags.FlagPageKey, next)) + } + args = append(args, fmt.Sprintf("--%s=%d", flags.FlagLimit, limit)) + if total { + args = append(args, fmt.Sprintf("--%s", flags.FlagCountTotal)) + } + + return args + } + t.Run("ByOffset", func(t *testing.T) { + step := 2 + for i := 0; i < len(objs); i += step { + args := request(nil, uint64(i), uint64(step), false) + out, err := clitestutil.ExecTestCLICmd(ctx, cli.CmdListRevokedNocRootCertificates(), args) + require.NoError(t, err) + var resp types.QueryAllRevokedNocRootCertificatesResponse + require.NoError(t, net.Config.Codec.UnmarshalJSON(out.Bytes(), &resp)) + require.LessOrEqual(t, len(resp.RevokedNocRootCertificates), step) + require.Subset(t, + nullify.Fill(objs), + nullify.Fill(resp.RevokedNocRootCertificates), + ) + } + }) + t.Run("ByKey", func(t *testing.T) { + step := 2 + var next []byte + for i := 0; i < len(objs); i += step { + args := request(next, 0, uint64(step), false) + out, err := clitestutil.ExecTestCLICmd(ctx, cli.CmdListRevokedNocRootCertificates(), args) + require.NoError(t, err) + var resp types.QueryAllRevokedNocRootCertificatesResponse + require.NoError(t, net.Config.Codec.UnmarshalJSON(out.Bytes(), &resp)) + require.LessOrEqual(t, len(resp.RevokedNocRootCertificates), step) + require.Subset(t, + nullify.Fill(objs), + nullify.Fill(resp.RevokedNocRootCertificates), + ) + next = resp.Pagination.NextKey + } + }) + t.Run("Total", func(t *testing.T) { + args := request(nil, 0, uint64(len(objs)), true) + out, err := clitestutil.ExecTestCLICmd(ctx, cli.CmdListRevokedNocRootCertificates(), args) + require.NoError(t, err) + var resp types.QueryAllRevokedNocRootCertificatesResponse + require.NoError(t, net.Config.Codec.UnmarshalJSON(out.Bytes(), &resp)) + require.NoError(t, err) + require.Equal(t, len(objs), int(resp.Pagination.Total)) + require.ElementsMatch(t, + nullify.Fill(objs), + nullify.Fill(resp.RevokedNocRootCertificates), + ) + }) +} +*/ diff --git a/x/pki/client/cli/tx.go b/x/pki/client/cli/tx.go index 784e4bd01..3eed0aeb3 100644 --- a/x/pki/client/cli/tx.go +++ b/x/pki/client/cli/tx.go @@ -36,6 +36,7 @@ func GetTxCmd() *cobra.Command { cmd.AddCommand(CmdAddNocX509RootCert()) cmd.AddCommand(CmdRemoveX509Cert()) cmd.AddCommand(CmdAddNocX509Cert()) + cmd.AddCommand(CmdRevokeNocRootX509Cert()) // this line is used by starport scaffolding # 1 return cmd diff --git a/x/pki/client/cli/tx_revoke_noc_root_x_509_cert.go b/x/pki/client/cli/tx_revoke_noc_root_x_509_cert.go new file mode 100644 index 000000000..3711ef85b --- /dev/null +++ b/x/pki/client/cli/tx_revoke_noc_root_x_509_cert.go @@ -0,0 +1,67 @@ +package cli + +import ( + "strconv" + + "github.com/cosmos/cosmos-sdk/client" + "github.com/cosmos/cosmos-sdk/client/flags" + "github.com/cosmos/cosmos-sdk/client/tx" + "github.com/spf13/cobra" + "github.com/spf13/viper" + + "github.com/zigbee-alliance/distributed-compliance-ledger/utils/cli" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +var _ = strconv.Itoa(0) + +func CmdRevokeNocRootX509Cert() *cobra.Command { + cmd := &cobra.Command{ + Use: "revoke-noc-x509-root-cert", + Short: "Revokes the given noc root certificate. " + + "If revoke-child flag is set to true then all the noc certificates in the subtree signed by the revoked " + + "certificate will be revoked as well.", + Args: cobra.ExactArgs(0), + RunE: func(cmd *cobra.Command, args []string) (err error) { + clientCtx, err := client.GetClientTxContext(cmd) + if err != nil { + return err + } + + subject := viper.GetString(FlagSubject) + subjectKeyID := viper.GetString(FlagSubjectKeyID) + serialNumber := viper.GetString(FlagSerialNumber) + revokeChild := viper.GetBool(FlagRevokeChild) + infoArg := viper.GetString(FlagInfo) + + msg := types.NewMsgRevokeNocRootX509Cert( + clientCtx.GetFromAddress().String(), + subject, + subjectKeyID, + serialNumber, + infoArg, + revokeChild, + ) + // validate basic will be called in GenerateOrBroadcastTxCLI + err = tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg) + if cli.IsWriteInsteadReadRPCError(err) { + return clientCtx.PrintString(cli.LightClientProxyForWriteRequests) + } + + return err + }, + } + + cmd.Flags().StringP(FlagSubject, FlagSubjectShortcut, "", "Certificate's subject") + cmd.Flags().StringP(FlagSubjectKeyID, FlagSubjectKeyIDShortcut, "", "Certificate's subject key id (hex)") + cmd.Flags().StringP(FlagSerialNumber, FlagSerialNumberShortcut, "", "Certificate's serial number") + cmd.Flags().StringP(FlagRevokeChild, FlagRevokeChildShortcut, "", "If flag is true then all the certificates in the subtree will be revoked as well - default is false") + cmd.Flags().String(FlagInfo, "", FlagInfoUsage) + cli.AddTxFlagsToCmd(cmd) + + _ = cmd.MarkFlagRequired(FlagSubject) + _ = cmd.MarkFlagRequired(FlagSubjectKeyID) + _ = cmd.MarkFlagRequired(flags.FlagFrom) + + return cmd +} diff --git a/x/pki/genesis.go b/x/pki/genesis.go index 5f6faf38b..8a7a81c29 100644 --- a/x/pki/genesis.go +++ b/x/pki/genesis.go @@ -69,6 +69,10 @@ func InitGenesis(ctx sdk.Context, k keeper.Keeper, genState types.GenesisState) for _, elem := range genState.NocCertificatesList { k.SetNocCertificates(ctx, elem) } + // Set all the revokedNocRootCertificates + for _, elem := range genState.RevokedNocRootCertificatesList { + k.SetRevokedNocRootCertificates(ctx, elem) + } // this line is used by starport scaffolding # genesis/module/init } @@ -99,6 +103,7 @@ func ExportGenesis(ctx sdk.Context, k keeper.Keeper) *types.GenesisState { genesis.ApprovedCertificatesBySubjectKeyIdList = k.GetAllApprovedCertificatesBySubjectKeyID(ctx) genesis.NocRootCertificatesList = k.GetAllNocRootCertificates(ctx) genesis.NocCertificatesList = k.GetAllNocCertificates(ctx) + genesis.RevokedNocRootCertificatesList = k.GetAllRevokedNocRootCertificates(ctx) // this line is used by starport scaffolding # genesis/module/export return genesis diff --git a/x/pki/genesis_test.go b/x/pki/genesis_test.go index a289a73b5..cc759383d 100644 --- a/x/pki/genesis_test.go +++ b/x/pki/genesis_test.go @@ -150,6 +150,16 @@ func TestGenesis(t *testing.T) { Vid: 1, }, }, + RevokedNocRootCertificatesList: []types.RevokedNocRootCertificates{ + { + Subject: "0", + SubjectKeyId: "0", + }, + { + Subject: "1", + SubjectKeyId: "1", + }, + }, // this line is used by starport scaffolding # genesis/test/state } @@ -173,5 +183,6 @@ func TestGenesis(t *testing.T) { require.ElementsMatch(t, genesisState.ApprovedCertificatesBySubjectKeyIdList, got.ApprovedCertificatesBySubjectKeyIdList) require.ElementsMatch(t, genesisState.NocRootCertificatesList, got.NocRootCertificatesList) require.ElementsMatch(t, genesisState.NocCertificatesList, got.NocCertificatesList) + require.ElementsMatch(t, genesisState.RevokedNocRootCertificatesList, got.RevokedNocRootCertificatesList) // this line is used by starport scaffolding # genesis/test/assert } diff --git a/x/pki/handler.go b/x/pki/handler.go index 1d81f8fa7..2d1eb4f97 100644 --- a/x/pki/handler.go +++ b/x/pki/handler.go @@ -74,6 +74,10 @@ func NewHandler(k keeper.Keeper) sdk.Handler { case *types.MsgAddNocX509Cert: res, err := msgServer.AddNocX509Cert(sdk.WrapSDKContext(ctx), msg) + return sdk.WrapServiceResult(ctx, res, err) + case *types.MsgRevokeNocRootX509Cert: + res, err := msgServer.RevokeNocRootX509Cert(sdk.WrapSDKContext(ctx), msg) + return sdk.WrapServiceResult(ctx, res, err) // this line is used by starport scaffolding # 1 default: diff --git a/x/pki/handler_revoke_noc_root_cert_test.go b/x/pki/handler_revoke_noc_root_cert_test.go new file mode 100644 index 000000000..50de4015b --- /dev/null +++ b/x/pki/handler_revoke_noc_root_cert_test.go @@ -0,0 +1,566 @@ +package pki + +import ( + "testing" + + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func TestHandler_RevokeNocX509RootCert_SenderNotVendor(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the new NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + revokeCert := types.NewMsgRevokeNocRootX509Cert( + setup.Trustee1.String(), + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + testconstants.NocRootCert1SerialNumber, + "", + false, + ) + _, err = setup.Handler(setup.Ctx, revokeCert) + + require.Error(t, err) + require.ErrorIs(t, err, sdkerrors.ErrUnauthorized) +} + +func TestHandler_RevokeNocX509RootCert_CertificateDoesNotExist(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + revokeCert := types.NewMsgRevokeNocRootX509Cert( + accAddress.String(), + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + testconstants.NocRootCert1SerialNumber, + "", + false, + ) + _, err := setup.Handler(setup.Ctx, revokeCert) + + require.Error(t, err) + require.ErrorIs(t, err, pkitypes.ErrCertificateDoesNotExist) +} + +func TestHandler_RevokeNocX509RootCert_CertificateExists(t *testing.T) { + accAddress := GenerateAccAddress() + + cases := []struct { + name string + existingCert *types.Certificate + nocRoorCert string + err error + }{ + { + name: "ExistingNonRootCert", + existingCert: &types.Certificate{ + Issuer: testconstants.NocRootCert1Subject, + Subject: testconstants.NocRootCert1Subject, + SubjectAsText: testconstants.NocRootCert1SubjectAsText, + SubjectKeyId: testconstants.NocRootCert1SubjectKeyID, + SerialNumber: testconstants.NocRootCert1SerialNumber, + IsRoot: false, + IsNoc: true, + Vid: testconstants.Vid, + }, + nocRoorCert: testconstants.RootCertPem, + err: sdkerrors.ErrUnauthorized, + }, + { + name: "ExistingNotNocCert", + existingCert: &types.Certificate{ + Issuer: testconstants.NocRootCert1Subject, + Subject: testconstants.NocRootCert1Subject, + SubjectAsText: testconstants.NocRootCert1SubjectAsText, + SubjectKeyId: testconstants.NocRootCert1SubjectKeyID, + SerialNumber: testconstants.NocRootCert1SerialNumber, + IsRoot: true, + IsNoc: false, + Vid: testconstants.Vid, + }, + nocRoorCert: testconstants.RootCertPem, + err: pkitypes.ErrInappropriateCertificateType, + }, + { + name: "ExistingCertWithDifferentVid", + existingCert: &types.Certificate{ + Issuer: testconstants.NocRootCert1Subject, + Subject: testconstants.NocRootCert1Subject, + SubjectAsText: testconstants.NocRootCert1SubjectAsText, + SubjectKeyId: testconstants.NocRootCert1SubjectKeyID, + SerialNumber: testconstants.NocRootCert1SerialNumber, + IsRoot: true, + IsNoc: true, + Vid: testconstants.VendorID1, + }, + nocRoorCert: testconstants.RootCertPem, + err: pkitypes.ErrCertVidNotEqualAccountVid, + }, + { + name: "ExistingCertWithDifferentSerialNumber", + existingCert: &types.Certificate{ + Issuer: testconstants.NocRootCert1Subject, + Subject: testconstants.NocRootCert1Subject, + SubjectAsText: testconstants.NocRootCert1SubjectAsText, + SubjectKeyId: testconstants.NocRootCert1SubjectKeyID, + SerialNumber: "1234567", + IsRoot: true, + IsNoc: true, + Vid: testconstants.Vid, + }, + nocRoorCert: testconstants.RootCertPem, + err: pkitypes.ErrCertificateDoesNotExist, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + setup := Setup(t) + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the existing certificate + setup.Keeper.AddApprovedCertificate(setup.Ctx, *tc.existingCert) + uniqueCertificate := types.UniqueCertificate{ + Issuer: tc.existingCert.Issuer, + SerialNumber: tc.existingCert.SerialNumber, + Present: true, + } + setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) + + revokeCert := types.NewMsgRevokeNocRootX509Cert( + accAddress.String(), + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + testconstants.NocRootCert1SerialNumber, + "", + false, + ) + _, err := setup.Handler(setup.Ctx, revokeCert) + require.ErrorIs(t, err, tc.err) + }) + } +} + +func TestHandler_RevokeNocX509RootCert_RevokeDefault(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the first NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the second NOC root certificate + addNocX509RootCert = types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1Copy) + _, err = setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the third NOC root certificate + addNocX509RootCert = types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert2) + _, err = setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the first NOC non-root certificate + addNocX509Cert := types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // add the second NOC non-root certificate + addNocX509Cert = types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert2) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // Revoke NOC root with subject and subject key id only + revokeCert := types.NewMsgRevokeNocRootX509Cert( + accAddress.String(), + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + "", + testconstants.Info, + false, + ) + _, err = setup.Handler(setup.Ctx, revokeCert) + require.NoError(t, err) + + // query all certs + certs, err := queryAllApprovedCertificates(setup) + require.NoError(t, err) + require.Equal(t, 3, len(certs)) + require.NotEqual(t, testconstants.NocRootCert1SubjectKeyID, certs[0].SubjectKeyId) + require.NotEqual(t, testconstants.NocRootCert1SubjectKeyID, certs[1].SubjectKeyId) + require.NotEqual(t, testconstants.NocRootCert1SubjectKeyID, certs[2].SubjectKeyId) + + revokedNocCerts, err := queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 2, len(revokedNocCerts.Certs)) + require.Equal(t, testconstants.NocRootCert1Subject, revokedNocCerts.Subject) + require.Equal(t, testconstants.NocRootCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) + + revokedCerts, err := queryRevokedCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 2, len(revokedCerts.Certs)) + require.Equal(t, testconstants.NocRootCert1Subject, revokedCerts.Subject) + require.Equal(t, testconstants.NocRootCert1SubjectKeyID, revokedCerts.SubjectKeyId) + + // query that noc root certificate is not added to x509 revoked root certs + revokedRootCerts, _ := queryRevokedRootCertificates(setup) + require.Equal(t, 0, len(revokedRootCerts.Certs)) + + // query noc root certificate by Subject + _, err = queryApprovedCertificatesBySubject(setup, testconstants.NocRootCert1Subject) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query noc root certificate by Subject Key ID + aprCertsBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) + require.Equal(t, 0, len(aprCertsBySubjectKeyID)) + + // query noc root certificate by VID + _, err = queryNocRootCertificates(setup, testconstants.Vid) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // Child certificate should not be revoked + _, err = queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query child of revoked certificate, they should not be revoked + childCerts, _ := queryApprovedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.Equal(t, 1, len(childCerts.Certs)) + require.Equal(t, testconstants.NocCert1SubjectKeyID, childCerts.SubjectKeyId) + + // check that child cert is not removed + nocCerts, err := queryNocCertificates(setup, testconstants.Vid) + require.NoError(t, err) + require.Equal(t, 2, len(nocCerts.Certs)) + require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCerts.Certs[0].SubjectKeyId) + + // check that unique certificate key is removed + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1SerialNumber)) + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1CopySerialNumber)) +} + +func TestHandler_RevokeNocX509RootCert_RevokeWithChild(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the first NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the second NOC root certificate + addNocX509RootCert = types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1Copy) + _, err = setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the first NOC non-root certificate + addNocX509Cert := types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // Revoke NOC root with subject and subject key id and its child too + revokeCert := types.NewMsgRevokeNocRootX509Cert( + accAddress.String(), + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + "", + testconstants.Info, + true, + ) + _, err = setup.Handler(setup.Ctx, revokeCert) + require.NoError(t, err) + + // query all certs + certs, err := queryAllApprovedCertificates(setup) + require.NoError(t, err) + require.Equal(t, 0, len(certs)) + + revokedNocCerts, err := queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 2, len(revokedNocCerts.Certs)) + require.Equal(t, testconstants.NocRootCert1Subject, revokedNocCerts.Subject) + require.Equal(t, testconstants.NocRootCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) + + revokedCerts, err := queryRevokedCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 2, len(revokedCerts.Certs)) + require.Equal(t, testconstants.NocRootCert1Subject, revokedNocCerts.Subject) + require.Equal(t, testconstants.NocRootCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) + + // query that noc root certificate is not added to x509 revoked root certs + revokedRootCerts, _ := queryRevokedRootCertificates(setup) + require.Equal(t, 0, len(revokedRootCerts.Certs)) + + // query noc root certificate by Subject + _, err = queryApprovedCertificatesBySubject(setup, testconstants.NocRootCert1Subject) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query child noc certificate by Subject + _, err = queryApprovedCertificatesBySubject(setup, testconstants.NocCert1Subject) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query noc root certificate by VID + _, err = queryNocRootCertificates(setup, testconstants.Vid) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query noc root certificate by Subject Key ID + aprCertsBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) + require.Equal(t, 0, len(aprCertsBySubjectKeyID)) + + // Child certificate should be revoked as well + revokedCerts, err = queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedCerts.Certs)) + require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedCerts.SubjectKeyId) + + // query child noc certificate by Subject Key ID + aprCertsBySubjectKeyID, _ = queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocCert1SubjectKeyID) + require.Equal(t, 0, len(aprCertsBySubjectKeyID)) + + _, err = queryApprovedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // check that child noc cert also removed + _, err = queryNocCertificates(setup, testconstants.Vid) + require.Error(t, err) + require.Equal(t, codes.NotFound, status.Code(err)) + + // check that unique certificate key is removed + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1SerialNumber)) + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1CopySerialNumber)) + + // check that unique child certificate key is removed + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1SerialNumber)) +} + +func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumber(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the first NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the second NOC root certificate + addNocX509RootCert = types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1Copy) + _, err = setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the first NOC non-root certificate + addNocX509Cert := types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // Revoke NOC root with subject and subject key id by serial number + revokeCert := types.NewMsgRevokeNocRootX509Cert( + accAddress.String(), + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + testconstants.NocRootCert1SerialNumber, + testconstants.Info, + false, + ) + _, err = setup.Handler(setup.Ctx, revokeCert) + require.NoError(t, err) + + // Check that cert is added to revoked lists + revokedNocCerts, err := queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedNocCerts.Certs)) + require.Equal(t, testconstants.NocRootCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) + + revokedCerts, err := queryRevokedCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedCerts.Certs)) + require.Equal(t, testconstants.NocRootCert1SerialNumber, revokedCerts.Certs[0].SerialNumber) + + // query that noc root certificate is not added to x509 revoked root certs + revokedRootCerts, _ := queryRevokedRootCertificates(setup) + require.Equal(t, 0, len(revokedRootCerts.Certs)) + + // Check that cert is removed from approved lists + rootCerts, err := queryApprovedCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(rootCerts.Certs)) + require.Equal(t, testconstants.NocRootCert1CopySerialNumber, rootCerts.Certs[0].SerialNumber) + + // Check that root with different serial number still exits + certsBySubject, err := queryApprovedCertificatesBySubject(setup, testconstants.NocRootCert1Subject) + require.NoError(t, err) + require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) + require.Equal(t, testconstants.NocRootCert1Subject, certsBySubject.Subject) + + aprCertsBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) + require.Equal(t, 1, len(aprCertsBySubjectKeyID)) + require.Equal(t, testconstants.NocRootCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) + + // query noc root certificate by VID should return only one root cert + revNocRoot, err := queryNocRootCertificates(setup, testconstants.Vid) + require.NoError(t, err) + require.Equal(t, 1, len(revNocRoot.Certs)) + require.Equal(t, testconstants.NocRootCert1CopySerialNumber, revNocRoot.Certs[0].SerialNumber) + + // Child certificate should not be revoked + _, err = queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + + // query child of revoked certificate, they should not be revoked + childCerts, _ := queryApprovedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.Equal(t, 1, len(childCerts.Certs)) + require.Equal(t, testconstants.NocCert1SubjectKeyID, childCerts.SubjectKeyId) + + // check that child cert is not removed + nocCerts, err := queryNocCertificates(setup, testconstants.Vid) + require.NoError(t, err) + require.Equal(t, 1, len(nocCerts.Certs)) + require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCerts.Certs[0].SubjectKeyId) + + // check that unique certificate key is removed + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1SerialNumber)) +} + +func TestHandler_RevokeNocX509RootCert_RevokeWithSerialNumberAndChild(t *testing.T) { + setup := Setup(t) + + accAddress := GenerateAccAddress() + setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + + // add the first NOC root certificate + addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1) + _, err := setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the second NOC root certificate + addNocX509RootCert = types.NewMsgAddNocX509RootCert(accAddress.String(), testconstants.NocRootCert1Copy) + _, err = setup.Handler(setup.Ctx, addNocX509RootCert) + require.NoError(t, err) + + // add the first NOC non-root certificate + addNocX509Cert := types.NewMsgAddNocX509Cert(accAddress.String(), testconstants.NocCert1) + _, err = setup.Handler(setup.Ctx, addNocX509Cert) + require.NoError(t, err) + + // Revoke NOC root with subject and subject key id by serial number + revokeCert := types.NewMsgRevokeNocRootX509Cert( + accAddress.String(), + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + testconstants.NocRootCert1SerialNumber, + testconstants.Info, + true, + ) + _, err = setup.Handler(setup.Ctx, revokeCert) + require.NoError(t, err) + + // Check that cert is added to revoked lists + revokedNocCerts, err := queryRevokedNocRootCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedNocCerts.Certs)) + require.Equal(t, testconstants.NocRootCert1SerialNumber, revokedNocCerts.Certs[0].SerialNumber) + + revokedCerts, err := queryRevokedCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1CopySubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedCerts.Certs)) + require.Equal(t, testconstants.NocRootCert1SerialNumber, revokedCerts.Certs[0].SerialNumber) + + // query that noc root certificate is not added to x509 revoked root certs + revokedRootCerts, _ := queryRevokedRootCertificates(setup) + require.Equal(t, 0, len(revokedRootCerts.Certs)) + + // Check that root with different serial number still exits + rootCerts, err := queryApprovedCertificates(setup, testconstants.NocRootCert1Subject, testconstants.NocRootCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(rootCerts.Certs)) + require.Equal(t, testconstants.NocRootCert1CopySerialNumber, rootCerts.Certs[0].SerialNumber) + + certsBySubject, err := queryApprovedCertificatesBySubject(setup, testconstants.NocRootCert1Subject) + require.NoError(t, err) + require.Equal(t, 1, len(certsBySubject.SubjectKeyIds)) + require.Equal(t, testconstants.NocRootCert1Subject, certsBySubject.Subject) + + aprCertsBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocRootCert1SubjectKeyID) + require.Equal(t, 1, len(aprCertsBySubjectKeyID)) + require.Equal(t, testconstants.NocRootCert1CopySerialNumber, aprCertsBySubjectKeyID[0].Certs[0].SerialNumber) + + // query noc root certificate by VID should return only one root cert + revNocRoot, err := queryNocRootCertificates(setup, testconstants.Vid) + require.NoError(t, err) + require.Equal(t, 1, len(revNocRoot.Certs)) + require.Equal(t, testconstants.NocRootCert1CopySerialNumber, revNocRoot.Certs[0].SerialNumber) + + // Child certificate should be revoked as well + revokedCerts, err = queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.NoError(t, err) + require.Equal(t, 1, len(revokedCerts.Certs)) + require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedCerts.SubjectKeyId) + + // query child of revoked certificate, they should be removed as well + _, err = queryApprovedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + + _, err = queryApprovedCertificatesBySubject(setup, testconstants.NocCert1Subject) + require.Equal(t, codes.NotFound, status.Code(err)) + + aprCertsBySubjectKeyID, _ = queryAllApprovedCertificatesBySubjectKeyID(setup, testconstants.NocCert1Subject) + require.Equal(t, 0, len(aprCertsBySubjectKeyID)) + + _, err = queryNocCertificates(setup, testconstants.Vid) + require.Equal(t, codes.NotFound, status.Code(err)) + + // check that unique certificate key is removed + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocRootCert1, testconstants.NocRootCert1SerialNumber)) + require.False(t, + setup.Keeper.IsUniqueCertificatePresent(setup.Ctx, testconstants.NocCert1, testconstants.NocCert1SerialNumber)) +} + +func queryRevokedNocRootCertificates(setup *TestSetup, subject, subjectKeyID string) (*types.RevokedNocRootCertificates, error) { //nolint:unparam + // query certificate + req := &types.QueryGetRevokedNocRootCertificatesRequest{Subject: subject, SubjectKeyId: subjectKeyID} + + resp, err := setup.Keeper.RevokedNocRootCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.RevokedNocRootCertificates, nil +} diff --git a/x/pki/handler_test.go b/x/pki/handler_test.go index 7faeb0606..6aca06b82 100644 --- a/x/pki/handler_test.go +++ b/x/pki/handler_test.go @@ -2209,6 +2209,22 @@ func queryRevokedCertificates( return &resp.RevokedCertificates, nil } +func queryRevokedRootCertificates(setup *TestSetup) (*types.RevokedRootCertificates, error) { + // query revoked root certificate + req := &types.QueryGetRevokedRootCertificatesRequest{} + + resp, err := setup.Keeper.RevokedRootCertificates(setup.Wctx, req) + if err != nil { + require.Nil(setup.T, resp) + + return nil, err + } + + require.NotNil(setup.T, resp) + + return &resp.RevokedRootCertificates, nil +} + func queryChildCertificates( setup *TestSetup, issuer string, diff --git a/x/pki/keeper/approved_certificates_by_subject_key_id.go b/x/pki/keeper/approved_certificates_by_subject_key_id.go index 8bc189392..ae8e47963 100644 --- a/x/pki/keeper/approved_certificates_by_subject_key_id.go +++ b/x/pki/keeper/approved_certificates_by_subject_key_id.go @@ -81,24 +81,19 @@ func (k Keeper) RemoveApprovedCertificatesBySubjectKeyID( return } - var remainedCerts = certs.Certs - for i, cert := range certs.Certs { - if cert.Subject == subject { - if i+1 != len(certs.Certs) { - //nolint:gocritic - remainedCerts = append(certs.Certs[:i], certs.Certs[i+1:]...) - } else { - remainedCerts = remainedCerts[:i] - } + for i := 0; i < len(certs.Certs); { + if certs.Certs[i].Subject == subject { + certs.Certs = append(certs.Certs[:i], certs.Certs[i+1:]...) + } else { + i++ } } - if len(remainedCerts) == 0 { + if len(certs.Certs) == 0 { store.Delete(types.ApprovedCertificatesBySubjectKeyIDKey( subjectKeyID, )) } else { - certs.Certs = remainedCerts k.SetApprovedCertificatesBySubjectKeyID(ctx, certs) } } diff --git a/x/pki/keeper/child_certificates.go b/x/pki/keeper/child_certificates.go index ae869b525..433182ac7 100644 --- a/x/pki/keeper/child_certificates.go +++ b/x/pki/keeper/child_certificates.go @@ -111,6 +111,11 @@ func (k msgServer) RevokeChildCertificates(ctx sdk.Context, issuer string, autho // Revoke certificates with this subject/subjectKeyID combination certificates, _ := k.GetApprovedCertificates(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId) k.AddRevokedCertificates(ctx, certificates) + // FIXME: Should be replaced + if len(certificates.Certs) > 0 { + // If cert is NOC then remove it from NOC certificates list + k.RemoveNocCertificates(ctx, certificates.Certs[0].Vid) + } k.RemoveApprovedCertificates(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId) // remove from subject -> subject key ID map diff --git a/x/pki/keeper/grpc_query_noc_certificates.go b/x/pki/keeper/grpc_query_noc_certificates.go index 973b3e279..804db6c8f 100644 --- a/x/pki/keeper/grpc_query_noc_certificates.go +++ b/x/pki/keeper/grpc_query_noc_certificates.go @@ -53,7 +53,7 @@ func (k Keeper) NocCertificates(c context.Context, req *types.QueryGetNocCertifi req.Vid, ) if !found { - return nil, status.Error(codes.InvalidArgument, "not found") + return nil, status.Error(codes.NotFound, "not found") } return &types.QueryGetNocCertificatesResponse{NocCertificates: val}, nil diff --git a/x/pki/keeper/grpc_query_noc_certificates_test.go b/x/pki/keeper/grpc_query_noc_certificates_test.go index b6b079db2..5941cd259 100644 --- a/x/pki/keeper/grpc_query_noc_certificates_test.go +++ b/x/pki/keeper/grpc_query_noc_certificates_test.go @@ -47,7 +47,7 @@ func TestNocCertificatesQuerySingle(t *testing.T) { request: &types.QueryGetNocCertificatesRequest{ Vid: 100000, }, - err: status.Error(codes.InvalidArgument, "not found"), + err: status.Error(codes.NotFound, "not found"), }, { desc: "InvalidRequest", diff --git a/x/pki/keeper/grpc_query_revoked_noc_root_certificates.go b/x/pki/keeper/grpc_query_revoked_noc_root_certificates.go new file mode 100644 index 000000000..6108c6cb9 --- /dev/null +++ b/x/pki/keeper/grpc_query_revoked_noc_root_certificates.go @@ -0,0 +1,61 @@ +package keeper + +import ( + "context" + + "github.com/cosmos/cosmos-sdk/store/prefix" + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/query" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func (k Keeper) RevokedNocRootCertificatesAll(c context.Context, req *types.QueryAllRevokedNocRootCertificatesRequest) (*types.QueryAllRevokedNocRootCertificatesResponse, error) { + if req == nil { + return nil, status.Error(codes.InvalidArgument, "invalid request") + } + + var revokedNocRootCertificatess []types.RevokedNocRootCertificates + ctx := sdk.UnwrapSDKContext(c) + + store := ctx.KVStore(k.storeKey) + revokedNocRootCertificatesStore := prefix.NewStore(store, pkitypes.KeyPrefix(types.RevokedNocRootCertificatesKeyPrefix)) + + pageRes, err := query.Paginate(revokedNocRootCertificatesStore, req.Pagination, func(key []byte, value []byte) error { + var revokedNocRootCertificates types.RevokedNocRootCertificates + if err := k.cdc.Unmarshal(value, &revokedNocRootCertificates); err != nil { + return err + } + + revokedNocRootCertificatess = append(revokedNocRootCertificatess, revokedNocRootCertificates) + + return nil + }) + + if err != nil { + return nil, status.Error(codes.Internal, err.Error()) + } + + return &types.QueryAllRevokedNocRootCertificatesResponse{RevokedNocRootCertificates: revokedNocRootCertificatess, Pagination: pageRes}, nil +} + +func (k Keeper) RevokedNocRootCertificates(c context.Context, req *types.QueryGetRevokedNocRootCertificatesRequest) (*types.QueryGetRevokedNocRootCertificatesResponse, error) { + if req == nil { + return nil, status.Error(codes.InvalidArgument, "invalid request") + } + ctx := sdk.UnwrapSDKContext(c) + + val, found := k.GetRevokedNocRootCertificates( + ctx, + req.Subject, + req.SubjectKeyId, + ) + if !found { + return nil, status.Error(codes.InvalidArgument, "not found") + } + + return &types.QueryGetRevokedNocRootCertificatesResponse{RevokedNocRootCertificates: val}, nil +} diff --git a/x/pki/keeper/grpc_query_revoked_noc_root_certificates_test.go b/x/pki/keeper/grpc_query_revoked_noc_root_certificates_test.go new file mode 100644 index 000000000..9752d1025 --- /dev/null +++ b/x/pki/keeper/grpc_query_revoked_noc_root_certificates_test.go @@ -0,0 +1,129 @@ +package keeper_test + +import ( + "strconv" + "testing" + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/cosmos/cosmos-sdk/types/query" + "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + keepertest "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/keeper" + "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/nullify" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// Prevent strconv unused error. +var _ = strconv.IntSize + +func TestRevokedNocRootCertificatesQuerySingle(t *testing.T) { + keeper, ctx := keepertest.PkiKeeper(t, nil) + wctx := sdk.WrapSDKContext(ctx) + msgs := createNRevokedNocRootCertificates(keeper, ctx, 2) + for _, tc := range []struct { + desc string + request *types.QueryGetRevokedNocRootCertificatesRequest + response *types.QueryGetRevokedNocRootCertificatesResponse + err error + }{ + { + desc: "First", + request: &types.QueryGetRevokedNocRootCertificatesRequest{ + Subject: msgs[0].Subject, + SubjectKeyId: msgs[0].SubjectKeyId, + }, + response: &types.QueryGetRevokedNocRootCertificatesResponse{RevokedNocRootCertificates: msgs[0]}, + }, + { + desc: "Second", + request: &types.QueryGetRevokedNocRootCertificatesRequest{ + Subject: msgs[1].Subject, + SubjectKeyId: msgs[1].SubjectKeyId, + }, + response: &types.QueryGetRevokedNocRootCertificatesResponse{RevokedNocRootCertificates: msgs[1]}, + }, + { + desc: "KeyNotFound", + request: &types.QueryGetRevokedNocRootCertificatesRequest{ + Subject: strconv.Itoa(100000), + SubjectKeyId: strconv.Itoa(100000), + }, + err: status.Error(codes.InvalidArgument, "not found"), + }, + { + desc: "InvalidRequest", + err: status.Error(codes.InvalidArgument, "invalid request"), + }, + } { + t.Run(tc.desc, func(t *testing.T) { + response, err := keeper.RevokedNocRootCertificates(wctx, tc.request) + if tc.err != nil { + require.ErrorIs(t, err, tc.err) + } else { + require.NoError(t, err) + require.Equal(t, + nullify.Fill(tc.response), + nullify.Fill(response), + ) + } + }) + } +} + +func TestRevokedNocRootCertificatesQueryPaginated(t *testing.T) { + keeper, ctx := keepertest.PkiKeeper(t, nil) + wctx := sdk.WrapSDKContext(ctx) + msgs := createNRevokedNocRootCertificates(keeper, ctx, 5) + + request := func(next []byte, offset, limit uint64, total bool) *types.QueryAllRevokedNocRootCertificatesRequest { + return &types.QueryAllRevokedNocRootCertificatesRequest{ + Pagination: &query.PageRequest{ + Key: next, + Offset: offset, + Limit: limit, + CountTotal: total, + }, + } + } + t.Run("ByOffset", func(t *testing.T) { + step := 2 + for i := 0; i < len(msgs); i += step { + resp, err := keeper.RevokedNocRootCertificatesAll(wctx, request(nil, uint64(i), uint64(step), false)) + require.NoError(t, err) + require.LessOrEqual(t, len(resp.RevokedNocRootCertificates), step) + require.Subset(t, + nullify.Fill(msgs), + nullify.Fill(resp.RevokedNocRootCertificates), + ) + } + }) + t.Run("ByKey", func(t *testing.T) { + step := 2 + var next []byte + for i := 0; i < len(msgs); i += step { + resp, err := keeper.RevokedNocRootCertificatesAll(wctx, request(next, 0, uint64(step), false)) + require.NoError(t, err) + require.LessOrEqual(t, len(resp.RevokedNocRootCertificates), step) + require.Subset(t, + nullify.Fill(msgs), + nullify.Fill(resp.RevokedNocRootCertificates), + ) + next = resp.Pagination.NextKey + } + }) + t.Run("Total", func(t *testing.T) { + resp, err := keeper.RevokedNocRootCertificatesAll(wctx, request(nil, 0, 0, true)) + require.NoError(t, err) + require.Equal(t, len(msgs), int(resp.Pagination.Total)) + require.ElementsMatch(t, + nullify.Fill(msgs), + nullify.Fill(resp.RevokedNocRootCertificates), + ) + }) + t.Run("InvalidRequest", func(t *testing.T) { + _, err := keeper.RevokedNocRootCertificatesAll(wctx, nil) + require.ErrorIs(t, err, status.Error(codes.InvalidArgument, "invalid request")) + }) +} diff --git a/x/pki/keeper/msg_server_revoke_noc_root_x_509_cert.go b/x/pki/keeper/msg_server_revoke_noc_root_x_509_cert.go new file mode 100644 index 000000000..433610f89 --- /dev/null +++ b/x/pki/keeper/msg_server_revoke_noc_root_x_509_cert.go @@ -0,0 +1,129 @@ +package keeper + +import ( + "context" + + sdk "github.com/cosmos/cosmos-sdk/types" + + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func (k msgServer) RevokeNocRootX509Cert(goCtx context.Context, msg *types.MsgRevokeNocRootX509Cert) (*types.MsgRevokeNocRootX509CertResponse, error) { + ctx := sdk.UnwrapSDKContext(goCtx) + + signerAddr, err := sdk.AccAddressFromBech32(msg.Signer) + if err != nil { + return nil, pkitypes.NewErrInvalidAddress(err) + } + + // check if signer has vendor role + if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) { + return nil, pkitypes.NewErrUnauthorizedRole("MsgRevokeNocX509RootCert", dclauthtypes.Vendor) + } + + certificates, _ := k.GetApprovedCertificates(ctx, msg.Subject, msg.SubjectKeyId) + if len(certificates.Certs) == 0 { + return nil, pkitypes.NewErrCertificateDoesNotExist(msg.Subject, msg.SubjectKeyId) + } + + cert := certificates.Certs[0] + if !cert.IsRoot { + return nil, pkitypes.NewErrUnauthorizedCertIssuer(cert.Subject, cert.SubjectKeyId) + } + // Existing certificate must be NOC certificate + if !cert.IsNoc { + return nil, pkitypes.NewErrProvidedNocCertButExistingNotNoc(cert.Subject, cert.SubjectKeyId) + } + + signerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, signerAddr) + signerVid := signerAccount.VendorID + // signer VID must be same as VID of existing certificates + if signerVid != cert.Vid { + return nil, pkitypes.NewErrRootCertVidNotEqualToAccountVid(cert.Vid, signerVid) + } + + if msg.SerialNumber != "" { + err = k._revokeNocRootCertificate(ctx, msg.SerialNumber, certificates, cert.Vid) + if err != nil { + return nil, err + } + } else { + k._revokeNocRootCertificates(ctx, certificates, cert.Vid) + } + + if msg.RevokeChild { + certID := types.CertificateIdentifier{ + Subject: msg.Subject, + SubjectKeyId: msg.SubjectKeyId, + } + // Remove certificate identifier from issuer's ChildCertificates record + k.RevokeChildCertificates(ctx, certID.Subject, certID.SubjectKeyId) + } + + return &types.MsgRevokeNocRootX509CertResponse{}, nil +} + +func (k msgServer) _revokeNocRootCertificates(ctx sdk.Context, certificates types.ApprovedCertificates, vid int32) { + // Add certs into revoked lists + k.AddRevokedCertificates(ctx, certificates) + k.AddRevokedNocRootCertificates(ctx, types.RevokedNocRootCertificates(certificates)) + + // Remove certs from NOC and approved lists + k.RemoveNocRootCertificates(ctx, vid) + k.RemoveApprovedCertificates(ctx, certificates.Subject, certificates.SubjectKeyId) + // remove from subject -> subject key ID map + k.RemoveApprovedCertificateBySubject(ctx, certificates.Subject, certificates.SubjectKeyId) + // remove from subject key ID -> certificates map + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, certificates.Subject, certificates.SubjectKeyId) +} + +func (k msgServer) _revokeNocRootCertificate( + ctx sdk.Context, + serialNumber string, + certificates types.ApprovedCertificates, + vid int32, +) error { + cert, found := findCertificate(serialNumber, &certificates.Certs) + if !found { + return pkitypes.NewErrCertificateBySerialNumberDoesNotExist( + certificates.Subject, certificates.SubjectKeyId, serialNumber, + ) + } + + revCerts := types.ApprovedCertificates{ + Subject: cert.Subject, + SubjectKeyId: cert.SubjectKeyId, + Certs: []*types.Certificate{cert}, + } + k.AddRevokedCertificates(ctx, revCerts) + revNocCerts := types.RevokedNocRootCertificates{ + Subject: certificates.Subject, + SubjectKeyId: certificates.SubjectKeyId, + Certs: []*types.Certificate{cert}, + } + k.AddRevokedNocRootCertificates(ctx, revNocCerts) + + k.removeCertFromList(cert.Issuer, cert.SerialNumber, &certificates) + + if len(certificates.Certs) == 0 { + k.RemoveApprovedCertificates(ctx, cert.Subject, cert.SubjectKeyId) + k.RemoveNocRootCertificates(ctx, vid) + k.RemoveApprovedCertificateBySubject(ctx, cert.Subject, cert.SubjectKeyId) + k.RemoveApprovedCertificatesBySubjectKeyID(ctx, cert.Subject, cert.SubjectKeyId) + } else { + certs := types.NocRootCertificates{ + Vid: vid, + Certs: certificates.Certs, + } + k.SetNocRootCertificates(ctx, certs) + k.SetApprovedCertificates(ctx, certificates) + k.SetApprovedCertificatesBySubjectKeyID( + ctx, + types.ApprovedCertificatesBySubjectKeyId{SubjectKeyId: cert.SubjectKeyId, Certs: certificates.Certs}, + ) + } + + return nil +} diff --git a/x/pki/keeper/revoked_noc_root_certificates.go b/x/pki/keeper/revoked_noc_root_certificates.go new file mode 100644 index 000000000..4bb8a9f47 --- /dev/null +++ b/x/pki/keeper/revoked_noc_root_certificates.go @@ -0,0 +1,99 @@ +package keeper + +import ( + "github.com/cosmos/cosmos-sdk/store/prefix" + sdk "github.com/cosmos/cosmos-sdk/types" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// SetRevokedNocRootCertificates set a specific revokedNocRootCertificates in the store from its index. +func (k Keeper) SetRevokedNocRootCertificates(ctx sdk.Context, revokedNocRootCertificates types.RevokedNocRootCertificates) { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedNocRootCertificatesKeyPrefix)) + b := k.cdc.MustMarshal(&revokedNocRootCertificates) + store.Set(types.RevokedNocRootCertificatesKey( + revokedNocRootCertificates.Subject, + revokedNocRootCertificates.SubjectKeyId, + ), b) +} + +// AddRevokedNocRootCertificates adds revoked NOC certificates to the list of revoked NOC certificates for the subject/subjectKeyId map. +func (k Keeper) AddRevokedNocRootCertificates(ctx sdk.Context, revokedNocRootCertificates types.RevokedNocRootCertificates) { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedNocRootCertificatesKeyPrefix)) + + revokedCertsBytes := store.Get(types.RevokedNocRootCertificatesKey( + revokedNocRootCertificates.Subject, + revokedNocRootCertificates.SubjectKeyId, + )) + var revokedCerts types.RevokedNocRootCertificates + + if revokedCertsBytes == nil { + revokedCerts = types.RevokedNocRootCertificates{ + Subject: revokedNocRootCertificates.Subject, + SubjectKeyId: revokedNocRootCertificates.SubjectKeyId, + Certs: []*types.Certificate{}, + } + } else { + k.cdc.MustUnmarshal(revokedCertsBytes, &revokedCerts) + } + + revokedCerts.Certs = append(revokedCerts.Certs, revokedNocRootCertificates.Certs...) + + b := k.cdc.MustMarshal(&revokedCerts) + store.Set(types.RevokedNocRootCertificatesKey( + revokedCerts.Subject, + revokedCerts.SubjectKeyId, + ), b) +} + +// GetRevokedNocRootCertificates returns a revokedNocRootCertificates from its index. +func (k Keeper) GetRevokedNocRootCertificates( + ctx sdk.Context, + subject string, + subjectKeyID string, + +) (val types.RevokedNocRootCertificates, found bool) { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedNocRootCertificatesKeyPrefix)) + + b := store.Get(types.RevokedNocRootCertificatesKey( + subject, + subjectKeyID, + )) + if b == nil { + return val, false + } + + k.cdc.MustUnmarshal(b, &val) + + return val, true +} + +// RemoveRevokedNocRootCertificates removes a revokedNocRootCertificates from the store. +func (k Keeper) RemoveRevokedNocRootCertificates( + ctx sdk.Context, + subject string, + subjectKeyID string, + +) { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedNocRootCertificatesKeyPrefix)) + store.Delete(types.RevokedNocRootCertificatesKey( + subject, + subjectKeyID, + )) +} + +// GetAllRevokedNocRootCertificates returns all revokedNocRootCertificates. +func (k Keeper) GetAllRevokedNocRootCertificates(ctx sdk.Context) (list []types.RevokedNocRootCertificates) { + store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.RevokedNocRootCertificatesKeyPrefix)) + iterator := sdk.KVStorePrefixIterator(store, []byte{}) + + defer iterator.Close() + + for ; iterator.Valid(); iterator.Next() { + var val types.RevokedNocRootCertificates + k.cdc.MustUnmarshal(iterator.Value(), &val) + list = append(list, val) + } + + return +} diff --git a/x/pki/keeper/revoked_noc_root_certificates_test.go b/x/pki/keeper/revoked_noc_root_certificates_test.go new file mode 100644 index 000000000..fc16c4b17 --- /dev/null +++ b/x/pki/keeper/revoked_noc_root_certificates_test.go @@ -0,0 +1,68 @@ +package keeper_test + +import ( + "strconv" + "testing" + + sdk "github.com/cosmos/cosmos-sdk/types" + "github.com/stretchr/testify/require" + keepertest "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/keeper" + "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/nullify" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/keeper" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +// Prevent strconv unused error. +var _ = strconv.IntSize + +func createNRevokedNocRootCertificates(keeper *keeper.Keeper, ctx sdk.Context, n int) []types.RevokedNocRootCertificates { + items := make([]types.RevokedNocRootCertificates, n) + for i := range items { + items[i].Subject = strconv.Itoa(i) + items[i].SubjectKeyId = strconv.Itoa(i) + + keeper.SetRevokedNocRootCertificates(ctx, items[i]) + } + + return items +} + +func TestRevokedNocRootCertificatesGet(t *testing.T) { + keeper, ctx := keepertest.PkiKeeper(t, nil) + items := createNRevokedNocRootCertificates(keeper, ctx, 10) + for _, item := range items { + rst, found := keeper.GetRevokedNocRootCertificates(ctx, + item.Subject, + item.SubjectKeyId, + ) + require.True(t, found) + require.Equal(t, + nullify.Fill(&item), + nullify.Fill(&rst), + ) + } +} +func TestRevokedNocRootCertificatesRemove(t *testing.T) { + keeper, ctx := keepertest.PkiKeeper(t, nil) + items := createNRevokedNocRootCertificates(keeper, ctx, 10) + for _, item := range items { + keeper.RemoveRevokedNocRootCertificates(ctx, + item.Subject, + item.SubjectKeyId, + ) + _, found := keeper.GetRevokedNocRootCertificates(ctx, + item.Subject, + item.SubjectKeyId, + ) + require.False(t, found) + } +} + +func TestRevokedNocRootCertificatesGetAll(t *testing.T) { + keeper, ctx := keepertest.PkiKeeper(t, nil) + items := createNRevokedNocRootCertificates(keeper, ctx, 10) + require.ElementsMatch(t, + nullify.Fill(items), + nullify.Fill(keeper.GetAllRevokedNocRootCertificates(ctx)), + ) +} diff --git a/x/pki/module_simulation.go b/x/pki/module_simulation.go index 597d872fb..fb2dc087c 100644 --- a/x/pki/module_simulation.go +++ b/x/pki/module_simulation.go @@ -81,6 +81,10 @@ const ( // TODO: Determine the simulation weight value. defaultWeightMsgAddNocX509Cert int = 100 + opWeightMsgRevokeNocRootX509Cert = "op_weight_msg_create_chain" + // TODO: Determine the simulation weight value. + defaultWeightMsgRevokeNocRootX509Cert int = 100 + // this line is used by starport scaffolding # simapp/module/const. ) @@ -268,6 +272,17 @@ func (am AppModule) WeightedOperations(simState module.SimulationState) []simtyp pkisimulation.SimulateMsgAddNocX509Cert(am.keeper), )) + var weightMsgRevokeNocRootX509Cert int + simState.AppParams.GetOrGenerate(simState.Cdc, opWeightMsgRevokeNocRootX509Cert, &weightMsgRevokeNocRootX509Cert, nil, + func(_ *rand.Rand) { + weightMsgRevokeNocRootX509Cert = defaultWeightMsgRevokeNocRootX509Cert + }, + ) + operations = append(operations, simulation.NewWeightedOperation( + weightMsgRevokeNocRootX509Cert, + pkisimulation.SimulateMsgRevokeNocRootX509Cert(am.keeper), + )) + // this line is used by starport scaffolding # simapp/module/operation return operations diff --git a/x/pki/simulation/revoke_noc_root_x_509_cert.go b/x/pki/simulation/revoke_noc_root_x_509_cert.go new file mode 100644 index 000000000..daec72a7c --- /dev/null +++ b/x/pki/simulation/revoke_noc_root_x_509_cert.go @@ -0,0 +1,29 @@ +package simulation + +import ( + "math/rand" + + "github.com/cosmos/cosmos-sdk/baseapp" + sdk "github.com/cosmos/cosmos-sdk/types" + simtypes "github.com/cosmos/cosmos-sdk/types/simulation" + + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/keeper" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" +) + +func SimulateMsgRevokeNocRootX509Cert( + k keeper.Keeper, +) simtypes.Operation { + return func(r *rand.Rand, app *baseapp.BaseApp, ctx sdk.Context, accs []simtypes.Account, chainID string, + ) (simtypes.OperationMsg, []simtypes.FutureOperation, error) { + simAccount, _ := simtypes.RandomAcc(r, accs) + msg := &types.MsgRevokeNocRootX509Cert{ + Signer: simAccount.Address.String(), + } + + // TODO: Handling the RevokeNocRootX509Cert simulation + + return simtypes.NoOpMsg(pkitypes.ModuleName, msg.Type(), "RevokeNocRootX509Cert simulation not implemented"), nil, nil + } +} diff --git a/x/pki/types/codec.go b/x/pki/types/codec.go index b2b1a2565..b3446d39c 100644 --- a/x/pki/types/codec.go +++ b/x/pki/types/codec.go @@ -22,6 +22,7 @@ func RegisterCodec(cdc *codec.LegacyAmino) { cdc.RegisterConcrete(&MsgAddNocX509RootCert{}, "pki/AddNocX509RootCert", nil) cdc.RegisterConcrete(&MsgRemoveX509Cert{}, "pki/RemoveX509Cert", nil) cdc.RegisterConcrete(&MsgAddNocX509Cert{}, "pki/AddNocX509Cert", nil) + cdc.RegisterConcrete(&MsgRevokeNocRootX509Cert{}, "pki/RevokeNocRootX509Cert", nil) // this line is used by starport scaffolding # 2 } @@ -68,6 +69,9 @@ func RegisterInterfaces(registry cdctypes.InterfaceRegistry) { registry.RegisterImplementations((*sdk.Msg)(nil), &MsgAddNocX509Cert{}, ) + registry.RegisterImplementations((*sdk.Msg)(nil), + &MsgRevokeNocRootX509Cert{}, + ) // this line is used by starport scaffolding # 3 msgservice.RegisterMsgServiceDesc(registry, &_Msg_serviceDesc) diff --git a/x/pki/types/genesis.go b/x/pki/types/genesis.go index ad82a50c3..d6ab50f26 100644 --- a/x/pki/types/genesis.go +++ b/x/pki/types/genesis.go @@ -25,6 +25,7 @@ func DefaultGenesis() *GenesisState { ApprovedCertificatesBySubjectKeyIdList: []ApprovedCertificatesBySubjectKeyId{}, NocRootCertificatesList: []NocRootCertificates{}, NocCertificatesList: []NocCertificates{}, + RevokedNocRootCertificatesList: []RevokedNocRootCertificates{}, // this line is used by starport scaffolding # genesis/types/default } } @@ -164,6 +165,16 @@ func (gs GenesisState) Validate() error { } nocCertificatesIndexMap[index] = struct{}{} } + // Check for duplicated index in revokedNocRootCertificates + revokedNocRootCertificatesIndexMap := make(map[string]struct{}) + + for _, elem := range gs.RevokedNocRootCertificatesList { + index := string(RevokedNocRootCertificatesKey(elem.Subject, elem.SubjectKeyId)) + if _, ok := revokedNocRootCertificatesIndexMap[index]; ok { + return fmt.Errorf("duplicated index for revokedNocRootCertificates") + } + revokedNocRootCertificatesIndexMap[index] = struct{}{} + } // this line is used by starport scaffolding # genesis/types/validate return nil diff --git a/x/pki/types/genesis.pb.go b/x/pki/types/genesis.pb.go index 5d5a2b2ed..69a7c2ab2 100644 --- a/x/pki/types/genesis.pb.go +++ b/x/pki/types/genesis.pb.go @@ -40,6 +40,7 @@ type GenesisState struct { ApprovedCertificatesBySubjectKeyIdList []ApprovedCertificatesBySubjectKeyId `protobuf:"bytes,13,rep,name=approvedCertificatesBySubjectKeyIdList,proto3" json:"approvedCertificatesBySubjectKeyIdList"` NocRootCertificatesList []NocRootCertificates `protobuf:"bytes,14,rep,name=nocRootCertificatesList,proto3" json:"nocRootCertificatesList"` NocCertificatesList []NocCertificates `protobuf:"bytes,15,rep,name=nocCertificatesList,proto3" json:"nocCertificatesList"` + RevokedNocRootCertificatesList []RevokedNocRootCertificates `protobuf:"bytes,16,rep,name=revokedNocRootCertificatesList,proto3" json:"revokedNocRootCertificatesList"` } func (m *GenesisState) Reset() { *m = GenesisState{} } @@ -180,6 +181,13 @@ func (m *GenesisState) GetNocCertificatesList() []NocCertificates { return nil } +func (m *GenesisState) GetRevokedNocRootCertificatesList() []RevokedNocRootCertificates { + if m != nil { + return m.RevokedNocRootCertificatesList + } + return nil +} + func init() { proto.RegisterType((*GenesisState)(nil), "zigbeealliance.distributedcomplianceledger.pki.GenesisState") } @@ -187,52 +195,54 @@ func init() { func init() { proto.RegisterFile("pki/genesis.proto", fileDescriptor_9478608499b59120) } var fileDescriptor_9478608499b59120 = []byte{ - // 716 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0xc1, 0x4e, 0xd4, 0x40, - 0x18, 0xc7, 0xb7, 0x82, 0xa8, 0x05, 0x35, 0x54, 0x8d, 0x84, 0x98, 0x82, 0x68, 0x0c, 0x6a, 0x68, - 0x23, 0x1e, 0x3c, 0x1a, 0x96, 0x35, 0x48, 0x54, 0x42, 0x4a, 0xbc, 0x78, 0xb0, 0x69, 0xa7, 0x63, - 0x19, 0xbb, 0x74, 0x6a, 0x3b, 0x45, 0x6b, 0xe2, 0xc1, 0x68, 0x3c, 0xfb, 0x0a, 0x26, 0x3e, 0x80, - 0x57, 0xdf, 0x80, 0x23, 0x47, 0x4f, 0xc6, 0xb0, 0x2f, 0x62, 0xfa, 0x75, 0xca, 0x76, 0xdb, 0xe9, - 0xb2, 0xdb, 0x70, 0xdb, 0x9d, 0x99, 0xfe, 0xff, 0xbf, 0x99, 0xef, 0xff, 0x75, 0x2a, 0xcf, 0x06, - 0x1e, 0xd1, 0x5d, 0xec, 0xe3, 0x88, 0x44, 0x5a, 0x10, 0x52, 0x46, 0x15, 0xed, 0x23, 0x71, 0x6d, - 0x8c, 0xad, 0x6e, 0x97, 0x58, 0x3e, 0xc2, 0x9a, 0x43, 0x22, 0x16, 0x12, 0x3b, 0x66, 0xd8, 0x41, - 0x74, 0x2f, 0xc8, 0x46, 0xbb, 0xd8, 0x71, 0x71, 0xa8, 0x05, 0x1e, 0x99, 0x5f, 0x48, 0x25, 0xac, - 0x20, 0x08, 0xe9, 0x3e, 0x76, 0x4c, 0x84, 0x43, 0x46, 0xde, 0x10, 0x64, 0x31, 0xcc, 0x05, 0xe7, - 0xd5, 0x74, 0x41, 0x10, 0xd2, 0x80, 0x46, 0x83, 0x0b, 0xf8, 0xfc, 0x8d, 0x74, 0x1e, 0xed, 0x92, - 0xae, 0xf0, 0xe9, 0xbb, 0x75, 0x4f, 0x9b, 0x21, 0xde, 0xa7, 0xc8, 0x62, 0x84, 0xfa, 0x45, 0xa3, - 0x74, 0xd4, 0x13, 0x83, 0x80, 0x51, 0xec, 0x93, 0x77, 0x31, 0x16, 0x60, 0xdc, 0x1e, 0xd8, 0x47, - 0x48, 0x29, 0x13, 0x69, 0xdc, 0x2a, 0x7a, 0xd4, 0x2d, 0xba, 0x57, 0x7b, 0x24, 0xa6, 0x9d, 0x98, - 0x51, 0x6c, 0xbf, 0xc5, 0x88, 0x0d, 0x42, 0xa7, 0x23, 0xc2, 0xd3, 0xb9, 0x0f, 0xfb, 0xf7, 0x48, - 0x61, 0xbb, 0xe6, 0x71, 0x49, 0xd2, 0x3f, 0x01, 0x25, 0x7e, 0x2e, 0xf6, 0x64, 0xa4, 0xc5, 0x40, - 0x41, 0xa2, 0x28, 0xc6, 0x61, 0x0e, 0x63, 0x7a, 0x38, 0x31, 0x89, 0xc3, 0x65, 0x1e, 0x8c, 0xc2, - 0x3f, 0xf8, 0x08, 0xa4, 0xc0, 0xa7, 0xa8, 0xf6, 0x4c, 0xe6, 0xf3, 0x05, 0x82, 0xb9, 0xab, 0x2e, - 0x75, 0x29, 0xfc, 0xd4, 0xd3, 0x5f, 0xd9, 0xe8, 0xd2, 0xef, 0x59, 0x79, 0x66, 0x23, 0x8b, 0xe6, - 0x0e, 0xb3, 0x18, 0x56, 0xbe, 0x49, 0xf2, 0x5c, 0x4e, 0xb5, 0x5e, 0x50, 0x79, 0x4e, 0x22, 0x36, - 0x27, 0x2d, 0x4e, 0x2c, 0x4f, 0xaf, 0x76, 0xc6, 0x4c, 0xaf, 0xb6, 0x26, 0xd0, 0x6b, 0x4f, 0x1e, - 0xfc, 0x5d, 0x68, 0x19, 0xb5, 0x5e, 0xca, 0x17, 0x49, 0xbe, 0x9e, 0x47, 0xb2, 0x30, 0x09, 0x1c, - 0x67, 0x80, 0x63, 0x7d, 0x5c, 0x8e, 0xed, 0xaa, 0x1c, 0xc7, 0xa8, 0x73, 0x52, 0x3e, 0xc9, 0xd7, - 0xa0, 0x6b, 0x2a, 0x47, 0x31, 0x01, 0x08, 0x6b, 0xe3, 0x22, 0xac, 0x97, 0xc5, 0x38, 0x80, 0xd8, - 0x45, 0xf9, 0x21, 0xc9, 0x37, 0x05, 0x68, 0xc6, 0x71, 0xf2, 0x80, 0x65, 0x12, 0x58, 0x5e, 0x9c, - 0xc2, 0x71, 0xf4, 0x85, 0x39, 0xd7, 0xc9, 0xee, 0x50, 0x28, 0xde, 0xac, 0x95, 0x53, 0x3a, 0xdb, - 0xac, 0x50, 0x46, 0x55, 0x2e, 0x2f, 0x54, 0x8d, 0x53, 0x5a, 0xa8, 0xec, 0xad, 0x53, 0xce, 0xca, - 0x54, 0xb3, 0x42, 0xbd, 0x2c, 0x8b, 0xe5, 0x85, 0x12, 0xba, 0x28, 0x5f, 0x0b, 0x6d, 0x63, 0x50, - 0xca, 0x8a, 0x7c, 0x73, 0xe7, 0x16, 0xa5, 0xe5, 0xe9, 0xd5, 0xa7, 0x4d, 0xdb, 0xa6, 0xac, 0x67, - 0xd4, 0x3a, 0x29, 0x9f, 0xfb, 0xb5, 0xa8, 0x50, 0x9c, 0x07, 0x8a, 0x8d, 0x86, 0xb5, 0xa8, 0x40, - 0xd4, 0xf9, 0x40, 0x66, 0x45, 0x5d, 0xdd, 0x4e, 0x76, 0xb2, 0x97, 0x1a, 0x94, 0xe5, 0x42, 0xb3, - 0xcc, 0xae, 0x0d, 0x13, 0xce, 0x33, 0x7b, 0xa2, 0x3b, 0xcf, 0x6c, 0x76, 0x1f, 0x94, 0x03, 0x23, - 0x37, 0xcd, 0x6c, 0x45, 0xae, 0x9f, 0x59, 0xa1, 0x93, 0xf2, 0x53, 0x92, 0x97, 0xb6, 0x3d, 0xd2, - 0xef, 0xa7, 0x4e, 0xe1, 0x1a, 0xd9, 0x4e, 0x6f, 0x11, 0x00, 0x9a, 0x06, 0xa0, 0xad, 0xb1, 0xdb, - 0x7b, 0xa8, 0x32, 0x67, 0x1b, 0xc1, 0x5f, 0xe9, 0x49, 0xf2, 0xa3, 0xe1, 0xcb, 0xa2, 0x76, 0xb2, - 0x09, 0x57, 0x1d, 0x3f, 0xe3, 0x67, 0x38, 0xd9, 0xec, 0x00, 0xfb, 0x0c, 0xb0, 0xa3, 0xd3, 0x65, - 0x17, 0xda, 0xf1, 0x0d, 0x35, 0x25, 0x55, 0x7e, 0x49, 0xf2, 0x9d, 0xa1, 0xc1, 0x49, 0x97, 0x3a, - 0xb0, 0xa9, 0x8b, 0xb0, 0x29, 0xe3, 0x54, 0xb3, 0x0b, 0xea, 0x7c, 0x0f, 0x23, 0x72, 0x40, 0x8a, - 0x7d, 0x8a, 0xca, 0x1d, 0x08, 0x8c, 0x97, 0x9a, 0xa5, 0x78, 0xab, 0x2a, 0x97, 0xa7, 0xb8, 0xc6, - 0x49, 0x79, 0x2f, 0x5f, 0xf1, 0x29, 0xaa, 0x00, 0x5c, 0x06, 0x80, 0xc7, 0x0d, 0x00, 0x04, 0xe6, - 0x22, 0x87, 0xf6, 0xeb, 0x83, 0x23, 0x55, 0x3a, 0x3c, 0x52, 0xa5, 0x7f, 0x47, 0xaa, 0xf4, 0xbd, - 0xa7, 0xb6, 0x0e, 0x7b, 0x6a, 0xeb, 0x4f, 0x4f, 0x6d, 0xbd, 0xea, 0xb8, 0x84, 0xed, 0xc6, 0xb6, - 0x86, 0xe8, 0x9e, 0x9e, 0xf9, 0xaf, 0xe4, 0x00, 0x7a, 0x01, 0x60, 0xa5, 0x4f, 0xb0, 0x92, 0x21, - 0xe8, 0x1f, 0xd2, 0x2f, 0x3b, 0x9d, 0x25, 0x01, 0x8e, 0xec, 0x29, 0xf8, 0x44, 0x7a, 0xf8, 0x3f, - 0x00, 0x00, 0xff, 0xff, 0x8b, 0x38, 0xe6, 0xff, 0xc0, 0x0b, 0x00, 0x00, + // 746 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x96, 0x4f, 0x6f, 0xd3, 0x3e, + 0x18, 0xc7, 0xeb, 0xdf, 0xf6, 0x1b, 0xe0, 0x8d, 0x7f, 0x06, 0xc4, 0x34, 0xa1, 0x6c, 0x0c, 0x04, + 0x03, 0xb4, 0x56, 0x8c, 0x03, 0x47, 0xb4, 0xae, 0x68, 0x8c, 0x3f, 0xd3, 0xd4, 0x89, 0x0b, 0x07, + 0xa2, 0xd6, 0x35, 0x9d, 0x69, 0x17, 0x87, 0xc4, 0x1d, 0x04, 0x89, 0x03, 0x02, 0x71, 0xe6, 0xc8, + 0x15, 0x89, 0x17, 0xc0, 0xcb, 0xd8, 0x71, 0x07, 0x0e, 0x9c, 0x10, 0x5a, 0xdf, 0x08, 0xca, 0x13, + 0x67, 0x4d, 0x13, 0xbb, 0x6b, 0xa3, 0xde, 0xda, 0xd8, 0xf9, 0x7e, 0x3f, 0x7e, 0x9e, 0xaf, 0xed, + 0xe0, 0xf3, 0x6e, 0x8b, 0x97, 0x9a, 0xcc, 0x61, 0x3e, 0xf7, 0x8b, 0xae, 0x27, 0xa4, 0x20, 0xc5, + 0xf7, 0xbc, 0x59, 0x67, 0xac, 0xd6, 0x6e, 0xf3, 0x9a, 0x43, 0x59, 0xb1, 0xc1, 0x7d, 0xe9, 0xf1, + 0x7a, 0x47, 0xb2, 0x06, 0x15, 0xbb, 0x6e, 0xf4, 0xb4, 0xcd, 0x1a, 0x4d, 0xe6, 0x15, 0xdd, 0x16, + 0x9f, 0x9b, 0x0f, 0x25, 0x6a, 0xae, 0xeb, 0x89, 0x3d, 0xd6, 0xb0, 0x29, 0xf3, 0x24, 0x7f, 0xc5, + 0x69, 0x4d, 0x32, 0x25, 0x38, 0x67, 0x85, 0x13, 0x5c, 0x4f, 0xb8, 0xc2, 0xef, 0x9f, 0xa0, 0xc6, + 0xaf, 0x84, 0xe3, 0x74, 0x87, 0xb7, 0xb5, 0x6f, 0xdf, 0x32, 0xbd, 0x6d, 0x7b, 0x6c, 0x4f, 0xd0, + 0x9a, 0xe4, 0xc2, 0x49, 0x1a, 0x85, 0x4f, 0x5b, 0x7a, 0x10, 0x30, 0xea, 0x38, 0xfc, 0x4d, 0x87, + 0x69, 0x30, 0xae, 0xf7, 0xad, 0xc3, 0x13, 0x42, 0xea, 0x34, 0xae, 0x25, 0x3d, 0x4c, 0x93, 0x6e, + 0x1b, 0x4b, 0x62, 0xd7, 0x03, 0xdb, 0xef, 0xd4, 0x5f, 0x33, 0x2a, 0xfb, 0xa1, 0xc3, 0x27, 0xda, + 0xea, 0xdc, 0x81, 0xf5, 0xb7, 0x78, 0x62, 0xb9, 0xf6, 0x51, 0x4b, 0xc2, 0x3f, 0xae, 0xe0, 0x4e, + 0x2c, 0xf6, 0x70, 0xa8, 0xc9, 0x40, 0xc1, 0x7d, 0xbf, 0xc3, 0xbc, 0x18, 0xc6, 0x6e, 0xb1, 0xc0, + 0xe6, 0x0d, 0x25, 0x73, 0x77, 0x18, 0xfe, 0xfe, 0x57, 0x20, 0x05, 0x8e, 0xa0, 0xc6, 0x9a, 0xcc, + 0xc5, 0x13, 0x34, 0x63, 0x37, 0x93, 0x45, 0x1d, 0x24, 0x72, 0xb1, 0x29, 0x9a, 0x02, 0x7e, 0x96, + 0xc2, 0x5f, 0xd1, 0xd3, 0xc5, 0x5f, 0x04, 0xcf, 0xac, 0x47, 0x19, 0xde, 0x96, 0x35, 0xc9, 0xc8, + 0x17, 0x84, 0x67, 0x63, 0xfc, 0xb5, 0x84, 0xca, 0x53, 0xee, 0xcb, 0x59, 0xb4, 0x30, 0xb1, 0x34, + 0xbd, 0x52, 0x19, 0x31, 0xe6, 0xc5, 0x55, 0x8d, 0x5e, 0x79, 0x72, 0xff, 0xcf, 0x7c, 0xa1, 0x6a, + 0xf4, 0x22, 0x9f, 0x10, 0xbe, 0x1c, 0x67, 0x37, 0x31, 0x08, 0x1c, 0xff, 0x01, 0xc7, 0xda, 0xa8, + 0x1c, 0x5b, 0x59, 0x39, 0x85, 0x61, 0x72, 0x22, 0x1f, 0xf0, 0x25, 0xd8, 0x5e, 0x99, 0x52, 0x4c, + 0x00, 0xc2, 0xea, 0xa8, 0x08, 0x6b, 0x69, 0x31, 0x05, 0xa0, 0x77, 0x21, 0xdf, 0x11, 0xbe, 0xaa, + 0x41, 0xab, 0x1e, 0x45, 0x14, 0x58, 0x26, 0x81, 0xe5, 0xd9, 0x18, 0xca, 0xd1, 0x13, 0x56, 0x5c, + 0xc7, 0xbb, 0x43, 0xa3, 0x54, 0x00, 0x33, 0x55, 0xfa, 0x3f, 0x5f, 0xa3, 0xaa, 0x59, 0xb9, 0xb8, + 0x51, 0x06, 0xa7, 0xb0, 0x51, 0xd1, 0xf1, 0x94, 0xce, 0xca, 0x54, 0xbe, 0x46, 0x3d, 0x4f, 0x8b, + 0xc5, 0x8d, 0xd2, 0xba, 0x90, 0xcf, 0x89, 0x6d, 0x53, 0x15, 0x42, 0x26, 0xf9, 0x66, 0x4f, 0x2c, + 0xa0, 0xa5, 0xe9, 0x95, 0x47, 0x79, 0xb7, 0x4d, 0x5a, 0xaf, 0x6a, 0x74, 0x22, 0x1f, 0x7b, 0xbd, + 0xc8, 0x50, 0x9c, 0x04, 0x8a, 0xf5, 0x9c, 0xbd, 0xc8, 0x40, 0x98, 0x7c, 0x20, 0xb3, 0xba, 0x5d, + 0x5d, 0x0e, 0xb6, 0xa3, 0xd3, 0x0f, 0xda, 0x72, 0x2a, 0x5f, 0x66, 0x57, 0x07, 0x09, 0xc7, 0x99, + 0x3d, 0xd6, 0x5d, 0x65, 0x36, 0xba, 0x38, 0xd2, 0x81, 0xc1, 0x79, 0x33, 0x9b, 0x91, 0xeb, 0x65, + 0x56, 0xeb, 0x44, 0x7e, 0x20, 0xbc, 0xb8, 0xd5, 0xe2, 0xbd, 0xfd, 0x54, 0x49, 0xdc, 0x37, 0x5b, + 0xe1, 0x75, 0x03, 0x40, 0xd3, 0x00, 0xb4, 0x39, 0xf2, 0xf6, 0x1e, 0xa8, 0xac, 0xd8, 0x86, 0xf0, + 0x27, 0x5d, 0x84, 0xef, 0x0f, 0x9e, 0xe6, 0x97, 0x83, 0x0d, 0xb8, 0x13, 0x55, 0x8d, 0x9f, 0xb0, + 0x60, 0xa3, 0x02, 0xec, 0x33, 0xc0, 0x4e, 0xc7, 0xcb, 0xae, 0xb5, 0x53, 0x0b, 0xca, 0x4b, 0x4a, + 0x7e, 0x22, 0x7c, 0x63, 0x60, 0x70, 0xc2, 0xa9, 0x0d, 0x58, 0xd4, 0x69, 0x58, 0x54, 0x75, 0xac, + 0xd9, 0x05, 0x75, 0xb5, 0x86, 0x21, 0x39, 0x20, 0xc5, 0x8e, 0xa0, 0xe9, 0x1d, 0x08, 0x8c, 0x67, + 0xf2, 0xa5, 0x78, 0x33, 0x2b, 0x17, 0xa7, 0xd8, 0xe0, 0x44, 0xde, 0xe2, 0x0b, 0x8e, 0xa0, 0x19, + 0x80, 0xb3, 0x00, 0xf0, 0x20, 0x07, 0x80, 0xc6, 0x5c, 0xe7, 0x40, 0xbe, 0x21, 0x6c, 0xa9, 0x43, + 0x68, 0xd3, 0x50, 0x85, 0x73, 0x00, 0xf1, 0x38, 0xe7, 0x99, 0x67, 0x2e, 0xc6, 0x31, 0xbe, 0xe5, + 0x97, 0xfb, 0x87, 0x16, 0x3a, 0x38, 0xb4, 0xd0, 0xdf, 0x43, 0x0b, 0x7d, 0xed, 0x5a, 0x85, 0x83, + 0xae, 0x55, 0xf8, 0xdd, 0xb5, 0x0a, 0x2f, 0x2a, 0x4d, 0x2e, 0x77, 0x3a, 0xf5, 0x22, 0x15, 0xbb, + 0xa5, 0x88, 0x6a, 0x39, 0xc6, 0x2a, 0x25, 0xb0, 0x96, 0x7b, 0x5c, 0xcb, 0x11, 0x58, 0xe9, 0x5d, + 0xf8, 0x75, 0x5a, 0x92, 0x81, 0xcb, 0xfc, 0xfa, 0x14, 0x7c, 0xbd, 0xdd, 0xfb, 0x17, 0x00, 0x00, + 0xff, 0xff, 0x50, 0x2f, 0x56, 0xba, 0x84, 0x0c, 0x00, 0x00, } func (m *GenesisState) Marshal() (dAtA []byte, err error) { @@ -255,6 +265,22 @@ func (m *GenesisState) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.RevokedNocRootCertificatesList) > 0 { + for iNdEx := len(m.RevokedNocRootCertificatesList) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.RevokedNocRootCertificatesList[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenesis(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x82 + } + } if len(m.NocCertificatesList) > 0 { for iNdEx := len(m.NocCertificatesList) - 1; iNdEx >= 0; iNdEx-- { { @@ -567,6 +593,12 @@ func (m *GenesisState) Size() (n int) { n += 1 + l + sovGenesis(uint64(l)) } } + if len(m.RevokedNocRootCertificatesList) > 0 { + for _, e := range m.RevokedNocRootCertificatesList { + l = e.Size() + n += 2 + l + sovGenesis(uint64(l)) + } + } return n } @@ -1119,6 +1151,40 @@ func (m *GenesisState) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 16: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RevokedNocRootCertificatesList", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenesis + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenesis + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenesis + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RevokedNocRootCertificatesList = append(m.RevokedNocRootCertificatesList, RevokedNocRootCertificates{}) + if err := m.RevokedNocRootCertificatesList[len(m.RevokedNocRootCertificatesList)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenesis(dAtA[iNdEx:]) diff --git a/x/pki/types/genesis_test.go b/x/pki/types/genesis_test.go index 94e6bb9a9..bf63cdb21 100644 --- a/x/pki/types/genesis_test.go +++ b/x/pki/types/genesis_test.go @@ -142,6 +142,16 @@ NocCertificatesList: []types.NocCertificates{ Vid: 1, }, }, +RevokedNocRootCertificatesList: []types.RevokedNocRootCertificates{ + { + Subject: "0", +SubjectKeyId: "0", +}, + { + Subject: "1", +SubjectKeyId: "1", +}, +}, // this line is used by starport scaffolding # types/genesis/validField }, valid: true, @@ -332,6 +342,22 @@ IssuerSubjectKeyID: "0", }, valid: false, }, +{ + desc: "duplicated revokedNocRootCertificates", + genState: &types.GenesisState{ + RevokedNocRootCertificatesList: []types.RevokedNocRootCertificates{ + { + Subject: "0", +SubjectKeyId: "0", +}, + { + Subject: "0", +SubjectKeyId: "0", +}, + }, + }, + valid: false, +}, // this line is used by starport scaffolding # types/genesis/testcase } { t.Run(tc.desc, func(t *testing.T) { diff --git a/x/pki/types/key_revoked_noc_root_certificates.go b/x/pki/types/key_revoked_noc_root_certificates.go new file mode 100644 index 000000000..ad93fc997 --- /dev/null +++ b/x/pki/types/key_revoked_noc_root_certificates.go @@ -0,0 +1,28 @@ +package types + +import "encoding/binary" + +var _ binary.ByteOrder + +const ( + // RevokedNocRootCertificatesKeyPrefix is the prefix to retrieve all RevokedNocRootCertificates. + RevokedNocRootCertificatesKeyPrefix = "RevokedNocRootCertificates/value/" +) + +// RevokedNocRootCertificatesKey returns the store key to retrieve a RevokedNocRootCertificates from the index fields. +func RevokedNocRootCertificatesKey( + subject string, + subjectKeyID string, +) []byte { + var key []byte + + subjectBytes := []byte(subject) + key = append(key, subjectBytes...) + key = append(key, []byte("/")...) + + subjectKeyIDBytes := []byte(subjectKeyID) + key = append(key, subjectKeyIDBytes...) + key = append(key, []byte("/")...) + + return key +} diff --git a/x/pki/types/message_revoke_noc_root_x_509_cert.go b/x/pki/types/message_revoke_noc_root_x_509_cert.go new file mode 100644 index 000000000..d33acdbd9 --- /dev/null +++ b/x/pki/types/message_revoke_noc_root_x_509_cert.go @@ -0,0 +1,63 @@ +package types + +import ( + "time" + + sdk "github.com/cosmos/cosmos-sdk/types" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" + "github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator" +) + +const TypeMsgRevokeNocRootX509Cert = "revoke_noc_root_x_509_cert" + +var _ sdk.Msg = &MsgRevokeNocRootX509Cert{} + +func NewMsgRevokeNocRootX509Cert(signer, subject, subjectKeyID, serialNumber, info string, revokeChild bool) *MsgRevokeNocRootX509Cert { + return &MsgRevokeNocRootX509Cert{ + Signer: signer, + Subject: subject, + SubjectKeyId: subjectKeyID, + SerialNumber: serialNumber, + Info: info, + Time: time.Now().Unix(), + RevokeChild: revokeChild, + } +} + +func (msg *MsgRevokeNocRootX509Cert) Route() string { + return pkitypes.RouterKey +} + +func (msg *MsgRevokeNocRootX509Cert) Type() string { + return TypeMsgRevokeNocRootX509Cert +} + +func (msg *MsgRevokeNocRootX509Cert) GetSigners() []sdk.AccAddress { + signer, err := sdk.AccAddressFromBech32(msg.Signer) + if err != nil { + panic(err) + } + + return []sdk.AccAddress{signer} +} + +func (msg *MsgRevokeNocRootX509Cert) GetSignBytes() []byte { + bz := ModuleCdc.MustMarshalJSON(msg) + + return sdk.MustSortJSON(bz) +} + +func (msg *MsgRevokeNocRootX509Cert) ValidateBasic() error { + _, err := sdk.AccAddressFromBech32(msg.Signer) + if err != nil { + return sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid signer address (%s)", err) + } + + err = validator.Validate(msg) + if err != nil { + return err + } + + return nil +} diff --git a/x/pki/types/message_revoke_noc_root_x_509_cert_test.go b/x/pki/types/message_revoke_noc_root_x_509_cert_test.go new file mode 100644 index 000000000..69023259b --- /dev/null +++ b/x/pki/types/message_revoke_noc_root_x_509_cert_test.go @@ -0,0 +1,127 @@ +package types + +import ( + "testing" + + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/stretchr/testify/require" + tmrand "github.com/tendermint/tendermint/libs/rand" + + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" + "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/sample" + "github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator" +) + +func TestMsgRevokeNocRootX509Cert_ValidateBasic(t *testing.T) { + negativeTests := []struct { + name string + msg MsgRevokeNocRootX509Cert + err error + }{ + { + name: "invalid address", + msg: MsgRevokeNocRootX509Cert{ + Signer: "invalid_address", + }, + err: sdkerrors.ErrInvalidAddress, + }, + { + name: "empty subject", + msg: MsgRevokeNocRootX509Cert{ + Signer: sample.AccAddress(), + Subject: "", + SubjectKeyId: testconstants.RootSubjectKeyID, + }, + err: validator.ErrRequiredFieldMissing, + }, + { + name: "empty SubjectKeyId", + msg: MsgRevokeNocRootX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.RootSubject, + SubjectKeyId: "", + }, + err: validator.ErrRequiredFieldMissing, + }, + { + name: "subject len > 1024 (1 KB)", + msg: MsgRevokeNocRootX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.RootSubject + tmrand.Str(1025-len(testconstants.RootSubject)), + SubjectKeyId: testconstants.RootSubjectKeyID, + }, + err: validator.ErrFieldMaxLengthExceeded, + }, + { + name: "subject key id len > 256", + msg: MsgRevokeNocRootX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.RootSubject, + SubjectKeyId: testconstants.RootSubjectKeyID + tmrand.Str(257-len(testconstants.RootSubjectKeyID)), + }, + err: validator.ErrFieldMaxLengthExceeded, + }, + { + name: "info len > 4096", + msg: MsgRevokeNocRootX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.RootSubject, + SubjectKeyId: testconstants.RootSubjectKeyID, + Info: tmrand.Str(4097), + }, + err: validator.ErrFieldMaxLengthExceeded, + }, + } + positiveTests := []struct { + name string + msg MsgRevokeNocRootX509Cert + }{ + { + name: "valid revoke x509cert msg", + msg: MsgRevokeNocRootX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.RootSubject, + SubjectKeyId: testconstants.RootSubjectKeyID, + SerialNumber: testconstants.RootSerialNumber, + Info: testconstants.Info, + Time: 12345, + }, + }, + { + name: "valid revoke x509cert msg with revokeChild true flag", + msg: MsgRevokeNocRootX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.RootSubject, + SubjectKeyId: testconstants.RootSubjectKeyID, + SerialNumber: testconstants.RootSerialNumber, + Info: testconstants.Info, + Time: 12345, + RevokeChild: true, + }, + }, + { + name: "info field is 4096 characters long", + msg: MsgRevokeNocRootX509Cert{ + Signer: sample.AccAddress(), + Subject: testconstants.RootSubject, + SubjectKeyId: testconstants.RootSubjectKeyID, + Info: tmrand.Str(4096), + }, + }, + } + + for _, tt := range negativeTests { + t.Run(tt.name, func(t *testing.T) { + err := tt.msg.ValidateBasic() + require.Error(t, err) + require.ErrorIs(t, err, tt.err) + }) + } + + for _, tt := range positiveTests { + t.Run(tt.name, func(t *testing.T) { + err := tt.msg.ValidateBasic() + require.NoError(t, err) + }) + } +} diff --git a/x/pki/types/query.pb.go b/x/pki/types/query.pb.go index 1eed670d8..526467082 100644 --- a/x/pki/types/query.pb.go +++ b/x/pki/types/query.pb.go @@ -2063,6 +2063,214 @@ func (m *QueryAllNocCertificatesResponse) GetPagination() *query.PageResponse { return nil } +type QueryGetRevokedNocRootCertificatesRequest struct { + Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"` + SubjectKeyId string `protobuf:"bytes,2,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty"` +} + +func (m *QueryGetRevokedNocRootCertificatesRequest) Reset() { + *m = QueryGetRevokedNocRootCertificatesRequest{} +} +func (m *QueryGetRevokedNocRootCertificatesRequest) String() string { + return proto.CompactTextString(m) +} +func (*QueryGetRevokedNocRootCertificatesRequest) ProtoMessage() {} +func (*QueryGetRevokedNocRootCertificatesRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_62972e0134af9ed2, []int{42} +} +func (m *QueryGetRevokedNocRootCertificatesRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *QueryGetRevokedNocRootCertificatesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_QueryGetRevokedNocRootCertificatesRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *QueryGetRevokedNocRootCertificatesRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_QueryGetRevokedNocRootCertificatesRequest.Merge(m, src) +} +func (m *QueryGetRevokedNocRootCertificatesRequest) XXX_Size() int { + return m.Size() +} +func (m *QueryGetRevokedNocRootCertificatesRequest) XXX_DiscardUnknown() { + xxx_messageInfo_QueryGetRevokedNocRootCertificatesRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_QueryGetRevokedNocRootCertificatesRequest proto.InternalMessageInfo + +func (m *QueryGetRevokedNocRootCertificatesRequest) GetSubject() string { + if m != nil { + return m.Subject + } + return "" +} + +func (m *QueryGetRevokedNocRootCertificatesRequest) GetSubjectKeyId() string { + if m != nil { + return m.SubjectKeyId + } + return "" +} + +type QueryGetRevokedNocRootCertificatesResponse struct { + RevokedNocRootCertificates RevokedNocRootCertificates `protobuf:"bytes,1,opt,name=revokedNocRootCertificates,proto3" json:"revokedNocRootCertificates"` +} + +func (m *QueryGetRevokedNocRootCertificatesResponse) Reset() { + *m = QueryGetRevokedNocRootCertificatesResponse{} +} +func (m *QueryGetRevokedNocRootCertificatesResponse) String() string { + return proto.CompactTextString(m) +} +func (*QueryGetRevokedNocRootCertificatesResponse) ProtoMessage() {} +func (*QueryGetRevokedNocRootCertificatesResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_62972e0134af9ed2, []int{43} +} +func (m *QueryGetRevokedNocRootCertificatesResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *QueryGetRevokedNocRootCertificatesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_QueryGetRevokedNocRootCertificatesResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *QueryGetRevokedNocRootCertificatesResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_QueryGetRevokedNocRootCertificatesResponse.Merge(m, src) +} +func (m *QueryGetRevokedNocRootCertificatesResponse) XXX_Size() int { + return m.Size() +} +func (m *QueryGetRevokedNocRootCertificatesResponse) XXX_DiscardUnknown() { + xxx_messageInfo_QueryGetRevokedNocRootCertificatesResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_QueryGetRevokedNocRootCertificatesResponse proto.InternalMessageInfo + +func (m *QueryGetRevokedNocRootCertificatesResponse) GetRevokedNocRootCertificates() RevokedNocRootCertificates { + if m != nil { + return m.RevokedNocRootCertificates + } + return RevokedNocRootCertificates{} +} + +type QueryAllRevokedNocRootCertificatesRequest struct { + Pagination *query.PageRequest `protobuf:"bytes,1,opt,name=pagination,proto3" json:"pagination,omitempty"` +} + +func (m *QueryAllRevokedNocRootCertificatesRequest) Reset() { + *m = QueryAllRevokedNocRootCertificatesRequest{} +} +func (m *QueryAllRevokedNocRootCertificatesRequest) String() string { + return proto.CompactTextString(m) +} +func (*QueryAllRevokedNocRootCertificatesRequest) ProtoMessage() {} +func (*QueryAllRevokedNocRootCertificatesRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_62972e0134af9ed2, []int{44} +} +func (m *QueryAllRevokedNocRootCertificatesRequest) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *QueryAllRevokedNocRootCertificatesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_QueryAllRevokedNocRootCertificatesRequest.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *QueryAllRevokedNocRootCertificatesRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_QueryAllRevokedNocRootCertificatesRequest.Merge(m, src) +} +func (m *QueryAllRevokedNocRootCertificatesRequest) XXX_Size() int { + return m.Size() +} +func (m *QueryAllRevokedNocRootCertificatesRequest) XXX_DiscardUnknown() { + xxx_messageInfo_QueryAllRevokedNocRootCertificatesRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_QueryAllRevokedNocRootCertificatesRequest proto.InternalMessageInfo + +func (m *QueryAllRevokedNocRootCertificatesRequest) GetPagination() *query.PageRequest { + if m != nil { + return m.Pagination + } + return nil +} + +type QueryAllRevokedNocRootCertificatesResponse struct { + RevokedNocRootCertificates []RevokedNocRootCertificates `protobuf:"bytes,1,rep,name=revokedNocRootCertificates,proto3" json:"revokedNocRootCertificates"` + Pagination *query.PageResponse `protobuf:"bytes,2,opt,name=pagination,proto3" json:"pagination,omitempty"` +} + +func (m *QueryAllRevokedNocRootCertificatesResponse) Reset() { + *m = QueryAllRevokedNocRootCertificatesResponse{} +} +func (m *QueryAllRevokedNocRootCertificatesResponse) String() string { + return proto.CompactTextString(m) +} +func (*QueryAllRevokedNocRootCertificatesResponse) ProtoMessage() {} +func (*QueryAllRevokedNocRootCertificatesResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_62972e0134af9ed2, []int{45} +} +func (m *QueryAllRevokedNocRootCertificatesResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *QueryAllRevokedNocRootCertificatesResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_QueryAllRevokedNocRootCertificatesResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *QueryAllRevokedNocRootCertificatesResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_QueryAllRevokedNocRootCertificatesResponse.Merge(m, src) +} +func (m *QueryAllRevokedNocRootCertificatesResponse) XXX_Size() int { + return m.Size() +} +func (m *QueryAllRevokedNocRootCertificatesResponse) XXX_DiscardUnknown() { + xxx_messageInfo_QueryAllRevokedNocRootCertificatesResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_QueryAllRevokedNocRootCertificatesResponse proto.InternalMessageInfo + +func (m *QueryAllRevokedNocRootCertificatesResponse) GetRevokedNocRootCertificates() []RevokedNocRootCertificates { + if m != nil { + return m.RevokedNocRootCertificates + } + return nil +} + +func (m *QueryAllRevokedNocRootCertificatesResponse) GetPagination() *query.PageResponse { + if m != nil { + return m.Pagination + } + return nil +} + func init() { proto.RegisterType((*QueryGetApprovedCertificatesRequest)(nil), "zigbeealliance.distributedcomplianceledger.pki.QueryGetApprovedCertificatesRequest") proto.RegisterType((*QueryGetApprovedCertificatesResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.QueryGetApprovedCertificatesResponse") @@ -2106,130 +2314,142 @@ func init() { proto.RegisterType((*QueryGetNocCertificatesResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.QueryGetNocCertificatesResponse") proto.RegisterType((*QueryAllNocCertificatesRequest)(nil), "zigbeealliance.distributedcomplianceledger.pki.QueryAllNocCertificatesRequest") proto.RegisterType((*QueryAllNocCertificatesResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.QueryAllNocCertificatesResponse") + proto.RegisterType((*QueryGetRevokedNocRootCertificatesRequest)(nil), "zigbeealliance.distributedcomplianceledger.pki.QueryGetRevokedNocRootCertificatesRequest") + proto.RegisterType((*QueryGetRevokedNocRootCertificatesResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.QueryGetRevokedNocRootCertificatesResponse") + proto.RegisterType((*QueryAllRevokedNocRootCertificatesRequest)(nil), "zigbeealliance.distributedcomplianceledger.pki.QueryAllRevokedNocRootCertificatesRequest") + proto.RegisterType((*QueryAllRevokedNocRootCertificatesResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.QueryAllRevokedNocRootCertificatesResponse") } func init() { proto.RegisterFile("pki/query.proto", fileDescriptor_62972e0134af9ed2) } var fileDescriptor_62972e0134af9ed2 = []byte{ - // 1877 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x5a, 0xcf, 0x6f, 0xdc, 0xc4, - 0x17, 0xcf, 0xec, 0x7e, 0xdb, 0xaf, 0x18, 0x10, 0xa5, 0x93, 0xd0, 0xa4, 0x4b, 0xb3, 0x49, 0xa6, - 0x21, 0x6d, 0xd3, 0x66, 0x4d, 0x5a, 0xd1, 0xc2, 0xa1, 0x54, 0xf9, 0x51, 0xda, 0x82, 0x08, 0xe9, - 0x06, 0x51, 0x84, 0x4a, 0x57, 0x5e, 0xaf, 0xd9, 0x98, 0x38, 0x3b, 0xae, 0xed, 0x0d, 0x2c, 0x51, - 0x90, 0x40, 0x40, 0x25, 0x4e, 0xa5, 0x70, 0x00, 0xc4, 0x89, 0x4a, 0x15, 0x77, 0x0e, 0xfc, 0x0b, - 0x95, 0x38, 0x50, 0x89, 0x03, 0x95, 0x2a, 0x21, 0xd4, 0x70, 0x00, 0xb5, 0x12, 0xe2, 0x02, 0xe2, - 0x02, 0xc8, 0xe3, 0x71, 0xec, 0x5d, 0x8f, 0xbd, 0x5e, 0xef, 0x6c, 0x7b, 0x5b, 0x7b, 0x9e, 0xdf, - 0x7b, 0x9f, 0xcf, 0x7b, 0xf3, 0xe6, 0xf9, 0x79, 0xe1, 0x0e, 0x63, 0x45, 0x93, 0x2e, 0xd6, 0x55, - 0xb3, 0x51, 0x30, 0x4c, 0x62, 0x13, 0x54, 0x78, 0x5b, 0xab, 0x96, 0x55, 0x55, 0xd6, 0x75, 0x4d, - 0xae, 0x29, 0x6a, 0xa1, 0xa2, 0x59, 0xb6, 0xa9, 0x95, 0xeb, 0xb6, 0x5a, 0x51, 0xc8, 0xaa, 0xe1, - 0xde, 0xd5, 0xd5, 0x4a, 0x55, 0x35, 0x0b, 0xc6, 0x8a, 0x96, 0xdb, 0x53, 0x25, 0xa4, 0xaa, 0xab, - 0x92, 0x6c, 0x68, 0x92, 0x5c, 0xab, 0x11, 0x5b, 0xb6, 0x35, 0x52, 0xb3, 0x5c, 0x6d, 0xb9, 0x49, - 0x85, 0x58, 0xab, 0xc4, 0x92, 0xca, 0xb2, 0xa5, 0xba, 0x66, 0xa4, 0xb5, 0xe9, 0xb2, 0x6a, 0xcb, - 0xd3, 0x92, 0x21, 0x57, 0xb5, 0x1a, 0x15, 0x66, 0xb2, 0x23, 0x8e, 0x2b, 0xb2, 0x61, 0x98, 0x64, - 0x4d, 0xad, 0x94, 0x14, 0xd5, 0xb4, 0xb5, 0xd7, 0x35, 0x45, 0xb6, 0x55, 0x4f, 0x59, 0xde, 0x11, - 0x30, 0x4c, 0x62, 0x10, 0xab, 0x59, 0x80, 0xad, 0xef, 0x71, 0xd6, 0x95, 0x65, 0x4d, 0xe7, 0x3e, - 0x7d, 0x20, 0xea, 0xe9, 0x92, 0xa9, 0xae, 0x11, 0x25, 0xe8, 0x09, 0x35, 0xe4, 0xdc, 0x5d, 0xe1, - 0x3b, 0x32, 0xde, 0xe4, 0xa9, 0x49, 0x88, 0xcd, 0x93, 0xda, 0x1b, 0xd4, 0x12, 0x25, 0x34, 0x19, - 0x09, 0xba, 0x54, 0x6e, 0x94, 0xac, 0x7a, 0xf9, 0x0d, 0x55, 0xb1, 0x9b, 0xdd, 0x72, 0xee, 0x70, - 0xf1, 0x1f, 0xa4, 0x08, 0x57, 0xb4, 0x00, 0xa0, 0xd2, 0x56, 0xf8, 0x9c, 0x0b, 0x83, 0x68, 0x35, - 0x4f, 0xd9, 0xc9, 0x44, 0xc2, 0xd4, 0x0b, 0xcd, 0xb2, 0xea, 0xaa, 0xe9, 0x39, 0x53, 0x5a, 0x51, - 0x1b, 0x25, 0xad, 0x12, 0x0c, 0x5a, 0x8d, 0x28, 0x91, 0x00, 0x73, 0x9e, 0x00, 0x67, 0x6d, 0xa0, - 0x4a, 0xaa, 0x84, 0xfe, 0x94, 0x9c, 0x5f, 0xec, 0xee, 0x6e, 0x37, 0x67, 0x4a, 0xee, 0x82, 0x7b, - 0xe1, 0x2e, 0x61, 0x05, 0xee, 0x3d, 0xeb, 0x24, 0xd1, 0x29, 0xd5, 0x9e, 0x61, 0x9c, 0xcd, 0x05, - 0xd4, 0x16, 0xd5, 0x8b, 0x75, 0xd5, 0xb2, 0xd1, 0x10, 0xfc, 0x3f, 0x73, 0x76, 0x08, 0x8c, 0x82, - 0xfd, 0x0f, 0x14, 0xbd, 0x4b, 0x84, 0xe1, 0x43, 0xec, 0xe7, 0xf3, 0x6a, 0xe3, 0x4c, 0x65, 0x28, - 0x43, 0x97, 0x9b, 0xee, 0xe1, 0x6b, 0x00, 0x8e, 0xc7, 0x5b, 0xb1, 0x0c, 0x52, 0xb3, 0x54, 0xf4, - 0x0e, 0x1c, 0x90, 0x39, 0xeb, 0xd4, 0xe6, 0x83, 0x87, 0xe7, 0x3b, 0xdc, 0x49, 0x05, 0x9e, 0xad, - 0xd9, 0xff, 0x5d, 0xff, 0x69, 0xa4, 0xaf, 0xc8, 0xb5, 0x83, 0x3f, 0x06, 0x8c, 0x8e, 0x19, 0x5d, - 0x8f, 0xa3, 0xe3, 0x59, 0x08, 0xfd, 0xcd, 0xc6, 0xbc, 0x9b, 0x28, 0x30, 0x62, 0x9d, 0x9d, 0x59, - 0x70, 0x0b, 0x00, 0xdb, 0x99, 0x85, 0x45, 0xb9, 0xaa, 0xb2, 0x67, 0x8b, 0x81, 0x27, 0x13, 0x91, - 0xf7, 0xbb, 0x47, 0x5e, 0xa4, 0x4f, 0x6d, 0xc9, 0xcb, 0xde, 0x0b, 0xf2, 0xd0, 0xa9, 0x26, 0x52, - 0x32, 0x94, 0x94, 0x7d, 0x6d, 0x49, 0x71, 0x9d, 0x0f, 0xb2, 0x82, 0xcb, 0x10, 0x7b, 0xd9, 0xb2, - 0xc8, 0xaa, 0x4b, 0xc0, 0x90, 0x98, 0x94, 0xfc, 0x0a, 0xf8, 0x89, 0xcf, 0x35, 0xc2, 0x48, 0x5d, - 0x87, 0xfd, 0x46, 0x78, 0x99, 0x85, 0x7c, 0xae, 0x53, 0x4e, 0x39, 0x96, 0x18, 0xa5, 0x3c, 0x2b, - 0x58, 0x67, 0x44, 0xcc, 0xe8, 0x7a, 0x0c, 0x11, 0x82, 0x92, 0x11, 0xdf, 0x09, 0x24, 0x7f, 0x2a, - 0x4a, 0xb2, 0xbd, 0xa7, 0x44, 0x64, 0x92, 0x8d, 0x7a, 0xf1, 0x9f, 0x73, 0x0e, 0x38, 0xde, 0x36, - 0xdf, 0x05, 0xb7, 0xbb, 0x95, 0x9a, 0x65, 0x18, 0xbb, 0x42, 0x13, 0xf0, 0x61, 0xb9, 0x6e, 0x2f, - 0x13, 0x53, 0xb3, 0x1b, 0xc1, 0x14, 0x6b, 0xb9, 0x8b, 0xbf, 0x00, 0x70, 0x2c, 0xc6, 0x08, 0xe3, - 0xb3, 0x0e, 0x77, 0x2a, 0xad, 0x8b, 0x2c, 0x8c, 0x33, 0x9d, 0xb2, 0x19, 0xb2, 0xc2, 0xb8, 0x0c, - 0x5b, 0xc0, 0x97, 0x01, 0x3c, 0x14, 0xbb, 0x03, 0xbc, 0x43, 0x4c, 0xc8, 0x86, 0xa3, 0x32, 0xaa, - 0xa9, 0xc9, 0xfa, 0x42, 0x7d, 0xb5, 0xac, 0x9a, 0x43, 0x59, 0x26, 0x13, 0xb8, 0x87, 0xbf, 0x03, - 0x70, 0x2a, 0xa1, 0x4b, 0x8c, 0xbb, 0xcf, 0x01, 0x1c, 0x36, 0xe2, 0x24, 0x19, 0x91, 0x2f, 0x08, - 0x48, 0x4b, 0x5f, 0x29, 0x23, 0x35, 0xde, 0x32, 0x5e, 0x63, 0xfc, 0x46, 0x6d, 0xa7, 0x56, 0x7e, - 0x45, 0xed, 0xe3, 0x4f, 0x33, 0x8c, 0xc5, 0xf6, 0x86, 0x3b, 0x60, 0x31, 0x7b, 0x7f, 0x58, 0xec, - 0xc9, 0xa9, 0x52, 0x74, 0x5b, 0x48, 0xf1, 0x8d, 0x4e, 0xf0, 0x54, 0xe1, 0x1a, 0xf1, 0x4b, 0xa8, - 0x19, 0x5e, 0x4e, 0x7b, 0xaa, 0x70, 0x2c, 0x79, 0x25, 0x94, 0x63, 0x25, 0x78, 0xaa, 0xc4, 0x10, - 0xd1, 0x8b, 0x53, 0x25, 0x15, 0x25, 0xd9, 0xde, 0x53, 0x22, 0x2e, 0xc9, 0x0e, 0xc0, 0x7d, 0xad, - 0x8d, 0x6e, 0x91, 0x10, 0x9b, 0x43, 0x30, 0xfe, 0x16, 0xc0, 0xfd, 0xed, 0x65, 0x19, 0x3b, 0x1f, - 0x01, 0x38, 0x24, 0x47, 0x08, 0xb1, 0xe0, 0x9c, 0x4e, 0xdb, 0xe0, 0xb5, 0xea, 0x63, 0x44, 0x45, - 0xda, 0xc3, 0xfb, 0xe1, 0x44, 0x4b, 0x92, 0x47, 0x61, 0xfc, 0x06, 0xf8, 0x7c, 0x44, 0x8a, 0x32, - 0x88, 0x97, 0x00, 0x1c, 0x34, 0xf9, 0x32, 0x0c, 0xe1, 0xa9, 0x94, 0x59, 0x10, 0x01, 0x30, 0xca, - 0x1a, 0x3e, 0xed, 0x1f, 0x8c, 0xdc, 0x26, 0xb8, 0xb1, 0xe4, 0xee, 0xf9, 0xb6, 0x35, 0xa3, 0xe9, - 0x40, 0x6b, 0xa3, 0x2a, 0x50, 0x8a, 0xe5, 0x38, 0xc9, 0xb4, 0x07, 0x5a, 0xac, 0x79, 0xaf, 0x14, - 0xc7, 0x5a, 0x0e, 0xbe, 0x2b, 0x16, 0xd9, 0x3b, 0xb3, 0xf8, 0x12, 0x7a, 0x35, 0xf0, 0xae, 0xc8, - 0xb7, 0x12, 0x2c, 0x18, 0xa1, 0xf5, 0xf4, 0x35, 0x34, 0xa4, 0xca, 0x2f, 0x18, 0xa1, 0x25, 0xbc, - 0x1a, 0x2c, 0x6a, 0xd1, 0x54, 0x88, 0x2a, 0xa2, 0x77, 0x03, 0xef, 0x80, 0xe9, 0x48, 0xc9, 0xf6, - 0x9e, 0x14, 0x71, 0x55, 0xf4, 0x52, 0xb0, 0x0f, 0x5c, 0xd1, 0xfc, 0x6e, 0x60, 0x3e, 0x30, 0x4e, - 0x59, 0x24, 0x5a, 0x6d, 0x6b, 0x0b, 0x3e, 0x02, 0xb3, 0x6b, 0x5a, 0x85, 0x32, 0xbc, 0xad, 0xe8, - 0xfc, 0x44, 0x03, 0x70, 0x9b, 0x2e, 0x97, 0x55, 0x9d, 0x25, 0x99, 0x7b, 0x81, 0x0a, 0x10, 0xb9, - 0x3d, 0xfc, 0x92, 0x9f, 0x73, 0xf3, 0xac, 0x17, 0xe5, 0xac, 0xe0, 0xef, 0x01, 0x2c, 0x24, 0xf5, - 0x84, 0x85, 0xe0, 0x4b, 0x00, 0xf3, 0xf1, 0xa2, 0x2c, 0x11, 0x16, 0x3a, 0xee, 0xa6, 0x62, 0xb5, - 0xb2, 0xc8, 0xb4, 0xb1, 0x8d, 0xdf, 0x0c, 0x34, 0x87, 0x89, 0xa8, 0x15, 0x95, 0xc3, 0x9f, 0x65, - 0x18, 0x95, 0x09, 0x2c, 0x77, 0x42, 0x65, 0xf6, 0x7e, 0x51, 0x29, 0x2e, 0xdf, 0x6d, 0x38, 0x9b, - 0x2c, 0xc9, 0xac, 0xd9, 0xc6, 0x99, 0x50, 0x92, 0x7a, 0x81, 0xe2, 0xe7, 0x36, 0x88, 0xcc, 0xed, - 0xab, 0x19, 0x38, 0xd7, 0x95, 0x59, 0x16, 0xa5, 0x5b, 0x00, 0x1e, 0x31, 0x3a, 0x7f, 0x9e, 0xa5, - 0x92, 0x22, 0x36, 0x74, 0x5c, 0x53, 0x2c, 0x9e, 0x69, 0xbc, 0xc4, 0x47, 0xfd, 0xd7, 0x86, 0x05, - 0xa2, 0x44, 0x34, 0x3a, 0xe1, 0xfa, 0xd3, 0xf4, 0x2a, 0xc0, 0x7d, 0xd0, 0xaf, 0xd8, 0xb5, 0xf0, - 0x72, 0xda, 0x63, 0x8c, 0x63, 0xc9, 0xab, 0xd8, 0x1c, 0x2b, 0xc1, 0x57, 0x81, 0x18, 0x70, 0xbd, - 0x78, 0x15, 0x48, 0x45, 0x49, 0xb6, 0xf7, 0x94, 0x88, 0xdb, 0xd4, 0x87, 0x61, 0x3e, 0x10, 0xff, - 0x64, 0x49, 0x73, 0x05, 0xc0, 0x91, 0xc8, 0x87, 0x18, 0x3b, 0x04, 0xee, 0xa8, 0x35, 0x2f, 0xb1, - 0x90, 0x9c, 0x48, 0xc1, 0x0c, 0x87, 0x95, 0x56, 0xed, 0x78, 0x99, 0x01, 0x71, 0xa3, 0xd6, 0xcb, - 0x04, 0xb9, 0xe5, 0xc1, 0xe7, 0x99, 0x8a, 0x83, 0x9f, 0xed, 0x1d, 0x7c, 0x61, 0x09, 0x71, 0xf8, - 0xfd, 0x49, 0xb8, 0x8d, 0xa2, 0x43, 0x7f, 0x03, 0x38, 0xc0, 0xeb, 0xc7, 0xd1, 0x52, 0xa7, 0x18, - 0x12, 0x7c, 0xbb, 0xc9, 0xbd, 0x24, 0x56, 0xa9, 0x8b, 0x0c, 0x1f, 0x7d, 0xef, 0x87, 0x5f, 0x3e, - 0xc9, 0x3c, 0x81, 0x0a, 0x52, 0x45, 0xd1, 0x25, 0xfa, 0x9d, 0x30, 0x20, 0x26, 0xad, 0xb3, 0xa6, - 0x7e, 0x63, 0xeb, 0x17, 0x6d, 0xef, 0x37, 0xd0, 0x26, 0x80, 0x83, 0x3c, 0xc5, 0x33, 0xba, 0x9e, - 0x12, 0x7e, 0xfc, 0xb7, 0x9a, 0x94, 0xf0, 0xdb, 0x7c, 0x6c, 0xc1, 0xc3, 0x14, 0xfe, 0x20, 0x7a, - 0x94, 0x0b, 0x1f, 0xfd, 0x0b, 0x60, 0x3f, 0x67, 0xf8, 0x85, 0x8a, 0x69, 0x63, 0x11, 0x3d, 0xff, - 0xcf, 0x2d, 0x09, 0xd5, 0xc9, 0xf0, 0x9d, 0xa0, 0xf8, 0x9e, 0x46, 0xc7, 0xb6, 0xf0, 0x79, 0x63, - 0xba, 0xa9, 0x64, 0x71, 0xfe, 0x0d, 0xc0, 0x5d, 0x1c, 0x03, 0x4e, 0x98, 0x8b, 0x69, 0x23, 0x22, - 0x9c, 0x84, 0xf8, 0x2f, 0x1d, 0x78, 0x82, 0x92, 0x30, 0x8a, 0xf2, 0xf1, 0x24, 0xa0, 0xbf, 0x00, - 0xdc, 0x19, 0x9a, 0xbc, 0xa3, 0xc5, 0xb4, 0x71, 0x89, 0xfa, 0x1e, 0x91, 0x3b, 0x2b, 0x50, 0x23, - 0x83, 0x78, 0x9c, 0x42, 0x3c, 0x86, 0x9e, 0xf4, 0xf3, 0xd8, 0x91, 0x6d, 0x09, 0xb2, 0xdb, 0x3d, - 0x6e, 0x48, 0xeb, 0xcd, 0x1f, 0x38, 0x36, 0xd0, 0xd7, 0x19, 0x38, 0x1c, 0x3b, 0xe4, 0x45, 0xe7, - 0x85, 0x66, 0x67, 0xcb, 0xcc, 0x3c, 0xf7, 0x5a, 0x8f, 0xb4, 0x33, 0x76, 0x9e, 0xa3, 0xec, 0xcc, - 0xa3, 0xd9, 0x70, 0x02, 0xf8, 0x1f, 0xf9, 0x13, 0x6e, 0x88, 0x2b, 0x19, 0x38, 0x1a, 0x6b, 0xd5, - 0xd9, 0x1a, 0xe7, 0x85, 0xa6, 0xb1, 0x18, 0xb6, 0x92, 0x7e, 0x46, 0xc0, 0xd3, 0x94, 0xad, 0x83, - 0xe8, 0x40, 0x62, 0xb6, 0xd0, 0x3f, 0x00, 0xf6, 0x73, 0x66, 0xb5, 0xe9, 0xeb, 0x64, 0xf4, 0x44, - 0x3b, 0x7d, 0x9d, 0x8c, 0x19, 0x5b, 0xe3, 0x67, 0x28, 0xe6, 0xa7, 0xd0, 0xd1, 0x2d, 0xcc, 0x6c, - 0xaa, 0x98, 0x30, 0x2b, 0x7e, 0x05, 0x70, 0x17, 0x47, 0x7f, 0x57, 0x65, 0x52, 0x38, 0x07, 0xf1, - 0xa3, 0x7b, 0xfc, 0x38, 0xe5, 0x60, 0x04, 0x0d, 0xc7, 0x72, 0x80, 0xfe, 0x00, 0x70, 0x28, 0x6a, - 0xe6, 0x8c, 0xce, 0x75, 0xdb, 0xa4, 0x44, 0xbc, 0xbc, 0xe4, 0x5e, 0x11, 0xaf, 0x98, 0xc1, 0xc6, - 0x14, 0xf6, 0x1e, 0x94, 0xf3, 0x61, 0x13, 0x62, 0x37, 0x63, 0xfe, 0x13, 0xc0, 0xc1, 0x88, 0x29, - 0x34, 0x7a, 0xb9, 0xcb, 0x7c, 0x8c, 0x42, 0x7c, 0x4e, 0xb8, 0x5e, 0x06, 0x78, 0x92, 0x02, 0x1e, - 0x47, 0x38, 0x14, 0xe7, 0x30, 0xf0, 0x0f, 0x32, 0x70, 0x38, 0x76, 0xe4, 0x9c, 0xfe, 0x60, 0x48, - 0x32, 0x93, 0x4f, 0x7f, 0x30, 0x24, 0x1a, 0xd3, 0xe3, 0x7d, 0x94, 0x8a, 0x31, 0x34, 0xd2, 0xa6, - 0xfb, 0x45, 0xef, 0x66, 0x9c, 0x02, 0x17, 0x9e, 0x95, 0x76, 0x51, 0x8c, 0x22, 0xc7, 0xcd, 0xe9, - 0x3b, 0xfd, 0xb8, 0x99, 0x32, 0xa7, 0x15, 0xf4, 0x86, 0xbf, 0x09, 0x6b, 0xdc, 0x1d, 0x5a, 0xe3, - 0x42, 0x16, 0xba, 0xea, 0xf8, 0xc5, 0xd3, 0xd0, 0x66, 0xb4, 0xce, 0x69, 0x06, 0xb9, 0x34, 0xa0, - 0x6b, 0x99, 0x76, 0x43, 0x4b, 0x94, 0xbe, 0x6b, 0x49, 0x32, 0xb1, 0xcd, 0x5d, 0xe8, 0x95, 0x7a, - 0xc6, 0xc4, 0x49, 0xca, 0xc4, 0x09, 0x74, 0xbc, 0xa9, 0x0e, 0xb0, 0xe3, 0xdd, 0xfd, 0x93, 0xa3, - 0xd7, 0x32, 0x06, 0x47, 0x69, 0x1b, 0xd2, 0xfa, 0x9a, 0x56, 0xd9, 0x90, 0xd6, 0xe9, 0x28, 0x7e, - 0x03, 0x7d, 0x98, 0x81, 0x63, 0xf1, 0x16, 0x9d, 0x0c, 0x49, 0xdf, 0xb3, 0xf4, 0x90, 0xab, 0xc4, - 0x23, 0x6c, 0xde, 0x21, 0xd1, 0xca, 0x15, 0xfa, 0x31, 0x03, 0x8f, 0xa4, 0x98, 0x6a, 0x22, 0xb3, - 0x37, 0x71, 0x8e, 0x1b, 0x32, 0xe7, 0xac, 0x7b, 0x6a, 0x93, 0x91, 0x78, 0x8c, 0x92, 0x38, 0x8d, - 0xa4, 0x0e, 0x13, 0x0e, 0xdd, 0x05, 0xb0, 0x9f, 0x33, 0xff, 0x4b, 0xdf, 0x5e, 0x46, 0x4f, 0x49, - 0xd3, 0xb7, 0x97, 0x31, 0xa3, 0x50, 0x7c, 0x88, 0x22, 0x9f, 0x40, 0xe3, 0x5b, 0xc8, 0x6b, 0x44, - 0x09, 0x1f, 0xb7, 0xee, 0xce, 0xa2, 0xef, 0xdc, 0x1c, 0x6d, 0x5d, 0x35, 0x93, 0xc2, 0x11, 0xc7, - 0x0f, 0x7f, 0x39, 0x65, 0x96, 0x8b, 0x18, 0xdd, 0x02, 0x70, 0x47, 0xcb, 0x04, 0x0f, 0x2d, 0x74, - 0x11, 0x02, 0x1e, 0xc0, 0x17, 0x85, 0xe9, 0x8b, 0x6c, 0x1b, 0x1c, 0x70, 0x9c, 0x48, 0xde, 0x04, - 0x10, 0xb5, 0x28, 0x71, 0xa2, 0xb8, 0xd0, 0x05, 0xe3, 0xe2, 0x00, 0x46, 0x4f, 0x67, 0xf1, 0x18, - 0x05, 0xf8, 0x18, 0xda, 0x1d, 0x09, 0x70, 0xf6, 0xc2, 0xf5, 0xdb, 0x79, 0x70, 0xe3, 0x76, 0x1e, - 0xfc, 0x7c, 0x3b, 0x0f, 0x2e, 0x6f, 0xe6, 0xfb, 0x6e, 0x6c, 0xe6, 0xfb, 0x6e, 0x6e, 0xe6, 0xfb, - 0x5e, 0x9d, 0xaf, 0x6a, 0xf6, 0x72, 0xbd, 0x5c, 0x50, 0xc8, 0xaa, 0xe4, 0xfa, 0x35, 0xe5, 0x39, - 0x26, 0x05, 0x1c, 0x9b, 0xf2, 0x3d, 0x9b, 0x72, 0x5d, 0x93, 0xde, 0xa2, 0xa6, 0xec, 0x86, 0xa1, - 0x5a, 0xe5, 0xed, 0xf4, 0x8f, 0xed, 0x47, 0xfe, 0x0b, 0x00, 0x00, 0xff, 0xff, 0x96, 0x7c, 0x09, - 0xc7, 0x88, 0x31, 0x00, 0x00, + // 2008 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x5b, 0x4d, 0x6c, 0x1c, 0x49, + 0x15, 0x76, 0xf5, 0x90, 0x45, 0x14, 0x88, 0xb0, 0x65, 0x13, 0x7b, 0x87, 0x78, 0x6c, 0xd7, 0x1a, + 0xff, 0xed, 0x7a, 0x1a, 0x27, 0x22, 0x81, 0xc3, 0x62, 0xf9, 0x67, 0xf1, 0xee, 0x22, 0x8c, 0x77, + 0x8c, 0x58, 0x36, 0x0a, 0x19, 0xf5, 0xf4, 0x34, 0xe3, 0xc6, 0xed, 0xe9, 0x4e, 0x77, 0x8f, 0x61, + 0xb0, 0x8c, 0x04, 0x12, 0x09, 0xe2, 0x14, 0x02, 0x07, 0x40, 0x39, 0x11, 0x29, 0xe2, 0xc0, 0x8d, + 0x03, 0x47, 0xae, 0x91, 0x38, 0x10, 0x89, 0x03, 0x91, 0x22, 0x21, 0x14, 0x73, 0x00, 0x25, 0x12, + 0xe2, 0x02, 0xe2, 0x02, 0xab, 0xae, 0xae, 0x76, 0xf7, 0x4c, 0x57, 0xd5, 0xf4, 0xf4, 0xd4, 0x38, + 0xb7, 0xe9, 0xae, 0xea, 0xf7, 0xea, 0xfb, 0xde, 0x4f, 0xbd, 0xaa, 0x67, 0xc3, 0xf3, 0xce, 0xbe, + 0xa9, 0xde, 0x6c, 0x19, 0x6e, 0xbb, 0xec, 0xb8, 0xb6, 0x6f, 0xa3, 0xf2, 0x77, 0xcd, 0x46, 0xcd, + 0x30, 0x34, 0xcb, 0x32, 0xb5, 0xa6, 0x6e, 0x94, 0xeb, 0xa6, 0xe7, 0xbb, 0x66, 0xad, 0xe5, 0x1b, + 0x75, 0xdd, 0x3e, 0x70, 0xc2, 0xb7, 0x96, 0x51, 0x6f, 0x18, 0x6e, 0xd9, 0xd9, 0x37, 0x8b, 0x17, + 0x1b, 0xb6, 0xdd, 0xb0, 0x0c, 0x55, 0x73, 0x4c, 0x55, 0x6b, 0x36, 0x6d, 0x5f, 0xf3, 0x4d, 0xbb, + 0xe9, 0x85, 0xd2, 0x8a, 0x4b, 0xba, 0xed, 0x1d, 0xd8, 0x9e, 0x5a, 0xd3, 0x3c, 0x23, 0x54, 0xa3, + 0x1e, 0xae, 0xd4, 0x0c, 0x5f, 0x5b, 0x51, 0x1d, 0xad, 0x61, 0x36, 0xc9, 0x64, 0x3a, 0x77, 0x2a, + 0x58, 0x8a, 0xe6, 0x38, 0xae, 0x7d, 0x68, 0xd4, 0xab, 0xba, 0xe1, 0xfa, 0xe6, 0x37, 0x4d, 0x5d, + 0xf3, 0x8d, 0x48, 0x58, 0x29, 0x98, 0xe0, 0xb8, 0xb6, 0x63, 0x7b, 0x9d, 0x13, 0xe8, 0xf8, 0xc5, + 0x60, 0x5c, 0xdf, 0x33, 0x2d, 0xe6, 0xd7, 0x8b, 0xbc, 0xaf, 0xab, 0xae, 0x71, 0x68, 0xeb, 0xc9, + 0x95, 0x10, 0x45, 0xc1, 0xdb, 0x7d, 0xf6, 0x42, 0x66, 0x3b, 0x56, 0xea, 0xda, 0xb6, 0xcf, 0x9a, + 0xf5, 0x6a, 0x52, 0x0a, 0x6f, 0xd2, 0x12, 0x17, 0x74, 0xb5, 0xd6, 0xae, 0x7a, 0xad, 0xda, 0xb7, + 0x0c, 0xdd, 0xef, 0x5c, 0x56, 0xf0, 0x86, 0x89, 0xff, 0x35, 0x82, 0x70, 0xdf, 0x4c, 0x00, 0xaa, + 0x9e, 0x9a, 0x2f, 0x78, 0x70, 0x6c, 0xb3, 0x19, 0x09, 0x7b, 0x33, 0xd3, 0x64, 0xb2, 0x0a, 0xd3, + 0xf3, 0x5a, 0x86, 0x1b, 0x2d, 0xa6, 0xba, 0x6f, 0xb4, 0xab, 0x66, 0x3d, 0x69, 0xb4, 0xa6, 0xad, + 0x73, 0x01, 0x16, 0xa3, 0x09, 0x8c, 0xb1, 0xf9, 0x24, 0x43, 0x22, 0x21, 0x63, 0x0d, 0xbb, 0x61, + 0x93, 0x9f, 0x6a, 0xf0, 0x8b, 0xbe, 0x7d, 0x25, 0x74, 0xae, 0x6a, 0x38, 0x10, 0x3e, 0x84, 0x43, + 0x58, 0x87, 0xaf, 0xbe, 0x1b, 0x78, 0xdb, 0x96, 0xe1, 0xaf, 0x51, 0x72, 0x37, 0x12, 0x62, 0x2b, + 0xc6, 0xcd, 0x96, 0xe1, 0xf9, 0x68, 0x02, 0x7e, 0x98, 0xa2, 0x9a, 0x00, 0xd3, 0x60, 0xe1, 0x23, + 0x95, 0xe8, 0x11, 0x61, 0xf8, 0x31, 0xfa, 0xf3, 0x4b, 0x46, 0xfb, 0xed, 0xfa, 0x84, 0x42, 0x86, + 0x3b, 0xde, 0xe1, 0x07, 0x00, 0xce, 0x8a, 0xb5, 0x78, 0x8e, 0xdd, 0xf4, 0x0c, 0xf4, 0x3d, 0x38, + 0xa6, 0x31, 0xc6, 0x89, 0xce, 0x8f, 0x5e, 0xda, 0xec, 0x33, 0xe4, 0xca, 0x2c, 0x5d, 0xeb, 0x1f, + 0x7a, 0xf8, 0x97, 0xa9, 0x91, 0x0a, 0x53, 0x0f, 0xfe, 0x09, 0xa0, 0x74, 0xac, 0x59, 0x96, 0x88, + 0x8e, 0x2f, 0x42, 0x18, 0x47, 0x25, 0x5d, 0xdd, 0x5c, 0x99, 0x12, 0x1b, 0x84, 0x70, 0x39, 0xcc, + 0x14, 0x34, 0x84, 0xcb, 0x3b, 0x5a, 0xc3, 0xa0, 0xdf, 0x56, 0x12, 0x5f, 0x66, 0x22, 0xef, 0x9f, + 0x11, 0x79, 0xdc, 0x35, 0xf5, 0x24, 0xaf, 0x70, 0x16, 0xe4, 0xa1, 0xad, 0x0e, 0x52, 0x14, 0x42, + 0xca, 0x7c, 0x4f, 0x52, 0xc2, 0xc5, 0x27, 0x59, 0xc1, 0x35, 0x88, 0x23, 0x6f, 0xd9, 0xa1, 0x69, + 0x28, 0xa1, 0x48, 0x8e, 0x4b, 0xfe, 0x0a, 0xc4, 0x8e, 0xcf, 0x54, 0x42, 0x49, 0x3d, 0x82, 0xa3, + 0x4e, 0x7a, 0x98, 0x9a, 0x7c, 0xa3, 0x5f, 0x4e, 0x19, 0x9a, 0x28, 0xa5, 0x2c, 0x2d, 0xd8, 0xa2, + 0x44, 0xac, 0x59, 0x96, 0x80, 0x08, 0x49, 0xce, 0x88, 0x9f, 0x25, 0x9c, 0x3f, 0x17, 0x25, 0x85, + 0xe1, 0x53, 0x22, 0xd3, 0xc9, 0xa6, 0x23, 0xfb, 0x6f, 0x04, 0x3b, 0x21, 0x2b, 0xcc, 0x2f, 0xc0, + 0x97, 0xc2, 0x94, 0x4e, 0x3d, 0x8c, 0x3e, 0xa1, 0x39, 0xf8, 0x71, 0xad, 0xe5, 0xef, 0xd9, 0xae, + 0xe9, 0xb7, 0x93, 0x2e, 0xd6, 0xf5, 0x16, 0xff, 0x12, 0xc0, 0x19, 0x81, 0x12, 0xca, 0x67, 0x0b, + 0xbe, 0xac, 0x77, 0x0f, 0x52, 0x33, 0xae, 0xf5, 0xcb, 0x66, 0x4a, 0x0b, 0xe5, 0x32, 0xad, 0x01, + 0xdf, 0x01, 0xf0, 0x75, 0x61, 0x04, 0x44, 0xbb, 0x9d, 0x94, 0x80, 0x23, 0x73, 0x0c, 0xd7, 0xd4, + 0xac, 0xed, 0xd6, 0x41, 0xcd, 0x70, 0x27, 0x0a, 0x74, 0x4e, 0xe2, 0x1d, 0xfe, 0x03, 0x80, 0xcb, + 0x19, 0x97, 0x44, 0xb9, 0xfb, 0x05, 0x80, 0x93, 0x8e, 0x68, 0x26, 0x25, 0xf2, 0xcb, 0x12, 0xdc, + 0x32, 0x16, 0x4a, 0x49, 0x15, 0x6b, 0xc6, 0x87, 0x94, 0x5f, 0x5e, 0x38, 0x75, 0xf3, 0x2b, 0x2b, + 0x8e, 0x7f, 0xa6, 0x50, 0x16, 0x7b, 0x2b, 0xee, 0x83, 0xc5, 0xc2, 0x8b, 0x61, 0x71, 0x28, 0xbb, + 0x4a, 0x25, 0xac, 0xa4, 0xe4, 0x17, 0x3a, 0xc9, 0x5d, 0x85, 0xa9, 0x24, 0x4e, 0xa1, 0x6e, 0x7a, + 0x38, 0xef, 0xae, 0xc2, 0xd0, 0x14, 0xa5, 0x50, 0x86, 0x96, 0xe4, 0xae, 0x22, 0x20, 0x62, 0x18, + 0xbb, 0x4a, 0x2e, 0x4a, 0x0a, 0xc3, 0xa7, 0x44, 0x9e, 0x93, 0x2d, 0xc2, 0xf9, 0xee, 0x42, 0xb7, + 0x62, 0xdb, 0x3e, 0x83, 0x60, 0xfc, 0x3b, 0x00, 0x17, 0x7a, 0xcf, 0xa5, 0xec, 0xfc, 0x18, 0xc0, + 0x09, 0x8d, 0x33, 0x89, 0x1a, 0xe7, 0xad, 0xbc, 0x05, 0x5e, 0xb7, 0x3c, 0x4a, 0x14, 0x57, 0x1f, + 0x5e, 0x80, 0x73, 0x5d, 0x4e, 0xce, 0xc3, 0xf8, 0x5b, 0x10, 0xf3, 0xc1, 0x9d, 0x4a, 0x21, 0xde, + 0x06, 0x70, 0xdc, 0x65, 0xcf, 0xa1, 0x08, 0xb7, 0x72, 0x7a, 0x01, 0x07, 0x20, 0x4f, 0x1b, 0x7e, + 0x2b, 0xde, 0x18, 0x99, 0x45, 0x70, 0x7b, 0x37, 0x8c, 0xf9, 0x9e, 0x39, 0xa3, 0x63, 0x43, 0xeb, + 0x21, 0x2a, 0x91, 0x8a, 0x35, 0xd1, 0xcc, 0xbc, 0x1b, 0x9a, 0x50, 0x7d, 0x94, 0x8a, 0x85, 0x9a, + 0x93, 0x67, 0xc5, 0x0a, 0x3d, 0x5c, 0xcb, 0x4f, 0xa1, 0xf7, 0x13, 0x67, 0x45, 0xb6, 0x96, 0x64, + 0xc2, 0x48, 0x8d, 0xe7, 0xcf, 0xa1, 0x29, 0x51, 0x71, 0xc2, 0x48, 0x0d, 0xe1, 0x83, 0x64, 0x52, + 0xe3, 0x53, 0x21, 0x2b, 0x89, 0x3e, 0x4f, 0x9c, 0x01, 0xf3, 0x91, 0x52, 0x18, 0x3e, 0x29, 0xf2, + 0xb2, 0xe8, 0xed, 0x64, 0x1d, 0xb8, 0x6f, 0xc6, 0xd5, 0xc0, 0x66, 0xe2, 0xde, 0x65, 0xc7, 0x36, + 0x9b, 0xa7, 0x21, 0xf8, 0x09, 0x58, 0x38, 0x34, 0xeb, 0x84, 0xe1, 0x73, 0x95, 0xe0, 0x27, 0x1a, + 0x83, 0xe7, 0x2c, 0xad, 0x66, 0x58, 0xd4, 0xc9, 0xc2, 0x07, 0x54, 0x86, 0x28, 0xac, 0xe1, 0x77, + 0x63, 0x9f, 0xdb, 0xa4, 0xb5, 0x28, 0x63, 0x04, 0xff, 0x11, 0xc0, 0x72, 0xd6, 0x95, 0x50, 0x13, + 0xdc, 0x03, 0xb0, 0x24, 0x9e, 0x4a, 0x1d, 0x61, 0xbb, 0xef, 0x6a, 0x4a, 0x28, 0x95, 0x5a, 0xa6, + 0x87, 0x6e, 0xfc, 0xed, 0x44, 0x71, 0x98, 0x89, 0x5a, 0x59, 0x3e, 0xfc, 0x73, 0x85, 0x52, 0x99, + 0x41, 0x73, 0x3f, 0x54, 0x16, 0x5e, 0x14, 0x95, 0xf2, 0xfc, 0xdd, 0x87, 0xeb, 0xd9, 0x9c, 0xcc, + 0x5b, 0x6f, 0xbf, 0x9d, 0x72, 0xd2, 0xc8, 0x50, 0x6c, 0xdf, 0x06, 0x5c, 0xdf, 0xbe, 0xaf, 0xc0, + 0x8d, 0x81, 0xd4, 0x52, 0x2b, 0x3d, 0x01, 0xf0, 0xb2, 0xd3, 0xff, 0xf7, 0xd4, 0x95, 0x74, 0xb9, + 0xa6, 0x63, 0xaa, 0xa2, 0xf6, 0xcc, 0xb3, 0x4a, 0x7c, 0x25, 0x3e, 0x36, 0x6c, 0xdb, 0x3a, 0xa7, + 0xd0, 0x49, 0xe7, 0x9f, 0x8e, 0xa3, 0x00, 0xf3, 0xc3, 0x38, 0x63, 0x37, 0xd3, 0xc3, 0x79, 0xb7, + 0x31, 0x86, 0xa6, 0x28, 0x63, 0x33, 0xb4, 0x24, 0x8f, 0x02, 0x02, 0x70, 0xc3, 0x38, 0x0a, 0xe4, + 0xa2, 0xa4, 0x30, 0x7c, 0x4a, 0xe4, 0x05, 0xf5, 0x25, 0x58, 0x4a, 0xd8, 0x3f, 0x9b, 0xd3, 0xdc, + 0x05, 0x70, 0x8a, 0xfb, 0x11, 0x65, 0xc7, 0x86, 0xe7, 0x9b, 0x9d, 0x43, 0xd4, 0x24, 0xab, 0x39, + 0x98, 0x61, 0xb0, 0xd2, 0x2d, 0x1d, 0xef, 0x51, 0x20, 0xa1, 0xd5, 0x86, 0xe9, 0x20, 0x4f, 0x22, + 0xf8, 0x2c, 0x55, 0x22, 0xf8, 0x85, 0xe1, 0xc1, 0x97, 0xe7, 0x10, 0x26, 0x5c, 0xec, 0x3a, 0x0b, + 0x09, 0x62, 0x6e, 0xb0, 0x22, 0xfa, 0xf7, 0x00, 0x2e, 0x65, 0xd1, 0x45, 0x39, 0xbd, 0x03, 0x60, + 0xd1, 0xe5, 0x4e, 0xa3, 0x06, 0x7d, 0x27, 0xe7, 0xe9, 0x8b, 0x1f, 0x7f, 0x02, 0x9d, 0xd8, 0xa3, + 0x64, 0xc5, 0xb7, 0x06, 0x67, 0x90, 0xa0, 0x7e, 0xa4, 0x50, 0xda, 0x7a, 0x68, 0xcd, 0x4a, 0x5b, + 0xe1, 0xac, 0x69, 0x93, 0xe6, 0xac, 0x97, 0x7e, 0x53, 0x86, 0xe7, 0x08, 0x15, 0xe8, 0xbf, 0x00, + 0x8e, 0xb1, 0x0e, 0x8f, 0x68, 0xb7, 0x5f, 0x64, 0x19, 0x1a, 0x8d, 0xc5, 0xaf, 0xca, 0x15, 0x1a, + 0x22, 0xc3, 0x57, 0x7e, 0xf0, 0xa7, 0xbf, 0xfd, 0x54, 0xf9, 0x0c, 0x2a, 0xab, 0x75, 0xdd, 0x52, + 0x49, 0xf7, 0x3b, 0x31, 0x4d, 0x3d, 0xa2, 0xc1, 0x73, 0x7c, 0xfa, 0x8b, 0x84, 0xd1, 0x31, 0x3a, + 0x01, 0x70, 0x9c, 0x25, 0x78, 0xcd, 0xb2, 0x72, 0xc2, 0x17, 0x37, 0x16, 0x73, 0xc2, 0xef, 0xd1, + 0x19, 0xc4, 0x93, 0x04, 0xfe, 0x38, 0xfa, 0x24, 0x13, 0x3e, 0xfa, 0x3f, 0x80, 0xa3, 0x8c, 0x9b, + 0x5a, 0x54, 0xc9, 0x6b, 0x0b, 0x7e, 0xb3, 0xaa, 0xb8, 0x2b, 0x55, 0x26, 0xc5, 0xb7, 0x4a, 0xf0, + 0x7d, 0x1e, 0x5d, 0x3d, 0xc5, 0x17, 0xdd, 0x29, 0x2f, 0x67, 0xb3, 0xf3, 0x3f, 0x00, 0xbc, 0xc0, + 0x50, 0x10, 0x98, 0xb9, 0x92, 0xd7, 0x22, 0xd2, 0x49, 0x10, 0xb7, 0xe5, 0xf0, 0x1c, 0x21, 0x61, + 0x1a, 0x95, 0xc4, 0x24, 0xa0, 0xff, 0x00, 0xf8, 0x72, 0xaa, 0x4d, 0x84, 0x76, 0xf2, 0xda, 0x85, + 0xd7, 0x3c, 0x2b, 0xbe, 0x2b, 0x51, 0x22, 0x85, 0xf8, 0x06, 0x81, 0x78, 0x15, 0x7d, 0x36, 0xf6, + 0xe3, 0x60, 0x6e, 0x97, 0x91, 0xc3, 0xa3, 0xce, 0xb1, 0x7a, 0xd4, 0xd9, 0x8d, 0x3b, 0x46, 0xbf, + 0x56, 0xe0, 0xa4, 0xb0, 0x23, 0x81, 0xae, 0x4b, 0xf5, 0xce, 0xae, 0x06, 0x4f, 0xf1, 0x1b, 0x43, + 0x92, 0x4e, 0xd9, 0x79, 0x87, 0xb0, 0xb3, 0x89, 0xd6, 0xd3, 0x0e, 0x10, 0xff, 0xe9, 0x4a, 0xc6, + 0x80, 0xb8, 0xab, 0xc0, 0x69, 0xa1, 0xd6, 0x20, 0x34, 0xae, 0x4b, 0x75, 0x63, 0x39, 0x6c, 0x65, + 0xed, 0x79, 0xe1, 0x15, 0xc2, 0xd6, 0x6b, 0x68, 0x31, 0x33, 0x5b, 0xe8, 0x7f, 0x00, 0x8e, 0x32, + 0x1a, 0x0b, 0xf9, 0xf3, 0x24, 0xbf, 0xfd, 0x92, 0x3f, 0x4f, 0x0a, 0x7a, 0x2c, 0xf8, 0x0b, 0x04, + 0xf3, 0xe7, 0xd0, 0x95, 0x53, 0xcc, 0xb4, 0x94, 0xc8, 0xe8, 0x15, 0x7f, 0x07, 0xf0, 0x02, 0x43, + 0xfe, 0x40, 0x69, 0x52, 0x3a, 0x07, 0xe2, 0x3e, 0x13, 0xfe, 0x34, 0xe1, 0x60, 0x0a, 0x4d, 0x0a, + 0x39, 0x40, 0xff, 0x02, 0x70, 0x82, 0xd7, 0x20, 0x41, 0xef, 0x0d, 0x5a, 0xa4, 0x70, 0x0a, 0xd9, + 0xe2, 0xd7, 0xe5, 0x0b, 0xa6, 0xb0, 0x31, 0x81, 0x7d, 0x11, 0x15, 0x63, 0xd8, 0xb6, 0xed, 0x77, + 0x62, 0xfe, 0x37, 0x80, 0xe3, 0x9c, 0x96, 0x09, 0xfa, 0xda, 0x80, 0xfe, 0xc8, 0x43, 0xfc, 0x9e, + 0x74, 0xb9, 0x14, 0xf0, 0x12, 0x01, 0x3c, 0x8b, 0x70, 0xca, 0xce, 0x69, 0xe0, 0x3f, 0x54, 0xe0, + 0xa4, 0xb0, 0x3f, 0x92, 0x7f, 0x63, 0xc8, 0xd2, 0x40, 0xca, 0xbf, 0x31, 0x64, 0xea, 0x29, 0xe1, + 0x79, 0x42, 0xc5, 0x0c, 0x9a, 0xea, 0x51, 0xfd, 0xa2, 0xef, 0x2b, 0x41, 0x82, 0x4b, 0x5f, 0xec, + 0x0f, 0x90, 0x8c, 0xb8, 0xbd, 0x91, 0xfc, 0x95, 0xbe, 0xa8, 0x01, 0xc2, 0x28, 0x05, 0xa3, 0x4e, + 0x45, 0xc6, 0x1c, 0xf7, 0x8c, 0xe4, 0xb8, 0x94, 0x86, 0x81, 0x2a, 0x7e, 0xf9, 0x34, 0xf4, 0xe8, + 0x03, 0x31, 0x8a, 0x41, 0x26, 0x0d, 0xe8, 0x81, 0xd2, 0xeb, 0x86, 0x1d, 0xe5, 0xaf, 0x5a, 0xb2, + 0xb4, 0x17, 0x8a, 0x37, 0x86, 0x25, 0x9e, 0x32, 0xf1, 0x26, 0x61, 0x62, 0x15, 0xbd, 0xd1, 0x91, + 0x07, 0xe8, 0xf6, 0x1e, 0xfe, 0xe9, 0x6e, 0x54, 0x32, 0x26, 0xef, 0x7d, 0x8f, 0xd5, 0xa3, 0x43, + 0xb3, 0x7e, 0xac, 0x1e, 0x91, 0xbe, 0xd1, 0x31, 0xba, 0xa5, 0xc0, 0x19, 0xb1, 0xc6, 0xc0, 0x43, + 0xf2, 0xd7, 0x2c, 0x43, 0xe4, 0x2a, 0x73, 0xbf, 0x85, 0xb5, 0x49, 0x74, 0x73, 0x85, 0xfe, 0xac, + 0xc0, 0xcb, 0x39, 0xae, 0xe0, 0x91, 0x3b, 0x1c, 0x3b, 0x8b, 0x3a, 0x22, 0x45, 0xef, 0x4c, 0x75, + 0x52, 0x12, 0xaf, 0x12, 0x12, 0x57, 0x90, 0xda, 0xa7, 0xc3, 0xa1, 0xe7, 0x00, 0x8e, 0xb2, 0xee, + 0x74, 0x72, 0x97, 0x97, 0xfc, 0x1b, 0xb3, 0xfc, 0xe5, 0xa5, 0xe0, 0x3e, 0x0c, 0xbf, 0x4e, 0x90, + 0xcf, 0xa1, 0xd9, 0x53, 0xe4, 0x4d, 0x5b, 0x4f, 0x6f, 0xb7, 0x61, 0x64, 0x91, 0x33, 0x37, 0x43, + 0xda, 0x40, 0xc5, 0xa4, 0x74, 0xc4, 0xe2, 0x4e, 0x05, 0x23, 0xcd, 0x32, 0x11, 0xa3, 0x27, 0x00, + 0x9e, 0xef, 0xba, 0x6e, 0x46, 0xdb, 0x03, 0x98, 0x80, 0x05, 0xf0, 0x2b, 0xd2, 0xe4, 0x71, 0xcb, + 0x86, 0x00, 0x1c, 0xc3, 0x92, 0x8f, 0x01, 0x44, 0x5d, 0x42, 0x02, 0x2b, 0x6e, 0x0f, 0xc0, 0xb8, + 0x3c, 0x80, 0xfc, 0x56, 0x02, 0x9e, 0x21, 0x00, 0x3f, 0x85, 0x5e, 0xe1, 0x02, 0x44, 0xf7, 0x14, + 0x58, 0xe4, 0x5f, 0xc8, 0xa2, 0xf7, 0x07, 0xac, 0x5e, 0x05, 0xfe, 0x7a, 0x6d, 0x18, 0xa2, 0x29, + 0xf0, 0x2d, 0x02, 0x7c, 0x0d, 0xad, 0xa6, 0x6a, 0x63, 0x4e, 0xc0, 0xf2, 0x8a, 0xa5, 0x5b, 0x0a, + 0x9c, 0xe4, 0xeb, 0x0b, 0x9c, 0xe0, 0xfd, 0x01, 0xcf, 0x70, 0xd2, 0x19, 0xca, 0x74, 0xb5, 0x8f, + 0xcb, 0x84, 0xa1, 0x05, 0x34, 0x97, 0x8d, 0xa1, 0xf5, 0x1b, 0x0f, 0x9f, 0x96, 0xc0, 0xa3, 0xa7, + 0x25, 0xf0, 0xd7, 0xa7, 0x25, 0x70, 0xe7, 0xa4, 0x34, 0xf2, 0xe8, 0xa4, 0x34, 0xf2, 0xf8, 0xa4, + 0x34, 0x72, 0x6d, 0xb3, 0x61, 0xfa, 0x7b, 0xad, 0x5a, 0x59, 0xb7, 0x0f, 0xd4, 0x70, 0xbd, 0xcb, + 0xd1, 0x82, 0xd5, 0xc4, 0x82, 0x97, 0xe3, 0x15, 0x2f, 0x87, 0x4b, 0x56, 0xbf, 0x43, 0xf4, 0xfa, + 0x6d, 0xc7, 0xf0, 0x6a, 0x2f, 0x91, 0xff, 0xd6, 0xb9, 0xfc, 0x41, 0x00, 0x00, 0x00, 0xff, 0xff, + 0x54, 0x50, 0x97, 0x87, 0x86, 0x36, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -2286,6 +2506,10 @@ type QueryClient interface { NocCertificates(ctx context.Context, in *QueryGetNocCertificatesRequest, opts ...grpc.CallOption) (*QueryGetNocCertificatesResponse, error) // Queries a list of NocCertificates items. NocCertificatesAll(ctx context.Context, in *QueryAllNocCertificatesRequest, opts ...grpc.CallOption) (*QueryAllNocCertificatesResponse, error) + // Queries a RevokedNocRootCertificates by index. + RevokedNocRootCertificates(ctx context.Context, in *QueryGetRevokedNocRootCertificatesRequest, opts ...grpc.CallOption) (*QueryGetRevokedNocRootCertificatesResponse, error) + // Queries a list of RevokedNocRootCertificates items. + RevokedNocRootCertificatesAll(ctx context.Context, in *QueryAllRevokedNocRootCertificatesRequest, opts ...grpc.CallOption) (*QueryAllRevokedNocRootCertificatesResponse, error) } type queryClient struct { @@ -2485,6 +2709,24 @@ func (c *queryClient) NocCertificatesAll(ctx context.Context, in *QueryAllNocCer return out, nil } +func (c *queryClient) RevokedNocRootCertificates(ctx context.Context, in *QueryGetRevokedNocRootCertificatesRequest, opts ...grpc.CallOption) (*QueryGetRevokedNocRootCertificatesResponse, error) { + out := new(QueryGetRevokedNocRootCertificatesResponse) + err := c.cc.Invoke(ctx, "/zigbeealliance.distributedcomplianceledger.pki.Query/RevokedNocRootCertificates", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *queryClient) RevokedNocRootCertificatesAll(ctx context.Context, in *QueryAllRevokedNocRootCertificatesRequest, opts ...grpc.CallOption) (*QueryAllRevokedNocRootCertificatesResponse, error) { + out := new(QueryAllRevokedNocRootCertificatesResponse) + err := c.cc.Invoke(ctx, "/zigbeealliance.distributedcomplianceledger.pki.Query/RevokedNocRootCertificatesAll", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // QueryServer is the server API for Query service. type QueryServer interface { // Queries a ApprovedCertificates by index. @@ -2529,6 +2771,10 @@ type QueryServer interface { NocCertificates(context.Context, *QueryGetNocCertificatesRequest) (*QueryGetNocCertificatesResponse, error) // Queries a list of NocCertificates items. NocCertificatesAll(context.Context, *QueryAllNocCertificatesRequest) (*QueryAllNocCertificatesResponse, error) + // Queries a RevokedNocRootCertificates by index. + RevokedNocRootCertificates(context.Context, *QueryGetRevokedNocRootCertificatesRequest) (*QueryGetRevokedNocRootCertificatesResponse, error) + // Queries a list of RevokedNocRootCertificates items. + RevokedNocRootCertificatesAll(context.Context, *QueryAllRevokedNocRootCertificatesRequest) (*QueryAllRevokedNocRootCertificatesResponse, error) } // UnimplementedQueryServer can be embedded to have forward compatible implementations. @@ -2598,6 +2844,12 @@ func (*UnimplementedQueryServer) NocCertificates(ctx context.Context, req *Query func (*UnimplementedQueryServer) NocCertificatesAll(ctx context.Context, req *QueryAllNocCertificatesRequest) (*QueryAllNocCertificatesResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method NocCertificatesAll not implemented") } +func (*UnimplementedQueryServer) RevokedNocRootCertificates(ctx context.Context, req *QueryGetRevokedNocRootCertificatesRequest) (*QueryGetRevokedNocRootCertificatesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method RevokedNocRootCertificates not implemented") +} +func (*UnimplementedQueryServer) RevokedNocRootCertificatesAll(ctx context.Context, req *QueryAllRevokedNocRootCertificatesRequest) (*QueryAllRevokedNocRootCertificatesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method RevokedNocRootCertificatesAll not implemented") +} func RegisterQueryServer(s grpc1.Server, srv QueryServer) { s.RegisterService(&_Query_serviceDesc, srv) @@ -2981,6 +3233,42 @@ func _Query_NocCertificatesAll_Handler(srv interface{}, ctx context.Context, dec return interceptor(ctx, in, info, handler) } +func _Query_RevokedNocRootCertificates_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(QueryGetRevokedNocRootCertificatesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(QueryServer).RevokedNocRootCertificates(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/zigbeealliance.distributedcomplianceledger.pki.Query/RevokedNocRootCertificates", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(QueryServer).RevokedNocRootCertificates(ctx, req.(*QueryGetRevokedNocRootCertificatesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Query_RevokedNocRootCertificatesAll_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(QueryAllRevokedNocRootCertificatesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(QueryServer).RevokedNocRootCertificatesAll(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/zigbeealliance.distributedcomplianceledger.pki.Query/RevokedNocRootCertificatesAll", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(QueryServer).RevokedNocRootCertificatesAll(ctx, req.(*QueryAllRevokedNocRootCertificatesRequest)) + } + return interceptor(ctx, in, info, handler) +} + var _Query_serviceDesc = grpc.ServiceDesc{ ServiceName: "zigbeealliance.distributedcomplianceledger.pki.Query", HandlerType: (*QueryServer)(nil), @@ -3069,6 +3357,14 @@ var _Query_serviceDesc = grpc.ServiceDesc{ MethodName: "NocCertificatesAll", Handler: _Query_NocCertificatesAll_Handler, }, + { + MethodName: "RevokedNocRootCertificates", + Handler: _Query_RevokedNocRootCertificates_Handler, + }, + { + MethodName: "RevokedNocRootCertificatesAll", + Handler: _Query_RevokedNocRootCertificatesAll_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "pki/query.proto", @@ -4615,56 +4911,210 @@ func (m *QueryAllNocCertificatesResponse) MarshalToSizedBuffer(dAtA []byte) (int return len(dAtA) - i, nil } -func encodeVarintQuery(dAtA []byte, offset int, v uint64) int { - offset -= sovQuery(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ +func (m *QueryGetRevokedNocRootCertificatesRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } - dAtA[offset] = uint8(v) - return base + return dAtA[:n], nil } -func (m *QueryGetApprovedCertificatesRequest) Size() (n int) { - if m == nil { - return 0 - } + +func (m *QueryGetRevokedNocRootCertificatesRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *QueryGetRevokedNocRootCertificatesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i var l int _ = l - l = len(m.Subject) - if l > 0 { - n += 1 + l + sovQuery(uint64(l)) + if len(m.SubjectKeyId) > 0 { + i -= len(m.SubjectKeyId) + copy(dAtA[i:], m.SubjectKeyId) + i = encodeVarintQuery(dAtA, i, uint64(len(m.SubjectKeyId))) + i-- + dAtA[i] = 0x12 } - l = len(m.SubjectKeyId) - if l > 0 { - n += 1 + l + sovQuery(uint64(l)) + if len(m.Subject) > 0 { + i -= len(m.Subject) + copy(dAtA[i:], m.Subject) + i = encodeVarintQuery(dAtA, i, uint64(len(m.Subject))) + i-- + dAtA[i] = 0xa } - return n + return len(dAtA) - i, nil } -func (m *QueryGetApprovedCertificatesResponse) Size() (n int) { - if m == nil { - return 0 +func (m *QueryGetRevokedNocRootCertificatesResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err } - var l int - _ = l - l = m.ApprovedCertificates.Size() - n += 1 + l + sovQuery(uint64(l)) - return n + return dAtA[:n], nil } -func (m *QueryAllApprovedCertificatesRequest) Size() (n int) { - if m == nil { - return 0 - } +func (m *QueryGetRevokedNocRootCertificatesResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *QueryGetRevokedNocRootCertificatesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i var l int _ = l - if m.Pagination != nil { - l = m.Pagination.Size() - n += 1 + l + sovQuery(uint64(l)) + { + size, err := m.RevokedNocRootCertificates.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintQuery(dAtA, i, uint64(size)) } - l = len(m.SubjectKeyId) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *QueryAllRevokedNocRootCertificatesRequest) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *QueryAllRevokedNocRootCertificatesRequest) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *QueryAllRevokedNocRootCertificatesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Pagination != nil { + { + size, err := m.Pagination.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintQuery(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *QueryAllRevokedNocRootCertificatesResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *QueryAllRevokedNocRootCertificatesResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *QueryAllRevokedNocRootCertificatesResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.Pagination != nil { + { + size, err := m.Pagination.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintQuery(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if len(m.RevokedNocRootCertificates) > 0 { + for iNdEx := len(m.RevokedNocRootCertificates) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.RevokedNocRootCertificates[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintQuery(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func encodeVarintQuery(dAtA []byte, offset int, v uint64) int { + offset -= sovQuery(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *QueryGetApprovedCertificatesRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Subject) + if l > 0 { + n += 1 + l + sovQuery(uint64(l)) + } + l = len(m.SubjectKeyId) + if l > 0 { + n += 1 + l + sovQuery(uint64(l)) + } + return n +} + +func (m *QueryGetApprovedCertificatesResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ApprovedCertificates.Size() + n += 1 + l + sovQuery(uint64(l)) + return n +} + +func (m *QueryAllApprovedCertificatesRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Pagination != nil { + l = m.Pagination.Size() + n += 1 + l + sovQuery(uint64(l)) + } + l = len(m.SubjectKeyId) if l > 0 { n += 1 + l + sovQuery(uint64(l)) } @@ -5223,6 +5673,66 @@ func (m *QueryAllNocCertificatesResponse) Size() (n int) { return n } +func (m *QueryGetRevokedNocRootCertificatesRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Subject) + if l > 0 { + n += 1 + l + sovQuery(uint64(l)) + } + l = len(m.SubjectKeyId) + if l > 0 { + n += 1 + l + sovQuery(uint64(l)) + } + return n +} + +func (m *QueryGetRevokedNocRootCertificatesResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.RevokedNocRootCertificates.Size() + n += 1 + l + sovQuery(uint64(l)) + return n +} + +func (m *QueryAllRevokedNocRootCertificatesRequest) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Pagination != nil { + l = m.Pagination.Size() + n += 1 + l + sovQuery(uint64(l)) + } + return n +} + +func (m *QueryAllRevokedNocRootCertificatesResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.RevokedNocRootCertificates) > 0 { + for _, e := range m.RevokedNocRootCertificates { + l = e.Size() + n += 1 + l + sovQuery(uint64(l)) + } + } + if m.Pagination != nil { + l = m.Pagination.Size() + n += 1 + l + sovQuery(uint64(l)) + } + return n +} + func sovQuery(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -9239,6 +9749,409 @@ func (m *QueryAllNocCertificatesResponse) Unmarshal(dAtA []byte) error { } return nil } +func (m *QueryGetRevokedNocRootCertificatesRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: QueryGetRevokedNocRootCertificatesRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: QueryGetRevokedNocRootCertificatesRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Subject", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthQuery + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthQuery + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Subject = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubjectKeyId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthQuery + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthQuery + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubjectKeyId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipQuery(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthQuery + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *QueryGetRevokedNocRootCertificatesResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: QueryGetRevokedNocRootCertificatesResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: QueryGetRevokedNocRootCertificatesResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RevokedNocRootCertificates", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthQuery + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthQuery + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.RevokedNocRootCertificates.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipQuery(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthQuery + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *QueryAllRevokedNocRootCertificatesRequest) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: QueryAllRevokedNocRootCertificatesRequest: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: QueryAllRevokedNocRootCertificatesRequest: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Pagination", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthQuery + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthQuery + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Pagination == nil { + m.Pagination = &query.PageRequest{} + } + if err := m.Pagination.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipQuery(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthQuery + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *QueryAllRevokedNocRootCertificatesResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: QueryAllRevokedNocRootCertificatesResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: QueryAllRevokedNocRootCertificatesResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RevokedNocRootCertificates", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthQuery + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthQuery + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RevokedNocRootCertificates = append(m.RevokedNocRootCertificates, RevokedNocRootCertificates{}) + if err := m.RevokedNocRootCertificates[len(m.RevokedNocRootCertificates)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Pagination", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowQuery + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthQuery + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthQuery + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Pagination == nil { + m.Pagination = &query.PageResponse{} + } + if err := m.Pagination.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipQuery(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthQuery + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func skipQuery(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/x/pki/types/query.pb.gw.go b/x/pki/types/query.pb.gw.go index 5e9d629a0..af85bdfed 100644 --- a/x/pki/types/query.pb.gw.go +++ b/x/pki/types/query.pb.gw.go @@ -1145,6 +1145,118 @@ func local_request_Query_NocCertificatesAll_0(ctx context.Context, marshaler run } +func request_Query_RevokedNocRootCertificates_0(ctx context.Context, marshaler runtime.Marshaler, client QueryClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq QueryGetRevokedNocRootCertificatesRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["subject"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "subject") + } + + protoReq.Subject, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "subject", err) + } + + val, ok = pathParams["subjectKeyId"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "subjectKeyId") + } + + protoReq.SubjectKeyId, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "subjectKeyId", err) + } + + msg, err := client.RevokedNocRootCertificates(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_Query_RevokedNocRootCertificates_0(ctx context.Context, marshaler runtime.Marshaler, server QueryServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq QueryGetRevokedNocRootCertificatesRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["subject"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "subject") + } + + protoReq.Subject, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "subject", err) + } + + val, ok = pathParams["subjectKeyId"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "subjectKeyId") + } + + protoReq.SubjectKeyId, err = runtime.String(val) + + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "subjectKeyId", err) + } + + msg, err := server.RevokedNocRootCertificates(ctx, &protoReq) + return msg, metadata, err + +} + +var ( + filter_Query_RevokedNocRootCertificatesAll_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)} +) + +func request_Query_RevokedNocRootCertificatesAll_0(ctx context.Context, marshaler runtime.Marshaler, client QueryClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq QueryAllRevokedNocRootCertificatesRequest + var metadata runtime.ServerMetadata + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Query_RevokedNocRootCertificatesAll_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.RevokedNocRootCertificatesAll(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_Query_RevokedNocRootCertificatesAll_0(ctx context.Context, marshaler runtime.Marshaler, server QueryServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq QueryAllRevokedNocRootCertificatesRequest + var metadata runtime.ServerMetadata + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Query_RevokedNocRootCertificatesAll_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.RevokedNocRootCertificatesAll(ctx, &protoReq) + return msg, metadata, err + +} + // RegisterQueryHandlerServer registers the http handlers for service Query to "mux". // UnaryRPC :call QueryServer directly. // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. @@ -1634,6 +1746,52 @@ func RegisterQueryHandlerServer(ctx context.Context, mux *runtime.ServeMux, serv }) + mux.Handle("GET", pattern_Query_RevokedNocRootCertificates_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Query_RevokedNocRootCertificates_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Query_RevokedNocRootCertificates_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Query_RevokedNocRootCertificatesAll_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Query_RevokedNocRootCertificatesAll_0(rctx, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Query_RevokedNocRootCertificatesAll_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -2095,6 +2253,46 @@ func RegisterQueryHandlerClient(ctx context.Context, mux *runtime.ServeMux, clie }) + mux.Handle("GET", pattern_Query_RevokedNocRootCertificates_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_Query_RevokedNocRootCertificates_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Query_RevokedNocRootCertificates_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Query_RevokedNocRootCertificatesAll_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + rctx, err := runtime.AnnotateContext(ctx, mux, req) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_Query_RevokedNocRootCertificatesAll_0(rctx, inboundMarshaler, client, req, pathParams) + ctx = runtime.NewServerMetadataContext(ctx, md) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + + forward_Query_RevokedNocRootCertificatesAll_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + return nil } @@ -2140,6 +2338,10 @@ var ( pattern_Query_NocCertificates_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"dcl", "pki", "noc-certificates", "vid"}, "", runtime.AssumeColonVerbOpt(false))) pattern_Query_NocCertificatesAll_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"dcl", "pki", "noc-certificates"}, "", runtime.AssumeColonVerbOpt(false))) + + pattern_Query_RevokedNocRootCertificates_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 1, 0, 4, 1, 5, 4}, []string{"dcl", "pki", "revoked-noc-root-certificates", "subject", "subjectKeyId"}, "", runtime.AssumeColonVerbOpt(false))) + + pattern_Query_RevokedNocRootCertificatesAll_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"dcl", "pki", "revoked-noc-root-certificates"}, "", runtime.AssumeColonVerbOpt(false))) ) var ( @@ -2184,4 +2386,8 @@ var ( forward_Query_NocCertificates_0 = runtime.ForwardResponseMessage forward_Query_NocCertificatesAll_0 = runtime.ForwardResponseMessage + + forward_Query_RevokedNocRootCertificates_0 = runtime.ForwardResponseMessage + + forward_Query_RevokedNocRootCertificatesAll_0 = runtime.ForwardResponseMessage ) diff --git a/x/pki/types/revoked_noc_root_certificates.pb.go b/x/pki/types/revoked_noc_root_certificates.pb.go new file mode 100644 index 000000000..6e061beb3 --- /dev/null +++ b/x/pki/types/revoked_noc_root_certificates.pb.go @@ -0,0 +1,436 @@ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: pki/revoked_noc_root_certificates.proto + +package types + +import ( + fmt "fmt" + proto "github.com/gogo/protobuf/proto" + io "io" + math "math" + math_bits "math/bits" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +type RevokedNocRootCertificates struct { + Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"` + SubjectKeyId string `protobuf:"bytes,2,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty"` + Certs []*Certificate `protobuf:"bytes,3,rep,name=certs,proto3" json:"certs,omitempty"` +} + +func (m *RevokedNocRootCertificates) Reset() { *m = RevokedNocRootCertificates{} } +func (m *RevokedNocRootCertificates) String() string { return proto.CompactTextString(m) } +func (*RevokedNocRootCertificates) ProtoMessage() {} +func (*RevokedNocRootCertificates) Descriptor() ([]byte, []int) { + return fileDescriptor_ab9c4f154f441df5, []int{0} +} +func (m *RevokedNocRootCertificates) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *RevokedNocRootCertificates) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_RevokedNocRootCertificates.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *RevokedNocRootCertificates) XXX_Merge(src proto.Message) { + xxx_messageInfo_RevokedNocRootCertificates.Merge(m, src) +} +func (m *RevokedNocRootCertificates) XXX_Size() int { + return m.Size() +} +func (m *RevokedNocRootCertificates) XXX_DiscardUnknown() { + xxx_messageInfo_RevokedNocRootCertificates.DiscardUnknown(m) +} + +var xxx_messageInfo_RevokedNocRootCertificates proto.InternalMessageInfo + +func (m *RevokedNocRootCertificates) GetSubject() string { + if m != nil { + return m.Subject + } + return "" +} + +func (m *RevokedNocRootCertificates) GetSubjectKeyId() string { + if m != nil { + return m.SubjectKeyId + } + return "" +} + +func (m *RevokedNocRootCertificates) GetCerts() []*Certificate { + if m != nil { + return m.Certs + } + return nil +} + +func init() { + proto.RegisterType((*RevokedNocRootCertificates)(nil), "zigbeealliance.distributedcomplianceledger.pki.RevokedNocRootCertificates") +} + +func init() { + proto.RegisterFile("pki/revoked_noc_root_certificates.proto", fileDescriptor_ab9c4f154f441df5) +} + +var fileDescriptor_ab9c4f154f441df5 = []byte{ + // 268 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x52, 0x2f, 0xc8, 0xce, 0xd4, + 0x2f, 0x4a, 0x2d, 0xcb, 0xcf, 0x4e, 0x4d, 0x89, 0xcf, 0xcb, 0x4f, 0x8e, 0x2f, 0xca, 0xcf, 0x2f, + 0x89, 0x4f, 0x4e, 0x2d, 0x2a, 0xc9, 0x4c, 0xcb, 0x4c, 0x4e, 0x2c, 0x49, 0x2d, 0xd6, 0x2b, 0x28, + 0xca, 0x2f, 0xc9, 0x17, 0xd2, 0xab, 0xca, 0x4c, 0x4f, 0x4a, 0x4d, 0x4d, 0xcc, 0xc9, 0xc9, 0x4c, + 0xcc, 0x4b, 0x4e, 0xd5, 0x4b, 0xc9, 0x2c, 0x2e, 0x29, 0xca, 0x4c, 0x2a, 0x2d, 0x49, 0x4d, 0x49, + 0xce, 0xcf, 0x2d, 0x80, 0x88, 0xe6, 0xa4, 0xa6, 0xa4, 0xa7, 0x16, 0xe9, 0x15, 0x64, 0x67, 0x4a, + 0x89, 0x82, 0x0c, 0x46, 0x32, 0x07, 0x62, 0x8c, 0xd2, 0x5a, 0x46, 0x2e, 0xa9, 0x20, 0x88, 0x75, + 0x7e, 0xf9, 0xc9, 0x41, 0xf9, 0xf9, 0x25, 0xce, 0x48, 0x76, 0x09, 0x49, 0x70, 0xb1, 0x17, 0x97, + 0x26, 0x65, 0xa5, 0x26, 0x97, 0x48, 0x30, 0x2a, 0x30, 0x6a, 0x70, 0x06, 0xc1, 0xb8, 0x42, 0x4a, + 0x5c, 0x3c, 0x50, 0xa6, 0x77, 0x6a, 0xa5, 0x67, 0x8a, 0x04, 0x13, 0x58, 0x1a, 0x45, 0x4c, 0x28, + 0x90, 0x8b, 0x15, 0x64, 0x63, 0xb1, 0x04, 0xb3, 0x02, 0xb3, 0x06, 0xb7, 0x91, 0x35, 0x89, 0x6e, + 0xd6, 0x43, 0x72, 0x4a, 0x10, 0xc4, 0x24, 0xa7, 0xb8, 0x13, 0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, + 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x71, 0xc2, 0x63, 0x39, 0x86, 0x0b, 0x8f, 0xe5, 0x18, 0x6e, 0x3c, + 0x96, 0x63, 0x88, 0x72, 0x49, 0xcf, 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x87, + 0xd8, 0xa3, 0x0b, 0xb3, 0x48, 0x1f, 0xc9, 0x22, 0x5d, 0x84, 0x4d, 0xba, 0x10, 0xab, 0xf4, 0x2b, + 0xf4, 0x41, 0x61, 0x53, 0x52, 0x59, 0x90, 0x5a, 0x9c, 0xc4, 0x06, 0x0e, 0x16, 0x63, 0x40, 0x00, + 0x00, 0x00, 0xff, 0xff, 0xf9, 0x0d, 0x7d, 0xa5, 0x88, 0x01, 0x00, 0x00, +} + +func (m *RevokedNocRootCertificates) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RevokedNocRootCertificates) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *RevokedNocRootCertificates) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Certs) > 0 { + for iNdEx := len(m.Certs) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Certs[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintRevokedNocRootCertificates(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + } + if len(m.SubjectKeyId) > 0 { + i -= len(m.SubjectKeyId) + copy(dAtA[i:], m.SubjectKeyId) + i = encodeVarintRevokedNocRootCertificates(dAtA, i, uint64(len(m.SubjectKeyId))) + i-- + dAtA[i] = 0x12 + } + if len(m.Subject) > 0 { + i -= len(m.Subject) + copy(dAtA[i:], m.Subject) + i = encodeVarintRevokedNocRootCertificates(dAtA, i, uint64(len(m.Subject))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func encodeVarintRevokedNocRootCertificates(dAtA []byte, offset int, v uint64) int { + offset -= sovRevokedNocRootCertificates(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *RevokedNocRootCertificates) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Subject) + if l > 0 { + n += 1 + l + sovRevokedNocRootCertificates(uint64(l)) + } + l = len(m.SubjectKeyId) + if l > 0 { + n += 1 + l + sovRevokedNocRootCertificates(uint64(l)) + } + if len(m.Certs) > 0 { + for _, e := range m.Certs { + l = e.Size() + n += 1 + l + sovRevokedNocRootCertificates(uint64(l)) + } + } + return n +} + +func sovRevokedNocRootCertificates(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozRevokedNocRootCertificates(x uint64) (n int) { + return sovRevokedNocRootCertificates(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *RevokedNocRootCertificates) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRevokedNocRootCertificates + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RevokedNocRootCertificates: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RevokedNocRootCertificates: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Subject", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRevokedNocRootCertificates + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthRevokedNocRootCertificates + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthRevokedNocRootCertificates + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Subject = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubjectKeyId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRevokedNocRootCertificates + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthRevokedNocRootCertificates + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthRevokedNocRootCertificates + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubjectKeyId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Certs", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRevokedNocRootCertificates + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthRevokedNocRootCertificates + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthRevokedNocRootCertificates + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Certs = append(m.Certs, &Certificate{}) + if err := m.Certs[len(m.Certs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipRevokedNocRootCertificates(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthRevokedNocRootCertificates + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipRevokedNocRootCertificates(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowRevokedNocRootCertificates + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowRevokedNocRootCertificates + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowRevokedNocRootCertificates + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if length < 0 { + return 0, ErrInvalidLengthRevokedNocRootCertificates + } + iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupRevokedNocRootCertificates + } + depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + if iNdEx < 0 { + return 0, ErrInvalidLengthRevokedNocRootCertificates + } + if depth == 0 { + return iNdEx, nil + } + } + return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthRevokedNocRootCertificates = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowRevokedNocRootCertificates = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupRevokedNocRootCertificates = fmt.Errorf("proto: unexpected end of group") +) diff --git a/x/pki/types/tx.pb.go b/x/pki/types/tx.pb.go index ec026026d..c424abf4e 100644 --- a/x/pki/types/tx.pb.go +++ b/x/pki/types/tx.pb.go @@ -1661,6 +1661,134 @@ func (m *MsgAddNocX509CertResponse) XXX_DiscardUnknown() { var xxx_messageInfo_MsgAddNocX509CertResponse proto.InternalMessageInfo +type MsgRevokeNocRootX509Cert struct { + Signer string `protobuf:"bytes,1,opt,name=signer,proto3" json:"signer,omitempty" validate:"required"` + Subject string `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty" validate:"required,max=1024"` + SubjectKeyId string `protobuf:"bytes,3,opt,name=subjectKeyId,proto3" json:"subjectKeyId,omitempty" validate:"required,max=256"` + SerialNumber string `protobuf:"bytes,4,opt,name=serialNumber,proto3" json:"serialNumber,omitempty"` + Info string `protobuf:"bytes,5,opt,name=info,proto3" json:"info,omitempty" validate:"max=4096"` + Time int64 `protobuf:"varint,6,opt,name=time,proto3" json:"time,omitempty"` + RevokeChild bool `protobuf:"varint,7,opt,name=revokeChild,proto3" json:"revokeChild,omitempty"` +} + +func (m *MsgRevokeNocRootX509Cert) Reset() { *m = MsgRevokeNocRootX509Cert{} } +func (m *MsgRevokeNocRootX509Cert) String() string { return proto.CompactTextString(m) } +func (*MsgRevokeNocRootX509Cert) ProtoMessage() {} +func (*MsgRevokeNocRootX509Cert) Descriptor() ([]byte, []int) { + return fileDescriptor_badfdb2b39855d16, []int{28} +} +func (m *MsgRevokeNocRootX509Cert) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *MsgRevokeNocRootX509Cert) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgRevokeNocRootX509Cert.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *MsgRevokeNocRootX509Cert) XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgRevokeNocRootX509Cert.Merge(m, src) +} +func (m *MsgRevokeNocRootX509Cert) XXX_Size() int { + return m.Size() +} +func (m *MsgRevokeNocRootX509Cert) XXX_DiscardUnknown() { + xxx_messageInfo_MsgRevokeNocRootX509Cert.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgRevokeNocRootX509Cert proto.InternalMessageInfo + +func (m *MsgRevokeNocRootX509Cert) GetSigner() string { + if m != nil { + return m.Signer + } + return "" +} + +func (m *MsgRevokeNocRootX509Cert) GetSubject() string { + if m != nil { + return m.Subject + } + return "" +} + +func (m *MsgRevokeNocRootX509Cert) GetSubjectKeyId() string { + if m != nil { + return m.SubjectKeyId + } + return "" +} + +func (m *MsgRevokeNocRootX509Cert) GetSerialNumber() string { + if m != nil { + return m.SerialNumber + } + return "" +} + +func (m *MsgRevokeNocRootX509Cert) GetInfo() string { + if m != nil { + return m.Info + } + return "" +} + +func (m *MsgRevokeNocRootX509Cert) GetTime() int64 { + if m != nil { + return m.Time + } + return 0 +} + +func (m *MsgRevokeNocRootX509Cert) GetRevokeChild() bool { + if m != nil { + return m.RevokeChild + } + return false +} + +type MsgRevokeNocRootX509CertResponse struct { +} + +func (m *MsgRevokeNocRootX509CertResponse) Reset() { *m = MsgRevokeNocRootX509CertResponse{} } +func (m *MsgRevokeNocRootX509CertResponse) String() string { return proto.CompactTextString(m) } +func (*MsgRevokeNocRootX509CertResponse) ProtoMessage() {} +func (*MsgRevokeNocRootX509CertResponse) Descriptor() ([]byte, []int) { + return fileDescriptor_badfdb2b39855d16, []int{29} +} +func (m *MsgRevokeNocRootX509CertResponse) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *MsgRevokeNocRootX509CertResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_MsgRevokeNocRootX509CertResponse.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *MsgRevokeNocRootX509CertResponse) XXX_Merge(src proto.Message) { + xxx_messageInfo_MsgRevokeNocRootX509CertResponse.Merge(m, src) +} +func (m *MsgRevokeNocRootX509CertResponse) XXX_Size() int { + return m.Size() +} +func (m *MsgRevokeNocRootX509CertResponse) XXX_DiscardUnknown() { + xxx_messageInfo_MsgRevokeNocRootX509CertResponse.DiscardUnknown(m) +} + +var xxx_messageInfo_MsgRevokeNocRootX509CertResponse proto.InternalMessageInfo + func init() { proto.RegisterType((*MsgProposeAddX509RootCert)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgProposeAddX509RootCert") proto.RegisterType((*MsgProposeAddX509RootCertResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgProposeAddX509RootCertResponse") @@ -1690,94 +1818,99 @@ func init() { proto.RegisterType((*MsgRemoveX509CertResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgRemoveX509CertResponse") proto.RegisterType((*MsgAddNocX509Cert)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgAddNocX509Cert") proto.RegisterType((*MsgAddNocX509CertResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgAddNocX509CertResponse") + proto.RegisterType((*MsgRevokeNocRootX509Cert)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocRootX509Cert") + proto.RegisterType((*MsgRevokeNocRootX509CertResponse)(nil), "zigbeealliance.distributedcomplianceledger.pki.MsgRevokeNocRootX509CertResponse") } func init() { proto.RegisterFile("pki/tx.proto", fileDescriptor_badfdb2b39855d16) } var fileDescriptor_badfdb2b39855d16 = []byte{ - // 1310 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x59, 0x4f, 0x6c, 0xdb, 0x54, - 0x18, 0x9f, 0xf3, 0xa7, 0x7f, 0xbe, 0x95, 0x4a, 0x3c, 0xb2, 0xce, 0x75, 0x4b, 0x92, 0x79, 0xd5, - 0x16, 0x89, 0x36, 0x49, 0xbb, 0xa6, 0xac, 0x13, 0x05, 0xa5, 0x0d, 0x1b, 0xd5, 0xda, 0xa9, 0xb8, - 0x1d, 0x20, 0x84, 0x98, 0x92, 0xf8, 0xcd, 0x7b, 0xd4, 0xc9, 0x33, 0xb6, 0x53, 0xb5, 0xbb, 0x71, - 0xe6, 0x00, 0x12, 0x82, 0xc3, 0x90, 0xb8, 0xc1, 0x81, 0x2b, 0x88, 0x2b, 0x57, 0x2e, 0x48, 0x13, - 0x42, 0x82, 0x53, 0x34, 0xb5, 0xdc, 0x91, 0x72, 0x47, 0x42, 0xb6, 0x13, 0x3b, 0x4e, 0xed, 0x36, - 0x71, 0x53, 0x69, 0x94, 0xde, 0xec, 0x97, 0xf7, 0xfd, 0xde, 0xf7, 0xfd, 0xbe, 0xdf, 0x7b, 0xfe, - 0xde, 0x17, 0x18, 0x51, 0xb6, 0x49, 0x46, 0xdf, 0x4d, 0x2b, 0x2a, 0xd5, 0x29, 0x4a, 0x3f, 0x26, - 0x52, 0x09, 0xe3, 0xa2, 0x2c, 0x93, 0x62, 0xb5, 0x8c, 0xd3, 0x22, 0xd1, 0x74, 0x95, 0x94, 0x6a, - 0x3a, 0x16, 0xcb, 0xb4, 0xa2, 0x58, 0xa3, 0x32, 0x16, 0x25, 0xac, 0xa6, 0x95, 0x6d, 0xc2, 0x8d, - 0x97, 0xa9, 0x56, 0xa1, 0xda, 0x03, 0xd3, 0x3a, 0x63, 0xbd, 0x58, 0x50, 0x5c, 0x4c, 0xa2, 0x12, - 0xb5, 0xc6, 0x8d, 0x27, 0x6b, 0x94, 0x7f, 0x12, 0x82, 0xf1, 0x75, 0x4d, 0xda, 0x50, 0xa9, 0x42, - 0x35, 0x9c, 0x17, 0xc5, 0xf7, 0x72, 0xd9, 0x45, 0x81, 0x52, 0x7d, 0x05, 0xab, 0x3a, 0xba, 0x03, - 0x03, 0x1a, 0x91, 0xaa, 0x58, 0x65, 0x99, 0x24, 0x93, 0x1a, 0x5e, 0xce, 0x34, 0xea, 0x89, 0x97, - 0x76, 0x8a, 0x32, 0x11, 0x8b, 0x3a, 0xbe, 0xc5, 0xab, 0xf8, 0xe3, 0x1a, 0x51, 0xb1, 0xc8, 0xff, - 0xf6, 0xe3, 0x4c, 0xac, 0xb9, 0x58, 0x5e, 0x14, 0x55, 0xac, 0x69, 0x9b, 0xba, 0x4a, 0xaa, 0x92, - 0xd0, 0x34, 0x47, 0x37, 0x21, 0x52, 0xc6, 0xaa, 0xce, 0x86, 0x4c, 0x98, 0xa9, 0x46, 0x3d, 0x91, - 0x3c, 0x0c, 0x33, 0x5d, 0x29, 0xee, 0x2e, 0xcd, 0x66, 0xe7, 0x6f, 0xe6, 0x5e, 0x5d, 0xc8, 0xf2, - 0x82, 0x69, 0x81, 0x5e, 0x81, 0x08, 0xa9, 0x3e, 0xa4, 0x6c, 0xd8, 0xb4, 0xbc, 0xec, 0x76, 0xc0, - 0x30, 0x98, 0xcf, 0x2e, 0x2e, 0xf0, 0x82, 0x39, 0x09, 0x21, 0x88, 0xe8, 0xa4, 0x82, 0xd9, 0x48, - 0x92, 0x49, 0x85, 0x05, 0xf3, 0x19, 0x2d, 0x42, 0x78, 0x87, 0x88, 0x6c, 0x34, 0xc9, 0xa4, 0xa2, - 0xcb, 0xd7, 0x1b, 0xf5, 0xc4, 0x55, 0xc7, 0x5e, 0xd2, 0xf1, 0xd2, 0xec, 0xb4, 0xac, 0xe3, 0xa5, - 0x85, 0x5c, 0xee, 0x46, 0x6e, 0xda, 0x0e, 0x48, 0x30, 0x6c, 0xf8, 0xab, 0x70, 0xc5, 0x97, 0x1b, - 0x01, 0x6b, 0x0a, 0xad, 0x6a, 0x98, 0xff, 0xce, 0x62, 0x30, 0xaf, 0x28, 0x2a, 0xdd, 0x39, 0x3d, - 0x06, 0x6f, 0xc1, 0xa0, 0x56, 0x2b, 0x7d, 0x84, 0xcb, 0x2d, 0x12, 0x93, 0x8d, 0x7a, 0x62, 0xd2, - 0x97, 0xc4, 0xb9, 0x79, 0x5e, 0x68, 0x19, 0xa0, 0x15, 0x18, 0x69, 0x3e, 0xde, 0xc5, 0x7b, 0xab, - 0x62, 0x93, 0xcb, 0x44, 0xa3, 0x9e, 0x98, 0xf0, 0x01, 0x98, 0xcb, 0x2d, 0xf0, 0x82, 0xcb, 0xc8, - 0x4e, 0x44, 0xa4, 0x97, 0x44, 0x44, 0x9d, 0x44, 0x34, 0xd9, 0xf4, 0xe6, 0xc9, 0x66, 0xf3, 0x77, - 0x06, 0x46, 0x8d, 0x59, 0xd6, 0xcf, 0x67, 0x45, 0x84, 0x3c, 0x0b, 0x63, 0xee, 0xa8, 0xec, 0x80, - 0xff, 0x0e, 0xc1, 0xa4, 0x23, 0x32, 0x01, 0xef, 0xd0, 0x6d, 0x7c, 0xae, 0x20, 0x4f, 0x05, 0x21, - 0x1e, 0x46, 0x34, 0xac, 0x92, 0xa2, 0x7c, 0xaf, 0x56, 0x29, 0x61, 0x95, 0x1d, 0x30, 0x80, 0x04, - 0xd7, 0x18, 0x4a, 0xc2, 0x45, 0xd5, 0x24, 0x71, 0xe5, 0x11, 0x91, 0x45, 0x76, 0x30, 0xc9, 0xa4, - 0x86, 0x84, 0xf6, 0x21, 0xfe, 0x1a, 0x4c, 0x1d, 0x45, 0xb8, 0x9d, 0x99, 0x5f, 0xad, 0xcc, 0x34, - 0x05, 0xfb, 0xbf, 0xc8, 0x4c, 0xb4, 0x97, 0xcc, 0x0c, 0x1c, 0x91, 0x99, 0xc1, 0xc3, 0x99, 0x69, - 0xf2, 0xee, 0x4b, 0xa7, 0xcd, 0xfb, 0x5f, 0x21, 0x78, 0x71, 0x5d, 0x93, 0x9c, 0x19, 0xe7, 0xdb, - 0xe0, 0x34, 0xb6, 0xc1, 0x84, 0xf9, 0xd9, 0x72, 0xb3, 0x6c, 0xe7, 0xe0, 0xdb, 0x10, 0xb0, 0xe6, - 0xaf, 0x86, 0xdb, 0xe7, 0xdf, 0x34, 0xdf, 0x6f, 0x1a, 0x0f, 0x49, 0x3f, 0x9a, 0x6c, 0x2e, 0xbf, - 0x8e, 0x5a, 0xc2, 0x17, 0xc5, 0x8d, 0x6d, 0x62, 0xf0, 0x5d, 0x2e, 0xea, 0x84, 0x56, 0x0b, 0xad, - 0x52, 0x8e, 0xd0, 0xea, 0x06, 0x25, 0xd5, 0x3e, 0xf2, 0xda, 0x2c, 0x79, 0x42, 0xbd, 0x97, 0x3c, - 0x28, 0x0b, 0x61, 0x85, 0x58, 0x6c, 0x46, 0x97, 0xe3, 0x8d, 0x7a, 0x82, 0x73, 0x9b, 0x66, 0x1d, - 0x53, 0x5e, 0x30, 0xa6, 0xa2, 0x18, 0x44, 0x89, 0xb6, 0x91, 0xcf, 0x9b, 0x24, 0x0e, 0x09, 0xd6, - 0x0b, 0x9a, 0x81, 0xa8, 0x5c, 0x2c, 0x61, 0xd9, 0xfb, 0x48, 0x71, 0x16, 0xb5, 0x66, 0xa1, 0xbb, - 0x10, 0x2b, 0xab, 0xf2, 0xa6, 0xe9, 0xbe, 0x41, 0x1e, 0x79, 0x48, 0xca, 0x45, 0xdd, 0x3a, 0x63, - 0x8e, 0xb0, 0xf6, 0x34, 0x42, 0x77, 0x00, 0x11, 0x4d, 0xab, 0x61, 0x75, 0xd3, 0xc9, 0x75, 0xc1, - 0x3a, 0x92, 0xfc, 0xa1, 0x3c, 0x4c, 0x50, 0x0e, 0x06, 0xc5, 0xa2, 0x5e, 0xbc, 0x2f, 0xac, 0xb1, - 0x43, 0xa6, 0xf5, 0x44, 0xa3, 0x9e, 0xb8, 0xec, 0x21, 0xaf, 0x9a, 0x2a, 0xf3, 0x42, 0x6b, 0xae, - 0xb1, 0x3f, 0x8d, 0xc7, 0xdb, 0x44, 0xc6, 0x9b, 0xe4, 0x31, 0x66, 0x87, 0x93, 0x4c, 0x2a, 0x22, - 0xb8, 0xc6, 0x50, 0x1c, 0xc0, 0x78, 0x2f, 0x10, 0x09, 0x6b, 0x3a, 0x0b, 0xe6, 0x0e, 0x6e, 0x1b, - 0x41, 0xd7, 0x60, 0xd4, 0x79, 0xdb, 0xda, 0x53, 0x30, 0x7b, 0x31, 0xc9, 0xa4, 0x5e, 0x10, 0x3a, - 0x46, 0xd1, 0x1b, 0x30, 0xaa, 0xda, 0x92, 0x32, 0xe7, 0x8d, 0x18, 0xf3, 0xfc, 0xe3, 0xec, 0x98, - 0xce, 0xa7, 0x61, 0xba, 0x1b, 0x71, 0xda, 0x6a, 0xfe, 0x27, 0x0c, 0xd7, 0xd7, 0x35, 0xe9, 0xbe, - 0x62, 0x00, 0xff, 0x07, 0x04, 0x6d, 0x0b, 0x31, 0xdc, 0x95, 0x10, 0xe7, 0x7c, 0x84, 0x68, 0x9e, - 0x10, 0x3d, 0xe9, 0x2d, 0xda, 0xbb, 0xde, 0x16, 0x1c, 0xbd, 0x59, 0xc2, 0x9f, 0x6c, 0xd4, 0x13, - 0xac, 0x63, 0x4d, 0x2b, 0x44, 0xc7, 0x15, 0x45, 0xdf, 0x3b, 0x46, 0x70, 0x83, 0xc7, 0x0a, 0x6e, - 0xa8, 0x0b, 0xc1, 0x0d, 0x7b, 0x09, 0x8e, 0x9f, 0x85, 0x4c, 0x97, 0xe9, 0x6f, 0xff, 0x98, 0x18, - 0x92, 0x29, 0x60, 0x19, 0x9f, 0x45, 0xc9, 0x78, 0xa7, 0x3f, 0xd2, 0x73, 0xfa, 0x9b, 0xd4, 0x76, - 0x43, 0x93, 0x4d, 0xed, 0x17, 0x21, 0x18, 0x31, 0xb6, 0xaf, 0x66, 0x44, 0xfd, 0x0e, 0x11, 0xcf, - 0xd0, 0xb7, 0xb9, 0x99, 0xc0, 0x48, 0x80, 0x7b, 0xfb, 0x18, 0xc4, 0xda, 0x49, 0xb1, 0xd9, 0x7a, - 0xc2, 0xc0, 0x25, 0xeb, 0xb0, 0xbb, 0x47, 0xcb, 0xcf, 0x59, 0xa3, 0x83, 0x4f, 0xc0, 0xcb, 0x9e, - 0xbe, 0xd9, 0xde, 0x7f, 0xd2, 0xaa, 0x8b, 0x2b, 0x74, 0xe7, 0x2c, 0xd6, 0xc5, 0x9d, 0x65, 0x6d, - 0xc4, 0xe3, 0x0e, 0xd1, 0x2a, 0x5a, 0xdb, 0x29, 0xb0, 0x09, 0xfa, 0x8a, 0x31, 0x09, 0x72, 0x28, - 0x7c, 0x5e, 0x52, 0x6b, 0x79, 0xed, 0xf6, 0xab, 0xe5, 0xf5, 0xdc, 0xa7, 0x31, 0x08, 0xaf, 0x6b, - 0x12, 0xfa, 0x89, 0x81, 0x31, 0x9f, 0x36, 0xdc, 0x6a, 0x8f, 0x6d, 0xc0, 0xb4, 0x6f, 0xd7, 0x8a, - 0x7b, 0xbb, 0x6f, 0x50, 0xad, 0x00, 0x4c, 0xc7, 0x7d, 0xba, 0x5f, 0x41, 0x1c, 0xf7, 0x86, 0x0a, - 0xe4, 0xf8, 0xd1, 0xbd, 0x26, 0xf4, 0x25, 0x03, 0x17, 0xdb, 0x1b, 0x4d, 0xaf, 0x07, 0x59, 0xc2, - 0xb1, 0xe7, 0x6e, 0x9f, 0xcc, 0xde, 0xf6, 0xeb, 0x67, 0x06, 0xc6, 0xfd, 0xfb, 0x41, 0x6b, 0xc1, - 0x33, 0x78, 0x18, 0x8d, 0xdb, 0xea, 0x27, 0x9a, 0x2b, 0x02, 0xff, 0xbe, 0xc9, 0x5a, 0xf0, 0x54, - 0xf6, 0x29, 0x82, 0x63, 0x9b, 0x10, 0xe8, 0x1b, 0x06, 0x46, 0x3b, 0x3a, 0x10, 0xf9, 0x00, 0x0b, - 0xb9, 0x21, 0xb8, 0xd5, 0x13, 0x43, 0xd8, 0x0e, 0xfe, 0xc0, 0xc0, 0x25, 0xef, 0xeb, 0xf9, 0x5b, - 0x81, 0x16, 0xf1, 0x40, 0xe2, 0x36, 0xfa, 0x85, 0x64, 0x7b, 0xfd, 0x07, 0x03, 0x57, 0x8e, 0xbf, - 0x08, 0x6f, 0x05, 0xdb, 0x48, 0x47, 0xa3, 0x72, 0x1f, 0x9c, 0x06, 0xaa, 0x1d, 0xd9, 0x33, 0x06, - 0xa6, 0xba, 0xba, 0x14, 0xbd, 0x1b, 0xc0, 0x8d, 0x6e, 0x80, 0xb9, 0x07, 0xa7, 0x04, 0xec, 0x0a, - 0xb1, 0xab, 0x22, 0x3e, 0x48, 0x88, 0xdd, 0x00, 0x07, 0x0a, 0xb1, 0x97, 0x7a, 0x1a, 0x7d, 0xc6, - 0xc0, 0xb0, 0x53, 0x4c, 0xbf, 0x16, 0x44, 0x31, 0x2d, 0x6b, 0xae, 0x70, 0x12, 0x6b, 0xdb, 0xa3, - 0xef, 0x19, 0x40, 0x1e, 0x05, 0xeb, 0x9b, 0xc1, 0xc4, 0xdc, 0x01, 0xc3, 0xad, 0xf7, 0x05, 0xa6, - 0xe3, 0xd4, 0x74, 0xd5, 0xa7, 0xc1, 0x4e, 0xcd, 0x76, 0x88, 0x80, 0xa7, 0xa6, 0x57, 0x89, 0x68, - 0x3a, 0xd8, 0x51, 0x1f, 0xe6, 0x4f, 0x44, 0x41, 0x60, 0x07, 0xbd, 0xab, 0xc1, 0xe5, 0x0f, 0x7f, - 0xd9, 0x8f, 0x33, 0x4f, 0xf7, 0xe3, 0xcc, 0xb3, 0xfd, 0x38, 0xf3, 0xf9, 0x41, 0xfc, 0xc2, 0xd3, - 0x83, 0xf8, 0x85, 0x3f, 0x0f, 0xe2, 0x17, 0xde, 0x2f, 0x48, 0x44, 0x7f, 0x54, 0x2b, 0xa5, 0xcb, - 0xb4, 0x92, 0xb1, 0x96, 0x9b, 0x69, 0xad, 0x97, 0x69, 0x5b, 0x6f, 0xc6, 0x59, 0x70, 0xc6, 0x5a, - 0x31, 0xb3, 0x9b, 0x31, 0xff, 0x53, 0xde, 0x53, 0xb0, 0x56, 0x1a, 0x30, 0xff, 0xf6, 0xbd, 0xf1, - 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x42, 0x0e, 0x55, 0x05, 0x67, 0x1e, 0x00, 0x00, + // 1360 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5a, 0xdf, 0x6f, 0xdb, 0xd4, + 0x17, 0x9f, 0xf3, 0xa3, 0x3f, 0x4e, 0xfb, 0xad, 0xf4, 0xbd, 0xb4, 0x9d, 0xeb, 0x96, 0x24, 0xf3, + 0xaa, 0x2d, 0x12, 0x6d, 0x92, 0x76, 0x4d, 0x59, 0x27, 0x0a, 0x4a, 0x1b, 0xb6, 0x55, 0x6b, 0xab, + 0xe2, 0x76, 0x80, 0x10, 0x62, 0x4a, 0xe2, 0x3b, 0xef, 0x52, 0x27, 0x36, 0xb6, 0x53, 0xb5, 0x7b, + 0xe3, 0x2f, 0x00, 0x09, 0xc1, 0xc3, 0x90, 0x78, 0x83, 0x07, 0x5e, 0x41, 0xbc, 0x22, 0xde, 0x78, + 0x41, 0x9a, 0x10, 0x12, 0x3c, 0x45, 0x53, 0xcb, 0x1b, 0x0f, 0x48, 0x79, 0x47, 0x42, 0xb6, 0x63, + 0x3b, 0x4e, 0xed, 0x34, 0x71, 0x53, 0x69, 0x74, 0x7d, 0xb3, 0x6f, 0xee, 0xf9, 0xdc, 0x73, 0x3e, + 0xe7, 0xe3, 0x7b, 0xcf, 0x3d, 0x0a, 0x0c, 0xcb, 0xbb, 0x24, 0xad, 0xed, 0xa7, 0x64, 0x45, 0xd2, + 0x24, 0x94, 0x7a, 0x4c, 0x84, 0x22, 0xc6, 0x05, 0x51, 0x24, 0x85, 0x4a, 0x09, 0xa7, 0x78, 0xa2, + 0x6a, 0x0a, 0x29, 0x56, 0x35, 0xcc, 0x97, 0xa4, 0xb2, 0x6c, 0x8e, 0x8a, 0x98, 0x17, 0xb0, 0x92, + 0x92, 0x77, 0x09, 0x33, 0x51, 0x92, 0xd4, 0xb2, 0xa4, 0x3e, 0x30, 0xac, 0xd3, 0xe6, 0x8b, 0x09, + 0xc5, 0x8c, 0x0a, 0x92, 0x20, 0x99, 0xe3, 0xfa, 0x93, 0x39, 0xca, 0x3e, 0x09, 0xc1, 0xc4, 0x86, + 0x2a, 0x6c, 0x29, 0x92, 0x2c, 0xa9, 0x38, 0xc7, 0xf3, 0xef, 0x66, 0x33, 0x4b, 0x9c, 0x24, 0x69, + 0xab, 0x58, 0xd1, 0xd0, 0x1d, 0xe8, 0x53, 0x89, 0x50, 0xc1, 0x0a, 0x4d, 0x25, 0xa8, 0xe4, 0xe0, + 0x4a, 0xba, 0x5e, 0x8b, 0xbf, 0xb4, 0x57, 0x10, 0x09, 0x5f, 0xd0, 0xf0, 0x2d, 0x56, 0xc1, 0x1f, + 0x55, 0x89, 0x82, 0x79, 0xf6, 0xd7, 0xef, 0x67, 0x47, 0x1b, 0x8b, 0xe5, 0x78, 0x5e, 0xc1, 0xaa, + 0xba, 0xad, 0x29, 0xa4, 0x22, 0x70, 0x0d, 0x73, 0x74, 0x13, 0x22, 0x25, 0xac, 0x68, 0x74, 0xc8, + 0x80, 0x99, 0xae, 0xd7, 0xe2, 0x89, 0xe3, 0x30, 0x33, 0xe5, 0xc2, 0xfe, 0xf2, 0x5c, 0x66, 0xe1, + 0x66, 0xf6, 0xd5, 0xc5, 0x0c, 0xcb, 0x19, 0x16, 0xe8, 0x15, 0x88, 0x90, 0xca, 0x43, 0x89, 0x0e, + 0x1b, 0x96, 0x97, 0xdd, 0x0e, 0xe8, 0x06, 0x0b, 0x99, 0xa5, 0x45, 0x96, 0x33, 0x26, 0x21, 0x04, + 0x11, 0x8d, 0x94, 0x31, 0x1d, 0x49, 0x50, 0xc9, 0x30, 0x67, 0x3c, 0xa3, 0x25, 0x08, 0xef, 0x11, + 0x9e, 0x8e, 0x26, 0xa8, 0x64, 0x74, 0xe5, 0x7a, 0xbd, 0x16, 0xbf, 0xea, 0xd8, 0x0b, 0x1a, 0x5e, + 0x9e, 0x9b, 0x11, 0x35, 0xbc, 0xbc, 0x98, 0xcd, 0xde, 0xc8, 0xce, 0xd8, 0x01, 0x71, 0xba, 0x0d, + 0x7b, 0x15, 0xae, 0xf8, 0x72, 0xc3, 0x61, 0x55, 0x96, 0x2a, 0x2a, 0x66, 0xbf, 0x31, 0x19, 0xcc, + 0xc9, 0xb2, 0x22, 0xed, 0x9d, 0x1d, 0x83, 0xb7, 0xa0, 0x5f, 0xad, 0x16, 0x3f, 0xc4, 0x25, 0x8b, + 0xc4, 0x44, 0xbd, 0x16, 0x9f, 0xf2, 0x25, 0x71, 0x7e, 0x81, 0xe5, 0x2c, 0x03, 0xb4, 0x0a, 0xc3, + 0x8d, 0xc7, 0x7b, 0xf8, 0x60, 0x8d, 0x6f, 0x70, 0x19, 0xaf, 0xd7, 0xe2, 0x93, 0x3e, 0x00, 0xf3, + 0xd9, 0x45, 0x96, 0x73, 0x19, 0xd9, 0x89, 0x88, 0x74, 0x93, 0x88, 0xa8, 0x93, 0x88, 0x06, 0x9b, + 0xde, 0x3c, 0xd9, 0x6c, 0xfe, 0x46, 0xc1, 0x88, 0x3e, 0xcb, 0xfc, 0xf9, 0xbc, 0x88, 0x90, 0xa5, + 0x61, 0xdc, 0x1d, 0x95, 0x1d, 0xf0, 0xdf, 0x21, 0x98, 0x72, 0x44, 0xc6, 0xe1, 0x3d, 0x69, 0x17, + 0x5f, 0x28, 0xc8, 0x53, 0x41, 0x88, 0x85, 0x61, 0x15, 0x2b, 0xa4, 0x20, 0x6e, 0x56, 0xcb, 0x45, + 0xac, 0xd0, 0x7d, 0x3a, 0x10, 0xe7, 0x1a, 0x43, 0x09, 0x18, 0x52, 0x0c, 0x12, 0x57, 0x1f, 0x11, + 0x91, 0xa7, 0xfb, 0x13, 0x54, 0x72, 0x80, 0x6b, 0x1e, 0x62, 0xaf, 0xc1, 0x74, 0x3b, 0xc2, 0xed, + 0xcc, 0xfc, 0x62, 0x66, 0xa6, 0x21, 0xd8, 0x17, 0x22, 0x33, 0xd1, 0x6e, 0x32, 0xd3, 0xd7, 0x26, + 0x33, 0xfd, 0xc7, 0x33, 0xd3, 0xe0, 0xdd, 0x97, 0x4e, 0x9b, 0xf7, 0x3f, 0x43, 0xf0, 0xff, 0x0d, + 0x55, 0x70, 0x66, 0x5c, 0x7c, 0x06, 0x67, 0xf1, 0x19, 0x4c, 0x1a, 0xc7, 0x96, 0x9b, 0x65, 0x3b, + 0x07, 0x5f, 0x87, 0x80, 0x36, 0x7e, 0xd5, 0xdd, 0xbe, 0x38, 0xd3, 0x7c, 0xcf, 0x34, 0x16, 0x12, + 0x7e, 0x34, 0xd9, 0x5c, 0x7e, 0x19, 0x35, 0x85, 0xcf, 0xf3, 0x5b, 0xbb, 0x44, 0xe7, 0xbb, 0x54, + 0xd0, 0x88, 0x54, 0xc9, 0x5b, 0xa5, 0x1c, 0x91, 0x2a, 0x5b, 0x12, 0xa9, 0xf4, 0x90, 0xd7, 0x46, + 0xc9, 0x13, 0xea, 0xbe, 0xe4, 0x41, 0x19, 0x08, 0xcb, 0xc4, 0x64, 0x33, 0xba, 0x12, 0xab, 0xd7, + 0xe2, 0x8c, 0xdb, 0x34, 0xe3, 0x98, 0xb2, 0x9c, 0x3e, 0x15, 0x8d, 0x42, 0x94, 0xa8, 0x5b, 0xb9, + 0x9c, 0x41, 0xe2, 0x00, 0x67, 0xbe, 0xa0, 0x59, 0x88, 0x8a, 0x85, 0x22, 0x16, 0xbd, 0xb7, 0x14, + 0x67, 0x51, 0x73, 0x16, 0xba, 0x07, 0xa3, 0x25, 0x45, 0xdc, 0x36, 0xdc, 0xd7, 0xc9, 0x23, 0x0f, + 0x49, 0xa9, 0xa0, 0x99, 0x7b, 0x4c, 0x1b, 0x6b, 0x4f, 0x23, 0x74, 0x07, 0x10, 0x51, 0xd5, 0x2a, + 0x56, 0xb6, 0x9d, 0x5c, 0xe7, 0xcd, 0x2d, 0xc9, 0x1f, 0xca, 0xc3, 0x04, 0x65, 0xa1, 0x9f, 0x2f, + 0x68, 0x85, 0xfb, 0xdc, 0x3a, 0x3d, 0x60, 0x58, 0x4f, 0xd6, 0x6b, 0xf1, 0xcb, 0x1e, 0xf2, 0xaa, + 0x2a, 0x22, 0xcb, 0x59, 0x73, 0xf5, 0xef, 0x53, 0x7f, 0xbc, 0x4d, 0x44, 0xbc, 0x4d, 0x1e, 0x63, + 0x7a, 0x30, 0x41, 0x25, 0x23, 0x9c, 0x6b, 0x0c, 0xc5, 0x00, 0xf4, 0xf7, 0x3c, 0x11, 0xb0, 0xaa, + 0xd1, 0x60, 0x7c, 0xc1, 0x4d, 0x23, 0xe8, 0x1a, 0x8c, 0x38, 0x6f, 0x3b, 0x07, 0x32, 0xa6, 0x87, + 0x12, 0x54, 0xf2, 0x7f, 0x5c, 0xcb, 0x28, 0x7a, 0x03, 0x46, 0x14, 0x5b, 0x52, 0xc6, 0xbc, 0x61, + 0x7d, 0x9e, 0x7f, 0x9c, 0x2d, 0xd3, 0xd9, 0x14, 0xcc, 0x74, 0x22, 0x4e, 0x5b, 0xcd, 0xff, 0x84, + 0xe1, 0xfa, 0x86, 0x2a, 0xdc, 0x97, 0x75, 0xe0, 0xff, 0x80, 0xa0, 0x6d, 0x21, 0x86, 0x3b, 0x12, + 0xe2, 0xbc, 0x8f, 0x10, 0x8d, 0x1d, 0xa2, 0x2b, 0xbd, 0x45, 0xbb, 0xd7, 0xdb, 0xa2, 0xa3, 0x37, + 0x53, 0xf8, 0x53, 0xf5, 0x5a, 0x9c, 0x76, 0xac, 0xa5, 0x32, 0xd1, 0x70, 0x59, 0xd6, 0x0e, 0x4e, + 0x10, 0x5c, 0xff, 0x89, 0x82, 0x1b, 0xe8, 0x40, 0x70, 0x83, 0x5e, 0x82, 0x63, 0xe7, 0x20, 0xdd, + 0x61, 0xfa, 0x9b, 0x0f, 0x13, 0x5d, 0x32, 0x79, 0x2c, 0xe2, 0xf3, 0x28, 0x19, 0xef, 0xf4, 0x47, + 0xba, 0x4e, 0x7f, 0x83, 0xda, 0x4e, 0x68, 0xb2, 0xa9, 0xfd, 0x2c, 0x04, 0xc3, 0xfa, 0xe7, 0xab, + 0xea, 0x51, 0xbf, 0x4d, 0xf8, 0x73, 0x74, 0x36, 0x37, 0x12, 0x18, 0x09, 0x70, 0x6f, 0x1f, 0x87, + 0xd1, 0x66, 0x52, 0x6c, 0xb6, 0x9e, 0x50, 0x30, 0x66, 0x6e, 0x76, 0x9b, 0x52, 0xe9, 0x39, 0x6b, + 0x74, 0xb0, 0x71, 0x78, 0xd9, 0xd3, 0x37, 0xdb, 0xfb, 0x8f, 0xad, 0xba, 0xb8, 0x2c, 0xed, 0x9d, + 0xc7, 0xba, 0xb8, 0xb5, 0xac, 0x8d, 0x78, 0xdc, 0x21, 0xac, 0xa2, 0xb5, 0x99, 0x02, 0x9b, 0xa0, + 0x2f, 0x28, 0x83, 0x20, 0x87, 0xc2, 0xe7, 0x25, 0xb5, 0xa6, 0xd7, 0x6e, 0xbf, 0x6c, 0xaf, 0xff, + 0xb2, 0x4a, 0x6d, 0xbd, 0x10, 0xdf, 0x94, 0x4a, 0x7a, 0xde, 0x5f, 0xcc, 0xec, 0x9e, 0xfe, 0x1a, + 0x7a, 0xf2, 0xad, 0xc7, 0x2a, 0xd8, 0x3d, 0xc8, 0xb6, 0x32, 0x32, 0xff, 0xd3, 0x18, 0x84, 0x37, + 0x54, 0x01, 0xfd, 0x40, 0xc1, 0xb8, 0x4f, 0x63, 0x74, 0xad, 0xcb, 0xc6, 0x6c, 0xca, 0xb7, 0x8f, + 0xc8, 0xbc, 0xd5, 0x33, 0x28, 0x2b, 0x00, 0xc3, 0x71, 0x9f, 0x7e, 0x64, 0x10, 0xc7, 0xbd, 0xa1, + 0x02, 0x39, 0xde, 0xbe, 0xfb, 0x87, 0x3e, 0xa7, 0x60, 0xa8, 0xb9, 0xf5, 0xf7, 0x7a, 0x90, 0x25, + 0x1c, 0x7b, 0xe6, 0xf6, 0xe9, 0xec, 0x6d, 0xbf, 0x7e, 0xa4, 0x60, 0xc2, 0xbf, 0x43, 0xb7, 0x1e, + 0x3c, 0x83, 0xc7, 0xd1, 0x98, 0x9d, 0x5e, 0xa2, 0xb9, 0x22, 0xf0, 0xef, 0x64, 0xad, 0x07, 0x4f, + 0x65, 0x8f, 0x22, 0x38, 0xb1, 0x2d, 0x84, 0xbe, 0xa2, 0x60, 0xa4, 0xa5, 0x27, 0x94, 0x0b, 0xb0, + 0x90, 0x1b, 0x82, 0x59, 0x3b, 0x35, 0x84, 0xed, 0xe0, 0x77, 0x14, 0x8c, 0x79, 0x37, 0x4c, 0xee, + 0x06, 0x5a, 0xc4, 0x03, 0x89, 0xd9, 0xea, 0x15, 0x92, 0xed, 0xf5, 0xef, 0x14, 0x5c, 0x39, 0xb9, + 0x35, 0xb1, 0x13, 0xec, 0x43, 0x6a, 0x8f, 0xca, 0xbc, 0x7f, 0x16, 0xa8, 0x76, 0x64, 0xcf, 0x28, + 0x98, 0xee, 0xe8, 0x9a, 0xfa, 0x4e, 0x00, 0x37, 0x3a, 0x01, 0x66, 0x1e, 0x9c, 0x11, 0xb0, 0x2b, + 0xc4, 0x8e, 0xae, 0x55, 0x41, 0x42, 0xec, 0x04, 0x38, 0x50, 0x88, 0xdd, 0xdc, 0x70, 0xd0, 0x27, + 0x14, 0x0c, 0x3a, 0xd7, 0x9b, 0xd7, 0x82, 0x28, 0xc6, 0xb2, 0x66, 0xf2, 0xa7, 0xb1, 0xb6, 0x3d, + 0xfa, 0x96, 0x02, 0xe4, 0x71, 0x85, 0x78, 0x33, 0x98, 0x98, 0x5b, 0x60, 0x98, 0x8d, 0x9e, 0xc0, + 0xb4, 0xec, 0x9a, 0xae, 0x1b, 0x43, 0xb0, 0x5d, 0xb3, 0x19, 0x22, 0xe0, 0xae, 0xe9, 0x55, 0xb4, + 0x1b, 0x0e, 0xb6, 0x54, 0xec, 0xb9, 0x53, 0x51, 0x10, 0xd8, 0x41, 0xef, 0xfa, 0xbc, 0xb1, 0xad, + 0x7b, 0x15, 0xe7, 0x77, 0x03, 0x9f, 0x1d, 0x2d, 0x48, 0x01, 0xb7, 0xf5, 0x36, 0x35, 0xec, 0xca, + 0x07, 0x3f, 0x1f, 0xc6, 0xa8, 0xa7, 0x87, 0x31, 0xea, 0xd9, 0x61, 0x8c, 0xfa, 0xf4, 0x28, 0x76, + 0xe9, 0xe9, 0x51, 0xec, 0xd2, 0x1f, 0x47, 0xb1, 0x4b, 0xef, 0xe5, 0x05, 0xa2, 0x3d, 0xaa, 0x16, + 0x53, 0x25, 0xa9, 0x9c, 0x36, 0x57, 0x9d, 0xb5, 0x96, 0x4d, 0x37, 0x2d, 0x3b, 0xeb, 0xac, 0x3b, + 0x6b, 0x2e, 0x9c, 0xde, 0x4f, 0x1b, 0xff, 0x4d, 0x38, 0x90, 0xb1, 0x5a, 0xec, 0x33, 0xfe, 0x3e, + 0x70, 0xe3, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8f, 0x58, 0xd1, 0xc0, 0xaf, 0x20, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1806,6 +1939,7 @@ type MsgClient interface { AddNocX509RootCert(ctx context.Context, in *MsgAddNocX509RootCert, opts ...grpc.CallOption) (*MsgAddNocX509RootCertResponse, error) RemoveX509Cert(ctx context.Context, in *MsgRemoveX509Cert, opts ...grpc.CallOption) (*MsgRemoveX509CertResponse, error) AddNocX509Cert(ctx context.Context, in *MsgAddNocX509Cert, opts ...grpc.CallOption) (*MsgAddNocX509CertResponse, error) + RevokeNocRootX509Cert(ctx context.Context, in *MsgRevokeNocRootX509Cert, opts ...grpc.CallOption) (*MsgRevokeNocRootX509CertResponse, error) } type msgClient struct { @@ -1942,6 +2076,15 @@ func (c *msgClient) AddNocX509Cert(ctx context.Context, in *MsgAddNocX509Cert, o return out, nil } +func (c *msgClient) RevokeNocRootX509Cert(ctx context.Context, in *MsgRevokeNocRootX509Cert, opts ...grpc.CallOption) (*MsgRevokeNocRootX509CertResponse, error) { + out := new(MsgRevokeNocRootX509CertResponse) + err := c.cc.Invoke(ctx, "/zigbeealliance.distributedcomplianceledger.pki.Msg/RevokeNocRootX509Cert", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // MsgServer is the server API for Msg service. type MsgServer interface { ProposeAddX509RootCert(context.Context, *MsgProposeAddX509RootCert) (*MsgProposeAddX509RootCertResponse, error) @@ -1958,6 +2101,7 @@ type MsgServer interface { AddNocX509RootCert(context.Context, *MsgAddNocX509RootCert) (*MsgAddNocX509RootCertResponse, error) RemoveX509Cert(context.Context, *MsgRemoveX509Cert) (*MsgRemoveX509CertResponse, error) AddNocX509Cert(context.Context, *MsgAddNocX509Cert) (*MsgAddNocX509CertResponse, error) + RevokeNocRootX509Cert(context.Context, *MsgRevokeNocRootX509Cert) (*MsgRevokeNocRootX509CertResponse, error) } // UnimplementedMsgServer can be embedded to have forward compatible implementations. @@ -2006,6 +2150,9 @@ func (*UnimplementedMsgServer) RemoveX509Cert(ctx context.Context, req *MsgRemov func (*UnimplementedMsgServer) AddNocX509Cert(ctx context.Context, req *MsgAddNocX509Cert) (*MsgAddNocX509CertResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method AddNocX509Cert not implemented") } +func (*UnimplementedMsgServer) RevokeNocRootX509Cert(ctx context.Context, req *MsgRevokeNocRootX509Cert) (*MsgRevokeNocRootX509CertResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method RevokeNocRootX509Cert not implemented") +} func RegisterMsgServer(s grpc1.Server, srv MsgServer) { s.RegisterService(&_Msg_serviceDesc, srv) @@ -2263,6 +2410,24 @@ func _Msg_AddNocX509Cert_Handler(srv interface{}, ctx context.Context, dec func( return interceptor(ctx, in, info, handler) } +func _Msg_RevokeNocRootX509Cert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(MsgRevokeNocRootX509Cert) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(MsgServer).RevokeNocRootX509Cert(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/zigbeealliance.distributedcomplianceledger.pki.Msg/RevokeNocRootX509Cert", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(MsgServer).RevokeNocRootX509Cert(ctx, req.(*MsgRevokeNocRootX509Cert)) + } + return interceptor(ctx, in, info, handler) +} + var _Msg_serviceDesc = grpc.ServiceDesc{ ServiceName: "zigbeealliance.distributedcomplianceledger.pki.Msg", HandlerType: (*MsgServer)(nil), @@ -2323,6 +2488,10 @@ var _Msg_serviceDesc = grpc.ServiceDesc{ MethodName: "AddNocX509Cert", Handler: _Msg_AddNocX509Cert_Handler, }, + { + MethodName: "RevokeNocRootX509Cert", + Handler: _Msg_RevokeNocRootX509Cert_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "pki/tx.proto", @@ -3477,6 +3646,102 @@ func (m *MsgAddNocX509CertResponse) MarshalToSizedBuffer(dAtA []byte) (int, erro return len(dAtA) - i, nil } +func (m *MsgRevokeNocRootX509Cert) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *MsgRevokeNocRootX509Cert) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgRevokeNocRootX509Cert) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.RevokeChild { + i-- + if m.RevokeChild { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x38 + } + if m.Time != 0 { + i = encodeVarintTx(dAtA, i, uint64(m.Time)) + i-- + dAtA[i] = 0x30 + } + if len(m.Info) > 0 { + i -= len(m.Info) + copy(dAtA[i:], m.Info) + i = encodeVarintTx(dAtA, i, uint64(len(m.Info))) + i-- + dAtA[i] = 0x2a + } + if len(m.SerialNumber) > 0 { + i -= len(m.SerialNumber) + copy(dAtA[i:], m.SerialNumber) + i = encodeVarintTx(dAtA, i, uint64(len(m.SerialNumber))) + i-- + dAtA[i] = 0x22 + } + if len(m.SubjectKeyId) > 0 { + i -= len(m.SubjectKeyId) + copy(dAtA[i:], m.SubjectKeyId) + i = encodeVarintTx(dAtA, i, uint64(len(m.SubjectKeyId))) + i-- + dAtA[i] = 0x1a + } + if len(m.Subject) > 0 { + i -= len(m.Subject) + copy(dAtA[i:], m.Subject) + i = encodeVarintTx(dAtA, i, uint64(len(m.Subject))) + i-- + dAtA[i] = 0x12 + } + if len(m.Signer) > 0 { + i -= len(m.Signer) + copy(dAtA[i:], m.Signer) + i = encodeVarintTx(dAtA, i, uint64(len(m.Signer))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *MsgRevokeNocRootX509CertResponse) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *MsgRevokeNocRootX509CertResponse) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *MsgRevokeNocRootX509CertResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + return len(dAtA) - i, nil +} + func encodeVarintTx(dAtA []byte, offset int, v uint64) int { offset -= sovTx(v) base := offset @@ -4023,6 +4288,50 @@ func (m *MsgAddNocX509CertResponse) Size() (n int) { return n } +func (m *MsgRevokeNocRootX509Cert) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Signer) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } + l = len(m.Subject) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } + l = len(m.SubjectKeyId) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } + l = len(m.SerialNumber) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } + l = len(m.Info) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } + if m.Time != 0 { + n += 1 + sovTx(uint64(m.Time)) + } + if m.RevokeChild { + n += 2 + } + return n +} + +func (m *MsgRevokeNocRootX509CertResponse) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + return n +} + func sovTx(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -7591,6 +7900,305 @@ func (m *MsgAddNocX509CertResponse) Unmarshal(dAtA []byte) error { } return nil } +func (m *MsgRevokeNocRootX509Cert) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgRevokeNocRootX509Cert: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgRevokeNocRootX509Cert: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Signer", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Signer = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Subject", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Subject = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubjectKeyId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubjectKeyId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SerialNumber", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SerialNumber = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Info", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Info = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Time", wireType) + } + m.Time = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Time |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RevokeChild", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.RevokeChild = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *MsgRevokeNocRootX509CertResponse) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: MsgRevokeNocRootX509CertResponse: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: MsgRevokeNocRootX509CertResponse: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + default: + iNdEx = preIndex + skippy, err := skipTx(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTx + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func skipTx(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 From bb8407fe3acf5f78f35766af102a500cb42bbb26 Mon Sep 17 00:00:00 2001 From: Abdulbois Date: Thu, 14 Mar 2024 12:55:20 +0500 Subject: [PATCH 2/2] #524 Enable revocation of NOC certificates Minor refactoring due to comments of PR Signed-off-by: Abdulbois Signed-off-by: Abdulbois --- integration_tests/cli/pki-noc-certs.sh | 6 ++-- .../pki-noc-revocation-with-revoking-child.sh | 6 ++-- .../pki-noc-revocation-with-serial-number.sh | 4 +-- types/pki/errors.go | 7 ++++ x/pki/handler_revoke_noc_root_cert_test.go | 9 ++--- x/pki/keeper/child_certificates.go | 4 +-- .../msg_server_revoke_noc_root_x_509_cert.go | 12 +++---- x/pki/keeper/noc_certificates.go | 21 +++++++++++ x/pki/keeper/noc_root_certificates.go | 35 +++++++++++++++++++ 9 files changed, 83 insertions(+), 21 deletions(-) diff --git a/integration_tests/cli/pki-noc-certs.sh b/integration_tests/cli/pki-noc-certs.sh index b083c7e14..4fe99d3fb 100755 --- a/integration_tests/cli/pki-noc-certs.sh +++ b/integration_tests/cli/pki-noc-certs.sh @@ -315,9 +315,11 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" echo $result | jq -echo "Request NOC certificate by VID must not contain revoked root certificates" +echo "Request NOC root certificate by VID = $vid must not contain revoked root certificates" result=$(dcld query pki noc-x509-root-certs --vid="$vid") -check_response "$result" "Not Found" +check_response "$result" "\"subject\": \"$noc_root_cert_2_subject\"" +check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_2_subject_key_id\"" +check_response "$result" "\"serialNumber\": \"$noc_root_cert_2_serial_number\"" response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subject_key_id\"" response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" diff --git a/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh b/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh index b17e1ebce..63b43162c 100755 --- a/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh +++ b/integration_tests/cli/pki-noc-revocation-with-revoking-child.sh @@ -100,7 +100,7 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" echo $result | jq -echo "Request NOC certificate by VID should be empty" +echo "Request NOC root certificate by VID = $vid should be empty" result=$(dcld query pki noc-x509-root-certs --vid="$vid") check_response "$result" "Not Found" response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" @@ -109,14 +109,14 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" echo $result | jq -echo "Request all certificates by subject should be empty" +echo "Request all certificates by NOC root certificate's subject should be empty" result=$(dcld query pki all-subject-x509-certs --subject="$noc_root_cert_1_subject") check_response "$result" "Not Found" response_does_not_contain "$result" "\"$noc_root_cert_1_subject\"" response_does_not_contain "$result" "\"$noc_root_cert_1_subject_key_id\"" echo $result | jq -echo "Request all certificates by subjectKeyId should be empty" +echo "Request all certificates by NOC root certificate's subjectKeyId should be empty" result=$(dcld query pki x509-cert --subject-key-id="$noc_root_cert_1_subject_key_id") check_response "$result" "Not Found" response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" diff --git a/integration_tests/cli/pki-noc-revocation-with-serial-number.sh b/integration_tests/cli/pki-noc-revocation-with-serial-number.sh index 89a0ad125..5dc2de123 100755 --- a/integration_tests/cli/pki-noc-revocation-with-serial-number.sh +++ b/integration_tests/cli/pki-noc-revocation-with-serial-number.sh @@ -101,7 +101,7 @@ response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_cert_1_subjec response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial_number\"" echo $result | jq -echo "Request NOC certificate by VID should contain only one root certificate with serialNumber=$noc_root_cert_1_copy_serial_number" +echo "Request NOC root certificate by VID = $vid should contain only one root certificate with serialNumber=$noc_root_cert_1_copy_serial_number" result=$(dcld query pki noc-x509-root-certs --vid="$vid") check_response "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" check_response "$result" "\"subject\": \"$noc_root_cert_1_subject\"" @@ -192,7 +192,7 @@ response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_serial response_does_not_contain "$result" "\"serialNumber\": \"$noc_root_cert_1_copy_serial_number\"" echo $result | jq -echo "Request NOC certificate by VID should be empty" +echo "Request NOC root certificate by VID = $vid should be empty" result=$(dcld query pki noc-x509-root-certs --vid="$vid") check_response "$result" "Not Found" response_does_not_contain "$result" "\"subject\": \"$noc_root_cert_1_subject\"" diff --git a/types/pki/errors.go b/types/pki/errors.go index bfaca2bee..620b7a188 100644 --- a/types/pki/errors.go +++ b/types/pki/errors.go @@ -357,6 +357,13 @@ func NewErrMessageRemoveRoot(subject string, subjectKeyID string) error { ) } +func NewErrMessageExistingCertIsNotRoot(subject string, subjectKeyID string) error { + return sdkerrors.Wrapf(ErrInappropriateCertificateType, + "The existing certificate with the same combination of subject (%v) and subjectKeyID (%v) is not a root certificate", + subject, subjectKeyID, + ) +} + func NewErrUnsupportedOperation(e interface{}) error { return sdkerrors.Wrapf(ErrUnsupportedOperation, "%v", e) } diff --git a/x/pki/handler_revoke_noc_root_cert_test.go b/x/pki/handler_revoke_noc_root_cert_test.go index 50de4015b..560b38c35 100644 --- a/x/pki/handler_revoke_noc_root_cert_test.go +++ b/x/pki/handler_revoke_noc_root_cert_test.go @@ -81,7 +81,7 @@ func TestHandler_RevokeNocX509RootCert_CertificateExists(t *testing.T) { Vid: testconstants.Vid, }, nocRoorCert: testconstants.RootCertPem, - err: sdkerrors.ErrUnauthorized, + err: pkitypes.ErrInappropriateCertificateType, }, { name: "ExistingNotNocCert", @@ -235,9 +235,10 @@ func TestHandler_RevokeNocX509RootCert_RevokeDefault(t *testing.T) { require.Equal(t, 0, len(aprCertsBySubjectKeyID)) // query noc root certificate by VID - _, err = queryNocRootCertificates(setup, testconstants.Vid) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) + nocRootCerts, err := queryNocRootCertificates(setup, testconstants.Vid) + require.NoError(t, err) + require.Equal(t, 1, len(nocRootCerts.Certs)) + require.Equal(t, testconstants.NocRootCert2SubjectKeyID, nocRootCerts.Certs[0].SubjectKeyId) // Child certificate should not be revoked _, err = queryRevokedCertificates(setup, testconstants.NocCert1Subject, testconstants.NocCert1SubjectKeyID) diff --git a/x/pki/keeper/child_certificates.go b/x/pki/keeper/child_certificates.go index 433182ac7..54a9c6fa2 100644 --- a/x/pki/keeper/child_certificates.go +++ b/x/pki/keeper/child_certificates.go @@ -111,10 +111,10 @@ func (k msgServer) RevokeChildCertificates(ctx sdk.Context, issuer string, autho // Revoke certificates with this subject/subjectKeyID combination certificates, _ := k.GetApprovedCertificates(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId) k.AddRevokedCertificates(ctx, certificates) - // FIXME: Should be replaced + // FIXME: Below two lines is not in the context of RevokeChildCertificates method. In future current implementation must be refactored if len(certificates.Certs) > 0 { // If cert is NOC then remove it from NOC certificates list - k.RemoveNocCertificates(ctx, certificates.Certs[0].Vid) + k.RemoveNocCertificate(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId, certificates.Certs[0].Vid) } k.RemoveApprovedCertificates(ctx, certIdentifier.Subject, certIdentifier.SubjectKeyId) diff --git a/x/pki/keeper/msg_server_revoke_noc_root_x_509_cert.go b/x/pki/keeper/msg_server_revoke_noc_root_x_509_cert.go index 433610f89..6ac5e6eae 100644 --- a/x/pki/keeper/msg_server_revoke_noc_root_x_509_cert.go +++ b/x/pki/keeper/msg_server_revoke_noc_root_x_509_cert.go @@ -30,7 +30,7 @@ func (k msgServer) RevokeNocRootX509Cert(goCtx context.Context, msg *types.MsgRe cert := certificates.Certs[0] if !cert.IsRoot { - return nil, pkitypes.NewErrUnauthorizedCertIssuer(cert.Subject, cert.SubjectKeyId) + return nil, pkitypes.NewErrMessageExistingCertIsNotRoot(cert.Subject, cert.SubjectKeyId) } // Existing certificate must be NOC certificate if !cert.IsNoc { @@ -71,7 +71,7 @@ func (k msgServer) _revokeNocRootCertificates(ctx sdk.Context, certificates type k.AddRevokedNocRootCertificates(ctx, types.RevokedNocRootCertificates(certificates)) // Remove certs from NOC and approved lists - k.RemoveNocRootCertificates(ctx, vid) + k.RemoveNocRootCertificate(ctx, vid, certificates.Subject, certificates.SubjectKeyId) k.RemoveApprovedCertificates(ctx, certificates.Subject, certificates.SubjectKeyId) // remove from subject -> subject key ID map k.RemoveApprovedCertificateBySubject(ctx, certificates.Subject, certificates.SubjectKeyId) @@ -108,16 +108,12 @@ func (k msgServer) _revokeNocRootCertificate( k.removeCertFromList(cert.Issuer, cert.SerialNumber, &certificates) if len(certificates.Certs) == 0 { + k.RemoveNocRootCertificate(ctx, vid, certificates.Subject, certificates.SubjectKeyId) k.RemoveApprovedCertificates(ctx, cert.Subject, cert.SubjectKeyId) - k.RemoveNocRootCertificates(ctx, vid) k.RemoveApprovedCertificateBySubject(ctx, cert.Subject, cert.SubjectKeyId) k.RemoveApprovedCertificatesBySubjectKeyID(ctx, cert.Subject, cert.SubjectKeyId) } else { - certs := types.NocRootCertificates{ - Vid: vid, - Certs: certificates.Certs, - } - k.SetNocRootCertificates(ctx, certs) + k.RemoveNocRootCertificateBySerialNumber(ctx, vid, cert.Subject, cert.SubjectKeyId, serialNumber) k.SetApprovedCertificates(ctx, certificates) k.SetApprovedCertificatesBySubjectKeyID( ctx, diff --git a/x/pki/keeper/noc_certificates.go b/x/pki/keeper/noc_certificates.go index 537dc90fa..2149820f2 100644 --- a/x/pki/keeper/noc_certificates.go +++ b/x/pki/keeper/noc_certificates.go @@ -71,6 +71,27 @@ func (k Keeper) RemoveNocCertificates( )) } +func (k Keeper) RemoveNocCertificate(ctx sdk.Context, subject, subjectKeyID string, vid int32) { + certs, found := k.GetNocCertificates(ctx, vid) + if !found { + return + } + + for i := 0; i < len(certs.Certs); { + if certs.Certs[i].Subject == subject && certs.Certs[i].SubjectKeyId == subjectKeyID { + certs.Certs = append(certs.Certs[:i], certs.Certs[i+1:]...) + } else { + i++ + } + } + + if len(certs.Certs) == 0 { + k.RemoveNocCertificates(ctx, vid) + } else { + k.SetNocCertificates(ctx, certs) + } +} + // GetAllNocCertificates returns all nocCertificates. func (k Keeper) GetAllNocCertificates(ctx sdk.Context) (list []types.NocCertificates) { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.NocCertificatesKeyPrefix)) diff --git a/x/pki/keeper/noc_root_certificates.go b/x/pki/keeper/noc_root_certificates.go index ede9b6796..078ec5613 100644 --- a/x/pki/keeper/noc_root_certificates.go +++ b/x/pki/keeper/noc_root_certificates.go @@ -70,6 +70,18 @@ func (k Keeper) RemoveNocRootCertificates( )) } +func (k Keeper) RemoveNocRootCertificate(ctx sdk.Context, vid int32, subject, subjectKeyID string) { + k._removeNocRootCertificates(ctx, vid, func(cert *types.Certificate) bool { + return cert.Subject == subject && cert.SubjectKeyId == subjectKeyID + }) +} + +func (k Keeper) RemoveNocRootCertificateBySerialNumber(ctx sdk.Context, vid int32, subject, subjectKeyID, serialNumber string) { + k._removeNocRootCertificates(ctx, vid, func(cert *types.Certificate) bool { + return cert.Subject == subject && cert.SubjectKeyId == subjectKeyID && cert.SerialNumber == serialNumber + }) +} + // GetAllNocRootCertificates returns all nocRootCertificates. func (k Keeper) GetAllNocRootCertificates(ctx sdk.Context) (list []types.NocRootCertificates) { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.NocRootCertificatesKeyPrefix)) @@ -85,3 +97,26 @@ func (k Keeper) GetAllNocRootCertificates(ctx sdk.Context) (list []types.NocRoot return } + +func (k Keeper) _removeNocRootCertificates(ctx sdk.Context, vid int32, filter func(cert *types.Certificate) bool) { + certs, found := k.GetNocRootCertificates(ctx, vid) + if !found { + return + } + + numCertsBefore := len(certs.Certs) + for i := 0; i < len(certs.Certs); { + cert := certs.Certs[i] + if filter(cert) { + certs.Certs = append(certs.Certs[:i], certs.Certs[i+1:]...) + } else { + i++ + } + } + + if len(certs.Certs) == 0 { + k.RemoveNocRootCertificates(ctx, vid) + } else if numCertsBefore > len(certs.Certs) { // Update state only if any certificate is removed + k.SetNocRootCertificates(ctx, certs) + } +}